From 7c568da332c6022df54459d3554270aa1cf2e6e5 Mon Sep 17 00:00:00 2001 From: Francois Trible Date: Fri, 20 Dec 2019 14:33:31 +0100 Subject: [PATCH] Release 19.0.3 --- AAE/README.md | 486 ---- AAE/README_config.md | 119 + AAE/README_migrate.md | 34 + AAE/configuration/README.md | 90 - AAE/configuration/aae-helper.tar | Bin 20480 -> 0 bytes AAE/configuration/sample_min_value.yaml | 39 + AAE/helm-charts/README.md | 42 - AAE/helm-charts/ibm-dba-aae-prod-1.0.0.tgz | Bin 84791 -> 0 bytes AAE/k8s-yaml/README.md | 58 - AAE/k8s-yaml/ibm-dba-aae-prod-1.0.0.tgz | Bin 84791 -> 0 bytes AAE/platform/README-ROKS.md | 813 ------- ACA/README_config.md | 120 + ACA/README_migrate.md | 28 + ACA/README_uninstall.md | 20 + ACA/README_update.md | 23 + .../configuration-ha/DB2/AddOntology.sh | 0 .../configuration-ha/DB2/AddTenant.bat | 348 +-- .../configuration-ha}/DB2/AddTenant.sh | 253 +- .../configuration-ha/DB2/CSVFiles/cword.csv | 0 .../DB2/CSVFiles/cword_dc.csv | 0 .../DB2/CSVFiles/doc_alias.csv | 0 .../DB2/CSVFiles/doc_alias_dc.csv | 0 .../DB2/CSVFiles/doc_class.csv | 10 + .../configuration-ha/DB2/CSVFiles/heading.csv | 0 .../DB2/CSVFiles/heading_alias.csv | 0 .../DB2/CSVFiles/heading_alias_dc.csv | 0 .../DB2/CSVFiles/heading_alias_h.csv | 0 .../DB2/CSVFiles/heading_dc.csv | 0 .../DB2/CSVFiles/key_alias.csv | 0 .../DB2/CSVFiles/key_alias_dc.csv | 0 .../DB2/CSVFiles/key_alias_kc.csv | 0 .../DB2/CSVFiles/key_class.csv | 0 .../DB2/CSVFiles/key_class_dc.csv | 0 ACA/configuration-ha/DB2/CreateBaseDB.bat | 56 + .../configuration-ha}/DB2/CreateBaseDB.sh | 29 +- .../configuration-ha/DB2/DeleteOntology.sh | 0 .../configuration-ha/DB2/DeleteTenant.sh | 0 ACA/configuration-ha/DB2/InitBaseDB.bat | 4 + ACA/configuration-ha/DB2/InitBaseDB.sh | 20 + ACA/configuration-ha/DB2/InitTenantDB.bat | 4 + ACA/configuration-ha/DB2/InitTenantDB.sh | 16 + .../configuration-ha/DB2/Readme_windows.txt | 2 +- .../configuration-ha/DB2/ScriptFunctions.sh | 0 ACA/configuration-ha/DB2/UpgradeTenantDB.bat | 31 + .../configuration-ha}/DB2/UpgradeTenantDB.sh | 29 +- .../DB2/common_for_DB2.sh.sample | 8 +- .../common_for_DB2_Tenant_Upgrade.sh.sample | 0 .../DB2/common_for_DB2_Upgrade.sh.sample | 0 .../DB2/db2dsdriver.cfg.sample.HA | 43 + .../DB2/db2dsdriver.cfg.sample.nonHA | 21 + .../DB2/sql/CreateBacaSchema.sql.template | 0 .../DB2/sql/CreateBacaTables.sql | 10 +- .../DB2/sql/CreateBaseDB.sql.template | 0 .../DB2/sql/CreateBaseTable.sql.template | 0 .../DB2/sql/CreateDB.sql.template | 0 .../DB2/sql/DropBacaTables.sql | 1 + .../DB2/sql/InsertTenant.sql.template | 2 +- .../DB2/sql/InsertUser.sql.template | 0 .../DB2/sql/LoadData.sql.template | 19 +- .../DB2/sql/SetIntegrity.sql.template | 21 + .../DB2/sql/TablePermissions.sql.template | 2 + .../sql/UpgradeBaseDB_1.1_to_1.2.sql.template | 2 + .../DB2/sql/UpgradeBaseDB_to_1.1.sql.template | 0 .../UpgradeTenantDB_1.1_to_1.2.sql.template | 0 .../UpgradeTenantDB_1.2_to_1.3.sql.template | 26 + .../sql/UpgradeTenantDB_to_1.1.sql.template | 0 .../DB2/sql/WinUpgradeTenantDB_1.2.sql | 7 +- .../DB2/sql/WinUpgradeTenantDB_1.2_1.3.sql | 20 + .../security}/baca-netpol.yaml | 4 +- .../configuration-ha/security}/baca-psp.yaml | 30 +- .../security/baca-rolebinding.yaml | 12 + ACA/configuration-ha/security/baca-scc.yaml | 76 + ADW/README_config.md | 130 ++ ADW/configuration/adw-cr.yaml | 97 + ADW/configuration/adw-psp.yaml | 63 + ADW/configuration/adw-scc.yaml | 38 + ADW/configuration/adw-secret.yaml | 25 + BACA/README.md | 31 - BACA/configuration-ha/DB2/AddTenant.sh | 404 ---- .../DB2/CSVFiles/doc_class.csv | 9 - BACA/configuration-ha/DB2/CreateBaseDB.bat | 32 - BACA/configuration-ha/DB2/CreateBaseDB.sh | 150 -- BACA/configuration-ha/DB2/UpgradeBaseDB.sh | 54 - BACA/configuration-ha/DB2/UpgradeTenantDB.sh | 63 - .../DB2/sql/CreateBacaTables.sql | 707 ------ BACA/configuration-ha/README.md | 4 - BACA/configuration-ha/bashfunctions.sh | 407 ---- BACA/configuration-ha/common.sh | 29 - BACA/configuration-ha/common_ICP_template.sh | 27 - BACA/configuration-ha/common_OCP_template.sh | 27 - BACA/configuration-ha/createSSLCert.sh | 205 -- .../delete_ContentAnalyzer.sh | 117 - BACA/configuration-ha/generateMemoryValues.sh | 28 - BACA/configuration-ha/init_deployments.sh | 96 - BACA/configuration-ha/init_persistent.sh | 14 - BACA/configuration-ha/mongo/README.md | 119 - .../mongo/js_base/add_shard.js | 19 - .../mongo/js_base/mongo_initiate.js | 27 - BACA/configuration-ha/mongo/openssl.cnf | 38 - BACA/configuration-ha/mongo/post-setup.sh | 143 -- BACA/configuration-ha/mongo/pre-setup.sh | 100 - .../configdb-persistence-base.yaml | 22 - .../templates_base/configdb-service-base.yaml | 177 -- .../templates_base/local-storage-base.yaml | 11 - .../templates_base/mongo-service-base.yaml | 22 - .../templates_base/mongos-router-base.yaml | 139 -- .../shard-persistence-base.yaml | 21 - .../mongo/templates_base/shardX-stateful.yaml | 183 -- BACA/configuration-ha/mongo/values-base.yaml | 65 - BACA/configuration-ha/mongoadmin/README.md | 118 - .../mongoadmin/js_base/add_shard.js | 19 - .../mongoadmin/js_base/mongo_initiate.js | 27 - BACA/configuration-ha/mongoadmin/openssl.cnf | 38 - .../configuration-ha/mongoadmin/post-setup.sh | 148 -- BACA/configuration-ha/mongoadmin/pre-setup.sh | 102 - .../configdb-persistence-base.yaml | 22 - .../templates_base/configdb-service-base.yaml | 177 -- .../templates_base/local-storage-base.yaml | 11 - .../templates_base/mongo-service-base.yaml | 22 - .../templates_base/mongos-router-base.yaml | 139 -- .../shard-persistence-base.yaml | 21 - .../templates_base/shardX-stateful.yaml | 182 -- .../mongoadmin/values-base.yaml | 66 - BACA/configuration-ha/openssl.cnf | 56 - BACA/configuration-ha/renewCert.sh | 54 - BACA/configuration-ha/sppersistent.yaml | 83 - BACA/configuration/DB2/AddOntology.sh | 7 - BACA/configuration/DB2/AddTenant.bat | 143 -- BACA/configuration/DB2/CSVFiles/cword.csv | 75 - BACA/configuration/DB2/CSVFiles/cword_dc.csv | 75 - BACA/configuration/DB2/CSVFiles/doc_alias.csv | 10 - .../DB2/CSVFiles/doc_alias_dc.csv | 10 - BACA/configuration/DB2/CSVFiles/doc_class.csv | 9 - BACA/configuration/DB2/CSVFiles/heading.csv | 2 - .../DB2/CSVFiles/heading_alias.csv | 2 - .../DB2/CSVFiles/heading_alias_dc.csv | 2 - .../DB2/CSVFiles/heading_alias_h.csv | 2 - .../configuration/DB2/CSVFiles/heading_dc.csv | 2 - BACA/configuration/DB2/CSVFiles/key_alias.csv | 238 -- .../DB2/CSVFiles/key_alias_dc.csv | 255 --- .../DB2/CSVFiles/key_alias_kc.csv | 255 --- BACA/configuration/DB2/CSVFiles/key_class.csv | 201 -- .../DB2/CSVFiles/key_class_dc.csv | 201 -- BACA/configuration/DB2/CreateBaseDB.bat | 32 - BACA/configuration/DB2/DeleteOntology.sh | 70 - BACA/configuration/DB2/DeleteTenant.sh | 70 - BACA/configuration/DB2/Readme_windows.txt | 11 - BACA/configuration/DB2/ScriptFunctions.sh | 16 - BACA/configuration/DB2/UpgradeBaseDB.sh | 54 - .../DB2/common_for_DB2.sh.sample | 51 - .../common_for_DB2_Tenant_Upgrade.sh.sample | 14 - .../DB2/common_for_DB2_Upgrade.sh.sample | 8 - .../DB2/sql/CreateBacaSchema.sql.template | 6 - .../DB2/sql/CreateBaseDB.sql.template | 10 - .../DB2/sql/CreateBaseTable.sql.template | 26 - .../DB2/sql/CreateDB.sql.template | 9 - BACA/configuration/DB2/sql/DropBacaTables.sql | 45 - .../DB2/sql/InsertTenant.sql.template | 4 - .../DB2/sql/InsertUser.sql.template | 5 - .../DB2/sql/LoadData.sql.template | 37 - .../DB2/sql/TablePermissions.sql.template | 20 - .../sql/UpgradeBaseDB_1.1_to_1.2.sql.template | 9 - .../DB2/sql/UpgradeBaseDB_to_1.1.sql.template | 10 - .../sql/UpgradeTenantDB_to_1.1.sql.template | 7 - BACA/configuration/README.md | 4 - BACA/configuration/baca-netpol.yaml | 11 - BACA/configuration/baca-psp.yaml | 65 - BACA/configuration/bashfunctions.sh | 407 ---- BACA/configuration/common.sh | 29 - BACA/configuration/common_ICP_template.sh | 29 - BACA/configuration/common_OCP_template.sh | 29 - BACA/configuration/createSSLCert.sh | 191 -- BACA/configuration/delete_ContentAnalyzer.sh | 118 - BACA/configuration/generateMemoryValues.sh | 28 - BACA/configuration/init_deployments.sh | 95 - BACA/configuration/init_persistent.sh | 14 - BACA/configuration/renewCert.sh | 54 - BACA/configuration/sppersistent.yaml | 83 - BACA/docs/DB2_setup.md | 40 - BACA/docs/common_sh_values.md | 47 - BACA/docs/init_deployment.md | 38 - BACA/docs/post-deployment.md | 79 - BACA/docs/values_yaml_parameters.md | 121 - BACA/helm-charts/README.md | 5 - BACA/helm-charts/ibm-dba-baca-prod-1.2.0.tgz | Bin 68191 -> 0 bytes .../ibm-dba-baca-prod-1.2.0_ha.tgz | Bin 80993 -> 0 bytes BACA/k8s-yaml/README.md | 115 - BACA/platform/README_Eval_ROKS.md | 173 -- BACA/platform/nginx_folders.yaml | 30 - BAI/README.md | 693 ------ BAI/README_config.md | 269 +++ BAI/README_migrate.md | 85 + BAI/README_uninstall.md | 71 + .../bai-pod-security-policy.yaml | 31 - BAI/configuration/bai-psp.yaml | 59 + BAI/configuration/bai-sample-values.yaml | 141 ++ BAI/configuration/pv.yaml | 103 - BAI/configuration/sample-secure-values.yaml | 90 - BAI/configuration/sample-values.yaml | 60 - BAI/helm-charts/.gitkeep | 0 BAI/helm-charts/README.md | 70 - ...ibm-business-automation-insights-3.2.0.tgz | Bin 95450 -> 0 bytes BAI/k8s-yaml/.gitkeep | 0 BAI/k8s-yaml/README.md | 59 - BAI/platform/README_Eval_Openshift.md | 105 - BAI/platform/README_ROKS.md | 284 --- BAI/platform/minikube/Monitoring.md | 251 -- BAI/platform/minikube/README.md | 276 --- .../minikube/configuration/bai-psp.yaml | 38 - .../configuration/easy-install-kafka.yaml | 33 - .../minikube/configuration/easy-install.yaml | 109 - BAI/platform/minikube/configuration/pv.yaml | 55 - BAI/platform/minikube/get-logs.sh | 31 - BAI/platform/minikube/install-bai-minikube.sh | 182 -- BAI/platform/minikube/install-bai.sh | 171 -- BAI/platform/minikube/ip-update.sh | 70 - BAI/platform/minikube/recover-minikube-bai.sh | 35 - BAI/platform/minikube/utilities.sh | 59 - BAN/README_config.md | 146 ++ BAN/README_migrate.md | 22 + {BAI => BAN}/configuration/.gitkeep | 0 .../ICN}/configDropins/overrides/ICNDS.xml | 0 .../configDropins/overrides/ICNDS_HADR.xml | 0 .../configDropins/overrides/ICNDS_Oracle.xml | 0 BAS/README.md | 568 ----- BAS/README_config.md | 139 ++ BAS/README_migrate.md | 15 + BAS/configuration/README.md | 97 - BAS/configuration/bastudio-helper.tar | Bin 20480 -> 0 bytes BAS/configuration/sample_min_value.yaml | 68 + BAS/helm-charts/README.md | 40 - BAS/helm-charts/ibm-dba-bas-prod-1.0.0.tgz | Bin 98234 -> 0 bytes BAS/k8s-yaml/README.md | 60 - BAS/k8s-yaml/ibm-dba-bas-prod-1.0.0.tgz | Bin 98234 -> 0 bytes BAS/platform/README-ROKS.md | 1033 --------- CONTENT/README.md | 32 - .../CMIS/configDropins/overrides/ldap_AD.xml | 17 - .../CMIS/configDropins/overrides/ldap_TDS.xml | 18 - .../configDropins/overrides/DB2JCCDriver.xml | 6 - .../CPE/configDropins/overrides/GCD.xml | 29 - .../CPE/configDropins/overrides/GCD_HADR.xml | 35 - .../configDropins/overrides/GCD_Oracle.xml | 21 - .../configDropins/overrides/OraJDBCDriver.xml | 7 - .../CPE/configDropins/overrides/ldap_AD.xml | 17 - .../CPE/configDropins/overrides/ldap_TDS.xml | 18 - .../sslkeystore/cssSelfsignedServerStore | Bin 2231 -> 0 bytes .../overrides/UMS_clientRegistration.json | 33 - .../configDropins/overrides/ldap_AD.xml | 17 - .../configDropins/overrides/ldap_TDS.xml | 18 - CONTENT/configuration/README.md | 16 - .../configDropins/overrides/DB2JCCDriver.xml | 6 - .../configDropins/overrides/OraJDBCDriver.xml | 7 - .../configDropins/overrides/ldapExt.xml | 7 - .../configDropins/overrides/ldap_AD.xml | 17 - .../configDropins/overrides/ldap_TDS.xml | 18 - CONTENT/helm-charts/README.md | 324 --- .../ibm-dba-contentrestservice-dev-3.0.0.tgz | Bin 58039 -> 0 bytes .../ibm-dba-contentrestservice-dev-3.1.0.tgz | Bin 59549 -> 0 bytes .../ibm-dba-contentsearch-3.0.0.tgz | Bin 62185 -> 0 bytes .../ibm-dba-contentsearch-3.1.0.tgz | Bin 62851 -> 0 bytes .../ibm-dba-contentservices-3.0.0.tgz | Bin 64026 -> 0 bytes .../ibm-dba-contentservices-3.1.0.tgz | Bin 64792 -> 0 bytes CONTENT/helm-charts/ibm-dba-cscmis-1.7.0.tgz | Bin 63859 -> 0 bytes CONTENT/helm-charts/ibm-dba-cscmis-1.8.0.tgz | Bin 64437 -> 0 bytes .../ibm-dba-extshare-prod-3.0.0.tgz | Bin 63132 -> 0 bytes .../ibm-dba-extshare-prod-3.0.1.tgz | Bin 63723 -> 0 bytes CONTENT/k8s-yaml/CMIS/cmis-deploy.yml | 173 -- CONTENT/k8s-yaml/CPE/cpe-deploy.yml | 187 -- CONTENT/k8s-yaml/CSS/css-deploy.yml | 167 -- .../k8s-yaml/ContentGraphQL/crs-deploy.yml | 135 -- CONTENT/k8s-yaml/README.md | 217 -- CONTENT/k8s-yaml/extShare/es-deploy.yml | 151 -- CONTENT/platform/README_Eval_ROKS.md | 110 - CONTENT/platform/ingress_one.yaml | 47 - CONTENT/platform/ingress_service.yaml | 56 - CONTENT/platform/nginx_sample.yaml | 110 - FNCM/README_config.md | 202 ++ FNCM/README_migrate.md | 22 + .../CPE/configDropins/overrides/OBJSTORE.xml | 0 .../configDropins/overrides/OBJSTORE_HADR.xml | 0 .../overrides/OBJSTORE_Oracle.xml | 0 .../configDropins/overrides/UMS.xml | 0 .../configDropins/overrides/cors.xml | 4 +- .../configDropins/overrides/crs-ssl.xml | 0 .../configDropins/overrides/ICNDS.xml | 0 .../configDropins/overrides/ICNDS_HADR.xml | 17 + .../configDropins/overrides/ICNDS_Oracle.xml | 0 .../extShare/configDropins/overrides/CORS.xml | 0 .../configDropins/overrides/ICNDS.xml | 15 + .../configDropins/overrides/ICNDS_HADR.xml | 0 .../configDropins/overrides/ICNDS_Oracle.xml | 12 + .../extShare/configDropins/overrides/oidc.xml | 22 + IAWS/README_config.md | 1084 +++++++++ IAWS/configuration/sample_min_value.yaml | 234 ++ LICENSE | 1250 ++++------ NAVIGATOR/README.md | 39 - NAVIGATOR/configuration/.gitkeep | 0 .../configDropins/overrides/DB2JCCDriver.xml | 6 - .../configDropins/overrides/OraJDBCDriver.xml | 7 - .../ICN/configDropins/overrides/ldap_AD.xml | 17 - .../ICN/configDropins/overrides/ldap_TDS.xml | 18 - NAVIGATOR/configuration/README.md | 8 - NAVIGATOR/helm-charts/.gitkeep | 0 NAVIGATOR/helm-charts/README.md | 186 -- .../helm-charts/ibm-dba-navigator-3.0.0.tgz | Bin 63308 -> 0 bytes .../helm-charts/ibm-dba-navigator-3.2.0.tgz | Bin 64161 -> 0 bytes NAVIGATOR/k8s-yaml/.gitkeep | 0 NAVIGATOR/k8s-yaml/README.md | 150 -- NAVIGATOR/k8s-yaml/icn-deploy.yml | 191 -- NAVIGATOR/platform/README_Eval_ROKS.md | 108 - NAVIGATOR/platform/ingress_icn.yaml | 27 - NAVIGATOR/platform/ingress_service.yaml | 18 - NAVIGATOR/platform/nginx_sample.yaml | 45 - ODM/README.md | 116 - ODM/README_config.md | 71 + ODM/README_migrate.md | 46 + ODM/configuration/.gitkeep | 0 ODM/configuration/default-values.yaml | 126 + .../evaluation/odm-eval-without-pv.yaml | 138 ++ .../{ => evaluation}/odm-eval.yaml | 12 +- ODM/configuration/logging/logging.xml | 4 + .../sample-values-custom-configuration.yaml | 44 + ODM/configuration/sample-values.yaml | 117 - .../sample-webSecurity-LDAP.xml | 0 .../sample-webSecurity-basic-registry.xml | 0 ODM/helm-charts/.gitkeep | 0 ODM/helm-charts/README.md | 128 -- ODM/helm-charts/ibm-odm-prod-2.2.1.tgz | Bin 28975 -> 0 bytes ODM/k8s-yaml/.gitkeep | 0 ODM/k8s-yaml/README.md | 131 -- ODM/platform/README_Eval_Minikube.md | 72 - ODM/platform/README_Eval_Openshift.md | 62 - ODM/platform/README_Eval_ROKS.md | 76 - ODM/platform/README_Minikube.md | 103 - ODM/platform/README_Openshift.md | 165 -- ODM/platform/README_ROKS.md | 145 -- README.md | 175 +- UMS/README.md | 76 - UMS/README_config.md | 237 ++ UMS/README_config_SSL.md | 85 + UMS/README_migrate.md | 82 + UMS/configuration/db2-hadr.md | 43 - UMS/configuration/imagepolicy.yaml | 14 - UMS/configuration/namespace.yaml | 6 - UMS/configuration/secure-ldap.md | 193 -- UMS/configuration/simple-ldap.md | 66 - UMS/configuration/ums-secret.yaml | 31 - UMS/helm-charts/ibm-dba-ums-prod-1.0.0.tgz | Bin 72595 -> 0 bytes UMS/images/option1.jpg | Bin 0 -> 42408 bytes UMS/images/option2.jpg | Bin 0 -> 48338 bytes UMS/images/ums-in-k8s.jpg | Bin 0 -> 23402 bytes UMS/platform/README-ROKS.md | 244 -- UMS/platform/README-icp.md | 233 -- UMS/platform/README-minikube.md | 325 --- UMS/platform/README-openshift.md | 274 --- descriptors/ibm_cp4a_cr_template.yaml | 2029 +++++++++++++++++ descriptors/ibm_cp4a_crd.yaml | 57 + descriptors/operator-shared-pvc.yaml | 27 + descriptors/operator.yaml | 134 ++ descriptors/role.yaml | 122 + descriptors/role_binding.yaml | 26 + descriptors/scc-fncm.yaml | 38 + descriptors/service_account.yaml | 19 + images/bai-architecture.jpg | Bin 182269 -> 0 bytes images/diag_icp4a_k8s.jpg | Bin 82617 -> 0 bytes images/samples-structure.png | Bin 39946 -> 0 bytes legal-notice.md | 222 +- platform/k8s/README.md | 14 + platform/k8s/install.md | 284 +++ platform/k8s/migrate.md | 20 + platform/k8s/uninstall.md | 24 + platform/k8s/update.md | 53 + platform/ocp/README.md | 14 + platform/ocp/install.md | 304 +++ platform/ocp/migrate.md | 20 + platform/ocp/uninstall.md | 24 + platform/ocp/update.md | 54 + platform/roks/README.md | 14 + platform/roks/install.md | 298 +++ platform/roks/migrate.md | 20 + platform/roks/uninstall.md | 24 + platform/roks/update.md | 54 + scripts/checkDeadLinks.sh | 18 - scripts/config-check-broker-links.json | 17 - scripts/deleteOperator.sh | 19 + scripts/deployOperator.sh | 67 + scripts/loadimages.sh | 0 387 files changed, 9398 insertions(+), 21488 deletions(-) delete mode 100644 AAE/README.md create mode 100644 AAE/README_config.md create mode 100644 AAE/README_migrate.md delete mode 100644 AAE/configuration/README.md delete mode 100644 AAE/configuration/aae-helper.tar create mode 100644 AAE/configuration/sample_min_value.yaml delete mode 100644 AAE/helm-charts/README.md delete mode 100644 AAE/helm-charts/ibm-dba-aae-prod-1.0.0.tgz delete mode 100644 AAE/k8s-yaml/README.md delete mode 100644 AAE/k8s-yaml/ibm-dba-aae-prod-1.0.0.tgz delete mode 100644 AAE/platform/README-ROKS.md create mode 100644 ACA/README_config.md create mode 100644 ACA/README_migrate.md create mode 100644 ACA/README_uninstall.md create mode 100644 ACA/README_update.md rename {BACA => ACA}/configuration-ha/DB2/AddOntology.sh (100%) rename {BACA => ACA}/configuration-ha/DB2/AddTenant.bat (50%) rename {BACA/configuration => ACA/configuration-ha}/DB2/AddTenant.sh (54%) rename {BACA => ACA}/configuration-ha/DB2/CSVFiles/cword.csv (100%) rename {BACA => ACA}/configuration-ha/DB2/CSVFiles/cword_dc.csv (100%) rename {BACA => ACA}/configuration-ha/DB2/CSVFiles/doc_alias.csv (100%) rename {BACA => ACA}/configuration-ha/DB2/CSVFiles/doc_alias_dc.csv (100%) create mode 100644 ACA/configuration-ha/DB2/CSVFiles/doc_class.csv rename {BACA => ACA}/configuration-ha/DB2/CSVFiles/heading.csv (100%) rename {BACA => ACA}/configuration-ha/DB2/CSVFiles/heading_alias.csv (100%) rename {BACA => ACA}/configuration-ha/DB2/CSVFiles/heading_alias_dc.csv (100%) rename {BACA => ACA}/configuration-ha/DB2/CSVFiles/heading_alias_h.csv (100%) rename {BACA => ACA}/configuration-ha/DB2/CSVFiles/heading_dc.csv (100%) rename {BACA => ACA}/configuration-ha/DB2/CSVFiles/key_alias.csv (100%) rename {BACA => ACA}/configuration-ha/DB2/CSVFiles/key_alias_dc.csv (100%) rename {BACA => ACA}/configuration-ha/DB2/CSVFiles/key_alias_kc.csv (100%) rename {BACA => ACA}/configuration-ha/DB2/CSVFiles/key_class.csv (100%) rename {BACA => ACA}/configuration-ha/DB2/CSVFiles/key_class_dc.csv (100%) create mode 100755 ACA/configuration-ha/DB2/CreateBaseDB.bat rename {BACA/configuration => ACA/configuration-ha}/DB2/CreateBaseDB.sh (76%) rename {BACA => ACA}/configuration-ha/DB2/DeleteOntology.sh (100%) rename {BACA => ACA}/configuration-ha/DB2/DeleteTenant.sh (100%) create mode 100755 ACA/configuration-ha/DB2/InitBaseDB.bat create mode 100755 ACA/configuration-ha/DB2/InitBaseDB.sh create mode 100755 ACA/configuration-ha/DB2/InitTenantDB.bat create mode 100755 ACA/configuration-ha/DB2/InitTenantDB.sh rename {BACA => ACA}/configuration-ha/DB2/Readme_windows.txt (91%) rename {BACA => ACA}/configuration-ha/DB2/ScriptFunctions.sh (100%) create mode 100755 ACA/configuration-ha/DB2/UpgradeTenantDB.bat rename {BACA/configuration => ACA/configuration-ha}/DB2/UpgradeTenantDB.sh (60%) rename {BACA => ACA}/configuration-ha/DB2/common_for_DB2.sh.sample (88%) rename {BACA => ACA}/configuration-ha/DB2/common_for_DB2_Tenant_Upgrade.sh.sample (100%) rename {BACA => ACA}/configuration-ha/DB2/common_for_DB2_Upgrade.sh.sample (100%) create mode 100644 ACA/configuration-ha/DB2/db2dsdriver.cfg.sample.HA create mode 100644 ACA/configuration-ha/DB2/db2dsdriver.cfg.sample.nonHA rename {BACA => ACA}/configuration-ha/DB2/sql/CreateBacaSchema.sql.template (100%) rename {BACA/configuration => ACA/configuration-ha}/DB2/sql/CreateBacaTables.sql (98%) rename {BACA => ACA}/configuration-ha/DB2/sql/CreateBaseDB.sql.template (100%) rename {BACA => ACA}/configuration-ha/DB2/sql/CreateBaseTable.sql.template (100%) rename {BACA => ACA}/configuration-ha/DB2/sql/CreateDB.sql.template (100%) rename {BACA => ACA}/configuration-ha/DB2/sql/DropBacaTables.sql (98%) rename {BACA => ACA}/configuration-ha/DB2/sql/InsertTenant.sql.template (70%) rename {BACA => ACA}/configuration-ha/DB2/sql/InsertUser.sql.template (100%) rename {BACA => ACA}/configuration-ha/DB2/sql/LoadData.sql.template (60%) create mode 100644 ACA/configuration-ha/DB2/sql/SetIntegrity.sql.template rename {BACA => ACA}/configuration-ha/DB2/sql/TablePermissions.sql.template (89%) rename {BACA => ACA}/configuration-ha/DB2/sql/UpgradeBaseDB_1.1_to_1.2.sql.template (74%) rename {BACA => ACA}/configuration-ha/DB2/sql/UpgradeBaseDB_to_1.1.sql.template (100%) rename {BACA => ACA}/configuration-ha/DB2/sql/UpgradeTenantDB_1.1_to_1.2.sql.template (100%) create mode 100644 ACA/configuration-ha/DB2/sql/UpgradeTenantDB_1.2_to_1.3.sql.template rename {BACA => ACA}/configuration-ha/DB2/sql/UpgradeTenantDB_to_1.1.sql.template (100%) rename BACA/configuration/DB2/sql/UpgradeTenantDB_1.1_to_1.2.sql.template => ACA/configuration-ha/DB2/sql/WinUpgradeTenantDB_1.2.sql (97%) create mode 100644 ACA/configuration-ha/DB2/sql/WinUpgradeTenantDB_1.2_1.3.sql rename {BACA/configuration-ha => ACA/configuration-ha/security}/baca-netpol.yaml (71%) rename {BACA/configuration-ha => ACA/configuration-ha/security}/baca-psp.yaml (72%) create mode 100644 ACA/configuration-ha/security/baca-rolebinding.yaml create mode 100644 ACA/configuration-ha/security/baca-scc.yaml create mode 100644 ADW/README_config.md create mode 100644 ADW/configuration/adw-cr.yaml create mode 100755 ADW/configuration/adw-psp.yaml create mode 100755 ADW/configuration/adw-scc.yaml create mode 100755 ADW/configuration/adw-secret.yaml delete mode 100644 BACA/README.md delete mode 100755 BACA/configuration-ha/DB2/AddTenant.sh delete mode 100644 BACA/configuration-ha/DB2/CSVFiles/doc_class.csv delete mode 100755 BACA/configuration-ha/DB2/CreateBaseDB.bat delete mode 100755 BACA/configuration-ha/DB2/CreateBaseDB.sh delete mode 100755 BACA/configuration-ha/DB2/UpgradeBaseDB.sh delete mode 100755 BACA/configuration-ha/DB2/UpgradeTenantDB.sh delete mode 100644 BACA/configuration-ha/DB2/sql/CreateBacaTables.sql delete mode 100644 BACA/configuration-ha/README.md delete mode 100755 BACA/configuration-ha/bashfunctions.sh delete mode 100755 BACA/configuration-ha/common.sh delete mode 100755 BACA/configuration-ha/common_ICP_template.sh delete mode 100755 BACA/configuration-ha/common_OCP_template.sh delete mode 100755 BACA/configuration-ha/createSSLCert.sh delete mode 100755 BACA/configuration-ha/delete_ContentAnalyzer.sh delete mode 100755 BACA/configuration-ha/generateMemoryValues.sh delete mode 100755 BACA/configuration-ha/init_deployments.sh delete mode 100755 BACA/configuration-ha/init_persistent.sh delete mode 100644 BACA/configuration-ha/mongo/README.md delete mode 100644 BACA/configuration-ha/mongo/js_base/add_shard.js delete mode 100644 BACA/configuration-ha/mongo/js_base/mongo_initiate.js delete mode 100644 BACA/configuration-ha/mongo/openssl.cnf delete mode 100755 BACA/configuration-ha/mongo/post-setup.sh delete mode 100755 BACA/configuration-ha/mongo/pre-setup.sh delete mode 100644 BACA/configuration-ha/mongo/templates_base/configdb-persistence-base.yaml delete mode 100644 BACA/configuration-ha/mongo/templates_base/configdb-service-base.yaml delete mode 100644 BACA/configuration-ha/mongo/templates_base/local-storage-base.yaml delete mode 100644 BACA/configuration-ha/mongo/templates_base/mongo-service-base.yaml delete mode 100644 BACA/configuration-ha/mongo/templates_base/mongos-router-base.yaml delete mode 100644 BACA/configuration-ha/mongo/templates_base/shard-persistence-base.yaml delete mode 100644 BACA/configuration-ha/mongo/templates_base/shardX-stateful.yaml delete mode 100644 BACA/configuration-ha/mongo/values-base.yaml delete mode 100644 BACA/configuration-ha/mongoadmin/README.md delete mode 100644 BACA/configuration-ha/mongoadmin/js_base/add_shard.js delete mode 100644 BACA/configuration-ha/mongoadmin/js_base/mongo_initiate.js delete mode 100644 BACA/configuration-ha/mongoadmin/openssl.cnf delete mode 100755 BACA/configuration-ha/mongoadmin/post-setup.sh delete mode 100755 BACA/configuration-ha/mongoadmin/pre-setup.sh delete mode 100644 BACA/configuration-ha/mongoadmin/templates_base/configdb-persistence-base.yaml delete mode 100644 BACA/configuration-ha/mongoadmin/templates_base/configdb-service-base.yaml delete mode 100644 BACA/configuration-ha/mongoadmin/templates_base/local-storage-base.yaml delete mode 100644 BACA/configuration-ha/mongoadmin/templates_base/mongo-service-base.yaml delete mode 100644 BACA/configuration-ha/mongoadmin/templates_base/mongos-router-base.yaml delete mode 100644 BACA/configuration-ha/mongoadmin/templates_base/shard-persistence-base.yaml delete mode 100644 BACA/configuration-ha/mongoadmin/templates_base/shardX-stateful.yaml delete mode 100644 BACA/configuration-ha/mongoadmin/values-base.yaml delete mode 100644 BACA/configuration-ha/openssl.cnf delete mode 100755 BACA/configuration-ha/renewCert.sh delete mode 100644 BACA/configuration-ha/sppersistent.yaml delete mode 100755 BACA/configuration/DB2/AddOntology.sh delete mode 100755 BACA/configuration/DB2/AddTenant.bat delete mode 100644 BACA/configuration/DB2/CSVFiles/cword.csv delete mode 100644 BACA/configuration/DB2/CSVFiles/cword_dc.csv delete mode 100644 BACA/configuration/DB2/CSVFiles/doc_alias.csv delete mode 100644 BACA/configuration/DB2/CSVFiles/doc_alias_dc.csv delete mode 100644 BACA/configuration/DB2/CSVFiles/doc_class.csv delete mode 100644 BACA/configuration/DB2/CSVFiles/heading.csv delete mode 100644 BACA/configuration/DB2/CSVFiles/heading_alias.csv delete mode 100644 BACA/configuration/DB2/CSVFiles/heading_alias_dc.csv delete mode 100644 BACA/configuration/DB2/CSVFiles/heading_alias_h.csv delete mode 100644 BACA/configuration/DB2/CSVFiles/heading_dc.csv delete mode 100644 BACA/configuration/DB2/CSVFiles/key_alias.csv delete mode 100644 BACA/configuration/DB2/CSVFiles/key_alias_dc.csv delete mode 100644 BACA/configuration/DB2/CSVFiles/key_alias_kc.csv delete mode 100644 BACA/configuration/DB2/CSVFiles/key_class.csv delete mode 100644 BACA/configuration/DB2/CSVFiles/key_class_dc.csv delete mode 100755 BACA/configuration/DB2/CreateBaseDB.bat delete mode 100755 BACA/configuration/DB2/DeleteOntology.sh delete mode 100755 BACA/configuration/DB2/DeleteTenant.sh delete mode 100755 BACA/configuration/DB2/Readme_windows.txt delete mode 100755 BACA/configuration/DB2/ScriptFunctions.sh delete mode 100755 BACA/configuration/DB2/UpgradeBaseDB.sh delete mode 100644 BACA/configuration/DB2/common_for_DB2.sh.sample delete mode 100644 BACA/configuration/DB2/common_for_DB2_Tenant_Upgrade.sh.sample delete mode 100644 BACA/configuration/DB2/common_for_DB2_Upgrade.sh.sample delete mode 100644 BACA/configuration/DB2/sql/CreateBacaSchema.sql.template delete mode 100644 BACA/configuration/DB2/sql/CreateBaseDB.sql.template delete mode 100644 BACA/configuration/DB2/sql/CreateBaseTable.sql.template delete mode 100644 BACA/configuration/DB2/sql/CreateDB.sql.template delete mode 100644 BACA/configuration/DB2/sql/DropBacaTables.sql delete mode 100644 BACA/configuration/DB2/sql/InsertTenant.sql.template delete mode 100644 BACA/configuration/DB2/sql/InsertUser.sql.template delete mode 100644 BACA/configuration/DB2/sql/LoadData.sql.template delete mode 100644 BACA/configuration/DB2/sql/TablePermissions.sql.template delete mode 100644 BACA/configuration/DB2/sql/UpgradeBaseDB_1.1_to_1.2.sql.template delete mode 100644 BACA/configuration/DB2/sql/UpgradeBaseDB_to_1.1.sql.template delete mode 100644 BACA/configuration/DB2/sql/UpgradeTenantDB_to_1.1.sql.template delete mode 100644 BACA/configuration/README.md delete mode 100644 BACA/configuration/baca-netpol.yaml delete mode 100644 BACA/configuration/baca-psp.yaml delete mode 100755 BACA/configuration/bashfunctions.sh delete mode 100755 BACA/configuration/common.sh delete mode 100755 BACA/configuration/common_ICP_template.sh delete mode 100755 BACA/configuration/common_OCP_template.sh delete mode 100755 BACA/configuration/createSSLCert.sh delete mode 100755 BACA/configuration/delete_ContentAnalyzer.sh delete mode 100755 BACA/configuration/generateMemoryValues.sh delete mode 100755 BACA/configuration/init_deployments.sh delete mode 100755 BACA/configuration/init_persistent.sh delete mode 100755 BACA/configuration/renewCert.sh delete mode 100644 BACA/configuration/sppersistent.yaml delete mode 100644 BACA/docs/DB2_setup.md delete mode 100644 BACA/docs/common_sh_values.md delete mode 100644 BACA/docs/init_deployment.md delete mode 100644 BACA/docs/post-deployment.md delete mode 100644 BACA/docs/values_yaml_parameters.md delete mode 100644 BACA/helm-charts/README.md delete mode 100644 BACA/helm-charts/ibm-dba-baca-prod-1.2.0.tgz delete mode 100644 BACA/helm-charts/ibm-dba-baca-prod-1.2.0_ha.tgz delete mode 100644 BACA/k8s-yaml/README.md delete mode 100644 BACA/platform/README_Eval_ROKS.md delete mode 100644 BACA/platform/nginx_folders.yaml delete mode 100644 BAI/README.md create mode 100644 BAI/README_config.md create mode 100644 BAI/README_migrate.md create mode 100644 BAI/README_uninstall.md delete mode 100644 BAI/configuration/bai-pod-security-policy.yaml create mode 100644 BAI/configuration/bai-psp.yaml create mode 100644 BAI/configuration/bai-sample-values.yaml delete mode 100644 BAI/configuration/pv.yaml delete mode 100644 BAI/configuration/sample-secure-values.yaml delete mode 100644 BAI/configuration/sample-values.yaml delete mode 100644 BAI/helm-charts/.gitkeep delete mode 100644 BAI/helm-charts/README.md delete mode 100644 BAI/helm-charts/ibm-business-automation-insights-3.2.0.tgz delete mode 100644 BAI/k8s-yaml/.gitkeep delete mode 100644 BAI/k8s-yaml/README.md delete mode 100644 BAI/platform/README_Eval_Openshift.md delete mode 100644 BAI/platform/README_ROKS.md delete mode 100644 BAI/platform/minikube/Monitoring.md delete mode 100644 BAI/platform/minikube/README.md delete mode 100644 BAI/platform/minikube/configuration/bai-psp.yaml delete mode 100644 BAI/platform/minikube/configuration/easy-install-kafka.yaml delete mode 100644 BAI/platform/minikube/configuration/easy-install.yaml delete mode 100644 BAI/platform/minikube/configuration/pv.yaml delete mode 100755 BAI/platform/minikube/get-logs.sh delete mode 100755 BAI/platform/minikube/install-bai-minikube.sh delete mode 100755 BAI/platform/minikube/install-bai.sh delete mode 100755 BAI/platform/minikube/ip-update.sh delete mode 100755 BAI/platform/minikube/recover-minikube-bai.sh delete mode 100644 BAI/platform/minikube/utilities.sh create mode 100644 BAN/README_config.md create mode 100644 BAN/README_migrate.md rename {BAI => BAN}/configuration/.gitkeep (100%) rename {CONTENT/configuration/extShare => BAN/configuration/ICN}/configDropins/overrides/ICNDS.xml (100%) rename {NAVIGATOR => BAN}/configuration/ICN/configDropins/overrides/ICNDS_HADR.xml (100%) rename {CONTENT/configuration/extShare => BAN/configuration/ICN}/configDropins/overrides/ICNDS_Oracle.xml (100%) delete mode 100644 BAS/README.md create mode 100644 BAS/README_config.md create mode 100644 BAS/README_migrate.md delete mode 100644 BAS/configuration/README.md delete mode 100644 BAS/configuration/bastudio-helper.tar create mode 100644 BAS/configuration/sample_min_value.yaml delete mode 100644 BAS/helm-charts/README.md delete mode 100644 BAS/helm-charts/ibm-dba-bas-prod-1.0.0.tgz delete mode 100644 BAS/k8s-yaml/README.md delete mode 100644 BAS/k8s-yaml/ibm-dba-bas-prod-1.0.0.tgz delete mode 100644 BAS/platform/README-ROKS.md delete mode 100644 CONTENT/README.md delete mode 100644 CONTENT/configuration/CMIS/configDropins/overrides/ldap_AD.xml delete mode 100644 CONTENT/configuration/CMIS/configDropins/overrides/ldap_TDS.xml delete mode 100644 CONTENT/configuration/CPE/configDropins/overrides/DB2JCCDriver.xml delete mode 100644 CONTENT/configuration/CPE/configDropins/overrides/GCD.xml delete mode 100644 CONTENT/configuration/CPE/configDropins/overrides/GCD_HADR.xml delete mode 100644 CONTENT/configuration/CPE/configDropins/overrides/GCD_Oracle.xml delete mode 100644 CONTENT/configuration/CPE/configDropins/overrides/OraJDBCDriver.xml delete mode 100644 CONTENT/configuration/CPE/configDropins/overrides/ldap_AD.xml delete mode 100644 CONTENT/configuration/CPE/configDropins/overrides/ldap_TDS.xml delete mode 100644 CONTENT/configuration/CSS/CSS_Server_data/sslkeystore/cssSelfsignedServerStore delete mode 100644 CONTENT/configuration/ContentGraphQL/configDropins/overrides/UMS_clientRegistration.json delete mode 100644 CONTENT/configuration/ContentGraphQL/configDropins/overrides/ldap_AD.xml delete mode 100644 CONTENT/configuration/ContentGraphQL/configDropins/overrides/ldap_TDS.xml delete mode 100644 CONTENT/configuration/README.md delete mode 100644 CONTENT/configuration/extShare/configDropins/overrides/DB2JCCDriver.xml delete mode 100644 CONTENT/configuration/extShare/configDropins/overrides/OraJDBCDriver.xml delete mode 100644 CONTENT/configuration/extShare/configDropins/overrides/ldapExt.xml delete mode 100644 CONTENT/configuration/extShare/configDropins/overrides/ldap_AD.xml delete mode 100644 CONTENT/configuration/extShare/configDropins/overrides/ldap_TDS.xml delete mode 100644 CONTENT/helm-charts/README.md delete mode 100644 CONTENT/helm-charts/ibm-dba-contentrestservice-dev-3.0.0.tgz delete mode 100644 CONTENT/helm-charts/ibm-dba-contentrestservice-dev-3.1.0.tgz delete mode 100644 CONTENT/helm-charts/ibm-dba-contentsearch-3.0.0.tgz delete mode 100644 CONTENT/helm-charts/ibm-dba-contentsearch-3.1.0.tgz delete mode 100644 CONTENT/helm-charts/ibm-dba-contentservices-3.0.0.tgz delete mode 100644 CONTENT/helm-charts/ibm-dba-contentservices-3.1.0.tgz delete mode 100644 CONTENT/helm-charts/ibm-dba-cscmis-1.7.0.tgz delete mode 100644 CONTENT/helm-charts/ibm-dba-cscmis-1.8.0.tgz delete mode 100644 CONTENT/helm-charts/ibm-dba-extshare-prod-3.0.0.tgz delete mode 100644 CONTENT/helm-charts/ibm-dba-extshare-prod-3.0.1.tgz delete mode 100644 CONTENT/k8s-yaml/CMIS/cmis-deploy.yml delete mode 100644 CONTENT/k8s-yaml/CPE/cpe-deploy.yml delete mode 100644 CONTENT/k8s-yaml/CSS/css-deploy.yml delete mode 100755 CONTENT/k8s-yaml/ContentGraphQL/crs-deploy.yml delete mode 100644 CONTENT/k8s-yaml/README.md delete mode 100755 CONTENT/k8s-yaml/extShare/es-deploy.yml delete mode 100644 CONTENT/platform/README_Eval_ROKS.md delete mode 100644 CONTENT/platform/ingress_one.yaml delete mode 100644 CONTENT/platform/ingress_service.yaml delete mode 100644 CONTENT/platform/nginx_sample.yaml create mode 100644 FNCM/README_config.md create mode 100644 FNCM/README_migrate.md rename {CONTENT => FNCM}/configuration/CPE/configDropins/overrides/OBJSTORE.xml (100%) rename {CONTENT => FNCM}/configuration/CPE/configDropins/overrides/OBJSTORE_HADR.xml (100%) rename {CONTENT => FNCM}/configuration/CPE/configDropins/overrides/OBJSTORE_Oracle.xml (100%) rename {CONTENT => FNCM}/configuration/ContentGraphQL/configDropins/overrides/UMS.xml (100%) rename CONTENT/configuration/ContentGraphQL/configDropins/overrides/CORS.xml => FNCM/configuration/ContentGraphQL/configDropins/overrides/cors.xml (62%) rename {CONTENT => FNCM}/configuration/ContentGraphQL/configDropins/overrides/crs-ssl.xml (100%) rename {NAVIGATOR/configuration/ICN => FNCM/configuration/TaskMgr}/configDropins/overrides/ICNDS.xml (100%) create mode 100644 FNCM/configuration/TaskMgr/configDropins/overrides/ICNDS_HADR.xml rename {NAVIGATOR/configuration/ICN => FNCM/configuration/TaskMgr}/configDropins/overrides/ICNDS_Oracle.xml (100%) rename {CONTENT => FNCM}/configuration/extShare/configDropins/overrides/CORS.xml (100%) create mode 100644 FNCM/configuration/extShare/configDropins/overrides/ICNDS.xml rename {CONTENT => FNCM}/configuration/extShare/configDropins/overrides/ICNDS_HADR.xml (100%) create mode 100644 FNCM/configuration/extShare/configDropins/overrides/ICNDS_Oracle.xml create mode 100644 FNCM/configuration/extShare/configDropins/overrides/oidc.xml create mode 100644 IAWS/README_config.md create mode 100644 IAWS/configuration/sample_min_value.yaml mode change 100755 => 100644 LICENSE delete mode 100644 NAVIGATOR/README.md delete mode 100644 NAVIGATOR/configuration/.gitkeep delete mode 100644 NAVIGATOR/configuration/ICN/configDropins/overrides/DB2JCCDriver.xml delete mode 100644 NAVIGATOR/configuration/ICN/configDropins/overrides/OraJDBCDriver.xml delete mode 100644 NAVIGATOR/configuration/ICN/configDropins/overrides/ldap_AD.xml delete mode 100644 NAVIGATOR/configuration/ICN/configDropins/overrides/ldap_TDS.xml delete mode 100644 NAVIGATOR/configuration/README.md delete mode 100644 NAVIGATOR/helm-charts/.gitkeep delete mode 100644 NAVIGATOR/helm-charts/README.md delete mode 100644 NAVIGATOR/helm-charts/ibm-dba-navigator-3.0.0.tgz delete mode 100644 NAVIGATOR/helm-charts/ibm-dba-navigator-3.2.0.tgz delete mode 100644 NAVIGATOR/k8s-yaml/.gitkeep delete mode 100644 NAVIGATOR/k8s-yaml/README.md delete mode 100644 NAVIGATOR/k8s-yaml/icn-deploy.yml delete mode 100644 NAVIGATOR/platform/README_Eval_ROKS.md delete mode 100644 NAVIGATOR/platform/ingress_icn.yaml delete mode 100644 NAVIGATOR/platform/ingress_service.yaml delete mode 100644 NAVIGATOR/platform/nginx_sample.yaml delete mode 100644 ODM/README.md create mode 100644 ODM/README_config.md create mode 100644 ODM/README_migrate.md delete mode 100644 ODM/configuration/.gitkeep create mode 100644 ODM/configuration/default-values.yaml create mode 100644 ODM/configuration/evaluation/odm-eval-without-pv.yaml rename ODM/configuration/{ => evaluation}/odm-eval.yaml (95%) create mode 100644 ODM/configuration/logging/logging.xml create mode 100644 ODM/configuration/sample-values-custom-configuration.yaml delete mode 100755 ODM/configuration/sample-values.yaml rename ODM/configuration/{ => security}/sample-webSecurity-LDAP.xml (100%) rename ODM/configuration/{ => security}/sample-webSecurity-basic-registry.xml (100%) delete mode 100644 ODM/helm-charts/.gitkeep delete mode 100644 ODM/helm-charts/README.md delete mode 100644 ODM/helm-charts/ibm-odm-prod-2.2.1.tgz delete mode 100644 ODM/k8s-yaml/.gitkeep delete mode 100644 ODM/k8s-yaml/README.md delete mode 100644 ODM/platform/README_Eval_Minikube.md delete mode 100644 ODM/platform/README_Eval_Openshift.md delete mode 100644 ODM/platform/README_Eval_ROKS.md delete mode 100644 ODM/platform/README_Minikube.md delete mode 100644 ODM/platform/README_Openshift.md delete mode 100644 ODM/platform/README_ROKS.md delete mode 100644 UMS/README.md create mode 100644 UMS/README_config.md create mode 100644 UMS/README_config_SSL.md create mode 100644 UMS/README_migrate.md delete mode 100644 UMS/configuration/db2-hadr.md delete mode 100644 UMS/configuration/imagepolicy.yaml delete mode 100644 UMS/configuration/namespace.yaml delete mode 100644 UMS/configuration/secure-ldap.md delete mode 100644 UMS/configuration/simple-ldap.md delete mode 100644 UMS/configuration/ums-secret.yaml delete mode 100644 UMS/helm-charts/ibm-dba-ums-prod-1.0.0.tgz create mode 100644 UMS/images/option1.jpg create mode 100644 UMS/images/option2.jpg create mode 100644 UMS/images/ums-in-k8s.jpg delete mode 100644 UMS/platform/README-ROKS.md delete mode 100644 UMS/platform/README-icp.md delete mode 100644 UMS/platform/README-minikube.md delete mode 100644 UMS/platform/README-openshift.md create mode 100644 descriptors/ibm_cp4a_cr_template.yaml create mode 100644 descriptors/ibm_cp4a_crd.yaml create mode 100644 descriptors/operator-shared-pvc.yaml create mode 100644 descriptors/operator.yaml create mode 100644 descriptors/role.yaml create mode 100644 descriptors/role_binding.yaml create mode 100755 descriptors/scc-fncm.yaml create mode 100644 descriptors/service_account.yaml delete mode 100644 images/bai-architecture.jpg delete mode 100644 images/diag_icp4a_k8s.jpg delete mode 100644 images/samples-structure.png create mode 100644 platform/k8s/README.md create mode 100644 platform/k8s/install.md create mode 100644 platform/k8s/migrate.md create mode 100644 platform/k8s/uninstall.md create mode 100644 platform/k8s/update.md create mode 100644 platform/ocp/README.md create mode 100644 platform/ocp/install.md create mode 100644 platform/ocp/migrate.md create mode 100644 platform/ocp/uninstall.md create mode 100644 platform/ocp/update.md create mode 100644 platform/roks/README.md create mode 100644 platform/roks/install.md create mode 100644 platform/roks/migrate.md create mode 100644 platform/roks/uninstall.md create mode 100644 platform/roks/update.md delete mode 100755 scripts/checkDeadLinks.sh delete mode 100644 scripts/config-check-broker-links.json create mode 100755 scripts/deleteOperator.sh create mode 100755 scripts/deployOperator.sh mode change 100755 => 100644 scripts/loadimages.sh diff --git a/AAE/README.md b/AAE/README.md deleted file mode 100644 index 6b320a2f..00000000 --- a/AAE/README.md +++ /dev/null @@ -1,486 +0,0 @@ -# IBM-DBA-AAE-PROD - -IBM Business Automation Application Engine (App Engine) - -## Introduction - -This IBM Business Automation Application Engine Helm chart deploys the App Engine, a user interface service tier to run applications that are built by IBM Business Automation Application Designer (App Designer). This Helm chart is a platform-level Helm chart that deploys all required components. - -## Chart Details - -This chart deploys several services and components. - -In the standard configuration, it includes these components: - -* IBM Resource Registry component -* IBM Business Automation Application Engine (App Engine) component - -To support those components, a standard installation generates: - - * 3 ConfigMaps that manage the configuration of App Engine - * 1 deployment running App Engine - * 1 StatefulSet running Resource Registry - * 4 or more jobs for Resource Registry, depending on the customized configuration - * 1 service account with related role and role binding - * 3 secrets to get access during chart installation - * 3 services and optionally an Ingress or Route (OpenShift) to route the traffic to the App Engine - -## Prerequisites - - * [Red Hat OpenShift 3.11](https://docs.openshift.com/container-platform/3.11/welcome/index.html) or later - * [Helm and Tiller 2.9.1](/~https://github.com/helm/helm/releases) or later if you are [using helm charts](#using-helm-charts) to deploy your container images - * [Cert Manager 0.8.0](https://cert-manager.readthedocs.io/en/latest/getting-started/install/openshift.html) or later if you want to use Cert Manager to create the Transport Layer Security (TLS) key and certificate secrets. Otherwise, you can use Secure Sockets Layer (SSL) tools to create the TLS key and certificate secrets. - * [IBM DB2 11.1.2.2](https://www.ibm.com/products/db2-database) or later - * [IBM Cloud Pack For Automation - User Management Service (UMS)](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.offerings/topics/con_ums.html) - * Persistent volume support - -### Preparing the environment for the application engine - -1. Log in to OC (the OpenShift command line interface (CLI)) by running the following command. You are prompted for the password. - - ``` - oc login -u - ``` - -2. Create a project (namespace) for the App engine by running the following command: - - ``` - oc new-project - ``` - -3. Save and exit. - -4. To deploy the service account, role, and role binding successfully, assign the administrator role to the user for this namespace by running the following command: - - ``` - oc project - oc adm policy add-role-to-user admin - ``` - -5. If you want to operate persistent volumes (PVs), you must have the storage-admin cluster role, because PVs are a cluster resource in OpenShift. Add the role by running the following command: - - ``` - oc adm policy add-cluster-role-to-user storage-admin - ``` - -### Uploading the images - -Upload the IBM Business Automation Application Engine images to the Docker registry of the Kubernetes cluster. See [Download a product package from PPA and load the images](https://github.ibm.com/dba/cert-kubernetes/blob/master/README.md#download-ppa-and-load-images). - -### Generating the database script and YAML files - -Use the [App Engine platform Helm installation helper script](configuration) to generate the database script and YAML files for your environment. Follow the instructions in the [readme](configuration/README.md) for the following requirements: - -* Setting up the database for App Engine -* Protecting sensitive configuration data -* Setting up the TLS key and certificate secrets -* Setting the service type - -If you don't want to use the helper script, you can create your own secrets and service type by following the instructions in the [Knowledge Center](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/welcome/kc_welcome_dba_distrib.html). - - -#### Notes -* Image pull secret: The script does not generate the image pull secret. You can follow the instructions in [Configuring the secret for pulling Docker images](#Configuring-the-secret-for-pulling-docker-image) to create your own. -* Storage: The script does not generate a YAML file for persistent volumes. You can follow the instructions in [Implementing storage](#implementing-storage) to create your own perstent volumes. -* UMS-related configuration and TLS certificates: You must do this configuration if you have an existing UMS that is in a different namespace from the App Engine Helm chart. - -### Preparing UMS-related configuration and TLS certificates (optional) - -If you have an existing UMS that is in a different namespace from the App Engine Helm chart, follow these steps. - -If the UMS certificate is not signed by the same root CA, you must add the root CA as trusted instead of the UMS certificate. You should first get the root CA which is used to sign the UMS, and then save it to a certificate named like `ums-cert.crt`, then create the secret by running the following command: - - - - kubectl create secret generic ca-tls-secret --from-file=tls.crt=./ums-cert.crt - - -You will get a secret named ca-tls-secret. Enter this secret value in every TLS section for Resource Registry and App Engine that is listed in [Configuration](#configuration). If you use [App Engine platform Helm installation helper script](configuration) to setup App Engine, you can enter this secret value in [`ums.tlsSecretName`](configuration) The components will trust this certificate and communicate with UMS successfully. - - ``` - tls: - tlsSecretName: - tlsTrustList: - - ca-tls-secret - ``` - -### Configuring the secret for pulling Docker images - -If you're pulling Docker images from a private registry, you must provide a secret containing credentials for it. For instructions, see the [Kubernetes information about private registries](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line). - -This command can be used for one repository only. If your Docker images come from different repositories, you can create multiple image pull secrets and add the names in global.imagePullSecrets. Or, you can create secrets by using the custom Docker configuration file. - -The following sample shows the Docker auth file `config.json`: - -``` -{ - "auths": { - "url1.xx.xx.xx.xx": { - "auth": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx" - }, - "url2.xx.xx.xx.xx": { - "auth": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx" - }, - "url3.xx.xx.xx.xx": { - "auth": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx" - }, - "url4.xx.xx.xx.xx": { - "auth": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx" - } - } -} -``` - -The key under auths is the link to the Docker repository, and the value inside that repository name is the authentication string that is used for that repository. You can create the auth string with base64 by running the following command: - -``` - # echo -n : | base64 -``` - -You can replace the auth string by running the previous command with your config.json file. Then, create the image pull secret by running the following command: - -``` - kubectl create secret generic image-pull-secret --from-file=.dockerconfigjson= --type=kubernetes.io/dockerconfigjson -``` - -### Configuring Redis for App Engine (optional) - -You can configure the App Engine with Remote Dictionary Server (Redis) to provide more reliable service. - -1. Update the Redis host, port, and Time To Live (TTL) settings in `values.yaml` - - ```yaml - redis: - host: - port: - ttl: 1800 - ``` - -2. Set `.Values.appengine.session.useExternalStore` to `true`. -3. If Redis is protected by a password, enter the password in the `REDIS_PASSWORD` field in the `ae-secret-credential` secret that you created in [Protecting sensitive configuration data](#Protecting-sensitive-configuration-data). - -4. If you want to protect Redis communication with TLS, you have the following options: - - * Sign the Redis certificate with a well-known CA. - * Sign the Redis certificate with the same root CA used by this installation. - * Use a zero depth self-signed certificate or sign the certificate with another root CA. Then save the certificate or root CA in the secret and enter the secret name in `.Values.appengine.tls.tlsTrustList`. - -## Red Hat OpenShift SecurityContextConstraints Requirements - -The predefined SecurityContextConstraints name [`restricted`](https://ibm.biz/cpkspec-scc) has been verified for this chart. If your target namespace is bound to this SecurityContextConstraints resource, you can proceed to install the chart. - -This chart also defines a custom SecurityContextConstraints definition that can be used to finely control the permissions and capabilities needed to deploy this chart. - -- From the user interface, you can copy and paste the following snippets to enable the custom SecurityContextConstraints. - - Custom SecurityContextConstraints definition: - - ```yaml - apiVersion: security.openshift.io/v1 - kind: SecurityContextConstraints - metadata: - annotations: - kubernetes.io/description: "This policy is the most restrictive, - requiring pods to run with a non-root UID, and preventing pods from accessing the host." - cloudpak.ibm.com/version: "1.0.0" - name: ibm-dba-aae-scc - allowHostDirVolumePlugin: false - allowHostIPC: false - allowHostNetwork: false - allowHostPID: false - allowHostPorts: false - allowPrivilegedContainer: false - allowPrivilegeEscalation: false - allowedCapabilities: [] - allowedFlexVolumes: [] - allowedUnsafeSysctls: [] - defaultAddCapabilities: [] - defaultPrivilegeEscalation: false - forbiddenSysctls: - - "*" - fsGroup: - type: MustRunAs - ranges: - - max: 65535 - min: 1 - readOnlyRootFilesystem: false - requiredDropCapabilities: - - ALL - runAsUser: - type: MustRunAsNonRoot - seccompProfiles: - - docker/default - seLinuxContext: - type: RunAsAny - supplementalGroups: - type: MustRunAs - ranges: - - max: 65535 - min: 1 - volumes: - - configMap - - downwardAPI - - emptyDir - - persistentVolumeClaim - - projected - - secret - priority: 0 - ``` - -## Resources Required - -Follow the OpenShift instructions in [Planning Your Installation](https://docs.openshift.com/container-platform/3.11/install/index.html#single-master-single-box). Then check the required resources in [System and Environment Requirements](https://docs.openshift.com/container-platform/3.11/install/prerequisites.html) and set up your environment. - -| Component name | Container | CPU | Memory | -| --- | --- | --- | --- | -| App Engine | App Engine container | 1 | 512Mi | -| App Engine | Init Containers | 200m | 128Mi | -| Resource Registry | Resource Registry container | 200m | 256Mi | -| Resource Registry | Init containers | 200m | 256Mi | - -## Installing the Chart - -You can deploy your container images with the following methods: - -- [Using Helm charts](helm-charts/README.md) -- [Using Kubernetes YAML](k8s-yaml/README.md) - - -## Configuration - -The following table lists the configurable parameters of the chart and their default values. All properties are required, unless they have a default value or are explicitly optional. Although the chart might seem to install correctly when some parameters are omitted, this kind of configuration is not supported. - -| Parameter | Description | Default | -| -------------------------------------- | ----------------------------------------------------- | ---------------------------------------------------- | -| `global.existingClaimName` | Existing persistent volume claim name for the JDBC and ODBC library | | -| `global.nonProductionMode` | Production mode. This value must be false. | `false` | -| `global.imagePullSecrets` | Existing Docker image secret | | -| `global.caSecretName` | Existing CA secret | | -| `global.dnsBaseName` | Kubernetes Domain Name System (DNS) base name | `svc.cluster.local` | -| `global.contributorToolkitsPVC` | Persistent volume for contributor toolkit storage | | -| `global.image.keytoolInitcontainer` | Image name for TLS init container | `dba-keytool-initcontainer:19.0.2` | -| `global.ums.serviceType` | UMS service type: `NodePort`, `ClusterIP`, or `Ingress` | | -| `global.ums.hostname` | UMS external host name | | -| `global.ums.port` | UMS port (only effective when using NodePort service) | | -| `global.ums.adminSecretName` | Existing UMS administrative secret for sensitive configuration data | | -| `global.resourceRegistry.hostname` | Resource Registry external host name | | -| `global.resourceRegistry.port` | Resource Registry port for using NodePort Service | | -| `global.resourceRegistry.adminSecretName` | Existing Resource Registry administrative secret for sensitive configuration data | | -| `global.appEngine.serviceType` | App Engine service type: `NodePort`, `ClusterIP`, or `Ingress` | | -| `global.appEngine.hostname` | App Engine external host name | | -| `global.appEngine.port` | App Engine port (only effective when using NodePort service) | | -| `appEngine.install` | Switch for installing App Engine | `true` | -| `appEngine.replicaCount` | Number of deployment replicas | `1` | -| `appEngine.probes.initialDelaySeconds` | Number of seconds after the container has started before liveness or readiness probes are initiated | `5` | -| `appEngine.probes.periodSeconds` | How often (in seconds) to perform the probe. The default is 10 seconds. Minimum value is 1. | `10` | -| `appEngine.probes.timeoutSeconds` | Number of seconds after which the probe times out. The default is 1 second. Minimum value is 1. | `5` | -| `appEngine.probes.successThreshold` | Minimum consecutive successes for the probe to be considered successful after failing. Minimum value is 1. | `5` | -| `appEngine.probes.failureThreshold` | When a pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Minimum value is 1. | `3` | -| `appEngine.images.appEngine` | Image name for App Engine container | `solution-server:19.0.2` | -| `appEngine.images.tlsInitContainer` | Image name for TLS init container | `dba-keytool-initcontainer:19.0.2` | -| `appEngine.images.dbJob` | Image name for App Engine database job container | `solution-server-helmjob-db:19.0.2` | -| `appEngine.images.oidcJob` | Image name for OpenID Connect (OIDC) registration job container | `dba-umsregistration-initjob:19.0.2` | -| `appEngine.images.dbcompatibilityInitContainer` | Image name for database compatibility init container | `dba-dbcompatibility-initcontainer:19.0.2` | -| `appEngine.images.pullPolicy` | Pull policy for all containers | `IfNotPresent` | -| `appEngine.tls.tlsSecretName` | Existing TLS secret containing `tls.key` and `tls.crt`| | -| `appEngine.tls.tlsTrustList` | Existing TLS trust secret | `[]` | -| `appEngine.database.name` | App Engine database name | | -| `appEngine.database.host` | App Engine database host | | -| `appEngine.database.port` | App Engine database port | | -| `appEngine.database.type` | App Engine database type: `db2` | | -| `appEngine.database.currentSchema` | App Engine database Schema | | -| `appEngine.database.initialPoolSize` | Initial pool size of the App Engine database | `1` | -| `appEngine.database.maxPoolSize` | Maximum pool size of the App Engine database | `10` | -| `appEngine.database.uvThreadPoolSize` | UV thread pool size of the App Engine database | `4` | -| `appEngine.database.maxLRUCacheSize` | Maximum Least Recently Used (LRU) cache size of the App Engine database | `1000` | -| `appEngine.database.maxLRUCacheAge` | Maximum LRU cache age of the App Engine database | `600000` | -| `appEngine.useCustomJDBCDrivers` | Toggle for custom JDBC drivers | `false` | -| `appEngine.adminSecretName` | Existing App Engine administrative secret for sensitive configuration data | | -| `appEngine.logLevel.node` | Log level for output from the App Engine server | `trace` | -| `appEngine.logLevel.browser` | Log level for output from the web browser | `2` | -| `appEngine.contentSecurityPolicy.enable`| Enables the content security policy for the App Engine | `false` | -| `appEngine.contentSecurityPolicy.whitelist`| Configuration of the App Engine content security policy whitelist | `""` | -| `appEngine.session.duration` | Duration of the session | `1800000` | -| `appEngine.session.resave` | Enables session resave | `false` | -| `appEngine.session.rolling` | Send cookie every time | `true` | -| `appEngine.session.saveUninitialized` | Uninitialized sessions will be saved if checked | `false` | -| `appEngine.session.useExternalStore` | Use an external store for storing sessions | `false` | -| `appEngine.redis.host` | Host name of the Redis database that is used by the App Engine | | -| `appEngine.redis.port` | Port number of the Redis database that is used by the App Engine | | -| `appEngine.redis.ttl` | Time to live for the Redis database connection that is used by the App Engine | | -| `appEngine.maxAge.staticAsset` | Maximum age of a static asset | `2592000` | -| `appEngine.maxAge.csrfCookie` | Maximum age of a Cross-Site Request Forgery (CSRF) cookie | `3600000` | -| `appEngine.maxAge.authCookie` | Maximum age of an authentication cookie | `900000` | -| `appEngine.env.serverEnvType` | App Engine server environment type | `development` | -| `appEngine.env.maxSizeLRUCacheRR` | Maximum size of the LRU cache for the Resource Registry | `1000` | -| `appEngine.resources.ae.limits.cpu` | Maximum amount of CPU that is required for the App Engine container | `1` | -| `appEngine.resources.ae.limits.memory` | Maximum amount of memory that is required for the App Engine container | `1024Mi` | -| `appEngine.resources.ae.requests.cpu` | Minimum amount of CPU that is required for the App Engine container | `500m` | -| `appEngine.resources.ae.requests.memory` | Minimum amount of memory that is required for the App Engine container | `512Mi` | -| `appEngine.resources.initContainer.limits.cpu` | Maximum amount of CPU that is required for the App Engine init container | `500m` | -| `appEngine.resources.initContainer.limits.memory` | Maximum amount of memory that is required for the App Engine init container | `256Mi` | -| `appEngine.resources.initContainer.requests.cpu` | Minimum amount of CPU that is required for the App Engine init container | `200m` | -| `appEngine.resources.initContainer.requests.memory` | Minimum amount of memory that is required for App Engine init container | `128Mi` | -| `appEngine.autoscaling.enabled` | Enable the Horizontal Pod Autoscaler for App Engine init container | `false` | -| `appEngine.autoscaling.minReplicas` | Minimum limit for the number of pods for the App Engine | `2` | -| `appEngine.autoscaling.maxReplicas` | Maximum limit for the number of pods for the App Engine | `5` | -| `appEngine.autoscaling.targetAverageUtilization` | Target average CPU utilization over all the pods for the App Engine init container | `80` | -| `resourceRegistry.install` | Switch for installing Resource Registry | `true` | -| `resourceRegistry.images.resourceRegistry` | Image name for Resource Registry container | `dba-etcd:19.0.2` | -| `resourceRegistry.images.pullPolicy` | Pull policy for all containers | `IfNotPresent` | -| `resourceRegistry.tls.tlsSecretName` | Existing TLS secret containing `tls.key` and `tls.crt`| | -| `resourceRegistry.replicaCount` | Number of etcd nodes in cluster | `3` | -| `resourceRegistry.resources.limits.cpu` | CPU limit for Resource Registry configuration | `500m` | -| `resourceRegistry.resources.limits.memory` | Memory limit for Resource Registry configuration | `512Mi` | -| `resourceRegistry.resources.requests.cpu` | Requested CPU for Resource Registry configuration | `200m` | -| `resourceRegistry.resources.requests.memory` | Requested memory for Resource Registry configuration | `256Mi` | -| `resourceRegistry.persistence.enabled` | Enables this deployment to use persistent volumes | `false` | -| `resourceRegistry.persistence.useDynamicProvisioning` | Enables dynamic binding of persistent volumes to created persistent volume claims | `true` | -| `resourceRegistry.persistence.storageClassName` | Storage class name | | -| `resourceRegistry.persistence.accessMode` | Access mode as ReadWriteMany ReadWriteOnce | | -| `resourceRegistry.persistence.size` | Storage size | | -| `resourceRegistry.livenessProbe.enabled` | Liveness probe configuration enabled | `true` | -| `resourceRegistry.livenessProbe.initialDelaySeconds` | Number of seconds after the container has started before liveness is initiated | `120` | -| `resourceRegistry.livenessProbe.periodSeconds` | How often (in seconds) to perform the probe | `10` | -| `resourceRegistry.livenessProbe.timeoutSeconds` | Number of seconds after which the probe times out | `5` | -| `resourceRegistry.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after failing. Minimum value is 1. | `1` | -| `resourceRegistry.livenessProbe.failureThreshold` | When a pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Minimum value is 1. | `3` | -| `resourceRegistry.readinessProbe.enabled` | Readiness probe configuration enabled | `true` | -| `resourceRegistry.readinessProbe.initialDelaySeconds` | Number of seconds after the container has started before readiness is initiated | `15` | -| `resourceRegistry.readinessProbe.periodSeconds` | How often (in seconds) to perform the probe | `10` | -| `resourceRegistry.readinessProbe.timeoutSeconds` | Number of seconds after which the probe times out | `5` | -| `resourceRegistry.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after failing. Minimum value is 1. | `1` | -| `resourceRegistry.readinessProbe.failureThreshold` | When a pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Minimum value is 1. | `6` | -| `resourceRegistry.logLevel` | Log level of the resource registry server. Available options: `debug` `info` `warn` `error` `panic` `fatal` | `info` | - -## Implementing storage - -This chart requires an existing persistent volume of any type. The minimum supported size is 1GB. Additionally, a persistent volume claim must be created and referenced in the configuration. - -### Persistent volume for JDBC Drivers (optional) - -If you don't create this persistent volume and related claim, leave `global.existingClaimName` empty and set `appengine.useCustomJDBCDrivers` to `false`. - -The persistent volume should be shareable by pods across the whole cluster. For a single-node Kubernetes cluster, you can use HostPath to create it. For multiple nodes in a cluster, use shareable storage, such as NFS or GlusterFS, for the persistent volume. It must be passed in the values.yaml files (see the global.existingClaimName property in the configuration). - -The following example shows the HostPath type of persistent volume. - -```yaml -kind: PersistentVolume -apiVersion: v1 -metadata: - name: jdbc-pv-volume - labels: - type: local -spec: - storageClassName: manual - capacity: - storage: 2Gi - accessModes: - - ReadWriteMany - hostPath: - path: "/mnt/data" -``` - -The following example shows the NFS type of persistent volume. - -```yaml -kind: PersistentVolume -apiVersion: v1 -metadata: - name: jdbc-pv-volume - labels: - type: nfs -spec: - storageClassName: manual - capacity: - storage: 2Gi - accessModes: - - ReadWriteMany - nfs: - path: /tmp - server: 172.17.0.2 -``` - -After you create a persistent volume, you can create a persistent volume claim to bind the correct persistent volume with the selector. Or, if you are using GlusterFS with dynamic allocation, create the persistent volume claim with the correct storageClassName to allow the persistent volume to be created automatically. - -The following example shows a persistent volume claim. - -```yaml -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: jdbc-pvc -spec: - storageClassName: manual - accessModes: - - ReadWriteMany - resources: - requests: - storage: 2Gi -``` - -The mounted directory must contain a jdbc sub-directory, which in turn holds subdirectories with the required JDBC driver files. Add the following structure to the mounted directory (which in this case is called binaries): - -``` -/binaries - /jdbc - /db2 - /db2jcc4.jar - /db2jcc_license_cu.jar -``` - -The /jdbc folder and its contents depend on the configuration. Copy the JDBC driver files to the mounted directory as shown in the previous example. Make sure those files have the correct access. IBM Cloud Pak for Automation products on OpenShift use an arbitrary UID to run the applications, so make sure those files have read access for root(0) group. Enter the persistent volume claim name in the `global.existingClaimName` field. - -### Persistent volume for etcd data for Resource Registry (optional) - -Without a persistent volume, the Resource Registry cluster might be broken during pod relocation. -If you don't need data persistence for Resource Registry, you can skip this section by setting resourceRegistry.persistence.enabled to false in the configuration. Otherwise, you must create a persistent volume. - -The following example shows a persistent volume definition using NFS. - -```yaml -kind: PersistentVolume -apiVersion: v1 -metadata: - name: etcd-data-volume - labels: - type: nfs -spec: - storageClassName: manual - capacity: - storage: 3Gi - accessModes: - - ReadWriteOnce - nfs: - path: /nfs/general/rrdata - server: 172.17.0.2 -``` - -You don't need to create a persistent volume claim for Resource Registry. Resource Registry is a StatefulSet, so it creates the persistent volume claim based on the template in the chart. See the [Kubernetes StatefulSets document](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/) for more details. - -Notes: - -* You must give root(0) group read/write access to the mounted directories. Use the following command: - - ``` - chown -R 50001:0 - chmod g+rw - ``` - -* Each Resource Registry server uses its own persistent volume. Create persistent volumes based on the replicas (resourceRegistry.replicaCount in the configuration). - -## Limitations - -* The solution server image only trusts CA due to the limitation of the Node.js server. For example, if external UMS is used and signed with another root CA, you must add the root CA as trusted instead of the UMS certificate. - - * The certificate can be self-signed, or signed by a well-known CA. - * If you're using a depth zero self-signed certificate, it must be listed as a trusted certificate. - * If you're using a certificate signed by a self-signed CA, the self-signed CA must be in the trusted list. Using a leaf certificate in the trusted list is not supported. - -* The App Engine supports only the IBM DB2 database. -* The Helm upgrade and rollback operations must use the Helm command line, not the uder interface. - -## Documentation - -* [Using the IBM Cloud Pak for Automation](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/welcome/kc_welcome_dba_distrib.html) -* [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) diff --git a/AAE/README_config.md b/AAE/README_config.md new file mode 100644 index 00000000..34dc1327 --- /dev/null +++ b/AAE/README_config.md @@ -0,0 +1,119 @@ +# Configuring IBM Business Automation Application Engine (App Engine) 19.0.3 + +These instructions cover the basic installation and configuration of IBM Business Automation Application Engine (App Engine). + +## Table of contents +- [App Engine Component Details](#App-engine-component-details) +- [Prerequisites](#Prerequisites) +- [Resources Required](#Resources-required) +- [Step 1: Preparing to install App Engine for Production](#Step-1-preparing-to-install-app-engine-for-production) +- [Step 2: Configuring Redis for App Engine (Optional)](#Step-2-configuring-redis-for-app-Engine-optional) +- [Step 3: Implementing storage (Optional)](#Step-3-implementing-storage-optional) +- [Step 4: Configuring the custom resource YAML file for your App Engine deployment](#Step-4-configuring-the-custom-resource-YAML-file-for-your-app-engine-deployment) +- [Step 5: Completing the installation](#Step-5-completing-the-installation) +- [Limitations](#Limitations) + +## Introduction + +This installation deploys the App Engine, a user interface service tier to run applications that are built by IBM Business Automation Application Designer (App Designer). + +## App Engine Component Details + +This component deploys several services and components. + +In the standard configuration, it includes these components: + +* IBM Resource Registry component +* IBM Business Automation Application Engine (App Engine) component + +To support those components, a standard installation generates: + + * 3 or more ConfigMaps that manage the configuration of App Engine, depending on the customized configuration + * 1 or more deployment running App Engine, depending on the customized configuration + * 4 or more pods for Resource Registry, depending on the customized configuration + * 1 service account with related role and role binding + * 3 secrets to get access during operator installation + * 3 services and optionally an Ingress or Route (OpenShift) to route the traffic to the App Engine + +## Prerequisites + + * [Remote Dictionary Server (Redis)](http://download.redis.io/releases/) + * [User Management Service](../UMS/README_config.md) + * Resource Registry, which is included in the App Engine configuration. If you already configured Resource Registry through another component, you need not install it again. + +## Resources Required + +Follow the OpenShift instructions in [Planning Your Installation 3.11](https://docs.openshift.com/container-platform/3.11/install/index.html#single-master-single-box) or [Planning your Installation 4.2](https://docs.openshift.com/container-platform/4.2/welcome/index.html). Then check the required resources in [System and Environment Requirements on OCP 3.11](https://docs.openshift.com/container-platform/3.11/install/prerequisites.html) or [System and Environment Requirements on OCP 4.2](https://docs.openshift.com/container-platform/4.2/architecture/architecture.html) and set up your environment. + +| Component name | Container | CPU | Memory | +| --- | --- | --- | --- | +| App Engine | App Engine container | 1 | 1Gi | +| App Engine | Init containers | 200m | 128Mi | +| Resource Registry | Resource Registry container | 200m | 256Mi | +| Resource Registry | Init containers | 100m | 128Mi | + + +## Step 1: Preparing to install App Engine for Production + +Besides the common steps to set up the operator environment, you must do the following steps before you install App Engine. + +* Create the App Engine database. See [Creating the database](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_aeprep_db.html). +* Create secrets to protect sensitive configuration data, See [Creating secrets to protect sensitive configuration data](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_aeprep_data.html). + +## Step 2: Configuring Redis for App Engine (Optional) + +You can configure App Engine with Remote Dictionary Server (Redis) to provide more reliable service. See [Configuring App Engine with Redis](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_aeprep_redis.html). + +## Step 3: Implementing storage (Optional) + +You can optionally add your own persistent volume (PV) and persistent volume claim (PVC) if you want to use your own JDBC driver or you want Resource Registry to be backed up automatically. The minimum supported size is 1 GB. For instructions, see [Optional: Implementing storage](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_aeprep_storage.html). + + +## Step 4: Configuring the custom resource YAML file for your App Engine deployment + +1. Make sure that you've set the configuration parameters for the [User Management Service](../UMS/README_config.md) in your copy of the template custom resource YAML file. + +2. Edit your copy of the template custom resource YAML file and make the following updates. After completing those updates, if you need to install other components, please go to [Step 5](README_config.md#step-5-completing-the-installation) and do the configuration for those components, using the same YAML file. + + a. Uncomment and update the `shared_configuration` section if you haven't done it already. + + b. Update the `application_engine_configuration` and `resource_registry_configuration` sections. + * If you just want to install App Engine with the minimal required values, replace the contents of `application_engine_configuration` and `resource_registry_configuration` in your copy of the template custom resource YAML file with the values from the [sample_min_value.yaml](configuration/sample_min_value.yaml) file. + + * If you want to use the full configuration list and customize the values, update the required values in `application_engine_configuration` and `resource_registry_configuration` in your copy of the template custom resource YAML file based on your configuration. + +### Configuration +If you want to customize your custom resource YAML file, refer to the [configuration list](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_ae_params.html) for each parameter. + +## Step 5: Completing the installation + +Go back to the relevant installation or update page to configure other components and complete the deployment with the operator. + +Installation pages: + - [Managed OpenShift installation page](../platform/roks/install.md) + - [OpenShift installation page](../platform/ocp/install.md) + - [Certified Kubernetes installation page](../platform/k8s/install.md) + +Update pages: + - [Managed OpenShift installation page](../platform/roks/update.md) + - [OpenShift installation page](../platform/ocp/update.md) + - [Certified Kubernetes installation page](../platform/k8s/update.md) + +## Limitations + +* After you deploy the App Engine, you can't change App Engine admin user in the admin secret. + +* Because of a Node.js server limitation, App Engine trusts only root CA. If an external service is used and signed with another root CA, you must add the root CA as trusted instead of the service certificate. + + * The certificate can be self-signed, or signed by a well-known root CA. + * If you're using a depth zero self-signed certificate, it must be listed as a trusted certificate. + * If you're using a certificate signed by a self-signed root CA, the self-signed CA must be in the trusted list. Using a leaf certificate in the trusted list is not supported. + * If you're adding the root CA of two or more external services to the App Engine trust list, you can't use the same common name for those root CAs. + +* The App Engine supports only the IBM DB2 database. + +* Resource Registry limitation + + Because of the design of etcd, it's recommended that you don't change the replica size after you create the Resource Registry cluster to prevent data loss. If you must set the replica size, set it to an odd number. If you reduce the pod size, the pods are destroyed one by one slowly to prevent data loss or the cluster getting out of sync. + * If you update the Resource Registry admin secret to change the username or password, first delete the -dba-rr- pods to cause Resource Registry to enable the updates. Alternatively, you can enable the update manually with etcd commands. + * If you update the Resource Registry configurations in the icp4acluster custom resource instance. the update might not affect the Resource Registry pod directly. It will affect the newly created pods when you increase the number of replicas. diff --git a/AAE/README_migrate.md b/AAE/README_migrate.md new file mode 100644 index 00000000..7459c90b --- /dev/null +++ b/AAE/README_migrate.md @@ -0,0 +1,34 @@ + +# Migrating from IBM Business Automation Application Engine (App Engine) 19.0.2 to 19.0.3 + +These instructions cover the migration of IBM Business Automation Application Engine (App Engine) from 19.0.2 to 19.0.3. + +## Introduction + +If you install App Engine 19.0.2 and want to continue to use your 19.0.2 applications in App Engine 19.0.3, you can migrate your applications from App Engine 19.0.2 to 19.0.3. + +## Step 1: Export apps that were authored in 19.0.2 + +Log in to the admin console in your IBM Business Automation Studio 19.0.2 environment, then export your apps as IBM Business App Installation Package (.zip) files. + +## Step 2: Publish the apps to App Engine through Business Automation Navigator + +Publish your apps to App Engine through Business Automation Navigator and make sure they work without errors. + +## Step 3: Shut down the App Engine 19.0.2 environment + +Log in to your OpenShift environment to stop all the development pods. You can scale down the number of development pods to 0 by using the OpenShift console. (Note: JMS and the Resource Registry are stateful and can't be scaled down from the OpenShift console. Keeping them won't impact your next action.) + +## Step 4: Reuse the App Engine database from 19.0.2 + +Reuse the existing App Engine database. Update the database configuration information under application_engine_configuration in the custom resource YAML file. + +## Step 5: Install App Engine 19.0.3 + +[Install IBM Business Automation Application Engine](../AAE/README_config.md). + +## Step 6: Migrate IBM Business Automation Navigator from 19.0.2 to 19.0.3 to verify your apps + +Following the IBM Business Automation Navigator migration instructions(We should add a link to the Navigator migration instructions,once navigator migration link is ready), migrate Business Automation Navigator from 19.0.2 to 19.0.3. Then, test your apps. + + diff --git a/AAE/configuration/README.md b/AAE/configuration/README.md deleted file mode 100644 index 7cb42454..00000000 --- a/AAE/configuration/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# App Engine platform Helm installation helper script - -1. Extract the IBM Business Applicaition Studio platform Helm installation helper script from the aae-helper.tar file and copy it to a specified directory, for example, ibm-dba-aae-helper. - -2. Unpack the package by running the following command: - - ``` - tar xvf aae-helper.tar - ``` - -3. Update the `./pre-install/aae.yaml`file with the following settings: - -#### App Engine settings - | Parameter | Description | Default | -| -------------------------------------- | ----------------------------------------------------- | ---------------------------------------------------- | -| `releaseName` | Release Name. If you want to install with a release name other than bastudio, update this field. | | -| `server.type` | Kubernetes cluster type. OpenShift is supported. | `openshift` | -| `server.infrastructureNodeIP` | Infrastructure node IP | | -| `server.certificateManagerIntalled` | Whether to use Cert Manager installation | `false` | -| `admin.username` | Administrative username, which is used by User Management Service (UMS), App Engine, and Business Automation Studio | | -| `admin.password` | Administrative password | | -| `ums.hostname` | UMS external host name | | -| `ums.tlsSecretName` | Enter the UMS root CA secret name in this field | | -| `appEngine.hostname` | App Engine external host name | | -| `appEngine.db.name` | App Engine database name | | -| `appEngine.db.hostname` | App Engine database host | | -| `appEngine.db.port` | App Engine database port | | -| `appEngine.db.username` | App Engine database user name | | -| `appEngine.db.password` | App Engine database password | | -| `appEngine.redis.password` | Set this password only if you are using Redis | `password` | -| `resourceRegistry.hostname` | Resource Registry external host name | | -| `resourceRegistry.root.password` | Resource Registry root password | | -| `resourceRegistry.read.username` | Resource Registry reader user name | | -| `resourceRegistry.read.password` | Resource Registry reader password | | -| `resourceRegistry.write.username` | Resource Registry writer user name | | -| `resourceRegistry.write.password` | Resource Registry writer password | | | -| `images.appEngine` | Image name for App Engine container | `solution-server:19.0.2` | -| `images.dbJob` | Image name for App Engine database job container | `solution-server-helmjob-db:19.0.2` | -| `images.resourceRegistry` | Image name for Resource Registry container | `dba-etcd:19.0.2` | -| `images.umsInitRegistration` | Image name for OpenID Connect (OIDC) registration job container | `dba-umsregistration-initjob:19.0.2` | -| `images.tlsInitContainer` | Image name for TLS init container | `dba-keytool-initcontainer:19.0.2` | -| `images.ltpaInitContainer` | Image name for job container | `dba-keytool-jobcontainer:19.0.2` | -| `images.dbcompatibilityInitContainer` | Image name for database compatibility init container | `dba-dbcompatibility-initcontainer:19.0.2` | -| `ImagePullPolicy` | Pull policy for all containers | `Always` | -| `imagePullSecrets` | Existing Docker image secret | `image-pull-secret` | - - -4. Run the command `./pre-install/prepare-aae.sh -i ./pre-install/aae.yaml`. You'll see the following information on your screen: - -``` -Target folder does not exist. Creating folder -wrote ./output/aae-helper/templates/admin-secrets.yaml -wrote ./output/aae-helper/templates/certificate.yaml -wrote ./output/aae-helper/templates/route-ingress.yaml -wrote ./output/aae-helper/templates/NOTES.txt -wrote ./output/aae-helper/templates/db-script.sql -wrote ./output/aae-helper/templates/updateValues.yaml ---- -# Source: aae-helper/templates/NOTES.txt -Generating admin secret- related resources in file -./aae-helper/templates/admin-secrets.yaml - -Generating TLS key and certificate resources with secret in file -./aae-helper/templates/certificate.yaml - -Generating route definition in file -./aae-helper/templates/route-ingress.yaml - -Generating values to update in file -./aae-helper/templates/updateValues.yaml - -You can apply the resources with command: -kubectl apply -f ./admin-secrets.yaml -kubectl apply -f ./certificate.yaml -oc apply -f ./route-ingress.yaml - -Create the database with command: -db2 -tvf ./db-script.sql - -``` - -5. Run the following commands to create sensitive configuration data, create TLS key and certification secrets, and set the service type. - -``` - kubectl apply -f ./admin-secrets.yaml - kubectl apply -f ./certificate.yaml - oc apply -f ./route-ingress.yaml -``` - -6. Copy the database script to your dabase and run the command `db2 -tvf ./db-script.sql` on the database. diff --git a/AAE/configuration/aae-helper.tar b/AAE/configuration/aae-helper.tar deleted file mode 100644 index 3675ea6b5d737a1ca9301366e35c4c0dc76f9f82..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 20480 zcmeHtc|4SD+rJhq6BR9@#bwPlV;M`0C~HZU5J{ymbB!5hYZgpM*-9uX+6k$oD58|2 z+}Wd>VwAOKxja_?_1b((>H*{d?Z$`Q!b(=AW6l&f`3m@3Efe3`U*Fg3%N@n}erP z)rI~mFAeb0)6o$EZ&*Dojq&fu67mw##Oh%6banKw8k#~Hnph1TJt0WvzoN}gOu4{v z76b`#Sa>fA`=`ZmU;l1>9O?h2kC-3)kH^DkGE8N{EDXne*MG_m#KF4S+T;B`8V6uS z6RiF0e;r*-O(96*Kc&E5@%caQf9dcU^ZD=$D+{UO*V$-Lp;H}hg!#ZjZ?R6+y z>{sgAI6CTDIZ-|EbRy4TBg0@FOr;66tr}$4>t+m|2zX#PK-zwUm)I+&uk71FnqN=j zT2Uk68*DcF$ll_ZV5zB#gpMZlcMbLF3H2*Pe_^&+rWtfkcaimy2yb}cb}j$FTxw;s zg3=tDCR2|93%9<9Zw=2_U+C`oP(0MZ!L<(S-?9FDiavaCxU2sIoL4n?zN+2Z_YUKA zbS-(eU2@pB^Hn^hGrji)t(P5s>VpYlGnY7WzrN`hFOf1xFFL|Q<>uyBF2>ux5m$- zpU<3AV?iY4#MukmA5iPMBQmrqzWe2*tzs)pMD;#SRahH|nqMls-u9x-d+ht1j=j^F zLaUGMkg<%>U5c64gFmep7A0jGxb@*jhba;_mOX!V*3UC6_s%lcd%YhxOzy(`IY%|m zzKGc9m{VM0Zx~}rIT4DBnX%P$MuC{0ud?0S`y%-p674jW7+^V<3PN<+*kW&(^Y^?@ zR9P01u=A|>-7V*5JS{oB?yZh;ywQHUDrHeo^9?IbB=ns9(s#voC8zG5(jH|z>Q0c+ ze0#bdLuO-tU!6~5iFn$pgLvk&;I)75(s)KO6`ord$NK{kUL2g3MkTxAQFq9Ti-itG$W`u7f28m4KgV$Cp`gbfdV23h#9|rg%MN_Jc?0T_ z%!$|NqIjsaiXIj=4z@q6C3=H>J#K;Qz2W*3=l|HRGUvtcj+ixYoNJ*qH*NQarNFUzYE9azYHnx{pUCg^>E_Fom*`3?=L6pourw6uIcA6j8xE2xJ zdWqC6EOAdRD7TNkUnmBkqPI zZYfsyqpT}j{r)?R?TU8aLKDJGM1*xDl*3zcowsT23bMUCE3}_^alwTFABveG#9PPHUniOAUx50-uj=uA0j`Y$ zVk>Xuw73nFFR35!IPE(Hj?GtwKMd@P)FoWQo?=@}tt<=cmfU(rvOpBm-nFTr?PyQr zk-N9CE^@;X$HJJ_rLQt(1=_@)%(hlE)LfPy(ei0_l(KeI?FKC4rcr}tBI-?@&ypnL z`#1V`pK;Ap2zh39SAk|wFCwq9Cf;ywJ=<}`GLmm);QP{itxrK#ZI&jN&$MrEMeVFz zmf1w~teQ<(anZGONp$ld`g63!{n!)nsUGu;#fpO0?sZR0u+0?7Fc8iw*)Da~1J{3S z#`fUka;zdM%qfQ={xPh#7IR|FielTw~%vT56&)np!02r}P# zH66dXsm-)f&C?)bU&=N~O_qgZSckpJV^cOtam4~Suy(laQ|FxFwvT1fPm3yg^J<)3 zh7TR`J#(RV*m9L;^J=}LYbV|Gc@n;H-rK73CN-Om>#5m~>0Y|=hCB?~H#+LG@~-uk zrS2Cblke5uuDVzKx_5_PAHAoQV%xj2E~wqJWXf$=Ok6Lx zGOC1-dRRV8|8Cild2_0$*c|`)4QJ~Ol5d&3^7dBU?x9e=|EAWOzPTx)SDMjZ1F(ez zOV?7bVkOp~MoRkOftDv}J}m~xcV-4D1}SNgj>>I%Uf1+N)pS+sG1`H&ZGHxRvzrq& zhfn2@r}SKiIvzs`{YJF)5&a-7&E4@ZtYdc4=MxRKQy;$H`{uS`i(!-F<~avktKC|8 zslnV&wHYn%R$^QoqFD!3{nDpZpNcZ6WSfjgnPvp$iEEjdt(NWa zRX^nF-w_hX7HN-syL8*`j)(GZq!MR_xy{Xew`rEQJ>7ls^SLGZM?(ub^0J=~)8Y&c z9R!JaaNt#k_aTsu>hYff{Gyu=#ShndIjw19JDuH?u*0B};C{e0YNtz)T42VFl~R*0 zMrzvK7P+F<;C75W&9Q!Ry-@LXhwR%cy|Z=_)iIS>)<u+*^09|0>nS^g8uajK-cM>s;X% zl*?y&lO~fXC)_+$Lk-lZ`Y-F*iA|F(uKY+Z*mxO@?M>(4+x`p+n4?KEd9HYw=Cjx= zTavSk9f=zsO)OAwWpYz@GRJYA(CHQ`;X$g3F^WyFrUei-nFQ0C{{BUvd^gYrSpB$~U7HQ%+*Y{)H z8a<|}ttRbjD>a>T^R=9E;?vmKxeLUmnN=CZwz2iBY_{#(prmP>ri?FqP-7`7l+j-| zb(@JW+S~cu{13PT-TkU1!=xzLM%B9(_uX$wyg>>3`g#wROt!-{$@}apsOQzkso7N!~1K&~Y-NLQT(rU<( z3cc~MKl74F`u>E;E@$WrU7~x3T(u zb1=4cVhhx7r(qnc7MWeD*|A9~^y1U%t%)aREqvc`AvnXq?Y;l2GJnfLqvTjxgN;LM ztlx`Xw+!49+=hdvHvLg8Mm3qOK%P(E<9TtfDut2i$*i9j8sK2LeQ4-VM%@Duh04BZ z4|$=x3Vmqw`Cl)XM+`iZ%<3d%TwT6Vb!A^^P=a1DYgTza3Hw7$aY>KY4@&lTk)X{@h*b*EIo@Y(D{ z>HKw1Law}Ghm?^5%X+1qHoL&B3NL$gC`%PTvz=4=n92EHmbHGm^X%Fb7rk5Jjw$G} zdILuI^Vuz{O{0gm2PH~hTZrw&UM>@Ve9b9-NvdKFJ&JpKyIvvJeyh%ovQXzGPF_ca z)nkq=j?~`dbL*Y_`8Vqh2xo;T7EU4Q>By{ZG{BptQ0L5>7bhN@Be}RK=MJ$|JnXB* zzFEtfK2@bz4@#pmBQQ}(c5?F=Y1bS$&lm0S@;&3b@2phds@0?9<_Op)D)mHusYzN+IcKS-q1rrzawBt@3YE)uY(c|7rwnh&f%ul!|+t) zn^kweI>%eAcQzdm5f^{C`PiqW`7wioGe5gfQBRjhW=byDA2z%BXys7Rrms(g>!$22 z^}R3GA+)06h2zJ1)5fE_^NW+EhFVX|kvNSuVun*TYaKxy56dwa=6tIt-28IV>F42> z{wyn5B&!nBTzS#(dce}JajOTE=Cr^1_Q21JJoL`BI#4<`SW!OLVxCLZ<=p1Gx2$rT zhk{@DRQfMn{<3?xd-iJy*_3q)L~JULHaD;CYOI=3k`Q#HQLobVqOGY?w2-3(w}TxC9QD1uSI{VaUQ3QnF)kfpH8L z*z3-M*=+Do8R0YDTnIcEzuOvYwy?!Pd@aVq!-feQ3Il9rKtK`2vjCHEPpt$GEd)Q*z(gEG!c*A*U?U<8XvGB}jv@*vZDPYj$c+bW zva*Ma%ph=W3mF^PbGSqb0|GzuD5LPmCIRBVf(6{n-^u66_xulL1HF(HWC8dXVe~IR zALYZuv)SGZ7V$^)z^2g!+}I}&FNn?{i~tbCQG?hhE{*+n+L9S;5EDq8{;VysBGC44 z6lF0O9LU57h$XN<$o`fYhsw6+FI)5NC*aZG30klNID^TAV7fbn4*zNcp2;-hF9|GJ z2LtDW%po(p`S}Nae4=n5gn@tx!jq8bA4x|HnY0B?Rl`0hbqB0qkOY;8y3{Mo7Fh5l0k z`~vcicq5cJ2s9xLjS=SjGJ+t4C~Rsh2#$ZmOAva%6jS4Wswm*g`u~uCkn^SdQ~slg zhs4s~13gO3kJ}9}-V1;Llki+B2l6Jv{K^Uu8T93X&}6|x3L7ZGe;4?EjKR1(w*#@u zWr3(;!R{1LetF=-Pf3r2H$q}JLh)C5GsbR|_$!+EpxGeh5~sNmqk+)^g2ou&pnpk2bX(7G`(+*Zt)J$>a6^MCJ;v^rv;!p% zkA^t};&&R*k1gmF&PcNHLB{dPz`_Ws{DxfmdH*M2AzWkZIUI}<_YsS z3t$n!&LJ2!Y5`w}ycmQ2ZFR1srYp3~?i*V3ILsP^qA~ zBf*2@5Yl|dx`-f}_==278(=<#z}Uf`djyRf^l&-@0 zL<=SokVI%fn4%HJBSXpGoE?5V|AGGkF~LxZM&^4q`ER!V<7K3c{>A@)u)q8NhX!`y z{P&Lm{vQy^$*8+g=<05GHW?hmI1m~}p+L>@27mEjDk=Md@&Xgc3`o`iIpwhlED95J zePn8M<5ECf zmO zY9NnE3@T`6hTr*^Q}OQXaeR?(g|Ojsfxas{PALHi0}`-=1T4WD3v!1+P2=YOI0O9wf2Oq=%-Ai?H8IGeE?RVmb<`rT|ib z9Wo$+q3?$LYKK5Se)16+;4+2|j=YFxKpu{%MS*G&SOeJ~_I-EJm`oxS;EmirQ3bIi?>m0Kzw9`p0H8#WbbM_ES@SEVBUfA_Wnjz} z04un_0Xil8I8Z+$l&t_Z24maa3u}TgWSNC z6_`qp!J7lq0W?Uqjo02lUI_@}PoF<&qO2~jgw*5TuAxx;6ym^OHb(BKinhvRAe}-qA0QFJfY;~d=dL--F zJE@T2zp;r9d!uMx|K7%bV;2e>M1HjW_l8;9IGEXEI6fQ{N>FxW{|BvoV(SC~69`No zFoD1X0uu;KATWWz1OgKXOdv3Uzytyl2uvU_fxrX;69`NoFoD1X0uu;KATWWz1OgKX WOdv3Uzytyl2uvU_fx!O(1pXhw2F;uR diff --git a/AAE/configuration/sample_min_value.yaml b/AAE/configuration/sample_min_value.yaml new file mode 100644 index 00000000..56750ff6 --- /dev/null +++ b/AAE/configuration/sample_min_value.yaml @@ -0,0 +1,39 @@ +# Minimal required values for App Engine +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +spec: + ## production configuration + ## App Engine configuration + application_engine_configuration: + ## The application_engine_configuration is a list, you can deploy multiple instances of AppEngine, you can assign different configurations for each instance. + ## For each instance, application_engine_configuration.name and application_engine_configuration.name.hostname must be assigned to different values. + - name: ae_instance1 + hostname: + port: 443 + admin_secret_name: ae-secret-credential + database: + host: + name: + port: + ## If you setup DB2 HADR and want to use it, you need to configure alternative_host and alternative_port, or else, leave is as blank. + alternative_host: + alternative_port: + images: + db_job: + repository: cp.icr.io/cp/cp4a/aae/solution-server-helmjob-db + tag: 19.0.3 + solution_server: + repository: cp.icr.io/cp/cp4a/aae/solution-server + tag: 19.0.3 + + ## Resource Registry Configuration + ## Important: if you've already configured Resource Registry before, you don't need to change resource_registry_configuration section in your copy of the template custom resource YAML file. + resource_registry_configuration: + admin_secret_name: resource-registry-admin-secret + hostname: + port: 443 + images: + resource_registry: + repository: cp.icr.io/cp/cp4a/aae/dba-etcd + tag: 19.0.3 + diff --git a/AAE/helm-charts/README.md b/AAE/helm-charts/README.md deleted file mode 100644 index a4ea47fe..00000000 --- a/AAE/helm-charts/README.md +++ /dev/null @@ -1,42 +0,0 @@ -# Deploying with Helm charts - -Extract the helm chart from ibm-dba-aae-prod-1.0.0.tgz and copy to your installation directory. - - -## Installing the Chart - -1. To install the chart with release name `my-release`, run the following command: - - ``` - helm install --tls --name my-release ibm-dba-aae-prod -f my-values.yaml --namespace ` - ``` - - The command deploys `ibm-dba-aae-prod` onto the Kubernetes cluster, based on the values specified in the `my-values.yaml` file. If you use [App Engine platform helm install helper script](configuration) before, you can use ./aae-helper/templates/updateValues.yaml file generated by the script. The configuration section lists the parameters that can be configured during installation. - - -### Verifying the Chart - -1. After the installation is finished, see the instructions for verifying the chart by running the following command: - - `helm status my-release --tls` - -2. Get the name of the pods that were deployed with ibm-dba-aae-prod by running the following command: - - `kubectl get pod -n ` - -3. For each pod, check under Events to see that the images were successfully pulled and the containers were created and started, by running the following command with the specific pod name: - - `kubectl describe pod -n ` - -4. Go to `https://` in your browser (if you set up App Engine with Route) or `https://:` (if you set up App Engine with NodePort). - -### Uninstalling the Chart -To uninstall and delete the my-release deployment, run the following command: - - helm delete my-release --purge --tls - -This command removes all the Kubernetes components associated with the chart and deletes the release. If a delete can result in orphaned components, you must delete them manually. - -For example, when you delete a release with stateful sets, the associated persistent volume must be deleted. Run the following command after deleting the chart release to clean up orphaned persistent volumes: - - kubectl delete pvc -l release=my-release diff --git a/AAE/helm-charts/ibm-dba-aae-prod-1.0.0.tgz b/AAE/helm-charts/ibm-dba-aae-prod-1.0.0.tgz deleted file mode 100644 index 0fd83cb7dec680e49804d898096254bdf322f86a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 84791 zcmV)8K*qlxiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{ljF8>Fq)tFSKyPAc;;M+JCA+X<2v^%?TmI;=gdQqG`rcP zQvM(klHef;9srzK+423`Z=o9iL5lNOuaBMNvs|^-P#_+SMx)=&m&Gt!(jld6SV@sR zJKa#JlPxXsfB3aN2L}fSuU@=>{~sJ2bpLhQ%s93HgaNe)#I( zAIQP4HiHK~wbE4n!@(Di)m_|wlMk)$zFS@IvBQUA)Y%Bfxn zSqw8)J$+KsY-X&|UH}$esOs1mLtkg*=if5D87td0IsOnikm1go; zF4p2%wxr(|b*_1ui#kix?fQQ!T5`>QWPjGOX3-7X-U*qhlV}*sJ{poqso7e(zfMI_ zFqv|iM?*r3?B#RQ;L!9hsoh#a`1IjP+n@vOD186k{S?v z2F&noTI z^oA>(57C0GXs%d9NGZyx6j_~`^Kv0FcH)2fip*ImnI?B!Z^)TQZMV3@C_i|RM*Hkh4uDVT=G_MWmN^+6Xd_W@T;Vq7xigLx*HBuzA7OGiBmRkd0 zNeWuhH8T{GC?;=tY6hqaWp;_UM~iJ`h)=neOey$bBa}u8GpGxde6s(Qyh^wjK$A*H zeL|i;KZd{BfTdZ%%MM%#J`Leg7itI(9Y~+Ft{GFJmMJ4Mw&qF$mPq@|Jv!;GLdpjg zaeR32?YI3?bR7?+?fDl>cvMx6Y7;`M3cvU4z`$<7pgVh7RSaHwWG5ou(DcqrrD>j@ z5V+6)N^p&win`P%6=ykMf% zowlk@Q>N5nBbnNWJaf-il;^c%!SmzDoi{s!1~^2CyoSr)K#0i`%VNN=xtf$*p9*_{ zo)B{_-LS0|A|IMnr2ePiwQTtpvE1o+xM6wmgIEr;W!PBoEQRK#>$*^O`;i|pL;N6? z?amD$q?#{z&h@ruew`Ng&(qMDsmOV{Jt33TrO;E!lwo-ySo(>BL5QZ54LRaYKxkaU zg{+l6=SrWDfBz5DOGY&{1P8k+9Z^M;vtJRZunR!WY>CrLYbjZ&=jnzO^n{$f9?f5e z=ra`}pYtEt2|0wv1^pB}Ld2`Qf>1dp^59rRj#b_6G;uUq)+oLSDkviRW)2 z*6W zk^)U7WGTg+GP?~2%krReme!K%t=&*)$V$4*gG-5!yA9VYhaDOW%-f17;MNegEKNBf zgTrrN-FWULQ}ou52k6K?6M4?d^$8i6Lyyl)tLxHk5C4&6?N@5W#-B8kCC%sNDsFxS zl96$B5+Da$LFQ|KB`=R(A^FrgKOtt0=GB6JGFydH&{Xquq!cqtJbLl%kzYlsydzK)(>aQj%Yztv3bzPa<(i^C)P5^s@+hsN(6{^-Ta z$3{Quo%Yc;7aXv@)Cr8dbj_|c&-srQ zU%xqsqQ0wn=VtnfOeMdin%V0B4zqic$mXICZ;PFtfzC3WW+6GX_rjz_Zl88zJVc4V zB8&5R`_5Mn5NIifY0g=xL;4Ke%(|;2mfItW|HyW3?PL4ata%Y9v5VGiWa^^QE=G3I zsEb5x)Prf5o213(`?&-U??ta#v9oPS3!YA;xaEf80qp{;K(ZkWPMzjdDa#HQw5(}v z2?Q`2$l(uWjAkDs*X*iH9pQsJhapB?>=W<`}#&D68YtHpSp=ui4f z$9PQt`|{OsNB{HU<*OHe=zo5T&l{2F;*OW=K<7g?^p=q&W2L*(QRD^1jFGGo@=??z zr6n=+T@$@w1?mW{XXol9`st@3;VY87M_png=-Tec&p$^!+E3s|t?u`ypZx2nj!C>2 znK&7m{QUFDL+uP7OMd?O8O(>3nHjb-wJx_2&ah7vf?ZwS|DlM0~*Q5+2!1{HAGcaEZt9{$%;spGp7zFRxnWrJbcDA zx#M|GmR5^S6`?SBJKIM9Y+AN~9FRHpqlc?&b8mwu0X|nvPyYyuIQjF__coZPhX?kO z%n(@kvY%_~>1R){lDyO_GWaJo{3kW&^oHYp4z}I*y@iFr_L`$(&2?sLVT&!kV5^)i zS^nrYL)*cub<{3nQ?Klb(artJ~1IrjDc1-OW?KZIe9B? znJmEqdaam*7FzPuT*vmEq4^~yS>4DPLPlSajH@&ks+Nq%=B4G9yq%B8=xj>n>4s%> z&d8}KwWO&vfBNZ}IsD2{3#qG0H_6gmO!m;BWgh9PN;fAF!3)Ex1I?{r4ULs#EB=XP z17~)#+O^<}54@3Mv|90!>#frZhR7}Jbowf}Y@Pxqu5wBMhcoshwcSI4i0lcVF# zZ{DqDfJ$NuJ&B-(?`C=@WN=J|OIZl-uZhU83;QfPCGQ%g@)n5V4+SkOFx~na;-Nfa& zQB=QljN_LNjB)7RPVEToUyr=Oh^^{;ZWZXelQ@3$$RrNGd0-N+9-IS00en^%IG!x* zRreS`Dxnl#=4=Y*>x2x}sLNleVTPLSq1))xIkfc5%PY_I`(_Tm;@H0kWX-+5qc@9lwzKJ@BI`|X_>gx#SO+4>{+ z8r`>b0BsH)6OZiRnQ!SglI&$X)xL${EC-DX8yTRA$?WmaHW`qCnfibXjt{;$JQ$Dx zx(-b7AuN4B2EeEe!0Qcs1PA-D*y#Vj5C4a76*!NwoTXYwP@2H+iY$fRBoE_MxE!aI z>LAv`Xa&ET^&>hzhE+k!pMQ=zp7b}o%udMMx@Q(l(~N3*5|KcQ&>#>l^2BUX0^iAh z5?*FTzIkq1sEVcLUG&=e=_kG-LIMsa!A>A*nV|Mk;P4skC<#>}pn zCl2?_)>{75=|5mc8y;GVROBaQaXR%ZOXx%DJV~bT^rxR1gm0b)XNIrH&cxlk%&wO9 zI{>hKc*xH`hckCbbU#qVKZU_{0AD zn|yxB{jX)MtPG>N9DvoIhOY7CSrOfejqsLI|G33Z;Gd}X{zpR)KgHx9Z)t8|v8|LVo74*frVet7%`{r@dKV6FVM)!9!o0VL5^J=%X^Lv4-@4!^n220*Tp zdGd>G0D%P{`sxd80QehU)>=q)5`9H>)-ZI=on$nffH1?0Du=)=3^o0=0q^h9M$$_+ z&X8c{(#U!D*%|h&A(#9kvdkxcCVQ>koG61VwMvwxWkzKdbX~S7g%$ODpC5$0$py`R zLEo+?!wkR}PWo?k14{KI)OSBLIaqKgy;*w4%XM<|4VX2&Ja>sdq5pWlR2NPxlE^r<4LjiTy}Wd?ni<&0OmGbkgW$g*8N=6|^ZyIzzh>(55(GS^ z|2sbD_n4ybbS5Z!B)5Dw6=;4%{>$PajS}^&_VBg{B*X!P(wur`#Z+D&tzKm z+xPqLeb{?G572+Z6XCzZkoWrh)KHK4|2{uF>d^ngKj{B&^!c?Z&>#N4zXWQ3Cz3rC z*%wp7U8(C!iDGY`UCTTzOM#c9l}H8<{-QR|HbUGCP6*H?8{6*XCe^y5F29uUI}X?& z0{dibV6rYp>Qa<5A+!zSw|8MFG}%i|X@zU!OeLe~#BPg9-cdycuFFJJtW+Dm(kNBJ zkfa&l8j{YuFzj(~_n8J8p|lk~o3sn&;dFA=elVGyHV>%x_ukPDxSx{H2fP7F0vHLw zL}7#7Ju}CNO6`(s3@+I%lLMPJ$7Mxq{74GQ(JdTq`x8R*ikIx`y>bvrEurenA&^R3yqH#}!*t28UxZD^j0yQ%A7tWuiWtS7CW{@y6?C=!6j zZZJw?cFm-yLL=~bj98#$yV}&+Axqu&|Fm;r=|+&j>4v2@yj(*xrcG|<{Fv|7Oq1b)9FyU&6vNas9i~ibzTyz8 zIlMA`H<99x28u(R_=5_GpMM_w-Z$~@^V#A55<_SCx)hTAT4OxI{~f$|+4cW@e*Ef> z`0wB3^A(v=t(hzp(SqQG$_UVNGg#1Lm9N_f*uiBwFI+#Jy;Ih%hE zdCWlUE(%eS_os7`ajBwY&Gj?*7pEU3%OB-4_}4wyte=^G+@I>UeAaZdr0GpvLF~JV z{*q-EApO7E^0+4XJZv5*7+w&c*f{6Y$wGJQN)+U_mF$| z`-Fp3js^5Fh!_Ut7KcAeAFX!W5bBu@2|Iy3C<8Jik%!1y^*3`Z^*ZpJ%cNfiL^FyY!X_&=|s5;%) ziN)pyh2<}|IC~0xhmg7B2AhN=dz|m%_NWc7OiwGm(pz)+rKan>7YF~e55t+O83FG) zsx^q$kZEK?B~z|PzE75{WGkL>nzwro=GkodM^O*J-PL@PgZ*&VX$dg7`|Xy)cNej?)(SIpMgPWrhc_FJizYMX}QH`lBqg} z^RbemAO%Y|wB#vu2SiI+D$~*%Cg4eK|6CDD5IoRb++LuM+HNf~6-C9(ff6t|yUew9 z?#|i^4yjivN}HSn_&_|n1vkdt89AB4QwAqsaw-oT834jD{qjsP#+GW-ER(Ai}b zG-Jf7gmQQO1G*F&YHAQLb*ZTOR512^#{ zRc7-_IEtAW!(hJ@1=1=r6l|9{3wIlyZUSP!GOmR*$6Yc^yQ$((jTRG@)1@^{A)&C_ z9G)hxE2&V?5@Q~syN$@1+4Eg`?C8|0b^K$}1)qhU!DgqKx`XEc7|Fb< zh!DjpDgjdrTwoamlPupFN#O+@11-c913lyz9?y) zJF>0nWx=&29**w-?1GuY^z2c9fn36(He2C#8LqnrZ;OyoF;p3bH~79}8=9|(Sl!RO zJngn81HUGxPs01&lV!0Y;94U^$a5lfmv0?(o-s+3o~B%JPH&H1x6P z3`#asVG>QrQU;WKxowTp974tZR#-Nwz6ib=d`6+E$wMJTt0Y`&+(z%1{K*mIo&ZNUvX4mM~?4blA{useI~Q_3oB z4j5!{u`Ci-M4>>mPbyq%uzLl)VKHWtHCXjMDwK9C3Ad2OAZ2#p&C8WlU@pQm4 z%9bkxGUHZeK!AJXMx|Ai8*x*V`4*vUXqTND*;36Ql=D@98Tv- z@^bA{_i=akg$I96?Gu`dlGz(E6~&U5o~wt~x-Yl|p@eI1TP-Y;*Pfgm;?8V^yXz7% zS(*L!vXIhT8=Ur=qPbPP(ls?d1Cg_W`(ATldEQzIrG{A9Nf>#&HvAL*%}YW_PVZFB zwOMM;)_4g}?I+*x1RbjQ5P^d`0Vl4ksNM9FHk-3`%X0fs0H>-q3|X-@COVeM38VI; zI6j4MN1`gf+KgY_U5wWHDogZ;AtE0#H;p$IY${RS-S%>5|ko=Z4hN^#PO1 zFnw9Yq*hE&y(xt(jKFLd3r1xE zH4tqXD76dbV84NRKvCK&`Dh*puZBZuPsg4upjg|MZr)!TG|S9)Y2=*{BZFSt)GdUb zauQ;MzT#O6bwHk?r5Ti!SzS1`wS_T`u%P_swzEsq0KiU(LG%8@1llUHWXK1|x{H4Z znEUJ&y&!6&3Se77S&s}rNAVSGh3UkuBb+jLjvKDE#pU*J@QrG($7Ez3(3{nZRnKhV z=Gd%2Slr$tiiFxZf0UpI=py3CnUuxad5mGhJv@fUgw3?yE^vF&n^fif#lW8JH|YB+r}Vpoxatll!z zK7WpAX4x#5W`Ho*1+uQ0vp(YcmqMGDy!8g|m!&|V%pBV_hg6cBw9;`h`+Tb1SB%{iKPLF2g2(CBH5Zsv@3OG4{Hl}nUIBJKvaT` zA&!sE1W-imW>t-A`S|=-}N}I&i zRvn{CK(81SyS3m1cliN3Y8}wWO2&q>IIpYdMCnim+ z4^$esZ2ckdQ(bORfCb6hh*%97fL#RPrO|@L&4$^tubQdunYl9R^YMnlt#8e>YH#j7 z5n%BfjOJuAACT9h`DE^Z`(d(pcXhoWA4ap;=yEX`&&ky+G|OMTA*0KWh~r;XqfiKuy}5AkdRiN2j*r4nYM1k=!M*Vnr5{#rZfUmsgj=$>p2bjHPZl2mh2BgSm*Y9Q4~%Rd)6r}(IlVp~&B*k6HocmU@wP>4 zVa{?RtEozqkcSnpDPt%Vw$X)Fl@yiahCPP`uSgBLQoz54;s*Ls)HW(rLxBKyq$O8C z*_BAS7n6~wTRSUgV?#sht}u(Z_f101JxI+<=iG&Hkcqi@3A;78YvzG{l!D}-?9>}3 z(4g*__0BkLVT7;nv-@NTy0vhK4Rk4&eN;Y1mJTr_f zni32HgF0PKbJwY((CLO65HU%pM4P#}#r<8a>RfjPU4UloX-thzcxg8?psS(AVDCYj zxSN$(b}kTM*Ft1>JP&n;H$-VsRdmf_;0bCoaa(K-y&&>cT{g@OT!KBGAgM2^-@pS0 zW@AWo!qXE1_h?fS$xq^RUviOc^esLN%zRep|ph zR+L=(^XRR&xtlu?%iLW!CM%WO0Y+8PKn zF!jv*U4V@N+vw+l2t2+#Gxutr8yx&Tnoh@;XOn+DFR$*{H6lR7F6Z4qyjY6<`$n_0Qb*qK(BtZ`WZ3#prlGA|Aw zi!jTGp}_-lSF|mk*7?OulTpRJJ>Ejj*MD z9V;u88*ifg8kwn$K5^&}O7=_x?{m5To$12KBeos_-gp2y%f|E4ilIOnJw|yJCy@HZ z60~KsrLuE~OtnMz$6QXW`}6Q9ftu1!;?VEoJ*>}J6ly73@N(1Rs@32=4*Uz*Z^w88 z*yfD2rr?kq*qRkjNlwdkP1lU9A=I+#*=MyS4Zp5-*OmN{h4H`q=RW`cx%=|{Xf*zQ zeEB6~Jm~*_bo~6)LD&EP#f!t2fB66Z7N5n2dAC!Rb<~k&OB9E7z<8sPCJ7fn0 zm1MUZU6dLszub~jsQV7xPF`Pt`Q1M9$}iBe^}gR8f|rD?R@U+wP6fk3`B#PWCkcVo||5X=DCihRG2m;%4QDLHyQX#!Zk=FBBt>6X+=2bWy#DKXcVC{K-hpZdqs@FN-mH9% z!mL3RkJdsG)i^>quK>)&fYyOgus=rh2a~f~5Y2OkPb?LsD0qrx#X4AKBuv|Tja(LR zFxsiqM2(&d72UcZjzA1sF{VIC=AOmPlsL|)?akUj8uQ3mkpkVvWZ_iX%9(b7B?sf` zHooVrjZoUE5;ZTF+E58RrjXW;*88+c@C^`>V7b|FLRR}`Il_F~7>v+t;>01x-Fm}; zi~*F3*zOB4tY8 z>`P1}f+CbZ?oOY}yqeQGukDyE?c{rBokY>xa?jS6-jUv~mFKH1jO@+25_Rd%VJh;R zrJz$f3*YS%tc~_xD>5oeQI{!_#&f1MllCUq@FkqxYsHiy!WQ76 z6lPACLu@=geS1pys?h?r#wRI=+Bu`BW@J=vVzLw&deHq)%dNBL*o-ieu=18m0SR5a zelUrmi#peQIJJhKiLK2(F~7F>gjVcE;HW@J0X;a=k*n?wxh0a;d2XL&*AVpL1}3G| zkhlTCy27<0uj?|)(Q|p1)H$Dn?S2rlK@G9u89Lt~mYNCRX)^OKGru2h9%xEN)ffWX z5`P!h6o$M&xPw`tJMk@2N>eM!dP89_5!Lv>wFgL|$gR|^EkK_~;b*4Qecvl69DkRP zQMZvN6KN`nik2Kj@D>9V+dE%04-n|_!`ukf-O+&D!?kj2$xSNCRnAj%E^PR<`xp%G z-x3&XdzSvSax@8Xn3pN90`|uFpzlD;?6d)E=!oMlyT%m&`ju=YBnvJr@J_R85>>BO zJOzHWwfk*exE=fh@nyG6hQPG@Og*Kt&<(EW?jmA`mHqfPC zDxl{=l3OlyP4j)b?Rf5byHSSS$-2D-TYTq~oL*mL_$%Dkp^>iNJJ)@eYw6ao&?cfw|LK}oKE-23*YGB4EbBuRs zw@X{?E_f=1A!ua2p^{AnceCj4cRreirDbj3Vh&R7bee|`_?abhEfC?Fqu^OGn zL(>LR7E+I0XyE+&pyXJMC2I=sH6}P~qA*wU?#qAY+qrKQf2Rw2cc|u${=F~IUbgao z^c~uRX}|Cqy|1U=;3nY?Zy$W>a$n0GXBoUGQ&M+e(!%w%p7w|*l#erVEL&uk>F0-z|o$0~V z(Nd*66_)K&b02dw*LB7P+4I}o0rLL+uU^tyzNUt$`z3D&3?MnfLx?wpQ zI}Glk#sZXW%-kI*>m=*Q=^Y+&G#4uzF?ZfYW14Q<8UyTUS$AwqxWR0ek->e-8=xld zzMn}mY}V2#c3rz&R8OPt4D_(O&eMBppC|@48ohCZ^z!QR`^oEz@0}fM#dBsFBAe&A zBGp!gcAdWitxmwe1lA4jSBK}kap-Oxb+9+NRK;<7rA>UxL+f*Ux66+i5^^uZEick= zv8C|4nncl?TGukrLRT5psJUJ7PYfAQ8%GtYTJIY!A@hz>_TGu%&C#-KDr-bkHgLf) z3Vl2I;5OQI*kuGaBu#HhahJ1f?fCtc`b{#5Dn5X`=NoqRBZw_~1lz#)=*RHpNADlk zMS1lIrgyK9#yf}IzbR2f|PzT%Mj^pG_{`#^m+&f?QrL$ob@AvKXI{#Z^oe@5b)skKowZAHYDaW@K`? z7|-5}XXDG$F^po~eS88}Z@R$`(4rOm&=d9$1DMEcJfDtF7i4h-!_CLj(QLFBpMNBl z?wGO8#s+990?k@O8)te4cZa$*wUhJ9Z5(zD9)O2#Kq5Pyxz6*}ddfq%Ap}%-{m4Uf z$wnMQtntoF-4MIZ{h>F%bMz$~-NiLKo8P(K&RrHpZ zYpX1QCzTW{Zpa6m03-hd2GIw|a8G2JV#Fr>01s|nlDAA2&QE_-D=j$%--xeOZy|XISkWuuytBF)3XxA z1CTP8CU8aW6&{#%V=E?W%5&w-F*~7s0TQ;l0*qg>U4HRF{Y%%g#xN@PP5&f{t}0gk zM=4tW(tIbW_*xvlgN7Jw0y*4OI2#ysST&2~Q=zrRg?Mi?>+9koPm(p+n^w1Z#1_k#F^h zyfjNUrO3sa+w2uMSyC~n02c$Vc!OtaYA#jq*R@vfS{YD5P79@Zs%++u00jdz(T3%f z&FlpVVelYklCu(1l{`b26LT`aX+$$gts4SRsv63%+{4p=6{5_I>}#P!u)0GWxKvOb zI%zxC!V23zOQOhT7YH;zWgOc7lQhD*#1BY@QQV@w~Wu_Rf{icJn6@i#k=v$bAg62Lmn({c)ibI>+soc$=aE_#gUOMnM!uc z*_~4s_5VQj7Sq#xXW?nWQ)DYt!Jq6vfA0i*EeO}Z{Wv9IkJ~~*7Sq#~&ZdzVA^OEK z4XQ1dHDTT!W3AoLbm#8h_R)k>;zVhSlVCdDL+>|Q+No#lpPd50C!Vki+)v2dP?EMs zq8UFhsX=yIOicn=L_C#SZUM0=MrM?RI&$4swl^M&)&`I zc2R|uS$L&-(Nfc*VzP;D-5uJ>FMvOdpD9KKYI*~n`YElw3oE@99NB&s8*RijTtNZX zoQ>3mVkr&@Qwl-#xhU66I+J<`d8!Pn1tY-m&#g~sOu##ftvLcwH6eBaw|5lqR zmA9C}CWgGaMt0uXC_Te_BR}T+k&%tEso$K08ggcxO?m3xF8485prB>FqA4iq(f?H5 zFx`YI@2=Bk$lu43X@Q?`CPE#d->cRkXjI>l(QZ0Hs>r}PWv%cAZ~HwDY<8O5CfV>l z+Z)ypA0JL|iz#Gyx%OG)gTyV(040URyM&4mB!0^<=Rli}cxY~v@D+;9{ zzYshXRSL}NO}vfm*NBQ%U$>XRDX=tn#aOna=}n6oJIVPTg8YTY_#tmOXSsP0YrDC= z8)tQ{AX=8|LOP*cg0Jpjba)&dU%~@@LU@C@bS-bvo zkfGcsKy~x(3AK3~Di5bmp;GfSH#kty%FsTKA-kJwb2$Rx5swbM-%t@$4&C@v91qhT zm+ZQcGJIw-xDbQVw+)xPyIZd12m{K4Zay3x?s%rOC_MT0|VL zZQyk$$d*xQ^T!5*LQeZiKLx1CeP=s7oWQkp=z3TwzC_#;9>^&&sp!`EH25lQecg_j>1c`MpaSy7&ItN33hLy8JC|Wb&VH~T*`ba6W z6&kH$kHY;#LkyZ_4TDt#9!3xDR1}Rrd2x9H$=H2mZS;U|c^HP$9@q&4%wh|v0d2~5 z5j$_UrMSwTI+&Um?g2DUA86sK?$&x|AuI$IkFyQ`~rXqEHw21`9ytqfbLG4_Q1Xdl@oC_!#ax!!i|><>qurXDIvAv7ECw{ z_)lvib|jMqVk7u)V1*TdDNk2D(~Y9{7^4xS!#EX^-S_;9P|$@_Kp!6Gd;-gcw=BSX z5A1G*!~263lY$jOZk<-Ps`WEb>#EkR;`=tjiE5Wq+3P`BhJ9u=)aJCM@=-V2ij`PF z&J5&9VNlTQ zF`#%;P|rijs?7IRVL%YI!-0rkCNM0ZC`@LXTd(JhHPv~_9U9tOygb*6h1rCK<+SH~cqUwrfhB9DVuO!82l81ZnW;3{s zZKGD1u3*WK%Ga5r+qr$Q=g#&onZ9Gp`QW%)03G9PBD03)?G#!Huq2p4Gfm}Uci5+t z*@8q`XqpoW?vZ z<+-97Cf#(3Q0PSGg=%K*mA_6a0z4OVv+B!65`fWg%!+ERpwbX+`OQ#oHtRq5f$yNh zoaL4jl$Rm&cd#o+P}9CLAaYzq(XSFVxzq6pnVHwgA$dPNeMS!7Pfz=Ynv@ECBmb)o za1;*kc!21GiCdnqj)V8pQ}tyjULISFYKD2*dY+tR zrygW^I>er~kO#6t#Xy)8`De`NRAEM^$A>@mYx~U3KXRh&e}-<)Rku; zHqEe)-LY&`vQ-D~eO-RN-(kRzVi?+b?}X6{oXKqvC+vGHp3-A4yEbUUu?4%nX&Ckr z!vI+$q6C>aTNzZW6MLAJ23TLFbm*Plc6l#FISjnmX{z}xsAC^CjzX{C?-hEg>AHkx zD_ZB8WSp)`p*VD9hx0yeSldCXCEf>F}a>QGwyVD^>#M8h+XLPn2g@e#^bpQuEwH1S8vGT-DHlxU5qam z37NbhAFr;-Xf`G|l5c6BjboPQ*<@#1=R32m+~ujk`4axp%ejAC+jb$V?;Xd^NV z1g5jAD*)5@5=`k}JhvM#9nBUW$(z~L1^Mvq>Vixb zrgvj9y12T&T#)H#at442CJHaR)sN3&ayFhXW>+5}i@@pC)FvJX-bkY8Fd=7b#YSP@K5*4AzfY@o((Op;)Uib=uq z-04W1r#l*-_XZd9Yc<%9d-+3!S?*OUWqp{aK3EqzH=E05^7_IoyM4?(e|>@3+7vkz zvJ%n<8iKV0>Vt#6j%S=oEP*iS3A`SVy}|ipuuq1BHfaIjLTk!nhOUA4MS=U0Ibhak z;_gk65n{F{-0hlPQ`-Mx`V^gm=n`7*% zIg_OjH#yTyNMARG&%n!mb-3pZ16_N)&!A!}{vp2r?pRcUdl{OvPsriE%d$80)zw3j z7kY4l2ldf@DQTnulyLSvxy+Hv0N+?H|F?30e6N*DN8*-Ek; zA|2E|_WFFknf_YSR2 z9~{K@=#4>pF}BtBT|7G$yz`NpV%$a;sOF$(&H`UjZ@hMoh0K})(NPj)I-0|QsU@?nn9VQtJS)=A^Thc4hz!Z8s7o!k zL+cg-Ka)M1s2=5&^GWP=@Mh~kSMCbW6%_`3`=OoYzHxEFvN#>z#vaolnP^w|PuYMf zZqPs?Vm2^XUBc6_Ilfw(LEb!hG4<{MPC;LO&-1ZN5x2574W zIO>I^HI>LSn^AGM5 zb~ws+QM63ZnA}XFA%c#tvWf3pI|h-1fdm}1{Vs~qV7{(~xOFP-7IO@vqjI)pWd@TB zVn9puQb6FeuiI_h!S?T>D0E3~`f=K;0AJ5>$sZF2HA!WzP8~7bys@VCXA^ zX8CsCUijFp^aC>W#S2q+erypOK3uvgQ_>)AJ3&l zZiY3JlP}BP{lgcydIv+atlc`TZM_*#f@EU zZNu=~QGUzhcjmZs3WGGvVGk4K8K^$)DGn2B^>9L}Nk(KZWvV@nnRlP>Kd}^%P0O`P zS_$@CJ)vErVP6rccAQS@oo?cHeQ%YGzyOP7fSYobK8cE_jlJEN1;$TYM$gObRY01} zCuFj3#{xWMA?;lDZ-i`FwBh%O5f=ulct9u_?9O7~-N9f%&VkaG+Oeqv0{gaMfV(TU zNp#u~wY?d?y{yye0fec9>@|T4fd^q2tligXaJm$0MM%UuSpgsfA=Lrz`51fIldyi@ z@@YPo8J6V(>D&?Ut|Lu1=gtj7uHld@B+b~cu2f8}F$qab-tbROJepFSZkU3$Ve2TG zv`65oDYv}bVtNN?+SXe8HVx?AIxy;?sC2#!VgPWO$E zPwo1EL0(@h2pNaGK!7_z*ho7?3}_pI*Si(09H;NI+e%ilJHj>0_!#GkCDU*OF#2>w zC1opa8s@hyHP72P>_k}quy+*!$zK7d|4>9nXEXhY?1zcdy<^y?*0Txx=>f zxRzq;QWb^njeS7}2^p2!`=*b_0~JnOy3`3E5M^Y^wxZ1ZYQj*MrUS_eL%EyMr??BN zI$!ZTXSR61_df;k$wu^i9j262b&4uS7mEWy3P3NPC**WP<=UXE{Q`$_No@g(du009 zMZT+E0ViqeL)K;%sbm>KTimB3z^33LUjw$C!=F${#tKwIpJBj!27bW~WM!sbNTB9U#Vr(IeSMK2Pv zpr0&VfL7S4-a-tcYP^v>D@3vyDqYe~G0E92GVm+LVoXySL~i=M!t637sx3vqEJf`* z2h{qrp+9WghA@Wu@bXqb3KLfeX0Q z1r%QKj$`CV<@=#XNm?r{3Uwd&{E#+E79!>BBNtZc(m2I79xm=LSwTdt6}Poss3ijyN!M6Yp{>sVrK)%$gW5!< z93PO3Zau~KI!V)=*+s5Y-AR$C;A_zngxSVO;#Q_7s9XLV7tkupM4Os&X zq;zm#t!(HkE|u;s35;phK+{c+e^=&$W?hBwmofj``6dMR3{jGexC_b#A)jRyn?%v8 z#IMrD%6Ia!`HX8_i0t0roz$L)hD}n4oy2Yptf{t-+SLf|V_SOA;FoYMC_K1ef253d zwX%~|ZfEkzZZ^^;Hyr`-3poxOauXz`JlgLlNV@iywqWAARrg>D+^Jxv2_~?iG7E&d zc8;62?d*Kw4sk*zMZq$Tx|JsXT|=#VHroT<+```^eq>vEmU|NNwmR;~ zq!N?)Xfc_;8J#Y!W*^DFT#xYS;}uwJt{0aKxJd&OjA#bzCWA@H{OV#%=8Mq+=l7TE z*<^k;ImIbDzrFMGs}JCPW&w(w?E)rPY)t0pDmQw4^*(&@V)PL^oleiegV60)LME5! zZa98FzFfp)etr6GcXJWSlS^`TJp*q&=ac6bJsr;`S7%9(M+e@9@kVbJ;~9?Pnmru? zP0nU;q(TlA3OzOvyRi|j`~7HUT^C`|W^nw{S-kln{2ON$&I|TyGAHvfzVHp% z^XoUL=r?`751TigUA>>2jnByZ>U@0uk-YwhX&+6uu7c8d7W8}l+IO8Ck-eb5*g${$ zemskDtsah(*B4)#H>YMlX3j}=c4l2RPp{6#X27fYIA~-ih8Sm>^j3cAoF$i+DZ$B3 zN3+q}*=YKXoL!CQu(_Al=jW3*AMKo)L;3oA^46l!_2n7hW6O;W+0cN_1bqPvs$M#Qz)UyDgUZWRP7zcMf*{aj1p@t9$r^oO$b8$pP1f_W5tN)Ht{jR& zz;>AZ6HNxY?EB%qPk`=OL?=dB=PbwYb&RU*JRnds)2av*MEf`qjTaTVbb3joN$O+$ ziXiVwn9I+pR~1WZ$@MlStb`PaAh_1f+X*E6f-AR+u!;cQp@uo%4xQN?=4{&Td#5Su zsAPFdn@zm4eCNWfv@pVyA5J~Gg~IWHL*+%6ho;n$&Rt$^Bbb|Iwc<%kyFk;6 zOnhr!!<45&=~lvMV3IralX#id)_ujM&-8Kn;Xy16#kpav`Z-o0b6Hy;-@ojnj@{`9 zwE?@?CS9dEs70~bNkfYD?2;%tJV=5-HPqC>eo8s@< znFtiK4U6=FJ0aFg;&M1Mdw9zHGm--4uH8dkgN7E#tF}Q!Y-+)I* zvJ@EyRn`x++=g(<7}cA78wCKh-C)N;!x|7wTCRaa?AqO|kD<%b4j75?5q<`ZE3323 z?(rS3iokvmSU2novFqcG<+qF!qSPDpwflAdVFQmhk-!~ehjCT0&7LLRTd3exw;VVO zStmc-{6;4P;e|}Ps~dfU6}VR0p$htm7j+S2E_8er=r$hd2}p#kI>&E2rT_7;AN3yg z36|t{haFku%PVp^nVnu=%on4}QzLxLk&aFlb00=^Hhw=oznTKyKMVN#^U3J-`55Kr z%a1OU>dlpr>OhD$5+|9wA(P8DSF?+;i`kmY$no zr$*YCkN@R*e7Ts6&Rx^*$khyeg0JQav+y?)BWJ$8o=+|zMs8--ay^d8+pDXy50mqA z=-kLKr<3W($jG|P>Q)R zR54j77x@e3l@={<9vk-FFhnnF(xd{XgOvh<@-I#GE_<8WLk#ZjP8sP_C1dd&RE?w3 zpZ4f3v7#WkV@pWx3Tr4>yL0j?xZAxa8@mH1kQ z%JX}ybDbig?Y-IYlL_>rHcfkndiB-5$N2y;@(JCc&rG)?Q4{D#pzhC@a%QVWq2Os;9g9UBXTKZl%GkajN+@?a>y zyxVXgEkU?l(B8Y(a=0tg<`^^uD|hfe4oikOzNlfS$J@0#iRBgXEp;pgg$lNgTE%b2GM=DAqc3T%AQqZz= zSz-%b@&ZKDj4N4JE_q@Yn7ue z;{!uXfbEkUq%j_3O>4p5Yj$HaKl7k^8G=rKW@#KTuW3~;v zDl6*hgrh74T8e;=^rC1JNZ9f<3sn_Z1`!tmnt-GIcH!#w?>*^6!EL9OL6yVy8zH6l z8iJ0WwD(SIB8_;H(l}#iLvjxKw%DB;E8Iha6GsUN6a3q%F87z&RuIW}9 z_iY?F8waYqK8Yl8V>e;14tzUf?hSh8Jiyv`K04aG-AYyx+Gq1E_%tZi6uIrVB(xn) zF0U37!}G3q&i2%P(kjKWV>0U$B_=5r2iaXn-=IB916$zzKcmjp1!kz-VW=X53o!A+ zMG$rY#kmG}^*5@#M(GNHg+8E?kq5eIZmRoZsazbBO@ZmorB8s;ob!hU+6e;Yswu6i zgK}76MKZRm*XvGTDf&C4jhhvmjV|00%L_CG0s}2=!w3d(+Muwx$F-tyLO485T!=3S zG?zke?8V;Y%z<}QR`*ABt%ck=eiU^$sxHveiR!?x4ho&jyMiE}?z9pKNJ&Pz@Yip< zFso=?1zvJT)t_l<-Mtn13T=2*Irb=HIY$*{z$w?2i=y_wT5{wk(3CtHVo`I@Z=_U8 zh@0JUlmSYgp&zxstd`rIc!LB)HS3$((!1-O(1H!ip+_j2d`oi<0IW-9&U(sR^+p!( zV!p>dXZuD50OcKYf(k*{)}$TX*Nf~s z)oAOILv4}>Bs6{ks0Ifg{%K&XI$LmMI3Z-5~Pxc(+B#5TaKC0jwB zc74UIuAu_U}K-z_K`oYSJTvav1 zn`K-zDTQOKpa3%qlXANOLSw;BxWzglJDICPzq&6`k++@eAUR4I`pR0d1f&B>a<-;9 zLETB*DSnE?)CokWj_z0>+KS!|aRD@y9cC0# zo5K?0AYU?0&-yS2VLbLK>QuYL<~gk(4aO!Rmlj5zIFv#dbK!)0JD$D|DU9o7qY9DH?;eHZG2nT%oSpBz6B{GZ;H_b zD^8;52Qa3C(cfmY>tbx&IVrI9Sba^D*8My*r=Uf%9msW`S9V{O&)p6iCE$s3G7nP; zf}^B$ZQOBMZLH+2EC7xFquEEhiQkaDdwja>zJ2G+)$CKnBxhhmgVUahqF`m#q&06G z=s8mmt8WED@AxW-qPI{bxf_1GCFX)#OaJjo&$Tcnbk9G=sDa~`1 zVPWT;`*g7HWNo3L7`41%I&Lw_uG?vo*1xZ(hFJ=fC2((A_mRft7kH@jc?8qcXJ#}k zbCWN#e_SEkAs6O$hb;AB6ipQ6c*BJOLq=!;+e#fCAG3g>>}Uo%VIQ5klB(euyojtAenCL0Y2Y^K}al`Spf^f=g7XG5yx0G<-T36A=BEh9u=lY$eF7TXDeM^ z+Bre3mD1@LPAxamgebQ8>N(BfihC4`J-@Q?P>?G zl~RA<#wIq!=Y46d(E7E5(N+o4xGx1s2w5)f`pe<;<%VKd4Aaow%r-Mr%BG4kkm)>Z zQVSTUrW;zWeeFcmvYJ^^R+p|3QVS>c5iG@utLMrQTvXWM)YVB8{fS)Exi;A0K^%-> zjy+5(Zmdqv$zJQU!nom%?|)~y9TiOSl&X8WMdB2Mj2kfEi;7b+rI<7Eb6&=zF@GZC z+EB@uT<|Q*85vV$&+=$xX7o9ICQ9hR53F6b*S2av|=EA6<~;d+nGT( zVMH6lab{}wWWaeiiK5ZPcs4m5&7)}VaNjU#r?jLQJ!vR(qwT!qRvx`7HI-a^7e#wV z`=-GK`@~a$FRfSx>FGj1%or9iH-BSW^X~D!>%3LNHzuQUUGqGr=9}j0nm&6?<+9Gq z16eO=OkPW_xq@?H!ea8a-qMoBWKMah$zQp) zGWaFC<;p!iuT$>ZTu>@CvldZ&^xlBN<+I)}+q+>NPIm4#Se5zXlHHMyLf*vf^%_t- z2T;6cCHt{vIo<8#waED`m7JC>VEQ+{i=xqdG9uFvIG;z+-V5mRlomz=Kp)C;Dt_Vo zUP5Q1T4_mh-ZMYji8SMNiM>Cl21x;yf z{%Q{wG_<)c!)njB2HVz9=YKFC%?5_5?R^6yEGWODWxF$c_FWW>uV+`&aZD~IXJ_YQ zG9JwrHeln8IUrHA_btL8U(%8TCKe38{K({z@*ij!lh-V#vQ{y9EmXDw16SrG9lOI%e%T^TDds^01*SLirXr6N< zeQ#=Amz_iX2DFc`k%zF6W2JHAbE#CoA^E>hZ8l?eN6QQ-z90)>)5F>%Wz0OTGfqa5 z;&I_jN=nX|Fy~<|3PTgk*(ra-jl5oCZ560f)5#``NT*O?J1J}{-pYg*ns zdrN<$G5Kh?nV9^WMKUv+f8)iHF7H?y)Z=muphhlg?+`E5xv2HV9-Ek4(t<-b=S&H` z5%wm#qd#)bi;FdUQYQfw}ZhN z{!%N=k)55>^8aV=&7a#il6>*`84>e8R6z5-CjEdWNJ_GewH*P0kc1f?Sc0^lcVa^< zbQg#=8(o+_NMR)X@877*I{UyyN}in+-rF$+)RA>%W##qBLVC-MAU5!G8t_E+1T}xp zgIjd8{Lehh5OWZdzzRMO?j5C7AbZsI6$4S^MM+?m^QxfF^{=E4Ztt(9Jbe;kAh;37 zMl8v(2}v9}WQLPGrjg#pzvn>+6CKC~P#-cEVhBro8gL_nT_^c%PM6)P(;!y{YH7d#S|oH%r}*kYe1)Tik-G8jr3g^du2$52du30W*I3t5Ql4da+4 zZ84eq|Fh*13Xui>a`H(`g?RF%<&-K8G7=2b5?Q_q9ZxKDs2nAD!Y%P`2YKUdcsr9z z7slkTd`9D#rIS3l{SPC@yh#}InL6m|*3n14m(5s=bRgp%rU_+Hkquq3i1hBm`}SYy zbc&A?WW&RZMkQ`{CWwSWlFjlY%Wr9^)zdJYa4d-2bG)EoTxyL5Nod3~`4Y{OJ0?3G ziY+n8Bh6Ig9fh_balrtZwnPL0pGrQ}wOS>44ckUZ?U?kENth*cwV)=BR}d(lz?eN0 zgtB9@XSK77OeQ@5%Kk9Lj%0p)Os}tV^skW-T`*lI_qJtwm_$rk3&iLnsp3n(;mi*H z?3Pq1N;8J4lolDr0X~ETiyzIx2wa?$koiljiqe_9TL!k6W7=5cJK561P!uUAt0ZHX-c~1RN;7aw z0Jv|KAi9#uxQu--3HJdHSQcea|BG@mG_d5-NB7~jC>V&nRldOD$j%Q%G$DuevN)5m6b zzJ#XIxfjL8HR-AKwF6s$hCxlkWmXErXY`KAU=HyvX5sIO9~OgN`rt&#wr9yacJecO z#LA8)#2e``Wm;_EVpI19)2A9;XSL#A=}BzPZ`lj96G5WZO$|`z^Z@^bTMpkFDm;Ar z4`Xplb9fSU8;!3nk+m+7U&&VI_0^mEO@LL-807UY+o%ncpiec#!0Rx>_t< zTxetp*xYgN6%A;tzDgN6rzsXUJ@bS#U-iz18_TBd*tZo@>i(WwNR>d{7F*F`>n5t^=V-wA zYVLQ<{kVd4Cadx_XWdysF1inSq@+a~N+cn19)T!Pr}t1&6f^n?`%(~O_Id1wQRsM? zR%$XLrN)qjl#NBp`~4XO#;ffKWKaGVI^ReBkuX-nE2}TQR9<~GLcMjD7K|7MwUa}R z1aPmCFQzgx)vd{sfZYYmx1!rvrMjbh_dzg-`wqC8u>_>y7Fpy;np2suL8}vA{O~;y zuQ%C|97BxJnd0RJ2DOpWx3wHzXnW5Kww#rnhwYwTkiElwG7WF@gpu!5mwgqVN#=Cf zA~Th~FpSeI%<{~gE=Ubf)Gj-wTM%$1>ZN{VyZ{EV#x0`exa_X}3*)jVR@^;rS(JwH zUD#5N71(h{N!wKel>11`n~hsNpDT=vx&)l=IYqB zmjj^i9j@@~ENR16#`@?E_q&b84!O7%vt=6kG$J#KY5liK$pud&mD~pad{p8yY3Fca zm{-oou@`i|NTjQ_C7`3WijKGicX&Q^T^=P+jO4o1q|wt)+N$u^6``+d<{<1oc}&`> zC+1Vct5t@pNvXOfXCYC0d#muY>aDsuO09l_?ij%4uAgl$Q%gASHX8F)5S*e+i!?`y z*b|!3CWaYE#4i(0?54Z4t!ZN2+|-;wcpnBijmVq^%*uT_SyntXT9{!LXoy+lChxS` zl21tW{hG@PnZ9LNG85+!*#%I&&?g;`}0Jw?tfaCK9ofL_@W&2}4J!C(s(Pj4U##FeGz^;R|~F)$|na zfs7+iM2Sv~@x%aUZ35|P%BFW0d`eygf{tLH^lC6yRbB*Vf{S3B;^1i!I1n5ufXqgC z+{Cts*@JFM+6S&v=2!)6NFR5E&@yCgnLwhlK!NOuzveWiw_sl~lh9HrhP7f^&S6+o z@hmVKAC}wXv_H_a;w(MiCq2yLe2IguI7eEj(#L&Ce2zFg)|RSe_;NZ?A%&fZyJODc zVBJo)`wr(5upF7bTy!xTg%VRgC%FGn@dS!Y(Xxz@)rscI``PqbK_sqcjw$eb7T)8V z%mO-5smhI}&p}#C+Vg$U<{s2WF+s?Q+6As zk(Jd{iI^#I@hHsl{r<@b*E#aS+rJ$!Zc9|+|jH|*XamWu6kRn>WOaNCgQ9MF$#U^HrYvhucdl{M&!Qk2trVv-_84v&w% zS8uTqOY(bAh{~9RKo^8Ix#6rU0zag;gMFfD1rrFm|?2omd;; z7YZ3aZFC^9mH&}rS~`pqndFMA>6Jj&2c4x4_f;`tVLjW|Z2q{YH-Rj47}XA{tLu~{ zLYT#P6&8?7^nYk$&f_4r%mEId2dV&6Eh)yl8TZKWij4gk3-XAO?>ahJhLt$>)tQ}W zu3qIM?p{gywBT4IE)~qih*~^glc3njAd*9-3NfaKZ9G~$*DJYFSKYfFUtRW2hbvB^ zy4p?J3!{(D9=P>8pO%kiSHr>In$;3pu>#gy!dS zXz+WUYU4t3%M9X&O9U(~yC&OCcu#WC+O6LfXEkkthj809#urjH+ozhKA37 z#T8Q)MJ@7=JY*S2=}ZD;2^o&jgn*}#?jB7vG?9QocOhuxAdobSmKL_Jcmc{gxkUnT zPO{J!t;~3yvKfy8l|>sf<1Vy}8iO>dMsJH@O4>5EI`ss4dvX4T{7wANxOdqiXT5&! z8vpE_pOCBG@YmjXqtQ$4H-OGqWI$F`S_=IFOJ!0E>L#^FAgM*#(kWfC8ASHtYsX=m z7VfZU@PQ`*X-Y$O6VvRo_jJAxbKK0TBAww83nnlcSx92kq*}^My0a#bUfs}U32!hr zx6WdtFJ*n|x;hBQ$r92fP3PZD?KN(t4r%JYo9dA*uLd`djvv9}WzS>;@(%a4GqK7Y z(!@W!W}`7YKN&vWFr3-A{MgJPX5!Ql*sie{4Zbcq)b?2(H#PMty{f}KAer<^6EHd2 zm$m|9UQ*aiNQmVL0fKCp&cRw7yL`NESa3zZ$C zsDg!3X@+*Vh|yG`yBEFh>-zEF1YevF#^Mwod&iJk4kJB`XWBYF7U;|Dv+1NjG%id| za&fAZ0!J@jR(L-%yd(k7Cz%7YRO9Rv#$gu1<6dLGt7wKiEd)la zaBI?;6UA8NsInwa#UtvhciQ`HEE#t#z*%eooL%WVR6>U}F?3jrvEv<0!~_H^V(8y` zKKPaV*PwUWJ3rY@G+!lk7a^n`BX~<$@l8(QDrYH(jfX${a9k~O<3(=313)PiIPd{z zcwX6bK}%I;GAQL4&kTh(0QdueI=Q zR3b9rqa%cFLCxw}D{BR-HbNntOR2aX@n~={Ivsp7CYOWJ^{dlipIp2q{kOyOUZe5c zBYiZxtr&byoKhO!K{l8QBVD#KR?noQ;YrL&a17|6rJLh8{9Bj|nQj4>JD6b$6n;3qFyiMj<*5iMSAQN^Q zjj_9JCGRSL_kwOx16IaCC90)W%gVET*pYr_wKk;|p;F=nL!(qDQRDAWbxQ$1jn!k; zVXQL$?%pN(@J%gfnvkXYaI7Fm2n8_5Of`_G$UR=t+#Vs!;@_{E& z@DK*LtnQkirseHGF6MABCV=QVd_5eTkXM7#i(ea!q0cZJ<}_sfEMsw+u`q6tbDliV zWs8g-!t9?c!7`XUMdI@7m#bbErQd){bw*RdVhXbpaUU46zSMsdo|K<9!4}# zoNsVV<~#r=l5PB^nN*6L2zf%n^0dMKv?zZ#9uTaU1lz)n3#_ID+0E?99axR=4orpu?h&mdKL@_z( zg^WR(p~Aw{N;+!{3A<-;&Ty+4j6ciE8w^dl`+aoBD$zdD?mTVFrMqr|wDX_XIxFWv zs(YnB7WmYR%qi$;J5d|ovijdF&FCZw)0ts4#mc}-jJdRLd^^Q{wY-S5>Bn$I9mbO& zs!q(~_TbtiENT_VDcV}oe8G}?)L2P2sL0||qc($8Q9`%u6QnzhZK|^>CJa&+AY4a~ z+fkAR#R@kBOh>{pF1;m-6Z8LVI4y0m7w(sABEY$dMi$$(IgBMZStxen9P&BdN*e;a z#x#b;;9BOX3hx>D;l;u8mj{DB*^@Rrcg~FJELF}W3J5`mv!!SpElx0Odl^WRh-WUp z*VYSAfrwJ*(o`hssM9$*c=0`u<)|ap_gJy)lG7{icC!e+y9nr>whsU;dttc0Vha`) z;sES3W-S&J+(qj*xSQx<^+r{rG97@8r*;@dGwZZtbMH0#+(Id|jZTRJxrn=+PsMI$ zh#CGS;rW8Jw}Og;_|Q3z?^=dtqV+gqP7^Wb#z|=0J->C9K`6GkJZY zQ#km{Do>4-JXC6J&A=hrSt3hLZI46~+*Hsos^SJ%j>aYB1f(HAq&d|{HO8FM!Ij+Q zfV{QP*-{)3eXO{L_9jbtf7?FNc#IJ`NHkz3r4m4o?1@n{$69kX!l5?zRR+EZtcQ|D zRxgBxmzXn@F(giqUKOxKgeEsuv0KEFl}04-$g#Z4X%wy72B_LFUg9VJF6O4 za~zb^(qN>k`IV!QwjD4ZK}*Y4@yRfMIZxsQg(z)nE!&>TrG?)ha{=Xus0NA(0EHBl z!Zgk8D)4Wtq0oIZzF#fbnB7U`lSsQ>0~QuM{>6(Pc(Bv=jNqpX5>~U81CMszFp8BO zca$gHp@u#2az9%AT6a`j)i&3&!Dat#@BFIwYIr)l`mIIAy{qB)b+3PQarqnh&+DG} zc2}*k`@;%1P_1<_rb`F!YpN~1w)QFdwqi>DX$8F{kx4 zDHBs?23u{gZ^`WijVCP9X>?ee%~%FeX6V$>Z8VyeB6*s}0iA=2SUL%{tVL{zrE@V1 zTV{Ofh+;f)BGZ=bH@(&B;q&$C@S+C1N^!kHPyK3e`et~2)*`Pjd*}T@iwv)Nr@x`o z%<1+28=SqmxW0U|)j_J(HE$ACAhwd&H@Gs{(up#t@GG1E&|5%3gpKG!ck?5I#}+#( zcyB;vA#_q!g8l8Scn)R8(N|5b;0F=7OjUaK>WQ~@BL)bm2U7Jh*(g1j;4PTQ=m zl-B2AD?6S+&_SH))xd}rF#c2wQeG>dkAn**T58u3G2)nnbMUv$P%4#sv0@&?d#f-P z@L04bV=tU4$2^)5U^?JDqa6ptXeBPM)?-WOPWBHga9UZ%M1zk1suR654c|+6IaQ%W zPiYa-a7oTDNPl?QzdjpZ3DzLhy%-HH$K-U_dv!V>uT8Aj;FrNU8NMdN^Vb)bXM+=2 zWOzwN7vu2|MFI%hI=vW=$;IoI==7v_)_XG`R~IdE(!1(Gyw>o%4=U>3X^Ra0-{5R? z+PnNs6dsOZ(QEvZypzZHjCuWE=B< zVMR7kuzIEBfkhE!RNutbx!UgaW^j4dJO6EC#}nhXgTnrV-G*^2RbXS|BrZi%ZI>Cb zB;*k7?J%l>-#VX~U=bHGS%<$CeN4Twux`jWvPJd6&23`})p(FvR zKo`j3lY@NTS3yg#Iu*rvMkbquvI;~EpLs*`0^^AY4oO5`zlZ<1@H|`$x zNYBcdD&LLDtt{iWOlEtA7`PCp1|}t($6AWV4v@WO(lwQC_6ZQ>x(WM{N;lffq82Rr`9k ztP2ZbUmgFb>e#QcvwVH_vdSTa-A3an^O!wFt};Cldv&p5uHRU#z5pzDT@voEzug4U z;eIjfVs+XwBOC68vGTPSXKa6~WM#w4fpR}yrS~l3|I{Q|u)XUri>XxlqLTo+k6^f% zoKtVIrg_`V|zJ@9AG&zk!!A`>)A za;zXUc)2PWMyv~l)3q!itzdFW7`!YdOXKal#>RyqD7w2s#NNh}pvGhEsFuD0={*kv zrS1fudV^nn{DYcs)x^Hp3GhCYQTu-zp1(P{IBPVHJd3xCA@xh1)OrWnd*qyFGb!X1 zV&gEGGkB@NF$3o@5To9!^P#-PQPFLy!KMk#cXwl~P(l~-YceZdvx`XvDm|rSkrtt( zd4l(Olgt^7F}9nEEePxs*%Ma~AdqOv2$BYXL75H98a5Tcq^zwVfY^~kbDBx%i^jHA z&AHyzq%$;J@L|TR{7zaD6zj;7%$1!^zPRjkqGhLTYy&6%TDAdl`NWdHRDL{l=9^XO z=y++bhY>bWOhZpu0l1wKSIXC|>KDr1;lBGy*^_77idzn2 z>GA||2C=^c1@GR`J~=#k@qcu%+GlvzRK8?ZMGBI0o{43JC^sb?Ymb^%)k18U26)Gy z&~-Ufr6;{LQ}~F`_vI?pZn&`(DwXk9f?DyH?}TKy5f(ZSqc+%Lh0V(M#9K+QD$Mr> z>;lkVQ1=1(fv143pd4sg%2Tri-qqp^wJ_Ui7W&}=_+Coy0sErS_^-pG7wzNY&SCrT zIoa!ccW~4>JlrRL+W8Ys=IvlY+my2QBH_Wo<)C+RHt^=b?rj!7old9o-HR9S-%h9F z{`c_k#nDmcPlv}Zj$b@~d3^l*=ue%);}=JrKatMUkx>81(~Ks6>O8uy;^6*=e4dG; z)INFDYxjDC_UQ8B1T2uoL8O;wT>6FdtnB)O_%@6g+3PJ9^6&jdFrkt{?Xnjw zVP-B_%Jal$LP81CELoaDjc={Bu)c0waqUT{5MEWgElj9|^w`h{#6&l*&NzuW25QnJH8nFO+?b-lhp7zw-%R zJ*9#z(I?X=ctB>JW_%w0lNIJ(_OCXp%H<;+n$akp0EkX3|B%2Ma%NKICk(Ty-m*+( zRt*qoPi{nOZgnkdqws~+meZIF<6HI2z2rhH-@90_csvWI88|*B@TK&?nodJsiBZm+ zihVmu80_gZ%vg#m`FGtGIra_@|9fwiWs9_Xa1d}m_4tCtsrb?J`TRg8Az?{d9ijtK z=iq@wKA*FLFb>#zZ5!bA>1bszYSyZqb8w!eR=vbY3JleadX9V&VE)k8b==K!?Q%( zAqfX5cn>0*7Sw0vDIg9V4tOoez)YciMNrHh+N$v%b>lx1U9NHLkul`wfH!0)p4QJj za>XT2l|F0^>uLd)YL)nvibV!<1k+s?9D7+5Cd(8U74^Il@ngP6jPZHBw+8EzCnR$=L^{LXkl=g zYJpU_>bS{D!G!ciqmx&Pp`kM}sz=ihqD5RmM)Y9KmesedTE)A6PGi)MNQ_yr$>c4g zbrIs|mgJOfqj7U{v!wH=K?q%hzaVyUm)svV2;@oYk}-7BAY{%mDyZthxWsyQ^)_rL zvPIk)?Nn9DmJ8M;7Yq82T!;l}CT8_Sw~}z4jU>P9k|wauP7*ZnM@9p2H+4x<{K*pY zwN(dyT0F=~4@sCYSquJ7tnaOA_#0G%Eo=7LqbG$jIsUevumIHo>!+eOcz4pf>b>fX z2k%C|o^;8NzwtaFy@A=c>Sp=5RN;C&xU8ySUo3=Nj0We!lXv~o;o$u0-SDJKnm=9) zPx@qd0$kQQZz%+h!dUz$WO3FGgP)rft&9i#%fXdyNs+j|J)9!h=6En34=>J5Ym@MH z66Ngh=s4vOB$7q`;1=&+T>Nb~cz51A8+1uCmT3S(xfL!4C&Tf(QExo{_2TkGZ7-gv zCBI(ir`(K;7L zOLbc(g~^9>vakXMHbhs2;6AYmq65i<=XsPtZYXE~mQ=H1a5I*dFvu&Ab1LE!8hKEB zlt3k!@tqQH<>HuqY5*XBA&C==@m4gmcQf!M*`8=z zoD})^!COUJ2K0F-G=a|-Yu~A+R0F^X#TD}M`6hBCN|Db9^Jkp2W9voJ{ZZdq*nP-zbL0)Pwzf1L3n3E5EqiRGqq_O11l#ko$UUK`qY8Z@*_+^W z@|Sj7Fq5_*7i39> zQP7%`fC^5cGKCoY9JyiH1TEHpqgrv_TqQJ4L4kKlmn<=$TYFch<9*qUehDdv2Iqxn z$pN;0GzQO5>opH6s#Q~R%L3L3Kn~979U~H6iaBEyBM5I}<$4O4`dC2vRuL0FxYzIP zoBc1ISAV~;H90p0t(2qXaWp#!dLWgRKva1l!~|>k99jB!d`dFTqqK;6C)0Hx45ZU7 zXfxiZo+!x8q~8M-18EcL{Ft(6+LrSHv8tf{hQA8GLJQTxuIOI%e)m1>$NNJXEoRh6 z!9!@gMhdq2X@{y{x?nyQ5F3*Za%L(voKMwUJcDEBQ+rKdsmv;b3S!hGG?JC;mjSr*QDJ7vHj^5D zEk(I<`4D_IRNkX=9spRpV^dB8wpCK{DhctVCFT&Fl(cp(Qz#EL_mct1ib z??fx_!o|-XmPdIuh*ME8MY7v#%RfW=CyV8tRW8@!^r%z@o@z_)7OWdCdMe?T?yk^R zQ-6OUIE(r|{aL={j|=C{5;??ylY6=P+GrT(fWQPsTnX&U(Jdjojk!#?JEiv+o$PoApy77`_l(4VOv&@- z#~u=({G3~m!Lh1Sbxj#F8DL}-P;T#4G7%sQmR$9xu!Sl9rt$|JcRHO8#(f=q_wqZ> zydqP`It95@;I=Gs0bqzYE~8j6qPJiG@OG@#{({}xGEoCR(3}8TuHylV1)AvEi7aIf zzS!(t@?*fHRA$O5wvMV>F$?OLW;D5FnV8-#ftLz=pGB!E5XShP8w9t^%0xc`>rR(k zGW1lLE@51u37W@Xx0CrD(1)_5=y>C8nvMoB&@|t)S3e z?eZ0Gsa>eH-@-4jJ*6^3>|#a(#j6Xw7==cv49ltwn-)+3)0Bw$5Z`;gVDYeAma=Sf z4VmpwuufAZ`UDv$$*NRkS(FNDe)0}%;*2YT7$3;M;O1n%+k%RwJu-+h<)JUjY7W96 zpd95w6H{iL46&O_FELNaG4e@^)WGt{<7!Q`iybeoA2?W+7ldaF@DBfme~c{|4h?&{ zYfC`<*{*UWXgLkj%rw-ln41Q%&GhPR2iHPcoQWcT0+q3@QhCR+InNk5K`2<7EaA>z z3E6`V_SFrq?tgHlOPF;0Hf;6KBbI>D1xeG_yC-dx zUY@eSdsNGg1*g3cJohF`a(3g1SIuxL$L`?ygPPOuTNW!w9&LYBjMp`S-jHd?BJ*pN zsrp7Ue{rdReM*MegfaR1hOP_$z4y$NZ0nM3rzCi+?W0do!IMS~RgT@&SHm{DIvuyn zedzKh+_S0VPv4TU@-&jIS?3hmqL4zPeHZhG7<8hWRV(sw{pJO3V0&Gv7O#cGLH@}S zP>+MM+bCo0_IX0IdsLa+7`1Ck2@KW_!}kmADB{9c>*{-PU~L&&113&Ud9MoAY_k_& z9b#6l*=W)i~XMG+EK_L{p^3qE5i;tm&*l-ABvZ5YP_4gZt$!clm!^zy6 zg#SG77k5ISZl}J#56O!r;;C@Y5=?@q{l`$$(NjCcl8A<0#5+!?;VPG)h^q)Ns_V`Q@Bt4?MZ6 z`E@irsr!W|Sz7ViC<*Vwh~2WFue?!Kl^UczjpPfsREh-2QV-~ZeF^>xJFV8R>dEKjq` zJnp6X`vf3~yVgEwlR16gB`;sRIDTP$O~_oVvpPu$qrpWSEiXCGUWXA&mubf4E~!fU zbCU3dGwO!wsdsv+$_lFB5mra?IgdqW#w;Vm<59xJW5Q|@jpzq*I(6yOFwWo017GX{ zn(xI+RXAVBto1a4SxmQ|#+pfVrcinc8`6Ch^kNO>A%37q&>Ic)cWl1MmM3ANzc9|n zxGVb+4d>=p^nqr9{>IV>6S7D`u#$I)CB?#JkN2Iv$%97YHSm0?yEU$6C?-Y}UydL% z4=q_}rlHAGKuJ9%a@Iq zRo~hD$tI3oyj;-)^z2vktg2z0Au#gnVagqXn&AKGJUUJX_>hI|viv9f|o@EKeBbwAqIl z?qLR8E80_|Kv)hH8>&^6G8NP6wlBq=k<*2myI;fucUfk1J&n)o1l5MAcqjrsl5qxi z?rrf0a-trXe#!V#?EfdPCVAV^71lhP^MlomC6 z;)TBur!#hWYU5biil{$Bmlu=?&|`OSkI7fLoG6*xR62|Uowgnq{7Nm9Y3q)HvPypj zH#|mxw$_fs(lH@>_F*9K94ibGADa`HOY);C^>ca9&pq-6^3>ia+2u!VW`u(Rg2yD` z58~y&CoN7=D5*52f(v9tYuz7}3Haw5-B4Xis_4Flk;Bi(bsSdR<5!&I>K9Buq7SdV z<4nN!`uHr^w6Ymz(=PJlR&HJuz(I7*$Q2ioWk-SI)6%zCd5N=a$5Y@9vUq_xIDruf zoAY~y83xLfD^mtdQ|^bbN%gjq$|_BjV<`nS8dU_K8@EjBM0m28(b!33V41jVeybc~ zJxr#h4Yv<7276Hzrusfd7hxH!FZPoHUNZwI1z&1s0tIwhF91j;4+UK&s0e^OON_>1 zAM1gZ<2|bvYH{zAcBI<+$t*GEd2sRq6e2q^#9GsGmX^aH!HyBStn@>fg-WFWFr>&q zdXdh?6H4G#^%QE6JcjI3*^Di9n5JDH($FM~u=k57^usJ#>KpX=S8Sn%@-9R?wt`t)r3zBA$ zE!D&M*yVG|X)rXCE zA^wQMNkZW@x6{X_Gv@I~r<6J4L5WWDE5M`53@x~W6-xm9lvk*D1K-{}n!;khSD{5~ zChdqcWss@wVkg2J%6w|OUR3m;DeL#v((|O01#$X{rmTiA^3lG)PWYULF%e~n)Y$Bu zoR9a>wFh?L8gg&ad*4%D(BPH&_*K^#4S90Kd2|FAgKjp?+U?P6*tLWIoPP*26% zo2ri{4tAJ#$CjdtVH{>!R=vRL*uZiJXF+iiz-!(GS;a`gC# z&F85n{R6I+i_-S^=(u*GX7)yjmNzYO)5molj&2~4+KtR~bMqt<3kgl6^jmqN1aVAS z`q9Z?{RVw9%EZ-Jvj9jL_*Cpc=4;Hk8s0O!m(g2N&7+#%{imX=Pv_xDsXV`c_c}3p@p%J!d_Ym-1&Lt+c?_vX;sG z;)_fdi-GdUsbDRR^81hCEr!NQ4&%_c1&eu7$|^aGL)n*QF@`ev-l$}M9|54;Uabh4?pZs)c8nlUQ`N# zm4qUSfhJK+#asSB_%vfNq{WxSBCIl|c~&u16KUm8&)qO3haFYHBWGa@NKDd`G$n@~ zOmyeTW;zS!jOUpmj0K0wN%p*O#aFzWqw^hbviB6?|f1utvq$@8H?t>^GQ3HY(NYT z1HVL0iI|H8i-#wqk01hM?_zk;-&e_gP@bxwP0v(5PwlcWW507lUfn$Te7>NWOekMi zzY>jlmYiC(>nTYqbh7>lT21RBk0Ojmy0N<$anl7|1(CiW_7B|$qp z66$E0)Au$#*#4QsF5R3aMc4K+bsb^(y^ynLU{UvxT>k<E(5w z`ZH!0P)*h;qiIGiA+>U}B-bem$lmGY^*-@Mg^lJBrm*vLlV}m#yJbqGR|H>POVY$m zzQL}030Me^B`!}HIyL?EJ93GZ2AJ^HTr?X5(4lfegIiVCn?Z5O**e+sm%&}-WF zr5$wmB~)J(lt%pal-;w)i%T{%@)1&KBX$9#RRmYI%4lNg-K10_)PM98YQm&L%FPyp zJ+O)PV{xk8Z2uN1kR{#6RMZGciynr$+#|H%TpTnA)-+v6}}5c|T?jJ)Q_tzb5L{qg1NeZ_$4$Uc4=Nl%hZ^K7;O*>N!| zZi&c`2&6whgNHDOVsW(x02w)qooD@wV!;dD+zz1{amIUBJn;K@lUwD%fqU##5hy zVHF>=!Hs?d!5qHjN%&9Ebwoxy030zt+PZ`rCXNmiz5~Vaxg>E0F@G~c7Aqn+NdK;T{0y>M4VW| zV=DKTrTcr7w6UHn>#oC_Z9B?#m*7^ARuUrQyOsqocN@~SyQr`UX=dIGaZ)zegg){} zNv!N$tO6E%Ru&6V49>EA6J_9j1qdQ}v>33GwmfAg%b3nXf0Xe15U{}FTbtAXf7Y0k z;^r-rsiQcnf(aqSNe^XrUFyn_$iR<&MAKAxO^;czv+OxO2OYRynpUOd(>?+xBM&`eW z5AMz`=xc`eZ{(3%ArMH1_!1|%bY0~)VkM8}Bn5Jwnw1#${}L~$_xoQ*Fuo{>Fc~nRl z+9+Uc*a?s^AMo$N#BVR|+t^@(kcdv0%07$k*^o}5p`dPxFWRn5{?j0koZ1hwr38k= zf?aa-CTtL59-SH+%z0`yFqgj=F#f&}f05?FJkAaT%}oQzyK2_Ng8#u27EjYJFv*2lzxXsV)uy?0TdmrAwG*{=&tYEQO*fvu$=2Fn_h@xxSAuGw&QfJ9cDAEFcwpgVft79&_@xG_ z1R_bAPujYK1|Ew^mM1Y0GE^#xs1l*V>vz)lS}xwmap5vArl^OUhX7#0Wis|6eS4;N zkTxLYr}!@<`kRC?6$I={kmv*TMT3w7F&3DOgJ5zbr$zkvyYD~uey551)w?M4S)8(W zehxqCIfHft(EuSH2PDi=ow||)Y{6ok$JLcENS`m3Cijv(8}$PgFS8kch}E^D;kM;= z^~jk8zsyr68`SU{>geDe!W($_>WuUwo(E(^{W~-f%d^1&F(JtPENzKl7!(N_6PirI z4Dv)>4^OnCo=k%e>E0G#ngO8{pit-a#6ge;QUw$woM(HTeR7*{A%71HcFL-BRw^@Y zy$}V+Dl5f1uor>Tezh9kmiT@Rvzd6KAxrrm`pcZ(P)yZ(l++%;Y` zv@s=Pnapv_5Y#wSOPsDelujONou^rCBSd-`OIiEx)+55|E+ql?bMd@1x!g+#{ON(u zW1lUu^g!Wo!dF?sqlhKxfl5Z1vg}|V#tw*90n2C@rCy_P&NIjd`7O}^f4AX1bNLW( zse=cxZi-jcuzsW<@uQIjr zfcmqF)sr5r09G&VCed5P<46JvR+!nGCDaK`_Ey^AYhOjro{`gV9!gjiLAKxpDx_Y6 zS%d!tdxFJ{#+s3KIPys#6tW(~|)H zAsFmc0q{v?thR8aS_(``!G@KvuD+F!NZ)9wno4*oK&q<2sA`Fms-C@32qaT+pcVZE zF#f7u9Po0BM7v8dUGgDdeW!bt`$2Uo2oc8v+m9HXx>$_m(p3pWzXi$Vl^|1`L`!Dr z8Now)c4I}Ta`Ng3c9$pjA7mHK7qVKza@Xa)@VPr+*K6246l25c+lWKvi}3IFCrG)LhLC^4p@9J9{=|CzrKG5 z&PVSL9$4h_IXk%X-^oAU1rz!%5JxqfAe4n5rZ0oYR2&*X7b6Qb1HIl^;?4O#!ziL2 zPi_xb+`b+o-~E+M4&Gi}jSl+b(SGAkUq4^;Q_9F6PUi0bGwR)f-W^;HP6xg5;QZoh zF!tubZhdq*oz8bJUci4lolfz;M@KKe`_tj^i{ls1UmhPnKl)SW@VlcIM}H!nrygw8 zCr>k){HgQkzKVnUAM$xdUL}m)K?>Lzpcx5CCT5MsGxF<31okleeLenwNl~16G5N zCYs;C2eoJNJOB2ColJ?WOIk$M=jtJw=FBP5P|iw3J_2&Lm4HIw+HZP;eiW-^q&IxVeHGol zif-GBZhth}{I~h6x&Qx>(+F24T#4dql@X## znukYc;+u>m^R!EvztAWQFwF;GgYzl2;hBfVeICUup)zgUoW}GPd+bvXM9|68m7`7B9Q29JpMOH}rk0LUIiF@U;Fwu~-mzJW5*%cY6G z6@jm%mrbCsCN19|0}tgv<&sTJc30|ObEZ;_rYfLF9R1Qa;dXZZFI}=suu8yU`;=80 z-%E{px>YpsGzH^~Z}qpzOx+b?EEC_BKy22Ixm2SxW*M#<^SHfmA#iF2jn;%v26Ko( z73x}9E6QV>a2_!luNY(z2WRaVixo;kJhyV>;KOi{M-jo|TP`hDl4zwUoTLbZCsBF) zgas@XFWVg!*hbn}J8rx1$}#t?hfy!jW`Nne`S3*(^~3J>KwR5?tQK}pm#iD>$@!R6 zj#K=gv$WO>rtB3+L^T-Sf~VOue7`;U`CRQx3kpJ$T`>|p7OQ;I{HO+WowCH1Llum~ zxUyDx)okmfsUp@fuW1<;)p3;atRAZ8gJ>t;KRf8})+jVYL-WrL5NaysGdPYgdhrXrY4A!jdCd*hg+yzgv zjfT2#mv7xL3&mFqQRB~SIXp~}ux5CLWSbj}v`}Y@K|@W&Ki4kux+`Z!(_-q+$_r=n z1sA{Q)DNG9qgmM=9?8V?jxbGrWmTVtRauMnSnjmlVto#VRKOM5g$J!1#9FrVXUi8> zd8%}ucEK(S%|B+@>_8vwSn~(1U1?l9tl);@`FFlO&^-0TH;0b=sebt@Wu-nkO;;n} zBs>H^&}zMaR2J$&m}q9PAk5B|2vw!pbnV+|h~-Mp3Hd!7cV^REq{&JlWKj|pn%(%( zYkRG&CEhMv8i75jm?_lcjZ$uND;|C2>avn-#v|uElMxJH0tHMqD`ON1Qx#lXdQ=q- zSQVE<5G6U{ityo$&YLnV2cn{iimf&m&)^92CRc4bOV2=hi$G=dr{=BBoQJ1L(L zEN#cRaHFI*nv5%~vSK#sOKi4Bo(Otv$0;cWWN$Pn<6L?ct6CM)vZ{YcyD8# z(MQ}m8boo^A?ph3M~vW$kz2MrU~r#AnKofEuvn&56&Fw{B{t=4S;ENJRWGghzpYQ$ zWD-tn=*Eg!sQbNssjJ}0;ISX?Zf2SB4cGL<#(Z2iq>a>mTH9AWw9l^VJFx*HSB++^ zvTxyH%{<{?vQ4cYCpOUJs=;LI%pP^hk+dm)${)o^9=i-U5xt~%g47ozlR8^)tv~UY(&Rrk67XIc&qdcSUSB|jm_wwlG zcFE5$vLb-zM#HNB_^i^>uPjv_>UOZ9k620@9dzU6G+;g}*0i=z^}@QvKks0Bx4Vp$ z-mV|2TV~xzSEHEjHqfd}YHRHRRh3Hi0qO5o0diVn70~{E8A7CHT&7v7YGZ4EKk;c{l&JW%NM&rS zn37dxDx`ip_v2bD*Iln%iMzVd7!^kAsxhuAv)LGBXom#~yQ^}v5?xge3vFZ@4O<=A z8l=^|{&=)sF%w%>b0=pvVA_g_Dl&lTU7*ooH=21Qg6>x*AUKFbemF2L_ zpon)BJpeV=a!cFr+y!9@#Ve0o#gD7iQClGee?CQ3VSJ0C_oq9;($8xZRXY!}UIM96 zV`b4+Bh74Zv5iU-RB0mc{90ceEC{k8ude4U221oSqH4t<_l4YZS0+D;30z1@prx9#WMUyYiW6H@WNLmoTe06%Y$K z3B?+(RDf+!rG9rPMc4+|*^hNC*M2x=lOVXBH5>jScbI?8onU;IZS?JeWuRi?7)MAo z{{HB?P;JFY+8uh@D|Aw~p-9y$O8tPic{|PzR^DZbDr;^sOS?c`Kfy%lJl>DmRyMfe zRv%&um-z66_l(n+%-W*mdSW|}ow zw)zc&Xd*t4Fdv8a*{q24ZYq!kOMDh*tDfu?(~_-jl#2%|jUtS`*m067<9_R6B}-32*>e4hboOP(-aSQ!+2_&`G7c5s`mmq7NPwZlzihhuXy+rhI+%9X;kZo8po2aIc?KV`Ls` zxA>L{mFtp{kNV^NAUE)FU*qAv(!ajeyMC2d{FC{_+aX7(oBOFGDwUk!|6GhwuFu${ z)xCqD?Bt^*}q1b z)x#ZKWBoODpz3n<(qoOlT@ts~kavc1?j{t@>xynkWa%}v^?Y7p3v1|={ji|)X!=sK zx-Fd*uazxG6+c?=Slc`w3a&vG@E9g4td}W`KTrsGauHvmRe%FHYPlu%@QSmzvvW|M zvJ-@A93}idOhX>8b*LzeRMtl@Nj}|Wcs1CN-@BZ#0%-W4^kjEwFmU})p2+e9@@p#AvUNg?VgLfv zB;z$%46u~R=b$3UF^`TtEE%FMTiPNGMIp_^I*Q)%2NLo4RuDB|*#l!SVbq_gc+a?y znPHnG5XBr1>u6EsN}X<(JfN5v;A(AV05J)3fF`%Y`bDqmJZzQcp_s&BR{~_O^5Cds zCspTWv!m*?u=d=Xs^lvF+Q-Hj)Ynt<_0*VCQ}X#=@u(_$wHHoGF*QPW}5}s5PcfU8~7c>t2 zit_IFru>vX!)W7=U|LyqY*Yp1+KF^-`0|=i!i&GYmGn%m^q)|%R;*GyxNw$=5u?ZFk+DBxK^`#(|4gVaQ$uO;1PxC=X;S5` z;FBOYtboW0C(~;@BMOU`lHYn~r|l_E<}?$d5Hg7ejrkEx7`dlOD3$*Z+q$4>3ZbnT z$K2={n=b$e&ucszSK&7q?52i9iUOk?ghd%c215PEs3=EMHN^g?5I2UI2520R3-L!3 zP7(^jP8kb|G%0Hb69B1gFYf&&bU2*KoCPc)4-~BzlRS(9LP^YH$gmmYekOwyU}u20 z3`;XXiwCVp&jqlA@VF9|35*xIOE3u_`cQnEFtorcLaGptK$N6O7EY-z9q z59g2cd$xhLh#W)~32O&z8pbSW`?QTk8;xf~f^eY;RK@Blo5f^V2el#bZctrffkPN% z1NcejvM0@ao*sHXc*h;@@P{9~!xzuJI9zxk$AS=lN1i`FhJWEsfE4Jr3C|bg%n&fP z6QL`_LzI0BStA66YNXhzo%;Obl^t7VWj=?p!Nh84lX)_3few7e789i34{N9CxO4d8 zXcMAd^~PBqguFq>gyNsuP&A<_)bZZS|5v|arMXvi+wjX48?NO0Q-zdJq*M~a;R&#ehx>ChRjLcs8%GC7mcD0mmG@cSwWi$8c5)4xc%vc_?plQL zhDs#69v-}5aj2Mh+WpzAxOK zr94^Wd83?6iX3)2okl6|5_t*oX?X$8==)2SB_T@%&E?<4k4y1lOYUhTS|@@_Tw!V< zb1yncg&LLFkWfM0XskHzhRrt`TF2gyNp*-2%LMyY8EC{&ug=)g(CJ!ar*^^;(rh*w zDg{RYj`(|+rDj8CvLH=p0KSoVAxKjQ3*wt{mIbSLDF=b|8<=y@Ce$U( zS=b=9Q<7c&uu%T6bMzd_yYWbM-M#2^=EWXgyj<1cQMtz9ksz^Q#|1Pj%c||i$fr-;gM$wrNU@Y)bL7*f47qr%&Bg<#;luX%!U@&=RL2}q# zkl{$>w^B>&X=5lM6Yr8m zjHb*x*WZ5nw0-ZS&B^a6kHzNs>6;H8j?;^*$x<8a@16hl!o{a=_65QIjKlWm9vu9| zko|}qU~mDqSbjNgql=Sw=e@H*Vb&HrNH?3db_DO(pEj62Gj**5oBFBPEcx`Q>C9{M zgBNCO4l}5+<3&TCntC#uzl3R+sX0A7`p)Zk9q+LFedqg*a!v&$6*aa6A)TlJi-~AY zdGbJ$fc!=f;PM=!tH z|Gv!UGpMq^>i@T%v=1K+z9skJyh~D+ff_$sF4#|Vu{r%2>ymE|;2t^nwlR3WP^eON zB6VpTkmcG0b;zrEdfSu*+k=Nje&FcpN)jb6?pczA0V5wtmgKQdULM1r;e4D=r{R0j zY@5ae&lP_owSCl}Q{9KSjF;peIgP?;$O3?11RS8ouMAs<@|oyE(3+A7^QpKCQa*R! zg)t&7WKn=neDJ(u0mLlK!j$aE%wrNT9@6YBn7{8ehEpPMGHgWO$uK$iU6|=ygkZ{` zsgSbrD3a7}IMGJ-Q1cT`_1vl-_57+bwFNd>03m6pfBXdo)BS1lHMZ!~^Mb9oSH7mz z`F3jp7fBdrQ_}oDY5V_(hlSG`_PfoltNYv8jn*=Yqa+;x#1h*X>#!6!5N^EO@W0L4 z!P#?Q~5-J5rSfsZS%RsF1buxR;*uSk#slHMyl?o{>GT zPZt!FiXltA-e@RiA@$zUlr$BI9$&CHorTlP3;DtQVRK&ybI|rRX#HMvI-NsX(DSW! zL7|uM1!{A9r>EP^*n$Vub0waC=PY~R$(Oj?iTwi5Fv*18K;-1 z=4)nngTWMSqLr*qzI2LZMHgk8s;qk##=$Vve$Sh(Ec|{+tWY`iP!*W4*`Qe7Lv5Wj7B^U$cWy7*3vkKHr*QHa&5l& z?)ba*@aVYkn|AGNqD2^grU}jx{5=m|KJSv|F=>-Co@Qi`uqjIt7U-rH{>$f)AgV*! ze2r0QpV++92ZZt0nTEq7&a0HJ(nrHqyeRjG3Q7Qd)V>RHK z`~Udm^P}SZe{^{C_5S}7pC`Y{zTW>kOq$?s2j4c{uvjp8rriF>_2p^f-Mj0Q-m>ny zca0ApNErK39@HuzWX0>t(%Bfb~g9L(``e2hTR<4pFpPsDKJvf{Rv+? z^4o;-Onf&DlQh$X%pF&z~PR$=dGPlFX((m&HCdYy(KQ znpsIZzFD1rSbx@TUf5a?$5y+CvE+#^s5dRy3qn6@S_{*(+z*BCC`!LkT4g7GUQ7gc69kB9v0!l*oJtY&K&Ae@o zk3Bx6mo1#3)h7sk6%&GIdEEiBN`Cs(C`5SOg>leT&e;teuCBcqKYSpbIV?Eru2?k> z{w5zu7zcv!J{Kj@1@pVwx$(n?a7uWx^0=0NGlp=n7W!WwKByh7PNen}k#28N@KxFu zSYz`x$hgm=F1hND)OU^}v~sr^!M7him;+$Gw+>S{CH0(weEJm2zi|Sk<=-Y)?WX#< ztT|wx_x|5O{>viet=~pd@H!E2jr@0b{N0P9{P*I!ukzm)`8=8A0TA*kBUeH8kg8KV z(#4ibJlp%4Y$Knzovz}oKJ{6$g1agN{32^@Tk2gX(-zww;+?eCeUB%)1J#hcK^F=C zoe2pOS(UWHVWd&#yYIe3SAXLgt0f-Qo@7C784plY%Y67yED6u|jLj{rKpWraS(JKy zl37o3j85>W{@S_j@t>#!|BGN$?_18CHxLRTrd_1FyKE8bVK z7dt7`lac$qVy{TD-RQ=qZO=6K(r{}j4fK4U=dsk=Z?|$f-)I}tOxmyN3ez@zKBxbH z)5i)ccf}NzE!)+zMzzA-X$TIH{K>N|1ZKWGID+V+WfiDeYY0rrXp*VOw~JV2R#V|B z%I8C0wn~mM9Nb*WVrY(?9778|2>&A=$v<+QG5Z!*bD_E~S2baIs=ht{rNv*jZCCiP zSj%wOu{&Y${p*C!ZD|9U*BM=0vZ-y{*oiT*_}<-BN)D=TTuo9T_^o1!t(YmRp8nQz zLY&A)lJVc@Jd)l*#Tk+3hsJ@Cyene!@Oi$ffH;lLkWm&s6AYqYi2|sW5k|nKkX_(F zQ-AP#F!3Kd{aOwQCce84u*32Rb`D(?MBCEwfh_HxZJM5u(JutD4n#}TFg?sztaJ7? z?5QlB*C(12ov=Z^m>}nZy<)ye!ccaYDP?N-DoX!5e0GxmS$w}uCZN^w|6!-|vMB!_ z9e<7g`!b&=H)Vab|LrhopWzjz-(P(t@I3YvW(hlwc)wsP?o+E_-cM&2Cxg>>C&SA@ z|LWrMH;B;}-}lF(cZ2iZtJA@Wb30Xr{d*XET@*XVgUeqAm+uDWzr4HpZ8UJ&5iHFK zZ7)_91pNATcr`d3j;}T#L8logQE}C~8us7y#^b@&yR+W^>%DO)!N7gbirO!>a4{O3 z4^Q3=$K&h4WtTJ`V-}XTyKNml;9=k&usB%oFwPFdw|2L^>#MgHm&5<+T@5eJ-(6px zehCT=Xr2Ma9dl^8y7=4R%h8bWI~F_r_j{+OuX_EzJsk-;_S1R<0Xbp<4#bN#3}iZ_ z1D{6Gg!*?5NyGE2%Zu@7(Ep;#6UJG>(*^UhiuJi1yuKWa-+nG)#LOHSas+V~y*!%% z^(C+! zhhfSLE}lx?QfB*D`EoGs{W7SmiaB0tD_)$Q{{QT~`+nm#k}&!|p8~^pH+HWjS@NY5 z?R3t%Z6(phZTm=aviauA$`A=z98&~CPQ=!y3A9PQ+R9e`zEW}N*;r_){@1!&Ab-wHN2fd$JH_wmXb!@xh zLVRZB4P@GLickwToleH5H;?a4H(CS*<8XqbR5SrWE)>pXT7W8 z$??heY@CMu?*Hiwd%c2ER0!#l!{xX$JUt#9zdi1EhJ{g*!LsU>A<-)qC`nb+iOEv2 zFp8?8W!UtJ1qD!5Of}`t)?)8saB*@$hkI~x*}ZfNB~Gq-z0Uby*gyHc^X}N*h!Fs+ zvVRw6d}=5QvBSzm4a-5h`f)h;zSlWERiNxp@c=H_V$p7oG`8sd^JKR6m0H;7$zu5m?;#s>XYh(X=!k~Q?_CLDn*I)n? zU`i~29-dBdBySear(qlXUSo3V{Nl7jH}1o;&W{~)TOcEZvO{yJ$iMAf{M7IC7F7{3 zL_wwUm6wgWj-nJM+KrFBoL7FH#Q&Kk4o4{rYccj~GV&!#>_TDD{qN?%QI7u~y>4yp zf4|7HZcerl08bgUHSzykkPR&&tvC_k_h)r6p_OUewMHm~Qf_>&7WpOikJS=?t`wQX za1BC)L$N#TF+2zC5{Gib(YuV^rzm3nVvV~d?=daHdwr@L)|{t0r6>rppGM?g-33US zAFYh2q(=uXtCW=yl@O(8k%ofb$&of6M|UYQeHFcUW?YG}MIbK0psYgfj@ZZMa+{~@ zd6N9cf$uHr{JmKIAMUsE`@jADy^a6Ji#%(VWE=7Sq(S>EyzuF&|1d820`iCSzn3iQ z`40GbWIvqu{ioqazPSVNlsf?B-uH|Wmvg=s33Y7l^Pi3Xz3zL@2jJwa+c_T$yQiA# zG2>#Ut3FUkkbXe(ft~Lm)Jj5Y~?LuE6?4t#{Q_5GsqTpuLWcD zR#l{?z#C>(D+ zCzyo}%+7BU+aZ|FVDsVCYzUcY;BUbNb|&H7$_&n*Bj?nP7@`>O6qSRsCY(H{(L=Dx)jK5Q05 zI1y_^h}Y5`gZbz9k?EUK4>lC&mb!xn(vqInF1L1DMJp?4$*`o`Js!d_XQAwc!t%N^k~AiGiW)g5vqqtw1Q_C*8bN6qL^q{SDW8t8kN&9xSj5^Os^Dk2wX3B} z$m6G{PLPjc5In8H{@z|QSHhNLfj(hyhayDCWr9b@Y>+neogOA!K;lDi`xR->%3(mO z=gTlOY?u-hm-zSEnmr7zOgR(_o75 zEUl<+mdMv1bC0~iBtc|?L*E7=U&e$%8A9;nNl~>obCUIN#tdwgbCNH!u6cc?b7C&e zXa(alV(8~fTiL9&#)r{z^C<_icV$6L^$Zk`kIN{+r8?^hji({|e@&?6OtS0Es3Dru zGHR5V_lufzwY*Y_!n5NhXIF_o_W9?(`m_4^zuYdcL=f3=gE+c?{OH1P4Okfep_R-3 zxW9LFxXJ(UBG1~7vNz}dPZ+ch8ULYgoGGr5h<|w{BbR!|p21)EJSn3ptWgo!Lm`3$ zF;fbOp~nE|XX~UC30xPe}un zk76PCP!QeJZ@(h^s-F;l=ll~lo!gz?bcA$|Hn7kcIL3az((x=efcechZ+I||k%-wK z@}#oAJMzzfzoaFQ`l|*~%-b|lp~fl)snrWY?e&VbJ6ZRTvahOA>fP0;nOgO5|6_Br z&9myWR{77fTNV_6Mf<CzxVeJkD43){}RvoS=omF zuRds>7-KJ7-CWaFun2Yy%-*;)^RLA7jg4UqjFn@LWkV>uH}vh}12a{wlmC~6g3^u z*k5cdEEc&sz5Li*ZSySqtW*A{h*)DnERz4Ny~F(Z-~PcS{=-Dj4e0z~UMlQ2M0 z+P!qt-IdSJ;r0`IR+s-&kLLf@bbY--A6O*+k6st@zwPa}HuC=^p0$gzjr@PYpnXXB ze~JC)%6`kf{MlN74Q5_|81W9Nq{oYu*tF~RuOZ3D)I#3fs2JrM<4yyXuVOi*+# zmv+THM|UW3olh_bARiJlB#OE*41ISB-t{3 z<@ktrNf7fiuv80vJ0mO>3^<;pc*<34nPnEpfK|=}OCv+OL8+-e3Vv%qRij3ClVhAr zHUB*)@Ms%SN+$5WeiNjV*=R;kLd8Cc(z=JIjqclbl1`_Pq$p{G_y#xp5gbluVH$WL zp80ihck}-c7zJtY8+yYM$lap(Jx+Ymc4`{(P7QRU6x}59*9o3ZQQ`$KbZP)j{i6d~ zOB8$vCKW1vzODhA7c%w(4Kkn_oH_ zN8PLMy@+9B_4Us;9IG&Zh4%kuKL11O==H|``$e8F`YaF{k6%Xs^b$-6)pBDTQC-jB zx+hf)z7Ropz{#K?bk)*I#or#|%=}28Cr(V@0yCLCzQ8G70YJR)7a|WM}%a8c@7}e{9=u z1#~^4)brbdGqYHKDaK(p3R1N#;^o8_c40RAq$t^zyv|VoCuCenXC)yrB*DS&d#+i8t+N`!)c=U>Zo1yBE*cCDkcEHAhpX zmmW4-?*cYzzs?Xb%C_=lTZc#Q0@|z(QwUW8&LcPt zyvqdN1(an6(T(~{Qk=jWbP_^B1Xch%i(kQEOd^_&ckb0#R9GOI7h2M=0bO0<8e=Q-hfSp6R!ljs%XI{*Dczh`dXvvE^lq3O5-jF7<$OA|F z;-IBJ8;^tcz^!G#P~@|}ImRb!V+WvWV>}DPIrw!3!(bdBAHX0U(PoOb5hAVg$NQZ$ucVHo23 zOIfKyJQzZ59T&BWL*Z$?ryFNK!7)E=J3c!r??aMUqHS8%enk*Zdo0di3~qzS@6w@9 zd3wktVAV>~Rg{Gfl@USd-wBLv(5lVoQ@rrc+GY!|^7AbHpLi1KjAYWabUk!`oFyy4LpC6yQzx~eyEk0^1qK~qJ@RGn~P z9OpX0baky`xDUba%QxmdkLJtlg8h%-i4`M@YX=E=`}@txj`2Z0*11o`?GNa=ldUnzsZL zBazuyg86E%046Jw17h3^FOw1n8!7QQKhNa<{Az$O|4w221peP@9_<(MKeb+O?ti?< zvqDHQivUn3!_ve-Ikx1$+1H$*r6hh=u2j~#g03~l32*giV7#7=`ZJ`LfTaPGGC_!# z)o{}UO4d&f=m{OwGXz!-c^6lIUSxH55Mi6bsl-e-o?dWc-8Op^x89mk~ay)X?yE|6}UX^ z_kX(Ror+2n=*i%0*f~GFyy%_}`fuEa2Y%qX73_j7HY2kr4Z_^KK0ao5l8ft0N&q%FCVs=Z?>9`|JnQ! z{0>A#(AaIOczQ(0H123ebxVO zXOYKmR%b5rN; z$jM_sU|0|FjSId3ibi+9@4tip%dq+z*#5^qK+P|i{|1R*?1Eo@0ssE*fEFBA5DNI^ zm!1EllN)I#d%>91i@=tgCh*HIg;LqNSV|s%D!!lb1;$A$W;R3V_uu739r=s{?ME^N zwPXx(J%5$0jF6xw^x2^5ruHcZZ!rP}zS^J3bY()xtvMLFCkTe=1k`F7!mPn^lC=;~q0d{}+xd6kKR|P5$4)IwIyq*yw+aAiVG5cy zDmIo)j&8ZrU#`uJdc;La1bT0ePeceA`f8Yrpr_G=oQjP9zIg-O60K~{En=DJB5%N{sj-P1Q)e^c+cq(9UIWtlRzK&9M!jxOnbL@np= zKeIu8mjQG0%8#0e6M5~GDu>9gXEOtRA5i8_>h*forIU;EL9hGvYH-o(4}a+V{HEcL zU<1Z6NoRh58=mHMq$(X>UiLcui>uyA$E>7o(5j+mo#TGz2gTyd#>pyqB87^SrsCDVWfkhRhacXecO zVF2Yk6n>7Aehl=~xa9F;jO?Q#X(dj}Fy^J$N5XL7NPav#?JJ=S&%D(BK>VEJ$xt@r z$xE=nMF_kEr&@%=OR%pZ4w-y?0jam3`KL*z+aL_(*7CA@>XvLMjExiB41vFKi_L?v zoqu$Jx$)7o?F7Lzh;DdT7e7dVrd&^N>5E!y0Vqo3EUIcZq;1!@%{SZbWo`F(FjwaN zuC*GB?e>7ut()92_yO|&26{+bA_#s9qMN_Dy2YbtDN$b+_qDvY#s1PB2V=YW(%O%6 zbT9W>>V>ZX)wDRJ2|BNci26W8cFeoI9mh@j}||# z!@ie0v-=3P^<`-Ko7GP-THpM8lf^O<0k>*#f=8%~*q%pg!FZh`SGj;S1F%7enu~+9 z@)gX-nz7Op{~r%`#ue!Dw4EJd7BHFh_qb}N1?dC zW?McsuEdb!xlKIPAq0sE474r+P}z^KvdoZraxG9`1Bzy~Vs#mo!kX<$egr#~=H$?^ zhM$^SD-XE5dM^A&DFluX-FJyx-)+O4hkm&1o)%wrFHg*u&(7IJpwuJ5qNG@h!m-t@ zoiy@XskkZnJu$Z7rNuHoDW20yBSjvbzHW;<4}J%~&Tz^?0h_Stxo9f@URM zZX_yVylLan+|yy3sli0zuR?~fvf3!R%Rf2 z);y@;Hl<~G{~9Ru8gYVnY$abWCn2!(2PsZ8S1S_)VM#U`X-Kj|rIM8>EX@2VU4Z#r z-RHOXv?R*B`wGaVc~zA^x$CSYRm3(~ucB>}7n1@drZT-z!@WQsKGSIn;6!$eTQuk7 zQB56+<7jm992(2&ag<12@Ve*SLHGDf>o7Z1c;W75r<3;XE`w9nSsj`P1bdU_wt7vS)mca6ZQVZ^oDGjJyOt5#FBvaJEESx})uc${7R{N!p?}0MNa)MDm!ws&%lXw}(6?w_ z1v+<_SJ6U_B|^nxOTZsr4K9Yvv+HEgy*MBCI)lzR{j1nUb8oU7jCU8OHWYatq`)h| zq;r1!_N+7fv1O^swwrD~^s~%@RJvx*F1{O{b$;xe*%n6;jHU%vP@i#fx>!2%)L=iL zxkW;kg_JIwTjX-Cnfe%zVK@_v(@RLmJx=^0+R~ft(?S_R|B4ujt%mNWIm!t7rK6m= zO@2~1Gk03+IGficK0TxhBMp-qWAlcpH|Uq#2P6-Xn8 z@iS;62kB|VkpuE%>d3))26^NltwLV`f4X~g`~dP5b1#O1v3zOLY(yi)j436U6{0inx+!CS>dAj-$=kLU+Kw} zjXsp49{k2nC5qi&(du5Hs7=nF=ReQ!|B{D2jffwf*LaNWnvf65A8e8TFa2itf9*Gq zjyC>ZFY>TdcI(bXv!*0KUu}{AtvK*1v*2@G`kv#|9hq!kjn3UWSuji9#_Aqq1>_2@ zWP+Im(M|pKE5h>-3coVpB*YKQOFYXo#B`@Ju+Xb4rhB)=j%D^Z{j5H1crcHp%G8Z+ z5=035yTksptp5+e|5HQ^XW#|=zqNnZ%=7=&-X{O^i#!|tzv2HMi2qYI@ZoOuD3Ak0 z(kFp4@LPjO;qX2;dBTS839`fi0I@%KffVybG`FsrmQdj8R66+Z8%>A%g(5uXKvra> zt4!6PTKliR{@9H66Ma5_{4d-CS|tAu_ww?8uhrVf{}*{S@_!@$*DU`fTlkQ&|2g8C zGb>*G^OM)l+5b5J1d%4RO<}G3P}f*Y?(9CF)weMCh-EzTDrZm9`mso z_%oli$p0)5L=EyAP=*e$$o_kHaFmz-ua6Ek^8Y2Cjr{)$%Kztu^r(uNAuc%P4|K%_ zOPLv7)}R^SK1jcn<$h z5lIQZGm{FuY`whmG@-N(H(OWw+03% z1O+Gr1XyD*fOQ1|5Tj#WJC?H4RVt(7ls>7cb3p#^{%1wAdEn|3dBRfpmuIZn2#<_jHem%10e-h25+ zy6>g3c~s(QaSJYY3NE-2+TCTJ;w)=%m92D?wY$ldImza+T+u=H$#HI8a`&*h{-2;< zXFCh)tgQJ8ioNRZ9pr3?9OeTh0p5ipKlauN=IMJ0;<=4bH8=8mtX&z z_`fgoaN$K){%~mCv0!_zHgLaVCHUI*5x-%?mpzw%0LE-{Jqi)aY!`-f8xZ4&3J96R znNbymp-V~LPQKl&<&$F}a;5rbHm^Q2mPN~GVGPCHhjQSj=Y2ca)AK&vwjc$yXpgi* z7MrPpfiu@I(_`?M4GSv^;#nAienn3Q6OIk72BR#U2CoCs2~6eIj(|CyCEyf$wugU4m|#_%hPJR>aqtD>V8|My3B6|cqip{OWiCfjzZSa?=eZixfn!Sw^#wz zFX;OTA_U9`@+lFa_c10sKe$8$NCxDp^SPz4xWszI3JU^kE4X~axlPehI2_YDIa`F9~S1T{nqg0zYlwBURJ zdOe_)Ikzc0#udVHRwWAAkX8_l@uwxjU>ZnS?8US85^VV7@`_h0N*(tDs{Iwvl@d!YZSh?JiUnPba?*Z0tjMf zLcBNu=_DXR4`7FEDW>Xy1&ql%C_~6=nO6p)h$18>jWTCJ@K!7((5)`H390WHJPLRL!xTv$F{1x#9L(=Ev z0jpqW-#K;DC^wkLtXy^W&{`2&)5h2$$cNKev>tf*r!^`Xa~-D; z+pBW1oQcxqYsD;4zEl=1_s?am7~{8DDu3yvBBEket&$MmfRGlltqt{&?Y;{ZB_M7! z=$kBEJGE@MjqP@}0cK7VvXgTAtG&!h2GJPj3uf=Ka`!Na^5wF3Sviy>ILQ~(US=g@ z7-fM^RY272Wma+wQ)zM5NEe7Orq1h*7qo++g7mMKly&gxkdAPoKSgF11ESoMTr-{(5Zp5 zU>c;zcWPjk24RrSofVfcQGM@AM;$Tq1Lnz|+YK92z`TK@+}uXF4Fb?ac`|M4OZ_w`iXyuoPd;b{ZMC}OT+QCjoxbc&-IUB`qf zn(&4$$7a1%gH!+LAa_`y+x5jKZXIs}mu}TZP^3^Ry2!eM=4#vkUb{h&>p1_!qss&Z z5lLYf{)B>?N!kXrruqI9g(yW52X}(;E%)(7KHVBU-fnv)dj+<+PT@tMP*B^}m0#f0)1j(L6ldtp68z9v*6-@yd~N3noIo)BQ^S z%QQZPas6)=T9V&{P0VcO)Lv8UNt(bQ;(jrdZc+?z6wc{{ zOQ)q|76BZA7$#}p%|ggYjyNMokWaseejpztvk;Lw=(87dfFlHO0!BEUP%6<|?}^>} z>5T5^#f2hDO)&Buz2Ien#wf9sOfeuR<)|Brpzb(qXGXa551GZxjb+M>R4`(AQIQp- zh%F@G!AMaprR^{2*Dv+s3g)R5B#x%?)xjyIcn}QkgD?d64kbw-AP5J7Y+>?>+E@jV zGo%8Y(Lzlu0}i*3I1u!n?+CyMh4`MWcGig?8slUtPQM~BBWyS(yi*z0b;tSEQe_tq zgn+ySa622JBtj`-(Hwm2k%osO55+0_BQsYvAR)m`REx1+qr=^BoO7I_HXpECG%t>q zU~sbUQy9}l$gMOmWDAImoE)qagD*!Yg>@4tHW^Mp2`J45ufXU5lN|iHbIJ_c=@b9HdsFXIVDwR<_ZSztN zAOS%X&r*g{1Q^%EV=;~#DRwe}F?XUt?^CcX4PrYSd#bt)hmN2j!E%fVajvhg8KdCY z8_T&eV=2U&Q00_;=N2}-SIW4G^aG+t#4tF{If0oavG_D_M(O7N?(>mfXd4P6a{rOO7{TSoNlH((qjBvpm7 z?}C~1WU&NK*{viqstzY}8H_nc?)9A_ymJjp3RiDOOZ2RFMgtP%YbO=eepd|9+W6z6 zlV5ov;=uMz3bsQOneFX>y&Y{>8?V5(GbZ(d6iqdOG@1i#rolPoE$WCK-oYTG8UdqU z+1><_AJ9D4J$D%%V7~9XN8XH`iK&raf|yr@Eoh%pP;Q9C-6LgR?g`P8J5O%?6mI5DhJw+4?v{keu6I_|D^_eYl%}Ty$ zRD~Lc3Sn6(Da{xkTd4zeRn-6})Wg-miHa0hvf7ws3XBY*H9*N!ogA__TAlZCf(S7k zc$vh1cu*YLEs_4N)|Xo}*Y9R#+Q7quHkw)qUAdtnB+_(JICPLiw~f?;6qMGEu2ATI zuOf@fnanfj?Jq)Z8spU29ou%O0muUbua3gdt9!|z{$ zC`HK_dI&r`x>`LY-M>fSRBDcNV>p2X1cXr3neib(Tur0j?qCvdKR@~@hyVm3#xZki zz*8izF%r7_pm6KDP}JJ&rT~Tn(~WdQx!)*3@RsRb0%9Fpv0W+ze&De^Su*F`Ga%p| z&gsSwf_t3Y!UWGEe$9fjScj$hEB=ldV`5hPEzpKLkGs#>{xUU6|G#u#J8N+huCjPPry!m;hGOES{uQ ztfWz_s7+LA607SFt7s3;pm7z%axJ7>O1}k)rDVDsWmYroQX@mjVO)%T?JTZKiLs_1 z-7*q4j&A`BLwpbBc*gGB$kRLLeiC>SacNPVM`FhS6tJIO5KXT03b!H(Gym`+f_Ptq)a_}$3-86XTpfXAiV^xabBpkxET z>#&pVCmjyH)S(z(#QKR}X)nPP#ss9ebb##3$9e`9;RvnmxNF5}S+=^pJNeqB)4RsA zvYO?Pl0}kGp%OpB$(qI*Br_@-$=qR@jAd4RdY0lChxlgx1Fa%1E!2EGg+Wxe@Xg;S zMU`&~`ppG6RvO_xF6#T@M=7ak5zbPa7^$zNoI1>(2*NmCeEMf}#6(&~68W&_g1Y?q z1djy`^gh*7!OINEibFxID;kJ6S2roIR6G&9G(qMVM&UeA`_7I7&5epWxzXEnS6s~t z53p8+XP)*LJ*Yg%TCF!vM%ymJ){J#2TUv;AdCe6uEIm0ZS+^@s^M^i7SbUhUBFZbA zE369Ha>THu35w?d*8x58%uHNE%V(bX%NXOtPeV4-qWaL~kJMIP31yt)(_IK_p!oHW z_R=(5Zf@9+@CqbcAw^15vf3h@tX8T4Eix>#keK zTo$}+ZUQL@lv&D*9pnHdQ{xVJN!~CE@mtB?zE`o^g$u;L$Tpl`3nj$9n7%6&7rQYo zN`s9-Zex(!800nvIh#RFV-Fjn+{P&P;f!*+9Qs5Ja|Vi^vT;sBbb*0RFKMc%c^DQ$ zonFLltjmG7FchoNPAjv>aHqHM2^#N=o-A()TdG$d-iWsj>|e&1w-8giUi`7|T7Qbq z3itm7J6iSj{}TBh4x9P=|IOF?oBRJS@rbRW(A(Md?d7lj|NVV^UjOYIoiykcP`eh( z0Md01x)FfBAFvC(5ZnZJC~|}r3+4Ulxhev~KmQQQF^v2MPO_`V;`Lnsh3xj7IhCX; zW`Nvm_>7U*uISTk7rSq~Q{P;~U)x1|eV~O?y_>~@V4G9^*0|hFduGIc%4`g&qdeqg zO%W!!f->t8t-@9)hZ!xCr7&vNTlLp&J`$BHB2l?TTVlS$LP<0FE0rWOn6n^Yrc;mR z&cgmU1DsJmjOJnxh+GQ0*~BBD@$16Pd%8R+T~Mm29;3>QB8+1Zu!sAUF*D47MK6qS zRHK4Cc#n8CKpx8HJEZnpWHufL@7ut=K@r`aWC1^k$gTqZ@rwvYBz8>WSr}%aj{%s% z_h%@&NhfV^w6Au6EDtm-Hb`cXCkq_3L;-=c@v*h1;LCJ?PibTSsG^OgtnG;w%�h zb_Z`f3;TK!0RxHsMMyLcE0B0yg~QkEBhUVK62f3Q5G1r{JYq~pFbdHnn{Ya%Jd?nf z)I>z>nw(n}A-e=E6$L&0F~ebvZI_PNS4&Ns74v4Rf+1Ax;S_s-Yheyl8CU6*G9ItE z1(O0kMud5Yv%EncfS))_&Impt!|vEDPZf-(YS5NrL!Wb~27{Pv;)N?NERx6+B{w{F z3h^dV&!SRP&1n#&*kXT#w-C5KPTgJL*4-V)VdhtM$ikXp5#H)IDD9?b>N-w|u@fc< zWHf^#q;oqy7vI1imgkal)DRBGV z1O!udDPEX}+u$maQKtCHrR2s|sNCO>Ec1uhxda6KJqp5a+?|})y%FM~Ljf>jY~+Ik zP4ON7Qz%m4eu4=SX)EZCfv4W5djoc}L)|vb-Ig%>S*Pf_Jbhoz3RGT!&oywB_UGpA zd9a%n?4Ct#R9#B8GI1WKqn+G6L~+_JvLvyqA|(jaRr_^0Cb=sg!B_&Si*c$IE=L;I zLPV=BFYT5VU!rd?j_H)QCI;Djgg zhU_R@)E~{WU~-WUBE-`lj+iaVqdTK;&eWUxBuG;f3AK05HQJZpWTF%0e9SyB(JGWv zyBwHGQ~MH3R*vcN$Z1t77NeT0B`xe$H>*-gld6k_{I`S1NAE#h26f`<3)|@#pPSj| z5*Mgay4<2PMfLqRN?GCXnFr4A;GZ~%sFuu9u_q`Fp@)E*>qOlJu3{b9(Fos^8uu{W z?7}94v7_#!ag&iFOll5w1z-%43T))t{bWWAY)D~fE1U4QcwU=8ocNIp!ozSg< z@I}GnoHA2n*AFG3T=c&`wxRql`mAvNqb7d6@t<4G!`FrLpTlNrbN=%ZkFYh!xqV9f zXM-@-6aZS`BYgb0TcUE0Dg=2}C~Sf}|8>un)Fdx`y0lwxmkggJa&P5%m&sKZ{E7VeaqkMEQc9q2Z{^GDWTJ# z@yEuih1{}$`(mqgisMS7wd(ZBrs|w6TCI7upGJ$1c7jh;~fBg2fxm6iXI=iD~-A(Qs-&g*a(O+bf+#Ee^#!?8BM*<^YQ3~ z1rI8g%|p#hscO_ILXucG0QIR*(GvSejD>~yKXrHvk+Eo)sszeXLsu?u7LVpLhrQVJ zQzydsWjgJ$#j*ohX29hw%9zi%zMh$B^cDa*zFCjj?aeK_mhiWXBYH3{fn#KNk=aZQ0mop z^p@!&xQ!7EmFrCO*>7Tu$+ee@0`e2!N zWd|If;i+ff;EL~06BIGJ;QLNFg@RxN`0IrHhNP9)vdC7+Cj&IA-hMmL{D~Umm{i8 zSzBOBZ-gAROhnLeJWJzQT3`KU*+;pk#bF8Jl8Y{4s+UfGCdrOC$=ZuaeAU9y7F20r zO2drGG6E)wg6(9x+zm6XeM`P5-mz3l+xo=rJohGA=Gl{=@o^l>%*t_y=X8R_$Lz&E zFCkHDtGiWfCPeX`jI0MP`Fqza);(5p677xHf^B zD_fL~fC)ddR9>+!H^$uhDK~fmv^FHJ_M_#3onnct2IZQK6w^U5ikn|{^6QE1 z&Ohj2xa^cM3PSq-w&kpwO0D~Adz;VRWLx(H&HSD~cB8l>$QMQLh45F0vToTLa@8ko z6=W|ttz^G*1mf;gZbT%;#%X%v75E-9>f)9{N`JZrgJ&rTd?Y;tS%v{4p1$KEVvDi`(-2~D5dJx?t zh>(K0f_(+ztJP)!>^6&m=K0TIO2Nf)n#vQ23?dMoGI$KGMSG^jiSIe(Nr!R*xi&hG ztHSV5=&RGnM4U*`J;sb6=5kI@D!FWSLr`GOt~zs^(+SHCTE1~S7a>dj$}v5js&ccb zlKQromF#wdbqX5^x=(@>)l$j@(l%%;C?6;I{k%59{=7zl-zXYN&0bJtHXid00dVnn zT&}*djJKSkDm2+AC~oFbv}tcfiQI9@>PlO#y_eD4`Uuqi+zYcL4URt z{J;1~%j(zv7v=wd{rX@(@Bg)TaJcdRdWlEq9qdHtDZXEdDAwfo#o^`MyZGCseY-ZU zU7wq47oXsd;n$@IxXeuunQ0{LLU0_ z52|BJ^BApoA?|}-?^+#xb{*rja`$J&vxD*L>Lm0=L+pcA^~pX+d6d?hIQ}vl!yv~= zX#M6+S@&8ycC`0*%J4qeDUOKYu=M92V0o_(9s#UMeaux`&-Kr@kf7{Z67eRk^d%Cv zX~Zw>T8ZmwS77o!HP(AktPwpTZmb-5JPbobJY?pY(x;{nuuRr2e8_IK@GqJNh^2AM zHa)j~WpE110+ydRXP&X`;I(q+pw+LXcj7toYYb8jBTZ(JCw(~?3y3N6&lrK&V#@2! zLF8N)F{;0!OP3u*YcL?)9}D>YE`Y!#c#7^PFr`|$kEbp;V7woCDN01R4!TU}ri#U5 zVaJFuzmv_(g>nrs3eqYQxlJb%*g8A{j00<}JN#};=i^CgPU!t*5Z9oTFovJCveIgK+@BPAgWb2o4W4 zrc){&vwF{AIjltERmKmbfhR#4v2(etIoWbGhdbIZWk#g>=PC@ZP;|`|w(G@Aj`dLe z(ng5CP}Jyx*5N*I?X)L87AcK=*m(kjRPBl#dMdAlR;?Jboisxu1G0*@%R@j9V>#r zgAm`N1pLk!u}K8M?ZymS`HOK@$+{~0pV4{m}qCoh@H)!O7G5c2ZRKUR^Ls%w=}Q zaj%X1`b0i(Eeqj8D+5Jl@O-hofOR}ibXPDLyZBxmvQ2W92G02C;(UQH&P5Wm$YZSp zXKk5W{__uc`#=a-J#>dIm8qOwD3<^H!&!YJs|)5_Up}M#>|5l)89~NabEld+1b!?= zS`>C&7S#l%j;(~6LKZrZhd2b6KXO|wWH|!h4FX;W2?1p0O#md$cRVQKw|zD#+yN*- zWEN63`R5-3By;oxL|kJL0ND@=Gc3EQFhNe9bpDgRP0$!8XqW%_=O0rzr+nFi1d%Mx z8XL7-Z6`v=CnC;ErsNpbPT^+r=N~vR4buAgf=WuVj7pRzs#2{eUvN3aC|_%_Zj`U_ zmsF36JFEnaDQ2!XOc8R~9E+08RG!D#^dSLNDOhU&zoYyMDzvOZ<&C1Xq@qd zRicsx>aVW3>4do+^PX^Br699EgbMZNA0JSMvMNJV%g}V%1^SR9^dV5G4}lfbA&1T2 zVtoiKr4Bg^I#Y-K{DbR5%zBh!;8R&Wr9wtbE4+h2$XqJMV(cUxEv*8T5mBisR93+j z8++NhW&rOeXgH%;5c=y^Y}BeW-pa`$LUYKMc#hH&-+8Kl4^w#gG10bTwPS7moj(0j_`YPQ`8bo=$WQ@`c;!Y@iIYp1aK^*dv$k4Xy~}PW zNZy8@JBxx}XUGKydQajch|)1||BWs?3)9U6S{|D+1+<`lmZs9M*a1t+{`rR!EjX_; z41>B3vis*BPd}9V^N;H#x>A32%}&79s>KR-)U_YgEvu51_qJ3iE3cAQt(L8~oQ12r zzTMVUUushAs^oK&LVilRHnq^Zt5W(5m9IjfTdaDOFX4jnwT!M+0q)b#wmt{#sA^8u zYNYxIO4VW&Xjw*+Qv;ULO)6A7Cc&3R#T50b?dMtBR%Mk>x4W&vRCny^(KFkrP&l7q zjZ^&L$>um4S|x6|c3mo<3}0M75!M%Yi*zXI?QdFwqm*6m9BqGhqVn@U`6aogj#w2e55xLKb=(a{3y}Huu`+`hn zQI5C#xv=?_?%Kt4=f0H4gj^|$gs`+q)Ye{ZprZ|yB{O4e+CvWHz& z?9GPO8uk(z-kBC^#6GoO4zh9Yd^A{=(yi3n`&njUi{`qLmAG}dpI6)$sj17u-?zfA zQcRbJePD%Mc_6$z@Iw>0?!?Z4W-@#`lL9sNf38VOidJ&xAQd2i1yQO_1(Dp78OyK$ zLc0~AqaTbdWeo{k_^LbW7yR)hgO6NnQDCfr@oP5Mo;w0;y?{i0%U^E?iA)fie7~VFfFbc+qq{ZIVIP^BaF^bqG zBT8!?o=$O8W0JVttT*eenwDKVkr80C;m~`&JRkt#Ss2#z%E4&r;b~)87;?NWvEN7D zED6&2B@P2`4tm<0(*82y(VXBa~dQIW$g_R?YIao@R5 zG#FqoMJ$a?Ky<3gdna*Qa*cR6=A9HQD=wrGz%mKgDbM_2&_rId3K+1D&S zP4DgTiHdQ<4>wed66wcft|1=P#AgW@c^)Pfs!Z@lq`0HxF52RX;q4H;PfNve|_GG>8I{@}?RDr8B1Ju&;GOS3mKRAWpNvj}v?sh~*3kq5O{-8QJ)-Kt5Pz zNGB-kEuVS}*u9b81uV!8~{6 z2=OBjUpVqbJY{SU-8euLqI9g&2;`IfB~e8SNG6c3A6hkHZhJhH1EnCIF^f`7aUcLe zbbFJcaL&f0SqCC_$T5e@8KLBa0LFoeD0A0juWp0LZ|7>s7}+drTo$CykO(zSF0~sJ z83ovEw}Jcc0M3u!b^4dbCmrzk=z=eLBIjxDOE%-#0;5cTAJ@epo~yAC+>rH?u9=G7 zB_rt7;VhltB>0WWSp_B|Y+Uj=+p2egM{^7d6I8soGDWY#> z=4tuy4kaV@fl7RLSLOcR1ukEUqNLf|w?X7{O=Jz77Qmj+cO0S~8q2b>_Z5wclDPq2 z&*)qkwKZ|3WFn<^>+|qeW*J6!B4?L#^(vUb#pLKSwongs@{hWtOWK?31Yf?-a zf1O3Ec7lj&14WsU#vvD)On9(SH?O&Yf8r5$VG{2FjGSOfJHmuEBJ9BLI=3ab7CA~m zNm1J{U)LRnqB1z^=fpqlDLXkp;kZVE8>%mz90Ly}DJ2S+qPpXB`B9^)0!Ka&0d1WT z3h{lGvQLZOW{oK(1M-$SOxfmqy^+C`KTk)*9`zQ~Nvr{*6+N`08wfG?^jwlJc&$VqEfVb~t8Y_3r2X|9dvKC%=aE>3o6-rHkp>hvDG?plO`WRq~BABz;cz z>O5AC4`t`7epEzm^;{!svBMOASf!pgvSK=h;J&3Fz}7a7QA9|{JY7L;g5HDH-cGyZy$gP4 zXU<0l;CBGh1k`-+<^PSo+$qdWU!=gz>^eM}yWC}YI7twRG1E@Ps1$pZBBF8Z4a@pG zS(c)KHli8tYfMU}6QSw;m7j5C8S zO06ba#vE885CuRuUWqA{0Qg&8M~grkj2VOiPK9`uawN2f?qx;fd}&@h{JcpP=!qf1 z(?FhXx<6{mRg_2X(*$OTKKU6M-Daq8FQP#?oJA%D<8=%AuhT9FM7LIJX3Pm!Ikp_R+EU zVQ<>j3IJ4#JxA$1PHs(2gMPT|o)%wrFHiD12|s!`;TzCQ3@5Ybn4DwQdQOhBPgevb zZSd9J-d<+4Okt980%?PDbcd1(#fKA}jdk!k(nZBenCwul9?!xsulTbsm+C`7*D0m- za*z-CEK&THWC3&;Moa!Cerd8|0f4 z%BKSQ7g0E;{rffu5t)+|O^fB&DaEA()FB=WMV6@o#BypVqX*Vs7{gHz25F#cc=YiT z9Gh=y;P~t;qcLRzH~PhlSUFHrG-ZdQ&Aq*Mf$_zQXKnChz4fK8-cdeP0-;p~;V^?B z&Vyabz^chJJGcdpj}H%q$4tXrzG{PRcp3dIAl`^Cp!R}dDZEkkYoIR~xpbFUBbgYG zQ23&FM;Ee1na{5c0H(C$C8U~mBb~+#)nLQev*YO$M!pWPF$$u_2$G5RuI6b!em7>2 zDr+^wb?#8l2LEg^u#@fOw+cJIYF(>XJX5vU(i5qGghRgA;4e_$xP@9`#D9M)O{iHC z%R-ep6<3NL>vWfvC9$h(`xwl9#26l;aHNN&FKEZomCYDMUPp>j*-lMaMwE=qcfkas zX0tfgJL{B zvWuV6Lq~VqDf8P|fD9Fd86K58qKtIxdm_!co68Tsz)WkFZt0sE^sB87<%|?p52oPn zfA3s;3w~Eq4dXbRgW4F>oChtfyRE43RnE%tY0cfUkk0G0^A6uGU&Qd&88Vb)O@)!; zkXJSH0!|ShhoLRfaezW!Um;>IC^iqGfZ{~DvbLQiN9BbwU#+D`aR=0aN#&i3Z}p$c z&{G!0b%Qx+%>srX`l5gpr1X4nrGk zZBxvxV^qdsdF@*?FRx9fv7~lxO?~W3-`ca<{ePx5uN(lN`u_jkVRQd={{H{bUUPH* z|0SO6{y&@Br$zu!gz=;h0K$n{I1%f6GvgX*Ar1gzx;3B`*#ZW{*`fLEhcP! z!E19nZH>3n_$=oL!@XA5gNZyCV5haF}1JWkK+=BWN74LpgbXt&a;kKqx;}=I0KO5OxSIP9CnS2Kt&S zf9$N2--_oe1QwQR5IL-2P9bwR4WD$@OR?io2w-wEqdi~aL2pg)BYD~)Vt?klQgSpb zF1Cpt8j#j-2&`k!Y_DbyG%ZV-=_s=sm7BJfGi)tu)+)13e9@9?T8h>8bIp#EKQXq; z3njo!6PU5+bU&s&3LYnwNUyc^me%@_5!&5$zFpExNg&2WaTtxmULF}m)!xo+$ajR_ zR*HXy)38v(G$wp(^>*_tcvjf|iTJUrMt@tl|9ic^zn|a#?Y(Yo_J1$&2xXh`)2HnH z_&M=YH-0>9P;`@dX>xe^y&iwN^hS?r@SBa^=d#h$Q^Ro+p_>sC^Niwe^#BsPAPvG0 zCBmji%ab&LL6ow{*($geB~02S85t@d3K~`W4GJ#vCgXfhp+<{j@$;JXz51T(7}&Id z`^}qH{fK^$1lukP9c~F#ZiyLgW-j2_g^X+j#Nob~P>Y(y50Q4k6y8cl-w=|N=PW3u zN0O;Cvn=lpWS0i$P!%#K8Bxn+8l-Vq8l;jC2gc z-^W3!Y;amymw=h=R2-#U-jxWaoZSQjIO^lGINtLzFz`6G?|D)hM6BOMk1Qo}2@-h0 z0V3&BqoXr1!&&6P60FArw1%_-Y$&X|SglZ~2dX#Dlk-f5PIu->O@T`mBbiHXAw7w% zmB+C?d&muoJp+OiO|x{0%xRn9!+{;%C zBb?^yX(a@B)_s*?qH3imP>UA{YpZIJ@Bvt~O5_MEu}tU+VcA}Jx#o^oFgy=IZiz^^ z6+%KZ#|Mr7ShS{`jqPcfX9fF@*z~MB{{LQc|Da(1IcRR|KQHo#J-Fb$Z1=y4`A4IP zg?o0sU)49tPPT2g?$0Tp3MA?qBg}e@FiV?Xic_guV4gIUCB~OhvrDV~y29-8ux$R5 zfAwb(|F2I_I1O$hoS-MSv4H>Y9UdN;{J;6SwRg1P|1a@;0WM*hq9kH&FnpqUFa(yO zi0+4D=-oobb-oZm33ym%$|X@4f}0SJc!Yu=y4eK@3Sk=DArQlKqP>Ta?|cCwbi+Bw zHn%CrfC+!wse_9seK@t!3Hmv;D0*aU5#$2NyCX_SfgBL6UjMD5Rx9WK**w}iI@qlLmv{yfb~vX+JP892MFja^7Ws(Bc|DGy zH$k9P-;-bKj&Y&O`iNR*yhc@dsYA5td%NJjVKjru9JKcK4oWLc(ll;28u$12b;z2j z;pa{>f+%04>ubjDPwmRf zsF4r+fN`mks+w>)N3MY4vaS%Y9qjO`_#P#@R0JU}rAP!3|9h9^MSwFN>0LnKpV$Z_U>}oahxTab;kr0C&FhUU;2VMX}6S{_HHswF#nG3dY!v0F!9evhe z#Kz<<@MjcO0(ANi0ML7scmZL021=#@;a6E0oyq)S0V$GNpScUTEIvw}(qa~wL*!PP z@&p9@2$XHI0*~MSmlMqGboBFRmNIK7yUofoAP_uG?FXjiR021vU5u>!kt z{qrpj5BN`Mi?E|xtE6{u`6Q=BwxEz+4jhmyH()$QaU^oVNT&}zvF6nMKVFBl9N z9o;9iUc{7-StLdu&{d!hI?4u$j#Emq#lps)>{f~*#k=%2aHQb`rZ5P(I~+T?(?ph1 zg}8$_(OGyv$P7^t;xQR1N{EC)EK4NSR+O%#5BjdgMhq&@Mw^bC9}sUwh&+7{ri@<- zHS#CM@iNhb-pfHS`ZxM{HoNlt`JC zdyZ28fxcGjZgC0c^lQ~^xdIoeJo*4q{y5Dwnq^!}kcSv2AI*(+vPDSHuQL>-A#K*f zNsJQ}3{qQuoDsF^;5({T(PmFn_oZe9`aFr7$}(!(%xKF@=gJ6r6QB(cpe$rG=UN=o z3;uuhzIM57nR-beF10XKg&7eTEfdjG3SW^ziXK% z(RHk4jZ~%`IC&Lc!Jlw3@1aqiu<{76&s8 z$4ivXk@IXmPU0|GXh6*pzG%BAnaGjVDtJPIg|D~yV!oxtAS^G9Si{bNw%`HndI$8J zYohxva5|gfT_`ee)2qUjaEldFs1R+j4A<(N-i*H$ZOkj8r93ks(4*yKf?*I!BuSh8 ziy27qU@RRVL7AjNATwrVa6=Ey$c)OfEYa$wOp^ufvZh@$wJ_oF%$P>J#f=x(iNCv+ zZl)p>O7T1f?40CrI<*y(W5fG=#NSj~j3;!t4-~-JI8Ob#s&QWZz%0mQCq5LfaT}Tyip<&t{N)eOAmQT5U4MdI<_f5yJtZbc2r8=--dKr*O zO62%Al%7lYwVKC;UTPwy$ONb!_e&>VYeHA1imM15dY@q8id1daPv{P3VU}gi!&XB^ zQLGG!Mr1O|C}E0GG#ri*%QI3HatDo~`t%H}aAgFxh!+<4?Cz4=FG5nV*JWqIw+wY* z=ow!)%2uU9q0C|<+mz_h3MmhcM2n3gis!R7!jYC};^NY!4==0D$if>aS=%cUtT)7g z7FDA5!}cBR8U$9a+QOC2Rl%luzIuA7Z{#A3vsh@N<%_;nJJdf*3+2Ecs+z=~fsL9m z$KIG|xN)Mi)}tVR9E>`-2BBQe;#9*4YLChrUXwTr(z;Ld*haW;-A{Ss&>J}y1&`CV zk()gg9<+mWv9vgEU^}1#h&I$Aw%oBz(B0N#F%nvCYJ0*2fN0^+jn;-Hh?@CSNorYg zL+WYzfXPJ?1lmmGkYT!zgmHP{7#AZ6zPixzrbSyOPz}zX6hD2`t&`J>qy57cMrnZ? zohvhj7P%;`bNI7Q%u7J#<8|2p z#o~#hGn!>i9S2H?8`SL5q=G3RKwQCX2(YEZdDPL1T-dWoWj@mi zvlc7_&#~q##O$UeFr;1a&KraWRHdzvk0+k;swI^2bO^U>42iSNTeiWYNdKN|eaDAL zuNO0Q+M#tYp^dw*;-~~Vxrxe*B9TV(nGst{5Mu}n>VM`qt27NZ*cdT*Qjbhvtzu(A zQ7H2&{Nctl`7LU<$Y~WIwt}%91%Qg-%R36)39ZAQvdq1DyH?7rk>H(auf}DB-FUtt zIjNaV+o8<_l*L7ZD&kw`EGj{NdT7s@=O(b^ttxS0D|Lr*hN3i-BydFC(^M*&KZIOfud_+BG&1o{gdT|p!fQ7q7gL_2U#Y5lkT2j-mt7bE zL{XUwBS+hKbP%~ckB})lfY-}-yao)}eKz|!GJ=cVuYz%j1{cy4vcVLxv6gIxe6X$R#jBLbzG?O z;chVq3uLX~IXgOUu_wdxqjR&lFOM#MJbiJ&UJlRBh9?(Chv)3{%y-M5K4rs`pV?oJ zP7c~k#OMKjm*skqb|o>;mB=%bIt&6kDK~U#!LD(uKq1PPNvxc(i=&I)A`u z+Njig2D*wN*RcZ1u4EWnH5rLI`B}jl>pNPPm05(nZ@TQ*ZmIt0IL6cv>=wsbmQlJBv#p^Mz+>F`leK=7n!ENX0aXry>o-R@-{J+a*)3wfx)&@0%znK*gST zj8*IPvC z7YyaqBM%*;_K@P`r54@G=vs9au5`BSFtL&dqkK0D6h39 zgsP<7FxXG8W4AttXh{>#8)9W{a*KcwmmX_E>c}X}7bG3$MR63}S&BR`Ae*q(nc@l3 zXN~ZP@31!$yEl=Th%~}4E@cwcn9g}V14?9sYrBgMo#%P(yk%rL=1Peia?7C+wY_XN z9xq7Pa0`NTYHm-hFn{eqqbD}nxgY=^o*ZbtS{DWf?}yKyAD$c>{jY&OLa-JUGO0DG3h^w_6xs0;)<{pQlN8+2(;v@7s6*4@XVsf81iAt%I6M71+kY&4aW9k8OLt zS&b`dkrw=&b%dH*H8Wmx*-OEAq9n@&wkA8Nq2kaM;YLw8A-uw=#mvkwW8+%&b6esa zP~#eeECi4`KtxQ_;FjhUWzQ!CzvyWSu43ztr=2r?S8JYeMh>2bm+_UMl+Ky>YOz=> zUb9!G3{u6*`Wl)aHwKtmy~qm)Wt+Nzjk(T8OeD zj;Hm@F;=`Qnd}T8^TGzY-Vkz1fzq9w?lyd~j)dMMdr-_-;9Dt6`(>sVt5Sm|3H%p| z-$w9;Z95mDGzA0X_Ks4*)9IW~1)It%k*C$jKC+fLd0j29tNR58%KwZ0+!X(Rb~rqE zcG#UozhI1&@&Enp{`U56HU58hXZvgX|F7}0!CEV><+a$RjioIlJKz6tD|o<$bXfoh zJY1nMnZq!X?%d>WWokaAw&R60!x*ziA^6PHyNjKb22*YY!NvwVN(*a#3^YfcN}jB7 zo6ucmD5NvUnq<6C;MFFnv{N^3`%>OAG~3L<=dagrMfZT}*P>-8r3Gf>KOl6Fl4UAc zp=D5T)WqkYZf|U`eVFipD0rNxfG(rrDy&UR%Z)}Ub;WkpJUTAJJ=a9w%`Ff8M2O6|7{YtQn^DqNtnAa zVZd^4S|+A!(c1nR#Q3AN>K<*;$|LJ#ky8S-M;!p&0!0d#q-E9E31bG7KPX*XhBeOivRo-O@ zccCt}NU~Y%ImHfOl}#!zJc48>a}MDd6vV9|$5<7pxGI_==3yw5n#_}A(Jl9B!fAD{ zw471t&@gctq{q`K}g$+_*zv&m;1 zoLdGX%4@6iSEfLqM~0WNxI!_$js1htr3vWFxAv3uP6x-Rh9W7z!TPb1Hu*U0Tr8~J5F@h6N6;Nvo~QP=h2&tzqK93 zCaS{h5^C|f1M4WId3(37QN7U|=1Rsm`#yX2#AFDF|1MCb#;!F9Cy3O1vzf}^QdFV; zo02Xv7PhLmjnxZ9s#zZ@i&r9Fps%Trt|nM0bK*ZplK1^fFhGE95}oq>7>p;1ix~gB zRT@$jyBl+H%0^zk5|{OU)MY~mCQ8kAp;E6*Nq1{Q`S^hn!;>9MQteoiFa9d#b~xBR zRpj%qnCHUet&irAL~OK_SaifTUnwE*M#$^U4P0>&{~cDnwS~L3!47bbf(r^zuh}r1 zfhy%Cq6wPv+=Li@>L>;2_z#h`ym=GYl=UY4LnTptDG5aVL}<`CT4#bAlRN|$(rqc2 z>p+%MW`Em$2!mgGrmmEMMu?9eni5B>m35zI8CJh+Ap`RZf7<$}-ZLZg9Ka!;hnFIn zYoW$vD~Ad}V^Q#Kxt|%5z>Zw}MYTpbB(Iu9kM>GWvMhYGmx$6cwfpV% zJF1aH9cVrWE3=Ualv8lP9_?DYS)%1o-RvTtr=e-Ex8wX$OD}h}ZU3e)?5B*e`)I`& z{at5It9gsl1Bd@)o}7!KVG_HKZ3s*9k&%}PhrESiZihrX zhwKLf)|w`BRfv3|I?*EKvpDP+yC#^98|J0a2@UfNyUr&=s4XVdWto0vSd^(miG zE%*-J=w*H1ZE8rd>spYYw6Zod*iYgE!pNH=2wLZ9@g_ipEjAB))x;Caz^rOmGL;{( zimbO9t$k_@vntWK%Z)rG-x`Wd6`in=OQh2{eRn1%P3x~Pjmm!e+@kOpfr~2$ydzx2 zX>KwA)TR@$8*PW!z#%B@qK8u(H&_R3S1A z8(Q>3$N-m@1uDEoFjuC?Qe$d&6UkH8|4iglVVn;Dv=J{jO4>y=ovFzoO*3dS-vC7} zj7S!3_MiXp|GNMAAOF8y`do_`AUEj&LcC<0LhV{m|AaEYV^{dMxhfcEBU6p{J0)l0 ztyp|N(r`KIp5bvoUguGpi6ZQFgP^3PjT)25k3cF!;sePG2|bJ*q_lF#sdb4d@a^w~U%cp*;HbABZTeJ1lr0kdFm>YL`8kz8dA+$| zDxsL?xhNDq*1v7x?0b6pdVE+J&LGfgj<5FMe85`OpxoH3^&@0|Ihb81b1YP5V53x8 zLAUelhIG^46kNC{#d>@F!ExA;2X}r5BQO6yk+#-I?=t?rRc&KvC^RyE)V4ALs%>c= zEVZr(lkh?1+0r)+!XJFw@NTJ(MllY0X?$A;N*jhR1VQbNqM~nN-5J--@oY;egtJ_P zA`&UV3nT&7e|`KQCyq$!?@oz*kJ=?7LjzWxs!NHY6FdhIuX|#tPqjo`{W$Q#`*c+i zxw;uu9=j>sVSPE>liR_#Ql~_J-`{Fl-p*G2w0F0f=DoMIyd$<)ou-~2Kj>pF6^yQd z4MWhkm`8LstgsT)W8V@$nOB&YV-7iED*O{^6%Gqt3h2Ysi*Vd80~NpmCJBE&DO{dW z_kjkcmzv*ueSpE=)T3xKUQ_pCZ@IWdOp+#sMueBpS(~IGbE=R{+51>kt6@+)_;NLj zo8Y#xFe@dFnp)J$jE&8gB}f7t1LC8aMAIYt9DAcNhgs(6Y$GOp3L=#t*{c9u1IZRD zOQ6g!bof>uvWI&$Xkb>jgbHryOXy$)o@R7t8(e5p_5iE#I^_bUf0wvoru+-=C5oqU z@vGp<#}Bu`7Q3{S7-L(lk2Us_I?P$oyvBI+#bH{f0&As0I1URxelQ&6CVaA!EFt5^ z4;mXkez16Pt1g`WP{GcMloqU%>XvZSYk_Nbxccz}Z9BZUJ*IyA@XJuOGWp*TcRP`V z7?>Nn{tjOPeEzg78>4~DoQrNm_DJ^pCtH@PkU5_U3XC+t{y(4v^XYk;#TvTjNn`@y z4K^XKp_x^Bgnz`Qo*)T*|zx&Wmc! zxRRsKOdZ8_fsQxH5}r@R+TuhNpc-jpwc&bXvijA{l(PE8za+7&+CEq-7ZW|R7F7|X zva992z&cb*q_IlS>Zl|2YRT;#biY-y#%wgXJ%Y8g;~FuhR?o%l#d}aI31!1b-3OzO zAB;(j3jD}rngnS683^mg51)auex<2j7)@=0y++#F^g*4+Y~63mZoN++nULxI?kVL8 zv@W$X$FGPuRa^WLx|&^uwn4-T{`{x?&r5heez-|QZla8?Pc!N2 zpfD~JU}0kGXlh2q{Ht?jX)y?$O%YuuF!RTc$j!wrF2w?q^T}&H=Sq|os`{5AnRV4= zkCwCCj54Bj#*4PGXjfW5v}+m)2ydkzStVF1u5F~7qVQv9*@u~4EHV&}My5W>2;|-6 z5V!@OB_r~>!@inWTs?@lXbsKR0t4#xYnj+Xp=J}ALlKl~y6hf4?vr`zG)sVK-zD|6Mx(C4KYDy$+IE39;>pU?Q;WbVgTyC9Y|C}o4k zr$i9$(%<9jgZ43NwKTDBeP@J&?_0Vhl#7-V_Es#Y6lca`a`-}ue%z80$q2|XPm(Q# zPvGpVr@j>S_$hHMxtI*I3`0~RktK356KO#&-Gg0hVZn63S_Vj46!NkZh4R8&m^Eq% zSL6><12XL6vIjwx)-_Tj7l6>(V(;M^cd9w>KmW1X5G)8DuXz0?vSNVgN z8NNHC_Df8{yzukLm$fz$?1-|*Y1iH;b(cRNg2%tSgc*4 zvI{AbZV=#8tYPJ$J9IV(f)0D|fG%?3cY_BHphvo^(7_4Mu+PosXQ%sz=jW$qZ+;pc zzc_sJ;^gR}&3-yMyLd4?e&gQmpPoT|ne)>ZXZwex#-a$jTmHEFkkKL9r)+?^(o;aO zGPKWtVe!dCgqp-|wuVX4YO_`gvu0SDWj{c=UmE9WBHm>(PKzh=G)jb7sC~@vxk<(9 z$^b#QdOC&3M$gveb$y=9jwN0dH{C+zFFKv`<7XP-BT4~tDZF|5#xvwEAg`O4sl*}lijBbR-5sO5a@SG9?(dUq}AxV5-pyG|rWYC2hJfl_%ebu8hPDb#dnS#ykD+|rS zA%Cv!G^v9%+t6Ah;6_YHSK-!J2;JXFW&Hqvbv}mB9?N-=%~vx_!aU9Q@+n-WyJNoS zu_`OmdDNiP8beR;P9@=6)x6rNKD|+#G)}w|!mCOo0Re!c^cJB4Acy6A5aWKnFU|F2Zif(DoYhP71kGl4@ zq~-mw(_&l8E$;O+)$A2gZ%V0o`OQ`ppIm;z&$St?mj3@VPW1n3(Rl-Jj!z-a$(kZB z#wf@5(URN?ZyCM4jqrQn-GakD%{GiBC9lznyX%pm>IJq~8n0}F7`cFQV|9SWr3F+z z!7RmQ`nJwqPKFz!!^>2dWD4GDtbvCvtiqg&OGq8iEQXxORQzUw$C~{6w<6%B`y_NK z?s`e>5%zL%oyUdf6qp@Y^7Cy9)n~D}JT2m-PrPSaM2`KDO(=WAJl#gByWL5;jEKdkWsW2mXy+PtfsNwmHGOXGFfF%* zIyMDPzXT{qibv+E@W@r&E`^knHC+wZ=qMev+2}+T_{-tDSQSeDb|8g1kp(=^fByjg zJuZmckKT&K$av8)xkkeU<`Ii0Wqr0A1jD2dc?u~llSR8>H8y7oUCe~L^BCL#X+3iE zsku}cT(8f&M2NJJ3jfgQpq)g6HPj0zF2#ZpM$J^?eO-Gqy=#-C5l>Ng>EBs;y?lfk{+c#|E}B(8(VHwFADtTXdgWt^ zWT<+fOhb_s@QaIo=y9duY1+wT)X|62Ge#FZ@cp-9ao;-vXRE0&(^xqNj^+3!1f!7b zego{>uY;WxS3eNm%DQ%w4B^rK67}#sgN<~g5jj_V)P($ZdzHkw0XpmylRx$c?9&95 z66tJ^Q-0s+52~|mJXkjf4B(Hs*8Ce*z}U5jrWnnTp7XV&oRq;+l*+b30FR!J~zi z6loALat=X(#U)ScI)Z5|$#gt{OoC0o*=~GOCW03JFcP2|*W1f7lCyK$4N4R3jb>waFp^e@7QvC@jMLOSqKzd<jyO~?j|1RSr%&f zT*(^omDhdcb-xm?`+~ggcf~h+RQk$0zVeRWl6RC~aTWh)WFO2V^jUTcm;+tq7%*+t zaSUiiVf!@b?3)I4d&5#}NkQ_4*P8onZ?)!rJ2&&oK8}g$ZpzP$Ill7P@Y3e4EXk#e zVb%5dYckcjVMSeb2sbNa6r@5#CYij@Kn}6Rnmc-7IElET*kua%HY52tZZTuAoD>3h zXf80&7@e1asU>RSx*)3_B(yIi<1C%e#%L&k{iix8FnQ;y>jpuE+X8p1?2EDn@cLY) zz)!hS(1#!9*0j;1z{~gNWeeohk;~c2A!%(b<2v~Q8CP{Fcg(!1u-m}AD$V+aWLBO# zN}A8pp*oT2nUuu<^HG=Iy-*?_uxS>$^wNQnaRa=2% z`rLGKs6w7lcuTom$TO@E6_+ioQ7*Hx<#l*`?ETH7sQh~W$J3W5!7PfnN|{{=VC#B@Z+m0ck+@0VLjLMr}@_>DV@2HT3UVLlLk|A!pA%z(iBAjzlCVB;B|Qk}d)QL22K>E8ryLqQ1SOIQ-3 zzLbVO)oKlmx)K`86*S;+L%j>H+y#Kmj;r$SZ=s*GwtO&JS}+TVBB})D7Y*pmcp6WH zD$wPkB%aj>8iYl{LSFDhPU&PjRG4j44k3d(4KNi`x(=IRxJ#T*d1mfBaMEn`dOG;g zKui27Rl4b*fYgB-RfB%F-`(jLH=Xs5(DwS9xn>uPW%DHI_+Q53Stw_{+jYR_#ih(C z3#}nxb0zZB%f8E)NUsKLcy@90bhv+UdiL|17w48IX@Tcj=Fy7Q&xhydc=Eel_FP6r zb$Bk5I9!+#IRJ-2!2D`A4kv29L&0|}=V@eQL5$|Yiyavch2}dlN96R*ja^7K6QVFk zX~%Dq^gH7a853fPhmHzmhR9=X2-*?sJ1V6Da0hkwG{8oBiW4p9f{HW2kbx2eVGYGB z7e-TBUMS|X9?v?tP(>bxg@`(t%3Q3)mB`V0GckmQiiRA~y}+e?iIu-`v05G#3yg$3 zWmzsmTYe9VveEs*_lj4=Lry)AtVsSik&ji8iXdr%B<7rVP{W<`(9Bdt(KK4 ziZ4?EOP&j9-KK`z3rp+`9rTDp#^1gX?+TGZX}w;Siw-TM=gyHwvp9`aK{hibiaA6h z!U4euKKI+Mx@1^c(rr5B;*Pv>RAc!A=ASpt_=U5#C zjm}i0_9dL^fVKYd4|Xzqc6k1LxPQq0`Og;HIKwijtn$X4twW*(RWU~`7grwGVof`U z7Y%F4$2{zo$Zz-UH(&+wR;jM>=Qa86+r%c3|n3$+xT#vH{?J0g#!U#Ig>EDJVvJcB5PrKZvyZH#zRoS&T|)ioE;dWg*ofU&YQsqVPG! zM~cW$*J6=rpy^=maTs)1ktk=baW^Na6Cx#MGWIgvsH8pM{72=AUMLkz^eb~sxljEy0d1x(hhPK#S;(=3pV3vDstoqRzEQHAW9h~s7vAy z6p9&%)WudR5lYBVjkcfW2+L10ch#QxXNvAKcl`SUgEUK9i!o7VQyd7bJT$nz7`0up4E~ERa5DVEXUi-}F+SDO^=JBoK1JqQjEKPvAGK^rXL5zfl6Dy#c<$6UqXa9&&@Mlp78Q-qh2wVvn~ z?B1qUdX-8bHx=t#ig#>hdu!0}yv5!_NWh~#_MWjKXPt=M|KI8Tt))#cl`owY0=?x% zu7*l}Dw80;(5@`6su0Q}j$diR?~^uI7#L_c^*LTWq<#_wS;E2_4bp2?pt-s5Ox04n zEPgJhIh9&Ok>#3W1h2pPr`;qs^)4vKqJB`DV+46wWV;fOVmi=UL9GeA#F>K z;U`h|X5pJ!-kInfD^u)q#*6UMlPx`ymZ^3Ms_+T{`b!e!zig3~z^=HK4mOOPp-2=Z zT(xDAdGb~E{1@dfUuDnry|BLqUmz4Rfo()dc`iYM#|SAres*Fmtsp2qKl3Le0}*w-~*n4ELQMGeX0zHFY4oeF!;wjcF&9`^d*viI!!zx2D`cDLDkdsI!wq{Yqge99*JFqrL6f4cp!xAX1Y z^!F{p{`%Y1{)Q0fu-qHvH?Tc?13m2a`g_$Lo-B>_7~1ai`rp)#W-{7E;}ODTu#9Y!m&oda@yj`3j6)u zc5~mh?Vf47Q*Dd8u{_Sw=I_FWe%ssGtM9_@SM|dk`0$&$u_148#?v@t;{}AelTS4l zDWr#-U^Zdg43ud)#&zZZl>lpZ`{s?S(8C z_i;P?*f5h2JB{kIpkklf)Mvl9^SIh4m2I}P>-}dG(Qe}ZE25Fs9^(f7zrFi-x6J={ zc6N7nzw-ZI;|GtMTN&c-ZYCv{prleNwE~ zr*`mLZ~YhXlgmWh4x4ZPa})mWJnEP6e|J}_1ix?mza3%ygh;NtS^nCQEnbv~AI{Pk zD?%YVbpbn#;X3OC>)g$Lh;|kwXH`6 zTtwS?@oc4Nw#IH@W20XyNdsh`;Wik|F4bz z7RxKRv=*X&#j4-s&(d{(&oIUf_}_p0Xt#?0`k$}(|104C#vgm*IPHzOx(qgg4feB~ z+tRD~JVo~^-4L<$!tIp0!A20o6ZVR=?rpSKCn;E;z5X-gQ4RhZ#4T6YDabSH&_%U0$*U%2p( zZlFZO?yFvf*7fe+v)$b9P4BaN2S;bU8a~Uu$5;2fJ6FrCZZ(S4=4<-4?{3|ruOBpY z>^ISSO`(RR&(?y6nr7~38(x-<=WYnc*PpLHUw?l0KmQc~ O0RR8lROKW9js^hoYwu+M diff --git a/AAE/k8s-yaml/README.md b/AAE/k8s-yaml/README.md deleted file mode 100644 index 0dd9cee4..00000000 --- a/AAE/k8s-yaml/README.md +++ /dev/null @@ -1,58 +0,0 @@ -# Deploying with Kubernetes YAML - -Extract the helm chart from ibm-dba-aae-prod-1.0.0.tgz and copy to your installation directory. - - -## Installing the Chart - -To use the Kubernetes command line to install the chart with release name `my-release` - -* Run the following command: - - ``` - helm template --name my-release ibm-dba-aae-prod --namespace --output-dir ./yamls -f my-values.yaml - ``` - - If the directory `/yamls` does not exist, you can create it by running `mkdir yamls`. - - The command deploys `ibm-dba-aae-prod` onto the Kubernetes cluster, based on the values specified in the `my-values.yaml` file. If you use [App Engine platform helm install helper script](configuration) before, you can use ./aae-helper/templates/updateValues.yaml file generated by the script.The configuration section lists the parameters that can be configured during installation. - -* Customize the yamls directory by running the following commands: - - ``` - rm -rf ./yamls/ibm-dba-aae-prod/charts/appengine/templates/tests - rm -rf ./yamls/ibm-dba-aae-prod/charts/resourceRegistry/templates/tests - ``` - -* Search `runAsUser: 50001` in the generated contents. And delete them all. (This step can be avoid after helm new feature added). - -* Apply the customization to the server by running the following command: - - kubectl apply -R -f ./yamls - -### Verifying the Chart - -1. After the installation is finished, see the instructions for verifying the chart by running the following command: - - `helm status my-release --tls` - -2. Get the name of the pods that were deployed with ibm-dba-aae-prod by running the following command: - - `kubectl get pod -n ` - -3. For each pod, check under Events to see that the images were successfully pulled and the containers were created and started, by running the following command with the specific pod name: - - `kubectl describe pod -n ` - -4. Go to `https://` in your browser (if you set up App Engine with Route) or `https://:` (if you set up App Engine with NodePort). - -### Uninstalling the Chart -To uninstall and delete the my-release deployment, run the following command: - - `kubectl delete -R -f ./yamls` - -This command removes all the Kubernetes components associated with the chart and deletes the release. If a delete can result in orphaned components, you must delete them manually. - -For example, when you delete a release with stateful sets, the associated persistent volume must be deleted. Run the following command after deleting the chart release to clean up orphaned persistent volumes: - - kubectl delete pvc -l release=my-release diff --git a/AAE/k8s-yaml/ibm-dba-aae-prod-1.0.0.tgz b/AAE/k8s-yaml/ibm-dba-aae-prod-1.0.0.tgz deleted file mode 100644 index 0fd83cb7dec680e49804d898096254bdf322f86a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 84791 zcmV)8K*qlxiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{ljF8>Fq)tFSKyPAc;;M+JCA+X<2v^%?TmI;=gdQqG`rcP zQvM(klHef;9srzK+423`Z=o9iL5lNOuaBMNvs|^-P#_+SMx)=&m&Gt!(jld6SV@sR zJKa#JlPxXsfB3aN2L}fSuU@=>{~sJ2bpLhQ%s93HgaNe)#I( zAIQP4HiHK~wbE4n!@(Di)m_|wlMk)$zFS@IvBQUA)Y%Bfxn zSqw8)J$+KsY-X&|UH}$esOs1mLtkg*=if5D87td0IsOnikm1go; zF4p2%wxr(|b*_1ui#kix?fQQ!T5`>QWPjGOX3-7X-U*qhlV}*sJ{poqso7e(zfMI_ zFqv|iM?*r3?B#RQ;L!9hsoh#a`1IjP+n@vOD186k{S?v z2F&noTI z^oA>(57C0GXs%d9NGZyx6j_~`^Kv0FcH)2fip*ImnI?B!Z^)TQZMV3@C_i|RM*Hkh4uDVT=G_MWmN^+6Xd_W@T;Vq7xigLx*HBuzA7OGiBmRkd0 zNeWuhH8T{GC?;=tY6hqaWp;_UM~iJ`h)=neOey$bBa}u8GpGxde6s(Qyh^wjK$A*H zeL|i;KZd{BfTdZ%%MM%#J`Leg7itI(9Y~+Ft{GFJmMJ4Mw&qF$mPq@|Jv!;GLdpjg zaeR32?YI3?bR7?+?fDl>cvMx6Y7;`M3cvU4z`$<7pgVh7RSaHwWG5ou(DcqrrD>j@ z5V+6)N^p&win`P%6=ykMf% zowlk@Q>N5nBbnNWJaf-il;^c%!SmzDoi{s!1~^2CyoSr)K#0i`%VNN=xtf$*p9*_{ zo)B{_-LS0|A|IMnr2ePiwQTtpvE1o+xM6wmgIEr;W!PBoEQRK#>$*^O`;i|pL;N6? z?amD$q?#{z&h@ruew`Ng&(qMDsmOV{Jt33TrO;E!lwo-ySo(>BL5QZ54LRaYKxkaU zg{+l6=SrWDfBz5DOGY&{1P8k+9Z^M;vtJRZunR!WY>CrLYbjZ&=jnzO^n{$f9?f5e z=ra`}pYtEt2|0wv1^pB}Ld2`Qf>1dp^59rRj#b_6G;uUq)+oLSDkviRW)2 z*6W zk^)U7WGTg+GP?~2%krReme!K%t=&*)$V$4*gG-5!yA9VYhaDOW%-f17;MNegEKNBf zgTrrN-FWULQ}ou52k6K?6M4?d^$8i6Lyyl)tLxHk5C4&6?N@5W#-B8kCC%sNDsFxS zl96$B5+Da$LFQ|KB`=R(A^FrgKOtt0=GB6JGFydH&{Xquq!cqtJbLl%kzYlsydzK)(>aQj%Yztv3bzPa<(i^C)P5^s@+hsN(6{^-Ta z$3{Quo%Yc;7aXv@)Cr8dbj_|c&-srQ zU%xqsqQ0wn=VtnfOeMdin%V0B4zqic$mXICZ;PFtfzC3WW+6GX_rjz_Zl88zJVc4V zB8&5R`_5Mn5NIifY0g=xL;4Ke%(|;2mfItW|HyW3?PL4ata%Y9v5VGiWa^^QE=G3I zsEb5x)Prf5o213(`?&-U??ta#v9oPS3!YA;xaEf80qp{;K(ZkWPMzjdDa#HQw5(}v z2?Q`2$l(uWjAkDs*X*iH9pQsJhapB?>=W<`}#&D68YtHpSp=ui4f z$9PQt`|{OsNB{HU<*OHe=zo5T&l{2F;*OW=K<7g?^p=q&W2L*(QRD^1jFGGo@=??z zr6n=+T@$@w1?mW{XXol9`st@3;VY87M_png=-Tec&p$^!+E3s|t?u`ypZx2nj!C>2 znK&7m{QUFDL+uP7OMd?O8O(>3nHjb-wJx_2&ah7vf?ZwS|DlM0~*Q5+2!1{HAGcaEZt9{$%;spGp7zFRxnWrJbcDA zx#M|GmR5^S6`?SBJKIM9Y+AN~9FRHpqlc?&b8mwu0X|nvPyYyuIQjF__coZPhX?kO z%n(@kvY%_~>1R){lDyO_GWaJo{3kW&^oHYp4z}I*y@iFr_L`$(&2?sLVT&!kV5^)i zS^nrYL)*cub<{3nQ?Klb(artJ~1IrjDc1-OW?KZIe9B? znJmEqdaam*7FzPuT*vmEq4^~yS>4DPLPlSajH@&ks+Nq%=B4G9yq%B8=xj>n>4s%> z&d8}KwWO&vfBNZ}IsD2{3#qG0H_6gmO!m;BWgh9PN;fAF!3)Ex1I?{r4ULs#EB=XP z17~)#+O^<}54@3Mv|90!>#frZhR7}Jbowf}Y@Pxqu5wBMhcoshwcSI4i0lcVF# zZ{DqDfJ$NuJ&B-(?`C=@WN=J|OIZl-uZhU83;QfPCGQ%g@)n5V4+SkOFx~na;-Nfa& zQB=QljN_LNjB)7RPVEToUyr=Oh^^{;ZWZXelQ@3$$RrNGd0-N+9-IS00en^%IG!x* zRreS`Dxnl#=4=Y*>x2x}sLNleVTPLSq1))xIkfc5%PY_I`(_Tm;@H0kWX-+5qc@9lwzKJ@BI`|X_>gx#SO+4>{+ z8r`>b0BsH)6OZiRnQ!SglI&$X)xL${EC-DX8yTRA$?WmaHW`qCnfibXjt{;$JQ$Dx zx(-b7AuN4B2EeEe!0Qcs1PA-D*y#Vj5C4a76*!NwoTXYwP@2H+iY$fRBoE_MxE!aI z>LAv`Xa&ET^&>hzhE+k!pMQ=zp7b}o%udMMx@Q(l(~N3*5|KcQ&>#>l^2BUX0^iAh z5?*FTzIkq1sEVcLUG&=e=_kG-LIMsa!A>A*nV|Mk;P4skC<#>}pn zCl2?_)>{75=|5mc8y;GVROBaQaXR%ZOXx%DJV~bT^rxR1gm0b)XNIrH&cxlk%&wO9 zI{>hKc*xH`hckCbbU#qVKZU_{0AD zn|yxB{jX)MtPG>N9DvoIhOY7CSrOfejqsLI|G33Z;Gd}X{zpR)KgHx9Z)t8|v8|LVo74*frVet7%`{r@dKV6FVM)!9!o0VL5^J=%X^Lv4-@4!^n220*Tp zdGd>G0D%P{`sxd80QehU)>=q)5`9H>)-ZI=on$nffH1?0Du=)=3^o0=0q^h9M$$_+ z&X8c{(#U!D*%|h&A(#9kvdkxcCVQ>koG61VwMvwxWkzKdbX~S7g%$ODpC5$0$py`R zLEo+?!wkR}PWo?k14{KI)OSBLIaqKgy;*w4%XM<|4VX2&Ja>sdq5pWlR2NPxlE^r<4LjiTy}Wd?ni<&0OmGbkgW$g*8N=6|^ZyIzzh>(55(GS^ z|2sbD_n4ybbS5Z!B)5Dw6=;4%{>$PajS}^&_VBg{B*X!P(wur`#Z+D&tzKm z+xPqLeb{?G572+Z6XCzZkoWrh)KHK4|2{uF>d^ngKj{B&^!c?Z&>#N4zXWQ3Cz3rC z*%wp7U8(C!iDGY`UCTTzOM#c9l}H8<{-QR|HbUGCP6*H?8{6*XCe^y5F29uUI}X?& z0{dibV6rYp>Qa<5A+!zSw|8MFG}%i|X@zU!OeLe~#BPg9-cdycuFFJJtW+Dm(kNBJ zkfa&l8j{YuFzj(~_n8J8p|lk~o3sn&;dFA=elVGyHV>%x_ukPDxSx{H2fP7F0vHLw zL}7#7Ju}CNO6`(s3@+I%lLMPJ$7Mxq{74GQ(JdTq`x8R*ikIx`y>bvrEurenA&^R3yqH#}!*t28UxZD^j0yQ%A7tWuiWtS7CW{@y6?C=!6j zZZJw?cFm-yLL=~bj98#$yV}&+Axqu&|Fm;r=|+&j>4v2@yj(*xrcG|<{Fv|7Oq1b)9FyU&6vNas9i~ibzTyz8 zIlMA`H<99x28u(R_=5_GpMM_w-Z$~@^V#A55<_SCx)hTAT4OxI{~f$|+4cW@e*Ef> z`0wB3^A(v=t(hzp(SqQG$_UVNGg#1Lm9N_f*uiBwFI+#Jy;Ih%hE zdCWlUE(%eS_os7`ajBwY&Gj?*7pEU3%OB-4_}4wyte=^G+@I>UeAaZdr0GpvLF~JV z{*q-EApO7E^0+4XJZv5*7+w&c*f{6Y$wGJQN)+U_mF$| z`-Fp3js^5Fh!_Ut7KcAeAFX!W5bBu@2|Iy3C<8Jik%!1y^*3`Z^*ZpJ%cNfiL^FyY!X_&=|s5;%) ziN)pyh2<}|IC~0xhmg7B2AhN=dz|m%_NWc7OiwGm(pz)+rKan>7YF~e55t+O83FG) zsx^q$kZEK?B~z|PzE75{WGkL>nzwro=GkodM^O*J-PL@PgZ*&VX$dg7`|Xy)cNej?)(SIpMgPWrhc_FJizYMX}QH`lBqg} z^RbemAO%Y|wB#vu2SiI+D$~*%Cg4eK|6CDD5IoRb++LuM+HNf~6-C9(ff6t|yUew9 z?#|i^4yjivN}HSn_&_|n1vkdt89AB4QwAqsaw-oT834jD{qjsP#+GW-ER(Ai}b zG-Jf7gmQQO1G*F&YHAQLb*ZTOR512^#{ zRc7-_IEtAW!(hJ@1=1=r6l|9{3wIlyZUSP!GOmR*$6Yc^yQ$((jTRG@)1@^{A)&C_ z9G)hxE2&V?5@Q~syN$@1+4Eg`?C8|0b^K$}1)qhU!DgqKx`XEc7|Fb< zh!DjpDgjdrTwoamlPupFN#O+@11-c913lyz9?y) zJF>0nWx=&29**w-?1GuY^z2c9fn36(He2C#8LqnrZ;OyoF;p3bH~79}8=9|(Sl!RO zJngn81HUGxPs01&lV!0Y;94U^$a5lfmv0?(o-s+3o~B%JPH&H1x6P z3`#asVG>QrQU;WKxowTp974tZR#-Nwz6ib=d`6+E$wMJTt0Y`&+(z%1{K*mIo&ZNUvX4mM~?4blA{useI~Q_3oB z4j5!{u`Ci-M4>>mPbyq%uzLl)VKHWtHCXjMDwK9C3Ad2OAZ2#p&C8WlU@pQm4 z%9bkxGUHZeK!AJXMx|Ai8*x*V`4*vUXqTND*;36Ql=D@98Tv- z@^bA{_i=akg$I96?Gu`dlGz(E6~&U5o~wt~x-Yl|p@eI1TP-Y;*Pfgm;?8V^yXz7% zS(*L!vXIhT8=Ur=qPbPP(ls?d1Cg_W`(ATldEQzIrG{A9Nf>#&HvAL*%}YW_PVZFB zwOMM;)_4g}?I+*x1RbjQ5P^d`0Vl4ksNM9FHk-3`%X0fs0H>-q3|X-@COVeM38VI; zI6j4MN1`gf+KgY_U5wWHDogZ;AtE0#H;p$IY${RS-S%>5|ko=Z4hN^#PO1 zFnw9Yq*hE&y(xt(jKFLd3r1xE zH4tqXD76dbV84NRKvCK&`Dh*puZBZuPsg4upjg|MZr)!TG|S9)Y2=*{BZFSt)GdUb zauQ;MzT#O6bwHk?r5Ti!SzS1`wS_T`u%P_swzEsq0KiU(LG%8@1llUHWXK1|x{H4Z znEUJ&y&!6&3Se77S&s}rNAVSGh3UkuBb+jLjvKDE#pU*J@QrG($7Ez3(3{nZRnKhV z=Gd%2Slr$tiiFxZf0UpI=py3CnUuxad5mGhJv@fUgw3?yE^vF&n^fif#lW8JH|YB+r}Vpoxatll!z zK7WpAX4x#5W`Ho*1+uQ0vp(YcmqMGDy!8g|m!&|V%pBV_hg6cBw9;`h`+Tb1SB%{iKPLF2g2(CBH5Zsv@3OG4{Hl}nUIBJKvaT` zA&!sE1W-imW>t-A`S|=-}N}I&i zRvn{CK(81SyS3m1cliN3Y8}wWO2&q>IIpYdMCnim+ z4^$esZ2ckdQ(bORfCb6hh*%97fL#RPrO|@L&4$^tubQdunYl9R^YMnlt#8e>YH#j7 z5n%BfjOJuAACT9h`DE^Z`(d(pcXhoWA4ap;=yEX`&&ky+G|OMTA*0KWh~r;XqfiKuy}5AkdRiN2j*r4nYM1k=!M*Vnr5{#rZfUmsgj=$>p2bjHPZl2mh2BgSm*Y9Q4~%Rd)6r}(IlVp~&B*k6HocmU@wP>4 zVa{?RtEozqkcSnpDPt%Vw$X)Fl@yiahCPP`uSgBLQoz54;s*Ls)HW(rLxBKyq$O8C z*_BAS7n6~wTRSUgV?#sht}u(Z_f101JxI+<=iG&Hkcqi@3A;78YvzG{l!D}-?9>}3 z(4g*__0BkLVT7;nv-@NTy0vhK4Rk4&eN;Y1mJTr_f zni32HgF0PKbJwY((CLO65HU%pM4P#}#r<8a>RfjPU4UloX-thzcxg8?psS(AVDCYj zxSN$(b}kTM*Ft1>JP&n;H$-VsRdmf_;0bCoaa(K-y&&>cT{g@OT!KBGAgM2^-@pS0 zW@AWo!qXE1_h?fS$xq^RUviOc^esLN%zRep|ph zR+L=(^XRR&xtlu?%iLW!CM%WO0Y+8PKn zF!jv*U4V@N+vw+l2t2+#Gxutr8yx&Tnoh@;XOn+DFR$*{H6lR7F6Z4qyjY6<`$n_0Qb*qK(BtZ`WZ3#prlGA|Aw zi!jTGp}_-lSF|mk*7?OulTpRJJ>Ejj*MD z9V;u88*ifg8kwn$K5^&}O7=_x?{m5To$12KBeos_-gp2y%f|E4ilIOnJw|yJCy@HZ z60~KsrLuE~OtnMz$6QXW`}6Q9ftu1!;?VEoJ*>}J6ly73@N(1Rs@32=4*Uz*Z^w88 z*yfD2rr?kq*qRkjNlwdkP1lU9A=I+#*=MyS4Zp5-*OmN{h4H`q=RW`cx%=|{Xf*zQ zeEB6~Jm~*_bo~6)LD&EP#f!t2fB66Z7N5n2dAC!Rb<~k&OB9E7z<8sPCJ7fn0 zm1MUZU6dLszub~jsQV7xPF`Pt`Q1M9$}iBe^}gR8f|rD?R@U+wP6fk3`B#PWCkcVo||5X=DCihRG2m;%4QDLHyQX#!Zk=FBBt>6X+=2bWy#DKXcVC{K-hpZdqs@FN-mH9% z!mL3RkJdsG)i^>quK>)&fYyOgus=rh2a~f~5Y2OkPb?LsD0qrx#X4AKBuv|Tja(LR zFxsiqM2(&d72UcZjzA1sF{VIC=AOmPlsL|)?akUj8uQ3mkpkVvWZ_iX%9(b7B?sf` zHooVrjZoUE5;ZTF+E58RrjXW;*88+c@C^`>V7b|FLRR}`Il_F~7>v+t;>01x-Fm}; zi~*F3*zOB4tY8 z>`P1}f+CbZ?oOY}yqeQGukDyE?c{rBokY>xa?jS6-jUv~mFKH1jO@+25_Rd%VJh;R zrJz$f3*YS%tc~_xD>5oeQI{!_#&f1MllCUq@FkqxYsHiy!WQ76 z6lPACLu@=geS1pys?h?r#wRI=+Bu`BW@J=vVzLw&deHq)%dNBL*o-ieu=18m0SR5a zelUrmi#peQIJJhKiLK2(F~7F>gjVcE;HW@J0X;a=k*n?wxh0a;d2XL&*AVpL1}3G| zkhlTCy27<0uj?|)(Q|p1)H$Dn?S2rlK@G9u89Lt~mYNCRX)^OKGru2h9%xEN)ffWX z5`P!h6o$M&xPw`tJMk@2N>eM!dP89_5!Lv>wFgL|$gR|^EkK_~;b*4Qecvl69DkRP zQMZvN6KN`nik2Kj@D>9V+dE%04-n|_!`ukf-O+&D!?kj2$xSNCRnAj%E^PR<`xp%G z-x3&XdzSvSax@8Xn3pN90`|uFpzlD;?6d)E=!oMlyT%m&`ju=YBnvJr@J_R85>>BO zJOzHWwfk*exE=fh@nyG6hQPG@Og*Kt&<(EW?jmA`mHqfPC zDxl{=l3OlyP4j)b?Rf5byHSSS$-2D-TYTq~oL*mL_$%Dkp^>iNJJ)@eYw6ao&?cfw|LK}oKE-23*YGB4EbBuRs zw@X{?E_f=1A!ua2p^{AnceCj4cRreirDbj3Vh&R7bee|`_?abhEfC?Fqu^OGn zL(>LR7E+I0XyE+&pyXJMC2I=sH6}P~qA*wU?#qAY+qrKQf2Rw2cc|u${=F~IUbgao z^c~uRX}|Cqy|1U=;3nY?Zy$W>a$n0GXBoUGQ&M+e(!%w%p7w|*l#erVEL&uk>F0-z|o$0~V z(Nd*66_)K&b02dw*LB7P+4I}o0rLL+uU^tyzNUt$`z3D&3?MnfLx?wpQ zI}Glk#sZXW%-kI*>m=*Q=^Y+&G#4uzF?ZfYW14Q<8UyTUS$AwqxWR0ek->e-8=xld zzMn}mY}V2#c3rz&R8OPt4D_(O&eMBppC|@48ohCZ^z!QR`^oEz@0}fM#dBsFBAe&A zBGp!gcAdWitxmwe1lA4jSBK}kap-Oxb+9+NRK;<7rA>UxL+f*Ux66+i5^^uZEick= zv8C|4nncl?TGukrLRT5psJUJ7PYfAQ8%GtYTJIY!A@hz>_TGu%&C#-KDr-bkHgLf) z3Vl2I;5OQI*kuGaBu#HhahJ1f?fCtc`b{#5Dn5X`=NoqRBZw_~1lz#)=*RHpNADlk zMS1lIrgyK9#yf}IzbR2f|PzT%Mj^pG_{`#^m+&f?QrL$ob@AvKXI{#Z^oe@5b)skKowZAHYDaW@K`? z7|-5}XXDG$F^po~eS88}Z@R$`(4rOm&=d9$1DMEcJfDtF7i4h-!_CLj(QLFBpMNBl z?wGO8#s+990?k@O8)te4cZa$*wUhJ9Z5(zD9)O2#Kq5Pyxz6*}ddfq%Ap}%-{m4Uf z$wnMQtntoF-4MIZ{h>F%bMz$~-NiLKo8P(K&RrHpZ zYpX1QCzTW{Zpa6m03-hd2GIw|a8G2JV#Fr>01s|nlDAA2&QE_-D=j$%--xeOZy|XISkWuuytBF)3XxA z1CTP8CU8aW6&{#%V=E?W%5&w-F*~7s0TQ;l0*qg>U4HRF{Y%%g#xN@PP5&f{t}0gk zM=4tW(tIbW_*xvlgN7Jw0y*4OI2#ysST&2~Q=zrRg?Mi?>+9koPm(p+n^w1Z#1_k#F^h zyfjNUrO3sa+w2uMSyC~n02c$Vc!OtaYA#jq*R@vfS{YD5P79@Zs%++u00jdz(T3%f z&FlpVVelYklCu(1l{`b26LT`aX+$$gts4SRsv63%+{4p=6{5_I>}#P!u)0GWxKvOb zI%zxC!V23zOQOhT7YH;zWgOc7lQhD*#1BY@QQV@w~Wu_Rf{icJn6@i#k=v$bAg62Lmn({c)ibI>+soc$=aE_#gUOMnM!uc z*_~4s_5VQj7Sq#xXW?nWQ)DYt!Jq6vfA0i*EeO}Z{Wv9IkJ~~*7Sq#~&ZdzVA^OEK z4XQ1dHDTT!W3AoLbm#8h_R)k>;zVhSlVCdDL+>|Q+No#lpPd50C!Vki+)v2dP?EMs zq8UFhsX=yIOicn=L_C#SZUM0=MrM?RI&$4swl^M&)&`I zc2R|uS$L&-(Nfc*VzP;D-5uJ>FMvOdpD9KKYI*~n`YElw3oE@99NB&s8*RijTtNZX zoQ>3mVkr&@Qwl-#xhU66I+J<`d8!Pn1tY-m&#g~sOu##ftvLcwH6eBaw|5lqR zmA9C}CWgGaMt0uXC_Te_BR}T+k&%tEso$K08ggcxO?m3xF8485prB>FqA4iq(f?H5 zFx`YI@2=Bk$lu43X@Q?`CPE#d->cRkXjI>l(QZ0Hs>r}PWv%cAZ~HwDY<8O5CfV>l z+Z)ypA0JL|iz#Gyx%OG)gTyV(040URyM&4mB!0^<=Rli}cxY~v@D+;9{ zzYshXRSL}NO}vfm*NBQ%U$>XRDX=tn#aOna=}n6oJIVPTg8YTY_#tmOXSsP0YrDC= z8)tQ{AX=8|LOP*cg0Jpjba)&dU%~@@LU@C@bS-bvo zkfGcsKy~x(3AK3~Di5bmp;GfSH#kty%FsTKA-kJwb2$Rx5swbM-%t@$4&C@v91qhT zm+ZQcGJIw-xDbQVw+)xPyIZd12m{K4Zay3x?s%rOC_MT0|VL zZQyk$$d*xQ^T!5*LQeZiKLx1CeP=s7oWQkp=z3TwzC_#;9>^&&sp!`EH25lQecg_j>1c`MpaSy7&ItN33hLy8JC|Wb&VH~T*`ba6W z6&kH$kHY;#LkyZ_4TDt#9!3xDR1}Rrd2x9H$=H2mZS;U|c^HP$9@q&4%wh|v0d2~5 z5j$_UrMSwTI+&Um?g2DUA86sK?$&x|AuI$IkFyQ`~rXqEHw21`9ytqfbLG4_Q1Xdl@oC_!#ax!!i|><>qurXDIvAv7ECw{ z_)lvib|jMqVk7u)V1*TdDNk2D(~Y9{7^4xS!#EX^-S_;9P|$@_Kp!6Gd;-gcw=BSX z5A1G*!~263lY$jOZk<-Ps`WEb>#EkR;`=tjiE5Wq+3P`BhJ9u=)aJCM@=-V2ij`PF z&J5&9VNlTQ zF`#%;P|rijs?7IRVL%YI!-0rkCNM0ZC`@LXTd(JhHPv~_9U9tOygb*6h1rCK<+SH~cqUwrfhB9DVuO!82l81ZnW;3{s zZKGD1u3*WK%Ga5r+qr$Q=g#&onZ9Gp`QW%)03G9PBD03)?G#!Huq2p4Gfm}Uci5+t z*@8q`XqpoW?vZ z<+-97Cf#(3Q0PSGg=%K*mA_6a0z4OVv+B!65`fWg%!+ERpwbX+`OQ#oHtRq5f$yNh zoaL4jl$Rm&cd#o+P}9CLAaYzq(XSFVxzq6pnVHwgA$dPNeMS!7Pfz=Ynv@ECBmb)o za1;*kc!21GiCdnqj)V8pQ}tyjULISFYKD2*dY+tR zrygW^I>er~kO#6t#Xy)8`De`NRAEM^$A>@mYx~U3KXRh&e}-<)Rku; zHqEe)-LY&`vQ-D~eO-RN-(kRzVi?+b?}X6{oXKqvC+vGHp3-A4yEbUUu?4%nX&Ckr z!vI+$q6C>aTNzZW6MLAJ23TLFbm*Plc6l#FISjnmX{z}xsAC^CjzX{C?-hEg>AHkx zD_ZB8WSp)`p*VD9hx0yeSldCXCEf>F}a>QGwyVD^>#M8h+XLPn2g@e#^bpQuEwH1S8vGT-DHlxU5qam z37NbhAFr;-Xf`G|l5c6BjboPQ*<@#1=R32m+~ujk`4axp%ejAC+jb$V?;Xd^NV z1g5jAD*)5@5=`k}JhvM#9nBUW$(z~L1^Mvq>Vixb zrgvj9y12T&T#)H#at442CJHaR)sN3&ayFhXW>+5}i@@pC)FvJX-bkY8Fd=7b#YSP@K5*4AzfY@o((Op;)Uib=uq z-04W1r#l*-_XZd9Yc<%9d-+3!S?*OUWqp{aK3EqzH=E05^7_IoyM4?(e|>@3+7vkz zvJ%n<8iKV0>Vt#6j%S=oEP*iS3A`SVy}|ipuuq1BHfaIjLTk!nhOUA4MS=U0Ibhak z;_gk65n{F{-0hlPQ`-Mx`V^gm=n`7*% zIg_OjH#yTyNMARG&%n!mb-3pZ16_N)&!A!}{vp2r?pRcUdl{OvPsriE%d$80)zw3j z7kY4l2ldf@DQTnulyLSvxy+Hv0N+?H|F?30e6N*DN8*-Ek; zA|2E|_WFFknf_YSR2 z9~{K@=#4>pF}BtBT|7G$yz`NpV%$a;sOF$(&H`UjZ@hMoh0K})(NPj)I-0|QsU@?nn9VQtJS)=A^Thc4hz!Z8s7o!k zL+cg-Ka)M1s2=5&^GWP=@Mh~kSMCbW6%_`3`=OoYzHxEFvN#>z#vaolnP^w|PuYMf zZqPs?Vm2^XUBc6_Ilfw(LEb!hG4<{MPC;LO&-1ZN5x2574W zIO>I^HI>LSn^AGM5 zb~ws+QM63ZnA}XFA%c#tvWf3pI|h-1fdm}1{Vs~qV7{(~xOFP-7IO@vqjI)pWd@TB zVn9puQb6FeuiI_h!S?T>D0E3~`f=K;0AJ5>$sZF2HA!WzP8~7bys@VCXA^ zX8CsCUijFp^aC>W#S2q+erypOK3uvgQ_>)AJ3&l zZiY3JlP}BP{lgcydIv+atlc`TZM_*#f@EU zZNu=~QGUzhcjmZs3WGGvVGk4K8K^$)DGn2B^>9L}Nk(KZWvV@nnRlP>Kd}^%P0O`P zS_$@CJ)vErVP6rccAQS@oo?cHeQ%YGzyOP7fSYobK8cE_jlJEN1;$TYM$gObRY01} zCuFj3#{xWMA?;lDZ-i`FwBh%O5f=ulct9u_?9O7~-N9f%&VkaG+Oeqv0{gaMfV(TU zNp#u~wY?d?y{yye0fec9>@|T4fd^q2tligXaJm$0MM%UuSpgsfA=Lrz`51fIldyi@ z@@YPo8J6V(>D&?Ut|Lu1=gtj7uHld@B+b~cu2f8}F$qab-tbROJepFSZkU3$Ve2TG zv`65oDYv}bVtNN?+SXe8HVx?AIxy;?sC2#!VgPWO$E zPwo1EL0(@h2pNaGK!7_z*ho7?3}_pI*Si(09H;NI+e%ilJHj>0_!#GkCDU*OF#2>w zC1opa8s@hyHP72P>_k}quy+*!$zK7d|4>9nXEXhY?1zcdy<^y?*0Txx=>f zxRzq;QWb^njeS7}2^p2!`=*b_0~JnOy3`3E5M^Y^wxZ1ZYQj*MrUS_eL%EyMr??BN zI$!ZTXSR61_df;k$wu^i9j262b&4uS7mEWy3P3NPC**WP<=UXE{Q`$_No@g(du009 zMZT+E0ViqeL)K;%sbm>KTimB3z^33LUjw$C!=F${#tKwIpJBj!27bW~WM!sbNTB9U#Vr(IeSMK2Pv zpr0&VfL7S4-a-tcYP^v>D@3vyDqYe~G0E92GVm+LVoXySL~i=M!t637sx3vqEJf`* z2h{qrp+9WghA@Wu@bXqb3KLfeX0Q z1r%QKj$`CV<@=#XNm?r{3Uwd&{E#+E79!>BBNtZc(m2I79xm=LSwTdt6}Poss3ijyN!M6Yp{>sVrK)%$gW5!< z93PO3Zau~KI!V)=*+s5Y-AR$C;A_zngxSVO;#Q_7s9XLV7tkupM4Os&X zq;zm#t!(HkE|u;s35;phK+{c+e^=&$W?hBwmofj``6dMR3{jGexC_b#A)jRyn?%v8 z#IMrD%6Ia!`HX8_i0t0roz$L)hD}n4oy2Yptf{t-+SLf|V_SOA;FoYMC_K1ef253d zwX%~|ZfEkzZZ^^;Hyr`-3poxOauXz`JlgLlNV@iywqWAARrg>D+^Jxv2_~?iG7E&d zc8;62?d*Kw4sk*zMZq$Tx|JsXT|=#VHroT<+```^eq>vEmU|NNwmR;~ zq!N?)Xfc_;8J#Y!W*^DFT#xYS;}uwJt{0aKxJd&OjA#bzCWA@H{OV#%=8Mq+=l7TE z*<^k;ImIbDzrFMGs}JCPW&w(w?E)rPY)t0pDmQw4^*(&@V)PL^oleiegV60)LME5! zZa98FzFfp)etr6GcXJWSlS^`TJp*q&=ac6bJsr;`S7%9(M+e@9@kVbJ;~9?Pnmru? zP0nU;q(TlA3OzOvyRi|j`~7HUT^C`|W^nw{S-kln{2ON$&I|TyGAHvfzVHp% z^XoUL=r?`751TigUA>>2jnByZ>U@0uk-YwhX&+6uu7c8d7W8}l+IO8Ck-eb5*g${$ zemskDtsah(*B4)#H>YMlX3j}=c4l2RPp{6#X27fYIA~-ih8Sm>^j3cAoF$i+DZ$B3 zN3+q}*=YKXoL!CQu(_Al=jW3*AMKo)L;3oA^46l!_2n7hW6O;W+0cN_1bqPvs$M#Qz)UyDgUZWRP7zcMf*{aj1p@t9$r^oO$b8$pP1f_W5tN)Ht{jR& zz;>AZ6HNxY?EB%qPk`=OL?=dB=PbwYb&RU*JRnds)2av*MEf`qjTaTVbb3joN$O+$ ziXiVwn9I+pR~1WZ$@MlStb`PaAh_1f+X*E6f-AR+u!;cQp@uo%4xQN?=4{&Td#5Su zsAPFdn@zm4eCNWfv@pVyA5J~Gg~IWHL*+%6ho;n$&Rt$^Bbb|Iwc<%kyFk;6 zOnhr!!<45&=~lvMV3IralX#id)_ujM&-8Kn;Xy16#kpav`Z-o0b6Hy;-@ojnj@{`9 zwE?@?CS9dEs70~bNkfYD?2;%tJV=5-HPqC>eo8s@< znFtiK4U6=FJ0aFg;&M1Mdw9zHGm--4uH8dkgN7E#tF}Q!Y-+)I* zvJ@EyRn`x++=g(<7}cA78wCKh-C)N;!x|7wTCRaa?AqO|kD<%b4j75?5q<`ZE3323 z?(rS3iokvmSU2novFqcG<+qF!qSPDpwflAdVFQmhk-!~ehjCT0&7LLRTd3exw;VVO zStmc-{6;4P;e|}Ps~dfU6}VR0p$htm7j+S2E_8er=r$hd2}p#kI>&E2rT_7;AN3yg z36|t{haFku%PVp^nVnu=%on4}QzLxLk&aFlb00=^Hhw=oznTKyKMVN#^U3J-`55Kr z%a1OU>dlpr>OhD$5+|9wA(P8DSF?+;i`kmY$no zr$*YCkN@R*e7Ts6&Rx^*$khyeg0JQav+y?)BWJ$8o=+|zMs8--ay^d8+pDXy50mqA z=-kLKr<3W($jG|P>Q)R zR54j77x@e3l@={<9vk-FFhnnF(xd{XgOvh<@-I#GE_<8WLk#ZjP8sP_C1dd&RE?w3 zpZ4f3v7#WkV@pWx3Tr4>yL0j?xZAxa8@mH1kQ z%JX}ybDbig?Y-IYlL_>rHcfkndiB-5$N2y;@(JCc&rG)?Q4{D#pzhC@a%QVWq2Os;9g9UBXTKZl%GkajN+@?a>y zyxVXgEkU?l(B8Y(a=0tg<`^^uD|hfe4oikOzNlfS$J@0#iRBgXEp;pgg$lNgTE%b2GM=DAqc3T%AQqZz= zSz-%b@&ZKDj4N4JE_q@Yn7ue z;{!uXfbEkUq%j_3O>4p5Yj$HaKl7k^8G=rKW@#KTuW3~;v zDl6*hgrh74T8e;=^rC1JNZ9f<3sn_Z1`!tmnt-GIcH!#w?>*^6!EL9OL6yVy8zH6l z8iJ0WwD(SIB8_;H(l}#iLvjxKw%DB;E8Iha6GsUN6a3q%F87z&RuIW}9 z_iY?F8waYqK8Yl8V>e;14tzUf?hSh8Jiyv`K04aG-AYyx+Gq1E_%tZi6uIrVB(xn) zF0U37!}G3q&i2%P(kjKWV>0U$B_=5r2iaXn-=IB916$zzKcmjp1!kz-VW=X53o!A+ zMG$rY#kmG}^*5@#M(GNHg+8E?kq5eIZmRoZsazbBO@ZmorB8s;ob!hU+6e;Yswu6i zgK}76MKZRm*XvGTDf&C4jhhvmjV|00%L_CG0s}2=!w3d(+Muwx$F-tyLO485T!=3S zG?zke?8V;Y%z<}QR`*ABt%ck=eiU^$sxHveiR!?x4ho&jyMiE}?z9pKNJ&Pz@Yip< zFso=?1zvJT)t_l<-Mtn13T=2*Irb=HIY$*{z$w?2i=y_wT5{wk(3CtHVo`I@Z=_U8 zh@0JUlmSYgp&zxstd`rIc!LB)HS3$((!1-O(1H!ip+_j2d`oi<0IW-9&U(sR^+p!( zV!p>dXZuD50OcKYf(k*{)}$TX*Nf~s z)oAOILv4}>Bs6{ks0Ifg{%K&XI$LmMI3Z-5~Pxc(+B#5TaKC0jwB zc74UIuAu_U}K-z_K`oYSJTvav1 zn`K-zDTQOKpa3%qlXANOLSw;BxWzglJDICPzq&6`k++@eAUR4I`pR0d1f&B>a<-;9 zLETB*DSnE?)CokWj_z0>+KS!|aRD@y9cC0# zo5K?0AYU?0&-yS2VLbLK>QuYL<~gk(4aO!Rmlj5zIFv#dbK!)0JD$D|DU9o7qY9DH?;eHZG2nT%oSpBz6B{GZ;H_b zD^8;52Qa3C(cfmY>tbx&IVrI9Sba^D*8My*r=Uf%9msW`S9V{O&)p6iCE$s3G7nP; zf}^B$ZQOBMZLH+2EC7xFquEEhiQkaDdwja>zJ2G+)$CKnBxhhmgVUahqF`m#q&06G z=s8mmt8WED@AxW-qPI{bxf_1GCFX)#OaJjo&$Tcnbk9G=sDa~`1 zVPWT;`*g7HWNo3L7`41%I&Lw_uG?vo*1xZ(hFJ=fC2((A_mRft7kH@jc?8qcXJ#}k zbCWN#e_SEkAs6O$hb;AB6ipQ6c*BJOLq=!;+e#fCAG3g>>}Uo%VIQ5klB(euyojtAenCL0Y2Y^K}al`Spf^f=g7XG5yx0G<-T36A=BEh9u=lY$eF7TXDeM^ z+Bre3mD1@LPAxamgebQ8>N(BfihC4`J-@Q?P>?G zl~RA<#wIq!=Y46d(E7E5(N+o4xGx1s2w5)f`pe<;<%VKd4Aaow%r-Mr%BG4kkm)>Z zQVSTUrW;zWeeFcmvYJ^^R+p|3QVS>c5iG@utLMrQTvXWM)YVB8{fS)Exi;A0K^%-> zjy+5(Zmdqv$zJQU!nom%?|)~y9TiOSl&X8WMdB2Mj2kfEi;7b+rI<7Eb6&=zF@GZC z+EB@uT<|Q*85vV$&+=$xX7o9ICQ9hR53F6b*S2av|=EA6<~;d+nGT( zVMH6lab{}wWWaeiiK5ZPcs4m5&7)}VaNjU#r?jLQJ!vR(qwT!qRvx`7HI-a^7e#wV z`=-GK`@~a$FRfSx>FGj1%or9iH-BSW^X~D!>%3LNHzuQUUGqGr=9}j0nm&6?<+9Gq z16eO=OkPW_xq@?H!ea8a-qMoBWKMah$zQp) zGWaFC<;p!iuT$>ZTu>@CvldZ&^xlBN<+I)}+q+>NPIm4#Se5zXlHHMyLf*vf^%_t- z2T;6cCHt{vIo<8#waED`m7JC>VEQ+{i=xqdG9uFvIG;z+-V5mRlomz=Kp)C;Dt_Vo zUP5Q1T4_mh-ZMYji8SMNiM>Cl21x;yf z{%Q{wG_<)c!)njB2HVz9=YKFC%?5_5?R^6yEGWODWxF$c_FWW>uV+`&aZD~IXJ_YQ zG9JwrHeln8IUrHA_btL8U(%8TCKe38{K({z@*ij!lh-V#vQ{y9EmXDw16SrG9lOI%e%T^TDds^01*SLirXr6N< zeQ#=Amz_iX2DFc`k%zF6W2JHAbE#CoA^E>hZ8l?eN6QQ-z90)>)5F>%Wz0OTGfqa5 z;&I_jN=nX|Fy~<|3PTgk*(ra-jl5oCZ560f)5#``NT*O?J1J}{-pYg*ns zdrN<$G5Kh?nV9^WMKUv+f8)iHF7H?y)Z=muphhlg?+`E5xv2HV9-Ek4(t<-b=S&H` z5%wm#qd#)bi;FdUQYQfw}ZhN z{!%N=k)55>^8aV=&7a#il6>*`84>e8R6z5-CjEdWNJ_GewH*P0kc1f?Sc0^lcVa^< zbQg#=8(o+_NMR)X@877*I{UyyN}in+-rF$+)RA>%W##qBLVC-MAU5!G8t_E+1T}xp zgIjd8{Lehh5OWZdzzRMO?j5C7AbZsI6$4S^MM+?m^QxfF^{=E4Ztt(9Jbe;kAh;37 zMl8v(2}v9}WQLPGrjg#pzvn>+6CKC~P#-cEVhBro8gL_nT_^c%PM6)P(;!y{YH7d#S|oH%r}*kYe1)Tik-G8jr3g^du2$52du30W*I3t5Ql4da+4 zZ84eq|Fh*13Xui>a`H(`g?RF%<&-K8G7=2b5?Q_q9ZxKDs2nAD!Y%P`2YKUdcsr9z z7slkTd`9D#rIS3l{SPC@yh#}InL6m|*3n14m(5s=bRgp%rU_+Hkquq3i1hBm`}SYy zbc&A?WW&RZMkQ`{CWwSWlFjlY%Wr9^)zdJYa4d-2bG)EoTxyL5Nod3~`4Y{OJ0?3G ziY+n8Bh6Ig9fh_balrtZwnPL0pGrQ}wOS>44ckUZ?U?kENth*cwV)=BR}d(lz?eN0 zgtB9@XSK77OeQ@5%Kk9Lj%0p)Os}tV^skW-T`*lI_qJtwm_$rk3&iLnsp3n(;mi*H z?3Pq1N;8J4lolDr0X~ETiyzIx2wa?$koiljiqe_9TL!k6W7=5cJK561P!uUAt0ZHX-c~1RN;7aw z0Jv|KAi9#uxQu--3HJdHSQcea|BG@mG_d5-NB7~jC>V&nRldOD$j%Q%G$DuevN)5m6b zzJ#XIxfjL8HR-AKwF6s$hCxlkWmXErXY`KAU=HyvX5sIO9~OgN`rt&#wr9yacJecO z#LA8)#2e``Wm;_EVpI19)2A9;XSL#A=}BzPZ`lj96G5WZO$|`z^Z@^bTMpkFDm;Ar z4`Xplb9fSU8;!3nk+m+7U&&VI_0^mEO@LL-807UY+o%ncpiec#!0Rx>_t< zTxetp*xYgN6%A;tzDgN6rzsXUJ@bS#U-iz18_TBd*tZo@>i(WwNR>d{7F*F`>n5t^=V-wA zYVLQ<{kVd4Cadx_XWdysF1inSq@+a~N+cn19)T!Pr}t1&6f^n?`%(~O_Id1wQRsM? zR%$XLrN)qjl#NBp`~4XO#;ffKWKaGVI^ReBkuX-nE2}TQR9<~GLcMjD7K|7MwUa}R z1aPmCFQzgx)vd{sfZYYmx1!rvrMjbh_dzg-`wqC8u>_>y7Fpy;np2suL8}vA{O~;y zuQ%C|97BxJnd0RJ2DOpWx3wHzXnW5Kww#rnhwYwTkiElwG7WF@gpu!5mwgqVN#=Cf zA~Th~FpSeI%<{~gE=Ubf)Gj-wTM%$1>ZN{VyZ{EV#x0`exa_X}3*)jVR@^;rS(JwH zUD#5N71(h{N!wKel>11`n~hsNpDT=vx&)l=IYqB zmjj^i9j@@~ENR16#`@?E_q&b84!O7%vt=6kG$J#KY5liK$pud&mD~pad{p8yY3Fca zm{-oou@`i|NTjQ_C7`3WijKGicX&Q^T^=P+jO4o1q|wt)+N$u^6``+d<{<1oc}&`> zC+1Vct5t@pNvXOfXCYC0d#muY>aDsuO09l_?ij%4uAgl$Q%gASHX8F)5S*e+i!?`y z*b|!3CWaYE#4i(0?54Z4t!ZN2+|-;wcpnBijmVq^%*uT_SyntXT9{!LXoy+lChxS` zl21tW{hG@PnZ9LNG85+!*#%I&&?g;`}0Jw?tfaCK9ofL_@W&2}4J!C(s(Pj4U##FeGz^;R|~F)$|na zfs7+iM2Sv~@x%aUZ35|P%BFW0d`eygf{tLH^lC6yRbB*Vf{S3B;^1i!I1n5ufXqgC z+{Cts*@JFM+6S&v=2!)6NFR5E&@yCgnLwhlK!NOuzveWiw_sl~lh9HrhP7f^&S6+o z@hmVKAC}wXv_H_a;w(MiCq2yLe2IguI7eEj(#L&Ce2zFg)|RSe_;NZ?A%&fZyJODc zVBJo)`wr(5upF7bTy!xTg%VRgC%FGn@dS!Y(Xxz@)rscI``PqbK_sqcjw$eb7T)8V z%mO-5smhI}&p}#C+Vg$U<{s2WF+s?Q+6As zk(Jd{iI^#I@hHsl{r<@b*E#aS+rJ$!Zc9|+|jH|*XamWu6kRn>WOaNCgQ9MF$#U^HrYvhucdl{M&!Qk2trVv-_84v&w% zS8uTqOY(bAh{~9RKo^8Ix#6rU0zag;gMFfD1rrFm|?2omd;; z7YZ3aZFC^9mH&}rS~`pqndFMA>6Jj&2c4x4_f;`tVLjW|Z2q{YH-Rj47}XA{tLu~{ zLYT#P6&8?7^nYk$&f_4r%mEId2dV&6Eh)yl8TZKWij4gk3-XAO?>ahJhLt$>)tQ}W zu3qIM?p{gywBT4IE)~qih*~^glc3njAd*9-3NfaKZ9G~$*DJYFSKYfFUtRW2hbvB^ zy4p?J3!{(D9=P>8pO%kiSHr>In$;3pu>#gy!dS zXz+WUYU4t3%M9X&O9U(~yC&OCcu#WC+O6LfXEkkthj809#urjH+ozhKA37 z#T8Q)MJ@7=JY*S2=}ZD;2^o&jgn*}#?jB7vG?9QocOhuxAdobSmKL_Jcmc{gxkUnT zPO{J!t;~3yvKfy8l|>sf<1Vy}8iO>dMsJH@O4>5EI`ss4dvX4T{7wANxOdqiXT5&! z8vpE_pOCBG@YmjXqtQ$4H-OGqWI$F`S_=IFOJ!0E>L#^FAgM*#(kWfC8ASHtYsX=m z7VfZU@PQ`*X-Y$O6VvRo_jJAxbKK0TBAww83nnlcSx92kq*}^My0a#bUfs}U32!hr zx6WdtFJ*n|x;hBQ$r92fP3PZD?KN(t4r%JYo9dA*uLd`djvv9}WzS>;@(%a4GqK7Y z(!@W!W}`7YKN&vWFr3-A{MgJPX5!Ql*sie{4Zbcq)b?2(H#PMty{f}KAer<^6EHd2 zm$m|9UQ*aiNQmVL0fKCp&cRw7yL`NESa3zZ$C zsDg!3X@+*Vh|yG`yBEFh>-zEF1YevF#^Mwod&iJk4kJB`XWBYF7U;|Dv+1NjG%id| za&fAZ0!J@jR(L-%yd(k7Cz%7YRO9Rv#$gu1<6dLGt7wKiEd)la zaBI?;6UA8NsInwa#UtvhciQ`HEE#t#z*%eooL%WVR6>U}F?3jrvEv<0!~_H^V(8y` zKKPaV*PwUWJ3rY@G+!lk7a^n`BX~<$@l8(QDrYH(jfX${a9k~O<3(=313)PiIPd{z zcwX6bK}%I;GAQL4&kTh(0QdueI=Q zR3b9rqa%cFLCxw}D{BR-HbNntOR2aX@n~={Ivsp7CYOWJ^{dlipIp2q{kOyOUZe5c zBYiZxtr&byoKhO!K{l8QBVD#KR?noQ;YrL&a17|6rJLh8{9Bj|nQj4>JD6b$6n;3qFyiMj<*5iMSAQN^Q zjj_9JCGRSL_kwOx16IaCC90)W%gVET*pYr_wKk;|p;F=nL!(qDQRDAWbxQ$1jn!k; zVXQL$?%pN(@J%gfnvkXYaI7Fm2n8_5Of`_G$UR=t+#Vs!;@_{E& z@DK*LtnQkirseHGF6MABCV=QVd_5eTkXM7#i(ea!q0cZJ<}_sfEMsw+u`q6tbDliV zWs8g-!t9?c!7`XUMdI@7m#bbErQd){bw*RdVhXbpaUU46zSMsdo|K<9!4}# zoNsVV<~#r=l5PB^nN*6L2zf%n^0dMKv?zZ#9uTaU1lz)n3#_ID+0E?99axR=4orpu?h&mdKL@_z( zg^WR(p~Aw{N;+!{3A<-;&Ty+4j6ciE8w^dl`+aoBD$zdD?mTVFrMqr|wDX_XIxFWv zs(YnB7WmYR%qi$;J5d|ovijdF&FCZw)0ts4#mc}-jJdRLd^^Q{wY-S5>Bn$I9mbO& zs!q(~_TbtiENT_VDcV}oe8G}?)L2P2sL0||qc($8Q9`%u6QnzhZK|^>CJa&+AY4a~ z+fkAR#R@kBOh>{pF1;m-6Z8LVI4y0m7w(sABEY$dMi$$(IgBMZStxen9P&BdN*e;a z#x#b;;9BOX3hx>D;l;u8mj{DB*^@Rrcg~FJELF}W3J5`mv!!SpElx0Odl^WRh-WUp z*VYSAfrwJ*(o`hssM9$*c=0`u<)|ap_gJy)lG7{icC!e+y9nr>whsU;dttc0Vha`) z;sES3W-S&J+(qj*xSQx<^+r{rG97@8r*;@dGwZZtbMH0#+(Id|jZTRJxrn=+PsMI$ zh#CGS;rW8Jw}Og;_|Q3z?^=dtqV+gqP7^Wb#z|=0J->C9K`6GkJZY zQ#km{Do>4-JXC6J&A=hrSt3hLZI46~+*Hsos^SJ%j>aYB1f(HAq&d|{HO8FM!Ij+Q zfV{QP*-{)3eXO{L_9jbtf7?FNc#IJ`NHkz3r4m4o?1@n{$69kX!l5?zRR+EZtcQ|D zRxgBxmzXn@F(giqUKOxKgeEsuv0KEFl}04-$g#Z4X%wy72B_LFUg9VJF6O4 za~zb^(qN>k`IV!QwjD4ZK}*Y4@yRfMIZxsQg(z)nE!&>TrG?)ha{=Xus0NA(0EHBl z!Zgk8D)4Wtq0oIZzF#fbnB7U`lSsQ>0~QuM{>6(Pc(Bv=jNqpX5>~U81CMszFp8BO zca$gHp@u#2az9%AT6a`j)i&3&!Dat#@BFIwYIr)l`mIIAy{qB)b+3PQarqnh&+DG} zc2}*k`@;%1P_1<_rb`F!YpN~1w)QFdwqi>DX$8F{kx4 zDHBs?23u{gZ^`WijVCP9X>?ee%~%FeX6V$>Z8VyeB6*s}0iA=2SUL%{tVL{zrE@V1 zTV{Ofh+;f)BGZ=bH@(&B;q&$C@S+C1N^!kHPyK3e`et~2)*`Pjd*}T@iwv)Nr@x`o z%<1+28=SqmxW0U|)j_J(HE$ACAhwd&H@Gs{(up#t@GG1E&|5%3gpKG!ck?5I#}+#( zcyB;vA#_q!g8l8Scn)R8(N|5b;0F=7OjUaK>WQ~@BL)bm2U7Jh*(g1j;4PTQ=m zl-B2AD?6S+&_SH))xd}rF#c2wQeG>dkAn**T58u3G2)nnbMUv$P%4#sv0@&?d#f-P z@L04bV=tU4$2^)5U^?JDqa6ptXeBPM)?-WOPWBHga9UZ%M1zk1suR654c|+6IaQ%W zPiYa-a7oTDNPl?QzdjpZ3DzLhy%-HH$K-U_dv!V>uT8Aj;FrNU8NMdN^Vb)bXM+=2 zWOzwN7vu2|MFI%hI=vW=$;IoI==7v_)_XG`R~IdE(!1(Gyw>o%4=U>3X^Ra0-{5R? z+PnNs6dsOZ(QEvZypzZHjCuWE=B< zVMR7kuzIEBfkhE!RNutbx!UgaW^j4dJO6EC#}nhXgTnrV-G*^2RbXS|BrZi%ZI>Cb zB;*k7?J%l>-#VX~U=bHGS%<$CeN4Twux`jWvPJd6&23`})p(FvR zKo`j3lY@NTS3yg#Iu*rvMkbquvI;~EpLs*`0^^AY4oO5`zlZ<1@H|`$x zNYBcdD&LLDtt{iWOlEtA7`PCp1|}t($6AWV4v@WO(lwQC_6ZQ>x(WM{N;lffq82Rr`9k ztP2ZbUmgFb>e#QcvwVH_vdSTa-A3an^O!wFt};Cldv&p5uHRU#z5pzDT@voEzug4U z;eIjfVs+XwBOC68vGTPSXKa6~WM#w4fpR}yrS~l3|I{Q|u)XUri>XxlqLTo+k6^f% zoKtVIrg_`V|zJ@9AG&zk!!A`>)A za;zXUc)2PWMyv~l)3q!itzdFW7`!YdOXKal#>RyqD7w2s#NNh}pvGhEsFuD0={*kv zrS1fudV^nn{DYcs)x^Hp3GhCYQTu-zp1(P{IBPVHJd3xCA@xh1)OrWnd*qyFGb!X1 zV&gEGGkB@NF$3o@5To9!^P#-PQPFLy!KMk#cXwl~P(l~-YceZdvx`XvDm|rSkrtt( zd4l(Olgt^7F}9nEEePxs*%Ma~AdqOv2$BYXL75H98a5Tcq^zwVfY^~kbDBx%i^jHA z&AHyzq%$;J@L|TR{7zaD6zj;7%$1!^zPRjkqGhLTYy&6%TDAdl`NWdHRDL{l=9^XO z=y++bhY>bWOhZpu0l1wKSIXC|>KDr1;lBGy*^_77idzn2 z>GA||2C=^c1@GR`J~=#k@qcu%+GlvzRK8?ZMGBI0o{43JC^sb?Ymb^%)k18U26)Gy z&~-Ufr6;{LQ}~F`_vI?pZn&`(DwXk9f?DyH?}TKy5f(ZSqc+%Lh0V(M#9K+QD$Mr> z>;lkVQ1=1(fv143pd4sg%2Tri-qqp^wJ_Ui7W&}=_+Coy0sErS_^-pG7wzNY&SCrT zIoa!ccW~4>JlrRL+W8Ys=IvlY+my2QBH_Wo<)C+RHt^=b?rj!7old9o-HR9S-%h9F z{`c_k#nDmcPlv}Zj$b@~d3^l*=ue%);}=JrKatMUkx>81(~Ks6>O8uy;^6*=e4dG; z)INFDYxjDC_UQ8B1T2uoL8O;wT>6FdtnB)O_%@6g+3PJ9^6&jdFrkt{?Xnjw zVP-B_%Jal$LP81CELoaDjc={Bu)c0waqUT{5MEWgElj9|^w`h{#6&l*&NzuW25QnJH8nFO+?b-lhp7zw-%R zJ*9#z(I?X=ctB>JW_%w0lNIJ(_OCXp%H<;+n$akp0EkX3|B%2Ma%NKICk(Ty-m*+( zRt*qoPi{nOZgnkdqws~+meZIF<6HI2z2rhH-@90_csvWI88|*B@TK&?nodJsiBZm+ zihVmu80_gZ%vg#m`FGtGIra_@|9fwiWs9_Xa1d}m_4tCtsrb?J`TRg8Az?{d9ijtK z=iq@wKA*FLFb>#zZ5!bA>1bszYSyZqb8w!eR=vbY3JleadX9V&VE)k8b==K!?Q%( zAqfX5cn>0*7Sw0vDIg9V4tOoez)YciMNrHh+N$v%b>lx1U9NHLkul`wfH!0)p4QJj za>XT2l|F0^>uLd)YL)nvibV!<1k+s?9D7+5Cd(8U74^Il@ngP6jPZHBw+8EzCnR$=L^{LXkl=g zYJpU_>bS{D!G!ciqmx&Pp`kM}sz=ihqD5RmM)Y9KmesedTE)A6PGi)MNQ_yr$>c4g zbrIs|mgJOfqj7U{v!wH=K?q%hzaVyUm)svV2;@oYk}-7BAY{%mDyZthxWsyQ^)_rL zvPIk)?Nn9DmJ8M;7Yq82T!;l}CT8_Sw~}z4jU>P9k|wauP7*ZnM@9p2H+4x<{K*pY zwN(dyT0F=~4@sCYSquJ7tnaOA_#0G%Eo=7LqbG$jIsUevumIHo>!+eOcz4pf>b>fX z2k%C|o^;8NzwtaFy@A=c>Sp=5RN;C&xU8ySUo3=Nj0We!lXv~o;o$u0-SDJKnm=9) zPx@qd0$kQQZz%+h!dUz$WO3FGgP)rft&9i#%fXdyNs+j|J)9!h=6En34=>J5Ym@MH z66Ngh=s4vOB$7q`;1=&+T>Nb~cz51A8+1uCmT3S(xfL!4C&Tf(QExo{_2TkGZ7-gv zCBI(ir`(K;7L zOLbc(g~^9>vakXMHbhs2;6AYmq65i<=XsPtZYXE~mQ=H1a5I*dFvu&Ab1LE!8hKEB zlt3k!@tqQH<>HuqY5*XBA&C==@m4gmcQf!M*`8=z zoD})^!COUJ2K0F-G=a|-Yu~A+R0F^X#TD}M`6hBCN|Db9^Jkp2W9voJ{ZZdq*nP-zbL0)Pwzf1L3n3E5EqiRGqq_O11l#ko$UUK`qY8Z@*_+^W z@|Sj7Fq5_*7i39> zQP7%`fC^5cGKCoY9JyiH1TEHpqgrv_TqQJ4L4kKlmn<=$TYFch<9*qUehDdv2Iqxn z$pN;0GzQO5>opH6s#Q~R%L3L3Kn~979U~H6iaBEyBM5I}<$4O4`dC2vRuL0FxYzIP zoBc1ISAV~;H90p0t(2qXaWp#!dLWgRKva1l!~|>k99jB!d`dFTqqK;6C)0Hx45ZU7 zXfxiZo+!x8q~8M-18EcL{Ft(6+LrSHv8tf{hQA8GLJQTxuIOI%e)m1>$NNJXEoRh6 z!9!@gMhdq2X@{y{x?nyQ5F3*Za%L(voKMwUJcDEBQ+rKdsmv;b3S!hGG?JC;mjSr*QDJ7vHj^5D zEk(I<`4D_IRNkX=9spRpV^dB8wpCK{DhctVCFT&Fl(cp(Qz#EL_mct1ib z??fx_!o|-XmPdIuh*ME8MY7v#%RfW=CyV8tRW8@!^r%z@o@z_)7OWdCdMe?T?yk^R zQ-6OUIE(r|{aL={j|=C{5;??ylY6=P+GrT(fWQPsTnX&U(Jdjojk!#?JEiv+o$PoApy77`_l(4VOv&@- z#~u=({G3~m!Lh1Sbxj#F8DL}-P;T#4G7%sQmR$9xu!Sl9rt$|JcRHO8#(f=q_wqZ> zydqP`It95@;I=Gs0bqzYE~8j6qPJiG@OG@#{({}xGEoCR(3}8TuHylV1)AvEi7aIf zzS!(t@?*fHRA$O5wvMV>F$?OLW;D5FnV8-#ftLz=pGB!E5XShP8w9t^%0xc`>rR(k zGW1lLE@51u37W@Xx0CrD(1)_5=y>C8nvMoB&@|t)S3e z?eZ0Gsa>eH-@-4jJ*6^3>|#a(#j6Xw7==cv49ltwn-)+3)0Bw$5Z`;gVDYeAma=Sf z4VmpwuufAZ`UDv$$*NRkS(FNDe)0}%;*2YT7$3;M;O1n%+k%RwJu-+h<)JUjY7W96 zpd95w6H{iL46&O_FELNaG4e@^)WGt{<7!Q`iybeoA2?W+7ldaF@DBfme~c{|4h?&{ zYfC`<*{*UWXgLkj%rw-ln41Q%&GhPR2iHPcoQWcT0+q3@QhCR+InNk5K`2<7EaA>z z3E6`V_SFrq?tgHlOPF;0Hf;6KBbI>D1xeG_yC-dx zUY@eSdsNGg1*g3cJohF`a(3g1SIuxL$L`?ygPPOuTNW!w9&LYBjMp`S-jHd?BJ*pN zsrp7Ue{rdReM*MegfaR1hOP_$z4y$NZ0nM3rzCi+?W0do!IMS~RgT@&SHm{DIvuyn zedzKh+_S0VPv4TU@-&jIS?3hmqL4zPeHZhG7<8hWRV(sw{pJO3V0&Gv7O#cGLH@}S zP>+MM+bCo0_IX0IdsLa+7`1Ck2@KW_!}kmADB{9c>*{-PU~L&&113&Ud9MoAY_k_& z9b#6l*=W)i~XMG+EK_L{p^3qE5i;tm&*l-ABvZ5YP_4gZt$!clm!^zy6 zg#SG77k5ISZl}J#56O!r;;C@Y5=?@q{l`$$(NjCcl8A<0#5+!?;VPG)h^q)Ns_V`Q@Bt4?MZ6 z`E@irsr!W|Sz7ViC<*Vwh~2WFue?!Kl^UczjpPfsREh-2QV-~ZeF^>xJFV8R>dEKjq` zJnp6X`vf3~yVgEwlR16gB`;sRIDTP$O~_oVvpPu$qrpWSEiXCGUWXA&mubf4E~!fU zbCU3dGwO!wsdsv+$_lFB5mra?IgdqW#w;Vm<59xJW5Q|@jpzq*I(6yOFwWo017GX{ zn(xI+RXAVBto1a4SxmQ|#+pfVrcinc8`6Ch^kNO>A%37q&>Ic)cWl1MmM3ANzc9|n zxGVb+4d>=p^nqr9{>IV>6S7D`u#$I)CB?#JkN2Iv$%97YHSm0?yEU$6C?-Y}UydL% z4=q_}rlHAGKuJ9%a@Iq zRo~hD$tI3oyj;-)^z2vktg2z0Au#gnVagqXn&AKGJUUJX_>hI|viv9f|o@EKeBbwAqIl z?qLR8E80_|Kv)hH8>&^6G8NP6wlBq=k<*2myI;fucUfk1J&n)o1l5MAcqjrsl5qxi z?rrf0a-trXe#!V#?EfdPCVAV^71lhP^MlomC6 z;)TBur!#hWYU5biil{$Bmlu=?&|`OSkI7fLoG6*xR62|Uowgnq{7Nm9Y3q)HvPypj zH#|mxw$_fs(lH@>_F*9K94ibGADa`HOY);C^>ca9&pq-6^3>ia+2u!VW`u(Rg2yD` z58~y&CoN7=D5*52f(v9tYuz7}3Haw5-B4Xis_4Flk;Bi(bsSdR<5!&I>K9Buq7SdV z<4nN!`uHr^w6Ymz(=PJlR&HJuz(I7*$Q2ioWk-SI)6%zCd5N=a$5Y@9vUq_xIDruf zoAY~y83xLfD^mtdQ|^bbN%gjq$|_BjV<`nS8dU_K8@EjBM0m28(b!33V41jVeybc~ zJxr#h4Yv<7276Hzrusfd7hxH!FZPoHUNZwI1z&1s0tIwhF91j;4+UK&s0e^OON_>1 zAM1gZ<2|bvYH{zAcBI<+$t*GEd2sRq6e2q^#9GsGmX^aH!HyBStn@>fg-WFWFr>&q zdXdh?6H4G#^%QE6JcjI3*^Di9n5JDH($FM~u=k57^usJ#>KpX=S8Sn%@-9R?wt`t)r3zBA$ zE!D&M*yVG|X)rXCE zA^wQMNkZW@x6{X_Gv@I~r<6J4L5WWDE5M`53@x~W6-xm9lvk*D1K-{}n!;khSD{5~ zChdqcWss@wVkg2J%6w|OUR3m;DeL#v((|O01#$X{rmTiA^3lG)PWYULF%e~n)Y$Bu zoR9a>wFh?L8gg&ad*4%D(BPH&_*K^#4S90Kd2|FAgKjp?+U?P6*tLWIoPP*26% zo2ri{4tAJ#$CjdtVH{>!R=vRL*uZiJXF+iiz-!(GS;a`gC# z&F85n{R6I+i_-S^=(u*GX7)yjmNzYO)5molj&2~4+KtR~bMqt<3kgl6^jmqN1aVAS z`q9Z?{RVw9%EZ-Jvj9jL_*Cpc=4;Hk8s0O!m(g2N&7+#%{imX=Pv_xDsXV`c_c}3p@p%J!d_Ym-1&Lt+c?_vX;sG z;)_fdi-GdUsbDRR^81hCEr!NQ4&%_c1&eu7$|^aGL)n*QF@`ev-l$}M9|54;Uabh4?pZs)c8nlUQ`N# zm4qUSfhJK+#asSB_%vfNq{WxSBCIl|c~&u16KUm8&)qO3haFYHBWGa@NKDd`G$n@~ zOmyeTW;zS!jOUpmj0K0wN%p*O#aFzWqw^hbviB6?|f1utvq$@8H?t>^GQ3HY(NYT z1HVL0iI|H8i-#wqk01hM?_zk;-&e_gP@bxwP0v(5PwlcWW507lUfn$Te7>NWOekMi zzY>jlmYiC(>nTYqbh7>lT21RBk0Ojmy0N<$anl7|1(CiW_7B|$qp z66$E0)Au$#*#4QsF5R3aMc4K+bsb^(y^ynLU{UvxT>k<E(5w z`ZH!0P)*h;qiIGiA+>U}B-bem$lmGY^*-@Mg^lJBrm*vLlV}m#yJbqGR|H>POVY$m zzQL}030Me^B`!}HIyL?EJ93GZ2AJ^HTr?X5(4lfegIiVCn?Z5O**e+sm%&}-WF zr5$wmB~)J(lt%pal-;w)i%T{%@)1&KBX$9#RRmYI%4lNg-K10_)PM98YQm&L%FPyp zJ+O)PV{xk8Z2uN1kR{#6RMZGciynr$+#|H%TpTnA)-+v6}}5c|T?jJ)Q_tzb5L{qg1NeZ_$4$Uc4=Nl%hZ^K7;O*>N!| zZi&c`2&6whgNHDOVsW(x02w)qooD@wV!;dD+zz1{amIUBJn;K@lUwD%fqU##5hy zVHF>=!Hs?d!5qHjN%&9Ebwoxy030zt+PZ`rCXNmiz5~Vaxg>E0F@G~c7Aqn+NdK;T{0y>M4VW| zV=DKTrTcr7w6UHn>#oC_Z9B?#m*7^ARuUrQyOsqocN@~SyQr`UX=dIGaZ)zegg){} zNv!N$tO6E%Ru&6V49>EA6J_9j1qdQ}v>33GwmfAg%b3nXf0Xe15U{}FTbtAXf7Y0k z;^r-rsiQcnf(aqSNe^XrUFyn_$iR<&MAKAxO^;czv+OxO2OYRynpUOd(>?+xBM&`eW z5AMz`=xc`eZ{(3%ArMH1_!1|%bY0~)VkM8}Bn5Jwnw1#${}L~$_xoQ*Fuo{>Fc~nRl z+9+Uc*a?s^AMo$N#BVR|+t^@(kcdv0%07$k*^o}5p`dPxFWRn5{?j0koZ1hwr38k= zf?aa-CTtL59-SH+%z0`yFqgj=F#f&}f05?FJkAaT%}oQzyK2_Ng8#u27EjYJFv*2lzxXsV)uy?0TdmrAwG*{=&tYEQO*fvu$=2Fn_h@xxSAuGw&QfJ9cDAEFcwpgVft79&_@xG_ z1R_bAPujYK1|Ew^mM1Y0GE^#xs1l*V>vz)lS}xwmap5vArl^OUhX7#0Wis|6eS4;N zkTxLYr}!@<`kRC?6$I={kmv*TMT3w7F&3DOgJ5zbr$zkvyYD~uey551)w?M4S)8(W zehxqCIfHft(EuSH2PDi=ow||)Y{6ok$JLcENS`m3Cijv(8}$PgFS8kch}E^D;kM;= z^~jk8zsyr68`SU{>geDe!W($_>WuUwo(E(^{W~-f%d^1&F(JtPENzKl7!(N_6PirI z4Dv)>4^OnCo=k%e>E0G#ngO8{pit-a#6ge;QUw$woM(HTeR7*{A%71HcFL-BRw^@Y zy$}V+Dl5f1uor>Tezh9kmiT@Rvzd6KAxrrm`pcZ(P)yZ(l++%;Y` zv@s=Pnapv_5Y#wSOPsDelujONou^rCBSd-`OIiEx)+55|E+ql?bMd@1x!g+#{ON(u zW1lUu^g!Wo!dF?sqlhKxfl5Z1vg}|V#tw*90n2C@rCy_P&NIjd`7O}^f4AX1bNLW( zse=cxZi-jcuzsW<@uQIjr zfcmqF)sr5r09G&VCed5P<46JvR+!nGCDaK`_Ey^AYhOjro{`gV9!gjiLAKxpDx_Y6 zS%d!tdxFJ{#+s3KIPys#6tW(~|)H zAsFmc0q{v?thR8aS_(``!G@KvuD+F!NZ)9wno4*oK&q<2sA`Fms-C@32qaT+pcVZE zF#f7u9Po0BM7v8dUGgDdeW!bt`$2Uo2oc8v+m9HXx>$_m(p3pWzXi$Vl^|1`L`!Dr z8Now)c4I}Ta`Ng3c9$pjA7mHK7qVKza@Xa)@VPr+*K6246l25c+lWKvi}3IFCrG)LhLC^4p@9J9{=|CzrKG5 z&PVSL9$4h_IXk%X-^oAU1rz!%5JxqfAe4n5rZ0oYR2&*X7b6Qb1HIl^;?4O#!ziL2 zPi_xb+`b+o-~E+M4&Gi}jSl+b(SGAkUq4^;Q_9F6PUi0bGwR)f-W^;HP6xg5;QZoh zF!tubZhdq*oz8bJUci4lolfz;M@KKe`_tj^i{ls1UmhPnKl)SW@VlcIM}H!nrygw8 zCr>k){HgQkzKVnUAM$xdUL}m)K?>Lzpcx5CCT5MsGxF<31okleeLenwNl~16G5N zCYs;C2eoJNJOB2ColJ?WOIk$M=jtJw=FBP5P|iw3J_2&Lm4HIw+HZP;eiW-^q&IxVeHGol zif-GBZhth}{I~h6x&Qx>(+F24T#4dql@X## znukYc;+u>m^R!EvztAWQFwF;GgYzl2;hBfVeICUup)zgUoW}GPd+bvXM9|68m7`7B9Q29JpMOH}rk0LUIiF@U;Fwu~-mzJW5*%cY6G z6@jm%mrbCsCN19|0}tgv<&sTJc30|ObEZ;_rYfLF9R1Qa;dXZZFI}=suu8yU`;=80 z-%E{px>YpsGzH^~Z}qpzOx+b?EEC_BKy22Ixm2SxW*M#<^SHfmA#iF2jn;%v26Ko( z73x}9E6QV>a2_!luNY(z2WRaVixo;kJhyV>;KOi{M-jo|TP`hDl4zwUoTLbZCsBF) zgas@XFWVg!*hbn}J8rx1$}#t?hfy!jW`Nne`S3*(^~3J>KwR5?tQK}pm#iD>$@!R6 zj#K=gv$WO>rtB3+L^T-Sf~VOue7`;U`CRQx3kpJ$T`>|p7OQ;I{HO+WowCH1Llum~ zxUyDx)okmfsUp@fuW1<;)p3;atRAZ8gJ>t;KRf8})+jVYL-WrL5NaysGdPYgdhrXrY4A!jdCd*hg+yzgv zjfT2#mv7xL3&mFqQRB~SIXp~}ux5CLWSbj}v`}Y@K|@W&Ki4kux+`Z!(_-q+$_r=n z1sA{Q)DNG9qgmM=9?8V?jxbGrWmTVtRauMnSnjmlVto#VRKOM5g$J!1#9FrVXUi8> zd8%}ucEK(S%|B+@>_8vwSn~(1U1?l9tl);@`FFlO&^-0TH;0b=sebt@Wu-nkO;;n} zBs>H^&}zMaR2J$&m}q9PAk5B|2vw!pbnV+|h~-Mp3Hd!7cV^REq{&JlWKj|pn%(%( zYkRG&CEhMv8i75jm?_lcjZ$uND;|C2>avn-#v|uElMxJH0tHMqD`ON1Qx#lXdQ=q- zSQVE<5G6U{ityo$&YLnV2cn{iimf&m&)^92CRc4bOV2=hi$G=dr{=BBoQJ1L(L zEN#cRaHFI*nv5%~vSK#sOKi4Bo(Otv$0;cWWN$Pn<6L?ct6CM)vZ{YcyD8# z(MQ}m8boo^A?ph3M~vW$kz2MrU~r#AnKofEuvn&56&Fw{B{t=4S;ENJRWGghzpYQ$ zWD-tn=*Eg!sQbNssjJ}0;ISX?Zf2SB4cGL<#(Z2iq>a>mTH9AWw9l^VJFx*HSB++^ zvTxyH%{<{?vQ4cYCpOUJs=;LI%pP^hk+dm)${)o^9=i-U5xt~%g47ozlR8^)tv~UY(&Rrk67XIc&qdcSUSB|jm_wwlG zcFE5$vLb-zM#HNB_^i^>uPjv_>UOZ9k620@9dzU6G+;g}*0i=z^}@QvKks0Bx4Vp$ z-mV|2TV~xzSEHEjHqfd}YHRHRRh3Hi0qO5o0diVn70~{E8A7CHT&7v7YGZ4EKk;c{l&JW%NM&rS zn37dxDx`ip_v2bD*Iln%iMzVd7!^kAsxhuAv)LGBXom#~yQ^}v5?xge3vFZ@4O<=A z8l=^|{&=)sF%w%>b0=pvVA_g_Dl&lTU7*ooH=21Qg6>x*AUKFbemF2L_ zpon)BJpeV=a!cFr+y!9@#Ve0o#gD7iQClGee?CQ3VSJ0C_oq9;($8xZRXY!}UIM96 zV`b4+Bh74Zv5iU-RB0mc{90ceEC{k8ude4U221oSqH4t<_l4YZS0+D;30z1@prx9#WMUyYiW6H@WNLmoTe06%Y$K z3B?+(RDf+!rG9rPMc4+|*^hNC*M2x=lOVXBH5>jScbI?8onU;IZS?JeWuRi?7)MAo z{{HB?P;JFY+8uh@D|Aw~p-9y$O8tPic{|PzR^DZbDr;^sOS?c`Kfy%lJl>DmRyMfe zRv%&um-z66_l(n+%-W*mdSW|}ow zw)zc&Xd*t4Fdv8a*{q24ZYq!kOMDh*tDfu?(~_-jl#2%|jUtS`*m067<9_R6B}-32*>e4hboOP(-aSQ!+2_&`G7c5s`mmq7NPwZlzihhuXy+rhI+%9X;kZo8po2aIc?KV`Ls` zxA>L{mFtp{kNV^NAUE)FU*qAv(!ajeyMC2d{FC{_+aX7(oBOFGDwUk!|6GhwuFu${ z)xCqD?Bt^*}q1b z)x#ZKWBoODpz3n<(qoOlT@ts~kavc1?j{t@>xynkWa%}v^?Y7p3v1|={ji|)X!=sK zx-Fd*uazxG6+c?=Slc`w3a&vG@E9g4td}W`KTrsGauHvmRe%FHYPlu%@QSmzvvW|M zvJ-@A93}idOhX>8b*LzeRMtl@Nj}|Wcs1CN-@BZ#0%-W4^kjEwFmU})p2+e9@@p#AvUNg?VgLfv zB;z$%46u~R=b$3UF^`TtEE%FMTiPNGMIp_^I*Q)%2NLo4RuDB|*#l!SVbq_gc+a?y znPHnG5XBr1>u6EsN}X<(JfN5v;A(AV05J)3fF`%Y`bDqmJZzQcp_s&BR{~_O^5Cds zCspTWv!m*?u=d=Xs^lvF+Q-Hj)Ynt<_0*VCQ}X#=@u(_$wHHoGF*QPW}5}s5PcfU8~7c>t2 zit_IFru>vX!)W7=U|LyqY*Yp1+KF^-`0|=i!i&GYmGn%m^q)|%R;*GyxNw$=5u?ZFk+DBxK^`#(|4gVaQ$uO;1PxC=X;S5` z;FBOYtboW0C(~;@BMOU`lHYn~r|l_E<}?$d5Hg7ejrkEx7`dlOD3$*Z+q$4>3ZbnT z$K2={n=b$e&ucszSK&7q?52i9iUOk?ghd%c215PEs3=EMHN^g?5I2UI2520R3-L!3 zP7(^jP8kb|G%0Hb69B1gFYf&&bU2*KoCPc)4-~BzlRS(9LP^YH$gmmYekOwyU}u20 z3`;XXiwCVp&jqlA@VF9|35*xIOE3u_`cQnEFtorcLaGptK$N6O7EY-z9q z59g2cd$xhLh#W)~32O&z8pbSW`?QTk8;xf~f^eY;RK@Blo5f^V2el#bZctrffkPN% z1NcejvM0@ao*sHXc*h;@@P{9~!xzuJI9zxk$AS=lN1i`FhJWEsfE4Jr3C|bg%n&fP z6QL`_LzI0BStA66YNXhzo%;Obl^t7VWj=?p!Nh84lX)_3few7e789i34{N9CxO4d8 zXcMAd^~PBqguFq>gyNsuP&A<_)bZZS|5v|arMXvi+wjX48?NO0Q-zdJq*M~a;R&#ehx>ChRjLcs8%GC7mcD0mmG@cSwWi$8c5)4xc%vc_?plQL zhDs#69v-}5aj2Mh+WpzAxOK zr94^Wd83?6iX3)2okl6|5_t*oX?X$8==)2SB_T@%&E?<4k4y1lOYUhTS|@@_Tw!V< zb1yncg&LLFkWfM0XskHzhRrt`TF2gyNp*-2%LMyY8EC{&ug=)g(CJ!ar*^^;(rh*w zDg{RYj`(|+rDj8CvLH=p0KSoVAxKjQ3*wt{mIbSLDF=b|8<=y@Ce$U( zS=b=9Q<7c&uu%T6bMzd_yYWbM-M#2^=EWXgyj<1cQMtz9ksz^Q#|1Pj%c||i$fr-;gM$wrNU@Y)bL7*f47qr%&Bg<#;luX%!U@&=RL2}q# zkl{$>w^B>&X=5lM6Yr8m zjHb*x*WZ5nw0-ZS&B^a6kHzNs>6;H8j?;^*$x<8a@16hl!o{a=_65QIjKlWm9vu9| zko|}qU~mDqSbjNgql=Sw=e@H*Vb&HrNH?3db_DO(pEj62Gj**5oBFBPEcx`Q>C9{M zgBNCO4l}5+<3&TCntC#uzl3R+sX0A7`p)Zk9q+LFedqg*a!v&$6*aa6A)TlJi-~AY zdGbJ$fc!=f;PM=!tH z|Gv!UGpMq^>i@T%v=1K+z9skJyh~D+ff_$sF4#|Vu{r%2>ymE|;2t^nwlR3WP^eON zB6VpTkmcG0b;zrEdfSu*+k=Nje&FcpN)jb6?pczA0V5wtmgKQdULM1r;e4D=r{R0j zY@5ae&lP_owSCl}Q{9KSjF;peIgP?;$O3?11RS8ouMAs<@|oyE(3+A7^QpKCQa*R! zg)t&7WKn=neDJ(u0mLlK!j$aE%wrNT9@6YBn7{8ehEpPMGHgWO$uK$iU6|=ygkZ{` zsgSbrD3a7}IMGJ-Q1cT`_1vl-_57+bwFNd>03m6pfBXdo)BS1lHMZ!~^Mb9oSH7mz z`F3jp7fBdrQ_}oDY5V_(hlSG`_PfoltNYv8jn*=Yqa+;x#1h*X>#!6!5N^EO@W0L4 z!P#?Q~5-J5rSfsZS%RsF1buxR;*uSk#slHMyl?o{>GT zPZt!FiXltA-e@RiA@$zUlr$BI9$&CHorTlP3;DtQVRK&ybI|rRX#HMvI-NsX(DSW! zL7|uM1!{A9r>EP^*n$Vub0waC=PY~R$(Oj?iTwi5Fv*18K;-1 z=4)nngTWMSqLr*qzI2LZMHgk8s;qk##=$Vve$Sh(Ec|{+tWY`iP!*W4*`Qe7Lv5Wj7B^U$cWy7*3vkKHr*QHa&5l& z?)ba*@aVYkn|AGNqD2^grU}jx{5=m|KJSv|F=>-Co@Qi`uqjIt7U-rH{>$f)AgV*! ze2r0QpV++92ZZt0nTEq7&a0HJ(nrHqyeRjG3Q7Qd)V>RHK z`~Udm^P}SZe{^{C_5S}7pC`Y{zTW>kOq$?s2j4c{uvjp8rriF>_2p^f-Mj0Q-m>ny zca0ApNErK39@HuzWX0>t(%Bfb~g9L(``e2hTR<4pFpPsDKJvf{Rv+? z^4o;-Onf&DlQh$X%pF&z~PR$=dGPlFX((m&HCdYy(KQ znpsIZzFD1rSbx@TUf5a?$5y+CvE+#^s5dRy3qn6@S_{*(+z*BCC`!LkT4g7GUQ7gc69kB9v0!l*oJtY&K&Ae@o zk3Bx6mo1#3)h7sk6%&GIdEEiBN`Cs(C`5SOg>leT&e;teuCBcqKYSpbIV?Eru2?k> z{w5zu7zcv!J{Kj@1@pVwx$(n?a7uWx^0=0NGlp=n7W!WwKByh7PNen}k#28N@KxFu zSYz`x$hgm=F1hND)OU^}v~sr^!M7him;+$Gw+>S{CH0(weEJm2zi|Sk<=-Y)?WX#< ztT|wx_x|5O{>viet=~pd@H!E2jr@0b{N0P9{P*I!ukzm)`8=8A0TA*kBUeH8kg8KV z(#4ibJlp%4Y$Knzovz}oKJ{6$g1agN{32^@Tk2gX(-zww;+?eCeUB%)1J#hcK^F=C zoe2pOS(UWHVWd&#yYIe3SAXLgt0f-Qo@7C784plY%Y67yED6u|jLj{rKpWraS(JKy zl37o3j85>W{@S_j@t>#!|BGN$?_18CHxLRTrd_1FyKE8bVK z7dt7`lac$qVy{TD-RQ=qZO=6K(r{}j4fK4U=dsk=Z?|$f-)I}tOxmyN3ez@zKBxbH z)5i)ccf}NzE!)+zMzzA-X$TIH{K>N|1ZKWGID+V+WfiDeYY0rrXp*VOw~JV2R#V|B z%I8C0wn~mM9Nb*WVrY(?9778|2>&A=$v<+QG5Z!*bD_E~S2baIs=ht{rNv*jZCCiP zSj%wOu{&Y${p*C!ZD|9U*BM=0vZ-y{*oiT*_}<-BN)D=TTuo9T_^o1!t(YmRp8nQz zLY&A)lJVc@Jd)l*#Tk+3hsJ@Cyene!@Oi$ffH;lLkWm&s6AYqYi2|sW5k|nKkX_(F zQ-AP#F!3Kd{aOwQCce84u*32Rb`D(?MBCEwfh_HxZJM5u(JutD4n#}TFg?sztaJ7? z?5QlB*C(12ov=Z^m>}nZy<)ye!ccaYDP?N-DoX!5e0GxmS$w}uCZN^w|6!-|vMB!_ z9e<7g`!b&=H)Vab|LrhopWzjz-(P(t@I3YvW(hlwc)wsP?o+E_-cM&2Cxg>>C&SA@ z|LWrMH;B;}-}lF(cZ2iZtJA@Wb30Xr{d*XET@*XVgUeqAm+uDWzr4HpZ8UJ&5iHFK zZ7)_91pNATcr`d3j;}T#L8logQE}C~8us7y#^b@&yR+W^>%DO)!N7gbirO!>a4{O3 z4^Q3=$K&h4WtTJ`V-}XTyKNml;9=k&usB%oFwPFdw|2L^>#MgHm&5<+T@5eJ-(6px zehCT=Xr2Ma9dl^8y7=4R%h8bWI~F_r_j{+OuX_EzJsk-;_S1R<0Xbp<4#bN#3}iZ_ z1D{6Gg!*?5NyGE2%Zu@7(Ep;#6UJG>(*^UhiuJi1yuKWa-+nG)#LOHSas+V~y*!%% z^(C+! zhhfSLE}lx?QfB*D`EoGs{W7SmiaB0tD_)$Q{{QT~`+nm#k}&!|p8~^pH+HWjS@NY5 z?R3t%Z6(phZTm=aviauA$`A=z98&~CPQ=!y3A9PQ+R9e`zEW}N*;r_){@1!&Ab-wHN2fd$JH_wmXb!@xh zLVRZB4P@GLickwToleH5H;?a4H(CS*<8XqbR5SrWE)>pXT7W8 z$??heY@CMu?*Hiwd%c2ER0!#l!{xX$JUt#9zdi1EhJ{g*!LsU>A<-)qC`nb+iOEv2 zFp8?8W!UtJ1qD!5Of}`t)?)8saB*@$hkI~x*}ZfNB~Gq-z0Uby*gyHc^X}N*h!Fs+ zvVRw6d}=5QvBSzm4a-5h`f)h;zSlWERiNxp@c=H_V$p7oG`8sd^JKR6m0H;7$zu5m?;#s>XYh(X=!k~Q?_CLDn*I)n? zU`i~29-dBdBySear(qlXUSo3V{Nl7jH}1o;&W{~)TOcEZvO{yJ$iMAf{M7IC7F7{3 zL_wwUm6wgWj-nJM+KrFBoL7FH#Q&Kk4o4{rYccj~GV&!#>_TDD{qN?%QI7u~y>4yp zf4|7HZcerl08bgUHSzykkPR&&tvC_k_h)r6p_OUewMHm~Qf_>&7WpOikJS=?t`wQX za1BC)L$N#TF+2zC5{Gib(YuV^rzm3nVvV~d?=daHdwr@L)|{t0r6>rppGM?g-33US zAFYh2q(=uXtCW=yl@O(8k%ofb$&of6M|UYQeHFcUW?YG}MIbK0psYgfj@ZZMa+{~@ zd6N9cf$uHr{JmKIAMUsE`@jADy^a6Ji#%(VWE=7Sq(S>EyzuF&|1d820`iCSzn3iQ z`40GbWIvqu{ioqazPSVNlsf?B-uH|Wmvg=s33Y7l^Pi3Xz3zL@2jJwa+c_T$yQiA# zG2>#Ut3FUkkbXe(ft~Lm)Jj5Y~?LuE6?4t#{Q_5GsqTpuLWcD zR#l{?z#C>(D+ zCzyo}%+7BU+aZ|FVDsVCYzUcY;BUbNb|&H7$_&n*Bj?nP7@`>O6qSRsCY(H{(L=Dx)jK5Q05 zI1y_^h}Y5`gZbz9k?EUK4>lC&mb!xn(vqInF1L1DMJp?4$*`o`Js!d_XQAwc!t%N^k~AiGiW)g5vqqtw1Q_C*8bN6qL^q{SDW8t8kN&9xSj5^Os^Dk2wX3B} z$m6G{PLPjc5In8H{@z|QSHhNLfj(hyhayDCWr9b@Y>+neogOA!K;lDi`xR->%3(mO z=gTlOY?u-hm-zSEnmr7zOgR(_o75 zEUl<+mdMv1bC0~iBtc|?L*E7=U&e$%8A9;nNl~>obCUIN#tdwgbCNH!u6cc?b7C&e zXa(alV(8~fTiL9&#)r{z^C<_icV$6L^$Zk`kIN{+r8?^hji({|e@&?6OtS0Es3Dru zGHR5V_lufzwY*Y_!n5NhXIF_o_W9?(`m_4^zuYdcL=f3=gE+c?{OH1P4Okfep_R-3 zxW9LFxXJ(UBG1~7vNz}dPZ+ch8ULYgoGGr5h<|w{BbR!|p21)EJSn3ptWgo!Lm`3$ zF;fbOp~nE|XX~UC30xPe}un zk76PCP!QeJZ@(h^s-F;l=ll~lo!gz?bcA$|Hn7kcIL3az((x=efcechZ+I||k%-wK z@}#oAJMzzfzoaFQ`l|*~%-b|lp~fl)snrWY?e&VbJ6ZRTvahOA>fP0;nOgO5|6_Br z&9myWR{77fTNV_6Mf<CzxVeJkD43){}RvoS=omF zuRds>7-KJ7-CWaFun2Yy%-*;)^RLA7jg4UqjFn@LWkV>uH}vh}12a{wlmC~6g3^u z*k5cdEEc&sz5Li*ZSySqtW*A{h*)DnERz4Ny~F(Z-~PcS{=-Dj4e0z~UMlQ2M0 z+P!qt-IdSJ;r0`IR+s-&kLLf@bbY--A6O*+k6st@zwPa}HuC=^p0$gzjr@PYpnXXB ze~JC)%6`kf{MlN74Q5_|81W9Nq{oYu*tF~RuOZ3D)I#3fs2JrM<4yyXuVOi*+# zmv+THM|UW3olh_bARiJlB#OE*41ISB-t{3 z<@ktrNf7fiuv80vJ0mO>3^<;pc*<34nPnEpfK|=}OCv+OL8+-e3Vv%qRij3ClVhAr zHUB*)@Ms%SN+$5WeiNjV*=R;kLd8Cc(z=JIjqclbl1`_Pq$p{G_y#xp5gbluVH$WL zp80ihck}-c7zJtY8+yYM$lap(Jx+Ymc4`{(P7QRU6x}59*9o3ZQQ`$KbZP)j{i6d~ zOB8$vCKW1vzODhA7c%w(4Kkn_oH_ zN8PLMy@+9B_4Us;9IG&Zh4%kuKL11O==H|``$e8F`YaF{k6%Xs^b$-6)pBDTQC-jB zx+hf)z7Ropz{#K?bk)*I#or#|%=}28Cr(V@0yCLCzQ8G70YJR)7a|WM}%a8c@7}e{9=u z1#~^4)brbdGqYHKDaK(p3R1N#;^o8_c40RAq$t^zyv|VoCuCenXC)yrB*DS&d#+i8t+N`!)c=U>Zo1yBE*cCDkcEHAhpX zmmW4-?*cYzzs?Xb%C_=lTZc#Q0@|z(QwUW8&LcPt zyvqdN1(an6(T(~{Qk=jWbP_^B1Xch%i(kQEOd^_&ckb0#R9GOI7h2M=0bO0<8e=Q-hfSp6R!ljs%XI{*Dczh`dXvvE^lq3O5-jF7<$OA|F z;-IBJ8;^tcz^!G#P~@|}ImRb!V+WvWV>}DPIrw!3!(bdBAHX0U(PoOb5hAVg$NQZ$ucVHo23 zOIfKyJQzZ59T&BWL*Z$?ryFNK!7)E=J3c!r??aMUqHS8%enk*Zdo0di3~qzS@6w@9 zd3wktVAV>~Rg{Gfl@USd-wBLv(5lVoQ@rrc+GY!|^7AbHpLi1KjAYWabUk!`oFyy4LpC6yQzx~eyEk0^1qK~qJ@RGn~P z9OpX0baky`xDUba%QxmdkLJtlg8h%-i4`M@YX=E=`}@txj`2Z0*11o`?GNa=ldUnzsZL zBazuyg86E%046Jw17h3^FOw1n8!7QQKhNa<{Az$O|4w221peP@9_<(MKeb+O?ti?< zvqDHQivUn3!_ve-Ikx1$+1H$*r6hh=u2j~#g03~l32*giV7#7=`ZJ`LfTaPGGC_!# z)o{}UO4d&f=m{OwGXz!-c^6lIUSxH55Mi6bsl-e-o?dWc-8Op^x89mk~ay)X?yE|6}UX^ z_kX(Ror+2n=*i%0*f~GFyy%_}`fuEa2Y%qX73_j7HY2kr4Z_^KK0ao5l8ft0N&q%FCVs=Z?>9`|JnQ! z{0>A#(AaIOczQ(0H123ebxVO zXOYKmR%b5rN; z$jM_sU|0|FjSId3ibi+9@4tip%dq+z*#5^qK+P|i{|1R*?1Eo@0ssE*fEFBA5DNI^ zm!1EllN)I#d%>91i@=tgCh*HIg;LqNSV|s%D!!lb1;$A$W;R3V_uu739r=s{?ME^N zwPXx(J%5$0jF6xw^x2^5ruHcZZ!rP}zS^J3bY()xtvMLFCkTe=1k`F7!mPn^lC=;~q0d{}+xd6kKR|P5$4)IwIyq*yw+aAiVG5cy zDmIo)j&8ZrU#`uJdc;La1bT0ePeceA`f8Yrpr_G=oQjP9zIg-O60K~{En=DJB5%N{sj-P1Q)e^c+cq(9UIWtlRzK&9M!jxOnbL@np= zKeIu8mjQG0%8#0e6M5~GDu>9gXEOtRA5i8_>h*forIU;EL9hGvYH-o(4}a+V{HEcL zU<1Z6NoRh58=mHMq$(X>UiLcui>uyA$E>7o(5j+mo#TGz2gTyd#>pyqB87^SrsCDVWfkhRhacXecO zVF2Yk6n>7Aehl=~xa9F;jO?Q#X(dj}Fy^J$N5XL7NPav#?JJ=S&%D(BK>VEJ$xt@r z$xE=nMF_kEr&@%=OR%pZ4w-y?0jam3`KL*z+aL_(*7CA@>XvLMjExiB41vFKi_L?v zoqu$Jx$)7o?F7Lzh;DdT7e7dVrd&^N>5E!y0Vqo3EUIcZq;1!@%{SZbWo`F(FjwaN zuC*GB?e>7ut()92_yO|&26{+bA_#s9qMN_Dy2YbtDN$b+_qDvY#s1PB2V=YW(%O%6 zbT9W>>V>ZX)wDRJ2|BNci26W8cFeoI9mh@j}||# z!@ie0v-=3P^<`-Ko7GP-THpM8lf^O<0k>*#f=8%~*q%pg!FZh`SGj;S1F%7enu~+9 z@)gX-nz7Op{~r%`#ue!Dw4EJd7BHFh_qb}N1?dC zW?McsuEdb!xlKIPAq0sE474r+P}z^KvdoZraxG9`1Bzy~Vs#mo!kX<$egr#~=H$?^ zhM$^SD-XE5dM^A&DFluX-FJyx-)+O4hkm&1o)%wrFHg*u&(7IJpwuJ5qNG@h!m-t@ zoiy@XskkZnJu$Z7rNuHoDW20yBSjvbzHW;<4}J%~&Tz^?0h_Stxo9f@URM zZX_yVylLan+|yy3sli0zuR?~fvf3!R%Rf2 z);y@;Hl<~G{~9Ru8gYVnY$abWCn2!(2PsZ8S1S_)VM#U`X-Kj|rIM8>EX@2VU4Z#r z-RHOXv?R*B`wGaVc~zA^x$CSYRm3(~ucB>}7n1@drZT-z!@WQsKGSIn;6!$eTQuk7 zQB56+<7jm992(2&ag<12@Ve*SLHGDf>o7Z1c;W75r<3;XE`w9nSsj`P1bdU_wt7vS)mca6ZQVZ^oDGjJyOt5#FBvaJEESx})uc${7R{N!p?}0MNa)MDm!ws&%lXw}(6?w_ z1v+<_SJ6U_B|^nxOTZsr4K9Yvv+HEgy*MBCI)lzR{j1nUb8oU7jCU8OHWYatq`)h| zq;r1!_N+7fv1O^swwrD~^s~%@RJvx*F1{O{b$;xe*%n6;jHU%vP@i#fx>!2%)L=iL zxkW;kg_JIwTjX-Cnfe%zVK@_v(@RLmJx=^0+R~ft(?S_R|B4ujt%mNWIm!t7rK6m= zO@2~1Gk03+IGficK0TxhBMp-qWAlcpH|Uq#2P6-Xn8 z@iS;62kB|VkpuE%>d3))26^NltwLV`f4X~g`~dP5b1#O1v3zOLY(yi)j436U6{0inx+!CS>dAj-$=kLU+Kw} zjXsp49{k2nC5qi&(du5Hs7=nF=ReQ!|B{D2jffwf*LaNWnvf65A8e8TFa2itf9*Gq zjyC>ZFY>TdcI(bXv!*0KUu}{AtvK*1v*2@G`kv#|9hq!kjn3UWSuji9#_Aqq1>_2@ zWP+Im(M|pKE5h>-3coVpB*YKQOFYXo#B`@Ju+Xb4rhB)=j%D^Z{j5H1crcHp%G8Z+ z5=035yTksptp5+e|5HQ^XW#|=zqNnZ%=7=&-X{O^i#!|tzv2HMi2qYI@ZoOuD3Ak0 z(kFp4@LPjO;qX2;dBTS839`fi0I@%KffVybG`FsrmQdj8R66+Z8%>A%g(5uXKvra> zt4!6PTKliR{@9H66Ma5_{4d-CS|tAu_ww?8uhrVf{}*{S@_!@$*DU`fTlkQ&|2g8C zGb>*G^OM)l+5b5J1d%4RO<}G3P}f*Y?(9CF)weMCh-EzTDrZm9`mso z_%oli$p0)5L=EyAP=*e$$o_kHaFmz-ua6Ek^8Y2Cjr{)$%Kztu^r(uNAuc%P4|K%_ zOPLv7)}R^SK1jcn<$h z5lIQZGm{FuY`whmG@-N(H(OWw+03% z1O+Gr1XyD*fOQ1|5Tj#WJC?H4RVt(7ls>7cb3p#^{%1wAdEn|3dBRfpmuIZn2#<_jHem%10e-h25+ zy6>g3c~s(QaSJYY3NE-2+TCTJ;w)=%m92D?wY$ldImza+T+u=H$#HI8a`&*h{-2;< zXFCh)tgQJ8ioNRZ9pr3?9OeTh0p5ipKlauN=IMJ0;<=4bH8=8mtX&z z_`fgoaN$K){%~mCv0!_zHgLaVCHUI*5x-%?mpzw%0LE-{Jqi)aY!`-f8xZ4&3J96R znNbymp-V~LPQKl&<&$F}a;5rbHm^Q2mPN~GVGPCHhjQSj=Y2ca)AK&vwjc$yXpgi* z7MrPpfiu@I(_`?M4GSv^;#nAienn3Q6OIk72BR#U2CoCs2~6eIj(|CyCEyf$wugU4m|#_%hPJR>aqtD>V8|My3B6|cqip{OWiCfjzZSa?=eZixfn!Sw^#wz zFX;OTA_U9`@+lFa_c10sKe$8$NCxDp^SPz4xWszI3JU^kE4X~axlPehI2_YDIa`F9~S1T{nqg0zYlwBURJ zdOe_)Ikzc0#udVHRwWAAkX8_l@uwxjU>ZnS?8US85^VV7@`_h0N*(tDs{Iwvl@d!YZSh?JiUnPba?*Z0tjMf zLcBNu=_DXR4`7FEDW>Xy1&ql%C_~6=nO6p)h$18>jWTCJ@K!7((5)`H390WHJPLRL!xTv$F{1x#9L(=Ev z0jpqW-#K;DC^wkLtXy^W&{`2&)5h2$$cNKev>tf*r!^`Xa~-D; z+pBW1oQcxqYsD;4zEl=1_s?am7~{8DDu3yvBBEket&$MmfRGlltqt{&?Y;{ZB_M7! z=$kBEJGE@MjqP@}0cK7VvXgTAtG&!h2GJPj3uf=Ka`!Na^5wF3Sviy>ILQ~(US=g@ z7-fM^RY272Wma+wQ)zM5NEe7Orq1h*7qo++g7mMKly&gxkdAPoKSgF11ESoMTr-{(5Zp5 zU>c;zcWPjk24RrSofVfcQGM@AM;$Tq1Lnz|+YK92z`TK@+}uXF4Fb?ac`|M4OZ_w`iXyuoPd;b{ZMC}OT+QCjoxbc&-IUB`qf zn(&4$$7a1%gH!+LAa_`y+x5jKZXIs}mu}TZP^3^Ry2!eM=4#vkUb{h&>p1_!qss&Z z5lLYf{)B>?N!kXrruqI9g(yW52X}(;E%)(7KHVBU-fnv)dj+<+PT@tMP*B^}m0#f0)1j(L6ldtp68z9v*6-@yd~N3noIo)BQ^S z%QQZPas6)=T9V&{P0VcO)Lv8UNt(bQ;(jrdZc+?z6wc{{ zOQ)q|76BZA7$#}p%|ggYjyNMokWaseejpztvk;Lw=(87dfFlHO0!BEUP%6<|?}^>} z>5T5^#f2hDO)&Buz2Ien#wf9sOfeuR<)|Brpzb(qXGXa551GZxjb+M>R4`(AQIQp- zh%F@G!AMaprR^{2*Dv+s3g)R5B#x%?)xjyIcn}QkgD?d64kbw-AP5J7Y+>?>+E@jV zGo%8Y(Lzlu0}i*3I1u!n?+CyMh4`MWcGig?8slUtPQM~BBWyS(yi*z0b;tSEQe_tq zgn+ySa622JBtj`-(Hwm2k%osO55+0_BQsYvAR)m`REx1+qr=^BoO7I_HXpECG%t>q zU~sbUQy9}l$gMOmWDAImoE)qagD*!Yg>@4tHW^Mp2`J45ufXU5lN|iHbIJ_c=@b9HdsFXIVDwR<_ZSztN zAOS%X&r*g{1Q^%EV=;~#DRwe}F?XUt?^CcX4PrYSd#bt)hmN2j!E%fVajvhg8KdCY z8_T&eV=2U&Q00_;=N2}-SIW4G^aG+t#4tF{If0oavG_D_M(O7N?(>mfXd4P6a{rOO7{TSoNlH((qjBvpm7 z?}C~1WU&NK*{viqstzY}8H_nc?)9A_ymJjp3RiDOOZ2RFMgtP%YbO=eepd|9+W6z6 zlV5ov;=uMz3bsQOneFX>y&Y{>8?V5(GbZ(d6iqdOG@1i#rolPoE$WCK-oYTG8UdqU z+1><_AJ9D4J$D%%V7~9XN8XH`iK&raf|yr@Eoh%pP;Q9C-6LgR?g`P8J5O%?6mI5DhJw+4?v{keu6I_|D^_eYl%}Ty$ zRD~Lc3Sn6(Da{xkTd4zeRn-6})Wg-miHa0hvf7ws3XBY*H9*N!ogA__TAlZCf(S7k zc$vh1cu*YLEs_4N)|Xo}*Y9R#+Q7quHkw)qUAdtnB+_(JICPLiw~f?;6qMGEu2ATI zuOf@fnanfj?Jq)Z8spU29ou%O0muUbua3gdt9!|z{$ zC`HK_dI&r`x>`LY-M>fSRBDcNV>p2X1cXr3neib(Tur0j?qCvdKR@~@hyVm3#xZki zz*8izF%r7_pm6KDP}JJ&rT~Tn(~WdQx!)*3@RsRb0%9Fpv0W+ze&De^Su*F`Ga%p| z&gsSwf_t3Y!UWGEe$9fjScj$hEB=ldV`5hPEzpKLkGs#>{xUU6|G#u#J8N+huCjPPry!m;hGOES{uQ ztfWz_s7+LA607SFt7s3;pm7z%axJ7>O1}k)rDVDsWmYroQX@mjVO)%T?JTZKiLs_1 z-7*q4j&A`BLwpbBc*gGB$kRLLeiC>SacNPVM`FhS6tJIO5KXT03b!H(Gym`+f_Ptq)a_}$3-86XTpfXAiV^xabBpkxET z>#&pVCmjyH)S(z(#QKR}X)nPP#ss9ebb##3$9e`9;RvnmxNF5}S+=^pJNeqB)4RsA zvYO?Pl0}kGp%OpB$(qI*Br_@-$=qR@jAd4RdY0lChxlgx1Fa%1E!2EGg+Wxe@Xg;S zMU`&~`ppG6RvO_xF6#T@M=7ak5zbPa7^$zNoI1>(2*NmCeEMf}#6(&~68W&_g1Y?q z1djy`^gh*7!OINEibFxID;kJ6S2roIR6G&9G(qMVM&UeA`_7I7&5epWxzXEnS6s~t z53p8+XP)*LJ*Yg%TCF!vM%ymJ){J#2TUv;AdCe6uEIm0ZS+^@s^M^i7SbUhUBFZbA zE369Ha>THu35w?d*8x58%uHNE%V(bX%NXOtPeV4-qWaL~kJMIP31yt)(_IK_p!oHW z_R=(5Zf@9+@CqbcAw^15vf3h@tX8T4Eix>#keK zTo$}+ZUQL@lv&D*9pnHdQ{xVJN!~CE@mtB?zE`o^g$u;L$Tpl`3nj$9n7%6&7rQYo zN`s9-Zex(!800nvIh#RFV-Fjn+{P&P;f!*+9Qs5Ja|Vi^vT;sBbb*0RFKMc%c^DQ$ zonFLltjmG7FchoNPAjv>aHqHM2^#N=o-A()TdG$d-iWsj>|e&1w-8giUi`7|T7Qbq z3itm7J6iSj{}TBh4x9P=|IOF?oBRJS@rbRW(A(Md?d7lj|NVV^UjOYIoiykcP`eh( z0Md01x)FfBAFvC(5ZnZJC~|}r3+4Ulxhev~KmQQQF^v2MPO_`V;`Lnsh3xj7IhCX; zW`Nvm_>7U*uISTk7rSq~Q{P;~U)x1|eV~O?y_>~@V4G9^*0|hFduGIc%4`g&qdeqg zO%W!!f->t8t-@9)hZ!xCr7&vNTlLp&J`$BHB2l?TTVlS$LP<0FE0rWOn6n^Yrc;mR z&cgmU1DsJmjOJnxh+GQ0*~BBD@$16Pd%8R+T~Mm29;3>QB8+1Zu!sAUF*D47MK6qS zRHK4Cc#n8CKpx8HJEZnpWHufL@7ut=K@r`aWC1^k$gTqZ@rwvYBz8>WSr}%aj{%s% z_h%@&NhfV^w6Au6EDtm-Hb`cXCkq_3L;-=c@v*h1;LCJ?PibTSsG^OgtnG;w%�h zb_Z`f3;TK!0RxHsMMyLcE0B0yg~QkEBhUVK62f3Q5G1r{JYq~pFbdHnn{Ya%Jd?nf z)I>z>nw(n}A-e=E6$L&0F~ebvZI_PNS4&Ns74v4Rf+1Ax;S_s-Yheyl8CU6*G9ItE z1(O0kMud5Yv%EncfS))_&Impt!|vEDPZf-(YS5NrL!Wb~27{Pv;)N?NERx6+B{w{F z3h^dV&!SRP&1n#&*kXT#w-C5KPTgJL*4-V)VdhtM$ikXp5#H)IDD9?b>N-w|u@fc< zWHf^#q;oqy7vI1imgkal)DRBGV z1O!udDPEX}+u$maQKtCHrR2s|sNCO>Ec1uhxda6KJqp5a+?|})y%FM~Ljf>jY~+Ik zP4ON7Qz%m4eu4=SX)EZCfv4W5djoc}L)|vb-Ig%>S*Pf_Jbhoz3RGT!&oywB_UGpA zd9a%n?4Ct#R9#B8GI1WKqn+G6L~+_JvLvyqA|(jaRr_^0Cb=sg!B_&Si*c$IE=L;I zLPV=BFYT5VU!rd?j_H)QCI;Djgg zhU_R@)E~{WU~-WUBE-`lj+iaVqdTK;&eWUxBuG;f3AK05HQJZpWTF%0e9SyB(JGWv zyBwHGQ~MH3R*vcN$Z1t77NeT0B`xe$H>*-gld6k_{I`S1NAE#h26f`<3)|@#pPSj| z5*Mgay4<2PMfLqRN?GCXnFr4A;GZ~%sFuu9u_q`Fp@)E*>qOlJu3{b9(Fos^8uu{W z?7}94v7_#!ag&iFOll5w1z-%43T))t{bWWAY)D~fE1U4QcwU=8ocNIp!ozSg< z@I}GnoHA2n*AFG3T=c&`wxRql`mAvNqb7d6@t<4G!`FrLpTlNrbN=%ZkFYh!xqV9f zXM-@-6aZS`BYgb0TcUE0Dg=2}C~Sf}|8>un)Fdx`y0lwxmkggJa&P5%m&sKZ{E7VeaqkMEQc9q2Z{^GDWTJ# z@yEuih1{}$`(mqgisMS7wd(ZBrs|w6TCI7upGJ$1c7jh;~fBg2fxm6iXI=iD~-A(Qs-&g*a(O+bf+#Ee^#!?8BM*<^YQ3~ z1rI8g%|p#hscO_ILXucG0QIR*(GvSejD>~yKXrHvk+Eo)sszeXLsu?u7LVpLhrQVJ zQzydsWjgJ$#j*ohX29hw%9zi%zMh$B^cDa*zFCjj?aeK_mhiWXBYH3{fn#KNk=aZQ0mop z^p@!&xQ!7EmFrCO*>7Tu$+ee@0`e2!N zWd|If;i+ff;EL~06BIGJ;QLNFg@RxN`0IrHhNP9)vdC7+Cj&IA-hMmL{D~Umm{i8 zSzBOBZ-gAROhnLeJWJzQT3`KU*+;pk#bF8Jl8Y{4s+UfGCdrOC$=ZuaeAU9y7F20r zO2drGG6E)wg6(9x+zm6XeM`P5-mz3l+xo=rJohGA=Gl{=@o^l>%*t_y=X8R_$Lz&E zFCkHDtGiWfCPeX`jI0MP`Fqza);(5p677xHf^B zD_fL~fC)ddR9>+!H^$uhDK~fmv^FHJ_M_#3onnct2IZQK6w^U5ikn|{^6QE1 z&Ohj2xa^cM3PSq-w&kpwO0D~Adz;VRWLx(H&HSD~cB8l>$QMQLh45F0vToTLa@8ko z6=W|ttz^G*1mf;gZbT%;#%X%v75E-9>f)9{N`JZrgJ&rTd?Y;tS%v{4p1$KEVvDi`(-2~D5dJx?t zh>(K0f_(+ztJP)!>^6&m=K0TIO2Nf)n#vQ23?dMoGI$KGMSG^jiSIe(Nr!R*xi&hG ztHSV5=&RGnM4U*`J;sb6=5kI@D!FWSLr`GOt~zs^(+SHCTE1~S7a>dj$}v5js&ccb zlKQromF#wdbqX5^x=(@>)l$j@(l%%;C?6;I{k%59{=7zl-zXYN&0bJtHXid00dVnn zT&}*djJKSkDm2+AC~oFbv}tcfiQI9@>PlO#y_eD4`Uuqi+zYcL4URt z{J;1~%j(zv7v=wd{rX@(@Bg)TaJcdRdWlEq9qdHtDZXEdDAwfo#o^`MyZGCseY-ZU zU7wq47oXsd;n$@IxXeuunQ0{LLU0_ z52|BJ^BApoA?|}-?^+#xb{*rja`$J&vxD*L>Lm0=L+pcA^~pX+d6d?hIQ}vl!yv~= zX#M6+S@&8ycC`0*%J4qeDUOKYu=M92V0o_(9s#UMeaux`&-Kr@kf7{Z67eRk^d%Cv zX~Zw>T8ZmwS77o!HP(AktPwpTZmb-5JPbobJY?pY(x;{nuuRr2e8_IK@GqJNh^2AM zHa)j~WpE110+ydRXP&X`;I(q+pw+LXcj7toYYb8jBTZ(JCw(~?3y3N6&lrK&V#@2! zLF8N)F{;0!OP3u*YcL?)9}D>YE`Y!#c#7^PFr`|$kEbp;V7woCDN01R4!TU}ri#U5 zVaJFuzmv_(g>nrs3eqYQxlJb%*g8A{j00<}JN#};=i^CgPU!t*5Z9oTFovJCveIgK+@BPAgWb2o4W4 zrc){&vwF{AIjltERmKmbfhR#4v2(etIoWbGhdbIZWk#g>=PC@ZP;|`|w(G@Aj`dLe z(ng5CP}Jyx*5N*I?X)L87AcK=*m(kjRPBl#dMdAlR;?Jboisxu1G0*@%R@j9V>#r zgAm`N1pLk!u}K8M?ZymS`HOK@$+{~0pV4{m}qCoh@H)!O7G5c2ZRKUR^Ls%w=}Q zaj%X1`b0i(Eeqj8D+5Jl@O-hofOR}ibXPDLyZBxmvQ2W92G02C;(UQH&P5Wm$YZSp zXKk5W{__uc`#=a-J#>dIm8qOwD3<^H!&!YJs|)5_Up}M#>|5l)89~NabEld+1b!?= zS`>C&7S#l%j;(~6LKZrZhd2b6KXO|wWH|!h4FX;W2?1p0O#md$cRVQKw|zD#+yN*- zWEN63`R5-3By;oxL|kJL0ND@=Gc3EQFhNe9bpDgRP0$!8XqW%_=O0rzr+nFi1d%Mx z8XL7-Z6`v=CnC;ErsNpbPT^+r=N~vR4buAgf=WuVj7pRzs#2{eUvN3aC|_%_Zj`U_ zmsF36JFEnaDQ2!XOc8R~9E+08RG!D#^dSLNDOhU&zoYyMDzvOZ<&C1Xq@qd zRicsx>aVW3>4do+^PX^Br699EgbMZNA0JSMvMNJV%g}V%1^SR9^dV5G4}lfbA&1T2 zVtoiKr4Bg^I#Y-K{DbR5%zBh!;8R&Wr9wtbE4+h2$XqJMV(cUxEv*8T5mBisR93+j z8++NhW&rOeXgH%;5c=y^Y}BeW-pa`$LUYKMc#hH&-+8Kl4^w#gG10bTwPS7moj(0j_`YPQ`8bo=$WQ@`c;!Y@iIYp1aK^*dv$k4Xy~}PW zNZy8@JBxx}XUGKydQajch|)1||BWs?3)9U6S{|D+1+<`lmZs9M*a1t+{`rR!EjX_; z41>B3vis*BPd}9V^N;H#x>A32%}&79s>KR-)U_YgEvu51_qJ3iE3cAQt(L8~oQ12r zzTMVUUushAs^oK&LVilRHnq^Zt5W(5m9IjfTdaDOFX4jnwT!M+0q)b#wmt{#sA^8u zYNYxIO4VW&Xjw*+Qv;ULO)6A7Cc&3R#T50b?dMtBR%Mk>x4W&vRCny^(KFkrP&l7q zjZ^&L$>um4S|x6|c3mo<3}0M75!M%Yi*zXI?QdFwqm*6m9BqGhqVn@U`6aogj#w2e55xLKb=(a{3y}Huu`+`hn zQI5C#xv=?_?%Kt4=f0H4gj^|$gs`+q)Ye{ZprZ|yB{O4e+CvWHz& z?9GPO8uk(z-kBC^#6GoO4zh9Yd^A{=(yi3n`&njUi{`qLmAG}dpI6)$sj17u-?zfA zQcRbJePD%Mc_6$z@Iw>0?!?Z4W-@#`lL9sNf38VOidJ&xAQd2i1yQO_1(Dp78OyK$ zLc0~AqaTbdWeo{k_^LbW7yR)hgO6NnQDCfr@oP5Mo;w0;y?{i0%U^E?iA)fie7~VFfFbc+qq{ZIVIP^BaF^bqG zBT8!?o=$O8W0JVttT*eenwDKVkr80C;m~`&JRkt#Ss2#z%E4&r;b~)87;?NWvEN7D zED6&2B@P2`4tm<0(*82y(VXBa~dQIW$g_R?YIao@R5 zG#FqoMJ$a?Ky<3gdna*Qa*cR6=A9HQD=wrGz%mKgDbM_2&_rId3K+1D&S zP4DgTiHdQ<4>wed66wcft|1=P#AgW@c^)Pfs!Z@lq`0HxF52RX;q4H;PfNve|_GG>8I{@}?RDr8B1Ju&;GOS3mKRAWpNvj}v?sh~*3kq5O{-8QJ)-Kt5Pz zNGB-kEuVS}*u9b81uV!8~{6 z2=OBjUpVqbJY{SU-8euLqI9g&2;`IfB~e8SNG6c3A6hkHZhJhH1EnCIF^f`7aUcLe zbbFJcaL&f0SqCC_$T5e@8KLBa0LFoeD0A0juWp0LZ|7>s7}+drTo$CykO(zSF0~sJ z83ovEw}Jcc0M3u!b^4dbCmrzk=z=eLBIjxDOE%-#0;5cTAJ@epo~yAC+>rH?u9=G7 zB_rt7;VhltB>0WWSp_B|Y+Uj=+p2egM{^7d6I8soGDWY#> z=4tuy4kaV@fl7RLSLOcR1ukEUqNLf|w?X7{O=Jz77Qmj+cO0S~8q2b>_Z5wclDPq2 z&*)qkwKZ|3WFn<^>+|qeW*J6!B4?L#^(vUb#pLKSwongs@{hWtOWK?31Yf?-a zf1O3Ec7lj&14WsU#vvD)On9(SH?O&Yf8r5$VG{2FjGSOfJHmuEBJ9BLI=3ab7CA~m zNm1J{U)LRnqB1z^=fpqlDLXkp;kZVE8>%mz90Ly}DJ2S+qPpXB`B9^)0!Ka&0d1WT z3h{lGvQLZOW{oK(1M-$SOxfmqy^+C`KTk)*9`zQ~Nvr{*6+N`08wfG?^jwlJc&$VqEfVb~t8Y_3r2X|9dvKC%=aE>3o6-rHkp>hvDG?plO`WRq~BABz;cz z>O5AC4`t`7epEzm^;{!svBMOASf!pgvSK=h;J&3Fz}7a7QA9|{JY7L;g5HDH-cGyZy$gP4 zXU<0l;CBGh1k`-+<^PSo+$qdWU!=gz>^eM}yWC}YI7twRG1E@Ps1$pZBBF8Z4a@pG zS(c)KHli8tYfMU}6QSw;m7j5C8S zO06ba#vE885CuRuUWqA{0Qg&8M~grkj2VOiPK9`uawN2f?qx;fd}&@h{JcpP=!qf1 z(?FhXx<6{mRg_2X(*$OTKKU6M-Daq8FQP#?oJA%D<8=%AuhT9FM7LIJX3Pm!Ikp_R+EU zVQ<>j3IJ4#JxA$1PHs(2gMPT|o)%wrFHiD12|s!`;TzCQ3@5Ybn4DwQdQOhBPgevb zZSd9J-d<+4Okt980%?PDbcd1(#fKA}jdk!k(nZBenCwul9?!xsulTbsm+C`7*D0m- za*z-CEK&THWC3&;Moa!Cerd8|0f4 z%BKSQ7g0E;{rffu5t)+|O^fB&DaEA()FB=WMV6@o#BypVqX*Vs7{gHz25F#cc=YiT z9Gh=y;P~t;qcLRzH~PhlSUFHrG-ZdQ&Aq*Mf$_zQXKnChz4fK8-cdeP0-;p~;V^?B z&Vyabz^chJJGcdpj}H%q$4tXrzG{PRcp3dIAl`^Cp!R}dDZEkkYoIR~xpbFUBbgYG zQ23&FM;Ee1na{5c0H(C$C8U~mBb~+#)nLQev*YO$M!pWPF$$u_2$G5RuI6b!em7>2 zDr+^wb?#8l2LEg^u#@fOw+cJIYF(>XJX5vU(i5qGghRgA;4e_$xP@9`#D9M)O{iHC z%R-ep6<3NL>vWfvC9$h(`xwl9#26l;aHNN&FKEZomCYDMUPp>j*-lMaMwE=qcfkas zX0tfgJL{B zvWuV6Lq~VqDf8P|fD9Fd86K58qKtIxdm_!co68Tsz)WkFZt0sE^sB87<%|?p52oPn zfA3s;3w~Eq4dXbRgW4F>oChtfyRE43RnE%tY0cfUkk0G0^A6uGU&Qd&88Vb)O@)!; zkXJSH0!|ShhoLRfaezW!Um;>IC^iqGfZ{~DvbLQiN9BbwU#+D`aR=0aN#&i3Z}p$c z&{G!0b%Qx+%>srX`l5gpr1X4nrGk zZBxvxV^qdsdF@*?FRx9fv7~lxO?~W3-`ca<{ePx5uN(lN`u_jkVRQd={{H{bUUPH* z|0SO6{y&@Br$zu!gz=;h0K$n{I1%f6GvgX*Ar1gzx;3B`*#ZW{*`fLEhcP! z!E19nZH>3n_$=oL!@XA5gNZyCV5haF}1JWkK+=BWN74LpgbXt&a;kKqx;}=I0KO5OxSIP9CnS2Kt&S zf9$N2--_oe1QwQR5IL-2P9bwR4WD$@OR?io2w-wEqdi~aL2pg)BYD~)Vt?klQgSpb zF1Cpt8j#j-2&`k!Y_DbyG%ZV-=_s=sm7BJfGi)tu)+)13e9@9?T8h>8bIp#EKQXq; z3njo!6PU5+bU&s&3LYnwNUyc^me%@_5!&5$zFpExNg&2WaTtxmULF}m)!xo+$ajR_ zR*HXy)38v(G$wp(^>*_tcvjf|iTJUrMt@tl|9ic^zn|a#?Y(Yo_J1$&2xXh`)2HnH z_&M=YH-0>9P;`@dX>xe^y&iwN^hS?r@SBa^=d#h$Q^Ro+p_>sC^Niwe^#BsPAPvG0 zCBmji%ab&LL6ow{*($geB~02S85t@d3K~`W4GJ#vCgXfhp+<{j@$;JXz51T(7}&Id z`^}qH{fK^$1lukP9c~F#ZiyLgW-j2_g^X+j#Nob~P>Y(y50Q4k6y8cl-w=|N=PW3u zN0O;Cvn=lpWS0i$P!%#K8Bxn+8l-Vq8l;jC2gc z-^W3!Y;amymw=h=R2-#U-jxWaoZSQjIO^lGINtLzFz`6G?|D)hM6BOMk1Qo}2@-h0 z0V3&BqoXr1!&&6P60FArw1%_-Y$&X|SglZ~2dX#Dlk-f5PIu->O@T`mBbiHXAw7w% zmB+C?d&muoJp+OiO|x{0%xRn9!+{;%C zBb?^yX(a@B)_s*?qH3imP>UA{YpZIJ@Bvt~O5_MEu}tU+VcA}Jx#o^oFgy=IZiz^^ z6+%KZ#|Mr7ShS{`jqPcfX9fF@*z~MB{{LQc|Da(1IcRR|KQHo#J-Fb$Z1=y4`A4IP zg?o0sU)49tPPT2g?$0Tp3MA?qBg}e@FiV?Xic_guV4gIUCB~OhvrDV~y29-8ux$R5 zfAwb(|F2I_I1O$hoS-MSv4H>Y9UdN;{J;6SwRg1P|1a@;0WM*hq9kH&FnpqUFa(yO zi0+4D=-oobb-oZm33ym%$|X@4f}0SJc!Yu=y4eK@3Sk=DArQlKqP>Ta?|cCwbi+Bw zHn%CrfC+!wse_9seK@t!3Hmv;D0*aU5#$2NyCX_SfgBL6UjMD5Rx9WK**w}iI@qlLmv{yfb~vX+JP892MFja^7Ws(Bc|DGy zH$k9P-;-bKj&Y&O`iNR*yhc@dsYA5td%NJjVKjru9JKcK4oWLc(ll;28u$12b;z2j z;pa{>f+%04>ubjDPwmRf zsF4r+fN`mks+w>)N3MY4vaS%Y9qjO`_#P#@R0JU}rAP!3|9h9^MSwFN>0LnKpV$Z_U>}oahxTab;kr0C&FhUU;2VMX}6S{_HHswF#nG3dY!v0F!9evhe z#Kz<<@MjcO0(ANi0ML7scmZL021=#@;a6E0oyq)S0V$GNpScUTEIvw}(qa~wL*!PP z@&p9@2$XHI0*~MSmlMqGboBFRmNIK7yUofoAP_uG?FXjiR021vU5u>!kt z{qrpj5BN`Mi?E|xtE6{u`6Q=BwxEz+4jhmyH()$QaU^oVNT&}zvF6nMKVFBl9N z9o;9iUc{7-StLdu&{d!hI?4u$j#Emq#lps)>{f~*#k=%2aHQb`rZ5P(I~+T?(?ph1 zg}8$_(OGyv$P7^t;xQR1N{EC)EK4NSR+O%#5BjdgMhq&@Mw^bC9}sUwh&+7{ri@<- zHS#CM@iNhb-pfHS`ZxM{HoNlt`JC zdyZ28fxcGjZgC0c^lQ~^xdIoeJo*4q{y5Dwnq^!}kcSv2AI*(+vPDSHuQL>-A#K*f zNsJQ}3{qQuoDsF^;5({T(PmFn_oZe9`aFr7$}(!(%xKF@=gJ6r6QB(cpe$rG=UN=o z3;uuhzIM57nR-beF10XKg&7eTEfdjG3SW^ziXK% z(RHk4jZ~%`IC&Lc!Jlw3@1aqiu<{76&s8 z$4ivXk@IXmPU0|GXh6*pzG%BAnaGjVDtJPIg|D~yV!oxtAS^G9Si{bNw%`HndI$8J zYohxva5|gfT_`ee)2qUjaEldFs1R+j4A<(N-i*H$ZOkj8r93ks(4*yKf?*I!BuSh8 ziy27qU@RRVL7AjNATwrVa6=Ey$c)OfEYa$wOp^ufvZh@$wJ_oF%$P>J#f=x(iNCv+ zZl)p>O7T1f?40CrI<*y(W5fG=#NSj~j3;!t4-~-JI8Ob#s&QWZz%0mQCq5LfaT}Tyip<&t{N)eOAmQT5U4MdI<_f5yJtZbc2r8=--dKr*O zO62%Al%7lYwVKC;UTPwy$ONb!_e&>VYeHA1imM15dY@q8id1daPv{P3VU}gi!&XB^ zQLGG!Mr1O|C}E0GG#ri*%QI3HatDo~`t%H}aAgFxh!+<4?Cz4=FG5nV*JWqIw+wY* z=ow!)%2uU9q0C|<+mz_h3MmhcM2n3gis!R7!jYC};^NY!4==0D$if>aS=%cUtT)7g z7FDA5!}cBR8U$9a+QOC2Rl%luzIuA7Z{#A3vsh@N<%_;nJJdf*3+2Ecs+z=~fsL9m z$KIG|xN)Mi)}tVR9E>`-2BBQe;#9*4YLChrUXwTr(z;Ld*haW;-A{Ss&>J}y1&`CV zk()gg9<+mWv9vgEU^}1#h&I$Aw%oBz(B0N#F%nvCYJ0*2fN0^+jn;-Hh?@CSNorYg zL+WYzfXPJ?1lmmGkYT!zgmHP{7#AZ6zPixzrbSyOPz}zX6hD2`t&`J>qy57cMrnZ? zohvhj7P%;`bNI7Q%u7J#<8|2p z#o~#hGn!>i9S2H?8`SL5q=G3RKwQCX2(YEZdDPL1T-dWoWj@mi zvlc7_&#~q##O$UeFr;1a&KraWRHdzvk0+k;swI^2bO^U>42iSNTeiWYNdKN|eaDAL zuNO0Q+M#tYp^dw*;-~~Vxrxe*B9TV(nGst{5Mu}n>VM`qt27NZ*cdT*Qjbhvtzu(A zQ7H2&{Nctl`7LU<$Y~WIwt}%91%Qg-%R36)39ZAQvdq1DyH?7rk>H(auf}DB-FUtt zIjNaV+o8<_l*L7ZD&kw`EGj{NdT7s@=O(b^ttxS0D|Lr*hN3i-BydFC(^M*&KZIOfud_+BG&1o{gdT|p!fQ7q7gL_2U#Y5lkT2j-mt7bE zL{XUwBS+hKbP%~ckB})lfY-}-yao)}eKz|!GJ=cVuYz%j1{cy4vcVLxv6gIxe6X$R#jBLbzG?O z;chVq3uLX~IXgOUu_wdxqjR&lFOM#MJbiJ&UJlRBh9?(Chv)3{%y-M5K4rs`pV?oJ zP7c~k#OMKjm*skqb|o>;mB=%bIt&6kDK~U#!LD(uKq1PPNvxc(i=&I)A`u z+Njig2D*wN*RcZ1u4EWnH5rLI`B}jl>pNPPm05(nZ@TQ*ZmIt0IL6cv>=wsbmQlJBv#p^Mz+>F`leK=7n!ENX0aXry>o-R@-{J+a*)3wfx)&@0%znK*gST zj8*IPvC z7YyaqBM%*;_K@P`r54@G=vs9au5`BSFtL&dqkK0D6h39 zgsP<7FxXG8W4AttXh{>#8)9W{a*KcwmmX_E>c}X}7bG3$MR63}S&BR`Ae*q(nc@l3 zXN~ZP@31!$yEl=Th%~}4E@cwcn9g}V14?9sYrBgMo#%P(yk%rL=1Peia?7C+wY_XN z9xq7Pa0`NTYHm-hFn{eqqbD}nxgY=^o*ZbtS{DWf?}yKyAD$c>{jY&OLa-JUGO0DG3h^w_6xs0;)<{pQlN8+2(;v@7s6*4@XVsf81iAt%I6M71+kY&4aW9k8OLt zS&b`dkrw=&b%dH*H8Wmx*-OEAq9n@&wkA8Nq2kaM;YLw8A-uw=#mvkwW8+%&b6esa zP~#eeECi4`KtxQ_;FjhUWzQ!CzvyWSu43ztr=2r?S8JYeMh>2bm+_UMl+Ky>YOz=> zUb9!G3{u6*`Wl)aHwKtmy~qm)Wt+Nzjk(T8OeD zj;Hm@F;=`Qnd}T8^TGzY-Vkz1fzq9w?lyd~j)dMMdr-_-;9Dt6`(>sVt5Sm|3H%p| z-$w9;Z95mDGzA0X_Ks4*)9IW~1)It%k*C$jKC+fLd0j29tNR58%KwZ0+!X(Rb~rqE zcG#UozhI1&@&Enp{`U56HU58hXZvgX|F7}0!CEV><+a$RjioIlJKz6tD|o<$bXfoh zJY1nMnZq!X?%d>WWokaAw&R60!x*ziA^6PHyNjKb22*YY!NvwVN(*a#3^YfcN}jB7 zo6ucmD5NvUnq<6C;MFFnv{N^3`%>OAG~3L<=dagrMfZT}*P>-8r3Gf>KOl6Fl4UAc zp=D5T)WqkYZf|U`eVFipD0rNxfG(rrDy&UR%Z)}Ub;WkpJUTAJJ=a9w%`Ff8M2O6|7{YtQn^DqNtnAa zVZd^4S|+A!(c1nR#Q3AN>K<*;$|LJ#ky8S-M;!p&0!0d#q-E9E31bG7KPX*XhBeOivRo-O@ zccCt}NU~Y%ImHfOl}#!zJc48>a}MDd6vV9|$5<7pxGI_==3yw5n#_}A(Jl9B!fAD{ zw471t&@gctq{q`K}g$+_*zv&m;1 zoLdGX%4@6iSEfLqM~0WNxI!_$js1htr3vWFxAv3uP6x-Rh9W7z!TPb1Hu*U0Tr8~J5F@h6N6;Nvo~QP=h2&tzqK93 zCaS{h5^C|f1M4WId3(37QN7U|=1Rsm`#yX2#AFDF|1MCb#;!F9Cy3O1vzf}^QdFV; zo02Xv7PhLmjnxZ9s#zZ@i&r9Fps%Trt|nM0bK*ZplK1^fFhGE95}oq>7>p;1ix~gB zRT@$jyBl+H%0^zk5|{OU)MY~mCQ8kAp;E6*Nq1{Q`S^hn!;>9MQteoiFa9d#b~xBR zRpj%qnCHUet&irAL~OK_SaifTUnwE*M#$^U4P0>&{~cDnwS~L3!47bbf(r^zuh}r1 zfhy%Cq6wPv+=Li@>L>;2_z#h`ym=GYl=UY4LnTptDG5aVL}<`CT4#bAlRN|$(rqc2 z>p+%MW`Em$2!mgGrmmEMMu?9eni5B>m35zI8CJh+Ap`RZf7<$}-ZLZg9Ka!;hnFIn zYoW$vD~Ad}V^Q#Kxt|%5z>Zw}MYTpbB(Iu9kM>GWvMhYGmx$6cwfpV% zJF1aH9cVrWE3=Ualv8lP9_?DYS)%1o-RvTtr=e-Ex8wX$OD}h}ZU3e)?5B*e`)I`& z{at5It9gsl1Bd@)o}7!KVG_HKZ3s*9k&%}PhrESiZihrX zhwKLf)|w`BRfv3|I?*EKvpDP+yC#^98|J0a2@UfNyUr&=s4XVdWto0vSd^(miG zE%*-J=w*H1ZE8rd>spYYw6Zod*iYgE!pNH=2wLZ9@g_ipEjAB))x;Caz^rOmGL;{( zimbO9t$k_@vntWK%Z)rG-x`Wd6`in=OQh2{eRn1%P3x~Pjmm!e+@kOpfr~2$ydzx2 zX>KwA)TR@$8*PW!z#%B@qK8u(H&_R3S1A z8(Q>3$N-m@1uDEoFjuC?Qe$d&6UkH8|4iglVVn;Dv=J{jO4>y=ovFzoO*3dS-vC7} zj7S!3_MiXp|GNMAAOF8y`do_`AUEj&LcC<0LhV{m|AaEYV^{dMxhfcEBU6p{J0)l0 ztyp|N(r`KIp5bvoUguGpi6ZQFgP^3PjT)25k3cF!;sePG2|bJ*q_lF#sdb4d@a^w~U%cp*;HbABZTeJ1lr0kdFm>YL`8kz8dA+$| zDxsL?xhNDq*1v7x?0b6pdVE+J&LGfgj<5FMe85`OpxoH3^&@0|Ihb81b1YP5V53x8 zLAUelhIG^46kNC{#d>@F!ExA;2X}r5BQO6yk+#-I?=t?rRc&KvC^RyE)V4ALs%>c= zEVZr(lkh?1+0r)+!XJFw@NTJ(MllY0X?$A;N*jhR1VQbNqM~nN-5J--@oY;egtJ_P zA`&UV3nT&7e|`KQCyq$!?@oz*kJ=?7LjzWxs!NHY6FdhIuX|#tPqjo`{W$Q#`*c+i zxw;uu9=j>sVSPE>liR_#Ql~_J-`{Fl-p*G2w0F0f=DoMIyd$<)ou-~2Kj>pF6^yQd z4MWhkm`8LstgsT)W8V@$nOB&YV-7iED*O{^6%Gqt3h2Ysi*Vd80~NpmCJBE&DO{dW z_kjkcmzv*ueSpE=)T3xKUQ_pCZ@IWdOp+#sMueBpS(~IGbE=R{+51>kt6@+)_;NLj zo8Y#xFe@dFnp)J$jE&8gB}f7t1LC8aMAIYt9DAcNhgs(6Y$GOp3L=#t*{c9u1IZRD zOQ6g!bof>uvWI&$Xkb>jgbHryOXy$)o@R7t8(e5p_5iE#I^_bUf0wvoru+-=C5oqU z@vGp<#}Bu`7Q3{S7-L(lk2Us_I?P$oyvBI+#bH{f0&As0I1URxelQ&6CVaA!EFt5^ z4;mXkez16Pt1g`WP{GcMloqU%>XvZSYk_Nbxccz}Z9BZUJ*IyA@XJuOGWp*TcRP`V z7?>Nn{tjOPeEzg78>4~DoQrNm_DJ^pCtH@PkU5_U3XC+t{y(4v^XYk;#TvTjNn`@y z4K^XKp_x^Bgnz`Qo*)T*|zx&Wmc! zxRRsKOdZ8_fsQxH5}r@R+TuhNpc-jpwc&bXvijA{l(PE8za+7&+CEq-7ZW|R7F7|X zva992z&cb*q_IlS>Zl|2YRT;#biY-y#%wgXJ%Y8g;~FuhR?o%l#d}aI31!1b-3OzO zAB;(j3jD}rngnS683^mg51)auex<2j7)@=0y++#F^g*4+Y~63mZoN++nULxI?kVL8 zv@W$X$FGPuRa^WLx|&^uwn4-T{`{x?&r5heez-|QZla8?Pc!N2 zpfD~JU}0kGXlh2q{Ht?jX)y?$O%YuuF!RTc$j!wrF2w?q^T}&H=Sq|os`{5AnRV4= zkCwCCj54Bj#*4PGXjfW5v}+m)2ydkzStVF1u5F~7qVQv9*@u~4EHV&}My5W>2;|-6 z5V!@OB_r~>!@inWTs?@lXbsKR0t4#xYnj+Xp=J}ALlKl~y6hf4?vr`zG)sVK-zD|6Mx(C4KYDy$+IE39;>pU?Q;WbVgTyC9Y|C}o4k zr$i9$(%<9jgZ43NwKTDBeP@J&?_0Vhl#7-V_Es#Y6lca`a`-}ue%z80$q2|XPm(Q# zPvGpVr@j>S_$hHMxtI*I3`0~RktK356KO#&-Gg0hVZn63S_Vj46!NkZh4R8&m^Eq% zSL6><12XL6vIjwx)-_Tj7l6>(V(;M^cd9w>KmW1X5G)8DuXz0?vSNVgN z8NNHC_Df8{yzukLm$fz$?1-|*Y1iH;b(cRNg2%tSgc*4 zvI{AbZV=#8tYPJ$J9IV(f)0D|fG%?3cY_BHphvo^(7_4Mu+PosXQ%sz=jW$qZ+;pc zzc_sJ;^gR}&3-yMyLd4?e&gQmpPoT|ne)>ZXZwex#-a$jTmHEFkkKL9r)+?^(o;aO zGPKWtVe!dCgqp-|wuVX4YO_`gvu0SDWj{c=UmE9WBHm>(PKzh=G)jb7sC~@vxk<(9 z$^b#QdOC&3M$gveb$y=9jwN0dH{C+zFFKv`<7XP-BT4~tDZF|5#xvwEAg`O4sl*}lijBbR-5sO5a@SG9?(dUq}AxV5-pyG|rWYC2hJfl_%ebu8hPDb#dnS#ykD+|rS zA%Cv!G^v9%+t6Ah;6_YHSK-!J2;JXFW&Hqvbv}mB9?N-=%~vx_!aU9Q@+n-WyJNoS zu_`OmdDNiP8beR;P9@=6)x6rNKD|+#G)}w|!mCOo0Re!c^cJB4Acy6A5aWKnFU|F2Zif(DoYhP71kGl4@ zq~-mw(_&l8E$;O+)$A2gZ%V0o`OQ`ppIm;z&$St?mj3@VPW1n3(Rl-Jj!z-a$(kZB z#wf@5(URN?ZyCM4jqrQn-GakD%{GiBC9lznyX%pm>IJq~8n0}F7`cFQV|9SWr3F+z z!7RmQ`nJwqPKFz!!^>2dWD4GDtbvCvtiqg&OGq8iEQXxORQzUw$C~{6w<6%B`y_NK z?s`e>5%zL%oyUdf6qp@Y^7Cy9)n~D}JT2m-PrPSaM2`KDO(=WAJl#gByWL5;jEKdkWsW2mXy+PtfsNwmHGOXGFfF%* zIyMDPzXT{qibv+E@W@r&E`^knHC+wZ=qMev+2}+T_{-tDSQSeDb|8g1kp(=^fByjg zJuZmckKT&K$av8)xkkeU<`Ii0Wqr0A1jD2dc?u~llSR8>H8y7oUCe~L^BCL#X+3iE zsku}cT(8f&M2NJJ3jfgQpq)g6HPj0zF2#ZpM$J^?eO-Gqy=#-C5l>Ng>EBs;y?lfk{+c#|E}B(8(VHwFADtTXdgWt^ zWT<+fOhb_s@QaIo=y9duY1+wT)X|62Ge#FZ@cp-9ao;-vXRE0&(^xqNj^+3!1f!7b zego{>uY;WxS3eNm%DQ%w4B^rK67}#sgN<~g5jj_V)P($ZdzHkw0XpmylRx$c?9&95 z66tJ^Q-0s+52~|mJXkjf4B(Hs*8Ce*z}U5jrWnnTp7XV&oRq;+l*+b30FR!J~zi z6loALat=X(#U)ScI)Z5|$#gt{OoC0o*=~GOCW03JFcP2|*W1f7lCyK$4N4R3jb>waFp^e@7QvC@jMLOSqKzd<jyO~?j|1RSr%&f zT*(^omDhdcb-xm?`+~ggcf~h+RQk$0zVeRWl6RC~aTWh)WFO2V^jUTcm;+tq7%*+t zaSUiiVf!@b?3)I4d&5#}NkQ_4*P8onZ?)!rJ2&&oK8}g$ZpzP$Ill7P@Y3e4EXk#e zVb%5dYckcjVMSeb2sbNa6r@5#CYij@Kn}6Rnmc-7IElET*kua%HY52tZZTuAoD>3h zXf80&7@e1asU>RSx*)3_B(yIi<1C%e#%L&k{iix8FnQ;y>jpuE+X8p1?2EDn@cLY) zz)!hS(1#!9*0j;1z{~gNWeeohk;~c2A!%(b<2v~Q8CP{Fcg(!1u-m}AD$V+aWLBO# zN}A8pp*oT2nUuu<^HG=Iy-*?_uxS>$^wNQnaRa=2% z`rLGKs6w7lcuTom$TO@E6_+ioQ7*Hx<#l*`?ETH7sQh~W$J3W5!7PfnN|{{=VC#B@Z+m0ck+@0VLjLMr}@_>DV@2HT3UVLlLk|A!pA%z(iBAjzlCVB;B|Qk}d)QL22K>E8ryLqQ1SOIQ-3 zzLbVO)oKlmx)K`86*S;+L%j>H+y#Kmj;r$SZ=s*GwtO&JS}+TVBB})D7Y*pmcp6WH zD$wPkB%aj>8iYl{LSFDhPU&PjRG4j44k3d(4KNi`x(=IRxJ#T*d1mfBaMEn`dOG;g zKui27Rl4b*fYgB-RfB%F-`(jLH=Xs5(DwS9xn>uPW%DHI_+Q53Stw_{+jYR_#ih(C z3#}nxb0zZB%f8E)NUsKLcy@90bhv+UdiL|17w48IX@Tcj=Fy7Q&xhydc=Eel_FP6r zb$Bk5I9!+#IRJ-2!2D`A4kv29L&0|}=V@eQL5$|Yiyavch2}dlN96R*ja^7K6QVFk zX~%Dq^gH7a853fPhmHzmhR9=X2-*?sJ1V6Da0hkwG{8oBiW4p9f{HW2kbx2eVGYGB z7e-TBUMS|X9?v?tP(>bxg@`(t%3Q3)mB`V0GckmQiiRA~y}+e?iIu-`v05G#3yg$3 zWmzsmTYe9VveEs*_lj4=Lry)AtVsSik&ji8iXdr%B<7rVP{W<`(9Bdt(KK4 ziZ4?EOP&j9-KK`z3rp+`9rTDp#^1gX?+TGZX}w;Siw-TM=gyHwvp9`aK{hibiaA6h z!U4euKKI+Mx@1^c(rr5B;*Pv>RAc!A=ASpt_=U5#C zjm}i0_9dL^fVKYd4|Xzqc6k1LxPQq0`Og;HIKwijtn$X4twW*(RWU~`7grwGVof`U z7Y%F4$2{zo$Zz-UH(&+wR;jM>=Qa86+r%c3|n3$+xT#vH{?J0g#!U#Ig>EDJVvJcB5PrKZvyZH#zRoS&T|)ioE;dWg*ofU&YQsqVPG! zM~cW$*J6=rpy^=maTs)1ktk=baW^Na6Cx#MGWIgvsH8pM{72=AUMLkz^eb~sxljEy0d1x(hhPK#S;(=3pV3vDstoqRzEQHAW9h~s7vAy z6p9&%)WudR5lYBVjkcfW2+L10ch#QxXNvAKcl`SUgEUK9i!o7VQyd7bJT$nz7`0up4E~ERa5DVEXUi-}F+SDO^=JBoK1JqQjEKPvAGK^rXL5zfl6Dy#c<$6UqXa9&&@Mlp78Q-qh2wVvn~ z?B1qUdX-8bHx=t#ig#>hdu!0}yv5!_NWh~#_MWjKXPt=M|KI8Tt))#cl`owY0=?x% zu7*l}Dw80;(5@`6su0Q}j$diR?~^uI7#L_c^*LTWq<#_wS;E2_4bp2?pt-s5Ox04n zEPgJhIh9&Ok>#3W1h2pPr`;qs^)4vKqJB`DV+46wWV;fOVmi=UL9GeA#F>K z;U`h|X5pJ!-kInfD^u)q#*6UMlPx`ymZ^3Ms_+T{`b!e!zig3~z^=HK4mOOPp-2=Z zT(xDAdGb~E{1@dfUuDnry|BLqUmz4Rfo()dc`iYM#|SAres*Fmtsp2qKl3Le0}*w-~*n4ELQMGeX0zHFY4oeF!;wjcF&9`^d*viI!!zx2D`cDLDkdsI!wq{Yqge99*JFqrL6f4cp!xAX1Y z^!F{p{`%Y1{)Q0fu-qHvH?Tc?13m2a`g_$Lo-B>_7~1ai`rp)#W-{7E;}ODTu#9Y!m&oda@yj`3j6)u zc5~mh?Vf47Q*Dd8u{_Sw=I_FWe%ssGtM9_@SM|dk`0$&$u_148#?v@t;{}AelTS4l zDWr#-U^Zdg43ud)#&zZZl>lpZ`{s?S(8C z_i;P?*f5h2JB{kIpkklf)Mvl9^SIh4m2I}P>-}dG(Qe}ZE25Fs9^(f7zrFi-x6J={ zc6N7nzw-ZI;|GtMTN&c-ZYCv{prleNwE~ zr*`mLZ~YhXlgmWh4x4ZPa})mWJnEP6e|J}_1ix?mza3%ygh;NtS^nCQEnbv~AI{Pk zD?%YVbpbn#;X3OC>)g$Lh;|kwXH`6 zTtwS?@oc4Nw#IH@W20XyNdsh`;Wik|F4bz z7RxKRv=*X&#j4-s&(d{(&oIUf_}_p0Xt#?0`k$}(|104C#vgm*IPHzOx(qgg4feB~ z+tRD~JVo~^-4L<$!tIp0!A20o6ZVR=?rpSKCn;E;z5X-gQ4RhZ#4T6YDabSH&_%U0$*U%2p( zZlFZO?yFvf*7fe+v)$b9P4BaN2S;bU8a~Uu$5;2fJ6FrCZZ(S4=4<-4?{3|ruOBpY z>^ISSO`(RR&(?y6nr7~38(x-<=WYnc*PpLHUw?l0KmQc~ O0RR8lROKW9js^hoYwu+M diff --git a/AAE/platform/README-ROKS.md b/AAE/platform/README-ROKS.md deleted file mode 100644 index 4ca2332e..00000000 --- a/AAE/platform/README-ROKS.md +++ /dev/null @@ -1,813 +0,0 @@ -# Deploying IBM Business Automation Application Engine (App Engine) on Red Hat OpenShift on IBM Cloud - -These instructions are for installing IBM Business Automation Application Engine (App Engine) on a managed Red Hat OpenShift cluster on IBM Public Cloud. - -## Table of contents - -- [Prerequisites](#prerequisites) -- [Step 1: Preparing your client and environment on IBM Cloud](#step-1-preparing-your-client-and-environment-on-ibm-cloud) -- [Step 2: Preparing the OCP client environment](#step-2-preparing-the-ocp-client-environment) -- [Step 3: Downloading the package and uploading it to the local repository](#step-3-downloading-the-package-and-uploading-it-to-the-local-repository) -- [Step 4: Connecting OpenShift with CLI](#step-4-connecting-openshift-with-cli) -- [Step 5: Creating the database](#step-5-creating-the-database) -- [Step 6: Creating the routes](#step-6-creating-the-routes) -- [Step 7: Protecting sensitive configuration data](#step-7-protecting-sensitive-configuration-data) -- [Step 8: Configuring TLS key and certificate secrets](#step-8-configuring-tls-key-and-certificate-secrets) -- [Step 9: Preparing persistent storage](#step-9-preparing-persistent-storage) -- [Step 10: Installing App Engine 19.0.2 on platform Helm](#step-10-installing-app-engine-1902-on-platform-helm) -- [Creating the Navigator service and configuring its UMS](#creating-the-navigator-service-and-configuring-its-ums) -- [References](#references) - -## Prerequisites - - * [OpenShift 3.11](https://docs.openshift.com/container-platform/3.11/welcome/index.html) or later - * [Helm and Tiller 2.9.1](/~https://github.com/helm/helm/releases) or later - * [Cert Manager 0.8.0](https://cert-manager.readthedocs.io/en/latest/getting-started/install/openshift.html) or later - * [IBM DB2 11.1.2.2](https://www.ibm.com/products/db2-database) or later - * [IBM Cloud Pak For Automation - User Management Service](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.offerings/topics/con_ums.html) - * Persistent volume support - -Before you deploy, you must configure your IBM Public Cloud environment, create an OpenShift cluster and load the product images into the registry. Use the following information to configure your environment and deploy the images. - -## Step 1: Preparing your client and environment on IBM Cloud - -1. Create an account on [IBM Cloud](https://cloud.ibm.com/kubernetes/registry/main/start). -2. Create a cluster. - From the [IBM Cloud Overview page](https://cloud.ibm.com/kubernetes/overview), on the OpenShift Cluster tile, click **Create Cluster**. - -3. Install the [IBM Cloud CLI](https://cloud.ibm.com/docs/containers?topic=containers-cs_cli_install). -4. Install the [OpenShift Container Platform CLI](https://docs.openshift.com/container-platform/3.11/cli_reference/get_started_cli.html#cli-reference-get-started-cli) to manage your applications and to interact with the system. -5. Install [Helm 2.9.1](https://www.ibm.com/links?url=https%3A%2F%2Fgithub.com%2Fhelm%2Fhelm%2Freleases%2Ftag%2Fv2.9.1) to install the Helm charts with Helm and Tiller. -6. Install the [Kubernetes CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/). -7. Install the [Docker CLI](https://cloud.ibm.com/docs/containers?topic=containers-cs_cli_install). -8. Get the storage class name for your OpenShift cluster: - ```console - $ oc get sc - ``` - -## Step 2: Preparing the OCP client environment - -**1. Log in to IBM Cloud using CLI** - - Open a terminal window on your client machine, then run the following commands: - -```console - ibmcloud login -u -p -c -r - ``` - -r value Name of region, such as 'us-south' or 'eu-gb' - -c value Account ID or owner user ID (such as user@example.com) - -```console -ibmcloud login -u -p -c -r -ibmcloud ks cluster ls -ibmcloud ks cluster config --cluster $cluster | grep export > env.sh -chmod 755 env.sh -. ./env.sh -echo $KUBECONFIG -kubectl version --short - ``` - -**2. Configure IBM Cloud Container Registry** - - **a. Log in with your IBM Cloud account. Use “ibmcloud login --sso” to log in to IBM Cloud CLI** - - **Note:** After you press "Y" to open the URL in the default browser, IBM Cloud generates a one-time code in the browser. Copy and paste it, then press “Enter" to pass authentication. - -```console -$ ibmcloud login --sso -API endpoint: https://cloud.ibm.com -Region: eu-gb - -Get One Time Code from https://identity-2.ap-north.iam.cloud.ibm.com/identity/passcode to proceed. -Open the URL in the default browser? [Y/n] > yes -One Time Code > -Authenticating... -OK - -Select an account: -1. XXXXXX's Account (0xxxxxxxxxxxxxxaa9xxx) -2. XXXXXXXX's Account (c56xxxxxxxxxxxxx74xxxxc) <-> 1...7 -Enter a number> 2 -Targeted account XXXXXXXX's Account (c56xxxxxxxxxxxxx74xxxxc) <-> 1...7 - - -API endpoint: https://cloud.ibm.com -Region: eu-gb -User: xxxxxxx -Account: XXXXXXXX's Account (c56xxxxxxxxxxxxx74xxxxc) <-> 1...7 -Resource group: No resource group targeted, use 'ibmcloud target -g RESOURCE_GROUP' -CF API endpoint: -Org: -Space: - -Tip: If you are managing Cloud Foundry applications and services -- Use 'ibmcloud target --cf' to target Cloud Foundry org/space interactively, or use 'ibmcloud target --cf-api ENDPOINT -o ORG -s SPACE' to target the org/space. -- Use 'ibmcloud cf' if you want to run the Cloud Foundry CLI with current IBM Cloud CLI context. - - -New version 0.19.0 is available. -Release notes: /~https://github.com/IBM-Cloud/ibm-cloud-cli-release/releases/tag/v0.19.0 -TIP: use 'ibmcloud config --check-version=false' to disable update check. - -Do you want to update? [y/N] > y - -Installing version '0.19.0'... -Downloading... - 17.45 MiB / 17.45 MiB [========================================================================================] 100.00% 9s -18301051 bytes downloaded -Saved in /Users/ibm/.bluemix/tmp/bx_746509876/IBM_Cloud_CLI_0.19.0.pkg -``` - -If you encouter errors using "ibmcloud login --sso", you can run "ibmcloud login" and enter your username and password instead. - - **b. Create a namespace** - -```console - $ ibmcloud cr namespace-add -``` - - **c. Check the cluster** -```console -$ oc get pod - ``` - **d. Log in to IBM Cloud Container Registry (cr)** -```console -$ ibmcloud cr login -``` - Example output: - -```console -$ ibmcloud cr login -Logging in to 'registry.eu-gb.bluemix.net'... -Logged in to 'registry.eu-gb.bluemix.net'. - -IBM Cloud Container Registry is adopting new icr.io domain names to align with the rebranding of IBM Cloud for a better user experience. The existing bluemix.net domain names are deprecated, but you can continue to use them for the time being, as an unsupported date will be announced later. For more information about registry domain names, see https://cloud.ibm.com/docs/services/Registry?topic=registry-registry_overview#registry_regions_local - -Logging in to 'us.icr.io'... -Logged in to 'us.icr.io'. - -IBM Cloud Container Registry is adopting new icr.io domain names to align with the rebranding of IBM Cloud for a better user experience. The existing bluemix.net domain names are deprecated, but you can continue to use them for the time being, as an unsupported date will be announced later. For more information about registry domain names, see https://cloud.ibm.com/docs/services/Registry?topic=registry-registry_overview#registry_regions_local - -OK -``` -Get the container repository host from the "ibmcloud cr" login output. In this example, the Docker repository host is “us.icr.io”. - - **e. Verify the images are in your private registry:** -```console -$ ibmcloud cr image-list -``` - **f. Create an API key** - - I. Log in to https://cloud.ibm.com. - - II. Select your own cluster account (upper right corner) and click IBM Cloud -> Security -> Manage -> Identity and Access -> Access (IAM) / IBM Cloud API Keys (left menu) --> Create an IBM Cloud API Key. Then download the API key or copy the API key. - - III. Return to your client terminal window and log in to the local Docker registry: - -```console -docker login -u iamapikey -p -``` - Example: -```console -$ docker login -u iamapikey -p us.icr.io -WARNING! Using --password via the CLI is insecure. Use --password-stdin. -Login Succeeded -``` - **g. Create a Docker pull secret in your OpenShift cluster** -```console -oc create secret docker-registry ums-secret --docker-server=us.icr.io --docker-username=iamapikey --docker-password= - ``` -This secret will be passed to the chart in the imagePullSecrets property. Check the "docker-server" name in the output of the previous command “ibmcloud cr login”. - -## Step 3: Downloading the package and uploading it to the local repository - -1. Download and save the [loadimages.sh](/~https://github.com/icp4a/cert-kubernetes/blob/master/scripts/loadimages.sh) script to the client machine. -2. Download the Business Automation Application Engine Passport Advantage packages by following the instructions in [IBM Cloud Pak for Automation 19.0.2 on Certified Kubernetes](/~https://github.com/icp4a/cert-kubernetes/blob/master/README.md#step-2-download-a-product-package-from-ppa-and-load-the-images). -3. Run the following commands to load the images into the Docker repository: -```console -$ ibmcloud cr namespace-add - ``` -Example: -```console -./loadimages.sh -p ./CC3I3ML.tgz -r us.icr.io/ -./loadimages.sh -p ./CC3I4ML.tgz -r us.icr.io/ -./loadimages.sh -p ./CC3I5ML.tgz -r us.icr.io/ -./loadimages.sh -p ./CC3HVML.tgz -r us.icr.io/ - ``` -The name "us.icr.io" is one of the IBM Cloud Container Registry names and your registry name might be different. Get the name from the "ibmcloud cr login" step. - -4. Get the following Docker images in the IBM Cloud repository, which can be used for future App Engine deployments: -```console - - us.icr.io//solution-server:19.0.2 - - us.icr.io//dba-etcd:19.0.2 - - us.icr.io//solution-server-helmjob-db:19.0.2 - - us.icr.io//dba-keytool-initcontainer:19.0.2 - - us.icr.io//dba-umsregistration-initjob:19.0.2 - - us.icr.io//dba-dbcompatibility-initcontainer:19.0.2 - - us.icr.io//navigator:ga-306-icn-if002 - - us.icr.io//navigator-sso:ga-306-icn-if002 - - us.icr.io//ums:19.0.2 - - us.icr.io//dba-keytool-initcontainer:19.0.2 - - us.icr.io//dba-keytool-jobcontainer:19.0.2 - - us.icr.io//bastudio:19.0.2 - - us.icr.io//jms:19.0.2 - - us.icr.io//solution-server:19.0.2 - - us.icr.io//dba-etcd:19.0.2 - - us.icr.io//solution-server-helmjob-db:19.0.2 - - us.icr.io//dba-keytool-initcontainer:19.0.2 - - us.icr.io//dba-keytool-jobcontainer:19.0.2 - - us.icr.io//dba-umsregistration-initjob:19.0.2 - - us.icr.io//dba-dbcompatibility-initcontainer:19.0.2 -``` -## Step 4: Connecting OpenShift with CLI -1. Open a browser and log in to the IBM Cloud website (https://cloud.ibm.com) with your IBM Cloud ID, then navigate to the OpenShift category. -2. Find your OpenShift cluster instance in the Clusters list, select ..., and click OpenShift Web Console. -3. In the OpenShift Web Console, click your user ID (top right) and click Copy Login Command. -4. Paste the login command into the shell in your client machine terminal window: -```console - oc login https://: --token= - ``` -5. Create or switch to the namespace you created by running the following command: -```console - oc new-project && oc project - ``` -6. To deploy the service account, role, and role binding successfully, assign the administrator role to the user for this namespace by running the following command: -```console - oc project - oc adm policy add-role-to-user admin -``` -7. If you want to operate persistent volumes (PVs), you must have the storage-admin cluster role, because PVs are a cluster resource in OpenShift. Add the role by running the following command: -```console - oc adm policy add-cluster-role-to-user storage-admin -``` - 8. Grant scc ibm-anyuid-scc to your newly created namespace: - ```console -oc adm policy add-scc-to-group ibm-anyuid-scc system:serviceaccounts: -``` - -## Step 5: Creating the database - -1. Prepare the database for App Engine, following the instructions in [Creating the database](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_aeprep_db.html). - -## Step 6: Creating the routes -1. Choose a release name, for example, “ocp-aae”. You can replace `````` with your own release name in the examples that follow. -2. Choose the route name, for example, "ae-route" for App Engine. -3. Prepare the YAML files for the routes. For example: -ums-route.yaml -```yaml -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: ums-route - namespace: -spec: - port: - targetPort: https - tls: - insecureEdgeTerminationPolicy: Redirect - termination: passthrough - to: - kind: Service - name: -ibm-dba-ums - weight: 100 - wildcardPolicy: None -``` -ae-route.yaml: -```yaml -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: ae-route - namespace: -spec: - port: - targetPort: https - tls: - insecureEdgeTerminationPolicy: Redirect - termination: passthrough - to: - kind: Service - name: -ibm-dba-ae-service - weight: 100 - wildcardPolicy: None -``` - -4. Create the route by running the following command: -```console -oc create -f ae-route.yaml -``` -5. Get the host name for Application Engine. You will need it later. - - a. Run the command "oc get route" to get the host name for each component. -```console -$ oc get route -NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD -ae-route ae-route-bastudio. .us-east.containers.appdomain.cloud aa-ibm-dba-ae-service https passthrough/Redirect None -rr-route rr-route-bastudio. .us-east.containers.appdomain.cloud aa-resource-registry-service https passthrough/Redirect None -ums-route ums-route-bastudio. .us-east.containers.appdomain.cloud aa-ibm-dba-ums https passthrough/Redirect None -``` - - b. Find the host name “ums-route-bastudio..us-east.containers.appdomain.cloud” and write it down. You will use it later when creating secrets. - - c. Ping the host name to get the IP address. - -```console -$ping ums-route-bastudio..us-east.containers.appdomain.cloud -PING dbaclusterxxxxxxxxxxxxxx001.us-east.containers.appdomain.cloud (169.x.x.x) 56(84) bytes of data. -64 bytes from xxx.ip4.static.sl-reverse.com (169.x.x.x): icmp_seq=1 ttl=44 time=72.9 ms -64 bytes from xxx.ip4.static.sl-reverse.com (169.x.x.x): icmp_seq=2 ttl=44 time=72.7 ms -``` -Write down the IP address 169.x.x.x. It will be used later in the . For each route (ums-route, ae-route, rr-route) write down the host name and IP address. - -## Step 7: Protecting sensitive configuration data - -You must create the following secrets manually before you install the chart. - -* Create the UMS Service following the instructions in [Install User Management Service 19.0.2 on Red Hat OpenShift on IBM Cloud](/~https://github.com/icp4a/cert-kubernetes/blob/master/UMS/platform/README-ROKS.md). - -* Follow the instructions in [Preparing UMS-related configuration and TLS certificates](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_aeprep_ums.html) to prepare UMS secrets. - -Follow [Protecting sensitive configuration data](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_aeprep_data.html) to prepare secrets for Resource Registry and App Engine. - -The following sample YAML files are for Resource Registry and App Engine secrets. Update the values with your own user name, database information, and so on. - -Resource Registry yaml: -```yaml - apiVersion: v1 - kind: Secret - metadata: - name: resource-registry-admin-secret - type: Opaque - stringData: - rootPassword: "" - readUser: "reader" - readPassword: "" - writeUser: "writer" - writePassword: "" -``` - -App Engine yaml: - -```yaml -apiVersion: v1 -kind: Secret -metadata: - name: ae-secret-credential -type: Opaque -stringData: - AE_DATABASE_PWD: "" - AE_DATABASE_USER: "" - OPENID_CLIENT_ID: "app_engine" - OPENID_CLIENT_SECRET: ““ - SESSION_SECRET: "bigblue123solutionserver" - SESSION_COOKIE_NAME: "nsessionid" - REDIS_PASSWORD: "password" -``` - -## Step 8: Configuring TLS key and certificate secrets -Modify all values enclosed in angle brackets like `````` in each of the following xxx.conf files with your own values. - -Follow [Configuring the TLS key and certificate secrets](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_basprep_secrets.html) to create TLS certificate secrets for UMS, Resource Registry, and App Engine services. - -1. Create the root CA. - -Run the following three commands: -```console - -openssl genrsa -out rootCA.key.pem 2048 - -openssl req -x509 -new -nodes -key rootCA.key.pem -sha256 -days 3650 \ - -subj "/CN=rootCA" \ - -out rootCA.crt.pem - -kubectl create secret tls ca-tls-secret --key=rootCA.key.pem --cert=rootCA.crt.pem -``` - -2. Generate the UMS TLS key and certificate. - -Example: ums-extfile.conf -```console -authorityKeyIdentifier=keyid,issuer -basicConstraints=CA:FALSE -keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment -subjectAltName = @alt_names - -[alt_names] -DNS.1 = -ibm-dba-ums -DNS.2 = -DNS.3 = .svc.cluster.local -DNS.4 = svc.cluster.local -DNS.5 = localhost -IP.1 = -``` -Run the following four commands: -```console -openssl genrsa -out ums.key.pem 2048 -openssl req -new -key ums.key.pem -out ums.csr \ - -subj "/CN= " - -openssl x509 -req -in ums.csr -CA rootCA.crt.pem \ - -CAkey rootCA.key.pem \ - -CAcreateserial \ - -out ums.crt.pem \ - -days 1825 -sha256 \ - -extfile ums-extfile.conf -kubectl create secret tls ums-tls-secret --key=ums.key.pem --cert=ums.crt.pem -``` -3. Generate the UMS JKS TLS key and certificate. - -Example ums-jks-extfile.conf -```console -authorityKeyIdentifier=keyid,issuer -basicConstraints=CA:FALSE -keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment -subjectAltName = @alt_names - -[alt_names] -DNS.1 = -ibm-dba-ums -DNS.2 = -ibm-dba-ums..svc.cluster.local -DNS.3 = svc.cluster.local -DNS.4 = localhost -DNS.5 = c100-e.us-east.containers.cloud.ibm.com -IP.1 = -``` -Run the following four commands: -```console -openssl genrsa -out ums-jks.key.pem 2048 -openssl req -new -key ums-jks.key.pem -out ums-jks.csr \ - -subj "/CN= " - -openssl x509 -req -in ums-jks.csr -CA rootCA.crt.pem \ - -CAkey rootCA.key.pem \ - -CAcreateserial \ - -out ums-jks.crt.pem \ - -days 1825 -sha256 \ - -extfile ums-jks-extfile.conf -kubectl create secret tls ums-jks-tls-secret --key=ums-jks.key.pem --cert=ums-jks.crt.pem -``` -4. Generate the Resource Registry TLS key and certificate. - -Example rr-extfile.conf -```console -authorityKeyIdentifier=keyid,issuer -basicConstraints=CA:FALSE -keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment -subjectAltName = @alt_names - -[alt_names] -DNS.1 = -resource-registry-service -DNS.2 = -DNS.3 = -resource-registry-service..svc.cluster.local -DNS.4 = svc.cluster.local -DNS.5 = localhost -DNS.6 = c100-e.us-east.containers.cloud.ibm.com -IP.1 = -``` -Run the following four commands: -```console -openssl genrsa -out rr.key.pem 2048 -openssl req -new -key rr.key.pem -out rr.csr \ - -subj "/CN= " - -openssl x509 -req -in rr.csr -CA rootCA.crt.pem \ - -CAkey rootCA.key.pem \ - -CAcreateserial \ - -out rr.crt.pem \ - -days 1825 -sha256 \ - -extfile rr-extfile.conf -kubectl create secret tls rr-tls-secret --key=rr.key.pem --cert=rr.crt.pem -``` -5. Generate the App Engine TLS key and certificate. - -Example ae-extfile.conf -```console -authorityKeyIdentifier=keyid,issuer -basicConstraints=CA:FALSE -keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment -subjectAltName = @alt_names - -[alt_names] -DNS.1 = -ibm-dba-ae-service -DNS.2 = -DNS.3 = -ibm-dba-ae-service..svc.cluster.local -DNS.4 = svc.cluster.local -DNS.5=localhost -DNS.6=c100-e.us-east.containers.cloud.ibm.com -IP.1 = -``` -Run the following four commands: - -```console -openssl genrsa -out ae.key.pem 2048 -openssl req -new -key ae.key.pem -out ae.csr \ - -subj "/CN=< ip address from above ae-route > " - -openssl x509 -req -in ae.csr -CA rootCA.crt.pem \ - -CAkey rootCA.key.pem \ - -CAcreateserial \ - -out ae.crt.pem \ - -days 1825 -sha256 \ - -extfile ae-extfile.conf -kubectl create secret tls ae-tls-secret --key=ae.key.pem --cert=ae.crt.pem -``` -6. Generate the IBM Content Navigator (ICN) TLS key and certificate. - -Example icn-extfile.conf -```console -authorityKeyIdentifier=keyid,issuer -basicConstraints=CA:FALSE -keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment -subjectAltName = @alt_names - -[alt_names] -DNS.1 = icn..nip.io -DNS.2 = svc.cluster.local -DNS.3 = localhost -IP.1 = -``` -Run the following four commands: -```console -openssl genrsa -out icn.key.pem 2048 -openssl req -new -key icn.key.pem -out icn.csr \ - -subj "/CN=< ip address from above ums-route > " - -openssl x509 -req -in icn.csr -CA rootCA.crt.pem \ - -CAkey rootCA.key.pem \ - -CAcreateserial \ - -out icn.crt.pem \ - -days 1825 -sha256 \ - -extfile icn-extfile.conf -kubectl create secret tls icn-tls-secret --key=icn.key.pem --cert=icn.crt.pem -``` -7. Generate the JKS TLS key and certificate. - -Example jks-extfile.conf -```console -authorityKeyIdentifier=keyid,issuer -basicConstraints=CA:FALSE -keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment -subjectAltName = @alt_names - -[alt_names] -DNS.1 = -ibm-dba-ums -DNS.2 = ums..nip.io -DNS.3 = -ibm-dba-ums..svc.cluster.local -DNS.4 = svc.cluster.local -IP.1 = -``` -Run the following four commands: - -```console -openssl genrsa -out jks.key.pem 2048 -openssl req -new -key jks.key.pem -out jks.csr \ - -subj "/CN=< ip address from above ums-route > " - -openssl x509 -req -in jks.csr -CA rootCA.crt.pem \ - -CAkey rootCA.key.pem \ - -CAcreateserial \ - -out jks.crt.pem \ - -days 1825 -sha256 \ - -extfile jks-extfile.conf -kubectl create secret tls jks-tls-secret --key=jks.key.pem --cert=jks.crt.pem -``` - -## Step 9: Preparing persistent storage - -Follow the "Implementing storage" section of [IBM Business Automation Application Engine Installation](/~https://github.com/icp4a/cert-kubernetes/blob/master/AAE/README.md) to prepare the persistent storage for App Engine. - -## Step 10: Installing App Engine 19.0.2 on platform Helm - -To install the App Engine service on a managed Red Hat OpenShift cluster on IBM Public Cloud, choose one of the following options: -* To use Helm charts, follow the instructions in [Deploying with Helm charts](/~https://github.com/icp4a/cert-kubernetes/blob/master/AAE/helm-charts/README.md) - -* To use YAML, follow the instructions in [Deploying with Kubernetes YAML](/~https://github.com/icp4a/cert-kubernetes/blob/master/AAE/k8s-yaml/README.md) - -* To deploy the service on your own, complete the following steps: - -**1. Download the Helm charts provided for certificate in the GitHub release page:** -* Download ibm-dba-aae-prod-1.0.0.tgz from [AAE HELM](/~https://github.com/icp4a/cert-kubernetes/tree/master/AAE/helm-charts) - -**Modify the sample values in the YAML files to match your own environment:** - -```yaml -#Shared values across components -global: - # The persistent volume claim name used to store JDBC and ODBC library - existingClaimName: - # Keep this value as false - nonProductionMode: false - # Secret with Docker credentials - imagePullSecrets: ums-secret - # global CA secret name - caSecretName: "ca-tls-secret" - # Kubernetes dns base name - dnsBaseName: "svc.cluster.local" - # Contributor toolkits storage PVC - contributorToolkitsPVC: "" - # Global configuration created by user management service - ums: - serviceType: Ingress - # Get UMS hostname from “oc get route” command - hostname: "ums-route-bastudio. xxxxx.us-east.containers.appdomain.cloud" - port: 443 - # Secret with admin credentials - adminSecretName: ibm-dba-ums-secret - - # Global configuration created by Resource Registry - resourceRegistry: - # Get RR hostname from “oc get route” command - hostname: "rr-route-bastudio. xxxxx.us-east.containers.appdomain.cloud" - port: 31099 - adminSecretName: resource-registry-admin-secret - - # Global configuration created by App Engine - appEngine: - serviceType: "Ingress" - # Get AE hostname from “oc get route” command - hostname: "ae-route-bastudio.xxxxx.us-east.containers.appdomain.cloud" - port: 443 - -appengine: - install: true - - replicaCount: 1 - - probes: - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 5 - failureThreshold: 3 - - images: - appEngine: us.icr.io//solution-server:19.0.2 - tlsInitContainer: us.icr.io//dba-keytool-initcontainer:19.0.2 - dbJob: us.icr.io//solution-server-helmjob-db:19.0.2 - oidcJob: us.icr.io//dba-umsregistration-initjob:19.0.2 - dbcompatibilityInitContainer: us.icr.io//dba-dbcompatibility-initcontainer:19.0.2 - pullPolicy: Always - - tls: - tlsSecretName: ae-tls-secret - tlsTrustList: [] - - database: - name: APPDB - host: - port: - type: db2 - currentSchema: DBASB - initialPoolSize: 1 - maxPoolSize: 10 - uvThreadPoolSize: 4 - maxLRUCacheSize: 1000 - maxLRUCacheAge: 600000 - - # Toggle for custom JDBC drivers - useCustomJDBCDrivers: false - - adminSecretName: ae-secret-credential - - logLevel: - node: trace - browser: 2 - - contentSecurityPolicy: - enable: false - whitelist: "" - - session: - duration: "1800000" - resave: "false" - rolling: "true" - saveUninitialized: "false" - useExternalStore: "false" - - redis: - host: localhost - port: 6379 - ttl: 1800 - - maxAge: - staticAsset: "2592000" - csrfCookie: "3600000" - authCookie: "900000" - - env: - serverEnvType: development - maxSizeLRUCacheRR: 1000 - - resources: - ae: - limits: - cpu: 1500m - memory: 1024Mi - requests: - cpu: 1 - memory: 512Mi - initContainer: - limits: - cpu: 500m - memory: 256Mi - requests: - cpu: 200m - memory: 128Mi - - autoscaling: - enabled: false - minReplicas: 2 - maxReplicas: 5 - targetAverageUtilization: 80 - -resourceRegistry: - install: true - - # Private images for resource registry - images: - resourceRegistry: us.icr.io//dba-etcd:19.0.2 - keytoolInitcontainer: us.icr.io//dba-keytool-initcontainer:19.0.2 - pullPolicy: Always - - # TLS configurations - tls: - tlsSecretName: rr-tls-secret - - # Resource registry cluster size - replicaCount: 1 - - # RR Resource config - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 200m - memory: 256Mi - - # data persistence config - persistence: - enabled: false - useDynamicProvisioning: true - storageClassName: "manual" - accessMode: "ReadWriteOnce" - size: 3Gi - - livenessProbe: - enabled: true - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 - successThreshold: 1 - - readinessProbe: - enabled: true - initialDelaySeconds: 15 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - - logLevel: info -``` -**2. Generate and customize the deployment YAML files:** - -a.Generate the output folder: -```console -mkdir yamls -``` -b.Generate the deployment YAML files into the created folder: - -```console -helm template --name --namespace --output-dir ./yamls -f aae-values.yaml ibm-dba-aae-prod-1.0.0.tgz -``` -**3. Move to the aae-yamls folder. Remove the test folders:** -```console - rm -rf ./yamls/ibm-dba-aae-prod/charts/appengine/templates/tests - rm -rf ./yamls/ibm-dba-aae-prod/charts/resourceRegistry/templates/tests - rm -rf ./yamls/ibm-dba-aae-prod/templates/tests -``` - -**4. Apply the YAML definitions by running the following command:** -```console -kubectl apply -R -f ./yamls -``` - -## Creating the Navigator service and configuring its UMS -1. Create the Navigator service on MOCP: -* /~https://github.com/icp4a/cert-kubernetes/blob/19.0.1/NAVIGATOR/platform/README_Eval_ROKS.md - -2. Configure it to connect to UMS: -* https://www.ibm.com/support/pages/node/1073240 - -3. Configure it to work with App Engine and IBM Business Automation Workflow using the following instructions: -* [Configuring App Engine with IBM Business Automation Navigator](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_aeconfig_ban.html) -* [Publishing apps](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.bas/topics/tsk_bas_publishapps.html) -* [Configuring App Engine with IBM Business Automation Workflow](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_aeconfig_baw.html) - -## References -* /~https://github.com/icp4a/cert-kubernetes/blob/master/AAE/README.md -* /~https://github.com/icp4a/cert-kubernetes/blob/master/UMS/platform/README-ROKS.md -* https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_prepare_bas.html -* https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_install_bas.html - diff --git a/ACA/README_config.md b/ACA/README_config.md new file mode 100644 index 00000000..f9626d69 --- /dev/null +++ b/ACA/README_config.md @@ -0,0 +1,120 @@ +# IBM® Business Automation Content Analyzer +========= + +## Introduction + +This readme provide instruction to deploy IBM Business Automation Content Analyzer with IBM® Cloud Pak for Automation platform. IBM Business Automation Content Analyzer offers the power of intelligent capture with the flexibility of an API that enables you to extend the value of your core enterprise content management (ECM) technology stack and helps you rapidly accelerate extraction and classification of data in your documents. + + +Requirements to Prepare Your Environment +------------ + +### Step 1 - Preparing users for Content Analyzer + +Content Analyzer users need to be configured on the LDAP server. +See [Preparing users for Content Analyzer](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_prepare_bacak8s_usergroups.html) for detailed instructions. + +### Step 2 - Create DB2 databases for Content Analyzer + +For development or testing purposes, you can skip this step and move to "Step 3 - Initialize the Content Analyzer Base database" if you prefer for the Content Analyzer scripts to create the database for you. + +See [Create the Db2 database](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_prepare_bacak8s_createdb2.html) for detailed instructions. + +### Step 3 - Initialize the Content Analyzer Base database + +If you do not have a Db2® database set up, do so now. + +See [Initializing the Content Analyzer Base database](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_prepare_bacak8s_db.html) for detailed instructions. + +### Step 4 - Initialize the Content Analyzer Tenant database(s) + +If you do not have a tenant database, set up a Db2 tenant database. + +See [Initializing the Tenant database](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_prepare_bacak8s_dbtenant.html) for detailed instructions. + +### Step 5 - Optional - DB2 High-Availability + +You can set up a Db2 High Availability Disaster Recovery (HADR) database. + +See [Setting up Db2 High-Availability](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_prepare_cadb2ha.html) for detailed instructions. + +### Step 6 - Create prerequisite resources for IBM Business Automation Content Analyzer + +Set up and configure storage to prepare for the container configuration and deployment. You set up permissions to PVC directories, label worker nodes, create the docker secret, create security, and enable SSL communication for LDAP if necessary. + +See [Configuring storage and the environment](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_prepare_bacak8s_storage.html) for detailed instructions. + +### Step 7 - Configuring the CR YAML file + +Update the custom YAML file to provide the details that are relevant to your IBM Business Automation Content Analyzer and your decisions for the deployment of the container. + +See [Content Analyzer parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_k8sca_operparams.html) for detailed instructions. + +### Step 8 - Deployment +----------- +1) Once all the required parameters have been filled out for Content Analyzer, the CR can be applied by + +``` + +oc -n apply -f + +``` +where: +`ns` is the namespace name where you want to install Content Analyzer. +`CR yaml` is the CR yaml name. + +2) The Operator container will deploy Content Analyzer. For more information about Operator, please refer to +/~https://github.com/icp4a/cert-kubernetes/tree/19.0.3/ + + + +Post Deployment +-------------- + +## Post Deployment steps for route (OpenShift) setup + +You can deploy IBM Business Automation Content Analyzer by using an OpenShift route as the ingress point to provide fronted and backend services through an externally reachable, unique hostname such as www.backend.example.com and www.frontend.example.com. A defined route and the endpoints, which are identified by its service, can be consumed by a router to provide named connectivity that allows external clients to reach your applications. + +See [Configuring an OpenShift route](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_postcadeploy_routeOS.html) for detailed instructions. + +## Post Deployment steps for NodePort (Non OpenShift) setup + +You can modify your LoadBalancer, like the HAProxy, in the Kubernetes cluster to route the request to a specific node port. + +See [Configuring routing to a node port](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_postcadeploy_nodeport_NOS.html) for detailed instructions. + +## Troubleshooting + +This section describes how to get various logs for Content Analyzer. + +### Installation: + +- Retreieve the Ansible installation logs: + +``` +kubectl logs deployment/ibm-cp4a-operator -c operator > Operator.log + +kubectl logs deployment/ibm-cp4a-operator -c ansible > Ansible.log +``` + +### Post install: + +- Content Analyzer logs are located in the log pvc. Logs are separated into sub-folders based on the component names. + +``` +├── backend +├── callerapi +├── classifyprocess-classify +├── frontend +├── mongo +├── mongoadmin +├── ocr-extraction +├── pdfprocess +├── postprocessing +├── processing-extraction +├── setup +├── updatefiledetail +└── utf8process + +``` + diff --git a/ACA/README_migrate.md b/ACA/README_migrate.md new file mode 100644 index 00000000..86dccd4d --- /dev/null +++ b/ACA/README_migrate.md @@ -0,0 +1,28 @@ +# IBM® Business Automation Content Analyzer +========= + +## Introduction + +With these instructions, you can deploy IBM Business Automation Content Analyzer with IBM® Cloud Pak for Automation platform. IBM Business Automation Content Analyzer offers the power of intelligent capture with the flexibility of an API that enables you to extend the value of your core enterprise content management (ECM) technology stack and helps you rapidly accelerate extraction and classification of data in your documents. + + +Upgrade +----------- +## Upgrade from 19.0.1 to 19.0.3 +Upgrade from Content Analyzer 19.0.1 to 19.0.3 is not supported. + +## Upgrade from 19.0.2 to 19.0.3 + +- To upgrade from Content Analyzer 19.0.2 to 19.0.3, do the following steps: + - Back up your ontology through the export function from the UI. + - Back up your Content Analyzer's Base database and Tenant database. + - Copy the `DB2` [folder](/~https://github.com/icp4a/cert-kubernetes/tree/19.0.3/ACA/configuration-ha) to the DB2 server. + - Run the `UpgradeTenantDB.sh` from your database server as `db2inst1` user. + - Delete the previous Content Analyzer 19.0.2 instance by running `delete_ContentAnalyzer.sh`. +- Deploy Content Analyzer 19.0.3 using Operator. Make sure to reuse the Base database and Tenant database by filling out the CR yaml file properly. + + +## Rolling back an upgrade +- Delete the current version of Content Analyzer by following the [README_uninstall.md](README_uninstall.md) +- Restore the Content Analyzer's Base database and Tenant database to the previous release. For example: Restore the Base database and Tenant database to 19.0.2, that you previously backed up, if you want to rollback to 19.0.2. +- Follow the installation procedure to deploy Content Analyzer for that specific version. diff --git a/ACA/README_uninstall.md b/ACA/README_uninstall.md new file mode 100644 index 00000000..effd8ac3 --- /dev/null +++ b/ACA/README_uninstall.md @@ -0,0 +1,20 @@ +# IBM® Business Automation Content Analyzer +========= + +## Introduction + +With these instructions, you can uninstall IBM Business Automation Content Analyzer with IBM® Cloud Pak for Automation platform. IBM Business Automation Content Analyzer offers the power of intelligent capture with the flexibility of an API that enables you to extend the value of your core enterprise content management (ECM) technology stack and helps you rapidly accelerate extraction and classification of data in your documents. + + +Uninstall +----------- +1. Backup your ontology. +2. In the CR yaml file: comment out the `ca_configuration` section + +3. Apply the CR. For example: `oc apply -f [PATH TO CR YAML]` + +4. Delete all the subdirectories under the Content Analyzer Data PVC. + +5. Delete all the subdirectories under the Content Analyzer Config PVC. + +6. Delete all the subdirectories under the CA Log PVC. diff --git a/ACA/README_update.md b/ACA/README_update.md new file mode 100644 index 00000000..fa327dc6 --- /dev/null +++ b/ACA/README_update.md @@ -0,0 +1,23 @@ +# IBM® Business Automation Content Analyzer +========= + +## Introduction + +With these instructions, you can update IBM Business Automation Content Analyzer with IBM® Cloud Pak for Automation platform. IBM Business Automation Content Analyzer offers the power of intelligent capture with the flexibility of an API that enables you to extend the value of your core enterprise content management (ECM) technology stack and helps you rapidly accelerate extraction and classification of data in your documents. + + + +## Redeploying Content Analyzer if changes are made to the Role Variables +If you need to make changes to Content Analyzer deployment, you must redeploy Content Analyzer by doing the following: + +Note that this process removes any documents that you processed in Content Analyzer. Download any needed document output from Content Analyzer before doing these steps. + +1) In the CR yaml file: comment out the `ca_configuration` section. + +2) Apply the CR. For example: `oc apply -f [PATH TO CR YAML]`. + +3) Delete the contents under the Content Analyzer Data PVC and Content Analyzer Config PVC. + +4) In the CR yaml file: uncomment the `ca_configuration` section and make the changes. + +5) Apply the CR. For example: `oc apply -f [PATH TO CR YAML]`. diff --git a/BACA/configuration-ha/DB2/AddOntology.sh b/ACA/configuration-ha/DB2/AddOntology.sh similarity index 100% rename from BACA/configuration-ha/DB2/AddOntology.sh rename to ACA/configuration-ha/DB2/AddOntology.sh diff --git a/BACA/configuration-ha/DB2/AddTenant.bat b/ACA/configuration-ha/DB2/AddTenant.bat similarity index 50% rename from BACA/configuration-ha/DB2/AddTenant.bat rename to ACA/configuration-ha/DB2/AddTenant.bat index 05ab9be2..6686f3fd 100755 --- a/BACA/configuration-ha/DB2/AddTenant.bat +++ b/ACA/configuration-ha/DB2/AddTenant.bat @@ -1,143 +1,205 @@ -@echo off - -SETLOCAL -echo Enter '1' to add new tenant and an ontology. -echo Enter '2' to add an ontology for an existing tenant database. -echo Enter anything to abort - -set /p choice="Type input: " - -set /p tenant_id= Enter the tenant ID for the new tenant: (eg. t4900) : - -set /p tenant_db_name= Enter the name of the new BACA tenant database to create: (eg. t4900) : - -set /p baca_database_server_ip= Enter the host/IP of the tenant database server. : - -set /p baca_database_port= Enter the port of the tenant database server : - -set /p tenant_db_user= Please enter the name of tenant database user. If no value is entered we will use the following default value 'tenantuser' : -IF NOT DEFINED tenant_db_user SET "tenant_db_user=tenantuser" - -set /p tenant_db_pwd= Enter the password for the tenant database user: - -set /p tenant_ontology= Enter the tenant ontology name. If nothing is entered, the default name will be used 'default' : -IF NOT DEFINED tenant_ontology SET "tenant_ontology=default" - -set /p base_db_name= Enter the name of the Base BACA database with the TENANTINFO Table. If nothing is entered, we will use the following default value 'CABASEDB': -IF NOT DEFINED base_db_name SET "base_db_name=CABASEDB" - -set /p base_db_user= Enter the name of the database user for the Base BACA database. If nothing is entered, we will use the following default value 'CABASEUSER' : -IF NOT DEFINED base_db_user SET "base_db_user=CABASEUSER" - -set /p tenant_company= Please enter the company name for the initial BACA user : - -set /p tenant_first_name= Please enter the first name for the initial BACA user : - -set /p tenant_last_name= Please enter the last name for the initial BACA user : - -set /p tenant_email= Please enter a valid email address for the initial BACA user : - -set /p tenant_user_name= Please enter the login name for the initial BACA user : - -set /p ssl= Please enter the login name for the initial BACA user : - -echo "-- Please confirm these are the desired settings:" -echo " - tenant ID: %tenant_id%" -echo " - tenant database name: %tenant_db_name%" -echo " - database server hostname/IP: %baca_database_server_ip%" -echo " - database server port: %baca_database_port%" -echo " - tenant database user: %tenant_db_user%" -echo " - ontology name: %tenant_ontology%" -echo " - base database: %base_db_name%" -echo " - base database user: %base_db_user%" -echo " - tenant company name: %tenant_company%" -echo " - tenant first name: %tenant_first_name%" -echo " - tenant last name: %tenant_last_name%" -echo " - tenant email address: %tenant_email%" -echo " - tenant login name: %tenant_user_name%" - -set /P c=Are you sure you want to continue[Y/N]? -if /I "%c%" EQU "Y" goto :DOCREATE -if /I "%c%" EQU "N" goto :DOEXIT - -:DOCREATE - echo "Running the db script" - REM adding new teneant db need to create db first - IF "%choice%"=="1" ( - echo "Creating db on user input" - db2 CREATE DATABASE %tenant_db_name% AUTOMATIC STORAGE YES USING CODESET UTF-8 TERRITORY DEFAULT COLLATE USING SYSTEM PAGESIZE 32768 - db2 CONNECT TO %tenant_db_name% - db2 GRANT CONNECT,DATAACCESS ON DATABASE TO USER %tenant_db_user% - db2 GRANT USE OF TABLESPACE USERSPACE1 TO USER %tenant_db_user% - db2 CONNECT RESET - ) - - REM create schema - echo "Connecting to db and creating schema" - db2 CONNECT TO %tenant_db_name% - db2 CREATE SCHEMA %tenant_ontology% - db2 SET SCHEMA %tenant_ontology% - - REM create tables - echo "creating schema tables" - db2 -stvf sql\CreateBacaTables.sql - - REM table permissions to tenant user - echo "Giving permissions on tables" - db2 GRANT ALTER ON TABLE DOC_CLASS TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE DOC_ALIAS TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE KEY_CLASS TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE KEY_ALIAS TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE CWORD TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE HEADING TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE HEADING_ALIAS TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE USER_DETAIL TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE INTEGRATION TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE IMPORT_ONTOLOGY TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE API_INTEGRATIONS_OBJECTSSTORE TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE SMARTPAGES_OPTIONS TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE FONTS TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE FONTS_TRANSID TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE DB_BACKUP TO USER %tenant_db_user% - - REM load the tenant Db - echo "Loading default data into tables" - db2 load from CSVFiles\doc_class.csv of del modified by identityoverride insert into doc_class - db2 load from CSVFiles\key_class.csv of del modified by identityoverride insert into key_class - db2 load from CSVFiles\doc_alias.csv of del modified by identityoverride insert into doc_alias - db2 load from CSVFiles\key_alias.csv of del modified by identityoverride insert into key_alias - db2 load from CSVFiles\cword.csv of del modified by identityoverride insert into cword - db2 load from CSVFiles\heading.csv of del modified by identityoverride insert into heading - db2 load from CSVFiles\heading_alias.csv of del modified by identityoverride insert into heading_alias - db2 load from CSVFiles\key_class_dc.csv of del modified by identityoverride insert into key_class_dc - db2 load from CSVFiles\doc_alias_dc.csv of del modified by identityoverride insert into doc_alias_dc - db2 load from CSVFiles\key_alias_dc.csv of del modified by identityoverride insert into key_alias_dc - db2 load from CSVFiles\key_alias_kc.csv of del modified by identityoverride insert into key_alias_kc - db2 load from CSVFiles\heading_dc.csv of del modified by identityoverride insert into heading_dc - db2 load from CSVFiles\heading_alias_dc.csv of del modified by identityoverride insert into heading_alias_dc - db2 load from CSVFiles\heading_alias_h.csv of del modified by identityoverride insert into heading_alias_h - db2 load from CSVFiles\cword_dc.csv of del modified by identityoverride insert into cword_dc - db2 connect reset - - REM Insert InsertTenant - echo "Connecting to base database to insert tenant info" - db2 connect to %base_db_name% - db2 set schema %base_db_user% - db2 insert into TENANTINFO (tenantid,ontology,tenanttype,rdbmsengine,bacaversion,rdbmsconnection) values ( '%tenant_id%', '%tenant_ontology%', 0, 'DB2', '1.1', encrypt('DATABASE=%tenant_db_name%;HOSTNAME=%baca_database_server_ip%;PORT=%baca_database_port%;PROTOCOL=TCPIP;UID=%tenant_db_user%;PWD=%tenant_db_pwd%;','AES_KEY')) - db2 connect reset - - REM Insert InsertUser - echo "Connecting to tenant database to insert initial userinfo" - db2 connect to %tenant_db_name% - db2 set schema %tenant_ontology% - db2 insert into user_detail (email,first_name,last_name,user_name,company,expire) values ('%tenant_email%','%tenant_first_name%','%tenant_last_name%','%tenant_user_name%','%tenant_company%',10080) - db2 insert into login_detail (user_id,role,status,logged_in) select user_id,'Admin','1',0 from user_detail where email='%tenant_email%' - db2 connect reset - goto END -:DOEXIT - echo "Exited on user input" - goto END -:END - echo "END" - -ENDLOCAL +@echo off + +SETLOCAL + +IF NOT DEFINED skip_create_tenant_db ( + set skip_create_tenant_db=false +) + +IF "%skip_create_tenant_db%"=="true" ( + echo -- + echo This script will initialize an existing DB2 database for use as a BACA tenant database and add an ontology. + set choice="2" + echo -- +) ELSE ( + echo -- + echo Enter '1' to create an new DB2 database and initialize the database as a tenant DB and create an ontology. An existing database user must exist. + echo Enter '2' to add an ontology for an existing tenant database. + echo Enter '3' to abort. + + set /p choice="Type input: " +) + + +if /I "%choice%" EQU "3" goto :DOEXIT + +set /p tenant_id= Enter the tenant ID for the new tenant: (eg. t4900) : + +IF NOT "%skip_create_tenant_db%"=="true" ( + set /p tenant_db_name= "Enter the name of the new DB2 database to create for the BACA tenant. Please follow the DB2 naming rules :" +) ELSE ( + set /p tenant_db_name= "Enter the name of the existing DB2 database to use for the BACA tenant database (eg. t4900) :" +) +set tenant_dsn_name=%tenant_db_name% + +set /p baca_database_server_ip= "Enter the host/IP of the DB2 database server for the tenant database. :" + +set /p baca_database_port= "Enter the port of the DB2 database server for the tenant database :" + +set /p tenant_db_user= "Please enter the name of tenant database user. If no value is entered we will use the following default value 'tenantuser' :" +IF NOT DEFINED tenant_db_user SET "tenant_db_user=tenantuser" + +REM Use powershell to mask password +set "psCommand=powershell -Command "$pword = read-host 'Enter the password for the tenant database user:' -AsSecureString ; ^ + $BSTR=[System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($pword); ^ + [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)"" +for /f "usebackq delims=" %%p in (`%psCommand%`) do set tenant_db_pwd=%%p +REM Alternative way to prompt for pwd without masking +REM set /p tenant_db_pwd= "Enter the password for the tenant database user:" + +set /p tenant_ontology= "Enter the tenant ontology name. If nothing is entered, the default name will be used 'default' :" +IF NOT DEFINED tenant_ontology SET "tenant_ontology=default" + +set /p base_db_name= "Enter the name of the DB2 BACA Base database with the TENANTINFO Table. If nothing is entered, we will use the following default value 'CABASEDB': " +IF NOT DEFINED base_db_name SET "base_db_name=CABASEDB" + +set /p base_db_user= "Enter the name of the database user for the Base BACA database. If nothing is entered, we will use the following default value 'CABASEUSER' : " +IF NOT DEFINED base_db_user SET "base_db_user=CABASEUSER" + +set /p tenant_company= "Please enter the company name for the initial BACA user :" + +set /p tenant_first_name= "Please enter the first name for the initial BACA user :" + +set /p tenant_last_name= "Please enter the last name for the initial BACA user :" + +set /p tenant_email= "Please enter a valid email address for the initial BACA user : " + +set /p tenant_user_name= "Please enter the login name for the initial BACA user (IMPORTANT: if you are using LDAP, you must use the LDAP user name):" + +IF NOT DEFINED rdbmsconnection SET "rdbmsconnection=DSN=%tenant_dsn_name%;UID=%tenant_db_user%;PWD=%tenant_db_pwd%;" +set /p ssl= "Please enter if database is enabled for SSL default is false [Y/N] :" +if /I "%ssl%" EQU "Y" ( + SET rdbmsconnection=%rdbmsconnection%Security=SSL; +) +echo "-- Please confirm these are the desired settings:" +echo " - tenant ID: %tenant_id%" +echo " - tenant database name: %tenant_db_name%" +echo " - database server hostname/IP: %baca_database_server_ip%" +echo " - database server port: %baca_database_port%" +echo " - tenant database user: %tenant_db_user%" +echo " - ontology name: %tenant_ontology%" +echo " - base database: %base_db_name%" +echo " - base database user: %base_db_user%" +echo " - tenant company name: %tenant_company%" +echo " - tenant first name: %tenant_first_name%" +echo " - tenant last name: %tenant_last_name%" +echo " - tenant email address: %tenant_email%" +echo " - tenant login name: %tenant_user_name%" +echo " - tenant ssl: %ssl%" + +set /P c=Are you sure you want to continue[Y/N]? +if /I "%c%" EQU "Y" goto :DOCREATE +if /I "%c%" EQU "N" goto :DOEXIT + +:DOCREATE + echo "Running the db script" + REM adding new teneant db need to create db first + IF "%choice%"=="1" ( + echo "Creating database" + db2 CREATE DATABASE %tenant_db_name% AUTOMATIC STORAGE YES USING CODESET UTF-8 TERRITORY DEFAULT COLLATE USING SYSTEM PAGESIZE 32768 + db2 CONNECT TO %tenant_db_name% + db2 GRANT CONNECT,DATAACCESS ON DATABASE TO USER %tenant_db_user% + db2 GRANT USE OF TABLESPACE USERSPACE1 TO USER %tenant_db_user% + db2 CONNECT RESET + ) + + REM create schema + echo -- + echo "Connecting to db and creating schema" + db2 CONNECT TO %tenant_db_name% + db2 CREATE SCHEMA %tenant_ontology% + db2 SET SCHEMA %tenant_ontology% + + REM create tables + echo -- + echo "Creating BACA tables" + db2 -stvf sql\CreateBacaTables.sql + + REM table permissions to tenant user + echo -- + echo "Giving permissions on tables" + db2 GRANT ALTER ON TABLE DOC_CLASS TO USER %tenant_db_user% + db2 GRANT ALTER ON TABLE DOC_ALIAS TO USER %tenant_db_user% + db2 GRANT ALTER ON TABLE KEY_CLASS TO USER %tenant_db_user% + db2 GRANT ALTER ON TABLE KEY_ALIAS TO USER %tenant_db_user% + db2 GRANT ALTER ON TABLE CWORD TO USER %tenant_db_user% + db2 GRANT ALTER ON TABLE HEADING TO USER %tenant_db_user% + db2 GRANT ALTER ON TABLE HEADING_ALIAS TO USER %tenant_db_user% + db2 GRANT ALTER ON TABLE USER_DETAIL TO USER %tenant_db_user% + db2 GRANT ALTER ON TABLE INTEGRATION TO USER %tenant_db_user% + db2 GRANT ALTER ON TABLE IMPORT_ONTOLOGY TO USER %tenant_db_user% + db2 GRANT ALTER ON TABLE API_INTEGRATIONS_OBJECTSSTORE TO USER %tenant_db_user% + db2 GRANT ALTER ON TABLE SMARTPAGES_OPTIONS TO USER %tenant_db_user% + db2 GRANT ALTER ON TABLE FONTS TO USER %tenant_db_user% + db2 GRANT ALTER ON TABLE FONTS_TRANSID TO USER %tenant_db_user% + db2 GRANT ALTER ON TABLE DB_BACKUP TO USER %tenant_db_user% + db2 GRANT ALTER ON TABLE PATTERN TO USER %tenant_db_user% + db2 GRANT ALTER ON TABLE DOCUMENT TO USER %tenant_db_user% + db2 GRANT ALTER ON TABLE TRAINING_LOG TO USER %tenant_db_user% + + REM load the tenant Db + echo "Loading default data into tables" + db2 load from CSVFiles\doc_class.csv of del insert into doc_class + db2 load from CSVFiles\key_class.csv of del modified by identityoverride insert into key_class + db2 load from CSVFiles\doc_alias.csv of del modified by identityoverride insert into doc_alias + db2 load from CSVFiles\key_alias.csv of del modified by identityoverride insert into key_alias + db2 load from CSVFiles\cword.csv of del modified by identityoverride insert into cword + db2 load from CSVFiles\heading.csv of del modified by identityoverride insert into heading + db2 load from CSVFiles\heading_alias.csv of del modified by identityoverride insert into heading_alias + db2 load from CSVFiles\key_class_dc.csv of del modified by identityoverride insert into key_class_dc + db2 load from CSVFiles\doc_alias_dc.csv of del modified by identityoverride insert into doc_alias_dc + db2 load from CSVFiles\key_alias_dc.csv of del modified by identityoverride insert into key_alias_dc + db2 load from CSVFiles\key_alias_kc.csv of del modified by identityoverride insert into key_alias_kc + db2 load from CSVFiles\heading_dc.csv of del modified by identityoverride insert into heading_dc + db2 load from CSVFiles\heading_alias_dc.csv of del modified by identityoverride insert into heading_alias_dc + db2 load from CSVFiles\heading_alias_h.csv of del modified by identityoverride insert into heading_alias_h + db2 load from CSVFiles\cword_dc.csv of del modified by identityoverride insert into cword_dc + + echo -- + echo "SET INTEGRITY ..." + db2 set integrity for key_class_dc immediate checked + db2 set integrity for doc_alias_dc immediate checked + db2 set integrity for key_alias_dc immediate checked + db2 set integrity for key_alias_kc immediate checked + db2 set integrity for heading_dc immediate checked + db2 set integrity for heading_alias_dc immediate checked + db2 set integrity for heading_alias_h immediate checked + db2 set integrity for cword_dc immediate checked + + echo -- + echo "ALTER TABLE ..." + db2 alter table doc_class alter column doc_class_id restart with 10 + db2 alter table doc_alias alter column doc_alias_id restart with 11 + db2 alter table key_class alter column key_class_id restart with 202 + db2 alter table key_alias alter column key_alias_id restart with 239 + db2 alter table cword alter column cword_id restart with 76 + db2 alter table heading alter column heading_id restart with 3 + db2 alter table heading_alias alter column heading_alias_id restart with 3 + + db2 connect reset + + REM Insert InsertTenant + echo -- + echo "Connecting to base database to insert tenant info" + db2 connect to %base_db_name% + db2 set schema %base_db_user% + db2 insert into TENANTINFO (tenantid,ontology,tenanttype,dailylimit,rdbmsengine,bacaversion,rdbmsconnection,dbname,dbuser,tenantdbversion) values ( '%tenant_id%', '%tenant_ontology%', 0, 0, 'DB2', '1.3', encrypt('%rdbmsconnection%','AES_KEY'),'%tenant_db_name%','%tenant_db_user%','1.3') + db2 connect reset + + REM Insert InsertUser + echo -- + echo "Connecting to tenant database to insert initial userinfo" + db2 connect to %tenant_db_name% + db2 set schema %tenant_ontology% + db2 insert into user_detail (email,first_name,last_name,user_name,company,expire) values ('%tenant_email%','%tenant_first_name%','%tenant_last_name%','%tenant_user_name%','%tenant_company%',10080) + db2 insert into login_detail (user_id,role,status,logged_in) select user_id,'Admin','1',0 from user_detail where email='%tenant_email%' + db2 connect reset + goto END +:DOEXIT + echo "Exited on user input" + goto END +:END + SET skip_create_tenant_db= + echo "END" + +ENDLOCAL diff --git a/BACA/configuration/DB2/AddTenant.sh b/ACA/configuration-ha/DB2/AddTenant.sh similarity index 54% rename from BACA/configuration/DB2/AddTenant.sh rename to ACA/configuration-ha/DB2/AddTenant.sh index 1f17c071..4f012f24 100755 --- a/BACA/configuration/DB2/AddTenant.sh +++ b/ACA/configuration-ha/DB2/AddTenant.sh @@ -1,4 +1,10 @@ #!/bin/bash + +# NOTES: +# This script will create a DB2 database and initialize the database for a Content Analyzer tenant and load it with default data. +# If you prefer to create your own database, and only want the script to initialize the existing database, +# please exit this script and run 'InitTenantDB.sh'. + . ./ScriptFunctions.sh INPUT_PROPS_FILENAME="./common_for_DB2.sh" @@ -16,13 +22,24 @@ if [[ "$NUMARGS" -gt 0 ]]; then use_existing_tenant=$1 fi - if [[ -z "$use_existing_tenant" || $use_existing_tenant -ne 1 ]]; then - echo -e "\n-- This script will create a BACA database and an ontology for a new tenant and load it with default data" - echo + if [[ -z "$tenant_db_exists" || $tenant_db_exists != "true" ]]; then + echo + echo "==================================================" + echo + echo -e "\nThis script will create a DB2 database and initialize the database for a Content Analyzer tenant and load it with default data." + echo + echo -e "If you prefer to create your own database, and only want the script to initialize the existing database, please exit this script and run 'InitTenantDB.sh'." + echo + echo "==================================================" + echo + else + echo -e "\n-- This script will initialize an existing database for a Content Analyzer tenant and load it with default data" + echo + fi fi -if [[ -z "$use_existing_tenant" || $use_existing_tenant -ne 1 ]]; then +if [[ -z "$use_existing_tenant" || $use_existing_tenant -ne 1 ]]; then echo "Enter the tenant ID for the new tenant: (eg. t4900)" else echo "Enter the tenant ID for the existing tenant: (eg. t4900)" @@ -38,7 +55,7 @@ if [[ -z "$use_existing_tenant" || $use_existing_tenant -ne 1 ]]; then while [[ $tenant_type == '' || $tenant_type != "0" && $tenant_type != "1" && $tenant_type != "2" ]] # While tenant_type is not valid/set do - echo -e "\n\x1B[1;31mEnter the tenanttype\x1B[0m" + echo -e "\n\x1B[1;31mEnter the tenant type\x1B[0m" echo -e "\x1B[1;31mChoose the number equivalent.\x1B[0m" echo -e "\x1B[1;34m0. Enterprise\x1B[0m" echo -e "\x1B[1;34m1. Trial\x1B[0m" @@ -57,10 +74,10 @@ fi echo -if [[ -z "$use_existing_tenant" || $use_existing_tenant -ne 1 ]]; then - echo "Enter the name of the new BACA tenant database to create: (eg. t4900)" +if [[ -z "$tenant_db_exists" || $tenant_db_exists != "true" ]]; then + echo "Enter the name of the new Content Analyzer Tenant database to create: " else - echo "Enter the name of the existing BACA tenant database: (eg. t4900)" + echo "Enter the name of an existing DB2 database to be used as the Content Analyzer Tenant database: " fi while [[ $tenant_db_name == '' ]] do @@ -74,23 +91,35 @@ do done done -if [[ -z "$baca_database_server_ip" ]]; then - echo -e "\nEnter the host/IP of the database server: " - read baca_database_server_ip +default_dsn_name=$tenant_db_name +if [[ -z "$tenant_dsn_name" ]]; then + echo -e "\nEnter the data source name. This will generally be same name as the " + echo -e "database name unless you specifiy a different value in the 'db2dsdriver.cfg'. " + echo -e "If nothing is entered, we will use the following default value : " $default_dsn_name + read tenant_dsn_name + if [[ -z "$tenant_dsn_name" ]]; then + tenant_dsn_name=$default_dsn_name + fi fi -default_dbport=50000 -if [[ -z "$baca_database_port" ]]; then - echo -e "\nEnter the port of the database server. If nothing is entered we will use the following default value: " $default_dbport - read baca_database_port - if [[ -z "$baca_database_port" ]]; then - baca_database_port=$default_dbport - fi -fi +# if [[ -z "$baca_database_server_ip" ]]; then +# echo -e "\nEnter the host/IP of the database server: " +# read baca_database_server_ip +# fi + +# default_dbport=50000 +# if [[ -z "$baca_database_port" ]]; then +# echo -e "\nEnter the port of the database server. If nothing is entered we will use the following default value: " $default_dbport +# read baca_database_port +# if [[ -z "$baca_database_port" ]]; then +# baca_database_port=$default_dbport +# fi +# fi default_ssl='No' if [[ -z "$ssl" ]]; then - echo -e "\nWould you like to enable SSL to communicate with DB2 server? If nothing is entered we will use the default value: " $default_ssl + echo -e "\nWould you like to enable SSL to communicate with DB2 server? (Please note that additional setup steps are required in order to use SSL with DB2.)" + echo -e "Please enter 'Yes' or 'No'. If nothing is entered we will use the default value of '" $default_ssl "'" read ssl if [[ -z "$ssl" ]]; then ssl=$default_ssl @@ -102,7 +131,7 @@ if [[ $use_existing_tenant -eq 1 ]]; then fi echo -echo "We need a non-admin database user that BACA will use to access your BACA tenant database." +echo "We need a non-admin database user that Content Analyzer will use to access your Content Analyzer Tenant database." while [[ -z "$tenant_db_user" || $tenant_db_user == "" ]] do echo @@ -125,7 +154,7 @@ do if [[ "$create_new_user" == "y" || "$create_new_user" = "Y" ]]; then echo "Please enter the name of database user to create: " else - echo "Please enter the name of an existing database user" + echo "Please enter the name of an existing database user with read and write privileges for the Content Analyzer Tenant database: " fi read tenant_db_user done @@ -188,7 +217,8 @@ fi default_basedb='BASECA' if [[ -z "$base_db_name" ]]; then - echo -e "\nEnter the name of the Base BACA database with the TENANTINFO Table. If nothing is entered, we will use the following default value : " $default_basedb + echo -e "\n-- Content Analyzer Base database info: --" + echo -e "\nEnter the name of the Base Content Analyzer Base database. If nothing is entered, we will use the following default value : " $default_basedb read base_db_name if [[ -z "$base_db_name" ]]; then base_db_name=$default_basedb @@ -197,7 +227,7 @@ fi default_basedb_user='CABASEUSER' if [[ -z "$base_db_user" ]]; then - echo -e "\nEnter the name of the database user for the Base BACA database. If nothing is entered, we will use the following default value : " $default_basedb_user + echo -e "\nEnter the name of the database user for the Content Analyzer Base database. If nothing is entered, we will use the following default value : " $default_basedb_user read base_db_user if [[ -z "$base_db_user" ]]; then base_db_user=$default_basedb_user @@ -210,7 +240,7 @@ fi # pwdconfirmed=0 # while [[ $pwdconfirmed -ne 1 ]] # While pwd is not yet received and confirmed (i.e. entered teh same time twice) # do -# echo "Enter the password for the BACA base database user: " +# echo "Enter the password for the Content Analyzer base database user: " # read -s base_tenant_db_pwd # while [[ $base_tenant_db_pwd == '' ]] # While pwd is empty... # do @@ -236,39 +266,39 @@ fi # done echo -echo "Now we will gather information about the initial BACA user that will be defined:" +echo "Now we will gather information about the initial Content Analyzer login user" while [[ $tenant_company == '' ]] do - echo -e "\nPlease enter the company name for the initial BACA user:" + echo -e "\nPlease enter the company name for the initial Content Analyzer user:" read tenant_company done while [[ $tenant_first_name == '' ]] do - echo -e "\nPlease enter the first name for the initial BACA user:" + echo -e "\nPlease enter the first name for the initial Content Analyzer user:" read tenant_first_name done while [[ $tenant_last_name == '' ]] do - echo -e "\nPlease enter the last name for the initial BACA user:" + echo -e "\nPlease enter the last name for the initial Content Analyzer user:" read tenant_last_name done while [[ $tenant_email == '' || ! $tenant_email =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$ ]] do - echo -e "\nPlease enter a valid email address for the initial BACA user:" + echo -e "\nPlease enter a valid email address for the initial Content Analyzer user:" read tenant_email done while [[ $tenant_user_name == '' ]] do - echo -e "\nPlease enter the login name for the initial BACA user:" + echo -e "\nPlease enter the login name for the initial Content Analyzer user. (IMPORTANT: if you are using LDAP, the login name must the same as your LDAP username.)" read tenant_user_name done @@ -280,8 +310,8 @@ if [[ $use_existing_tenant -eq 1 ]]; then daily_limit=$(echo $resp | awk '{print $2}') fi -rdbmsconnection="DATABASE=$tenant_db_name;HOSTNAME=$baca_database_server_ip;PORT=$baca_database_port;PROTOCOL=TCPIP;UID=$tenant_db_user;PWD=$tenant_db_pwd;" -if [[ "$ssl" == "Yes" || "$ssl" == "y" || "$ssl" == "Y" ]]; then +rdbmsconnection="DSN=$tenant_dsn_name;UID=$tenant_db_user;PWD=$tenant_db_pwd;" +if [[ "$ssl" == "Yes" || "$ssl" == "yes" || "$ssl" == "YES" || "$ssl" == "y" || "$ssl" == "Y" ]]; then echo rdbmsconnection+="Security=SSL;" echo "--- with SSL rdbstring : " $rdbmsconnection @@ -298,8 +328,8 @@ echo " - tenant ID: $tenant_id" echo " - tenant type: $tenant_type" echo " - daily limit: $daily_limit" echo " - tenant database name: $tenant_db_name" -echo " - database server hostname/IP: $baca_database_server_ip" -echo " - database server port: $baca_database_port" +# echo " - database server hostname/IP: $baca_database_server_ip" +# echo " - database server port: $baca_database_port" echo " - database enabled for ssl : $ssl" if [[ $user_already_defined -ne 1 ]]; then echo " - tenant database user will be created by this script" @@ -331,10 +361,37 @@ if [[ $user_already_defined -ne 1 ]]; then sudo chage -E -1 -M -1 $tenant_db_user fi +# -------- convert certain variables to lower-case to standardize ---- +if [[ ! -z "$tenant_db_exists" ]]; then + tenant_db_exists=$(echo "$tenant_db_exists" | tr '[:upper:]' '[:lower:]') +fi + +if [[ ! -z "$skip_setup_schema" ]]; then + skip_setup_schema=$(echo "$skip_setup_schema" | tr '[:upper:]' '[:lower:]') +fi + +if [[ ! -z "$skip_load_data" ]]; then + skip_load_data=$(echo "$skip_load_data" | tr '[:upper:]' '[:lower:]') +fi + +if [[ ! -z "$skip_set_integrity" ]]; then + skip_set_integrity=$(echo "$skip_set_integrity" | tr '[:upper:]' '[:lower:]') +fi + +if [[ ! -z "$skip_insert_tenant" ]]; then + skip_insert_tenant=$(echo "$skip_insert_tenant" | tr '[:upper:]' '[:lower:]') +fi + +if [[ ! -z "$skip_insert_user" ]]; then + skip_insert_user=$(echo "$skip_insert_user" | tr '[:upper:]' '[:lower:]') +fi +# ----- end convert variables ------ + + # Only create DB for new tenants if [[ $use_existing_tenant -ne 1 ]]; then # allow using existing DB if the flag "tenant_db_exists" is true - if [[ -z "$tenant_db_exists" || $tenant_db_exists == "false" ]]; then + if [[ -z "$tenant_db_exists" || $tenant_db_exists != "true" ]]; then cp sql/CreateDB.sql.template sql/CreateDB.sql sed -i s/\$tenant_db_name/"$tenant_db_name"/ sql/CreateDB.sql sed -i s/\$tenant_db_user/"$tenant_db_user"/ sql/CreateDB.sql @@ -344,60 +401,76 @@ if [[ $use_existing_tenant -ne 1 ]]; then fi fi -cp sql/CreateBacaSchema.sql.template sql/CreateBacaSchema.sql -sed -i s/\$tenant_db_name/"$tenant_db_name"/ sql/CreateBacaSchema.sql -sed -i s/\$tenant_ontology/"$tenant_ontology"/ sql/CreateBacaSchema.sql -echo -e "\nRunning script: sql/CreateBacaSchema.sql" -db2 -stvf sql/CreateBacaSchema.sql - -echo -e "\nRunning script: sql/CreateBacaTables.sql" -db2 -tf sql/CreateBacaTables.sql -echo "CONNECT RESET" -db2 "CONNECT RESET" - -cp sql/TablePermissions.sql.template sql/TablePermissions.sql -sed -i s/\$tenant_db_name/"$tenant_db_name"/ sql/TablePermissions.sql -sed -i s/\$tenant_db_user/"$tenant_db_user"/ sql/TablePermissions.sql -sed -i s/\$tenant_ontology/"$tenant_ontology"/ sql/TablePermissions.sql -echo -e "\nRunning script: sql/TablePermissions.sql" -db2 -stvf sql/TablePermissions.sql - -cp sql/LoadData.sql.template sql/LoadData.sql -sed -i s/\$tenant_db_name/"$tenant_db_name"/ sql/LoadData.sql -sed -i s/\$tenant_ontology/"$tenant_ontology"/ sql/LoadData.sql -echo -e "\nRunning script: sql/LoadData.sql" -db2 -stvf sql/LoadData.sql - -cp sql/InsertTenant.sql.template sql/InsertTenant.sql -sed -i s/\$base_db_name/"$base_db_name"/ sql/InsertTenant.sql -sed -i s/\$base_db_user/"$base_db_user"/ sql/InsertTenant.sql -sed -i s/\$tenant_id/"$tenant_id"/ sql/InsertTenant.sql -sed -i s/\$tenant_ontology/"$tenant_ontology"/ sql/InsertTenant.sql -sed -i s/\$tenant_db_name/"$tenant_db_name"/ sql/InsertTenant.sql -sed -i s/\$tenant_db_name/"$tenant_db_name"/ sql/InsertTenant.sql -sed -i s/\$baca_database_server_ip/"$baca_database_server_ip"/ sql/InsertTenant.sql -sed -i s/\$baca_database_port/"$baca_database_port"/ sql/InsertTenant.sql -sed -i s/\$tenant_db_user/"$tenant_db_user"/ sql/InsertTenant.sql -sed -i s/\$tenant_db_user/"$tenant_db_user"/ sql/InsertTenant.sql -sed -i s/\$tenant_db_pwd/"$tenant_db_pwd"/ sql/InsertTenant.sql -sed -i s/\$tenant_type/"$tenant_type"/ sql/InsertTenant.sql -sed -i s/\$daily_limit/"$daily_limit"/ sql/InsertTenant.sql -sed -i s/\$rdbmsconnection/"$rdbmsconnection"/ sql/InsertTenant.sql -echo -e "\nRunning script: sql/InsertTenant.sql" -db2 -stvf sql/InsertTenant.sql - - -cp sql/InsertUser.sql.template sql/InsertUser.sql -sed -i s/\$tenant_ontology/"$tenant_ontology"/ sql/InsertUser.sql -sed -i s/\$tenant_db_name/"$tenant_db_name"/ sql/InsertUser.sql -sed -i s/\$tenant_email/"$tenant_email"/ sql/InsertUser.sql -sed -i s/\$tenant_first_name/"$tenant_first_name"/ sql/InsertUser.sql -sed -i s/\$tenant_last_name/"$tenant_last_name"/ sql/InsertUser.sql -sed -i s/\$tenant_user_name/"$tenant_user_name"/ sql/InsertUser.sql -sed -i s/\$tenant_company/"$tenant_company"/ sql/InsertUser.sql -sed -i s/\$tenant_email/"$tenant_email"/ sql/InsertUser.sql -echo -e "\nRunning script: sql/InsertUser.sql" -db2 -stvf sql/InsertUser.sql +if [[ -z "$skip_setup_schema" || $skip_setup_schema != "true" ]]; then + cp sql/CreateBacaSchema.sql.template sql/CreateBacaSchema.sql + sed -i s/\$tenant_db_name/"$tenant_db_name"/ sql/CreateBacaSchema.sql + sed -i s/\$tenant_ontology/"$tenant_ontology"/ sql/CreateBacaSchema.sql + echo -e "\nRunning script: sql/CreateBacaSchema.sql" + db2 -stvf sql/CreateBacaSchema.sql + + echo -e "\nRunning script: sql/CreateBacaTables.sql" + db2 -tf sql/CreateBacaTables.sql + echo "CONNECT RESET" + db2 "CONNECT RESET" + + cp sql/TablePermissions.sql.template sql/TablePermissions.sql + sed -i s/\$tenant_db_name/"$tenant_db_name"/ sql/TablePermissions.sql + sed -i s/\$tenant_db_user/"$tenant_db_user"/ sql/TablePermissions.sql + sed -i s/\$tenant_ontology/"$tenant_ontology"/ sql/TablePermissions.sql + echo -e "\nRunning script: sql/TablePermissions.sql" + db2 -stvf sql/TablePermissions.sql +fi + +if [[ -z "$skip_load_data" || $skip_load_data != "true" ]]; then + cp sql/LoadData.sql.template sql/LoadData.sql + sed -i s/\$tenant_db_name/"$tenant_db_name"/ sql/LoadData.sql + sed -i s/\$tenant_ontology/"$tenant_ontology"/ sql/LoadData.sql + echo -e "\nRunning script: sql/LoadData.sql" + db2 -stvf sql/LoadData.sql +fi + + +if [[ -z "$skip_insert_tenant" || $skip_insert_tenant != "true" ]]; then + cp sql/InsertTenant.sql.template sql/InsertTenant.sql + sed -i s/\$base_db_name/"$base_db_name"/ sql/InsertTenant.sql + sed -i s/\$base_db_user/"$base_db_user"/ sql/InsertTenant.sql + sed -i s/\$tenant_id/"$tenant_id"/ sql/InsertTenant.sql + sed -i s/\$tenant_ontology/"$tenant_ontology"/ sql/InsertTenant.sql + sed -i s/\$tenant_db_name/"$tenant_db_name"/ sql/InsertTenant.sql + # sed -i s/\$baca_database_server_ip/"$baca_database_server_ip"/ sql/InsertTenant.sql + # sed -i s/\$baca_database_port/"$baca_database_port"/ sql/InsertTenant.sql + sed -i s/\$tenant_db_user/"$tenant_db_user"/ sql/InsertTenant.sql + sed -i s/\$tenant_db_pwd/"$tenant_db_pwd"/ sql/InsertTenant.sql + sed -i s/\$tenant_type/"$tenant_type"/ sql/InsertTenant.sql + sed -i s/\$daily_limit/"$daily_limit"/ sql/InsertTenant.sql + sed -i s/\$rdbmsconnection/"$rdbmsconnection"/ sql/InsertTenant.sql + echo -e "\nRunning script: sql/InsertTenant.sql" + db2 -stf sql/InsertTenant.sql +fi + + +if [[ -z "$skip_set_integrity" || $skip_set_integrity != "true" ]]; then + cp sql/SetIntegrity.sql.template sql/SetIntegrity.sql + sed -i s/\$tenant_db_name/"$tenant_db_name"/ sql/SetIntegrity.sql + sed -i s/\$tenant_ontology/"$tenant_ontology"/ sql/SetIntegrity.sql + echo -e "\nRunning script: sql/SetIntegrity.sql" + db2 -stvf sql/SetIntegrity.sql +fi + + +if [[ -z "$skip_insert_user" || $skip_insert_user != "true" ]]; then + cp sql/InsertUser.sql.template sql/InsertUser.sql + sed -i s/\$tenant_ontology/"$tenant_ontology"/ sql/InsertUser.sql + sed -i s/\$tenant_db_name/"$tenant_db_name"/ sql/InsertUser.sql + sed -i s/\$tenant_email/"$tenant_email"/ sql/InsertUser.sql + sed -i s/\$tenant_first_name/"$tenant_first_name"/ sql/InsertUser.sql + sed -i s/\$tenant_last_name/"$tenant_last_name"/ sql/InsertUser.sql + sed -i s/\$tenant_user_name/"$tenant_user_name"/ sql/InsertUser.sql + sed -i s/\$tenant_company/"$tenant_company"/ sql/InsertUser.sql + sed -i s/\$tenant_email/"$tenant_email"/ sql/InsertUser.sql + echo -e "\nRunning script: sql/InsertUser.sql" + db2 -stvf sql/InsertUser.sql +fi echo -e "\n-- Add completed succesfully. Tenant ID: $tenant_id , Ontology: $tenant_ontology \n" diff --git a/BACA/configuration-ha/DB2/CSVFiles/cword.csv b/ACA/configuration-ha/DB2/CSVFiles/cword.csv similarity index 100% rename from BACA/configuration-ha/DB2/CSVFiles/cword.csv rename to ACA/configuration-ha/DB2/CSVFiles/cword.csv diff --git a/BACA/configuration-ha/DB2/CSVFiles/cword_dc.csv b/ACA/configuration-ha/DB2/CSVFiles/cword_dc.csv similarity index 100% rename from BACA/configuration-ha/DB2/CSVFiles/cword_dc.csv rename to ACA/configuration-ha/DB2/CSVFiles/cword_dc.csv diff --git a/BACA/configuration-ha/DB2/CSVFiles/doc_alias.csv b/ACA/configuration-ha/DB2/CSVFiles/doc_alias.csv similarity index 100% rename from BACA/configuration-ha/DB2/CSVFiles/doc_alias.csv rename to ACA/configuration-ha/DB2/CSVFiles/doc_alias.csv diff --git a/BACA/configuration-ha/DB2/CSVFiles/doc_alias_dc.csv b/ACA/configuration-ha/DB2/CSVFiles/doc_alias_dc.csv similarity index 100% rename from BACA/configuration-ha/DB2/CSVFiles/doc_alias_dc.csv rename to ACA/configuration-ha/DB2/CSVFiles/doc_alias_dc.csv diff --git a/ACA/configuration-ha/DB2/CSVFiles/doc_class.csv b/ACA/configuration-ha/DB2/CSVFiles/doc_class.csv new file mode 100644 index 00000000..57170b28 --- /dev/null +++ b/ACA/configuration-ha/DB2/CSVFiles/doc_class.csv @@ -0,0 +1,10 @@ +0,__root,Reserved document class,0 +1,Balance Statement,This is a Sample,0 +2,Bill of Lading,This is a Sample,0 +3,Estimates,This is a Sample,0 +4,Invoice,This is a Sample,0 +5,Letter,This is a Sample,0 +6,Medical Record,This is a Sample,0 +7,Police Report,This is a Sample,0 +8,Power of Attorney,This is a Sample,0 +9,Pricing Schedule,This is a Sample,0 diff --git a/BACA/configuration-ha/DB2/CSVFiles/heading.csv b/ACA/configuration-ha/DB2/CSVFiles/heading.csv similarity index 100% rename from BACA/configuration-ha/DB2/CSVFiles/heading.csv rename to ACA/configuration-ha/DB2/CSVFiles/heading.csv diff --git a/BACA/configuration-ha/DB2/CSVFiles/heading_alias.csv b/ACA/configuration-ha/DB2/CSVFiles/heading_alias.csv similarity index 100% rename from BACA/configuration-ha/DB2/CSVFiles/heading_alias.csv rename to ACA/configuration-ha/DB2/CSVFiles/heading_alias.csv diff --git a/BACA/configuration-ha/DB2/CSVFiles/heading_alias_dc.csv b/ACA/configuration-ha/DB2/CSVFiles/heading_alias_dc.csv similarity index 100% rename from BACA/configuration-ha/DB2/CSVFiles/heading_alias_dc.csv rename to ACA/configuration-ha/DB2/CSVFiles/heading_alias_dc.csv diff --git a/BACA/configuration-ha/DB2/CSVFiles/heading_alias_h.csv b/ACA/configuration-ha/DB2/CSVFiles/heading_alias_h.csv similarity index 100% rename from BACA/configuration-ha/DB2/CSVFiles/heading_alias_h.csv rename to ACA/configuration-ha/DB2/CSVFiles/heading_alias_h.csv diff --git a/BACA/configuration-ha/DB2/CSVFiles/heading_dc.csv b/ACA/configuration-ha/DB2/CSVFiles/heading_dc.csv similarity index 100% rename from BACA/configuration-ha/DB2/CSVFiles/heading_dc.csv rename to ACA/configuration-ha/DB2/CSVFiles/heading_dc.csv diff --git a/BACA/configuration-ha/DB2/CSVFiles/key_alias.csv b/ACA/configuration-ha/DB2/CSVFiles/key_alias.csv similarity index 100% rename from BACA/configuration-ha/DB2/CSVFiles/key_alias.csv rename to ACA/configuration-ha/DB2/CSVFiles/key_alias.csv diff --git a/BACA/configuration-ha/DB2/CSVFiles/key_alias_dc.csv b/ACA/configuration-ha/DB2/CSVFiles/key_alias_dc.csv similarity index 100% rename from BACA/configuration-ha/DB2/CSVFiles/key_alias_dc.csv rename to ACA/configuration-ha/DB2/CSVFiles/key_alias_dc.csv diff --git a/BACA/configuration-ha/DB2/CSVFiles/key_alias_kc.csv b/ACA/configuration-ha/DB2/CSVFiles/key_alias_kc.csv similarity index 100% rename from BACA/configuration-ha/DB2/CSVFiles/key_alias_kc.csv rename to ACA/configuration-ha/DB2/CSVFiles/key_alias_kc.csv diff --git a/BACA/configuration-ha/DB2/CSVFiles/key_class.csv b/ACA/configuration-ha/DB2/CSVFiles/key_class.csv similarity index 100% rename from BACA/configuration-ha/DB2/CSVFiles/key_class.csv rename to ACA/configuration-ha/DB2/CSVFiles/key_class.csv diff --git a/BACA/configuration-ha/DB2/CSVFiles/key_class_dc.csv b/ACA/configuration-ha/DB2/CSVFiles/key_class_dc.csv similarity index 100% rename from BACA/configuration-ha/DB2/CSVFiles/key_class_dc.csv rename to ACA/configuration-ha/DB2/CSVFiles/key_class_dc.csv diff --git a/ACA/configuration-ha/DB2/CreateBaseDB.bat b/ACA/configuration-ha/DB2/CreateBaseDB.bat new file mode 100755 index 00000000..89d93e46 --- /dev/null +++ b/ACA/configuration-ha/DB2/CreateBaseDB.bat @@ -0,0 +1,56 @@ +@echo off +SETLOCAL + +IF NOT DEFINED skip_create_base_db ( + set skip_create_base_db=false +) + +IF "%skip_create_base_db%"=="true" ( + echo -- + echo This script will initialize an existing DB2 database for use as a BACA base database. + echo -- +) ELSE ( + echo -- + echo This script will create and initialize a new DB2 database for use as a BACA base database. An existing database user must exist. + echo -- +) + + +set /p base_db_name= Enter the name of the Base BACA database. If nothing is entered, we will use the following default value 'CABASEDB': +IF NOT DEFINED base_db_name SET "base_db_name=CABASEDB" + +set /p base_db_user= Enter the name of the database user for the Base BACA database. If nothing is entered, we will use the following default value 'CABASEUSER' : +IF NOT DEFINED base_db_user SET "base_db_user=CABASEUSER" + +set /P c=Are you sure you want to continue[Y/N]? +if /I "%c%" EQU "N" goto :DOEXIT + +IF "%skip_create_base_db%"=="true" ( + goto :DOCREATETABLE +) ELSE ( + goto :DOCREATE +) + +:DOCREATE + echo "Creating a database...." + db2 CREATE DATABASE %base_db_name% AUTOMATIC STORAGE YES USING CODESET UTF-8 TERRITORY DEFAULT COLLATE USING SYSTEM PAGESIZE 32768 + db2 CONNECT TO %base_db_name% + db2 GRANT CONNECT,DATAACCESS ON DATABASE TO USER %base_db_user% + db2 GRANT USE OF TABLESPACE USERSPACE1 TO USER %base_db_user% + db2 CONNECT RESET + goto DOCREATETABLE +:DOCREATETABLE + db2 CONNECT TO %base_db_name% + db2 SET SCHEMA %base_db_user% + echo "Creating table TENANTINFO...." + db2 CREATE TABLE TENANTINFO (tenantid varchar(128) NOT NULL,ontology varchar(128) not null,tenanttype smallint not null with default,dailylimit smallint not null with default 0,rdbmsengine varchar(128) not null,dbname varchar(255) not null,dbuser varchar(255) not null,bacaversion varchar(1024) not null,rdbmsconnection varchar(1024) for bit data default null,mongoconnection varchar(1024) for bit data default null,mongoadminconnection varchar(1024) for bit data default null,featureflags bigint not null with default 0,tenantdbversion varchar(255),CONSTRAINT tenantinfo_pkey PRIMARY KEY (tenantid, ontology) ) + db2 CONNECT RESET + goto END +:DOEXIT + echo "Exited on user input" + goto END +:END + set skip_create_base_db= + echo "END" + +ENDLOCAL \ No newline at end of file diff --git a/BACA/configuration/DB2/CreateBaseDB.sh b/ACA/configuration-ha/DB2/CreateBaseDB.sh similarity index 76% rename from BACA/configuration/DB2/CreateBaseDB.sh rename to ACA/configuration-ha/DB2/CreateBaseDB.sh index c0cd4a41..b60b688e 100755 --- a/BACA/configuration/DB2/CreateBaseDB.sh +++ b/ACA/configuration-ha/DB2/CreateBaseDB.sh @@ -1,5 +1,10 @@ #!/bin/bash +# NOTES: +# This script will create a new DB2 database to be used as the Content Analyzer Base database and initialize the database. +# If you prefer to create your own database, and only want the script to initialize the existing database, +# please exit this script and run 'InitBaseDB.sh'." + . ./ScriptFunctions.sh INPUT_PROPS_FILENAME="./common_for_DB2.sh" @@ -10,12 +15,26 @@ if [ -f $INPUT_PROPS_FILENAME ]; then fi default_basedb='BASECA' -echo -e "\n-- This script will create the BACA Base database." + if [[ -z "$base_db_name" ]]; then - echo -e "\nEnter the name of the BACA Base database to create. (The name must be 8 chars or less). If nothing is entered, we will use this default value : " $default_basedb + echo + if [[ -z "$base_db_exists" || $base_db_exists == "false" ]]; then + echo + echo "==================================================" + echo + echo -e "This script will create a new DB2 database to be used as the Content Analyzer Base database and initialize the database." + echo + echo -e "If you prefer to create your own database, and only want the script to initialize the existing database, please exit this script and run 'InitBaseDB.sh'." + echo + echo "==================================================" + echo + echo -e "\nEnter the name of the database to create. (The name must be 8 chars or less). If nothing is entered, we will use this default value : " $default_basedb + else + echo -e "\nEnter the name of an existing DB2 database to initialize as the Content Analyzer Base database." + fi read base_db_name - if [[ -z "$base_db_name" ]]; then + if [[ -z "$base_db_name" && $base_db_exists != "true" ]]; then base_db_name=$default_basedb fi while [ ${#base_db_name} -gt 8 ]; @@ -54,7 +73,7 @@ do if [[ $base_user_already_defined -ne 1 ]]; then echo "Please enter the name of database user to create: " else - echo "Please enter the name of an existing database user:" + echo "Please enter the name of an existing database user with read and write privileges for this database:" fi read base_db_user done @@ -108,7 +127,7 @@ do done echo -echo "-- Information gathering is completed. Create base DB is about to begin." +echo "-- Information gathering is completed. Script execution is starting ...." askForConfirmation if [[ $db_user_pwd_b64_encoded -eq 1 ]]; then diff --git a/BACA/configuration-ha/DB2/DeleteOntology.sh b/ACA/configuration-ha/DB2/DeleteOntology.sh similarity index 100% rename from BACA/configuration-ha/DB2/DeleteOntology.sh rename to ACA/configuration-ha/DB2/DeleteOntology.sh diff --git a/BACA/configuration-ha/DB2/DeleteTenant.sh b/ACA/configuration-ha/DB2/DeleteTenant.sh similarity index 100% rename from BACA/configuration-ha/DB2/DeleteTenant.sh rename to ACA/configuration-ha/DB2/DeleteTenant.sh diff --git a/ACA/configuration-ha/DB2/InitBaseDB.bat b/ACA/configuration-ha/DB2/InitBaseDB.bat new file mode 100755 index 00000000..72325aaf --- /dev/null +++ b/ACA/configuration-ha/DB2/InitBaseDB.bat @@ -0,0 +1,4 @@ +SET skip_create_base_db=true + +CreateBaseDB.bat + diff --git a/ACA/configuration-ha/DB2/InitBaseDB.sh b/ACA/configuration-ha/DB2/InitBaseDB.sh new file mode 100755 index 00000000..92bccdd3 --- /dev/null +++ b/ACA/configuration-ha/DB2/InitBaseDB.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +echo +echo "==================================================" +echo +echo "This script will initialize an existing DB2 database to be used as the Content Analyzer Base database." +echo +echo "If you want the script to create a DB2 database for you, please exit this script and run 'CreateBaseDB.sh' instead." +echo +echo "==================================================" +echo + +# to skip creating user +export create_new_base_user=n + +# To skip creating base DB +export base_db_exists=true + +./CreateBaseDB.sh + diff --git a/ACA/configuration-ha/DB2/InitTenantDB.bat b/ACA/configuration-ha/DB2/InitTenantDB.bat new file mode 100755 index 00000000..97d83a2b --- /dev/null +++ b/ACA/configuration-ha/DB2/InitTenantDB.bat @@ -0,0 +1,4 @@ +SET skip_create_tenant_db=true + +AddTenant.bat + diff --git a/ACA/configuration-ha/DB2/InitTenantDB.sh b/ACA/configuration-ha/DB2/InitTenantDB.sh new file mode 100755 index 00000000..182d5ebf --- /dev/null +++ b/ACA/configuration-ha/DB2/InitTenantDB.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +echo +echo "==================================================" +echo +echo "This script will add a new BACA tenant by initializing a DB2 database to be a CA tenant database and inserting a tenant entry into the CA Base database." +echo +echo "If you want the script to create a DB2 database for you, please exit this script and run 'AddTenant.sh' instead." +echo +echo "==================================================" +echo + +export create_new_user=n +export tenant_db_exists=true + +./AddTenant.sh \ No newline at end of file diff --git a/BACA/configuration-ha/DB2/Readme_windows.txt b/ACA/configuration-ha/DB2/Readme_windows.txt similarity index 91% rename from BACA/configuration-ha/DB2/Readme_windows.txt rename to ACA/configuration-ha/DB2/Readme_windows.txt index b98e4d97..f1942822 100755 --- a/BACA/configuration-ha/DB2/Readme_windows.txt +++ b/ACA/configuration-ha/DB2/Readme_windows.txt @@ -7,5 +7,5 @@ base database and the other is called tenant database. 2. Open db2 administrator command window to run the script files. 3. Run the CreateBaseDB.bat to create the base database. 3. Run AddTenant.bat to add a new tenant db and ontology. - You can aslo run this script file to add a new ontology + You can also run this script file to add a new ontology for existing tenant database. \ No newline at end of file diff --git a/BACA/configuration-ha/DB2/ScriptFunctions.sh b/ACA/configuration-ha/DB2/ScriptFunctions.sh similarity index 100% rename from BACA/configuration-ha/DB2/ScriptFunctions.sh rename to ACA/configuration-ha/DB2/ScriptFunctions.sh diff --git a/ACA/configuration-ha/DB2/UpgradeTenantDB.bat b/ACA/configuration-ha/DB2/UpgradeTenantDB.bat new file mode 100755 index 00000000..ae6ce7e8 --- /dev/null +++ b/ACA/configuration-ha/DB2/UpgradeTenantDB.bat @@ -0,0 +1,31 @@ +@echo off + +SETLOCAL + +set /p tenant_db_name= Please enter a valid value for the tenant database name : +set /p tenant_db_user= Please enter a valid value for the tenant database user name : +set /p tenant_ontology= Please enter a valid value for the tenant ontology name : + +echo +echo "-- Please confirm these are the desired settings:" +echo " - tenant database name: %tenant_db_name%" +echo " - tenant database user name: %tenant_db_user%" +echo " - ontology name: %tenant_ontology%" + +set /P c=Are you sure you want to continue[Y/N]? +if /I "%c%" EQU "Y" goto :DOCREATE +if /I "%c%" EQU "N" goto :DOEXIT + +:DOCREATE + echo "Connecting to db and schema" + db2 connect to %tenant_db_name% + db2 set schema %tenant_ontology% + db2 -stvf sql\WinUpgradeTenantDB_1.2_to_1.3.sql + goto END +:DOEXIT + echo "Exited on user input" + goto END +:END + echo "END" + +ENDLOCAL \ No newline at end of file diff --git a/BACA/configuration/DB2/UpgradeTenantDB.sh b/ACA/configuration-ha/DB2/UpgradeTenantDB.sh similarity index 60% rename from BACA/configuration/DB2/UpgradeTenantDB.sh rename to ACA/configuration-ha/DB2/UpgradeTenantDB.sh index c1457886..eb4a4771 100755 --- a/BACA/configuration/DB2/UpgradeTenantDB.sh +++ b/ACA/configuration-ha/DB2/UpgradeTenantDB.sh @@ -1,7 +1,9 @@ #!/usr/bin/env bash . ./ScriptFunctions.sh -INPUT_PROPS_FILENAME="./common_for_DB2_Tenant_Upgrade.sh" +if [[ -z $INPUT_PROPS_FILENAME ]]; then + INPUT_PROPS_FILENAME="./common_for_DB2_Tenant_Upgrade.sh" +fi if [ -f $INPUT_PROPS_FILENAME ]; then echo "Found a $INPUT_PROPS_FILENAME. Reading in variables from that script." @@ -42,22 +44,11 @@ echo " - tenant database name: $tenant_db_name" echo " - tenant database user name: $tenant_db_user" askForConfirmation -if [[ $SaaS != "true" || -z $SaaS ]]; then - cp sql/UpgradeTenantDB_to_1.1.sql.template sql/UpgradeTenantDB_to_1.1.sql - sed -i s/\$tenant_db_name/"$tenant_db_name"/ sql/UpgradeTenantDB_to_1.1.sql - sed -i s/\$tenant_ontology/"$tenant_ontology"/ sql/UpgradeTenantDB_to_1.1.sql - sed -i s/\$tenant_db_user/"$tenant_db_user"/ sql/UpgradeTenantDB_to_1.1.sql - echo - echo "Running upgrade script: sql/UpgradeTenantDB_to_1.1.sql" - db2 -stvf sql/UpgradeTenantDB_to_1.1.sql -else - echo "-- Skipping UpgradeTenantDB_to_1.1.sql" -fi - -cp sql/UpgradeTenantDB_1.1_to_1.2.sql.template sql/UpgradeTenantDB_1.1_to_1.2.sql -sed -i s/\$tenant_db_name/"$tenant_db_name"/ sql/UpgradeTenantDB_1.1_to_1.2.sql -sed -i s/\$tenant_ontology/"$tenant_ontology"/ sql/UpgradeTenantDB_1.1_to_1.2.sql -sed -i s/\$tenant_db_user/"$tenant_db_user"/ sql/UpgradeTenantDB_1.1_to_1.2.sql +echo " -- upgrade from 1.2 to 1.3 ---" +cp sql/UpgradeTenantDB_1.2_to_1.3.sql.template sql/UpgradeTenantDB_1.2_to_1.3.sql +sed -i s/\$tenant_db_name/"$tenant_db_name"/ sql/UpgradeTenantDB_1.2_to_1.3.sql +sed -i s/\$tenant_ontology/"$tenant_ontology"/ sql/UpgradeTenantDB_1.2_to_1.3.sql +sed -i s/\$tenant_db_user/"$tenant_db_user"/ sql/UpgradeTenantDB_1.2_to_1.3.sql echo -echo "Running upgrade script: sql/UpgradeTenantDB_1.1_to_1.2.sql" -db2 -stvf sql/UpgradeTenantDB_1.1_to_1.2.sql \ No newline at end of file +echo "Running upgrade script: sql/UpgradeTenantDB_1.2_to_1.3.sql" +db2 -stvf sql/UpgradeTenantDB_1.2_to_1.3.sql \ No newline at end of file diff --git a/BACA/configuration-ha/DB2/common_for_DB2.sh.sample b/ACA/configuration-ha/DB2/common_for_DB2.sh.sample similarity index 88% rename from BACA/configuration-ha/DB2/common_for_DB2.sh.sample rename to ACA/configuration-ha/DB2/common_for_DB2.sh.sample index 87b77b8d..8d3470e2 100644 --- a/BACA/configuration-ha/DB2/common_for_DB2.sh.sample +++ b/ACA/configuration-ha/DB2/common_for_DB2.sh.sample @@ -21,6 +21,7 @@ baca_database_server_ip=10.126.18.120 baca_database_port=50000 tenant_id=t4910 tenant_db_name=t4910 +tenant_dsn_name=t4910 tenant_db_user=t4910user # To skip creating tenant database user and skip asking for pwd, use these vars below. @@ -48,4 +49,9 @@ tenant_user_name=johnsmith confirmation=y #DB2 ssl Yes/No -ssl=No \ No newline at end of file +ssl=No + + +# if insert tenant is the only part needed, specify "y" (skips populating tenant DB and inserting user) +# this is useful for fixing tenant connection string +insert_tenant_only=y \ No newline at end of file diff --git a/BACA/configuration-ha/DB2/common_for_DB2_Tenant_Upgrade.sh.sample b/ACA/configuration-ha/DB2/common_for_DB2_Tenant_Upgrade.sh.sample similarity index 100% rename from BACA/configuration-ha/DB2/common_for_DB2_Tenant_Upgrade.sh.sample rename to ACA/configuration-ha/DB2/common_for_DB2_Tenant_Upgrade.sh.sample diff --git a/BACA/configuration-ha/DB2/common_for_DB2_Upgrade.sh.sample b/ACA/configuration-ha/DB2/common_for_DB2_Upgrade.sh.sample similarity index 100% rename from BACA/configuration-ha/DB2/common_for_DB2_Upgrade.sh.sample rename to ACA/configuration-ha/DB2/common_for_DB2_Upgrade.sh.sample diff --git a/ACA/configuration-ha/DB2/db2dsdriver.cfg.sample.HA b/ACA/configuration-ha/DB2/db2dsdriver.cfg.sample.HA new file mode 100644 index 00000000..8fe2c347 --- /dev/null +++ b/ACA/configuration-ha/DB2/db2dsdriver.cfg.sample.HA @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/ACA/configuration-ha/DB2/db2dsdriver.cfg.sample.nonHA b/ACA/configuration-ha/DB2/db2dsdriver.cfg.sample.nonHA new file mode 100644 index 00000000..a0ff5685 --- /dev/null +++ b/ACA/configuration-ha/DB2/db2dsdriver.cfg.sample.nonHA @@ -0,0 +1,21 @@ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/BACA/configuration-ha/DB2/sql/CreateBacaSchema.sql.template b/ACA/configuration-ha/DB2/sql/CreateBacaSchema.sql.template similarity index 100% rename from BACA/configuration-ha/DB2/sql/CreateBacaSchema.sql.template rename to ACA/configuration-ha/DB2/sql/CreateBacaSchema.sql.template diff --git a/BACA/configuration/DB2/sql/CreateBacaTables.sql b/ACA/configuration-ha/DB2/sql/CreateBacaTables.sql similarity index 98% rename from BACA/configuration/DB2/sql/CreateBacaTables.sql rename to ACA/configuration-ha/DB2/sql/CreateBacaTables.sql index 5c6ac1fe..53774168 100644 --- a/BACA/configuration/DB2/sql/CreateBacaTables.sql +++ b/ACA/configuration-ha/DB2/sql/CreateBacaTables.sql @@ -1,9 +1,10 @@ create table doc_class ( - doc_class_id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), + doc_class_id INTEGER NOT NULL GENERATED BY DEFAULT AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), doc_class_name VARCHAR (512) NOT NULL, comment varchar(1024), - + trained smallint NOT NULL default 0, + CONSTRAINT doc_class_pkey PRIMARY KEY (doc_class_id), CONSTRAINT doc_class_doc_class_name_key UNIQUE (doc_class_name) @@ -447,7 +448,7 @@ create table feature ); ---status 0.uploaded 1.processing 2.text (completed status) 3.error +--status 0.uploaded 1.processing 2.text (completed status) 3.error 4. trained create table document ( id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), @@ -459,6 +460,8 @@ create table document status SMALLINT NOT NULL, error_info VARCHAR(1024), content BLOB(250M), + actual_content BLOB(250M), + flag SMALLINT NOT NULL, CONSTRAINT doc_doc_class_id_fkey FOREIGN KEY (doc_class_id) REFERENCES doc_class (doc_class_id) ON UPDATE RESTRICT ON DELETE CASCADE, @@ -482,6 +485,7 @@ create table training_log created_by INTEGER NOT NULL, json_model_input_detail BLOB(250M), global_feature_vector BLOB(250M), + selected_features VARCHAR(1024), CONSTRAINT training_log_pkey PRIMARY KEY (id) ); diff --git a/BACA/configuration-ha/DB2/sql/CreateBaseDB.sql.template b/ACA/configuration-ha/DB2/sql/CreateBaseDB.sql.template similarity index 100% rename from BACA/configuration-ha/DB2/sql/CreateBaseDB.sql.template rename to ACA/configuration-ha/DB2/sql/CreateBaseDB.sql.template diff --git a/BACA/configuration-ha/DB2/sql/CreateBaseTable.sql.template b/ACA/configuration-ha/DB2/sql/CreateBaseTable.sql.template similarity index 100% rename from BACA/configuration-ha/DB2/sql/CreateBaseTable.sql.template rename to ACA/configuration-ha/DB2/sql/CreateBaseTable.sql.template diff --git a/BACA/configuration-ha/DB2/sql/CreateDB.sql.template b/ACA/configuration-ha/DB2/sql/CreateDB.sql.template similarity index 100% rename from BACA/configuration-ha/DB2/sql/CreateDB.sql.template rename to ACA/configuration-ha/DB2/sql/CreateDB.sql.template diff --git a/BACA/configuration-ha/DB2/sql/DropBacaTables.sql b/ACA/configuration-ha/DB2/sql/DropBacaTables.sql similarity index 98% rename from BACA/configuration-ha/DB2/sql/DropBacaTables.sql rename to ACA/configuration-ha/DB2/sql/DropBacaTables.sql index 1eb4506e..349780c2 100644 --- a/BACA/configuration-ha/DB2/sql/DropBacaTables.sql +++ b/ACA/configuration-ha/DB2/sql/DropBacaTables.sql @@ -37,6 +37,7 @@ drop table key_alias; drop table cword; drop table key_class; drop table doc_alias; +drop table feature; drop table doc_class; drop table ontology; drop table classifier; diff --git a/BACA/configuration-ha/DB2/sql/InsertTenant.sql.template b/ACA/configuration-ha/DB2/sql/InsertTenant.sql.template similarity index 70% rename from BACA/configuration-ha/DB2/sql/InsertTenant.sql.template rename to ACA/configuration-ha/DB2/sql/InsertTenant.sql.template index ea921ff8..b9f3d9c1 100644 --- a/BACA/configuration-ha/DB2/sql/InsertTenant.sql.template +++ b/ACA/configuration-ha/DB2/sql/InsertTenant.sql.template @@ -1,4 +1,4 @@ connect to $base_db_name ; set schema $base_db_user ; -insert into TENANTINFO (tenantid,ontology,tenanttype,dailylimit,rdbmsengine,bacaversion,rdbmsconnection,dbname,dbuser,tenantdbversion) values ( '$tenant_id', '$tenant_ontology', $tenant_type, $daily_limit, 'DB2', '1.2', encrypt('$rdbmsconnection','AES_KEY'),'$tenant_db_name','$tenant_db_user','1.2') ; +insert into TENANTINFO (tenantid,ontology,tenanttype,dailylimit,rdbmsengine,bacaversion,rdbmsconnection,dbname,dbuser,tenantdbversion) values ( '$tenant_id', '$tenant_ontology', $tenant_type, $daily_limit, 'DB2', '1.3', encrypt('$rdbmsconnection','AES_KEY'),'$tenant_db_name','$tenant_db_user','1.3') ; connect reset ; diff --git a/BACA/configuration-ha/DB2/sql/InsertUser.sql.template b/ACA/configuration-ha/DB2/sql/InsertUser.sql.template similarity index 100% rename from BACA/configuration-ha/DB2/sql/InsertUser.sql.template rename to ACA/configuration-ha/DB2/sql/InsertUser.sql.template diff --git a/BACA/configuration-ha/DB2/sql/LoadData.sql.template b/ACA/configuration-ha/DB2/sql/LoadData.sql.template similarity index 60% rename from BACA/configuration-ha/DB2/sql/LoadData.sql.template rename to ACA/configuration-ha/DB2/sql/LoadData.sql.template index 24c2657e..bdcffa15 100644 --- a/BACA/configuration-ha/DB2/sql/LoadData.sql.template +++ b/ACA/configuration-ha/DB2/sql/LoadData.sql.template @@ -1,7 +1,7 @@ CONNECT TO $tenant_db_name ; SET SCHEMA $tenant_ontology ; -load from ./CSVFiles/doc_class.csv of del modified by identityoverride insert into doc_class ; +load from ./CSVFiles/doc_class.csv of del insert into doc_class ; load from ./CSVFiles/key_class.csv of del modified by identityoverride insert into key_class ; load from ./CSVFiles/doc_alias.csv of del modified by identityoverride insert into doc_alias ; load from ./CSVFiles/key_alias.csv of del modified by identityoverride insert into key_alias ; @@ -17,21 +17,4 @@ load from ./CSVFiles/heading_alias_dc.csv of del modified by identityoverride in load from ./CSVFiles/heading_alias_h.csv of del modified by identityoverride insert into heading_alias_h ; load from ./CSVFiles/cword_dc.csv of del modified by identityoverride insert into cword_dc ; -set integrity for key_class_dc immediate checked ; -set integrity for doc_alias_dc immediate checked ; -set integrity for key_alias_dc immediate checked ; -set integrity for key_alias_kc immediate checked ; -set integrity for heading_dc immediate checked ; -set integrity for heading_alias_dc immediate checked ; -set integrity for heading_alias_h immediate checked ; -set integrity for cword_dc immediate checked ; - -alter table doc_class alter column doc_class_id restart with 10 ; -alter table doc_alias alter column doc_alias_id restart with 11 ; -alter table key_class alter column key_class_id restart with 202 ; -alter table key_alias alter column key_alias_id restart with 239 ; -alter table cword alter column cword_id restart with 76 ; -alter table heading alter column heading_id restart with 3 ; -alter table heading_alias alter column heading_alias_id restart with 3 ; - CONNECT RESET; diff --git a/ACA/configuration-ha/DB2/sql/SetIntegrity.sql.template b/ACA/configuration-ha/DB2/sql/SetIntegrity.sql.template new file mode 100644 index 00000000..01d72031 --- /dev/null +++ b/ACA/configuration-ha/DB2/sql/SetIntegrity.sql.template @@ -0,0 +1,21 @@ +CONNECT TO $tenant_db_name ; +SET SCHEMA $tenant_ontology ; + +set integrity for key_class_dc immediate checked ; +set integrity for doc_alias_dc immediate checked ; +set integrity for key_alias_dc immediate checked ; +set integrity for key_alias_kc immediate checked ; +set integrity for heading_dc immediate checked ; +set integrity for heading_alias_dc immediate checked ; +set integrity for heading_alias_h immediate checked ; +set integrity for cword_dc immediate checked ; + +alter table doc_class alter column doc_class_id restart with 10 ; +alter table doc_alias alter column doc_alias_id restart with 11 ; +alter table key_class alter column key_class_id restart with 202 ; +alter table key_alias alter column key_alias_id restart with 239 ; +alter table cword alter column cword_id restart with 76 ; +alter table heading alter column heading_id restart with 3 ; +alter table heading_alias alter column heading_alias_id restart with 3 ; + +CONNECT RESET; diff --git a/BACA/configuration-ha/DB2/sql/TablePermissions.sql.template b/ACA/configuration-ha/DB2/sql/TablePermissions.sql.template similarity index 89% rename from BACA/configuration-ha/DB2/sql/TablePermissions.sql.template rename to ACA/configuration-ha/DB2/sql/TablePermissions.sql.template index d8090bba..897b9679 100644 --- a/BACA/configuration-ha/DB2/sql/TablePermissions.sql.template +++ b/ACA/configuration-ha/DB2/sql/TablePermissions.sql.template @@ -16,5 +16,7 @@ GRANT ALTER ON TABLE $tenant_ontology.FONTS TO USER $tenant_db_user ; GRANT ALTER ON TABLE $tenant_ontology.FONTS_TRANSID TO USER $tenant_db_user ; GRANT ALTER ON TABLE $tenant_ontology.DB_BACKUP TO USER $tenant_db_user ; GRANT ALTER ON TABLE $tenant_ontology.PATTERN TO USER $tenant_db_user ; +GRANT ALTER ON TABLE $tenant_ontology.DOCUMENT TO USER $tenant_db_user ; +GRANT ALTER ON TABLE $tenant_ontology.TRAINING_LOG TO USER $tenant_db_user ; CONNECT RESET; \ No newline at end of file diff --git a/BACA/configuration-ha/DB2/sql/UpgradeBaseDB_1.1_to_1.2.sql.template b/ACA/configuration-ha/DB2/sql/UpgradeBaseDB_1.1_to_1.2.sql.template similarity index 74% rename from BACA/configuration-ha/DB2/sql/UpgradeBaseDB_1.1_to_1.2.sql.template rename to ACA/configuration-ha/DB2/sql/UpgradeBaseDB_1.1_to_1.2.sql.template index c5a5fec8..650ccd7d 100644 --- a/BACA/configuration-ha/DB2/sql/UpgradeBaseDB_1.1_to_1.2.sql.template +++ b/ACA/configuration-ha/DB2/sql/UpgradeBaseDB_1.1_to_1.2.sql.template @@ -4,6 +4,8 @@ set schema $base_db_user ; alter table tenantinfo add column featureflags bigint not null with default 0; alter table tenantinfo add column tenantdbversion varchar(255); +update tenantinfo set bacaversion='1.2'; +update tenantinfo set tenantdbversion='1.2'; reorg table tenantinfo; connect reset; \ No newline at end of file diff --git a/BACA/configuration-ha/DB2/sql/UpgradeBaseDB_to_1.1.sql.template b/ACA/configuration-ha/DB2/sql/UpgradeBaseDB_to_1.1.sql.template similarity index 100% rename from BACA/configuration-ha/DB2/sql/UpgradeBaseDB_to_1.1.sql.template rename to ACA/configuration-ha/DB2/sql/UpgradeBaseDB_to_1.1.sql.template diff --git a/BACA/configuration-ha/DB2/sql/UpgradeTenantDB_1.1_to_1.2.sql.template b/ACA/configuration-ha/DB2/sql/UpgradeTenantDB_1.1_to_1.2.sql.template similarity index 100% rename from BACA/configuration-ha/DB2/sql/UpgradeTenantDB_1.1_to_1.2.sql.template rename to ACA/configuration-ha/DB2/sql/UpgradeTenantDB_1.1_to_1.2.sql.template diff --git a/ACA/configuration-ha/DB2/sql/UpgradeTenantDB_1.2_to_1.3.sql.template b/ACA/configuration-ha/DB2/sql/UpgradeTenantDB_1.2_to_1.3.sql.template new file mode 100644 index 00000000..1e18890c --- /dev/null +++ b/ACA/configuration-ha/DB2/sql/UpgradeTenantDB_1.2_to_1.3.sql.template @@ -0,0 +1,26 @@ +connect to $tenant_db_name ; +set schema $tenant_ontology ; + + +GRANT ALTER ON TABLE $tenant_ontology.document TO USER $tenant_db_user ; +GRANT ALTER ON TABLE $tenant_ontology.training_log TO USER $tenant_db_user ; + +---classification schema changes + +--trained 0.not trained 1.trained +alter table doc_class alter column doc_class_id drop identity; +alter table doc_class alter column doc_class_id set GENERATED BY DEFAULT as IDENTITY; +insert into doc_class (doc_class_id, doc_class_name, comment) VALUES (0, '__root', 'Reserved document class'); +alter table doc_class add column trained smallint NOT NULL default 0; +reorg table doc_class; + +--flag 0.text 1.json +alter table document add column actual_content BLOB(250M); +alter table document add column flag SMALLINT NOT NULL default 0; +alter table document alter column flag drop default; +reorg table document; + +alter table training_log add column selected_features VARCHAR(1024); +reorg table training_log; + + diff --git a/BACA/configuration-ha/DB2/sql/UpgradeTenantDB_to_1.1.sql.template b/ACA/configuration-ha/DB2/sql/UpgradeTenantDB_to_1.1.sql.template similarity index 100% rename from BACA/configuration-ha/DB2/sql/UpgradeTenantDB_to_1.1.sql.template rename to ACA/configuration-ha/DB2/sql/UpgradeTenantDB_to_1.1.sql.template diff --git a/BACA/configuration/DB2/sql/UpgradeTenantDB_1.1_to_1.2.sql.template b/ACA/configuration-ha/DB2/sql/WinUpgradeTenantDB_1.2.sql similarity index 97% rename from BACA/configuration/DB2/sql/UpgradeTenantDB_1.1_to_1.2.sql.template rename to ACA/configuration-ha/DB2/sql/WinUpgradeTenantDB_1.2.sql index ff6ecf20..55cf7083 100644 --- a/BACA/configuration/DB2/sql/UpgradeTenantDB_1.1_to_1.2.sql.template +++ b/ACA/configuration-ha/DB2/sql/WinUpgradeTenantDB_1.2.sql @@ -1,5 +1,6 @@ -connect to $tenant_db_name ; -set schema $tenant_ontology ; +alter table integration alter column model_id set data type varchar(1024); + +reorg table integration; --pattern tables create table pattern @@ -126,5 +127,3 @@ create table ontology CONSTRAINT ontology_fkey FOREIGN KEY (default_classifier_id) REFERENCES classifier(id) ON UPDATE RESTRICT ON DELETE RESTRICT ); - -connect reset ; \ No newline at end of file diff --git a/ACA/configuration-ha/DB2/sql/WinUpgradeTenantDB_1.2_1.3.sql b/ACA/configuration-ha/DB2/sql/WinUpgradeTenantDB_1.2_1.3.sql new file mode 100644 index 00000000..dc5eea12 --- /dev/null +++ b/ACA/configuration-ha/DB2/sql/WinUpgradeTenantDB_1.2_1.3.sql @@ -0,0 +1,20 @@ +GRANT ALTER ON TABLE $tenant_ontology.document TO USER $tenant_db_user ; +GRANT ALTER ON TABLE $tenant_ontology.training_log TO USER $tenant_db_user ; + +---classification schema changes + +--trained 0.not trained 1.trained +alter table doc_class alter column doc_class_id drop identity; +alter table doc_class alter column doc_class_id set GENERATED BY DEFAULT as IDENTITY; +insert into doc_class (doc_class_id, doc_class_name, comment) VALUES (0, '__root', 'Reserved document class'); +alter table doc_class add column trained smallint NOT NULL default 0; +reorg table doc_class; + +--flag 0.text 1.json +alter table document add column actual_content BLOB(250M); +alter table document add column flag SMALLINT NOT NULL default 0; +alter table document alter column flag drop default; +reorg table document; + +alter table training_log add column selected_features VARCHAR(1024); +reorg table training_log; \ No newline at end of file diff --git a/BACA/configuration-ha/baca-netpol.yaml b/ACA/configuration-ha/security/baca-netpol.yaml similarity index 71% rename from BACA/configuration-ha/baca-netpol.yaml rename to ACA/configuration-ha/security/baca-netpol.yaml index fa676f1e..d5637c7a 100644 --- a/BACA/configuration-ha/baca-netpol.yaml +++ b/ACA/configuration-ha/security/baca-netpol.yaml @@ -6,6 +6,8 @@ metadata: spec: ingress: - {} - podSelector: {} + podSelector: + matchLabels: + productID: ibm-dba-aca-prod policyTypes: - Ingress \ No newline at end of file diff --git a/BACA/configuration-ha/baca-psp.yaml b/ACA/configuration-ha/security/baca-psp.yaml similarity index 72% rename from BACA/configuration-ha/baca-psp.yaml rename to ACA/configuration-ha/security/baca-psp.yaml index 4b385949..48052f0a 100644 --- a/BACA/configuration-ha/baca-psp.yaml +++ b/ACA/configuration-ha/security/baca-psp.yaml @@ -1,4 +1,4 @@ -apiVersion: extensions/v1beta1 +apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: annotations: @@ -9,34 +9,21 @@ spec: allowPrivilegeEscalation: false fsGroup: ranges: - - max: 65535 - min: 1 + - max: 1 + min: 0 rule: MustRunAs #rule: RunAsAny requiredDropCapabilities: - - MKNOD - - SETFCAP - - NET_RAW - - NET_BIND_SERVICE - - KILL + - ALL allowedCapabilities: - - SETPCAP - - AUDIT_WRITE - - CHOWN - - FOWNER - - FSETID - - SETUID - - SETGID - - SYS_CHROOT - - DAC_OVERRIDE runAsUser: rule: MustRunAsNonRoot seLinux: rule: RunAsAny supplementalGroups: ranges: - - max: 65535 - min: 1 + - max: 1 + min: 0 rule: MustRunAs #rule: RunAsAny volumes: @@ -50,10 +37,10 @@ spec: - '*' --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: Role metadata: annotations: - name: baca-clusterrole + name: baca-role rules: - apiGroups: - extensions @@ -61,5 +48,6 @@ rules: - baca-psp resources: - podsecuritypolicies + #verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] verbs: - use diff --git a/ACA/configuration-ha/security/baca-rolebinding.yaml b/ACA/configuration-ha/security/baca-rolebinding.yaml new file mode 100644 index 00000000..30e90fe5 --- /dev/null +++ b/ACA/configuration-ha/security/baca-rolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: baca-rolebinding +subjects: +- kind: Group + name: system:serviceaccounts:$KUBE_NAME_SPACE + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: Role #this must be Role or ClusterRole + name: baca-role # this must match the name of the Role or ClusterRole you wish to bind to + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/ACA/configuration-ha/security/baca-scc.yaml b/ACA/configuration-ha/security/baca-scc.yaml new file mode 100644 index 00000000..cde9bd56 --- /dev/null +++ b/ACA/configuration-ha/security/baca-scc.yaml @@ -0,0 +1,76 @@ +# This SCC is the most restrictive, and is meant to be a template +# Pass the --validate=false flag when applying +# The ID ranges provided in this template match the PSPs and can be changed + +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + annotations: + kubernetes.io/description: "This policy is the most restrictive, + requiring pods to run with a non-root UID, and preventing pods from accessing the host. + The UID and GID will be bound by ranges specified at the Namespace level." + cloudpak.ibm.com/version: "1.1.0" + name: baca-scc +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowPrivilegedContainer: false +allowPrivilegeEscalation: false +allowedCapabilities: null +allowedFlexVolumes: null +allowedUnsafeSysctls: null +defaultAddCapabilities: null +defaultAllowPrivilegeEscalation: false +forbiddenSysctls: + - "*" +fsGroup: + type: MustRunAs + ranges: + - max: 1 + min: 0 +readOnlyRootFilesystem: false +requiredDropCapabilities: +- ALL +runAsUser: + type: MustRunAsNonRoot +seccompProfiles: +- docker/default +# This can be customized for seLinuxOptions specific to your host machine +seLinuxContext: + type: RunAsAny +# seLinuxOptions: +# level: +# user: +# role: +# type: +supplementalGroups: + type: MustRunAs + ranges: + - max: 1 + min: 0 +# This can be customized to host specifics +volumes: +- configMap +- downwardAPI +- emptyDir +- persistentVolumeClaim +- projected +- secret + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + name: baca-role +rules: +- apiGroups: + - extensions + resourceNames: + - baca-scc + resources: + - podsecuritypolicies + verbs: + - use \ No newline at end of file diff --git a/ADW/README_config.md b/ADW/README_config.md new file mode 100644 index 00000000..c5b0e28b --- /dev/null +++ b/ADW/README_config.md @@ -0,0 +1,130 @@ +# Configuring IBM Automation Digital Worker + +The following instructions cover the basic configuration of IBM Automation Digital Worker. + + +## Prerequisites + +Digital Worker requires: +- A [User Management Service](../UMS/README_config.md) instance in order to protect access to Digital Worker designer and APIs +- An [IBM Business Automation Insights](../BAI/README_config.md) instance (recommended but also optional) in order to collect Digital Worker tasks events and monitor them +- An [IBM Business Automation Studio Resource Registry](../BAS/README_config.md) instance (recommended but also optional) in order to integrate with some other components in the pack + +Digital Worker includes 5 pods corresponding to the following services: + - Digital Worker Designer + - Digital Worker Tasks Runtime + - Digital Worker Management Server + - MongoDB + - NPM registry + +The services require CPU and memory resources. The following table lists the minimum requirements that are used as default values. + +| Component | CPU Minimum (m) | Memory Minimum (Mi) | +| ----------------------------------------| --------------- | -------------------- | +| Digital Worker Designer | 0.1 | 128 | +| Digital Worker Tasks Runtime | 0.1 | 128 | +| Digital Worker Management Server | 0.1 | 512 | +| MongoDB | 0.1 | 128 | +| NPM registry | 0.1 | 128 | + + +In addition to these 5 services there are 2 Jobs: + - Setup + - Registry + +## Preparing for Installation + +Before you configure, make sure that you have prepared your environment. For more information, see [Preparing to install IBM Automation Digital Worker](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_prepare_adwk8s.html). + +### Step 1: Configure the custom resource YAML file for your Automation Digital Worker deployment + +In your `my_icp4a_cr.yaml` file, update the `adw_configuration` section with the configuration parameters. See [IBM Automation Digital Worker parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_adw_K8s_parameters.html) to find the default values for each ADW parameter and customize these values in your file. + +> **Note**: The [configuration](configuration) folder provides sample configuration files that you might find useful. Download the files and edit them for your own customizations. + +### Step 2: Configuring Security + +#### Step 2.1: Apply Security Context Constraint + +The Digital Worker role requires a SecurityContextConstraint to be bound to the target namespace prior to installation. To meet this requirement there may be cluster scoped as well as namespace scoped pre and post actions that need to occur. + +The [`ibm-restricted-scc`](https://ibm.biz/cpkspec-scc) SecurityContextConstraint is required to install the chart. + +you must also have a service account that has the [`ibm-restricted-scc`](https://ibm.biz/cpkspec-scc) SecurityContextConstraint to allow running restricted containers: +```bash +oc adm policy add-scc-to-user ibm-restricted-scc -z ibm-cp4a-operator +``` + +> **Note**: You can define a custom SecurityContextConstraints to finely control the permissions/capabilities needed to deploy this role. An example has been provided. + + +#### Step 2.2: Apply Pod Security Policy + +Digital Worker requires a pod security policy to be bound to the target namespace prior to installation. To meet this requirement there may be cluster scoped as well as namespace scoped pre and post actions that need to occur. + +The predefined pod security policy name: [`ibm-restricted-psp`](https://ibm.biz/cpkspec-psp) has been verified for this chart, if your target namespace is bound to it there is no further action needed in terms of pod security policy. + +This chart also defines a custom PodSecurityPolicy which can be used to finely control the permissions/capabilities needed to deploy this chart. You can enable this custom PodSecurityPolicy using the OCP user interface or via the OCP CLI. + +Using the CLI you can apply the following YAML file to enable the custom pod security policy: +- [Custom PodSecurityPolicy definition](./configuration/adw-psp.yaml) + +After creating the policy, replace all occurrences of `< NAMESPACE >` with the name of namespace the operator is deployed in. Then apply using the following command: + +```bash +kubectl apply -f adw-psp.yaml +``` + +For the custom PodSecurityPolicy to take affect you must bind the ServiceAccount to a ClusterRole. This can be done via the command line using the folliowing command: + +```bash +kubectl create clusterrolebinding adw-clusterrolebinding --clusterrole=cluster-admin --serviceaccount=: +``` + +### Step 3: Prepare and Apply the Secret + +Using the [Preparing to install IBM Automation Digital Worker](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_prepare_adwk8s.html) and [IBM Automation Digital Worker parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_adw_K8s_parameters.html) pages, create `adw-secret.yaml` then apply it to your instance using the following command. + + +```bash +kubectl apply -f adw-secret.yaml +``` +> **Note**: An empty secret had been provided [adw-secret.yaml](configuration/adw-secret.yaml) + +## Complete the installation + +When you have finished editing the configuration file, go back to the relevant install or update page to configure other components and complete the deployment with the operator. + +Install pages: + - [Managed OpenShift installation page](../platform/roks/install.md#step-6-configure-the-software-that-you-want-to-install) + - [OpenShift installation page](../platform/ocp/install.md#step-6-configure-the-software-that-you-want-to-install) + - [Certified Kubernetes installation page](../platform/k8s/install.md#step-6-configure-the-software-that-you-want-to-install) + +Update pages: + - [Managed OpenShift installation page](../platform/roks/update.md) + - [OpenShift installation page](../platform/ocp/update.md#step-1-modify-the-software-that-is-installed) + - [Certified Kubernetes installation page](../platform/k8s/update.md) + + +## Post installation + +If you intend to connect Digital Worker to Resource Registry or have provisioned User Management Service using the same cr, re-run the setup job post deployment with the following command: + +```bash +oc get job -o json | jq 'del(.spec.selector)' | jq 'del(.spec.template.metadata.labels)' | kubectl replace --force -f - +``` + +## Troubleshooting +### Management pod not going into a ready state +If using dynamically provisioned storage, please ensure that the following line is present and set to true in your custom resource file. If not set the managment pod may fail as it needs to be able to write to the volume: + +```yaml +grantWritePermissionOnMountedVolumes: true +``` +### Digital Worker tile not present in Business Automation Studio + +When integrating with resource registry the mangement service must be exposed to resource registry. If you are using SSL the certificate used will require a CN to be set matching the pod name `< DEPLOYMENT NAME >-management`. + +### The Operator is attempting to install Digital Worker despite the configuration not being present in the custom resource + +Should the custom resource be removed post deployment the operator on it's next cycle around may attempt to go through the installation task of the operator role. If this issue does occur the adw deployment in the namespace shall be removed as intended and the error can be ignored. diff --git a/ADW/configuration/adw-cr.yaml b/ADW/configuration/adw-cr.yaml new file mode 100644 index 00000000..316b0aa0 --- /dev/null +++ b/ADW/configuration/adw-cr.yaml @@ -0,0 +1,97 @@ +apiVersion: icp4a.ibm.com/v1 +kind: ICP4ACluster +metadata: + name: adw-cr + labels: + app.kubernetes.io/instance: ibm-dba + app.kubernetes.io/managed-by: ibm-dba + app.kubernetes.io/name: ibm-dba + release: 19.0.3 +spec: + adw_configuration: + global: + imagePullSecret: < IMAGE SECRET > + kubernetes: + serviceAccountName: "ibm-cp4a-operator" + + adwSecret: < SECRET > + + grantWritePermissionOnMountedVolumes: true + + logLevel: "error" + + networkPolicy: + enabled: true + + restartPolicy: Never + + registry: + endpoint: "" + + npmRegistry: + persistence: + enabled: true + useDynamicProvisioning: true + storageClassName: "< STORAGE CLASS NAME >" + + mongodb: + persistence: + enabled: true + useDynamicProvisioning: true + storageClassName: "< STORAGE CLASS NAME >" + + designer: + image: + repository: "< REGISTRY >/adw-designer" + tag: "19.0.3" + pullPolicy: "Always" + externalPort: 30708 + externalUrl: "" + + runtime: + image: + repository: "< REGISTRY >/adw-runtime" + tag: "19.0.3" + pullPolicy: "Always" + persistence: + useDynamicProvisioning: true + storageClassName: "< STORAGE CLASS NAME >" + service: + type: "NodePort" + externalPort: 30709 + runLogLevel: "warn" + externalUrl: "" + + management: + image: + repository: "< REGISTRY >/adw-management" + tag: "19.0.3" + pullPolicy: "Always" + persistence: + useDynamicProvisioning: true + storageClassName: "< STORAGE CLASS NAME >" + externalPort: 30710 + externalUrl: "" + + setup: + image: + repository: "< REGISTRY >/adw-setup" + tag: "19.0.3" + pullPolicy: "Always" + + init: + image: + repository: "< REGISTRY >/dba/adw-init" + tag: "19.0.3" + pullPolicy: "Always" + + baiKafka: + topic: "BAITOPICFORODM" + bootstrapServers: "" + securityProtocol: "SASL_SSL" + + baiElasticsearch: + url: "" + + oidc: + endpoint: "" diff --git a/ADW/configuration/adw-psp.yaml b/ADW/configuration/adw-psp.yaml new file mode 100755 index 00000000..20d123d1 --- /dev/null +++ b/ADW/configuration/adw-psp.yaml @@ -0,0 +1,63 @@ +apiVersion: extensions/v1beta1 +kind: PodSecurityPolicy +metadata: + annotations: + kubernetes.io/description: "This policy allows pods to run with any UID and GID, but preventing access to the host." + name: adw-psp +spec: + allowPrivilegeEscalation: true + fsGroup: + rule: RunAsAny + requiredDropCapabilities: + - MKNOD + allowedCapabilities: + - CHOWN + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim + forbiddenSysctls: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: adw-role + namespace: < NAMESPACE > +rules: + - apiGroups: + - extensions + resourceNames: + - adw-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: adw-psp-sa +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: adw-rolebinding + namespace: < NAMESPACE > +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: adw-role +subjects: + - kind: ServiceAccount + name: adw-psp-sa + namespace: < NAMESPACE > diff --git a/ADW/configuration/adw-scc.yaml b/ADW/configuration/adw-scc.yaml new file mode 100755 index 00000000..67d690fe --- /dev/null +++ b/ADW/configuration/adw-scc.yaml @@ -0,0 +1,38 @@ +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowPrivilegeEscalation: true +allowPrivilegedContainer: false +allowedCapabilities: [] +apiVersion: security.openshift.io/v1 +defaultAddCapabilities: [] +fsGroup: + type: RunAsAny +groups: +- system:authenticated +kind: SecurityContextConstraints +metadata: + name: ibm-cp4a-operator +priority: 0 +readOnlyRootFilesystem: false +requiredDropCapabilities: +- KILL +- MKNOD +- SETUID +- SETGID +runAsUser: + type: MustRunAsRange +seLinuxContext: + type: MustRunAs +supplementalGroups: + type: RunAsAny +users: [] +volumes: +- configMap +- downwardAPI +- emptyDir +- persistentVolumeClaim +- projected +- secret \ No newline at end of file diff --git a/ADW/configuration/adw-secret.yaml b/ADW/configuration/adw-secret.yaml new file mode 100755 index 00000000..a317941d --- /dev/null +++ b/ADW/configuration/adw-secret.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Secret +metadata: + name: "" +type: Opaque +data: + server.key: "" + server.crt: "" + npmUser: "" + npmPassword: "" + kafkaUser: "" + kafkaPassword: "" + kafkaServerCert: "" + kafkaKerberosKeytab: "" + kafkaKerberosSaslServiceName: "" + kafkaKerberosRealm: "" + kafkaKerberosKdc: "" + kafkaKerberosPrincipal: "" + skillEncryptionSeed: """" + oidcClientId: "" + oidcClientSecret: "" + oidcUserName: "" + oidcPassword: "" + elasticsearchUser: "" + elasticsearchPassword: "" diff --git a/BACA/README.md b/BACA/README.md deleted file mode 100644 index 205f7f77..00000000 --- a/BACA/README.md +++ /dev/null @@ -1,31 +0,0 @@ -## Deploy IBM Business Automation Content Analyzer - -IBM Business Automation Content Analyzer offers the power of intelligent capture with the flexibility of an API that enables you to extend the value of your core enterprise content management (ECM) technology stack. Advanced AI more accurately classifies data and can be configurable in minutes, instead of weeks. - -For more information, see [IBM Business Automation Content Analyzer: Details](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.offerings/topics/con_baca.html) - - -## Deploying with Helm charts - -- Extract [ibm-dba-baca-prod-1.2.0.tgz](./helm-charts/ibm-dba-baca-prod-1.2.0.tgz) for non-HA deployment and reference the readme in ibm-dba-baca-prod/README.md after extraction. - -- Extract [ibm-dba-baca-prod-1.2.0_ha.tgz](./helm-charts/ibm-dba-baca-prod-1.2.0_ha.tgz) for HA deployment and reference the readme in ibm-dba-baca-prod/README.md after extraction. - - -## Deploying using Kubernetes YAML - -- [Using Kubernetes YAML](k8s-yaml/README.md) - -## NOTE: - -- We include a sample network policy yaml file (baca-netpol.yaml) inside the `configuration` and `configuration-ha` folder. You can review and further modify to fit your need. To apply the network policy: -``` -export KUBE_NAME_SPACE= -cat baca-netpol.yaml | sed s/\$KUBE_NAME_SPACE/"$KUBE_NAME_SPACE"/ | kubectl apply -f - - -``` - - -## Completing post deployment configuration - -After you deploy your container images, you might need to perform some required and some optional steps to get your Business Automation Content Analyzer environment up and running. For detail instructions, see [Completing post deployment tasks for Business Automation Content Analyzer](docs/post-deployment.md) diff --git a/BACA/configuration-ha/DB2/AddTenant.sh b/BACA/configuration-ha/DB2/AddTenant.sh deleted file mode 100755 index 1f17c071..00000000 --- a/BACA/configuration-ha/DB2/AddTenant.sh +++ /dev/null @@ -1,404 +0,0 @@ -#!/bin/bash -. ./ScriptFunctions.sh - -INPUT_PROPS_FILENAME="./common_for_DB2.sh" - -if [ -f $INPUT_PROPS_FILENAME ]; then - echo "Found a $INPUT_PROPS_FILENAME. Reading in variables from that script." - . $INPUT_PROPS_FILENAME -fi - -NUMARGS=$# - -# if an argument of '1' is passed, it is assumed that a tenant already exists, -# and the script will add a new ontology to an existing tenant -if [[ "$NUMARGS" -gt 0 ]]; then - use_existing_tenant=$1 -fi - - -if [[ -z "$use_existing_tenant" || $use_existing_tenant -ne 1 ]]; then - echo -e "\n-- This script will create a BACA database and an ontology for a new tenant and load it with default data" - echo -fi - -if [[ -z "$use_existing_tenant" || $use_existing_tenant -ne 1 ]]; then - echo "Enter the tenant ID for the new tenant: (eg. t4900)" -else - echo "Enter the tenant ID for the existing tenant: (eg. t4900)" -fi -while [[ -z "$tenant_id" || $tenant_id == '' ]] -do - echo "Please enter a valid value for the tenant ID:" - read tenant_id -done - - -if [[ -z "$use_existing_tenant" || $use_existing_tenant -ne 1 ]]; then - - while [[ $tenant_type == '' || $tenant_type != "0" && $tenant_type != "1" && $tenant_type != "2" ]] # While tenant_type is not valid/set - do - echo -e "\n\x1B[1;31mEnter the tenanttype\x1B[0m" - echo -e "\x1B[1;31mChoose the number equivalent.\x1B[0m" - echo -e "\x1B[1;34m0. Enterprise\x1B[0m" - echo -e "\x1B[1;34m1. Trial\x1B[0m" - echo -e "\x1B[1;34m2. Internal\x1B[0m" - read tenant_type - done - - if [ $tenant_type == 0 ]; then - daily_limit=0 - elif [ $tenant_type == 1 ]; then - daily_limit=100 - elif [ $tenant_type == 2 ]; then - daily_limit=2000 - fi -fi - - -echo -if [[ -z "$use_existing_tenant" || $use_existing_tenant -ne 1 ]]; then - echo "Enter the name of the new BACA tenant database to create: (eg. t4900)" -else - echo "Enter the name of the existing BACA tenant database: (eg. t4900)" -fi -while [[ $tenant_db_name == '' ]] -do - echo "Please enter a valid value for the tenant database name of max length 8 :" - read tenant_db_name - while [ ${#tenant_db_name} -gt 8 ]; - do - echo "Please enter a valid value for the tenant database name of max length 8 :" - read tenant_db_name; - echo ${#tenant_db_name}; - done -done - -if [[ -z "$baca_database_server_ip" ]]; then - echo -e "\nEnter the host/IP of the database server: " - read baca_database_server_ip -fi - -default_dbport=50000 -if [[ -z "$baca_database_port" ]]; then - echo -e "\nEnter the port of the database server. If nothing is entered we will use the following default value: " $default_dbport - read baca_database_port - if [[ -z "$baca_database_port" ]]; then - baca_database_port=$default_dbport - fi -fi - -default_ssl='No' -if [[ -z "$ssl" ]]; then - echo -e "\nWould you like to enable SSL to communicate with DB2 server? If nothing is entered we will use the default value: " $default_ssl - read ssl - if [[ -z "$ssl" ]]; then - ssl=$default_ssl - fi -fi - -if [[ $use_existing_tenant -eq 1 ]]; then - user_already_defined=1 -fi - -echo -echo "We need a non-admin database user that BACA will use to access your BACA tenant database." -while [[ -z "$tenant_db_user" || $tenant_db_user == "" ]] -do - echo - if [[ -z "$user_already_defined" || $user_already_defined -ne 1 ]]; then - while [[ "$create_new_user" != "y" && "$create_new_user" != "Y" && "$create_new_user" != "n" && "$create_new_user" != "N" ]] - do - echo "Do you want this script to create a new database user for you (This will create local OS user)? (Please enter y or n)" - read create_new_user - done - - if [[ "$create_new_user" == "n" || "$create_new_user" == "N" ]]; then - user_already_defined=1 - else - user_already_defined=0 - fi - fi - - while [[ -z "$tenant_db_user" || $tenant_db_user == "" ]] - do - if [[ "$create_new_user" == "y" || "$create_new_user" = "Y" ]]; then - echo "Please enter the name of database user to create: " - else - echo "Please enter the name of an existing database user" - fi - read tenant_db_user - done - - if [[ $user_already_defined -ne 1 ]]; then - getent passwd $tenant_db_user > /dev/null - if [[ $? -eq 0 ]]; then - while [[ "$use_existing_user" != "y" && "$use_existing_user" != "Y" && "$use_existing_user" != "n" && "$use_existing_user" != "N" ]] - do - echo "$tenant_db_user already exists. Do you want to use this user (Please enter y or n)" - read use_existing_user - if [ "$use_existing_user" = "y" ] || [ "$use_existing_user" = "Y" ]; then - user_already_defined=1 - else - unset tenant_db_user - unset user_already_defined - unset create_new_user - fi - done - fi - fi -done - - -while [[ $pwdconfirmed -ne 1 ]] # While pwd is not yet received and confirmed (i.e. entered teh same time twice) -do - while [[ $tenant_db_pwd == '' ]] # While pwd is empty... - do - echo "Enter the password for the user: " - read -s tenant_db_pwd - done - - while [[ $tenant_db_pwd2 == '' ]] # While pwd is empty... - do - echo "Please confirm the password by entering it again:" - read -s tenant_db_pwd2 - done - - if [[ "$tenant_db_pwd" == "$tenant_db_pwd2" ]]; then - pwdconfirmed=1 - else - echo "The passwords do not match. Please enter the password again." - unset tenant_db_pwd - unset tenant_db_pwd2 - fi -done - -if [[ $tenant_db_pwd_b64_encoded -eq 1 ]]; then - tenant_db_pwd=$(echo $tenant_db_pwd | base64 --decode) -fi - -default_ontology='default' -if [[ -z "$tenant_ontology" ]]; then - echo -e "\nEnter the tenant ontology name. If nothing is entered, the default name will be used: " $default_ontology - read tenant_ontology - if [[ -z "$tenant_ontology" ]]; then - tenant_ontology=$default_ontology - fi -fi - -default_basedb='BASECA' -if [[ -z "$base_db_name" ]]; then - echo -e "\nEnter the name of the Base BACA database with the TENANTINFO Table. If nothing is entered, we will use the following default value : " $default_basedb - read base_db_name - if [[ -z "$base_db_name" ]]; then - base_db_name=$default_basedb - fi -fi - -default_basedb_user='CABASEUSER' -if [[ -z "$base_db_user" ]]; then - echo -e "\nEnter the name of the database user for the Base BACA database. If nothing is entered, we will use the following default value : " $default_basedb_user - read base_db_user - if [[ -z "$base_db_user" ]]; then - base_db_user=$default_basedb_user - fi -fi - -# FOR NOW, there is no need to collect credentials for Base DB, as we are currently assuming that we are running script as DB2 admin (eg. db2inst1) on the DB2 server. -# If we decide to run from a remote machine, then UNCOMMENT the following to collect the DB2 admin credentials - -# pwdconfirmed=0 -# while [[ $pwdconfirmed -ne 1 ]] # While pwd is not yet received and confirmed (i.e. entered teh same time twice) -# do -# echo "Enter the password for the BACA base database user: " -# read -s base_tenant_db_pwd -# while [[ $base_tenant_db_pwd == '' ]] # While pwd is empty... -# do -# echo "Enter a valid value" -# read -r base_tenant_db_pwd -# done - -# echo "Please confirm the password by entering it again:" -# read -s base_tenant_db_pwd2 -# while [[ $base_tenant_db_pwd2 == '' ]] # While pwd is empty... -# do -# echo "Enter a valid value" -# read -r base_tenant_db_pwd2 -# done - -# if [[ "$base_tenant_db_pwd" == "$base_tenant_db_pwd2" ]]; then -# pwdconfirmed=1 -# else -# echo "The passwords do not match. Please enter the password again." -# unset base_tenant_db_pwd -# unset base_tenant_db_pwd2 -# fi -# done - -echo -echo "Now we will gather information about the initial BACA user that will be defined:" - -while [[ $tenant_company == '' ]] -do - echo -e "\nPlease enter the company name for the initial BACA user:" - read tenant_company -done - - -while [[ $tenant_first_name == '' ]] -do - echo -e "\nPlease enter the first name for the initial BACA user:" - read tenant_first_name -done - - -while [[ $tenant_last_name == '' ]] -do - echo -e "\nPlease enter the last name for the initial BACA user:" - read tenant_last_name -done - - -while [[ $tenant_email == '' || ! $tenant_email =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$ ]] -do - echo -e "\nPlease enter a valid email address for the initial BACA user:" - read tenant_email -done - - -while [[ $tenant_user_name == '' ]] -do - echo -e "\nPlease enter the login name for the initial BACA user:" - read tenant_user_name -done - -if [[ $use_existing_tenant -eq 1 ]]; then - db2 "connect to $base_db_name" - db2 "set schema $base_db_user" - resp=$(db2 -x "select tenanttype,dailylimit from tenantinfo where tenantid = '$tenant_id'") - tenant_type=$(echo $resp | awk '{print $1}') - daily_limit=$(echo $resp | awk '{print $2}') -fi - -rdbmsconnection="DATABASE=$tenant_db_name;HOSTNAME=$baca_database_server_ip;PORT=$baca_database_port;PROTOCOL=TCPIP;UID=$tenant_db_user;PWD=$tenant_db_pwd;" -if [[ "$ssl" == "Yes" || "$ssl" == "y" || "$ssl" == "Y" ]]; then - echo - rdbmsconnection+="Security=SSL;" - echo "--- with SSL rdbstring : " $rdbmsconnection -fi - -echo -if [[ $use_existing_tenant -ne 1 ]]; then - echo "-- Information gathering is completed. Add tenant is about to begin." -else - echo "-- Information gathering is completed. Add ontology is about to begin." -fi -echo "-- Please confirm these are the desired settings:" -echo " - tenant ID: $tenant_id" -echo " - tenant type: $tenant_type" -echo " - daily limit: $daily_limit" -echo " - tenant database name: $tenant_db_name" -echo " - database server hostname/IP: $baca_database_server_ip" -echo " - database server port: $baca_database_port" -echo " - database enabled for ssl : $ssl" -if [[ $user_already_defined -ne 1 ]]; then - echo " - tenant database user will be created by this script" -else - echo " - tenant database user already exists and will not be created by this script" -fi -echo " - tenant database user: $tenant_db_user" -echo " - ontology name: $tenant_ontology" -echo " - base database: $base_db_name" -echo " - base database user: $base_db_user" -echo " - tenant company name: $tenant_company" -echo " - tenant first name: $tenant_first_name" -echo " - tenant last name: $tenant_last_name" -echo " - tenant email address: $tenant_email" -echo " - tenant login name: $tenant_user_name" -askForConfirmation - - -if [[ $user_already_defined -ne 1 ]]; then - encrypted_pwd=$(perl -e 'print crypt($ARGV[0], "pwsalt")' $tenant_db_pwd) - sudo useradd -m -p $encrypted_pwd $tenant_db_user - if [[ $? -eq 0 ]]; then - echo "User $tenant_db_user has been added to system!" - else - echo "ERROR: Failed to add a user $tenant_db_user! Please try again..." - exit 1 - fi - echo "setting password to not expire" - sudo chage -E -1 -M -1 $tenant_db_user -fi - -# Only create DB for new tenants -if [[ $use_existing_tenant -ne 1 ]]; then - # allow using existing DB if the flag "tenant_db_exists" is true - if [[ -z "$tenant_db_exists" || $tenant_db_exists == "false" ]]; then - cp sql/CreateDB.sql.template sql/CreateDB.sql - sed -i s/\$tenant_db_name/"$tenant_db_name"/ sql/CreateDB.sql - sed -i s/\$tenant_db_user/"$tenant_db_user"/ sql/CreateDB.sql - - echo -e "\nRunning script: sql/CreateDB.sql" - db2 -stvf sql/CreateDB.sql - fi -fi - -cp sql/CreateBacaSchema.sql.template sql/CreateBacaSchema.sql -sed -i s/\$tenant_db_name/"$tenant_db_name"/ sql/CreateBacaSchema.sql -sed -i s/\$tenant_ontology/"$tenant_ontology"/ sql/CreateBacaSchema.sql -echo -e "\nRunning script: sql/CreateBacaSchema.sql" -db2 -stvf sql/CreateBacaSchema.sql - -echo -e "\nRunning script: sql/CreateBacaTables.sql" -db2 -tf sql/CreateBacaTables.sql -echo "CONNECT RESET" -db2 "CONNECT RESET" - -cp sql/TablePermissions.sql.template sql/TablePermissions.sql -sed -i s/\$tenant_db_name/"$tenant_db_name"/ sql/TablePermissions.sql -sed -i s/\$tenant_db_user/"$tenant_db_user"/ sql/TablePermissions.sql -sed -i s/\$tenant_ontology/"$tenant_ontology"/ sql/TablePermissions.sql -echo -e "\nRunning script: sql/TablePermissions.sql" -db2 -stvf sql/TablePermissions.sql - -cp sql/LoadData.sql.template sql/LoadData.sql -sed -i s/\$tenant_db_name/"$tenant_db_name"/ sql/LoadData.sql -sed -i s/\$tenant_ontology/"$tenant_ontology"/ sql/LoadData.sql -echo -e "\nRunning script: sql/LoadData.sql" -db2 -stvf sql/LoadData.sql - -cp sql/InsertTenant.sql.template sql/InsertTenant.sql -sed -i s/\$base_db_name/"$base_db_name"/ sql/InsertTenant.sql -sed -i s/\$base_db_user/"$base_db_user"/ sql/InsertTenant.sql -sed -i s/\$tenant_id/"$tenant_id"/ sql/InsertTenant.sql -sed -i s/\$tenant_ontology/"$tenant_ontology"/ sql/InsertTenant.sql -sed -i s/\$tenant_db_name/"$tenant_db_name"/ sql/InsertTenant.sql -sed -i s/\$tenant_db_name/"$tenant_db_name"/ sql/InsertTenant.sql -sed -i s/\$baca_database_server_ip/"$baca_database_server_ip"/ sql/InsertTenant.sql -sed -i s/\$baca_database_port/"$baca_database_port"/ sql/InsertTenant.sql -sed -i s/\$tenant_db_user/"$tenant_db_user"/ sql/InsertTenant.sql -sed -i s/\$tenant_db_user/"$tenant_db_user"/ sql/InsertTenant.sql -sed -i s/\$tenant_db_pwd/"$tenant_db_pwd"/ sql/InsertTenant.sql -sed -i s/\$tenant_type/"$tenant_type"/ sql/InsertTenant.sql -sed -i s/\$daily_limit/"$daily_limit"/ sql/InsertTenant.sql -sed -i s/\$rdbmsconnection/"$rdbmsconnection"/ sql/InsertTenant.sql -echo -e "\nRunning script: sql/InsertTenant.sql" -db2 -stvf sql/InsertTenant.sql - - -cp sql/InsertUser.sql.template sql/InsertUser.sql -sed -i s/\$tenant_ontology/"$tenant_ontology"/ sql/InsertUser.sql -sed -i s/\$tenant_db_name/"$tenant_db_name"/ sql/InsertUser.sql -sed -i s/\$tenant_email/"$tenant_email"/ sql/InsertUser.sql -sed -i s/\$tenant_first_name/"$tenant_first_name"/ sql/InsertUser.sql -sed -i s/\$tenant_last_name/"$tenant_last_name"/ sql/InsertUser.sql -sed -i s/\$tenant_user_name/"$tenant_user_name"/ sql/InsertUser.sql -sed -i s/\$tenant_company/"$tenant_company"/ sql/InsertUser.sql -sed -i s/\$tenant_email/"$tenant_email"/ sql/InsertUser.sql -echo -e "\nRunning script: sql/InsertUser.sql" -db2 -stvf sql/InsertUser.sql - -echo -e "\n-- Add completed succesfully. Tenant ID: $tenant_id , Ontology: $tenant_ontology \n" - -echo "-- URL (replace frontend with your frontend host): https://frontend/?tid=$tenant_id&ont=$tenant_ontology" diff --git a/BACA/configuration-ha/DB2/CSVFiles/doc_class.csv b/BACA/configuration-ha/DB2/CSVFiles/doc_class.csv deleted file mode 100644 index 0d53dbd4..00000000 --- a/BACA/configuration-ha/DB2/CSVFiles/doc_class.csv +++ /dev/null @@ -1,9 +0,0 @@ -1,Balance Statement,This is a Sample -2,Bill of Lading,This is a Sample -3,Estimates,This is a Sample -4,Invoice,This is a Sample -5,Letter,This is a Sample -6,Medical Record,This is a Sample -7,Police Report,This is a Sample -8,Power of Attorney,This is a Sample -9,Pricing Schedule,This is a Sample diff --git a/BACA/configuration-ha/DB2/CreateBaseDB.bat b/BACA/configuration-ha/DB2/CreateBaseDB.bat deleted file mode 100755 index 95a53fce..00000000 --- a/BACA/configuration-ha/DB2/CreateBaseDB.bat +++ /dev/null @@ -1,32 +0,0 @@ -@echo off -SETLOCAL - -set /p base_db_name= Enter the name of the Base BACA database. If nothing is entered, we will use the following default value 'CABASEDB': -IF NOT DEFINED base_db_name SET "base_db_name=CABASEDB" - -set /p base_db_user= Enter the name of the database user for the Base BACA database. If nothing is entered, we will use the following default value 'CABASEUSER' : -IF NOT DEFINED base_db_user SET "base_db_user=CABASEUSER" - -set /P c=Are you sure you want to continue[Y/N]? -if /I "%c%" EQU "Y" goto :DOCREATE -if /I "%c%" EQU "N" goto :DOEXIT - -:DOCREATE - echo "Running the db script" - db2 CREATE DATABASE %base_db_name% AUTOMATIC STORAGE YES USING CODESET UTF-8 TERRITORY DEFAULT COLLATE USING SYSTEM PAGESIZE 32768 - db2 CONNECT TO %base_db_name% - db2 GRANT CONNECT,DATAACCESS ON DATABASE TO USER %base_db_user% - db2 GRANT USE OF TABLESPACE USERSPACE1 TO USER %base_db_user% - db2 CONNECT RESET - db2 CONNECT TO %base_db_name% - db2 SET SCHEMA %base_db_user% - db2 CREATE TABLE TENANTINFO (tenantid varchar(128) NOT NULL, ontology varchar(128) not null,tenanttype smallint not null with default, rdbmsengine varchar(128) not null, bacaversion varchar(1024) not null, rdbmsconnection varchar(1024) for bit data default null,mongoconnection varchar(1024) for bit data default null,mongoadminconnection varchar(1024) for bit data default null,CONSTRAINT tenantinfo_pkey PRIMARY KEY (tenantid, ontology)) - db2 CONNECT RESET - goto END -:DOEXIT - echo "Exited on user input" - goto END -:END - echo "END" - -ENDLOCAL \ No newline at end of file diff --git a/BACA/configuration-ha/DB2/CreateBaseDB.sh b/BACA/configuration-ha/DB2/CreateBaseDB.sh deleted file mode 100755 index c0cd4a41..00000000 --- a/BACA/configuration-ha/DB2/CreateBaseDB.sh +++ /dev/null @@ -1,150 +0,0 @@ -#!/bin/bash - -. ./ScriptFunctions.sh - -INPUT_PROPS_FILENAME="./common_for_DB2.sh" - -if [ -f $INPUT_PROPS_FILENAME ]; then - echo "Found a $INPUT_PROPS_FILENAME. Reading in variables from that script." - . $INPUT_PROPS_FILENAME -fi - -default_basedb='BASECA' -echo -e "\n-- This script will create the BACA Base database." - -if [[ -z "$base_db_name" ]]; then - echo -e "\nEnter the name of the BACA Base database to create. (The name must be 8 chars or less). If nothing is entered, we will use this default value : " $default_basedb - read base_db_name - if [[ -z "$base_db_name" ]]; then - base_db_name=$default_basedb - fi - while [ ${#base_db_name} -gt 8 ]; - do - echo "Please enter a valid value for the base database name of max length 8 :" - read base_db_name; - echo ${#base_db_name}; - done -fi - -if [[ -z "$base_valid_user" ]]; then - base_valid_user=0 -fi - -while [[ $base_valid_user -ne 1 ]] -do - echo -e "\nWe need a non-admin database user that BACA will use to access your BASE database." - - if [[ -z "$base_user_already_defined" || $base_user_already_defined -ne 1 ]]; then - while [[ "$create_new_base_user" != "y" && "$create_new_base_user" != "Y" && "$create_new_base_user" != "n" && "$create_new_base_user" != "N" ]] - do - echo "Do you want this script to create a new database user for you (This will create local OS user)? (Please enter y or n)" - read create_new_base_user - done - - if [[ "$create_new_base_user" == "n" || "$create_new_base_user" == "N" ]]; then - base_user_already_defined=1 - base_valid_user=1 - else - base_user_already_defined=0 - fi - fi - - while [[ -z "$base_db_user" || $base_db_user == "" ]] - do - if [[ $base_user_already_defined -ne 1 ]]; then - echo "Please enter the name of database user to create: " - else - echo "Please enter the name of an existing database user:" - fi - read base_db_user - done - - if [[ $base_user_already_defined -ne 1 ]]; then - getent passwd $base_db_user > /dev/null - if [[ $? -eq 0 ]]; then - echo "$base_db_user already exists. Do you want to use this existing user (y/n)" - read use_existing_user - if [ "$use_existing_user" = "y" ] || [ "$use_existing_user" = "Y" ]; then - base_base_user_already_defined=1 - base_valid_user=1 - fi - else - base_valid_user=1 - fi - fi -done - -if [[ $base_user_already_defined = 1 ]]; then - base_pwdconfirmed=1 -else - base_pwdconfirmed=0 -fi - -while [[ $base_pwdconfirmed -ne 1 ]] # While pwd is not yet received and confirmed (i.e. entered the same time twice) -do - echo "Enter the password for the user: " - read -s db_user_pwd - while [[ $db_user_pwd == '' ]] # While pwd is empty... - do - echo "Enter a valid value" - read -s db_user_pwd - done - - echo "Please confirm the password by entering it again:" - read -s db_user_pwd2 - while [[ $db_user_pwd2 == '' ]] # While pwd is empty... - do - echo "Enter a valid value" - read -s db_user_pwd2 - done - - if [[ "$db_user_pwd" == "$db_user_pwd2" ]]; then - base_pwdconfirmed=1 - else - echo "The passwords do not match. Please enter the password again." - unset db_user_pwd - unset db_user_pwd2 - fi -done - -echo -echo "-- Information gathering is completed. Create base DB is about to begin." -askForConfirmation - -if [[ $db_user_pwd_b64_encoded -eq 1 ]]; then - db_user_pwd=$(echo $db_user_pwd | base64 --decode) -fi - -if [[ $base_user_already_defined -ne 1 ]]; then - echo - echo "Creating user $base_db_user..." - - encrypted_pwd=$(perl -e 'print crypt($ARGV[0], "pwsalt")' $db_user_pwd) - sudo useradd -m -p $encrypted_pwd $base_db_user - if [[ $? -eq 0 ]]; then - echo "User $base_db_user has been added to system!" - else - echo "ERROR: Failed to add a user $base_db_user! Please try again..." - exit 1 - fi - echo "setting password to not expire" - sudo chage -E -1 -M -1 $base_db_user -fi - -# allow using existing DB if the flag "base_db_exists" is true -if [[ -z "$base_db_exists" || $base_db_exists == "false" ]]; then - cp sql/CreateBaseDB.sql.template sql/CreateBaseDB.sql - sed -i s/\$base_db_name/"$base_db_name"/ sql/CreateBaseDB.sql - sed -i s/\$base_db_user/"$base_db_user"/ sql/CreateBaseDB.sql - echo - echo "Running script: sql/CreateBaseDB.sql" - db2 -stvf sql/CreateBaseDB.sql -fi - -cp sql/CreateBaseTable.sql.template sql/CreateBaseTable.sql -sed -i s/\$base_db_name/"$base_db_name"/ sql/CreateBaseTable.sql -sed -i s/\$base_db_user/"$base_db_user"/ sql/CreateBaseTable.sql - -echo -echo "Running script: sql/CreateBaseTable.sql" -db2 -stvf sql/CreateBaseTable.sql diff --git a/BACA/configuration-ha/DB2/UpgradeBaseDB.sh b/BACA/configuration-ha/DB2/UpgradeBaseDB.sh deleted file mode 100755 index 8409eb48..00000000 --- a/BACA/configuration-ha/DB2/UpgradeBaseDB.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/usr/bin/env bash -. ./ScriptFunctions.sh - -INPUT_PROPS_FILENAME="./common_for_DB2_Upgrade.sh" - -if [ -f $INPUT_PROPS_FILENAME ]; then - echo "Found a $INPUT_PROPS_FILENAME. Reading in variables from that script." - . $INPUT_PROPS_FILENAME -fi - -echo -e "\n-- This script will upgrade base DB" -echo - -while [[ $base_db_name == '' ]] -do - echo "Please enter a valid value for the base database name :" - read base_db_name - while [ ${#base_db_name} -gt 8 ]; - do - echo "Please enter a valid value for the base database name :" - read base_db_name; - echo ${#base_db_name}; - done -done - -while [[ -z "$base_db_user" || $base_db_user == "" ]] -do - echo "Please enter a valid value for the base database user name :" - read base_db_user -done - -echo -echo "-- Please confirm these are the desired settings:" -echo " - Base database name: $base_db_name" -echo " - Base database user name: $base_db_user" -askForConfirmation - -if [[ $SaaS != "true" || -z $SaaS ]]; then - cp sql/UpgradeBaseDB_to_1.1.sql.template sql/UpgradeBaseDB_to_1.1.sql - sed -i s/\$base_db_name/"$base_db_name"/ sql/UpgradeBaseDB_to_1.1.sql - sed -i s/\$base_db_user/"$base_db_user"/ sql/UpgradeBaseDB_to_1.1.sql - echo - echo "Running upgrade script: sql/UpgradeBaseDB_to_1.1.sql" - db2 -stvf sql/UpgradeBaseDB_to_1.1.sql -else - echo "-- Skipping UpgradeBaseDB_to_1.1.sql" -fi - -cp sql/UpgradeBaseDB_1.1_to_1.2.sql.template sql/UpgradeBaseDB_1.1_to_1.2.sql -sed -i s/\$base_db_name/"$base_db_name"/ sql/UpgradeBaseDB_1.1_to_1.2.sql -sed -i s/\$base_db_user/"$base_db_user"/ sql/UpgradeBaseDB_1.1_to_1.2.sql -echo -echo "Running upgrade script: sql/UpgradeBaseDB_1.1_to_1.2.sql" -db2 -stvf sql/UpgradeBaseDB_1.1_to_1.2.sql \ No newline at end of file diff --git a/BACA/configuration-ha/DB2/UpgradeTenantDB.sh b/BACA/configuration-ha/DB2/UpgradeTenantDB.sh deleted file mode 100755 index c1457886..00000000 --- a/BACA/configuration-ha/DB2/UpgradeTenantDB.sh +++ /dev/null @@ -1,63 +0,0 @@ -#!/usr/bin/env bash -. ./ScriptFunctions.sh - -INPUT_PROPS_FILENAME="./common_for_DB2_Tenant_Upgrade.sh" - -if [ -f $INPUT_PROPS_FILENAME ]; then - echo "Found a $INPUT_PROPS_FILENAME. Reading in variables from that script." - . $INPUT_PROPS_FILENAME -fi - -echo -e "\n-- This script will upgrade tenant DB" -echo - -while [[ $tenant_db_name == '' ]] -do - echo "Please enter a valid value for the tenant database name :" - read tenant_db_name - while [ ${#tenant_db_name} -gt 8 ]; - do - echo "Please enter a valid value for the tenant database name :" - read tenant_db_name; - echo ${#tenant_db_name}; - done -done - -while [[ -z "$tenant_db_user" || $tenant_db_user == "" ]] -do - echo "Please enter a valid value for the tenant database user name :" - read tenant_db_user -done - -while [[ $tenant_ontology == '' ]] -do - echo "Please enter a valid value for the tenant ontology name :" - read tenant_ontology -done - -echo -echo "-- Please confirm these are the desired settings:" -echo " - ontology: $tenant_ontology" -echo " - tenant database name: $tenant_db_name" -echo " - tenant database user name: $tenant_db_user" -askForConfirmation - -if [[ $SaaS != "true" || -z $SaaS ]]; then - cp sql/UpgradeTenantDB_to_1.1.sql.template sql/UpgradeTenantDB_to_1.1.sql - sed -i s/\$tenant_db_name/"$tenant_db_name"/ sql/UpgradeTenantDB_to_1.1.sql - sed -i s/\$tenant_ontology/"$tenant_ontology"/ sql/UpgradeTenantDB_to_1.1.sql - sed -i s/\$tenant_db_user/"$tenant_db_user"/ sql/UpgradeTenantDB_to_1.1.sql - echo - echo "Running upgrade script: sql/UpgradeTenantDB_to_1.1.sql" - db2 -stvf sql/UpgradeTenantDB_to_1.1.sql -else - echo "-- Skipping UpgradeTenantDB_to_1.1.sql" -fi - -cp sql/UpgradeTenantDB_1.1_to_1.2.sql.template sql/UpgradeTenantDB_1.1_to_1.2.sql -sed -i s/\$tenant_db_name/"$tenant_db_name"/ sql/UpgradeTenantDB_1.1_to_1.2.sql -sed -i s/\$tenant_ontology/"$tenant_ontology"/ sql/UpgradeTenantDB_1.1_to_1.2.sql -sed -i s/\$tenant_db_user/"$tenant_db_user"/ sql/UpgradeTenantDB_1.1_to_1.2.sql -echo -echo "Running upgrade script: sql/UpgradeTenantDB_1.1_to_1.2.sql" -db2 -stvf sql/UpgradeTenantDB_1.1_to_1.2.sql \ No newline at end of file diff --git a/BACA/configuration-ha/DB2/sql/CreateBacaTables.sql b/BACA/configuration-ha/DB2/sql/CreateBacaTables.sql deleted file mode 100644 index 5c6ac1fe..00000000 --- a/BACA/configuration-ha/DB2/sql/CreateBacaTables.sql +++ /dev/null @@ -1,707 +0,0 @@ -create table doc_class -( - doc_class_id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - doc_class_name VARCHAR (512) NOT NULL, - comment varchar(1024), - - CONSTRAINT doc_class_pkey PRIMARY KEY (doc_class_id), - - CONSTRAINT doc_class_doc_class_name_key UNIQUE (doc_class_name) -); - -create table doc_alias -( - doc_alias_id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - doc_alias_name VARCHAR (512) NOT NULL, - language CHAR(3) NOT NULL, - - CONSTRAINT doc_alias_pkey PRIMARY KEY (doc_alias_id), - - CONSTRAINT doc_alias_doc_alias_name_key UNIQUE (doc_alias_name) -); - -create table key_class -( - key_class_id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - key_class_name VARCHAR (512) NOT NULL, - datatype VARCHAR (256) NOT NULL, - mandatory BOOLEAN, - sensitive BOOLEAN, - comment VARCHAR(1024), - - CONSTRAINT key_class_pkey PRIMARY KEY (key_class_id) -); - -create table key_alias -( - key_alias_id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - key_alias_name VARCHAR (512) NOT NULL, - language CHAR(3) NOT NULL, - - CONSTRAINT key_alias_pkey PRIMARY KEY (key_alias_id), - - CONSTRAINT key_alias_key_alias_name_key UNIQUE (key_alias_name) -); - -create table cword -( - cword_id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - cword_name VARCHAR (512) NOT NULL, - - CONSTRAINT cword_pkey PRIMARY KEY (cword_id), - - CONSTRAINT cword_cword_name_key UNIQUE (cword_name) -); - -create table doc_alias_dc -( - doc_alias_id INTEGER NOT NULL, - doc_class_id INTEGER NOT NULL, - da_count INTEGER NOT NULL, - - CONSTRAINT doc_alias_dc_pkey PRIMARY KEY (doc_alias_id, doc_class_id), - - CONSTRAINT doc_alias_dc_doc_alias_id_fkey FOREIGN KEY (doc_alias_id) REFERENCES doc_alias (doc_alias_id) - ON UPDATE RESTRICT ON DELETE CASCADE, - - constraint doc_alias_dc_doc_class_id_fkey FOREIGN KEY (doc_class_id) REFERENCES doc_class (doc_class_id) - ON UPDATE RESTRICT ON DELETE CASCADE - -); - -create table key_class_dc -( - key_class_id INTEGER NOT NULL, - doc_class_id INTEGER NOT NULL, - CONSTRAINT key_class_dc_pkey PRIMARY KEY (key_class_id, doc_class_id), - - CONSTRAINT key_class_dc_key_class_id_fkey FOREIGN KEY (key_class_id) REFERENCES key_class (key_class_id) - ON UPDATE RESTRICT ON DELETE CASCADE, - - CONSTRAINT key_class_dc_doc_class_id_fkey FOREIGN KEY (doc_class_id) REFERENCES doc_class (doc_class_id) - ON UPDATE RESTRICT ON DELETE CASCADE -); - -create table key_alias_dc -( - key_alias_id INTEGER NOT NULL, - doc_class_id INTEGER NOT NULL, - ka_count INTEGER NOT NULL, - - CONSTRAINT key_alias_dc_pkey PRIMARY KEY (key_alias_id, doc_class_id), - - CONSTRAINT key_alias_dc_key_alias_id_fkey FOREIGN KEY (key_alias_id) REFERENCES key_alias (key_alias_id) - ON UPDATE RESTRICT ON DELETE CASCADE, - - CONSTRAINT key_alias_dc_doc_class_id_fkey FOREIGN KEY (doc_class_id) REFERENCES doc_class (doc_class_id) - ON UPDATE RESTRICT ON DELETE CASCADE -); - -create table key_alias_kc -( - key_alias_id INTEGER NOT NULL, - - key_class_id INTEGER NOT NULL, - - CONSTRAINT key_alias_kc_pkey PRIMARY KEY (key_alias_id, key_class_id), - - CONSTRAINT key_alias_kc_key_alias_id_fkey FOREIGN KEY (key_alias_id) REFERENCES key_alias (key_alias_id) - ON UPDATE RESTRICT ON DELETE CASCADE, - - CONSTRAINT key_alias_kc_key_class_id_fkey FOREIGN KEY (key_class_id) REFERENCES key_class (key_class_id) - ON UPDATE RESTRICT ON DELETE CASCADE -); - -create table cword_dc -( - doc_class_id INTEGER NOT NULL, - cword_id INTEGER NOT NULL, - cw_count INTEGER NOT NULL, - - CONSTRAINT cword_dc_pkey PRIMARY KEY (cword_id, doc_class_id), - - CONSTRAINT cword_dc_doc_class_id_fkey FOREIGN KEY (doc_class_id) REFERENCES doc_class (doc_class_id) - ON UPDATE RESTRICT ON DELETE CASCADE, - - CONSTRAINT cword_dc_cword_id_fkey FOREIGN KEY (cword_id) REFERENCES cword (cword_id) - ON UPDATE RESTRICT ON DELETE CASCADE -); - -create table heading -( - heading_id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - heading_name VARCHAR (512) NOT NULL, - comment VARCHAR(1024), - CONSTRAINT heading_pkey PRIMARY KEY (heading_id) -); - -create table heading_alias -( - heading_alias_id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - heading_alias_name VARCHAR (512) NOT NULL, - - CONSTRAINT heading_alias_pkey PRIMARY KEY (heading_alias_id), - - CONSTRAINT heading_alias_heading_alias_name_key unique (heading_alias_name) -); - -create table heading_dc -( - heading_id INTEGER NOT NULL, - - doc_class_id INTEGER NOT NULL, - - CONSTRAINT heading_dc_pkey PRIMARY KEY (heading_id, doc_class_id), - - CONSTRAINT heading_dc_heading_id_fkey FOREIGN KEY (heading_id) REFERENCES heading (heading_id) - ON UPDATE RESTRICT ON DELETE CASCADE, - - CONSTRAINT heading_dc_doc_class_id_fkey FOREIGN KEY (doc_class_id) REFERENCES doc_class (doc_class_id) - ON UPDATE RESTRICT ON DELETE CASCADE -); - -create table heading_alias_h -( - heading_alias_id INTEGER NOT NULL, - heading_id INTEGER NOT NULL, - - CONSTRAINT heading_alias_h_pkey PRIMARY KEY (heading_alias_id, heading_id), - - CONSTRAINT heading_alias_h_heading_alias_id_fkey FOREIGN KEY (heading_alias_id) REFERENCES heading_alias (heading_alias_id) - ON UPDATE RESTRICT ON DELETE CASCADE, - - CONSTRAINT heading_alias_h_heading_id_fkey FOREIGN KEY (heading_id) REFERENCES heading (heading_id) - ON UPDATE RESTRICT ON DELETE CASCADE -); - -create table heading_alias_dc -( - heading_alias_id INTEGER NOT NULL, - doc_class_id INTEGER NOT NULL, - - CONSTRAINT heading_alias_dc_pkey PRIMARY KEY (heading_alias_id, doc_class_id), - - CONSTRAINT heading_alias_dc_heading_alias_id_fkey FOREIGN KEY (heading_alias_id) REFERENCES heading_alias (heading_alias_id) - ON UPDATE RESTRICT ON DELETE CASCADE, - - CONSTRAINT heading_alias_dc_doc_class_id_fkey FOREIGN KEY (doc_class_id) REFERENCES doc_class (doc_class_id) - ON UPDATE RESTRICT ON DELETE CASCADE -); - -create table pattern -( - pattern_id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - pattern_name VARCHAR (512) NOT NULL, - description VARCHAR(1024), - namespace SMALLINT NOT NULL, - extraction_tool SMALLINT NOT NULL, - pattern VARCHAR(1024) NOT NULL, - predefined SMALLINT DEFAULT 0, - - CONSTRAINT pattern_pkey PRIMARY KEY (pattern_id), - - CONSTRAINT pattern_pattern_name_key UNIQUE (pattern_name) -); - -create table pattern_kc -( - pattern_id INTEGER NOT NULL, - key_class_id INTEGER NOT NULL, - pattern_type SMALLINT NOT NULL, - - CONSTRAINT pattern_kc_pkey PRIMARY KEY (pattern_id, key_class_id), - - CONSTRAINT pattern_kc_pattern_id_fkey FOREIGN KEY (pattern_id) REFERENCES pattern (pattern_id) - ON UPDATE RESTRICT ON DELETE CASCADE, - - CONSTRAINT pattern_kc_key_class_id_fkey FOREIGN KEY (key_class_id) REFERENCES key_class (key_class_id) - ON UPDATE RESTRICT ON DELETE CASCADE -); - -create table user_detail -( - user_id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - email VARCHAR(1024) NOT NULL, - first_name VARCHAR(512) NOT NULL, - last_name VARCHAR(512) NOT NULL, - phone VARCHAR(256), - company VARCHAR(512), - expire INTEGER, - expiry_date BIGINT, - token VARCHAR(1024) FOR BIT DATA DEFAULT NULL, - user_name VARCHAR(1024) NOT NULL, - CONSTRAINT user_detail_pkey PRIMARY KEY (user_id), - CONSTRAINT user_detail_email_key UNIQUE (email), - CONSTRAINT user_name UNIQUE (user_name) -); - -create table login_detail -( - user_id INTEGER, - role VARCHAR(32), - status BOOLEAN, - logged_in BOOLEAN DEFAULT 0, - - CONSTRAINT login_detail_user_id_fkey FOREIGN KEY (user_id) REFERENCES user_detail (user_id) - ON UPDATE RESTRICT ON DELETE CASCADE -); - -create table integration -( - id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - type VARCHAR(32), - url VARCHAR(1024), - user_name VARCHAR(256) DEFAULT NULL, - password VARCHAR(512) FOR BIT DATA DEFAULT NULL, - label VARCHAR(256), - status BOOLEAN, - model_id VARCHAR(1024), - api_key VARCHAR(1024) FOR BIT DATA DEFAULT NULL, - flag VARCHAR(64), - CONSTRAINT integration_pkey PRIMARY KEY (id) -); - -create table integration_dc -( - id INTEGER NOT NULL, - doc_class_id INTEGER NOT NULL, - checked SMALLINT, - - CONSTRAINT integration_dc_id_fkey FOREIGN KEY (id) REFERENCES integration (id) - ON UPDATE RESTRICT ON DELETE CASCADE, - - CONSTRAINT integration_dc_doc_class_id_fkey FOREIGN KEY (doc_class_id) REFERENCES doc_class (doc_class_id) - ON UPDATE RESTRICT ON DELETE CASCADE, - - CONSTRAINT integration_dc_pkey PRIMARY KEY (id, doc_class_id) -); - -create table import_ontology -( - id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - user_id INTEGER, - date BIGINT, - start_time BIGINT, - end_time BIGINT, - complete BOOLEAN, - failure BOOLEAN, - - CONSTRAINT import_ontology_user_id_fkey FOREIGN KEY (user_id) REFERENCES user_detail (user_id) - ON UPDATE RESTRICT ON DELETE CASCADE, - - CONSTRAINT import_ontology_pkey PRIMARY KEY (id) -); - -create table api_integrations_objectsstore -( - id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - user_id INTEGER NOT NULL, - type VARCHAR(64), - bucket_name VARCHAR(128) NOT NULL, - endpoint VARCHAR(1024) NOT NULL, - access_key VARCHAR(1024) NOT NULL FOR BIT DATA, - access_id VARCHAR(1024) NOT NULL FOR BIT DATA, - signatureversion VARCHAR(128) NOT NULL, - forcestylepath boolean, - - CONSTRAINT api_integrations_objectsstore_id_pk PRIMARY KEY (id), - - CONSTRAINT api_integrations_objectsstore_user_detail_user_id_fk FOREIGN KEY (user_id) REFERENCES user_detail (user_id) -); - -create table smartpages_options -( - id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - outputname VARCHAR(6), - company VARCHAR(512), - selections VARCHAR(256), - CONSTRAINT smartpages_options_pkey PRIMARY KEY (id) -); - -create table fonts -( - font_id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - font_size VARCHAR(256) NOT NULL, - total_no_of_observations INTEGER, - sum_of_observations_by_no_of_pixels DOUBLE, - sum_of_square_of_observations DOUBLE, - - CONSTRAINT fonts_pkey PRIMARY KEY (font_id) -); - -create table fonts_dc -( - font_id INTEGER NOT NULL, - doc_class_id INTEGER NOT NULL, - - CONSTRAINT fonts_dc_pkey PRIMARY KEY (font_id, doc_class_id), - - CONSTRAINT fonts_dc_font_id_fkey FOREIGN KEY (font_id) REFERENCES fonts (font_id) - ON UPDATE RESTRICT ON DELETE CASCADE, - - CONSTRAINT fonts_dc_doc_class_id_fkey FOREIGN KEY (doc_class_id) REFERENCES doc_class (doc_class_id) - ON UPDATE RESTRICT ON DELETE CASCADE -); - -create table fonts_transid -( - id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - transid VARCHAR(256) NOT NULL, - - CONSTRAINT fonts_transid_pkey PRIMARY KEY (id), - - CONSTRAINT fonts_transid_transid_key UNIQUE (transid) -); - -create table db_backup -( - id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - date BIGINT NOT NULL, - frequency CHAR(15) NOT NULL, - type VARCHAR(1024) NOT NULL, - start_time BIGINT, - end_time BIGINT, - complete BOOLEAN DEFAULT 0, - failure BOOLEAN DEFAULT 0, - obj_cred_id INTEGER NOT NULL, - - CONSTRAINT db_backup_pkey PRIMARY KEY (id) - - --CONSTRAINT db_backup_obj_cred_id_fkey FOREIGN KEY (obj_cred_id) REFERENCES api_integrations_objectsstore (obj_cred_id) - --ON UPDATE RESTRICT ON DELETE CASCADE -); - -create table key_spacing -( - key_class_id INTEGER NOT NULL, - key_class_count INTEGER, - key_class_count_doc INTEGER, - class_total_docs INTEGER, - sum_x INTEGER, - sum_x_sq INTEGER, - sum_y INTEGER, - sum_y_sq INTEGER, - - CONSTRAINT key_spacing_pkey PRIMARY KEY (key_class_id), - - CONSTRAINT key_spacing_key_class_id_fkey FOREIGN KEY (key_class_id) REFERENCES key_class (key_class_id) - ON UPDATE RESTRICT ON DELETE CASCADE -); - - -create table processed_file -( - id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - transaction_id VARCHAR(256) NOT NULL, - file_name VARCHAR(1024) NOT NULL, - number_of_page INTEGER, - date BIGINT, - start_time BIGINT, - end_time BIGINT, - failed_ocr_pages INTEGER DEFAULT 0, - failed_pages INTEGER DEFAULT 0, - failed BOOLEAN DEFAULT FALSE, - - CONSTRAINT processed_file_pkey PRIMARY KEY (id), - CONSTRAINT processed_file_transaction_id_key UNIQUE (transaction_id) -); - -create table error_log -( - id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - transaction_id VARCHAR(256), - error_code CHAR(32), - description VARCHAR(1024), - date BIGINT, - - CONSTRAINT error_log_pkey PRIMARY KEY (id), - - CONSTRAINT error_log_transaction_id_fkey FOREIGN KEY (transaction_id) REFERENCES processed_file (transaction_id) - ON UPDATE RESTRICT ON DELETE CASCADE -); - -create table db_restore -( - id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - start_time BIGINT, - end_time BIGINT, - complete BOOLEAN DEFAULT FALSE, - failure BOOLEAN DEFAULT FALSE, - - CONSTRAINT db_restore_pkey PRIMARY KEY (id) -); - ---flags -0 user defined and default 1. will be training set detected ---rank -relative importance number 0.0 to 1.0 -create table feature -( - doc_class_id INTEGER NOT NULL, - name VARCHAR (512) NOT NULL, - flags SMALLINT NOT NULL DEFAULT 0, - rank REAL DEFAULT 1.0, - - CONSTRAINT feature_doc_class_id_flags_name_key UNIQUE (doc_class_id ,flags, name), - - CONSTRAINT feature_doc_class_id_fkey FOREIGN KEY (doc_class_id) REFERENCES doc_class (doc_class_id) - ON UPDATE RESTRICT ON DELETE CASCADE - -); - ---status 0.uploaded 1.processing 2.text (completed status) 3.error -create table document -( - id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - name VARCHAR(1024) NOT NULL, - doc_class_id INTEGER NOT NULL, - num_pages SMALLINT NOT NULL, - upload_date BIGINT NOT NULL, - user_uploaded INTEGER NOT NULL, - status SMALLINT NOT NULL, - error_info VARCHAR(1024), - content BLOB(250M), - - CONSTRAINT doc_doc_class_id_fkey FOREIGN KEY (doc_class_id) REFERENCES doc_class (doc_class_id) - ON UPDATE RESTRICT ON DELETE CASCADE, - - CONSTRAINT document_pkey PRIMARY KEY (id) -); - ---1. initialized 2. running 3.error 4.trained ---createdby user ---major_version developer controled no auto increment. Update for each release (1.0) ---minor version in each release increment.Reset after new major version update. - -create table training_log -( - id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - status SMALLINT NOT NULL, - created_date BIGINT NOT NULL, - major_version SMALLINT NOT NULL, - minor_version SMALLINT NOT NULL, - error_info VARCHAR(1024), - created_by INTEGER NOT NULL, - json_model_input_detail BLOB(250M), - global_feature_vector BLOB(250M), - - CONSTRAINT training_log_pkey PRIMARY KEY (id) -); - ---create a sequence for minor version -CREATE SEQUENCE MINOR_VER_SEQ AS SMALLINT START WITH 1 INCREMENT BY 1 NO CYCLE NO CACHE ORDER; - ---version developer of classifier specifies -create table classifier -( - id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - training_id INTEGER NOT NULL, - displayname VARCHAR(1024) NOT NULL, - algorithm SMALLINT NOT NULL, - accuracy real, - version SMALLINT, - model_output BLOB(250M), - json_feature_vector BLOB(250M), - json_report BLOB(250M), - - CONSTRAINT classifier_pkey PRIMARY KEY (id), - - CONSTRAINT classifier_fkey FOREIGN KEY (training_id) REFERENCES training_log (id) - ON UPDATE RESTRICT ON DELETE CASCADE -); - ---published_status active ,inactive -create table ontology -( - vid INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - default_classifier_id INTEGER NOT NULL, - name VARCHAR(128) NOT NULL, - published_status SMALLINT default 0, - published_date BIGINT NOT NULL, - published_user INTEGER NOT NULL, - - CONSTRAINT ontology_fkey FOREIGN KEY (default_classifier_id) REFERENCES classifier(id) - ON UPDATE RESTRICT ON DELETE RESTRICT -); - -create table audit_ontology -( - id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - username VARCHAR(1024), - type VARCHAR(256), - action VARCHAR(512), - description VARCHAR(1024), - date BIGINT, - time_elapsed VARCHAR(128), - error BOOLEAN DEFAULT FALSE, - page VARCHAR(32) DEFAULT '', - - CONSTRAINT audit_ontology_pkey PRIMARY KEY (id) -); - -create table audit_login_activity -( - id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - username VARCHAR(1024), - type VARCHAR(256), - action VARCHAR(512), - description VARCHAR(1024), - date BIGINT, - time_elapsed VARCHAR(128), - error BOOLEAN DEFAULT FALSE, - page VARCHAR(32) DEFAULT '', - - CONSTRAINT audit_login_activity_pkey PRIMARY KEY (id) -); - -create table audit_processed_files -( - id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - username VARCHAR(1024), - type VARCHAR(256), - action VARCHAR(512), - description VARCHAR(1024), - date BIGINT, - time_elapsed VARCHAR(128), - transaction_id VARCHAR(256), - error BOOLEAN DEFAULT FALSE, - page VARCHAR(32) DEFAULT '', - - CONSTRAINT audit_processed_files_pkey PRIMARY KEY (id) -); - -create table audit_user_activity -( - id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - username VARCHAR(1024), - type VARCHAR(256), - action VARCHAR(512), - description VARCHAR(1024), - date BIGINT, - time_elapsed VARCHAR(128), - error BOOLEAN DEFAULT FALSE, - page VARCHAR(32) DEFAULT '', - - CONSTRAINT audit_user_activity_pkey PRIMARY KEY (id) -); - -create table audit_api_activity -( - id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - username VARCHAR(1024), - type VARCHAR(256), - action VARCHAR(512), - description VARCHAR(1024), - date BIGINT, - time_elapsed VARCHAR(128), - error BOOLEAN DEFAULT FALSE, - page VARCHAR(32) DEFAULT '', - - CONSTRAINT audit_api_activity PRIMARY KEY (id) -); - -create table audit_system_activity -( - id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - username VARCHAR(1024), - type VARCHAR(256), - action VARCHAR(512), - description VARCHAR(1024), - date BIGINT, - time_elapsed VARCHAR(128), - error BOOLEAN DEFAULT FALSE, - page VARCHAR(32) DEFAULT '', - - CONSTRAINT audit_system_activity_pkey PRIMARY KEY (id) -); - -create table audit_integration_activity -( - id INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1 NO CYCLE), - username VARCHAR(1024), - type VARCHAR(256), - action VARCHAR(512), - description VARCHAR(1024), - date BIGINT, - time_elapsed VARCHAR(128), - error BOOLEAN DEFAULT FALSE, - page VARCHAR(32) DEFAULT '', - - CONSTRAINT audit_integration_activity_pkey PRIMARY KEY (id) -); - -CREATE OR REPLACE VIEW audit_sys_report AS SELECT audit_ontology.username, - audit_ontology.type, - audit_ontology.action, - audit_ontology.description, - audit_ontology.date, - audit_ontology.time_elapsed, - audit_ontology.error, - audit_ontology.page, - 'Ontology' AS details - FROM audit_ontology -UNION - SELECT audit_processed_files.username, - audit_processed_files.type, - audit_processed_files.action, - audit_processed_files.description, - audit_processed_files.date, - audit_processed_files.time_elapsed, - audit_processed_files.error, - audit_processed_files.page, - 'Processed files' AS details - FROM audit_processed_files -UNION - SELECT audit_login_activity.username, - audit_login_activity.type, - audit_login_activity.action, - audit_login_activity.description, - audit_login_activity.date, - audit_login_activity.time_elapsed, - audit_login_activity.error, - audit_login_activity.page, - 'Login activity' AS details - FROM audit_login_activity -UNION - SELECT audit_user_activity.username, - audit_user_activity.type, - audit_user_activity.action, - audit_user_activity.description, - audit_user_activity.date, - audit_user_activity.time_elapsed, - audit_user_activity.error, - audit_user_activity.page, - 'User activity' AS details - FROM audit_user_activity -UNION - SELECT audit_system_activity.username, - audit_system_activity.type, - audit_system_activity.action, - audit_system_activity.description, - audit_system_activity.date, - audit_system_activity.time_elapsed, - audit_system_activity.error, - audit_system_activity.page, - 'System activity' AS detailsimport_ontology - FROM audit_system_activity -UNION - SELECT audit_integration_activity.username, - audit_integration_activity.type, - audit_integration_activity.action, - audit_integration_activity.description, - audit_integration_activity.date, - audit_integration_activity.time_elapsed, - audit_integration_activity.error, - audit_integration_activity.page, - 'Integration activity' AS details - FROM audit_integration_activity -UNION - SELECT audit_api_activity.username, - audit_api_activity.type, - audit_api_activity.action, - audit_api_activity.description, - audit_api_activity.date, - audit_api_activity.time_elapsed, - audit_api_activity.error, - audit_api_activity.page, - 'API activity' AS details - FROM audit_api_activity -; diff --git a/BACA/configuration-ha/README.md b/BACA/configuration-ha/README.md deleted file mode 100644 index 9ae45484..00000000 --- a/BACA/configuration-ha/README.md +++ /dev/null @@ -1,4 +0,0 @@ -# Please Preparing your environment for Content Analyzer - -Please perform the steps described in the following page in IBM Content Analyzer Knowledge Center before proceed to installing the Charts. -https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.install/topics/tsk_preparing_baca_deploy.html diff --git a/BACA/configuration-ha/bashfunctions.sh b/BACA/configuration-ha/bashfunctions.sh deleted file mode 100755 index 9430e6ce..00000000 --- a/BACA/configuration-ha/bashfunctions.sh +++ /dev/null @@ -1,407 +0,0 @@ -#!/usr/bin/env bash - -# -# Licensed Materials - Property of IBM -# 6949-68N -# -# © Copyright IBM Corp. 2018 All Rights Reserved -# - -# Function to request user for their domain name - -export ICP_clustername=$(echo $DOCKER_REG_FOR_SERVICES | awk -F'[.]' '{print $1}') -export ICP_account_id="id-"$ICP_clustername"-account" - -# Login to ICP, to ensure bx pr and kubectl commands work in later functions -function loginToCluster() { - if [[ $ICP_VERSION == "3.1.0" || $ICP_VERSION == "3.1.2" ]]; then - echo - #echo "\x1B[1;31m Logging into ICP using: bx pr login -a https://$MASTERIP:8443 --skip-ssl-validation -u admin - # -p admin -c id-mycluster-account. \x1B[0m" - export ICP_USER_PASSWORD_DECODE=$(echo $ICP_USER_PASSWORD | base64 --decode) - #ICP 3.10 - cloudctl login -a https://$MASTERIP:8443 --skip-ssl-validation -u $ICP_USER -p $ICP_USER_PASSWORD_DECODE -c $ICP_account_id -n default - fi - if [[ $OCP_VERSION == "3.11" ]]; then - echo - export OCP_USER_PASSWORD_DECODE=$(echo $OCP_USER_PASSWORD | base64 --decode) - #echo "\x1B[1;31m Logging into OCP using: oc login https://$MASTERIP:8443 --insecure-skip-tls-verify=true -u $OCP_USER - # -p $OCP_USER_PASSWORD_DECODE. \x1B[0m" - #OCP 3.11 - oc login https://$MASTERIP:8443 --insecure-skip-tls-verify=true -u $OCP_USER -p $OCP_USER_PASSWORD_DECODE - fi -} - -# ------------------- -# HELM Client setup -# ------------------- -function downloadHelmClient() { - - - if [[ $ICP_VERSION == "3.1.0" || $ICP_VERSION == "3.1.2" ]]; then - echo - echo "Downloading Helm 2.9.1 from ICp" - curl -kLo helm-linux-amd64-v2.9.1.tar.gz https://$MASTERIP:8443/api/cli/helm-linux-amd64.tar.gz - echo - echo "Moving helm to /usr/local/bin and chmod 755 helm" - tar -xvf helm-linux-amd64-v2.9.1.tar.gz - chmod 755 ./linux-amd64/helm && mv ./linux-amd64/helm /usr/local/bin - rm -rf linux-amd64 - # testing Helm - echo Testing Helm CLI using: helm version --tls - helm version --tls - fi - - if [[ $OCP_VERSION == "3.11" ]]; then - echo "Downloading Helm 2.11.0 from Github" - curl -s https://storage.googleapis.com/kubernetes-helm/helm-v2.11.0-linux-amd64.tar.gz | tar xz - echo - echo "Moving helm to /usr/local/bin and chmod 755 helm" - - chmod 755 ./linux-amd64/helm && mv ./linux-amd64/helm /usr/local/bin - rm -rf linux-amd64 - - fi -} - - -function helmSetup(){ - - if [[ $ICP_VERSION == "3.1.2" ]]; then - # ICP specific setup - echo - echo Initializing Helm CLI using: helm init --client-only - helm init --client-only - echo - echo Creating clusterrolebinding tiller-cluster-admin .... - kubectl create clusterrolebinding tiller-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default - fi - - if [[ $OCP_VERSION == "3.11" ]]; then - echo Creating clusterrolebinding tiller-cluster-admin .... - export TILLER_NAMESPACE=tiller - oc new-project $TILLER_NAMESPACE - oc project $TILLER_NAMESPACE - oc process -f /~https://github.com/openshift/origin/raw/master/examples/helm/tiller-template.yaml -p TILLER_NAMESPACE="${TILLER_NAMESPACE}" -p HELM_VERSION=v2.11.0 | oc create -f - - oc rollout status deployment tiller - oc project $KUBE_NAME_SPACE - oc policy add-role-to-user $OCP_USER "system:serviceaccount:${TILLER_NAMESPACE}:tiller" - fi - -} - -function checkHelm(){ - - if [[ $ICP_VERSION == "3.1.2" ]]; then - MAX_ITERATIONS=120 - count=0 - while [[ $( kubectl get deployment tiller-deploy --namespace kube-system | sed -n '1!p' | awk '{print $5}' ) == 0 ]] - do - if [ "$count" -eq $MAX_ITERATIONS ]; then - echo "ERROR: Failed to find tiller-deploy after $MAX_ITERATIONS tries. Please check your cluster using kubectl get deployment tiller-deploy --namespace kube-system" - return 1 - fi - echo "Checking that helm tiller is deployed ......................" - sleep 10 - ((count++)) - done - echo "Helm deployed successfully ......................" - fi -} - - - -function getWorkerIPs() { - echo "inside getWorkerIPs" - if [[ $ICP_VERSION == "3.1.0" || $ICP_VERSION == "3.1.2" ]]; then - export ICP_USER_PASSWORD_DECODE=$(echo $ICP_USER_PASSWORD | base64 --decode) - echo "About to get all the worker IPs from $ICP_VERSION" - echo "login -a https://$MASTERIP:8443 --skip-ssl-validation -u $ICP_USER -p $ICP_USER_PASSWORD_DECODE -c $ICP_account_id" - cloudctl login -a https://$MASTERIP:8443 --skip-ssl-validation -u $ICP_USER -p $ICP_USER_PASSWORD_DECODE -c $ICP_account_id -n default - export WORKER_IPs=$(cloudctl cm workers --json | grep "publicIP" | awk '{print $2}' | cut -d ',' -f1 | tr -d '"') - if [ -z "$WORKER_IPs" ]; then - echo "Cannot find public IP for worker nodes. Will try to check for Private IP now" - export WORKER_IPs=$(cloudctl cm workers --json | grep "privateIP" | awk '{print $2}' | cut -d ',' -f1 | tr -d '"') - echo WORKER_IPs=$WORKER_IPs - if [[ -z "$WORKER_IPs" ]]; then exit 1; fi - fi - fi - if [[ $OCP_VERSION == "3.11" ]]; then - echo "About to get all the worker IPs from $OCP_VERSION" - loginToCluster - export WORKER_IPs=$(oc get nodes | grep compute | grep [^Not]Ready | awk '{print $1}' | cut -d ',' -f1 | tr -d '"') - echo WORKER_IPs=$WORKER_IPs - if [[ -z "$WORKER_IPs" ]]; then exit 1; fi - fi - -} -function getWorkerIPBasedOnLabel() { - echo "inside getWorkerIP1s. It will get the worker IPs based on label" - - loginToCluster - if [[ $ICP_VERSION == "3.1.0" || $ICP_VERSION == "3.1.2" ]]; then - export WORKER_IP1s=$(kubectl get nodes --show-labels |grep worker.*$KUBE_NAME_SPACE=baca | grep [^Not]Ready | awk {'print $1'}) - fi - if [[ $OCP_VERSION == "3.11" ]]; then - export WORKER_IP1s=$(kubectl get nodes --show-labels |grep compute=true |grep celery$KUBE_NAME_SPACE'='baca | grep [^Not]Ready | awk {'print $1'}) - fi - echo $WORKER_IP1s - if [[ -z "$WORKER_IP1s" ]]; then exit 1; fi - -} -function clearAllLabels(){ - echo "About to clear ALL label nodes with in $KUBE_NAME_SPACE" - getWorkerIPs - for i in $WORKER_IPs - do - echo "Clear out previous labeling" - kubectl label nodes $i {celery$KUBE_NAME_SPACE-,mongo$KUBE_NAME_SPACE-,mongo-admin$KUBE_NAME_SPACE-} - echo - done -} -#function labelNodes() { -# clearAllLabels -# echo "About to label ALL nodes with celery$KUBE_NAME_SPACE=baca." -# getWorkerIPs -# for i in $WORKER_IPs -# do -# echo "Label --overwrite $i with celery$KUBE_NAME_SPACE=baca" -# kubectl label nodes --overwrite $i {celery$KUBE_NAME_SPACE=baca,mongo$KUBE_NAME_SPACE=baca,mongo-admin$KUBE_NAME_SPACE=baca} -# done -#} - -function customLabelNodes() { - loginToCluster - clearAllLabels -# echo "Clear out previous labeling" -# kubectl label nodes $i {celery$KUBE_NAME_SPACE-,mongo$KUBE_NAME_SPACE-,mongo-admin$KUBE_NAME_SPACE-,postgres$KUBE_NAME_SPACE-} - - echo "About to label --overwrite $CA_WORKERS with celery$KUBE_NAME_SPACE=baca." - echo label nodes {$CA_WORKERS} celery$KUBE_NAME_SPACE=baca - for i in $(echo $CA_WORKERS | sed "s/,/ /g") - do - echo "Label $i with celery$KUBE_NAME_SPACE=baca" - kubectl label nodes --overwrite $i celery$KUBE_NAME_SPACE=baca - echo - done - echo - echo "About to label $MONGO_WORKERS with mongo$KUBE_NAME_SPACE=baca." - for i in $(echo $MONGO_WORKERS | sed "s/,/ /g") - do - echo "Label $i with mongo$KUBE_NAME_SPACE=baca" - kubectl label nodes --overwrite $i mongo$KUBE_NAME_SPACE=baca - done - echo - echo "About to label $MONGO_ADMIN_WORKERS with mongo-admin$KUBE_NAME_SPACE=baca." - for i in $(echo $MONGO_ADMIN_WORKERS | sed "s/,/ /g") - do - echo "Label $i with mongo-admin$KUBE_NAME_SPACE=baca" - kubectl label nodes --overwrite $i mongo-admin$KUBE_NAME_SPACE=baca - done - echo -} - - - -function getNFSServer() { - #Get a list of worker IPs - if [[ $PVCCHOICE == "1" ]]; then # This is the option 1 where the script will create everything for Internal usage. - getWorkerIPBasedOnLabel - #Create directories: - echo "Creating required directory for SP by ssh into $NFS_IP" - if [ -z "$SSH_USER" ]; then - export SSH_USER="root" - fi - - if [ "$SSH_USER" == "root" ]; then - export SUDO_CMD="" - else - export SUDO_CMD="sudo " - fi - echo "Creating necessary folder in $NFS_IP..." - ssh $SSH_USER@$NFS_IP -oStrictHostKeyChecking=no "$SUDO_CMD mkdir -p /exports/smartpages/$KUBE_NAME_SPACE/{logs,data,config}" - ssh $SSH_USER@$NFS_IP -oStrictHostKeyChecking=no "$SUDO_CMD mkdir -p /exports/smartpages/$KUBE_NAME_SPACE/logs/{backend,frontend,callerapi,processing-extraction,pdfprocess,setup,interprocessing,classifyprocess-classify,ocr-extraction,postprocessing,reanalyze,updatefiledetail,spfrontend,redis,rabbitmq,mongo,mongoadmin,utf8process}" - ssh $SSH_USER@$NFS_IP -oStrictHostKeyChecking=no "$SUDO_CMD mkdir -p /exports/smartpages/$KUBE_NAME_SPACE/config/backend" - - - - echo "Creating data directory on NFS ..." - ssh $SSH_USER@$NFS_IP -oStrictHostKeyChecking=no "$SUDO_CMD mkdir -p /exports/smartpages/$KUBE_NAME_SPACE/data/{mongo,mongoadmin,redis,rabbitmq}" - - - echo "Setting owner (51000:51001) for BACA's PVC" - ssh $SSH_USER@$NFS_IP -oStrictHostKeyChecking=no "$SUDO_CMD chown -R 51000:51001 /exports/smartpages/" - - - - - echo "Checking to see if NFS server is installed..." - if [[ $ICP_VERSION == "3.1.2" ]]; then - ssh $SSH_USER@$NFS_IP "$SUDO_CMD systemctl status nfs-kernel-server" - if [[ $? != "0" ]]; then - echo "We could not find nfs service. We will try to install nfs server" - ssh $SSH_USER@$NFS_IP "$SUDO_CMD apt install nfs-kernel-server && $SUDO_CMD systemctl enable nfs-kernel-server && $SUDO_CMD systemctl restart nfs-kernel-server" - - fi - fi - if [[ $OCP_VERSION == "3.11" ]]; then - ssh $SSH_USER@$NFS_IP "$SUDO_CMD systemctl status nfs-server" - if [[ $? != "0" ]]; then - echo "We could not find nfs service. We will try to install nfs server" - ssh $SSH_USER@$NFS_IP "$SUDO_CMD yum install nfs-utils && $SUDO_CMD systemctl enable nfs-server && $SUDO_CMD systemctl restart nfs-server" - fi - fi - - - - - #We will backup the existing /etc/exports - #Compare the icp worker ip w/ the existing IP in the /etc/exports file then insert any missing entry (IP) into /etc/exports. - echo "ssh $SSH_USER@$NFS_IP "$SUDO_CMD cp /etc/exports /etc/exports_bak"" - ssh $SSH_USER@$NFS_IP "$SUDO_CMD cp /etc/exports /etc/exports_bak" - export EXPORTS_FILE=`ssh $SSH_USER@$NFS_IP "$SUDO_CMD cat /etc/exports |grep '/exports/smartpages'" | awk '{print $2}' | cut -d'(' -f1` - echo "from exports files: $EXPORTS_FILE" - echo "from k8's : $WORKER_IP1s" - - #if [[ $? == "1" ]]; then - - echo "Inside writting to /etc/exports routine" - echo $WORKER_IP1s - - for i in $WORKER_IP1s - do - - echo $EXPORTS_FILE |grep $i - if [[ $? == "1" ]]; then - echo $i - echo "Cannot find $i in the /etc/exports file....." - echo "Writing '/exports/smartpages "$i"(rw,sync,no_root_squash)' to $NFS_IP/etc/exports file" - - ssh $SSH_USER@$NFS_IP "echo '/exports/smartpages "$i"(rw,sync,no_root_squash)' | $SUDO_CMD tee --append /etc/exports" - else - echo " $i matched" - fi - - done - - - #restart nfs service if available$KUBE_NAME_SPACE/config - if [[ $ICP_VERSION == "3.1.2" ]]; then - ssh $SSH_USER@$NFS_IP "$SUDO_CMD systemctl restart nfs-kernel-server" - fi - if [[ $OCP_VERSION == "3.11" ]]; then - ssh $SSH_USER@$NFS_IP "$SUDO_CMD systemctl restart nfs-server" - fi - - - else - echo -e "\x1B[1;32mPVCCHOICE is not defined. Therefore, you must create the following pvc name: \x1B[0m" - fi # end if of pvc=1 - -} -function calMemoryLimitedDist(){ - - echo -e "\x1B[1;32mChecking to see if bc package is installed\x1B[0m" - dpkg -l | awk {'print $2'} |grep ^bc$ > /dev/null - if [[ $? != "0" ]]; then - echo "Installing bc package for resource calculation" - apt install bc -y - fi - echo CALLERAPI_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.03 * 1024" | bc)Mi" - echo BACKEND_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.04 * 1024" | bc)Mi" - echo FRONTEND_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.03 * 1024" | bc)Mi" - echo POST_PROCESS_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.03 * 1024" | bc)Mi" - echo PDF_PROCESS_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.06 * 1024" | bc)Mi" - echo UTF8_PROCESS_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.06 * 1024" | bc)Mi" - echo SETUP_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.03 * 1024" | bc)Mi" - echo OCR_EXTRACTION_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.09 * 1024" | bc)Mi" - echo CLASSIFY_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.06 * 1024" | bc)Mi" - echo PROCESSING_EXTRACTION_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.09 * 1024" | bc)Mi" - # echo INTER_PROCESSING_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.03 * 1024" | bc)Mi" - echo REANALYZE_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.045 * 1024" | bc)Mi" - echo UPDATEFILE_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.03 * 1024" | bc)Mi" - echo RABBITMQ_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.06 * 1024" | bc)Mi" -# echo MINIO_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.04 * 1024" | bc)Mi" - echo REDIS_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.04 * 1024" | bc)Mi" - echo MONGO_LIMITED_MEMORY="$(echo "$MONGO_SERVER_MEMORY * 0.6 * 1024" | bc)Mi" - echo MONGO_ADMIN_LIMITED_MEMORY="$(echo "$MONGO_ADMIN_SERVER_MEMORY * 0.6 * 1024" | bc)Mi" - export mongo_memory_value="$(echo "$MONGO_SERVER_MEMORY * 0.6 " | bc)" - export mongo_admin_memory_value="$(echo "$MONGO_ADMIN_SERVER_MEMORY * 0.6 " | bc)" - - - export MONGO_WIREDTIGER_LIMIT="$(echo "($mongo_memory_value -1)*0.5" | bc)" - - if [[ 1 -eq $(echo "$MONGO_WIREDTIGER_LIMIT < 0.25" |bc -l) ]];then - echo MONGO_WIREDTIGER_LIMIT='0.25' - - - else - echo "MONGO_WIREDTIGER_LIMIT=$MONGO_WIREDTIGER_LIMIT" - - fi - -# echo "mongo_admin_memory_value=$mongo_admin_memory_value" - export MONGO_ADMIN_WIREDTIGER_LIMIT="$(echo "($mongo_admin_memory_value -1)*0.5" | bc)" - - if [[ 1 -eq $(echo "$MONGO_ADMIN_WIREDTIGER_LIMIT < 0.25" |bc -l) ]];then - echo MONGO_ADMIN_WIREDTIGER_LIMIT='0.25' - - else - echo "MONGO_ADMIN_WIREDTIGER_LIMIT=$MONGO_ADMIN_WIREDTIGER_LIMIT" - fi - -} - -function calMemoryLimitedShared(){ - echo CALLERAPI_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.03 * 1024" | bc)Mi" - echo BACKEND_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.04 * 1024" | bc)Mi" - echo FRONTEND_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.03 * 1024" | bc)Mi" - echo POST_PROCESS_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.03 * 1024" | bc)Mi" - echo PDF_PROCESS_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.06 * 1024" | bc)Mi" - echo UTF8_PROCESS_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.06 * 1024" | bc)Mi" - echo SETUP_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.03 * 1024" | bc)Mi" - echo OCR_EXTRACTION_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.09 * 1024" | bc)Mi" - echo CLASSIFY_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.06 * 1024" | bc)Mi" - echo PROCESSING_EXTRACTION_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.09 * 1024" | bc)Mi" -# echo INTER_PROCESSING_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.03 * 1024" | bc)Mi" - echo REANALYZE_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.045 * 1024" | bc)Mi" - echo UPDATEFILE_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.03 * 1024" | bc)Mi" - echo RABBITMQ_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.06 * 1024" | bc)Mi" -# echo MINIO_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.04 * 1024" | bc)Mi" - echo REDIS_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.04 * 1024" | bc)Mi" - echo MONGO_LIMITED_MEMORY="$(echo "$MONGO_SERVER_MEMORY * 0.1 * 1024" | bc)Mi" - export mongo_memory_value="$(echo "$MONGO_SERVER_MEMORY * 0.1" | bc)" - echo MONGO_ADMIN_LIMITED_MEMORY="$(echo "$MONGO_ADMIN_SERVER_MEMORY * 0.1 * 1024" | bc)Mi" - export mongo_admin_memory_value="$(echo "$MONGO_ADMIN_SERVER_MEMORY * 0.1" | bc)" - -# echo "mongo_memory_value=$mongo_memory_value" - export MONGO_WIREDTIGER_LIMIT="$(echo "($mongo_memory_value -1)*0.5" | bc)" - #echo "MONGO_WIREDTIGER_LIMIT=$MONGO_WIREDTIGER_LIMIT" - if [[ 1 -eq $(echo "$MONGO_WIREDTIGER_LIMIT < 0.25" |bc -l) ]];then - echo MONGO_WIREDTIGER_LIMIT='0.25' - - else - echo "MONGO_WIREDTIGER_LIMIT=$MONGO_WIREDTIGER_LIMIT" - fi - -# echo "mongo_admin_memory_value=$mongo_admin_memory_value" - export MONGO_ADMIN_WIREDTIGER_LIMIT="$(echo "($mongo_admin_memory_value -1)*0.5" | bc)" - #echo "MONGO_WIREDTIGER_LIMIT=$MONGO_WIREDTIGER_LIMIT" - if [[ 1 -eq $(echo "$MONGO_WIREDTIGER_LIMIT < 0.25" |bc -l) ]];then - echo MONGO_ADMIN_WIREDTIGER_LIMIT='.25' - else - echo "MONGO_ADMIN_WIREDTIGER_LIMIT=$MONGO_ADMIN_WIREDTIGER_LIMIT" - fi - -} -function calNumOfContainers(){ - if [[ $ICP_VERSION == "3.1.0" || $ICP_VERSION == "3.1.2" ]]; then - export numOfCelery=$(kubectl get nodes --show-labels |grep worker.*celery$KUBE_NAME_SPACE=baca | wc -l) - fi - if [[ $OCP_VERSION == "3.11" ]]; then - export numOfCelery=$(oc get nodes --show-labels |grep compute=true | grep celery$KUBE_NAME_SPACE=baca | wc -l) - fi - echo CELERY_REPLICAS=$numOfCelery - echo NON_CELERY_REPLICAS=$numOfCelery - -} diff --git a/BACA/configuration-ha/common.sh b/BACA/configuration-ha/common.sh deleted file mode 100755 index 41e85f38..00000000 --- a/BACA/configuration-ha/common.sh +++ /dev/null @@ -1,29 +0,0 @@ -SERVER_MEMORY=16 -MONGO_SERVER_MEMORY=16 -MONGO_ADMIN_SERVER_MEMORY=16 -USING_HELM=y -HELM_INIT_BEFORE=n -KUBE_NAME_SPACE=sp -DOCKER_REG_FOR_SERVICES=mycluster.icp:8500/sp -LABEL_NODE=y -CA_WORKERS= -MONGO_WORKERS= -MONGO_ADMIN_WORKERS= -ICP_VERSION=3.1.2 -ICP_USER=admin -ICP_USER_PASSWORD=YWRtaW4K -BXDOMAINNAME= -MASTERIP= -SSH_USER=root -PVCCHOICE=1 -NFS_IP= -DATAPVC=sp-data-pvc -LOGPVC=sp-log-pvc -CONFIGPVC=sp-config-pvc -BASE_DB_PWD= -LDAP=n -LDAP_PASSWORD= -LDAP_URL= -LDAP_CRT_NAME= -DB_SSL=n -DB_CRT_NAME= diff --git a/BACA/configuration-ha/common_ICP_template.sh b/BACA/configuration-ha/common_ICP_template.sh deleted file mode 100755 index c06c5760..00000000 --- a/BACA/configuration-ha/common_ICP_template.sh +++ /dev/null @@ -1,27 +0,0 @@ -SERVER_MEMORY=16 -MONGO_SERVER_MEMORY=16 -MONGO_ADMIN_SERVER_MEMORY=16 -USING_HELM=y -HELM_INIT_BEFORE=n -KUBE_NAME_SPACE=sp -DOCKER_REG_FOR_SERVICES=mycluster.icp:8500/sp -LABEL_NODE=y -CA_WORKERS= -MONGO_WORKERS= -MONGO_ADMIN_WORKERS= -ICP_VERSION=3.1.2 -ICP_USER=admin -ICP_USER_PASSWORD=YWRtaW4K -BXDOMAINNAME= -MASTERIP= -SSH_USER=root -PVCCHOICE=1 -NFS_IP= -DATAPVC=sp-data-pvc -LOGPVC=sp-log-pvc -CONFIGPVC=sp-config-pvc -BASE_DB_PWD= -LDAP= -LDAP_PASSWORD= -LDAP_URL=ldap://172.16.194.107 -LDAP_CRT_NAME= \ No newline at end of file diff --git a/BACA/configuration-ha/common_OCP_template.sh b/BACA/configuration-ha/common_OCP_template.sh deleted file mode 100755 index c0bb0f7f..00000000 --- a/BACA/configuration-ha/common_OCP_template.sh +++ /dev/null @@ -1,27 +0,0 @@ -SERVER_MEMORY=16 -MONGO_SERVER_MEMORY=16 -MONGO_ADMIN_SERVER_MEMORY=16 -USING_HELM=y -HELM_INIT_BEFORE=n -KUBE_NAME_SPACE=sp -DOCKER_REG_FOR_SERVICES=docker-registry.default.svc:5000/sp -LABEL_NODE=y -CA_WORKERS= -MONGO_WORKERS= -MONGO_ADMIN_WORKERS= -OCP_VERSION=3.11 -OCP_USER=admin -OCP_USER_PASSWORD=YWRtaW4K -BXDOMAINNAME= -MASTERIP= -SSH_USER=root -PVCCHOICE=1 -NFS_IP= -DATAPVC=sp-data-pvc -LOGPVC=sp-log-pvc -CONFIGPVC=sp-config-pvc -BASE_DB_PWD= -LDAP=y -LDAP_PASSWORD= -LDAP_URL=ldap://172.16.194.107 -LDAP_CRT_NAME= \ No newline at end of file diff --git a/BACA/configuration-ha/createSSLCert.sh b/BACA/configuration-ha/createSSLCert.sh deleted file mode 100755 index 9ef4145b..00000000 --- a/BACA/configuration-ha/createSSLCert.sh +++ /dev/null @@ -1,205 +0,0 @@ -#!/usr/bin/env bash - -# -# Licensed Materials - Property of IBM -# 6949-68N -# -# © Copyright IBM Corp. 2018 All Rights Reserved -# - - -function createSSLCert() { - rm -r *.crt *.pem *.key || true - - echo -e "\x1B[1;32mAbout to create a self-signed SSL cert for ingress, celery, mongo, redis, rabbitmq....\x1B[0m" - echo "openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $PWD/tls.key -out $PWD/tls.crt -subj "/CN=127.0.0.1" " - openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $PWD/tls.key -out $PWD/tls.crt -subj "/CN=127.0.0.1" - cat $PWD/tls.key $PWD/tls.crt > $PWD/tls.pem - - echo "openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $PWD/celery.key -out $PWD/celery.crt -subj "/CN=127.0.0.1" " - openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $PWD/celery.key -out $PWD/celery.crt -subj "/CN=127.0.0.1" - cat $PWD/celery.key $PWD/celery.crt > $PWD/celery.pem - if [[ $HA_ENABLE = false ]]; then - echo "openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $PWD/mongo.key -out $PWD/mongo.crt -subj "/CN=127.0.0.1" " - openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $PWD/mongo.key -out $PWD/mongo.crt -subj "/CN=127.0.0.1" - cat $PWD/mongo.key $PWD/mongo.crt > $PWD/mongo.pem - else - echo "create mongo and mongo admin cluster certifications" - CERT_DOMAIN="svc.cluster.local" - openssl genrsa -out $PWD/CA.key 4096 - openssl req -new -x509 -days 365 -key $PWD/CA.key -out $PWD/CA.crt \ - -subj "/C=CA/ST=NS/L=Halifax/O=IBM/CN=IBM baca" - openssl genrsa -out $PWD/certificate.key 4096 - openssl req -new -nodes -key $PWD/certificate.key -out $PWD/certificate.csr -config $PWD/openssl.cnf -extensions v3_req \ - -subj "/C=CA/ST=NS/L=Halifax/O=IBM/CN=*.${KUBE_NAME_SPACE}.${CERT_DOMAIN}" - openssl x509 -req -days 365 -in $PWD/certificate.csr -CA $PWD/CA.crt -CAkey $PWD/CA.key -set_serial 01 -out $PWD/certificate.crt - cat $PWD/certificate.key $PWD/certificate.crt > $PWD/mongo.key - cat $PWD/CA.key $PWD/CA.crt > $PWD/mongo.pem - cp $PWD/certificate.crt $PWD/mongo.crt - fi - - echo "openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $PWD/public.crt -out $PWD/public.crt -subj "/CN=127.0.0.1" " - openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $PWD/private.key -out $PWD/public.crt -subj "/CN=127.0.0.1" - - echo "openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $PWD/redis.key -out $PWD/redis.crt -subj "/CN=127.0.0.1" " - openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $PWD/redis.key -out $PWD/redis.crt -subj "/CN=127.0.0.1" - cat $PWD/redis.key $PWD/redis.crt > $PWD/redis.pem - echo "changing file permissions for redis.key ..." - chmod 600 $PWD/redis.key - - echo "openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $PWD/rabbitmq.key -out $PWD/rabbitmq.crt -subj "/CN=127.0.0.1" " - openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $PWD/rabbitmq.key -out $PWD/rabbitmq.crt -subj "/CN=127.0.0.1" - cat $PWD/rabbitmq.key $PWD/rabbitmq.crt > $PWD/rabbitmq.pem - - -} -function createSecret (){ - - echo -e "\x1B[1;32mAbout to create a secrets for ingress, celery, mongo, redis, rabbitmq....\x1B[0m" - echo "kubectl -n $KUBE_NAME_SPACE create secret tls baca-ingress-secret --key $PWD/tls.key --cert $PWD/tls.crt" - kubectl -n $KUBE_NAME_SPACE create secret tls baca-ingress-secret --key $PWD/tls.key --cert $PWD/tls.crt \ - --dry-run -o yaml | kubectl apply -f - - -# if [[ $DB_SSL == "y" || $DB_SSL == "Y" ]]; then -# echo "kubectl -n sp create secret generic baca-db2-secret --from-file=$PWD/db2-cert.arm" -# kubectl -n sp create secret generic baca-db2-secret --from-file=$PWD/db2-cert.arm -# fi - if [[ ($LDAP_URL =~ ^'ldaps' && ! -z $LDAP_CRT_NAME) && ($DB_SSL == "n") ]]; then - echo "kubectl -n $KUBE_NAME_SPACE create secret generic with LDAP certs AND no DB2 cert " - kubectl -n $KUBE_NAME_SPACE create secret generic baca-secrets$KUBE_NAME_SPACE \ - --from-file=$PWD/celery.pem --from-file=$PWD/celery.crt --from-file=$PWD/celery.key \ - --from-file=$PWD/mongo.pem --from-file=$PWD/mongo.crt --from-file=$PWD/mongo.key \ - --from-file=$PWD/public.crt --from-file=$PWD/private.key \ - --from-file=$PWD/redis.pem --from-file=$PWD/redis.key --from-file=$PWD/redis.crt \ - --from-file=$PWD/rabbitmq.pem --from-file=$PWD/rabbitmq.key --from-file=$PWD/rabbitmq.crt \ - --from-file=$PWD/$LDAP_CRT_NAME \ - --dry-run -o yaml | kubectl apply -f - - elif [[ ($LDAP_URL =~ ^'ldaps' && ! -z $LDAP_CRT_NAME) && ($DB_SSL == "y" && ! -z $DB_CRT_NAME) ]]; then - echo "kubectl -n $KUBE_NAME_SPACE create secret generic with DB certs AND LDAP certs " - kubectl -n $KUBE_NAME_SPACE create secret generic baca-secrets$KUBE_NAME_SPACE \ - --from-file=$PWD/celery.pem --from-file=$PWD/celery.crt --from-file=$PWD/celery.key \ - --from-file=$PWD/mongo.pem --from-file=$PWD/mongo.crt --from-file=$PWD/mongo.key \ - --from-file=$PWD/public.crt --from-file=$PWD/private.key \ - --from-file=$PWD/redis.pem --from-file=$PWD/redis.key --from-file=$PWD/redis.crt \ - --from-file=$PWD/rabbitmq.pem --from-file=$PWD/rabbitmq.key --from-file=$PWD/rabbitmq.crt \ - --from-file=$PWD/$LDAP_CRT_NAME \ - --from-file=$PWD/$DB_CRT_NAME \ - --dry-run -o yaml | kubectl apply -f - - elif [[ ($DB_SSL == "y" && ! -z $DB_CRT_NAME) && ($LDAP_URL != ^'ldaps') ]]; then - echo "kubectl -n $KUBE_NAME_SPACE create secret generic with DB certs AND NO LDAP certs " - kubectl -n $KUBE_NAME_SPACE create secret generic baca-secrets$KUBE_NAME_SPACE \ - --from-file=$PWD/celery.pem --from-file=$PWD/celery.crt --from-file=$PWD/celery.key \ - --from-file=$PWD/mongo.pem --from-file=$PWD/mongo.crt --from-file=$PWD/mongo.key \ - --from-file=$PWD/public.crt --from-file=$PWD/private.key \ - --from-file=$PWD/redis.pem --from-file=$PWD/redis.key --from-file=$PWD/redis.crt \ - --from-file=$PWD/rabbitmq.pem --from-file=$PWD/rabbitmq.key --from-file=$PWD/rabbitmq.crt \ - --from-file=$PWD/$DB_CRT_NAME \ - --dry-run -o yaml | kubectl apply -f - - else - echo "kubectl -n $KUBE_NAME_SPACE create secret generic with no LDAP and DB2 certs" - kubectl -n $KUBE_NAME_SPACE create secret generic baca-secrets$KUBE_NAME_SPACE \ - --from-file=$PWD/celery.pem --from-file=$PWD/celery.crt --from-file=$PWD/celery.key \ - --from-file=$PWD/mongo.pem --from-file=$PWD/mongo.crt --from-file=$PWD/mongo.key \ - --from-file=$PWD/public.crt --from-file=$PWD/private.key \ - --from-file=$PWD/redis.pem --from-file=$PWD/redis.key --from-file=$PWD/redis.crt \ - --from-file=$PWD/rabbitmq.pem --from-file=$PWD/rabbitmq.key --from-file=$PWD/rabbitmq.crt \ - --dry-run -o yaml | kubectl apply -f - - fi - -} -function createMongoSecrets (){ -echo -e "\x1B[1;32mAbout to create mongo Secrets....\x1B[0m" -if [[ -z "$MONGOADMINENTRYPASSWORD" && -z "$MONGOADMINUSER" && -z "$MONGOADMINPASSWORD" ]]; then - echo -e "\x1B[1;32mCreating mongo admin Secrets using random values....\x1B[0m" - export MONGOADMINENTRYPASSWORD=$(openssl rand -base64 32 | tr -d "=+/" | cut -c1-29) - export MONGOADMINUSER=$(openssl rand -base64 12 | tr -d "=+/" | cut -c1-29) - export MONGOADMINPASSWORD=$(openssl rand -base64 32 | tr -d "=+/" | cut -c1-29) - - kubectl -n $KUBE_NAME_SPACE create secret generic baca-mongo-admin \ - --from-literal=MONGOADMINENTRYPASSWORD="$MONGOADMINENTRYPASSWORD" \ - --from-literal=MONGOADMINUSER="$MONGOADMINUSER" \ - --from-literal=MONGOADMINPASSWORD="$MONGOADMINPASSWORD" \ - --dry-run -o yaml | kubectl apply -f - -else - echo -e "\x1B[1;32mCreating mongo admin Secret based on custom values for MONGOADMINENTRYPASSWORD, MONGOADMINUSER, MONGOADMINPASSWORD\x1B[0m" - kubectl -n $KUBE_NAME_SPACE create secret generic mongo-admin \ - --from-literal=MONGOADMINENTRYPASSWORD="$MONGOADMINENTRYPASSWORD" \ - --from-literal=MONGOADMINUSER="$MONGOADMINUSER" \ - --from-literal=MONGOADMINPASSWORD="$MONGOADMINPASSWORD" \ - --dry-run -o yaml | kubectl apply -f - -fi - -if [[ -z "$MONGOENTRYPASSWORD" && -z "$MONGOUSER" && -z "$MONGOPASSWORD" ]] ; then - echo -e "\x1B[1;32mCreating mongo Secrets using random values....\x1B[0m" - export MONGOENTRYPASSWORD=$(openssl rand -base64 32 | tr -d "=+/" | cut -c1-29) - export MONGOUSER=$(openssl rand -base64 12 | tr -d "=+/" | cut -c1-29) - export MONGOPASSWORD=$(openssl rand -base64 32 | tr -d "=+/" | cut -c1-29) - kubectl -n $KUBE_NAME_SPACE create secret generic baca-mongo \ - --from-literal=MONGOENTRYPASSWORD="$MONGOENTRYPASSWORD" \ - --from-literal=MONGOUSER="$MONGOUSER" \ - --from-literal=MONGOPASSWORD="$MONGOPASSWORD" \ - --dry-run -o yaml | kubectl apply -f - -else - echo -e "\x1B[1;32mCreating mongo Secret based on custom values for MONGOENTRYPASSWORD, MONGOUSER, MONGOPASSWORD\x1B[0m" - kubectl -n $KUBE_NAME_SPACE create secret generic mongo \ - --from-literal=MONGOENTRYPASSWORD="$MONGOENTRYPASSWORD" \ - --from-literal=MONGOUSER="$MONGOUSER" \ - --from-literal=MONGOPASSWORD="$MONGOPASSWORD" \ - --dry-run -o yaml | kubectl apply -f - -fi - -} -function createLDAPSecret(){ - -if [[ $LDAP == "y" && $LDAP_PASSWORD != "" ]]; then - echo -e "\x1B[1;32mAbout to create LDAP Secret....\x1B[0m" - echo -e "\x1B[1;32mCreating LDAP Secret....\x1B[0m" - export LDAP_PASSWORD_DECODE=$(echo $LDAP_PASSWORD | base64 --decode) - kubectl -n $KUBE_NAME_SPACE create secret generic baca-ldap \ - --from-literal=LDAP_PASSWORD="$LDAP_PASSWORD_DECODE" \ - --dry-run -o yaml | kubectl apply -f - -fi - -} -function createBaseDbSecret(){ -echo -e "\x1B[1;32mAbout to create secret for Base DB....\x1B[0m" -if [[ -z $BASE_DB_PWD ]]; then - echo -e "\x1B[1;32m Cannot find BASED_DB_PWD from common.sh..Exiting !!\x1B[0m" - exit 1 -else - echo -e "\x1B[1;32mCreating Base DB secret....\x1B[0m" - kubectl -n $KUBE_NAME_SPACE create secret generic baca-basedb \ - --from-literal=BASE_DB_PWD="$BASE_DB_PWD" \ - --dry-run -o yaml | kubectl apply -f - -fi -} - -function createRabbitmaSecret(){ -echo -e "\x1B[1;32mAbout to create secret for RabbitMQ....\x1B[0m" - -export rabbitmq_admin_password=$(openssl rand -base64 10 | tr -d "=+/" | cut -c1-29) -export rabbitmq_erlang_cookie=$(openssl rand -base64 32 | tr -d "=+/" | cut -c1-29) -export rabbitmq_password=$(openssl rand -base64 10 | tr -d "=+/" | cut -c1-29) -export rabbitmq_user=$(openssl rand -base64 6 | tr -d "=+/" | cut -c1-29) -export rabbitmq_management_password=$(openssl rand -base64 10 | tr -d "=+/" | cut -c1-29) -export rabbitmq_management_user=$(openssl rand -base64 6 | tr -d "=+/" | cut -c1-29) - -kubectl -n $KUBE_NAME_SPACE create secret generic baca-rabbitmq \ ---from-literal=rabbitmq-admin-password="$rabbitmq_admin_password" \ ---from-literal=rabbitmq-erlang-cookie="$rabbitmq_erlang_cookie" \ ---from-literal=rabbitmq-password="$rabbitmq_password" \ ---from-literal=rabbitmq-user="$rabbitmq_user" \ ---from-literal=rabbitmq-management-password="$rabbitmq_management_password" \ ---from-literal=rabbitmq-management-user="$rabbitmq_management_user" \ ---dry-run -o yaml | kubectl apply -f - - - -} - -function createRedisSecret(){ -echo -e "\x1B[1;32mAbout to create secret for Redis....\x1B[0m" -export redis_password=$(openssl rand -base64 10 | tr -d "=+/" | cut -c1-29) -kubectl -n $KUBE_NAME_SPACE create secret generic baca-redis \ ---from-literal=redis-password="$redis_password" \ ---dry-run -o yaml | kubectl apply -f - -} \ No newline at end of file diff --git a/BACA/configuration-ha/delete_ContentAnalyzer.sh b/BACA/configuration-ha/delete_ContentAnalyzer.sh deleted file mode 100755 index 95b9248b..00000000 --- a/BACA/configuration-ha/delete_ContentAnalyzer.sh +++ /dev/null @@ -1,117 +0,0 @@ -#!/usr/bin/env bash -# -# Licensed Materials - Property of IBM -# 6949-68N -# -# © Copyright IBM Corp. 2018 All Rights Reserved -# - -. ./common.sh -. ./bashfunctions.sh - -today=`date +%Y-%m-%d.%H:%M:%S` -echo $today - -if [ -z "$KUBE_NAME_SPACE" ] -then - echo -e "\x1B[1;31mThe KUBE_NAME_SPACE is not set. The script will exit. To delete everything in the IBM Business Automation Content Analyzer namespace, set the KUBE_NAME_SPACE variable to the name of the namespace where IBM Business Automation Content Analyzer is deployed and rerun. :\x1B[0m" - exit -fi - -if [ $KUBE_NAME_SPACE == "default" ] -then - echo -e "\x1B[1;31mThe KUBE_NAME_SPACE is set to default. The script will exit. We cannot delete all resources from the default namespace. To delete everything in the IBM Business Automation Content Analyzer namespace, set the KUBE_NAME_SPACE variable to the name of the namespace where IBM Business Automation Content Analyzer is deployed and rerun. :\x1B[0m" - exit -fi - -# confirm they want to delete -echo -echo -e "\x1B[1;31mThis script will DELETE all the resources, including services, deployments, and pvc, in the namespace : $KUBE_NAME_SPACE . And then delete the namespace $KUBE_NAME_SPACE \x1B[0m" -echo -echo -e "\x1B[1;31mPlease only execute if you are SURE you want to DELETE everything from your namespace $KUBE_NAME_SPACE . \x1B[0m" -echo -echo -e "\x1B[1;31mWARNING: Please note that on ICP this script may not be able to successfully remove all the pods. The pods and the namespace might be left in 'terminating' state . \x1B[0m" -echo - -while [[ $deleteconfirm != "y" && $deleteconfirm != "n" && $deleteconfirm != "yes" && $deleteconfirm != "no" ]] # While deleteconfirm is not y or n... -do - echo -e "\x1B[1;31mWould you like to continue (Y/N):\x1B[0m" - read deleteconfirm - deleteconfirm=$(echo "$deleteconfirm" | tr '[:upper:]' '[:lower:]') -done - - -if [[ $deleteconfirm == "n" || $deleteconfirm == "no" ]] -then - exit -fi - -#Logon to kubectl -loginToCluster - - -echo "----- Deleting Celery ..." -cwd=$(pwd) - -#export HELM="./helm-chart/baca-celery" -#export HELM1="./helm-chart/baca-userportal" -#echo -#echo "cd ${HELM}" -#cd ${HELM} - -echo -if [[ $ICP_VERSION == "3.1.2" ]]; then -echo "helm delete celery${KUBE_NAME_SPACE} --purge --tls" -helm delete celery${KUBE_NAME_SPACE} --purge --tls -fi -if [[ $OCP_VERSION == "3.11" ]]; then -echo "helm delete celery${KUBE_NAME_SPACE} --purge " -helm delete celery${KUBE_NAME_SPACE} --purge -fi - -echo -echo "sleep for 120 secs to wait for celery pods to complete termination...." - -sleep 120 -# -#echo -#echo "return to previous directory: ${cwd}" -#cd ${cwd} - -echo ----- Deleting all BACA resources from namespace : $KUBE_NAME_SPACE -set +e -kubectl delete -n $KUBE_NAME_SPACE --all deploy,svc,pvc,pods --force --grace-period=0 -kubectl delete -n $KUBE_NAME_SPACE secret baca-ingress-secret baca-secrets$KUBE_NAME_SPACE baca-userportal-ingress-secret baca-mongo baca-mongo-admin baca-ldap baca-basedb baca-rabbitmq baca-redis -if [[ $ICP_VERSION == "3.1.2" ]]; then - kubectl delete -n $KUBE_NAME_SPACE rolebinding baca-clusterrole-rolebinding - kubectl delete -n $KUBE_NAME_SPACE clusterrole baca-clusterrole - kubectl delete -n $KUBE_NAME_SPACE psp baca-psp -fi -set -e - - - - -# only delete PVC for internal/dev env. -if [[ $PVCCHOICE == "1" ]]; then - echo ---- Deleting persistent volumes. - count=`kubectl -n $KUBE_NAME_SPACE get pv | awk {'print $1'}| grep ^sp-.*${KUBE_NAME_SPACE}|wc | awk {'print $1'}` - if [[ $count != "0" ]]; then - kubectl -n $KUBE_NAME_SPACE delete pv `kubectl -n $KUBE_NAME_SPACE get pv | awk {'print $1'}| grep ^sp-.*${KUBE_NAME_SPACE}` - fi - echo ---Clean up all pvc subdirectories. You need to run setup.sh or init_deployment.sh again to have these directories re-created. -# ssh root@$NFS_IP rm -rf /exports/smartpages/$KUBE_NAME_SPACE/* - if [ -z "$SSH_USER" ]; then - export SSH_USER="root" - fi - - if [ "$SSH_USER" == "root" ]; then - export SUDO_CMD="" - else - export SUDO_CMD="sudo " - fi - ssh $SSH_USER@$NFS_IP "$SUDO_CMD rm -rf /exports/smartpages/$KUBE_NAME_SPACE/*" - - -fi - diff --git a/BACA/configuration-ha/generateMemoryValues.sh b/BACA/configuration-ha/generateMemoryValues.sh deleted file mode 100755 index 0e6cf3ea..00000000 --- a/BACA/configuration-ha/generateMemoryValues.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/env bash -# -# Licensed Materials - Property of IBM -# 6949-68N -# -# © Copyright IBM Corp. 2018 All Rights Reserved -# -. ./bashfunctions.sh -. ./common.sh - -echo -e "\x1B[1;32mThis will generate recommended values for setting memory resources in Business Automation Content Analyzer (CA) product.\x1B[0m" -echo -e "\x1B[1;32mUse \"distributed\" flag when you have an distribute environment where mongo DB, mongo-admin DB, and CA processing components are their own nodes. Otherwise, use \"limited\" flag \x1B[0m" -echo -e "\x1B[1;32mThese values may need to be adjusted depending on your workload\x1B[0m" - - -if [[ -z $1 ]]; then - echo -e "\x1B[1;31mYou need to pass in either \"distributed\" or \"limited\" to use this script\x1B[0m" - exit 1 -fi - - -if [[ $1 == "distributed" ]]; then - calMemoryLimitedDist - calNumOfContainers -elif [[ $1 == "limited" ]]; then - calMemoryLimitedShared - calNumOfContainers -fi \ No newline at end of file diff --git a/BACA/configuration-ha/init_deployments.sh b/BACA/configuration-ha/init_deployments.sh deleted file mode 100755 index 59d31c3b..00000000 --- a/BACA/configuration-ha/init_deployments.sh +++ /dev/null @@ -1,96 +0,0 @@ -#!/usr/bin/env bash -# -# Licensed Materials - Property of IBM -# 6949-68N -# -# © Copyright IBM Corp. 2018 All Rights Reserved -# - -. ./common.sh -. ./bashfunctions.sh -. ./createSSLCert.sh - -# Login (if necessary) -loginToCluster - -#Creating psp and clusterrole for BACA -export HA_ENABLE=true - - -# Create Kube namespace -echo "\x1B[1;32mCreating $KUBE_NAME_SPACE namespace \x1B[0m" -if [[ $ICP_VERSION == "3.1.0" || $ICP_VERSION == "3.1.2" ]]; then - kubectl create namespace $KUBE_NAME_SPACE -fi - -if [[ $OCP_VERSION == "3.11" ]]; then - oc new-project $KUBE_NAME_SPACE - oc project $KUBE_NAME_SPACE -fi - -if [[ $ICP_VERSION == "3.1.2" ]]; then - checkPsp=$(kubectl get psp |grep baca |wc -l) - - if [[ $checkPsp == "0" ]]; then - - echo -e "\x1B[1;32mCreating psp and clusterrole for BACA\x1B[0m" - kubectl -n $KUBE_NAME_SPACE apply -f ./baca-psp.yaml - echo -e "\x1B[1;32mCreating rolebinding for BACA\x1B[0m" - kubectl -n $KUBE_NAME_SPACE create rolebinding baca-clusterrole-rolebinding --clusterrole=baca-clusterrole --group=system:serviceaccounts:$KUBE_NAME_SPACE - - fi -fi - -if [[ $OCP_VERSION == "3.11" ]]; then - # Allows images to run as the root UID if no USER in specified in the Dockerfile. - oc adm policy add-scc-to-group anyuid system:authenticated -fi - -#label nodes -if [[ ($LABEL_NODE == "y" || $LABEL_NODE == "Y") ]]; then - customLabelNodes -else - echo -e "\x1B[1;32mLABEL_NODE and LABEL_NODE_BY_PARAM parameters are not defined. Therefore, you must label your nodes accordingly\x1B[0m" -fi - - -# Create nfs, and pv/pvc -#getNFSServer - - -#Create SSL cert and secret -createSSLCert -createSecret -createMongoSecrets -createLDAPSecret -createBaseDbSecret -createRabbitmaSecret -createRedisSecret -if [[ $PVCCHOICE == "1" ]]; then - echo -e "\x1B[1;32mSetting up PV/PVC storage\x1B[0m" - getNFSServer - ./init_persistent.sh -fi - -echo -e "\x1B[1;32mCalling pre-setup scripts to setup pvc for Mongo and Mongo-admin\x1B[0m" -cd mongo && ./pre-setup.sh -cd .. -cd mongoadmin && ./pre-setup.sh -cd .. - - -#Helm client download and initialization -if [[ $USING_HELM == "y" || $USING_HELM == "yes" ]]; then - if [[ -z $HELM_INIT_BEFORE || $HELM_INIT_BEFORE == "n" || $HELM_INIT_BEFORE == "no" ]]; then - - # setup helm client - downloadHelmClient - - # setup helm on cluster - helmSetup - - # ensure tiller-deploy is successful on cluster - checkHelm - fi -fi - diff --git a/BACA/configuration-ha/init_persistent.sh b/BACA/configuration-ha/init_persistent.sh deleted file mode 100755 index a731d486..00000000 --- a/BACA/configuration-ha/init_persistent.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/env bash - -# -# Licensed Materials - Property of IBM -# 6949-68N -# -# © Copyright IBM Corp. 2018 All Rights Reserved -# - -. ./common.sh - - -cat sppersistent.yaml | sed s/\$NFS_IP/"$NFS_IP"/ | sed s/\$KUBE_NAME_SPACE/"$KUBE_NAME_SPACE"/ | sed s/\$DATAPVC/"$DATAPVC"/ | sed s/\$LOGPVC/"$LOGPVC"/ | sed s/\$CONFIGPVC/"$CONFIGPVC"/ |kubectl apply -f - - diff --git a/BACA/configuration-ha/mongo/README.md b/BACA/configuration-ha/mongo/README.md deleted file mode 100644 index 7c8a941f..00000000 --- a/BACA/configuration-ha/mongo/README.md +++ /dev/null @@ -1,119 +0,0 @@ -# Mongodb - -[Mongodb](https://www.mongodb.com/) is a general purpose, document-based, distributed database built for modern application developers and for the cloud era. No database is more productive to use - -## TL;DR; - -```bash -$ helm install stable/mongo-ha -``` - -By default this chart install 12 pods total: - * three pods containing a mongos router - * three pods containing a mongodb config server - * three pods containing a mongdb shard - * three pods containing a mongdb shard -## Introduction - -This chart bootstraps a[Mongodb](https://www.mongodb.com/) highly available Shard+Replica statefulset in a [Kubernetes](http://kubernetes.io) cluster using the Helm package manager. - -## Prerequisites - -- Kubernetes 1.8+ with Beta APIs enabled -- PV provisioner support in the underlying infrastructure or an existing PVC claim created when running `init_deployments.sh` -- PV for shards and replicas will be created in generate.sh -- Change the values for the `reposittory` and `tag` under `image` and tag to match your mongo cluster environment. For example: -``` -image: - repository: mycluster.com:8500/sp/mongocluster - tag: latest - pullPolicy: Always -``` - -mongocluster image can be downloaded from TBD -The current default namespace is `sp`. If you have different namespace, please make sure you update generate.sh as well. Next version will fixed this issue. -openssl.cnf and ssl_generator.sh are used to create x509 certificate for mongo cluster. -## Upgrading the Chart - -You can use Helm to update MongoCluster version in a live release. Assuming your release is named as `my-release`, get the values using the command: - -## Installing the Chart - -To install the chart - -```bash -sh generate.sh -``` - -The command will generate templates for mongodb shards and replicas, save them into templates folder. And then create values.yaml based on values-base.yaml. It will deploys Mongodb Cluster on the Kubernetes cluster in the default configuration. By default this chart install 2 shards, 3 mongodb config and 3 mongos router. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the deployment: - -```bash -$ helm delete --purge --tls -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following table lists the configurable parameters of the MongoDB chart and their default values. - -| Parameter | Description | Default | -|:-------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------| -| `image.repository` | Mongodb image | `mongocluster` | -| `image.tag` | Mongodb tag | `latest` | -| `image.pullPolicy` | Pull Image policy | `Always` | -| `storageClassName` | Specifies storage class name | local-storage | -| `nfsIP` | The NFS location | | -| `nameSpace` | use kubernetes namespace | `sp` | -| `wiredTigerCache` | mondo db cache limitiation | `0.5` | -| `secretVolume` | Where the certification stored | created from setup.sh script | -| `logs.claimname` | Where the location of log, depends on setup.sh | `` | -| `logs.path` | log path inside the pod | `/var/log/` | -| `logs.logLevel` | log level | `debug` | -| `mongoDBConfig.storageCapacity` | Mongodb config storage size | `10Gi` | -| `mongoDBConfig.labelName` | label name | mongodb-configdb | -| `mongoDBConfig.replicas` | mongodb config replicas, variable in generate.sh | `` | -| `mongoDBConfig.replicaSetName` | replica set name | `ConfigDBRepSet` | -| `mongoDBConfig.resources` | CPU/Memory for init Container node resource requests/limits | `{}` | -| `mongosRouter.name` | name of the mongos router | `mongos-router` | -| `mongosRouter.replicas` | mongodb router replicas, need to change in generate.sh | `` | -| `mongosRouter.configReplset` | generate by generate.sh, do not change. | | -| `mongoDBShard.storageCapacity` | Mongodb shard storage size | `15Gi` | -| `mongoDBShard.replicas` | mongodb shard replicas, variable in generate.sh | `{}` | -| `logs.logLevel` | log level | `[]` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -$ helm install \ - --set image=mongocluster \ - --set tag=latest \ - stable/mongo-ha -``` - -The above command sets the Mongodb server within `default` namespace. - - -> **Tip**: There is no [values.yaml](values.yaml) file, and will generate [values.yaml](values.yaml) on the fly based on [values-base.yaml](values-base.yaml) - -Persistence ------------ - -This generate.sh provisions a PersistentVolume and pods will create PersistentVolumeClaim and mounts corresponding persistent volume under the same storage class name to default location `/export/smartpages/`. You'll need physical storage available in the Kubernetes cluster for this to work. - -Configure TLS -------------- - -Always enable TLS for mongodb containers, acquire TLS certificates from a CA or create self-signed certificates. While creating / acquiring certificates ensure the corresponding domain names are set as per the standard [DNS naming conventions](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-identity) in a Kubernetes StatefulSet (for a distributed mongodb setup). Then create a secret using - -```bash -$ kubectl create secret generic baca-secrets${NAMESPACE} --from-file=path/to/private.key --from-file=path/to/public.crt -``` - -Then install the chart, specifying the path you'd like to mount to the TLS secret: diff --git a/BACA/configuration-ha/mongo/js_base/add_shard.js b/BACA/configuration-ha/mongo/js_base/add_shard.js deleted file mode 100644 index 43ebc4e1..00000000 --- a/BACA/configuration-ha/mongo/js_base/add_shard.js +++ /dev/null @@ -1,19 +0,0 @@ -var server_list_s = "$SHARD_LIST_S"; -var shard_id = "$SHARD_ID"; -var shard_string = shard_id.concat('\/', server_list_s); -var result; -print("First try to add shard"); -do { - sleep(5000); - result = sh.addShard(shard_string); - if (result.ok == 0) { - print("Failed to add shard and retry in 5 seconds"); - } - // if (result.code == 23) { - // print("already initialized"); - // break; - // } - printjson(result); -} while (result.ok != 1) -// printjson(result); - diff --git a/BACA/configuration-ha/mongo/js_base/mongo_initiate.js b/BACA/configuration-ha/mongo/js_base/mongo_initiate.js deleted file mode 100644 index eed8d9bb..00000000 --- a/BACA/configuration-ha/mongo/js_base/mongo_initiate.js +++ /dev/null @@ -1,27 +0,0 @@ -var server_list_s = "$SERVER_LIST_S"; -var server_list = server_list_s.split(","); -var cfg_id = "$CFG_ID"; -var member_list = []; -for (i = 0; i < server_list.length; i++) { - member_list.push({_id: i, host: server_list[i]}); -} -var cfg = { - _id: cfg_id, - version: 1, - members: member_list -} -print("First try to initiate"); -var result; -do { - sleep(5000); - result = rs.initiate(cfg); - if(result.ok==0) { - print("Failed to initiate and retry in 5 seconds"); - } - if(result.code==23){ - print("already initialized"); - break; - } - printjson(result); -} while (result.ok != 1) -// printjson(result); diff --git a/BACA/configuration-ha/mongo/openssl.cnf b/BACA/configuration-ha/mongo/openssl.cnf deleted file mode 100644 index 7d3892c9..00000000 --- a/BACA/configuration-ha/mongo/openssl.cnf +++ /dev/null @@ -1,38 +0,0 @@ -[req] -default_bits = 2048 -utf8 = yes -distinguished_name = req_distinguished_name -req_extensions = v3_req - -[req_distinguished_name] -countryName = Country Name (2 letter code) -countryName_default = CA -countryName_min = 2 -countryName_max = 2 -stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = NS -stateOrProvinceName_max = 64 -localityName = Locality Name (eg, city) -localityName_default = Halifax -localityName_max = 64 -organizationName = Organization Name (eg, company) -organizationName_default = IBM -organizationName_max = 64 -organizationalUnitName = Organizational Unit Name (eg, section) -organizationalUnitName_default = baca -organizationalUnitName_max = 64 -commonName = *.svc.cluster.local -commonName_max = 64 - -[v3_req] -basicConstraints = CA:FALSE -subjectKeyIdentifier = hash -keyUsage = digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = @alt_names - -[alt_names] -DNS.1 = localhost -IP.1 = 127.0.0.1 - - diff --git a/BACA/configuration-ha/mongo/post-setup.sh b/BACA/configuration-ha/mongo/post-setup.sh deleted file mode 100755 index 56c4cb40..00000000 --- a/BACA/configuration-ha/mongo/post-setup.sh +++ /dev/null @@ -1,143 +0,0 @@ -#!/usr/bin/env bash - -. ../common.sh - -NUMOFSHARDS=2 - -#LOG_LEVEL=info -ROUTER_REPLICA=3 -SHARD_REPLICA=3 -CONFIG_REPLICA=3 - -CONFIG_PORT=27019 -DB_SHARD_PORT=27018 -ROUTER_PORT=27017 -CONFIG_REPLSET_PREFIX="configReplSet" - -ADD_SHARD='./js_base/add_shard.js' -MONGO_INIT='./js_base/mongo_initiate.js' - -for i in `seq 0 $((CONFIG_REPLICA-1))` -do - CONFIG_SERVER_LIST_S="${CONFIG_SERVER_LIST_S}mongodb-configdb-${i}.mongodb-configdb-service.${KUBE_NAME_SPACE}.svc.cluster.local:${CONFIG_PORT}," -done -CONFIG_SERVER_LIST_S=${CONFIG_SERVER_LIST_S:: -1} -echo "CONFIG_SERVER_LIST_S=${CONFIG_SERVER_LIST_S}" - -echo "Waiting for all the shards and configdb containers up running" -sleep 30 -echo -n " " -until kubectl exec mongodb-configdb-$((CONFIG_REPLICA-1)) --namespace=${KUBE_NAME_SPACE} -c mongodb-configdb-container -- mongo --host 127.0.0.1 --port ${CONFIG_PORT} --ssl --sslAllowInvalidCertificates --sslPEMKeyFile /etc/certs/mongo.key --sslCAFile /etc/certs/mongo.pem --quiet --eval 'db.getMongo()'; do - sleep 5 - echo -n " " -done - -echo -n " " -for i in `seq 0 $((NUMOFSHARDS-1))` -do - until kubectl exec mongodb-shard${i}-$((SHARD_REPLICA-1)) --namespace=${KUBE_NAME_SPACE} -c mongod-shard${i}-container -- mongo --host 127.0.0.1 --port ${DB_SHARD_PORT} --ssl --sslAllowInvalidCertificates --sslPEMKeyFile /etc/certs/mongo.key --sslCAFile /etc/certs/mongo.pem --quiet --eval 'db.getMongo()'; do - sleep 5 - echo -n " " - done -done -echo "...shards & configdb containers are now running" -echo - -sleep 90 - -for i in `seq 0 $((NUMOFSHARDS-1))` -do - for j in `seq 0 $((SHARD_REPLICA-1))` - do - shard_temp="${shard_temp}mongodb-shard${i}-${j}.mongodb-shard${i}-service.${KUBE_NAME_SPACE}.svc.cluster.local:${DB_SHARD_PORT}," - done - SHARD_STRING[${i}]=${shard_temp:: -1} - unset shard_temp -done - -echo "start to initiate config server replicas" -echo - -cat $MONGO_INIT | sed s#\$SERVER_LIST_S#"$CONFIG_SERVER_LIST_S"# | sed s#\$CFG_ID#"${CONFIG_REPLSET_PREFIX}"# > mongo_initiate_config.js -kubectl cp mongo_initiate_config.js ${KUBE_NAME_SPACE}/mongodb-configdb-0:/tmp/ - -kubectl exec mongodb-configdb-0 --namespace=${KUBE_NAME_SPACE} -c mongodb-configdb-container -- mongo --host 127.0.0.1 --port ${CONFIG_PORT} --ssl --sslAllowInvalidCertificates --sslPEMKeyFile /etc/certs/mongo.key --sslCAFile /etc/certs/mongo.pem /tmp/mongo_initiate_config.js - -echo "start to initiate shard server replicas" -echo - -for i in `seq 0 $((NUMOFSHARDS-1))` -do - cat $MONGO_INIT | sed s#\$SERVER_LIST_S#"${SHARD_STRING[$i]}"# | sed s#\$CFG_ID#"rs\-shard$i"# > mongo_initiate_shard${i}.js - kubectl cp mongo_initiate_shard${i}.js ${KUBE_NAME_SPACE}/mongodb-shard${i}-0:/tmp/mongo_initiate_shard.js - kubectl exec mongodb-shard${i}-0 --namespace=${KUBE_NAME_SPACE} -c mongod-shard${i}-container -- mongo --host 127.0.0.1 --port ${DB_SHARD_PORT} --ssl --sslAllowInvalidCertificates --sslPEMKeyFile /etc/certs/mongo.key --sslCAFile /etc/certs/mongo.pem /tmp/mongo_initiate_shard.js -done - - -echo "Wait for each MongoDB Shard's Replica Set + the ConfigDB Replica Set to each have a primary ready" - -kubectl exec mongodb-configdb-0 --namespace=${KUBE_NAME_SPACE} -c mongodb-configdb-container -- mongo --host 127.0.0.1 --port ${CONFIG_PORT} --ssl --sslAllowInvalidCertificates --sslPEMKeyFile /etc/certs/mongo.key --sslCAFile /etc/certs/mongo.pem --quiet --eval 'while (rs.status().hasOwnProperty("myState") && rs.status().myState != 1) { print("."); sleep(1000); };' -for i in `seq 0 $((NUMOFSHARDS-1))` -do - kubectl exec mongodb-shard${i}-0 --namespace=${KUBE_NAME_SPACE} -c mongod-shard${i}-container -- mongo --host 127.0.0.1 --port ${DB_SHARD_PORT} --ssl --sslAllowInvalidCertificates --sslPEMKeyFile /etc/certs/mongo.key --sslCAFile /etc/certs/mongo.pem --eval 'while (rs.status().hasOwnProperty("myState") && rs.status().myState != 1) { print("."); sleep(1000); };' -done - -echo "...initialisation of the MongoDB shard Replica Sets completed" -echo - - -echo "Waiting for the first mongos router to up and run" -echo -n " " -until kubectl exec --namespace=${KUBE_NAME_SPACE} $(kubectl get pod -l "tier=routers" -o jsonpath='{.items[0].metadata.name}' --namespace=${KUBE_NAME_SPACE} ) -c mongos-router-container -- mongo --host 127.0.0.1 --port ${ROUTER_PORT} --ssl --sslAllowInvalidCertificates --sslPEMKeyFile /etc/certs/mongo.key --sslCAFile /etc/certs/mongo.pem --quiet --eval 'db.getMongo()'; do - sleep 2 - echo -n " " -done -echo "...first mongos router is now running" -echo - -echo "start to add shard replicas" -echo -for i in `seq 0 $((NUMOFSHARDS-1))` -do - cat $ADD_SHARD | sed s#\$SHARD_LIST_S#"${SHARD_STRING[$i]}"# | sed s#\$SHARD_ID#"rs\-shard$i"# > add_shard${i}.js - kubectl cp add_shard${i}.js ${KUBE_NAME_SPACE}/$(kubectl get pod -l "tier=routers" -o jsonpath='{.items[0].metadata.name}' --namespace=${KUBE_NAME_SPACE} ):/tmp/add_shard.js - kubectl exec --namespace=${KUBE_NAME_SPACE} $(kubectl get pod -l "tier=routers" -o jsonpath='{.items[0].metadata.name}' --namespace=${KUBE_NAME_SPACE} ) -c mongos-router-container \ - -- mongo --host 127.0.0.1 --port ${ROUTER_PORT} --ssl --sslAllowInvalidCertificates --sslPEMKeyFile /etc/certs/mongo.key --sslCAFile /etc/certs/mongo.pem \ - --authenticationMechanism=MONGODB-X509 --authenticationDatabase='$external' /tmp/add_shard.js -done - - -# # --------------create admin user start------------------------ - - kubectl exec --namespace=${KUBE_NAME_SPACE} $(kubectl get pod -l "tier=routers" -o jsonpath='{.items[0].metadata.name}' --namespace=${KUBE_NAME_SPACE} ) -- bash -c \ - 'echo "db.getSiblingDB(\"admin\").createUser({user:mongo_initdb_root_username,pwd:entrypassword,roles:[{role:\"root\",db:\"admin\"}, {role:\"clusterAdmin\",db:\"admin\"}]});" > mongo_create_admin.js;' - - kubectl exec --namespace=${KUBE_NAME_SPACE} $(kubectl get pod -l "tier=routers" -o jsonpath='{.items[0].metadata.name}' --namespace=${KUBE_NAME_SPACE} ) \ - -- bash -c 'echo mongo --host 127.0.0.1 --port 27017 --sslAllowInvalidCertificates --ssl --sslPEMKeyFile /etc/certs/mongo.key --sslCAFile /etc/certs/mongo.pem --eval \"var mongo_initdb_root_username="'"'MONGO_INITDB_ROOT_USERNAME'"'",entrypassword="'"'ENTRYPASSWORD'"'"\" mongo_create_admin.js > mongo_create_admin_bak.sh' - - kubectl exec --namespace=${KUBE_NAME_SPACE} $(kubectl get pod -l "tier=routers" -o jsonpath='{.items[0].metadata.name}' --namespace=${KUBE_NAME_SPACE} ) \ - -- bash -c 'cat mongo_create_admin_bak.sh | sed s/MONGO_INITDB_ROOT_USERNAME/$MONGO_INITDB_ROOT_USERNAME/g | sed s/ENTRYPASSWORD/$ENTRYPASSWORD/g > mongo_create_admin.sh' - - kubectl exec --namespace=${KUBE_NAME_SPACE} $(kubectl get pod -l "tier=routers" -o jsonpath='{.items[0].metadata.name}' --namespace=${KUBE_NAME_SPACE} ) \ - -- bash -c 'sh mongo_create_admin.sh && rm mongo_create_admin.js mongo_create_admin.sh mongo_create_admin_bak.sh' - -# # --------------create admin user end------------------------ - -sleep 10 - -# # --------------create regular user start------------------------ - - - kubectl exec --namespace=${KUBE_NAME_SPACE} $(kubectl get pod -l "tier=routers" -o jsonpath='{.items[0].metadata.name}' --namespace=${KUBE_NAME_SPACE} ) -- bash -c \ - 'echo "db.createUser({user:mongo_user,pwd:mongo_password,roles:[{role:\"readWrite\",db:mongo_initdb}, {role:\"readWrite\",db:mongo_seconddb}, {role:\"readWrite\", db:\"cronjobs\"}, {role:\"readWrite\",db:\"smartpages\"}]});" > mongo_create_user.js;' - - kubectl exec --namespace=${KUBE_NAME_SPACE} $(kubectl get pod -l "tier=routers" -o jsonpath='{.items[0].metadata.name}' --namespace=${KUBE_NAME_SPACE} ) \ - -- bash -c 'echo mongo --host 127.0.0.1 --port 27017 $MONGO_INITDB --sslAllowInvalidCertificates --ssl --sslPEMKeyFile /etc/certs/mongo.key --sslCAFile /etc/certs/mongo.pem -u $MONGO_INITDB_ROOT_USERNAME -p $ENTRYPASSWORD --authenticationDatabase admin --eval \"var mongo_user="'"'MONGO_USER'"'", mongo_password="'"'MONGO_PASSWORD'"'", mongo_initdb="'"'MONGO_INITDB'"'", mongo_seconddb="'"'MONGO_SECONDDB'"'"\" mongo_create_user.js > mongo_create_user_bak.sh' - - kubectl exec --namespace=${KUBE_NAME_SPACE} $(kubectl get pod -l "tier=routers" -o jsonpath='{.items[0].metadata.name}' --namespace=${KUBE_NAME_SPACE} ) \ - -- bash -c 'cat mongo_create_user_bak.sh | sed s/MONGO_USER/$MONGO_USER/g | sed s/MONGO_PASSWORD/$MONGO_PASSWORD/g | sed s/MONGO_INITDB/$MONGO_INITDB/g | sed s/MONGO_SECONDDB/$MONGO_SECONDDB/g > mongo_create_user.sh' - - kubectl exec --namespace=${KUBE_NAME_SPACE} $(kubectl get pod -l "tier=routers" -o jsonpath='{.items[0].metadata.name}' --namespace=${KUBE_NAME_SPACE} ) \ - -- bash -c 'sh mongo_create_user.sh && rm mongo_create_user.js mongo_create_user.sh mongo_create_user_bak.sh' - -echo "==================Done============================" \ No newline at end of file diff --git a/BACA/configuration-ha/mongo/pre-setup.sh b/BACA/configuration-ha/mongo/pre-setup.sh deleted file mode 100755 index 2b1d04b7..00000000 --- a/BACA/configuration-ha/mongo/pre-setup.sh +++ /dev/null @@ -1,100 +0,0 @@ -#!/usr/bin/env bash - -. ../common.sh - -NUMOFSHARDS=2 -#KUBE_NAME_SPACE=sp - -LOG_LEVEL=info -ROUTER_REPLICA=3 -SHARD_REPLICA=3 -CONFIG_REPLICA=3 - -CONFIG_PORT=27019 -DB_SHARD_PORT=27018 -ROUTER_PORT=27017 -CONFIG_REPLSET_PREFIX="configReplSet" - - -current_templates_path="../../stable/ibm-dba-baca-prod/charts/mongo-ha/templates" -current_base_path="../../stable/ibm-dba-baca-prod/charts/mongo-ha" - -echo "Removing existing yaml before generating the new ones ...." -rm -rf $current_templates_path/* -cp templates_base/mongo-service-base.yaml $current_templates_path/mongo-service.yaml -cp values-base.yaml $current_base_path/values.yaml - -echo LOG_LEVEL=$LOG_LEVEL -sed -i.bak s#\$LOG_LEVEL#$LOG_LEVEL# $current_base_path/values.yaml -echo "Replacing '' with $KUBE_NAME_SPACE" -sed -i.bak s#\$KUBE_NAME_SPACE#$KUBE_NAME_SPACE# $current_base_path/values.yaml -echo "Replacing '' with $NFS_IP" -# sed -i.bak s#\$NFS_IP#$NFS_IP# values.yaml -sed -i.bak s#\$ROUTER_REPLICA#$ROUTER_REPLICA# $current_base_path/values.yaml -sed -i.bak s#\$SHARD_REPLICA#$SHARD_REPLICA# $current_base_path/values.yaml -sed -i.bak s#\$CONFIG_REPLICA#$CONFIG_REPLICA# $current_base_path/values.yaml -sed -i.bak s#\$LOGPVC#$LOGPVC# $current_base_path/values.yaml - -if [ "$SSH_USER" = "root" ]; then - export SUDO_CMD="" -else - export SUDO_CMD="sudo" -fi -if [[ $PVCCHOICE == "1" ]]; then - echo "Creating necessary folder in $NFS_IP..." - cp templates_base/local-storage-base.yaml $current_templates_path/local-storage.yaml - for i in `seq 0 $((CONFIG_REPLICA-1))` - do - ssh $SSH_USER@$NFS_IP -oStrictHostKeyChecking=no "$SUDO_CMD mkdir -p /exports/smartpages/$KUBE_NAME_SPACE/configdb-${i}" - done - - for i in `seq 0 $((NUMOFSHARDS-1))` - do - for j in `seq 0 $((SHARD_REPLICA-1))` - do - ssh $SSH_USER@$NFS_IP -oStrictHostKeyChecking=no "$SUDO_CMD mkdir -p /exports/smartpages/$KUBE_NAME_SPACE/mongodb-shard${i}-${j}" - done - done - - ssh $SSH_USER@$NFS_IP -oStrictHostKeyChecking=no "$SUDO_CMD chown -R 51000:51001 /exports/smartpages/$KUBE_NAME_SPACE/*" - - echo "-----------------Creating pv and pvc by sp-persistence for shard-------------" - for i in `seq 0 $((NUMOFSHARDS-1))` - do - for j in `seq 0 $((SHARD_REPLICA-1))` - do - sed -e "s/\$KUBE_NAME_SPACE/$KUBE_NAME_SPACE/g; s/\$SHARDX/${i}/g; s/\$COUNTER/${j}/g; s#\$NFS_IP#${NFS_IP}#g" \ - ./templates_base/shard-persistence-base.yaml> $current_templates_path/persistence-shard${i}-${j}.yaml - done - done - - echo "-------------Creating pv and pvc by sp-persistence for mongodb config-----------------" - for i in `seq 0 $((CONFIG_REPLICA-1))` - do - sed -e "s/\$KUBE_NAME_SPACE/$KUBE_NAME_SPACE/g; s/\$COUNTER/${i}/g; s#\$NFS_IP#${NFS_IP}#g" ./templates_base/configdb-persistence-base.yaml> \ - $current_templates_path/configdb-persistence-${i}.yaml - done -fi - -echo "------------cp mongodb configsvr--------------------" -sed -e "s/\$KUBE_NAME_SPACE/$KUBE_NAME_SPACE/g; s/\$PORT_NUMBER/$PORT_NUMBER/g" ./templates_base/configdb-service-base.yaml> $current_templates_path/configdb-service.yaml - - echo "------------cp mongodb shardX------------" - -for i in `seq 0 $((NUMOFSHARDS-1))` -do - sed -e "s/\$SHARDX/${i}/g" ./templates_base/shardX-stateful.yaml> $current_templates_path/shard${i}-stateful.yaml -done - - echo "------------cp mongodb router(mongos)------------" - -for i in `seq 0 $((CONFIG_REPLICA-1))` -do - CONFIG_SERVER_LIST_S="${CONFIG_SERVER_LIST_S}mongodb-configdb-${i}.mongodb-configdb-service.${KUBE_NAME_SPACE}.svc.cluster.local:${CONFIG_PORT}," -done -CONFIG_SERVER_LIST_S=${CONFIG_SERVER_LIST_S:: -1} -CONFIG_REPLSET_VALUE="${CONFIG_REPLSET_PREFIX}/${CONFIG_SERVER_LIST_S}" -echo "CONFIG_REPLSET_VALUE=${CONFIG_REPLSET_VALUE}" - -sed -i.bak s#\$CONFIG_REPLSET_VALUE#$CONFIG_REPLSET_VALUE# $current_base_path/values.yaml -cp ./templates_base/mongos-router-base.yaml $current_templates_path/mongos-router.yaml diff --git a/BACA/configuration-ha/mongo/templates_base/configdb-persistence-base.yaml b/BACA/configuration-ha/mongo/templates_base/configdb-persistence-base.yaml deleted file mode 100644 index e8d7b8b2..00000000 --- a/BACA/configuration-ha/mongo/templates_base/configdb-persistence-base.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: pv-$KUBE_NAME_SPACE-configdb-$COUNTER - # namespace: {{.Values.global.nameSpace}} - labels: - app: mongo-configdb-pv - configpv: configdb-$COUNTER - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: mongo-configdb-pv -spec: - accessModes: - - ReadWriteOnce - capacity: - storage: {{.Values.mongoDBConfig.storageCapacity}} - nfs: - # may use variable counter for different shard - path: /exports/smartpages/$KUBE_NAME_SPACE/configdb-$COUNTER - server: $NFS_IP - persistentVolumeReclaimPolicy: Retain - storageClassName: {{.Values.storageClassName}} diff --git a/BACA/configuration-ha/mongo/templates_base/configdb-service-base.yaml b/BACA/configuration-ha/mongo/templates_base/configdb-service-base.yaml deleted file mode 100644 index f0b2d03c..00000000 --- a/BACA/configuration-ha/mongo/templates_base/configdb-service-base.yaml +++ /dev/null @@ -1,177 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: mongodb-configdb-service - # namespace: {{ .Values.global.nameSpace }} - labels: - name: {{ .Values.mongoDBConfig.labelName }} - app: mongodb-configdb-service - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: mongodb-configdb-service -spec: - ports: - - port: {{ .Values.mongoDBConfig.configPort }} - targetPort: {{ .Values.mongoDBConfig.configPort }} - clusterIP: None - selector: - role: {{ .Values.mongoDBConfig.labelName }} ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: mongodb-configdb - labels: - app: mongodb-configdb - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: mongodb-configdb -spec: - serviceName: mongodb-configdb-service - replicas: {{ .Values.mongoDBConfig.replicas }} - selector: - matchLabels: - role: {{ .Values.mongoDBConfig.labelName }} - template: - metadata: - annotations: - {{- range $key, $value := .Values.global.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - labels: - role: {{ .Values.mongoDBConfig.labelName }} - tier: configdb - replicaset: {{ .Values.mongoDBConfig.replicaSetName }} - app: mongodb-configdb - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: mongodb-configdb - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: replicaset - operator: In - values: - - {{ .Values.mongoDBConfig.replicaSetName }} - topologyKey: kubernetes.io/hostname - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: mongo{{ .Values.global.namespace.name }} - operator: In - values: - - "baca" - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ .Values.global.arch }} - terminationGracePeriodSeconds: 10 - volumes: - - name: secrets-volume - secret: - secretName: {{ .Values.secretVolume }} - - name: sp-log-pvc - persistentVolumeClaim: - claimName: {{ .Values.global.logs.claimname }} - containers: - - name: mongodb-configdb-container - image: "{{ .Values.global.mongo.image.repository }}:{{ .Values.global.mongo.image.tag }}" - securityContext: - runAsUser: 51000 - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: false - runAsNonRoot: true - capabilities: - drop: - - ALL - resources: -{{ toYaml .Values.mongoDBConfig.resources | indent 12 }} - env: - # - name: ENTRYPASSWORD - # value: "bacauser" - # - name: MONGO_USER - # value: "bacauser" - # - name: MONGO_PASSWORD - # value: "bacauser" - # - name: MONGO_INITDB - # value: "bacauser" - - name: LOG_LEVEL - value: {{ .Values.global.logs.logLevel }} - - name: WIREDTIGERCACHE - value: {{ .Values.global.mongo.wiredTigerCache | default 0.5 | quote }} - - name: CERTIFICATE_DIR - value: "/etc/certs" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: MONGO_TYPE - value: "configsvr" - - name: MONGO_TYPE_VALUE - value: "configReplSet" - - name: CONTAINER_PORT - value: {{ .Values.mongoDBConfig.configPort | quote }} - - name: KUBE_NAME_SPACE - value: {{ .Values.global.nameSpace | quote }} - ports: - - containerPort: {{ .Values.mongoDBConfig.configPort }} - livenessProbe: - initialDelaySeconds: 60 - periodSeconds: 60 - timeoutSeconds: 20 - successThreshold: 1 - failureThreshold: 5 - exec: - command: - - bash - - -c - - source setup_env.sh && echo 'db.runCommand("ping").ok' | mongo 127.0.0.1:27019 --sslAllowInvalidCertificates --ssl --sslPEMKeyFile $PEMFILE --sslCAFile $CERTIFICATE_PATH - readinessProbe: - initialDelaySeconds: 30 - periodSeconds: 30 - timeoutSeconds: 20 - successThreshold: 1 - failureThreshold: 5 - exec: - command: - - bash - - -c - - source setup_env.sh && echo 'db.runCommand("ping").ok' | mongo 127.0.0.1:27019 --sslAllowInvalidCertificates --ssl --sslPEMKeyFile $PEMFILE --sslCAFile $CERTIFICATE_PATH - imagePullPolicy: {{ .Values.global.mongo.image.pullPolicy }} - volumeMounts: - - name: secrets-volume - readOnly: true - mountPath: "/etc/certs" - - name: mongodb-configdb-storage - mountPath: /data/db - - name: sp-log-pvc -# mountPath: "/var/log/mongodb" - mountPath: {{ .Values.global.logs.path }}{{ .Values.mongo.name }}db -# subPath: mongo - subPath: {{ .Values.mongo.name }} - volumeClaimTemplates: - - metadata: - name: mongodb-configdb-storage - spec: - accessModes: [ "ReadWriteOnce" ] - {{- if $.Values.global.storageClass }} - {{- if (eq "-" $.Values.global.storageClass) }} - storageClassName: {{ .Values.storageClassName | quote }} - {{- else }} - storageClassName: {{ $.Values.global.storageClass | quote }} - {{- end }} - {{- end }} - resources: - requests: - storage: {{.Values.mongoDBConfig.storageCapacity}} \ No newline at end of file diff --git a/BACA/configuration-ha/mongo/templates_base/local-storage-base.yaml b/BACA/configuration-ha/mongo/templates_base/local-storage-base.yaml deleted file mode 100644 index caab5631..00000000 --- a/BACA/configuration-ha/mongo/templates_base/local-storage-base.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: {{.Values.storageClassName}} - labels: - app: {{.Values.storageClassName}} - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: {{ .Values.storageClassName | quote }} -provisioner: kubernetes.io/no-provisioner -volumeBindingMode: WaitForFirstConsumer \ No newline at end of file diff --git a/BACA/configuration-ha/mongo/templates_base/mongo-service-base.yaml b/BACA/configuration-ha/mongo/templates_base/mongo-service-base.yaml deleted file mode 100644 index cfd55537..00000000 --- a/BACA/configuration-ha/mongo/templates_base/mongo-service-base.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: "{{ .Values.mongosRouter.name }}-service" - role: mongos - tier: routers - heritage: "{{ .Values.mongosRouter.name }}-service" - release: {{ .Values.release | quote}} - chart: "{{ .Values.mongosRouter.name }}-service" - name: {{ .Values.mongosService }} -spec: - type: ClusterIP - selector: - app: {{ .Values.mongosRouter.name }} - ports: - - port: {{.Values.mongosRouter.routerPort}} - protocol: TCP - - - - diff --git a/BACA/configuration-ha/mongo/templates_base/mongos-router-base.yaml b/BACA/configuration-ha/mongo/templates_base/mongos-router-base.yaml deleted file mode 100644 index 8a4e9e86..00000000 --- a/BACA/configuration-ha/mongo/templates_base/mongos-router-base.yaml +++ /dev/null @@ -1,139 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Values.mongosRouter.name }} - labels: - app: {{ .Values.mongosRouter.name }} - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: {{ .Values.mongosRouter.name }} - # namespace: {{ .Values.global.nameSpace }} -spec: - replicas: {{ .Values.mongosRouter.replicas }} - selector: - matchLabels: - app: {{ .Values.mongosRouter.name }} - template: - metadata: - annotations: - {{- range $key, $value := .Values.global.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - labels: - app: {{ .Values.mongosRouter.name }} - role: mongos - tier: routers - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: {{ .Values.mongosRouter.name }} - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: tier - operator: In - values: - - routers - topologyKey: kubernetes.io/hostname - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: mongo{{ .Values.global.namespace.name }} - operator: In - values: - - "baca" - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ .Values.global.arch }} - volumes: - - name: secrets-volume - secret: - secretName: {{ .Values.secretVolume }} - - name: sp-log-pvc - persistentVolumeClaim: - claimName: {{ .Values.global.logs.claimname }} - terminationGracePeriodSeconds: 10 - containers: - - name: mongos-router-container - image: "{{ .Values.global.mongo.image.repository }}:{{ .Values.global.mongo.image.tag }}" - imagePullPolicy: {{ .Values.global.mongo.image.pullPolicy }} - env: - - name: ENTRYPASSWORD - valueFrom: - secretKeyRef: - name: "baca-mongo" - key: MONGOENTRYPASSWORD - - name: MONGO_USER - valueFrom: - secretKeyRef: - name: "baca-mongo" - key: MONGOUSER - - name: MONGO_PASSWORD - valueFrom: - secretKeyRef: - name: "baca-mongo" - key: MONGOPASSWORD - - name: MONGO_INITDB - value: "bacauser" - - name: MONGO_SECONDDB - value: "cogdig" - - name: MONGO_TYPE - value: "mongodb-router" - - name: CERTIFICATE_DIR - value: "/etc/certs" - - name: CONTAINER_PORT - value: {{ .Values.mongosRouter.routerPort | quote}} - - name: CONFIG_REPL_SET - value: {{ .Values.mongosRouter.configReplset }} - - name: KUBE_NAME_SPACE - value: {{ .Values.global.nameSpace | quote }} - volumeMounts: - - name: secrets-volume - readOnly: true - mountPath: "/etc/certs" - - name: sp-log-pvc -# mountPath: "/var/log/mongodb" - mountPath: {{ .Values.global.logs.path }}{{ .Values.mongo.name }}db -# subPath: mongo - subPath: {{ .Values.mongo.name }} - resources: -{{ toYaml .Values.mongosRouter.resources | indent 10 }} - securityContext: - runAsUser: 51000 - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: false - runAsNonRoot: true - capabilities: - drop: - - ALL - ports: - - containerPort: {{ .Values.mongosRouter.routerPort }} - livenessProbe: - initialDelaySeconds: 60 - periodSeconds: 60 - timeoutSeconds: 20 - successThreshold: 1 - failureThreshold: 5 - exec: - command: - - bash - - -c - - source setup_env.sh && echo 'db.runCommand("ping").ok' | mongo 127.0.0.1:27017 --sslAllowInvalidCertificates --ssl --sslPEMKeyFile $PEMFILE --sslCAFile $CERTIFICATE_PATH - readinessProbe: - initialDelaySeconds: 30 - periodSeconds: 30 - timeoutSeconds: 20 - successThreshold: 1 - failureThreshold: 5 - exec: - command: - - bash - - -c - - source setup_env.sh && echo 'db.runCommand("ping").ok' | mongo 127.0.0.1:27017 --sslAllowInvalidCertificates --ssl --sslPEMKeyFile $PEMFILE --sslCAFile $CERTIFICATE_PATH diff --git a/BACA/configuration-ha/mongo/templates_base/shard-persistence-base.yaml b/BACA/configuration-ha/mongo/templates_base/shard-persistence-base.yaml deleted file mode 100644 index 8abbb0b9..00000000 --- a/BACA/configuration-ha/mongo/templates_base/shard-persistence-base.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: pv-mongodb-shard$SHARDX-$COUNTER - # namespace: {{ .Values.global.nameSpace }} - labels: - shard: shard$SHARDX - app: "pv-shard$SHARDX" - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: "pv-shard$SHARDX" -spec: - accessModes: - - ReadWriteOnce - capacity: - storage: {{ .Values.mongoDBShard.storageCapacity }} - nfs: - path: /exports/smartpages/$KUBE_NAME_SPACE/mongodb-shard$SHARDX-$COUNTER - server: $NFS_IP - persistentVolumeReclaimPolicy: Retain - storageClassName: {{.Values.storageClassName}} diff --git a/BACA/configuration-ha/mongo/templates_base/shardX-stateful.yaml b/BACA/configuration-ha/mongo/templates_base/shardX-stateful.yaml deleted file mode 100644 index 2a8b6169..00000000 --- a/BACA/configuration-ha/mongo/templates_base/shardX-stateful.yaml +++ /dev/null @@ -1,183 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: mongodb-shard$SHARDX-service - # namespace: {{ .Values.global.nameSpace }} - labels: - name: mongodb-shard$SHARDX-service - app: shard$SHARDX-service - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: mongodb-shard$SHARDX-service -spec: - ports: - - port: {{ .Values.mongoDBShard.shardPort }} - targetPort: {{ .Values.mongoDBShard.shardPort }} - clusterIP: None - selector: - role: mongodb-shard$SHARDX ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: mongodb-shard$SHARDX - labels: - app: mongodb-shard$SHARDX - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: mongodb-shard$SHARDX - # namespace: {{ .Values.global.nameSpace }} -spec: - selector: - matchLabels: - role: mongodb-shard$SHARDX - serviceName: mongodb-shard$SHARDX-service - replicas: {{ .Values.mongoDBShard.replicas }} - template: - metadata: - annotations: - {{- range $key, $value := .Values.global.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - labels: - role: mongodb-shard$SHARDX - tier: mongodb - replicaset: rs-shard$SHARDX - app: mongodb-shard$SHARDX - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: mongodb-shard$SHARDX - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: replicaset - operator: In - values: - - rs-shard$SHARDX - topologyKey: kubernetes.io/hostname - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: mongo{{ .Values.global.namespace.name }} - operator: In - values: - - "baca" - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ .Values.global.arch }} - terminationGracePeriodSeconds: 10 - volumes: - - name: secrets-volume - secret: - secretName: {{ .Values.secretVolume }} - - name: sp-log-pvc - persistentVolumeClaim: - claimName: {{ .Values.global.logs.claimname }} - containers: - - name: mongod-shard$SHARDX-container - image: "{{ .Values.global.mongo.image.repository }}:{{ .Values.global.mongo.image.tag }}" - imagePullPolicy: {{ .Values.global.mongo.image.pullPolicy }} - resources: -{{ toYaml .Values.mongoDBShard.resources | indent 10 }} - env: - # - name: ENTRYPASSWORD - # value: "$ENTRYPASSWORD" - # - name: MONGO_USER - # value: "$MONGO_USER" - # - name: MONGO_PASSWORD - # value: "$MONGO_PASSWORD" - # - name: MONGO_INITDB - # value: "$MONGOADMINAUTHDB" - # - name: MONGO_SECONDDB - # value: "binaryfiles" - - name: LOG_PATH - value: {{ .Values.logs.path }}{{ .Values.mongo.name | substr 0 5 }}db - - name: LOG_LEVEL - value: {{ .Values.global.logs.logLevel }} - - name: CERTIFICATE_DIR - value: "/etc/certs" - - name: WIREDTIGERCACHE - value: {{ .Values.global.mongo.wiredTigerCache | default 0.5 | quote }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: MONGO_TYPE - value: "shard" - - name: MONGO_TYPE_VALUE - value: "rs-shard$SHARDX" - - name: CONTAINER_PORT - value: {{ .Values.mongoDBShard.shardPort | quote}} - - name: KUBE_NAME_SPACE - value: {{ .Values.global.nameSpace | quote }} - securityContext: - runAsUser: 51000 - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: false - runAsNonRoot: true - capabilities: - drop: - - ALL - livenessProbe: - initialDelaySeconds: 60 - periodSeconds: 60 - timeoutSeconds: 20 - successThreshold: 1 - failureThreshold: 5 - exec: - command: - - bash - - -c - - source setup_env.sh && echo 'db.runCommand("ping").ok' | mongo 127.0.0.1:27018 --sslAllowInvalidCertificates --ssl --sslPEMKeyFile $PEMFILE --sslCAFile $CERTIFICATE_PATH - readinessProbe: - initialDelaySeconds: 30 - periodSeconds: 30 - timeoutSeconds: 20 - successThreshold: 1 - failureThreshold: 5 - exec: - command: - - bash - - -c - - source setup_env.sh && echo 'db.runCommand("ping").ok' | mongo 127.0.0.1:27018 --sslAllowInvalidCertificates --ssl --sslPEMKeyFile $PEMFILE --sslCAFile $CERTIFICATE_PATH - ports: - - containerPort: {{ .Values.mongoDBShard.shardPort }} - volumeMounts: - - name: shard$SHARDX-storage - mountPath: /data/db - - name: sp-log-pvc -# mountPath: "/var/log/mongodb" - mountPath: {{ .Values.global.logs.path }}{{ .Values.mongo.name }}db -# subPath: mongo - subPath: {{ .Values.mongo.name }} - - name: secrets-volume # must match the volume name, above - mountPath: "/etc/certs" - volumeClaimTemplates: - - metadata: - name: shard$SHARDX-storage - spec: - accessModes: [ "ReadWriteOnce" ] - {{- if $.Values.global.storageClass }} - {{- if (eq "-" $.Values.global.storageClass) }} - storageClassName: {{ .Values.storageClassName | quote }} - {{- else }} - storageClassName: {{ $.Values.global.storageClass | quote }} - {{- end }} - {{- end }} - resources: - requests: - storage: {{ .Values.mongoDBShard.storageCapacity }} - -# cat sp-shardX-stateful.yaml | sed s/\$SHARDX/"shard1"/ | kubectl apply --validate=true --dry-run=true --filename= diff --git a/BACA/configuration-ha/mongo/values-base.yaml b/BACA/configuration-ha/mongo/values-base.yaml deleted file mode 100644 index e2d3b00a..00000000 --- a/BACA/configuration-ha/mongo/values-base.yaml +++ /dev/null @@ -1,65 +0,0 @@ -# image: -# repository: mycluster.icp:8500/$KUBE_NAME_SPACE/mongocluster -# tag: latest -# pullPolicy: Always - -storageClassName: local-storage -# nfsIP: $NFS_IP -# nameSpace: $KUBE_NAME_SPACE -# existingSecret: true -# wiredTigerCache: "$MONGO_WIREDTIGER_LIMIT" -# wiredTigerCache: "0.5" -secretVolume: baca-secrets$KUBE_NAME_SPACE -mongosService: mongos-service - -mongo: - # nodeSelector: - # mongo$KUBE_NAME_SPACE: baca - name: mongo - -logs: - # claimname: $LOGPVC - path: /var/log/ - # logLevel: $LOG_LEVEL - -mongoDBConfig: - storageCapacity: 10Gi - labelName: mongodb-configdb - configPort: 27019 - replicas: $CONFIG_REPLICA - replicaSetName: ConfigDBRepSet - resources: - limits: - memory: "1Gi" - cpu: "500m" - requests: - memory: "256Mi" - cpu: "500m" - -mongosRouter: - name: mongos-router - routerPort: 27017 - replicas: $ROUTER_REPLICA - configReplset: "$CONFIG_REPLSET_VALUE" - resources: - limits: - memory: "1Gi" - cpu: "500m" - requests: - memory: "256Mi" - cpu: "500m" - -mongoDBShard: - # heritage: admin-shard - # pvheritage: admin-shardpv - storageCapacity: 15Gi - shardPort: 27018 - replicas: $SHARD_REPLICA - resources: - limits: - memory: "1Gi" - cpu: "500m" - requests: - memory: "256Mi" - cpu: "500m" - \ No newline at end of file diff --git a/BACA/configuration-ha/mongoadmin/README.md b/BACA/configuration-ha/mongoadmin/README.md deleted file mode 100644 index 4ef5ee4b..00000000 --- a/BACA/configuration-ha/mongoadmin/README.md +++ /dev/null @@ -1,118 +0,0 @@ -# Mongodb - -[Mongodb](https://www.mongodb.com/) is a general purpose, document-based, distributed database built for modern application developers and for the cloud era. No database is more productive to use - -## TL;DR; - -```bash -$ helm install stable/mongo-ha -``` - -By default this chart install 12 pods total: - * three pods containing a mongos router - * three pods containing a mongodb config server - * three pods containing a mongdb shard - * three pods containing a mongdb shard -## Introduction - -This chart bootstraps a[Mongodb](https://www.mongodb.com/) highly available Shard+Replica statefulset in a [Kubernetes](http://kubernetes.io) cluster using the Helm package manager. - -## Prerequisites - -- Kubernetes 1.8+ with Beta APIs enabled -- PV provisioner support in the underlying infrastructure or an existing PVC claim created when running `init_deployments.sh` -- PV for shards and replicas will be created in generate.sh -- Change the values for the `reposittory` and `tag` under `image` and tag to match your mongo cluster environment. For example: -``` -image: - repository: mycluster.com:8500/sp/mongocluster - tag: latest - pullPolicy: Always -``` -mongocluster image can be downloaded from TBD -The current default namespace is `sp`. If you have different namespace, please make sure you update generate.sh as well. Next version will fixed this issue. -openssl.cnf and ssl_generator.sh are used to create x509 certificate for mongo cluster. -## Upgrading the Chart - -You can use Helm to update MongoCluster version in a live release. Assuming your release is named as `my-release`, get the values using the command: - -## Installing the Chart - -To install the chart - -```bash -sh generate.sh -``` - -The command will generate templates for mongodb shards and replicas, save them into templates folder. And then create values.yaml based on values-base.yaml. It will deploys Mongodb Cluster on the Kubernetes cluster in the default configuration. By default this chart install 2 shards, 3 mongodb config and 3 mongos router. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the deployment: - -```bash -$ helm delete --purge --tls -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following table lists the configurable parameters of the MongoDB chart and their default values. - -| Parameter | Description | Default | -|:-------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------| -| `image.repository` | Mongodb image | `mongocluster` | -| `image.tag` | Mongodb tag | `latest` | -| `image.pullPolicy` | Pull Image policy | `Always` | -| `storageClassName` | Specifies storage class name | local-storage | -| `nfsIP` | The NFS location | | -| `nameSpace` | use kubernetes namespace | `sp` | -| `wiredTigerCache` | mondo db cache limitiation | `0.5` | -| `secretVolume` | Where the certification stored | created from setup.sh script | -| `logs.claimname` | Where the location of log, depends on setup.sh | `` | -| `logs.path` | log path inside the pod | `/var/log/` | -| `logs.logLevel` | log level | `debug` | -| `mongoDBConfig.storageCapacity` | Mongodb config storage size | `10Gi` | -| `mongoDBConfig.labelName` | label name | mongodb-configdb | -| `mongoDBConfig.replicas` | mongodb config replicas, variable in generate.sh | `` | -| `mongoDBConfig.replicaSetName` | replica set name | `ConfigDBRepSet` | -| `mongoDBConfig.resources` | CPU/Memory for init Container node resource requests/limits | `{}` | -| `mongosRouter.name` | name of the mongos router | `mongos-router` | -| `mongosRouter.replicas` | mongodb router replicas, need to change in generate.sh | `` | -| `mongosRouter.configReplset` | generate by generate.sh, do not change. | | -| `mongoDBShard.storageCapacity` | Mongodb shard storage size | `15Gi` | -| `mongoDBShard.replicas` | mongodb shard replicas, variable in generate.sh | `{}` | -| `logs.logLevel` | log level | `[]` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -$ helm install \ - --set image=mongocluster \ - --set tag=latest \ - stable/mongo-ha -``` - -The above command sets the Mongodb server within `default` namespace. - - -> **Tip**: There is no [values.yaml](values.yaml) file, and will generate [values.yaml](values.yaml) on the fly based on [values-base.yaml](values-base.yaml) - -Persistence ------------ - -This generate.sh provisions a PersistentVolume and pods will create PersistentVolumeClaim and mounts corresponding persistent volume under the same storage class name to default location `/export/smartpages/`. You'll need physical storage available in the Kubernetes cluster for this to work. - -Configure TLS -------------- - -Always enable TLS for mongodb containers, acquire TLS certificates from a CA or create self-signed certificates. While creating / acquiring certificates ensure the corresponding domain names are set as per the standard [DNS naming conventions](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-identity) in a Kubernetes StatefulSet (for a distributed mongodb setup). Then create a secret using - -```bash -$ kubectl create secret generic baca-secrets${NAMESPACE} --from-file=path/to/private.key --from-file=path/to/public.crt -``` - -Then install the chart, specifying the path you'd like to mount to the TLS secret: diff --git a/BACA/configuration-ha/mongoadmin/js_base/add_shard.js b/BACA/configuration-ha/mongoadmin/js_base/add_shard.js deleted file mode 100644 index 43ebc4e1..00000000 --- a/BACA/configuration-ha/mongoadmin/js_base/add_shard.js +++ /dev/null @@ -1,19 +0,0 @@ -var server_list_s = "$SHARD_LIST_S"; -var shard_id = "$SHARD_ID"; -var shard_string = shard_id.concat('\/', server_list_s); -var result; -print("First try to add shard"); -do { - sleep(5000); - result = sh.addShard(shard_string); - if (result.ok == 0) { - print("Failed to add shard and retry in 5 seconds"); - } - // if (result.code == 23) { - // print("already initialized"); - // break; - // } - printjson(result); -} while (result.ok != 1) -// printjson(result); - diff --git a/BACA/configuration-ha/mongoadmin/js_base/mongo_initiate.js b/BACA/configuration-ha/mongoadmin/js_base/mongo_initiate.js deleted file mode 100644 index eed8d9bb..00000000 --- a/BACA/configuration-ha/mongoadmin/js_base/mongo_initiate.js +++ /dev/null @@ -1,27 +0,0 @@ -var server_list_s = "$SERVER_LIST_S"; -var server_list = server_list_s.split(","); -var cfg_id = "$CFG_ID"; -var member_list = []; -for (i = 0; i < server_list.length; i++) { - member_list.push({_id: i, host: server_list[i]}); -} -var cfg = { - _id: cfg_id, - version: 1, - members: member_list -} -print("First try to initiate"); -var result; -do { - sleep(5000); - result = rs.initiate(cfg); - if(result.ok==0) { - print("Failed to initiate and retry in 5 seconds"); - } - if(result.code==23){ - print("already initialized"); - break; - } - printjson(result); -} while (result.ok != 1) -// printjson(result); diff --git a/BACA/configuration-ha/mongoadmin/openssl.cnf b/BACA/configuration-ha/mongoadmin/openssl.cnf deleted file mode 100644 index 7d3892c9..00000000 --- a/BACA/configuration-ha/mongoadmin/openssl.cnf +++ /dev/null @@ -1,38 +0,0 @@ -[req] -default_bits = 2048 -utf8 = yes -distinguished_name = req_distinguished_name -req_extensions = v3_req - -[req_distinguished_name] -countryName = Country Name (2 letter code) -countryName_default = CA -countryName_min = 2 -countryName_max = 2 -stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = NS -stateOrProvinceName_max = 64 -localityName = Locality Name (eg, city) -localityName_default = Halifax -localityName_max = 64 -organizationName = Organization Name (eg, company) -organizationName_default = IBM -organizationName_max = 64 -organizationalUnitName = Organizational Unit Name (eg, section) -organizationalUnitName_default = baca -organizationalUnitName_max = 64 -commonName = *.svc.cluster.local -commonName_max = 64 - -[v3_req] -basicConstraints = CA:FALSE -subjectKeyIdentifier = hash -keyUsage = digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = @alt_names - -[alt_names] -DNS.1 = localhost -IP.1 = 127.0.0.1 - - diff --git a/BACA/configuration-ha/mongoadmin/post-setup.sh b/BACA/configuration-ha/mongoadmin/post-setup.sh deleted file mode 100755 index 13465a99..00000000 --- a/BACA/configuration-ha/mongoadmin/post-setup.sh +++ /dev/null @@ -1,148 +0,0 @@ -#!/usr/bin/env bash - -. ../common.sh - -# ENTRYPASSWORD='bacauser' -# NFS_IP=172.16.243.23 - -# KUBE_NAME_SPACE=sp2 -#LOG_LEVEL=info -NUMOFSHARDS=2 -ROUTER_REPLICA=3 -SHARD_REPLICA=3 -CONFIG_REPLICA=3 -CONFIG_PORT=27019 -DB_SHARD_PORT=27018 -ROUTER_PORT=27017 -CONFIG_REPLSET_ADMIN_PREFIX="configReplSetAdmin" - -ADD_SHARD='./js_base/add_shard.js' -MONGO_INIT='./js_base/mongo_initiate.js' - - -for i in `seq 0 $((CONFIG_REPLICA-1))` -do - CONFIG_SERVER_LIST_S="${CONFIG_SERVER_LIST_S}mongodb-admin-configdb-${i}.mongodb-admin-configdb-service.${KUBE_NAME_SPACE}.svc.cluster.local:${CONFIG_PORT}," -done -CONFIG_SERVER_LIST_S=${CONFIG_SERVER_LIST_S:: -1} -echo "CONFIG_SERVER_LIST_S=${CONFIG_SERVER_LIST_S}" - -echo "Waiting for all the shards and configdb containers up running" -sleep 30 -echo -n " " -until kubectl exec mongodb-admin-configdb-$((CONFIG_REPLICA-1)) --namespace=${KUBE_NAME_SPACE} -c mongodb-admin-configdb-container -- mongo --host 127.0.0.1 --port ${CONFIG_PORT} --ssl --sslAllowInvalidCertificates --sslPEMKeyFile /etc/certs/mongo.key --sslCAFile /etc/certs/mongo.pem --quiet --eval 'db.getMongo()'; do - sleep 5 - echo -n " " -done - -echo -n " " -for i in `seq 0 $((NUMOFSHARDS-1))` -do - until kubectl exec mongodb-admin-shard${i}-$((SHARD_REPLICA-1)) --namespace=${KUBE_NAME_SPACE} -c mongod-admin-shard${i}-container -- mongo --host 127.0.0.1 --port ${DB_SHARD_PORT} --ssl --sslAllowInvalidCertificates --sslPEMKeyFile /etc/certs/mongo.key --sslCAFile /etc/certs/mongo.pem --quiet --eval 'db.getMongo()'; do - sleep 5 - echo -n " " - done -done -echo "...shards & configdb containers are now running" -echo - -sleep 90 - -for i in `seq 0 $((NUMOFSHARDS-1))` -do - for j in `seq 0 $((SHARD_REPLICA-1))` - do - shard_temp="${shard_temp}mongodb-admin-shard${i}-${j}.mongodb-admin-shard${i}-service.${KUBE_NAME_SPACE}.svc.cluster.local:${DB_SHARD_PORT}," - done - SHARD_STRING[${i}]=${shard_temp:: -1} - unset shard_temp -done - -echo "start to initiate config admin server replicas" -echo - -cat $MONGO_INIT | sed s#\$SERVER_LIST_S#"$CONFIG_SERVER_LIST_S"# | sed s#\$CFG_ID#"${CONFIG_REPLSET_ADMIN_PREFIX}"# > mongo_initiate_config.js -kubectl cp mongo_initiate_config.js ${KUBE_NAME_SPACE}/mongodb-admin-configdb-0:/tmp/ - -kubectl exec mongodb-admin-configdb-0 --namespace=${KUBE_NAME_SPACE} -c mongodb-admin-configdb-container -- mongo --host 127.0.0.1 --port ${CONFIG_PORT} --ssl --sslAllowInvalidCertificates --sslPEMKeyFile /etc/certs/mongo.key --sslCAFile /etc/certs/mongo.pem /tmp/mongo_initiate_config.js - -echo "start to initiate shard admin server replicas" -echo - -for i in `seq 0 $((NUMOFSHARDS-1))` -do - cat $MONGO_INIT | sed s#\$SERVER_LIST_S#"${SHARD_STRING[$i]}"# | sed s#\$CFG_ID#"rs\-admin\-shard$i"# > mongo_initiate_shard${i}.js - kubectl cp mongo_initiate_shard${i}.js ${KUBE_NAME_SPACE}/mongodb-admin-shard${i}-0:/tmp/mongo_initiate_shard.js - kubectl exec mongodb-admin-shard${i}-0 --namespace=${KUBE_NAME_SPACE} -c mongod-admin-shard${i}-container -- mongo --host 127.0.0.1 --port ${DB_SHARD_PORT} --ssl --sslAllowInvalidCertificates --sslPEMKeyFile /etc/certs/mongo.key --sslCAFile /etc/certs/mongo.pem /tmp/mongo_initiate_shard.js -done - -echo "Wait for each MongoDB admin Shard's Replica Set + the admin ConfigDB Replica Set to each have a primary ready" - -kubectl exec mongodb-admin-configdb-0 --namespace=${KUBE_NAME_SPACE} -c mongodb-admin-configdb-container -- mongo --host 127.0.0.1 --port ${CONFIG_PORT} --ssl --sslAllowInvalidCertificates --sslPEMKeyFile /etc/certs/mongo.key --sslCAFile /etc/certs/mongo.pem --quiet --eval 'while (rs.status().hasOwnProperty("myState") && rs.status().myState != 1) { print("."); sleep(1000); };' -for i in `seq 0 $((NUMOFSHARDS-1))` -do - kubectl exec mongodb-admin-shard${i}-0 --namespace=${KUBE_NAME_SPACE} -c mongod-admin-shard${i}-container -- mongo --host 127.0.0.1 --port ${DB_SHARD_PORT} --ssl --sslAllowInvalidCertificates --sslPEMKeyFile /etc/certs/mongo.key --sslCAFile /etc/certs/mongo.pem --eval 'while (rs.status().hasOwnProperty("myState") && rs.status().myState != 1) { print("."); sleep(1000); };' -done - -echo "...initialisation of the MongoDB admin shard Replica Sets completed" -echo - -# Wait for the mongos to have started properly -echo "Waiting for the first mongos admin router to up and run" -echo -n " " -until kubectl exec --namespace=${KUBE_NAME_SPACE} $(kubectl get pod -l "tier=routers-admin" -o jsonpath='{.items[0].metadata.name}' --namespace=${KUBE_NAME_SPACE} ) -c mongos-admin-router-container -- mongo --host 127.0.0.1 --port ${ROUTER_PORT} --ssl --sslAllowInvalidCertificates --sslPEMKeyFile /etc/certs/mongo.key --sslCAFile /etc/certs/mongo.pem --quiet --eval 'db.getMongo()'; do - sleep 2 - echo -n " " -done -echo "...first mongos admin router is now running" -echo - - -echo "start to add shard admin replicas" -echo -for i in `seq 0 $((NUMOFSHARDS-1))` -do - cat $ADD_SHARD | sed s#\$SHARD_LIST_S#"${SHARD_STRING[$i]}"# | sed s#\$SHARD_ID#"rs\-admin\-shard$i"# > add_shard${i}.js - kubectl cp add_shard${i}.js ${KUBE_NAME_SPACE}/$(kubectl get pod -l "tier=routers-admin" -o jsonpath='{.items[0].metadata.name}' --namespace=${KUBE_NAME_SPACE} ):/tmp/add_shard.js - kubectl exec --namespace=${KUBE_NAME_SPACE} $(kubectl get pod -l "tier=routers-admin" -o jsonpath='{.items[0].metadata.name}' --namespace=${KUBE_NAME_SPACE} ) -c mongos-admin-router-container \ - -- mongo --host 127.0.0.1 --port ${ROUTER_PORT} --ssl --sslAllowInvalidCertificates --sslPEMKeyFile /etc/certs/mongo.key --sslCAFile /etc/certs/mongo.pem \ - --authenticationMechanism=MONGODB-X509 --authenticationDatabase='$external' /tmp/add_shard.js -done - - -# --------------create admin user start------------------------ - - - -kubectl exec --namespace=${KUBE_NAME_SPACE} $(kubectl get pod -l "tier=routers-admin" -o jsonpath='{.items[0].metadata.name}' --namespace=${KUBE_NAME_SPACE} ) -- bash -c \ -'echo "db.getSiblingDB(\"admin\").createUser({user:mongo_initdb_root_username,pwd:entrypassword,roles:[{role:\"root\",db:\"admin\"}, {role:\"clusterAdmin\",db:\"admin\"}]});" > mongo_create_admin.js;' - -kubectl exec --namespace=${KUBE_NAME_SPACE} $(kubectl get pod -l "tier=routers-admin" -o jsonpath='{.items[0].metadata.name}' --namespace=${KUBE_NAME_SPACE} ) \ --- bash -c 'echo mongo --host 127.0.0.1 --port 27017 --sslAllowInvalidCertificates --ssl --sslPEMKeyFile /etc/certs/mongo.key --sslCAFile /etc/certs/mongo.pem --eval \"var mongo_initdb_root_username="'"'MONGO_INITDB_ROOT_USERNAME'"'",entrypassword="'"'ENTRYPASSWORD'"'"\" mongo_create_admin.js > mongo_create_admin_bak.sh' - -kubectl exec --namespace=${KUBE_NAME_SPACE} $(kubectl get pod -l "tier=routers-admin" -o jsonpath='{.items[0].metadata.name}' --namespace=${KUBE_NAME_SPACE} ) \ --- bash -c 'cat mongo_create_admin_bak.sh | sed s/MONGO_INITDB_ROOT_USERNAME/$MONGO_INITDB_ROOT_USERNAME/g | sed s/ENTRYPASSWORD/$ENTRYPASSWORD/g > mongo_create_admin.sh' - -kubectl exec --namespace=${KUBE_NAME_SPACE} $(kubectl get pod -l "tier=routers-admin" -o jsonpath='{.items[0].metadata.name}' --namespace=${KUBE_NAME_SPACE} ) \ --- bash -c 'sh mongo_create_admin.sh && rm mongo_create_admin.js mongo_create_admin.sh mongo_create_admin_bak.sh' - -# --------------create admin user end------------------------ - -sleep 10 - -# --------------create regular user start------------------------ - - -kubectl exec --namespace=${KUBE_NAME_SPACE} $(kubectl get pod -l "tier=routers-admin" -o jsonpath='{.items[0].metadata.name}' --namespace=${KUBE_NAME_SPACE} ) -- bash -c \ -'echo "db.createUser({user:mongo_user,pwd:mongo_password,roles:[{role:\"readWrite\",db:mongo_initdb}, {role:\"readWrite\",db:mongo_seconddb}, {role:\"readWrite\", db:\"cronjobs\"}, {role:\"readWrite\",db:\"smartpages\"}]});" > mongo_create_user.js;' - -kubectl exec --namespace=${KUBE_NAME_SPACE} $(kubectl get pod -l "tier=routers-admin" -o jsonpath='{.items[0].metadata.name}' --namespace=${KUBE_NAME_SPACE} ) \ --- bash -c 'echo mongo --host 127.0.0.1 --port 27017 $MONGO_INITDB --sslAllowInvalidCertificates --ssl --sslPEMKeyFile /etc/certs/mongo.key --sslCAFile /etc/certs/mongo.pem -u $MONGO_INITDB_ROOT_USERNAME -p $ENTRYPASSWORD --authenticationDatabase admin --eval \"var mongo_user="'"'MONGO_USER'"'", mongo_password="'"'MONGO_PASSWORD'"'", mongo_initdb="'"'MONGO_INITDB'"'", mongo_seconddb="'"'MONGO_SECONDDB'"'"\" mongo_create_user.js > mongo_create_user_bak.sh' - -kubectl exec --namespace=${KUBE_NAME_SPACE} $(kubectl get pod -l "tier=routers-admin" -o jsonpath='{.items[0].metadata.name}' --namespace=${KUBE_NAME_SPACE} ) \ --- bash -c 'cat mongo_create_user_bak.sh | sed s/MONGO_USER/$MONGO_USER/g | sed s/MONGO_PASSWORD/$MONGO_PASSWORD/g | sed s/MONGO_INITDB/$MONGO_INITDB/g | sed s/MONGO_SECONDDB/$MONGO_SECONDDB/g > mongo_create_user.sh' - -kubectl exec --namespace=${KUBE_NAME_SPACE} $(kubectl get pod -l "tier=routers-admin" -o jsonpath='{.items[0].metadata.name}' --namespace=${KUBE_NAME_SPACE} ) \ --- bash -c 'sh mongo_create_user.sh && rm mongo_create_user.js mongo_create_user.sh mongo_create_user_bak.sh' - -echo "==================Done============================" \ No newline at end of file diff --git a/BACA/configuration-ha/mongoadmin/pre-setup.sh b/BACA/configuration-ha/mongoadmin/pre-setup.sh deleted file mode 100755 index defa876c..00000000 --- a/BACA/configuration-ha/mongoadmin/pre-setup.sh +++ /dev/null @@ -1,102 +0,0 @@ -#!/usr/bin/env bash - -. ../common.sh - -NUMOFSHARDS=2 -# NFS_IP=172.16.243.23 -#KUBE_NAME_SPACE=sp -# ENTRYPASSWORD='bacauser' -LOG_LEVEL=info -ROUTER_REPLICA=3 -SHARD_REPLICA=3 -CONFIG_REPLICA=3 - -CONFIG_PORT=27019 -DB_SHARD_PORT=27018 -ROUTER_PORT=27017 - -CONFIG_REPLSET_ADMIN_PREFIX="configReplSetAdmin" -current_templates_path="../../stable/ibm-dba-baca-prod/charts/mongoadmin-ha/templates" -current_base_path="../../stable/ibm-dba-baca-prod/charts/mongoadmin-ha" -#current_templates_path=$(pwd)/templates -#mkdir $current_templates_path -echo "Removing existing yaml before generating the new ones ...." -rm -rf $current_templates_path/* - -#cp templates_base/local-storage-base.yaml templates/local-storage-base.yaml -cp templates_base/mongo-service-base.yaml $current_templates_path/mongo-service.yaml -cp values-base.yaml $current_base_path/values.yaml - -echo LOG_LEVEL=$LOG_LEVEL -sed -i.bak s#\$LOG_LEVEL#$LOG_LEVEL# $current_base_path/values.yaml -echo "Replacing '' with $KUBE_NAME_SPACE" -sed -i.bak s#\$KUBE_NAME_SPACE#$KUBE_NAME_SPACE# $current_base_path/values.yaml -echo "Replacing '' with $NFS_IP" -# sed -i.bak s#\$NFS_IP#$NFS_IP# values.yaml -sed -i.bak s#\$ROUTER_REPLICA#$ROUTER_REPLICA# $current_base_path/values.yaml -sed -i.bak s#\$SHARD_REPLICA#$SHARD_REPLICA# $current_base_path/values.yaml -sed -i.bak s#\$CONFIG_REPLICA#$CONFIG_REPLICA# $current_base_path/values.yaml -sed -i.bak s#\$LOGPVC#$LOGPVC# $current_base_path/values.yaml - -if [ "$SSH_USER" = "root" ]; then - export SUDO_CMD="" -else - export SUDO_CMD="sudo" -fi - -if [[ $PVCCHOICE == "1" ]]; then - echo "Creating necessary folder in $NFS_IP..." - cp templates_base/local-storage-base.yaml $current_templates_path/local-storage.yaml - for i in `seq 0 $((CONFIG_REPLICA-1))` - do - ssh $SSH_USER@$NFS_IP -oStrictHostKeyChecking=no "$SUDO_CMD mkdir -p /exports/smartpages/$KUBE_NAME_SPACE/configdb-admin-${i}" - done - - for i in `seq 0 $((NUMOFSHARDS-1))` - do - for j in `seq 0 $((SHARD_REPLICA-1))` - do - ssh $SSH_USER@$NFS_IP -oStrictHostKeyChecking=no "$SUDO_CMD mkdir -p /exports/smartpages/$KUBE_NAME_SPACE/mongodb-admin-shard${i}-${j}" - done - done - - ssh $SSH_USER@$NFS_IP -oStrictHostKeyChecking=no "$SUDO_CMD chown -R 51000:51001 /exports/smartpages/$KUBE_NAME_SPACE/*" - - echo "-----------------Creating pv and pvc by sp-persistence for shard admin-------------" - for i in `seq 0 $((NUMOFSHARDS-1))` - do - for j in `seq 0 $((SHARD_REPLICA-1))` - do - sed -e "s/\$KUBE_NAME_SPACE/$KUBE_NAME_SPACE/g; s/\$SHARDX/${i}/g; s/\$COUNTER/${j}/g; s#\$NFS_IP#${NFS_IP}#g" \ - ./templates_base/shard-persistence-base.yaml> $current_templates_path/persistence-shard${i}-${j}.yaml - done - done - - echo "-------------Creating pv and pvc by sp-persistence for mongodb admin config-----------------" - for i in `seq 0 $((CONFIG_REPLICA-1))` - do - sed -e "s/\$KUBE_NAME_SPACE/$KUBE_NAME_SPACE/g; s/\$COUNTER/${i}/g; s#\$NFS_IP#${NFS_IP}#g" ./templates_base/configdb-persistence-base.yaml> \ - $current_templates_path/configdb-persistence-${i}.yaml - done -fi -echo "------------cp mongodb admin configsvr--------------------" -sed -e "s/\$KUBE_NAME_SPACE/$KUBE_NAME_SPACE/g; s/\$PORT_NUMBER/$PORT_NUMBER/g" ./templates_base/configdb-service-base.yaml> $current_templates_path/configdb-service.yaml - -echo "------------cp mongodb admin shardX------------" -for i in `seq 0 $((NUMOFSHARDS-1))` -do - sed -e "s/\$SHARDX/${i}/g" ./templates_base/shardX-stateful.yaml> $current_templates_path/shard${i}-stateful.yaml -done - -echo "------------cp mongodb admin router(mongos)------------" -# !!!Replicas if your mongodb-admin-configdb has more than x>=3 replicas, please add mongodb-admin-configdb-{x-1}.mongodb-admin-configdb-service.${KUBE_NAME_SPACE}.svc.cluster.local:27019 in the end -for i in `seq 0 $((CONFIG_REPLICA-1))` -do - CONFIG_SERVER_LIST_S="${CONFIG_SERVER_LIST_S}mongodb-admin-configdb-${i}.mongodb-admin-configdb-service.${KUBE_NAME_SPACE}.svc.cluster.local:${CONFIG_PORT}," -done -CONFIG_SERVER_LIST_S=${CONFIG_SERVER_LIST_S:: -1} -CONFIG_REPLSET_VALUE="${CONFIG_REPLSET_ADMIN_PREFIX}/${CONFIG_SERVER_LIST_S}" -echo "CONFIG_REPLSET_VALUE=${CONFIG_REPLSET_VALUE}" -#CONFIG_REPLSET_VALUE="configReplSetAdmin/mongodb-admin-configdb-0.mongodb-admin-configdb-service.${KUBE_NAME_SPACE}.svc.cluster.local:27019,mongodb-admin-configdb-1.mongodb-admin-configdb-service.${KUBE_NAME_SPACE}.svc.cluster.local:27019,mongodb-admin-configdb-2.mongodb-admin-configdb-service.${KUBE_NAME_SPACE}.svc.cluster.local:27019" -sed -i.bak s#\$CONFIG_REPLSET_VALUE#$CONFIG_REPLSET_VALUE# $current_base_path/values.yaml -cp ./templates_base/mongos-router-base.yaml $current_templates_path/mongos-router.yaml diff --git a/BACA/configuration-ha/mongoadmin/templates_base/configdb-persistence-base.yaml b/BACA/configuration-ha/mongoadmin/templates_base/configdb-persistence-base.yaml deleted file mode 100644 index 0f3c47db..00000000 --- a/BACA/configuration-ha/mongoadmin/templates_base/configdb-persistence-base.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: pv-$KUBE_NAME_SPACE-configdb-admin-$COUNTER - # namespace: {{.Values.global.nameSpace}} - labels: - app: mongoadmin-configdb-pv - configpv: configdb-admin-$COUNTER - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: mongoadmin-configdb-pv -spec: - accessModes: - - ReadWriteOnce - capacity: - storage: {{.Values.mongoDBConfig.storageCapacity}} - nfs: - # may use variable counter for different shard - path: /exports/smartpages/$KUBE_NAME_SPACE/configdb-admin-$COUNTER - server: $NFS_IP - persistentVolumeReclaimPolicy: Retain - storageClassName: {{.Values.storageClassName}} diff --git a/BACA/configuration-ha/mongoadmin/templates_base/configdb-service-base.yaml b/BACA/configuration-ha/mongoadmin/templates_base/configdb-service-base.yaml deleted file mode 100644 index 5c507573..00000000 --- a/BACA/configuration-ha/mongoadmin/templates_base/configdb-service-base.yaml +++ /dev/null @@ -1,177 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: mongodb-admin-configdb-service - # namespace: {{ .Values.global.nameSpace }} - labels: - name: {{ .Values.mongoDBConfig.labelName }} - app: mongodb-admin-configdb-service - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: mongodb-admin-configdb-service -spec: - ports: - - port: {{ .Values.mongoDBConfig.configPort }} - targetPort: {{ .Values.mongoDBConfig.configPort }} - clusterIP: None - selector: - role: {{ .Values.mongoDBConfig.labelName }} ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: mongodb-admin-configdb - labels: - app: mongodb-admin-configdb - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: mongodb-admin-configdb -spec: - serviceName: mongodb-admin-configdb-service - replicas: {{ .Values.mongoDBConfig.replicas }} - selector: - matchLabels: - role: {{ .Values.mongoDBConfig.labelName }} - template: - metadata: - annotations: - {{- range $key, $value := .Values.global.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - labels: - role: {{ .Values.mongoDBConfig.labelName }} - tier: configdb-admin - replicaset: {{ .Values.mongoDBConfig.replicaSetName }} - app: mongodb-admin-configdb - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: mongodb-admin-configdb - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: replicaset - operator: In - values: - - {{ .Values.mongoDBConfig.replicaSetName }} - topologyKey: kubernetes.io/hostname - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: mongo-admin{{ .Values.global.namespace.name }} - operator: In - values: - - "baca" - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ .Values.global.arch }} - terminationGracePeriodSeconds: 10 - volumes: - - name: secrets-volume - secret: - secretName: {{ .Values.secretVolume }} - - name: sp-log-pvc - persistentVolumeClaim: - claimName: {{ .Values.global.logs.claimname }} - containers: - - name: mongodb-admin-configdb-container - image: "{{ .Values.global.mongoadmin.image.repository }}:{{ .Values.global.mongoadmin.image.tag }}" - securityContext: - runAsUser: 51000 - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: false - runAsNonRoot: true - capabilities: - drop: - - ALL - resources: -{{ toYaml .Values.mongoDBConfig.resources | indent 12 }} - env: - # - name: ENTRYPASSWORD - # value: "bacauser" - # - name: MONGO_USER - # value: "bacauser" - # - name: MONGO_PASSWORD - # value: "bacauser" - # - name: MONGO_INITDB - # value: "bacauser" - - name: LOG_LEVEL - value: {{ .Values.global.logs.logLevel }} - - name: LOG_PATH - value: {{ .Values.global.logs.path }}{{ .Values.mongoAdmin.name | substr 0 5 }}db - - name: WIREDTIGERCACHE - value: {{ .Values.global.mongoadmin.wiredTigerCache | default 0.5 | quote }} - - name: CERTIFICATE_DIR - value: "/etc/certs" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: MONGO_TYPE - value: "configsvr" - - name: MONGO_TYPE_VALUE - value: "configReplSetAdmin" - - name: CONTAINER_PORT - value: {{ .Values.mongoDBConfig.configPort | quote }} - - name: KUBE_NAME_SPACE - value: {{ .Values.global.nameSpace | quote }} - ports: - - containerPort: {{ .Values.mongoDBConfig.configPort }} - livenessProbe: - initialDelaySeconds: 60 - periodSeconds: 60 - timeoutSeconds: 20 - successThreshold: 1 - failureThreshold: 5 - exec: - command: - - bash - - -c - - source setup_env.sh && echo 'db.runCommand("ping").ok' | mongo 127.0.0.1:27019 --sslAllowInvalidCertificates --ssl --sslPEMKeyFile $PEMFILE --sslCAFile $CERTIFICATE_PATH - readinessProbe: - initialDelaySeconds: 30 - periodSeconds: 30 - timeoutSeconds: 20 - successThreshold: 1 - failureThreshold: 5 - exec: - command: - - bash - - -c - - source setup_env.sh && echo 'db.runCommand("ping").ok' | mongo 127.0.0.1:27019 --sslAllowInvalidCertificates --ssl --sslPEMKeyFile $PEMFILE --sslCAFile $CERTIFICATE_PATH - imagePullPolicy: {{ .Values.global.mongoadmin.image.pullPolicy }} - volumeMounts: - - name: secrets-volume - readOnly: true - mountPath: "/etc/certs" - - name: mongodb-admin-configdb-storage - mountPath: /data/db - - name: sp-log-pvc - mountPath: {{ .Values.global.logs.path }}{{ .Values.mongoAdmin.name | substr 0 5 }}db - subPath: {{ .Values.mongoAdmin.name | replace "-" "" }} - volumeClaimTemplates: - - metadata: - name: mongodb-admin-configdb-storage - spec: - accessModes: [ "ReadWriteOnce" ] - {{- if $.Values.global.storageClass }} - {{- if (eq "-" $.Values.global.storageClass) }} - storageClassName: {{ .Values.storageClassName | quote }} - {{- else }} - storageClassName: {{ $.Values.global.storageClass | quote }} - {{- end }} - {{- end }} - resources: - requests: - storage: {{.Values.mongoDBConfig.storageCapacity}} \ No newline at end of file diff --git a/BACA/configuration-ha/mongoadmin/templates_base/local-storage-base.yaml b/BACA/configuration-ha/mongoadmin/templates_base/local-storage-base.yaml deleted file mode 100644 index caab5631..00000000 --- a/BACA/configuration-ha/mongoadmin/templates_base/local-storage-base.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: {{.Values.storageClassName}} - labels: - app: {{.Values.storageClassName}} - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: {{ .Values.storageClassName | quote }} -provisioner: kubernetes.io/no-provisioner -volumeBindingMode: WaitForFirstConsumer \ No newline at end of file diff --git a/BACA/configuration-ha/mongoadmin/templates_base/mongo-service-base.yaml b/BACA/configuration-ha/mongoadmin/templates_base/mongo-service-base.yaml deleted file mode 100644 index 78c3591b..00000000 --- a/BACA/configuration-ha/mongoadmin/templates_base/mongo-service-base.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: "{{ .Values.mongosRouter.name }}-service" - role: mongos-admin - tier: routers-admin - heritage: "{{ .Values.mongosRouter.name }}-service" - release: {{ .Values.release | quote}} - chart: "{{ .Values.mongosRouter.name }}-service" - name: {{ .Values.mongosService }} -spec: - type: ClusterIP - selector: - app: {{ .Values.mongosRouter.name }} - ports: - - port: {{.Values.mongosRouter.routerPort}} - protocol: TCP - - - - diff --git a/BACA/configuration-ha/mongoadmin/templates_base/mongos-router-base.yaml b/BACA/configuration-ha/mongoadmin/templates_base/mongos-router-base.yaml deleted file mode 100644 index d1ba8dea..00000000 --- a/BACA/configuration-ha/mongoadmin/templates_base/mongos-router-base.yaml +++ /dev/null @@ -1,139 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Values.mongosRouter.name }} - labels: - app: {{ .Values.mongosRouter.name }} - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: {{ .Values.mongosRouter.name }} - # namespace: {{ .Values.global.nameSpace }} -spec: - replicas: {{ .Values.mongosRouter.replicas }} - selector: - matchLabels: - app: {{ .Values.mongosRouter.name }} - template: - metadata: - annotations: - {{- range $key, $value := .Values.global.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - labels: - app: {{ .Values.mongosRouter.name }} - role: mongos - tier: routers-admin - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: {{ .Values.mongosRouter.name }} - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: tier - operator: In - values: - - routers-admin - topologyKey: kubernetes.io/hostname - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: mongo-admin{{ .Values.global.namespace.name }} - operator: In - values: - - "baca" - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ .Values.global.arch }} - volumes: - - name: secrets-volume - secret: - secretName: {{ .Values.secretVolume }} - - name: sp-log-pvc - persistentVolumeClaim: - claimName: {{ .Values.global.logs.claimname }} - terminationGracePeriodSeconds: 10 - containers: - - name: mongos-admin-router-container - image: "{{ .Values.global.mongoadmin.image.repository }}:{{ .Values.global.mongoadmin.image.tag }}" - imagePullPolicy: {{ .Values.global.mongoadmin.image.pullPolicy }} - env: - - name: ENTRYPASSWORD - valueFrom: - secretKeyRef: - name: "baca-mongo-admin" - key: MONGOADMINENTRYPASSWORD - - name: MONGO_USER - valueFrom: - secretKeyRef: - name: "baca-mongo-admin" - key: MONGOADMINUSER - - name: MONGO_PASSWORD - valueFrom: - secretKeyRef: - name: "baca-mongo-admin" - key: MONGOADMINPASSWORD - - name: MONGO_INITDB - value: "smartpages" - - name: MONGO_SECONDDB - value: "binaryfiles" - - name: MONGO_TYPE - value: "mongodb-router" - - name: CERTIFICATE_DIR - value: "/etc/certs" - - name: CONTAINER_PORT - value: {{ .Values.mongosRouter.routerPort | quote}} - - name: CONFIG_REPL_SET - value: {{ .Values.mongosRouter.configReplset }} - - name: KUBE_NAME_SPACE - value: {{ .Values.global.nameSpace | quote }} - volumeMounts: - - name: secrets-volume - readOnly: true - mountPath: "/etc/certs" - - name: sp-log-pvc -# mountPath: "/var/log/mongodb" -# subPath: mongo - mountPath: {{ .Values.global.logs.path }}{{ .Values.mongoAdmin.name | substr 0 5 }}db - subPath: {{ .Values.mongoAdmin.name | replace "-" "" }} - resources: -{{ toYaml .Values.mongosRouter.resources | indent 10 }} - securityContext: - runAsUser: 51000 - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: false - runAsNonRoot: true - capabilities: - drop: - - ALL - ports: - - containerPort: {{ .Values.mongosRouter.routerPort }} - livenessProbe: - initialDelaySeconds: 60 - periodSeconds: 60 - timeoutSeconds: 20 - successThreshold: 1 - failureThreshold: 5 - exec: - command: - - bash - - -c - - source setup_env.sh && echo 'db.runCommand("ping").ok' | mongo 127.0.0.1:27017 --sslAllowInvalidCertificates --ssl --sslPEMKeyFile $PEMFILE --sslCAFile $CERTIFICATE_PATH - readinessProbe: - initialDelaySeconds: 30 - periodSeconds: 30 - timeoutSeconds: 20 - successThreshold: 1 - failureThreshold: 5 - exec: - command: - - bash - - -c - - source setup_env.sh && echo 'db.runCommand("ping").ok' | mongo 127.0.0.1:27017 --sslAllowInvalidCertificates --ssl --sslPEMKeyFile $PEMFILE --sslCAFile $CERTIFICATE_PATH \ No newline at end of file diff --git a/BACA/configuration-ha/mongoadmin/templates_base/shard-persistence-base.yaml b/BACA/configuration-ha/mongoadmin/templates_base/shard-persistence-base.yaml deleted file mode 100644 index 34080b1d..00000000 --- a/BACA/configuration-ha/mongoadmin/templates_base/shard-persistence-base.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: pv-mongodb-admin-shard$SHARDX-$COUNTER - # namespace: {{ .Values.global.nameSpace }} - labels: - shard: admin-shard$SHARDX - app: pv-admin-shard$SHARDX - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: "pv-admin-shard$SHARDX" -spec: - accessModes: - - ReadWriteOnce - capacity: - storage: {{ .Values.mongoDBShard.storageCapacity }} - nfs: - path: /exports/smartpages/$KUBE_NAME_SPACE/mongodb-admin-shard$SHARDX-$COUNTER - server: $NFS_IP - persistentVolumeReclaimPolicy: Retain - storageClassName: {{.Values.storageClassName}} diff --git a/BACA/configuration-ha/mongoadmin/templates_base/shardX-stateful.yaml b/BACA/configuration-ha/mongoadmin/templates_base/shardX-stateful.yaml deleted file mode 100644 index c4561f98..00000000 --- a/BACA/configuration-ha/mongoadmin/templates_base/shardX-stateful.yaml +++ /dev/null @@ -1,182 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: mongodb-admin-shard$SHARDX-service - # namespace: {{ .Values.global.nameSpace }} - labels: - name: mongodb-admin-shard$SHARDX - app: admin-shard$SHARDX - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: mongodb-admin-shard$SHARDX-service -spec: - ports: - - port: {{ .Values.mongoDBShard.shardPort }} - targetPort: {{ .Values.mongoDBShard.shardPort }} - clusterIP: None - selector: - role: mongodb-admin-shard$SHARDX ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: mongodb-admin-shard$SHARDX - labels: - app: mongodb-admin-shard$SHARDX - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: mongodb-shard$SHARDX - # namespace: {{ .Values.global.nameSpace }} -spec: - selector: - matchLabels: - role: mongodb-admin-shard$SHARDX - serviceName: mongodb-admin-shard$SHARDX-service - replicas: {{ .Values.mongoDBShard.replicas }} - template: - metadata: - annotations: - {{- range $key, $value := .Values.global.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - labels: - role: mongodb-admin-shard$SHARDX - tier: mongodb-admin - replicaset: rs-admin-shard$SHARDX - app: mongodb-shard$SHARDX - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} - chart: mongodb-shard$SHARDX - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: replicaset - operator: In - values: - - rs-shard$SHARDX - topologyKey: kubernetes.io/hostname - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: mongo-admin{{ .Values.global.namespace.name }} - operator: In - values: - - "baca" - - key: beta.kubernetes.io/arch - operator: In - values: - - {{ .Values.global.arch }} - terminationGracePeriodSeconds: 10 - volumes: - - name: secrets-volume - secret: - secretName: {{ .Values.secretVolume }} - - name: sp-log-pvc - persistentVolumeClaim: - claimName: {{ .Values.global.logs.claimname }} - containers: - - name: mongod-admin-shard$SHARDX-container - image: "{{ .Values.global.mongoadmin.image.repository }}:{{ .Values.global.mongoadmin.image.tag }}" - imagePullPolicy: {{ .Values.global.mongoadmin.image.pullPolicy }} - resources: -{{ toYaml .Values.mongoDBShard.resources | indent 10 }} - env: - # - name: ENTRYPASSWORD - # value: "$ENTRYPASSWORD" - # - name: MONGO_USER - # value: "$MONGO_USER" - # - name: MONGO_PASSWORD - # value: "$MONGO_PASSWORD" - # - name: MONGO_INITDB - # value: "$MONGOADMINAUTHDB" - # - name: MONGO_SECONDDB - # value: "binaryfiles" - - name: LOG_PATH - value: "{{ .Values.logs.path }}{{ .Values.mongoAdmin.name | substr 0 5 }}db" - - name: LOG_LEVEL - value: {{ .Values.global.logs.logLevel }} - - name: CERTIFICATE_DIR - value: "/etc/certs" - - name: WIREDTIGERCACHE - value: {{ .Values.global.mongoadmin.wiredTigerCache | default 0.5 | quote }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: MONGO_TYPE - value: "shard" - - name: MONGO_TYPE_VALUE - value: "rs-admin-shard$SHARDX" - - name: CONTAINER_PORT - value: {{ .Values.mongoDBShard.shardPort | quote}} - - name: KUBE_NAME_SPACE - value: {{ .Values.global.nameSpace | quote }} - securityContext: - runAsUser: 51000 - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: false - runAsNonRoot: true - capabilities: - drop: - - ALL - livenessProbe: - initialDelaySeconds: 60 - periodSeconds: 60 - timeoutSeconds: 20 - successThreshold: 1 - failureThreshold: 5 - exec: - command: - - bash - - -c - - source setup_env.sh && echo 'db.runCommand("ping").ok' | mongo 127.0.0.1:27018 --sslAllowInvalidCertificates --ssl --sslPEMKeyFile $PEMFILE --sslCAFile $CERTIFICATE_PATH - readinessProbe: - initialDelaySeconds: 30 - periodSeconds: 30 - timeoutSeconds: 20 - successThreshold: 1 - failureThreshold: 5 - exec: - command: - - bash - - -c - - source setup_env.sh && echo 'db.runCommand("ping").ok' | mongo 127.0.0.1:27018 --sslAllowInvalidCertificates --ssl --sslPEMKeyFile $PEMFILE --sslCAFile $CERTIFICATE_PATH - ports: - - containerPort: {{ .Values.mongoDBShard.shardPort }} - volumeMounts: - - name: shard$SHARDX-admin-storage - mountPath: /data/db - - name: sp-log-pvc -# mountPath: "/var/log/mongodb" -# subPath: mongo - mountPath: {{ .Values.global.logs.path }}{{ .Values.mongoAdmin.name | substr 0 5 }}db - subPath: {{ .Values.mongoAdmin.name | replace "-" "" }} - - name: secrets-volume # must match the volume name, above - mountPath: "/etc/certs" - volumeClaimTemplates: - - metadata: - name: shard$SHARDX-admin-storage - spec: - accessModes: [ "ReadWriteOnce" ] - {{- if $.Values.global.storageClass }} - {{- if (eq "-" $.Values.global.storageClass) }} - storageClassName: {{ .Values.storageClassName | quote }} - {{- else }} - storageClassName: {{ $.Values.global.storageClass | quote }} - {{- end }} - {{- end }} - resources: - requests: - storage: {{ .Values.mongoDBShard.storageCapacity }} - diff --git a/BACA/configuration-ha/mongoadmin/values-base.yaml b/BACA/configuration-ha/mongoadmin/values-base.yaml deleted file mode 100644 index 01c6f202..00000000 --- a/BACA/configuration-ha/mongoadmin/values-base.yaml +++ /dev/null @@ -1,66 +0,0 @@ -# image: -# repository: mycluster.icp:8500/$KUBE_NAME_SPACE/mongocluster -# tag: latest -# pullPolicy: Always - -storageClassName: local-storage-admin -# nfsIP: $NFS_IP -# nameSpace: $KUBE_NAME_SPACE -# # existingSecret: true -# # wiredTigerCache: "$MONGO_WIREDTIGER_LIMIT" -wiredTigerCache: "0.5" -secretVolume: baca-secrets$KUBE_NAME_SPACE -mongosService: mongos-admin-service - - -mongoAdmin: - # nodeSelector: - # mongo-admin$KUBE_NAME_SPACE: baca - name: mongo-admin - -logs: - # claimname: $LOGPVC - path: /var/log/ - # logLevel: $LOG_LEVEL - -mongoDBConfig: - storageCapacity: 10Gi - labelName: mongodb-admin-configdb - configPort: 27019 - replicas: $CONFIG_REPLICA - replicaSetName: ConfigDBRepSetAdmin - resources: - limits: - memory: "1Gi" - cpu: "500m" - requests: - memory: "256Mi" - cpu: "500m" - -mongosRouter: - name: mongos-admin-router - routerPort: 27017 - replicas: $ROUTER_REPLICA - configReplset: "$CONFIG_REPLSET_VALUE" - resources: - limits: - memory: "1Gi" - cpu: "500m" - requests: - memory: "256Mi" - cpu: "500m" - -mongoDBShard: - # heritage: admin-shard - # pvheritage: admin-shardpv - storageCapacity: 15Gi - shardPort: 27018 - replicas: $SHARD_REPLICA - resources: - limits: - memory: "1Gi" - cpu: "500m" - requests: - memory: "256Mi" - cpu: "500m" - diff --git a/BACA/configuration-ha/openssl.cnf b/BACA/configuration-ha/openssl.cnf deleted file mode 100644 index 8a8ecb64..00000000 --- a/BACA/configuration-ha/openssl.cnf +++ /dev/null @@ -1,56 +0,0 @@ -[req] -default_bits = 2048 -utf8 = yes -distinguished_name = req_distinguished_name -req_extensions = v3_req - -[req_distinguished_name] -countryName = Country Name (2 letter code) -countryName_default = CA -countryName_min = 2 -countryName_max = 2 -stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = NS -stateOrProvinceName_max = 64 -localityName = Locality Name (eg, city) -localityName_default = Halifax -localityName_max = 64 -organizationName = Organization Name (eg, company) -organizationName_default = IBM -organizationName_max = 64 -organizationalUnitName = Organizational Unit Name (eg, section) -organizationalUnitName_default = baca -organizationalUnitName_max = 64 -commonName = *.svc.cluster.local -commonName_max = 64 - -[v3_req] -basicConstraints = CA:FALSE -subjectKeyIdentifier = hash -keyUsage = digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = @alt_names - -[alt_names] -DNS.1 = localhost -DNS.2 = mongodb-admin-shard0-0.mongodb-admin-shard0-service.sp.svc.cluster.local -DNS.3 = mongodb-admin-shard0-1.mongodb-admin-shard0-service.sp.svc.cluster.local -DNS.4 = mongodb-admin-shard0-2.mongodb-admin-shard0-service.sp.svc.cluster.local -DNS.5 = mongodb-admin-shard1-0.mongodb-admin-shard1-service.sp.svc.cluster.local -DNS.6 = mongodb-admin-shard1-1.mongodb-admin-shard1-service.sp.svc.cluster.local -DNS.7 = mongodb-admin-shard1-2.mongodb-admin-shard1-service.sp.svc.cluster.local -DNS.8 = mongodb-admin-configdb-0.mongodb-admin-configdb-service.sp.svc.cluster.local -DNS.9 = mongodb-admin-configdb-1.mongodb-admin-configdb-service.sp.svc.cluster.local -DNS.10 = mongodb-admin-configdb-2.mongodb-admin-configdb-service.sp.svc.cluster.local -DNS.11 = mongodb-shard0-0.mongodb-shard0-service.sp.svc.cluster.local -DNS.12 = mongodb-shard0-1.mongodb-shard0-service.sp.svc.cluster.local -DNS.13 = mongodb-shard0-2.mongodb-shard0-service.sp.svc.cluster.local -DNS.14 = mongodb-shard1-0.mongodb-shard1-service.sp.svc.cluster.local -DNS.15 = mongodb-shard1-1.mongodb-shard1-service.sp.svc.cluster.local -DNS.16 = mongodb-shard1-2.mongodb-shard1-service.sp.svc.cluster.local -DNS.17 = mongodb-configdb-0.mongodb-configdb-service.sp.svc.cluster.local -DNS.18 = mongodb-configdb-1.mongodb-configdb-service.sp.svc.cluster.local -DNS.19 = mongodb-configdb-2.mongodb-configdb-service.sp.svc.cluster.local -IP.1 = 127.0.0.1 - - diff --git a/BACA/configuration-ha/renewCert.sh b/BACA/configuration-ha/renewCert.sh deleted file mode 100755 index dbaf4e47..00000000 --- a/BACA/configuration-ha/renewCert.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/usr/bin/env bash -# -# Licensed Materials - Property of IBM -# 6949-68N -# -# © Copyright IBM Corp. 2018 All Rights Reserved -# - -. ./common.sh -. ./bashfunctions.sh -. ./createSSLCert.sh - - -today=`date +%Y-%m-%d.%H:%M:%S` -echo $today - - -# confirm they want to delete -echo -echo -e "\x1B[1;31mThis script will RENEW all the certificates for IBM Business Automation Content Analyzer in $KUBE_NAME_SPACE \x1B[0m" -echo -echo -e "\x1B[1;31mThe script will delete ALL the IBM Business Automation Content Analyzer pods in $KUBE_NAME_SPACE. Therefore, you must make sure to backup your ontology,etc... and make sure there are no activities on the system \x1B[0m" -echo -ls -al *.pem > /dev/null -if [[ $? == "0" ]]; then - echo -e "\x1B[1;31mBased on the PEM files in the $PWD, the expirations date for them are: \x1B[0m" - - for pem in ./*.pem; do - printf '%s: %s\n' \ - "$pem expries on" \ - "$(date --date="$(openssl x509 -enddate -noout -in "$pem"|cut -d= -f 2)" --iso-8601)" - done -else - echo -e "\x1B[1;31mWe could not find any existing PMR files in $PWD \x1B[0m" -fi - -while [[ $renewConfirm != "y" && $renewConfirm != "n" && $renewConfirm != "yes" && $renewConfirm != "no" ]] # While deleteconfirm is not y or n... -do - echo -e "\x1B[1;31mWould you like to continue (Y/N):\x1B[0m" - read renewConfirm - renewConfirm=$(echo "$renewConfirm" | tr '[:upper:]' '[:lower:]') -done - - -if [[ $renewConfirm == "n" || $renewConfirm == "no" ]] -then - exit -else - loginToCluster - createSSLCert - createSecret - echo -e "\x1B[1;31m Deleting all Content Analyzer's pods ... " - kubectl -n sp delete --all pods --force --grace-period=0 -fi \ No newline at end of file diff --git a/BACA/configuration-ha/sppersistent.yaml b/BACA/configuration-ha/sppersistent.yaml deleted file mode 100644 index 03bfc6d3..00000000 --- a/BACA/configuration-ha/sppersistent.yaml +++ /dev/null @@ -1,83 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: sp-data-pv-$KUBE_NAME_SPACE - namespace: $KUBE_NAME_SPACE -spec: - accessModes: - - ReadWriteMany - capacity: - storage: 60Gi - nfs: - path: /exports/smartpages/$KUBE_NAME_SPACE/data - server: $NFS_IP - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: $DATAPVC - namespace: $KUBE_NAME_SPACE -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 60Gi - volumeName: sp-data-pv-$KUBE_NAME_SPACE ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: sp-log-pv-$KUBE_NAME_SPACE - namespace: $KUBE_NAME_SPACE -spec: - accessModes: - - ReadWriteMany - capacity: - storage: 35Gi - nfs: - path: /exports/smartpages/$KUBE_NAME_SPACE/logs - server: $NFS_IP - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: $LOGPVC - namespace: $KUBE_NAME_SPACE -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 35Gi - volumeName: sp-log-pv-$KUBE_NAME_SPACE ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: sp-config-pv-$KUBE_NAME_SPACE - namespace: $KUBE_NAME_SPACE -spec: - accessModes: - - ReadWriteMany - capacity: - storage: 5Gi - nfs: - path: /exports/smartpages/$KUBE_NAME_SPACE/config - server: $NFS_IP - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: $CONFIGPVC - namespace: $KUBE_NAME_SPACE -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 5Gi - volumeName: sp-config-pv-$KUBE_NAME_SPACE \ No newline at end of file diff --git a/BACA/configuration/DB2/AddOntology.sh b/BACA/configuration/DB2/AddOntology.sh deleted file mode 100755 index 29f68640..00000000 --- a/BACA/configuration/DB2/AddOntology.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -echo -echo "-- This script will create a new ontology for an existing tenant and load it with default data." -echo - -./AddTenant.sh 1 \ No newline at end of file diff --git a/BACA/configuration/DB2/AddTenant.bat b/BACA/configuration/DB2/AddTenant.bat deleted file mode 100755 index 05ab9be2..00000000 --- a/BACA/configuration/DB2/AddTenant.bat +++ /dev/null @@ -1,143 +0,0 @@ -@echo off - -SETLOCAL -echo Enter '1' to add new tenant and an ontology. -echo Enter '2' to add an ontology for an existing tenant database. -echo Enter anything to abort - -set /p choice="Type input: " - -set /p tenant_id= Enter the tenant ID for the new tenant: (eg. t4900) : - -set /p tenant_db_name= Enter the name of the new BACA tenant database to create: (eg. t4900) : - -set /p baca_database_server_ip= Enter the host/IP of the tenant database server. : - -set /p baca_database_port= Enter the port of the tenant database server : - -set /p tenant_db_user= Please enter the name of tenant database user. If no value is entered we will use the following default value 'tenantuser' : -IF NOT DEFINED tenant_db_user SET "tenant_db_user=tenantuser" - -set /p tenant_db_pwd= Enter the password for the tenant database user: - -set /p tenant_ontology= Enter the tenant ontology name. If nothing is entered, the default name will be used 'default' : -IF NOT DEFINED tenant_ontology SET "tenant_ontology=default" - -set /p base_db_name= Enter the name of the Base BACA database with the TENANTINFO Table. If nothing is entered, we will use the following default value 'CABASEDB': -IF NOT DEFINED base_db_name SET "base_db_name=CABASEDB" - -set /p base_db_user= Enter the name of the database user for the Base BACA database. If nothing is entered, we will use the following default value 'CABASEUSER' : -IF NOT DEFINED base_db_user SET "base_db_user=CABASEUSER" - -set /p tenant_company= Please enter the company name for the initial BACA user : - -set /p tenant_first_name= Please enter the first name for the initial BACA user : - -set /p tenant_last_name= Please enter the last name for the initial BACA user : - -set /p tenant_email= Please enter a valid email address for the initial BACA user : - -set /p tenant_user_name= Please enter the login name for the initial BACA user : - -set /p ssl= Please enter the login name for the initial BACA user : - -echo "-- Please confirm these are the desired settings:" -echo " - tenant ID: %tenant_id%" -echo " - tenant database name: %tenant_db_name%" -echo " - database server hostname/IP: %baca_database_server_ip%" -echo " - database server port: %baca_database_port%" -echo " - tenant database user: %tenant_db_user%" -echo " - ontology name: %tenant_ontology%" -echo " - base database: %base_db_name%" -echo " - base database user: %base_db_user%" -echo " - tenant company name: %tenant_company%" -echo " - tenant first name: %tenant_first_name%" -echo " - tenant last name: %tenant_last_name%" -echo " - tenant email address: %tenant_email%" -echo " - tenant login name: %tenant_user_name%" - -set /P c=Are you sure you want to continue[Y/N]? -if /I "%c%" EQU "Y" goto :DOCREATE -if /I "%c%" EQU "N" goto :DOEXIT - -:DOCREATE - echo "Running the db script" - REM adding new teneant db need to create db first - IF "%choice%"=="1" ( - echo "Creating db on user input" - db2 CREATE DATABASE %tenant_db_name% AUTOMATIC STORAGE YES USING CODESET UTF-8 TERRITORY DEFAULT COLLATE USING SYSTEM PAGESIZE 32768 - db2 CONNECT TO %tenant_db_name% - db2 GRANT CONNECT,DATAACCESS ON DATABASE TO USER %tenant_db_user% - db2 GRANT USE OF TABLESPACE USERSPACE1 TO USER %tenant_db_user% - db2 CONNECT RESET - ) - - REM create schema - echo "Connecting to db and creating schema" - db2 CONNECT TO %tenant_db_name% - db2 CREATE SCHEMA %tenant_ontology% - db2 SET SCHEMA %tenant_ontology% - - REM create tables - echo "creating schema tables" - db2 -stvf sql\CreateBacaTables.sql - - REM table permissions to tenant user - echo "Giving permissions on tables" - db2 GRANT ALTER ON TABLE DOC_CLASS TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE DOC_ALIAS TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE KEY_CLASS TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE KEY_ALIAS TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE CWORD TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE HEADING TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE HEADING_ALIAS TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE USER_DETAIL TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE INTEGRATION TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE IMPORT_ONTOLOGY TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE API_INTEGRATIONS_OBJECTSSTORE TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE SMARTPAGES_OPTIONS TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE FONTS TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE FONTS_TRANSID TO USER %tenant_db_user% - db2 GRANT ALTER ON TABLE DB_BACKUP TO USER %tenant_db_user% - - REM load the tenant Db - echo "Loading default data into tables" - db2 load from CSVFiles\doc_class.csv of del modified by identityoverride insert into doc_class - db2 load from CSVFiles\key_class.csv of del modified by identityoverride insert into key_class - db2 load from CSVFiles\doc_alias.csv of del modified by identityoverride insert into doc_alias - db2 load from CSVFiles\key_alias.csv of del modified by identityoverride insert into key_alias - db2 load from CSVFiles\cword.csv of del modified by identityoverride insert into cword - db2 load from CSVFiles\heading.csv of del modified by identityoverride insert into heading - db2 load from CSVFiles\heading_alias.csv of del modified by identityoverride insert into heading_alias - db2 load from CSVFiles\key_class_dc.csv of del modified by identityoverride insert into key_class_dc - db2 load from CSVFiles\doc_alias_dc.csv of del modified by identityoverride insert into doc_alias_dc - db2 load from CSVFiles\key_alias_dc.csv of del modified by identityoverride insert into key_alias_dc - db2 load from CSVFiles\key_alias_kc.csv of del modified by identityoverride insert into key_alias_kc - db2 load from CSVFiles\heading_dc.csv of del modified by identityoverride insert into heading_dc - db2 load from CSVFiles\heading_alias_dc.csv of del modified by identityoverride insert into heading_alias_dc - db2 load from CSVFiles\heading_alias_h.csv of del modified by identityoverride insert into heading_alias_h - db2 load from CSVFiles\cword_dc.csv of del modified by identityoverride insert into cword_dc - db2 connect reset - - REM Insert InsertTenant - echo "Connecting to base database to insert tenant info" - db2 connect to %base_db_name% - db2 set schema %base_db_user% - db2 insert into TENANTINFO (tenantid,ontology,tenanttype,rdbmsengine,bacaversion,rdbmsconnection) values ( '%tenant_id%', '%tenant_ontology%', 0, 'DB2', '1.1', encrypt('DATABASE=%tenant_db_name%;HOSTNAME=%baca_database_server_ip%;PORT=%baca_database_port%;PROTOCOL=TCPIP;UID=%tenant_db_user%;PWD=%tenant_db_pwd%;','AES_KEY')) - db2 connect reset - - REM Insert InsertUser - echo "Connecting to tenant database to insert initial userinfo" - db2 connect to %tenant_db_name% - db2 set schema %tenant_ontology% - db2 insert into user_detail (email,first_name,last_name,user_name,company,expire) values ('%tenant_email%','%tenant_first_name%','%tenant_last_name%','%tenant_user_name%','%tenant_company%',10080) - db2 insert into login_detail (user_id,role,status,logged_in) select user_id,'Admin','1',0 from user_detail where email='%tenant_email%' - db2 connect reset - goto END -:DOEXIT - echo "Exited on user input" - goto END -:END - echo "END" - -ENDLOCAL diff --git a/BACA/configuration/DB2/CSVFiles/cword.csv b/BACA/configuration/DB2/CSVFiles/cword.csv deleted file mode 100644 index f7240470..00000000 --- a/BACA/configuration/DB2/CSVFiles/cword.csv +++ /dev/null @@ -1,75 +0,0 @@ -12,inspection -13,vin -14,repair -15,estimates -16,policy -17,qty -18,excluding -19,bank -20,cost -21,credit -22,taxable -23,task -24,shipped -25,ship -26,salesperson -27,handling -28,gst -29,client -30,order -31,receipt -32,draft -33,payment -34,fees -35,offer -36,claim -37,report -38,invoice -39,total -40,settlement -41,services -42,amount -43,brand -44,terms -45,tax -46,purchase -47,due -48,acct -49,account -50,campaign -51,letter -52,invitation -53,attn -54,sincerely -55,insurance -56,patient -57,disability -58,health -59,adjuster -60,division -61,investigating -62,attorney -63,power -64,principal -65,designation -66,authority -67,agreement -68,contract -69,pricing -70,provider -71,schedule -72,branch -73,solution -74,authorized -75,sales -1,statement -2,balance -3,capital -4,shipment -5,flag -6,lading -7,master -8,shipper -9,consignee -10,voyage -11,loading diff --git a/BACA/configuration/DB2/CSVFiles/cword_dc.csv b/BACA/configuration/DB2/CSVFiles/cword_dc.csv deleted file mode 100644 index ce162f91..00000000 --- a/BACA/configuration/DB2/CSVFiles/cword_dc.csv +++ /dev/null @@ -1,75 +0,0 @@ -3,12,0 -3,13,0 -3,14,0 -3,15,0 -3,16,0 -4,17,0 -4,18,0 -4,19,0 -4,20,0 -4,21,0 -4,22,0 -4,23,0 -4,24,0 -4,25,0 -4,26,0 -4,27,0 -4,28,0 -4,29,0 -4,30,0 -4,31,0 -4,32,0 -4,33,0 -4,34,0 -4,35,0 -4,36,0 -4,37,0 -4,38,0 -4,39,0 -4,40,0 -4,41,0 -4,42,0 -4,43,0 -4,44,0 -4,45,0 -4,46,0 -4,47,0 -4,48,0 -4,49,0 -4,50,0 -5,51,0 -5,52,0 -5,53,0 -5,54,0 -6,55,0 -6,56,0 -6,57,0 -6,58,0 -7,59,0 -7,60,0 -7,61,0 -8,62,0 -8,63,0 -8,64,0 -8,65,0 -8,66,0 -9,67,0 -9,68,0 -9,69,0 -9,70,0 -9,71,0 -9,72,0 -9,73,0 -9,74,0 -9,75,0 -1,1,0 -1,2,0 -1,3,0 -2,4,0 -2,5,0 -2,6,0 -2,7,0 -2,8,0 -2,9,0 -2,10,0 -2,11,0 diff --git a/BACA/configuration/DB2/CSVFiles/doc_alias.csv b/BACA/configuration/DB2/CSVFiles/doc_alias.csv deleted file mode 100644 index 54990440..00000000 --- a/BACA/configuration/DB2/CSVFiles/doc_alias.csv +++ /dev/null @@ -1,10 +0,0 @@ -1,Capital Balance statement,en -2,valuation report,en -3,Balance statement,en -4,bill of lading,en -5,Tax Invoice,en -6,Invoice,en -7,Letter of Invitation,en -8,Letter of Employment,en -9,Police Report,en -10,Power of Attorney,en diff --git a/BACA/configuration/DB2/CSVFiles/doc_alias_dc.csv b/BACA/configuration/DB2/CSVFiles/doc_alias_dc.csv deleted file mode 100644 index 2cc9d633..00000000 --- a/BACA/configuration/DB2/CSVFiles/doc_alias_dc.csv +++ /dev/null @@ -1,10 +0,0 @@ -1,1,0 -2,1,0 -3,1,0 -4,2,0 -5,4,0 -6,4,0 -7,5,0 -8,5,0 -9,7,0 -10,8,0 diff --git a/BACA/configuration/DB2/CSVFiles/doc_class.csv b/BACA/configuration/DB2/CSVFiles/doc_class.csv deleted file mode 100644 index 0d53dbd4..00000000 --- a/BACA/configuration/DB2/CSVFiles/doc_class.csv +++ /dev/null @@ -1,9 +0,0 @@ -1,Balance Statement,This is a Sample -2,Bill of Lading,This is a Sample -3,Estimates,This is a Sample -4,Invoice,This is a Sample -5,Letter,This is a Sample -6,Medical Record,This is a Sample -7,Police Report,This is a Sample -8,Power of Attorney,This is a Sample -9,Pricing Schedule,This is a Sample diff --git a/BACA/configuration/DB2/CSVFiles/heading.csv b/BACA/configuration/DB2/CSVFiles/heading.csv deleted file mode 100644 index 77896d2f..00000000 --- a/BACA/configuration/DB2/CSVFiles/heading.csv +++ /dev/null @@ -1,2 +0,0 @@ -1,Principal, -2,designation, diff --git a/BACA/configuration/DB2/CSVFiles/heading_alias.csv b/BACA/configuration/DB2/CSVFiles/heading_alias.csv deleted file mode 100644 index c6d1389d..00000000 --- a/BACA/configuration/DB2/CSVFiles/heading_alias.csv +++ /dev/null @@ -1,2 +0,0 @@ -1,caution to the principal -2,designation of agent diff --git a/BACA/configuration/DB2/CSVFiles/heading_alias_dc.csv b/BACA/configuration/DB2/CSVFiles/heading_alias_dc.csv deleted file mode 100644 index 2e787c85..00000000 --- a/BACA/configuration/DB2/CSVFiles/heading_alias_dc.csv +++ /dev/null @@ -1,2 +0,0 @@ -1,8 -2,8 diff --git a/BACA/configuration/DB2/CSVFiles/heading_alias_h.csv b/BACA/configuration/DB2/CSVFiles/heading_alias_h.csv deleted file mode 100644 index 3bf58f25..00000000 --- a/BACA/configuration/DB2/CSVFiles/heading_alias_h.csv +++ /dev/null @@ -1,2 +0,0 @@ -1,1 -2,2 diff --git a/BACA/configuration/DB2/CSVFiles/heading_dc.csv b/BACA/configuration/DB2/CSVFiles/heading_dc.csv deleted file mode 100644 index 2e787c85..00000000 --- a/BACA/configuration/DB2/CSVFiles/heading_dc.csv +++ /dev/null @@ -1,2 +0,0 @@ -1,8 -2,8 diff --git a/BACA/configuration/DB2/CSVFiles/key_alias.csv b/BACA/configuration/DB2/CSVFiles/key_alias.csv deleted file mode 100644 index 7981e570..00000000 --- a/BACA/configuration/DB2/CSVFiles/key_alias.csv +++ /dev/null @@ -1,238 +0,0 @@ -20,Adjuster,en -21,Written By,en -22,Claim #,en -23,Grand Total,en -24,Vehicle Out,en -25,Type of Loss,en -26,Insured,en -27,Policy #,en -28,Fax,en -29,Workfile ID,en -30,Phone,en -31,Days to Repair,en -32,CUSTOMER PAY,en -33,Subtotal,en -34,INSURANCE PAY,en -35,Condition,en -36,Job #,en -37,Production Date,en -38,State,en -39,Federal ID,en -40,Mileage Out,en -41,RO Number,en -42,Deductible,en -43,License,en -44,VIN,en -45,Point of Impact,en -46,Date of Loss:,en -47,Date Of Loss,en -48,Inspection Location:,en -49,Owner:,en -50,Mileage In,en -51,Exterior Color,en -52,Interior Color,en -53,Page #:,en -54,Job Description,en -55,SB Cess on Taxable Value [B],en -56,SB Cess levied by Vendor [A],en -57,Service Tax on Taxable Value [B],en -58,Inv No#,en -59,Inv Ni #:,en -60,Inv No #:,en -61,TAX INVOICE NUMBER,en -62,Invoice Number,en -63,Invoice #,en -64,Invoice Number:,en -65,Total Cost,en -66,Total Invoice Value (Rs.),en -67,INVOICE TOTAL INCLUDING GST,en -68,Total,en -69,TOTAL INC GST:,en -70,Office,en -71,Address,en -72,Work Site,en -73,Brand,en -74,Website,en -75,ATTORNEY,en -76,Email,en -77,Matter Number,en -78,Matter Number:,en -79,Regd. Office,en -80,Terms,en -81,Payment Terms,en -82,Est No,en -83,Est Ni:,en -84,Est Date,en -85,Est Date:,en -86,Campaign Name,en -87,Service Tax levied by Vendor [A],en -88,Agency Commission,en -89,Beneficiary Name,en -90,Sub Brand,en -91,PAN NO:,en -92,Credit,en -93,CIN No:,en -94,Swift Code,en -95,To:,en -96,Customer Name,en -97,Client,en -98,Tel,en -99,Telephone,en -100,BANK Name:,en -101,Bank,en -102,Price,en -103,Qty,en -104,Description,en -105,GL Code / Item,en -106,Sold To,en -107,ABN,en -108,Regarding,en -109,RE:,en -110,Requesting Manager,en -111,Inv Date,en -112,INVOICE DATE,en -113,Date,en -114,DUE DATE,en -115,Account No:,en -116,Acct No,en -117,Account,en -118,BSB,en -119,Acct Name,en -120,Account Name,en -121,Sub Total (Rs.),en -122,INVOICE TOTAL EXCLUDING GST,en -123,SUBTOTAL:,en -124,sales tax,en -125,GST,en -126,P.O. Number,en -127,PO Number,en -128,Purchase Nbr,en -129,Order #,en -130,Order Number,en -131,Ship To:,en -132,Branch Office:,en -133,IFSC Code,en -134,Centralised Billing and Accounting Office:,en -135,Service Tax Category:,en -136,Service Tax Regn No:,en -137,Branch,en -138,Branch:,en -139,Attn,en -140,Date of Birth,en -141,Start Date,en -142,Title,en -143,Place of Birth,en -144,Status,en -145,Employee,en -146,Full Name,en -147,Subject,en -148,Annual Salary,en -149,Citizenship,en -150,Expire Date,en -151,Passport no.,en -152,Gender,en -153,Issue Date,en -154,Smoking Status:,en -155,Service Dept,en -156,PCP,en -157,Progress Notes,en -158,Appointment Facility,en -159,Referring,en -160,med primary,en -161,prescription,en -162,primary care provider,en -163,Ph,en -164,Horne:,en -165,Horme:,en -166,NPI,en -167,Follow Up,en -168,llãollow Up,en -169,Division,en -170,Claim,en -171,Name,en -172,Diabetes,en -173,Appt. Date/Time,en -174,DOB,en -175,Marital status,en -176,Alcohol intake,en -177,Hypertension,en -178,Occupation,en -179,Kidney Stones,en -180,CELEBREX:,en -181,CEI.EBRi=X:,en -182,CËLEBREX:,en -183,Employer,en -184,Vitals,en -185,ROS,en -186,Qty:,en -187,Refills:,en -188,BMI,en -189,Wt,en -190,Encounter Date,en -191,Provider,en -192,Insurance,en -193,Client Name,en -194,Investigating Agency,en -195,County,en -196,PARTY 1:,en -197,Transaction #,en -198,TIME OF LOSS:,en -199,Claim No,en -200,Driver License,en -201,Street,en -202,DIVISION:,en -203,Division Code,en -204,ADJUSTER:,en -205,Report Number,en -206,Report Type,en -207,Tag,en -208,City,en -209,Start Date of Minimum payment period per service component,en -210,Zip Code,en -211,Zi. Code:,en -212,Service Components,en -213,existing circuit ids,en -214,State/Province,en -215,Country,en -216,MA Reference No.,en -217,PS/CSA Reference No.,en -218,AT&T PS Reference No.:,en -219,AT&T PA Reference No.:,en -220,pre-existing Contract no (must be included),en -221,account number,en -222,Calculation of early termination charges*,en -223,Customer,en -224,Sales Region,en -225,Pricing Schedule Term,en -226,Sales Strata,en -227,Sales / Branch Manager,en -228,Branch Manager:,en -229,Existing Service,en -230,Street Address,en -231,per Service Component,en -232,Program Code,en -233,scvp name,en -234,Rates following the end of minimum payment,en -235,Branch Transit No.,en -236,Branch Transit No.:,en -237,Rate Stabilization per service component,en -238,Effective Date of this pricing schedule,en -1,Capital Balance,en -2,balance,en -3,capital,en -4,amount,en -5,Fund as of date,en -6,period end date,en -7,Issued Date,en -8,Issued At,en -9,Master,en -10,Shipper,en -11,BL NO:,en -12,Flag,en -13,Consignee,en -14,Consignee:,en -15,Voyage No,en -16,Notify Party,en -17,On board the Tanker,en -18,Loading Port,en -19,To be delivered to the port of,en diff --git a/BACA/configuration/DB2/CSVFiles/key_alias_dc.csv b/BACA/configuration/DB2/CSVFiles/key_alias_dc.csv deleted file mode 100644 index 5aa00e02..00000000 --- a/BACA/configuration/DB2/CSVFiles/key_alias_dc.csv +++ /dev/null @@ -1,255 +0,0 @@ -20,3,0 -21,3,0 -22,3,0 -23,3,0 -24,3,0 -25,3,0 -26,3,0 -27,3,0 -28,3,0 -29,3,0 -30,3,0 -31,3,0 -32,3,0 -33,3,0 -34,3,0 -35,3,0 -36,3,0 -37,3,0 -38,3,0 -39,3,0 -40,3,0 -41,3,0 -42,3,0 -43,3,0 -44,3,0 -45,3,0 -46,3,0 -47,3,0 -48,3,0 -49,3,0 -50,3,0 -51,3,0 -52,3,0 -53,4,0 -54,4,0 -55,4,0 -56,4,0 -57,4,0 -58,4,0 -59,4,0 -60,4,0 -61,4,0 -62,4,0 -63,4,0 -64,4,0 -65,4,0 -66,4,0 -67,4,0 -68,4,0 -69,4,0 -70,4,0 -71,4,0 -72,4,0 -73,4,0 -74,4,0 -75,4,0 -76,4,0 -77,4,0 -78,4,0 -79,4,0 -80,4,0 -81,4,0 -82,4,0 -83,4,0 -84,4,0 -85,4,0 -86,4,0 -87,4,0 -88,4,0 -89,4,0 -90,4,0 -91,4,0 -92,4,0 -93,4,0 -94,4,0 -95,4,0 -96,4,0 -97,4,0 -98,4,0 -99,4,0 -100,4,0 -101,4,0 -102,4,0 -103,4,0 -104,4,0 -105,4,0 -106,4,0 -107,4,0 -108,4,0 -109,4,0 -110,4,0 -111,4,0 -112,4,0 -113,4,0 -114,4,0 -115,4,0 -116,4,0 -117,4,0 -118,4,0 -119,4,0 -120,4,0 -121,4,0 -122,4,0 -123,4,0 -124,4,0 -125,4,0 -126,4,0 -127,4,0 -128,4,0 -129,4,0 -130,4,0 -131,4,0 -132,4,0 -133,4,0 -134,4,0 -135,4,0 -136,4,0 -137,4,0 -138,4,0 -28,4,0 -30,4,0 -139,5,0 -140,5,0 -141,5,0 -142,5,0 -143,5,0 -144,5,0 -145,5,0 -146,5,0 -147,5,0 -148,5,0 -149,5,0 -150,5,0 -151,5,0 -152,5,0 -153,5,0 -154,6,0 -155,6,0 -156,6,0 -157,6,0 -158,6,0 -159,6,0 -160,6,0 -161,6,0 -162,6,0 -163,6,0 -164,6,0 -165,6,0 -166,6,0 -167,6,0 -168,6,0 -169,6,0 -170,6,0 -171,6,0 -172,6,0 -173,6,0 -174,6,0 -175,6,0 -176,6,0 -177,6,0 -178,6,0 -179,6,0 -180,6,0 -181,6,0 -182,6,0 -183,6,0 -184,6,0 -185,6,0 -186,6,0 -187,6,0 -188,6,0 -189,6,0 -190,6,0 -191,6,0 -192,6,0 -99,6,0 -28,6,0 -193,7,0 -194,7,0 -195,7,0 -196,7,0 -197,7,0 -198,7,0 -199,7,0 -200,7,0 -201,7,0 -202,7,0 -203,7,0 -204,7,0 -205,7,0 -206,7,0 -207,7,0 -208,7,0 -97,7,0 -113,7,0 -170,7,0 -38,7,0 -47,7,0 -209,9,0 -210,9,0 -211,9,0 -212,9,0 -213,9,0 -214,9,0 -215,9,0 -216,9,0 -217,9,0 -218,9,0 -219,9,0 -220,9,0 -221,9,0 -222,9,0 -223,9,0 -224,9,0 -225,9,0 -226,9,0 -227,9,0 -228,9,0 -229,9,0 -230,9,0 -231,9,0 -232,9,0 -233,9,0 -234,9,0 -235,9,0 -236,9,0 -237,9,0 -238,9,0 -113,9,0 -139,9,0 -208,9,0 -171,9,0 -142,9,0 -76,9,0 -28,9,0 -99,9,0 -1,1,0 -2,1,0 -3,1,0 -4,1,0 -5,1,0 -6,1,0 -7,2,0 -8,2,0 -9,2,0 -10,2,0 -11,2,0 -12,2,0 -13,2,0 -14,2,0 -15,2,0 -16,2,0 -17,2,0 -18,2,0 -19,2,0 diff --git a/BACA/configuration/DB2/CSVFiles/key_alias_kc.csv b/BACA/configuration/DB2/CSVFiles/key_alias_kc.csv deleted file mode 100644 index 2f375e78..00000000 --- a/BACA/configuration/DB2/CSVFiles/key_alias_kc.csv +++ /dev/null @@ -1,255 +0,0 @@ -20,17 -21,18 -22,19 -23,20 -24,21 -25,22 -26,23 -27,24 -28,25 -29,26 -30,27 -31,28 -32,29 -33,30 -34,31 -35,32 -36,33 -37,34 -38,35 -39,36 -40,37 -41,38 -42,39 -43,40 -44,41 -45,42 -46,43 -47,43 -48,44 -49,45 -50,46 -51,47 -52,48 -53,49 -54,50 -55,51 -56,51 -57,51 -58,52 -59,52 -60,52 -61,52 -62,52 -63,52 -64,52 -65,54 -66,54 -67,54 -68,54 -69,54 -70,55 -71,55 -72,56 -73,58 -74,59 -75,60 -76,60 -77,61 -78,61 -79,62 -80,63 -81,63 -82,64 -83,64 -84,65 -85,65 -86,66 -87,67 -88,68 -89,69 -90,70 -91,71 -92,72 -93,73 -94,74 -95,75 -96,75 -97,75 -98,76 -99,76 -100,77 -101,77 -102,78 -103,79 -104,80 -105,81 -106,82 -107,83 -108,85 -109,85 -110,86 -111,87 -112,87 -113,87 -114,88 -115,89 -116,89 -117,89 -118,90 -119,91 -120,91 -121,92 -122,92 -123,92 -124,93 -125,93 -126,94 -127,94 -128,94 -129,94 -130,94 -131,95 -132,96 -133,97 -134,98 -135,99 -136,100 -137,101 -138,101 -28,53 -30,84 -139,102 -140,103 -141,104 -142,105 -143,106 -144,107 -145,108 -146,109 -147,110 -148,111 -149,112 -150,113 -151,114 -152,115 -153,116 -154,117 -155,118 -156,119 -157,120 -158,121 -159,122 -160,123 -161,124 -162,125 -163,126 -164,126 -165,126 -166,128 -167,129 -168,129 -169,129 -170,129 -171,130 -172,131 -173,132 -174,133 -175,134 -176,135 -177,136 -178,137 -179,138 -180,139 -181,139 -182,139 -183,140 -184,141 -185,142 -186,143 -187,144 -188,145 -189,146 -190,147 -191,148 -192,149 -99,126 -28,127 -193,150 -194,151 -195,152 -196,153 -197,154 -198,156 -199,157 -200,160 -201,161 -202,162 -203,162 -204,163 -205,164 -206,165 -207,166 -208,167 -97,150 -113,155 -170,157 -38,158 -47,159 -209,168 -210,169 -211,169 -212,170 -213,171 -214,173 -1,3 -2,3 -3,3 -4,3 -5,4 -6,4 -7,5 -8,6 -9,7 -10,8 -11,9 -12,10 -13,11 -14,11 -15,12 -16,13 -17,14 -18,15 -19,16 -215,175 -216,176 -217,176 -218,176 -219,176 -220,177 -221,178 -222,179 -223,180 -224,186 -225,189 -226,190 -227,191 -228,191 -229,193 -230,194 -231,195 -232,196 -233,197 -234,198 -235,199 -236,199 -237,200 -238,201 -113,172 -139,174 -208,185 -171,187 -142,188 -76,192 -28,193 -99,193 diff --git a/BACA/configuration/DB2/CSVFiles/key_class.csv b/BACA/configuration/DB2/CSVFiles/key_class.csv deleted file mode 100644 index af8fdae7..00000000 --- a/BACA/configuration/DB2/CSVFiles/key_class.csv +++ /dev/null @@ -1,201 +0,0 @@ -47,ExteriorColor,char,0,0,Exterior Color -48,InteriorColor,char,0,0,Interior Color -49,Page Number,number,0,0, -50,JobDescription,char,0,0,Job Description -51,SBCess,number,0,0,Swachh Bharat Cess -52,InvoiceNumber,number,1,0,Invoice Number -53,Fax,number,0,0,FaxNo -54,Total,number,1,0,Grand Total -55,Address,char,0,0, -56,WorkSite,char,0,0,Work Site -57,SalesPerson,char,0,0, -58,Brand,char,0,0,Brand -59,Website,char,0,0,Website Address -60,EmailAddress,char,0,0,Email address -61,MatterNumber,char,0,0,Matter Number -62,RegdOffice,char,0,0,Regd Office -63,Terms,char,0,0,Payment Terms -64,EstNo,number,0,0,Est No -65,EstDate,number,0,0,Est Date -66,CampaignName,char,0,0,Campaign Name -67,ServiceTax,number,0,0,Service Tax -68,AgencyCommission,number,0,0,Agency Commission -69,BeneficiaryName,char,0,0,Beneficiary Name -70,Sub Brand,char,0,0, -71,PANNo,number,0,0,PAN NO -72,Credit,char,0,0,Credit -73,CINNo,number,0,0,CIN No -74,SwiftCode,number,0,1,Swift Code -75,CustName,char,0,1, -76,Telephone,number,0,0,Telephone -77,BankName,char,0,0,Bank Name -78,Price,number,0,0,Price -79,Qty,number,0,0,Quantity -80,Description,char,0,0,Description -81,GLCode,number,0,0,GL Code -82,SoldTo,char,0,0,Sold To -83,ABN,char,0,0,ABN number -84,Phone,number,0,0,Phone no -85,Regarding,char,0,0,Regarding -86,RequestingManager,char,0,0,Requesting Manager -87,InvoiceDate,number,0,0,Invoice Date -88,DueDate,number,0,0,Due Date -89,AccNo,number,0,0,Account Number -90,BSB,number,0,0,BSB No -91,AccName,char,0,0,Account Name -92,SubTotal,number,0,0,Sub Total before tax -93,Tax,number,0,0,Tac amounts -94,PurchaseNo,number,0,0,Purchase number -95,ShipTo,char,0,0, -96,BranchOffice,char,0,0,Branch Office -97,IFSCCode,number,0,0,IFSC Code -98,CentralisedBillingAndAccOffice,char,0,0,Centralised Billing and Accounting Office -99,ServiceTaxCategory,char,0,0,Service Tax Category -100,ServiceTaxRegnNo,number,0,0,Service Tax Regn No -101,Branch,char,0,0,Branch -168,StartDate,char,0,0,Start Date of Minimum payment period per service component -169,ZipCode,number,0,0,Zip Code -170,ServiceComponents,char,0,0,Service Components -171,ExistingCircuitIds,number,0,0,existing circuit ids -172,SignedDate,number,0,0,Signed Date -173,StateProvince,char,0,0,State Province -174,Attention,char,0,0,Attention -175,Country,char,0,0,Country -176,ReferenceNo,number,0,0,Reference No -177,PreExistingContractNo,number,0,0,Pre Existing Contract No -178,AccNo,number,0,0,AccountNumber -179,PercMonthlyFee,char,0,0,Percentage of Monthly Fee -180,Customer,char,0,0,Customer -181,SDAcode,number,0,0,SDA code -182,ContractIDNo,number,0,0,contract id no -183,DS1No,number,0,0,ds1 no -184,PRINo,char,0,0,PRI No -185,City,char,0,0,City -186,SalesRegion,char,0,0,Sales Region -187,Name,char,0,0,Name -188,Title,char,0,0,Title -189,PricingTerm,char,0,0,Pricing Schedule Term -190,SalesStrata,char,0,0,Sales Strata -191,SalesBranchManager,char,0,0,Sales Branch Manager -192,EmailAddress,char,0,0,Email Address -193,TeleFax,number,0,0,Telephone and Fax -194,StreetAddress,char,0,0,Street Address -195,MinPayPeriod,char,0,0,Minimum Payment Period -196,ProgramCode,number,0,0,Program Code -197,SCVPName,char,0,0,SCVP Name -198,RatesForMinPayment,char,0,0,Rates following the end of minimum payment -199,Branch Transit Number,number,0,1, -200,RateStabilization,char,0,0,Rate Stabilization per service component -201,EfffectiveDate,char,0,0,Effective Date of this pricing schedule -46,MileageIn,number,0,0,Mileage In -102,Attention,char,0,0,Attention -103,DOB,number,0,0,Date of Birth -104,StartDate,number,0,0,Start Date -105,Title,char,0,0,Title -106,PlaceOfBirth,char,0,0,Place of Birth -107,Status,char,0,0,Status -108,Employee,char,0,0,Employee -109,FullName,char,0,0,Full Name -110,Subject,char,0,0,Subject -111,AnnualSalary,number,0,0,Annual Salary -112,Citizenship,char,0,0,Citizenship -113,ExpireDate,number,0,0,Expire Date -114,PassportNo,number,0,0,Passport no -115,Gender,char,0,0,Gender -116,IssueDate,number,0,0,Issue Date -117,Smoking Status,char,0,0, -118,ServiceDept,char,0,0,Service Department -119,PCP,char,0,0,PCP -120,ProgressNotes,char,0,0,Progress Notes -121,AppointmentFacility,char,0,0,Appointment Facility -122,Referring,char,0,0,Referring -123,MedPrimary,char,0,0,med primary -124,Prescription,char,0,0,prescription -125,PrimaryCareProvider,char,0,0,primary care provider -126,Telephone,number,0,0,Telephone -127,FaxNo,number,0,0,Fax Number -128,NPI,number,0,0,NPI -129,FollowUp,char,0,0,Follow Up -130,Name,char,0,0,Name -131,Diabetes,char,0,0, -132,AppointmentDateTime,number,0,0,Appt. Date/Time -133,DOB,number,0,0,Date of Birth -134,Marital status,char,0,0, -135,Alcohol intake,char,0,0, -136,Hypertension,char,0,0, -137,Occupation,char,0,0, -138,Kidney Stones,char,0,0, -139,Celebrex,char,0,0, -140,Employer,char,0,0, -141,Vitals,char,0,0, -142,ROS,char,0,0, -143,Quantity,number,0,0, -144,Refills,number,0,0, -145,BodyMassIndex,number,0,0,Body Mass Index (BMI) -146,Weight,number,0,0, -147,EncounterDate,number,0,0,Encounter Date -148,Provider,char,0,0,Provider -149,Insurance,char,0,0,Insurance -150,Client,char,0,0,Client -151,InvestigatingAgency,char,0,0,Investigating Agency -152,County,char,0,0,County -153,Parties,char,0,0,Parties -154,TransactionNo,number,0,0,Transaction Number -155,Date,number,0,0,Date -156,TimeofLoss,number,0,0,Time of Loss -157,ClaimNo,number,0,0,Claim Number -158,State,char,0,0,State -159,DateOfLoss,number,0,0,Date Of Loss -160,DriverLicense,number,0,0,Driver License No -161,Street,char,0,0,Street -162,Division,char,0,0,Division -163,Adjuster,char,0,0,Adjuster -164,ReportNumber,number,0,0,Report Number -165,ReportType,char,0,0,Report Type -166,Tag,char,0,0,Tag -167,City,char,0,0,City -1,InvestmentName,char,1,0, -2,InvestorName,char,1,0, -3,CapBalance,number,1,0, -4,FundAsOfDate,number,1,0, -5,IssuedDate,number,0,0,Issued Date -6,IssuedAt,char,0,0,Issued At -7,Master,char,0,0,Master/Captain -8,Shipper,char,0,0,Shipper -9,BLNo,char,0,0,Bill of Lading number -10,Flag,char,0,0,Flag -11,Consignee,char,0,0,Consignee -12,VoyageNo,number,0,0,Voyage No -13,NotifyParty,char,0,0,Notify Party -14,OnboardTanker,char,0,0,OnboardTanker -15,LoadingPort,char,0,0,Loading Port -16,DeliveryPort,char,0,0,Delivery Port -17,Adjuster,char,0,0,Adjuster -18,WrittenBy,char,0,0,Written By -19,ClaimNo,number,0,0,Claim No -20,GrandTotal,number,0,0,Grand Total -21,VehicleOut,char,0,0,Vehicle Out -22,TypeOfLoss,char,0,0,Type of Loss -23,Insured,char,0,0,Insured -24,PolicyNo,number,0,0,Policy no -25,Fax,number,0,0,Fax -26,WorkfileID,number,0,0,Workfile ID -27,Telephone,number,0,0,Telephone -28,DaysToRepair,number,0,0,Days to Repair -29,CUSTOMERPAY,number,0,0,CUSTOMER PAY -30,Subtotal,number,0,0,Subtotal -31,INSURANCEPAY,number,0,0,INSURANCE PAY -32,Condition,char,0,0,Condition -33,JobNo,number,0,0,Jon no -34,ProductionDate,number,0,0,Production Date -35,State,char,0,0,State -36,FederalID,number,0,0,Federal ID -37,MileageOut,char,0,0,Mileage Out -38,RONumber,number,0,0,RO Number -39,Deductible,number,0,0,Deductible -40,License,char,0,0,License -41,VIN,number,0,0,VIN -42,PointOfImpact,char,0,0,Point of Impact -43,DateOfLoss,number,0,0,Date of Loss -44,InspectionLocation,char,0,0,Inspection Location -45,Owner,char,0,0,Owner diff --git a/BACA/configuration/DB2/CSVFiles/key_class_dc.csv b/BACA/configuration/DB2/CSVFiles/key_class_dc.csv deleted file mode 100644 index bd42f1ae..00000000 --- a/BACA/configuration/DB2/CSVFiles/key_class_dc.csv +++ /dev/null @@ -1,201 +0,0 @@ -46,3 -47,3 -48,3 -49,4 -50,4 -51,4 -52,4 -53,4 -54,4 -55,4 -56,4 -57,4 -58,4 -59,4 -60,4 -61,4 -62,4 -63,4 -64,4 -65,4 -66,4 -67,4 -68,4 -69,4 -70,4 -71,4 -72,4 -73,4 -74,4 -75,4 -76,4 -77,4 -78,4 -79,4 -80,4 -81,4 -82,4 -83,4 -84,4 -85,4 -86,4 -87,4 -88,4 -89,4 -90,4 -91,4 -92,4 -93,4 -94,4 -95,4 -96,4 -97,4 -98,4 -99,4 -100,4 -101,4 -168,9 -169,9 -170,9 -171,9 -172,9 -173,9 -174,9 -175,9 -176,9 -177,9 -178,9 -179,9 -180,9 -181,9 -182,9 -183,9 -184,9 -185,9 -186,9 -187,9 -188,9 -189,9 -190,9 -191,9 -192,9 -193,9 -194,9 -195,9 -196,9 -197,9 -198,9 -199,9 -200,9 -201,9 -102,5 -103,5 -104,5 -105,5 -106,5 -107,5 -108,5 -109,5 -110,5 -111,5 -112,5 -113,5 -114,5 -115,5 -116,5 -1,1 -2,1 -3,1 -4,1 -5,2 -6,2 -7,2 -8,2 -9,2 -10,2 -11,2 -12,2 -13,2 -14,2 -15,2 -16,2 -17,3 -18,3 -19,3 -20,3 -21,3 -22,3 -23,3 -24,3 -25,3 -26,3 -27,3 -28,3 -29,3 -30,3 -31,3 -32,3 -33,3 -34,3 -35,3 -36,3 -37,3 -38,3 -39,3 -40,3 -41,3 -42,3 -43,3 -44,3 -45,3 -117,6 -118,6 -119,6 -120,6 -121,6 -122,6 -123,6 -124,6 -125,6 -126,6 -127,6 -128,6 -129,6 -130,6 -131,6 -132,6 -133,6 -134,6 -135,6 -136,6 -137,6 -138,6 -139,6 -140,6 -141,6 -142,6 -143,6 -144,6 -145,6 -146,6 -147,6 -148,6 -149,6 -150,7 -151,7 -152,7 -153,7 -154,7 -155,7 -156,7 -157,7 -158,7 -159,7 -160,7 -161,7 -162,7 -163,7 -164,7 -165,7 -166,7 -167,7 diff --git a/BACA/configuration/DB2/CreateBaseDB.bat b/BACA/configuration/DB2/CreateBaseDB.bat deleted file mode 100755 index 95a53fce..00000000 --- a/BACA/configuration/DB2/CreateBaseDB.bat +++ /dev/null @@ -1,32 +0,0 @@ -@echo off -SETLOCAL - -set /p base_db_name= Enter the name of the Base BACA database. If nothing is entered, we will use the following default value 'CABASEDB': -IF NOT DEFINED base_db_name SET "base_db_name=CABASEDB" - -set /p base_db_user= Enter the name of the database user for the Base BACA database. If nothing is entered, we will use the following default value 'CABASEUSER' : -IF NOT DEFINED base_db_user SET "base_db_user=CABASEUSER" - -set /P c=Are you sure you want to continue[Y/N]? -if /I "%c%" EQU "Y" goto :DOCREATE -if /I "%c%" EQU "N" goto :DOEXIT - -:DOCREATE - echo "Running the db script" - db2 CREATE DATABASE %base_db_name% AUTOMATIC STORAGE YES USING CODESET UTF-8 TERRITORY DEFAULT COLLATE USING SYSTEM PAGESIZE 32768 - db2 CONNECT TO %base_db_name% - db2 GRANT CONNECT,DATAACCESS ON DATABASE TO USER %base_db_user% - db2 GRANT USE OF TABLESPACE USERSPACE1 TO USER %base_db_user% - db2 CONNECT RESET - db2 CONNECT TO %base_db_name% - db2 SET SCHEMA %base_db_user% - db2 CREATE TABLE TENANTINFO (tenantid varchar(128) NOT NULL, ontology varchar(128) not null,tenanttype smallint not null with default, rdbmsengine varchar(128) not null, bacaversion varchar(1024) not null, rdbmsconnection varchar(1024) for bit data default null,mongoconnection varchar(1024) for bit data default null,mongoadminconnection varchar(1024) for bit data default null,CONSTRAINT tenantinfo_pkey PRIMARY KEY (tenantid, ontology)) - db2 CONNECT RESET - goto END -:DOEXIT - echo "Exited on user input" - goto END -:END - echo "END" - -ENDLOCAL \ No newline at end of file diff --git a/BACA/configuration/DB2/DeleteOntology.sh b/BACA/configuration/DB2/DeleteOntology.sh deleted file mode 100755 index b9acc0f6..00000000 --- a/BACA/configuration/DB2/DeleteOntology.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash -. ./ScriptFunctions.sh - -echo -e "\n-- This script will delete an existing ontology from a tenant" -echo - -echo "Enter the tenant ID for the existing tenant: (eg. t4900)" -while [[ -z "$tenant_id" || $tenant_id == '' ]] -do - echo "Please enter a valid value for the tenant ID:" - read tenant_id -done - -echo -e "\nEnter the tenant ontology to delete: " -read tenant_ontology -if [[ -z "$tenant_ontology" ]]; then - tenant_ontology=$default_ontology -fi - - -default_basedb='BASECA' -if [[ -z "$base_db_name" ]]; then - echo -e "\nEnter the name of the Base BACA database with the TENANTINFO Table. If nothing is entered, we will use the following default value : " $default_basedb - read base_db_name - if [[ -z "$base_db_name" ]]; then - base_db_name=$default_basedb - fi -fi - -default_basedb_user='CABASEUSER' -if [[ -z "$base_db_user" ]]; then - echo -e "\nEnter the name of the database user for the Base BACA database. If nothing is entered, we will use the following default value : " $default_basedb_user - read base_db_user - if [[ -z "$base_db_user" ]]; then - base_db_user=$default_basedb_user - fi -fi - -db2 "connect to $base_db_name" -db2 "set schema $base_db_user" -resp=$(db2 -x "select dbname,dbuser from tenantinfo where tenantid = '$tenant_id'") -tenant_db=$(echo $resp | awk '{print $1}') -tenant_user=$(echo $resp | awk '{print $2}') - -echo -echo "-- Please confirm these are the desired settings:" -echo " - tenant ID: $tenant_id" -echo " - ontology: $tenant_ontology" -echo " - tenant database name: $tenant_db" -echo " - base database: $base_db_name" -askForConfirmation - -db2 "connect to $tenant_db" -db2 "set schema $tenant_ontology" -db2 -stvf sql/DropBacaTables.sql - -resp=$(db2 -x "drop schema $tenant_ontology restrict") -echo $resp -rc=$(echo $resp | awk '{print $1}') -if [[ "$rc" == "DB20000I" ]] -then - echo ontology delete - db2 connect reset - db2 "connect to $base_db_name" - db2 "set schema $base_db_user" - db2 "delete from tenantinfo where tenantid='$tenant_id' and ontology='$tenant_ontology'" -else - echo ontology delete failed: $rc -fi - diff --git a/BACA/configuration/DB2/DeleteTenant.sh b/BACA/configuration/DB2/DeleteTenant.sh deleted file mode 100755 index b5f93a40..00000000 --- a/BACA/configuration/DB2/DeleteTenant.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash -. ./ScriptFunctions.sh - -echo -e "\n-- This script will delete an existing BACA tenant" -echo - -echo "Enter the tenant ID for the existing tenant: (eg. t4900)" -while [[ -z "$tenant_id" || $tenant_id == '' ]] -do - echo "Please enter a valid value for the tenant ID:" - read tenant_id -done - -default_basedb='BASECA' -if [[ -z "$base_db_name" ]]; then - echo -e "\nEnter the name of the Base BACA database with the TENANTINFO Table. If nothing is entered, we will use the following default value : " $default_basedb - read base_db_name - if [[ -z "$base_db_name" ]]; then - base_db_name=$default_basedb - fi -fi - -default_basedb_user='CABASEUSER' -if [[ -z "$base_db_user" ]]; then - echo -e "\nEnter the name of the database user for the Base BACA database. If nothing is entered, we will use the following default value : " $default_basedb_user - read base_db_user - if [[ -z "$base_db_user" ]]; then - base_db_user=$default_basedb_user - fi -fi - - - -db2 "connect to $base_db_name" -db2 "set schema $base_db_user" -resp=$(db2 -x "select dbname,dbuser from tenantinfo where tenantid = '$tenant_id'") -tenant_db=$(echo $resp | awk '{print $1}') -tenant_user=$(echo $resp | awk '{print $2}') - -echo -echo "-- Please confirm these are the desired settings:" -echo " - tenant ID: $tenant_id" -echo " - tenant database name: $tenant_db" -echo " - base database: $base_db_name" -askForConfirmation - -db2 "connect to $tenant_db" -resp=$(db2 -x "QUIESCE DATABASE IMMEDIATE FORCE CONNECTIONS") -rc=$(echo $resp | awk '{print $1}') - -if [[ "$rc" == "DB20000I" || "$rc" == "SQL1371W" ]] -then - echo "DB Quiesced" - db2 "unquiesce database" - db2 "connect reset" - resp=$(db2 -x "drop db $tenant_db") - rc=$(echo $resp | awk '{print $1}') - if [[ "$rc" == "DB20000I" ]] - then - echo "DB Dropped" - db2 "connect to $base_db_name" - db2 "set schema $base_db_user" - db2 "delete from tenantinfo where tenantid='$tenant_id'" - else - echo "Failed to drop the database: " $rc - fi -else - echo "Quiesce failed: " $rc -fi - diff --git a/BACA/configuration/DB2/Readme_windows.txt b/BACA/configuration/DB2/Readme_windows.txt deleted file mode 100755 index b98e4d97..00000000 --- a/BACA/configuration/DB2/Readme_windows.txt +++ /dev/null @@ -1,11 +0,0 @@ -Prerequisite : DB2 v11 fixpack 2 or higher -Intructions to create BACA databases. Baca uses two database one is called -base database and the other is called tenant database. -1. Before running the scripts file you need to create two windows non-admin - users who are also db2 regular users.These users are used to connect - databases.The db scripts are initilized with cabaseuser and tenantuser. -2. Open db2 administrator command window to run the script files. -3. Run the CreateBaseDB.bat to create the base database. -3. Run AddTenant.bat to add a new tenant db and ontology. - You can aslo run this script file to add a new ontology - for existing tenant database. \ No newline at end of file diff --git a/BACA/configuration/DB2/ScriptFunctions.sh b/BACA/configuration/DB2/ScriptFunctions.sh deleted file mode 100755 index 4d40ce59..00000000 --- a/BACA/configuration/DB2/ScriptFunctions.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/env bash - -function askForConfirmation(){ - while [[ $confirmation != "y" && $confirmation != "n" && $confirmation != "yes" && $confirmation != "no" ]] # While confirmation is not y or n... - do - echo - echo -e "Would you like to continue (Y/N):" - read confirmation - confirmation=$(echo "$confirmation" | tr '[:upper:]' '[:lower:]') - done - - if [[ $confirmation == "n" || $confirmation == "no" ]] - then - exit - fi -} \ No newline at end of file diff --git a/BACA/configuration/DB2/UpgradeBaseDB.sh b/BACA/configuration/DB2/UpgradeBaseDB.sh deleted file mode 100755 index 8409eb48..00000000 --- a/BACA/configuration/DB2/UpgradeBaseDB.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/usr/bin/env bash -. ./ScriptFunctions.sh - -INPUT_PROPS_FILENAME="./common_for_DB2_Upgrade.sh" - -if [ -f $INPUT_PROPS_FILENAME ]; then - echo "Found a $INPUT_PROPS_FILENAME. Reading in variables from that script." - . $INPUT_PROPS_FILENAME -fi - -echo -e "\n-- This script will upgrade base DB" -echo - -while [[ $base_db_name == '' ]] -do - echo "Please enter a valid value for the base database name :" - read base_db_name - while [ ${#base_db_name} -gt 8 ]; - do - echo "Please enter a valid value for the base database name :" - read base_db_name; - echo ${#base_db_name}; - done -done - -while [[ -z "$base_db_user" || $base_db_user == "" ]] -do - echo "Please enter a valid value for the base database user name :" - read base_db_user -done - -echo -echo "-- Please confirm these are the desired settings:" -echo " - Base database name: $base_db_name" -echo " - Base database user name: $base_db_user" -askForConfirmation - -if [[ $SaaS != "true" || -z $SaaS ]]; then - cp sql/UpgradeBaseDB_to_1.1.sql.template sql/UpgradeBaseDB_to_1.1.sql - sed -i s/\$base_db_name/"$base_db_name"/ sql/UpgradeBaseDB_to_1.1.sql - sed -i s/\$base_db_user/"$base_db_user"/ sql/UpgradeBaseDB_to_1.1.sql - echo - echo "Running upgrade script: sql/UpgradeBaseDB_to_1.1.sql" - db2 -stvf sql/UpgradeBaseDB_to_1.1.sql -else - echo "-- Skipping UpgradeBaseDB_to_1.1.sql" -fi - -cp sql/UpgradeBaseDB_1.1_to_1.2.sql.template sql/UpgradeBaseDB_1.1_to_1.2.sql -sed -i s/\$base_db_name/"$base_db_name"/ sql/UpgradeBaseDB_1.1_to_1.2.sql -sed -i s/\$base_db_user/"$base_db_user"/ sql/UpgradeBaseDB_1.1_to_1.2.sql -echo -echo "Running upgrade script: sql/UpgradeBaseDB_1.1_to_1.2.sql" -db2 -stvf sql/UpgradeBaseDB_1.1_to_1.2.sql \ No newline at end of file diff --git a/BACA/configuration/DB2/common_for_DB2.sh.sample b/BACA/configuration/DB2/common_for_DB2.sh.sample deleted file mode 100644 index 87b77b8d..00000000 --- a/BACA/configuration/DB2/common_for_DB2.sh.sample +++ /dev/null @@ -1,51 +0,0 @@ -# Sample script for running the DB2 scripts non-interactively by providing the needed env vars -# To use: Make a copy and name it "common_for_DB2.sh", update the needed variables. - - -# --- For Base BACA DB: -# update these variables for the BACA Base database -base_db_name=CABASE3 -base_db_user=baseuser3 - - -# To skip creating base databse user and skip asking for pwd, use these vars below. -# Prereq is that the DB2 user (from var "base_db_user") must already be created. -base_valid_user=1 -base_user_already_defined=1 -base_pwdconfirmed=1 - -# --- For adding tenant: -# update these variables -tenant_type=0 # Allowed values: 0 for Enterprise, 1 for Trial, 2 for Internal -baca_database_server_ip=10.126.18.120 -baca_database_port=50000 -tenant_id=t4910 -tenant_db_name=t4910 -tenant_db_user=t4910user - -# To skip creating tenant database user and skip asking for pwd, use these vars below. -# Prereq is that the DB2 user (from var "tenant_db_user") must already be created. -user_already_defined=1 -pwdconfirmed=1 - -# update these variables -tenant_db_pwd=xyz123ee -tenant_db_pwd_b64_encoded=1 # set to 1 if "tenant_db_pwd" is base64 encoded -tenant_ontology=ONT1 - -tenant_company=IBM -tenant_first_name=John -tenant_last_name=Smith -tenant_email=johnsmith@ibm.com -tenant_user_name=johnsmith - -# --- For adding ontology to existing tenant -# uncomment this below to add ontology, and comment out "tenant_ontology" line above in this file -#use_existing_tenant=1 -#tenant_ontology=ONT2 - -# skip confirmation prompts: -confirmation=y - -#DB2 ssl Yes/No -ssl=No \ No newline at end of file diff --git a/BACA/configuration/DB2/common_for_DB2_Tenant_Upgrade.sh.sample b/BACA/configuration/DB2/common_for_DB2_Tenant_Upgrade.sh.sample deleted file mode 100644 index a1e773e6..00000000 --- a/BACA/configuration/DB2/common_for_DB2_Tenant_Upgrade.sh.sample +++ /dev/null @@ -1,14 +0,0 @@ -# Sample script for running the DB2 scripts non-interactively by providing the needed env vars -# To use: Make a copy and name it "common_for_DB2.sh", update the needed variables. - -# --- For adding tenant: - -tenant_db_name= - -tenant_ontology= - -tenant_db_user= - -# skip confirmation prompts: -confirmation=y - diff --git a/BACA/configuration/DB2/common_for_DB2_Upgrade.sh.sample b/BACA/configuration/DB2/common_for_DB2_Upgrade.sh.sample deleted file mode 100644 index 1c7cdbed..00000000 --- a/BACA/configuration/DB2/common_for_DB2_Upgrade.sh.sample +++ /dev/null @@ -1,8 +0,0 @@ -# Sample script for running the DB2 scripts non-interactively by providing the needed env vars -# To use: Make a copy and name it "common_for_DB2.sh", update the needed variables. - -# --- For Base BACA DB: -# update these variables for the BACA Base database -base_db_name= -base_db_user= - diff --git a/BACA/configuration/DB2/sql/CreateBacaSchema.sql.template b/BACA/configuration/DB2/sql/CreateBacaSchema.sql.template deleted file mode 100644 index 2968a7ac..00000000 --- a/BACA/configuration/DB2/sql/CreateBacaSchema.sql.template +++ /dev/null @@ -1,6 +0,0 @@ -CONNECT TO $tenant_db_name ; - -CREATE SCHEMA $tenant_ontology ; - -SET SCHEMA $tenant_ontology ; - diff --git a/BACA/configuration/DB2/sql/CreateBaseDB.sql.template b/BACA/configuration/DB2/sql/CreateBaseDB.sql.template deleted file mode 100644 index f316dd92..00000000 --- a/BACA/configuration/DB2/sql/CreateBaseDB.sql.template +++ /dev/null @@ -1,10 +0,0 @@ -CREATE DATABASE $base_db_name AUTOMATIC STORAGE YES USING CODESET UTF-8 TERRITORY DEFAULT COLLATE USING SYSTEM PAGESIZE 32768; - -CONNECT TO $base_db_name ; - -GRANT CONNECT,DATAACCESS ON DATABASE TO USER $base_db_user ; - -GRANT USE OF TABLESPACE USERSPACE1 TO USER $base_db_user ; - -CONNECT RESET; - diff --git a/BACA/configuration/DB2/sql/CreateBaseTable.sql.template b/BACA/configuration/DB2/sql/CreateBaseTable.sql.template deleted file mode 100644 index 08abaae0..00000000 --- a/BACA/configuration/DB2/sql/CreateBaseTable.sql.template +++ /dev/null @@ -1,26 +0,0 @@ -CONNECT TO $base_db_name ; - -SET SCHEMA $base_db_user ; - ---Following are added to handle seemless updates in feature ---Going forward bacaversion is base db schema version ---tenantdbversion is tenant and ontology schema version - -CREATE TABLE TENANTINFO - (tenantid varchar(128) NOT NULL, - ontology varchar(128) not null, - tenanttype smallint not null with default, - dailylimit smallint not null with default 0, - rdbmsengine varchar(128) not null, - dbname varchar(255) not null, - dbuser varchar(255) not null, - bacaversion varchar(1024) not null, - rdbmsconnection varchar(1024) for bit data default null, - mongoconnection varchar(1024) for bit data default null, - mongoadminconnection varchar(1024) for bit data default null, - featureflags bigint not null with default 0, - tenantdbversion varchar(255), - CONSTRAINT tenantinfo_pkey PRIMARY KEY (tenantid, ontology) - ); - -CONNECT RESET; diff --git a/BACA/configuration/DB2/sql/CreateDB.sql.template b/BACA/configuration/DB2/sql/CreateDB.sql.template deleted file mode 100644 index cc8e1636..00000000 --- a/BACA/configuration/DB2/sql/CreateDB.sql.template +++ /dev/null @@ -1,9 +0,0 @@ -CREATE DATABASE $tenant_db_name AUTOMATIC STORAGE YES USING CODESET UTF-8 TERRITORY DEFAULT COLLATE USING SYSTEM PAGESIZE 32768; - -CONNECT TO $tenant_db_name ; - -GRANT CONNECT,DATAACCESS ON DATABASE TO USER $tenant_db_user ; - -GRANT USE OF TABLESPACE USERSPACE1 TO USER $tenant_db_user ; - -CONNECT RESET; \ No newline at end of file diff --git a/BACA/configuration/DB2/sql/DropBacaTables.sql b/BACA/configuration/DB2/sql/DropBacaTables.sql deleted file mode 100644 index 1eb4506e..00000000 --- a/BACA/configuration/DB2/sql/DropBacaTables.sql +++ /dev/null @@ -1,45 +0,0 @@ -drop VIEW audit_sys_report; -drop table audit_integration_activity; -drop table audit_system_activity; -drop table audit_api_activity; -drop table audit_user_activity; -drop table audit_processed_files; -drop table audit_login_activity; -drop table audit_ontology; -drop table db_restore; -drop table error_log; -drop table processed_file; -drop table key_spacing; -drop table db_backup; -drop table fonts_transid; -drop table fonts_dc; -drop table fonts; -drop table smartpages_options; -drop table api_integrations_objectsstore; -drop table import_ontology; -drop table integration_dc; -drop table integration; -drop table login_detail; -drop table user_detail; -drop table pattern_kc; -drop table pattern; -drop table heading_alias_dc; -drop table heading_alias_h; -drop table heading_dc; -drop table heading_alias; -drop table heading; -drop table cword_dc; -drop table key_alias_kc; -drop table key_alias_dc; -drop table key_class_dc; -drop table doc_alias_dc; -drop table key_alias; -drop table cword; -drop table key_class; -drop table doc_alias; -drop table doc_class; -drop table ontology; -drop table classifier; -drop table training_log; -drop table document; -drop sequence MINOR_VER_SEQ; \ No newline at end of file diff --git a/BACA/configuration/DB2/sql/InsertTenant.sql.template b/BACA/configuration/DB2/sql/InsertTenant.sql.template deleted file mode 100644 index ea921ff8..00000000 --- a/BACA/configuration/DB2/sql/InsertTenant.sql.template +++ /dev/null @@ -1,4 +0,0 @@ -connect to $base_db_name ; -set schema $base_db_user ; -insert into TENANTINFO (tenantid,ontology,tenanttype,dailylimit,rdbmsengine,bacaversion,rdbmsconnection,dbname,dbuser,tenantdbversion) values ( '$tenant_id', '$tenant_ontology', $tenant_type, $daily_limit, 'DB2', '1.2', encrypt('$rdbmsconnection','AES_KEY'),'$tenant_db_name','$tenant_db_user','1.2') ; -connect reset ; diff --git a/BACA/configuration/DB2/sql/InsertUser.sql.template b/BACA/configuration/DB2/sql/InsertUser.sql.template deleted file mode 100644 index bcc368d7..00000000 --- a/BACA/configuration/DB2/sql/InsertUser.sql.template +++ /dev/null @@ -1,5 +0,0 @@ -connect to $tenant_db_name ; -set schema $tenant_ontology ; -insert into user_detail (email,first_name,last_name,user_name,company,expire) values ('$tenant_email','$tenant_first_name','$tenant_last_name','$tenant_user_name','$tenant_company',10080) ; -insert into login_detail (user_id,role,status,logged_in) select user_id,'Admin','1',0 from user_detail where email='$tenant_email' ; -connect reset ; \ No newline at end of file diff --git a/BACA/configuration/DB2/sql/LoadData.sql.template b/BACA/configuration/DB2/sql/LoadData.sql.template deleted file mode 100644 index 24c2657e..00000000 --- a/BACA/configuration/DB2/sql/LoadData.sql.template +++ /dev/null @@ -1,37 +0,0 @@ -CONNECT TO $tenant_db_name ; -SET SCHEMA $tenant_ontology ; - -load from ./CSVFiles/doc_class.csv of del modified by identityoverride insert into doc_class ; -load from ./CSVFiles/key_class.csv of del modified by identityoverride insert into key_class ; -load from ./CSVFiles/doc_alias.csv of del modified by identityoverride insert into doc_alias ; -load from ./CSVFiles/key_alias.csv of del modified by identityoverride insert into key_alias ; -load from ./CSVFiles/cword.csv of del modified by identityoverride insert into cword ; -load from ./CSVFiles/heading.csv of del modified by identityoverride insert into heading ; -load from ./CSVFiles/heading_alias.csv of del modified by identityoverride insert into heading_alias ; -load from ./CSVFiles/key_class_dc.csv of del modified by identityoverride insert into key_class_dc ; -load from ./CSVFiles/doc_alias_dc.csv of del modified by identityoverride insert into doc_alias_dc ; -load from ./CSVFiles/key_alias_dc.csv of del modified by identityoverride insert into key_alias_dc ; -load from ./CSVFiles/key_alias_kc.csv of del modified by identityoverride insert into key_alias_kc ; -load from ./CSVFiles/heading_dc.csv of del modified by identityoverride insert into heading_dc ; -load from ./CSVFiles/heading_alias_dc.csv of del modified by identityoverride insert into heading_alias_dc ; -load from ./CSVFiles/heading_alias_h.csv of del modified by identityoverride insert into heading_alias_h ; -load from ./CSVFiles/cword_dc.csv of del modified by identityoverride insert into cword_dc ; - -set integrity for key_class_dc immediate checked ; -set integrity for doc_alias_dc immediate checked ; -set integrity for key_alias_dc immediate checked ; -set integrity for key_alias_kc immediate checked ; -set integrity for heading_dc immediate checked ; -set integrity for heading_alias_dc immediate checked ; -set integrity for heading_alias_h immediate checked ; -set integrity for cword_dc immediate checked ; - -alter table doc_class alter column doc_class_id restart with 10 ; -alter table doc_alias alter column doc_alias_id restart with 11 ; -alter table key_class alter column key_class_id restart with 202 ; -alter table key_alias alter column key_alias_id restart with 239 ; -alter table cword alter column cword_id restart with 76 ; -alter table heading alter column heading_id restart with 3 ; -alter table heading_alias alter column heading_alias_id restart with 3 ; - -CONNECT RESET; diff --git a/BACA/configuration/DB2/sql/TablePermissions.sql.template b/BACA/configuration/DB2/sql/TablePermissions.sql.template deleted file mode 100644 index d8090bba..00000000 --- a/BACA/configuration/DB2/sql/TablePermissions.sql.template +++ /dev/null @@ -1,20 +0,0 @@ -CONNECT TO $tenant_db_name ; - -GRANT ALTER ON TABLE $tenant_ontology.DOC_CLASS TO USER $tenant_db_user ; -GRANT ALTER ON TABLE $tenant_ontology.DOC_ALIAS TO USER $tenant_db_user ; -GRANT ALTER ON TABLE $tenant_ontology.KEY_CLASS TO USER $tenant_db_user ; -GRANT ALTER ON TABLE $tenant_ontology.KEY_ALIAS TO USER $tenant_db_user ; -GRANT ALTER ON TABLE $tenant_ontology.CWORD TO USER $tenant_db_user ; -GRANT ALTER ON TABLE $tenant_ontology.HEADING TO USER $tenant_db_user ; -GRANT ALTER ON TABLE $tenant_ontology.HEADING_ALIAS TO USER $tenant_db_user ; -GRANT ALTER ON TABLE $tenant_ontology.USER_DETAIL TO USER $tenant_db_user ; -GRANT ALTER ON TABLE $tenant_ontology.INTEGRATION TO USER $tenant_db_user ; -GRANT ALTER ON TABLE $tenant_ontology.IMPORT_ONTOLOGY TO USER $tenant_db_user ; -GRANT ALTER ON TABLE $tenant_ontology.API_INTEGRATIONS_OBJECTSSTORE TO USER $tenant_db_user ; -GRANT ALTER ON TABLE $tenant_ontology.SMARTPAGES_OPTIONS TO USER $tenant_db_user ; -GRANT ALTER ON TABLE $tenant_ontology.FONTS TO USER $tenant_db_user ; -GRANT ALTER ON TABLE $tenant_ontology.FONTS_TRANSID TO USER $tenant_db_user ; -GRANT ALTER ON TABLE $tenant_ontology.DB_BACKUP TO USER $tenant_db_user ; -GRANT ALTER ON TABLE $tenant_ontology.PATTERN TO USER $tenant_db_user ; - -CONNECT RESET; \ No newline at end of file diff --git a/BACA/configuration/DB2/sql/UpgradeBaseDB_1.1_to_1.2.sql.template b/BACA/configuration/DB2/sql/UpgradeBaseDB_1.1_to_1.2.sql.template deleted file mode 100644 index c5a5fec8..00000000 --- a/BACA/configuration/DB2/sql/UpgradeBaseDB_1.1_to_1.2.sql.template +++ /dev/null @@ -1,9 +0,0 @@ ---base DB changes -connect to $base_db_name ; -set schema $base_db_user ; - -alter table tenantinfo add column featureflags bigint not null with default 0; -alter table tenantinfo add column tenantdbversion varchar(255); -reorg table tenantinfo; - -connect reset; \ No newline at end of file diff --git a/BACA/configuration/DB2/sql/UpgradeBaseDB_to_1.1.sql.template b/BACA/configuration/DB2/sql/UpgradeBaseDB_to_1.1.sql.template deleted file mode 100644 index 771f1576..00000000 --- a/BACA/configuration/DB2/sql/UpgradeBaseDB_to_1.1.sql.template +++ /dev/null @@ -1,10 +0,0 @@ ---base DB changes -connect to $base_db_name ; -set schema $base_db_user ; - -alter table tenantinfo add column dailylimit bigint not null with default 0; -alter table tenantinfo add column dbname varchar(255); -alter table tenantinfo add column dbuser varchar(255); -reorg table tenantinfo; - -connect reset; \ No newline at end of file diff --git a/BACA/configuration/DB2/sql/UpgradeTenantDB_to_1.1.sql.template b/BACA/configuration/DB2/sql/UpgradeTenantDB_to_1.1.sql.template deleted file mode 100644 index 8921a752..00000000 --- a/BACA/configuration/DB2/sql/UpgradeTenantDB_to_1.1.sql.template +++ /dev/null @@ -1,7 +0,0 @@ -connect to $tenant_db_name ; -set schema $tenant_ontology ; - -alter table integration alter column model_id set data type varchar(1024); -reorg table integration; - -connect reset ; \ No newline at end of file diff --git a/BACA/configuration/README.md b/BACA/configuration/README.md deleted file mode 100644 index 3fb68728..00000000 --- a/BACA/configuration/README.md +++ /dev/null @@ -1,4 +0,0 @@ -# Please Preparing your environment for Content Analyzer - -Please perform the steps described in the following page in IBM Content Analyzer Knowledge Center before proceed to installing the Charts. -https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/topics/tsk_preparing_baca_deploy.html diff --git a/BACA/configuration/baca-netpol.yaml b/BACA/configuration/baca-netpol.yaml deleted file mode 100644 index fa676f1e..00000000 --- a/BACA/configuration/baca-netpol.yaml +++ /dev/null @@ -1,11 +0,0 @@ -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - namespace: $KUBE_NAME_SPACE - name: baca-netpol -spec: - ingress: - - {} - podSelector: {} - policyTypes: - - Ingress \ No newline at end of file diff --git a/BACA/configuration/baca-psp.yaml b/BACA/configuration/baca-psp.yaml deleted file mode 100644 index 712b3327..00000000 --- a/BACA/configuration/baca-psp.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: PodSecurityPolicy -metadata: - annotations: - kubernetes.io/description: "This policy allows pods to run with - any UID and GID, but preventing access to the host." - name: baca-anyuid-psp -spec: - allowPrivilegeEscalation: false - fsGroup: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - #rule: RunAsAny - requiredDropCapabilities: - - MKNOD - - SETFCAP - - NET_RAW - - NET_BIND_SERVICE - - KILL - allowedCapabilities: - - SETPCAP - - AUDIT_WRITE - - CHOWN - - FOWNER - - FSETID - - SETUID - - SETGID - - SYS_CHROOT - - DAC_OVERRIDE - runAsUser: - rule: MustRunAsNonRoot - seLinux: - rule: RunAsAny - supplementalGroups: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - #rule: RunAsAny - volumes: - - configMap - - emptyDir - - projected - - secret - - downwardAPI - - persistentVolumeClaim - forbiddenSysctls: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - name: baca-anyuid-clusterrole -rules: -- apiGroups: - - extensions - resourceNames: - - baca-anyuid-psp - resources: - - podsecuritypolicies - verbs: - - use diff --git a/BACA/configuration/bashfunctions.sh b/BACA/configuration/bashfunctions.sh deleted file mode 100755 index ebdf8714..00000000 --- a/BACA/configuration/bashfunctions.sh +++ /dev/null @@ -1,407 +0,0 @@ -#!/usr/bin/env bash - -# -# Licensed Materials - Property of IBM -# 6949-68N -# -# © Copyright IBM Corp. 2018 All Rights Reserved -# - -# Function to request user for their domain name - -export ICP_clustername=$(echo $DOCKER_REG_FOR_SERVICES | awk -F'[.]' '{print $1}') -export ICP_account_id="id-"$ICP_clustername"-account" - -# Login to ICP, to ensure bx pr and kubectl commands work in later functions -function loginToCluster() { - if [[ $ICP_VERSION == "3.1.0" || $ICP_VERSION == "3.1.2" ]]; then - echo - #echo "\x1B[1;31m Logging into ICP using: bx pr login -a https://$MASTERIP:8443 --skip-ssl-validation -u admin - # -p admin -c id-mycluster-account. \x1B[0m" - export ICP_USER_PASSWORD_DECODE=$(echo $ICP_USER_PASSWORD | base64 --decode) - #ICP 3.10 - cloudctl login -a https://$MASTERIP:8443 --skip-ssl-validation -u $ICP_USER -p $ICP_USER_PASSWORD_DECODE -c $ICP_account_id -n default - fi - if [[ $OCP_VERSION == "3.11" ]]; then - echo - export OCP_USER_PASSWORD_DECODE=$(echo $OCP_USER_PASSWORD | base64 --decode) - #echo "\x1B[1;31m Logging into OCP using: oc login https://$MASTERIP:8443 --insecure-skip-tls-verify=true -u $OCP_USER - # -p $OCP_USER_PASSWORD_DECODE. \x1B[0m" - #OCP 3.11 - oc login https://$MASTERIP:8443 --insecure-skip-tls-verify=true -u $OCP_USER -p $OCP_USER_PASSWORD_DECODE - fi -} - -# ------------------- -# HELM Client setup -# ------------------- -function downloadHelmClient() { - - - if [[ $ICP_VERSION == "3.1.0" || $ICP_VERSION == "3.1.2" ]]; then - echo - echo "Downloading Helm 2.9.1 from ICp" - curl -kLo helm-linux-amd64-v2.9.1.tar.gz https://$MASTERIP:8443/api/cli/helm-linux-amd64.tar.gz - echo - echo "Moving helm to /usr/local/bin and chmod 755 helm" - tar -xvf helm-linux-amd64-v2.9.1.tar.gz - chmod 755 ./linux-amd64/helm && mv ./linux-amd64/helm /usr/local/bin - rm -rf linux-amd64 - # testing Helm - echo Testing Helm CLI using: helm version --tls - helm version --tls - fi - - if [[ $OCP_VERSION == "3.11" ]]; then - echo "Downloading Helm 2.11.0 from Github" - curl -s https://storage.googleapis.com/kubernetes-helm/helm-v2.11.0-linux-amd64.tar.gz | tar xz - echo - echo "Moving helm to /usr/local/bin and chmod 755 helm" - - chmod 755 ./linux-amd64/helm && mv ./linux-amd64/helm /usr/local/bin - rm -rf linux-amd64 - - fi -} - - -function helmSetup(){ - - if [[ $ICP_VERSION == "3.1.2" ]]; then - # ICP specific setup - echo - echo Initializing Helm CLI using: helm init --client-only - helm init --client-only - echo - echo Creating clusterrolebinding tiller-cluster-admin .... - kubectl create clusterrolebinding tiller-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default - fi - - if [[ $OCP_VERSION == "3.11" ]]; then - echo Creating clusterrolebinding tiller-cluster-admin .... - export TILLER_NAMESPACE=tiller - oc new-project $TILLER_NAMESPACE - oc project $TILLER_NAMESPACE - oc process -f /~https://github.com/openshift/origin/raw/master/examples/helm/tiller-template.yaml -p TILLER_NAMESPACE="${TILLER_NAMESPACE}" -p HELM_VERSION=v2.11.0 | oc create -f - - oc rollout status deployment tiller - oc project $KUBE_NAME_SPACE - oc policy add-role-to-user $OCP_USER "system:serviceaccount:${TILLER_NAMESPACE}:tiller" - fi - -} - -function checkHelm(){ - - if [[ $ICP_VERSION == "3.1.2" ]]; then - MAX_ITERATIONS=120 - count=0 - while [[ $( kubectl get deployment tiller-deploy --namespace kube-system | sed -n '1!p' | awk '{print $5}' ) == 0 ]] - do - if [ "$count" -eq $MAX_ITERATIONS ]; then - echo "ERROR: Failed to find tiller-deploy after $MAX_ITERATIONS tries. Please check your cluster using kubectl get deployment tiller-deploy --namespace kube-system" - return 1 - fi - echo "Checking that helm tiller is deployed ......................" - sleep 10 - ((count++)) - done - echo "Helm deployed successfully ......................" - fi -} - - - -function getWorkerIPs() { - echo "inside getWorkerIPs" - if [[ $ICP_VERSION == "3.1.0" || $ICP_VERSION == "3.1.2" ]]; then - export ICP_USER_PASSWORD_DECODE=$(echo $ICP_USER_PASSWORD | base64 --decode) - echo "About to get all the worker IPs from $ICP_VERSION" - echo "login -a https://$MASTERIP:8443 --skip-ssl-validation -u $ICP_USER -p $ICP_USER_PASSWORD_DECODE -c $ICP_account_id" - cloudctl login -a https://$MASTERIP:8443 --skip-ssl-validation -u $ICP_USER -p $ICP_USER_PASSWORD_DECODE -c $ICP_account_id -n default - export WORKER_IPs=$(cloudctl cm workers --json | grep "publicIP" | awk '{print $2}' | cut -d ',' -f1 | tr -d '"') - if [ -z "$WORKER_IPs" ]; then - echo "Cannot find public IP for worker nodes. Will try to check for Private IP now" - export WORKER_IPs=$(cloudctl cm workers --json | grep "privateIP" | awk '{print $2}' | cut -d ',' -f1 | tr -d '"') - echo WORKER_IPs=$WORKER_IPs - if [[ -z "$WORKER_IPs" ]]; then exit 1; fi - fi - fi - if [[ $OCP_VERSION == "3.11" ]]; then - echo "About to get all the worker IPs from $OCP_VERSION" - loginToCluster - export WORKER_IPs=$(oc get nodes | grep compute | grep [^Not]Ready | awk '{print $1}' | cut -d ',' -f1 | tr -d '"') - echo WORKER_IPs=$WORKER_IPs - if [[ -z "$WORKER_IPs" ]]; then exit 1; fi - fi - -} -function getWorkerIPBasedOnLabel() { - echo "inside getWorkerIP1s. It will get the worker IPs based on label" - - loginToCluster - if [[ $ICP_VERSION == "3.1.0" || $ICP_VERSION == "3.1.2" ]]; then - export WORKER_IP1s=$(kubectl get nodes --show-labels |grep worker.*$KUBE_NAME_SPACE=baca | grep [^Not]Ready | awk {'print $1'}) - fi - if [[ $OCP_VERSION == "3.11" ]]; then - export WORKER_IP1s=$(kubectl get nodes --show-labels |grep compute=true |grep celery$KUBE_NAME_SPACE'='baca | grep [^Not]Ready | awk {'print $1'}) - fi - echo $WORKER_IP1s - if [[ -z "$WORKER_IP1s" ]]; then exit 1; fi - -} -function clearAllLabels(){ - echo "About to clear ALL label nodes with in $KUBE_NAME_SPACE" - getWorkerIPs - for i in $WORKER_IPs - do - echo "Clear out previous labeling" - kubectl label nodes $i {celery$KUBE_NAME_SPACE-,mongo$KUBE_NAME_SPACE-,mongo-admin$KUBE_NAME_SPACE-} - echo - done -} -#function labelNodes() { -# clearAllLabels -# echo "About to label ALL nodes with celery$KUBE_NAME_SPACE=baca." -# getWorkerIPs -# for i in $WORKER_IPs -# do -# echo "Label --overwrite $i with celery$KUBE_NAME_SPACE=baca" -# kubectl label nodes --overwrite $i {celery$KUBE_NAME_SPACE=baca,mongo$KUBE_NAME_SPACE=baca,mongo-admin$KUBE_NAME_SPACE=baca} -# done -#} - -function customLabelNodes() { - loginToCluster - clearAllLabels -# echo "Clear out previous labeling" -# kubectl label nodes $i {celery$KUBE_NAME_SPACE-,mongo$KUBE_NAME_SPACE-,mongo-admin$KUBE_NAME_SPACE-,postgres$KUBE_NAME_SPACE-} - - echo "About to label --overwrite $CA_WORKERS with celery$KUBE_NAME_SPACE=baca." - echo label nodes {$CA_WORKERS} celery$KUBE_NAME_SPACE=baca - for i in $(echo $CA_WORKERS | sed "s/,/ /g") - do - echo "Label $i with celery$KUBE_NAME_SPACE=baca" - kubectl label nodes --overwrite $i celery$KUBE_NAME_SPACE=baca - echo - done - echo - echo "About to label $MONGO_WORKERS with mongo$KUBE_NAME_SPACE=baca." - for i in $(echo $MONGO_WORKERS | sed "s/,/ /g") - do - echo "Label $i with mongo$KUBE_NAME_SPACE=baca" - kubectl label nodes --overwrite $i mongo$KUBE_NAME_SPACE=baca - done - echo - echo "About to label $MONGO_ADMIN_WORKERS with mongo-admin$KUBE_NAME_SPACE=baca." - for i in $(echo $MONGO_ADMIN_WORKERS | sed "s/,/ /g") - do - echo "Label $i with mongo-admin$KUBE_NAME_SPACE=baca" - kubectl label nodes --overwrite $i mongo-admin$KUBE_NAME_SPACE=baca - done - echo -} - - - -function getNFSServer() { - #Get a list of worker IPs - if [[ $PVCCHOICE == "1" ]]; then # This is the option 1 where the script will create everything for Internal usage. - getWorkerIPBasedOnLabel - #Create directories: - echo "Creating required directory for SP by ssh into $NFS_IP" - if [ -z "$SSH_USER" ]; then - export SSH_USER="root" - fi - - if [ "$SSH_USER" == "root" ]; then - export SUDO_CMD="" - else - export SUDO_CMD="sudo " - fi - echo "Creating necessary folder in $NFS_IP..." - ssh $SSH_USER@$NFS_IP -oStrictHostKeyChecking=no "$SUDO_CMD mkdir -p /exports/smartpages/$KUBE_NAME_SPACE/{logs,data,config}" - ssh $SSH_USER@$NFS_IP -oStrictHostKeyChecking=no "$SUDO_CMD mkdir -p /exports/smartpages/$KUBE_NAME_SPACE/logs/{backend,frontend,callerapi,processing-extraction,pdfprocess,setup,interprocessing,classifyprocess-classify,ocr-extraction,postprocessing,reanalyze,updatefiledetail,spfrontend,redis,rabbitmq,mongo,mongoadmin,utf8process}" - ssh $SSH_USER@$NFS_IP -oStrictHostKeyChecking=no "$SUDO_CMD mkdir -p /exports/smartpages/$KUBE_NAME_SPACE/config/backend" - - - - echo "Creating data directory on NFS ..." - ssh $SSH_USER@$NFS_IP -oStrictHostKeyChecking=no "$SUDO_CMD mkdir -p /exports/smartpages/$KUBE_NAME_SPACE/data/{mongo,mongoadmin}" - - - echo "Setting owner (51000:51001) for BACA's PVC" - ssh $SSH_USER@$NFS_IP -oStrictHostKeyChecking=no "$SUDO_CMD chown -R 51000:51001 /exports/smartpages/" - - - - - echo "Checking to see if NFS server is installed..." - if [[ $ICP_VERSION == "3.1.2" ]]; then - ssh $SSH_USER@$NFS_IP "$SUDO_CMD systemctl status nfs-kernel-server" - if [[ $? != "0" ]]; then - echo "We could not find nfs service. We will try to install nfs server" - ssh $SSH_USER@$NFS_IP "$SUDO_CMD apt install nfs-kernel-server && $SUDO_CMD systemctl enable nfs-kernel-server && $SUDO_CMD systemctl restart nfs-kernel-server" - - fi - fi - if [[ $OCP_VERSION == "3.11" ]]; then - ssh $SSH_USER@$NFS_IP "$SUDO_CMD systemctl status nfs-server" - if [[ $? != "0" ]]; then - echo "We could not find nfs service. We will try to install nfs server" - ssh $SSH_USER@$NFS_IP "$SUDO_CMD yum install nfs-utils && $SUDO_CMD systemctl enable nfs-server && $SUDO_CMD systemctl restart nfs-server" - fi - fi - - - - - #We will backup the existing /etc/exports - #Compare the icp worker ip w/ the existing IP in the /etc/exports file then insert any missing entry (IP) into /etc/exports. - echo "ssh $SSH_USER@$NFS_IP "$SUDO_CMD cp /etc/exports /etc/exports_bak"" - ssh $SSH_USER@$NFS_IP "$SUDO_CMD cp /etc/exports /etc/exports_bak" - export EXPORTS_FILE=`ssh $SSH_USER@$NFS_IP "$SUDO_CMD cat /etc/exports |grep '/exports/smartpages'" | awk '{print $2}' | cut -d'(' -f1` - echo "from exports files: $EXPORTS_FILE" - echo "from k8's : $WORKER_IP1s" - - #if [[ $? == "1" ]]; then - - echo "Inside writting to /etc/exports routine" - echo $WORKER_IP1s - - for i in $WORKER_IP1s - do - - echo $EXPORTS_FILE |grep $i - if [[ $? == "1" ]]; then - echo $i - echo "Cannot find $i in the /etc/exports file....." - echo "Writing '/exports/smartpages "$i"(rw,sync,no_root_squash)' to $NFS_IP/etc/exports file" - - ssh $SSH_USER@$NFS_IP "echo '/exports/smartpages "$i"(rw,sync,no_root_squash)' | $SUDO_CMD tee --append /etc/exports" - else - echo " $i matched" - fi - - done - - - #restart nfs service if available$KUBE_NAME_SPACE/config - if [[ $ICP_VERSION == "3.1.2" ]]; then - ssh $SSH_USER@$NFS_IP "$SUDO_CMD systemctl restart nfs-kernel-server" - fi - if [[ $OCP_VERSION == "3.11" ]]; then - ssh $SSH_USER@$NFS_IP "$SUDO_CMD systemctl restart nfs-server" - fi - - - else - echo -e "\x1B[1;32mPVCCHOICE is not defined. Therefore, you must create the following pvc name: \x1B[0m" - fi # end if of pvc=1 - -} -function calMemoryLimitedDist(){ - - echo -e "\x1B[1;32mChecking to see if bc package is installed\x1B[0m" - dpkg -l | awk {'print $2'} |grep ^bc$ > /dev/null - if [[ $? != "0" ]]; then - echo "Installing bc package for resource calculation" - apt install bc -y - fi - echo CALLERAPI_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.03 * 1024" | bc)Mi" - echo BACKEND_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.04 * 1024" | bc)Mi" - echo FRONTEND_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.03 * 1024" | bc)Mi" - echo POST_PROCESS_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.03 * 1024" | bc)Mi" - echo PDF_PROCESS_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.06 * 1024" | bc)Mi" - echo UTF8_PROCESS_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.06 * 1024" | bc)Mi" - echo SETUP_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.03 * 1024" | bc)Mi" - echo OCR_EXTRACTION_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.09 * 1024" | bc)Mi" - echo CLASSIFY_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.06 * 1024" | bc)Mi" - echo PROCESSING_EXTRACTION_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.09 * 1024" | bc)Mi" - # echo INTER_PROCESSING_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.03 * 1024" | bc)Mi" - echo REANALYZE_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.045 * 1024" | bc)Mi" - echo UPDATEFILE_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.03 * 1024" | bc)Mi" - echo RABBITMQ_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.06 * 1024" | bc)Mi" -# echo MINIO_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.04 * 1024" | bc)Mi" - echo REDIS_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.04 * 1024" | bc)Mi" - echo MONGO_LIMITED_MEMORY="$(echo "$MONGO_SERVER_MEMORY * 0.6 * 1024" | bc)Mi" - echo MONGO_ADMIN_LIMITED_MEMORY="$(echo "$MONGO_ADMIN_SERVER_MEMORY * 0.6 * 1024" | bc)Mi" - export mongo_memory_value="$(echo "$MONGO_SERVER_MEMORY * 0.6 " | bc)" - export mongo_admin_memory_value="$(echo "$MONGO_ADMIN_SERVER_MEMORY * 0.6 " | bc)" - - - export MONGO_WIREDTIGER_LIMIT="$(echo "($mongo_memory_value -1)*0.5" | bc)" - - if [[ 1 -eq $(echo "$MONGO_WIREDTIGER_LIMIT < 0.25" |bc -l) ]];then - echo MONGO_WIREDTIGER_LIMIT='0.25' - - - else - echo "MONGO_WIREDTIGER_LIMIT=$MONGO_WIREDTIGER_LIMIT" - - fi - -# echo "mongo_admin_memory_value=$mongo_admin_memory_value" - export MONGO_ADMIN_WIREDTIGER_LIMIT="$(echo "($mongo_admin_memory_value -1)*0.5" | bc)" - - if [[ 1 -eq $(echo "$MONGO_ADMIN_WIREDTIGER_LIMIT < 0.25" |bc -l) ]];then - echo MONGO_ADMIN_WIREDTIGER_LIMIT='0.25' - - else - echo "MONGO_ADMIN_WIREDTIGER_LIMIT=$MONGO_ADMIN_WIREDTIGER_LIMIT" - fi - -} - -function calMemoryLimitedShared(){ - echo CALLERAPI_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.03 * 1024" | bc)Mi" - echo BACKEND_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.04 * 1024" | bc)Mi" - echo FRONTEND_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.03 * 1024" | bc)Mi" - echo POST_PROCESS_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.03 * 1024" | bc)Mi" - echo PDF_PROCESS_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.06 * 1024" | bc)Mi" - echo UTF8_PROCESS_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.06 * 1024" | bc)Mi" - echo SETUP_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.03 * 1024" | bc)Mi" - echo OCR_EXTRACTION_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.09 * 1024" | bc)Mi" - echo CLASSIFY_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.06 * 1024" | bc)Mi" - echo PROCESSING_EXTRACTION_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.09 * 1024" | bc)Mi" -# echo INTER_PROCESSING_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.03 * 1024" | bc)Mi" - echo REANALYZE_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.045 * 1024" | bc)Mi" - echo UPDATEFILE_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.03 * 1024" | bc)Mi" - echo RABBITMQ_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.06 * 1024" | bc)Mi" -# echo MINIO_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.04 * 1024" | bc)Mi" - echo REDIS_LIMITED_MEMORY="$(echo "$SERVER_MEMORY * 0.04 * 1024" | bc)Mi" - echo MONGO_LIMITED_MEMORY="$(echo "$MONGO_SERVER_MEMORY * 0.1 * 1024" | bc)Mi" - export mongo_memory_value="$(echo "$MONGO_SERVER_MEMORY * 0.1" | bc)" - echo MONGO_ADMIN_LIMITED_MEMORY="$(echo "$MONGO_ADMIN_SERVER_MEMORY * 0.1 * 1024" | bc)Mi" - export mongo_admin_memory_value="$(echo "$MONGO_ADMIN_SERVER_MEMORY * 0.1" | bc)" - -# echo "mongo_memory_value=$mongo_memory_value" - export MONGO_WIREDTIGER_LIMIT="$(echo "($mongo_memory_value -1)*0.5" | bc)" - #echo "MONGO_WIREDTIGER_LIMIT=$MONGO_WIREDTIGER_LIMIT" - if [[ 1 -eq $(echo "$MONGO_WIREDTIGER_LIMIT < 0.25" |bc -l) ]];then - echo MONGO_WIREDTIGER_LIMIT='0.25' - - else - echo "MONGO_WIREDTIGER_LIMIT=$MONGO_WIREDTIGER_LIMIT" - fi - -# echo "mongo_admin_memory_value=$mongo_admin_memory_value" - export MONGO_ADMIN_WIREDTIGER_LIMIT="$(echo "($mongo_admin_memory_value -1)*0.5" | bc)" - #echo "MONGO_WIREDTIGER_LIMIT=$MONGO_WIREDTIGER_LIMIT" - if [[ 1 -eq $(echo "$MONGO_WIREDTIGER_LIMIT < 0.25" |bc -l) ]];then - echo MONGO_ADMIN_WIREDTIGER_LIMIT='.25' - else - echo "MONGO_ADMIN_WIREDTIGER_LIMIT=$MONGO_ADMIN_WIREDTIGER_LIMIT" - fi - -} -function calNumOfContainers(){ - if [[ $ICP_VERSION == "3.1.0" || $ICP_VERSION == "3.1.2" ]]; then - export numOfCelery=$(kubectl get nodes --show-labels |grep worker.*celery$KUBE_NAME_SPACE=baca | wc -l) - fi - if [[ $OCP_VERSION == "3.11" ]]; then - export numOfCelery=$(oc get nodes --show-labels |grep compute=true | grep celery$KUBE_NAME_SPACE=baca | wc -l) - fi - echo CELERY_REPLICAS=$numOfCelery - echo NON_CELERY_REPLICAS=$numOfCelery - -} diff --git a/BACA/configuration/common.sh b/BACA/configuration/common.sh deleted file mode 100755 index 63d75a06..00000000 --- a/BACA/configuration/common.sh +++ /dev/null @@ -1,29 +0,0 @@ -SERVER_MEMORY= -MONGO_SERVER_MEMORY= -MONGO_ADMIN_SERVER_MEMORY= -USING_HELM= -HELM_INIT_BEFORE= -KUBE_NAME_SPACE= -DOCKER_REG_FOR_SERVICES= -LABEL_NODE= -CA_WORKERS= -MONGO_WORKERS= -MONGO_ADMIN_WORKERS= -ICP_VERSION= -ICP_USER= -ICP_USER_PASSWORD= -BXDOMAINNAME= -MASTERIP= -SSH_USER= -PVCCHOICE= -NFS_IP= -DATAPVC= -LOGPVC= -CONFIGPVC= -BASE_DB_PWD= -LDAP= -LDAP_PASSWORD= -LDAP_URL= -LDAP_CRT_NAME= -DB_SSL= -DB_CRT_NAME= \ No newline at end of file diff --git a/BACA/configuration/common_ICP_template.sh b/BACA/configuration/common_ICP_template.sh deleted file mode 100755 index 63d75a06..00000000 --- a/BACA/configuration/common_ICP_template.sh +++ /dev/null @@ -1,29 +0,0 @@ -SERVER_MEMORY= -MONGO_SERVER_MEMORY= -MONGO_ADMIN_SERVER_MEMORY= -USING_HELM= -HELM_INIT_BEFORE= -KUBE_NAME_SPACE= -DOCKER_REG_FOR_SERVICES= -LABEL_NODE= -CA_WORKERS= -MONGO_WORKERS= -MONGO_ADMIN_WORKERS= -ICP_VERSION= -ICP_USER= -ICP_USER_PASSWORD= -BXDOMAINNAME= -MASTERIP= -SSH_USER= -PVCCHOICE= -NFS_IP= -DATAPVC= -LOGPVC= -CONFIGPVC= -BASE_DB_PWD= -LDAP= -LDAP_PASSWORD= -LDAP_URL= -LDAP_CRT_NAME= -DB_SSL= -DB_CRT_NAME= \ No newline at end of file diff --git a/BACA/configuration/common_OCP_template.sh b/BACA/configuration/common_OCP_template.sh deleted file mode 100755 index a5e741ef..00000000 --- a/BACA/configuration/common_OCP_template.sh +++ /dev/null @@ -1,29 +0,0 @@ -SERVER_MEMORY= -MONGO_SERVER_MEMORY= -MONGO_ADMIN_SERVER_MEMORY= -USING_HELM= -HELM_INIT_BEFORE= -KUBE_NAME_SPACE= -DOCKER_REG_FOR_SERVICES= -LABEL_NODE= -CA_WORKERS= -MONGO_WORKERS= -MONGO_ADMIN_WORKERS= -OCP_VERSION= -OCP_USER= -OCP_USER_PASSWORD= -BXDOMAINNAME= -MASTERIP= -SSH_USER= -PVCCHOICE= -NFS_IP= -DATAPVC= -LOGPVC= -CONFIGPVC= -BASE_DB_PWD= -LDAP= -LDAP_PASSWORD= -LDAP_URL= -LDAP_CRT_NAME= -DB_SSL= -DB_CRT_NAME= \ No newline at end of file diff --git a/BACA/configuration/createSSLCert.sh b/BACA/configuration/createSSLCert.sh deleted file mode 100755 index cc713f03..00000000 --- a/BACA/configuration/createSSLCert.sh +++ /dev/null @@ -1,191 +0,0 @@ -#!/usr/bin/env bash - -# -# Licensed Materials - Property of IBM -# 6949-68N -# -# © Copyright IBM Corp. 2018 All Rights Reserved -# - - -function createSSLCert() { - rm -r *.crt *.pem *.key || true - - echo -e "\x1B[1;32mAbout to create a self-signed SSL cert for ingress, celery, mongo, redis, rabbitmq....\x1B[0m" - echo "openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $PWD/tls.key -out $PWD/tls.crt -subj "/CN=127.0.0.1" " - openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $PWD/tls.key -out $PWD/tls.crt -subj "/CN=127.0.0.1" - cat $PWD/tls.key $PWD/tls.crt > $PWD/tls.pem - - echo "openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $PWD/celery.key -out $PWD/celery.crt -subj "/CN=127.0.0.1" " - openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $PWD/celery.key -out $PWD/celery.crt -subj "/CN=127.0.0.1" - cat $PWD/celery.key $PWD/celery.crt > $PWD/celery.pem - - echo "openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $PWD/mongo.key -out $PWD/mongo.crt -subj "/CN=127.0.0.1" " - openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $PWD/mongo.key -out $PWD/mongo.crt -subj "/CN=127.0.0.1" - cat $PWD/mongo.key $PWD/mongo.crt > $PWD/mongo.pem - - echo "openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $PWD/public.crt -out $PWD/public.crt -subj "/CN=127.0.0.1" " - openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $PWD/private.key -out $PWD/public.crt -subj "/CN=127.0.0.1" - - echo "openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $PWD/redis.key -out $PWD/redis.crt -subj "/CN=127.0.0.1" " - openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $PWD/redis.key -out $PWD/redis.crt -subj "/CN=127.0.0.1" - cat $PWD/redis.key $PWD/redis.crt > $PWD/redis.pem - echo "changing file permissions for redis.key ..." - chmod 600 $PWD/redis.key - - echo "openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $PWD/rabbitmq.key -out $PWD/rabbitmq.crt -subj "/CN=127.0.0.1" " - openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $PWD/rabbitmq.key -out $PWD/rabbitmq.crt -subj "/CN=127.0.0.1" - cat $PWD/rabbitmq.key $PWD/rabbitmq.crt > $PWD/rabbitmq.pem - - -} -function createSecret (){ - - echo -e "\x1B[1;32mAbout to create a secrets for ingress, celery, mongo, redis, rabbitmq....\x1B[0m" - echo "kubectl -n $KUBE_NAME_SPACE create secret tls baca-ingress-secret --key $PWD/tls.key --cert $PWD/tls.crt" - kubectl -n $KUBE_NAME_SPACE create secret tls baca-ingress-secret --key $PWD/tls.key --cert $PWD/tls.crt \ - --dry-run -o yaml | kubectl apply -f - - -# if [[ $DB_SSL == "y" || $DB_SSL == "Y" ]]; then -# echo "kubectl -n sp create secret generic baca-db2-secret --from-file=$PWD/db2-cert.arm" -# kubectl -n sp create secret generic baca-db2-secret --from-file=$PWD/db2-cert.arm -# fi - if [[ ($LDAP_URL =~ ^'ldaps' && ! -z $LDAP_CRT_NAME) && ($DB_SSL == "n") ]]; then - echo "kubectl -n $KUBE_NAME_SPACE create secret generic with LDAP certs AND no DB2 cert " - kubectl -n $KUBE_NAME_SPACE create secret generic baca-secrets$KUBE_NAME_SPACE \ - --from-file=$PWD/celery.pem --from-file=$PWD/celery.crt --from-file=$PWD/celery.key \ - --from-file=$PWD/mongo.pem --from-file=$PWD/mongo.crt --from-file=$PWD/mongo.key \ - --from-file=$PWD/public.crt --from-file=$PWD/private.key \ - --from-file=$PWD/redis.pem --from-file=$PWD/redis.key --from-file=$PWD/redis.crt \ - --from-file=$PWD/rabbitmq.pem --from-file=$PWD/rabbitmq.key --from-file=$PWD/rabbitmq.crt \ - --from-file=$PWD/$LDAP_CRT_NAME \ - --dry-run -o yaml | kubectl apply -f - - elif [[ ($LDAP_URL =~ ^'ldaps' && ! -z $LDAP_CRT_NAME) && ($DB_SSL == "y" && ! -z $DB_CRT_NAME) ]]; then - echo "kubectl -n $KUBE_NAME_SPACE create secret generic with DB certs AND LDAP certs " - kubectl -n $KUBE_NAME_SPACE create secret generic baca-secrets$KUBE_NAME_SPACE \ - --from-file=$PWD/celery.pem --from-file=$PWD/celery.crt --from-file=$PWD/celery.key \ - --from-file=$PWD/mongo.pem --from-file=$PWD/mongo.crt --from-file=$PWD/mongo.key \ - --from-file=$PWD/public.crt --from-file=$PWD/private.key \ - --from-file=$PWD/redis.pem --from-file=$PWD/redis.key --from-file=$PWD/redis.crt \ - --from-file=$PWD/rabbitmq.pem --from-file=$PWD/rabbitmq.key --from-file=$PWD/rabbitmq.crt \ - --from-file=$PWD/$LDAP_CRT_NAME \ - --from-file=$PWD/$DB_CRT_NAME \ - --dry-run -o yaml | kubectl apply -f - - elif [[ ($DB_SSL == "y" && ! -z $DB_CRT_NAME) && ($LDAP_URL != ^'ldaps') ]]; then - echo "kubectl -n $KUBE_NAME_SPACE create secret generic with DB certs AND NO LDAP certs " - kubectl -n $KUBE_NAME_SPACE create secret generic baca-secrets$KUBE_NAME_SPACE \ - --from-file=$PWD/celery.pem --from-file=$PWD/celery.crt --from-file=$PWD/celery.key \ - --from-file=$PWD/mongo.pem --from-file=$PWD/mongo.crt --from-file=$PWD/mongo.key \ - --from-file=$PWD/public.crt --from-file=$PWD/private.key \ - --from-file=$PWD/redis.pem --from-file=$PWD/redis.key --from-file=$PWD/redis.crt \ - --from-file=$PWD/rabbitmq.pem --from-file=$PWD/rabbitmq.key --from-file=$PWD/rabbitmq.crt \ - --from-file=$PWD/$DB_CRT_NAME \ - --dry-run -o yaml | kubectl apply -f - - else - echo "kubectl -n $KUBE_NAME_SPACE create secret generic with no LDAP and DB2 certs" - kubectl -n $KUBE_NAME_SPACE create secret generic baca-secrets$KUBE_NAME_SPACE \ - --from-file=$PWD/celery.pem --from-file=$PWD/celery.crt --from-file=$PWD/celery.key \ - --from-file=$PWD/mongo.pem --from-file=$PWD/mongo.crt --from-file=$PWD/mongo.key \ - --from-file=$PWD/public.crt --from-file=$PWD/private.key \ - --from-file=$PWD/redis.pem --from-file=$PWD/redis.key --from-file=$PWD/redis.crt \ - --from-file=$PWD/rabbitmq.pem --from-file=$PWD/rabbitmq.key --from-file=$PWD/rabbitmq.crt \ - --dry-run -o yaml | kubectl apply -f - - fi - -} -function createMongoSecrets (){ -echo -e "\x1B[1;32mAbout to create mongo Secrets....\x1B[0m" -if [[ -z "$MONGOADMINENTRYPASSWORD" && -z "$MONGOADMINUSER" && -z "$MONGOADMINPASSWORD" ]]; then - echo -e "\x1B[1;32mCreating mongo admin Secrets using random values....\x1B[0m" - export MONGOADMINENTRYPASSWORD=$(openssl rand -base64 32 | tr -d "=+/" | cut -c1-29) - export MONGOADMINUSER=$(openssl rand -base64 12 | tr -d "=+/" | cut -c1-29) - export MONGOADMINPASSWORD=$(openssl rand -base64 32 | tr -d "=+/" | cut -c1-29) - - kubectl -n $KUBE_NAME_SPACE create secret generic baca-mongo-admin \ - --from-literal=MONGOADMINENTRYPASSWORD="$MONGOADMINENTRYPASSWORD" \ - --from-literal=MONGOADMINUSER="$MONGOADMINUSER" \ - --from-literal=MONGOADMINPASSWORD="$MONGOADMINPASSWORD" \ - --dry-run -o yaml | kubectl apply -f - -else - echo -e "\x1B[1;32mCreating mongo admin Secret based on custom values for MONGOADMINENTRYPASSWORD, MONGOADMINUSER, MONGOADMINPASSWORD\x1B[0m" - kubectl -n $KUBE_NAME_SPACE create secret generic mongo-admin \ - --from-literal=MONGOADMINENTRYPASSWORD="$MONGOADMINENTRYPASSWORD" \ - --from-literal=MONGOADMINUSER="$MONGOADMINUSER" \ - --from-literal=MONGOADMINPASSWORD="$MONGOADMINPASSWORD" \ - --dry-run -o yaml | kubectl apply -f - -fi - -if [[ -z "$MONGOENTRYPASSWORD" && -z "$MONGOUSER" && -z "$MONGOPASSWORD" ]] ; then - echo -e "\x1B[1;32mCreating mongo Secrets using random values....\x1B[0m" - export MONGOENTRYPASSWORD=$(openssl rand -base64 32 | tr -d "=+/" | cut -c1-29) - export MONGOUSER=$(openssl rand -base64 12 | tr -d "=+/" | cut -c1-29) - export MONGOPASSWORD=$(openssl rand -base64 32 | tr -d "=+/" | cut -c1-29) - kubectl -n $KUBE_NAME_SPACE create secret generic baca-mongo \ - --from-literal=MONGOENTRYPASSWORD="$MONGOENTRYPASSWORD" \ - --from-literal=MONGOUSER="$MONGOUSER" \ - --from-literal=MONGOPASSWORD="$MONGOPASSWORD" \ - --dry-run -o yaml | kubectl apply -f - -else - echo -e "\x1B[1;32mCreating mongo Secret based on custom values for MONGOENTRYPASSWORD, MONGOUSER, MONGOPASSWORD\x1B[0m" - kubectl -n $KUBE_NAME_SPACE create secret generic mongo \ - --from-literal=MONGOENTRYPASSWORD="$MONGOENTRYPASSWORD" \ - --from-literal=MONGOUSER="$MONGOUSER" \ - --from-literal=MONGOPASSWORD="$MONGOPASSWORD" \ - --dry-run -o yaml | kubectl apply -f - -fi - -} -function createLDAPSecret(){ - -if [[ $LDAP == "y" && $LDAP_PASSWORD != "" ]]; then - echo -e "\x1B[1;32mAbout to create LDAP Secret....\x1B[0m" - echo -e "\x1B[1;32mCreating LDAP Secret....\x1B[0m" - export LDAP_PASSWORD_DECODE=$(echo $LDAP_PASSWORD | base64 --decode) - kubectl -n $KUBE_NAME_SPACE create secret generic baca-ldap \ - --from-literal=LDAP_PASSWORD="$LDAP_PASSWORD_DECODE" \ - --dry-run -o yaml | kubectl apply -f - -fi - -} -function createBaseDbSecret(){ -echo -e "\x1B[1;32mAbout to create secret for Base DB....\x1B[0m" -if [[ -z $BASE_DB_PWD ]]; then - echo -e "\x1B[1;32m Cannot find BASED_DB_PWD from common.sh..Exiting !!\x1B[0m" - exit 1 -else - echo -e "\x1B[1;32mCreating Base DB secret....\x1B[0m" - kubectl -n $KUBE_NAME_SPACE create secret generic baca-basedb \ - --from-literal=BASE_DB_PWD="$BASE_DB_PWD" \ - --dry-run -o yaml | kubectl apply -f - -fi -} - -function createRabbitmaSecret(){ -echo -e "\x1B[1;32mAbout to create secret for RabbitMQ....\x1B[0m" - -export rabbitmq_admin_password=$(openssl rand -base64 10 | tr -d "=+/" | cut -c1-29) -export rabbitmq_erlang_cookie=$(openssl rand -base64 32 | tr -d "=+/" | cut -c1-29) -export rabbitmq_password=$(openssl rand -base64 10 | tr -d "=+/" | cut -c1-29) -export rabbitmq_user=$(openssl rand -base64 6 | tr -d "=+/" | cut -c1-29) -export rabbitmq_management_password=$(openssl rand -base64 10 | tr -d "=+/" | cut -c1-29) -export rabbitmq_management_user=$(openssl rand -base64 6 | tr -d "=+/" | cut -c1-29) - -kubectl -n $KUBE_NAME_SPACE create secret generic baca-rabbitmq \ ---from-literal=rabbitmq-admin-password="$rabbitmq_admin_password" \ ---from-literal=rabbitmq-erlang-cookie="$rabbitmq_erlang_cookie" \ ---from-literal=rabbitmq-password="$rabbitmq_password" \ ---from-literal=rabbitmq-user="$rabbitmq_user" \ ---from-literal=rabbitmq-management-password="$rabbitmq_management_password" \ ---from-literal=rabbitmq-management-user="$rabbitmq_management_user" \ ---dry-run -o yaml | kubectl apply -f - - - -} - -function createRedisSecret(){ -echo -e "\x1B[1;32mAbout to create secret for Redis....\x1B[0m" -export redis_password=$(openssl rand -base64 10 | tr -d "=+/" | cut -c1-29) -kubectl -n $KUBE_NAME_SPACE create secret generic baca-redis \ ---from-literal=redis-password="$redis_password" \ ---dry-run -o yaml | kubectl apply -f - -} \ No newline at end of file diff --git a/BACA/configuration/delete_ContentAnalyzer.sh b/BACA/configuration/delete_ContentAnalyzer.sh deleted file mode 100755 index a116f33b..00000000 --- a/BACA/configuration/delete_ContentAnalyzer.sh +++ /dev/null @@ -1,118 +0,0 @@ -#!/usr/bin/env bash -# -# Licensed Materials - Property of IBM -# 6949-68N -# -# © Copyright IBM Corp. 2018 All Rights Reserved -# - -. ./common.sh -. ./bashfunctions.sh - -today=`date +%Y-%m-%d.%H:%M:%S` -echo $today - -if [ -z "$KUBE_NAME_SPACE" ] -then - echo -e "\x1B[1;31mThe KUBE_NAME_SPACE is not set. The script will exit. To delete everything in the IBM Business Automation Content Analyzer namespace, set the KUBE_NAME_SPACE variable to the name of the namespace where IBM Business Automation Content Analyzer is deployed and rerun. :\x1B[0m" - exit -fi - -if [ $KUBE_NAME_SPACE == "default" ] -then - echo -e "\x1B[1;31mThe KUBE_NAME_SPACE is set to default. The script will exit. We cannot delete all resources from the default namespace. To delete everything in the IBM Business Automation Content Analyzer namespace, set the KUBE_NAME_SPACE variable to the name of the namespace where IBM Business Automation Content Analyzer is deployed and rerun. :\x1B[0m" - exit -fi - -# confirm they want to delete -echo -echo -e "\x1B[1;31mThis script will DELETE all the resources, including services, deployments, and pvc, in the namespace : $KUBE_NAME_SPACE . And then delete the namespace $KUBE_NAME_SPACE \x1B[0m" -echo -echo -e "\x1B[1;31mPlease only execute if you are SURE you want to DELETE everything from your namespace $KUBE_NAME_SPACE . \x1B[0m" -echo -echo -e "\x1B[1;31mWARNING: Please note that on ICP this script may not be able to successfully remove all the pods. The pods and the namespace might be left in 'terminating' state . \x1B[0m" -echo - -while [[ $deleteconfirm != "y" && $deleteconfirm != "n" && $deleteconfirm != "yes" && $deleteconfirm != "no" ]] # While deleteconfirm is not y or n... -do - echo -e "\x1B[1;31mWould you like to continue (Y/N):\x1B[0m" - read deleteconfirm - deleteconfirm=$(echo "$deleteconfirm" | tr '[:upper:]' '[:lower:]') -done - - -if [[ $deleteconfirm == "n" || $deleteconfirm == "no" ]] -then - exit -fi - -#Logon to kubectl -loginToCluster - - -echo "----- Deleting Celery ..." -cwd=$(pwd) - -#export HELM="./helm-chart/baca-celery" -#export HELM1="./helm-chart/baca-userportal" -#echo -#echo "cd ${HELM}" -#cd ${HELM} - -echo -if [[ $USING_HELM == "y" || $USING_HELM == "yes" ]]; then - if [[ $ICP_VERSION == "3.1.2" ]]; then - echo "helm delete celery${KUBE_NAME_SPACE} --purge --tls" - helm delete celery${KUBE_NAME_SPACE} --purge --tls - fi - if [[ $OCP_VERSION == "3.11" ]]; then - echo "helm delete celery${KUBE_NAME_SPACE} --purge --tiller-namespace tiller" - helm delete celery${KUBE_NAME_SPACE} --purge --tiller-namespace tiller - fi -fi -echo -echo "sleep for 120 secs to wait for celery pods to complete termination...." - -sleep 120 -# -#echo -#echo "return to previous directory: ${cwd}" -#cd ${cwd} - -echo ----- Deleting all BACA resources from namespace : $KUBE_NAME_SPACE -set +e -kubectl delete -n $KUBE_NAME_SPACE --all deploy,svc,pvc,pods --force --grace-period=0 -kubectl delete -n $KUBE_NAME_SPACE secret baca-ingress-secret baca-secrets$KUBE_NAME_SPACE baca-userportal-ingress-secret baca-mongo baca-mongo-admin baca-ldap baca-basedb baca-rabbitmq baca-redis -if [[ $ICP_VERSION == "3.1.2" ]]; then - kubectl delete -n $KUBE_NAME_SPACE rolebinding baca-clusterrole-rolebinding - kubectl delete -n $KUBE_NAME_SPACE clusterrole baca-anyuid-clusterrole - kubectl delete -n $KUBE_NAME_SPACE psp baca-anyuid-psp -fi -set -e - - - - -# only delete PVC for internal/dev env. -if [[ $PVCCHOICE == "1" ]]; then - echo ---- Deleting persistent volumes. - count=`kubectl -n $KUBE_NAME_SPACE get pv | awk {'print $1'}| grep ^sp-.*${KUBE_NAME_SPACE}$|wc | awk {'print $1'}` - if [[ $count != "0" ]]; then - kubectl -n $KUBE_NAME_SPACE delete pv `kubectl -n $KUBE_NAME_SPACE get pv | awk {'print $1'}| grep ^sp-.*${KUBE_NAME_SPACE}$` - fi - echo ---Clean up all pvc subdirectories. You need to run setup.sh or init_deployment.sh again to have these directories re-created. -# ssh root@$NFS_IP rm -rf /exports/smartpages/$KUBE_NAME_SPACE/* - if [ -z "$SSH_USER" ]; then - export SSH_USER="root" - fi - - if [ "$SSH_USER" == "root" ]; then - export SUDO_CMD="" - else - export SUDO_CMD="sudo " - fi - ssh $SSH_USER@$NFS_IP "$SUDO_CMD rm -rf /exports/smartpages/$KUBE_NAME_SPACE/*" - - -fi - diff --git a/BACA/configuration/generateMemoryValues.sh b/BACA/configuration/generateMemoryValues.sh deleted file mode 100755 index 0e6cf3ea..00000000 --- a/BACA/configuration/generateMemoryValues.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/env bash -# -# Licensed Materials - Property of IBM -# 6949-68N -# -# © Copyright IBM Corp. 2018 All Rights Reserved -# -. ./bashfunctions.sh -. ./common.sh - -echo -e "\x1B[1;32mThis will generate recommended values for setting memory resources in Business Automation Content Analyzer (CA) product.\x1B[0m" -echo -e "\x1B[1;32mUse \"distributed\" flag when you have an distribute environment where mongo DB, mongo-admin DB, and CA processing components are their own nodes. Otherwise, use \"limited\" flag \x1B[0m" -echo -e "\x1B[1;32mThese values may need to be adjusted depending on your workload\x1B[0m" - - -if [[ -z $1 ]]; then - echo -e "\x1B[1;31mYou need to pass in either \"distributed\" or \"limited\" to use this script\x1B[0m" - exit 1 -fi - - -if [[ $1 == "distributed" ]]; then - calMemoryLimitedDist - calNumOfContainers -elif [[ $1 == "limited" ]]; then - calMemoryLimitedShared - calNumOfContainers -fi \ No newline at end of file diff --git a/BACA/configuration/init_deployments.sh b/BACA/configuration/init_deployments.sh deleted file mode 100755 index 37c3ae7a..00000000 --- a/BACA/configuration/init_deployments.sh +++ /dev/null @@ -1,95 +0,0 @@ -#!/usr/bin/env bash -# -# Licensed Materials - Property of IBM -# 6949-68N -# -# © Copyright IBM Corp. 2018 All Rights Reserved -# - -. ./common.sh -. ./bashfunctions.sh -. ./createSSLCert.sh - -# Login (if necessary) -loginToCluster - -#Creating psp and clusterrole for BACA - - - -# Create Kube namespace -echo "\x1B[1;32mCreating $KUBE_NAME_SPACE namespace \x1B[0m" -if [[ $ICP_VERSION == "3.1.0" || $ICP_VERSION == "3.1.2" ]]; then - kubectl create namespace $KUBE_NAME_SPACE -fi - -if [[ $OCP_VERSION == "3.11" ]]; then - oc new-project $KUBE_NAME_SPACE - oc project $KUBE_NAME_SPACE -fi - -if [[ $ICP_VERSION == "3.1.2" ]]; then - checkPsp=$(kubectl get psp |grep baca |wc -l) - - if [[ $checkPsp == "0" ]]; then - - echo -e "\x1B[1;32mCreating psp and clusterrole for BACA\x1B[0m" - kubectl -n $KUBE_NAME_SPACE apply -f ./baca-psp.yaml - echo -e "\x1B[1;32mCreating rolebinding for BACA\x1B[0m" - kubectl -n $KUBE_NAME_SPACE create rolebinding baca-clusterrole-rolebinding --clusterrole=baca-anyuid-clusterrole --group=system:serviceaccounts:$KUBE_NAME_SPACE - - fi -fi - -if [[ $OCP_VERSION == "3.11" ]]; then - # Allows images to run as the root UID if no USER in specified in the Dockerfile. - oc adm policy add-scc-to-group anyuid system:authenticated -fi - -#label nodes -if [[ ($LABEL_NODE == "y" || $LABEL_NODE == "Y") ]]; then - customLabelNodes -else - echo -e "\x1B[1;32mLABEL_NODE and LABEL_NODE_BY_PARAM parameters are not defined. Therefore, you must label your nodes accordingly\x1B[0m" -fi - - -# Create nfs, and pv/pvc -#getNFSServer - -#Check and rename DB2 cert to db2-cert.arm when DB_SSL=y -if [[ ($DB_SSL == "y" || $DB_SSL == "Y") && ($DB_CRT_NAME != 'db2-cert.arm') ]]; then - echo "renaming DB2 Cert name from $DB_CRT_NAME to db2-cert.arm" - cp $DB_CRT_NAME db2-cert.arm -fi - -#Create SSL cert and secret -createSSLCert -createSecret -createMongoSecrets -createLDAPSecret -createBaseDbSecret -createRabbitmaSecret -createRedisSecret -if [[ $PVCCHOICE == "1" ]]; then - echo -e "\x1B[1;32mSetting up PV/PVC storage\x1B[0m" - getNFSServer - ./init_persistent.sh -fi - - -#Helm client download and initialization -if [[ $USING_HELM == "y" || $USING_HELM == "yes" ]]; then - if [[ -z $HELM_INIT_BEFORE || $HELM_INIT_BEFORE == "n" || $HELM_INIT_BEFORE == "no" ]]; then - - # setup helm client - downloadHelmClient - - # setup helm on cluster - helmSetup - - # ensure tiller-deploy is successful on cluster - checkHelm - fi -fi - diff --git a/BACA/configuration/init_persistent.sh b/BACA/configuration/init_persistent.sh deleted file mode 100755 index a731d486..00000000 --- a/BACA/configuration/init_persistent.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/env bash - -# -# Licensed Materials - Property of IBM -# 6949-68N -# -# © Copyright IBM Corp. 2018 All Rights Reserved -# - -. ./common.sh - - -cat sppersistent.yaml | sed s/\$NFS_IP/"$NFS_IP"/ | sed s/\$KUBE_NAME_SPACE/"$KUBE_NAME_SPACE"/ | sed s/\$DATAPVC/"$DATAPVC"/ | sed s/\$LOGPVC/"$LOGPVC"/ | sed s/\$CONFIGPVC/"$CONFIGPVC"/ |kubectl apply -f - - diff --git a/BACA/configuration/renewCert.sh b/BACA/configuration/renewCert.sh deleted file mode 100755 index dbaf4e47..00000000 --- a/BACA/configuration/renewCert.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/usr/bin/env bash -# -# Licensed Materials - Property of IBM -# 6949-68N -# -# © Copyright IBM Corp. 2018 All Rights Reserved -# - -. ./common.sh -. ./bashfunctions.sh -. ./createSSLCert.sh - - -today=`date +%Y-%m-%d.%H:%M:%S` -echo $today - - -# confirm they want to delete -echo -echo -e "\x1B[1;31mThis script will RENEW all the certificates for IBM Business Automation Content Analyzer in $KUBE_NAME_SPACE \x1B[0m" -echo -echo -e "\x1B[1;31mThe script will delete ALL the IBM Business Automation Content Analyzer pods in $KUBE_NAME_SPACE. Therefore, you must make sure to backup your ontology,etc... and make sure there are no activities on the system \x1B[0m" -echo -ls -al *.pem > /dev/null -if [[ $? == "0" ]]; then - echo -e "\x1B[1;31mBased on the PEM files in the $PWD, the expirations date for them are: \x1B[0m" - - for pem in ./*.pem; do - printf '%s: %s\n' \ - "$pem expries on" \ - "$(date --date="$(openssl x509 -enddate -noout -in "$pem"|cut -d= -f 2)" --iso-8601)" - done -else - echo -e "\x1B[1;31mWe could not find any existing PMR files in $PWD \x1B[0m" -fi - -while [[ $renewConfirm != "y" && $renewConfirm != "n" && $renewConfirm != "yes" && $renewConfirm != "no" ]] # While deleteconfirm is not y or n... -do - echo -e "\x1B[1;31mWould you like to continue (Y/N):\x1B[0m" - read renewConfirm - renewConfirm=$(echo "$renewConfirm" | tr '[:upper:]' '[:lower:]') -done - - -if [[ $renewConfirm == "n" || $renewConfirm == "no" ]] -then - exit -else - loginToCluster - createSSLCert - createSecret - echo -e "\x1B[1;31m Deleting all Content Analyzer's pods ... " - kubectl -n sp delete --all pods --force --grace-period=0 -fi \ No newline at end of file diff --git a/BACA/configuration/sppersistent.yaml b/BACA/configuration/sppersistent.yaml deleted file mode 100644 index 03bfc6d3..00000000 --- a/BACA/configuration/sppersistent.yaml +++ /dev/null @@ -1,83 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: sp-data-pv-$KUBE_NAME_SPACE - namespace: $KUBE_NAME_SPACE -spec: - accessModes: - - ReadWriteMany - capacity: - storage: 60Gi - nfs: - path: /exports/smartpages/$KUBE_NAME_SPACE/data - server: $NFS_IP - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: $DATAPVC - namespace: $KUBE_NAME_SPACE -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 60Gi - volumeName: sp-data-pv-$KUBE_NAME_SPACE ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: sp-log-pv-$KUBE_NAME_SPACE - namespace: $KUBE_NAME_SPACE -spec: - accessModes: - - ReadWriteMany - capacity: - storage: 35Gi - nfs: - path: /exports/smartpages/$KUBE_NAME_SPACE/logs - server: $NFS_IP - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: $LOGPVC - namespace: $KUBE_NAME_SPACE -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 35Gi - volumeName: sp-log-pv-$KUBE_NAME_SPACE ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: sp-config-pv-$KUBE_NAME_SPACE - namespace: $KUBE_NAME_SPACE -spec: - accessModes: - - ReadWriteMany - capacity: - storage: 5Gi - nfs: - path: /exports/smartpages/$KUBE_NAME_SPACE/config - server: $NFS_IP - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: $CONFIGPVC - namespace: $KUBE_NAME_SPACE -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 5Gi - volumeName: sp-config-pv-$KUBE_NAME_SPACE \ No newline at end of file diff --git a/BACA/docs/DB2_setup.md b/BACA/docs/DB2_setup.md deleted file mode 100644 index e4a67dba..00000000 --- a/BACA/docs/DB2_setup.md +++ /dev/null @@ -1,40 +0,0 @@ -## Creating BaseDB and TenantDB on Db2 - -### Create Content Analyzer BaseDB -After the configuration/DB2 directory has been copied to the Db2 server, run the CreateBaseDB.sh script from the command prompt. ->Note: Run the following scripts with a Db2 user such as db2inst1 who has 'su' privilege. - -#### Procedure: -As prompted, enter the following data: - -- Enter the name of the IBM Business Automation Content Analyzer Base database (enter a unique name of 8 characters or less and no special characters. for example, CABASEDB) -- Enter the name of database user – (enter a database user name that will have full permissions to the base database) – this can be a new or existing Db2 user -- Enter the password for the above user – enter a password each time when prompted. If this is an existing user, this prompt will be skipped - -### Create Content Analyzer Tenant DB -Create the Content Analyzer Tenant DB and add it to the basedb by running the AddTenant.sh script on the Db2 server. - -#### Procedure - -As prompted, enter the following: - - Enter the tenant ID – (an alphanumeric value that will be used by the user to reference the database) - - Enter the name of the IBM Business Automation Content Analyzer tenant database to create - (an alphanumeric value for the actual database name in Db2) - - Enter the host/IP of the database server – (the IP address of the database server) - - Enter the port of the database server – Press Enter to accept default of 50000 (or enter the port number if a different port is required) - - Do you want this script to create a database user – y (for yes) - - Enter the name of database user – (this will be the tenant database user - enter an alphanumeric username with no special characters) - - Enter the password for the user – (enter an alphanumeric password each time when prompted) - - Enter the tenant ontology name – Press Enter to accept 'default' (or enter a name to reference the ontology by if desired) - - Enter the name of the IBM Business Automation Content Analyzer base database (enter the database name given when creating the base database) - - Enter the name of the database user for the IBM Business Automation Content Analyzer base database (enter the base username given when creating the base database) -The remaining values will be used to set up the initial user in IBM Business Automation Content Analyzer - - Enter the company name (enter your company name) - - Enter the first name (enter your first name) - - Enter the last name (enter your last name) - - Enter a valid email address (enter your email address) - - Enter the login name (if using LDAP authentication, enter your username as it appears in the LDAP server) - - Would you like to continue (y for yes) - -Save the TenantID and Ontology name for the later steps. - -Back to prerequisite [Overview](../configuration/README.md) diff --git a/BACA/docs/common_sh_values.md b/BACA/docs/common_sh_values.md deleted file mode 100644 index 54b0991e..00000000 --- a/BACA/docs/common_sh_values.md +++ /dev/null @@ -1,47 +0,0 @@ -## Common.sh parameters - -Review common.sh as a reference sample then copy common_ICP_template.sh or common_OCP_template.sh to common.sh based on your platform. - -Note Since the common.sh contains several passwords, you need to protect it by assigning appropriate permission such as read-only. - -#### common.sh parameters -|Description|Possible values| -|-----------|-----------------------| -SERVER_MEMORY| The amount of memory for Content Analyzer worker nodes 16,32, etc. Required: Yes -MONGO_SERVER_MEMORY| The amount of memory for Content Analyzer mongo node 16,32, etc. Required: Yes -MONGO_ADMIN_SERVER_MEMORY| The amount of memory for Content Analyzer mongoadmin node 16,32, etc. Required: Yes -USING_HELM|Indicate if you want to deploy Content Analyzer with Helm Chart. If given value is "n", will deploy Content Analyzer with Kubernates YAML files "y" or "n". Required: Yes -HELM_INIT_BEFORE|This field is used for installing Helm client for Content Analyzer helm install. Set it to "n" if you are not installing Content Analyzer using Helm. "y" or "n". Required: Yes -ICP_VERSION or OCP_VERSION|ICP version is 3.1.2. OCP version is 3.11 "3.1.2" or "3.11". Required: Yes -KUBE_NAME_SPACE| The K8's namespace that Content Analyzer will be installed on. Any valid namespace. Required: Yes -DOCKER_REG_FOR_SERVICES|This is the Content Analyzer domain used in ICP cluster, docker registry port and your namespace. For example: mycluster.icp:8500/sp where mycluster.icp is the Content Analyzer domain, 8500 is the docker registry port and sp is the namespace you want to install Content Analyzer on. Example:mycluster.icp:8500/sp. Required: Yes -LABEL_NODE |-Content Analyzer (CA) processing components will be deployed on node(s) with label celery=baca
-mongodb will be deployed on node with label mongo=baca
-mongoadmindb will be deployed on node with label mongoadmin=baca
Example: The nodes will have these labels where the namespace is "sp":
-celerysp=baca
-mongosp=baca
-mongoadminsp=baca
You must manually label your nodes per the above guideline if the value of LABEL_NODE is "n". "y" or "n". Required: Yes -CA_WORKERS |A list of comma separated IP address (ICP) or host names (Openshift) of worker nodes to be labeled as "celery=baca". NOTE: You can share the nodes/IP if you have a small cluster for development purposes. Required if LABEL_NODE = "y" -MONGO_WORKERS|A list of comma separated IP address (ICP) or host names (Openshift) of worker nodes to be labeled as "mongo=baca". NOTE: You can share the nodes/IP if you have a small cluster for development purposes. Required if LABEL_NODE = "y" -MONGO_ADMIN_WORKERS|A list of comma separated IP address (ICP) or host names (Openshift) of worker nodes to be labeled as "mongoadmin=baca". NOTE: You can share the nodes/IP if you have a small cluster for development purposes. Required if LABEL_NODE = "y" -ICP_USER or OCP_USER|ICP or OCP username with enough permission to deploy Content Analyzer. Required: Yes -ICP_USER_PASSWORD or OCP_USER_PASSWORD|ICP's or OCP's username password. Must be encoded with base 64. Required: Yes -BXDOMAINNAME|IP address of your ICP's proxy node if you are using ICP. IP address of your OCP's infra node if you are using OCP. Required: Yes -MasterIp|IP address of your ICP's or OCP master node. Required: Yes -PVCCHOICE|Whether to have script create PV/PVC for Content Analyzer. PVCCHOICE=1 means script will create directories. See note below table for more information. Default 1. Required: yes -SSH_USER|User for the script to SSH into the NFS server (NFS_IP) to create the necessary folders. This user must have "sudo" privilege. Not required if you create PV/PVC manually. -NFS_IP|NFS Server IP address. Not required if you create PV/PVC manually. -DATAPVC|Name of the data pvc. If you use a different name you must change it in the values.yaml. Default: sp-data-pvc. Required: Yes -LOGPVC|Name of your log pvc. If you use a different name you must change it in the values.yaml sp-log-pvc. Required: Yes -CONFIGPVC|Name of your config pvc. If you use a different name you must change it in the values.yaml sp-log-pvc. Required: Yes -BASE_DB_PWD|This is the base-64 encoded Content Analyzer base database password. Required: Yes -LDAP|Indicate if you want to integrate Content Analyzer with external LDAP "y" or "n". Required: Yes -LDAP_PASSWORD|This is the base-64 encoded Content Analyzer base database password for the LDAP bind user. Required: Yes (if LDAP) -LDAP_URL|LDAP URL such as ldap://192.168.10.10 for non SSL. For ssl, you can use ldaps://192.168.10.10. Required: Yes (if LDAP) -LDAP_CRT_NAME|The name of the LDAP's server client certificate when using 'ldaps' in the LDAP_URL. For more information on how to generate the required certificate, refer to the LDAP vendor documentation. - -If you select PVCCHOICE=1, the script will perform the following tasks: -1) create the following directories on the NFS server: - - /exports/smartpages//{config,data,logs} - - /exports/smartpages//data/{mongo,mongoadmin} - - /exports/smartpages//config/backend - - /exports/smartpages//logs/{backend,frontend,callerapi,processing-extraction,pdfprocess,setup,interprocessing,classifyprocess-classify,ocr-extraction,postprocessing,reanalyze,updatefiledetail,minio,redis,rabbitmq,mongo,mongoadmin,utf8process}" -2) Change the owner on all folders to 51000:51001 -3) Append all the worker's IP to the /etc/exports file on the NFS server. - -Back to [Init_Deployment](init_deployment.md) \ No newline at end of file diff --git a/BACA/docs/init_deployment.md b/BACA/docs/init_deployment.md deleted file mode 100644 index 3a039915..00000000 --- a/BACA/docs/init_deployment.md +++ /dev/null @@ -1,38 +0,0 @@ -## Create PVs, PVCs, certificates and secrets using init_deployment.sh - -To use the init_deployments.sh script to create preqrequisites: -1) Populate the common.sh file with appropriate values based on the instructions in [common.sh values](./common_sh_values.md) -2) Run the init_deployments.sh script to create objects based on common.sh values -3) Verify the objects were created by running the following commands: - Check pvcs - ```console - # kubectl -n sp get pvc - NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE - sp-config-pvc Bound sp-config-pv-sp 5Gi RWX 4d - sp-data-pvc Bound sp-data-pv-sp 60Gi RWX 4d - sp-log-pvc Bound sp-log-pv-sp 35Gi RWX 4d - ``` - and verify that 3 PVCs were created - - Check secrets - ```console - # kubectl -n sp get secrets - NAME TYPE DATA AGE - baca-basedb Opaque 1 4d - baca-ingress-secret kubernetes.io/tls 2 4d - baca-ldap Opaque 1 4d - baca-minio Opaque 2 4d - baca-mongo Opaque 3 4d - baca-mongo-admin Opaque 3 4d - baca-rabbitmq Opaque 4 4d - baca-redis Opaque 1 4d - baca-secretssp Opaque 14 4d - - ``` - and verify that 9 secrets were created (might only be 7 if not using LDAP or ingress) -4) Run `./generateMemoryValues.sh ` or .`/generateMemoryValues.sh ` - >Note For smaller system (5 worker-nodes or less) where the mongo database pods will be on the same worker node as other pods, use limited option. - - Copy these values for replacement in the values.yaml file if you want to deploy CA using Helm chart, or replacing these values in the ca-deploy.yml file if you want to deploy CA using kubernetes YAML files. - - Back to [Overview](../configuration/README.md) diff --git a/BACA/docs/post-deployment.md b/BACA/docs/post-deployment.md deleted file mode 100644 index 8ab61009..00000000 --- a/BACA/docs/post-deployment.md +++ /dev/null @@ -1,79 +0,0 @@ -## Post Deployment steps for non-ingress setup (Option 1) - -Since OpenShift's router does not support URL rewriting, there are some steps necessary post-deployment to enable accessing -IBM Business Automation Content Analyzer via the node ports exposed by the services. Or if you do not want to use path based ingress on ICP, follow the same steps. - -###### Once deployment is started: - -To find the node port for the backend service, execute: -```console -# kubectl get svc spbackend -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -spbackend NodePort 172.1.1.1 8080:30437/TCP 19h -``` -In the above example, the node port is 30437 -1) Execute: `kubectl edit deploy spfrontend` -2) Look for the BACKEND_PORT environment variable and add the value from the previous step in quotes: - for eaxmple, - `- name: BACKEND_HOST` -   `value: myopenshift1.com` - `- name: BACKEND_PROTOCOL` -   `value: https` - **`- name: BACKEND_PORT` -   `value: "30437"`** -3) Ensure that the BACKEND_PATH and FRONTEND_PATH variables are blank (for example, no values) - for eaxmple, - ` - name: BACKEND_PATH` - `- name: FRONTEND_PATH` - `- name: FRONTEND_HOST` -   `value: myopenshift1.com` - -4) Save the changes. This should cause the spfrontend pods to restart. -5) Look at the service list again and note the node port of spfrontend service (for eaxmple, `kubectl get svc spfrontend`). -6) Access Content Analyzer using the URL: `https://:/?tid=&ont= ` - (tenant id and ontology defined when adding tenant to base Db2 database) - - -## Post Deployment steps for OpenShift route setup (Option 2) - -You can also deploy IBM Business Automation Content Analyzer using an OpenShift route as the ingress point to expose the frontend and backend services via an externally-reachable, unique hostname such www.backend.example.com and www.frontend.example.com. -A defined route and the endpoints identified by its service can be consumed by a router to provide named connectivity that allows external clients to reach your applications. - -Run the command below to create appropriate routes for the services. - -###### Once deployment is started: - -1) To create a route for the frontend service, execute: - ```console - # oc create route passthrough --insecure-policy=Redirect --service=spfrontend --hostname= - ``` - > **Sample**: oc create route passthrough spfrontend-route --insecure-policy=Redirect --service=spfrontend --hostname=www.ca.frontendsp - -2) To create a route for the backend service, execute: - ```console - # oc create route passthrough --insecure-policy=Redirect --service=spbackend --hostname= - ``` - > **Sample**: oc create route passthrough spbackend-route --insecure-policy=Redirect --service=spbackend --hostname=www.ca.backendsp - > **Note**: A route name is limited to 63 characters, and router hostname given a wildcard DNS entry and must be unique. - -3) Add the frontend router hostname and backend router hostname, that were specified at steps 1 & 2 above, to your client hosts file or DNS server, so that external client can reach endpoint by name. Two DNS entries should point to OpenShift's Infra node IP address.   - -4) Edit the spfrontend deployment - - Execute: `kubectl edit deploy spfrontend` - - Look for the BACKEND_HOST environment variable and change the value to hostname of backend router that specified in the setp 2 in quotes: - for eaxmple, - **`- name: BACKEND_HOST` -   `value: www.ca.backendsp`** - - Ensure that the BACKEND_PATH and FRONTEND_PATH variables are blank (for eaxmple, no values) - for eaxmple, - ` - name: BACKEND_PATH` - `- name: FRONTEND_PATH` - - - Save the changes. This should cause the spfrontend pods to restart. - -5) Access backend endpoint to accept certificate using the URL: `https://` (backend_router_hostname defined when creating route for the backend service) - - **Note**: If the content **WORKS** appears in the page, it means the backend route is working. - -6) Access frontend endpoint to accept certificate using the URL: `https:///?tid=&ont= ` -(frontend_router_hostname defined when creating route for the frontend service. tenant id and ontology defined when adding tenant to base Db2 database) diff --git a/BACA/docs/values_yaml_parameters.md b/BACA/docs/values_yaml_parameters.md deleted file mode 100644 index 1b6af90a..00000000 --- a/BACA/docs/values_yaml_parameters.md +++ /dev/null @@ -1,121 +0,0 @@ -## Populating values.yaml with correct values - -1.      Copy template.yaml to values.yaml -2.      Edit values.yaml and fill in values for the following items. - -Note that anything not documented here typically does not need to be changed. - -##### GLOBAL OPTIONS: -The following variables are used in multiple places. Perform a global search and replace with the correct information (for example, in vi - `:%s/$REGISTRY_NAME/docker-registry.default.svc:5000\/sp/g`): - -|Tag|Description| -|----|----| -$REGISTRY_NAME  |refers to the name of the local registry where IBM Business Automation Content Analyzer images have been loaded, in the format `/` (for example, docker-registry.default.svc:5000/sp or mycluster.icp:8500/baca).  There are 18 occurrences of this tag in the values.yaml that need to be updated.   -$VERSION_TAG |refers to the version tag of the docker images loaded into the registry (for example, 1.0.1-gm).  There are also 18 occurrences of this value in values.yaml that need to be updated. -$CELERY_REPLICAS |determines the number of celery pods to start. Recommended value is 1 per worker node. 11 occurrences of this value -$NON_CELERY_REPLICAS |determines the number of pods for non-celery. Recommended value is 1 per worker node. 2 occurrences of this value. -$KUBE_NAME_SPACE |the kubernetes namespace or Openshift project where Content Analyzer will be deployed. 5 occurrences of this value. - -##### RESOURCE LIMIT OPTIONS: -You can define resource limits for each of the pods based on available memory on the worker/compute nodes to ensure better operating efficiency. -Use the sample configuration script, [generateMemoryValues.sh](../configuration/generateMemoryValues.sh), to determine the appropriate values for each of the following based on your environment: -The following values need to be set: - -$CALLERAPI_LIMITED_MEMORY -$SETUP_LIMITED_MEMORY -$OCR_EXTRACTION_LIMITED_MEMORY -$CLASSIFY_LIMITED_MEMORY -$PROCESSING_EXTRACTION_LIMITED_MEMORY -$POST_PROCESS_LIMITED_MEMORY -$INTER_PROCESSING_LIMITED_MEMORY -$PDF_PROCESS_LIMITED_MEMORY -$UTF8_PROCESS_LIMITED_MEMORY -$REANALYZE_LIMITED_MEMORY -$UPDATEFILE_LIMITED_MEMORY -$FRONTEND_LIMITED_MEMORY -$BACKEND_LIMITED_MEMORY -$MINIO_LIMITED_MEMORY -$REDIS_LIMITED_MEMORY -$RABBITMQ_LIMITED_MEMORY -$MONGO_LIMITED_MEMORY -$MONGO_ADMIN_LIMITED_MEMORY -$MONGO_WIREDTIGER_LIMIT #note this value should just be entered as a number only in GB (for example, .3 and not .3Gi or 300Mi) -  - -##### LDAP INTEGRATION OPTIONS: -If integrating with an LDAP repository for logon, set the following: ->Note that if not using LDAP, then the ldap: setting under spbackend and spfrontend needs to be set to FALSE and the rest of the values left blank) - -###### spfrontend: -- ldap: TRUE OR FALSE depending on whether you are using LDAP - -###### spbackend: -- ldap: TRUE OR FALSE depending on whether you are using LDAP -- ldapFilter: search filter to find user.  Use ‘{{username}}’ as substitution variable for example, (&(cn={{username}})(objectClass=person)) -- ldapDn: dn of bind user (for example, cn=root) -- ldapURL: URL of ldap server (for example, ldap://xx.xx.xx.xx -- ldapPort: ldap port (for example, 389) -- ldapBase: ldap search base   -- userName: username of initial user -- ldapCrtName: if using LDAPS, specify certificate from LDAP server -- ldapSelfSignedCert: Y if using a self-signed certificate. N otherwise - -##### DB2 Parameters: -Set the following parameters on spbackend to tell IBM Business Automation Content Analyzer how to connect to the Base DB on Db2: -###### DB2 Base DB connection info -- baseDB: name of the base database created on Db2 (for example, CABASEDB) -- baseDBServer: host name of the Db2 server -- baseDBPort: listener port for the Db2 server -- baseDBUser: user to log into Db2 and access Base DB - >Note the password for above user is stored in secret baca-basedb created by init_deployment.sh script or manually. - -##### DEPLOYMENT SPECIFIC OPTIONS: - -Some deployments require additional settings as described below: - -###### spbackend: -- backendPath: #leave blank for most deployments -- backendPort: 8080 #leave at default for most deployments -- nodeTLSRejectUnauthorized: 0 or 1 depending on whether self signed certificate if used for SSL. Generally left at 0 - ->Note: Several parameters in spfrontend depend upon whether you wish to use path based ingress (for ICP only) or simply access the app via exposed node ports. If not using ingress in ICP, or using Openshift, be sure there are no values for backendPath & frontendPath, and values for backendPort will need to added post deployment see [Post Deployment Steps](post-deployment.md) -###### spfrontend: -- backendHost: domain used in URL to access backend. Usually the same as BXDOMAINNAME which is usually the name/address of the proxy or infra node.  If using ingress with non-default port (80/443), then include port in hostname (for example, my.domain.com:444)   -- backendPort: for non-ingress solution, enter the node port of the spbackend service, otherwise leave blank -- backendPath: if using path based ingress, specify the path (for example, in http://my.domain.com/backendsp/ path would be 'backendsp'). Note that port and path are mutually exclusive. Only one should be specified. -- frontendHost: domain used in URL to access frontend. Similar to backend_host -- frontendPath: if using path based ingress, specify the path for frontend -- nodeTLSRejectUnauthorized: :0 or 1 depending on whether self signed certificate if used for SSL -- sso:  0 or 1 depending on whether you need to authenticate through another portal (for example, in IBM cloud) -- bxDomainName: domain name used to access frontend/backend -  -###### ingress: -- enabled: TRUE OR FALSE to indicate that path based ingress should be used on ICP (OCP's router does not support url rewriting and consequently will not work with path based ingress) --  $HOST_NAME – if ingress enabled, specify the host name used to access   -   -###### nodeSelector: -label applied to nodes targeted to run celery workers. Default value created by init_deployment.sh is `celery: baca` - -for example, -nodeSelector: -  celerysp: baca                    - -###### global: -  configs: -   - claimname: enter name of PVC for config files created earlier. Default sp-config-pvc -  logs: -   - claimname: enter name of PVC for log files created earlier. Default sp-logs-pvc -    - logLevel: blank or debug to enable additional logging -  data: -   - claimname: enter name of PVC for data files created earlier. Default sp-data-pvc -  celery: -   - processTimeout: 300 #timeout for OCR processing -  namespace: -   - name: #kubernetes namespace where IBM Business Automation Content Analyzer is to be deployed -  - sslValidate: false #true or false depending on whether you are using a self signed SSL certificate or not (false=self signed) -  mongo: -   nodeSelector: -     - mongosp: baca 'label applied to nodes targeted to run mongo pod. Default value is "mongo: baca" -  mongoadmin: -   nodeSelector: -     - mongo-adminsp: baca 'label applied to nodes targeted to run mongo-admin pod. Default value is "mongo-admin: baca" diff --git a/BACA/helm-charts/README.md b/BACA/helm-charts/README.md deleted file mode 100644 index e195b660..00000000 --- a/BACA/helm-charts/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Instruction to deploy IBM Business Automation Content Analyzer with Helm charts - -- Extract [ibm-dba-baca-prod-1.2.0.tgz](./ibm-dba-baca-prod-1.2.0.tgz) for non-HA deployment and reference the readme in ibm-dba-baca-prod/README.md after extraction. - -- Extract [ibm-dba-baca-prod-1.2.0_ha.tgz](./ibm-dba-baca-prod-1.2.0_ha.tgz) for HA deployment and reference the readme in ibm-dba-baca-prod/README.md after extraction. diff --git a/BACA/helm-charts/ibm-dba-baca-prod-1.2.0.tgz b/BACA/helm-charts/ibm-dba-baca-prod-1.2.0.tgz deleted file mode 100644 index 00c784762e90803d5481a91aef5578c893febda3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 68191 zcmV)nK%KuIiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYMa~nC5D7v2&vHt->_nDUFlGMYm9?i_2ON+G4ZHeR|DSLc2 zHXL9TNMc+pR0Al8JOH}atwf5W8WB0VQJrw264{GW}}_F3Z~W-5|A)9|Q6UbAFHB7-7iE+mOr zmWVY^7o`8JeQqMYJG4<})T!rkOfeiWNI2ORY0?etdj;d)wx-RXY-^W17-r zt$C!5b9KzpW6h#vDiX0+AG1_5nMtl#D-x+@scx-kN*8R!Qhj{zfvs^}de&mTWN zt)BlUPfj1s|F`%&B3(A8d7=sKJDh4|&T(eWar@vAnJ&2^ToFp%b*?U3b0Jq$YZj9^ zPnc=YWl=&UBR5oXI!o~M<(5QY95QX2N5;Li)Q@% zfDk-`{?P#;l4U}1E#&%~tkzMIE6rq^N7?xgPft#c|7_k+8I9O~9A{EQOevl&4hYe7 zaZdhhkEo`L|2QBd%addz5+1G3Nhi6bYjr@#PdUr|nD22=#pDf-*r0AU36JQ7$Wwhz zzPspM_Qvntk9(ub{zYeUK*)-IyiVy2<%t1>ZFdT9Dv`^GDYHyM9udiY%9+ysZ$egV z19tOK*)?L)_rkK z{)}JD)Bo^~CrsWjc~1V^eWBnhjbq7_Dq4($)aT@>IkW!RwSsqwKU}BrY%;k#C*+aR z(p-8iJT>H2rNr^hrhSEgx{ikM9=Cu85Mq%b|FDWnXAK zJvq7Jjk`~_QUVa}V;3N251WVW=bZh6gGi(*Uoi;_ZP`aRbYTh6Cv0BR;wVgqV^w|`FgiizAD;-_$n)SToyudzBpv4d0)lIE+oLVhq%C1D&|pwdhz(z4c02j5s_?FF!GnhZ4t@$m2OIau9@(!8{(%= zo|HizB~&RsUt45sxxaq}$X%J*`_k0PV*0K{{JJ-!N?8iHeZiCPC0Hci#m)nxS|3vkDuN#Z9W?dQNM2F!>oHTx5vgR~3M_qAd%(Sk&h zQOyWVNgtaN$s!@+wwY97H^<1<_G>GYv=0sziI~yE{6y1KXs~D5mYEcB9_fD9i1yDP zKX3KV9=Bd}E;^0yXGGFQ|HT!#NJJi!5&Zy){lY#*TI5BpcxomWJiS0e8|ffDk)>_} z%itf|ULS3Lykc7N=$tf0BQvF=4+Trc*`dIGbR#N3-DkSylvGiPkN__XQfijAmJw?Y

CZ`?Dy9h~lBTg(fxXAHB)2?C$c&K%OPQpa#qKTN#LU@!_dgOs>^jcFXTeEx z`t;y8mC&0qk+eTq(yAO;wU2+wh0IsyW9D1Ce)#3yK!{kv(A%^8b4F{AtDi+-RA~y=(ZSC@w+Nq;_8W8x zvfOXmUQgs7|2Q~sUR{6gkBE@OGqT5y6aV>V|2}fIZBGW_8~MjSj{mpj@n8O|SxQq) z`rZHdy-4+6{wz`ru3*G+#%4CmTwrG0zBAjUB5m1;q0ZBKrL9=1o91Gcj8Msl5-UcO zW|<->GfSp&4Mv?-(cWC;xHtCM}Rfc73 zWg>2+B4)?r569+s8Z?dBoTrR543YtYStUx_G<1VD3?@JN{Bf;~yJNdOw@mX-x#3~D zx#a0$5-nMrCp=yB7pd@%dmmYpgM%x)12ivNBz0EF}#1oDo-@e5(axPVF`=0kW(gCicqCQ#Elq8Zn<8T zb_uvv)x<8f5t@u3m5G={G&Lfm!l7AA%w<3*ylt)|k%ET-$Xy#lazzx?T+KO)QRaHI zd)6zeqh;@7W-bvf()vl4#<=&KMVhS5#A%Xj4(Hyio%D^7;)uwMEG?uuC;hZZ211*E zdLOycs!6(nse#b&XOq0rO>(KNu&^<8C#|$L=1~ZfE%Je_&&iBw+Ag0-Dx;-uM*OtQ ztb)fVRTupk)RQz_F!J38wr-N|ZfHWz|5D`)Oy>^8iWm8uEHpWUcmBr+tZ76}$^Q_Z z>LYSeZr>t5{|sYnc4Lo0&7)5{Bs-2C4D$(V-hZ_%a?AK)sn21(HEoNfA_*!h7{1-k z*KA2?GitZtm%bMNWj;Ikza>jDCe>%Me|PbJPoA7UuJV6RpFe)!|Gvcs_`e&z0(TMc z=r=d=UseVzpz#52&a^t{eavVYWEsIh(O9~kXF$E0uI_3 zX*Mu@Ig)5v4sV#0JZ7GtJ$npa`D&8S=lmmSw2ICQxo9ETKK{eOg*CkRG3I%atjSL~ zO}M#M3C%K?eEZ-n!``92He;BDC^BOa&6SlFix4JU@|?3IRv=9#s53*|FIVJnwgzx? z2NToQ$c=`}INA*vGrux)zJr0z|FS=r+?$!?sh*R@|5C00r5dC?W+08?o7nBWAo`nv zX-LO@)lmHn!BpilJlxLYRRh?a;AyxQ8~4P#-z1P&%+>uNWZt?bcz%n}S@D#MdqW4_ z`nt#ic5yI;{7L`?Q`rhA(trlv3MMVEbp47TgY(&rN5QP`3!`6}75ha#yZC=pJh!|j z(5J=(-x2?N_WXGz{{QUc@$(1$?>G5`@&7c-)bY*f!3Unk=cMb+4hJiysWZ8vtu?Ue z6zE}%IR}I!bjF;Y6V0+a+Y^)`uwB5J*&iid3ixyBhOiBmOma;Zl@`{;%?}|~nMhfx z@0gAuMCS*g1If=ndy?6B(x`bgw8!Ic$|~H>54^VJG62ecU{P99%@$UdjRyX)ND`hd zuE7Hlp%XrF-LL4!NiGdUPKzgjTj7?mYkUuJDvm1H^#lk37W&fC_TBTnw)Q?d=iBc> zroHi{#{I5NqnEQfonG-~S>@>TU|wyP8~NdcDjTgEi&+G_|Z(HQQlnVJ>k&dMkM)) z1r{4TfQeWXJLLQa^&4n>kx*WO8@Nafs@JyN??fzA+dENJNl_T<2GqcJi+_j1DDT;R zPOPyPUfKU7nZ*y7z7_IA+11nhFzR`1rI~dY)woBq5>+G^iLm!q!pYQ}saF2@Uh1Ng{4XlHc%zEm%)QG@+OoD%=E%m#$e{_p4+y9;V6K z?8i% zx4jf;;68Y$uMBflL7mOhO~6qzPqoe1aYN;CA{NJc(;Jn~@YTKFa9gvv8QX|KWs;3! zrX%ohQVmk%4>I!pcdv(6Jy0*;HCsR`=!~T|Re<8Sqha^`pmWu$Y$?#?mr`up76erg zV>YiN+VC6B*zvRN)CJ~LhrS%XdOzw+U)K%&DcchEd)a%_yR7ec3&D0CvDQm{btaRy z!*TbQo@XTl1wU5E`mTa%sNa9x*|u-v-sJjnI@x~c8ZM&b{P@@l8P!oXc%v4K+gj4| zvuBT=|FM4iaqRb3oyoK}-i?!6)`c-Cz|IV68Nup+-TvhL>&}*ynp?WD0aWL@`$^D) zY3`s|73+&3SS=f9W8k(qnLuK#pUPK8QZW2%#ZcJv8uU!~4NI9)BPnLAJcbdPI8C}N zq3a2YL>jAe@~k3WG08>je|=ox?=%K+_}|Y?D!c^vL{FEJsijEbLb-&WIps+%S@8SQ za`#a-5zz;xtH8|>#}ai2)6Ry2*z$$vGXTqcbsX|(=o{{N~s zHUBs#*poK=cMkNv*=V(R3OqY&{C5dHJ|N7T3Gt4ul3EeLHUqb?n5CMWo`I*^zwM|0 z_aVDqNB@8J`0>f6{{PuS{?Bjn`F#CLBy2OaR5$U&#bezwOn{y{8Fad#AhcX@87)FakUn0UnG14@Q7H;aGv> zcFKgG-=+~j3rQF33yo?+#P=B(v_`()d)XfD6tF8p*+|mX{R|!`)0N+K+xM?)*4T9j zYRnoXW~$z-Q8d{!YwXhF7w>J;<3AWhN=A{L!ezKoTZGGC$zR?;V(AchgsEA8;DdPq zUxZdoLTBQp43?6O;)cp&+mXv?->7H+tmUN0SXG?}(526tMy*o(E@HI3m%63wVOMH+ z3&wpxvCCfc+cV_c0f(<^wV6zZYTv_gIi&-$Az9LUs%RIqLTu;Ck{2YcLnV-YayNYSupBWP>b)jVdY&GBgB(^XjKTPw$Dno*J;btG&A#ZJtF3Eh1^w3>Wvm^C2D6-k|$_G#*Ze7sG8fdoamuHQ0_?O+z=rg#=B&OLuL%e_4zntES=P$~Z?bUyGaL>NGgT4CQ>KL=NFUov_<|5#P^`Z`Uw8oMtyc{2O-v`_eww{lP0EqrAUwZ@YDmhK(4FdoTNc-G)s` zX+HOLYCJvr=kxSCIfF*qT>TzgAy3YZmy9NQxdEqN+K2A9{MpO@(`9o0LfA@>{fYt!#+c|;y!M~apXzkut zclh3Jpj&%=@B@AD1AXuV-D~IvKhXW5cn?3&t)vM*zez{XPjiy2@sYGG|CL=Nci=~@ zk7USgY;%(IZ61<8R6h4f{t&=%o7dT&@Q^TCoJ5TeSqv|La zf>d-SzU8ow%w#vOSYDqP5eal!z^8z;)P38*<-(bR;> z33GaFCFAh%`N5-2ezNqQ=OcgcU4&JP_BD#^q5r?diu0eE{ozji|C6)F&#U_X)5j0> zKflRmQ}-8%ROKrsLD|=8wGKYRM6lZ+P?-NWYQ=o_i&+KS^5Hq6et9i-r-%LoGeF%y z-$3vGg|+-AZ@g*Psg;oHpxG5X*l204LZ)_&;#%A}j%!#m(ibrz1lYXA zj!=*9zk+PjUpAxWvtNz!qUNy7sM=&3TBH@#Jd9%U9i&VqzyG}hA5RT0s!7Jv1!;AN zrs{(tt=Rtl|C&8^S(97ey&g`c6(!&oRuw$}dl#^`XWtkPFM5;7`)U8GH@q%eV61>4 zBspY1*%RBy_56oS3In~yQTRg^&+DHHrR@(qT{MoiMzn^a^Xb!*lLl$q_old+y8=2O zpD>@3VqC>^o;CIx?d%f<+o$8lW))SY2lwng!)*^I`VAyc*?Jx9k&L|&BKDR{@pmR) zhfd1L)<4Pi(%8l|2iBMRjtAFQ@81r`KlaAe2=H)ecOr>2I6M{~?q7Lnis( zL?-!91>Qp<`N}lEVfBtG#%w9y@$=8FEbA|A9{H#L?6Uv)I9unm`Bmb7P98sh{DUc3P+4#5U=}4*sdJJpc={2V!8Z@miU!}Q)=480;sdvr+^$y?s<&I% zzGd$KDRRBX%b64(*R7d|*Db~WZeBb!Xu7)lP04O0*Q}+fTrho3j_-T}lv*uGwHfBA z8D`)4DMM_m7=I2D;l6K5MnCb*NTex?^nG7eDuHWNFQv#A%Mz=ydl#czvX(mu`@g3W zxauW~^xiKy`kmPfI_ISEdO96V@XdQ+<|pFhr(olK@bG>Z_$j#eDOmT3_;!CxyFZTI z6T9wOP}-8CbMzKV?gj7uxT*71y|GW7==M(vP z4B#F7-;?0G-bhe-57>7{CVx@PPq*U;rN&zy}6!e+IDT_SlO94Bxwh z1$0gSRd~RIo&4WT)GF#oezN=jUHsqa=~<=zphJaY5YG8(sMvCklCyJf?p_R9Y2 z&n@0&8)a|`!aBWh@uB-}K{?uB>n4WN<^h*&f2yQ#MU9yzSa-PIIU671MALxRq_JNJAQh5gCk*Fn0 z60%6d3}bM4x@a1TLp8r)pi&K<(=2kiyd$MAog{y}^8cX=RjLdn$)WILx>NY$0LwiO)9Q>iJSJ}ZI{=b7qe^}cz&(2P(`rpTA&mQu>f0K{39ZZ*u7`l&~7~zT}JYuP0 zG0D@INeHLxWHeeba@Ia^zqZLijpMod*!Gv$w!WcL>YlYvn&dxenp3$ZXD265YMO%` z>G=5e_O?x->$Z@KV>=af3{#o*##a;48Fb0TaM0~f`@_M6yc~|n^`zG%|S4( z$4zL}?N6rT{)=n#1UfivlP&`TC>N<}yY)5fDjGyBX_Al?qbUGIGr3ZRxRFStF}?*M zr@3N=7@9McN9J+Uc4gYeTxrQ?kRpLlMPf4~i^*(FCM?2EPKh=6kv|eKC)$wSSVZ}X zrMfyVAvY!#iEJ(TVyTI^O_?M@5|(PN*CfcQH(NV)wdM`Iq<{(wNmFfZ0$uE8Fafrp z3F$%C8id!a|1ns0|5=!hIbGAv_JThF1SDC}lrA7~fEici(b7(=Y3^HC{tP3OC5662$lP*+O+u1G&W~_= z)RJeWr#YYNwYe%I)AixglmB%D!wbC?&J6$cQWXko(kI0OrY|bN2lXCCD zJc})VC-Me46cWD4#!=9;UR!+*+8`k zMCLcl@mf_e&F3Y-U*`bv4`zs!i20mH=)dDOn5R*a11M&>CaKUE(a&PDk4nt-twAqL z1wbMZv!*|L(2?y18#LYdpYug7k-vecM0_S5c#fq$0w4^C7 zO0{Z9Q)OCGhfwe&v4749B?unqu32876Ew@qG@>6j2TH)?>@pWDWs;gEr3Hu7D-!7q z(rw@x@$9Zx%qhs%!Lr{9`C)@7+zR;tW(;)5U|MkmcWX2M4dsIN7%Ot-+rq}>PHL4h3#;AvZUA^rIVc;eXCE$tSrG+H18N*<| z6f2}vW+>P$a~5uwJX!|CfW=%3X^y*OHypOI8Tz?32}|fqNcWeJZkxl?WIHpr98)aS z0DVesmm+~fL4@QBp34cHru^}?(MB1*@|+1K3PU3V2XhY zEMvtaOV&oN_yB;L@f7eRr7L#iHXU?2a~i=V(G2cL57doG8R#%EFLwRHkaBy+*Y0@r z4EQ4(jOPJp51hM8{X9%(r9A;0jx8tRdJ+g5cuUBwlWzuxLK~_tQko==Y^!{>;@T1q z$9DjB!OUTL_9(zWK*u-O3b)H}-R-fff_^am5tH{%? za14*J3Fk`X%v>Q6+>y2gZoj$tkX!M*RtWTFKt@Vf z5J20&E#@l9Apr!AxB_}<*~qs*@rtX7eRM!5uhrpWBvO^}C>Oa()?`KH2SfT~!5ul4 ziz&WHf%fwh_6Pu5i;0F+jaL%&-gllYb!ULzH03wB=d8~C$j zoWzHfsZsk8Spp&*()3Ae?!Q%}|SCI28pCvp>)&^0t zgsz*#lZ;8cY85=Oj72E7g>1g3#lS3Yj97D>18u<#dK_%fh#I2%Pp~_O>|?|-Z4Q{y z?l8gx6$(U0B*V1^ySJhrSd%R24FfLEO$g*@F`pYgPY}hDq-p=pSDBC+H^$Qe%P3o} z5Xg*MnE?UrksFm}Sz^RZktS<|vY}meYLFPuDMEt9&DPjS2whJ%Qx-9$sN`@u=aQ!j zC($tO?!NHgAF3ll6Ol4|BSvC1sLddZL#D`TQ#nVc|cPl^*X ziZf=fJjYex?O=|m**%9VR5^wXavWIX^U&oAjM?1JY*b>7wvY6+qCgPFdXt-VqeC(?fYfvWRD#8KM=kz9P&Dv$0SL_d`{Z_!C^CZp>LQCMs?U zR@%r>Mt(=7jx;DF#fql}Pf&Uc)6p3c=TX}9X+-x00E1ya<&mRcWXUw;Y18q|fd~)M zLAu^pTrjX7ut12WIbp@^*tFQ)G-NSmhHq*H%mkpQE{>aB8>%2`=2Io9WzG$$r|SbI z7Ykr$GbYV44LI?{NnKoA#B%V}g_eO99~q+M_umSBW~&>6;k19zYY@#oYJj&nc6JQI zatGstrz;=>vbhOm>Uh0C%VlMQ8Ys;xCj}UY8zynH^peZCWfr;idy@*eG6J(ymEXUmG-z&39?!oe(2~Ufk3z zg!VZJO@zMUaS3%mo}#H4l%;XLa%^h}V;o^Y`Oj@=v~kDx?ZvTR~Zm3_wNk6>Np+#I7TpvXCU^hHEWxxiuVoq1vl48DTeptw_vk zX45Q=%^ZZq^%hYi)Xw>%1pS$z18rV0femX_=@#}}cO+KGN*g>Xsb##RQjr8o8}bx{ z9cu|dS+(E-RhwL=2~!F-jeX1#9&sc7LXUxg#OpWKRW346W(8`jt*Wbn(>Ehl6*)$8@OL)0);YjY!@KjnQH{5rt*wQ#bSnr zAae|YEwKY3cYz90%?godAsHh6+MW=Q$QUGa_eTr}uLp=^3o6mBRFyrfE#O(3OdSKF z+UQ2&_~=*w<2Nod%cxzBY_9gI_QvpY#nlAW{*gu6N7KgF1Ls~cEW}$VmVyY`U z05~BTRRSX5aZ7Wh#fr)`%!a2VW-5|=X1Br%9elwz^|S6YxqY*@LCqC_kb2%GU9LcM zV$!sFOQnI!+8+Wx)!7;aSdhGph*gjQ*hLUt3N2W(*f4wcRWa2=Ggn4^S%FZv^{u&9 z<;^`J0xW)w&V=+Q4f3Kh=}#PR-}a}khu2f`wlf}g2Gf3TLWbkeEI)inI)iuQ$Nr$( zB#fg47}NL{E8##_;y_JWoFLGXQb(uOR&P zB@=QTs9KyQOADz(l|jlD316@@VngC%zvdqo7F45$r7OB9>+sFn&LyC54p143c%fwDX~bhF zA<(p#YIVAtCazOQp`#@=AYzhGi8ga{i~GA;<%zBex&Y1G)0iBe@YHT*KvzSJ!QoDu zxSN$(b|MgA7ed6hJPCD&ABfT-%jkkNfhWk##BFA6^nys{d0H?xa0%9Uf<$7qGRPak z0|#d6s0nyz81$+l&i3Jz=`_CKU?iPe_YI}E1%h*Ku-)Sc_+y)NB6BAgC^*V%M(z|B zb#N%&E)DBmKCV?`;ZAd#<3gjQ5U2$OO=rp24mwvt$(#W_X%Y%Eq-n%(5gDpME%jRi z-mz86wLg#EdYibp6ERDy77F;5V?%Zf=ZmHmEGpvUE3QiB9@ZwW#jTNqP?Yol19%1< z7wZF$mNW^hA)e>9W)V>0+Q){F7GxCW3!F}2MJXtHp(zT`!0LpJ%*5wNpUr{C^A50? zd)UNm&e9m)Sc)XBQJqt{0!rkVYY)ZZIOkFp)-tO(rb;nsj*nHMHaGRgv$bV5iUq9= z1PYjXX8tz7#(-_~b3p{|4Z7xDt#gBe-#epGZ_w@k_1tVBXbZ9|S%>a@mxV?irgH0T zNraH;o-Z`58%0^0;Mi)x6DBdO4@z^*LXwAkuArnwlEA<7EbekM@Mf$z>7YNR%>-={|=miO4s#=OXi4BYI=V7IT;Mxvsv*xU* zb*kw{ZwLjU9w*QyZyBM95=1g=ZS|y%ibGq(8>N6_MX?Lm%*y^7IMz+>eVxal7q@<$!{E`ER2c&wO+5+|4sf2 z<}Kz`E9-wl^UJO7q+TuxTtUg9Y2bY>kN#x3aPo*D1bBT}^|@o?d1}Q_AdMcQJc|=Z z{bB~%GFnpEIYg$~d$r!-a%z30TW9SPcx4|BeH-s#ea;R-EoBK_ZhBmm8f@dhKa>4- zj5mO7!dPhv4#|P7ne&JwG+pF$!N@|~Fqu|8`>eL4;MdjWy4nwU1Ac+eR{#IW@n!!# zOWXRR{@gKk`v0Fje)jxHHU9JI+1Zl^|Nn3CnJ$@kBxP|$Q5jLgZ;>0$ZdnW}rgQRN zo=T>1aS8nQVL&QRpR^q{Yuife$I*hfW;{KQ#3<^*okS|JflcAj%}W;pmi9(Dm7xTqN8{%KaBtU~spOyt)hYYPIi|hu|q; z^SQOPhEo9p7U^U7sbvSI zA)OZ?W8W*3Qs?3NU~ZRI1T{Ycs+or!<#ccbXSO#S8vW5_r*Q;(Q<9nktZ15DbIvku zl7xDJ82Ot(Kk257s!jYEqG-GTZCWKzGDge|^qgnowc&l79)p^WBBqp(1VVAib;`}0 zM{lkhM@>S>*w&{j|2%d-m!9H7FZ|it+8lE?53o37l%w9$dz>*ap|Tsp6h;MzM^XrI zU<21Stb*9C?jeYKhS{C5aQQSCenq1tPnq>BG^lS@K0!g&po>RvA&DxSpqxj5VSXZO z8R!K2W5j+iH@gMVByl*!B9V#}kFXj=1=EalX?xF+!vgL_J9V1K(TgFYYZt%~h+uQZ z6e!5tvt}_Rjx#EIvR07BJaQJKK=09?I<>ZPW?f*%!LYh+Zh31dl(uR_%~wn}Bg zv{-$FL8w{i^dHcT5Ic5nkXb0stuV_0cKLFia*fof4QF361AMC@_s8Aoa+z0gTF12w zlck+}?W}>YO)T$>un5TT_sa9t7Ebmao{K#7XE72$_*yZA10fz3WTLMT#6J6v05b_O!_KMG;fWp`KO;MZKy!s z{9fT6N--RP!vZBM=);+ixa|WAW0%f$`CPk(pdUAINv)>D4G2~it`&Kar*VQF%$sD- z`5vr~g3t|W2p5mh2@f&WOaM=onSUDlJ#q6ulQOEv5a9MAaPduH=nI5Bm=(IyUm~kC zvLdZF7zPtjg)dxr0N4<>R=2tm8r=y)Gp%Y5URmKdzc%Sq8+o!3MPilFl%qIaVy&8% z2N1;r1blNhheCCAG$8+Q&D>b>6Nz-5@CY3Z3r=nu!{L2h0^@DX(!W=ZMj;;aG~!vn z?l^z+4TzcDHed~%a{T32xCKDJlFfx=!6gQsYF1^U^7))cz{!>{pv)zg1A!pc?1sq@ zn0BA3r&<=e!IfQIMAKnrJr0^B`r};auXckQ<3wyw7i>Sg;^2A9LXpDEl#Je71CPAH zr5%wORUAbL4?5@|Kx2W6+vA@cy?%O(!)M#r}N)M_1RWix#k!x2-~K^^^x@cQ1}2 zAs?E9-SEdISNl6W}FD$EPXdBZs z(Rs`TIrLjz0rSzWmk0EQFQ{SqKJER0MI>E3SYM*6Ub+CPwzH#_LF>T%@4UjY0pYQ? zLb5LG`4=MgdKI`ERH0NwcL3SMZlJT(=*AS=LLohCN=g1Pv$#lTqIRYCC4` zm55bRekAl3k3AZl6^`grQ}t-HbSn*Tsbn#-k>v)@Sxg$+7T7?Y;I^Mj`LaUoWYt03 z#Re6c(?FxU>4JTzj)-Dl_t8s7S_i|y`~Hio_s%*t=Ls_nkp=V|lParKt1je$PAFh* z0y~NK&cjn*xP_MvKG?9p)1v?4s##uX5hb&0eQxhIc{M{&wnE(UDFug{3cssxz+dJ% zmw`q*i>XE}@SJ~S$e!AGtWa&cZNN5}R1~~hr-rvl$)2jLX;Rq$2**a$?d8smwCk|T z2yRUpeMrS^!s3OK21@EX$tbD_0rsA&*w~REM(qxK1Cyp7!y7fdpIsH{)g8EAy;2G< zAGUo{V55Z$)Lc$YS)9Ck+XaQ(`yDIUI#1C+>vGuWUv>u8${6xCI!x-4cmql0F6Y}} z>;0PU1y0FyF4M9)9$YttjLYs)Zqrb}3c~aX`<>=1M&=SCD|}QBp8m#_NZA@HPmxzS z1*ouwGd{R=8b|}2FFOOEtc5&mwsasgJKvjR?Sw<~v#A=e)`#>6<{1P|aJ8KTgm*xl zA6DUc^(W|khP`+DlZ(qvA3QhTf%j(T@{;uaIvV#T=*`)`8eR5#-LSJtuEYM|;_|xN zAG~Uk7uQoV7*5G$|EfRjb;)$tB-7VD_wqY%6s-@4Aj2`~52n5G%ig#*xah$s=H0s| zFnn1JrhpcuV2YYBiY5SxjC+$&?_x@(Ll|z-8+FE=Y47qKvGm7`)$JkJA_SYYu@>(6 z4)zX(ZL%om>07t}8*Bid-+)+Fe0`lSul2o$07eMW@OqS86bfRPVXkrAT-_j>0Rv%# zfD0ZV>?7pnmyoI?U3JX1PPQwMM9l6=9_ z)`BX{q+W3;#VxT~k}-?PYpTh0%5RudG$Aj{RKTQ+6WZD0hp>f#m0I#ST00D*CCMnE z8iL;+w@*t028#Pjp5`BMu(?Qei{3K8EN%`zd4iC$W{SA=H+ndO$VkBcy z0plBH_`x88~-P9lDA;r^gK2AEVX|-L?W< zl3CIOvq@f2%_OIZs=6qkb_MnQu;GCu%hOV}H$b7o#>P073AO1P-9VvfgsP2sw96b3 zxXFWy0cIQ6Z!y+e2+Ly>9uZ!J4CKl>Tm_6KkWnuzI|^(aYU+$AK`{Fg1CuHukP|3q zqA?S4%o3*2GolDr2+>Q(&8!`jBrU<>g{%Q!g_(sbu; z?eg)2li~z&i!n%b$y<)57z!KcBn3p{F*iJ>NCA4xNQV77x?yO<~ia+-K* zH(LX8Q;ZWy33X($~q#K&#i0?k_iNSU=8=D=YG?-}^c!8lM zvb1`$79b`_FMOem#?rV*gk5c1G2%tQqvSs4WuAsssp;sV zhAQBu?|0;zjjA~L2}i!^`vAePgURqemkyXYd|f)QLCt-pKLbM8O>0{QRX}mfXwh=x zJd}=dNhfG%1)V`^)tKG*gwb$5Gl_;`ZZq1IQxL9o?>fs7jaM{_&aVYiT&@iG9bZru_ytq7Znn|WgasQ>P^8U^}a=GYG5>@$P!IaNw<8$m5 zTnnt=^a#juMF!t?8JHQJ9Ti|JPM^TojO$FKR`Qfaj#j!^*(9^(Q1Eink_!AS4AcQQ zNGgzBDY=EaiOz*&3lU`GU@XYX31F?}-V9P~Hc6g37kCyoi-eu9(2Vl9m1ovt8Rcgm zo=cBBFKNN<*li=I+7v2~&NgPWNsIu{T8dl9(_ju$6B&E{Q*Ne|-e6LlCS>|Ga`)QC z4H`Zi`7-AvjqH?7M(1SPkVC6%%D#I$JHil#6;1OwjX>p(p0M%*(?#&~<~nW8e#l5E zZUe97ScIBJzgLxGP^i%*qtz6LRFQ^t2AktOUiQUq*o--eP5j|~$(O7kKt9aj2GiQ` zbm24G2gziL0a6OfcS#;0aQ%j19)vPCv1@K5lN`k*v#W_vxn$>%p>fAPG$EZLCPEH- za!DZrb*SYXtWIeGF+scc_zp#u!<2$XxL}&H7k!gt2~8nykfFm(qO_!%84mg)99SwmXDpu4=tGGfJ2`p_N&d`(yvr}oS%G$9Z8iUR;W*DVB)_%T zT*(^l-^2PRz~RH4P-}d^Ls}TM$}(t`IKa&=f_&!8W|&q>Aeo9`s@STh9%N1TNm<>z zYeInThRW`gE>vnBB?bpFni=ZnF=TU-ZGK50JmSuQj|wV+s-h1*J;-j_;}UQevWCx= z23KN1lLB6ObGLMnAZ^o(22_!jXlFSgikbG-(^e4DI&lmF(9%}e_qL0}p*2W~5tTl* zZzP$U1+sDBqUU#SIt@ZMz&SKX)&_J%+@?hF6;Eg>-DKq;dwAV)wG8e9hIEDp`Jj+T zf@C@jY?Ow@Gb@@g0(YEV(lpGfW_~OM4u;ui>dXy07YxIjYm=wBwW&Cc+raBqkTs*y zX0;6lg-rXI-Uq1dZKpdtp1`?PD0^7Hz%wG7YL3C_xQq z(|c<+gQ66{7_@3!-8d`kBP9I6ghHqks~iq_4~uDqSd`|%!x&qQb(r7f#A%#1N zrW`c!8YXKMcrNYSE3?YpM=v_}Ax%6P2VtWdo{XX72bKi^Gg(90LYq!rG@VD?Y~8dv z<4PQx)i`BE+*~<;mEo+AOE%vUdaDczv&fU8dP^n}9`SNoF?4jc!(FG)_e6uP$}Y7N zuXxIVsWFH*F8U0SH*|e0dpyp;lDNtekd0w4!KJU1zoa}_WFFjfgEWwcQ<#>@W$6#S z5evxgE`QP_*X>EW6!8nyPd;M(QLw|>KiXvK9chc>9Zm^td)ww@!oaP%Gi-2P~Q8#cLq*meC7NI*98o{I>~z z&Zsh9Z`myP!FkpOVcuakF5BcGO_C;7wPUGn9ATO>$6O+P(l(^fv+a$}q_vNl`8TXz zc3`j(wmyA-T$qj%c0<8O(LvRqI*NSUrYZ|AZHhvt<||e)p;UanS*jsHBGk07&h~*D zR*jbrX8>40r@yLjgZ8^u94okh?LM|cX9MckMNtUEbz`D$G$=)F8X%t$!yg={O{igL zka%o55^Wu@#@3vt*7CDr6c`@JCa{0D2=9^YB8y57K(>G}!XaksqB>gPtBeTYH2ZDR zNl8s#il>W&5g#w0xMpRt&4|jS6gghD5nW}ubzG;KB?&kD|9lP{WFn%l&c)Lc@_{E} z#Wa(uiRn1~`prOu#fimilPJ8f;2>tm7YEY~EW8M@nWYkk2As+j%R>ql9Pea1Od5j7$%1)Yl7 ztS~}j4jDd}FGy;+CP^Zj3Xb#X?;Rz`;D#hVDozk#TuDbi+vsU(;PFv5<2rzcN+4`%Di zZOpvt5Y**qr3vDyuc3f5tQtl*I;${yk$9BhkeuJAYpD)pvyEc9TUV3<$^!b=d>uQO z24?mwP>M>fmn)`ugc)KNJc5QHxa*czc?RKImF@XIN zDil+B ze9tMxJ~0c_AcFM4P|?xa{8?NSd@l-hB&c0wy%K+I)WS28pL zLkaB?b!nDeOf8cY5FcB%z9ebmJ?Bzpmz~Q(bVDVc*N;-YYcWkS$!F!{M>aT?98P{e zIkK1#h8w#X)5y@C!W*pwLGYAG@4pvq44Z{A(1v5QiLwe2%N-q56~>`EE^F4P)C^~3 z`D}1LFvx=VY5Jf1eu6ebj4F-=QNrgv%bovB7!zu<%ES2nbktSK^@1YKpa`W1DxKCQ znQ_`V|FD#yi)xs3(J4Zq5)Bxtp}AKMJ6#FzU(n6GE^kTzM#DWTs=0#tNVMc%L%m_G z{_qEWh7NaTYqFv|4WYk*UqLFJ>eT^p>*mOWn$(zx|F*$uRy4W^c zKUL^Y`Rg9!tUSm*L8^BooY`YVCvQd<>hqJ++_fwf4z=&f?vWSf?v*|b7y9K=$n3H3 zr}tg=o+)YWx#lmEz2-}=_j5wa_XEJTQ5=$YQkty)erNFc=TV0*H`pgq37a{pHs$Jm z%R93p-ql+T65S7e`z~om_Nyk4GDUumS*tRawd(FkJPuZQ&jIeg@U!xmpSSQyXY{3( zIO&YO*<$L`g6&$x#v<E z(xa;64Doe_Nv)1$9k3rwK6U)}@g(Jc3rw8$$A5Ft}0 zF>Bw8cceRfJGdNnFxsF$m`ppDm+<{!IC=+PIu{qc$poKW_Ah?y4_=YsfOH0=VSXA- z8|20HbUGX~$#6`D)7QQ6+y10St|!i@JQ@#QjXPIO7Z~0nomb;tZ{kA7u>{iaC7HhN zPw=;^-eB4${g>q3@S1eSJ%U5o9w+{t0eR7T-MM^e-gdn=;iYkJH117$gDIGotv#Ad zUw5YP^Xtx=9(j3vc}Y6g)7QgsfBMc$=S6?eEvAX{bEEnBbcYbE4->7lX&SKp!L@L} z^^irdI+$93?ttdC>9>I3pUhftgwc3-HJV<&BjeumdOUzu*MsXxuS>3a-F~M@y2FcW z14bJ)VxTY@4~GD%-T;jIV9vLjFzSq_@5syX@QS>BJ-j0QDS6wOkl~AIr$6X*tzmxL zdwFf^R=w_#&eiaGFeRf-zYD+#rV1~+_4m3>((O&AI311i#z%wrVdH9Ytr|zoTJBO|eE?NT_8+GB57ve5*LV%}UtF1mmk+(?)UPmi zogx=PWwGRG>R`08aJ?pIf_pp;|1=oZs5fXUQ4hPWg}HUXWp zfi_(oY%&w#L&9_seprn+M2Oix90qzbMb(SI=Zvw{5|N((cQGo#1r81E=j8Orrv#q?71z0so6)}gbHWi z17@r6a)`-LN7(C=qiSZP&~M*&`GKwNEW-luM;>4sMJNo8jYJQS%vG(Za7N_=Z_!5d z09(x7Z+VR+d=Yxc6-5^3m|)5#WXdG^WBDAU;25W^ccRVUVZA+9!s4|6{W4_oV5r77 zth;x-b(-lQ7D+D+>Wf|z?FKFmAIk;$NK?@(qYTu;P&8qI&#O16yT?MtMR|5~7&^4Z zX)}yr7a^&hVoAc}5w^Wu1}?RQ^0dUYmkmH%dumk9Y~{<|m3PW_io5S?a*n{k*Bl!| zkk*V!;3P3Erd7Pd&Xgb#((#2&*%Sns!x(4nAj8uHj!iC^cNr~yvnN}TdS0lB&(BDU zT!=i?a^12{EATTpv`PL^uDR?ty+y!mAZYGg@xE1t;p%>9XGbX9u&~fj#Rs#-ph^1L z6;D()1dJPGkcggz1F?%*0FtqFJcta#f^WMGskXSHbqTYO!OT=JnW9vA;p>WU1<%gF zJ`lJl7a4jl`w*0ghSnP<$xP@abbvS0W6#EuS7zU{R0!eB))WO- z4;#E_t1dW7h9ydsNMfI1aRH+Ae38OX%%9HH%t2e|GYaPHYO-5L=xTAyFtRIQ3zo(( z(IA2~MNbL@QTYm9H!GMAqlfNuECr_~o98cG3#cX|Tq5tVS_pV~ve-EZB_aZW7tD|= zp;@v%GMEFvQ390&A`MSsP+iwv_WN%`=)vmYe`+HxajAG>o8{CBr9~8B*g-WR?>*=e zNEZW}X-am(qyleswgQ8*dtw&A&4a?$?yJ`|5iZz}feDRO>ZR?T%xn!QMN0*r$_1lc zy>i0{-BNzT$}?7VTvannEmp%JsUi)Ny{f79cxK*xa87-;a%5YLC)FJ7cR015CZ$VVT`LQ zwh4jCF~POj(Y+j0=>Y_-HaRRpE&^}IFyOqd)8Kq5R*LOtZsazAz==o)Jn3C*XH9bd zBhS0}Y;IWm5af49$gA!?)eJ%(nByc)$yCyqwen0g$u%ZaX_A-xqZ6J+R7XoR^*?T( zhV6kdD38NcQOtU_#$*-HxUBc~ZHg^$tHGF!Ri=}55W(Ok+djK%j*y@{xEv$KZ{QNN z!i}L_AMHJ-qh(3{4#QqS2vJqxU4#|a@VfEUD#Ap_HhbNcA>A7#-p2?e1`qpll8QUV z3~Luy=}G&1IMv~J;kIIP(YrXA-~ivTj|KEW zbvPAdD^#0)YmoIA%WpPA{vg1iAo!)6`Udn8!RyufU``hBxql@~*)8GP&iXOV7faLO z7}kVT6{wW0bZVI6Jk>m@;^B!XShDV1#vPG~)BoGu^3S9sXkDgLMOYB&$AwE+Tp4FaNB5@8?M(M{UN!SfC`E$man8-DVO7%O2IdoD~ zdWsdZbhhq9Q0tM0UcJpSoH2Nbr#Au;wYV~!YfOM!%2!&A&IT%6E*k<$4wrb+mypy3 zARCriuK=^EqmTt~JS9ikUk^n}qFiaQQrp1ihqMvE5CLc(xsX|xuBvI{{F?P8KZwY+ z;Y?Bv&dgr;YJ!NpN{p82~Rg1Of|O*)*x*fq~!#oS+8T zd}ED`TzMmcNZsg@MDO%p-msyg}eLvY)wHuBN=40BbeY~JaWgrGRUEdlGBv31DSQly z7cQXzQb@a6SxKX}G5Pjp4%Q+U9|1uPc@P^$6r|!jJE|yCsurBG*y6fXTd)Q0SFrR1 z6IfCi2f|-DpHJETcG-6axlQ`36^l9QVTycz1=X(EY!7(6k$-5Dw_%d=p3jYrzn&6T z_ue&g+^;o21@1zAtq>gm&M;OsDsEJPj;`q<^Z{!6%qfsM7;>Igvu0K8tJR!Zp!e84 zOgZOAwU%}1BHx;yv9JwNsAbYxF;J)-6^1Nc%_9WWs6bBP}|NRwW(%O=9x`%!lV?kHHY*+&aHZ*u8AuX zjVa&&`J^;gkRg)}pfNLIhuY26A&pjfQVRTX?Aw+|zHaU*R>hFmEGK5Im|T6f1ptN1 z#o^L=pubpt0r(6_ePhUiynAyfs0?MNX|G&@N!3%nfh8c zTT&92Ie@5ukT?%>nAE7;iFHZC1RRFvrmz~M93WVbQ9Z;yn>sS3Z1!9xQsCUtS*}ou{ zy;q$}GVZ^6J)N|R-%aP8%gGSELJ_~Q5w84AXKY;~VcBMQ{8CxI`62w<%`Kc6>{)+8 zCOv%R2Xg3PV9?QT{NxBWa5Nsi>34fwG8ta>F5i(C?=bD9>DE=D>WzbbuV47C+h^o3 z=&xyZp!cRXZsKY^Ec-96zBg}<%$|&$EAF^!okA~$-JTh6IOzqA?8Ff3Oq1IBS(WqT za#6K$vZKzp^J?4~y(ZmZZvq=UxW2sXzkFxsR2<9~m;F~3m97U}z{!%cumSZS14hJW z`|7%z2sQ&#KdUfoH6>h$BuLduy~m)t2CG_*ruXNvX;v!Ag;STT*fax~9en^Ce-fq# zLZ?I&qZBLEpet9ouq`n?xJ`)t8jEN&!z5CrAlxEm8n|k+bkIdwrq)F_2QCj96Barf zp>s1TJen}x7FAc?n4rSJ!rX``{H!w;MTSj zC!s5cq7af^&VY*Mg-wS3^vEZI_Y9*Gt*pzJWB)2<*>c_!C`4+N2MS`1oY=-!8M=#l z*`!EfWWAIi&rF!f&?#UQi*m{Jx=C0H2_iw5&7JoY$o?y?+&;o80*Hq?=w#h;rgxaL zX?x_Iu&mRQh8O)RFK zo{+;Wy&aXSC(rXF*(jlG9fzH|Znmyu@VuW!!L9EUJX27W{MOUxE4n5x7|bsLo&E)v zQNF^<088vr2tfp+S(D6Ia0|u^1H`=D2)$T*{DNC_b89jjdp>-{Ly&af0vngo>!XjL z;vm~>60@*N*wu{=!;@^}APPhzAv4Knv}}@;EfT(9X~dcaFD1*2L}}?v5R>8H3m9s% zlk(M(D|=`r0%d~3f`{Osh&3p=ODD20^hvW_MJd6pCD5i8dM5W$T_LT4b_D5nio`qS z44fVn;1QC{M9e|W^|xHELpa5Z>gAD*HGn#Juw$VK4hSbr7eFdDEp*mr(dDcMti(7B zKZC+W*4c6o`G!|UVC4vGAohi(>*JOsH;k-As+a0}_v_JaGmtl=z+Gd9aTUkSp0xwd zqZPOM=fL^MIt}9X7uq5Sa%9q7TDqjV88y(LDI*&Vg0zzSH^6?wP zK?X$I9r?4`Bi~nKAaro#k!>Cf$whyBaeXzJb_N$lAekUl?N28@c&poc)4LpwKo%GW zJpX0C^Ww6Ha`oVy3*dS=G}0aj_eK&W{gQ>9vWfz zB}BS)J6D}oJx~U8JJXJHE(Xc1a|sHBez!N6n(w{8_O3>ko$w$_Xg8`=h8L(6B&-3$MJA7HOqh5H&W<}>q&nA5qe{@qU&Ch zyc!O>Z~K>*(7lmvF8ZU6k*p`3H~qn@32w$|8;Zsy9GL7kOnMFczuUxa8;*qjHaW$# z3N`N@H3^iwE{t1Du9S;L27^qAHaM>jdzTm@7#E3Sfdj&-ia~jtqQaTIW$mE`$9ku< z^a-S~JQ1qV(Lg|Jbevdyk=(KwBtbo_(_^|WkM0U!hO6FBAc$r_KCEeubt|G7jSNA~ zB#$6A3qqv$LY5WnTP%8&0<7iT+3>ar^r$w8eTANRzu=8Z$3UKZx_c-D1Li4*MW?0x zcd>;3USFR8lOHyTWSa7{>BJo;iiPxs<}n8ugGNzalJ79C$nei7W@;f4f~iKWIAo)c z@aK>(3sMjULLdwU_;(X7r6ed90Vsi00kU-R)Vjb|N_=jdf@WA&#c@mp6W4TRU8LM0 zhXr$R$@DC~U}SqSSu?_J>&EF3h6x}hpc6(A0s(h(ojZ{|UWimy)T^#|bG4YnE)%61 z4Hyei$d~}{b=f)Xu8tuQV1j9pl}AzYB(M*v8W|HL??dmsgVgP)HmO+6a>&Fm`6UE# z(n%yzBbZw!BeJ4t>aympc*<8GyvAI~JadU8!)OW{9NYA%5=&i{LoYJPRvg51d!$o? z+llXlEJZGDolqylgWFRK3FLs};=yvY#hlteRhJj|qnO^7m~f(|76f0%CtbRD{$8$3r2eiPNf zbQ79S&B56Fc-NSF124^tx{B;5Yk@8!;4!_pS_CqdJk~;W29}M)g@Cr;?5JEGy!?Aj zf>m(*$z@O#viwF!^Su_K;)Cry9gDaoUZi=B8CsoOAb>3m=*9~75b@%yO~MigwgOHy zq%JI7T&_tFGY>-yn$x93_v>ch$Q&sB>Lix78@&jju^m^ikU8?NUOO z(5{=T!5>1gqBwBHouTZqG8j(#h8v#qgdM7*cByR5hM}!e%$Y=3MrCs$b%WL{4J?S; ze@5-D3j$G_!%#&USKu4~7ed$tlrn1|6HqAq3iT`mH2QE(Ms{>l+*#Wrw_MbeO$h4F zrccsRob_D;Z3H57Rg|OELGds#Co!Ali$x`@6+I=Q!chy(M-^^u%M}y_6$5>4!4?Lw z;-J*o;*=4(FPuJZyAWe5>tpsIc4u2V!OWKOkrQqdzR1}(~){$JHx6zVknPZn?mT**f2HbO=xoB?x zt0hc+0!5Li7M6tvEl5PAgt*-eR~w-DG5TivYiqXNh-heAG0uAXmNfNxBXnWO66h03 zPT$ak0}%6+nKK_TSM`zw+?nsO&XK>63_#HbouKj%wzgf3E3L1@QK{j>in>Ta2_ma* z4hs7eQWI3*VXGOH3t-3ap8N<}a3RPhKF=Rk#SA$MNd%``E zlsK^@Oiw}%txbW;`oIJzV^CO2Tuh4}$L6h zGZq0m37kusTCuPwq*ZT5!m8WWt%usA6-ada1WTu+JVOg9ow&EFIbw z!R`YrLLdtii7M6se$Ch%vgvE5p!6<@*uj#bys}~%_M>#FYwz-@^;*FYWiuzO*(w9h zZXrZW<`f9MaE?P*wUVnWhxoRbt0LKQ6YEUC%)*rAZh+9lP!r6tXp@b+-l31)=cv`o zj(U)?B@MlAt+)bG10@Mt(1f6FrCBK*i)7UaN~pfBST4$n;R=xf10WjwyyBp6X)VLL$4 zraXXzxWZgHC~tLkp^u@)VVG8HthTDw1VXo5U9&o&vf5FFIT@Ga>EqJP9Z@ta4v}}! z4m}ILDvMesLMN1mj(LIWo|JQ@AEqN|^+=5-*LU;ZeM8SV4nMp;XLWW^Q&7 zPiV-0)9H5?*6N<&!$kr~z2jS!)N%y0Y4$Qpeo)p@Mm#yf6u3jR0ZOJT zbZlJ8Y>cUAqe?0=I*ayM-mi%B&K&Bdhe-aekB*wb0B<|jAxW__pp!}6L!^c<3k%Z2 zf=fvuH>b=f2y6Im#ONJxPh)Ym_xDW74Xa!>T$km-jmKE&tqq*XGsT$*NSet#GW0}* zV|ooqJb{m*_qt?r@$HG@M4I^#CsURS&}nimD2mmn*@|v&D}zzFu?aA}Xf4ZIgd0s$ z>m`0W)LIlR+*~!{rx-4^DEoI+v{`fy&9bSZXC#oKmeV566y+0_xuqCFBTJrcA|a{L ziWG@3TtmRJ40}3bXkSAG*=a%}h3IJdBy)$%Q`QSAOpg*l>HsV(wA7q+vu@j?=oD3R6{b zN-inJdfcYE32F0t(oGfitdVo>`vD_eD)s4Zj}=tgvMIW zmE=4yZJuTDyIX*v7|0^O-w`socuwGSz^-bacL%*rd#HZzHun@M*P$WxX)D9tnWXfN zYyR~jOlZsnY=YgxJyqnKz2~05YGdX@Xgzm21`HF%tG}@<);`)Z9po}4*GM~@q&x_y z`jzlWO7~A_JW74_B2GuNMowa$a0zMFCOjlP8DL_=4xP`a^Y^Kk@sNA8MqbBE4X#FB zr*j(88W~a^CgdBQXuiGA?zl9s&r*-uGUt@W3Dde&eDzjMhl$xeWx91mWV9CUJ{Xny zqtEWiI}zX3^5ezHcm|X4mWAx+lm&FLnG+H4I~sEu<|fqEfM(jmUYlID!QdU5J%(mG zbf%aFwAehO;)9`l4$ZYwnZz{UB~a>SVuinB4#LcwtGjD|fC)+!EzW#w{slDuMuZdc zjrz~9Jpho;sYg@wSH451ppM+>X4k$`J8z;o+N}=TgDT>@-IvhE73KFd%r}Scpj7vI zaBH0#_-3_EFMw*BMochgatHCWsRH& z8FE^G!{VRWM4cwJiPK=B7PLk>v7m|i@k&ibOx~pvAp?4sKRW8D3+UoC6Y)g-c$0<` z8qaIw8~QW7g>3OP^36P+%zwt;=OXaM9aTTVgoSJpiyFBU0mQ%^h#A5@NTr1R&f*dL z8;Co4tA1V4ANeiEwyx6nR*ez=y1tDSD#KH8{qu-nvHX<6PT{yWcbf-##wH9#-41;b z$7&*2$kk+}@huN2c}1mAM|s9#Awu;l0+Se@)kudaA}G)|M0ONvq%);{jda9J#6n>L z5l)2j`SeFV5^2I~sct&!fHIt?8Gx7-;U(NI-7r#_uf>CssI4!HVn8uJ7f z27hz4gU;z(B#PfU7qRd>QG=7(p@G>HeLi7vjSN^Cf&^-)mYW9Z$K0DLmPOXcl~9Ac zN<$8izolVHlN1;6I~oKWk>RT}NyEbNeg!g2y_8K@%C1bX?=za*sejSVJej5n{6cje zs$Hk+zaX-=z1Hs~P4a+-B!Ap!YDZK>`QiXSGg0rA$wmDswSYEnHHw)xV{QT9Cm# z4Sl!=1i2DA@U0HB#?e@%a;HS$hTJT>wcz0njjf8nzc9o@71WOu^}Otzu5 zcAI$F4n>+w_2H?JKAmxB=!{8`OohJT?&;55)n3Hz?s;*WTFzeN^M+?MO@smhpv!)A z>Sz^*4t(p%$yDpRIpPe$S|`>}6S*QGU2?|>p65_LpO57+0zsXMw?Lc~q0NcSw~-gS zax$6DW;C9o69v;Tzm1*E2vR^MMn_NxkBH(b69zZ8OeWr#UD|ARJTZ$HSi8G5meHK; zc%lYvkj+Kx^N<3boXuDamwHDvZRcG}>rYY^3Q5{LHna(%l#^KP-d46^s_=jd;xqDR z8Zxdfz`>tg3bZrjfj&PSe#do(FqS{3GT})04r!QhIuS0p*7Z{Ai&*ytb$?9#2^x5Q zoALznJYs-bh5f;lWMMtXE_JQbG@)|5KwRrNHVNqMSJD9k{8yUxKIQ1D?viYmEKacz z4ImnW@=+Snz;5avQ=h|>`??8~t;`gO!eWp5!ll!$<8+eJd8_Pn=v4x$6MVzD)y3q0&mm^_{B2FDfl!pr~Qa|P{F{gRhG`?lJ`<~h$qcpHc zM&Dtmi&EDQegchKp4w>s>#J6N>}iqbGI zDrY$;={=48{E#pv566_=)>P11spu4LQN(mnQ`xaCL)D}40zpx1h!mO_lQH!Y*X7x| zh9Vtdl{i_#C^6~G(~MfreP3Y8*oY{U={(%*jbEu zr%a4#?0Zgx2YLQ|6I@AW(#qQ;jg56&W_4s^7~2^RbCbI|R-_wBP&WXkmo-NvkS%Pk zU9+(mM8S5x72{tfQ@A-U~cRJBNhkqte=Kqm!sm;x(*dCw+S4p<5vcz7|5%D ziaW=JE{VE^ySn%`%kIBmf|*Y#lX<-tt2PXu*wcCqCZd3SDf6`SR57El_95{o7?Epa z37u)HZtyAAG0HO@-OPC{~| zuB6()SwL=k4Z((>++Wi0B2oq56MD#-dwJ2TVHI_Q+X;xoFf4;>3GX zM31)H%37@9g46t6W=}U7^IBDck+HaUfTMx1<_ob|H#0yRmjvu5CIa4PP&AClpckq; zTL9w(8|BGFbE%2ur!vm05&l5q%x%mujR~Nm%)({h4=~l_d`}lFHO+KKPy}`h@HR5* zw5FiCc4pl9AQDtg=|(gt2K6+B4GsEddQ0O331&Qe%ZO2n0#Ag(L>d>`YN0l;p+Q!_ z#gV%w)Tg0&B^l{ciN&*?MNFzE?S5}#S~WlRZHZM|`x8;Cw!hCwt|Aa?=v7_lQ3zIN zja;I$*s5ChMS^un<&7y;tp86zvO2r#6Va@;$44hxb;@%GxmYrGQvvleRD?Vk666gD z%sMVpfGu8n&JCuhq&qGGLqEEyRALgQ0T33;WFm&9Vwo(%y&x2z9T9pw;5m!eQYlAZ zL>#)1(b8BBpfja_f~_8c?CO7^^F72QF=I=xX89#3^)?N0~m8@ zK57xI+Sc@W!0vqJIUabdR1mUw4}zmgo-??bvKVON8i~?arc{TSumZ>9uU-d&ksH%3FOjzv6p*Q~ zxx%t^L3X~8)R_=7=n|8HV-SVya!47x%HFR}tW*JdWG+ULnRF$fc>ZJkrlqR%_ zP7pc|TILF!5AW&f;?&yZLy`LYj{7MM$c*~TiS;^~m#`x>jHwGSge=GhD|On^jHY?N z<`Topz|l))T0%T<8Vy41V4PwF8tyTSQJb5Ve8gG{NXw}495k~__uLz+#LpG6i2@4| zO2Nk!0Mt{>O`K&1di~B4%w}q(R*3lL&9OSXWem~+th@v&W~5S z*52!Qi6Qftlr)~Z&bdhzfn!(hIeXb8AcKaPuVs+=lKLy8ea-a@d4Eu>u0^FK6ad`K zZce={w~~%Aop02{eY7G+loaPTs8tFKb?jg=q+>QoY3$3Am8IToDDDI1Px6V^bOO@i zs+*uaMquM4?9U|l#?ut2&san;2Ns)o(@+FrqA*V_!$DxG=(uarz=l00Ge$9MxjW=2 z776nTYi&12ah5Ufxz1Ugn@-FyrJ7pGb!3o8JBiMiwGUJl*h3?0m;i*xTMbe1W=I4k z%~*ic=DuQ(gKh*tcox<8`J`O>azIG@JR-G^7*IP-Rn5GhvpkSX<8|FN%gD zj5>(rHaYwERF_qr#-+wn1qzze_tmU&VFa&EUa;b0IGdAHe z$VGHDq^Ja8G=xdTsv~UMv8L7^B(`a9@T|>Rfl6CQ1Xj2*^K@1rqSI1n8_ivVGwxK3|j^zlQk7K<#t-n z+G0L$9zxP+D=iOl0A*py&FZe@jIzMjhPlsp8FlUzv4xiYnk`dw4aR1%yrPZ9XzZUXuZ!w*EG{3#^V&n)PLZX< zQ}pw4p~Wt1Od2%;c~enb2bUJE?4BZLgvWu7wd92 ztheTT8X_PI@sUZplY8NO7vseP+xpim;r=9BJGDJa635$w@nqMD5QUla)$6@t9)7V9 z^iwff`81e3kt`V393nc&^J1tG$1IS@!(zIRh|ZBtUXs0^Yij`{6d>-gT+BiqYv2FZ z!z&%p#K~Gk{U1|ll^F4aWtmd)K)^E7TZWOq)P0f~F&j3zkhh zg5?!wGrQYV<=tX!Tx%!WZa#KQ4xv+R?XG12HozF3;9Sft2pyFvjXOZ2a939hL0n1O zOUU6t^T5fUlac=@8i^Uw&AIFc8+jx+O+60nke|=36hq%lS!eG!9Atdp3d@7J zlQ~&&j{4TF5nr8|gnO!$sYoT8ioiF~#xZhmWNF$Es8=(3mtZq=S*91vSf@7^{nz9h z^`BvTP$TE~#s@?mp-3LT1UB1D_YsymCnvffody_h32hE4w*j409W`$6nd??6n*Rpc}{arOoy1p**v4gw-n4aA% z5>lhN=a@H}=qOeE(SYuH{nOs#D5XJSZv?N{P!pq-TEFtVqS`2%^EtP+kAu0Xn%PKg zbNB?pZ?9B8lfyl&lgN}=CLC2PUBwe@@!5yZb2;B&kIy1gw{bB+Os|N1r zycmu(m*6Td^C@D?(qY+P)Qs^WT25_bh7GoTMqZ%vsG*nuhL=;K*<0V}q^%%Q2M@Oq+>QM$ixpbX>cLz; zPS9Ozg(KoI<3?Xn6zxJOnV{Y;U{so%`bFP>W&JetdA{g(hj^xs8b=Uv5B*UxYq|Au zF_6OLPiihqWM*2G3(QW9c;WE*^AZc~oPZ%m0-+rdR?b?~LN%!e3DP2;d9kx?b2flu zFm=tYl9-`JZkEDvbtVz!>d);E`KJ0*ld3F)loUU zj#qz{k^zKXel95kD#2GaU66t;q9CLVGkXz}!vQi=IQe?@0m#V7LcR=?EoPzTsamA5 zq0RuswROIN4-%9+gnuS((P1)k1nd?tt)9C@*<;yuC$*9OQwal1SD;@}Cg51(z5K&t}Gwk(Ww=XXS-48>4(!qYf7?^aE zRdg*x{HG&W+j)2>A%u2%!~B-k*sYLY8Dye1m1yXf<{NctInm6U2iiVvsdlSIsHU4i z@u@{tG_%SmyVU^WhK5Pbp6PMDwRsZdWfDkd@%7cUSzg&f9{BPF+dR4KM$N6yFk9}w0=_F`w|m}g?=6wsV#Ri! zT=#nyeRAGCKj{v%-UXM4ED4yune=^W!2La=&;lDLYXig)<|E(_jFz(!+W0m%wjBq!DP_pAmfbf+8AjHT*Xr=2@5IAP#`=& z+m68_=E+a=#JDRW`HTlNHaM|+O=iN^W-r^>gflCKIaRcXPLxy!o7y7nlC#)g#jxW} zZa?2?3MjpnF@v(%2|79%k(+(4ZfT>s;q%LK7G+jlF1djBfNO;w(wQP0e-tAWK+2j! zd-;CMBxJ%&SiqvG2#tHFR_e|u53*tf{hPYD#hhtXo`ZYP7}cHd(B%2taLZ*`7#;g{P<+|$_lz;w z0`!;G45{vzt1p`(YsRRy&&rw5qGoGN29`jV*@G+>EwCZdCt zF=V^$6X-#kh1N!iURgxy5i(z;whc5!UjvI5q#a;l$L*F5g?w%m5xM zs(M_LZ64~xaa`@m8AQaKXdMRdbvB<#_gY8s;&+UEb-e%V`F^)UcC|h+KWmwwP8wqv zlZ?W;@kvzK7N;0Czjhjm6~ip~g-hViOh?VjuKF*;+&t%wCso@qD<8)mzn!D(e7rOiPE6$$@k2 zxHx>xPIt0Mx=OD&mlhNEyBOnsXPD{zbu7||)VE6F2cEGr5#H9^!12R&Z6URvH96$5 z>lDA3n@0zsb#D-(?I=w-cyey9QZ#l4>tAC}vJ#tW8F4mv@c7m_K*z2w#J05lT51tUKIZ*97BO&X{^R@_Ltqq)AzU5jr#%$UqcHIPk8 zX?jDlt42{BT1ng`4z;?M#VH)YiWu5t^-|cx9y5j%htAz(*99~nJc}Au>=^U@S|yfZ zg&ezi8U*XM0t!enyZ0pm)epTH+?aEqMat#0T^Novp1;aTzg^?e2S8JE1&2D|fu1RK zjyTfcR%*9v;*8-NL^L2=QPn`i0f{?RB`#&^R)N2zEcs`I8kzxC)H+g~g%*7;8>j9IO;CR3v3va*e>&e=6$U9eBp zXCrUY`XKpJPHKp==vu}vo7)bLy>x~iD$+5tgdDgvGGdvcRB^C04HBb~HbHdUY>MNJ zqLVq=6f=tsKH@SLNhoF>MD??N<|ZScBju4yO<^|RawCG8-fqx*%mN#1h=s|NCE#0! zMkg>eRYycUPD7v0K=`apnQG2**3=^A^G?>XF`A=`p4qVu@wQiOtP?x;HxailO4!Q; z<16LhC*8Bxz3cNDc{OPFJKY-TUA52Np@GlY_5bdkpIlrIUT=NC%H`ObcuuITrS=i7 zQ!+1jQk2+5jvzswPl4CJ>Ve&94nZFqtSeD#;9(%|t6)5rC;z zsnxPw1ZRh$Q$`8**q16=L!BB{qfDO;?@+fwT26NzC5lXuz=)nUDr;=$ZuM+~A3N?b1Msm-BJH-))$y9!6zB=Rr7|s~-B4;6^ z=p%hCpcO34sWs6?or~i!v)n_XX#WIatB?E`={Lj>0gjeZ_v3u zA6_X`GbFts6u%gdcK;o@ctv_wLvlH|cs*#Jlhf|o?%Bm&)S1`s&KD=+8cB`SGv{^S}+h9^oQMV zue<%LUi-`x{R1G=eO2KIAh=S4eAT-e*2u~Au-ESnhcz-#gShV2$m@%X)9-p`XEmId zt6ryf*#@_j_S;_n^)MUm)tl}+(jN4NUD6(scAxal&%39+_Ek3nq|-I?rD|P~t2gZ{ z^19pa4xml-L4#@5^oR^g6^Ex*ab%Tg*T<=go zo5ga~#KtJq+OsufQRuK*=~**5hBCH?6%j^3rzXig3j&N*zlm0LomTC2cW~bBzuN$r zKxV(n7$&nULN;NU=I)%msMC=TKL{8efbvx0rk?Z0iJEw3Ka> zlld7ihc1y{xYgZEPfKlKopEWy5J_^kwY9;{rE?Z#A!62spv@#_##i{m37&OMmSrRk z#V}%-Ri^b~v~nKUn9V)7fgSr+$3N3GwGWNgDVZ4K89;FkWvH)m^r+I7scY+(0Y}R|qL<)<`x~93kYGOdysj2K|f>jdI5 z0flsYa8NrqI3O&Ig%Jomln!bheh>}h&_DTI+#qcy8m;Cwjp17&CQQfD2H!u9Qv;L2 zM`^;qFj}S~#mj2DNz}~Giv45}^L5-Rg&RU2KN{d-|S@UF7u1aTd^&bF@S!sMfl$O+fD(^_lmA0tAoE~^y4lMjpu+mZF^gW zeCrLmnc4JedFo;orllb$T$?|P6|05HXqJFRE9e|&C)4`o47IV-YcMhfTilmlfiE;f zvB^Zz`GR2aVZH2zMvc_=k{W4#_3}U~l;CIEOR9S{q61=Ua2%IA;C2mdqt*wV2Wt)q zS5R%m47iZdJhReXqf0~g8rxmLKXKzpFynD{R?S|F^iFW!h)%&XAj?jF^p%-#)5M;; zBY>mS(G0%n^d8d6) z@+yU*OO}=XA`w=wLflRitf}x?IUlpz+{^PayZV$nUfVp>23O!A5qfhF6Yn1Gk>=s? z|FAB3AA$QR<#$$jMUuWq)UtvvpP`?vJx{G{A+`*+{DBUz>mt-@dw*x9kkPRB=W6jV z-$J`3wNIIXSpD(}t|WQS5bHp))JbHeF3f8vzDgl2jGhQ+12XZTtOO!4k0Hl}G2p2g ztI--*eXFxn!+5p{_jm*tP|`cdL87|&OY`u!espxutT&&L-GdkVhX>8(-oIAMWdrB3lOCxXpE%J=N4V~EDFRN7|V(}&>L0apal&?>eol$vpnby zuSol{NAB6k7?#zD&m^COcxB#;_!ecuc%7Z{2~S+3M5n(fpot<0OfczCgmnd*r{O@? z0WcDhbEz;(qXJYSWbE=;0?BYtlCt?!)CgGGW8kI#`cLwWi4JVietaMB@b<5}(7|WHt2U5kTjJ$wKnc1Z(K1iE*+l)MoO67+ieyIHSfBgG@|Hr?R1yooeg#7n^ z{6G3L481X@vmpQetk>!Ghu!>3i$wFUVX7p)`@eEuVmcb}WcE|(H|F!wN;45o#L^EC z|0Lgk0(V%#N?Yq+Ty=+yQM|n5owvc5RjIXuP=(4ykgalNk6-fnjs_{yAJnE*r|~joP)l;Pq;-9k zItmeDXxW63qeioFs3XIZ84p1jDaPc8;4G0)_?qm~T38@WSa`={5n}Lr3@w~1FQ+06 zd>yGGApxT@Aumbi@>_dD24lhjEEhO-FriGt_!q|$7Vj)=6C=*gj?vlVX){HM8j5=VO?FrFvL6BQ-LBP1^Q-td#9gBmYyA zfg8P%(UOjbAd-h2gEH0u(*ObPy4@Smn9i8mB*i_PU~|1woOc=$8bnhXrZX0E4{s+c zmN0rbyH+42fD{Khf~MUTk8@O#0;Jg%meNC5gi%7S{_()%7rnE9YEe3Rjoo zw5?G_p%YtS3GOI%phqCWL3Xt*(Yu4c5fEKQx4}{bcvk3Tjvu3&nATr#K`p&Xg z(Q&$*>G+UHmV+8F)j3ThOF)!6Wd#B;+-UGcXpuGqSnD}Rvk%285Q(IuhJEi=pqTbH z?}T5dnESTSo0#y>nM^*0)kvi#Lur~!S(s=>+*~}+Znl(Q0f~vJV`~u))m`NI9WWiL z^?=_p%#EYd8kgavq0uVhY3-fD0$$|Ktl69aXaZ!yBH3{6{3B8)zPJwqL2btCj65Y{ z9x$mc`cqSe>Qp4~MZ0XOD_(bJ#B45lXvXoxx2Al+w)+~t)UsQ~OnP|A64jE zb5jgB%OsPFz@sfIL1t)!n*}iV-dTY>D#|WQZ4&V@PuwIBBN_;ZM=f&)4~~-l;KZ%W zumNmh96za4`Xb44!J)ZIC=x3zR=Zhf?}CuooPQW+-ggiA3m~lZR&}r@y#fLJHFEtE{Vf}J92Hf$d!n+0Yj|rDaJO@TJcaXnVzc@N9 z$!WG#wmP-Qx5)imTZWr~v-p}PZ_*K*y)&R#Oju* z50O)GFZFqeQcF-Qn=ou@hm`NOdPMfk&X)U^m+k$Y`qsvQD$K72_{YgkIvl$N|U;PM@{bzLz6RtYJ z&^Aon0p?`tm2Xv?8Tx`K+~XwysfW2iP9PJ5FF`MJCA8j_CTKKj#X%9~e4vnoH&OhQ zqD@VDhCv$IT&@EJ6iVsevY3zO`SmXVNq$%Z*AKubO__I#2yX!@9T^AbXAa;{6kAdY z7iNgE(2?Edesiw@=PD#LQ4~nxoS}MK4WwcjV zZ#WLRF;j-r>rom{nBLm3}G~oBT=U8_#T_S(RjmhgCBhDmS}92cCklr1*1t! zeWu3aL|#epEnd~CRRTRU;W$HI#Sn;Ka^b5@Yf?O0hfNe-pHS~sAq2QMtyt}jQ*B|0 zY3|cdhu;GmMuR$EU-uT<$Yklj9qCi}y&jNNHT`wB(b#V^78P0h#gcp2VXkpQP*F*K zFlwnE9JNTXTa@!}*0EFeL%KfAj#U)1J1$b0TPiqyI<-Ws(Z;GBR|f6!-DBckSqc}O z+Fd#~u@_?o)*%j53va@>Z`ttggP9b~k#H!L|CA0n1^14B6S@&@^S0!}^& zJ7+Ty&)?$h_?YKvNe6oiEPT~ycDvzS%#jGKekt`7H1HI5ayM?JQ_jDcQ16+Q56Xqc zko0=WV%GZgvw;;DaOSTgD|O-+E}00^Hs3AA)Sw9s#DwsK0Y$`pw%oj;K`M1}5eD-W z78qQbh;E8mtdrAuNN3z5m&QLzdt;;Zt1VbrZNB;7r_BEItlJ)T(HiJctUy=We;yni zK5rK6Kc78&{`|@Q^HV(E@9+P$MRv%pwyO8ZIZas1X&^~mZB8`XMx(yHiYiIS<1_NzDomkW3N)#Aty1TkaMAfDGV!${=x9WbZ;e?~U@yoF0vg zZ;4LTMg|bLN1(5BuOoLzu+P;RIuJ21yZsRl_vN%w8Fo8^?$u4dect_gI``@_sz+%Mpjx+5Vct}b zs<9avvwQ2=lDB!$s1#D>p+>k-tyE%0eNvA|wQmG*EmCy^`u2NK?vFAFRTwoCH`@Bw zR_M+s51j8{tCD?Il%w-CmA0;g@0Z%}%PC`Q!73F;u=>T{EUP?}L8Aw*hy!pFX&r=by2EoHj zzRW}ZC7Ab)7z>R)zxt86(WmEAKU?B|>p%pGpAGw1wxb8g>yQQ9KagT`SM zUZMCIE2#pe(zCCcjpIXIFKg?IPW$YvJ7{0_Zq9n=y{qo&&3X6yV(_k_+J+fHbT3#--oY$!tErOZgi%$B%uq zG#G&jrlqG8t%XO2c|&MhY^X_)Wra0GVv1jiIB99){N=^L9N*SKDy6h|ASNONElh5DPwaAzTl93%E6ELrI+pnYNriVZ<*F zULI74K0NKq-eoKj;fbJy#zz$bo>;%~HqqPcZMs-juh!c}yh7?u0rYpbVLBise{_C`Feq9gF%ug7P{(V9v zQ@_;$AaUBM0V6q7}UNmW)#h*0Sy3|fI7B?A8Uf8U6V6lXonPYvjU;WX_P0o~DfpmTW*_sg^D!!gCH!A1Y76jfyRo#_wmv+VV` zZlij9aB$A6>yN&a0`}nhQ#aGx&Q`@}>M-FFDzkh$#UeN6M6Z*MDB|855~G>&FKNn)WE1_O;jO2ISES z1Vc!e&b~um{T4aY?d7&(aYL@ylFp{Qyck~HTn;We-QjR?W7@Uz$9gKZUAIh0@!{*1 z?>xU|`EUOO>vj5S{c@$r_~qwYuVU}H1uK61ZLgSJmg}omFW0Y&WJwx*2F#cBn_G+Q z^};F~{uUQu*uA>GTt554i|d8${b>(|@Zy_7Gr9FB0r0oA02iIXP4|Ca4ceV6H7iS3 zLdP4L>upyze}9IfQ2^y82TESju?pzl);e|0+QVV*)w>lJzMa_z9GSE*MYd5o?jYmV#7v2!zdzLmFrS z%FZaD;Vnr+2neK#e|;vXe?kKqdLU2ap<4kYcvg~<>(`b27Wyr1WdWF@gXY0u#SwxP zns?<}8?;ZzPHFp{d^2viyHpKDqCU=Q++nW#VZ`or$vioCnH9uRb%BL?{pHGkwychDuj z``zz;_oqq`X_>f+*n!j6N^IsvV_b^Omg2K55Oe$Fq<3}x?IK==n2%cmZNfxu4{<74 zW(T2<1?=@5(i@XBl;Bz!)6f^QEL4sO$8J0md{fI7X_497T2sJ+dO<2d{H~YR9!8Y1 z>9;bVcNxyzaZt8wkt2NZQ!3(g)*^>Qt0;}{COS^(7)W575+*!kfj+R1ERLYJNEC~i zfFMWEqj5(J*}V}=gKZ`?e@z6#kO>WaM@X$ofVnkM5{lgar%@^5Aov_A;mcKZ^=)b;LJY9s`^O*Tpe8S=m z^`^`g{jN9Yo?i7{cL!L@Oauf|{T0tfTftX4CGe$uUfQSUy%I`%tJy)n$X2PuUzYK7NY-{z;zP`hwzG9WPBxdMr*LG)7%*6AZ8( z(c7vicFNGd0tv*9DV;aE2O3Yxl%2wLRXupQe|XURO1<{Ar=X%P56{&b$QIQiRk+^J zJ;3A;g*F;l5Z}8rP-KVp5OK09fM-THRR|K@B`8E;hYY05H=!)R4k;;m-egYLI;=yL zkO~HB0^B5Z?}%|S=S@ok2;Tsx(Yn3W5i?cQOlGb~^+-lYD2s@Na>~bvsbRVT^89_$ z5ur?C%0rh@C~s4G9=6FxGgt=gRblFB$08OFM8FmryNDDqCx8vOeJM{B2Q6faEPHlb z=LsmyM=AOYC`u=|)7R7zU?iKNeXn*?I9fU#3+1$vh$?Z%A>*4Nvp)B!`t3Z6_*evm!M+>B z!&Iz7lox|vTjZ$mqR~V#A`Q6WWs^+^pZX7i7z3HY+R~dD_O;=E> zIJ9StgT_~GU#9I`Uv-<0;bZlvd)R9Imj#Ne&sahg4gClxVDKw2e+?s}aeP1Tt1tjqDd1D)wB~ zw<=xLU)Oc)mPNL?iq>A{C7;bw2nOm(W{6EoVWnWsQQa8Otj?z3F4lMu&SeGq(()MH~XvpSnXyIA8vK%2j;uy=v2?9vPd!q=FbkLgC zuR68X4cNAk&t9op#9-j6(FQr0XX!pUX7gY=D>~ZxiZMBE9-ecud(O$%FG%?zJo2#zVmJ zn?jv0{Rn_+XS^-J#ai0|ov-r%kd%39j%NeAu}%Z(Y~Stp~6aiJfSgHWG2tAlH(CbzkFA zP{E=j^2Ts4RNWLsEUoyUku3U6Z#KJUsT+`Cb8uCSZNPQQKL}hKGh$#EtY@q>^dPVHlJW!X`4AN zRCzGmg;*QgK%c9+%@|56K42vI03n-55>5GSMTt&?hzH0L^Sy5(Of1%Tk|sV$6CY2i2&Ld@!jUJa#e_Tm}6*T13NH)UI zM;AZjf-G&${W`TaW_(NPJdAsH!#iya`X<7k{B`{47Uf9{xMCJd_rgEE{6h!n+K`5n zVq@YlEBY|uM=pHW<_OZMwXtfWq|QIMY$+EcZ3A;cQ+zuH##VFrm!iM?7RHS7&f5|I zr)HjqDp}!Qvz4QH3$-`rOXktWFuG+Q24gM?z{aq;wKj#htjF1vR^_4dMGCQs zK4b_kC$;e)@|7NO7$!E-hm1tm-Fh$!^&W9NI-Jvo3 z4{=2c4tcgV$4Oo z;U@5x*V#LtRp6D>SvsIno$1;Db5DEzpL@@{Q31EQQk;sLUn!-P%DIIAS?t8EPDZ#D0|TYW=Jb`ZDOn%6@d>s6 zbEEb$o2f0g!-5^uh8v=^-ZrpjBG*k%ohwS+Q1H6_sdK}UZUvpKwmFC;RUU(NE(xK! z{YY~4w;a-vx{oooVo1}i23DxN`KXpw+zOX(5PbHtBJ`yTQN9$P1*dNfgb z3$t$t{wG2155SIDoaOB?qpiCoRxGLaXxP3aI`jt)>>+r6RRjOT$bUs_?X5DpFJza|9$@a;3@v^CwXYZZHk|}W`#zPlkulfc)r563N#7{{8)Z19p)=YItI{U%6%TdlCDxRjCu1 zh?q`TrA}_yybh-Jl{%&%O1LL0b;7(^rLOb%)JaFoW-RtN4Jvig>s(fD(-E_ve)*@b zn~kp;2VYiZlxGTG6Mxsnqp!HJe-j=AEOy&CY`kb3epxAm+5Oy0^iiKR=O2RsKM(<| zJO4*7jtl4i#lf>@Pv`$rJUiqR-Cs=lBumscDmt$cmxPjc?enubTA3xxCu1HkRp69) z0gV~CqcKQ}By1Kz%7q4`x$8l8g^DAoUKN$QBt*81ocubF zT?Z37Ag#PCFIPUN&Oi3a-t1X({_V2u_b;xx!$$Hx*}ji;=YQe%;lbgH=F|EA6wk)% ze=}u4#A4Y@`@bi5dItYbnZ^u$2bjwInnuzm``XF0o;ws zcMMyH@`>t0jX{zT^Jpp=kz&T&q&6_xF=v5~xr71~RAIJ2F3Ij_4l{AuAF8rEoDdl? zZ?945jY-S`Mx~xI53K;Drl8>+Pi!K^RNa|WUAGE&4egSNRVDJ1%g1&u%||<*rp(d; z8%=m1vzER9;9FmBzNQYGb{?>m#sDV?D_dA|Z?^_8ig}ofN%eoo`u~vCLTlLXHoI)u z@7(TlmQ@`UlU#~QTw1+PuoQ?SmM$-psV*IiJJg;wAH&7vP|K*cBJFWnTy-!%Ee#-s3 z=7=S}ESMASvk-CvVs2iis$u;8_BVTJ zWP}6x``;@&uGN)W4E&Fqa6`v>1k7BDXn+J16I6K{Iv%;NfaG?+p+P-f5Pm@MuPXq|9ri5>%i z$)2vGm^5si^((o4H8)$)%~n-IRdmu)*J(_{2_s+JvU!bsfpJ7yUl&*0sp)pCy1Qj_ z^7p@E*I4}*@>41j+poE^^`B;gnNJQWs5`@r<+yERUBai!MfZ_xAe*<9p(3!rM%ha+=0GoD97w^Ha6!dy`Pu*WLHbgCvxB`&ZTGQ17!V zNHv=KT*r;yeILb4%4|v961Qxw#Z;T&qWmLta?KX$g$o~10$1!(by`)|bF~~6g{K=? zCej8M`!x2ZkJa_!C{^q3*dpP#!-SWuRTQ%^i$7?w>g1mB$uwz^CS;Lz8Wq0jORZrM zXh1c?96EEKbt`P=l}6FRr!}*&zM6|w+kPa+}_h{^mL)o(SwmQx`USNEv??z7}x z#J71Rqxx{!J6(L)yX@p&7Bb6b(8g)lmVFTpgh+D6qWTl$0wBlD17}6X@^viI2wykt zYnet-07*n?00m@zaoy5)B1mW1tQidACh;~EtyzEa7AkcD%H16Rs@i^$qR<-`(ivK1 zZV{#CI(Bo8Ke*pOOyoxWYMq#!L%^=?yx|+2of$}Wd?Po&MP>te3m%d6bu^gieut=Q z0%{eix+VF?99Gn;azKi^62)j2JbH0 z!{K)qgHxwE;O1AcDBKu$g1%w%0UH;43!RgOiC7B-;HEgg=)b-w@72HrMQ*N#-N7dV zDA!pYj!!;0Yv!fb?_Hgq6rs^=r%q~^tm4_l>zlLg+wR$7ttAN9SR<7kMYq+<_SKuk zM)&V%ydQ|k{xT%#j}}_%bO%?xSG`XAs(W+VTUhxPsqVAH+xJ-PdQqF&-}MIF)2rU= z?x54|yyG0Nz7nOUv`Yj4X83zc}qaUSEpg zX((#G@AhRm8KeANeM4kwVs~x=e#b&4s&R6z6WB%~*#B4@GzeN_1 z=ZMN8XHX|~Z{ZbQl|-^6jc!48!;LPz3`l>=CE749q(OzoInT{dIb?F_nCc*6h%Uyy^j zq8}|+CIyL5tFrUAzmY_|qqCsA-YC-(=B35FR3)R&*(mui^Y$>MFL>W`5$!Kr{~?q z%zsE9YtDc3==fRD|EGEM{OSCEif3mBeRwLB@8RFmlfUjRbKu!SR{$>-Qq~n&I2Q4Y z_`*wPEKKSm<}6H@4?cQ|d25hPK&8~?m#S)C48J|I-)ls7NtpDe>>d>hNlbmNPy`JK z_|nxea|z-Vcx@UWGKo_!Nn=KMNXGO|#6*nApNALydcbd)g-s%o@#i6(agV6pW>nV5 zjNU2?r@G}~!X`Sbt{6iXs!_#}P#(hdE7b=Yfo%q=?HQGv#bE0QiRLWR_=wkhUl1|Mj2bB$XhEAnh~}I-W1c^}_^Rqkd*_gP;RNm|%QKF2V|S zirx8wNk}ckLz&PZAT*qlOr@BqK@{?2UJ}e3qz6#W7!4EczrjNO+TNgiLPMVh3YBN|?nN5-*ftbZjR%lD4;KgKMoqP@Qn^IKSx_M>u)ep*=&!qt z#(txbVW&M~G?F!-9a&;Ve3noi$i{CGJ%99PHU39!^+UZt*U^8^j$ah%zvnNGpYZ>u zcpk<76L!gO(+gDFWBk+lf^KyFALs?T?))FUSn&U99zLD_Px37H|AeLgcut`Cz*dVV zavKlOy#HsZ_h-@f^K;MpujSe3{6EkOblv%1^#5!g9Y4u`KFPD?`hSoY=$iFEJUDt@ zl>Z+-f0F-ylIJ7)f8r(bpPrBMY>Csd^Qa~!k7=%x`nQPdG(cAf2_8Z>OVi3 zAA0^XFK{fd1_i7>|IKI3gTuo4KR!HolK*^?=hy20{SS^<)_Q^?aKABk@ZyYqCZF)d zg?&8xvCTHZW}86|;mLvgF&xPM0sUfsgFf*{4?KCsx}nB2WC`?(|C?>X*6He{!#Kyfv4* zPq$Ccd;QPkV7?J-pWfGeBd|Wy?Oe`ioJ4fOO5C!s>ag3n=%1GRtn-k@bFd~acUv!a zFt1t{J#8)ZseIl)kC!?g?N~+Zlab{m}RX!pRzj}}M#pV7`ANMsa{o{GPKRxEzNdNahFW`0h z{{{cwLskAs|Mw}LC;#6k|KGLe|AAh>YtDc3=tZ;W|8@8j|Krm<#{U2CCuxihb*aP#Q7(zPx5~~=Wk{d{y4RIi1OLI+Rn?Iowxv#oL3lp&1)g2ODlZ%3{da)7Xpbq%(s8S(h zX9v7369J|fgpbKwq?#rMmL(BHGDg_@BvuRvy4(X(5|ThnB(}j5lB97c$w_EU zJU*TiTGVagXB}n$#7tkJTmF}72NSx8D9v6tjAif<<&4-$6@-fB|k-*waOX3}-M0RW1xM zBs7lcT(N>hk$ywZhBj;k<-thtB4G+`c;FxC8y+RIvMP*AmJckU@>cHK<5G`=U$+{e zeKissTs?~U9Zgu>?ALuW+8q+*6%ae9_?hdY^bMO2t(6#@Dq!*;fP*IT$dukO5|5}y zSg3A)|9=uHWjbSI&LkPlja^qomFZ#;yIWxQdxpoxIpv-kf5M&|^P`26V~@4Ne=B4W zYc+mx{z`VZ{LHx6hxA)XMo9Po|L5*E*R2-4qV%3|X4@tDPm_zZ>5 z(CZn@*bqs3Vm3=d4i417voq>ViBMHP>gX9j-T}b#Gk{~-Z2W!UYjdWtxi-`u{Ge{JaY^~{2EK1AYYT_!6p?%7|d@1F}b;?ai})N*O|SnsT$EZ0crHjl!ktQrD&Rn zDbrBxpa6g%PfQfJiHPA7e7M06H~PcZGalCQmDKfdzmrMIWP;a>dLIZ8sR_POZ)5|% zex0McR&6~bAWQb!HBi`Gnhl|DV)BER-z>?p4OSs!adTyR$mjC*W*jqi182QKM^Xf7 z!pPU;_~85mC;%t2hIZ-#>3T)~(Xzg;dOP+m9lRZhIQfW}SnUrqt~q}GqN%63J^Ly8 z*d0g3PEWZ^K6a-*m)bk|@c8+Q!^O)+q1gCiLxGrF+cY(C3U)}_w_2b`_}XI-_GJ_W z^GYOq?UhLW_IKD;m%>-1HyG#>ZK1!w_H9j88C$?k5OhN!L#=lL zB^_4jjdcVPzh=}@@D;sA{^-8?ldYjywQ9XuR;gO8k^3q4rfRq0(2N=`ip3pQ+&Nx2 z*jgHD2*|GEC9+3EY&r_lAgGa0EOZ781>t%uM3t`*Zz_Z|N*|qG5C^@*WYw&>Ld9#auKm`m{9L_FQeUDFj{IFDuht5nLHOhYmot?{&z7? z*f|a7ur_L(>PGjb;35g@4m?l|UeEYsnjoVEc=$)fNd91nFNI@Y#f*Vl#1Di@a?gT5 zF_Du0%v$8-YYqp(plD`web!9^BnFx|+lr(1#4JjIwbasQI1ia?2)bYFWd0bM$uzze z&kqjHxqfFHGhSBlh3iYQlU4a*&^|foU7de>bJjcWU3E`y&b#LqgLm4*4O?k8j;k=} z0Xj?*Po#=6)LW*h{sW8dyCI@7U538yE17e4(;}59=0crz_4f)q;)&2>QIeq&xEl8r zIx#KOqnNQ72o?4#JGSB6X@PFxs?#VB0&j_c#aidAxMYP9sg!&ID0LGow*)$D1aO|Z z`u2B#-_zEAkJ+w5r-`i7(62j#sgGDf>tjZfG-j2Yv7*{ZPRSPe{;w756>D(5>jv#g z57Y$73ix1V9@eH(b}mrwKT#Bac18fz0<()mxH^JxnpJUC|2q-;;3;V|*hpHEAxlUa zL8I4$v+d56h63e{_`7AKNtv|J@9FLslK5gA!N)~7ffP; zi)xV?_5#k_a2CcwG)5HUvx-2%WL6btR#bf}NDYaIeKZizb98k!R9HQ~$exwZw24&M zfQ`q@OE99HGbSzUX2kF~_jc6{(Q1l%A`F?AFrQGQ*vPYIM~aA5#EH8Gy)nSVr7Hr~ zC|^yXuY;)q$A=;d>_pu#xLa@89PEnu7^N?2(_ftpu{R_Bn9Z-uAEswLe)qiiYQ?Ao z$0>{x5K$gyguq;+U&f52aCxfTTMyVoAh-b4y*3k}zOVOcevc=CtW!^|q~@ydzT6?N zL~KIbnJpO!DY?6`9Y|{=LJJVd)=2uY{>_1^hZ7#Y-ya2HWR#Y0^ql4!Gv9%&H&!#b zutr&V17X3t97sY|*Skg00jgpZXNqbw9uLI8Bam)a7Q#R5kirC-o;;*1U?^qf3KLz? z$9*gm5_1I}aQr}i=VHMBkG*&QY8%%c#eer-p%v!bfnFR4P&&=M{d_M4I>S0Z`2d~y zoYm#?^UTiWkF9M*AfBEvdHVISOz z;OJ34C+z&}lFTbP9VvPvrrGI>(gL3nr=y9}6{+l3vhTTlQM|HOOg)H}1!%Vlpb^Q_ zu$MX60;NoS-T&G5z!))h8gM-p|y|bgaqit3(q@D3B>inQP$?!RX+$t8JE)=K3Ix# zmC7{fbOla(4XM47HGf!V$6GIt(156WknbyXDKxEzUgB@Req|rzl0^;GYY`;3$qM-t z{X3&EyHCDpeBpsT6n&NYwXY5IfVwy%`+Lau1Ja`b*=T4$AE&1{9w4rZ`o=(WwV2Np zdKHj+g|!}z*?e=JM%?Xiw?8$r9OvV#DRfW--iaSy8yh7MF5X{W-yEF%w++c6 zFo35z;QF!kNlo(ChGcfKS~Fb%M|2CcpiIIR#sd%2v;mq7r-z(mw7HM+ZVo;OYRzkM*F!TN?}fl;Yqmj&R%~ zX}v|R*FYy1ZO>!pdmEkPXoM#y$G3zrXyhJ^!g!nu(+o#VAwW=aG#Q=mH{~+R*EA5B zHu}+^k$1hCtKh!Yy#8oxQV}?)yiaR)TaPaLMVT*O8ehJMsCVmO9FWgQZs|xHwx(op zw>Qw&uV212*+0Ugw(*s1^kvp(fp^RK0#{4vL&> z_R8GM4E z@P7*>f0@ny?Z4c&<3G3d_n-6sJjwHT`Ck;dc+UQ^^6W1TQv96zuTVkP|^4gQrdkkR*hUCGBl^~9MQ^4DR@;470grB$?>3E zkiC3BIlaok_|um(4bqwJG+V7As0Bl|P^*KtH@C|GHJ3_qC~ag=7&D5aY^AdvO~|I# z9p^|i{u)-nPP4TQmh|zDx$F#u`6kLJy65^(h`=G;A%$kN@56GA=pgJhy@M#Do2+;b zvt}5j!YB*lK?Ij+NxdTc=L8W3w9r;@A8i~X3U&v@jFrL(>G8oUf`Chx8#Cs(zBIS~ zk+orUPOEKCE=-)ShbNc&czP%1qMF^RzI*i^mTG-ET_|rOp&gpKi$s~3o2UqLrB|41 zH`z630Ion$zwRotf^&DRXf*i<{!F+cUW#UgaCI8t}Oc zE;E4B8u|t!$u$wRN058%%r|tpr_W+z=4|0f2J2gMeC9I`|8H3L&EXI}EB?p!OFRGT z?)Iza_#aR5IP<@8a=#mus>e}QFhosM%FEQSWtl2& zf02vFC{yI(X?PM#VXSkbyPdhz*y4K;9CMGuqq)b$ea){*sl7p=Sh$HI$vT6J&zmn_ zDi!7eU0Iy9@#gTCgY%z{&yJlS8vE4()K$Lh(_>Zoi_xy>)Dl2a_GAlvja5(M%SL)aEO&WlE!1Eb+ODk^H4wbWrzQCdGO8s>3P zIxVd114aV3(wSitcII$%3~L^#RA+Np5E~at?S45uO`Pn)ktc569C0dd;W*;CUn&rk zhWoq;9}M{oGcb2S9+X733s-R2fc{?3_m<#%Xhbeg?5N+eD~LmDB#IHkYo{N9i9N4< z%W>5%#bmG0cg|WLc_h-#g2#lhre+SMUuV4aL{MM8lp9r^1jyozR40qIz^Bmt=eMSX z|B25$=YLA08ri(RYPx082mLgsc+mZZmzoZc{t^ur66OZ#D zO~XHnP!1v8x@#@UGLkq*Xc*^yN^k(a4c`y%C{9Hm;UpAEJ<-QT^-T&P%4#Ida7a5o-|Jk+WKRYj5&-?#Lp1S-0EuZ&iGBAY0Fn#~GUbXgY z`R~rlSI_aEpXAYZI8KsmtJvmZwy(&4#2%Lt&bh^a{*d4xA`m@moCG*0S9ywaG7$Ox zc^JD(3Xz9DKmi^wTErOAHF4r4$1F24^+O`9Q*Ais8PFPoBpVUEX%o(#$mn>!u4~QE z{L@}@UJD}*?U+-6S3(Dil`!)arKy6R9~Js8B0pR9@Bsvl-?p0#Pw*L zhVkI4HzdKBZRit7DJNbZeiix}d%U%md&grpb(YMsQTk38_U-6!i6@~zuB)&($Kl4DDGh0~s$y?5cR%UH73 zb=)AZS01`1D}gjo3(b~~?nyWp<`AIKfQ$7f`eKu40}T}N${^YLGi!>~xZ)%!eVQ?f z)#E5evL2P@PfimW(ZS@O448&F!7^r86;-uE*=gFka+Eu5hNo22w(Od-(?xUM&dP8* zn?ULD_*5A^TAkx$(d*PYTX;}*sPS`(d*s3lOVpBU6!d!}zo+SK5obt#xHvf~zdX4( zG+#Obn(_ytmY&o2lG40gL`PPictF#at!-_`sK}=;Md(w}$2bxG4LA~#a%1!9rB(b@ zRYo2xT4oLY@PJAVqG5WX=$7rKTdKQwjtBY%sgbkaYCy}_Z=K$b^<+0uB*kwrvQE3A;a+k@d$%NSTelt+l3czjhuWKt+_%S#d@gt+IkBS=wk?3zI_ToezQg*+@0DK3 z-Pg-`{7N36A3dN!N)jzx@rSG9OI4Y~ckL?b&kqd9t7P2CwjH1dvThRtHdBpEklaAWW=IgCx4)Z;uh*Qwc%cVYA>C?KRT`)7T)&%`(a(1 z#Es?;>-LzkclJDQKoGJSII9dWhRn(w)?eOVU9(niu0Fhbck(|@K%W98(~5F61A20? zQRL!nNO=zkhdfdVE!Pr5QPbTsLP|Pgln`r|-{yuEeJ>q^)S-`117T@csLL zp48m;+yL^QWa8ZW!ulEXDiSeUl!7?R?~dU&4b+Q+tE=DMUmkrcKn?$u>Iu30R`99( zITf%S9G#tIaqYR2Yd7^PK}I`d~y_~ zB9yXOR`6f?^_7QZHz3t5sA1vo7g;?CuSw(iq#i~%99>I=E$_`QDRYnuBU{5Wua2j- zmS+yFjjq$s)2Udzxh_f6=CUa7Izlu-iasZL&Jts;_>8uzI?KX89o^UhQoVwfFs4)i z?oWPWW<}%1PwdJGg#oyRw;_vj#W&d&4Q;fwt1|YNSe|O6E zzx&&}&-Ncr@l3PuTGWPDGl=;9>_2)k3~3vk)0lXg(6c1&OicM^j?)1Vx%5PtlDIRe zBj3~;5;aTW&dP>t`KI2Os9hF!R<`DlZ|V)o7ED`}`ZGOa?!NWz`1?O|(*H%=zh?S> zZ+RRurG{lOV-TKC-sfkDXZHEu9Fk}hg5lhPea!Oz*|y`qv|jD)Kl6W2@-zow?!Eu* z{P^C+tytLx~xAu2lJ^TMX$%B(5rFURs>7yP_QyL6O>iH-j z84lxogws5XJshDU^?S(lZ_=_m>R9MRNE$z4e9SKR2g z9;v_QGkgDE9v>W?9XCh8!hKBN|GTYMFYWVxe}CsW|HqR&Ybv6@=Y5oaep;7#mGAHG z^>~t_tqqZ^n6%Zfp@ zlQ>UlFz!LDd+&M}%4{25O7kpFagrg79O!Ckq@~@h_}}O0d6jN|L!`pwIRawVT#+t> zH)!X3-%zO)c{*)293Oun(WvO3Vb{!t8z{lOTQ)j^)ogm+TMh?DB$Ejo$1-^%?;a;f zR)O2AilKjY*sb(C>vxBMiyeX(E%!e0=-Qi%Sy&MwFT%-4aXUA|>F9 zm4!LUJkQs&w6vN({cq1l7r!EQsD)WbW40b;vIQQ2e;fxSjV5dc!nmK}EKkS1e4G-o zbYN-8`GL`Zyjyb36{$N!rhH=Ncj=5KzIf4TSFT*1feRI7-D~-pb;eCq#nfd*1`d(d zUc+CmFM+Ad$zsNBhP2=xjd!2c*NopAC?l|Wz_c|Jk@r(PB5XbIeJvKC$|4@10KBRs zio7$=`!Dq3#dVmxc+p0uVU{C?y}&sW8=(V3!@Amt59mVHMpK>#bVRaV8bXGUX$8$Hyt8?q z2k!y-H6B#2*pgLLP45A9T**p0CB%Q`*;0<+R1j%ARK^YWSasqsvKy*9Rvj~^hr5{v zu_#7=pp)4ENvKrb`T1Zoppsryt|m%Q#VSGc6sT;smzuz7P~~_qrBVs191mu-jXGa` zJ-)m;d4K+O;jt<_!rWuUfnlXk!X3wELv;|{<4M**VPEue%}@_B)B(L+-r3~FKb@2Q zIn6Ipl94#?*iZ>aZUYP?k<>`0Zdd8B&r3rk&0Fh3l^Chu?J74ZjsrSEt!+5@aE}dSMB@R% zQ8L8wctp~$hcZY-bW;VDJ4sK6cX2E}%H<75d~x0uS?>#|;xL+jpvq8z{Wni1-?0(r z8A}j14zJa=8mrx%RgBef8fn9X>Wq~G=2eZAFza10)&m0`%2;Kfva1sIcE-`^Jvh~*|5Eix4eLOlA-e>qT zddFr>UP)=nQ*KTfs{NNQclQ^i?9P-KHdL1)28bFRbD6oIx*|kg#3y)Ef8E4u~gus)#9&SGF0P)XwoH&o}0 zI6?nZqrehpZyc8+?bu2g(F=pkl3jcIge?V942&8>JX#%|IZKKXlKZgr*I98Yq=h}KeoZC<_IUpVZ z`8;L4FUd>TP>Com7F6&KogBfPN{Fg>n1pJmTHD*LRY9fVkaYAe*o%39S{5qhKr~g# zAWK1l-wecbaFKyaDC2r2Jcl?VwE?g4;cK3UnnCv<8)@iwj@+qh^Q%2hHF)- z=7>F@kDr!+%1R97giO&ZQMg$A47RgE*VLnNMuGcU@*K3Y+qh}_FM@euI}PM7MG|vO zS7B6HPI{#!9;#mL7dRgRyDarmX@rz6%3Yx!5&$h8}Vq{9i-DrQh+ z3v$vc1_7`SLduX+rTnafYBaf?(q=uVG?Q+}txpb;ZuqSWK^;&nwFix$LKQpl0o{Y} zb3(@`3UAr9)TkDSv6CXnlt!1Dx zqhGmqp<@%8)mFXN7*x|F4jNR7>yoidw%n?dCAl0GB!8;>;~)q^b~DD2&ZjbdN6RL{_}2AoqluQ} zp24CDqMGUkQzM*684HQ;&>c=gMl~`NkbW3*wfslh-b9&j&S4VTMDJ*dMl@yoQ=g_I zq0i<9eh`yf0yA8}wT;c>`LYkDKbxPaTBQ z0W`-z?dV2}9gZLQj7LdCHs`Qy{M|!{_gOMlcmqMOHcRFLZ#btXe{MQ;rS z+VC&~^Ay&!jz*{Hc?S`wVtIR;2%~=;oSkwtHrQTfFvFoRF%(uWa$jjHU)X4ZF>F8r zbUzG%w>OL{!G3VzsrCDYCebdIk&0k^t=Ps zWgOr%uvDO7R^Z*8sE%O#?!zcT={QC-MkAW#C?Izvq6sW}65oX>1p!*tMAuZr-e>SC zE9fvrm^Ckf(&}uYd$!lvIwLV>0VJ}xm{vZS98bS!h!3KI8ze(vhKfVGxyaO%I;gUn zzbI5Ce9wH8R_Du^%5yrEHB-GP{I(lk~{{+q(K7v>CN zTZ7%dLNiCdf~Lo9ufG-0Ube*ufZmql7W@+T49spteAOT ztBDQ)6oAhzHRCfh!pfZ37V%ToCLHp*Dpi08jlH?}^$-G|qSA`|kPK1`iAMpmYl?Q8 z+s$pydy9Lw_c#r>SvJl?2>Cu?qa4#54aPXdaZcD^#}Uag*oY$DSCczcEW9;2iz40jlwt#NS9XtUU2qdhJNG*>pu#Ebumak>dfO?j8zZgfzRJTOCCarmeNJyv|mb{))b>5(xO5BjV?IyjiC*B z2M}7nBC@N6SLQ}6$JuSRrM8Qo(7;#soh^n5N6t^u@DArh+3IgeY}Zg?CVE@rL1HIj zEB%v9u2f)J*i``~nQ6E_#CL>Sw+ji}|0hl}G$EOG-S#w-d9_+#_49i(?Mq&!r?W9? z=g2?Wd~l{3u{*}E{vCBqyTSWPLLi4scF~5vyeYtF!JHopm^IZ2pFFoIdmC1kPy4?7 zE}{zy=uOM)oT7m6R8s`q4@o{GDGI`VpQP-T9Mgbg2&aVS`Qb#GaX90cAx^lO7~~C< zReeqo^*mJ@cc3`7XbYcDv5 zb#(SvfSFB}+`+{SpPdaMj+?`L6s_Gdnics{4C!-wC$*P!yYDvo5zMxK6ewQU2KtOT z^LK6Z;EOoJPD_0>)l^@!e^}VwOKYAYPWZQxHugtur2C3r7u&O_p#~WobnU|@ZpAkxDg-TjKbLGuQE|z7~TxVB+HS?Ul386 zumR@jg_`{98{^(JZRwG+Zvd~v+1fCZ3xb`*9n1M4uUcOoLglqpETJIGZg2W2Avdtq zo4A|NXq*%D2EE)qdkYr;%{?H~+ygxEqll2Gd;&DGozOIYL_%ByB!skAyeH*3@Q58t z-vyO#ixGw}%OAU6>7CF<;8jpQZVF5LM}$JN`){KbANn<2f0WQbifyFrtf!PvkcI)c zRT{9%H@BA-7Q-dRZ|;k=G(q--1vc=6j#P<6-gN~HQE4zmUP~>7BE0c5p_sVj!nWk? zWZb1d2H@3%*PM$$G$ts4sR>G*i>Zmqy4OgW`V-wvE!`_gsHKBYH(obFNsahMyQa87*X$dwEO=U;%IEpq=OiP^sLxDnp z3u5IrQEy18Qh!NRfEFX9iO~8W*^g>SSt2piM5T3@=+r;NmQ5YEs&i6X{CX5pWtjehz$G(t|0vRYU(M)&68sC#sjjDfWj`e@hBcJrqOf5G8ti$hUWDH7^ILaF1Uo3rDy_m}@N zT4^<3HUQ~Mo<|=+mhervWOl(hhwD}lR?DDpRuad(SLEj3RU}1P%d_88s7Q~-J(A=F zA%U}TixCsqf}f;>j6kTc<*m6gBR4n}x;Z?A_t0_&myNya(6|cdcq2gZ*x9$W2K=5d z*I#A3jF{$`kK@4Ckny`D$9|t+2*P6~Zbnsk#@h&wg8e;D&$o;|e)3dCcX=M@#<{v| zfel~gK@#yIy0ffQ>>3bW+UD#)hk+I5S9G>PVXw2|tp0B_4ItIG84U+rksOT^X!OJ7 z>3q9RK*6Pv{O`7uH5IbN!nL`8x<}Ih4MzgH#fo86UJp2s13rdDJ6PAi_l`o>* zz{OE-UP!Ob*kwKnZwV;ArI5Hw5Ku36TCs*VQFpAuF_AlV8o?!#edA(=n2>-SKfI^H zq?-34t^M1mPieD@L3-=SyiZ%6HY%*X60^pLrUAFX5My+GdL^|#CO+cQ2c~0)^!ucj zbM2yrlhWHr4(MLZy1diMqCFbNq?eNbVSbxKdwaX=j>|4C+G%~#2apQW0QOCs2V>Av z_aZhvzz!;pdx(Ta#bUiB6G#UZ_PJ<=t@-QIE8dxujcB&DT@OVwQBd6fCM$0kx-m-u122F3^&^~X`9 zR%Al6EY#Pv2I;1>vB}5`F<{ZZ+)sWy2;~NJUeXs>xI~RoP&Q;PHbt684ZhxO}yy!@j;*OAl$r zv#^?bDNf9^nq~nW$G-7;`}Ov7H2J^oQ?36eL6~hpgUVmc5}}QilBguiw&d=oOeqm?7{;vo@KsENYCkWeZ4Pk=sr56qY+7a zA&xvBog7|xBgO}SU{@*k_@_T3mcJKK^7lrJ;1Ov^b3!p_1 z2q;OVj5?F%lJaLDY$1gvhQ@T56p$S9)IR>2sK#+?^t=`taoWXl&W@c=3&%q!?UamF;byI{UZFOBl4w8 z2+xL@H8;+PG^S#M0$?nl^<+S=32N-;L*nz8ZYtrwPh-CyrdjT%V|LPdTE7DM!qQ9V z?1>d_bDbyV(yY#9l?|^jj1po$4{T`VaGvq;E8Ks7W!h&8wmd@=|z@llCwiCXF*OCagkMLk#RG>~J8UQ!MZhXhe zwdVp|l}t$zfk-i;10QnGx3+ioM%{+A(cq0MEEy|?{fw|#XGe;Zt{RgEyGJN$t8o?u z?5cgx(F*;0N^nNw%yn(5yMcH&Yzy(3mK|xv3k-}y@w$x~?@m8l{c`kn6aGIqJ#84o zT2r_S$#q#NF8pNXG&FX&2Wg{cY&z_+YN&U&RJt~L$L?F?ev46cHa?8h`n3CR(#x|g z-sBeSQ~ew(!!lJbJm(NNG{c5uQCu2y#jvRw-g&tXs$o+(yusA z>2_`SU(N%5Yi{t%(9fyUo^MCYqt#w%%XReHtG>;ehd3Lyg1h3ozRaQ7)nsJeB&7*S z^N?gV8^;bBXBDv4b1`~~n-NDMa4a%TEY~7RPvujMZ{zMOvYc)cnAK);)O3mJnJ@0V zVLXuUw$@miFmJ-1P2+Er<)6ahLYj-j6P;-5T2gM;G{T^^leWGxXOeMb%0}TjZ{x3{ z%#K$Tj+^==b5SVUR<3LA0;YyP)V7Y}~Gpos@N>HauE_l(C8PPx+QK{lmH#l%V!W(KC@E5JE6y3fYlAWUJa zE48VBB&Qq*lv4#l7^8sP8P4ahC1_00#jmhsM&l?C69@;(=e8*ba`yrt;#c8@SF9BV zc}=^&MJ)eTZTq)c>%Z06|IM%f)Ch>n3Q)HL6n7UN83B#?G!|xiocT%u49>mmqCS{x zN?IaD;F5wTn^14 zkKj&IxE;f>QT*gcLP2sR;BTY%0zgGtrBS^osZf;#>X11`+8AAeS9waKh@=HF0I)LN zmzMUaK6DC-wrz@QxTv>LmiTNd`N>_+Ga2ct2;UiJDA?}hq;14X=Rrp}jmIfS_W}&W z!QjAwcBCZBCCwp0Fl z{GZSM|B$m^Km1`~Au6Qa%7-a43Q6aIdBjFe2@Q8?QSzA8NjV&n1UO4gi_#L_C2n%9 z%ulX4?mKH!dCIjiTh@~AU2NrAC1En#$nI_6u(K^qUuJqLW-0 zi;AqKG$P7#Un&G(W3h^Ad-w<^AxxFFWsuKkHiR zA73@|&-wg)%!vQAy|=q-#edq~dG&1n^(4=W7b3nB1d7Btm=5qbkwsGLFhgA;f;L5T zLIU*Sh39?w;xhs!3`sK7{FNIEa{AcR^TeTs&hIqP*RQfRBY(1@PX3?-E5PXDx?ajK z#E=o7H_*EKyJ1qW!J73J%nn`kc<8r-%kz`-pE=|BR$2Y90c$u0^ z056&$zT=14NOP_ZqlmMWCM9_nVWak@Abdc$hFS&b=3SOwSqK|>$ zRd5$V#4wERa1?4$S!s+K@<*c(lr&dA#cZ*XIFReM{HI*bauLe76*9vA*RP&nKDktY ziv&r4?n2CMaK3!8HxRu3`c*op70xoQIx zt1IkLfE z2Aa=JL|wxLALPpL5k!FXcAAX4hv_Z&Sw4}6rzhWts#yw(L#1`4`ONOklMr)iT`YQFLRu^o$ za)YGs%Eci26;y{&FGi_2;iuy~lL1X-z%KHc^u{6_a&cftIdZ#v6)vtnQ*XszzZwMm z{Qc4K&B=vDxq0xtTBOV(%VADN*~jfq%`C_HIFlL43A__OzBV>WAY8n^ytaT?q%^Ey^R7O7G8voPMkhHa zg>nqJpZeq;jly`GYf<_Q{m;pT2(zGKku;@^8~P2y{a7T-81uc-Mn4*d`(3Z*4BgKj z^B;{hd3AjG>&c;GS=R1zzT3o)U*u}lRZdOe=*|{Wn0)=wwIB*e*_tR{{OqjP9JUoN z7mX8|W8+`EKZ5w@)(`_}tT(R_YTzV!Gxd0HRMLkL$uZpFSYb&KBqR(%zfaS9oCfuv z`9b1Sef@4%ekspvYv&b&QE$2DHCfSImJY{nEt+|fr?&j>W=Nuhq**gh=5+;~CI8zm z$A53V+Ig1$J;n3o%hn5Y2L>)Ahv<mctqaI_@@sjPsec&?eD^$;pl4I?}wjJ!!H_R+tlaV z*MyD>Et6=RnJE?4!4{)C(F(zxbE67)C{uKpq+y)*QR5$(|BtL;BEkO_zVj6ziliDv z=rMK0!q9W^_dKAevlo5t1n2AzVOD z&HXeWX3@I9S_nD7gD4@rjiz_fHwQ_bWqg3Rb~0DilQ4w9bVGC=4sFHo700|^2z=#q z%a3ZxWtqwXwbq2Z=(8U`0PyWM^_QInry2*|igD5vuo`dY2GCwmMr*v^c{W1T-+c95 zl6;(Up%+e)lqP8it4jrdfV-*S?6}{NV`eSRPgOSNI3uGwk{;4g!q#HrzuvT(d;az& z`oFE_D}S5q9GqZC*bYM~1Oh+22jefC_eKegD*%#eBo>5MF^*fr$$qE3zn<$~oK|CBzLXkq zl&cH1vo7!%mQ|XgTcbqn4$WH7m2K$e=*uipyECgA^j5Z>bM$8ys@-F$BJ^3d%X9Q; z7pmQ7sUq}AK9e3d>JhRyX3h-qQuRUKi6s-&%8fWPy?;%B=h}u-^5oa;uI45*E7jeDQ)^Axg40vl*X?hf4LCiu zf88GKdQZ0dlud$&yFPvYStg{~4z#|M_n=*%a$xL&`aZP3Re#d=qQmf28Mv}3w5y7b zwLw%BVAeD{Sy$ugbN%LvDwXCDmAtSmOi&&&h9zy~tQ%&x=T)qxS*$5caD5?b{PIO1 zy3W(nx#ZLvRjmQ^HXmZO+Yo;=YBl268ILFbsV)B#w_?A@j#)b@+>H2-d;2Zh{%?2p z<#YVUCwZ)`B6%N;Jgw;=BFkL3r+>yt!ajJnVH~v4kyaA`JLYJP-GbDzZ|d&_)HW8g zhEw+mDw->whkRw(E5vnfHnkOJ=3uCv6$6T8R)_8drON6KOjCf+>(+unMZQzBDksO@ zVLXhWxyLNYl`)xC;?uUFtt_n)VG;9y{utAo=w?a_EZp^M~Ub~@Iuju zs)cD|+AWVkSbBO*D|qIRs!Rs@=mkK zfJQQScCy#4otAcnE625JB2_r!DH7G%{wvrU%zgjQ?t1fvgPw8!Z|&{8EaiXS-+#XU zKgBcq{%=Ky=U01i_5J(b>ucXorF|E6T~qf!&Ldd_2%6!z8rUXc(!QMhF}_ zJIAcbT4po{A+fMRJWK=7sxLv6(u#uC@?VO~x(IAyQq&x$10u3f7R53xAz1CDq85N- z{&@j|t@_rK_}e_S>Az_hFxLq%lm5Tjw&?%P-rn{z{eOzbqW@0gf3_t!**9$Yjg!IH zj@3pYusO?zhKorxPmRX+aa>3mpU~jSpjjiF_lBp2_@@>MTBbjQ*3dx|(R&oeT{?~f zJ^Z#*wdglm-wd{+UFvK4auj#vzQH>9W&Gshz_Yl3*YoT!l1i2C?Xxc|`bZU-0}#(F zz%B6g1E^xq)QR->HV&>$|2bF18Dc&5TaBY&hW+oWogLf$cW>|2v;6-_o;8Q~zDshv zGexd{C1(GMEGXFLG3mZ5f}YKy=Cwrm;>IcQuZ_33cngWHz7<)^R-{FKj|L{gh!Xk8 z+6f)0Ig}IgOli$IvyTWV#G9_}uuGY;C3LK>%+>yqPh%5eM{(f}80LoWd`${vYGI?-5c zF~mh~pIBp5^@j&SplKVO#HEisU7Ot}p$jUDGS^x{!ebkFy@;3I5IbKtR4^biwksl;Gff98K7?ybB|eO|qPf z9ObH~522psNn;X?Af-w9^f@>^H3!#HS1XgX#au@6T_}-X9&?YSGf&RaQSdzPvtp$EqIR9GzU2>ovAW-h*uW znu_vUX>1=?U%Rljc5z*;)tel#gVWRZzug?4U0naGa@^XeF(Dct)@Z-Kye`+M@GM_M z>wk1|b@2A|_~!8a+1bJQk=p>k>dcBhJ$pYDfv>9pIsTvP%Y&PDrw2dRf0X349qKZ=rWtDd@K$6boc*iq$?d7WHm=FC;n79I4tI~ps+9bF3jtcARmWw!rV>= z@^LyJEZ|ZgAE#@_e!s-1B&eL{r@oQTxW~O za)Z`*s^XD~P$cpju~M4|cj+B*gY39BITTY4ph^T^BwDl?j7BkN#U+4@l6-O$rYa9W z2_u~?NKNXLsl3K*1XmsYBAZWy0}*#@kx_9GYW74{lH%dXrrckRs<&h^rKz;qurnOo)?4m z)m#pD#Ux!zg`so?w3Q5~nylIS2cbon9<);DHs;eLz_F6hn5&!%b&7nd?S~vZfv%Wv z=_N{4bkV&dMHq6s8k9+*R?~!s3tnsTFIM&i`BKl4A|J7HW}YA6pAM`mR5N-#ErnXC z-a7dMBA?W(zhQ`a9GU5~)@^pPTzm$;I^0gYOL9ibszLoUepD;>9MVQjEpOJVvYsf{ zb7x1>Oy-KOa$TqlYqMaQ-uB~tFri*U2j+y>!OtIur@UI+^<5s+>T zE(N(Suj9tF-Q)^E8&(NRO{bv^a-`?N0?Y~Yg}ME@`yTiSm6MB_i=%`Bbn+?#Uv1)O!}# z|J^VS!gx@h49wd9uU@^ffE!+R6)!KXB z|4;GE=6b(b{4ZE*-v?EYVw}33I2EG~7#~95LjW%&Nfh?5Y4PDMZ0HPTIxE#0#z%A( zl2bbeG`beZjv-XI>{JF45=Ayl(cMxl)v_o5OS%bdy+9`-29ii-ZbvQ+`&Ix}`5~sc z2*Mel7h5XWC6`N@ag{1!vNnr>+ea&R19C4B%N3zwZuL@{>aZ#r+6wxZ$0fn)&h%`k z=uIoMG1GNo=?)fgun>!6ZvP5*y(vE9kYdoREnUX6-Ksp0G(nC7uM$?zz8BBF7uxg9 zeJ`xNESxDSHZl9UG0in&f!3Dv+*r)@VqU)w^BQ8-K0CO&KEAy9<^7f0SD>yM)YbM( z2ZT9-BbHWx6Ajkm&H0D3x5tjLoX_*&IU1p>>bxESCvPUWth z?dD?M<|6RF-;CCd~oo*l~1za`l1FMVAZysp2HN`s6QE;Ylpjl^L+rX){ zzfaRZU1(jzFZ$M7cO}mZ`rjOqXcR)IoyGf@rT^c4Y3cu3`>$R-)Bh)Vnu9R+*3kRk z&W|szApbW6$ShJzd;HViW3@j&_A_JuUmhPEogFtv!7_bJ-~aoq?fo5l|F?EtJ@5ag zc-GJ*9G>1s`2W-TFwc|r)|QYs)2$5@W(da!2Y2ic56~@{_+07O!@VH^)8QX;2`3NT&z%iU8B#r1GqJymId24Iv`t<)CU3y-p(}7R{Yv`JQ zaEtZS4+mqeyz+iP?4UzooaH!*P?odnFCPR}S8w1VrNJ12F4u1Z`FzMS5#9}U8gB#` zDc;B08ajz{^~Jj$hB6I*m(o1TQ@|7HQNI@;=nd5lM){NE2~@0O%o z7`K56yB$Ph)=)v_)x;Z-;x>?A2+%lVgO(2o`uGcpMn&fg=VmtCKnd>M;sHS;9OD5= z`S4$)1i~$5Av;PuUprV(tNGLa_Iz~lD@sy&7cvfmEr@Xf;+v4?7$3(0NuvqtJdFD( zRtrcB7mT$84buC2-ZfQ|z~1r^1pOcTDeikb?PO;(@x_ZyyO?EbDt#Xc7iAp_L$N!d@F z!>;NQ)iw!G03j14a=bIo`!Dq3#dVmxc+p0uVU{C?x4+sd z$$Dv+z}!E&Vqd!9549_i2ix z-WuU?J|uA-_QV}+5wsRxgqlspj0X53RA4{;v&fxjjc!k(HmtO`T88>YkGLkPc zKcxxMuQspU9Y6MI6(R_!P%KnCF0?dX)|r&BJX@D< z4-N}kh?UOOa;jsc2p0z)hnp42a*ush;MG zd`@Uui;J!g-x9NBrv0AAPResjArL+?Ke-GWX`@xmPFA4xc>LrtY@~_SGxtdK`ga<(Y zG4yaG%xU1xbjDjK7H2|NbH9H;U%oC<%|h#-uzhh;LJck5PUf+2TMDgm_^ryzlP08= zRz_fvv(A-7VuY6GNK}U%-PC8Hz2z`hD&61@tSMqwG*J&OA0ryG!vQHgxv47`pj07Vgxru_(LeY_+%_$>`{@;>g7daQEgY=wWi_UQw<3jYN03{VNN`X2FlK%Jj{ zo@-n2YWn4=GH!LJ=!J*QK$(na&2Ac6CgRnjMdKrGhp-B?+@Y^Kp!OGGu*VjHkMgYI z+?vUkR5B))`u%TJObJ@e4SqIXGMzDb4BS?NRyvETez0LrSH7F<4)=Foy`I0Ch89i- zvm`qfTEcS3kHVOMhx_92S9bXE(<0S0v@G{fH+KwQ{fs1-3&taMC!~F8Y9w7tbBaWB z@~*hpHSqy;-kpB9`sL{DCj5VJdRm8m=x7z5qB8{nUI?N0YLYoDHkvf~f{E*cyXh*P z70i|%%%zg)H_$q#0nrH}qZ2sG!a)pHnJai6(3eI(w{#AZ_Lw7O@7;?HV%+BAWhiP(zdX{%X; zMu;Mpm`2%U$g<$WKtAV|v@@Z>Y8K)OL^L*9BH)yX7Q8|yM@potVlq4mW)C0{Y^@S4 z6-BC}^}>EX9agJAYqn6=zGWO2K zd*S`Xh1GqUj<{3GW6jp?_Db(myyDi zqGe|ho`RMrIuk1ay@3&6N&*rzA8WSU$*Zl~lT8X$rN`M_Dcgs?~)Ww%^}_q-8?-hT$X0c$YtL7PD$a6jOx{B{Y6Qk5jN(!n(42>_Cr&vNIbsE1kI(< z(W(__)livOXg$8l1kI(<(W(__)liu%rZZWFjLfCcaiUd2Wn#_N2TpArGS~a-- z+HAkvdrMz6<`PQOK+DPXFTnOMiQrs9i5h4*x&GRB-AA7-H+Zwrax(ojuDUBjXgXSM z@MfdsWcr`xs;iI8Tr!CoXgQhwZ*tYGFOzVhRfFkwP(rKjs<+r&GKo59)e(TYaatuo zoJ%HA2d$+9ppQTa>ws4Stp(+uk46dWfL8;pZzunBQ^Gpn)j;d%<)5zko=YU*M5~5D z;S7sH1<*>?pS1|y`w1_v0HH%v)d!LuuOQ=NrwK@)?hkh-}UgYV&swA>OBq=<|j< zZL0u3zw;!Q&XAmZ5~VyWBO+*{*g`x8t!jt?ZMNNMdftIJzrs5bO*Rom|2jB3<)N}6 z!e*vohk&~mkMpYTS;g`ZkvJ3Xs2HI8A#1`4p$UN^7al9WFC$7$@W>U$R*UlaFFFR0 z#u+i9kbcx!__WS{+;s6Ryx8DPoYS1g2_J=VcsuSA)=HYOW)H_{$`-&K&lv&kVye{o z-F9Z>Ju7gZhItqdHi}5Fs57Kl&b{oC!cU94Gl|fqI3uf=tY>U;|;4@>< z5FXjo2p$EIT8SXL{DX}7pst^r5-0B?mW3F4Ni-fn_*$H!a3u0lW_Bo6GgcMbCD#6}O-jC=y7_5J|jSLCJCKJHxir=rEjphkTyNhuKi~ zmWQPYCmgF+_-6x|D0{0j3bAF}t+rUj4)oY@x`DGQT1i-XYv_1t7y{30HPImt%f*1R z3(fe<+h{dq2=rpGrd$_Fr;r{~;myUbhd1X3XUC3f!`hmRyCR}+!>rJR3ofDwTqH6P zm1|^2Xkm2iV-cdO*mT9aW=J>q8dSC8AfaKLqjgZOzi#ccAQb^?H7n?VG(k{tVZ<#f z>!mm$0qUo81SCn6H{;o7&_DbYj=~71?EL4Kp{$pN-J+k5;x>jZicn*`4`hXCcTki9 zPyNqsM7vv@v)VGQ;aj3Fy|k}w^2sRLfYmO?id}@bD9=Efj&pV`(ed82Pw0b-6Ski} xPvpRj^Dqkk6nPuCJ3ME2_;fU%6Tv(`&(HJo{QNDR|33f#|Nnd8&CCFp1pu83ToeER diff --git a/BACA/helm-charts/ibm-dba-baca-prod-1.2.0_ha.tgz b/BACA/helm-charts/ibm-dba-baca-prod-1.2.0_ha.tgz deleted file mode 100644 index e752a3c55428e8205325960be411a8f1d6712f35..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 80993 zcmV)%K#jj2iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvHcN#g?C=Ne=^C>i>&$K-U@Flly&*i+tkc6jg@By4m&djVV zQ6)f=qEs!Z>@fZG``Ld>drK-+QDB@~ch7`gD{TsuE?Zk$`@Z>X)sAPhJ);qAXHvvR z=SwPeXH8ehe|@6Q@$vET)5nkD|HsG2)&CzqK6&K-hUX`bPM$vbFY>9z-}%Xvrt-gz zk3Y7b>f(MQADZ!3Oe!wYGjem%pjqa>HcvXI%|^^rBzdOcQJ1`A$%;erO8_J zNFC+sh^0rGMaxtqVzEAAsb(^hT(Nc}Qq5A`UeS~;*ovk4sPT@iZ-tE2S))zpDt_{) z(I(woixo9K%5VSj=abIKN$2?6MoP^r zH%>%D^CV$1eB-q9edpxc#*KS)(mCxMH-728{E*M)`M;q_&eW$Q0K3os$tHQ zqsNcFp8qfLc|dw>PV+<)+;=$D%ADiOoa0X80hunjB3uzl-gGZ7+H)aSRBINKIZv2r z&|^_TB_lUfaym=!^v@W{s8TE@Jk^4%MJ|bEt1O|~blZ6FfDBe8G z&_8MrB3ULB*Fvt($Z8!WxzbE_c$A%e_xSku=uhSimC=a(CXX`&c;K(x#m5fZ<52pOa?kEmwkcFFXT zNn&SDZh4ZBNTex?w87Bcvr}@zDVaEh@4oq!kot@~HgsV}bCLnh zuQ2cLj=wu@m^~qr(fJSk>Dx*F{CeECJ5c)NYBZkO7l=Iz-K)Ws6k0?gu^d2yka?aY z=l*9iC^@1TKe{2}|Y^zDQYoZn|lxY%YP3DV<37?0!eG^xm)GR9cjIDU?1Ve_9Hq9b`ge zs-T+t60FQ%hh14sU+yP-+kFdP57F`EXfi!3BWQQ}@~j4BzX`s0W}l;bwm8*(W5fRql7BO=WB~VZTJ0Gfb^BAy)8|xEK2WM z#IJipsuZVy+b28;pMrJrUFDnok z`JlQMzizlYCE$YxWP(dkjY83?ZlZc!t6pd9j0{E0jI?g#WcFS&nbO2b?>r5@qo&6z z6-(WQs>VvUwY^lwA`g#Gj!#3SNu~Qx|FK8^ggmJ2zww~<)8OesG6kSzso9$N4CG^w z)vpzci54W1jA}+`N(R`RNEQhhcg&;`yDvr(w|}-nx!imfiI~yE{7BPOXfR#bwwV-h z9_c~vj5HrVefYFJIDOcD);;ew!=DjDn}cVUY|Kz2NCN z+SEuFiHR(A8yEq|@r^4x+naMP&)P}Ffw&g4Fixx{p?U9x6nTb7y;|d= z`%ylp(Z&y&QcfQqubQAKOI{hQqMCWlG5+t*M6qPvR(z4RV4i;_snEqkOLt&va7-ja zWyR&nVDZQ8I&`t5_uuyieyHGzIl;$BA1?%rpV5S-k%cLYg~agm>G8=^Yz$8?40KuS zbdld&j)pHro17CNw_LJ#$`?$Y(`dzc(Gc=#TL&==&}tfT3x;;^}V;h+Q-1 zdPu@g_2BIGE(bO2=skeC&&iT>HsgBr<3~~>+slU%q>nhgkB{;6Zql_Jx)}yI4cF8{A5PajwOKOR3l zIsWSZ@g+V}L1<*o2YP52{*v%iX+z-78jYWRY8!s5^9r4UEK}UE95MO%=SIVMb^U2@ zMT8`tzddpc`cFUk_mSQ0c)9|Ak)MA)`ahb-fButZDNQvQ^#1aDk?KGHNu(NF!H8v; z&1{&tuFbfEIWb)Af}|pC+lis_)Ow|@SgKowNs)|D$%qmw!zi*$k(8MwQ@IA~P`hYv z*cx1%1&ecS+lPbhkgJ4I#fW5c;HSzU21wsn2{{;KL>-@i^^EpqsUUzi%F}`4Tod1WXr&a&2Cr=-J_5b=J zpPzm@`U7$MOxoT@vp~%b7l@3JNF$bM_+!o&xr9@2M3rHX+nI>lsfgJT`NNSpo(4^0 zHs>iLO@m~BU{C&n(CAV{VwKUM_jMm_$n!=Lt_2gGDO* z257?*Pq9qa=^*)Jx~16Am)o(tVS3%&L(6FvQ^VP2p-=|8@=mx!Bl~4_TO9 z)`I~`;VNShpRdU(Pc+XG2754J35&FlQzlo6P^Cn~sb(>`<$77#CE%)63%k@tfHXp7 zCSnrNl*|}WI5dlixeN$}x6PF#QgBrO8FXVvu85+Vt2t*eN|z6I&w535wCumn%q7A_ zT0iO1826sDNRzdhI8Bnx;oO_GlSWO5$e5&BNOeXAX^RYnHvj9t=Sr&<=?SKWLc`Y< zd7)e6LR&t1W9p9WZg0$^V949#9b2D~8Pl{=K9f{NOW%z6X_;9Ck5R)=^k+~{f?V>= zJGO3-Z*FKp&i-8G3{2+^#flgCoGdgsfOr1K2s>#+PRRcdp6Ww#TyEbcKm7z_Y<6Rh zLCvENJ0v@f9t`sVYux=Dt&6bolqjnp9>1**n z=ChOkTe2i$Qhg-*cNhQn=yW6g=gH%zr(gNMFYy8X?}o3y?*u&h&5iu$l>rN=o`9P( zts4FJ8BJrnagEq!Z(j%o>NIS-f_9<~rk#lhq`W3+7Y!ibpo5WSL(`WdiKgY~hDpg| z<_X%9hwvv~P4fAizXzj2J0KTrB-=-SXq;Pnj2~m3C&`-pnA3!tYn9L}gUNRquNn3Z z?X?-hEJTqRi)gN_v{-~N;gaW^C9wi&GC`Fd>cP1p2eUPRqc@zGwnlC=T*l#U$e8(+ zq4Nz4boS@{!Q|e|Bv196H2;@s|1Z@foiPJx6yL;d?*-A{6ih=p_N#{KZwRI;pW)$l z%HJBm?gUTMz1X}b=KUst#A2@Q47Q#$u(V6T3F9FKZICiB4w$*V>*Too;5;i^G`o{irswFta&wb z7{K9_Rk)osytd^c0Lp$~QCd>X7FL&y4hUnBBs^VQgHIwtCw$_%U(xrITpEa+6i)(2 z!!2Xicq8Ie996LE2@nD-;H9PQyXSjt?R|F6x8H?Kd*e%uPhOoyFK2Z+z2eQX%F*e; zyxJ}|^23k0(5zNFMuZ$$byN)(vVUKN7q0#LtE?*EGZA-F&FePngDhKaWT(77u_0vPcy=taiPcF1p_!CuYxucqi#=RvmTmlW z2Nbu%u>#5MbO}FNWZ>2CgPBOPyt&SM!lA>BNb(g6EH-!m6R{|E$Xwq_vsAx=#^(v; zCAfhL(y)4M+xL97cIxcL?jIZTrgpC&?^+$n>p{?_6?$ z;)kn2Z}Z{c>b(3=u_%{Zufa9reK0?nr(HD^=~xKu9l3*_Fx|rAlj8s%=L)=0@$pHq z^gPQFNJ2ytXizbBgsmfyYRXd^LtO^xo+yJJd!$+0yzt;NcS>y&O&8?npPS{Kst3|e zXqXR85^;Ma`3+Clg7sBI6N;Ik!cDMv>6*oLze+~qQJSpHemv(1Q){K!s;HCsR`=!~T|Re<8SSEJtBVfV6M*;1g(&!yP7EeL8r#%x|kwBa|LvEyeusSDMq z4t+6t0m&okhW?Ok3H!b1zv^Gqcf5sQJCDPL>uu5>zZ#tPx1!^g^A^OFZR^>lAgP0(p(FLMa~nSCkMDOt z@F@Sl)>{qP{xFN8{cvJ7r}Sj*h&LQ5|K2H)_MU?Ik@see&?>_x0P4W52!ZPNx0w zZk*h*u1fUHU59Dh?+qqzUv{^w)ZEg|4WK&L-4B8uOmhd#s#sqP!D{28&J5f(Clg4l z^;7xGND79Ztr!ZMUW1+qzhNm;>Pm_kE01A>CQg$cOXzySB9X@Gj6A7`S4?sd`(Gbc z_&be368`to;|ebUKGD;qWNImrxKJ+PXHI#NOBVe8xZHh|O+@sL=_+utIyTAhA^bjT zefVoyD|=t4ZQLgks})V-GxE1)l*^>qBF*++&A%`DQ}aLP1bf_p|IUEkx0>xXPl0D= z&3}~O*FdG!CM4<8i?gdeAWMd ziO zL2Kmuy_fCbP64|zl#L{9-_PKIGF|yyw|)P)W{q8kpvJ6GVy5cN8by;$v&Jqxe(~Nm zJ^ojtNXaO&Q@9K_YKw3gEcw$LNL;p`2biV?2tJq>@I`3VB6KEh%3vwkC~l}cvK_eu z_sxn1U{*>}T{97&OCL9lTBZ11#AtgjbxYa9uGI7vjQfIOm%Zq>XUMq&4xiU*GntOY z-532kr?(Spy{5f8>A&qgyK{oYS;o2pcWHiYzi%h~@vHt8Q_qg>v2wz`gKW2j>=?q3 zlzj)do_xR>%tf&G3SNIE{jr%!Jlm>3-Zs8ha`&F~hc5=hErx<-@7ZZRUYV_*Y{z@A zBmr7brznB)9e05b@*VYu)A5_ntA$5j{%t^nS=3ITG|z2F^hKt(F?eZe-RtSgZA1Wu z$d$|dSNs0ps@v<0`;$qfi+UYI5FoH=C-dV%E9G-R>>*@#)J@cJ>8TPC(WGWNEKzLR zko7jBYNW?E+pzL3ixJ|=UHydC%dyMI1?dkuteG#>oFe(goGP0_QhR?%JKU-Y_HAHh{7G0pZF;_dUn#q?f0 ze^DxIul{?(d-mNM?$z&B$C#}hUytu(vv>K6ZRy#SKig~4TR4@<9a!1L`b+5JIR(@C zRu*B`bO~4mG#4pNYLsoY$%QsSaX&ils?Y5OW+Uv~v+rkA?YD*JL|9tS*ZP=8Q=5t@C#*@>3KTp5oQ)sl!)$gk-vjH{kS3`_TQCKYRIqx=hX==m2_W{)dMrRsYW?Cl9~+e}0M2r||#u=&`Q@Xw3`1 zvfik&KA<(g`EpL6e(=xc1zNlJ)g8XK8|czK|jn%vc^Z!w){_ak=%hFwLX#|x3SGh(zp4V{Gsx>Px6NVj@!IO z?{Je0_Ue=PNj@y^$wwrTC>-6~9JhG<1!Xp?-G6|0V%=a{y#yz3Ce!}q+gJVZWH8!d zR%r&DofTxr&p)^KJq;gh&Gmg+Mc7NBzM#o@Ph&!LlApmUyfMTcrpD*v(Qx`9uy%j! z18hIYheNyQ;-0W@f9wN{543ywvGy^1P9~#|8A2)XnXSjg9r&T<<7a>EjV`-`;Z8$| zUn`%jI+0k_u6FjmCsvfFdzr8HbSAE+v7gtQ_!soC25k5&V;lJwkYu=R><_kR?B1i# zZPNHvSv2m*(@^0;z8WVCK)i9HY@2{WuoX>BsGKmT*H)bkAD=ZIZ1R((_dFl@o$n&7 zVzjSOWDouSE!Lp_(CiO)>i-{|K73l$|DQbkTL1Hld^UA|kw{g(ViJ^n?RLBI5hjA& z27$u-zfmjZn_tW-;Fb^15%tS!xjQ}d2bcls2KoYe|4*#t-)BSb-qiiKZ9f#)wZYqA zPwuDkuR8sFUY&n+w2xBy-=nktG_C)>!Q;i}x2g93s_6e1j-%oeHho+v82Ut(3GD{P+ln0x~%lgaOY@4&}X!;5N?@pM7jU81Rar${@tzyJTt9=oi`?QdR=Cew-% z@Dr~~TlgZoZ;IcouE?Z!%fFUF~U_aUu+syU+yG#lLz2;%~Ll)2L zp9`h!4?JBo54T3NhNAPyDc$CxS6{GIv}4gpOa!-#dMxE_Z#i>0|wit^{S74=4H!Bv09T9qf^ey%{3*mQ3+?CSQk6%E{J0$oA6Q#x)1lm->!}*OzZ! zkH$ar$JGe%aEfWZdX4JU?S|Y3eM21AK4KOz}S5#?L=H)VjZku(N3*{7j`|H_Sj~y{&^;lu)J4 zNV?$ZduRrKd5~5#_)fJ>nvoFixV_|dy`oUP-NyE9dk097>pfo1q&qTa#EB-I@ z;)y}i)!lDOb}PANZB6BZ=`(V4=Nq8ZYD=okFpteJ`_4}pVq?YlGmr@PeN!^}fp114 zO;Se4zo80C_+-AUO0J(a*!FIlAbe#z1A%x2IzBh8o7>D2_^ zyccGEAWnV=Hr@vh?}vdOf_oo=bsvat_s6vR%Ms9y(97jmH2J4)Y_}=Gpd(? zMa%Y6wj_C>{m#o{^EGsn-}YK5|59k~#M+9sp{-9H4Y!?d96tW$k-q3g7TF zs2QLG4a;Wv&>$ZukRBA@+Q3;Cf5ZL1oBwk@ksrqZ-ogJp3jTKd-_yrm`M)pn`Lg_< z!>6wd;8zClD+BnI0sP7Ueq{jnX8>z%kG(j+@Vz@&K-cs?g$Hcxc2P(2gWdn{ z;{Q%gPAl~vPo6$`{NyYD_a#0dcjx{3E%URRo7+sDduQgKEwAiw2yfSf_x=yK-qVPY z=KpSz=G*3{j0SMz3!Uw^&E5QpeFjn6Z5tl7SN30jZt*tTD1%cF*6F#658ZbQ%FzZ} zH=(oxce2U#nRjYu@Jr+L*U$c+yXgN%rhbFZUG)F>$>S>hfBfk2SNi`YJ|9m1xA9~9 zrGDG{2KfAxy*#OXN&7x*Wk}nDpxM1>`!-PRChpq-{DB0%w!>cu`Mg4<0?N9vgv?`VP`s364(f(RE-9`HAimiSy z+25SOFO8~SKcC^Vi~eh-H2#Y}Tg4?8>HRK)JLv!ElP4AZ&*|yIdzj`rU!__Xu0x8hTw9bloORx{9AXG8X4oWUgRBjR?w#M$?|$WAmwyL3acYT=HJ@|(`b7E zU-vt57ykV7?naQy?&qIvS&A(~vS=wj*N{6xop%H}?;qy8E691@5a*o%&fCMAH-np9 zV6$ZAdeSbOdB|><{G|HT&HKM&2sa1f@QKE_{Pamh{(JQ3YyF2W^Laq7s5bJ8 zB3cmKc5=I9DVgOwiFvvp8I9i21yh}djjmRC2I3J>OO_;Lk%$>y2s~Z1%;ifpzhPif z4W839Zag38A6GlV|Z<;BQj7gI4lyw@N-sJ5>3&|P} z$hlapL`q(rPe{zAYIGJ{AHlyk{YGc@FL?z2x(Ca}k@?4cRX6ETBf0^Ctco5D*~v39 zHwV1&hmN|<8h_}_=)1-rI(n5g{_y{AJRq;A66ows{Qxj z>65SL|BHO=eKTD$V(31y+k`8U@Q9^~#UxK-CLx_dH>1&#k<-qx`?W(FrE9DFvF$Ig zZGA(>x}SEATjalKnp3$Zr^m;SYMNWd;`a8oL!s-Akc%Tb6?FttnfAw*6Ve^_$oXj4 z8%zhI;eOvi&~*X9XyaMB??1{}2EYddazO}mOF zQA?U6WW{I-K+%RZHpI^u%u__p2j{8<983fspW*Y#xTYPE&x%4Ucovmn0#6*bdlx zCL^wZxnOd|QHDf3!$SbuvVm$7$js9;$7@x^G@q9Yf1Lxw-o1)Fi)c- z2T;s%O;VvTqYsPCJ}NQSw+6j16%dI;%v%2JK}WV5Y|wJ&f6f=VME(XY|6=N+nPC(* zr%ux~K9fx437n6)6f3e~(UPXTDAledO_ga$9YVpA#D1LcMUDk@mjQEU|!R2I;rDdq8LBNPwRHB|PIO>)P%_HW?8$yc3W^6-Nv^IAO zK*-J3c5y&c!rs$WmN4^TCdCc6FXH`}u{7rI$&4l9_OO6Lk4b)mOtAroYF078j8P8* zyL#Ib!oW>@M$P?fcxfR?Y{oFyFU1OJl^F`Q%bbPVC6AT?F<>#*LYm_)*$s!SY=ug^ z7GVjU3F*EG>9#pMOD3vK8h2e6oy6z!U=)SjLJ;maL6j@eTkt<0;@tN>}XAZ93R=<}`v!q7~ec z9;h3WGSFdSUhMk0A?5atuif$L8SqCo7|#RH9yoWG`gxenN_zr099vGr^&}8B@RpEU zC*KMVg*H@Qq%=t!*;e^%#kD0Kj_&~Mf|`{P$fR1ml6>gW|y4!hMgp7)z$}qga z_ZeH#WKP60#F7{S`~){;ICRcuOd&o!ZAb|%!#ZhPt3~+S6a2gE6cM&sIF2W3Fk`X%v>Q6 z+>y2gZoj$tkX!M*RtWS~Kt@Vf5J20&E#@l9ApsPQxB_}<*~r&G@rtX7y>~z;uhrpW zBvO^}C>Oa()?`KHJ45K0j3V-dF z?M~pGEKdkPLmyX_LCKOTGGi+ja zL%&-gllYb!ULzH08+Kmt8~EBb^5?<`PGU_Hy>8DXV=cm^WH%x*gnZ*RxALDE&`DdY zW!S;Y;PD2fE6914&k`ObYlEm+Lf5V0Nya2zwF;hC#v+v4LN?#iVqlgxMy$EcfwtfV zJq$MJiW;K(Z?HQD?0v*CZ4Q{y?l8gx6$(U$B*V1^ySJk6Sc@#_4FfLEO$g*@F`pYg zPY}hDq-Fo*t4v6Z8{_GKWt1&f2xP{s%zyy*$c;*~EHUDyNRu@}+0ZUKHAsx>6d}Rl zW^3#ugs!KXDT|m=RB||-bIH?%lV})scVBq$57Z%{iAb5f5hJmh@zitm@LKf+w;+^o z?QN@tW%A0CvqRjPt#Ef;hYaRs|Gg}vG}i{F{ibMc)wFa$&CfvOtl)l7Tv(pBmO`mE z0L&~S61m}@@HX30vSLK((KI!4p)d;w}OQcLGjaSy8*_Cn`2)?Uv>C zV+EY5UNU6G%9!X_CMS&Ali~!8;*8lV&v8|FJD4MCcF*AoRgPhU97h)UJaoANIWb03 z@Tfz^EYu8jVCWTH7nH3^g(8u0$J>VLI98gwN{MbF3&}hh+Dkh9ql@6c)98jSDGtL7G}O?dMIy57V(TTL$pHHSA<#N zHWo_ZeyBSN?qHnobOj`!=A>*u7WOOX%88y7tivE<7D&fx!Rq`6 zLhxIn29yC80!wJ^1J}@cT?^q_xB{|KO%g_x5vM}UynUrOtq^FX&fGMqn_~g%0zxIM zQak7H$B>wpkSsjcWd#)B^McNpD|1oYfSdgb+1i9Mb-Z4n<+8Ft4V31UlL8FH4U@Q8 zddX$nHj7;Qy-9^!8G+d_7L3Xc*i|C%YAB(hg-WpBz&xNR?Uj5q34~X}p_Hd%&lXUu zbxAkxuMHZ<=5J}_oe(2~Ufk3zg!VZJErh<}aS3%mo}#H4l%;XLa%^h}V;o^Y`Oj@< zm8JoJof3m4^@j=v~kDx?ZvTR~Zm3_wNk6>Np+#I7TpvXCU^ zhHEWxxiuVoq1vl48DTeptw_vkX45K;%^ZZq^%hYi)Xw>%1pS$z18rV0femX_=@#}} zcO+KGN*g>Xsb##RQjr8o8}b;09cu|dS+(E-Rfk-s2~!F-jlItj9&sc7LXUxg#OpWK zRW346W(8`jt*Wbn(>Ehl6*)$8@OL) z0);YjY!@KjnQH{5rt*wQ#bSnrAae|YEwKY3cYz90%?godAsHh6+MW=Q$QU>X`XdH} z*8@bd1(j%5s>&YL7VxA)rj7wo9dsjcd~_^;a%yC`1B;LWyfvsH`{K+Pbj4J_(WsUS z{wMaUki_CJHg-tsX51>YPF75HUXp+ll2Iif0}gI!uC!QDxrW*Bl*CL$lF#f`c%g$Y z_@;i=ohG+$_BN=w0uWM9JEX@Ih)ztJR!b_nA zYZV)2&%P?AdSK?tsQ1qdgHwA*lnTq}LbFVYOmf4X!-D4| z2VE)PUqNvLeJN@imC9Ejt2lDa6;O61BJRaxB`>L_%yqy|Jx5-QPVZfd5}S_*+$P|$RijP0Ov zC6vq=(32LSFhiO~3>T518q`w1HQ*gvrCj^-=&iSjn>!J+#A=~{Z#gn#$8f%AYQdsn zPQK!*WbR=d@>1LyNeD$r4={jd&~dRo@MuYsz#8ItZfh0+C9ZvJ2x&n^VZOlW6jqdi zq8FN?01d28*vL$Lj`Z0acs%a_o4JQg%;qeO@r|WO;u_UCl`Eh`j=ATL{{MEKAm*d*4N&k%y_=dRr19WV+`IE$c>6)+RW%TJVHP446P^u2o3#P>)0r zmPUzCNc3ltM(>zbr1`ghGz%dmp^>}o)()9~s#>Wpkfb~0peNFAy}v+kMqTH>J47!? z5L4As9R$~QV4F2(MXgg!-+MzS2=zFD4tdQ8O_U&#VQZ@=byOVMBHkzk z94m@lz-DIdGIplb87o{?z(VTF-(l??$w6^#XmHcq6=ln(b$&6^WK?l)kGGI>c2}>S zDU=*kMoWI>MIf?Y&y>a5=TU((TjEF}$)5hrW&X zus&yvP)k{Ymzy3}r3TwL@Q-A_9pepPn=n?IfO^976fJmr#?zx) zHcM!Bl+dh`CI2VkZ_O2%=Bqznw7Zk;oA$GQ|M~T6a@c5CJS2nR^U?USiw^o`x>r&x zBn8X70tG%x#4QNmH8Bf?CBw~oP_PB{YCE2K{>rKT?2r}kWRl%*bVw>_`fN?k6Yiws z!Lv&+w%bQu)df1W+V{&t@RYFm+}c^gseti{3^4VCWd+?V-AcP&m3Q#}PEH@UA3i)j zX`ehgbZ!rwM#H@VvC#+qTfUkxd3e@n44z$*^F-t^xuWl24&7V}3%!%?JI9?8@R>BB?Zp918du%t3}a7ND2`3^GntwPy!9`r8D0o`DKjGzw&X15@kBo3cgBvP^B5eAc2u*}Glw)Y%) zD&SYNQ=o|){T4F1b|D*q&^2dFflAChYZX)CIHR)fY6WS`BWE)TG#!JfQ)DY=$OQ%* zOsVVEmbaEdX{$KYe8tp~O5iAkv|h8`gH3`bfRJGNEl|QIT3=y^f z4`nWM!W?4b@u}NW!sms~uQWc1K(J02MWrI6df6f~5u?A{KXbWu)|-q;RCciRhD(uR z$#tu)>ogjdd7^py%9?owsnX``56rJ6KA{w;5x6B#vVtC*p@`caAUQ*)be_v+*);?$ zxPeJ(^&xIRu%&RV$g@0+6ZBKwBz4ZiV0{<_Xi!6}c#N)gh^1x%c$&=o)7bBan+F<> zQ4xl~w#45>F@*sx5Zqu^=uUizl+wrwuHGydOhgqPZ{-0xjfPvPTU&rWcf!w1srtTG zM>zhjL%P*Qo=ikW>Zd73fxE;&wd|cQiU$bv)^2Wu>gs4f?%`UwvE(Ka={(^Px)K)r z+BOEmd$R=Q*_x$)s~k;29Oh}nvw*#E9_JenGdpd-8oJ&1%dRl|L%)*Eg=E2{1-@uj zDWdZEoJYW~mUh3)3ztKEAe!uk$q<-!pQ)!*7P`R|U0p=WVP!r3nI-z8Txh6vgBv43 zY}giTKfL1LdCNkU(k7cw?{RNXlA7l+rc^Bgf`@)zoIUGhi@L(s@%NhP}y+|8oC-%0n1bdeph_ql1?HxfxExng9@A|Ye@{8_G` z?0qOby%zG_+(@p)OZRHL7YIj?U*)*Jq&3@SFVo($Q__uZC@5hJ)n7=FXO05*ty=Qr zq;rDpU$faHgTST>J_CvA1_=0bKF zjdPdVR*|95My^E?)>oR&60X2=a_lxSP;se7ey z-%&qZ0R7t0P1~Sy;Hr04VapngiKYF?y0E;Ti`Z&Lfc~pOJ;XsPLKl)|OBYt)FJQP* z-vbM*muwBYx?~9&I}Glk#sZXW%-kIjtEA>g=q(;{G!82q(Wj8=(`f0|7+_Dyx?>~2 z4Q8{LG`B6UiJH7^KbP`ag*wHmBe#p;DfFFz9(L1J`am5L#lS|RmyVDQN5i*+XP0lC z9c#`LW*Q=!=eZ(PR)$txy#uXIz`z974ev#V=e%&=E**8SH-SgQ;MrxXywW0?W!L)L z-fi+@hJ=V*CCUNQg-Xa z@a8C4J(V>gDjTNY7=^l>+_{Z*9d;SP4N0SSsklv8ym0(}N&O}nMHL@F-t!F``w>Kv z-GOajeDq^@^P~5MtD?NR1JkQlNa2gawr@(KVYtUaQRS43#i_fuB~Qq`-?37w^X3fn zCI`*IMR#cJf*}{9!^A6zH)&LEZoVC|-uLKUz?4kqGA%38!M#$*xa`v8whRTRAe64K zxM{v(WG*54!AIWU$!}hYl&zsUBzcijfC_6mlYv{Ofi%GRqB{htTFASN#!zT>wl}fb z35C{2)3dWi z+&JsQ7075z2E%E8{JcNz56}BBih1|$35=dsLmi++Db%4R$e{&bBIEw#s((Hu(-90e z>0fon-D&^g4Y72`jMeKKphXBYYYi=2=N;S~>e@t3&I`A2&oy`e{EvyXcaQFNVnCjhVV3HeLBc-+kxSPuP3N04^bkNXo%bx7D#fh-BGxv~Q6_ zC{1Fjsr^&Y8=fw#vIL%FQp~v_A8-PU{1X^NcaY(lI5NeEP4NN#+B_vMm|Qup{BEwa z

}(zEy<_GR(xgk~>a)7u$vG1GCyM8*^)CZh%#Ih**ZpbXqeNGefgmo5a*pCG&F_ zl<8pWv~s3rC008iWiCzNirgzaFzdFgn5-#JlsCt01o8z)Sn3Kee#SQW#hv<>s%MR1 zRJKk3tkD={EdB4^59GT><5Hvx(R)T7b&ea27f>`7%*W*W&gs)eL+LzCSwbFl9zSU` zx>jaC?L0NoGbp@c^0@O|qrozkv~6Jp^0d)N_-ql$b*9@Ox0933<3>XX=ZV6~O#w;c;sV3Jc zzhP3*ggi6DgOS%vV(0JQ6~7yJs3o7H9RgDLldFVk2swY)ISGae6zmr~&EK10<|5T? zddmQ7xH;71k%5pkA;j%}(i@78;#qE1c5>Wk@Kk6%U$?aoi87-+YBa7SzoF4OP>YvX z!jShf+@V9|90Y6ejw9dd({^bVEmM(*1-H2>a6%+wQUNXoKJW(57Svp-;GJu&-nlZM zf(#Z)^GMk|9{~ymYN91eGMmQ>6vE&y%p_+iCMG#TmlJa`z-dG?Nv#_KP%86^+Q!p> z6(UWH>}#P!FztOSaH*g=bjfzkg&DR#>NFZQmq4KTF$+mZ{8JHNoH#%ejoF4{mN1Qe2}MXih+0B!X2z%_ zLJ1ZxWDNi-JYU^=wLo(&UPZ7{5K0BFSciJc_zXuSzO3+@?+>Og`(w`q8paHHuvWqA z-G{BiXJ3-FGk1$4BWrRc*$rp6PFYm{138#pogX?2PZ5kFOMwagWC!|tC*W&AxCZXW zDG6)b7CK~lb-pDRImEhHra_hEvLdM4W306sn(o~FTRxg_N}MQdaS}|&2k8AqQ#CHaowjCF_>;GBMvpfgBZ8nYXpju}p8 zCeeh;ZN8WpGtIz?Kx zh|9sInPjRIQ(wy1?(f<|m*)*-NtG`aO!<5sWCGcgk^{Dz=v+v)5J9#J#)6!e z0M=?=%OHJai{zI z#4!EsrMQJ02<9lYkeTN{=4MLi4JNE9 z?7O$KLkt#J(KMga2o&|`e=6TGT?8g?uG8kjKg8-=fuC?JLLH&stI{DTRNs=(YVts; zNYgrH&G7~=`#m>pE}F!q)bKvrOI8pcA5L(C31fJ=@HyjyG%dvdDTT$m^obA>e#0=s zK$(x&H8+w;jslX|(?qCTvNOnixMLSukf;z-42M0rbc=x^({c?~C$xaLo83Enha$@1 zNkJi8&`Q~3y+yKwrjU`x(BKwPT2jr7P}(9hmPSjPmdB>m1-Z|swLrNOvqezJm2(fU z`d_7(QmZik<90|zn~(}{J+NF+C`0*?;K`^`U{){UZEU|rRJ8iKgBVVMrNMK?;u($J zm8h|koVO6RdxwS&Pk;eBAy$tSkb&J=_SjMgu&gg(0de zc~*%7-0C986wYk!X0-%@sTd|`s?#;F33YOBbofHjQ6E6={if zmQ#(GX>UDk1tF~y#30ZsZHIl=UmFgoK|+kE^eJ;A$=n=}feV*BzkADR5G(->n?VvZ zpeo`vC5o?jLQ82JE63PF>z1o!a2qhBGCat$g!~aCsbOGOH0+&O(Towe;q;QGVYV{! zV<|i@%<@uaEZDhV7~Wi(Jk6~|#PQk&Ublj*8I?9$Y%nNfu+Q{9K<#Wh+u`8^uB}4X z!@2<0E2MN~+ZZCrnYIjM5t=49j=Pm+P`yA2YCK!sgR&JAdkDs$WrOI(IbrW1jSi;i zK{Z(AV90w|IV*&sG!q`iv1+V_6aZ5|tiLf^z0o@MDBMpp#GqN$Fj%X=!)WJDH5&c* zUR)kP>UA;>0y8TfhM}|vb^-yjSVJN}o1k5^oVVL--Ll%@O1zlWF=a(`S~)KaFrz>55qo!yImp44NX1B3hD?udo$?y^liqH>^o^V6YLaJ{f*o7R3ckh`@DYqQ5ezKy6YTpJT!w8mB*~VPlYRY`Xkx9dN@&oTt{pvtksO9Ej83 zHwT0Fk;d4b(pQiqp#QM@*}AAQR(KC1DmV>(hjdd?)0g7uB4Nb)>?^KWnOHNTaw$cQ z*K0&qS#I6Psb)#S4Yxm^1HYJvD6ALp_?W!oiC8hsq-tSWOTTtA5TS8wHfT#YhuOg( z92YZZMa#-EC|p9NQfozggta+TiG4>hfP>Iu4)JNTHDOO?*IWw3q>S_5TNg|t629(&ULtaB1h@{aw z)grTm#x8wb?rMG7xNR$=82XtxJU}HoTNxBIdkiREl+W`}vMTd~c^D8x?QkF>mHhCF!aX!UXMux@3`v-`= zfvBS=(&kmEq-+Q-pDwEjXA4X2&d0ib}4RE2epbSymT3f`%cu>y}q}2H{hc z?fG&$P)odPDfgBoRcecFL~T8H?^lMd#?gb=wk-(I(M2P_BVj)|wAb6pdD9njsGljY z?51HE)<6_a4=Y{Nyb5%=0=`D0#+qU^J!KvIJ(D>FVO2)BbagCy=s*Wdi(+JVDy@M!O|rWOZ#IML*fuH^1<*0xCNe8{-bz`e084@y6w_2Lc89%>m@Pk~g{BFiK#nUfmgeO%j8wy}HWC|! zAT=9a-%W*0sSg}(G_I@RA-;5P#W&vbMzK$J0@ZsU@h;RtwAOqU7o}3c6&PFwyq{AE z;?~i#a0{h&oUNVEN*56G7*=Eq4ZKi%xaM65d>?`bPd*2RID}xH~{}XX2JU)^Ysm>Rf$XikG_< zql#hnThHEER_0W(`g-yCwUtkG!DYACWy)yNCzJ7YI`8DyS^k~(DI`7s4 z$MLn*ylb9cf@=Ke8JeK-d5fI2kpieH&q8dPVIQkw*{Ecz4nFuc{r0fJfFZ>&v~}x* z(F>f(br2`)dtB|)V=cSZEW@z`ySix@_7cMYSs|hXnK?@tRIC$wn3e`uU#4{EonCf% zPes}eyx3`^`3ks_%TN_ zKUFH1(3PFY+PQq$RbjOf>?~PZPv_W|5tPW`E9ZV($}|AV2kZP~UJF=aD_X65_j3w* z;=5B7S4+s&A<~98UqscQtl`~-ijpbi(1HTjI*rD~(eR9vlE60_y_#oNHP0H)Xaoh& zwa6NcJre^o8dqk8C!|eYUbVdebRj~?)N7yx*BWvjGmL}%fSSHyX+6A9Wr=M-i)qEcibm9lT~ z=jLtKdkbC~_piqNNq;y6i>@^Rlj+Ou6n=i$ebpz=uP-i0_j>wrG#*UfnCUzl412{i zaei(zKcC(R;@M%Ml{T$L;}7n42U-tT1ge9m1?LV}UYlME`2EqW#PokP9$j8dFW!)G ze|kM0LYwR1^`ze;m;K(L+akTu`LzL|4aqPNxEhZ}0H*#BZ0TS z^J36EByB>Aynt|{71c09-@t8Q;J!i**fmNC7mH+q7lTrSIqY8GG~>Kdj#NVN)r$dK zqAuxvDOGsUEoLkL8>RKXa2b1S?lot0Y`NmiWG2MBgy|xtuNuT>;AQ`GxaTbcRfD}x zp<)aCA;SRvSX6?48QQeZ$jPBgv)A^;)I*yWx^RLE_32?LBN>#}Z@IA99KJj}Bs7n? zXy0&!)!ZVJnxN1j-go(qt?ewsn&pQU zTpKkM41QgSJ|LJYx=>+#$_L$|jOYWVn0?>!8cX;hbU-Vr0?skllFdz&NpyMg2{*y- zOk2l4o7lp-QLco=X#r|oNN~YWdv17g@6qZM!a;zKUK+F)eOqkb1+-&*J0H3!`elTH zat?|nEN~|E)@%1z$hfE{jy^dD))H)nG5jFplT$27m^{R`x68m+wa{9YnDVmKg=%stlRBRm&00Pq ztpjNNtt@0PK@&`-sH$B!ks@5dWin972Y$arBHD`qL^z^d^M*+>6M6|9nA_-~=g-Lt zv*R1J48(2fuS07XH-AA{3(jomOYo+!ae%gLfTLbmNmGd=wkZ`iYu=5a}r7A6cjhNyO#_RI6cJL8G(JpIW`4(lYyvK3+9+t9=g}bj7IPB3>MkKwD;km zZ8T`7oLViRxAWWxS9M3;R)7jB*q2@I%JC?FY&2#av?dpmD2Slrt8C^w*N#ExU?2hq zZU5M4M8SMr$#CmcT&>+0hDRlA!O|Ee83ci*=%#?cDPOniRt4Mt*l2`4X)FbAA)DSV zT?;6DB3y>*u*d~CO|sZ|-y|Xe=@l$}E1_AkJ~S8ufKdV^evyV}FDU(Lul0R5Aan=y zkUy~ji?~cYp{;UOg3=O-80Mhtjd#d%d6A1@%_JqeVN!wHH(P;4*F7=Q=jK6S%=U%V zS_lu9UW6cy1}bVe*gWxKt{G6wF}_6XhAGI_{|z zX4b0VgjA7@$X?1+dmJXkl=il>dW-IxWo_FP8I%jH!-p3OZ{*_VR>_E|_dnf-GiOD1jjePG0e=DgJ; zlr%SI(e(acups9_>1*xS+yQ}s+c3b@727O2<&fIil;2*~sq_HCREHcCkqdzfVHmAl z*J*IN6f1>Dv^LTLKny~p1K#s4_Od2p{h{U4d@?hv%LmfABj8m}nrhOWcMQ3P6Ec-F zX6-yvEpm-nNLu7MfA7SjE2^UDGCCHstV;IECz|P84g6kA89&#)5qh13MVdI z?gS8sVlrcEk;Z;CVJuA1fn+N~xr^GTxC`?S2OP>7wG}M3$n-52`mSmPoK9IEvM{rVB#XHVt()hDTZh0v zH)=ZCam zvJfg~AGx?vm&d7P1L9isH7kh7wc@roPK4?rC}r;>Z#MN;x3pG)wQZ-Y-fa`ALDt}m zg4S~FoSP98hC)B-kh%=la*JZ1#kl8@VwXwX42WoLMghU*KcE^(4`j>Dp6#uah+0nO)>c<>h=Tp7{u_ ztLjznC4xW{fygr{1+1yIkILl;wy`ZWXz(Fi3knY|+8-&SU9GI-mD`wnXEPmXk(`cz_=OyYjkyUj zQ=T4H6eLyqOIa{+-Ks5^0(UCdX@UtXsf+`muAJniY&*LcxI^3_gVl<~9Ca&20=$A+ z*KD>2yt#$H>yX!B=I*{v_-%eWA+FrIYlJ+mH5>(gJbsnnP7huxR_-b8P=P+A=^}K_ zY57zlkUtlae^!%7Rc)fx6jPwb*gZ@+4Mw$$a_Q>cnyRp{=us%g(Oxl7j~x~UC|*sg z1CBRVAz!?1u8g44asri>4>uE@0C+LUOL>M~$y-!nLOZ54$y<%TFDMAh=%))aA(GH^ zk<$fhZB}6M(U-F|DsAttS_HkF*CN@-^CCOERbx2C6vl*rKGsY(IEH0wPslpk&LG35 zW>V&v&Hcfo6tX>sY&gzed80Ikt5b~m&;a$MG}n$Hj}DwMGs1=1&BY;IR(Vp2k#g)> zZNOVE_jIaa{%e)9lUB^6J_!K;!lkHi*)GtDD@dN4LJq;Sx}28%!z~$4Pg$8|P;0i% zAh((kvCH}jWZygFT%?f1(nY3BTq!sgDD;x1@l1$!0H}E`H%`Y^KL+fev!QzO+wbCL z%}KiTgztOZDD)!>vz3hd-Wl!N3F-g!{Nj2tc-60FG#U4= zF1qJ^@UH>~yi$#qagg!kj+2~dH;$`;@c6xPn0Um^IzdB?vM0dmftNw7>B9rU$mz$f5P#z3P?|Ka0 zdd?@$FZ!xK9*laOAdwEd4dZp6Py1sW#WmX>0!7khaHM=`9*u@CNOxETz#DSWolL7h zDBj-zg&M4WF?dy=HJM!X&j-&3=j5XQqI*HcgBLHSlTPuw>AHI{8KK7}VmCIzb-(J4 zt?MEz+6<0=R2FZ32*2aZ!g;}d4JKsL#}~dM2Y&qq75%194q@}I#-mq*UcW~sql^B< z8}jT8=6y8Xx)MtLanSGeGv9URlpF;8wG8z8ulnN_uGPbF@a*zi^X8S=kFj%-9rvuu z=J}}CHv^6){h*PZ7-F1hQd|0|a+X|TrVdW_sypt!7RW%tc z?{#G}k5m*0CoWH~X$EpRTJIf45@yRmw?Pz_6f2cYD;IXKEio^)%?14u>qfM~Y)YjV z)gqu6cxbb9&@);V)&>6t&I%gy^*IZla|tTEk1!k+Ra4$Hpu)kz)PN}JtTPs*hYwV~ zR(oA3h7?NEHRjX-W)pynj<|HN=9UaN?2P#vT=iWt8@0&MOX?s5*r(ZD2E3Mlb3%B}l~ z&7bK5^}~a>G8E?>D;3bO0+~zO0tx?RC3oybN2m?hOgHID)j=_e`9>a6ENIthG)|5? zL8KaL^lZ5`6t+Vj4onr~7-mm{CKgLij>*B6z7ES}e&>0TY}ER-j=fGHH(OT{Sl&-_ zfNMJee-cy^zxK5GlCH@!2D3|8qjAn?&+=%J`!@kgRecZC-hLM#> z^-_K7em&f6;PECBxMS=vt}M3MvyS%`T5+pe4jhK8lOJw=p%a4mLMGkSjXuH(T&wL+ zEBcP(!(D7NI+qk1AAQ86g9KWg5{>Q_9T6@?BSd-r!c4U!ubi|+VM3oEqt2IKzu)OIj|hi-QL^U-j0IXE}c#-#s$ulvL4pnKt({*jEv=o37e zOwGcd4~(4o?0Pa7LX6zltmV4jA}>ax-s{1|1$1s?nDfC^*T~M3?yJG@#l&pENeAko zB^;RPS4?`nI_5OnaQ5>z#|h>nsCo0SMW7aQVW?tqrCjJQm{&@)z4C=oW<-6={Y7a5EyE|p1&y|eTcThEsN`G3TyTp=$!#73x)2 z{2u26#K>oKhe{`4YC`-uDeb+B<*QAtraJS=)jLyfKC)aU;^C2b*@16 zU?DJ68=Bhk zIRZ;vmO~;k$yOYMaC?|jgV~Aige*laZQ)BNqJz^?4B69w)Z(#nMYEhzKvkC)c$Apl zmYCC_rqBU*E&$fZN-zql=+%yhwBnSEnG#7}r2KGvV2BB@eUgJT#)GtJCHT8!fYnMk zW~!JZAzg3`ZiWY%{C10~p zRe^O7aUq}yI6W*^t}g#xlTQ@fc5)e%IV`^sQhKi;sQ5{H@5Ca~h!;7HV}>>)=b&$^ z-MO*CJv2CR+96?ve_PgNdkx-l%Keym_+jXpF6D7ww*qJ5K$TY~k#yYHMcAtY-^Q2+ z&6+tku{fTOjy7+XvXzAP*<=kq4T=?2ZYwScWrvgDXgV-F@0=&>Kpl2UwOBSxW|gYM zB*N+-n+vHMv}S2w3*7!Q>TF$LhT0s4D$=|J6F*!8VHZ%HtBF^Cp~@?it`J!011cHW z(M@qvZI7jLaZEM`raPBD14?nucMY@=1k6=YTU7`3u*96iY?dz;mB3Q;cliI<``7KZ zkz`*GKcDdw*;M^^Nxevllq}oD?yB>rDB5P1ZcR$AOPe8X?e< z(x!}{Wv2}Sn2=z$=iiFezTET!^}}&Ztf`hlSviaTOd|w%I9;<9(l~?D8jTj zWX58cjm&N?J-sg!;slL^ zWt-xd&E~+zO~TM4R}@Hls6js%dXbBH0`_Je7pYI-I)+eymf2ppbp^JvpkQt>X_A8L zY8zK~9}#<nElk0vjuJyZm)N|2Kk(lZW5sIU88i=f*H%DARjfZMG zBN|8nsHyl}X~UvWu)paO+R$V6an5thDEKyqF4irF$=E!FVYbY8)KQcRcZtb;ItMox z(HB6LD|U;zX&(eG_j_E9nxMjzB{lkK$%m>u-~ zUr8_@MtQlsq}|J<@mX0j7r2W31>7?HG#ZW7M0LpYw`YV@q`4wBw?G%`L48Ilz z3Vv>@Q&6LsHRM``$}S7@Su8LW0(LaW-1a31KuHB{EPz&1EqTTZK#G5q^Qb2ACD~qr z=~nahH?6K_ALlIM43ucF+ud+BV}Y0YHBSNboC&biR~JG9e2s{pHxMQ{Z+^TW@_=PG zauZ%RjUYkA1ImZs(r0-XO=!S>Qcc))sqZrnBRdz))7p-{YlksJqmHgwT+cAdy4ds7 zuYXxdDYIk=OW@p8@R3yKXCYL|5W&m+%zoR2b81=BeTbaAIw&p55 zsU4^NOx{02i22A}GIGN?_UJXlpM<*-y@hn`{JTTTpfk1Qji)T*-BO1Uki4l@ljV)k zRyumJ{Q+Q9%z7Gt2N#&)%1f+jsKEghPO3Wb67)5im*(3l*3_Sdx|YcerzMMFJ);Gj zNj@hkGaAv1MH=s0`x=s|CF?Oq7YRPo0pe7s%Tv`R2(}Vv8ADHTBdLjEmaiUBAC9=! zVd#lev<%AxXMKCaIKi6(vU|_cC=YAV<}m(qLkOCyI>LOp&rA(20;* z=xZOrSghE4E;PYKfgLtobR6fe^WW;2bbV5IgiRINrbHjpL^Fj&78T99`bkzL`~GEv+aupc^((>>`A2fgmd zakkq#l1b~)fO@o(Qs`9LdBfFx^el*J#KXTi&i3ApOmMSIj2~-94nyIPv6*C>hf_IgEJB1;hiJ@PG`2j}iEK zbTOmW@1tzgu&h`Nm*`qUg1wahtF%9q7zUNR_HxY3}eO}T&RY)Z1bHqUq znK3N4aRL}UQ*zeKlZC&4!rz3!gnTRiGwKeZxhK@6iTstV&Pu3!UE1NEZ{%v5K%oEH zs5`7ls8YdxKH}s(S^A8(RiLZd~Ud`o|#*ATS4PQG14lf_T?_etn`;SH64 z1ThQPBns=~JoLd=>@b{R+lPq|u)bL|hJXF=hF;6RF6a;ZnqyfPNpvmyh`%ncBT2Gw z7hL`{W|%BHoUlT;T#ei9mKv`KgFbfyFN`8N3@qSssFLWK2b8>`B9t3<#-cC`|D ztaz+WdQ37kzB&QYrC%q#DfQ~47tX>cl>0smCZYBD=m$OylbF}Z5u1gsTo`USh>d^@mE{){hK9~PZA|B(k;NM)XpA)(WV|i;j38T<;!#eEF9`*H- zIOP)-)ya@00mzR=aP7xf8q3KT-qOGWiXW1TP`QUyPRf{kop_vdBZ}LF zvnZnEn1ymbjKZ0uiE{4*KjB1PPOvmZM`b?JpYaHfH|xavmIo70UMap~A|{74xZZtD zf1-8rPI5DK@-MZ>WNZG#XJb0PW!a(b2NM`-jx``Qb;KGu(o_lmc5-}y1?mkY~Yf3 zw+V&K%2-b43|I5{t}a@Pr=r5<*sgqAGh*&dB)qnKOC+-yjTUIWz?461jer?LT*6q( z^m9%HQOu+r#%3l-d+jn4n~shf&gKlT=5~%UZn7IqWQR3zIg30VP@s#m8H?cX?#W`! zm@C=(VZwq?kS>pq|3D&g7|9jeN#{x?9rBQPjQoQJjLXAr_>Yvg>`l3^_Dhf7a8()f z;U9^JIkK}O8pNDV!juu~y9xEeNYw;6e@MIu0xkcU@EC&*q7zt2=KCsTDSrBhqak?8j-9h8!6H=S5Rl2oNkDzGjDJWx4g>9}0#F_@ zlWYi!T4|W+PlY}lhWxGMm4Db~<++$(NSmpTEY{nUjqi`Pj@{p68j^<13(TKWK zY{G*fmyuftzPtUco@5l(3kFfmS|$=^~w=5@rF%k)Oqr;ge3 z-FV6ZYzGqVfru#c^JM6P`J{WpZyNugS66sBK{7musb8RWC$f={NRinvijxT~lzPm? zIK+fVJx6oOgFzXX+5*{oUy1l40G!#zpPhmzMN7s|lu{>yz{87>B=P4{?gPY0GnsEW zivv3AIL^^>#;ybvQf7lSX5@-vY%#%NFi#sV2u&wLv8FmPfRyA?2l5DWK>C1Y1Gr4;M^b6xPTgP zr<6xCYB+a`5p9yU)TM#TQ&I3d6tEUeu5@yI-)c<61Z-v_=o@rzcO_Zw4ad1gz& z7KG?F7U@pBXrd{K;*+(LF?4ThoHU6TfC&)qn?)F1Nqbzzx)&sLA&|U>E{RmEs4N=j zN@LPe#Ez3F)oz_gbdRZ~>2yK1Kdx?yvER&N80-!^G zq0xAA7Ws>`o+e&<=lNl^O&081BiuYKi!Fdc;Qa&C%$eKd5+7x_qVsRl(D4P(V>WzB zYB!$G+Qd8GKIQQ9?BFiaH<+ajr1_5y?K(!T#go+e)8Z2{_r|$Hgt;a@qPLjhQ+J0)(HN! zoW!R5mcGD%2qHaix`W222jCYbA-qpp(ZtLDAdshY2v?$x<2*qkmqH>R3l3Q){GM>g zO#qM@cxS1da2ohMz>%EqsD!0pNV^C5#%|EONXOWrIaJL5Cty*n zwe=`Gs;Te6nN$_2+afE5ZLK0|eufH+Cv|^T-H$W4Ol4I(=BzVI@#MG3gb^=!CG1szgW2NGb;@Jnr zAlZAs#gs+B4cEy$i9|w`!v-TxJoxG*k+(Nhk?KQ$)|v9=1`4%vEpMx5XrYasmt;9E zf`{#z4#;+Uhg|VV5;5{ZSJ~6{nPf&6bu!iN3wa=79w%{jxWF|)Ub>u7-2#KFqF$O? z#sLtBHL!>!+vV=!KOPiWvHa?J!+gPmYhKqtjAe|NT~ZFaQDB=2SEv2Z)bz0nHO%BHMU5k#&Gl5}D#@Rkvps|^b(G|&t&dnB?=&QzRgtx50f^7LZ(j&x7@ zr$;CK(~FVg^tz|rqwX5tXXDiOSyskwP!14ZEqA8+$}!T0=7f74a)IC(gRNw6$q+-m23W>g@SxohOxX~2Z15dg*ys~My zzR+iDW>~TwTunndsERX$Wt;BUr&5WvC{hsFBqSm^OHpW?8fLCN4qH?Pu<(*|0Y|6v zh~H3mQA%mZcI}wnirS8348}Xgq}4hvwF~ELPnCJYZ&?O^!#U=@jJW-fa>Rt!otHuueGJ2%GasEqYjAG1fySwu!jG3F8XSFQyN< zS{ z6v%dXJEXfL=BoCKkQv~7FiyGg3=8Z@isXT3BiwFsSp@9X6s7b7mx5)q0(MBBY!9Ji z@Y*s4M`fN4vM2wV(SS}szmyI_UAq`If@w8|JTKyzqc=WGS7o=~Qc<#(p6!q>`f(m& zr%U#cVXDk_Ul2FMI6T&pT1xQMaH2p8E0br(j0N7hm2TI~XJgPDrFCVai`h{q(e-nL z>mLPAAjp&@D;rtkXui0f(^^X!iSwDD3p|(c8@!WQfljom@>J57iL@4F&rx+99Kr<> zpf>rPWjv1QXf!r00?L)faV;mQK}h^Cn6PN`L!!8BN_^(%?x$>=Xu5C>WC>|X;tCkvH{%7W;Qc|)HuxXV>9_ZG1!tDM{yNxsDKiiS}RX5$I0zAdXz%26s${lB|%A1aJ z-XC68@O56oGHa}sj*V2&-Fe4x`sTus%7}6caWnm7y%>L*2N3MoNVok=b5fVwdREuo zbW%6Z`ih?3P2^seY!qVZ)iq0UE$F$#-2IG)D!VlxGc~^BkxUiar`w_ZS3y*G1D`C% z@hhG!n5}%P5E#oZ1avXbjVmq2!F7lCQuWI^L4p<})74*i4 zQam7&AlQn*l0&%)NmUPnqcs%|mGarQoi+G&hi zh&NCSTQR2#^l$l3?M#PW{&iM1Mg#NdR zx<5yd9mx&UHQ!BH#I*F82P%9FFe?Cp;F_?RIAwf>;eu6<)()PIBxCV|B0pRan^PVk z$pJzzvq0XU6{+jUNf0swcxcIO-%wwsgd`AKTMLZJ+l~Ycum74V3g-KD@?*kT3|u-> zfwCkI$7nP)T^PwtbLyRwvNm2q)tu zq(f?%-!+38w_JzR%-=PA$yP^0){leX`94D|qK(koTKWN%053R3lwj@^U}v5*kJ z$nrSRp#yG0{{{mn1hxl86{p?8oM?BsvVdE<$U7R%gks7{YV!24w43G}hoDck`)G{_ zwKQfM#Dc1#9WN{k$#71P{|Z7P5*}xc$P{?Yg|_*xYmgu!l_~+90Y#_p`6|{IUhkn} z8MT%<*R^ig2o04ZY~zVsV_aDzNq|z0^%!{(ETj@K>fwAwg^uo? zN8c~2rwKdw?6g0UyLi9353c3V(j!Htt&?Mcyv*L485f8tgel`(oNA%K-t*@r=;w@B zAj8}sW(PB;B`P79P@Mzmj>p`{TBsSU-4#Gd)8isys2`gputBZCYdX$9y65s7TYbml zfnX8L6s#`$g47Kb#0!&goC&kE1nk5E9&@wB>$mONT z3>|L(;wMio^%cyN9`IPH%%+vwGfV!7=* z5GO-(>lV+2h6KKn;Ii4=r_n+SWq0ai7Dn=dB1x170YnuWlM8AYrn*t4Vaf8|f^s@; zI4SV^>^P&r>Fe(K*|5JkVG|Z*16E##IIN-h9nv=CW7+ioK8y_SIL;`$Y!&Uw1@8sf zqzPCVc%@M-tz4F$?RHDy%$Dku>Vzte7Zi<3oJ3Q+L)j?>^fb_y*$iP-{&%;Bh~c}k zLep?2c3@k_Vd|O~<9}z;l$`WW4*Nr;=a7>^mN;&&BK2PC_I(Ex zM_{=E9&l+uE(3I6*}tsq)U7x^u=tSMSNo-aSu>^%_8FeKy?|?pas{o+)v_E2qo>1J zs)G$<4B7qw475+M7zEe(Giil`du3v#T!cy*CcwS8;(_x^UJm4K82R2U_i$RXbApnV zH+?mkgZ_v>MAyNqLH~#x_K(lLbDV+8&>ZHNGj|%ZK*Wp(b#fX;w{%e_qgx*T#3D?C z&Qnxeesgm*^P=S&aHvkHAS|FTI)3N^LAGFm7->CLgJREy;4|*iNK?N4C7FdDfJipM zO*17FIg~{Ar&5$RHqC-U+r9JI=F;0zR#SKqBK8zo$aq*zwI8hP!F#`*&G{ zoD>sfAN)E%zjb=jnPmEY2*)S}6m^Sx^1O%%h_M(mpUtOXpiLx|!gNNtpC-#`x#UqC zE|?wNAE^w&c8#qKcm+}}i>$S=auk3>s_1graB_4kH%W%oF~LYQky9vSG}7cc7N!x> zS$&Au4GR*6OD&D@XQ8}7(PXOMK{!^S?dJy0)36}j%Ld4R|K!qHISxwPtMFKWsX0$~ zLD%Ss8hDpAznO^X*ym!JlA3&Gpe3ogw3lK#<$ASHL`L2&3|tprxDGF|tt8VZR=6Nw zI3gB@3N4u*n18D{EDf^FcM3WYpj>$+iw$k&feKE>wDfMMAyLz+llbHf{>y#Nu2Oofo9 ze53YSt-alYm(Z+?IAVQ`CDX1by+*gEli+420pV#o5TIq7^PLq-FgFpqpr1+SVom`r zx_p6W9X+gGsJd5a1)$?u+Kp5)n<>Yp-fPym6{XNtIz^d~i@4guE4kVk#teTQg~^;W zHVPF7_Mx*dxUSod%}3pOA%L6#?(xVr2rov1QO;BClLIvlrD5$3Pt@^=pm4yL)+tpI=^j>RsV+tD8Q#xNh68(BROCcMOq zA&;Tr1esX@T?9{kW96&GSh7lqBriD@%AETCx@CZ(jT9xmMBI7T^T7712HKoVl+;3J z6x948BayZNnD=N)-4^jFGk-NsatCqbwvCi+Tl><&H%MGSI3lxwpaOzI%1m5{#Lfc0 zF^7)s8;3jPoK3nqsk#yw=rzQ`g3G_W(E|-mmqy8sU&}eI9QT8zGzJL0GCo*cfh|!p zHyUH{-UaWcMgI<_Y_2fm7%I&`X;HQVmNYlZmqE(-X@!JUtOejP;EhzUa>o_bRB)(4 zSKi$BR^Qe$BCc|s>q&pud(%C==pGJ^2N&<^WYoPFj9ztn7iYtF8j7qVc`J4=uzHy_&f_TbeurfnXN5^q$mLT~m2|PLj5wQXZ)vZaa%c;x8Fs!Hj(_0kn zkt5}{Y^T;-Egn8yFAmR3z{>>JE9BIN{o~hz%ab~JHSC`D`gJn6=pMgA(9H4W|LUI{ zo?Q-KZ?uuhWzAKr3gl9f>jq~gUSzBcN^pf^2=wMrU}1fF+o`@~aNA-uc^!&VpsyZWNe_I0OqHU0&A?l$5eGut+ivazzlvhW4(06KdSI@Izycx_YmJQ|3=w)L$(o03a!vWyoMpB+sKrKO#tBOckIRH6oTB$#Uy~Jgx}DQl-u$bdF82MQcp) zHy~A)r$_xEIRLFdQolVTy}__|c`~|?q-8_~BS?HUB;C_@g1?<(FJ?0!D$af)ZODc>Hn|($@y`2_)aDs zoE{B^{oaMjHG&d!i?l+H^v+I4{eNEePcH`DW1aMGKs+A87xh}}Xo9+d9-9POQp-lNfH52D^pNvWsdPhdNqZD1~8qM%P zSvxGrEbu@ZIcpUaXyk*`qDWpoZ&0wB`X5!y#5hss^?B_JEqVQ1gX^@1;P*{b1ECmawg<&SmyF% zt+Uir(uMZ1cV%bR85kBB7>bUsQbeP%-!pOGgyLfDORu#+>LsI{cV7!ziwb$wEdZl)mkxwL=C2&& z)7}c|lGJG{PPB~IJ9Gm6g@6M(XtnCCR*SGC3iUPqzI;x5?@m09#ouJtaFcW`pQ-BJ zs9|MsIAO}$GuXg!92yuDK2Bl=kYbUH<*iiV5K&(~%h!{7a##MBBuxmIuCeJj?x$Ix z)^byLJhj2EYz)z|D_9*GLll>LOSPs_c3`~3ZWuZeVrGjohS#*syUVs8r)np z4 zu+0EG25i(vy+1T+90lFB80;#d$=zX$B|_+&e@$lDYj)7dKq*p6C8-liYDajU*T{^~ z0ByUeT!KJOkvxSu1PC~qN*T#C0E1Q=7A0)jfJtjxfdR2Chh{WZ+!qaOsaocETjS0! zrGmFpX8CtAoS>Y?Fp9Ih)6t{zPDh4!+C(>S^xM)6kl_P!{z~}q(4KEriKBysJs&Bv ziEJ8@B4pl_?M7AskT+T~a$97vatOf9gt&^ou9x3Xw%a?|TgtZDwvD7d#H}yR%7n+InX^pZy@%CdlOn)AoZ1`XDyG z@STs!F&QH_)KB2BS%irs2@z=RSu_X!!&Qy4sK9o=ce0Z@j|GUMdkrLM%KSOj5z#pY zMR8r`qsLA55sqZ7-f(>?M2div{Jnw_LqkjmlqPXt7GXZg5sNAJg_=ee-bpgXMXaGB z6&FZzlf{G`1J~yF>RQ?>$NBK#gY)12^`HO!U;jx8gv}v@{P%zT-|91Ty}6(>Kl}c8 z(CeR$`q`I;BxYa3PzikZe`dZ!bUfzq?8nBGmVRa)7fZg)!eA1v`UW07OalEWhJz_) zrOi1#yXcRa@yEFABks(GOMN-=b8ZbvX+kl-ieN6ihfF!9?sbKPw_$Y6BC#}?DX77N ziR5vYr@V11^jW4_+X=8kyvmdXN?2sPV8{i1!2%k@a8SvKHRH8s zM>B_t13F{qN`FRUHfsrxHKU_!&`^Ygs z#L;*U%FnlNPK5vuC|ZP3Y@bfD1Fu1Q4i{ut{CdWeA4M)enru}p%Tu1ZF)avMuK9e< zJZoRe-UM0k45R5AJbj%A z#;`fE3+o!w1cCdy)jOvVoiVvc@@qK8;s!@J?ld6OpHFF!%vi)-b#c)mC9N?va|IF} z2&$kwewtZlG!*gf;GCo(E-?#E4h{!2_gq{4 zE=ig%SQ}I=EA<@8Qt2`5!8|r#bVNk7S|DU(*+P{VodbB?M6-ZT5afk<%){0kg?KuH zLo?7m;3AAeb)XgYzHHe74eb_^C{`vVdgEEEDVwUHx{;qb>nM}7x}2tMOfqtnm<&s3 zN4^5pgD{Bk-VN*V9~3*`H!Q&3 z%eCRA6faBBS2QU*v3d^f-_YCP&gKME)C8 zwuy?QB3KM!_$kXVi9w~#=Ua>XA+)uTX=(Z)p9Q?Ml;kk)?F1A7 zJg^3ne_SkPHUR+eB7)ib#& zJRXDHb{I6pR1OTh0cZ5#Jn{AZEOPoLlZq)yg&B8k87FW;jEL0@BhaF#J!sIs-`heE z)BlvWAu%2MEWPUA-rhF(cm_kSESGmp+%FfF>+Wdu?#;hmzK7xeC>skoyfJM?>}od- z=iC*$5xaUnrY?Ptop}#cism$)`8)PV9T-Luf=Z`tjhG0N$W_9Zs`p4a%*anldh;G7 zULd9sQyi6&rLuaEkp&-WiA+JVf-74|SrGOl8B#Z5%6X5z4tq(IT8PU_XC^vw`Tg@b zX^_h~V7P4&m%Ynm<~PirDM_>m-63Knj@oc<6@)oc=Fb`^r`;_`gd6SVUbFRnN}KWI zCn7oPJ_?R1f$brBNz?-5hKO(-dTe_~_IP#P`-jWT|6%a4JyC zr`&TBKO9p(1h3j6v-MyzsSlQy&XgX&TE_m9(=bjW&>_$$2xFrxkV`sLHXZ>p5eCse zJ~-e!yXbec&=O>!aMFdh0TFQ+0i@KY0(bcN+a5~vbWspXOXDa$V3$aP=&U`N^Fw-Y zfmD#Z=@M@d&>4446$Tf{gNaRfUXTVk1EX~^V>7vS1dC&fk# zUc${!ky7hSFKSBPB282#kt%hib%BD*8J&O}LR)V)@?5~?rMS~QViXJBU@h3+)~%O-L; zEnpTh=gjx=FOFu6VtPjn0p6>{ZlPZA93T6A=lKDmU;LA zIdRE+(7@9IH~d9BHfMn+w0Oxnc~c?1Bv(y&D#&e&ti9D*OEzG}20vmXkcs z$G4$nz-$p<6YU<`>hpj#QPM8SaR=nx*vE$HJPLGj-O`%`xuDU6#f8ZLc`KbUF{du3^$9tfqb*TK=b{S! zrL(0i$|8*vUrxj{ycKH0%oD@wE*mf`YKxREH`(W1y|l&d`FVGDAis67qrl8GBJ%g6 zv);G;VPn{TJs4dK-+i;|u~{g&haZ?5>sp+xEjwa;|}cvNRKpiN@85xtP6L3Td;n1oR>`(P?6JAmZ6Gzry>>Ix#%elIU- zDKUXAGp|M>&9$mt;N6yciF4>;)$+V$PROQ`Z27GuJ5y?@@=}EwwjNH^Ze39~M z!<4sD1@=Knq-nLGa%vV+!qFt;yX9X2q8O!s-~F`F^UxDYB#G+)93E14s@h7$HTf}N z3Cow!)|U+Usv>2~coc<^*l7}@t;Prush%2QtXewj6zQC4Q~lmsL9L3?-9Y5vzj`-N z_JLaU0pvtC1C)yx%Z!o_lZ1)*1IlRxPE+b6-^x`7LuNfl5u4fGcuWsPOrtoN8(kbM z<*kZ*YffWzJ8i1%gq-uyp^!sz zLa!N7p{E)7U_=ogQklYsJlFa`v#nDq$e4j57q*<_-Vv(mFPct+94^e#yk(lq=$VCe zHw=@QMRhWo(#Wgpm`YcC(jhG&--{o(sz|NMB+>wc({52H8T;ZgeH zL+|YL)!?;xv19P+5o-t*Cv$m9ps+^7=8c-Dh{=Ir^7vMPK8%;9bTylf<&@HC3IvNN z?coi>vGeJeDSGt*@Cbho#5Z3{lJo)EgD)F^Qb<2FA><{o?g82@n{1%P;?(8PoA#54 zfy1_7LiUNrJQc3I0DjSHq)A3$VPz<^iywy9M1(VjS4E#+vkri9dfoTmoejV34@Y0O zzuIfIpTBIjo9)(q-Tw6~^XtGlIXiuQR+_JsN!iZ)+Ee+uM<;{RJLJ~K`5=2TAZYW# zP~|*}-yy_tUg-@|I7U+WM8_~*ZWxHr2kz(#JXExFu1OjV*vWw7Tm0Q{Qs0oqm3^D} z-~W$F313MjVI%g1#o{6Fhqd{z7ernp+}J0LAk)bS z1TFIf%-Tf=7hKp(U`=Lpk8=!ErRO@5*-%|0<<=U?MjUZG()Ra{-!%UI@f&+bdt=N<}UXY?2>zRSV9+DAb+Xetb&@QjL~(?f+pK? zb>PVr5E{p9hF4b#zKx;q@7S1J4hW6O2R%OXDEzo+@cFLBZdxtg{hu-SzWzJvlDPNH zzlA~k_20F=_L~nFe>W{_wm{i~DND?;2uUI#v*HUr;9y<`yo>d`==OX-RwG>=0ZV^GQTKCc9)g{!H*K za;b1}flAtNEJ1a7Z~NdD)RQ|2__Hxfy$m7Z=a9PB@?b-uwbqp0aEel+j{qXMN&@BU z9gOxg3-J1KP%I+_Ac00n5r^+phYUXNK}YlGaBnwX!49@F(Umo%n+I3YY{aE;*} zTW)Ou5O?4Zmm6eoq5Y;aujw?%k<#g%Te`f|wpAt6s1kEu6Sa%tb{nI%1#+D+HN<;jcJW&z0gRRzbP+w?+r*LwB7-E5(D zZM8M))3fPQX8(KK?~eLtGxi`>z^mP9uUE+Ruz6Y;jU~f)WFF3(JQ<7I3ygC+752O{x0C5)pJ-MpaOyw zUBML!g)(0xCV`r33yBq@{`_BZ@A=^7LN0a+B?6H zBU#KZt6?#EWBp=FL=0N;7i}3&esO*w4fzoKSN*f@DNmNZCBG2o7b01k7WswzBMBJU zYu6=-{OT8d)BA;d^L4w~ZbOp2f409eTlN>oy9XaeY#u{!8M5~xQ@~!ffcH0d> z@PF;r^H!Gs+uMKsV(*FndyHr6FS}zN?24)5jQYJ{|Kj~=_oV;zbm2C{yfIIF9~JJ7 z!`x{|YTDT3irp%DA#%ntij+o1S1+11$B7vANMlZFr&`S2AvFtVWxnU}SSTrzi4i&W zUYQM>4E-79zV#i9T++{ybF{uD!sHe3{anEftTY;d;5e4fwr0t8J zt)cvt{JTR)qoERE>%acu=S**MiJ%K<8u*z@q9GG$D)}atNOvSnq~H9i=kq8GSd-vp zCSPV-{$&b^P<8;dr|b70?Aeh18#gl`{;OEWYWly|lEgks|My-zfA&QGALH3F4jL`X z0WqUdJjZ}9TPQ*W9ND|>$#DaPhq1bN$OK2s_2pIghDID+VxcvK2{Wou#p&unpbF^u z9LKof={N+Agbp#U96};C4+TdA$`=~V3KVKLz128`#B|ajU%c%PM}xD|_ZQvQ4k7XY zI}d&CE;^*^-_nI}2x9(p9q+LcrO-SrtKH`=?S)AYcgPpL{&9c!PD8Io4k0u8@iH(% zWtFZCIhFQ8c8icL@QlMmYx7JUAI#^pD=3^iR%)?;Ke+j0lo@(IHz3ajp(Bex*R1j^h}I zM(L!OSF0x_O;mYCa)W$&cKW{ZKo@%D;3zi8Y%#pafe({Uof&o z;wS+?9{g?+G6)b$W<1@h9--D+nI345B{!Us(dgJAU@CER*iqAjrpx2KtW~y2Hd1WO zvc!tZ(aF!lDDEgv0n3wvZvc}AIiJ$xemDsO&^H#>>88u=u-p5#e|nT(Y($URIgO_s z>nHT&W$R_jA!?&_&j;sG7>91?chG{wA>fXrXFkg^$S$4p-JA9<%76nI<%t{QuoR-;-6^UIeRAXB{#BYQ!f2^Lny8C-t3X??3%+ z^#;tO`)qqq&G(y7#2rHZJ`F`IyYUU#l7B*%cD-;$(LzSydGt=(ju&(80z4V8Jb=wh z%|i3biI6QxyTTZ4M2K?!R#!$h3&?b?9Ca8nrip%Tt*X+nq&bbJu%EnQp-JS!_a+&{ z8b~_Ujteq1=)JG!W$B>IXvv^hv#I}74ZU|eb$R)QZYeU*JHLdZ=vnRlgyPlk?DV3P zQlv+tt`CmB^!14IEj6;*V@GayF&u|EypVVVn-LDj zal=3)Gvj&(ckVnCafVkRV3yP&bml#O2EVIvIpsTg$(}a6PDukY98bx2_49(ySeVFN ze$Z+u7A3dS*Pgc(xTqC;6d^$}`wksHcF3M8FS8W$i*dzrv=-#~+34c^`S7gQAB~EO z(#)NArG{eDc}sN}cb~Ux<=HvQe)|*5*U_u>)0M|F4T-w|5~&W$8>PN7f6q>>B#_XV@CKro7KIB`XkF)#%^XJoS#dqtW2iyA=n% z8QFVmnTO!nOc5)0&hqB|z9vSUAcND_mG)7@6gcoR%uKfK%xq*o{k~>k*zcZpkKg^P zzk<60)a@1b87lui!{C=TA|z;>InPp2v$h z>yT3=|8TYl1geMv>MPO7*4U@PHAw<+H!PEXeH>Enkoq)mK|sg@I|GRBj0`1HuPq?X z)mvIhp)vcdc5BZTe&vd{_1siT#ngjO zgM9HuUS{PUbKpTo0x|^+f>7b%JDTD35;q_$WcL2bHpx+a~!SK?9(96wX5MNGyDC?1|>w0lU=_Ucf_A{c933^d*LC z|4kS7B-tWf7Dv~Voy^g|Uj*EDyZ5jRA{;IRR1{^Hxq!#>R4`_Xx~*LMg;f7xv6 zAq$3z*=+K+OwrZ>sO0=ed2?rkY95l=y%(+a3rq}eReWGA#r*>P9F&agEsvOY!6z*0 zQFqEr((eYt{?WzYb$^Jtun*1^G({m-L3nfV1}v|NXZ`EywmgUiB(Tqdw68gqJG)5(q) z+E*Y$*VC!9pnI8`3z4uRI2~)Pm%Dqd_E++?r%XyEH@J5q-#|$44ynOuisk{}Ksda@ zGMZ@!pqs=GSfnjPtYCWRXJRU8ESgKuh!KzZ{073tDi?!*LyGg3H>qW;a<^9_#6jQA zu!)7L9k*s`8LUauJoIz}6DoQl@au0x{)RvCg5Z0(Sai+zSH{ zN0bLP9V{aX{e4Gazud=}9EQ46cMX=29dbQcY^%HrcYI1kpd3n%k?b;4@bY9%a zH~PlE-+a+*qlA$9T=HPqN>a&g8Xa@9dS%93r3cMcGh1g`x~|X;xw%n=>Y|XV@>#Rh z{K~Gp6==80_rSOxB~*4snC8qcDukyUXEm z2b;CK+kUavY(H?E612W*{)$rvC+fhN7 z^C0H@Al`Y`J`7ZO$=WU{rQ-U&zn*^Wp7=EIRJ|hZfE!*mh}jbU=mYrG^Xvd_g5+H? zg83qT*F(5$oT?#fmmNYT^B-bt@|$o&-0PA-3f-s-0{eR(toE~K+0nW)Hg(yZ%+CLZ z7_$7{yBk(?8ND}!{V7%(0JiSWYLpf8hZwLtEvt@rT{2SH0{#$V^kOf^Gi-`aUB)<+ zmGg%fF(p9S+9F4m=-+W{oQH+-sIshVtVg9WT4_j{C$(7siWVqz$a&bqvE3qrE0P2P z!m?p>p)`n)j%8$m4e2Q|ZhvMAOQwN?(v^xk;NM`7E?Ja51<2Ht^Yk}?X{le^uN#d+WSxX-^X||%GdYr z^{gw#jE?2*slmUX88*pLi0x$nfc8&FZK4L7Y}&{}G;5mefP(Thm(?v(Yt8ApitV&W z4QnVH*Dv{Omc-P8jA?3$&VLPGViE4j4Ndb@ZEi8gy&5f#kIJo$>7;5it)%yApLLj3 zZf2UNYHN!*?zsqPWQ`$(|B(-u=txQ!LT$1HJ&8~7cHy4g#m&&^Zj3NmGf~+Fxq2|%6S-IBr)06?B zrDk$5k?=~F2m#@s(54lt7Xp2vX`!+GLlx*jd+&sk?GsMECMRq{$BUTl*v%;&!;%rp z;BeL-peFfd2dM3{?9K;huI>s;E1%)%D1ACgA7&*y9i_jGqZD1CR_*~Luh`~HTGhyL z82XF`o3>H`0xLHY(^nnaZ0dUrX9lLYVRJFpW{u9~d4Q&;xUT9Amw7g8ww>bv8V$(K z4I3@0QQRb#f`L}4`5=U$h?uV2 z?n2h8WMXN?d-bFU@2=dFLe{E1S(@=)Jy{NUt=yxfMN}3Ht}EbPJp?dr<<7{|RoiW+ zy&o@?^=n?erI=@v_GWY3dtlN1di4e$oo>?DH1)k3s=UKjZ|UW*Do>qHe($z!M$&bT zOY=23PhiLW#-)`ki1Fp8Ym@_vnDT`I}uov}*l{6SZLq>~aV#a)O@k7Rp zwEFGW%2oN|TaxE~w|Cpdb>pU25&mS4R zAEmcVsjJgRD_3QeK}nuJxM(S3PF?{@sFQDYe=*tY>r37WV*?xh&6p+Mc)M*#IK6@zS(&J}u3srMY%# z=FGr0kviRBaaviQR_D{|T+?>TSaAKi)TV-P*+D}ge+~L<507@8qkl zcf&;(!LrphjFpE~*P=339oaiIj@+G_GwZv=+OqsAx4f&6HN6$B=_;gdrpcGwt(Nql z*oV~AbNv#+wAGeNns!BWm5s*BWUD+@Wm)b!UL+U)PQI!M7y-&PMAX%~*XAl;yeq z3aDUiZgN)@wiUHoRi>ysS9K{EA(kR+ljd4lt}5-!CEu)pc}>_R?JVlIsx-Ge*Cwqt zu}wBw<2qO61zyasq>&{}RPm!WY9QvRexl^lS8v^$?q)4})2-YpJ82nLmXBGrQ9E*( zD>rIszLFuU>U+XkqUHOgv;&a0mPxf%hgp(m>26uF%h4tCoto^YZ7daigtS!K=<^-JeS*qI@bo%NE_ZjlY#$x?#g}PL4L;ttRh=Tec+M zpLpMXMsB)V#LA}w{m*@%f6@z06&TZR4#@PV_b1c0-udOj4v#EwZLs3g3Ynbs?K~BTYqV zzN+KC#IxaM!>_Y#F#g3X_h(DWyf6MPJ7PJB+^GFJSM}x>bKJl6W$rA0htu%6eIWjs zpQ8Uy2!SkiGr=Qwd-CO7U4gEP|9Y_3%E$k1zc_gE|M?gXopY@sCpT?}&gbT5t=(+Z zoD4nak~hqssVLc!9Gu8iLSUJY9(px)rs0gK_;j7!-P_ySCafiI+;qd)u5-;6w_)Uo zj?>WEW~V`}*`fjLnA0HLfclG=yTWM@=FXgka?#x&y>K>Tk;|#?G{~TL?p!BhW*YqE zH($4#Uo~4_Iy1_HnDPL?$T~K_;P8YTCV~e{2+~dBP@!fZz;+O0wLh`QDGSjWbKhr? zUDaOmMRV^0(n_K1kNvqiQD z`^ZJig9#!mj7O!d5|86woSdD$K70S&VAwyp7`*Ne-yaW71{XD_n6%YAs5t_Pd>i_S zY$5Cid?m!(K`-$t?1Q2W0vp~?7FUkrq;kLxgfz&zRo}|HRX1MM?LgEx9FFF(x0ZT1 zpJS}g8yfBU;ba%mrasSka22X19Ub=I^3k!NM08GF9xpni-FnR(#T=fd&G5#mdw6g0 z#^wr>I*!Ul**H2JO=;xeBA>E|$C45ewX5VO_%gpK{WiZTUCjru znju9xfiFuI>f?9%bJO~=r{eiA`1xnj95SC#!J6v8Ccls$lQ3okYL$BzK4;U) z11p~p_QKL;i8%wa8S1)Bh?CG`Dw6JyQSZBm$LuU{(HWg0Pf)0$S@!5;PU&Wjs6ktT zD-%j=Mi(RzX}EpjhDi{!2rgtEzq(?Pyv}F>YWM{9aURN@oksVU99`*X3KeI)Ch6Eb zw;F~F7!u9p4Vk=YKCp4@&>{J_r5Zd!qjjNdNbq=>MPUxjX&W!o~GE zq1E)i{cP{WevbY>+dp{H|31o7O8*tvEFt@=135(A+%ceyAgYynK4Fj+t%Y^rhLcj80 zHyRDcUM6%t7rW_NiD}HP5`VRy zu{%AsMrN~#B1DsERa_1MR`6Bv^Unw-nIEcjc^cs{;(`oOa9f1F25h;(t<58#73*2ET4 z5E9N=L}mG85R`mI1WU1KS@<2+2tIK*5B+em_*S;=IvKMlU@;R-9_~&<5lb3qas;8r z$|gjkAvd3oY}|G^@VWjq)()*2SPOVierCgg4u2H~Va?Dl8~6sPNv5+_-l8#!X)`;b zG;*g8RdunKvh=iXF^gtA0E+iIqAojU5f8l)bHl(Ba{a4xH*g~|RcNT00**BBv#B3n z+wH+Or+L=L#-fm4eTS2bnsTP zf+mYqH$sd^typn-%VLe;09@b4I6M7O5_AQ`iz5f^ zR*sBO-w$ukBYwkuHer3?QlBF5F>iS&>8MKPm3@sE_09r+F$}}_75AA~h?vbvQ_2RN zhJj3(Gp>OdpmRFrK96~EA$w6cFI(K*ME=T?0J+ePQ3kIiy zi=)F03eee)&tAVj?!WCHXC_7ET(avlU@JSyc8TZRi#Hn-2rlq`{WX840VoM6_%B2x zV-ZKBMGnZXzgk>PT5$@S>vel?`qk>UHfIiGM}E;pSftfFC}Vljs(bz6#o*PT*S+Y! zKN<|ns;=#_*xhwmWII_(OE^C}dVktIDQWeqC@gR%SDg9YkX;qG5_|#A?S_|bX3q4q z%G0x>{zKO(dAz1P;!n%##MOH7?!0t*6edmFlrGgY@B6piL$qIzei7u~^W zfB63VY|q;JA+;dR=^JQ=A;Nl?OTBWH$F#&gTAaW;Xwf zlL;K-xrI=#z+a|-_AK#0*8U_+f+7uBc?rNrGl(TDA0c4NjAy`-lWr{=t}Sbp7Q8D@ zv)#8%@*hUr#jnU0xv{YoV76q8Uy*J0BlKcbmYsC*m8sdtGCfrw* zzgoUm5cd@vEflfSj7)okJdYJebJC zp+ml-Jbo2MuXrS4<=Z6s+!MXz*?9k>sJOcFzry~1QLz8qf3f#u|M4hKW&M9)8`tve znKG`^S^~XBl(`fr`D}ALc#V2Iw70Y0rzBv*YHVtta;bNEcW24LCdHQ{6tq>Sq#BxA zM2{Fft%NTqdKDd9S+kQ7P^7?t(mbifqT##dQ5c7A=y%9P@7$43+5F#a{|jX+`4IcR z-QF+R|IeTB|Bv!42X-8>xgRcOEGWZutY5n&$Nsu3k9YDfX}~7nCB4;`Lq5#j+zjzi zaj<@uP>;$BA%A3;m&*=}jaSb`D`=xt^d|*p$eAg8yB92@e3tQfLSC#N-QOkh;t!6f zs0u78A}<=tT~?HUE*=wd@o-}G47gw&uwaRD6=(WewkT1rVu7&w8`jRt?*!NfpdsxZ zoeWOP8?X|!@Mvwz)Vmf5@o3FjGg<|Nh1NKywkfqGSx5ce+38Vf<}nXwv;eQB%W~(G z$ERRMM@;dRTwb!E`HEU+#I9$5<UYdLkeCz3Z!5;I%GXIWEC>xGtAqcVA?*ntnIh> zY%Kq^&Hll}xV6UnR|Wh3R^I>bvlq{w>^~pnxrhCK7Coca!o6%jp^%K1zg8+hp5HVI zA3mwTxR$H2_5c?Dc{C|_K+I!XNY>8`0_=(YKRW$?^5XUMRC^wR{;&4_bw~RD;)(u0#`Dnhzr+RD6a9a5`v2s`>*=ZX z+@JopKaKq7iT{6;=V9r8`@!Wu?Pc`;5#0Xf=zsh7LjT)O@}H-t;`0#n|C7jnp7{Sq zc^;bnKeYVkiT>Y({y)ioo}OyYL(uHo^EZs6Em zQFtAYw3=J@(oEHyx|fdO!})MG!@tIZ`(sa&sqZdEycONBFX`b5AMu49vdTj|PI}f{ z_;+dMyK=PfK|9_|5(`zG`fra!dH&3b%YA!P-|SZ1e@e68Pvw(668UMx=gIJQ{mA|< z4S)aKF4tH2T+h0C%$_WN6wBXAUdr_WxyCLnV@15qLAmYQ`-@DHT1got#=e;X((lW2 zuWmv%&GJ%mCbY#ezz(;2dGY4xaCs>OYuc@<_OvCQ$#p(!5!}`0vAn*#Z}rVRtKZ3< zw~%|ebM#N*8hwRZ^Cbq|%iN2vb!fiIo%!ACDtBaF$ub+r+$wACg8OovGsig=%h=Q+ zyLc;GZjk-ZX48LaQ`%ym2oi?` zXPDehSwO}K_dOm=$eg;@bizc_*&-KHE{I6xz$FkdWxh`&LBj)v2a`I9n7m}%Ffd!T z-qXNywn)Gxa0MaT^N3yXkIW;tJf4!j>@MTHLs@F#O+FQM<`n33;)bLm)G~ zH|yO5mwCYVJzq%RSb&tu?yL#lz~YYV_Ih}Kad13z0~z7B|N05 zh?NJ>sheG!d4 zI6y#0l*B@A2|bAwKgt3#eLU-7<5;rR0ZSo^^WLz$AaOt<$=8c|*DQ+y)ixHDjYr`i zHrs(j&xjbzdEj(a4sX0Dm0*3yInu`$p4axgf<-OMDJwUCXdTI|Eueyg5%<0$7X3w^ ziTpn$y=`r?|T)BzAf zA|MEuPMjaOTHytxhM`1-SWe2cZ~dYQN6M*ZetP{v}P_DD0&q9k;EKH58VIK*JwI zN@;t9`<+B(FQPWfaIPv;^tI{y>1lrE;{VF1UH0Obmj&>$-93snXLvf`3H8+#jYOXmZnbo(6!j}`9ZE?#x+Y^T1!7dd(?B*u zgc?FnG^hT?KfQl)7CY9rQ``qSV7*dhY*dwJIf=4Cs8l~R#{Im8HuXL@*F|TeO&3I@ zshRDnHxfILlg&9FvMU;`)L)&CNK6JO6O_L8X+RYfPIz6aXk(`1fINAn5(F1-eLm~E zpO)NCTODYP#_u^z@z;v^mJrV6p0B=l&9D5sAOkMHp_U}%0xoc3Uo#NcNh;sEgrpk_DBlV1EuM7xOfO z363|p42n_}7QvRhoVgWY9Vzr*qQMt2-3hI)+ps6es z(<_>q`?}kF0uaN9%3@M{HcD7bV|=d&s`zM7FDSS1PSa7SjWuhCmvl3UK#KnLR9aAI z-XXtwFN+V?X((zhQ%VB;E(Z!xUBF{cyc$JoG(NJSDd4GrBQct#aviriBF##3kqLIL z(B10PCMq2$%}J~C`BuG_pwUnMki>%rgieeTSw|@$?hSSr3prEK+ym-`aS+CX=JDty zvnal;1=3X2`hKoQuNIe8CS{oj-YMWAYV+-z!Y+9o6#c+1%tvN$r+K|wEDuw zv0r@FN;to%P>%?I=<@JSS=1PusLR@0wfpABWMk_0TbPQBL~j`vv$3Rh5{0RyCC7aG zO}@r~VjufyMB)MXj9rFQ&PG6$O*LNVh#^fO2>X4S%JU>n5RjBABQZ1mqfr*4If+uk zQQ{AQ$*OaROG*I{#)BNtrF@rGu4>FcBsaJw5@M2Gmbz=|ZG^RIC{c~Q z4F|*DO;a6M-`qNUGp)$kIH4UNJT%X zjnz1S-FF8d7>ni*m>Lk5qb(T)%IN0R#@3Gr*bxgT0+tt&Z&abpt=H>V=nw^=v|LWV zR7KbFvZoaFypqAnf0LBTEmVroi986(C7+KEiQ;Y8-CqF$|ID~>!`Kz!h{}d^wG=U? zCR}qF6mi4YPf>@f!V-fRrYsu_lT1iKS8^PmaRCg^5~gqf@^~h)1kJuY_&dvB6b^<0 zIHj<@>Ta(71$tC60=bR%Svr#PxZR>`j`e{+pI*xYL?$SQfJS62OX=pl97}J*gzl=5 z7!yat(&;1&rqjILP0?&q%hTFG68+VdmS8ufa?ufp>9sx?K*lv| zU}>L7IQj_Rje1l0eM!gWCz7(1!HwGlPL6TjiYH-Iil1#T?xmc&6MXY5oS1n6K4FL)A#0(vP4 zV;Jhs%X6HdOq*PvJWX$|X+$vsK|7F;j8ix4%dOE3*mVq{x{%SA^!h@DWrm&z_!$>$ zr13T)3Gh%ZnNS$NC=NKcYE4^*f6pn1S@EoV^k(oKi90r=Bx<6B9`P?}9Mmw-q^`{M zPjWI`UDK5{Y?63;cGg{hEOax9D6lQ-qx|hjasM1G7v!^TNR_h@brs`6Ds9VhwaU0p z=d~wS#&WgV<}yw-FuArVS8G79B=qO#9?RkUyxZI9f;yhhT%1urlJb(2wN>TjDKH(B zh^RBy+{n)CkJz~ygDe2sFdDn^r5;$VEY4#PpBqz>ZSdpmXP+~DhPz#1*>;z*B%&*U zzfC`pk^a+Xqo&5rIgb=p3$u5-2#N}ziDu)6A8Q37Hh{c9v9BEddUiJN42=E|qC5k# z_KX?84ra~(HmzmTbBQDk=pdsxrIyMhg!4&dP@+61F^k6|mT_4|ZFWmb@H_1-H0EpC zbL->&o%ZG!dfwN};a}6AY$_$mRnO@*tgWuUYAR%QW-OGO)3((X z?j>~8R7r2&P^~njN+A=Js$A0Xq#8!Ig`KG5{76eWXUB(gGX=SmRJa1xpD{D4kD1e= zS}&1hncT_+kS0w5Lu?BTM^anEkbbAVc}7)qHy6RFj;{H6KP4kMampT~R>Ei3JvKgP ziQwLdd^*3RG$B!VMUn8-K706U_tb3pvnQ=8n(mDLNcgF$JwZk_hYSaR$kL@l$C@gG zGO|7L+Q1|9mz6wR!eGwA_Oq?plYep^$w8wWWD$6&aABgJ3k*5Mm+Cjvo>bpYMXkQI zCTG^aq~lusE1HJ=G1Tg-_vi9_S*z10VRRn$&trz)&t*6E=Ak`(mFA~#$@2C_JCrawIN7vqq0p7tF7kCPTl=$+X6^)(Qe({dhM@T>gsxo#> zq!@+XLT6CNwk3OOBMI}bt8D`eIW5unDok07c79hR4JDJ{1%l(8C2XvsasfM&yyZ*x zos=2T66}RseCbYukn8Y0>zl=J3$>Q5g86b#jH*f%5ND$vO_i0qJw(}n9H+I{ zEzL1bpT#~+1kXq5##CIh^fHVG=3RR!$$C-9hhaQ$^K$wR7wt+_ZxS8JC@8kqIEx~^ z>DFHA$*;V35*8fhH=%|j9j5_JX>dYGFjhM0(?XfUq00j3rXfp1F|M7@rwzKa;kPAY zPINPFl2SUteWbl)UiuN?s5~<-EH9~6OG|B#akXurE^11t2THGk*w#!(kYQ5_29L^kK|02pC)|t6JHV8H!aii`8(I^0Lq5IVy|?=mWu5 zfCT@P`zl_x5Dqc*Dd!{|ui!Z208%<)IC=_xmPTXf$qj=8-lM|v!fot1UdKX z`{h*itd#2zg`-fQeKZB0rC0SoL1P%K|wb z0>eE88tTZ4h#`u@DR}eE-A^(MiZs%{Rm~2p{T$*O+hcB4`7jQ}u8}vCJW%Z%D&5x` zw3=N1;V{&1t6t-g`~|LI$B{yd6z`6&XqtvWNr}Ek1SyhB`eUaWLZ^QCKpuY3SNE4R zSZQ#s{4e{}-|`w<-D|YmR#T-`YejEzLCA4O%^d@hlwE~9WN{b|^479gLjW%%C2Rh( z3@kMrN#45xF{^ckD;+|`;4zkiSdpxV8U23F&GMclUxF8dWF1%xJHMZC2`#}1-=2QL`BnZ^~Y{CKu!^qWbB&T^$iJS&i z(JT%BRCr8##7B-I|3Hli4yaRT4o&>N9p7i!d~>EcGEx>%6?Iq`>`Z^sP1@bsdYvFbHl$I+{So)z9mw!Q|YeNWSZQv}KhSmALqhjFY$E%hShVQ3=FyVRd z75yYMan)k>^!d*z%Mv*wYmSbXQ-4#9p<_k(Q9&M^BxNHihBQ-R!xHQoz&LdCZ?KOU zgO$S+{gf~i8Uo;cN)n2fxv03Ix|rGpDymJ;0o9b8W5Ubjfd~q<$Yn1J0?P@&w5p4u zuHU8aPxObeEnx~`-{Xp(H9D%?U{zO7bVU6pdB!g+yi^jDNXAM1#Z9>6IT zxJZq~2%2_iE@z76HqX}a3_US5<2+=sq#1Q)+lgo@Bm(lVk~!{Disusrg9VrA=YPY8 zHxU~^mvK=ztokgaj4RDb#0G6Kq;9cZT+84qv7fv347^M<`JR-9uGz;Yiv7qS{i3%N81AEC=`+k{)g}Sm_Fg(XT92sSH zW$hHMt$A!?D>C&+!6wfb1$cXEI(RV|xc`Ofpso(npt1g;KA-q+s{DZYeP>}wL_xY- zz-ITC(;JF|i}uuuSkLasDr6-ZC|;uD(bBuEO&gkDvR(<{4-AqN0W7v*yFe|yTmSKg z$uw&1%}{9tC5>MS_iL@IggrJQVeIH*xBAsF9+e)N<0~Hy7QkM}(+rhr@FoieRLB!S z@lw6ZwGt!p>3y8*ZIyBA5{$xl$A0H5fr?6`E|bg_-T~0o#`aB9W!oQ(4VBP>!01m_fFo1ZY=lM3F0*_6_``;``sy$=bq(}+QDgMc zfiBz4-YYo%#*baNZC`rFW(k? z0u0Qyr@d`i$}8hR`$5xURi;IeR)_xL$r_e>@GFO=Mr)VLn(Mg%?S(|y@GV_Rf{$D? ztFD?$-JTv(hA)p8hGFTz^R3OzjjiYM3l=Cir@^$2`=-XK!jEbFnF*?lVd3N#H@Wh^ zwxiuQ`po73Suo|JRf?oud^ z)Yn7Fitrl21TN`ODI*3niP)G1@baaUT6R+!&{%{d;vFT$7#}IHo(?>FAvZ!_L?91S z`h4%Y`I@ffUEn%FNA;`@E`xt^7AHguw_Be*3}Bp7s^s&xEx3Um;dJX2xNbmw7ErZU zcMFTB#|O=96O+L^ENe6niH`J&c^3{`mRs{J@#}{)Ihn)6{i_S z2dvl`$_q;=v5{%{^KN@2!-AvHRJ*JMQE1883)TwnL99m`+Eh{4f9^yQ_mcP{} zJ9SW2@yQRm+vWLG?l*HyXJz`(5Bz|`aC-=fY+!pEJ#|~lA3bB!aQobxdHK8quxtlR ztMr}ZP;0Xj!Txh4@LOC~;I zo=>Y?^C^9wwjGNot8mPm*$H6eYJaUG2V>U@#w552o*GTquz@qVJ4+@&4Ot&gX|uY+ z#intO;gd_d!8^;;YwC_54&#Bh?ysB%CI) z3p_Ib&%I=)EQJ{>rKxs#8fH(_U76Mw8vN9ixA0PhCeikea^eFIc*>HUb7j{Cw=hpG zQmA}=jyx5XZ1%6NzmI1@{r~xpMhQ*1CzAO?LC%Q( zySeqc690F7ef>%Q|2WU*&+V6R6^=S+ve*wJips8$M2kP99eCNsb=7|9?0-to$)aKn zsUmbcx}2*mwVUJ*wXS)KG25_{>VtABhV)aLhm`hQ`I__7qSmI5)M7;lZ;c~Y((wLdK@z*HB@nv z@V-*n*Py$}3vDvCcXTStq9tQO{bkQN=$j1Fs*zk$RJSY2B2?s8&S>(1q0=Ss8rrGo zEzUj$E7tZ*B`f!W048Y|i$1je z!ri~{R;9IP@!V}{TATED;{-L#&Qx$(#T~<)>E9wOxny-PW=T{gWL0swhqhBQ2nBhB>Ke(C(IO<44N>q{?8`#J+z#vj@sX_0YPK~b<^ zWLzqF+y6N|K2ni-H3Lxh%SGT^)<+iv9X6iz{z-ko;e`r6xKae6T*<>Xu7HD4URU5s zMb`t2o3~;I_{8;41X^82pFu|QHDMW+t3bA%bHtGPbVxCbE}@LhjYm+AM(i3w4lItw z=*_Kd)^%_(%zdQe{F+cscuUr!;3%KHK>O(B;mD@WjD;pWHI9x{%3B@y&>TJy0k@+k z7Qt=zFp%cj`o_|K6a^+kx0T;+E9=D$E{RY`pjI49UayzPb9cY02<`wMB@8N#Y9a)Ws*IyUIkHcYV7<|Y)|nAU)fYua2r=Qh(?$O}zq#PF$U zZJ08(7MwCaeJJ^V!SkQ8VP7y4zzqAZHS3!>|E;a9J)Qp^eDipjRy6bI;i+8(B94 z#w`X>hi-s-7}z$>eZUu)T8$t4RG-#I?YTxNdm+C(mGyTbl8&0WLd*hs9)$ezyq{8f zPGreD@`*K@4A!3b#69?goH@X$1Drc_>1WErx9>Pn)+`{K$xlVznMHde zI(nkIZ-eUIhJ&F=nDFhAodR$g$-U=fK;>XcWcQ*@cNwR_UC6H8K*M-pbEj?gZ{Yp- zM8pq8#F~DQ2HM`27!`eK6kb_Y`Vu(mn+xB_eN61G&1}mqFi{z45Z!z=q#_=} z?JWY;cmZF!7xwI%(24VZ*Y&^170`_J|9b6J)&GBebMtBaKgy#CIcCD5)k?U?>OIXD z;1f?gVnH5JNy}^!Y?SVm?c~cvi(7>#G{NG%$m>*f5U|oN+c}#s!_kV>Xko2CrJEvy z&y;RPe+aQ~%cb-{QyMoJaTe~t$_6u~c}(AO7vSe>KF<)da2GpbIBRC}?04s!M|bJq z?b%s(Uh)|VF=Y^W9iPQITJ-sl@Zq_!w^*qWO(}tR=@VvB$uoJLU;dyjDL#6Rl~Wv3 z#OKL+tT0X0>^Aj02vbwp=_G7+urUlSTI$!+$;gTrk~)c=Nh0seKeJ7KCSqvv z>d0SOGFKwz_DaWkILAzzm=v&rQ9Y*s+ZvsdP+o88@(1pr-P1N$5m>d&;moiUliSph z8Zgf?Y@<;iT0b_|zyq}(Q4(i~XF~p|R7;2wlQ0#-qoVOdo(xjgLes?_FVgIWTplpP zl*mE z`87$=40GE=o-L~8IVsOg4ocW=GF+RK7}6%GGb`k|wuw^)mBxe;P0WNguD1e>*t!0e zF!CmWh_OV{T;W6nFE9drp2c2yGMaLjMvQyPjB~q)^9+{hC;ADW+s3Fm)06e8UCpSS z4^QbSU3JL+NkwclX|;6#Wh{C%I#(g=&WGV(c%J7z_L}^hnv)j8?QQckH04yVWeStu74OB!IX3N8YMotAK6v88Daih_%PQO%He7dfW^ znsV7i04inBTU;n=fWb3Q?sq^Xi($9kYKV=bJcmtTt|7-DoH(x#R|3`VM!fKEB#^1HV_VH6G zX%i|}LRNTaoUn>t#y7y9EAD{P`LtE|i)in^%s!Yq9=Je~@Mq=903TYdj~X|5UYQRq z8V3mrW5M;uE1LH3!+?s`$0xb{-|e{r|JN>x^KS#Q`2WV*TGjqz_4U>h|9_0av3 zoHJ9Wx20|tr<4R^HYGTn9XMjKe1ietjT5xO{ZNQRE31-}3Ffn?182Kk^N#7! z%@M>EbVAN9*2x<-J(1BLck0QCwAs*2-m2+_CZpgk-Rvi$U~)HktBczl8NkpQ$QAx< zBy6p1t!*>_QEs8!F6Yr)?Y^4Wu4$oSlYb{es4{HVd?sjXn_I6ZgQgpp53OF`lUwanS~#wG`jE{%sJROXJB&@TnkOWw5ZKCGnft2qLFwf@P`KA zXEM+7O~681!VDHK#tH2}9)^6HYniz|_ zqQ;m<`S5RW5&K0nI!0nvoY$J1YTkz><8VQni&%NkWa*NK-D+qz{|vXcE!Fz;wL$YF zW?Z4ndeND(RP1{5#&j}u?X)Whsic_FyXL{w>a`Z^O!-WmsGxkcZtbtrhCZ>yDaXz) zeGW3Yv>J&`S+b_n#g;F4dYTHH?B=T-xTZoTyO|Ez(;4mQjP`U!``0<6p|9;?IdXEI zq`xl${gkXJP0Ysbp>X2=@(0H$;>*`Qt~@;t{M_yQuVe1dsRo#F{$G8)UbX+)*jj(O z|9O;WuFMCM{J$%=%THJS_qg((a_>IR5xnSXvH8E-`qz<~A7=fpt-r3X|E<-h_5T>p z!^i(#EU5QsDQxsZx(wVqu=h6^HT$c$5daj|_h?*{)CE-IDZME2a}VqC9G;eC+<2_7 zO{NC3dU_Uq7Ulnf2-?pgPUjW=X7c~_&DFK4|JTOaQ~aODd2Ciql7w5FSx@!plPA|B zULefm>oehB2!9C+iae}cbnGiL@cMV7gFt*7Efni1x4UuxbbxwZ>TVFR9*K&$7p4%X zPO~H+f}V<$2s#)mj3|}G35%jI9=yi_4&>lyG+N{f4RI|O+$-mr1OT6n5*E{V8g-hs zOZ9S!er9LZvr3dm^w}4q(I0AO7-)*0DNCdz9#D98NyjVj>`Jx?o$czhR<32uXyh0! z>DWZJ)72}dw;C9^-f?E=vI4KvzvS7dZQR+dFnTZ0IuM?DXL_2vH-ytJ5kqKIg5I^3 zF|-~ZlJ(6ko{g#?O-OITf}L5n(v>n(=fUs`oRL08A{iG19kYP$)ZR+E{UZxg8ti3K zAV2koG|1$-IT*w&f4%>S`WZ$-wQ8z1jZ}6<(-AL!b``VQ|CFRuWd|#NN1Jpy?to7t znvUy>KHn$uw1!Z5j0o9*gShq)sixMa?6oCjn^rS0Ju0fEt0eV@57l*jl(KbuY&hp4 zY?`bjrG1*-X|`Orrr}^HIy?b8e_PR66g zk`pbjvZuzC4=_rhG>HeG& zpLS^)vfz~ZEDp+>+|-iAI5_pQG!)}q77O}GG+$7cic~`%t9EpHO`2MmwUQi7*kS;} zQ7!~c*qyP2+@l$nN4aq&uYYrKK?V)|bh9XG5I>rmNb}Y_dqRc!$5|H0{9V z+G=HWkSJo;-88%kBRZh_+$RxHF`@0LR!?Gz1x;U5N`m7!8lNyGehMSX$6U}+V@V0n z5sPKXP7!#^JU&TCFN{JF)|W<*vZT&sciz3TxkzD%P@R42TD=%l{TeHW#1N9Yo_e*h z^VXa*K-v!p<`o5v*drjL9)utDowFMDz-#Od72ei|y z1ggN=)&h3`b#v?W+H6Rp@QTKi^KQy|w9Gd#+#iYdXhg>O#=f>*5wObp{zheo5#flk zOyu7ywRwio4$n-Wzz&o_?vpUeQfhrKBVYK*Df2I>sBQ~M6AI)e6)rT`Z)vRbQ*i_` zkIzOU5(iCkX^-%_T5B-Wkc)GZvwD!y1fHGjym@nQcKGZ0`_ugsyQb9? zjjx(_-NV11caQhZ531CP((g|xtI6a5{g6h1_Ni_BCJ(BT0~3+qG4i0>2vZG+qn*S3 zhXJEq_rz9?j`#K_ zx1h-Izn{IZ@UiSItZnlq>0RfFsXG}1?+y+R&d!gHe>!-#f7(2PDYATqsZowtUrNW8 zAV0?>{PM%;`P<{uGl`G$)Av99bnrjT-G6OdNkC8cPkuYt-JiJD?xsGSGB5il@6LCR zkAFE>VA*i$r&Rnx#}k&0>H;+>c}nG~N<}_+_|Jzx(}=_a*Jtc9Y+mR&(A}NW)8CIz z_P#dA3E}*jrNPX_fAX~a6 zciAWjqngIIhQPN6-Tm|3-S1ig# z^pIuoByEfpPrNd^k*uZUmTDC8#+G#ICDrAOw#*nB8?r9~rErJ27k2A%2cc4yXFXMNDhyn(lnf{=!6@TGX`nF}yc!;sS^?5yS5t;+Q|UCa#A~qMtf`uE zTUIJIao#7~TrFsHUY(SZ&epA%qC=zdwyBpH3f#$67E(Ucd z02KwmLYDY2?F`p_|K{Dn>D%+}@yXc)zBpfJRcf3?7q&KdI>S8Q-RbVUIe2$)b}&ge zp9N#3v--+uQ1g6`qSE)YInTaqZ)PV~lP0RTeV@3eHs8qG5G}TSHbFRZ3$-0!pw78< zz@f5jf%UQp4!chIvVFqHs>br_MwX`K%d^t!ieqb~Mr+QVk~Cy^qZJX(%e~b;RruV* zinTt~hT3pT*eq}O#>S#zCUEyGk;M}VTDLF2H8LYNVugki-2H2rTB-w_BrrYT5a%3T zDHBxVU?!K)O;j?&H8xTyV?J7otx;OvZPw9OL^Z2N#U9HeRqqs~B41Q5_#ze|ldXXo zM6}sLT=VjuYR*#?ho_(=AcEM!O{MB?M8e9>;>%YGLp*V1eK)!Cl?hP9=_ILeeo>u{ z5;5Kj(++%o3ZnRL{mfth3 z25OGsdPrmFWnmPA@c10P7_>e{sNN%mpgjW=|8tXlY z17`_hIzWjFUL+~)ho5Kw*P$4~e=K`&97khdG1inINmdC_7*o&j_D;`F1xu;31iNfB zVln)-dkR6Aa>pBlqK*Go;5%OL&$NyIH!p^Rw)~&@$*@9Z7! zd!yiPeN12fueVm$EB+sAuh-X};(tBLV7n!elqCCZ$}4 zkOPTT7t88|G9VapN?~JaeQ`b^@A2Y%GTd zECvD}e#xy)RSTVVyJU#EY{EN1#^tcZkUAgU(r9FLNTZR*hs%Zy>ok?ALP`65fHMkiuiLky^m1j6Ao>nXIp(CIywC9)}8SaWirCQX$KxtTp0$OZ^-(**88 zVY#D=8n?1r^VIHSHLvD_7bG6W@OB4Y$cZ-797drSFT;oh6#6WMH#@sKax2U@^&IDj zfyyz=fus~-N&}UZR5cAk?S}?tiELqIH%&-NMpV$0djP*r{<!;1;-WK=|GF*~ zF3L{i$dV^$ORf4EWr}1hMrL@VCMLanoDz;b%qsk$^zP$}rPA+Z;1tn^HeG55D%POd zpma`VQ;!A^pqqsmrRvOa{su2!o`uQFmmPQ)asd(nde~eu^9#g|>`HAy?~_4Ff)a7# zEM)ke7PFvcUhkkl;^#u?$|!^ah;U@VewcCrNkn{FP^1C507B8I{FR&F;aoq{cQ&wp@^0toXJwbN z{p^L@27M91fC{Y<;^4;cU%AQG-{8OA?!P-cKiPk`zjLb0Xa43|qy#R5e{vSfW5#yt zvxnwf&88=}Ex3Um;dJX2xNbmw7SLrwzGf`{K>dj8aw?z+f7{ROA?V@_Fiw+0-p64B zi&Io!KD7fHQK9*&weX;jF6wJg*C~qE7g|b3>`LxqdcoTZ%y=qtAe=KlB*L7_3f3Uc zZ>k$^Q;?EFc1wxzvEPCs5Fgf>%NM15T`WMubc<~Jh#U#K7}7A!_f5TXIL-}p^POg{ z=LYsD_tOx!k@>28laCyS!o^)GJ2&ov&%zbH(dS;{xN&aaqUK?GF@2uib14vjsRo5- z>i6{Azy&%kO&#pS$_j5HCCVp(&u--gc7h<(vYxr55DZ9wTcRyQ=gzrz0qsjaH^o+b z&WG%ZMk`QxabB2}S>O6J&{vaMPt68o`oU-nVL$X0ACS;gK{U`+4d14(!5cV`tDa%8!Y#6`&$C3&bXTcWU1es^6 zpNcm@26q|3*LiN>V#9mwt!=s_O2T+CX|%HXPLix5<;rEez2`KQ11t10SL5#TkPM&)mW)N>R(=UQ9 z)`u);BD@>u=H-n$g{pwpVc!Zl&3q((JE0`_Jq-mtj(xfavzvgoA`Vx*twy|AfxEt! z=L^uAzF%%`^ac+4a3Ru+UaVMVkOqZl^{DPy%^Bj`eD1FeYc$cEc2cV$3$NO~vqv7z zh#+^PxMsZZ@Xy8YCM(=$3}559fr}r04)3^7C*Vz)YNJ~~t>H$zX*WDna6Q179^<)z z3-``CE`_&pbiNsl-9T5$9kB>aM8*}k7!oNgvlK2k>n|(~eU<0NKz*mm4R|}#q4-Wk zqcnE|XGN?&W!O=|q0vK!98BOo-N|0a(+n^3-ekdmPD8JnoT37#8jxnu_ao^%%%)wB z={pr~zYnPx(o~sCuz&*}vMdUqM36-h&hVbuO|Dv&$mC@i#D-`?{8>vRr}?F*~FCL;T; z^rHCOz{O=R3j)i4#*BUrO~7=#H7QJuiv8?+(u6iVH*j&a>aG9it=@s?X5g*qy29YC zn?(_H|D~=b7N|T4Z}Oi>hhWT7Xf0O7`jz5pL`53<-_{P${M^9BkE=i4h1jOy%?>$m zQR#1&jYh;Z2C@MflmY8w0%J7kMMR#J$26e-Mgc)6H^getQHc*C`Z3@4#i& zv-fwHwuljL4bfDlnZRL$IUt}cRxF)|Pg9|c&b|W$=Ka-3IogyrSeK*%?d#r>IEZRA zd;=eLGQmbfgg)eD!4w9QL=0Z=Bnk!eQWC~6)Ss6pyF9lO(-=nyZi$#~+`RTfAx&?m znP5YTO#3c)v*X;%vaj2hWlbO`+);%f{?ORmTiGA)F{Cg3+{4_diZB)3aS^PksFR30 z{OjKfb-CYMG77pgPq#O)-#y&JXpejo}fZEXGc5O^#3YfkP@ zl>_D7cn`?G?o-&;ZLHtTzOEt4@ANCcl=?atuw>)B(r z@x49rXu7%edi??LMn^0izYPb&--)2j>7G(nCqvRpZzO6@|6*QE0JS!Ny9kGDUBfp{D^>?{8?dJwA z?z~LPc$>#NqQu`wQpmT)N#c&9c>L%7{t-<{7bgoMH-P27dqL#kY8`z`fEQoaItaE z{dA(aR&#&5-S=&MMm1F-rGI3U3*L^DS=YD!+~35Zls{z-`He(^rm6wiVjf@V`)h6dw3o|e$#l<<{by! z8S$46x)N6@5%WNz&5Y@FaWWO$iiMx*pSJvVT%I~PN5tSs?nWn!I6 z|8|y_|DL0M-Jjkt&c-|a#d# za-rNaw+IqRF{J?_&a^^dARFmtQS?pwK;t>KJsodF_4|(NOF#DtfuWm_*wd%_ zJvJg?Jjdm$3#4uPhf~diWug~vlVB9a zD^+vHZ50pO7%;BX!$ohCn28}xD+L?#Y^gHZw?(DdnwCfo)BNRGu29k_WsyRV@j?N| zDGTM6mJ(<9{Q}clU6jGQfRyrt`Xaod(b%&xIz%dx$Y?^CYY4dn#KGp929DinEta39 z6llqzM^y*G3`FYvh37as`bHB$S^)xo-#L7TxrYKE>ik1bb4V8BA5J=KDH~BB!U_4lxd&B)T>g zevau24-R58|B_a5;Lo`|J1dIdhSb5AC~~GcYp8}+rTLRo@?p}*K7RO!Lm0D6GBE1+ zDnZ=7A|7CU&DQe8S)|F(0p7AirG{B4g*(T?y-EY3^9qtA{EepaYX`2@oXao{Iu-$p zs2~9mq~icyQgkfBw37%rrjRy~I@igjI&g!G=Yym8bROr&XR(fqdOjq4cy98htW*nH z8Js46vhz4qOHKKdP@0|xA@?OAj?XWD;I$$;+f?&wt8Fas(Q}G2Xk}-{zXYD=dH82h z2i1b-cK(xXC{bLyn*GFqTFw^J!)Fa*%bM?22R?i>u(yyN%CB-_fDa$>-EF=f#4FR% znwrhRT1|PP%316Tcf=ZV*v54-iMb(rvZ5Ru<{=m0uR2bN<5=J2dczn^ln9I*sX31( zPw0*1B0;8BiUVZ~{N&=tJ3$ZNl+qFd#`t0^r6#bI3Mx}#EGoY){~igubF^=khAwav|^{Qr;fRQ6GlB>B%xZ`FI{1VzHs4xC7$ zfVVq3HR~lEOKFyO9M=R0cU*Z;aaB5E7sx2sdgZtnyN{-RNFv9DgWawpPj>3KjJ4Gs zeemW`9;w5aat3QrcE|(c6Y+ zn^vyM1OM7H^El7!^>1wzTDL7m5kc7(J4;KD z(tZb5Sf|~-%=I;1$l3w(d0PrT+V-OiJ5@Dpv~TMtu_c zN#}>n)zvmn6!|#-f($w^Bo0{mv<~b<*JP|gLOXH}u`(@}LJn$D@|@O=Dbj&;m8)8v z7OjgzWd$TzTfzcIedxgFTP)sX0nZI8w53!D8N3-Ag78aoK+00;CM%sh?&3xq7{ZPP0KS}oW7OTWNhXFY4gbW=qMi1LkJRSKzdE(?JABN25giy>)UtDd9+SXcoh?kx zw~kH%=Y_07z`an!WE8eXVH^guXNVRL$fB8WL7ms%GA>TXJcn#)$>fV}FkD{&>J2<- z$&L21<;_omh$MMtO$a>CgGXIvsSVX5fA z*2WL3a=f_bqJ8v{K98$ch;Z3XM;$nq?8K>RQOfV8d2=8lK_HJqG-B7L-cKyW zgc15RnL3$1KDm*c z@=ZK3|ArcrFb1yfllAHO(+C|nI?!6*+&Tg8GA zLk?Mte3=GbxqUa$q}IA(5fNcT-6+jkm5y{S(FOXmTl2JTV2`RRaLOU<=L8eL$=)02 z5&tqvO6i*REq*6FZsMwr$%sCN?LY*tTsu z6Wg|}37$M(-uIlZPSyFrBX2t|OQk(c6Vcj#@L({tf;FVM^kp<>1BJgAOZrg=6Jcp2Tg% zGwPOT9ap4^8rs24PjfPDvGO*-51(N7lO@~?TmFiDVvCBxbBa4u42s-uqk!8~)Orzs zskYpi$)PQzdL1A72#F#3^gvD$0Kp{d?C18(#Ks69zwF<*xRB~mGEuCVu&pNT*r$#a z$6mC;5T5tQ?UR=fxwb)nY9j zR~{Yl;fIlvV!QwI+F31A%yYq_58%_xwAeQIBa+w{S~}0QJIhYS67!ExZVg2F&RBbZ z!mlGNc905=-E!nyM}PW*!nin9m#fglS|3NjPIGXFm7 zO=ge(^MZ;UNWc*PJn|#r@4>?R+~kk}TDD||NwAg3(lf8qFJJ$cn)>g!V3Yjt_LmBcG-je7O2CQa^hMI2|+UtD8Dt5Nb$2w&bT*G zeH1m8NVlibS4pf=wzbIxCct~ZjFVcyWbOM z6aI)oiN)Y~f~RswI&VP|g!(#r1K0Ky;k^v~Iy;f?`_c)k3{+9RmNbD*L8E*_I4-1e z+yTE63>KZ3Fxqt<6)0%rML06!u7VWArZASQj_AU3xbIa5;*VAy>I)G>_@t8!aBKq_ zwHQ=BDo2h+(?|T|I!2rF7qmd42Wc~FYaJ?LX=Y!HXS_A5c1APXbhxk9CD_};w4967 zm#X_RyA5Gchq3{H_Ev`V`1d6WleM7MxUt&I`=o0A%JvXihb@lm?$OhRLJIZxU-_OX ziElOES(gV2Jaf;u3s=W@V-ddIM5nqvJh=4ZMe}ihnT8ZOJ&y>J_nD8TwmT8V(@-a* zfaRa!UZt8~$hh=(=90bhTb|M_#xb%yaUChD%#HHYZkZgratrP?AqkEQ=h#EE$N>e1 z@SX)P8V271JB;^Fah1c~+V+17^NSDbV+0Ru@^TNkmNBv^Ttq#UiJ9PGz(^xy2Be8gHktbDwk|(&h}n}|Ehnr7~v-=pV8Wa zbRhq}Cw8QdW{0>NWQo**O3jQrpo`KVwrH7g@;Z4y`TIb-hm1oTC$5t`;Zs@xeP1))`UMGT z1j~4OvN6u#F9w7#>hRM)~6WeOl>S4wGojy{jF9^SZ*=$=wl7oU~2zJN?a}$cY-Pqa*K4_Q#2h@ ztJqe(@cdD*cri5~yHRvMtf?A1r!;M(cgKRe(Odfsrb-&8wL-*8il zb{AM(=fJ-W6qqSe>y*d{q>G1g!bGFU{|ot^)d`|z>E`R>6V3NiaCcgjUvMQ8D}7!> z47Dqj&+7I}O`qaPm1A&(V00o`uBwJtp{d%s7Av{?Ts7uBF11IiW%e;q&HvL$0s`kAMFEKERmvYjLspXi>KWxtdM_*=$LajnUtj^Uri+zs40C5`F4;YeX9fS8}t(3_I-)4=b& z(Uzf*4AZf7Dkdc>4NNrmU4s5-rW0c$@d+&rr3!xl6+~KpK+e@IL3ZbNt6%lCEa_16 z^;f{RQ1Hr83W4oFO|@Sd3w%CyR^++}!Qby(<>;BU6Xhw`6^VRFJ2SHQZ~mC6s`#>vU(;@9_7)qjzYurW*;B~JQL*lj}T=6|9a zL235mT4v0WlG7w_NCkWbz;C4E*BZIB6ZC8LZbfpWDbXbS+J;ax^EcLkK90?er@VPA zdHq2W3+84v=aFTD{vEVE*P+`I6DWBZ`aYQ(awpweq$s40nXKz8kE8&QVXR56)2 zCgB=TM4ZMnDL6E5y>k0I?}(b&QSO23)n`O@U}xHi?rqd}YTkI_Kd49VQLeQ=-;l6d z>uDYuyh4wo>$c3>Q~HpOcNbHjH1232a!sGpD`U61wfu7zOoH6IuIel-rZ#R!ql_}# z7;MsM1q%(e$NVg-X`xH;eI{9JN>+6<9CvrU|GnHuA+<2n%T#kRs;sNM_6rmQ@5tE= z;+icm%!3?k5`+Uhv8+N81$QL_-lhby;H*CY{sP%_RGY5e_;PsKQFEZWsz`iow0U%tz-CW0>z^>;TU^5^jfWF2~?= zHaI9~5x#^mew-AFj+mT`b1*biVf&@n3wWvjWs%HP7gV2b_OMw^uNuMEA*W3yY1= z)ZykSWL(M_Uz;xu6iLhVGVA3M5*wVQKLbf)095dl_(-Wg*|9G#v(YST*tQn}non$s zBmFkgZA(eLz6MJwJfzj(q|Fzg&W$rxhI{&VDk~QaN}|KaBkRb4^rXNlO>%Tm&0X6m zOALWUps8yMDbTUoyXA`x;9{DN%=54R-sE3G@UMUpvddwFECAll= zy7YLQUDj&v?F4R&Kd04Ct1VBc#p9G6FUXSl;i{7<={N9A-sNNpEN(pvAU?Gk%&)b* zO8fZvUwgf)%pP0@Na>-C(M1Ec-2I@4(i^^3TU%+qh%U3LvJ}6F{ygL_F|HPH^T}=B z7jU^)wZT^_J4Fc(dy_ACKzbE)W0{Jq{N0qkH@MNJGPG!bA*(vx)E#r%miC1@ug#dp z80zSums0nK`LV|Wx5iRNZTL>pG{lEtmyA%QLA{X})v2AWf)=CyJ>Z)Z>#I{hragE`ow%F9U5 zJ|}pHaT*@*itu@ z4(-gMA64oGjoyv3ij_%}=oGG2Rdtvx3K-XCgY>k|u3-XmgbFL=i!~Z=r)nQ1Y?mGf zz~gdc){pcV;3`L}hV8@d$;rik297QFxo}Z7oOL^}N-vq8f-|g1w9Xi>4%e=0 zbi0{olEGLr&1G_ezO@zcMXzFw^@f&2Wy%@)!hJ zP9*E!^$G=VEx|I{Zw5Z?>j~?8%$|6*N!greCN8n2;m|8Y_9vB?OoL>T}b&t zpRQeUHX9(vOK$;)6|yePNVKH?W9sL`Z@WvYnjqhY^vVc6~I+x zCn8z1kX{*K!-ITOUWw_Dc=>;a*>-bP3qoIp_ZFt8>7O6zU?cJwQy=eCH#DlA4g8f- zH&a*jxvVgcYrjG80KwUPfwfHsz~Q>(;6yscJN9Q8ssvb4kKsrpv(ZP&q#k0yQjr01fQxbn8i~8lXAVdYbX-BXRGV4U!PxA z9>CB1&EP%&;)MN_9a!0ew)MnMcGpX*NOG7r{73cns5DC10n`NAiFfu;qtzPAkqO7@ zGX+T@Wgl;I{wJH)<#+Ej?~*Ce^2(#o0`%Ro$iVB-pv~$so%wWe2RxY58cEe^HFHT< zwUo^-4n9^n>p0vl-ZS|Q#90Inn`$$%70dB|di#~3>ViS;GSdAAR@JkNSdV!^6!Iw( zHwEZFv`y8ck2&MEP@pljU1}+ic7*WDcqH^v(?2*2p73Ax!J9FnZ3Z}+HFWRp1?NFq zj;hoh;HKr14Nb>sMX!5nqLB3(EDF?hSV~+l-T7Lqtoh{})tsevzWR1#dmehy?9Du5 zY4yFlF=uza6nSrVb8>#DtOORq$0g5k%~0J4k1QD240%6fij>to9(B*`)_yCZi# zHd~)q#)UhJYzr1VS0i{oHe;!N7(nu)AZ)7?(jKGCSEhYoz!5wT@&TOSDvo+*(cUr{ zy>`^lDnJB6WJ*(O(PV;N3iF{18O!{!p--dY@KzS$;)BC=z!4@_tPJYP8`*XivKo>F zFMlFCMUo%9S~?zkxCsT4$3Rcg|NCQa<@V=~zeBd*^gpRjJtHr~DY$r+>~zKX_Kq|q zjF$qia?0LRKK$m&F4x}3tkH)AYUZMp$+v+1$D+f$KYv~ocCSBMf%q7AN+o41ua*At zDcnnytO*;QV%A``C1~ghVismDM#s+60%ytQ6+U_96U8j1K`YX|kxQ4~mi3B_Oe-o) z(-7_oW3`I($ZQaec(Ty@{;JvwN&{nggBs-JA;t1lY3lpmf8!CvEhUC4qBtIltdKsZ z#1t~LV;Dl1Ql88RmY068r-yK1kVFm&!uKPl(#?x5*T2+X``o}FC36HPChJhJ*vcRt zj;*zKlEI)8V9H#5F3r;@t-HxUP@BH2tUyH)(Y$f`EXV_4*hR+z0@yeT@lzZ4mMqe$8&+M7L!n^L|^W zu3sFhzU}#cEyK%<2533;_ziV|0c9U~BoqnQmH&iY^+2cFfrh)@`aQsamamKPFQ9TR zqbo3}xcaxu`|aZcH1($XyRfWo*AvmT0e0J4eX&-s4=v4)#lY#RU_S2v&$!^Vb9ZT) zOv(dm&VjIB-R(Fnhjzt7`z?aVwmzpwBSfcAtH3C%zG z)#mVxdEDDvT7Q2N%Ul>YP_D`>uB%Lbx7MwAtD%swe5(d->G&Xex-!A=4qF?QHAP{n zxC@o0Pcu~4j^ss+k&fTnEHr(~p7R>5Qm5+xQ+hz%y2{G{*T?0>_wOwSzWUaA%j1{5 zhdCK(vq1$@3Y~q@1oKNw{hPUr=OLQ5#XrG&{~U^CiqlX-N{e7*KK85BXi#G%`)BDw z^J0%QrUk@LJ;CDy?sx%S2f4oegM4;Iqwj{g+gp{nz*UXBnQvM6RL|E>I-rSqpE3lq zpy)r&eK5XDK+-!Hj_|n8z)@nlz&mA{!ifHV`JuvryEJMT4-h)2Zj`~i;LcBY!S5pB zvBU3pmhP+Xt8)U#xsrF#$2Zf|?z3Eo@BM``A@2+;qp)reThN9}CY8z=uJJfC_kEz{ zos#m7!rTO*t2+Zy9KUY*QKQeh2{jEj)-Pl~wB_9zG8NbjeV%=Rvwr{jkYt%%@zUMC zcJ-<*fClz8{NGmL;|yAszh)l5L}K1scV^{cz>e5Q0O;Jhz2mcdw2dbk;n?oN}LAj8AG@vaKbC zf9;MtcC>_)4{F@asZifAmurmVOYd0@N?FF|KcaYSrKfr5)Pb{?FRy5{)N;nc%^EX$ zlCSwO&N)#;g-BajES^EzHf};~e!_*mK61+Qj8T-K0L!!T?a*h$q$>DJw-1FoXBOUo z&_f^z_)~mK4f=|160qEs}X5 z)?|JFC{l78(|4gzqTT)<;v<`#Bcc3J$XUrtOGK6Q6_KmlM~EtE-X_nJlT5szQo9MN zl;jab8n7?wrcYF2*E39zwP1X%=rM^2iT)@)@RY6m?JL4a@A00%IQ68ER{3B9k50NT zXYP-K&$e|`DYz&TW50+v1r7MzS7M2HwVjU$AyCilKrLnYcg!krgri*4Z8LXMk%~d zVT8WN;vG%QS>TOpo>)XD3oo>uZKskFFjWN&e{5chzo~_(5+5>O?SKk6wLs>`i=AXE#cUiP-RKC^z`i-!Z zEm=DE^VS=y{t{V?hkR?3w_RNV&_g``0Qa_4$S1O^nvK<%7*;w_!4kaGK$O4ejbSnu zO&=`5>v-2psF^f6xoI#LlC8tDciBVz_Yoo$$L_3%Bz2#@5jZhu=wEIVmG(;DJO_;) z+RKJqo$2PsXy@eI-pBDXyRqDuM%1pkJ0##|F4rrhi*=i`d|V;()RHA4|>-5O?K{=zi*?aV`cB9+^)yTnpdgp?W5GebYuG)hw~#2 zT*9ZEIL^_?6!othnx-mTk8+bj)O)Hte1v3qBhF+(4{RLAfzXQ9)h4|cUBDIMm$ zOo{yA9rVnHczE3C-TJ3*asZ9s{XyK}K@Eqqlyw;G*ym+p$B1?G321q%+qT)-0SSDh zep%Bma~>@w=Z(|NDYfNpP4dR&CETpvNLSo7&b&D0o@DJ{?PgbUGG9K_CPx)HEw;v+PP%1ED|ugfBcjd(1xE%)GtF8FM^O+=6pIC;go#+=v%7(of-FJ4i8 zG{5tELrU|8_;%1l8@(9*RX@%TqD8_nP;6VXJq#3Za&c%QK3umqs=*Fk zXfRhStlfnCS$E^WHIOF#JJ>_JAK0nDDAk6tfL|~~h4JIg2$Upoz8kOBdEBWjJ&2sQ zUynx@g7lMa+ejwhm%J!f2vYrA4}L~^+1Ms#Kk~F!E~W7Y4Mv4DtcT=N{9r1^0#)Na zTOntIptL9@=1kL+Bi(q=2ozO=sZtar2wwLyWQ@W;lQpBbGR2A~4?e(*hKKYqKyk?q zqUUcS6yEsN5Btk`sV;ROcNuRp=vUcgU+DwAvF;+gi)yU~8y(QF-KdUZBwe_PW0mQ` zRCt+)0YQS&I?GNr<;-Q>@IerT1)+E&|1uipcbID*nM`OjA;S%aS$>!M{C+P4fIK@F zD;=;5E;Iz84(!nJj$Gv*f8Gh2BS?70at9YpvO>M9S+6_2Wr3`wGl`76Hz-pvT1XN5 z;6oC|eMVw~zLb!B*USg<`T-9!~kz`q0zDF=Rz8*-`qBFFbI-E*U4J~P8J-*W{?)bD{0 z4VdjWFQCV58ggF6jJPMclKjhhEwyVj*_mvijS@jdLqsf$<`im7%+wOn&_8R$cC`m% zrFa#b{|ASO1;KA2E4>wgoyi~|xL0~sz>{*NKBPlvhif2Mi~3wm*s9+h!T*{!U{I@z zX3-#ujoXQ}A7QLVmOey8I(($8d6i5**f$A>c_%SMdF54m(=h_&Ud^i<0$!;E3W~j7H zuI?2cZj#r1b5*X!9TN0a?oQ+aJg!{|7imY$s^U=!X0`4Tt7xxLXVr#NKTcvgw zI$ccYHl&z(NRRwwaBPZPfPZu5a|g84JtPtQ=t>l$faD}NOPUSyKookczn{=^;c$FP zPk5}+Km2soQR?5P7v2u)=!gSzT$bD;vSw}5*+dJ*WPXh0MnW;CVkQKmSF8`);K`;L zkd@(%$MDdHaz&sR6zM6&%NCkpF8v8LEz(PmJ|AQFm!^MD8+aMvemLx3#7e7NA*mi& z2=_>Z^N45w?mo#f4$)I1_1py1>yImgJTyJY74HV{(^7d&j*DPP(sN7>Wx&hQq}R2y zwenSdmokjN^@TV%{1J~YjMQ>3L53z`%lzp4qHRUX&kBT%kbiMjqU+ z#D1*SQf&#S2<8onsJiHDR8=%3pRF`ZjL($my6jD7+?({Tw4*;Bzdf@z zU~y-n0?BhKuPw`iOSMzk!(>%4UCiNrrn`}mjtqZJmZ=Y`Ee)^Ex3k-Cs+*5im1(T- zq*SoSmMkS6tFBc~vF85D7+rEEh=nJXY3OUVgcKtI3f{9ozV=)5d~iI7q9q$onc}t` z;ZiHc`!1@sM^FHo>zAZp1r&?r2DT01v4TNOtjVc0pM2?&Q22v0xUeG@G4el2NE3FZ zNp5B7O!~x&FinlNJYiA7;twiw!#s%<@iGrjLH<&ww{IJIW(?}$?@2MZxcI2ni%C^u zq}u2?oRXU~WL>{$1xZOs9Td|kHjkq|z@|K#nwTWro_O~bCk%6%>&J6zmglo7mdFkG zbp-r7+z3jaEIgvz>W~d-;3B+yG!G275KK=BFkI4^1kqG0-9!3m6J7;v1{ZMwa%ABx z07rRXC)zE?;-sXxEw`OXeyZR8vzJi|0ZufJN<6H)buKf~62bJ$C~xPs+L!e41h(+@ zX?cMLPZ894n2Uh0Oo%&-%=t)7bMk_{xY6h}f-$a^4Uz+T=E;x1I5^6i=G@jHW7rlm z+#*FagJ02Um2$s02%8mw^Zf1KgXkeXvNc;m;8a9pP;(zki^*k0xMFx{fVG|_+|744 z5@b1EH*dTs{>Wo}X+g5*$goJayE6eyOF_`Dc( zXoO1lg_xV60jiMRYb3?7P3i%?>OXmwlqZUREWVJKT*`yizoN4a*e@;VU{RX7OJW+# zKzb1zsjHVH)+gU_Wcm8=9jTd8v4bE~y=eHvQ=eI}a9E1}W=9KQ5Q*SFUQq|R0EEQI z1gI{J;K~+gfabv!#739oPGUGv?Z}7I&z&$z0$Qi`v{M*(aXo?aJ9d(b%{J? zK#7+hQL*#rYlhe+WTB`u&LS0?)qkUrFBe)-)EDPaBPzk&9dxxa8#=GT-8?UfF=rUw z7tcj^!gURyV=L`W;_40eQwWcONOBW%+v44UPsRXRgGV7z5Fyljx7g(QXaaxQs!@Vm z?GwT#56Cy-dv)tGuiS`ecFw_Ml2Cw<#zFwu;bQ7Xp!Y0DC5L(KEy1lakX*BRV%t%C z#eOSc*-;jYV3-v%%2%&&R4%7IyJn~*FKi)R%YU9khPc4pj49eenlP}{7tMIpZf$0# z=g*qo$s&by?IFeQDYJp4%@Z2#-grr61b=)x87K;+yT~^V?|vW-Gb-4zjzh=lp#QZq z0_D7Ut1i1;^GJDCHsR2%U!rK3KC>z7%WU-b`iZAZGHtGaSf1O-5&*~WJdQ0neIjel z=4ERE@NBmTN>@EE3;ef~@}}xECU4ny%(faBtxa6I<)rV{k$z=}nMHhk*Y!SMT?ccc zm%3C~Q1j+7$!hbtwqa|3yld`i@p*V+T^KondI`t($BGjS;~CxODVB36x zz8em0X&}{*VOhuHvJ_#G`QBG@0cS{rN<}2DJE}NzAg)tLB-;OY=$rZ-xvc{p(=SGc;Na7W%_9b$?@CQ=Nr=n-Oz3 zhu?P~h|;D~U0K>qK&HEmTodijPBf+}@7a>a*?I3&NF z)!|UzD!@Ytu!fPRmtEgcNPg$;4Uoq%=xn8L|0KxmPP94r({-Phr$=)9=O`sXtFoCj z`?8o{!h_cDQ{@^EwMugZZcF$xyxfpN=R*6le0f z2x*X7_W)-SSXK*di{ro8A4&Q`cVqK!yqM6UJ9bTLS{=i;9Bx51J+s9=^*{N&#nHJP zDXwceP>Nl8!%9%3IvN4Ok}e2j;jFzuM5?jA-l^{ed>wyMC=CW=1MfPw{*oLX$D+x9 zDP5VgL|D81n%@!bhhi?BB1z^EhD3!yMeUC{E3eZl*;*nt{c%#wp0Px86bpjiK8o#& zw#95NLjp}Dl<_a)5|lgj`Cg4)Xrhz;h5q%-Z%_4z+ZhFdpo6Ogs&Q0dLC%6Lx;43? z*;Jc)SjhmUHO>--F^gdfFU#}DYeJ9tzAakVG)5_ANFORaf||2^TuD4v-eW$zCT*HN zOp_Tc9dar6W=$2;hIaquoDgR|2<+xS25*3sc z?^*1b}dIo{E`iy zvH3!;171Q4MNk+Ak;&Co!kejpjQ>t%k%;^Jfn8?GJsG|j1%FEVOeZh2n)ce7Rhn<^ zoXOdJHNvyZ=6pGIa0JB-+QcY(kU#bYVt*hY3dh({Qw?5uSlZ*L2u5lymPsa^xJdNL zG7T!Isv`MmE7=0+AqxhQPAp+BG(_1Dr9r?V&P{ZnsQ;`sG+Ik@U{Qi3UyX0qE~;l( zoQ+2kkwm_qr8J|OCuN!j@ zW6mzU9M7aNk5_6&Q;+6Q5Yc+B>;;5fE$$O?p<6T6>wXt0^X;GF@0v8X&$ig)Uth1z zlOo30z%3i@Y5Gaot^Q4?;=v0lW~I4e*B}a~>TcC)&=h9_H>ZS;4h+Mzp!lMC0-*Mp$eTKI{`DFVXG+`*W9HI?rlQ4gh zs$x^V$XyEM+-j3b1oJ5X3UoAK;=i)hmv zTS+iJoW*~NOqU4uIPCm9zP=8wKQ?z~YZVk7W_EH7wtIPb1-sU10PW}acG?pg@*@}1 zP*j!$6sMETt~I3yQ!6_^Q@!brDz4>vU7sPIP77?7S(HnURVN=RCPM2GoqxG8Yj2kM z@#4c<%h9@wQQ7=!-i_aVZw4a$Y1oBAdnzX!7`LUci#|c9SB~fmRos}f>7__jSoTXm z=)XKW+cy|vK^;^FdG8srxRk^^lkFU6GiH2qvnTDSB2+Xm+`q$hrA5cZH9H9;ktW?o zF6n65qjr?eo@2moF}}=S$9FhiERQ71scQ1Ld+2UXHOQsqInV;*hcvQ~d}zSV_$15N zGB$RxdDrB6%IL4HIeKM3iRJ6QDpmC?Rvt7i7#h_dyCR4@vxlAE7Rgx=&0K%a&KL0V z;}=ROn{y8&8#Iq`JVKNRgWNiK@V2%yE@2#0PQj0j+8bkz|lVDtIg&e zsP(>Ec^;tu%Zm-LtBVeBTz(2bHy3{ja5Q}is4E5jDFOPh1L~p~kPCq)sV>4fb9V2$ z8-l(WWx$UQ=zT%(&EeKqdSo=^NwZHO;vo2DVVVB7YV|V#CQ`{CTKx@*gww ztAc9FA&LY1es|_BXLp;(jghAT<)yLicvw$&_8LmA?_&Xp2mzxdgAU2^bF2`g)qYck z3=&RsMT$xE^rU0d7xb#!>}lPRqubz~=iH4}Gpgi{dR|m5c+R)5b4J9Fa?>j>z zi((FLLT=_wrdt>HHFdC0n+wKS!H{2qpff*bf;>0!G+sK-pbX=5u6EJe`IhgN3}CODM@Ov1gZoTGogh2DEWSAOhKxR&dlg+UYb$ zwDv!+z;G^+LO(8e83S6?WRpe8u=_;M0=P1gXX}86Dr|kqn)GIMjAZ&+R3+pz`iNFJ zzkY9_Q70jg-uNS5LMwKo0Gf)fI6XPF1|(S@0gdpP z62mA^{W&3DoK5wzRM@a`QQtvnROgc zL5RfF{L;va4}JJ6Z}a{=&tOXr;OzCw5Ag9(l{EFk`>IedOmeI*n_;DPgOK}> zEq#^y|;EsvFh6s&PhTKaTxqd^_F_8-JNM&;P(n zBb8NoeQ7K5AhKx5pB|mi;r0)3cKzkh+%8qsS=fU%>%^%;D@0a|N^MhvzNb z>ou&toylGcGOr9D)(9p%rCnQ5+Q;7C5rR=p7XaZC{x8;q9eHL#4keM(k|fLfhHZMU z@{n1UDan0$q){Zi{(#Tl55;dgmt6ByTpIfPn{d)|yBp4D+pkROb_6;;zZDj(dFahq zU|Ofs84nrrAX$V5nd7+56BrKCgS>0LdieN(n2Hd{p|=c*v%A?nyy}c`f0l;W8anto z-zbJU<0VtIrvVvN9l(+5leYGB6}>Jw9M{>@OSGn2x@{%W=BIbY_&*tgtuzu$w5To3 zf3gZcF+c6Y+imS;X|wELZkDCC(S7s9wl_zvfdJj*|rnP`?*YnqkHE6v>EvHHp>pvJ>oStBPUDdgVC zAkrF58AHJYLcSqjIK7XpMM@3?*<`b(Qb{jO&;0{V?&8+e{A{ln?N-IHTyDW|1P)=b zh1?A=Z60XW&5`N^lUW3GB*bradC%)fYxxRbrSMyJ)Ofjp_A*WCd{R_uKUxVWg=!ZA zXFC00w*|-Ay072^zUdAGZdA0T7H04;cjPH89jiSB1ZZy;V@XUa8Dqe{IVxW>y@{sxqg`BoE>&*T_RJf7}5 z!*1qjn!9HAnSe~D*QeVX+T)|#E*{%~V?nGWvB7<(WXNbsaBphiI;IZhl-!--sh>x) zQ+N9$vk3O}RxV|}*D0t1Q*8Hsu!~XITwFJ5K~c!OKUbY;x}ayzi_R_zYg&OW7k)+k zr0^D6&KLWo8%O!)25r3rt*(1DL+ASWyYaoQ_x#U$j0KtjQs1W~mtXh({plZIMA~|p z;o7IzP@TD~hCO9!q-o=au2Q*v4F;ofWc1hwR^_i2%*>6020D-TDfX|EtLy9K^W(0~ z%S8&ESuvWR#MG*mKIBD!hP4yc-0sxe&eZDmlxhoIt+jSXu6cN-IVwdo=!~9d-Vum$ z^P_d?W~Q+y`%tir^GAjDifZ(R!gOzVKh zb%2o0olRptzNfJy=11M#)KF&ny_WBeY5iR<2ep%j6J+N=u=zYfDWKufe+mJ&r#^BB zHF@Bw6!4Nt!OhFpiyUA`{Jsc&4iuILaw=;`0%b*nzH5fqr@puYwY0G`$$8)k?rnh0 zTL784`cq%a;76VY?02=1_|?|y`(10?23#}-KS;gz^?u~(eChCF#$5@EinddIC2uJx_d7a4-u>19UM(sk*l zn~38}HRHtv>=q1->A`BprAQBb=ZGKIw?V;DESXeHJ(cRUcc-G`Yq@2e)ZBGVXT!8c|yo@DfuUu6C9h`FcK+$ z2rG1lZ7k2XYZ65JNZ?8;o4Zm&hU?NnJ)5u#es zo_iPwvn%!MG_Q#P^1QqL{5OqZ*8W&+lSDR->)z{?sWm8}0YNCAm~Be+QfAPu+qyBy z{JaV;tAw2e7k|Mvnedrw72^7#wL-M~yWz`4$D$<$v^Y>a#&wqW+c=5*eT;MRS`hVz zN01U|UjrItFiEUTk+lx{GGpm$672fb43d6zAX6a#VAop7*&+@#gNs7!eddSbB!b?k zk-)+D4W{Sz=xc!1_EJFA%m2LIBA|7REO4=M4%jS^^i}qJ^dwlbd>)|V`Yc!@&o~D4 zeaU#w)2IR7qfz@i0~A%t;IdLj%S-BQuq>9}^FDvj&I6lW9Bl!LH9%&>fTaJf4bu7E zJ-`N_`1QtF3bg)S_rEuK>E!?@UOrw1WP`r^7TYQ3QyOC$12%cp zr!4}TkzSFJZ2_~C6C8S^GtL-Hdl*YBLjVxyIULkoGGQW-r5;hgDSTTz2dGd`ys$(} zP&}hu=!Qj%X)@t}AEb2T>&&S$F%_p&ch&YVPKFa5cXTmMe?BAm+kg6k08Ph0Nyfnt z&E%QMNo)fZ!LGDs#-Fd*%TQZeh3n06`yIzt_Yxws74q)FKQ$3|U3db-5#Q>(n9ewd z1y6qBLB|#sAYJUlio{D=UUm%Kh+cLq3VW=${zewPd;_+$?sH*SoJ)oQ2B%UA=9!wY$r!L+9H0Yi$j55JZ@>FlJqZ@_gP3hVVKroNJFG z76ysyMJVDY!Eilz;&me703osRbFcyM*5m#|e@-9FVjHyAQpMr`^&x^7^)GZBk3j24 zTW%@sLxVL4_8$p-fheYU5N|6vvV8u3hO4)Xc6nR-o_2DmIF4xfBrV#%pxFIx@gfEA#O2MdY0;phhgF%tV0M*@Fn9YsEf1H7MNhu zV~79wuq6`UfX@6yd>C23d;|i4d(RQ$ra1VqTm+R3e{IA5w@v8M|D7VePq&BqETMlN zTf(Eh?S;V#Lj{e-6z5B%#3X&LiB=$iqDUeyhtHK%gl~f3Gyus1hN~ZNlwodK6lbUB zuYDFM!31}(bM*S%EPa5aR=n6=Ot`IRJuWMB&U*qM0wuSDD0joWR4KVj;bCX4{=-c1 z{xs!`8/demo-project - ``` -### Step 8 - Generate yaml files and deploy -1. Create a chart YAML template file with the configuration parameters defined in values.yaml by using the following command in the ibm-dba-baca-prod directory. The `--name` argument sets the name of the release to install. - - ```console - $ helm template . -f values.yaml\ - --name celery \ - > generated-k8s-templates.yaml - ``` - -2. Install `celery` by using the following command. - - ```console - $ kubectl -n apply -f generated-k8s-templates.yaml - ``` - -3. Run the following command to see that status of the pods. Wait until all pods are running and ready. - - ```$ kubectl -n get pods``` - - Due to the configuration of the readiness probes, after the pods start, it may take up to 10 or more minutes before the pods enter a ready state. - -> **Reminder**: After you deploy, return to the instructions for [Completing post deployment tasks for IBM Business Automation Content Analyzer](../docs/post-deployment.md), to review document for further configuration. - -## Uninstalling a Kubernetes release of IBM Business Automation Content Analyzer - -To uninstall and delete the IBM Business Automation Content Analyzer release, use the following command: - -```console -$ kubectl delete -f generated-k8s-templates.yaml -``` - -The command removes all the Kubernetes components associated with the release, except any Persistent Volume Claims (PVCs). This is the default behavior of Kubernetes, and ensures that valuable data is not deleted. To delete the persisted data of the release, you can delete the PVC using the following command: - -```console -$ kubectl delete pvc my-baca-prod-release-baca-pvclaim -``` - -In the configuration folder, the delete_ContentAnalyzer.sh script can also be used to clean up PVs, PVCs, secrets and directories created by the init_deployment.sh script. Simply, run delete_ContentAnalyzer.sh from the master node where the configuration directory was copied to. diff --git a/BACA/platform/README_Eval_ROKS.md b/BACA/platform/README_Eval_ROKS.md deleted file mode 100644 index 9f0a3bb2..00000000 --- a/BACA/platform/README_Eval_ROKS.md +++ /dev/null @@ -1,173 +0,0 @@ -# Deploying BACA on Red Hat OpenShift on IBM Cloud - -Before you deploy, you must configure your IBM Public Cloud environment and create an OpenShift cluster. Use the following information to configure your environment and deploy the images. - -## Step 1: Prepare your client and environment on IBM Cloud - -1. Create an account on [IBM Cloud](https://cloud.ibm.com/kubernetes/registry/main/start). -2. Create a Cluster. - From the [IBM Cloud Overview page](https://cloud.ibm.com/kubernetes/overview), in the OpenShift Cluster tile, click **Create Cluster**. - A cluster comes with attached storage, so you do not need to create persistent volumes. -3. Create a Project. - Select Kubernetes, Clusters. - Select the name of your newly created cluster, then select OpenShift Web Console. - Select Create Project. - For name and display name enter your project name. -4. Set up a client workstation. - Install the [IBM Cloud CLI](https://cloud.ibm.com/docs/containers?topic=containers-cs_cli_install). - Install the [OpenShift Container Platform CLI](https://docs.openshift.com/container-platform/3.11/cli_reference/get_started_cli.html#cli-reference-get-started-cli) to manage your applications and to interact with the system. -5. Install the Container Registry plug-in: - `ibmcloud plugin install container-registry -r Bluemix` -6. On your client workstation, download the following components: - * ICP4A BACA ppa package from [Passport Advantage](https://spcn.w3cloud.ibm.com/software/spcn/content/Y107038W39561F66.html). - * BACA installation folder from [GitHub](/~https://github.com/icp4a/cert-kubernetes/tree/19.0.1/BACA). - -## Step 2: Push the images to the IBM Cloud Container Registry - -Push the downloaded images to your private registry. - -1. Log in to your IBM Cloud account. with `ibmcloud login -a https://cloud.ibm.com –-sso` - When asked to Open the URL in the default browser, select Y. In some cases, your client may not be able to open the browser automatically in which case you will need to copy the provided URL and open the browser manually. - Paste the One Time Code into the client. Then as prompted, enter the following: - *Select an account – Enter the number for the Cloud account holding the baca project. - *Select a region – Enter the number for the region where the managed instance is located. -2. Create a namespace. - `ibmcloud cr namespace-add ` -3. Log your local Docker daemon into the IBM Cloud Container Registry. - `ibmcloud cr login` -4. Push and tag the images to the cluster registry: - `./loadimages.sh -p -r us.icr.io/` -6. Verify that your images are in your private registry. - `ibmcloud cr image-list` - -## Step 3: Create the PVCs - -1. Get a list of your storage classes and select one of the choices to be your storage class. - `oc get storage classes` -Login to the OpenShift Web Console and select Storage. -2. For each of three PVCs, click on Create PVC and enter the following values. - * Storage Class – - * Access Mode – Shared Access (RWX) - * Name and Size (typical name is sp--pvc- - * data pvc 60GiB - * log pvc 35GiB - * config pvc 20GiB - -## Step 4: Create a Secret ID - -1. Login to IBM Cloud. -2. Select Manage toward the top right and click on Access (AIM). -3. Select Service IDs and click Create. -4. Enter a name and description, and click Create. -5. Select the API keys tab and click Create. -6. Enter the same name and description and click Create. -7. Copy or download the API key. You must save it now. - -## Step 5: Configure the DB2 databases -BACA requires a dedicated DB2 server. - -1. Connect to the database server as user with administrator level access to DB2. -2. Copy the DB2 folder from your client installation folder onto a DB2 server work folder you create. -3. Create the base database. - `./CreateBaseDB.sh` -4. As prompted, enter the following: - * Enter the name of the BACA Base database – (enter a unique name of 8 characters or less and no special characters) - * Enter the name of database user – (enter a database user name) – this can be a new or existing DB2 user - * Enter the password for the user – (enter a password) – each time when prompted. If this is an existing user, this prompt will be skipped. -5. Add a tenant. - `./AddTenant.sh` -6. As prompted, enter the following: - * Enter the tenanttype – 0 (for Enterprise) - * Enter the tenant ID – (enter a unique alphanumeric value) - * Enter the name of the BACA tenant database – (recommend using the tenant id, but can be any unique name of 8 characters or less and no special characters) - * Enter the host/IP of the database server – (enter the IP address of the database server) - * Enter the port of the database server – Press Enter to accept default of 50000 - * Do you want this script to create a database user – y (for yes) - * Please enter the name of database user – (enter an alphanumeric username with no special characters) - * Enter the password for the user – (enter an alphanumeric password each time when prompted) - * Enter the tenant ontology name – Press Enter to accept default, or if desired, enter the name you will reference the ontology by. - * Enter the name of the Base BACA database – (enter the database name entered when creating the base database) - * Enter the name of the database user for the Base BACA database – (enter the database user entered when creating the base database) -The remaining entries are for setting up the initial user. - * Please enter the company name – (enter your company name) - * Please enter the first name - (enter your first name) - * Please enter the last name - (enter your last name) - * Please enter a valid email address - (enter your IBM email address) - * Please enter the login name – (if using LDAP, enter your LDAP name – if not using LDAP, enter the name you prefer to use to login with) - * Would you like to continue – y (for yes) - -## Step 6: Run the BACA predeployment - -1. In the configuration folder, copy common_OCP_template.sh to common.sh -2. Edit common.sh following the [Knowledge Center Reference](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/topics/ref_baca_common_params.html). -When editing common.sh, the following are differences specific to OCPoC. - * OCP_VERSION=3.1.1 - * ICP references in documentation are OCP in common.sh - * PVCCHOICE=2 (PVCs previously created) -3. Run the predeployment script. - `./init_deployments.sh` - -## Step 7: Generate memory values -An OCPoC install with multiple products may require a systems designer to determine how memory will be configured. However, for guidance getting a starting point on a basic system, do the following: - -1. Change to the configuration folder. -2. Generate the memory values for a small development system - `./generateMemoryValues.sh limited` - --- or for a larger system with six or more nodes --- - `./generateMemoryValues.sh distributed` -3. Note these values as they will be used in the next step. - -## Step 8: Deploy the Helm Chart - -1. Change to the SmartPages-Helmchart folder. -2. Extract the helm chart. - `tar xf ibm-dba-baca-prod-1.0.0.tgz` -3. Change to the stable/ibm-dba-baca-prod folder. -4. Edit values.yaml, changing the following values wherever they appear, using the [GitHub values.yaml Reference](/~https://github.com/icp4a/cert-kubernetes/blob/19.0.1/BACA/docs/values_yaml_parameters.md) -5. When editing values.yaml, for OCPoC under global add the secret ID so the section looks as follows: - ``` - global: - image: - pullSecrets: - - (secret ID name) - ``` -6. Install the helm chart. - `helm install . --name celery -f values.yaml --namespace --tiller-namespace tiller` - -## Step 9: Create an NGINX Pod -These steps create a pod called folder-creation-baca and its purpose is to provide the ability to add the folder structure required for logging. - -1. Change to the platforms folder. -2. Edit the nginx_folders.yaml if needed. -3. Create the pod. - `kubectl apply -f nginx_folders.yaml` -4. Log in to the pod. - `kubectl exec -ti folder-creation-baca bash` -5. Create folders used by BACA. - ``` - cd /logs - mkdir -p {backend,frontend,callerapi,processing-extraction,pdfprocess,setup,interprocessing,classifyprocess-classify,ocr-extraction,postprocessing,reanalyze,updatefiledetail,spfrontend,minio,redis,rabbitmq,mongo,mongoadmin,utf8process} - cd /data - mkdir -p {mongo,mongoadmin,redis,rabbitmq,minio} - cd /config - mkdir -p /config/backend - ``` -6. Set folder permissions to 51000:51001. - ``` - cd / - chown -Rf 51000:51001 /logs - chown -Rf 51000:51001 /data - chown -Rf 51000:51001 /config - ``` -7. Exit the pod. - `exit` - -## Step 10: Configure Routing - -1. Login to the OpenShift Web Console and in the dropdown in the top banner, select Cluster Console. -2. Note the URL, dropping https://console from the front. This will form the second part of the routing URL. -Create pass-through routing. - ``` - oc create route passthrough frontend --insecure-policy=Redirect --service=spfrontend --hostname=frontend. - oc create route passthrough backend --insecure-policy=Redirect --service=spbackend --hostname=backend. - ``` diff --git a/BACA/platform/nginx_folders.yaml b/BACA/platform/nginx_folders.yaml deleted file mode 100644 index c7d50545..00000000 --- a/BACA/platform/nginx_folders.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: folder-creation-baca - labels: - app: folder-creation-baca - namespace: baca -spec: - volumes: - - name: sp-config-pvc-baca - persistentVolumeClaim: - claimName: sp-config-pvc-baca - - name: sp-log-pvc-baca - persistentVolumeClaim: - claimName: sp-log-pvc-baca - - name: sp-data-pvc-baca - persistentVolumeClaim: - claimName: sp-data-pvc-baca - containers: - - name: folder-creation-baca - image: nginx:latest - ports: - - containerPort: 8080 - volumeMounts: - - name: sp-config-pvc-baca - mountPath: /config - - name: sp-log-pvc-baca - mountPath: /logs - - name: sp-data-pvc-baca - mountPath: /data \ No newline at end of file diff --git a/BAI/README.md b/BAI/README.md deleted file mode 100644 index 04654fc9..00000000 --- a/BAI/README.md +++ /dev/null @@ -1,693 +0,0 @@ -# Installing IBM Business Automation Insights on Certified Kubernetes - - -> **NOTE**: This procedure covers the deployment on certified Kubernetes. To deploy on IBM Cloud Private 3.1.2, see [Getting started with IBM Business Automation Insights](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.bai/topics/tut_getting_started.html). - -## Overview - -IBM Business Automation Insights is a platform-level component that provides visualization insights to business owners and feeds a data lake to infuse artificial intelligence into IBM Digital Business Automation. - -Based on state-of-the-art open source technologies, IBM Business Automation Insights captures all events that are generated by the operational systems implemented with the Digital Business Automation products, aggregates these events into business-relevant KPIs, and presents them in meaningful dashboards for lines of business to have a real-time view on their business operations. - -### Entities - -IBM Business Automation Insights processes and produces the following entities: - -- Raw events: Native events that are ingested and processed by IBM Business Automation Insights. - -- Time series: Simplified, flattened versions of raw events. - -- Summaries: Aggregations of time series. For example, each process instance, activity instance, or case instance has a summary entity. Summaries describe the current state of the process, activity, or case instance, and compute their duration. Summaries are complete when the process, activity, or case is completed. - -### Architecture diagram - - - -### Deployed artifacts - -When you install IBM Business Automation Insights, the following main elements are deployed: - -- A `bai-admin` pod in charge of the IBM Business Automation Insights REST API. -- An Apache Flink cluster (`bai-jobmanager` and `bai-taskmanager`) hosting the IBM Business Automation Insights event processing. -- Optionally, an Elasticsearch and Kibana cluster to gather data from the event processing. - -If you want to use an HDFS data lake, you must install it separately. - -## Requirements - -### Kubernetes cluster - -IBM Business Automation Insights requires a certified Kubernetes platform -(see [support statement](../README.md#support-statement)). - -### Helm command line interface - -To install Helm, follow these [instructions](https://docs.helm.sh/using_helm/#installing-helm). - -### Apache Kafka - -An Apache Kafka cluster must be up and running before you deploy IBM Business Automation Insights. -The Apache Kafka connection must be configured in the Helm Chart values. - -For a quick start, try [Confluent Apache Kafka Helm Chart](/~https://github.com/confluentinc/cp-helm-charts). - -To enable secure communications with Confluent Kafka by using the SASL security protocol, you must modify the values.yaml file of this chart. - -```yaml -kafka: - username: "kafka" - password: "kafka-password" - bootstrapServers: "kafka_ip_or_hostname:port" - securityProtocol: "SASL_SSL" - serverCertificate: "" -``` - -Define the username and password supplied in `kafka.username` and `kafka.password` on the Kafka server side in appropriate JAAS configuration files, such as `kafka_jaas.conf` and `zookeeper_jaas.conf`. - -- `kafka_jaas.conf` - -``` -KafkaServer { - org.apache.kafka.common.security.plain.PlainLoginModule required - username="kafka" - password="kafka-password" - user_kafka="kafka-password"; -}; - -Client { - org.apache.zookeeper.server.auth.DigestLoginModule required - username="admin" - password="admin-secret"; -}; -``` - -- `zookeeper_jaas.conf` - -``` -Server { - org.apache.zookeeper.server.auth.DigestLoginModule required - user_super="admin-secret" - user_admin="admin-secret"; -}; -``` - -To use a JAAS configuration and the SASL protocol, pass the following system properties to the Kafka and Zookeeper JVMs. - -``` --Djava.security.auth.login.config= --Djava.security.auth.login.config= --Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider --Dzookeeper.requireClientAuthScheme=sasl -``` -To do so, you can set the `KAFKA_OPTS` environment variable and assign it a string that contains these properties. - -To ensure SSL encryption between the Kafka client and the Kafka brokers, the kafka.serverCertificate parameter must contain the base64-encoded CA certificate that is used to sign each certificate of the Kafka brokers. - - -## Before you begin - -### Connect to the cluster - -1. Log in to your Kubernetes cluster. - - For example, on OpenShift: - ``` - oc login https://:8443 - ``` - -2. Create a namespace where to deploy IBM Business Automation Insights: - - ```sh - kubectl create namespace - ``` - -### Upload the images - -You need to upload the IBM Business Automation Insights images to the docker registry of the Kubernetes cluster. See: [Download a product package from PPA and load the images](../README.md#download-ppa-and-load-images). - -### Configure the storage - -IBM Business Automation Insights requires a certain number of persistent volumes. - -Apache Flink needs a persistent volume to store its internal state and to support fault tolerance and high availability. - -Choose between dynamic provisioning or creating the persistent volumes manually. - -#### Dynamic provisioning - -If you use dynamic provisioning, make sure to use a `StorageClass` with a `reclaimPolicy` set to `Retain`. Otherwise, you might lose your data when -you upgrade or update IBM Business Automation Insights because a different persistent volume might be allocated. - -Unless you intend to use the default `StorageClass` of your Kubernetes environment, you must set the following configuration properties with the `StorageClass` name to use: `flinkPv.storageClassName`, `ibm-dba-ek.data.storage.storageClass`, and `ibm-dba-ek.elasticsearch.data.snapshotStorage.storageClassName`. - -You then need to set `persistence.useDynamicProvisioning`,`ibm-dba-ek.elasticsearch.data.storage.useDynamicProvisioning`, and `ibm-dba-ek.elasticsearch.data.snapshotStorage.useDynamicProvisioning` to `true` when you deploy IBM Business Automation Insights. - -`ibm-dba-ek` settings are required only if you install embedded Elasticsearch. - -#### Manual provisioning - -In the current section, `` is a path that is NFS-shared by the NFS server with IP equal to ``. -You must ensure that your Kubernetes nodes have a very fast access to the NFS shared folders. -Usually, the NFS share is set up on the master node of your Kubernetes cluster, thus `` equals ``. - -If dynamic provisioning is not enabled on the Kubernetes cluster or if you prefer to control the provisioning, you must create persistent volumes from scratch. - -1. Create a persistent volume for Apache Flink. - - It is recommended to apply the `Retain` reclaim policy to make sure that data is not lost when you install a new release of IBM Business Automation Insights. -Use the following YAML file to create a persistent volume. Replace the placeholders with the values that are appropriate for your environment. - -```yaml -apiVersion: v1 -kind: PersistentVolume -metadata: - name: ibm-bai-pv -spec: - accessModes: - - ReadWriteMany - capacity: - storage: - nfs: - path: /ibm-bai-pv - server: - persistentVolumeReclaimPolicy: Retain - claimRef: - namespace: - name: -``` - -> **Note**: The `claimRef` section is optional. However, you must set it in a production environment if you want to make sure that your release always uses the same volume and if you do not want to lose your data. If you add the `claimRef` section, you must also set the namespace and the name of the persistent volume claim, as in step 2. - -2. *Optional*: Create a persistent volume claim for Apache Flink. - - Use the following YAML file to create a persistent volume claim. Replace the placeholders with the appropriate values. -The value of `` must match the name provided in the `claimRef` section of the persistent volume. -The `` value must be smaller than or equal to the value of the persistent volume storage capacity. -The persistent volume claim must provide enough space to fit the capacity set at installation time. The default capacity is `20Gi`. - -```yaml -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: - namespace: -spec: - storageClassName: "" - accessModes: - - ReadWriteMany - resources: - requests: - storage: -``` - -3. If you use embedded Elasticsearch, deployed together with IBM Business Automation Insights, rather than your own Elasticsearch, create the persistent volumes for Elasticsearch. - - It is recommended to apply the `Retain` reclaim policy to make sure that data is not lost when you install a new release of IBM Business Automation Insights. -The following YAML creates persistent volumes and sets the reclaim policy for two data nodes and a master node. - -```yaml -apiVersion: v1 -kind: PersistentVolume -metadata: - name: ibm-bai-ek-pv-0 -spec: - accessModes: - - ReadWriteOnce - capacity: - storage: 10Gi - nfs: - path: /ibm-bai-ek-pv-0 - server: - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: ibm-bai-ek-pv-1 -spec: - accessModes: - - ReadWriteOnce - capacity: - storage: 10Gi - nfs: - path: /ibm-bai-ek-pv-1 - server: - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: ibm-bai-ek-pv-2 -spec: - accessModes: - - ReadWriteOnce - capacity: - storage: 10Gi - nfs: - path: /ibm-bai-ek-pv-2 - server: - persistentVolumeReclaimPolicy: Retain -``` - -4. *Optional*: If you want to refine the binding of the persistent volumes, provide a `storageClassName` value in the persistent volume .yaml file and then reference it when you configure the IBM Business Automation Insights installation. - - Modify the sample [pv.yaml](./configuration/pv.yaml) and deploy it as follows: - - ```sh - kubectl apply -f pv.yaml - ``` - -#### Persistent volume access rights - -The access rights to the persistent volumes are as follows: -- user `9999` and group `9999` must have read and write access to the Apache Flink persistent volume. - -- user `1000` and group `1000` must have read and write access to the Elasticsearch persistent volumes. - -### Configure the image policy - -- If you use the Docker registry of the Kubernetes cluster, the default image policy, `default-dockercfg-*`, is applied. Check it out by running the following command: -```sh -kubectl get secrets -n | grep kubernetes.io/dockercfg -``` - -- If you use a Docker registry that is external to the Kubernetes cluster, you must define an image policy to be able to access the Docker registry: - -```sh -kubectl create secret docker-registry --docker-server= --docker-username= --docker-password= --docker-email= -n -``` - -## PodSecurityPolicy Requirements - -Before installation, this chart requires a PodSecurityPolicy resource to be bound to the target namespace. -The predefined PodSecurityPolicy resource named [`ibm-anyuid-psp`](https://ibm.biz/cpkspec-psp) has been verified for this chart. - -You must also set up the proper PodSecurityPolicy, Role, ServiceAccount, and RoleBinding Kubernetes resources to allow -the pods to run privileged containers. To achieve this, you must set up a custom PodSecurityPolicy definition. - -1- Adapt the following YAML content to reference your Kubernetes namespace and Business Automation Insights Helm release name, and save it to a file named `bai-psp.yml`, which sets up the Custom PodSecurityPolicy definition. -```yaml -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - annotations: - kubernetes.io/description: "This policy is required to allow ibm-dba-ek pods running Elasticsearch to use privileged containers." - name: -bai-psp -spec: - privileged: true - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - fsGroup: - rule: RunAsAny - volumes: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: -bai-role - namespace: -rules: -- apiGroups: - - extensions - resourceNames: - - -bai-psp - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: -bai-psp-sa ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: -bai-rolebinding - namespace: -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: -bai-role -subjects: -- kind: ServiceAccount - name: -bai-psp-sa - namespace: -``` -2- Execute: -```bash -kubectl create -f bai-psp.yaml -n -``` - -This command allows the pods to run the sysctl commands that are needed at initialization. - - -## Red Hat OpenShift SecurityContextConstraints Requirements - -If you are installing the chart on Red Hat OpenShift or OKD, the [ibm-anyuid-scc](https://ibm.biz/cpkscc-spec) SecurityContextConstraint is required to install the chart. - -If you are planning to install Elasticsearch and Kibana as part of IBM Business Automation Insights on Red Hat OpenShift or OKD, you must also create a service account that has the [ibm-privileged-scc](https://ibm.biz/cpkscc-spec) SecurityContextConstraint to allow running privileged containers: -``` -$ oc create serviceaccount -bai-psp-sa -$ oc adm policy add-scc-to-user ibm-privileged-scc -z -bai-psp-sa -``` - -If you cannot or do not want to allow running privileged containers, you can still install IBM Business Automation Insights but you must configure it to use an external Elasticsearch (in Helm values, set `elasticsearch.install: false`). - -## Installing - -There are two ways to deploy IBM Business Automation Insights to the Kubernetes cluster: - -### Install IBM Business Automation Insights by using the Helm chart and Tiller - -Refer to [Helm instructions](./helm-charts/README.md). - -### Install IBM Business Automation Insights by using Kubernetes YAML - -Refer to [Kubernetes instructions](./k8s-yaml/README.md). - -## Post-installation steps - -IBM Business Automation Insights is correctly deployed when all the jobs are completed, all the pods are running and ready, and all the services are reachable. - -- Monitor the status of the jobs and check that all of them are marked as successful by executing the following command: - ```sh -kubectl get jobs -n -``` -- Monitor the status of the pods and check that all of them are in `Running` mode and with all their containers `Ready` (for example, 2/2) by executing the following command: - ```sh -kubectl get pods -n -``` -- Verify that all the services are reachable by accessing the corresponding URLs. -When all the services have the default value for `serviceType`, that is, NodePort, the URLs are as follows: - ```sh -export NODE_IP=$(kubectl cluster-info | grep "master" | awk 'match($0, /([0-9]{1,3}\.){3}[0-9]{1,3}/) { print substr( $0, RSTART, RLENGTH )}') -export ADMIN_NODE_PORT=$(kubectl get svc -n "bai-bai-admin-service" -o 'jsonpath={.spec.ports[?(@.targetPort=="admin-rest")].nodePort}') -export ES_NODE_PORT=$(kubectl get svc -n "bai-ibm-dba-ek-client" -o 'jsonpath={.spec.ports[?(@.targetPort=="es-rest")].nodePort}') -export KIBANA_NODE_PORT=$(kubectl get svc -n "bai-ibm-dba-ek-kibana" -o 'jsonpath={.spec.ports[?(@.targetPort=="kibana-ui")].nodePort}') -echo "Admin REST API: https://$NODE_IP:$ADMIN_NODE_PORT" -echo "Elasticsearch REST API: https://$NODE_IP:$ES_NODE_PORT" -echo "Kibana: https://$NODE_IP:$KIBANA_NODE_PORT" -``` -Use the following default login/passwords to authenticate with Elasticsearch REST API and with Kibana: -- demo/demo -- admin/passw0rd - -> **Note:** To check the Admin REST API status, use `https://$NODE_IP:$ADMIN_NODE_PORT/api/health`. - -## Updating - -Depending on the updates that you plan, you might have to deploy new versions of some batch jobs. Because completed jobs cannot be updated, you must delete them before performing the update. - -### Prerequisites - -* Delete the batch jobs related to processing jobs if you plan to update parameters that affect the execution of processing jobs. These parameters include: Apache Flink settings (including RocksDB settings), Kafka configuration options, Elasticsearch general settings, and Kerberos authentication settings. -That is, properties in the values.yaml file that start with `flink.*`, `bpmn.*`, `ingestion.*`, `icm.*`, `odm.*`, `kafka.*`, `settings.*`, `kerberos.*`, or `elasticsearch.*`. -See the full list of properties in the [Configuration parameters](#configuration-parameters) section below. - - * Retrieve the job names: `kubectl get jobs --selector=release= -n | grep -v setup` - * Delete each job in the list: `kubectl delete job -n ` - -* Delete the bai-setup job if you update the `elasticsearch.url` property to change the Elasticsearch instance used by your Business Automation Insights system. - - `kubectl delete job -bai-setup -n ` - -* Delete all the batch jobs if you plan to update the docker images. - -### Update IBM Business Automation Insights by using Helm - -Refer to [Helm instructions](./helm-charts/README.md#update-the-helm-chart). - -### Update IBM Business Automation Insights by using Kubernetes - -Refer to [Kubernetes instructions](./k8s-yaml/README.md#update-ibm-business-automation-insights). - -## Configuration parameters - -Learn more about IBM Business Automation Insights and its configuration in the [Knowledge Center](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.bai/topics/con_bai_overview.html). - -### General configuration - -Parameter | Description | Default value | --------------------------------------|------------------------------------|-----------------------------------| -`persistence.useDynamicProvisioning` | Use Dynamic Provisioning | `true` | -`settings.egress` | Enable Data Egress to Apache Kafka | `true` | -`settings.ingressTopic` | Apache Kafka ingress topic | `[Release name]-ibm-bai-ingress` | -`settings.egressTopic` | Apache Kafka egress topic | `[Release name]-ibm-bai-egress` | -`settings.serviceTopic` | Apache Kafka service topic | `[Release name]-ibm-bai-service` | -`baiSecret` | Name of a secret that is already deployed to Kubernetes. See [below](#baiSecret) for details. | `None` | - -#### baiSecret - -A secret that contains the following keys: - -- `admin-username`: the username to authenticate against the admin REST API -- `admin-password`: the password to authenticate against the admin REST API -- `admin-key`: the private key in PEM format for secure communications with the administration service -- `admin-cert`: the certificate in PEM format for secure communications with the administration service -- `kafka-username`: the username to authenticate against Kafka -- `kafka-password`: the password to authenticate against Kafka -- `flink-ssl-keystore`: the keystore for secure communications with the Flink REST API -- `flink-ssl-truststore`: the truststore for secure communications with the Flink REST API -- `flink-ssl-internal-keystore`: the keystore for inter-node communications in the Flink cluster -- `flink-ssl-password`: the password of Flink keystore and truststore -- `kafka-server-cert`: the certificate in PEM format for secure communication with Kafka -- `kafka-ca-cert`: the CA certificate in PEM format for secure communication with Kafka -- `flink-security-krb5-keytab`: the Kerberos Keytab -- `elasticsearch-username`: the username for connection to the external Elasticsearch -- `elasticsearch-password`: the password for connection to the external Elasticsearch -- `elasticsearch-server-cert`: the certificate in PEM format for secure communication with Elasticsearch - -> **Note**: The secret must hold a value for each of these keys, even if their value is empty (when they are not relevant in your IBM Business Automation Insights configuration). -When you run `kubectl` to create a secret with empty values, you must turn validation off with the ` --validate=false` argument. - -This secret must be created in a production environment for overriding the default credentials. - -For example: -``` -kubectl create -f bai-prereq-secret.yaml --validate=false -``` - -If `baiSecret` is defined, it overrides the following values: -- `admin.username` -- `admin.password` -- `kafka.username` -- `kafka.password` -- `kafka.serverCertificate` -- `kerberos.keytab` -- `elasticsearch.username` -- `elasticsearch.password` -- `elasticsearch.serverCertificate` - -### Docker registry details - -Parameter | Description | Default value | -----------------------------|--------------------------|----------------| -`imageCredentials.registry` | Docker registry URL | None | -`imageCredentials.username` | Docker registry username | None | -`imageCredentials.password` | Docker registry password | None | -`imageCredentials.imagePullSecret` | The imagePullSecret for Docker images. See [below](#imagecredentials) for details. | None -`imagePullPolicy` | The pull policy for Docker images | None | - -#### imageCredentials.imagePullSecret - -An imagePullSecret for Docker images which overrides: -- `imageCredentials.registry` -- `imageCredentials.userName` -- `imageCredentials.password` - -Here is the command to create such a secret: - -``` -kubectl create secret docker-registry regcred --docker-server= --docker-username= --docker-password= --docker-email= -n -``` - -### Apache Kafka - -Parameter | Description | Default -----------------------------------|---------------------------------|-------- -`kafka.bootstrapServers` | Apache Kafka Bootstrap Servers. | `kafka.bootstrapserver1.hostname:9093,kafka.bootstrapserver2.hostname:9093,kafka.bootstrapserver3.hostname:9093` -`kafka.securityProtocol` | Apache Kafka `security.protocol` property value | `SASL_SSL` -`kafka.saslKerberosServiceName` | Apache Kafka `sasl.kerberos.service.name` property value | -`kafka.serverCertificate` | Apache Kafka server certificate for SSL communications (base64 encoded) | -`kafka.username` | Apache Kafka username | -`kafka.password` | Apache Kafka password | -`kafka.propertiesConfigMap` | Name of a ConfigMap already deployed to Kubernetes and that contains Kafka consumer and producer properties. For details, see [Specifying a configuration map for Kafka properties](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.bai/topics/tsk_bai_flink_kub_config_maps_kafka.html). | - -### Elasticsearch settings - -Parameter | Description | Default -----------|-------------|-------- -`elasticsearch.install` | Specifies whether Elasticsearch and Kibana must be deployed by using the ibm-dba-ek subchart | `true` -`elasticsearch.url` | Elasticsearch URL. Only relevant if you do not use the ibm-dba-ek subchart to install Elasticsearch. | -`elasticsearch.username` | Elasticsearch username. Only relevant if you do not use the ibm-dba-ek subchart to install Elasticsearch. | -`elasticsearch.password` | Elasticsearch password. Only relevant if you do not use the ibm-dba-ek subchart to install Elasticsearch. | -`elasticsearch.serverCertificate` | Elasticsearch server certificate for SSL communications (base64 encoded). This attribute is relevant only if you set `Install Elasticsearch` to false. | - -### Setup job - -Parameter | Description | Default -----------|-------------|-------- -`setup.image.repository` | Docker image name for the setup job | `bai-setup` -`setup.image.tag` | Docker image version for the setup job | `19.0.1` - -### Administration service -Parameter | Description | Default -----------|-------------|-------- -`admin.image.repository` | Docker image name for the Administration Service | `bai-admin` -`admin.image.tag` | Docker image version for the Administration Service | `19.0.1` -`admin.replicas` | Number of Administration Service replicas | 2 -`admin.username` | Sets the user name to the Administration Service | `admin` -`admin.password` | Sets the password to the Administration Service API | `passw0rd` -`admin.serviceType` | The way the Administration Service API must be exposed. Can be `NodePort` or `ClusterIP`. If you want to expose the service on Ingress, choose `ClusterIP`. After the Helm chart is deployed, create your own Ingress Kubernetes resource manually. | `NodePort` -`admin.externalPort` | The port to which the Administration Service API is exposed externally. Relevant only if `serviceType` is set to `NodePort`. | - -### Apache Flink persistent volume - -Parameter | Description | Default -----------|-------------|-------- -`flinkPv.capacity` | Persistent volume capacity | `20Gi` -`flinkPv.storageClassName` | Storage class name to be used if `persistence.useDynamicProvisioning` is `true` | -`flinkPv.existingClaimName`| By default, a new persistent volume claim is created. Specify an existing claim here if one is available. | - -### Apache Flink - -Parameter | Description | Default -----------|-------------|-------- -`flink.image.repository` | Docker image name for Apache Flink | `bai-flink` -`flink.image.tag` | Docker image version for Apache Flink | `19.0.1` -`flink.taskManagerHeapMemory` | Apache Flink Task Manager heap memory (in megabytes) | 1024 -`flink.taskManagerMemory` | Apache Flink Task Manager total memory (in megabytes). It has to be greater than `flink.taskManagerHeapMemory`. | 1536 -`flink.jobCheckpointingInterval` | Interval between checkpoints of Apache Flink jobs | `5000` -`flink.batchSize` | Batch size for bucketing sink storage | `268435456` -`flink.checkInterval` | How frequently (in milliseconds) the job checks for inactive buckets | `300000` -`flink.bucketThreshold` | The minimum time (in milliseconds) after which a bucket that does not receive new data is considered inactive | `900000` -`flink.storageBucketUrl` | The HDFS URL for long-term storage (e.g. `hdfs://:/bucket_path`) | -`flink.rocksDbPropertiesConfigMap` | Name of a ConfigMap already deployed to Kubernetes that contains advanced RocksDB properties | -`flink.log4jConfigMap` | Name of a configMap already deployed to Kubernetes that overrides the default bai-flink-log4j configMap | -`flink.hadoopConfigMap` | Name of a ConfigMap already deployed to Kubernetes that contains HDFS configuration (core-site.xml and hdfs-site.xml) | -`flink.zookeeper.image.repository` | Docker image name for Apache Zookeeper | `bai-flink` -`flink.zookeeper.image.tag` | Docker image version for Apache Zookeeper | `19.0.1` -`flink.zookeeper.replicas` | Number of Apache Zookeeper replicas | 1 - -### IBM Business Automation Workflow - BPMN processing - -Parameter | Description | Default -----------|-------------|-------- -`bpmn.install` | Whether to install Business Process Model & Notation (BPMN) event processing or not. | `true` -`bpmn.image.repository` | Docker image name for BPMN event processing. | `bai-bpmn` -`bpmn.image.tag` | Docker image version number for BPMN event processing. | `19.0.1` -`bpmn.recoveryPath` | The path to the savepoint or checkpoint from which a job will recover. You can use this path to restart the job from a previous state in case of failure. To use the default workflow of the job, leave this option empty. | -`bpmn.endAggregationDelay` | The delay in milliseconds before clearing the states used for summary transformation. | `10000` -`bpmn.parallelism` | The number of parallel instances (task managers) to use for running the processing job. | - -### IBM Business Automation Workflow - Advanced Processing - -Parameter | Description | Default -----------|-------------|-------- -`bawadv.install` | Whether to install Business Automation Workflow Advanced (BAW) event processing (for BPEL processes, human tasks, ...) or not. | `true` -`bawadv.image.repository` | Docker image name for BAW Advanced event processing. | `bai-bawadv` -`bawadv.image.tag` | Docker image version for BAW Advanced event processing | `19.0.1` -`bawadv.recoveryPath` | The path to the savepoint or checkpoint from which a job will recover. You can use this path to restart the job from a previous state in case of failure. To use the default workflow of the job, leave this option empty. | -`bawadv.parallelism` | The number of parallel instances (task managers) to use for running the processing job. | - -### IBM Business Automation Workflow - Case processing - -Parameter | Description | Default -----------|-------------|-------- -`icm.install` | Whether to install IBM Case Manager (ICM) event processing or not. | `true` -`icm.image.repository` | Docker image name for ICM events processing. | `bai-icm` -`icm.image.tag` | Docker image version for ICM events processing. | `19.0.1` -`icm.recoveryPath` | The path to the savepoint or checkpoint from which a job will recover. You can use this path to restart the job from a previous state in case of failure. To use the default workflow of the job, leave this option empty. | -`icm.parallelism` | The number of parallel instances (task managers) to use for running the processing job. | - -### IBM Operational Decision Manager processing - -Parameter | Description | Default -----------|-------------|-------- -`odm.install` | Whether to install IBM Operational Decision Manager (ODM) event processing or not. | `true` -`odm.image.repository` | Docker image name for ODM event processing. | `bai-odm` -`odm.image.tag` | Docker image version for ODM event processing | `19.0.1` -`odm.recoveryPath` | The path to the savepoint or checkpoint from which a job will recover. You can use this path to restart the job from a previous state in case of failure. To use the default workflow of the job, leave this option empty. | -`odm.parallelism` | The number of parallel instances (task managers) to use for running the processing job | - -### IBM Content Platform Engine Processing - -Parameter | Description | Default -----------|-------------|-------- -`content.install` | Whether to install IBM Content Platform Engine (Content) event processing or not. | `true` -`content.image.repository` | Docker image name for Content event processing. | `bai-content` -`content.image.tag` | Docker image version for Content event processing | `19.0.1` -`content.recoveryPath` | The path to the savepoint or checkpoint from which a job will recover. You can use this path to restart the job from a previous state in case of failure. To use the default workflow of the job, leave this option empty. | -`content.parallelism` | The number of parallel instances (task managers) to use for running the processing job. | - -### IBM Business Automation Workflow Advanced processing - -Parameter | Description | Default -----------|-------------|-------- -`bawadv.install` | Whether to install Business Automation Workflow Advanced (BAW) event processing (for BPEL processes, human tasks, ...) or not. | `true` -`bawadv.image.repository` | Docker image name for BAW Advanced event processing. | `bai-bawadv` -`bawadv.image.tag` | Docker image version for BAW Advanced event processing | `latest` -`bawadv.recoveryPath` | The path to the savepoint or checkpoint from which a job will recover. You can use this path to restart the job from a previous state in case of failure. To use the default workflow of the job, leave this option empty. | -`bawadv.parallelism` | The number of parallel instances (task managers) to use for running the processing job. | - -### Raw events processing - -Parameter | Description | Default -----------|-------------|-------- -`ingestion.install` | Whether to install raw event processing or not. | true -`ingestion.image.repository` | Docker image name for raw event processing. | `bai-ingestion` -`ingestion.image.tag` | Docker image version for raw event processing | `19.0.1` -`ingestion.recoveryPath` | The path to the savepoint or checkpoint from which a job will recover. You can use this path to restart the job from a previous state in case of failure. To use the default workflow of the job, leave this option empty. | -`ingestion.parallelism` | The number of parallel instances (task managers) to use for running the processing job | - -### Kerberos configuration - -Parameter | Description | Default -----------|-------------|-------- -`kerberos.enabledForKafka` | Set to true to enable Kerberos authentication to the Kafka server | `false` -`kerberos.enabledForHdfs` | Set to true to enable Kerberos authentication to the HDFS server | `false` -`kerberos.realm` | Kerberos default realm name | -`kerberos.kdc` | Kerberos key distribution center host | -`kerberos.principal` | Sets the Kerberos principal to authenticate with | -`kerberos.keytab` | Sets the Kerberos Keytab (base64 encoded) | - -### Init Image configuration - -Parameter | Description | Default -----------|-------------|-------- -`initImage.image.repository` | Docker image name for initialization containers | `bai-init` -`initImage.image.tag` | Docker image version for initialization containers | `19.0.1` - -### Elasticsearch-Kibana subchart - -If `elasticsearch.install` is set to `true`, Elasticsearch and Kibana are deployed as the ibm-dba-ek subchart. - -You can set values for the `ibm-dba-ek` subchart under the `ibm-dba-ek` key. These attributes are relevant only if you use the `ibm-dba-ek` subchart to install Elasticsearch into Kubernetes (see `elasticsearch.install`). You can adjust the values for this subchart if you want to set up your own set of users or to update the deployment topology or persistent storage management. - -With the default configuration, which must not be used in a production environment, you can access Kibana by using the following credentials: - -- admin:passw0rd -- demo:demo - -In a production environment, you must create a secret with the following keys: - -- `elasticsearch-username`: A Kibana username with administration privileges for connection to an external Elasticsearch -- `elasticsearch-password`: A Kibana password for connection to an external Elasticsearch - -The name you choose for that secret must be specified in the values: - -```yaml -ibm-dba-ek: - ekSecret: "" -``` - -For details, regarding the ibm-dba-ek subchart Helm values: -- [Elasticsearch parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/topics/ref_bai_es_params.html) -- [Kibana parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/topics/ref_bai_kibana_params.html) diff --git a/BAI/README_config.md b/BAI/README_config.md new file mode 100644 index 00000000..0bf0c7c7 --- /dev/null +++ b/BAI/README_config.md @@ -0,0 +1,269 @@ +# Configuring IBM® Business Automation Insights + +These instructions cover the basic configuration of IBM Business Automation Insights. + +In order to use Business Automation Insights with other components in the IBM Cloud Pak for Automation you also need to configure them to emit events. + +For more information on the IBM Cloud Pak for Automation, see the [IBM Cloud Pak for Automation Knowledge Center](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/welcome/kc_welcome_dba_distrib.html). + +## Before you start + +If you have not done so, go to the [IBM Cloud Pak for Automation 19.0.x](http://engtest01w.fr.eurolabs.ibm.com:9190/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_preparing_baik8s.html) Knowledge Center and follow the steps to prepare your environment for Business Automation Insights. + +This README will summarize a number of the preparation steps found in the Knowledge Center. For more information at each stage refer to the Knowledge Center links provided. + +## Step 1: Make a copy of the sample Custom Resource + +The IBM Cloud Pak for Automation operator uses a single Custom Resource to install the required Cloud Pak products. These instructions provide an example ICP4ACluster Custom Resource [`configuration/bai-sample-values.yaml`](configuration/bai-sample-values.yaml). You can use this yaml file to customize your Business Automation Insights install, then copy the `bai_configuration` section of the CR yaml to the single ICP4ACluster CR yaml for all Cloud Pak products. + +To begin customizing a basic installation first clone this repository and then copy the [`configuration/bai-sample-values.yaml`](configuration/bai-sample-values.yaml) configuration file into a working directory. + +## Step 2: Edit the Custom Resource + +Open the `bai-sample-values.yaml` ICP4ACluster Custom Resource file in a text/code editor. + +There are a number of values you need to customize: + +* Change all occurrences of `` to the location of the registry hosting the Business Automation Insights Docker images + +* Change all occurrences of `` to the name of the Docker pull secret created above, for example `icp4apull` + +* Ensure the `tag` value for all configuration matches the Docker tag used for the Docker images in your repository + +### Step 2.1: Customize the Apache Kafka Configuration + +#### Step 2.1.1: Apache Kafka connection configuration + +To configure Business Automation Insights to interact with your installation of Apache Kafka you need to customize the `bai_configuration.kafka` section of the Custom Resource. + +Below is an example of a simple Kafka configuration: + +```yaml + kafka: + bootstrapServers: "kafka-0.example.com:9092,kafka-1.example.com:9092,kafka-2.example.com:9092" + securityProtocol: "PLAINTEXT" +``` + +For advanced Apache Kafka configuration, including security options, refer to the [IBM Business Automation Insights Knowledge Center - Apache Kafka parameters](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_bai_k8s_kafka_params.html). + +#### Step 2.1.2: Apache Kafka topic configuration + +Business Automation Insights uses a number of Apache Kafka topics. To customize the names of these topics, uncomment and alter the settings below: + +```yaml + settings: + egress: true + ingressTopic: ibm-bai-ingress + egressTopic: ibm-bai-egress + serviceTopic: ibm-bai-service +``` + +More information about this can be found in the [IBM Business Automation Insights Knowledge Center - Apache Kafka parameters](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_bai_k8s_kafka_params.html), including an explanation of egress functionality. + +### Step 2.2 Persistent Storage +When configuring Business Automation Insights you have a number of options regarding persistent storage. + +Below is a summary of the persistent storage used by Business Automation Insights: + +| Volume | Default volume name | Default Storage | Required | Access Mode | Number of volumes | +| --------------------------------- | ------------------------------------------ | --------------- | -------- | ------------- | ----------------- | +| Flink volume | -bai-pvc | 20Gi | Yes | ReadWriteMany | 1 | +| ElasticSearch Master | data--ibm-dba-ek-master-_replica_ | 10Gi | No | ReadWriteOnce | 1 per replica | +| ElasticSearch Data | data--ibm-dba-ek-data-_replica_ | 10Gi | No | ReadWriteOnce | 1 per replica | +| ElasticSearchSnapshot Storage | -es-snapshot-storage-pvc | 30Gi | No | ReadWriteMany | 1 | + +The Flink volume is used by multiple pods for normal operation of Business Automation Insights. For more information on the Business Automation Insights persistent volume configuration see [IBM Business Automation Insights Knowledge Center - Apache Flink parameters](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_bai_k8s_flink_params.html). + +If you are using the embedded ElasticSearch stack you can choose to enable persistence for the ElasticSearch nodes (with a volume for each replica of the master and data nodes), and for snapshot storage. For more information on the embedded ElasticSearch volume configuration see [IBM Business Automation Insights Knowledge Center - Elasticsearch parameters](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_bai_k8s_es_params.html) + +#### Example configuration using dynamic provisioning + +If your cluster has dynamic volume provisioning the example shows a storage configuration (as found in the `bai-sample-values.yaml` file) when persistence is enabled: + +```yaml + persistence: + useDynamicProvisioning: true + + flinkPv: + storageClassName: "" + + ibm-dba-ek: + elasticsearch: + data: + storage: + persistent: true + useDynamicProvisioning: true + storageClass: "" + snapshotStorage: + enabled: true + useDynamicProvisioning: true + storageClassName: "" +``` + +This configuration creates the four `PersistentVolumeClaim` resources listed with the default configuration. To use dynamic provisioning, change all occurrences of `` and `` to the name of the storage classes appropriate for your deployment platform. + +> Note: The `bai_configuration.flinkPv.storageClassName` and `bai_configuration.ibm-dba-ek.elasticsearch.data.snapshotStorage.storageClassName` storage classes must be capable of access mode `ReadWriteMany`. Additional configuration may be required on some platforms to create a `ReadWriteMany` capable storage class. `bai_configuration.ibm-dba-ek.elasticsearch.data.storage.storageClass` requires a `ReadWriteOnce` access mode capable storage class, available by default on many cloud platforms. + +#### Example configuration using static provisioning + +If you want to manually create `PersistentVolume` and `PersistentVolumeClaim` resources use the following template for an example configuration: + +```yaml + persistence: + useDynamicProvisioning: false + + flinkPv: + existingClaimName: "" + + ibm-dba-ek: + elasticsearch: + data: + storage: + persistent: true + useDynamicProvisioning: false + storageClass: "" + snapshotStorage: + enabled: true + useDynamicProvisioning: false + existingClaimName: "" +``` + +### Step 2.3 Product event processors + +By default, no event processor setup pods are started when Business Automation Insights is installed. The event processor setup pods are required in order to configure Business Automation Insights to be able to ingest events from other products in the IBM Cloud Pak for Automation. + +Each product has an `install` parameter in the `bai_configuration` Custom Resource section, as shown below: + +```yaml + ingestion: + install: false + image: + repository: /bai-ingestion + tag: "19.0.3" + + adw: + install: false + image: + repository: /bai-adw + tag: "19.0.3" + + bpmn: + install: false + image: + repository: /bai-bpmn + tag: "19.0.3" + + bawadv: + install: false + image: + repository: /bai-bawadv + tag: "19.0.3" + + icm: + install: false + image: + repository: /bai-icm + tag: "19.0.3" + + odm: + install: false + image: + repository: /bai-odm + tag: "19.0.3" + + content: + install: false + image: + repository: /bai-content + tag: "19.0.3" +``` + +For each products that you want to process events from change the `install` parameter to `true`. For example to process events from IBM Operation Decision Manager set `spec.bai_configuration.odm.install` to `true`. + +## Step 3: Security configuration + +Business Automation Insights requires some additional security configuration. + +### Step 3.1: Create security configuration + +Use the following template to create a [`BAI/configuration/bai-psp-yaml`](configuration/bai-psp.yaml) file containing the required `PodSecurityPolicy`, `Role`, `RoleBinding` and `ServiceAccount` resources needed by BAI. + +**Example bai-psp.yaml** + +```yaml +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + annotations: + kubernetes.io/description: "This policy is required to allow ibm-dba-ek pods running Elasticsearch to use privileged containers." + name: -bai-psp +spec: + privileged: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + fsGroup: + rule: RunAsAny + volumes: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: -bai-role +rules: +- apiGroups: + - extensions + resourceNames: + - -bai-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -bai-psp-sa +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: -bai-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: -bai-role +subjects: +- kind: ServiceAccount + name: -bai-psp-sa +``` + +After creating the file, replace all occurrences of `` with the name of your ICP4ACluster Custom Resource created in Step 3. + +### Step 3.2: Apply the security configuration + +To apply the configuration you can use the `kubectl` command line utility: + +```bash +kubectl apply -f bai-psp.yaml +``` + +For RedHat OpenShift, additional policies may be required to enable the `Pod` resources to start containers using the required UIDs. To ensure these containers can start use the `oc` command to add the service accounts to the required `privileged` SCC: + +```bash +oc adm policy add-scc-to-user privileged -z -bai-psp-sa +oc adm policy add-scc-to-user privileged -z default +``` + +## Step 4: Complete the installation + +Go back to the relevant install or update page to configure other components and complete the deployment with the operator. + +Install pages: + - [Managed OpenShift installation page](../platform/roks/install.md) + - [OpenShift installation page](../platform/ocp/install.md) + - [Certified Kubernetes installation page](../platform/k8s/install.md) diff --git a/BAI/README_migrate.md b/BAI/README_migrate.md new file mode 100644 index 00000000..3f2166b4 --- /dev/null +++ b/BAI/README_migrate.md @@ -0,0 +1,85 @@ +# Upgrading IBM® Business Automation Insights + +These instructions cover upgrading IBM® Business Automation Insights. + +## Upgrading from IBM® Business Automation Insights version 19.0.2 to 19.0.3 + +These intructions will detail upgrading from a Helm / Kubernetes resource installation of Business Automation Insights version 19.0.2 to a Operator install of Business Automation Insights version 19.0.3. + +### Important note about Elasticsearch snapshot storage + +If Dynamic Provisioning was used to create the Elasticsearch snapshot storage PersistentVolumeClaim for Business Automation Insights version 19.0.2, deleting this release will delete this PersistentVolumeClaim. It is recommended you backup the data in the PersistentVolume before uninstalling this release. + +If Static Provisioning was used to provision the snapshot storage PersistentVolumeClaim, this storage can be reused for 19.0.3. The value for `ibm-dba-ek.elasticsearch.data.snapshotStorage.existingClaimName` can be used for the `spec.bai_configuration.ibm-dba-ek.elasticsearch.data.snapshotStorage.existingClaimName` value in the new ICP4ACluster custom resource (see Step 3. Migrate custom values to Custom Resource). + +### Step 1: Get latest configuration values + +Before uninstalling Business Automation Insights version 19.0.2 ensure the configuration values used for this installation are available. + +To do this, either: +* Retrieve the original `values.yaml` configuration parameter overrides file used in the `helm install` or `helm template` command for the installation. This file would have been specified using the `-f` flag in the original install. +* Alternatively, if the configuration parameters have changed since install, it is recommended to export the latest values using this command: + +```bash +helm get values my-bai-release +``` + +### Step 2: Uninstall Business Automation Insights version 19.0.2 + +> **Note** Events sent to Kafka by product event processors between the uninstallation of the previous release and the completion of the installation of 19.0.3 are not processed by Business Automation Insights 19.0.3. + +Depending on the installation method used to install Business Automation Insights, use one of the following methods to uninstall the 19.0.2 version. + +#### Helm installation (using `helm install`) + +Use the `helm delete` command to delete the Helm release for the Business Automation Insights installation: + +```bash +helm delete --purge my-bai-release +``` + +#### Kubernetes Resource installation (using `helm template`) + +Use the following procedure if the `helm template` command was used to generate Kubernetes YAML files to install Business Automation Insights version 19.0.2: +1. Navigate to the directory where the YAML files were exported. This is the directory set using the `--output-dir` flag in the `helm template` command. +2. Run the `kubectl delete` command for the installed resources: + +```bash +kubectl delete -f ./ibm-business-automation-insights/templates && \ +kubectl delete -f ./ibm-business-automation-insights/charts/ibm-dba-ek/templates +``` + +### Step 3: Clean up Flink persistent storage + +**IMPORTANT** You must ensure that the PersistentVolume used for Flink in the 19.0.2 release is deleted, or the contents are cleared. Due to an upgrade of Apache Flink, the data stored is not able to be reused between installations. + +For information regarding cleaning up persistent storage following an uninstallation see [README_uninstall.md](README_uninstall.md). + +#### Dynamic Provisioning + +If you used dynamically provisioning for your 19.0.2 installation, ensure that the PersistentVolumeClaim that was created as part of the 19.0.2 release has been deleted. + +#### Static Provisioning + +If you used static provisioning ensure that either: +* The PersistentVolume and PersistentVolumeClaim defined in the flinkPv.existingVolumeClaim parameter in your helm installation has been deleted following uninstallation; or +* The contents of the PersistentVolume have been deleted following uninstallation. This may be applicable if you are using NFS mounted storage + +### Step 4: Migrate custom values to Custom Resource + +Copy the configuration parameters used to setup and configure Business Automation Insights from the `values.yaml` override file used for the helm installation of a 19.0.2 release of Business Automation Insights (as detailed in Step 1) to a new ICP4ACluster Custom Resource under the `bai_configuration` section. + +For more information on how to configure the ICP4ACluster Custom Resource see [README_config.md](README_config.md). + +### Step 5: Preinstallation steps + +Read [README_config.md](README_config.md) to ensure all preinstallation instructions have been completed before installing Business Automation Insights version 19.0.3 + +## Step 6: Complete the upgrade + +Go back to the relevant update page to configure other components and complete the deployment with the operator. + +Update pages: + - [Managed OpenShift installation page](../platform/roks/update.md) + - [OpenShift installation page](../platform/ocp/update.md) + - [Certified Kubernetes installation page](../platform/k8s/update.md) diff --git a/BAI/README_uninstall.md b/BAI/README_uninstall.md new file mode 100644 index 00000000..99749247 --- /dev/null +++ b/BAI/README_uninstall.md @@ -0,0 +1,71 @@ +# Uninstalling IBM® Business Automation Insights + +These instructions cover uninstalling IBM® Business Automation Insights. + +> **WARNING** If you have used Dynamic Provision to provision the snapshot storage used by the embedded Elasticsearch, the PVC will be deleted as part of the uninstall. It is recommended to back-up any snapshots before following these instructions. + +## Step 1: Uninstall Custom Resource + +Detailed uninstall instructions can be found on the uninstall page for your platform: + - [Managed OpenShift installation page](../platform/roks/uninstall.md) + - [OpenShift installation page](../platform/ocp/uninstall.md) + - [Certified Kubernetes installation page](../platform/k8s/uninstall.md) + +As mentioned in the above pages to begin the uninstall of Business Automation Insights use `kubectl` to delete the Custom Resource: + +```bash +kubectl delete -f my_icp4a_cr.yaml +``` + +Alternatively, you can use the `oc` command to delete the Custom Resource: + +```bash +oc delete -f my_icp4a_cr.yaml +``` + +The Operator will now start to uninstall Business Automation Insights. + +## Step 2: Deallocate storage + +To clean up storage used by Business Automation Insights, you will have to follow the instructions below. + +### Statically provisioned storage + +If you chose to statically provision storage for Flink or Snapshot Storage, the PersistentVolumeClaims and PersistentVolumes that you manually created will not be deleted. To completely remove all data, you will need to delete this storage manually. + +### Embedded Elasticsearch volumes + +If you installed with the embedded Elasticsearch enabled, the volumes created for the *master* and *data* replicas of the Elasticsearch pods will not be deleted when uninstalling. To completely remove an installation you will need to delete the relevant PersistentVolumeClaims and PersistentVolumes. + +To do this run the command: + +```bash +kubectl delete pvc/pvc-name +``` + +For example: + +```bash +kubectl delete pvc/data-bai-ibm-dba-ek-data-0 +``` + +To get a list of all PersistentVolumeClaims run the command: + +```bash +kubectl get pvc +``` + +## Step 3: Security configuration + +If you used the bai-psp.yaml file referenced in [README_config.yaml](README_config.yaml) to install the required `PodSecurityPolicy`, `Role`, `RoleBinding` and `ServiceAccount` resources needed by Business Automation Insights, you will need to remove this configuration using `kubectl`: + +```bash +kubectl delete -f bai-psp.yaml +``` + +If you are using RedHat OpenShift, it is advised you also remove the default service account and Business Automation Insights service account (defined in the bai-psp.yaml file) from privileged SCC: + +```bash +oc adm policy remove-scc-from-user privileged -z -bai-psp-sa +oc adm policy remove-scc-from-user privileged -z default +``` \ No newline at end of file diff --git a/BAI/configuration/bai-pod-security-policy.yaml b/BAI/configuration/bai-pod-security-policy.yaml deleted file mode 100644 index c4a39ddb..00000000 --- a/BAI/configuration/bai-pod-security-policy.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: bai-psp -spec: - privileged: true - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - fsGroup: - rule: RunAsAny - volumes: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - name: bai-clusterrole -rules: -- apiGroups: - - extensions - resourceNames: - - bai-psp - resources: - - podsecuritypolicies - verbs: - - use diff --git a/BAI/configuration/bai-psp.yaml b/BAI/configuration/bai-psp.yaml new file mode 100644 index 00000000..4869da2b --- /dev/null +++ b/BAI/configuration/bai-psp.yaml @@ -0,0 +1,59 @@ +############################################################################### +# +# Licensed Materials - Property of IBM +# +# (C) Copyright IBM Corp. 2019. All Rights Reserved. +# +# US Government Users Restricted Rights - Use, duplication or +# disclosure restricted by GSA ADP Schedule Contract with IBM Corp. +# +############################################################################### +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + annotations: + kubernetes.io/description: "This policy is required to allow ibm-dba-ek pods running Elasticsearch to use privileged containers." + name: -bai-psp +spec: + privileged: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + fsGroup: + rule: RunAsAny + volumes: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: -bai-role +rules: +- apiGroups: + - extensions + resourceNames: + - -bai-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -bai-psp-sa +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: -bai-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: -bai-role +subjects: +- kind: ServiceAccount + name: -bai-psp-sa \ No newline at end of file diff --git a/BAI/configuration/bai-sample-values.yaml b/BAI/configuration/bai-sample-values.yaml new file mode 100644 index 00000000..338957b2 --- /dev/null +++ b/BAI/configuration/bai-sample-values.yaml @@ -0,0 +1,141 @@ +############################################################################### +# +# Licensed Materials - Property of IBM +# +# (C) Copyright IBM Corp. 2019. All Rights Reserved. +# +# US Government Users Restricted Rights - Use, duplication or +# disclosure restricted by GSA ADP Schedule Contract with IBM Corp. +# +############################################################################### +apiVersion: icp4a.ibm.com/v1 +kind: ICP4ACluster +metadata: + name: bai-demo + labels: + app.kubernetes.io/instance: ibm-dba + app.kubernetes.io/managed-by: ibm-dba + app.kubernetes.io/name: ibm-dba + release: 19.0.3 +spec: + bai_configuration: + imageCredentials: + imagePullSecret: + + persistence: + useDynamicProvisioning: true + + flinkPv: + storageClassName: "" + + kafka: + bootstrapServers: "kafka.bootstrapserver1.hostname:9092,kafka.bootstrapserver2.hostname:9092,kafka.bootstrapserver3.hostname:9092" + securityProtocol: "PLAINTEXT" + + # settings: + # egress: true + # ingressTopic: ibm-bai-ingress + # egressTopic: ibm-bai-egress + # serviceTopic: ibm-bai-service + + setup: + image: + repository: /bai-setup + tag: "19.0.3" + + admin: + image: + repository: /bai-admin + tag: "19.0.3" + + flink: + initStorageDirectory: true + image: + repository: /bai-flink + tag: "19.0.3" + zookeeper: + image: + repository: /bai-flink-zookeeper + tag: "19.0.3" + + ingestion: + install: false + image: + repository: /bai-ingestion + tag: "19.0.3" + + adw: + install: false + image: + repository: /bai-adw + tag: "19.0.3" + + bpmn: + install: false + image: + repository: /bai-bpmn + tag: "19.0.3" + + bawadv: + install: false + image: + repository: /bai-bawadv + tag: "19.0.3" + + icm: + install: false + image: + repository: /bai-icm + tag: "19.0.3" + + odm: + install: false + image: + repository: /bai-odm + tag: "19.0.3" + + content: + install: false + image: + repository: /bai-content + tag: "19.0.3" + + initImage: + image: + repository: /bai-init + tag: "19.0.3" + + elasticsearch: + install: true + + ibm-dba-ek: + image: + imagePullPolicy: Always + imagePullSecret: + + elasticsearch: + image: + repository: /bai-elasticsearch + tag: "19.0.3" + init: + image: + repository: /bai-init + tag: "19.0.3" + data: + storage: + persistent: true + useDynamicProvisioning: true + storageClass: "" + snapshotStorage: + enabled: true + useDynamicProvisioning: true + storageClassName: "" + + kibana: + image: + repository: /bai-kibana + tag: "19.0.3" + init: + image: + repository: /bai-init + tag: "19.0.3" diff --git a/BAI/configuration/pv.yaml b/BAI/configuration/pv.yaml deleted file mode 100644 index ca700a36..00000000 --- a/BAI/configuration/pv.yaml +++ /dev/null @@ -1,103 +0,0 @@ -## persistent volume & claims definition to be run once in the cluster -apiVersion: v1 -kind: PersistentVolume -metadata: - name: bai-pv -spec: - accessModes: - - ReadWriteMany - capacity: - storage: 20Gi - nfs: - path: /export/NFS/bai/bai-pv - server: - persistentVolumeReclaimPolicy: Retain - claimRef: - namespace: bai - name: bai-pvc ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: bai-pvc -spec: - storageClassName: "" - accessModes: - - ReadWriteMany - resources: - requests: - storage: 20Gi ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: bai-ek-data-pv-0 -spec: - storageClassName: "bai-ek-data" - accessModes: - - ReadWriteOnce - capacity: - storage: 10Gi - nfs: - path: /export/NFS/bai/ek-data-0 - server: - persistentVolumeReclaimPolicy: Recycle ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: bai-ek-data-pv-1 -spec: - storageClassName: "bai-ek-data" - accessModes: - - ReadWriteOnce - capacity: - storage: 10Gi - nfs: - path: /export/NFS/bai/ek-data-1 - server: - persistentVolumeReclaimPolicy: Recycle ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: bai-ek-data-pv-2 -spec: - storageClassName: "bai-ek-data" - accessModes: - - ReadWriteOnce - capacity: - storage: 10Gi - nfs: - path: /export/NFS/bai/ek-data-2 - server: - persistentVolumeReclaimPolicy: Recycle ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: bai-ek-snapshots-pv -spec: - accessModes: - - ReadWriteMany - capacity: - storage: 30Gi - nfs: - path: /export/NFS/bai/ek-snapshots - server: - persistentVolumeReclaimPolicy: Retain - claimRef: - namespace: bai - name: bai-ek-snapshots-pvc ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: bai-ek-snapshots-pvc -spec: - storageClassName: "" - accessModes: - - ReadWriteMany - resources: - requests: - storage: 30Gi diff --git a/BAI/configuration/sample-secure-values.yaml b/BAI/configuration/sample-secure-values.yaml deleted file mode 100644 index 54525ffb..00000000 --- a/BAI/configuration/sample-secure-values.yaml +++ /dev/null @@ -1,90 +0,0 @@ -persistence: - useDynamicProvisioning: true - -imageCredentials: - registry: - username: - password: - -kafka: - bootstrapServers: "" - securityProtocol: "SASL_SSL" - username: "" - password: "" - serverCertificate: "" - -settings: - ingressTopic: "bai-release-ingress" - egressTopic: "bai-release-egress" - serviceTopic: "bai-release-service" - -setup: - image: - repository: /bai-setup - -admin: - image: - repository: /bai-admin - externalPort: - -flinkPv: - existingClaimName: "" - -flink: - image: - repository: /bai-flink - storageBucketUrl: "" - - zookeeper: - image: - repository: /bai-flink/zookeeper - -ingestion: - image: - repository: /bai-ingestion - -bpmn: - install: true - image: - repository: /bai-bpmn - -bawadv: - install: false - -icm: - install: false - -odm: - install: false - -content: - install: false - -initImage: - image: - repository: /bai-init - -ibm-dba-ek: - image: - credentials: - registry: - username: - password: - elasticsearch: - init: - image: - repository: /bai-init - image: - repository: /bai-elasticsearch - - data: - snapshotStorage: - enabled: - existingClaimName: "" - client: - externalPort: 31200 - - kibana: - image: - repository: /bai-kibana - externalPort: 31501 \ No newline at end of file diff --git a/BAI/configuration/sample-values.yaml b/BAI/configuration/sample-values.yaml deleted file mode 100644 index 9aa567d4..00000000 --- a/BAI/configuration/sample-values.yaml +++ /dev/null @@ -1,60 +0,0 @@ -# This is a customized values.yaml sample. -# In this sample, only the BPMN event processing is enabled. - -persistence: - useDynamicProvisioning: true - -imagePullPolicy: IfNotPresent - -kafka: - bootstrapServers: "kafka-release-cp-kafka-headless:9092" - securityProtocol: "PLAINTEXT" - -elasticsearch: - install: true - -settings: - egress: false - ingressTopic: bai-release-ingress - serviceTopic: bai-release-service - - -admin: - replicas: 1 - serviceType: NodePort - externalPort: 31100 - -# don't install ICM event processing -icm: - install: false - -# don't install ODM event processing -odm: - install: false - -# don't install BAWAdv event processing -bawadv: - install: false - -# don't install Content event processing -content: - install: false - -ingestion: - install: false - -# Overall, the event processing is installed only for BPMN. - -ibm-dba-ek: - elasticsearch: - data: - storage: - persistent: true - useDynamicProvisioning: true - storageClass: "bai-ek-data" - client: - serviceType: NodePort - externalPort: 31200 - kibana: - serviceType: NodePort - externalPort: 31501 diff --git a/BAI/helm-charts/.gitkeep b/BAI/helm-charts/.gitkeep deleted file mode 100644 index e69de29b..00000000 diff --git a/BAI/helm-charts/README.md b/BAI/helm-charts/README.md deleted file mode 100644 index 2fb0c568..00000000 --- a/BAI/helm-charts/README.md +++ /dev/null @@ -1,70 +0,0 @@ -# Install with the Helm chart - -This directory includes the [IBM Business Automation Insights Helm Chart](./ibm-business-automation-insights-3.2.0.tgz) and explains how to install it. - -## Initializing Helm and installing Tiller - -Tiller is a companion to the helm command that runs on your cluster. It receives commands from Helm and communicates directly with the Kubernetes API to create and delete resources. - -To install Tiller on your cluster, run: - -```sh -helm init -``` - -To grant Tiller the required cluster-admin permissions to deploy Business Automation Insights, run: -```sh -kubectl create serviceaccount --namespace kube-system tiller -kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller -kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}' -``` - -> **Note:** For clusters where Tiller is already deployed, you only need to initialize the client part: - -```sh -helm init --client-only -``` - -## Installing IBM Business Automation Insights - -### Prerequisites - -First follow the [Requirements](../README.md#requirements) and [Before you begin](../README.md#before-you-begin). - -### Install the Helm chart - -To install the IBM Business Automation Helm chart, you need to decide on a release name and use this name when you run the helm command, as follows: - -```sh -helm install ibm-business-automation-insights-3.2.0.tgz --name -n -f values.yaml -``` - -To override the default Business Automation Insights configuration, you must provide a `values.yaml` file with your custom configuration. - -Configuration properties and default values are described in the [Business Automation Insights README.md](../README.md#configuration-parameters). An example `values.yaml` is provided [here](../configuration/sample-values.yaml). - -### Install the event emitters - -You must install the emitters into your IBM Digital Business Automation products to be able to emit events from the products to Business Automation Insights. - -You must only install emitters for the products that you enabled during Business Automation Insights installation process. In the provided sample, only the BPMN job is installed, and so only the BPMN emitter must be installed. - -Refer to the [Knowledge Center](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.bai/topics/con_bai_top_bmpn_events.html) for instructions. - -## Updating the Helm chart - -Check the Business Automation Insights [Updating](../README.md#updating) section for prerequisites to the update. - -After initial installation, you can update the chart configuration as follows: - -```sh -helm upgrade ibm-business-automation-insights-3.2.0.tgz -n --reuse-values --set a.property=newvalue[,other.property2=newvalue2] -``` - -## Uninstalling the Helm chart - -Run the following command to uninstall the Helm chart: - -```sh -helm delete -``` diff --git a/BAI/helm-charts/ibm-business-automation-insights-3.2.0.tgz b/BAI/helm-charts/ibm-business-automation-insights-3.2.0.tgz deleted file mode 100644 index dcbdf14d5d6999eaba9e705ccf1733be4df969dc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 95450 zcmV)^K!Cp=iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYKm#Rv#FnmAPugGPe`|Pu?M@5{g*M6S|5fw*79J_l}Go*+z z$>6km|MzzRqM%r6?eUyje5e63BO@atBO@atBP32qaJDI_&@>aQZD|T?Nt&9FR8tb? zmYKrmtYIa0tRnx{TOR~LkU}o!{zeew{5O(C(f>+ka+!QKn?*9{eE&klQ$&Ya^GQ~4rK-K4i|u#W&pC> z2IT|80PM&xfIKkF(-Q7Bnjx6aPYJ*(LO%PH03=R5B>=7|3N(0$m7fxUs!s{vbD&|% z&~!ekth}=%-t_9y^)605Eo}}SasBZBeM%?O=_K;uNo5uI3~n*x=Or|8O`S<%o7FucLYXxkDGXVIpF0%# z8`#XD3M|8hfCUE<0wP!pNUCYEDi6U%l4Za_z#EXYpzw#&jsXWtYnxD1318C`PoImMW_O2k_v$}hhV13vbK>_5qLri zNHY-XLgG*zNG33$1uPBx+hx#yJEL#N2YS5D2hmh~GNENjs_3#Z6b)#aM z*5N+@6sWi$VmYKO#SSld-F^l!6hRd4jVvirM3pq^)_HP=?*@8qnF#d!&hB*h3_6+s zDb27PvTQAf^s@7>H}`c};#u<_so4gpUINCq}I-Np4D025i<_q zYA!g_(hNts$*gGxCLi2Nro$k(%u34fy$95){lGe~!Sx8lK zgnk9e?5+=aO%=>%kUx~g=a66Onxs0kB2^0-YgT>+ImB&>V=aE(m-g@(p!s4plgql; z@lK^v;f%WiJH>5&2`y%BKy$9i!ZRrOUk-y*b_)!SGhb3AtM7fPNCxD+G4R$f0QQ=; zgiwcuH%x&MyE0~pV~sR$I^xis329SVi``J6oi3|hz+Pb_^op)cn` zpl&{kT-Hq=>KYoqG%Fl+WuX9$xXv!lU(Q)U)AX}7MN&m*x_gTVasJ9AIM$1lcD%NR z#*SjG`B7*atSm!WG8KooPn@ni+M-kCO^pEnRRI%41B$Nx(4(7iQ+^y#ZNSIe=aY{89OmR9@0qUj!}T&SE)#u1FT?cjnc(AzgOq$xRg=`L7lq$ZtS1$3YziveJ&tZvRVe~CR| zaF{aZkRNG3bFKY=4(8J{QWFDUDRHdI-oZLv!8_OVORe>a-ufCBgn8f_?*DJve=Mlz zGHXFI)#)-sKWS~PN85Pa{*z9p)A=*|PdbC--|as?;`#g;Bxxu^)`UrCE`TpzoZYbj zSz+hwk8Kks!IeU+dfM!3Gj|K_l=Myv{Bo}4IQjIHxOkot0CQ#ppou;MFp30;s8XLl zC)|zv3M4&KRnnbD$-ra*F@LhezI=IlV&?E1vSb3d)io0efHeVooLv5tO9Dm%BDCC2 z4Ct2Ab(ZI$X}WL1(Eb31t)5vNcui4QXD8z>MO)p0-RV|{7n1t)+wV)8gS;gJUbY>< zosiU-2L1y?1L`2gvlc6BVhsETu$v|Lpg5bH-+x2?0IA>qfh0=*`kekF^W~q(kDoJN zPXDJqg3qqZ~>Y^f_tjkWV^znE&{{ zzyH6a#Tp{CoKg7nDdyEQplQWE{wt{-hUb7hKi9zAvUKw~mHO>K)#u;NI`iam3RDH~ z<;#6cgL|VvQulJrvBHUMCYlX+R#i32=NHKWnr)eq;7*FB%|Szj7BpQ0*G{v6IoE7i zIGDwpNkn?~A%JVDWoWVt4Tt@_mK|`u@RxTz z3~5hE->&A+F*L!O?n)V&*iTPg70e{Vw1CXoDnI|jFXb8xEp`ck3D?kIWuQo^?U2sW zoC&7O&?A_pTaqH}y@Mxx?(_syY{Qv{)||C~B`MG)wF^;}mQdb-IlG2{*HjhqZarui znqejbtn$003UKRp5yVakbPUA2H9rPo0TzmVJd-?!j(ml*@gV$pB}|hnV;$@}iI~%X zB>drcK*V@e61H@=ggNibX+k7IGUiQ;6P7+#IOms?I44{mlQI{>_ngZk=$nY@?<`{= z7PV=NeRMZ6CwOZ}0dbc_55z!chCRd4Ae)c2?pHlx@u&WO#SHMb?qe2aMfg`S8ih@9zJ=&}8`W zDG@k?`Q1?i9l7o>k~d_|ZpJNXe!N&7d{iBdaYh6PZr|La#qb%CPjW{d&m_@dC1)jI zRS^owAlL|nFtECWfxfCnMyQjoGFWJRi-DN8fxjXCui*0)%Rw~6KkxED^uPbo;1AUU zO9M0?Q$2&-NWDpb-OFF$RpL$t`z2Qmhh4AW|5Z!L!L(LFk@TN*DY-(GKhe?>-Ge{Z zQWIQt7!6p^^aQd1by?dfP_=?aj&pN};r;&ya1G*50Q?5#P*yxJ5f$7vWXKvSP&5Mq zmeXwOVd$pCTDBPp|5(P6t&s?HGz)tC5sVr-tzxL^2nL}7e(Lw ze}ByL`E%-jz* z_Wy8RI)8evzI^!-y94&`KGgp!_zACG^XsNpZA!43t8 z6|p*c+z?u2`I&gh0bv^-Qt<}nQ)?1gZA`*rv;lRucQ1w+Za;yZL z%_(4KGiRf+1HQ{?5_DC02TWUc_t@^GiwJ@23S&)xetl1l`u{yY0T(Ehz_l$9Tiw}6N}3w*L`#4r z+&u#hT5NK8+>ItBEfsLkIJkirtfd*xfK&soJ)hs_z#ISm$>+~uN>*h_U3xBShh0IN z)!jAil4!0UU(ze3uzF}U3-Y5^F6;&ezI+KxtLr5W%yjKw#&acfD;|1sXg<^_59Wai ze}K(g;^)q~DT>elEHI#>=eS##lSihf_`6krwvL(^N{T3seS zc=jZ9JdgG(4(Z@j?C>#p=1%omfx0j=FTcC)RhO@q0)P4P=yVlP-u1sa@5Z^$_mydV zy_`4tQU0Z`Gf4R3nMY-Wi2n~T=Pa7bo3;YJic7pn5^xp1hgkx}ALACUdyx*!?;Q0S zM_u>K{YCl8GXUMeOWuL~LtNxlxzLNf*T*F{JP;S9z1LStpI-vH7}fCgoI82d`IUvv?#=?z!O0 zm*-asTC8}sPY#(*PIpNCQWsZCgTSM!9QJL8|NI5P=`h@$9KdZAGdr3}Yg*Xn+Wjyv zq45k#rBccB{Z-dqJ)cfQ{{`=Ms$}hDNYH(<+j$D?fU1V3oHjwn?M)NzXgCY*j!ygj zs7(h{*MYL`&J3Cf4_xAKV?K;j3+po^-X|~`ufGiF)(=AJ++6Y+QhkE%U~S?OvwMvT zN4~ksgamw^IBCioZ$EiS(Dh`}ao< z3f91oKmB%5IQ8OxcP-vTpE>+{AcGGDnulAtpJKdi$RJ^Y#1bUNphhqtp@0kmehah& z5;iz*>>wSVe~ae+*x#QHZEfa~48il?fuNl()$nr-#QyPbfwkbj{{=>@WJ#(R&=L-w zN5Im6yQ51cld->_CXfuF4sxd#8xdL{cFSkkQxp~&r+8L_=OR)}r?j=Rw}P7(NUXXE zkYGR#BoeBYaQBZ1{A?2PVLmk4Zpmb;!HqJca=J z?LxOoCX?WI$%2OGZT_3|G0-XL({I23F2&OyKSq=J=wkQJ*rADk#-9HfyKLp3vDnuS zN!up?YrsIyZ;S&B-le+@x6@^=!afb@#fptgu0dtO?7>2)~q2p++*Ii z!+`2~$ogB0gQo1S;*DDRvi>KkwLWQoK#cd0fSb=wm>g3HPzw?J|9a z#;BJ*K|9js`?8sb&CyJn@a)%@9M>oC0ZlTK7mDsOUA)`+5or0l@q~V`&t9U1^;<7Z zf-Vzux9?Jn#EF;asqr1~V@)~X8)yBiScx;%t+vQc^F+TUUCzA_9jx3UUfe!>Uqn4Y zb|mD|;BpDiTAgtF5J0rwZ~Zl9*rCs+95u_FMTWv?tkoh~WWW6c!1;PWox(_f{~R5l z(*DuE+gbo1UMKJ-)g?O&*{Qvd9fqKX*ms^D$K}pbk^T5P3F#11CpfBub{nH7FGQ#E zg4Jp?QNtLr+j*%FEo}1A{@$yYuBZv93JLZUUL_$wncW@BX>R07_7o1}h&j`xu^RDG z#u&W*(kG|ic}^dK5G357MF~^d2azE=7|xJG;-x&mn*{UXj`|N8Z67g7WqC_l!-N+n z>99TW$2_5!ui(qnX`)~6wywNnNLF*y!xyGY zk@)w;;}BskVQIR=2T&k>7zQvJ0e=Pk0T}qpu3qPKVuI7@%G^PN?@lMWij zP+_+T)(zQkZs!jhk!Z*YUQ}{c6@VXX66l7;-D^zp%6hgW!v{w>FWrD|TgZF8i##p} z*w6s@pqqfTx4!)^vG#uZ=0L+%ou0-%{OidLza?qHF%o7Pd6EyvfA^-Ps8F2g+$B;d zazXE*Cff>ZYqo0LN#1p!hDYS!o9CwlP@KQK2z)6`w^A-oxZYkV*MBX+%Tn?buK3Ak zvVe>169A^oc`&ZjIh(Hshpz|^x-Vaz{7K<$(Eamo7wsny!WUY6$}M&9PJ4>*k-u;l ze#Lz+(70Pl;BGd5C>M!9B19_Flq2c~zd8KhRps4b8|7D5XJ+D{^_~GxR4b*gudvBO z91>yXSyqdu5gU^=s$+3u667#(BGfwZlQNi z8#g)AJOq)vV{!G0b{;efo!7d{FciT#iE|Ut67HP&;UB4ZJfmxZ>uh=Ya#7DRY}2}| z$+O9`FBdi44ZF%-Y1;pKY#v;h%cm%i-jsF2BSz|XhxpgYi$ID2we}QS@tieYs~Djl zhXF+mlfLGI`cBAS^=G@+{qoNP{-4JnVUH#Qx#9nr&ZFt``@fm|yZ`48d01UKro>@& z-At|1PfN*BFe}Hn2TuyLSU;xh>sq}Z;#6ii=tmM}b^UB%4qpvEF39dp;^)g4lJ3Vt z2!zO{-2!uHNY>F+)Gu*xvv&%ax~D{+0<;E1lYiU5`{cniErYe7c(@8@xlvhZ=*2_v zaMEO1QpJHTxM?6%TlUs2@8+9V&Asr}3XtOgg4`g<9Yncg@Gl?=rUX(bpe9Q~n>lcti3M<~dEe7}Uc2?_m$>upr}tdB0qQ-M_dxwNyxX8hR?q}YwWKIo=mwlY<4wd! zfDLrG(oc>N0ICUoTMmuR5p-Fv9}*qGCqj$_pNAOr^xS0G({mT|o}RneIDpJGhCV%( zrfae$?wanId5BT`R7p=?72)A5Xv7K8vk#$r%NJXqd%#Be(0+Ybibt@GTEGR3Uqa)s z^|=}X!h;nR&_8@D`WSpEbQ9Wto4f=NI3Pc!1_)h}KE6HK8GP;uUMUH7^^%z`uatNT z)s5>U!9sznB;fArB;ajVN@0z|B+0=qos{-pK-Y9rQ)r z$pQYspC{2m_pq)~HGC5bMBm1`B*ML}Fd~?8s z*F#v6xt)(Nqy#7W(=C4fg-Hg!j%EihBi6n6evM2Co=xgdi6&F@{QQL}7OHW!#9xIr7c3J=9H-}rMB*vvOmOrgIGp)B>O|nHufM1>0l0Qx<)6NW zy#RiBv_t0qOVfYCjl^-_geddAetr&c%CB=_vp$;?p3O0s;r7C{{?6o|r+R)Cp9tgT z^@akX_RNX$VH~XU6uu!-ruX%jrROPVVf?}VKM(qUd3op`bO5`N{~=SzX3qV;a@pLw z|JRRrE*2c=5^sT+*Lv)9 zk?_#}*pU(-77n-;bNJ0+#)N4r3TsHvjD0*~H=l)Hb4LkqG>G&^@#XOA4k@8he+iEi zH|Xib`1$wp0yDc9Inc*wP!Ei7AUsFxoU(c#bVn?BU;Lt^5%~D=7MkIUa5sB(ycKmW z*?igSy4U)n*MVzj1n1_f>;I$rpRPRY{(oElL$eq8zcTOs|3Bn8*Z-XH{XW{CuKem3 z1KxGNUr_h+*ydgHd)NGaw&tfB8t<%eV+d{gJ$0Izy6RX^2p|RSN{S1&huiBf8mRcUO&!6 zTlnbO<> zeQAG|mhd?O<-ICFrHII=wEsB?>louMN_!$hU*4QcFG9CRZ< zUF5q9k?4xgYy_N(#CXB_SG`uF09{F;7s4wP4l@MgDDDqM7^g&Fz6O$SC*0)Qp|!?e zz7mJpUXo}K3Vs>g9Q>NrV5qT>Utn}={>k*)nmg3?+q)ie_j2O`RRKGda<8L>N9H1j z)H6sYGs(<*UcsOAJg)y+P_-U20pGO$<}S|v3%Pgu?+^IKO~qfB{v(7y?*xXhINZ&)eNvtYw>@Bz5McymjdF z$qk#2dl;SvRDUyyhl)d1mV`shOm{~w!!?uvYgvZG*%mZ`Hao@;2Q7zKD1d9IT5dYn z=L47+E6cGzK+G~&9y)&rkh4YS52q{6?+t6H&TnWKn&JF0V=Y#Wxf()Do6TYeNX%R^ z0Xv&P-ZGuR5&d+>oMz2|Z9)U^ngHE;E@9ky$I8%QHmC~F@G=WXjx_TPP40X1(_yer z75z_1pADQP_!Ax|c2U9|m_AeK4w&cyGP~1k%Y)SDcRMZj|5wZMnxeD3_35}Tx>nGo zKcUIDOUfGW%5zekX`g1SpX&E2w$7H;Vin!Py9sx$ibk=Lac8|H+e{tq3jC}brhpg^@ zF)ahKilmC+3W3)FJeRp`>@-=EBzuG0EyIKZnUvP?k`!=*GNnceUmX&P8+H>xhEU4IVz;)#8y2E*d?4 zi7p=9^y&NSt^W-SR9;iuT-TN(>!cajX*Srf&I=8^XsWz>an?aqgr0=^a1?~W20ib9 zbKGY~kr*l#jkEXd7QTI3cLO&&OBRp}X9-?A$o{@DG*$cv9Lesc2cH?5;uh*SlgRCY z3S}^7RY49D^L)ZZcOz-eSpf&4aPMDA(xEJ=@YTjVVz>*@ ztL1JHrmM<3V9vFT1Hp836V`%)Gl(JQ4!~MqgwY*uX}xUmQp#K*$Dv>{Q1Ij#f@_)~ zNGfYZbt<9>j|k4#-BtXqDHS0GZ*;{ga~Q+!A*^@bd0A%pB~*o5;P2^%SMsera0U5Y z-Ea%mp&JDV3J>(cYvS&%c*P&+&)M>Gr8B&yI!a&iSo+W{+D+wCzN1s;?Y!2b^RjR2 z&Q%c@=mo1w$(gNsPEbj=3bWCuIcq{(QxwVSOX{+EC~&j2JNtB7u!d_!ulaB3+X+gt z9MBx@YVOs}U8!?RO4gtX4T(SM^4of-@Kz;O|x1a zB4?{u;7bSz(-M4DJGw~HE0HwdEU3dD5QeJYY@}dBA?TO`|NmZy4Vyqibd^> zlT%G=UhI<38+Z->`*+NtNpqMXz?!qxVU_`vwWKu!vcwtg%{*tNakUCrbGib456m=Y zX>j0pqyF*IeBjR6E0&0)`>o?Phid|CIq;2ZFudMtv)Q!*e{tO@oFn!9RPh&l-gN$V znz?tK0p2+O%cl$H_y3&V@8^F%;`v4)8xMT3Oqgym)?eAd_Za6eaR^$77K_E>zR8Qb z?22^%dnWu{hK|TjxZxeW6`c12`8|V<=Bi77n&6NAxP8m;okw2a%|9J0`1!EB9(pRm zUt&CU*C{ZyPIJ&={jsGqp(2@v?M4(X+k*IzPt|dpb%FcE2l}s&lJz*W04S1*tyxKC zIT=0!^kT5XiF{p~?aY?@ZyMeAk^PY)Yo4w&-o4mH<}>zoawkPCoY`2{1n;`C0@b6x zukH13D;A0IOy2a_JZ$4I(|bH4LEo&f*6Xa8ltI{WX}&?51k$M;q4JUyXQ zzOm?BzOnb4TR;2eRwP{A)DtHAbRJ8^TXUTG)c4|cR3yWl2D?*VLiezuu0YUA zj}jvIkdA%7ye{QbAl*AqH!e(_7yS8Grg%+JSVvd;M=ZrjYRa6){s6HA@BHNF+D3J6 zL_Iq{KuS@ql)nBu;OB}afIVj+b-`J$UxT|450?XbuFKpQ-ss{#e~`b`y}0B1+sSz^wZO!Eguj|cSv)Oix0dlDmG@6Q7%l5YcvpnE?1NVeoV znmD6;`fDifAs0dU^j(zy{Mmtill>nb=o@*7??(IcXHRSdRMoS*>}Sc>(O?qy3)9uL zO1@DuSm|i`yizF>Rq4_m>OB!DlEE{WHeYChYLPg0k(~6t{p%@+SQP9!fl)7ga(a=5 z^Htz;$m)k+YNv$ZX|x^5qrv7F5_f)FX8rW|136DG=+z=SB=gcD+hkOR==7CJ{YeME zS}7M@r;UwY@D@pQm>0Y=?nF>LmcMAuYpsJ(FEqhmWakC%4mwedW+H1+1G+}MkR67g zhnLwS-R#DJqT8$0ip64NHKIk}4B5S!r#o}4Vg+NcmkN22qWh>b zrOuAXQpdj%0&897GxcG%y0x!?n~*gzpc$}&Ycrt?je|jf1h*&afcN;S=h-$kwqJIa zNpl{QOs>ZaE4yKx`jFRD!F&d3Bv8VV6sXzO@#87Oq%5uB55g!D#7KvRqzT7w=zZ9J zQ}y{u^2R7AIy6klw4iDY-AcI3N=jJ0yWDY6>m=MtrX{JOTRv(t&-))P<>2k=S95-c zfky5W*Zeu4_Z!B)(({({|3?!*yng7zTu4L zEO^Z!I&Sh1qvouu?*~HPZ|vSfru``m?>{?JWb}uI_f{mZjIA74ERf&!I!fI>S)?&=)V)b}A5z z-VA?thvj?(uHYUOS^lsrw+{G{m-WI#x!z>}W~?OJ20X_5e+HQVQ$(CqTr+}494ekr z^&6Y$HTAv;Ao`LB652;A}rC*pwTVAw6P9WBj^{J!e6jTg(mt}jM8^*b;2!7 zyWJ*1Pz3!}*uD#G7%bVTIlx|+E=A(!AghL^oQv2)ET<;i(QtMyYVS$v5`0`wolt!J z3j~Rujvssty*@z?Nu2nZ_=Q6FUn1CVy---cKkCwz+xU4p<_Worgx=D*5`Kw#blGc@ z?^dThjLfI2qVYh5LxK%cPUx&@ZZt!LSI=1&Y-c*=fG?34B14 z%;cp>mvb*f2P?OTmnK$iVm}k_>lt1i=|;U$y%1eLy%%#~b}1U8IzbaytNrVs@207_ z3-M;;yEnxe@LPEwZ#e?JfPV^W@r4lo#5!(OTc#tdlUC$V@if7tQ+wd1GY z5tF7{-jQI+K`ZrYw2B~p;W&-{W7?bt_a>Zsun6D#d>aPQFcKjcrYQ#?1o46vpNcBu zY)-qXygS>@zu7U)uXs#fw1hj0<;+*ma+vZqMv*$VcXjv}o%7Nw;rVbO`jBMj6)e1R zDPA*R!jvqS+$wU^XhauyV{4Akezmpe0_R4XD+j7ke07|%&lhYMGUW!Z>nn$FPZ!?S zk_9iF+ud1w$Ls^g?fhMZ!+@_%s0*M`1#j}Gr?6e5M!cdrdZjPUl0&7VRmbz1uPKk0 zhB^Q=_nsOnU)bU<1}5>!O6GPx!ph>YK;}&!&Xw;a+&Ll-Mvz3;1Tz`& z{Q`z%*rs(23eP4Zzh6M{qXxZ(l3(T(wEV1e#u^$49vW5znAgf2z=ZQCz7FnI*>|6h z6P(9Zw%1ph*TwtYi|6%ea&3J)^7fVQhw9fBJimI>_mkxNe%Cq!2IW7=3H@K;o@bcq z4_x&OCZqN4e7@xZXVmr0^XsFmAb{T$TL!-ea}Ik6=e?Y8AHnZe^Q8y!-hTWT1&7_R z!a53)_u&y(60bx6a^5}yMH8Z+IBy@qMHQjxMq!G;==kjsh-ZoT0`Q_z5{038zT;o% zvJuE={O+>>?iLJh_t^*whxdEDUw@BRH{c8!Zz4tlY@oxN?x|UL-PQ!ZEr&+u2)^I` zy}{O}Cv*Wg`u^{`7t*^IQn;&8?DX!2bcY*K6yfghL%MYLIlIJiSp~hQa?5q;mLJkv zJc__SKA7_le}E4O{=**;VhVr{8xdNrLyq~JO5J5xMXNUXXEkYGR#BoeBY z@I05C&A&90ct?u=2Z#pL!M}a6_U{k>3T{2Who8|`5k@xwYj1tD6Kn7H;olf@(hO-^ zRiP2PqdU3l-3eUD`C2cbfYR!@mAvAQqDZRiK5_?$@8XnlPbY9{aLqf&MgO6iuQ~^P z{tVKQ6|VUQT_fu)Y6i9{xlI0&xY6EEXFUr50l}NHe=SF!uk!;5KKJ@-1fO>ojUR&d zyNkxVi^jW)##I-McW1}HxU(Zp4PNl>PjkPyw6F8Jo!~Vi!sq1OUFi6{y9@mp+=UD` zaTj-<0qBb7kXu^d4o9pBkEvck>`*>+b|f3IYk2o%diP~|_htIYzD#eH5ckQ4M?5j^ zY4t*k-1f!t|NnMFAB6aIED(b9?xXeYqjh-ReYE~!K3ZR$H{;UR=T{EDf004scxDtj zEed=^17E#^p}@yn;G=&A^e4`)5GS+wD3X28|Mf$ju#ZQ; zsS+fDg?tLxMfzQk!I(da7d2ghxI2QTqxT{?Znr>*EJ31!{7b8a(s_P;9 z;IL9BpZOTLc4Z(&LpPu9j$*BOxR??6^6?ge!Bd$#`g1S@UkWl`&bmJM{R2h|W27>hOk@tdm_WXmI{+DaIbr+1{+RMd@v?YHl}lx9gV;?)5JJV5^oS z1K06B_BPLZNB>$&a1*=jcK`Q__5}?C66G~*kYfu#Xg&q^kfe+Q-v zp$^c$13^>a-;ZAIH`M%)n7YPB$5r+g8-)wLEB@b7@sGTjdrkd677lI#K+L;KNc3YM z=JYuBi){;T?h78&|5a#hG-H|Y(upSyBKO8-;D-K>*#zR&+3@r1SVKsbzVyYbhAzuNiF zpLi$j4F>r0*e%{S`|q3mpL_nJ2};6}6llUXpZ}a@UDTG)mAtQS22Vxaw}Ibq8+ab< z>BRIBWurl(uzX3-uh(Pd=bab>MmS7`U^W!3Y01S8s@)J0BDG$Sq zMD@7b#~#Ew)DX+_&@|hc;NPf902;Ew$dD}9X4T!(MU0X2=pu*4BFV?II?Fq1%qa)? zpFX4QgYw@~2p=>7ye|K9NFkd)-~Z^_shk ztnv(|wZ@!52_s_VOWc3lO(>W;5f#LINqx?DY1yKg*E~itWy@3tNBu@l{QEj>zP%of=O+f+z{BL zGVJv#6-;jQmWaq8ORV0D9RyA=#=FUW0s(cZQf4Ys;L zcJ4c7d3@K#$t|(KdS3l@8z0Cx(=Su~e!0?Ph;|#(YFK(e;NqszA2d2`k}Q*pa~z2( zhIMhQSHzs}xY)$89)X#Bt4^)W9%aZIcB^CPe65IfmZ)!K!Y-h~yrs34QoJ&0!4A6a zjwjIMmBohaqLb;ASd9kha#ol(@%btzr>x3M!_4f+>Mi?tqg>t9wu;hSrbV42(yi>S zB^F8>xHd<9S0MbnU2teeS>SCzq*T&_5U+oQ{Y-9;uW)15Mv?QETHGiiE^L7^x2 z7yI6N*&7Zj`BiaDRJ&YXQ3~{+oI$uzPpuAUDwEMNlDHb?27QXAOM`M(E8EpoY2L%i z*`3+e%z26Y|e8O8fbStYAH?+{Ta^-e1-FB$ui5 zh%&wzU|5zcV?DgST*X%#y-kceT&h$xJA2-!jc6PWbsFhr3(ak|waX0F%j&wmEs`t6 z6w76lt>Wk^Gs){vT<230N#ErAt=%{^DVjMtKZzS_y+UNj^q6ZRgC3b9%1Ek(=ZEof z3oQ&A{fS}XGo`ZATgV_sv=Aw-6{~c$%CAbJUNNVdeP)j2T%IOhi)E(yW}X?fL>k^t!ce$v_x8%eL8Rjos-)iC$WI1}*Q=0Xdv0 zQVtpKP->r&%j4e6uD7dfzA$QX9m^6^h2D6h?bmQMpbd-UwwrF3<2UnFc``tRe4O8s z1&gFivXbU0RPNVuR5702)HJlNRiz!Z6<2hVKD`#kkByN%vy5I@kPxoi>8&~z!EJJF#6;4? zs%evBf|qIx$`|ZWJj=CrOFP$S8il-^Ya2PV#WZ`XN}la^nM$0h>HDcTY^5s*H;$vq zu4}g@Jw$7C^o8ErO-o#BO-Q7it+Ljf+L1Yq9;w@+xhidnsUlsHmIHGmfB8o(wD|5?LbDI~M+@e3scXr!+%W8GS@sOxzxH`Lon$owXrE%L# zZ+c2g&n~N4nuu@6POiR?2_m(Uq=rdrH651d%5J3h1Y)AnT4&LZPYh+Ywyl&p(uy|1 zsI{dIRamOg(=0QJ@AX!@)ZdBORL?AtI6fIDD~&J8#4rs})+#f~a5kV8OaU?X%%Z5} z27?Y>nxQt^=d=!Qj&{RYoffR=tlP)ZJ95=lgSuix2d=G21L`c~YxE3ng+4#-=qUyNFxNYQF2`)tr>! zIvCuphE>$=*(IgcYnD2z*<=N0qR_RogZZ-E&-d%O`f^`c*7wsXnl%+<&+XE4W73r} z^?E5+j;AtoqgIMfa{Odg=a#lyUD-xHrDiC-Gv^A6tTbkpmY~X}T1pk`i`90p&gzmsH@yWRw_BI zjS8I%8;@I5X-oGT+4iJk=xLrDA@yu|no*|NG&Qb6b(NW8Xuh1zvFgai@lBt?O{%V= z1UW}H8i8+?OLB}X%e_%uS+q?QsV*ml`IajVr$c_j>{9I-N;E`LSmE{Aw3aWJI$SpO z>Q)w6GDDDSz1f^HhN0&&vs5N-Y*k7|#?nZqk$s$I@y>485JyNJA8zm(J>WJa4oNlB z=x$)nxwW-LH7ri=FSvC>R1}^!C{wG~zsV}?l=CiI}hNP3G_D)laG^2&VHlN+6lS+Mf6mbq$3YKPA#`Bsgd zTJcGZDiP#No^-mCiPS2W6l=NLg2okoaaZ`mm?;}ShJdfh^{ z7bn|;>TX7ktn_F&t?I?hrq{xdE{0dqi_Kyn6l?YIX5C)Pv)w4Alrp1AhCqk>vdHC% zR9R=2@tLyHMhKkMrd_V7GK{e^^lf>)8rGYgRI|J`YX+5;(agTk9qQOVMdQLGtu1J} zx*8Y)H>_-xEawiJMlHrHERwTVu!7y&CVN6tmB%8&6Ly z4@JAfU^xuKDs2YGu^qAzMRKTNZ5->7j!tTiGt@91w+ZS(CmnpXPTHwp>2_rr(n<9O0>$g0lie&GFNNEMXS9~wca38ZLehn&lK}wn_LaD7PZSQvbd1h$Emu# znMuloUT-S4(3th}agy1L*+#sx?PN^?ndQa0#*PVW$*u~EIWy(NOnfA4W<70d(Bsx< zjLW-pztbjlZCdCncyY9Z@wvq+8(gCX!|h~9ZYzTw0rL$FqfxBgku!K{m9cA7sxRwA zb}-qd7M4X57S^(R=^~L<^4ZZ;MOsrb!=QP}nC9Dfc|}$E(Q30Z*D1WVoe$<^a{=2u zVlmwHheNtlL|Y@hgD%?!ueS%)A>EtrGh~xfnwi{q&SsI#L}?kQ%@_K84e2jN?KCr% zI&D!MlloLmvFJ?9>#5Ofu_V$WTEWD28N+G|c2U;a*wWc62*jp`w=rykZzh!?jZkH* zSHZ-w*e0^x_a0qu6C<3EG;6ACbxtuYRw+r`sA^9}g3N2=x+!H>t(T4rsq6r zS(8z2K1GMS*0_UCb~$M>T3+RgN^jC=YEyE)<~z>*q};1a7Hbiy5Ft-%(r`+vOZ`EG*K$%B$QZgguS_+F|E2J==8AG zuT58Ko5W>{$!nvjQNoBRlip88;=02i4PK%~<-Sf=hUW{_vazd< z6tUOE%n6BMTW(q8TlE&dD_-v7MRs zYErk|pG``o;SgK(CAPbqQtT4ru$dmWvZ_e%#cIF5fkGy(mlcL<)f)R!i`~(^Ij14a zS`=$yy->2|g?3P$;9F;3YdUkUreWd|+byzGr)KXv_2v1vw8}kfLoSGZyNtQ}Ol-4h zIQvYJC^bl;Q*QS*8(ef{OtXS@92v8z&-qT95jUL$xob1zzRi%kk@Ifhyd!eQcZ)}5 z6pmwk@*KzVfp;j(=~qv~JwB@A+kK%xRPs5#X0pAG#^tn@T`m`=bjvQOlYSo0k!umf zGYi4k%V^!GH?$&Nv6R|~Zpw0}2kVo*sIm5RR_JB&SgTt#1`R@#dNe;br}{$gOq!!@ zryp-i*=~xj8-?mppLF}p1}AO{{c=Me&#|o3uFB~(#%ER{fe`WiMk}qW`*;>(?Np`T zL~4?>CD&V8M}=K~(;BkFPIkA-Dq_WoSMy@J-ETCNoKh_5)z-qQ)s}l@uqloUC59*s zhMT%NXbiL>(#jFlAr@b)tJ^Z8Ai8cNLrf^u(#ytnNHC>RzLV9OG8_^MWH1|I%nIY? z?0Pc5FxWOK%@#RBx7B`O&$WdbGp-`L8A=}|Airw9r5HDKkR<6u#i!;2b8zj~flzGouS!j1P z)>`p3O0M|sQYy+RlxlScP@z_Zd~e&?b%yB9suFmY#sq4&vE`ZAFWKq-Kxq~*H76EV z{Zh3{<0W#vqRIoB9yiy+CDol4h-Dh;aa%LW5}9sx^Vx!0%d1vpH_q)ua)YC_qG7On zcUlRMwsyO8E%(5`u3s|i> z9GJMWnQQ9UP?5e?8!5T@Mu$ALA*5QDr{Wnso~@2$v{lp5VRkvljAz7PhjW$8a!+Hm zx;7Q!w4^jex|8a*(#=9MUy;pOZYGpeNhqZ83^A+CiMq0E4wT7?=~O}{uTwOl3!_*0 z(&(jYXz$(V^=|ZfH+ub9jb7b)t=5P$R6RwOd)r}A+;FniUhgRu3){jk0+3yi4?V1V zQ21Xc;Wa z)yj5Vz~>pHJT8|D(ISZy2TwmO`Cz?h!@ATtj%`k#JV-9SkTH0&5by;#O*XC&j*zLjIhtNVuD zs#bObvSuUk+HjLCrT4>vnqpbIF{9`7cDGu`Yn8T!pklR?OZC!ADaTW(c3zn0r@Iwx zPRC?AB@UOgH0o2`_&D2RSNs-sNTr;&b&6!LEwNU6)#aws>Z09tR_k@g$g(}067{s+ z>Sf|=Avd5XszP*?QKmkF8&=Eg$LLPpP^C(VAo+H;N}$#zK4-Iyekq?NTjjXcEz6T; ziW^T`B0U!4s)lN9bDo|sC^q6NlPqS7^u9SA4w{tVtVJEgQ1u+bZ1QbA-D7v@rJ5E^ zbQ>2cMOES3Y6)uAU_MM0$M`I(=d;6j8?B5h`y zqJB|R?gvKm+3 zi{r_XkPDMpeI*x$`P86BvxRB}U*%_fyl64vZoSDel{Ascsf|gwI9TK9MM>wD^93&C zMoMv#nwyQa*eLh6RHi-KVx4B1&0{OJQtA)Q2`RVjHYJ(0Q4uc;$v8#wm5r9A`b1?? zDbAE;gX_-tdY#f6M5VzZJyGgS@*`%cPRmSh&f}d~d)gT_Ryli?YS%eoP~ESUcB`=H zK$4IVuHB;Na=BP9rw8QFVpy?0!D!PYrN&(AZwxs-?(k-Y#|GoVX3NmFEO3<)RN8bd zFBrQX3&(qjm++Rf$rKuln#Sx=hGP=qT8m&kTnBQ4!VJ|gtW49~s=M}qT=t6!fOREBpONG^HqZsvO zt!z@Nu`%kabY;@+;=5TXKb|nf@*qcb$K?spn^?KVZn>NFEBSnBi01V=&KA0v)OIu7 zq1$~$+atv_x5+cQWvJH9EZNMWQ7T~LLAz2<&1!tzMx|{tlN#n0oBUL%=lIfMRYT$$ zP2rFmA|*54(%C-NE|i5{pONZYQMNkqAt5XbW>`rZ=}8=&5tVhR$&x7uCnc)ds%&yS zxU|^xdc8!pnTFDh>%%qMm~3#Wrc}88VpWGEY87{#!EA(9#A!*jE67N%^yFN8*oHP0 zukVVBMYX`MnAM8T5)~`O&!H+0)-qy1M9Oz@rj)IdZK|zRHG)oWl*w{zZQ~`1fQ{Tf zP51Zx3e9B7(g58Xg{?G#i-t97EoNH=uc-}-9hEq3I9cbkTwdA17DX!6F3(pkt*^1t-pm}XXH99qISujc?siL#h-g2O-Br(~{F;>WD zxV=JWv!cm!WCbmc`7T`S*riw=?fCAZRLS%GQMO)3G?*7P38{4Z%2sXiU9~Lt76TF~ zNv%q^m8nboP~X=IbhcV76g&NGR_siwl^I)+xmpe1Xqgf-gW6~>h;n;CQ+B(j4yky$ zU2e(LsB4y0MYS6#4w2Y(Z&fN4^4(oKH(-lBEQ5=xO0PLw9qjsy$aj%_pIA4{RDL|g zD!bMe#%F7bs-Y!j1E-^QL(tpvR7apzLn1%Usu?rI&g!YusM^)c8ZB1Hd{@QiOue<% ztGV99#+EA5MN&PQ+?W}rF+%0ec*bux6T6wmFm7KSBBRl`*e;Yu>E(WR#q<%`ZDjX_THdt)}u?wiEAy_rw7t}s{% zn|5z(Lc|)c8as#%3n;g0O&X&)s&uJdbxr4q3_r`SN4fey%A0bLN%yDCxn0k1b)FZC zc!^S0Cc;VI*A}^P zxooD>8)h{o*L8j}#4MzT&f^@x564tvs+f~jmg=HCQNoxX33_iqlp;L7Obki>ve0T(xSGW4kv9X zZ}mp?adp&2h3ZCW4)?2hO6=SCSlD9O*3NEB$hg#|P_9Tb8L$Ntiu+^E1^~|Qe?ZB*NfA+g<9Ked8Ld7#CkB?u`@c~t7EfVW{}0{iq+_~ zgsR%67d?rFO*rl0GuO4&&nsn$!i?Z%qcxTQ>NCs{nt?EAEYyF3qR(;v-RnaY<-nZB}He2y287*)`UujzF0Vht)?Os*odQZx+{km?F zyS249R$V=l6{iKQ(eGzBWOl+W8m)Mf;U@WUyDBiNbO|Bp;<_`TGlaZW8qE>J;@KHsDlPL$ zZq8MF8was#|Nrd$d6T0!_9zVhUlH$j;AYQzyXx1OS%B@VbWe2LCvAgmY;YowFw9K! zuqX{iECqO--`vms1OjZFOI3AG&vNh6?ud#`K+@6C+0T(QlJ|-}-76zd$2f$&e0(@P zlLz5mJU*a0#-Wd*I+z}jjWA`}O@wh0Jp3@Si`+C_ zTS_|0rw|W~UFc2jM$<&t9m26XymzLt!~bA&qX8Su`<#;r8~g}1)A^FiS&X)>Ko(oa zlf@s#LnY(_f3=<-$(XkdW3fTX-M0VvQ%@cEqSq@#R)Zh=!Tk{7SuFcc!0lvyF(XT7 z{R6ophu;0;LxMJooaBPCmes?n?feH*%JEc7`K_Mr{U7!zH!6PkVODG%T?1ioHwnV-Y%?&Q9-o%^@L?c_kLv34U@e4I5ZRV}d2qj*s5A++7z|876m+Bi zh)hnr6SKkW;{-hQyd)T;kh~RJ8a}8)&ixd97BH{kVz$)Q8hbbHyGtz1mQSb)f+$|X zBtI+{&b<(By1m(2GRGh1AMc|)8)$ga?RBD$pV4RIek^=MnSiEJk3&QxtRWmyi{CCS z{3Loa7=Fy*(_per_9*Lqn(_AM{pX?|I>&M7Db5)2UUHOYGI^XF&5!!jEYuihIIy$v z!{-1l4j(tuA67po(Wl6e`X;{{q&p?X_bxM>K z-_@7%-I5>AqTLxmr>7>W;;*u%|Po0$zk_-D9Xa*Npf=Uu=>I89JU({&9}TbCd$X* z?7@?!$KlZO2I+#$P(KqqABtvvoPO*qNB4_NOqcq4{HWc1+6dEL5`u@>(%AOy!yi5& zF?8L5*7xl-UK~1)o;01|?)2%CZcj{SG{j(SdWD~`>{8i{H@@}}7pc)#+2n~8#XT52 z1(3`n7(dJow!O=H;WpJDkB4da;Hcq%UwTtB6ZW&2j!9=RxVQPiBK+*kCie%V2Fv9= zztip>x@tNSx#_*U`FtmdpVBp1PiDsGUi>(E=zM&fIqK%HahHSRlXc8LdH3UKB*{{L z+UaggnDQUj!05|5eC&bo{T&=lk+tpJ19lM}H<}dP?Ym1slRKavKcwgfTkgr$=jw4qieO|1*kD6tvKX|KTE6zWGk8r}8gD82&yga-AqM)9>y{+C3 zFD^=L74}zMxb{EP{9Ii7x4$vYT^Gmhvu>I%E?d8S+r}j%^))2*RU4Om*j^OGUxa{u zafYDPik?hA*VtmNaYFz-Ne>1p42hv4AWnrsH0V3F7>1mr!4z058LAKr^iYcJj+ody znJkv>P7Or>pfymDGEzCE^ZkLvqJe7kC6yI{%Cqd8^)?Q)c9sql112*=Bztd! zmY&fUy^eZxVyT0c${4UfRFS_{Cel{pJ!nMxLN&D7aha}Y0l*41r1hEvMjv{&jN9IQ~1O_5Ho6apnI{Fc0%}lfy|r+VV{2@L(#TpP0ORx#bslE64lJ~W9PCVw&Ju3XWH3is zkuAo(sbavME1;eo`a5|o>Cgb5%}z>GzPGe_E`vnOz{EG4P}JZW91LTx=)+lyv7&iZ3z*ta3i5u5m|&Z0ust&Ke9X2>9cHU`iWrL7)@ znN3LHu*%VaR(H52V+RseSw3uaC;~ewY&rDy9xr`X!xd*m{?Zc&s~o`|EeFVqiEQis z!3up<6AA&0m7^CaUA!ji8SDG@p&05Tcjk%eQ6a*?S^BGlA70XCPiX(N(o&|hGI z-453>XM~V!|QLBGL?ED||7=Ix$UN+yg^Vyis_7qrp&RNu)(q zrmw*gt*sFh`hmXmMIBCOXel2}KHa*k+jGY#w5_S#4n!4lr zy(e%wiu$QW26vXOK(~WFyW@gWNSf$JpNBjdxv>`=s}sNTW4t<712-4IL$r2S0I*jT)q%IR_P(W+r?|&fRi-#)~k-kPdnOV z5Sg5Gobx>$8$QtyGH0Bqpoz5e9uf{lWUG(S#0{-fLEdyREXMX2axw%nmsQx=5$t6n z={UU9bH+ti=?o%yiG~X7cjl}pI!8%Xm!Ocxy^$OFJ+qT;hil11VX=ieG37Ab$eetH z1_>N-kjov!xlwI&KrxqEh;@l z1bc<;KWbvgI><{GYKmk*V6Bn6wL6|TXZs_=@Iy277A6F|%PS*qZ4qsp4ri;1ilYV5RA_nAr*abcu${czufEQ&l%nnB*= zHNH1ck04V+>tLYi9%_BgSPQ(j_5_y~W55yxhJ}qH^k^cLx1x|;80<_RiBm8MyIN3u zp0U?_8I>~%OjTI@Xsd7#=OksxErT1Ro=usuUQ4ibg$nP`kUYM5FYNix7I zU0BlRF8!>BX`v&}!fStNt>w%RCCfE>P-Cq-1*QuZa;z0A6N?93Z@d@hyr=_FIe11f zgCc<#rJ)|}*@aF<7MBvFTj7vMrZYj7#|?B8`wKZDrltEwEtC|U??YttQ#?s$ka&U< zuXtrC4Rt}u(Xh|S6Sr$XZm7oA5{2U4?yUF)0wV;~nY)%uJ0yyHC`NGDe?*5q@kG(^ zMyTY`p^8KShW&}fk)@8r4j!RY8(FbDkz_}d53)`^%gcv@%}EY5Q@t&TX5(Li=52v}=rql8KZCh%Yz;3x~lZpL$keUuN2 zasN&p`?9_k*M{NmOx+i}&;pLYOfI>SP4b;1P|G00pp- zp|!Au{o2v3JDcrWkX4UJ_s1x<7HByLwNPR$WO9HLx`qIJ_aWWr5!^c>=_!V}2Rzxx zqR7IrCmSf8$f8F8n{yUN6oAYlfWV&f`;FaEdkcY>cE?v2f`2E&^iC74*wUrBdGsHL zgxKDg>u5)~(+zir#dJGk`yE;I@6;pYJOqY#B-${XZZTAjDpX2a>QRB>+&x-HHx#!T zlm-w2MGsRB8~)s7yE7*$0zL93paTk(BWsoS=cuI5H3=-XuV6!o^rIpg!d}G0-yxpr zzpWnbBSlxHIs%$u6bp!^EY=4(jO3&Kkn$EQAtWjTE%ZAI-0x)r#Rz#oBLhtdQ_~3( z9*EPUETEocaC>#Fm@vHO=SMPv;~kHdgPsu<1sa<@HAd+IAutTnnY=_>U|7=ZXpQlb z*a-FtyJNB_+I1IW5}|O_gCp=LN5!KGy}ff(h_M8P8M__8CP$U?M=&f{6p={N-JZJ^ zW)>PO<#7Sb81x)A=RA@05b{I?DoEyuVa7n$hB<5KmIOkwaKu4o#sDdNky$J^wbx|n zEWJlH6a}62kVX_!Q`0GqKma)p+8rx4^l8tE!;U=m7qYPz(RjzYW0Y#pADFNgSVC_G zq8?{PilDJ*4o2iN5(kO86w&NBm?HrM3MVPUsMu+ogltjBWD<5{Sgk97J;@T%@%$)l zEPhXbD29g64>Z2GZm}|#j;(Q*vqxcuBhFX&e$Qfk&Eq^x;d^6s zmx{Vk#2#M+%DA7JOCowlZw`r>X-6=3;|Eslh(tD~8Pf8de4K9KXb`GVw*$sK-)5(* za+H!8>vp}PvXv(SYfof$7%7FV1E|K{##n=~zJ54(eA2PCVyT2AR@Oi<*V1R37g)zY zYqRsPlSh8y2*pr_+`)~~k=g+ZJXRD;h-3#v40v_s3b4Bn&;p0MgC?ehC$2cnP!`tM zit$(?h!stQ(i9u=0UP&S$faX76uPc%Ap}*<8%voRDT~Een(D%S?u9T@)a0Od{6|d} zbqv+6t&_t7da=j)md8t(HW~Dc<-h= z?C6}BIlQC|BQ%nu-A*C?0r27@URs$EtYsZ6ETKS7$I_gol0g>4ZfC_QBPo(u zZwul55ss%_6L|zqfNdK7+(3SWxWUAVJqSf&cw{iP1h4$=oxo|&Y#h!JP zOk3!uhS6W^$j@OY0eRxZ=Fz%Sd7@h!_^iZc&th2?6J&X7ARuGkF^IC%W0bgtqz(xn zN(ZpU2o#E#4qYS$@^RI*xv+;PRtj063&+yVih-&NXsCCTgSPa145gkeDiHCa?QnkT zEkzuS5 zu-v#lUi+>A}>+nKA~78j)-m?pdVWAIvy?l*3&H z*D^1&g$^QaU=xIlh}&w%u!AB$Q#p&(MuVXxSltB@iy1G?99VSF(%YL+Zvi5-whiAl z1a^iY8JR(UrVAEQ3{P7urJ;hn!|W(6fG7q~6wUcj=pvy%L{K=I)ZQ+1IPTjDCm*d4 z?zPx@#Do~yQn8hZ%y+%BIVJI$y7zYWW|KD*8Wlvg_#D?*hS#ZGb|uO z)X~}E(Go?~BP0c5aI~YGM}pUR)Y(}b=MeQ!T|rTjP$)v64dwuaG{!Mklb=qJkt!PW zEHp9#NP-%)B$X|jwnHP9hy-P%F0I01#ZD>iEtbqw*dGIwigjYn)KFA(Xif0MvgFV@n$Ydx2#l~eP?518AyMf9 zaexe>DC!!RKm?)!IRP$x1qrCDFVi&^`i8^#0un+_hX8oH^bxe*b-XDKQK&=d2v}i{ zAR2fb51FCcvk6(^aX*mR?oKboE>e&d_GAFr9*p*q$9u765JlAolVSLLP9i{194G=A zfr&Su-@>ADEs;2Kbae~(UIF3(Q3TG?h;O+|l|vo01xt^W`QE|f;LK&M2@uf07|X01 z_2(7`Y-h~worv5Sq6NTMA%@_^U;;QLmN<_Uw@?QMx1%VU0VHqf7lvRREaDx(5-65- z |av<&p9g#|H|ZiaPbWTU~t>5fCzKqjXkh2tvBHNIrmIzoF^%t5}d^QYjt9FzE#H${NILRBK-JInH z&`2|5Elq~8*fFDYsEtr$iyo^j)s8X|kt?DA!+pA#NRcKErWy+bv!n24$G=+`a;A;N zY{p8m(g9FDT0oAtu4%YiE9i$7o6i)a7`D*w*hh)8)@W^UB$qi+h7)Dtj?AuN^p}7| zGb~E1I}yhwyW_AR#%_$}9`7f>C^$`oT@-P1lM^S-#D~U1Dr&L31AISGkd>IRqI#lb zSy0O7+#r~<9I-2-R5^49Li6CVXg*v^ ziehjb7a_?;Nylcb-U9h+b18}@%drbxQe{CJX@)hkqGF+lo}q+_s`HY91*E719c5nm z>~xgLVmTnr*yjNfW{Q~3784X0Be`cp3hS(W0fyb3G6K0u$Psh~qRjUbjMN?Ad&uL! zXDcKH3<}Oac9i+qUFzVmA9dGJ!L_lP^ zvqNcUb-b~|e!Z>JNsk^21_lHMTo0fcipXQd4uI3yypz5fdUjcBpu+x0H9S!@(xnpl zdoS{f8SC!R7-+K57d;lGKu8Vi(4XkMnt`yt(;{EDcj;jv`XS`Rz+!t)iM&Wz65wzi z?~J6ix0F~wtcgvOp*L1}TabI6knB|`L4A@+CNF+gMvymkYYE1vvw(fsj{1{fJeaE; zf9{U09nz(td<1htH+dT+yscZRu1mffnXGO29d+q)fK#Bn6c-5kb0?G@AsQqek@oIb z?Yg=@a7Uo0O_G@*AfWT&qc&!bZtQgwp54k&G-aWmD@U+(Va}qk*9AvnBVH-Ep|Z;vicr z32zXv!%@Q9ku{ffZ>$XaJ#Yj^dx@5%DtE^{LDPym6N#C#RthIl9_2}z+DqT}MwX&3 z&6&1_tZXD5#7mMsviA1a>e)ii(8toFJ65xK$D7HV*^@hxFyoX791|di`+*!0)r|d_ ztowq?qsZ>0dpY*EUWj_`L$cR+Zx6=36feQlJQRCq5MspQ9X#}7bGhnhqVlMBJkjIB z%#QkZmavZuxIY?8fwL!y1t&=G#v&`P$xtVLOOiGqnW2a%}TqO!3gMT6t8=Pc6*hiL+Y;%LUw&=L9_JnRcIZje}H zV0i`!tq^4LTH?L6KhnazZ0RW1b?9UVh1jNeT zVrTE3U#x$5;!SgQ@ZbOb?j7^?joZJ(enUNKzvOa_(PXVbu|Qm zydK1mb2&TQe+GtM+L04g7ZHF;$K%MCzE4%61oArE4MQU8p`<_-b+n0R0nq{w0zr-Z zu?4-cH&!Niyq5s%@g`A*S|k!k%W$ScpvVGu z2X$ph-x(==2Xv$Wf!*oL6v&+SS&fhaL(&1T!5^0zWYE(E52&H18BnnShq^!n1N|W# zT5QiyLvgJ`X$qtLTIR&+olx4&)=)M2iW<6{N74yemiDhGS2|1@xGXmWN5mVUhp^z? zsi^927)k>ja-ySG?>vDUDaM`v)?!W8>pH@|&|@p0bb=JgV*xN=I(N8KvM1JBrzucr z2%#ugyeC3I6jWB8sYu+aycYu~4YWwethL%vVoO$oV&JhkC-YKjK&gk8-ePuCcVOgy z)*;z?p=Ua})v-9WJ3A8HjOFe^Cm|61*n3ENDhu~>p2WZQ)4BG=lDwvD`t>SKLss zWFDzD1gtVvQcLg+93mh`?#?j!hD*eyw;pJg0rYu?bmuIX+Y`AvB!i9&?>n-Nwxvt1 z=*n(>lu|oXIWQ&>h|RqPi^%5vu{JDnkMH&79ZP|1uWK3m+#ThPwb0+FOT=Ljjg^rEjsWRGZ=~^s2*^Nk9#UI{#X{!EOb@LP#Y)#D0L@qhsiA*oAKfDu-|tOU$-vT@ z8S8-!qI4&V$r0;*M;F7b)e)C~ws2ti4BP1DNFH&@*>SVxzPWtG^7O%6t z)H6bMF|mdkyV~oM(%DGXr;R<8|+1F%Ci#Jy3Zzo%jbb3D|znyH+ zAX=y)r-P+C`_;0ARR$2EjwXs_drcPlLzNH_ghkI=C7p$s79dIujb(e*(c9@z**b(w z71lD;&{x!@N8z>vRN9eSj}u2a6bBv);@ZwsRU}U5EDgU8EY6RIAvaPX#ZRaaQB;F| z2O>{Vi8!Iu$d*2?HS}0+s77AwhEfcmHH3yDs75-FA(cf_7$Q+0rvsNK1GE%o>e2%s zlq?M?fuobmAo9**_XS!53mwIdS;`(19u`XwTm1fLuBC-NmL{c)kvV0mhO4d$#Q|7) z0z_n{@qJrU)5MFEg^EN`7bKuU5L+x7s*pTt9n>=>%Ge4$UN(Gb&h9gJtZtQ~0`yq? z?7}p}qPTX%6{oP?qmI0V8TJ(gu6DyU+%BN_sG)?@h#{ZqICw3-ncIsaX4ED1?Tenj?JSKPX>3o z02UfjbTcZ5J{g#J4Z2zw?g0Xd9`p@x^lgJY?9C{>a|Hj+hW->x;7$vBwnD&0kJGuk zN=+OplXC5C!HO({?Rrsfu1CE&GI~TuqT&%hlsnQLGQ@$^u~=*EP0gbuBSFfoHHeHj zwZU2x?T!~h&QDCp4Tftmw|Q%7FU3bS_F0QZfJK_`? zR_aBHijEeGCqTeUX$(av)WZJ69uoz0QaJCZGfTVg*?ckZL{YOk18A<5qs@^}gZ)PY z`-Uuf6R4Xzn@w{N`2!r1NF~dUV>3|`l6?{z%GBJG`oHg zUaJO^1d=5@OI#i)G^iEqRA61oe4{w?DC4PpKjQT|H> z`B%jF8-Qv8P#$FAb!fjeQE?J`rCqr{-yc<4%${T4;P8sM!eM1xT`|vzqcWbpf`xDE z`jxvrSGfu=*#;be$`xGzeeI;IIm}x(Ocw|U}_plQYejK0nhm&o}S zQQvP%W8Z#B$3IL;zn)-zHIUy%7tLSWgZ^9ahfY09q4< z5KMLR=SQ&67sJKBN%=QBhU*=-X_gd;o4hmuYM>vq`Oh-}3IJ_T5)I=C9u9YpRTaplLtri^u7|Y0>KI{cnmS4c=NR;olA={yLD2bo@6$*@(hR zFxxlezH~}Ya;69=<&60UhTHN zw)c6!?oHq;W8+(mp6crt_j!JU+4H>RFExCUvr7w;^Zwf-MIE`iW|lD>OIi^K>qg^C7AEF-uaM6$d7HVx|L` ze)xX)ff*+0AuCCZp{evFOK)jJ|CV_mgaMQY8Gxw|$5U}l)a zMP|E2b=UC;yb^}r8f(nZ$8MN2g>M(kiNzYd$z+?D$v5m+AN$Uu{*Ktk@2_7D&jE`+n_>5gJ zeo>_Pj~_o4cCfN*AyqHdk9YTd{`*r$|MP#=)eQNm(U;|OyPJ=88horry(ulhk}ygd zSY+Yq{xwhVEA`(UzW3>w|998xu)q6%|BByl?J)di{@-=^ zZ~ycazMRzUe_H5(I@PZz zoBuO{2w#By_i)1R;e_AA3BQLE{*iFP#b$=He@K$m&r!a5|KarHZ!JclPU_X4{_5EU z{_9_uKX6y)Z4C6hj*Cv1E9#P!2F6>$?DqEd>W}A!r9F|v^AcRyY2 zR=9F}zu;9?`NOk?^5Z>w&wVV1`IyulF*lzVH_VOB^q8BQIJu!}nC8yvjj*i=tuFv* zgPCJDiM@P)pOOp%Tx5rzu6nJOk-ZP1O;o-KaQ@R3$Fi-rMRpjLWc(A`>T>6o4(^YC zWW1z>?-L@6>=4AO+uK{_4}W`xo4>aqdj|DiUw-}9KVIaci%k{}6A%CNhyT@n5j-(} zVy^!1xAO;ozhZu3uGlN)FMljef=iL=WY`Yd?Vo}RpiWc%E8eFW^M}7R5B|>lz;J(k zZRFDzblgAu?GmSde;tk!z61akfO&s0fe*|Lv!QiKr3sT!i&HE~re)OLUS00Xp>`qn zg_)g3+_m=YlqOTlP_7Indus=z9KBq{_pJ$jd@;EX7f@7Neg5#bmsI!n^JjD$&?_AH zioJgO6;kfJNyuEAVkztVyiS}qWW_phO6L6O%5!Y$@?S^`h6!>hai)#M|I;7%3%oXD zaQRh93_q3Ju)$v;0192X9v40Z^M}9HVEw(4JQr(Cg&X~%#azsPGwaXH?FDd`JluX> z+gz`{i-NdB<}jhLts>ZBt@^se_{Ep63j^AJX=wlS*Dry3lQG|afBUDuF#pX||K`-t zdQbJ)Pd|PC{hzP?P$S{bSKojCq5O_^`~CNSeFjIf45#tvcXS{cm8;GFzrMZ}FYwVY zfBWG}0q|@gFITNXz>iD=O36qU-IdJr7M`E+)g_@_^wP+jH+y<}#;*v&>Q@Sm%O|C! z@@0&%FBYT*_$F>I$J?-cBN|`9%QHFm3|aNSKQUKl|M-ge3-jOq{R$8-+SGpZRr&5) z+nikPt8Z^pdFFH&<}WX&_y*2Sy#0#SdD+RUi};H)UiJGTzJHZ6tbWf_;>|NLSZakh zDVj*obD3Dr@r4%r0?e;!#Akz68nGGk7wSXiRc87oEm{43k%`o(*4M}W`z!j83E~yb zX`JxF1E?Riw(k7#mBvmQU9>Cz{#p}zXM5YrQnm8QSDFQGbOE3neWgL-T{K9%uQe#$ zEgTo^M)jkMhA*v_2SP3tcNM#Q9!6_ZE2Yts#-$sgUrh=9o)h}5e_zf2-1?YA0SyWL z+A+RT|HppfpV$AfEcg5QKmU^7cg&+*6gZ3XQm$9)%ldQ;@+{c74E0Q=>+%Je%*Gz_qU0PeThPCzFj=gu^F)?0MS(x`}hM$5x z_Nu(f|M+mrEMjtCl9;wEL1I#zF(iob?YrBN_On(b8GiR2Gfbi=i5WE17%#~3ceksc z_(=b)z<+n^9J7z~-{yh8`dI$c{F!g#kLQjY+YL7svQnR?*rkG@?jyf__wJN*@59%w) z?QU&4%x#jbJ~r@uq|oUCkTvE(88O3!GMehsg`zRy0x(b$t{EUag2f09%g5LBtI<@` z!E^x2C$t0ZmKkB1dMTOvwwdx(J)hO1W84&UUs6tDGJ zU_lZ$=h&3rp735`z|I-39I{GjYq&1W;h4hDlFiCz`c*P9$QdtjH&JQSJ%cOBUI6Bv zQuWC$#u?4W#zjyZm~&MW;~eUKUTZ-U+dvxHnzO0EAO6zJ=6Hs#ZbW?iZpPEmLIVWp^O zKh=P@j9AAD(@mBpd6S|IYU~H?HM**MxuR3anfJkms%f&r*>$POuv?Ts1abBM*QG*s z?M+TI!gVjztE!5DsbYh){2_T_@{Q})fL)gwoKD|4RM6YB?>1(3K}k(X#=H-L57qMI zevpWo_y7INNDX3dc&uYOQ zJ^LwnDt5GjgAT~JiHEOGyjRt0RNYh`TsQpx6s$H`Wie3$&pq&eLS0{n?z|)GE_o= ztEaibG0yDrlZy$rrI(w;+e&&gLO4E`6UArbF`y>|{=@utN;Np{bs}C^r%CSqaQWT|b zp%`kQt-E+{#|+-vQA%jNN}46xpl(~PIsVmnFJ{FP+QGPk+uRGW}yILC28v2QawKOvMUm?R5UL2Q#(*8HVBZsgR{ z1^Zt!&(T+7ucYSY@W~y0P7#yg$PP~YiBmhHlv3h_P9wq@CI^OQqe{d%K}_i+wj=zZ zS@a+-aQ0+Zbv)NC9eG0P3!rErQ1WzMby|v6>-bk!{5cPtShh9Z34t}kHM;Z!N7>oM znot_{YD=W)DXDNnTP4|>z+bnRq9~<)65E6{VmseBQBc&vqp>?Eby3JEcr`1~fv6mR zVOBJ&Ox4{NwME-dDWx(UzNB{t`!;!ElBc(gmv7Vd%++a5O<8}X?@wYmd17czCrjeM zy)IY5u?eN4T~@Y>sqwLin{vgH3))D>XGE2FD)KY4Q2giDUsOe{N`mtkN!)^oiR^%s zjY*If`E^@molK$pkQX@0+af&3^9?RlNR_&)zo?eK)O?k-a*-r!@5b9CY8D_4c->}Rf34WWyYmhRStVD-fb)^M%z@%wWifq zotYM!wWTsm>bDTYlp@4AR8}0d3(RE0*rkP+;$mZyhWvI(M!a26+8S{Z-_VuMgDw5@ zrgUsqrQ?(wY*HLHx3D0 zawrKkCHCR^{3OL$rD}8fq&6(tep}njKgnWhEWa4>6?IN!OSM3q)&f1+G=~3w{_4EP zdl#og$zU{lP@72A2BQ-04@_FkwY7SY9pY=ox3`#Dc@03+k4~PRs_Kp$6LMYu8$@Z6 z71hF=h;(N$GCVLMV#mQg+p#xx@~lCc@I1oO7r;X=C>! zH)HJLJh!uea_3VP#H+@m!9k<@+Km4`|G?NJiE*tF-6V2?_+-^r;h1L)nh8}NZmn&L zq&D&{fvbnul}pj+x?5)YRIdNY7s`vEC~5k%C`C{Qe(jZAzNSL1cHG~e71qhN&XPR8 zp$IFdK}!d5R{c$@mx;a0H$hQOmEcvS1nlAj{MjaWCKbOV;HXZh0MBbz``nLvUYtWS zt!6zUYN-}Ju1v8@N^DG~#u=?SrExUQJXWi`#;U5cL&>7$>NT`tpX$IpyEqZw3A;f~ z{Y0-41>IW);C5u_mJS`+hqGjRE`{7A4Nk@8ZF%$sD~~QoX*Oan*hJSA9hDYMQ25D7 zBVW4Bl?s1Dl3kx&A&QVQX+;=UtNfG@lI$w|-pH;W-<|xb57kUJdBLnocuVjqeE$P$w%%C`+OsF6pH5 z9@_`plp^j#(q*5e>%PKOJwNT|a%8tPa)t{#h_4&Fx#hxF`wR{*Cf6GHG~k&au1gL( zYsc%Fy01&I=;6|Cx^5X0ltha&yVY~6LJ+UO^IW7}T5gr}Z2F+Uc?mUWQ=FC4EYVqU zTvnVF7gJmC&nJ3`H19(xv`*_^JAUO-UnvWHIux#$0`Cio?~?86F-nuWHBOtmS|Z>T zPI-Y@x?ZiW8rRdNrGC`MJQE#$6|GH8bQ}G(P@|Henh2f3^|#=))y?Y|eig5j*zAHK z*v<>OE9Klx-Q>)zDJh-c9~&_32F5e4TPcJ#RpnoV;g4-$enDhyzP=1VF~QSW&Xg*1 zb=H6{`%kj#msqwNTdx)6s(pi3u=MndQ>X#4#aXpjg&$H;pi)?!0N19?g zyJd7AH>DZ*OEkCEn;H+5D}4&`*`(#XmKMq-I5lrkiFLS$&7ahU?Rn+@XQjW>rpQ(= z4d^w7zJ(L6E9~cicR@PTpR(g}P#k-ks4-hFD5eoCmH*c)=X04x5!?hZZ1OrY(P$Op z;K~ljHqYs=Ld;uvi&s%}_A02^N`v*40q`vF)mn0QS$T(G}mXgd7{qZ;SE=$9i2O|678=Xx)sek1MnhSb)kh%R=1l( zl__1)(M4G1&bf1f&?*B+0rjZd>+WDOg*O^ef}k`S#4%fFk1vuby1nFUXy*S+AB#>HacZ* zsD5#h$|)<^c17L0QjJj1@=c1f9DBG*1eI*iT9SI8%DSimqy;{^M5_!}gny_xgnDF{ z?kqd87!|xHgk*SSXH{P5x$jZu0`6`Zy)i)Y+o~|7v7@~NSA~((H z(ik?~$a%78^6S&lOZA^g*4)8VecTXj1M&4a>QuX_&GtG<6B)Miq}skfmvoaCNn~dS z3QZ6*9?sn?aO$NvIUT_&cp0B6RGo}hL@-sxf-ETdH6sgPIC)U? zhrx6{)lEu5;#5}zttuaQsQY+)0Qz(Y=MR8+gy3P2b!6w zyuwRzvC}k5(kv*=b2{NCWW{Vw-qm~qK$dJiKwsAi0dGyl08q{;N&J(LcPwj z(r9cu(fZPvt!VH5mYJVWS~i*owi6JVJfD`Dm%-bTc1t*_KH`KSG}u}AILQvJP)n1^ zDw3>dhYVu8BEbsBF8*+R%64C0gmO=jpRdyU`^r$r84r`dp#~iVZj~i@e#%=kLl%tf z7CFt1zs?_(^t@0XNya$Ml98a<(NwNDU0OS`SC=vTvUO7ua4rtWQ|t!kAX^Z-fma%~ zRVtx0V5*pIV3VfPMnb#3U7`qQjGa|E^HPhSbalQV#dAlOVsmqnF`Md15Z8;@lB?~A z!TT@f#2cu}X_KTP*j18vyMVM~har;}Nt)U#d`)eFO$qpu9gs~{X(O9FZQ`?WLzUnw zl^|{sMJ4gJ@lg$o^AFdQ4(Zte&jN9EAE#it?QH{^Bz>yOH}X8Fkec|sV)XRG7${Afi>Oj_BHlg(YHMQ9MWeq0LDvlylDQcLHYMLA3K zbEK$626arh^qGREN}t9)7~HSGDjH;=K|&x3h>!qQGH>N32C$-P068MH#k2>CV9eS zxca(|lQvSEep}H^o>Pmpa=WORnKsI}Nv+ZoLF$qfnjviXSm`P~@a6m1&D z7a%l5PR*L9z-5RXuQv7yGb?(?)AP!{I$CnJ*YlV2y8U+-SN|XI`_}q@?L?XL=`S7Q z%k}@gPoKK%^Zh?v?)UTG{v|)%$EUJS>^%!B)@M*{1H8i?4G8_%l3!f+wh=M6ffL=j zN%YZO1vgF*f81e**y%@Nr?)BjUnKas)LZc;`e}aipgov313?g>@&9{Q{#O$gGgZU| zkRM7>Qa&yrd(4tmX48~;P9y7>Bs=OEzp_i=oMLE%%Ji(SUyr8+@yYOMVsiD6&oGf@ zcpFreLT6#?9GD>q8uxWNkZBgYesqdK(O}oB?JtK2Vg^4w)d|oxC^W0YOydG)aTCRF zploLPaEh_Lw>Z9c)9J9>4cGn9)Fa%M7;PHSV^`jv{@O$i&OZEDe(}ZI%&RNMnfJ{N zsg>7E@h2?9i>dS`@c@r2rn@it}hpXx1 z{Nd_DeGFR5m2FYQH9gO-u3%|^WbBidS{WU!pkV`Y6>qFw(>*gMueSV(;4LQQEFaG0 zhV&T1Cb(di9l1EqlZ>HzYZ({^CCrZqUVXS`YzEYKnO?pI&FhP&)x(oVR;$pGn;ST2 z8X&cUDj0bx1H&}0iMOSt=AKdfm?a6VDx>vggyQq|`5ICmth7KK+@8MO8a}dJKZtQ% z?pKn2IrG-Wp%Z~88IzwYlbSSrbu42Qu77B)Pw9)(9B?xsn~;X4u$#n56u8wvVb3V7 zbouJuH>$)&8~`;U-X1=PNP=Mv+FZR^+x>5^3rESQ$A|aI;~*D zRBvL{L_kl)IoxhpxP(xwB<&dI=;L> z2ynZKda6Zt$dmjyEg$=e2P2P)nqU7h&Ax9LQMsmRvWYx zE?Q#v`}}0=)_AJb?NhRePrT?Rgw)&SMlI*96lywleY&6HLeJ&RX0J=q|2}6P;yBsF zZY3V)xF~RT(hGjzP!5JU&MR?TBfjk(m7LZPc*RDqtt}Hgox^h%FfcClfeE&&_#d_l z|C(_UuPSX@Z?Z#^XsM5i%@`bSgDjzEyq*Gg6li%vis0t4&dJn=3^DYWwrAGE#m0(O z6@kq}w2vmQ)0}Eh9rAX;+n0RZd`N@VC0^n>e9;U@Qy)Q*GlNa+k*citrPyl<0uCQq z`zh@D)Np(jy(It@XO-~B-f2x5II28v6}PGoUMqrT(@}dr3f+rP&amPB3$bduwV!#) z;+OCv2DZg{Bp7xv3Q&w6^jFykpag2QP^c1+%lD(jSODp+ucMjbE zw#8W+ne7va&kXa_R@u)daoten>oizS@x;#OpwgGoU2Wc|cUsZqr%f7s?r__sC?RDY z5u`Tq3oGpdNp}0n^bqmZc-sCKK~M^$$6f?McRLgRI!t zmy zS6)-0q9k!6%gbdG&QiZ=J+ceiwbPTAQg;Nd-0_l zxLHz)I7ajB3_m8p8JgGo)*c?2hxByP_^E%P^jXp@$T0)3n`GYU&7cmwwEZk2$-<}7 z&pkK$g`a;TN*DBy-O7#`VVCaNJFSXFFAe?$pMJxjujs&Et|eaSN)!C*%}%ds2Cec;bvbCIxHdV?Uv3IGT%@_{G%>9h zsNy-)BRj`Rz63VSL{+loB{nMfU&B&kj5riT@08K1da5%FrQ&|s_@Au1Uz^20NqxT@ z>a4;4-RkvK!}I@Y4f_hE{YoYKR!{#DJ^RYSomA~;z%vit)}~>bQUk2AWRo_MSg1pq z9Cyn#Eez~vDc!F$4;<=Uas6Aid^^HhOp=t6wVouTa-UjjM|Zg9!78o=N^o){yjIiX z>FjXWEhSj(W2+SIrCffax~Ua(c+o+y6w)6k8_xIgx+sdLae*V^{z;(KJ>|BeooWyB$n%?W! zZsXI$@y~YJvro_d*$@dytSN$|W|0__s}S>RueReG*tDJ1wXQ71V=#GRyFwXT z+`7%Q;OO8P$>=2mCsvNW8G$<8fk7haUrRB?z8uh5?QuM>zfDU!U*hURRJAET-_r2l zAaT?%ZE;!NLrp@{X_f~eC+lX(OK9Gh_wf)#d_% zdN`I(-k>D10pn4pLNqIk?0Y;gdKEYuM4@B~L8n5;DNQCihQJ)oaNK?XVL6+y8LaVy zMS-bAg8B|n+c9~r_^gzNBcj*1?a>k}ut%MUiX2dXqGxK+l4CJa;og$YSwPmBCb)(= z!KT+vb}U;vS@zo20Xv1})Y9ly{i4^!1`!PGKG{UG)}wbv=ZCM}o@?vaD2$kFh$5ho zn1riVE&Fv_Iw4EAvFs$qWe#_J;j8Uze6V5Z`bV4YOpDN!dGph2SC!QyLutggl2Zx^ zH|AzlVS|64XL)LAw3C2ls0AK{9~g?KDoDy!+ctIRk<*fbw{d8AnmA@tp-huPMI~r4 zqHZncE~J`=nuc|1QvWjM*AWZG`ZnOG?@~rlMF_YzQblD&tiZ7a^adtP(}yu?8t1n% z(TfGNUOrL^*BjQnD6r5xwbWc%OG^rGPf%Zi;V>~~o>Wn`2>xPu9`!QH?1 zmd9+?9a8_2{E$xQn~x)4LSJF3hD|^eIXO5zKG-`WXYZi9(}UyPlijm} zH~%1t|H!`f4-joWqD|RY3!iz7driVBgOhf@E&OsNHGm_o#Vkt>xZ1&1ImAO$A;e7> zJ<2=|1%bsd)}U^zx|6CGzwNfKJ^Bgz0OgEQ$R84iVEk+J>9>Mdsy_CcB;q0?0nMoT zQ_!n09xJs9JV{bM3MC_fouJZmE}F33zvUn@!HCN50nXZCOnzYLRJ-Kw<|0c&3SJkF zMd5!8V=;c@T8^J5hM_pYl%`At+*&C{3;z=(fJvY=Ly;qt>s4i}7Kf4z?3hfAU#-KF zumzva!InHkK~B=2gqF#8Q(dJq8b-pHb}Dgv7AZQQfbNH^DnZWG)>M6Wr0CK#0bq{r z5*Gi*{*UBqFu(G6%=cfBXQ)H?VZud*=4tYcxBWss6ImX|EF#am=R4rdqwe_I-V3~K zgX%mW&pm+15*Bq;AwB{vqHs9&(^-;r;kHlu-gAJ<5KuSIB0;viEw8@~&u1dy<8C}A zPgO%Pfilp29OEpXc9SR{hjDjIMaI%>8m1|~CQ3_k!UFP|X5@VwUa?frh`f?R0h2Ng zXl{$I?G_SOViJzf+5uI|$Z zhN`Hf&heEoe-iVEk3*H%0*6f!mI|O;%VAzp<(SIj7+iUk%{>MTtuK1u1M%8`_FgM6jezG=tgUmW@EG2{KN?4CE%QdaQAr@W|QmUPESd z2#`_2hH&q8MI^YPT4kG*;Pk2OZco@L`a-Vg5)9Vs=#K|gf&&l(oYz{7U~*Ha32u1g zRB{v7M^g50ne89}E@m%*L?edV4QD{y6oWTnLN(iV)%b-ErE&(7@PPwV_yWWTUC}5< zdN;X9B(=-YsFW2>XR@K?1%{SLXZCU~z)X-|SRLdTL`Gw$SC)nxGnNUyNmSA>76(Ok z>T=_f5zhx1B{zvE^VqgZogMGha0OiSc3XaPt$dwaVasnC7;rJ%#SHZ~hrwL1o5ZG$h>gEF!RQSGP=wL=KA&$VOxpAwdS3Jb)f)1dT zS3R7;6b?HT&J7h^G#UC7BJU#}k6Ee>_b%?KkYX3~0W2U=p01k&EH65FTgFl*oM3z> z)w?-!H*|tHyori@tmi&=F7Bm|JNw7_*XP0$R%nF|E9pnLyfi9(-+BQ1Kyl#_W5JO6mkvMH_vi+e ze8Y`A&o56~f#yajX<^iI@1SMo04F=Q zl8iHz_E}7TWeSG*Tg#q$kjmU-O4Z}82?1J+mHByAXqtt7BxxX_iR6BULaK|bl0E|C z;R`$7D7Xl!iY`sgj`_StXT>h=8YYDq9Ek-_vSj7zYGp;%vZ@&kxFU6Ur<@@9BO4y1HQtqV{D|>}~fGj+io)hs4B}qPDnNhIAs(*Oo z%sA2(-D94cBG*i*cLJ5XNX9XJfvD*3;npB}2rP`pJ!K!0Tk;sTegxS zHEBg*e2I0e%=H@Byb|=RoetM^9saus{~S^w|GZ{H>xK5LwZgn@FggX~I*p=DEH%gC zY;6N`k7?l&`BSDs3XRylwtL!bqh|hs^~)L!D#F&})DH^Nam21D_$X?uN>axwU#Rkj zS%)^oOJ^2NS;>S_^7&?Q23ZTC(1dcfx7@I5ynI3?3O8u8dd0Sa16Wt$ww(>A78iMO zA+GBaeWO7ss&ey~j2LF)Xl+7`K!ePq>PXbsVU4XhkCo+T$|wjtkWHX{wg}^qts{$^ z2XME5KI|@rv!Y~K;j4@Up*8y+*^NmJED^@zh!GPnAi|8fY?~30rzy|zu=VLQ$(7?e z%~%wLQvM%}K!S|8Zx^3h)-F@Qn86SGR^#DM}!7}T&9Ll61k36urQ|K@+YNf zP&kg9x@|>lhO$L~8n9WlAFw3iP+%*MHSaEbvYoOK7HDJcbH)RRE)Sd5;64X66w&3z zN|UmJp@$4hPzIYMhOCe?FzqmqN0kj(GfrwY6c2N5{I?#%|DlRWG3JWKM7_%uOxn^0L_ zu&gPjWH$Oy79h+Zhti(%ic3MKA{Wb!&=^664`!-_DybTThXpCJMzrT(SZ zB*TaXIv-xHi-)Sna&>Q!oHWt2fa-TPm1HQ_8OXe-$7isll)W2hg2D zO_@M7SDw`qWyUi++&08J@_m>I7L6bnNU=OzGP!t~Ac{p)+0dwtGb)zSmqIU|M8N(f zMm0}KRTh|1f(eTvR1dg&^4LI-OXs$c0gkY27zxp}gsFqXkW2^} z^G&*za#tz^DCVHml_H>4pZUxbmxEzoy3K;5Xc}gdDa%41)3%O79~#=|uA5%z8H8_@ zmgoLfpq7Exa_@#Im5P0-9`|KB^s2?kc z@Uo$cZD0%A8zm4mp8|I-ArL}gs+Ja|19G+VOQ)c+0=nd-QD1()hIS+rt}pctmmaYF2a&s1HbjAt|=6xedO>&wK-Q-6qIF_uR{{3`AQGy+AtVc|J$$JWKGzWv=DHAWh79NJpLTzR# zF{(sa#T83$9aI$twmUA{tWl{+$x6xD;Cvv71?f}5KmGeD+6*zOIN(HZllLsw{xfz= zs7mz?{hQrUSH9L<6mbMaD1}viv^L3%*3OxSPKGX;!JrGEh=o!#psj`ujdED)NDHa-~^eku=3Mg7c9se3?3~Tk9-|{omv@@KMDGg&A`xW}KQt6bB4v1qHm?-5| z0yZna2joNoAbs-F@m`Pge>&c4>h4gbas7jLvh8-#CP;Nb!kHE`+WP5uPux5?&7x@u zyQ{V{TOu#a;+a0TCwhA+WLix8`LgqFnUZG7Ip0q9n%kc5O+w4tA)u)jP2{^Vjb^_s z3_iaZceuUIR^$>Yb5w20)ppa{Ry{6)RzpO~;jitK=48Lx1Xd=<-!W@dqO(>l9>h~? zmP>Z9{KU82K5sVh)7|6Sn&Rp1@x4u^J}ub1SyU#mG>Gk`N4ka|#=Yqpl&V*rKw5q- z=bx(fOT}3$CG`5^`0++b%tQVnxpL!x(I=gy zGb{4hK%BOL*dP?Hxwv$&S2qwT#$q@lD=tG;zEUSojB={C6YzkD%|vE<%eyZ4F^{{J zS3UK!@CsDG^UbpW6+F*upSdiL;n|4hQAUE0j$aKVV^rOGZhf{mU+;Ue^80{bo07eqTgNP*!v%s@9%nSj^nK*e@+g$s&`HnxSt zoE>f^ub8|I}jO+rV3iIi-`w|2+OHe)@l`<1srq;>5|=8*HrpG3gb)L!pJ~*v8lapRq^xzlsW2> zUGmG1W_*_3_n+%}QpNDSkoN-ai=GNU5WQ=jUPhb-@F+{AfR>700j0O0x<$(k&>>TihvFt<`IQfQ8*+Q4Y#fS=rNt7Nle@BL15u~##wJLe$ImH_drns zl1$b9-UP1|dnzzFH67sYvCllHcXlC#tzbyI?DB$$doHibvoQiq%%*aW`Y>l!%O{ zbj&(W$YH?Le6)4`DWTI~=b1f_mcU~M?|@Pb1NWRxIl z>pO|@uukz}m@)~4s!Xy_s?muM{+_3hEMk?F0V}A_b|6(2q@GEo;e*>>kHx*y(^scEKb}AJ`rcL#IotV^Woam>RrPVM z`|u{&G}`dw@|%Mf_e~82Y1F`?Y)p-x4o|o^l!WmNUA5sBSNP_?Q}Y?W+Y&66Wl~Yi6s&$R~k{W&&%yK&8G$W z2c6ExB5MM1e;-wyDtYxv8C>QB`AGJT-}mIvPd<{j;OhkcT7MgEkdK{@q+9h=um42-x&3_SNg3LIasDG5-_64) zLDPTkJli5=Xk{mJ#r!0+%0vO$*4EP}@aOZbClzR?EXxz}AAHz$Y}w>pSS80RSqyiRBR$&(FoM#ZH*MGZAUY)+suNTh7a zufRF1WaTY99t$33iNzq&D3fmpG3v5O6pE?WK~B$uQ|9Msn9VT1jNV3Y<99@HvvFw6 zSB5oW9@QZf4bll2X*y;ZlzkNm^%)sLsSoF}0gm)j##GXTv>3!D)#C`@VwfO>zQx<5k4MuJ7|)uC5%SeDf+q!nV%$ z!rM)$ZLhHhTR3v(D~0+TqKU7bDs2@_ta>NOY-R;-gnX`sM0RLICLmLAM(aFuxy zyr)ByAJAvt9f*$A2gJI^G{c6T&wFr)%X67I(kH}+$Qyod$9vJkT;mwsr_W@lQ|(Ve zc71~e&0lmBD)?Hd!H0e2-eCZuOu3Nth< zmvXW0M*FhJ?>3cF`V}K#hMtTg714Mxq@mnp-fS9OXwgluOlU%DHNT6Ciy56p9h!uy z{PF-phi1L2{*Yy~-?DVkDI#uK;zbLq+`V84YjL&^Q_bVPxVY$SceQIdu#_Pcla6Eo zeio@aJL!&y;aGGUk#1apg3=W50I^`-tKP_kmwoWm4f zZtraOpFO*fFRrGZxTZ-0ocLw`qSHY+L`oPjhu9nC@On*=y(44N!?8GyJF(W&QDK`Wk5zW66|8b z>p<#M6jchBM%2H^`7RtZrs~0B#G96aP@XddQj}f*MPMn1K(;lF%1xb{9!rM!H17Bl z8jsO?vB*>e(XCc(c`4gxLhD9U)?S{@P_dvAwMslNqoViaIE_9)>!Q@k{V&jZy(}Jd zeQ}TQ+5~pKHxFLIVp_*$mHfsR>E5iOqBt7G$R)yxz?V9eu^XA*K2?$ z>IJD1rq}75KY60IoxIEC$vCBf$>vN=5$?jzcd=v+B}}*uVaLz)!J}ANDE@n0qPE%#Q_Pw7}GFbb$pWX1|f>Vd-#!kHGxzan8VW*mLoar!FfmGTQYh; zd%Hu9=yML*;sZRYQ0^b7sB4M`nHboIit29RGPgr6XiDL)ZL+CU4rNpT4r)+isJnpGKyBbd;<=P7yj<31j@zgUVH;rq>c8R7dI&EqQH$Ldrp)>w_U z{k9b>bLZ=-R+M;2i&S~Y3ETitz>me$Zi1tE;$U&0gCN}bif~^K(dATgL~Zzp22;IX zXaEE5W*itXsm_ITf13jj_W8;Z?iVZ5K6*ryJksf?N|Gw1OIJSGBp2VtBhkfB^ln14 z$#)mZlZ9pz6SsZz{i$lB1)`(xPhmZEg3!Zb!v2**;x$e#zQtGFF!}DnBmdAdXR*Ls zfG9Sk6+l9r}@5u-v~o zB>-(Lyo?N!&?d=UNF(o9FCAtQj!4W&FpKFl^oyEglGcot7zgZ;!wm7IgTPn}f)y&! zGEPP)f^<;uJihX@Y3{;RSH|Q*37hi9c|q2Y z$*p!}6iT>eZ+W1#8z+ngKc`{F-cr!)=;5N`M`3V4ak)`nQI(?A!|~%mt9>ecj6w|kOUVq>gfLMr&HM=y zaObqBO&AsIL>Cja!nGSRX{)X;^delCl1!m6CU}>7LcVRFZA<$;RppI}xx)6=nq&yC zq|r5<2`9l_N6ky;^M;gZ@Fh5QkcP485J|KBAW>NukN0HLBRXXl%F2<=aL^D=TWH8> z$1+UG)zTsTRH#dX7!*6Rek(#>k+@bxx*2&8iX@`5%D9Fzauu>`jm1J4=-7!- zPI}AYoOHhfUsrIYl>dNsC)iG?m3ePeUpxi9CPWcw)ux^p99FiQW2f^9y;AZv-&<5Q z3R97p(mskcl)RNyb=3lEgHD&6l~(LmK1BI+6Kn@1Fk_bKwH~-jr}bpA1$5T^zyIg| z5e%aUU#bDW{8s&el7eDAc;hHZ!g9^K-{mWsIxGk=?0L&h)gEpS+uQUZwbUA#EnjUFMuWZqXSO+!^oPreU$ z{8(ulK=~m56)R7k(l_p9U+F3IWe^0Ft{NSw3{*3&+6}A`veb#vO<69O?y#w6To15m zKx$PQXNna*N`MzVsd@@8hsZpel+L6$R3O z3M?VYQr6d!z52`=L${mc>6lf8BeZIWI!0|*{uhG#A$96?6_*9Kds&k<|^gJ}M)HeS}4lorw53@|mj35TurAq5gF$&*j$F!U#|Li-+6^&_0rT^eS+zonN(ePEM{2Q( zZhV$zsvr3$-dosh_H!wzYH2hBEf$|Ii&^tIsQHqs}?jGRN2%;JlaymPY}hz^+X0S=3$#B;8Gj z6eS@%o1u|jr}~6`Vy?uXFeW}lW5A4DGgVO4WY!N=q~2VWq@%|2IzL0!OeMx@7bEZ* zvW)b2jL4y|X_C#%HP0vvvOJCD(=gC!QAfp=zQ7BZe8*m*skgZQfVNnrkRF_aaNFR7 z3W|*`4o117mcSaLxqa@2f~Z&-P;=}1YWW<*DGkg?;2F{`9vPZ6o6>ECk7`;W$?X+n zhVRtw^3Ek?|j+vkYu6(N1TL_SBxuDtr# zxd^9p%=S{I>e2{Lk6Vh^<*B?sd85Z9e^MqYq}mE3gVq{IhK03)WLBXDl3`h`Ai;y< zJc=~kegsBRdJG&ybp)@PWy6oqqv}aQKr^xioa9lYEv^-y>SH5SE*fp8vl}lSsuD!a z4us9tyv((4ogLA<9G%Wl$;i=o)^@9)4JzfQYo-(T9?$`@bB z%~o%5=U#l5HZ3}eKMpz1q^z8%1m+iwx3O2crOtIO3B3#j7p3n_xX8ey{LR)kPd95D zZMSLk)NORpF>GB0SEW4TK98D*ty_ADYFZfEk#~M17pJ?YZ_ZCo-xT1fh_nQzLO;+@ zUjoxUjx*y}?o*v>P;VxI>r*eH4{IBpGT zIlUG9w^Ke(7k*oCT=Ol?K4b!QRc~o>VZJSHEQgb3_!>b9xK0=1h*L#w zng%#l%9@M5fmJ7XK)MuR6jnqlUgrO z7t|ujcsqpYLVXHdCc;5>eNtw97tT5<@BNHhBlHTM=Vo~LjAcQ%sv-Cogd-@B7Fwmrye4E-SNS&AbPiW<;^_{-DJ~AME?k%; zF20DBm%$q5jWDw!@6&5W6HFO)LF~&~HOUv5Fq)`RiV!_CWn(&=WlU_y9pB&DepUnD zg1rbn7QSle;82B}0o9IyG*k)8xpRV%J%75RNA@cpIs-dFKl2OChjcbJH45Wwy z@r8>=fNQqZgcwMMe_?e=KiG&_0v|@SXpf5i_Sa@$bec+YyE!f|xV?**k6A_YdAwsMHri0hzVl<~zFrsH=n7JxRSI+F9y7FSELqt2m&el1*Uz3lfA)OGz=4kKp}pqUWR#jZY(NNN!#Jfv zd!Y=*6r+-{KN#av$S_`v65gCmQYI!m3NA`}1*-Gu9#HU6;nE7GD!;~=khi~-`AqgF z&nX?>WLG`aE7*}Yh4*k=|b0;ALVNDMRzgr^sz}8 zc}rs0Fqy{f^pQ}L9_u9+Su6Rd7`7T4dCLP9k-w88m4}V2%b{1Q5<6evVqYZT zwg%(rg_mGm=#ivXA$)yMokqH7^lGN z6xQjPPH8$LSxRGJGG@S<_SI}BcGhk;6RUN> zZLu>=F8ABto%EUpSGTl3=cb`wf3^Fw-lA9l{nhco8x4wyO)|-+G=}?!@H}tB*~e;_ ztL)_6pG&#$Yj-qsQ0{4oT|KWCcXwk4f7$(w)Bgi*GAMy?>l-Zer#IVOmFf)ZhkI}9 z&N}F6g$;7J_f~JqnvD_qQwMhYEl~^C*$NWsUv(eIxqpsLFt=>Sty4b_Zh`ve4tf3E ze(i36o>$ln@Als|pAtNnI-uKchB~m$UXVcls(V4s{d4SvrUEp#z716F>{~bp8b-XX zUexUb)A%tX}4Cucq*%uhN@8iKl@RY)MZ-wrS$0?F? z@I6n#Y4HMGA#9t5B6u?#D@x4@<8d5LKavX!7OCy%bubbu_XFD3Io+g;M$-#Tn+BL( ze|Sxdm#PWl2z<*JX}-E-GZN_PP>>@9JT%FKi_G~xNyFF=6B=DOz9a^ad0z?hgHRi1 zC>T+qhEfHE@mzHdyIQP>!;BolUcU><3F9yW=qoX`Qci5U9E#y=VRljNrae<@?80&A zs=C8=wd<*J=7VUY2A@{TVFY;n=A7(csavqR*?ZL_4J|V*a7nY0*kF=M1>bRtwGu!S zu@z8ABAABpKzl27x+GvzK9K)cBz}-HLRa&mWJzJ1tao_CY&fO&gA2KHAoY@9g%2VY zk*f7V?5yTii6v((OU=4qtZC6UtOQ1;!i>r;A}85_1Hkkdx~^0zyQgt^lKPk6+~Gug;;ZP5lkJRcyQuG4Xx%~Lj}X)xE}+0NV|SNWH+cdkxr zbz9ljQZ~}w=P4V3_xa`5;+%ylp-b>7<$E}=hn7@bFttn&S$)7b~Q2FLwL zIG$MN_b6mh0CC2Zij`p;un(%@R|F*xIiW=Gu8-NF&Zkh?Vk`*zkVIVap>rkY;72~q z1?%uU>+(@oc}lP}<*MFt5ROKn5BogKa^=qpat}yGAn$mNw?*BsYsSok_Lk}lXRRtq zE1uTh+S>BS_YyXYkV7>SqUX7(d^+HD6jIQft0d6;nx=t3Sqf_8dz}L-4KHrF6y!FY zSc8K|?-4PHLO7J3ee{U@JfYcRL1K38d0wZ}CA$#0t{9ozl+!%Q!i>c< z_GhqF-t6xlSBbii5ik(c&UFOc={rh;v{2LYiizGW?$;+E1O_BFjl@*-X#>8g-j>pgK;bzZdLX6omO z7v)!0vgLSbTCYjsDmyZT`=P=2;RiW_BObFmtsCv+UOzQ8qIYjn8hYLM0OESFKo6@_ zJi}RAKFY3X%6jq+mS%FXrU}i$VHkzktmj8GmH*YvPT0T1_dGoS!$3U0#zfY*j1NVq zS1v+rg|Fg#?tl5ba!Ko0d8f55S*?=CLZjE1SPu$K!|mcD*_RiZk2WRivex7y>KN9= z201m8{#fA%pj?0(O;K~2xc_bVPv;|f>TP>lCpBTx?^x2<4(WnNp2@wB6IaiKkwXi5q?2pw{&N|7UWZ6CgI(|L_8v41-kGq+A) zdF)mWTMvi?N#Q^8m@TG|{u~PFmno!Qp^$zph4jl5(yvlTzeFMZ5{2|@D5PJZkbWbD z^s5xoCm$6-fIMYqwEHN9$GP^rvRziM>=`mv-*grJehA zWtV>4xJ$pT?o#y#W;*D5{pYY}iN^lB{kM8YZITnLZ>A&ZB=_4^h}mbpM9kOo5Yt4~ z);k+9{R(2Lg#C4yu)i)*@z)g!ZG7UU@!~=ZcD$$Z1)|D+QirWq`52`;z)N4@<&-6J z@q)DkYtd4?(pV{;D5Mk*ESwY%5hYe5i4hAdP9GoKaQ26In=(xN<1K199)9zF3-v$Y zaC#1fN6!;_DTT*y!~~`|Yum?s{ZGHY{q#ji|MRr}?D>QK=RSTQk*KOta_@#$YyiP* z11Yli1XNY(EuxYxh_PNa{!JCJ(FU_FW^hG|R+p6RX&ubHHRz~UgNn2Z6>?N%2sO;& z^V;SFvWIo;R+E|E&1g8LI$c%7eHwW*&B75y4UM=ScLR3C6M@BbhxD9>@;|-iE*w!% zPg2M9>wgn@D;$vBle5F`clXZTo&4kc{prEU(eB#=)k25k&-vnb_w@AVcPIPUw-RG? zdoBhf3gi5P`Zp|N#{4W#*#IxH03d zRQ%ev%og}9HNOk|)_3s*;nziQS!vJ$$u*zc1)`g~`C^f6>0(;o*=>CnD6Z|{3&O68 zTwAZz2EC>BcY@&hKE6~G7ka`rY{G7QCk&#dgD(}cg~qi7W}U`&f!VqazEsS*y6YC$ zt$c777;ft13&L_)jtG~)vD^A?q=%Xwz98&6$gQ)iw7_!1XLo__`CWafcz5hpEf8LA ze;1f;=;I4Q@#j{L{po*8>VN;0)2Jwy+ENL;!2hq`e^%E2KI`x7Jm`P#+?f%( zVv#CguCns70P2SU6?7ANxu%<05f%fowx?U$pxB=t^QanS%+P#StJaY;Nm(_K60>2<1(T-TEYW8JgjF?utqE% zzb5fW<5?aC-9#j7@H!k$0a>b)ul`1RC#5GmViiDEmQbD|9G#_ei_DA*+PwvPA`qAtVP2 z$_6Z9alm3fWR{r^nM&b%Ww?#vwgYr~Gmm{92O%B=wSi3!?BmXU3->>UUUjD|qXEt6 zDlA~`{s;4azr6oO_wsv0ek$Svm)ZGN-fX$?&(Af5ARCD2kVONsR?X`@j`)y9 zZhA=+U;;;+JjKj%*F|1}Trd)-(#45gx|oluDYZQbvp%6Wj<7u9V$AOw`dL%$O5=pW z{}|l?xd4Xz0|d}T5x+*E5`C3bU^F1r2Oo3;9KsxQ*og5rhk8DkhrU4LPl!bfSQDNe zQ#MPa95>`VVl>uIb!OxNgrIji#y@i2l2z&eTQ!9Qi$w_eU*&go%XVme7z$G>vQ*ws zR|7XC4lqzqs}!t&IaMB!gs~k8s^+a`Ewa=sPcdbbJUit&Z1bjGu9DZ5R*!L(kmXjb zn(hu(9eqek(APjqgnut0N%iUblQ;E5SW|MaL>V@Ys#q%Pe-@5JH?JSgnOfS%!l_?T zgMcMQ=<1smj!-vm9$~o-#{A)x;Z+A%sxi1|oRxhBNi?abtyQ=%?k%v388*+k4tC&{ zYSX=C}r&FU*t8qHju>uMh^wd9>rb;x-;_YjLXT7@I)_UW0Ga=@-J847YZI^x-J z%7i>Zbi@$&aYJs3e8?gU9Tt~i0w3$V<&d5s97zVJvn)foh9#I3Uf&@u8mHCO6MMWH zUDKI(tWX5puk^HNd&I6-T5f7RELz&LEq~y?>)1+~H*TT#3?%w~Wn zRjy>$hdAq_7OY5@Mxpo#Y34_ItJ!5@^jAu-7@8^_9@$NjC}cvN;w0gLE)Pm|Rb!Rj zrbtb1C;Dhf(l%sGVXE6vubGPKZ>vItJHjJpx2 zU?W3a=c4UUTgb8=K~_q~`rJ}h+^dsgtI*sQLGeo|8Vpm*(}feN)T*tY%<3g=1VK}rv)f*p>ucV&nds8>aqn=pZ7<;U1$5iYcIjfftIT%sMSj&2c~NQGHYm8^ zdHnh5MBW&Y-OXd3bMGE=Z#0W8F80R^LX8(L8>aMuYFGG0!$M&@=ZvZOs3nICF%J5S zC!xQX>0`_^WUQ$loHMGhu6@fzWbKD_u-vHF>Vwj?Oxuh~s|DH)OVqV*r=Y?Bs=11h zEKf`i^XOViGj8jmXdmjJTs{GWXRh=uvfsgGMu$bEgEF3mYI;?aHcbR|UIm2W_BLNF zopDsV)j@+KfCZr11*jD?GCE#$1{obU4SiR>glt*}flyEisoaQ4=@%1fVZkG3bd2ss z6Mk*70HR*C+!&1;Sk*NT#e^w$Cr14V;Zkl}0U0KXkX~ZU;iZv*iA4(3)S;`4u!IMt zqM%b2XKPmbDjnZuF;S{=h9x}k>|PsC(sV45vXTuS`ANP!I;@(b?QyZFWa(Yb6En%& z5)}Zj1#@1xW~wrW+yx>q7;~OdwYK>E(igj$8r}-jjTmsl=x)l1=YqX!mfTS4{Ljgo zt#a%OHG2{-SR!A`CbOjB_OOc$RRUWq!S}kP{BTxolJH;^ zi$H${_020E4$WyD}d{nV`7QnmUmyOg94 zqe-?h7Hi~`mjW{-H%rdCQ0a>3(4RLWp-9ziYN9HIIc?;EEyiEcBehhtG|XbY#>G@1 zsHj8hXCT*i$sN&Fb_g|8ZE4wT9J~Tk&kd^{rzVZAtuC>w zMYUsXT&JpFhkl!T5fx$ytF)Ud+?QXs^_&5FL9jt_HxwcTp-wv_7$ z<)n2i>fN=b(pxp)c20x zuRia+#`VEi>`q4 z@NlaWM^b?*XE!Aj=jwNx*S=c8`%VdCNHc$O8veH0bpyU8BK)mM7B}y;oI1??O9mW7 zSb&zC2XK>>7+DxYO$9v;gtUN}z2?_s1oR$fkvj6lhN-d(AXMO^3%xB@)6>GQ&L$}n z6CN#A^39uArlBm}p;$ER>Ego%7|lq)nTQ`}BxOF69m$&&cn`>HRB`0%fh;+9 zMF_8;!}p8b{p!gPhui4*2{PjGxSO$bY9K&$A@+ezlZb7SNiY(FUhmtO z2kczlIKLZwoA5OIu7^GK5}Hkx^<5^YimodcwrJAE6LZ1{zm8cdCL!{Ygr(C^KpC9{ zMZ}=|kYv9@ut|FLn6i7C2S_MLg_B9(k)J0lCa-o6C1n^NXuEdWrt__Es~b=0B_jzJ zkoZGqQ;EmGL7FFRszOzUiT4^(*=G-qxV{)LzZ6PBIPtRu`bwk zSL}rfNF?~2wU@kXmqC^;+^zJBmU`K`cCR=m=lcDJzJM=>8`pN$N-I&IrffND zzKhs)voe^9?!e{84ND4)ih#sYhzLuLAH*G7LTI>j7GJ!UU!b%`WVd8p$6D&p!sq?% zw~seg(G8J0`#{OKR5ln?O$JT$JqHap&Z6Al)?mWiD&4Le+ZOThvtMr;D}F9AK9%w-!e0(6{sOFAmatM} zFv+Y`0!3{UdkAl70(3T^0q4nW&l{^?-U|g(yCUm8Pgz%l8S_3&Bj82y&SjodG#raE zJ(vOxa|~@K^crjS3EN(_iV-`lgS57M5Z<94_JYfpDI4wD`K)2Iy{ouxQA^tZRrF=u zCB%v~!8zU7HduzVvSE;DfwrZEu-x&V%{*u@k}_X%q}egeCM{x!6jJn8M9?b+y8T|E z<|hfw8sbSY;5M7+U1UBdJhco3I6@z{uZF`#7uw5;*CIWo#ikO%r?#S*oRDa9HB(Ll-(SY}x^2fPg@7jxEZs&hChPe!%Y(UJH z#57qP?2gAN8^fjnTlj_t;T3ASog+B8}NHm4mua?U31R4o&S|NW&>jWq@1#0 zwqG2FY7=uzuSMS^2x> z^FUV=FCBRICt)^DCgK9PjR~ZTMhiE9>G9-X_s!duk@)5#?Fj^3t!CoB3>Id#G~NBU zzegs#DT=FT#%2VHc!t9q%r<*0&RFVvx}+UG4P!q{76 zvqLS!G*-dU(HzwBehFAc!)Pg8qg@fmWcH9F*fT{=)@~wH)sAy@Nh+)Zch}-m?HvAG zGE=8W1V4}JYSP6oLu@slD**`o6Gd~@dMc!>k)fIIutbuHQ#fkjayAr@s?OuH6p?DR zXl~M=QU<=}qEe)xuoP)7E=B4KOp%2}rbuIk*c7(p87~zMPJ(p+MaVV|Me=wH|Z%u&R#vxLr*>(tH3m4Z60v-uykiRE51d zHdI?wuWebqg#evWd#14mFFk83EX@HbrRtk%t1ZfyU9GQHNCQnwzlxyGRDJEn;bl^+ zc$csk>)@mNd|SzY$PZEY=0%;bT7UgY>^fAF&cAqK;U{VCOnSX@kPUpFp6V#Nk7Ct5D1QH!%t7|GqY6pmW# zxk}}r8^;j4v$=TyaUHz-iyp4){m&XYEP022>MSm%>L&rb_CrZ}XF=lR1gh$)aTHq$#1g{8f{xuec=5 zsnzT0ubN)H7VMp8T5n0uMh+lkN+k+!XUih2Timh=;B9PK)bd!Vg!UnUpyo2gf|_ zVj)w^Q=5`34QbScErcq$DT}lEGp%x!n1fkir6##G%#~7>)Kibn9$+UptK!Dob={8l zYsqRAX~@nTefx;0rj)Kj$8w3K?*~b)9y1qge-_he=pU#23f%g__y%HR6TSlML>>vI zm-+iJLZKlPXuu!x4?2;_HRiv9+?y2K21ftoGO{wlZjXau8Wf(g zg~+=pC%f%ETEWR*YI8Q#6qt`mmD{2G>DnsjzL&EDzG<_yZ+wI_R4{0T&&szeA#_d^ zggVULdo6^eQQINp5{$67qUcoi+=>pXod(PP`X2R}PPcznMdmU&5EVieWj<`azbODE zxp9Tehh>{=i&2~6Uvr0TaXk0{q+duw3>pV12rGDH_a!=}VJxy5J%-jQtz@|>TXI{> z)RYNpnyE43-qlPi6RjG7Yo=PG8f-D!dPU&MYCwd#vXQabDWg_v*R0W7pwDa2=GE!) z=Hc)_tL!fI&TKaG8kL>C5gL7;q#vES_xJYX6K_VRQOiEIwzjrjJbw=V-P+nJ|99)@_SV1kpFV%O z^X%EPt*6`nwza+e;`!5mBU^VoclhNZqv^kG-MFvvj`!Sq)^Rp< zqvzdg7EK9ILg$jrBTwnEB)xHx9x2`Z0jX|E9`$b zTEr3zV8Q->+JC-X+W$|t`!62$|9$+-z0LBLC2R87toUNOlBO$R+g_SwM?DFyWBa4k zc%zXub=_U-H27UU)rL&5z-nYP#S09?r0c< zmaM%f3-1tFZKY+0z$)a`P|DjOEt{}D_euBgtNX1W|7C2NL^NZfcl7S;;MB`LWb^x2 zApbqvc~QRqJ$v?|{~-U}$M0QCMqw&4645;NC!6|y2ToNPy<|kNE0)rTOv5H?yo^a{$2#tcofEKPYTyw2~x zcS$%R>|ezD32zz5Og&o-R4Btfed=_y5?(A)FP(8RRxz6IPu^5CdYdH8V|Y8_QN*vo zcEYDq3KdF$;evAO=-vLo`Qh=)uh!+=)z2brNbH93h?9?GoU(+h`81;uAFq**gkE2g z$5Wd5ll8B*Hc4;&m#ywM|NOnb`SjC&dmFz${Z#zBw?Te~2-u8>d?>PXoybp4PS18v z&Nj)(n}eet&R&y^Pmec>5&d}hYWHaO90qp$?&QoGnw+q>@=3QVPa2U>pON2xC*BE* zm|UqN^YqgvvQ~aWK7HyI`(B-EYoyD`<6i}j6Pit4{_cr{`JNnz_~n1C|8Fm&>6m2_ z^)Fwp;V0cZT-*4k7po;vgZC$#OtLHygI@0|h1J1V<;iq_CRiMhPoG+nN1^hZLm#G5 zK_LI&Iq_*6^Gs7lm=T_5A`C$1Z`DVjaR4-}0xy&~n8xHV9;folJsxK%k0O=N1bUX> zY~RGQ21=A;b?6YtPot{UA`PDJY;7+f;tG@u-T7}}(=||9q zs`#$*QN7+oe$i3LEpZ`<$2pURYz*K>Q|O8C#FxkiADTb~TgFKabxnCb#!oKl2Xlc| zD^KAe63iK1E?9{#M0^~^y~GMRt+hk8nhKC^8d(s z%4k3%tb2nT7fhtGrP!z}qn^o`j#mp>#;Zxfl2RFs$1Lz{u(x)bx{>^U&cykIMF~rV zmnDtb;6?i1XZ^DNcW3L__JjO?AHUy!?>!+`;dB5N)lnF+Y?iQ>Q;8OT!Up6?52(2J zq;qKJ{{Z53Ridh;+$f_kW@ODh9!lv$NcYpHj{8h*LDYzdneem7s9E5=tUYri02MH8 zdBc4AG-&fhM#pk5SsH7t0JpxzriFGKzfcm%fc&!78-{UDOx8BZTGyBVkAo-OYjQR9 zru4)4lqTn(>VCPsv)zC8jQsuYL>_kCkUZ}F|I3X?FL+FPEc1H^$dkN4egfz9<4W_F z1ff1A-+fp6oiiSBO_Kz6`^$c19L3AUgRlYBcD?pbD-0ddi+xZE-y&>VDGp0#mb+l! z0jM-}p5+Di>60NBxuzxn{0pU;>17b6q??dlF4CTu(3JI@G4v!NdQyZFav}T)zm7@w zg!H$zwg&S5=70I`#Gg!gK=Seb{4l>|n-MIrxJ3CYzLnGp+Csf-5*&O3H5?%=-~7Ja zgVmgcZF!Doq~{0L^T2vE>(ONNxliKH^Shb+*FyMPDF5}JKYQLU$$!tE?mXy!@8u_X zXYWa8P52W}xzen;88*~Y62_(+6JDikj~w}l$Wj`{SqJ_7Lt(yDUZkgzs|TtKX`W)T zM@2xLCq3ZGHY<0ABwrd=pS8ZX?QN}c3d^8F_khN|B%*>>r z>ypF8;c&V?qz9L4cwQ*sN>0l?SnP{?;~UR7+pEEVR%}Gpe*f<^dD#~Ky*41f|M%M8 z^dIt}{1YF2`t)h74e)gh_HSbFH!<%MZ8n|L#3%$llHtxX7W*6KuL33dQf|-5!kB%1 zH)2NbNoP-~lgtW_@+g{-f8{g^M`P1Q{~O4o3u^GFycO z^BaXM3NQcwtg|{{UMR@=aE8gXj!tD;2%$-szfnV>t^^_n>k{f$(AVH)dy4IrkoGsx z{hM&TW7bLq1+AIW-9T^v;RS3bN$jF)=5H`J>LkU7BW~M!ONy0cI>zeBN4ceg+x;6?>(=e7$Xb|+tdJtY& zz_*KL;fRbgY+StW8iCf3P_R~dZ=~Ud#u8$gc5BE;UGG@QpoKY~7vWO#DhW^7@jVrP z{rm4kYaE)zS&w}BwAP7PcFogEZ^A`3AX^^%uM>m}?g8b8hmPcmX|=@^mdbsmx37(#{B zlOjl*@R+;_W8VHPgT{C&CVloJqaU5 zL>5L7CV$X~x}NZe>70VPuP`QT%F;0mz~^xgLb#?J^C{ny7zEcfITv?=a%LEF&GXbv zmG5;P4LQ$5meRySFWK{m`yh_ z2=cXrpnl{uqbX+7ZOrm|s)fFNHsytW35Zz3={zDo@17hT9{n&NDZ2^z4Ut?y zGGr0I)+NekJSStWa%PzfG98|<7;X3G#;-z%$Sd}6!lph;vvWD+1PmIwVUG#e(FvQj zgLBDd&0xBhY}OuBmP(Eq_*B$EOgYcGK5Yq(#Uq~j>|C-=$(_!xSQ?I0eHQIs-UMcn zWr=6}_ksN9HoX}-HHe#GQbV~J5`p!c=dqw8b{?=Pm-9lr$)lqY75JT!9nK|RG4H}S zU?1jvnr9RLHxHax&Vv|*tG%O_mtlIj`R@HoR3~h{(|^2qnK6-VlD(G!>ohm!f>2y~*(7CR!lU546q*7QI;9^ZyQk5) zGGc3S;c3C-4&vYzSX}ke<^lng166T7Ml|!tyEvMed|ME~yHNI(pfn_u+VsC9naQ`i z*1wDBd-M!H^(QRIqc9#Hj$>{fAADdw)G5*-B@zxMa^mS3OQ$B*q)Wh$^Wa00G9k(d z6)xFqK!z-%-le%=dLi$bz&-qNs29uA0XdAznG;HBS23))!Q_mx-9F7I(psu4%s{## zpZ0te!T9^{#HZO@HwQQ3Nwdm!HwN;NhzZ?(z9aJK91FQpQ{G^xtM#icrAzhO_JUh_ zZihV0^MtGhi8jyWa~taJ=yxOgFVi~du9Z!%8W+C6{`>Srzij_~@#4Y$dp|##gvNeK zlSK5c`kl)#4hCf3ENREi4+EKD6nmseGWXVN-=Wd82JR~fk0EH(`Lbd?@$?rds@Vn= zuX)peM{J;MLD+|+S!{2q_*Cl&OT)~#_Goyz)(JGiTX&1$iG)GXz9O=-(fP-)UBxt^ zBcTpAL?@hSZ!G*Shha6pRZv`m!&ZoDu{`qHo3XKy15kE6;ZXSMeG<@&=_M?ln21vP z;WSU>0Q$v~_p#AS;PYu1pD-HCPMN%~ivf9#(Xim`zt3nO?|0_qH(OgBVsN7HUP^xi zaR#)Mr|I|KNf`T49@HG679NSdFRGYfD6$;!JRryP5(K+l!(>U9yi%;!etM`_?^+q; z;r@WEJ%91^MfY&~X;&3Ib6OOx5Eyi<8$=FKtw>g@5mqf}E!d(n#a$HSt(Wrx{Op#K*HArQEyb%DnoT z?k00o6mjaXANyCsitOKt^i%v+qa+Jqbu?A{S`&}G1PjQ>sL7Y61i?pHTS`b$He%^Y zq|hbTOfrswT^7Bmp5!H}yq*sA)DzDG?c4_KIB{LB_folhoav?X!nx)eDP-LD zYP#Np(I}ggSRk0ywyo}UN3R(TtR*c|?rxq?NvgjWoW#U@l=u+k(xwC#7Y~p_~N7hdI&{X(#S{h zubgMB#FruQ%+etJB(H^6&7-v1$Tgf>9lHTqKYA8lRr&G3o88m1!@bjk-IKl7=kHGs zPL6ip9#rD6F3ZP}q51DqUJ@jbdH={}Cu~&SOqG+W99~2c@;khg-jG}ZtDo)S;WA~@s^LNK*r&XwH-T$15MP#Wn znvqYRNcTUdAC_ppRvFLU_dlG!+C4qkKRl@pr^$e93E8PDikS2Jxb8GCC%L@UI|4b+ zxX+^jIoms)1MO)IG-EYg2(KI>=OUsI7A!z^(43MgDj%X+z2T!K3%s420KRwMd$Va| zK@|BA;Z+-{J+w?Ng7O4P&Wy{>Bo4E(KV(&+RE3OMq8*{UrAb|}h}PGdZY^x0T@&B( zfDOpgo#)QWFk{miK?V7QEl*bD6cmx_+ceV3EzPt7cm6~aV{nPgnZ+DpwBSU1{Os3l zPvr~`nP>o4ZFi?+E1a^)_Oqk%$ZX;LZ89h=6BGKbHm(SUsH&e1j)hx|gl z@Jx?Dxr#u}+u{ZdPtoPBNMza~TS9{yf$9s~@KTm=P)|(btY-=^DNTeO_J#>;Z*zLZ zRIK@#Ip6#AiWBEfCs;g0kFr7tm0P5I3Ju6dG+tyh%LRFfDH8P-VsXGyIUd0y1`b)| zrQEghpY?6vBJ`5@^V&po#`8>rJEmF2()bNLoclq7Ey+vr%in_E4^Q8Hy|dN-^v_@Z z)_tDH|KEP@|K9gL{geD{O4Cc0{%!iV7)!^doM&(Nc+65SVpl98FComh{7!d#!bYa= zl#Q(Ud~P=S#r|%3{!7~KN+M;WJQA$7F31A^kDaZj&&vKEJ6l^1=l^~Dn*Bdc)uNuV z+i?I{aMYGUJeT$UFu7#z!1tqWXxj7RemyvvkkkTA6-2edMh*@cr!9Oqz^Oju@#|1z zJe|D>r(rfAPdi|Ld`n|GW>Xet+URghQyN7qDl(iOwL^R>XPW?>F>P0y8@hbdIeGro z-9DPBv4+@Mk?3vth1|W%2h9D!;p4_e`*}2Ep{q(wHZEJxRq<;@K&_lTYG~lW)x-Y% zC8@@BR%o!9kHilt&l6=5fA9(U!}^4*{QYW|JN6`dw883<(*vp~&*4FZJ>wCAA{~@j0rIUTBEV4J!Fx!LBO}i?(vtdAv z8oGLd{ZUNz<fOpO z>MPDa{g#GZ?;=;zXZe=EM7NBnZgS;Ufmd!LU#92C%IWttvxFr$(^etOGf`HsRyM+I z=_VKH3s+Gg+;;4lvw!3rd%Xp&>noaWkahMiEcSB)7}gZpFTPzZ)w+9EYN#&Q$92$@ zz+E1fyL}%$BDo0TF$r)=SY$}e3F{H*9BVf4PR*We>Y{cs8tB^E&F57a111@H3mHKy zW^lr2@N*hw>|N|@HeGWGth-L>D!pyjLEb2=ao*ge?BVwX{cddk*Lm@}x>nn=`5(6W zThDeX`5#_9*#Gb4SL^?$PP*GL`!BHi*C$(Sb+n>(9|3e0iUO-y{_BUQ4|Ozzn`(s> zZ-86$j+lcd7Y#;})2-FgloXXkp~y-@N0IZnsr2D@SHGL`e@lzd=mWlh|381eQ|A9W z&!0c|f8WdR4*kC!rPiO^2i#GnY2RJ)=zkcCANspO;@B=z|A2y4T}IaaJO1UX^?+t< z(RQ#(5a99*axLPw+KhvCn#bo~A6$ zdZRF6-GHHTou|T^WLkfQU6F1~cAh_fx^r7SPU(j(CJ*oOQ8$~&dDV5BlV@As?6g5r zMgOO;?TP>zx&?CTwBIzxzz#72pef7J8txvs8>(Rl{{-+-KJ@~Y?0`1OQ z*|$8v@(xRbMUBiYqM@S)>gOWk({ua=lJSa{U#&-Cxz08WJlHhYz!O_pHb(Yf^zQ6n& zI~nE~Vc-<0Y6lqb8lKyW{1TcutUVVj-E^h{1wc5@2#c@6l*dyRXWc8BhIAO|=;23Z zN)=#QT=~F!(o@cBj#Nn2zWU#qbU(M$U;J)*|3k&Y{0N{$@jw0NrTgF0t^Ur7hx^}s z{QfZUKVP&a@P4C!no+ex9FT>sRyb*n(rFq_i#VNfCh>cVIeLf&y7g$Fc~n_Tbbqpl zAT|HLSWM6|<+-XLELvJyOiXnU3<<5(&`|9MK!~b?x&{R~t<}@hnjwdU5kj>z@em_q z{~oC5A!2BWLH6 zdlTpJs?_o)_aHa*^mD;df!U}JXRrQ0_Wr%eQ5;(o#s9B}-*@2T?%(dpInFG=>FRRr z+i@aogKg5rX`VJSb9w|Q4Msc)@N=JiKl=?yfbkv}uXt`>^yf1fb^YWwVc6p0s7(|bUU6MP8V}tTn+mY8undehsJI`Q;^l|G{H=Xhl5V$nr>qI zZPw=7nX_xh^O+ovB026Z;-%9U_fFGYJK+@1@o_llcurGpjt5fE4aLAV(Q2}Y7X>^Y zhu!H8s?+V*S4>s29#mw>T9iyo(dt`*3vT%Ht}LOkk)qJ*pqp>_luF*@vJ_V*o*jK*rf2-O)0=QocNu?<{5VH^I<1G+*&lhB#%C8p-h3a)ebqGINtS%X}L_ zCXb7>e60NE9wdboOz))prO1uXy)<4eJO&i*1}67FUd9YEnmUj73FOc%GH#1mFOFK^ z=Ljjc%zcs58^B#w#UotCk7%ZGG4sYph_NB##EB1G29&e=Q8D8`Uhz+7A1+|2%EzWK z{eyA+l%z-O@N(icOjF;bcq(kcVz#3-&>j3X0P;9SSp^1gLqEFBynj^dO;-_<$HlA} z%vTA4<{y{#{2!ENZW%F7nJ`W<&^hoClfm=7eu_`X$&H;=2qT(L_qmwyeOXI(nC^Dr z=ibV`_2Umuae7?;apT5L_JRE848=EOaUZVf$i?_wk$L|Vr%b-e zVQuo~ru4IH1+xz=n%ym^zjQ~sstL+3x-$B?9P#y>lh0KE3=g3QJ@w}wF5kiU`G;pN zBxH)}!T(8*!o|`GEhUu|dCa5`INr%dRPnak+glm{bXF;1Ze~nh(3l^N7suQL%+1Xc z@To(5%)+bUIQXFbr{ z8SYVykdu6UMdT|rLSF$%9gw1GsMY#aMn0}2I;p<;?MttIpSr6{`1|gvtE%LxR&Vv4 z#a3m7RdE#F!$k@c=Eh;J{`dRazx>9U zB^@dy(FMA#?eEpEPp<5n$h8k6h?U`JQ3XxjNUm2OilENt58!VMQ3~%@d3>{=BSQDW zfcdfh{kN!w0{X|-k!$(R+exo{qadi_{^s)A=Lv&cF87;|M!_qeSEe3Qn1GaWlp+nC ziJzEL)1%sWS;f0~upO7?qjQ{vNty(0{fg^$+^_)%^d<*nX}9*emhhk6i2Y{>P6$ z-Thhr{kwer^FL1t*ed3V57^{{!O}FL)3~nqLqj!UuqTHN4GuJr#)BL!uGmkpdC zetN1EHGf0V@_*+#Q0KD-URJw^}#oGysV8?aqn*#i$}zDnBoO=U#yql4BP>#%XC8&^Bh}mvqR3&^f

jfi{I>SiRZCQ4OaU5rMo4LRWfYy+>o3o@^aDNg1>Op1kA|8?_Q}DD*%IAni-GZ zJ#WTUL-Cupr5GeC-h9D2dIf}Pb511tALsUrqD0k;v$7uc=CpwKMc)3F&nx_&=lIk7 z?=O z^e}%#1@_DG?651hUn9s~^(4M3w+^!AZKb^@c>S&t-#3nR%!0pSz|&gTLau#nx$kSE zo*31~hTYef{4!2e^Lx(nt8u@l&iAVpbOgg$t#7T)cMPK4yR#bK)B4`G*7lylSgY~< zv&8og{P`~X?>UeAiN^4n{l~J+)B3L_|7ZO7cllgsQu9Lm=vR#Ne0AaQ*R*~_uQcC& zUcA2=SA0XT@KqsC4ZY*$s&om|>$l9}sHzydJ^khRwVdqP&<=Yx5Q1uXmjhw{Y!dwQ z^H2PI7yqXrjT;vxDBgwexjO(~ssFv>`JYbvKQ#G2{eQp9=lS~|deyG}9@jq<(Xns8 z{(%ngt7QIMa134s@1Jx1!}F;6it8V0=z0@QE?(wPKyrM2L-vM?8weDKZ%Q7h@IIF_1kZQTrRb`lmPzkGos`;aj#d@4r`}zy8f~x4x;3`-LudT@p*dUtova=Q-e-T*(pf!Ph_JU5sIvwFb&wKT2B&%ZKP>+r@&!q&H^ zY`xgV{gp=U&!=vkByT;NzNL(ghAUETE>_`RjA?zYf>FoQ6q!9$df1!Not{g0dO7Fm ztJ0oc$q#$3E$N%`!p`%Y&hSwsg8ggbqsj#PYJAi)z%JqAkaPKC=Ka`Ue!OvhZ2WjM z_Fw2_kTYp=ASRU_=ErXhWoGoIGV(R0Og*Z zqO+zE%IL!{Md8;6`qc58aGO9Uhpw8ZKmYBD-o5-w{PYWELB9|d^tY?$IfzT|w>l_y zM`P2L5T8$P7(KLt_y<<){_%Il1U{(+I=^2RPe7uu8B^$ZKEho2_V(&OPR68dATrYO zfi{D<37IC#{7@l>xmhtkoE+uPKb+7q^M4pp;QB)iGpAG0QdrXI0&gID^~?pSL<{qy z{E1X7m8-qnOQ*I{53C`%aB>-whBUbc%g1j27M(4eVeAxw;PmS!|MZ)pamMl2ZXCh- zH$VQpGA^D=LO#*k&IMC(dR`GmM^F9X?hwI3rGM5N+3_I8&_L53)uUf%;@bz1Bp*)D z$5fdRt&i;SMND{(0R--mvT(c?_p98CQ-4qFgfqe@7+VKqzVob4(8j-lRqmZA>95~4 zQgX?&OGfI$JbUZOpBQ{224A~7<7CzKLwd8S-5vZ*cV~QUDlwh+!!udKIm*6ipbt69 zYKQXM@2xr5>ECfv&2xi%_uVvS1Ap6XG|vz775C4)^}d&r!&ttq2qWQM6@I}&mN_5b zB^&>D&Zqw_CI1KLsq@d?%JTZ{2(Q;AJdpXH zuTJ=yTNN&k^_*$*Y(2i@zJ*Sx~Y-*92X8w(Q-4F9B1?jCKxF8ebk`FnkSjriYd zJ>Xx-|7bQ@_B8*4zxy-(_q%+)qksF`c+5Yia^U#@#rIbZlqf0YAf4JB-q^XJu^WXg z&o=ds!|pJEoFr<3(a~AsNee_-nXx%ArF>*6{#@k{*l{T^CC?58zZ=QOi7e#!t=MkL z?8LwK$KByWHEz^dJJIyxu&49mp77B1Wx+Bn&o#H~P$;^JtDU9Iw?bgLoD+&HFx#tP z- mS<&=f)@$Uo3=F&6}CsU(6of@)cux(Wtun(5G^_-@X%$qWr&!i>jwszJ`sxpY!J777fKk zuJ^?y*aeFzJ6}xv`vn*%tTPyY9PQdox9O~^b?jP8d)JO!69tyqMz-HB>1!?fcif1V z*LG+nR@2x4vlWeIO6KfZvD@de8vX4ZezPj)w|eoy9Y~x2IY7q0HBI)`OyaHCaOE`R zY!u?>m2yAP#J^v=GkG^^%JFIPA7L zr#W0ZyyrQgz6Lz<=Vr^RVBfV_doZSBg*k%L_`z;=kR2+C(^Pgg*FNlz+RE|y0L4Dd zo59h#q(MGXb*ZBT;*(|=V?#i?qPIF)AX`t<~$mb&ee~jG=#{bo&#I57azj}8enexhm zD7?+Q4_+JxSDzX3O12`UYv&K#xDde{-Xz2!c=eefUy{e63*BE$5?!5%qN}$Ejk@T$ zx-5IHPI>PY%m|*YDoIjiAAYXb)cw&nG^pgK(Cw{KKU%1c2i+C&qs4F$#nsnB*>L&b zlEq`Gh1}3!8Xmd4NoKOJO;Sj21Uk;SBCdEF=HT|YGUe!|fBcCPm;x-9m|=9DX>-;# z288a%yRS%pyqrP!>!&?_Q+vACf%_Fw8~3=A@T=9GSd8PiV)#5*%+W#!q{8Rt? zJwCtH{k=56`^RnJ{H8m5bClgW7{Zat<|CEsD!MCaey67xlCJ8OG-X9yA-}PCH{c{y zH(DT&d()XDO<7q{1lg1Oa!>2#T^lK1rh2Pu@%a|?^F-OB=2(zA`b_Rmb){nmoZ>Xy zo^Bw)K%%0sMpF%(2g6K6P3Jl`>vqP5Ax?R>sfeRQ-PmgS zkTnHGS2ROb1mjK%6A=oWKAk1961L}xs7UfOp})#kQ)ix_ z2;yiOx)URiIyTF7#{F&25EW5nxsFvl-wnj3%St1H0~1Lut0<wG^J^c4H5Fh3S>KNK^XY)w0HPlxI!-r8*41n0_x=RJj_3dQ5 z?`(~|)UiS?aU+x)Gc>lB(>q)9SY>7`p-v17&OBK+4aL@#z8n~lB}kqY1b0ecDN{bzA2=Dwnj%AF^3Lr<-1(d}9@Mb)u^VptI@|VizBRGJ>25L;hfXL(P@k{$D4Cl5fCB&_bVrKPH) zvC(rkdf;&y&+hcTJcnk!mzP$iBV{-l$bDyTJ&d@H>T2SHITL}(2Ya)>;m3iqw(gVd z)RZ>v;67D%ZDjPfb1O1tazEQTORuYRa|C5nv;T(B8MMQl= zw<1HgkYS4Bxhcsb-r05|xhW&Go;Jm)H4`6zzF6zLv(Y2@LGK%yv$U*nuk#Ubow*W7 zx+@xcqkp$^XTzO|+_^PNd_@#heTj5+Fy#$nzSl$cLG5!o=p$V<^X8P3!IblQ=FHve zJ*5dFx2JLArY5>`r`O?BByF^yEtvhRX=zsC`1u#7C(dM(Yt4i4-t2Qjo&9uYOcQe) zc^}Ql+DrqZHCI1vWKGfmE2ZX45%j$%S*-hDa}odpF&g*gyc~*OtS}iv)R7$?wUnl} zQFraN-II3OAjzzryy`~M257^z*0)x&nymq6m^Lydj^Itqp10EUTy;!ur)r921npeo zjhV5OzW{NXTDsA-Os_ZR#3|s7roC5MaAsta-u(ka!d^kB>l#weZixcY1T)oapgZ=}R+rFZ;IP&Znj;PXn=|%v?b?(1XgifogjEoNaY<-55`i z*irg!r0P;fF@#MQ&F>!eUN&Xj0W`(XS{kw@$gw#~;_)oWM=Uqhn)=Q*1>Oi+Jv;og z(G6pw`q|ywuq@T&c2m;>hH3STfs%~P7IIAC!RE&6iMip`z7^X8sb?)W zUR(m!3UnV17l@v;yatQzD&(l zceIxTSreKvn|#qiCp9!n8;4uP+ROT6AhT0m*3G`aPWOuXu=f%>aX%l< zO<`wq3F?N{aH<(|gXIw55>7KYUk&ns#(Pauv-WCeOs5f=&v`=teKEJfjJJe#pa#-R z>AATkpxD@pU#3lE3IuCCN1czle)piVp5^lGnG&>?4nO2%%{9k?D_f>(>OIkSdvY-D zx0_nf-a9&4nL)Ceb_?ug!tZ0@3O_yr){aY>by3#aJX;yE)vMfwR#~6c~X! z8msM%C0dzoN;|_eEY+|QsC!E{2%2uwT^W6E2|_NKvjVF}Xa;7TvBkG0nmN6LGijv_ zWVMUjDd6+iFMj?Yj*Kt1nQtIk?5%<2f!=&43tVh1 zJ4?6}Sl2+h5~7hR7=4+wKF&=;l$$y~=jFiQw{yiQUkYBRMHT&BE(4-uqd$t?2d`)lXDl2ZmQr-ds#iM;^tp$cZ<)(Yk z6jEDnO*G9A#xqYbG}qJwotw<0?Zo6vyC?6*k+V?@BQ$1O^OD;8*? z2Td1K+YmFC=VVQorkc*)P0b{AXTjF)S%KC^#@tYJYcFuxUgqqku(tPBU_=IRc&>?Y z0D7G-?jq?cp|YRvC0|COs+k-=(c1yo8yz!n$GX;GbryAjDT)S%JezGjx-+axj#;RA zA7QYS9Nyc{4VjmNByeWIooskPcd7F-LaZAFds)pxcWLw$gypHILNs5iQPKmvxSr3@ zqrzIc(@$1*e;dd>#TfCecxrfS-E4_U&loyv{;195oztH`XaT#?B5yV|rBt7ZBM_pM z#kXeqUL09Md!U%oUhXFod0_P|t&^A$;taht9EaSa+mm%eP#yuR1hy#cb-{~dv9mFz zajGCsxBa%RoAOLIk?aP>?qS!~EK%5vXYypcG%|bON{S#VQytp?s5jN++~v2bF0{Tl z-CPBt%(^{kIal+Q!AWU%X~?G8HbG=4BeosP18E5Oq;E%3WFR-5YVH6AZQY)smfMp* zYJ&vmVbW0|VK)&Z-wxWm%X*rjqtp)Dg53SIwfmnQv~IiO3iH&CtOuLTW1Bbh$v{Xa zruS$D?$%r?qON8s;IV9Jd9MCxqb)@aM8l1>x4x*td~5Y(W6CChA$CGD_>_W8vUPaT z*ZX4A5rPpEGo3eP_Dtb5t}`F&ZO!O;>NMms zy>EE>%p1y_H3U6x?KT&Cy@v#4AS*D)O_kj|I7UY?^>}CLa>v;lBQ@lDmM-q>nb%Wv z(SZ7)_%Sj3yNwWMb$)S;~FRhL9%wI@mghb-|0`& zho-P~dAB*@TVs1RZH;+@o9GHK#U#~qiPO~f7WBnvB1nqMOFbprH1$ACR9#VR-IC_b z#ZKXkk6K^sbdk7mxXyU0a~sW&ICmd3Wl_n^e%rJ{DRoW6gI#-KnB%BHVNA2!K!#G}|4psv>c zlqx-mhf8A*dWH`SiPc5fu*F0-bfj5Y=TQlal_4gXqq&b0L)j|)R&$!e9Tb&J9Z22j z5*bRE_}#!=yWyv`!aL~$r*AFOn@t7|Z-n_sVY3z##XGQ6dKSO^=!zXy6FWd{PWO|U z7r`iKs;1IW2U0Q*+`X%dO-GYFjgKDyGMZ{%oa?MCYP=`|HCL5pyi*KvM!Qo(6cpBd zm~x6VZc1HCyx+S6Y2XYxQ`eN2ni#Wcm=Ay{1&*Jst>tuWP7`Y$ZhL@}SqV_njHwbxy__bKg+GOp+{}^XAJ=^MTjbs_yN^ytf?f4Q;M-BRfjQj| zy`3p~dsUE!#w=M`eQ#`W!h;pblHC*sK$Lo#VU4Z5!Ojgyw+5)A>S*AG;&yIM*K&lG z?jC)yL#5+{NCKv_cSFU}wdoF+?ou8&8`sQtDu1^hZIaa94|&s+9`vR+P-k*7*Tn6Z zRrX`8v!3XRAe)j8OmC*o<{R0ZZ`G#0HbiA)@25?tso&Xro3r*(U!93S-($N`-*=I| zf#y~Q<~9Y(VN0LguOFHn^w5-M3i2LD&3hiO+fbe*bB7OD&=2^DAj_`iX=>jZS%J95 z_LZ(HJv+E-DNUs}87v+gWISq|wRQLNyHT@~Ycm(kS$S-TmI`Jl)Op#^(VTU;1#c|n zp(z^jwAoRurnA>VF;RP+Y-(6rMYIHH=J~Yg?%n%j3iVdcow+^TP(0UfKg?05<3{qA zv93H?f|RMD>zlgwU`67Ci=@554)=!No@jv^S>5(>EP5jJ+bzuZ=OLOo17qF|T+v(_ zvDxR4yjN7GDS4V`0NW5(Qy$I6k)%KDWeFJW5OCw2Y0jHi_nGh7T}z+y6G0NxFd1rl zaiW@B0`zIq6s8ZbKVMJvX-gFiUE6oM(EQZY0;{jjyot(LNDtkeA|#pP S9z8z^?V=D_XAdso)_ za-^!C9%MZcw7xZWSXpuXY%>nH>7+lsvxMm#(B&@=thJjXIi2!e(;A4L&UMzXp9hZ4 zHm6HBuncctY2&8V7yBBDd4+AO@_nK>JU3Eio#}ij=33B}K+}zlfpGW0a)}no4|b@S zZqJ&V;<%-Aa%2l~;QIO6;sxIBZ^OAMwXD6|1VXE$AZ0o=+gUeEGz%r67Ku&AKuf4~ z_<3j~iYWPp=#J!29vNyLf(SiMO?hPX6J^9ovdp_*l%$$TjD_K)LZvjJ3T^^|xYwgC(`v(xlyt-7r z7=dEhA-mN?`HQmDH&*C9!f3oPf<$%qXlR(Nofd5PQ8UpMLF8OLZW{fqy?w<&(n`W%>; z7N-q5p&@qoDT`9g^kM_^0DZBu11VDa!>!e~LY-|zFx=d^nxugKrw0(^`9zbHDeFl< zvlN3>R14c@J=D=>NdN}^&40(`rO)~*gSHITm1^zBj(CC;50hQUdZ zth-HTri>g>G&P|Gw51f7Xu5H_?VS?{O?QAKD{OEdJU~rm0n2h=>8=z_vgT38 zboxSTqM=MTBuO(xf2;+2O*6LYe!6v*;&|M2A9T)X83TPYYAV^3M|b+t3fw^Y;_Ast zUnFyRmvN>b?A+Oy0~%7Crm$6oIF)DmMm83l*>5XTzdf=X^}fHI3sfUs54!n z$T2!CWgw5{Mx46FJk@x8*A4T&%Ua=-l_jUCWKeGh z6I#gS=j-`iHWZdKEkP9Yy}Q%{PchBBIW@Db!ehJb)58>b^Ra1Vwy1nG2hLtwO27$Q zGq}9xtZ2c3U^}zIcJonV9|}K*s0Gu7E=rOSh`OS7Mv4(opUE`-`JWxtd;8}b;=i{Z zM4?aeklr@OEBSwH>#YB0ll$q<{J-Dj^KZ-}$a9!R8I#8h-Bo7e!HBU}K63qN!6d*5 zzyfBs@BWR^JU?TyRYDSjnaqO-F$)yiG_}l+77Zqa2;}}6l9nE|??L3g`!^VM{Fj3N?$+L?AIN{pFTBME{GamAY#n_#3}gc*SS8Gpk6`xhFSpqydH0uF z8wBtEa+`jW#!Kkr?{0k;f)Dh$G+w@Q);BaI_K%Y> z{0--SH0%npD!hG;m(M@{vDrMW|KQoypXdK~`Dh+wFh8fc7L1=U$ai3rL6=!YE=);# zs`~^u9%T4iw*2+>ol2QNok1`lg^cTGdFtD%ygq`TGAYaw=n%$GjFH{Gd-v|FCC}NX zn0!QEdg=Khkp;uqU?dQ&K)Pdimc4uSB`?pD&mTT)Hk(^Orn!yN#fK8U4+J_*P{t~A zFZY=4MD7i>;Y3y$aiTD~Dl`~HcvL1my^FtYkf(Y>Ra1r?9e+ax;BJ{7B-y=w9N|UN zxvz>9T``#l5Mn|IB7*H4reQ|XRh>9;>06|E+A4#Xy%w!s{WxkAL*ZvDykiW2jB)Xl z&}Hl$qe6!c!ZEp*#;b+Lw3+yc$uTo`V`oKLcb~u&r)PjUak5J>S772z1XCtX85re$ zzGFbqWr@sJjC1LY+yjKh7Ac4b>Ewrgi?z?5COV@SA)N$H0u!2P>fVONCg!chfa9Qh%r4N$tq3a z3}y$cRvTXK(N!_Z66k6wfGu;uf3b;Z1oQ}VC$ z>bkz`AR;(f`|b*ll`?huCX>i6AHgOsdhzTFUly*1*epD`_Isg=P#j--+LZ)glUXywS zu{1C@#RTYpf|NkT7fS9H#kudmioF$mr(HZZW-ED)WedSj32iaNdk`^j3&I3J{35xG zs(6tK-ULRjzh!KQ;?4B|3q6?nYpP~rgk)Ez6oBWrjDuqJ#YhwfCEzx|f*)(=amu)O z4ov-N98z9|ry|>h&%(y@9k0d=pzG&xijR8=>5W=hqh1WuU?2i^oR)vZX}Qhy(^Qqe zBq_{bloRX&X5+<(9112*{e>R^bYaiW`Ekjoo{o-xgE>WCfjvykWzX;p`JNyqg(2{( z^9d7>5=y~%A+s;;Y=;sCVDD@6PT?BFhUU3x2M1+r@sTJie6LI&Vw5Tg8m@AX%F}>T+1L%o~ zpPpA<-X`stt7=VU*$9>Q6gG2UE1b5krFYpx{~9Z0Zjd@-d>#_ z;S>G3T6TE?UsZYP2*ms`Jeid7K*rb*MobDFNI1E@JDTTk2s8L)1*06{X`MJtVk)k& z!dp9jlo9c_OdqRNc-n5Y{8F=G)D;!31+88*W@^W*&Xpl>Jf?;q2D1=*N3}Sj7tG@o z1F(jdzQd^w8ql473Tk*{ZIxx#X>XXy?l={)4v}mAT%D(!+f1h150L2k3 zB%%|CwjWhmJ$1*NyihKPTDXO@&ErDJI|iY5U3}6u0WGg?%OGR)&g#gGa;14>% z30HiH!4a820nZ9k`!J4k*qmLtta3j>qN(N{q^j64C6+2vX^a*pr8G1SXRHu;rB+3y z13sd7_exp;S*ftOAg_q8!mghYJJF@A;O>@DVBIrxOQsIN?!ehjxsVeleyQ6W@uL^C zJhCNNZG^7B3LBJ;utwwOUR+7!W3!ox@Mkz#<6sIAgd9jKgpls?Q;bl&q4K@tU7z1o zcGWdq=_<>a1%?-cN9~OiI)36q%(UvNZ)F|g&)Gr&kq@Vq#D5SmTFzf zC~Ut|r%sAVD2+ou!gNBd$NFtBn8j5jjmN~M`=YokfQ)lIvs0Tng*ot}MyWT~On71) zM7y)a)h4bcJP<^KTvkv?$3{Wj4a^o@i1nsMO_?Ahnjel^u{P?0xB$;7OFh=yDEBPK zAi%jXQD_sG;$>oV(i4~F2f@V@8vN-(kCEnHW2RN@e_{CHt-g{c+OR8JF*)4k1mF1B z6?0&fyEae#bk$hEg_ClIS+ZZXp-R&ekc$b3jd>tCcoD5-fqotR1yduOfi8qBq45^H z)`q!^;fr`B#0GK(L6Bi{s_vyPUOAlB1Yslia|tFWVLafv7DA{~RrVqb|50b=M?_XX z*T)Vh#(z5S87wjv2MKsSew;SWu?$LGujb_{Y=a9}dOA5NM1fetlx|k;`Kfz@7rCqU zCW_M#8_Za-fFQkPG>=+gn17w4xwhX#d7!3r<>UjXX1rnzep=5uOxA?kX(R)+35384I=l%I!SmX#~Ng z69b^jhlzNr7#mVOAYGl(A4SY_af^#6I#?A%Z6(fnssNlgzG_>62PxK32RTj|*T-7x zk(PTwgFm?TE`*HeFtu1w{B!}D#^KmJ5o2-pj44w0&Q(W=jEASLdGihcoJFgSq;REm zJ8?)=X-r2)ZkftbIk5zeHl#(2ogxxIZPkMonB6jZgkYADO@rG6`HqjxUov7XKvMZP zcBfio&6!nmV?FD-I%xWM##2WQRrTz;_xWo~vqH@xVAcqR4nb8{w~Rj0_vJXpFICYS zB46y78fEy{E{J)D#Rvf{TO}~fpbKdr2p@ymmJ}0F?SeW;b9gX`7Ad5Jzbj4%vB)54 zUQ``1!gwo$q;LUJ8do~CJ&IVs$6H1#6_D(fCZ?2nv>Ox7nNyX!77@aTF9K>*eJR5j zAcR>>qsba&4<4rYGfvAZH|fJA(UuT54qm6iOik($00~}1R6hL zT$nkjZx>rp86Ez@Kljg;r>WexLK<8U0Tfd|-7-BtBc>Bf@lz&9FV&f-98)_q=!N?Q&W+;owQ0@z3LDm|~SWvoyds(~h3`aw4 zPDn@`YO8sI;ZgLIlx{F9X+@b}<}uj3{Ohadze&jMH7s)lx>X@;J@wE`taz zkiUSD1FsuZw7YTS%B?&WZj9qRS^2x-7M}TZC2*KjmhmYSbQvwdj0a*ea|KMcvBgc2KVoO5_Sb?EFT_2!w z(2_$t9>6GqDFad(GsjZAlGWJ?<)?-&!RD&sF)R9w9~GNfV((LuQ(LhwQ+h!ck)Cf+(e=)^F) zZV)=e3i_!dt{9_orUQ5FlOX9+k-m{-eu0ECxuF=Io`Ci(bMIi8fU!_=UOe;tK~UEY zg-LEzJU*_c!NM2AZKW3KcyUa?=Pz3irTUW)N?%B}7fh3Sk7F zwSf=oBN;6bszpO8ox2E&5GQW&HD;s-HcH?nn$97La^UC(Pf?8w3ZF2xnfxcppYegG z=bhl@slts5pJ3$DH@q0R7hLBc4GAYImFo(NhvU3T(?hhZ@En6IgDE~fg%h=L?l-n~ zg|cy2&<aMi-w%==y({aED-)Xr!*`2Vyk^y$J+T5@snETx+)BN{6;yNH^Z zl)|_St=jOAvO*%HB_tVs@rvAX3S9>C;43UEjw7E%@(TtNg3Pbt@df6}xNGH}IXF2$ z>UjRTwqSie54ue3nSb+s(7V#RU(P?I1 z;Vn7n>)H9bZvWZI)qjA`x99(>6|IhjFVFFE{(tMIpYGVx`k&UvKkt9|T|SxztF%w( zp12hqfVCrL?ZXXpi9_gfjel`>w<{$D{x%up65%J?3$68trW>@kfODIg*9jCj@|iZ{eE zzEGub2r-mQWq6R+m;GseR4G2CPp+8q1QSUL*FMb@Ixt&%$8<>-VKVHnGbT~+;;YIB zMVwt1-#?zhj~Mv$R0Kflppd8%GmOZ61%-}QLRqf#zVflXw>Z9a(`>Tb4R?24<|Eu< zjFvBv{+I8ozsRld*Prnd!_JuLqIl&pk02m$+*d4t;o7(CEzi7f{nY&FX2>_M%UwDk zp7;|%>Xz81id~u72jPzyH65So>m#s@3cC>hOhi5Y@;)maV+VEV&3L#PK926MuF2jU znX)yiXy9EdGgwL>8BkfNROzTW4NH)zzmfh-YGx{{7C(jH8X~;P`$M{+jun#9xd8A$ z4$QJRWk^qAMvr_9^P{0(T{jrOD8=o*$3H9O&qv?VFDr|z5TW=qmvE3UKmvT~jI7eY zAcl8|+vEi6 z8O$gp zWMTLtx7w2u4jSjBek+RbLJ*WiNA-FXQj36BSf2hPwhElW&a9$%H9)dMg4*!}WJAie zma97=qgQc=!8#qG@*tF&-z{^0`cTC-9BinA$fq{)k!sZ_bb$Eq1x0-0Weo-7r?V0E zPsGf+U_VYAJt5zr*?$L3?m2~{Nw`YeI~qj}?B5Z1wcyJ4BN`qJU#9`M5fV6o9Q^T1RHF&!FO31$Jv9 z`*abFk}@yTAYNj1oDWW=m(fj&H;PItvi;V`P7uC zP)7!+k#&A?+ekL*DFKt&IF=g{&M(Sl^;s&KGaJu-_LCdSy9?K7umLi8~q-&X`nuq_6x;n2H=nB`?R@CLFka z`F0QFzyV2Rr4)m7seCNzMT8Le=;cQ+6pTuXQ%;|Bj-DL*P8wqt$EY4i;bZI{pt(G@ zdjH7WQ+275_V{T5+bl`yXOK~#6Q^$VOQ&$X)a@)YPJ<_G=N?}B%E#Y`(h0f8iRv*u z=#ZMdYFAXO7NuYD=o==zAOpW%N?aJ^f}nW&m_(zyG-#Q^UxdS+HDXUsc`X)RnWL1E zCtiwG@T+GBy($hUjWZSLpj2?JGMJqg1?-N(+(np}WDHP$4zb7%zLJ-~CXp!0Th6gT z;lG5XQW>!ch;9|pq9YX%1}wPGU;d3{_oY?*M&kQ?s)GdoXN%X1isyf8344LkzEQ|N zH`4DSXD@7AC2D&ep1F6|fVge21X!f;Dk(X!P`ETX?v^XxFrlp`q+V&{+r+x!+P5tJ zwFlP_#R(y6Esha2pK5zYDqJ&v5fu!@uM7#d_G2+}$>DsYea@-x{@HK)Vb z07dm?Ue26hhC#EOj>zqh*OZa7kosAfJXg;FplK6NaY_*0E$;%#7&*?dElk;&kmbNe zen!$Fm2yLC&M_jzObp~H~_ng;`pWc8a40y30JqNtF6fMJpqphk|Q_F zTXA`MhMrTJ)O_XoG4sCK@)I;)zx1*U*8T!urSIF`uc?Skj~=XFV<;h75U%#(KsT7I zYdLwJPgFL-cnYb2c84H)H+Cz(3Xu)j!O7$kp9)x{Ao0o?f=W0Oal0kTa_+$$*<%kP z8bHC6O#L0iZ3nSjao|ZG4g@yz*waXGMrSM=Q85B=ymF;AS~`jt73JQT&Y{a(J-5Is z>JxnK=cDdeb?@Y9)^=I2bMTzjJi6z3(eJZsCW9pIlY1p=l_&Bq!_N4ZGCKC;BZwcQ zDqy8CWyfyS)4cAQPpGEc)Z!#n${aoQhg|KWgHK{uB>iF788?nsdMI6aX?^A1o$G3t zp*)N6LQgqpxKUi~DmmcdDqp2Fk9OjMoO*$u{4J#FX;CCqciTQU;Vq+{IC!50jY^ZF zuxVC=CbOa{p;RL-?d6LbS*)X2Monr0Cy3$=g6^WU29Df!DFoC-NN`_i6=yqAD;#@; z-bhHZnxhJ8R>^OtM4!Dv>!%{+ka`23-xRXZaawb8m2S$z$@}WKV4S}Box-v$(>H5g zm-ko0(Y;(m8SA=DUhlMmssPD}Ecc(sZIx{FRp?A%zDlEGcRb0bj8peGhpF5&YGBoB z=MM3^+z%o1l#+6Xs?>&_{;P2u!QG7woPg=C0Kp2pDuWN@Ix(gRo=5jG;j9OH7;mW@ z=kW8JS=NhqXnZ$UBdYa#a82N>RWtb6^DLk)11=>;9nzuxgN$y|(R)L+JGvi|bjmqN zsk|SJ7-9CP2r5mn9F8AHL!nn6?4$wVQ0|WO-cas0n2xS7@^vL+~^pa^nTAhY0iUk6|!o>n-JCypu{F4Q(O2%;E8P#=Y^#%L2V zohm%uEBBf(nllCe!E^NliZ+L$t%$K6a^_3imn2+ta4OSp4|%zm8b~5;jai-~;Fbxt zMM6BODkOCil^^9L4n+!!39RlVSj$Pyv-s<2`(;Ky1GnTF(vX3i zW8YvK4v83Bou8rUt4f_eou?YGRPGDJxH>)A2EHH zhGk0r{VK~-ACRnzAG1ULF@dGZBQN#%m((z-PQb!bRutUUT8tj@PYMML4|)L<3?bgH zbH-ZZQ22p*O=gMT(uaq~&f@R|Y+)fv^rZ3?zZNoX6sB|ze3Vt8owGW=8YvzPMd;p! z=NjaT-kS5=9jv-Mw*bN%Ckc$C-UIWAgkR%m5%)UG9rYpfy*SHhc$#V7@;~A4vV0Xq z5HWYRt&b#|r?Bz)+n=blO!`-&XxR4HX zv&vD%u(#|j$CK}O8HyJ-(Sm6f4`yBhvW(#0nSuNSOlk;uD|hPhebSp8rIn9pnmq<`IFMRHQd=IWpl>9OXA) z0}1W;_;@pS6gNd6!o697H7LJy?G;`NM;7Bpaqd6uZt^%r86NSjK7B0|F!H0-mV*D7 z`fK3qj$H0X3T0h$#JXik_$y+j$AM3^-m1q}4jnIwQM~Yr#ugN8CV^>2D7Tg{kEwD2 zus9~EyhY4?m0{G8b{FKj<)SG_jbLkzCl8{eX!=E*%_O-Prap{l7n2V(`30XNlD?9| z6cou2gty^Wvgh<666J^xwxA0g2Na+35**t|3TJ%&bC#r`=Kz0Vl?XgBga@R?U z0c`>Bw#5|LLPVEFhm45Ig-qC0k#JR0GzlB6jOCI87YQ|&f+)2LbB|UFotQwSK><)s z+Y`GG!JKAB9BK&af7rxy@-qAy;0?;_I5gtJ3+Q?2%jyi#P~7b=rH zInwA3iT1)!8wg6JKVp@RYHy8$miRRaA^q<6R0^pyDw)ZSc}(Hjhns`b>GDs^d+o7% zT}F`(6)fpdHA8j6YcYb-O_0ZopA)^QbUj{3oVaDQ$L=$o(Mf?!p=@Nww%wr;yrSA7 zHi?HTrS|dhBqyab$P2n80qgfP9}h$Y=IfXLs?ut~I`*l#P!>>QQ;)77 zB*LyJ=O#D0lw{}tQhAT!XaUnQaDR+@kYTlp%t2THDl%Og42isy&D(OA!tAIR|ESe_ zC3COK265C9%~p#A%&JB+RpZ-()?3@}9e^#N^%(-+g)3_XdX!tzY9 z9i8QklTE^Ft{YyZwUpKJEil#zaww~y>dH}CcnRoJoWez1Ym)(Ctyv~P>uE#GTHnhC zvx>?Tc<43`T{Ou;6X3fytE9+SruK7HGYhUOU9v!XscvIKwdiX?dd#{IG#G3E+<5VZ zG*7^XsX-Nc|H}%46s>8en+9pWi|y`RQOt++aH^M;S<+OUDmuiKwryQQJK2=C?yY@I zOBg~Bt)75GT>dl@HVt5YsAxW4XVFNXw26#2wX9_~u6r7*y*fDt2RC{O!D-(?kTF+9 zGT0N9+e-U_e!w!)-4QX?N zV{PIk*q9{sskwxA6~);qg`Y{=#25CVL3$k0?!@(x%1(_ncW9wI6h5T|sR?>{k6&?Q zm6USe5oIyWaTa}pNf3xgGat-{8%&m`AcxpQZ7?>B9Ixo;Q*`7dR$$c;gIb}q(F92S ztV};B{K#1bvn;H)j(i?d&N-%P)Lx5&0SEJz??g`mvW$f64|PDrxY%ec{C)3Tat;bE z`~;zE11C7*$E6+p3`_pbgZxrnUKs^?k!nwyf*%s+{hV~9EvWgVm3Q?Xy_AG#_(UdL z3_j39dI)MA+n}e+fk^ha)?^$OZJ#rbu*?k7{;j8(dZd+k)hV@v`$7rO>sWcY&k9I$ z-$9rL5|Ci-S5e6MCKpW~3FC=ho%s5|MX0MNsCst1%zMhN*ausqYGFo1;(;gCbmjBi z$`4)3&ckSgD}p25dEBK0gZ=DjJ228q<`^kJi*D*;KPNa!vL=?I1JbJBu9LzN3aZA{ z7yb15rh{7P21yRBbxpP&@oP<*sE$NB+&~he z#3~+MkqsFl<8lu~^;T#2$D_i*dW)D#;f5C%Os2G(uIe1`Jqm+lf#jIMa1-kSscOQ*K2HZdYO^~i|ZtdRH2OS zC=KP%5HD7;!dm9ii+hDvDQqj#c}RMBD)5^MvO~PNBPTBf+`oVte;*e@N^h z2{al&qtTaNpD%J-Qe|G|**NpDzA(_4x_e(h+ov_ys%WT(=`1TUP-@h|du!Wt7q1)o z=tn$Gz>_$e=WsWMxrC5D4^+e_7L^B0u7k~pYYMTVG<3cjjc7T)x+Y1Fy^l|0FXION1|wE&Dy(8sq>Q%Zl>>`N!0jJb^9w zLfxyuj!U_^Aq&1z%Sy#_H)ik`F6;kvHVe|zxH5tr((AH~Rdpd)LYG;g;V z4FUOp=XnoH&55Gk*+uLztz4pfswt(=sO>w4r~OUL%>TyrWz7c4ur-+asdXLa;*vv* zqUNev>UibL2tUj@v^icn>ue?(E|f;hw6Hr zd5qm)1FqG@(q4!|ePV1h7)1%2#~@;ujiapz0fh#IM>~+Hv%`R|c~Ow(XC^o(Jb)&! zIa-8?$kv%f-VboMfIi$VMoU|=%*HC?g3y-zm>m`@(3Z@K^IR~KFCep8_+ncyxu~jg zfrssw&*lpXT<5jO^GxaglL=^$c{z5APdwRU7g=7;L@g@WLySx_e$^40o&CMWR1egK4P5Y^s=Oq-_S`=D#+n8*xY=qOaarb%j0Hd2^ z^8oJ`V1{D4+*o5!PBQdJUA8B3kMsK(1P2 zzhZ`n1Kn{{R-*gKjh3NK<$yNKx-$QO9cQI4TP|Y(eb6bzkaEXlR4<>Fx z5~uFq+Mo#N&!DDEO0QF7^_1LrMuxkNcu&92YANywBmX zi1`MtrP&ohfFcI1t`q^a`pjphxEzpyaGQ2X@hYpQGf`(_gl#>~#_*!c z?$GcWzd`y|V|qT{3U|=38 zF;cMA@3C@G=Q?G{omyMsmX-77g-uBaeAk#zF>_^g3&yPmM>D3`o$Mln@^8&UX1Q%Vgm3ls(dOkXIoNIrj&+5ylq zFU=~f5Nr&A1tucO<2eP9+K^LD{d6|M8%;pYrCaRLbpk_OYfrlL{18)8vK-+wCAjIvnqodyvd2cFc^rgD znPU67h%s#zYBMX1k$|%76-#d&G!>?9IIidgOlnHAB0U>|57c78^{LuF{p%_E3^A)X zEtxD0?%6`e&$v0E1oaO6o81vAUu!OkNP$hIaLSJcL1wgd&iv>hbnzO9wv8ee8rguZ z89Fn@VQnh`{R^6zgm6&t=C zX&xPr$1V{lHw7mT$&@ zu3q#aKP-5@{Bv#c`OT!m?R9odDM83lLCDq3hIc?cu4^r@h_>V3rbAkRe$@j}CfQ#R zwQ8pOf-xptR7)rG*|a#@q{R-UaL4DR$Gs3CN{z*IMqw{Q4qmB;6GK7uE&vax*h1EB zw7egJUzA1PiK^%0I=ciD@M`xgvW0DB!mVU*t7QGk#u_GJ~e5I}>e(l#2?QB0`or_>4w{C0DSqd`WTFsi}on;Y~v7U}z6N0Sp}!hNV7p)NZ=O z%}nzX4z}s_V9w1txS^%gG9B1VAH36;z$IJv#ZPsxs|{m{25*L}1)KjO`0GjQ*LC>+ z*Qo#S_T}M=*DvE)x@nDpmGvL?51u@J@~Bb&;o#B1xB3sC<STMyCt3U6%P`CSoYi^8sAe8PA&( zxK*_6NI!o37z=zc9+!jjMV5+zCEJF4eTgUy9o^NEPpkJUfT%^%mo)3>TWK0<46DeVCl{yd3eIVty!iJu6c2iOqSf zjyd@S*-qo!gz?sle-pmjRzhqi$8n3>;uFMugNNSx;O)!PckJ-wm_3l6mxZbgV4=sh zUCdMb`Q5t{Bux}4UX?KPsup7>{Ajh%Ls{3OxB(M+ui8F^%{}5W8-u>0w1+W;vN~KN zXUmFJ3c=N6i6?uuku$oIqWaO>4jJtS_Mz5eMXoTD+$Pdn=JLHWYWPh3w98~^H0q^w zDy>;0fkpjCIl9Se{-YcXcJ&lxMFtVIe^Tz}c4rzG>S-DE7_8`^uw6X`50FNFTeo-`^4WxI&zgnZ_A7_u^{djLM16$|W zOw?7TCWrbs(|w@)LT&1#5+EmJRtp(L580usB8~Hf5&%8pE8CCv_v1Z?$>6o9qKE8V zrskL(#NWsJ?(Zi}nWIbp7U%t1R5Lgw`MHQ5GCoVcd+c_rjwK1?y)^+D8i_TEeps?p zz&*5wZW>4bG+K@y9Wcv^Y_^!$IT%LKmBnmeS5y~EolKR0%cEph?C9kEU|yz-u`Bi( zf~(-44}Qvauc9l~*MFGv_u!AM7nu6~HAq(m&F?>C%|BOcFV;V|UQpjt?Xhcr4^htH z#~Xc5JM^00M-haHn*9ygodn>(3kJN&3G3oZmss+b7VJXSdMY?OTFAPb1r{JI zO)x@bxQ`YN5EQNy4S&o@-`#shM2qT!%AFhoz|RdK6!NDb(_U zpu`C!Cnh7FsRbV|XL+KvQYmVw*V#tHOOj;CXL-cu8C6mqViwSHaJfGcHQ$devLYR} zn~7$k=1SZSBgS}9lvJa42vv|9veA|`8?qe`U)YJiWAqxfhR8Kbd7&;pp{2YNG2q{j zJ$?J~)yu=vmuGJdU%!0bC#FS8TqsKI*F#oU3lTBZ+o60fMTH}&7P%O*x9Z2kVi_?e z1>mi9J+)Qn@}H`5F_#@LP9!|;cuLxndfI3AAKs7p{k}Iz)rgN{uLxg!@poYMrJgb+ zG`v~r32$WG#RiB5F0zWX3<8&G`HbhWPB@yMz75j}!Iaau&;vd_D&; z{A@p=D~APjJOxlkE$zUE{HZ=F3t3k@D{9%$#!#DJ+$v87(*smA$lz?YURLavf4o3H z=m$r?k>hcDLDd8*I3SrUDK56XX^h1eHm0n31;Oosw=xOn(Exlk zDR6kC$K^tCAw?ljFXxcf;l708d1DqT<|(Bt!MF#0LFgLfnxB&u ztHP*ltXD$meJxJOnAX!NN*Sdkw_gg_7hz=`cB~I@xurU998C^j$nxZCHep4{(q+MC z+1MvFlXM?J!{Q9D;0~~Y6vB1iR@tT6$DZh8yk;MqVTC%{&bAmbEYfX$K>t6}6NYXP z9RYt^_7iG-VAPw`Pdn?Fxt_D?PPMIjNS3lGn#Wy{p?G!S?+fn+!j z1`2vbIwobFVrsBSJPCL;#yrmnQDefh9Q-xeOq7dS2^YwL==m+%_2oNvaE+Fe7U49z zG5c9ic3q+KE8{45TQrKXwf+7IGZoN|ArggWeR0vBU-tLSEe!ecS}_eZ{Gf9&?QSv^N_U`!NBWxAKQRA9WrNf)pf8jhPMKW2H=f% z$leNdvUcA^wr0V>mtn!djafh%y9mfd*lVyuFf%(vSnVPONE?kh+dfJY#QRn+Vx>FG z+c8w7F*N366RF95OYw=$}(g~{>aI06{B7ksS_t(H-g46lld!JTOQIo{=hJGx-8MLkL-36HvieE$S-cHqDbz z9dKgt;;x-B1l0$))mk$3%o+r!9x`A`fuYy3$Kp8NwQAG6ObNLY?EUYzsHfID$hE7+=Gsp1@y)k-;e|$RS7OGqLSif6`(#S}Q0-NMGDBPanvDW5 zaV|BQ(eS_+T6(^vpNa#6+IyLm3)#saU@9E!=GCxv?-V^a=MZUk44L~-od6?Q)Q~>% zqBf{70xE|%T+;*58lXcJI^)b;xs%oOY2m&xE-OT}O1-;ZbEr;fP{Fj(>FCvQ9J*o3 zg3sl&1Q!~3#B_qaIz=G9MZW=2M$KJ&J5er%2-KXBKLvT0bR`+=YrLt^64FCy z_k#$uafAOP-xW$3J2JgT+b0P1GtwRc;ws5?JdK0mo0_J(eG)U)b)senjiU|(4b4#& z6cp0*us}iq=vT>LR@4K-xFm|!4X#AYoKG19wfp#69wp+1ek9+JenbX{b{e67=o&W1C}@PntDQ-Pw@!0I!|T1~zkAlnQZZj;4 zUGBx-$9tp?ZWYmm;h&OaSa;DmBmdw3`M*y1Goa@5SXJg4uov)`BxX3^yNH>Rick8^ z7Utc9@M7DI!N_Kdbs5#uZ8=xE1*&SiICoysi40^KGNx?DmoM@Rq17lgN6W69k3~R1 zK#-7P33twz9Tu+c*;qnq=51shq{f&N2pym!Vcqh0@+#qNL%nG{EBQ=^!)qr49MO!L z^U(}D5-hRS#e^0sSGSRN5FmZ#Gi1o3zP5rvb3C1?TMOKLG`=$!9pE2(Rhr-j#>AYY zVph@z5A+v9{8dWG@&JM9n13s8KVw-lY0ZCd2wJ;j4M&IIUiqeEFHxX zovU*O3(w)VJ`c@mo*SDcopq|GB19ap-E{m~Y(iu5Km1F~9>6Fu0 zvsQ>IXKM(D#^0IK2tx;;ZWPrA zQ%lZLcpGaeiP;ep*(0ffb+?p+$8OBAqc&1q;@*dAksE35*+zKaT&AoO$;Bf-S0;sXze=$mdt!TKNZlEq~H`hvgtPr2jKo07aj!uF~jSY>@ zv%z*NMW()@b73@zJNDdZX!(K5pGi6jn=@{H2c!;~_W^tP>IEgdy?N=YoO|I?3KIln zS__uB#RDoin8vW~4E&X-m@V=;t3|Duq8Ap9^1H$!YR;G?#2(n49lMg#M#xwQunRj;&OxR8lD>XLXaW=Yt(2hi@<@77?edg}))SF~g>%dX}ZqQGh(I?Q&o zbk}9ij~-U@iYatcF>9a3$bKZ?1jx=Vpow#?PXU{Vs}YDFf&(SMF4|>pfH2kEi+N!Fo_GHiH3Cz$!6$m zQSWITvr|uwBQpVgn1Q~W_IY(K6?vz1g?ff-O8_WjfDSebf`a}%an_v9DAGZL8_@;k zmi8dg925{fv6Ojijv%$s)%2Yyo?y_M*|I`{t7$G~o3(Qxmfg+tFT`^5rs_&5$LW~M zP>WSr*8MTxusKmo%4#gmrlqV4J`-n{(5k)SVAJkw2Ea5Z!iZAaR=#>OcIqZ>#!21E z&6o&E#Mz>dd?L=&iSH>k-K@axXxW}Aoyt4|pXsVk7xi@fXAB$SEG;mA^XSd9i>$in z{qp`9WvBn5|MKct4W+4%o~0t{Xfe&|xL(f1(BR{pd7CBp8BX|_j)yp_1o)-TOsd9; zL5!zje9`_Cd~>#eRU8DL@jQ#s23?%-d8VKJ9_jGos)VW} zF~LeIDVApPBCe;Ekkc|xZR@xVV1>^3r!%ml>frPVTPg$&z&1n2QPIH z2dZ$20Y3{wgoN0-e)}~T9W6>-qEuk-zG6bR0XHS zOxm)3D{nDq^7uF{na*JJ?=UM*%|ORCvut#2rbqiRI{_tu+z?W*1o-ZFV+!$+QV$4g zA<-ts1g|C(M+I44JCqnzh zw787=7m{sh;uy3KY1NF9KUVbgFC;1>@N(3zx9_GQ4EuGni<-LdMHaB}pI+XzYj|IO z-QfytOXVIBrqN%tEd1sKXY=YKdS&(3}@aY(Ks!Kxm7`l=B=tlO!SJht` zdGRGy`O+n=MoZRJ^~E3y?SCKd#rrY)VWIX8^j>F|q5+Y}W}=<~p4zJyhbKLDI94yc z$STO-S@ziJ;pXhD#oIciYNH9!A$L?3x@|EymM=GR4JZCO-CbqHfQk zsuxRJ)Jsjq@ei-#vnc9LnYJpgMF;=p-aJ7W|yN6>iLPE0h^5x_No7!v`Up7lb%`7c*GYwoJssheOD- z@;6L5X?a*^hz75K{LbKIX4=h6lc(kk(8N8M6oMIl7l16m)6UD4N@mMG{g4bHC3##H zvdl&FUknmBbR+#fyl-E3aHXu^BM+;A5%-+?Wy=Vzo!@xdbmMF(FU{u{9V%c@rR*(U zajXMPx7jAhAxjq(mMw6A_+WD0l(kUP;sDO*bygN_kO0@ukfto@_v>6H#->XcBAE4( z7)P@s?zQuYiUHu<{i?13OMmL#m58;sv=e7{pho1B9IopH}aFZ2SRYc$ePy+=`0jn9bt}tETPuL3XU7f(@f5DzHHGoS~4Z)G!Kaj zBK6ah@UVR?iUsRGhw@#3C#n7c@4dzMB+bivI09`+TO5d*8uxHC=i*AP_Ouzw$^1hp1ytg>+$LFFK-Z* zLw%t~rkP+*$BwZN17lOP1L@AZ+P;{XwD(2Ub@D69^b4h$S;#V7Xb>rMxIcSvvvRMJE6l3h?na(ypnb z5Qb3LDZO`(9r7HgUP%DWn?(~(1LT&yPCD{xhmlk=B@E!@f zVyMFcc!o|gcGfA>nwmjS;+6j1jrFUhq5;hH_FoeEgNhQuzudLsvCy4y=>?!{9OuzWt zzM*M1@8}<#cQp0p9sPszj+pT*fA$pd^wr;=L&%>I2Wk*c2YL4V>0psRXIHq~H3FWA zY`vw0zs3r|*cCfuKa^!Icwy7X0GCi5X0TQ5q^yX6`J)`I$@|`_j)O5Wxz$_P6qH}C>8w6mAHu7h1lN353k)TxX+V@M3t}A7nRp?V#^7SpthAwq z0=T%;v1Sx2vrWtzOSL^i%?x3in`@cL!d$mTT4|SeKg&@fF5HQ{wRyA@EA|hKT=A(i zVr+=2o0iPxm~cvbG<~LU(#hIi1-Rea9T{mjq$@KC@*8#pg5`L^94-Qq58%)PC~9eB zd~MUGo#P3lH~ngl9)114Vo3mX} zoY{vIKVDDuE`qOd4H?6eziY1$b=-&T3KLQD^Q2iBLJ^_w4!*LuN!MV)JZN`UWOc{D zu}AkDhaIIiSvY+Gpomb^Z9HY7Vg~<6bY4mKtymF4H zTX}XVz%Gne5T2ry7+R8TXe!uMS1kE{Z^de+A|yqbiaS}z7$+6$sx0nw7N%y49x9@l z5+o!Nrp<2u2Oe|j{9yo7m0fFX97{d5~FVW^k&SC(0rG?DN}J$Ry9T;A7S^$ zCyB9r=u3!Gw@RZ0gPs1o5>oaEIn8YWrmbN(Gbkxqz#AW;30tQYL)9Y84F(pPp}d1B z;uHERaCCMaz!%}0 z{`ar1nfe_;gmdO233O+-TjPzf;vR_v%0rx zG#EpenqzR;p#)%KKAwu*?MS_1$-z(A#zcslFy5kls?(pd%Xdt45c2gh)kbXF7WzBBgOr1(qxx?pd;3)w8%;wV2TMXHIxt{M{%6Gh#}#%l{cdnd;R=KEgb*dPeCEsqWA?lwe@MR0UQPFIg# zQsOw2c1WBqB5yP(p!-@EoOD{>eeNWi%9wz-RnAMvb2*UXsYn-jR-6y)w9nFe`XBv& zEjXld3b|`Gf7jMBL&X0dL{VXJWF?N)oZN6!FKTF70vv+nGyCeke;!hp!yg@K!t zN(Tj2>DohO#p){Kc^}Nb*3}yaEnz=aequu8{?Q=}ttNJX16-LHSbGvdcn z2$6uTqKkZJ#9LGBLsaW%zS4{cljx)Q{`;@#N8M|>IaFtDzaf9**R{SI1Z#j}z_ZsB zyXXj*;?o6Vo=Nbjpo>3dr;tFs^pKPBMF`)>Caf%kha0{fu^2Y*??_zc;Ci*2@uvH4 zi`D&=Y{bZqBfS+>mHZST)A%<2fJP)L`CiC6j(sGJ&K#TgO^yE64o*FUv~Az=t+WuW zRD*m9uzlY)XuUg)_6qW@Xa9(?6jph9 zj<@&nxK2~G0}l4=;9N*BCHtV}p8Cvyhe@`OR9yyMp63FCyK8WKVkVT`qo4Dh=pbU5 zyI~h0*Sin;J?J}NtB=oe?`sgFuX^3YTmIWL3l&3nopQps`QE_>4*;;FK@G}hI98S?AIkD&&uB1qwHH9%&)i( zX2+Y~YGJOdg*g}1jmlt7xw?vo;#)Dy?TcZ4tJL_dQscKujbFS{BPG(PqY5!QTX|B~ zt=)LNN{!zNHU3)^YP_2=jbBflMq8+HMN-XYDAov#^lqV8qgR#@;?f~&P-|hgQJT@f z;eM;n_&=sTW2i;71zV*Jzm;cfmS?<&g$k9d(<#+9sdtPio^;&v;#|LDLo>8V8CD(D zj|;!iJ|CROy55S9R@^_g`^-5&dW=rA?r&Y2AM(7F8L|>J#1{iPxjmC|A@osu^y-); z%}KH1Q^S`BX!MS)Fb;7XMQi44&5W#Op35FIjF4najY&YOHw+9C^g=CW^RnXA5)JRw zVy;bL+5{d&n2$Sr_|PQ33w3_VRZDA?m14BS`*1zw1uF}svpM+As4o|_IESPvutx~E zETl1eSF*HZvh4XZn4UE;g;2YkgKh+echO@b)FlCtTv*6)7=!p!+ZM}-jRDau_t>l~ zvbrRXg()>RanpE_BsSfT;qMO(%)OgS<8Z|72 z6}MW$ti+`#Ku+w)d7jn%QKj?_nbiwe`*H`7QWhSZ0tpd=KINHT=C(~1%$%kNo-RQ-cX)NW}m7@;Dq^HKXw+aKJrBEPrGHW|xBVODc;~b1N>P8B88EOcQY_x6lTM0hx{GPCV zMe|TM6Y@ekg?J)k_qTpv8s3aA*@S0g_?QVP0k!}#=)onBDWymZqo~i4msM3(L-zjU zr?-bMUa}t#k6*ofF=VH-mUf7z>H_GlR8%&0ux#-q&$Dz0bqL~lS=I8x-tTci?%pB$ zv8+Z}nu=lwq!ndtE(&nuB#BzF_f=c>ji>uQ`|DrVQh_|W9V+gJh)AGL0~Y88RnU=2Vq>>?O&Uy_l!mP+j-oflt>x0Qa9HD(`X+4^ zgvewf#%j;%bm@^&U@NTPozi6Vbr2XhCoKw`Bmf&M!K+keK)!88^vmuMN#yZ|HMDwP@qGw z&&?s&&*%^w!1T(2l_&!`n&15L?&WDbOV{_Yx3{aFC`4Vk)${^BVkReh8+%iaR24j*Al_B!@#&%xL-yej(9xc*`O}x*;o#0d2u%4*_n_A(z>+hBxlq&N*`px3s=BJ(Wwv`eQ}n;3qNL` z6l>m;1;mA@3oU40GJ~0Y=-1aL_jJ#Ms_e)6`|+L<(qIUW9_t@V;hwS<9MImmV zYe!^jEp2G4fvRFxdN}}~Z69Ho$%pHyVF93_4xFKWR>bU0$?~!|hXSTTvZOfAicbj+ zb`M7NntLncd!SX(&+~a!h~fU<OWIUySqQv(ErdF(APmR;8b4O$7=oW@!pfYy@vkx_-}uE^iBW! z9Dl&fIgA)PJ9DF)7|Z!cINgeK_45PQuQ&tlnn6&2Nc>ng5;YfIOxHzBo)i6(kOx2kvv15M=$otkGndP1Yc~GC2hos+T-# zuIezm;H%froeh?Zu)j{8gt1%KvEaI+4}*w$@Sqz)xdzZ+x8lp{z3B3#U2gy8+;O~0 zpPx}q=eNkRNCTa&5?`)(@O(Ki#%YUI@VV1s|&C zAM~Vm!>3P@n_S*Rn1yO>64KH}URNpY6F2qz=Du-#3Wqyeha$cc(*2WTH0X#vLxi>>WSHg+DDnvP)h;lnC9Z8ZX0ZekohP(1dVoKpnUSGr&#25pDyPHk5>}aVu-<^Z(P$-;PzwTiC>Hn%1z&6}z#Ye3>H%~Bs+(Q-a zR`0DSl44vIsmXFQNhO)n_bI-USiQKMxOwawfE9P^ok&Wjj)jhPBkdquaeGNYv8K9# zE_v~8`_R?)2KNUPT=`Cr%(chjMo)FhzXGG2Mt^_`06_^e+tmqfLUbnMsCL1We&+h&PcXo?IX7`iA4x!Dx52GMsSCwY>N|nA=~?0=WijZh-TBqhY&Pnb#JU zs*ygYR=Nac0DW`Dm+XNoCp92%YT!-wV9Kj>mu-Y9ev1crNN+DE!Q)(dzlXm3nY(6l z`{fjVj~IF3Z>k!SFaNewLpK=oI;!FIk6r3{t7DhM$)<4LU*~a41OHl%Te||js4yim z?)NDOVe798YX6HKv|r!S*pe$ZK(_yKN32N~xWglMHH`jeIAYm7_DcO*vaxn~ zz2*oN`dX3vrmXMg6t**P{WBN>FK_Dvwz;IA_xy!^w>o|8Zrb=9h9Ix6@)U;Qe=TRQ zUISlL%mNX2e*WIhP;dYAb=Sk!aQ1#(OX9B2-P;)L%}!l{Qo6%4cU3Kk|JW0kIY@Q% zl8rpy)R`7ad%!lkU1ck;W!KX+{LxjsO?~H-m1<+z@OHL)9IXD>747= zXHnyLU$t%5K&&l-K9(06gY0$Cl(4Oj)vc9q3xl^vWZf+A0@+&M=~y=HYW%E>aU+An zB?WGQMRz!GdeT zXp&Db$iL0DQv*Civxp%0uE)hD{?xUkkxrI^kwbBBozWG(EBw33q83QkEy*L)Cdx{z zW!UwF(QR(I79ajcY&&0|zj31QZ^*sRAlRAC@V(^)<_h&zrJZ%`K@8!Y)^|Ibv#?Qw zXEhJEs`_)2l0VmCVno@HD*`Fq&|80Kl$)B18bNC>Gr53REkvK`fLbm1Wp=JnH|QO9 zTJ!M*L`S~k7oxzZs&#>qNc&A9BxwW~7`AOdr1$Y%M?!j?{ilUM`j*7*pf_Sd({i|} z-OvG#*)l54&wyG>;6i6Nt)Q@3#At!&*rs04XsPMlzH-o(xgLJr)Y{QCGj=*MrtWHR zjj=VUX^pNGe7AOhp-{VP2ij5cz;-jj+Lnn`QFC1}b1Ng}g7I?gXt{1~z0^T*7kXdW zo;!l#Hmby=M`7z$-AXjvnw_qdimfAY^{)8Z0&KKiB>9{{sL3 N|NqOAihcmj1^{6EQNsWL diff --git a/BAI/k8s-yaml/.gitkeep b/BAI/k8s-yaml/.gitkeep deleted file mode 100644 index e69de29b..00000000 diff --git a/BAI/k8s-yaml/README.md b/BAI/k8s-yaml/README.md deleted file mode 100644 index 5968ab0f..00000000 --- a/BAI/k8s-yaml/README.md +++ /dev/null @@ -1,59 +0,0 @@ -# Install with Kubernetes YAML - -This directory explains how to install IBM Business Automation Insights without the Helm server (Tiller). - -## Initializing Helm - -Initialize the Helm client-side as follows: - -```sh -helm init --client-only -``` - -## Installing IBM Business Automation Insights - -### Prerequisites - -First follow the [Requirements](../README.md#requirements) and [Before you begin](../README.md#before-you-begin). - -### Generate the Kubernetes YAML - -To install IBM Business Automation Insights, generate the Kubernetes YAML files as follows: - -```sh -mkdir yaml-files -helm template ibm-business-automation-insights-3.2.0.tgz --name --output-dir yaml-files -f values.yaml -``` - -To override the default configuration, you must provide a `values.yaml` file that contains your custom configuration. - -Configuration properties and default values are described in the [Business Automation Insights README.md](../README.md#configuration-parameters). An example `values.yaml` is provided [here](../configuration/sample-values.yaml). - -### Install the Kubernetes YAML - -```sh -kubectl apply -f ./yaml-files/ibm-business-automation-insights/templates -n bai && \ -kubectl apply -f ./yaml-files/ibm-business-automation-insights/charts/ibm-dba-ek/templates -n bai -``` - -### Install the event emitters - -You must install the emitters into your IBM Digital Business Automation products to be able to emit events from the products to Business Automation Insights. - -You must only install emitters for the products that you enabled during Business Automation Insights installation process. In the provided sample, only the BPMN job is installed, and so only the BPMN emitter must be installed. - -Refer to the [Knowledge Center](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.bai/topics/con_bai_top_bmpn_events.html) for instructions. - - -## Updating IBM Business Automation Insights - -Check the Business Automation Insights [Updating](../README.md#updating) section for prerequisites to the update. - -After initial installation, you can update the deployment by following the same steps but passing a different `values.yaml` - -## Uninstalling IBM Business Automation Insights - -```sh -kubectl delete -f ./yaml-files/ibm-business-automation-insights/templates -n bai && \ -kubectl delete -f ./yaml-files/ibm-business-automation-insights/charts/ibm-dba-ek/templates -n bai -``` diff --git a/BAI/platform/README_Eval_Openshift.md b/BAI/platform/README_Eval_Openshift.md deleted file mode 100644 index dc08cfcc..00000000 --- a/BAI/platform/README_Eval_Openshift.md +++ /dev/null @@ -1,105 +0,0 @@ -# Install IBM Business Automation Insights for developers on Red Hat OpenShift - -IBM® Business Automation Insights collects and continuously feeds operational data from IBM Automation Platform for Digital Business on Cloud to data lakes to provide users with a 360-degree view of operations and to enable machine learning from historical data. - -By downloading and installing this no-charge Developer Edition of IBM Business Automation Insights, you can benefit from the following capabilities: - * Collect data from IBM Business Automation Workflow, Operational Decision Manager, IBM FileNet® Content Manager, and BAIW, and store it on Elasticsearch. - * Visualize the data through predefined or user-configured dashboards in Kibana. - -See the following license section for restrictions on the use of this product: http://www14.software.ibm.com/cgi-bin/weblap/lap.pl?li_formnum=L-ASAY-BEEGE4 - -Note: You can use IBM Business Automation Insights Developer Edition only for non-production environments, primarily to try out IBM Business Automation Insights with your own event types and business data. You can connect your existing on-premise IBM Business Automation Workflow non-production systems to IBM Business Automation Insights Developer Edition. - -Note: You can also install Developer Edition on Minikube. For more information, see /~https://github.com/icp4a/cert-kubernetes/blob/19.0.2/BAI/platform/minikube/README.md. - -## Step 1: Prerequisites - -Make sure to go through the Prerequisites sections that are documented at /~https://github.com/icp4a/cert-kubernetes/tree/19.0.2/BAI/README.md: - - * [Requirements](/~https://github.com/icp4a/cert-kubernetes/tree/19.0.2/BAI/README.md#requirements) - * [Connect to the cluster](/~https://github.com/icp4a/cert-kubernetes/tree/19.0.2/BAI/README.md#connect-to-the-cluster) - * [Upload the images](/~https://github.com/icp4a/cert-kubernetes/tree/19.0.2/BAI/README.md#upload-the-images) This step must be skipped for the Developer Edition because images are pulled from Docker Hub public registry. - * [Configure the storage](/~https://github.com/icp4a/cert-kubernetes/tree/19.0.2/BAI/README.md#configure-the-storage). Note that the Developer Edition embeds Elasticsearch. - * [Configure the image policy](/~https://github.com/icp4a/cert-kubernetes/tree/19.0.2/BAI/README.md#configure-the-image-policy) This step must be skipped for the Developer Edition. - * [PodSecurityPolicy Requirements](/~https://github.com/icp4a/cert-kubernetes/tree/19.0.2/BAI/README.md#podsecuritypolicy-requirements) - * [Red Hat OpenShift SecurityContextConstraints Requirements](/~https://github.com/icp4a/cert-kubernetes/tree/19.0.2/BAI/README.md#red-hat-openshift-securitycontextconstraints-requirements) - -Note: When the `kubectl create namespace ` command is executed, an associated Kubernetes namespace is created with the project name. In subsequent commands, replace the `` placeholder with your actual project name. - -## Step 2: Install an IBM Business Automation Insights Developer Edition release - - -1. Create a `values.yaml` file. - - a. Configure the connection between your Kafka tool and Business Automation Insights: - - In the `values.yaml` file, configure the connection to Kafka. - - For example, for a Kafka without authentication: - - ```yaml - kafka: - bootstrapServers: "kafka-hostname:9092" - securityProtocol: "PLAINTEXT" - propertiesConfigMap: "" - ``` - - IBM Business Automation Insights creates Kafka topics if they do not exist. Default Kafka topic names are documented at [General configuration](/~https://github.com/icp4a/cert-kubernetes/tree/19.0.2/BAI/README.md#general-configuration). - - b. Enable event processing. - - For example, to install only ODM event processing, edit your `values.yaml` file as follows. - - ```yaml - bpmn: - install: false - - icm: - install: false - - odm: - install: true - - content: - install: false - - bawadv: - install: false - - baiw: - install: false - ``` - -2. Install the release. - - a. Add the IBM Charts repository - ```console - $ helm repo add ibm-charts https://raw.githubusercontent.com/IBM/charts/master/repo/stable - $ helm repo update - ``` - b. Run the helm install command - - ```console - $ helm install --namespace --name ibm-charts/ibm-business-automation-insights-dev -f ./values.yaml --version=3.2.0 - ``` - -## Step 3: Verify that IBM Business Automation Insights deployment is running - -IBM Business Automation Insights is correctly deployed when all the jobs are completed, all the pods are running and ready, and all the services are reachable. - -- Monitor the status of the jobs and check that all of them are marked as successful by executing the following command: -```sh -oc get jobs -n -``` -- Monitor the status of the pods and check that all of them are in `Running` mode and with all their containers `Ready` (for example, 2/2) by executing the following command: -```sh -oc get pods -n -``` - -## To uninstall the release - -To uninstall and delete the release from the Helm CLI, use the following command: - -```console -$ helm delete --purge -``` diff --git a/BAI/platform/README_ROKS.md b/BAI/platform/README_ROKS.md deleted file mode 100644 index 519ed7ad..00000000 --- a/BAI/platform/README_ROKS.md +++ /dev/null @@ -1,284 +0,0 @@ -# Install IBM Business Automation Insights for production on Red Hat OpenShift on IBM Cloud - -## Before you begin: Create a cluster and get access to the container images - -Before you run any installation command, make sure that you have created the IBM Cloud cluster and prepared your own environment. You must also create a pull secret to be able to pull your images from a registry. - -For more information, see [Installing containers on Red Hat OpenShift by using CLIs](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_prepare_env_ROKS.html). - -## Step 1: Install a Business Automation Insights release - -> **Tip**: If you activate Business Automation Insights persistence, you need to specify persistent volumes (PV) to install. PV represents an underlying storage capacity in the infrastructure. Before you can install Business Automation Insights, you must create two PVs with access mode set to ReadWriteOnce and storage capacity of 10Gi or more for Elasticsearch storage, and one PV with access mode set to ReadWriteMany and storage capacity of 10Gi or more for Apache Flink storage. You create a PV in the administration console or in a YAML file (.yml or. yaml file name extension). - -1. Prerequisites: - - * Install a [Kafka distribution](https://cwiki.apache.org/confluence/display/KAFKA/Ecosystem) and make sure it is accessible from the Managed OpenShift cluster. - -2. Get the Business Automation Insights Helm charts: - - a. Download the charts [ibm-business-automation-insights-3.2.0.tgz](../helm-charts/ibm-business-automation-insights-3.2.0.tgz) - -3. Apply the security policy: - - a. Create a file named, for example, 'bai-psp.yaml', based on this PSP template, and set the values of the and placeholders. - * Replace `` with the name of the Business Automation Insights release. - * Replace `` with the name of the namespace that is associated with your OpenShift project. - - ```console - apiVersion: policy/v1beta1 - kind: PodSecurityPolicy - metadata: - annotations: - kubernetes.io/description: "This policy is required to allow ibm-dba-ek pods running Elasticsearch to use privileged containers." - name: -bai-psp - spec: - privileged: true - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - fsGroup: - rule: RunAsAny - volumes: - - '*' - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: -bai-role - namespace: - rules: - - apiGroups: - - extensions - resourceNames: - - -bai-psp - resources: - - podsecuritypolicies - verbs: - - use - --- - apiVersion: v1 - kind: ServiceAccount - metadata: - name: -bai-psp-sa - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: -bai-rolebinding - namespace: - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: -bai-role - subjects: - - kind: ServiceAccount - name: -bai-psp-sa - namespace: - ``` - - b. Apply this policy. - - ```console - $ kubectl apply -f bai-psp.yaml -n - ``` - -4. Grant "ibm-privileged-scc" privileges to the service account. - - ```console - oc adm policy add-scc-to-user ibm-privileged-scc -z -bai-psp-sa -n - ``` - -5. Create a `values.yaml` file. - - a. Pull image secrets - - BAI images are available in IBM Docker registry by using a pull secret name. - Replace the placeholder with the secret that you - created in [Before you begin](#before-you-begin-create-a-cluster-and-get-access-to-the-container-images). Then, add the following parameters in the `values.yaml` file. - - ```yaml - imageCredentials: - imagePullSecret: - - ibm-dba-ek: - image: - imagePullSecret: - ``` - - b. Image repository - - Add the following parameters in the `values.yaml` file. Replace the placeholder with the IBM Docker registry path. - ```yaml - setup: - image: - repository: /bai-setup - admin: - image: - repository: /bai-admin - flink: - image: - repository: /bai-flink - zookeeper: - image: - repository: /bai-flink-zookeeper - bpmn: - image: - repository: /bai-bpmn - icm: - image: - repository: /bai-icm - odm: - image: - repository: /bai-odm - content: - image: - repository: /bai-content - bawadv: - image: - repository: /bai-bawadv - ingestion: - image: - repository: /bai-ingestion - initImage: - image: - repository: /bai-init - ibm-dba-ek: - elasticsearch: - init: - image: - repository: /bai-init - image: - repository: /bai-elasticsearch - kibana: - image: - repository: /bai-kibana - ``` - - c. Activate persistence. - - The following example uses dynamic provisioning and the `ibmc-file-retain-gold` storage class. For Elasticsearch volumes, use the fastest possible storage class. - - ```yaml - persistence: - useDynamicProvisioning: true - - flinkPv: - storageClassName: "ibmc-file-retain-gold" - - ibm-dba-ek: - elasticsearch: - data: - storage: - persistent: true - useDynamicProvisioning: true - storageClass: "ibmc-file-retain-gold" - snapshotStorage: - enabled: true - useDynamicProvisioning: true - storageClass: "ibmc-file-retain-gold" - ``` - - d. Configure the connection between your Kafka tool and Business Automation Insights. - - In the `values.yaml` file, configure the connection to Kafka. - - For example, for a Kafka without authentication: - - ```yaml - kafka: - bootstrapServers: "kafka-hostname:9092" - securityProtocol: "PLAINTEXT" - propertiesConfigMap: "" - ``` - - e. Enable init of the Flink storage directory. - - When deploying IBM Business Automation Insights on IBM Cloud, the Flink init container needs to be run as privileged, such that it can - change the ownership and permissions of its storage directory. For details, see https://cloud.ibm.com/docs/containers?topic=containers-cs_troubleshoot_storage#file_app_failures - and https://cloud.ibm.com/docs/containers?topic=containers-cs_troubleshoot_storage#cs_storage_nonroot. To enable initialization - of the Flink storage directory, add `flink.initStorageDirectory: true` in your `values.yaml`. - - ```yaml - flink: - initStorageDirectory: true - ``` - - f. Enable event processing. - - For example, to install only BPMN event processing, edit your `values.yaml` file as follows. - - ```yaml - bpmn: - install: true - - icm: - install: false - - odm: - install: false - - content: - install: false - - bawadv: - install: false - ``` - - g. Configure event ingestion in HDFS. - - By default, events are ingested in HDFS in a dedicated bucket which must be created beforehand with appropriate permissions. - Indicate the path to the HDFS bucket by using the `flink.storageBucketUrl` parameter in your `values.yaml` file. - Replace the placeholders and with the actual values. - - ```yaml - flink: - storageBucketUrl: "hdfs:///" - - ingestion: - install: true - ``` - - For more information about HDFS configuration, see [Preparing to use HDFS](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.bai/topics/tsk_bai_config_hdfs_storage.html). - - To disable event ingestion, edit your `values.yaml` file as follows. - - ```yaml - ingestion: - install: false - ``` - - -10. Install the release. - - ```console - $ helm install --namespace --name /ibm-business-automation-insights-3.2.0.tgz -f ./values.yaml - ``` - -## Step 3: Verify that the Business Automation Insights deployment is running - -1. Monitor the Business Automation Insights pods until they show the *Running* or *Completed* STATUS. - - ```console - $ while oc get pods | grep -E "(Running|Completed|STATUS)"; do sleep 5; done - ``` - -2. Expose the Kibana service to your users by using Openshift routes. - - ```console - $ oc create route passthrough --service=-ibm-dba-ek-kibana -n - ``` - - > **Note**: For more information, refer to the [Openshift documentation](https://docs.openshift.com/container-platform/3.11/dev_guide/routes.html). - - The Kibana URL is available in the 'Routes' section of the Openshift console. - -## To uninstall the release - -To uninstall and delete the release from the Helm CLI, use the following command. - -```console -$ helm delete --purge -``` diff --git a/BAI/platform/minikube/Monitoring.md b/BAI/platform/minikube/Monitoring.md deleted file mode 100644 index 0d9d8cde..00000000 --- a/BAI/platform/minikube/Monitoring.md +++ /dev/null @@ -1,251 +0,0 @@ -# Monitoring an IBM Business Automation Insights installation on Minikube - -After Business Automation Insights is installed on Minikube, you can use the following procedure to monitor the health of you installation and troubleshoot issues. - -Table of contents: -- [Retrieving all the logs](#retrieving-all-the-logs) -- [Monitoring Kafka](#monitoring-kafka) -- [Monitoring Elasticsearch](#monitoring-elasticsearch) -- [Monitoring Flink](#monitoring-flink) - -## Retrieving all the logs - -In order to retrieve the logs of all the main BAI runtime components, run the following command: - -``` bash -./get-logs.sh -``` - -This command creates a `logs` directory under which the following log files are created: - -``` -elasticsearch-client.log (last log file for the elasticsearch client pod) -elasticsearch-client.previous.log (previous log file for the elasticsearch client pod) -elasticsearch-data.log (last log file for the elasticsearch data pod) -elasticsearch-data.previous.log (previous log file for the elasticsearch data pod) -elasticsearch-master.log (last log file for the elasticsearch master pod) -elasticsearch-master.previous.log (previous log file for the elasticsearch master pod) -flink-jobmanager.log (last log file for the flink job manager pod) -flink-jobmanager.previous.log (previous log file for the flink job manager pod) -flink-taskmanager-n.log (last log file for the flink task manager pod(s)) -flink-taskmanager-n.previous.log (previous log file for the flink task manager pod(s)) -flink-zookeeper.log (last log file for the flink zookeeper pod) -flink-zookeeper.previous.log (previous log file for the flink zookeeper pod) -kafka-zookeeper.log (last log file for the kafka zookeeper pod) -kafka-zookeeper.previous.log (previous log file for the kafka zookeeper pod) -kafka.log (last log file for the kafka pod) -kafka.previous.log (previous log file for the kafka pod) -``` - -## Monitoring Kafka - -### Checking that Kafka is running - -Run the following command: - -``` bash -kubectl get pods -n kakfa -``` - -The expected output should be similar to the following result, indicating two pods running and ready. - -``` -NAME READY STATUS RESTARTS AGE -kafka-release-cp-kafka-0 2/2 Running 0 60m -kafka-release-cp-zookeeper-0 2/2 Running 12 41h -``` - -After you ensured that your two pods are ready and running, you can check that the Kafka service is correctly exposed by running the following command: - -``` bash -kubectl get services -n kafka -``` - -The expected output should be similar to the following result: a service named `kafka-release-_x_-nodeport` of type `NodePort` should be mapped to TCP port 31090). - -``` -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -kafka-release-0-nodeport NodePort 10.103.253.72 19092:31090/TCP 41h -kafka-release-cp-kafka ClusterIP 10.103.115.114 9092/TCP 41h -kafka-release-cp-kafka-headless ClusterIP None 9092/TCP 41h -kafka-release-cp-zookeeper ClusterIP 10.107.231.119 2181/TCP 41h -kafka-release-cp-zookeeper-headless ClusterIP None 2888/TCP,3888/TCP 41h -``` - -### Checking that the Kafka topics for Business Automation Insights exist - -_Note: Before this verification, make sure to install the [kafka binaries](https://kafka.apache.org/downloads) on your laptop. In the following command, ${KAFKA_HOME} refers to the home directory of your Kafka installation._ - -Run the following Kafka command: - -``` bash -${KAFKA_HOME}/bin/kafka-topics.sh --list --bootstrap-server $(minikube ip):31090 -``` - -The returned list must include the three following Kafka topics: - -``` -bai-release-ibm-bai-egress -bai-release-ingress -bai-release-service -``` - -### Checking that messages are sent by the emitter - -_Note: Before this verification, make sure to install the [kafka binaries](https://kafka.apache.org/downloads) on your laptop. In the following command, ${KAFKA_HOME} refers to the home directory of your Kafka installation._ - -Run the following Kafka command to display all messages in the `bai-release-ibm-bai-egress` Kafka topic: - -``` bash -${KAFKA_HOME}/bin/kafka-console-consumer.sh --bootstrap-server $(minikube ip):31090 --topic bai-release-ingress --from-beginning -``` - -Then, interact with your emitter application (the ODM emitter for IBM Operational Decision Manager, or the BPMN or Case emitter for IBM Business Automation Workflow) and check that you can see messages added to the `bai-release-ingress` topic in your console. - -### Getting the Kafka logs - -Run the following command to get the logs: - -``` bash -kubectl logs $(kubectl get pods -n kafka | grep kafka-release-cp-kafka- | awk '{print $1}') cp-kafka-broker -n kafka -``` - -## Monitoring Elasticsearch - -### Checking that Elasticsearch is running - -Run the following command to display the list of Elasticsearch and Kibana pods: - -``` bash -kubectl get pods -n bai | grep -e 'RESTARTS\|-ek-' -``` - -The expected output should be similar to the following result, indicating four pods running and ready. - -``` -NAME READY STATUS RESTARTS AGE -bai-release-ibm-dba-ek-client-58bc6bf75c-9dwvc 1/1 Running 2 18h -bai-release-ibm-dba-ek-data-0 1/1 Running 2 18h -bai-release-ibm-dba-ek-kibana-7bcfc6ddf9-ff69f 1/1 Running 2 18h -bai-release-ibm-dba-ek-master-0 1/1 Running 2 18h -``` - -After you ensured that your two pods are ready and running, you can check that the Elasticsearch and Kibana services are correctly exposed by running the following command: - -``` bash -kubectl get services -n bai | grep 'EXTERNAL-IP\|-ek-' -``` - -The expected output should be similar to the following result. - -``` -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -bai-release-ibm-dba-ek-client NodePort 10.110.241.254 9200:31200/TCP 18h -bai-release-ibm-dba-ek-kibana NodePort 10.97.123.220 5601:31501/TCP 18h -bai-release-ibm-dba-ek-master ClusterIP 10.111.170.123 9300/TCP 18h -``` - -### Checking that the Elasticsearch cluster is healthy - -Run the following command to check the health of your Elasticsearch cluster: - -``` bash -curl https://$(minikube ip):31200/_cluster/health?pretty=true --insecure -u admin:passw0rd -``` - -In the returned JSON code, check that the status is `green` or `yellow`, as in the following example: - -``` json -{ - "cluster_name" : "bai-release-ibm-dba-ek-elasticsearch", - "status" : "yellow", - "timed_out" : false, - "number_of_nodes" : 3, - "number_of_data_nodes" : 1, - "active_primary_shards" : 42, - "active_shards" : 42, - "relocating_shards" : 0, - "initializing_shards" : 0, - "unassigned_shards" : 40, - "delayed_unassigned_shards" : 0, - "number_of_pending_tasks" : 0, - "number_of_in_flight_fetch" : 0, - "task_max_waiting_in_queue_millis" : 0, - "active_shards_percent_as_number" : 51.21951219512195 -} -``` - -### Checking that the Elasticsearch indexes exist - -Run the following command to retrieve the list of indexes in the Elasticsearch cluster: - -``` bash -curl https://$(minikube ip):31200/_cat/indices?v --insecure -u admin:passw0rd -``` - -In the returned list, check that all expected indexes exist, are open, and have a `green` or `yellow` health status, as in the following example: - -``` -health status index uuid pri rep docs.count docs.deleted store.size pri.store.size -yellow open security-auditlog-2019.04.25 P7LQybcvTySRYpDUCoUftw 5 1 159 0 671.2kb 671.2kb -yellow open process-summaries-active-idx-ibm-bai-2019.04.25-000001 81GfwYOOTJOK4LD551uVTw 5 1 4 0 96.5kb 96.5kb -green open .kibana_1 HyuwkYF8QvKJyONgyECFtw 1 0 135 9 191.5kb 191.5kb -green open .opendistro_security SOGNgWczThqAT26vcyg71g 1 0 5 0 32kb 32kb -yellow open process-summaries-completed-idx-ibm-bai-2019.04.25-000001 qlwuQ1AqTca3FcQ2LB-9xg 5 1 1 0 25.2kb 25.2kb -yellow open odm-timeseries-idx-ibm-bai-2019.04.25-000001 _SGUSxhfSi-3yfWQ4qdNYQ 5 1 0 0 1.2kb 1.2kb -yellow open case-summaries-active-idx-ibm-bai-2019.04.25-000001 nwwlbYUZRzmtUPisVusJUw 5 1 0 0 1.2kb 1.2kb -yellow open security-auditlog-2019.04.26 -Xqc9GqiQSmLTfVwgzjk9A 5 1 21 0 268.6kb 268.6kb -yellow open content-timeseries-idx-ibm-bai-2019.04.25-000001 gMs6ZjIfQ8O1eyoK7V02eQ 5 1 0 0 1.2kb 1.2kb -yellow open case-summaries-completed-idx-ibm-bai-2019.04.25-000001 AS7uaqCYRAOuvPY1S2g2gw 5 1 0 0 1.2kb 1.2kb -``` - -### Getting the Elasticsearch logs - -Run the following command to get the logs of the Elasticsearch master node: - -``` bash -kubectl logs $(kubectl get pods -n bai | grep bai-release-ibm-dba-ek-master- | awk '{print $1}') -n bai -``` - -Run the following command to get the logs of the Elasticsearch data node: - -``` bash -kubectl logs $(kubectl get pods -n bai | grep bai-release-ibm-dba-ek-data- | awk '{print $1}') -n bai -``` - -Run the following command to get the logs of the Elasticsearch client node: - -``` bash -kubectl logs $(kubectl get pods -n bai | grep bai-release-ibm-dba-ek-client- | awk '{print $1}') -n bai -``` - -### Using Elasticsearch head to introspect your cluster - -To introspect and monitor your Elasticsearch cluster with a user interface, you can install the [Elasticsearch head chrome plugin](https://chrome.google.com/webstore/detail/elasticsearch-head/ffmkiejjmecolpfloofpjologoblkegm). - -To connect the plugin to your Elasticsearch cluster, go through the following steps: - -1. Retrieve the URL to the Elasticsearch cluster by running the `echo https://$(minikube ip):31200` command. -1. Enter this URL in your Chrome browser, accept the self-signed certificate if requested, and then use the `admin / passw0rd` credentials to authenticate. -1. After you access the URL, open the Elasticsearch head plugin in the same browser, enter the same URL in the text box at the top of the user interface, and click the `Connect` button. - -## Monitoring Flink - -### Checking that Flink is running - -Run the following command to display the list of Flink pods: - -``` bash -kubectl get pods -n bai | grep -e 'RESTARTS\|-flink-' -``` - -The expected output should be similar to the following result, with all pods running and ready. Note that you might have more or fewer `bai-release-bai-flink-taskmanager-_x_` pods. - -``` -NAME READY STATUS RESTARTS AGE -bai-release-bai-flink-jobmanager-5d8f74f947-zv6wm 1/1 Running 3 19h -bai-release-bai-flink-taskmanager-0 1/1 Running 3 19h -bai-release-bai-flink-taskmanager-1 1/1 Running 3 19h -bai-release-bai-flink-zk-0 1/1 Running 2 19h -``` - diff --git a/BAI/platform/minikube/README.md b/BAI/platform/minikube/README.md deleted file mode 100644 index b70c6a47..00000000 --- a/BAI/platform/minikube/README.md +++ /dev/null @@ -1,276 +0,0 @@ -# Install IBM Business Automation Insights on Minikube - -This procedure guides you to install and run IBM Business Automation Insights Developer Edition on a local Minikube cluster. - -### Disclaimer - -The deployment of IBM Business Automation Insights Developer Edition on Minikube is **not going to provide any high performance, scalability, high availability or allow any long term storage of the data**. Use with care. In order to get high performance, high availability and features not available in the Developer Edition you must install the commercial release of IBM Business Automation Insights on a scalable Kubernetes cluster. -As a consequence, and not limited to the following, machine hibernation or shutdown without having properly shutdown the Minikube virtual machine may have unpredictable effects on Kubernetes persistent storage. This may also prevent Minikube from restarting properly. -*** - -- [Prerequisites](#prerequisites) -- [Automated installation](#automated-installation-fast-path) -- [Step by step installation](#step-by-step-installation) - - [1. Initialize minikube](#1-initialize-minikube) - - [2. Initialize minikube persistent volumes](#2-initialize-minikube-persistent-volumes) - - [3. Initialize Helm](#3-initialize-helm) - - [4. Install Apache Kafka](#4-install-apache-kafka) - - [5. Install IBM Business Automation Insights Developer Edition](#5-install-ibm-business-automation-insights-developer-edition) - - [1. Add IBM Charts repository](#1-add-ibm-charts-repository) - - [2. Create a security policy and a service account for elasticsearch](#2-create-a-security-policy-and-a-service-account-for-elasticsearch) - - [3. Choose the type of event processing you want to deploy](#3-choose-the-type-of-event-processing-you-want-to-deploy) - - [4. Deploy BAI release](#4-deploy-the-bai-release) - - [5. Verify](#5-verify) -- [Starting/stopping minikube](#starting-or-stopping-minikube) -- [Next step: configure your Event Emitter](#next-step-configure-your-event-emitter) -- [Troubleshooting](#troubleshooting) -*** - -## Prerequisites - -- Resources: - - MacOS Mojave or Windows 10 - - 2CPUs + 6Gb RAM free space - - In addition to the space for Docker, Minikube, and Helm, 15Gb disk space for images and persisted data - - There are [known networking issues](/~https://github.com/kubernetes/minikube/issues/1099) when using Minikube while Cisco AnyConnect is running on the same machine. Before running Minikube, make sure that your Cisco AnyConnect VPN is NOT running. - -- Tools that must be installed: - - **[Docker](https://docs.docker.com/install)**, tested with [Docker Desktop](https://www.docker.com/products/docker-desktop) on MacOS and [Docker Toolbox](https://docs.docker.com/toolbox/overview/) on Windows - - **[VirtualBox latest](https://www.virtualbox.org/wiki/Downloads)** - - **[Minikube](https://kubernetes.io/docs/setup/minikube)**, tested with [v1.4.0](/~https://github.com/kubernetes/minikube/releases/tag/v1.4.0) (MacOS and Windows) - - **[Helm](https://docs.helm.sh/using_helm/#installing-helm)**, tested with [v2.12.3](/~https://github.com/helm/helm/releases/tag/v2.12.3) (MacOS) and [v2.13.1](/~https://github.com/helm/helm/releases/tag/v2.13.1) (Windows) - - **[kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl)**, tested with latest version - - **[jq](https://stedolan.github.io/jq/)**, tested with latest version (MacOS and Windows) - -- IBM Business Automation Insights Developer Edition: - - Choose a destination directory where the installation artifacts below will be downloaded. - - On Windows, this must be on the drive where your ```MINIKUBE_HOME``` environment variable points to. If this is not set, it defaults to the ```C:``` drive (current [restriction of ```minikube```](/~https://github.com/kubernetes/minikube/issues/1574)) - - Download the following files: - - [configuration/easy-install-kafka.yaml](configuration/easy-install-kafka.yaml?raw=true) - - [configuration/easy-install.yaml](configuration/easy-install.yaml?raw=true) - - [configuration/pv.yaml](configuration/pv.yaml?raw=true) - - [configuration/bai-psp.yaml](configuration/bai-psp.yaml?raw=true) - - [install-bai-minikube.sh](./install-bai-minikube.sh?raw=true) - - [install-bai.sh](./install-bai.sh?raw=true) - - [utilities.sh](./utilities.sh?raw=true) - - [Mac/Linux only] Ensure proper execution permissions of downloaded scripts: `chmod +x *.sh` - -## Automated installation ("fast path") - - - See [installation prerequisites](#prerequisites) - - Choose an \ to deal with. The valid values are "odm", "icm", "bpmn", "bawadv", "content", or "baiw". - - If your event emitter is not hosted by the local host, you must use the ```-i ``` option to specify the local machine IP address that is reachable by the event emitter. - - To bypass the check of the Minikube version used, pass the ``` -f ``` option. - - Make sure that the VirtualBox ```VBoxManage``` command is on the ```PATH```. - - Example: ```./install-bai-minikube.sh -e -i 9.128.37.112 -f``` - - On Windows, you must run this command from the Git [```bash```](https://gitforwindows.org/) command tool, which comes with Docker Toolbox. - - Processed data is stored locally in the ```minikube virtual machine /data``` directory and subdirectories. - - -## Step-by-step installation - -Run the following commands from the destination folder where you downloaded the IBM Business Automation Insights Developer Edition files (archive + YAML files). Your working directory structure should be: - -``` -. -|____./configuration/easy-install.yaml -|____./configuration/easy-install-kafka.yaml -|____./configuration/bai-psp.yaml -|____./configuration/pv.yaml -``` - -### 1. Initialize Minikube - -``` -minikube start --cpus 2 --memory 6144 -minikube docker-env -eval $(minikube docker-env) -``` -### 2. Initialize minikube persistent volumes - -``` -kubectl create ns bai -kubectl apply -f configuration/pv.yaml -n bai -minikube ssh "sudo mkdir /data/bai" -minikube ssh "sudo mkdir /data/bai-elasticsearch-data-1" -minikube ssh "sudo mkdir /data/bai-elasticsearch-master-1" -minikube ssh "sudo chmod -R 777 /data" -``` - -### 3. Initialize Helm - -``` -helm init --wait -``` - -### 4. Install Apache Kafka - -#### Scenario 1: Your event emitter (BPMN, BAW Advanced, Case, ODM, Content, or BAIW) is running on your local machine. - -If you plan to feed your Business Automation Insights instance with events from a Business Automation Worfklow server or from an Operational Decision Manager server running on your local machine, use the following procedure to install Apache Kafka: - -``` -helm repo add confluent https://confluentinc.github.io/cp-helm-charts -helm repo update -kubectl create ns kafka -helm install --wait --name kafka-release --namespace kafka -f configuration/easy-install-kafka.yaml --set cp-kafka.customEnv.ADVERTISED_LISTENER_HOST=$(minikube ip) confluent/cp-helm-charts -``` - -After the command completes, check the deployment status of Kafka pods with `kubectl get pods -n kafka` until all pods are running.

- -#### Scenario 2: Your event emitter (BPMN, BAW Advanced, Case, ODM, Content, or BAIW) is running on an external machine. - -If you plan to feed your Business Automation Insights instance with events from a Business Automation Worfklow server or from an Operational Decision Manager server running on an external machine (for example, on IBM Cloud), you need to through the following steps: - -1. Retrieve the IP address of your local machine (addressable from an external machine). -1. Set up Kafka so that it informs its listener of this IP address. -1. Set up VirtualBox to redirect the connection to your local machine IP to the Minikube VM. -1. Disable your local firewall. This is particularly important on Mac OSx where the firewall is enabled by default. Or add a rule to allow remote connection to port `31090`. - -In the following procedure, replace `1.2.3.4` with the actual IP address of your local machine: - -``` -VBoxManage controlvm "minikube" natpf1 "kafka service,tcp,,31090,,31090" -helm repo add confluent https://confluentinc.github.io/cp-helm-charts -helm repo update -kubectl create ns kafka -helm install --wait --name kafka-release --namespace kafka -f configuration/easy-install-kafka.yaml --set cp-kafka.customEnv.ADVERTISED_LISTENER_HOST=1.2.3.4 confluent/cp-helm-charts -``` - -After the command completes, check the deployment status of Kafka pods with `kubectl get pods -n kafka` until all pods are running.
Click to show an example of successful completed deployment. -

- -``` -NAME READY STATUS RESTARTS AGE -kafka-release-cp-kafka-0 2/2 Running 0 108s -kafka-release-cp-zookeeper-0 2/2 Running 0 108s -``` - -

-
- ---- -**Re-installing Kafka when the external IP address changes** - -If your external IP address changes when you restart your computer, update the Kafka settings so that it correctly sends the new IP address to Kafka listeners. - -To update Kafla settings, run the following commands (replacing 2.3.4.5 with the actual new IP address of your local machine): - -``` -./ip-upgrade.sh -i 2.3.4.5 -``` - ---- -### 5. Install IBM Business Automation Insights Developer Edition - -#### 1. Add IBM Charts repository - -``` -helm repo add ibm-charts https://raw.githubusercontent.com/IBM/charts/master/repo/stable -helm repo update -``` - -#### 2. Create a security policy and a service account for Elasticsearch. - -``` -kubectl create -f configuration/bai-psp.yaml -n bai -kubectl create rolebinding bai-rolebinding --role=bai-role --serviceaccount=bai:bai-release-bai-psp-sa -n bai -``` - -#### 3. Choose the type of event processing you want to deploy. - -You can choose: `bpmn`, `bawadv`, `icm`, `odm`, `content`, or `baiw`. - -``` -EVENT_PROCESSING_TYPE= -``` - -#### 4. Deploy the bai release. - -``` -helm install ibm-charts/ibm-business-automation-insights-dev --version 3.2.0 --wait --name bai-release --namespace bai -f configuration/easy-install.yaml --set kafka.bootstrapServers=$(minikube ip):31090 --set ${EVENT_PROCESSING_TYPE}.install=true -``` - -#### 5. Verify - -- Run `kubectl get pods -n bai -w` to monitor the deployment status of bai pods. - -
    Click to show an example of successful completed deployment. -

    - -``` -$ kubectl get pods -n bai -NAME READY STATUS RESTARTS AGE -bai-release-bai-admin-6bc755fc5f-mwvl7 1/1 Running 0 36m -bai-release-bai-bpmn-bxknx 0/1 Completed 0 36m -bai-release-bai-flink-jobmanager-5bff88579b-vkhmn 1/1 Running 0 36m -bai-release-bai-flink-taskmanager-0 1/1 Running 0 36m -bai-release-bai-flink-zk-0 1/1 Running 0 36m -bai-release-bai-setup-5vrvd 0/1 Completed 0 36m -bai-release-ibm-dba-ek-client-6ccf856d5d-f7xk6 2/2 Running 0 36m -bai-release-ibm-dba-ek-data-0 1/1 Running 0 36m -bai-release-ibm-dba-ek-kibana-6f9c464574-zhxnq 2/2 Running 0 36m -bai-release-ibm-dba-ek-master-0 1/1 Running 0 36m -``` - -

    -
- -- Run `echo "https://$(minikube ip):31501"` to obtain the URL of Kibana. -- Kibana credentials are admin / passw0rd - -Note: -- Elasticsearch REST endpoint is available on port `31200`. -- The Business Automation Insights administration service is available on port `31100`. - -## Starting or stopping Minikube - -- To start Minikube: ```minikube start --cpus 2 --memory 6144``` -- To stop Minikube: ```minikube stop``` - -## Next step: configure your event emitter - -To configure your event emitter, you need the following information: - -- The **Kafka bootstrap URL**. By default, you can connect to Kafka from your host by using the bootstrap URL that is returned by this command: - - `echo $(minikube ip):31090` -- The **name of the Kafka topic** that Event Processing Jobs use to consume messages sent by event emitters: - - `bai-release-ingress` - -## Troubleshooting - -- After Minikube is restarted, the task manager is not running properly (READY: 0/1). Solution: Restart the job manager: `kubectl delete pod -n bai` - -- If your Minikube is not responsive anymore, you probably undersized it and deployed too many elements on it. It is safer to call `minikube delete` and start all over again than to try to fix separate issues. - -- If you get errors such as `Error: error validating "": error validating data: field` when you install Kafka or the Helm Chart for Business Automation Insights, use the exact Minikube and Helm versions this procedure was tested with (see [Prerequisites](#prerequisites)). - -- If, when Minikube starts, you get an error such as : ```💣 Error starting cluster: timed out waiting to elevate kube-system RBAC privileges: creating clusterrolebinding: Post https://192.168.99.110:8443/apis/rbac.authorization.k8s.io/v1beta1/clusterrolebindings?timeout=1m0s: dial tcp 192.168.99.110:8443: connect: network is unreachable```, try the following actions: - - Delete the VirtualBox "vboxnet0" network adapter and try restarting. - - Turn ```off``` your VPN. - - Restart your computer - - See [Can't use Minikube on VPN](/~https://github.com/kubernetes/minikube/issues/1099) - -- If you get errors such as `Error: release kafka-release failed: namespaces "kafka" is forbidden: User "system:serviceaccount:kube-system:default" cannot get resource "namespaces" in API group "" in the namespace "kafka"`, run the following commands to fix the issue: - - `kubectl --namespace kube-system create serviceaccount tiller` - - `kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller` - - `kubectl --namespace kube-system patch deploy tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}` - -- In case the minikube VM is stopped suddently (aborted, power off...), checkpoints might be corrupted. In this case jobmanager will keep crashing, and a `kubectl logs bai-release-bai-flink-jobmanager --namespace bai | egrep -i error.*Could not read any of the . checkpoints from storage"` will show an error. - - run [recover-minikube-bai.sh](./recover-minikube-bai.sh?raw=true) - - monitor proper pod recovery using `kubectl --namespace bai get pods -w` - - Elasticsearch data will be recovered, but the Flink state will be reset, therefore the result of the processing is likely to be lost for the last events. - -- Troubleshooting Apache Flink jobs: [Knowledge Center - Troubleshooting Apache Flink jobs](http://engtest01w.fr.eurolabs.ibm.com:9190/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.bai/topics/con_bai_troubleshoot_jobs.html) - -*** diff --git a/BAI/platform/minikube/configuration/bai-psp.yaml b/BAI/platform/minikube/configuration/bai-psp.yaml deleted file mode 100644 index 37c7e10f..00000000 --- a/BAI/platform/minikube/configuration/bai-psp.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - annotations: - kubernetes.io/description: "This policy is required to allow ibm-dba-ek pods running elasticsearch to use privileged containers" - name: bai-psp -spec: - privileged: true - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - fsGroup: - rule: RunAsAny - volumes: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: bai-role - namespace: bai -rules: - - apiGroups: - - extensions - resourceNames: - - bai-psp - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: bai-release-bai-psp-sa \ No newline at end of file diff --git a/BAI/platform/minikube/configuration/easy-install-kafka.yaml b/BAI/platform/minikube/configuration/easy-install-kafka.yaml deleted file mode 100644 index 0503d898..00000000 --- a/BAI/platform/minikube/configuration/easy-install-kafka.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# -# BAI on Minikube (easy install) - kafka values definition -# -cp-kafka: - brokers: 1 - customEnv: - ADVERTISED_LISTENER_HOST: "" - configurationOverrides: - "advertised.listeners": |- - EXTERNAL://$(ADVERTISED_LISTENER_HOST):31090 - "offsets.topic.replication.factor": 1 - nodeport: - enabled: true - heapOptions: "-Xms256M -Xmx256M" - persistence: - enabled: false - disksPerBroker: 0 - -cp-zookeeper: - servers: 1 - heapOptions: "-Xms256M -Xmx256M" - persistence: - enabled: false - -cp-schema-registry: - enabled: false -cp-kafka-rest: - enabled: false -cp-kafka-connect: - enabled: false -cp-ksql-server: - enabled: false - diff --git a/BAI/platform/minikube/configuration/easy-install.yaml b/BAI/platform/minikube/configuration/easy-install.yaml deleted file mode 100644 index b96ba5d4..00000000 --- a/BAI/platform/minikube/configuration/easy-install.yaml +++ /dev/null @@ -1,109 +0,0 @@ -# -# BAI on Minikube (easy install) - BAI values definition -# -persistence: - useDynamicProvisioning: true - -kafka: - bootstrapServers: "kafka-release-cp-kafka-headless:9092" - securityProtocol: "PLAINTEXT" - -elasticsearch: - install: true - -settings: - egress: false - ingressTopic: bai-release-ingress - serviceTopic: bai-release-service - -flink: - taskManagerHeapMemory: 400 - taskManagerMemory: 500 - taskManagerCPU: 0.5 - zookeeper: - replicas: 1 - resources: - requests: - memory: "100Mi" - cpu: "50m" - limits: - memory: "200Mi" - cpu: "200m" - -admin: - username: "admin" - password: "passw0rd" - serviceType: NodePort - externalPort: 31100 - -flinkPv: - existingClaimName: "minikube-bai-pvc" - capacity: "2Gi" - -bpmn: - install: false - -icm: - install: false - -odm: - install: false - -content: - install: false - -bawadv: - install: false - -baiw: - install: false - -ibm-dba-ek: - elasticsearch: - probeInitialDelay: 120 - data: - snapshotStorage: - enabled: false - storage: - persistent: true - useDynamicProvisioning: false - storageClass: "bai-elasticsearch-pv" - size: "1Gi" - heapSize: "392m" - resources: - limits: - memory: "640Mi" - cpu: "200m" - requests: - memory: "392Mi" - cpu: "100m" - client: - serviceType: NodePort - externalPort: 31200 - heapSize: "392m" - resources: - limits: - memory: "1000Mi" - cpu: "200m" - requests: - memory: "392Mi" - cpu: "100m" - master: - heapSize: "392m" - resources: - limits: - memory: "1000Mi" - cpu: "200m" - requests: - memory: "256Mi" - cpu: "100m" - kibana: - serviceType: NodePort - externalPort: 31501 - resources: - limits: - memory: "512Mi" - cpu: "150m" - requests: - memory: "256Mi" - cpu: "100m" diff --git a/BAI/platform/minikube/configuration/pv.yaml b/BAI/platform/minikube/configuration/pv.yaml deleted file mode 100644 index 9698509e..00000000 --- a/BAI/platform/minikube/configuration/pv.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: bai-elasticsearch-data-1 -spec: - storageClassName: "bai-elasticsearch-pv" - accessModes: - - ReadWriteOnce - capacity: - storage: 1Gi - hostPath: - path: /data/bai-elasticsearch-data-1 - persistentVolumeReclaimPolicy: Recycle ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: bai-elasticsearch-master-1 -spec: - storageClassName: "bai-elasticsearch-pv" - accessModes: - - ReadWriteOnce - capacity: - storage: 1Gi - hostPath: - path: /data/bai-elasticsearch-master-1 - persistentVolumeReclaimPolicy: Recycle ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: minikube-bai-pv -spec: - accessModes: - - ReadWriteMany - capacity: - storage: 2Gi - hostPath: - path: /data/bai - persistentVolumeReclaimPolicy: Retain - claimRef: - namespace: bai - name: minikube-bai-pvc ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: minikube-bai-pvc -spec: - storageClassName: "" - accessModes: - - ReadWriteMany - resources: - requests: - storage: 2Gi diff --git a/BAI/platform/minikube/get-logs.sh b/BAI/platform/minikube/get-logs.sh deleted file mode 100755 index d7697c4f..00000000 --- a/BAI/platform/minikube/get-logs.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash - -BAI_NAMESPACE="bai" -KAFKA_NAMESPACE="kafka" -LOG_DIR="./logs" - -echo "Creating logs directory" - -mkdir -p ${LOG_DIR} - -echo "Retrieving logs for Kafka components" -kubectl logs $(kubectl get pods -n ${KAFKA_NAMESPACE} | grep kafka-release-cp-kafka- | awk '{print $1}') cp-kafka-broker -n ${KAFKA_NAMESPACE} > ${LOG_DIR}/kafka.log -kubectl logs -p $(kubectl get pods -n ${KAFKA_NAMESPACE} | grep kafka-release-cp-kafka- | awk '{print $1}') cp-kafka-broker -n ${KAFKA_NAMESPACE} > ${LOG_DIR}/kafka.previous.log -kubectl logs $(kubectl get pods -n ${KAFKA_NAMESPACE} | grep kafka-release-cp-zookeeper- | awk '{print $1}') cp-zookeeper-server -n ${KAFKA_NAMESPACE} > ${LOG_DIR}/kafka-zookeeper.log -kubectl logs -p $(kubectl get pods -n ${KAFKA_NAMESPACE} | grep kafka-release-cp-zookeeper- | awk '{print $1}') cp-zookeeper-server -n ${KAFKA_NAMESPACE} > ${LOG_DIR}/kafka-zookeeper.previous.log - -echo "Retrieving logs for Elasticsearch components" -kubectl logs $(kubectl get pods -n ${BAI_NAMESPACE} | grep bai-release-ibm-dba-ek-master- | awk '{print $1}') -n ${BAI_NAMESPACE} > ${LOG_DIR}/elasticsearch-master.log -kubectl logs -p $(kubectl get pods -n ${BAI_NAMESPACE} | grep bai-release-ibm-dba-ek-master- | awk '{print $1}') -n ${BAI_NAMESPACE} > ${LOG_DIR}/elasticsearch-master.previous.log -kubectl logs $(kubectl get pods -n ${BAI_NAMESPACE} | grep bai-release-ibm-dba-ek-data- | awk '{print $1}') -n ${BAI_NAMESPACE} > ${LOG_DIR}/elasticsearch-data.log -kubectl logs -p $(kubectl get pods -n ${BAI_NAMESPACE} | grep bai-release-ibm-dba-ek-data- | awk '{print $1}') -n ${BAI_NAMESPACE} > ${LOG_DIR}/elasticsearch-data.previous.log -kubectl logs $(kubectl get pods -n ${BAI_NAMESPACE} | grep bai-release-ibm-dba-ek-client- | awk '{print $1}') -n ${BAI_NAMESPACE} > ${LOG_DIR}/elasticsearch-client.log -kubectl logs -p $(kubectl get pods -n ${BAI_NAMESPACE} | grep bai-release-ibm-dba-ek-client- | awk '{print $1}') -n ${BAI_NAMESPACE} > ${LOG_DIR}/elasticsearch-client.previous.log - -echo "Retrieving logs for Flink components" -kubectl logs $(kubectl get pods -n ${BAI_NAMESPACE} | grep bai-release-bai-flink-jobmanager- | awk '{print $1}') -n ${BAI_NAMESPACE} > ${LOG_DIR}/flink-jobmanager.log -kubectl logs -p $(kubectl get pods -n ${BAI_NAMESPACE} | grep bai-release-bai-flink-jobmanager- | awk '{print $1}') -n ${BAI_NAMESPACE} > ${LOG_DIR}/flink-jobmanager.previous.log -for pod in $(kubectl get pods -n bai | grep bai-release-bai-flink-taskmanager- | awk '{print $1}'); do `kubectl logs $pod -n ${BAI_NAMESPACE} > ${LOG_DIR}/${pod#bai-release-bai-}.log`; done -for pod in $(kubectl get pods -n bai | grep bai-release-bai-flink-taskmanager- | awk '{print $1}'); do `kubectl logs -p $pod -n ${BAI_NAMESPACE} > ${LOG_DIR}/${pod#bai-release-bai-}.previous.log`; done -kubectl logs $(kubectl get pods -n ${BAI_NAMESPACE} | grep bai-release-bai-flink-zk- | awk '{print $1}') -n ${BAI_NAMESPACE} > ${LOG_DIR}/flink-zookeeper.log -kubectl logs -p $(kubectl get pods -n ${BAI_NAMESPACE} | grep bai-release-bai-flink-zk- | awk '{print $1}') -n ${BAI_NAMESPACE} > ${LOG_DIR}/flink-zookeeper.previous.log diff --git a/BAI/platform/minikube/install-bai-minikube.sh b/BAI/platform/minikube/install-bai-minikube.sh deleted file mode 100755 index deac5aa0..00000000 --- a/BAI/platform/minikube/install-bai-minikube.sh +++ /dev/null @@ -1,182 +0,0 @@ -#!/bin/bash - -LVAR_SCRIPT_NAME="$(basename $0)" -LVAR_BAI_VERSION="3.2.0" -LVAR_MINIKUBE_VERSION="1.4.0" -LVAR_LOCALHOST_IP="" -LVAR_FORCE_MINIKUBE_VERSION="false" -LVAR_VM_DRIVER="" -LVAR_VBOX_NETWORKS="" -LVAR_CPUS="2" -LVAR_MEMORY="6144" - -set -e - -# Common script utilities -source ./utilities.sh - -showHelp() { - echo - echo "--------------------------------------------------------------------------" - echo "Installs a Business Automation Insights release on minikube." - echo "--------------------------------------------------------------------------" - echo "Prerequisites" - echo "These files must be present in the same directory:" - echo " - configuration/pv.yaml" - echo " - configuration/bai-psp.yaml" - echo " - configuration/easy-install-kafka.yaml" - echo " - configuration/easy-install.yaml" - echo " - install-bai-minikube.sh" - echo - echo "--------------------------------------------------------------------------" - echo "Arguments:" - echo " -e " - echo " Mandatory. The argument must have one of the following values:" - echo " - bpmn " - echo " - bawadv " - echo " - icm " - echo " - odm " - echo " - content " - echo " - baiw " - echo " -i " - echo " Optional. Needed only if the event emitter is not present on the local machine." - echo " Defaults to the value of \"minikube ip\"." - echo " -c" - echo " Optional. Specifies the number of CPU to be used (defaults to 2)." - echo " -m" - echo " Optional. Specifies the amount of memory (megabytes) to be used (defaults to 6144)." - echo " -f" - echo " Optional. Bypasses the minikube version validation." - echo - echo " -h: Displays this help." - echo - echo "Examples:" - echo - echo " ./${LVAR_SCRIPT_NAME} -e odm" - echo - echo "---------------------------------------------------------------" - exit 1 -} -echo - -disableVirtualBoxDHCP() { - # this is supposed to work on both Win10/GitBash and OSx Mojave platforms. - VBoxManage list dhcpservers > dhcpList.txt - IP_MASK=$(minikube ip | cut -d "." -f -3) - - cat dhcpList.txt | grep NetworkName > names.txt - cat dhcpList.txt | grep lowerIPAddress > ips.txt - - LVAR_MINIKUBE_NETWORK_NAME=$(awk 'BEGIN {OFS=" "}{ - getline line < "names.txt" - print $0,line - } ' ips.txt | grep "$IP_MASK" | cut -d ":" -f 3 | tr -s " " | xargs) - - rm dhcpList.txt names.txt ips.txt - VBoxManage dhcpserver modify --netname "$LVAR_MINIKUBE_NETWORK_NAME" --disable - echo "Disabled DHCP server on VirtualBox network name: "$LVAR_MINIKUBE_NETWORK_NAME"" -} - -while getopts :fhd:e:i:c:m: option; -do - case ${option} in - c) - LVAR_CPUS=$OPTARG - echo "Number of CPUs is set to ${LVAR_CPUS} units" - ;; - m) - LVAR_MEMORY=$OPTARG - echo "Amount of memory is set to ${LVAR_MEMORY} megabytes" - ;; - e) - EVENT_PROCESSING_TYPE=$OPTARG - echo "Event processing is for ${EVENT_PROCESSING_TYPE}" - ;; - h) - showHelp - ;; - i) - LVAR_LOCALHOST_IP=$OPTARG - checkValidIP $LVAR_LOCALHOST_IP - echo "Local machine IP address: $LVAR_LOCALHOST_IP" - ;; - f) - LVAR_FORCE_MINIKUBE_VERSION="true" - ;; - d) - LVAR_VM_DRIVER=$OPTARG - echo "Use vm driver: ${LVAR_VM_DRIVER}" - ;; - \?) - echo "Invalid option: -${OPTARG}" - exit 1 - ;; - esac -done -echo - -if [ -z "${EVENT_PROCESSING_TYPE}" ]; then - echo "ERROR: You must provide an event type to process...." - showHelp -fi - -if [ "${EVENT_PROCESSING_TYPE}" != "odm" -a "${EVENT_PROCESSING_TYPE}" != "icm" -a "${EVENT_PROCESSING_TYPE}" != "bpmn" -a "${EVENT_PROCESSING_TYPE}" != "bawadv" -a "${EVENT_PROCESSING_TYPE}" != "content" -a "${EVENT_PROCESSING_TYPE}" != "baiw" ]; then - echo "ERROR: This event type is invalid and cannot be processed: ${EVENT_PROCESSING_TYPE}" - showHelp -fi - -checkFileExist "./configuration/pv.yaml" -checkFileExist "./configuration/bai-psp.yaml" -checkFileExist "./configuration/easy-install-kafka.yaml" -checkFileExist "./configuration/easy-install.yaml" -checkFileExist "./install-bai-minikube.sh" -checkFileExist "./install-bai.sh" - -if [ "$LVAR_FORCE_MINIKUBE_VERSION" == "false" ]; then - echo "Checking the minikube version." - if echo "$(minikube version)" | grep "$LVAR_MINIKUBE_VERSION" > /dev/null; then - echo "The minikube version is correct." - else - echo "The minikube version is NOT correct. Only version $LVAR_MINIKUBE_VERSION is supported. Exiting." - echo "If you wish to skip this check, use the -f option." - exit 1 - fi -else - echo "You have chosen to use an unchecked version of minikube." -fi - -echo "Creating the minikube machine" - -if [ ! -z "$LVAR_VM_DRIVER" ]; then - MINIKUBE_OPTS=" --vm-driver $LVAR_VM_DRIVER" -fi - -# Using minikube version 1.4.0 concurrently with a version of Kubernetes higher than 1.15.4 exposes to -# /~https://github.com/kubernetes/minikube/issues/5429 related to kubernetes apiVersion update. -# Also due to previous versions reported to hang with macOS Catalina, minikube v1.4.0 becomes the recommended version. -minikube $MINIKUBE_OPTS start --cpus ${LVAR_CPUS} --memory ${LVAR_MEMORY} --kubernetes-version=v1.15.4 - -minikube docker-env --shell bash -eval $(minikube docker-env --shell bash) - -# setting kafka communication address -if [ -z "$LVAR_LOCALHOST_IP" ]; then - LVAR_LOCALHOST_IP="$(minikube ip)" -fi - - -minikube ssh "sudo mkdir -p /data/bai" -minikube ssh "sudo mkdir -p /data/bai-elasticsearch-data-1" -minikube ssh "sudo mkdir -p /data/bai-elasticsearch-master-1" -minikube ssh "sudo chmod -R 777 /data" - -if command -v VBoxManage; then - echo "Opening the Kafka communication port" - VBoxManage controlvm "minikube" natpf1 "kafka service,tcp,,31090,,31090" - disableVirtualBoxDHCP -else - echo "Warning: VirtualBox does not exist. The Kafka communication port cannot be opened." - echo "The event emitter must be hosted locally." -fi - -./install-bai.sh -e "$EVENT_PROCESSING_TYPE" -i "$(minikube ip)" -j "$LVAR_LOCALHOST_IP" -p ./configuration/pv.yaml -s ./configuration/bai-psp.yaml -k ./configuration/easy-install-kafka.yaml -b ./configuration/easy-install.yaml diff --git a/BAI/platform/minikube/install-bai.sh b/BAI/platform/minikube/install-bai.sh deleted file mode 100755 index ca5654da..00000000 --- a/BAI/platform/minikube/install-bai.sh +++ /dev/null @@ -1,171 +0,0 @@ -#!/bin/bash - - -LVAR_SCRIPT_NAME="$(basename $0)" -LVAR_EMITTER_IP="" -LVAR_KAFKA_IP="" -LVAR_PV_YAML="" -LVAR_KAFKA_YAML="" -LVAR_BAI_YAML="" -LVAR_PSP_YAML="" -LVAR_CONFIG_MAP_YAML="" - -set -e - -# Common script utilities -source ./utilities.sh - -showHelp() { - echo - echo "--------------------------------------------------------------------------" - echo "Installs a Business Automation Insights release." - echo "--------------------------------------------------------------------------" - echo "Prerequisites" - echo "These files must be present in the same directory:" - echo " - A YAML file that defines the persistent volumes" - echo " - Optionally, a YAML file for Business Automation Insights ConfigMaps" - echo " - A YAML file that defines the pod security policy" - echo " - A YAML file for the Kafka installation" - echo " - A YAML file for the Business Automation Insights installation" - echo - echo "--------------------------------------------------------------------------" - echo "Arguments:" - echo " -e " - echo " Mandatory. The argument must have one of the following values:" - echo " - bpmn " - echo " - bawadv " - echo " - icm " - echo " - odm " - echo " - baiw " - echo " -p Mandatory. " - echo " -s Mandatory. " - echo " -k Mandatory. " - echo " -b Mandatory. " - echo " -i Mandatory. " - echo " -j Mandatory. " - echo " -c Optional. " - echo - echo " -h" - echo " Displays this help." - echo - echo "Example:" - echo - echo " ./${LVAR_SCRIPT_NAME} -e odm -i 9.x.x.x -j 9.x.x.x -p ./pv.yaml -c ./bai-configmap.yaml -s ./bai-psp.yaml -k ./easy-install-kafka.yaml -b ./easy-install.yaml" - echo - echo "---------------------------------------------------------------" - exit 1 -} -echo - -while getopts :e:p:k:b:c:s:i:j:h option; -do - case ${option} in - e) - EVENT_PROCESSING_TYPE=$OPTARG - echo "Event processing is for ${EVENT_PROCESSING_TYPE}" - ;; - p) - LVAR_PV_YAML=$OPTARG - checkFileExist "$LVAR_PV_YAML" - ;; - k) - LVAR_KAFKA_YAML=$OPTARG - checkFileExist "$LVAR_KAFKA_YAML" - ;; - b) - LVAR_BAI_YAML=$OPTARG - checkFileExist "$LVAR_BAI_YAML" - ;; - c) - LVAR_CONFIG_MAP_YAML=$OPTARG - checkFileExist "$LVAR_CONFIG_MAP_YAML" - ;; - s) - LVAR_PSP_YAML=$OPTARG - checkFileExist "$LVAR_PSP_YAML" - ;; - i) - LVAR_EMITTER_IP=$OPTARG - checkValidIP $LVAR_EMITTER_IP - echo "Event emitter IP address: $LVAR_EMITTER_IP" - ;; - j) - LVAR_KAFKA_IP=$OPTARG - checkValidIP $LVAR_KAFKA_IP - echo "Kafka bootstrap server IP address: $LVAR_KAFKA_IP" - ;; - h) - showHelp - ;; - \?) - echo "Invalid option: -${OPTARG}" - exit 1 - ;; - esac -done -echo - -if [ -z "${EVENT_PROCESSING_TYPE}" ]; then - echo "ERROR: You must provide an event type to process...." - showHelp -fi -if [ -z "${LVAR_PV_YAML}" ]; then - echo "ERROR: You must provide a configuration file for persistent volumes ...." - showHelp -fi -if [ -z "${LVAR_KAFKA_YAML}" ]; then - echo "ERROR: You must provide a Kafka configuration file...." - showHelp -fi -if [ -z "${LVAR_BAI_YAML}" ]; then - echo "ERROR: You must provide a configuration file for Business Automation Insights...." - showHelp -fi -if [ -z "${LVAR_PSP_YAML}" ]; then - echo "ERROR: You must provide a configuration file for the pod security policy...." - showHelp -fi -if [ -z "${LVAR_EMITTER_IP}" ]; then - echo "ERROR: You must provide the IP address of the event emitter host...." - showHelp -fi -if [ -z "${LVAR_KAFKA_IP}" ]; then - echo "ERROR: You must provide the IP address of the Kafka host...." - showHelp -fi -if [ ! -z "${LVAR_CONFIG_MAP_YAML}" ] && [ ! -f "${LVAR_CONFIG_MAP_YAML}" ]; then - echo "ERROR: The ConfigMap file ${LVAR_CONFIG_MAP_YAML} cannot be found...." - showHelp -fi - -echo "Creating the Business Automation Insights namespace" -kubectl create ns bai - -echo "Creating persistent volumes" -kubectl apply -f "$LVAR_PV_YAML" -n bai - -echo "Initializing helm " -helm init --wait -helm repo add confluent https://confluentinc.github.io/cp-helm-charts -helm repo add ibm-charts https://raw.githubusercontent.com/IBM/charts/master/repo/stable -helm repo update - -echo "Creating the Kafka namespace" -kubectl create ns kafka - -echo "Tiller is $(which tiller)" -echo "Installing Kafka" -# due to /~https://github.com/helm/helm/issues/3173 and others, adding a timeout argument... -helm install --wait --timeout 999999 --name kafka-release --namespace kafka -f "$LVAR_KAFKA_YAML" --set cp-kafka.customEnv.ADVERTISED_LISTENER_HOST=$(echo $LVAR_EMITTER_IP) confluent/cp-helm-charts - -if [ ! -z "$LVAR_CONFIG_MAP_YAML" ]; then - cp "$LVAR_CONFIG_MAP_YAML" charts/ibm-business-automation-insights-dev/templates -fi - - -echo "Creating a security policy and a service account for Elasticsearch" -kubectl create -f "$LVAR_PSP_YAML" -n bai -kubectl create rolebinding bai-rolebinding --role=bai-role --serviceaccount=bai:bai-release-bai-psp-sa -n bai - -echo "Installing Business Automation Insights" -helm install ibm-charts/ibm-business-automation-insights-dev --version 3.2.0 --wait --timeout 999999 --name bai-release --namespace bai -f "$LVAR_BAI_YAML" --set kafka.bootstrapServers=$(echo $LVAR_KAFKA_IP):31090 --set ${EVENT_PROCESSING_TYPE}.install=true diff --git a/BAI/platform/minikube/ip-update.sh b/BAI/platform/minikube/ip-update.sh deleted file mode 100755 index 56557c62..00000000 --- a/BAI/platform/minikube/ip-update.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash - -LVAR_SCRIPT_NAME="$(basename $0)" -LVAR_BAI_VERSION="3.2.0" -LVAR_LOCALHOST_IP="" - -set -e - -# Common script utilities -source ./utilities.sh - -showHelp() { - echo - echo "--------------------------------------------------------------------------" - echo "Update a Kafka release on minikube to advertise a new IP address." - echo "--------------------------------------------------------------------------" - echo "Prerequisites" - echo "These files must be present in the same directory:" - echo " - configuration/easy-install-kafka.yaml" - echo - echo "--------------------------------------------------------------------------" - echo "Arguments:" - echo " -i " - echo " Mandatory. The remote IP address of your computer" - echo - echo " -h" - echo " Displays this help." - echo - echo "Examples:" - echo - echo " ./${LVAR_SCRIPT_NAME} -i 1.2.3.4" - echo - echo "---------------------------------------------------------------" - exit 1 -} -echo - -while getopts hi: option; -do - case ${option} in - i) - LVAR_LOCALHOST_IP=$OPTARG - checkValidIP $LVAR_LOCALHOST_IP - echo "Local machine IP address: $LVAR_LOCALHOST_IP" - ;; - h) - showHelp - ;; - \?) - echo "Invalid option: -${OPTARG}" - exit 1 - ;; - esac -done -echo - -if [ -z "${LVAR_LOCALHOST_IP}" ]; then - echo "ERROR: You must provide the external IP address of your computer...." - showHelp -fi - -checkFileExist "./configuration/easy-install-kafka.yaml" - -echo "Initializing helm " -helm init --wait - -echo "Tiller is $(which tiller)" - -echo "Upgrading the Kafka installation with new IP address ${LVAR_LOCALHOST_IP}" -helm upgrade --wait --timeout 999999 --namespace kafka -f configuration/easy-install-kafka.yaml --set cp-kafka.customEnv.ADVERTISED_LISTENER_HOST=${LVAR_LOCALHOST_IP} kafka-release confluent/cp-helm-charts diff --git a/BAI/platform/minikube/recover-minikube-bai.sh b/BAI/platform/minikube/recover-minikube-bai.sh deleted file mode 100755 index eebee431..00000000 --- a/BAI/platform/minikube/recover-minikube-bai.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash - -set -e - -echo This script is designed to recover an IBM Business Automation Insights cluster on minikube if persisted checkpoints are corrupted, typically in case of virtual machine sudden stop. -echo WARNING: Elasticsearch data will be recovered, but the Flink state will be reset, therefore the result of the processing is likely to be lost for the last events. - -if [ `which jq | wc -l` == "0" ] - then - echo ERROR: jq is required to run this script, please install it on your system: https://stedolan.github.io/jq/ - exit 1 -fi - -echo "Backing up previous flink data in /data/bai.saved..." -minikube ssh "sudo cp -r /data/bai/ /data/bai.saved" - -echo "Removing flink related content..." -minikube ssh "sudo rm -rf /data/bai/checkpoints/*" -minikube ssh "sudo rm -rf /data/bai/recovery/*" -minikube ssh "sudo rm -rf /data/bai/savepoints/*" -minikube ssh "sudo rm -rf /data/bai/flink-zookeeper/*" - -echo "Restarting jobmanager and zookeeper pods..." -JOB_MANAGER_POD=`kubectl get pods -n bai | egrep jobmanager | awk '{print $1}'` -ZK_POD=`kubectl get pods -n bai | egrep flink-zk | awk '{print $1}'` -kubectl delete pod $JOB_MANAGER_POD -n bai -kubectl delete pod $ZK_POD -n bai - -PILLAR_LIST=`kubectl get pods -n bai | grep -v "dba" | grep -v flink | grep -v admin | grep -v setup | grep bai | cut -d " " -f 1 | cut -d "-" -f -4 | sort -u` - -for p in $PILLAR_LIST -do - echo "Restarting pillar job $p..." - kubectl get job $p -o json -n bai | jq 'del(.spec.selector)' | jq 'del(.spec.template.metadata.labels)' | kubectl replace --force -f - -done diff --git a/BAI/platform/minikube/utilities.sh b/BAI/platform/minikube/utilities.sh deleted file mode 100644 index 93c7a9a5..00000000 --- a/BAI/platform/minikube/utilities.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/bash - -checkFileExist() { - if [ ! -f "$1" ]; then - echo "ERROR: The $1 file must be present." - exit 1 - fi -} - -checkValidIP() { - -# first testing IPV4 format - test='([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])' - - if [[ $1 =~ ^$test\.$test\.$test\.$test$ ]] - then - echo "IP v4 is $1" - ret=0 - else - echo "$1 is not a valid IP v4, checking for IP v6." - checkValidIPV6 $1 - fi - return $ret -} - -checkValidIPV6() { - ipv6reg='^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}$' - var="$1" - - if [[ $var =~ $ipv6reg ]]; then - echo "IP v6 is $1" - ret=0 - else - echo "$1 is not a valid IP v6, exiting." - ret=1 - fi - return $ret -} -LVAR_BAI_VERSION="3.2.0" -LVAR_SPRINT_VERSION="dev" -LVAR_BAI_IMAGES_SPRINT="ibm-bai-dev-$LVAR_BAI_VERSION-$LVAR_SPRINT_VERSION.tar.gz" -LVAR_BAI_IMAGES="ibm-bai-dev-$LVAR_BAI_VERSION-dev.tar.gz" -LVAR_BAI_CHARTS_SPRINT="charts/ibm-business-automation-insights-dev-$LVAR_BAI_VERSION-$LVAR_SPRINT_VERSION.tgz" -LVAR_BAI_CHARTS="charts/ibm-business-automation-insights-dev-$LVAR_BAI_VERSION.tgz" - -expand-BAI-Charts() { - # moving sprint charts into regular charts - if [ -f "$LVAR_BAI_CHARTS_SPRINT" ]; then - mv "$LVAR_BAI_CHARTS_SPRINT" "$LVAR_BAI_CHARTS" - fi - tar xvf "$LVAR_BAI_CHARTS" -C charts/ -} - - -# moving sprint images into regular images -if [ -f "$LVAR_BAI_IMAGES_SPRINT" ]; then - mv "$LVAR_BAI_IMAGES_SPRINT" "$LVAR_BAI_IMAGES" -fi - diff --git a/BAN/README_config.md b/BAN/README_config.md new file mode 100644 index 00000000..341d0232 --- /dev/null +++ b/BAN/README_config.md @@ -0,0 +1,146 @@ +# Configuring IBM Business Automation Navigator 3.0.7 + +IBM Business Automation Navigator configuration settings are recorded and stored in the shared YAML file for operator deployment. After you prepare your environment, you add the values for your configuration settings to the YAML so that the operator can deploy your containers to match your environment. + +## Requirements and prerequisites + +Confirm that you have completed the following tasks to prepare to deploy your Business Automation Navigator images: + +- Prepare your Business Automation Navigator environment. These procedures include setting up databases, LDAP, storage, and configuration files that are required for use and operation. You must complete all of the [preparation steps for Business Automation Navigator](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_prepare_bank8s.html) before you are ready to deploy the container images. Collect the values for these environment components; you use them to configure your Business Automation Navigator container deployment. + +- Prepare your container environment. See [Preparing to install automation containers on Kubernetes](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/welcome/com.ibm.dba.install/op_topics/tsk_prepare_env_k8s.html) + +> **Note**: If you plan to use UMS integration with Business Automation Navigator, note that you might encounter registration failure errors during deployment. This can happen if the UMS deployment is not ready by the time the other containers come up. The situation resolves in the next operator loop, so the errors can be ignored. + +## Prepare your security environment + +You must also create a secret for the security details of the LDAP directory and datasources that you configured in preparation for use with IBM Business Automation Navigator. Collect the users, password to add to the secret. Using your values, run the following command: + + ``` +kubectl create secret generic ibm-ban-secret \ +   --from-literal=navigatorDBUsername="user_name" +   --from-literal=navigatorDBPassword="xxxxxxx" \ +   --from-literal=ldapUsername="CN=CEAdmin,OU=Shared,OU=Engineering,OU=FileNet,DC=dockerdom,DC=ecm,DC=ibm,DC=com" + --from-literal=ldapPassword="xxxxxxx" \ +   --from-literal=externalLdapUsername="cn=exUser1,ou=test1OU,dc=fncmad,dc=com" --from-literal=externalLdapPassword="xxxxxxx=" \ +   --from-literal=keystorePassword="xxxxxxx" \ +   --from-literal=ltpaPassword="xxxxxxx" \ + --from-literal=appLoginUsername=“user_name” + --from-literal=appLoginPassword=“xxxxxxx” + + ``` +The secret you create is the value for the parameter `ban_secret_name`. + +### Root CA and trusted certificate list + + The custom YAML file also requires values for the `root_ca_secret` and `trusted_certificate_list` parameters. The TLS secret contains the root CA's key value pair. You have the following choices for the root CA: + - You can generate a self-signed root CA + - You can allow the operator (or ROOTCA ansible role) to generate the secret with a self-signed root CA (by not specifying one) + - You can use a signed root CA. In this case, you create a secret that contains the root CA's key value pair in advance. + + The list of the trusted certificate secrets can be a TLS secret or an opaque secret. An opaque secret must contain a tls.crt file for the trusted certificate. The TLS secret has a tls.key file as the private key. + +### Apply the Security Context Contstraints + +Apply the required Security Context Constraints (SCC) by applying the [SCC YAML](../descriptors/scc-fncm.yaml) file. + + ```bash + $ oc apply -f descriptors/scc-fncm.yaml + ``` + + > **Note**: `fsGroup` and `supplementalGroups` are `RunAsAny` and `runAsUser` is `MustRunAsRange`. + + +## Customize the YAML file for your deployment + +All of the configuration values for the components that you want to deploy are included in the [ibm_cp4a_cr_template.yaml](../descriptors/ibm_cp4a_cr_template.yaml) file. Create a copy of this file on the system that you prepared for your container environment, for example `my_ibm_cp4a_cr_template.yaml`. + +The custom YAML file includes the following sections that apply for all of the components: +- shared_configuration - Specify your deployment and your overall security information. +- ldap_configuration - Specify the directory service provider information for all components in this common section. +- datasource configuration - Specify the database information for all components in this common section. +- monitoring_configuration - Optional for deployments where you want to enable monitoring. +- logging_configuration - Optional for deployments where you want to enable logging. + +After the shared section, the YAML includes a section of parameters for each of the available components. If you plan to include a component in your deployment, you un-comment the parameters for that component and update the values. For some parameters, the default values are sufficient. For other parameters, you must supply values that correspond to your specific environment or deployment needs. + +The optional initialize_configuration and verify_configuration section includes values for a set of automatic set up steps for your IBM Business Automation Navigator deployment. + +If you want to exclude any components from your deployment, leave the section for that component and all related parameters commented out in the YAML file. + +A description of the configuration parameters is available in [Configuration reference for operators](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_ban_opparams.html) + +Use the information in the following sections to record the configuration settings for the components that you want to deploy. + +- [Shared configuration settings](README_config.md#shared-configuration-settings) +- [Business Automation Navigator settings](README_config.md#business-automation-navigator-settings) +- [Initialization settings](README_config.md#initialization-settings) +- [Verification settings](README_config.md#verification-settings) + +### Shared configuration settings + +Un-comment and update the values for the shared configuration, LDAP, datasource, monitoring, and logging parameters, as applicable. + +Use the secrets that you created in Preparing your security environment for the `root_ca_secret` and `trusted_certificate_list` values. + +> **Reminder**: If you plan to use External Share with the 2 LDAP model for configuring external users, update the LDAP values in the `ext_ldap_configuration` section of the YAML file with the information about the directory server that you configured for external users. If you are not using external share, leave this section commented out. + +For more information about the shared parameters, see the following topics: + +- [Shared parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_cm_opsharedparams.html) +- [LDAP parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_k8s_ldap.html) +- [Datasource parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_cm_dbparams.html) +- [Monitoring parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_cm_opmonparams.html) + + +### Business Automation Navigator settings + +Use the `navigator_configuration` section of the custom YAML to provide values for the configuration of Business Automation Navigator. You provide details for configuration settings that you have already created, like the names of your persistent volume claims. You also provide names for pieces of your Business Automation Navigator environment, and tuning decisions for your runtime environment. + +In the Business Automation Navigator section, leave the `enable_appcues` setting with the default value, false. + +For more information about the settings, see [Business Automation Navigator parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_ban_opparams.html) + +### Initialization settings + +Use the `initialize_configuration` section of the custom YAML to provide values for the automatic initialization and setup of Content Platform Engine and Business Automation Navigator. The initialization container creates required configuration of IBM Business Automation Navigator. You also make decisions for your runtime environment. + +> **Important**: Do not enable initialization for your operator deployment if you plan to integrate UMS with Content Platform Engine or Business Automation Navigator. In this use case, you must manually create your Content Platform Engine domain, object stores, repositories, and desktops after deployment. If you are integrating UMS with Content Platform Engine and Business Automation Navigator, leave the `initialize_configuration` section commented out. + +You can edit the YAML to configure more than one of the available pieces in your automatically initialized environment. For example, if you want to create an additional Business Automation Navigator repository, you copy the stanza for the repository settings, paste it below the original, and add the new values for your additional repository: + + ``` +# icn_repos: + # - add_repo_id: "demo_repo1" + # add_repo_ce_wsi_url: "http://{{ meta.name }}-cpe-svc:9080/wsi/FNCEWS40MTOM/" + # add_repo_os_sym_name: "OS01" + # add_repo_os_dis_name: "OS01" + # add_repo_workflow_enable: false + # add_repo_work_conn_pnt: "pe_conn_os1:1" + # add_repo_protocol: "FileNetP8WSI" + + ``` + +You can create additional object stores, Content Search Services indexes, IBM Content Navigator repositories, and IBM Content Navigator desktops. + +For more information about the settings, see [Initialization parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_cm_opinitiparams.html) + +### Verification settings + +Use the `verify_configuration` section of the custom YAML to provide values for the automatic verification of your Content Platform Engine and IBM Content Navigator. The verify container works in conjunction with the automatic setup of the initialize container. You can accept most of the default settings for the verification. However, compare the settings with the values that you supply for the initialization settings. Specific settings like object store names and the Content Platform Engine connection point must match between these two configuration sections. + +For more information about the settings, see [Verify parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_cm_opverifyparams.html) + +## Complete the installation + +After you have set all of the parameters for the relevant components, return to to the install or update page for your platform to configure other components and complete the deployment with the operator. + +Install pages: + - [Installing on Managed Red Hat OpenShift on IBM Cloud Public](../platform/roks/install.md) + - [Installing on Red Hat OpenShift](../platform/ocp/install.md) + - [Installing on Certified Kubernetes](../platform/k8s/install.md) + +Update pages: + - [Updating on Managed Red Hat OpenShift on IBM Cloud Public](../platform/roks/update.md) + - [Updating on Red Hat OpenShift](../platform/ocp/update.md) + - [Updating on Certified Kubernetes](../platform/k8s/update.md) diff --git a/BAN/README_migrate.md b/BAN/README_migrate.md new file mode 100644 index 00000000..f563a6ed --- /dev/null +++ b/BAN/README_migrate.md @@ -0,0 +1,22 @@ +# Migrating Business Automation Navigator 3.0.x to V3.0.7 + +Because of the change in the container deployment method, there is no upgrade path for previous versions of Business Automation Navigator to V3.0.7. + +To move a V3.0.x installation to V3.0.7, you prepare your environment and deploy the operator the same way you would for a new installation. The difference is that you use the configuration values for your previously configured environment, including datasource, LDAP, storage volumes, etc. when you customize your deployment YAML file. + +Optionally, to protect your production deployment, you can create a replica of your data and use that datasource information for the operator deployment to test your migration. In this option, you follow the instructions for a new deployment. + + +## Step 1: Collect parameter values from your existing deployment + +You can use the reference topics in the [Cloud Pak for Automation Knowldege Center](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_ban_opparams.html) to see the parameters that apply for your components and shared configuration. + +You will use the values for your existing deployment to update the custom YAML file for the new operator deployment. For more information, see [Configure Business Automation Navigator](README_config.md). + +> **Note**: When you are ready to deploy the V3.0.7 version of your Business Automation Navigator container, stop your previous container. + +## Step 2: Return to the platform readme to migrate other components + +- [Managed OpenShift migrate page](../platform/roks/migrate.md) +- [OpenShift migrate page](../platform/ocp/migrate.md) +- [Kubernetes migrate page](../platform/k8s/migrate.md) diff --git a/BAI/configuration/.gitkeep b/BAN/configuration/.gitkeep similarity index 100% rename from BAI/configuration/.gitkeep rename to BAN/configuration/.gitkeep diff --git a/CONTENT/configuration/extShare/configDropins/overrides/ICNDS.xml b/BAN/configuration/ICN/configDropins/overrides/ICNDS.xml similarity index 100% rename from CONTENT/configuration/extShare/configDropins/overrides/ICNDS.xml rename to BAN/configuration/ICN/configDropins/overrides/ICNDS.xml diff --git a/NAVIGATOR/configuration/ICN/configDropins/overrides/ICNDS_HADR.xml b/BAN/configuration/ICN/configDropins/overrides/ICNDS_HADR.xml similarity index 100% rename from NAVIGATOR/configuration/ICN/configDropins/overrides/ICNDS_HADR.xml rename to BAN/configuration/ICN/configDropins/overrides/ICNDS_HADR.xml diff --git a/CONTENT/configuration/extShare/configDropins/overrides/ICNDS_Oracle.xml b/BAN/configuration/ICN/configDropins/overrides/ICNDS_Oracle.xml similarity index 100% rename from CONTENT/configuration/extShare/configDropins/overrides/ICNDS_Oracle.xml rename to BAN/configuration/ICN/configDropins/overrides/ICNDS_Oracle.xml diff --git a/BAS/README.md b/BAS/README.md deleted file mode 100644 index 654d208d..00000000 --- a/BAS/README.md +++ /dev/null @@ -1,568 +0,0 @@ -# IBM-DBA-BAS-PROD - -IBM Business Automation Studio - -## Introduction - -This Business Automation Studio Helm chart deploys an IBM Business Automation Studio environment for authoring and managing applications (apps) for the IBM Cloud Pak for Automation platform. - -## Chart Details - -This chart deploys several services and components. - -In the standard configuration, it includes these components: - -* IBM Resource Registry component -* IBM Business Automation Application Engine (App Engine) component -* IBM Business Automation Studio component - -To support those components for a standard installation, it generates: - -* 4 ConfigMaps that manage the configuration of Business Automation Studio server -* 2 deployments running the Business Automation Studio server -* 1 StatefulSet running Resource Registry -* 4 or more jobs for Business Automation Studio and Resource Registry -* 3 service accounts with related roles and role bindings -* 3 secrets to get access during chart installation -* 5 services to route the traffic to Business Automation Studio server - -## Prerequisites - - * [Red Hat OpenShift 3.11](https://docs.openshift.com/container-platform/3.11/welcome/index.html) or later - * [Helm and Tiller 2.9.1](/~https://github.com/helm/helm/releases) or later if you are [using Helm Charts](#using-helm-charts) to deploy your container images - * [Cert Manager 0.8.0](https://cert-manager.readthedocs.io/en/latest/getting-started/install/openshift.html) or later if you want to use Cert Manager to create the Transport Layer Security (TLS) key and certificate secrets. Otherwise, you can use Secure Sockets Layer (SSL) tools to create the TLS key and certificate secrets. - * [IBM DB2 11.1.2.2](https://www.ibm.com/products/db2-database) or later - * [IBM Cloud Pack For Automation - User Management Service (UMS)](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.offerings/topics/con_ums.html) - * Persistent volume support - -### Preparing the environment - -1. Log in to OC (the OpenShift command line interface (CLI)) by running the following command. You are prompted for the password. - - ``` - oc login -u - ``` - -2. Create a project (namespace) for Business Automation Studio by running the following command: - - ``` - oc new-project - ``` - -3. Save and exit. - -4. To deploy the service account, role, and role binding successfully, assign the administrator role to the user for this namespace by running the following command: - - ``` - oc project - oc adm policy add-role-to-user admin - ``` - -5. If you want to operate persistent volumes (PVs), you must have the storage-admin cluster role, because PVs are a cluster resource in OpenShift. Add the role by running the following command: - - ``` - oc adm policy add-cluster-role-to-user storage-admin - ``` - -### Uploading the images - -Upload the Business Automation Studio images to the Docker registry of the Kubernetes cluster. See [Download a product package from PPA and load the images](https://github.ibm.com/dba/cert-kubernetes/blob/master/README.md#download-ppa-and-load-images). - -### Generating the database script and YAML files - -Use the [Business Application Studio platform Helm installation helper script](configuration) to generate the database script and YAML files for your environment. Follow the instructions in the [readme](configuration/README.md) for the following requirements: - -* Setting up the database for App Engine and Business Automation Studio -* Protecting sensitive configuration data -* Setting up the TLS key and certificate secrets -* Setting the service type - -If you don't want to use the helper script, you can create your own secrets and service type by following the instructions in the [Knowledge Center](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/welcome/kc_welcome_dba_distrib.html). - - -#### Notes -* Image pull secret: The script does not generate the image pull secret. You can follow the instructions in [Configuring the secret for pulling Docker images](#configuring-the-secret-for-pulling-docker-image) to create your own. -* Storage: The script does not generate a YAML file for persistent volumes. You can follow the instructions in [Implementing storage](#implementing-storage) to create your own perstent volumes. -* UMS-related configuration and TLS certificates: You must do this configuration if you have an existing UMS that is in a different namespace from the Business Automation Studio Helm chart. - -### Preparing UMS-related configuration and TLS certificates (optional) - -If you have an existing UMS that is in a different namespace from the Business Automation Studio Helm chart, follow these steps. - -If the UMS certificate is not signed by the same root CA, you must add the root CA as trusted instead of the UMS certificate. You should first get the root CA which is used to sign the UMS, and then save it to a certificate named like `ums-cert.crt`, then create the secret by running the following command: - - - kubectl create secret generic ca-tls-secret --from-file=tls.crt=./ums-cert.crt - - -You will get a secret named ca-tls-secret. Enter this secret value in every TLS section for Business Automation Studio, Resource Registry, and App Engine that is listed in [Configuration](#configuration). If you use [Business Application Studio platform Helm installation helper script](configuration) to set up Business Automation Studio, you can enter this secret value in [`ums.tlsSecretName`](configuration). The components will trust this certificate and communicate with UMS successfully. - - ``` - tls: - tlsSecretName: - tlsTrustList: - - ca-tls-secret - ``` - -### Configuring the secret for pulling Docker images - -If you're pulling Docker images from a private registry, you must provide a secret containing credentials for it. For instructions, see the [Kubernetes information about private registries](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line). - -This command can be used for one repository only. If your Docker images come from different repositories, you can create multiple image pull secrets and add the names in global.imagePullSecrets. Or, you can create secrets by using the custom Docker configuration file. - -The following sample shows the Docker auth file `config.json`: - -``` -{ - "auths": { - "url1.xx.xx.xx.xx": { - "auth": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx" - }, - "url2.xx.xx.xx.xx": { - "auth": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx" - }, - "url3.xx.xx.xx.xx": { - "auth": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx" - }, - "url4.xx.xx.xx.xx": { - "auth": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx" - } - } -} -``` - -The key under auths is the link to the Docker repository, and the value inside that repository name is the authentication string that is used for that repository. You can create the auth string with base64 by running the following command: - -``` - # echo -n : | base64 -``` - -You can replace the auth string by running the previous command with your config.json file. Then, create the image pull secret by running the following command: - -``` - kubectl create secret generic image-pull-secret --from-file=.dockerconfigjson= --type=kubernetes.io/dockerconfigjson -``` - -## Implementing storage - -This chart requires an existing persistent volume of any type. The minimum supported size is 1GB. Additionally, a persistent volume claim must be created and referenced in the configuration. - -### Persistent volume for JDBC Drivers (optional) - -If you don't create this persistent volume and related claim, leave `global.existingClaimName` empty and set `appengine.useCustomJDBCDrivers` to `false`. - -The persistent volume should be shareable by pods across the whole cluster. For a single-node Kubernetes cluster, you can use HostPath to create it. For multiple nodes in a cluster, use shareable storage, such as NFS or GlusterFS, for the persistent volume. It must be passed in the values.yaml files (see the global.existingClaimName property in the configuration). - -The following example shows the HostPath type of persistent volume. - -```yaml -kind: PersistentVolume -apiVersion: v1 -metadata: - name: jdbc-pv-volume - labels: - type: local -spec: - storageClassName: manual - capacity: - storage: 2Gi - accessModes: - - ReadWriteMany - hostPath: - path: "/mnt/data" -``` - -The following example shows the NFS type of persistent volume. - -```yaml -kind: PersistentVolume -apiVersion: v1 -metadata: - name: jdbc-pv-volume - labels: - type: nfs -spec: - storageClassName: manual - capacity: - storage: 2Gi - accessModes: - - ReadWriteMany - nfs: - path: /tmp - server: 172.17.0.2 -``` - -After you create a persistent volume, you can create a persistent volume claim to bind the correct persistent volume with the selector. Or, if you are using GlusterFS with dynamic allocation, create the persistent volume claim with the correct storageClassName to allow the persistent volume to be created automatically. - -The following example shows a persistent volume claim. - -```yaml -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: jdbc-pvc -spec: - storageClassName: manual - accessModes: - - ReadWriteMany - resources: - requests: - storage: 2Gi -``` - -The mounted directory must contain a jdbc sub-directory, which in turn holds subdirectories with the required JDBC driver files. Add the following structure to the mounted directory (which in this case is called binaries): - -``` -/binaries - /jdbc - /db2 - /db2jcc4.jar - /db2jcc_license_cu.jar -``` - -The /jdbc folder and its contents depend on the configuration. Copy the JDBC driver files to the mounted directory as shown in the previous example. Make sure those files have the correct access. IBM Cloud Pak for Automation products on OpenShift use an arbitrary UID to run the applications, so make sure those files have read access for root(0) group. Enter the persistent volume claim name in the `global.existingClaimName`field. - -### Persistent volume for etcd data for Resource Registry (optional) - -Without a persistent volume, the Resource Registry cluster might be broken during pod relocation. -If you don't need data persistence for Resource Registry, you can skip this section by setting resourceRegistry.persistence.enabled to false in the configuration. Otherwise, you must create a persistent volume. - -The following example shows a persistent volume definition using NFS. - -```yaml -kind: PersistentVolume -apiVersion: v1 -metadata: - name: etcd-data-volume - labels: - type: nfs -spec: - storageClassName: manual - capacity: - storage: 3Gi - accessModes: - - ReadWriteOnce - nfs: - path: /nfs/general/rrdata - server: 172.17.0.2 -``` - -You don't need to create a persistent volume claim for Resource Registry. Resource Registry is a StatefulSet, so it creates the persistent volume claim based on the template in the chart. See the [Kubernetes StatefulSets document](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/) for more details. - -Notes: - -* You must give root(0) group read/write access to the mounted directories by running the following command: - - ```text - chown -R 50001:0 - chmod g+rw - ``` - -* Each Resource Registry server uses its own persistent volume. Create persistent volumes based on the replicas (resourceRegistry.replicaCount in the configuration). - -### Persistent volume for sharing toolkit storage (optional) - -If you don't want the Business Automation Studio to import shared toolkits automatically, you can leave `global.contributorToolkitsPVC` empty. - -To integrate contributors, toolkit (twx) files can be imported into Business Application Studio. Place the toolkit package in shared storage and create the persistent volume for that storage by referring to the following example files. Then enter the persistent volume claim name in `global.contributorToolkitsPVC`. - -```yaml -kind: PersistentVolume -apiVersion: v1 -metadata: - name: toolkit-pv-volume - labels: - type: nfs -spec: - storageClassName: toolkit-pv - capacity: - storage: 2Gi - accessModes: - - ReadWriteMany - nfs: - path: /mptest/toolkit - server: 9.111.101.131 ------------------------- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: shared-storage-pvc -spec: - storageClassName: toolkit-pv - accessModes: - - ReadWriteMany - resources: - requests: - storage: 2Gi -``` - -Notes: - -* You must give root(0) group read/write access to the mounted directories by running the following command: - - ```text - chown -R 50001:0 - chmod g+rw - ``` - -### Configuring Redis for App Engine (optional) - -You can configure the App Engine with Remote Dictionary Server (Redis) to provide more reliable service, it is mandatory if you want to use mutiple active replicas for App Engine. - -1. Update the Redis host, port, and Time To Live (TTL) settings in `values.yaml` - - ```yaml - redis: - host: - port: - ttl: 1800 - ``` - -2. If Redis is protected by a password, enter it in the `REDIS_PASSWORD` field in the `ae-secret-credential` secret that you created in [Protecting sensitive configuration data](#Protecting-sensitive-configuration-data). - -3. If you want to protect Redis communication with TLS, you have the following options: - - * Sign the Redis certificate with a well-known CA. - * Sign the Redis certificate with the same root CA that is used by this installation. - * Use a zero depth self-signed certificate or sign the certificate with another root CA. Then save the certificate or root CA in the secret and enter the secret name in `.Values.appengine.tls.tlsTrustList`. - -## Red Hat OpenShift SecurityContextConstraints Requirements - -The predefined SecurityContextConstraints name [`restricted`](https://ibm.biz/cpkspec-scc) has been verified for this chart. If your target namespace is bound to this SecurityContextConstraints resource, you can proceed to install the chart. - -This chart also defines a custom SecurityContextConstraints definition that can be used to finely control the permissions and capabilities needed to deploy this chart. - -- From the user interface, you can copy and paste the following snippets to enable the custom SecurityContextConstraints. - - Custom SecurityContextConstraints definition: - - ```yaml - apiVersion: security.openshift.io/v1 - kind: SecurityContextConstraints - metadata: - annotations: - kubernetes.io/description: "This policy is the most restrictive, - requiring pods to run with a non-root UID, and preventing pods from accessing the host." - cloudpak.ibm.com/version: "1.0.0" - name: ibm-dba-bas-scc - allowHostDirVolumePlugin: false - allowHostIPC: false - allowHostNetwork: false - allowHostPID: false - allowHostPorts: false - allowPrivilegedContainer: false - allowPrivilegeEscalation: false - allowedCapabilities: [] - allowedFlexVolumes: [] - allowedUnsafeSysctls: [] - defaultAddCapabilities: [] - defaultPrivilegeEscalation: false - forbiddenSysctls: - - "*" - fsGroup: - type: MustRunAs - ranges: - - max: 65535 - min: 1 - readOnlyRootFilesystem: false - requiredDropCapabilities: - - ALL - runAsUser: - type: MustRunAsNonRoot - seccompProfiles: - - docker/default - seLinuxContext: - type: RunAsAny - supplementalGroups: - type: MustRunAs - ranges: - - max: 65535 - min: 1 - volumes: - - configMap - - downwardAPI - - emptyDir - - persistentVolumeClaim - - projected - - secret - priority: 0 - ``` - -## Resources Required - -Follow the OpenShift instructions in [Planning Your Installation](https://docs.openshift.com/container-platform/3.11/install/index.html#single-master-single-box). Then check the required resources in [System and Environment Requirements](https://docs.openshift.com/container-platform/3.11/install/prerequisites.html) and set up your environment. - -| Component name | Container | CPU | Memory | -| --- | --- | --- | --- | -| Business Automation Studio | BAStudio container | 2 | 3Gi | -| Business Automation Studio | Init containers | 200m | 128Mi | -| Business Automation Studio | JMS containers | 500m | 512Mi | -| App Engine | App Engine container | 1 | 512Mi | -| App Engine | Init Containers | 200m | 128Mi | -| Resource Registry | Resource Registry container | 100m | 128Mi | -| Resource Registry | Init containers | 100m | 128Mi | - - -## Installing the Chart - -You can deploy your container images with the following methods: - -- [Using Helm charts](helm-charts/README.md) -- [Using Kubernetes YAML](k8s-yaml/README.md) - - -## Configuration - | Parameter | Description | Default | -| -------------------------------------- | ----------------------------------------------------- | ---------------------------------------------------- | -| `global.existingClaimName` | Existing persistent volume claim name for JDBC and ODBC library | | -| `global.nonProductionMode` | Production mode. This value must be false. | `false` | -| `global.imagePullSecrets` | Existing Docker image secret | `image-pull-secret` | -| `global.caSecretName` | Existing CA secret | `ca-tls-secret` | -| `global.dnsBaseName` | Kubernetes Domain Name Server (DNS) base name | `svc.cluster.local` | -| `global.contributorToolkitsPVC` | Persistent volume for contributor toolkits storage | `` | -| `global.image.keytoolInitcontainer` | Image name for TLS init container | `dba-keytool-initcontainer:19.0.2` | -| `global.ums.serviceType` | UMS service type: `NodePort`, `ClusterIP`, or `Ingress` | | -| `global.ums.hostname` | UMS external host name | | -| `global.ums.port` | UMS port (only effective when using NodePort service) | | -| `global.ums.adminSecretName` | Existing UMS administrative secret for sensitive configuration data | | -| `global.baStudio.serviceType` | Business Automation Studio service type: `NodePort`, `ClusterIP`, or `Ingress` | | -| `global.baStudio.hostname` | Business Automation Studio external host name | | -| `global.baStudio.port` | Business Automation Studio port (only effective when using NodePort service) | | -| `global.baStudio.adminSecretName` | Business Automation Studio Secret for administration | | -| `global.baStudio.jmsPersistencePVC` | Business Automation Studio JMS persistent volume claim | | -| `global.resourceRegistry.hostname` | Resource Registry external host name | | -| `global.resourceRegistry.port` | Resource Registry port for using NodePort Service | | -| `global.resourceRegistry.adminSecretName` | Existing Resource Registry administrative secret for sensitive configuration | | -| `global.appEngine.serviceType` | App Engine service type: `NodePort`, `ClusterIP`, or `Ingress` | | -| `global.appEngine.hostname` | App Engine external host name | | -| `global.appEngine.port` | App Engine port (only effective when using NodePort service) | | -| `baStudio.install` | Switch for installing Business Automation Studio | `true` | -| `baStudio.replicaCount` | Number of deployment replicas | `1` | -| `baStudio.images.baStudio` | Image name for Business Automation Studio container | `20190624-064834.0.linux:19.0.0.1` | -| `baStudio.images.tlsInitContainer` | Image name for TLS init container | `dba-keytool-initcontainer:19.0.2` | -| `baStudio.images.ltpaInitContainer` | Image name for job container | `dba-keytool-jobcontainer:19.0.2` | -| `baStudio.images.umsInitRegistration` | Image name for UMS container | `dba-umsregistration-initjob:19.0.2` | -| `baStudio.images.jmsContainer` | Image name for JMS container | `baw-jms-server:19.0.2` | -| `baStudio.images.pullPolicy` | Pull policy for all containers | `IfNotPresent` | -| `baStudio.tls.tlsSecretName` | Existing TLS secret containing `tls.key` and `tls.crt`| | -| `baStudio.tls.tlsTrustList` | Existing TLS trust secret | `[]` | -| `baStudio.database.name` | Business Automation Studio database name | | -| `baStudio.database.host` | Business Automation Studio database host | | -| `baStudio.database.port` | Business Automation Studio database port | | -| `baStudio.database.type` | Business Automation Studio database type: `db2` | | -| `baStudio.autoscaling.enabled` | Enable the Horizontal Pod Autoscaler for Business Automation Studio | `false` | -| `baStudio.autoscaling.minReplicas` | Minimum limit for the number of pods for Business Automation Studio | `2` | -| `baStudio.autoscaling.maxReplicas` | Maximum limit for the number of pods for Business Automation Studio | `5` | -| `baStudio.autoscaling.targetAverageUtilization` | Target average CPU utilization over all the pods for Business Automation Studio | `80` | -| `baStudio.contentSecurityPolicy` | ContentSecurityPolicy for Business Automation Studio | `upgrade-insecure-requests` | -| `baStudio.resources.bastudio.limits.cpu` | Maximum amount of CPU that is required for Business Automation Studio | `4` | -| `baStudio.resources.bastudio.limits.memory` | Maximum amount of memory that is required for Business Automation Studio | `3Gi` | -| `baStudio.resources.bastudio.requests.cpu` | Minimum amount of CPU that is required for Business Automation Studio | `2` | -| `baStudio.resources.bastudio.requests.memory` | Minimum amount of memory that is required for Business Automation Studio | `2Gi` | -| `baStudio.resources.initProcess.limits.cpu` | Maximum amount of CPU that is required for Business Automation Studio init processes | `500m` | -| `baStudio.resources.initProcess.limits.memory` | Maximum amount of memory that is required for Business Automation Studio init processes | `512Mi` | -| `baStudio.resources.initProcess.requests.cpu` | Minimum amount of CPU that is required for Business Automation Studio init processes | `200m` | -| `baStudio.resources.initProcess.requests.memory` | Minimum amount of memory that is required for Business Automation Studio init processes | `256Mi` | -| `baStudio.resources.jms.limits.cpu` | Maximum amount of CPU that is required for Business Automation Studio Jms Server | `1` | -| `baStudio.resources.jms.limits.memory` | Maximum amount of memory that is required for Business Automation Studio Jms Server | `1Gi` | -| `baStudio.resources.jms.requests.cpu` | Minimum amount of CPU that is required for Business Automation Studio Jms Server | `500m` | -| `baStudio.resources.jms.requests.memory` | Minimum amount of memory that is required for Business Automation Studio Jms Server | `512Mi` | -| `appEngine.install` | Switch for installing App Engine | `true` | -| `appEngine.replicaCount` | Number of App Engine deployment replicas | `1` | -| `appEngine.probes.initialDelaySeconds` | Number of seconds after the App Engine container has started before liveness or readiness probes are initiated | `5` | -| `appEngine.probes.periodSeconds` | How often (in seconds) to perform the probe. The default is 10 seconds. Minimum value is 1. | `10` | -| `appEngine.probes.timeoutSeconds` | Number of seconds after which the probe times out. The default is 1 second. Minimum value is 1. | `5` | -| `appEngine.probes.successThreshold` | Minimum consecutive successes for the probe to be considered successful after failing. Minimum value is 1. | `5` | -| `appEngine.probes.failureThreshold` | When a pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Minimum value is 1. | `3` | -| `appEngine.images.appEngine` | Image name for App Engine container | `solution-server:19.0.2` | -| `appEngine.images.tlsInitContainer` | Image name for TLS init container | `dba-keytool-initcontainer:19.0.2` | -| `appEngine.images.dbJob` | Image name for App Engine database job container | `solution-server-helmjob-db:19.0.2` | -| `appEngine.images.oidcJob` | Image name for OpenID Connect (OIDC) registration job container | `dba-umsregistration-initjob:19.0.2` | -| `appEngine.images.dbcompatibilityInitContainer` | Image name for database compatibility init container | `dba-dbcompatibility-initcontainer:19.0.2` | -| `appEngine.images.pullPolicy` | Pull policy for all App Engine containers | `IfNotPresent` | -| `appEngine.tls.tlsSecretName` | Existing TLS secret containing `tls.key` and `tls.crt`| | -| `appEngine.tls.tlsTrustList` | Existing TLS trust secret | `[]` | -| `appEngine.database.name` | App Engine database name | | -| `appEngine.database.host` | App Engine database host | | -| `appEngine.database.port` | App Engine database port | | -| `appEngine.database.type` | App Engine database type: `db2` | | -| `appEngine.database.currentSchema` | App Engine database Schema | | -| `appEngine.database.initialPoolSize` | Initial pool size of the App Engine database | `1` | -| `appEngine.database.maxPoolSize` | Maximum pool size of the App Engine database | `10` | -| `appEngine.database.uvThreadPoolSize` | UV thread pool size of the App Engine database | `4` | -| `appEngine.database.maxLRUCacheSize` | Maximum Least Recently Used (LRU) cache size of the App Engine database | `1000` | -| `appEngine.database.maxLRUCacheAge` | Maximum LRU cache age of the App Engine database | `600000` | -| `appEngine.useCustomJDBCDrivers` | Toggle for custom JDBC drivers | `false` | -| `appEngine.adminSecretName` | Existing App Engine administrative secret for sensitive configuration data | | -| `appEngine.logLevel.node` | Log level for output from the App Engine server | `trace` | -| `appEngine.logLevel.browser` | Log level for output from the web browser | `2` | -| `appEngine.contentSecurityPolicy.enable`| Enables the content security policy for the App Engine | `false` | -| `appEngine.contentSecurityPolicy.whitelist`| Configuration of the App Engine content security policy whitelist | `""` | -| `appEngine.session.duration` | Duration of the session | `1800000` | -| `appEngine.session.resave` | Enables session resaves | `false` | -| `appEngine.session.rolling` | Send cookie every time | `true` | -| `appEngine.session.saveUninitialized` | Uninitialized sessions will be saved if checked | `false` | -| `appEngine.session.useExternalStore` | Use an external store for storing sessions | `false` | -| `appEngine.redis.host` | Host name of the Redis database that is used by the App Engine | | -| `appEngine.redis.port` | Port number of the Redis database that is used by the App Engine | | -| `appEngine.redis.ttl` | Time to live for the Redis database connection that is used by the App Engine | | -| `appEngine.maxAge.staticAsset` | Maximum age of a static asset | `2592000` | -| `appEngine.maxAge.csrfCookie` | Maximum age of a Cross-Site Request Forgery (CSRF) cookie | `3600000` | -| `appEngine.maxAge.authCookie` | Maximum age of an authentication cookie | `900000` | -| `appEngine.env.serverEnvType` | App Engine server environment type | `development` | -| `appEngine.env.maxSizeLRUCacheRR` | Maximum size of the LRU cache for the Resource Registry | `1000` | -| `appEngine.resources.ae.limits.cpu` | Maximum amount of CPU that is required for the App Engine container | `1` | -| `appEngine.resources.ae.limits.memory` | Maximum amount of memory that is required for the App Engine container | `1024Mi` | -| `appEngine.resources.ae.requests.cpu` | Minimum amount of CPU that is required for the App Engine container | `500m` | -| `appEngine.resources.ae.requests.memory` | Minimum amount of memory that is required for the App Engine container | `512Mi` | -| `appEngine.resources.initContainer.limits.cpu` | Maximum amount of CPU that is required for the App Engine init container | `500m` | -| `appEngine.resources.initContainer.limits.memory` | Maximum amount of memory that is required for the App Engine init container | `256Mi` | -| `appEngine.resources.initContainer.requests.cpu` | Minimum amount of CPU that is required for the App Engine init container | `200m` | -| `appEngine.resources.initContainer.requests.memory` | Minimum amount of memory that is required for the App Engine init container | `128Mi` | -| `appEngine.autoscaling.enabled` | Enable the Horizontal Pod Autoscaler for App Engine init container | `false` | -| `appEngine.autoscaling.minReplicas` | Minimum limit for the number of pods for the App Engine | `2` | -| `appEngine.autoscaling.maxReplicas` | Maximum limit for the number of pods for the App Engine | `5` | -| `appEngine.autoscaling.targetAverageUtilization` | Target average CPU utilization over all the pods for the App Engine init container | `80` | -| `resourceRegistry.install` | Switch for installing Resource Registry | `true` | -| `resourceRegistry.images.resourceRegistry` | Image name for Resource Registry container | `dba-etcd:19.0.2` | -| `resourceRegistry.images.pullPolicy` | Pull policy for all containers | `IfNotPresent` | -| `resourceRegistry.tls.tlsSecretName` | Existing TLS secret containing `tls.key` and `tls.crt`| | -| `resourceRegistry.replicaCount` | Number of etcd nodes in cluster | `3` | -| `resourceRegistry.resources.limits.cpu` | CPU limit for Resource Registry configuration | `500m` | -| `resourceRegistry.resources.limits.memory` | Memory limit for Resource Registry configuration | `512Mi` | -| `resourceRegistry.resources.requests.cpu` | Requested CPU for Resource Registry configuration | `200m` | -| `resourceRegistry.resources.requests.memory` | Requested memory for Resource Registry configuration | `256Mi` | -| `resourceRegistry.persistence.enabled` | Enables this deployment to use persistent volumes | `false` | -| `resourceRegistry.persistence.useDynamicProvisioning` | Enables dynamic binding of persistent volumes to created persistent volume claims | `true` | -| `resourceRegistry.persistence.storageClassName` | Storage class name | | -| `resourceRegistry.persistence.accessMode` | Access mode as ReadWriteMany ReadWriteOnce | | -| `resourceRegistry.persistence.size` | Storage size | | -| `resourceRegistry.livenessProbe.enabled` | Liveness probe configuration enabled | `true` | -| `resourceRegistry.livenessProbe.initialDelaySeconds` | Number of seconds after the container has started before liveness is initiated | `120` | -| `resourceRegistry.livenessProbe.periodSeconds` | How often (in seconds) to perform the probe | `10` | -| `resourceRegistry.livenessProbe.timeoutSeconds` | Number of seconds after which the probe times out | `5` | -| `resourceRegistry.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after failing. Minimum value is 1. | `1` | -| `resourceRegistry.livenessProbe.failureThreshold` | When a pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Minimum value is 1. | `3` | -| `resourceRegistry.readinessProbe.enabled` | Readiness probe configuration enabled | `true` | -| `resourceRegistry.readinessProbe.initialDelaySeconds` | Number of seconds after the container has started before readiness is initiated | `15` | -| `resourceRegistry.readinessProbe.periodSeconds` | How often (in seconds) to perform the probe | `10` | -| `resourceRegistry.readinessProbe.timeoutSeconds` | Number of seconds after which the probe times out | `5` | -| `resourceRegistry.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after failing. Minimum value is 1. | `1` | -| `resourceRegistry.readinessProbe.failureThreshold` | When a pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Minimum value is 1. | `6` | -| `resourceRegistry.logLevel` | Log level of the resource registry server. Available options: `debug` `info` `warn` `error` `panic` `fatal` | `info` | - -## Limitations - -* The solution server image only trusts CA due to the limitation of the Node.js server. For example, if external UMS is used and signed with another root CA, you must add the root CA as trusted instead of the UMS certificate. - - * The certificate can be self-signed, or signed by a well-known CA. - * If you're using a depth zero self-signed certificate, it must be listed as a trusted certificate. - * If you're using a certificate signed by a self-signed CA, the self-signed CA must be in the trusted list. Using a leaf certificate in the trusted list is not supported. - -* The Business Automation Studio components support only the IBM DB2 database. -* The JMS statefulset doesn't support scale. You must leave the replicate size of the JMS statefulset at 1. -* The Helm upgrade and rollback operations must use the Helm command line, not the user interface. - -## Documentation - -* [Using the IBM Cloud Pak for Automation](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/welcome/kc_welcome_dba_distrib.html) -* [Content Security Policy(CSP)](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) diff --git a/BAS/README_config.md b/BAS/README_config.md new file mode 100644 index 00000000..68e96626 --- /dev/null +++ b/BAS/README_config.md @@ -0,0 +1,139 @@ +# Configuring IBM Business Automation Studio 19.0.3 + +These instructions cover the basic installation and configuration of IBM Business Automation Studio. + +## Table of contents + - [Business Automation Studio Component Details](#Business-Automation-Studio-Component-Details) + - [Prerequisites](#Prerequisites) + - [Resources Required](#Resources-Required) + - [Step 1: Preparing to install Business Automation Studio for Production](#Step-1-Preparing-to-install-Business-Automation-Studio-for-Production) + - [Step 2: Configuring Redis for App Engine Playback Server (Optional)](#Step-2-Configuring-Redis-for-App-Engine-Playback-Server-Optional) + - [Step 3: Implementing storage (Optional)](#Step-3-implementing-storage-optional) + - [Step 4: Configuring the custom resource YAML file for your Business Automation Studio deployment](#Step-4-Configuring-the-custom-resource-YAML-file-for-your-Business-Automation-Studio-deployment) + - [Step 5: Completing the installation](#Step-5-Completing-the-installation) + - [Limitations](#Limitations) + +## Introduction + +This installation deploys a Business Automation Studio environment, the single authoring and development environment for the IBM Cloud Pak for Automation platform, where you can go to author business services, applications, and digital workers. + +## Business Automation Studio Component Details + +This component deploys several services and components. + +In the standard configuration, it includes these components: + +* IBM Business Automation Studio (BAStudio) component +* IBM Resource Registry component +* IBM Business Automation Application Engine (App Engine) playback server component + +Notes: + - The IBM Business Automation Application Engine (App Engine) playback server component is designed to provide a playback environment for application development use. The App Engine installed as a playback server doesn't contain all the features needed by the App Engine in a production environment and can't be used as a production App Engine server. + - For a production environment, deploy the App Engine following the instructions in [Application Engine Configuration](../AAE/README_config.md). + +To support those components, a standard installation generates: + + * 5 ConfigMaps that manage the configuration of Business Automation Studio server + * 2 deployments running the Business Automation Studio server and App Engine playback server + * 1 StatefulSet running JMS + * 4 or more jobs for Business Automation Studio and Resource Registry + * 5 secrets to get access + * 5 services to route the traffic to Business Automation Studio server + +## Prerequisites + + * [User Management Service](../UMS/README_config.md) + * Resource Registry, which is included in the BAStudio configuration. If you already configured Resource Registry through another component, you need not install it again. + +## Resources Required + +Follow the OpenShift instructions in [Planning Your Installation 3.11](https://docs.openshift.com/container-platform/3.11/install/index.html#single-master-single-box) or [Planning your Installation 4.2](https://docs.openshift.com/container-platform/4.2/welcome/index.html). Then check the required resources in [System and Environment Requirements on OCP 3.11](https://docs.openshift.com/container-platform/3.11/install/prerequisites.html) or [System and Environment Requirements on OCP 4.2](https://docs.openshift.com/container-platform/4.2/architecture/architecture.html) and set up your environment. + +| Component name | Container | CPU | Memory | +| --- | --- | --- | --- | +| BAStudio | BAStudio container | 2 | 2Gi | +| BAStudio | Init containers | 200m | 256Mi | +| BAStudio | JMS containers | 500m | 512Mi | +| Resource Registry | Resource Registry container | 200m | 256Mi | +| Resource Registry | Init containers | 100m | 128Mi | +| App Engine Playback Server | App Engine container | 1 | 1Gi | +| App Engine Playback Server | Init containers | 200m | 128Mi | + +## Step 1: Preparing to install Business Automation Studio for Production + +Besides the common steps to set up the operator environment, you must do the following steps before you install Business Automation Studio. + +* Create the Business Automation Studio and App Engine playback server databases. See [Creating databases](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_basprep_db.html). +* Create admin secrets to protect sensitive configuration data. See [Protecting sensitive configuration data](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_basprep_data.html). + +## Step 2: Configuring Redis for App Engine Playback Server (Optional) + +The default replica size of the App Engine playback server is 1. You can have only one App Engine pod because it's a playback server for application development use. If you need the replica size to be more than 1 or you enabled the Horizontal Pod Autoscaler for the playback server, you must configure the App Engine playback server with Remote Dictionary Server (Redis). For instructions, see [Optional: Configuring App Engine playback server with Redis](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_basprep_redis.html). + +## Step 3: Implementing storage (Optional) + +You can optionally add your own persistent volume (PV) and persistent volume claim (PVC) if you want to use your own JDBC driver or you want Resource Registry to be backed up automatically. The minimum supported size is 1 GB. For instructions see [Optional: Implementing storage](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_basprep_storage.html). + + +## Step 4: Configuring the custom resource YAML file for your Business Automation Studio deployment + + 1. Make sure that you've set the configuration parameters for [User Management Service](../UMS/README_config.md) in your copy of the template custom resource YAML file. + 2. Edit your copy of the template custom resource YAML file and make the following updates. After completing those updates, if you need to install other components, please go to [Step 5](README_config.md#step-5-Completing-the-installation) and do the configuration for those components, using the same YAML file. + + a. Uncomment and update the shared_configuration section if you haven't done it already. + + b. Update the `bastudio_configuration` and `resource_registry_configuration` sections. + * If you just want to install BAStudio with the minimal required values, replace the contents of `bastudio_configuration` and `resource_registry_configuration` in your copy of the template custom resource YAML file with the values from the [sample_min_value.yaml](configuration/sample_min_value.yaml) file. + * If you want to use the full configuration list and customize the values, update the required values in `bastudio_configuration` and `resource_registry_configuration` in your copy of the template custom resource YAML file based on your configuration. + +Note: The hostname must be less than 64 characters. Use a wildcard DNS (https://nip.io/) if the hostname is too long. For example, instead of: +`resource_registry_configuration: + admin_secret_name: op-bas-rr-admin-secret + hostname: hostname: rr-{{ meta.namespace }.I-have-a-very-long-hostname-which-exceeds-64-characters.cloud.com`' +the hostname can use a wildcard: +`resource_registry_configuration: + admin_secret_name: op-bas-rr-admin-secret + hostname: rr-{{ meta.namespace }..nip.io`' + +### Configuration + +If you want to customize your custom resource YAML file, refer to the [configuration list](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_bas_params.html) for each parameter. + +## Step 5: Completing the installation + +Go back to the relevant installation or update page to configure other components and complete the deployment with the operator. + +Installation pages: + - [Managed OpenShift installation page](../platform/roks/install.md) + - [OpenShift installation page](../platform/ocp/install.md) + - [Certified Kubernetes installation page](../platform/k8s/install.md) + +Update pages: + - [Managed OpenShift installation page](../platform/roks/update.md) + - [OpenShift installation page](../platform/ocp/update.md) + - [Certified Kubernetes installation page](../platform/k8s/update.md) + + +## Limitations + +* After you deploy Business Automation Studio, you can't change the Business Automation Studio or App Engine playback server admin user in the admin secret. + +* Because of a node.js server limitation, App Engine playback server image trusts only root CA. If an external service is used and signed with another root CA, you must add the root CA as trusted instead of the service certificate. + + * The certificate can be self-signed, or signed by a well-known root CA. + * If you're using a depth zero self-signed certificate, it must be listed as a trusted certificate. + * If you're using a certificate signed by a self-signed root CA, the self-signed root CA must be in the trusted list. Using a leaf certificate in the trusted list is not supported. + * If you're adding the root CA of two or more external services to the App Engine trust list, you can't use the same common name for those root CAs. + +* The Business Automation Studio components support only the IBM DB2 database. + +* The App Engine playback server supports only the IBM DB2 database. + +* The JMS statefulset doesn't support scale. You must keep the replica size of the JMS statefulset at 1. + +* Resource Registry limitation + + Because of the design of etcd, it's recommended that you don't change the replica size after you create the Resource Registry cluster to prevent data loss. If you must set the replica size, set it to an odd number. If you reduce the pod size, the pods are destroyed one by one slowly to prevent data loss or the cluster getting out of sync. + + * If you update the Resource Registry admin secret to change the username or password, first delete the -dba-rr- pods to cause Resource Registry to enable the updates. Alternatively, you can enable the update manually with etcd commands. + * If you update the Resource Registry configurations in the icp4acluster custom resource instance. the update might not affect the Resource Registry pod directly. It will affect the newly created pods when you increase the number of replicas. diff --git a/BAS/README_migrate.md b/BAS/README_migrate.md new file mode 100644 index 00000000..8c775902 --- /dev/null +++ b/BAS/README_migrate.md @@ -0,0 +1,15 @@ +# Migrating from IBM Business Automation Studio 19.0.2 to 19.0.3 + +These instructions cover the migration of IBM Business Automation Studio from 19.0.2 to 19.0.3. + +## Introduction + +If you install IBM Business Automation Studio 19.0.2 and want to continue to use your 19.0.2 applications in Business Automation Studio 19.0.3, you can migrate your applications from Business Automation Studio 19.0.2 to 19.0.3. + +## Step 1: Export apps that were authored in 19.0.2 + +Log in to the admin console in your Business Automation Studio 19.0.2 environment, then export your apps as .twx files. + +## Step 2: Import the apps to 19.0.3 + +Install [IBM Business Automation Studio 19.0.3](../BAS/README_config.md), then import the apps that you exported. \ No newline at end of file diff --git a/BAS/configuration/README.md b/BAS/configuration/README.md deleted file mode 100644 index e1ad199d..00000000 --- a/BAS/configuration/README.md +++ /dev/null @@ -1,97 +0,0 @@ -# Business Automation Studio platform Helm installation helper script - -1. Extract the IBM Business Applicaition Studio platform Helm installation helper script from the bastudio-helper.tar file and copy it to a specified directory, for example, ibm-dba-bas-helper. - -2. Unpack the package by running the following command: - - ``` - tar xvf bastudio-helper.tar - ``` - -3. Update the `./pre-install/bastudio.yaml` file with the following settings: - -#### Business Automation Studio settings - | Parameter | Description | Default | -| -------------------------------------- | ----------------------------------------------------- | ---------------------------------------------------- | -| `releaseName` | Release Name. If you want to install with a release name other than bastudio, update this field. | | -| `server.type` | Kubernetes cluster type. OpenShift is supported. | `openshift` | -| `server.infrastructureNodeIP` | Infrastructure node IP | | -| `server.certificateManagerIntalled` | Whether to use Cert Manager installation | `false` | -| `admin.username` | Administrative user name, which is used by User Management Service (UMS), App Engine, and Business Automation Studio | | -| `admin.password` | Administrative password | | -| `ums.hostname` | UMS external host name | | -| `ums.tlsSecretName` | Enter the UMS root CA secret name in this field | | -| `appEngine.hostname` | App Engine external host name | | -| `appEngine.db.name` | App Engine database name | | -| `appEngine.db.hostname` | App Engine database host | | -| `appEngine.db.port` | App Engine database port | | -| `appEngine.db.username` | App Engine database user name | | -| `appEngine.db.password` | App Engine database password | | -| `appEngine.redis.password` | Set this password only if you are using Redis | `password` | -| `resourceRegistry.hostname` | Resource Registry external host name | | -| `resourceRegistry.root.password` | Resource Registry root password | | -| `resourceRegistry.read.username` | Resource Registry reader user name | | -| `resourceRegistry.read.password` | Resource Registry reader password | | -| `resourceRegistry.write.username` | Resource Registry writer user name | | -| `resourceRegistry.write.password` | Resource Registry writer password | | -| `bastudio.hostname` | Business Automation Studio external host name | | -| `bastudio.db.name` | Business Automation Studio database name | | -| `bastudio.db.hostname` | Business Automation Studio database host | | -| `bastudio.db.port` | Business Automation Studio database port | | -| `bastudio.db.username` | Business Automation Studio database user name | | -| `bastudio.db.password` | Business Automation Studio database password | | -| `images.bastudio` | Image name for Business Automation Studio container | | -| `images.jmsContainer` | Image name for JMS container | `baw-jms-server:19.0.2` | -| `images.appEngine` | Image name for Application Engine container | `solution-server:19.0.2` | -| `images.dbJob` | Image name for Application Engine database job container | `solution-server-helmjob-db:19.0.2` | -| `images.resourceRegistry` | Image name for Resource Registry container | `dba-etcd:19.0.2` | -| `images.umsInitRegistration` | Image name for OpenID Connect (OIDC) registration job container | `dba-umsregistration-initjob:19.0.2` | -| `images.tlsInitContainer` | Image name for TLS init container | `dba-keytool-initcontainer:19.0.2` | -| `images.ltpaInitContainer` | Image name for job container | `dba-keytool-jobcontainer:19.0.2` | -| `images.dbcompatibilityInitContainer` | Image name for database compatibility init container | `dba-dbcompatibility-initcontainer:19.0.2` | -| `ImagePullPolicy` | Pull policy for all containers | `Always` | -| `imagePullSecrets` | Existing Docker image secret | `image-pull-secret` | - - -4. Run the command`./pre-install/prepare-bastudio.sh -i ./pre-install/bastudio.yaml`. You'll see the following information on your screen: - -``` -Target folder does not exist. Creating folder -wrote ./output/bastudio-helper/templates/admin-secrets.yaml -wrote ./output/bastudio-helper/templates/certificate.yaml -wrote ./output/bastudio-helper/templates/route-ingress.yaml -wrote ./output/bastudio-helper/templates/NOTES.txt -wrote ./output/bastudio-helper/templates/db-script.sql -wrote ./output/bastudio-helper/templates/updateValues.yaml ---- -# Source: bastudio-helper/templates/NOTES.txt -Generating admin secret-related resources in file -./bastudio-helper/templates/admin-secrets.yaml - -Generating TLS key and certificate resources with secret in file -./bastudio-helper/templates/certificate.yaml - -Generating route definition in file -./bastudio-helper/templates/route-ingress.yaml - -Generating values to update in file -./bastudio-helper/templates/updateValues.yaml - -You can apply the resources with command: -kubectl apply -f ./admin-secrets.yaml -kubectl apply -f ./certificate.yaml -oc apply -f ./route-ingress.yaml - -Create the database with command: -db2 -tvf ./db-script.sql - -``` - -5. Run the following commands to create sensitive configuration data, create TLS key and certification secrets, and set the service type. -``` - kubectl apply -f ./admin-secrets.yaml - kubectl apply -f ./certificate.yaml - oc apply -f ./route-ingress.yaml - ``` - -6. Copy the database script to your dabase and run the command `db2 -tvf ./db-script.sql` on the database. diff --git a/BAS/configuration/bastudio-helper.tar b/BAS/configuration/bastudio-helper.tar deleted file mode 100644 index 2be463feab06dc6735c621852f823376f7eb2515..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 20480 zcmeHuc_5T++qa@HrCmwk$`*Ic*vZ%`yX;F6(wG@$G-jq*NRmjU6j@4?HBwp15@kzS zB1J1LL{uu0t+LN|UNc$h?&-eY=egfMp7-OQnK_r^IL_a(p2u}T$x&%|B#}&KU`Ql6 zuK$%kdGM#EqQV6}l++aEr+>mz@E@0gl8Tb5g0hOTGMHCTl2=jWf>i!jr1^;`6P%m| zL0k+P#*0Y*X>!`nznY)6^uOsV>IeP1V(1Jejz~cg@FXgphGMwy{Ra*MD_B)odAi;w z>;TLtC@Lu_{iJ_YRW$`JNd6z-{g)*EKi9ul2;VX`Ml4ybbr>USd90C{s;Q5Rl=s%G{i4-6USV{1jxGQyKQxw`yV^p~nRd;H(IWQ*NUN>H__i5NxN zeI^@(N7*)3G#Jsy-OWunh$gjWF8^|_w-;{|-y9R*+P~De#=7gp6~A{2^NqVu2b_0$ zXLB_uiQB!g+TkKT&uaCz(|Q-HVh6j<^7_W!ck6HKx;IKzJzLpw->dV@*@l|uH9nmK zT?2VTX1UB4wVKuWXPrP2@Xx7%$*vBS%d{1Zze3@wCRjw6>lIb5k<|pvr0&WM4 zHhO<;e{h$-WWhcD$oH$6S_yNv&q`Z;=yTRJbbRLP;bxvfZYY5FO5xJvED2m47ZJ~-I(aFJ}V$1S1=}fk2%U}XSo+`Lt{yf z%IKlP{*T8V$P1i7Eq-UUllN6-cWK$l#VZ6>&CiJW;;v#!2RPu3NctPD3T89Nhx&rmDpmAJ#2JsZ|8wxJg3o!@+`{T8c0*Cx?0mHVr= zd*nvdq_8R(A4w;Hn~By(nLf9Jg>b8NyJFR3Z}1F;srv=Vm?k{gA*raky+~3gtgb^w z{-SG8>-kv#VtOmzE0wic+qNwC1mL84`Rc8`?o=l}ixpn~@zr{6q=QJ0TT1BNFN$ZXqstFm77BVs4W1jaPnIUushs#x zqTb5>-p+T!$q&iY%nj~yo6JJ2B`<8w;qH`3u!DS*qDR(PF$`APbs|P*>oGsoBnn7W zL2r&1?$Tg%IK9``Rpm)}co)Tgz{q&TEXH%BLv8!((TMc$jYk8}rFxn4`88G*&#D)7 zRV0RrW*_f$)U|ynk{R&$l2PvA3emz#mWkQIThA`+SVZOfwAn7P-u~HNN{>)?ZBoxAzc z*9))u_H?dhe*Z{MWngLj=Bm*C`U)s$jpH2?EjcIZjn9!~of}^Gc?pKB>7)~E1riV! zBb4{ASWH!G-`^A*^=+uZw)dL*{3xdMQE?^D7*&lce)kHu6KB85AbW2U?rU7l9l2qB z+z`{V&|R-V_tv$i*wR$D=bxo=aeNh-2F(~-`w}yytyMWa9pvM$qFw4N`ujg7FK|ZL{?tuABip& zbK5@+5=TkgEDz=DtH0_Dyjs8;{dl3S<4q`_5&t^E$w0ff>5%-&fvSVVm6w>MM^#pu zN|&eCX7;ST?=kr5=~KD#TSscUi#G9k1n6DD>z2fF%Zm;iiClQT8`l?>-m6*_1CgXY zfBaHNKXcvYEtQhAYIdXb72W>K2A6{Bny3?x7P<1L?`0U(?7wx*)~R)FH)@t|Zm06T zm~?4@C!QiEuQGD{d@4R}rG31iWuRbLUUW8kmZN&J%GU)eauYsAJ}Jr!4eG z>(@sm9W8pap4{BGn`EXWE|zim$%Cy8k`)K-Y^`4i3W_ezF}WJ*vhj*IBQ^7}aBF4u ztb40wnJFLkXey2pxEp4VOx6mhK+jJ-ZfU!X_b6#cG-Gk1ecE!P!|y$~oRt-%LC8d9clzIUAMZCO)3XEl3#kX0JKK~s zubyhmD}U74P#U<-QGc;_wQ4JQ$Mp)Y*X#E5JxG?s5G+neuDLQ|oFChy9hi0UQ@m4& z?yCeH%KLJ&FrAaa)m@(&lD;Op?Wf$?L+DOx7~XWo#rRW=PeQ>WUq%0UcXjD5!G*h) zyMDutNXM-0@UAoOuIcs^QtsLtFKWbZo#jw;j}#h=%}C}iYJA+-zJgk_u3(QV_oaYR z=F$BAdGq%++q#$63^^=CNDp)~pJ*2fKC-j*T3{3=Q<)NJX=AGDgt6~xDNIQ^vSO6i zts_n7`e}FJH**_htL3i0I`9Ddj1hL2a>=&p6lOR~OK3z(vUrVY(zA;CE!kg_Pv6?! zPKfmwQm@f|6CSbrZE(Sk{QBe2f_H} ze#D`x?xt7PE{d3AGQ8@x@kra~TZ_=zgIvz^*Cg)~I_f38i5enhUvTn=KeRT#_h=Gf zExpiePvMQUDoEQ>_1OD-&Beyyn(QM!Ni4+PD=lT6>AlV(h4J&{TFPFgt6e!lSzFEu zY#6GkwRyjA$HJ=iO)PDmwFh54#f#NhU9Ue z(VAt}S9>r+amZ)+3YuzjSeB#ap~seJMzyaBFV*bqjl8{)B^zd+x$-her&9R5KwTu% zdUrtfZSb{iXG0tn)$XJ=icr;WCSB)d7&NV#U%Xf5dK=1JWY7mKV&=6oDA0daN1Ua;C7QKza!w(`kc z+kI2TVy zlVViAj`YrFCF7L1xE*=NI$8YzCF3*R%9X*KegMJ1hxr{wk5x zY8_ZRc9K^}=EHiSgvD-;%}t~ElDynfZkOqA+r4~<4<+%WKDG7?9TQl_=l}WU$Cz{< z`{9KK?t#JAxDO;;v{l|Vp!^Ph+PZT^#e*HWYM*9RwkzYfW-T-b^bNn^#|rg*W*idQ zhBWi_&!*6~U7xKrf0>kNXKSCQ-+>LK$y!&Ff?~C<#4F?lyV~_t^+tM}WXy>zF;j3hg7;6)f&ZAhK2%aA8Xe{=Prp5^HaZ@7kIjJ z|JeG}GneniT0boETw57Y7nj#oWEveF7FbA)h>9*OYLQAUk&4DQzpP$MKhu*hvh;p! zo%-E~xrYL?f^Xm7Y8-i|q9!b1FoM1}!pCAscHi-}+fO^DUF21&jZrR8EHYb}IeUGQ zWgX4NK<>8Wb-^0)-D;^s9$)WS>D0F_ z?2RzmX0h>?(^csiO@2I|Oi53;T}sPt_MKR-i)&vw9#^m1d&S>fR;J6ebFJ?UFQa!k z=r1nMwWW(nYJ}@Vwfo#Y4f=IFtu3BYU0IvHF?!CyaMN;6Z>1ZSD`oa09@@P(Ymyqq zN$`7t8?mZ;5`#at=40)hAAj?BCuwo2{_LKb zw64bvsPPu(r2I#X#}tPhHFaH7*U*}fQ(iWDeXz;164Of#_6`7~DWb;dX>;sJl{!inI?^h8gnNfh)Zx9B^ZXeiahXqa#4FIrPBRuVsJ9q-sFih zDPioHx$kQeh0igbrx!diucMDigm1qfrBgL0^j*szj`(CDo^?fa19_x9@3DyyyHgCe zDxR)t-*f!bm{MR-$tjbL^G`_$uii?Z8ar2k&!)>fP7CWw(MtAp7JMrcGaw;US=+Y( zc{%=d@|o`9oo=-b?zIM&_#$NrH!SR;O89loI{XdN^}_Y3lIO1WdRD-Fg%*Rjd+BxL z@fQ)}ho#a!NLC5E2fth{cUCuN1612yxIrjHcQ>8utQ(>8`eKsB%ZQQd%##L7Mmi4+ zJ`v$BO_qKcxiw(-d)|m1QrKeI_MR+@z~HOf>VQ7dXP^$|$+^5@7>91kf6VG>7g1>xxBl?7-?*4;& zjY5&Zgk-EKOmIR94eWKN;pucRC=1h>er5;^Oy6w|HXB=_A+{9L zF{0zK3?c<=ra*ub9wKtk#{h;*I$!`{@iYd}jfjO&^~8`d?sys?GHuk1Gic0tWQ)h4 zAvX+(jz>sr!g&Izm;l5HL?IbFIvxkP`apJOHqa)02t2@nHgB?FKjVYI17BGL2HwO$ z{Lf$kg|m0EX|iqLhhqb|;2C%V4Y3LR3(zO%P%(76H-(1#5k0VJVgfz+4Z-xJ|CLw- z3LPjPHqD>Kf@e5l{e?s{3WWjbZUTT|X}~srNsK|F+pwq2*$2g9kYEJK*#S_eQXxFq zok+&R-U76Sn?RqAz)-3B>?zJkjPO9qz)uJiZ??;U=gmY01QXz_f-r8dnSb{{6yyNh z(i50Ij536Q^vrDl3p$15g>fZ)_etQ9z$Ms+1bz%VD4T;Ok*W=Y0-py3*#b4XG07am z^M<{EhNqG+SlDgx5PL1#+oyTv?|lOBn?e|aN5LdeWFi$sq<|@$D|}qohktERI9Ejg z5!>^pGzgB!Hq=d)mJ@LPtkmgD|1JY|r1)F3;gx7e1Jcj1Vla-e!(*{4H7> z(*sA*+x&M01$1fu0}k+VHkZFkf5O9HTl#CDCswoV))bHN0wCbsFia8y@+RQfAr!(< z$ZI*KNyFoabRY=(lcW1d0#gnxVGV4TNds0#!@Cnfob>@;esUPtyx}F*-&g$3Zzjo2 zEdK9w9~$i^_mP;$sS`S8N9_qfC-sLTy14;w2TA+SK+q^8JRJpV1cbMLr4VZ{$5t8! z$5}GL4-NE!!LifMuOhSc#H2Tk$iV-+l|2Y&tY2-lhj-8r5|b(DPX;hiSo}`$le_;b z!{x*Yf71GY6f`Fh`CZ5aQH&FH*~S`5PAh!^rs?N}Ra4+0yJkiJQNnKWX8A z8-j^~Wg=?+hWLbsq7g(-P_=!pUX0=I?7&W+bX|7ghyy8@;^PS%czU9rsHQ;{XKy4? zKp_a%i|hmqCnNB-8eB!=DA-*fV@!rpCXECRB>@?LIu*YM<4GlfnhY)=s7yKmM0|KF zha{*xLHehF(t`p*u&2+|4-^GUmGktW(kLFFN@bISDbNWNCJ6^If0hl_7DOWM!cP|Y za8>)S3Cc~FK3YK?C67`B3?@gWzD>?~c+zz#WCjLQRx~sOeobwgs;eMS4l!YXKs^Rm z6jN((t|k;$^w0C~i*24B6jvnhw@FTa$~qw9V~}_T7B{s9l%vLEBIA3mVe16VUIr$< zD}g--UZo^50E4NWpjd==PCE-seHY$`L7|Y?%dwNkoD_+~pkjWr3o!V_CL9>_qyjNq zi6kP!=NJ2bTJdY{;7Z80Jt`Aaic|`Ti1p!^t{bo|aA}ybB|5u|#exeV@Drjt8QMhh z#`w_XjNQyB3`+njux>eXJkSe*P0|ujv}6-Re_sl&g$5K72^7Szfx>wQE?6fkFOJ2s z1^Hf~gUcHPN_BRf%_)9C-AkrGz~14DDh=;R0mTa2!@v&MGC1xCv*uLsz%h{=S3tsq zzZdfV@`C(-eB#Ic4|o@t3a+Ba3BN?q3ID+P;hOq4@Bb>PswvOB|M?H#{O^#ESR?03 zB*USZ0NO7M2#H4^K*09~uXs{rWPL%5#$yQ-NZb}~@X)a|A{AT#;47pnlL(Rm`_}*c z_Pl<2mtsA*ezLnIax`}P1nxY1&mdkH5@>w55y2f6um!mZq&Fg&%49(789GXQlIzqr zJ37dt=&9dqyZzZ#AtVu8XJJwT6Kx1dfi!^-@UR<&1S(tYDLMuuj5~cAUASJ5PuM4g%vNBAKS2yX%m z2T1G`DuWJ*6VVhjK^!!**Z~X&->R{2c$4Ie0O`O8=sC% zhTq3EG}vD#6YDr4gNO@2`1Ml4#L@{P&=QCHRBUa`LWj(lv_!%;v3 zmJGUIux5Z4PKt*m;IX^d=~&Wt5)(gI0ayx+268G#P*|S|Y;{hoUJfAl-HFw@y;iT|)~N=1`AaU_5@ z+;b*zY)R60`hGw0X@>%U;(*h!rR8|dpE3R3*8Uy_CeH$31x;%Jt1euvz@1&-InbYY zL6GMz91-ZB`Xe6%9`5N**xxUBu;~M`>}m<9(i7tYxq>z|D7N4`I0H`x(7@g{U3x7^ z8NiHPxc?-Htem6_9F2cDhd{7hh=B*!3b-#V=_@ZK_lMtPK|k%^MIa=S6UC?7Ari?E z0tuh=M>vs4V1sx%0@V2=2uX(4DgBJm&s^jt#GuRJT#?`XpT3&}Y5%)B$#`#sr`Lb5 z``_J)0GGQT@%YVQ%`I&8ZBUFo3 + port: 443 + database: + host: + # The database provided should be created by the BAStudio SQL script template. + name: + port: + # If you want to enable the database ACR, HADR, configure the alternative_host and alternative_port both, otherwise leave them as blank. + alternative_host: + alternative_port: + type: db2 + jms_server: + image: + repository: cp.icr.io/cp/cp4a/bas/jms + tag: 19.0.3 + #----------------------------------------------------------------------- + # App Engine Playback Server (playback_server) can only be one instance, which differs from the App Engine (The application_engine_configuration is a list, you can deploy multiple instances of AppEngine). + #----------------------------------------------------------------------- + playback_server: + admin_secret_name: playback-server-admin-secret + images: + db_job: + repository: cp.icr.io/cp/cp4a/bas/solution-server-helmjob-db + tag: 19.0.3 + solution_server: + repository: cp.icr.io/cp/cp4a/bas/solution-server + tag: 19.0.3 + hostname: + port: 443 + database: + host: + # The database provided should be created by the App Engine Playback Server SQL script template. + name: + port: + # If you want to enable the database ACR, HADR, configure the alternative_host and alternative_port both, otherwise leave them as blank. + alternative_host: + alternative_port: + type: db2 + + ## Resource Registry Configuration + ## Important: if you've already configured Resource Registry before, you don't need to change resource_registry_configuration section in your copy of the template custom resource YAML file. + resource_registry_configuration: + admin_secret_name: resource-registry-admin-secret + images: + resource_registry: + repository: cp.icr.io/cp/cp4a/bas/dba-etcd + tag: 19.0.3 + hostname: + port: 443 \ No newline at end of file diff --git a/BAS/helm-charts/README.md b/BAS/helm-charts/README.md deleted file mode 100644 index f9969448..00000000 --- a/BAS/helm-charts/README.md +++ /dev/null @@ -1,40 +0,0 @@ -# Deploying with Helm charts - -Extract the helm chart from ibm-dba-bas-prod-1.0.0.tgz and copy to your installation directory. - -## Installing the Chart - - To install the chart with release name `my-release`, run the following command: - - ``` - helm install --tls --name my-release ibm-dba-bas-prod -f my-values.yaml --namespace ` - ``` - - The command deploys `ibm-dba-bas-prod` onto the Kubernetes cluster, based on the values specified in the `my-values.yaml` file. If you use [BAStudio platform helm install helper script](configuration) before, you can use ./bastudio-helper/templates/updateValues.yaml file generated by the script. The configuration section lists the parameters that can be configured during installation. - -### Verifying the Chart - -1. After the installation is finished, see the instructions for verifying the chart by running the command: - - `helm status my-release --tls` - -2. Get the name of the pods that were deployed with ibm-dba-bas-prod by running the following command: - - `kubectl get pod -n ` - -3. For each pod, check under Events to see that the images were successfully pulled and the containers were created and started, by running the following command with the specific pod name: - - `kubectl describe pod -n ` - -4. Go to `https:///BAStudio` in your browser (if you set up Business Automation Studio with Route) or `https://:/BAStudio` (if you set up Business Automation Studio with NodePort). - -### Uninstalling the Chart -To uninstall and delete the my-release deployment, run the following command: - - helm delete my-release --purge --tls - -This command removes all the Kubernetes components associated with the chart and deletes the release. If deletion can result in orphaned components, you must delete them manually. - -For example, when you delete a release with stateful sets, the associated persistent volume must be deleted. Run the following command after deleting the chart release to clean up orphaned persistent volumes: - - kubectl delete pvc -l release=my-release diff --git a/BAS/helm-charts/ibm-dba-bas-prod-1.0.0.tgz b/BAS/helm-charts/ibm-dba-bas-prod-1.0.0.tgz deleted file mode 100644 index 775707941b486a1fe0850d2f3033ec46e073863b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 98234 zcmV)PK()UgiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvHbK|y_D2mVD{1iCKoD(}gO6^BK5~ud>lx(ZJHQNszN$#G$ zQ&Tw*2}y`af*T<1Rx-Jt{T9~3ixe%pA3HO%tDUNjM1jBpu&}V+i!btix}g09RsB+m z^x4^(%4)EodG=3V>+j&;;NaDZ7x4dsgM;?}4_>}}@lS`xFPs>+jR&-fxAEckEFsB6|QGg>W$%=;-T zGqK58QAIq_9qV`0$+KsY-Vav1TGxwOF`0;>VnsDbME-1idigBT$f=&?R8>qq%fw1N zOBeK)yv{0~WTH+7>TdPF6)kwhe`9~CWX+;mwz(HFRVPtDfH>-taZ$0AwBOD|o->(n znnis=^YrC&-Q;W%^~v<@_1Pr4tryI#&G-NRzZ?z@4+jU|M>*w1MR~y_3{giI$Y{6ByG z^4t0UGycAtt*K-w!EGlrkwPhwh`ba9D=HPOGO?i9NkqtZWWHvk)TpQ`RwRtviLA~G zl4O+UfcT_VEG0`JiK>KTA2a;-mPd?BgaM1-)9TvfbSo#{8P;4r`de`TyB z)tW1Whg5?N^yHFZK}rdckDD zDyB$UD6*i6*_YEool?cjyXr0(Bw4M=*dP-L&3d>1XQHSiU(}V5q!J>#<&}c9q$@@y z@6I$7zRBFQn7lhP3-|^>Peifgs~U-$UJ6>Vlq@!SecF3R#_y=g*JfTXSD%n)9NyEd-y2 z%Ub8E4-f5*JZWC1Lqk~!Sy24gF`J&5POm+m1y%6Q6DG9{mVRzZ@ z_le<;^sjZU#s#m;=1}C7^tD>&N(K-6yx`TZViCSuW$>;(`M^csi??i}&p*77xSxX8 zvZ|yz-uqQ7I$ui{nzqx5FL=hQO-B!{77s)4Yp#M<7xcdWYp%(mylb}8@RTo@UC*--eEPfZK_ zMo0zdm@baY_rl&m7BAfw#69zceJoj0v2>QKSxz0J)&sVz7d4SfB{bv3$^#`?nel|4 ziMpsxh#p$A#-y@LeSB}jq8ZReOBuuHDgT6R8$hSHA_^rk_FBlCR&Y{y68>-@Ru}A!WhZ2O z_4+#eWd<8|LUN`QU9q^5G+{AK^b%f(RlHoLNlfdMo3o~Ww!@6B-VU$MM(6&QS;-Q< zUbtWJ3jCa_jcRHOT+mZ4x8}taTvNd%6K_EuDFc+&;#y~<$YE_9GMZ{F{J0>-us1-YdAN2Ecd~9#SsDpi_%&cJFOBNB* zOQeFhZXhoL*}~gOihHGZ`{?1jF}RPz>-c`nE0)0y^?=wZrhp4T+^Q}2*E{?X=8YVz zWQyKtMi)9V&qM|nKk4a1kI!_go5E}l|4nlO;VZRbqmLDn1 zOZ_pxl9$J?P!Oo9?1X3-^{YAksJ9A1sA$ELp;Amw@#w`*M{X90lFKt8Zn+-#_+>CZ zT32iL%TMM9E$A0_UJPJzRNSE;km|h=B`5$5&S)&Mcr%?EeA;F-DBFGQcHW|g2S?8z zyYIIzYN^KZ@bE$Osuerm6g20_M2b7ENgfa{BUBTsr8>)~ zQbx;_)1s!Cp%B1npyIAKWi)*+dBv`a#8N)EL^N~X%`Q5S+<=`t(Ba>ifqa02d@6LG z&Z2z^Pf194^AXLDKc@fP(*IX1FEd&(_3Y|;KAH`xkJXpzm>;qK9Ui?pZt4GDygEGm zrvLvl{$7hL6Zfd5usVOTrgw}i7%MFCM>QWP<~0vKARk0c5?T;V2r5#oS&mBHo9Tr* ziGKgRPxz7y-k~kYD&q#GH}c0H(GKGnFfhg(`1|j!7u3r8&aC#3{PD-hj%J$eA%Fbw z%xQ=p5;6cZfNxj=afi?6Oz~C0+7PiM<0A9P9kvHOw$pTE6H;PGUQAwUuEVb|S^)E3=YfrR= zjJ_i&S4k#REj1VKURrF(o7s>I&nIM-tXW!T42`igG4@Lbo`&HouiEdwKl_2)@%)4+ zR*@yoShXqHUviC{$(o&zAD#gjefC2%`dDfbtm!6@WU++L;2ATBOuIfw*^(EG^qj{H z+}rw%9_jlww9YCrK%XxltCpneme+SoN}e+EADXQ#67upGKJt84FPHoy>GgeQn!fAL z2;~_V2MKj!EbA=WkiXS5<4ev`Ldz21A4KmN_73eUJ%*l(A`6z#S}~$T&O*aF%zDXL zmMTIeL&=Gyq!P%W>@DzCIlr3ew)#F%B}?`P(RfKDULn|tks}o@9zNrGxAk3Qd>N=B z6o5C-KC-~NWpj~(d)xl#*44Iou)&iSK2yG@e}+k%{N?F;8^Gz-1AA%Sw+`0E(@zGl zl)R{xr1w8n|9`4pt2Z3?Q?Tu!&kZaLwpSk=<4mQu7Pi>n3%1JWf@P0xGqmkJIH_>W z@v|`%lK%h=0Zka`{r`HT_e<|n&z6U1p_i@g*V2i1hCOSy)$G`oUyObCmKW(*k)9@y z#j5v|zO3)tHe=Y;+F^$IENQV~pE^v7xqS5F*YuqG$N1aD|EXl%2Tbpyrs#7S!N>T& zgXf1${_p7E=*7`D{_oHD``Vn$H~#N)RxPCKDp?PJwwptTo|#D4RkA*b2wqi2Z>;Yt z<6Korw&WjK+Oq~)qlOL6xKXwiB4xwnk{7(%SPgRcY|8#tbIH>4T2p_sAkO$;H1#KB z!74hqb*$Ndi)U0OYu8BcIIV;{A>+b5#QFH12(kXw0JX#^!e{;Tg!GO{pIi!65j{aB zrJW%mWtqHup6NLrkUlvVq!5+9)a~!;_@{%95B!=ljhuc?C3=^dHG|#GM4gfey#))0 zR|NH%Z;a1RNbkj~<5&Ih(Q)gyz(oj575Zm=eVO@dh7Sg`T6_BOf)%T3eL`LyJA)B$ zNV?fva|*V>bL$#oHoEbn(Sqy#&qQ8+?ij}}cZ_jp-%iX3&0mk4HIXgrY-Wrr+dv$@ zdIX5WA9n!pY9|c13gD*9z}I+gZnwu4q!dc=MaCv@q)te0g?65$>ZfQ0>D!%7tPgVs zT+Xmkz4I`9#j!tY$^5=`LVkGE;5q-ZFQ{*Sf7idA{2#mH348m+TENHnzoVDWTl&9O zubzL4|N2w@zBVWGjsN?cRnr9b*$>ehR%nKaS*Lk&GrfqSUw*k!bj417`6c@OcfyM# zt5eMCKR7Shnz-nSg@C={wCD~(tBYTyYfy#k^^=O~;omvX}Ct zaxFBo-}8|aq=))Oz2SY+q(^!h^d9LQAN+WD&?7x``MYPp;*xJk3XVT zr0Xp&(i1W>@lQFcXi6)35|Kc?kY zXZ|Do?c)Eu_gf!L!Jo+kKEnSU9lkhj>;GOH9DL*d{*1q`&B=V@|2}8cK8OFSWUY)^ zLA5zRV?GH3mP77v5Jno1Cvu6+@pj$c2~C*Xaf3roEZw@k`+;=_+JOHpYHzGvYEMWv zfbGbzXr&atLUf*S#YYP$dYm4-dW9O9hSRO-)AnbsxxNYe_9{xp5wu$BKVGps&}Q~g zGg@V8kjN@fa+b7OpOA#Q#|?fGzoHH7pYD-fZoQrWpMK@DfzzuU-r5KV z`Qwi+n48=+%gbtW&gBXD{hRIWzti82`(K%Om}dp6?uESVm*8ICHwWwKDMB9e|9#c= z|2jH;e*De;_ow`UpTyU`&Ys2s45IHkZhv9Y3mhFB{`e3NKyC)J!DsUT0S6F$_XRva zn5;vcMBkCEIrME502xlkAUX5A%pmgyrXBj)3-4}muU1Ib){v-S@k)hg}MV0ENZv%pcLuM3B_m~s*?4E zS3R_r&-L=s>H_q@S|*1(zaM08>5~zB+&cfCLH{eJJ}p7qWAfkgE&1xCOMp1|P6NWwN$3 zbje2>3o3(v#)4xf6M&)iEPV$^M?P=KJHt8 zJLtdWiSXZk$a{TyYT(EGzh1s*<^Mf8e0BUS|L>pj_q8d|H~Zh`tlHm+WKTr;rG&6U z>iSZW*x6^>^Me+Jz)R9dBs~bcQ|o7IA#QsokQJbBlAt)bNj2`Mt1qVemIcDzY~?qa{v`Gc_1a#%5pC;4M|8XS*DTk`-#rmlcYYFeLE< z+(3S^7n(l~?mpdMEmUQsPoJPiKb(xun-9j5Gyj0Pc#kawf&FO^#(?-$830N`9AnsE zd(-rJqO!7Sn0i<2j>(?Mux3-_dq<_5atsTB+x~>mtmFkdIUfAzpH3c1>jcK!uI(X^ z)t6^%)l6W7iF>Y#Y@;{sHP4vZsEXyyHZ;q`{ls=KQVGpWeym1Me{U3c6bZn8KN!Uu zc~dFM(BwP3xM*bHGG1(3IZxd0gGRP9@*kuUA84ML@YF!xU?gyxt%DdTx~JAX`?1dw z`}sc%Oe|Ro(mPwT|7Zt03CEqKq@ToF~5 zpeiJ4&9V&2C7^XNFvTms8hk?2;qaOwfdK>*PsPZ!U;s1@kBk!o>qE=*lK2p)Zcp60mo-+Cj z+ez_j6eV|kl$xT5FY;fYB+V}+y?vI`f-gVSZuV#VZJqy%@!9BVHu{=l>^}cTFAtAj zw$A_Y(W`Izzdz+KZ~}YaZ&=b~&8$$jtG!KfaWpuH$-mH|rgB4$4i26__>!p^$EP>?33PBcAU^Uy4I%?g&&;St)S6})$r&vm5lF>ku0UIth$6+eAO@n=@}y*? zD?<}orm;x1Sc%F&lUfA*C_%8Cu>?CgB-L7qdbK7$Vcs6DNGg(A%du^^gxmrwaiX%g z*PNMvtJ_a#Y)AC_tU$YjDHd0)w7&LJhX!LuNFdLgw)4fGR)7c z;!uqi6PD41F-;+%FxwoSCZ{SXQO^=%2DJON$ly>AA^D0IH0#*&ZF+3!)Ut8>W71we zvw9kvtzzmPp2NaO<}^iwC{|Jln4;GOrjawrvW=D$ZeigTyZ}7Wvh}{*bY4_UE@=Xn zL>%0aZc(>@(yPP7((k%6_(2F`$BwtpfIG6mcy0l09x`*6IyiJ^jXePzP7NnwdlI-d z@RpDd0v`v5qS91f6g0~$*;e%;=anHImhS-U0>}Y8a};18n<}lzR@hyJ>u%?55i%;8 zD#P#^-xq96vn3JBhnbhB-S(vC=4ACXc;7p+ES3aZYosW666;-9&U_R=? z8V#Jbkyuo63#HeoQvR^O`m1>7Rpj%P1Y?LIfQjUkL*b~5t4hV;mE~9=R9&i&gma~8 z1~o3=jx;TB`}NI-+=}D1!bOh*GSa|;V72wSrCcSof?M7gvo*amY~*{Oc>Zc)AMGME z=W6jW5rrywQj1z;8vFuAk#9?eqO*H!NPW8q9#_oD^U?j!m~Q)Z6Dzl zf9Nnn-~WIqZtW~9}=RY z0ePd@Dm|<>o>|U{%xb(`4X$12rlaR#*xj5hpK8Tt?4S|wXHO(yg z-3yte_gwQDg(&*4^NQcWSI8i@(t?xN(5%|@my)rVa4FfHNHihey3LLJrw6ps7K=4I zSZX}pqI8~|m-Qm!Nw(35T4r<;`zIxnc-1O+Vi=21ZVTCbM~i`3-WsvvItSW<8+06O z(1dED`wy@?d+cMv%1R$FNa?vWjpmSv{JO;KbUTxCtW3}}$>NSU_5#mXfO<@W9i5B{FoCo~fUGdE%)@&zv(R}ZhXU$7HG3D?}V zl`u?R6F4)(z1|9Y*A2*csrTQ>LaO4G#%Z@H6*r1kx}y4LAaX`<-}4ui8WOHg_i)W9PpkeXi>#o1P<;51Y8+W+xHXHz1`Sp+5O0Y zQ?1qvS+OQ2T9(NQqvoVoLBpRhbLCmC3U3E}MD^}D1EI1ETMCi7hTDTjzDK_I3{s1M5 zy(k0=;!!JS40m}MRF1H;>m+h=)jrO&Rux%kcr|z^Z%CH#l0%`1ko9%aq5j*ND24l> zElKIZDg#sML`fg`~)Nq45NzM->bYHLxs7L&btMg<}sB*Znj{ zPJ)pot0*sG%QpuiJV*z{W@~c6z-~Z~5V1aC{&tKFcE_45rcCoqallLfidO!(nYp0~ zq63~bNo{g&NIh*I09=Y`6iX)cH1%@giIbJTxQOB4+Y@arTDq@^mfL?L`01_gU0u(| zXQLje*hfr(~%3zaeTs z8E_&nh4?A!8g$dW!kz01$VMxYF{-pU6>90tEB>@X`e}7y!K4;Ozt(<*8d#-v!tirQ z%o|7+p6jLpitweUGy2M0`5SP%e<9=TRi>8L3$$D|0sQtVEn6oA7>GM2akHv5muX*5 za^v=<5Hi;Svt}$9l>?}OZwdyg?PU)38<+*c|a5iwR7$$L4SJaK%3_Q*s@kNZehoDCn85yTH{ee zE#oAWmL$;FkQX5A7)t=ks-6o}19DSjOexqj_OZ-(!nODdJq896r{CDLxyV476{xWu zR9$&aUys;U{ zzD58vRhLXEmNGO1>0=OVi5UpF3sjI+%!@=T$q?~3=7fMm#y+wnAn`zW-GWHAq7v;& zZP~-v0$vWt+%h0)fQ})Sk4^n5A+9(C~t!OeK;p%vLy|gRl6ue%78QyKm+; z=(qxKrCtrlIaeS$F{xXSBWeEJ)s3#PVbSb`gXZuLXr z^4G7)@ahBk>-g$CCXAy6_+u&cB;8Cn(3Lb$lll_`dQxiX)P~&SQh`7uw@Iv6lKFUk zF^b96^;Lg-^?EwKdNaBlUCm>1Ihvlm9bV0cr{jz9`~#rS>+$?*G(-1+q3L5XoX*E* zHy6VxncPe#*Rv7cwrDNPSf*t)Rf+2sb}N*5RxqHmSr3UHW~rgS_(yLLmj?;+qwjJ z=Kxi*gnK0$FA|<=#uiNpnt?%`E~lC8)KchVP4yBnNvK4dxxU5SU9IY@Y74rsnzf@b zH9p~m+01~hh8lytoi=d`m7aDc5MftBr1v}vb%(b^RiZ5Eip9Va)EaP8l@z@ovSnR( z<_0do4o{Fo+8yr%b2m9S0-n(ztIZWy-WW=LXX~o`9bQ zWSHnXL9c?Pyn5uJzo>&l@qVpY_vUeJ8w+=u+bkEFtc5@=C}=tx#&*!T5=xc~=t&I4 zam$Jp3ByU0s0KCEZv%M8@`6|HJUZ)bW??5{kr^!%@GZ|Y*}+g4jg6Rw-pW^8HOxJ1 zK;DXbEeWA0=@tyuGw9gQ4?J3mEU<<+p4*s3K#6M}YeMSDD8LJxj<=$CitaT<0U8*c zu$Gzl66v!(@Oa)~ZI*6rQnqA8if^n%mUgJlsmy^AS?1cUqCd{Hl-^oqG{;maCiU?# zO4N8;Z@kzTX2VZtqgTMMsbl8v18fY~Mh6Qb@aXDX->Y42aPa$ZG8tW+kN@>VZy{(4 z$}-y+_l3}PPyYs>+&fzmA!Po<7h>Z^(bOhbwp#FvNr)RX(p>B%c~h&66-g#cy{(0$ z$t|lC>HXWk`&tH|nJ~BA#v&6?RU`EUlJtP=or~go=PwYPQQP_d*e4*ZgP5w;qRvvy z;yXBubP!zIfo)cw6}2fU`q3FeL8wOn2IM^>G*f~|hOLdB)KYP1i+H1yFFl5AW@#^D zYg%0}@3I0GQVWUFFZLj1HA{)6!99IfG%cUT`9*`tsN&8ZZ&uFQU7dQyD>3Bap(|A_H+a1bGiSs?!w9=rY;NKc(8Pa zjpv0CLxD6pjB+eaAoYs{Xv=6rWoHqYRu7sS{5=51$V#g&XiiK1f9VELrjXf)~&3*&?Imvy7I5GW*{d|3zP$MVQU_7%uOwdcOo`GU#) zlPKC%>WpC7GO}muo9*NN_$9aT-FBUkm$cr5jD4?AT3v=S8${8C5k&Qmz*|JoP+2{k z=gyuy``&nRG3@OVERGyV&H*mO5X5gBW-Ne&I-wYOoIpou!A12Z{>)Xgp%b>cWgefH?fiO>UQ*aIQOP&<83QvayVHze;+J?Lg#afuaBsu(G=uj3fyk#B-bJJ0G7W~$X|m=8Gv0+7 z;q}aCD9mb9acC_hQQi^CdIexE2DAKbV~DglLvod}4_xM9veeD%ip@En%A8 zYvi(kgQ=`aP1NYgP|}SJ;t0gBC1VPdWcFF?LE;Ee)0?%0H2RUXA_cmS@!YDml{M`G zOAf}>P5i)HYoRKmO00O!)S61*F@-dKw9cnZf^UG31Pfh<02%F@;Rv&hHyEMW#EL_f zyLE;G%iEzhl3N92xs_W6!v}VqpFr7SbP^h&7NO&RKr=$@*u6n|q6nKe%>j0mHqVmW zAY~fB*_W6|1Vt!!+^s&BIW?zoUfVKT8sIyj9z@a1aL>k<-jd$$mE)_;8kw7QDeA(V z!$f2mOF*Y|9>|HBpv_sbhR~75&8BQzSrhHQS7cZeqAn67jTfw{m^3%RnlIq&-YBLt z5jG1RN@4nhS;WTU)3v9BFTED9F+NE^)Xo@1H6x?dIwlK|q6gitwcJ>Hj>!lk2`lcn z6p+xx=?4cbwp3>xRTd6sQM z(2MIeDU6214hYs2UMX@~7ior`%iE;R`W$TbgOClXi4{-L`3|vE1AwPV!(XIsKP((* zN=DTfF18{5Hm)fQd4X^TJwtoq8>EybMwE4i!T=EEec+k{45G-+)XptHpGVhEgVcWC zDJU#|Hz31yBS$8ZMC2tcIEvs61}ZjpzVHul(c|6R2(8+q0l9~3<<5|sL=?-6C+J-0 z`L%}_4Cmhx7;HPH{=Kp^32~Sg2`>Zo#`>Udt(e|vy{w@lj=Su*-}UrTw36r zX4E9AUM_h8{Ay$Oo4jx{_y^+4?wAZ0)9f>Kl*+7ba7DK#5nHV6#y>qpca*)(YWH$u zY={Zug6)S_?0Vj_P;k(YlF7Rp;DxuivVF3kile~bmJT`y(7Ni}HgI-rBQT71cyItC z8WxG{mFtZHdM+fn8mt9f#b= z2d{a?u2=<{ZjCgT5KJO>{s^SxN)(oU>kS)uI*;$3(~2gvG*XD^;0$j<6NEC#DbIE_ z(BqRC#=A7zC5?8MJdr{ZG%{OL$tHqZD7yQd4JTw+y7XbD?~#^BO34)?QRAoS1e!A!F|^2rS!9kAn$`_y}&ql=EK z;OTt=kJidEdEXx z^!8Bxj{eWSKs(vWf9N~31Jge98hxmzKj9|r*fw*So}V6(VR}bF38Sh0N{YI)6nJFR zl81+bLu~(^EoLQzI$iJuNKA)64GyB{oZYcZlz`52Au=rz1v>_Tv5Kz>Lq@n04$|O7 zvGhU&4K6zjf5S_)NsS+HiVBnmTOF97&&rOhG?_r>s0NaGcPIrXKyqb$?n2iA^tMMc6HKy{gM4Q_!4S4TsY^3=6#o|=c4Bg}?J_S|;27J2{SSFh+DUs27}ea_nf14z#C zIDL6Xn0Rn!H;}$IaNavP9%}L)`kDA)(}qs5?b>aldc3|f(8F#!Pw%OHq8Qj{sl{e=61#<<%pY-o8S-cMf}aQ=&+7k6uw_m5lz>eX=D_$S1#Jq*m+S8R$*+ zdgF`Xm9YzkTuc?FV#%CIqjhuhhga5lBYo0hN>EvX$3>Xn9dz8GEsRrT_26kUmmojjRX z?OcWUi|N@(6z$P{fH4Sl;OgPSAJYCV&nfRK^>Y;MEwJzN@$BqkI0jG458!P%ytp8v zf1ON6GxWY3UrsK@qw}zr^ET^;sY^sM~`(r(u>;p5}FB64pAlHlKJwyz{r915aMMJ1}Ynzxls-%Ao z!!+&MTCJS!S&4kdO6f}zxFY)s56rr;5tA#*Gv&-NTcLdc5;nR5j9;*AesQP%rR`ax z8I^~?KZ&C2k`@1Q{#Wv26kUp9CC*RD^T9zBy;%!Yq4}8nG&p({MXIWcf@S3S;Kj=* z8XB4XXz)r)&!F&5$&0~{QN&7?^(B_mA+Mq+1(tdc}+WimHmqD(6y)djcAcDND&)T9KQA z-!Z9ZMo#tcVC2<6?EL*l|NFH~rcZqC`iZGrMve!Ehf%Z?Mb)SG3^0T1gG-+4RWN3P zwEru;qxdLY)EfH3gDB#KsQ7ZzuY|~y?&-N7G*H!F@S^^x0iH;HN0UvU7H_bGA@8TT zLyO8a2-f13Bj4&0c~vY~7a|iYZn9S(u%u*C0WJn!@fy!oR9~v#uWPK{wbDxkIW1Jh z6J;`g1SlA&iPkJDO=d4p2!jVPlbjWps^l5EoamDQP9qhQ)VLu4rK+JE%L65>OMtQB0L?1QKb*3RRp^)Cg9Jj<5^_6NMk_T+FnJ+6 z7O=(hb-mZQXx7Echc5-eRq%>&u{Vs*)pdg}^Pcph@%-&*>bOA7m>~}qdtUET*gAan zXR>zsZn0!!Lne~ladvN&McqG;z4_#9-&%Nlc#3RCU`v4es9l!Hx(F>s^T}BUMZise+HsG2ZE^53j(hC-0MTxU>F2+c z251=mo-|;Kj=RiydI4cCjnx;#cz?*KZ@G0E8V9+d%hQyCE+Ca@%I;i(W;mUtL=!GI z8DthrHv=mIT~>wwY@-S*((p=kqGd(%l1U%kx;?a!UjTo+pD9KKR`eD;^%Gh<7gl;F zII{gVHd>2oID;InITNW3#ZoL1CKQ6|Gf}LVv?ld%<*CxF7K{MLKQlh1F#-FC&B|6W z$y6iCzLCS--L?BR^Bc;Ns$Q*_av5Y?MqAIV0Q`shK$2TB^g|bchUjSDFPcAj0%IR; zN>Lc;QEEw8RdH*J^qfQS$;vz`@Pp864vT|i0@;*?1GWWpDI{BoApZqpK^9C{)^?`L zAfaVU>cSWPi+y@bm}p6P+OJFF8;mlr3x=ipj)yeMZdq(CZkmK8kUTbJG$xwq@2|x@ zWJSO?m3xF7`24 zAg4vWqzNeM(f?H5vdV`lZ_m?Y$lu3`X@Q?`DncEh+pESQ@TzagXgi%CRitN}vX*#* zH~pS_COb`Ll59Ai?KShn$AuHzVG0>utXvlPAaRQypr9~$n@|yg#P1m99BA?pyI>=w zmT;)$maHfW{ku^y8$ zqXp#X(KI+Fs* z>lnM$y60*g+y)G(3=c9dA%6sEYZ%xSHG8LLv|t2oxN1#{Fn^i;u@RmZ=6&fh7VMlb z46iRuUev}SVtH-7UiX4*7?mb}Y%nO~v@fftEb8E)vmG8z;M!VrJ**U9yh0jRwuvE< zoK=Q_^r2~T>$n?f2Gt9cpvE(H9+YuV{vjBHHVvX%=Y)NP#5$O`2i0J$gCRe`%Gn|m z4M=zx$68^1q=cCYjmEJ@;eMha2FVN2hM}|v zb^-xVY#=qDN!c!9>+QDK#6~;ZiWf6FrqV~JH3LK$!i2oB{*=*srCFC%o%sqWrO0@~ zo2k3d?br-=Q$XLd3ba#ZqQf-j1qWtEqukW@8KQ0IlGyY_T!IBKFEfybVIRTWu8||8 z2`n-V7Th4!BH|OKezKYHLr+1!^1Dln#N=i$8#E$np~A>VtlA0IQ}bm&=FY9v507bU zeCn9i=mZLLkxHBpTjaK>sRvm>J;Tm;v3dr!EqxRxa1_tABn>)S6A8PmtG8&C@!}Rs zQaN!Nh`V9#g7XdHxecw2;p>7b{qdeHf*-86YY;*mc4M> zQl-j-?m1SyH=OmKqEP;CtVy=ZU?Nyudi>NId^2`O!IRLgsz!4Z^SDU`7F^X7#mtK5 ztYs`|d0(@lf&_$6Gs3vN2kufG{y3Z|@0#p(&mSqccFjHxLI(kASw!JQ;I1*zUl~-O zCe4n^G2sr4)gN@QF-SPJU49-MaLYzq7skSqGYU)&#OXgZ2ZQsG#@L?5SCAy2|FHYT z#@8M5-ouCrR)aqv!-915rFgN*7;!%PidU>jtQk?Yl%mG#HKBP~8#i)Vu`J`7+g~n$ zU(7@jR*-mcKyG;^a#k^^VoY@D=B@`KG)?seJrK^JcQ6RY#avp+x-|_7mr$elnvah# zHV07nJ*>h{S(yo_l2sR$VtX&?M(u~7YiH7Hzyk~22Ag)QeGMunVrz!ACKZGmFBsO5 zOk+|&YR3(ja2W8P#zt&OCJn?!@ZrD;D*{uVE<3=DqIVdh5v0R76Oujj{EJY~hEqTv z4(D6~OV3;8V7>=-x5VMy!HP-Fav?WXD_hppGf`J%T{UX&n+PXb*__Hw56V*PGp(UE zr>T^Wy4gmo#1e95FjwZ&@JW&+CaDZ4vDJXQhd2;PlUo&&MMhJb(5|-CKTX`Wkx?}L zEG-_OlAYxm1@#^Siu;0kZk3G6d~X>B1W_{_hzJ^hehx)pQq$acJ+FE7fWNoPjD7NQb zbJgJh49u75QHn}lt#elK1oN)0cmfT>luVkwYKNa+ksBv-ATD0m{P0S=vLI$ zYx{m{=yn`Eh;0uA0b07K<##0Phx_Jw%dI!PhoKu%VA*xU=2`<$INEP@(eWzK<<{~= zQHM3fXnLAD_)kpc6ogf2;nG&NJVysQU|JL-yIT=aSD6hQ3b)kPrX`|mi)NZKU|Xjo z#b}bc3YS!Gcy~7~Hl;goIErrC;UTV= zZ_78{@kXgjb^`T$AQdlEM>N)amipqU;0g>b1J2K>vEs(j)4PRIGtPsZ&{h`^^BC4> z3=OVO!$zJfS^?0$Q(T2sbY7@t=1%!*wIaZCK{v~;Y$U-lYK~daiYurzL>qoH z)S1n?4}Rb~XfbE8AvxtmxcXbz6(p!>UKtQMuA=CxgiUUBd_t!Bb#h4FP0pT?!*`Rj z?xDtoLf^>$sskK_13Vrex-)Uh6XtR7ZgQr+EXB)XlTm({r_JZdSympO-wQvzua%DF z3DbS?DYJc2YL`!%>DR~s^EGGr`2pKcn|AjI7LA7m%{IS1643o6C;n><^cg4LWLD}- zJ^GYM9l=G9!@-P}I0^G}`bQ8?b0Om{Y% ze2t0ChLb;G3SB9(cER2P{S#k5`Xu;z_)_sK??L5va8yQrL6MLAJ23TLFs?a;V>GEEPq91s%)1=~eppM;b9ED!N z-z)S~tLg%tEoq%qB;|Bf2*sf*Go15r!`coNUBQRH)oA9YO4Sm&GJtHX%a@rI)-S=% zvW@X{PF-O^i5$MN?#GQx1E72`&QJQafF(AfRqnc9QqU7Wo~pQARJIF|w#0cKRfDpI za~JYORGOg$9@hp@bn)!!gtSt?pLaZ)bUZty2~Wa-%nJ}j6FtF0(kE{)1cS_( z%(bNPft+8zzq+^{qBsBeYBnEUT)^kE>&XZBFg!aO&1U%QVtn@3@zoo0eMN>>q^EzH z%zNbYW8i12TS1K3w0B;dDfBDAVK2y>mrQM{kE0ul3uu_ZVK9jwaL5Y;-jTgRZdv zllj}>9DaT~d^aMmZ!Rv#@Miw@dODte(BPboug*P~2%jCz!E=5M;p_ltt4$n5KiJ>x z(zJU1IK8BXUP$m{9#C3*k$`jU+2__J@IUmjD)9VkAMd0juViFGoZw#X7 za6r!4k{713Vbp7;k?)ayEA0d3c?Xq8BOmvc@29aXfMTXDTG1M7up;Q5jIG@m*g%c% zO_E@Vib>A1%<4$2r#l*-_j;GJ8`ay7JNZL}S?*OMWqp{aKA0CeH|xu0e0r&;-8|-w zzrMt5ZHk-;SqkX_4Z+$0^}#`3$5T!vmO$ur1YY;ZUhiVu+b4ZOeOf@c(0qB!&^7R( zC~#LY2h19ce2YGp;KjHRU=F(%_{>FKogd zlX}hC9AjI}nJk33%~<6_`r0vkdcDj?i+j#6(6-mR3@WDLAMy*}jzuN7m!V1fgdFbM zEPH)dT|G2;p$8{;P#^6#5|Tl^{n$p$*6`(cpU^txq5wxgxW9kL6&eGL*N*jG=cbHf z#XeRsROtdAD^p39L!^V+$6lZBx3dI={_w8LTedM!hDFTx&2nv(P|)}_5hFk_TXUhs z`7{r@K^ZXuOws%Pz-uhytI+?Vt#$o@%YpUW`ojeH+h?1@BzsrWiF52C6wInz6u_)ETesVsd?_KYD|52M*ZNGGRQmNB`HZSU8CtEyL8HhA);(S=uz3N>>)xx#JDopPP(y>~Sw zC*U@#kBlZn8%8DYiI@V?sJmfb8tV{J@0Cej6ohLJqUdN4WICF`fvF`ku9*H8bDkCH z=6Pa#enk4@Ow>gsH+|z40zZ>Ilc*l$m5XugbntrXKv!-H&*dcseY>Hp=H9zFVOgA( zZ)1n)kc=x^_)nRDDz4E$B4T=%TpI-dq~gKxAkGSlmF+fJn!d1x=j5a5Vr%{wN^LR4$$K;K5kjy)%D^p05VynqtwIlVX$6wjDeyP9y_Yl* zINHb38G(7l`ZWb*eTIj_vDYL6h6Mgh|Gj^*%hbQA7vL%xW3EU)EZ->N@hK z08~)YzUgt-3`hAniWUPjCVL<}5wv`jNqlG9F^C)tB;cU!&ry^F@Y)*U#;Len%rT6P z%Gin(DF7M7fEMVbfQ!?-ZZ~lY+kcLt&?Su(;4Eaa+Z7uDbx(v%P#xB|0G~;gTIZWg zBp|$kp)VH|%QpKOV_;#FK!INr;n@pn!J2FRsT&Y_gSwSJH1Uc!O+2A-Gbur13O$G|RVQN73eBeUhK^O*WcXb+^F2x!V67g1600==ys(|-= zjJ@ngSif)hG?&W^%kqJAZV7nXk*1w<=awPYa7gBormSC=Dke9Wgd`@f`9~`rO=y*@ znS!=q>nIvGN8rkrTV8B1y#q9DYOP%xzw~w<81;~sRkjIY01(W<(QfD|P22 zg6$M>Dag*Jwtc`LuP+vaj6+@^z?~p$q?sZHv<<=Q?Fv?w(|6fzB`erH;T1r9jId(K zG#mkpK5bD+nTng5`K^nJXH6WoBCLDZIg5bgFM-qF717b!Om`x?*Tm}HG3--sui?N< zk-$&fVN-g%l44_16@~7NT|ox}GAuR^fse-n6;52*)CnLErDVZ2qDb9r!cZ9Bfn>R+ z+`jZF?!vOpmORUtDcU zrhvr*GJR|#-&Lo8Gid5VRvL;#vXtA%x@E1ob%+bJqh^xPbVJhGXvTONGJ}2;mML}* z4*uJBHegJkbx~`RVyj3buvZ#@wm{YNS;jnuflwJ}i*0elEMu6C3hPstoG2S4vYvXH zsSTp&#emG|M?)8&6?R%}Acj$SZ)C>`k+g!i7gem!Q`%ue4OprWuUjsk{6(`uxS`wIm1dX z$CfqKsj-X-D7@k=$H+xDskNrOuYTFZ^~ZN{b06#C_WbS1cM9uiCg zg-(vVD_LEO%mzxXt?9KKQ2osi5^)gPEl-M+z?B)m8TdpWwwUb>wPe5|RW;UBXzDXS zsVbhxp!&#^;{%e?jidNZC#k#ByU3NQo9R>>^ATKE?W^8N1c4|5mov@UIG|T>Yn`BC z)^cl(nyi5aQrdN3jcn*kE>+c@5*X8rfu@}v|GvlsP1_3LFJu0>^-T!u8KNL-aUYZo zLOx4Rb`V9c25y!%R=$;=&1GC`ugLZd-b(F>Xy}tdY$bN{YfUTjs9BBRA-1Ih4L*l! zLE*s$`y*vEvz4v1a$CR;wzHA?+;jxQFXT8($W4%#@@T)MAZgoQnu3Y#Ry}|zaHoQu zCIDbfWf}-|%^WvP+u6m~9^wHR=Q&F`>Q;RIJ5Q}UHrp+{zJ-4rkoRHY?vcy)t$#Zt zw%WRFggmY>90hJXZkFIp4^ApZ?(ui1Ko`<)}=}P!K4(jzl3Bs)?In4GKVcw zjOow-^`z9-jwX+GIa8*E3$>ezL%OW$tPvt**|pAixAWT3sh0UKZYC#fnMqv^0$2!} zp~5D+Kp(CkcX9zK1dH}`V)MaH8Bb4BnWa%{u_+<7nijE}`U+&<2jol?ki*gjrp#<5 zI2$MQmKNzkh+9~wWi7W($Af+h*uh{+_2jnShRy1ebnoi6qz|sFvqzRvEHdT{EDMY= z&F(CR*8tBsT$sbtSop_lvxFQ-gVXwKGqj1!HCnGH@reU6gew8zYf-bu?uP%8+|Q4L zqsA45eq>>?lIh4fqkTUkqklcSxS5ULjoJxKrlZNl@N5MBRp5ZvDDg545}rJgb)~yj z%L55{8y$CKQi;iII3Lem56|Y;(+}kT+zj#Q;}uv;t{0mO*r$OBM$`kglfewg?D}#< zX7k}3;ro}H>3DWNK0^?#-`>T=^?UF>GYg8HZ7)nP*_h1GRc?5C{Vsg*a`*u|olGvk zgV65RfQ+xu-Ej17bTyC3?B?w4_U7U$kFUu2%@n-#tWTbs^kg(0U!MF-tUG}L`eJnPft-H8w2!)5TR~|w4f?$~bzKjR z$X?K2tXF^ZZZwT?u5KO2rQ9w6ai8@?UZbfquHhUUMLoREX)o!cGFgca-B|i03tli$4h{bXVRbZ5h zVOBnhIc`*)(VxLn-{!JW^}-4S8r&ccDlZy2MNl;ef`HEo1p2drd3|BXe4D&Y#`Dq( zN>&nA7DXXoJIwxxCWCGE{cztUKzA&n6{C!EmSy-_M%88>5Ga~yR0Im5eXNMa^AcS; zoh0Iu`WU|=$h#8e^0Vqy#gba`Y7-MyK#D{VTx;v?1QLGEmEA>{MX=tXhB@2xt=Sx4 z)@}El)0A;kGQ6e9Cf=I9bzxSO(88g9-jz%rPCdGX!tsGauW{_P3c1CmmA~@SGzU1hL+~d-HSv2#n=k2xoHBqeV^MU* zWm4yO1z;gq3Soa>1dGXn1$SS{FgVLugV6KD#T3{H#}6ilG3Ub7=mVJsuB~Y!p*;HY zDGpN1HVF&6gx%cgFg(Fp;-Nr1GP012ChM3KY?bj9D-srKe3Y!zvZJ9dL7aqLTfj_{ zmy_rFwp5=61d7>)Mf$*<5NjrKn_^?7=~BgZ6;T9dlt5SNbxHQ6u7XjXW(4VId?Ff+ z`-l5}d4wbjk#bOF{aVXSxK1gf)q3AV0YGgx*s;*C1_YB9D=%J`!@LmNKJHm|$4D-UYOTJvzwYlg@Hi6*+%aYtTNPXH*}!=V z<=p6&1BW5w7}x+3*6C1mpA3)m(ob{p;v*axt8Kh_OKH`FJ`yo0|@1@X$gx zI=jBQz8s%vX=66}KR2VR`FMC?oBm9$r|1)WJ)7%^zaDEj^YmsmzJeIJsh-QtC?;>N zug~9)FD{^SEyJ9RCqpee&xY^DS8rx|3l0ZR4lU!rOuu8&>D4i%*_N}PyEzUqB|*oV z`!Ru1%-&GNWUg%FFPK*vw7`07n0rGLz0{{k1x^Pm1qS6`eDyAKo0>xm?(S9@=~5+Q z@f}o+qtc&t=q|CMAh~A?Nc_3irJuB2?mreR3|G1XAc!wOek<0;xS!CHCYk`3k|z)) z1;I*uB}3);1J=1#kz7FwqqWC)rhbwhr`=pM}>qZnBUkr7O;X~Z293xq$1oL7)` zFA(xzD8RhCa3T#sxLMHNxz}>ID-(YVe8I{s{Ex$uA(k)ltXgc%vq+^wJ_=y4Y2*y1 zVEniTR*$gTT5-6K4*ZA(=tL0&CcrJ+z!+HxMnU;r&4@@Vj>wcL zk<~uqhvfr9On~i^9HcQGWKC-=}Hj;xOCNzWUBk|;e z-C?#3yedm->x82$1zL)Lk94A_40ZqWsezS0O^Y@N)qTseu%b?0( z^No{PAc$*pbQ|8tW zL)WTC8uv{cI2#A5ye^4kV8`}huXg#i#@y?5z}&;ycrH3xzuiby654084fr%D=8N36 zToRfNCs)_=vF3S~JY#!mf6yq!vSl)B6(uGK76;j$NY|hpQv+Mz!#|_W)&^#%?O~`Q zy-P6h!$lBw0mZp`c=dZ#o>#g;V4(}BWMoG-{-%03mdeI4nG~4zT)G4({+#a`Xe$Vq zD_>f*3d&)LB}v($UaeYzrReXFcsDCJ8|`%)7+$~^2n@8eo)HYfNOPpCsDf&^n%WARNiZ>X5sAha~8+!L@E3{zEGUyS?Cg0JF!vfX?(`P+l zwt6EAcrn*wm$SW>0YG^NouEPxwsp{q?(D8E(W*(qe3hS|q>fP@2Zd_9Yy=f$SiYcg zB}_?%!kGHQIy^=c08L`E?o5M%F--BRP_gA6L#~lQGxRgG417X55G#O$i9pDnu@7+B z9XJ3f`n}!5#+ta1H0>yuRQqt&D`D!6)rxg7gU*X0yfZ+vd1tFtrXpY+fm108BmDW2 zP~8S0tQu`xa;QlXfrQ2ZfXZ-DK*(^TlGy-)FGrB*90(OKaA+e0`wcJz0oU)-LTm!u zTCgSLiLb26(K!-g2WyIQNzN+RjmBy2yuIhf;{=0*HB42-@)G#Cl@KXeQXuWZI{jef zMXt&k;>}X7d`jUMD<}YDVNz~8Kxi!33b$Ad$X4d+(68=GROC(PI!KOEgub#yECK0& zl8mirMo@PWw~C)4F|`5_s-s&Lh^C^qMO?s)hh{sc8t@LNUj1&YVNxjev%R4mJ!T(E z-eN`}wK+^N4)P@v?w!6Dgu)Bv-O$^W0Em>06Gm)ErWVQqX<*US}Sakc>| zBlE>*f*B8@=vOeNgVEn)v}{*P zeOhzxK+l%Q@6upBg$?fpt4bc}YyVHm8cHk5VrW{ba0++qZgciQ*>*eeY5lu;^2}18EP;E|xQ}?7U*MtAQ1G%iTN@Isx z;$RGY>;bIUTb-Vhy~b&Ual;+o|5698^eKG~qUh@{PdCW}$!0C7Vx;$Vs9KLSVjx`=V2FO( zf}ou+qKV-Mnc6-Xa2`&gXm~lAj?ad(DB3&R*G$?OEoe$lJcah!&O2`8(d(k3l8c|C zXzyrWH@IXUc_Q$oB}*YaUAPcahDFTvcWkTQJ>IvSH){CCWLT_fo@G>js`#p=&rYda z)Tw?T>jjO;spJ(`P!4Rx3o=$27T`Oho16yU&qdA)p3s=QkxWl4CU5EuEoe+;lou8G zE3b?Ue#P#%vX3w7gu6DEl*)=3izq&NrVIa#DS&%P z6I$zU&EbNECf8+H?fFh)+Y0LZ_h!RsPgAwMA7O+!<@dB`c81S>j-t`c^m;Oi$>sR` z{9;5#!`a*fY`oS7B#QQa!ZpYiwBUe=Il~XXF}a}pS6am6lx0-bDki5w6`c0pGWi=@ z>64?8w$4_13uAI71+Dal*Lo2o`B1Nf%IID5py(qlV2C$N$d&%^wk}pwZesFR`WwB4 zn&mP1>qf3Nzv1Ugk)`5}>JLT53bv9WCKHiCuGp!_5%y`V6yP_L3;2H~?&z)lG^fAv zTaJCrYk8~Zh~I8*r6yT;3T}Q|Fl^RbPQVbZv2pM4z^vDb!JLOhDx}oQzzVLHs+PCB zpyV}GLLc0mNg)dTsRW0Wl*QzXX{IJKH-Ja|n4GO?8j~}T3n}!u7sW~hKcD}~7ox6s zOwL&@5{(#1V{zeyn2i2b(@IE5gb z@8SRZr(7vo$7Fn`&%l|0TkL`@XrW)aq$yodl~AcaXI%eVOJ3o&;AgJ!=aOzjrKP4z zAw`mi7*6LI%`8e>@fDLXnXhO|sUahl`UA$md>5z9hBuVq4>J1e;=a)1!r-DA~s|@kI-)0?BF>3!Flg z)U=V#!PZiA1j8UGj=2;*sL9h||aq+GH?WEt57G z#6c2EiVl)_z?VSdIkfzd$3AR$7OiNT{4IT?fuwFQ!7X+{L;46b4HGy5zsfcGXUY`0 zWSgsn9AQNDCjT#*$i=vRq>&FCpOYJ|(!;7GWlVmY`T^<16pu^5;+T?i#^re!^M&Mz z^6W&v;zHiea5Tk7Wj``l1TkK3&W-oCAe#B|N%1oi33)}M`@=W%SK21ONNJ``{;oEe zgy!$TVnQd6EKBM^Gy_tj6t#bhm+F|O$y^TK-oWBv^A0lfX(o5AGd>RUrG+^%VnA>+&&{`_ z4{qz*I%EcuG@_x|#_v-<07Cm}0Mv&pq!_|tkNVuoV7GBP zOX=#g>@=vA0lDHK@ENy)RZecrc3iL|=1U&ROHLj-njf)GW9m_{i42BPMs6d7@-Y;V zp8^)i%R)6G`@<+=aYqvK;NM#=p%7W{hm%htD#eq}EvJ-mkdb7dj>z(-(6M8oL+2>L z6Yhw2TgV%4gV|gyT@aBU`J6@(6O%Na{l&^LZ(_zgrVqNlbGe&H{xvdUwwP`v_qJnun1oDO z3nccTQt`#$aOMVoo)%OoS~G^Klr|YgK0bsbiyzH{5L}$Jkoi-IZkODrqNBjyaN%2Pb@%v7qa-L6?b88s4B7IoVblKW#D54;AvISt|kHIlm{h<3?O z)T5CXSXJ5R)b_lj^2>d5<;l1SBx%6bD$wNIM$_%WG%4Sk~w zY3nm8x=Huc0O0J{cGUKESu^A6ZN(rXwDVm)OJp)>Eg3@ znJ23ovf#cN;pOQ>Y=J8TzCXasoOw-FtX8Y znEF}9DP>R<ra=+N|(sb5!D$Ng8-r;+|hFmg!+Hn%hLnC!jkT@D+|rdixK6;4g> z&mx_g*?v#)6oFVHpQ=VX5m22Ka)r$NsB+bd0%}F)#u6&_{~sWtI(zH0$f#z%oeQa| zP`ATYjM&;l)%+X{7=N1kv*vzW!77tg@tSk)EGZW~1U%HzqFYKNCQ%xKC{d;N&{7n$ z`U>|_kYM(Ct*b~UU`WGfYK>iUkR>3RFFFv8J zz6znj0Fi7?ta5HByNW*Qi zOk0n;{!4c zW@*gGH+ssxj?W|ux@wcTPG1;AA_K8PhEYxT@-F1qT;x0 zul@_7q9~T%J#Sekg6KYIYe$SKLChT~=eto5n+i{;8X=;vw_vdMvc0_yGPgHIVLIJZ zv?@B0tAHfk*eSeal;-Ndf(Z>QL(HW_7Uayt)@n`qSGSip*T0b7#o+SnVsLpgZngTo z%idXUP42Ua&3%^Du^TT3sKR$#U5zaP9kq3I#0=cw`84bDs0zg>u1jqiJ@ce3 z3xBN%eO*I?;B@CPX?0J`UBs)EhN~&5x*}&G(R+KN@U-%+S|6oWy+OAOV9TzbYcJDF zxHxUK7Ih^!Wt%qH8);zAXhQce%s^HAvf;$pbeFC*O|DxuHK!ju1b#|GvYPVJ!Rfz`d19qD7H|NRW_;984EVxJ$psRfF5}>VdaF`SL-zO1 z>7&>?kb=SFz=X6q_oYtZoW)dyr#`9-f)VqW5Hw!70j`P7S+Oq;oE@wSZNb3IS31RP zOZ6=jFU`yhb#72au2i2TcRbv_ZrwOrOGxEf&JL^eSqu>bwXU z0_Tfy%7bS_U|(`1A2J)^ag*C3VvlAhWgoZ|EMpaLOZsFngpna@%LEdY`MSuS{B1!a zIs^NXB|=-L7&eM&MZ+Mk;#p!gK5WKwd__)FNa1Ai?pUzMU$@iUxr4<7EJt>(Y;`fW3MHm~j&c8^;t3R)a%2@FYZA>D z_p_a~1V~)Z6jR`NEO@{-nN#RQrz*FazD%XHID3z(=ioIwAi>opf3i%*F#f}pk+3{aiUkDu0+|YK!c1{8-l(@=W zidh*dm+Por3UZV*C3OXi?3>8~RmlDzR~zyV==S?32l6cE!5+T4_zRYDP#bpt7~4fY z*?(@j6w2)WMW>B3<3B%;=T(CqQURIb6A+ez2*#acqsqIj)@X2j+aT9@iO8&dwRCNy zhUv~vTdje4a9ABtZX<4HpKKTFPX`ecJ2u+wFawTF$*os)?Mug|dDc&K`!CFbpCGE}+HfX>w9jz>0Cgiphv^H)Jtc;h}d3LHuI90OX)VWkIJm##@>78Z0mi22|tLSp$e6d zdo`gSY?0_<1$M|<$!%FTDHB(#9rjsw)@>80`H5;axSnuD52U!ly#OS0BXC)q=`>02GjMvwfPx+E{)em+{lB4kWkoKT}LghjAj4RC6`666pG1vh?A;%4aOB zX8VTCKg;V)APXHvwS(&FRT?5B=7AXCr-RRFq|5@X(sdt`V+ z#@?LyX~@VoM={>_dSn|e5wOR}ZEmW0f z`ilvZ{Nx#=26M8Y^war)$83P*22@8$u$K@ldK81 z50XdVT5cg#Dd~9$IXOB$aw@=BVICD4F+(Xhlh41A_rEjL(}`&BcnzjjcV*&F-%Ka z)>fyVKyR-u-;lq_|BQRrZF14;_ipjm-sKs&=?#DGUA9_1;l2S(#v)r}Ri~veFEF8! zTF`7#ix`qxh_*@TlFT8p7hgLWw&~OzmIFTW*e83+kiCa#_SpxzSV|i2C1sJ$@Q4Ky z7!93DV$`NuN^H8bJpjFYpk@hgFgLf!Vq-34bLvh_5Kbmb$SK*&{Jm$q#+}q5d*=5& z{m52VLpG0&7sBIZ-)02r9v>KIVx2o=4}a{llNLTqpqnT1nSxrrzKbE3t?r|vkJYRS`Wr4P1oZzd=!C0Q+ zXWeIzS`H&UtY_LfJr?N8+_RZUfoNTrGReiMRtlWFd|BfCoKXv8gd6nP!OnI>r34cS zIneI-%!{3kn(?)pf-9-LE@FoEu|*08)FEEC)%vkFlJ{8s8!w0ii(#c;cexLwUbG@U zPbW#H%uQRCKRGABx06;?@{3i*h-=$-d|87szJS>P;k z3Y^`TJ5-ep+r!XdiQ`fCWFiURvyh>G>*e5Q^7ldSymxuFnP^@ob>~Y+Jw@geJefO+f=EjTM77qZWl%FXdfQIMVp>tZQB9lQW&w6I)dIL~D!KoIjwz?Gz zb5$Ks>t~atQ@J=(Eo%W2>p^z?EtJUo_9$f&2BZw_v9(1(LH2?DKXL|wXu3OB@K@w zRw&1S4q9e7o+cQ~u;G}fk{Z1oo)1T(;pJew*+Fl170Y9P3UxBHwC>1U7)TH*4K7@6v?7|C?KlDm|RgyZf&DXyCuta3+m|tBS}Ht=T>VxynNFeU0n}0 zXKcdZY#_?(5{G*jeuunGNxWcaRO%#Z{T<3~Dd4A(e#~YVtIEH-e~mtTQ>Qddz{CL@>xA3X#8~%J z$}2i)seUz9-y2zZBYX8UEzet}5p)*&w0XtSTvhS%MQUEQw9#pf#u+K z@1X6}@qx{U(!M$`1)nt&>fqktHthvGOH?XoJ+9W}Kp8z<&Qe`$SYyb|2Vh+L1WQ11 zoxhW665Oj0GnFD#@-PAE#gz=4-|~`>k30_j$H2#B&8`V*THX%SVh#sm0u^0{uZM#( z@@jB?^>eE=^caT2oCnOCCoB>P3!*l;GI{a)s`QOp->hS#n~r{emsQBIK2h$)uM6}$wLz#>(3xokN(I+2GYBkGu9B$~-7FJuhT40J6_qoi|ih}i>+Qifa2*7$S0 zyur|9rawS;tOD#K~!RVU(6XK-s17PWKW1t0iWP1MAV8=D_LU7U zOEarF6WX~%7eX-MYyyp=c>=?>SAjIKeCF~8W4!b^rxh_JiP{W((#P;t=dJb}g0^+(oN5cs9{P{YKST*$KeL zQ;CMv%x1=Mx%ZlV?o=ssjZSf<<6OJ^%_K+aKf5A9D@>i%|pr12PI z=^#0PB}!=lJ+d#c*c%(o*$7eHJJ1>UCa@k_8mV6hQ(j`hP{vSog3PLbEh4bFvGUVm zEm>tml8+q6%bbScx@~}}4eKRdq3+!FK5(3H{l26l8xP+R6U7| z>owHEg2%sn(E|^*TchN}ua%r?>HeaU#{i>O!3XsdxEeL{qA?NgJ;;7q%y~5T(DZXSParZ`a$@E|mO2w#t!vB~eT`s}bQaligMC|VFBm*#p-H2|qGZkz zh%!T`j?-3a&ru{#)5xa_P!TI9p|-P#ZMk&W8is9)pFW}(j~uJCWe0oRdiC(-dUbeS z174=MuF+G!8l1lw-d?oH>+9ZSf6ykwo8I{^=rnVF`@aVludZ&d-)wY{%5}|6q6*|z zlKTc%CRt^o3`+b8Cs63kry#O@j}ryqxaPCMZ25k1TwUFWV@Yi?8&zjt~GYDOzO6 z_?}3aN3nkNAO)H#hi0^hIB_J^(F1wEB2Y_}CX>)THuWu96NoGYW_FkP2$ZOm1 z=B@nm{QTT3B*WKac=`J3`eJaVnhdYW=xRJ3qDTN?Tjy8fF}Zr(mXn_K zE_!bUjh;)#%Hc^2^KC%%- z^6~kAidCC`R0$K4RN1%Iv_+*sy(zM-E8Exy49l~LoYhN^M;3;dQN4++v)=CYW^jGc zyZoiGIKvI&39`q5wlN z@s;&xH1T^zF9VzK_yF!$$2Zi8Omv;nBOPx^X4*vsSeYa5smmH;i{rfEgUT>{>u3B^<(%V_tz;ZWzRB+4F6lWrQ`NgsyOkw;##FXvh=B``G(ePK zk|qpXibXn+uTtfQi1zYDejc02UFBbrJRxFw#%`GDJYC7njr?>;V+>+9ur6sP+#MWH@jjGTNWRL9 zBD<0+;ovxz@-Z*rbg+T5{)K4d(7efrtC@oMBArg*3eUOIWowq8EQ+R+2};u&_(5gI zQV!j{$mH0vFsh3*^OVZ@`cYRzTH=KaxEf#YwsT=Y>}$q9syz0q=qz8Iy{r_a;I!4+ zWgfF#I=YfcS?eT^|zY@IylIOUDT&7v$ElS5NTg~dBzSlN>(=yew8_oNWl+ z7bfm(tj#+;FKLtG@4h`!h93B}=OudwZK4u1D{!13G;7t}a@wldi*C#*q3YjVrwa-92*2lerS|aH3H^!d$PYY)>I&L{rma0S+u&U- z&rln)ttNpNEP?L{`T(^rTCKkypSVyYROkGyijRbaeF1ix=?k(a}-%-{a>;FOQGDIDYox`N^|yPF|e6 z_~J$R~GK3j%-1+2V&8p5K7Am*4kW@=N%sD!O> zzTgj=@?VgBx?DO86ms>1JoU+l-ovNPG|P}C^6KvbLVbYlj3qP(g~BKcv0x8S`oVaR zsl2gE95A&}a-rcH6Xd!;O2OF59Z%RhCVIs$22^Fr9&xBVmZybJ7P| zT+pR4M@On2PL@mrYPwfKCyCGE*4N}jtqZyo$7y8TbDQ)&#w=jdG#sD9`k+(Mf!aD>ItIW3IDv$=`HM4WW8^F~fYSGnVL_sy^1(!!7Dk zzx6eFVfU!Kuz9Ld10^w?P6JPVxSmMzP>f;*(xV6xCR!~*z9#>;TC!+752guu);&J{ z@BMj_EXC>Jq0c?hh?sr{hu33=G(+SKmXQBF!3ho#AvHC1d$OUY-m>hM#?H<{IJQgP% z+=_8GX4FsS3=j$UA&U+nLLoVvu|&Q?JMyMTn186qeQ2>Q!$F?2vsWkN__%xAJ?Wm< zSsx!CyTN1u@N4JPLw|D8@o7RQpv5T;rTLh5uVPTlxZ7v8ZZVH97U1I{Ia(mWoKlaG{r>sz z07~n)2j2>Rs#}-*!c$BO3rTg|sB0?3Bai*A+|_q?cceuKA>1P&p9K;5-hj}#y*~ee zbW-wtDp(xR1^YqwXq|LPAKny%${9d}-G{KGCG{9yLzWA#1^2WCK-}HkX<#Du*wF)j zZwCH>n0BpaT{4Em8u0iFPaPOqG&2bc@1GRR1s0`8QOiXe(7j3b5G7qmOKo+6`{W0k&|~4-hqh$F7iF1 z3LkZx1%lLe!zo$ulsu}^LpqK1GQV8~*&qER4%*Nf65bo#lt_3?XRL#>d0{H#BNAz- z6%3=F(Be+*_xctHBDg_^4Vlc9DOMVJnq^tvs=IAoC1@Wftq2}m4h*#k37B)IrXtX9A*TAO`N1l zVvE;dM;n-;vjAT}pufJ$x1dldKYaFqnVS-rce?BXPY#6UPmq&>8)Tiq+j4QL7DiIh zpPcA^{)F^KqqA2nP2DfaNsbyd0(HMQ`8q+Pa_a~$4weZ3DE=9?G<kX&&H6R47K`H3mQ53Z1}Mi<>y|9a578IarY z;F{bFE=E_^z3X4dP4CtDU_9#evnV|Tc5om{nu~6f6CD2c09a% zL(Z?>ydIv9hkqx>FQ0w;oSY3_53a8VXMbtbbv)=_U7nGb&#fyIqMTJzK$bM9Q7qK$ zWY3yb)UjwzBaiu}j6+wB^IFTLP7EjL5(4&U9zTE6cf2lRCubPIcye}ASVMk%_UfeD zLU{a%WHvmq`zGPIQr}DJzPs#Q4CD&xb&ch2`3r9TugSH_7ka0ua!0J6jbuZHC8Nc{ zM6bRYU7Wq@W=62n-Pth!5<5^3h7dTRd6NdZt7Q+22tXT!2q0uD`{s~6N;qH6zJX%+ zf<~yMRE3@;2#OmTg`m8K3(tVlmL$-MF2WWebQ%1F1 zB~+(y)k|DY&6U!L)riREJ3@C#R!eqDu9ozlDQgiT63O_^%qTJE$whu@~2~)k`_t^Q|>4x7yH`pWgI(RZsC{y@%yqNi@ zlUq-U-r(I?@22;vHy*qj{d{&xzW;@%G3gELj@J_64}}hLPnPv?1w=xwMuW@Y*}MMv zaBz9^Zg_S|_P)Owp7qJ_EH4-e*#Cfw7X~a!I)VSgUdbrqLH~MiV@A>-t{)Fcq{bW% z#^d4Dr5$Y&%qC&Vj!&Km9zr%}ypXfa`&UCy~R=6IV4ae_Bz47?x ztLrnpy?Csby!tM4wm@zJWR~Aud|dho6)-^d7-UvHyYA3VZC6~rS3Ui32Z70~;GS;n zY~s=$W|znwLWF-~E4ZMXewdKA6C_efqtU8kDMN@qxm9x(XDDtg>`@I*V>jTSa5+qvmE0eDj9 zydYrX6EWwH_-;|C(lnVv4|0dyyYB^$?vVGjerpl3C!2`9Q}P?|)4enfkGmf}nE#n? zRMWjvviG6p2ifw!+GezqosRZwr=vaJ!Dub{|9>H8k&ANARyygCq^vfehCy_%Un**G z>^`-Xd4M6w6O4hdG;wz`@Fg{#99*6hrG3X6$Czx*dB_ccswrpR>7n!hzzHQUfBC$L zo&dE3UlQicIq5`>w(9hIa~Y72YD6TGhQQ75?}CtEbyV6`&&=I<`1Sh@7#r!IE0z0q$9-LIuTO7xbPHRrrr( zaFrMYvq%R8Kn_*rlfKi$Mt1M_dk6La$fw&s?p#g$UCyeI(b8u$^H`2XnVJBo;zCFQ zn@1b+^zrzdB%FsLUyoEhMX^9{W?E2HztJ;McubLguPb>^htSM-f`!wLA_pW9fY^Wd zE%&V)pyB}}XV;V8e+&EZ;h2WYIkhjNAq-yeGIHkW1iGPEG7lTcugCE1Df#VR>Zp+p znHZ(EBxk>uS!S?7In?g=fZ$LdAh-R2GUN%!IeVu9LyvZnP;|UZLyO^;$fuRgFbRcb z9SKJ*l4=FMK?OAVM2`rUe zg+SMSwwdNs=jvqu?tGG?OwpcR!LF4kS8N}EGo4OIcgcM=;&IX@f)}`;nDaFB_0s_S zjM2j`WMnuJ+Wc?RG%F>3m;9{ruQRgbe%sh>FzfohCjjW<-&?Nr=MHQL6i?W8wTldaTnBe~nCbbhm$a$Bit zBjvVHvrW`(J#i0Zc96!SW?#6w=u7iXP?sl6b9*s1ZVg6BIF*k}KSDnQ&2%NlQl3F* z0`C|?ssZ*Iwd#WZ#XEGs=!yrgtM6{$rF-^C4X?K}r`nXa^4<5Y5eq+-FSb-L)E62< zSTHR&D_O08rndqbP;O_uJ+zKOw(e*zU$B-SKCWYqeEQs8jNP=nj&%(Du+GOB0g~+V zCB|MKI9U5Ct4p@O!UhY#M1*|^M51OidJ-wLIO;#^Nn#QOG;%NPwp?R6?vl*eGoNRD zTC&<^tuRp)zu?YS!r2`zn^GvI3(6RH9R9MyE?d87 zn>BcIy6+#qWaus#M2QYTQf&=KVURHcuR|L&TYXa6#pexbJgv0W)r?*{`U0r1cIs?9 ztDrofl_pCinuJs5xRQ0P7ZZ`!p%!-FkFj&Zp)t!$?OdHdxLs}}Ea!np>_D9o!nKI; zbs|GIAF=Xx$@q9%rzD3z6`aI$@QgfnNGHid7U{w|6A|!@2?RNQ^9sDZ0-d2k*O17L zh_PI7WG2>g22+#(FZ65@-#kYF{#_VR?tmZ9UiHaY96Yc%%c+%)(C5)tj+;XuN+479 zvhY5TP_{|PB5dPTmCa z(glWeAy-g8POcgCe~yEMUC?ONA|SI$gz@{O{Eh4#E~4a6!n|iKOLbI}3;sJ3ESieX zL9S>jTuL1#i=}$|%16T~IsWFPd;CrJsC%NEexTwToH^q(ohMMi)LYFn6Aq5cYH!C7 zq*rWf#BBlD%6Z%+SFsVWY0Q*Gz#LHQ;jbdP2s}bVx%*UdYAaV%!DMFB0OiRK={V%( zsTc<9x0`D~`)E?UM(g%oC85^tIba!$H=fsIYc<$C+L=u?kQXo$i4hJm+tD062w`P9 z?3c$Y<*%pptpFqu>7-*?v{n46+B%_dSiX zAH7p0a^HC=d}(L~<4B;v67JL#0qM?XOJ<8CWF-vJ=Svjw3)HAamI-HIPHU}H>OQ%AJ>J1(FBcku z!am(~|7`7be-(MG;b9zu2X)=;|4Vj@SSh>uhA-VU-Es>Zbptx#BnNtl zMeU)SP^@Qw%328hPwX}Voe~+Bc)baZrldPKfA9RHo%4?jSg1^3D9|BD~XzE!aS1M1C7R#0j4!R-Q4uslX( z4@qLKIFovdKp!7Uis3)nmIhY4~%?Q{l6_6r@}GWwySIl)s>9?1}$_0<(Z)N>sCkAf&+Gq9~VeINk~PPLyremGFK zopR+wxG>SC8!+sInj;cjGBW;Sdb}m|?j>P@NF$|51v;ZTQQCOR=^m36DnnwYT2YZX zD=F<}&LYAZ-^FVvxdR@qDDtE?n;qj5yxSH_aHUdnWSIDO-Q(lq?(xxa_xRayt5fj< zem+lnTi_Py=;+1zS4M^ypW>zQAHZlO2OBE^$~6kf&1U>Q(W}M%UMT718d3(h(zK58 zymCH+#AtPK9c5-%$VTAg2>>&!+C4CBo#_=io2@bDA~_}B`%F1hnP%D{Ly|-CFm=#q zJY&g7{!QSTZaM1cAVLSsfj?tTQU4Ld+n$nZhJ?m}?Dwajs7vNCPiJ#E9zS*LtSSuO zG2>_><7KIh5o4#A6uVE!@zGI>kjEhOJsSHOkV_sh+@-HGF+aN_w$a(Hp|)-J$0xV4 z=@zY^8&TZ#`(*&5$VXn~t)igGGF@_hF`#w0W(%G$au#4o&UgiAu$b(_1P5Awq1}N& zD2$oPpJk1?$6ext(;#qiVcM`H=+>Tu=2a!HK1Zv3XDndKMk)EE9~dU779R{W@P&CK zf}wvnI<$drY7>;Umfz@BNfMrt<8OiJifx@pSvw(j-JcLNYd=uYX5Cb-{+A?Vj4t=$fabsK|LClBJk__0aX9Eik)Gb0dW!qdps@~MGK%V1XL10IQ}2q=r5c5Jgy zb3>P5pgI<-W-><^qjJF8&@{-!7_o3g)Z1IX5>#$hmDP(bG0!E`2w_ZBXg2{BhB~cQ zhrHGvD&Rz7lGHe+48B}xzmj5Dc@!*{D!r4c4(LRjRb$x&uciJ5!~kC2%5nLuH;PFx zkQW(TC&cQ>RI{xA3L!L#xT;cTP4+nj3B$Y<0L30GzDjkXqO2D3n$g=jcwlW}Mj}dU zuXK|_>vt8eig?t4Lw!3uLuZF2BwS2Pdkp^cbWLA59r#x7xpR0SPyHpmH))g}G|~2s zyGPxly^IT|n^jSGo+gA`^tW6jXF-hbqfwa7g6I^Lm-$x1QNQAwOO`zH_`c%X(eSM5 z8y+X3>E zdZym_xo#_=0#~mpkS}>8C$m8m9$zd+F$cAY9TG#{4iz~~>+>K=Kd1wrp8|&O!BZO= zr%UB*LqnjV*qn?NM9h#-Y5pwep3X4nAoCbK(%A2fhUPQSiJb+p`CwV9vM}FbMk?l; zPaOYkLY8p=A#JC`kz(PpS2_oMll$_)W(>b>U^t42Aw~Z*keP>$EVNaEJ)NM=CfNH@ z`NAwHB#lykP56fc9jj?HsBqgmL4j@J&6#(fwT~L53V=U`?TdByooGT=ig^+qOE(Xp zO14LplTo@XK-_J$K9auiBLku6BQdN^{yw@TAISw<@OVW&wmyj`&+{+2EYgb~8?}Ff0Bq_pSXIbYD zEgag!3(|?F8kxgFx^P$racEw@hnkM!Fku4T1PzCnP-JY|kC3y&-~nrRaz!asBU7cf0XSWUc*ugG zyu6kDSzmL|*7X8cDTmu@F>!Qk$l*Oe1fHWgB=NC50a}vpb*mqWNI&nAH(;W^)3V$5 zM%RC+MISgaAc0L{{wP=sr7$GFQqozC2!k4Mo+g;_xMZ5s?{&bnJL85k=pnRi|27KB zB!?SLQvD4Uy)cK}-Jmw__&S+E-7IRD%pPB+@l5S?<1t_=71msVj^!MVTie{5#T}7s zicgN0sOC9llF9lMvju-(g6La03%L#P z0U>kL(=bLn8krIt7u+wvXul;3?t@4l2o*b~_blj}y19-jBqu*%K6~0-e!UG*-1KhR zUQ)A9?g}ZK?w(8?kGdh5C6gLp`@OXwW`ND)9N7j?7fe4AuarAL*-#%{hI+;qG>8a< z5ojCn+2!~Eb^>?cQz)Hq@^qS}3(-}U{hQUYuroep!rxJ+ zdZ%TayEeJ&;}Q=?cTh>{ZiqqocVriQ2kJg3@vQV@N#K~W(W867`n|a`$d-}>RWnG) zz#C#8O8;Wf$>4#ZM4%kE6&*Ew4|WAvAx^vk$blOk??kCfIGseNb>0NK09n7r>o?+> zGBUr%{xpEsZqmBCQ@_XFHBi@X;2NlZmwj!ZZo0W^5E$FN?e2OW?G(`W3o)|sBkoPL z0jNJpK2jn0?Eu(<(|UF%mnqDf?AcENS$4OUK?eJB3Mn=++fX^{eLBzzThd{zMKCvK zw41@~f=ZXmf%a-E;jI}P%;0N9O+DPHoIrqr`l71+f zEOq34&nJ0^av;3tlMNt97eEZffnmAw8jKtSx30N6M}~AEVrL{E$9q08V3dOJejyzE z3-kS0HeY4|CiJoM9x^gPyiCdauXNsJ8iwdze&-H1N+Dk;xV?cG6o#&CplYX)yW#Yb zC!?4NRy@AtfG8K$Qi;vECsk&lT)Bfg+54WY?m(|~r}7=$ZNWNAfwF$Hq!K91N7O)X z^O4;B+ZNyBUmdrGFk6lj4)N z8H`F;^Cy+Mpr^t}(}W9;O36XTz~7mn2iA@FEsuj=<;e}ni2DGu?4}BVZ7g$Sbi=!W zei201N|dk|T&T2KPzT;*Op1&gf^NH8Vz9Y_t_FJgp#*yR;nP9?Vu#S9OMmZy#dOAQ zlOR+s2o{wabo!^*1l;CQ+m7%D78~2&lhFG1=!tkKHx2Eap1oet`LFQx*3hQQSxkM_ z(P3;I9aQ>6B#c*O*JMeBO(eSBGPTH<9Y!J6RPHIcGCG&0anjrXy^rMX`6mN@0e+Un z17g9)7Ei*!BJ%7_uzOVW3TIbBGpgM!gu&veY^n~2!h#gg*xiBvE<0QiDcO%yI`dC> zINY@9Ok~k{adfo!l=ytI^HPbFi`?E{#dPDH^A@3%N;J< z`^6_cUOz5`HezS7*j(At0E16MD{V7 zTz-83;rc9|@_3;VB=U)hw@^`ckUsiIcj%h)pwfN|a@+-)Z~kPeLLdnijHgK!gKDB< zMhXKwk=+I1X;MT(^{hl<^XF_84$8y&W*##!=b^8Z>v~>~!&?old)Sl-n~WLp;3|AY z1U`eDRmN*uVLqh+yqrtX+46l}g^-*pjaeR{pXV$h6nwW~e+%PBj!4LEqU}14sSNHb zk{?kmoH`z};6bvcbXmDr&z_E((tw)}YArgY2fJhna;NK7*J$FO0`Bijnm)vNN$0+mHq7k7OJw zK=sG54q4FZ%|m5J@za@uN}wvW2bDqf$?QKRK$RMR%7FT02A>k3N-aKRKz%X`PYF<7 z8pkY3#@?JQ=v@s^*rIldodKo9^bzObIQSKahC$l_l`M;gSO`T0?Ug~R0NVD!UjoyD zesJL-nWuhpm^55lS|myUOCO}jMSTalkL30zlE9~pLEBzOUrwy^>)Sr{=FBdjCe}Hl zA|cnzV^I>W$gN;L*+0L&Js_U!(1?ye!lT_0(E+$OV_Le`0AJrK(B!4wVAs7oI@$qn zB=-1uZPq49C*y>zzo%_-u(r0rv&p{gU**SY)VK*v7F_Dkt zoXOGl+1~3)bdba^!k8ENBVl&;gHSAchN==>04d70j z|Ah%HW>I1id%4nNj(j`Yc;(ZFo>TJ%5r zNX~Nbsn&JFle^<@*E5z1C}Jk)Low1&t)`wGTU9IL3?w^QO9LARy=9Jxj2YB_TJ|PTI!o=st#&;o^R$AmQo-BYoh+L&=&68} z$G?0e;HGVTXg)D$)$k=rnWq0Exe2g*Qz&mq&0cd5dZ+*~i77uJunYR3H)CCq&?NAB zLa9=-0byl#du)mc!FKYP zum(uV^49G#t8k?mwbJagiwA8Pl-fqRsqMNJ(4&**Pd9&Npv~E*H!@9Eg8EeZ^Ey}^ z+HPcdUI*|ljLTV%6QjW1<>t+)xOYzKQowh#pNp_R!3$Lsr%7=Xe@Ado(d^hTWO8@i?Jkv`d+tT&C9I|TP^DVv3 zn{3Z*z03>2#ic$!Rn9&|ai%!Slf8Y4Afjn8|9Oe&vo2k$h0mYR4of`$iMI7BII||u z&k+n)fTYy!`MC|AwH52`ES}ak2daUZ(&W0*N+o@^aN?)}OkXqwVMLx-%VSFSS0~@Ca0=7F1nbd=f-H6yPZ-6)$YI$Fih@ zkZi=Dvb{dF7L$DKJ&D6u<>>O{hwJzrI{iHw% zZF9B+0u@K|DRu;u_HiA7SE+MM&b9L^dI@IFsxG5k0IKoMY68s`uD#9td7*ri&chOw~=B^xe$+nVxGcf-kKDk?ar>{ZpKgdJ3L?BQO@&!(EopqgW z#7dsbNpj%qnw8jafC4Y6jssW+P+#6#=mPWm#!UCl5OHafj$~mQ)~MQ1?Y7jQSc7 z$f{&(V0K$ALJ&!}GN!6+;S}I(>#Cc&zG|T;=+~-tush1M#)R`YE;pAA7Pla{qDWSB1N`wI$Gv;A9q24{=ONPP#M%5Vt$U&f2rl^6l z9dCzFpn;rmFNFefkgC4*HTlP_smv(J(GPj*lM%f~b-$satugla_-G0>s`(G))(n|H z1Fu#VAF}9hJpSeF-@kna8qE)fk1X`~f*sy_@6@mF{0V*MOLi1YufDZ@1lr-xY;ySa=4Ny#`?bFKoqh_nbb`s^ z9TdBKx1{%n*MsvxZ#=lXx*3eS3xB&gj*gCwzIpKi{yjQ6%Kv-v?B(+>j-S1Fe)8;_ zlNTp1zBoGm=H%r!Uy!3+BU|>9$~*OoqbJXmNABO`=S%V`X7nC1;m@HAW2<$^$wYtX z=?}joKhJ6Ml^_v&Y_&RAO+Zy=od&T;2=fDd!^u-x&F17_uY(UbRm9|SKW- zP|G5bQWgj|6}19$bps!uEG&3QF3HK!@pt4S`Qfh*$KB&&_*iFUQT7y)v#*fykVdjD zbdao%m?LYFHj<{1ZFv}rv4f;EL!x|Ja8qC~prNXQ!l$+M4&^#qSq#f!|0#(5DTr+> zi2dF?_mA|m=KlX@N<*Y=z$2($xWyc6?*HSHlidA(a`fWm$)ETC=lIDi@M(+StNaqG znD42R#r%%kCa^0yOM1Vjo1JCKw#!T3^sxFi**Xv+W%43EC3{ET9m?xaeyjs8PRZW! z$%XtRVevwolD(g382A`X7_peDKXi_{DLK{~sS6AOFe!KgSPNRgh=!-8;R?cxFR7Vc{v+ zdjl<0{b)SheunRZ96qO#x2hu3)Qh>$5r|r&)s=kCi|4{!}~`Q~}tE}ft= ze8nx(FjQrMHd{x}j@j#sg4KastFL`yD`Y4Bmg#Y-3JBs#@~G`vL&3=U4~J@cJLu%9G75Vfa zWp`-PC2kR7qC$4gtehZ_r|~DV1MG-@av`!SF61oJ6B*AY%d=}Z;oaL z!N4Lk;=X8uM$V&=83c%kj!+?|erG~M8hP#$t#S(li$$7Ht8J>=8>GpJe%gtADnHol zMDOJ2*6fXSM|n_sjFVcgn9qKw*Ob{^i<>#%8{+l*2oN>cHkKjEo@c5X+D9v8hiw+O zP{g+Z847)hgvhFrF2xvH5+QnjT z)klreC6_!=&h+3A14Wgc_J!`5>7F)EHwI$VUu)iu9;ylBLLQgK_2*B2=a{kc?zkB+5s{G$7Gy>{3UfnkHEi zsd%2zXO8FDLc4%IFi4D?!mgHD`P)5nvT}J^OfHfp;!7^ci!$fI7+cAm`NAF>;YM!G z$0hjbDj=Ix8C42Xe3U&ITPPi}8H&)Qh$MWx37RGcW(`g-$X1A{G9;U!raBdo zQ(tVmimKX)O7{5)7O}dn$);;d1eOfQ);xinxMgcz-h6Wk)lU2b(%2kAP2Q5GafuL= zh9Sv+S;Q%`d6za}(N@5db*jc*_()e3TE^mcwx632sX|9t(ZY^#$sXLB!tJcSY5_An z)m(L>Cvc{Ht&ZJE!L-ebS2!G+&D<7P1L5O^cXEsrv{C6Dz#-cJ@>A#NSax)&fK~@HCQBT48c{Ue*OXv z7ZVlaPfk7!i}xod#UsZY|HrH)$-0W5=zClB*=NfqKW(&8b%Hlr$;g z6l_qoXsh?8Q<$g$dKdIV9cmR{7tva{4R?)FzNAqDyh;ill_+J~kX=&V zsa&^i9I_Lv4V6IjrFG!{$@s^93Gyc#zUCIpT}sR%l`TqCpyl<%wmSS+1*`!I*Q#8YnyiRHWrOlP zo-0GP9q?F8tO@kkvIhF9208nDX`!;MfG?CAYqF2%10!i^MY57D)ueGws@Sa9*;aVx zOPMth_yx-qIV+L(YuXe=r)E{twvig3xR-UZYIL&vKtSWNLsk5)UhT6{EwfLe5XvF8 z%sHKAQOke3Rw1-4ewD&Qxw_!f|Jj((#KtWtJ3#fb;-G{HngoE*F+W?U%%EjKqXGKjT)fj^xq02 zTU@S*W-m?VYcZ;Av>v01GIrZASQb6l7zI3<16SFC>eupK3w@h7L zUe4jIU#(l=FRN8A*(TP7Ph;I5-DZ2$9GC5j+jX;ZRBRto8lj9oSdwEa!eG}eXj9g) z33;}uruS3|>3Swl*hg-)mQARoe6X7Aq^Flj{C##(u3F3%)M>bvc2b$~X*3GTTy37l zq^gQKmeX;Vt!egII90Ze+V8N*YRX4$M5WKbvvy0Xr!ubU(v{8V_BpuMA8dCu;${_e z`V4$*chqtsHC*+26J?faS^Cz1@IjC07?48KEIn$&NKJvyCHD=uEGGMJN4R`4td6PK0NIc~vbeS;=LS->gRZUp*#uqNy3~@pJ9N|K@>8H&RZz5v zPhLgWA|cjPCS9`FV^LD`%C4bHvSHQJO{qj$WkIDC@p*-p9S&RltlT(SuXKi;MC(<+ zUK6xeL}$C$JvUyWKx|U85iMQS{8*y(nk~5qlFYr5BP~tl>O88J5QLS6VM#?501rn} z>A#1WtlkX({2N)E|gQPB_TW@M9ZB{7`mW$4L z!MPqVw~%fSGP8-bU932jJ1Rlc?!(AX`&`?(3ZA%w-JMq?mbggA9e8_WJVHyNAl zf?&FfN;z;%b>8AY*>fom+IEgIjiaZtcE}Pg1V*-=O}fY-?^pb5%*&Cy>!s z@r@00CFEV@p&uF7$Gc-A8}hFsk1>CWi;)U##(^3qDad6ZSOd*l{zyU|%_Kk*mOL^R z5k|ea4kV1S;rq?A1mv>-tbs!}%TKsToOwQq{AOJgxkP?Jqg6HpTu!NW{RVje@=^X< zPOhee`&(j$*dZ?wZqKYFqzt4@U-{KhMVh;IonUP_KUD6r8bhyMAp6)!b`l zUB+ute5N{~X>5`@lBEeub3eANgJ{Z&jonXe+eaEl#kTIJwk=e6EjG@4Y+FMe*kbF< z$F?<8i!HWRAG?V*D|BYBdYQz2CcmEkcyk?DeeS@WD9ds{*C@#>9#2<}nc{af2TxPA zLHUoLEhLOC4bl@vy}rrdFy=6^e_roG$fR^{~wbX=F=sH zsb~33LRHIB`R0@9Y&KolPf`&HJ$?mLu!Uy*BB`1_pV*YJ>*b_RQfeJ-)ShKT0xxWV7t7Axd`7 zuT8PD4N>wVY(^9}$Z8EP*)Xb#6gyADMUL=9gxv6|H3(IOR#hb1*#@Ef2%F);J}jA+ zFdwtbsM6{Uk<)#(NTcej*5X^;baTwB$7)W49i?C%ZOJ zTc@Q+IFuH`to~#cJg|r?oy9A?PZknJ31a3#Ez&yYB9zyMJ}s(5kG3|T`S?hQVkKwVup@vZVThv7=JjY_gel!I#!hXqQat{bEPV>HT6o zQ~L2@3?(af!jRrC{&0NAp+Vi2DIvp?wo5rB{*76VOQ0vS8=%g=JC`Y;$kVsXCuA%k zpQ*j#@ksEHz2@2RcXYsa(Vee0XmdFjffz2H7(Ag3+I_8KFNWOj6z++aZ`4V#jzQ zj-q^qrl^+qGH+Lyu%uTBzS^4^tAPcdrAnc#J{E{gDiUr|OncK(g_-ti>9pK=;liCF zzj2AeY=^bzC!eZd;ZCWrMdiJGm$j6bHm$>FX`#9ZU6p>B6iVuW3rNi1*vL;LsYZOq zCuED-jrlHX$s_&rWY0|r^*@b2=kfm^%%Jn6_=FsKLF0SP zp20UjklRSIhz6-Ce|Juur_+BFtN!B8pFiSHFj;i`3GGa%=qzLIAF5SbuqYAT6&_G3(yy#qu7<)7s8vj@F45tLZ@UJgzWV2(3{gZ5r?W(=eT>) zJwEOxvtOZu^1eGI_&Iz=!+?rYf@8X~$lXU7Y`zAwN&`p>&8q>_agTYx^yeC& z-+Leb`Lo?mf&XVu_F-TC`NVr*4gWtndGRvG|Gzmpe(@*&{~SMb8E6M@@^IYB$d%(c zl>%ZP@>-=aq{Vs5!X=9Z*&p}c9<=V+>XFCtz0@InzF4r>3uxHtkn>;>B+PGh&`U8{ zwK{mEKnYdR%3d-_5QZ!^aD4T{Ur)L(yGLKO@)ybPO|AdDpLORS;!vI_2(CN-&tHC% zKmR9x%735d2f`_(;Ac*x#}|iu$s*<2+wu5f!K02m$D&0@LTBPG7of(VvTCMkdGK!g!GJb}5 z<5SW(&VGKzLY6QM!`__p`wqNona}(^Xv;<7L#t+Ov6Y_hq}8IaH$NqNfb-se4kKE3 z{u8!XhBRT~@Ex5_gD6N=-DJ5LFQ`BN&t5)z@jQF}PmW)_{PX;OmY?5#>yX2*TY7ED zT;1*Ip77>f^TpSDS|x>U|5F}@{87#eF$JK^ z_rla?KA}lVwwSOPMi=m@0s6EhNv2xj42WY_&ay}Lq1a_teFM_7`W~;+y#vzu*S}i- z_y4rM-ocL?1QP_xR~`ur-KiIIAut|c88U*$x(&qh<}{iy`K3t6gdr$oL45`ZQdyM5 zs+J(M#-NFi`Pw_Mt9qPqa(Q(_7Tm{@Ng4_WorVdGBZVi-z1#yC|p4a(g_w}j?;+nh%9NG1YR0a+;XBdp@RAH8-)k+ zNt}jEbcrq$#Un;|OeP%jFuSu~EB)tL8VAvA?9G{^&v4}VDt-b`?Lfvh(UYB%f6TujnC&^Nr9vt5DpMfP7^EP_v%AY(~{3+R=C1gKjQFguqa&+L3_3&%*I)z&=NZ7);kR~hQ ztTeflyv5{FrVlg-r9=SxSI;-6;%{t~LvODM56FH#_yCq!9_<;*H`vUZj;;1S?w}lr zU{*v-9z^(4$x;r&Jbnt!dk3~RtiQU6_9VO53FfsZcFJ(v5VcAs*$}rTJgRz*I_wNP zJ1JdD=MU#sWO?d1ELbw<$s|pP&rwcM z%>w5XHDrPt?`wBui(IpoZ)UnuheL(5s+GRYfRAm2K-YB545-Az&4*JRV^Kvz19e z$P0<7C_)aU-6<53LMnPg=a5{2+=%pwreYSG5`SDzy>{G309sF>dH;LpnE3fKUzheO zeU&3qOT$7gkhv$~e5Qw!NyM|4<_q|X_{2B8R6o!eKvnnox1Cp8z^t;po$4oiM8=u@ zaI4tBHZhFWS$|>OrLXjCUa5)9V#%^4UpCRwW2~p~mnEg{Za4x^Edgz8=~7eYi3PO3 z^XB0$HDgM7Z|u&r|JGac@hrOhcTq%Lfmbh(nLk>gF6*u}th&I?b&Vp}2lw06CS2EJ zJ%M)AuogBT88l>X54gpa^@yk0rh4YJPuN!FXh ztc_+#s$c@Ron&z*sp3`=#Vw_Yg_6YWWr*8I4<7;Jn&90NC^y1y1!5JLt_GQliFTur zp}`rKh|uxH9V=jLyRKUR@q+snQ%8`wm_czgy`G2WT^!2fJ zD5jLhof^9Nhltq%rQo8wWR44saDVR9xAh;5pq96mnMhf`#(%e4_6X7>S?>KSETlN; ziI7=Lr|i@E1zrC01-bH4YI`6?9 zSX5N3=f)k=za=&=bzt4LzoNINu!4o2tlO>T&eN`EVfQ@iMzXYY+Rb0ya)ynbvj)7q z^)Y{HZ^CkC!Y!wK3%|l`d#-UYJaQPt$93*@bVr|=F3Vvoa)ulJZH#gH&jN2&P2H_4 zyVP!t2~Cva%SD8HfcX0X?UiA;+1&5|!nXk71ze;-Bx^5|$=Zz)&@#g^?1b}8^X#0j zmzj6lcQsnAWDsulWS4BX3(*4GmJU#XK$E4cpg~@;bZRro)`5OA@YjNWy{=Mk7p?&R zGTU$&7aD+lIeae^TZY)jR`uzP zc=s{;&tuG6I@5Z&_|Lv;{U!cxasOYFqubv8Uv~e$yWQLEmhb=fy1j?{|DWThRYfhg z!}aaeul|4cx-;+m@q-H*N(FST#X^S)&&hF2Xo%UvOgTMIOR?14ub$f`H2Uyf3&%7L zH$|FXJ=Tw}In}&7^yZ3_+MEGK*$9D<)Lqe6Y8Tu$-sn7B#J{(T`0hrV`n!2P2vAP( zY2k7=lva21Kjk)t%(D^l=1Vbxjut>>$4slD3YBK2+SvS3ez()>eC?MrQTaL(m0z_b zmKUsrw8DCgkW`RJ4FH2oJ)C<>*W+D^9QtWI*P9>>Dzx&0XT+h`m7DhpJr!Iis9C&6 z3l&A0BsyUa#*~2><`R;_#v*PjM$TU|OwWj^e12qB=aRG0h`;U=f6QW~p5z5zbkX@f z`SmxQj!0`vqgfQ4IJM8G^z}0qkF!ai>}^{OFk)0P)$B5z#er$C)6)&~qzf;5TeklL zF-`6|#`fNVF}mjKK#x#-i_?QUc%xZ#!Lo))Y%iNccXz=gzFstkZ{g*&h-OoE5K%t8 z)F8BMKN2A&A4cp94qP2+G?N)iN3tExV>;zQ+njBn`fZq&0&*@h7H2Q>Io#vejXUM$-|KcBjtr zw1Ds|+O*Zk&|f)KLjjoT*b53SkV$09(lO>vk-@~sS&EC=Gv#q6YV42niV{B*ncpIQ z$KUWgFu#J61%`qQZ=EsAjx#p(J+HyoNz;@9%!rsd3tw#Uw1du1BZS#2 zsr0mZ?vpP zGio#!F3EQ>kACnsN>TTP6cAr*E3idY#EgYHd|)KfKxszN z9K@TOlxG=>wb(mHiS~0)GQEgqI#zU;I3F}ayV;n9ruG$xtl87mC+B>!02%FBt!QDd z4YO*5G$Xpyfd4v=L-v|szviys~$x)$CeAr5Wv0#8@&Vsq;8hfV|1{Qk~#OIGKu3ytZpZh>px?9MUxO z2WS~H?iARGoqT23974ld+LY!^SjsbnJ-7#89&hETif!^@tr7=fnuwUiD4bIpt!Q1f zb5GkX^xRB5s*`0<2?Vo52{j>RnI>id_!0VhI^Xr|F$>$nIV`KDBd8k@2dqOb(Ugb=@R;3LBe;^BwUt$)xOH@SnIHq-IJ*3S z!ltTFAgYF4*!0_Z;gcYBNJ}V5xvP5_Jp?ecXJ!lv-BizT9e^iDaSC+AjLmrs|R{ z+TuLulbJ|5HT1xVhxA<+xL>qOuz$M!)wHBZ(yv6wA!W4o1U=zQBpZahCI6g>jJew4KW}%Agr;+W^?2OIng&(dmV3=jsdm@Zgbc7?2liFv!G;WW&wTrwWhoEHr4Uia(@#~? z#AU+JS>N;8_2;zzdtxVKWdTlql?oQ=Lbh_bHcKqv*C`ckZ8=p15?0Ws!5=K)fTmv zc*AQnVu2C?*Zut{@>|6BTX0cJaX2kal7L(fdX+_{4^ z-Yn~o;}LWk)xn!>Xm6F>s0Dffjo=>H3M*-;CC5sdsvQAPZ^%50COYZ3m}SW<>)ifk z*`IPzt8L1xE8sFn7lY{K!e0?&hX}Iu&CGl);y4J^*jT|ZKv@pJ(n4@O*sgZN45e>F z7xgnJrL^uI?8e95M9U+4Qa0L85{&N&SrUo4I$-@Wf3S@$%+&h!ZWWw_Zhmeu>ya~j z?iZUKANGkq8jkkpw|n8vx4rI8utkT#9^D=WyCL0UJKqFh>6@31YQLra#VuVbjCwpH#(fcX_$l{p*nkDojT zDxvAaY0OHWxZI2Q7O%UHHbs(c^5Jw-H{6ubG^1nr58I~qX!Dw;=J^)~v&5tm<&N_PCA(H9=$3T?vy7@nP;SazYvymAvVIc|`Sz8A1^GjSmHh7#fcP5=6%jMz zf;WBhG5LuCbfKkC!JjL^h*>6i$V`MFR2V4a^LIkY)+bad^~SDvV+EC`Hb9{CXI|(f z200XLkCH(#0un%k~7mB)srJq6Erw8tkB`= zRJRvSwM>haonpRq#Zh+LS=I26>b!O~Y}~>>N}(Vop>*?}R55I0+3=O6SDM{<@w@Kg z3w*A+?A?!9wo5%Wnun|`)oE}$JZ&^pEVop|V;;Zm@OYduDJ$j*cuVx#TAKx_w^>{| zk^k7IVO&tt)OaNF9*K^W5hF6t;}tDVsB;=mhYbQ56c$kW1mx&N%060@XpA6~_~uvgGfa)8nopHyo9bxAm#yw;O7Ya5H5$DbH9t zQ&b@9lg%aVlT^H(w}&E}wlB_pxNG2dE)qe5rU8$^KMaD8ME8>w8JqL^SQ6^d> z9KCr%ieLBR&Bsf z%PTy#;r`G(cZ?4f7ojf<1TUOV?;L|vp3?mmjz7!yke4Wl`o6o-w7lL%{j|3?n&!Q; zQQeV3z|x2JWc8>I%mB7Xd@Ox-Ki5B>P|5OZNivxDCYDIwrqO>n*GhcfxdKy;sj0me z1%tR5aT6QB69^hH8L(olDfeh93Cqmal^6M~7JTDGfYc0Lqo$Ye*CeN?L16O=Df0}} z!GR6uP@fM>bm9rbHS!Gm$kJIHm{?9A0f{31IU&$0rn&yiV{cHMQRlHjU2sJ^eNd$z z>;A(Qp~RPB%5Ek!Q&M^;rasvL+E0Uwr8-@QLKCG_K|U66BPMt!8_b0UhX8_{kEK!5 z<%ITj_Xtp6XLJwm#w=9Q5v@uKvk4&vO)ctkJ~TG3W`GzJ(~}NrLdOR7IrgT<+)omd zOvG=dTX!K_r9j6;;ZPPT3xtCZ@K)UFL$bT$5S>Q$n1A;%BnMh-KF;ZZG4Q0!0e0lu zPLM5%IT&aI!i+BUk0K0yPz}x1w(I3Y4pwOYa&`zGSZMS~Z+Dyc^{}U3Rv`^uY}|oB z+Htjpo|$W*i!i1*PL@w2@8mYol8>B@3q99w!U{93|FGD3brV1OoMtPcM+@`)$8A zq^^bo<`l2O1?|e3xnRq%zz^>gCi9UKX+&e^K7x%uju-PwZyCQNgZlY@1kVilm}ez^ z2_aYa#xIHHmml8WhGW{LE##WE)#{wnep1Ih7c{Sd)Gvf|Bas}->Bq5BORU$8*Rs(kz)Xssw{Rk!_%leKOkY&DXZkCV4nBT9D{xt5c!kC3`n zpmcu`!3(R$RHd(mB+5n#bH$+#@005w7i99Ag$qTZh5LPgWf?L`tTm*A+R20f`p1! zPZg8V$4aj$k07LCr1#Fi(aIuF6A(3uLQNmk<;Gt1+hPLmJ4iUg8IQvI7i=t67M_~J zl3H>oxA+*LC%F!6gOFzQ?B&6ym5M&RUuLmtqGNfVX42)!tzwC4?EOAuB?FQlo%o?< z*Kg5Z@2@3%H6M7b5Jvnu)Yqa`5wrc;)cl`H>{?3NisKfiS}c5a8}d~Pfh);Gw;`=A zJlTYp`2f0}TGPBr@Lc+?4DEFbDt(fpn!BTEUcVu4Ps5Pxl6Cbz#c9{iYNK}e=kD=O z>Fb8A#(kEvVL=3}&a1SWmYtl@6bTRDvx6e-`t9&X`Yj+?6CLkFyc+ z|C>U)8lsyswDN441kj57*;q=W#tzun_QQKGUgEDS7zSM#r1jzb-JNnD-Vat-O6Tza zJYe@K#p-a>dw12XDv~v?woxc+{-i8gt@_<+7Ov*+>up_~l@7IDl>8W>5WS@LCKd+Q zi-f*{$hSbCTP}Jvqi{v|T1D1c(A}3IZT%IbqeW+OuSTjrL8w|T0 zHD58`GSBZf#E7PLYki16`Qv-fpr;~E@EV_{#AwHQYDs#R;Hv$=}ke1 zhX3jMxdgp?Kix(m9<$W^q5Iw|^$pSA=Vy<6? zh(!$2D<~?A?c1gN3gb+-HnkD*D~KjsujxwSqqwTW=>cKlbz=b)aX#Fr4*SS~T6$RISy^jDs8HxW;2M*;0VIu{6)UyIx?X)__Wg`RW?7B5vR}CPR%z|}xJz#uctWXF z4Tq>1e?gO+(pANdz3tUxh3&27T)wxpf|sn@{bHS6i^yBuwC+KdaORy$p@rP1^_PR{ zsCPLVER=L>jQ0L0GjWaNdMhh&Z+E*axGxh^SMPtjw*N(f>FRy&)b_p5A-sC$yT#7k zAa?9D=i%!)7ih!(`9)Z=uu}4aEa;NdOjLGM%d+X9EKymf>1 zD{=Ww9)l$U)cr|sg{{qbd4oQ5FC&`s%SWrxiSA`2OB5XIZX<=ff0?qj$5kM}$|jqS z2_cqruas%x7Wp4^Nxs`>fLN0MVQ+VDx19fBXS?^1|KW4|-r$vVUDxt186X_6xKj=Y zH|!z~Nys7wf0%yDxgheQo{jk+`kvR-l{X+WgvpQWl>Q-={18rE-@aE@mhCQSB5)pz zXmlcSHbfJpnG%gS)%lADGMGRq5xpp-`AD!^_JQ2!#G4^gq>RM@w-u+`+N7*UFKAgS^A~6eJCG=`@N@G4^GOMnxjlK7YNLUO?Mx3<+F`bII4V<{&?Q}c6 zwo_d@H5p*@?QmDVdPjsLvnXo2AM@cf5Yx?7`!M@;Cc+CA%u=4s&qTz7IXQRERIL|) z6G6ekFs=Cx!-0lk7Kg^ngbB7#GfZf}6w85&y=t2=?>ojslS@IS49eJW=|WXGItgvb zZ5fCJK~dME(U*l`6#F*7WM+^;d@g2q)S;T@NTg_OqN5CwraN=NHADUiW7e-O7Ia1h z#3_?m%7cuB?L;O}J!r^Stl$<+{Ucnk-9$)WJ{PmJx;tFD+s9>f+?M*%Bj8Vf6e${H zasGJ`@(!HsxrkW%2_Wr$0EH0`FvALwEK`(AnziQnY0jVQAJ`l>=-jY5N=zJA5r;6V zNeBfPu?`cYD%13lS?Xx0i-TMVy?Vu7XDn7IE;o~uwe?aq^V6i^l*e3VIMk+O*$f07 zc-xT*`(=>wB+EBHNyRnS=uD+l^bd@Tus@KeF5%aimKI6@o2r9EbGp#hwBpZIUykdyuAM;B-N2S?=HJD;qb z>zb#fH~ER@2&RYty6cii%5v8;I?E;^<$oZ(xcUY%{uS1(dZ}IQ z!nLNe$Z&?X8uiCi%o5orzxw`fo?(>wh}2V4dD^_ZX6X=KD30&9Z0+wB@evnw%i?OE z@Hj+C8lM%sf+?Ef?G`W=SGah=)Pumdz7|i*4+k z2VR?Gk@UO^SnS;KVVQ#cNW;x!Y+;artQL(Q2cd2Vp>0F76Rc0Rw;DcNMbk$bVjR642UdfH_L zGKQf5y~PwjYR;v0w4}Ou-XWrG>7Ajn{R(>HW*Pozttp)$l|0y=WfNoeeYDPki6H(H z^@2QF7YU1{j3CmLv?uH}>1}QF8=m{*E%==GcF0>ovXrz#^40&0zuKsr&4n(3o7;6T zo4e7n0+FUnCIX~Wy(`sKWlTC0`+;QrHA$9*fxd!MmkrlL>YWH%833EoT-IZ+LG+3b zdWi=b#o=OhNf}JguxRV`fn`*~z$iE9vaHr*3&a5mf!Gdo;FUg7(*ZukZ=4LYd;~pI z=2XdNX?DWN=-$-CoR<^DgZ?Jd;9PH!m~!LY^j|vYs@t>ISxWOlpXftVs-|z1<4Pc^ z+NaV$w(H6wmw&8VqwCIO0riQWV_;zl8k=tG>|d~x&|&GuScTdY!)dFhQEBfKmZ@8A z2h{eO@1XE&Zdw@9ESPLwcRf_Z|5FS-*KDvT{=6>JRO#G`9(U)=AK6_gODmMhIVketo7%q(^*=+(P<&dX+^2U6b z*GnybtT_cL3$}~K(;*~D`8AK&n1#gy#iO9%X&lYf`kwNL$+^tfwAv256lbQRBN@<0 zSDC8x*bEI#@Br(j2_5o?XWW(W)Gtg$Qhd@T`_G=`FlKGwg>``utJKw$O~EJ@lG-*v)&;{$O7bu*Kk+J8sFlcW>SlB4#%I)j!=-3NOIl z65x#yf%;3DWpr%q*Th8`gSso=NX`aKFNhS+6(ZLN^JUy1WU5-8Q6*__X47QT4!Bv+ z*~N59%G{A#4gRCqz(%giKdNYci)F29^IX&d z)YGMabU?mV@Rx{hXrVSU!oQyy6KY<>vhqnsu`3IY9i^q^MeI6`9wRVD4CbL5$8K8s zigav3*$TUe-xyYE#%Wv2h~<&xB^0}{r&-;5hgo)eWZC5GvT$@w=@&%VH##e{|7~Sw zh4!7-I4iKCIcWV*4O8DEl=_pfv)o6aTjn0pkM>c3PYROMOqD?I7~!4p3zWuiSZ{%+ z;kGUh?Z@ywfy?8|HvOa6O|l!21BW@%ERtl%)UE|04msw$d$7{~O-)`8R{Af?O0UVi zW2J8>*;N18gL&}JHxIgJ@n9bOmoN{S-8EL<5hIh#eu)ojRuEGk}-aCY7t=86U?*A}(RL}m4l zinT9~j?ijp9>r6P&(T3SZ{84-6yx1HxcF%zblkw5rnsFYlToZNpT|OtCVVG1C@X_gtlh{j=^HMH$sx1DcWVzB@X7O5WO|rb!abNqa=v-W#W^dtFlDmKbvwN?Vf4bmY+C_g%V>i)S3JY|vm(qQRP7Rl2Y_&Xd^eAV&c7f&a*!*3#% z8Vnt?IF*#N#SH0*)BU@5ohvpcy{(;ZZ1a@;leAy&ZhcGIF}opcB~eP!R_*G)Zp+#5 zcj9jzoP6&ffvl3Z`UfmXuRH!EBt zt>gi~Q5(|$;N}0~y??KA@823n?!|o85rb3CII!J) z0S7{}TN(WhR7!AyYtO@A(MAtY_yb=j-ik*Ip%ql+u?GVqgv{wQx|6S0%?`5=&~!Xg zE5AoaZ(GwN<89HoKg&yLa1HB=ZF+@;p6XjyVhN4edo*|fEqVQW>h zR+DwAY?~@trU;>7SbTl()9KGA#SdN_9$&ut`TY3usPO!7|KQc>%cJx2Mr>8%k z9Gw>)T^wEhczjrX^rH0W`>x^U9>I(p9;eXo$( zz0SYgFib-t#$|aJ3(j85jAFlDFDc|3I&LcyztCw^`J!k{__M{^hu@OlE%ZN~KlZlS z-RePDGl*bul&bG<56kw_)naogJ+TN7d zUx47IXfmXGc513goDudLJ zqMQ&+QjY&7q$VFZ#E+Q@2YF=!_%HBy$YKs~$WmU(Os<~RWgb`0F}Zx9hP6`=;cuGd zzCOcuO^?e;7(B{EMx%167uB)@$KbTY^N@X*>=mdY8pm#W?$O@_>yNsnWbc_T;;B^9s0|V%Yde#^J(crcW)be z(G#;VjJDgi8ZYH+3Scmc19wB6YOzkE z$W2sV@F$mvj5_W-l3I0cNQ@yaB}BRtT-%7_`syKL$UQ@N#-@2WMF<*)$!oCn;1n=r zC{kBU-l72>z77SG0K$;!5|XIeckoEIh{A>{gtu%zIHn{5?B6=1K}!N^3N5T$;-s~* z-F*&x$**gvRmnPZz$G|Su4`17do#uW;B;?aRzi0V%eN&a7Ga9*YB`d?Sc{MZH((i- zm>pOFO%#SewO4G{-OvbwbqGo*V)|XcB=m5&Y52!7obn!QPpkZHVgJ!e&wc0r-|BAf zRO~-H+Yk1i&+^kcxTe0K{ols?wMCZW>bH7HImCY~J zqjW7WcRI=j<4dF2rPuj-f!XEFs`XF))ql(Ae`ms?DIdooWp^H93H{&N-Q6qF|L)hl z-tGha{~W(Haz?X^r7?uT;6Y6Q1mlT8!v@&E0uk(V^(VkXJ);gR$@Nh*G4LFRRM$mk}vOU3VAaNSl4 zwcPZQgtiscmYd!z=9zi?XPTpWGW7>n`0x7X{H;y=54-L35h{Qn%k z%LzE=oQx+C4_GW&NM>=!Fwg6LLW2n-z0Q_-+wlq)x@v#=t7rJdqV`6H=ykSQa-Vf*Gg6U#AU6M^ws6hQK z3R7H?Py{m_7g(5=NGlTyL^4m|9SKI_lYVo-Rg+?4%dN^;X)u^Wk zt{7J7gcGGAGWlC*rU&ehr#gdiGD{O7nap?99=JIpU-#m}QY2aD8~CZXVQEXTAQoh5 z5e(tt~lGgvz160foVoSFJ! zTvkEt0>TA+$d6Knv;;D9=-NtCEI@!RP*AdXfcO8+0i&Hxy&ldou!h2IR;+*^#VET` z;HBde0ui#7#XacAg!@5*mcf5iaWLVxk}UG6pF**e>eOjG$7kp?0arvSrew;L+Q$QG z5F|@!EOT8OaBt^eXO12IjwLMQ=~)62|@Midt8Qm;V7S}Owq z5^;CRLQb*RN51TzMS4{s3O6FXf*AuHQjnIT0FTWwECS%x>1BbcO|L1BK$Fbbl?IlU zqNWM}(HA|O6Kd&#p>DCrc#s!?vKIw7Y%9$&#anFUH8oq^#X6Ld!f;?N^V(S2_`VPI zM)_+3H83{vT{vVZzef33ZHV;C5TM4W-vhmR-4pJCtzKo^016dDHHL!zR7{apsiEMw z6fS6|m?Z`*Q@EvS_YU zj4RlFGL=C9%SsGO)Xa+`<)96jg@d6}%7GghnGGM$N*@YTTaqc1`9IKk|D^mc@v$hy__H zVji@hE*Omfj&4%*T@1pUx}XqLiB!^xm9^YWZ#iV700qu&t9=W(3}#Xq z?>nCYz0_jl&p`2V*2G?$O(?E4zc~}jga1ft%7``W9B2z3(6)0xXH*g0zrpFOv)2Jjz)df+yo4K#Fj!{DE1J$xsRamNOBKt+=n}49m*asgSY_8>W^4nWR{Xe?#fHh~CH<&(u;QHby3(>v8{_%h!s~6{+GP z0*Brwn7GuccHU2rAI{t?%bbU;hK!lRSNRQEf&R-ayG(PMKh}AvtL2O4M%Heonjkp4F>1aHTVuk+GVunjY#KDGPYQ znIc-Q=xen@^{XtD0)HrL68``;YQ`KoW1`_E7p0XR1p(w>)JYWxrDDos1t+LIN@sXQ z;w(t3KG9rxU=9#1s6%YIV@pGKOOeHp zDY>cT2onIJS&nXcZD@k1nNOLd79}^No~93&Tqr=GO;`#UrZb^2F3obrMYIH8UTAUC z!VMFs2IsF8KXugp$?4_s!I6(qTHr>f(u|=*Zue57gIx{@sKJ!V&cb;)UFCP8Q$|D3 zF>|0}wcBcLGP>KZi5gG_TnH?owaUIa-PG@J?Y;uA(Tqfl$_%cA=iTT}a%_b-U)eX) zq-Ku!UgtYhfGW9g4*zh8c>%~=ye=A`2p{EiMzPFs&H=0ai?mhUWol$S$I7L3gPL6$ zl`sVah-at;Lz3I(E!&`BsQ#TQeaD4Jrx!DIy+f;DLJN0a@~{9psfo%ALl%d#sS#TX z5Mu}n>VM`q%QOu(*cdTrRF6zxts+CFqflmL_`{89@>|qyQLa^h*b2sa6aY$wFXt#! zCwd+3ltt>)+qF_|jRc>Y_G(;4*p1^W5~G^gv~si=fwDMnP(@tpoJA$*PYvx@^YRH) zyj2A*Y^Cl%Oi`4Ek_0(XcQlofCQvw#T~KzkCjfQTTndyO@*<9ylyGS5brSJ_EAVzQ*4V)v<1EF+*2GWe>D$zJ)2>5f2A)t}5 z*DP>IJP=;HAt@Wv6#YtN-9!5V_B!O!2q03IxiE6HjYkKO+wlmQvIBU%jD~Jmdg(|s zvSmvc=s!hDGz?>71GHwwt=#IQ)l_?Va0Kh2QpCX0;YepP6H}Vbu?Rv;LMDTh5A{)4 zrGt-o)jn&m$()eO2x{_0Gwio zsauQ{td$>_#(kMjbzRMs(O^ag07 zp;lM~7n&rgNK&rEb6D_*%)nL(@Rw6u$6kuoMk!}g&{Yh%<`O8o6alwtG7@#|X9a7l z>u9Yivj}_NbjUNirRt++98-hLJLFh#UR`!x%>(<01&P4enN65T=Z>kxc(O8)X0FK~ zX5)yDSsbv9mi2bG3Z`6Z`B@6@>nJEd#U4Jys`YAe<5Wm#{T61(jL;yH;2p2W52T(2 z_90R-G)ES37+6~b;ArWTj*B*Y^|c8J$b$nQm^U}F@i^e25^T|xpadAS>2eyGP7Q_5 zFX7S@eddabTV4$}v`UID?B>kUm>E9du|7g3s-)d8*iWb9e0>nn5=V|V#LC>-EdoYd z{a6vwoQ%SJLDI>+C^<#XEkzC(Xq&LonfM6lvqE^pci5Ye-J6h&SRCRP6A^_qrgNH3 zff5Ng&Y>7r1ZYvr1}zTVH`AQBRZ{xGG%70V>?fBntRm6V7EhTF{zFacH7TA!mycgXso zh`+M&0uGLv&i{RbfVK{5s;|IGz}*F+EB{enfU8`KA-p@# zNF{gbuA_nMzh@8DtbS@foPwYir~HCVa>;$|LFN z%c!^tYZFs)qftupWchi9Y^`fXN<)XmPZ>p{bs+_|J{M=3&r$|#O7e`U!C`~oBBdh! zV@T+qV$*Xw*tuqG-eYpIPufcTw@KUzW)e-ftxi@ z8RsUB1PuvCdE%+9>dE3Po!6F#M3?wrFaR-tB`gkE9GJ|kCM&9*lV>DhUErus{QoY4 ziBHznOt6cZxDzP+>&gD}qu+8bOfU`mIA7HZ_(FaiMRY8GGfjVeasKQ#94Nnt`@g!K zUZ>mDvN#mM>=Qd7Yj^9zEkPPV`cnq>)X*#sbd}dhMDtJ=TO`>m_Cm)FV3kc>V0Zw@ zP-YauGjtHQf*fO2(8X2J6fp||Cgo@rMe|OvPZLh7dezGr6b=m&r$MTmLAUd|^LpTh z;OZ05oxV^)W4`WuC7{rQ7OLUfg4~2@w?xQ7j8)Zv<=}U8QfhNajMWJ+8v21OYZgh+ zEa+gk_G~MG`9@I#Gpf#cjwj(%zqTXQb&pBTZC{Q}KB3^;G8j=@TdBVy1p+-Xm~eKD zVtfnx2c=69>_HW9;B=r|iPpqSXBgrR<=pifcU~Pp=0o>XHN8S-O)`h6#zuKXNk~&w zkIE!TtPhpN zYnIN@*OZC8CRiX+&3}+2AGnubfB@ShI>q}j7*E7Aj(^@N4JqOIjX55Zfs?N!&w4-T zkbMXyip_SRQZG$OcWXoW@Lnf|*LE=@zv2dsKy19xqW9O52%mpVYbX2Wm>vXGZZPtcU-)`;Pzj*^g$ z{|ITzt5=>)S#Q!mloHh!l0ei?L=QSc>x{QF$%A((@+}2(9msOh>~G5rVQ@>&)Ri(& z2=U>4Q{sq~vhLF)!RnVjGBCIBr>&3bJTpSiAsq5WFk#_L2{n1Pa;OkAWEt%g>lx8B z$P4y~1gmiM$#EWkQLa%A$*ZQ}-cI33k_3A@5i2~C+uv@z)-{rJ2a3k_abOzk^m4ycDpKv$Ib@>si$U3W0+NaVm%Mx9Fxsk@& zw}xUZnq>xn+H^w8C%=qIm>v*I zY`tTYq)pVOTkNvgW!tuGyUVuCF59+kb=kJnWmlK&Jo(NyGwb}AUzty?T#5BW?1;Vh zeP4lYhTND`LRYPH;{r>-Yw(tzL#OE!jfW)$pU@wr0+skv7TuO=0f`t~Pam`57H2>% zi$pfIa$BBE@fScfEiThZ0AxOlt(eNn;@Gu}BD^I}IQq{Is;fb0@l_JQX#hYl7x2&r z*wxr~AvX^ETk-??HpvOT)kgTsWDz9(*ZvJ_CW_3DGMpO^6}b(JYygvzBllU(p_7pQ zsc>`y-I*(2eL*P#PVxkj5RKRY_yiogH#V=7(Q$&R&2Q@4D|OJ2?M*#H$WJOa_xmyP{?Oo*fIbSlZ=oxeZ=d47qw`9Zrr#BIW)Nyyi+mL=3^2*J!spt@*+2G? zdhI+l&x@5~g7tBBSA!O__Tln0yNWB$vb8)!)LrOOxqCWX~6kB=q#J*cOIIzw5SQK}XwrS-S|T(QJxgql=AJAWk6t6>Ud8lK(O3Xpa2vRfKz zXbFe zR~kqCRl>R9vevNUd%5In(hX~spee@&k!}zqwZjzMlORn$Z}p81!(T8N?N`L>1XCKC z$x6N8N;_fWc<3Fkxa)wL`*wW&zXYm+-2g5%diih0;cW%6(f5ih<{6enC~o>e>y1y5Ksk zfk`=3i_Wt8L@#<4J2Z#%?TEn-{$m{ZfF5IvJJ-RN)iu;3j7=+>%zY!OVZ6A+G{u z_@HKf1(gQa@^-&_BsMo6g>%PjR~(}4dw3J%#vlCwDbAoeSeu!L=~-NgL-MB0!lpfNG}%JBIn=dkimvoN9s201 zZvJ0#^c>Xm)a%!^f`8R0*(W0$N!cfglVT<-HyUU^vis_>;CN|st@sl^v7N(DLVZX* z2cAd{)QNt`u03E*Mnud>jAn=QjXVhys#N+dc6^$&XDPW-!qM#=fZ3>Dr6&Zk3-sTkS zkl8XN14^ccvG|tkXg!5>yyS;ST=r9y6wIo3G)(#byuInFc4e$ZZQ&1Tjh5*;LM=9U zOwbN1!c9qu8QbepoRvfIE>i;2kIs34o@`7{%0Gy1G(`7KTyYRu*6^QKh7YQQbHr&a zdyTM_>h+_?38L&dP^r;{JCwId6@txA%-MFNX4*d&Bb1s=b3`g>sVy8~h>PCc|G3bg zIxj`3wJ|+*u!u&glXVQsq+h(Hd^4zU_VOSZYX_-tc>2OZ>qU~x9?*L|@ zp#)#6$Wx**Nu5VdI?*jeI^17HqWu3Rflb`DnCQ#4@%VySSnxlEHjH%*x0cwp)%6(LE?RkHUA{(Ce80_J^^DgDL0A59XKHps= z;Aj&a{+F3Kh03fx_8NSDRLUHN1eLm_pdvv31WCdCbylsto(bk*aE8=id9%f^oSHYD z_gTWq{|%hP^Y4^wMj|DORax+yy5g8(-j+jtGu<(02Rg}xCxO5Sjs{|82i(4nGY6gc$AUoS7k;|?ghV>Lh1 z%r}q{uCYeFa2nSl_ne+hF~d<<;acNi1UM_T9$18s>j>hBn-&_~xPKXlEm?roM`ha= z-lq%XMqA8b42JVSPKR(mxW-zH8wlxhGOH%?_wseBxG`zL#)G3a5fxP`K$i%H=O8E_ zfdw<{WMsqhI0jqneVkPj4D;dihnvH4bk&ce!-ao#R4r8?uG)&)BnIL#2lc|X4~jf~ zfoPo?N9>p|PbF;_hgC8w-u1Y`ubp3KGV;_+PP!tpQ?-oFqjjrR-qqUb+ocn^ zMBqL;3+Ax`*Fo;pQEK48M!f@^?g{Xl5J2BDsZ|D$^VpRIBl($$u945ZyWabK6^7Q-aJ?+E6U2wRLWMd)c0*x z9xdk++%MmR-_-P7rRTa_vK>-7 zJ7Sk{n)4y6@D8Hah}UcphQAMVHgO9a4TVe*7@!+5e{Y-BuR`FI2*+Y(oj}i7(E^X} zZGd%|rAXi@(1zzmVg6Wxh{t$)$rta3dy#&uJX(|e|2avQS^pnSQq(K*{AmeNQ^sMe z;)UFZeSF8hhyXW;g88Bn>{Aa|Ilew1Hj{JzD|+xoK6@0}*RK_OQ7JhpCP`7*p!#9G- z(|?Vs+Cq6aek$~VP)S8WomAZt)p!1are0fh-JlFU^qeONMoZimjMI0?lzyrg9XN^{ z-wS&GkbJ$d$fS4)rsW{SX5^t*v;5P~N93!vY{8q?PH09KOI&Kk=D=PvdLp-g#kzmZ z_rpU-Cm!9;+N%n_YV}l)L~OGH4sf<4%o_=2Q-PHrzph6a7x9WQvQ(vdL+6L;2fh{se{I_m>ZAk4bWgRUXORVu1a*+dT@+tIZ~~-$Ko2fKmu647Lg*uNqJu#4pP!`h0qZ3y_fCHm#MU*!o2_CPtoQ2c)<0=ap`CT*BQu>d zc^&D-IEk?{i455LXEog#n)fcC26dI!?30M`HVq00>MR-(4XKc zaG-aLL`3}q0b^a|xuq%ai(#r>z1h7{;MeYtg zn!o0afHvc{B=y!q=LIoaH&&Bet-^7)g4NOHto&hPc|j}Ob-$Foqj;qK%Gko?Vu{#9+c5TD>Sh$ zSDv)w(rm&D!L$~~35iJ&Q8MHxbowR96dNTcNjgrp4v|wk$|+7_xsOB&iWB4>RPgea z!G{A13nsTjgHfNZCH26ut~<44QhUH?u?u--d$bdqt!M8!MXLAo@Ln2#A`ug+5d*mx z6#b4c7_?O4psHR&hLquR7Y!Nse<@q8nSuYCvK99ku3K9}$Ja6;?lFOfYq%$y(K)l$ ztQVO0A7x7dVuK!zolQCojwv)0osu7gCHg#NduQ6@b(f~Q9whwvT^J!+ck~c%N`yY2 zR*RIta~r(=L$3Q8?!I#uYu8cvJjjFZHcl|v1KrRG1z>4PI863f$@616h`|{?gQJ@3 z2YPXXAC9ZLd~j8d5p`Qh!E@MJ)`y)#>xn-v=R-U=9@^42dj3xr-}A=((wSe{N!6@j zscWZo6Kbbn7;fVze`}Bnfo9Px(|b8k?qN*Y>$8x3u}hsXhJS$$tV!92n5>x5%APbvkxf7e_FaBecWS7iFs}2mQGK;e0 z{}kTg?dV&OYy+^$-Ii7es)^|I^*~)Wcfb-8U9Z6F`QvHw0Td%*Jfp#vufMOCny3Gt zfZL15geK!^f9OreMbKd zPq*8pxASwe?S-dr^|aPoKqA{Sm9vvAPi%4PaXLL}3!$}!8~)^7YdoA8e<32n zJ?6+mB@nT&S#4uLeF9B2tl(e|!DRUi!N;mRt8Vu!X^TQ@Ak#N5hK*nmm}5R7^#3M~ zSmxmBBimdZ2*|EeCK6^s`D<@80R za-F(DWlfP{9bs?+&gCx0$zLGrkM}e;*O;BsHqlVUC6LVtOv|bLe~Un~RdF6rl7DvU zmGn2`2n7>GO9`>!L^cX+v@uL`P=zH7=!}K?_+$1Z57fH>g&6?ltv!b5t zTT8RksyJ{t3|IZjzI^MvH8y+pUGnj{GrPkW>wnB`2KWEV+_vQ=WU(Pu!UI=JY{WXT zxIWP<3mskmVG8)Xe?9*mI6i-4tk>7m$}54$!%Yl>)5*Uw(A%4E@EFg8j=gZCAR(BR zkHiZUog=kx&Bmj&?iC&IpfY!|G!>3H8H~n%FwjY0aTNMPiiaIW(0FGuBTJ#4jatJ$ma>`Hn%1)(e z3;vuoRf^^msGo3Kk#hH1(KcyCPv)l3u?#rQH8+qN&!Ms&hkt6~q97%}aFWR|g6R9g z#kFnwrN{TyVFWm^kXU|FcqVO z+^U@!W3?NWyUYzn3CCndW!#^3x|RZqrJ`2N1UHTH3`Zwbpz12?#J8xz9L^Tz3tG0p zo%aZ=YkN$;uq+wTPwr1_THm#Ih~6F7W%{NM@-UKc0*}bhv6dY~>~qG*GkK2n|I6cM zlBuTRot$qMC+6~N1g}+3ufrmm{Rx>7XEh1YYMwe_cXox-5YkzrvbS$$lZXx}6IT8; zzA}TnNzwo5YnN?p6{;Z5%6Fl@PMarWOa}E)cX$k34IuLQ+uhr2>rWFUAL4+@vlHC% zHjqz5Vti_AS`_9~3KtgQ9!mdfy(dR_)}kjF0ptZm$lM)uiifDI0Q+h^RweCg{9yLR zczwZwnW}`^`8pmeR4v+eSbkW=HFPI;R6kD(D!b-) z9PVD>mQ>o(kBVi=PY7G?7Y?Xv&@T9r)AC*Gxc`OMA@rFUuuoxc7JAR=J@1PR_?Lbm zw_i1wXg(mG98Nb+-c8J$OX_~^VgA!pe(iqfcYa`W>-~?v1o=@m6?4WkW-H0u%{Vr; z%$r5Za3w&a+P-~Vm08n|5gxUzW$#agr(4kvUSEKy{Z^3Zji_|jUq%QRO!#va#cBe= zoRtRyhVQXv&C~Mo^n#R6U+-(284^_#tLptB^v)p0=Z`-;9o9r;!fiXormV~-))(Z=+Yg8+f-*Po!v8dHp)Jg` zQdhosMQOYm1g9t>ltcJ*EC$4o0g>Lq1hurKnv>AZs)^4bJrq5)vHn9Y`Q4!jfj#*5 zX$f@XR|&pPf`|1SG}(qU1}7TOk7>9aI5ck)Vu7DU9;KaCG1B2&0`p&m##tS?;#0p&40u= zD45dwI!HR&uxsv-IMjbDN#WQ_?9Q1#$u8-zdfldc(0V%9Mg+>);3(p3&of%&T2+-o zv7qM-lBfV?(JeTaK&#DASR*U29s;9jmuZT_Kb{w$`h8F2Q+FNuh36}->a*Cm^xhu6 z+jp&)Sl}qNB}%g;O(P=bP0h(}waF*w?cNgLq*^_rn zUJWk)h0V&(avv6j9Xajwq>yy#pRuVHWn8plgWRoS=+|G#^s3W&!n+En6Y@*{>`_q} z9|##Wc||0zV0Wehi*Oujs*E2v^7L;Bc>SzkMNkKC78G>KjC8&3S^1FINfH%bU%9E} zML=V&!D)!Omr82i*=qaV2tfbdsPlPW^{G}2?Izdt$?n;nxo$tAf7}1CKi!(e^sOyZ=ThGij=TmWJ49A|NHOfoTnE72&xcxw})ye40VQjbz6KzXd^SWyD8SwLbvbP;B zEdCOYWwB$a-u`y1QEJF&`_nRL@8MG2;jraC)^e4)bzrYHR%!dqVSCn|-IM#yaOs~a zcsUThyBv$)6^w@S5D0&Yd{O6DMIBAde+1nOb7)>5x5QD`jHkqIXy-t`8$oZ`)x2?) zwuMum@DrgNddQqy?L=8(U0Ks(xq8FzFCr($G}&<6&^ukl`f1vAbJxa4=ihRMEnBO# zEk&v#`a=L*QKAM=bPm|v{Pyk|2l(_{ZSQ~sfP8;G`zxKXiUt8K&iC9|^Kz5Df>^%t ziG{6Hq zyn9f;Z=O311or?~Q2>fMJ9d@?$(CBoIgJQ&n@f&(Q=1qQUF4BArm!pj=coF6+D=vh z1Q@L_!1i`6%XdIe&r2X69~VHMmhNapE*8*V)pu0yjK7B#(+C0RGPtozzYFlG{{X%R z9I*E7_rE=R4l}x>eG!@TJz2BHuJsqVByIYCa#hB3ANT}F`cMH2S&Ey=5}ilw0YU`o zH-PX)TWmC;suu;ipj&>Cb(_4zI?jVU3m?F@@)|Fn0AMGeMd5cs1ptQo?;go_F{k1) zqrZ13ySxAP`&F(YhwuH6`FI`Yp*DKr4iaF29B@ZS)&VmScH?C;tQR;=F-@%S6MyYj z5Y=Dl!o4O8YWY*ISIMztIx>Ta8PwXX&x^#Xlj@l}&7+0=yEh>5k6duCT5>kG+PYdd z*0}X8tM{r)_vP#Y3IV@Mep&zDyo`^uWM4bErwlRb;z@RHX=P*_;$FMZEojc(0wuYeNI?$jyp`Sj?ztT0&c7_HX129!HsS+5u7d=1)speayJ> zKtS~Pa>7o<=?2}AF&dtpM>10S1kmu4`q|f0+p}Yk`wbBHCx45li2Q2)u(POMdJqXa zBFw`V^is&1CW|jL9;HL$QJsMVfk|v8{$b{YR(Lcloksp84=I;R3@}OFMB1dV@!*{+ zIk*!-Fj@>OeJo==*)ZkEkxsL=v8M!56b>op5Hb`hr?onNMmDa)hd-{kVw&NtTTAN4 z0{}^*e1`!IH^klNQ8UEeGSsnee|tDe0+!k_dN{a|m#AgI6-ehwi0qROgIVk4XB7ee zM84(}%b_fU@Gs5%o`!&jVYhE>yiaDUdv*+uw#KI<#^hwFHc&@2oR%5m(Y! zinR2-c0bf!)rZRvLMC&JY#gpDn`I+IFXr=fKNhk&{pLqA=j^EWr8g_j_Q8!?ZI{KX0P|4c%;$Y_ozm{3yS@D`oqfGod0o%-ky_S~ zPj*B_;4=OynG6B&%eE_*9^5M?|G2K*01u0i&`R6NOd~@}WBK<^{;YI=cy8kb8u-C= zlDQ+DJ1fPUxuI4zJH!$1_1uMhVqlKqYh}~BZ=q>h*MOF_^_S*NQaNottA5$!L)$3D zQH#p?*MnW9_|kZvV(CMnae5!PPU)I`wJD}}hIf%-oFpX)uWV+>rIJ)Rmx2@=j;9|_Vn|j9hx4y0T0n<_UroQ#5j#WK-uJbSmil5 z6#wJml`bHtp{ZI6_j5*{GC>E3*=?YvU-^1~10e^;Ikya8pGzS}K{^9H5+&kSgbD48 z%%Y1vXL4?~lK1kB%a>ZoNuc)26;wJ4mlk@i&n((vWFg4xW<1KKpIb^YVTO^~MQ3t& zz%J@UFB%+y)6VGXc`>GR&`W1P?2i-koqS06BFcP(RN@_a_))xnh}|43Bv&T`8!I zvefpyT#Rn9GIq-u-BF-pJolcIg#<>z-gZ^i&+EzJo0a%)i>W%KzIZ@w4d9sD{*FQDnMcdHb&@z`5N^C(CyKS-bfxQ8e`Cvn@3dsr;E3#FUKyhMsqUr#4GjC2fj z61fng+t>Ck5-yB=5yzAQ?cD#Hua6b|zgN9NHT#(o?YYOxo!)*+9QxcE&4a{hAl+)cB~*t0{!4G~U1 zw>czwuIp$rd(KYXgGfTzw#2QS^A5i{&`y4_q5a-A-|G_GJ-b}*NdiTG^d!Q0vBxAW zMG8FF5kkL+#Kt6X`$~z0nu@J*1LF?q8)W^#4j*srOwmQa@VYe$2MjH)4t|QLCF;!N zKzEh@b!Lsuy}GJ{VWdy%^(V_&ivWdRLL(7VSmy~TbOLL56Dou4c&Bbm2?Rvr^4?ttur~WdR$C@C9xy3Spqs7a>Z}%lTJAV&{&eW#+gh*6;_^! z6S54|JC+PhWy<=JUfs!5RSQIP#^Ub2Z2)I4XO-b>i@U=evg z7(equStusnJRc!2=xYle_-Cvdm7;I^$m4sVd{-P6h&l{gPMl(X0>S#Bag5;U3js+z z`k~yRR|kQ1_o@{UZirR5mQ1|1WI^Zektjp@#}uz#_FZwu@3w8N%+7Uu-SS<@?5Ea& z4hwa1`3j;tGvLbV8NF^3Apz6nTJh=bu7kX|PeNPrTQRz|xgs9#txuzxVB`oebeP=p zHKs7xM!wPW**9A=0!}!g$07KPlB&HfU+`}r(hCZKKxn-uM!)aA1yUIC$P)7?I)!fB znc#>;NqDNzc2!cTyZpSJb*J}l$U&p2QPC!<)lyNrKuyH7RjRYLw~Uh}+gj|t0ur=J zkJJepIlmiDH6z}ns4M=^+FMVdh-Ss{>yI<5wPje~Vc66Qm}0l8aSGOy*5x|UJ;@9Y zXBcH9wjbK{M+wfRaJwcjso* z`ih#;KA{}s@cs34;BqJdxoQdr_Xbyh!KiyX%l0CSWi0W@I zvYL}2QS42|1Qf4h;3YC?LjLp@caeGMWcJvYNSgvJSWp;uNtGCm8Ai}MHE-8LIorF% z7rLAr(td%;YhG5IzB7GEY3WMg(ges|L6lzN9nSZUs3bF8%k^gp_&zGyzrzS*E1l9F zv7ky-tx`Y@2zJA%Cl{eBKkOH~`wz7Ru(Q_V?3!!Tr<9?gEHLLTGzG#azVthRv=CwC z^nSYGTq{G804YJ%HOq`}HkZo#s@ei`?CJYfqYJIX-WXJW*8(Q>&V#v9ZDr^aSS9OY zkJKhGbn~wj6Qpx=DxpG2l2F*)2=e9wM2kOms)Bj*wJ_(_q{=DQUidyO3m8m%>nEG-e-;^ zK*K4izlNj}Ov3KWcpOuct5!I&gWw8BETSBn}7 zYBtqcJdE6`uZGa5&Tw-2{OWye{45YRr;h`_Niww&T7s@SX@mL49@@y@NSYBPO9?O*^@8M4XP0JKk5wZGFS9G|Gm zE5NA(=LH}@K{AjBxGAvBPQH2r@HA8WY=FR2#&;djOZk&I-jqqqa*enuWqC$z7_qDA60~ENH$`N^%++eF2G=wy+3VA{UhQOOI#u(Z+&>oAZ>yoPp-I z*viPS%oJC3cq$_O(G2e=l*JKRTih*=-zcmxs%GtYTeZf}S6rt5bR4ZR$DfGxF^+Xt zkr#|Jc*N=w!d$&Eb5>S^Gi*vGbU2#+u_3`pcGrF7apOU@8yh`B5VsEZ{!$`06)qee zGDejRlb^O?U&q=*y3M{Zq>7eqjGX(@f|J`RQPiN86k|3bB>#~o#{7sbFRF6SUm~(; zVP_ACJjnKUkxTUsc@}jK3vwoR-k=lTDV+ichw9q#ZX{IO+r#5=__{@6# zdThV%C8xu7hUi|=@Ar!^%SD6fPsAS)!@m1Vj>e&R;+A%UL#)VU=Y=|qNXGrT-I23Jzb84Ewd6Ga7+mHJ7BiC3nM)&dQE>^_89symUzZ>=WCnO z+p}VswI}&LrJMzTtS*kx0g)ZxaVwBh6sH01{TVj)3ThSI4*^eP_5dd}-oGD!s}kD} zvMxbDJ*&+Y_qHHkU@(!~e5$0|SiNQ=)_x6HATcEJ0oGY1=jxxS>uwH}stwe3``MvA$KyZArkLYk*?xYfJ^xmW(PABl-%`PA479oB)H--%-ypTVkovuENCqU$sWm z@r`WJ??5#fs3$*I5JQ~uC_%}~`diN-k|OwA8%vK%mrHB;u?~*?%HRA3Eb<(3C9(7w zzlc$X`s{G)Og3L9n-x-np#tJ0dM%ivAIDHLA5f3fWxnxJ#Y|xGW*NE=7W2LcGDnLC z^H~ceyvL48#v1r3NOdrfHmO2_rYq%7+l}P$=Z2f#Di;aW;^T&B4D9PQua2g!+}6J( zn&nJtxmoQlxyM6!G(r}ctgX?vC%*B-W8zKSAVdTndDz-^hC_C&3UB^n#STBa6^nNRb#Ih@^TPxqFP+W!Mq)G*pU7>RY7oHY_LLp62Wxu zJ`jl$7Mc(LqfODsr9tpwr4r zrnv|2`UB5SRE#^rI?*OddV>9vST*Sb-z}FeFPlT`_d)7CG4;M5=^W@Z0J>MCRL|-i zn)jjgym-p92S%9*W#4cFeC*x|nd@1?jnBn;Q*i!c9~w=Skg$)@Y#DK2fOk!JUg-_L zK}KN-db*G^v>f)OL!AUpr0y;Fq;of&M3JSsDJ4}yo~wTq(*)3;X<|_W2dzmBz^PfrJuwn^I7Hr%_?OV3IU{ygd1!0gd3~>~^EZ;H2crfEod7^nF)n`U?g6l{u$BinrKR2yn7Ez;{F~lv zn+4Et?UnoN2Q_}~e?*&_0>bXa-x}&W7+_-|b&Te}5#m3I5jF-J1;Oa-gXoV9&3W7~ z`hctzs4EvmaRr_=JBWm zS~l>g7ISOW*E)c}z3a4C!e#wjpQ8Rwu!V8!YqX&@&n=vANe3xx+dq5T%j1Lb-zqNg zKeX<0LKgEe;#4#Te2wCmtC2<-uA&U_O8r?U1WS(b4}*|=#O7p!jvSE(OAu2TN!M^=rQ>;5`B3jz`RImE_ zhvkk#?&ZwpPBrK{UMLoPlF!mZoGH3K?u?mmT0R6@KQ_unQAW%3q2RwKU%0OhbGRJ()zVZtLVP_J_^ddzNq#+t&l;`+ z_&P80%j7oiF_3yd+r^@v{J68VsQo}0EmJII~g845Jr`t$`Jn4iIGuOujK05?GH_wbX z(UE3RZ%e-wvVy-ql>5GVw;f(21p_YOw@!26VF^#pJY^5xj&l_?j-b!2@D`gT8QZ13 zuf7Xd3kWaDuiw1v_sCV*BF|b z8{_%x3BqJhER12;3wdaMxg_bnJI8ufAEeu8mj{0`|0Aovh+`@%5EWa`*XBCa#MDwn zTci}u5MoH0kQHTmQz1f^7wkb%fmfSy(OZ%r54R8yA)i1XLuhYV;~fUV|9BD3F?6mR z>6pQfYf=+5%)+&tSx?z659-|`Q%wnTqjWYuD2M9N?+~SiD0>DGDd~oMd2Zfz!?7gDM%(j`&?|L7(Gw%xGdG_7UCwuxxzf0<#_jsZF`+( z!uGqir?PKsdZlgeY@ncIEVRTE(W(F-v`d5Za|gH{CtokhhsI{8NprQ;OaMFn^e#)+ zXd*w6#y&ogx~R8KOnttA$-JFl=Y#Wk z;OZ0Nc1nO`A^jvT`VoB8>4tXk6ngo5e}m?+c@yP|2VH>WqK>8l4Z50%>YG^{@}z9= zE6G&YqafuyA#L<|K&g)OD}eC&5O7mro1JuZ4om``Ti*akgYXl&hICs-RGBekkG1u- z+o1xhH;s-oeKgOqHE!3+To@N8Sl$nyg3O*JNbvdrRi&S_;w2SY%4-CxhRtz%QW>l`mvZhuj^FcjFz)kVk0{am`?$YJO{G zzrtzuZ>*{wcQPWo1Cl-zRqsARQx6{`p-vbOj9H8&Y|uNMpITRQGTxEWRrbj>^^jaf zxLSkR((*x6rS#N5r|wi}!6Wh7L^orbW^&3(%yxKP15vh#6!JWgqmZB%BjDmdz!2j?Whyab*h+BF|IN={tnh2A^VBG7_|Vm*XipdT zlk+k-@y#=~Zu;SwQC&Igz!qtt;Wu>uY+6L=qJ+U!q#!bGB{_DOB^zI*(nB-aU8WhA zJ^xwHu+6N`f4DL^{~a%qmTbM9T7DtL{g;)C1$UZhXHtjfH+XrELAQMqRC^}zHp>G; zImnIyWM4y5Q)H`~+_U!IZr?!EeYams-_H{y z&m1@X8_&B8(Hht0hWpIy{&Q7h=0P@c`I+TwRQbzVeZx?<)3#G8pQ@+c1joASk&*!I^w~oexNwsG~`Nq>qb(2g$@qqqA8gyANLQoUA7jBNoHO3*U1oAQ4p>U z`WoMNU*xA`j}%8bAg=0IM&z6K?^FOU^;Vkc^ZhPQb6d}6{4JvB+-eQNq9E)&ew(!P z_aDEvBqcORzSux%Bf-Q#>B_xlh-t1WgWA9j`Zty#4dWN%GQsjTbUqTKVk#eDR`vN$ z*r6@Ik;E%Y(_Xvqwql|7pIdQY-N2Pm5$n??`|fJ}wXX`qMxxZ0nRzPlZ& z{C2iBI>T|q!3qK|O}70=c<8YpPIe@PX`tuYkc;QW|4bi2lDkJt#4dFf$995Nc|r{5 z*afaX;I3)nZO#pTNGwm0)iB=A1a=7x^yDo7KY#cMKp8$J`SGyJFxjTa0(|`M4?Ym` zYl$iP%M$SEnM}`lf#&4n&pET1&^tB}x*j~9sSL2)_L*CZ=b5yCIXg>COq5y3tYKF( zhhKgUk>?LR4jue$!R5@dvNDM#Wd&80D}yROx$*(8+PiCfza_da)hv2T>R<(18XfCF zDKa2-j@VlL-VOO?JpA|o&K@xW>lcdj{SxrHXV z>#e%yku4;ZYcIM$y)D&Tk43vSM_lXVsL?85c8;DlGBR>#Kd3g)~7TQv56#;9R z>_*F*;h4+Fbnf#QTe{0gFE$N`2Q7P%@F5~+Q+oS&_1>W-F=je#Z}o`{*i%v|k>VnLY{`iMSm8o`C+R9j%oz^3uo2LX8l;}pE>LRbe(ah^T z1fRY#tY|5@30IJS_EAOHWR6GUp2eOIQ4de*ioXl2H0+f zSt)8x0hGA~_;yYKo@GsTGHvDmWjxOgo|vd#3CcN*2p>u7ft(6Wpku%FBuVbLkR3xI zhqhh$#t8$0c*^9cP?d6dTWkdkT8gUA^|ndtKp003%UikD3BFEGFmbZ6G9iz)0)Rzo zol>2RF~E-W1_$}p62Q&;>ij_v+Bua#fY$$4wp~N2dn0Yq7ZbRqQp8&2R7c=%%h9YX z>1$K_M~Lz$1nFlNhmG2_+W7$71KqJM^GW_iGH;OaLcog5-|uz}fl4*ts0G&X{%07q zhMdphzzc1^{^&>Kbexp$e|pvv25S(UT?k8uTb9V&@A00D9uGvLX5><5y|OwubDhv< z2G4sON{&hKWdQ5ILaZ}^$E2u?@Jssh3*(=s=Z#3-MumwYe+2T^Hm0EbGt;!+Fnz-BkuVP;I7g(Gx7WhoO?b-p9Z#jwKAa66uiuvpc{1f1e}X8#R{rW5SH zt{=Y5w*?4-ekqnf&aMFn$RGP!|5s~as)(;iKYoZ8O~77vfzLkM@n&Ni7`bx6kJD27 zr}aJ=hgH**z@V(IDT5x8vc%|ddzxLLR!%9rKTuOB_W+pgtq~vzV}PmfmDe|ie1L_d z*;a|)9P(ObYdU#oBRra}+Lr`~eUSPCI(C4H{ugYHcAP%~n|IG7gOY=ssqr)7MOHjf zKPy^dUJycI5Qw`LzT;IqvE?Jruee*luDzTNGBP2lLG+f64)|91-r$X%^I>aEEM06q?Y*5)QVg|^fGCfd{iK=}27 zJ_^JsL)Y-rDCLU(W>?q$W=hA5_EV7e5sKdHc{iLg@>OxA`0MMx2*JIP_uoSO@k*$O z0wB%e_Jv~>LaiLn_j$3`2SyiclId^U?q4}zOyS>aRbzLb^^%guz=-sJV{9vB34niW zovqU#>fQZNDZq;95IswWVS#Zho?{YT=Yb?E6$p^7T?Q=`9$#~FWhX@L&nZAiZy!*BkaeF#c1^KYc0GhJh{GmJw)Ir>3mCd5{r zO_@B@bTXq=n$2c|K5Z{t{$yr6PqHl33tt3LY-+}x7lS+2$($ zo8yf<97&cim5yXH-Dw*oNK0a!w(H6;5&skF_%Dc(GZn_dr|y03x}4_N$-8+>m}F5VL!a*_j!U6WpO+XpRk!V`&r$<~lhO&t#W{^U<9`H+fc{G|sFBiPWyMpMZEGTqAZT#$ZucG@7Aijdk^jt)` zKmXw5)REEVG%AoxbB_@ytW?FQ&_HlJIF zJ;~f$|7|&ZbnjY}-~kBmbxj%vxHQEB+LB2eZ1335m2cEgj5`MJu~7Blud<7z65pkM z+Q_iRY@^7w&uvwvLaHmbFx-$zC1tI^bq~!qv)iNunUNIR2o%tns;IP^gBDBwloa@_ z4-X{Gx;d#5LzQw^c#$`QU>~CNdK^CVFQqV8rm%SNL7o4WFkMZK9oJ(7Ubpl4oc)%d zPM%=>&2T~OhZFoaM_aycdLhCtf(n?4B_Be{8*_zK8%Fv^VB-PhqeZ=*%_&H?ha-k; zmM;O;FIfK2+bo5#l5}P&@M7&t)^S;W5gTMdzjCHg^|@MGqViTLNF^2a=lL>({RO z|JT$lc})v&fhxFw7LDH9ZvZYE4n6L>4gS45Fh)}j1s{QbDIc+xQCF+@;w(vMgT z1-kv`OpCeeTP8}TY}aW#GxUA9*@*=wxs#YdJoHx#Xtf{fBHBe83IRPX_Vu1T2Vd^X zw()$3AKH#HkB*1so`EkYq5{*sO4Jnc5IQe7seI7lt!& zArT#L%g;&zQ^NJv=n0rsgD{X$^wZ)Zcj&=u?@KpT%F=Inn;b;)*{1%#G?E<=qGE8{ zaZslTDFW|u1-#bV@w+aaVfvdZAKg7yeBNp|%{wn2gERjg8jz*$>OAd2dd$4J|1>gB zgUebYyx)#_y?na#X%~8ZF*aKfybA1~MR8kZD=x|m>@>)nJdXBOz_PvM!+2^a?P!7} zxD^m$R85(=Nsy*txYWw#3fpo8Gax4gZ_MC( zvSRG^KA7Fg5`AdiFFnD;{_+MYKNA3w^BpU%>ST<`qLR9FD7tjR^{ddpp18R5)pVcN zw>4B|bIlZrXZX}~hU;=f^kVgk1TL*`v*@G_9o(Z6`?gbcQaLd#S`t|+1aWzzcI{TO z6?qA3mMeT8Of6oodbhpi102nb8&)>xl^q^{Np7E4mJcSN7X%f=6VY|QCY!#{OqiF? zZ`tYN}mL$8^3lWSMb%s7mW&442p1zg3m}R4+k0yI=@si6-<9$Y6>mx zzG{4(R>r>cz10c0uun)wuWY)K7+nX3B+2{&rdS<*d~QpJts+`h5xi@@RB15&K$wf` zR)`{<_A*&J=-9rlWiv}o0yUJ?nLIfIUW|otRCn>WFyI1?W{}n~zt8NB=C9}!r#H?-P&eJf-4gu=RS&xStmC2613+g&5+2aMYKa95&&t9%xrqBC0TV%Jz`&Lo_x zM{Hx!Z)1MBRbxyBmMxgAeoSA;EmHt^-hj`~G&Vq0LEg3Ve+IQ*qa9p8J;yn%3)~SW zflyv)^5I*!Ejm7f(uwruYj{L6DsU=r{O64pZguKtu4QICD74ye%v2i-V#wYH{vKpp zG2tnX89-4Kk=@lZF>D5Jc#t}TWeypr0DoEp_GD_q`4{;ePO1nMf)Y=L2F0HO85G}A zs$+6sj?ydTPx0gn3>g4B)2)RpzU&>YqwJ2`MpWYw<1M^O?>uFg-SkUigJZ6sTO$=B zvF;R6l#eO8tcL~+sD!M8>RoX3!qEwYwHsy=zM7N^6hPu5=KB&$eVg;agHBMQuDO z-)Vz=Fqx7XH#<FTH$o_6q6r)cO*=&?m*S{7rs~TGl`4a$&lMGcl!f&!#lKwA zY$WtD>KZ^GLn|SQ>kK(1<{UD)XuEQs84_PewQ`=}wL+ZglUQ>kv@-ZaKF?7B7*uUa zqkI$kMAEcPM-vn@d6;@rmzU25Q7q6Fu~}S2HOSGWUg_@uoHbn%qv^oVoeVEUy{!a{ zKd$+jki4YdjZWl>lP7TS%DMOxGOFPP{pDX%`K@b1`o0#|7<7l2bSc$j&~}O!u}!%* zNb;<&INFpp%Qq^`%vYI9W0+&0(cD9|VJ+J`=gpn3?B#6s(EsrjymK`lS@ecn_j*x+>VA*roxG=kD}yL>A-v~Z{tJtL zG3^h7lu%{XG{7LW%y7%5VKUs9a5aM8e=y!bpMnt7>LMk`C4y|VvOoYU!g_Ev>#DXD z65Rn;za8^f`QnDn4~!OK6n+bCU5@+MZnDKyWF1Md-{5h)O1E+~xeR+)y1G--h$Tz| z%y73if@DhwCYsHM(U5~v@tq7hr1HalR~)Kk%FiP)%yRv(#p=ZJkcKWiGHT6DqNMRV zw-~A62;K@R?eArfgZ@XxFsJysc)fKA9jix0n`ZBDwf0k^!5Ap8Y`y7RK`r(W0@m== zH5O^zcMs2hN2e0Tvw&hxSL1(c1Zej7I-E#&j)9h6Er6<37t=sK+ITq$g~SQ^Wq;v* z=Uw7aO-A^`X}9N4;b$6|TRKOkOv4L7epF_dJT#n`@DQ zr~^SZ0lhlyFdFT_!Vnm4vapdct$+OpH4hnui-(;7z0{1*pG5$_>1Y(EN$6&LK2otU z4ll?IxVQ&_?Iw9o_^#H+VWna0R8hp4DC7n0>ub~!G{5+&`qby-K{WPl@Oniigu#_2npcWJt52U=$tUBIUMPV&41x zNdC8HfBc~`QxdXh0~csp!nhQ!N9Gn?cJ{P(^?DxmTCJud5yV$6>oSSy+G1HbeQsx4 z0q8S!WNdyxx;S?=;&7^9N8SJtX298AIb=fVyZBwwHBaSt#qdL;R*lkb`fmD!#xshM z#P3>e&B6s3EC#G-X9G7j9Mb?8BT0aTp09ec*c3lkl=rBq^QTa{$aoMjossKkxgX)D zubWQvHc(CR@yWNHRxxL6>l~<_)esUg*Ss^7u?*&)T6S~OiJ*9FVt>Y_0kfSU%d1rl$xc7t)bhRBov2@uXyu@}8K7kSuQLVw-cE23-(G>7@-b z%t35ow4+FMM5MHUiksVdz}4S0%6_6X17kS!w8N!eKM@9pB)W0R9UhcT7NBr$JO|T@ z^_xY}EhvKrGW(t7{@1qwLf+RfxUUdklK~fQFi3s8CH}w%P~1MPgD|#D+)IRUVH*=6 z6K*FX5)96bHIwjh;!E~sUFd*#H7mP#0mF73cayAw6OCu+OPqgoSW54EIByzO@+&}m z4%L@%g}>u$Zd;>|Efoiva_kmDheAGE%t&1@706)>Gf4iQZAiX&=XS$ZMGE94oY4xtC(_#JIXMJp>kn?-LT6 zwP;JfBEx?#HQ*w2_Zv_KTrnWGC*ar}!--vDVh^m)4g{Qs*6=dqOv$hv@k+kx6pA~9 z588)I*lV?GFX_v46i`Q-G?)jc;L5Rzn!ulGqq?#Rcogt}{Y#AkYRuN=2TEy?lJSH2 zv|0BkQH-R0J<|n(%3Ua?RY2V6sv}u78IZzzXe2WfBGDCfWFDv%v;W%NzjmVsnzmNk zXxdYN%c%{aCb`q$XiKC)?k0pH*^8%(aYr}T?&;?a>uGlDbmT__&D&_rxO=xjm>>>0 zX~)z~@lVAUJ=(te{PnY?-ynw4jbLRP)*1!D7iARO;EC+MFI#P|We%^Aa2p_SnQr-2 zY+s3T&7WEQ@T9;c&!wz!rM;&?)sU<2qVcF!Gq3x2=*EzUh9k!x0mg90!wy^k1s{w? zT}ZG2R>d^OKUoZ~G{)aur15IZ70>qYIy_J6MKha60rzXR9F)H9Tmb;|>U(a0So@;` zIhrewI)Mc;Y2BW<1CE0cJ$i8Ph$W+r* zMIm-dv|fr5XmOXrb8}}iVL$zzO{s-mJA=D_kCj9t;0LeWg5 z2WtXq@Ra;SB@lwb=@%|ikMrr?NxW}-d&J`pc@+=ElL8syd2spMe&{&AjqD@D>q|V% z>=B7?$HN(V^4LO1b2!%d7f1y&t=%lBv%lWwO{h<_-0b#d0EV?&bQ7-nBJ6Iz`gao( z4}@d$vDRSH4xsC?Oq_BdPebFimIsnGFgKsw3~1~^!)D9=8O`wfB?CrGV*U9?p0xWV z1x-@KsHOt64$nYw9Jm|{tf8!UP;56MR%ZF@%pUIGkP>5)$Nq5Sgmzcb$`W6eHf3Ds5 zBSVr-iRgmxPh(ORl|kFx)MDkAgM+}d*N~#x-vbmoP^-@?(GlgQ#Ke0Xr#D3XJn?sM zGinN8Y(~10HMgtURoM?H?XWL>2L({iypch5rpX6lx;JKG0THu@%#{^fzu^vwMxs;jj1TCFkFOO>0fpXsWqjyI+T$cKrQ&a1eu&y%B zZ%nMm=PfIv3C0afzIi;#YI!b5d?Mr`k!{)cZ3hkx|B(jIZ~nwRPBeHho*87~@3hWlOUAeqh)Mm>FrI_O$-g z5@w5J9$Ki`Y(eD-61*qqjL8Q+y@$;VDgCKGI*1LGRaJB}>(+!X-UtBGoT@Arq~t^M zAEju)lz2}5vT7Ffb}6!7>|&{ky-!(h`1Ic4_(Il683C2Bn0U|K)^?%e5}Y~Y{^o16 zAuB9B5HsrU%3&Vk?`6WSszle}Hj?&*?Yx_WqkU5`^AQ{yb0{RN`Kno)D7lDsE;_i> z5RE{E;J)pn0s6j)zp>ZOElY*Om|icFx$yC@X5K`H*45lF^pDAKz+biQRpN(r65aqq zpku5E5{P45r3L#1uFI?>eVT{_Pe=CC|Rzg_@lPaGo1>86+2zD zx+v?iyU)dvRdb($J9d1h&tieICk#<#@&ZM~6iLs8|DZX~#8gT&hVoQaN{9Xd8F>7$ z2--qJBkX`++IcE2IaogtF$Oqa3xUV>ew%vPBF~izXAhY?$-A=c;#J>tl69P@dj)c^ z9_;99&nZD9GP2VeBjtXhnJOQAB%#Oks2>12A{qV?4Me#yBa6&Jv2ZAIZP=0e#5_RGk^KeszG`ZUZ!&0rjPj?P z6Dqi5thxhBVj|_&XVE+3_7{rCQ}bMypxhvM|SA6`Ez|xMiVUaGg#?vByAN9{%WAAZU+ZC-CV%KNqZm%}P5DSW8Nv zBCh2_(f4j<%1O3JyZL<>)ym)23z5@(ngzcXdpj{=LdP0GE>J|8YbDh-v$cWD#$rX1sv8WBW|R-4lefIyMVVNj*y7ETv;Q8%il!cjvaG?TI$3L zzD`nh`+0qFg4c_snTvj3vmEtNu~`_fiOS z3QmkZUiel@ztL4(k5>8OV|XFI&|Y3ajjn9~gg`Con%muoe7Bt_J-mW|)uksVN=7rU zX^gXiv}s?C$EUhWfj@pn?#13bgw9&=r!0j=%BtR|UqoIZuP`3($F&!RC;Qw7$PIfF zgsFm${y_{wm|z!iMZq_1iU)1-_ezR3Xf7$jB%-Mz0xr~E(laxm^s|GKDKY9`9FcP($>Df=7hS-go#f; z3kbWC2O=PAn54bZx^#44a+q-97v$CU$5Oj2&ho-bqh zowR4F?qJ4;cv##kXoSaD_RZJ%l| zdq&1SUnVs?lI`2MHutNhR(QQM*4TNj_`TGrvRuw_>0NSa8?N%FR+SB?`u(V!7snK0 z`^R&fu9Z-8*(|ECs#@74@P2L5uzk=QSrSB`1}HqSmNu%=4La0Td;y5RlVj7pVZTTh zh`z57Axc@Cb$Nxvup=1_JQ(xDy334)0>>Ok?=XwOM#@Fny9o~M+lJ(u%p!NpZP(D+4=|QdaDO9-qx!XTo0~vEEh_q5nNlb5v{arLxc}n zHx0V>mxWLM3zuoB2{?MwTrYF|rne|VZGm%SA*yAEe_=Qiq$m7LNO!q*%37lK;knM# zXzyLz2=3{fvx{LDM{dguwyt_No}*XG!{Ijgy?(845-T^P@g8z;{y~*B;NA1debT1U zxSl?1cADO5%dEUX8ceOkCcmAKTC-qN(!tr$&Rll=`bzY8?`y`4`>Fi&`aRXz1c>=P zG-Er|Fs;_zw0P*j^S+KCRND*ZrX=3m3k_Xw15QSUw-n8! z5;@p`kxfw!8osp}3)8n(#&pb0r1h&zj8r6=QvYvCE;wWf&4E37w7b{l(w*Pj(UVYcnQL7RZxj79UKsw1qB&G@W##t45TX zH2+Z!aHTd~7*V>SraT>dr$fc$jQ&H|hA#B_zx2-Nw99wHV83 z`N>Dq#X7am={jvHNWYG|ZRwXUKA-f<3Ls1d$Mn47*EEP3YrtOT?eTl;EYtjvXg%w6 z5cMdFhViRwn`3+}ucQVFjLd&UU*?;JC(t(Kv)B{*a1IDEv$S4XbhhS!x`~(n{$uYs zJzPV@78{#WnpDVkC?k@a^cVWs_mN&DsDz#x>ON^V80G;fG$=PhP98f{q+E*Ahj0-rP0(s;`|| z;jnlnz@@gHVmi+GA{0!+0a6Hn)yXk?Pri-&|B^YC_5YGNb6qkYB&%22SQzZs8X@kn zQaQFFKMk%wjabFHa$=48vnlxpSmW%`jL;%`EDU_DpGC)c-?P(IteJr7jX$ae?|d^8 zpB{xk9Hp5l2qbs0PHEcFMd z7fw0uR+POVGI7ilnbEij(3|M~vUzD1rmQ+)4y}U5T8f;W3}?M@iUq!%R6V`(7?ia5 zA{3Xu>Z_)yr%#Fk0-^R3#6O#Fl})Grfe@$0KzBGw+EeCp+c8q!-FK|j%b1oF>1W1o z@jW8+sltgI4yHU!izDu386qXRfy`f^4muhQQvo4EW)Z;_jWw)8^etgU+KwJlkQ$Ij zrVJiqIN5Moyc?&;KF(pSQH`}7qy)0cYCkMRq=4ws>ce!^AE zJ>IrxRe;=uTcF$r*PIzc-g1-yN0L#ahM|YxBrC^vm~YtvPd$&OrSZ)`sNC-Y#9<`^ zqWYDh;J1%J`%C63ARqtMI7oeGiBopm+?gJ81)Z*1%%pPy^QIOCVVGV=6!-|x>|PfW zY35(+Ccx2Z%9tGk<8$@M%S*XAeVHso5Rx*eKrUs<#S?sy!YiuI+`LVMD#rACZA^~T zieQ7ivg=Xd)M}7Mu_KbaI zwD5yJ9htt8$ncQeSy*@alo#^<-;FhB>U!C2P^tJHerO9%1|`2K0`*G^`~Dz#anE&d zj0-9(FFE2clZNxhHt?dS79MP55vacRLQ+PZ)cFCLvCF}b0*CgN$#PD!0#M@|bcdz4?43KKetpn%5|7K`@23oI%&lA6>Y(B2|iR-~R0E^2BZj2-{yHo?} z`y#asx4F-oYN(MIpXG>PR~*71B^6>eSz%c*`-5{ryzuNUC>`I|@8>q4kR*Ck1u=LR z?)pyhpCMVWJ|T11ewCVvfuy1i6K0(^M`yT_(?>sZH$mWlX#hran%QLz4ZhZ+w={1D zWg;Y6LEx;AW>Fz@!Tn>H)83B3=;4{*jG3Sd9=}afs;-ZonV&@53=6A9LOC3gr3_+P z)wwJ#NstR{CME{{S`j|>g^yuml;A8!Qv1GNvf|v|$p)f_^|(l>^}I?k^ZW6|65&*- zj>q>>y;P?qpF6Vfh03AxA2HEPa&wirhDa@eC*+8iHMXZ{jZMa_ckb9K053@GrzTFW zhpgj`)IgIzkL+$yHTxE-D-G;{&vjXKH;Sm53Kw!dySNAPB$h+dSz(6DOJo8cf4cj5 zOT3v8g2V|sxyeg&7w8rp$j}HXMY9GevWT$e$YU4bEovv}f<##ZHyoY`tplg*v3Zl( z1VXrG${^;mxToc%x|iyBfhe}%jP3o8IiXi}3MB5gzLn@HKookZVbG&1;x-{nPHyF} zVcUvT-W3(#8CKIEvNtb7U15(l{o~4>WV{2D+*?c_%b( zJm}Y6(;Xg7?~1MkWWHyUpQn+bO!($L<42GTCq-P4Q;J8$Uooptn1C{U9C$VY*s6t$v# zaG|>AYHy;u_MkK1f$)o$Mm!Nn?2`|-@U|Re0PRrD@LRap5}szWxP`uWX+n;+de1Zc zUoWKr>GhA{Mga_84wSc?*LWLD_e;8|f}A;E()m>5|GFu7IN-)5R)YQj9!FflZ)8Sn z%q+R4q&e=fM4UNbH4xVm;yVwi_JvD_ehZZEu&qkIstit4J;n^7V7oA12dLr&*hXK; zIuPR>1HjlJ*~9sVU4llbD)TTHp>8pl0(h{US?L)b&=@d9d23p49_F?+K~@R@$VzGd z&q|3cD){riB^`V?>(IQ!#B zOX3>zhE;NkN(21v$ExyU-SPCqJ&w;vSEoH5JIj`9rqK9_2tY?`oNVfg7kmH-urY;sukyJ#U3O;VRXsWdL z$r6B`mJMr4t9!zMypf9;v{2}2v>+g2eMl_~(E(3RPpcxQ_bLg6mGSu>C&qVgBm3+V zw#H%g+o#lPUc>p3Kr0hS2_R~&}0&yty>nB+J$f3RYO zg<}6Z7`x^yu2H2M5$r+WgB5YJ09gI3#ky?UGdrx>VNE9uXTm(ZrI{s}mR}zkTl{{kG{*KtiM#&vc+KW7ECPU@(yr)(YTaF2Y@~N`m~d1J0f(aH1B<)2V)}S+=aVs_^?w zp))uaMDI5TlBKwYkIm5wHO-$9kRnhL9LArG4^wKqo!ZAf zUPJg&tx`4k&`muY^7f3vM@!#A`~@<+ZIQ~ahM<>QW=!ck)Z|~**!Vvu1aLaEw-7uD?cQ_=T z($if22KxJ!A03Ag$&7L5b^boFkHMiZ#B?YB(_z>+)&2I}0^R~50(k*rIDD)Wkbd-8 zXffaW{VFr@m=gG#{#muwulPO`$4Y1r&xXumIVi=QNQaj*k!URFEFo=Cx+r9E4X&O) zadZ4oi-pS;Y$S-kz7}v-l>xw53Ihvs3pTS4>la9QP6s8$vRk3;9Tu1=9PoXXpa^KGgCrE))@fMm$-}Mo zU2WOvWOqIwxt_&io5xnDF8IU7mAeg;2y(C@5xH7$B-9ad z%fa%9>fJfE=^i9N%bDDLDe+!CbLLCw?=8K(?qSqHnP}ee^FiAlD#CiJiiycpba2S7 zQ@sFtQT`&dSN=z+sc<9e{55^J zhJDq#z`x)_V74+%wwgJw{X%p= z@L-5os9b~-Te`72^!s;G*ALj|vm`!Wou((Do`nELCFB7vCI9Ks3!@&9!yAH6Id4UE z)%!&h;an@Df5htiAI19cM@$_>WKIBPvKM8q%zpsv9qc{4`;+tonr+L_H!5Z;_83O1 zfZ#o|pF(mAX8ONCK?{~SL}QbF?ax#4?a6?Zrwg>hs^VQJjE8_d-SnZ;-g6wDc3W_- zNjNw8-=)?$?^jTlz!d$nM9~G`kB97T^Rp|{hjx7+UMABn1!jk!lApu%8nb|mrg64{ zJB1)IRGy~9cpBXf3~I$J*G`O34^XQ1mCx;CoJp92waXW7HND(V-xmt_3`2@VjergR z{IJXgBqv!;wt1X@vo;HWxJm1&?xwN~dNZQ+0btL5#4;+$wC#)s(|p{7*e#%$8p-&& zIp%m^pc1?^?@raAg3@4dYPxZHgFA;5sJ-g1r<3Y>G_?X!Ek>cHV@FauF4(_(QRXtM z!TQA)K5)5-YltLM<=Ks51cs$3{!U}A9{mzR`0-mZ{n+BExLWmDBCMu4mD(!u}FdVbG;lrtq=?lc8e`f2 zKhg2N+Af|+)Idh(8BS1KwWSk%7Zrc-dfYr14Ax$1(1?Xl1%x7BxK33CZ+;rwmwvo7 zm_#;$Tol;1;L}8>(K8zJg_DQZOOdCt?O##^P{a))i+3)@Gd3B{0xE~vr zz8=0?A3Q`!KJBx-Nqp)8C3vUKzJFbVFU=3Nrw4ZL14mS9z><|y4ZlJ&S6~NW{BBHy=-&b$= zfB^bqPAIENTXewR=1`&`zY5g0W}zRZ+uXjDO=fKV^>-^ z`Z_^3wuc|mMWpoBZUyQ^W)JmtnaHj)rm~=~)egaI{AMn`aP>b&Y^RZ4k#=P6tEjW*xX1zM4 z5A6%(JkrZBCd8WqVZF?`H?A`w8(}@~n+?Uj>LyWADyrxmlO$G;<_Y_h6r9wjXX6X@ zI(^#qOL>e9s6BibvrH7Ce4`;*&JAheIk7Qg2+@vZXQC&iU1qu0CUms7%R-S|^z^^i z?tM@B>1pYX?CK^Z$A7u_xo9v=p{wu?1^JSl2iHRA}OHMBu6^07Ns0j}C~K zzo4HPOKakp0;fax3gJyWi}DF^u-#hNl%NjE!PH>Jo}A<~T*WjBl}343Tz7WrNAR>V_F!256+9u~*SKb$xUg@$hs>Dq$5tK( z`FG*u8T>Ax)U1&Dd4v!ap#TQL;dW-Wf(#vmFC)S=KMO4-(2~hH)|1@ewhEl6i=tgR zY-}pIcP@@XF~{%FGSO0DMa*CDmv_b4K9dC z-s(WvtC|S0cBVL~>9mTgUJ%c`I3SN-|5C4ZgDJ7yIih01q@7<@TS zSxbj=DipEf%*fZTu&;y9-1&Xw#;$*T^nRByK$Tkq4<7}RZ?HCBPlC$1lx>dxpSkN} zw&tzWJ8h0hSMt3|ztbngfl9-V0Fj`-;lr$d{gCv_I-@5`x+9s#>j6&j)tK#m=^KUg z-}&He!mJqlPKB|^Mb@JT#$>2OnYfm3r}$f{!D2ow>8Eia5}W-I24?f+UNg(rK4>Q^ zrd$5RMqiW>%zr^Y4=vX4ha{Slg2~4NOwRC98<+^p zjxT2w7ZZ!_TS^DSgd!NerFlMfycs%eeU^G>HSxq7e4(}LJ&V}LIC3;g#=pSmP~4r- zBrC*t!miD*Qg%lSWzNXj-^mJ|socktZV2L79~Z^59Ks5RZ9;Eja!k(sX)@(t&iRsO zS9H`+dPnG-;^zL1`lr@iQCz>QTp&|e3yl2_k_#7}TAesE`vjJ6CRrFzTR|TDKl~Tu zZpE;~Csq57=@yI?KSQHD%dv@MQ>_`8-@etK7*KM|XUZv3uw|(5y>=R(-mrp6oJoib z)SsI6h5m>Hm!?`9hs3DHhf18-Pl2P+1$}rkkf8?HHyBhE-+kzm!$~4 zfwrQ6w&)y0gQ$Bv3+-Jsa33J8Y!T#CJ<~dZJbP-x(xk3}fk~yj&}eXDO;%h3kH3&| z*DZ3EF^AZf!P6BVE2YNNwfOBIz6I1XT6bCtqCaP_Z-JN^9W(UxI!49CJ6rj+VM zgE?g&em(2YOxMgUb|LTr`zM`Mqn%`n1SlC(ujNe65NM^u8C|uMc z(G}9OQcCju@@hB^Qvz=AombI0m?LKv7zkdY_C3sL$pn5Rs&9FH1!D)558#qVrcQs; zIV7Ovxd&c9Uo#T}cdy;Df!5SPGrrdsIQT3U+-{#?q<*e=#X z>x>EPJY}Skf~x=5dx#CDYgRy<(j!LLrh7MG+C}2PP((tEg@uoWg{>Jh0Ib79_Lxzh zxiGkuqQ}}DCD(N=+fM*gpyHug;J*tzmj?dWf+l>M4=rsv_?1))hMZ?CD7aMGNLv+kSCzib?5v>EqRW<0tRcZsjssO+4pgeNhthwcEWjg#7 zuK|;S9ZX3}^Jq{+TUl{smW1A_T0@!7wI0CDTFWK&2X|>j+}_n0KL8r zZ9**hYn|;AhCPM2Y8bm9?UEsa5JG2|3Q_cneNlOMPi*U#bLuVI703Es%_>x2-X=^n z?I^i(0dw%i6B&WqxkD^+lQR$LFgC8R{29eO*8?D2UXy7&gLEMj2 zSjJAM853JTDq17XA0PnFxNU!-)BsvMKS$M+yx)S@S4e0eCSlX$+lNw$nHo&^b*-Tn zP5|}=hPOd^O|Zz;eEJn%Fj6qha(;Ul>SJ zx`d0uQ(Ubd8HLpPB|<9dZh0YKhVR9(g6TgKF1`dxiJd%&)J&!+w4&ORO;D+IsNm0m z4UD`eq$l%mK`|}qc6UMI**sQ(G=6-!=U*~~3zMXZBDioa$j8y7ArWz{IUIL4X~j$0 z_=P3oNAMVnW=J@>Lxy4ja%(n4R+JUE_ep5<-~N_IVB08u@86*={lW%1d%&FqfR;RfH1 z#uxdcg8QJU!2iuhEeS9eH|>iUpSr{Sjo)M3<56WbcmT6Tjq5Vr`&qDcy;b-i>U-Vc zgWo_!sy5FTO9w!jrD34NpA7vjb#(PY-4GjRN;YkY8IPt{*K|ScD`%plM>O+#`iokH zvb9!y%}p{`M^Z#qZH|2Sz-eZ8dAtE>CyI5du>qbhWM+lYm>bkob%I#u^?)hI{w$aE zMTVYfXfNLpfnhicU3>_2Thtt)+a0u9QT%`ARzfYB=?Z)=GB?<|PeU3{`RY zQ-vTbz6pv;)#{TIX>VY{)CpB+$o%L!O2wx~=IvCXC>h$i)$UK8^=|s?iNZ@(Fpvy3j5Tfb{ hfr --output-dir ./yamls -f my-values.yaml - ``` - - Note: if the directory `/yamls` does not exist, you can create it by running `mkdir yamls`. - - The command deploys `ibm-dba-bas-prod` onto the Kubernetes cluster, based on the values specified in the `my-values.yaml` file. If you use [BAStudio platform helm install helper script](configuration) before, you can use ./bastudio-helper/templates/updateValues.yaml file generated by the script.The configuration section lists the parameters that can be configured during installation. - - -* Customize the yamls directory by running the following commands: - - ``` - rm -rf ./yamls/ibm-dba-bas-prod/charts/appengine/templates/tests - rm -rf ./yamls/ibm-dba-bas-prod/charts/baStudio/templates/tests - rm -rf ./yamls/ibm-dba-bas-prod/charts/resourceRegistry/templates/tests - ``` - -* Search `runAsUser: 50001` in the generated contents. And delete them all. (This step can be avoid after helm new feature added). - -* Apply the customization to the server by running the following command: - - kubectl apply -R -f ./yamls - -### Verifying the Chart - -1. After the installation is finished, see the instructions for verifying the chart by running the command: - - `helm status my-release --tls` - -2. Get the name of the pods that were deployed with ibm-dba-bas-prod by running the following command: - - `kubectl get pod -n ` - -3. For each pod, check under Events to see that the images were successfully pulled and the containers were created and started, by running the following command with the specific pod name: - - `kubectl describe pod -n ` - -4. Go to `https:///BAStudio` in your browser (if you set up Business Automation Studio with Route) or `https://:/BAStudio` (if you set up Business Automation Studio with NodePort). - -### Uninstalling the Chart -To uninstall and delete the my-release deployment, run the following command to uninstall and delete the my-release deployment: - - kubectl delete -R -f ./yamls - -This command removes all the Kubernetes components associated with the chart and deletes the release. If deletion can result in orphaned components, you must delete them manually. - -For example, when you delete a release with stateful sets, the associated persistent volume must be deleted. Run the following command after deleting the chart release to clean up orphaned persistent volumes: - - kubectl delete pvc -l release=my-release - diff --git a/BAS/k8s-yaml/ibm-dba-bas-prod-1.0.0.tgz b/BAS/k8s-yaml/ibm-dba-bas-prod-1.0.0.tgz deleted file mode 100644 index 775707941b486a1fe0850d2f3033ec46e073863b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 98234 zcmV)PK()UgiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvHbK|y_D2mVD{1iCKoD(}gO6^BK5~ud>lx(ZJHQNszN$#G$ zQ&Tw*2}y`af*T<1Rx-Jt{T9~3ixe%pA3HO%tDUNjM1jBpu&}V+i!btix}g09RsB+m z^x4^(%4)EodG=3V>+j&;;NaDZ7x4dsgM;?}4_>}}@lS`xFPs>+jR&-fxAEckEFsB6|QGg>W$%=;-T zGqK58QAIq_9qV`0$+KsY-Vav1TGxwOF`0;>VnsDbME-1idigBT$f=&?R8>qq%fw1N zOBeK)yv{0~WTH+7>TdPF6)kwhe`9~CWX+;mwz(HFRVPtDfH>-taZ$0AwBOD|o->(n znnis=^YrC&-Q;W%^~v<@_1Pr4tryI#&G-NRzZ?z@4+jU|M>*w1MR~y_3{giI$Y{6ByG z^4t0UGycAtt*K-w!EGlrkwPhwh`ba9D=HPOGO?i9NkqtZWWHvk)TpQ`RwRtviLA~G zl4O+UfcT_VEG0`JiK>KTA2a;-mPd?BgaM1-)9TvfbSo#{8P;4r`de`TyB z)tW1Whg5?N^yHFZK}rdckDD zDyB$UD6*i6*_YEool?cjyXr0(Bw4M=*dP-L&3d>1XQHSiU(}V5q!J>#<&}c9q$@@y z@6I$7zRBFQn7lhP3-|^>Peifgs~U-$UJ6>Vlq@!SecF3R#_y=g*JfTXSD%n)9NyEd-y2 z%Ub8E4-f5*JZWC1Lqk~!Sy24gF`J&5POm+m1y%6Q6DG9{mVRzZ@ z_le<;^sjZU#s#m;=1}C7^tD>&N(K-6yx`TZViCSuW$>;(`M^csi??i}&p*77xSxX8 zvZ|yz-uqQ7I$ui{nzqx5FL=hQO-B!{77s)4Yp#M<7xcdWYp%(mylb}8@RTo@UC*--eEPfZK_ zMo0zdm@baY_rl&m7BAfw#69zceJoj0v2>QKSxz0J)&sVz7d4SfB{bv3$^#`?nel|4 ziMpsxh#p$A#-y@LeSB}jq8ZReOBuuHDgT6R8$hSHA_^rk_FBlCR&Y{y68>-@Ru}A!WhZ2O z_4+#eWd<8|LUN`QU9q^5G+{AK^b%f(RlHoLNlfdMo3o~Ww!@6B-VU$MM(6&QS;-Q< zUbtWJ3jCa_jcRHOT+mZ4x8}taTvNd%6K_EuDFc+&;#y~<$YE_9GMZ{F{J0>-us1-YdAN2Ecd~9#SsDpi_%&cJFOBNB* zOQeFhZXhoL*}~gOihHGZ`{?1jF}RPz>-c`nE0)0y^?=wZrhp4T+^Q}2*E{?X=8YVz zWQyKtMi)9V&qM|nKk4a1kI!_go5E}l|4nlO;VZRbqmLDn1 zOZ_pxl9$J?P!Oo9?1X3-^{YAksJ9A1sA$ELp;Amw@#w`*M{X90lFKt8Zn+-#_+>CZ zT32iL%TMM9E$A0_UJPJzRNSE;km|h=B`5$5&S)&Mcr%?EeA;F-DBFGQcHW|g2S?8z zyYIIzYN^KZ@bE$Osuerm6g20_M2b7ENgfa{BUBTsr8>)~ zQbx;_)1s!Cp%B1npyIAKWi)*+dBv`a#8N)EL^N~X%`Q5S+<=`t(Ba>ifqa02d@6LG z&Z2z^Pf194^AXLDKc@fP(*IX1FEd&(_3Y|;KAH`xkJXpzm>;qK9Ui?pZt4GDygEGm zrvLvl{$7hL6Zfd5usVOTrgw}i7%MFCM>QWP<~0vKARk0c5?T;V2r5#oS&mBHo9Tr* ziGKgRPxz7y-k~kYD&q#GH}c0H(GKGnFfhg(`1|j!7u3r8&aC#3{PD-hj%J$eA%Fbw z%xQ=p5;6cZfNxj=afi?6Oz~C0+7PiM<0A9P9kvHOw$pTE6H;PGUQAwUuEVb|S^)E3=YfrR= zjJ_i&S4k#REj1VKURrF(o7s>I&nIM-tXW!T42`igG4@Lbo`&HouiEdwKl_2)@%)4+ zR*@yoShXqHUviC{$(o&zAD#gjefC2%`dDfbtm!6@WU++L;2ATBOuIfw*^(EG^qj{H z+}rw%9_jlww9YCrK%XxltCpneme+SoN}e+EADXQ#67upGKJt84FPHoy>GgeQn!fAL z2;~_V2MKj!EbA=WkiXS5<4ev`Ldz21A4KmN_73eUJ%*l(A`6z#S}~$T&O*aF%zDXL zmMTIeL&=Gyq!P%W>@DzCIlr3ew)#F%B}?`P(RfKDULn|tks}o@9zNrGxAk3Qd>N=B z6o5C-KC-~NWpj~(d)xl#*44Iou)&iSK2yG@e}+k%{N?F;8^Gz-1AA%Sw+`0E(@zGl zl)R{xr1w8n|9`4pt2Z3?Q?Tu!&kZaLwpSk=<4mQu7Pi>n3%1JWf@P0xGqmkJIH_>W z@v|`%lK%h=0Zka`{r`HT_e<|n&z6U1p_i@g*V2i1hCOSy)$G`oUyObCmKW(*k)9@y z#j5v|zO3)tHe=Y;+F^$IENQV~pE^v7xqS5F*YuqG$N1aD|EXl%2Tbpyrs#7S!N>T& zgXf1${_p7E=*7`D{_oHD``Vn$H~#N)RxPCKDp?PJwwptTo|#D4RkA*b2wqi2Z>;Yt z<6Korw&WjK+Oq~)qlOL6xKXwiB4xwnk{7(%SPgRcY|8#tbIH>4T2p_sAkO$;H1#KB z!74hqb*$Ndi)U0OYu8BcIIV;{A>+b5#QFH12(kXw0JX#^!e{;Tg!GO{pIi!65j{aB zrJW%mWtqHup6NLrkUlvVq!5+9)a~!;_@{%95B!=ljhuc?C3=^dHG|#GM4gfey#))0 zR|NH%Z;a1RNbkj~<5&Ih(Q)gyz(oj575Zm=eVO@dh7Sg`T6_BOf)%T3eL`LyJA)B$ zNV?fva|*V>bL$#oHoEbn(Sqy#&qQ8+?ij}}cZ_jp-%iX3&0mk4HIXgrY-Wrr+dv$@ zdIX5WA9n!pY9|c13gD*9z}I+gZnwu4q!dc=MaCv@q)te0g?65$>ZfQ0>D!%7tPgVs zT+Xmkz4I`9#j!tY$^5=`LVkGE;5q-ZFQ{*Sf7idA{2#mH348m+TENHnzoVDWTl&9O zubzL4|N2w@zBVWGjsN?cRnr9b*$>ehR%nKaS*Lk&GrfqSUw*k!bj417`6c@OcfyM# zt5eMCKR7Shnz-nSg@C={wCD~(tBYTyYfy#k^^=O~;omvX}Ct zaxFBo-}8|aq=))Oz2SY+q(^!h^d9LQAN+WD&?7x``MYPp;*xJk3XVT zr0Xp&(i1W>@lQFcXi6)35|Kc?kY zXZ|Do?c)Eu_gf!L!Jo+kKEnSU9lkhj>;GOH9DL*d{*1q`&B=V@|2}8cK8OFSWUY)^ zLA5zRV?GH3mP77v5Jno1Cvu6+@pj$c2~C*Xaf3roEZw@k`+;=_+JOHpYHzGvYEMWv zfbGbzXr&atLUf*S#YYP$dYm4-dW9O9hSRO-)AnbsxxNYe_9{xp5wu$BKVGps&}Q~g zGg@V8kjN@fa+b7OpOA#Q#|?fGzoHH7pYD-fZoQrWpMK@DfzzuU-r5KV z`Qwi+n48=+%gbtW&gBXD{hRIWzti82`(K%Om}dp6?uESVm*8ICHwWwKDMB9e|9#c= z|2jH;e*De;_ow`UpTyU`&Ys2s45IHkZhv9Y3mhFB{`e3NKyC)J!DsUT0S6F$_XRva zn5;vcMBkCEIrME502xlkAUX5A%pmgyrXBj)3-4}muU1Ib){v-S@k)hg}MV0ENZv%pcLuM3B_m~s*?4E zS3R_r&-L=s>H_q@S|*1(zaM08>5~zB+&cfCLH{eJJ}p7qWAfkgE&1xCOMp1|P6NWwN$3 zbje2>3o3(v#)4xf6M&)iEPV$^M?P=KJHt8 zJLtdWiSXZk$a{TyYT(EGzh1s*<^Mf8e0BUS|L>pj_q8d|H~Zh`tlHm+WKTr;rG&6U z>iSZW*x6^>^Me+Jz)R9dBs~bcQ|o7IA#QsokQJbBlAt)bNj2`Mt1qVemIcDzY~?qa{v`Gc_1a#%5pC;4M|8XS*DTk`-#rmlcYYFeLE< z+(3S^7n(l~?mpdMEmUQsPoJPiKb(xun-9j5Gyj0Pc#kawf&FO^#(?-$830N`9AnsE zd(-rJqO!7Sn0i<2j>(?Mux3-_dq<_5atsTB+x~>mtmFkdIUfAzpH3c1>jcK!uI(X^ z)t6^%)l6W7iF>Y#Y@;{sHP4vZsEXyyHZ;q`{ls=KQVGpWeym1Me{U3c6bZn8KN!Uu zc~dFM(BwP3xM*bHGG1(3IZxd0gGRP9@*kuUA84ML@YF!xU?gyxt%DdTx~JAX`?1dw z`}sc%Oe|Ro(mPwT|7Zt03CEqKq@ToF~5 zpeiJ4&9V&2C7^XNFvTms8hk?2;qaOwfdK>*PsPZ!U;s1@kBk!o>qE=*lK2p)Zcp60mo-+Cj z+ez_j6eV|kl$xT5FY;fYB+V}+y?vI`f-gVSZuV#VZJqy%@!9BVHu{=l>^}cTFAtAj zw$A_Y(W`Izzdz+KZ~}YaZ&=b~&8$$jtG!KfaWpuH$-mH|rgB4$4i26__>!p^$EP>?33PBcAU^Uy4I%?g&&;St)S6})$r&vm5lF>ku0UIth$6+eAO@n=@}y*? zD?<}orm;x1Sc%F&lUfA*C_%8Cu>?CgB-L7qdbK7$Vcs6DNGg(A%du^^gxmrwaiX%g z*PNMvtJ_a#Y)AC_tU$YjDHd0)w7&LJhX!LuNFdLgw)4fGR)7c z;!uqi6PD41F-;+%FxwoSCZ{SXQO^=%2DJON$ly>AA^D0IH0#*&ZF+3!)Ut8>W71we zvw9kvtzzmPp2NaO<}^iwC{|Jln4;GOrjawrvW=D$ZeigTyZ}7Wvh}{*bY4_UE@=Xn zL>%0aZc(>@(yPP7((k%6_(2F`$BwtpfIG6mcy0l09x`*6IyiJ^jXePzP7NnwdlI-d z@RpDd0v`v5qS91f6g0~$*;e%;=anHImhS-U0>}Y8a};18n<}lzR@hyJ>u%?55i%;8 zD#P#^-xq96vn3JBhnbhB-S(vC=4ACXc;7p+ES3aZYosW666;-9&U_R=? z8V#Jbkyuo63#HeoQvR^O`m1>7Rpj%P1Y?LIfQjUkL*b~5t4hV;mE~9=R9&i&gma~8 z1~o3=jx;TB`}NI-+=}D1!bOh*GSa|;V72wSrCcSof?M7gvo*amY~*{Oc>Zc)AMGME z=W6jW5rrywQj1z;8vFuAk#9?eqO*H!NPW8q9#_oD^U?j!m~Q)Z6Dzl zf9Nnn-~WIqZtW~9}=RY z0ePd@Dm|<>o>|U{%xb(`4X$12rlaR#*xj5hpK8Tt?4S|wXHO(yg z-3yte_gwQDg(&*4^NQcWSI8i@(t?xN(5%|@my)rVa4FfHNHihey3LLJrw6ps7K=4I zSZX}pqI8~|m-Qm!Nw(35T4r<;`zIxnc-1O+Vi=21ZVTCbM~i`3-WsvvItSW<8+06O z(1dED`wy@?d+cMv%1R$FNa?vWjpmSv{JO;KbUTxCtW3}}$>NSU_5#mXfO<@W9i5B{FoCo~fUGdE%)@&zv(R}ZhXU$7HG3D?}V zl`u?R6F4)(z1|9Y*A2*csrTQ>LaO4G#%Z@H6*r1kx}y4LAaX`<-}4ui8WOHg_i)W9PpkeXi>#o1P<;51Y8+W+xHXHz1`Sp+5O0Y zQ?1qvS+OQ2T9(NQqvoVoLBpRhbLCmC3U3E}MD^}D1EI1ETMCi7hTDTjzDK_I3{s1M5 zy(k0=;!!JS40m}MRF1H;>m+h=)jrO&Rux%kcr|z^Z%CH#l0%`1ko9%aq5j*ND24l> zElKIZDg#sML`fg`~)Nq45NzM->bYHLxs7L&btMg<}sB*Znj{ zPJ)pot0*sG%QpuiJV*z{W@~c6z-~Z~5V1aC{&tKFcE_45rcCoqallLfidO!(nYp0~ zq63~bNo{g&NIh*I09=Y`6iX)cH1%@giIbJTxQOB4+Y@arTDq@^mfL?L`01_gU0u(| zXQLje*hfr(~%3zaeTs z8E_&nh4?A!8g$dW!kz01$VMxYF{-pU6>90tEB>@X`e}7y!K4;Ozt(<*8d#-v!tirQ z%o|7+p6jLpitweUGy2M0`5SP%e<9=TRi>8L3$$D|0sQtVEn6oA7>GM2akHv5muX*5 za^v=<5Hi;Svt}$9l>?}OZwdyg?PU)38<+*c|a5iwR7$$L4SJaK%3_Q*s@kNZehoDCn85yTH{ee zE#oAWmL$;FkQX5A7)t=ks-6o}19DSjOexqj_OZ-(!nODdJq896r{CDLxyV476{xWu zR9$&aUys;U{ zzD58vRhLXEmNGO1>0=OVi5UpF3sjI+%!@=T$q?~3=7fMm#y+wnAn`zW-GWHAq7v;& zZP~-v0$vWt+%h0)fQ})Sk4^n5A+9(C~t!OeK;p%vLy|gRl6ue%78QyKm+; z=(qxKrCtrlIaeS$F{xXSBWeEJ)s3#PVbSb`gXZuLXr z^4G7)@ahBk>-g$CCXAy6_+u&cB;8Cn(3Lb$lll_`dQxiX)P~&SQh`7uw@Iv6lKFUk zF^b96^;Lg-^?EwKdNaBlUCm>1Ihvlm9bV0cr{jz9`~#rS>+$?*G(-1+q3L5XoX*E* zHy6VxncPe#*Rv7cwrDNPSf*t)Rf+2sb}N*5RxqHmSr3UHW~rgS_(yLLmj?;+qwjJ z=Kxi*gnK0$FA|<=#uiNpnt?%`E~lC8)KchVP4yBnNvK4dxxU5SU9IY@Y74rsnzf@b zH9p~m+01~hh8lytoi=d`m7aDc5MftBr1v}vb%(b^RiZ5Eip9Va)EaP8l@z@ovSnR( z<_0do4o{Fo+8yr%b2m9S0-n(ztIZWy-WW=LXX~o`9bQ zWSHnXL9c?Pyn5uJzo>&l@qVpY_vUeJ8w+=u+bkEFtc5@=C}=tx#&*!T5=xc~=t&I4 zam$Jp3ByU0s0KCEZv%M8@`6|HJUZ)bW??5{kr^!%@GZ|Y*}+g4jg6Rw-pW^8HOxJ1 zK;DXbEeWA0=@tyuGw9gQ4?J3mEU<<+p4*s3K#6M}YeMSDD8LJxj<=$CitaT<0U8*c zu$Gzl66v!(@Oa)~ZI*6rQnqA8if^n%mUgJlsmy^AS?1cUqCd{Hl-^oqG{;maCiU?# zO4N8;Z@kzTX2VZtqgTMMsbl8v18fY~Mh6Qb@aXDX->Y42aPa$ZG8tW+kN@>VZy{(4 z$}-y+_l3}PPyYs>+&fzmA!Po<7h>Z^(bOhbwp#FvNr)RX(p>B%c~h&66-g#cy{(0$ z$t|lC>HXWk`&tH|nJ~BA#v&6?RU`EUlJtP=or~go=PwYPQQP_d*e4*ZgP5w;qRvvy z;yXBubP!zIfo)cw6}2fU`q3FeL8wOn2IM^>G*f~|hOLdB)KYP1i+H1yFFl5AW@#^D zYg%0}@3I0GQVWUFFZLj1HA{)6!99IfG%cUT`9*`tsN&8ZZ&uFQU7dQyD>3Bap(|A_H+a1bGiSs?!w9=rY;NKc(8Pa zjpv0CLxD6pjB+eaAoYs{Xv=6rWoHqYRu7sS{5=51$V#g&XiiK1f9VELrjXf)~&3*&?Imvy7I5GW*{d|3zP$MVQU_7%uOwdcOo`GU#) zlPKC%>WpC7GO}muo9*NN_$9aT-FBUkm$cr5jD4?AT3v=S8${8C5k&Qmz*|JoP+2{k z=gyuy``&nRG3@OVERGyV&H*mO5X5gBW-Ne&I-wYOoIpou!A12Z{>)Xgp%b>cWgefH?fiO>UQ*aIQOP&<83QvayVHze;+J?Lg#afuaBsu(G=uj3fyk#B-bJJ0G7W~$X|m=8Gv0+7 z;q}aCD9mb9acC_hQQi^CdIexE2DAKbV~DglLvod}4_xM9veeD%ip@En%A8 zYvi(kgQ=`aP1NYgP|}SJ;t0gBC1VPdWcFF?LE;Ee)0?%0H2RUXA_cmS@!YDml{M`G zOAf}>P5i)HYoRKmO00O!)S61*F@-dKw9cnZf^UG31Pfh<02%F@;Rv&hHyEMW#EL_f zyLE;G%iEzhl3N92xs_W6!v}VqpFr7SbP^h&7NO&RKr=$@*u6n|q6nKe%>j0mHqVmW zAY~fB*_W6|1Vt!!+^s&BIW?zoUfVKT8sIyj9z@a1aL>k<-jd$$mE)_;8kw7QDeA(V z!$f2mOF*Y|9>|HBpv_sbhR~75&8BQzSrhHQS7cZeqAn67jTfw{m^3%RnlIq&-YBLt z5jG1RN@4nhS;WTU)3v9BFTED9F+NE^)Xo@1H6x?dIwlK|q6gitwcJ>Hj>!lk2`lcn z6p+xx=?4cbwp3>xRTd6sQM z(2MIeDU6214hYs2UMX@~7ior`%iE;R`W$TbgOClXi4{-L`3|vE1AwPV!(XIsKP((* zN=DTfF18{5Hm)fQd4X^TJwtoq8>EybMwE4i!T=EEec+k{45G-+)XptHpGVhEgVcWC zDJU#|Hz31yBS$8ZMC2tcIEvs61}ZjpzVHul(c|6R2(8+q0l9~3<<5|sL=?-6C+J-0 z`L%}_4Cmhx7;HPH{=Kp^32~Sg2`>Zo#`>Udt(e|vy{w@lj=Su*-}UrTw36r zX4E9AUM_h8{Ay$Oo4jx{_y^+4?wAZ0)9f>Kl*+7ba7DK#5nHV6#y>qpca*)(YWH$u zY={Zug6)S_?0Vj_P;k(YlF7Rp;DxuivVF3kile~bmJT`y(7Ni}HgI-rBQT71cyItC z8WxG{mFtZHdM+fn8mt9f#b= z2d{a?u2=<{ZjCgT5KJO>{s^SxN)(oU>kS)uI*;$3(~2gvG*XD^;0$j<6NEC#DbIE_ z(BqRC#=A7zC5?8MJdr{ZG%{OL$tHqZD7yQd4JTw+y7XbD?~#^BO34)?QRAoS1e!A!F|^2rS!9kAn$`_y}&ql=EK z;OTt=kJidEdEXx z^!8Bxj{eWSKs(vWf9N~31Jge98hxmzKj9|r*fw*So}V6(VR}bF38Sh0N{YI)6nJFR zl81+bLu~(^EoLQzI$iJuNKA)64GyB{oZYcZlz`52Au=rz1v>_Tv5Kz>Lq@n04$|O7 zvGhU&4K6zjf5S_)NsS+HiVBnmTOF97&&rOhG?_r>s0NaGcPIrXKyqb$?n2iA^tMMc6HKy{gM4Q_!4S4TsY^3=6#o|=c4Bg}?J_S|;27J2{SSFh+DUs27}ea_nf14z#C zIDL6Xn0Rn!H;}$IaNavP9%}L)`kDA)(}qs5?b>aldc3|f(8F#!Pw%OHq8Qj{sl{e=61#<<%pY-o8S-cMf}aQ=&+7k6uw_m5lz>eX=D_$S1#Jq*m+S8R$*+ zdgF`Xm9YzkTuc?FV#%CIqjhuhhga5lBYo0hN>EvX$3>Xn9dz8GEsRrT_26kUmmojjRX z?OcWUi|N@(6z$P{fH4Sl;OgPSAJYCV&nfRK^>Y;MEwJzN@$BqkI0jG458!P%ytp8v zf1ON6GxWY3UrsK@qw}zr^ET^;sY^sM~`(r(u>;p5}FB64pAlHlKJwyz{r915aMMJ1}Ynzxls-%Ao z!!+&MTCJS!S&4kdO6f}zxFY)s56rr;5tA#*Gv&-NTcLdc5;nR5j9;*AesQP%rR`ax z8I^~?KZ&C2k`@1Q{#Wv26kUp9CC*RD^T9zBy;%!Yq4}8nG&p({MXIWcf@S3S;Kj=* z8XB4XXz)r)&!F&5$&0~{QN&7?^(B_mA+Mq+1(tdc}+WimHmqD(6y)djcAcDND&)T9KQA z-!Z9ZMo#tcVC2<6?EL*l|NFH~rcZqC`iZGrMve!Ehf%Z?Mb)SG3^0T1gG-+4RWN3P zwEru;qxdLY)EfH3gDB#KsQ7ZzuY|~y?&-N7G*H!F@S^^x0iH;HN0UvU7H_bGA@8TT zLyO8a2-f13Bj4&0c~vY~7a|iYZn9S(u%u*C0WJn!@fy!oR9~v#uWPK{wbDxkIW1Jh z6J;`g1SlA&iPkJDO=d4p2!jVPlbjWps^l5EoamDQP9qhQ)VLu4rK+JE%L65>OMtQB0L?1QKb*3RRp^)Cg9Jj<5^_6NMk_T+FnJ+6 z7O=(hb-mZQXx7Echc5-eRq%>&u{Vs*)pdg}^Pcph@%-&*>bOA7m>~}qdtUET*gAan zXR>zsZn0!!Lne~ladvN&McqG;z4_#9-&%Nlc#3RCU`v4es9l!Hx(F>s^T}BUMZise+HsG2ZE^53j(hC-0MTxU>F2+c z251=mo-|;Kj=RiydI4cCjnx;#cz?*KZ@G0E8V9+d%hQyCE+Ca@%I;i(W;mUtL=!GI z8DthrHv=mIT~>wwY@-S*((p=kqGd(%l1U%kx;?a!UjTo+pD9KKR`eD;^%Gh<7gl;F zII{gVHd>2oID;InITNW3#ZoL1CKQ6|Gf}LVv?ld%<*CxF7K{MLKQlh1F#-FC&B|6W z$y6iCzLCS--L?BR^Bc;Ns$Q*_av5Y?MqAIV0Q`shK$2TB^g|bchUjSDFPcAj0%IR; zN>Lc;QEEw8RdH*J^qfQS$;vz`@Pp864vT|i0@;*?1GWWpDI{BoApZqpK^9C{)^?`L zAfaVU>cSWPi+y@bm}p6P+OJFF8;mlr3x=ipj)yeMZdq(CZkmK8kUTbJG$xwq@2|x@ zWJSO?m3xF7`24 zAg4vWqzNeM(f?H5vdV`lZ_m?Y$lu3`X@Q?`DncEh+pESQ@TzagXgi%CRitN}vX*#* zH~pS_COb`Ll59Ai?KShn$AuHzVG0>utXvlPAaRQypr9~$n@|yg#P1m99BA?pyI>=w zmT;)$maHfW{ku^y8$ zqXp#X(KI+Fs* z>lnM$y60*g+y)G(3=c9dA%6sEYZ%xSHG8LLv|t2oxN1#{Fn^i;u@RmZ=6&fh7VMlb z46iRuUev}SVtH-7UiX4*7?mb}Y%nO~v@fftEb8E)vmG8z;M!VrJ**U9yh0jRwuvE< zoK=Q_^r2~T>$n?f2Gt9cpvE(H9+YuV{vjBHHVvX%=Y)NP#5$O`2i0J$gCRe`%Gn|m z4M=zx$68^1q=cCYjmEJ@;eMha2FVN2hM}|v zb^-xVY#=qDN!c!9>+QDK#6~;ZiWf6FrqV~JH3LK$!i2oB{*=*srCFC%o%sqWrO0@~ zo2k3d?br-=Q$XLd3ba#ZqQf-j1qWtEqukW@8KQ0IlGyY_T!IBKFEfybVIRTWu8||8 z2`n-V7Th4!BH|OKezKYHLr+1!^1Dln#N=i$8#E$np~A>VtlA0IQ}bm&=FY9v507bU zeCn9i=mZLLkxHBpTjaK>sRvm>J;Tm;v3dr!EqxRxa1_tABn>)S6A8PmtG8&C@!}Rs zQaN!Nh`V9#g7XdHxecw2;p>7b{qdeHf*-86YY;*mc4M> zQl-j-?m1SyH=OmKqEP;CtVy=ZU?Nyudi>NId^2`O!IRLgsz!4Z^SDU`7F^X7#mtK5 ztYs`|d0(@lf&_$6Gs3vN2kufG{y3Z|@0#p(&mSqccFjHxLI(kASw!JQ;I1*zUl~-O zCe4n^G2sr4)gN@QF-SPJU49-MaLYzq7skSqGYU)&#OXgZ2ZQsG#@L?5SCAy2|FHYT z#@8M5-ouCrR)aqv!-915rFgN*7;!%PidU>jtQk?Yl%mG#HKBP~8#i)Vu`J`7+g~n$ zU(7@jR*-mcKyG;^a#k^^VoY@D=B@`KG)?seJrK^JcQ6RY#avp+x-|_7mr$elnvah# zHV07nJ*>h{S(yo_l2sR$VtX&?M(u~7YiH7Hzyk~22Ag)QeGMunVrz!ACKZGmFBsO5 zOk+|&YR3(ja2W8P#zt&OCJn?!@ZrD;D*{uVE<3=DqIVdh5v0R76Oujj{EJY~hEqTv z4(D6~OV3;8V7>=-x5VMy!HP-Fav?WXD_hppGf`J%T{UX&n+PXb*__Hw56V*PGp(UE zr>T^Wy4gmo#1e95FjwZ&@JW&+CaDZ4vDJXQhd2;PlUo&&MMhJb(5|-CKTX`Wkx?}L zEG-_OlAYxm1@#^Siu;0kZk3G6d~X>B1W_{_hzJ^hehx)pQq$acJ+FE7fWNoPjD7NQb zbJgJh49u75QHn}lt#elK1oN)0cmfT>luVkwYKNa+ksBv-ATD0m{P0S=vLI$ zYx{m{=yn`Eh;0uA0b07K<##0Phx_Jw%dI!PhoKu%VA*xU=2`<$INEP@(eWzK<<{~= zQHM3fXnLAD_)kpc6ogf2;nG&NJVysQU|JL-yIT=aSD6hQ3b)kPrX`|mi)NZKU|Xjo z#b}bc3YS!Gcy~7~Hl;goIErrC;UTV= zZ_78{@kXgjb^`T$AQdlEM>N)amipqU;0g>b1J2K>vEs(j)4PRIGtPsZ&{h`^^BC4> z3=OVO!$zJfS^?0$Q(T2sbY7@t=1%!*wIaZCK{v~;Y$U-lYK~daiYurzL>qoH z)S1n?4}Rb~XfbE8AvxtmxcXbz6(p!>UKtQMuA=CxgiUUBd_t!Bb#h4FP0pT?!*`Rj z?xDtoLf^>$sskK_13Vrex-)Uh6XtR7ZgQr+EXB)XlTm({r_JZdSympO-wQvzua%DF z3DbS?DYJc2YL`!%>DR~s^EGGr`2pKcn|AjI7LA7m%{IS1643o6C;n><^cg4LWLD}- zJ^GYM9l=G9!@-P}I0^G}`bQ8?b0Om{Y% ze2t0ChLb;G3SB9(cER2P{S#k5`Xu;z_)_sK??L5va8yQrL6MLAJ23TLFs?a;V>GEEPq91s%)1=~eppM;b9ED!N z-z)S~tLg%tEoq%qB;|Bf2*sf*Go15r!`coNUBQRH)oA9YO4Sm&GJtHX%a@rI)-S=% zvW@X{PF-O^i5$MN?#GQx1E72`&QJQafF(AfRqnc9QqU7Wo~pQARJIF|w#0cKRfDpI za~JYORGOg$9@hp@bn)!!gtSt?pLaZ)bUZty2~Wa-%nJ}j6FtF0(kE{)1cS_( z%(bNPft+8zzq+^{qBsBeYBnEUT)^kE>&XZBFg!aO&1U%QVtn@3@zoo0eMN>>q^EzH z%zNbYW8i12TS1K3w0B;dDfBDAVK2y>mrQM{kE0ul3uu_ZVK9jwaL5Y;-jTgRZdv zllj}>9DaT~d^aMmZ!Rv#@Miw@dODte(BPboug*P~2%jCz!E=5M;p_ltt4$n5KiJ>x z(zJU1IK8BXUP$m{9#C3*k$`jU+2__J@IUmjD)9VkAMd0juViFGoZw#X7 za6r!4k{713Vbp7;k?)ayEA0d3c?Xq8BOmvc@29aXfMTXDTG1M7up;Q5jIG@m*g%c% zO_E@Vib>A1%<4$2r#l*-_j;GJ8`ay7JNZL}S?*OMWqp{aKA0CeH|xu0e0r&;-8|-w zzrMt5ZHk-;SqkX_4Z+$0^}#`3$5T!vmO$ur1YY;ZUhiVu+b4ZOeOf@c(0qB!&^7R( zC~#LY2h19ce2YGp;KjHRU=F(%_{>FKogd zlX}hC9AjI}nJk33%~<6_`r0vkdcDj?i+j#6(6-mR3@WDLAMy*}jzuN7m!V1fgdFbM zEPH)dT|G2;p$8{;P#^6#5|Tl^{n$p$*6`(cpU^txq5wxgxW9kL6&eGL*N*jG=cbHf z#XeRsROtdAD^p39L!^V+$6lZBx3dI={_w8LTedM!hDFTx&2nv(P|)}_5hFk_TXUhs z`7{r@K^ZXuOws%Pz-uhytI+?Vt#$o@%YpUW`ojeH+h?1@BzsrWiF52C6wInz6u_)ETesVsd?_KYD|52M*ZNGGRQmNB`HZSU8CtEyL8HhA);(S=uz3N>>)xx#JDopPP(y>~Sw zC*U@#kBlZn8%8DYiI@V?sJmfb8tV{J@0Cej6ohLJqUdN4WICF`fvF`ku9*H8bDkCH z=6Pa#enk4@Ow>gsH+|z40zZ>Ilc*l$m5XugbntrXKv!-H&*dcseY>Hp=H9zFVOgA( zZ)1n)kc=x^_)nRDDz4E$B4T=%TpI-dq~gKxAkGSlmF+fJn!d1x=j5a5Vr%{wN^LR4$$K;K5kjy)%D^p05VynqtwIlVX$6wjDeyP9y_Yl* zINHb38G(7l`ZWb*eTIj_vDYL6h6Mgh|Gj^*%hbQA7vL%xW3EU)EZ->N@hK z08~)YzUgt-3`hAniWUPjCVL<}5wv`jNqlG9F^C)tB;cU!&ry^F@Y)*U#;Len%rT6P z%Gin(DF7M7fEMVbfQ!?-ZZ~lY+kcLt&?Su(;4Eaa+Z7uDbx(v%P#xB|0G~;gTIZWg zBp|$kp)VH|%QpKOV_;#FK!INr;n@pn!J2FRsT&Y_gSwSJH1Uc!O+2A-Gbur13O$G|RVQN73eBeUhK^O*WcXb+^F2x!V67g1600==ys(|-= zjJ@ngSif)hG?&W^%kqJAZV7nXk*1w<=awPYa7gBormSC=Dke9Wgd`@f`9~`rO=y*@ znS!=q>nIvGN8rkrTV8B1y#q9DYOP%xzw~w<81;~sRkjIY01(W<(QfD|P22 zg6$M>Dag*Jwtc`LuP+vaj6+@^z?~p$q?sZHv<<=Q?Fv?w(|6fzB`erH;T1r9jId(K zG#mkpK5bD+nTng5`K^nJXH6WoBCLDZIg5bgFM-qF717b!Om`x?*Tm}HG3--sui?N< zk-$&fVN-g%l44_16@~7NT|ox}GAuR^fse-n6;52*)CnLErDVZ2qDb9r!cZ9Bfn>R+ z+`jZF?!vOpmORUtDcU zrhvr*GJR|#-&Lo8Gid5VRvL;#vXtA%x@E1ob%+bJqh^xPbVJhGXvTONGJ}2;mML}* z4*uJBHegJkbx~`RVyj3buvZ#@wm{YNS;jnuflwJ}i*0elEMu6C3hPstoG2S4vYvXH zsSTp&#emG|M?)8&6?R%}Acj$SZ)C>`k+g!i7gem!Q`%ue4OprWuUjsk{6(`uxS`wIm1dX z$CfqKsj-X-D7@k=$H+xDskNrOuYTFZ^~ZN{b06#C_WbS1cM9uiCg zg-(vVD_LEO%mzxXt?9KKQ2osi5^)gPEl-M+z?B)m8TdpWwwUb>wPe5|RW;UBXzDXS zsVbhxp!&#^;{%e?jidNZC#k#ByU3NQo9R>>^ATKE?W^8N1c4|5mov@UIG|T>Yn`BC z)^cl(nyi5aQrdN3jcn*kE>+c@5*X8rfu@}v|GvlsP1_3LFJu0>^-T!u8KNL-aUYZo zLOx4Rb`V9c25y!%R=$;=&1GC`ugLZd-b(F>Xy}tdY$bN{YfUTjs9BBRA-1Ih4L*l! zLE*s$`y*vEvz4v1a$CR;wzHA?+;jxQFXT8($W4%#@@T)MAZgoQnu3Y#Ry}|zaHoQu zCIDbfWf}-|%^WvP+u6m~9^wHR=Q&F`>Q;RIJ5Q}UHrp+{zJ-4rkoRHY?vcy)t$#Zt zw%WRFggmY>90hJXZkFIp4^ApZ?(ui1Ko`<)}=}P!K4(jzl3Bs)?In4GKVcw zjOow-^`z9-jwX+GIa8*E3$>ezL%OW$tPvt**|pAixAWT3sh0UKZYC#fnMqv^0$2!} zp~5D+Kp(CkcX9zK1dH}`V)MaH8Bb4BnWa%{u_+<7nijE}`U+&<2jol?ki*gjrp#<5 zI2$MQmKNzkh+9~wWi7W($Af+h*uh{+_2jnShRy1ebnoi6qz|sFvqzRvEHdT{EDMY= z&F(CR*8tBsT$sbtSop_lvxFQ-gVXwKGqj1!HCnGH@reU6gew8zYf-bu?uP%8+|Q4L zqsA45eq>>?lIh4fqkTUkqklcSxS5ULjoJxKrlZNl@N5MBRp5ZvDDg545}rJgb)~yj z%L55{8y$CKQi;iII3Lem56|Y;(+}kT+zj#Q;}uv;t{0mO*r$OBM$`kglfewg?D}#< zX7k}3;ro}H>3DWNK0^?#-`>T=^?UF>GYg8HZ7)nP*_h1GRc?5C{Vsg*a`*u|olGvk zgV65RfQ+xu-Ej17bTyC3?B?w4_U7U$kFUu2%@n-#tWTbs^kg(0U!MF-tUG}L`eJnPft-H8w2!)5TR~|w4f?$~bzKjR z$X?K2tXF^ZZZwT?u5KO2rQ9w6ai8@?UZbfquHhUUMLoREX)o!cGFgca-B|i03tli$4h{bXVRbZ5h zVOBnhIc`*)(VxLn-{!JW^}-4S8r&ccDlZy2MNl;ef`HEo1p2drd3|BXe4D&Y#`Dq( zN>&nA7DXXoJIwxxCWCGE{cztUKzA&n6{C!EmSy-_M%88>5Ga~yR0Im5eXNMa^AcS; zoh0Iu`WU|=$h#8e^0Vqy#gba`Y7-MyK#D{VTx;v?1QLGEmEA>{MX=tXhB@2xt=Sx4 z)@}El)0A;kGQ6e9Cf=I9bzxSO(88g9-jz%rPCdGX!tsGauW{_P3c1CmmA~@SGzU1hL+~d-HSv2#n=k2xoHBqeV^MU* zWm4yO1z;gq3Soa>1dGXn1$SS{FgVLugV6KD#T3{H#}6ilG3Ub7=mVJsuB~Y!p*;HY zDGpN1HVF&6gx%cgFg(Fp;-Nr1GP012ChM3KY?bj9D-srKe3Y!zvZJ9dL7aqLTfj_{ zmy_rFwp5=61d7>)Mf$*<5NjrKn_^?7=~BgZ6;T9dlt5SNbxHQ6u7XjXW(4VId?Ff+ z`-l5}d4wbjk#bOF{aVXSxK1gf)q3AV0YGgx*s;*C1_YB9D=%J`!@LmNKJHm|$4D-UYOTJvzwYlg@Hi6*+%aYtTNPXH*}!=V z<=p6&1BW5w7}x+3*6C1mpA3)m(ob{p;v*axt8Kh_OKH`FJ`yo0|@1@X$gx zI=jBQz8s%vX=66}KR2VR`FMC?oBm9$r|1)WJ)7%^zaDEj^YmsmzJeIJsh-QtC?;>N zug~9)FD{^SEyJ9RCqpee&xY^DS8rx|3l0ZR4lU!rOuu8&>D4i%*_N}PyEzUqB|*oV z`!Ru1%-&GNWUg%FFPK*vw7`07n0rGLz0{{k1x^Pm1qS6`eDyAKo0>xm?(S9@=~5+Q z@f}o+qtc&t=q|CMAh~A?Nc_3irJuB2?mreR3|G1XAc!wOek<0;xS!CHCYk`3k|z)) z1;I*uB}3);1J=1#kz7FwqqWC)rhbwhr`=pM}>qZnBUkr7O;X~Z293xq$1oL7)` zFA(xzD8RhCa3T#sxLMHNxz}>ID-(YVe8I{s{Ex$uA(k)ltXgc%vq+^wJ_=y4Y2*y1 zVEniTR*$gTT5-6K4*ZA(=tL0&CcrJ+z!+HxMnU;r&4@@Vj>wcL zk<~uqhvfr9On~i^9HcQGWKC-=}Hj;xOCNzWUBk|;e z-C?#3yedm->x82$1zL)Lk94A_40ZqWsezS0O^Y@N)qTseu%b?0( z^No{PAc$*pbQ|8tW zL)WTC8uv{cI2#A5ye^4kV8`}huXg#i#@y?5z}&;ycrH3xzuiby654084fr%D=8N36 zToRfNCs)_=vF3S~JY#!mf6yq!vSl)B6(uGK76;j$NY|hpQv+Mz!#|_W)&^#%?O~`Q zy-P6h!$lBw0mZp`c=dZ#o>#g;V4(}BWMoG-{-%03mdeI4nG~4zT)G4({+#a`Xe$Vq zD_>f*3d&)LB}v($UaeYzrReXFcsDCJ8|`%)7+$~^2n@8eo)HYfNOPpCsDf&^n%WARNiZ>X5sAha~8+!L@E3{zEGUyS?Cg0JF!vfX?(`P+l zwt6EAcrn*wm$SW>0YG^NouEPxwsp{q?(D8E(W*(qe3hS|q>fP@2Zd_9Yy=f$SiYcg zB}_?%!kGHQIy^=c08L`E?o5M%F--BRP_gA6L#~lQGxRgG417X55G#O$i9pDnu@7+B z9XJ3f`n}!5#+ta1H0>yuRQqt&D`D!6)rxg7gU*X0yfZ+vd1tFtrXpY+fm108BmDW2 zP~8S0tQu`xa;QlXfrQ2ZfXZ-DK*(^TlGy-)FGrB*90(OKaA+e0`wcJz0oU)-LTm!u zTCgSLiLb26(K!-g2WyIQNzN+RjmBy2yuIhf;{=0*HB42-@)G#Cl@KXeQXuWZI{jef zMXt&k;>}X7d`jUMD<}YDVNz~8Kxi!33b$Ad$X4d+(68=GROC(PI!KOEgub#yECK0& zl8mirMo@PWw~C)4F|`5_s-s&Lh^C^qMO?s)hh{sc8t@LNUj1&YVNxjev%R4mJ!T(E z-eN`}wK+^N4)P@v?w!6Dgu)Bv-O$^W0Em>06Gm)ErWVQqX<*US}Sakc>| zBlE>*f*B8@=vOeNgVEn)v}{*P zeOhzxK+l%Q@6upBg$?fpt4bc}YyVHm8cHk5VrW{ba0++qZgciQ*>*eeY5lu;^2}18EP;E|xQ}?7U*MtAQ1G%iTN@Isx z;$RGY>;bIUTb-Vhy~b&Ual;+o|5698^eKG~qUh@{PdCW}$!0C7Vx;$Vs9KLSVjx`=V2FO( zf}ou+qKV-Mnc6-Xa2`&gXm~lAj?ad(DB3&R*G$?OEoe$lJcah!&O2`8(d(k3l8c|C zXzyrWH@IXUc_Q$oB}*YaUAPcahDFTvcWkTQJ>IvSH){CCWLT_fo@G>js`#p=&rYda z)Tw?T>jjO;spJ(`P!4Rx3o=$27T`Oho16yU&qdA)p3s=QkxWl4CU5EuEoe+;lou8G zE3b?Ue#P#%vX3w7gu6DEl*)=3izq&NrVIa#DS&%P z6I$zU&EbNECf8+H?fFh)+Y0LZ_h!RsPgAwMA7O+!<@dB`c81S>j-t`c^m;Oi$>sR` z{9;5#!`a*fY`oS7B#QQa!ZpYiwBUe=Il~XXF}a}pS6am6lx0-bDki5w6`c0pGWi=@ z>64?8w$4_13uAI71+Dal*Lo2o`B1Nf%IID5py(qlV2C$N$d&%^wk}pwZesFR`WwB4 zn&mP1>qf3Nzv1Ugk)`5}>JLT53bv9WCKHiCuGp!_5%y`V6yP_L3;2H~?&z)lG^fAv zTaJCrYk8~Zh~I8*r6yT;3T}Q|Fl^RbPQVbZv2pM4z^vDb!JLOhDx}oQzzVLHs+PCB zpyV}GLLc0mNg)dTsRW0Wl*QzXX{IJKH-Ja|n4GO?8j~}T3n}!u7sW~hKcD}~7ox6s zOwL&@5{(#1V{zeyn2i2b(@IE5gb z@8SRZr(7vo$7Fn`&%l|0TkL`@XrW)aq$yodl~AcaXI%eVOJ3o&;AgJ!=aOzjrKP4z zAw`mi7*6LI%`8e>@fDLXnXhO|sUahl`UA$md>5z9hBuVq4>J1e;=a)1!r-DA~s|@kI-)0?BF>3!Flg z)U=V#!PZiA1j8UGj=2;*sL9h||aq+GH?WEt57G z#6c2EiVl)_z?VSdIkfzd$3AR$7OiNT{4IT?fuwFQ!7X+{L;46b4HGy5zsfcGXUY`0 zWSgsn9AQNDCjT#*$i=vRq>&FCpOYJ|(!;7GWlVmY`T^<16pu^5;+T?i#^re!^M&Mz z^6W&v;zHiea5Tk7Wj``l1TkK3&W-oCAe#B|N%1oi33)}M`@=W%SK21ONNJ``{;oEe zgy!$TVnQd6EKBM^Gy_tj6t#bhm+F|O$y^TK-oWBv^A0lfX(o5AGd>RUrG+^%VnA>+&&{`_ z4{qz*I%EcuG@_x|#_v-<07Cm}0Mv&pq!_|tkNVuoV7GBP zOX=#g>@=vA0lDHK@ENy)RZecrc3iL|=1U&ROHLj-njf)GW9m_{i42BPMs6d7@-Y;V zp8^)i%R)6G`@<+=aYqvK;NM#=p%7W{hm%htD#eq}EvJ-mkdb7dj>z(-(6M8oL+2>L z6Yhw2TgV%4gV|gyT@aBU`J6@(6O%Na{l&^LZ(_zgrVqNlbGe&H{xvdUwwP`v_qJnun1oDO z3nccTQt`#$aOMVoo)%OoS~G^Klr|YgK0bsbiyzH{5L}$Jkoi-IZkODrqNBjyaN%2Pb@%v7qa-L6?b88s4B7IoVblKW#D54;AvISt|kHIlm{h<3?O z)T5CXSXJ5R)b_lj^2>d5<;l1SBx%6bD$wNIM$_%WG%4Sk~w zY3nm8x=Huc0O0J{cGUKESu^A6ZN(rXwDVm)OJp)>Eg3@ znJ23ovf#cN;pOQ>Y=J8TzCXasoOw-FtX8Y znEF}9DP>R<ra=+N|(sb5!D$Ng8-r;+|hFmg!+Hn%hLnC!jkT@D+|rdixK6;4g> z&mx_g*?v#)6oFVHpQ=VX5m22Ka)r$NsB+bd0%}F)#u6&_{~sWtI(zH0$f#z%oeQa| zP`ATYjM&;l)%+X{7=N1kv*vzW!77tg@tSk)EGZW~1U%HzqFYKNCQ%xKC{d;N&{7n$ z`U>|_kYM(Ct*b~UU`WGfYK>iUkR>3RFFFv8J zz6znj0Fi7?ta5HByNW*Qi zOk0n;{!4c zW@*gGH+ssxj?W|ux@wcTPG1;AA_K8PhEYxT@-F1qT;x0 zul@_7q9~T%J#Sekg6KYIYe$SKLChT~=eto5n+i{;8X=;vw_vdMvc0_yGPgHIVLIJZ zv?@B0tAHfk*eSeal;-Ndf(Z>QL(HW_7Uayt)@n`qSGSip*T0b7#o+SnVsLpgZngTo z%idXUP42Ua&3%^Du^TT3sKR$#U5zaP9kq3I#0=cw`84bDs0zg>u1jqiJ@ce3 z3xBN%eO*I?;B@CPX?0J`UBs)EhN~&5x*}&G(R+KN@U-%+S|6oWy+OAOV9TzbYcJDF zxHxUK7Ih^!Wt%qH8);zAXhQce%s^HAvf;$pbeFC*O|DxuHK!ju1b#|GvYPVJ!Rfz`d19qD7H|NRW_;984EVxJ$psRfF5}>VdaF`SL-zO1 z>7&>?kb=SFz=X6q_oYtZoW)dyr#`9-f)VqW5Hw!70j`P7S+Oq;oE@wSZNb3IS31RP zOZ6=jFU`yhb#72au2i2TcRbv_ZrwOrOGxEf&JL^eSqu>bwXU z0_Tfy%7bS_U|(`1A2J)^ag*C3VvlAhWgoZ|EMpaLOZsFngpna@%LEdY`MSuS{B1!a zIs^NXB|=-L7&eM&MZ+Mk;#p!gK5WKwd__)FNa1Ai?pUzMU$@iUxr4<7EJt>(Y;`fW3MHm~j&c8^;t3R)a%2@FYZA>D z_p_a~1V~)Z6jR`NEO@{-nN#RQrz*FazD%XHID3z(=ioIwAi>opf3i%*F#f}pk+3{aiUkDu0+|YK!c1{8-l(@=W zidh*dm+Por3UZV*C3OXi?3>8~RmlDzR~zyV==S?32l6cE!5+T4_zRYDP#bpt7~4fY z*?(@j6w2)WMW>B3<3B%;=T(CqQURIb6A+ez2*#acqsqIj)@X2j+aT9@iO8&dwRCNy zhUv~vTdje4a9ABtZX<4HpKKTFPX`ecJ2u+wFawTF$*os)?Mug|dDc&K`!CFbpCGE}+HfX>w9jz>0Cgiphv^H)Jtc;h}d3LHuI90OX)VWkIJm##@>78Z0mi22|tLSp$e6d zdo`gSY?0_<1$M|<$!%FTDHB(#9rjsw)@>80`H5;axSnuD52U!ly#OS0BXC)q=`>02GjMvwfPx+E{)em+{lB4kWkoKT}LghjAj4RC6`666pG1vh?A;%4aOB zX8VTCKg;V)APXHvwS(&FRT?5B=7AXCr-RRFq|5@X(sdt`V+ z#@?LyX~@VoM={>_dSn|e5wOR}ZEmW0f z`ilvZ{Nx#=26M8Y^war)$83P*22@8$u$K@ldK81 z50XdVT5cg#Dd~9$IXOB$aw@=BVICD4F+(Xhlh41A_rEjL(}`&BcnzjjcV*&F-%Ka z)>fyVKyR-u-;lq_|BQRrZF14;_ipjm-sKs&=?#DGUA9_1;l2S(#v)r}Ri~veFEF8! zTF`7#ix`qxh_*@TlFT8p7hgLWw&~OzmIFTW*e83+kiCa#_SpxzSV|i2C1sJ$@Q4Ky z7!93DV$`NuN^H8bJpjFYpk@hgFgLf!Vq-34bLvh_5Kbmb$SK*&{Jm$q#+}q5d*=5& z{m52VLpG0&7sBIZ-)02r9v>KIVx2o=4}a{llNLTqpqnT1nSxrrzKbE3t?r|vkJYRS`Wr4P1oZzd=!C0Q+ zXWeIzS`H&UtY_LfJr?N8+_RZUfoNTrGReiMRtlWFd|BfCoKXv8gd6nP!OnI>r34cS zIneI-%!{3kn(?)pf-9-LE@FoEu|*08)FEEC)%vkFlJ{8s8!w0ii(#c;cexLwUbG@U zPbW#H%uQRCKRGABx06;?@{3i*h-=$-d|87szJS>P;k z3Y^`TJ5-ep+r!XdiQ`fCWFiURvyh>G>*e5Q^7ldSymxuFnP^@ob>~Y+Jw@geJefO+f=EjTM77qZWl%FXdfQIMVp>tZQB9lQW&w6I)dIL~D!KoIjwz?Gz zb5$Ks>t~atQ@J=(Eo%W2>p^z?EtJUo_9$f&2BZw_v9(1(LH2?DKXL|wXu3OB@K@w zRw&1S4q9e7o+cQ~u;G}fk{Z1oo)1T(;pJew*+Fl170Y9P3UxBHwC>1U7)TH*4K7@6v?7|C?KlDm|RgyZf&DXyCuta3+m|tBS}Ht=T>VxynNFeU0n}0 zXKcdZY#_?(5{G*jeuunGNxWcaRO%#Z{T<3~Dd4A(e#~YVtIEH-e~mtTQ>Qddz{CL@>xA3X#8~%J z$}2i)seUz9-y2zZBYX8UEzet}5p)*&w0XtSTvhS%MQUEQw9#pf#u+K z@1X6}@qx{U(!M$`1)nt&>fqktHthvGOH?XoJ+9W}Kp8z<&Qe`$SYyb|2Vh+L1WQ11 zoxhW665Oj0GnFD#@-PAE#gz=4-|~`>k30_j$H2#B&8`V*THX%SVh#sm0u^0{uZM#( z@@jB?^>eE=^caT2oCnOCCoB>P3!*l;GI{a)s`QOp->hS#n~r{emsQBIK2h$)uM6}$wLz#>(3xokN(I+2GYBkGu9B$~-7FJuhT40J6_qoi|ih}i>+Qifa2*7$S0 zyur|9rawS;tOD#K~!RVU(6XK-s17PWKW1t0iWP1MAV8=D_LU7U zOEarF6WX~%7eX-MYyyp=c>=?>SAjIKeCF~8W4!b^rxh_JiP{W((#P;t=dJb}g0^+(oN5cs9{P{YKST*$KeL zQ;CMv%x1=Mx%ZlV?o=ssjZSf<<6OJ^%_K+aKf5A9D@>i%|pr12PI z=^#0PB}!=lJ+d#c*c%(o*$7eHJJ1>UCa@k_8mV6hQ(j`hP{vSog3PLbEh4bFvGUVm zEm>tml8+q6%bbScx@~}}4eKRdq3+!FK5(3H{l26l8xP+R6U7| z>owHEg2%sn(E|^*TchN}ua%r?>HeaU#{i>O!3XsdxEeL{qA?NgJ;;7q%y~5T(DZXSParZ`a$@E|mO2w#t!vB~eT`s}bQaligMC|VFBm*#p-H2|qGZkz zh%!T`j?-3a&ru{#)5xa_P!TI9p|-P#ZMk&W8is9)pFW}(j~uJCWe0oRdiC(-dUbeS z174=MuF+G!8l1lw-d?oH>+9ZSf6ykwo8I{^=rnVF`@aVludZ&d-)wY{%5}|6q6*|z zlKTc%CRt^o3`+b8Cs63kry#O@j}ryqxaPCMZ25k1TwUFWV@Yi?8&zjt~GYDOzO6 z_?}3aN3nkNAO)H#hi0^hIB_J^(F1wEB2Y_}CX>)THuWu96NoGYW_FkP2$ZOm1 z=B@nm{QTT3B*WKac=`J3`eJaVnhdYW=xRJ3qDTN?Tjy8fF}Zr(mXn_K zE_!bUjh;)#%Hc^2^KC%%- z^6~kAidCC`R0$K4RN1%Iv_+*sy(zM-E8Exy49l~LoYhN^M;3;dQN4++v)=CYW^jGc zyZoiGIKvI&39`q5wlN z@s;&xH1T^zF9VzK_yF!$$2Zi8Omv;nBOPx^X4*vsSeYa5smmH;i{rfEgUT>{>u3B^<(%V_tz;ZWzRB+4F6lWrQ`NgsyOkw;##FXvh=B``G(ePK zk|qpXibXn+uTtfQi1zYDejc02UFBbrJRxFw#%`GDJYC7njr?>;V+>+9ur6sP+#MWH@jjGTNWRL9 zBD<0+;ovxz@-Z*rbg+T5{)K4d(7efrtC@oMBArg*3eUOIWowq8EQ+R+2};u&_(5gI zQV!j{$mH0vFsh3*^OVZ@`cYRzTH=KaxEf#YwsT=Y>}$q9syz0q=qz8Iy{r_a;I!4+ zWgfF#I=YfcS?eT^|zY@IylIOUDT&7v$ElS5NTg~dBzSlN>(=yew8_oNWl+ z7bfm(tj#+;FKLtG@4h`!h93B}=OudwZK4u1D{!13G;7t}a@wldi*C#*q3YjVrwa-92*2lerS|aH3H^!d$PYY)>I&L{rma0S+u&U- z&rln)ttNpNEP?L{`T(^rTCKkypSVyYROkGyijRbaeF1ix=?k(a}-%-{a>;FOQGDIDYox`N^|yPF|e6 z_~J$R~GK3j%-1+2V&8p5K7Am*4kW@=N%sD!O> zzTgj=@?VgBx?DO86ms>1JoU+l-ovNPG|P}C^6KvbLVbYlj3qP(g~BKcv0x8S`oVaR zsl2gE95A&}a-rcH6Xd!;O2OF59Z%RhCVIs$22^Fr9&xBVmZybJ7P| zT+pR4M@On2PL@mrYPwfKCyCGE*4N}jtqZyo$7y8TbDQ)&#w=jdG#sD9`k+(Mf!aD>ItIW3IDv$=`HM4WW8^F~fYSGnVL_sy^1(!!7Dk zzx6eFVfU!Kuz9Ld10^w?P6JPVxSmMzP>f;*(xV6xCR!~*z9#>;TC!+752guu);&J{ z@BMj_EXC>Jq0c?hh?sr{hu33=G(+SKmXQBF!3ho#AvHC1d$OUY-m>hM#?H<{IJQgP% z+=_8GX4FsS3=j$UA&U+nLLoVvu|&Q?JMyMTn186qeQ2>Q!$F?2vsWkN__%xAJ?Wm< zSsx!CyTN1u@N4JPLw|D8@o7RQpv5T;rTLh5uVPTlxZ7v8ZZVH97U1I{Ia(mWoKlaG{r>sz z07~n)2j2>Rs#}-*!c$BO3rTg|sB0?3Bai*A+|_q?cceuKA>1P&p9K;5-hj}#y*~ee zbW-wtDp(xR1^YqwXq|LPAKny%${9d}-G{KGCG{9yLzWA#1^2WCK-}HkX<#Du*wF)j zZwCH>n0BpaT{4Em8u0iFPaPOqG&2bc@1GRR1s0`8QOiXe(7j3b5G7qmOKo+6`{W0k&|~4-hqh$F7iF1 z3LkZx1%lLe!zo$ulsu}^LpqK1GQV8~*&qER4%*Nf65bo#lt_3?XRL#>d0{H#BNAz- z6%3=F(Be+*_xctHBDg_^4Vlc9DOMVJnq^tvs=IAoC1@Wftq2}m4h*#k37B)IrXtX9A*TAO`N1l zVvE;dM;n-;vjAT}pufJ$x1dldKYaFqnVS-rce?BXPY#6UPmq&>8)Tiq+j4QL7DiIh zpPcA^{)F^KqqA2nP2DfaNsbyd0(HMQ`8q+Pa_a~$4weZ3DE=9?G<kX&&H6R47K`H3mQ53Z1}Mi<>y|9a578IarY z;F{bFE=E_^z3X4dP4CtDU_9#evnV|Tc5om{nu~6f6CD2c09a% zL(Z?>ydIv9hkqx>FQ0w;oSY3_53a8VXMbtbbv)=_U7nGb&#fyIqMTJzK$bM9Q7qK$ zWY3yb)UjwzBaiu}j6+wB^IFTLP7EjL5(4&U9zTE6cf2lRCubPIcye}ASVMk%_UfeD zLU{a%WHvmq`zGPIQr}DJzPs#Q4CD&xb&ch2`3r9TugSH_7ka0ua!0J6jbuZHC8Nc{ zM6bRYU7Wq@W=62n-Pth!5<5^3h7dTRd6NdZt7Q+22tXT!2q0uD`{s~6N;qH6zJX%+ zf<~yMRE3@;2#OmTg`m8K3(tVlmL$-MF2WWebQ%1F1 zB~+(y)k|DY&6U!L)riREJ3@C#R!eqDu9ozlDQgiT63O_^%qTJE$whu@~2~)k`_t^Q|>4x7yH`pWgI(RZsC{y@%yqNi@ zlUq-U-r(I?@22;vHy*qj{d{&xzW;@%G3gELj@J_64}}hLPnPv?1w=xwMuW@Y*}MMv zaBz9^Zg_S|_P)Owp7qJ_EH4-e*#Cfw7X~a!I)VSgUdbrqLH~MiV@A>-t{)Fcq{bW% z#^d4Dr5$Y&%qC&Vj!&Km9zr%}ypXfa`&UCy~R=6IV4ae_Bz47?x ztLrnpy?Csby!tM4wm@zJWR~Aud|dho6)-^d7-UvHyYA3VZC6~rS3Ui32Z70~;GS;n zY~s=$W|znwLWF-~E4ZMXewdKA6C_efqtU8kDMN@qxm9x(XDDtg>`@I*V>jTSa5+qvmE0eDj9 zydYrX6EWwH_-;|C(lnVv4|0dyyYB^$?vVGjerpl3C!2`9Q}P?|)4enfkGmf}nE#n? zRMWjvviG6p2ifw!+GezqosRZwr=vaJ!Dub{|9>H8k&ANARyygCq^vfehCy_%Un**G z>^`-Xd4M6w6O4hdG;wz`@Fg{#99*6hrG3X6$Czx*dB_ccswrpR>7n!hzzHQUfBC$L zo&dE3UlQicIq5`>w(9hIa~Y72YD6TGhQQ75?}CtEbyV6`&&=I<`1Sh@7#r!IE0z0q$9-LIuTO7xbPHRrrr( zaFrMYvq%R8Kn_*rlfKi$Mt1M_dk6La$fw&s?p#g$UCyeI(b8u$^H`2XnVJBo;zCFQ zn@1b+^zrzdB%FsLUyoEhMX^9{W?E2HztJ;McubLguPb>^htSM-f`!wLA_pW9fY^Wd zE%&V)pyB}}XV;V8e+&EZ;h2WYIkhjNAq-yeGIHkW1iGPEG7lTcugCE1Df#VR>Zp+p znHZ(EBxk>uS!S?7In?g=fZ$LdAh-R2GUN%!IeVu9LyvZnP;|UZLyO^;$fuRgFbRcb z9SKJ*l4=FMK?OAVM2`rUe zg+SMSwwdNs=jvqu?tGG?OwpcR!LF4kS8N}EGo4OIcgcM=;&IX@f)}`;nDaFB_0s_S zjM2j`WMnuJ+Wc?RG%F>3m;9{ruQRgbe%sh>FzfohCjjW<-&?Nr=MHQL6i?W8wTldaTnBe~nCbbhm$a$Bit zBjvVHvrW`(J#i0Zc96!SW?#6w=u7iXP?sl6b9*s1ZVg6BIF*k}KSDnQ&2%NlQl3F* z0`C|?ssZ*Iwd#WZ#XEGs=!yrgtM6{$rF-^C4X?K}r`nXa^4<5Y5eq+-FSb-L)E62< zSTHR&D_O08rndqbP;O_uJ+zKOw(e*zU$B-SKCWYqeEQs8jNP=nj&%(Du+GOB0g~+V zCB|MKI9U5Ct4p@O!UhY#M1*|^M51OidJ-wLIO;#^Nn#QOG;%NPwp?R6?vl*eGoNRD zTC&<^tuRp)zu?YS!r2`zn^GvI3(6RH9R9MyE?d87 zn>BcIy6+#qWaus#M2QYTQf&=KVURHcuR|L&TYXa6#pexbJgv0W)r?*{`U0r1cIs?9 ztDrofl_pCinuJs5xRQ0P7ZZ`!p%!-FkFj&Zp)t!$?OdHdxLs}}Ea!np>_D9o!nKI; zbs|GIAF=Xx$@q9%rzD3z6`aI$@QgfnNGHid7U{w|6A|!@2?RNQ^9sDZ0-d2k*O17L zh_PI7WG2>g22+#(FZ65@-#kYF{#_VR?tmZ9UiHaY96Yc%%c+%)(C5)tj+;XuN+479 zvhY5TP_{|PB5dPTmCa z(glWeAy-g8POcgCe~yEMUC?ONA|SI$gz@{O{Eh4#E~4a6!n|iKOLbI}3;sJ3ESieX zL9S>jTuL1#i=}$|%16T~IsWFPd;CrJsC%NEexTwToH^q(ohMMi)LYFn6Aq5cYH!C7 zq*rWf#BBlD%6Z%+SFsVWY0Q*Gz#LHQ;jbdP2s}bVx%*UdYAaV%!DMFB0OiRK={V%( zsTc<9x0`D~`)E?UM(g%oC85^tIba!$H=fsIYc<$C+L=u?kQXo$i4hJm+tD062w`P9 z?3c$Y<*%pptpFqu>7-*?v{n46+B%_dSiX zAH7p0a^HC=d}(L~<4B;v67JL#0qM?XOJ<8CWF-vJ=Svjw3)HAamI-HIPHU}H>OQ%AJ>J1(FBcku z!am(~|7`7be-(MG;b9zu2X)=;|4Vj@SSh>uhA-VU-Es>Zbptx#BnNtl zMeU)SP^@Qw%328hPwX}Voe~+Bc)baZrldPKfA9RHo%4?jSg1^3D9|BD~XzE!aS1M1C7R#0j4!R-Q4uslX( z4@qLKIFovdKp!7Uis3)nmIhY4~%?Q{l6_6r@}GWwySIl)s>9?1}$_0<(Z)N>sCkAf&+Gq9~VeINk~PPLyremGFK zopR+wxG>SC8!+sInj;cjGBW;Sdb}m|?j>P@NF$|51v;ZTQQCOR=^m36DnnwYT2YZX zD=F<}&LYAZ-^FVvxdR@qDDtE?n;qj5yxSH_aHUdnWSIDO-Q(lq?(xxa_xRayt5fj< zem+lnTi_Py=;+1zS4M^ypW>zQAHZlO2OBE^$~6kf&1U>Q(W}M%UMT718d3(h(zK58 zymCH+#AtPK9c5-%$VTAg2>>&!+C4CBo#_=io2@bDA~_}B`%F1hnP%D{Ly|-CFm=#q zJY&g7{!QSTZaM1cAVLSsfj?tTQU4Ld+n$nZhJ?m}?Dwajs7vNCPiJ#E9zS*LtSSuO zG2>_><7KIh5o4#A6uVE!@zGI>kjEhOJsSHOkV_sh+@-HGF+aN_w$a(Hp|)-J$0xV4 z=@zY^8&TZ#`(*&5$VXn~t)igGGF@_hF`#w0W(%G$au#4o&UgiAu$b(_1P5Awq1}N& zD2$oPpJk1?$6ext(;#qiVcM`H=+>Tu=2a!HK1Zv3XDndKMk)EE9~dU779R{W@P&CK zf}wvnI<$drY7>;Umfz@BNfMrt<8OiJifx@pSvw(j-JcLNYd=uYX5Cb-{+A?Vj4t=$fabsK|LClBJk__0aX9Eik)Gb0dW!qdps@~MGK%V1XL10IQ}2q=r5c5Jgy zb3>P5pgI<-W-><^qjJF8&@{-!7_o3g)Z1IX5>#$hmDP(bG0!E`2w_ZBXg2{BhB~cQ zhrHGvD&Rz7lGHe+48B}xzmj5Dc@!*{D!r4c4(LRjRb$x&uciJ5!~kC2%5nLuH;PFx zkQW(TC&cQ>RI{xA3L!L#xT;cTP4+nj3B$Y<0L30GzDjkXqO2D3n$g=jcwlW}Mj}dU zuXK|_>vt8eig?t4Lw!3uLuZF2BwS2Pdkp^cbWLA59r#x7xpR0SPyHpmH))g}G|~2s zyGPxly^IT|n^jSGo+gA`^tW6jXF-hbqfwa7g6I^Lm-$x1QNQAwOO`zH_`c%X(eSM5 z8y+X3>E zdZym_xo#_=0#~mpkS}>8C$m8m9$zd+F$cAY9TG#{4iz~~>+>K=Kd1wrp8|&O!BZO= zr%UB*LqnjV*qn?NM9h#-Y5pwep3X4nAoCbK(%A2fhUPQSiJb+p`CwV9vM}FbMk?l; zPaOYkLY8p=A#JC`kz(PpS2_oMll$_)W(>b>U^t42Aw~Z*keP>$EVNaEJ)NM=CfNH@ z`NAwHB#lykP56fc9jj?HsBqgmL4j@J&6#(fwT~L53V=U`?TdByooGT=ig^+qOE(Xp zO14LplTo@XK-_J$K9auiBLku6BQdN^{yw@TAISw<@OVW&wmyj`&+{+2EYgb~8?}Ff0Bq_pSXIbYD zEgag!3(|?F8kxgFx^P$racEw@hnkM!Fku4T1PzCnP-JY|kC3y&-~nrRaz!asBU7cf0XSWUc*ugG zyu6kDSzmL|*7X8cDTmu@F>!Qk$l*Oe1fHWgB=NC50a}vpb*mqWNI&nAH(;W^)3V$5 zM%RC+MISgaAc0L{{wP=sr7$GFQqozC2!k4Mo+g;_xMZ5s?{&bnJL85k=pnRi|27KB zB!?SLQvD4Uy)cK}-Jmw__&S+E-7IRD%pPB+@l5S?<1t_=71msVj^!MVTie{5#T}7s zicgN0sOC9llF9lMvju-(g6La03%L#P z0U>kL(=bLn8krIt7u+wvXul;3?t@4l2o*b~_blj}y19-jBqu*%K6~0-e!UG*-1KhR zUQ)A9?g}ZK?w(8?kGdh5C6gLp`@OXwW`ND)9N7j?7fe4AuarAL*-#%{hI+;qG>8a< z5ojCn+2!~Eb^>?cQz)Hq@^qS}3(-}U{hQUYuroep!rxJ+ zdZ%TayEeJ&;}Q=?cTh>{ZiqqocVriQ2kJg3@vQV@N#K~W(W867`n|a`$d-}>RWnG) zz#C#8O8;Wf$>4#ZM4%kE6&*Ew4|WAvAx^vk$blOk??kCfIGseNb>0NK09n7r>o?+> zGBUr%{xpEsZqmBCQ@_XFHBi@X;2NlZmwj!ZZo0W^5E$FN?e2OW?G(`W3o)|sBkoPL z0jNJpK2jn0?Eu(<(|UF%mnqDf?AcENS$4OUK?eJB3Mn=++fX^{eLBzzThd{zMKCvK zw41@~f=ZXmf%a-E;jI}P%;0N9O+DPHoIrqr`l71+f zEOq34&nJ0^av;3tlMNt97eEZffnmAw8jKtSx30N6M}~AEVrL{E$9q08V3dOJejyzE z3-kS0HeY4|CiJoM9x^gPyiCdauXNsJ8iwdze&-H1N+Dk;xV?cG6o#&CplYX)yW#Yb zC!?4NRy@AtfG8K$Qi;vECsk&lT)Bfg+54WY?m(|~r}7=$ZNWNAfwF$Hq!K91N7O)X z^O4;B+ZNyBUmdrGFk6lj4)N z8H`F;^Cy+Mpr^t}(}W9;O36XTz~7mn2iA@FEsuj=<;e}ni2DGu?4}BVZ7g$Sbi=!W zei201N|dk|T&T2KPzT;*Op1&gf^NH8Vz9Y_t_FJgp#*yR;nP9?Vu#S9OMmZy#dOAQ zlOR+s2o{wabo!^*1l;CQ+m7%D78~2&lhFG1=!tkKHx2Eap1oet`LFQx*3hQQSxkM_ z(P3;I9aQ>6B#c*O*JMeBO(eSBGPTH<9Y!J6RPHIcGCG&0anjrXy^rMX`6mN@0e+Un z17g9)7Ei*!BJ%7_uzOVW3TIbBGpgM!gu&veY^n~2!h#gg*xiBvE<0QiDcO%yI`dC> zINY@9Ok~k{adfo!l=ytI^HPbFi`?E{#dPDH^A@3%N;J< z`^6_cUOz5`HezS7*j(At0E16MD{V7 zTz-83;rc9|@_3;VB=U)hw@^`ckUsiIcj%h)pwfN|a@+-)Z~kPeLLdnijHgK!gKDB< zMhXKwk=+I1X;MT(^{hl<^XF_84$8y&W*##!=b^8Z>v~>~!&?old)Sl-n~WLp;3|AY z1U`eDRmN*uVLqh+yqrtX+46l}g^-*pjaeR{pXV$h6nwW~e+%PBj!4LEqU}14sSNHb zk{?kmoH`z};6bvcbXmDr&z_E((tw)}YArgY2fJhna;NK7*J$FO0`Bijnm)vNN$0+mHq7k7OJw zK=sG54q4FZ%|m5J@za@uN}wvW2bDqf$?QKRK$RMR%7FT02A>k3N-aKRKz%X`PYF<7 z8pkY3#@?JQ=v@s^*rIldodKo9^bzObIQSKahC$l_l`M;gSO`T0?Ug~R0NVD!UjoyD zesJL-nWuhpm^55lS|myUOCO}jMSTalkL30zlE9~pLEBzOUrwy^>)Sr{=FBdjCe}Hl zA|cnzV^I>W$gN;L*+0L&Js_U!(1?ye!lT_0(E+$OV_Le`0AJrK(B!4wVAs7oI@$qn zB=-1uZPq49C*y>zzo%_-u(r0rv&p{gU**SY)VK*v7F_Dkt zoXOGl+1~3)bdba^!k8ENBVl&;gHSAchN==>04d70j z|Ah%HW>I1id%4nNj(j`Yc;(ZFo>TJ%5r zNX~Nbsn&JFle^<@*E5z1C}Jk)Low1&t)`wGTU9IL3?w^QO9LARy=9Jxj2YB_TJ|PTI!o=st#&;o^R$AmQo-BYoh+L&=&68} z$G?0e;HGVTXg)D$)$k=rnWq0Exe2g*Qz&mq&0cd5dZ+*~i77uJunYR3H)CCq&?NAB zLa9=-0byl#du)mc!FKYP zum(uV^49G#t8k?mwbJagiwA8Pl-fqRsqMNJ(4&**Pd9&Npv~E*H!@9Eg8EeZ^Ey}^ z+HPcdUI*|ljLTV%6QjW1<>t+)xOYzKQowh#pNp_R!3$Lsr%7=Xe@Ado(d^hTWO8@i?Jkv`d+tT&C9I|TP^DVv3 zn{3Z*z03>2#ic$!Rn9&|ai%!Slf8Y4Afjn8|9Oe&vo2k$h0mYR4of`$iMI7BII||u z&k+n)fTYy!`MC|AwH52`ES}ak2daUZ(&W0*N+o@^aN?)}OkXqwVMLx-%VSFSS0~@Ca0=7F1nbd=f-H6yPZ-6)$YI$Fih@ zkZi=Dvb{dF7L$DKJ&D6u<>>O{hwJzrI{iHw% zZF9B+0u@K|DRu;u_HiA7SE+MM&b9L^dI@IFsxG5k0IKoMY68s`uD#9td7*ri&chOw~=B^xe$+nVxGcf-kKDk?ar>{ZpKgdJ3L?BQO@&!(EopqgW z#7dsbNpj%qnw8jafC4Y6jssW+P+#6#=mPWm#!UCl5OHafj$~mQ)~MQ1?Y7jQSc7 z$f{&(V0K$ALJ&!}GN!6+;S}I(>#Cc&zG|T;=+~-tush1M#)R`YE;pAA7Pla{qDWSB1N`wI$Gv;A9q24{=ONPP#M%5Vt$U&f2rl^6l z9dCzFpn;rmFNFefkgC4*HTlP_smv(J(GPj*lM%f~b-$satugla_-G0>s`(G))(n|H z1Fu#VAF}9hJpSeF-@kna8qE)fk1X`~f*sy_@6@mF{0V*MOLi1YufDZ@1lr-xY;ySa=4Ny#`?bFKoqh_nbb`s^ z9TdBKx1{%n*MsvxZ#=lXx*3eS3xB&gj*gCwzIpKi{yjQ6%Kv-v?B(+>j-S1Fe)8;_ zlNTp1zBoGm=H%r!Uy!3+BU|>9$~*OoqbJXmNABO`=S%V`X7nC1;m@HAW2<$^$wYtX z=?}joKhJ6Ml^_v&Y_&RAO+Zy=od&T;2=fDd!^u-x&F17_uY(UbRm9|SKW- zP|G5bQWgj|6}19$bps!uEG&3QF3HK!@pt4S`Qfh*$KB&&_*iFUQT7y)v#*fykVdjD zbdao%m?LYFHj<{1ZFv}rv4f;EL!x|Ja8qC~prNXQ!l$+M4&^#qSq#f!|0#(5DTr+> zi2dF?_mA|m=KlX@N<*Y=z$2($xWyc6?*HSHlidA(a`fWm$)ETC=lIDi@M(+StNaqG znD42R#r%%kCa^0yOM1Vjo1JCKw#!T3^sxFi**Xv+W%43EC3{ET9m?xaeyjs8PRZW! z$%XtRVevwolD(g382A`X7_peDKXi_{DLK{~sS6AOFe!KgSPNRgh=!-8;R?cxFR7Vc{v+ zdjl<0{b)SheunRZ96qO#x2hu3)Qh>$5r|r&)s=kCi|4{!}~`Q~}tE}ft= ze8nx(FjQrMHd{x}j@j#sg4KastFL`yD`Y4Bmg#Y-3JBs#@~G`vL&3=U4~J@cJLu%9G75Vfa zWp`-PC2kR7qC$4gtehZ_r|~DV1MG-@av`!SF61oJ6B*AY%d=}Z;oaL z!N4Lk;=X8uM$V&=83c%kj!+?|erG~M8hP#$t#S(li$$7Ht8J>=8>GpJe%gtADnHol zMDOJ2*6fXSM|n_sjFVcgn9qKw*Ob{^i<>#%8{+l*2oN>cHkKjEo@c5X+D9v8hiw+O zP{g+Z847)hgvhFrF2xvH5+QnjT z)klreC6_!=&h+3A14Wgc_J!`5>7F)EHwI$VUu)iu9;ylBLLQgK_2*B2=a{kc?zkB+5s{G$7Gy>{3UfnkHEi zsd%2zXO8FDLc4%IFi4D?!mgHD`P)5nvT}J^OfHfp;!7^ci!$fI7+cAm`NAF>;YM!G z$0hjbDj=Ix8C42Xe3U&ITPPi}8H&)Qh$MWx37RGcW(`g-$X1A{G9;U!raBdo zQ(tVmimKX)O7{5)7O}dn$);;d1eOfQ);xinxMgcz-h6Wk)lU2b(%2kAP2Q5GafuL= zh9Sv+S;Q%`d6za}(N@5db*jc*_()e3TE^mcwx632sX|9t(ZY^#$sXLB!tJcSY5_An z)m(L>Cvc{Ht&ZJE!L-ebS2!G+&D<7P1L5O^cXEsrv{C6Dz#-cJ@>A#NSax)&fK~@HCQBT48c{Ue*OXv z7ZVlaPfk7!i}xod#UsZY|HrH)$-0W5=zClB*=NfqKW(&8b%Hlr$;g z6l_qoXsh?8Q<$g$dKdIV9cmR{7tva{4R?)FzNAqDyh;ill_+J~kX=&V zsa&^i9I_Lv4V6IjrFG!{$@s^93Gyc#zUCIpT}sR%l`TqCpyl<%wmSS+1*`!I*Q#8YnyiRHWrOlP zo-0GP9q?F8tO@kkvIhF9208nDX`!;MfG?CAYqF2%10!i^MY57D)ueGws@Sa9*;aVx zOPMth_yx-qIV+L(YuXe=r)E{twvig3xR-UZYIL&vKtSWNLsk5)UhT6{EwfLe5XvF8 z%sHKAQOke3Rw1-4ewD&Qxw_!f|Jj((#KtWtJ3#fb;-G{HngoE*F+W?U%%EjKqXGKjT)fj^xq02 zTU@S*W-m?VYcZ;Av>v01GIrZASQb6l7zI3<16SFC>eupK3w@h7L zUe4jIU#(l=FRN8A*(TP7Ph;I5-DZ2$9GC5j+jX;ZRBRto8lj9oSdwEa!eG}eXj9g) z33;}uruS3|>3Swl*hg-)mQARoe6X7Aq^Flj{C##(u3F3%)M>bvc2b$~X*3GTTy37l zq^gQKmeX;Vt!egII90Ze+V8N*YRX4$M5WKbvvy0Xr!ubU(v{8V_BpuMA8dCu;${_e z`V4$*chqtsHC*+26J?faS^Cz1@IjC07?48KEIn$&NKJvyCHD=uEGGMJN4R`4td6PK0NIc~vbeS;=LS->gRZUp*#uqNy3~@pJ9N|K@>8H&RZz5v zPhLgWA|cjPCS9`FV^LD`%C4bHvSHQJO{qj$WkIDC@p*-p9S&RltlT(SuXKi;MC(<+ zUK6xeL}$C$JvUyWKx|U85iMQS{8*y(nk~5qlFYr5BP~tl>O88J5QLS6VM#?501rn} z>A#1WtlkX({2N)E|gQPB_TW@M9ZB{7`mW$4L z!MPqVw~%fSGP8-bU932jJ1Rlc?!(AX`&`?(3ZA%w-JMq?mbggA9e8_WJVHyNAl zf?&FfN;z;%b>8AY*>fom+IEgIjiaZtcE}Pg1V*-=O}fY-?^pb5%*&Cy>!s z@r@00CFEV@p&uF7$Gc-A8}hFsk1>CWi;)U##(^3qDad6ZSOd*l{zyU|%_Kk*mOL^R z5k|ea4kV1S;rq?A1mv>-tbs!}%TKsToOwQq{AOJgxkP?Jqg6HpTu!NW{RVje@=^X< zPOhee`&(j$*dZ?wZqKYFqzt4@U-{KhMVh;IonUP_KUD6r8bhyMAp6)!b`l zUB+ute5N{~X>5`@lBEeub3eANgJ{Z&jonXe+eaEl#kTIJwk=e6EjG@4Y+FMe*kbF< z$F?<8i!HWRAG?V*D|BYBdYQz2CcmEkcyk?DeeS@WD9ds{*C@#>9#2<}nc{af2TxPA zLHUoLEhLOC4bl@vy}rrdFy=6^e_roG$fR^{~wbX=F=sH zsb~33LRHIB`R0@9Y&KolPf`&HJ$?mLu!Uy*BB`1_pV*YJ>*b_RQfeJ-)ShKT0xxWV7t7Axd`7 zuT8PD4N>wVY(^9}$Z8EP*)Xb#6gyADMUL=9gxv6|H3(IOR#hb1*#@Ef2%F);J}jA+ zFdwtbsM6{Uk<)#(NTcej*5X^;baTwB$7)W49i?C%ZOJ zTc@Q+IFuH`to~#cJg|r?oy9A?PZknJ31a3#Ez&yYB9zyMJ}s(5kG3|T`S?hQVkKwVup@vZVThv7=JjY_gel!I#!hXqQat{bEPV>HT6o zQ~L2@3?(af!jRrC{&0NAp+Vi2DIvp?wo5rB{*76VOQ0vS8=%g=JC`Y;$kVsXCuA%k zpQ*j#@ksEHz2@2RcXYsa(Vee0XmdFjffz2H7(Ag3+I_8KFNWOj6z++aZ`4V#jzQ zj-q^qrl^+qGH+Lyu%uTBzS^4^tAPcdrAnc#J{E{gDiUr|OncK(g_-ti>9pK=;liCF zzj2AeY=^bzC!eZd;ZCWrMdiJGm$j6bHm$>FX`#9ZU6p>B6iVuW3rNi1*vL;LsYZOq zCuED-jrlHX$s_&rWY0|r^*@b2=kfm^%%Jn6_=FsKLF0SP zp20UjklRSIhz6-Ce|Juur_+BFtN!B8pFiSHFj;i`3GGa%=qzLIAF5SbuqYAT6&_G3(yy#qu7<)7s8vj@F45tLZ@UJgzWV2(3{gZ5r?W(=eT>) zJwEOxvtOZu^1eGI_&Iz=!+?rYf@8X~$lXU7Y`zAwN&`p>&8q>_agTYx^yeC& z-+Leb`Lo?mf&XVu_F-TC`NVr*4gWtndGRvG|Gzmpe(@*&{~SMb8E6M@@^IYB$d%(c zl>%ZP@>-=aq{Vs5!X=9Z*&p}c9<=V+>XFCtz0@InzF4r>3uxHtkn>;>B+PGh&`U8{ zwK{mEKnYdR%3d-_5QZ!^aD4T{Ur)L(yGLKO@)ybPO|AdDpLORS;!vI_2(CN-&tHC% zKmR9x%735d2f`_(;Ac*x#}|iu$s*<2+wu5f!K02m$D&0@LTBPG7of(VvTCMkdGK!g!GJb}5 z<5SW(&VGKzLY6QM!`__p`wqNona}(^Xv;<7L#t+Ov6Y_hq}8IaH$NqNfb-se4kKE3 z{u8!XhBRT~@Ex5_gD6N=-DJ5LFQ`BN&t5)z@jQF}PmW)_{PX;OmY?5#>yX2*TY7ED zT;1*Ip77>f^TpSDS|x>U|5F}@{87#eF$JK^ z_rla?KA}lVwwSOPMi=m@0s6EhNv2xj42WY_&ay}Lq1a_teFM_7`W~;+y#vzu*S}i- z_y4rM-ocL?1QP_xR~`ur-KiIIAut|c88U*$x(&qh<}{iy`K3t6gdr$oL45`ZQdyM5 zs+J(M#-NFi`Pw_Mt9qPqa(Q(_7Tm{@Ng4_WorVdGBZVi-z1#yC|p4a(g_w}j?;+nh%9NG1YR0a+;XBdp@RAH8-)k+ zNt}jEbcrq$#Un;|OeP%jFuSu~EB)tL8VAvA?9G{^&v4}VDt-b`?Lfvh(UYB%f6TujnC&^Nr9vt5DpMfP7^EP_v%AY(~{3+R=C1gKjQFguqa&+L3_3&%*I)z&=NZ7);kR~hQ ztTeflyv5{FrVlg-r9=SxSI;-6;%{t~LvODM56FH#_yCq!9_<;*H`vUZj;;1S?w}lr zU{*v-9z^(4$x;r&Jbnt!dk3~RtiQU6_9VO53FfsZcFJ(v5VcAs*$}rTJgRz*I_wNP zJ1JdD=MU#sWO?d1ELbw<$s|pP&rwcM z%>w5XHDrPt?`wBui(IpoZ)UnuheL(5s+GRYfRAm2K-YB545-Az&4*JRV^Kvz19e z$P0<7C_)aU-6<53LMnPg=a5{2+=%pwreYSG5`SDzy>{G309sF>dH;LpnE3fKUzheO zeU&3qOT$7gkhv$~e5Qw!NyM|4<_q|X_{2B8R6o!eKvnnox1Cp8z^t;po$4oiM8=u@ zaI4tBHZhFWS$|>OrLXjCUa5)9V#%^4UpCRwW2~p~mnEg{Za4x^Edgz8=~7eYi3PO3 z^XB0$HDgM7Z|u&r|JGac@hrOhcTq%Lfmbh(nLk>gF6*u}th&I?b&Vp}2lw06CS2EJ zJ%M)AuogBT88l>X54gpa^@yk0rh4YJPuN!FXh ztc_+#s$c@Ron&z*sp3`=#Vw_Yg_6YWWr*8I4<7;Jn&90NC^y1y1!5JLt_GQliFTur zp}`rKh|uxH9V=jLyRKUR@q+snQ%8`wm_czgy`G2WT^!2fJ zD5jLhof^9Nhltq%rQo8wWR44saDVR9xAh;5pq96mnMhf`#(%e4_6X7>S?>KSETlN; ziI7=Lr|i@E1zrC01-bH4YI`6?9 zSX5N3=f)k=za=&=bzt4LzoNINu!4o2tlO>T&eN`EVfQ@iMzXYY+Rb0ya)ynbvj)7q z^)Y{HZ^CkC!Y!wK3%|l`d#-UYJaQPt$93*@bVr|=F3Vvoa)ulJZH#gH&jN2&P2H_4 zyVP!t2~Cva%SD8HfcX0X?UiA;+1&5|!nXk71ze;-Bx^5|$=Zz)&@#g^?1b}8^X#0j zmzj6lcQsnAWDsulWS4BX3(*4GmJU#XK$E4cpg~@;bZRro)`5OA@YjNWy{=Mk7p?&R zGTU$&7aD+lIeae^TZY)jR`uzP zc=s{;&tuG6I@5Z&_|Lv;{U!cxasOYFqubv8Uv~e$yWQLEmhb=fy1j?{|DWThRYfhg z!}aaeul|4cx-;+m@q-H*N(FST#X^S)&&hF2Xo%UvOgTMIOR?14ub$f`H2Uyf3&%7L zH$|FXJ=Tw}In}&7^yZ3_+MEGK*$9D<)Lqe6Y8Tu$-sn7B#J{(T`0hrV`n!2P2vAP( zY2k7=lva21Kjk)t%(D^l=1Vbxjut>>$4slD3YBK2+SvS3ez()>eC?MrQTaL(m0z_b zmKUsrw8DCgkW`RJ4FH2oJ)C<>*W+D^9QtWI*P9>>Dzx&0XT+h`m7DhpJr!Iis9C&6 z3l&A0BsyUa#*~2><`R;_#v*PjM$TU|OwWj^e12qB=aRG0h`;U=f6QW~p5z5zbkX@f z`SmxQj!0`vqgfQ4IJM8G^z}0qkF!ai>}^{OFk)0P)$B5z#er$C)6)&~qzf;5TeklL zF-`6|#`fNVF}mjKK#x#-i_?QUc%xZ#!Lo))Y%iNccXz=gzFstkZ{g*&h-OoE5K%t8 z)F8BMKN2A&A4cp94qP2+G?N)iN3tExV>;zQ+njBn`fZq&0&*@h7H2Q>Io#vejXUM$-|KcBjtr zw1Ds|+O*Zk&|f)KLjjoT*b53SkV$09(lO>vk-@~sS&EC=Gv#q6YV42niV{B*ncpIQ z$KUWgFu#J61%`qQZ=EsAjx#p(J+HyoNz;@9%!rsd3tw#Uw1du1BZS#2 zsr0mZ?vpP zGio#!F3EQ>kACnsN>TTP6cAr*E3idY#EgYHd|)KfKxszN z9K@TOlxG=>wb(mHiS~0)GQEgqI#zU;I3F}ayV;n9ruG$xtl87mC+B>!02%FBt!QDd z4YO*5G$Xpyfd4v=L-v|szviys~$x)$CeAr5Wv0#8@&Vsq;8hfV|1{Qk~#OIGKu3ytZpZh>px?9MUxO z2WS~H?iARGoqT23974ld+LY!^SjsbnJ-7#89&hETif!^@tr7=fnuwUiD4bIpt!Q1f zb5GkX^xRB5s*`0<2?Vo52{j>RnI>id_!0VhI^Xr|F$>$nIV`KDBd8k@2dqOb(Ugb=@R;3LBe;^BwUt$)xOH@SnIHq-IJ*3S z!ltTFAgYF4*!0_Z;gcYBNJ}V5xvP5_Jp?ecXJ!lv-BizT9e^iDaSC+AjLmrs|R{ z+TuLulbJ|5HT1xVhxA<+xL>qOuz$M!)wHBZ(yv6wA!W4o1U=zQBpZahCI6g>jJew4KW}%Agr;+W^?2OIng&(dmV3=jsdm@Zgbc7?2liFv!G;WW&wTrwWhoEHr4Uia(@#~? z#AU+JS>N;8_2;zzdtxVKWdTlql?oQ=Lbh_bHcKqv*C`ckZ8=p15?0Ws!5=K)fTmv zc*AQnVu2C?*Zut{@>|6BTX0cJaX2kal7L(fdX+_{4^ z-Yn~o;}LWk)xn!>Xm6F>s0Dffjo=>H3M*-;CC5sdsvQAPZ^%50COYZ3m}SW<>)ifk z*`IPzt8L1xE8sFn7lY{K!e0?&hX}Iu&CGl);y4J^*jT|ZKv@pJ(n4@O*sgZN45e>F z7xgnJrL^uI?8e95M9U+4Qa0L85{&N&SrUo4I$-@Wf3S@$%+&h!ZWWw_Zhmeu>ya~j z?iZUKANGkq8jkkpw|n8vx4rI8utkT#9^D=WyCL0UJKqFh>6@31YQLra#VuVbjCwpH#(fcX_$l{p*nkDojT zDxvAaY0OHWxZI2Q7O%UHHbs(c^5Jw-H{6ubG^1nr58I~qX!Dw;=J^)~v&5tm<&N_PCA(H9=$3T?vy7@nP;SazYvymAvVIc|`Sz8A1^GjSmHh7#fcP5=6%jMz zf;WBhG5LuCbfKkC!JjL^h*>6i$V`MFR2V4a^LIkY)+bad^~SDvV+EC`Hb9{CXI|(f z200XLkCH(#0un%k~7mB)srJq6Erw8tkB`= zRJRvSwM>haonpRq#Zh+LS=I26>b!O~Y}~>>N}(Vop>*?}R55I0+3=O6SDM{<@w@Kg z3w*A+?A?!9wo5%Wnun|`)oE}$JZ&^pEVop|V;;Zm@OYduDJ$j*cuVx#TAKx_w^>{| zk^k7IVO&tt)OaNF9*K^W5hF6t;}tDVsB;=mhYbQ56c$kW1mx&N%060@XpA6~_~uvgGfa)8nopHyo9bxAm#yw;O7Ya5H5$DbH9t zQ&b@9lg%aVlT^H(w}&E}wlB_pxNG2dE)qe5rU8$^KMaD8ME8>w8JqL^SQ6^d> z9KCr%ieLBR&Bsf z%PTy#;r`G(cZ?4f7ojf<1TUOV?;L|vp3?mmjz7!yke4Wl`o6o-w7lL%{j|3?n&!Q; zQQeV3z|x2JWc8>I%mB7Xd@Ox-Ki5B>P|5OZNivxDCYDIwrqO>n*GhcfxdKy;sj0me z1%tR5aT6QB69^hH8L(olDfeh93Cqmal^6M~7JTDGfYc0Lqo$Ye*CeN?L16O=Df0}} z!GR6uP@fM>bm9rbHS!Gm$kJIHm{?9A0f{31IU&$0rn&yiV{cHMQRlHjU2sJ^eNd$z z>;A(Qp~RPB%5Ek!Q&M^;rasvL+E0Uwr8-@QLKCG_K|U66BPMt!8_b0UhX8_{kEK!5 z<%ITj_Xtp6XLJwm#w=9Q5v@uKvk4&vO)ctkJ~TG3W`GzJ(~}NrLdOR7IrgT<+)omd zOvG=dTX!K_r9j6;;ZPPT3xtCZ@K)UFL$bT$5S>Q$n1A;%BnMh-KF;ZZG4Q0!0e0lu zPLM5%IT&aI!i+BUk0K0yPz}x1w(I3Y4pwOYa&`zGSZMS~Z+Dyc^{}U3Rv`^uY}|oB z+Htjpo|$W*i!i1*PL@w2@8mYol8>B@3q99w!U{93|FGD3brV1OoMtPcM+@`)$8A zq^^bo<`l2O1?|e3xnRq%zz^>gCi9UKX+&e^K7x%uju-PwZyCQNgZlY@1kVilm}ez^ z2_aYa#xIHHmml8WhGW{LE##WE)#{wnep1Ih7c{Sd)Gvf|Bas}->Bq5BORU$8*Rs(kz)Xssw{Rk!_%leKOkY&DXZkCV4nBT9D{xt5c!kC3`n zpmcu`!3(R$RHd(mB+5n#bH$+#@005w7i99Ag$qTZh5LPgWf?L`tTm*A+R20f`p1! zPZg8V$4aj$k07LCr1#Fi(aIuF6A(3uLQNmk<;Gt1+hPLmJ4iUg8IQvI7i=t67M_~J zl3H>oxA+*LC%F!6gOFzQ?B&6ym5M&RUuLmtqGNfVX42)!tzwC4?EOAuB?FQlo%o?< z*Kg5Z@2@3%H6M7b5Jvnu)Yqa`5wrc;)cl`H>{?3NisKfiS}c5a8}d~Pfh);Gw;`=A zJlTYp`2f0}TGPBr@Lc+?4DEFbDt(fpn!BTEUcVu4Ps5Pxl6Cbz#c9{iYNK}e=kD=O z>Fb8A#(kEvVL=3}&a1SWmYtl@6bTRDvx6e-`t9&X`Yj+?6CLkFyc+ z|C>U)8lsyswDN441kj57*;q=W#tzun_QQKGUgEDS7zSM#r1jzb-JNnD-Vat-O6Tza zJYe@K#p-a>dw12XDv~v?woxc+{-i8gt@_<+7Ov*+>up_~l@7IDl>8W>5WS@LCKd+Q zi-f*{$hSbCTP}Jvqi{v|T1D1c(A}3IZT%IbqeW+OuSTjrL8w|T0 zHD58`GSBZf#E7PLYki16`Qv-fpr;~E@EV_{#AwHQYDs#R;Hv$=}ke1 zhX3jMxdgp?Kix(m9<$W^q5Iw|^$pSA=Vy<6? zh(!$2D<~?A?c1gN3gb+-HnkD*D~KjsujxwSqqwTW=>cKlbz=b)aX#Fr4*SS~T6$RISy^jDs8HxW;2M*;0VIu{6)UyIx?X)__Wg`RW?7B5vR}CPR%z|}xJz#uctWXF z4Tq>1e?gO+(pANdz3tUxh3&27T)wxpf|sn@{bHS6i^yBuwC+KdaORy$p@rP1^_PR{ zsCPLVER=L>jQ0L0GjWaNdMhh&Z+E*axGxh^SMPtjw*N(f>FRy&)b_p5A-sC$yT#7k zAa?9D=i%!)7ih!(`9)Z=uu}4aEa;NdOjLGM%d+X9EKymf>1 zD{=Ww9)l$U)cr|sg{{qbd4oQ5FC&`s%SWrxiSA`2OB5XIZX<=ff0?qj$5kM}$|jqS z2_cqruas%x7Wp4^Nxs`>fLN0MVQ+VDx19fBXS?^1|KW4|-r$vVUDxt186X_6xKj=Y zH|!z~Nys7wf0%yDxgheQo{jk+`kvR-l{X+WgvpQWl>Q-={18rE-@aE@mhCQSB5)pz zXmlcSHbfJpnG%gS)%lADGMGRq5xpp-`AD!^_JQ2!#G4^gq>RM@w-u+`+N7*UFKAgS^A~6eJCG=`@N@G4^GOMnxjlK7YNLUO?Mx3<+F`bII4V<{&?Q}c6 zwo_d@H5p*@?QmDVdPjsLvnXo2AM@cf5Yx?7`!M@;Cc+CA%u=4s&qTz7IXQRERIL|) z6G6ekFs=Cx!-0lk7Kg^ngbB7#GfZf}6w85&y=t2=?>ojslS@IS49eJW=|WXGItgvb zZ5fCJK~dME(U*l`6#F*7WM+^;d@g2q)S;T@NTg_OqN5CwraN=NHADUiW7e-O7Ia1h z#3_?m%7cuB?L;O}J!r^Stl$<+{Ucnk-9$)WJ{PmJx;tFD+s9>f+?M*%Bj8Vf6e${H zasGJ`@(!HsxrkW%2_Wr$0EH0`FvALwEK`(AnziQnY0jVQAJ`l>=-jY5N=zJA5r;6V zNeBfPu?`cYD%13lS?Xx0i-TMVy?Vu7XDn7IE;o~uwe?aq^V6i^l*e3VIMk+O*$f07 zc-xT*`(=>wB+EBHNyRnS=uD+l^bd@Tus@KeF5%aimKI6@o2r9EbGp#hwBpZIUykdyuAM;B-N2S?=HJD;qb z>zb#fH~ER@2&RYty6cii%5v8;I?E;^<$oZ(xcUY%{uS1(dZ}IQ z!nLNe$Z&?X8uiCi%o5orzxw`fo?(>wh}2V4dD^_ZX6X=KD30&9Z0+wB@evnw%i?OE z@Hj+C8lM%sf+?Ef?G`W=SGah=)Pumdz7|i*4+k z2VR?Gk@UO^SnS;KVVQ#cNW;x!Y+;artQL(Q2cd2Vp>0F76Rc0Rw;DcNMbk$bVjR642UdfH_L zGKQf5y~PwjYR;v0w4}Ou-XWrG>7Ajn{R(>HW*Pozttp)$l|0y=WfNoeeYDPki6H(H z^@2QF7YU1{j3CmLv?uH}>1}QF8=m{*E%==GcF0>ovXrz#^40&0zuKsr&4n(3o7;6T zo4e7n0+FUnCIX~Wy(`sKWlTC0`+;QrHA$9*fxd!MmkrlL>YWH%833EoT-IZ+LG+3b zdWi=b#o=OhNf}JguxRV`fn`*~z$iE9vaHr*3&a5mf!Gdo;FUg7(*ZukZ=4LYd;~pI z=2XdNX?DWN=-$-CoR<^DgZ?Jd;9PH!m~!LY^j|vYs@t>ISxWOlpXftVs-|z1<4Pc^ z+NaV$w(H6wmw&8VqwCIO0riQWV_;zl8k=tG>|d~x&|&GuScTdY!)dFhQEBfKmZ@8A z2h{eO@1XE&Zdw@9ESPLwcRf_Z|5FS-*KDvT{=6>JRO#G`9(U)=AK6_gODmMhIVketo7%q(^*=+(P<&dX+^2U6b z*GnybtT_cL3$}~K(;*~D`8AK&n1#gy#iO9%X&lYf`kwNL$+^tfwAv256lbQRBN@<0 zSDC8x*bEI#@Br(j2_5o?XWW(W)Gtg$Qhd@T`_G=`FlKGwg>``utJKw$O~EJ@lG-*v)&;{$O7bu*Kk+J8sFlcW>SlB4#%I)j!=-3NOIl z65x#yf%;3DWpr%q*Th8`gSso=NX`aKFNhS+6(ZLN^JUy1WU5-8Q6*__X47QT4!Bv+ z*~N59%G{A#4gRCqz(%giKdNYci)F29^IX&d z)YGMabU?mV@Rx{hXrVSU!oQyy6KY<>vhqnsu`3IY9i^q^MeI6`9wRVD4CbL5$8K8s zigav3*$TUe-xyYE#%Wv2h~<&xB^0}{r&-;5hgo)eWZC5GvT$@w=@&%VH##e{|7~Sw zh4!7-I4iKCIcWV*4O8DEl=_pfv)o6aTjn0pkM>c3PYROMOqD?I7~!4p3zWuiSZ{%+ z;kGUh?Z@ywfy?8|HvOa6O|l!21BW@%ERtl%)UE|04msw$d$7{~O-)`8R{Af?O0UVi zW2J8>*;N18gL&}JHxIgJ@n9bOmoN{S-8EL<5hIh#eu)ojRuEGk}-aCY7t=86U?*A}(RL}m4l zinT9~j?ijp9>r6P&(T3SZ{84-6yx1HxcF%zblkw5rnsFYlToZNpT|OtCVVG1C@X_gtlh{j=^HMH$sx1DcWVzB@X7O5WO|rb!abNqa=v-W#W^dtFlDmKbvwN?Vf4bmY+C_g%V>i)S3JY|vm(qQRP7Rl2Y_&Xd^eAV&c7f&a*!*3#% z8Vnt?IF*#N#SH0*)BU@5ohvpcy{(;ZZ1a@;leAy&ZhcGIF}opcB~eP!R_*G)Zp+#5 zcj9jzoP6&ffvl3Z`UfmXuRH!EBt zt>gi~Q5(|$;N}0~y??KA@823n?!|o85rb3CII!J) z0S7{}TN(WhR7!AyYtO@A(MAtY_yb=j-ik*Ip%ql+u?GVqgv{wQx|6S0%?`5=&~!Xg zE5AoaZ(GwN<89HoKg&yLa1HB=ZF+@;p6XjyVhN4edo*|fEqVQW>h zR+DwAY?~@trU;>7SbTl()9KGA#SdN_9$&ut`TY3usPO!7|KQc>%cJx2Mr>8%k z9Gw>)T^wEhczjrX^rH0W`>x^U9>I(p9;eXo$( zz0SYgFib-t#$|aJ3(j85jAFlDFDc|3I&LcyztCw^`J!k{__M{^hu@OlE%ZN~KlZlS z-RePDGl*bul&bG<56kw_)naogJ+TN7d zUx47IXfmXGc513goDudLJ zqMQ&+QjY&7q$VFZ#E+Q@2YF=!_%HBy$YKs~$WmU(Os<~RWgb`0F}Zx9hP6`=;cuGd zzCOcuO^?e;7(B{EMx%167uB)@$KbTY^N@X*>=mdY8pm#W?$O@_>yNsnWbc_T;;B^9s0|V%Yde#^J(crcW)be z(G#;VjJDgi8ZYH+3Scmc19wB6YOzkE z$W2sV@F$mvj5_W-l3I0cNQ@yaB}BRtT-%7_`syKL$UQ@N#-@2WMF<*)$!oCn;1n=r zC{kBU-l72>z77SG0K$;!5|XIeckoEIh{A>{gtu%zIHn{5?B6=1K}!N^3N5T$;-s~* z-F*&x$**gvRmnPZz$G|Su4`17do#uW;B;?aRzi0V%eN&a7Ga9*YB`d?Sc{MZH((i- zm>pOFO%#SewO4G{-OvbwbqGo*V)|XcB=m5&Y52!7obn!QPpkZHVgJ!e&wc0r-|BAf zRO~-H+Yk1i&+^kcxTe0K{ols?wMCZW>bH7HImCY~J zqjW7WcRI=j<4dF2rPuj-f!XEFs`XF))ql(Ae`ms?DIdooWp^H93H{&N-Q6qF|L)hl z-tGha{~W(Haz?X^r7?uT;6Y6Q1mlT8!v@&E0uk(V^(VkXJ);gR$@Nh*G4LFRRM$mk}vOU3VAaNSl4 zwcPZQgtiscmYd!z=9zi?XPTpWGW7>n`0x7X{H;y=54-L35h{Qn%k z%LzE=oQx+C4_GW&NM>=!Fwg6LLW2n-z0Q_-+wlq)x@v#=t7rJdqV`6H=ykSQa-Vf*Gg6U#AU6M^ws6hQK z3R7H?Py{m_7g(5=NGlTyL^4m|9SKI_lYVo-Rg+?4%dN^;X)u^Wk zt{7J7gcGGAGWlC*rU&ehr#gdiGD{O7nap?99=JIpU-#m}QY2aD8~CZXVQEXTAQoh5 z5e(tt~lGgvz160foVoSFJ! zTvkEt0>TA+$d6Knv;;D9=-NtCEI@!RP*AdXfcO8+0i&Hxy&ldou!h2IR;+*^#VET` z;HBde0ui#7#XacAg!@5*mcf5iaWLVxk}UG6pF**e>eOjG$7kp?0arvSrew;L+Q$QG z5F|@!EOT8OaBt^eXO12IjwLMQ=~)62|@Midt8Qm;V7S}Owq z5^;CRLQb*RN51TzMS4{s3O6FXf*AuHQjnIT0FTWwECS%x>1BbcO|L1BK$Fbbl?IlU zqNWM}(HA|O6Kd&#p>DCrc#s!?vKIw7Y%9$&#anFUH8oq^#X6Ld!f;?N^V(S2_`VPI zM)_+3H83{vT{vVZzef33ZHV;C5TM4W-vhmR-4pJCtzKo^016dDHHL!zR7{apsiEMw z6fS6|m?Z`*Q@EvS_YU zj4RlFGL=C9%SsGO)Xa+`<)96jg@d6}%7GghnGGM$N*@YTTaqc1`9IKk|D^mc@v$hy__H zVji@hE*Omfj&4%*T@1pUx}XqLiB!^xm9^YWZ#iV700qu&t9=W(3}#Xq z?>nCYz0_jl&p`2V*2G?$O(?E4zc~}jga1ft%7``W9B2z3(6)0xXH*g0zrpFOv)2Jjz)df+yo4K#Fj!{DE1J$xsRamNOBKt+=n}49m*asgSY_8>W^4nWR{Xe?#fHh~CH<&(u;QHby3(>v8{_%h!s~6{+GP z0*Brwn7GuccHU2rAI{t?%bbU;hK!lRSNRQEf&R-ayG(PMKh}AvtL2O4M%Heonjkp4F>1aHTVuk+GVunjY#KDGPYQ znIc-Q=xen@^{XtD0)HrL68``;YQ`KoW1`_E7p0XR1p(w>)JYWxrDDos1t+LIN@sXQ z;w(t3KG9rxU=9#1s6%YIV@pGKOOeHp zDY>cT2onIJS&nXcZD@k1nNOLd79}^No~93&Tqr=GO;`#UrZb^2F3obrMYIH8UTAUC z!VMFs2IsF8KXugp$?4_s!I6(qTHr>f(u|=*Zue57gIx{@sKJ!V&cb;)UFCP8Q$|D3 zF>|0}wcBcLGP>KZi5gG_TnH?owaUIa-PG@J?Y;uA(Tqfl$_%cA=iTT}a%_b-U)eX) zq-Ku!UgtYhfGW9g4*zh8c>%~=ye=A`2p{EiMzPFs&H=0ai?mhUWol$S$I7L3gPL6$ zl`sVah-at;Lz3I(E!&`BsQ#TQeaD4Jrx!DIy+f;DLJN0a@~{9psfo%ALl%d#sS#TX z5Mu}n>VM`q%QOu(*cdTrRF6zxts+CFqflmL_`{89@>|qyQLa^h*b2sa6aY$wFXt#! zCwd+3ltt>)+qF_|jRc>Y_G(;4*p1^W5~G^gv~si=fwDMnP(@tpoJA$*PYvx@^YRH) zyj2A*Y^Cl%Oi`4Ek_0(XcQlofCQvw#T~KzkCjfQTTndyO@*<9ylyGS5brSJ_EAVzQ*4V)v<1EF+*2GWe>D$zJ)2>5f2A)t}5 z*DP>IJP=;HAt@Wv6#YtN-9!5V_B!O!2q03IxiE6HjYkKO+wlmQvIBU%jD~Jmdg(|s zvSmvc=s!hDGz?>71GHwwt=#IQ)l_?Va0Kh2QpCX0;YepP6H}Vbu?Rv;LMDTh5A{)4 zrGt-o)jn&m$()eO2x{_0Gwio zsauQ{td$>_#(kMjbzRMs(O^ag07 zp;lM~7n&rgNK&rEb6D_*%)nL(@Rw6u$6kuoMk!}g&{Yh%<`O8o6alwtG7@#|X9a7l z>u9Yivj}_NbjUNirRt++98-hLJLFh#UR`!x%>(<01&P4enN65T=Z>kxc(O8)X0FK~ zX5)yDSsbv9mi2bG3Z`6Z`B@6@>nJEd#U4Jys`YAe<5Wm#{T61(jL;yH;2p2W52T(2 z_90R-G)ES37+6~b;ArWTj*B*Y^|c8J$b$nQm^U}F@i^e25^T|xpadAS>2eyGP7Q_5 zFX7S@eddabTV4$}v`UID?B>kUm>E9du|7g3s-)d8*iWb9e0>nn5=V|V#LC>-EdoYd z{a6vwoQ%SJLDI>+C^<#XEkzC(Xq&LonfM6lvqE^pci5Ye-J6h&SRCRP6A^_qrgNH3 zff5Ng&Y>7r1ZYvr1}zTVH`AQBRZ{xGG%70V>?fBntRm6V7EhTF{zFacH7TA!mycgXso zh`+M&0uGLv&i{RbfVK{5s;|IGz}*F+EB{enfU8`KA-p@# zNF{gbuA_nMzh@8DtbS@foPwYir~HCVa>;$|LFN z%c!^tYZFs)qftupWchi9Y^`fXN<)XmPZ>p{bs+_|J{M=3&r$|#O7e`U!C`~oBBdh! zV@T+qV$*Xw*tuqG-eYpIPufcTw@KUzW)e-ftxi@ z8RsUB1PuvCdE%+9>dE3Po!6F#M3?wrFaR-tB`gkE9GJ|kCM&9*lV>DhUErus{QoY4 ziBHznOt6cZxDzP+>&gD}qu+8bOfU`mIA7HZ_(FaiMRY8GGfjVeasKQ#94Nnt`@g!K zUZ>mDvN#mM>=Qd7Yj^9zEkPPV`cnq>)X*#sbd}dhMDtJ=TO`>m_Cm)FV3kc>V0Zw@ zP-YauGjtHQf*fO2(8X2J6fp||Cgo@rMe|OvPZLh7dezGr6b=m&r$MTmLAUd|^LpTh z;OZ05oxV^)W4`WuC7{rQ7OLUfg4~2@w?xQ7j8)Zv<=}U8QfhNajMWJ+8v21OYZgh+ zEa+gk_G~MG`9@I#Gpf#cjwj(%zqTXQb&pBTZC{Q}KB3^;G8j=@TdBVy1p+-Xm~eKD zVtfnx2c=69>_HW9;B=r|iPpqSXBgrR<=pifcU~Pp=0o>XHN8S-O)`h6#zuKXNk~&w zkIE!TtPhpN zYnIN@*OZC8CRiX+&3}+2AGnubfB@ShI>q}j7*E7Aj(^@N4JqOIjX55Zfs?N!&w4-T zkbMXyip_SRQZG$OcWXoW@Lnf|*LE=@zv2dsKy19xqW9O52%mpVYbX2Wm>vXGZZPtcU-)`;Pzj*^g$ z{|ITzt5=>)S#Q!mloHh!l0ei?L=QSc>x{QF$%A((@+}2(9msOh>~G5rVQ@>&)Ri(& z2=U>4Q{sq~vhLF)!RnVjGBCIBr>&3bJTpSiAsq5WFk#_L2{n1Pa;OkAWEt%g>lx8B z$P4y~1gmiM$#EWkQLa%A$*ZQ}-cI33k_3A@5i2~C+uv@z)-{rJ2a3k_abOzk^m4ycDpKv$Ib@>si$U3W0+NaVm%Mx9Fxsk@& zw}xUZnq>xn+H^w8C%=qIm>v*I zY`tTYq)pVOTkNvgW!tuGyUVuCF59+kb=kJnWmlK&Jo(NyGwb}AUzty?T#5BW?1;Vh zeP4lYhTND`LRYPH;{r>-Yw(tzL#OE!jfW)$pU@wr0+skv7TuO=0f`t~Pam`57H2>% zi$pfIa$BBE@fScfEiThZ0AxOlt(eNn;@Gu}BD^I}IQq{Is;fb0@l_JQX#hYl7x2&r z*wxr~AvX^ETk-??HpvOT)kgTsWDz9(*ZvJ_CW_3DGMpO^6}b(JYygvzBllU(p_7pQ zsc>`y-I*(2eL*P#PVxkj5RKRY_yiogH#V=7(Q$&R&2Q@4D|OJ2?M*#H$WJOa_xmyP{?Oo*fIbSlZ=oxeZ=d47qw`9Zrr#BIW)Nyyi+mL=3^2*J!spt@*+2G? zdhI+l&x@5~g7tBBSA!O__Tln0yNWB$vb8)!)LrOOxqCWX~6kB=q#J*cOIIzw5SQK}XwrS-S|T(QJxgql=AJAWk6t6>Ud8lK(O3Xpa2vRfKz zXbFe zR~kqCRl>R9vevNUd%5In(hX~spee@&k!}zqwZjzMlORn$Z}p81!(T8N?N`L>1XCKC z$x6N8N;_fWc<3Fkxa)wL`*wW&zXYm+-2g5%diih0;cW%6(f5ih<{6enC~o>e>y1y5Ksk zfk`=3i_Wt8L@#<4J2Z#%?TEn-{$m{ZfF5IvJJ-RN)iu;3j7=+>%zY!OVZ6A+G{u z_@HKf1(gQa@^-&_BsMo6g>%PjR~(}4dw3J%#vlCwDbAoeSeu!L=~-NgL-MB0!lpfNG}%JBIn=dkimvoN9s201 zZvJ0#^c>Xm)a%!^f`8R0*(W0$N!cfglVT<-HyUU^vis_>;CN|st@sl^v7N(DLVZX* z2cAd{)QNt`u03E*Mnud>jAn=QjXVhys#N+dc6^$&XDPW-!qM#=fZ3>Dr6&Zk3-sTkS zkl8XN14^ccvG|tkXg!5>yyS;ST=r9y6wIo3G)(#byuInFc4e$ZZQ&1Tjh5*;LM=9U zOwbN1!c9qu8QbepoRvfIE>i;2kIs34o@`7{%0Gy1G(`7KTyYRu*6^QKh7YQQbHr&a zdyTM_>h+_?38L&dP^r;{JCwId6@txA%-MFNX4*d&Bb1s=b3`g>sVy8~h>PCc|G3bg zIxj`3wJ|+*u!u&glXVQsq+h(Hd^4zU_VOSZYX_-tc>2OZ>qU~x9?*L|@ zp#)#6$Wx**Nu5VdI?*jeI^17HqWu3Rflb`DnCQ#4@%VySSnxlEHjH%*x0cwp)%6(LE?RkHUA{(Ce80_J^^DgDL0A59XKHps= z;Aj&a{+F3Kh03fx_8NSDRLUHN1eLm_pdvv31WCdCbylsto(bk*aE8=id9%f^oSHYD z_gTWq{|%hP^Y4^wMj|DORax+yy5g8(-j+jtGu<(02Rg}xCxO5Sjs{|82i(4nGY6gc$AUoS7k;|?ghV>Lh1 z%r}q{uCYeFa2nSl_ne+hF~d<<;acNi1UM_T9$18s>j>hBn-&_~xPKXlEm?roM`ha= z-lq%XMqA8b42JVSPKR(mxW-zH8wlxhGOH%?_wseBxG`zL#)G3a5fxP`K$i%H=O8E_ zfdw<{WMsqhI0jqneVkPj4D;dihnvH4bk&ce!-ao#R4r8?uG)&)BnIL#2lc|X4~jf~ zfoPo?N9>p|PbF;_hgC8w-u1Y`ubp3KGV;_+PP!tpQ?-oFqjjrR-qqUb+ocn^ zMBqL;3+Ax`*Fo;pQEK48M!f@^?g{Xl5J2BDsZ|D$^VpRIBl($$u945ZyWabK6^7Q-aJ?+E6U2wRLWMd)c0*x z9xdk++%MmR-_-P7rRTa_vK>-7 zJ7Sk{n)4y6@D8Hah}UcphQAMVHgO9a4TVe*7@!+5e{Y-BuR`FI2*+Y(oj}i7(E^X} zZGd%|rAXi@(1zzmVg6Wxh{t$)$rta3dy#&uJX(|e|2avQS^pnSQq(K*{AmeNQ^sMe z;)UFZeSF8hhyXW;g88Bn>{Aa|Ilew1Hj{JzD|+xoK6@0}*RK_OQ7JhpCP`7*p!#9G- z(|?Vs+Cq6aek$~VP)S8WomAZt)p!1are0fh-JlFU^qeONMoZimjMI0?lzyrg9XN^{ z-wS&GkbJ$d$fS4)rsW{SX5^t*v;5P~N93!vY{8q?PH09KOI&Kk=D=PvdLp-g#kzmZ z_rpU-Cm!9;+N%n_YV}l)L~OGH4sf<4%o_=2Q-PHrzph6a7x9WQvQ(vdL+6L;2fh{se{I_m>ZAk4bWgRUXORVu1a*+dT@+tIZ~~-$Ko2fKmu647Lg*uNqJu#4pP!`h0qZ3y_fCHm#MU*!o2_CPtoQ2c)<0=ap`CT*BQu>d zc^&D-IEk?{i455LXEog#n)fcC26dI!?30M`HVq00>MR-(4XKc zaG-aLL`3}q0b^a|xuq%ai(#r>z1h7{;MeYtg zn!o0afHvc{B=y!q=LIoaH&&Bet-^7)g4NOHto&hPc|j}Ob-$Foqj;qK%Gko?Vu{#9+c5TD>Sh$ zSDv)w(rm&D!L$~~35iJ&Q8MHxbowR96dNTcNjgrp4v|wk$|+7_xsOB&iWB4>RPgea z!G{A13nsTjgHfNZCH26ut~<44QhUH?u?u--d$bdqt!M8!MXLAo@Ln2#A`ug+5d*mx z6#b4c7_?O4psHR&hLquR7Y!Nse<@q8nSuYCvK99ku3K9}$Ja6;?lFOfYq%$y(K)l$ ztQVO0A7x7dVuK!zolQCojwv)0osu7gCHg#NduQ6@b(f~Q9whwvT^J!+ck~c%N`yY2 zR*RIta~r(=L$3Q8?!I#uYu8cvJjjFZHcl|v1KrRG1z>4PI863f$@616h`|{?gQJ@3 z2YPXXAC9ZLd~j8d5p`Qh!E@MJ)`y)#>xn-v=R-U=9@^42dj3xr-}A=((wSe{N!6@j zscWZo6Kbbn7;fVze`}Bnfo9Px(|b8k?qN*Y>$8x3u}hsXhJS$$tV!92n5>x5%APbvkxf7e_FaBecWS7iFs}2mQGK;e0 z{}kTg?dV&OYy+^$-Ii7es)^|I^*~)Wcfb-8U9Z6F`QvHw0Td%*Jfp#vufMOCny3Gt zfZL15geK!^f9OreMbKd zPq*8pxASwe?S-dr^|aPoKqA{Sm9vvAPi%4PaXLL}3!$}!8~)^7YdoA8e<32n zJ?6+mB@nT&S#4uLeF9B2tl(e|!DRUi!N;mRt8Vu!X^TQ@Ak#N5hK*nmm}5R7^#3M~ zSmxmBBimdZ2*|EeCK6^s`D<@80R za-F(DWlfP{9bs?+&gCx0$zLGrkM}e;*O;BsHqlVUC6LVtOv|bLe~Un~RdF6rl7DvU zmGn2`2n7>GO9`>!L^cX+v@uL`P=zH7=!}K?_+$1Z57fH>g&6?ltv!b5t zTT8RksyJ{t3|IZjzI^MvH8y+pUGnj{GrPkW>wnB`2KWEV+_vQ=WU(Pu!UI=JY{WXT zxIWP<3mskmVG8)Xe?9*mI6i-4tk>7m$}54$!%Yl>)5*Uw(A%4E@EFg8j=gZCAR(BR zkHiZUog=kx&Bmj&?iC&IpfY!|G!>3H8H~n%FwjY0aTNMPiiaIW(0FGuBTJ#4jatJ$ma>`Hn%1)(e z3;vuoRf^^msGo3Kk#hH1(KcyCPv)l3u?#rQH8+qN&!Ms&hkt6~q97%}aFWR|g6R9g z#kFnwrN{TyVFWm^kXU|FcqVO z+^U@!W3?NWyUYzn3CCndW!#^3x|RZqrJ`2N1UHTH3`Zwbpz12?#J8xz9L^Tz3tG0p zo%aZ=YkN$;uq+wTPwr1_THm#Ih~6F7W%{NM@-UKc0*}bhv6dY~>~qG*GkK2n|I6cM zlBuTRot$qMC+6~N1g}+3ufrmm{Rx>7XEh1YYMwe_cXox-5YkzrvbS$$lZXx}6IT8; zzA}TnNzwo5YnN?p6{;Z5%6Fl@PMarWOa}E)cX$k34IuLQ+uhr2>rWFUAL4+@vlHC% zHjqz5Vti_AS`_9~3KtgQ9!mdfy(dR_)}kjF0ptZm$lM)uiifDI0Q+h^RweCg{9yLR zczwZwnW}`^`8pmeR4v+eSbkW=HFPI;R6kD(D!b-) z9PVD>mQ>o(kBVi=PY7G?7Y?Xv&@T9r)AC*Gxc`OMA@rFUuuoxc7JAR=J@1PR_?Lbm zw_i1wXg(mG98Nb+-c8J$OX_~^VgA!pe(iqfcYa`W>-~?v1o=@m6?4WkW-H0u%{Vr; z%$r5Za3w&a+P-~Vm08n|5gxUzW$#agr(4kvUSEKy{Z^3Zji_|jUq%QRO!#va#cBe= zoRtRyhVQXv&C~Mo^n#R6U+-(284^_#tLptB^v)p0=Z`-;9o9r;!fiXormV~-))(Z=+Yg8+f-*Po!v8dHp)Jg` zQdhosMQOYm1g9t>ltcJ*EC$4o0g>Lq1hurKnv>AZs)^4bJrq5)vHn9Y`Q4!jfj#*5 zX$f@XR|&pPf`|1SG}(qU1}7TOk7>9aI5ck)Vu7DU9;KaCG1B2&0`p&m##tS?;#0p&40u= zD45dwI!HR&uxsv-IMjbDN#WQ_?9Q1#$u8-zdfldc(0V%9Mg+>);3(p3&of%&T2+-o zv7qM-lBfV?(JeTaK&#DASR*U29s;9jmuZT_Kb{w$`h8F2Q+FNuh36}->a*Cm^xhu6 z+jp&)Sl}qNB}%g;O(P=bP0h(}waF*w?cNgLq*^_rn zUJWk)h0V&(avv6j9Xajwq>yy#pRuVHWn8plgWRoS=+|G#^s3W&!n+En6Y@*{>`_q} z9|##Wc||0zV0Wehi*Oujs*E2v^7L;Bc>SzkMNkKC78G>KjC8&3S^1FINfH%bU%9E} zML=V&!D)!Omr82i*=qaV2tfbdsPlPW^{G}2?Izdt$?n;nxo$tAf7}1CKi!(e^sOyZ=ThGij=TmWJ49A|NHOfoTnE72&xcxw})ye40VQjbz6KzXd^SWyD8SwLbvbP;B zEdCOYWwB$a-u`y1QEJF&`_nRL@8MG2;jraC)^e4)bzrYHR%!dqVSCn|-IM#yaOs~a zcsUThyBv$)6^w@S5D0&Yd{O6DMIBAde+1nOb7)>5x5QD`jHkqIXy-t`8$oZ`)x2?) zwuMum@DrgNddQqy?L=8(U0Ks(xq8FzFCr($G}&<6&^ukl`f1vAbJxa4=ihRMEnBO# zEk&v#`a=L*QKAM=bPm|v{Pyk|2l(_{ZSQ~sfP8;G`zxKXiUt8K&iC9|^Kz5Df>^%t ziG{6Hq zyn9f;Z=O311or?~Q2>fMJ9d@?$(CBoIgJQ&n@f&(Q=1qQUF4BArm!pj=coF6+D=vh z1Q@L_!1i`6%XdIe&r2X69~VHMmhNapE*8*V)pu0yjK7B#(+C0RGPtozzYFlG{{X%R z9I*E7_rE=R4l}x>eG!@TJz2BHuJsqVByIYCa#hB3ANT}F`cMH2S&Ey=5}ilw0YU`o zH-PX)TWmC;suu;ipj&>Cb(_4zI?jVU3m?F@@)|Fn0AMGeMd5cs1ptQo?;go_F{k1) zqrZ13ySxAP`&F(YhwuH6`FI`Yp*DKr4iaF29B@ZS)&VmScH?C;tQR;=F-@%S6MyYj z5Y=Dl!o4O8YWY*ISIMztIx>Ta8PwXX&x^#Xlj@l}&7+0=yEh>5k6duCT5>kG+PYdd z*0}X8tM{r)_vP#Y3IV@Mep&zDyo`^uWM4bErwlRb;z@RHX=P*_;$FMZEojc(0wuYeNI?$jyp`Sj?ztT0&c7_HX129!HsS+5u7d=1)speayJ> zKtS~Pa>7o<=?2}AF&dtpM>10S1kmu4`q|f0+p}Yk`wbBHCx45li2Q2)u(POMdJqXa zBFw`V^is&1CW|jL9;HL$QJsMVfk|v8{$b{YR(Lcloksp84=I;R3@}OFMB1dV@!*{+ zIk*!-Fj@>OeJo==*)ZkEkxsL=v8M!56b>op5Hb`hr?onNMmDa)hd-{kVw&NtTTAN4 z0{}^*e1`!IH^klNQ8UEeGSsnee|tDe0+!k_dN{a|m#AgI6-ehwi0qROgIVk4XB7ee zM84(}%b_fU@Gs5%o`!&jVYhE>yiaDUdv*+uw#KI<#^hwFHc&@2oR%5m(Y! zinR2-c0bf!)rZRvLMC&JY#gpDn`I+IFXr=fKNhk&{pLqA=j^EWr8g_j_Q8!?ZI{KX0P|4c%;$Y_ozm{3yS@D`oqfGod0o%-ky_S~ zPj*B_;4=OynG6B&%eE_*9^5M?|G2K*01u0i&`R6NOd~@}WBK<^{;YI=cy8kb8u-C= zlDQ+DJ1fPUxuI4zJH!$1_1uMhVqlKqYh}~BZ=q>h*MOF_^_S*NQaNottA5$!L)$3D zQH#p?*MnW9_|kZvV(CMnae5!PPU)I`wJD}}hIf%-oFpX)uWV+>rIJ)Rmx2@=j;9|_Vn|j9hx4y0T0n<_UroQ#5j#WK-uJbSmil5 z6#wJml`bHtp{ZI6_j5*{GC>E3*=?YvU-^1~10e^;Ikya8pGzS}K{^9H5+&kSgbD48 z%%Y1vXL4?~lK1kB%a>ZoNuc)26;wJ4mlk@i&n((vWFg4xW<1KKpIb^YVTO^~MQ3t& zz%J@UFB%+y)6VGXc`>GR&`W1P?2i-koqS06BFcP(RN@_a_))xnh}|43Bv&T`8!I zvefpyT#Rn9GIq-u-BF-pJolcIg#<>z-gZ^i&+EzJo0a%)i>W%KzIZ@w4d9sD{*FQDnMcdHb&@z`5N^C(CyKS-bfxQ8e`Cvn@3dsr;E3#FUKyhMsqUr#4GjC2fj z61fng+t>Ck5-yB=5yzAQ?cD#Hua6b|zgN9NHT#(o?YYOxo!)*+9QxcE&4a{hAl+)cB~*t0{!4G~U1 zw>czwuIp$rd(KYXgGfTzw#2QS^A5i{&`y4_q5a-A-|G_GJ-b}*NdiTG^d!Q0vBxAW zMG8FF5kkL+#Kt6X`$~z0nu@J*1LF?q8)W^#4j*srOwmQa@VYe$2MjH)4t|QLCF;!N zKzEh@b!Lsuy}GJ{VWdy%^(V_&ivWdRLL(7VSmy~TbOLL56Dou4c&Bbm2?Rvr^4?ttur~WdR$C@C9xy3Spqs7a>Z}%lTJAV&{&eW#+gh*6;_^! z6S54|JC+PhWy<=JUfs!5RSQIP#^Ub2Z2)I4XO-b>i@U=evg z7(equStusnJRc!2=xYle_-Cvdm7;I^$m4sVd{-P6h&l{gPMl(X0>S#Bag5;U3js+z z`k~yRR|kQ1_o@{UZirR5mQ1|1WI^Zektjp@#}uz#_FZwu@3w8N%+7Uu-SS<@?5Ea& z4hwa1`3j;tGvLbV8NF^3Apz6nTJh=bu7kX|PeNPrTQRz|xgs9#txuzxVB`oebeP=p zHKs7xM!wPW**9A=0!}!g$07KPlB&HfU+`}r(hCZKKxn-uM!)aA1yUIC$P)7?I)!fB znc#>;NqDNzc2!cTyZpSJb*J}l$U&p2QPC!<)lyNrKuyH7RjRYLw~Uh}+gj|t0ur=J zkJJepIlmiDH6z}ns4M=^+FMVdh-Ss{>yI<5wPje~Vc66Qm}0l8aSGOy*5x|UJ;@9Y zXBcH9wjbK{M+wfRaJwcjso* z`ih#;KA{}s@cs34;BqJdxoQdr_Xbyh!KiyX%l0CSWi0W@I zvYL}2QS42|1Qf4h;3YC?LjLp@caeGMWcJvYNSgvJSWp;uNtGCm8Ai}MHE-8LIorF% z7rLAr(td%;YhG5IzB7GEY3WMg(ges|L6lzN9nSZUs3bF8%k^gp_&zGyzrzS*E1l9F zv7ky-tx`Y@2zJA%Cl{eBKkOH~`wz7Ru(Q_V?3!!Tr<9?gEHLLTGzG#azVthRv=CwC z^nSYGTq{G804YJ%HOq`}HkZo#s@ei`?CJYfqYJIX-WXJW*8(Q>&V#v9ZDr^aSS9OY zkJKhGbn~wj6Qpx=DxpG2l2F*)2=e9wM2kOms)Bj*wJ_(_q{=DQUidyO3m8m%>nEG-e-;^ zK*K4izlNj}Ov3KWcpOuct5!I&gWw8BETSBn}7 zYBtqcJdE6`uZGa5&Tw-2{OWye{45YRr;h`_Niww&T7s@SX@mL49@@y@NSYBPO9?O*^@8M4XP0JKk5wZGFS9G|Gm zE5NA(=LH}@K{AjBxGAvBPQH2r@HA8WY=FR2#&;djOZk&I-jqqqa*enuWqC$z7_qDA60~ENH$`N^%++eF2G=wy+3VA{UhQOOI#u(Z+&>oAZ>yoPp-I z*viPS%oJC3cq$_O(G2e=l*JKRTih*=-zcmxs%GtYTeZf}S6rt5bR4ZR$DfGxF^+Xt zkr#|Jc*N=w!d$&Eb5>S^Gi*vGbU2#+u_3`pcGrF7apOU@8yh`B5VsEZ{!$`06)qee zGDejRlb^O?U&q=*y3M{Zq>7eqjGX(@f|J`RQPiN86k|3bB>#~o#{7sbFRF6SUm~(; zVP_ACJjnKUkxTUsc@}jK3vwoR-k=lTDV+ichw9q#ZX{IO+r#5=__{@6# zdThV%C8xu7hUi|=@Ar!^%SD6fPsAS)!@m1Vj>e&R;+A%UL#)VU=Y=|qNXGrT-I23Jzb84Ewd6Ga7+mHJ7BiC3nM)&dQE>^_89symUzZ>=WCnO z+p}VswI}&LrJMzTtS*kx0g)ZxaVwBh6sH01{TVj)3ThSI4*^eP_5dd}-oGD!s}kD} zvMxbDJ*&+Y_qHHkU@(!~e5$0|SiNQ=)_x6HATcEJ0oGY1=jxxS>uwH}stwe3``MvA$KyZArkLYk*?xYfJ^xmW(PABl-%`PA479oB)H--%-ypTVkovuENCqU$sWm z@r`WJ??5#fs3$*I5JQ~uC_%}~`diN-k|OwA8%vK%mrHB;u?~*?%HRA3Eb<(3C9(7w zzlc$X`s{G)Og3L9n-x-np#tJ0dM%ivAIDHLA5f3fWxnxJ#Y|xGW*NE=7W2LcGDnLC z^H~ceyvL48#v1r3NOdrfHmO2_rYq%7+l}P$=Z2f#Di;aW;^T&B4D9PQua2g!+}6J( zn&nJtxmoQlxyM6!G(r}ctgX?vC%*B-W8zKSAVdTndDz-^hC_C&3UB^n#STBa6^nNRb#Ih@^TPxqFP+W!Mq)G*pU7>RY7oHY_LLp62Wxu zJ`jl$7Mc(LqfODsr9tpwr4r zrnv|2`UB5SRE#^rI?*OddV>9vST*Sb-z}FeFPlT`_d)7CG4;M5=^W@Z0J>MCRL|-i zn)jjgym-p92S%9*W#4cFeC*x|nd@1?jnBn;Q*i!c9~w=Skg$)@Y#DK2fOk!JUg-_L zK}KN-db*G^v>f)OL!AUpr0y;Fq;of&M3JSsDJ4}yo~wTq(*)3;X<|_W2dzmBz^PfrJuwn^I7Hr%_?OV3IU{ygd1!0gd3~>~^EZ;H2crfEod7^nF)n`U?g6l{u$BinrKR2yn7Ez;{F~lv zn+4Et?UnoN2Q_}~e?*&_0>bXa-x}&W7+_-|b&Te}5#m3I5jF-J1;Oa-gXoV9&3W7~ z`hctzs4EvmaRr_=JBWm zS~l>g7ISOW*E)c}z3a4C!e#wjpQ8Rwu!V8!YqX&@&n=vANe3xx+dq5T%j1Lb-zqNg zKeX<0LKgEe;#4#Te2wCmtC2<-uA&U_O8r?U1WS(b4}*|=#O7p!jvSE(OAu2TN!M^=rQ>;5`B3jz`RImE_ zhvkk#?&ZwpPBrK{UMLoPlF!mZoGH3K?u?mmT0R6@KQ_unQAW%3q2RwKU%0OhbGRJ()zVZtLVP_J_^ddzNq#+t&l;`+ z_&P80%j7oiF_3yd+r^@v{J68VsQo}0EmJII~g845Jr`t$`Jn4iIGuOujK05?GH_wbX z(UE3RZ%e-wvVy-ql>5GVw;f(21p_YOw@!26VF^#pJY^5xj&l_?j-b!2@D`gT8QZ13 zuf7Xd3kWaDuiw1v_sCV*BF|b z8{_%x3BqJhER12;3wdaMxg_bnJI8ufAEeu8mj{0`|0Aovh+`@%5EWa`*XBCa#MDwn zTci}u5MoH0kQHTmQz1f^7wkb%fmfSy(OZ%r54R8yA)i1XLuhYV;~fUV|9BD3F?6mR z>6pQfYf=+5%)+&tSx?z659-|`Q%wnTqjWYuD2M9N?+~SiD0>DGDd~oMd2Zfz!?7gDM%(j`&?|L7(Gw%xGdG_7UCwuxxzf0<#_jsZF`+( z!uGqir?PKsdZlgeY@ncIEVRTE(W(F-v`d5Za|gH{CtokhhsI{8NprQ;OaMFn^e#)+ zXd*w6#y&ogx~R8KOnttA$-JFl=Y#Wk z;OZ0Nc1nO`A^jvT`VoB8>4tXk6ngo5e}m?+c@yP|2VH>WqK>8l4Z50%>YG^{@}z9= zE6G&YqafuyA#L<|K&g)OD}eC&5O7mro1JuZ4om``Ti*akgYXl&hICs-RGBekkG1u- z+o1xhH;s-oeKgOqHE!3+To@N8Sl$nyg3O*JNbvdrRi&S_;w2SY%4-CxhRtz%QW>l`mvZhuj^FcjFz)kVk0{am`?$YJO{G zzrtzuZ>*{wcQPWo1Cl-zRqsARQx6{`p-vbOj9H8&Y|uNMpITRQGTxEWRrbj>^^jaf zxLSkR((*x6rS#N5r|wi}!6Wh7L^orbW^&3(%yxKP15vh#6!JWgqmZB%BjDmdz!2j?Whyab*h+BF|IN={tnh2A^VBG7_|Vm*XipdT zlk+k-@y#=~Zu;SwQC&Igz!qtt;Wu>uY+6L=qJ+U!q#!bGB{_DOB^zI*(nB-aU8WhA zJ^xwHu+6N`f4DL^{~a%qmTbM9T7DtL{g;)C1$UZhXHtjfH+XrELAQMqRC^}zHp>G; zImnIyWM4y5Q)H`~+_U!IZr?!EeYams-_H{y z&m1@X8_&B8(Hht0hWpIy{&Q7h=0P@c`I+TwRQbzVeZx?<)3#G8pQ@+c1joASk&*!I^w~oexNwsG~`Nq>qb(2g$@qqqA8gyANLQoUA7jBNoHO3*U1oAQ4p>U z`WoMNU*xA`j}%8bAg=0IM&z6K?^FOU^;Vkc^ZhPQb6d}6{4JvB+-eQNq9E)&ew(!P z_aDEvBqcORzSux%Bf-Q#>B_xlh-t1WgWA9j`Zty#4dWN%GQsjTbUqTKVk#eDR`vN$ z*r6@Ik;E%Y(_Xvqwql|7pIdQY-N2Pm5$n??`|fJ}wXX`qMxxZ0nRzPlZ& z{C2iBI>T|q!3qK|O}70=c<8YpPIe@PX`tuYkc;QW|4bi2lDkJt#4dFf$995Nc|r{5 z*afaX;I3)nZO#pTNGwm0)iB=A1a=7x^yDo7KY#cMKp8$J`SGyJFxjTa0(|`M4?Ym` zYl$iP%M$SEnM}`lf#&4n&pET1&^tB}x*j~9sSL2)_L*CZ=b5yCIXg>COq5y3tYKF( zhhKgUk>?LR4jue$!R5@dvNDM#Wd&80D}yROx$*(8+PiCfza_da)hv2T>R<(18XfCF zDKa2-j@VlL-VOO?JpA|o&K@xW>lcdj{SxrHXV z>#e%yku4;ZYcIM$y)D&Tk43vSM_lXVsL?85c8;DlGBR>#Kd3g)~7TQv56#;9R z>_*F*;h4+Fbnf#QTe{0gFE$N`2Q7P%@F5~+Q+oS&_1>W-F=je#Z}o`{*i%v|k>VnLY{`iMSm8o`C+R9j%oz^3uo2LX8l;}pE>LRbe(ah^T z1fRY#tY|5@30IJS_EAOHWR6GUp2eOIQ4de*ioXl2H0+f zSt)8x0hGA~_;yYKo@GsTGHvDmWjxOgo|vd#3CcN*2p>u7ft(6Wpku%FBuVbLkR3xI zhqhh$#t8$0c*^9cP?d6dTWkdkT8gUA^|ndtKp003%UikD3BFEGFmbZ6G9iz)0)Rzo zol>2RF~E-W1_$}p62Q&;>ij_v+Bua#fY$$4wp~N2dn0Yq7ZbRqQp8&2R7c=%%h9YX z>1$K_M~Lz$1nFlNhmG2_+W7$71KqJM^GW_iGH;OaLcog5-|uz}fl4*ts0G&X{%07q zhMdphzzc1^{^&>Kbexp$e|pvv25S(UT?k8uTb9V&@A00D9uGvLX5><5y|OwubDhv< z2G4sON{&hKWdQ5ILaZ}^$E2u?@Jssh3*(=s=Z#3-MumwYe+2T^Hm0EbGt;!+Fnz-BkuVP;I7g(Gx7WhoO?b-p9Z#jwKAa66uiuvpc{1f1e}X8#R{rW5SH zt{=Y5w*?4-ekqnf&aMFn$RGP!|5s~as)(;iKYoZ8O~77vfzLkM@n&Ni7`bx6kJD27 zr}aJ=hgH**z@V(IDT5x8vc%|ddzxLLR!%9rKTuOB_W+pgtq~vzV}PmfmDe|ie1L_d z*;a|)9P(ObYdU#oBRra}+Lr`~eUSPCI(C4H{ugYHcAP%~n|IG7gOY=ssqr)7MOHjf zKPy^dUJycI5Qw`LzT;IqvE?Jruee*luDzTNGBP2lLG+f64)|91-r$X%^I>aEEM06q?Y*5)QVg|^fGCfd{iK=}27 zJ_^JsL)Y-rDCLU(W>?q$W=hA5_EV7e5sKdHc{iLg@>OxA`0MMx2*JIP_uoSO@k*$O z0wB%e_Jv~>LaiLn_j$3`2SyiclId^U?q4}zOyS>aRbzLb^^%guz=-sJV{9vB34niW zovqU#>fQZNDZq;95IswWVS#Zho?{YT=Yb?E6$p^7T?Q=`9$#~FWhX@L&nZAiZy!*BkaeF#c1^KYc0GhJh{GmJw)Ir>3mCd5{r zO_@B@bTXq=n$2c|K5Z{t{$yr6PqHl33tt3LY-+}x7lS+2$($ zo8yf<97&cim5yXH-Dw*oNK0a!w(H6;5&skF_%Dc(GZn_dr|y03x}4_N$-8+>m}F5VL!a*_j!U6WpO+XpRk!V`&r$<~lhO&t#W{^U<9`H+fc{G|sFBiPWyMpMZEGTqAZT#$ZucG@7Aijdk^jt)` zKmXw5)REEVG%AoxbB_@ytW?FQ&_HlJIF zJ;~f$|7|&ZbnjY}-~kBmbxj%vxHQEB+LB2eZ1335m2cEgj5`MJu~7Blud<7z65pkM z+Q_iRY@^7w&uvwvLaHmbFx-$zC1tI^bq~!qv)iNunUNIR2o%tns;IP^gBDBwloa@_ z4-X{Gx;d#5LzQw^c#$`QU>~CNdK^CVFQqV8rm%SNL7o4WFkMZK9oJ(7Ubpl4oc)%d zPM%=>&2T~OhZFoaM_aycdLhCtf(n?4B_Be{8*_zK8%Fv^VB-PhqeZ=*%_&H?ha-k; zmM;O;FIfK2+bo5#l5}P&@M7&t)^S;W5gTMdzjCHg^|@MGqViTLNF^2a=lL>({RO z|JT$lc})v&fhxFw7LDH9ZvZYE4n6L>4gS45Fh)}j1s{QbDIc+xQCF+@;w(vMgT z1-kv`OpCeeTP8}TY}aW#GxUA9*@*=wxs#YdJoHx#Xtf{fBHBe83IRPX_Vu1T2Vd^X zw()$3AKH#HkB*1so`EkYq5{*sO4Jnc5IQe7seI7lt!& zArT#L%g;&zQ^NJv=n0rsgD{X$^wZ)Zcj&=u?@KpT%F=Inn;b;)*{1%#G?E<=qGE8{ zaZslTDFW|u1-#bV@w+aaVfvdZAKg7yeBNp|%{wn2gERjg8jz*$>OAd2dd$4J|1>gB zgUebYyx)#_y?na#X%~8ZF*aKfybA1~MR8kZD=x|m>@>)nJdXBOz_PvM!+2^a?P!7} zxD^m$R85(=Nsy*txYWw#3fpo8Gax4gZ_MC( zvSRG^KA7Fg5`AdiFFnD;{_+MYKNA3w^BpU%>ST<`qLR9FD7tjR^{ddpp18R5)pVcN zw>4B|bIlZrXZX}~hU;=f^kVgk1TL*`v*@G_9o(Z6`?gbcQaLd#S`t|+1aWzzcI{TO z6?qA3mMeT8Of6oodbhpi102nb8&)>xl^q^{Np7E4mJcSN7X%f=6VY|QCY!#{OqiF? zZ`tYN}mL$8^3lWSMb%s7mW&442p1zg3m}R4+k0yI=@si6-<9$Y6>mx zzG{4(R>r>cz10c0uun)wuWY)K7+nX3B+2{&rdS<*d~QpJts+`h5xi@@RB15&K$wf` zR)`{<_A*&J=-9rlWiv}o0yUJ?nLIfIUW|otRCn>WFyI1?W{}n~zt8NB=C9}!r#H?-P&eJf-4gu=RS&xStmC2613+g&5+2aMYKa95&&t9%xrqBC0TV%Jz`&Lo_x zM{Hx!Z)1MBRbxyBmMxgAeoSA;EmHt^-hj`~G&Vq0LEg3Ve+IQ*qa9p8J;yn%3)~SW zflyv)^5I*!Ejm7f(uwruYj{L6DsU=r{O64pZguKtu4QICD74ye%v2i-V#wYH{vKpp zG2tnX89-4Kk=@lZF>D5Jc#t}TWeypr0DoEp_GD_q`4{;ePO1nMf)Y=L2F0HO85G}A zs$+6sj?ydTPx0gn3>g4B)2)RpzU&>YqwJ2`MpWYw<1M^O?>uFg-SkUigJZ6sTO$=B zvF;R6l#eO8tcL~+sD!M8>RoX3!qEwYwHsy=zM7N^6hPu5=KB&$eVg;agHBMQuDO z-)Vz=Fqx7XH#<FTH$o_6q6r)cO*=&?m*S{7rs~TGl`4a$&lMGcl!f&!#lKwA zY$WtD>KZ^GLn|SQ>kK(1<{UD)XuEQs84_PewQ`=}wL+ZglUQ>kv@-ZaKF?7B7*uUa zqkI$kMAEcPM-vn@d6;@rmzU25Q7q6Fu~}S2HOSGWUg_@uoHbn%qv^oVoeVEUy{!a{ zKd$+jki4YdjZWl>lP7TS%DMOxGOFPP{pDX%`K@b1`o0#|7<7l2bSc$j&~}O!u}!%* zNb;<&INFpp%Qq^`%vYI9W0+&0(cD9|VJ+J`=gpn3?B#6s(EsrjymK`lS@ecn_j*x+>VA*roxG=kD}yL>A-v~Z{tJtL zG3^h7lu%{XG{7LW%y7%5VKUs9a5aM8e=y!bpMnt7>LMk`C4y|VvOoYU!g_Ev>#DXD z65Rn;za8^f`QnDn4~!OK6n+bCU5@+MZnDKyWF1Md-{5h)O1E+~xeR+)y1G--h$Tz| z%y73if@DhwCYsHM(U5~v@tq7hr1HalR~)Kk%FiP)%yRv(#p=ZJkcKWiGHT6DqNMRV zw-~A62;K@R?eArfgZ@XxFsJysc)fKA9jix0n`ZBDwf0k^!5Ap8Y`y7RK`r(W0@m== zH5O^zcMs2hN2e0Tvw&hxSL1(c1Zej7I-E#&j)9h6Er6<37t=sK+ITq$g~SQ^Wq;v* z=Uw7aO-A^`X}9N4;b$6|TRKOkOv4L7epF_dJT#n`@DQ zr~^SZ0lhlyFdFT_!Vnm4vapdct$+OpH4hnui-(;7z0{1*pG5$_>1Y(EN$6&LK2otU z4ll?IxVQ&_?Iw9o_^#H+VWna0R8hp4DC7n0>ub~!G{5+&`qby-K{WPl@Oniigu#_2npcWJt52U=$tUBIUMPV&41x zNdC8HfBc~`QxdXh0~csp!nhQ!N9Gn?cJ{P(^?DxmTCJud5yV$6>oSSy+G1HbeQsx4 z0q8S!WNdyxx;S?=;&7^9N8SJtX298AIb=fVyZBwwHBaSt#qdL;R*lkb`fmD!#xshM z#P3>e&B6s3EC#G-X9G7j9Mb?8BT0aTp09ec*c3lkl=rBq^QTa{$aoMjossKkxgX)D zubWQvHc(CR@yWNHRxxL6>l~<_)esUg*Ss^7u?*&)T6S~OiJ*9FVt>Y_0kfSU%d1rl$xc7t)bhRBov2@uXyu@}8K7kSuQLVw-cE23-(G>7@-b z%t35ow4+FMM5MHUiksVdz}4S0%6_6X17kS!w8N!eKM@9pB)W0R9UhcT7NBr$JO|T@ z^_xY}EhvKrGW(t7{@1qwLf+RfxUUdklK~fQFi3s8CH}w%P~1MPgD|#D+)IRUVH*=6 z6K*FX5)96bHIwjh;!E~sUFd*#H7mP#0mF73cayAw6OCu+OPqgoSW54EIByzO@+&}m z4%L@%g}>u$Zd;>|Efoiva_kmDheAGE%t&1@706)>Gf4iQZAiX&=XS$ZMGE94oY4xtC(_#JIXMJp>kn?-LT6 zwP;JfBEx?#HQ*w2_Zv_KTrnWGC*ar}!--vDVh^m)4g{Qs*6=dqOv$hv@k+kx6pA~9 z588)I*lV?GFX_v46i`Q-G?)jc;L5Rzn!ulGqq?#Rcogt}{Y#AkYRuN=2TEy?lJSH2 zv|0BkQH-R0J<|n(%3Ua?RY2V6sv}u78IZzzXe2WfBGDCfWFDv%v;W%NzjmVsnzmNk zXxdYN%c%{aCb`q$XiKC)?k0pH*^8%(aYr}T?&;?a>uGlDbmT__&D&_rxO=xjm>>>0 zX~)z~@lVAUJ=(te{PnY?-ynw4jbLRP)*1!D7iARO;EC+MFI#P|We%^Aa2p_SnQr-2 zY+s3T&7WEQ@T9;c&!wz!rM;&?)sU<2qVcF!Gq3x2=*EzUh9k!x0mg90!wy^k1s{w? zT}ZG2R>d^OKUoZ~G{)aur15IZ70>qYIy_J6MKha60rzXR9F)H9Tmb;|>U(a0So@;` zIhrewI)Mc;Y2BW<1CE0cJ$i8Ph$W+r* zMIm-dv|fr5XmOXrb8}}iVL$zzO{s-mJA=D_kCj9t;0LeWg5 z2WtXq@Ra;SB@lwb=@%|ikMrr?NxW}-d&J`pc@+=ElL8syd2spMe&{&AjqD@D>q|V% z>=B7?$HN(V^4LO1b2!%d7f1y&t=%lBv%lWwO{h<_-0b#d0EV?&bQ7-nBJ6Iz`gao( z4}@d$vDRSH4xsC?Oq_BdPebFimIsnGFgKsw3~1~^!)D9=8O`wfB?CrGV*U9?p0xWV z1x-@KsHOt64$nYw9Jm|{tf8!UP;56MR%ZF@%pUIGkP>5)$Nq5Sgmzcb$`W6eHf3Ds5 zBSVr-iRgmxPh(ORl|kFx)MDkAgM+}d*N~#x-vbmoP^-@?(GlgQ#Ke0Xr#D3XJn?sM zGinN8Y(~10HMgtURoM?H?XWL>2L({iypch5rpX6lx;JKG0THu@%#{^fzu^vwMxs;jj1TCFkFOO>0fpXsWqjyI+T$cKrQ&a1eu&y%B zZ%nMm=PfIv3C0afzIi;#YI!b5d?Mr`k!{)cZ3hkx|B(jIZ~nwRPBeHho*87~@3hWlOUAeqh)Mm>FrI_O$-g z5@w5J9$Ki`Y(eD-61*qqjL8Q+y@$;VDgCKGI*1LGRaJB}>(+!X-UtBGoT@Arq~t^M zAEju)lz2}5vT7Ffb}6!7>|&{ky-!(h`1Ic4_(Il683C2Bn0U|K)^?%e5}Y~Y{^o16 zAuB9B5HsrU%3&Vk?`6WSszle}Hj?&*?Yx_WqkU5`^AQ{yb0{RN`Kno)D7lDsE;_i> z5RE{E;J)pn0s6j)zp>ZOElY*Om|icFx$yC@X5K`H*45lF^pDAKz+biQRpN(r65aqq zpku5E5{P45r3L#1uFI?>eVT{_Pe=CC|Rzg_@lPaGo1>86+2zD zx+v?iyU)dvRdb($J9d1h&tieICk#<#@&ZM~6iLs8|DZX~#8gT&hVoQaN{9Xd8F>7$ z2--qJBkX`++IcE2IaogtF$Oqa3xUV>ew%vPBF~izXAhY?$-A=c;#J>tl69P@dj)c^ z9_;99&nZD9GP2VeBjtXhnJOQAB%#Oks2>12A{qV?4Me#yBa6&Jv2ZAIZP=0e#5_RGk^KeszG`ZUZ!&0rjPj?P z6Dqi5thxhBVj|_&XVE+3_7{rCQ}bMypxhvM|SA6`Ez|xMiVUaGg#?vByAN9{%WAAZU+ZC-CV%KNqZm%}P5DSW8Nv zBCh2_(f4j<%1O3JyZL<>)ym)23z5@(ngzcXdpj{=LdP0GE>J|8YbDh-v$cWD#$rX1sv8WBW|R-4lefIyMVVNj*y7ETv;Q8%il!cjvaG?TI$3L zzD`nh`+0qFg4c_snTvj3vmEtNu~`_fiOS z3QmkZUiel@ztL4(k5>8OV|XFI&|Y3ajjn9~gg`Con%muoe7Bt_J-mW|)uksVN=7rU zX^gXiv}s?C$EUhWfj@pn?#13bgw9&=r!0j=%BtR|UqoIZuP`3($F&!RC;Qw7$PIfF zgsFm${y_{wm|z!iMZq_1iU)1-_ezR3Xf7$jB%-Mz0xr~E(laxm^s|GKDKY9`9FcP($>Df=7hS-go#f; z3kbWC2O=PAn54bZx^#44a+q-97v$CU$5Oj2&ho-bqh zowR4F?qJ4;cv##kXoSaD_RZJ%l| zdq&1SUnVs?lI`2MHutNhR(QQM*4TNj_`TGrvRuw_>0NSa8?N%FR+SB?`u(V!7snK0 z`^R&fu9Z-8*(|ECs#@74@P2L5uzk=QSrSB`1}HqSmNu%=4La0Td;y5RlVj7pVZTTh zh`z57Axc@Cb$Nxvup=1_JQ(xDy334)0>>Ok?=XwOM#@Fny9o~M+lJ(u%p!NpZP(D+4=|QdaDO9-qx!XTo0~vEEh_q5nNlb5v{arLxc}n zHx0V>mxWLM3zuoB2{?MwTrYF|rne|VZGm%SA*yAEe_=Qiq$m7LNO!q*%37lK;knM# zXzyLz2=3{fvx{LDM{dguwyt_No}*XG!{Ijgy?(845-T^P@g8z;{y~*B;NA1debT1U zxSl?1cADO5%dEUX8ceOkCcmAKTC-qN(!tr$&Rll=`bzY8?`y`4`>Fi&`aRXz1c>=P zG-Er|Fs;_zw0P*j^S+KCRND*ZrX=3m3k_Xw15QSUw-n8! z5;@p`kxfw!8osp}3)8n(#&pb0r1h&zj8r6=QvYvCE;wWf&4E37w7b{l(w*Pj(UVYcnQL7RZxj79UKsw1qB&G@W##t45TX zH2+Z!aHTd~7*V>SraT>dr$fc$jQ&H|hA#B_zx2-Nw99wHV83 z`N>Dq#X7am={jvHNWYG|ZRwXUKA-f<3Ls1d$Mn47*EEP3YrtOT?eTl;EYtjvXg%w6 z5cMdFhViRwn`3+}ucQVFjLd&UU*?;JC(t(Kv)B{*a1IDEv$S4XbhhS!x`~(n{$uYs zJzPV@78{#WnpDVkC?k@a^cVWs_mN&DsDz#x>ON^V80G;fG$=PhP98f{q+E*Ahj0-rP0(s;`|| z;jnlnz@@gHVmi+GA{0!+0a6Hn)yXk?Pri-&|B^YC_5YGNb6qkYB&%22SQzZs8X@kn zQaQFFKMk%wjabFHa$=48vnlxpSmW%`jL;%`EDU_DpGC)c-?P(IteJr7jX$ae?|d^8 zpB{xk9Hp5l2qbs0PHEcFMd z7fw0uR+POVGI7ilnbEij(3|M~vUzD1rmQ+)4y}U5T8f;W3}?M@iUq!%R6V`(7?ia5 zA{3Xu>Z_)yr%#Fk0-^R3#6O#Fl})Grfe@$0KzBGw+EeCp+c8q!-FK|j%b1oF>1W1o z@jW8+sltgI4yHU!izDu386qXRfy`f^4muhQQvo4EW)Z;_jWw)8^etgU+KwJlkQ$Ij zrVJiqIN5Moyc?&;KF(pSQH`}7qy)0cYCkMRq=4ws>ce!^AE zJ>IrxRe;=uTcF$r*PIzc-g1-yN0L#ahM|YxBrC^vm~YtvPd$&OrSZ)`sNC-Y#9<`^ zqWYDh;J1%J`%C63ARqtMI7oeGiBopm+?gJ81)Z*1%%pPy^QIOCVVGV=6!-|x>|PfW zY35(+Ccx2Z%9tGk<8$@M%S*XAeVHso5Rx*eKrUs<#S?sy!YiuI+`LVMD#rACZA^~T zieQ7ivg=Xd)M}7Mu_KbaI zwD5yJ9htt8$ncQeSy*@alo#^<-;FhB>U!C2P^tJHerO9%1|`2K0`*G^`~Dz#anE&d zj0-9(FFE2clZNxhHt?dS79MP55vacRLQ+PZ)cFCLvCF}b0*CgN$#PD!0#M@|bcdz4?43KKetpn%5|7K`@23oI%&lA6>Y(B2|iR-~R0E^2BZj2-{yHo?} z`y#asx4F-oYN(MIpXG>PR~*71B^6>eSz%c*`-5{ryzuNUC>`I|@8>q4kR*Ck1u=LR z?)pyhpCMVWJ|T11ewCVvfuy1i6K0(^M`yT_(?>sZH$mWlX#hran%QLz4ZhZ+w={1D zWg;Y6LEx;AW>Fz@!Tn>H)83B3=;4{*jG3Sd9=}afs;-ZonV&@53=6A9LOC3gr3_+P z)wwJ#NstR{CME{{S`j|>g^yuml;A8!Qv1GNvf|v|$p)f_^|(l>^}I?k^ZW6|65&*- zj>q>>y;P?qpF6Vfh03AxA2HEPa&wirhDa@eC*+8iHMXZ{jZMa_ckb9K053@GrzTFW zhpgj`)IgIzkL+$yHTxE-D-G;{&vjXKH;Sm53Kw!dySNAPB$h+dSz(6DOJo8cf4cj5 zOT3v8g2V|sxyeg&7w8rp$j}HXMY9GevWT$e$YU4bEovv}f<##ZHyoY`tplg*v3Zl( z1VXrG${^;mxToc%x|iyBfhe}%jP3o8IiXi}3MB5gzLn@HKookZVbG&1;x-{nPHyF} zVcUvT-W3(#8CKIEvNtb7U15(l{o~4>WV{2D+*?c_%b( zJm}Y6(;Xg7?~1MkWWHyUpQn+bO!($L<42GTCq-P4Q;J8$Uooptn1C{U9C$VY*s6t$v# zaG|>AYHy;u_MkK1f$)o$Mm!Nn?2`|-@U|Re0PRrD@LRap5}szWxP`uWX+n;+de1Zc zUoWKr>GhA{Mga_84wSc?*LWLD_e;8|f}A;E()m>5|GFu7IN-)5R)YQj9!FflZ)8Sn z%q+R4q&e=fM4UNbH4xVm;yVwi_JvD_ehZZEu&qkIstit4J;n^7V7oA12dLr&*hXK; zIuPR>1HjlJ*~9sVU4llbD)TTHp>8pl0(h{US?L)b&=@d9d23p49_F?+K~@R@$VzGd z&q|3cD){riB^`V?>(IQ!#B zOX3>zhE;NkN(21v$ExyU-SPCqJ&w;vSEoH5JIj`9rqK9_2tY?`oNVfg7kmH-urY;sukyJ#U3O;VRXsWdL z$r6B`mJMr4t9!zMypf9;v{2}2v>+g2eMl_~(E(3RPpcxQ_bLg6mGSu>C&qVgBm3+V zw#H%g+o#lPUc>p3Kr0hS2_R~&}0&yty>nB+J$f3RYO zg<}6Z7`x^yu2H2M5$r+WgB5YJ09gI3#ky?UGdrx>VNE9uXTm(ZrI{s}mR}zkTl{{kG{*KtiM#&vc+KW7ECPU@(yr)(YTaF2Y@~N`m~d1J0f(aH1B<)2V)}S+=aVs_^?w zp))uaMDI5TlBKwYkIm5wHO-$9kRnhL9LArG4^wKqo!ZAf zUPJg&tx`4k&`muY^7f3vM@!#A`~@<+ZIQ~ahM<>QW=!ck)Z|~**!Vvu1aLaEw-7uD?cQ_=T z($if22KxJ!A03Ag$&7L5b^boFkHMiZ#B?YB(_z>+)&2I}0^R~50(k*rIDD)Wkbd-8 zXffaW{VFr@m=gG#{#muwulPO`$4Y1r&xXumIVi=QNQaj*k!URFEFo=Cx+r9E4X&O) zadZ4oi-pS;Y$S-kz7}v-l>xw53Ihvs3pTS4>la9QP6s8$vRk3;9Tu1=9PoXXpa^KGgCrE))@fMm$-}Mo zU2WOvWOqIwxt_&io5xnDF8IU7mAeg;2y(C@5xH7$B-9ad z%fa%9>fJfE=^i9N%bDDLDe+!CbLLCw?=8K(?qSqHnP}ee^FiAlD#CiJiiycpba2S7 zQ@sFtQT`&dSN=z+sc<9e{55^J zhJDq#z`x)_V74+%wwgJw{X%p= z@L-5os9b~-Te`72^!s;G*ALj|vm`!Wou((Do`nELCFB7vCI9Ks3!@&9!yAH6Id4UE z)%!&h;an@Df5htiAI19cM@$_>WKIBPvKM8q%zpsv9qc{4`;+tonr+L_H!5Z;_83O1 zfZ#o|pF(mAX8ONCK?{~SL}QbF?ax#4?a6?Zrwg>hs^VQJjE8_d-SnZ;-g6wDc3W_- zNjNw8-=)?$?^jTlz!d$nM9~G`kB97T^Rp|{hjx7+UMABn1!jk!lApu%8nb|mrg64{ zJB1)IRGy~9cpBXf3~I$J*G`O34^XQ1mCx;CoJp92waXW7HND(V-xmt_3`2@VjergR z{IJXgBqv!;wt1X@vo;HWxJm1&?xwN~dNZQ+0btL5#4;+$wC#)s(|p{7*e#%$8p-&& zIp%m^pc1?^?@raAg3@4dYPxZHgFA;5sJ-g1r<3Y>G_?X!Ek>cHV@FauF4(_(QRXtM z!TQA)K5)5-YltLM<=Ks51cs$3{!U}A9{mzR`0-mZ{n+BExLWmDBCMu4mD(!u}FdVbG;lrtq=?lc8e`f2 zKhg2N+Af|+)Idh(8BS1KwWSk%7Zrc-dfYr14Ax$1(1?Xl1%x7BxK33CZ+;rwmwvo7 zm_#;$Tol;1;L}8>(K8zJg_DQZOOdCt?O##^P{a))i+3)@Gd3B{0xE~vr zz8=0?A3Q`!KJBx-Nqp)8C3vUKzJFbVFU=3Nrw4ZL14mS9z><|y4ZlJ&S6~NW{BBHy=-&b$= zfB^bqPAIENTXewR=1`&`zY5g0W}zRZ+uXjDO=fKV^>-^ z`Z_^3wuc|mMWpoBZUyQ^W)JmtnaHj)rm~=~)egaI{AMn`aP>b&Y^RZ4k#=P6tEjW*xX1zM4 z5A6%(JkrZBCd8WqVZF?`H?A`w8(}@~n+?Uj>LyWADyrxmlO$G;<_Y_h6r9wjXX6X@ zI(^#qOL>e9s6BibvrH7Ce4`;*&JAheIk7Qg2+@vZXQC&iU1qu0CUms7%R-S|^z^^i z?tM@B>1pYX?CK^Z$A7u_xo9v=p{wu?1^JSl2iHRA}OHMBu6^07Ns0j}C~K zzo4HPOKakp0;fax3gJyWi}DF^u-#hNl%NjE!PH>Jo}A<~T*WjBl}343Tz7WrNAR>V_F!256+9u~*SKb$xUg@$hs>Dq$5tK( z`FG*u8T>Ax)U1&Dd4v!ap#TQL;dW-Wf(#vmFC)S=KMO4-(2~hH)|1@ewhEl6i=tgR zY-}pIcP@@XF~{%FGSO0DMa*CDmv_b4K9dC z-s(WvtC|S0cBVL~>9mTgUJ%c`I3SN-|5C4ZgDJ7yIih01q@7<@TS zSxbj=DipEf%*fZTu&;y9-1&Xw#;$*T^nRByK$Tkq4<7}RZ?HCBPlC$1lx>dxpSkN} zw&tzWJ8h0hSMt3|ztbngfl9-V0Fj`-;lr$d{gCv_I-@5`x+9s#>j6&j)tK#m=^KUg z-}&He!mJqlPKB|^Mb@JT#$>2OnYfm3r}$f{!D2ow>8Eia5}W-I24?f+UNg(rK4>Q^ zrd$5RMqiW>%zr^Y4=vX4ha{Slg2~4NOwRC98<+^p zjxT2w7ZZ!_TS^DSgd!NerFlMfycs%eeU^G>HSxq7e4(}LJ&V}LIC3;g#=pSmP~4r- zBrC*t!miD*Qg%lSWzNXj-^mJ|socktZV2L79~Z^59Ks5RZ9;Eja!k(sX)@(t&iRsO zS9H`+dPnG-;^zL1`lr@iQCz>QTp&|e3yl2_k_#7}TAesE`vjJ6CRrFzTR|TDKl~Tu zZpE;~Csq57=@yI?KSQHD%dv@MQ>_`8-@etK7*KM|XUZv3uw|(5y>=R(-mrp6oJoib z)SsI6h5m>Hm!?`9hs3DHhf18-Pl2P+1$}rkkf8?HHyBhE-+kzm!$~4 zfwrQ6w&)y0gQ$Bv3+-Jsa33J8Y!T#CJ<~dZJbP-x(xk3}fk~yj&}eXDO;%h3kH3&| z*DZ3EF^AZf!P6BVE2YNNwfOBIz6I1XT6bCtqCaP_Z-JN^9W(UxI!49CJ6rj+VM zgE?g&em(2YOxMgUb|LTr`zM`Mqn%`n1SlC(ujNe65NM^u8C|uMc z(G}9OQcCju@@hB^Qvz=AombI0m?LKv7zkdY_C3sL$pn5Rs&9FH1!D)558#qVrcQs; zIV7Ovxd&c9Uo#T}cdy;Df!5SPGrrdsIQT3U+-{#?q<*e=#X z>x>EPJY}Skf~x=5dx#CDYgRy<(j!LLrh7MG+C}2PP((tEg@uoWg{>Jh0Ib79_Lxzh zxiGkuqQ}}DCD(N=+fM*gpyHug;J*tzmj?dWf+l>M4=rsv_?1))hMZ?CD7aMGNLv+kSCzib?5v>EqRW<0tRcZsjssO+4pgeNhthwcEWjg#7 zuK|;S9ZX3}^Jq{+TUl{smW1A_T0@!7wI0CDTFWK&2X|>j+}_n0KL8r zZ9**hYn|;AhCPM2Y8bm9?UEsa5JG2|3Q_cneNlOMPi*U#bLuVI703Es%_>x2-X=^n z?I^i(0dw%i6B&WqxkD^+lQR$LFgC8R{29eO*8?D2UXy7&gLEMj2 zSjJAM853JTDq17XA0PnFxNU!-)BsvMKS$M+yx)S@S4e0eCSlX$+lNw$nHo&^b*-Tn zP5|}=hPOd^O|Zz;eEJn%Fj6qha(;Ul>SJ zx`d0uQ(Ubd8HLpPB|<9dZh0YKhVR9(g6TgKF1`dxiJd%&)J&!+w4&ORO;D+IsNm0m z4UD`eq$l%mK`|}qc6UMI**sQ(G=6-!=U*~~3zMXZBDioa$j8y7ArWz{IUIL4X~j$0 z_=P3oNAMVnW=J@>Lxy4ja%(n4R+JUE_ep5<-~N_IVB08u@86*={lW%1d%&FqfR;RfH1 z#uxdcg8QJU!2iuhEeS9eH|>iUpSr{Sjo)M3<56WbcmT6Tjq5Vr`&qDcy;b-i>U-Vc zgWo_!sy5FTO9w!jrD34NpA7vjb#(PY-4GjRN;YkY8IPt{*K|ScD`%plM>O+#`iokH zvb9!y%}p{`M^Z#qZH|2Sz-eZ8dAtE>CyI5du>qbhWM+lYm>bkob%I#u^?)hI{w$aE zMTVYfXfNLpfnhicU3>_2Thtt)+a0u9QT%`ARzfYB=?Z)=GB?<|PeU3{`RY zQ-vTbz6pv;)#{TIX>VY{)CpB+$o%L!O2wx~=IvCXC>h$i)$UK8^=|s?iNZ@(Fpvy3j5Tfb{ hfr -p -c -r - ``` - -r value Name of region, such as 'us-south' or 'eu-gb' - -c value Account ID or owner user ID (such as user@example.com) - -```console -ibmcloud login -u -p -c -r -ibmcloud ks cluster ls -ibmcloud ks cluster config --cluster $cluster | grep export > env.sh -chmod 755 env.sh -. ./env.sh -echo $KUBECONFIG -kubectl version --short - ``` - -**2. Configure IBM Cloud Container Registry** - - **a. Log in with your IBM Cloud account. Use “ibmcloud login --sso” to log in to IBM Cloud CLI** - - **Note:** After you press "Y" to open the URL in the default browser, IBM Cloud generates a one-time code in the browser. Copy and paste it, then press “Enter" to pass authentication. - -```console -$ ibmcloud login --sso -API endpoint: https://cloud.ibm.com -Region: eu-gb - -Get One Time Code from https://identity-2.ap-north.iam.cloud.ibm.com/identity/passcode to proceed. -Open the URL in the default browser? [Y/n] > yes -One Time Code > -Authenticating... -OK - -Select an account: -1. XXXXXX's Account (0xxxxxxxxxxxxxxaa9xxx) -2. XXXXXXXX's Account (c56xxxxxxxxxxxxx74xxxxc) <-> 1...7 -Enter a number> 2 -Targeted account XXXXXXXX's Account (c56xxxxxxxxxxxxx74xxxxc) <-> 1...7 - - -API endpoint: https://cloud.ibm.com -Region: eu-gb -User: xxxxxxx -Account: XXXXXXXX's Account (c56xxxxxxxxxxxxx74xxxxc) <-> 1...7 -Resource group: No resource group targeted, use 'ibmcloud target -g RESOURCE_GROUP' -CF API endpoint: -Org: -Space: - -Tip: If you are managing Cloud Foundry applications and services -- Use 'ibmcloud target --cf' to target Cloud Foundry org/space interactively, or use 'ibmcloud target --cf-api ENDPOINT -o ORG -s SPACE' to target the org/space. -- Use 'ibmcloud cf' if you want to run the Cloud Foundry CLI with current IBM Cloud CLI context. - - -New version 0.19.0 is available. -Release notes: /~https://github.com/IBM-Cloud/ibm-cloud-cli-release/releases/tag/v0.19.0 -TIP: use 'ibmcloud config --check-version=false' to disable update check. - -Do you want to update? [y/N] > y - -Installing version '0.19.0'... -Downloading... - 17.45 MiB / 17.45 MiB [========================================================================================] 100.00% 9s -18301051 bytes downloaded -Saved in /Users/ibm/.bluemix/tmp/bx_746509876/IBM_Cloud_CLI_0.19.0.pkg -``` - -If you encounter errors using "ibmcloud login --sso", you can run "ibmcloud login" and enter your user name and password instead. - - **b. Create a namespace** - -```console - $ ibmcloud cr namespace-add -``` - - **c. Check the cluster** -```console -$ oc get pod - ``` - **d. Log in to IBM Cloud Container Registry (cr)** -```console -$ ibmcloud cr login -``` - Example output: - -```console -$ ibmcloud cr login -Logging in to 'registry.eu-gb.bluemix.net'... -Logged in to 'registry.eu-gb.bluemix.net'. - -IBM Cloud Container Registry is adopting new icr.io domain names to align with the rebranding of IBM Cloud for a better user experience. The existing bluemix.net domain names are deprecated, but you can continue to use them for the time being, as an unsupported date will be announced later. For more information about registry domain names, see https://cloud.ibm.com/docs/services/Registry?topic=registry-registry_overview#registry_regions_local - -Logging in to 'us.icr.io'... -Logged in to 'us.icr.io'. - -IBM Cloud Container Registry is adopting new icr.io domain names to align with the rebranding of IBM Cloud for a better user experience. The existing bluemix.net domain names are deprecated, but you can continue to use them for the time being, as an unsupported date will be announced later. For more information about registry domain names, see https://cloud.ibm.com/docs/services/Registry?topic=registry-registry_overview#registry_regions_local - -OK -``` -Get the container repository host from the "ibmcloud cr" login output. In this example, the Docker repository host is “us.icr.io” - - **e. Verify the images are in your private registry:** -```console -$ ibmcloud cr image-list -``` - **f. Create an API key** - - I. Log in to https://cloud.ibm.com. - - II. Select your own cluster account (upper right corner) and click IBM Cloud -> Security -> Manage -> Identity and Access -> Access (IAM) / IBM Cloud API Keys (left menu) --> Create an IBM Cloud API Key. Then download the API key or copy the API key. - - III. Return to your client terminal window and log in to the local Docker registry: - -```console -docker login -u iamapikey -p -``` - Example: -```console -$ docker login -u iamapikey -p us.icr.io -WARNING! Using --password via the CLI is insecure. Use --password-stdin. -Login Succeeded -``` - **g. Create a Docker pull secret in your OpenShift cluster** -```console -oc create secret docker-registry ums-secret --docker-server=us.icr.io --docker-username=iamapikey --docker-password= - ``` -This secret will be passed to the chart in the imagePullSecrets property. Check the "docker-server" name in the output of the previous command “ibmcloud cr login”. - -## Step 3: Downloading the package and uploading it to the local repository - -1. Download and save the [loadimages.sh](/~https://github.com/icp4a/cert-kubernetes/blob/master/scripts/loadimages.sh) script to the client machine. -2. Download the Business Automation Studio Passport Advantage packages by following the instructions in [IBM Cloud Pak for Automation 19.0.2 on Certified Kubernetes](/~https://github.com/icp4a/cert-kubernetes/blob/master/README.md#step-2-get-access-to-the-container-images). -3. Run the following commands to load the images into the Docker repository: -```console -$ ibmcloud cr namespace-add - ``` -Example: -```console -./loadimages.sh -p ./CC3I3ML.tgz -r us.icr.io/ -./loadimages.sh -p ./CC3I4ML.tgz -r us.icr.io/ -./loadimages.sh -p ./CC3I5ML.tgz -r us.icr.io/ -./loadimages.sh -p ./CC3HVML.tgz -r us.icr.io/ - ``` -The name "us.icr.io" is one of the IBM Cloud Container Registry names and your registry name might be different. Get the name from the "ibmcloud cr login" step. - -4. Get the following Docker images in the IBM Cloud repository, which can be used for future Studio deployments: -```console - - us.icr.io//solution-server:19.0.2 - - us.icr.io//dba-etcd:19.0.2 - - us.icr.io//solution-server-helmjob-db:19.0.2 - - us.icr.io//dba-keytool-initcontainer:19.0.2 - - us.icr.io//dba-umsregistration-initjob:19.0.2 - - us.icr.io//dba-dbcompatibility-initcontainer:19.0.2 - - us.icr.io//navigator:ga-306-icn-if002 - - us.icr.io//navigator-sso:ga-306-icn-if002 - - us.icr.io//ums:19.0.2 - - us.icr.io//dba-keytool-initcontainer:19.0.2 - - us.icr.io//dba-keytool-jobcontainer:19.0.2 - - us.icr.io//bastudio:19.0.2 - - us.icr.io//jms:19.0.2 - - us.icr.io//solution-server:19.0.2 - - us.icr.io//dba-etcd:19.0.2 - - us.icr.io//solution-server-helmjob-db:19.0.2 - - us.icr.io//dba-keytool-initcontainer:19.0.2 - - us.icr.io//dba-keytool-jobcontainer:19.0.2 - - us.icr.io//dba-umsregistration-initjob:19.0.2 - - us.icr.io//dba-dbcompatibility-initcontainer:19.0.2 -``` -## Step 4: Connecting OpenShift with CLI -1. Open a browser and log in to the IBM Cloud website (https://cloud.ibm.com) with your IBM Cloud ID, then navigate to the OpenShift category. -2. Find your OpenShift cluster instance in the Clusters list, select ..., and click OpenShift Web Console. -3. In the OpenShift Web Console, click your user ID (top right) and click Copy Login Command. -4. Paste the login command into the shell in your client machine terminal window: -```console - oc login https://: --token= - ``` -5. Create or switch to the namespace you created by running the following command: -```console - oc new-project && oc project - ``` -6. To deploy the service account, role, and role binding successfully, assign the administrator role to the user for this namespace by running the following command: -```console - oc project - oc adm policy add-role-to-user admin -``` -7. If you want to operate persistent volumes (PVs), you must have the storage-admin cluster role, because PVs are a cluster resource in OpenShift. Add the role by running the following command: -```console - oc adm policy add-cluster-role-to-user storage-admin -``` - 8. Grant scc ibm-anyuid-scc to your newly created namespace: - ```console -oc adm policy add-scc-to-group ibm-anyuid-scc system:serviceaccounts: -``` - -## Step 5: Creating the databases - -1. Prepare the databases for Studio and App Engine, following the instructions in [Creating databases](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_basprep_db.html). - -## Step 6: Creating the routes - -1. Choose the release name, for example, “ocp-bas”. You can replace `````` with your own release name in the examples that follow. - -2. Choose the route names, for example, "bas-route" for Studio and "ae-route" for App Engine. - -3. Prepare the YAML files for the routes. For example: - -ums-route.yaml -```yaml -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: ums-route - namespace: -spec: - port: - targetPort: https - tls: - insecureEdgeTerminationPolicy: Redirect - termination: passthrough - to: - kind: Service - name: -ibm-dba-ums - weight: 100 - wildcardPolicy: None -``` -bas-route.yaml: -```yaml -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: bas-route - namespace: -spec: - port: - targetPort: https - tls: - insecureEdgeTerminationPolicy: Redirect - termination: passthrough - to: - kind: Service - name: -bastudio-service - weight: 100 - wildcardPolicy: None -``` -ae-route.yaml: -```yaml -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: ae-route - namespace: -spec: - port: - targetPort: https - tls: - insecureEdgeTerminationPolicy: Redirect - termination: passthrough - to: - kind: Service - name: -ibm-dba-ae-service - weight: 100 - wildcardPolicy: None -``` - -4. Create the routes by running the following commands: -```console -oc create -f bas-route.yaml -oc create -f ae-route.yaml -``` -5. Get the host names for Studio and App Engine. You will need them later. - -a. Run the command "oc get route" to get the host name for each component. -```console -$ oc get route -NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD -ae-route ae-route-bastudio. .us-east.containers.appdomain.cloud aa-ibm-dba-ae-service https passthrough/Redirect None -bas-route bas-route-bastudio. .us-east.containers.appdomain.cloud aa-bastudio-service https passthrough/Redirect None -rr-route rr-route-bastudio. .us-east.containers.appdomain.cloud aa-resource-registry-service https passthrough/Redirect None -ums-route ums-route-bastudio. .us-east.containers.appdomain.cloud aa-ibm-dba-ums https passthrough/Redirect None -``` - -b. Find the host name ```“ums-route-bastudio..us-east.containers.appdomain.cloud”``` and write it down. You will use it later when creating secrets. - -c. Ping the host name to get the ip address. - -```console -$ping ums-route-bastudio..us-east.containers.appdomain.cloud -PING dbaclusterxxxxxxxxxxxxxx001.us-east.containers.appdomain.cloud (169.x.x.x) 56(84) bytes of data. -64 bytes from xxx.ip4.static.sl-reverse.com (169.x.x.x): icmp_seq=1 ttl=44 time=72.9 ms -64 bytes from xxx.ip4.static.sl-reverse.com (169.x.x.x): icmp_seq=2 ttl=44 time=72.7 ms -``` -Write down the IP address 169.x.x.x. It will be used later in the . For each route (ums-route, bas-route, ae-route, rr-route) write down the host name and IP address. - -## Step 7: Protecting sensitive configuration data - -You must create the following secrets manually before you install the chart. - -* Create the UMS Service following the instructions in [Install User Management Service 19.0.2 on Red Hat OpenShift on IBM Cloud](/~https://github.com/icp4a/cert-kubernetes/blob/master/UMS/platform/README-ROKS.md). - -* Follow the instructions in [Preparing UMS-related configuration and TLS certificates](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_basprep_ums.html) to prepare UMS secrets. - -* Follow the instructions in [Protecting sensitive configuration data](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_basprep_data.html) to prepare secrets for Resource Registry, App Engine, and Studio. - -The following sample YAML files are for Resource Registry, App Engine, and Studio secrets. Update the values with your own user name, database information, and so on. - -Resource Registry yaml: -```yaml - apiVersion: v1 - kind: Secret - metadata: - name: resource-registry-admin-secret - type: Opaque - stringData: - rootPassword: "" - readUser: "reader" - readPassword: "" - writeUser: "writer" - writePassword: "" -``` - -App Engine yaml: - -```yaml -apiVersion: v1 -kind: Secret -metadata: - name: ae-secret-credential -type: Opaque -stringData: - AE_DATABASE_PWD: "" - AE_DATABASE_USER: "" - OPENID_CLIENT_ID: "app_engine" - OPENID_CLIENT_SECRET: ““ - SESSION_SECRET: "bigblue123solutionserver" - SESSION_COOKIE_NAME: "nsessionid" - REDIS_PASSWORD: "password" -``` -Business Automation Studio yaml: -```yaml -apiVersion: v1 -kind: Secret -metadata: - name: bastudio-admin-secret -type: Opaque -stringData: - adminUser: "umsadmin" - adminPassword: "password" - sslKeystorePassword: "" - dbUsername: "" - dbPassword: "" - oidcClientId: "bastudio-liberty" - oidcClientSecret: "tsSecret-jdaklfjsef" -``` - -## Step 8: Configuring TLS key and certificate secrets -Modify all values enclosed in angle brackets like `````` in each of the following xxx.conf files with your own values. - -Follow [Configuring the TLS key and certificate secrets](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_basprep_secrets.html) to create TLS certificate secrets for UMS, Studio, Resource Registry, and App Engine services. - -1. Create the root CA. - -Run the following three commands: -```console - -openssl genrsa -out rootCA.key.pem 2048 - -openssl req -x509 -new -nodes -key rootCA.key.pem -sha256 -days 3650 \ - -subj "/CN=rootCA" \ - -out rootCA.crt.pem - -kubectl create secret tls ca-tls-secret --key=rootCA.key.pem --cert=rootCA.crt.pem -``` - -2. Generate the UMS TLS key and certificate. - -Example: ums-extfile.conf -```console -authorityKeyIdentifier=keyid,issuer -basicConstraints=CA:FALSE -keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment -subjectAltName = @alt_names - -[alt_names] -DNS.1 = -ibm-dba-ums -DNS.2 = -DNS.3 = .svc.cluster.local -DNS.4 = svc.cluster.local -DNS.5 = localhost -IP.1 = -``` -Run the following four commands: -```console -openssl genrsa -out ums.key.pem 2048 -openssl req -new -key ums.key.pem -out ums.csr \ - -subj "/CN= " - -openssl x509 -req -in ums.csr -CA rootCA.crt.pem \ - -CAkey rootCA.key.pem \ - -CAcreateserial \ - -out ums.crt.pem \ - -days 1825 -sha256 \ - -extfile ums-extfile.conf -kubectl create secret tls ums-tls-secret --key=ums.key.pem --cert=ums.crt.pem -``` -3. Generate the UMS JKS TLS key and certificate. - -Example ums-jks-extfile.conf -```console -authorityKeyIdentifier=keyid,issuer -basicConstraints=CA:FALSE -keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment -subjectAltName = @alt_names - -[alt_names] -DNS.1 = -ibm-dba-ums -DNS.2 = -ibm-dba-ums..svc.cluster.local -DNS.3 = svc.cluster.local -DNS.4 = localhost -DNS.5 = c100-e.us-east.containers.cloud.ibm.com -IP.1 = -``` -Run the following four commands: -```console -openssl genrsa -out ums-jks.key.pem 2048 -openssl req -new -key ums-jks.key.pem -out ums-jks.csr \ - -subj "/CN= " - -openssl x509 -req -in ums-jks.csr -CA rootCA.crt.pem \ - -CAkey rootCA.key.pem \ - -CAcreateserial \ - -out ums-jks.crt.pem \ - -days 1825 -sha256 \ - -extfile ums-jks-extfile.conf -kubectl create secret tls ums-jks-tls-secret --key=ums-jks.key.pem --cert=ums-jks.crt.pem -``` -4. Generate the Resource Registry TLS key and certificate. - -Example rr-extfile.conf -```console -authorityKeyIdentifier=keyid,issuer -basicConstraints=CA:FALSE -keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment -subjectAltName = @alt_names - -[alt_names] -DNS.1 = -resource-registry-service -DNS.2 = -DNS.3 = -resource-registry-service..svc.cluster.local -DNS.4 = svc.cluster.local -DNS.5 = localhost -DNS.6 = c100-e.us-east.containers.cloud.ibm.com -IP.1 = -``` -Run the following four commands: -```console -openssl genrsa -out rr.key.pem 2048 -openssl req -new -key rr.key.pem -out rr.csr \ - -subj "/CN= " - -openssl x509 -req -in rr.csr -CA rootCA.crt.pem \ - -CAkey rootCA.key.pem \ - -CAcreateserial \ - -out rr.crt.pem \ - -days 1825 -sha256 \ - -extfile rr-extfile.conf -kubectl create secret tls rr-tls-secret --key=rr.key.pem --cert=rr.crt.pem -``` -5. Generate the App Engine TLS key and certificate. - -Example ae-extfile.conf -```console -authorityKeyIdentifier=keyid,issuer -basicConstraints=CA:FALSE -keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment -subjectAltName = @alt_names - -[alt_names] -DNS.1 = -ibm-dba-ae-service -DNS.2 = -DNS.3 = -ibm-dba-ae-service..svc.cluster.local -DNS.4 = svc.cluster.local -DNS.5=localhost -DNS.6=c100-e.us-east.containers.cloud.ibm.com -IP.1 = -``` -Run the following four commands: - -```console -openssl genrsa -out ae.key.pem 2048 -openssl req -new -key ae.key.pem -out ae.csr \ - -subj "/CN=< ip address from above ae-route > " - -openssl x509 -req -in ae.csr -CA rootCA.crt.pem \ - -CAkey rootCA.key.pem \ - -CAcreateserial \ - -out ae.crt.pem \ - -days 1825 -sha256 \ - -extfile ae-extfile.conf -kubectl create secret tls ae-tls-secret --key=ae.key.pem --cert=ae.crt.pem -``` -6. Generate the Business Automation Studio TLS key and certificate. - -Example bas-extfile.conf - -```console -authorityKeyIdentifier=keyid,issuer -basicConstraints=CA:FALSE -keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment -subjectAltName = @alt_names - -[alt_names] -DNS.1 = -bastudio-service -DNS.2 = -DNS.3 = -bastudio-service..svc.cluster.local -DNS.4 = svc.cluster.local -DNS.5 = localhost -DNS.6 = c100-e.us-east.containers.cloud.ibm.com -IP.1 = -``` -Run the following four commands: -```console -openssl genrsa -out bas.key.pem 2048 -openssl req -new -key bas.key.pem -out bas.csr \ - -subj "/CN=< ip address from above bas-route > " - -openssl x509 -req -in bas.csr -CA rootCA.crt.pem \ - -CAkey rootCA.key.pem \ - -CAcreateserial \ - -out bas.crt.pem \ - -days 1825 -sha256 \ - -extfile bas-extfile.conf -kubectl create secret tls bas-tls-secret --key=bas.key.pem --cert=bas.crt.pem -``` -7. Generate the IBM Content Navigator (ICN) TLS key and certificate. - -Example icn-extfile.conf -```console -authorityKeyIdentifier=keyid,issuer -basicConstraints=CA:FALSE -keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment -subjectAltName = @alt_names - -[alt_names] -DNS.1 = icn..nip.io -DNS.2 = svc.cluster.local -DNS.3 = localhost -IP.1 = -``` -Run the following four commands: -```console -openssl genrsa -out icn.key.pem 2048 -openssl req -new -key icn.key.pem -out icn.csr \ - -subj "/CN=< ip address from above ums-route > " - -openssl x509 -req -in icn.csr -CA rootCA.crt.pem \ - -CAkey rootCA.key.pem \ - -CAcreateserial \ - -out icn.crt.pem \ - -days 1825 -sha256 \ - -extfile icn-extfile.conf -kubectl create secret tls icn-tls-secret --key=icn.key.pem --cert=icn.crt.pem -``` -8. Generate the JKS TLS key and certificate. - -Example jks-extfile.conf -```console -authorityKeyIdentifier=keyid,issuer -basicConstraints=CA:FALSE -keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment -subjectAltName = @alt_names - -[alt_names] -DNS.1 = -ibm-dba-ums -DNS.2 = ums..nip.io -DNS.3 = -ibm-dba-ums..svc.cluster.local -DNS.4 = svc.cluster.local -IP.1 = -``` -Run the following four commands: - -```console -openssl genrsa -out jks.key.pem 2048 -openssl req -new -key jks.key.pem -out jks.csr \ - -subj "/CN=< ip address from above ums-route > " - -openssl x509 -req -in jks.csr -CA rootCA.crt.pem \ - -CAkey rootCA.key.pem \ - -CAcreateserial \ - -out jks.crt.pem \ - -days 1825 -sha256 \ - -extfile jks-extfile.conf -kubectl create secret tls jks-tls-secret --key=jks.key.pem --cert=jks.crt.pem -``` - -## Step 9: Preparing persistent storage - -Follow the "Implementing storage" section of [IBM Business Automation Studio installation](/~https://github.com/icp4a/cert-kubernetes/blob/master/BAS/README.md) to prepare the persistent storage for Studio. - -## Step 10: Installing Business Automation Studio 19.0.2 on platform Helm - -To install the Business Automation Studio service on a managed Red Hat OpenShift cluster on IBM Public Cloud, choose one of the following options: -* To use Helm charts, follow the instructions in [Deploying with Helm charts](/~https://github.com/icp4a/cert-kubernetes/blob/master/BAS/helm-charts/README.md). - -* To use YAML, follow the instructions in [Deploying with Kubernetes YAML](/~https://github.com/icp4a/cert-kubernetes/blob/master/BAS/k8s-yaml/README.md). - -* To deploy the service on your own, complete the following steps: - -**1. Download the Helm charts provided for certificates in the GitHub release pages:** -* Download ibm-dba-aae-prod-1.0.0.tgz from [AAE HELM](/~https://github.com/icp4a/cert-kubernetes/tree/master/AAE/helm-charts) -* Download ibm-dba-bas-prod-1.0.0.tgz from [BAS HELM](/~https://github.com/icp4a/cert-kubernetes/tree/master/BAS/helm-charts) - - -**Modify the sample values in the YAML files to match your own environment:** - -```yaml -#Shared values across components -global: - # The persistent volume claim name used to store JDBC and ODBC library - existingClaimName: - # Keep this value as false - nonProductionMode: false - # Secret with Docker credentials - imagePullSecrets: ums-secret - # global CA secret name - caSecretName: "ca-tls-secret" - # Kubernetes dns base name - dnsBaseName: "svc.cluster.local" - # Contributor toolkits storage PVC - contributorToolkitsPVC: "" - # Global configuration created by user management service - ums: - serviceType: Ingress - # Get UMS hostname from “oc get route” command - hostname: "ums-route-bastudio. xxxxx.us-east.containers.appdomain.cloud" - port: 443 - # Secret with admin credentials - adminSecretName: ibm-dba-ums-secret - - # Global configuration created by BAStudio - baStudio: - serviceType: "Ingress" - # Get BAStudio hostname from “oc get route” command - hostname: "bas-route-bastudio. xxxxx.us-east.containers.appdomain.cloud” - port: 443 - adminSecretName: bastudio-admin-secret - jmsPersistencePVC: - - # Global configuration created by Resource Registry - resourceRegistry: - # Get RR hostname from “oc get route” command - hostname: "rr-route-bastudio. xxxxx.us-east.containers.appdomain.cloud" - port: 31099 - adminSecretName: resource-registry-admin-secret - - # Global configuration created by App Engine - appEngine: - serviceType: "Ingress" - # Get AE hostname from “oc get route” command - hostname: "ae-route-bastudio.xxxxx.us-east.containers.appdomain.cloud" - port: 443 - -# BAStudio private configurations here -baStudio: - install: true - # BAStudio private configurations here - images: - bastudio: us.icr.io//bastudio:19.0.2 - umsInitRegistration: us.icr.io//dba-umsregistration-initjob:19.0.2 - tlsInitContainer: us.icr.io//dba-keytool-initcontainer:19.0.2 - ltpaInitContainer: us.icr.io//dba-keytool-jobcontainer:19.0.2 - dbcompatibilityInitContainer: us.icr.io//dba-dbcompatibility-initcontainer:19.0.2 - jmsContainer: us.icr.io//jms:19.0.2 - pullPolicy: Always - - tls: - tlsSecretName: bas-tls-secret - tlsTrustList: [] - - # Database config - bastudioDB: - database: - type: db2 - name: BPMDB - host: - port: - expectedSchemaVersion: "1.0.0" - driverfiles: "db2jcc4.jar db2jcc_license_cu.jar" - - # BAStudio scaling config - replicaCount: 1 - autoscaling: - enabled: false - minReplicas: 2 - maxReplicas: 5 - targetAverageUtilization: 80 - - contentSecurityPolicy: upgrade-insecure-requests - - # BAStudio resource config - resources: - bastudio: - limits: - cpu: 4 - memory: 4Gi - requests: - cpu: 2 - memory: 3Gi - initProcess: - limits: - cpu: 500m - memory: 256Mi - requests: - cpu: 200m - memory: 128Mi - jms: - limits: - cpu: 1 - memory: 1G - requests: - cpu: 500m - memory: 512Mi - logs: - consoleFormat: basic - consoleLogLevel: INFO - consoleSource: message,trace,accessLog,ffdc,audit - traceFormat: ENHANCED - traceSpecification: "*=info" - - # Health checks - livenessProbe: - initialDelaySeconds: 420 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 - successThreshold: 1 - readinessProbe: - initialDelaySeconds: 240 - periodSeconds: 5 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -appengine: - install: true - - replicaCount: 1 - - probes: - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 5 - failureThreshold: 3 - - images: - appEngine: us.icr.io//solution-server:19.0.2 - tlsInitContainer: us.icr.io//dba-keytool-initcontainer:19.0.2 - dbJob: us.icr.io//solution-server-helmjob-db:19.0.2 - oidcJob: us.icr.io//dba-umsregistration-initjob:19.0.2 - dbcompatibilityInitContainer: us.icr.io//dba-dbcompatibility-initcontainer:19.0.2 - pullPolicy: Always - - tls: - tlsSecretName: ae-tls-secret - tlsTrustList: [] - - database: - name: APPDB - host: - port: - type: db2 - currentSchema: DBASB - initialPoolSize: 1 - maxPoolSize: 10 - uvThreadPoolSize: 4 - maxLRUCacheSize: 1000 - maxLRUCacheAge: 600000 - - # Toggle for custom JDBC drivers - useCustomJDBCDrivers: false - - adminSecretName: ae-secret-credential - - logLevel: - node: trace - browser: 2 - - contentSecurityPolicy: - enable: false - whitelist: "" - - session: - duration: "1800000" - resave: "false" - rolling: "true" - saveUninitialized: "false" - useExternalStore: "false" - - redis: - host: localhost - port: 6379 - ttl: 1800 - - maxAge: - staticAsset: "2592000" - csrfCookie: "3600000" - authCookie: "900000" - - env: - serverEnvType: development - maxSizeLRUCacheRR: 1000 - - resources: - ae: - limits: - cpu: 1500m - memory: 1024Mi - requests: - cpu: 1 - memory: 512Mi - initContainer: - limits: - cpu: 500m - memory: 256Mi - requests: - cpu: 200m - memory: 128Mi - - autoscaling: - enabled: false - minReplicas: 2 - maxReplicas: 5 - targetAverageUtilization: 80 - -resourceRegistry: - install: true - - # Private images for resource registry - images: - resourceRegistry: us.icr.io//dba-etcd:19.0.2 - keytoolInitcontainer: us.icr.io//dba-keytool-initcontainer:19.0.2 - pullPolicy: Always - - # TLS configurations - tls: - tlsSecretName: rr-tls-secret - - # Resource registry cluster size - replicaCount: 1 - - # RR Resource config - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 200m - memory: 256Mi - - # data persistence config - persistence: - enabled: false - useDynamicProvisioning: true - storageClassName: "manual" - accessMode: "ReadWriteOnce" - size: 3Gi - - livenessProbe: - enabled: true - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 - successThreshold: 1 - - readinessProbe: - enabled: true - initialDelaySeconds: 15 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - - logLevel: info -``` -**2. Generate and customize the deployment YAML files:** - -a.Generate the output folder: -```console -mkdir yamls -``` -b.Generate the deployment YAML Files into the created folder: - -```console -helm template --name --namespace --output-dir ./yamls -f bas-values.yaml ibm-dba-bas-prod-1.0.0.tgz -``` -**3. Move to the bas-yamls folder. Remove the test folders:** -```console - rm -rf ./yamls/ibm-dba-bas-prod/charts/appengine/templates/tests - rm -rf ./yamls/ibm-dba-bas-prod/charts/baStudio/templates/tests - rm -rf ./yamls/ibm-dba-bas-prod/charts/resourceRegistry/templates/tests - rm -rf ./yamls/ibm-dba-bas-prod/templates/tests -``` - -**4. Apply the YAML definitions by running the following command:** -```console -kubectl apply -R -f ./yamls -``` - Your output should look similar to the following output: - -```console -job.batch/aa-ibm-dba-ae-db-init-707 created -configmap/aa-ibm-dba-ae-env created -configmap/aa-ibm-dba-ae-file created -job.batch/aa-ibm-dba-ae-oidc-641 created -poddisruptionbudget.policy/aa-ibm-dba-ae-pdb-deployment-605 created -deployment.apps/aa-ibm-dba-ae-deployment created -serviceaccount/aa-ibm-dba-ae-deployment-access created -networkpolicy.networking.k8s.io/aa-ibm-dba-ae-db-init created -networkpolicy.networking.k8s.io/aa-ibm-dba-ae-npolicy-all created -networkpolicy.networking.k8s.io/aa-ibm-dba-ae-npolicy-deployment created -networkpolicy.networking.k8s.io/aa-ibm-dba-ae-npolicy-oidc created -networkpolicy.networking.k8s.io/aa-ibm-dba-ae-npolicy-test created -service/aa-ibm-dba-ae-service created -job.batch/aa-bastudio-bootstrap created -configmap/aa-bastudio-config created -deployment.apps/aa-bastudio-deployment created -service/aa-bastudio-jms-service created -statefulset.apps/aa-bastudio-jms created -job.batch/aa-bastudio-ltpa-395 created -secret/aa-bastudio-ltpa created -job.batch/aa-bastudio-oidc-127 created -poddisruptionbudget.policy/aa-bastudio-pdb-deployment-719 created -service/aa-bastudio-service created -poddisruptionbudget.policy/aa-bastudio-pdb-jms-107 created -role.rbac.authorization.k8s.io/aa-bastudio-init created -rolebinding.rbac.authorization.k8s.io/aa-bastudio-init created -serviceaccount/aa-bastudio-init created -networkpolicy.networking.k8s.io/aa-bastudio-npolicy-bas created -networkpolicy.networking.k8s.io/aa-bastudio-npolicy-bootstrap created -networkpolicy.networking.k8s.io/aa-bastudio-npolicy-default created -networkpolicy.networking.k8s.io/aa-bastudio-npolicy-jms created -networkpolicy.networking.k8s.io/aa-bastudio-npolicy-ltpa created -networkpolicy.networking.k8s.io/aa-bastudio-npolicy-oidc created -networkpolicy.networking.k8s.io/aa-bastudio-npolicy-test created -networkpolicy.networking.k8s.io/aa-bastudio-npolicy-upgrade created -serviceaccount/aa-bastudio-bastudio-sa created -poddisruptionbudget.policy/aa-resource-registry-pdb-516 created -service/aa-resource-registry-headless created -configmap/aa-resource-registry-script created -service/aa-resource-registry-service created -statefulset.apps/aa-resource-registry-server created -networkpolicy.networking.k8s.io/aa-resource-registry-npolicy-default created -networkpolicy.networking.k8s.io/aa-resource-registry-npolicy-test created -networkpolicy.networking.k8s.io/aa-resource-registry-networkpolicy created -serviceaccount/aa-resource-registry-sa created -networkpolicy.networking.k8s.io/aa-ibm-dba-base-npolicy-default created -networkpolicy.networking.k8s.io/aa-ibm-dba-base-npolicy-test created -serviceaccount/aa-ibm-dba-base-base-sa created -``` - -## Creating the Navigator service and configuring its UMS -1. Create the Navigator service on Redhat Openshift on IBM Cloud: -* /~https://github.com/icp4a/cert-kubernetes/blob/19.0.1/NAVIGATOR/platform/README_Eval_ROKS.md - -2. Configure it to connect to UMS: -* https://www.ibm.com/support/pages/node/1073240 - -3. Configure it to work with App Engine and IBM Business Automation Workflow using the following instructions: -* [Configuring App Engine with IBM Business Automation Navigator](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_basconfig_ban.html) -* [Publishing apps](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.bas/topics/tsk_bas_publishapps.html) -* [Configuring IBM Business Automation Studio with IBM Business Automation Workflow](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_basconfig_baw.html) - -## References -* /~https://github.com/icp4a/cert-kubernetes/blob/master/AAE/README.md -* /~https://github.com/icp4a/cert-kubernetes/blob/master/UMS/platform/README-ROKS.md -* /~https://github.com/icp4a/cert-kubernetes/blob/master/BAS/README.md -* https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_prepare_bas.html -* https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_install_bas.html - diff --git a/CONTENT/README.md b/CONTENT/README.md deleted file mode 100644 index 8745611e..00000000 --- a/CONTENT/README.md +++ /dev/null @@ -1,32 +0,0 @@ -# Deploy FileNet Content Manager - -IBM® FileNet® Content Manager V5.5 digitizes content and manages the content lifecycle by enabling users to focus on their work and collaborate within the enterprise and with external business partners. - -IBM FileNet Content Manager offers enterprise-level scalability and flexibility to handle the most demanding content challenges, the most complex business processes, and integration to all your existing systems. FileNet P8 is a reliable, scalable, and highly available enterprise platform that enables you to capture, store, manage, secure, and process information to increase operational efficiency and lower total cost of ownership. FileNet P8 enables you to streamline and automate business processes, access and manage all forms of content, and automate records management to help meet compliance needs. - -For more information see [FileNet Content Manager in the Knowledge Center](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.offerings/topics/con_cm.html) - -## Requirements and Prerequisites - -Perform the following tasks to prepare to deploy your FileNet Content Manager images on Kubernetes: - -- Prepare your Kubernetes environment. See [Preparing to install automation containers on Kubernetes](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_prepare_env_k8s.html) - -- Download the PPA. Refer to the top repository [readme](../README.md) to find instructions on how to push and tag the product container images to your Docker registry. - -- Prepare your FileNet Content Manager environment. These procedures include setting up databases, LDAP, storage, and configuration files that are required for use and operation. If you plan to use the YAML file method, you also create YAML files that include the applicable parameter values for your deployment. You must complete all of the [preparation steps for FileNet Content Manager](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_prepare_ecmk8s.html) before you are ready to deploy the container images. - -- If you want to deploy additional optional containers, prepare the requirements that are specific to those containers. For details see the following information: - - [Configuring external share for containers](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_ecmexternalsharek8s.html) - - [Technology Preview: Getting started with the Content Services GraphQL API](http://www.ibm.com/support/docview.wss?uid=ibm10883630) - -## Deploying - -You can deploy your container images with the following methods: - -- [Using Helm charts](helm-charts/README.md) -- [Using Kubernetes YAML](k8s-yaml/README.md) - -## Completing post deployment configuration - -After you deploy your container images, you perform some required and some optional steps to get your FileNet Content Manager environment up and running. For detailed instructions, see [Completing post deployment tasks for IBM FileNet Content Manager](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_deploy_postecmdeployk8s.html) diff --git a/CONTENT/configuration/CMIS/configDropins/overrides/ldap_AD.xml b/CONTENT/configuration/CMIS/configDropins/overrides/ldap_AD.xml deleted file mode 100644 index c8fa5155..00000000 --- a/CONTENT/configuration/CMIS/configDropins/overrides/ldap_AD.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - - - diff --git a/CONTENT/configuration/CMIS/configDropins/overrides/ldap_TDS.xml b/CONTENT/configuration/CMIS/configDropins/overrides/ldap_TDS.xml deleted file mode 100644 index 6c9610d4..00000000 --- a/CONTENT/configuration/CMIS/configDropins/overrides/ldap_TDS.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - diff --git a/CONTENT/configuration/CPE/configDropins/overrides/DB2JCCDriver.xml b/CONTENT/configuration/CPE/configDropins/overrides/DB2JCCDriver.xml deleted file mode 100644 index 937c2ce0..00000000 --- a/CONTENT/configuration/CPE/configDropins/overrides/DB2JCCDriver.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - - - - diff --git a/CONTENT/configuration/CPE/configDropins/overrides/GCD.xml b/CONTENT/configuration/CPE/configDropins/overrides/GCD.xml deleted file mode 100644 index b51f5026..00000000 --- a/CONTENT/configuration/CPE/configDropins/overrides/GCD.xml +++ /dev/null @@ -1,29 +0,0 @@ - - - - - - - - - - - - - - - - diff --git a/CONTENT/configuration/CPE/configDropins/overrides/GCD_HADR.xml b/CONTENT/configuration/CPE/configDropins/overrides/GCD_HADR.xml deleted file mode 100644 index 30365e42..00000000 --- a/CONTENT/configuration/CPE/configDropins/overrides/GCD_HADR.xml +++ /dev/null @@ -1,35 +0,0 @@ - - - - - - - - - - - - - - diff --git a/CONTENT/configuration/CPE/configDropins/overrides/GCD_Oracle.xml b/CONTENT/configuration/CPE/configDropins/overrides/GCD_Oracle.xml deleted file mode 100644 index d8488a5f..00000000 --- a/CONTENT/configuration/CPE/configDropins/overrides/GCD_Oracle.xml +++ /dev/null @@ -1,21 +0,0 @@ - - - - - - - - - - - - - - - diff --git a/CONTENT/configuration/CPE/configDropins/overrides/OraJDBCDriver.xml b/CONTENT/configuration/CPE/configDropins/overrides/OraJDBCDriver.xml deleted file mode 100644 index aa2cffb9..00000000 --- a/CONTENT/configuration/CPE/configDropins/overrides/OraJDBCDriver.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - - - - - diff --git a/CONTENT/configuration/CPE/configDropins/overrides/ldap_AD.xml b/CONTENT/configuration/CPE/configDropins/overrides/ldap_AD.xml deleted file mode 100644 index c8fa5155..00000000 --- a/CONTENT/configuration/CPE/configDropins/overrides/ldap_AD.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - - - diff --git a/CONTENT/configuration/CPE/configDropins/overrides/ldap_TDS.xml b/CONTENT/configuration/CPE/configDropins/overrides/ldap_TDS.xml deleted file mode 100644 index e5725463..00000000 --- a/CONTENT/configuration/CPE/configDropins/overrides/ldap_TDS.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - diff --git a/CONTENT/configuration/CSS/CSS_Server_data/sslkeystore/cssSelfsignedServerStore b/CONTENT/configuration/CSS/CSS_Server_data/sslkeystore/cssSelfsignedServerStore deleted file mode 100644 index caa84df6b2f52eb016b94d225da6324cc9984b9c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2231 zcmcgtc{tPy7oOkDn8KJWW&4b^Xk;1NkSy7fWVuYpZWtuSGRii>SZAzbDSa6vN|r1k zlPz^q)=SnXkt~xX##V^ye$V~xz0dRg|NU|Pc;EA!=Q-y+=XuZm^8PXi1Oguh@Sosy zClZNxUr*vSF9P1f&G(uc@i65QcpBLb0@8TN|hyl4_EzM0x zo;X5IY)ss<#5t{i>)e6bs1-tWWufQ%!rJ`8hFkb(w9KS&eYlOJ#%poaa>IK2TODFS zK2Dmuy{5B%ugh(9Pi~83Gc26_4wAUg`l+U6tk7fDmd?BEU5F9p8-lc}l$op2{TL29 z=TzLD@u%l@FAMc(nLlWACYyCy-42^Xu9J?bY)vs_CZw>oGLhzAwAg)ME5JP87$iTP z7NGMjTOcu&TT>@!?sIg3N^m1#BfMwbvqG-DwLzD0EoMWOG}!9Svta%y=DLw`a-V+` ze%9CVTh75`7@t!_$*P1)3aSwV7IrValb?(LPPp6X;#?WAy$uK#gK59OrO;!PW~aKv zSM=@GDbjCe@FH^u_N;x#u(W+Fzy z$MjTYU)kzdGX&fE!5b_TW%PN`QP+EiYR{eY5v|oRW)4cNxETuof8V{>=)Tt3_^tM&<+j!i8 zfA`~G!Y&FALST=+C*DWKDtL+p7kUk`UfH5#-Y~Td`xHo6nDk09@3Su-U{NEI4ckda z>3M>B6FsYDCYs;bvI7wql9Jt+UZ^_fai+-ic_T(l z#9VAZCEMHz+F3@(a;4iKwuG9B&n#2t;pC6178R_=d=>5V8bKE2V-o(lmF;fL_Ui*> zj{SiiD;ZbAyiQb>U!+@IMq0|dqF{~o@z%(tRIq`=x4O=Lt?HA0ZACGeB~*(wAF0cIQCLi*e;{2}N$x*nXx8=HgnW^a4X03Q_(8F_fXMC%} zRY{U^4uE%p3~$%mNI!pY+9!A_J59LLe_SP`=A!N9BT#%KcBK6|+nfdWO6d!<7FVd5 zZDWEj@p(-?q7OC9zruYLYg4*A51Hgu$iUNynq2|U=y9_Qs;oISC~L39>B8N<(>s*~ zOMA5D5-*+_+$K?XR4QsgR7C%3X-2>1Q-Z~fxBOMWidC_eUDxuhBT@OLO2uY&%xD*9 zq@9{nxAGVeGQDO4o-I}13~JW@syZ-3Db;+}EBk>EpBuXNa&g&EUljFL&+=D3#QMHg z;)C{srl*QpuW~bkr#O6oPM0ituZK$EN6}yVWxb*6w47FU$~xgh8)E|hViFp7ak0Q* zGA?`}8;)D8E&a@_T-llbe1+mYMex0? z_CL%L0I}IAsG-k-KoEB{8RCK_gN+LzU;qq;TIlV&qPbw~vI!Rxwz&X+lMRG+RpLH$ zOvn`|jPJ-5!gYdw2;slX(f?tN{LR489Dh`C@Ig%U&6NH`oO}=?gTD}j4`N_#jTRN) zQc_n!t0;<@#525neKjHtO12Q1_&#@1m0)z}41EI+P2bc^1p!&z~31BU8 zddCM<(TFDUDyL=1Z1iCa&n=V`3`OX!Y=~Zew(jDa=^gTs!wcu+UV#G1o4$VE=S%hY zVH+TDlQiT*J0}787`8M$X3U)^+ETc6P+HHpA4w?CIFI)?ZZ6jUB~>+-H_mCXv_Fl% zEHeB@8@b~M`<<#DuZ&C7DUAxjiSK*OKMN8XW{2mD#REd>UgT#NUTC0Tar4ejtB%qX zM!ji(n~>!gCbl!H7Pb^ARE1(aYNj^UnM5UyTb9|tEKnCk@zAHWBN%pbP&L@$hyIMFc=R$Olo5vZ+t9byI;J?y~Xw zMI?O$XGb#E`*2788?@B4WVC9?iM_ixb{MYw^p_J4mwJYK^^OrS^B%b&S?q0<5>}Y# z**LGSJ`%_G=fANDd*cSK>X~-2eRBV7zP8-1&vPxeSUt!u7oL=-9i_r!UD)(>s9dE% zUnZDmq@6RoIkts9ercaHewLR~Ln!k)W`x49VSe13@h6857fZ{CeO2Dpn^RFG=>_tXT`wk0y6_u4!#`vqM%8f34}&G=cf;RfCoj9^ zbHC=1v{Y69VEd9PmDMf|39S^5i+{gtX(fxyW*YTdjZx*q%*9R1>b*mEn&ztK)5?Db D1:/" -��� ], -��� "resource_ids": [], -��� "functional_user_groupIds": [], -��� "client_id": "contentServicesUms", -��� "client_secret": "password", -��� "client_name": "Content Services UMS", -��� "redirect_uris": [ -������� "https://:/oidcclient/redirect/ContentServicesUms" -��� ], -��� "allow_regexp_redirects": true -} \ No newline at end of file diff --git a/CONTENT/configuration/ContentGraphQL/configDropins/overrides/ldap_AD.xml b/CONTENT/configuration/ContentGraphQL/configDropins/overrides/ldap_AD.xml deleted file mode 100644 index 7b589dab..00000000 --- a/CONTENT/configuration/ContentGraphQL/configDropins/overrides/ldap_AD.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - - - diff --git a/CONTENT/configuration/ContentGraphQL/configDropins/overrides/ldap_TDS.xml b/CONTENT/configuration/ContentGraphQL/configDropins/overrides/ldap_TDS.xml deleted file mode 100644 index cb1a51e4..00000000 --- a/CONTENT/configuration/ContentGraphQL/configDropins/overrides/ldap_TDS.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - diff --git a/CONTENT/configuration/README.md b/CONTENT/configuration/README.md deleted file mode 100644 index 1e35831a..00000000 --- a/CONTENT/configuration/README.md +++ /dev/null @@ -1,16 +0,0 @@ -# Configuration - -The configuration directory provides sample files for deployment settings and application configuration settings. - -Follow the instructions in [Preparing for FileNet Content Manager](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_18.0.x/com.ibm.dba.install/k8s_topics/tsk_prepare_ecmk8s.html) to set up the following environment elements: - -- LDAP -- Databases -- Configuration files for LDAP and Databases -- YAML files (for YAML deployments) - -The configuration directories also include samples for additional containers. For details, see the following information: - - [Configuring external share for containers](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_ecmexternalsharek8s.html) - - [Technology Preview: Getting started with the Content Services GraphQL API](http://www.ibm.com/support/docview.wss?uid=ibm10883630) - - diff --git a/CONTENT/configuration/extShare/configDropins/overrides/DB2JCCDriver.xml b/CONTENT/configuration/extShare/configDropins/overrides/DB2JCCDriver.xml deleted file mode 100644 index 937c2ce0..00000000 --- a/CONTENT/configuration/extShare/configDropins/overrides/DB2JCCDriver.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - - - - diff --git a/CONTENT/configuration/extShare/configDropins/overrides/OraJDBCDriver.xml b/CONTENT/configuration/extShare/configDropins/overrides/OraJDBCDriver.xml deleted file mode 100644 index aa2cffb9..00000000 --- a/CONTENT/configuration/extShare/configDropins/overrides/OraJDBCDriver.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - - - - - diff --git a/CONTENT/configuration/extShare/configDropins/overrides/ldapExt.xml b/CONTENT/configuration/extShare/configDropins/overrides/ldapExt.xml deleted file mode 100644 index 65ed740c..00000000 --- a/CONTENT/configuration/extShare/configDropins/overrides/ldapExt.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - - - - - diff --git a/CONTENT/configuration/extShare/configDropins/overrides/ldap_AD.xml b/CONTENT/configuration/extShare/configDropins/overrides/ldap_AD.xml deleted file mode 100644 index 0326dc4d..00000000 --- a/CONTENT/configuration/extShare/configDropins/overrides/ldap_AD.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - - - diff --git a/CONTENT/configuration/extShare/configDropins/overrides/ldap_TDS.xml b/CONTENT/configuration/extShare/configDropins/overrides/ldap_TDS.xml deleted file mode 100644 index 6c9610d4..00000000 --- a/CONTENT/configuration/extShare/configDropins/overrides/ldap_TDS.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - diff --git a/CONTENT/helm-charts/README.md b/CONTENT/helm-charts/README.md deleted file mode 100644 index 6dae3cd0..00000000 --- a/CONTENT/helm-charts/README.md +++ /dev/null @@ -1,324 +0,0 @@ -# Deploying with Helm charts - -> **NOTE**: This procedure covers a Helm chart deployment on certified Kubernetes. To deploy the Enterprise Content Management products on IBM Cloud Private 3.1.2, you must use the Business Automation Configuration Container. - -## Requirements and Prerequisites - -Ensure that you have completed the following tasks: - -- [Preparing FileNet environment](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_prepare_ecmk8s.html) - -- [Preparing your Kubernetes server with Kubernetes, Helm Tiller, and the Kubernetes command line](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_prepare_env_k8s.html) - -- [Downloading the PPA archive](../../README.md) - -The Helm commands for deploying the FileNet Content Manager images include a number of required command parameters for specific environment and configuration settings. Review the reference topics for these parameters and determine the values for your environment as part of your preparation: - -- [Content Platform Engine Helm command parameters](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_cm_cpeparamsk8s_helm.html) - -- [Content Search Services Helm command parameters](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_cm_cssparamsk8s_helm.html) - -- [Content Management Interoperability Services Helm command parameters](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_cm_cmisparamsk8s_helm.html) - -## Tips: - -- On Openshift, an expired Docker secret can cause errors during deployment. If an admin.registry key already exists and has expired, delete the key with the following command: - ```console - kubectl delete secret admin.registrykey -n - ``` - Then generate a new Docker secret with the following command: - ```console - kubectl create secret docker-registry admin.registrykey --docker-server= --docker-username= --docker-password=$(oc whoami -t) --docker-email=ecmtest@ibm.com -n - ``` - - -## Initializing the command line interface -Use the following commands to initialize the command line interface: -1. Run the init command: - ```$ helm init --client-only ``` -2. Check whether the command line can connect to the remote Tiller server: - ```console - $ helm version - Client: &version.Version{SemVer:"v2.9.1", GitCommit:"f6025bb9ee7daf9fee0026541c90a6f557a3e0bc", GitTreeState:"clean"} - Server: &version.Version{SemVer:"v2.9.1", GitCommit:"f6025bb9ee7daf9fee0026541c90a6f557a3e0bc", GitTreeState:"clean"} - ``` - -## Deploying images -Provide the parameter values for your environment and run the command to deploy the image. - > **Tip**: Copy the sample command to a file, edit the parameter values, and use the updated command for deployment. - > **Tip**: The values that are provided for 'resources' inside helm commands are examples only. Each deployment must take into account the demands that their particular workload will place on the system and adjust values accordingly. - -For deployments on Red Hat OpenShift, note the following considerations for whether you want to use the Arbitrary UID capability in your environment: - -- If you don't want to use Arbitrary UID capability in your Red Hat OpenShift environment, deploy the images as described in the following sections. - -- If you do want to use Arbitrary UID, prepare for deployment by checking and if needed editing your Security Context Constraint: - - Set the desired user id range of minimum and maximum values for the project namespace: - - ```$ oc edit namespace ``` - - For the uid-range annotation, verify that a value similar to the following is specified: - - ```$ openshift.io/sa.scc.uid-range=1000490000/10000 ``` - - This range is similar to the default range for Red Hat OpenShift. - - - Remove authenticated users from anyuid (if set): - - ```$ oc adm policy remove-scc-from-group anyuid system:authenticated ``` - - - Update the runAsUser value. - Find the entry: - - ``` - $ oc get scc -o yaml - runAsUser: - type: RunAsAny - ``` - - Update the value: - - ``` - $ oc get scc -o yaml - runAsUser: - type: MustRunAsRange - ``` -To deploy Content Platform Engine: - - ```console - $ helm install ibm-dba-contentservices-3.1.0.tgz --name dbamc-cpe --namespace dbamc --set cpeProductionSetting.license=accept,cpeProductionSetting.JVM_INITIAL_HEAP_PERCENTAGE=18,cpeProductionSetting.JVM_MAX_HEAP_PERCENTAGE=33,service.externalmetricsPort=9103,cpeProductionSetting.licenseModel=FNCM.CU,dataVolume.existingPVCforCPECfgstore=cpe-cfgstore,dataVolume.existingPVCforCPELogstore=cpe-logstore,dataVolume.existingPVCforFilestore=cpe-filestore,dataVolume.existingPVCforICMrulestore=cpe-icmrulesstore,dataVolume.existingPVCforTextextstore=cpe-textextstore,dataVolume.existingPVCforBootstrapstore=cpe-bootstrapstore,dataVolume.existingPVCforFNLogstore=cpe-fnlogstore,autoscaling.enabled=False,resources.requests.cpu=1,replicaCount=1,image.repository=:/dbamc/cpe,image.tag=ga-553-p8cpe,cpeProductionSetting.gcdJNDIName=FNGDDS,cpeProductionSetting.gcdJNDIXAName=FNGDDSXA - ``` -Replace with the correct registry URL, for example, docker-registry.default.svc. - -To deploy Content Search Services: - - ```console - $ helm install ibm-dba-contentsearch-3.1.0.tgz --name dbamc-css --namespace dbamc --set cssProductionSetting.license=accept,service.name=csssvc,service.externalSSLPort=8199,cssProductionSetting.JVM_INITIAL_HEAP_PERCENTAGE=38,cssProductionSetting.JVM_MAX_HEAP_PERCENTAGE=50,service.externalmetricsPort=9103,dataVolume.existingPVCforCSSCfgstore=css-cfgstore,dataVolume.existingPVCforCSSLogstore=css-logstore,dataVolume.existingPVCforCSSTmpstore=css-tempstore,dataVolume.existingPVCforIndex=css-indexstore,dataVolume.existingPVCforCSSCustomstore=css-customstore,resources.limits.memory=7Gi,image.repository=:/dbamc/css,image.tag=ga-553-p8css,imagePullSecrets.name=admin.registrykey - ``` - Replace with the correct registry URL, for example, docker-registry.default.svc. - -Some environments require multiple Content Search Services deployments. To deploy multiple Content Search Services instances, specify a unique release name and service name, and a new set of persistent volumes and persistent volume claims (PVs and PVCs). The example below shows a deployment using a new release name `dbamc-css2`, a new service name `csssvc2`, and a new set of persistent volumes `css2-cfgstore`, `css2-logstore`, `css2-tempstore`, and `css2-customstore`. You must use the same persistent volume for the indexstore because multiple Content Search Services deployments must access the same set of index collections. However, it is recommended that the other persistent volumes be unique. - - ```console - $ helm install ibm-dba-contentsearch-3.1.0.tgz --name dbamc-css2 --namespace dbamc --set cssProductionSetting.license=accept,service.externalSSLPort=8199,service.externalmetricsPort=9103,service.name=csssvc2,cssProductionSetting.JVM_INITIAL_HEAP_PERCENTAGE=38,cssProductionSetting.JVM_MAX_HEAP_PERCENTAGE=50,dataVolume.existingPVCforCSSCfgstore=css2-cfgstore,dataVolume.existingPVCforCSSLogstore=css2-logstore,dataVolume.existingPVCforCSSTmpstore=css2-tempstore,dataVolume.existingPVCforIndex=css-indexstore,dataVolume.existingPVCforCSSCustomstore=css2-customstore,resources.limits.memory=7Gi,image.repository=:/dbamc/css,image.tag=ga-553-p8css,imagePullSecrets.name=admin.registrykey - ``` - - Replace with correct registry URL, for example, docker-registry.default.svc. - - - To deploy Content Management Interoperability Services: - - ```console - $ helm install ibm-dba-cscmis-1.8.0.tgz --name dbamc-cmis --namespace dbamc --set cmisProductionSetting.license=accept,cmisProductionSetting.JVM_INITIAL_HEAP_PERCENTAGE=40,cmisProductionSetting.JVM_MAX_HEAP_PERCENTAGE=66,service.externalmetricsPort=9103,dataVolume.existingPVCforCMISCfgstore=cmis-cfgstore,dataVolume.existingPVCforCMISLogstore=cmis-logstore,autoscaling.enabled=False,replicaCount=1,imagePullSecrets.name=admin.registrykey,image.repository=:/dbamc/cmis,image.tag=ga-304-cmis-if007,cmisProductionSetting.cpeUrl=http://10.0.0.110:9080/wsi/FNCEWS40MTOM - ``` -Replace with correct registry URL, for example, docker-registry.default.svc. - -> **Reminder**: After you deploy, return to the instructions in the Knowledge Center, [Completing post deployment tasks for IBM FileNet Content Manager](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_deploy_postecmdeployk8s.html), to get your FileNet Content Manager environment up and running - -## Deploying the External Share container - -If you want to optionally include the external share capability in your environment, you also configure and deploy the External Share container. - -Ensure that you have completed the all of the preparation steps for deploying the External Share container: [Configuring external share for containers](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_ecmexternalsharek8s.html) - -For deployments on Red Hat OpenShift, note the following considerations for whether you want to use the Arbitrary UID capability in your environment: - -- If you don't want to use Arbitrary UID capability in your Red Hat OpenShift environment, deploy the images as described in the following sections. - -- If you do want to use Arbitrary UID, prepare for deployment by checking and if needed editing your Security Context Constraint to set the desired user id range of minimum and maximum values for the project namespace: - ```$ oc edit namespace ``` - - For the uid-range annotation, verify that a value similar to the following is specified: - ```$ openshift.io/sa.scc.uid-range=1000490000/10000 ``` - This range is similar to the default range for Red Hat OpenShift. - - You can also remove authenticated users: - ```$ oc adm policy remove-scc-from-group anyuid system:authenticated ``` - - -To deploy the External Share container: - - ``` - $ helm install ibm-dba-extshare-prod-3.0.1.tgz --name dbamc-es --namespace dbamc --set esProductionSetting.license=accept,esProductionSetting.JVM_INITIAL_HEAP_PERCENTAGE=40,esProductionSetting.JVM_MAX_HEAP_PERCENTAGE=66,service.externalmetricsPort=9103,dataVolume.existingPVCforESCfgstore=es-cfgstore,dataVolume.existingPVCforESLogstore=es-logstore,autoscaling.enabled=False,replicaCount=1,imagePullSecrets.name=admin.registrykey,image.repository=:/dbamc/extshare,image.tag=ga-306-es,esProductionSetting.esDBType=db2,esProductionSetting.esJNDIDSName=ECMClientDS,esProductionSetting.esSChema=ICNDB,esProductionSetting.esTableSpace=ICNDBTS,esProductionSetting.esAdmin=ceadmin - ``` - - Replace with correct registry URL, for example, docker-registry.default.svc. - -## Deploying the Technology Preview: Content Services GraphQL API container -If you want to use the Content Services GraphQL API container, follow the instructions in the Getting Started technical notice: [Technology Preview: Getting started with Content Services GraphQL API](http://www.ibm.com/support/docview.wss?uid=ibm10883630) - -To deploy the ContentGraphQL Container: - - ``` - $ helm install ibm-dba-contentrestservice-dev-3.1.0.tgz --name dbamc-crs --namespace dbamc --set crsProductionSetting.license=accept,crsProductionSetting.JVM_INITIAL_HEAP_PERCENTAGE=40,crsProductionSetting.JVM_MAX_HEAP_PERCENTAGE=66,service.externalmetricsPort=9103,dataVolume.existingPVCforCfgstore=crs-icp-cfgstore,dataVolume.existingPVCforCfglogs=crs-icp-logs,autoscaling.enabled=False,replicaCount=1,imagePullSecrets.name=admin.registrykey,image.repository=:/dbamc/crs,image.tag=5.5.3,crsProductionSetting.cpeUri=https://:/wsi/FNCEWS40MTOM - ``` - Replace with correct registry URL, for example, docker-registry.default.svc. - Replace : with the FileNet Content Engine application host and Port. - - - -## Upgrading deployments - > **Tip**: You can discover the necessary resource values for the deployment from corresponding product deployments in IBM Cloud Private Console and Openshift Container Platform. - -### Before you begin -Before you run the upgrade commands, you must prepare the environment for upgrades by updating permissions on your persistent volumes. Depending on your starting version you might also need to create or update volumes and folders for Content Search Services and Content Management Interoperability Services. Complete the preparation steps in the following topic before you start the upgrade: [Upgrading Content Manager releases](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.upgrading/topics/tsk_cm_upgrade.htm) - -For an upgrade to the External share container, complete the 19.0.2 preparation steps for External Share PV and PVC updates in the following topic before you start the upgrade: [Upgrading Content Manager releases](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.upgrading/topics/tsk_cm_upgrade.htm) - -You must also [download the PPA archive](../../README.md) before you begin the upgrade process. - -### Upgrading on Red Hat OpenShift - -For upgrades on Red Hat OpenShift, note the following considerations when you want to use the Arbitrary UID capability in your updated environment: - -- If you don't want to use Arbitrary UID capability in your Red Hat OpenShift environment, use the instructions in Upgrading on certified Kubernetes. - -- If you do want to use Arbitrary UID, use the following steps to prepare for the upgrade: - -1. Check and if necessary edit your Security Context Constraint to set desired user id range of minimum and maximum values for the project namespace: - - Set the desired user id range of minimum and maximum values for the project namespace: - - ```$ oc edit namespace ``` - - For the uid-range annotation, verify that a value similar to the following is specified: - - ```$ openshift.io/sa.scc.uid-range=1000490000/10000 ``` - - This range is similar to the default range for Red Hat OpenShift. - - - Remove authenticated users from anyuid (if set): - - ```$ oc adm policy remove-scc-from-group anyuid system:authenticated ``` - - - Update the runAsUser value. - Find the entry: - - ``` - $ oc get scc -o yaml - runAsUser: - type: RunAsAny - ``` - - Update the value: - - ``` - $ oc get scc -o yaml - runAsUser: - type: MustRunAsRange - ``` - -2. Stop all existing containers. - -3. Run the new install (instead of upgrade) commands for the containers. Update the commands provided to include the values for your existing environment. - -> **NOTE**: In this context, the install commands update the application. Updates for your existing data happen automatically when the updated applications start. - -To deploy Content Platform Engine: - - ```console - $ helm install ibm-dba-contentservices-3.1.0.tgz --name dbamc-cpe --namespace dbamc --set cpeProductionSetting.license=accept,cpeProductionSetting.JVM_INITIAL_HEAP_PERCENTAGE=18,cpeProductionSetting.JVM_MAX_HEAP_PERCENTAGE=33,service.externalmetricsPort=9103,cpeProductionSetting.licenseModel=FNCM.CU,dataVolume.existingPVCforCPECfgstore=cpe-cfgstore,dataVolume.existingPVCforCPELogstore=cpe-logstore,dataVolume.existingPVCforFilestore=cpe-filestore,dataVolume.existingPVCforICMrulestore=cpe-icmrulesstore,dataVolume.existingPVCforTextextstore=cpe-textextstore,dataVolume.existingPVCforBootstrapstore=cpe-bootstrapstore,dataVolume.existingPVCforFNLogstore=cpe-fnlogstore,autoscaling.enabled=False,resources.requests.cpu=1,replicaCount=1,image.repository=:/dbamc/cpe,image.tag=ga-553-p8cpe,cpeProductionSetting.gcdJNDIName=FNGDDS,cpeProductionSetting.gcdJNDIXAName=FNGDDSXA - ``` -Replace with correct registry URL, for example, docker-registry.default.svc. - -To deploy Content Search Services: - - ```console - $ helm install ibm-dba-contentsearch-3.1.0.tgz --name dbamc-css --namespace dbamc --set cssProductionSetting.license=accept,service.name=csssvc,service.externalSSLPort=8199,cssProductionSetting.JVM_INITIAL_HEAP_PERCENTAGE=38,cssProductionSetting.JVM_MAX_HEAP_PERCENTAGE=50,service.externalmetricsPort=9103,dataVolume.existingPVCforCSSCfgstore=css-cfgstore,dataVolume.existingPVCforCSSLogstore=css-logstore,dataVolume.existingPVCforCSSTmpstore=css-tempstore,dataVolume.existingPVCforIndex=css-indexstore,dataVolume.existingPVCforCSSCustomstore=css-customstore,resources.limits.memory=7Gi,image.repository=:/dbamc/css,image.tag=ga-553-p8css,imagePullSecrets.name=admin.registrykey - ``` - Replace with the correct registry URL, for example, docker-registry.default.svc. - - To deploy Content Management Interoperability Services: - - ```console - $ helm install ibm-dba-cscmis-1.8.0.tgz --name dbamc-cmis --namespace dbamc --set cmisProductionSetting.license=accept,cmisProductionSetting.JVM_INITIAL_HEAP_PERCENTAGE=40,cmisProductionSetting.JVM_MAX_HEAP_PERCENTAGE=66,service.externalmetricsPort=9103,dataVolume.existingPVCforCMISCfgstore=cmis-cfgstore,dataVolume.existingPVCforCMISLogstore=cmis-logstore,autoscaling.enabled=False,replicaCount=1,imagePullSecrets.name=admin.registrykey,image.repository=:/dbamc/cmis,image.tag=ga-304-cmis-if007,cmisProductionSetting.cpeUrl=http://10.0.0.110:9080/wsi/FNCEWS40MTOM - ``` -Replace with correct registry URL, for example, docker-registry.default.svc. - -To deploy the External Share container: - - ``` - $ helm install ibm-dba-extshare-prod-3.0.1.tgz --name dbamc-es --namespace dbamc --set esProductionSetting.license=accept,esProductionSetting.JVM_INITIAL_HEAP_PERCENTAGE=40,esProductionSetting.JVM_MAX_HEAP_PERCENTAGE=66,service.externalmetricsPort=9103,dataVolume.existingPVCforESCfgstore=es-cfgstore,dataVolume.existingPVCforESLogstore=es-logstore,autoscaling.enabled=False,replicaCount=1,imagePullSecrets.name=admin.registrykey,image.repository=:/dbamc/extshare,image.tag=ga-306-es,esProductionSetting.esDBType=db2,esProductionSetting.esJNDIDSName=ECMClientDS,esProductionSetting.esSChema=ICNDB,esProductionSetting.esTableSpace=ICNDBTS,esProductionSetting.esAdmin=ceadmin - ``` - - Replace with correct registry URL, for example, docker-registry.default.svc. - -### Upgrading on certified Kubernetes platforms (for non Arbitrary UID deployments) - -To upgrade Content Platform Engine: - -On Red Hat OpenShift: - -``` - helm upgrade ecm-helm-cpe ibm-dba-contentservices-3.1.0.tgz --reuse-values --set image.repository=docker-registry.default.svc:5000/{project}/cpe,image.tag=ga-553-p8cpe-if001,imagePullSecrets.name=admin.registrykey,log.format=json,cpeProductionSetting.jvmInitialHeapPercentage=18,cpeProductionSetting.jvmMaxHeapPercentage=33,service.externalmetricsPort=9103 -``` -On non-Red Hat OpenShift platforms: - -``` - helm upgrade ecm-helm-cpe ibm-dba-contentservices-3.1.0.tgz --reuse-values --tls --set image.repository=:/{namespace}/cpe,image.tag=ga-553-p8cpe-if001,imagePullSecrets.name=admin.registrykey,log.format=json,cpeProductionSetting.jvmInitialHeapPercentage=18,cpeProductionSetting.jvmMaxHeapPercentage=33,runAsUser=50001,service.externalmetricsPort=9103 -``` - - -Replace with correct registry URL, for example, docker-registry.default.svc - -To upgrade Content Search Services: - -On Red Hat OpenShift: - -``` - $ helm upgrade dbamc-css /helm-charts/ibm-dba-contentsearch-3.1.0.tgz --reuse-values --set image.repository=:/dbamc/css,image.tag=ga-553-p8css-if001,imagePullSecrets.name=admin.registrykey,resources.requests.cpu=500m,resources.requests.memory=512Mi,resources.limits.cpu=8,resources.limits.memory=8192Mi,log.format=json,dataVolume.nameforCSSCustomstore=custom-stor,dataVolume.existingPVCforCSSCustomstore=css-icp-customstore,service.,cssProductionSetting.JVM_INITIAL_HEAP_PERCENTAGE=38,cssProductionSetting.JVM_MAX_HEAP_PERCENTAGE=50,service.externalmetricsPort=9103 -``` - -On non-Red Hat OpenShift platforms: - -``` - $ helm upgrade dbamc-css /helm-charts/ibm-dba-contentsearch-3.1.0.tgz --reuse-values --set image.repository=:/dbamc/css,image.tag=ga-553-p8css,imagePullSecrets.name=admin.registrykey,resources.requests.cpu=500m,resources.requests.memory=512Mi,resources.limits.cpu=8,resources.limits.memory=8192Mi,log.format=json,dataVolume.nameforCSSCustomstore=custom-stor,dataVolume.existingPVCforCSSCustomstore=css-icp-customstore,runAsUser=50001,cssProductionSetting.JVM_INITIAL_HEAP_PERCENTAGE=38,cssProductionSetting.JVM_MAX_HEAP_PERCENTAGE=50,service.externalmetricsPort=9103 -``` - -Replace with correct registry URL, for example, docker-registry.default.svc. - -To upgrade Content Management Interoperability Services: - -On Red Hat OpenShift: - -``` - $ helm upgrade dbamc-cmis /helm-charts/ibm-dba-cscmis-1.8.0.tgz --reuse-values --set image.repository=:/dbamc/cmis,image.tag=ga-304-cmis-if007,imagePullSecrets.name=admin.registrykey,resources.requests.cpu=500m,resources.requests.memory=512Mi,resources.limits.cpu=1,resources.limits.memory=1024Mi,cmisProductionSetting.JVM_INITIAL_HEAP_PERCENTAGE=40,cmisProductionSetting.JVM_MAX_HEAP_PERCENTAGE=66,log.format=json,service.externalmetricsPort=9103 -``` -On non-Red Hat OpenShift platforms: - -``` - $ helm upgrade dbamc-cmis /helm-charts/ibm-dba-cscmis-1.8.0.tgz --reuse-values --set image.repository=:/dbamc/cmis,image.tag=ga-304-cmis-if007,imagePullSecrets.name=admin.registrykey,resources.requests.cpu=500m,resources.requests.memory=512Mi,resources.limits.cpu=1,resources.limits.memory=1024Mi,log.format=json,runAsUser=50001,cmisProductionSetting.JVM_INITIAL_HEAP_PERCENTAGE=40,cmisProductionSetting.JVM_MAX_HEAP_PERCENTAGE=66,service.externalmetricsPort=9103 -``` - -Replace with correct registry URL, for example, docker-registry.default.svc. - -To upgrade the External Share container: - -On Red Hat OpenShift: - - ``` - $ helm upgrade ibm-dba-extshare-prod-3.0.1.tgz --name dbamc-es --namespace dbamc --set esProductionSetting.license=accept,esProductionSetting.JVM_INITIAL_HEAP_PERCENTAGE=40,esProductionSetting.JVM_MAX_HEAP_PERCENTAGE=66,dataVolume.existingPVCforESCfgstore=es-cfgstore,dataVolume.existingPVCforESLogstore=es-logstore,autoscaling.enabled=False,replicaCount=1,imagePullSecrets.name=admin.registrykey,image.repository=:5000/dbamc/extshare,image.tag=ga-306-es,esProductionSetting.esDBType=db2,esProductionSetting.esJNDIDSName=ECMClientDS,esProductionSetting.esSChema=ICNDB,esProductionSetting.esTableSpace=ICNDBTS,esProductionSetting.esAdmin=ceadmin,service.externalmetricsPort=9103 - ``` - -On non-Red Hat OpenShift platforms: - - ``` - $ helm upgrade ibm-dba-extshare-prod-3.0.1.tgz --name dbamc-es --namespace dbamc --set esProductionSetting.license=accept,esProductionSetting.JVM_INITIAL_HEAP_PERCENTAGE=40,esProductionSetting.JVM_MAX_HEAP_PERCENTAGE=66,dataVolume.existingPVCforESCfgstore=es-cfgstore,dataVolume.existingPVCforESLogstore=es-logstore,autoscaling.enabled=False,replicaCount=1,imagePullSecrets.name=admin.registrykey,image.repository=:5000/dbamc/extshare,image.tag=ga-306-es,esProductionSetting.esDBType=db2,esProductionSetting.esJNDIDSName=ECMClientDS,esProductionSetting.esSChema=ICNDB,esProductionSetting.esTableSpace=ICNDBTS,esProductionSetting.esAdmin=ceadmin,runAsUser=50001,service.externalmetricsPort=9103 - ``` - - Replace with correct registry URL, for example, docker-registry.default.svc. - - - -## Uninstalling a Kubernetes release of FileNet Content Manager - -To uninstall and delete a release named `my-cpe-prod-release`, use the following command: - -```console -$ helm delete my-cpe-prod-release --purge --tls -``` - -The command removes all the Kubernetes components associated with the release, except any Persistent Volume Claims (PVCs). This is the default behavior of Kubernetes, and ensures that valuable data is not deleted. To delete the persisted data of the release, you can delete the PVC using the following command: - -```console -$ kubectl delete pvc my-cpe-prod-release-cpe-pvclaim -``` diff --git a/CONTENT/helm-charts/ibm-dba-contentrestservice-dev-3.0.0.tgz b/CONTENT/helm-charts/ibm-dba-contentrestservice-dev-3.0.0.tgz deleted file mode 100644 index 4f5f11991c72d4da6eadb7d78b6ad35ac8a5a3dc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 58039 zcmV(~K+nG)iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POwybK^F$Fo2$)`B$K{`&I0{wEUQHCUMT5Te2+AXxEmsl036> zzWQnkA|VMeMKAytjX5z&ADQ5Y#0y$Bx9@@@LO1cZ zuY)7f7n==}5vK`44epBtb7=qOzy5sMJw5H7d=qRaPjkvsCSjl{)ri$=FzDX`{^4DK z&mTX@LC%weNxzq~?)Tl(Z-T9T^s0N(JqiBZ8}j#`-}L7R`oE<~!PHk?08h~WS8vYF z>-7Ki`PuLE|F`)01G!>LS|mBar6x-uft0XlbHt;p8~lOH*IW^<2qhnTw>L*iAvZM7 zSxlBZVfuqB79~_NvZa#KMZy%x1z9kXQKeW+c$y2c6NMx>+hhsNnd$~qM(c}!AW^&^ zomb?D+zOSGOtK}DlEs}MkSt4hMEjyh^9yns072KSB+G>2xsbaHve`vRp>ig>JjyP< zJ3l!&{!dL3RYoKBU&oPD0UG^$ zhd&U>lqh7x0{e^7UH*Z5V5Cq5O_CjvEYd_gjY%qUJzJHrh%a{}HrRAc2~A`DLBi;k zkzAvaYE(udRS_430?^S~@Q4BO^R@1V$u8oZCQ1;VMv_s*6p7X}jqqQYDK(RYYsu{Vh+qzI3`|xYR2{VnH5gTA7L0tVnUTISg(o zl0-c4bOq28p6X9%{9~cu{YH0?vWO`~bmf zi~Ccd>5#@cAyHObkn@w14g9rX8(8%7)3aM15R&i>uY7r0`Rw%M?DZ{&Rqam(WFkde zM4Fc&isiYULnKxCbcPQ#xSVg;e~Xk|kU<_D-_830AwO<6?-m`wK#&h-G=8$Ib2}ckIo7u7%3=2L7*$?@zuvIet+5 z_z|aMRY(#p? za>*n0LGql*ah6|@v&xIvHX5XHCb&L?8+_JHSKUQYunqs*O<8{N{mJ*|*y!^1?{B3j zvI`Q44e)3z+H}nby6zhbI}#ZiUR{v?gyTwtBtoue%72Ctl2yUu|8k9bli^?4?t=X1 zuy;#(lOefhJM*?Ll7vP1Q1g*nnp}`?Pw>TcQmA$1u}0sGSaF`N9QqQmTD9ZOylF$+ zjabdrJj<$B(@%YjC1RzzBHMCR$JnWx*o|1J8|-KnG*%bCP0<2a@{T~NgW{mXli6dQJ-+sq6((Pv+8Y9f~K``|NIdR(NRP`)u2 zMxn2Z#SSkEngQ|G_||~fCd+q3<$4#B4Wp?du}Htkbt6Jk!ZbhtroVRJ9~pE1?cZ)R zBFv|g_x+`i{pCvKLb40eiKNn3;8A2Ab=p4GtLuHM|Lg>T;h{91kvos1Qrk$QnSIWg zOlhJ|`$Wk6g6LCTf1}K+*RNj%cxXR`3p6xm$cnJ^x z1pntQ?BmgRKA3g$&-u%FjHl%P*Kb}``Ma+b_%>E(4AIOwtiKgnn_5fc(qr9LAiCLD2 z9k3Mkb07{H#(x@(0vYK$Fn~js=?+HYtHGzqcsl>{9}hJ566Fb5v78(oId+fy;~%6u zWr=2%x+C}WmtV+{AU`URW;9>_x$}>%=5o3ks`|et|F4^hnCUtE(y_x)8j{`pr1SVO z=`M>T(PQY4F8Sq`!+_KfH2bYF^a*1LU8CKHQUU{*g(Z=H!p3zkG8T5TXG^Yhl@}KN@fse{@)@eWcpILfpQH%Kp#& zc{ct3M3+mR@_g6Lvlr?Do|6Ah-n_2S|I;_;uYRZhzs1i#{&D;#VwaX2xqYusm`s@# z)wwv1MWl`+k!pbjekobuW2zKirAL{FkMvPICVx8q<(DA%$3Kp=FwE1Zse*21htMIv z{1W`(>qntEBoVWo0gD2n7A(1B@l~Oj$XT>zagp$JHC&~_Jsx~!QDK>ULi9X%8YM;i zyouNzr+fNB(g)~aX-vKVRZsWu%P%nWKN#WOO7xo|$$6GAz|4$kaY@KIlN&{-QX=9s zXE9zvem^ANWlV(#GGDV4$+d_{L{rVRE9{!ZM5MVO6j~F$BqDX}ezQxih@v@HOU~jh z0)Kqe8=6P!!RJgerDc=$L09^C@t8%L?DW8Ck~F)sEn5e@r3sIT$e5(Lkm`aA(~yir zuKxj9M1|x^Ff|f6{27wBc}Q+@Xib_!zc4S38so5U^t*d43@=ztyVa9IWwdsm5jQM7 zD(^9B{7QIwA4;0882RHp+lAzhTbhuIKa=iz)B!!0asVIyQwx)6L{7;+ z2~YDwa#H>NNOKDscoU2{3@wj-g`+aDI>kL_)eDm|@e zjz7QM!nZ6;Wl8od#=raS`u*qYf1c0(tyz*Wsb0?hJt_a6o}AVBzwCW)g$J=L}34H9Z~}BD#V3?)lUiq`;%H5m-&S=x?G0 zQb&9Bm*XvylE=&u&~IPCuY5BrmP`JbbdE}3nmirhWpVtcpf8!0OsVTb%b+{*Q$Z81 zZ*fAi3?|eKJ}`t1-{-myJvl`dETV;CM2QU}e|7ZM$m5(Pu_9D5v_&wm_JBBlut2rv z)o7-_1$A@AqQjSCtCXAVB>xDVU;O#`sIx6WC|;7z|4~Q(M|G-N00Z_#SpIkK;NO3~ z=I7b;pGBLaNUEb!FZFD%fXC_o>Fd*P>-yhU-=2T_JN^GHetiEgnq}&Edm7yHG`=8L zZlQw>%V|t=TG}1HT}Aj@kO*Es0Kq4K=A}f^cG1vw+7H%D@|><} zUs&zxFTVtuUK@Xdghy22hlafR-U$d%84(WW1`Pa-H`%Y9uF56N*~(}$^i6$1rXtaT z%v~1KoZ+nfC${4a{X8qAp6O}%pG!;3hoxE9O=tMBQx*(nNH?Q6t4bNV6>TgGAv>RUDl71qJm`vzB=(~GG zE;azN(Z(Im&gu8vlkREb1GJ=Hkj`W}?hj_O@$}RC-p$?M)7@w|Z+xw1zGAWS9#j{k z(@PTk&Te-=hEVy4j}wxQc$xOJvC+?WvJSr$Xe$ z09|=?rZB`*k{?C5>LfJFu8EBR@ zUhUN_*q^43p@jOChaG=%k%8+lID~YnY7px|V|Ra4?slhFLtiq|@d!FR>XyD`omT=+;s> zy#%(c`6zC_lZ?jWG}-Axe9aT4b}DC^mhbi-c0wYW(FIR<&g+{cmLjV@IU>EA8;|6B z&UxiS-*wFXSZ}aSx*N*3NfKd)_#(#TSgiG^~#SthPQe zbf>^`J1INB{kYEa?2#s~U%zT?qTExKZmYx#Ke`$A2cy}bG9@4pmGjc(jMp^|bL5}o zr$Xecu2Dw#lj->Cu0L;s-?_T%-S#^zjrx`^Na&Yzlk1wdr^??+r(T>HOoQ zbyl6zwr2DH{t^sWU&O~z@R#?upWY36lTUxYowbhWscuU5M)J!qo3`P5UHtv)y7;`W z3$syf$5(@!uh=c%e)%}Q`jf$@yXo*tIzf+3AH1;&*jA;(W!L!GwU6O;JoL1?r+e) zbrbH7Z*B(t`KRG%KA67mJ$1|;89>eH_GQDkzPX#d`xORJaqz95NzZKM9Z%y|`}Eno z8NdBBdpDd+o_jFcyoI}USK+7e1pU73I6l_%OV8oW`0Y&p@9l8(_S1a)*TKGNTkUh_ zb~u|2M{he%4yVQ0`FUfSO?v%Dj_DVT#5hv#*)%O<`S@uvzWOxk-L~BM*HSb@Ft83x z*|I4I!J7%q*B4ID0u27+y#f;cRb7J*;Qs!HEtL6-J61W(3)Rg;?19~a+xV?0Qq8!U zGfUH$9I&6l=#poZ#ciu9wA)gV0oXn4!_ z7#{y6Bha1b0sOm79>4#1KQFfbnYS+q34Y4|{F*qRq1WO-{80q|fI;8Wd^Xr=uJ+<6XQ|XpTk&8$q z7i8YIj8Rrs*X2~MSYFfO9kr{r3F#_5Uq?M&tRgKL`TIH4%%bfQUn57FXoP*j|PyX8q82r2R^f1xv&O z_%FC1jfoU1NjIuX1~ghf+Me*3r8!@6roc_oG(Av?nDj-qlYF(#|KEX^3+w3QmCIYD#4>-Nk{zpr>i^LAkeOd^rS9GqtePYI3j4|JM!UDlADNw(#pP|1$am1O8+ zyVx1d0l*F~Zy}qBc@zt#AUDgJZdrT#Y8N~uY`J7nUf(_;`~mvq6y`z`H%dFxo(2kg z`ryA$&(4oty*fEPI(>cUHg6EvCcrZuxW9_cg2}^+pe?hSUD#fcuZ844v)HULIXHiF z_WEf0-Ra?@4F{Vn5j)0S+AQHKzR-u6%A7|$qiOy^5VM@hoJlgF(fyZ?-)nfMm?U#1 zH!lS7vaj{hk3@Rp<%t=TsdZimtS{22kWxQ_(KlPeAuG>~%4r%?8Qa66$&lWtmSlaS zAlHR)yf<5@8w5AT?_9qGiW3AqMKE#S0`f1tYzudWlbc=#=?*xuw;bpY^3bg$)dbVg zRO)=-VH|q!dQkpwF{=^2=Bny5&q%_yEYUNpE`6D~h-yF)Q%XnzA|ts=xgPW6{axoU zB$P~zUqtow)V{7f#fL%?k*}FFA%|SkdOMCncb-um!`@izytyjEw)zT-N)%6|5KG-` zP~Ioq`uc6?4zoHfDj@^Z>wZI{HBT81O<#L3^I4H;;SI8ySlT2cQN`j%O}BDkrlFZQ z$zl7dF6pW2ou`SSn-EPByPsGjQnBF?D)wu;EF`IguBX5i$(Y>m+{Rvt!UXYCOj#h7 zj7 z)mmU;7)|B*hN(4`JY4}MbD@!G?uC%(qYKYLmahz`NE4}*GfRkIsRMh#6# zsXblF+?X|HL@aX3Q{~Wr-leVQr&r~dpZfrb0ZEH&Sk}N4t3RypPBoalUsS%A4xinvg zWFcan>O+B9}!PLqxW0A$2N5W8ltb z<|)CrYma@`1HjXy$DhV-J?uDyG#R6I7TJdQ8*bbRKW;O@4DE?;7atVMsH8co$`Qy& z(!ADz-rUXUc{}Jy6zWm6fG7nj!>YezS>SlK0mbzaKnR4)_i`gV)tqADkw}ybxGH%I zefu+#t)-@?oxMOi*unNX}tdM%9|{f;8B$!N+k2UFu2ttv1QVqui4DhQF(&^kG*N7DCSVNA78z}93|9D z&T}x*CD)n;f2NyE50)>niCyXk<_phyuw?T74&=cGQ+r4jRB;rV9rgf#cYOD6;HAne9vEeCyyOCAK)5x2cf%*i1me=obgT8Q7Ev;I{w!dLze@wo!7)F`l z9nba7cX*y8G}n~j(MEm9cu&bJ7gF;V`n*k9E;-vi(cRVb{QTq#+Raj$B_g_iW>bhy zv!7M~jWd?cavI$qS^vqHHBV8!`@wCW^zw~(`m3ShiCK)jb9vR;_XnCQk&?mZED@4P za>ZCy=J$7}&gb6yVv`BI4O9?}M6T&P=wUR)(HD4TbD>&x&@nU55n??qv()oMu1igE zmqpqtdmx#+q3NoiEA~O(Mh9X^9wB0fK~_jMi)iAK=Rxj9S7pHgc$6p|2D882Kw?5m zi=Nrc5VIK)v)jLs@46>n)|UM}mu$lb%tZl=@@11s9_j`Cyd&t}<+|KUHxGjeRf^2l zQWUE-=$iB`RGaN1%|EPp&N8|(V|(K38>%#?6zLm&StMk^H800EOyzWwkt``z{8`=h z;w=SrQ%03~5HcnihLy=eqv`p8f|`;OG>DjKHyBnWP!5_zzDj|Sriyf`Z98FAV5KRt z?F(j7SXRYI{cVMD!<4uB6thHR8>`OGnaX`p*63Bt*QrRYAPO9x7WE;7EHvVR-uH_l zhg0dR7#Zk(LXt5FyjvPEk{2mFL;vBJ(^V=I2T-QF1xus#hRS>RPUUn3zd#O=d`GBK zg#=J$AUi#UVq{t-KjI*~GK0l`!IKx{fPIanjZfukej=CD^ z$6=??m8994!~%zJ1so7rKIbM6{SFxPHA`ZXJesE_37aHE$~12tF;Fa(HmZa^pis2Z z5`@O~8g$SwE@QH^d2LD}U9o;~1*!Xa%rraO**CpT*POxj*QD$=uBhwEv7!`aM&qdx zJr$>u5uJMRKpkQxA0hL#y|G5)(Wl|%?I&yJTk?c~l@-KjCv~c-p0VvRG^6nZ#L9hG z**$Jdq@o%FdmNr2hwQI_|S|HksaU<)MT7p!#RqY1Bb&(g+J9m&h z0WWC&nW2Dhq9J`P=DzN_WLDF6?j0BwNT}GDZ9XB`ce+C(h_$WcqswUKVW#1c1{&R` z;vr%2%IZ@pnk~sFYR>@kjw&_QL%9gi_=(*H##z^gGtUAf3*O)I>WQ7MLei>o1zCUJ zq6C4K&YjZ6>F>%@_hKWNkk4*otc&CWm6E1-=Ln9e8n~7#90e! zwi&)3vvAS?w=Y4aWO*UeDj$%-9+NR#bR}4`WT>EWS`y|NvoxnemXdCmg0K(RDtPic zw<2Y`qXmub$=iYgR#?YsNO`>)-T-w=;Ox z8(op!%?%m+eKH-)X7Km$c5*WuT=|gnuW)SM5eKZ_hPluzogWJJqPR3IL@q5>U>0s0!Krg!O z(*qb^liR_x|E@Qh_b!Jw!#U36dN?2HSzM2&q(>&b>3rC~yXj5IpuUnezzD*MNAZAOJ#vx?)*ra@k z=9RTbVxKj3PS0 zLQP`HHR*ueFPR=j{?u%{O(`3RJ^QRhR?P|O$&t69odHIg^a_b=!H2t#Vn^hQASz2^VtoYinj+VpkTuV1|Akr3MG^Fay;)xurRioF=Mj-PB8BElPlXkI&~RF|H$#-Y*&fPD{O2xzVVH!#wfbgTO$$~Zm5lj`Eo~|H0(81sYJ`_S%L zV}EZm(}g9-wRm7#CTlFBWw>aPGf6I|MbMivAAh33= zwzX?Tnw4I~BH=4)84G(7bdyeRMuxMFxm-r$%H3x#;E)W4^LK-(yJ_|1hxc4q-ls3Q zI`P?Wd41{=40J(nq_Lz?!pOMDwKPkHDf&i$rm*4vS#$UFcZ)ku9;78tjP_CE*O?2q zoITW4lE4SH4x)32-Y3Q&YQ}pv>xE>PMqP5y!AG4#w99Iew+~e5(hP1wW&geuZhBbk zz#YN#EzyUnQ00d0RXIlNS8q?-q(ju2B883hm&W35(1g8MuLrN2VbdSB)o<3SO1yE{ znu4Y^c&=GRO)Ew`j^8=dB-TF`Y7`=!R~JEWaC+FpJ`{xX`RN5q*^);b{Def^@*e~T zXNOe^f}RDErfSJ5F1LCG@T9{ILairxkUY;>YUqgWLZjS~Vvy-;-cFuCSs%=+!zMX1 zYBtLi6bVvIr~U)|p)0z$7qyP!WReT%#tj~GVA#_Azdm#<0@6w1Zy<$M`AwE^nERGV z=knx+2A4aQheOg|f$)uYwdoGe56QfuLxU_}?o4}3PeLDXW8bA5My4rjp((x370mU* zQDeI3MOq}j>ksEzCN5=A>q%eYW+IuU0#*mu{(>CLC;da~7~vdp^hLup1GXq!(FcFq z2vh-Eowwe2-&+-)>C%UV_W z0azcaAu$)>HBT5hKz~7+nxV(l*H*8yvxnJC@UTl}ntiGIaO(a&Pm~Rf8CkKENj%!l z)o!uFvjaD+?%gVItIFfj$J6MIHGDX=4Ms#iU|X6LMm23!$JCTaT^hG5zcXH~T#7`z zGJ8E2;9l?mdmVtPM?l>_uU96yh>>v?A))A#$~1*AtaRh!nqNu;o}NfL!H*>M9WCaQ zehV9di~c+wBka`0{4d}!LI(q6b_m#bk<8x8c<3?wD;bXlwRMzVBM{com>u9YDGwPf zziga_%0aHEXf>svi$s5j7Gh*!;dEvaJ)d}v!uo>g&(JIb6=~5qs=ifN8vA^_QyS!S zlQC(@5m(Kwjc5w{r@VI8;2o3Gdk9d8XyKfG=~i%*=n|peF3^%V&R_$)HQoW_!Irks z^N*;$97!V56_eHz&Br_zNmB0WOpF(9NWf%+vOOGYrgCynn$pBW%A{KJ46h}_;2$F4 z+8H&0Dpo6|aungcd#@CcVEm_tK$2_Pk$o3|9+A&ClqXMM$j@CSQll6!*%-sx66rbn zl5rU*R=N*roC9)@OrUJk%8)IEWGew`6W5IigRp1?^Q6&dY*|RSlx!;^6x)l`y63Yv zBo9I+@dGy#%_xtLip+RZqk6+Q0SZD79S3R9Ze4Mq3NXf*>&HB1G$i+_csN>%hme?x zSs`-0{HH<>Db)u6Jn>_$z@H9$DEUSs*zlCrgBxWxl2OezSmlE+4%Qasxof*P#PEs@ zO^YRs!2W_ByYimpFc(;j<~(tyMu*75c%Idjp-qGi27kw$tEyQ)T2o0Q4OrzoQX#OzRB{ES!<+(#D#esS zdSJPzy_kxcnDX|zXON`e?D3W8v0fgkj8HOgBM~#Biam(o6c`%3WGr6L=)OXYtvA9R zg8Y@o_%SDQYmj?%*ILD`;Tb*mex8#Ds_bq?0icxiY&(=YfwzYnq16_IhqPTB^eDL@ z4yLGoBsQBO)w_^|RyYKLsn~|6#;)qSovWx&ri?4fDlqPr;H0Oqa`31l3j}5+dJkkY z198#rkme$1OlqoR1jVO1J}jvS%BS}bnrOw#{j>)Hrz%p0a~pvRv7|{Jm)u+}@OD^; zt?x!$4d$g4+R5{s&voZw|7j};X`3Jhp>gSv54-)^u$vkr#E6 z1tW07Nm|`*>J-r zS1JewpPjgD{L`miD62_Q;ahSn!v%&U0i)P;Q8NW9MG@L?uf;CZ|H`_Tt<^DQrAKfz zq}J4)M&4Neme2>KS(jCjQ0Kr0ewa1?LyXoj-QA@CdzOQC%1pEuZ+OaqnbBKrTEg_V zty0B?DU{Zj%JhEpOrD@51bG;%hbKu*l~)}sG7WaPhK(!tlO9%RX6kS!szEG|`&fqL zt~={iVvvbQ4QPdSaq~x)%w04{**%F8Es8m9XRUVvg)~SmE{K;_!{yX4vVuBBU_4zN zH_VnrYRq99Mu9j(MD}x|?Q2O18V^u0uKV!2SnLc>Q+JkKl<`1a(n}jT4=l8w3I=Hz zHQ8JXFlO^DOKY5FB~Goj#f>J*#2uwOl0xzct7$HB!$+7bnXpk9jn<7JIm)5i-p-V;~BERA!Yn(jV7Tzp7 zjGyL>FZ}4%1tV%rrM^^BflI`5jJ!g{2D1VWTS*A#<#lUZkH9u=B#!Zg^L}7J$jT2U%)vs}Ck;iL2O)as>n)H3+H;ajg)J z`r5Xm_uqYLA!w*2@yO);-Qi>JzGmO+?NBaEBUsV}RdPiZ)C80wb7n{58``nfXvIlW zgPdE7kT(aG#zKbVQqnXI$$XcgjDtlrFlUiIS^5I5-M=oURU-029cNT2eGh{TH>WFh zoNbFwI76PUJ}rg(6cs8L8zxnEoo^DGcE+E%n~y@1RwZXdWfy7&(+U)*5X1tjw1g2h z6b^{nBSfJaTWG=xV8fOejf9rwQZ0q9d8TPoT+rkQ9(!M{d4?UiP~bIHAktJpDPP9a z8vui5T4F#L2g-C^Bnj!$j7Hq~u$puxCRWj84=F!7m=%j7``4k@1|51m#lXZY7wOsc zB7R$Q$aMpBBRRm3CZ_&=3Xy4FNGmLqPc!r7CmSE}3DEe-s);{sE93d( z$R1}%Rk}g&C*ZF4pvEv1)n`@(P$H~q#cqbpo81xaHxfX>GeDK$vub^sJ3z=vax8Nj zRcA^3S%#(_A1LcEG(HlW4Fz@i<#0SB3TqdkZO&?uDygD^pfz{a6mGb^ufFDjo4&up zoLQ=tGz(0Gl{>Ax4V?JqGG;}t7#tdL_ipMJrlGJGMcMcC{hfF3>i3?wSPxh9!XU~K zD$l%8Y9e#Igwcy+TBn2>84gfQnz6TKt}kh^EHP1&4%p{tP16;NObK<$s5|;VJb(5477_-mQD|*czNhg=h-s5;UWO zrC@9Fwv;a^1U{e$ZSF|8hvPyrRmZL2^=giWmN_WRf9+RJ&4xhBWJ7?|x=svYL4k;< zy7WvHrW2yMoj)W4vU-p%K`af^rNn5Tr&VElx`I7ZhXa|28k<5N0EAr&Jk`5oW4Ndk z6n*O=jUffl15343a(Z@hh{_UsMj%j0FVU8f(=)OWX})$&eLbr+F;fA&ZXlZkn2U55 zdMg4q2f0;@_Ibhb2gYm;)as<{?dc~@GR=%H0n(TSThnCe%osH&4bC}9tdvcwlR76G zo)$TCv-17o^u3cy8r_!|T{PAc))3r*ceoe8^JK#qda@YgBrc%?ki0sKt{$rwGXlNp zgSBD$a^Px%wj~u3O29e+Q)ekTI6XOR4halD>?h3u>t#4NJ#1{07NNUFh`VHl9&xF7 zd{iOI(|}ys}N3FA)KF>QJ&y9%MpB6hw$dxRtUONGlz3CiE^^ve^&$YZTm2E zzh)*lkkjy_1oP^39nAT@*;p{TJ&wi)blw=x>o@I_f>vfk7S!p959=&^{iXqJ&#*jb z0L0+h2lu)K+^c;UH}EWl1gcyG_kH+X6WpFnWQG@>46ZMVV$c5i5giO&V-}Bd9N0e@E`&FzMqR`h;)~)ep~GsFZ2>H1Wm{ zAEi>S8?fHIghsup0Q(OA@X7i4BNPgOy>h_LtMv1<0qwjU+A9y*`AIp?3bp}z zi4q(FF;lI;JAc!F_j>OI=+D-hZUx}!>+hQo+ei57q%z}j%KB*qhi6TgdoGQ03$t=* zG$6h{X@PjQ|Bf_Q$E$8@s{Zo&z+1w7({fQvYZnEIC~f5{Ol~JlGq*f0P-zQ?en*)7 zUNd;MN$$Mtt!sVE5)N+inKRI$yr;*d8NF7~Z|`_snh&?6NNw=oQmqmbbEqx;EJc|b ziejJFkMDW2nR((9mpA554^YcFb|=psJP+#Y*Wq_HsNbIKg}Ubeo;TsXX~I1_e`K^z z9UC7JZLl93vp;A9(4)6?@MkUHPaZ+Eh2gDWjZv)k@cl_k53iqC%CZXw)Y~Wx9EIm? zoxIxHNjXw)&(tY)16ASKc}p*6PwbyIYS!MttM(2~pV~;!L(nfaK$5o1S5d1V(AW7s zy=6!$Zz~)WdhJas@7s#>G*reeNkfXm0j3T}X=w$1(msMQBpz+5OVf{VP^nij#j;Z5 z05$zB6up)KuoAQnQB@X%VV%E(?K*r0-)#!3xEWXZ+2?YMHR-}7EqtWoA26t6QNefX zS~rX|6{KrqRb{3|>~jzVy)L<8P=*s7Y&%ny3B_|EcOA1=s4J#nl&YSZO`w-7l$JKZ zB*5F39!`;8bRS|=^aj>_cWi3mD-cQi?l8HnGVi4u5?Uxa50dAMh%{oDrfx&iU56Ze z7*B5x!MuvzvE3lJ?6##Yzd|Jq+83Tq(S78f;R`Yn^(6y^et3IMcxQW zazeAM&tgvDnw7dJjTN3(ZubCYeyr-FwTt#Lq5uRkOJbh+EL;zQ{r% znF-beX|$YK<)C#zF=NYu=>>Z_QGC!$%~5!1^jjO5Fo6_Y<*VhIDrBOb0NWjD&eTO^ zY^HWv*!GZ&(<`3kDYC0?q56&YPRL5X*P=*ci_lkH$QY055Pq$s;f(|f zt~k!KvxR$6P0j6d5d=q%A&c}SeMnH3V$-D4#LuX7FkU`0tNLM?8KQQnFAAOjYD~WJ zzPnIV*NpFf;hQmYkQ#=Azs84@>7@^swO*{2{>}K#bWXxx*wevUtL z&3mR&-N%nfs?})S^IZ!~Ez7HwspGUnNbi{@*?6si$==ukhp7#(6*8`8%dMBvYJpx^ zN1<3Hr+DaRD7Oh8u*lP*$jkAYHnl+)CV5#|dG94?uAYW^1rt*;CJ0`4AH7EQm3uwt z_-{Igm3Y2x0NHZ)XL0s{VsINNB&^sfudY;vxfe$m^4nrms>EoIjGc$T z^Aopj4qs@#ymM_3ZXdaMki`(()__o|(iu2(%1N zPRS8@i;1=H5(|RMkK}6nVRSR@VUDKZXg2TN+`#Ys@#G`?((CsJvl%|S8TS7=9K9vu z5$TOcN57iPJLK|iJ|B-lGMfBU}ke6 z&j-_6NYgZbH=N&gF1)RSpx!XM1zwxf(jdl79Ec6O$&~ zYk~Y!Rj*T}869%uJ14t($270krEQ4M=tJk2np(^$%?%`@#Bir~;m55NXgAvMB(ai= zHL{>@_d(}&cBeXrVJokpu-db#ly3G5Hhc5Jlr@@N9$wz+X;+W=rRBkHtzxAwWG19z zAwY~>nmnBg#bZt-)^qQ)WJ>OkgU-#cb4ZSS!Uh+W%dO()7}%S(+4uCNtwFutC~`Bb z1}Es%Ym2T>3B{&2LvX0JwWli;b4#$Xtriqob&Rd9Q41_UzE}}T7DC)7EH4u^wlLZq zrzSe8GGo<{d9U07U?)ki?jr=*Qwd1}B9VdO;PlWc#EvARF(5(nVzP)_-W!t_=j_m9 zn?k5bVM5_IP!Udr@xtUgF!+WGsQ}30jG~&q?DD{@HCQbPY)Xf&rzDm8)*ibkug97&JMAJJf^2aVH+<2;?QlvmHm!EK1eSd%KP?*Ac(y2N`|>lOsbeN4ZqF1U*^0^*ovhw4ART&nWAup z$f;hp`axy4{}2SR*EdTwn`ezk=}x3*p)KlB0SCsjJ+|S@iNLhu5Ua5fIZJkjddC1_ zlt8IlRQxxMdDmnHeaQm&c}5)OPfZp|oF<;ou$pSRGKDfRE&H5Frc|=?1a4a+y6jdD zQnD?R3Uc|d4J6RCPxSD)eo(rSf`elMX-@zv_#p#LOf^q>_{3lqJE(YP^RU5gDuxQ&viA8lEv_L^V%pYx#30>(n5CFx4doWjZP^Ov_Kf+XmD-U5Zr# zs>4REXUJD(jHSqXKE++EbZ!ZFJ+7=?zU7`F*KkValE&<)$W%z~ zFtvP0uK8yx9!+Q-t(k&v{jb~V#2Q8iof0$|gHNkEdiPCH$B z**$xFbYN=mu0j*_=d$W+YW3ONYI(G-$kl%OPY^IvT_}gkV7X+V1I6nFZ#r46%xU75 z_H=1mRCpXMZ0Nl=T#{5g(I=HIM{8^(quf;lsCUPeJHSdLENQFBL7rH{5_|2jP`Fl* zK-%PR^!VcXO2a~)!Ro~zAXuQdm%MUXRh9wMLN1}1#zW}y0^Z&!w@fYZKWH1g=7z;; zaQdzkrDQ34AUuZ=zrwNVkLIQaaF?iyN{X=M(v%S^(wryNJ#0l-_po&q9?4$E$&X7|@{?uP`VrG_4amTY$owkYUd25>hYS?HfKG4^%jD zX%k|DKopY&+le%Gv+=V6mH;H%Xv)n~vk+z#mPNAUNuo~-D3q*+6Npd1;xhG(Ujxn* z>J}ygo(W0;dilCb`fDmzddr$$s(AGjXWSC{KM{j&RUfj_qlhGnxy_fjEHt+c z*&c1LiDWe1k+?9LF&_KOVA%^x6nlWO>CHPEc8sTWQEO8;C5eSR zLz1v9GVn{rLUc3p@^QMg!kPgosx8Ha8H(C=4yd&@ZbV^TS0bHnIwY>K#^N ztQ63z2bKc8H5omXR zP3}`Ljhja{S*VT23XNGWY&X#pVM-;T!Uxnv8h2&VkEZ_Wfwn5J_N|oByEU=u75U64 zXf1bUEe$F(h5oin+N#l34+$3cP&DTX7Qaz~s77WzC0Ap5H7|nlX7GtP2PLr)32)~Jr*f1umE~hp8-l$@k|DlJFD%h6B5&%qxeoIslh#fL#isON%9@@ z;aykttKLZjo+tvBGfnDy04(%%JZTY!Hxn#qvIZJRY4K3ainrua<@G6nG0hlg>b0yN z(nQd>t`Pn@=AY-L$dYHz5Gh%U2XL<}v*zMtyFu`#bg;4+kZWF@t+m#ynWcJz*Q!L~ zHY`(pH_G*txTd*zR4pC8k8Nq$24BLppzvT*I3r~=vz7H!lJ&v2xPX-vhf1%nB{@B; zQZz}<4r>aMy8Wdpm{_oC&rZP*)kFz@0Bb5^PpGR_E~whhZie;{cgb+GVKGPDN?FyY zq}DBq?GUeT;qSWSgI{TP;0pBWcc;$1*nWgOt}z^WZs2Z~P^-w6Q3Q*syF<&|WnQMF z(B+2*S0t$DR<8_Fw~5y4hJYU9@ouWQ%}vHBXB(|t-Fxd#l@>h;F$qT-2I{fH(g4Nl zwG!02RLGaj^_7u|B8`x#O<0~YdDxPS0)j0dbANS&PRUz(p`jhqnB-kWO+2wkLk8&z z3LhpkT@`f2oRCy%C7svUVuwoGm#Y>*Z|Af~CM|ba&Dp3itYQj8+Z6P%dbr*(%f^G{4v>@p~rqebkhz5?0zE;tPr3GN6zB%8X?YO=^Xn#Kzu?g3HDLN-pvUOxr|&~2!m z-11xJczu%0R$wuS_hQ!BBQq%$33CP($VQ+S6#2hH?)TSde`&86nn9sJs$&QB~Eap ze5W6cM{h|0Q$Vc0Z&XLXM{?7f&Fe@g+dqPZmRfxFWOh&EV!Ex%`O5yfoOW;jDkt8{Q749^AW22fBMk4m^0F z#{S^_U>f3F9Uh05x8LZN6TKc&>m)n9GA^6_@zp?gIGzo>kIcYu$LUY%1zhW=*RSW= z#lcQ`)85-@Z}N^@jR!MW+|k|5&G7o88B=*EFK>o#%{IClUBP~=xbX(T_a5tUMRN+Y z|H|G!K`_Tsmdc~}n%`C;@rn;p=hJ7ezPctObY52`Iay7CaB7P$>d!zfN9(=iNW3e= zxDBGXq*xmJBlCC@X}`o`r>4N?JMqA_Hm;B3MQ=n==imSr7V-ox!q&t=X~;!8TJ5&V4U>~AFK`i338UTKnux`6 z2{ru{T6@vpX>Gpcekn}6DZ~kI<9MQqg%t?&aJ}kwJgo$aqG}KXfoklN{>bSIedb$B zBRPwW=Vd7kEgB1=gr5-#O$JT&{q)e4wRJ3_6{C!EmWv>%8da;w)rXh2p;Zwm zW`pQ~0o-Kh(&;3TGXJQp_Mc0U_!XM0dR4KgkUZaogr!jU3Ix}}dOLxHZwk#5TRGUn zx36JNc1PB14rA8e9y+HfD(q%;26SV1M_gF=X@pFD@4)lw%m>N!QCqfEqoM4FQF1 z--iRrJ2{5g(V&^xrKcz4U=OTAKTiN7%OXjv>!M3>VH|s{LT<6ERV90w<^bn*3jQRh zCjQ`P^DW(xO9rD$SP=BNjEapdIR#$BCf6R5EF=r&-F-1zQZ1`GYY=*#xR?Sv;i{g| z#6QJ&>tV``n1XXS$~16oRqG0&KcC_t#WYEn4-!_h0nk6eTH>KVJQA{yj7IB_q->S& z6-y%)>isBLre#M%U%WU8i(A;4rrH|c9EJt~dLWXOGe-q%l9)YaMP8RR+-*%5r|0Ws zol!hpX{k%HjcnLs#g6M}2KyW_BUKs^*6jV$!xBA0l7)ylsIq=6JKaC8`gke(iF3+H0^H2$I#Z^g&m3U5pD#fE33859`J@&g=fF;tQ)35Xkk3CWXmw? zvHHfoJ$&52<4h!Q$Cz%+hJ!WhI&Yy3H@aodVaPc7;o_G%p)E^9W^2G%A7KTq)ut<3 zH>xbw>nFs03KEbA8<-9mKs-{7hyASeun!d(iQFA_WRXW>(jQLycek^7Z`9Yq#|-J{ za6WTkR9A!dgPZXL`2MNK-`@;-mp22HpGO~UDAn~?OLZW`Yl)K#ugP$9J)YhUY|Peh zN+#pkY>49d1^Nz;wa9x7@n%=O+uqv&i2PT*c@N!xK|brl3Q6$2h(+XMg83s zY;RL@h{4_6DkEJ1OgKJ9HI7Pu+M>Ih=+AfLfh`oz898XvPg;j^zL9w0`p zOfQtL2U8R7pVP|P+gQHVn#!0eAtaLJl&7H;XC6(qO{1u&$Zr_kqd8<0BXc1V%`;_1 zZp0lE3xuzI&Z}BV$@UCg!Oq+I6R8NoWiW_mC4dY}5Ekx^fs?PB`#h>YbgGIY!o^fcx7M(ZOjcW*JLkAhmd`fGO~l0;)be&!a>`TZ7HBt$H=L zE&#^JN-zqlglc+3T5$#m6_Wz*7iWPp{$;)PQtm8`2i63;%^`)UZFS7kn zIZI)z;7^Jr-$GKRU<=&;8g;fdFhe!Fp^9{F!Nd<2fe)fDVitDr>MvD!rP37w z3%vwUkANv}s{OH4Hjc>@*s$%^uf^(h1@8Ro902fG%p}0 zkKspAhog!OdOFeEGpvI`Cw8tN$fsMaL>HtaEnT?lx8nQYA5}djE4icUPk(CMy%qWj zt$CJN_Q>V$_Bmy!z5=Ary*1>>4Zz@QczJt-iM>F-5m6~2Znohl1C%~SKWcYbEq0A~ zgD!|_#y7X3ch4K41#6Z7M92%er3nWF7AezbJz^9>3eg;Hc`*mE&Dp+`0YG^NKu{qF z%i66*cY18P7mENHuS#Cj6z@06ZT)LPO=dF5RwhHc&+3x9?yO7LW3>PVc3mFa#dgU#5lFd3$TYmQcYfw<<^H zNQeM57YDV)SPrXEInAxN_uP1#V34pLQ=YR;27KH~h?p!Xkal66eqd|ITxA8so5fr? zJ{GZLM&=h5vmN-xf=0N-s!Q%3^Q-$B6?xUU4w9p!zOSqiOF%lHBw;I>m{Mo;YPCpA ztw4n8=$Zwhs_3l|mom9}sTwF9P)qf@v4%;Z*bnxGcJ!Ei&UlR(g(Pn<#jxag&G3v5 zvlqr=uA<5?jY^axG=nr4>pgjejitFRCod^a3JI)-xn@v*>g~W7Yv8~no#j_=Q)AET z1_9UCDh?0!QVky#@BWp~%gmh+Ayst&PEkfN;WmwElBT7I&=uvW=OEyR4pl9kr}$tzg^ zO8-Z_j%E?RBL{nYy3M-%V9nL+bH*fRU_`?@nqsqICLJ3&DmBT!uzgMB$)C~CAGyH#@^*Zu4rnCUn_DDVS4mV>wVfew6eCySx7ci z-m^TcFv=FJ<@CDkH*?7>dCC&FH;wy9Y4h_uRN6d(ZDmP~n4IQif!+3gg{+2L=-Yiw zw-w)$ZV)7R!}$S2T4({=O5qH^8;$!R3V9roLj#ff8l)-Yne~O zh-F@JxLkx4E8s@+IkGKi#4;9m@0%>{kZVYPtyzx@QzRr12?E9XQXpR=Gp4>sw_2)4 z9Yf!6BV~wUm9L&r%p(0(h**`XW!NUT>SyFHh2$#cCK-KCU*=EZh55=^vy?Lb%7yKk z6rcOjTA}r;v7?O=q;y~Mk`Q8&-@K(1c3W;JaB5~!)85#8rm2)k6{Rs#dswCx&{#Fq zy-h5&s#whoDJxR@5mE~)_7SiYo7r<^2`(z^aOmnH2>wKFO>seoVy_Q<>|t18X?1!{ z4l1V=`t?`*@COaHw_%b;RP6za#K{X8*J!|oic>P7m^1MujWKD=pU9xlR5B#DJdP7a z22`1|+*|4qy#!`A2!4I^w39rLY}S%0MmoO^RqK#S3}jh}M=VKm1oeaw)g6u_Q_YhB z=iwp;($@IiR^0wH~l!jzRd76{I^4!SaBevzr zKE5d;?!LLDROZZBMDfvkjS9nr=m{Wn%{*K*?lzc}{$s=*$VVaX!|HrBDqaIB-m{eb zT(E>Tfn17&Z>i)otsv92_#p^-vtf@+df1PA8;vQIZ!1VA6k8!EnVeBT1FUZHYH z6W%gD14L^2EHOEFC9vH06X0H9Zw>qn0DmXa75S_F->f%<;oj1S7W%Jhcix94*JZC- z)Md(6x|@T}tT*jws&?=l^f0IVfu>bp`0R%u7~D;saw$~G>CrnTe`YIva`dJxl9gV%>=3SZBNQnIe61MFxtGR5N{t4Va*e7&-t&}_YpR4kxEm&gNcC?S zIIP4hBz>ltn#9}y<<<{Le@)|%^uv98 zeF3-F4O`GuH@c-UT~QTLseezn{(m8Pj?03-bG?6V=}zQYYPuCtM3D&LboOatx5S7; zp`9r!QqUjG^kUOQ|FVnLTJ%sMnF~G1d69A$`FolcG%s)oKhPxMNcygeyhv+@`Wm#4 zu#l&)kOP%t&o?yR>VMJGJ6{)i@U_M~)jJMa;|%)MI~tO|77vs|HJ=4;v0IwZ2f%5P!x8vd zuhCBhGw9Oaj5iv>gxXF1H=66km_E=n28u7pT$uE*CP^97kBgX-o}_qOIFpi+8z%I5 zn2C+1iTdoMKjT8)tq_`_qq-d#Y`Dbh&Aajb%F|V>MT!qh<>Zp4_s4JP&om?-H8&HI z|2CUUkLJJmW_eAw0lW&zd2bF0&@B^5+9lT8>~ zS)@kAuo63w*klZR&HWZ_++K%Jgu9g0D$_0rT`3p@M*O%S&FC}l;U-QJAmpUq=A5oX z$%qZ2g2qCco}lHAMZ7{s%fA&o7g(ADlE7*@5AGd}RUik{_Z0(HOq7gOjc=_s+^}4VOeFe}(}#}MA@-@H5mhhY!H~+`s_T;zbQ`#uVL=#YtW%-@y_?4Lso1+9z zxX0do0l)E%uhwSicuM{v)-+9-S`>2iL&?Xym5fEq9&~%_xFg@o*DS?xAmJV=Nm)`S zLvxmp-j;8V{z8{a6i$!~4|AF{sNJm|Bz$DZtdM!Jq7A4wTrC8Ch}3hIL80avG#X1@ zvS&sTE#y5j9S`-ESQLpPD&~$t+mOCs^lf})DuRGdrC7RFVS`^o*vP59B0ag_rk3D- zMok~DIJQ24DSN0fWv|GA2j@$8GUEZz^oOZ;Wb*4{dVQCp{|O#3ucYp;TD(Hq zVz3sBEICAE62)=|Ph0E=Ef>SEruJiSQqo(Irz@HXOgTxT2xyq^KSmmBIhcaIV6 zlJ_*CX~auaa3&P&Mc1laoFwrEBbkE3>=b>&UcXDmpmpCmpzV!416wLEZ7kBAeAmTL z6vHRmBx9J~)+K3DIXEV)*^WFgiPe>C#%1h#M??gL@nTF#WNJlKy@8h2C$04OahZJ` ze$xtSAJ3@hC*3muz}YeM)b{1FR^Zxg#ULZJ_pY8LGGDVwOR5Ms9VR>Ljh8W*?8<(+ zDE4M`wE7_nzSIbkrx&pWt`I1HfSI`>P43B2hC90clx&&Y<40L7pHjw+*PC`x<{KK@ z0~1-ozEM?9d9B6DAQ+}3qTs4+NF;P*e5WBY*JSE0OHjR3Dk_y&>C8#lt# z(~`zj!l`*s6XXw`K0d*VOlc~Ydr@!PGCj4sc3>+|9`6C%B&9I;oZd4N%%SCC#(%W* zupac%2PaDQa*{04N`B@p@v@_7_QrTjl@LQ*Y+Aj++^I&_S*Q57dJ>=Vd-ek7L?G?D z*$KLw9^k*Q67aknMHhwtVXALw0V2^w5d7{Exz{D~w{nLJ3I9rW$d@=kTE{!j?1am} zzrs0^^F#Att23lOgZf}!FuZ3uQaa~L)7rXIeih59*7R9CCnmnMA6uUDFZ79=7NBk~@ra^`Zx@M_yaiK~1flnO|E@@0t`$#b|q6$ARdlr&(E_Ym2W=1{Ty{~xfZ-ro96cvRQl zug;{>G(Hy6Co7I^eU7U6H5xE}H}_Y~{kVerOjgZn&bzZTU$o^SvD~6xN<@;hNPv~t zr}rr9^E-Woe<|o;_C*@;gjc*wTQwPpRb!Zstc}I-`~5Wq!t3k_@TvPSZNg3xrAf9lG z*mGRIT>Zz>CM#CoJ?~heczVx6>xi+B5%VF{d^Z|wQ$vJ$go$YEEdchT{=U2pDz`UA zVS3F>v?@B0n}8(yu~&G@Db3A+1rr)rhM13u>X0iPmsV@iAK#7U(~qQgI~ZNv4o34? z5cGSa-c|33+-Hk2_gPiP?z|kJ3g77?o}CSC_@l8tuEWENAozk@T-kc3ctjJjrkK|M zMJc&JM6$_!pn#7}d}iz%l^EtnG4iS#U;HMKuFjT#j@mXlVg>H-Vp(;0G=*Xe)um+` zJtxw(g}*)$`uYS8_{FatllGX1`D?_hwT7!1u6j?-LSpy!i^9{|x9a0jYWp|n7Y49Z z*Uz_?*(Kau1i|L95}f**kaQ+?uvavv9Sk!t6~D@G;%d4}-YG$9)r zGcWh)V%H*SgqUF##*nh4n!MA4Wkg8({E5p7iN0r9EbV-F&+|6Bs;=SwLd;fgT6_do(~&C-#TmiU<9+v5YN-}Q38K1$ zLZntH3Z0{AmKt%`kus1AuQV3`I^E~;kw=GCNyB>G34bcOeWe(z`lh7Sxi2+@vp-TQ zPkkZ;!Bj+|D0qHw3tUT!SBW4#B+j#OrEJ&@1z7pGz>BMYK(`B-`f$cDXE5zS`)S(g_%HS#8g>ip)g1|!|+vqqSO7U-vecaL=laC z8jdFcJZmd}t7(Sbeex-~3RFMhJ`0aUDm(s@{A+!vrEh_*ji#5rf`f0~gzJd6XorFL`3>(KZ&7rKjc=m|KhtIv_ zv_J8p&cT3$RGa$AGKgcEjmDKlAh|4$Yr9BIGnQoOM&z%*B%0f%1v5tv->Pw@ za}AxrBccLlb?=8hyGLKvbr!3g{%M=B5IBcSwlO`hfJ`QKPxt9WY-Eu*sHR%QEWm{f zP@(wZ3R`yam+21$wrFl>+hS1Dz#0@+wM)_0p=wx1r?nu*Nz=kBV02#(1*(DmpjI33 z2lVs3%f33x^=^-^?|wll2imZ`3w$n(S?{fRr9rd%i-wIe?Z54-^Qya^@B)zHOHh_& z3hl1^s`5dnb3d9tya4OGMP=5xTACZ_g>dIrozBP@9M(rv+la4=PX*F*>mSsmMqOuQEmlDArH%5!&P~-h1Y3>wSTMAFSXBl}f0+TJk?ENpzEe9Z)MXOY5d|;^S_Io)~Nf0RzrYbhE+r zge%%t>Pi+#(9Dg(WyhqNAqc=0Uswy12BZKq2IHcA8enatU#KB|y6iw|EB{_0EFIQ~ ztST+l%t~PDgF)%TeN{&+JTCT)n156En*a(OR<(oc>Y)(1Qf9GUMZ|25`44A^c^p?x zIKU(HKo@|1i`1C+i;#_%Y!PimTqT12cy7Ql9N^gNI~Qo~xXVY~z0~z}EwM;lDu~92 zUOW(!;Mgjml7pZ^Z0O-N87%`pE4kHI9X>3U^KddgaT4{_ZecI1Ke~L%oWE!5=Fz+| zbnqLyT52n{(3%@MbJlb4k&x$I{kmUgiO(7Um&#c3i5q2Eh-4i&N^$AiQy85_-a@oM zk+x#b52*JZ;g**aw?`!auziarPj*g~^6wW*!uW7Fmw5bJRhZyHz7dx3!|wzvF8?AB z2TR=;m3E6^qYYMhq5rTFYWfPBNH{n~1bpHg+IvgA+N-~-R@q^N^>I`@k)3^_CCv$=wm=xfg}j21)Je1lRKmfrV%|md74Sa(FcqAbmd~tWsV{T1i{Wp z@`k8LpqZ0^G6ZyJrENd*L_GtN*tM=K;G5hv5VM7*224G8}&jr=3n%xHf=6EV3l4 z8kWLXU?G3#Q@CLED4T_Dql+CHTGDSEZO2`%KdjIa4tZ@fA zq-%ceY9pJj1|LT!O2ByOSwx`0Mc*V7YwVCN{xIlvI^*fh_}c@+rOV5Y&0HW7r>Vg9 zgT)x|_1U3bkMj7^P_Oo@deQ^Hq)&!`*=3(%1vb2-xtp*fP9_8>va+l+b--hmJR*TY z>LM@_PrH+IqTzB?15f-=2O9OLn0!x7T|TxB)7;}g`sBh#>x@t*V)hCysFy^?8{0xD zoEy}?(u@_AEWInzCLYT|*Zc=MNf0xYUX0dEnw)I|VL(_@O2H*>ekc$_?i1;LEl}a)K2! zIPmVoBFdeO>gC$4A(hl#7rDUr*sg*D>P+6C)A?I?ukNwaHl9oik;6*C?s5&JFg>t1 zt5&5)vvefcNv5)tVB8z-cU{d;6}7^M6KPEbIZ=(3Mpfojp^T`za1wrAkl;Q_aF#j* zXG?R35_MP?ONZ4M&j*()H36|m1m?F+N1xb#jlxMdy?LE#eoE`EQ%HS_;!V2Z`-;O= zE(%Z^FMj^{O}oyG7r7-50H;*!(Fb7Q`DD{IFI7{>pq6JdGc?}-@FzHIv9#5#VpwB! zK(C(#OXq5F)>_vBAr=C<{#Q7!jq+|?A_Vy8DWR|E&FNWddIj4yLJiKP@wgfB{b+VS z8GW~4^U?jo^<+F`vs*U&FrJ2;&f5VSV%Y7(;6rsvdHMy=U|NE7<;hw-3rUmZsc6tK zV1kxuE~`o`W_V?r=#sksFrJL>@5j^8;&li8WmmB}_E*4@p|y2K=fXmQggm%nw@-L} z&`#NYz;;=#3=}1zVjvJDHKs;tnc3K=&}qraZb3htG@2CPK6g5c@$`LoKbwzUFW3r4 zvVkhEDGs|>euuJ+FqX~uzeSOeSDntn-?k*XYUI7(n>2)#Y23AdCOY+syHp4riu zQouNAybx$4cM`Yx4sEv-$kS9Cvz}lj{N3IhbNJQ{HH{QSAC7gIS!iP9{Z#sj1})WA zfqkt7WM+n5`u!(?P^~R(CBG8OS;&QW5~q=FsXfoD8X@EzmrY?+*64e zL4+z9Rsg&>>A>|ZuO{*-%aiy?#<;BhnxLoU!-y7hJX$bdbRFN0M>p(xG?{(sbjFdu za+rw}(Y6$6Q3{y`Y?|dy{1C9klPv!fIX;8nDa6ZfELXEG+P?vp>XsKwq#R}^$s!QQ zPMRPxt(P<@?rIcrClj7)$v1jnyDWwzlGo%-3v!CwD1CxxdCnmJw61@684#ilg6(j} z#ZFV8r(Izpk-^0u67`MCZ+2$1n=@^Hw=v|{oGAC=*985}?a6ma>H95Pp&PIW9PKHN zb5Q`tVkr`_-)5;Uk)(j>j?2V8R*Q0}t2jFdm)#$w45saxS{pzGBFG|VZ=9S35Rt?# z=hMmYl{zGzs$6|g-;!&iPz^!IE{+ujt2sD|`_c0x-(f50k z&U5CZbRU}_ll-T)&dGTocQ55*K~BxRJq4kO6P=+gYyK^YlCKh3Y^|uNzYMa(hD(Pw zw^Qv`CyU60eymh9Wjr~u>ZDnEHhQptMM14Q^;m0B?M42G9xD=qx?9=Wy3Jr!w9-xA z1ntgnn;KNbTmW;m{a85KfhR6zu1B-@pCg`_Yi~D2C_HnRT5NI=Ms>A((Qu z0)wOV35IP?g*3S`bF)Viy#N=8dJ0pT>YchgKfnC`-A~Xh&mHmn7h9H{B)!gVw~G+@ zi-75AeIRJ*N!dTK1#1iOJ;Z11TI@Nbiyq(LKG4JIjjBgwKL9bFqr==#K@aLAd}nHnc$D0yw|z@gfim?hV4Mxrfls(Bdo zzz`tQoNlC@V@~_v8tHP-y=SSjNgYt%IB^g4RtLJj-5hB=#z-Bc8nBbnN}$JjY82gt z@tob`P`iDNz_)_+(Avo9g)sCIJApa|@dTMwfmnpJ*jV+?B9|-$k(80+WSR3Md2Sn^ zYr|%VA8~hn?S0^)szEfzV@YichEmO!o=4hE!2E{31g?vZ%KT}b)CrQPZ5uCJPh)A} zZ&0{^b40xcjtU@!R4>V*sN7fJ-}r`R_bs!2yJll|CnuB0q+SCT78w7^q6Zmlw?@l} ze^zrkIq&a|$`}yzRD5vy1FlESSTv^MJp}aACccAdTT%`=Ql*(xTJ-HeCC%gUZD18Y z9guLEbrN_?@`iP+eC3WBP&(8&RF?bYX=~kcaka->??&_Chj6+Kug8<|@^ioz;c~pV z4TsCw{4@K7R|vPC5&IGU!)(kUU=>&YYV; z-aem0nMc(Qt2YWKNfDS-1GW-2JgMwbUL~cD0Be94mz{6@BGfG>!lCESkvy{SP;zn+ z0ZN^zt=1fK#$QtiHFb8d?E(9Mwih&>i^Ra_h_u{_5~|EFspG2C={k<&b(O|^2QFet z5(=C}4Aj#39EO1%pFW~kkDL>1S-(3t?H-;!?+&kfz}pMRziKa;+2dc*#KMK=O=998jYrUS8wJrsPiXyHhx=qhqQ;FMrjmURujP zh+a;=5HQpp$|sRLD$6!4x5an*uZ|J`DJfcI@N!R-&O@RfGe}`hDWMr7B2FF2@#=wk zUJ5L7>^WnqYVyQ&Sf{hpO@NCY)>1Q^(W#i?7 z-Op$5=iwc@8GRg0X7{7{f=$NZ^<>0u?Ssn?>YtOz?9+JqK47DdqbVETvhnnGHoqI) z&?DnHyPquxad7I$A6OHdljq7zOP8Y=wVNBD6(eZR27U49sSX5oCi7_o4{ z!YLcy-HmR>;c{d?ogo1?om$% z^6RjavLI7k4)MJ_X__Vxr- zEpI(r+hP%)GTD^B)^kh;O=aD7dbQmhD`;ABk+~YXf*YE#xDb#@S+cQtdkq+R3^Gf>8Y-_WE-8L0;0^( z_vo_5+9Jy8d?qK=6r$G56{r$K2VVl#VvGGU0L63cf{G}qkQGH>(o0ii%>iFw31Gu} zk;bwFv<5rQB7so7Zy9+h`JyODi*=1&XM+SSvt5U;g`>p_W$HE(qiaS7ra;zB4)(9L z3IZkSbQLF7#_JQh0em6QfZm;-2j}PKOjLQM&G>KCb1p8wO2={Z8-EWESmbUM+$W`jE0 zjq>s6fUn&gqGKjl0G(l^B6ic) zJ@?ApApsTdLp2H|SA}t8AC*ejIDU(A%v&TKY+ygX5Q7|AHW_u*Bg8MN^%}15S~{K2 zS%SJKhE7(fO}`=!%5RGjy2I39Y}r22Me3PSwOl{$sz`ghkYTJQ*E?`7EU10;@}t^o zznaPN$I;7Lha|5$oxc*t?61HoGZWD}Rx9S`jUDwDK;-U<$^P@Vo9eXe*UK(W!2&|5adR1U__23!{FGWH*Y>H``14aPN)E%b?4J=o!!>Dz^ za=O4#(rO{6T!3Y4ZkcGu}#4jkFC0O*%0Kbjrr?vZI$Zb`|j)y5&1Gi0g3F@xkW zP^13P=R;?Wqodn(gROI3eSI2ZixawruPK~*%_{^MXw8(OM*_xK_Xh9tF53y7Vr@59 zTM)!4il~j0dXsbcDy9*i>Izv&AZ;7fitvH@M$X? zd?%v`s&&lr($}4C{_VQcjnSQ66C1es-zzr2=6|u~PtK3O8u{jwJ32kM>tU5mRMSut zq4Gwx8-4(wUbJNVwy0v&G5}xa#3lVYXtz*$7k%GK>CqW?>Xv0nDNj&mkVXe^@b)hI z?Bep>|IZYw{R`}xR!inor68MTrCL^~a?{$e$*2k17UGpKz+YJu`W%KTWzst{g+_$A zFHgC4<%^?G1=U}v-m0G>uO!2-urP%fM~f{^#H^x$vXzvmLcBi^7r_34z7N0$UIV*= zPM`^Nre*-y)#?ldh_+hFNbW)I75ovnFFKw7y10CI_U6s`#o5JM);s_4`^)o-i+-o` zAOG{e{{#LfSG%)##m^$(a42(8l$6hO7K_L4C*$F0x)?3=55JCwx4(|2ulvUN`T6;e z@7}?G&(F{O|6aa3|M7>n|8eo=?T_y+fB50@&71!?zdV2U?#+L&^MBQ#-TzfZ$@Bj> z|K@Mi2lwCPf797=JRDKQjb=Ns$>elZdbvE769sAHl?dHcNeM--x;l~Yd{4b^p`{D= zZt4|%O!+1NNeZkC*vtlNPj{jhLjNwm^H~h8lXh- z_bA1ah{0mJV*iis7b2tV58#RTe|y`q+!t5hfB*FKbawt`AXmFVlj4An1T9JewNQ&B>mm72yoxEFHv_-^oS@TT*B zz3P9RPKS;*1sKEScs9kcn@ZC}!UcrO&2xjk;igL2d$MhD+Kl#k6>-@_=b-oYxp-}gUZ$R_H$2UQ(E`B(Q+kJRe%J@+;>$eDvq zN53*vHc8L?3rwE=RRR^O2$HEVk?pGLIKUo)cDec|=ve`Wjs#@YH8HLD(*X6e~I zrZK~)(npzR2&(qtufF)fzv_d|?s+Igj;I;Ux9ff+Wy3&yht3!E0dT)7SXGExm>8fC z(LoJaMoN+cq*5%3D3>c+3Grgt&>i1T!mh@_o8kw963H-iE3I2Mc}ClVC?eB?=m*p{rg&%a{m{T*k7D_J~+iTQ!8bNB6UGL_mpYB1n!FQQ6fX?wcM9APR{(l!%(WW|B7Ftq8TA{xR zGYvMeqH%s49ssIC-XVxqJ0y2KRCjcN)IhOsmRkU;`lzA}z|^4#U&on5{zy8pIqsTW zLKsJCnE`zXo#002TYEj|bSTB2veu1a@|}Tv(fRD8;I4sE!7!5P^dEKuVsLMgq?RJu z0y?gz_Zf(Af7^dourN)tDy1r{i6~1XE4nALBa}~tgGZ}YL+xmS(K8zxk5Aj0GPwpO z%POxQI~HYCqNEXzadLUN4ScUvKt4fL92f#ccMs7?~p<#NZg5rC6&6pIs#-jK-8xENIv-<)E{)c{nry)44Ci1d%6!ol|C`;FgjLN_%53un4CtM>? z^IeGe*q;1OP@Re zp+nt%e1TL$OG1MZ_{@wTOoBlrkQ6V~OAY+TW+ST3vipw@U}!g#+CD|akStTUTjyut*)MR z%v0ZTRUP+wH06(SV;Z};zI5MJ-&e*iszLC?C$U=W0WvLgI9%~T?2qQK!W#W7Ke&Hw z4nqBkBIur?GR$`SELHOi`3YXwj6m0^I+|`iC&B1>ech{Q*CuUbJ_%S|Robd%U3KaaKp|cq7MWk*XQVJ5|^N9g(7Of>er?Zyg<&_&Z z&}k2pJC|tYN137(0|vNDC}g7+K;)yeIYcQd@Qb8KPz=jp2pf^>#X}_EDHSq?^pfte z;dKXe2HXG4>}O-o&tUuNkQn;phE5WyR&I@7q*wF-ENz|TAH*fb?)ZZpZEELTE8kaXxFrJDpV5A&dlp5cYaXi>l_iFEcmcRHN3XA9rcwx)#dfo9PoKmd772jUvT4LOsHK(#X zKC`Ag?NyVhnIm02pdAoKFIhkkFJ#^cm&Zl!1Y75PC!E>#hW@9rn#(T&@Z z`t@)&y%{gZv+073r^Cs^4HO(-KP=gFwq%p>9b|1UX91Mb(#u$*JYG&lfjZh}v3OuQV;Z%1<|&($EA&v#&U%W5zu@WkzSIaQ;8YGigF&X?oi!z7%u`-l1c zY%vO8me_o>xE~FdY&nC^Ek^g@JY0?@pBYIV^{t!HFMte4nSQ7WHZzqCG?98B7Hg5l zO7)AyE|qKa3j?2vBOmh}TqRmt(xo7T6#)6Pb$+emLJ85LdU0Dv4I~3-@PSDt^b-zE z7NV1RxUW(Pj{9TjhHjNXQ&SEw*AOw+;77_J3^ZbblZaR+Ye8Vz zJ-6Cb3s8^Q?!-)~3llUV{faDHR$a_dF1bt!gCXmv8#oka4|+}My!eK$c+x3XkF+Z# zEktknyg<5>sH=xr$-y8B;>< zSr65@UI=HJ+-6VWQRFohQ7c?LDK)1wzz!ic8YRMc(6oR;i4bTFjj=iSEN_{>+O^vD zUhAZ3>(y3exUhwQLLV;Jc+sWHWjgcjK79cPY&2ee7|qR1t1dsh=K_15zUJ!0-~BtU zPj!MpE~t$(%XyRtHY2RIaf(4*@Dw&O0&59?KJX5mC#R*gOvw8Px&J!O@hHVp-6aWn zU~4D3eT`B9ksRtT;A)Q3Xux`1{8iV2eeaGnWpi91zrlXrwZiEObqEef{-_)<)X>)$ z@w;k!>Q}l{o(4`ZvD2YKnkM{;MWHvJ88*jODL7JiOiPxh3{ zvIPD-B}WL)+lpea>1$~kjzL-P%$t5woROQ&DdL8gjr$M$hXu>4RM*_KPOXtR`&?$Z z={KbMK>Z%UTWS>nI?2jV1ptZVdE&wlxey@e^oU4s+9eq4au9nxF zX`k*IH}*p+p=V0MR=~F8Nc5$}0mnMiUiV=*UMic|+MqhM+Rn{=E|e6|KEU=ru-@{1 z*w+zVlSzOKyi^6~K(9FQI_B$gnENiO#C;J0Wxc z(cBw1z#mth4=^;hEib>A|%I@4OybGz7py&49ghK!sb>HY3%Cp#%WOU z-CpDlj$z}|WSYYMvDfYv!umkZyw63%E0e7V<@cbeU_J91QPdHJ5p-*+jRqnBnLuX0 zX}t*}t}aKGWa&oaI)%pLcrOaM!7sq^Pbhsb&@{M6bXSU86fQ0R%brq^13ougOQhiU zH6bRt35sg75rqY4(D$A-k)ZzFF z8|B7x+1tt?oA;#V93}_F1lmTe3Yk+BYd%By+j?3dJW2kHM-ecY=i)Jo&}^?#OB)|p z${FPF=Q2L4_LK&S?hVRb${6n(4brl^Lk?k<>jYl-wTuN1*q1bWI@@MX0dgVk)gnXA z=I<3SZ$2XQRRH+p83LyPUPVq62eyVEZ8x^(N^Q{22iF{|Ey_#RcGbtc@EuR9H3v)x z2Z9|@{MBkS$B8>N>Z1@do!(T)Q>AEt8(R z6;}9|%<)ITC~RDS?=Iqo&?0g_ka8G2u@QjFkv|Hy5+beX5vTe_`liL4uX1q(pynr5 zAz-}~LX=CdCCiOwW{$Lm77C4HEBuU)QSTEgA#{C$pPU@9eZtj$%3R6dfFYFC1_J&@ zJ1_jOezfH|k5t1&DWf6)b(rU}&{)^x)(1{-!z*%nrlRIdIeXm+NODN__{QncSssPM z?vL$8S*(c`dNG^=lEG^s;uVj+c+yyBBODRP-*}8qWyk7(+{s;Ar;4z7$+86CFw5uU zrKjrm(C*aGCr1L;cu3pLK}V94aDZDqb4W=tBu|XeAijaOIXO5yy)Rc_-8#y-F+>>ZUCYbaKG(d39;Zw4z{_3orMS5s^43=^is# zB;>w)$)paBoo)AUq95tdoKrv9$GftrTqKvGBn8q|AvMwB$eJNn3#g=k3P!<`z#Loe z8{Cg`H_nOpLl%Y(fOtv#gOR@?cwG||UQeW3vIxRjtwHQzyA`;e7-K{Cn^LfJoz$}{ z)#;4>Fy``j2S3i88azTRa3eWd;etR?2E8~8&@%-tMWpRl2X=J`)PM7O&aCz^?QMRq zUkfO(PpBKKpA!BAkSmrcOKpWLkx?!G5X%hca}O!By(qyuMFS1volGStGiuAtZJX}4 zEsAO<3bfWVD4`8`f|C&JVOU3~Me$sDerHi>(A_09&h97Gt$;>q<}UNI?@#Ag2JB(5 z7F@y%IGB;f;J0 zX-(7g3T$dyoIF`nFp(Y{1h$AAyoI*049g{twv8?s$x+B%m6SXcS>>v{e%tU_Kv%1s zJYE9!S1EVmSY3+|kFfybsSe!%UdOgBo|qeLJ@0s$LX{>JIXPHO$-!gAykd`%>&m@- zBK`oerw;?VcraPWNzTPtRHhdunZqXqhf-oMNtTj4+7_OcT|;lypK#0aR)Q5^est-@_g?z`HCK z31NJw&8@^!O*$C}m?SH!;(KM_DJcaJu99!W_xs1{R~(^CH@~j4{MV=|%4{d{Vz4cD zN#8Ij+L4>_5NnoK3hW65b^U5}3*99!X!OWq8$la$-~GpjGn_)xw}6ta;q=)Vjj~)| zQB$;)`vD7CT=C=#e(gN9m3#b1xm}3LD$osrfUdd~o?krF;ZQS)0oLG=P=5PHoHc7)o{BI*aBO0&$Y^jfIY_ zN5XK+sLi794$#<}XIQN=IJJ!2f$Gv-_9$X!YK|?{bCdLK6ZE>F^MYxS(by=*`md9# zhFOKowsWZ4`AS)#TlsZCPyVX2$A5)s{8c;Aetq=%^Q#eiQlL~BbUObDy2p{JK`CAP zoi>o{g!wVPW;G=3jyh$5<3eSTo+`S9YTu+g08zS)&Pg|{KT76~GGN&rN*B`&E3hmv z%62;r&cy5SY{3dqmYCnDG$69EJp_5SSIq7IQ@L^dy2x22sfnxc(A zP)3O3r)w0Apm0o`|*NEql<0VToESYgI zuz#;Ovh!zazm0Yr6?6Vza`$G(^myN&@WOuk)Gxk6-9Texc|5K)^8s?!hg&!snAE!S5{h;~-U6$DJ1x9G zz#3la@dMlp*OSC>md5Ei$Fi*FeU?W)1$(C64q)9hHibF>*mkW#SnZM>8FVRlWVcls z1IWyiNXrB3U0j~`5wAj@5vV9rOY|rV|A5K944FFin7gWm0`s~9fdX+o^$E2V!LU@a zMkf)kMEN9yM%nZSr4@M>nulJq+?kouhqpXgn|M>Lm4*?YB--J}{XxBBJDFCcFr#u4 z7?lcK<~;ghXLQwAPgq09+ddeIdv(+WrX11axCHFky3xi!_0=ivfv>8AwG&EDmBkK& zfJMMKgD?^dU8Jmcao%rs2_kezAFP(4chPTblotPAO%M;*0#g^$>~yaJbPqOq0TZ|q zEXu0XVP*N+-n7K%b=93yB%st*Ud6J^^1>9(=^EkY04(k+>FU)UvVA~?4LY4$C2B6z z2QJTXSOL2joS#GY_9DmN5Il7WkG(UGU7n*ov`?ynoezF`L;s|gh&lQ4oZ;*5;Ps1h z^ZwhngP;8t&Rbh}cTT-L$9~!#{8Vq@#~)f-P#>i+yrV(b!T$VHt&tzvyP>{IBf*Yb z0BZ_0^X6^6nRmxVqnlChV{hDs-ZlF3_Q&=?!CTZL-PFao+ty|9_QytRN4n*-293~M zyUo3AY3|Lj8K?HNgaoPVH}`Y!Q?t1vn~1vCxqOj^X27&b_?*ztjwxvMCc;{)ZOWP0 z5m1m!U8~nBqK#bC6L%$Q1+_0Y1p8dV%}*Cdy76y~*3bVp)*c&kU(+4^zyB}Q9R2&1 zj9J(8Z+KrkzdmguVXL7DXxZHe#aFGr5%+MI)bS2nL3l*!2k%;>6utSp@WuyEN~yPv zwtjq#jC$iW_7ncY73c3xNGNRVjcM$iFF!9Dt-Wh+?TypgyK_5Euempu&E}3>61F*P zgof(1_wL6=dvA|kfbM9W;d%{Ty#2Y^VtWtYoO>g-Lsq}_=J2xF=8;R|oo>^+G#V|w zJ#T68^7tJ|SI3({D;T`JKJb<>&$L_=^V&s$CQ6&rgFv{H%zTt_h4CYS&M%>#R|=kf zr8MObx(31!!S9XN6YV|KFQw?Untn(7^IF7JE0NmTgG<#HCUmIv{Ar0YCyAneUq8O@ zny=AsT;cK~{nKfvf5)$PqkKmI6vCzkpuXy+3t_cb}!$Z=e-MX~;cpU+#q@b;Odw4X4IIvb@iN5Q+ckGwhh z5!+K|&(tM$W2%D7cP(GJd}jZ&NwfA3ylMZy#d8}8zR-C)V8dz$Qt456zUod#-RQ?$ zmk=H}qBdiO<=p#w8;49IHemoYQtS@$z^;MCR*TwaqqSJ?ptbO6f8?4 zftZ3jo*ufa_h~l2>qE8&rZNvYo$EmxK=utfY6cKvcpeD)%ss?cY?`q&M>zOLO@+n5sY!J* z5vxLYo?~W`VN(Jq)^u2a{_r%q7FT7 zPP7!o6>EtH2W`J(v-C#nAV0PZN#1+4{zr{1@BbAjR-C_OIcpDX4mzFTzzk3G-(X56 ziV<)2D&lV>ATFwHG5k9*d&=@J>m+-^bL{`k<>=+bm%=AHs7dh4!EwY=&v&K7gW6dL zn`Ka38nB;`z+1>o8n6hMsUeV7p*5ttt$wGOf^|BbO#ySd?)Y;4Ws`u`qyyOXph-SP zMaiMQ64D}dqR@%NabH>cv=yl#P11_eOOnHDsYo6JhFktpBZxfmoFV10=f_eIS(GxR z)ABDOWirK62|-7SW{gu^$(iMG9hkLFH`CI(w~kpMJoxIs1;f_Z0!V~nvUc!q@J_AM z72#xAcBxynyZe^k zbviFZSn@w3bWnJ~B`(>A1KP;ECX~1T4Hd}re%|DG7BlfV+AaVEe+535T7ih@R z5ewhXN27%XHC>M8cYwFD{4ieN-|j}!<$#TE+2`2<3+E$-pQ08Q=A9|K9(@QWx9V-( zdH^rYNB8s5Vl-U>Y74=^!2NtSgJ~K~0WSv-a%chW!};I=UgOoB8PWVS0n>G-Bc1>|wfO_u=>kCdTO~ysSq*x(V3LXtA8n zJ_CC1aCT34zs?(YTRBR9r_=S#xh^|%^Jop@A}{M%bPd%Cb1cl2Q7azfCACBfF6GIA z3hU$=qhE0+lSBuwwG$50kbB*`#Y55U2d$F4K)%VsBad_`Bb{*}_JmSt$Jcji*#0rU z);HXpR=S5-zRz+aph3r36X4#ekg?=BQuTIQAWyrj*PV>JeRjsUMK1(p*?=Ut#llDN zSKXvk-ddgaUBM<}KaXCmURxnRk#KxtF+iLMA(DgG!?Nr&nU zR4VrpfM|+7w)(bT$L4q8N=%bq#G&w@E)h$CrmI0_s`l4?Hi8YN*-vXO5dWalmdQr2 zQ`EX2c@2H!wmevaB?oMc1P4S2u+LGAHuPsu6ISx_|>y<$@~Z8wjlhYu9-K{QV_6 z!_uVua7Iy6Dr6(dNYs5NQL4n$*eb6vT&i%%pfZQbOvo@vKDoPB+Toe zhOp_NGFV!`$r$kGF#YIJ*Qg9L1Gr4cW65uKJZiH6aKWWlH|~Os3TIqn{H1?B-PNIM4pl=|oO{bAccRg!y3cv^9XX1+PlPMx-%x(t+qpG3^c~ z$G>jXFTCCUOQ#b%-xjG-^R$C8J!C0*@2h&&Xpb@5g_@@oxsb;CPpH-dA#iPgz z0Ob%nK*H0%QQep77dF)h5?~U*FMwIW2L)KUKHzciOlMXHpsw;L!n4BQfFSi~nezzB zET6c16!|aexYQU0t#a6+L>UFDO?wJlMvE3rsIW8ubSd-FhDowqDN-*Z1xG%N&U)a{ z+Gu8P4+`Wcox2aCl)zFe zAMmi1fYsPKwHCmb8nB+lm2uMeT`bMEMxE1D)JweTpsfHr6qSzd`J8&$5})alo@Q7? z_9y_Ab*=??z3!mS!|+9*)^Nd=IgiCzwJ!qpfEdvMyOn=v^XQ(J(N+}jtow8u;Ug(J z7_d@e3?B78pynAn^?Do_INI&Y1exvuDlf)v4lYmk4jj48RY+AK1|C~Ut3T*gE2FJv zSGzcVU|j?d-MZ%HvuA5-fqSIeKw@rC}j2VfA7#5OkxsmmFRkUu8giw>7+` z<{@x(0cY>nEmK4A25*D&dYwyNYx;&$E*GhIVzPuDzrnt$hnDmOC|#_ZN(B?^HSqye zX(unwrjKZn`{eMfdNVL5vVBf;*(An{)$)=C26E`tD-2ExCF`<- zMv`|1M9O*HLJHHvvF_vXK!=meHL@)jL@`^5Lzc#7G%mcCZ6FsrCAnov3qh-}u9CG( z5_Mw0p`@eVU_OD0D~j)2GACl(%?Qehl9oYUz8$dPmggI_W$6dMME;0PA826GmMZo8 zY&7uwAsf|;C>OERz-Q}9Y3l&nroWoxg2x9ISL7L!v8xQ)uZW}&Pr!fNyt84)I9``x zOAH8Ul!JPuI#4&L{OloRTdZB9((x9fwT^xiNVX(G4uq^exRHIph{T}{I-Pd|w&Z`1 zT!5#r(eeNgbD&`OEQ6fImDwQ>J!U%d9*pV((yDn(SoOjqkhcWQ=TtUhk_QLtbT0t*RZT~uEZ?}X z$OYtH@mgb)DCOH{ku!veDvnK``6PiDLg0~prBVNMzJ5SS5W7pb|k z_!Le5)e~=ZU>#d2^1C%>)nV(~bMRUoXf0_fl!X3az}jdf{X>E%{RJ;&0gK<@5~+z< z$H~hlC(63qf!CDyLyFUtCmAecr0nmQ@%Q<`Kvt~-RkP5GCayWELqWGUNbPmp_K;V*HpgHGp1 zo4%r~C$ZAHWwFh~t6TV|0sG`qW{wQgruy53Nj=jKp^i&|BPT`B zj1ovkG#?s7RLvb~VYVDlpTGb;Lz)LrGu0vf>oL(f0RZ?hPJhM+DJF0v6C3re?xRF9 zHloKNU-fJ!z&+Nt0Vr7qJqKQXa>(1))s>NERT`mEn~1U$dB3Gt84_^;g4^$*aq`+6 zABgh zfoYq9KUQ_uIfi8&oYF#SYI05~jhm5DkcV?-rwL0v9`GNq49DfC>?*lf>QlJJmyGYJ=T zc)W>!o)O*EKs-(BtHaQ;BwP{jdc8 zMYtRgpCJ2;CKMZMPK-0yfGsdpF1((7bYHv+KVzf!_Y=q<)ax~1<0+;ajy{g2 z%YZE&h98=Xi?ckQvYUrFWb5giJTvI~(R@6+88~FU@HTueyj_mw_!a%w%V)q+>Omsq z2lcDj^gRow^$GaQCgEaPp9K5HO@d9yh$?Ap39h{nP0z zk&~`)B)-zOi!5~f6WYmLOYLMUwz&80%5 zvD-6`>zkfL)aIgmB~!1G2wj6<2>6vH>LKGVbd_&qjg%s$%u8!1X-mA& zTQtsCk-3N=7&2(8?-zZ;Pia&{ZAMXYmR9&`K~*0Ie0+TuXcqzERB97V?)I3{X)Foxs8;#%MzU>dd$6VNMQbI&2PoR?qfL z(i9~sk#0$3kG0|J6lSOo#cbO)u2VSmm=+4h2M(3T{Bf*Ho^`H^Z6(&3>ar)?De5`L z(~C;Hx2`TDRaTT9pC2g6g*5=NY$mF5k1yMhOS%VfrzFl7q3l+d0Fm@~aBgK-J>@fd zH5x*1K$8rJ=Mw1%DzpDwmZ&J<5{uN%2TrXjdi1DL7L9E;hXZ(8jKXYW(1Ld9#X0L8 zX{+znkP5c0l0>I2n(}8#?9~pr)uBc&^g7Q0j_m^SNzhIF$;jqAeqh%EdY6b!XDIWi z+G*|>$QmXrCXtJPt%P&;#bV8st!kn{n0aDq3iN<|KO>bY#dzysId;q;IUH>oxVGjV zSUu+R6%wqNrU-MJgw<>`=$>F@@o*3x30viYN85m?NFx!b{g{irvK>jjICT`1JSFg>uTtU5N^lZ~tjCw}2XH|T{xxA7#BM}erA#drFz{nG&+6C!~-hCV|Z4%Td7 zvW0e%e9KP45GDEH;#;54qe!y7CUep`!Ud#O)2DX)54o#$4)V4OnD|^vAR;v8091!N zq8bnTW$R%d7i^l9=CGrRJe{%Ocs_i%TP(xrP#GT!l%wP2!jw_nj6RMgvwP6{=Z=0q z8Hd-C5!%nw&$^WAcBZU4FyfWP$;P*AJiVRG??$?2YdmN7v&CYJ=J^%o4$qXydkghu zH{o6Qegr1}O}Gp({TJ-BZ~{((@y%$uR6mdYIl8-_g!9kv-gtU5o{xr0YG47s)V&)G zXVcl;c&Mz6#poXoqv>)SPV}R{u-P1Qf@h1R8u;y4*_qc5i}4g{eCfuAPyF$qu>E(KU`v zf8OG|yjPDO*ppZlvJ|Y>=AYC}_D>Vt(UopG;M5oB`v0O@of$@xeJ&%Yl7eC-xyfDU z`H|>cA;5hGj?2c{H1cE||0uC&)})uo+jWc{><l}AzK*>70gqcmhRBg-sHl+LuTN-}q-76||BYF<9;kNz@z3U=P3 zI}pzhw#6V$lmO57QtbgRd9bhCORZ7 z#bPhg7(^`|D^Lm?r$A93o|93cS_1-!RvKEVQvfK)%CHK`wn|?_S#b$~TSxC;4x)4LS}?%2YrQnQsi!K4y5g)EklD?;PF4B&sG;^6wS}@ zf_3j8#19vN+r%)7MbO2o-@5W#2BC|-3%_%s8GBP5ucgv;Ohmw-&n4s$thsy6PkpFS z1S~0`p#=yp7OQHrsTG!DzC&cwtPm-`Hg5yc1vG4eHm<-+YZXDKP8%FHM^Y1^NDXSpj$(>7(ewDXJZ2I`Ps8tb;=*HmM+}r)#go0IVcs zU6||F%YATL$HDy5O2hnH#O5(_Lz%tUGA#4)( zHzJdN!T66b8;R#JmS_i0>W>x zTk(98;SS~+EX}1!CsP1Ci9Rj3C&2_l8x`o-GQS3_k%3?O=|%=#0SBTD5Elr9^(a0d z^Y+4lB4BRZL)V&^FDcoPioEEsv|O~X(%_# z*xw!yf`kj5lEVok0tJof06N376iSAnL6gu6#g_oXjDiXjIE)cO{00;PN9(t+5C>;( zt;8A_UP|q9G>L@RfYRcCdq$M78s2Gcy}g%|ae_s{s!wGpc6-p{Hdz+4H3!k2>7*an z+OaJ571W!>vM_oq&Jy*^C7#hAaDxSna*NG?J)Fv``xY0upIisvD5;w(OJ)gJ2b?8h z!xN&ysS~TBFx3VTx}$3m2;b3L6D}5f*SZF50;+YtQ#35k3h|4+p^ZEif9z#V83lGb z7-C>`Ug{p@Fgs;DbQO8sB$p^l_#R*|wns20DbifGlh<4(RSv2LT{GxEb#`Ek90@Q; z6Zuu!l;U}VPDiS16}ty}sWu;a-rXx-7UUoy1adzGI7J(U%556eB+W<>;~OqhCqck1 z9r8-q7uBjT@u0y4>pdHQ=@VY^OC0lAUiZr@*?rs_@B5l%fx9?4fR&M0atdd}gHGo+ z2&O~OA61#gjty!j1(rTJ5XK6opS$4{jA;6WT*tDqTO5Eb4O%DQl}<7zKv5LKxlL_s zB(2&gxrYK^^B>hZ(jxxEdPj1)Y2AL&;cD^6UgT0h5Dj_OvfWM)Rwg1xm>H9zfLeVr z2uIE`8gRXZ5hFuc}z`A$xBN{+Wy@v z_e(C+?T&n+nS1Fbc*D5`L&|7@*h=LdA2onoTJsFn%04L4Ra*crMO{0`hfq2ua=Y*Q zO8EddavdJlww1B9bv0M(P2K5SyjAu`2FTztVv8u-x~UG6)r-+i0zJ8S02}B55diOVy}?K;Z>g%`CJ(4_Qw1!pN~!a5+=X{T ztQJp$%rb{OsLTQ{3b<2xPTp2Dq7@6g_X*+`u!hvrO7++yL_z|UAVB7nN+emuJ`J<< zQCaoqV;GV)VoMZ#y?VhDxZ>VtSzK7xGHerE^-K1*Dwjo!$>yC-s4nwo=S8^ASz5}x z{KkbH5X9#(SSyTvHFh*PL2UYx144)ps$~mna~n1kBsGg%$=;YAQ&NhcqSVaPercfv z)T|N_HPuoVUet_4S(WOCP+DlSk3poEMlTC3aM59hT`#UWo&RKaL_TGv*!hM!_Ry`s zMxEZWo_AW|yY7nje^JebJCVzX7e|^!;pCKzt7*U&3(46%N6f_6yo{hR|H(#`l9B_Htc!r$T8 zv!Z!2;5=M)I^o@DJ|2dPPN#R#S4!HDr#$9YRzh2E=c6Qhbe5Jpm)S3!PVcg>9=H>K z$SA{?)*=RYI(H)G0?Mr-^>2Juz5AxG8z;%OC=p#GOgEKG60UwK<)-4_U-Nub#p)M% zwc-K0&Sfc!E&C|*jZE3NNRVN6$PYX2{QD-`$y7!>VDEFG1{SdQ)q$rxU<)qOlKowl zWP?w|qb&5VCsicPGk2WlrJ#r?{_3Ne3Q|JU0I+qXJX|&IHW-!q$5cGA&sqK@@W-pB z;w?P@D3KA>i;dmIdu1qN4!%1 z@;~Q1NLZJl5BNV98}*r9cM;CJN~-mKf-fw&eB!C!82;{;PG|HmpWTlFb~nDcnT*&d zTr8wD;g{R=*&y~Q({ON=pBGqmL5?h$Bjes$SX`JP`ng)?dHC0vq zMW&qH@*-0QcPH{JOVv+%NLYzQz=lF8H3{7ScIyXhxaD!chS@I5Gj;B>bdx!MzWGhA zvZ|B;yAiuAQX3=kCKp}^*y#6)mszeh(fdlKLM@59^|$JuASURa_gQjC1x(s|zEb^s z&v!6)`aS&b*|jVRUIlFYsLsGJgIjDORyRa$W!a`oaLXL_OzdYgPqxvsqdY9Wub-wnpOx2EqxABGu z(@mxX`ZeF?kX>?}mBkasW06;BECV*$9QI|vM!76=HKU_)E3-Y!@fM!^Tb9SL;YE7j z0sDLP#HE^Dxxy`W#}obpbDETJ1pZWO^m`>}y3{kXooeBp>rMU-UaG~IKk+mMiJ!4$ zM)0r%QYO@|t5~uy=XhMC$aBsnB2(vKk?oXBRA(ps6BqJfgRPMqRqwIUPUd*MIXB+l zWx9!#N%2V(CA;S7m+#;6KY74DD{UrV|3#Zj_2$3iZpBwm!k_948Y3`mBx2bkRVd<+JMqk;ZaS!^|Z_XPOkRW(i z*T1FO?s-ZVfIgQdT@r1ZtZ-Es2XxM8HUH~O7wyKw;A36ws`u4%bHB#J>-x8fYPaJ^ znivT|c-T4vW(91srS|F9Kn2mwqyb~SMQYH=*x8A)-CjVhx%)<&HW}s{HDE1VW_c`A z4svm~6FFSoL)EOAbMmcUS0c>{7Rns;4-_KTx!SQ;cCFN-bD6PNu)pzCNOjrG|7LZ| z;Z`PeUWW2f(#K#7f2)d8qB^_aX({<8vx?X#s(75`^d)%nw<_LXqUAp-S!N9BfJKBs zS4i(@tODzCH&+Z)k#`M+ndX&BXzX9v5YpanNuR!vSO{*_v3rqM*aUSB6EfwhO1ULS z|E-E8Oms{Qpg&}%)DV$JJkG2R_K;VbiXX1pP6MqB=oODL7MWG7YI>{x;!c!#w$BoE z$*Duf>n#p>&LdvDMh8PJqqY$eWelb4qZFySEa)ND8>gwr&(vi0|9k5t94ZU`x6@Bj zuGEu%x1Q1_LGG0RbySxBQ9Ax&r9)$s;0brsyRXnUKFH0MmQJSZZ`qcosVG)ezWK%K zG4FFBBB2kuzIDuz56i7cu^%Y7$3@OXQWrx@k+ASlKA!!Juh(dtpco#PJZVU~JJm^e zh{SA`m(_+hTAj#ZmEnUZJr{dm@vODR<6K(xj4aVA|03waW3?q#Rbqq+-BB1DQWuQ6 zjc_eL^n291_ml;?JvwD@A+8(3KLfaT=o` zq(uDvRwj_*q?OE%Qj{s*U3EG)#}&JltdO=Etd(GE2^E>F5G9nStqzRa#URyGKMYAq zYAecg!}l3NPVy)M8RjO?IqS*hdJ61Ye(b<~c!;Ijz3yTh4)N74gez0ui7mWd@+Y3h z{*VyMMy6O!r&IGxjtE9a_}0tHnp zC6exMmKWw@&)V(k z=gCk@oFeM>O#t`DXClZNh_+njJ8m?0M-d&ck38aOB&{oWpB1nd&0BVHlEmpuE($oz z#?dzphXXbPulu8EwEbl#z?NnR8;f$MJPfcDh4f?%GKTQB2BfJdAu(Yq4(v(f$gZRj zm+{*NmPJvO=ZNpS)?873Hqct_xS4 zEj+ckc3>-T86Ro5DN3R9CI2F*m_ymcLjI=ZVZG>O2uYOU^&&Y-J$&W?bI{S0dP5mg zw#5J!oBKDIIn|gtYaIXDPvS~`CthHZ2y(q{dVmJg1M(L(8T{V%Vt~f~I90cF1}4!} zr}IB4kw;S^|6S>j0h8aD4*8k{NS%1+gq?61Y5aYbyJE$ttuJvkzr_H?|AhPf za6hi#v5-~snse?fr58QQEYaGcOC^%Cv`RpgIOg}T?B~W`;a&==o5L)PWFoyR(^gML zqTLwukdCn!eSf&+Ab3qYf%WLW@bNy%k6ef&va?LtUTAcKi^qt%fg@ zX;I3uD*fpKXn?wR*$dr*f=jHI#>#jH0^*sph$F}4>)n4cZK`7R-Sa^tg-pN5Kqq1x zQ^eesYPlN?wW(o3olqhgdkY%-O+9a~1Ml|6Dop1!s#e7$aw*r!x$v;Z67q_Swo}pZPv^ljQ&`d>1D& zI~(5cleIqPgZ-;c=PR(d_S-`tBc8A=M_B(?L2`kKq``fFz()h0QJll8VLmw{ZwB$z zzopXE#1b%3TUSSHARRti`zen^6hl&%TNpiK(zcbqo+y2NW)9@lUtW`T%EbID>eX7y z)kv#8f?3G)-hNeiTKiT#U8Qz>gMMWJo4*hmq#`00d6;IfX$HKurT^(9XjQ|m5p%1A@eDF@EEixhX@1MD> zQ0P06MH}bCgGOQxkaTf+Ro8HTA!e&LEk1&)>Btp^;*4PF@xFU2wN#6u1W{c=AyTUp zh0f75ON}_}NEyh5SDFg|o$hn_$fHB6q+z}8gg+JCzETWUeN)ov+?N`{*&ivDr#=ya zU@9U}6g)q;1+JyVtmqYeX9sJdEofN8xjtL&c({FC-Z;x8 zL|DsyqZ$d(xDe6n>u*hR?k@;Kmo4~OY$~3|MPp5Q^d-%n5)p5FaxtRQtgp9*x6$qw zhhW}%;&rtq=#_c4&m|bmBHE@|l5Lc%39QtCv_YrnktYWHm+b^c&TV(N`#dW}R9k1- z7WMf>&Te8{_9ha!lvG1UtqI$Y!c3quVyY~%P#7efVfd;)(dquw?}0KyqKHO64abuJ zp0yRg)iguzKKT?~1*#u$pM^&_S2ZqzH^Fr>PId5%3LGnm6a%sm9yhfuQt@P(qWHi= zA-t%7OX=f}5LyP*mK6Y%#hPSK{j}pL-#~oHPC}p|hK*yI=1|sMJbOgr!{=Ud+MjsQ za+coqS%^5!a~yQbIWkI>IqnA*Wyr(hY^kFHpQaNXQur}-ckDzOKeyA}Z_C{ZB1iUH zKD(I9LW$7NIqrXSJb@!qwM;d#257#ypY2y$I*IF9Ap~9|wOyp98B4NsBl6c@63uPXf|;X-Z`C-{xrWZ* z5mAA&y7xn$-J>t-I*Zj#|Fq3m2%JME+n63$KqeErr~7mwHnK<@R8y^D7T`h#s8D=y zg)KYz%k+l=TQoPcZ84~6U=50^+NJ30P&KTh(^`<@q-o(5FuJdY0@Xl&P^%621N!;i zWnZ1;dbh{dcfTN&18vye1wNO?toPQu(xBP>MZ?CK_TTo^dDUG{cmYW9B`C`>g?3kd zRr#RPxgX6RUVwGpqB84TEzOPeLb&s*PG@8c4(lVTZN%5bCxa&cv`m5Q*m$=SuR9i! zTd(S~mX3va)+V~OP1IReY82+wlbNNo7DO&Fwx2<$a(e?lQ-d9kVyf9c-4Bgl1+4HU zeX>1|pL8}4*-Bpm5G?_riW@4b5>A2V7Ngbo?74F*OO|G-D7ONnkcVZjVXfQJ`D)>4 z)e&_&Bdq#~8T?xRjkWa3=C<{nHJFN0*V95ZNr_+=Z!Uk*w%EPMt4DB%QcXfkKF|}? z08OZq!bl>*YB!VE+-bynB9mlYC2R*&;&By~tk;dRB%$2^}ayB4_5GmN+r}@E%_goB)ZAK4ycuxrFBy}@o~39PYgDLfC1+xy4m1*!WHc+ zbtQ`=Xy!)YvSU)s5CmY0FRX=015yAQgK^P54X`%SFVqk}U3MU~m4B}gmJaJgR+W}& zW+gE7!JzcvzN#Y@9vAyY%)hDoO#p=stJ=YJ^-zdhDYICwB4Rej{D(8dJdP_T9N-ap zpbJ31MQY6ZMaafWwurVOt`fn1JU3t&4sh)CoeMN~+~uS0Uh4X~mRO`N6+~l1FCK_V zaBP)O$w5#dHuUhCjFy3)mE7v94j&fFc{mxLIEngdx3Cx1A6-6W&fl|j^JrcfI{1xU zEwvR}Xw40sIqNz2NXYZ9e%-IL#AgkFOJywi#Er5nM6wPXrMUF%DU41dZy{QsNL#Vz z2h@9yaLY@I+oKWy*uF)RCp)J~`S*(@VSG58OFaIqDok)8-w4b2;dcTSmwyq6gQaea zO1s6d(FUu$(0^D7HGPFmBpe(g0zPpL?Y*U5?bY8^tL(7C`Zy|{$mWz^PS(2t*22^3 zVNC&Ok`3VwLGzGq0(%}Tp8DuJ% z&tr&&=R_FvMS@2T3Q1*haJYSy1xR;tz+!byN*SqEwpmq(ZI;9uMH`WE_eMueK^xVh zchxYhZP{3zHi16OrtjI`)&ExDRTP1E@t27)Y0L3zfZS?Ra9-;T={DK4p2#x)jLnBFw({gYWigj=N=Br85|@ z5CY?g!z9Kn)KY2T&brX`_J&>tc!Sv72F1o)%I4HvnIaqyCFF{Ay?=L2*0=*5(ltMK zwUJF%gO8&VC1AYtEF#e0qHmIkHFiiBe;9N-o$>T${Oy6^(&gpHW-btk(^O#l!D0;f z`s`4zM|pf{s8{<{J?Q~p(kDZ}?6Oa>0vle^+)daKCldk`Sy@(^I^Z!&9+5yHbrBee zr`^dp(Qvu{AA8@v-L{eRnZNlIedKSyNP9@|BFl-ntdkMTq>r#rlv?A zONXiNaY*`PhL2W=P{U$&L@ua9tm7NoLNJ^w4Hfvsn53R~1MQkxB;v zodHFsv8$t5GV!VmUa_?kuPq85=c+wOay|G`lV$iuN%-g#&6# zo>i&*wKEp?*lrn*1u>0arC@iN0#YYflLb%bNiNOO7O)cwSi(TK*SX)7H$xg193ytX znsnquF;+RMBuZl;L=8IEo%d5oxVI)a3ycJ3Gku53)L|#+IxNQ6uv&950SoF;#J3LZ zcjPy_bKM#Cj$_StaoxofQcq#LC9imuI&hWK7}&<<%a`ZnJU3qCS@Hl-N-c8f1JLli zvjLkSWZvq6mTHs8AeWaRGgQ6-$e&6+1xt6t;w%-f1w^a^(e*z= zd99iEOeG=%KIWLvBYLxY);6_*WgDRo&Sj&x9`V>7jj!$Rr(|M}Z(d*byJU1px^Mc! zPNnkPB3(4Q?HGJVoKh#ahiEV*M!ICDuU;0ChDQP2NXLKxEnOW?6Le-cvQAVw4W0`f2|TI6rGDr+(OM~G&#J`dkq}S>iCRDcQOU*> zl3Mc2HcAyNS;#G@r(>Fvg1FC>%CtYc>WoJd`*^|@8nth0|#cu<1P?n115->))P4?=4!;u zXPy%&%4gpYpDzGJatv;oN~K6o@DnmEPYv*=MgAj)fS|=7*hcQSg;5poX>9}&>A3h^ znfk`eZ&uUXO-;$)Wf^iZOq6-?s|5YV?dkY}>H9mMqZ%--8r;)j5z!cOEGE>W;T;c@ zi=;G|`VRB5Vg)OgxQh9jn%Vu4${=i4``SQMAQ`gA*c&@%0Z63GE|*Uy=gh?+$+0>* z8Hplt5`~OTnoQ-w)Ji&I3=w^xK}vC}WjX!~ls6cfbn|Bj$J*%oSi^a02Bdr21ZnV} z*g8AsL8^Nt9t$uvxF@oy7`Vq7or!ceWUfqs0k^Z7&^Z zA|dAT2W`Co6^JN>kfvg%T8&1le(@u8E2oaw-(tzKOG>ZM?b#x@`9(l@+8HEhIc4l@ z#}+IsL>=ri*;<4Sz(u!j@O+?$-5XVnDr*32JX?p6X=ZcvnACgEJ~y%ynntH6mvRwz zJ70?3PBCZrRm9Vf)Q(CO2mYZx5ALgGVDo9Gx{*Lm1NT^DI)ra#gOR~g&6@))4y9@B zUJvB;iJ)-6%qpbDP8uq;w%NeJ+gWCoT$+f)%(dBdk zz&D5WP~6Dwh0y6Ge2P4V%oC(n1#A&4i;Y!m7IVo;Ba#qu43xR!dHc2jsx~r|_!f2N z=iUcqR5h^XvgkCxy>~6r+sA-8td%Slb`srqT2VFOl7;;RNrlGW`+W}9Shwa-SWBims!l>2& z@M!QxrdavR9c4*4RKFu6_ttJ{J*VO-x491NN%u`>IP1LbU-xJ4t7O`l^{1De?rb!9 zPky=Sh^L>cRnEWI0Rz=qm&|mT%lEa^mR=M7xquX{vrY;+7xxv0Fw-;0%QBQ}_p+Ry-6Yw%aP)EB`IWZK;%QRRxKB$N#NT_No zVpS|%K8Im78=pF&=#L!9uw`c_)^7FiaKAddr~xliT<_3RzqYTh`Zt3rxtw%{UAs#9 zv(EK<1kGIE{Av$gk8UPcM;)YcUGpJc1!60SeS<5LtaDxlCAh*lBzjvoz`}aYWBc$U zgU1#dDxfzYvJirl6=T0z32`XNfWB&S1wHTpGF6K1)e~>*MsyHT0#f-gIVe1spe-24 zFH?=-Dcv52Z4-C~P6t7(R|7p-!1z-#NO`S*J`OG%Z>^ytV#EPqKH#kruZ}_W(8+&#GlvKqj&w`Rh8Ip?IG!3lK${=G#S`ES)@N9 zMWemWpmSxD*{Di-ommI`wfe&@sHi*FRbu~Y560J>$$L?_ zKkW4IgB zJ)Ks`L=57_u9BuKYTG<0QqG{*zw{jdbH zzyjsutV~p3kq52t`RDn%1kho+~wOwXRBgVnoJ4dJrxOKkF zoJH~}lePP65o2m?GV574S|+PrxVg=oLR%1|#&{$MBPO|9S!0%SDSvrc$dkRnQZr2# z`p14QJG0NhaFc;?Fz{7|Xw?3DS}y~euz3b|tbq+RJQGb&dZ7F*$x1;~fRq{hp1iEl zw@9Ko_h3@BBWgih0WU#R@OdCDmdGy_FrIxgsED8nJdUdxUK$8#4)PTy5NtT4!Ga|a ztsxs{?18C1FB#<^`819t7i$W=#s;aD%yuz+EgUT;7NYJ3FuEXgAOx}~a*#h)DyRxl zr@T1PGhUt06~q?;4(OuMs5Tl6Leq#VG5)E1PP6q{JdVNNeI!4S?DK{!uS;ALT zMtcSyIEGULlfvd{LIF}7r*k2dN*p5E%l%?IStNHEe@W1UfT|X)O2z$iHmI@PBpy#5 z@TG|%+9rZkp)*8sxsQ&rREh!2xA;v1<6D?zh}fk9uOpdv)?#xbJq?`*o!E6>Lnr6% z4ggfV55*`1U8P!)y_G6q<=B?Qn3qsG*uZ&wAsRUpZPM&&E+KxLE|+kH7vOaHoF&MM zqUmIg-1HGRsC-=#(A^1ijIFGX@*>TNQU$D^W3osgUdS+3jrFb?7Z&)w=I~MFzF(VQ z`R&omN{7VSmCBclWA-ItmFbB%-R3Kn$Bk{(7l7riP1xD~+f8(uofX|Kc84v?c*9c` zD6G9WV`oPNE9*~e1wY=U_uS0?vn9xaiLS#arc&vPAOVDrpu3o!MD4wj&pQvu)*oMj z2Qb8C$yCPqf`GozerHo<-s!kWl{8=e*pP-E_-DsWPR^=C256SuF`Upqa#cKxSQm7s zs~SvN!Q>QCkSylw4DGzf#)U2@y19bK-ocZg#$)WLs=fl92hJ8s-3gfbEPwg=OEuxD zinDAdfP5&u_J8gVuX>|FrP8tt+A@XEFKM(D9cb>6Ay4iklUMMK!(h&UQiEd#;4xsM zKC1JfP~)iRHq~Iu$VopR##o|+F2vWQhQDSTgA9}+rDTyRamYyz@ADJlQzt;*ZbxiE zAg4&4xJm&6fu=G>GE2aq%!Zp9Hs!#itgXO+n4UwvlSuB%2~4e8?t0r3&M>2bk9X9F z@1!|Fv5q`S^1M^;tMg7h%{v`q8|eLO*#^ku3v>Qb`SGPA-|SLH2WxXZGG-ImG$cjH zyh-1UyaAx-w50X6$YK=`fX69uC4XHlmrzcdXL%{*RGx9eZ^wm3i%R9UX6vGMe%@%-n$O8;-{zcfyq=)1;~+bRz3-{e<$2FK%)d2~n zrdZ=E!Rh>RO*-Q~xN;?x%Cl#rA0&vA0$IDrwz83$C%qau639v&K>yn7`%!e04 zNwSs9WOLo?j4=o~EXgY3X{ZG^$eI95e!?Sh4`@N7uv-1sga7+~^3!Aya>->9H5QZK zJr>;m?es25!nj?pKR!NMZ0=hw_v;dhSl5AkU09p?bo&0yZ$I8PUs?_8W8LLGe6g52 zmQ1uzPk6}OxSquKw>WZoOI_c(OMDM+Q%K~sz%61CLU5sqT_v3?k_L}R#64OJQ7q>@ z_px&iZFJIv`|{HIoPBT(_a}>?=mYmspT=s*UD)H;IL6T?;C01f+yZKiq}zyGrSb)7 zS1O+XuO^#%E1N3$eIh*?yAgx|nKl^7(g zg%2Ofy8WS>n~){*B(DR>xRdpVe03h*UmeVqS~$6q%^@qWjYIoH!nC9cZmqd-B8?yXdP;oM`jUoh5TrVwS`f ztJKH{#b?nPHm&wHB6lKGz{;$6-a_0f8dR?PB&nQbL9K-N_X`%0T6o+R+4U97kEpyx z27JMmYh~;eVm)YeK_wHb9=Lb>F(9=G7_l17w)k(Oq+*<4q$0iJUmL{hFv3eDtFyfX=-%U}64S#e{Ju#w_u9YEq?&ZPd{T4w z(-)akeIJ1Q2)wx3-zZoDlZteV#pI4H7LY0oybHt$PL#udtZ4;Yg5(>Dsdu2etHIm2zFQ?iYBjNnWHEPqx8_E%d;rUePf4v7(?m?= zSc{@lnh4R!lELX-iJ1(OYH69jKlpE`6aMPQuP&OcJ!L+=YBpNWt77}%mbB-=JRXi>`KM~9S%G?W8Crxdj0JOAX#+xU7I{{aFVgn=6+;r z#NpC@Wtld_XoyGFznU@#b$xuHa!jFQ1o?54!+NFiKZ$XXX&&Aw`3_ZfnAu3>zj7j= z6Z%34BZj&Ea(P0@j1!+y8Kc#3m`5*XFm4KF66r36Ls^)x;H&}pE{ssU3i+`em9FN_ zNhJN`m~YyG;epOjMI7547qURVe-IaG7C5~Y#^Hx-{lrSl*&lT`yceWIygdUigE^%E zQh25}xtdQ1+XhOkjfv7ZqLjDDX1~OhAa51q?oZucZY86jS!H!+j^P>hG}nzF<|Azd3tEh zY2s)Oe4~j??wh&cbEn4Uj_cOM#>yCMF$}>+GLNpPEeIhTs5V&&Rt7k1XE6%A^@Q_8 zi0bh=PN<)~hZ^XjYpfk|!reEccSHDBuhYF9y|pKke$R#nQ+syR@2P*@$bSy)+3oB8 zu&1s_!LZY77Nj2~bDw&&O(tp3i95hs1B{;{Mi(4{<1Gav@z0x>MqA!5WB7c_Td8Nk zQ6Z5ZI3fHMQ#YcCRFTMK?IMkta4*yJZ`%!<%N)%e*HW&>NZamzj4j6NTI4bs*t67< z+(n`!WW;V)YQzayHd!@eUm4<*5Pjr(vp%tN3NlxXgnXegwG@8o-X-r|5 z&z_Nq`cz#Ji%N|QSin+W>)nxhX|n-D=yBXTC22Z=OHE|~i%Ik9wI%EEQ$OopzLJA= zO(9<>g_bE#x?$QT7mbErA;hOXkJfE+(QFNv8eE2Ej8Vtut+&~|5a0lJG+l_k_tt^q zGgq+Hi1U=J4chmOf(eykP(T;iA#_X8->hzu)WizqQFTaw?%y3o;P$ zA9K8z)WrEjYz|@#&nmk3#SiB{)cUP+)ba}W&n06ug4QVx+FKVqu^Cjtc zo=UzmpZmHCxO`YkAwvhaUd@|a&9%OMnThs3?IUPP5P8t@SOlf^OZJh*mA6jBcp8&=x&rK5d@QEoH~@?8jZ`?Ht_hyJVd7R^ zS3b#-pGZ%%^C_naQpNyP%_mdbSNA+vQ$T3UOeE42a-c<|yjb>>d?J-kxSz-;^4Bz= zq}8m7L-z6$4vl;wKfP*N%_fv+{nC7?6boQ_e)f#qgsaF|P;rMT5hKM%hH^r0y}bTa zS|A{xuqdH)As!1TMm|KTSxEe{&RiW5OQuRQh2{Qv5= z=l*veYKeGM_gIjOlpWPtJHB^#8+-2mMx)ip-~X-F#regz`~PeF*ec)=9nd&-Rzk%2 zXZPpZ@9X~doPRd=Z(Tv}Z$sz4{*To0bU?+!iNK!o-)x*0&;R+w#fxv}|7-kmODg1k zz_p?+_(U_4HL*=#AJjtU{zMfs03&U3($%bIj!_k*L4+2(RGXYMUepDXA|5ZK^`K2o znyrC&0xp1Ua`M*km<*hzf<8bU7Eu}{@{oD~jg*Ut0ig%qmf+3_Tp2@FMxdAZUZo2a z1QgDgLBm4>YhW1Q=A;q=9|}4VrT9V3S;iqN`+K;l@KUG})K;Brs>DyA2%GybVH$Rc zUn!m&v|k&QTb@0aj@`|JnQU+wbfA z_R#+a$4hBkQ+n4U89({kP5)c1=0(B(qt$G+THomZ*Z4V+dneBS?X9U>C&Y8+)Dtu& za_?9|!Hbu~s4)RI?}#pG1Q|Y%f-Q1)!3@lEkRBTYkGf;NLUYoOoIA)KtZepuwH8dJlRpq-sH3!Nt#Hje* zu&r%v65QCb24YJ!k*q^80zv$Pm3qj0KTRAUyh)T&`BZ80a}PQ6P80K5wnl^Ai{~Wt zoMg!(KR(g-1f1S%(%?$lwb*@8plms(3CCniXpqoZWl>KqBgAoU0Sits3Lal3j~Lum zSvI3IfDj#q3(5&t9TZe(&)R1NiyNSO^~*Kh*hXz9q;ze2+`R{nAH!UO;%v**s_8fn;W_WT?}&t3MVe}V>JsC7L$(m=&Y5?weQ?Zl*!NO zoO(3T6M$oPpzs$N{O(PgYbV>Q`R7^rA$_3HX7SwPtaN`lWZ0e499{J2kcQVD&vX2-x;G|O86~idI zy&tkrSs&C(@{g1!TRLD)(#G!2gKyn1Ra<6r6B&eRe4{?hw&mtQ_O)$Ss*}ZcE{}x# z1NZ3~fEz0aEwqdjUgwlrD~mL&i!<;F_L=7~@fB|T7+*IV4Zn&(58&SbDa$T`b)-rAJ=ciVv8J0hByuILd|68#xiJl*IIEH|tCAV3k}Fmv16CzJv(K0la8N&fo4{wgW+e?n zD#M;Y=E5g!k@#PFkL;Zbxiicu*|$sn*&Cw_*1e0GK{C|Ilo;;KIS6JMkt;aH2ofi) zSQ8p&rYx8b!&e$^8*tS=oE#?1r@!%lZo5eJFqlt?D7b}f=G3az5_s)Ii3S zeM+aKkHdg3sJE|M5_UkK@OI8tS(0Vd>bA~gkT1iolU*EZzk6wo-`)&)AkJ+GS6TXg z42w<3hh(AMc&B} zRDzwx;%cKnO049#lkSG}CSv>gwZlE+W^!HL&+ga;-;soC+D%JI@=>%&`^dUGrF$FU zx*LH5$}SEAeJD%GNK!@;z{Bqb>9MeHMzMqCGj|hj?YZv5oO6#l!BMJ}%n7PpDRxcu zOS;Yu9Ur7LL3g?uBM7bK`)Zc&=jN;2HEWOTS^iN`0#&8R_-$8{$LoDh9sdF}OpU^H z;L<9G1E|>kIn43^WRF}s3T_5=fO2!P4Acx)<$8nXR{WI z7dNcx)+o#_rHw5sCBS@H!-ple9}eYnWzQa5J6J%H)x$=TmESg$;``l$QKe-hkK=e9 zp9il8zh3iIEUTOGdm8K?NXbXrMw6H?%eU6+!LMowNUpA91~CmCm-c%H^<9=Nc3JeJ z@M=qky_EXwBNirE=|lSK^8oUc?MoSL%f8;2w(Aw;(j$I`VjKBQQV+_J~nkU1(aPpiVALivtwX~5yO%X zo3O0NNA|od5s; diff --git a/CONTENT/helm-charts/ibm-dba-contentrestservice-dev-3.1.0.tgz b/CONTENT/helm-charts/ibm-dba-contentrestservice-dev-3.1.0.tgz deleted file mode 100644 index 9cee2617cb94ffd1b2abda7f930d9befb1655f9d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 59549 zcmV($K;yq3iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POv1b0fF0I1ZoJ^C?hF{$(jYlDe(Dww#=&D2m!;ERhUJ?Pkx( zsV#5@Bw-B)V_=3_I`MaZ3f%w(bD=J~j+0bbRrX3Vg9gw58hvlR*mR-=?Svx9SdvMm zGR5SUhpZE^?NNVCW!Bx%P5fV<|8snNeEja-Jj>(^X?hp z*Zk8-5HS@>o@Vf3czH{%dCW#EBYoUAWQLnYkvEd2>%ZItYq4P$WSwQHx;Q#|czEdY z#ikpI%@Iv#yvul~j&gOxlB0};>qNw2wL4--#$+nFVs=AzHZ-9twqZ$j6!1`YuVEs{ z&e`!R2R5ZLOPG8RGLDW`DmpR{j`)VIm^vC>-VXY=A5UH%e>yon?*5Rjf_t`m5HeC1 zL5KA0sDch*;U?&iFlGAx2qoy~X$Kv0$ub&r$ee}iphIr>hG#6&Z~K$!+i`yqbjagp zD(H}CK?}&{mF|~rqOV^etl&OhFt-$6{r8_vx+f>yiVGxdcRz!UWU z)%n@iRr>$x{P;Ke|7-mGj$E-N&Et&VQj?{SKsH#o>F_Y^2EQZoHCKcyLdl2T?M-JX z3~wQ{8~daD5RF zqZXlFv3c1J?fDYG!hYZ#vTkCF^?Ba6JSP86X)f6EiD@0~6g zF7<+uNRS7blxE^J%M+Y!27_CQI2I2)SpoEzC;Af_{g5koztJ5eEM!VixogAxCEEy? zJtJW*;~iN@3bn(Jb%@NCH^tj+7-^>1& zC#BC$&dcU#Vp*o~ z7)n(TLkUt1MaV=D)&)0une0%)O@zI0g zN7tkN;Qj2?@$Gzk8^9cIMWTn+(5ay9@HiVegjoCPQ-1cIItg z#4!uAq2_qEG`=8TALEPbI9KcX;{jl366Y(PO!{vxNG5Yue|3AwXkuP!wBLvo=gG>U zJr=7~GtSMMCWPOJ)r3mD2Z~N_#A>$YXPELN&3(k)k2?4LL!-H4UC!OrL6 zo+TILkFi)0Gai!ZX9Y@U8tt$E8A~*6()fm{u41vEF-bM=sxp>@%+6W`-ow(=VLrbj znzCN)61w5xM2aof%&*3hL5+q!@xZ23(hbX)#Ov}Xq8VLK#RC1yI}zs_cJWlB!KaML zgvMmHrc&cnpP;3X{pCt!Lb40e3Z?3V%T-7J-73D&`0~Dph5bVJI5T8g(^UOE5li@e z@QEvp3et}$-OWgSU|7}*gQN=*N~N|T06;Wr zS~U?eyC9lIRbD9b=GCh+?~S1x=H1EhS%B=uB#+}63njw~20LugXv34PWGk*Rxw~h( z776|X1g9tXf5)&LjmGoAtebtxUf#!3`kz;?&&vG&>GA86li&FNU*qSb`-UO^=AD0X zH@*2vY04n;BmpA4W{T+xazm3yT?D@)w%ObHd_wdYaa^j|KP31a(cF-}C4s*M29$p!*r-qq}ES3_0*d;EXhL_|!_;pdhej?$3q z?kBCsk4bl#$FUwmi*(7)KOY99f}q*2jiHaw>o1F^lYcIrQYk*|$Z+DYWQ4fN?1q!d ztn`=^`3G4^mKq@cAoSs$eD(KK@+2d_Kl%Bq!+;PCC|nE6w*KCLyZF7sTID0v{1xK% zKY_SE|NGG&h+SIJar<7M zFqyE7sV)~skqFgMC=x9I!Y_r0a72~jtE7{PsH2bK5&6T>&p!vj-~Zkr5nJ-)X{w-` z*&(#Z&p!vh`|?p}#!N)4XTYK+K(ZfmE?IPyYp!+{u3408@qV~UgnK;r#KPPPKZNLc z@Fa}$=y?;dJx=%Zg`^MA!;*-62CAO!;pd-W=)W^s9ILw7LT#RN4=q0xE_2;B~w~HYaVo|j~9k;wEvARMVSxe`o`LO;RUFFLhx*f;v!J=LzrSa@Hu?RQ#^mBpr27u702->@TSW`LB&&=Zz{mg4 z0(BCS6Y>wjlkAWjm%s05Zb1XDgE5Dp;n6Q}R3=uZyyvXEWaiJGbB8=IzFKD&FzbeI ziwUFB+o~t<=hs{KhJ`6D$)3gdSKnQ~{e1b)^ZCCui&G}m%h|st<^Pl8(<=XW{`KqM z_`hG{N3(xhzPTWZWnjmrDX>#C z0`piG{f)Fh>S(Y2a=c|y@`yPC`t=$7$~Uuox#XWnt5X2eW8 z`Cq+*fBX58pJ&s57H&GBRGmUE^=z+@$Lasc>ywiz{XhHqH~Ih9`SJb#Xqu{{?MZOY zljwq6xrGikETa+4XkqU7e5GGNNK6+jHtZ)&)0aUjK_Ynl00f@^nwJtu+eJ;=X+Kyq z$9hSC4;XCG^ zS^L!gbg7I7$hjun?y<_#GzQmW8p8)A5gfm*sV-4-Qr!V5K=c0yKJapIxC_GkKXqwhu?bTq| zpSmWafck|b1%EP;f@?as@wCdy7VGz9&sbQTDW|?f7B8pS4XCJ{<6r!+KI^zPs0j(7aV#Dtl5cs;R&1a`8l&q{ zi4qYw9Ok2_{!TI)jgxq%3DPx>ncAt0Z5qC-6RzTA=pmxKB_k=)@{X~Y?T-h)4Xfjbn&y&79!Rc@`uQ`6_MrCZEr) zals`2AV20JV^y6x!k0gX+^qj_&Q z8cgROCXKUdoisI@|Ig=Oz`DFXj)FhGyZtyE4d=t&&BwQc-sIzCFzpXU^WK}!Li;|S zTJrQLZhL?Ig+@?w+kK*Uv(0YDSA&}`*lXYp{CH3O$>8JNboe=)pa-!J-rOj*Rp9{K zHNKk7W4IlUKHd)I(_w%1@%?l-A51@vC-dQW^u(z4I2d;uyo(=4f@J0QihxXI`4f?lk!u|2h&7eR3I2_Ff(|5h6j@csvs5pVYY#7%!ceA&@z#vKv z=T97YocYzq!Kin6Gx#{UxqCAleVp{)et!2A$M(+}!0qLr_XS73=0IPiOrG)6BT~jg z{b>qyGk)`N(wjbc`8T=XcRm06r}u~MY4&zFnLL*eKGJ33-v7*gUq=2O>-nX0?`HgF zrvLY5IC}GOKK_2NZ`#&c(z+eaX2a2&)|10&2vB(5m}Zk+{}HnIStBvQ4|}#}!&p9i zoQ$tNj(WEZTkl$mnlKO6tSMX8C2Dvxq1pPv=>Qf; z!Zv!`IJ?%7NV6lp*c?5?=~1rakz#Voq&hO&bOwJKpSvq5Ql6+IVN8pv3|Hj~gc?e< zuf@M~78o?LcgXrR9;;aGIphCU7=PZNY}C*%hrk-;X^M{7H^Az*FidZ3c(i_%Q{}Dj z7p!lEH}C?^n)w6wL59E~l&VaELj7oD6?o5|dDV@swv8dS>x#<@^7s87ca>JZp(c7c zIvNk%zXdw<&i`_3_%z^OZOQ)a=W~8u?EkS&=}XgrJmvp)_H`xy$LZUU@BSk8OiHN*J3csZLh~9q{7m`QK`d{i?@XNW7l+s0b zRN6gPI?%(I<#q{62eaRj06#YLxeqHtdJ30F; z{`*(?spS7da$u;}Khy8ee3(>uR=d5DUyz3HyC6En6N3Zt5AgJ(AtSB-*CMTttzZ5g z@J!jAx}iFiA`_vAFUY)a6-}wI!>=Hzn%tsb-jNzsY~!5N%?zh+0{x_u zis;F!;HmiUSEtqdALl1$U;jq`e~q6;`acm-1MP1$kUrQ1t)RgtwzX#QrmNORYa#Ai z7X)^T%EOQ;_0RDEZ#{>=TSbhc=S{O}RVaF^nWVQIP5&Ku&i<`yXYjW!{%xH(|5l1d z{ag2Cf#}$}6dwGy|NYTdRZI2nrj}-HE-rdPv(EN7xPP9BFp}#oiCTQ^_hi{{1RTQ zCV9{W`QMgWx7wuD3HATOT*icS{z~2q=A<*U*;zh+)R=_OrjNF1YC0=P)Af%rIsNY= zeX%8Z9Fu>LHKP&fBoL4t<{9ZkzyFGSMLNsV*8i2{ROO$PvR9__ggie!-V|zHbaI4* zl=flOkJ7a~sW!s|mBuOmH}6}2l)t3+t=>sgX4a>A#I{WS=kju&^YaA%XS@l&tdA%7 zKlr_z|M~0F-{Sv%ouB8e|IGgK@p{z1{WuuCsE-6hU-V$ z6CSZ7<4evIgvpzx2kMYyf;_BwxF$Tqyo5}3iM}C7wib##F)W)v&I70)Aw<)Zku_C> zhRF63J&+7zy%hAg>uQ`Zl1ZAV7;+3*FZ>MB7ny88Th1O>q-6zmLH^f{izX52i*zUX zYMuSxfma2ibA0A1Rw%K|9;jqTDyI6sXwgm7@<=hw{Qm#ODNC+}+#CWldAN@D=m8&e&?L?elv1pz9>;ZHK33wB_shUh1?}vk9qR$u65WZ)R`H}uc!8P=_x)Gl89{0q)9o) zHLbVf$aUu_Lf&}sxGnmyn$A}N*GuDz$#T41JfP38H9sWp{6Spg<9p^<6s zg*MSg7oLOSuQZ@MiJ4M_p=vAM*^UsaW;d9O%9@f=d%BdlF)Pf7SY(tZ%Ao-@sg38S zSKt*+k%A4iV8rEe@M(s>J04#kJy9H6#FvnaF2mjBg5c#2DN`5DzGUDWioBaU?h(_U z@Pv_vHG}<<39_O0%$(rb;2THX4FXJLZxT`~cYl7R>@hKKEF-oQdE(Ath;cQ1%g9wx zxeN%}oQ3OzhkE;X?1^G{Tq@iCD@A%qBJw0e(s;wNj7f8yulWMb?ww*v6JdjJy&8H) z1F4q9#>V5*w5EhF$&&Iom(^oOLXpRs8qo-mOS5&GEJVcP9pT9jx!l19O{GYg%y#;B zujmVnNkl;r7X-JOL$?QmY6*_+jcWk1!oC%3-b6KlSYDY0|6C%rSn`q z%l1Q!e835^@kNIR`VG$%xy+LYGIGiWQm5MJ2E6l`c}g(vrpLbP0pMxU<4+>D9(Ei; zni2*(i)=&u4L5FuAGeuchW5laiw}yWRML!<fF)t78Ml--IQ*%WPE* zxLoxX14wBuQ=wRw^cosF`W=R1lhTA^QI3*$(l*SPC?4QxXg|&-(yVb7L)_VHYp#M& zB+HnG8Ol0NAlk?L6(YRKQzjLQ_U*~9l)W+v`k1TCoKT|j<&uXWu$4|uSr}|1`}43C zF@sw@6k8_!`I^m49hEl-@YtJ1iee6R^YPUi%uzzkU2?5y@F%)S^4~-3*SsBQCOaVjeuNHwO$A5D9w<5}8EIe_`Ln-tNAH=nF^H(5hi<`x}<_$K)G}VU!u(@=Wi1hv!L5Gff#DZPbTax0K8> zAvJ%Y&)bw`lC$j--Ca%3&yPQ&-7KMLEW-O|Hii6T_R|ueamtceM#KA#brFwP{S;NZ zAKdmyFWZQxzZxnYo5k2Wm$Syc-_uNqgbY5Vv5-uXE5_2IvadUJKKI@in^fp+pn_l| zGEL_}52GoLzQ9vk56rTIj+uFm5bJT7g`OvLU22NE%#%jh1IgSCO;$NwvG@8mIuJ|p z2oXCB(p<7xNMlz#1#0)W`pOQ#qeSU2nEmC37?*N5vd?U0h}jH@+3jD*H{IjUYs>zc zNw#4G=Ar;b@v=@O5A}k6+7XOabY1SHn}@-KDn;gNDe~1CbWQpes?7G0=I_@$V<}yk zu|4ti4ON;`0@tTy9+L&vyd2*!mC;Q~Qph{-96-HjOF`X~Ql%b*j7W+Jzhth_^n5@; zMac;oL@fOl49gNI2TdYhCBR5iMOx*yt#(;pr3td_3ua0fmBmQ?ZHaL+Rq!IVWwA&% zR-KVx6GZNvq=?-zLnr_xt3GSL0BNy;SfZb`^UmM8EG zT0MThn+&fS%*Xdhi?TO5LrHDrr_)j z81yxZBU8zesKjg zdU?b&JKNefy;j$p!RFVb=r$^;>x!|W6lO-_sS-UEr;`z#dhtLVVkUPXv$egkM&r@P z;pOc|Yv)_?n1PiQ#AqjVs)+@9GiEyjh4T9@D%cXbjAbT!e(EJla0pB>-`C80<-F3;VqVL>0 zFsy`JvN79y^04o8hei-U^VFCI zJm2(2KvfHUBJk`Gr13mr^(YqFUrf&~f&+R8Lo|vbbHnUC`#$M^Kb*fE-_6PU-gMd< z&4+^-8DEp$=mYtFIJ){SI9MR)tKqDF(;ME-;9YNYMS3?kWboI?bTFI2-^1I<&2Vt# zL(-4?I++7VvZ`$PYZcawyIk_3$4(Ed_G9S0e{O!Ot{-6gjAI@(E zZGE&m!_oD0IC?X<9gOB=JSC8S?0PUAjQRuUMYnx=0OM+zKI$fP%&5BqmFy(yX8O()~opbc0e)4^;q=+DV~4BgEJlisv9AKZMf=?`^Z zSA*|@gAj3MIH8zVElqac#xZ;lu_a5QHsoF2Bz%eHm9>Z?pFYYBTqTxUg6s>LWOHEF zmQsKQ&Qm@=MwGtOBM1(nrh(cXP@xUOa=(S3?Wb`YkDC64eFB$hxoeX&PdM1Wgam$t z{g`XU%vpp~!6>&IIOR5pg~~`oGirWSbjy>KQAER&REj0nqyu)pWO^9cQ?u>XrEDbj z?2{H*H7BSiN8W&T1{i75%T*>h1($=b6nQ}MiSIO`IB?fws7{77q;>3d-!~Aclq`vQ4;WEk#-tv5fLq z8D;IxXE$&v-X1K0f(^f5bzbpN-FDSsMKdY;hJO+C62%uW3yd)~3RueGjtRU8V!l{~ za+hWu5RwAL@bgZd@mK|Fr(&_{B&%STZ#pR1c9v9W32wus6fy{A=;u*rZ~zZ8P`#5| znlZ^~tjg9+y(HG61nBqpe4Y^FIuh#rq7gt2TD4xxHI28z#&+Wy->9mMqFcT-LXqNz z+K7lRcjS3fDGR~QnCgrau*Akc!@G(x?7-fKcF!97dy|>2U4UGR2exIh!XjFRi^ds~ z1O(lfWhhsM*6)#UZx0En8-NPE#xd3>FJuD(E7xjMyGEp0=~XOZzM__~uqQz`Y4v7g zIBS{9Wi&3`ef9!wlfiKQb})4}t-k#5o@*EP=}WFoeD-TzpZWv?UC;?9!?X~|=webo4M=E5y!4^@>U@PUnkXdR;Wi7|+p@!rjP zZ8A*4E;(r7qt+qXWi`p$2dZ#s1~;Lie_skWJuG(Mj$rzh=tBico4UxGxqkKbv`tz> zttnF2NPlT8?gmZRi}iZ&x*68}VH^Est*XQu2UtkmC+N9m6*Y|*@i>0xP!n7KSf$}1 zomUq@aBy;1$G*OeO8oSKC2Yw<4t_$SYWWX>gVVz@1wqdONfWhXC6`;h0(jD42cg!J zJV>5pEHQLMccD@4NHNIt6>ld`psWt&?66MGjGE1I1$m5A)2aVJf2fGe6C#rRsC5)4 zm0U2i z$-JaPgV-&1rah)7rVqHW?-C9p(-bz>l-}nG=6d0%FT)UL>&W-Dq2k`=pxo1qJRW{+kfh9bOo?-e2vjQ`{i zNODCxvhO0$Bl7u%;^YYo`MFC)ViW@=G`n3{B0XncGA;te3im;cb3hJ~36zZ*8M392 zY$ZT#;<_0bsNOJ6 zfP&CN$3YsjTUT5mtsgu*<`JW9a-WEY&RRUQ^^wp=sf}DO|1sA?O7sB$PyC20@TUVG zO1{wuHaw;E;6~Yvq*SvFR{7wIgOx>j?%FO6F}z|!lYB`-u)mL*>)CcFcLHw@H$tN=2oGtqIOtJwLmc2%7Z5d+CwdpMwiOP6U@ErZ ziLtBtZs#h@6)K#JtODb12u^w$D+iA{vOr*FtoJ}lQxF&J4yiA4%A}@BMo@gJQmYsb{ zSGI||lAL9Rfh>agWbL>cX~w8pfF;%JpA9@{yJK7GgO=^wwQ~Yl-I>1Z#M0>AD+fcq zz<6CD6s3`HKk^rdwO#`li1XJ{xSnWZL-m_xuxz;DlPeVjgHKLeHvZ{TFO=0Jsqig1 zmf-?Jl7La{x~Q1~m7-|daIeL#t^bu(FI%f)N(+zRa!4)1F(GfPe~amZ(yYrWkEwIu z13%1){~<=}nC|WpfIZ7VJ7p%?i#9yrz|80^H!WcL+g7Q3!xTzuOr?51dL~a$5`sJo z>j)uTB~@N|u*fvn;Tkrs*iU*`Z8KAcJ5df|dECdcP42q0ZYc(th{S+aXcsqsbjjRB zgB0D9FxH}&({@&RCs5*;WWwYz#k3kOr-qRg)DZ&X$?B+Pw#*Y_4%;va#2F&8pBrso zNlH+AfQoV5hu_6wXLy>bv+SaX2kMeuQp8T4 z2JS)o!owVSj2H+{)l4m*b!-~qBe=2B^M)n~1Us8pLC|QrzYdl~7}o{aa%ux$)0lk% zvS$wis(8>@$aBs`ENamUoy?(2Mj;}<78#+&XF=Ph`yO8Z=MxQ#uz6iDFN-}XU-P$A6Ab2%M{EgR7oKN`206DDA#V;WiG*yEOG%Tc zP3F54WgILDj5&++$uhY*{rlJDw2DQRtD}@ErSD;|;bwHjj?!)Z5ogGg)yJifAH!T_ zV#B2BuCq;S)6V!ack@wb(kkVQDD6VcU|N9!6@oBnv^gP+c1_`cxa}Yc-PqbDtN=D_ zfzeQCX)e)H=$faRHbps&JMh^1YRyyZ$b|y0sREIv3`+SjrrrP;G}90R!Z=W->pYH0 zpQbeA&WF{cGcmD>CVNQn(ZMWVbnIV;UK@1i^%MgWvs|QS*NgaV%^}wf(2e8(Ly{M% z{t|4U=;w_i-ZRv8Gp(p?Z!b99#e4&M8)ke9yg&t&f3R}B3usHk^W{eyAMp{;_|d9~KWnf7BMNJ;qixP=kxHqef}k;X))a2Iy|2FHf}6g(!<<>Fk~9lUgrz&JxDA~6 z<}zl5E=@BUarbWO7p9@G7e&$c^xd6z@9OuSxL6HW^ui#D5h~BTQD`DFyoAw!6dTc^|qe3(#DhQgr&v7kUiR8@MW3eySE%+4Q@0a-mr zmmrpg$x>pp&(o@~Jzc?`sltIwM72$!4*Cz)o(mjG$Zf~{%1bY_eSlp5z8$5zUw2B4Nvlnxmo#sar)lLBn|Hi zj4o>H32O-Mz&qRv;CZrP3_V#4a$=Xz0Z3jIMpuv3iy47l^}*UOeK~NoLEDmQ6H353 z0aIrQIXF2!tPcqcKkP@%0qbQrI616slm?-@LWsL$h8}T=czjfCl*wzO00b@=s@u?A z=1WG?VEVPeT%PZ_=0#~9@k~hN;<0S#X?+4kR$g;K<|#Ol01fK~!L=qeC%S{vW1Lo- zoOF+mVR$K%s9c4wPT{k2_u1(&G9hW4D{|cZ=FI$Q8exa}D{Oua%}#A%Ck3s{h%Bg+V;|OO`_=0jv^~S}paBqrYaiUJ25@KlFmB*k z3JFxX4DQ?ZH+67(Hjx=#aQZ9`&E+9C#ODzXZ6AYH1<|WOZDP*Y#^j&jiO*^lS%_*b zj*r}x$Q4w2C@z1UZ;i(8|AV>58tyB+WBL8RlyfZKuO{V#FWA*Yo{}=n zY$8?!*_t%i{zg!rwf>IW!(r0LyX_OgJygGa-aw^H%cqGqe)uSrdR2q<`Xw~#tOV>E z{KF^b=Z{b*1a{_totNq7Ne$Y0Gqf`g+WB!Y&l0$^(>l0)mqY;$ftab5;GMs&!F#p$ z0`zC=O}7N_+dRSj@pq zK6M6Kl=t+wG^5uj`t2RhOY`9t6sZXwT&iVaVh**%pQR{MLs48c_R8@+uQxMKeB$!j z{OJK|ILGef*@Ndnef6sSO$F-L$9tjfIe_PNxUcJQPtPA2?Ni6bM?@3s$Hwdr+5q(E zZ58}!1Nh@d5N%<2D_CI^t37;s+|a|TCzi74!U6R*N)1Qt^QKPD_I6T?)Y~&vid{oh z`}Dk_m(wTqPZKq3?%=GsgOjH=67&%C^9_)sE%Q~>DhTv-zE5x2CZ)F}4hp^Yrlt2y zMS5x~W0#~M!QlW?2c)#H0zYXV!59*cHdUqRM>wd&tC(V0DRO|C{sxL($pBai+J~qr z3&OC@pTl+?K7;Qzg;m^)%lzzfImU`~;gS|U((!i~)UhbxyK${+Mw$}RHL}VwQ!Vy6 z2!dXhTrsEwj1IP~sjKJOGJA!(Vj4!N>Z#cTddaE`jLX3I18-k=IDr%KDmM{cRTuC8JZUNk*@K|v+S!?6Vz9l{0Lp$} z3TA0DtSg)29`?R{X+;qVx>4t}zw^QzJ=dRHv67Y$vj`TcHX8@m4T9FbITrIWL3Ist z^J|N^07(;0j$Ybki&kKF$;i0BIAW3*FMCgnZTl7~qav?`Bsrnk)@L!NaLtNhLVHUF zSa*<;6TJtap@n8DQIkxl=kC2_UgBq$x~ksX2E;9Bc%P?jBAE%+1ZlLGS?Qp4K`~>? zg6Rc&I#GO3PtB2gY4jT#nJ|F_T;6u;TD$2X87Eh410HFQ zlwE6nX;WmE-$L~p@12mPey>HIL>8fEUC0=Z=@5RYq~Wy$3$8fMv$KVJQBC#ja}flc z$B;$(l0L+!OR;IvY3yfIIv6jXnN|I;$P7`r)E7CA0W~IHdEZ?qs%ysg?>Mf~l>i_3 znaBUBBg1N+mN{!0UeKyPwG>$2{nT|l9~LQ0Ju8LN<2zmBud2W7ny1h^t+Be z*xFv`MTi%1iTvcIhN{VqW&(~}ZLx?v2zkGZ#RJ}i<#!ub@q=Vk-K%mDmx_zQX?K4b z*^=g0pK5)$FqfG-l(k%};B%_@Drp;RgBdzUU4k99ezwS!zRH#L04uzfyrFxV(0>{d zP#5DZ>zyrNG*B6ZpjYtZv%W2l_&S%Ro%d^&xPowYGe5_lx#B%js_x^*Bvop(?)k2P zrWWPZiqvshBBb|BlWe@!z+`W1fy2ax*9sX`v*lJxX*EDEt)oz^lvBLzXDGJ`AF#;N zBF~EPn>Lj}=O%esQF-qrXfB_IY6TNhGA0OKbsxP(_LX}*X!&nihoyMFZUEVG_h)hT zfnsnQDdZEwuwr-zq!5S%}fx5<*1lk;P@ZsXMKY;?VF(i)9f z5>ZJax+{V;s__}V!NpbDs}*kQ)jQKe1BhOzSdkmh4@0KNf@dc24gxKMlM~V*Z!obIUSdIT`GH)G z-;Zv_JG%6-gH2)D+6)n+KkBM;BD{bTDP{)+t6q_m`n$=!DtT2o=kQqGJo5f!|S)b zcLQ>LcXLB}ck{R7>2Ur*59e|?x+;c=I1orYTA?>jvc4SzBn-%jQ?AINktznhNWo4e87Y;Z+x2Uo*hn_P|icN&Ez&z8o( zWI7%Lng%0CvjvH@%mPe$)A~q zhQeyks#Ln!FWBtO3scr;c6oSttEXK)=9iWSyS0jyzL2Sqj)ed*c4_i-E)$~ZPhWhx<)0i0Qq7?C|L+`AG54T)Y!mix15@&Q)b4>A@g3j1Heuk zW8FsxvZoS~281F7#lgv;Rfu&YqY)rM^I|d&UEUj$7w7cQW1HGglfs0;Z=fQaYLl}= z@Z%DlEmt{>ogVVQs$ifFtZI{teacV~10gY}H%K|;uTqBy_0?guq=%p7$br0PJ5|b% ziz!$Px@x7w_5PZO0cieC3U&Cmu~WEHSE*4t!>bx}+mkyN6l z#1$WfWCEGV=3o-ho7@;1VfM5DwFD%jhdSU`p30>uu}*bf);8evCSm}5ec}?OYQ6z; z0%m4fr40kd00kApT!s)=+TA`DGAjIeF*(P9(Jkt3goMK`nPPFw3dD{5=lyorOOYS^3m)y}*&$iU74M$apSZ`3>(&RiW@I?}l zIGw(qxbWn#R`499nXHy(pdJ|mMBwxgOUPq-N))#75+Gg;X&|a)csQ*y+uUf;VUp;j zT{^TuK)dBKNHKj_=5f4hJn|+h_eLX7)hpsul8k*91dA?w;0>Z6f|jo`RjTZF4DvyG z;ZWYU-vvSFjaM?vePU9@6lwTv-u)uyUCdT2iC~akX3qqLGel1Ly44R#yZyT$h`hd8 zqS-uaL`rrdK?`kOjS4t0p6!thXO0D?9fw$rjmTKMJJdS{5TgW2-J;~bY0SGOGw4ee zz|S+{Fn?mQP~tT4gtp76rb|;O64SCzsbosUJ5S)YHKL1d^&lnNGN~Y!58FTjP5VR- zpX&#OD=9cQ#*p>|u!0{l(8QGUq_>|K%wh)>?`$46xbcK?>4UKFx0awGcJ+bsEtB8r z<5DSIS}=zVOq64wnz*O7UkImx6H-O>5OXQhtT2TOsTnB+ndNj#jWz=liip$<=RvUS zma1XlxmD#1Lcp`ujV0|$_O()*Y8CuOGbQXvFLx9q@bzr0t{#V@jg4UR1l!M?MnmKB zETAUdGs^mxGdw+KBIUyV*Fu(}?BM-Siwmt~yG1Bz)ko1nuWe^GG$BFcJb zlvX!9W6Fqfp47(j=T6qCKmcK?OAd;3R9={tpMtjusCT*)D+N@yYq_2wUzstMBJcSW zd)Z)vKQw%rD?XGW0o2mDCE(S#vTFI3dxl)Y37Jb8u}+?KUwi;LbGtq z6nyJ{-Bc&mFgoazpvf3~TGr9KZwl1gd7yK^Ce8H51XZ@C8aT}E>EojVQ-gOEny5dQ zRbNx9Pv%z3!gWcm_S1iYfT5~FIa~(IB?BEOUN3ml$#P{*6SuUdOWUHv<7i<+@4exY zB;tuasdPD7BO@7Qt|CCSJFeUTRw8C`Q%w%?#2OaZYmSA&wSolFCWoWP7gtvr7V;EU zF9HF<0>!=LmD4J-444*j3C%Pf+CDGf?VV!FR1*J#w!v#|SgabS?@CchmaqrHGZ^t1 zj#Ym&H$8y6L{(H$ge{k*j98vzJTC8HE5f>mjkEAb{t`HSOhTK+yC>P3t~-&FxcSX{Vy8h~cHY%|8t(4Kb)v@Xo`AjKjEq7)u4JtH+{<=$= zs?nAY2^RNIG~)^uzgB{%LS{WBS8aL~FM{G`@QFAG?UpA+N?;LdW>BPWr@Usj@S#SpyBEw0J0I#anWzvg(w;m}U$#)mqjMNi1koRS16> z^UpI=WXZEF=D^((K8y2a)YvpKoLxtDZlAIitDVijwhZO}$ z)&5czOe|QnXQyC@YOI7mfHjqoC)AZI7nE&hH$!`fyJWc8u!y5>rKoCDQ0s=pc8J%v z@HbuZ-mkPfa0PnxyA$VLY(GLC*BFjGH*hygs8wXkD1t@R-JwP9GA~n7+vSG`S0t$D zR;>(DwTV{ihJYU9@ovhw%}vHBXB#bD-Fxd#6&5`TF$tXw1NGQpVSwV*S_x`hDCCRg z`pQT|o`lHM#w^R2JZwlt0l^lKxxYL@r{pcX(9n))O!BUxCZ1TNA%kQEg%4wzta7?y zPDm=WlFn;vu|uWp%T7^s}B~rfvqQ{zIHTuwCIeO7B1A|TwLZCkhB!tv1^UF zuC8)Nrz+;ZcDdwS#Z2m4sQ?kiugw+N)gVh{coQfLl~kwGHow>@{2M0 zqebkpz5?0zE;tS6G42RGB%8X?YO=^%nnVjB?g3HDT-Hv?kM$VQ+Y; z^?DYc*d;x<5^#JKYWCFK@NdceeA7KGT~X*q<`*)Y4xBUES2HsBYyakMHhedz7CW2{ zCO5tQ0Q{@K0nh(nJoSnpwx24~czHJm=QSwPIJhG7aeH5x#S-9#DvND0>&=I=>t268 zo_-*Ix$EK6rwT8&Z5>Ek;;|?Z>Gh~PtQLywlG*rnKxXsa9LM+PyXkOtHSFUMt>50w z&Gn6`1Q4v)jj z+pl!XiC&MXb&{Q48JEre_-dd#9M1;cM`mES(_Jb;$SDeY46RnH+f60 z#)BCw?&$93W_bOd!zfN9(=iNW3e=xDBGXq*xO9BlCC@ zX}`o`r>4N?Tk*iQHm;B3MQ=n==imSr7V-ox!q&t=X~;!8TJ5&V43m>7FK`i338UTKnux`62{ru{T6@vpX>Gp6 ze#uR|DZ~kI<9MR-g%t?&aJ}kwJShc>qG}KXfpYAV{>bSIedb$BBN>Z~=Vc)%SxH>k zEgA`;gr5-#O$K%L{p8S+J**z9}?MY~^4N-@b-9-gT_m9LB7_ zJ#T z(cgKRUS#4+>*^P>6Dli}0o`DY7AF8=U{{#SQki{Mlh!|o8%=TUnU-7qx~Ybb2j!N) z_`Y&Mz#1Ub2GnbaQOU8!L+=T%>mBs1pG-*P5j=`=3BZWmkdT1 zvmoem8Ri>XatgeLO|CsAS(_}FclSkXNwuu%tU>5`;$jNygv)wH6aN(9t%oT$A_~so zDAT~TRjw<9{(Opq6jLW*K1f*28bJR9Yl(*f@rcPnG8(SiBw?$VuUHbYw%(7DrCN40 z^u>#lu(*YtX{xR9&0*UhKo3N+V&Q$EZ#EAdaS;(Zx0_g@Hi6* z+%cvbv*BRPy3Si@!;Nm)a~LvCez^FBPH4+wk=hz?)<;-@Yqjah){QEP_4)~MpMnG= z!Um>81`v-_<6%E-JnTb7Mj~^E9a-ejnDmF!{@v|t-W&C`@G(O=I-Jj37}eF_-QZ?C z0lt6g@%J~w-sQ~z<>%1{8%lLO)>0h^@mk^}!)r1eU5}@?0~@n7oRZ0SHXEXNeu2Kj zV=eMtL%i8l@3!}503!cYZ{9=qUy#pwH=raKUJXWb{rljrgWJhXZ~6h+4M$hQ>7YM1 z0A}#ej&9H&kH)vdzLqv-gTLGjM)P6s#(w%88BftCcs!fyiC+)3oOyXS8;&4GZmQ>U zH)xYL8<)2L%qt~YU_Ca>y`hO-WRhE1P6yLM))bBMv+-6|tp z0ZcePMm3H~f7+nCoaoPY|&lovq(ob5DhmY6CG*`MCfEQn2bG)d0(Q##BQprPz zl7e6*zLLK3e2;ZbF;Jg@;ab z?QJYyV@+jDmCz=VWt1mvE6zNcY@3E*UXtH1x<_-!C`M*N#F}SH^UR1lCKd=^`?|N9Rnv{*Y|(hF9dJ-qJmXxTk|YZX`hdBIouFm zuv5s7IgP!+LW+$?traJS=)jM=0G%kjzy!F3n_Pj+!NLt?M7ipW>$B|!!5!v2cg#3O zC=?Q;NpD|rD0>PlqymUzq7SHYn-lV}6}CRrAVGp$ec*g=kg6RPE9u?c4U-`=&BT|s zhm}4;k!Z2oxCq%4&PZ^0!Z#qAMqJ4}waJwHC4#|oGNPbr|P)AKw^G_*C?Je#UlbL#?NjI0EspbDs_ zN2C>}kWews@qTd@IOAXDYqE4-u-TS{G*-etPq0?3s%WhAP{I7Hn|UtbdWR#IUf<-V z5Ldyv>Lc;&gT1eY0D4uXbXQ~}GepkkBb_K(1QM2f&3sh_V8KiTGy$iFPHnRUm$cG* z$3<%Sq)4S5<%MOm+QO&wPD4=flXl*TMWm4tB=q3D>@>zu4u(S8m%oO3Pn>qi9E98n z2)U+Ke>t$t2Spu_rFG+tqsgj^=_ylty?hh!$shO=!=N8TX^*ss=Pw!3W0@Qf~ZHp6gSoW zSSlOGWD4xqa|wO~OX{EV$2zJ70duuC$ydY{`D#@OEJc5ZuyC`&N+=b)bqz0I(2q%lIdTIq_!?f`b}+FQ=r=+tCB)6v9A$vgN9afGE~~|^7H`l6QO)?~mh|pf zEwo_GVt@#FLANyKfWSOq`mBeHLP#N+!!0l7AT~MM7cu}S?*IrY1Yudb<>*e2P4{9E zAmdfRi<;v7M!Btjjj72@CfUklX!luNa@U=83EM2FTnXI4)aEwyT3As4G>O&^z;xzQ zFowyu6e_mdR65+3V_nW=2HPUM{NJT)1Fz~REWp z0wKcy&^h!%@Fk?#M?wV*9NGxMegh1F$MqL!A$H#0TCgQl@XD;p(K!+#0L{fgZ84U? zYLrfMEOA4f2Sf?M@+7VZ24)JCYSB{TGESZt{g~eqP>p*p%^fha3_ zE5xNpu3o4H3J26e{cfybQYiMFy`ddFW}i}CVMZaz8%(iX@VsVt#)sJp<1trJX_!VO zN@AKq8jSUxyu!xPT$PiTl*hRQ*27#gs6X{~V1zYrV3N-AtGB7K=XHaC>uVK<2Yac4 z4~uvI%I8JqPKb~yy8tIBqnL1;S~N-BQbg#A^2Box@I!}6q3pAKp`1OadqNJLG{791 zeE82%%nMo7%WK-bUmIW6HFJf#INpJj5f{aWycu_c;0G|KgV7&Znc9wRS568neY`U{ zR?z+2H>aRQvmD5^&nvq@0oVYrPy$|9Cv%fD8p&{x_qXn}T3E?TSpW+EN4<__5x*e^ zdwjahx_xKO)$CKsBxhhm!#bK`vtcG3GG>l&7~@PqtiBNlo#U${if(zbstV$m%4f~l zRv*Iqu2UqK@=pb|#T&-no(ua1+(NSOW@u#?jwcG&+|}e@(8w-B{gC)niU0hoBI{A9CD#=_ch&?d{4ST5aSK! z2MlSU1#Bz1e|+==Hc3S@SPAY`sMfw@0(bQd>Te9^NPb|qFu5A zZZw}Gn}S9xV}bX+$>I*VhV<8(^++*ALJW~0P^>Qj@-;GJ>WgHnrFzsc^bI#sgeaEz z>KVl>(r<)_RH0giZGx+QO8%Tnt|D%d(f9Oa{v=+QubeeYDYGwJ*se+Oxi761TEA*L z+9*K^_a!e0Atw3F8cJa|<%R;MW+pZ5jm&47N|{tq8Z(uLMQQ9j(>{)!)d zr@{6%O!APbJz$YIc_HH(4cJg|N+uL@CcdOGCXM+68RVKuw#hAzqL`5ZRpu=BmU=`l zf!Pg$UmiWpBo8E;wWNxX)-OZVTBH;MSybW?OHv;}HDN?~hvUdp{bay-xCnyY?O;0W z_hvzGaB`@bv_4H}L@x>oU1&SE+{mNjB%_jx?}Fgq^iY3r%Rcc?V523AAU&Orh$(|` zt5E-q-|Dt!hZeY@Y_klri}aFJ&f}Qs-!i_+>Cq*Xi#*Z~WWJznaw&Pn)tbEHa>Wxe zR54Z%@6+9edVgPu4NrJT+vJU8dSY$zCg0J7w#kh0BqQJR%*fy)w<`zR5%GzPY7T zX3SVb@zFbt3d4lx2_SUMJY3Z7Hkg(EW5gcF2O;m<<@sth}861 zVsh|OV7c!nz`erW8u)7f{#GO_^1c4wtT%<>-qMif`mb_#-iIdFWv^V+Wy)5%n}gP@ zH*IOEcJK}KFsJ;1CS_pw?7JWs+)c-mL7UtTudZ$eWYC+b1JHo0UmmAPt@OQ8}@J8zl%iLLa>(VI4pS9%HCq%Q@{^e@*M36gxs zS3<>fTRtfINDJuV4HI&ue|eiHD=K$w@;&{D-b2BYHu-)hSG%9^_gfK1VoUWeNyZYk zlA=u}B8FVCQ?bFZPjjVUe>1s&e`B$w_xiUv{ej3q|Y={ z6Pp{L*!peKU(={f`eGxb(C1zxE8)Gq`hhP*p7A!hVjB_ajS-fR3k}+2@MBIhA@wGD zlkCDFJ3TK@@T!u&ZA@h)M2v^R92$N7eC0C%<>{@c0aO3}PchFg6G`T}mT8@8Z{ zZgfi{x}qwiQvV)v{r_C@43`Ce=X(F#(w)e()O0JP2t(0^)7hu7-4Y`Xg?6SaPe6Y( z(~C`G{mU*~Ytcis$z143&hv!B$luWX9ivR zoAE|Nm{7aP|3Wjp7}E!uL_qNcnG2I1)+8xo`f(m{(vuXA3ujVNa>Il^4>PgRG*O?O zy?Hm@_dHoeTBLZ-R7Ngoa)0!O{zTj4gXU)1*B>+82P?1K{11xcSX=Prq|jZi)-<0YMQT+P2ubg^nY zG(J|@uIgAzYVMb4czykr$~PN|MR7yMOg?Pu0keQ=;+fUySCR^%n#m@NEiF>5VpxHl zP;62LzUF?5CT_APS9-#hxQu1Q6AE;3vtbf0@4g1>aBg(#mpMy>B0VmV|3D&gDfN!M zDAr1UI^}{yjQp7idcTD{@|Am@pA@`T228~>0;91tBD0H_byXf}k&kVc~5!R}~E!s}TEC(vYf`@LPu2A+q4#jz3ALW>0=?KBb9*Of&)YSeD_NA;jyv+bY|RoJ2NLd~l9a_&GBjr~>23M8 z^JltTqHuy_c$m?+M(u9(AmJlJW`)f16|F(N;c6l9L!_Rw6bdz0pwUS3f;}^mXfE%W z>3FEO#3GL!Q89NE+J^K6qi^FYQxODwD#g;ZYS;KRgpHiq8R^LdH?;)!Giv&HMUnLh zOxQz(DLW$v9-PnN$&3d;-5;jfk;$)*>GfTX{wH|EtdzRHlzZE=JuG5otOa`Zu~G3! za5(dWKQC&k6ss9SRZ5!-lL!SNP2wkO9)pXMWisD!mL*X4^J+h1*WeY>6oa*3WXT~S zlPH!!c-mq|Xt5ZEHMJjulak(wJXz6HV9H4vhCsu72Rd&($<(5tXjQfy_#gK%bo-z+ z8}|Cxv<2qMq^!hdrBTucDx>n0FqaL-g00Rq&-sX;b%drVGoRYVo<|p&0BxKFs!S8) zyu^|$X_)z;!!FDcc?DxsDM}*Q@d~M2XW3dZhQ=C4wd^NjAW>scFIqx!fBYr{uYqt)x!h34xqFOgm%O7PO+sF% zf>WVjFS=I6;>58x7|9eIW~b;I_WE5i2Ce(n0c~#V8Q2nmX=9P@WV>v_q`mE~xJ_9}vJ7^Z6Dh6p{K@yHjPN(ZGPf5`N41zt$hR0exdZCndaZLS^I3S34< z8m@~{=zPIH3o7PNcCnDZYI#^KdKo|xrFgwaP7@EGxyKxIG^O59#*}R_z{TeN4Q5U? zrp_A2zxI>3lHZ9Jm?VNsubUpA!SsOqg-r^-x4r10@jpt`EuDf%blqzGJ0M3^O8U2(V`co8CXN6oPv)Za!^}2$3 z0u|NSTYrg;YQFcUE2%t*zD+Y%tQfWRC9dYT7{K^;(#tY!^kl@^jX@9T7>m*O z2U`w;*TfT8hyDv6@1p$3gg7EAn=ihcuD&Bmy>pjVf*6*yGX;zUNUtJ`sV+=SYjhIu zbCC$0>Ne5n?x^2=Pz>VR0n4q(KpPI&zRdEH6JUdJCtm&d15?%;eTc@8V0EUl+#sMf z)Bd)=lZ9^fyb{YrJ$cyu(iQ7mblF;N%1p5D^(P0qK9lYEAz)h#UnrBjkVRSe(*@7~ zRqwJFx&;N7STBv0aRmb6nY4%_$K}i2e=@17V%6RAUc|XfKFdHSVjNS%+?Fc28#T45 zW3^?o9Yy_C9Q* z)@(3+m@Ma?SpR-FxxF7wmWx(v(4X{g`_EvXtt|GL?_)Pv4#2{9aU!#`<_$kt>tjCH zy>7L>0E=tCJ>)XvG23#4^?wy47nn#I+y@AJH1HY4IlLO?lQZ(B7hV4)m98e1fQj0= zI${Iq@afu5c_gA3lDgc&=oyo?sr>as>FYCdAg}-QnzU0U=ATio)>y7aTJ;gkLZgE8dI@*et=8@o1*du@VC|Xi>@6>N8_Nuc@ynJI`*4?T zG)=9W56v0LM;VnoW;-4U2m5q&XfQPbM3{v>BqH{~JDs-3gw(%(=CVSe??e`DoDUBg zi9JBl#pzXD!~KPrt=_cw2(G3h*BFX3f~CW|?yb~NEs7FEbqR$?rBW0+N7F1d;;$Bb=qV8l()M|F<5m?Nvm^TY6xe4q*R{zLRsdI1554>3 zQ*;%menef?Kf<}HaS^-;u99)8gJ)FWNJ*p!kd5%Tscn&nC({(g2Oe_aMFm_+AAf|< zGN87s0H`d|Bzx+o9Z&cM;!AcC0u3>29Md$1vg+d5BN`t*_mb28#Pf!;^tQ|Th~qrR zK{uQuqg0vWeqdpWJUq^pIx6sKI?*A8A5(Y7P9)KDJKg=Z+^ryTWWVLJi@7Y62>qPl z{zu0XI5JhsR3mGE=Ii^}ezl>KxSl0K;DtgyqD|%yooJ|X>*@2D)-wMdC3A2N1|+1~ zR8N*c9Mfzxt}Ft{WqDkiMQW0=I88Ppd;KL*-!=`HIePe3jWeCA=?oqb6*#Lq-*wpx zeOWhYq;~qpZOZz461gGO-!mr(>~^dF-H?Y85jF7cxMF;)^S6*~wp~Kjhe= zxuI=~K}7?rQCw9nMPG-iU>%*-f*dDJ1FwM5eLWPY8v27;ZNMMU&v!1n>MU2gJ-WI7 z38@@t!*(w4xg=tpx8{`^&F)VcHqNyFwyVyo?t08~K#DIwS(XX3yYj2bd#%=NIDdEn z)_H@ip9(0kUJ`-HyHPSV(TYs?SR^PMd&aEt1k|v_q3Xnn`mc53xZc68?grikQ)a{J0>L+IK zOZ_+2(ktrQ)_2xmDoRyP>#IqM1-p22`GdB_W+E#e!68aD2@&}~Pf!EYp-yrmi3qFR zOk#bf5$}nN<8>Lc9Z-o!WmvFIJ4)lU4Tkn6OLNau?zF=)-g71s@q1Y2YJR}Ld6)pl zljdZ)W8^?{S)*SujWmuc)`54scnKKnH$sI29&Hg8S*o<#*cz3-BD_h zMJzln_Klc-Q}vqw3LRFpgX`)c7nxFKv0g<)Y>xR4XNY+ml}+4Elk-Ah6jS;%dWp3*Vl?=rr;cq6Lby6?=X_z4r*Wyrj52 zDgl7)o7Z`=Gpdw-w^$O!hr_wVqhHJ11Q)W6u#6vmCtz{;XMs3a>c%LwTMQemvC0em zhm}y%m)k_b-Z3KJ6X($0Tk6$L^8T7ISD93K!;Y^ z_9Ktglkf;|Yioy5bKg;*q4}?+VlLu1V84}86riOGBFa)aoZuOQOeOPq4AJn62!lRL z@W??Ssf-T}x397Q=}rz`bM z(EI7+9s9fbe~bP+VE6q&{{esOPj1<=Kl<38v|9b#wE+xbktJExuoT7u%L&wi`=AyX zfLi2%fpjUhP}z&tjwd!9-eJ|?Q<_DrO@Zt-!t9IR`EIY~xLq_=I)f1lAut|0Ok&(Z zEfp5-tPNdnZs=uzH;Bz`P;AVlY);*^DZ=qkLatfc`*+)9jXTgGZS!+m8`*R<_&7RY z48}{xA_Da;x+a-eV~4cyhhDqY8cl9TUmqAQTwZ=`<^qv8O$D|eEXIJZ&kpr^l*gBb zdbMBGlO6yjeKG{hF1r*fu;C@m-Gm)+G9f^bl|`wk10K`(5eXC$7lDy@+MS#e4VSAL zc;bgD(5OenvhBp_^qM6PpOMW#dmh3mZU zI6$%{^CivJLh3k1)ddSr>_xhg!Gr6b8sGLeM@ zuQEFuM|d{NNY04iE6Agsv;|MWklWg$Nf(W65K}#&Ju^988( zdGB(iCLj{A!2H(9@FV-rVSn78+`djVKc#h7DWtwe@g`mIUCH4p7dfbn7eD^^rdj94 zi`|LIuvH_P81GY&e~bhuSmzD(J|V=APUsf~>aotCWZ7WC6eqe%hobE~x&P2Tlq)A{iAf-QF>8>sS{;;@b7cPQHk zW7&-VYZMuI-D)lTZA-GNLf#9$NkdqfM2)PL&RY)7_Qg5nnH`NO1&ou%3xP&*Cvlta z&~!_IJWaGQ>j_rE-|fsXhi~mr(@2qb;aC@`g(gPcPo=MD&{AzR9=|tyeZ#+cUP{k< z%p>S5_VvpdODnA6&5QJM+R_&__Z)X=b9Dz)cCgOye%S9e`cLt-{)9bDM$-wqAKu># z=M?8qi^7fox4*>eeH8Y+i-9AkTmb}Jp0I}m0W60P?QY=k_`v2vZJ*9dEoaS?I=FYZ zg}nf?grJ~xyV{onGphR+~)3i0wA%hjxl_HV$Yy5%_&35VH<(+~u*lO~8v>jh1UyBfLN z$(Uza@(mx@E{!0GKHN- zE#xQ*8H+Tf=E5{iI%f=-coaz~aI0C4KPSr@0!`-gT};QS^?hd2dCr`a?qd^VlK<4! zIXMsH?xlPz$f=pxQ_weYqBFE*&A&xn@Kr4Htra!ZmqC`;aOuG2cB=jAWD%LrkClq1 zj3+}@og_`ph7T67D5!L&8f(qVy~rNXV?|<6cPm|6w;8O8R=Vk%pxqg6Q-i9Q34ks@ zx{j!Ht0XOp6>bQaj!YCOWlL5k=Kp@-w4AYy?ABr;Ai1hR7B{t7CPYpq)o$DYp5umM z2w;sF4vpah;Z(^-!G65@_U(7y4hO75F+6|Htm`b-$t9Wy!IZP*7#yumFl>7&q{)<- zn?9Q81-L-eQ<&0J?bPM@`Q^7)KR~xUcf|8wY*==Z^g6rUE<)%p0;Z>RfuN-$W%tAu ztSrR05TCJYvFDI3dVGWXKo6%ksved70K|BX4#Rq8y>?vb{medhSPI>sQ|3`F;%-mZ zYPSpI41brU<({3riYgB3Lw9NNIdFl^7yY0{AZHTyWabux*V$kQJk`B9FyhciYj<-` z*C!^0L(Z(u)Ho?a$!lu|4%N=YEV*_w5^Zr)#lxr{x5RQhsW~SAh5(u7bR*3ibJ_=2 zOP7Q0JxiTU>VW#jiF>HCI?(;?=1Ai)M(QBdfSr^^0zKAIqi8RT=WK>UZFe;S-wM`4 zYa^!@!q7|X1nL;X6J%BeViD3}V^u$kT(T5IQbvxGWzOUHxov>14Vxu?#NGL&_koM5 z2GJakCABsfN;O}49%(lL^DFuixGp{_^QU=ICrF~UZMyk8xaF(Bxv z_~7&hT#uTuXiUX>AJ9+h_ztFRNjc<5m1a_D(YFJYG>^x(fmQr;K*DL(N#HTb8`iP% zg*&Q8=}@D-vfM9ETkD>St2yR+Kb#NV_b1E#&1gJYehS#4zZ@;@`h(?k{)zqLp|5`X zrCw$K4=2(7TXCPC5&IGUyk3kUU=>&YYV;-aMZJnT6#Jt2c5d zNfDS-1GW-2JgMwbUdDxv0Be94mz{6@BGfG>!lCESkvuZ@P;xR60!p2!t=1fK#$S^Q zHFb8d%>ny>wih&>iP*sCh@{wx0;-4X#Xa@Tv?N@(Nc#^cHbYVPpPu{qiG&#}+?S$=(2D zAxu)%iv4Dz%%Q?2`s&G5@*swksmAPHGx5%D!~!90AT=M87r}!m*@8fR)-{Hw^f(S% zJ@E{R4wBrg23E8{@TXyrbgh6t4lbPdU{Xiah!ZAvkZ)a}R!V!ZVIGvdRhbJg7Tw9{ z$hA();{^ku1IaTcaX^ihczKNI$?b5?CQ~*T%?A(ni=`4R3pQH7!_ztIPd>5f9UCndY&M_1oA>Y8?eN2J zJe>{a3pO70Z^lD*XCGX?SN|N3ryoa?cL5uI7*5#ej*TXF)A{}ImL3_+*=)L4j8G+j zvaRuSv0&4?Kz;PKf8T#MWXoy5Zu`qV)N73<18`CI#{nDub9g@+_vfF~!=uUVXg(Y) z>8%B{pnIePa%?c2EQbGh7*3X>{#ZZy69~_5)eCQ+2TL``yU}tHu$za)Xfj+Z0ybBJ zco+uk-E?~UaWozWI5Er7U^MGPK}Y|?X!34hhr4_~{KWe6(PGH@3)Y{o(f$4KcGO=E zZAS(}JzwgrC0oAlFWI}{WH^U5)gP#vxSns=qA{R%Yl1rz=(2m%(}DatETt^SL>D>h z5EVq^6I)TFjL%1OtXlk0QYKa<#kZb$7M%vCLy>`Iwy_3`sEUb7)GKFCB90MJ{Ux!^ z({ZnN!})!G^6ABiCpK>fmHn02$Rr^b*uo}>lZtBMGBc6M6so;FK~>3HPuI3s#HUO) z<*(Ho(_UR!x81mORrSiv?Q#ko$sl#cLrEAp^KNC6v+Pm+rcID1&w`~|PZ!q5eyKY1 zT!CR-f#C>zWiuL0{hsm5z$U!t!X4}6hB}prZc=)p>n+(vr>KA^bM!sBtg*I;vO1s1 zNi~J26>|lu1ku44gSFUTzw|)y9J!z(N-Csz9+>pfL|JpdS6Bep@LnX5EC8*+jx&!T zRPS3xUP`{mbJAj6qu1FWLBniU;cMY&@m!g@wZ!O((Sa$DRg;7LYpsGni8@`yiIwsC zgl+&|2sEIp^Yh^R{G5q0OSKvQwR+CQa?;V-3UT^h8j4D zQv;JCS7jj}r8qBF$||KiM2wg3s^76l?u5UjWI`hJ7kjN%_^;WZ&UT}GJUZZOH;3q$ z2^K(S7-_jrTt_O^09Hrpra|$o%rYQ$Y2bAf^ZcMTH_FpJ&#;Ky^mWg@a(75T#rsf= zLdjKO9N9;u5;l(Cq8#%ENe3I)&o9Ivhn7u7UG)g@^K!k0E4-3U=W~{zE{dU(6>8J3 z$b<6RqJ-{#VlcLBAL%0XOsPt)A9q!xJzmH#R+H-;I2RVwzIypl&9z_kWclOhWsO6U z*R9r{iDUL>V3nDP=p3sR^Yg}z`U@a(cgH00(SA^59bugP7xYdu3Cpt>w@KUfup2VLQa_g z%VKq~+0M_zxUdApe6CWl_u@&=<8gLWV6H&^n94}IJ0Yju@|VB)QBSyTqHA{o*oRcL z|M$`4-R<2r|%^DMgP2jI;JF-sf$$6FkA%ZmzZ4nTj5~G9GNF_ws53~y12}j)mtA&odG&vpVzqyP zUDIgEoT?OLleAFF3RP}eJ2n|LLDNFK5(fASi$b5nP^C<%z2jT+QU(ojf_`qvmSI`MGfzH$nAiG+f zp#afV3mM8i$i19D0{2C$^`94)S7&eDoL`(>yk(v9@4vk~zqshOTL1Cy|NSrcpIq(E zq7^?2fy1H5L|#xn(^(`Qza5VT!^vW}&_Db#8r=OdoV@NE=jZ3=-(Ow9f6vd){r_HG zoqzw`+yA(DbM^N8>bvjGzkBl^=a=VKSLgr1&i_?|cK=uA1<(HD{HwoJ9o+wr|4pXL z(O^gwH=6ClCX>@u>E-fRP86h(S0Z#*#sw6;>gq(o^F8&xg_h3UyQ!0RG3A>8Bq^}c zV^bTfJ>9L!W#>aun#+HyZvT)J8B&JueT}lQ)VV?!VAdr2Xn+#Q-=h>yA_9x;n*D#e zUxS^PuIm0&&0QR%+>!zt6q|?zs&{D z!tMV%-HYTd&30W%GE~2WaoovROhf^BR%#mW;alQ+Q;dvBhG-eo8@+h+uLDgRT z)fYebXMNDwJrB9a5H+LzcGZuhY#6BT(D|Z10PZ(AD|1l^69W_?I;bJbNJ(;lREk6% zW^!dKAzmyS+N0UH-`04yvhjAs7z-dBIbaIhBr+KsE1lP?yUXAP$3NE-pJMSSVkk@S zW-uTg$DDEGM1sPf4?Hdr+mdzKvky=Q%Gq4xX_|MOh`+50X2(l|9Nn1tyEs{Y8lq;@g8|rOD26zIarLAe8ggeK{9~^mWn>W(gu8YuS7atmNpA62vgm^u{U>o}9h9!V!Q$6d2a2;)dCQlKxP6I|9tz-%JR_{8yg`{8yl&=dRjEGYT#z(xpB^Ow4KhV zq)0QpF^MS!?s@jlvVKq(c~CB^{a{Cz``(mE6eDO(UDP4S4NnfPk;IWp(>05rSVGsp zU|kfhhwev;BFrhkBjHb0jy5XIW`Ysw6W?r>r-WU?e&6I5A78{pK0*B6Jp5Ic6u^X&?_)z!0(dForPs^eadCj3!u zOk=kNicd|U-v57wMiSAPXbm~nKY_d*R6e-iABg`!NR!A3o5qO zbYlnBq4a>0v)OGe{xN2AVJGp0ulcKR{}1*<@BGW&75^+Uu@el&l0zG(mba^x=l27c zF(NacJi6fB){N&lTOzD67|H7RR7QK^^^aRwh&_b!Uhwo7h;9&QV_n8Tc#K9pN(^!TFqK;#wMWw>T4wo9f@3S5}iNM_TOy>zNXC+ z!(bK(aLsx8FD9BhHx4*cVqJK!(+=K38zx9dF946blL;u&c&MfQ6^}` zfC26j3fZUy5cw!=4pGW-{30n56vHwY!baqJ@em1kO1X?6y`+6?cEvAiOIxQ|vDNp_WIFj}baVfUj{K};48(1y{~L8V_Z=in zR~z-l(QLij&D%W|^|uZZ3q>=4#^sF^jHhSEr`N8os4GqG=#1A`=#tc|YOmG0D~mF7 z&fPvDc4kPuLCb{D?p^oGvCk32-3y+iaw0G2m{Zs-*OZ*3K{l=A$z`N*&@f!;>l)js zXOd@vJDi@m1$?cnN3Q3@+WALz8-(l3H%!0|Xic?u0pIK9$_NvL$%#p4h z&Miie*qC~@0VoN2uB*|-n$Jnm0G zs=5UOle7@mFBVoOXCe4%d3FsTOfIIh#;ZJX_Fd8cakP9teOR)O{rS8>+zTk|2dlv7l>0ix}S|l!&|o{_3OcOaywd%rjrF5 zO$OtKTPQfbd04W^bjik}d&t^eP6H^VrI)crd9)l419h~|Mw7ewX!34&Kb$PFn0Psy z-wo$bo~uDJpYOo*j#Xez;EB7@a-v27)yQntpD#y)hjD+-W)Jh(bTJHIme_o_m<8^8!a<$^UWj)>Y3G<8YSA*0ThK*( z_4A2OeOXN{sty`{iV7hd95x#e8VzJ-6Cb3s8^g?!-)~ z3llUV{ff+8R$a_dF1Uz70cBo%ntkF42+~!F7WZQvXF7!$`5&*ZqAZT>rn2_(6T*S^ITbQJDFvG zLyiGz>yN=w9`G5mdtQi4@;LXyGHOY*D;%cZ(eq`(DCQli{h}s-b=tMB&^1kPZTd6Z zo#S@s>;i;q+qT=?cGtFT+qP}nZg*|lwr$%sPQTkYH;|PdSxIKznP+Sk{Z5*69zQjS zrCwV90Yu;S>ad{fK(NRY9B2oV7WdXWq7E!G76)xN;FUWzAxty1N#_n0j8akMtF*dl znaP;@;R;wWNd!IQnF9tR5zbm*8G7HEFVp)c{}vp(hQ$|_E2_rr^q~QRyLcl2mh5^B~3Ac5_> zl$FLHDo6m{ySN;(GLn{SVcfY?2Ed+OE{$ZvCiwS z70sX@+qjnF$E^ZBfnVL0!3*f+2sm+{@*H}l-nxc^H|1Aly5@@RSZsZRGNDlB8MoAE z!P{OYN;7d*lZ94#>GN??8ECfBImAmM2T^QTJ!2qYhJq$DjtLL!`o1eBx?3VSJY7iP zY7=runqF0nD}r=e_ES>Tb8lLPhR$|suk0S&Yl>u%K(7x;ID}lb)DeBfHHGGEV8%_1 zw(ZXLA~q}~VZXlt*Sxp*$28Q)+Kwx1O(Of3jOixDJ8|d0Po5yQWy&B)iIZD=qYK&B z&vij{yb+TD%jeZ?0G$NyU1;6*)hzwak9SOM8aj@}-tCr~tMK7LIh2r^KpP3fbE#pibqBvNJR+kb@q=4gJ($sg;{Aayy#Tbh zDG7$zbV1F4l(H7``T^jmc zFe2X18&M0qahp-8&2);OI0xy2Y-Ly!_={=S_QzFB#1EO*Bc{vzyJOpa(6YIOw)-@c zz=vUirA698B|>hCgzlX$5i;_dfn7nOeASi?3%3dA+_Vz10mORjGLfc9J}goLxvynaqfdXWLTSS`7CjdE<)1w_JB%K4m$8SA@&EO2mM;)EMj6VO zk^64WQGt+6;60EBkuphllM-awm>8TN22XJSWB+W6njYsa^3V4StWQ-K?hpxVyu6MR zOf%u|NB8+d+z0&3E}lExe5UB973SGA8rSfq2|1Y=3*n6lz~dg#Ywo8Sk2vICwI{j} zebuIb-T2VQ3{D++Ki{P7{FlyaB++3C5V_x9PZY(s3G2yzUk0|LbbyWWpZvNQB0D+b~4-$%o^3mr&Lv$i@I0~;J$=ti zHuuYJMFO!=)<0k&Ep@~gUdhW%B}5$CA9`+_L{!oSEC-;rA&;;)9A!4=G6^rN`22Zp z!35Mikr0fTdn|p!<)P^xE3;Y{;S5up7@mp13m__+>*&QvY8I#aUD0%heUZew5$2W_ z<{`czqo(ZcL@f*ng)s?5cqu@E4+xhCQ2&rbmm;wSBp9n!-I2uL9hdMnvQ^K&^@;g8Qlsdo}s+>g-oB3XL}T)1^d{#=uT=8`pYYtYZmStQ_>FSd2<5L0pmm z9US+gl)oh6FGts38yDzlr!s@F!duESbLV0O2Q-is?_*Ae3@Hh->FBsw+I8dDy$zXN!xAfLHiWBB9O9Y2l6W!St(vQ+ zp_J+LIswb{CGlK^kC@pp^?mK7#E}O0c~YJJ zt?AJP4RUMa%4DB9Jppt^`I)Ab6j`RNrT(woXSXV2hcGQC@jlP6Cn4`}g?@^mx?{&% z$6@BwAW?rgj>hn))}!-KsrgZbf(o`5?S&#PyzmHRMWva=rLIIDkAnl!9Ea1{)?5cO zK?>i}M2k5VKcS6@&V^`xR^I8eajVX!T9L)21MsX$=(?|_9f=ql4{%ThwFRg%QcRnZ zhHcG#1724G58UoXuRbb1J*2Kwj82w5Kn@zJ zU_d9HlJEi1v{lKqo48jAIMU21lOz?l4>$5BB|cq62RsAEp=$cBt9^niFR3nGhKnF^>aXgC!nxW z>SzZ>uc%saL267MaLE}K&>Qw^g%5p~Z3SVA^E@33l3Na2=z5sjTzDb1pyaEshg zrV}`UM9UoeS;&*<*rq%f&6ePqLA^eE3Teoh%}8Im8)F8o8f^s719mc)5KD6?z`O;s zK>p-j2Ns)lJCj1fu1Gzh znmJZNLdv?wx)Q7lFy=}2au)y?JB4s-QXpStIu)Q$Nga%MdJ9b7@0Ki+0~M?=lkihh zz-c2M=5m4G4KBk2lCHxI6E%(9p{llkSO#l(EIlS?miRV09xsk!duq`{384$I++9dD z5q!NNHoh8F`U?U|gh)}N$LyA@jSC`*jnClY5cZ!*&KPKq3>Fqq^wK^>4#t@^h6qg? z0CA@0dg~*8*s<138OW1M?3d1Z3dew&MMKTq;*UW}GpZ#9*B};Uz+@4%p;Rq^8KJgq z=z$?|r38#`AGyWz7qQ1!cU%sgdg2kJjBsGjwxpsi-%eL8b5R8b)A&-?+m~r@H}A+f znQ;z^Yj3|fn<(BG`cSQv?!+Q<*MOQ$Mf9wh<6bbjd{sMCh##%ZK40AN-Q4+m zU4MdA3++d>Cx(XMxHeZR(2x9;Y)mWrP936ghgk1$b1H5cV`=11wL|Or433J znT^UXl>qL|{YSey<)XUL4$zI})KZy{0COJY1IBF;R_nnb$sP9pH!s#0MqWZ7k zQqRV@WrneB6&4iqHJk_(2rG)Ya+-)RlBBwc-MdKr_2-C=~Uis z69-MMo8g)~8!$(g;SO1ne{d#0QP73&`TSOVM6eR7)>1+?@> zVPqquda^4`EFR@GGWPIZ%D9!;avtTAt{5Pbz{8k9@p`93`q_~WHeHek{{-Llnqaac zZLABJUVo?pT1U{*+S3Y4JW=yJYnP$ZdXx3^HOSzoCsLn_2}NouuCs^$i<<8l5`;63 zitS`pAXdQj>~+Oe>0aWlfEg-REVd}+9slvzxyKAZtqR|K;Q$ZMJik>EaskS;za7v)=o- z!P1n&FZ!!BM{ud<`}uEv)OBi0Zl@?-Pn6b=IXJ`pp?Q6Bsc!DnWbtDayX9YnhVQn| z4i|-6q(@<9JDcl9JIuC^uH}_jOV)B8Vuoc)TMO(|7dy+rVopjNLGstJ4~$PKtE&;R z{EJ2^-TW*}8Vh7DGS>QE(5iKzo_UKz2Qn8B6cXf>^QH*1Kj=?`+Tj}fN6>J6JgIgM z3!n*BpPB`C4?lrTBkP;0PNF|IKSdb@zC8(lFEYNFZz4}tN~B4wn3(|obYK(y~@Sv8Fy9$7mxpvs(p)oHw~Xc~^C{h|=-7Hcs1hfzfS$tJ&7I zh1yPcA#M;>?07i3soOq`7TFhVJkmyMMB2_^Yjkq?h|VwF6|X>m+19{!l1?(hq7QXC z$mfO6A3hQw(2_FZ8!H)nisd~>o}MHJl;~1Qu?JQA(+k~t9y|$o%05X_dPM(9{_jpS z`z49O;^$q3r(j523vOSH{7Lcr(;d~=8|5$N_h@RZ?h;=PSmrE4$NR@VM-A@}me+st z=dLHBn%oWmHRo48y0$O(=R&r*oGjNuOikY9Gd3k<{G!_`nLSo!-=Bj*7c5z*l@t+6 zbf0e9x4|tlG(}%Q=8J0-P3%zB89evLr=nJ}+1!fBt4(E4v^7}W4sVm+<_RWK_-+fI z{*fmvNM8T`OI;qp70wsjdM#C@w9m!1(Gqgm30V)rOtihckin&ESoH%~kgVb!`fCG6 zR-rY`h*;Kbk08n_2fha(C9~B*R7uytg&1N5d4N{U0jr74A5J#&pFgCQ>TIE(ZVT<` zhg@DX(k)?8qlNINaoz3Z)&iLxNxK~wtQZV$S5~auUln^a)-2uBY1XAc8t`egXk4|e zmbB5#U+Rek!Wsj!tKh0?Mo><<1GdrTeFpl#pPl|PlA>;;#n(m==~~zO&igIsBA5=a z`)vAX?0G}$0<*qz(rNV@Yrc}k1ZtTeK@Fg;-5kssrbo^`yP?>bA0CJ z&L7o0HT&-rlS=l+HOnS2Zbq&t-$2TA3X#q=>hPX;zt+;`q1zjwOUfypnuABknYtg= z)PmHLT*utgJfc22&k;mP?ww>LcnecPs}z3wvOXUHAX{2i@m>MF;t)QK@a4Gc=J#w9 zsO2*!7SPGF_JfJHRB0fML^!>bK(aTCW6;od39-nXxYh^l&Q{U!njH0e+4?sfK^lPI+jT#5G z+851xt_>kOO&WAU2i8qVKEt%Dn4X~!>=Z;ARhhDvF7NgX zInRhz#!Tuo9|wOwxzeV2`ryC%^jg(+Z-xu{c79_}Rvh|Ykd_s^Qz_Oi54Bn{6rst4|r$t(Z?LnkIS!%>uKdQ z!Xu5Z=F4OBN@-!Qznxy2x%ct?D$`Y^3BOzPX2*h08V3%OClcfof>(efCTTzQ5<`Xs!~ zORj4D?L$0TsEIdI_QrJLj{NuH_{Yd@$NKlR7~Az9dsn6SwHs%<{L+Mg$EBEQQzeRN z#d{#P4giFqXnMbfGH+eS+hdNm7jKto0qMu8ZtdArJ#Pk#E#!p>Pp40f;lec5_)bu8o#z5<6 zqy?I`bW=YLw4`%We@g3fQ(aiizLU0(u&y=9*Zdh*3zHCLv-Zm%tu5omB<>+fT~}bE z3oI9nBLyz0*?(>3p!wBV2q10hZsk9fSt*lQRZhGU8}3GD3REjrlpx|paCC8F30_ni zbUm`Xo7cn^d_XjmS>028;J7Ss$Fnqx&Q8=&(Cn-Dqs_6A_a}SKKi5^kTX0OsW8&SR z%8iqaCk@exJ!h%t+Sk=M6h(-n0@}~&8JGajKydXLJAol`|fKM$nQ_dn0p z3MM7-u(6v8mK^o+CxBJLcA%B!|9Jo>k9UC(WOPPWbziB}y=k{1EgYKKk8+nv4l3lG zmB*)-e=$pj*7h-dm=A&O<2$W0oFTYGXuJ^D{EOX80k^C@^s9>B^@9L>#w?!;`GzSE zfTo%t6EdfA*ePl(QLJ?XP{&FWi#HwKg*`2V2KOmjEw|2vW*G16ES?ZZq6Z1b{WWc{!*{Hv zUnoav8*u}oFVI14jHPV(BQK~tLl7y3i%A*=7hu{;oM=v$W`VIhlnJitVH?KKJGVJo zT+3Do%|>rbR;th)GMmw0l1<*bqg&5NBRvjhio#qZz>*&&wB^bLWyPVwF?fiTg-sy> zPN4T-p1o+C=oHu8rQoq0w>K>kT+d^Om!OE~FFp^$S}ZIzOYlbrN&U(bATXH}&iE^S z(j$-*8Xap2rk;q;bXJATQeIW8zw?<2A`^}(um}_<7Qh#7Ar?lV`&>6eyuLzN6 ziAtvkRR#~~F^7=lT;LbXqXR|~%l^&cJhfjzMoHaz-qhiOcm{@VY$Tt{T$Oxvisuzl zRaSroA~=Nq1Z~19(KJp5gBv7$=nztnMRJ=)*S$!O3?3Q=iOHRNX!FuOH!m~KvFrsy z41Ba`&aSg7-?nZ^b7>yv*P=z0$F1K2BsEBrj<6HsJ3C;njm%NZ!=-GM%IPC3GK2wN z8a$e;Ca{_2ZMmA25E4H*ZdflScf5bvy;LEGI^yU`F0cccn?R z3&q3V`Q#S+h}XWji4I90^W%8Zn<)E&WU-+))oDWFzAK$BxS2pPE0aB`;G zzlL3eYC+Pur%ToE+ja&UFPBwSzEOWtKZ`ijv6fMj5wKxwF6a(>Ad zz<$Oasyy+kqD`Kk^Y~)s+dk+ewmFsYwnflcF2%t?z~b0& ze>wn{S?lZSFqwOIg9psq*6=~&G`sxNRzoe^$N0P~_Bxmz%ISA+h>d9*SNJpSm#bg$ zqt(5KOQa}YLLM^|x)z-cDPzz1A!(ZK0pYPB)uO8u%>kpz@GjJ}Fv+8LhUTp-7TLAk zn+7YO)}eX@_4iJ5X3A1w@6u_{%tM5YVu9q;Pc-~gFW}0#U~)k%V9~A8@5Hi_Ke+VZ z!w_+6Io~>1Vof?BT8KhTw@NZ0@Wto){F0FjZ%c0gnP*nZRt|c5=WKKbN1fp1+!0+G zT;1DUcSoJ81WCyg3mqJph=ytAig0%w)fg=O|Wtub1fnbxqY;;lf%=|M(K%|%vF z!$P}5R-pU)=VAYX*KhYFz8IMsgQ%=NN~Kv9wV2w68#L5IuZ?UCFNC8m}4Fu zZQx;Bxi`yeruf`S9>%Ud`h$^Kmn!5I4dmRwua)WqrH2)Q@o1(>Xo9b@d@Zpdb8*y` zlFXzy=mJ<(WyWo)_c|CRLXYztvW%9`PqNJso<<;};$`tZP6RQ4@E3hg z7WrCudj}*H2blttOF=q;9cgtYbq?0 zLwfJPv&>I^gon(3Jn4*Mr}2rFEF?0)C0Dg}OU9_`!qg&!6X{qMmq$7cFG5tqF`>0Y zTqxI^myeG?N{{mP1!GfQK&L9LpIsBNomL-&7umFGAZTs{z9s6`%Bh+i6bF(3J}Y=wX4Hl@~V3if7%Io+Es7 z9O+tIJCNtZlUZf*@Lxv<_YC$uYgFA>zej{HRLz<)C6JxbNBRb;o^IP=YfNrq-GpRY z>de-7!R;DaNDi>PB2|G#gGUcVB*cqkDl_O=X4{I@)-4jUl$cD>wpS`hd978kiIv}> z@6gXp9gDg^rO*$#pS$QyG>rZ|_kwWXbz#9f6WlZ`*pd-K@}^G78I<^?uCpN5*zDnZ zToy>CvolF$p4+06JxTEfanORsWTEggN)X`Ad6^-|GrN`suQ~8}0|7t6nB(zHDFwgQ z3=36&0PK#iePQAkruD{4SuJ+7$0CibhT(;JEj45Vyr`{!R)RNUYnHtX;v~H zgrEAT4m4x`6u$^It39W#_T=Ip7YtpQ`Drh@dmh|95*y{t1sNDVh1-K+*Mb(0KiL-J zZ=&CP{8kj!tY9#MJi0urnEIRs_CoiJFl&bfcD=pr?NdaNT|VeTt+=xjO~JUar$rYw zas-#5Z3kZ7T_^T%dh+o--(b`vxWx*+YJ8ZpI}N|Yoq>4j?0xGhWdgi^25Fcs&s_`P zT{Ihptk^KNqQR`VyjJiV-cGkZj`B@^sxz)*(G@3G2e+c(_gZ-$PmxZPE+2D^QE)Q2dYwfDwyh``?67w1;EyvSD?i(Md~EJ$u?V+!A<6 z^iD}x6YU+~HX>v)mqJQ#%M3i2LC z#6ndB!Fh?xYOzK~#8oKbq=iLaoh0I>c>1keout!e`A`W*HJtU%5!}elDPty5J6BF^ zna-;%rCEa%Mb%;ey*SyN!j3&6MkUO*^VZJaq0}TE_lSt`%@8v-fvN}2|+E(#9oo>J|MV^InTrKc{-&8N6kx0of>b2%dl(i_RC?$EV|T2LcG%avJhL08A>P@-P%%80C;G_r?C6Z7i>gIQ59 z<@67hjhYJqT1>ZH8Nk7xc3Q=Gugtm1D5R87BHBtA#iJfrp`4V%k63G#)+(_(|N93e z1|Ekh_U%9|mFq$aeM6#>amiS=RdLZVrUX6N%~o4mq@0P4i-%V(!O;@HU`+Uo9SpKX|)2^p+YcN=hQg| z7-s|YFflLlwcuC9eD>OaJkp|7E%TY^w=Hb`jboNllOjR})Py{_jvUOO)?5+_q<j<{VOaJUQ;bYNR&va_DzuJxEanIKjB>x_8J0$HJMIm_KQzQ0GnWzakh z0^b5CIY^d*9Unv__wg6m)0i{C%l@3?akGD#WSyk#0*nc;oH)IfSQPx1dxEz>Rs-0| zqKW)|cIa_tgfgOP;Vu47s;zW9WFI|g=NB~=RMh1=*R+smVwEg{q@~`IveuVfB6e%A zQA7n$3LK2;2y96}?;eo+^3;lbgkgasy&A8EukWF!sP1glOl+x+D)ZSNZZiw*Z*w3% z7z-r-_rdm2x1$7@i%bZ}6~;S+1*cMd#t8a~y3lzHO`?mI{jT+3ZIbKBw#6=s}M8Z^ThA~&-fb2pGkdDRCfmBz&Wp5yB@V? za$sXG8o8L56lg^eXU;+{v1;8FM_)mw=_#OXqwO5_o3h!HY#kYo-QI|FmRKME@a%iVvuq|wfQ{f=5d}iDr zN9WbHDbz|^MUKI^>+0r)9< zT)T5S>sQF`h(1C2{_`giWLBhfgslTJ&8W;1OeMYYTUV7~do{ChGZ#!z&IE z_-F8-_`MAfJPQcsz3;Z$Wu29K=7a(RLXTbsdAoFw^(=PC;qigm$4l1AYk4e&jCkRU zVF}aqRM2!zCFmeu7iPNLCsAKa9#GDkIovQ)hz$b-atVM_96m$682`GOiw|Bq%Ij5*4&Em2|eX1bx-lX`9$d7TO&N z(_35g7|n7Loh{srPl(0g3>}ohVuD`zz476j{^nR?T+}aE<^xp@dGm|Cd6pj1@1%$y zQkNtcdroP{O$~;TyS37itv$HNxCtplb?D+C`Dn4I6reGR1T}CoV-)gLfc`?nuvLqc z04PSrYM{oNMRfUQT62&97uFLt0VNqe=8hj;L*xLg0d<^u@o24kUZK$Jp-l-a&=ms)Fz!_;5r*CotF zY0JC-Hh(u8m?c1S`KXn_PN{yuH8_kn^z|ZU|Zy!;@$4v zAv9g4(+=ojcQ#y#3gY~1oq7(KT3j9d`2EQNf3u+cz3`8#(^r`&fSP#8&d7J7J zS2~L#P)$U^NI%S%QA0>%H8O$hCpkL`%0au<9OZ!Fn|+WrT{p8wdEY$t+UcI znLh%-3|eYPE}?f>StD?x0;tKTpNY0fo))tj^^`YC;+ngve4J!^!~FV>>SOL zHGr0dC#gQ|@&2m4{${{~pg{V#5%8mxZFU6kY1l8bO=QQC5-ub}6CHNTkxa;7g=PGh zOzJ4t*?>7yqDdy;XhkvSVNw=Y<5LXJtl&Wed%xpLc0l2L{DvHU)3;3i3HoNUB##1j zq`mY7c|f3WhCv8DfWf_U?|*0p`_?q6>%c-%1v+q~i3nNp8rgPp5J4+LTr;q3Z%B=^ z^x|vJ73IUW@E%*GGeoSW_!~<&&cK^pNFKZ)pG@K>qwyjegt#5UO&`HG_4unc4HgXH zOYYCRhlQ`nR{+^0_K(LC)Pa@(P3u-~(@O2i2g@m>n)ri$Uuq!zu8%4~k)S(G)qt6P z7F#zcuoLrIpM|z&#IZv+p6c=<{#$S%7;4$6?V{|HGMMn%!aA&Dq~iwN;22R?h?C+G zOsZFh%&GS2{^$HFFz>S2xEO?@Krr({K1(b`ZaOtf3FjI^*L^zWlc71TFXO4~>|zl9 zo3em1vm*Z-GBudRxfKRqLna2r5$q&GI~AUV+s382N?rRnX2A5?gHk_{M!YhVzwRYm z@Lz^Mx=qp#Xk*~@j0aP)`Z4WmmfleV&JZ3&m5ZAV1INYvi(=t}>H^MAY}i1FGkgeF z>MAe6!1V+Jmm%G%5+@<$P=@SG6tOMED_A71{{gIiiZ;bGhVj-;$7k7SwB$OqYJ7I1 zr=uVU3Fb68wIBy2hmRtf3>S|6Q^|!9NPNwx%i_eKI;C*>qEqehzz0o`~9ynx|(AhEjPhzfT(^Y zd}*05#L};IE}d6Qe6G18Ry(GoFi>|p=zD_Pxx*|&73enMO3NT*b|3m75CvJx^{#IQ z!GelU5h>QQ=8q&L5tULfGbZb5m;o|Z2nk6yEw-UE6U(cRy%Q#(tzQ}oC^OH?Wx*OcKmBX^9`_9ZP50lBg{5gh@KRQ|oQ@>FblFDykT8fl`0 z(ay`V6h#?U`%oPgAMR}5S}BX1qpP>=19prV5kCC+AZUn|TBV4M*LUfK=e+*>VA&cI z3gObbVfY7zR_l7?PtK(WO`90-rHy73C_7j%`BXDvOfkjyl4Tm47e?`Y9+&~8Ag~Bf z>s-X8wQ|jZk^DX)#8oG2{>*+mQc=ABM`{Q>K8#la@xgh-y4d~T_x5`* zp4KYi$4;tLPM|VyZnGHx=|deR7w9f`TxZpKCL^Op>i_vJiWMI^hR`7C=(lB(6X5Qv zF1^0YzJ4&R)%H~Uw4BcT>v-WhEP7AKT`*Ez3&pm5I|8mz9Z<>a`4JJ*M z<+{Tj_}%KZfW<#vSfkf_DcIP!i-Y}$Bt^B_ECZgmaP}Ew4^!oeuSIqR@_iLFqNepd z67RJUnrvWzUzN@vPsr^;U&A*jkcnAuH13p_#Hi&@xfl4dDw5gTnh(gY=rrm02ZJ zxDp|#3w~RNz;NUZpQlk=AV4ZBE}!I?2x{QWDLLQ07D_1&e>aDRq>hJJ<)bJfE5`1% z`SOEp=7L%!*eX&lpZ3nMQaG7u=^0nnKx5ErF-Q%uFbvv0?1%mZJgD3gO)ZjnsE!Mj zlFGMyt9&63f_yoq42KH!7Iqy_FU`1mfjgG$4E*G5jdGnB_lm@x!@wxC4h# z!cd2+{Kuf!weFAd2{qk>&=s2-wr!YCy?8QT&)x=1y`;@Nk?+16O+7=nQEy1*KsUrH zeWGx&iIbX@aeFBHc7Gyoi8=_j4hcA3ZBMGKR{2^o^`^lK*Rd>pi9Mj`E_{=$uh;#QSgOzYO!;?zMpY_0>Lj6=S_f~a~sE$ zY`+z+RlJ@^KFjdPu+uCS^EuGn%4p~7SLf>>SA%Xym>ALAHLMid$8uir6}mK2kFUk; zGc8z9Qo6_WACtMUUh-_e&O7-5Ap=64zckCQVoICQH9x%!D3weQHYiq zo|Z|weg<-w+G5RU9P??G2VU+s&JbqUBS3fMjPE<*mYd38C*OIOrc7Wm^-lly?Jsah zrpWocUY+dWM5~Af`OGLAq?Ee#XrS(@%xY`1Waf&*5cD1J-u&`?< zp2wTI4q>z0kTE`a6~q}1nc=8hs+Cmirzwg=%1H<|kJqSV5g|U9OQH(yIW9Rf0lzv^ z2Dl356g8FssZ6<&%A?|EUj{|JUDnWftW0pE;t!nLuwYJ)2)N*%f_g*)V;IuQK$P%y znp47MOw#bt=|v-#AJYp`94hGVjWcpc)$=jksuCvgxOAkvnDKktq61kK4ki)E96Qmj z4C>%DOr_R_f$wkDDT;)D#IABp4AAD5B~tqBvY+H<-d(6 ze=m5)M;db9JfepoBlhI`4l)`$RI`IZ#U_i@r^YmX}M}3<*4fY3Kztpy5uMSY5q5P36 zh#ebBKkseThEb4y8i*?_Y|fWr@yaDSB!L%<)3*W2Zpg8!F6r$)8iCsk z1y^g|GN%*y0_b0`n-^J3Q0X-0xD zHNF6U^T{1A^z$&^pqW$TD%vhNRqxRL;=;5DR}|XnhTQ#rm4Z+Q-brpV`h z_7CNPEOG|DS-^SDcb}k@!Qspv6M_p}V|y3*;*XW?yZAQ4vi4bntR!tgg>77BH)lB*A^6C6 zlkP0zjxIe7xRwWwyTo9#@$9J7>G05mDxPLN-*&U<+#?|Sm$Ga(%Whcx4 zo@i@iKXY>>sb##F)RpP{+dbY7)ha}so|;f@F>D2f@tXfhkssTlK0{~ zo%?2*gIbDr(8pQqg|+9JNQEh+Fx#0T7Xcl61zhcPxp^B#{;t}lhn#b8@H}BYyw3VH zb~@Bv#{0ZNRdRgQBgDz9`%$ALTZcSzTJkuXo1e!)eMptQq_R}Lg1Sgd*P|vl^zwsV zS~|V`F6pH7(8a4QekA^AozZ46R9Z!6&)hQvFx)fn<VVKmmeb4e zsQc=Mek4jZh^W5ib$8_Sge!lZ-O-3NSX-G*sYk-+fvPU$tZ$)Fkm#2iDRipT5-#E@ z`gI*>fUpCnW+M!?ZrA&4oRXRafE~qocRqrjR=<5J$P@xn!I*pm2H2GT+ya_IvFxB|65w6K%Rc**ZZ!fAxMA@skbW3UGv1#|>jzfqk=ix;hoW`R z!@M$z8UbOZP#A}uR`>clQCu6f;yUMrXxjK*9gG9dUTPt5GBHyU=&T7wp5zxNgP^zhle+0IfR`IX#=%_H|4H|Do^Nx#9^_P3z-| zFqJTNErq!9r-GoZS7?5hhi|vQe}-auZ;3uPE1tFM^qsEEiMb9$YH@i95nC)&cEx9$ z7;z|W@d!<1CaqEWsD@lZH#Z&F{i|f9Fq`4;Pn1W~umkgad8{59LsyHga?Wz6vaD(u z?oOVrTJLd9E;ikQWNU{_lS>H&+Y%$7<&2Z5t$W{wnh9T&ZgbXZXopjQxy6>3*|ZqX zch{Z5Q+wWLBYundu)pXQMeu?~LwtWlV(@cWA~6&1>xyx#1<%WYQd5-@>Qrsf>$ znr_hQsdz}#jv2RYSS|~Z26x-pwkX6xK8c`Ql0t|oIe(Tt!=wx`6qgdX?N-7OFmJ(| z4By?&EQzUd0q>!tb4xj*uiR2XBl|-^knMxG=zfu006|KK;y%k1yrs9PHVrkq^WsuZ zx)BsMGR!ODJMmGKfbOXqhKu!-h4j{mZcSO%2;|@zGYee+DDkwlP!HN5 ziC&0KVD?Yuh+{cL;l5w>`>D^~9c{aUbImOZhM>NX+Q{eV8C{c(n%EX1N=>jhEoIjK zh|h#{5|K(4MuQ3rVuaCsBInx5J?EAy6ho1}DA{vE>TPHSYR&LC-6GG;ui$$kKCk~q zoK}vG+?BRVj#9+sDgY9dAQJYo3L25NjuhfbFQ(wRjf1A6+EsXeB@RjfY%&JrGma-) zQ{=t+-G)TatxrTS3)4SHD`rnpMxVi(d%bN-&3Y!!Va+OP(OwqCIbnxu-^0Ny8pnA7 zhE_b>vu|FM_m^D=hok&VYv*(!3eVX%yKXtM0gWgA_>-$WY5Y&<^aSRGmm{Y)zD%PS zOC6X=cW36g0ycZ_i3Smf4&@%vnj!R5NHAGbHg}{kxjZ8hdLTAQg(Pmi~myH^Ud<2-*~^wI&P|mRj_F zxdY`phZ5+;X(QSpn>m&nXw>z^Kfa||{6!1kZ$F>zUy*9swth7?^(8BI#E0GN=s!b> zc+tsRvuNhxJ6~&G{MDlEtmC|5m;#$zCwn zc#`sVQ?KzohuhW0xG#YTaY)4v<-YckxzbsYLzfh%iX-2~G)S5EZ=mjZPhE`_F>o7Qw$Lvl!_AU0X5wW~*TJr*Jx5f-A462nz{F7xqQv zASNEQoCuZFkwxjcZn|c0_!w zv-ac;rba@G8Z{iI!9|dmw;IuxC>R3uw>Z=r;ZGA26}zhHRyUTc$W`QaNMdQV3-WXS zX~6-wP1ni8Q^DH&*)F}SpClno5i)B%TmE*Z z!QUZ!jU0gsrsF?CkSGf(Ak$E9+X0*RQtMaokbbM(a~?UDavtNkvE&THp~;S8>0iX* zjrN3Ea*21uTaap6Cou*%H1>uh5`RLXtBsRO&WDmB&LUyrYE_aT+y>a0UQ$Xu;;N`s z*2bYSV+s<8)?x-zCC{|Mm-`noBA7w>6QdwofV03G{T?j%B$qW# zsC(_B;M69B#X%z)0~Dxj6YzdmfXmz4OHipED;UEMoO!)p^0L&&c**uzPoKPkVx?`Y`14mNkt*qR>LIRX` za)r#qIfWs#xVQz(OCv!j>~bLr!xq#U;=YIE0dUGLM_E6+*ujAp5M@J z0dFuiw~k_?FJ*n|TG|OG6(yua%BjE08Z~Z(4k_z@mz9t$uZDCS9oGZl<-kM)sx=Qa zm{`RQDdRtC%FdW-?`LUTMM&i^S*lA-i8hq2)q4tmRxT~pG=~YwI1A<9! zGy#*NLuo58<|UQ82|HpTA%Kx(aiUTO+;i_96Dat01V)*s-NKxxaJiy^2WOQHG@44q zl-AT_>0|CN^*s(rpX~6_3K42q%=X9ywTpFpZCeP2bAkMq&qQcTKZmBwqdO_l!35yByxpurJ*1J(p;DNjul8&BVTwp zr%c%~vMN|86~$W0=vO=0ck03|ioMM%*; zwoKrFT9a2RmHyryihFFcjK}b434X`F1IZ=#Njw%k5NC;8=_C@>SSQ75S1ZTdL;B2DrP?!jm^~XKh_8n70u!;at{=>k$vTm&1$hw_`Hu4zJ!_^g877jC9`j z2JKSmWsP*u?6zU>ZE;E+{|=(T--k>|)@1XB?6^movf;<_DTeo;FbR_Vk2A3`a&k0vbDSKEUOCAaVMUbc&BoLKs zOeU!%H?~o#V97#mK|LMQoD{@;E|tc;!FhXlIqL3D*dmLv0V}Uk9G21j4r!Z=v8>1c z6h?-%N~Ljn+e+G%N!|;(Nu99LpXFw?v}###wwn!!Gb^+yRfr=wUNAIDb&_N74tci} z&{JOtvnj$VLpNb?)%t7q5ryhR#8 zYq49qXDrQR70+L!-P4xt)ZDh*rTN|+;MqYAy8UkZFjs$y)!GAcHRxRqNWa^E*Bwba zhgcL+5V(C8t#@JA_d_%sf#(WDz;%3b2e^Ao=RsaFE-3EWXA*0(7uSqpt#Q7NgD#(OBXX4B2>_@2*Qg?9yq(@ z#Y8^v(3?H587^yjO;FSFzAG2A*Bukc=-NB$bx+B=?#1PYQmN-sbceZM)V+*sk`qfv7+-WRbNuHqHW&NSR$Oolee~ibIlO zb#yWkMdTz38J#ql%7v+wbk-O`dQbg?;#M;`{w$O?7@G9w4-t;F*7u=?^HeQJchLlC z@SoT^8|Oi)dnFzVFf~JS3fkIER7F`<|4pOVnR+a`HKZn68EA6YIF?oQ`6)ln5g z3ZV-yUB@i3y(CQ*E8Gw;9U+amL`!BT=HGXmmMS@5hif(wpj=raiw$jNzD!QW#BN+d zJjaE!A%HZdb7*w0WSlB?Psy8;`pZ}KZigI58(w;1ZPxLA$d>XdKN>Fl>A2 zND~S%m)~pa1*kwoDTFj-J9X4(9Mw<0gKnkN5!=6*v+R=6D|EYA1UJ112v0kN1T6=Q z9d6iynT4o>ea5Us-~e2-c!Q?{J#5~nYE*C&F)0W+(R8XIY-)Y_VXgSWHHEIGFkiN?7pqhVCVO=3C6UsFy%7y`^Rry9x6 zF{gBJYj8Q}-qzIFk{uA=*l-UWOjq*$wlUIpj4^ePXuwQLZUQ}WAVyIhYt7jZhgv>V z5%{LC9*P^;ybwCQ#F8S9A@c<3RRLQBGqJIcfT|6H5-(79 ze(8N+M^yuBPAW_4+F&Hqe3H^g+W^cb^rd2}_@tY^oF{RD7;@WM%XXk*Y2gzjE}$F{ z)j&}JNg+ig7Db6&1^&hwD!XsY5A!)2vpXFr5^3l)Xv2UQ1fR|9u}pd3PD0SMm zTIHD2`kIJ}sWXGkH`rI?_JYPk>gg~#)Q@jz3|?jk>S&cpWlNDfPyCs)1QoFa3015` ztcayc=P<08@u?$<{>Y&WTXtBkZB`EtwyVRl8t^>D^#(olyY9t#@2X!RXQTF@)2)!+ zqF0V%CdmW^FUGpwp1!60SeS<3#uTowHIk>_pBzl`Uz`}aYLu>aV zgU1#>ltFJmWFZ78E5?4Y5aLj5fWB&S1wHTpGL?(&)e~>+MsyHT0#g1l*(p4jpe-24 z=mlorQfTL+$j(}5r9)j*FHF#hBWQeG>dkAn-xTWRQs7_m>-67beBa;0)F=FEeT zw=#19!lFGH2W+l@c}`4#=m2;|0|&%tWnNyb$Cltu`kUoAt*m3B!4!Tq<-Ig#k21ZS zs!$=wJ;V>xyBCtJAKymbs<##s0FV^LGNiC4g6EN>9}%Q5rxMVN77@#jq}Y2Piz@=P zRBkW{RbyXl(H2+yJxJBn;Ium;gGNWH`D! zAGQ1Bw0qsXxEyvzV{*}Jzq{y?GgEN#Ui^7+arvP)IIocIb$38|XQVecyBzhqr?NZi+Ok}Mww4i#V405D%IT&|;yy^}nz4nDF`hS3U) z0qOPo-P2xs(ls6Fbk%%`S`#vP-=2{3?w~t@HpL6sO)dSjI`5A9?ZL;LfhPvHgUtSvE|~9271-E-#3hTW?J`3eG7jF}DMFRO zt@F8Y7D=Z}*6y!ajA?D1SvTD{vRU=a&28rtDnO80Rk_YYV;B2C3xCb~b!194#jjqV5_nIwN!-1TrgfkUv%` zs0dQ0yg1P_UY*bd#1{e%=%mr8G#U*;laMPh{;7OU^XQ9s9E-n6@8KG0TQO6m+^Aq> zF<(#_?HPRF7)}jL3Y#V|1xRs}Oodb`afoOyUuM5!BDu@>OM)i&RDH2lD!G5m2DP@E z#N){WKDRMMMIu-QIzuFv``{=`r5M1pz;7BD-^?sS#4Z(h9m%}25}O<8Y2bwD#IE}q zI4O5`0HET1C`KXZD%FbYLaKy~_3Gt(3K8Gtj1E)*p zEJ0orO(#?2ruV=>rQ4E#?zXREY?(gFi!>!lWw3sZ%_0SOA;VZT*1KX|Sm67b!bj!% zeyxM$i=&t24vDo&rRR)e_8hUw^h6vK`HH1+V}<$xu-vr>JKTP|iB7Y_tlP!ruw{lf zJYc@U+KV%GxL2^U-l(hK$D8z?>-m2Qf-KnRI*ei}mA(iPK==r{i|I+!-Ye<6^MGvq z?hSYVLtGZ4GENr+^o9028!Pip+l?!v`R2QZH1xnf+iqMwtPmNXS$4;ALIcTF@i1at z(4DSgF=-i-Q%FIwn63=kd5et;T~PGrG9G(7Pl6hcwWBKf3Uux{n<;fCVCqf&^5ZvZ z!c`N8W+#ArD82T7=nc+KFZ-p^QO%+)V+j3{goWrpdyfowd@Gr}jBgwUa|Vl!xYz@)6Lz<}7ELrW)?+?V6qTD8>mwk4dQp@I*$ z)Qaz?=uH;K72hGE@lyV@?xaGIZdc)2O=SR-mGc?+>;7~n5-3f&e%RU+xFnL;5# z-}d3+QULSViY=CY_M6mH6berQibvUfLuWK7u0<~eBe1` zS5N?&ib85u09`H4Pz9r{#>`~_(7njHhujyX($CGKlj`wtqgidfBnOSx^`l0!c~~la zWBu54S)EOtstb|+mJ^u9jowom)r+H&^I6Ml_Gqw)IW1peD-G&28fzJ7J| z@|))I$;-yct5=Oz$KN!XuTEaR`i3-~^3h#?NfbNbH;pHMD?7OVA-~cKI38!rqXQZP z!UH%r#TuUrPUpu9(jNA}l`AflUc4YZKSrDs__FTY03uoHYgir%rAu)~O3ZeIo zmuO;5m)u7+2EYNQPJ}NWoRHq~1Wk1&g1?Nn?{mKz=&lj!-?NbWQs8{?0*63OY3wjB z+N0+j#CQVf9Rk5MR6Wu8S`C{Wh7@kjh{ZH2RWa_5$CDX`BaA6It~F~%r79Vmjo}M4 zl*O{2@A?boQ*u%}sT~t`#vYpm1#|mpoObCwH>Acuul-~6ja_a2boxt z84WzX68{YCxds0UFj!~XlF)SH?29oc*+Qngxj1bPF7>n>kHjoH+x$&3v3mTz^;gCnOm)LqtYE=AXy*ZdG zwQzDJ$-k=xiD*K!S}H-1GHFc{+diZbPeK>CEYxyYC_=LixC|I=Rb{WVlwyf?Jy@q$ zf^*@XSlCaWK9!t+U1Ji>7P)Vh?wCJot$nAoq_HEYb*n_c<)%e)=C&kQDNzC={`UEd zM&i#Z8Bu5UA!IS_JN~Lfi0cH7%i@)IOVkEzk>)uQ?aw289ysxBi_~xVlGfE{>TVd- zasQr%JYarQ7m`)TW;DXafCjh7-wZ+izC^6Uf+HGHV48>AWA3U&M&hvhCEb^f=S0z< zaG=#{^~n=w?V_(XapIeQ>@3-%60;<>SgA@bQO*`$!%wTdjS!y@HMKH*o;MTsibkL7 zK1nK9t3j)TEbnG4B-LQQEwZT=%#UciO8R`p<|}0t7V$sVBpoa1?UwD@3n z4er~{osic;8N~X*ry+pkRiwIWRMb=B+01#27b@Zdtj~hvrC+1sETqn?{vftUovQTj zwGx4zNslnGDZ+r++|vmnFWnZaoX7_0BfMO3GGi)dU?f$CD#qqT7xa%N;ZmoJx&Kf^8W-Y&v`R7a$d z83u80mwYDPEZ!!WLBihL=kf*MhrWSdubuXeI4lRl>&{{EO`Ln35~!JfKmHH6RNZI3 zRg2r(^;&(>t=duXiND6x3Lo3;es$%`C~#aVXm`8c9S_@`?)ST2AZjAyO`+oS<6mnx z%5JwIkteFS1Xxa@r`~Y8U%T5T)!u7=qDi$c&-_VEF%8c$srr%z=^q3nwZBm<0FndJ zF&2?qHk(1BH}DM+CqV6eJP9BU6W56yk1uL)3h@NqQg5kfHs&vaZ)x>ujCU#&Q}00Y zT7|b!eX~M~RI6eY$!zK@-KrZ#@&PO>J|)$vxMtlj8frztn8re$t;x`WZ^cXoaV59R zKkk=33^?_kI>C^JLf~{3^zF+=VTHc)m?`|~RYmMc+^04A$ROFy@VYbSVMiXBx7jna zv5MFeZ|x0Iagvxvt|Jz*hN_v_+cU?DXeFc|fp>V~$8Vbz2JnoK20UUh4_9xOE7wb+ zn1(gx2CeT-8jU*4ow({{>DXDk1tmsF@0)8HviT~#ZQ$jElY4llBuh!bhtk_g>O@vN zk!AyBFbG2axKf_^nw{|Zj1nRAS0D(dOe~^Faem`T=n1kNCceLki2#P~E}2p{_Q-<9 z@Ue(gJ?zWdI7}$1a`KOe`+~oI`|ba$fv)72#;-LziZvZcKs=Lw{O7me7YL4L*3ei` zOMfo9cS+T^=?{iJrGVUsw60&fE{dDf15-v4(M)5RehNZX6Z01R()_h11~%kj{GZ>N z#{SkBjc>-?(RHuW6+QT#WI9tKN(b||;pp&%~X$!)!OL9Tq3M`y%lNz|*l^nnqtKP^{P8ME(`#Y(kGrGG=JBFma$ zq*@J z80^{{J+#=t>C?iD={|vMK#7cAC;CLldmggiIY9M>d3`nZrU z`sI_jT}>?fY7hmV%=(Fyn6lsNZg3|^iFkVmjw4e_eWdVAZ*n!C5Qz`ejcXI7(|#!j zp!I%d%V7$}`5 zLCkVWziS3vBOhhQrIRndD(Z?QOLS154uIxx?zmKp?o0vX)2}LedR!jJd>=z?|yA%p|fB6GpY0Nd@%E`4t`;yf1ed$fvTx-{>h1v=|kYlrM{=l$h} z0sQN<-MP8E?v6&i(=I$1cPHn)Q}xd)`OiUja`Ub?I8|4q;Ns~8^OHx(@h2W_kx}Be zqc$+y;F&=Yb`3t>Q9;2_{PQZJVZr-(1l0@PN?j9<3WVo!Ih;CfO?i_eZM*v}sxe;Ia+vjjElVxQT_{RIlJi!nN}Pb1$*NlW%962! zJS5-S?TMX}5yYw_;4_u$QlK1-I`LW0yw z8+ah-lH=Yg@ze2LYHJW!M4IRCYOz~IBt*^Ll18k!pjzN^V#^)!rXGw#;SpEsffAHObmf0GfWA)Vj2%NsY0fYpNjc;vA3HSPaf@gEo6_P9H^oOH)ui~`w= z|7aYY9B1(#uV21?`4|49CZHUkaT#kLYRIg`4Ks4G+$MZ8qGJP?RhHs(ujhgXI8Tsx*C6R+9shJle#ILw@G!ohNR(LNF4}G+`-H|LQo3nw~#q=s@}=0Jt$3lxOHO4 zUGPAdFA*p5b_Ckl$mq(DJ46^53VPEOnehkT;|`d*SZsisMd$zmq~-`x#3P%1XC&4L z>^l)zu=qBa)-qz3d@9J9RN~MuuA1sHzNX}>>1>aC2z6cJDve|k0SnhcP|iPNk2ES> zJ0asqM5f6C0FcqXz?$dB(%{OezDr#es1Gw%~<%8&u ze702xigy6B4G5yf79(vgJDOhdiZ6|t0gP0t>u86bv=5uN>K9ld?Hfv2R zcl=}XjZ#@a&yH&ic=7kdr{t)aZXi|lC|wm*Il&@yW>j3PO72PUk)<)wTRg2PmbMZI zTrEl{1&zmiiV-$Zl&3S@W-8_G0(0#>tEvG%#QcT2$zAT>=!a6(Q2MI(_?P~+-2d)< zH5QNR9`oZ%Wgf4soTaz>H@4jWjmA+Ueg7XFog5$ib^m{jA6xi5qJRMMTcOtOm{5KoN+4FyVa&r9F`TrWf)RMMJgaED? zt;uE0OjgApae zJOLNb7Aapl9+QFdRL~D-qehhaiQFfiPebKmWVuj)Z1q- zsLIwFO96|^rMvHai04iMfrOsIUS)c&c59D1jTdDW~@|Mb;M5_nEL z=ixFc>w5xDubH%z5vgdwM~P3`5oq1=7FHSaDL@a@ZHFc00MXmKT*?^;T&kPC-V+7# zzB`UNrUOI!iOy?`YJC}_kb5)Oaunk*@_GD#;gyvkHcWg75@Y!`mBC1&kWE{5pDCE# zf}QgpFOX-jS}T*>-F3>{JMej5i0c|a13}_>#A-uuK09w5Wys9kIih8o87Ul_DY$mL zpi9ujAXOl9=8Y${U6`N$DEe* zb5njm@71=pi>Dr&(!KeB$3qO5wO%RvHg*V18c~r zhBJ)$gRO!GrP;kT(He5kxBP+JOAReD#@WKiWFzD-!GtToy<^0)_?Cvxv7K#P;zlBd z
-I}YwMdZCFDdaPFPFw3(B1WDs$?2e5}|7l z41ut+L_cKxg}(Bwt&u{+lzHh4C1Z)_W{bv(<;q74!H_{+eZS~heoCt%8Z(NLvy8%5 z395!T;G?U%$hZg)r_z{ca<|8nPHTxcd^$thU1TcpsaA}8H5aQglf@xoA_WE;FkDNM z?F1G+F-BVoP;b6{4|8%jGhuV+vwpT~lcp$9iF8XMd#nuKq%cE$C}!I>ah<}c$Fxv5 zK5(c4=8t1t3aoQeY%8(O)RaBpPSMYKo?cYqgLU;8sZ?GBe14!L=gt7cvYAzx1$^0- zT+%;?J1ud(2yM6e1c;=^gL6w^^;F30Rci>n0d+DUo=K!5DDD39S)x`6msq5B-t%fz z(W6I|vS@7kIUK;#Vijg9gXXkLFV0!#NLyXMhE%Y1nItB4(Uw0`Vy|(?Ee{oXq1Sm1 zaBLTlPl9gZPgXYH@dLXO(7QymS_7G_%AMhkfvjP|ViK8%*iv|RUo6&K+p0DigqbI{ zroaq1^fOYaQjE7AmSe{plEcxafop3PfYoC@UoOFlsf#ebNm$KVgZ>HD77qvEk+5YZ z_-Y%mRBRHt5$Q@qdOv1juWd(?FJ7I5nOoSIM4Kdc-H0YYcO(;T!_Q9Vo1rA6Nr{$y2PnugBde$Iy^y!j8oH2-^df%4%Y>9a+n&@ZuLnSW#c+C3fMu^|$;W9T!q;b6^rHd|;X$+zq!3{jFFF23^#J&Hu_4Vjb45zZmC znm)DTf5=_A^N_cFz{KZT0uf;_2cSCK6V-UwFB=d0C}$H@*u#!0@?^>equJo$ZocSG z2HNC*10!BroNRQ%Mw6TA z>~3gkwnj5{Kb_A(OjDSWp9V_@(LHa4?-r??wY{ZOn)Nd>Bp^qyE@D`V*VZFei9A zU+96~jI^D3^)Mezphj+{$MP_Y*zI(B{b@8FL*v?p8I11x+IF7zKaM81bG-x?SaF+3 zP^LeM%=*<^t;S?Odvjc{&XG5}5o?d`$9)&564@>{r~(jP31orE*r0nu3%!_-PmHF6 zaIPLZx4nYRZAyn2(%p?S(lXg0H#)k;(do|{e3$q7@dJAj%Ul+Mb(;K>rpfMUqC2|M zZ3n#i0#pB=m&-HDXtK}b3aX@_SV?X&-+6u{I+qJ@pMm4Dwl=jq8P7jTESeSRW%G7D zqX+u~!pQP%0uMEWnsEPI1Z!_<`5MVlu@F6CnJBnSBV*2-1Y_l^RT zDOVkFeYCw+>j5!wtul@k3eJKg_~Rgv7Rm3xD<;a53OX=-HAHG?L@ zl8AjKb`p$mI?Sow*@;7N*s2olZ_h-Bq@`HwMH+*s#bX6Zf#(#+tHbj$N_1;LAkj!e zD@_Uj1z8zZLAh4xizq8D0dOlR@qV!pILa^cJz4r&u-Vqm8Vly181qGyr(Aax!q56O zFC|>>aMaT4o18eKoa(BN#ETF1F^p-5Ub@csbeAn26HYUk6_LHbAIYWwIX0i2@MTEc(GWPn@y##6!RTcF3k#&@+^r#f(H^zAhc1A zjxGCZz#8d=rJsIe;1zHn#sKkwKv;+312Sta9LOW)$30A~iT#q69jVCjE}Zp3Wx|3q zH7J8Ni^9J%z_a;?((J%u<*AOyq-LPp9AkfTKnM~pOiB(XkO&kswgc!4S1FVXLxVP< z7m6q~c0r!k3U^Rl%+<1F0 zDB}c+gms^aLhSaS$8D5~*_wlBS0?EPwstJ@eF^nuvCOR=i?c*M^NDB72mD|`t=wYM zV-KhD>i&w0JWQ?waFo=~l_j$TtOL#xvEd0(;Z%uLQJ5No2;I?@2t?@Utq2zfzUy2A zE&msAHAy{E#Q28G)JqWXONW9|_IbI?Z9J%V!8*?dV7i2t{1V5!%Bp^O zExV6<<3nGw%yAbd2e2{{M^535xYug^2ElX)`lBjS+p$sQq`=ZA2f|pv^m9L)f)UNI zkn31hc7p@3p+V;ad~cG>2~ZTpaOP4QYe}mvN*j^GDf^&ES7iZ$6m{bqA3*7t$lSi~YUKmq$W3_I*jCooHq~5>H+8FZ@mAX(3Xs9& zip^JQk0ZKOj|PN?Kf!Ys)!$ut1)Z*z7v|k#!lB~>x~U11Rg2M10zLV702}B55diNq zv%yF!Z>Xx_HV>$FQ$;K;3u*Fl{Dt>JtPW3u%rcKWs8CT51>9*pCu=GiF^UD=`vma| zSVQ`0t$OScA|ZiF5Fm3(C6cUSp9U&@)K)$E7zU(`xDv%sub%S+uDDyJ;@r8GVVmHp zU$UReOy)5ro3~nheVIQyFT!`u(o$x{UtHK8L3|#AwZiCEZAX(6#HBBJAcP2^S~RdW zH(^6TQnSdk?2YL$Eu{!5O3zH?mkwG$&ngj7Q!RBKM9oN)m8p3MrG+v37(|L`^fEUB z7aexk_56LS^$&JOIAa58aAf)afnj1g90g>#unCC*5p+Co;L>`H^N(IC&-G zdK&P>Tyl2L5i{{MFC%EoKiII;QZiz9GL93$hCHXU++XV+y{64xtM&I!PqWAa%VwML zT(I`vBh}h0sDX4e4QkEmJ*WakggYF2me)@PoQLOCe=@^R_C&-AGi~L$d$sE)*=RYI)5T&0?Msc`rr7he)mn+G)|Ij zULd+iKi!lvNx1&0keiZ!d&RS58S7tU<&sD2DwBoGx9p?LHZoVskFjg8d>3vcV_fQRe2?<8meKGk2V4g`kKi{_3Ni3Q|J! z0I+qfJiM>nZ7?eRkBN9jW^Z1iV3?RkIJ)>5tW1AJk@ zJAps^DY7M( zzwtC;S0dqAnMdqO<*DRnA4K-2*yxj^H*J}0^b$sFkSSj1A8zy{WbAXfQF+22!-Jxa zw1Q9E3YBg24g>ZuwI8^Oo;m?#z4m-?J;3=e&&A=uw}6fr49XES5agFWvE& zZ+O1qnf^JE`hUwz7Pu_fcncl^=)Sa)qEK|MX;BCAi`sqe#fquoe8Dy7SsUm;kcr3Cqjb+4!o5Q|{*f5ht zre}0mZ2v#@zIC~c980r*^C=Lj*==cqq)5qfRk3$wgQjSkRT9M}CA+J8CR|`9NTQTX zu<|0A6@Hj`f_;d7vJISrYi9DIi(NH4R!mI0m`EgW034j_ceq#qjTg}J2a$xZ;aR+< zb@F3=Pr0NnpW+s~q!GObnnoEMf#2jB{hBjHF4^X4DSH@Ey~+PdGr1V!dm4wp@dddS z3LaL0lri~p9&*x6C>|Hil7x~ACggdTh^6F-^6bRF;X>Zbu{Xs><$I*Rci$SW&U?m^!A#d$+HBosWX zYu}Q6A9_L;fIep?ToQE~k-7m^G^xv?i~~Anq?+GPb}s&V+wq6xnv1k-aXl^p}DfHzsgxGQqtuK${)x?UL|tJcI;ZoreiKh$jA>gW?Wu& z;~%VS*<0{PotGZJ* z5i1eNOHLj-TI{h$6B^L;AuLL)WuY38!$BOgq#=oU^j}*pp^#bd zhm%iYD#ep8EvHm*kdb7dj>z&==y+zKLt~WS33tT1N5~s*`Fx?4j>qH&v7m9x(rKQ| z|6=8sHwj|_(+6GOI_AiCvjvNB9LTr_X+l|4WJA|1BHcTF*Z6_XW~iJX8y;jdDsj6@ zIY?-v*sMshd`?TfUhs4(upx5K$qK4?7J8#$!mW6wG|@b{W$MENxh1A~WSEM&qtG`b zFBo|npR0->5K}2;=B;{3Uc3r!4xN4;Ba^8J zfO0%c@k0t4M*j{OG4r7NJ?w4A_b`o^@)pS1N6N&PK){)s{Mjj)QnY0ZO(}IU zh(lC_B#R#{cmyF%TF89ISr*e}r&c@PEZ9{WRntS1?364hpF3#2a`d!hp!%hyE68T*vuOx zy{Ad&PYJPXc#P?EIyBG3h@f|bu2xJn)h{~{UFZVTc@}6gjZyLvGcuz==B5stG)t5f zlvBl)MAG9GNoqcpEfU7iS%bNBsmg|ccr{#JGGz#7W%CE=Y9)A_LB6!@R+Xo?7v85- zTf1HTI2qLwRUUQwCV=~6n*gE)f(7Ntk{Zd~5k#Bh9Svw4aBB))i4^vtdCM+N6gh)Q zSPF;P82Sd?UXxsb)&0(NTK%%)V2cI9#vZUBXS|ezlPR165LZJQu zZe~xL+<;MrJG%HQxns$OI7+{Kip?7@zS=~cZ=ie+OspdI=hT;!7gDXP)dn#MD1>S& z76~6xvD1*5tB|^_o~`MU=2LZ3WCHsuFur~uN-jcEV-gPY90W{75yd42E=PP#o+7hPPKB zr3t=NZ|iW%CyAWtg6<`A>I(F}%=rVorAdb3F&?~4!lz+=uY}}5iVK?8Vin>-Biq2` zj)$*kNMrp|%E*wW*xY_uB;?>#cR1KvHudNJP~p_P{Y9ix^R?eoJjFrmkWW>kXAw}H z6>^2lVy|-5%L3|#m-m)X@%{e>BC4~uzKD!!zW3}xDviTqk+^Kdh^_mWnqQy;Itlo>kOfY58>=*Tljg_d8m^O7o}@WdfDOi+c=r8wL~3v9 zLuw8&W@k#x4IFACZEvf4ywHuFmuxvJ2M@bnIwObeBQoRjJYnQp{mGur&m>E_u9Jm^ zFXVBW@hs1Lasf0z(YoxpZb86RRWFT}aRv-xM_9y$;E7~E>Mv)xDOQY(ZFZQ&*9}TZ>7j- zGwghkOjqMez(8%C9WjS+cro)s9#x?j#dWEL(K9M-Rr>3e)Yly};GJjBN!zAkK1aS< zWxAS@syAR361}${l%7_-RkvrUZQh`dOknfZ&-It-C0urDwdJ-FoU%=w9E|i}&uK;v zFwH+g2D92q_jHsrG{|!XR6Xu z?-hbz%mS9CG+Da|u9?NGI82Y69jps&LB}jqHbuXsdJ4r$y)Q$Z8#IwC(`UsU54W#d zH_p})QdrA=ry2>-m=MwG>u*hE+@B~6T{59FHqU7irlmEd!EG$=BNop6;$o_tW^uhW zyp1-$I0fddC0=K1f?S!1Rl-4OX2BvBk(f(fQ@30P!UmnBM;aOMU$SHrYi_&KT_qx8 zL1CTMwkXmUYj&%O%N`-ImXhpfqc&m3ks1OzGgg^J779Z#XPCYmPq2MF#d{zVSSX@2 zPE+HFL7lZJz}1vp?|$(qbrr~Qgh!;iq2{W_Meqn*EXFAho)LjV$&o@pHp1g3w?)kE zO;^f4aFa66E8v#&@n;A<18U0@fXYH$WKaHUNn<((|B@v_T|*2T!?dCyFPeB(h{lKQ z_BrkMG_5#GFOEnTah%6E>56k?ger5~*CY^FhsW7c8yUVLCmN*iWAg4;vN+te)7@|L zHnxjHa`?i$QYy3i7Y!R{`hRgG&#NAKL{mVD z&p=q_G4wn2v&x&b+NeLi*#qmmLS)vlTDmsUo^a=#TCHys4r?PSY{ZB8C+p?<(>#V^ z$HuxHdBd@g+2YZMDyRx?!Y8Za_?67&AzSH70K6r@RB=NEc|?`txk736Eqg9)c}8LpvuweD3wc=f z8rHfhoUh=HmIINuGs3EGq2OcfH&)Zj%G=gA)?g?~QBLbhB1Md}Pfxzny4Z*%`5hQU zRZc>vY@l081C*goQp1T9R=Xi$d8etmCp?N~c|?{_N<7Sij2s?>A`%CnXwMUodaCl_ zL6Ao)N_fmZ26-y!0}9T~5NbT>noO^WGN8FtqaQ#8$XIt+J1pFW=jZ~_H+^ZS=Xp2ObE3gA~P4M^Jbku z%}+G5!S#eIdL+da5pa;qjlgB+B)d@%fEBi|ib@&~0#KTai}q=NwXys{0rAtV4kWko zuQ|ffVV=k|*Ido41cp8sls?>7Ma06*Y~Qf?)1uu3Q0OqL9ZXj@DNCdB-0Q6f*jCnKZlEF2Z1Pd1C5hLHW3|NK(9Q*3h1)AGz@{xD18v3jd zSR^kML}NrN9)|00ElocvxzbkMy_sB(yBC8kCsAMR7WTs0qqBSA zJQuU_(d?LV@N>Ibaw}GpH8j9i<=u+vgid8QvsnIvCo0|}d(3IT69hxXo*uO1fPm8|YPnQUMNZozvi4} zAf+=^C`-z4j3xvkmCWbSMMD!+FzA+pMGg{4d9-$F`$`Q^-N|(l%5#$OK=!f_dCC?d z3N?y0BIB-%j2eS9s%P(tVOrXHr3@$QD`EuoOlEOBJXE^+7EX0JTW#2GS*4KxQv$J09C~>JG~e??n=l1Lep* zK$v~@kuFz~#s^tdrZXt9-~ywOQ%Q_ksHM!pogKi?t2^2c@CLED4T_Dql+CH@m?Rtz zC8R?Ry#GEhQR5DD$btFyfmX8B)!^gk1Q94NhZYg2**-GC#2P!~0RPcEsMQ9;^TE>{ z!KI5~s<)_MOG(@b#-hJsjn6UstcTt9sl6z@)djfXT^`@)cP3lCIr^192iD zK#=8Gu1g2piRcasD8w!TqpH*H#GGijT-m`rT^E5yy;4lRrKZRqE2nAhaVYxa!bj_f zP{(8TfLc)dc*jfILJFL7l)qv@(wt}B6=?&Hd8%{%>pDmfBbD|FbcQH8t>>#+U#Q;0 z#5}i_x!1LC*cc5J5Vk=g*D%8wcK(Z$CMI+m+RY%8)Ls_}L;u(^hXd*muUV`8&>hKpY`c!f z0)#AL7~eYVzbAk1cQ3lb^M{G% z+obMd38|+D-bz+{lT*0LSqfrf`}^-tt7UGy$ZhceFiM49`2ci0Z|%BZr7ANSl=5t3 zhORdN^%I&qC6OBxa>@3>ctgx)XVZ$qWzd6HQX1w}XqpXfzo1Cl5R5`(4HI*ms~# zhL+YHnF|vMB4xp4%T+{^wKmEg)yYyMQbCa{Due=}N{lHKwG`Gj%5+$=)LYO_$BiTf zxX-oPWH5Zw9bJw44`*zt!`VQT*Ch@QF#QgBo5EN&^M8sU!#lOw#NW1xcNL2Ff^E_i ztc=6Ts+P`M4$gMFrQ*ys`jqN~Dv1{yjmn%vZM;L(Ed~5E*2=8MSQY;6;TU81W=?4u z&e9_|)|s%-#8~%J$}1YQRBMf!?+stx@UNbI%kyrs2s(@1*}r0Gp{jWGBJE$cbg%Aq z)h?~h?tsh=a@fD@caJLVr}$cTNN$FMt0B4UU%u*(m7hZ{3fTbMzK_*=BkcPTI*uT7 z1rTs)Om1QXur)xWrUU#krQhUqXDoCS-F#c9TPTqi@3+|zZPOzwI18%wYaf~Tmu z{6=#%>!R%&aH%e6N?1&RI*|x~AvRb9?6Cr799ka(hwDMq51oQgumBu%bsVHzWyGlzuT zu{dYA)ohJFC(0WfP3H4Q7>-pM`^bdzG@Ov`O$0K*e{$<=rGql}s(37jsTtW*&^3Od z2I{irzge2mX~ffoWi`c@ftOf!Y0t)X%Khp@5gFHy<%%YaC&8*Zv4|V}8w*%eFAS&X zYfbYNOYYEOrP!bzmY7+y8LWyHy45#9x-+#+4XR?o0J;Fnb%eQ_C26Zz;f4TmBrFpu zTCzx(|G6hw8sv~4m3$(=xr$B}H?*0@syG>!yKxD4j&tQh0By|F(CFVNoGO0D$oFT* zFJ2z^d*o30@O+wC(^;y6OLQRwlg^f+bF@fc*!C)sCXs5cxHH}hFoDQc7}8W6)Jdy# za(wn349hb|?EYfKvMWxnqucEw1pXpmc-j#ZXgTEkXv-EXEW|PRXY5+6D1?h{-rzpa z!}g7;XJtPCKAw%!u$Eb`AD4UY*ym1_Lf7e(cqJEcw~LwF?F?&%zez;CB8>-?ii7;n zrHF6qF0lEeTQ3!mGl6?NaTCJJ)nF8Os(W*w$Dy*U-K$G=ePU2J#LVhQjjcRXS#9ma zA=_D1mYlf}i8i^ZU}4nFZDBbYmy8ntLx7d$bSKp{=Clp26fOtD+gUnWi39Q*TkfI5 z=~~_2Zj3Y@V=NscJFrBlETBgY+#&R~osU93@1imS(hn7aRFN7&Cv1BM?s5(Jr zRlpa)EjCv1vsg=3IgzB2<3yR$DB86R(6nKr#5b5bAA29TsA}NN@v5YjCZj^luRV*j z8-V$QvD94?pGxyrbdo2CqqJ?TY=;_43x7f80>%;f8W<{|D5QLer)loK0{@L~=<2?i zII5Ox?CzvWB{HGcPzwu`f2q*}54KyQ;>7QioVL>aY$J~WMz4|&wtv92s2PpMWW09) z{j`klVEX1Nh8#SPA)SxRh_ml0~ zx@Y35_PJj6$Gx}R;dS@b;9_w7Q=Lq@*MrIHZtwbP{1f@>O;`Tw3w6u!aA^8DoQJ0#N>0K8K&dmi)w;%oEq#(jZ^uDwIk-=k&A1Xv|0J0DUDQm%gK9}lH zW&?dSaV0;9AY`gCy4Mii*^QVWq!py0ACZXSWXl&7rRQw09s+-|? ze@uo~q&FD%ZZ0R+lC@08U;>S=#-uy^iCn!VgX;+yjj!H}yO-p=|E_;=HR_KiiR*bvCY27obK~4mjxM`LJsHT)!;-=Rk9Cr>c2R*x zKDHS}Qu(|?!>Yv}Rl>wHSN^RXZP943-4$8am2Ip7!-{O8;Ppz$J&PhlRNu$fx!v#e zra!*y4u9G^@WjULps+t>a~{Xa1U9ij;z~p{ewh(VxPWYLk5Luk*2T;wi})pzP5Nsw z#`E{! z3osOcuWUr4$=@?}8Q6sFBe-Lo*ia`k(G5zEb-pE;>kt)SWsbb3E^Ev!Qc;~dVp2^a zYC&CrEI~BzMW8KK=r2tWJO?hQh~x?)P3tDSG?v;N)GN#YY65&eM0Ae zF9Z_MS*ulVwOWMbiO_2NQ{|lY$)jW(N51j*aFcW$%v7Z}>aem*%$Y)ah8#GKqyeJv zX`V3%DNggL)JjzxBKpgh#qU@ocZI(sc|y$e7n`+O@Od_1F3RZ`~ z5GCc_Q|+mg6PRwun+CzRKxIJe(!lG;=IL5)ZseycnqU&U8S9FA>FyAKiua+Mh2*Qu z7_v8VCF~r(rDDu0I2~+YKfVy19GW*7an&n`pXRd}T;YXqI=^NK%A)8xnW8lPfH)|> zFBQ<;jSa?@9izHPJyog@>qlJ?X@wUu%+q+@lLJw zoH%CBfmLP*akwd0%#Rz}XfFWIU5D_a-M5<@G(Re)U2KOfv$EkKk9DlQJYz=>0xKJg z`#Su1o87Zq|7Qcpf*W0jD5lEji$MYyK7#3DhKMG6#jiULk*(i-4;jFK%VJH&enW`9 zFnMPa?cV7IS)H`M|E{GRJ@C(NkR2S=i2`U=!*P<(Ky%eHj9eE?r>i?cTEXR%FwiWf zYa8vn!^edwDCTp8jJ>^ypy%W4sJgiV>7C%AHg`fyy{%t<`n@K&?&8Sq1kevv*8Y!! z;hXcT%UbQE>F|~bK)>Y4#^^wIj|@e&P(ofIHx9v^AxaI783d1k81+$~4;?j*hHlpk zHcM#!_%Ox_BXj{@lR5dC9RwMujFeJM>V%SmbG*+F$db_*bGxbBg1}CZJqcX`1c0Wj zAZZIQXt!b6!lo0Lw6_%m5I1vZNi!vV(b%=BdDq(xI77dw6n0+9zlK!z8PH2EC?I zli8LjNQNSl%L-X;S~@lnHT9~6cpwb$Ba=dRVW_G|dWTY|M40<>n`xKt?S)EJ{*@f9 z{8!+mWcV2tCJ|#}vc(pkRnU~Wl4Mng_Xq3(s=uJ^1Mq=oP+dU>(A0ILW*wrd3N(mSYqQLFvEeR9?~J#Doc?HA;*_3iOVtKB}T)&AuC@#(S=PH7_mr2i~s zGzk{R<9_%2vfo^We|nC;R;$(e_UsJ)x7BJD{`chc^sM!#_UYN_%d>X-W$WZmt@ewT zFJJtLw4UYbJO1)CqsgCIPySYMa{opCYTwA?@z4JYu^k|@!4A-}F*)o_CP$FOmDOtB zd_x9th7nSb#k$9<7{!v3waCE_gjVM|$yl1z3A>|FZWuIMiWp575CS-*DL%NT30sI9 z-E$VTUt#R8%zy}s?|33&rC@&Z4Gx@~vyAd6RoN#2{Kg?zI_0Srq;}E(@eiQD92luF z&4;HdVky!Agl6anO=jR~Lk4lspzx^gMIsLou@D^jX7DMFev~k{kW-$qv{q|WzINJd zH&2Ss=q>QSZk`Dhr=zH(X0HW-Qf~pxXe8#%T7wK&rl zOmXgjt_l`*Rq{-32PBC6XW}lauIlRaq=4IFRgodhL?Uk(qrw#SM8(9KguE82JR48R zKO!FA{>R}W%T{UU`1t<*zR9P{W+0ZwD#-EJKm-R+)Z=(E`RVQ7zx&YszS(MiJPyPX z-Uz3(nXuV$CRRL1j}tcg5G+3gX(|W5Oq+{r8Q~=j^}#~iiOmgb*|q2#A|Z*0SP}ME z(QNx-H}_w#7w#s$6H&f2$Y864HM9X`m2iZhSLG^9$v(N8nxtd|DEApN7Mk6ldhOI| zpCB4ewS5O|Ne^V!s=rUH<|owyNSe(ZXjgMP*#D?_a+k(i8=P_^p>&ZYIAqndXsOK zy5n)kK5p!9Q+GC$crH7x0g{_?Im)A+uvFwp z0HP@FIVaT8?mM;Z0FqXh_;f6XxyjF{WSAmOMZ`L_+Rs1#T%#-g4r`5e$X&a3%j2+9 z`ciGlGAgOjsS(Ib>X5=ds!3^6K1EREOA)eE{%3=X84cejJY$zMUe^c-=!ynBTg#_J zGsX^Szu~g)S&F}}XtwB(9mW2Q9>mM~OYnCiF_k@;2lNX{`2R!h5zxX0&HxbtZST zb~omp9pgO>^K6hy5%SquN6CaNL3bF~vQtG2%qON%R3#@Kj@|*B1-)fNm5pFT+{Y|| zq#=#m`3@bI%pyGqk&!uO4gpB6{VZ6b%wu#UB#ef~_j0cuvyUvuQEVnKGL<1KcV}|{ zQT|`!<3IoNpZ`ft$XTn^YC~u82l(+HqjzfX{~@>hLfprsF`i-54t%#vznY|ig8#IW zGYNst*mcUhDSMf+tgeAOz1P#yyshM7Me{%`moyIX>;;Q?vLcN!X%(hHg2hsV^2z*P z^TH(6F+ptGYV`s_-;9oNMoI?*U8;wpcfBL65u##>`VE%<836!SVJnQ@^?);NlmtPu z_fPl#cX~$fOp3;aejcr9RP^^WRioVDQ+17s8SkNNV3boq-FTY5(bMquUqA=yY&U4)}#6uOt5cK->1k8XM#v}A(c>w95JGxdN12ko%Js(~rO!_PAhh&#lQJ<2df6X` zn$AV?2O(uaiK*a~1?BBohzT+vxPv@%u<{dK8#^&t+d;IeJGSf1ZVKN$QRV8;E(*wQ zz^^EuObQ?q+XPc|tGr_gpREgHR^EXfUKAJ}0Orte3HSURbhg9Xj%ITB_)W|=(Ja@G zj#X->eEjor-B3`pKReQKr&jwHvS86tr-9mLq|sRA$z1+#7OD6=CH0epEd`X5P_?~& z%%?1gS;nBo-%7-gU{Y051Q!O~bP>FO@vrd7CLy2_%m~dhkp?tUsUYb6v+>q;0tCw3 z$(2diJhx z2c8+0Nxj`fXW{IW7-k|9Q3%7OHA(Q!Zm^#cN%Qmhm-MbsKBg?a{ea#v_JIYne zAc{~I#6+VA6!X*QI<@~r9FM5c*J#CS=(xcujJj4QP3A1KOt9o6(%w8lmW(Mpc?aAF z5m_J*OUk}co@OjT=(f;JVX_}k&sGV#g;yfYQ~+N)ZHk(j+iHaAawC)bhlT zxBug3K3z6!m6ygUUHxp=Pp-t2|8^X#ZY6V`hYEP$I`ZW$h*p>wlDDO1o= zr?!^IwH7(-M^)FwA*ZfwQ^kU+F)ybDYP zAW3G=9cd>GM1QRlw(=C>0yCD(Xu#@bQh``uIM9lwiqAR0p)p^r7#4+87#J|)4bzc~ zr?+XU7JIH!Qk5W(3}<)Op0bP@fuQt>vM|7>G=P0zZ+kg@c~kL-%~@YEE;s-kGNVz- z;JT;bRUECyLS(O{*1JwKwzSWo2Nw1mQsc$kdwcbM2>&|o_C8#_>yO8S^FI7A>0iGY zoa=wysDBRo*B@RDhUZ`^9rR?=lwI&R|EMI5JYpR(&f{*{g{vM?1R3W40N6;npZG-aqCQ}+THLMBp zqTBD%CKty>^m9J2ag7yYN@N>3p|n$L5W3=)Obur%IZ~Yz!PIl?3ARf?>T8gd2zANb zm7ED@vXeWOOjUzCWiYpIz9D1%s%GP%-2In4hFnn7v5go2z&{!+Hdr5cO4@H;HFx*1 zH9lq~LT%;_R(XeAxpLt$+|<%+9#J>&%owDq_qa|<8dHi+*HX#5>Ozq%&ZYAcc{S&d7g^#eIyhL#gKF zGq_X!A+Obk${xe_C$B%8HP4zYBYLd9YX&;zDQ$)#IJW=!LG}>i*QEe*1k%R22=b*) z5R^O96^TB(Or(C2GSLTT;2<8=e(yNDKkDD6_|J=echVnTUH2zXj{@Bu|JgciofP9g z&tA4$U*kW&#NR)TkN=}Xz9EMybUq}PG-C;;QA!$;3t?lYvGje z*ZgCU_2}Pm)qlxvwO||0}+3aBS=5Q>|U|_S}}mO zvB{*g)tjjnP}Ae2*=j-^L7k@i4SCH!vb6S&CS2qxndWmy;Yj5pz3gv!nu%mxt9?@4 zeIn=b^PdoRX3Khfa&0tP>H`NQsQK3GsJx4NIvJ~**8_<#y_B)hJ~hET`C{U8K2?I;CFaDcMpyE@vEHl-}0|o{^Qf- zhd^%S4=Z|m{A*4lgQMJB(`EFqZ|so&+O5-XefjUC{cY>pukzoQ`197bQzIl|cPv8h z(LunH3@n=sxlLe0G*HPSh8{XbEr)69dgh< zxs<;E1VD!zyrU6Uz^NMa3HoRfZS^5{c@(omr1Iw)J251pd^XD`3<|1a^kmH+R<^|$l-)33b#d3b$+$v@lrSD*ho8s#i) zXqU(%WIp$ANB;M>XD25G``@>xXQyA!|Cjia%PlwChYzm*i;##;StR#e5-fPe0L6!- zXfcBf&xC;oBVZ}+>d@l~*WmF^3DxCh19CNy8f~6hSKhryZdpQN5wfQ2gf7FEFYxol z;h1v(Z4T6LdXR%SV-b1zqA}$eq3($7F!8JCh<84$yYh!WaVN^L#DIL?iOSvhNr17i zA4r?}6WMwtXCN6uJl8++>{EzvyR?WP4E=P~J~V0Eop*q%wk9*NK}Xl$t_h-g0twTg)-DRa}eF9gs9i%V?U z2u@?wvU&|MBUwJzXf>FzI_=_%k^d!7U(1&E>TS5lX8( ziiqt&iWGaFK6fQc$4_?b-trqKW*e4x6buPQxbhm5cdaf=;WP%Q!r4${BZOczF+6#y zBJqCAr!2yBsPvYv;AOzeh!r*Xj6l)Vgwb$K*hijb`}3x))Y;CQqI8!O@$P@rt|7mbRPJt*Oi|@Y!G-uVTXr^tf|%^Ce+#7 zP1zgDtqXBa?vxh+Mbctp6mNN&@pztNSwoPU5mz`{u;e*bR0THlL>^~buL>140S&8| z&CuY!nOF&x`m^ta;l;{q9*1gFH3t2V{F;kw!vI_&m3Frul^v{dy=BUq$YEon8~vi) zmgSSaG*LIouOr_JL?U$`kek*JJvRpk*;%4v9S>P^-XyK&*%6>WEqN4i`4(>c6d$)+ ztz{j-?cm=Kj%yLiGC`Vc_|{R=4zY6AR33R1-LnTRE}`W^$bo$WWcE5^X_*-4sTHwC za7z(smw#kwhxF@YR43PU@}^EM>*PnE(MsI2q#|Quzkj;6WjCh?~^E!FM>*SKx z$&dUIGyx#8hi?;jZ5vhc)ru*2OQ=x)q%D&Eq4&s6TBx1jl4RE|`MozrkftMpP&Hv$ z26Y2Ab2B+jDZ@ChR$l!2HmTg!eADjaemv)~iaT=vrr@3dV6Occ;V*Z~LCiBwqqmH% zMl19cHKlF<(4ZMuV471FDXM3U~!2N2T*37OGRmdjGwz@>q7!4F_0FubXt^ z$jun0LPU(l4>AtOabQeur&b)At5q5Nx>Sc@!)N?Ks?7KyT{5@I<3SA-1|H8x?|L(l z^d^&@%E8?sQEz;&C|c`=km0X0#Cx+j@mg1Ub!wMu$@=-!97=Wwc6scOH{>uC59M+fGb9DM_dz4Xd6N2hf<=uv6V#i(3}&o=C+@ zn`V=_539G`3z2)LpNgvCsmW-k9{gC=HnyMAXo_bDFUrHFYZk{yis(zJRE zZ?@m~vh3Lz^=IJFc2-Yd(nZo#?@in4Iasy2)B%-hKW<%oqquP$Lhr+~OU)g&z4XPC zz1g-J;)7Us`JF8j+mC}+yzm4j?!bQR;C|4u#QPLW^B!*IewVswm7MsHVQabuVzn># z_Fvhu48YH2E3%8B>sC0M!Z~}`gu0`_k8D?%lG}901iGUEaavW6Uo~IY7G|Gtn!9ZMkY&$;ThC zFnEKFqI}NdQSa^UDHUGW%Cmr{j(Ts4e6LIgMxD~5>On(ML~INeF+FbiJ6}5f`X|_Xe(#9>uYX_vzW#mv+wbrH1pom5|Aoas IgaEh$06FcE#Q*>R diff --git a/CONTENT/helm-charts/ibm-dba-contentservices-3.0.0.tgz b/CONTENT/helm-charts/ibm-dba-contentservices-3.0.0.tgz deleted file mode 100644 index 53a679ab29aecf06ad0e89d46e883cd036e56542..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 64026 zcmV)LK)JskiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POwyciT9UD30&X{3~$Pb5GlICHfV2y4^ebJ&LR(+O;LEBqyCa zGbaZkAqf+TU<0Hb?M#3F_Rm2T0D=$6PSTIryRCDkCniClPyh<`F23CM;w9}xBF$Nv zD<{b3#W(+Q zdUpBz?Cf92>6Z`v_^(homH%@3#bebc_uu44GyaB2#YK8W?#}|6W$w?*@G`szVx}U= zvm73cUfhylnlqV6t{55MrXja9rE9j;{~X3#H#Hw`#Fkx=O`d1!>g43%;UVP9Z5WB| z2~BCT%Xy?u3U$KLlbl7HR3u`(J7I1ByDNKJH^522BMph}6T9qPoIZ2iW>n@WlMg~B z@yS}nC#HuJzNKrXPDU?ohlAVqXU|VRo}HeCf6Lav2ex|HC;v)7ZsH0Y5%2Po)~cuC7oz2|frfAcKpk%8E5nT$A1u*cv-v1AVW zU;o>m&cd^^@bv3oOL>}8o-zqQrc@&pmSS)VYXI*8e7+B!oF@sBe)s3$cj4LB!M%NS z5uS#p!Ee1GfB*fezkT%oo+brTKhFj52>t)&?6OY(zd8Hn^mqFIYy7?<*K9?LBqzAy zWF;if5EgBFJj%l0E3(*dMYtlAyzAfI^j1P{X`Zu~ta!q7gKHKgR5Ef;C8x`TDUu7a zWF(_Xv6%2Q7i1?2NpiN$5}Gp=22@6ytAHRiyds?o(j&J*@9B8dfgplM|$-e*OMv&{jx zl}Hltz|%GKp72yRq4D1e1@E_dfRsf{DJpken7?FO0kdZ$DrB-FOGyDYtDH&lb&2P% zL)ZvE7EI-UbwZ-7xFVOQr(5`I%eJsVF3-+yc|b_Qx4hEwtkUf4^!(W^hgE$oB>yjc zu_k0HV$v^ip(2_v8Bp_2p6cyDSgQAXd_`6?Q5uC?`f-MvR_Pw~6P|icU@OWs%LmiD zyPPNdzo_Pyrc6dG&Gqgk-<|>tgXxe=rHG3N7%Ii`T;nmySow604>cq?-?INJQg%g# zd318O7zBj;?SA{3(d>t<0wnlPKH_`>Le^3I@8j#y7`TU*<5$<$^YZBregF9neZXSG zQpIjX%o6=#a2rnF+>J%5!7ATh5gJ7-%k@;QcPZWS2(~J$@mh)^Bcto!D{nWxp~+S7 z6(KRUz8hWZwLJ44y~0PQy3bpY>htgLvc`QWx3>$dMkO( z)BT+`I-3$iYF{BQ1~{&e&oYEmB)t2aZThb`Vu61Ex0pp+7Ndm*7FU|vMSc}Qy*iA zSgTNE_gvL6cIGB_Bi72$-G%tT(kt?>iC7aeHp%s~5)E^WDnMG!Qca39j$m5rL@a4S zGR@PfoTU-7GgN{1urkeD7EEulLNT*Zr&8Q=%@k{l7&PeKr(U-im2}H;Ch^KViD^!k zRIxz+cQvt94KR-KjLvnDQDWqS5Fj zPnd0@Z|M5_(co4VWfLB4^`G@t3-&Q*A9LF($3N?>UI>w^T++<8TiOQ=sKy@TtF(k$ zBWZ5#5l!@Udm>iw@8L(T^x~00LiyHk6@}(0mOJDqXa=NJZ%W+}+h+NWs9Ya)vSl=wCt_!Bj_q; zGNp+Y`lmwXSLD0XZ%=D4lzH>)*+uXbPuG$u1@}pfo_(b`kvqMIazQk!l*7&#;TOQI z$yjr>WFvsF_)0SgJ>;T#>?7S~2@4Yu(L}$ZX)1Eqf41pYM6*jWWtz|B;>5rbMhR8w zill3ver#`a7%O-k-&Hz*noP_iCP zfo<0m7O1A-1sNIBd%mW?*alw_+g16M6;jQ<3V>#3x|_kx-Fz{ey&p~g^oJu&2BSP7 zYnGE<&yg?k_rH^H#u6>ghGX~ir=LhqfC!$^eDkNy-$N~jhLIihr;Z&@=^pG>CY?Q- zJzNz@q6h7ekdU8#I`-!RbKXCV>14L}oC&nfK=-KreEL`T$ImbeLRhpBq;sc$iQaH! zmxkySjbpg++E;ckpTqb}>RV+n9bSsZS5gw+P z7Lv9!jn$Qh)bZqc`2KS-dl0dyh}rZ@k*je_ye;y2v6#+VH;Qhhg?|kipdXMzqr9LA ziCLD29jHodbKre-AOAWxPxRFOtqnErVbq@&L1(`Zf-)&S?ubVY%u%gPt3e7hFpB(x ztR>4#C;uSy;RE^l@0sLjPX2KA)7QrVA$F%5tI!`zcUOOK=&ChR?X3{0|C4x?$M665 zbhY9s&v#*-eV#4gk^BGR^x}E-{y#r`_Ra72|F81<``=IgNbCxeo;w^>!6X)uI*CLY zu`Gvwl&YW;suW+Ry-dVCeO^zPd@>$Um4xJRmg9PBi(6OrbEQ23hg6%naZ+BApciYS_Mwc;!evGc=FZ)qNF zh95J{pJ>Ut73j(spA54|lbr^fCP{NR`(-Q8_cY-#5gC)3@l{u3ly=EjD3#1pUgq=r!Q5Z}htlY`hY)~0(Tr=Xp(olJi(YROk zr#GOa>6(#0d|vim$}jketaEY%jsHP%S)>s;BmW>g&5y}x zwS7;s4Z8DYH|7+yJo=I|GPQQYJ%{8|ru_8D_Q(U{>rH+I(`{*6&J+!sR{e~>UvI@* zR;02P?W^!xUr)dPe&OE}_`eNHGA7k$vwx5K|9$hU&i`GUUHs1f{Te^u|L*zriYS(Y zLx*Mo{Go65`&;kX-+w>f?{WIiqHQnA zSg%x9eX3XBVfugm&FOia{-0kwd;UB9|22NT|2NGtb#i|eeBfz(MXud?2V0iYnC7&! z@qLC$Fd!tMOO_a(lxEozyQy?R@V1;9>&gYZa`#1fYyW#u0@o3R#t!KVwv5N^%SESQV5^QI8HZf-YG0Pu> z{80KX+80wj&-%mBbWnY$SX4-!?;r@|V_qUl7HMCNMLH8AH{Mm1S9gj@aN|2Yb1zoP z_{{0Yr|z*TvMhnP51K%Oih%65r4@bOCur|V{bL9Md(6_DeB*DNOvL>(=l$9U#EJBu zs93b%TgAbdH(@)T8Ee7h_NwyI9IbhU?D)U^8ijIX&@9j_YrNX4O|ZYFR-x?mbB{Ov za*;v!5BN8Bsu~Zy|KLOOO;ql0r#nN}aMJOpH9QJSS8?*wPgjlCIbD;VekxCr^J}r5 z;f*g!w{d?KpFlBNaIp6<9XKZ85lfL(pY%xo=Egnw>MIgutaKp{J-Y9?)Rzx^ zhj06{KHQzkWo>)3--Ot#vfjixgFo_Vlohq_e0TDv!GT|V1{CJQIt*a7^(mq|7!@x$ z`@=1|$@A>MC(oW;w0@%8Qt|646fBRY6(2ImPj4dtt{^V%@^rxfu|1o^`MdM-!%j4q>2e)p*gUQX!aIknk8ZU;k zH~q)X!2tkjQ8J$f#><<#`Rktnh)P6G{Y-i`IPZ9xK$yqRroMjWuSe7AQx9facu!c5 z?RgweFz%-v$3r83>N&ibyqfF(yc&&PytIng~v_vO84W{|D zKR9qqKMN8Q`Lt)#w7~N2{d98uzWtthDMdrN1f#}`t(qbpyqVH`bLF%}Ajupa6_D^t z4Gk`h`^O)(Q0C7bSmiV?RG5j_>sE_SJY`BvrC2imd(ASxVtKX840<}5emfYRyk<1X zH#Nb(g=xpGUNahd;%AljNr6}_9L;t%KsiJ5Yht#cx>{Dd#JCl5(>QYd+X?*8h;+)Q)$)3{q+OOf$Z zod{!FR@Hu0vBX}ZjP3j4x1LBM)`y_huYY+EZBXU`Kx~uW8ecDY!p1B=0I6y5TLYT# z<%x?wJpit2^UDKlqG%5QV_G2lmZ&|vecj%9<8SVO4(h)8joS*cZd`MDMgG3ut-tow?+9w4 za9?)4{!<{ugX~vD%HHe#x5r8iv|kl1dvD<19xXM{epR#_;FNxQ#592WRZ+8tm;LS0 zQUUDexRE{!JFUFsKLK+1&qiQ=_wWB7^n1Gh|0biKnGX1|_^*p+m-YCs=NI4n?*IR5 z{A!fTOK<8^u1b_Z+2rK@e93ZZBL>Q>sZ$YqIa7a@@BzL5Y9Ry%UA{ltk)Dv(Ow%IqmnXq-$!K|6EUEXy@1@Z&X(C0-Jzd1B0R_!`uv-$sCv|%jaIOk zk%{NZS&c7OU@n%V$JWn*W$qa+2g4L1ESY>H5l$Q zR}XKGvB^UQy+S05i@za*gtIgsO@F8BU;cZX{^v~P>cp0W&^Lj8(#u5r)T`jJ{GXTg z`cLN<-(37&|LIrxwbK8oh+AlXr-cy0Ug!iZVUwK=OSYlfoNR>n(77V8X;cwKOsSta z6u9#gI&alAj;yy$r&A;Bop#FJF{J$~h^hQbXaWCAh=1Fd!oO4!6#XUqv@~S+btP5Q zU;g~()82P~{Xc*C>tDippr8Nl1KS1ln8;>Uw9m_nMh@k$I-JGo6S5i|h(v6QLF|zZ z6q3;k*c#i~h-+=cw6=!e?TLA7iOH+RB=){Q(A6geM)^5H8cllDEAr=#+H|_4(~ISF)7lRVb<<`MxzZQ=i#Y+8Kz1+tu^{U~8I?A#~jUqDb`wO{PE^K`$1HG}a8D=|i0ie5jHu@=U&Iky(>B%(2YX$nj0YmcAWS`FpnF+;IiB-4Yc8xlwmyRhSb;OTN zTHyyKyZYW?QLcgDDgL_))e|6DV7{??9bW+kBq?hc>v5sFA_CUc_bp6+xkKnF^zCEj zf$QBQBst>z7?($Fc&2+=@m0RlS7oHTKDs>p-^VbVzQ_^rwxc3fIZfeCR~sssvOV%+ zvScY+@rcu;+Pep5x#aIe(IH1d!oOta*k5&;0#5FET49t^ng7pbVIZ`N~wLPE&=# zVwFGW?S)1w5{Z~~-PyxpW7rKg=-TsN#%m%wQGz~MYL1}^I!$-@Ofpp@a6VR2Y{`~I z8=CTn+5?hHnkvi}VKx*zNz9)sLJ6V=y6aXaXsvG5X+~n3amb4ez?o^TS*itZ7FQ?i zQ?E#*rfM{Bjd*sqEanswh?moTE98d;QP7e(Kn!$9@3is=@YGJj9RNg~nbwxZjJQ;0 z-sNOAOIK4pTVBq%{Il?13U-BNVcWiolllg z2|GpO1*WlOk|jGWS9}1(EqMz2B&Az+Y!{uUIg=}>J1bUQ?~ZgxZ2+aQ!^Emw^?@ek z=8kV&@%kBXN7ft9APQ>;k5I69Zkb8medWS-b16-suNi5k` z#d6DYLp&_sfd!*A?*@`cks6G85K>HVR*gYmuy3m6%nib%*)em zd(v@pvd(;X-#fA_Rs{5%QlvcU>Qz|M1oqK`)ZeARd=#mze59;51+iPnAxh&ZSLI;= z{HyN4tH{wVe+-d&Fp(|giT*gj$^+h&sz zXwoN3?#QxSO!0MUiy`VY0>rlNL`|$ZW04a|{IeQ%nn$?CU%P4B6Zk00<0DYh$8Bv; zvZ0DB8B2*|5d%uT+*QUY520c|7A(yZJ!~XoCZsEj;T=CDMCT!SrP(Sy?7&Uma#mzs z;N@!eYO65g9W$RQGa7A(hajR!$a05V9PkD2L_w(L@G_PcG_l+7LC7S2;F{M+McRXv zSNtCS>_w2lvP-1c(InsXR+6zU;Zm}D5oto+xXo?yuv|E4i*+?SnCX4opmZfU&x&Qj zqhzNyYL?Jlw|tT@iC3+HCx)@`Xw-Twzx=ZJlb zSeEMprt-2fDOW_HKy*wpoU6BbTl#@@$%fuD;PNa$AV-VUO7nSwD3&B$^IyKrgv@ba z933!>vf&DW%-ES}6yO@!QK4p?z8cbGhgjCM%YX(R*j5qZO>VivPJHY-x@n8qb2yzV z$pkrjCFe#>OV?Dt1|nw!_oMQ{a=f(^O7#F?dK!@^H2;Ku^OR7M&<9oU zTu(J&SkhZ#%mQEX1U0I7h`_;}fPgC_YM1>)<>Kt@wCs9pfm4N2L3&!%ooHDmD~y_x zVg-%zjF~IXa#eUc=p(9E&+ZkfEW;Ml+-*LGU9Lb*jFA*P3(1W6nxPPe-qKx3+3Hj% z5*fF=O@$sE;PPNeG~38xUTnL#k2FWa^Nnyfa#d``D|`z1MrAf(({TV_fCu0)cE z2fW`c?Yat_Ty=~yEmTg{8eR<^${UhJJmX9gEuZyu(xLt}CQ9Lcs7n&x!!>HhTzX@o z;-+M!wH&48cU0;~y@jOM@>K5=lpg);44TBbEv@_1qWhX*sSN0+I&$QVELl!@+O>SM zC&GhtknS3j^9FVUmK&lA1+Coe*fqPmtI1-_G~d+qmlX-b@5yQdPCt5{Xe5{F80+BCyUWw*daOlh$T$) zu`^?6mfIW0KV2RPXgMhj%))wkU0KnSf&m(2%yQGQR#72Z z@Ks4?^p&|TZ@^~%LUx;2rk2<9v|P4SOA|}0+DQQh;+{!dtbD^|+|!fXxwT1!+(JQi znq`d25bP?}wAMtkx8A@!peXH>d^GWdSIwbR!7*nGDAul`n|Id+jbr_9spTDiM|!LjMt(6^P2@A@9b~)=b4G?UV7&K`=OrWhIONM-a zEb99Y5wp*3(Tbu{ssOeXl=a8})D&OdQs_?1JbaLaBr#t>!8eb~ZQwQ#F%Q#7;CJ9s) zk;dU z9Ax#DzV`W3L^H!?0hr!~!7h+>jji<&zaNWSf8?w;aK9`C3T67(u0g!h*9d^7ii}Cc zVupqweGI%MF#{oYfeO-`l_JqvGTit(b3#BOW8ehnju;SLhY-ouRH9v}E_)bTz&9aT zSO!Fe=tg4s=vV;d%#r2xEJ7Ob#-N7mi#21=EmIyxqq?quw)s;?TM+{r+f8dB?v`37 zBc@tUNZ1pSQ6(Vy4VSb~x!6*<188_kVx}U=mu4xP(81Tdsh_o{$*!BZ4O*@M#MJYU zTyq7Y6O+2tTPihPcJ2^3P?tMfbX`N5(1(%?z$$|9Qfk4v<${^BuS!slG^~s|A534k zb**`>s*8I}1X%n!{W%%UJLE-wKAKzPz8x)IPwp1vZGSfFj~AoioJ?lES$^`8^vCbW ze~iZ0UBWn8fYEQXoCycI5_@XW@&tjNlv+BqBM*ow5Qt=x#EKPJj21V;E*Ve8z0vsP zY&3o~yd91gU2;2|4PN)hi~ftz&1mrsw$RJbVmzFq`#|6HG40P5qru%xe@3Qvv*~0$ z#M>6Fg$YZvtfn%NDh^f$u*{%TSluo(%cRI8*X%h=ctr}(mBRijDXyn4MQx)}#TH~0 zORl;4&@7M(MBUg~K^yBETARWw?!9kAa^p~{Kf2-Q6uAq@NZ-7K-Rr%p;lMspK@w1Q z<{KvD&QrBmOI9vq?yC$^wodq(r4c*sI%{{gqRMrepGWum5i$yj#4O=UVCVq2wG>J@ zyM-MxCp5|xSjXGX2U5?<^&uo#+9gXk3~V$4u(Whb*Hs<9{@S_(l+FQA;kZD8keT%!hS`|rN7jyxeg`+VAKH;fZOpmVm8iS*Q zHgOA;o^~Q|!>)yhA9&*H4nGi;i!7sS)&-uR(14r7rsxHctctW`Zr~DZ@dSy)cB?n9 zj}IJ}spBr}L(QPq6>+8yr%b2uJqIJ{%D8VR#SIdybA#y~Pr!E}=|}ob&{(jPSC8B; zFKX{lyxnNly?R{h#=?WVJBjl7%dd=Ehn1nXwDZ+Ets6b%2!-f%snh5uf>Cwgiw@p2m^e2 z9hdV1kCrs?tRar)Hf9k};+n^rkd|Z=-~~>nw4#(0z0?$W+ra3AO^I)y&-%dQc?aCA z9ByK^Vrh(DY(x^bsLrX}0wuD{wZme0oC_&SYnjm;Q>B>H$Hyp9yG_0Ea%Y&0azZVnSbzhqsKNnSa1Um$JhE^ZF7Tz_x|F2{8f&?*DZA6j8n#Ff;80o;fwmsXdJ}YXM z=Jca8go03y0EFZ%BQ#NhNQSMAp43utXp8$snc}h_b^)82*~{3PR+p@FSpf^FtH`E5 z>_D+s786Z_JNmAuT0V{Qiw2WX#hpFgV9wfIoqDEJa!?s<_`Ri+r7`i(yWMX0SMq0D z6u4$({VO!T+3QZ~&gb&@d)HY8>&vLmEgR2MBZdNLbUVtiIG)rm zmY^-86_uUc$TW9et&g~z8ZYVId3Xw+JcUEw$9ou`v%uFqwv?V3KuA1`-|G6CF|A+h@@&BLOf4qM= z9^Aekjz4FNgZ}^Lm(NZw&TIbv&o7?;UjO%3`Jw(H2o}C~d1+m-2YyuErLL7iKSy-6 zEs~sP2_sV}){<^jNQV0QKlHu3a*Q6re0rpgOItS2t&QG<2ca$GFj$s4c^#H6kmgec zG6IbZp$5}7RvJ~v;e;9|%sJVzxTeI7sOCk-W_mcuLr6Wh~l0C}1WeP_8Mp zW*G~mooU}GO^^QX+4*Jf;^OqIclPYqZQdZTpFpJfk^8IIE}1;O3Pvw(_bzO|bc4h- zCP$ag&!6>X-<};G{BXF<60u|KQ$I`i8njnaDsvw3jHdY~b}`SX)RO;{Mjt*Oe(%FO z#UxoUx&6d0KCQK0`msoRWf?s(Oz*iADJ<@%bv6(v7N$8u-~1X5S$S?izfWas4+{!f z!jY`66{>Pp{`L%m;Kpca^h=;PLC{xLNnMIAPu{|v(e$R@LAp~>D|rXHs}G#@CUZ2E zI*kzu0GICG4IhdWO}dHnkiOQ9PAGfQRR>yidaV z`hh+~OM^@1PoH|jZ)vpQDKoCOnri8p&r#E(w~C`pLK0Pa30jvKEgeM0bkMdoNG~0roz(`esp}n@>h}Hp0o%QLLE0zegpt@0K8O zgsAH3UE4JJku|Y;iowys+I^JudjNSAJP&r=Jzs4Eq)mkg8op&}LnR1cLK-J?=kO`P zaYjh+l&At^RMSRWN_M3+6>W-ES71dyXH~O;PmLKtc~m(x7$K?c{CJv3qp;H(YUxMC zcr?S`9fuc4PZVJ*?bfinTnTo$L&_Aw*_RATMj-Fzj=ME>FlPfWo}CSwz5%`!>M#iA zMzl16CiedPS~;Q9;K(pyD^aBG97b5?k>4|N?I}?-L0hnB194Rq_C(pB%j&lOT9JO5 ziXx4WG~Td0XVP5f8@`0Id#9MvMA#tQS5fE_W;Zq-pSCq6d{wH*E8~+0^iT<-sDo!T z-*m}R#OPl7w?gi$u`^>5b%U(Du$=Nd41!zDq1%g%j8c{Bvp>>rE6iRcu*vh{p~&O+ ztX-9x9x&xdQJRVguoC!;;-)O8_x;rULBA zsBS~jZ~55K?+|Eh}Bibo)@RZdP-7_3GWLg4B>lm2|oW~PqH8w7al zO)Et)hr0dv>J8>7VW|&4j1i1GGeM%TNbreW>Idcv&l*@VeRBu$V1ubWCQGU~3e66C z(1CY+_iy61odyG*ou0y=hRGyH*=DEUMii3VbD0-3IX00^`wjy3q@apry+e<=d$48{ zrxDjoDz5#x`Rc&Jw^K?Kmgf+$My{#aEQJ=D^obj45hs(H22`anNOG({vybPfPcb>& zRI4EOlEutKbK7<>ihZvIsx{;&t8_i4_k8W1UcWf^!NR&)WQc4Kw0O&wDudXRJ~E7M zM220=O>!-A4RlS&o&UB8jee9OLsMxnOxJq7Ulhp)GJ@C{vJfIcFe&>RC2u%;n2d)S z)ho>2MiX)?;=;JH-10~YeUFieKDg|$Pp3?7DR|A#SWF{tVy4$eI%s+Q1~=#@Le=tB z3vBy8tn82Jw-&=FGrZ=x-uVvC(}d=lG93J9!1Sh|WS$GD`3rsCW-OPS-9Iwi_3ZNU z^fSJjr!-4M^x=u0CZdR4(@IB^jHUCOMjv`MMSRSfr>H*s@OD7@`BpsMYNU8#7Gv*R zE?UQaOLHYsGW?h&LNZCN8OumNrO7Vmk#eWb=iUcmn~478^HGubz(W1AW=FF=Kpy^Omcb5)%CQ`3^AJ{F}wXw@@;tfdEc@ha>=%gz+4pcQNCMpX$E0_I&zHAYPP z-*&oHft9Anwl5ipp}s&>jPwk?$hcvCX?==WBC@Sj=jTl2z9?(-DyDTR(q8GL4vB^C zA#u>*XnN=slszWE7aRrhB86vIjz8vfoeIUFD>K}ZrO{?f6G!k>w*$zI?-Wz@Tqfg2o^%x1%xu^jJ*u<`JtUiAm@K3PtFqpm0Q&%nVGH1|=Sm zu2{cJE&?7i&CYiAO|KK0GuZyRl3~qP*VRJ`Y&2P^O7v8mO{e`Mbxah4(~@uOjWwQ( z-;ZA0zPEP16;BvgSwW0;Qm3lw8QU&H1C1vjR_?>f?kNKaDylKC$ANFo=*4ZfI@2<) z>d^e`+BM}}EfDR+xRLcrEkP>Ws)j-Evd9bRox3ciIVwe0{3AmF-^B0vTFiaJg=AjS zckTrYqXa58W@U`5$^^_)8ff$(6%PrE*H)iW(QHXZQF{iMcT}md z9$rl2BfAZZvu+G$o^^hi^)0U++3BiFT2-zf>+f5XAkfmeQ`$KFU3uz0*+?ejlfN<6 zMeA40;!*|L8Qt{9#^mOc@7zxTlsIca%{IgLW7c`WeG)Py%L|!S`2cYA6*8_m*V!dQ z1(g@nSsJr6r$bf};&5CH7@qvjtw`Cfx1`Yr@~WVK71puZcsoyxX~6SMe+*Q$)F%SZ z4&@@AMyw8Eq5H-3>?$~-#{i-iVZ+t_v+tAsHix~^MeqCIXo+24kLH7${s{bg-+_;B z|K^4af0)jObM*Ng-A->t!)w2%T1L##cyM!fJsQ92k{5RiGM+5R&FFTt7+#abq)QgB zhxX%l;7;5gHbW*eG8!+2vzNo!a6A~oDEiyS0hqk3hulDmO2|!1uuT`RL}tVJbU0X$ z#RP_%52yWEe=)pyM-0``V_grw4~`CdG5QZG0Q1WluJX^2q*RSV5KYA@JrU@6%XpR z>kccLN!bVfRnW&6xWE`=>6!W)LBf~oNba({2SQSy7&h+}IZsreb}A9;Ub+r; z#kPl%ZEr=Dmf*HrN+E;5K-8ssB5 z>NG|%*R)B8XovBQZ&Wp)2&=aSxSfM_5~KH@HkGOn?2M_-NC8W1{4>0(7`C1hCG4Ix z_V+e3ofjOw!9brHi)a}xn&g;SIA#gUQLZfA|GfYV-KLQRqn7k!P*ICD5m>uc+rDc> znw4J5z$7nh3O+H;^X76HPbzm`=_5ZJEnW|2?xxk3AKr7_@;?2Ps}rC7n%Ad3!9W-E zMw&<(C5%jpTuZZLl%j70XbKztpEY++f48{vt!yi_`>OwWHQioJ?{r zQD_+uqsM=C>{tY(lf>UZ3a#=knCYI$GB(SChLtw-BAeU2(!}_XCU_i@xn^IgKAd`d&l3fb zWn-ozINHwDZn?v=gMnTtp;m!gRUVfCE@SY}xQB7Obu|A#}8k63p zG8k%$or)iccxCo_F2KFu0rmzcFyNG?l~I}G0<#+`(IqCqAWP#ilYPB$%`YVaPtU?7 ztu0dD(PA+jw6Gz#=uhJ@x}Cb1{~0_+*YyE1dmpP=d@19hVfZB(j|R1MlwTtd*3y_A z;5I1_87*5jPDAA&S5&l`QqU!2Mn(%UvaoPEGl`y0+$5x0GTjW#GOOGWfaX?VY3%dy zPHB+SZN_97EZ-d3h^DZA%4-*cjC1+{0#qVeIHzBFFE~ncHr0Zb#Bl~&;H^#K2dLC! zH(^8}M@J&kHIvp8&Br`dim!15IR1(8!tD|;+1MnHIg?CPl6F)|LO2Hh*d~%hHGwMD zYo=U6DtGUdA`-xVb_^uBrXAUL5om~fzM(vM0z-c8GLag^fMh=wO!;$VDA9+9e-S@zC3d2S~D_k5U)8UjAdDK}zp2BUTsE zbc=h2K9rcG+whdugBxWxlS$GlAAE7JwkS_s+vPEaS8QootY`%G7xdVbA6Q;yK4{L< z6x=vQ9>(*mjz!hw!mL&05R?`T$!I-0DOJeH4@A1c8@%c%-Z9Cp5|gvXdAV;`Nqk%Y z#yw`F;_2EIrSS4Vl>?*{CU5hzLe7bMhAB*{e8eHx48N(-z*Uq8RY-OP$yE=mLKiZj zVh(e^C!5dJQ&1bO!KnMz5UF%{g&)x|+I><|2pi^8_3`hLETJi+{L(bIOH?jt&emY? zcig$En)O}Y9IkR6DNIL0C08aO-KzDKVoGiO1he}w6*V#C?RC!}Nx|9U3(;e}JX9H> zWcrOn%#14bD27vDXz+@$cuAuV6>4m~5%v(|FFeMFoXo93?%=Mimkuc1`*{v|tIck% zCH!~aq1*|)J=_SbwjeyD?c$(E$qjLUTU~gi2w2w&hd?kD!z|Brw{s|X;PNS3xLbmg z9>>bzY)lZCndm)`(G0{zyF;3bY*ND-LGiJHk4q|o^63Yc+2=6rvAOe0DZ{yqz=c@S zB#%pOu2x>=Hf-87fhy7p?X2c9(qQjBZ6zUX6T~1iF75e!w_h7}Q-g#UQR#AWN0M0> zkb(23yn1}esTW>SSic*es)&b_D8A(ht>lTV9b<>B2he4>+khdJ;a(y)|AmewG^%=+SpM2rWvfQ zm+kW4N(I62qZ5~nfBMV|Wi?4Ed`pgHxWJGk0E%6RnklRo(Y4`T%UxIhzpQ)NS{+kX zdIVQPY8k?Wys`dQLLZc7UDicX7F+^9%$olpM(dd2?o#M`o`ZJEOtc?wdCGyA(OYg- z_UUh1NcgBwTC3zlgA)TvLXd}H9U-KvqROiRi%f$B*UQ|B`w272*}@tIccL1^a@fbR zOYXvXScyS~f<+&(WH8vp%^x9IxM+}ac+7%TYCCJA6R7h?a&bkxv>Gm_hLIK233kTQ z^-05QS)|4swq+EEGel%RHQK(Gl%Vkd72|pge~9I-EWuWBmR*+dKq2X;jhqLzw;v0p z52(^)b0ff*&F@)S<1{OAYPBtHG+8!f)Q+T(e8Os)i`?)L=tYe@GUURmgXAcO;@cw0 zY05<5v%J;5Vc0ZcjgvD>?F$ccvxyb-ig_kG zaJ_ILd* zpdOC$GCAmv6IP$q&v9yz$7?-JEwRa(^nK*pV(ax<1L|qB-*bRzbEm^`tq_j-+P0(j zw?4HHG}MxKWcudr_|UsA+4p)olnc`cmUKatel1XB&MY*(q21P)_B=y$mkVnV^5($O zSjaAUA!!jovV$;s}Gk5b*_4=>%Yfm$nR-izIAWRxg){_Pac|15A!_z5)niEdG6a3v)V;Fwjg7Jo ze(OFs&^MlLKZD4$&!iQ$m-lni^1Y3Zcn@fNZ`H)_?G3(*OX}ONQYueQoSeVGsc0 z=I@L<*fgz=zhuMQee#9@{21IIKWmo;WyGIrXWTt?XFR(6n(Mp!nmvLWrN zpHCI@n+q=gJ=6`4sTca7-PZDM-J{2NeJGq9^VrfF;qEb-wZHhF86hIFw)l$jX`ROq# zOY9keKqb9I_l%sKldVYejdSYjTdj$i3gC4M*(AVRWJ)N*m_X*NZ|aie4~*FysMSf? z+tW{+WIi*#1W04b+U;$&smoW6IUB7cd|Wn(>I4Z$6F z=V~bL$~wCSIew;nv1;@YYFNFP5g1h;tS!@*16NzLEvYV{1gsM6j3#w03Nq18Dw zyL8RYPmu}9l0uQw@Y@UXr}+p6)UELIOZfck)P4W#S@>PGhtt*`E>8`VrwC^W!MF7u zo`2KYgC5k(;nGZ^oa}es);js79Sl9LnF#`N);%q|xp-FZ=5pU`Y&ZIQgvRgavH{Pt z=k1e%uM9-CtFu$Tuk-G+=Z)U>faUcDofusE-2h8Kw7)%T>F#15#!Y{gLIPE;cK2QP z+h%urHjx1@IDZm{=JJpm;&XsQ+sB~QyXeZ*5sezsn2SbS%?}gjtA~aY)u+$ zeC z?CipIc3GvLXN}%2+k3n4db>O==UM6Q;=I}2zDuI)4m&YZt@L;KywTsYy%(TATW`9R z4$q!_*X*$!!i&?&jLRwOrxhHYH~ZXkX!9J87DE&*K7>ws7cogxU6*!Ly&_&dc7q*2gU2;3l6r11-vX z8ZIaz*CzVyh38ZA;g%Gstv|R_tHi_{YKuQhQD%ms*yr`*d)fTVJn@OkbMvRyQOh}Y zC(j-{uh(bKy5H7%{pNIUuX_&QWwYPs&3?}>4?z3avGEbn*7qTpeV|Q;9=)x1f8Nsl z=>bIBKD-sIF^csOzB_Fh;n^cgSq|Yk^)^ZaN8QV|K`!ZZ`mc4w-pWwz4m66_iaUb8Y*L# zq#;FcfT_b8zK+g5Y9GNE5|1|3rRf74RO(esv8)t1LQQ`QMXzN5tOV^tRF&<*u+E>u zb{#)~?>2>1+>ERI>{B_$nsnik79JS*dkpGWR`A`r)(s;~1?d`DRhg*~`y2#8KP1;| z#ZyxzJ?P9>CKS(w+;z-ep{|&QQL1`sHi2HUDhJ~-F#f>XmmW^wM7%DHgKJE4syDD6 zyJJ%eUxP^E4~NNZm3c26NNAzxJV>51BGQOqnz}7bcO7!{b~3v?2J@<`hx;OIOI?1A zN*c5;Jf5Pv=bzy#G8W{P<&sB1Pvg}~ovN}r zhzpQ3;pFJ0ZMJBw?~sg*`->wcsVyE}im_eaLS%ZzNc7#c`gTE!>N0YHpvaAm|-J z78ywTkf1Kbrb(xXpHb;(vU*}x_2V)#MD0>v7CZsen0(~}ccG}z!1vDxSLI5827c!8 zUlcN|_Gy{3Ht>Q@^Qoo4`tGN0u=4s=B$CYJ--M3qVAkSM1|o$@{6EK3gJ2Lk`e18& zp%)=u#1-;Wm>Q}kJDLeNa<#=`s4>4v!~@=h)puK0@q^@4eNfdRE;Sc}^KgF}*^1^@ zpK5)$FqfG-l#N`h;B%_@I_(;4gBiL&U4jK$KU)?`U**brfR$cL9_XGX^cO<{>SDZQ zy|V?3hAO8J^a`GQ*0<$=uX9z}dAnh$D+p&d^HcnpYu+=J>OOu5euY(2SFBK)d9x<=FbHl= z##e;g^xn+-?|Ls@Je%J>53XCDOta@s3xi_ThuzdB2q0z4LT3t z@=o_!;_rJs6W#xGHo2WHZr+jEaB(*qLz}zt-F$dWZim;SewSQN26q~TCeN0}z;rg5 z0GftlNV5frwafxc`?JM6@^Uu0C2wC(Zpmmt-uCBY@?y~+jfdAJMb>Qi@@{;M>og?& z+sWN{L8krDH6X?V6h5}IA6|FK^>DtJP2NG$@4;kh(u8|oAU{>r>r`n*hxB~sWLNK) z=JmR?4e=R$=p0j1i#esa>B%TD-05BVacc$IjkY{VtR!QNEa=;P)VZDCsm^h?mDf;M z?O9byH~R&fy?J5E8qF?`Ufk+wSC9D%%Y)ro#mYd)Oi0HWhx*qgT5_w=Q$LA_rqax^=!#ZPZW;81OA zPgg4Dmfgm-T2R-jV{CPeT3`Y4#fng}6yig|@-k6l3!~j}YNB418LNiOd*u!QJ4u3d zA0fz|N=OOxHl6AHhDig2n+E{?&E zOZ4u!Drn;LkVjSp19f0km*nhYj*1uvi9x+V#vy-|I>ug~9oI{G_*srzmmk*L}}tXag;?3fLU$U9!TuD5j1`CQ(!3 zijP7vf!t(sFp20*Zj7xkds={60us_g9dIm9<U%fE9E-XYyZ|}xSxWTs6H~95bYS1P<~2UONZ_l)}?|6pL(xN zr4diIK&iJ(-#mu{Q%GhKY%~%(E7H#Mbn*E)>0!K=-1UrCjEN331)EViyBT#$cUv(; z=Sjp3G%|K0%x5GdZp<>#ip}j*aT0Ef z2ifx^h_8pk6eLjm=Wc z=2;_Bx)Ui{Xp4GOz>)E6k8L<}A~5YZ#A<9s&XV1+-Z6j}B~a=X75`0R-Zhy)KV<>@ zJR=VCXC@0JP7_aPx0-6YGKDfRE&G^Brc|=?1a4a+x*S#mDcL=f3Uc|dEhNyiPc-;k zKPX*E!NDDIEZRlccL!EZHF!k+YUM?nH#&&KNNaX8x8+KrxI_leVJ`M5d@ zsEPN4vi{W!PfwXhwXpw7AuCaK@P4Glh0dzmA(V8QP;}61+nEhbNR`dhZuN5dx+yEA zH4V?0GNPI%wYB`YlXYr6fG`!3qcR;BD*FJ6(!Z0;;=>T+fiN%ot0N_k4`K zY_Y)~8$QhyAIgvbYU$h(@OoTXy?o0DhFrrLSx6eQUXiITxx>`*UGkEDwBpf}=Fx^J zXzRCbs}pM&9dt_2WDJ^Cb@Z-HiF!K^bPm{Nx!#zd%GOi^!3@t2LkFe??mIhw!Xx=B;Pf#GZIM zkX~NHfdL)*`g{F04XA4kx6Ee(sT|(-oyM5r}@j!(Wmo_0b2t+YivYkj{Hyb}I zVA+9WTTQunY8Jw*!m3DCJW2G40fmzFa02lOSX`#Q_G`eILfyh-z%xN9Krf$#WU!%f zt+%ZCM>X%j9+|#t^BK2<{!hg)tm;G78j47=nA?1bt3q?@knPcqnn*_D9f=F08RN0f z43?v?M6m}bo8G*$VaIq{7qu~kQ_@HRd!+%W3shAHQ7v1ne4*0Q7NfL|dK54-nL0k0 z>3-*XZ$WBVoEloQ7WAW`3(yKX&3BNQ5*Un{p@_tV-o!cm*d+5L#VLvD&QW})lhoZkfJ3S(s!8%4^Wj}r^{d`V1fD1YmorW3 zdjKr-bv$Vihc^=}XtD+xNNMp<&5F0;Qswn2ficY(XzI1BAJRn7xULZXGUlJ>rpS_K z&k!luhzD@5EVJg~WWykMUOHIW49GRF&emFM*3449!E03_aT}JYz8mFwN?g<2JgSxs z-^aGJY=h6?T2OefDV&iqn%T;FD#<$VEiPbX#i7#cYemkEs}xO=^W&O=q;7wy3MRH& zwP&Ybh-#vQ55R`X*c0lil?$r2vzw7U#331Nw=CwUTPdp=mDIXru^r;|E&Odr-ujhx zhps@ces|{Fi)|z1agE`~a|3s?gjz+mj3QW6-5pxyF7q-abzOdVa7BWOZuQC_b(?6t zZV2cx4i8h!ZEiA7IooLE>fT#_sEQXyY{uCI(#6lsJ^ zZNl=L$>Ww}6cB6ynft2{Iwf!Eg@$%aW0H3jHSxqE4H>3uD14aEbY0Ljb3#(7m2_TX z%N;6hKV7v5dON2@GHJQXYR*QDVHHy#+NPk7)!=%^Ft2C)EGr&hXHd2+XHpiKN$Ad` z6tcI15(my5sqRB)v-)6>8`yeM>T5@nM~lvwY2iX0=Hha{fTX49j$Lcbb#+}hI#o0O zb*m-kYGzXBN(G28er>MEuI{o@hBt-6P-%TSUGon+WjsAqWtQGr%UuQqbF_$E)mI?< z9)iHNdAlcN7R+B|u(==WR@c|IEDrDny?Db>74#I}&$t}Nij@Kv2Yy}pRcrRw1 zJu;JGnJ{NyfoudyB=?rXtAOVmF3jPnAil=bA$zfx1F3LYpKXTbxyc&^TCXSZi6QC3 zm4NWosM%w8!#^eW^KE!uxuVdI%r9g(8#-sSujgd=!{Fv_K6*2(7dxB{r#Jn<5d5pa z0ncwRnR&$!yN{J=d~vq`=QSwPIJ_o{Nq1kF#Y)F5RTjHs-d~L7FZ+YVWcH5y=UpG4 zK2~_KYwJMT5|3qxNN+?vV7*XeNamBF=uNq;$$UB-j9!igXrY>k>&b8qi#xu% zxf#8DXJ9H1<%^rqE3=L6#@DbPD{j0&@SVqcT+^Ha?Z3A7PY^7yl%?`0zUH@;NW9{M z)cN$;tFNxf=sK?}lbo!kKsd9-7j-j`%h7soITG&*F>Zq>E-9AAK4czmB5g}7c4`WI zz7`Mc-p2KDyy%T6>Kxp`f6VaEdg`EOG%T!5)aE%WQ0aYy@ffI@a;AZL z2DnnH15w9hL^WKBr}8!0Yt%P7cGs7tTg<5=3>bnkT{v~H=2jSyrRKbWv$YXGu#~97 z#X_FIMcA4+C=I!2N2}ddxnXj0Q+%JWRH-$I> zZX8ckv9tn#2G^@@$J0u%D5?fQ5U9pJ=|)ap=riA18p&B~JTFT@$x7nNZqZl}CH#y~ zXfkNB?`OxZtgT}atr%sTvs?s8)u>ucu0DEk+qEhJ#cU8gFo4?(T{@j4Qsy7E)&6rS z62C%|Rj(=*6_V$>E@3GYz5>Cuu-;A};hRG9#8wXW@a=1ulU>i6%>icJ_SiX18Am0< zTbdfNwdq?IW{9;xZ`-yK$#Ck?EfkIq9I8sepnV`!q;s24fnx}d4a~!xqT6|zUS#4c z>*^P>6DqHi0o`Ja7AF8=U{_SgN|}9Elh!|oTTO93FfF(GbyE!=56Ufp@qN{TfQ^n& z8_=vFMkU7@4~5%*esQ@dp&Y{~PeU&s0c!M2HUt#5eIE`e@8lR}M}y{Om!6%Hqdk2c z`*{KwSrtiQT^C)73**>p6>`g6tt#24X%291XW&nQYT~z!Hs8`6dBFg>gayHX%c$7e zl2hO{Y;x@}$+~38yt^-EE2?ExXAMHn6BkopCtTGtn)s&}Z#_)85mRsuN0|n$t!iB% z^ygC?q?jfN^SgxAY;@?KU@h@bARY->N=Bnim!xc+@HI;#*46t_vP{d4hQ4@l5*D|x zGflNMzCG?51ZY4cD`$=h*d#G~%!<4&Yq;B*0H^2cWt~wxU1_OHvLD&7$BG@-(G2!6 zVn(VoBCOf_XU8Ragd|H5b5Lddt&lq(PcftU=Ga65K&U^gm~U7Ef=N@%uF|x-86QJi zdlz;j#z!~^N>^5En?2$UuL{q8;aNA#2VL9815551W<6G4+qcJu4Lr_70(XoV#%wrP zv(R}9ZMo4cdk#a!$qyI5)Ct|QL}a!Gob?e_;96~lvUQ`%V!eJs+{bzX5@7?=Ap?j< zs`0R&w;uM9B4d%e!;UQSctQrF+2HPWzUYq!TKJeF9UU#^E{y7W_-1%BnF8NG^Z5Il zQUArw5as9bI~z*%a-yX=5aPAONk%WpX#8?AyB*q?tvigcXOPPqdi|9cS&b7 zz3G>RDkirsZvmKBDzw0QY?ymP6TR3Zx3ZiLrt9{K`nxOG-lpadgS)#`M!Eu+aD0qv z9F_jGMRz&X&3EL1EfvohIcn2S+Afa|*T*zhx&y$AFR(dYRI%*2GBKIt5kyHruo7QO zUwOXAI;R+@&p>h6Seu5QjHe$p#dmAe%lYkkLJz_N#K@KDh4S@aYQp_! z_qQjagVR#XGM2_bYVlYBQ{X8DRDF7$M~Uuj12)gL>ebx302m`H!6>M*S2H5gigQS) zm=t)wI18NdFY`57dMwy%t5O=P;Gd^hD^}GsRvJ_=KkLstmvFtqkxOrGa#M(_WL@=< zc=EyCS3>~3Dl@t(vymAh=kt+H6fFY@E52sFssgZJCIXs(^JAyBS%FJh<-Ow~wR}>h z(vFMLGFtz_r}R!kQ1g>^-ic+Tkr5;`@LqNrV<-nhp&iR#L%k=?L$UxNcM3wTsnuT% zY%@Z7Qh;BXClQO7IsA2P@ZVKOs0O958!C&iNQ&55)P+A=k; z1@3>1I$Il|0B_rs? zX@kOMk84Hggm88d+7Mq5XvQMnn2Wv6nFH_m|FQS4y^SMTx+pxK`6~hf-nXO%t+Jh& zb#db0fR>d`b;*)jk~1gg;Ghr^LsC>yq?#AIRKNZp)>?5RDcR1d?!5N?xexA9RejQy zJG%bVqm=GlV6ML8ivWmMRu?7mesXTB9}`Z&%|!Y z^G$|3m}_i9=M8NNfG1Js0no=>2__JHt3bz=`E^AINp9(<8yR>79EdhRTp$qErTBo% z+Y1MZkhyUWU29^#q+~}b@}dW4-2hfqg=kX-O%{cFXMkt(5vAFI#hIfzA~Kam>qN~N z&r@4K2of%IN)9KG2oyA?1LzFTQYaaQ22DaQ6kh_&J_;&O;4nrA@f%PG9IfBNLL8jE zwG?Y$@G7;-(IgUL14@enZZT29YIvu)_4Zy+#t9Y)t3H*b*zG}&+hkeH)*M88rjveP zYsa$KS5R*j%fjffI7`$smsm`Hzzr5O$}Kj1_HZh%?$5Z${p30TM@ijWSu#t&I^Zl3 z8=er=S)HvGg{d}(&>dZiK=_W{nsBk;>ee-26Hu-DouXlRR*3idhBoq8{JxhpWfVZ( zV2GjBd8vDp!|ast&{gDhlU$-K;d_9=*dD~bj_gu)Y*YCa^S!q zP2^W?Q;O&HgFvcl6}ty}sWu;a-rXx-TI5cskn&T2Q?ya2+@?`Y(u@=_zTq-;5(M1R zA+MBuUM&j~59(jA?y~`y9^v7?#4(@cb-%ol-N(K0zOPvpxQmkmSQ&{WA96 zs*RF+C;&G9QLQ5_;!mu5B&VC!?Y$0Hi{JMmmjZ%l$fKFXSie z5?^yx@JE?$>V`N%`D~?lREO|u-#8M8{>e&PykYcRp5+^!68Uw(x+{c7@3h{hou0O} zvr>d?$MdhE3_V3zH>)+he*4XAl_ken0{14RkJy->lcCa<5v-Xd)x?y%v;@2D-_3Hr z49Fkkip^Kq9!GSWJ!%jh{shlm)PHyF6m;5J zUYK_uwi)~$N;lPEvU)MvNuVbe4`2g5AXeplt~VHIeC=g zAC*;)K868lBeq1**Q@6oQKWCPEH12T8MXH+Dzlf@X@HZ>VDr-3o2g z=`HJerxm{Iu6XagYBt)5T&{R=q*)YBPRY2M27IxQoZWN8OnlAD2paP@HmsDC4B4HG z<3z9_FX${sYt^IIwAl}WzkYh!MIKl-+ng7Ib^aQu)?r=^q-EmC)~wlsI$(sq!?9;Y z^JKtzxC(;kZa5naqInQ>FM3Kz8}O9J{K`sb>+O7$WRFhMlIJpe9|YaYo_gR;{4Q4+ zzO)uGz|*-CF%wX3wNn4aXVtrJdb)9vZ1WP)MWS?5$t2duGT+FQjfw;r#0UJa`JTC=BMDbUj)KriXq6UDiE9K#;aks&!)ITQTiG9iPuc1F)H5G4R zDn5x+{85R7HygRm68Xq;$y0AK%^UB7AexUNb{|3Vc@T8pL6ZZ%QziiBP>y-_js5!p z8jGr;%y}YP`bUlANZR z4-(d8R%H1`{qV6$H#|Rt>=*tA{|baBA^YW! zZw`Op&v#i8XOCR{kd`79n>-8IeU<=L>@3@1-)B`(!2TBb68@WHkNm6pX~BP!UnRD+ zsPeCBjQFpIuelOgcnTi=SPFd1pHA2zQtd_{DTn#m2pDse##x@LX%MMYQ&r_(Wy;wH zUS#Uv?nIttsrqRT2`jM(*+3|zCZQX^ZvBuAwmc5mAlqemrp|qqZZhZ3H^0ecR+Tbj zH)5Bq)W%qOlM63|Z1~TLmszeh(QPGDp_WA5`djr+5EJyz`z$%60w(R2FI7Kp`3~kz zzlZ-lyOu@4tB{Qz)fpIMaEpz_lBepWJ09~5FIGHPKPOWC|0}x!E~->Q&p+|B;$?+P z_?ah(MA7%5Dyy`1s6T-B5f<_S7IIjW_~kJ#AJu;`)4SYOs`Is%WvX@@yp1$jNoAj zq)ez^SFvPK&hfZNk>{L^MW)WfJliRmsLoFM2QK8p23sRJs@`M6oy_rib8fs}WV(r! zN%2_}CA;S7*Y9unA3S7Vlr|Hx|DsK%dh=g$x8%zw;ZOB2-N00%7S+ALOLd-A<(7_3 z$R>Ozp_#ELvT~czP4>k9km}v0G)%ps zcRi&GK%YyKE{V2HR=BE+13G84n*VjCi+1B-@UgCT)%)tXxnJYqb^TjKwcBwd#a#(O zc-T4vW(jQKrS|F9Kn2mwqyb~SMQSjH+1XiTyS;#1bN7ulZ8FL?YQS2!O!HW#9OU9| zCvv#F2dY^!=j2{_WuXEI~4V1MVSkm|CV{oU%8gRM;H zybR={q>sTE{$3TOM0Iw~(^B$HW)-pFs^W2$)0g1Q->P_niI)GUWSJo~2Y|pTIS=U_ zja6V>?&gYtD)O$OFw?wJ361?L8$jCo2hyi+Bo=~Ob?jc`6*fVg!-Pz^tWutsZTwpm zOPJ`G8bE)@PN^XxU-3AzI@m*AZ7P1aYC8?IGN4yH%2;Gpv8w5<{);NdV1 zMi9uU%+}_uu%WME+o-9%VNt%6#3guKQB%h&j&)98DxPXe*&Eh%+W8ipj4}Y4`7rel z5xzdc>l=*zXLQ8UgYNgRx1HF-G7%IlP@_-C#g{|EnOppM)o`U~<K=LN-ccG=!9h zzu(FPQk=As`ALd01>Vn_5#wgo;d7h!V=vmIub|VvuU8ABH3)wH0N$ z;rk3BC;4gxGR#e&bJmm1^c2{){Mdo}@BmAX)62E(`(cItz4}rl@&kYqsXA(k&e}WtONbP*BBEBI*8S zd0{?QZgU|pScA261yw^pz8WqsTMC4;vh{;}zt3b^LcO$Ymgp&-GVfFLtlh4Do(#3b zDWY!Q1aN?h4f?%GKTQB2BfJdAu(Yq4(v(f$gZRjm+{*N zmaTvoFGffr;)?RKfz~=F&1U=L`)rR(Nmnf?h2u&a~}JGQ|X{o0$R2$dAQ=4lC zwgQ*&k%pV16gpq>uY!s>lwB<3Z(1JKi(UqhL@8b`lC#vqXYMlx9Zjh>lrd#n3~{l! ze}kD*jj6N7@vr?PuH<*(1ty6g*XyPSXfQn>e_@ls?`<#oX#9^-bxUVp5?uws|D;47 zO^N(>r9*~H{>gO6*Casd#5*VKgv%iRL~^8*J$kS;8PXj=y|b_A-is0`P4XqZtu551v2N;*{k6)edHdg@otm%xuT)R56VK?U^w3|TpgJq$Dw*|G z)v7lY)FUsySVP74{|``6oxSyM(NWF!{&FRir}6h$?ur$ow!XyG{1yWk{}b-_!~M8| z$3j-kYtFf|lwR~GvqWo)E|o~m(kcN};+WsV^79*ig?lNeZVs|^B@^jonYMZ|679yI zhjfg^==*~$2f=IN39L*1g^%}8e&j+Nk(KQiUqM&j5vAU_OKU+4%i5U%MgpW)k;T*$ zrlvJI3HZ5KteomL(dzDK-hEIE;@bg>t;j(e4%xoSi;5FqgK;Om`}rrPtT*})jUmPA zOl7%2K}+_$ zPuBXF5B9Et;2W^G_S-`tS3F@`jB~!JyX)^+?N`{*&ivDr#=yaU@BIk zD0qHw3tUT!St8N<_Tz$;F6Hv%cOM-bTA$9D;f4 ziPzPdpjYPEK9^uLi`6#Gl5C@7O=zVKqzyVnk32EpzicNsa&EiB-RD^;R<(7eZBd_J zj<@FuuU#;FdTQGsJ6kzznL!sDj4MJk?5QxqR~D1;Xk za4CKK5kkv=+Oh0Co+@QA3u zS>64i$L`UWb)Cg(r+?mNECS9UlWj~7%psGB-P3(K78_Y44yvhEF$-`Z15_x!xWty7 z{AKz>fi0RF+O`$~?zOCz651irqJ%vuPW~c z!ToUd@B*y!7L{4&YH4ny7s8!i1;Nl59M(rv+la4=PliqYX_*4qvGHyvUUw`cw_ep} zEgcK=c|RIRY%nA zjIin_X7F46H`dZCo7>iR)?g}1T~CYDBqf4fyt({I+hX@3uO7i6N;L^F`9M!l12myd z3L}XKtKCdubEgsSiA<7pm9QO9iO1EdWZh1jC0Pdy?MiP>l)93w zBxvSF;j&{=%@71&i!ZE&Ndr;<8iR4sJ`J!o(l68yKV5bpwUz%_AuJu%i7YEE)yzs@ z>VrY)!+ljpEIcmujhKH^_nQC;9ago2>*}Epxl(4aUPZ)ghWQU?hpK@{?zqcG-M!THbuF<-T`Gvih+aGpli=7Y zp^}53LTu>aH5n~^KP$P_R~*mqCGIa18yIN{1 zw$PdzI&;=_@R5+`UH!UOXNk`m0GG;G@`)Q|S%_pEI!bZr+fx{wM&3fSK#{g$&kv~g z9^sak6t_nu0I+?FCQo)wmGZaq1z~(RoJ&0Zttw1#A>Rng_~CZ~7MFh&h=ZkWj7q!3 zu+avqywHDG3N?L&O(g6eBLY5g4(+|AUhUT3RjcfS0X* zXp#-#4nXseZsZoAN?Eij+2#4gxx)Zsm3ee%Mh1h0EtWmTP8Fz1V)D*N)J$hFS z)7qAe)oByx<8*S%eo_B#9?e2_7Y(8Z{4tu`uthZb98H2CDqI`DAQoAYRSipFEUr4<+P^b-aIfOxCyq9nvvBceIgB zSA&nEvr52t=~_gf{zcCu6Km{{4*t;Z1i@%>Gy3y^;nL;h$7U`NiPKbI`@v!i`1u=j(%enh5hoJ@6j@nTnmXVyOCFIxA$1WLiKpGk zIni*rs(~kdr~{39R7}37rY;{_hiUF{AboP-qjg586ES-Q7t~9lrn`;G%7YcgN5d@ZDoW7J)+@KjM^94-;O(CqH@?E7Qi>B9-0PKI-Jir@6#0JI!d zdf3dg=lodUFLTeP2Z3l)m^^TCuAKsxKm5>={p`5~Jmm&+cJO7}B00ed8XS0cVzJ7d zjq2svts#}vUKhE*_}H$31L{m(KM4LF-K%@-w2ddzLgcVgu)ACXDM}A4&Z=eU(JUQF zc9N+qB^dXH`(0NvR7I^Y;zU}LK~7X-rBRi6RVX9sE*eK)<|Md}5}c(D!P&yxp+p_l z!O~$h#`FH=QcXZC5`p=xli_FfU&Ck|O>SPNnxE3T>l9LdM)4+H@wVb{m5Tz@#*3eS ze$%dV<3(=C1HdU2d-MSqcs|*5%}do3GN|R*%nZ#p0Q?CKTP$sLs~FZ;9nkA%!P2=} zoVC`qK!`l=pAb8tn0}Q*J7<{BoDNnxw8ca)&t~^<*XCY~_JQWQ(229X0&1F@I z#SE`(6J1jGA4lWS{rzY%oWJg%zw9bj$NmaFI54O*(L#^d*fuW$HQ z&r9ifk9h>0#lCtuV`+_5ynT^gPFwn-=APp&ZLjWt$_~~Y-VLK(tN#>Vize)0GMY}< z-SF;uIHNd+S`>B!xcwzw@1wBqJq#Q{H$U{d=EQG(;TekYv(xTg{`f(TVItN?g% z(t+z+UQOgvmM8I(jB#20H9=3y$004|XgFuU=sNl^8s4z$;duHv2u3S`d*kFRfQTe^IiF6BFV!LO zR2@S`qJDdWkJRVU5Tv*CjUEDCGgsmEH2YA^Cf^jMJ?)ZNO~)@=r>qLps?CTMqt+ti>c z<^rG#kgg-H+$u@SVuc$5rXv?+M%j|}iTVG(a9Yk-SN0k)5s+NfpDtiqhLS3`~K|@-wy|@OEElu&aCUK(8(p52*H%I6&M_?PcUqI zDx}GknVUVD=moey)Ki$!RPWT~`T6Dd?|y=AdG3hkzu2(IXVpMnf2OnrS~)Y++itngHE|e zxrno6n=LK_F)m_hjxCgg4n>2t3ujIWXeT zN^5t0N7pANg+tD)&eS+5L&i-v(Ck(*X&mSto(V zByU*9$~W$)KBYsAB4xQ>p0?IK7gu}C^=>#De2gZG=z26BExv?o9xX=m57A&Toqb{d zc!<<*ztyYk|KUU$sPVek(51)swKkDnH~q7b*-2-?PX_&F50dBW!gqk`#*!F;ZNZSh<&qZQjbVOQiMF~}AnAC9<1Rckbyspxi@4!V&NkXBsh@o0K zpTjV;ydMUE$emqr`^Mo=iT9T4|tp7`h=hQdN{rvJ=}%t!z`K%h9Mg*qVX3@ zni)U*=kV@&`Y^kF)j?|aHNT{)Ky4+pZ*XPGgI8tHl2^C{qPLiX3Y+k!tCt@cJhu3u zTJ{DY3t^J7R_r$$We$}#(N|Bdk_QQ-OtohBnu&LIBNhm01F8L(ya*ml$rc3iv#v2b zrN?pDnu%vnbdVNiHL#)uf>*$zj(92)-s+ZRCccPcmFN6%W zhw@1zkIJ%5%Wd(U{;Q(|KuU^M8NA#RrSp*J#|%=KQ%Y#Yh=@~1a=dz=o>v5Jsa7xv z{l;r^i=HXPe}$-enA{9!Y%*no(QNQ=H(w~xGH0VXJUpGTX!3?T@7P_H$b48TPljYBs4&*9zuIGTM?5054{ zquFq@h}Y8?R0wcc{Cn}I5CUSV00frK}YmyG`XGI;VwQ7zp!XFnh#ktXVHX>?(T*+ zqi8X-9T^Pue5tn;x93h-#DAJcrM@M~ZjO*HFMsxF1TFzQjw_NeKt zEAO=j>8{6&F7cgtH8DWed)$q2aTLxT7h$L5U3yBfE>u<#NaB3Q(_Plk7SYU}IV{Q$ zTFhtzQVlrWmG0HD{-^(*=N_Y@fJlm3UjQNNX;D$dxl2t0XzflvuaV-vY%ropf>7~7 zOH5Cyj{<7(uV(JTIdpDiKZ)z0o+4u*sz>w>!MgVqYX!3oMLs;-+onum=SdLg zeCDXeP4XJzWJ`bvVwZ)y*JV>ogbtQlt_Tlbg-q(xnfa(hBH9vtvk2XX=N7 zZ#IfTZb?{Cv>W2>61>V4DHkKUs1~v4Oi@dRo}tshpiQ-UzA9c<>dczo9G;pNafhl1 zpUE7iexPdU>0#IZv>5sAF3WlVh}_g=o^yJ(R7y>1^;{jWnkUagbkomuyj+GoYk{b- zr$V^CUXykj#(tbYjQgf)gi(|o-~S{4l*AgerKO7~ckMq+3!7fZ^9zGA?AB|f{`(;? z)=z71XoI^Esbn%n=l^k*`-}I=sFj?pHwuxL-hP0R|M#fE1*3^hLk^uwN{jX|3A&CZ z1w8ZWQzi;pT4D0U64i@72ZR^TOg#7)>M%Avs;L9n@toH0Ei?Bi=z`4CmHhV^t@_au zMb^T;&_U38$z5*(H%qVT%fdaoMVwf*nUJ7f87<6UHmVe81U6=rC-zk{6FQA0F5Yqh zrhU@+{>(CrM(zx&ugvk3p$@?`n?WfW8x++r4ZD4U+lNPtR$a8=qTEf{S!c-%Y5wB zMscXZ1fY95T>9N*)i(b(BhsBbU(9^HNIQ|Fl#@42po`nvx6yU^FLJ`|hhMqsnZC|S zi#A<3Ilww0*-|rqT-IuYtdPuFJ50SFz|TnW)Cr>^N%CeA1q<=Go9AdfnLb7cRmHE^ zv(i_~gA~&@IGA#fL(AHM$h7I4T3a%lYVZTt0q~Ok^aH?qm$i=i6eL5z%rYcSw|ZJ3 z%)GK#XN-5WD}W#9MHJz4W$37*f!%JJewuE({`xI;M?Xhj=P_WH|NF%62mDi>&duyD zA-CFpAb+tjK{w7nbjnE6aOaK4h%Hq~NYUDMuJ~JT`7XQsV(1s!b2MI=H!=W8sH(@cMKCLQ zw@TNwx45L^`<;pnKhX#nO5xXTu{DiT9YPoes{|hwf$+l{#Rzi5z#-S6Z~QHK5wSJ= zUgWzU*A|mD`kL;a@3XVB%THN-I=3&?=8x{tBqrJtb*U#+ShdXO3QjUTUe z^s`W!ohOPhg)gMxJ3+EPL{g&-N(=7bFGACJJ5Rqqke`*xZ*&mAYtej}rGt)Z8_PK655YYBbc)O(t8Y*;`5P($2nL-Q zc+KSDO$ajF&9n>l+5n34-g|O4S5E^3AF+e3sv>~cgX>G{6 zKWnp?Td{>P!yU=hE!4vr0B57WA!M@nv0aU`PQ5K%Fm{gbw)EGeF!6W+%>ed5!aEMM zC}MIXlyC2S$>7zLs*ScE5SP5HDUo>9H>p>@oHKr}o*{j#(h$%@hA)2|GGyaQ%%gq9 zaxm)BI{uk@R+Pn6uXcTX{@W!IQMG~jz3CG-jjF%8%I6?a-Z7xi0?K*8e2co6$V$jf zM4iNWiFIYSE|4x8X@G!CG}q+H0zVMUhd1?c#qBPvAZJJ!zcC}<*>EGdsY5M_E_35r z#T^Tfa#h#gmQ#r1(2})qSM(^Lyg_3fD{PYe3CG(2v7HUGv8TdH>1Oz!38z~W0!mrH zRmcjfaW2pulW731kqZREz?Rn^T@BI9a|2CtNmPsAZ>mX_)xn72HwSlsGB}S=09oEz^e1Y2sQxaP$F+!Go&}-v%%w5D_2NEoN^PeM^fhi>}A;;R@t9;Z(4RH_I16t8z+g_v$Ky$NH+o*U~~kxGFF^Gkug(PT`fa7^!H+S+t}K zrTt8UU&>Qp`)Ht}<`sBH`{ql#)B%W~Q$_)tpsl;7eKbjoPDYI;$PiLH7}!ODJ+CuA z6N;f6AReS&yfcL z3;USyKj40u9Ma;E<47Z-f1)EwBy!Yt+~^FKIQCT?`RYqj3BZIPnu|$&`F6rH{HQJ#)y3-^}6Hy zV|-PV6(Z-ACgp)wphOfdl$tN>YYse*fNKZzYjVS z@svwdd|~Q@1cSG>)(iD&y+}7*9!O0+xw%49y{~(G$a@I6Pfb!aNyWPQY#6Re`V5fV ztO0%UhtZVTko+#V_N~(X1^!w2=W}Bl^+)sg4>?9uu|Jy}t(`pW%ndk$k%%pyhjX7- zA1^&rvw(&XL&DNsdGzz(MQ%$yiWkI5*X|i3!WO~oaJ!WMEk<-n!p*aFt_t>B!Hk$h zG&(RF@UF;pgGddW#M5U)NI-_$Fj+p}xfLx8ZlsW{Qa1nG-Og1|cgd9UfB_n`{glT$ zJy`}fI~<2HlCFE*0^GI|N^xaiqM(F)sb&SMd259XVK6kpzbb~Kg{No&Uc*yTnnv6j~J@HLe1T&X6OrxWY)=HViU(Q8T| z&>L?x0 zMdA;A99UaZdv1K2I3PZxd8j?7w7C5fEazuk{eYzmHU zUyZsk=f2@W?$LEU8DWaz;?#d)9*r3A!Y++7Vu|n#bBC_(>{&E*Y3__!J{Z$^JnDhQ zd^>;7z|{gd|B~}Xp&_$E{nqAR=Byd9c%puf<$h^f@+Sibrr}c|4k+ai2YiyH>^JeH*_|t4GBO;) z+CswG!1$HG49gIavqT2D3=f!zT1l505#a7&ZiP0XinEP8%S0zcYz5KpmS)KLo=jMq z%DBv5DXD_&?N_Y_(~@YH%%#;a3`11ZZ9;xf? zHC-6R+YXs1VM3}3ZFd#2cu!f2ANH}^_a#epc;{=9l8m-`popq+peQ0x!2i%EF#nl_ zKx*5px*zD~0VbxT0O9lfjqy?j>?@G09n)-qgj%|Vq+G3KppOS^jPZcuIKn7s`@y8# z`_IH}-6*v@EW1-DcAOg`6HnN7}o6sh!bFFUfTH&%-_iR$dq_ZZ>n-zCr%Wyk& zOqc2Ekk{`e#EwD34`p^*sF;AiX`9_Ht!?AFbNiXTP|h}pgSI4=b?TM^$wX4ypcu-d zbBDsl{M!T~fbSkUowzWsMRw>DwCRU?;-0i$ew_fqTi1k~og-H6F9G+2ZqF)yRx#6# z`>8q-;BynhYT~3r*wg2`)6{jJMl!KX^x9HX4sAiFkvum?IGaMTX1zJdQH70zEqxG zlxo?LG@Q0uas47c^}5xRY~|Fu=HEXa4w_G#uAEECR1?Tg52+Z0oEFp}gN2oO7M#HP z?R5685)NYaOyxmXdh8ecS9s_Y_41lFt86V|hv&B6kxe^^r@!yK0WFJEK;x3fwgiV~ z)2<&P{j2z*wt`kJD>?vr2w!^8JDlp+dtC4C89KDJoC|zgthSe-zk%wcplW}cvG`Ny zNZ=TklC9|hgGL3me@%iemQC52A37A2c|QJEeg<1ZUwNg(?PQ4nnC|6Jvw!s*_FdNP z3a7Qh!?;E0XZLR|8-~7morW~U0aTFZkfHkL;<8`&n26{au)DCP0}pXTt8+9CKy zMFh4m+}+DA{{5I;t#F+05Rh|KcHace0*W{VnggDjXW|f67#s$hHZ8#E z?08rwE{xh$t+S6-=MVuA+{f||n(`iSsf{Q`{v(Kj!7(@i z-aQ`!U>ts<5Yn=slL*PZHMN0X~)JHWa z-pY^!6^TH|Sz&p)5+Pxv9?LEl`1^_{aSRw2mD*Bk%#AW&qM>{v5HNTrt{f=6pU>mek|5@r}NzGIC{)m&KWu;$oRKeu~O(5 zWhi4t;k!9U4MIMF|3EQF=D5v$Qq8AoS8IgE!lzp%kGF;l(nZ(Ci@>mBEgW=us8o^$-)N6i`o84h6h9 z1mA|e`9#WQb{c#Ir;2u5dc}2Zpz{`2zLFJO1_C?)SMhVnl4T^E+hs`@cUTfKxtO{3 z7nHaAJT__yuA7Dl%F25lH*fjcoXWzY?MIwoNfc=u3B3TKa=49NoTO%Pd)y^YcQ_PF zJsV?g>0ln>8!>Ck?@rXgkWiSAP=uEO6#9bjhynEvNp&d`Ye9jr>$Dw74c-w6Z$mzb z*CI^>{|-b0XX7w<>*;1NRa2}U^-u7ch>*ZZwU5X&BRT4K8!LT`OgDRR%*8sJPnYLj z9_X&A&?QJKCIDGf#$}j07*EAjf~qJ9fEMmbn#WYXz+R8EVV{V6(m@M@3v`lv_l@c! zcGf^b)soNCYJwP6FB3f1Z9(bCNBztHkfqdUmpfleh6>ob8P>tO+8s$(4iql~{Z+H6 zbr2-R^Uy>2JWG0u!y3QNd+Ffw-|h5f(wF#3x~6WPtN=luAzh4~l>2i59EX@p%B$l@ z9aSgz2bqB1H-({WW~6WB<^&4e$(13;qt+dnH%dBeA`8~TfvQGb+x!tYu0vZ?Fv~sEX}ZKAW@8@bT_p3#A#O1YfD z-ElYC-T&A&K6M^gK&fV^93C35l7h#gK1A?J)lk1Yhri+u=J3Is?)MoJl5?V)DW>bC z8N=nG;7Emck!VWYn`^skxx#j7`t{RJXhW%4d(_Y+vkZ_XkfucC83|*2%efR|XJb45 z+I4EsvRcLOBb#^~(_E_w8e?lp^1eT3`EKWSe#doXw6-mpgUMVI&X5DI;?H8-;QQ5M9~euUtu`!U-6#H0Jly4NkAM3+t`xkSk8|L^pa?5qV7-w z%S%#**(ZAwckl44_3T5Kw76!+#RD6G_~ zwan@Q1&YP;G$S@MzHIqQcLD^@*j3oG+BX5#73Gl%=O9?~t4Q{PdC#cN8^0%qX9W2+(!q;REzi9Pn1m++`!GQW}0bKGjTLU zZT>x<*L|k=V`dpcyX2JkctUpSB76e6KveioG3H61TphL^D&59Rq2(dEUZ~~%A}i-p z)hzZ0YT>ogwczXh^yx&M__;`+eEzrW`1jhu*iu1i#kUlegxkl;#8;oDqcgEVl_!($VrS;5I5AA{XgL2n+4Hz5k=fjHa6k%$>uGm?*@gED{su!l zy)HuoUvpc$UY=#?K&(goCT2XncIF&i-{L3UPEY7rgi5rgH&*GLSNo6oj$C1=5l@tO zo-E(Xvt)Nw5Fj?^4`h&m=HN165{&pM=w%Cw(!dh)1NbDw{a4CN2AWfo#YK!tny={b zWSj07!NqF;ft>QdGaO)Bp5{4oIR^EUx|P3@nnBj-$s5OHbI3~k`db-o$Q8wK=@jZd zDs8Z{Jl+#s7%V{|u<2tvKP<_5ek?0tC-DcQ(#$mJ4h(fanhwS%Gt0i%R~%HwpM8hd zQ!!`vIsALUkd!USzp-0AlTU{r&cpWSY#N&mWbdP#_FeC005*5T6;F+eL4ALb*Oh&^ z?+XR6pM;bjT!;Wc`#H0xiAgNs7~bWd)7mxWc7a{z;lCMd%uX;Puyrc(IZ_r^B+vQ27OV%`bnq4+Q0Pcc`(!@VPqqu1~bdiZ0{Adat`p`s<>6z3Z4}-t{5ORLc^Fr@dl?vCR>pYdJWPD z`NHo8O)y)LdPaqfuRoRntux1I?P;c^UZ@3Lb#u^Zy~PHVRZ_TWDRx(~(ouTqTb!am zQZ`4bG!r!RGJ9Dyh_-OO``rmOdRK%S;KmyK5PTGhPWgQH9x($@Yob4&IPERyoM555 z<-`;0=SQ5+ z3(vcyp3wZ?v+Dux6w!OQu>Ek)C%Kl^NO{JtH5+*%u zxdXWwQ@Cp)i(R|-qF5P#3uJpvLc-i7c}tmLmetLaW`D#51esi_^(w>I92Mm^lgm&S zyLS;TogmrybqUUfdswyje|9vytS5bB-5!6wdsLhrZ`7Ggbr*W}eC|Hq8^eRDL&)+> z+=x+j8o$Lh2Mm=)xSc`w5XTp)k01K6@p&kVx7pU;?^v16qgPhtU*XlWdbkPm z>;AEq{B!I6>@;tDuIXxGm$SN=zT)UQ-qvBu-c()!x_G_Mqg+wCyz;Ah+D@^&j|nZd<&BU)eQTQX}|Sj;2-{af{$S^Rwe z6u4kdLoK5Wy`%f`*}e5|n5E47_OqN@Ck^8S->mc9AD@a_%V+Z{r>;hqL(%Uvc^}=U ze=U$rt@GcOd;z1+*pR#m-8RpFEx{Gd7v6d=3Fg^88r4Wcz~d-pG7dN%e|1F*mmp>` z_+wGJf_oUO^!}+7y=s`#s(Nu4RNl(t%NHq@qY<)Fu8Q1CL(A6_wt56Wo2TJzu!(#B zq^(fD0c~fWb4w%q;JT7-8qNqdL?Dy*e&to$rRjpS)4dd%T+MW0)$ZO}jCuxD%-srW zl0gLCr-I;O{x<`qY5LX|2ZlWk=2*p5(+s1W5sBoeEAR&Xg*QLfrw@*~lNnJTZ=~ng z6u1<;l%A?N%^tAjuet9FX9N!V#mlbSZ?1nrnObb1*^U%O*?Mr6KhU0A+R%Y#>}5dZ z#1B#PVFR$nep+@W9JS{`aLW9Gp#M*D_*x`=Le;+Hc&V?Awq_SSZdE<-3oanWLp~No zaWm%6^hbFUXq3`{J35vm?sNBdA)7eItGI0NP+z&E3ln0ckb90$kauHiS#|aWxZueu z##L(>P`!yYU0`szY4N(BOnE7-mQ}|LSyHrFk)%{U-$)YdmOtk&1^8q%Y`;uH;0)E$ zue6KB7N8e~wki8jQK+*Drk z+a=pr-aY24rwym8^Hu9r1e_Jpca1+r8U%bdmvdhoYcl{+ep(goCw8aug|jG!W=i%s>%wJj2(y#(4YFRq zC~gUMdISN6AAj2)Ywu?ZJRi=E?(dKN5&VG6l%1`XPdW&_uwiTvDSjjL%cw0PA-ISz zg4XYT+mc-J1B)O7>cTN^#ORUR2LsO^P~R}Hz&-Dn9_(1K|H2T~T!wQ&E{nO>=(w(5 zbs93{gqhQ;&UX$RA3PcGYXdrggIhBtEe)r1i*d!mXj{`E18rcex-e#L{w?*d92o~Y z*CC0bxzT)e^b6o*@tX!wPo zpKnHw7NdMTQ6n^-8s1scVv+O}+$)7+(N|>8@_ti~C#Fyg^|N#9%)gUCvOl`=)#>V4 zD!hd(+2qIff=!kuH(glamOs91T^;&SJ#}mLcMO@m%^uy$gKqqZf1;H<$Q zX@#b{zHHh3EU@JMslX7NjR3!Q%6Gv&X|gw~C$S6MY+7|Qb6K*r=yT>worG1HYqtXf zhhQrfqXivj1IB&Vg>$enQ45Ohnz6p_$n}|f-i(>PfREdKk2$x#+3dH?j!EAHr?1C4 zq1kO7jUf*4sZTWRA(p|MXvgDasIhkmT123!_lE+(E{@T2wXKPg1;DH8kf9c%Thm*g z`KOQlYLa>cJH~tQ;_XTC)2#?zLgkHx7u>AYKWX|G*w=E@TY)q?W^IVGc?VUH_I8@1 z8uvKmp4_x?rMSyiQR3Nn+(w%P=mGWC0!W*G_6lDsZI!6(s;56{3=ZOR#cS1Ss}b@f zIJ&v;1g~pNdmcGHtQ-E7d_go-*xu89;kYkyC2_V)*4Ktp(C%wRVl6O|4W|1oy*1Us z*>X)=EUkO%ro>~~4$zX;vK%SROR3-z~5%@<=mt@Ged-k?z%5~ysa%r+%%SjFKiSmAOx^S+r;+tU z2=58%5~TqBmNO<*u4+H5A+Ti{a+h@oz6DEZ6JZTY%Ut;HvED~*JnF!t;nuJq;ldCM zatpC+PG|C{T8rwfg_25$UUbF0xPT+UAvBgO65vr$ z!}N7YVWqSf_A06XJjGHzu^-mIuV~_Jc+*$a-z036^CceHuR1A)ksx}=r;>0=0Hy5C zF5J*O!y3mVi$N{jm%Pd$kTrHFl_)kn=d!9i@fstR6BmNa3Etwk8#`WsD#H%6yFcto z-M}h>as2k-P|!kM;J{19K~=}u5wxI}YaW7LKcrnliY4Fnq6$h>M#Yli%RXYn^JPcI zL(+5toq&f<0YI$zsuSC-6X51sR-|UMnKswTRF=*9)eluf3=(KYqAd`SStKG;MV4Rj zdJT@sg*E+18nz9_`h&%o1FIlrF&mS|v=&hl7;3+;`bz@G4J-ghho#MbwbT)J?nDw_22^M#XhsOJcI33B54${8?(K+rj!nD91ut8 zJYmO|ENgWOnv`cL_5ld(*MyO@2h)X>!RP^x>ofuss+rX*)wfSq#s+`_2Wj|jX2Ae& zKFaSP{j}629nE>~L25gI@4v~KL}6)9e~I>wTmJ<}YLF&9QD^3NPQYGUxucke%MSt# z&aWxZ01SlVz@dd@fOWJ^Dn#t~;aN%W0{Wpw?kt?2cGaF+*NZ<7DS2p5qtt;EokqFDMKHv!9^7 zBZmx6etsTZB?u$~)HqFUt2fGNRDc?%wPHaO&{7F+ zFkPW&B$utmiX&3syYgUu<2LnRKtFs+r~C#u z?x+U226WuXb7nphsW$eam8A3H8fufD(1DPkymHlxJi%+@~ zQ|-d(Gpch^J(pQE06eYanCrJJ&o!jnv-liS4UuOGfMk~%Q1`Cuyy<~k)x2fPDzm?-TUV3$H#omVN1)HGQqEmxjsc=U3#TWk!v&+Q`2ZLSn7J6jk zcJQ)JjE=P)o-Jp7W-D{ET3&U$6{t7^ z$f&8g$O~#%Xb;Fr^uWJ)*h5{1xBIVD!22E5d#tSR`IXQdUL&^YSOM(r*jXzVI`>)& z>{*U&5<|#|q>rz#&#JtQdGrEjf3{Sp(llzr;mf3?(_g(bGV6|0s|)Q#zOh(*L=rd2 zL(P^lyE)^poC+q$7)`5EQdt<{glqK-?X@U0Q*l`mI++QSrZ3QxlJH_&@MFQbvW#ou zZTbiz)|7DSS=b64_PVTr+g2&ZXqB}fw1Qodt4tEgkb&VyalgPGAXRh}y-yN25f5y| z6x5O$Veap3a(|hgoibW!{#Vj_aqD*l;KXK?@*T5*?i={EGQBECL}^&>=9;8txH_Bn zN=Z6*ZvzL>97fEJ@w~4H38*`e&ygu^Y}cp*7s}>A|F{}Qg<2KxbFk!G-XiPBCMy-L z?LUpnbFn~UDI%kP)|otIU0QtIxiYPf3gpOc!Hx-!2Q#JK?lq*4{2%^$>`p0 z2&D&!scx+Zg=7Tn{huba2w&YIY$vSACH^zm<%%`DQ&k5u_N$52H?A2M(q9Zz@Z;2` zjQT6k@&0y_n)8*`VK2k@&mp(iROC>;T0O!#VPa`|O`gcf7We=5_zt`rtR{~$GO2zL~b5_D>@8kro z+zVJqD(90t!uu?XQJ>)>iJZ~9Q$lNef~88xPIAfB4BuKZYI!lY3gJY#Rwova%pyw@ z*Kthhuo0EGv=kK*C8IK7etg5&SD4bPD43KtL~my`q~S*mvhztUZ6cFUqbA3?+9biB zv{&dq4HMbRAhu?CDD42p%_-%Q10%!yDC^354HmPVrD&4h89Bftp>Ew8)(& zIdIq_{5(nWD{q^~b{9*jw|NF>V@LZ&0^fiSz_)pi2w|$8GiyvBJ7b9S3tTzfw#U|* z+y=V|$+ps)ul0u8HL{eRV0%TY28{-f9*Rha7t35>GWbnmN!I;aBxEZ!ouc!sQj_ss ztK^h8zeC?)n43ZqcZEt}AQe4!HJEr}Zcg8e0v+3-w-V$Od@Pm;uW(#(l(be;XsT z(^pp)%TPUoN?sR9DjxNs9U6}dgGSi&g^x~LIes<3Nff#d!IBrgDl>#xfMrM{<=Im4 zChjM@Y8xBV#GAGF@LVB!y^2B)zjdLdrEX(vG=h@ZK>7Sv(J{?PbFrI*){cV>{9UYc z=+Q)OY#M)}>Dvreb>B7WA+4M*=p)b!wd(0nQ-e#2_vAb*go!?6L0jXTzS}6mey&AL zvmk47s6zXR{=TW$#858D5E`C$Xf=>hp7Hp~qHN$Uc`*Qa2F`2D!`sa)ZBu<@2tSDq z!g2UYt>AOhAeaI)q#)V4g=M1PRlh2pGdw}_0fpRDb3c5>kul;A`-ojb-tft_p_W}l zK9GWkpRI`;yLqz4ghiH*E)SlGf$8!F%tz*wm`s$?gyVyKolyNNC4k=WZpZ-Ca>f-qA&a_&=@MMK6+f0ZAP==17f@A`+0ES)9 zSu!rVvLJsQ={ARM{rK$*gBj%6^={45=RB}ix@U}7|2D8|(GDGp42u8~X z$FB@l@2l^N{dw{Vy=ujL`dHX|k9?W+KwW!|=Dia<(v3gU7i$Z~Zq=I$FQ%vNf_`+o zFry1|3jDy_nLUg1iccrAi(b?w9a_rO%}5qoLMl{K(0hc|pM7fQcK?nO~M zQmDNy2A_z%8mot8hwyn>hR5D{Nbq6z_=OAteON?|6JGmxMI?=b#%SyK{GcrPK3Z;DHM=OaqycoyFml`o<2 zL~;JcIGeRR-8CaYRRezG7=t3MFF%FIm4mEb6HmK}si8#1DkBEbtb~)n1-c=j9ddX} zc)|LL7Ta>EK1;DbhnQgWw*wD_o70g;)TEliX3^Hw2b2!y(=k2-rWH!m&SN!}GHi6~ zppYD+EC(wjIMNuoatY(muKkG4*jpfQ4>#yOv#`Q zaG+^^P0nBs*{Crez~y-3iGe(n8J8`TuhPtm%pw9QS)zrceq{aD1&Vnw^iQ)5_6lW| zrwnxP0dVNJ(Kp93=?vG(P&3knjLRDGHOf=g!I>!Owzhg|JQcN6>f@o7~6%hc*nAC)>uwTyuns(a({|9tg5 z+wL$jU=#02#h4g0CuK1g=1&$J`5VETT+a6|cNE>&P;-9y?o*`-cx98NzlgOoa%}It zzY({EwJn7e>uA$UU#{HPS)QK$&AoCa4}O8JHCbo$Ex5kJo^Uk8lAiz{wCFxbhIULj zwDXfaKe(Igk-1CgPWFt=DAR$y0IakDdY7A!z%ye{b}R}jBfig(0sDFkQKPR@FScw$ zxm)LM1>heBCD-Gp0dJPSSZ(Q869Wv!EemH;Cv)yF(bU+c4DGQ=S3I$N(PS-7O(5tR z4w(`PCH&!=uStZOryIOtVghf{i^T!kMF#=xpXJE&Ny0R7ZCG_#o4&UO^}=*ais z%gzYXONJ+G>UG_+X9&XW9j;FNoUvv5)@_o}@&fxo){mmGI;Ya{n;IkNMMh2G`$KUX} zVrJFonyR#mdzwk}HFzcfzV_V)rFDL4JPusY0AS>WsOY>hyCb^(k|=V9K%4zGi7;$jb8-r0x~*houi~RngbL(; zr*wo^%IiF@0Yz(O36gh7<$%wR^KJk`Zij77w zT;)T^7u4SL-pvd_dY{s+PB{-mv*GeO`y z=d|Z0$6{nxanPjF9up3M@z@r`6Ts>=^HvVe8sSe$%F+n1H}pr-hOMbzY0^z&jfGld zymm@E*BKBtGcTI@c3w+#wtN9BbSi!kDl^FbuB2AlyDu-@_$Y<$x!n}5-AJ&TUr!BS zTkM_U-9ExHG+nOK8R%knHe8kp;{0r#dJddgQWO37{mBu3v#{d5h}O;dt6ZFNtD{#Z zzk2hg$hA9)G; zu}`INQ)lKzk4*}?ndmPXAoF!RITBf&R4~^CbzgoF!oZ#uIx}rE>4r8oK$hDq1Q&>* z=7+CKX<-R>69ntHy`khP?y!?19yibaG8<68-9PPn@5DX0V=S7fVo7pk0G@C@+E(&D z5Fu>T(^aM(u&VfO{r595Fg-x<0$2oeh#(hAK7xnm{=Y=VwwuB$8EN#CYw;1Cr+u3A z4LTTcC1@tI#)_?OVD4=AiW#^XS)3KbOyw37>=UaycnASO(AfzCkR(8$(Psc$0}Uur zA^C!dv(Q7S00U70P$(Qxh(e!WC_v&DEp-UsW_GkgSQvUzSB@;4_^a#xXr56QGl%LKJZYwpo+e3i=J4$U zL8BcbWpjD6#w$OV=^Xjn;CdC6*ws@ek?P<$qz6ODMS_*d)kF;|V2PZ?SBMb03tPx^ zXkKevU{^s@E__SPHF8k*ySnqEdC+=pOk^=ZUAZy-n7inm;~g>lt~EKMdTf!TQb@nz z889@9Gmulx>$D`U=#Z(xRe^I=q^oy_a|Q2Gqlmh)YevaYT8~Dw7*kZ!^b2DoIuU2t>=w7W%F7j z;Q55i=_vcTUZ*^5Z0cmVfkTGF#h;aRNvqO}az#2F8vY4 zE?7kOV0I$fI<2WS-uamby+Ix}V^pVx@nv~w?ijH8ND3Z=K&Uc-wtUQHO(9{4)|Sx4 z$Xil`A}Cs(Uj8*N1YM>{N@Q74OxIb48D3Ad1fSnHYls1fdSHolJ0#@jI)li3 z$4XCZKDo16r=-MW?8X#>+!xZB*ML*48mqTp`YQ*$pIM-L7_3=4=|L>NSruu8da%Z& zln`n+n8Kg?BYwk;+{P zOkDc>lIULNf4T2EbWC37wFUv?Pviz=1lpFQzOZvuZ@SOUh9&E#q(#uf=VeI~gDP{S z+R9&FR(SN){=JLp(Rz&5IBAamncy4qCRS#nLNZRny&Z_*{^=fbWlE;TtKZNm`x|`O z%ypX-YCUbDRj+R>$@VJ3GcNSwsZ(9#aUAo|iGqSSr0=7oEGQL*1@LCQ4v;3ydA!E{d;@MyQxU;*5^jBl&zeB}mPH&Hq^@y&3@H)%s>=FJ%<|1B&3=jg z^m9B1)9y8*-l_C+&ws)rp^+L7|H_Yy{giHNhBw6}RpH_nKu^=^yLn56cwHnU-m;aOSo;0=Rj>UL|XwO6S)9EjWUK}ZL6VU53G^^sk%Z)R+nU9Zsw79 z@Woi40C}ZiU$p-6Zg}OrP+M&;0{|&Kd{V!8EPNDMj{8RAIeqHrcmAw7>evx-qbL_r zYgB)l1d-|9iWA*KoH_iT%Z-nf*XzTxej`I`?( zk>a}ilax}U|2W+|F+2=_`dMm_*y#bu&6{5bc!JjNwENDS{@^*Z?xMh^m1*N5N6di4gvGBbN~A ze+7Lwg2(w=3JxnFYm+{cLQSM@0K4_uq`#nHoAgC2G9k~sNan)%eEK_|iL&5ra>`;6 z$c+(r#DxlNGWcgn3z5l9bYAj=$t97u{zCo}*o6A$L`2Jk0nyIsOpf!M#y~q=5C7je z;dxHWHW}W_Gtd`si(Rl8O=P7J4e6Zb0nOy^5tsihGhX1b;O|`SpAlV(LTXJTk%=G> zZ8)8M8tE-D=8%Qqij@i2kEU|5X(WGH1`DZr8O)by(I$h87n!8!pjdE`0*x0?@+Xmnu;E#a~X2d z%P1Zf&a#Y>3nt`wn2K2PM0s|S&$y5`b8JoVQCW`+VxHmk=G=Hc^JE@MmEr@-3vxn} zyZv+enYPKVQkrR#f2d6+NAnLJ&*%EYz`SlQE4sG;_gn zQ7nYI$sXuuF6-90xqDLFrkWLnYhUCr@=A)zJ;+6W{AFEmR*~{i~!kW2UW+6`~@WnW08C>3d*{q?t zvaO$#ED<^B@eJh;WFjY-+_A@Ytz^+FE=b78Pc&g%UUpYMS=q9`;E_5neSXhXXE2AK z%Dmtx&Q57ka5@)O5E}#~4MnDUf||dV;T#<;|6cM!5KITm0(^7@_m0{skX`Efih(Hd zx+X9yx~dQw`<3*;?fp#2)2AE*!L2wpVOfbysKKE_CZClFwF%OHFGCK54pjqa4~eB1 z!m@yd!pdMbSvfE1^0?_VsFeY^;+}_0Si!0yxB3-hR%9X-k-X&Op`+Cn`!u5g%^xF! zp_EbC2$58V67rt2L|zuE5ZN6j3ClW?n0x=Tc=~l29q0d}}$SiGxfe19e1} zKZTBG7CJOW37&9AynBMY@s7_IYUy}Fei93sBrKnm+5B%-jyca53z$CW`qnW=zE><* zg5yBOJW;#)INa;d#DIyFUhXc&QoMEBsnV}JZ-il)Gme+O?6>#Qj%MdCv%z#gq);706fff zpmWxfTxk;6TK?OCTey#*+q*l{VXu!>ci_1)@r~Hb8zp_9S?Es*v21vP;dI(H&-jSo z>j+I#ri$vyjzC@ZK(6`K-Ck5^>5>8w~}jNxMq z#?s{~8Up;)aCym$A)J+sAEaq2cv3*Tv~5V*hUNp7r;zW@%n2hCcn2n)t*z0%6C0O0>O{2|~ zod>o=AZ#r1onqO=P!uI6YmhO7w>2P5c>#_I3$`Q=EW_+d8gUu>UJ?-mWtJhn@2$=i z<$D9&YM(Ug@nevE4Sf@jwCfQSUC=$%0606g9kab%RZ%3v?bjcehl&9wttf%0%g!*x~) zgD>bEQ^6ckFJ}CA%@3M~dbZ1Z<>?4M^l_RBbzErifJLMONocV%oC3ETw z^uEmb6TPEZf#NY9yj8-dVSXn<@*u?pO|?Y1xX{QJaJl2|2@PqY|CBQ_ra2b3J&TO& zob<-Stz}bx?vE8tP3>a36}WL8_1t6mpSS5)3wLdE+3 z7l^3N-ufmos_F09g;bh^`yzAMiV<74F*U!!2aG?T`~ByBT)|aOR`qMnxwE8Pbk9Yk zrA0TDNJf$}0#Ra>-NR--H}(qmQjo*!izMI?_qYcl^@`z!xb_&2q0QV}TG1Zx=X-%C3>@H-16Wzud z%^mf-4}w8_J>Yu5GLVMbBrUVNqzbUXm=jy{B6c za8=ezqh-7X2C=~{V#RTJy7`YMby2Lkd)~1q=gA#!Ye$S#f|%P<#do77Hq}(9H9|yf zZ$V?f%kuU*@NRF6!gQ*sXjOC~R{=@7u#@(lSZoC{I3*X@y&(4}Pd~K|c>2UA3)p`OJ zSGri{JfIO-P=xh=6eJg@NE+M+68LD~Gxg5l#W1g>$jfec{7oWV&07LGYU}8TIk>}% zTi@kTC5lm8ms%J-qtZ5ozpe>=-9Q6={OmDl>r~9=h*xV2S5s2;3d};H_x7X0)0(&H z`Y5&48}x|*Z2tPW?`3)ke<5b8M;0H!)ePhqpW+N-*`<5#t<(@LiX21^37JSGQWOTK$jmk3u)}4*7hXy( z0CbvW{GJBOMovR^cP{8dzOyFUwK<8*P4Z63kmmypGlcxiS-J z#zARj!6Ffnm`h&Mwp<6?2A!Zs8X53k5;KZ9x83QcnJ8FLS!cB^s`SO2-74dHT9==Klzlp z3gkG#JZlQZvCz)k7n&k$M$ z)Rq|lm4!OVp8PGQ37y0Hk|jc0Lkt_kw4x!ens`z~oc0HrH=Lzcd!&ar&R00; zhI3?uDs$YIBoLT~$JtUV8NMPX8lyaGn{^-!Q{=nrzW0e?W3-#yxsXSq7;;mPQ4 zn94zI*xf@cmxN^Zm8nuov->v<8)w>owI|Q39(qJ`K#DIwSmp_|JM*K;yRFt_aCNf< z)_H@-tbMg~Zlo>Y&W~HIfl)ZDji|B_ANM}luIHcT2_!o<*6qj}j)mmbtGZFsu`thC zMYp<%JnK@7LZ5o2W=W|9kxPv3XAr8~(SXg=V8VRrJc@41h{TXeJS>BP?Cyjj5<8%1&ohyGs`BnmP(~>wJYk=LGMDrL1?OfA zIi7S*rZb`pXl~Z%N03p?<2BiZx_fvD80N@?0{M+Y+5%d6R$Qq?6U5>+a{3n6U}UJJ>iP(NpVF493*oi zaM?M@W)uWqgDtEflLoi|)F$JieHvhGOutY;{B*Me$*ug)5@G2uPGnYUu4YyOT^|fe zAMUFvV&Q7GZ`l0Hs@()o=rF1sOjkEK%cL-i@hU7NSLpxHLCoW@be;pegdS)D(6y8p zb3W~n;We2C3l^3UBX183ScU@}dopr?=2n}02?bBTt(m$`Xd$mYyu{O|_>i%ahq;$X=eqts?G zY_yhDp6L%WCdrpuN5bx^M8Ip#p}n_c)!k}cxynvfSRY5lW7$;smn-ev0BhlC^{}P@ zG|4{U_CfOC?#nGem6BdikfVdc11AHF73R^Pkuj8lJv{%dy#Jl1zFZ>kDfx)!nhy(> zF>QV3iAo;>!U{M+aLw3Eo-!U|x?nYH z2~viD3@xSYdm71-Py}*oYlBhq*pZ>3`mecS&Z4MI{#kNXfRxTuqAV%HF`5zZR5IP; z6AjH&!k{}27C8tc<V*W88rcERL|ZO z!?d(z-|Dmq^zL$ePJWjEnf9*QWYp{TZt&OM_>^4th97$4R;!o0I)FhevPo7oEQQg) zas_HZeNc-GKrQmNfpjSr5ZQ~`j>k5gyu-4=2a$zjM?GZkAk04dMB`M_c&BKJbOt3B zp1^42WD=tmYN@brXFD+T=7zQdyg_VkgJNSYWpnC|O%RTU5^_v-ynpW)uW<)DWXJrz zqm^uRHTXC>K?KUnu0;gu9_|@uVvQZLgTHilTCL&ubok{D!-bodADcNuBu*27?LQXd zgRh?*>hUO#+dlPbyQ;@M08D!A6EHd2Q*Q(AvbXw0>xxP@nhlzR5TIOEYZ^OoDsDQ8y z61nzqWtn6F>bcJA#{rTxo-ZQ1Wn8~wR86o@DlhOIE@Cv-+1;z&_pAEp!U?_{52o@I zzwEvQXgQ4Zu%2m~>{wtgbI+y+foNTrJaBQUjRHq+-ZXeWdu9PoxIv#CtZZ9UMzCB> z4y-#N3o>V;dcJnI;7V$*i;Us>SX{yZb%@t(wSMYNM;t4M}DEB7!yN+fk^GaaE8n-5coG9n2W>sWmE|sWJ@1pnXR59+A3C57%A&SX%^vz{3`-vH!KaI(d!t!@Rw zN>&H7`dP4aDi`Ng%UZz1dVsF~1mm?4-mOVQ0X}*{=p#n6o@#ZgVADpZz`4|ln;B0A zmy?UZU#H}1Fu6Io81~8K8R@?pj(e@vt1ju|v)h`<_v9(1$sM4QFgCQVv$J&MY5<65{N1>rjpcB*tb!p-IAr=f_6G?Bq_jsZndVv@p*4@c{O-E zW6K@R2BN%9akzuwcgWim#4zeCe41^hJ8%B;s&75?t-75ebqI;m+m%lF_|7s5glW8P0G zuV~Oxtu?N`H+*@+zk0S!&%4SZ=q&c}_8ChnS;dScWHBU2Sj#|-N9(k z+iSF+Vzu6w+>D2pV=@|yP6k)%okK1PSpnR>jn#W4?E4-*96{s?AmGx3+$0EKIk?%` zYdd*-VDq80ug*)&XU&8SDtjLoObGaqY`l0fy`9 zowNqvUWJ$`h)~JHa)1|CGH`XvOF}+~ED9fZh|B7)30hj-4b)-|2U7wWU597G!6`Wz zTwH!=wT1!1aF`3uf_fV#6Fkyt#7B?uZ|aydHS(j(S-42m{lhcNoR0l0gKv|;Z)yR^D<@GJzA_38`Q%R zx7KV1tD=Q&)h9@ICby|URm>Pb7ht-Muyms&Z5Aus5I~NM6+(GSRtfX(Tau+icKKfI zO$0bs^^wJOZRUwePR8YKi~-MauHFzp8#6gH1~&?)ir+KxVVZ(c9J1R_hJOH*}FM+XN-`>%h1VR`0=%{?|O zyW;fPyWK8A;4cEYr|m(4mR-*G)@;GbLhQr)j9rVAg1hMI4ekRytly}5R<;9p<5@Wk zYnk=hak=+~eePr_bRV5EFXbZcc5y3rJHwpe=b0!|(s@*>IEW98MRM16fz7AAb}fON zaoppX8xUU42BW}J-J1hn92(Qwos87=iB93*Gpju{*78tgwY3w6XlIpK^49f8w82dk z3!^S>6U))0W}E;R0?ah08)?olr)_XGcR3i|#?;wL9FTpixrcUVOLc#{KGJxMF?En^ zz!Ie~fgahFv)Gv$%h?2{y0fPd_-3#kS{hlu5GK7u%uvQqd4kNUz*_{j*jUwWF_)}* zM3PF5<7G~xXwx=8(}wjDUt#Wi>V4p%s=;fHmnF3}8Rcqz?OCK<2h1-ROWQT^sW5*< zCwYQ6O54WDwyUwU@Gr<*z&IkSfuRDDLdr@!&r7!o{2OcN?7oHAYnE*6?xad3GOpK< z3k#HgsnG)uwp*j&#BY?G*3$j;N*)7@UIibl@4&UF8I8t7y!Qb8w2tp!+UClK98;wk zS6Z~~KqSrm>TO^JKm8!#H0wC<80QUZSb5@(>MD1rVNYuAN9(n9&&1XI<~kZ&_22cz z*S(YB#qj#qHktOWhtsoO|N8RkSMv9pp8V@mt;+s~HEy8B>SCWRy?kG{=B3wl|Ezg- zs0WCK&dma)jG$VvDf5GlFm-H`N6)ewih&>vB<#au%uY90;0^& zspGiS+HnlYw`CI27)->wyWTuJ-fRx9TELqO z*K6$5CxeUg;mxQ`&aQgn{-8~U*S(8h(P`%5=9j_fnvO&*()r(%b<)2h~IbESmPHa7D(Kq(8js-;Ac$ zlC@09a0-PluSjqFE4e%)!|N%TTwR`D^+x1$@P2S{IT>6{$;GgDaxoxhw&3+U`Ok}s z%MZixd7BL055{D8Muy|F%d64gR23Osk;&zBIz*8G!nQ6hr&Dry)|Q=~_C~$)0lB_x zlhfXH58}0k<35DfT=cGfm4%1n)8W;if30dwp#?o6{UAsBm*eT+?>B?- z^{{uLi~bFm=f14)5=L+>CwVr!p0>%!&2%^(Os8#fB`0w+Xp{5H%hM0Ti;FfA=6cv4 zPI?f~(R)7}pHJ;{uip)RCB3WRbU=Dj(i@ZEXf!w-_O1tZApL=+m#lS7uHW^p$@ySB zxPmt22Q^Gw&zEG{_@H-c9(UA3m))bD4CKdQNnwE}I>=c+QNfFRVk3&A@_CPjRf|8W zgo#Y-1G|R%H{FSFfBruqZ-A^=;ld*S~w653WYN@vmDuo>;#f z6!vFq&XYu$z^2woT#2aWU1q{EE+E?5V^kHtb#ZHhMf{Y>Cj7PPW7@3?>vkANuBcwQ zx!s&XD?CV@`6wrhoOrjg@mcm#{)#5ZlZ{}h*3yOXu}>9eHU${g1sICJSJtD^#P1oq z3~a)~J-A~X-%uwq(RE5sbi5^*YZnz@Wsbb3E^CY}QeK@Kd{RvyYDHavC_yyvMW8J< z=r3ImJcll*h~x?)&)demG?CgIiqe5DkX4m~d|j=eEm@t8;>5^!eM0AeF9Z_M>w|;#!NCDx zWhS&5|D|%y;n9<197n$K_i&f=9L!XuH)^-CLd=;$dxjV|j-&yi@L5?fa4F8qnbb;^ zA0ob&$JKr;lDooRk~|?{y2oy-6?~ly>TEaVkEag!t?NUyN(F1fV2F}(AEc0>p5}Eo&&4Q5Mp;# zteEdNw$fezFL%d;?`^)_RpHSA(NY?+k}cX^_H?d2KUdlXpN@M@slkJs5f>-m3H zfGoJ)b%`4Y8ghZ3x?CR9U-mqo`Bp4|zcAF8PRpNHe~)5}q-b<}lu z%M_qr%50@~pu0!LqF5*)uM!)FV9wyB2FDDX$3Tqwq|b-;8b?F7YX-Z`X!&$E#s(vF z1z(dn@tVg7GSKKLrHZr(B|E2hpYM>E(F9|=soa9VPLVwcodN`armP@o6ENs!!@7k{ z2QcZ^RuDkk$f1}PO8TOSYgO~Ew+(QHmJ2>Cn1kGYe+PNzn8dd%Cv z>G$j->=SIF+XO2#m?s`~Z6U8)SMJT+f*bV;ypc=Gf?6xRkRXhM6XT(+V zb-P(Z**)CzwUk|T#+|rjo+y_mh%-onB^Y>jkM_vn(d+-m1gm`oy{1u+*ETi}Ic_z@N+ z5MyPq#hN#(peuDH$*K_V57-4{e?i*^-~-=6b_MM~)7GAvZSby^XQ+*6s|62u3Vbi8 z_mKOd)%wTb(d*93mj{QP!&hYY;O+j=!QtUvtMwP>htJ|pIHR2akp2tp@v?t4=$(!R z-8lTqm;W3b92~rT{Tlv%aBxuh|IwQ_Z{Pmq@a3zwuaDlmeEIUtUk(mmAH99~7jp0n zeQ*3J^MYo7Ir!qfs+0R4^3!^uKx$z5$t0qMyyD0pne&7}^j6Voy?8-}NrA3W5Wc#u zjsTUHKq`b(-msmB-Lr_~0gd#H0CtLqebV}h2FCvghYu8$W6iZtU_c8^LsG8E!rbF?f-G2+l9(~Ih8)DIgt1Wat`{$G?~zkh zP#)#$x7==jGT5t5OFeM3Nx|}>P1rq+N+S!fSR`mA18>urq%C-^(Tpubi7&x6L4-=@ zkeVYvSaQ!Zktkcnix*^)F_4~eUa-8?!DAJPGDJwqf{~Zq!|sv)h2FtE)k8{w%>}!F z3%;-do8MAE3mS=ex78uzvneRDEYmHopplK|X7`YmB+Z!AWzgUc7at;m;fVsX38tr$ z^bA=Vi6tH#hb|C$1HKH^wp7%DjRQwGQa)GNkSX6ga$QS78{G} zChRb-#tJLf-+6&ZAbAIz??Pm9pEk4tt2#Ux{qO(f)3-~=nNYd>cuxK^;>q2A?=FfW z&5!r@A08gMd=_^D5$`LH*nNX19RM@fpH6>$_m3Yw9{$)p=ziJ{L<}{;8SSckANz$! zd64fH`Q1mHGyBMbxVtFg2!%SxCl})G?-D|Ad8wm~ z?s*H68_%KCy@<+~<$9ywp2hwU!JR<7AJ1{)=w(p>OKM@7*WkF-`U5;ARafs-R}DXZ zkW-ci83*K@rUH$XT7Qtv>K|x!&G*I{s@dOyly!KJc7oeEu=-AV|69|rf9rb$x#f}C z?T`k(SpMcW7m3ZyH7?%2>jsHzqS7k#x>d7!!En`4t3w3$(0rpAqm>SL5JP^V^_^h) zCE4b%KdQ7)NS*IfvA%(8_DL#}pp!~!s!?h)e}6iyv^o=_kmn|S8c|JkST|7rWWQDF zCL336yMeb_fK#X*)Fp4qST4#e07VN8-Hs!%Jvn%A5O7&1uyyR>rHMXjxMoC>i%1^D z-+ue8MN|GB^XMLv`@_~9Pr~C`KdqP*R5It|7J;a{W72RMT2h;mB~Y9giIC;;pB-|= zX!s%H1sl<1*&=pVSE#j~@oY55ny?G)c9xRW^mE_1t%Z#NT(L5iooM@-h z`C`I3JLsDcPWJhAspQV;IjH3Fv2R8un$xdKC2v;GK_8JnLP)kjIi)6No6|yy0r4sDk*VR(D+`1yj;n$V02X|d5 zXWyaZH&!ph{wqr0`$0TXH)sji^;vT>_kX@-Mx$x0fY05!Kyi-w{z=rLLK%o-+HL5!GXm-w{Hj~uVl)tx)s@1sfiJ(@uT(L#1O8tH9PeBCjh#E?`B$dLrD%^nY-j#5cSlEkC?9dwc#zW^7dSNa)ciAcwk2FS;lXd{)E&E z>NZ^g0v!!w5N_|Gt+mQ0RKi#Hn}jz}vvn;1Xs zqFAFU*kYv9Ny}_5|6fGP-8~R-jG=+Cfb2{vRp!s-jAaQc7^KWiMFR1fO&Pk7#OR6; zK?MvafiAm*U`nL25P3i&6<3M=4K{em4xfNCNvSZ-<(LS0Co=w7KtR_-gg|rI7R$)) zyGd`a+xj_y*VH}`5L^lJcW~u8%WnQohVNgRi9N2cCzNH!Zy`&;9R4|Q-VMoug?oFfdBlB&*F|vnAS=2^f$YFav^5?^L~)tN!~BN?g6^MjIjg{ zKR0_^(-Yv@!G)kkD3cpnqeRrlwG<_6MwKGXp{hNKU4Q++yrsi=DGAEF5OG7(2FBi? zU4a8{!XOcHQe-01Mon#w+n3jbNv0>M?73;!Nq5PwYTyb93O}tHilf!{(X$48-?Cd8 zFgd$39YyVbY8&zdB1K2Cl;(y7$#Jh=XN zG8~_NoDQzu5Bsuc&MtUTeo~T68L?w>RVKZ>2Vw<;?=y_e1t73|MZrw|dXuwk#rNAB zs;~H}tnD}}|!*^CBV4LOFq?e2%X%f-GC zIGqkQEVW{HnJfwN@Nug{Xv!_II?ldwWJxLZsqb!ka_3Y8&JIaMs59fIa#9>j`S&cF zsRCuLEaxv?kSkqRUlC!eLq=JA{yo}YA8J8>D? z0s4)s6P!{J>em2QfDY2~n7lqXh+BljEEd`Fn7lqb8gVH5;)R13kmKu4v|Q!ih`|hS zEwfM#_jH-im*>IgTDMu!JiZHkRXsA8i%#tuSv2`rVK;qo+cBFKOCKXeBFKB zJuo6c`a@UcHDg)c4MnhT|M^k2kl=WvV6X>Edn$r5)jI?_=_U?5fbIkc?=-GESqMbmW=E*c^;C+-sTQuiw6W+Zi6cbpG^TyZ!&#BYlxB zF-*IX{FWRY9KPus9UT5hdQqg4?_M!@9}c@tLpReWr|orGaT56Y*?Z5YJ<>a!*wnp# z-d;WIE}r+3j8RBU)5pxLQU%J`UnTznpbVY1CP6r?7ca<%1uYr?@?uvPA9>k5 z=pMMbK1zKSIB2D!tR&VPn~)ce#x1I{Ni98ILn=9_#lrR1g7P`njq;pGHu;huggrGb z;Uwa@3J!JWsI(DO8|MIe^sGvo+zj`eJ!ozih~%RjLH;pe52&*N<;MnnporSnZ1rlr<>Pg8G5c5Y2WkDGcGe%{r!ryW=&&tM?2mt_t?&o=kN^L$dw2*X zj{bi5qgik{rlT%?7||?PkfS5F?h(1@9UQ#!TR5z@fSsSRfE@h*^?%UyvF4BP{ng(O zfAA_Es*1gGUgibysvde(U;0(iew5BL8Zvp2Yi+Bg)kAyuPQbDP%rPCgO<+58 zQhK+ei#hH%$7H9kOZyj@EDb`mWPitG=itr0R6f7cdUUg=?Ak-bZ9WeHf?+9`TY6Q9|eQ*2TZ@I$hlNbH=H$FuzJo` zsK*$G57Q>~%Kj8jMQ{hmPje}&z^iClMiJ>x2C4-q{%w6`+$F9Z8riUZidZ{iTd>Ai zU`Q~+)GJWm&N{J#Qy8EIZ^xpTAcU%UI4pDZ^e^@Ph#{=a9Z#V$fDj~#8vK?(($tL6 zaEb60+jEq))LF|?deH-2=5?Op|J{}!vwN1+i+g{zrCplTD^<5*Mg?J$M%KC)*L$x&OB8WUvVqQW} zau67}Sg`ClmNa8<;QOLXigoPg3d<2F*u;j$2DnW%i4QaV$pA~MF(SU(POEV!&MVsL zai~H~W6&STKTAT&SmIz7%xUjdGcDmSQ-FcTBbYJfQq*KhJh|6kt8gl%6cyN%k5wTAG4$p!P z3|S#a_YgYU>)J6k?xaROpdSCWAjSwvZcUFeR&4_g_Of7k12xe8E)tE)mLq;H|0Ff+ zL7Pn49`4fl&@M4eO zC{S%3S;{nJ3bYdP&QEUCCV9#p$*Y?r{+>3;Mp~$?;gV$IHu+cY497Qbt^QONVv5C@ zn49z2M))+b*tP6TIR~%;ae%x)cmoWv?ayApWA+b`Y+f@SGa?JF zSR4JhO$vI)j0Xuzx)1!0r!3^OE3)~%{MY^k&x?=Z_G9t+qlU@)CLL zD*Q`PqK~OIpd}*d{L&+`F~CDp_XkhN+4#JFdOGcXilfJ^wwl8)y+_UBm)@66P3a_4kc9Bp`Yp!o?GT%TIANJ3>llM1ckx16rpe{Fluhm~$d3DX3 z_czV8oDa6f*|Mg9VzNT*DfZZ=@EjR6uUH~}RYNIr7kq-(3y$}#4l-i8~ zIoXTH>|X7504Gw}%_Nu}m1 z4;V59k)Sx@0}qm1*p$Lhj^_kqnCzZ~M4@b_m{Tk-M4Ga&dQK~H?N(NJ*%kWc9=EE5 zu}a{87}I&Ky{n-cp9Bi_0=T1-Sb3*qAZjP?`?n(NPX>JzkiNkPwz6K;8fGwXC-3`) zqxEkQGjo-qpzHWyK)MA5Kk+Qwur`ki@wEBtdRxu^LTopGT_@NIisLH~UwK(1;lF{B#)hN8t7UXi~TpH&SERA3@B-I*K^1`#zeDZUBH!o}U8O z4ra=uDBxDyNC8#&$pk1Wz$eyk6`TgO>%sGr=fuN)c@%;CsvAjUia!en@iAw<1_v2G ziKE(TTk(*D6{K2W^|nzryO9BOD`QqXA0w61deoI#uTY&jaqn?+mwI>PbTtL~HDqK4 zT|-Nex<@ps*)x-1%RNx9P$fYV1>|kIX5QwqwX^+(_o)&qrfNp!O)yi+0;;p*QBC*1Oz!Q34o%Kcb z+;^A~m)2Pb2G+9OWFc@qllQLSJ6U7;Qs`c9v&to@}r!-4wv?z*n zBC?fUX=?bg2vN=ra$VnDUr(yjSXZX9vl~jTe++rbwDKp;Yr4(ErrXbK`W#b>#C*Qt z#peQx`0s0V*F+E%RMH&9S=7-Ws*^1YUV5a@@Q|v9?Si$`p9fc4oi-EAlNHxdu>SrP zIRvS!G@`T+J$%2e!a;ciC1a6Xi1~EE)0AbG>86caEneNTdRUjKHDT7cit-ci%Q}D+ z-hSBn0U1Yj9}JQ(6+GE;Cbs;lsZ_tOpNuZ8keeU(9ukY>Wb})?X79)DxX#iI4W7pKVe~FOK&sYSR}j< z*#;grGNrzN&DpNLEvIt^{}q^>oz)lcyDDj#*V&eO4z@R9MaF|1fZ?{|eAOD&4eJnk z8~#@-?y$fZyLvPWR6~3e8?4t^GqLTsVMB#4V2BPH&IV2bC2M>{u?O$tYEClJMPX-- z8W&=#VQabuBHfk~`c>8}1Mo&!ifm$zx)jc)a?Tz%q26TpGuz~u?-t!Kf!<_DoKnr> zSB2cg_>yV#MHI217$ybF?&(Ue13Q^Yg*8*E7Fo%KRg?0>SLSddE z_O0}7=&D)Wu6=4AG-QOv!rC$cDc zVQyr3R8em|NM&qo0POvHciT9UFb?nE{1kZ9^PINlk?338>2~kzdlXqov};RRNlqp^ zGbaZkAqf+TU<0Hb%}l?a{dZ6WfZ#>4lk{bFw|!2hZ4v|u1)xy(;>&F>UeaD9(wwEa zV)C9xOq~oiROaE1Zj*oc;-Ayg)6?gdm+=47)6@F@&rZ*u|I69M<;6FbXJ?mZ7yoj4 zcKQ7Dn|~pvUq1BXKZVMv{Fl=&9;-gN|0X{)<8PQ$T%=dz{w$zb=Kj14FT;x>ije_s8gffhx@KGb>oDfJDSk}&OaAdJ*oZB=BAYzV)YZw!!^1?P=FJm`N1)7k6EU>fwuo?{gBNW7%wr`~hAjlX#o^vFPLw@gNyCfH-} zp;$7v24DZ%AI`$Fv+(rmU`u(LQ=T#jK&Dh96&7T03o8Nd0(`y?o}4EMlYaN-;dkNL z*TKDgbP=9~r@^niEr0v@g?{$Y|9hGgO#L($z$5hkn`aIB|IOLuHT4X#;~P|3(Wm7FdU zrbsTxl97xm#bUzKT#%h8B+1z}OK8qi7*H8)t^$H|@QQRUNRQkKm6J@e6_b+1ogk1! z+E;gq$t!ZHIfX#7Ea4Fyh$79e$XNgcU3Vi{CKS(w++C6FE=mfOGa2$IyZZL>^z`Ik zHCa>{jo81PXkt!CPS;mtO?#J@7rpG;C}Tao(jyR(6-hD`36FMHq@O&{oeF}lz9Khb zz2@l}5cDAAheXg=1<+1q4xYMgFQp3XLUGqL2{_>@P|K`4xG~NTCXvBs(Hmq)C4o zlT_pyVJc%0U+qY27Q}r@Xd3GV38VLnyCJYoP|zR|-l8RF8> zL+p zZ+WHVS*6*<>2uvquj*?d`QP+Sn~BlLMMg%~!B^hqeM6J0;44C6Y<)Mn z)=PipJ$i+YPIaHRBGp90p>d0Uw=ZM)av;(bUl$SFHgONNj7Mz+>nW9bkCcPni1mEKv#h!T`l*loM66XPvU{%T*gtbfx)Ez-Nd7{6VCfb4*F>y| zfrsS!S&7oQMmsD(&QeVUHNIi0>qIPRLNd)?tDL0~v$Ix#_pmZ`n9o;4?{u^2r&8Q= z&7f;68Pw?Br(U-im2}H;Ch-zKiD^!kRIxz+@#Aa!oeKmeEv^SfpR)`XfS9!gPnwnQra6e{_+UX*qo}Xk9BF zWqQ5fQKzkaZP|4DMC@ztub^$cvd@~$YYS?>Fbk{pd{tXu`&I5eZhq8QZ~NJ@@}gx* z;}#6SHZUIqfsux;%$~U-QO4AL1YPA!rZm~)c{UX?zarnAetTMbq0F0S&n~<-hV+|v zXQvmzS3F%yrWD*;HTw6JW{~dm{>lZ>99#~&W`th=6DecOgOiN_e&;LAyY!H`>#>h? znkt!~j(;X@|yJo`#aGxyt441KV{-@V`g@u}}VYlG@35vKY?8{A2#vV>}}NpFcal ztjYh+pPgO&Cjb8uKWE`9hBBFVZ;`v%4a$H66r@K}V7N8S0y<>4F-FGpp06peq`_Cj zc2$05rBSo50-%GL?q+avH(v~A??=-={O(8-mMBlin&qU|a|D6>{qH24u|&(Q;n+R> z@ki1VAZuqd-~6HT_fQL*VPr@Bv17+mx(B~*kNvs8ocB*- zI+-m#X9BG=&^@X@o&E)W`3Yu02#Yp?bnX`r_2N9c! zm`%SFxf-{`+aj+Qi|M>|qv%#z%GaO)`T;34$_tv1m}QCBflkCW2ToJ>@vn39L{IJC z+EDWzM*V3KboMhLD3jvjj(Ft29M#&i8l*r2qsTwVTC&V^@()5EK9H~fo=KkOfG#+*>4_&V)nBJSz)dP07G z^5c&|@b|y>NX%9|JwP*bdpmZA{P<(=)t3*i8G8}4zUda#x|01+aLMB9LW|+^Xv5+n z;puv`PKA3s{K%rh>X!)76X0o-6!9Z7utUxE41yF95W>=!d%$#)r3UFeHy zb3rJ4P56q4)Tv0CLvlqF&AD1}7KhmRVW_t>k2b@PndVQltlA26WsFaTS)|EM15T5q zIh_5n73h1K@R*26#EWGr(1KhWQ(F1Z#=jYSTBcFC)}OKx)bnlwSbGB0`! zIP4q!?gQIhktNG%SUnq5MjO|RIIuKS-eWZGmHp`rC~3N83B!1#KTU%_-++Lkj#!=_dC;?FO);w>vuS&Q~n__eR6-+q4PpC|Bt84et`eG=i4iySPl*yng#g7R-+}_uq))|bgN+aF#|`0 znneWktzlr=J%MI}kk~6*gR?`34yRgBbre~*oZK@hdCVMH{pJFG<=c6&TJevh(%fBR>>0;rdc1G|ONnVepn=@6bNiW9V5avSbl06eCJ(8Tk)K zg^irfSrRKkB|{ei)X{^Of3!r)(e-$)+k&YxW6|*^psAFn?d*OBqh9^t={U1rg0Q?I zo&T$P|5tUYY5~*jr=a)O-m|~`{B%E$(|;Cidr`)ErMl`aPS4I{iH>GbXz=W{hPbt z`@8XI(P*t_zGktD22fX|(@zp?XLmL+hVwDYAB6l+Iw{&0Q$5f6!_jn5eW+MeNS^N? z2;^g4A`6^$$0D5xksDtoBTuIyCr9CcW^~CDo^z(c{&Zw;pu*Qwk&f*)6d6m^hOcrh z^WL9zjw@TDbPV>7r+w--T`A*8cd6;Jd#s8qOCXqpCeWZFdt=*%vVvB$il3k(EVY~= zs0Ct{=Hwe6%uK}nH0S-=2*fE4K2d#XXJXY8XWrcHcxJ2xliRDxOLKtd72@Xq?AKeA zBZK~eW?AFaUY&*gY3eS@UO$(J;7=|x2rmNv$4*tRqIWrbXugTcQ{*&s=x7!TW{{U*d_m0d-w2m2$RMp;q& z&i8?T8XWk=XFy>-tiu2nXrBbT<5%&ovp;wcHhG>M_yisAnxCix-<+K`zcDU*?m0{E zt3(!?-HZmq@qAc81dy`IQE2nj4~@G!`3L!-5IL)>(y{;PY;t`!ShV%uxqi{V9dueg z8cc`tMSn3G7%O=5Q#c!~pH9Y${%Aa$E#6IAXVp1t`|M`&>ix^f?6%)JoQH`-tV4{P zA^&hnjm}?{NIUHaSp3)L;MRsf97gWHzqx%s8jlvE{>}T>!~XRBbT}If$BX`}&sxxZ zF&2*laohjnPXs_CisSLY2Y2(u#&ftGoZHFx{q1lu8x7{~ z-_Ayh;moY?Be3m>c?nwrUJm2K2Vg#&y%`OL?}y{->0~s1j7~fbgBRWLI212#|M>pZ zY;rgK{9$c$&eH~S(;iHw!}p`>FB-QR@$)nQ`qR<-{}{geqH!^3=<)G}gIhP@!Q|#< zI9R+NjTgh&oBm_x-~a%%xTH@5FNXauIP#5{t~zD%EXW>_GC@<1Qz*?kO#8D(d8oFiu+R$$dwhTB zk>;;Q)9F(Q;ejE`h_fe-`)TCw(8!-k_iiSy=K7ykqw%Zvi^+cs_f6ZeW4ELEd^CR5 zc@&(Mn7OCHG@ted2gu@QL1NL>nr601(^c*T&aNp0F{? z4?t>K{Mvvfe0k!cq7Q)U+WhkD!F?JK{yp>g zXY*-el@$ADI(Sb5qk1*{tVio<0Qqix{*w`y{}FL8PmllDWb`xBK|dD%ck%499{>0J z{I~qizsOJRM0$B_{S#S<5-FRU+@CL5PHn_UnI3m4VlO%FPZB<&_g^i931MmB&Y-1uuG_n_vMA+Hr+M;{(^G1XZ`NEhF;~}X> z?b&D*n*y77?yuGOk|-<8-szo>&pTUktVj@RzVf{mr}xhuPaPQ0 zdfN9|J?1}aNH0(Bo-F8Mu-ocD*~HF6;Z^L`iVoqJ5QnWRt@3EdfRk5HNxI$r|ca=+P{LB+CPUD@IQz6 zw~hAvb0tC5pTkc}Lx*2iQic8bPk%b?efO9D_vgR-Ijo0Z`tLrlT~Lo!ZDz&$yu5hi zP!6-hSdXfJ3Va;-zll3!TywZHk35_Dw`HSHle~VxBp!_N0S0&T; zU~a>a$LyZT|6#1oZ$B+R`}n_5U*8o6 zLCro~aPqKWDOnagiFvvv8I3;BHB+t>peiyDX^GmfB!LP?cub^V8NXeVQ zoWxwJAYAkO1pY@312b=YY{>T2Q?$eX9qa}?#6dB~cQ^D^;^^gU>50~^q z@cS^|X2I|O|G`(}4V7FJij1y@DhM+v{>q{}2zkut3AU5suR(O*Luo1C%kBFp5k>qy zqaRMTH03L%FmcvD7ggPN{!RGmPcp_M`Mg&XW7^+f+xCW5JUb6hyX4<#T2Q$o=clL7 zTAG*Do-eyY|bL=BYDnkHljT{nOz zQawSFDU?Rgi-jVMHPdXm5&4E0069}Qw5CZ?Bwa|cY5qt6=&qiPeu|qj0zz(jG7a%s zfqrnnki0b2C$d6jLNQfh)h)PPqmJpNV@kFi@ne%#{DH}?zIRxZYan=vzjvW}3M327 zH+HY%E5LvxW%Y7BE|gJ4z`FXrh3PMM2t9?qeat*?y_t7>3gqIU?S6ROBkBDctF5LnTwTM}AC}EM+Smahg_EBQ`c896 zvheK+F#Z9G?unSMOl2Bn7Z|g4>DS952LaN{;i|+cf6&_tjg}-5G3&asho$|n8*I?E z=f8|YMRuYDeX`UXLlbnG?(mspsz~5`tfbhIEsHiZOWjhD zb12Aza zTrQf!e{>7ih`pknogM;nhA zuozHR|YQ#)3#nQZsg{dDlB7s9egyd_U(xhe0 zoAlVysa56pcS#+6277up+vIx>@Ei~$*_Lv5K3PU3>=ca`n8ub#mh7}#@c|IGu10nS#LatKy%>iUFzV_ zomJKZ_Hb-C5!;hM+`v~t?ghT<9SSWDaFNm^v1D5n%Pr3h@vwXc7L3=B19;{rz(6Jm zc8#sDs|?rO!P~-TR5VqF;q`uBvJFjEM6C8RFHgJeNyp8}Iw|6P@5r)P5zuo>k@Bdk zS7AvL*hddif0qLDQKYu=nX=wA#BL>rD2=CFm4^lJuet}XB1gOYF+}RYM7ESC`r`yE zk9b#>V}($QsC*L6l`5FNLL#^$O$%Ipee)r=;&?3|>0OVERCa-fZH>2>tEfyqefYi-hW2?S70zsxlrGqEN|>Y^nU9NuMmaBg=9z#n-7VFRIrF5Zk&F zHL>c9MNTO3&uZ9d9^o2)?WS!{;G-;$k3dZyx3xjZhAOgTEG3df3@G_>R~e@~go^!8 zuryEfu#u3NkghO}cl?kLormO=W~=nD12=ukS&?~xm#f*Ut-_3V%zUcMXtW_7f`}#| z%N=rYz!$s|1)-Y5%UE8}#BRR_A(QxlYhEK2X%ALj@q75Q7eNNwE|FqKlYG}(NyfT_ zOUdpqE0zh5lAYeDSweT+@=3-dUbPCI7{=4{|Btj5&IaiEY}B2d{+O!P6#DjbKB;^FnLwr%n%QHDePSrlF>@9zmtVj&U3w|-J;~&sA=h% z>eoQzjNpD$URaK|mO`l>AWTmq5{2fU@Nb?HN)q~@3ZCn!CJYPcYm8aoOP-)c6%P?O zxDya?Wkl_=pQv1%ot>6lk1cSjP%2DMtGW{{%VdR7b5g9JQJyh#TDYiV- z`vj#&KkI}hac)cNKDFq+W>_i*`l*f_c_T}fQ=WD$-|UI-ARVN;#^k(#-GJqW=t4m| zcRO~??(S-`7&FZ`bvLA1bAC#hA=4XLN?1AvPKFtizydYT%Yc;aMU zUR=a*@b!sSkrp3oqUF}#2!490JLAb>G#GYB&OTxZBYo`57@Fnw#_>;=M*><-N&~a7 zUS3yL^rT?42N|>6bgUJv)_cQ8zaeTs8E_&nh3-@E>N^#*Vz?Eru-Rx%5=NC4r+m%4 z`J_Cp;2Nv0ESS{7SmL_GP-R!CgD`yW6Z6U@^Urlv0Y&(#q%-=;T$eXsvwtDGO)OK( z>v>u(TdJvvrB&^u00VK)BraCI;WF;&N$%X*q(W}Bz^oYyMr8C~+qS;$-U>;DE zc1k{)c*3jZP^#dVvjr4uSJBP8YlFtI{#|N$$KR1&FBWuzp{JaLE@EHtxUzLXo}#H9 zl%;X8wQOr;$5_IG@}FJKI!yxvTO|ff+7A@kU0IuuFgez$}CTfwO4gja{7A2x*`Wzy``^x{uI&7uvq}6w_&gg zWL;xxeZ=p_BG(@|>kZs5OMya}KDKKR@ANeSps6BbQn8q!AxIwsZ%NER$X%dQ6ajKSUx%yKsj?{xjl=J zM!YeoA^T#@7<9{&$I+;+E1+-w6w+42!NzveT8O))*2##e))N-?gk)3+h0wTM-c0a!&4UP>)kw_GrD_Eib$k%pB~=Y#7Dx2`qMRdsQXi2#dVr#~m7d565{ z&qs5M+_$5}>&e}MyzS3s{qbTnoRi7SH_K06lK%J|`H#`~x=R>G3o!Z(mowo&S7J|1 zTAm=#lTu5kcH{w31p<+5l31}Ki_zj{*d^o1xHlTVoQ=k>hPT7CedYZZ@6Fhj`nfwJ>3cmeo`yQpLgQ0G1h) z3ai_NW|2x>DGGCB^mhrKoLGs@Q_8V#zgEADRWSfv6ihD`;bVLu*r* z#l81!NNyZT^+z`x9Z7c~8R?ssuzS6CH5}MSDo6s#&V0j!+A zvovDIU1#m?R#dr8^YiF_KSD-9k(ecX2@D+ox0XUFXSc9J=7dJM0_%AD`9SJfxjuv> zOS@zVhk=bo0G5_+>AI@J*I!$gfYLbtDx8-}Hl9X2hSF1Avr~;um(#>{YAJNIp&CU@ z5-QPVu5WR7SF0k)>w+#|vv4$~z$ZL4i|Nr-Ut@4|&?au7($h`^ZrHUD@dHnM-QfqK za*<_p&APx76dG`ouob-^l2wtG%ne+EEuJ8e*lzXa_3?oNGj-gBeW)4qx+2c>;gsn# zzUN>hT^aWcrMN+Yb#5@-;|cgKB>hO=2^tHQ^6HWMt{D-B@_g+-AAZ zXd?t_K|#}5F}8!wl~A%`Ku@}a0)#Y;7)~NXHK?I}JJ@$@oATV9M`yiFEbK%q6QhL! zzU4%d9nJZosRfg6Sow;pin)h{#uj6ul;L(yMo;Aer+{P>dN?h|; z6Vj550=&TKlvb3IqL-Q?ZyOk$uqp8m^jRNxJnw*;mBUTURxFM2i;YO)7S%bGTcAXi zxpr7Ak8>eqX)QCFW2zLB`uG?nYPYF3UhWLDQBG*5F;L>vG4l`JZuHnj2MccC;rLqL zt8H#@@V-Bt4#(G{KVIo21Z_cMAno4?9ronZ-oY;Euj4s+LdV{G!2R zRB>mIH<+__SErsSl^j$?8-8yoWobX?=>g)f| z_wLFudIo|G!Db(w9PRkI}UR9>P3K+G|^vgWQ6vmL&I=;bnLc{Na;+f*=UY5htTD zmTiPkh((D&1-@naI)nA5lC?#Lls2Qb)oE3b^3-v%R>^9HtRXv-?4G0RS9yCbcP1$Z zbUS)+3vLbOky9#y_OkW+>JU67Y_&2LZ66dc6A~!fan6bsWFp>KW-hpap|px>u5wuc1;E#XMk*9uiRD}Q^2L2zTVH2Nh_ zoFM2ctE4VPmnU!G&S-km?;zc&sFl0}-PH%qdXqVtN}a|C1prThZ^1>~KfZ=AGpAwF ztrB+65BBqp(1Y+~aUCK4g(>HgW<1V2t?_Blu%)YKX#fMHiV%S+t z>n$8$lFKMZ!+>+iWZ+}K?)4QGl_;J{A;80PSl%aLef>ZmqNTwl^QTX};kPu}@RS+X zTTQj}%;%`-(ObpQCLxI`y#%exjFt`}V>;`r>YWGv7+ILHkI6_o)^{#Ci{m7bFJ;mT?VeLN3 z`aOWW3Z4hM?w+qU0@A@k1P$LZwV@IOFd>bTxpVlG;5Z{BcuG_OGOB4KE+xCtnu<0> zt1GagpR=l2!KcQIpggJ^8jO(Cc78lfq*2)E4Yl;6VmzAR?~cO@q$i57m3C{`U0H@3 znaUkfrV!4)WKaqNc{g|5t+9hS8-VfbY}oV-@U2jXK`=L>r3o~#_vhEj37rNa%YX58I!0R zWaWkBl;>d(+-eTpUTkEPs$8G_k$ziY_9}r*o)-^A9=~Vps@(K|$zUqyxq6muLoga? zoTNs5Xa@w-BhM9iQKWH#Zv9PCXB~2OJ~K}>vEmi>T?2rpNyDGUZapj<=x2d?V??$g z{x;~(j|YQTAU#8S;@iasXGO2b5zaxhI)L8X&FOhN=us4c(^RvIQlK)d`ll=l9M85+ zt#7okGwkI?c&a(Y#3PZ;$mn@HgZh_N#jU{6MM8bXefVLF zVBDDr5`{&APwY}ZFkg7qz>?{kJCFw(OzkmQQpHhdcG!asyyLrn6SwU&81U@$6b3a+ zCOOJBI|VnQkmR1ryr9XkiEP?;5U?i&)j8`Odd%H}HKRCoL9OYxnf}#kmg_)(ay;WP_l^Teegg#HRF-VRR!h>|$wWsiM2WpYcwYktOJ8hH~ly*|=G%j-9|K|c|ymakf1+y7x@e@wr%7)F`lHP7|V zcX*yAG}n~j;70?dHw7j0Tu9Ad=<_yXx#aBrk>RdqmzSrX@!dS7St6njPy93yMeLeZ zI+|oGo#! zb^1lV(YH`-wg*0cyWu&@z$@tqt#7CTmv()_uZjdS4uI|MgnECKB1$arsOQW{(@jsl|Uh2-o;d7#I*lyr&|?RX^L$7l93qdOH{>3 z&)|!U8z%eKrNGzu4Q@#-Fz)+wy^;&PQU??g21+b%-`jVB;h?!(INDFX>Asxh#~fp5;}#cj7b(=x8=(ERM$HRW9`5beddk@ZR~ zK`Pv;hC%SM$P4M6yDX+TDn(cPBSQh-#P9i9%zeX!WM0#E?gb2^1S&RWWsI!K1k6}L ztZgL^E~A-;nTAIiX!Ic!4+)FcR-aPQY)M8@dj^8eXwRjwfG?^~20(9*e6+Bp4PdFnpdNG9ZyzcJQD>sQR;QU%%>-So%Cg5Bfsb$h=7tRaIGqjW=<_?eo!*Rw z*M3j6jF_YG;O6dnG=9}3FYXp(JXw&N(d}q4ye5lDmn>cn?Z@xHowz-0hD>H;G+qp6 zFNd??crb)f^tX=#FnL)Ixq%jykeilZn=W99%!c#naIheY2@E$MPW!X|VtDh87^KjSaS!r?%pOm17chuipMFR4-q8{ zbBFl$2B3C?WS>b_9djUNjccR_J)^u@l;Jtxl0nEauU;=nqL*Y=jqxg zqTxv<#fodv0lQx^4MzUhY{RCMjl|w0nt`YRo|0Ffox#|UexY*7DYzVbtx89DfW!qf zSht-+EElp4%vcso>!A%no= z4Jb7@fQLEeXS}63lbj~1YTeXJVl7I5evi-RX(f9aTi!~SCbM{bINdh0(3Pk4^y-$om)WCZ;?{~>4jY4wN z!AG6r(1h;D?Y^$OgfZ#PAK#b4%?QgKxFeXcCHhbmUJy{f$}!@&dVAVWI%ST4ShqA5 zcY`Jz#d!;G5#uzL~M971&W@Yd z*SArHpLQvvrP0<@EdN1pbbef=Am~}(r)#rRdTEIo>>$*7x`dlHeXjtDP)+`(+A`)f z(4~R7IBt?Nqh_;QL6IQUbm~9QA1We?)C69&qt;QJOmZ(#Xc-Wr$A5P0SOlb##NR*) zt@19I>7L0lHp_yBl{WMuo7=t8!`I%`rU$${CX0#=4JsD7GhK~S!i{~Ga)4}L19^R} zV4)X|8q-BT(jxKQV6@OOaVdjZPx=x!Q^_kTw;UK-@Dl-_$A-Q$B#Y@_Pq70CrZcBcRmJTxYlOQdjk}HR&azfjegM|TYDmmQ z_>w0KQV@fN$ABJJUt7J7%VT3EcpQ?sW?!m4oO*oE69tlGW2PfG+RoK(xx=%AfnF)0 zR)Jep9+y6zMsKY9hf~{NL?E87;1~1iXVx1W%hb5z`fuB z_68_0;FPA7QJLfdvl}YWB__cjOXD(=eZ6tbFC_v`&%!0GEmGgnVlf@GupzkUPvbGV zow}I+89YYU^#L+_AFEk>DdVAG_&FJm2DNpRUn3CK(wH6KHYpDoEn7BDL**b>RJ58> z&?RI>Mhh{ruy8sviJni~B&1q0-3-k#tK1NP=2l^8?DO$XX^_)x#$*{R-yGVArm%m? zYZrrzbNT@SR3ch9r(b$6I7)Oj)q$2?Vv zuWz>czZkcTtCYn(m_lnGTQ=@vr#n#hf$3YsjTUT5m zUH&7;MIAHRB_C4p(A$UyNV1}jQWv>i{zIWbO7AfvRu|HAi+hGXl$fO3@RZhr8)Y|> zNzy7Gd~vY0C{JD6Mb+iPtX1U@ zlok!iXgxbARmjN?M7qKoyy_|5G0CnHle5Qpxo=oWd|Uv=J!Yih>Dm>g@bW;F1Edrt zZ}YQ4&WU@5DNL$-#39%Wzp2r{Rg?%-NOlFuRS&E}7c!w@4s*XJo6pr#P#dnnsQcCs zsdRXSAJH+|eNs{g8|G8>@$Zr>p(&*N(loeBR4!@G)?n~=+_|cn^d>H8JJwb+zGrr+z73QDx${dY!?}&Xg;>%gk4tW@R$k^dY}zz|D$)w= ztmZP(VDCL`B_VAS#2_>-?fHGTUmJE)gM=7S>2h*Ml35s#f%B)ldVI;L7hY0WzZ;*b zh=-IYzU2w6yg`(5jugaZcDr$kT;+z)<&I zI~ej4jMp_nQGtZ}k-s^XTZ@<}4{Q9j6s{-Q*iikZ8LX|B?egGC1;Oy66PJyD`pgSu zHAyObOO9o@z>p*Wid~4BDXbUKwc%dNU045K*1c@4jwvfWf~z653}HgvSpSyL2c=n; zb&-?>m%tCR=6{IMI%c@L6#Aa$pq(-k?Z;c5a$sikmYbD*`r8%~J}Q*fDml^M#DJ0z z!c20uu!g~%s0Ohd_Oa}eyKo*>VvwO=(MK#940dtz zM@SYf8l)T^vtX6l&f4e%>im&hToEs=hRdm8WCeACo$+*i(lA>VsWFFb83p1D5!p|T zwyz~6Xgom0xE{kFV!10zuvMI8mt{OqNcw3b=Yj3*hl1$?sx;Z$2ry>zdzRKX%}ShF zZHpUCmQ5M8BPk@Gu$tx~H+%$oQ6rBGx$x>BIm)5xO_7TXQ zJq)PgL1!V)ITx{b>}t4T!3_!#`4uNw6+C8@wA;yFfM zp<;tsfd{U1$8)2O>tgrmN;?dbirPb~xuwIm*yzPUR-^zKXc zz1|Mx!Zd;73c&k)_^!dis9Ij}SqvP)h_n#NtS*kvf=+=`eb zCTEd8SzdO;Moz0lYcsaY=4x9dgxZ_OdsAD|n_5r!l$Gu_fuy(J^-d$0%8Zab}L zY;P|(+{JtYdmH8a9(aKoDt~X~dKb{Vp)!V?4t^w2a|^lZ+^!l--PVg+MsF6&9f3^R zJi{*Yw7Xd$4Z&92o3d+&nte<47?QpWL7z5tuPl9IqwIs}J@!*&W^e zMgkI9RN0i|)iKQ-AY>&umbs0pvn2j3yF_FVtnP}rg7%Vvy8OjxGAD}VIePGFZoz1g zDygD^pfz{a3~so+ufF7ho4vWioLQ=tGz(0Gl{>Ax4V?H!%lxy_LRT0yar>tJ#55H4 zqA16ny}7H^3h~6ndbnclXUMe>D$l%8Y9e#Igwcy+R;PqeT*7u#lV5P7XjB(jA#-SHeZZvNW1E%Q^ox1g3Esob;D!og+6Gv zwY*#R=rLX&%BT=oSnBbyD{B^b;qU&x|ht(wMS#ds{CJ z&N)fSij$Q|U6L(Nq0+LMmG2j)?;WVfUt)CGSWj3(a0lMG8p^w}&aOd@pJ`vL8hwNs zRxf4*M%4#v%k<^I)fR0_s!J#V>jX@lrR3=B^tcHU7=G9fQ2qc&K)1g>W#s7WxUo@M zgzg$44#^xn;!<%KDpTFO0ROmH%NmlVC(6pF-Z7`STd#-s=TEsjTQn`368+zKD zK$(@-T#!WuP9#9X!XS95NzIua;QSP))g@=)=_!DhF^S4mXmt+FE?u+pQ)EK2q)_BE z{Px29X+FXMbu0Y*5BaG7JgUl;k31f%Toj8DZ*Jo@NK<^=ijvUpa(T`xHOX} zC;Q#EwNAci2Sbl*W`cm6bx+G~E}qr9x!gA!+l~Gnq47JqY{2vEdHbZ`D+7`3>g?3- z>%9Byd84;IV0pbkCkEGkch6e7yV!?u)1Re~K$WZAeb@cA+1;K^WWWo~pTwcLJmiM> z9N^IQF=+KJ`n6u$m@~FD`Db|QvzlcVqK1p(fx8m9g4zh>US?&sFeBgapH{)4^pXTjlQ0L3XQs`boMR&;gj>r0~887yKtRdR_W(iqqocU-Y&e} zE>FvOR=T@5Z+5ruk|?{wPRvv*{arq9^!IG<1?bP#n{K7UvuEEmdu)gB;jQ5I*QVv7nAI){6j9pBSD4&R znr7bfxIm>X9Qqw$w!LQX>?gVNvbV1FF-thO$!E?$i}Id^3yR3KiGF+G`P6*4B}HoM z4=&XzF)@eQ;?Gi)nV~55dHwiaHa{~@eB$!l{ONVna*o}}vj@-X_1UxTx3ylsIo;dq zo&$KYiV=jB@_S{%NCT?E_r24{-L_MuHK7 zL9qprbkBShwF&}#o$u3Ic1h)Jg@Zz`y;ad2dqqC3NM=*xO zqfK>b`Tz%&dKFVFD@Be_)89hTYZ(A5LHiI@WxFt}^XIT#$4}t9O<@%`<0?Px<*!2W@^Mf2SLye$u(Q?)RajNIy06D#d9Hd9kW-c zE2d$Ts-BunpqH%5!MF^JKk)XYhZ8svuM6Yg8q=KW4XnrR*wn(;Ad>jQVRBn#-b)7( zS|~aXlIM(wG-8;hZcEc$haA0~%x;gtyz1)Vz6je=mtUij2JH)vr|9naXZVVY1-WIp z_O0R-`SaBVz9l{0IGgp3TA0DtSg)29xIHRmsS*^pc{2g z`#Uep(R2MN6su?nF^gcCYO@u%FbF#P=2*_l1l6_7&95!u0whg1IeKZEEn4e4BxB?L z;)qFVi-(tDY}dC?85MaWB*_WQwmyqFg&S5D6WUucz`BD}oantCTE5UsC2Eoh_1wMh znV0z4rLJmzZUf?$H2P3vU8o=oTqsDR<;*GvEd<4kEeoa>?D0hLK{GW+;ib`U{m6s~ zq~I!FE!R{b6ZHhx?nrZ{t}3vZ+G*Xkhh&movn_a}9Volj{?ew%uD*rpH{LrTE91Tt zMH*X#UWAY_9@8QGR7t}d2^L&&oF``s_oAAb+vh3>dWVoj29iD`s7tYF(rMynR63fh zo|skrxXcVuyVREjPXIM0U-`gYC@M7Y{WHQ7kOyuKBQBs2Lpq2oH3wRn_)NTCw{PchXX7=(^K*xFv`MTi%1h5QtzhN{VqW&(~} zZLt_?%&!vhfHz_F-PTq7AURbZRJDjp&Bfq6+@D6aqWRUQS|2XVW#$fLBNr?9oGQLf zy9V1}hAvQ-V8PbUmW9$+xw0N$rPq=Nx~B>K*^q#`7;jncYyqR8$|(fBf+wH#Z8_lU zT$Og-ZdmFH!r9II6o2NL_e`a_j~|m%tI@irT?E@qA$b*>d-1arQgK;5JgqCx&6g@D4~Z459~U+GCy;Hooh53(#vyF;ujXbp;om8%^anX!qvJg;Pu1=!RZ$IFTx6gQ zd3Ji*^i>Li%L93vEO|M*Jay|f$;{41*9#}D(S)Tjl_aLSGFYP?pWz!^T&2B6;ii6b zFbx{?=!J@vxdHvK1nUi>tb3qeVb#y~HJmS;im#3bH9pk;7!MtbBGCf34BEC^n_BiEC+{^F{yW27Vt*rtjdF z{$Mbi&+*yKXz(AS@hdVJlm3`=^sDKjLtfl17L#$8OlD-Vcs-oG9nFX2Zf zv;J+@W;z~{{;Sz=IJdcw7sJ^tq-k2b9?kLH?QpyZ$>=3{H@PGI*^uB+rpLMaW=viT zU-xfb>aT6@UHE7=oX&>x;dlYbo=kQqvUuHJ!0XrjH$(FB?&gN{?-s8ov(e(62Is|S zd|iTx@Y&HEJl7M*J`I4@+H`~9_x8O-t-~uK)ne43^8haIbgw1;zSlF+{ZD6;+v(!w z9hnUmce63Hxf|cjhu7qGcs=TO$@OG#r%`C~Y-tQkXOjt_X*h;7TaZ}GEWorsTf8GL zXOmm<_VwhJj27f=e@-SZ7X8t9cx_T-&4w@U#@Dz`L(;#U+>IAx+8|od zb(dTZ=Zo3o9VGo8Or|DHxc3F}Q&qiAm1cBE&v#CC^^R#?uS?qypV5cTF*UWAQ<|He zj1t40-lZS6R-oNz%ag=PGSQ$MsYRJ4-?f|fpBv|(mg6ye;qydr0Kyh$(Y!zZX z$!H8n(7c!|BA55Z@LQ+|r@G|g82q?I@1CoICQc7|WK}Rw2Uc}S z&OYX-h=Gt8)Ei_R@>i*2?Dg4ky`+bq<;ZpUf$dZ!LoTLZG3aWP64(1{Du%GZZ0+%y zn!9??&6W{E*eQD5_k4yn&@!ul&9UAkE3AuR>WE|#H6^b2C?pfeO*RLUh~DJJ*b1|! z1*jz;AwARq$MRGzO^J1?^Rl)9uQwG#;OkSDC{^ddu|9b2u=CWG2Bz zBeAn0?L1ExpP!Q+#(T+K&v?a{=s;7j8KtwEQMYur6+?8MMBG3Q3&iNlMndAoEEBER+)foI;l_B7Jx_x8dN^FcrJ#lj&0q$L zsQ@sj4mJ7=8+HnK4Qq*cy<{$BQQn&oq^(5v(t9S!Qsf)xK%sWh-bb(WiZ@Dni-*)* zhp5k}WDD-v<#5RzP4#R`y}EEzl}Pjk)nA&Nhb6v9DpIG@_Y)VM9XAS|qcoE@(hM{s zV}J;pA7cr5OizizHeLe6t04_Uwb~y}>%x9+wCFHN^wO>z+904|wG2{1A67+@>{^e! z$;!Re2vp6AIJG2W-v_}mga#fEB@wiIm8nu?+cC%o>4igiZNCqK$b(lh%za`~#gu9I zZQlJd=Uu|qER6w3FSBQg!Wkl`dfn;=mEHb*5X9ctEY)nDH6o=uk)nmRs7D1H8PE3E zhBGGu(~d)|##ZDk*&XX01Bg)qrEXF2-!$f3lNt0=7QoLl;xK<^vQXkQ@q~7(sirGa zC==7NkC|jjB|A^xwl$*5VKtDF-7~2mmk--Q0!{lwgU|JY(v=h(91}=;0$9O@3^Xy- zJn7v>fLZRK;+@UI1~;BiE`1Od{?-yS#I8P2e$V9h`nc3emzK<73lrrSs5b7Y>leal z;e=FKJ;YqfG%rozLTW}zL1sDqrAC|S6N-p54Cg_x3M5+NiTO4B=GfYtgar1qm8ZI=m~b8IE|K%tFwTbcuy$nU(N9Jl!;Ue`@a;j z5@iSPM_OFythyaSNv8=#2fenP+0cYk*-Y(LFQ>1YvQk>p@Qf)Vs(Dgd%bz=0r`7`q zQz1Dj(@}Y0T7C-Nwobj%rC24Py4%S04Ef58u@rgF$Jomj8~m~1(_HbP3<;o?&Mg72 z$CcH~w|rp8HJp)!q%rFind*`|OfBCfFZo9+9!+T;ZJ2_#e(Sb6v4+t>rvy#LplMY{ z@7k28xAQ>ffNhrRjR~r3O*IhA@cb}zU~2HLLKF4pvg&JU_0imFd9)qeU<5HM6- zD2K~nwPK(H#p?xcI$5pEY2udl3~9fp@Hkr7(0gyRBB^*}Oe$TD*4Ri!xvL0JAC4<` zfR#vC(pHm$JhFx*_S$2iaIGMLw8`P<@x}F(hJ`$b)r&zuu$|&w^2%vdSq4lCxq{C$ z9=bj+;O(7q%hVG8gSNr@+^|>;PT!THlq_Wrgy#V91;VNuEzAhuE>Rbi6k)5CDI->- zIZvv4*ov_3Ve2eBlD`5@ACu5#$?j41CUhsV9VfPw9Qp<6I6Jmov6q6;}i8OYz@v{P!9Z0s-l$)n!AW$J6c2AnC>EldVH6O;n<@>xg*8!Fd&%bH)Rc?b5$^j(|JxFz&| zDu!WIAF|d^M3Tka=1W`^np=l#k9O2VG8*qlTo}z5k9}sa9EBx{JwVy?=A8{Y#?!i} zjVYXxMiSU74M1I>syc{j*<$4jm7ca3rFGP!fSJkE@xe^@JKuW?Qp@7h(3-WN9}QiA zR@iC2gUpn`VAKpnBrfzO&gsW4N!UFy@GHi;=w{~S<8*6B@oH8Sfd zxf;`}c@dO1gHOakXtz8mQUZ%uGlMdHJLL_VeqAl;u}FD=1<^Y>mg)^&s}hOZuuS#cDA!Zsn&#$FwRHGCwxwkod=A%w!h=oWjFi#L zR@PHV)`4$v0V^vGm0n*fa&}y$Xp)>C*Aygm`%6_YvE8aYI|V~j6D52AHdMx*P*<&7 zP_>=ijO-x}$!NP}F-P4>S=Fed)-8+e5U+3HZ$t9due3XK1$y#}nR|cuuMC)}!K#y^Fm}+iwlX1$~Mk`nM z-uhFeMUO&ELT}4JJ$76gpm@Djg4&b{`SNppWu&4=BV=k5mgh_!wzFt@c=u6vTZq&vdBzAcP6Efy%m%=aPCNTA3~ee2aDXm z){|0SJDNONbjC~z7wRw%!5gn)$C=Ejd>+lR8%_K!ovYb47M_ zmz6TSDHMiE>(l9)U+k3e^i-8udTT9r85GRXB6d|@f$Vz-PQyilJ3@nGQ#V>o7I{t6 zcqzmOK-8*`jnlE$j{!Rf8>%O_{MI>MpCq#tSWM!*n05BZOp0Z~oPh~p2R1Hqz_jD!dIhakKGObl-$p^;d$kX zLO(LUkl}3ToYB6Xli?o+H+S>Vn_<1!;cPg)=?{kBUj+_$euK%(D~8y8tW4vJy9GF} zL7B$kHCar$`^qdTpWF_~e9>PZeE)to8_lmr0|e3f?cLl=-h%g;K`3_CM2t7tE}5gNT>r)7jsM|o z{~dNZo!)>4pN z)8SzBax@?}!&m(qG8?^my_kpPd);;aWFZxYkdvU(Yo}V5j|A|JAHNeNC<>!#OPO`0nOr^zxm7sXUY~Zbq-nHo6;M z!+xx|@dm+n9_w*Ua|*Qo+TK4wu)tE5%A@$2-&P{=iVsrf(`T=~x+bIRysk`gvYG%HYjyeq`G4WhWDSQ`6~dAy0VEwR|CDe(DPJg|Ek*T?aqH=?L>a0mY} z!$a$-gPzf_ur^Vf=d6%p5hiQlvo1lU_YuZpplZsQ2I?8$N~sP+9g`8&a4DY3*J!U% z-{{y~Uz%<)r;adS2+DNf)WMotVMLai^9Ih=MgYN5q7D}ec>)(`xn04D@=QL#;l?-obYQ)y2Z(W!n)&{+8+e#$E zsYka^I6iQwDg}e~fmD&sZ9)Z(Av`uP4|j@g=V^M8iLb1yU&v0Vyix{qi#1xD0EmHI zQ6Vd3_FYX{{~&HP#reRr-0Ig&HGDiMw*43 zmQ|fK2t7|+Oo5$nRnKVRpJKfAFy%%}!8sgd8o0Kqb%oHMPjQf9nk3Bc5>~U(p?`w4 z#6y92BxETWjW%79vUS4OER9%K??=fpEjt?e;>Af=+``T@)zSWWydSc3ej@*vE(&snUqBX78UJm*^3aEJe&g zmG##`?tDDOjOLqT69oXF{;*=cVGRf-O)mMh&Q|{ zJo|-b-7p_?Z66OTxo4R5Sbc5Z9v?RFI1>rnF=iOE;b6@|=Pk75Mz`!a3>hasT>Mfe zbk7oz*&1-xM_7StwHeCRjVg=v`U!C#>j_AN4NQj&ARej4!+zd+*hh+tMeYtevdH5J z8H{FwyW9DqKOSh|V~%umw3xdvs_WsK;mu?UeE-bj?{7x^7dJzcpU3ZPDAmh}mg+!= z*Agcgy(FXY%gO9^Xk)fUGcujb=OYx)uh4gRqD9`95N~$fzwN&og2;c}U-Z%a7v!`4 z4JZjl*TeBb|33WV@OFCBpS^?cM&s+zY&ck$4(9OCLN^>t#*^F8Kua6*;eXx@$BR+_ z#y0()OlIg4Jee=_#9xlIocZEzJ{m)e+)U5qZrCNSCX?&8qnjJ(T+1+n(X_8+=Xw9l zX#8rfm*5Oz!V?b6^cyCfUOfm}o&DU+aYl~ze0kg@oze8BUmB{I+`7C4U|y-v0_(A1 z?hQ@!Vw2p;aypo<+bintu3&qcnnMik?p7J;3Sh$VF{*J?`qLKO(_HBe05874=6F%XvggXgWRgb^B?ZAsd@X(D`5x<>VxT?)#bsk{8h$dK ze$*7-tx+%Mx9bT#2oDe=SEd)r*Mq4E_s>~n?QJYyYfWWLmCz-U<&>vgE6yBDwoRj` zsK{>^-J>~V6eDvX63sJZMQ+3$6AOf|ea@>|O3984L&46w_a{;jgv($M&q@Fpm>?|N z9Rnv{H}`+nF9dJ-qLNkXTJtPYX`hdBIouFmuv5qn1x-9)A;rc)YsJ|yI`HEzKqm?> zFad7iHdi2Xuy8{eQLaAY=4`_txWk<1jv2=Yg;Ihv>Fp~HWsh|WsQ{9M=mV8Uv}tV+Bls zrxZ~2>3JR{y0;D3Jlm>QbL#?NjI0Espvqp&h)65WA)#VY;Qit(aK^vP*JSCjV6&}C zX{>^Oo?@+7Rnu5$P{I7HKl5C|^$tfay}8LvA+G?TN==6 z+f~&U7Y+_&S>;lXEO{ikYHJS;8YwX)Wfw(in55n6Pk)dRkvEc(?dqO+p2f2R?6%7$ zlX;Dd%P)T6R9Af@UVN~R)et~b<(?lL8yN{XUyrn=s7oXaux7ri0%m~*0-k`&u65h2 z0g@K{-D;8AK5gU7`ardKTK>RBRwerSLRv7SuE`QMTUIQe6nt7K^BjSHE-RIj1Wm7J39xCz^3L z)$v>^lgC5_cFeg19Ko9V=ls-%YDvIS9VPjS#j@ONDv70tcUU=?6;?v2%v+Ci0YjT$ zj4SZcIz`aS(*}pl5om=2AzZxanG|0zXeL>)rHj3)nS<`A$oI#K5;%ECA4MOIDtCx< z;)NGj2Zv5f#1ET zr50>O0xbeB=p#=gOkkM`eb!fkLrNir!;LOxTWkW`I~xF;chCqr1YucwVRomdrhB;v zzk%!$Ilhz(Du)LFG!Eeca(5TQG|5`hREy%pi& z$km-|zyVO5`<AciE!Z3SjJaiQW-6WSNOZXmW zFt$f{g(=cpwUgIeCS?w)2VFDhKlOHCj5TmzkT&wGw<*Q*daah!*D7`o_EKd&%)I+o zzI4o;kRcU9fK#+lDBY%(O;V2(F}~q4^#B5X>QIo%J};Nb#)Enntn+LDrb~SIFLBIg zdDSnkW%qG!eCTVI3U_gG04pPL#fQ8R_gbyrAeat8e^g~^J2tAE6j=J?KpZOwKlj5a z7|{$9xsIW-8ytWQ4LT>_l>wO(X*7yq$NO6ct-2_Azyjd#k9r+x5r1NxBbaVlxA!Jo zEq>pNTnY%HVI9qEw-ZE%jLZ>s#-vb?t4{`@1-|A?@kg0%s)jgH`D~?l)Q9kE&pHyQ z{F9Tmc*B^xJj*vcrQ+9$byi4^-fp~4+g)R8XN8E^j^|%R5e15}Y1U|Zz2=+QDNCNS z1ny0OkGPnhhfrxk1e?l|dSVJ*xB|P)-_7zcFr_V z@zDd=r4`R$CGCSEU6ln0AnL|BK7iCQk-L50)yfA{oG{^GV_R8U+hlV!-qfwu#anHE zWKjG;uGoB)?Qul6*`p!h;ZN|~MfG>rUP7nK<%M|uSt-K+thFcs^?WT%YTo%&ca{Pt&L#&QZgUm9oI9!oMK@@PO^_;vZX~ZZN zc<&R7J8%u@r?u*_M~Z|5GC`nNUkc)DLVX%!>7%yl(Z?_#ZN#N0hI;j!Ba8HHmc`1s zmSLOVs$a5S%3P{g5*dA8U*^xwi}0PZw3K=ACl|Iy6raavtuXpk+tK6%aquONgb+!7 zi-uCzP25lbY8JVcy)iwer4&&`>6xkg(oqZOS*7aUluNCGs2Pc}GBppOv@m8LgGe!r zUMeGS(P4*OS68jp-`E`$7qnCCeM296=vL&SPH$N!IIZwqf5p4+b+i4Q$mNQwBh8|4 z@>0h2G~kO$a(2&=Gx0SqBWcXv*s#=6GGcc!juXL#T+vzXuXT@J(`K*L`s=5sS>%Cb zv(32@to_$WwKfZKAYCP%Y|ZLDs1inmI~;qa>L&xv!&R%*zZ=d*gZ{kL>RfcSk~ZKe zkNK68(9YZWD9Ik3rUlPs_P*8XTz2&Xcj9-s%J8MNh=HEYpNN@&bgPyAH$JQ1ebY6K zlVqD0$S%@PH>FGxu74`zrsUsW^L$yx`WJb*>;3<#ToXfOef0qT>;1lsEmHG9!TuJ-P9p`x=C?bl#`lP3V zln^}tY+Wl4SGBthMy3BT5l`$(mVb@H@#?8~3sdn)q~ecKB)s0pb(Y9So=ctvlWE_0 z-)i;eqdvRu1Ngkv>b!#{2YjbZ0K`y^dG?L{`vDs3m#WBlA{+WgjpSNB=SU77B$oR) z0qGU?){XxNjepG24g0(PfAjtfx_if0ywv{+Kj%G2T$lZ@sLM=j^k+Kld4JZ{Qmyk7 zd||=m6Hmj&@OST9t>MFLdOwWV-RS0KJY>WEd_f5tAM^ofwK_lJ93)GgO4x}zfj|5q z@+FtQ@ib!BBH?+dB6gjrRPwWrBL72d^vThiwoEp92_rVhGhXN)KIlov*_U#Ysf0g< z2Sp$03_fuyvV5a|_*kYJo*yFicm4x7 zseb8>$9%)pis$<0MC$)v=CZ(L!JnnxKX?3)720aL%kpfs$|5+O1D=>IF_BPcXC}%N z{6}-W*gVlc99COxdZ>skGCjyenM&ySC!UtPC~*lt^CXcd`aYCJnN|+<2k<_^LSDc^ z4po6)9`oW+{}++o#kSO)ue>Z%z2o3*ydnDOCes4_ns0MJmt1Fsdg6F2@-mHO#D<&0 zzKGZ`mqo5;bXaUUX0ljPh*hy8CzsT4@)FvLjSsqCF|!LkBby}&e>RG`aI0D zotBCE?4*C-LOyJ;HIk$HJvQ9Q9IrR;#{0WWH?cM;J_}W_Yo31n{+9p2BlbmWGZFhQ z+GM&n|0Q=zzI+nlR1eb)Of_mzoeR8F=UG{7>DWYU!gmsy84Hya+l+3qC;o@j@7ATc ze^UIWnhk|TsB&0+Wsk-^=v%*eZ%{yj=wW^TmTtQfC|yAMTv)gy+BTW;RT+r5Bp#>3!aRqd+wHE?sk#>4CTw^X^?aV(0v5`y@!4FYBf)x-t0AlZ~eLyX{K0T=BR(5 z5V_9vj=gegr5~NijKzZe!c!sjWjFi9>6U}7Oz6A}&WE2Yr5zp??q z-an8&eIqdu+^J*tA}_HC>KpcWh`N$V`>2XAv>*xhb@hD@FImN1?w}vn7M3HCvEYX*oK6Jd=;(+IT#no$cFw`g{}~;z2&nr5?rksjuuKF+ z3-ss{a`EK=IP;S~uWGIo;~7I&O2kHKjE0aF@%LMq0K~~CnV+O6QmFfRb6l}&K!r5r zU@Zk(OUTG%N)(WuwmdNI7K2n%^Duyv^j4JVhVL_^oaCz&$S@y3=dCB3nJI8@g|P$w z;Q^*@ciQt&e}J#HAzYb;PHYkMl0Wf04u^zXHWCZAT4c>6?=zVekT30;rScR{S@0=()@|1iCqpf9im1Ccf!rUTSpjNbwdFG3ajUs|ifE60 z;wzr6q;m!DGX;CmzU3AtNxaVFLcw9Sj=oWU&|_2ZxwMxNW=Eo;!O*;WD=p}oIVSt5(A2;St10q8I}7&P8qNYBWN76~Q-LWqRYTka{}j zaVR*o4oXS>fb{VN-ik_7S?)!>aUDIiy>?(La2X$IxGqYe^9BDZD49ds#X|mO8}lxs1<#pdA+W=}OjXRYJk_(^=p@5Ku&h#)uXW(H_E zJpjM3$>8^{7d`4i{=49i5tDxs4*41YqygS}VJBP$`6s}U zQg-RVMlhs5f@)`9(Y+S|DJ}St-ZpT`Kc#Z2Eq{^DiNu%YVWV^Y!oTvoK=l|8-ZACV z3cu@2%OH}1_O+BCE_U(U* zc51)&zfwKLPCTQZ(nEiVg6gf1uVhwR)vI1tP>;O)Vht7F|35%Q_4d}kMMt&Y`^%M7 zp2pv2xi40%+WHb#^IHsH{7<+)4EN&-9t&C3uQ~6|(t6RO%o3w5`lUp2mX-;q636@= zu0Fr@SNNBL?&cs%S2B?S%Cymwkr+1yJ!E1mR^K0NIS5`GPhcJTFMPa<@*@}Gh^%bB z_!M1zN0fT+F0BMHT-DADI1&I}MHW+CnA+CpB;e;_vGTIpM5DW-e)mB#NN5Kvwju{@ zIAZ%US0yLH2J23I_w!FoTW|Cs8bgZNnc8xLfZDzBw?%<0^wINLEEjd~u>YlZtaH(2 zYq=?N!G1KK9GLt}w&RD0Z4G^)OjRL^vIwUOr~#_pv{uGD5D?G6B90uF zZ+HL6w62O(ch5(WD4BkhkpW^HQ^fq1D%g#h+Eg>4PACzzy#olhW3n4U!3<-ZG!Y&6Nc2R3Km_AGvvoEZFH=Nwu4JV6vt2O9P z`ZxV&xX+f3`z-XaTa*J-;k!72?5ugiPv-jA4|cCwt#9Ds+HVg^u6V+>9BKVuMacyw zk|Fnj0zQWLjN%+Y4)e(wdDDxp{wN2K~kaws8IYc$rzk z-Bqi#J5_>HKNGR`z3J=?FL)c%45;FlOD7KLF8yelUbm2%GnS7sE_uRsJQg1J>GIHE zYDCB|3w=mM5|Vd%ZIKCSe*es6g+kwpEV?)!9yAhrz@&@QtGkB#3prbZX$cuzZAY#! z6lVoXhj;y3sUcewC5Y}43Xw{tD0GgdSsKP+Ps#umUTZEubh^*wBVQdFB@OGe$NWjP zyIL_=c5Odn zrNNh>&JDWA$@STA$HVRG*Nt5(Uv{Fm(n$C}&zaQAsuh*f2sXL+@enDY^=DKjJRyAE~)&coBjLt`_6e z2hXa&v6e_NFdN}<)7v5yPqrzF4?HLlL1~(wk;i$4gKjuSR;jYb{lHck*5UEC)KP&? z(}@l#{FuHwb|Q_R+v)zdd1_mTRZK@~BGLD&QG`=hX$>r*}HjC6W zV@Z~7ME?3qqP}e!ICISKof>C5SJN4SLR8?a?)=bY_vp*I&SJgOKW{VEhnhncZA=f$ z0m;Pf={_BcjZ}%pYHCzW1ukTu3dI+f*s_OTravfb(caLm#i*iz)k<7dF2zuXs&E~h z)`C1IO+#G)tNR8lP&M`kz1qM(V4m+>cJ*1Vc6)Sv_Z~|*(1z_?;B#rrI&bYOwKBW! z4Q-rl|7};FSJU-`D`1K*Kv|Y4w7U$m%6qNW{c!g10$Kx6$=YCOZ}Ln9rgEpfDw92DG8MnCN~Pxq44j7v)Oa#AnLaRbp!rp!Uonj|j(4mB z?{@JLu-tFN3I}zx#j40Nt=%Ths0iOWwYrk6BxvSV;c{cr%@74(gD6F zJ}t2}mS3nae)`pc^j7|7iL`W>C$cP!RI@9A&Nf!vI?QSZ z*VTg(xmIQ|Uq!@hhWLjwk6<)Un zI&l)s)$V97oIkpF%Dlg4>-y2WvgP16ZngAQY$$7P%bBx|$B%?{-u17$)hh8>jo?xn zOJU(gStyaLBTp$VLVF6M(^$6=d6RlQDjPMPwz^96By zcr}-J{9CDPa3S9aSMek41S~H9Dv$?D-x#HFi(#X+s`A48VJY!*ani zqGu=1RFd)ZK~Ap}auSpb0UcUv+mAfaPr@TmTiZB{n){9d z4b6We6_rSmi2bvaq5v&jP@ycX!wH@oJAv5r z>JIA$pRzn=Z3<+!k!D}~&Ubq~$L*pi(;19d2!Zj$t0cx9)l%W;&f3uR=7wHIc!S*B zmc_l3tA>`3nC1AXC93xQgqHDp#hC8H< zKlIwI)@X7w`tyO|!mrDZ&0HW8r_I0)gT)x|4XZ=Fp5^hSpv&$~U z3S4-})NaC#ct{9PWMxsB(gBZI@`wc#QlEj5>a=^96GNA)8+hV}D$!_AiYfHeROMsi zFzr1KMW1~7XoCp#B4)3s1@)5Xcx_u~g>!@YSDGo_b{*^tYzMXOL*=4PtiiW!EA(!4wS+ygRX2<=#dOuy$*JlDg|67Z@Mgm2g14$?LUR zzx40*J$Bm0lc^FptQ71n-$3f82Nq}LvIxp79RWMZR2CA9dt3Y6WHXeik{EFU)?}Fz z^;l_CMP4dxMBVkr{V#J8+(!$XrCx!vg}pA@yezZ_*WSOAc4LP@pzm{QUEqW}O=^a#uV6oKkU6J^%yHC!4N# zsp>)owLFK+F!ctYeu7smmbSW63@cR~(Cg>O(z#xowb8Xei1mS8{~MgwR(W?W5h8pH zl+ai7=Jc%9y@E{}p+e_Ud)$uremK1!55JqU+3^11dORAi=?6CWIGXfZt+zckz_8ni z!T0qk<>^;ogJ}rT6(@7`93@Sbr=nJl0RdXJxvVTOnc&ryM4m*gK^4sBeu(OZJ=lo6+;10Qe!GbEi)Gz6$X~9 z?H2UYNvlZ#?{lj)A5Cui_tV+%^@2@#k_}XOQ{u3V>31mGh-2A~|Ia8g@~YLEhufB9 zSEYC__$F<^$~11QYU#b@@oZn56VB{tOetcVG+qcak~@hzyhGD11@bgC#%v&1iGQ~< zLk!>AD@`MX>cX)uGDl5}bw9PfVn|Dk)p-2g2=$Hd>Un8--eVp?Z?UglUa_=NRlIqT zUS78JMa?}|yRX#fJKWJ;fLTIR(57AE%Yia_ zrko{RY*=H+=L4|NJ|zlpTvzX;69o5^Vn!69T81g07bhLKy5;pmK4p0lKgk%EHCz+) zw0s=WVvdG$1{GaLA4bC)c0C+VKet+=mB4hEu@tLqAyQQcnMQ1q zaMOaEA~#x}pt3w?fIqG39{~bFR7tSC+HtYh6zFMJ2qdz+_ya0^vA>%t z z9fV)qAEgY!c5SW=umTZfk+(Na&H{)?sxB9nljBQ$NCH*I79%l2j!?*$q$y1;OzWic z#*m9gk(L6tnyc~Wp}Zl`WIx|UI99Fi_ZH4`=0UoTO^^lu>8*2e9?0EGcr3uw+`CiI zw{fB~v}NtTg(~DlnX5f(+2 z?o?x~s@#kG5j|EU22HoJwR4-nsu-o4z6si$t!-*q6>|a91z4^lF8wS?SH%i91WZRR zij2^b)rtB4zi?X4SVwkiF%ghl)gX%xZI&q&CzE``7bssJ4t$jZg-2Y3Ks$4X5XbepQwW5fl!XS%cI#DMQI? z>jn1jmH>E2k8dfq%;=LV;wz;_S|~T?s2H?u3_L?!g?5OgLx~@8cYf=A;IpbhG$*K%S{n>O%@=`3 z+6Q3%iM~X>i;vR$X`b{6lBjK4FI&fOY2j~BxPWs+zXpy9C<>`xl1i2SEAVf8!&LVz zvTn0x<8~(}lgL7^p%xYx|JtGl8SJ)3!-;=Zb2>Ti?~ckC5cHIMaQXwjN6lI^Hsiey z?5A~p2ivwJ3^|rcvrt;}?La2Y-u@wbmnIWj-s?}B1U@ksF^mqL`1I6Kz?y-8=0b zo;>dkuX@0n9M>oO)YrrD?dahyVjpJx$zT|<(V{>8f}ol4!+#F%uBQ*P+gBZ=W?%D5 zvI_K8()$KirZ@yy1`W8vB@}v#IjFD+f4X}4k-=k&AF7}?fLRDZ%0{u@Y_vI4IH0eY zTrCe0fJ`-_d+o$~yAczFjDggAOkP9}rezBf`8n4Zp3>tyY<1unBpsy6t_EhbK=7ww zkaVqpKMpROjkJ_?Li>><3{MAze0Fq)< zh5&n_bsiG^h#-YIB|tMqM7%tb1csgVK$rm>Lz($KXyPr*OXZ<^NGyF6hPw$7bIUA4q*W)4k;2vCj z)c+ihr=LfY+lUQ64JT~$fsG~~rn9@@4LvfNvHR(KK0=iM(zeFa`J7EZMEavQ{k#6{ zkS(SWyXi0bkgqkG48TQ{ol|$FO|*7n+v?c1ZFX$iwr$(C`6M0N9d~To_Lq0;Z~uT@ zr*&HQJ!-9**Ib(f5;iaSgPre={!d~8yjdGDW`q4fTUjEoWfJ6sqYw+@J}>d%yCzI$ z@l(auLLPqg`W~Qs8Ye=2Sae6ooqied6uk-eFD|^QN{dVEWyKrm& z{0r>%ym}1pM*_BD;ja`5CNJj%Az|(tTAB!zlMif!Rge?GBwiB zw!MxtU2t*`#Kg;*Vp$ACRb^F*^rHA8Nrl88(}%d_N4tNV_MKk`lhJ_`2yMX=UrIJ6 zSxK-qSAu&bMQeZlc8{4ttZoGsRP8J^17t9uWysebmZ?Wt)YX@CIp}|CCnx83w$M02 z$?jVuD3Qh;wbqQof&=>{QO`SC&8mABL%)l*DwdxP&k{OT+>koLoW=cfjXnhXt{CQ( z1|sg6DfwH$!@mRVrr5xW0LuFZzK$BEwg`pX83QF-Vyj`DKw2S}8!`hr_7w&`1zrjM z%7`?WOr^xo^s=?AV6RZ{1o&$)oJo)soDEJ@kixfFW*EX(VXAo}-{R$ULd8KF^;7Fz z3&&EqO&rD!BNsxjCM%}~|5{ZfOGWc0P9~PEoLTrA*g%Mfs}Ejo0Ri)(zbwWh-4^68c;BJbSCbPlo6~nrRkb=bJ9Ktk8 z7#t(7u7d!-Rc+TBMAr*k2xXH|z#N_(M**Cw?-UHQLd|Z<(~YK`ljxQNQmOX8IqHk8 z?T5k{12nG3IvWU|+4>~dj{O$vHZ|Zq=5U<(885eai1q?P@s~aKiZ`H&`m;&D}zXS1K8hfeN zHY1RQSX@VCgh3}4PZ+&)8FT6HQd*?Ps4xvQX%P`FKV)NIl@%_Isj?i_!B{kpue=gAWW$v|0rZdTO&INu{_r)iI{_(O+ zMl#ZRWE=?NIl!e5qi}u31>&D})8Rs~#l`FH!L`nMempUa{m{C*%V>H%N9aj#ti+`! zi4l%VJ^k-pQ*J@!8S7Jz7+{W3dsHlBf&ms2R7rI}!O*x%d^Y5PnZe4_z z(d9krbbq$;3Rzr~ZY*hd{V1xT&s_iB5&z4z`?~B{h+WLpL&g2`x=q90XXgJSqn(cL z&3Zjb;o;_cIp0l@Q&~_zE4&kL$29~h$Z9e9Y^^X-MGB~Q-b?cP#imV}8*OJ%>T(j} z?K#OzHimkDT~ZCo>A{n(>*n}+^=+QK_yz7JS4`$it(+j&B+Ni#(vE$(LTpu37V1F; zf5Sl@%0F5tE$L-nHXG6Kd`Pui=i`Vbt@xFCRr_U$USbl0jlqt*Z_zXynXy<^Zc9d2 zm2izX1g_#Qv<-O!T3^@^1UxGWQHc%Qp_N| z=je8u<~r^F@pbpHSF~>RIr{x^{T=Wh!oLIK~vv>+yakxcFco zupRuCR=xQUnErlfs|tR%zv~@$VZwo<+8`@YvpCK8!KZFA7#!Um%c z05wxJ#Y0e{zj~+aNevk^>Nb9lKEP%wK0)4ye)Q(rDqbuuK5q-~@#W_Bo{k^ZwN1Ef zSKH|F-sRZ2`T^QyOHG9rc#uUC$Ms9`3jfi3TG*2zNg1w2% z)tpFz>$^nhNSaKAcZrPSul79jm+CA-7IeaQoIw`U-%EvA0&5$u& z-4ML&^P?p)Q?(x9C_^D5!N?Gi3;R+;d!txjh6DLlUi@C5wQY(zycHIq`+LjM%}Rd9 zU%#|fnoeH;w2o3ETcx<4^bPJ@>a`?+!_HrcXcjWwX8{7DvelE^*M40-?(BZp?a`wL~SuliOFLx2tHr){DQm{x!Ek-djqZf6$S5ZDQ&Pe5tp7+vn8! zD>lD1N~Ps(lEh$(r}9tmiYNgv{U3)Bzf=hx+-8DNxSGuVZP&dew!nkF{(@k@LD}&u z*QgXFlZ8`>I4OWgNlZHstVDwaOdQUe3U_I+w@5ti`>o$>PK>Oh8`Ji=93)aXz?wAi zszEGUcTDa;j0!9V%13&jL6?w$v0y3wk{IS(5)B&4m*=HQTu*Xcd(J0BOli(k(9EnC zeL2p2b-vO5D0Q{sWQJZx>|WxV4erxnZuA$cIWp2$ilQ=pmW0pWo@uU1H(ZHxVd#5lO;*983#&nU7> zAFW}fwJeh0CzRY*J%9+od2}dS7rGQJeuV>{D-KlabgsM28iKyu4FAeb49OojH*m;` zv@`8|Cn2%5W~Ol}q@V9Z@h|OohpMlL73L4B%W{h=OwVKvuD?7xHP+ zJBj(o%O5_NEX1`013QJG5LM^g$GG0R7DMO*8eoT>d`){8-QS!X)ESlp(@LBf_}zeu z6zmO~q!qDC@uH_7F#o!}p(R zpS6}M*}B3+^Jvj{R82F}!g9zsM@P@5c-9(S5rxewm+;rTp2m{If;Hf(<ecEp_$)ABbHWjFKh{Y5MEPFeYZAN{{q0|IyRVW!A?qehxbIq z?1Ao@pXS8ZFQA|J`q2!y#)|0as(57CV64Il_L-r_uKt+A<(;v=5IFXqH3xp$XOT5e z%4V%_SKx@yw5}6D9Q3Q}y(RRL62);vv z_**3~K%~Vb!)Yxl>^3cx2*VKGuip@#K>pQUc?~XfHOXQ>hpeJChFw7!RWF}Fg~;t9 ztojngs`}iV@1C_q$8|IqU+$%NV`apyj^We&@fpw38$3MG*3ZE;b7)W}0yMq*-;0eFH7D5+k`x#gk>nk7)4F)q`)+f}8ASDgdpc zYr0lprVDs7r9Yy{gKCwQR#j*MP;s~!{0f51$(gdV{)%VHhUSQ5@S)QQ?euTR_d4Ew zs(YCs#^mWYpoLlE1a#?k^Y#+-#UQtT9?XGXw_dd?*#x$X7?7UtD`Q_qE(_S35eFnwF&OK**K%z*O7eAC7jfo1r5iwf0-dG-Y@ z`rfplMMj0k<*aT{FK;&8(5%*Y0qB2?fa}@?zr_mL-S-1n$e1D_dG>ecLa2Ry<-iGh zaZf1~3k|B8qEh(;MVLk=$ZvB59YPlawJ4@g8RY{7A<6Vev5*x~y=^F!RA2tU#k*Xp zH}D@fGfALHfi$W|8qG*NPK-V{tkj~6hQ{N-Y`De)RJ3)<5h~c)Yz+xSpKujWfej<| z@^Y%YZmq9u`p}Esg$cLnLq4^Nn@US;fl(cSkS}EL-NQEw#J=|lN(mbI@^C)Q7IdK* z(=bCck{or73;0kx=@}F8%wjYUa1Ol%3DH`DL3mW zB_?n;Nl%Tt0B;wF?C-xD=KFm!J8x&`OmNY-UW6*e8(O`R60U)?wz-GHOB({orw7Y( zkDK-6cg<+f|d)E(xrYj$=N z)v>h~v*=X|r<=K{{=77XH&HrYZ(JHzO~cLNw#Y_YZn^j3z2hlvbni$>Q@{kpMGe?Z zq#TgKH(8R&)04yohwY~K)T#2o%iifY)R&bzh191$DwzGw$@MpB6Z$jlHwbaja8XV5 zaAxcI`1iLuvh@RcV4{yUKZ0E%AU^wK?t z)`RN$xRgJ(EYooMub+Pq?|HA}1*_hmL6d8c)EO|;D9nl87Va)!Br|+|TMnvw9$dT^ zecxN$I=(d+ND9Jc6c)641UlNNqY5xEF;heJp#*nVbqd+pd`f2+fBw|;XTtM0Bz1jgvkSWp#7;=?tAJTb zoJh-(6hMjwNE+9^4I8CTu)T#A=0#Hw-2c)c6W3<0BpgBq@>sL-t=$)fUM=EwRF^n`irDeEsOM^^@T1Sj;=qA zqR4exl^VoL3kDETot5R zxnwwMMcR2pCZBAkQd@W2m}dgR@j(Ag69iZC?y#7+cOkVOM8XU*dr8I6;FWDJ+?!5N z9(B*Zi^&6>w^-{JT4$ZC{Wbrn09FU+Jq&0Y|6~C~ept`IZX3!%WSe5arA`abdKIp}6{P_<(#;v8G2Y`#c|M0FL>Vu#xjMz+#GH>mbGC@4&Y1rS&=rGiD)k++@Z zE<+HSWvd16*krRB_4L%;1q={aU;k|qMAsw+-*P$o zic#fNGAIvyBfncZ!%9Jjx&G>G$1k8#skkg+T!F zPr=8w68ML8+v(+Li~J+XxUelBdl5M)R&pYYS~)CfJY`rr`B<`T zj*}#B#6A&7$|!o(SCqPLWI-k|3ZNrZg`qEV3BMxazM(?SapBX`*vRXl z`oiVKx2jAZ4RUsD$tCQw^&2f%PCwAn1Hu%*V&CEFC~n8j5Q(eTdL?i}K%JIeIo@ua zqebKR)c)6L-9F$=@C$!V8wVZuko2AdY3X#@?Ok+Wg+S~|(pqlW2Sg9)QwVn3Qyuq~ zJIp6bhoPQt!LZ$WV+FA?B+n9BTNpqlU&Mfi$a$3MwuTryC%is14Z${R#li91KC9IC z0+jvT#~uAHv@GgEmjpy}ql8f)(Y-f(9<%*pmIuLhujmpC?rk2$cnzOUNrO9R1g;IH2E4%# zT2XQn0p-0R?+t$z2*LM@`Dex<1FFrwI8Lwdn7toTA^Z533x=fO@hY0R1d~jX^m{K=h|W= zjrF72*_iy)k9>2Y{J;5dKboBpws{$XMF(6P`vPhgFwlqkHH_FXMv z@Lp>eqoQoV)a+P=xPtx-?`hGXFZ~RZnn3r16*0jBnz)M5ye_z8LHwsQSaQs7+R(e= z3ypR~JCOA5Nj#@N6nw{wT$JRq>{cpcT_qat*aP<2mZ3MKuPpdtLne9Aqc)*t-kBXu zw}~`d!E7JxF*6f<{epAdLMNp$w{?qzx~}ehNM`N8Hv{#iv>ro00N27QyLVIr#-1Jn zvjO|JrtsmEL`hFnKt8X?9_vo^SmjXQ}9(eZp?i@2P94O-8?|o4H>g%-?IIv z4|-Rzfh4+DFZPYovAnLMV$dUDmeZOR8VL^sb8ZY=7dcNxq>x--Y@TgvhiC|(ySv_W zvr+3XFiJd10AAeC2(rBywH|~)^9@QB-mlCC;=pw$(Vr$p897VW>Km8YTGas9h!OJZs}k0d->uor_Po`c2l;dlOdD3CR0n{FI3j z@lf@7)J9Uqp6$AD)3QQ74y^7rfjv7okCb8;sLksLoeVjV2|>t!8ko#Z44t7`t+WV-#iH8a zFx*RR_`Z3b3)-Y`qRVU2+2Fi|r=(}hJ8>Q7a=6H6%?BwFxAkI z#DR!A^T2X^Y6w-(4TEinwGqsPkjGT8sIt@dp@mCm%_KtTx4hR;+oq3gh8#S`Ues}z zq-d>^;adPqj=;g=z05S9j*q1SM~}*Qo{kuYK1Ar~%JdTI3$qS5N(wVdil|C}qCgP0 zILN@TR`&vl77PT3PUE50kYlRhCiLehA?jp#hh-FKE*_(go_-cH9o5R=!X%%miX>jj zLjm)u^qB8$lGNodp7pO?QGxkF{&J!fia$+Mx}@nvgy8c(DW%oDu`D8W*ou-q81eq( zG5qx%T;3Sx<>|;5U21KFfU~3!ND_asn+{^ipgc(dQ{)hUUNGm5oARGLEMt-9Y_$g2 zynoF!i&pUdZAW(&kOI?Pc)Uh*HzZu*yFr3V5Z#;)vn=5BVzle^h!=NAr{71ae`{`; zE`RlK`~^o_q4*d3C=cxqGJ&p6C1W2-n^+C=g|q;7;*3bu!pG3ZBL;do%9AOr@Sjt@ zo&D3cTBRKorj|`a`b0QyhZM{kYYEv&5ky^YMN48 zgM>g#YmPPeCq{@tA&)^OTLKv$Xe)-GXKF*MeVA0=3ZT~)?d|2MWV&z)C}NG3Tchqtcm07+%I%P2l6 z`){`|u^(ikIRa>h2NLZ;ptB1o~jE<)-B#%&Yk=BtNYUP1e@4 zjv{@R_W2$FW%SumyOil1Di35-tUK5zQ;BJ zXN?C8_w|}IP-AD)5+j-4p2DHkJr(ACup(JnuX-Cg9PNx>PWEubvCX_j%Unyhd>4wK zU6V$MNTcCf8(O@oCCQ}$QcXoF+t#4+GE@-`=sqMp+X895dr+nwudca=y>-&6COnDN zTdgZ(y4q56u^VyWRc7FoeSr$I%k_$Fv$`O`;_%^yu8d|%%a|E&{Ak)9A65({O%gOp1Don@F{!mPD~q%%?&LZ^6H3?5a$E+(icP*KNzyKfT$wf* zLoFk#ZQAyCWV`U?j%6c@1bvE^0>(xVumrVg#idiQHyk9sAI$0htd>KT2rHt~qd^sb zxo364*Em^6DyVtkt#l^kSWIQVrLGPi6*+9@`Fh=4>3+KRl6sM4PJ%{u;#1GOo`0}{ z>kVKT=c|$tB`ju#QFr9E(?x@(eYLSD&gBkWSJTOJ5SP_3yff5hXTn&9a8|ei#n>x_ z&R)+{{^m+DxDJUno)u2mMjq{Ie+?T@l2ZSb-Tf-BgnKi#iUq^x(raKH zOu>!^ea|NwJ^NVYwkgh(7|s*O*y!G5`n3g5p|hIcq`da3N;4KCFwGbas1u=(S-1kz z_bj0I$X8W>*BeU3SL43LWJLY~bOnENr}g)i9Qs2B8&tc_881%$#TI$ms?1>$J_=us z(Wn?x3+_RTz>ugHOlZn+&k;+M_9oGb~Qx(5VgY<<xf8%|v(ZnSYol-=A063aY~akSjz4YSkS_TIw{BfY61( zU$xB~5oEq6o!{%@#!NrfJ*Z|h2V@m%cdFkEE<=`- zOV#U{8hk2k&235CNCgCCh)=sN(h^E=koStDrqIu0@%jAK z<>zR(?f>5T?7TAIX$*TkU73EoBEKA*Uq$!vB4P~tR?Hga&I-k`lJ8%|dMDz{@!)Pr zx{?T6ktICU<*99ZwAnb9VfOI8g4D`o#NGvA-H4FS-KI>z5R2GTWl?Q~X%mV6=Xe?WK$4 zhq4zDl#*pVi|1%_I2eyZx{+E!hp>8qzVy3C<*=liA#LLO$KSZt@qqUFlepdO?{urU z-B0O}8vD29E`~t;eD*|#)mhP&3wy9fxpVtrK0I>YE)snt{KU7pP6#S7dwzzl+x}#w zGuzr)0)3L=EwI?nknfw}*G^Ov7+h~-TyM;YnP@HR>nv^WeZbSzMl6fP)s$&>yK#Dm zH3Dv7A;e|(d*jm9dNF2!fR_CqpDRv>p4yG~ zQ8lM9*$ME_d?|+p#I$Q3kpVN})=b-@sPd}8Zy_kDUX4)2 za*YUK#yBBfp|wne8j{Tqe*r>g_iYt=o0unCDm{Y;T>mWftJu_N;U*b9_Xe+-K+Umb zJ@$>3jYj%w&R1bB%e-3Z7q1&}8`G$q1a$yfmzgW((iob44PwEz;}A|YUUjW-L{n8j zHL#T51>2x_zdl?8Uba#~#N#~s9}$)?)x7mgxVE9(K+Ph*xnh1%zIoeqhRpRmDbvID zH@T1{C_9WUh-AC+%bUCF3VIW!v@cufK4(ES+0QC21Y-@}i_V&V5%m})$81Itr&lj! z=BdXYtLgSL0IjGOe%b-np7>alOdNS8xCn%;(PQRsJZJ_>5WKfP<}yg|K8o1~_jV3T zyd;N|BKwphQsUz<0gcYxYSq3rF?KpBz^jbxy+NT`!~1Pp%L-D!Pgu;s|1BXNgn?@BM>k(F_rv@rIZX<2xP(4?KnnQaUn3BbfVuiwQi z>T|3{{}eo0S0u_E*qM1jp(r$4+f6xa;p{(c+5+=%^RsP2 zQq*BdMsKo3ds1Th3ERd;ccZ72L;Yo`r;uaLk8J(o^y+$QS{H@Ho%HVgn9{&&>1fFA z<^=Z1ra%8I1c3Xh56ELzV5pTv2x~>H$6U0(r&VCs9k?NZ?>nwuoxV(y1C~l8Rvrza zeBf03iF#2C5+NvEKsfQKt@GQ60bWNL6hn1m)B%;h>l#<6Y4;@o809tlsg^vcmSja%$&c-MP**8EmpoWXwZtQP< zmoAXqnzWy()Mp;uu;#25d*|PPh+Z*nj;XY0?O#)<$HdO?Prd6;*VX%L{`^_b%XZzL z;d`wCdSfH&R+gVJx(zID(QsUp#9FoI3>Ri^p3Heqi8iLJnGA3HOdq@%TmFFrZ^8Wz z{G;2k62ZOkf9De_C%(o~#5-;q63`|HDyrjwz%e zXnwn~<4wa?o*Hp>g7%~ikIvzJyK&^udi@YozM1?DUp8Ym%K!E@dRPpX2jf3)AwOF! z`GV5T2H#g5_;Y9j0HGFo{}D^T{$DHKtR@8bBgRYq8a_GG;?WEpJj=!7vFGGZGd@#K z$7V3BO|x?oEQ-~S9QW=l05?5HrKy;Cm%NNg$jz$k-e)h;j?eeihbup(uK}~c;Xxaa z8D3fZqaVbVqYL|y#Es<_?+F#@03ILcbMq-$nI$K151zqTA^4x`84UfE@YRPn-!IN? z<6`jljr``*$0C6&IQximGxm=g#`byOt^L%iD@gQ}Y;}Ct-y&I;o(1TAvjE zMaa^-k&CWtG~9S$yl%bjGEtyZ2On2nkc;|CKkR=O&Ql|07ZN5auF;)vOg9y-7S48= zruwLgoFf1TwlZ6}h~}FrSZ95{EvJlJ(*6nM1iETE<1BBI}q^7F*H*(vxg@ z2KBVQASinJ&aF~3;C9}_maC>eA^u&b!Z`vw-YHcFkpM*=alUYA7iy!>mu^9_Urihe zl^ZgIMT)vMkG5?SQ`ZZrE9AXV!7vr{i86s@)oOoLuIt}zpm6`H2-N-&90>lcO^!S8 zd+yxtfbAi%^T9wQ4X=?6gR>wA=pAp-Li-D@DF{}2l3d(U+G*RgrJSX~BR~^}I?*T> zdy>OI5EK7Xsc~_gA2(04Z~6eaE@X3AkM*A#<7FJgpNX)Pi&!TqggJ+z_xx9 zi>%xPqB$B{sVF-&c4Wu32O1Zr8oQ_i{4_jiF(`7wXA7_^R{}zseSJwD2jRwQ#q5&# zfck-os8JH_XzVE#Dx8!I5OK9HqD8~qKN?McFirb*lU?EB%>F8NVVTWbdjJTeWsYvE5tK+SWWFR-Y5N_uQTu1_=>+un4x*!`?)!{JZk!%u)!k5_u=C?h0MKdTT`k7!N&*T2DK` z^{Bt0aJr)=rZSGfkUBjxdA6E=Tr8=}+d71iz>fT!{I((mmt)l^jmVa8xet_YN+FxO z2O-O~Ut$gG+ihBn&$fwHY%`o#3nFPn&pkCo;yfWfF>*(?NksmP2A=MkL`fp**H{@? zsfCuA;4k=2pQyvz));*ha1AW}LM~36vb=?gW7xQG{Y;VMvI#~d`3db6oeqbU=x_pPw)8J7Ci%Eitz>r%CFjzhMXk4x zCa&@-PXP#*)-+#r9So)x%pkp;A z8U{k8mL79LL(5G#En*Yn&NYcGeao_9w&POWb5U#s|G6^xST~)QoC1UI=AR^q#{#f2 zt#lVLBi=?|>h zVkYq*3fjlw0qXY%Rjyb)F#mAqSBQ@rIcc7$jS$C>e>EcBxf|ne-WvhXVe%gH?WkWQ zqYxl!TCjp8L=Y={N94M(AtB=2-iiCAp9NDfjXAv2%e^7vbgrpOYLH~&YfBfeU8>Qm zZ4K1ldHoCwDykIoUR7Ujy&AP}}*v&EPjL*o+SyYXhLu##VT{|8&eZB&0WZF=0WKDQ?K<>Eq64&E$<8aWPpYW3env%HUv)6{^=Wa?-Wb zOd^CyZQ&wO9jn4t=Hth?62wDt=a|@K*!B}ftt#O)v9=c9o_6biwy#)@(kYz-CTIm6;2rafp)l&2xJ_e3bc}&>v69w;4k|`cRZ=;VqxNb4W zu8P`K0SR?Z3iU3KRS>EX`17s9YaG;k_DovmClbI7WatNi6KBB$tB`S$cv|&~UdzU? zUp(XB9x%9c2!c$IFyb1f3C(~0W&hdfm7qnAujs1}jX(<8K|Wsv2;W_!ZKkdMP7t-_ zhRjiFe4(eQw32R!)3NUy{Y!Y=U%_vn2`E5OW4nbqpi{i}%$$O{+cC(!0-x!Z#i*rgOz_@V`YN-!6@*el zg>bvM%$Wo@F*)T5N{5^!?OH;=inY;uaZA+oIJs|M7V%}?VG^_SQl6N-DvfLw`{Xyfr zBMfp&QE(ahClVY{)h+UCDox@HRkO%Ez*Eq&jC$Cgja-Wk2*@vHAs<>QDiUveL_E0q z-GT@kb8bICoo^l5A>LINNLo#5rjTBM>tOTzZ9=k{S+`IrJE925vyDg-JK&FC|F5T6 zZqHvMkoy^ENo}RKaEo#HBaEAZ;LRcB*-7@IDh%FsOk9(o+_w7HT424okHpBmbu^RG zc5wR{APel^{xw&1?r_o6T&2bIqay`hNE8>lSJWB0TI+Mw#MdIw#Fm19l(1^}29 zFVDLAUv&6WE+fLYm}e~*>MyA~F`{i}S|oG}a+ZfGWFMHJfMRMxC0NGrNWvRHZCYhE z+?i#W!Y)}Y0!0zQ--O$TkZIa(Kw3DTN)O=x(TslJnRh&V6Ph#}`p~+q21G1HwC{ms z*WadkM#XdH`rNo;P6(RaaEgqVW16CO9LWMpUuP^Wj3F8jy?V^kNWP_T8sK;JM6;P6@4B{?fWRYtFb#~O ziJw^0>TJ+lPj>UJKf(y&{am>rz-raTL*NQAETA3)NKZl2_ehm3Iq^K1}wj8O%i~hwJ=|&@f$Jp0|Tmw(M<0$YR7|U|dA|cVl+k zO+TH#-dEQhr(YiYVngItc0N#}pOpe6C&X}C{&@ZsaC+bU-yBbWuQ6+uEvAn|e0C|8 z8uypA=jh+MV58jyvi)#2;p|s@xbfq98_pRtQYARNS^kH5aX13JJJ@Dl={ChJ>y?=M zzgTicJJh)0ODwx@pK@G3di{lybaN9)nCgEps}SJKMeGi*F#fauK(Z(uv$$}MX?9^~ ze*ND3by?&8owz9*?yRvfKIp;wb`$z`fN=Qe;UcqsV(0|=&J=LlswLoEH44wbIrfF? z{N17jTO(D@8(IHon@XmK&Sb~rdvsRq#Y`OCL421L1-d(+qPP$rs2exuU7YBl4%H7a zr=vt1`1;2RShFFUkt1iImj(3^`O_k(<|w9U54r#!H3`kyulO-I;rf$7#s%)?extfckd7v zEt#R)h0LZ+u{<)rO7wj_RU_4-CQeb=5`}&UxaIkR+`fVGsJT|K3Xbiba4xQ#%m%Ip zO@Vbl0Tl>!qMg(*KFuHplGzxdSc|Q4tup5$6l~}|XgGDnhhvRQpsQVyE!k0KRtv=j z)f?B$LbS9`L!F;kl`OgtpMXMADhm*kt(oePP`8b?&b&Yb51nHVjBVQ+IFeL6cfd*87_`L;=_3 ze6;ft*Sy;D3=z7GE_q}i{n~>$$P-TZ#+?Ec!vpsWaNH%x4e1H_myPNDFM$SY;BFbw zYPN*es*TJwrT`prdh*2R2)a=B=V7BMK&@4=Py}xy7r0qpVSb`g>VJOqUpz-Z2ol*4 zb+wv;YVjWYWc^W<(Tu%P8dF-qU(ib!h>*L94W{%jR=ABSHYn}Lr_!Qc0!K#mwh~DU zdU+w4+AEnV>{3@9$Z`Q!lJpy6bHLf8Eu%5x*3fmAOCf$<8VsP~w?3uQ=_Y#2Ql>(9 z%M)<%V;QmKksh@!rhVfyG!Xhg2yX3`L}-RB#ZW(N&Y0diIh-N(#Ap0 z{fDH>Z)k`7!2PCHcD9_DV}erZEc8=T$IiUD;7?#flXF|)Ush0TyI<{4OIrtbY#0*5 zq7M;=MLW!~FE&Gnw4s{Vh|ca!Wv{CZi~SBrh!f2E|?mgTz$VK{KU+QF}YOfn0GZ(=6mo>q5T|s49Xk)(|B*W zVZk6MiqSE3!TxirBZa1C0JS-wqD3HJ*ikYcR*}@jw=P@p5mMBtjxdSzYbJ>L;{i?N zS*zu1BbdI!G8e|2?G3-F1cO7nxsDpyD^$5|{wG!+G+5E0x$S>qTpFd80j$a)5sBPJ z{#bpSAj>RiRrRjm7sB!n1uH8PO_$-a;FO7<+E=6)2TmEwz04`%`VF&F9sIq?xdYOS z8Zj;5iZJ5QDZ%rU1y#e3iKJbu6$FbK;c8itfMA-K{{}hL&SNU7>45C2DeZk4kvN1f z-1BL^X*aAcP2<2Gvs*lDufWVa3|0rzjyDruF+TeQ;Y7_)eU*Pqu$ z6auHPor|Pj_|bB0dd9y8gB&7JvTolkD_loT;%f&adLxR{qi-Uhu8&EEE0G3@zhQhe@GA`+FZ2XWzi<(y|&7Dvn{BA;CC4bJ`8ihsWlSQZT z=~u|hF7Zt^mPup8n#UuLdY-<}NzwVjb&kczrpl;ur7S)wx&h-ciUXMSRsOv)K@}OW z3n68%J$Pafd{f5q9TDyW!nD$=e z!j(uKYF1&c+7jdq~F8ES^A*wbd)Y<6>%^WC=ls4wm z8+-%em*S!?a~e;_*F!PbvswiD+QjEpg+$u+;&Mu0E`ezNCru>DI47eHpLzxL|L|hpNX8$MQK_M=+G@tIgatXiHw1!)DN2a&)8MckkHrF;l4qHMbCrBZtm!YetD(W!N5T*q9J=hqMH^!30TLQrzNGD!T}jW zoj4512zU!R1gn_{5H%9cso1vXAS8+m(wcV_G@~|1KD%U7CT(Y=%S_ni$jU2MGOnr|LpFTv4fAe(gd`}KA>d)pn2Sk4m#uSwZXk^TwH6U}yj0RDuLzU@j zq6Yq9iJrvOi4qD+*o*z)ywg3#aR5>|_A9s0$fLU5+L%?tkKTT6DvA+y<-syKaM3%% zH_Yh%8U7X(WS1n9Lgs_WinUIXlZ<9rw>EA~pUe!o7+i<_knhFAID!MsD2e;JxSq1- z*{vpXW{utn>0QZ8V7B#1qfhOWfCTCZ1^jzXywD|Ei(QIOY3L^2{-J7bSK8)i_ibUlCiTYfIB-qO5PJEI_=YvWFW7(^>{Btd z@^YoZNy*?e8Pu_c@M8n9+(48?_JBKV!p;GRo%JLqKpn#5cSsRsm@}kpO`w`?3adY8^)JwHQ4(*j&T3R_i+S-h}886pyhI<=7%c@GOYFbJVCd|Hb&U2t3KCrtO%&K&Yi2wwyVQ64#L`s!)&b7+S}%O%sFWSS!pnsM>GbkIK2y2rRoz%hxwkfQMng zeR^K$XgFVI1z*tzzZfuZ@&h&}qYm|_^P&isDA3_lv2*-@+ZCDzT2CVn8EHzQ=%wam zcQO)m1?H(Ripul=m?AUMiHU!_A@c(nzHr3DtX`EdePZFi+;nvTTK>lFDn1jx8=v8Q zFAB92qq)0Hb9Y(>+&|H;dzPo3+=f%_V2gYTvmlpyUsK;0NB&LU!yJAY1{EY{d zWX2;l$2ot4;W~+#xA!jbdC6sWtDV>9=b0r!rcJRQOE)~}lPs>$js?1y;xw^UKNm=2 zAzwLMWLD+FaU!bMs(ssW;=;e(t5rMCElRHil=B{`{}$%4KQ1QqcFDrvO<#Tg*;-vh z+=$#hq#jIPB8Kqd_9r$2nXgrQ+kUC>dzM>f{heg1N7yMTu$jUv_2;WHAv?+6f9l>8 z`&|FvFiGNqJ3UlI`$_5uH?t{Gx?$iVfWU3z{aLOxxl-pgV)IBCk=Cf~FtD80$eDg2 z=u;QN{xAn*TkO zgNk!`skf9>qi&tjcAht7RFWo{l1-u$9iOv~0lDbFgsjOiaVGyG<2~3j(b0HMFjUR> z0r{le^K_>2^#7=&K~>1#^0Hk*s&f{FDfLN z2Q%1ai8mmVx&pvgq<;S|t~*i0m5slK#@~o!Mt+q4H}2fPa0fJ?rTmxQol{U@U3PrH z{~I=w-R$p;J2!ihtL=XWJxnNnq>0}c{_QV~M(_6Kdem!@LI3>xsz-XA@k9k|T*w2` zXzYKFG>E1&;jj~9hQEAd*_874G-;AE7SXKCo8(O738$?$Ec?i2^5n=(TShavgiX@T z1TEw*7m^4W`K6qRJfaW&L6JvVKo^%xWHb58n=+ZvY|$h?(vS3ho)@yy9~aqd@ezL? zh$s{fRQ{3_EMc=uG|5OrfE9ZqVjTNTndh*-SvH0LM&g0q%ikvSJ-_GJ)}+kt5P+Ua`u-_{w=b6Pe@ z|3RLCu7F$YicM)ED-CE!XEYCJCV!8({QolJ1uhHz&gK3Y(1j@Et7#xI5d@+Mr?X2V zy(NYmvM}7RG6DV3SS~h=h|g%A!mv zhx!7vkFb!(u#mmHz@D#Y@gV<;p5Dd0l!LES=84>KP#bTEPBIgcp`X!t2HquSqR1a9 z9*e9@Lf$03*&;2Pq?hp`lN9Y0b1qV#@f=G2AhHlPJWCd|Nq#IJDVNmcQ`}+$8qr6f zX;i=w_$b%tA0<=dl4Y)A*}{nGP5w7p$i=vMq)7-IUyzAV@URM`jLAQjAt#-T;&I_D z%P6^GLY{}Qh$T;yXD9iH3wb-k))XI=^++$~8D4MBjrSu@W}$pi{KWEtoYCa|@REL{ zP4bJBW}4(zwaMgYe&z9$P9K?1>RvJfQlk{Le~g#vSd_(F9h)W@(wIXtS1cFBT&SDu zk$&W|?lL!bPm0@A{X=2miyTH?N%3(H^45E&hB8Pfcvx4zCEMQjgf0MmE{wY*zHLPA ziZTx9oRMn&c~2Lu#zW&{RqU#c)l+ltqTzM*TX`AB6q69?Ey1|Y_o;d=~qAn zQO%?QW4%RMN+)Bf6Norv;A`&IsFNl;*-TDYGneZuQs<@1AGqoa=I}$A7aYae zF-;0iXTl0%y`ZF_$W%{I^L-i4(9!a5B`*ZQbigb?qbs;~EUg0Br>?IUh$63+1ZG87 z6+&abk}kNtUnqI{oMRxk6~{&_E3pYRICRM5(=wqpLHheLrR7O8IUU;c*ukmtSWM=UomDyCQ=c}OHLj-T5YjQGaAr*7a0ttjLJrc z3w}>g1DzO7Y}N%PDmnWF#4=BeMJ3N6+0cYVr1QWZT0hXcJA9lV8}1i0THY0z2f;)U_s=b;}o)Z zR$8NB#;tg!UZQ1o&s4{Kxh1A$WSEM&qtG@aFBo|npR0@@;8Q8?Os(dUyoPO~r1pYz zvMDbzx?WI|$14oAPhi3xD?-@|vhTF>6q!tU04)2%R6A1m`UtOYF#0#hh=m8;?_qB{ zwufoNl(j(4K2j>a3>?nf;Lp<~Rf^V(p(>?G`bmfnA<5!La~^?E7ek4rx-d8?$*stf8BGO3PSPL%9_BjGIqOMo zGzn}i-*(^@?qcZn{@%FX>0;GAFjpqN5}SFWq>nTU{V5@q4NowfPP^tA9}%>U&@^SL zsIKgIbfF1Q$627tG(pKr+>tvP6mICS3A035K^awSN+dmAk>#edVxBRE#u|*J%T+W4 z_^aXak|{$tD;qyZ(^T-JfOu)!tV&PuD7>yzS-V|*KN-~$RTgzy6TtnkOaNX3!JP6e zrbcpi1kpBmO9Pq&+^T|8k;7gzwd~?Vku#W#<#3pdqOafSw#hYU-5*S&^_3k1TOtrP z7Wq!GXk#dfl9M&a7{c2ckfyu<$AmdskVlqbb|sCtjD0VN2!b-p5a0Js=Zf;Zf$p?V zn)UcG$i9ZYiAUP?h>9-go@xM`9h;8Y-Y%=xuHIG*5TTuKRg}nL&b*p5C*X7#EwndY z%Ccx-`)T8|H?5M@4OwtsjqvhxBDTO40^c8CX7*l_D=^A%M_2z!9$2=*kJ3+{V&lfE zRonRH>nqy>6KTZ$ocogUTs|usjebG`3a;9UMM6i)cN!vd6;ii-XKT9T_xe8Ej+ckc3>+|9GyY!l!)nk=7n~^B?krg(9zJuMIOu3nyip!gw#6ncHuY~XbE?sG)+qk9p2X$+ zj=jJ*5oCJZ^aKs22ly|{1pM8OqK%LLej;ya0Z*dSM&l2c$dxXUU&@NE7|1oRJ~TvAFG7WMuEGGwg3I zoBDI#RX8=Zzld~ddi!UJr#OfW@~JBHECQ;tLavZmZB?%NvVgjx^41b6*8e|1M0NJo z7m-m-f6p$Y(j+_-nafs;*t(6X`6U`K{xJ9Z=6+nkRVJ(DYtFf|q+ImCMWm%gHFI1hTLG3!NVz z|Hv3y!7J-8zFb{>D};LIF0B|bY}QTz7zyBBrCv{>hMOcUv%I7Vu)(MkUw!`_k*_z^k(xt-(V6n)1_rf}*0(i1Ug&zyOSW7r zI}f`(y(0U^2jq^=%8ZfMy34MP&m=KjG|61U7xE-8cu^KUxd0lVs$KR>w;giIdI{sxMk8LAf>V}hlD&~0>^Uvy9)=mHj9)gK*oV7xt!Z-Id}z*)Kk%@m z5s7KY9PHESqUNd5M1)xwL&72-ywhn*Jt6hqH(XZ8^c~Bhwe#UYQ)~~AbdkJrXt=)+ zv(+PukKk$sa*C!n!&vs|fqN^}M2jK^kwZczQi&9W!6`CxjX3OZ8SsUdk_!NxrWt>r z!J?Mako~NWoxwU_x4*`%*(V`!iMHsgDXlFku19bDAyO0N27|R_x~o&JNaz zwxD4aDxIQVQhkNwrC!gF=LS{eO7&TD$HVRG=8dztgcR1Y->61HG%7^Y`ubZ_Dfh<; zLzj%{9h;Rj3-hHlrNMn79wQdc{N!RPoo02tHN1^hzc>lzttMVaYl2*vi8SNzXlB7Y z5s{clUemN(2iyjophp@R@Lv)$iaEF4>86<|SWsDKwJoaj#hl$LzBxSEVp9y}ughms?OfNX@vO>T>XJ({MJec(1{o>jn2>Eq83S_agXDFBs) zI?0~=Ev5;bfqlsmp{XH;jbd8SkXKbaDWdUVxouASBh72h(#r$VK^*5BoOI1OGD4L( z?h6tK%){essg(?0krNeC*qOXLVwQxPcDma)kEdWcvVHm4#oR2E2>qPl{zt_VC^BWs zDn`}-%`fj~+iT4raXm|fzzZ0Ez&Dwb=tM)6TTP#rX)W{bQS}_Wfd?eG+Eh=LK^)WB zXk1PL{y-x-v9Q1j8K<#CPKN> zf0_%@ft*9e+gKGCgC`Risr&Sb&3GO;sHR%P%t3_=P@!0HiY+_-%j!dpEt(tJw%Dvl zU`r{kDwm=!LshVj)=NQ-lBOoFfRTMY6sRTi2f5mSKcLI+pB%`uTpf1*Z15LM<)Aj~ z{xOzILbCtTR9Q;1`xgxxXWD;xAkV8FdPH+TiZ4J|<_WYr^`pw$jmD^VbGrrBd5y@d zeYJFMq%GmjPaBP%d2m=AQDr0UW}j>>=bz>YBs(_R?Z_LBh2++&y78rBVV?C9-M&ra zS(joI`qZmumXul$xx~Ev3__JV8qk>7vD#LTlqt(~!xwPd4NkqbmIRh@_VcBa~>pFM7iaA;iMBdH_tG~`fFweXE^FcLByjTLbl#eApaU(Bs7Tq-+p}6qhQ)r#WyoLAz#k3VEU7*~%BDXwO zc6$^80NXcT&Xb*~Ncqe0L}7e5IhSbozRZnrA)7Iq@xvbkEH1rgh=V0>j8dz`u+gQg z@=Sl2GD*JNIuf>5B?4Y^4(+`qtL|6p%2jr(^IvntoJCQS{G;To04bfRL|IaXV>Bb+sbsoG6AjH& z!k~K&8aW6g<P~KwP@a>52eOs9D04O!QK(V05g9i%GHL?SsGhwmhG}Wb z+UoQZ=*{);lKd$DZ``?Ql0m22xy4^Q!*ep}^ndCM8;wrxz5xtkkxjCyVJXZDELWfw z)CaZ50MsIH8c3I74w1e1+VR+?lXqA)_$acF>?uR`9>VOi4>V3CjrWSWNN0G&f(eX9 zP9`yGp_U2@ceV#ZuWx8Oz#GKoHYhgcQZ}dV)CA#pC?Th0&-?eD@fvraL-x$?d-{>B zt_B}RCy3zjvTqTA+Q$dRnOI|o?BOr%y+)%yJnw(HVYqPf@?$f{h{S0kuzh1O8hrii zP`jf%Zfok*dR32m0GRYz6EHbBP__bVUedXna3GE+1PHRcD0S+92N6AB0)@myU{rb9 z9iI~omn$21q>C!hsF#Y#*VI(`W9>A}Jq}5qT=;115$agXcE|;_jdgr!TS$R(hVoY; zNM7>7yCSXQG0%0(e^WaNqNmbUj?Umkr{DQ1*B3tTVPc+H%iQbQHf)rJ3JBXEk!v4U zmPr<%%ynKr4v?(zd=c3lGJS5kXjWDMzSeR4M6?`CtIxA>Q*qUWOYET zp9M>&a&hjotOZQ01L*osP+lA1-Ks?p_X+)N=rF0DF zpkyFHYfdrA#;IcT4XtvNw z*@GsDMJ698l0}7(Kvan_m86!!+D4gnOP22z)YEYzNdfM2qcQFeFFT{_o8In>Eq6E@ zi1Iqc;U0$HA#YO{%Vz$cBFOO5Mq})6TgAI7$$LRJX%bc@VQp4Rre)6u?<$R;v)HHGXDqE`6|Y~U?bDWS)!e4srS;Jr5ZOWYdxKu*pjLm1 z)jC6RJM3Q%$)Gnl>)j|jhg=l00=Rt}t@ldU_X9K>LF5V`;L?QLCJ12JyWKlzI(d9x z^P#k_&dZX|nhAAq?{Euy0nZWz1+ClFx*SNOr_))giw$!Oxp)A^wJ&D{D6Xq_(i(t! z6=J3!LM0E&0bX3mz|}1;3Hd0pD1780E~~#LsA+lAQ;XT}jR|CQ?O*hJ=j5z+b^TML z(GM7g!(4F|%nO#}1>;GR3`O=x7fmvLjeGI?MY)P^t~5TR0HNs zM|ujwjOCDHv0xEP=OWP|lFDEjQy$r36)Ts#ip7Gt+5M5rpxdsAwER#oK1wJ(+dkQ+nPSnD;tob*~3p$N>KDVrQX^ju(+J{aCJO!gw;ws*{MM)w{KTMa{}^szGX~HFn64u%-6%<$#R@kBkRxM-P~MVN!uBRR?u)baZm~>N^;gr;ga%W6iQFPOrV& z?IHyJBA|QP0VHVI=lo#J7OX79A=qc^TBH=*MOSZdALwEIM%A;j9e|Bzr+K4~<1~-*kb^$DQU<0y*Qj$1^t| zd^sD80#9{s4zxJbrnNg8sOuA*!og=&dupuZp-O9OCl1lhDzoIB>yc=Kn<^ScUEC&? zqsfwT0$>O*)0}RkKF6Ha!7aJV!SFVw&Q{`p>|@P6v_D;_``h)A#$$}BgJc7iD76Xn z$iAG#-q>i)MmW{I1C78ph4s+V$ohpa=_O)@GKR_%WL5=i5!_;9RlCJpvdV}gA32Vf zIgO%C+W=J?)=PYay7Q^`fs3jJ)*LTO>e6JCtNFy!NV^W0pD>oDtKw5({)$fW1aXwM zjh1a+V`<@Ekhy?zL{K#3 zJ@8<=HEK@$M#*U{-CwQbF~I0m@WJ{HT#cG}(U^$$4xpbd<2#tPx$+^$RB6VQ7Iixi zN%OFJ8(6_l8zh`&9S0ucykQk9Pux*$Y>ziN5-)=kduTRw~`ybZ0ff}ugHC=l7zV3{r*LD9~^6XS+!FL9I zvIfc1^&#b45Au3?c6k<*F-C9Xj*}u}Qf-ncv*tNbW6tPnawbVsGDjb|(}Fgh$L=B$7yGj!@WZ8Y{A zMe<#lgfs>fv2qe>I*ZtpOXue>Y})zhBZ~3JnSw1l*lVv>4-Yr1!>bzbI>q%GJ@r}d z>au@3Xp)PY&am5SlK!M~^$R-9T;2ZM8=PI=-dyfyt5lI zKuAB3>W|4*@L-a+AdsI`jo~R>jl;I=cm_cSNp4mHBU-@tQ!`0*t$;obE}Up#Tu0=L z6T)Ngw=PgBReQ094)VQKp#?k^U1IF>JMEZ93j$0BoM(*VfSj$$%WL%5%DI#M!wH<$ z)-l`?#@}@H&=e@VRtLstkW=yX7owKVRxv&K%Z{$C(uC9OT4=V{dgrQ0|AvgN$KyVV1Q51$bv+)F>x-uB^t?0ZT=vN1x=GGElMcjd z^@m+hQFpGIr1x`gFuLm8{2~kYhv)s9UU#BujiCiSB5jZ(-Rt4F_qW^LaMJHw>7suD z=6NV9ynqo*uzccCCfpmMCUb5DNOx|=R zW9uZYL{wv!8L^BDi1zjvRmE>z+}U6eKV`BBf35nMwwHxU9;D8E zloLiyyj$7$EPE+`MIGeHMzBB9Kfr;0P10t}Z07>dAG)}ztH?-{)eY{KIMxMLmP zP$x3cbxKckyd{}w7ZqS-j=ZNXYm6;YUY#3!QcWOg<+%b;f~eq&;I&xuerbc?*>^!j zBv%l5-Zbu|iG0mLzQO{)hEtY=ya2QYJI_1<2dq-zlYnT<6x$$ccXSIE5wW`v}cHc<477H3ZIq*1DE2woXS_J@d0g$s zBDpL4CCL*Krh9BR8o}q;pw4zv{&?zu-?=_StDay@7z|NT?jzNfN;!e)inwVId@EE2 z#4ZiIj%=PTV><511jE!au$-WGNZ^|$(68i>`VEW*Kj)6z`lPW z8aXs?GUBS25I-;P?%)cqxYPMLOHdX?)5#R2=^gx_{I--scPB9zTXu})muNEQo#e{G;k)zm}clSEHBJPKlp38qbMi_8eGch7kL!V#R#Fv6cD) zu-u&zez5s=lY{05)v$~8uw_;@+~o`Bf!zu4K2%ZrKlX>0=huTq4mO7_n2KHnoTqY1`#Q@I6!og#Y@It2&-O<6(GCScHJ!(|Pd4q(#ORuDkk z$f1}PO8TOSt5x%^w+(QHmJ2@4nS<|SBtf~3A}f5^>HLe!PUl8;+Ql|-{&m>~$jviL z{!01r+{icU)X~YpT@Nd4qL_xP2!%HlyWtxEszFOeZ;K*U#RG6RC9aaMoAoc0{o@1w zm9nqSxD&U`6Xo&*aRy1S00r;<$pJY&dG&vpV71TiuBm;=tcw&RLs7_Og(x>I9UG6D zX5B*U2m}1YpwLYis>+kzp%gwM%ze2|wad4*Lggy{N{&|k7I+~UeuRYy#8??@vBqW< zwB=h#vMR*;19kz~Ur_e}_`r9NT|qn0G_|K@6TGYC8EPWhYQY1Z0^iH&1LVGFG=4ok zdDVLH;^??_{F3Y+y*@lSIzB#VH2&oL@M+u%r?eFS(tn{nUJh@1o%2Dj9fyDV^q-@n zqodcaUcrBlj*cq-J$e1=n7rtQeHqo08{65kq(sQw(rB*$3-m zrX8D<-kc`|n`OrHN=lLoQD%gF;D}$FFLHV6+vI{rY{&{S`VPcWDLyH^8;(3uX)ES@ zHjfq#o}Zm5Ni{7nt{FUda@ir=#WXD-GeKTJo&!AgO+;K(jcW%V?mLX}L_TGubOP9# z=&8scYlFOPlx_179ES=}D`J`(@tCkIpYzn4US(Xl6q({kt{qrJ%Rng45X)=7c6hI@K{Bn3=xvDVB|&nxP9V(q4#i4b&yh^bHOg)f-kJV=C>5k zf<|K2ZnVhoVhj&img$yP(8$Jfvj<2^l4eZ4Wl-S{7at;m;fVsZ38tr$^bA=Vi3J`V zhb|C$1HKH^wp7%DjRQwGQa)4Jkgm=8}gbFoW78{G}ChRb-#tJLf z-+6&ZAbAIz??Pm9pVqVjtJ*&s{LlaI)3;5?g;2TtcuxKv@#Ox$_UA>B=BI~;kB^US zK8@Rfh!2%V?4iMv4uBaPj>o^e`SrVZ$KSV)+8+)B5krk|O4};m$6+B-9^{8be*X^V z%-*peZqJK2LZJ@w$%VN4+k_BY-s(_E#{#;DjASBWRitdSbYA79eb?T0_q+zljptD6 zK}2QDa=lS-&tiXw;7%akkLS2?^s=acCABd1YjE0V{0^Rys;jrEtD2wR$vMk|j05sc zU4hz4jo(RY^$#?==6h`o)$DIU%33@~TfyB7SbZyf_^oc(zjZx=-0?{5c1QzXEPnHw zi^S&UY8UU{b%R7UQE3%=-Ktr=V7Th|szU_#(0rpAqm>SL5JP^V^_^h)CD~@bJE*i! z$T#1IVtoS>_CY=-;Y}*3sYa>Q{N3@m(&|)*LY|xSX+$;EVcp>QC;P2ZH`%yq+YP+Y z0GvW)P?x+ZW4S1^03KSX=yn{5?a9G|gMiCAfvuw#FHQ7O%{3#ETtxCH{`T8%4Vv<| zm`C@NJRCRfc@my3_0x!1K_zoOZ4ijMJ0&%zp&?&WvIL3~0}--Z{{zyC}&>JvYUW!e@QB-_t|IO zPG(xqK_q>%e@QawK0hy=+?hQGrHrufB}rvE{k*jD<|YM&MvGjd!9;e2{b~sXeYG<* zxvMFn`?{9o(C|NQs= z{5Lrvua1t6j-fI62l(UPM{m{O|4SZ}xp+)S>*fxNoMIPV5Grzu9xA$q!?+xuf)BAfxFFQQI zSG4fyFYp}+`-CU>Ck_46p5R@b&*V$I!=bb79^--fn5Q&gQa2+xw60B^6Bw zC6eg8Uihyi(Pg`*Gf}Isx&(My<)11_Z7<+$BC5O3z9OQ!FYS7wdK!kWjHn)i{EDdR zz0B*$>Z>H4g|5#=R{LK5nuzMW;_FH3sxQ8_jjG?)UlT#?gMY;qwR(=PYkxW~@UMxU zu415`qMlOZE8C*(Q~hhAs;5GzC#$bPdA7ZZ&nob50lTag!qD*rte5yk(m1Zh>jNX> z(GU+dZ^9EmLP2AumfcX21Ji$-OaxK(U$iW{&#w&z+KNNKk{uX&(Bpv_y=57{Tlf=F zX6Ml(Wds-f=-rkU2s$Z0lXg=LZ? z%{YWO>O-tuUyV@*j==7orBnl`xw z390P+k)z!=a?I=R0F3-6p@Nfh%|}{IqH)&a1wQ?oQy4nBCEU z$=O}#(02b*(~u_+DSG#%G*{fx38P7PnlenEZHB{Ej;7IQk?yLIT9n??B`pKE+#{VH zj;E}kM*djpVp;a!LHd%m_>=}gOKvPHUC3$3>x)Nh#(Lmn3H_5h8s!Yc3mRT0(c(sk z;zGWqz*W`mUC z^@r#0#=V=j{jMyUvn!sIACzQMM(mW_lu0M=fLH;T3Je3L0i7*hQ81Ig-sUV@@%=7` z>MOn~{XEVJdHeuu11*xXAY^RDB^wd4Y|>E^%W5|T4cZzUdBd!itNjH&jDUC4dz9Lwp|)_j0(6j;r{vYqQQROTX0gZ?r{vY~$$&%IZ@zIr9C9?dMT=EVrx;-Z z*D?#`aL*SBjd?&uI?z^0GZ%a?+CQ0b{c;*7TrZiobgO;&rQk^1}Jkf9`kx z^MG_ky1+2~O7dfJa&-J{>*VP8d(w#_oqYL*fqy{Qb{e`JKRIo)(~6V8+0Wj5Iqs0o z`N*bj_VYIDVYiXBoMntcYN9S?=9RCljQv@%N&rgHX^RqsL;L0%^3$9akh}1a@I*y1 zs5=(8@sX=mKmpSNN3DF5E8#fDCgdHbajU8vSqrKYNF@lhSh)TMQZWa*QJxdYkzWvg z!9N@mOk_Y!U;v4Du0n*}nX2axzEfuaef6xbM7bp%ID6FWHxS7?IfDFM!XELF2=u?; zA6VXaOEWIYoJ`9ZL{#QaiqcpY7G=nF+&*eUYGIAsfyx*7_J&K*V$t|r)%l&A%T9jx znpZ#srorD`orM-wz|sycUu!;BX7Vkq<@LqvU&-&J@w?hzzmqXb3v%+hDbMZqzk3_v zck&;9J#HUkxfg#s{@yJ6@6f;zeE6YE7&$ri8}O>0RI8q-z6Uf5=H%qWt$RYQI!8w@ z{T7awTfolGSwK#{gZkg;`dIUO`2O;5$KQDsk5$D^IV#-u9um*bVpvr@VrcrsWvr=gWW}18iqSpk~AmfR+=9a<^9-_yk$&#zOm*VUzcK}ME__nN%; zPRZWUw}+Cc%Rh%oUwumUj!y>iF8~2_O7`B;h%4Z94f+Ue$k!&m_sK&UB`nhc#ZG7` zU|S?}`BujqGAaWde*l;W<;w^Og$h@W@+|-y0dDsiDM$?PB-gqIRMy;^JNlF;gIBtw zWYJ%=ieztD54#6N_%sHRneaEPr3E-pxtvxTQ|cHm25_%&|6P7A|0VLJfoj7Xi@_Io z4{o)+hB6z$=LZf*SX#^W&)%Sa{Cw7*Rs8>fMkUKzTF19D&v$>;^ZysGPhK8X-v6&( zzc~7X|9^=eDQL@M|L&cu&Lt$GQx=_)y-pU)dBFh1i{$uX2AH>u-LVWZd?Nn}y}Mun z7NML_oo+fH*JCN9mbukTKZ@)=WEn|B$l9_M8i(J$#Qv+}F)Xh$IREyg!CBZ-AN6qi zNx>rW?aS7b7lgWFw*$uh(PSluphlpZ@+UHOr_3?gh^+4zc2;%?fHt;+ysf(^7O9+y zyabY&{v(g$vY^0ui>zeouUd=j{ZYW^3^#9?=>q}x%q;f@ht?Gn3|qLy~rU{pgqmwZ2r zuZNa;mVWPZk?hr!KchJh>MBg}gJ=6$MfRIAA)Or5Tr0>ACU^!816sPkl4{lnueR5y z*)Jf)tn0lm3)J;HE(GS^Mym(HqS@uaqyQoc;fym(d?4qL)qkuP&K|L?Z^kUi+r;1>7(Y)iW| zS*}$5TF}{s^;4S)DK??A`c*9K2Y>ZC@)P0@K@F9CAVh3lwGIiO6Y0&}CbA!V=FG(- zc~F{9e8E&p<7)`9k4nsp3ePNrCNJhJdyXZ|7##SnD3f9>^TTok3f8fqp@EK6O`;XD zJL+xA0zH%Q>T#$-bz{&U$v;X_Q0%{+`*>q=>9(}veOJjKE%i29-dGOL8{O)PcB?L* ze)$-T7qPWKONJJRjJ1i%1Ghj}EI_8d%e05lK5Ng~qLg@)~NO1xO?s z88Sx%Z~j5P@q0}&YLZElTsFy|Nqz((rQ(rgEpgW>9)&{(S)4b?h&RcEH_0V$k^yg$ zANdoA0sx1*ZxpDujx1%GG6kC}rz`8=CV9#p$*Y?r{+c$)Mp~$?;gV$IHu-1o495|5 z?F+6f#2Aa!F*oP44QH!kv1{3x@`By;80bN<`kN2Gx$d=|#AvcC-K#Og^n3rF^o~-aU20;>p&-QjBWDuqvgVHY|JqcSpCk1&@@w*N9~SOA7U5 zST|C9-viGmZGDoO23E+XSdBg~@V2T}-!~~n&_R|u4WbADydG|}+XDhv$=YEw72%RF zx|Re%%0>pxZ_J8f!#R>{LSCc}2B7D3z3%a5bFpf{K^c;PkvLF-AiM#J;r3^*;4%AE zB%9Za$Bf8=E7nGTZjyrDGvhABlJ+CN=P3(0ZHsJnDF1bM#q;8wxO-Q8e5Zl>-pPTy z`zXLW7XdU~jSKsbGH}6|{JLJkT$AmaTjwjcH{;$1v*P}`QdN{71m!w3Xn>Q~>(g7zx1euhtT6K-f(lncu zXdOaL9vIz8Zcr@SE+z$dx??ks6y+Dd!0?>0y;e^f`k{FqFWLpmi}w46xJ|R!@n4Tm zUg(cM|9txYj77|Tcso!WC^w(-xp>rnJbj2|gOfQ+mU})WwUqknUVY!qx?Y>r?)G-n ztj&V(hv9i242K)m^|E_TWLY8$uhwC_PeLwBpsHyhN_6Gd%Hu>Nt)DwYHU?OrN^;=| zxfot{&(Fv04{@{`pHXx8xwF$Oe(rqQM4ovP5&H2BM989zx>+nspz!JmX!kJHw3at4 zNB9CtpnmtFJ$idP6p6gFYZNuL-TFwVs<6_tytR3u%0?RF|ufC>k z?SS1cYArYIkWK(OBGg8y-y%P${2zsYXw1}Z6p@ic6uazS15FgH)mo2iu{yEK`CKQX zJ^O=(IKy7T8+Ih~iiVvL0ND=6(10eTVyC|B2y3v3c@~S6Ul{5rw`?LPC$Cj z9#}|JhKUsOY37AUQx;awY2`(=l?6(6g&`29jVfWR`k_aR*(ldREYOWl0);LF+_7&F z&-WSzo_+MTdndB)sMl4v9~;!KE9+JDum=Bq^tNj_TK5j|qE|gpbsaz2Qn#Q`ex8LJ zF3sagJZ=8E-d6L!65GvR*9o>lJo*d-xzNZOJCVcG+DHspa@(EYVKeClYJr)apAP-* z0D`M_CWTvZBQ^Tn0feTlqlgnB<%5Rl1^{2``6)1Qps9AEfLn1R1ytcD6QHQzOIe?N z@O0L0H_uO=GY?{GCj$9ZHBLnDG zhOBr#Mk=SZ)0Mhhp*nTq-s9#j_3p^=Y6^6hvH~#Z8d{3fJ)#jkpP2+(?t$eBRT9)u zK;EWn=4~!pJKHaKpQ=~!L!$nzBW8;1wkM;ew%Y0px_!#fP@iX3qY9c#bg0*!vP2XHs zE13M}zuoi!-S%2rD!*xpcj`Ke#0u9HPw0Vl))(1x-(gBzTBjlCS({3ohQRqu-nu52 zWR2=iQBFtexmrKnZQZx(tKXJ*9=(}7rCCCwc~PVzk*)N|RKu4=h;plu>-uIg8C9pT zu1sZT*OXjuhI`7i@+Zz~yv@W`*c57uKJV0GR%ASQ%H#%EbJO%H#nw+y75>C2;$I^% zn{BYCUSSd6dcEv=4C0VVil?}zI{rj;vV~Gl5A_+`6!frN+^=Qh`)bYFnvJ36oxy(wK5b|939PzGn))qjOFak2RyRDrqi)Bvt2L_o*CF&atb3`r!@Xl) zR@s_+t0C^h!I$f-nb>xWyr#k@@Nx$eZUYm9l1nU5aW?PcY9=_)MeBsdU52gc8i;gT zChk{Rvkbu2Wht_Wuj^7co60%cZ9<(<|3|hdWXCPKVFH~|pE#xJ$FB;xi}5Mb=!z&} zLD5eNmOapwP9b(Ol?rR7R4uZS3#%sOiLch#`k-G#Wj^127GCi+bAWOiW};UH%W_q= zmXGhSFnEKFqH@NQQTNT}DOD=0D7NL~yt1D#J&33pl~FVX?9H_iMHuHL3lmj(-93+`5z^DdAwpbMHHdK= z=asFLSkP6y4r}RC{h*7v8M0RQ!MNq$dF(i$eu8@IpB*3n$Il->fBgLM^S|rQ{|W#A N|NrOhtt9~B0{|NKin{;+ diff --git a/CONTENT/helm-charts/ibm-dba-cscmis-1.7.0.tgz b/CONTENT/helm-charts/ibm-dba-cscmis-1.7.0.tgz deleted file mode 100644 index 982e6731a8c81fe58ebcac1acfb0f01b9c675a0c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 63859 zcmV(|K+(S+iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvJcN@30D2$)K=TqP^Ju6Z#Nxj&L6Xo>&7EMt$Zz+<8r0n># zU0UD_NFo{zCcunjw$1OeKMQ*U7|aVP*-q2;d7`!ANHYUqV*}XO@0%~TooGorp$fNL zo%Au>V`s&q-|2TW`^3}!pHy7t;r~h$!_Ttqy z=l?-Ye?b`b{^Tm7@;^?$c&zH={!M;p%HJ`mxJWL^!&yMn)cyIQd)j>&L`;Q}rx`pN zzP=%Skz_2%$PG>Cnr-#3!z5!;q)gH!k9oEub0!~n$Q1TL_%;9dDqzW)C+w1}MV7|F zMr_$7*<@L&E>BJ#A0NAXx$TBxdqNW$?=l{$lU$v!O|B}_gF8Am5;6`hzKPWYCtnK~K1z8Umy?#^DFempxp z?f#gqgL}4n6f#nmL5K7#R6&QZa2s?;m@@q@_7Zf+us@x>o%E+chm=p1{tEv`x6wB* zgAVD7?Uu=q(-_+Y_xX}J#DD#N{&3bkJL{f)9c(F2GRhMs0f>ZZq`@l0B98+6yE0nF zJ~y!1`Ct{{xM4rhZ`p@WlE5=HY21@}7}gEP3EkB${w4^2oCdiFuaA4ElDUw28{YjUN7nCtOphE*Y-$VvRCM!~7-N3Ya}3VJ_nx zSxO4HS!GO;uM0eX-G%+|Q_fTdSSKV*^GkAZdb)+bwrmUgOmSlR5lW$J}hW^cPPNq^sd8of2ie;I`qu#>B z<2gRnu;>@>3PP`k3R89~V|Ov~B@M$)n6i#N=lb`EJzRcw`t9k-qv9vmD@k9yAMFZEi7+i=0RY#~PcfnAap z-vDuhH*((_y_5Si+%W(B`M2NN55f%#?OE>i6Fk>3D^9$YL zA%+g!XNrZnWH&6MS2UyMon5>Yk25CU@+e}-6xf=KGv(U;lry>0ppEoCx+G`cp27xH z`Bv|O|IV4@Os#~JOcj7J71EUDiJ~hu&m>RQn$@OZrf+tC-^>L~=lrkCcAQF{WY>8d z&odg{FZ3bsKoxPsTUDqi+Qvf}Gp!l}_;Zbfp#GRZ^rUh<5|Nt#`f^U{m?LpVsH zRB*jrw)m`@th>uNXIuWUo3QNiyVLJ3u+i(AAKvKcU6N32frn(_wre2hx^HaXp-7pY z)_=jJLxdzku4!Vh5uBsS2a}yhh zwKDhSLfo_DlKfXJ*2IiWGX1PT!(5{Zke0DT-y|AGFs*egmNX`*CSxjNNyzLBRp31= zO%u-9S48hlvr(r~JaA11HAV~?bnjEI+muSWW%>}pMS2p^j4r8Sf&S&4i1RJGe4>q} z&;bF~d?lp*tG`;SOh|S~TEJ<9t93^|Xq7+H*z!M%h5hWSugKh7srvrYZHQRG?}LwA zX+)5IO!?OES-Ix2mOJFJXbRViUSQo3+osu$C?Gjx%V?rVB$BT)-H6bHFx??^roVRG zKRsb)KApbn@0m9bQ$2Th)@p1~MS*S+3)|ul9_E>lbj|uPRqE+!Rz4?0d4G>Vh-$Uq zIsa>Y70=%A%DVz?{Z65@duf*U67FF25WAet}C zVC{$40$5WSX-=MO1aMJbX^yCaEMtd#q}w!R-B^S))~{%ihzxd^{q!rMc|(~n&D(Qv zVqocp8o`%DOa335zszFQp&`slA7NO9EH3&rlP6ovD=rz?(ggWwoQ9Sz+~xq{+qEq_ zh{+7sw=|Vb7AyN%dCu_9o|*r%Wwn3APeuNB0@}%VvKY*}*~je5$9O{iKYQ`bMMeI< zc=?ykGNg*5NtAh)xTzEEVIBye+Ym|~g}+R`Lamzql1R&N)JDbWPXNuq`v z20-OBn@Pr#tHIrLGF$xNcSrj4hgnS4EF+zcJGJC*e-|G8y{Rk|m;jY+G#zq_kEj`f%=(j`Ctd|Ux>IIRGv zyI0Qx^Y3IWSxQnVKJLih34OdLU;ho5ck;WlpT8!@Riw?IjkP=Y{FlYu*}oa?^l0Hm zSQ++rX3WdqIV_bvQO(~VCjVba$UpOEFa5uxs})apw(Dl;7wUqap#SG}`_DHQ=imHB z|9_32zy0mx_rxwW>A1sFX3`=Ns*_M8Axks(r4S-ds8W2LbW#y@^pQUyzd!l;=OFmo z-#R2>E1uK|iT=zE*&;vx9DMcVqiWt*M674JMeUwsKjmDq=qlG@!93isD35uv9)fPf zJRW>xVQ$4?LNwew3FAC!2HcJ?+tW8vN0>fKBJvDWJl*5ZKLcoA8O^Izw{G(|<7v!b z=5rRaFcWgY=?ln6QS$DrHw$06A+WvY!`W*dh5b1EVd(nPb^3WsJ95lJQph1P_x zh)A6LRUeWoqG-m|inFMTogapJOS5n@_?T)zL5mWNK$ph&WSB(~?=;{vj_bqOmW@C^ z(3nRAY?_&n>XHnTHW`ad{||&@)h1Vhsj^GwF&Jx8=o@M=g+Z2 z9vNS6vP+m{!?(o*(P(9rQuy=hEp)>|l$M|w`9S~o-~SsHr%b9Zzy6<;|4v_?SMUE9 zFJJt2|Nk04aQ{E>?Ilqx1B0%<9saP@XaTDT+~)eLVDK>o!(>Gh2bz*@V7}XboI!Hv z6d!@jvx^Q#S{iVNRew2oU{dmkxfA!z3;309=lN>IKay6b=uGeD4pNho-v@o8-g0AT zxn)Ow%4y6snb&eIOrRUQXV^P@pXo95WE5GlkmiaJCAN(G(H&5n_KLGOQiMu|mPAyl zftB`XiHgdr@mzlkn)#H4$4_IYkge>beg}hH{^9wkvMoVyT9MX&s?L9^R$1gS-F^yI z|JghAx1WFH&tCcucHu2oortBe*lk(z*?xhC>HqoJ#fysn&-v-atJB};|F7}m`~T52 zRVNQ;!97o+OLFDbJ=n60Ml_>^1>*U7qJWT?E?I2Y6`H1pTbEiAyj`G$PyftIiInZK zrdhHdY?$QePT_xHyc6|DnmikSBIBE(KQz?U_ddcNm0{^|F2LZ8yvcp)^i(Ek#@0q! z)few2nTc34wzp|SGlsMDpV)!6^y562dS++EliP$oP#)7|Y@S;%47}bl>Yum-`lqkW zQ%hjKaUUOC%xA5a0o1oY*|sTq!wj!3N$cX(i&vfD`HNQdt+Dkv4@xqn_n?C9<(b$* zm$f$Te6-HK>z;PcY9F8zz$Ix-XOsS5KA+6)-t|VegS*@Da8dhO&wS0IzHpA6q}7XK z{Lb!2V$4!wmOTo2U-)I%7gIgY>cio*Uw#OFE<8gwnU7h4ESV=gH5SQCh{8w3dv&Xr z1SgHtGxuVpj7P+Ual|oWgOZ@*e@jcsnWt4Pg^s8T@>ax>jC|womsCW( zB;&nG$HYlwpQ!w?P+Ph0%$uhj&y1y|`peQwbD-uW8sY!!7YK`yK`^9gT6?uu7_>ii zp|I%n6Av~1WFiHxYw%TRmE}~u+n}Lo6BfJKDLT+ule9dF3Xi&l^CtQE=gZpbjIPPg zKNsi5*}<)sX01ix!s*ZA>6@xy>U&SjfrCK^jbrgRmHdInY|RELq%nHflujdoZD~G= z>hC0@(Ikm?`cPi;n5mu0*tX%j{fC#3kf!L&#jBekk|HfX>5$%NnqtR-Ik_#*S6{6XQjm?*6H$zreT^_+WBsq&w~S7d`Dk<#?HcDk@^|u6E;3ft>EQs= z+2rcBzi1kub@jS;({D9FHFFKY64C*rn#R3d3LgVVnm&hOq0 zX7k}>{8^Ls9Aghpyg#_RosB+k4Dhr)-2LKzKC5f%gL}C1|NHLd?(LvAz5C&2-nep4 zj#K#clAnLxHm$KY#t&aO#>ahQ^l$oii{Z`SZZWwV4c|3x^Oo@$ZfrmMvi7(0!R)Tz z>%Sd5-HmlkZiM6Qp#R6o?c%OKnSSU`#*4xDsgtp1XVsma5ATGl!FBI;w7BX0FkB3p zH^Y;IR=la7I5zJ_h_TO`pK;MXJjQ&`znu+k28-TRZ_)ew(Hi`}4-b4j94!X3x5KNe z!FW2GOb4^YaPWCZZFVm|Jp6y(4rU+pMjQ=qhM%{A%5Lk2hno%Nw>Q1lqk$fGIGA5g zX0yTk^Tyrd7=IXm!Mxv_4sOTu-t}O;G{v>-9fxz=nW2xw%499O4AEtww+ePp7a5P+e z_&hqYCyv4g!PpyZM@0}r*Es3!*>{ui-OXSz8}{dS?`OlsV0Jf|E}mw7_5?|E8zLm0 z*!Ug*^TF)hus^sPjIXAX;geU`(=d3U1y4iq`sRnbH?zs@^z(i&mis{PZO*1^x4#s&iw6gI(_cJY>L3?R>Nm{m+}>_|4s7^2foxX*-$jW;mY@$8TCsg3}N{^gNj6(_a6;G5st^OmNbk zP169&hr8+I>TcY-X}GnorKsr&!Hhg(tGdDt-b`t>xpW$P&{Q2B6_D_c8X7!x_m4kp zpv<2=u*ztbt8OYHuUpAz#1p3U9lT_I`z%c7BD`nWWkpllppoGT&p3^*SWI_w7K$WN z`Ws(8$0Qe#dw1av#J5c3nR|EUw_8yj=aMZplBtb|qf7FQdmHly_KyMm#p!3le(_Au zA0PtmM&wDRE-k5KKe+=`M9Fpchl4%uYa3G4e7t;}g4az$&|OW>x7E<&)@q%IG&|wT z?a5=Dp5#iNC?+46R40Z;%;8VtYI-F_$`f@WjDv+L_p9Z zeS4ns^R)lhCZ%7P59-PI&$Fuk@2j(m-~7LRm7mJ_^Ag+m=da`?R(x{uaK2<2wH{+d zzMQFuylgpN;y$LgU&V#&pcm1n`Y?U53z`1LxsjFf{&>X4N2~V@j!{Ytw69U|jd2~* zs9it~Atz8Z`SR)KHGe+xEboY#AD>B@q6h0(Z#A3uig*qLmK>X82x)Hq#*|0B2PWy7 zd1;UK&iZhUq^59&-+n&v=V|(HVuQcn4tR?GpI75Q&QDKY{uclLtNc{*eztQ!7=+9pIpD~rG6PF=S-vs(mCl%4BUIkCZ|9|u1v_k*SPcMF>|G&ylBmJL> zsDbvk8b~AT2`$anT=H8R7H_+1bFvZQzI91p^Qb%wnNq(@Oi1fF1mEf!9DQ$^MXN&L zTg@cCWoZ0Y;HLlQu7&r{UHsentN*zayZqoLM3Wp5{(Yu zdpxWgJiyD2@10MVZ}qu=&VLDad6S{(lKiQqHmx>kbwd4bn9G=S6zK?Z60wJqB#&d# zc_d%|=il^Ie;0~~{rt7ft@C`~FQ3P=oQRYqt3-Ej_ZX)w@)yGr{$pM3zal>}^{?)H zkEvrbDl;41FlG--{%TxL<^Jz#s*OHXzuXv4-2bN+-&FJeygd8nd%vPTi>)a;}49aG~0O3 zX%York%X-=!`x9S*@}O(xnBO)ahK@h2RUX^1c{_fLbC8~(7l@9%`+ic@D&tK5D9tL zpOc776?E4;JAr=@{Ghx1t2}{!?SswwME_&|R1e8X(b1BI_jwAr4^;5`u6j&^-*=bv zKKOk%+or+q|Np^Pux(G&bmiXVgUp@VF5z?a**Fcx`q zm(u%_Elv1}DGZ?g*Ai$d=ifw?{IX*_5&!+o`B}C8!;90Gzv=&fl^=5%EjEm3(vQ3~ z;mRfek4TLQgD<%@1EMXT@ut>d5RzN{RqEp{?PL2=iSpb`M)&DsoatC)6#2Mf#KR)o?MKjOXNfG9$P1L7U75CaP&T8Moo9 ztKobx8@|2;2R_}wS(jWfV3#!$+qLs+nOU@m+CVlbMllCfhWWOVNV9?wwt|S_Tro`y zQ|C0?HeKm&Bd#*Zm%v{Ws!UoCNa8$aA$D>`vW*n^dPBa$Tq|6W$T&Gy;S#b2SSZq+ zlzSw zq9K5FtQOoqwGP$IW__4`2_Q+&g-#aYKG!Q(&-`kK`8M4M? z8@t!>6<|P;qEL|@7s_fNU~PTh!t|Frgq}j*K4u=d-c3T1BhHU;dDModx~COiWjlRU zhPvyci_`x+hT-%@j)=D%<(bN80(ZLFP|1|-ksp&KOW2BsoW|weJvfUc{~+=fIT8|n zldWTa)oB7adEim5`;x@pAEpELk;#xNU@n;4a+8n^_8A@mSeDvWn}d0&1?5+&JI%#= zt&unMHVlaj}oiwQExA_XAvzQwcXjn)auv`e$ck( zzi=Z(cA@}%veX{G8$B&L=WaE*9&w=Cima|;&JelO&G zjVNdl9Uuleq<30z1bAYn;SK~t;$w~&9uS`}agw}L%1o`qICAe;wO7Xy>A_aLbO<5B0k7UVW@pxQd;fhKA zfK0JQh-y`LfF7e62WIxBC&YmTd`T7LJA|Vc=`r-~mtu>wN)H9g1tp9&JluH1fJNXm zPh%n(R!LB8Uy0WyET&5#?O#ILW%f^#(GuYF+*`|+pgy(=5$+ncc^T|>wVW()kz%;f@vUsQEihDrZk|(fF61ru_ zcF}o~F}Z?*Lt@qT?nsB!8c-TLOstAk?`u+S?)b(Pubu&SWWDhm0?mQ5cd3IzcUD>x z*u#W`la`y4bxFhf-jQXoBB1b;BH>|MufmeX zu#X<4ZkGV_kta5By0ZQi#BL>rD2=B~6^8}zui6K%B1gOYF+}3QM7EU2x^aw2Nxdt} zu|lZJQa%aiO65#nAtBt6<_lbYee)r=;&?3|>1~gUly-rKZH>2xt1wq^%fpCUpqGY? zd=C__xSH5Ui-huA?S2eJqEa5_B3JQ_Y^l80q)!&yk!87<;_Ji~hR|ySh;7`7npm~Q zA|sUeXSLg^AK?mr?WS!{;FBzmk3dZyx0ON3hAOgTEFqGG3@G_>R~n}{go^!?vm}f4 zu%VEtkS=Ggcl?kLop;F_%~t7Q`)>M{vm)~xFITfy8-*F~nE6zh(QrdN1QAU_mOJF) zfG_wUazZtSm$EFUvE6=9f%B1TULz4n2UcG32l%rSLUyD!kzz;VY}Z*y#@d8S$sRHV734h4moX3Ho!+QvOn2?#Ny;Q%wF;gX#=@7|d^X?F zVqlhQBQ{*;KwEHuUU&;Mr4ZNu@4q@n>|@B%Odl|n6;)ceA_@hfW0K-rz17>&d)6i! z`oMt8vjBk{EmkYd=Lw=%9JkHCe47fH;lemNU>Ie?6#|*DGt(%*HL{~Z$qRioB=HWh ztZA144g83$BE*~Aa)+Jx*mZQ%Rx#voI#-e>Yb(((Ztp(-;2)`DLSx9RZ3MvWk|&O< zhi26Vc0wrOn%g!LhRG`fXNGvxOJVOisNwiQ6s$T<$S_-8)fG|CcP~@6_!oPV!D2eH#%6X=z8Z#^grZHxLFL;6qRXjxC;7&lml@Yaz ze!^mLc6M5JJ+{E9LKbm7t@2K^ERz*R%}KF>Msdc>m1nssydCrr)vIUs3RRY2i)iLH zpTjO!ASXsh3SM@}jQN_OE)2b;yMnS+sZc0VZh4y$JvzYU!IEgUkwrY;ws9Y6j)rF& z;cn!z*o;^B9!l0OL?J*(v9-30RVsjbwCgf(a@8@;G*=l}Yj`zyC~rs>@{~hdzt8$Q z=}`aFCQ9Lcs7eyw!!>HhTzX@o;-+AwO>J9+N*$@UkQ7^<=zW6HqaWF&Nu1l#x=$^- zuNkIFhJMN;hu+ANWt1mv%Qt%>JV*!0t~NPuU^if~A=;4Z-rbIEv%A}xEJjT8O>K{v zfGwI8$IZ+QRS*sER7q-?b3^KB`vBk~0Ss-*q@JcmC!RQ&6&DvV9DH@6Wu!&NnrON8 zH-evD>ehI&81@G(lCh7N!df3YGlpily>a~0<&l7flTyPhte4l76+J1KjzPvOHXUn3 zt92Ie(Qk+vPzIa`OriZ8y!xi?MhrLN6*e2qNX)3x;*_tMH%*Gu3eJ-1(t=4Xj0LU> z43&13Itat}J~1zCGXGqc6;On)3Ob{&%yn@C*83N-UB@!Dyq>4!vN^l!SXxz13NR24 zOyXi?8!n@cp5)H0O(NtLiqp|FWfbZ$Gg~2E)zR#&H!u$#THp+9uEk&I(KC=Z z{l>1!MS99CPmQ%#byaZsdc>+C2U)$PuYLX$(af+}0H(KLunS~eBWr!c_G6LhM$UQz z_sdeCP^ORV8pJz&jR0sWPnlFKVrU4`$G}?>GZ1nYs36T)Arh@6!;QZ)Cj=xi2Ht?~ zhymes2$5_}CEAs$vWKw+eA6Wh%YZ0Trrz?=kpRk>AD zwQYC-F@Fkavn}JtcGFsj+lAK2h^f{k683~-R0)WF!zImCCbm@W02-cu2q0vg>AUgN7>rG4-lTuDAlxiAnv{dnz?vcJ2^3P?tMfvr$7D)5n4gz$$|9 zQfR^2#e$i$uL@9)G^~s|XG~wXbzk#Ll^6Gz2(b9IdUGd^oqreLq~ho!lPFW{@dQzW&?vQbUj>*2Xk~E=$SsI zz1d>eza8~vWO_TBPUZu=ZP8j7vslY&Diw+1V08e?3`&LN?LyO3id1sVp2LJ!BnMq7 z?7xEIdiqk-HY$~GK~}NknydSI?JOYb#?A`bSl`fE7iMwqecL4?hf>{W#7#o8E*a{Z zm#_!DcQqW?M69GeW~mfpxt3d?58KT^~Y{rCqX^!@x!(082}^bY0fr>({O%E!h_~E%Y}v;Ay5knn$D839dxdQk`)7b(k2uj zq)Etd5-F-d4fWf>zGK^jXYM>Y>uqddCt?{JEfnxACz|YN&KFHBm}0@oS6r3MJ*-RK zibpL8p(yDP2Ke+kF6IXwElKQILmba-%p#z~HIFqREyyUq3!F}2MJXtHp(*mVfzb(@ z>VH6=^?}Fp4!Bu4+(c}}k_cODL>x7!&Z*o2C9=%5!(wrqb14gJnb90mrI^&m$0$+T zb-nR&XPAv*LRiG#;nXqnkKS(d*hU8nZs5WAO5dwZZgB9vH=Pc~SHmAJ^%8=%AWh?) z@7^~mH1Yt-qq8LuLKe?#&^B%qWo?3Gs|Aml!~g@7=GuiMZ^~=2B#ebZqQ8_hyl0sr ztv~&xRR}3D4ef2WvzrO1s*(CUNxDmpu0-;+^B3^WsO|iJ9itZ{h^cBL@;K5gzJtR^ z2i~>q*=F@wQM)9gADtl-gn9&^OWrd=VXH>MD_|jY)jo8?7UX|r5z#cbrSFQe<l$2bJN5KUhjx z7!&`r+wFFLA%C((;VM?vzrg3Cz3!w=F7jMK$&voR`CJ}0Ck=>LCy@$&RVHUH1W%NM`Z|NK>cQ2!7F3*WoEu&&qx zKP>K2_mx6FM|8EdMV+TotR>y5E*a?S|4@5(9`l8F1+iobfCzj-&sF>>iqGdNxs}lw3)Bk^ylqJ_fZjaHm1aqqEd0g|D zjaf!)8HgKj)sp1lqI=PO5&Yqkeu5wf%vmSHF_vzDP>4l=Kn1>K`Z|O4#>%I)>%6cT zHLXsgf|MtYleJ1#Gh_wXsbmivUB8OkbGb7~BB0yh>l<)uFpr#45ww?$?aM>(gs|1h zShRgmz)VOWi*#bmG8RfZ)1FhB9{tbR`97NXe2QEbdi~DJv^#zKBNruqZTf-qM z&JF1Isf_GlK|xD6lJ&JhRnE%ap4}iA87+-|2^1#?dde!P3(@7-Tevlxj(RPmJ0-P} zcc9z)z*%oHM^mZO7@+{*Dex`0sQbs)5N76;P-Y}%4=mO*EHAy0oWXoGl_F$H2}vOG zoZKc{!#sU=+d6I&>Qa)GU(f98(o=lsv?GR{)wJHi0VcVWax@G$mrMpe2JAs!VPS#d zsT2Y{JO{;n(ygu^=tHzLxGYtWrrz*d8g6*PjO(qYT6*SlS8bx8O+pe?cnMmU87&=z z#&p(G8d~WtX){Vtda~1OfIwv-)O{qnl4kcQ(Sw(^0IL zzQ2bBwQm<7afGPs>Rs71`jIuUdWyl}!rFb5^?Lw$6+91i?LDnF0+N411P$LZwV@IO zFd>bTxpVlG;5Z{BcuJH3GOB4KF2%dTnu<0>t1GagpR=l2!KcEEpggJ^8jO(CbbdTd zq*2)E4Yl;6VmzAR?~cO@q$i576?SXbU9P;R+#zM^!r7M$@+2eg=8n5Hb}(lHFrJ+? zo4x_Q5$bLb%#CPi0!{4w`L%LFr@@h7#8x6t+&K)f`UHPq9ar7Z%fQx zDX_`&;-SdncdT8Nn;tL;N$EV7&$9gxj7AzKiBTWg0m1ahGeutKNfe`7f1T7>hn$_y z%u`LQc!_=20N`oT@F$U54+{tSS)kq+k!^^-4f^xr!5|h$&(NOuX7RyU(MxiKa}X^L zpf`7YdfpCt5{2M2Rqvt@s0^$ADa!)Kv#C?-8*S_id$|#wXihQqNTf3|I^F^uqSB4j z^t83N(-wJzeUA!!<7bDGU#^&{dt2{H_CsTT15+%DZg9O8GRq;bLB)>?R>uay--IQ* z%a#CQ!EhPboQnhPr1 zWEJxey`l?&Xdm-ei13A{N%NlkTG=b3ppUuAto~Kys}&DHU@M)RvM^YVDulq*2PXab zn$1idl{X0R*qcU*Vh(ll@zop5QNltWei$PdcV>b_VUeJTUFt{X3(p!@GJSUo@?edr zJtj-4I10@Ud(eS*eD`nSrkw@@o}He;poYmLN9ks#;6@aZJaC!iG(I+wP5TZ4_N1Vm zNVP+cxqGx`6sHl_Oe(JZxoLG^;hQNX3d?hdSR+?dZI(g{P5Q(Qw1|^RO#{l(7^FRh zs_*8psZnQ=yQxM&?wUo+M04BkU=;ga3sh@JR#xhIOdt5#J-vE;?t_KJB**~SAo$`v zTdEXdQ+miSx)B+6F*k{_$Q95vA$R`UIyCxGf(%XRi$Sv1>-{>9@5vBiXUIZ`7{R3M zM@rst_Ba_2G^$sa#*N10Mnt)BWx3&@6#5<`6Mb;mQ%$E#ZYg-p&sao5Z(^p`Cpu_& z{SG(iCqmWGssXnB4NLoD`mMz<$_#ILrgy%>^E9TJrVIxg^_kujl*}_BHGiSc+l*zB zvxg^!yP92GoPI{Tc|y}zg!j*E8jCz~pO!kBq%48rk{z2OK4SG#R2_bB(-kAW=bSv@G*^rWRhGlmXcmV<6Xu>d)ubClcb0lUr|4qK_o_=0i_CqGwmJyhXfW(j;TcQ8E9n_ukEjBdc74OI z@)$D?fbJoq+mxhnzUI#wwii86P&cJisYf9rl0wozB6E$V=XVrTl$?dvUl0t-5-0@B zyO?T>nD*PY+GT;2Cdjrg8Hu3cKv|6R48F*?VYWzpidihutySk|Ol7_(YxFAS>qI1- z!bu$x3q3&Mpu^Gh&?_i=On@&q3S@Z#&#+2h#OXQ_ibGdsxFt)%&6di0wA5#G4Zr-9 zQ*foCO63x|GJx!?N0pfsdZS=x@eTz9m!bh=_Kz7$Tt1bOq6xF)`{uIC2 zy6z!iMfaIx$zKsWTBFpW3XgS=cbx}%;R-{%#qjw#&A=JnI^GpNAbk-TrGulcMS2GP z`C8I+V*^~AfCD1SN1%M!hV6hs->?{sL0WD{WdP{0nC8txR!I^Q(?=AF&`m+%h%T8K zm@ExSJR)7PewkbZJYt%iZS9+0t830+^XpQEHD6s<4JokEWQ8ixQ*qXv_K(ytQ4CH? zwy`(Xcrv~lzP`D$cD@yl8CY3CjCN9|D(e}WE<*#2Cm@#Y!_w|40trg0F|fyhZ_e=b zO}jkPBChJt{OsD*i3m8TTlx)n(7+IAGn6ZLb(@Gv(Ml%mH4UaU?@IDcbF^kq#pHk9nNk&n7 z2AFqLskREoewo!Rub$ZHs!bYIt|060Ta+Ns(z#RGIQ?C5>OR>> zCgii*80(_-D`rul0&NXPy|FR5`Q$tEQvk)zT2Qgg@co!|UT~j;Ov$obCS^VV9DRk1 z%FcCm$xuP%1$7q2EY0bVm4rAP7XyYTzjY%Lw(Bfucu(Hs6tKctRvT~UsWA2Gq_D_r!x4~~}D_0@3RAN7Xd z-}?c4e0!r28T>Gv4d&?cJG_~WhJ!1=r%Fc5;kZA#y&8_+w8`t+1sP8kWHh`PE(TX* zF=>;<+ktKT0o;k3!)C~2MxaXf^Lb+xZ4wKWk%(s0{Ho{!Pu4~e4Np=jR$P+~*!_}eFtVp++pSC4NbF6b8HgI-33&tB z8H^3-eZ?f zQb&>WYd%~0#uys~EM;-W6ygYCzFdcLmu4Lhk^;r>^G=@eSOsdQVzKTd z>tL5}J1E(9R#a&TZp)<A7boUiL@`K^x?O^6^T7CK9J=ZSo(@(iN@!79=ed-eo zbU|;ViKJo7$Ry9SG)smF`bL1Ju;%|+arg9hi#tzVPb(f9?IQ%TSaab6XOC5tB=CWa zK(vn0`@|ST4ZOGWUYiV)uuG0w_^5TahGs1EQ?g(aVi9S@h z7X;KRbBs8y-k!EetH==$=`W4N-Jl6av0e|}FvGe(?4HB|wF65r>5=)Qh$hy3G-AZ# z_?<&dZ2e;)Qv}j^br}RlXUBEy>)WWrPrDS-(r9Z+mj56)IzKK`5cDkY)3sSDy|hFP zb`WYkUBXS9zE=Q6C?|hYO&RlQ=+eNvIIfd3qh_;QK^`O3bm~9QA1WgA!~|Y7qt;QJ zRB|s-Xb}*j$A5Y3SOlb##NR*)t@19I>4C{2Hp_yBl{WMuo7=tA!`I%`rU$$@CX12| z4JzrlGhL2T!i{~KaDc3D19^R}V4)X|8q-BD)FSb1f4I;xaUp|RPx=BkQ^_kTw+t9t@Dl-_$C|#gOBU1qo?-_OOlMA?DvR4i z)(Ce^8h0Dron@`c`~a+v)sUEr@S4XAQV@fN$ABJ{Ut7J7%VT3Ec-$p(&Aya zJ#&||HcxyPiaqVJ|aYpYUKqaKPbNZzZf}=!dQ!Qvo9A~fv-r6L7 zfJ#kv6NVIWbi^WAGig21e9Tj&_!>um;~yI@+%^G|jZN~HG09XZX-BCfgk$iJZ6Zlj z6R3Q>X38a`a`#>#A_4qo$3T)R+L3)1friNE8;X-BFy!Yp6^T&{NcL0Cly8@ZCDL>D zCF3GctZ*OHI0xh)nLyd7ks(_N$=1S4r^A?+R2R@%O`PlH$8D25vF`aSY8TmdVWKJJ zQ72E0H#Mp^Tx>l(b{wQZyLH7C(&aybT+|VxZE~N8$IeDPLXs7Il-kJk@}F`IQu2Tq zvD%QPTRbrIp~NKJhNrY1+$g)5Op;dl;ERKmMS1SpE{`$1VoQ^JMMJQ^pvSJfXIYW? zpgvDiaN`(x7|*jh5@nYQvsR@;P*^l1qt)!BR3Rtd7s(25@Uo|P%OtysP0k+Y<-TDB z@o@nd515gPCu>)f!pj3y43JQmyv@%FIVT<%rZ6e<5r<$i{H8_&S79tvF4-j{S3R%_ zZODX*In4c@Y(7^{L2bAOqwZTnq|)IPenQ7+_ent^Y?x2k$G=U|m?n_&OVi*sQJJI} zTZ6&hap$UR)^~YxxXO5_FdYq*T$zA$tJYVFDYf+z%hM343I zP(_52={FP+Gpg952u^{a!7Ik1B@ORO)Yy6>>>(MrOc0nE>phUt6vRclL+XocQo|ZS@u`823o3&0>AlPBbC~wn-1&u+;oL^x zLM&*K$0gTSD=Tsv)@_vytFOeJaN00@J zfw@?-cX~!kM&O3aHZ<|mA?lZyg`(6XJoc23ww$kT;+z)<&IIT-R2jMo)HQG$f~k-r(1TML;f4{Q9j6s{-Q*iikZ z8LX|B?egGC1;OB>6PJyD`pgSuHAyObOO9o@z>p*Wid`2qQ&=yeZNt5mySDznta{m6 z9aCC(1eZf<8N!6TvHmTlk4m#H>pU(BE`c9r#s3habiWp2g&gqh@QVGV;jQ4V4` z>|@y`x7~TS6oU)}i#}q>V6cmuKe}Y$qCtw`F$-3q?W~MWpw1u3#3k|4YPg&lMpjTK z*cngOCpEKWo)~l3mQf(i5Rv`dX!}Z1g4zRAjO#J{A(p$M1Y5~jc3H#&bxAL&+Hf8*jExoVVR`Rods8!)+YNr9cAD z{ zZ8LiR*{2qQh8hx&OyAueAA0vC`(AH{Vqt2*k}jyyuLX+CnT5tTwA&ifo@a>ea$zk( z-W*sG3E3vEB~79>S?p4jac)G!Vw1B-pDZssVlAgtEV5jkq*N(=4}%Riqic4OKIC^e zL!PYfRzlukdUYmMcav>nn|8*Zxtouw)_<*Ddz!(t0tG4rVbW-G!amwfwF;;2ZaauV z2V2{O6~KlqFd9N#Wk?+fMNE4n%4ytz$KF>^&~xR70&l1Sk*3_0@?}iD0WfH$AqK=` zXuQtjnDl8%L+*T7O*#`3t7x)^6dxVU^JT~Wb?mi4hh9%HFg43XdUm~t-_{&*-2mN4 zjxZ#7nd&c1)mt*Oz6X0iZ8y`3+V=K>!(Gfbu(x5xAAlFApz`-tu6F^=8!98n>EK5a z)whtV&h4tfRBgSuW%OpT+!4s6^)u`;PrI8H(hzLLgDJa)sM)tvPa)~c5cFwN_sY`O zHp)Kut@~hK-+21_8APUiCati&+|A9GcQ!ua4$ydK)x>uXC3x-}+2ahUN;e3858U-0 z)EI`M{LHEV3WSxd*!8e^vpd@RjRYjLsIn=^%VU~5K*&;ZEOQ%`XG#27wuwj~SltzK z1??pTb@}VzWKI;zGW6ip+=9^}l~P3oL1XT$8QgGtUwz31H+y%BIkQwHX%?6WOLtmv z8#wWe7WrqTg)TR0;^s~LiD@Y8MNy1Bdv{x@72=7D)o{hk&yZ^&RGxXG&_rf<38NRu ztV#)?xP3P z5CG%m?~Gg6G>wnHWW(Hk@`eHY7~CK~YnKLP#9wM>+&*__Jh}Xu>%0BrEnudYHwcEG zvh=lqo0r}nt{Vgmc5 z3HNZ6OQx#0^~zy-j)s;wD9nG&S5C!-K#OEUfYho^3}Qinh^VUcOckaRqM4mPBm=T~ zkS;+i4U?6`XrHH5VS9#xJyY!mG7;4_g+2h-cO~!?OA{g&m4KpelP3|R0D5GJmP*df zPmfVqV$TQ!D(NM9VC3waY(R}tg*ci_?h;_s@6wW!|KJ1z^M9QZJE9txZ0v^Nwocmc3CiCmj2xXE*EULn&|M+KT{1_HxI`R=%2YS6K>-MadXRZyl2v>OG!3R-8_ebT zo@-u|<`K_?R4yLNhMv|ZP-Nvb7i6A-6A93;ZV+5+QgfyUI6uW{waHoc^c28LnMCC( ze02_=T>w)+tiQO=&QFmEN#k6R)9$w~%%7$a4yeDv<`>ZX?9{b?`Lg?6xrfun9xhG| zl&1)10l~M`9$tOZ*n=L_%;CaJqL}P=-&Q*LrWp)9u9*n}a@IaAx_R-k+Reqj+1PG$ zdxXaC=%NPC%U8{lf>s71+tt~r-`9Ej<*Qn6d%*H~gH8;t{q9~iboXK(#!Y{gLIPDT zclTZU+j@6xPf3|(HW4d= zY)u+$eKuWJ3h+hSF4cl92dA$)OKnsG5@{j`L`^Ln3qE{zM@XX(RLjJ~9BPX{OHpQqqS)uv<9ktWW}f)O<(2u< z>!{%zyOU=Rp4aQkm+fyWy?%4Lx7R%f@S@)Dt9rlZ7YCqy>e%>*XzKeA%s$YjLyz88 zyFYK}{`3H%Z6DqWRv5+V2;ZGHjPUY_r7VVUoq8LkhNJdH(;zSQ4pKns?U^dYuA!=Z ze$g<>`4ju6iJCPJ@S=Huv!^x^j1ctmEs&%K=Bubx5a{cCpWd=fN^eUX6ngE=O7EMB z^wdpZ(n#gffMmMHx8~5 z&8XhMdhC`>Eqnzci9Z}Bw^io7bReOHqV*_w#)wElhH2`yG}*Pt(fi5l<`~SYt{(2| zZd2;=D^${;ec|a8-5vi7Uy`vPH!PDp3_2RGUg}hJ2@k-Nrjn372wJY4ohc>;+glBw z?DwT$mNvt>vN`Ut!l-#^MG*?RQRlS3^THfG*PmRml9mv&2o|X}8-eQvL2KU}i+P!# zx`w&=wMATjqzNZSFKx3$D}8s#*towqVv^Y6;e{C6_AOLKMP3U@azeAM&tgvDh84wx z_LdB=?jR*6das9u7MiI0^w#6q_cU#(qYnqsi)-S=En=%n+4JeVOwZP-F6y_uYk}x(2>~MYu{= z0({_S9{-0zhSfeTbJhf2(5gSR6jKJSm}(I8 zyN*8C+Fs~Ih!=5*{N$#Fs>zOK0*+j5u?T9+uVV3tH(~kR)>Zr<8CCbHT*Rf~VsPHw zpGLN%`PHXdA1=&g<_={o7c2OjD!xwI2HRkU&QX_O!Pd`~xzbm;vL0ZC*OCXirwRRs zApvzU-m>1>0!9OsQ3!ekPd@A0a=_QQEbYACu*4OFvzz%j{>&BcnNoEhKPIVCqjk@B z4K%eVuU4dv(-I-QXPRW=wFV}8V+$N6HoR8IsG2ReT1u;-_tH8F#Y#EF+kS>}oA3dP zJT3FAfZw#K0G*rUWkuz^PeF6}G*l~?n36F;@UnaG8rfIw^{C~)X&sm1`MLpQ%iW*F z+3ysC+ejgw7={(YJ0Qg{h#sJE^W_p`l=cWBrdwk&C_4Y1K(^gxmZ%0Bhp^2b&CP7W zzY|vK4|2SQ$9r6!%H5T!q8he1PeC2>^7ORss}uwm2l6&q@^W@@>eg+Nnw^cV7fxEE zF-syUNkn%=utqgL!#B9NN_(}!O}+YH8Z_w93l%GJ1NvbJ)*D7y_dvhGs;MiME6u!F z6MHuZMknJ-LPni;^WKNf>(?*mH?M-LhG)};XF>4HB;G-wWpHvvI^+!|*1}6H2ws06 zSCjYS(WHktnug=~qBk1B@BPX21N_qK_XqPiJ{t}De;khAkja?z#-ycRO&2Zl`gXCH zjN4=~Ba_A3!R-BTJ|MSqn_F@^o4lFzZrV1}@qqN+%m#zG&4s)e%x)k})8g%Lj_+;; z<3*PYugQnWE$Ph$1cx#`&Rv@^c|CaB8(r(xw)ZwPnhmD2!F(`YK(Z&39f~a8_7?E^ zZSUQHT;GmHq<6b`JDCj^A2c|xhvTaPOoY#l=HR)SK=x?>wDL_m2!3zhThuzdB2q0z z4LT3t@>cg+;O~1q6W#xGHo2KDMjyy*u(+L#;hWp>?R;=WZU$GwUYlG^`nMW|CeN0} zz;rg50GbA4NV5frwafxcd$Yv{ay^^ekoRvVH)OaV?|XAHdA;Zj$Ac@AB5O9dz8zoT zIt@tgW^y}TkZEst1&Hwgg~oRFgR3^V8q627$p=XK-JeWNnsBcL@>6BKPMK!3NXK_h zcJ+>FR;^206Q9wC&M`HWm{XdWo{SR1o!+G%x0a*bXv^c+N;1~Sg1+5Ht(*C+Y8|&5 zc@2fto>i%IvtO{;n-`|6(d_c@^^Kl(`Ix`9JlKs@tn`IUg>)`>it@g(XbqxpjWRcxMS&m$n_iU$1 z8FDcNi$Pbdl(^nsQ!#)IW^0dE)ZFERZnlgVz)sQYzNZ=5K#QybHphCKtgtSMsUwm~ z)Reg5qmWD>Gua$WB6^b>V=K&_7NC}Zg!E7c9LrO=G$q!l&db^cyxvp{fUi$nqEyW{ zU{1iyOslkEz!;#QVwlSi;!3;Q$3jMhKQAWdI5N6LJ&cfW*d3kBlZnJ4PjxpOV(np*x0kDdEAV z-fL57#FH&h>MhbY&*8x2l9>b>wZzVfH1j-de11+k81E%_9pe>aq61CAW|YoG!*=0r zD+cI1iMW9r7LY&O4Q-uv3n$DZGD)fYj1>)G17w&H$Da?OF<16n!yYfQvqO59cuI$HtZDe+N~t!^^&<1MR`XdbQ!GDiP}qs#}_zhXuY! zA`++5_Y)VM9oGt;qcoG%(hSriV}J;pA7cr5OizizHeLe6t04_UwcH<0>xFG@wCFHN z^wKUJ+906aav7wUKCbdO-ZdV1la+g`5vb}FaVkm1z7K+B7e4TSD2Sltt4x(D`yGRP zkX|^H_wDyV5PI-RhPh8ns+b}Tzs1FmzP&h;6l&@R;ptRe+4}!=W znL7qVA^qr)!2%R#k*s@V*oKqpwul&{+q_UYchj= z$^!U#MjYnPOcqLZA?r6@aiKh)wvYt?QMN?LU&TIjXy%!VeU%4TY}dO3aF z6qVBIhG$F}QO=XvSpM9}I+Y$knCgD&_VYFt^he9JvUuHlRM1 zxM2#u^}lYa6Kfb9bV|@<3_dOE=-oF3>g_zxIbfS+dSikrTT=}LvwMCRIxsbOSD}ge zb6NE@wfbmowJh9}CudVFzprC}k@ zVf7*q5NxNom%MUXWtIWcLav~h#zWiZ1-!jeY?(^pf6z8~%?*oHhYO?E@c=2P&MnvJ}ygo(W0;dikGeAsc8sTWQ5#b@B?%?4R~mq-Kvi}S)w0FP7b-n%F-q&GM*%aF zspEs0?svZT7NnNNsi8G%K|dP00AFFJ*$y&O0)tU86p<*`n>eE%+azWW$iS}{YonW) zmygq}71j($P;Du;%uv*(b3m=NaVv6DY^k)4RByWnVI!+RsNP{U#!>;jYG5hQTa(e# ztM-VFd=#Y9ltH#=jgG3lwoqdk6_9_$TaJ+Dwu<+4QSw zNsmR!ax8#e)@OiHRXmeH<<4sR;*>;m=P16@N$Tz%!68-UQ(O~0#6iy z%bCX2JpdN^DxS26!|MqaG+6@;q_lV_XT@7_sj}*nz?fzXG}T(xk4Y?OR8YNK zRBfWwx*?#)I6O=_x4FqUpTwfW9 z$deG6+L&b-lgACoC?MDZGWVAubV}aB3k~g<#w715YT}7S8Zt=MQ1~#W$vUTN=7gj| zE9tz(mOE71e!6NA^ma~*WYTgM)trqQ!z!jgv`s)CtHJe-VOGufSyVj0&Y)~t#-z+s zlhB<>DP(5_B@UcBQq_mhX7#}$H?Z}j)YpzCj~1N~)53*1%*ADX0ZB{I9lO?;>*^|Z zbgE+hYnMyTRm`N$l?o7H{MuZRUEO7=3~vI3p_1x!+U6HKWjsA)WtQGr%UucubF_$E z)>k0=-UX-OJjNZNL9(eEttN}SrAf3D;vNvS%4O|z?Db>74!SkflUsi49IsE3*$ONo z(O%3tdt@rbGG@-e0@(uZDdD(faL;Mw9p8 zeP$4foz)TJO}0(u=qlHHJ$dIhyy<XP9Y-3x+w6 z9*)V??F_v2tWTbs^mH&APOiFMjc;fT)cad{=C1GM^6m!|P$6j0SIdBQhJldApc*i}$+g-e^8Sk4@a& z_z}+gU2kSw7h%$RaQvk*dHurw8zJ-Ig7q5C$$Wqfz9mO){(39AMV}wT;!S6hcf+f} z6`4;)gV6`_`U4j8(%oJS=lxM{cr%!J{ocNIU3bsPk=I{aV}I~&Fl*yn9Uh0TZ@$(o zr+PhR)=74DWn4DsXU6W`E4a) zulOK!K7ID;t7GLJWr_Dd{w zY6^V56_4z}#`ST$=#41q9NfWw%<#~9>Y!&dEUZn`<~b{5ScJ)1_^eA%;eCYh7^s?Z zrh#e(xI(G}QO9INHC&3P@-^CP)HgbI*O#Un%&9{R7=kigICZe*mKc$x=DdNkwGlwD zl&HhSLY}}y*qS&f4Y_DXtKC+aVRAC%1ujA=VYJ&@6R}vWpr*eLENP&htts7eKc_JLHA&TT>kjv+iYFb{W%{?60% zA`@R)SHF;*P+6%A=oV|VH~|m?yTV+S%Iv$EwEjWdYKn8uwA|{~O*MQxD7OU0_mv9* z);dCMK)r?-l^kn4TQ7x-FYY=*#xR?Sv;j*65#6LxN>tV``h=OxC$~16o zmFo(jKcC_t#nefd-zBVOtwa9=Yl(*f@rcP%G8%5$Bw_2AuUQhZw%(7DrCN40^u>#l zu(*YtX{xR9?Qz>6Km#IKF>_SF#dI6Yr4>x|;*N()_*ZDhk9OLkmG zGuX$F8L85Uux9U{9T(^kk}O5UL6!AmE_XhjB1W^#v55kJP=8o4->?P*lO~v5rEYgK zK8CjTF6>B*k8ltauB_HJd&FyA6`uXVvu>CMZQI8qiys(fJyu`ax5tMKJkCS{cZ?av zY&cl6uJab!a-&=J9EOaOA1;2O6MA5=NNo)`>m#hdwb~42>qZsDdi{jBPxS;O!Um>8 z1`v-_<6%EV6wX`uG{P*o(ycqUI_S5glWQIP$llekV{CcS6%-6T`;TU4%W_m8SgEo0H znOwaejz-YAmSOtCX-~_}^WMAR_|04|!5PMc#~hgHcT76HdJr@^`?;Irj2!K0dE6$g z;dIn13{^~SUETsPuaszk_1G}?h9-KENp5919Zc8l74>&lu)R&qAqIDMtBiC7FyZ(Z z)i^5sX@l-^sz2Y6N48WvW8|nwKWV!>K3pHuTP0elnhZ)D+*XP%r1V>j^yw4-g|)rWeZBgQ*Gk&sk~hZ7g47 zO=V1#&?b^)lqYQ~&Kyj(O~WuR$!{3lqd8<0BQqgl%`>HWX2cy63xuzI&Z}HX$&L&| z!OnZ|CsGoGi(nAXN&p#{AS~P+11DeC_kY_j1aJAGf>mo<^DI(npO11m+z?-|Q^-#_ zjXhu?#l}Hv#n~}B@Z&B(Ckihx0dCBR z+m{^5p6V7-0mL!U2UNMu3HjIxTc2u>AVID^a=tf6)sBmm^zQD4$&k5b;!E4ZN*|#} zwAgK2glr0DBse_bTM$hnu4JCtWJ-RNg9%M-yX?uOF3TYisbpIYLby51iQd_9kz-^d za=5=e5gnYCB9^iw0#b{|3YY>$X_~BrW*6)grZh;;6La(nUtAZ}^hldI%~wX^T#DnMPzt z=+1lWG!!U@K%x1TzlM5GT=v)kjNE%La;a8-nAk=}dQt+e%(IBISlIcC4Edt}NaTTy zJy%|nMbb0hc4@C>`fA_ov>W=|?t;E+v!iSDHhz3IIRK_X37fZ7g(QT4lgV^3(mL;2 zCZeOdy`aE;Eo4TVrO;QvlVZvD`aqgK+AuVT1s?x1`fN>NhN^#tE7rb)5ItxVJ*A&{ppEMm@6p-M*#_)mK3D*}sxFvK^rL8eQL=A+ZNk!m{?l>`qTj_i_<{@yh9l+VI7JO$h3|bV0e`kPa^AV-lfyJ4pIwCWbVe3TA8P8Kw zKnMUA29m>xBmxDE?EpH%vlLQ>p+O7ih2%@1*+)SI3LM4=A$|i2fv5F5T8M+Ux0YfJ z6}$@LaZoIu0ggC(@Vcn;q5W79-ahoiQ*_wlB&kX1XwstJl zzJz?USSqW>;w(|m{K8`91AefemTs}>v4>N*x^Hojhu}IOM@fCGESV)>9dMS24Ns`l zS+!a%3R7bcp*y+~fe0PF72)E@)tzg=0Z^U$ouXlRro=DihPLup{IQo6WfVx>V2F{^ zd8vDZVfNB^=qd`jNiI>A@IBCAY>)5?Q>3|SC$G6o${bV=x@ORS>g~W7Yv8~jZRA&P zQ;O&HS}m!sRqP(@rOJGmdH1h;>6kkqLn?#-r)Z;4x=k&cq#h|^e8Xkx0R;Tip&*rg zUM`i52lXyk=h*;Em-z5s;+W6!s$X8q?&IG0(AO*#?&9PCRz~8A4|yZ*wOYSJFdc&a zsLIrKY*aZZu=L4+I93pT?uSz_q8TP~9YbX|H~qwyTPfpt64P)-|EZ^{yieD?%Ss^`oyYW74ca5!`6(V9g zo_`TV6e!B3S)=Lonr~*OEP2inxHkzt;$nUtLZt~2Y${9Yi79yD3hXw2H_OA63w^t9 z`D1`R>9tx3-f(`xkTzN%wo>}XM-O0^Ry>21v=54ORTdzCs2k__08+<9?)H6GD<4pC z!i0y7ZDnn3lg-t5Q@2_dZ?*lALGcHr zZ3e%G)=f>AteT8=lIY3j1K2)SxAG+@fY3?u{u5t zGRwT;a77jcQNW$nbMmI75u;e(y-zIez%`_w)~d%IDH0OM1c73GDTuEL^=Xi$kJ_q7 zAH#sO5tpJE>eX|OEYi1G7AxmkhHZkYe#w3gK?OBvVGfG;Y^**!sooZs@-icD*ca%cw(Qk{7V#$S5L)Tn2L`g z6@Qi@;q^wYvqV1fT=F!SO#8+!tyX_N>a+VkfX`d4&O2ywz<1gNKn&%WXJ6UBAE2>* zsfwH@vY~&}NUr5`j^yA$V!4kKkX~VL-T05t_=haru)pj7H}B7&yLWuWOZ~6#bKZl* zb=eP#y3E8zf2Px(_h)S_)jB`H7ZzMT@ic4qPHGG&&?}rh)8{OQDhiurNFDPN- zy*?nVR_AA&gJj852|IBo@P|J|zU1yDW*bN3MTJ3z3RVo<;0FOMokOmhG_bvr;M8-y&baf0OKyf6+fJ`0w(I#I_b? z{zZ=w|Ml=C*CGo~!NZ?RfscjL2|GmU-3Ud>VZJs3#@tWiEYI~ch*avSD)TQgM)i2%gm~XgR@m&9$Nd5oITo$-2__Nge=Z+t;LR(FD zS)Q#{Sp=tZz!S42CK3wm%tV=j|7flknipNDz2(=t(?o%By!$cGKKMsifY$A&wZ7aCe|j! zC!q><&C@U6-||0s#6D|nCSw0Zn@soSzvOPomro*`>S4NpsYWfTbAgxYJS&SW9h-BV49=EK?40akmpW zT;2oStetc6tzVZS%@pg)9Q6+rBG}J0@-Ey#%37waL ze3bMt7{jlnDkQ42bDkEGZ!)Kd4Ob^Atr&v|=*6_uhDDrHdCHj)nhmKcU z9Ppg4xO$BahFV5tBP7}wO4&y#Qhiy_L##7OQ<0zP$?X33)=M~K7W{9gpQK!?C;x6e zrAdO^YXR!1EdQf){KZO#;V8iq?x}ZQp>KSUn=LJ!Oxds5mZzyu%QD~m;`Er?T!@u0 z2i@E{_Q>~(tw^ySD7Z%|=OU?!p@m3T|4}}k{mR#CG)_{s8CDjrn2M*0Quc;*ymr1uCnE$v9S>9e5b^6H zy}sq>e?~_v0_y&Nd)tdWEE7S|0zLYKTzokI&iv%htC}mtc*f9`60uPlqamb4{QXuY z0C6%(=0_=t6zYE799QfbP$5k@SWCgy5;8KG5(T8EEf0*l#URzxJPaTuy%lA;;rk3J zC;4gxGRz0idF#n$W(wR}VeG(vcz~(fo%VdxAKmp{n&`%I<<$xut2BI@o< zAos^-R)88M+-mNgBHCjg`HH72>0H74Ou=5XZ@I-u60bA4P;i*7qi@t7^w<=< z?vJ+7=9j$yTbdzlEXtkY(8E*|(vuCz7}DEXk|tFEFkveW>`CNUUCA&m5Fk>|E|%Nn$6wv_-zXzy=TmdIi& zf;YKh06I(#2938Dd2(>y>7m)XuTHCHBl&v^GwMj(6hX^|jnYqN&?d)tb zFREO+8ja9iMeq$*nclc7q@K=s912dYgHn<|Abos+x1!QimU~feTt`oBuN~M5T*gNl zu8UIWe8Im6O6JgZv5>zTd00()832egWnjwzp3_+4jO29XrBucZWW;fZ^|myVrl9`n@vN(naM3Lkf0 z&T`hi?oUQ9)=k5)zg9W5Z~t4gQ~S05mFg*W;u-yv9{NiZRBwfRC9~S9UiG?ydgSF7 zYpD4C{{bqhx3~T+I;#ENU#_I`H2yxzeX(NI)|a@N-(mpcf5QD?xF1*WSjeh=&3Sj0 z){7oxmKbf(FC~(*v`j#iIOg|o_4%#8!oL)BHwRg|l8FpZrj4GA#JDl&AroV<`u2vY6_^)V4+^0Y4Xu zm6zQn8r>cByAP5DQstQ?@ML1nR4N&zi z2ccU~aH;C0wKCp;fOrNLapbssz57q5bycjodp?Ln$@Ghi3=rd(BIdVL!EV&lrkV+L zLW!vDEokg_{k*#lg4-LjFum6(TNOd%l#pZ|_6l!Vr#T&12%$k_Ncb}mb~*U4i(0e6 z^kK4?eP;c;;pFCSI9beFtwDd%zv(~2eYSMmXQ7YXq8y+K-^B@JXU!XaGS|m`uzS^N zeFYcSetS@I#S^yWNbCP9N-i*w47m>!@G-<^6z2$Xm`~2gn_hhNZ^?AEu>=Hao9u`U zz~QrX2zjJJF(h@lqtUY_ZBzQ|iPYC;=0INkyzAde4cVe7L3Ec;h*UB~p>s6N(l8EtQUxN0~{Z@a9IJkB#5 zbi+BaN|inC2e!(v4v)8`jtYF5PIO4&$MoH?6KVY1PWQhpcT0#Ixo?Hl#r!IiNd27S z{zu0XI5Kt1lp|}2=Ii^}eYK&JxSl0a;H`vwM4QYjbYiH=ou@CTw3dhWD4ByZFdzYH zQ$1Oham-Ys@nsQ6E?393S)`^JOR{t$^4DJy^=;F@nPZ0U)HvI@n$8duq5@}i=Z7x4 zM_<-;7VDk!h3n|F7UVf;8tMvI-8W!?smnL@E+>)lR*?l?+rv#QTpI*#Vq znCQ+n(Pv$&QHZH0GfQhN$XsG=Kg&?%_Xd2XmOCEBRK0(uABMjQs={0NWHXMRbhd!m z%3J~vEdim58){W1oC41cMr-KV^XFC;EX`6;Yz0W6fXm*{S~tP@D&c6|5q&!&t@?=> z{96Bwv-FDkwhf&%2t}#tX?;COiC`CRE`Kt%*uBWhM{tNzPC`sR&=aKr>QpDnN+RNF zx06`kX;k+_Cds-?*bYjG$K|SEopzihSsM)PO`fU1RPMA_WwPf?rs9uPsr3ASf%7nd z8c(Js(|bk^G{0)}E2fdg@s4%i-7a1NmivuZ;h>JTSQUAuwcErQm7(Lt-Fx1kKzk zTy9Ld8KMAe@P##0(f|lRZ7@FDrzO_L@(UHlPro{l-pcp!3y+I^E9T!+{U*Rdhgt35x_VF|*UBvBtB9D*5dUz7oX2tLg#&_u9_RuvZ;={v zJMXj6g3VW35toTzKb~8%439YW`pzesJMQw)cQ18)T>%#9O9j~&(TfLS5*%9vWO5Ky zhzmWu2GPi)xgG3$>T|b&vwjBJ%t(M-34Q0)3 zIdj(W_>r*AyZ&{zS|vWK5nO6xDJ2LCF>JI} zRbH4sEQOvv<$#2}V}*cEoI`hS=~p||cl9cJRbfLOl|W>3!k3fvZi%(DOwT;85x$h{@(EK-2QHdmp*gs1t3eeI870S{&oZvYFq>}wShG=+B z1%tjw@W??TsZ0)DZC`Bx(w!W!Sf7(Zu5>HgtW;u~C9z@AMrPc-)lpN>M$PDbHOy#R zE>>qupbyi@E&IFvfAjtlO~MISLatal_;=f)#y#qgw*9$njBL6Z zLLQw}0>(?nF#`22x)w}qxI^0bL$BRxjV3pvZx0L?eqDZS<^q{GZ3cE2EXIIuSRLy1 zERQb@^%}owAU%Lg`eX>0U3Mu};KEC$b`y5QLqdQeD~r;U4tUIxM=YR_`V5Rzr`^Mx z7`j~Dz!N`IiAIA`OrfWyDjyq%Y433;`sC9`8$_rVF?&TVsFy^?YuiFAoEy}?(u}E6 z7Qq$ifX7mqod3vx1QDt9BA_#%=!~6DwZ722hk*rQEqkw<*sygP5)rm#A~zUUk!uk^ z;kw{E9+9j?zGV4YNE64Xx?tfcRbU)05nP$-?p5^tvG4TY1WzZ!xjw~jdT)SQ4l_L* zGVM7(7Wm8jvl&nzItWuhF3ycp;PQtb8qm*yTOd$w5VM0XyB5g_rf6{B-HF92_cm&P zwOa#})Lj?3!1&m%gahhLUa!^qwSTYgvC}r5OqIxCrC@jY22wvgusAE1MNnqx2-r!c zvXEfh+uH9Yo1s*d#E28HCd-_t$4a9r@=|Fd>aIWTf1Z=zK3d=`^$MIV>>Wy_!`hfS ztjBoXyIkrCh(#h0-#Qt7V*fSlkNcCG*Qw^GwC-vNsc%udNmslrIb7vJf!cWS^UrUZ zb#A=KUGV^LO2t9>01P~zY`Ws5stXy^@*Fb5)Ej{M30}2W+Uia*tW!~2Kp z@o2!N@7dtPXwq-B-uBo4!)_-A-`A&KozJ z^V0IX$2@}GVqd+yVriwSc=IB?ylm-)c5WOlI5@NU@eHu_KTwf=-XOh(fQ zyBpqJ4`&qT(2K&35Vya?>wT2=y^Db($Xo#iT%NLr6bUSc5AAN`)$xJNhuS`!ml|fx zraJg{xTC!QvxKOiO}oaI17-9~IZL|Ou*Q(j2VkLnN)+I@uHH!}2<|Dxj3`323{yZa zPC9UP%j=1J%JL+Bk})o8xF+an`7or#91Z6TD!Pu|kA^qwdN`hbYPCiyf$1<~DOTG; zq^b}yjo2j1pZFnS^CwySDRO)U$y2BYXgahNFo;x`5Qz1x%Tw9@x`wnR6eiahNpj&q@)#$q87 zvEOE?Ns*+0>5j|9JywZw>8m(92*0{NN*RRh+FTo81tQ8KZ*QEO1rU)`T`nvq$Cvt$ z1gefLMq-2dPQYT)1@Lu$_9pdMF|r z`f*axrt#!hRVU5Tv*CjyEQ%`Ksm5AWxfl5(daOtcnr>xl=Qe{?F-kXm6SO;9+tjiu z<^re-uv|x6`dN~$iWP1Mn2uZ&8KEVs6Z8Ln;k2Bwj_lTAA|Sb{K^7m{EK@2@CiQOI z0iWZBVhCW3*%}(d2jZ!ckAnUD?)$etd_Nqp4#n`oIdiTvWxyq-5Q0r-Qy3hrPB3hH zN~FoPnVUV@=moey^iv3Fs&?w~{QUC!cRxY50(ZpoUu;-*lJo}M?iOJcE&{^Sx=^5{ zBW3r*7OX79_Yj|PYq9457d^hgL!yV%8`X@;eE?!SM~C4&vq3w)^nPZadsPbkpi>@{ zT*Td;t@UmfSTp=K&&oYJdsV48$Pe9R>6geSHlO#SS^+r=+>^PV5MHkaL*%Lc&4Cez z#$`e2B~pUhLYFT4IHwasj}qSM`G(haytX)K_}I(iiCx%Hgg<51gO z!@#$M^)TAV>4mW6C3XUJ45|}kR|R4b(s5%|KZ~_wDTt(v91msAljON=fUXUP5TgPx|;crm5fOAB@ z2963S3aMX`N|pXA@Nay>RQD~iZnI|Nb|)v3$U?8778V%)+M)*;?6yY3iGNmeIyvv} zj>;Gi^pt#X`UAd4%~~`zbJTwKjD*Sq0t@S#6h^sh(b(c*K&=KaNJ{=Pq0OlP0j zKOXw}w_od34*zfh25P-7E_4~x`&!#buMhvMAv@_TgkaFG_8zJln_F#a z%vpbp5_;;~V4DN>5p6GMJQsLE{qCftO zpqcT*e-7`irw_B+R~@8gU-L_{3iMXe`vzC0I0RV+4YJB!9i+;x24=KC@TXyrbgh6t4lbPJV4)*=#3_?Iz*`rnmC{~pmb$_As^;Nfn*(4u9|Mss+0I%ECGXEuG$MvFPSpG|LP{X2Fu z{5Tv>?}xKF8;|v%BF9Ju;fH`{{f> zLX`m0w#L)>oK4?H`lC1fyZ-HvEv6B>=`Z?_uQi$sz(w63M{M|?!@K)&fA(2FJeu5$ zX2ZdP-kL)Trbi|q#|G2MeE5%t;bbxDkIkdMfbjfYzwicnu+W2iKU&NqcKt9PO@{M% z#AbRB55tJvPNz4YM&ogW6SEi%M)!S4=;(hOO>XCIxQh?N&#XTi&4;W%XN=ubaAk43 zCh*v{ZFg+jwr#6pJJ}tpW81cE+ji2iCf_-8b*5@&ZdcV>cf0ml@Bev!&nGnQ))u^j z_~+29n<*3PL(z_Q?NInv&=vya0Cr>9x8T;`PapJgEN~Yt?q;4~>PA5z0@|^Wm6=d6 z#n@U%DG^Cddkl%44}ZSN(j6dyxsHyy`*E`2l$8@dDn`}}*P=I~Jgro;3(XrvDk$ch zG14tN&U*{N!sB!71QS#N&mJ=QvuJgcl^k<*GjLE!tjQ_eJAMMLz6(@Ht*^?$CY25) zMYj2@MlHswrn<7jUiYos>*)B&1_oc~kJkY)QkZdHmF=$yp|PFH$ooUBdexJ&{*Tof zHH&N+rb=2SyvQ27{JG;BtsXer{%D5HIs*2^3E6)_XJun8rnsO=z)Htw-mY3E_Q-kM zIemreqKi>&AX-7EyE47nwzURcxt?)8%E}?{Td%)e{rsjy(=CQ$zSa3o_U|iP@f3P~R1Lr*-?VByE_`L>D0|RqHZi39 z{$g+8sF@a209u7}S(S1>v2mx5#%G*~GvyaKJ*u)%_o_{k`gaEWxgAIU!5px`J6664 zg(g^*QQ;B46KdHas3yT!Cd5z+^F;5eS;UIcv| zXi7ytcRfIw+!n7#4C?_x3KExd5Yzb2z$isUH3aybTATg=x_;n7D4UET=FsdIO4FIf zZf<`w)a;f5{Yc6Msa|0qwOZeslY!X!K`5L_ljhB6M=jAaTdxG$iQiJ+{m9w`PB>Z3 zPy8Wam<9mdM#-$n^PjL(W6ny}}B!#A@QN{c3z!-}(j1vM;*U znk75y?SYEljMrxlDH$w(JA#(%*jY3Ya0tM#JuOQ#vkPT83)1vLK|ln8>9(FT)#-&O zm(g~6Z8OB`}FBHj_y2lIutPP;e^f5BN`NOvnb?i>vaj6)mqHWd-!P+vGjTVwU~a zRr^BhQkFg{ZtLp~EqkxIf8DXdG@vKr^*D)#oA2dfFG)^yK@lzQUc3$02q-tB(e$&q z)L0EEpvGlC!4IEJhbk-D-m=K`G{*b)1T*<4>LGSv1t_N{PpY1~)9dxOMdH#IxVu~d zxeJZTAGvyAMq1N0?5kB0>-^$SPjdKM4T@0ykvwThFNfmUh}!2P>Xm9ACp2lLujK2h zFDvvy(-3S7cH{%g`k~0QrScLxa{BT=H;9Aas{TSdkhh>UdF?^Kv!W1X*ud@DIeAcP z>acAI-haHK1ca}m)h~J&7^KLzCUih1HQ+OuIcpe z8AJxNB zQ(qnREVX<`pV`9=-+kjU!@)$#|@749zEw8WYUse92o)& zm6~~y;yVy7-R50y<&+WgWR2mZWO0)F{M6=|q*bOi6QJz*M^f<~2^mIK>R$zCfg;{& zaO_QZPVEpyc?YCg7Se}}mzDVWzn3`wOzq=I{R%Vvbj!>_lW%Yeh3E26G{e^Hn+E3C zHblL5mBGgL%7^Qb2@i_{kCQEv8#wCteRKyhlqUL7j71z_?aq%YKfD~dxfb=Uco9Au zZ>F5E#%TkV{1xB5#{++}_wV7gH%zt)!c5b%HNO5dBh|BlNft6S?>h~Hk6nXDA%|yP zs(4Zx@z1Mr!XH%p&yLY;J~8mMM^v)3YX6{MXas__AhwkhLXvcyVudb)9>rj^nTWTm zz;z4!PL*w^-mhU0SqXx4kQPCT2@^BNuHp_jd&dtK{FkH%iFiS6VWwc@B`4Jw6FD-; zkJr&els0;;65ns+dqJ*D=;Y*A=@9?ybOFeoAp`A_Fw(@@PawKP_G7i*McwN}^G=U03R8^e`GZeY?JlYWpSY9?XA`|3()E0`Z-p0qZx zwj0I`+IM3W7?_3bnle-H8;S+(x;~<)*o_bD43ibQljg%Pz(jxgP}{Q0^00bt)(UKv zre*t4PDIm*Z{v>xsq-!>7QL=KDDX8erN8T8m0ege!M{gp4`I9C2-zTX(gguLLLPED zCA%Gy*or4$_$21H5Z^rt6{oof)iCsBB(aMIWk9=4ak7|KOU0#OR{5n@Jsl5 zM0|>unHBT_TE0nh5T@sULLByGN&LyORtY>*^n^7ftmB1VQMmh>ra7M4SFDi-a}+Ps zf4xpCcVqGLP`BDpl^N0|V80-C0RL)jAu0>ivSnK&w?OJAM-0>A8_w%55zTeO*P=`LW$b=h-JJ{P80LKc|Fj$y;d}r_! zM@MI2S{~uY6RS+}(Wfvca)(a8H7QEVS+ZzN08q&k3y#gN??47st{}TIYnOCz&S`EQxUFN z^#y0g4?yBG7Z*a}9lxwJo)UYP)QV%Rm(^?xj*YwbBMmDGRl&)1GM!Bzmx(=l$JQ>J zkH4`R(j60D`d9kZTHhhx%RIi^Zlb>Foa<2GhVye{RVFr;CLTtBC$Zu;6bSTg?Ju%v zhcF~<;Kb|s`IG0eJwF%JF^m!SIx%_q!h|^_8|xTQsXSxERr)->+j|H!UJ{@oN_!XmPC7I$01xAS!E;nOy0THVYvH<`8!5B=U-Q<84uO$iyPk;2~MD3lj$0Uu<#(XNlfS54E%u*E7Ii zepUzWCxyp>NDUtO_&V6j5xuM&aaJkV8RU9^!*dl_>k?V^L8a1Y+za#!3)5B#j&?t{ zj#r;V{Xs&Ff;Lc(*ROsEafbx$BP~4)#Aro`tKT7EQTsYG>C2Ar0asn4k33M@ng=P& zHeU4@?W&47I=`%?Z#(tLk}mIutGDxMP9k8FF1W|O_+8arDGVvKuq57f$GWlW4(kpu z`K(GD6rP8xbpj^^KR8>vOK+;6J=ad;;XY`hakVnnXj-xEVvJ^fp5EdwKA!~Y5}F8E zz4m>csGC6^+Jen4bj>F^Ev33FmX(s9C(2a6KV+Wgw8Zi|yU=c0=p~y0f426bk$BP8 zLNq%bTzi#p#|^o-9j=A7)`gK zd*Y%up_`{)v}h14WV+w>B_lW34<>JucL489GY4N_h2=R+Ok*%kkH$uB z&KUU)DHa-n{f92nxZUHV7CV@qIpWcX3*q4Ji#bzoi9-=E*>e01Jpc-h9-tf~%lU#= z!%f1isXd2)HUhxft-w#WJJ-Ex-1YTH!Cvf6!q=lAcN;dn_`=xVSc>4g0eCVz0|B~K z({{syIsDva%mpZAt247nB?9{40ZGEEhPlH}Th=!GZFovpSqgnPi<@v3$r(1X^cfGs zw`?^_`Q6Cpf+0}=NPYa8uYWTZJi+iMc87o3mcq#ZlzHS-*u(ptVIPLd%chU#PR=9d zz@3G-vV{MI`3o!)D9SvdS|7LanlkDcq;VaFRi#>w=B09*cn{N}%iW<#cW}j^r3?jn zNGk}Cf=*S9n=Tcxjw+@7d1;X;5IldqVLy_irBVdJy`w=f3f}X`ZkS(+ke*5$l1;>4 zn_E(1DAIwnU0~!2aNHc^K6phHa^7R?QdlS2M)$Z|#gUZACUD>36(j|p^9e6&B{!yj zDoId#ceQO1zo>QE=fbL)_GK$zm1*N;%NS6(SzK&%n*<-zuH+|^x|xJXnQJ7EG?v6- zocql3>B1{Z>~|GA`LI~c9Pill?g~|^ajaIP$Lp>Qn%>g*mh!2TH&MLf|0;pUs*|K< zs`;&AS{RZwCH0QXj0;ng7a`D$v0I!KyHR;qSgvJPwasH}${%yx{xJzye>GuBhV%)$ zjKd^Jnew;m-!k)$hKR)9IfwZQ(4bv zPi08TTbl|`&KhKgHtMBe6iHossW(*nSV?X4WZQeLD;LrrXWu}1M|B?+Wr@a+jaFRD zI*UNefdjk;Vy$hMCkoS;F|0}Glfofuc%*ITRpT@t^LSp*?6WRxn0GU?X1QHFVa5!9 z&F=y%VauuQgEf6ASHURIc|zim(|vqCxbw+Vqu?7P#BdtRI`v9}Y%8s6SAZ7WzDr$6 z3_=Uk`^PhUI&o!Qo8r(H?6N1)g;)Ac)lDjhV0AUpeWg}akSzQSwlkx^b;%@){j2AXm!tLOU7gc6Pr46y7cfsMautq4>ZjqL@F1Nzzt9U!;ZC6{xe#LDMECEB zrGQ(w9$9Kl(QI6iIlbP~<{s~i9misD;e{TBNXqt?ceUg+?fzHwRCjkQh_4s5a$O3o z)Y869Sr@SPSzPA$VOZ7-2YU)+4UB+94W;+EnUdfqFTF&>%toYf?HMf-{7i18`>|XL z!}RFXF}c&g#PTQPm&njPGaHvjtcnf!G=Hj={X4uO;ph&jmrMak?qAa{h<@&^pFccF ztoMRZe5M(Y!S%;M{*`KUdS=~ioIa=% z9UvrQTHbm*t?v6FweJ5V1*(TW`&Tx*>CWXGR|W3`($1x0NHYs*=o=Fr!qETBjQocK zf`H)M3-4>~#SP(@X#uE%k9~%Tb~JkW{KlKum1u60NGE`Q9fMR9J4QFX+^5%KIT?x&&?+@2Cv^)e5=EdqFfSn)h{pqR#s?LVP zGU==VVFRX_)>174LZDUjZbeZv02YN8qXg?!5fJWdC1fonZarmO_?7RzH2DpKPg-vm zFol5hrLlGy8x?*%(4%};Dy2jF`Uuvq{U-LjNqlfUwr&N5;Jll^ln}&-Iw|ZE0xMEc zD~X&yYAS+ZS;-jc2RFdnY;NRR5yATO=y}0P^c|>vSOAq`fj!HfHm@^n(3Sw zib}<(f;xN7Ei>eQz|mTa4?}jf8IKJUo;OFWZtcd?N+`mO$AywpJkXtpP_Q-I>f zN@s4>Jgr7*Q{-m^n#fj;2NmGZl_}iykQ0)1MJ;u1KpsbCP4oV-d1k+1Rf5=Vpjv%5S|N9@F*aMz}CfMVbW94Yy?DJ z>{zOhvdR313nJ1cUGCDVW^EZ&G}!r_$t`Nb1XAy`+9hiH?{&%f*2h zB)+Itl_MJSCH|h{o@K_lbWaYU|H;VF42^J0kyK&`PSLev<#8!wV@;anZ0?_V!J6WC zLg_!G4B0)5xI(S|Ryov$kboA-FvL1@SEZjd&$5;_FQ27#rTWhWC$*3mUR@iKT`r zG9tza3Pc5(%89nzQ>%#veJM>y2b@-5v4JK#CwW?m2v+TQNhcdrr(}!xQEWSUbJ=nx z`_pkn3b|1s53GcZ5imh8`T|u62a6jBJ2ytAAY)IF4OHJyN?aUCo(sB04T>VSbyZL@ z1wBt80_W^C&(d>sY%^eMU5li_%OOf)oeaAGsk-|?T$5wqe7(0X6WnoEB>i+q)Beg# z#XIcYoZXwcNAo8)DL$7hA0*}tdGQwt62tO&7Qvh{Q|n$7{R&B31>A-FsQ^T}CjXM0 z3f}2qz}~~#e3F$^A487*HFbgTer_RT@|e2tb#$t%_08(q6C&kXJi;Rvd>?;bvfLR- z8yYzEpPv<_X$*;FxHfG;a&UDfm~7FfRfwHkqrX3-{2-z7nlq4UDj6@MQq-1eQuAhY|zY`rpdo0o95R0*CJr{kktWSc<3v0pHlUh-^+b$!9++O}X`$~W57gWXSR%tCSTGL2fwcGHY z#Ac4SWZuwW)p z{=8wkjP>6Qg?1g}*u`l*jQkq~6FSnT+05slL#dRa#m4?t&d-7o42;TxqY36B$5nYpr0GA>Z}Y5s(#pRAx)!c{K4Oj%~RXN{#0&g0GZbq8?rdQ`328k)5af9^4&usTJ zwvT!2Jg|b%%1AmqbYde9&!ss=_fFb0y}m-dgN)#F!I~WkHY7&;8{JSU#|V}_KnWhM zx(`GqLj))eEivO*%v_@UXzVO9w4QMBEi1%kh^J#R1H;GdU%pw?XkTgr-T;cwCS|os zE+>5OzT~+ulrg5T5aECQ90|WJ>+zj1n$y{|YtTlBnM#h2qUSn-Mz4O$&jx0Mv$8(& zc5>M|?0=c)`W3-CeIKEBqB-(hD*=DY5G^K*N9g5ZbEg_Fp8`TL7NzW41J6reMAWZ# z8~ft-t@#y3nsj#D;+FE=OrsWmC0gyZVVvq}M=r+U%tKI~fnEp#DJ*2rBfcf<0S$-4 zcfTsWsM>b(bufS}pLeArnrp-9YcH;$#lTc%)s*~BaM93uIEMYP?rlx`{6d_$*K`Df z)?G_|WV7o9YA7uPDx8gFyOS!_58*STF;DVACG$yIY^tQ(>Rrmhm}+rspm&2G!sBJW zz(A!4;IVx#;|zJxh5wB3OV1fZbYIThb_AQhj@4XvZW!^{i+b=4=Svb zJ=&o&DjHMSxaSR1)f1S>?+z9GTj+C8YElu;w8`w%kk$dp`t*jqTmdIfPwPR{;hM@9 zwVIh>BJ;RO=DPvbWq+#si_zSa6qvgVpQ#BUx0YFb&^o~g639XPKKj16$iM~+#(I9YhN60DI6J3aejrF+Tm{D@xu{2_y?)?AQ~Zh@ z>2QrV?djM4unBJLF<2dUco(#+G0A4594x_H`P-USg4zM^Fu~B4+0dO(_K9zBD3j)(dPJ)VKC_pFjS@uEG3$ zPq0w!Qu}G$x!G~d&ylO@G#2s0fXxVFd~VTI6lKLcQ^FxzOUT=WkNNijrdPbdDVG4! zA{K~;F}j!7EuL7nejQD$KW1Z5@*jXG)&AEgu?RR{Qekzl6jExN;!@jV6o^-ZqDe_B zr(MI74)l|wgav4#wwu22Jj19?Db20|tcIlK04$4NZswkO0@n0AmEK8O%46ru{b-5d zjOqq(b>@2UEF{oIwJFqvUOj0r132KaS=NLo{Wpr0lVMi$!~?^kL z;asY3F@Vol<5AI2--AezsJcWTuZ09FMSB?w=}s9g*(I8s$T)-D{e__4!`X7v%pn(z%?AoMF?`)&f7(#l?QGm>vIzD0$%6FV3%=!^0F+ z=~+9KaekIAogF#{6=(eyc-6XS&%AY_Gljb-8kx$@xm%Pae6-howP;oDJ$Owof2!ld z0(gRbzfQs3!*^`c$oi&+>&WfRw+!3Jtsl9`GRLRQc4}{pLZ)P^ttE-}6GzZn`D4pI z0YW1Gc03~#K=SicFE}ZmBL{Q)Wmk&&v3YqJP!q4@5H#%9@Bgy@u>}ns8rxMD+XZ`c zB39MpF;&%dr|s==J&euzd|bc1Strxa79KmR82q&TscCa_H3vIOSjDlK+ZWv;u%cso zy_fl5IA}lm*3yTkzr4ZgY}LtP2azgXHPmtfPp?nVLwa`ZxnM&U?C~GZ{we*xJ^NWv zD`zhx=+u;S05iicKeE|Z^2rD7K9(9ZcKrTB!Byc~?~6xKZ-r+WTCdpRow={h6sIMr z!s4f0W%y8Nd}|he@%%~2{Inenz)i=S%|Bd&)(^?=e>m2hBTt9v!6!{`Pj>%Qik1kc z0nJ{AK;0EB?>D!xxVa`0aF&Fdd#A`d5&6zh$9Rfb|pm416C z4`Ga*zUI_hl(q%i;$>4x|EkYO9pd~39~U=R)FSmV%TMq11~eFcf;)2am9L-<83K-X zo8m!?jXz<_+|58$FSNj#_N94_w_hvdA&_yUQxUa)!TlY|iB+QIG=*c)I)dE{R}_bq zBi1bnn$m6#B1_7Je1#*WyEH@QiZvkze!&ZO_5b`_=?b;Hj@OAEUu{%tu3=prXm*Uk z@y;6=mvCq?!pzcm@AeFsKrOIkJr9gmjEDOwFVr$wl1$CRWuhLg7 zq%pMoYQ=)>#vq(4y{enxh^NYdDq*R0Bn>z7~a}f&LpvTPL zdeROQB6#n7%%zdyeH5?{?C%~GdPxo{NA{{jBmv?uo9bM;)GK^#W9)U4fY+GVdxAoz z%!@YtLlze>sv5UUP=yb)tP+$`5=AX(59TqnQsmp3%~$eHtu7V3^>-Je+H4t*Q6@#*y-7w@!*hEkki;IKGKY<53Yx9 zILY&*st!Kk%G}D5Hc&Po;L7>ZeD(^BXy;LEgTV#G2K826r0xL#JL3dI{i?4y$BA(N zP!!tjo%+9Q;q2a3%efZe7Uw%eWT-=uOy1;64rC+@<92nA9>z~eM+VDMPa!9qADIRP zsTGVgbgqi=yQy6VF-3tl($SDz4S(1t>RT5r1%P`i4k=<+VQ5rDh^j;E%n5!1<8A;5Thg6`2B%;h?loQ9&kDQXznzZeU^BxWH zS;#@&&POQ+*f&8mp@#C^Zyj#six$Z5Oxw;?YtoNzS^usTc<0=Lh+Z>ojjA?kAKXxC z#Kg|5mR?SX+I@=+&~gN5gSZk!V+4%v_qkSutln z#oL;(rZc`B{QBTc+x8D5d<*V#&ik|3iZ3YjCpx|6$p4ovpefW+e|2BPAK3qE_M6l6hH%(q z*gmKBhP8fnZk$Ew=k@WygQdw`-${8YX5KYBZ31$u zJhR8(pQP*ibHmxzr}0PnR9JNQ8d&!4G~UT@j!Sz_mUD?qb8gRB70D1TFNkZ41!~y^ zM-U&b-ajI+jypN@{0%>M;=lhh@){9`eJT^MShx`LXT{z|TA8wa`7&}2zF;-|>^K`R z?Yn+2z)i!dDY&i2{=B6y<`{T2X8(k{>nRsOjeR2H~?=Fg<;q`6byZ=9X{3A93%S$Y9&5L)G;xQ<#8FBOQ(|nCZP2~^<9oAeH6R)dxx5xAe7Uq%S$d2h-UBQ+!JioK;@IU zbnPS~R&EV2T6&J*fo;62bTNCp$vn|bmhTv218*(6k%45fr-pgl?bUh2#3L1yTtcLy zt~1PQRAGy#eI&MmC1bHJ86q{yp{HL>7YL55tLxq+Lk;5md)#Wv%nAD2b0L(|-~EY7 zZ4A|>z&*wbA^B8w5av!IP@3D+Ay>IARZz5`ef509J~?xzgtku34;d0&QI8}QL{6hB zt!&%ic@2p@t;|o`DKG>wt67#kBrAXAbJXUP)Z?r#jE>9LhR#tC9QcW=e6INe+Y}r# zDMc=3KIyP~!cxJ)@D8YfRh49jnux_xh5zK-4@Fc zjhgDyMCH@YN$cT)4uHQ6+i=Na>Ty0}%7yo&OBGK>a+8rn29WAS=Y;#mGvW(6TGua~ z2V);~1Lh?BPHTp{Wb-|ysI~(dB}s@)AAt~bq9{SZq0h9%R4K!R*!^!?aSTYoMI^KT zu6BB_H>oXG_7z8@!gz{XA*83r)FLe-iEx_AS~}8Jl^Mlt=Z?zRvC=kT7w0doq&Osr z;ky;+xib+y-HyH#pMzj)gHm4AOi0aWS;QcjRvhlaFAA)L6d+OccY;~NqcV;9FR1!$ z=du1!ah6~;bw-_u5^XnKy3NGTI z@6HMr#7;s#IU-ilr18r-FpY4O#LAy_!plkwb#uAjdi2Q z=*X(+HU;)QBxs69Dmn?5>tkGCq!M;UidMi4@rr=bN0&LUPd^aP1Ewft_`o14PUzpd zJ|w(>LJj|Q=Ijib6i6@`00x(VP{t8zDuCo$j4)MNOsE8pok~eP(0V?bq$gi2n4(Y@ z8>l_$_g+7lRyBHADmwUx7gm)UBbAK_jW?t!k;Ft>IIDCY&k}cMEQ9T8A^|iUlatq% zhfJk|nTZLDSHK)>_}r~CCk&PSV^DuTvD$PN;Z*1ow>8W3`lEg$ z@{)z`I9OYYSPk@fQ4OxfeJMdwuWH4g+uAyyiY7N2`hZ_cCio+?2YoNT3{%D8T?<9! z)cR`k>O=(E=-Jn=f4$a_a?TR6%_|}c`+=G^u;cL zx$;S$^uLTI3%vC!n}z!tz82)b38m)x0+KOIZY@uNn`TWmPeeXLR5V-?Y;<#3}n&0#D5ctyJzcCYYT%xK`YckOQVYnBr@GP+)ZEl9AB`8s>5 zcb%=FuJKY**rAvVd;OLI1?Bp8jt)^0n&P(B$28^*N^;a`P5ihpPe)rW6({qB`Wp)yZb*M{zW#w-$Z~QC=$ejeJ&|vJCk*mo;FUMclJ*QzG@?kAO(p6xn z_Lox-1a^{J^D{PJ3lZQ|E_4B{Yw+PWHTql(lVJYv>$tH>`AH7hV$**pr13NP-=#=? zh4hksj@N!+clwDEMV4{_jWd`34niPw#5`+r`9O2~UP5(nHN@AUzVBGFSgKfVIoWOE zozhNQi#Qc&i21~VjA3$tBO|8ITW zfgWV$Kl(c5kG>v}a?T5!F3Jb25zTfhcx+A}4ARmxsiuUF0=7UUs6sFOo(hWswkq-wH<=?tHHUV%m2TtM42x@MQTG^_ zVq-kjFoNGTv6dNNf5E8&kA)lz*RMqB=34g06FIH6YFFL=L$9j< zeD7t<5$uZOK3ia6`B)J1;$#9z5lJj1pv5F)`B)=L*LfD_Y=0N>$CG2Vf*PA@d=4E;VEUJ!`Ij=b9$}!#lrE6xr^ou8Co# zT|lR4ill;x_rOg^29AJ5+cZL~N?bAWVTzL?{;h*Eqj+^{1h)XM$|U32PW>t_`dEL0 zk=VeSyYTc_Eq1%1#fWlu(OzG9ILs7B&19!?J92*QHBwuepu&CbYzueJh)yyy!S{0fslcyYoq6x?)4GP3y!#cfvEH~R623>#t+>zw14-Q*F;dF9d$L9B{$Pp|F-u(x9 zY4`Igkxbs8qEP2nnAxmn{VHVk@C4mE2x=34>fpltIx+lUBJ{;muSl5+dp`IwgnFR? z+67Nuvd~v+IBoN?kz<<&EXu&**i)rq)cyAVmC^AG%de>7sx*olEy6${?L{aKy>@)bvoid~`{#`I>l|G5wTT5@%scuPD7^D#g8@=?kHd;W^lvRqwi zDFE2(G`xN~GI|U4;*Io_tkjUIR{4L~Zx4hr=B=3Ex?Q82WP`NAAMM zcOMBq{7q&){QA6Nk8Sw}G5w73dHlN2ukvR)YCV5G2u9|nZo{TZ4)$JHI=*7me!Dhs z{CDyN-a@|vai#feoBYD_O3dpioG`orYQ*})$<_Bc%kM$IW@IwJ)Pe)-r!UAM>@9fV zb=EtAJB&wOK)GsAldsFqXqdqLsaxP;XZr1#aCOR+GkhqEH)f>ZIj2nFT2UV$(b5=8 zK*3Q<2#V!U@z_w}wRsy9eA)BsS)rn-H^X&2@kM(_U29(r`2b_VqPn}BlC-{*mZYYP z6Ny0QuEEQIWUUl7B=9iP!PB!$4>qrPKk&9cwwME#`hdo==grwz# zxUiy%--V@Zs*Lj5V3PqTDxk&rBD62%k9qTbLu)Y?zg{&lTJu5QKF2#mN<|Oohg#@*q{fSL6VDdmZExD$Ls@Y6!xJgy1~B09jXGT{V!oX zXq<4Q9ZmCuVolvRyG+WvKPx}yfw!x45c1+&qi|dmdGP_1T#E}7X~A6Gj9_u1d5HWo zxOD;LBzo4p!T>1#pQod}SsEX@`cpYu$aa9&FQRN2Itj(~&l8PEZE{`Xg!SJu6KY}r z0<-b_x+@dTT={6Vv?{oa1%@t8i!4$*w@*CfzMr>htkZlse+t7Ir%`&u4vg6j(MIk6Y_esQ;e(bM?Hi-CMXV}&dKl0x>u!{@oT#8wrnN&oWQHtNvYqA_+TA%K5kTu42h}tq z%M4M(@vKY-d0G5wB8e|~JmHG-2vmRpTaBQ)~f&8?(h--u^Z4aMxa&By&GY`X4=GFBj{ zF8i4EYV+(GFcK!Y8<#gT8y3uVq18AmpWv_t3Wq$3h`I9`LLioKCHIRm7+D>ts#xLb zh0s~!n)lc)hv}{@MNkxL8h8}pS(J_7X<~SQU)eSR{i(JfiZ{K!&ywABpS|nC0yezPweA?>g^ItIdhx`Tmq~#AMA2c`RSU)R(`0e89 zA#gpzKj2+3Hf70MJdN}Y6dW*ZN)(&ccgbt~rX5V_IZujthX<7t9oi3Vgar`d}`GmUrrE<7Sj>+pe9OjI8u@rJ` zi}h6Sbe<&G5dSB(n%Z-~E3*%b`*wlApI#*QF(UmWpjEEim_R;=@_1gwKDmJ$I%M77JBk4hY zOde=)PW)rlo6EspoVE=p*A6qHkh98kPb9HIi~DsTMZGRCrRTT2qLKDL+9PX9UNQuT zppbf)mSVNq8_9T-4AG{vbfHd}Ec?c~mPy}-%8-vzl}dF7%$~((1|;+f z4_?#1H;R%BCHeob>O+w4SR<_YG|wNqY1WdXuU>_0VtOP-0c;O?=uEJzNVj0R?o}J+ z@P8V2Z`7j~pCSviV`VV0tGf4Oye^1KcMIvc=ge^8iSu}FoctAY@jyb4b-r-U`JC2F zV40k6`bLZLH;jyNvCkBv$ZG$$f&MG?|7D;b68~QfbY=Jd80hZ*WuRXj|9=|j542Ev zuD)+ss8g+(=bjA7V#vstA0J z_R^jT#sKf52L9~jLz-^?<;*2H9^sR%j{HnW!7m$C!<_btKk83lWupql5Zl|q-d*z% zwQ@IfIxdUTl$ug(Ym54v0wxC1#gaszOn^dTZ3aDsn^Bg;4uhc2#Y|uf48sOTr*gz1 z4S9j50?S^$u_Q*=-qwy{Q}v{dnV18Ct^=+b61u`x>a_+dX}f#UN7@HV3~|ee625%O z9kHvYGq*v==VQqwTwSkIeMh;UGA^qmh;9(&dw`uuLwxBA(rzCr9wCt5JMSJ6BM7<( zz$1UGt2a#vaO>3~Vdu?L=3MG8r;?2o3b{U&1|xC(rydeby5m+23@PaLvy>Eel#bGq zhPys)ayO!{o}^T24=ED!cUoqP6s{q4SVTih3 zR_1uF{^>L{80W_^qQ>5pztmq;3vx?H5;QqgXn;2)zcVcfkYq@wc?<_EmsE?_uoBf0 zt-5KLGMA0mXR8hy+p9_>Zk5J0G}(Zvr$fc}E{&$Q#Bq(tj5(5zvq4W;sPMY4$<)|p5zJpGBY({jf`Le)UArO)(3|46^4;W@FKlenJ!>NCKKkcEtfW{Dxp_PlSjxK} z$fnFkIgUSQY!B*P%t!7Qc2n5w76H6v^%qU|G;L`egN|75H*sd!3LZg>_5i5Z62eYD z?r@U8T<*Hepjm5V?puIqW>N>_XP)gO5q)@5MamGgi_>+qdDJW*5}m(@tvFoSL; zuDlOSoRu;1=+emr?lv^5Nvi|=M1xh?EW9SG2g~A=TKRS5Sy|sU^+ckv5g&^A2!0I2 zDDHU>eW!ttzh#U!_nzWM_40nX2B!nOQ;RbGn&WHtuzoj@RA>NI-$)jWhIBMHW+Y_8 zA%r22cmBx*v?q>4)E5C1z&{~h+y#Rd(2?fhHXlWk!JccvLJ}=cnCl){EDTzC%1fkb zcT%#t(ASJ#ST3{(p-I*_nv+YaNB4mvNxBQFrNJGB$`P8r|0{1dkjP8GVI^dB(q@XO ziS!NNwtk(o=QOO7wpa)$)VUY&On8s4e&G|5XS`0X*g^zqV+4iCg$i}j`8B7RkZKd% zj@w2T={+6|qke%{ap%$=!+|2Hmqn$o;Zx{vA%v<2K^w`@XV zRjEfqI-_YorTQLm^=~eDhRcHAx!ONHx)hm`ntDQtAP{vpooyPKEz#$Yg<;6@81zRY zwb(RLUzWjKi5_X4jD;HHIFC8>{5_3xn&r5JA7~VDBz@O;mdB+-eGS@2SjbaY$WEH! zn{R3MsQyP!?`)o{&X+3lSnW8djW!@cgdy5(kF_?LgsPE>!dSVCRv?y zB+sOp(M~q!B7r%cL&@)j3}M5wcuDKzhy00hHM@L*TdYST`UGZF_(vlR93ujVNa?6A|4L_)S#{ z3gaTnVfmE=g?r$)e(`E(gM@~M_4Qk-?ZX1o1)$HFb(cihMx;I~a=18{FQnH9vjD zF%aCbV*@60Y(jSq9WwbOkEu(L{!1QmnCMV9fclVyVndh=Xeb;Hb}#c;PL~%|r$Mg_ z@D-0dWWq64CBC&-altYv5)r9OP8~X0Zm~@z4QRR#4~ASuX(L2R7>dbz&SG_0=tAVM z8^=sG)MOt0*XBzoL>BzZ@h34=?8zU^r&Ljpfg+$D%kn4F@xn}p!6?BK?y+~z;5Xj! z*<3FjkIDC9PUD!RlU&aJ=J=Q!$ymV5K{vOKJ@Tz=&SLBb67Fs)DT~TvXv`wgdgPCd z@9A`k!U>Y$ZbqXOYS&YpghHCk3Yq0Iy3*<`PbUHkBJ~_4kj1mq8Vx0P?3tECbNRsZ zi@Rz|O!CMQ6@5pcZAe`(>NdX889~6OQcP{F`U<~>Z6l|4PFixpGf6iyYU+4}q45cf z*;9!rJ12);JI~?CvW8ebpb^({vK79KGxK=&80w>{g#Bx2fHphh2Q6`ur$ zGe7wAVnvl=G-IersgrITq9CM5{9w)_aB(tB=6lYvm@Y1AwX5}vU4>UjRSedIktv6W zOp>w;!qX;8Lfv9$*3=XRCndENc|4bBZg^#IJ3aZ!oQ3caLHREEVNA(jn~F`Ul0=2;&Rw2sguVY;ZP?0Iyd3DCq@pvp8x z&Pz}9h5&yxTwXF^2xsNu2WgTB z9%m3Q?V8o;DV{{(Rl2O(u0=l?-4fLnbypL>{jp2{UIW3La=D>l0Q$&u1JU+UV%o${+#&U8+9;yFzQ`XbNyJ$;}uL-rUC-a6*f62D8K zXpp9Ywpy%RTxjG9_|)<6l7=)kKc$THX^O?&n}s9?m#uzxXWq0p_I;UCTl){;PVL+N znd~WcVhew&3%v+~>aCE^WR_c1tG>#huBp5;hl=(8A7D|vz4eFisP=s?&ZN>fJQmU? zE0%5DMb-QY4H$o#`-|p&T)}lFtJQ1HyR#Hu^vFeIxJ5seh$L|y0V}ai@8PnaTYZIp zDX4C?MI7*m7raa>H5rjnW9UN0#$x&X_M8IYwe|#ZsQ-tTA0hpajIE)S)fZo?uf8=* zy?2+Ej2JF!rvQuuaIex5(<(8wt?841uM1h=MYpj^b;s)62f-jkIbb|z61d?yNphLy zR0B3xb>i#q-V!Cf=@;oS#2B5aBsVaq4UE36UZ91(_q-y@*{buf|EAaE@brjG`7D== zyfLqAoA^w!pvyX$8~8#Vry0-ktT@8^Q7ggR}2Zh@kqcFW{I$9N- z$aO%HDeNWQvPyG(V8Mh2mLcZPM6t_-7dxvpY2V%V$HR}L)$8=HdY%4wRI9aH{nk}$ z3-;N>VV@Os?AFTxvhba5@a$aChHs4Zu`fKjsMVf<#g)vLDGz8w<`iN5_k!dC5y^o2 zKms2Fe5UOjg&5|IGjiSxFaD57S8Gc^M{N@wF#~saF)g}0>O?V`>QV=zXGPko@YfBY zuUqDTU%Yrs+9nb6CF0d8!__oby#}+8n7zGMcv|&V-5jO1euF+UfUUTGzP-#W;o_oJ zTWm_fsmj#J!N7F(ie~fx!whuBFBeW+guC>uX=>ey(3~NEe%rASfeoStTG5QjY~1HSNza{-{!MDj-(EGsDuIXt+fPwByt zVhkonHl)?NFAaoqailst^+_WL#w=iIO6AfIaLpWM#bJ8n?O>B=3mRsj)+rWC>Zg#r zwD4xgbAu{!t@^CE29hAtV=DVya~hUvN$PZ0}e#pGf-oo0Ex4ZMv}zjz7eohIHyYXV;>MIt!}%`BM5A`&x2YwC{bfZL!K z^hhHM{!12&V$N-UxQP@Q3rg#(w?%n=F=w~VxLlY>%%!9nS}RSsex!B+y%FokA_s+` zi8Bme^(WZepYlDB2}~5R(odV?i9w#V3Bc8?n%;}ar}R~z`Vk(H)|#BF1{a|)!R2I} z>fl)xI8+oV1Y{#TZfaY^?8!Ez?F08ID_8~mls?4~Ld$^KG6A5n&?MPY-xf5cGq5kY zNvIo$VXK(dbI8joo&?eOu-q=E{fVX(XX(`uX(5jD5C>gxjx1AUkNc7Y0`u^ATWT%A z*VBm#DSVl_I~FVsx9xQQ-Fz_t%aMCmF}s+bg%Y8kCGLMzJb@xpwX9=gEztbxes*uI z=p?RZju3bO_m;=oo?T$L`xA`ex< zI@-(yc}kj!yaJZ@EucWHpg*Y92K)h2{_yNbo#k@3yO+JcVJZi`VGmESTpW_aSGLMZ zn%%z{*f`t%t0Q$@P1hru0#bYi%rcLm-AOU3yjiOaI>Y-Nu+A%3X5*`6awF{scYaZ; zb*#YQbVQ|%xSxHpzM6lU$B^vUYPX|8cN`?QS=FtQj)QqNBD#}J)LB<-6#CR_F-vhR zh+JZ2KZ{W1_Xc#P7CRov)N21sKMZ~qWQDixlhuCwnrAB@TbWA$tR+BHaYF@pM780$ zLTD{&_WZf!8Hq*AvN;1PRKT(~u+~-Xd?jWI3X5mtS}3_e$X<0QRob=ww|HRy^` z=F?hgk|IV<&(Gc(S!}>${s;Q2*nPk0nf^N1`U zm3Wv3896)%MI;VD(4I+=7DVO4gCLI*N_fmZ2YIUI2Lzn^KIC{ZIhn4BR-pM=qxYCb zJ&xDp5b7S`C1A1NG%6hA(Plv=h2m}_CsY;{H}2lEXWQ%x1pFW=jdZAl+N&A;?2<&U zW?%=@O5xJFDV}(}+ToBjXU#f+oS&#>gX;-b^hmKQBH+N8TZYSxNj0M(04sE16`3@^ z1z=?`KH8@R*2eS;CB#oZJCNGSzvc)_hjAj4+)y>U66pG1QTlLSl@SZqlYL9(&&zrf zK%v8^c2Hg2r%Wnl7UNY|NQUVD&_K-NF!#&>g@hic0x-2S8*?*ik?xp`f;kKGh>F>OUcm&o_7$t};d-5!|$!1hg7^JGgM zDStB>Ym5&s=MoKn$x~}wkTd2oeiSY;+~7JTng_Oif?v90{B2 z5&>^Ghwk1|RS(N`)hc^gVT(8_1(Hp*f4P?4EwC1z)&kZPfF?N;ZW}lc?ptmFs+6>X zjGUdEo_HBx95as!4atxTF5vm^V+99yJDT)QsL|!wk3OY;{HidUw~qAwQ^p zMy+9;^jhuKJ$`NVugJL7{m|;yYOU0l0W4yXOR{QUDXavRYETPW1htR=YLV70q)Rr3 z$X=9o3S`sEJFFUf5;7zQ+K_#KF#GH?T_kFb53;IAXAok+1V$q-lNfbSOPPZ^JAkfN zH?$kz4PtX!6dQXf+f#R8gK!EcAs6JJ@b`iB8uy?>4(#^>BV_BVp@^dsL?FBzIz*u6 z>5+9NHrOEt_@#MJt9AQV-LE$cXMSFOY~~b^IBf)W(O8TI-(q&C{ZSrwHT4?3YJqwH znDj;yFgZKYwgP8fGP#?uBc3M&FtR+$P3nM05j|o8h1f@6)Op%HpA!R@s~UKs%QDbt zAr(_mQ&XmomBY06I3#`Y;iHX5sAn&8hCJ(YHHbOtXvBj@W}Unt(gzzSw9d#@YYuvHprAZ&|7ZhTysR3t!~>k9AjfMl)b zi;z>sjUA(`f`w9PhIY7!(bQyjFMHpwdruQi@Lj(%Qm6R5c@EHW80q0W)3)icKwsvc z%>o3Xb73lgi&LW%IQ#b73h(EFTA;w(pwA9gb}ecpSgHpH+MSRE(%Yy7U%M%|lDg|c zGPI8^ayX#gX3=&%~&N%L%? zCLm-HL;u!(=L7kv)4FZ-ul8fjH*wwN6jEQqcxztqCZ}+fvlQ6I)9=1JujaY&B6rCH zKq(a#(g&d7d1KQhE!8TKK`zgEW|({fkUzo87OS_qV+>1K9Z>7%z|yH&oT=fpfQYpK zUH=)%YsEHI&a^k(y{t!f3UHbM!`Wu>?s@t|`zxb6IPM24Ng{pD@9P42Eq z`(3x+s?}aKNgK^>8wTG}rN!XnA!D|ZjsYFCY;z*dFqmP_Hc=%t zc-Ot{4hG$RXSClz-|Z?^$NmEHWEgJUmqsajR3{4|m4Kp1R0s(~ zH5*e(YAKv;lo_{VCAXlSj$2L&aGz_nQMZ578r%&#`xCa*qin#+n-qr!7=DMeO=B$E z@qY~?!!K&JQE}U9+Eq&43%W_0urdxSvs!w!Je=**6YXcV)}~Y^RCBywXw>Q?>iiw5 zZYiLru@PnqgjM739uComZ|bF{;VeCZW1R^HO^kUz6~AIYOO4dH{@y6^8^x<<*Yv#W zG=kn@U+kW-w3Jo6dXaWdTe?$o+j5syM|VJE2RZEYI<2Eh{V7&!^~rs|d)FtuPVcfa z)OHTFC}a(A`z~7VwXp9;XgGq%6+pnHF}aTsz_N3Ha8&p5_`v2vZeO356`wU5>fqnu z4)y}X5)B1y+BLcyNTX-cS?Y@oa}4=-0M@lHWf>^0%XiWSfO{QcrXfNV4NC!DT=T%? zEw3i>NysRC;vp_;aZOOu@~)#7v)dUF$mrU=?sl%oW#{(pL#@^g7>2{#au&=p7N;5G zah>#qe4@)b89njr3zJv|!Bcczek-}!bus!4xK!sfB`l^eJCO*0AbW0tm}x!Jlj5&N z$`?GM(onw6Jz0nloJjWZn`T-ma;5kQotCEo{-F-${^TY?zqrv3iz}ObR@F4 z_-&o~#?Noou-r|<$lp~Na-2_;fAO0H{od_K7mDfoMNCi)nASb+DGVh`A;)6IB9_cW zY(gZp!E`}+d@~?*r@3)9_rn*G-Uh z{!?3L<2-0}ulC0RpPGR?1ubhQYM?A@|7K}MClOEQj?|PZ11)jp(zf&MRQuKQBC@6* zM-^=tkHoAxv4|U;dk0ulFLkGEYfbZn$w$;!X)fFY zKo?-TjxhJ5BwZFO+z>Dwl4U}BOO_|*|KD+18sv~4t=L3>a+QrNzH2j&b#gMUcH;u@ z9B0~w0MeMvq0zb5I92?Sk?&p~zxwvL((=h7`D9* zq>)O@6_3_>0V)tx3SFAYojN-?IXiy+7P?hXM{Iv%#j; z*6y;WuTOLe2cKEvsj-oUYOSpsI7B<^%#u^zBhdvnl{Ac|xJxWY;}zuuzz|@jInzjW zjya=)TXC0z?rlw-t=R$fjt%$F;bf`rZ{J56k1?hWQVqCCsZ5|p4%H|QMpkn+z@Z)- z83euwtcT%7HZO!tFR@_AW9U3Vc2&R@!5ubM`L&o!RvVF&kmGro(D z{(3Eq0Ya~X4>rHR*Qi;E#zwri0R40o-@&%cwGTO_O0%xCsM~=^n#c9qz%hQtAmKIZ zIq+EL4X0Rn=8kG=cc^YlN$zKxrS*b}tJ>z;>kQlPTK#eBvU}Sdf2@;HYup`Ox7y>o z;Yaf0eM|lNT&;5P!3H-_t95av%R;`dskQX_?w>23o%$>kok5?iK`Q9_aOQju^6L3) za~b3djNV8+Cq>AlS|=0c%#%tkrFoPY3$Ou*@w4+ycS7CrEF5P3Jj%n<0!of#0ie{` z*lLqw&gyGYrl!sfw%TA{*V_vkmn^a{IxNoSEQ2UBbn3XM)ebyG@-&Y_x&Rfib`q+4 zi&$4nSIl8pcjGfh6yuSlhAlffXl_;y_qVIV%Np=1#q|a~^=0SwrhDJ3lj~ut-|o~& zcig)Dh)y%N_kZv7F7NJ#H+vnVYF+a#Q3Yx%seOYhlPwET1{HpV6G-$HQea^t`gF1T zk-=k&FDiL&0J0D|DI3OqHdEqI<{W*^rXN7RU8!WZCgogr7M_hQ97 zD0!=s#B-=Qfr++n1JthELQVh#b@I6sHk0$--K?-xK9h%W1;>D4yj~*!d z6@gl+5=_F>*w?pcODO&xr0TwZ)ftlh9cg!m?fc$ntVqj#0q{=B`t`_S#*)Jf-kr%$@qq}#u~8}>R^ zx=43O26v-T7g+)b+q%6QjmX_~UA^?G)oa~!$oQ^Ku3F<3#A|i?ZBS9SZtJA;_fBtc z+ZujUg}eQ$?y%Dy>sljd!Su)&sg1+wY7Gpb^t8Q!DaUE%Q%zUX@V={i%8k3t&zcYk3)dSs4T+eedsx;_bS>uj2bh$lR z;DL&9Sc+NTu?ccECMvMV$1b8s37?OsSatZLnwgm7+P<}=EGi8)nbuxFH`~2#I>TP8|8Zx>6X&;s%>IPUcpPgL*vL7FYZleoWd=-g0ny$C zLRIox7gHB3QcRg_!(Yojrp;Am-F4&4XVptLx1UpJjR&bW9_@sYlESTQeU=L;e?=AK z$yTsbr|H7@*ypk{+X4(%85oMdSI(o+#_w6Z3~a*FBe-Kd-%u|y(RWIZO}r(U85b2G zWgfq$FKdh~(q5fgd{S*7YDrvyC_z;4MIbF!$S+M`Ji9)qh@uK2P3zXZG*;3aC5OH<9o`a-X_LFyH=U52lPqeW9C>aI9OmxK;z0 zWb8vC{B!wHz#xk_(H$|y*@dqpPZZ!mP=v8_^;)2PS2jj<9Pf{aSu01%fn37 za-(r8%fyUnv}cHc<2W@iDSVP=3|xxSe4?aM?T3i=@qzG5Qf+RerwNr9 z#BTeV&_cL7IH2Nvs79gaDzl30wNwck$9HKT^9o7_8@T9Sh(-=Wn=HFpNQj^2(M5x{`U;#9`Pg5Z5&by%NEVZ&^LE~1}%Bu*V`62 zLq`Rl=FG!)vYen=MrHmRfIrN17I z*+e!CNf9z{I(DOI04N77S-mZ?SS1g@{gk+xzphtHD2Jy%%IS17^>Qn z-kT{DBJ6#+Nwv#&wnC*k{z~;$eG3X98N~<-8;G$s*kXgtDrhQMNs%hV`vYI~HpZ8hToPk`>F^bvAj)M`JSp1p3IpP!sIPG6D3lQ+j_ zC#R=Jwc20251%X=;edou3Z(pCCp8VzH^!)tn>@VcxB|EY1lcyP#e>wT;ca;bCU*uE!MuXIVf{gUs zP6V$wfO6DS+_KAu?Ou0u1d&}?t@h0~swlcmL1^o9+e3eslq^LK79-S8*Gb0GtWMY? zjdDxM*+RsqR69IH#{bZc2a(Mz+HJ_djT+>o?q%=){BP2Z zL>?mGA@~8<5v4Gqfn;!u(apdM#-z z_!yErfJ~AJsje+67nQb8#ekcHTnnA^ji=-v5sx4K^KhPJNqTX7{PgtHi;5b z&a*{?S3hJO3vt&r*DP|&VSWfnq=;AG=k|& z?JU+v9)GUt_s?y;2erQ*k2I$Rslc=4&!zSvvAwQ}E@}fo{xaWdY&3H|5ZK?=@3-?6GQuSwp3>ghSNS?7Cjh8h-0-Df(XG`^z z7+P>aPH(t+!8FC+6PnF0$njh(*s*!dF)&U@Nv@eb8e&1Q$ALy<(iuuj$&g-m*|0Jck-hBcemE~()`Ts(wal18%kX4z6z&y^lQ zPlSBBG&bpwNmM?A<|x%Yf>wjMc#2752==y<(+l4!K3TtZPr$6 zbU1k5K3YfLoBz$|d+^c(etm;qLE#DcDjMH5sJwp+p@-M)NbLjtG)-v06cuUpI-^0W z-TC+3X_=V|O|%R^{e?c8CE~UtX(pP}*-!+G2I<$5+ubjLt@G+{!+)iDEmHEzc`aOG zFEg(|Z$Z+9Y;9(fqX=9S7QyY&V!fmPEXqY7z7QTmyab*Pb29LpfHc-5V_~wwp9RN?E!FJuE{Gnc;R2|~BeeA#c@Nsc4&BGRYL;tbL2~ox zSUbO~$3HKY4Gq@yb5VNuH!^3@!Z^yiVx-YXaye7~XOXsG24b;5Z?A;_z+IjF;D>y| zWXv)KSx^!Yg9~02=rT?{swX0-fF1(y%BH%myHi5*Or!ygw5uHIJe)s@>pp=rAi0LE zQhg%iosj&C03V%!2w^EyTTGI}cZ1eZv-WS~A)l}yi_Dnk3H8Q}iVpue(nI$zC=fAO zrnntzyuzVra&HZ{NbGU3ZH$n&Kir#yZ2o?dve^<^TF%mkPblfLPb^rhm6bt7B0`fd z2)Rkfbz*{#YyX3IN87SGw4xfSBrr*hNo7RkjAf2+l0bUSy z_{YzDvS>IA>_(C%KfC2q3o+qej)UYu-3RLF5jc!b7>ki6aJ$FNd;$U&=xJ6a%BK4< zj{mFuT8bRDqei{p@yNZH6F1U>nJ)12kL@MX_PWxIcRtnN6VoQ*|p-jmubcp?m4u;!nU_| z$QZQW-F@i8x2snB)7|^daM-=-zz?I&_@;YhzTWGv{m%H)Ww(FzY1A3M@3vLZl-=?; z|E#&4JYpAQn8&TO1*`^mWHWTPgxJn>O+l%?-lt5ic|J{{`kJR&HpNjPmG996{z_RO zSq5umm$i*FW+)=31zoorR+m{$XwWoKq)6Ky-lk11jx7`Fycb4pBTgCrs}$<7irC=Md{Ba;(dAWs<#^P6wT&{Q=yM5x4X z9)lCUZPzJP0cnK>^EL7lPs!=cWpjHQdn;TM5jJZm_6JFRq2&EVjgSRf2)VoCFpkj%Z8yHcZ8cYEes>!%o#&p30GBEysnoUBxuUGJgSUklTbe$Sn zJ%u~tAL`cJm$m4BIJ^Gzy7{_!VmXWCZ8I=7o3t5<;Mo27NwpB;+ZBIt1e1BCGsg?6Y zpZ4EB;`5K=CI8ot%E#I6FE0j|2C6jyxPGG5eWH!z_o@PQWYqj5WbH9-* z)v4e1@6K<&Qp2z_pkfEn*y+u+etbtYd37=OEBTGoe$$)xH}ZWRGjeuXS7hP4-~5e3 zek1?>zsPCx^b`u7{doGF-5|d~3$NipkIG<9&dyewcwK7ZbhU|dcyPr6a`qM)cxxI^ zRZpAW!Sh!?p1$=ef_5sINgA?R!+i5}Ki0jn$PQ_>H-?)>Ci|yRI7K{W%^G4X=DNv3 z($L@GP~dxbJo8V5{c$VP@aN~h&8Niw@yX&-pf>HNggzYqn$ySvs5O^#5k2c2Tll}z zlk+!4{_pJM{QUe+{_l_Y6qZ;?y%Bq45gJqu0wy!i-8IxUfql_P=)-|2=GkN~$U)nb zF0wJIG>A&-y1F0-C*K|`daZsAwa)p19Gsr@)GrVMbU_Z@(}-)}Bop)vZ8Tke_s2Yn z-R0)F(1LG!Jg0G>F(fqtwa)jbLnr`HH1oNrq7I)Uz{No=0nPw40!CYa>Xrw4i5e?b zvZ^I9W?NKo9IWb5510s_qE1A?geSnydqmBY6Ob-$20RIUo7&B z0>#Z_&h)QF1zh-1K<_LSZ@4w;U48qCBoWP~LN3w+dr!b=c9T}qM1I{`--=n)THXps zC7a}k@L`pU80ZQY7{WoWTRN|OU9x)CF(^kpH}Pfoo=D76(*q0lr62w^HR9FAX?7E8 ztUnbq>d)!-qr1MFNH>+gq#{13D1S*)9#mDB;DZ|Q6Psqgs|r-j|0olf2?s+LZAwo) zI|$Duq7Y6SLkKc4&7Kfh)Yu|r9s@pt=M;YcCXqy>JQH%c<>0x3<}p^O}OiVK4`CyAMy!{SY{_c{f6VGP~k-;U^CGuyvOa=;_t3}pFJ|UTD|U)GILP25M+buMiP0uvLf{bX|{Ut&v324}Y|@;KW>NrqUCK*1`C z(zo&0x=D0MRi_Y(>rP_a_Cc+(FPw4f%)5`uXIuQm*ZZ^&8 zHu9*|;NDbp8*}wIFRWQst4CG6Ku9Hl0!On1e~TG_yG*5VvpHnVS(BVJUmrnS=7L8N zSG92Kr}+5vSSCeH+9mhlOJG?67j@jLrfdllklcN73Xy_;B_+Q zb#lY&q{r*z2mXvXfe_*Sw+U3+G%I9hyJl?rqnow=&SE8hvCCu3D~sXkq%$O_X{K;*Af)9&fZG0(c|FZ88yIne*H@ z1Hpo)0~=F4Vp+E3C_zG3#p`>K*ah$7ssmPvpV1$j6N`845Tb>KJf>hu#nTHkh5d; z*YPb+vrl6BDf{xt#MysR9r^S{fLm}1Y`w2CVxJRCRXF}>GY`Kqz+WC0?-)(~zSv5% zzJK2%Jsy)0|H8;&@A9a6s9nrsO}?j(l*}1TNXoyIXMGFFvYq<8Q>Wnx^-0*a+hb|aAbC5br(NqfGVRnVsX|;Gs)<}0SKeL{)3R{?4#OD z=OT|ngc?Y=pU1;^`l0USiKaLL%rCs_ookM&Rvh%`XF#9XHgJQVWab?zZC6VGZ)r8J zs1=}*y73Y7hQ~>s5h`amFo*-0@pxvlFB*chFClu2+BBGNJ>~89w*(5VQ5-SMHP2ED zH`bmD9x!#FQ;Yo-s1`yZ%;8lRTb?pm?)BD10ZSk2v5a2PjP5i7u>3L7(~mceX0Hoi zW4pVKXUe0D$#*;qS*)GXoBY)MBm{7Zs->O`%kOz|Bun#!VpD#^Hm4AfzI6ygRgDoCNp<(HDMS)!)Ki9#Q)&Ri&S*?x z_BjKeq&oKG0=xvxuMe&uoH@xFV3)^v-c#IQX+RT}$0?n%5zIz=PL-U@8*qmgF%HL0h)8+{QEHx^_ z{pGEZpozL+ca^tPdAO3RM`+UmM3Hy`Y48J^7|%a4x@!%{f~6_y>Ol~wx~{h{Hi_hM zcAZDjD5Jr{Skho?_Xny9QFRDZB2a71@e*XlGLvN{Qj;4zkW5lc{ABlS%Cf4iVCu4b zXA-Fgg;eL7%QPD?V-?*<91(B>MZDhEvKl40GPY< zfb2I8K8uB9Lm@K5rEEP*U8q7-9n0FRV=07w0Yq2vcy|0G5p`AHX`mXHswE9bp;oD) zPiB?sgheU1Qk&q!ljzql%lc->yX z@bXnUC8H`Nq&1hrTZko_oCof_?ULDD;c;*zC zin~q0t=KpP`g{RHtQQbN3PCZp;3>FEyvP)&0qwW^6*bC(CjPE->t0yT(fZ*R3*u>w zO;eG^x-p1KFFgx8?tqFK%1|6qXt-1`n z$K<`Qb%mMQJd1{DRdZCHzN%+s`tC}+j5`VY3|YdXd6p#uA=e6Gy8EgK(S~-lFz?3W zL3tRP%9Pf=qGWkkMJ3yFhLt{ZT%%nEw&o(PEcy~di^OcU#T;>qMM~D66@s&SWR-sB z4y=yp_zRf*%qV;;nF?FhdVZsN67g3(q5|37G^MM?n!=ov)*g{$h#5h#vPNpzV=@;a zz7@04oF@sBcgeP`TrOVT#im<#Nw(IOV=UXnvL2*HVfb4W;-!&12Aw!e1YfTYFAl|( zUpJQW^Ub3%r8OAio*Jx$h%bA8S685JZ!8|zTKkzBNkye~!^!-I)tl?G_jj`hq|nx0 zqZlPLVBM>oIZ-rdbFm;QO*|pGZrSU^iCaKh?r+WZlQcVTk7SApL_EkOaHvF z{4ONWjq59@V0m(?SKgI+30l}=ndCtV7$jQNKqR}8$6}QY z3jqXEl_J|HrYVKPDIK*vN7Nd0e_-2O#{HsOM$j5`iC3z60J@OB9A7n#HfHk$V*N-lqzf(Q@O}mVyv4~$G%)=_tSnI<>`F)VHApQ7zC8tG8D5mSeEOumDGI4r2*&h zK^{dTK;PQvJB=Rg1F)E2=}i|0mPSx78&m-P3gwWDT@dYhX4Qo diff --git a/CONTENT/helm-charts/ibm-dba-cscmis-1.8.0.tgz b/CONTENT/helm-charts/ibm-dba-cscmis-1.8.0.tgz deleted file mode 100644 index 9dff8b499d6e3811df0967f04fb3300ff26813b5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 64437 zcmV)CK*GNtiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvJcN;g7C=T!6{V8yn*%N6lNxj&z6J_TPy?y^#4bB8PG7oiQ!2BB$wwjM=wz*;6Vt;9-_kWxC&M>4gZ|Ck+3V9!XQ!v# zAJcVk&vuVOM(Q%?ke-Dq=nxiegANH(rvJrWf({w>r?YpH{xs;2@~+Zf;s5A1di65s zkiOV%nG89Nv0ZSVFPTI9xBur4XWg^2?&-I|mhvQ{JYf=mNT@~{tU@gED8Rofqh&mf zne=-*?|$Ds`!;y6kIuT^bx#9W|H}SpvSdH&+{Z~On( z`1yuhu@%kZjNsCfm5@MCEZlZ@n0AA2$YR44;fhf5v3E1-tc2XsEMpN_@tElku2>jT z$;bnhoGxRgNG8aVk(4UMBEpkQke$dS$=EiHX~tAHpfcQC1_ZanC274N9daX7MpDUE zOiC8DfxEtwLz3|U}*QTnrQ$OlGpmD4!h z5y?W$29k&*BGVXCDGT{(MXP9~uP%uMd8A2cCSJ2V!P#a2+)Bi;c;v|%dXIUcKcUf&xq|mwJwU=j zrWBRCHq2kLt$^7x66P}Ak)@=7n^ndn`L@9Gw_TuzpK_)$z&asenghjb;jb;*0-c;+ zyt?55Au-?b(wAqY&(1Dh=&HDHi6E-LQ;a(TtjRc12e_&X|11qlhI_kbW}G zlxzD_&g4#mHqz8}NzT4I1+rB6R+GlR=S*^@Rzgaq3c#2OY0C0M(G{C#k|%2|k<&2K z0)S6Ub3xNN|4(K+P9;yW>pYI<84d3jdTV%~ia28OnoE_<88BY=imwwP*-VJ+N`yIV z{^F&|(^N=JM~hv`Zt~2?cf}Vm4_TtvC81%+(oECm)h?l19s>V?jk}g2Ps#8q_{L)~ z?`eD)d_zctU*8U|^aefi9=*j!r@GG@k!arTXnl)+H*dD$WnUyKzRo3VCH>`ABsVOR zJX9Yf&zPK~*(EtIy_i3QgCt4?*W|LrXWeAoUB)@v@=x7_WtZQdet&_D-rW4@t)AW` z3B?vfO%`su27<2p#`YbGl<8^x8yrPMNFwB#CT6pfbRUfsN5G%+vDk;nCs zXVD(x5!irp^QH;mBe9-RshB_LNUY}@o~Gp$&`*8r$6~FzB7NYhiv2T(q>)%Fb22Z) zJxeahzr|ur3_K*$&kB^zHQHeTGM4DGO5+=*x{k$?#w68zQe`X&nVq!?yoaT!!+gFW zn$iu?Po;R^n$c=38Pw?Br(U-ym2}JWhK8g1B%&EzQpE!O%X<;$TXy+G8+`->1hj#b zkovFwYOOLM*(GU#EEBHQ9sQtH{!C-b|11{vvv0m3b8~3x6IQn&Vg?bw_NQW;>#QeUUAri6W6mzRh$aLKDJthtQe++I9c*gqitt z`o6zs-aJh8+~HZPu|*XHx&H~7r>9x@oDk*xJqEq4)q>~zKkKV_ z_Lf)P6>#f!3Ki^2v%HsZ$g77CrkpXE&{&`CQz5fUq7U)P3uWHCeEGtAW7wT}cXs+B z2)@yWpk!f&qV`muF!}+?OE`9mMq8eAC0lcq$=yBMX+-j5EtyilvHfu$R2PX%78m`R$&;;?RF{lwX@b%`PD3j@j&Oj< zcWuiKVlu0U z<>_zy|JV5W+uu%pPwY~Yj@vwCsVEYmItfLhb$s}x(DF{GQhc3sQW16ZmOmlCKl%CR zAo$zgIwWE%p41tM{>%>9B0v8eeDn3AYGG7FtY^AKW1eI`S8Y(>HQQm_AD)@(ffw-Q&+c18CnEL#wr}Zu2%-ZW zjX*!pm`4QeG&3R9B^f4dG8UQsA84$qO|Aq}W0Aq1ZSpp2lTik(Ngeb{^P*FO!@kk) z?%D2=ELldo<()ufxN)Bm2bPA)dyF?YMSq&^Bu&(P%cpy_ zv{kg=E3(eW5q$h#B$Ig(k~8vOgeTcCIW2$R(Pz5uyxxr={)R_iur;RkPH4~G_?($O ze~umU$oP7bUBWCIzAYw*msZw7gg?LDLN_c#X$hK<5Bz`s`M+Ut%B1@Gzz%s`Ia^RaUu7 zx1WR6e>8>u_Vf4r*~|ao7I@25Ct_(Vc3YNwv0va}{(t`B^sK`F&rdIY^Z)yGetiEw znx^XH;Vii4NpwlB+`0!_meGi2v@rQU-%b<|64ND%jkrS7^lz zUDhm1_Ja+R9Q_RZFN}Ah{z$WD<340OG4zLqyZYWo*rPHcJ^JV?gNymB^)i6^7e2OaioP$yt4q?lc>UsaXL$aiReftN-kb*|nbLbO!S?b@ zY@y3q8@E4NXWw^EyXUnJ@OJ-_w5GF3e=wgH@_$4=7f z#W8+o>5-UwpfSrHg}g5uF6@h`o@e#paM~|F1P2zLq5sRLtUwkx(v3wj6T&*57`-SF z89D0qX^OrcoT+YaIy5*?-FH-xmhHAHQkJL<*7G-&ed>R@QpSto z!Z`03@bff{!MB&j@Igt3!f$K3CM}tOo;K(dmZ&ahbrDN4^2&!U6;UtAc(2kiaeCip znwabataf?kP1%lT##%7By)3;n+jd^!ME=iywX+x*)K8kGwO4ypPWw|=J&RsHlXc)v zCQ|V223MC>SsT_g4Gm43u-G%soPr*pq~(zqJn9x6q2%YEFKe$ex+XvWTic&8c6HIJFvsf=wKzN<5$;$`R|qD*p;6lwWMhxA4x?^yD@Zi|P$PpJK|Zl0~u z$#0r>ZJREBRw5Z<{Y9T>8m4)ro$qn_JUFn$7eHYeR$+i!K%bksy;brVu|G)Vn=DHY zG(l&QdJ}b^&Dm+ajd4S9&sp+NW}NuhXxJZ&=YtX=fIXE6zR@kVYy1|;f03VZk+G^( z69<^iCRexpMbiMSt2e!yeya(p$=kc@$?T@r*vgY5%}=L`-8jN+33s00MFvX-7o&*i@LTx$A>%rzwdAEhU4L4*c;uw z8}z1k)4{Ai7%zHnzl>7$c{M)`#ZB)|zZ3*D$LS~5@1}pZ7~Tx-7L&Wt@O|U3E#pev zM8o~r*R{W$4`z4$UjN29pYb|W0`2K_%yZWnj`$@F7?GF}YEPwlEbR9W{0Ka9bv z!FBI;w7BX0X}B2N%)e;Rij(;hOZI+*82hsM8PD~@W6THr+u7h|u;^X&7QHVYt-&q+ z@W9u@(PA)rH@vzUjHk27bTC^C2VaKNX0Q9h!~gs3VD?cH;%Im?{4xS6d-ES2ZZ??T z-t^v#2727#V17NB%?9%?8+T8XfM)O6l|Hs9w*Z;Bs8{#OQpzX=%YB0MV z&gP5xpf~Hk`!cewMra%!boh2WnGI%>$>M6#zr7iZ7hkrp4bdM@u#ns7bTV5E$8Q%O zr-Pf@MeogUG+ccAGCr~=yu=5=C`PuUBDSMze2Vwb-DG@sGg!=q{rTO8*>EwK-A$&8 zrv;}yu_N7vz>y~i-veMin7tqN2X}+<)pRm^@(6nx1}{qDX(-;@{ORuPY;rsO@?mY1 z%ku_v)9z2EgS+9?SB+baoOvDqz3K4okAtUZ^60_;dn8a zz3)9GKpz0065sQAU|f%G=kI<2AWE@BPe?B~^Q*hTSRZ_M)6wnQ;rMR)BsV-Td?jY- zivYNJGw6NAmaoM|RXLOARN*lx6MXbEhtj&@v^RTFhi!_k>UyD7Pt%7UY5s0Foj#Wl z9vHHS+vaQwFQBsdMRXU~Ia zKJE1nu*ENe#Kg7jAl)7_kfB8im##y7w+$wlPeUHAj>Efaa>-ktgFR+PuNWQ&btY9r$4lDu+nWB$PY zKA^ui{X*C;o(cK`1W(?GJjs+Zsk5Kl1}Xw9yZa*vpZB$m#%tbQz9rV{rXgOlX35=Z z=#jKqCnC*G_;P#l7^f$>k|&DE2PV~t;SqEA(>O+7Ns;nIoe1L&q{{uOe2Kk+o5!9e z|M02AVto*9{T?}6to~VW|9rqaqWXm}Svv%pf;jg9S^XA3^kOE1#p4 zyhMvnP9DyeETh(Aw8)M%6_J-4>ucOcHThLsNDq1uey$JWSG$nvZ=4%xDa)6~&V96c z-{2UfL}2?G72g=wQH|OKWDIjEYLhRoeqQtECC~C(s`>F6zYINC$9k*UGvy0HhG z$xM>w=5I`J)_Y)*u9=tQZ11cOXGCiXXZr2uGk>1u|0XxUSDXP)@&A|SudDw5r?1X_ zk0QUZ=t5?u*A$2L`l`ew{{#y)PQl zOFgw`Q1lcmM__y&rQne@Hfc|wGjNf1j@_gmbCzVo>HnO=WH0~En99_N%Ll4Y0{y6y zis*BXf+zU@i?f$6EBycb^wn?izrV^)BmbX@sDbyl8dxLHL@Q_r$!Tp^yzQ#Z$wr9# z)+GVrQF$0LrGA;1u-0=JzO~*s{@yf;R)xd2npu3y@c3^aOy@6M3-4dL__vKD`AaEx z!C$(cmxcsemy$>P<-o{lMZP?{&2m3jp0(YP^ns&RAY$L-#a|&b7M2gfiIoU*P`|AgOPuUa2b;a z?vnhur8ccLX>~&VZtCGlmByssei(siu~8r zr#5@31 z2b=YY{>T2Q9+H!yqa_XR^AvL5sNnZq^_T{~?=IqNK(B%=MC-|KdKL+7L2i2y4FSmDLEb{0srS~UWn(!4qp&+aAhkyL?lllhAC=$DTMl*cTerx zE(vPRamA1MeuUpPe`xiz^X_Sz{9l^nRPM<6>FLXc&x^udT?$=ygh4ctpK}LyOG0hB97xvILUFmNlt}@A&pkEQHOj;<& zs6S^Rc5+6tjTHHML%zpcTU?RIglSaa60!zZDAJwe>rF<)W5Og6lCUJ>*^baW+X%`3 z6UMWqwuTnjh5{+9B~3Du2HLKs2LM~sm<*un8W4G+CulN-(GYsEP$ZESfK4|d+b{zl zX9|bbT8|WQ8**)#KVks7t!Ja3B5{Vm$W2e?Lp)ZX9~`htu1%`tG?%GROchvl3vSn_ zWqN6u#QsP8*kqi1WU{T#9TsL92%g~YZAfJgS;Ml8rFDD-7?7kWRHw&r5iL`$sqHg$?AvDnl6r@ zcnQ>C&<#^59(YvLeCVYqOCtV>ELkibj|(hZG07iLDAov3tttiRF`98;W^Z~z99Y1Y zR6)L5*ou)JLsP#LTjW)GC|EA2ShwNf#$yI7f}j@~6Une-jcWTw+%{n`T?%Rc64EZS zznh#rF_lcQBx_?`y2p)(VN(zx`I;v*Zdmg=Kel{oRoeb-QbnJ^o~CA-*yjtn@f-rphO=j>gF|;#S`(n*$Vei#CxN(uRzmItzU^&_Omlsa z&^WeiTjk3w&kXahat9WS)Q|&sW-GuzCL3l&tgx#L$KAox!WUFDSBBv=y)W5@#w#LL z`-PY1o%W>V=472b@w|6zS*!>cyroEZ*w(ACq%qLZqtxvZ5I*w67S2%CzlK;+a){D+ z%2csg0RO6e@F;S;%O67|9!z9Qd8`}9n3UQ(vYaS{_CMvbaIRF&^br!m8EL-2<<}=4 zN-Iv*@{!*5*hq;AJZx*cMO=lsf>Rzw+ycKeV&n(lc*W7gK3OD`=W6LO6p2cCn2TJ+ zJF=znUb8+~NJm!WVv4U5TZu=n5g@ja5;e1GjYUQ%@%L)CRo}uD`Pxm}?!YHS9v^|4 zKW;07k_}a4$yh=p3mI_o<*qbNu?ZFXDQ8I*>tRD7Qz2c>bZ`41BRcPrw_2>y!}i_u ztz<>!IUcTtRvVQWZ=3mCnbB}VJOmNVLY6y};y^C=C~`uzgqN}`r?DkJsKETlwXBhd zqysCj_yhde2_ZXPn@F*vaklHMBx7yDrDP8x)Qr4#n%h)9nQ+<`Yin^Z)pT6rbOk$4 z^JUD#c&7<9jp?pkJV}|vqgKHaBUt!)n=j@&UJSx=ZN!G-9C!;Z&Y-V+ft?U)xaPFYgc0(}z?mT)^-|cg z4odcZ6uHxdRK_z+({52RZp^fFP4#PFaz=4KDh@0sTT7u-2N0&G5sF;PPxv=a2qiIn zR5{P|RAYvf88yZ%@P$lJ;fjYC9GnRVxH77C(N9<`&dyHDuE!Q6Rj4ANr&XpzD>7MS z)a(?iXcT+Q9C=o%!qY)-QN4PWR;aQ9TSPNQd=9%@fu0y4D|p!@Gv-@{x-j&X?h4LU zdet$`G*=l}Yj`zysBcIX@{~hn5?}On+M)ibO_ajp?IxYMz1sJpG%V#KuE)b@l4AknPYZf0(1f@pxJ%2Lac8*)$E2LKld z5NJ~-^)xj)amUH5IJk(B;HwiYBP}}COv|mmQT+5$x5ksjus>*#jD5lq2723>F|^3- zjpOewj|DXBlp1DXy}Yih>Pg|c9dyis=vX6Kts94re#6v&GvGvE3hn3M)prMI#Bd{C zf!Jt9Vn&r#r+mx2X;SP~aF$h<7EEekEO1?5s6*55g_b+6-j%8|PJu9M93{v1Ep!oD3sqv zEll&TI-0%p2H^o!X=mi4v8TLh38f5<*;~M|b|u@qJ2q$(>EET+cYKQUda5cub?Q9C*?Ls@P%ow;mQcR@$QPmssWmI zv29kMEbjKGBEEIbZ6)YW5A9j=3IJ-iRi#tdN!_8?qA0EDsAQILno30zC@shZC_CmR z0Cm+u3RGQko5V~hSTy!2jd{qm`U^dJ7bMQUv8zgvo-xZaW9>Cv6_UOlv1-UcQE%y6 zpFc-6Gh!Bi=@ATefud_YYAD05p}SOez*Jya>|U zz*`bC5K0$lAkA2z60Ide!rz%40vZ_uZ&0_zfblwnNVcXD@0F^$hq()Q)g=onfT%9I zkytr862Lh#6uG?{A&q!*p@!m%y~dzhraXy8wQYC_F@Fkav+d)@mS`=+?ZWD0)Ku#d z3p61aRRW?PaY=KPi7k~ofQBa|Vk(q;X_mq%9emB}_F21|?7ErLpy3EWOug=sE3QCw zVp4zgfl7^+o!bNs)aB0B?A4IQ^s!(Au!^9(6jrcyv0!HJs{+&`4J)J08P`{C-Pb%* z<;6WF0&e_Ty*U}qTjWh|KAcP(DLvJ?gjTghgoJ?l^wfy9o^u`~_ABW?s zHenoZfYE`tm5um#flYK3>Tw8n~W#p&TxD^8;;)& zZU*B;o7@a${dc{w&1VQCbUj>*2Xk~E=$SsIz1d>eza8~vWO_TBPUZtVZSl4+X0g`Q zR4Nk1;no3eW>70ElM78#DN@O`cn%X@ksNHLKz{|t_3Wi+ZB#1Xg05oOHCOlb+KIr_ z%{?nvWBrTPx-yHj_g$Ba97=Vg5jQCryJVHP==1w|qj^Cbv$0Nh#%rQE%R9Wo;{%oN;? zH}4PRo~7eMNV2p`7IPTbSOj2c>6Wg`HhkUMx&#!?0Z{z1FtYI^;-L06#fOa+-OJmx zdRchzy3I2+Mp4?J3u*t-pJ zGPk)F0VA$?tQl#+Mgd-sbc$P)f}Vk?$J*kU8% zsKInjV)}6j~YF( z(ZPZQJQ!c;bG6A04&L{s)4}*^_@_&~gkUX5(|G5*_l*jRJb?1(?ve;0i)S`y8#juw zHNlG2g2zl^=m%OcWirivwE+nU6RpH?jjVFdIX?L zJ}^RKC5UABwXu_0E)L%!-6&IK64WjbGgEsQ+pE>?|SE z%z3pw;c{x+r90={Q)u!W34NdJVSLU4-%44+mj#cj(g*t_@UIlVt>6u4n=@7d!4f&v z^yVRnX|m4gnvu15U^1zC_8DtQA+M|Yyt@Cr9OM6o{51Rj&+RXF*W>=p-C+DxV;uDV zKfic+`l6cu>Eh+f-{QZ2l^?V}1i`}hE-!9Z?1mo}XQ}&2p`RnV+S;Q2Qz_PxZdI2I z^znbFy*qM@9l|s{Qpd$zHqY!Gy$KJ(yO6_RS?=U@Shzr%rVMlh8X86oSKC->P@#m= z)i`0!$(BVGBW_5wEJ_|Ydt?!q-!93Y-3gLJ#R2)(Bgm(L$4KY&MVBwP-B4^#EXzMp zG1dP?%Wk4pCkhHc{Qo8?ORk079;0gsR)x^>xaKh%vy9k6HaFm^CCS4@_oDkE_`_%Y z1VIp(y-tQ>EL;Vl5Q_qV3Vh4-aR%#+m9J~Zd2wgdv^tFjQl2J!d5GDqwRwN*MtP};3xK4#zJXl+H*$J zqyIQNzv#SpaeCG{dwJ}LHwbJKNI7ui{>ryYCXX+J;hUSi3)?H)AaRY!(Z%cYmz~*n zXU7K{4z_75c8q;)vzV{JdNrjo;~`IJl6__u^NdQZ`A=zh|K;#|4Iz$t!Q}QcyZF4X z_0o?;(kW_{kU{dmrAT0LKd-aCK(#Q*5c+y+*kr}N0sB6ck=-n)XbH!%zEx<-S^4DI z4T6!e(&(4Kae|JXkYa!n$nU%Z^-PRk| zKfZ=AGp~d`BQbkmv7TXh>5b+L*H=?1LZ+0E1mf(;ZNfFo)AzTn<2Io#C0+UT%)Tx? z#fQ#1V#Ha^>n$8`C6`i;7X!{ElYx%`d(cN%SfF?+g#ZuFL2;gRtLq2$5UmX^nLmB% z4Zo$~h9}Ip-fFI;XFhlJathugBvFNzpmmwi+CgZp&U&hR=7B$koe+&VAsnl|cE zyen=~@lMg&3askqZq=;fQxQf`A5{(wMoDVgKb|Gh80<7bE&Zq%k7xMQad?6BL=m>) z-WsUO)nJx8TVFsjcREEP3-ykt#V4I z!I2TfRw7T_J`Ayb4u4?e$}^&9hPGhg2I8tp;)$|Bmu0g5R*_zkh&&0AHI7)8F=>wT z4PV0Ey;V$UCTtMyn<(@SvxJS?r)f`a+N+aN0rEN49L2EmP%(CxuShKb7b-XH3>C1I}=*yMTfP?YgI_Fk2n9xy#jX+M|u zvi%S)jWkXYV?MM4!qp?s6nT>;QH*Z=byjB`a(2EjPc^gRCGlMYfV)Y{3c+cr-bJBM8BzUn zmIbzFQ>WH9+T1hjl}31?CB@idk?xYw$rk7km2RZwr>(u6w#XyUJsR+hpB-v`xnipB zZM`eqADa6&xQa#94UX4BXE_8mnD}wQ>exW|o3Lc5YzZJn?y3NLGN#)u=`}QV{5uTA zHl+zi!(mB1X&Yfo6c2DWv=57kG;5s25GfmPbHQYrtYRLbS9GBe?GyeA6~6E^X{O0< zl|3>F{+O%G+Fw<^TJaDRw$jciD}&{zLI_-aVA7wjA!h2hyg`5`-ZXL)v#Fc6uO=|Z z2@8ApVT@qhnF$hwMS>=FsUMlIJZoUd^!+X9gEgV{m@KK{s5Cq5K?mOU-A}|#lm-Ky zou0y=M#v;b>1L76(^ON2b8rjNPDfD*~g~Jrb+In8Wp)~7BLgeZNGz2 z?0cdmrq#+|$z}JM_ z`ETpc=tl_(G^H;F$y%@Xn>@ZJLx`Or3n5|zld>NvdC%G7WIWKQUSS$P8j~9l<;Ioe zhKEwbGnO>jhpyBm0ZhndI!@iQ%qh7Z;~r&~Bd4G#26gGn>XD zkKCuFjwUHfpgeBJmI#PgeHT@SAKdgwFWZWzzZxnYo5k2Wmlus=f1sHX2^oA!Vu}wt+{@Fp*&k{W8^$FnnhdN>AIZCW2W%>~?c1X=}tvgIr z_dqr`G8bzf^l5Y?R^$K^I}XxZvUx~jM#4B(8I#~XrZpZBi}lWRaF8h-2lIa)5mRme zb9FthnPFygWM()2PQL4&epy@gr%bXfBQO^QeH1V2T=G~i=%*dQQdn-ty?paHm{O(4 z!lc*f<=IA`LY3JbX#QctGnRr^(lfpuQ3WpT`h;KQF=iY9+e1dTDM_Ke=yN*iMGq9r zO(|9CQOJm-kZ6&}T%+mv9R(F5XW{i11jDih3IX#jrWzxr{kE-kSz)CKitS5ABB(e~ zRwKO&UliOhkEh*GK9!Q83A5zn%b2T;Zsrkxir;Kq_mHrn`%JdvuZSJ3QEO3!$2#b{ z&I7%0g(2Qz`0|_<;EZe??+PD~zKD#`!Ex6jJ%j#yEor*30WMC#0hQ$waK3EAb|9c{ zSd5oJT5m^V0NAmZmd!&}NfHy&M^uW?O+n#^E}0ozSsIjhOuBUYWpWYlh-q=QwQqW@ zuGxdluS*%$d~;njq`*d#6{bYb#94RRKT^j;G1x8H#-3Q?$@p&g=H|}c^R0Ny;FcBC zXs30mvYoN%Ff`D33S#LzEKyGpNKi73!F?R~<_zE5w97Ls;;IhK&#qlv-_;7yUW^-E zudos%!mVmI2(I%im)^chBbuR6bj3e0RPaswo^Qq6H(Zy@EB4O4fMJwC>5f^MOIBq9 zW~?ICw2}vx(agh4!($CJyideq%%Zimr<5#Pl2Npt0p=Z7s;!3?)A$6n!R4$Q!(Goh zzsxGht0yR3wMnDN6?FZ5ixLD{J9kDKXTK|U-Dh8t3Hj_c=62Eg6|<-?fwqRD-q>8Z z`RqIMQvk*8wxDu1!}nv>dBJ@aG9}A$nUv)KaP$>2Dm&NNB|`(17t~o?W@$->tR%$Y zxEL_p`K=p~uw7?K!+Y{Jr+^jKvetMzPmO87^Qbolu3Fd=L1u@d9?xS|2eHupYJPSZ z9MNL{(TlL*YX9E%S$~tmUg4tmLvXajuCIpk{-`$u|K5+_C z3})AZ*d zVVFC_x7Pr*Bh&**{0I^oTte6<$fz$Nl}*Co{%db|i5E{*mz3Ki7AhkV&8YcR(FdNa zjUgJIq*AQ7W*tENl4&rqr)Jx&YuU)`O`;iy8sG_e3)UHo4e8}7lbnLf!MCb#ga=4m zK!bJLIV5tS=)la)f{FY#kZWWWju%GQ(w#Pdq9N3)RcEA*Bk9+EXt2etz46dJE3rL* zDScpqL}Z(A@3s_qRm3vNW98CN)xt?V8Z31M1ixf;S@EE4yXvr_g_M2ZUj{vlfeXxK zY!tAR#T`?KC5ZWQ9m-vrbwEi96vNLudB$TEsGW+%x|6JfUB2z0X4_d&r8T%Mmr}?e zFnI$C3l896j`Lsx^N`QV(&gV%fdm7{;IBL~KF~_t?hiHfKFW;!D zLD4Or8sK&gx04vX|GcS`m0)+7>Mki@iH(1TcN7EZIaR{aths-0x~B7j!#5b{QxOrZ zz(wN>GYdy7W*O?0h5Nr3fT6#sWx=QKzPxK@-wM(lBOZl4n|*CBp=L zBfwHv^Z%^4d-~Mk_LJAsipR$K2!Sm2y6}Os$EryZmp*wQBuPZNMOtSOG_qA{{!g2@h2xe@FK2*6E1k@`_j5w|)PurwbX_*>O5L!K5!cCjLR{%#SCx25- z8S`rB(!jhpuCp^^X0uX39wXOu=0C6>DkAg51YR|x)^VIvaxYP65fG!te|hXg1mu&% zCm@Bl@-CR^fyp8^%YufLHuNH!)4kNgx8BjF2fR2Yi;@iust>t6U5-;i!oE#7K-RZ` zyuMVh&Ro$VyN%v&83?xECjvf?HG5~5ET;WE#SS2t&g?!_R=10+5$>2Y?l!tRD_WK10azbv zAu$KxHIEsjAO;JM0X-_ewsswt$Hq+XxJ%|*d@1{I>hV2K6iAkhnT}v48cWz zo{Z6MRn`12kTKe>5760rSk2;V1rH6w-&63Yaa+gvH3DHR&9wuZCdDSB#h10+P};~P z6RqYHbP1V}@rD>hSlFGZM9(K~5>hRh{tT~WR+(V{by8tT6bnTjvAd!wV*X|oWT}kYm@i^Dm7Um3@PO3h()qy(t4u# zn5RndHI4w=KQ>;tZ30&|HpyegBvYlN9i@^GPQX95i6qfXpz`&aDVLDSoqL6f1n{37 z152)0NA?{A8X{kAD0ZH}ke}OBB*rix*-trB{=Gabk)E@!85ekaqK+7Cllw$Gb~fS>lC0>h)JCb7|CDQxk_XI))rK_P;(?(LB_`=MGNtw4 zM%~S1lC;JLUmdJ0%5&Ftd5qx|Tbkr68p8bxdhE)3mKB)~>hm-OH;z$;@jR;|QFgg7 zYgO6=#f^q!w3?liDwO2=B3a=HUiK7knPgY7$=Tz)+&8RXJ}v;`0W(tZWbKMlczK|T z0TK$6xA|Ei=fnfU6eeXk;t*^`-qdK|DvX87CA);=ss~n~4Vh3ehq>RA&FAVFsEyQM z%zbN!R64xEPuLhOofI6xhWV6z{M#grX#y#~G!JeQl}VbhHC*^R>0Fhs^d>)-mPLx_2Q-!P(<0(PORpZsS8v=JrDFAk|h&2Ndr8JcGQ|hMFr0|6M!OJ3+RG6QS`g z2sdf7I_Pn7!yMpL7hWj>*0#zaFigcT%X8K3910$|e99K?hTx>9v2r*Y69i_)ng&vu zg1Traq`t@|HLOt-pBnhM;3BA>-n+~`hk1|9onL4f&TRw^#DXVzQgVH@vLd%({Z13O zA}#UGaxNnc_TJrAFw!PP3_|0Qj^B6lv0;fCG{lffmyIoImB&(@Rdh@RHp6 z-S}KZJSIf(Estp_Pi$oyJ8V6IEyJA#47m*V61ky#1X-{cTo-HcPS0q`2%K=)h9-VG zME$Z9(CDX;YPttHIAIuGADTSL&1ILBwKcvT1=%qwO*(3CP$-d+X3s%tci-OjHz(SW zc6FSVoqbA2wu!ouoMlFUEQ0xDZMz$7#+X__B-P@d4LoRj)nvReX!)MIwolk6$kT;+ zz|i(y*%*vGO>ZoBhtDFzt|7Jb5! z!Ei5b{^*j0iv}r%$1GTdwX-rhfjWOA6PLtGtKo8L7+pb~U}rp8pVY1`^Tb?-Z5ajT z3=!GSjkd2OC8#|>!?+&9A7Z&HO0bojWtT-fP?z+QTFwL8+fO;u8&qkwxe;)g%^z4& zku*zjY84VUmMohxYDW@CK4C4*d1mAY^rA)?8FJxOL2{f!@ogSwG+`q5Mc#7XFl-XC z+Rmepd>-6`_JxNz_82i+(XSR^*$CnR+_>r&G)W-X*~AKZ#XRF3Ia(EAT$kj5QyT!A z#_SWYJ-Zpu#DmU4o^vi@@z~XH#ey3YBJxX4vc}1yY2nSX+v;uAFZ}4%CBvGYQJW+J zmxyN=d4+}zW)&Vd(w)rhf?%AD&8$*&Fdt&ySO+B84T4Ixi`s*)+7`838qisJJK$nh z41=1;tg|x@b1gWfg2SDqA-vf>b>4Q*Rf*2EgxffhOMwKQ{cXPssE4DxOb)tn%&N2c zC3Y>!c#XTMAvRgFzE6CcZ@peCKs|5vdp0nwQ#x$d662_@Z8LiR(YqFch8hx&OyA!g zAA0vSbg#*wSeRO{qzkI_Yk{J0W})#f+HH+#&oe}Kxv)1v-W*sG3E3uZBu%0=S?p5O zac)G!Vw1B-?<_AnVlAgtEV5jkq*N(=4#OR8M%U~leaP={hCEr{t%SV8^y*Bi?k3yD zHtmc*b2lGVt^Zm*_OyU$6$&&6!ld!e3HxX_)he96zwICj9c*nARsaNBU^Ilf%8)t| zikS9Dl+(BakG-#;py$dD1>R5vDowd7LlcDgc}#N#2w6&wWlp2=EQvqMHW4WVtGi;ZV7;VZE`Kwe%!y)Ih910H zS}<0mQmUvRXw028gA;D=tFJlWX76t?XO^lY&4Me!(wSDA22OpWMgCc7q05b#xS6Ow zGYy43D2lOX?{6!$LOgY`8m^f68FDRz%DdhuERh)=!staZt8zjpE@3;WXfyV-%=95G zRs|+1+5!7ys?wRbM)wzFBwlNRbv`vU0KmLt1pdO;#tzjD0ubDM%D4rhX?*-O1ate@ z1OxanxIuZ=E)D94zZ7NMK9@3{Tz)O}-F`L+m?`EBis9!heQn_8rT2&H20_C;xv}Aw zZ&yDvvEf;lR4J&CK-^+iG*#p9U0!Ry2)LeNNaHZK`C?>E+f~1uDdr!pxcqaN8=f*R z^uW5U_1&sRkMa6Y#)Qa1SEdYD6cp1omLm6(Lf`|c(B_PUb2!Q+Q&rr0ZS$7n3EdjtZN^b$QVa&}I( zBFQ$+sjp|PCT1#t*DYj|fa@YtLK(&cHfMcPmn?f^%;rEXPs*O2e&Qt4%=i)@k11-m zH}z7Joa4BtI9Zz11=;chDlMB?09Zh$zxjS~`rLtv`~^mrwe^HG1b5(_tD(Fr>g*ci z_?h;_s@6wW!|KJ1z^Hm-ZJ9nCxZ2{~l4=u5;C2G0&JuETc6wX~2`+xvPf-3oVdUuS zxJD=qN_T}3cgY+*;u3KfDpTFO1_dAx>Otm-NmlVS&@^2A+F&lv_gu@OG>>>Dq;m0C zHuSVUfg&rfIUw^CoJfF&b%WqqvzjwK!1*aot4+?jr>6j3$|M?B;j44_?81F^eu_d! z8t00fcE5XJ{xpqnK>Zaqzkudvr>_0Wm)-BnJ)Ac7aB*s&JViJQ2)?WK@cLC_4|-5D zhYK@_VzS?VSLx(cGZ=bYGZO^ltbJN^^WtT-n~Qz3vEAtQ2#w#-MGc;pubU?YtqerA ztFu$Tuk-fH*R|gEfaUcDofusE-Mwt+?!`WgoBk|^1g>1}?)&z4_3ri%kpV9_f0l&i z@{k+mb3j7dC!kfk=v8`c63*Dx}o1c$(Uw{h!sJ$CJnYv2$fi&xRh!6H1oy}4|1uOwZ2||4v%_K>g+rG!)NCg2RIaV_QG{`QRbg#wcak8 zdwb#ac5zzFv((*-^Llst4vC^W?8Hp9)ZfMHT7NJ19)SLAz3G-ZJbU?ly~kz= z%2$}&PMT*v@F+*4Eo}N7VfK41;Mpdb^Rl-FW!_IH(D zU!CslbU69--85)V^pM$f0 zMMyA0(9gHPk{+0EqE#O*YPvtZc|vr&A2Sj zK38I_XcsPN;emmFz@Uz03Ez!tUAv?yAzdS@tTWYOpMxOib;%W5@x+u#4_Y&p3dJ)a zcP&FJ)D_b(Mpe(uCeTY(WpKF+ffB(I#pf51MsA&BxDbQmTPBciiyGYRs$&eeJPlw&9JU)j(e;yYF=7Z zgo16n7!pYG~+mL9b z?=Be|_ZP=Z5?egHP-ENv4V5vG*Fut<(roLqm|eJGMKPhhB?GKGNXd!b>!G2A7Anz_ zOsMDX{lL7$&n|UUy}1pDThj18PuoyI7^G0pMvIx1Hd+@9Gqx<4Ua+SV#Rv7&9J!Z9 zzp;@C6G*^SzFe-U#3rfGquy&O%KT=xnf)JNIOt=t@))*kzIZZ)o;9a zLYBt87I_j`guduP#&}GJ@Jl5PuO(P;#c`gUE!>N0s*}%U5OfY9i}WRZjM0{2)1=eb z&!}`XSv@nW`f-sNqH?G&a~=a~Ouq8IJ5W^D!1vz~uF{bJANZNa|E`c>wNERYHGvnj z>Q5~P)@MI;gB8cOBB5j^|0Z-?1+x;5(iaI-;{PS48U+2W;}5pB7kUxmL0n=#xv8OQ zvZI-RBUf82f*SLySUloMSbn#46+cKu)x9bgajCc%oOk!9ku6z%^{&>N3v-#dOu1Yc>7!g(53s^($phW9g#O)-fVLQKS#NCtqk+mO1igYM zpY?4y;Oku0c0O!a;tIl9Vt$T4bH#h6RNcpqNvhOn-Sb@oPc6!;6{+L2Mo90OX4!bG z!Iiza3mhgkyjIAlnk~0lN~@vw(mD#oN;$>beui?J@BxcFE%U5^-?XU!otxxkMdiKE zL34RGR4bU6k}*N>vU~6t*;nrMsO7(D9hc(yx&dU%-JiwT?-YaENTHt?ffd6$AjL4K z9$<0v^%4}6_9!BzTXSVlbp8W@Y`e`OQ4KZ@VVggili7rSC#=*Ti zHDYm|f;r^n>1o|pDF`kOT41JZjt8w}<)7xH2-yMZ)Ki+960zPlNW7hN*ECLbraq&FK79Ln@K zcWuVx&EQ>cbgf(4-rLY=sbYSTit7czaR8WbpO-Y z?e=;>`!o3zKPnGRDWuDO@9p5?G)jOtHwJvQm^di9#3D^yIe>1YTJ)wcF@sbX%?ZDgwjwXHeE zR@bNm7NA_L2qjA)?qik}i5eRO?UpkWb;`n6Ib_}|cL3OlW32lKLH1Na(tuE;U^qBC zwg$0|WHbUKXjx3=q04(?^5UEydty@?YEqa`_$^d~Q*H9%82q?I=Ygx7#?B6TWKA$o z2UfL7#y(|eh=Gt8v>T)x@>i*2?DgewwWNoi<;Zn;&vvSmAs17y7jP zRv4NVV3vS{^iT&J%Tu{DCDy6V%i0FA-c$@gu1{Q|R4q4PPQc7et3)tx8K9tIn9C62 zO1s;~LPmu@FDB6V#P z^8QM>PW9S>B;3cZJjAleTMkSP=lJ=%UcMR)N!h_Gf*QU~lr(2-bTcmHE!-mNv zGYK|oiJcW`mU-Iv{G4Gd-)Yvm@*eT$(TS?68C37i?@{Wd(wi4Y-ADARdk!_#@h1N-X9=+8oUMuM> z9us#QqCKOOEx2u$!zFh#)w3=4YQt7lBGv?|Tbi7Q1-?ik5@*x*6BnKx*9xAaHj~xT z4AdiIfC-!*V+naoPl?Jl9s7!E=rBq2(k^Yk6ZnqMD0HWLFA3i5-sN0OQd8c61<_!t5E?* z#Xxcu;l5Sn3_>8Y)-Oxi zmF#P!Hq|Qljn|YwlV0v9NZ{+;vATL3jyE=TqbJyY<}?}_muCSr@t#rEzntOeITI-t z_P-Xg6lDkRhgw}|t=cU@NvjS;3%$18wV?^AvYFbgT}~f2MWwX*#WSXiDCbFSEPw8F zok|a&Om)dok&em>)ACdBHg)RlF2za#)$LlYXUJD(E=y7Nd`i4*xPw17a+)hXlp+Jv z+PP)m)wr^1`IdWzQo|WpNE)$Do~kyv#nkd`a?L+k^=L}7aKjXQ>wn!;C)Nl$=#-$@ z7<^i`(YtR7)Z2NWbHFyuG+}}%TXPKrvwMCRI=E`^jzSal=d$W+ZuQBWYFW4`>D7Mv zPf##aRVjzVV6|dk1I6P7PdZty%xU75_6%uTlw=&OY-rjWu1F%D7?Vnuqct*`QRXTF zREOirZD1v07B|)8AWy7efxYHfC|oN@AZ>CudUA1frC}k@Vf7+V5NxMNOI|sxvdDmG zAy?2$8ylD;cNDOtiE3C{rH7YM8VXkkVGcZsU1qzGHB zOc}8}$#`6*VXMNrhmEuFSpEtmeM~}|#=9rQo37iD%{Z~8cq=G;6n3t?7a zmB%X{$9l(rLCJbJf%*g@E>qw7HQ-F4ZecRunV=NlmoK}dzoBxiN!I*Q&O5M2r*GSQ z#totWQ!(h4?ICLoMJQRsZN9`+uBCOz_Gm|qC8N=fM7gny@yHhji&0pt*dvrpublQ0tsr0PHsI8+N1+JM)9Ushezw^DfAhj$`4R5m+ z^poKW@D+BN?I1HH2pE-%A`<1Ah%@@BO=9+d0{n`xHoBR4`8eHLVaK#^NEEUkJ29^T9H5om~3|edPP1{3RcUVSxbWo&7og)NmDi2@+QIJ9*SmM!Q$6S z5LMW$XXL6)ui`~eoD4n_2c_N0q{s;@V$BSS^zD?_?)0l>Nl!$|ax8#ewr7A*RXkHb zx6%vnIcQxeTGQLMm&OhWsx-( zC)*8z*M)TImFX0KVwCwQewB$8o~>bq91r@%GM%%gJY@O@%S0~vgY)Pl-` zP2r53(acs>Q%P2VZ*T!CDh?H1Un_EUT;^z!oF7*VB-Q(uvSMPpReLA}LsVlWd;m67 zMxIhvu3S*QI~xt{Chn5qcFQ7;ww0o)QNgVn7TY0SpTggD$p^pE?!Xo3)$h)nd$Iip zWn6P{*BqC2j6l!CZWlSD7B%^>} z3&`AGhR_*#3okUh$23>+uA(OHSmYstWDSK6W16gUx@JyEDy)*uYizkgqwVLL7Qt@k ztVkv;cTvsRm@%wj3RK$!?6DeLZyRRSjGslt1MCdSwq;DpJT(d3nUq3yR#4)=xg%A5 z2yIp$EOG;+C#61iG<&q@jF?s~)L|(u^9x8?j_$;@##~odx#Lrn>%Vrn~E3&J*ES2F+pfFTYole{QVyBF|r)+T~{DV8yF7c7vC zK#BOlN_ZvkoWq6LJSD_eggO*2_DUcnN$ZQRp?PNVMuFAqS#n~R^x#N9_$u7&sk7m~ zrS$V%_q=pOp&yxF$Z$4r&S>Ax$>2}@(d~Treo!rTI2%kyz5W3FtH1%z|6nrniXpb2 zD%1Gpb^*?7P^NKkMHZ9xzA}rYjvJ~hw#mG=7|ySI{l#SVk^K8@51&3&c(HBkK-v%E!0_Z!~yK4PcS=?FXs?Rs^|aE$JTgZG2+qD|(v{de`nMJx};dhBbBoyrrV4;Dk z-wxjwWKHJNL4SBX?32;pZEr+o!?*7i^KS88cikJ!C+M+>)QunEyx;d`#&r=Utp~?n zDwEeQ{J#-0A1+w0;hf9|*x);I-<13)Yk{fRjeD8@KS2Ux*`>*Wz69fw^WvM)lujOqeVz2lhbv}Le=&M>X+Rp3B zBqysF5YBAzMg1A*<#>BZsXE-98oK4hM3BJG!0?9>$ad?y~+gN^Isc+eYF z)H%3=|Co`X_0+-6Xhc|>sLgX$$gl{Lz2UPiL524b#$%vq%3TdqGr$#E9jH1cBdU>7 zJd>}nUZcIyiMzfw-Ef^c#DF0v(}h!q+uV{Mvec3{NVYZt2$m9UxLC*&qzGFR2ely= z?P#srDl%t7N zHt22JR3aI6J-UU$_JK`RDj2j6q>^@S6Dn{F;jw{vNGbX|&(e!Rd}&?%LUuxBr81yf ztkL2WKn&~(b6G00?`qQe8*!^S&OOt5t6w+O$njv@5*XiCE(lob2(1D28e&v(tnrXL z`tys+g)!wAMtR!x@)4j#&tyYDW!v}RfbvdGV0JucZm9I^lpO8p>)6i|z{o0(W9z!; zQd}6vUTctB?kZKuKF@N1b2|fn5;PNkaJ>13?#LSk(8VkW`do(j)|Q+CuVIsGk4e@h zOXi(@5nEBMtGe4D^gMAf1$M$^JEMtzityCKlp7HR=Wx_%;MgkH6+(YL#X*ayvoOC) zSj}38{tng}4+Z8Clci)d+_Xu;)-hkRBxG$(kCLTYcQpLPi<7Xp1t&r$JX>jDOR|k@*kkD)*YOPYDP%^gG%Bp2{j=i& zJwlSDh&Y(Ce$3_0$5X^;wmCLY01)aAE9PIU0mGyTW>=}-yBQxtTYDEM65}Hr1cfWB zy_-GaHLnWq{=&Q6Fb&$ak4F|iFwA6XHJA6R-#ym<}00JXVdH{k(Cr4;2}U z%x!iQk;fC#AI|!>H}ger+}Fy-9Qo*QF?V59SA+M1(PRp8|ICx`N5kHm(E#=5@kbj< zbv@Bq9Vqcy<0QjtG8|t|W;X*Hvo)NN>0~}1qI!ObzQYr(@?Jx{*;VhR_jUj(|5b0% zL-$|M&w3*;5)7{fcxa&;^e5xV&9JYvjrri; zZwKSWus5=w{y-)(^a-BK7kc8?L#=1Nxt$Nk5Fcem}g3h%L(;rTI zT6doJ-Veub=XwdwFeW_aAWXk!(%IF6pwZdSog8Q6Xiv-IHfar~qh4`Q#pKrIEr9El z5-+eG8|K{5OfNFYt*oSj>AJn5{_Y62r>WV*;O=gXk*)wHY#(D9N25P&uw72|=R5Mq zmWpSL95vY|ZI{P~>tmWD-2vdm7uXyxDqnV7nV3}a5Tc|YSc$KtZ#>^~JEs_!&%kh5 zTbr7njAtJ;#dj;*%lYkkN)N&V%*d7Lh4S@q)r9nOR$6--%hy;_8B-;+iDVh&N!zM3 z2a|2nFw9H(8%FnN2^rPMOo&*^Olh7Ob;ra4;cH*=Dwk5SBg0TYc@O?XN{Vn14C37q zKn5lV3wPVV>DP7oZ~KMdtz1-yYHfQxi(J~5qg)O*#1~Ks`6;LWAAA4a+c=Wsjl%o4 zK1D*n`?fTo)wZjuFK!$h$g*6e9$E58a@E!z95hm5O3E&Z)G$fA)t~+#BO-4kCEHa! z^E``Z2iR?wO(ydi8JA!DBJny46dNa_6&GCu@Z&B(5QUeR0Jm@x6o?KMZYVP4sw1wC zw%2MsAm_PN#xX;|S&&3;9{|dpYZj;gl7#64s_fZC1kl?V0ERT8hP9q%nwEJXW9-cuoOT9iE3M(XDME=Gj!eS{eud z1z8zpLAh4xizq8Dflx6i@qV!pIKr3to-F+>*lcTOjRo^BQ>+!MDjqA{RR}-p*E~qL z-r=aF*Ecy8;&Q61J`yiJ*vD!JAgXfD4~~tDgq*KOT2s^|5(Zc^-&Fy#Km!3!z-8CE zZPoxu3;u4kNNt}uD($#*kMQfN4;|=519W2_fKQGF^Yw3?weKLr4;O*o#2|}B)W)mdx$>OT6%q?Qf~XVC zxSQ&DE|tk+q5?bSTmp_@&HZzJ>O-|8V5yFhe8pl}ZZ?&~Qp7u~9Lx$Up;YFrN4kKa zO)$n4cxjy?=;djH!{!LI!hsMj-t-!)YFYuq6b!zwl3`T8(<&&qpJI4EO&JM=|>6ftq?1;mHWL>k1T(; zuPH;?Xf70+|Xo2>z5K+?yEqqdjT@=(h+=z*z5*xbPH zUer+Bdra(>Jl|xvgSp{0^xiP00C*A&4uC%9 zOE7`tTM8Xp_SYpbB>AbIeq`VkbRfn6@rgiKhvEY=Z%!Og5%c37CfCG%Nz0B@FiVB<{;WL1Nwoj9ZR(@A>S;P%IdK=OVl&Ju$cLP zA1tV)TWosl;S{d!TU_KJxDLosQXeZzW(imaoF!tz6DoC9tyYV|)EGqQj;=%?LPu{! zxHxik=NfPTROf!DXjq;p@r${ktvnWg>}5q61(G)yV&rsQ>KTCtBfP>CX|CGIYc7*A2i1eF8T6leJ21u?I50>X`PJK$;(5JROX_PCy9axzG9PB% z{VQKO=1$0v3L(HL+9;H6Q_Ci)M~WEVaG81l0Y7ypNM)awOJ(Chy$jZPHUQHlKKz$B z=Ci!&m)ElUxHmrZHA{uNI5~iok+|YR-iUjx*6$EZhoC>IGPNBWRZa>leR3d<6@;Jr z;S`K$hKXFqP}vO*z=j5$6Y$D_%!xD_#jxZ3t%FuwlssSoaQH{Pj`!n2B8JM=1lQNnQp3vI8ym+rFhhb@Jr7+ z5~%!>leT!nn7cg7H$0`{*NSykNRQrbyieO*V{2!Hh}e$jUqlfFin3|eXnMWoo7pK# zp0fn*O@fcOn4gDGX+i{>%946w3SPJZyUpLt@-XE>-|k!f7+_C&tyY3JoS!hHjTVTl zl>YJ21K6b%&tN6(gCbp(1qdMO#yLKK)G?8}ec#o}2UMIe;bCK2SzFs=b2Z-7t=7d` zZGU7?{6VhRe3k8SMDMdlL&C$K;JJ(H@2N!Ui>GxR{ zE9Y8y~DkI`CT^sBa`$qC}%OCAX! zlKd78rLdd0p#an@axHsfdQ3|xqKeWpQ~9N%7SOXw)x9Z~S_M%v5@ls-9ztnh%svK@ zVj8_vM&P2u4!f?dTCKmaJ1Q<{r`Y?3KK9V9$VHvrvQBVX;k*8dcYo2%_IDzeE3S?- zi^9oE8Q0T*FDl8|Jx9*O*Sw6RF@IyjQcKB*-N`sk1RHWiXSu)DJ$g->y;ke5pPpus z2bRq?=Sr~lUnAApEXaX$m3Xo>tM{Nv7!mGp?3t>c3^)&0tyceTI2#T6^H!^K(bY=Y zfTuj>S587ZZ|9>Vdvux>JeS!otybr<*mW)oskZE+%r`P+Bb8tU@c}>V zxcBdyY$sE>;t_kF3q7!iy)O?uX`i{{JTC-AMDbT2 z^;D1&q6dJjYvtjpcDKQ(^gkxziG9xUFHtyNJr!?ZDn5!-{8@^G*BiOc68Xq;$-+>?SaA8o)37o8-7l@y@L@K+A4cqMbaOKvvSEL|poEQEeLz~R&d)dp$&#lMcH&Op z4}Xe$$>r}njo7tFcwVZAU1utl{Op6s{}da2a`dJxlZ{@&hz;_L7y5@=JqbDcTy8Rz z@W=3==p&uMC*F%J-{>Dcl<9`&hlu^1|H;2V!IOyn{g7`Cf8x(~SrTWDT>p?3A{CoF zi`adZ09WiR+hN~lrBblJMZSdpCfOtZqJLWO-{lvHZ7s_DiykBX>)}hTMHZfdhd-AB z9}A}wc8Juw5sH+ap6h84snk%2enj(YO9q{}aRn{qsIc4yk}id(W4;pYQn&=FYr_|2?~wO7Svcqep!P1{vI9 zW3l9^e(8?Ke8bg>=lbVF>i=KnvcP4*pQYYEcl?kQ+G@JX@@%!rA~>A`o|r8$kx*!7 zCdw52M{~W{JkdWKR$Fa)sE92xJ;+6wO6d7Vo|e2QaS1>1B#|ikZp)%fD~I|PypOPu z7qE~+Rp6J$ym-|AMWlDJEp_KBFUwT#ICvXxh<>`sv_QY++Z@m(*IA*SI3A097F(I^VUD-(fk*7`Q?2ae=3Fb5@;0XMw z*XW<6py|@jOn174du}%QKX{=RWA?<;7$kni78%jQ5=oiRzb<3R`Z>qrB1N8aHWrya z5A$rNWuiVi>7Tfe4;yTa&?6I{w~u^tWAnfLKWeH@ zi2WCBGTod1lDj2eK8bLuhv^2U8nvj-1zxK2tSq*4Y$7({I|(bmmDSlJUhQcCLIjp|2N8=v!t>3*jC?G-fu)cpwx7`VpE+Bm_EL;+8n@sttj7K_W zwVMBRri*doVeql4c2)ZtxVc~B;r0Dns@&~37R6l&L44Q-0kec^;)U_)S4aiX&148; zgGH)U40E%y%65AJSabi4CT+5xZ}fnTaGB<@OgYHK-A?3ic@K26cFxJSeqD+*Q>-s@ z)IU&&T<3bnUb(f>kIrPqV!?jpsgU}zoBir^%fVJAbY2GXQPRg?48NADkf_eid0I%m z$($lKT$Mb|a{3ay`Fj~}5NP?2QWhDO<^U2{E$0E=QCkJp;XYOjRFQWzg_-7+QfS;? z*#Kbgx1>+sNK6EG>e#)=OKgHVhk#7EEK{D?ZTx!~OPJ`G8bE)@POBjzU-39|I@m*A zZc2W*YB~+HGN4yH%2;Ghv8w2;;fp&_z;^d+Yc9j~@H;5lD$^%@-vwT#L}NVGAO zvX4@v`m&&hSZ9=`B0tlU+5PXWmvG1|_}@-HNx4=}{@r>?lLWcf0@PDk{zvKfiKR$0W&TCbhevu#EX%|S6}qD^Hl!~YeH-6UMG(MLW^4OaRMXe6ZPe7>uztRj zR7>!^ym|E@#O$G^OHZXYOWOH8ADe}#71e1hL9HV_gk3&#K|a`AEhW#sQY=3%0j6$u+VfF=fUmY8T$zSWY!UR5Kk+;chlE@<5(~CkXr9H0V047<_ktcZFMEhC z3;~)v3v`*LsCi{;w&ttCPaU>tmZ&RGP{ox*GX2eRWj|JIb0IKTgSm8yvLOJkhRe&A z0_m(={vhA)Gnp2UFYTJ8@)S>5@F{xMZPySdLoIQNsJl0T+#jD=0cv2ifqq$HwRQ6U;=Z7^vL@ne~N z?fj;})ShNk^hx)q0RTHjp4;9nYtXLQRstBIy}wmiB8#mE-sFk_=rB1LG~Qn1$-#Z6 zhi31-I<0=nf^Ri~<>_T?0Tcr54+t{{*5nb6GThPC-?B%MAHh+E-T86Ro5E=r;E1^*%_nM2#fLjG># zVKwPx03b^7dXb!^0Y7t(dF*Ify&=SuYcayb=HU%yPc=ekt>fSLNqoug#S1KmAUEq~ z2531w0Kc%w;P3eB6CG%US!nKN-DPHx0-BTIJNf z{cq7u?brTSs;AhAXY^Bg=r2)Fy%qA6%xbH8)$0oCk(Xbrq2l}h2dJpt-uk!bsP=n* zxsuA$`1>sP#fnv1U*c+hivf)P3HOKLeq6z0A*=c|=iOOaFM5<&VzfoSlt|9fG67ZM znBT+I=ePa}|5DK19AxQACNe;oHhMA=G=tVyX*M+Zvq&{9G(nUUr*kba&M6K1c=$?SREr z;dB8tK-Ie(gl<8>rK*?K%6JC?;u%=P zk>m39?mwB13EYRv}Ihsk30nf336lbgHYWHE2G z2K`C@rvD80+0t>Jg+6wRa)2s)7blRNHE;OITp#-UzxxbuAd(- zGfTL;YPEK!N^t6DBG$e)oxR}&Z)2JPRs3@4#39|KA5GKi7E*J@@=?YmPuPyf!s9+& z9vV!I2pMLf52;8(@=mWUG9k_HpSi41=zEbx7w5x+Mq&?`ba8rh*KmI!XKOGmA%m;! z$Q6d-tYGQzu74{vWQ(E%(Op6zQppsB&e1eW!#M0o8NkA8%>{@~_qlxJt3#utVV(Av zKdE+CD+bH1O=&kufrYvDL6I;!jKU{h!d8Wu766vHR! zuTZ=+_%hVFK^Hl>J{#_MxPAS)ajupSaV>|98YV>RLPW1`xHZYSKPL`dHs@=xDR~~N z+M4p!mo$4yM7#-$i%~hv>UtY`8{>ZQ3d}oCyvf!Cy)w`CxdfwGthQ;EWE(AOA}4hK zHs~ci^2Cz=vYp^qbK4*8KFb@A+xjSruD$!UM$s^KiX?Xo`dIL~m<4d=)zRra_a*eb(1Jl>W% zD)4DK(IJH&(|5;Cr15h*-T$`SEg^E`z7dEZYp1z>cS{~k`WDd^2fCQ*b^<-JbF;k7kmqj4CTpibD zk(y>K$47;Qnb~^D)CrNjf$zjg$z`o_~H^<_VCN}2Zb%#8``xPRWz_#iL1(`80t_J zuA|dhkmsans4HM~-+%?G#{QsJ8~6vz^PS7CKFif^kFM{2!BP&iVLKQ2TpF{^Tl-3_ z%3YHyFvS<3EXx$yU4~iZy;kdfID2>j*Lj1=Y_M9UHqr~}&aYan zp*1+1kEpT{Ul*T@>h-5(3dN4CcRLBX<0!e!sy=J!IGSf;qC49}pLMN9A*PL+IKYyCIQ(ktrQHgwh?6s4-C z_4Onrf?d41{K?p2_aZMJ!68aH2{HLVPm~6zQ=KR)iHNJ+PGWthQQZ@nBi$(}Qria%DR((?lb&cg(1JeitIw~QQUe%0t#Oe2ls z9qYimUAzP=_ZzXoK^<+eD)LNgw}~?@IPFU=z0Zq zV6DttSvRc{A9p)+L~qlJ7}WekHyd0}xT0OHu4F3-nz>cD+?aGTL;={~3u~yP0T6)N zV0^YuORSCM7b=XOesv(dmH$~HEgj~GEK4KR>`EZ?!Lsz>zN#`79vAyo%)hDnO@M_C zv)aLR^`Jzqm08SJ5iy$~{^1NckK@t{2LuH@&;?-LA~ojyyw64pHeYQ;Tqc73cy7ru zJmT2vJD+IoxXVZ1z0~z}1z4mn6=Y*XFCK_VaBLNj$w5>hF7)skL`yG3B{%x2`w#QQ ztUn%|IEm(JceEGIA6-0U-ruuz{b*jRmB@gwX6EH3{dkOxcO7^QKGVWYLG^1}RKDfILy2PEtrD+GMv z9J+f;zuKw3t5?~p3LEmM1R|RgzMQOgORR;bHQ<^8(j*tc9f0N`{m3m)m9qY-V3+3? z=UxREr_7^6BNwOz2Ymi7LjQYBeY-{w&g3h?HJ`R37smT6Qz{<=$_juWq!DbkPMO?c zxnLU6vy*2k$$0vps!mrf_FU#DazGI5Jdig;MIuu<2}*{54z0EAN1o^>;Ss2u{vV{eV9((v%l;AH}B6P zcGn;DAMnTi5u8H`v6f$_wvB*q=pQsL;%+R*jphF(T^ zgWTMf#l~LB_S9Y3B%FXH6xk3Fa&6p}>5nPcDcr2C4`Hu`p5RpnR z0y+bV&e-`>>kG|$7+4V2viG`)4O^!n5n)>r?!u_XeotFw?^!)1LEVfxpZ@n*jx)gD?f; z;@mg|E`Ru;0sS1f1p?&;F+2FOYmuB_iUtSXomi}LZ=(iSyEQ;b-F1-*jF0U~IH2C- z^;)f8`}g`DJ8k31REZo`3U-%oAobG&i?ecB1Z9?vfSqJ23kk-(t^IDY8A?@2j5q;n zvdoEktTd`3FO@c;?)u~Y=Q#=PqXo`VufW;D-l0@Ftc|I|dW`42%cY)xSR?}Rt&`y= z_Fu#PxIejhooaqc>#mlN`WD5Tbj9~2hpSvDP#Z6P{`pO_&W#tjD;@w&sW>PffPv?e zO;@~Bbs>XVobwDTrbYr=vpAe`oOOL70zp`ygQc& z5k3Y==qq}2de-V*!KRH+p>wG{Zby7SoZgRz-_6-i!c9u3&^mJL3PCjD0HZI2Bw z>~>=CeSJ!K`UTiv8iI7i$y_~0Nt5NNsFh1_CV!KOUP2CBR%aoEQ6JCtq2v24fxEsBi1YPII! zwk6qBDc%ddNn5ZojT@_4dT)6=+ZX4AGdmhniWn!27XppsPT~&l&~!_IJWY);8wgh7 z-|fs0!?*TI(@3GZaIA~WQ4?d`Ppz*Q(o$nJ9=|t2eIvYjURs{_m`BiC?5meoEUi=( zZ(gLAmo0r!bI;W-ZO-n1%nsHW-VOWRM*k_k)}OG4$!I!Zcf-5u;f&%OdQsRB;`Wz# zy^qqqcQJ4TnJd76%TxA{B7x=bq1}zVIzF)ZP}`^TQp2p-R0sbKceEE^mJk)RY1jC2 zpp2d=XGs?u))?~n04%gmi2@wg)jR0~!9Asz5k;t$VG8KQNe8ZOc|DO&S)RmCGR9>M z*91K+ABMD;qv4!EMc2{oXn4b}hvVs|R%^5pm<}_RVzn(qstO^~h)uHmi60_1f0D(Y zBFATtJca7=Tg%n1i}7#3rMl&ciIl_aB-siCvIi5yO6vtpioY64?qtGqBl(68Y?s9V zB6$sNT98xZM(Yz)mgfxcr&awUKtPBp3AR@|F7}!NJ?#pCM3xtSK&5Z|`etWVyE!xV zcTcyltI|8&9wnmAfhbt_QuIs01-*m<-&4ue5nsfpz7FSBu2;)3K^3$rKyE! zopjz9a`7nAQs7o|HU2!5Hw2pO=er2Us`dTe!gBvQq5n8f3G5`M;PRkkV$Zjnr0+Op5WbvWRGNs~VQt!qc@HuWMh5*)>t)Ve|Af77u zDA>>MzJL3}_rn3}Pz*1eGv_)}23%qaA=q>_g~8G41jDwcM4DWix!I$QUVsZkKZTH{ zYNsyG&o94!_Y-t0a7R4<#fD`kNpH~YZV^`DA|O1i3k6y_Qg%;l!OB8>5Ahkd7JCkG z(c>FDBzic#QO&5_2O!3CbQsPv8?@s~?`QV8SEbMoI^{vhMcnP#TJLs&HN)TMS-EFt zuPPM>`JuZk{Sx`a=JS43DDxg#%{RAT>_P zQ1aTkfkU=4RhC@)h(wp%RPivH$6aALp4OZbKtq6)=1e2aHRg;Dt_GKb?mb&No74gQ zjT84!XL+Fe+s8=bF~-tCx&b#SjRo{rM~|XCx1O_m9BR9382Fa39!48Ey%4s%#7>}& zL3M)csz5A4I&Q4$XR($n1(CFoliLA{0#~haE|ELz)=B3A@xgAsnUN1{*7;# z>b^zRZPsku?&M?=S?D#?!UE%8Tl64<-PUM0@y}{bC+Gd$Q5ge*o{|qvf57*sS&PPI zy!V0qw9fBf+m?hO$5Lq)N{hZ7$fS8Zz73q>X95ylvmSuQf;XIFo>2dN-U6KJ+Jx{`F`)T6~V!yuTRDZ~KGAboQD3@DC?opw{c+ zLYG0kueFWz`tZ*hvXjn22nPLX4^rUk!kWl0;Vx*TYtYH|r@tGrv`N%oZmUY{` z)9&HP^X~Af2fWE~eZo(DJsiIuJ={g?cGjN^h7lVr`s2?Cni)U*=kV@&`Y?O{s)N+* zYko;qf!<1b-{8s=hak(K0av($LT@n#6*l2dS1&&@cx>@Q74!x$3n56^DE6C;Hirra z^fi;KF3M z{xl4dt`+dd!G)6?EObPVIAwANc)MOfjh-Ny~Jq~9n%d4_|+hLX)XVt@^a>dh@tjSJc;B{TefMjRo|JvdP)F5 zQjE$FU{AEpL!uuMq%fxhXvT<$mq&6ud!ULd0=HBnnS^=cwb-I(Qt@9Qsvagc!x@`Q z*^alNw%&NB@mmkq zuh-$W%&{x-0dwKL)pMpG3}>HQ#sgpYTbuE3jWe&ia|h;Zct0>7mhb^g{4Ai{9O(*2 z0|9&pl+nrowuB#$A;(Xzp`5e9p@avQmdx=hzyV)2oatkftW#k=grAT8JY6qrxbZ*# zqz_p#wO@;hNPg{G-uYjJbv!e@Prf$J`HsH2e7~o2o0~W03kC>!l2D?o2CvnSI=&~2 zD{s4|T)`YbqOz>E9EX)o<~$FRU|#eSXCJoNU;TV^)pVl^WZYTE7-9#izmT64TGv!O~w6BEmA_Yts_G0;-Wej6*2N+&3Pkk?PoJJmi7tm*~ay$toD zg|7>n1yFOa$d5sCcn~|ODBI~C=^wBJ+g=MPsXLypu8~KFkSE){+F+QhRnnf<;Qjut zo&Ns)$P|%8F52>h3CY)Tq}7>pR=VS~Dd6);qg(W9XA*q0SA*C z@h*N7Qsw;2RTGm9l`9|ZmsPc!67K2;8x4CRjWq+cMYR7z^GnIk5(hHDHy_=qzI*Q6 zE}_h*rShTKv8nA}i9I5=9y1Rzm^M52O3xBaL{k~7_Mdbd2Za-;=TISVZx4UM?A%;d z<)aMd{T}t1zisa{1S9hf{rnpye(|iS7ZTvKv< z93!w9x7B<0(>Edmq$fhu(itBC)r&pm!QSh!H=eG&%K~91>9Cl>7T8vQ6*t6afFNm- zcO}BN)srkt?l^mH==bk=oSftH{4>mvn~!cY!LA-4d3%0klKF=fb#WJkDzJDX4k*K& z!vFf9e%yv)A22nHRa6QK`>NM0JBDiRxEf8NE{HR`Hi+51VsMq!(Sx}@sZP`%zDi+P z8Oo^F`EO_@K6;W2Xwfh6-Z9XP`XSyZPyID;t9y5PY#1gPtNcb44w&C)+r}@%T;mR- zLfh&KKfxk4^q5!uKHcZD(>ATwhOE|DO7YxHt?M3NW84hHH8?U65#OIvwj1@oj$y`v z;%h`PRh?f+r9gInrZbpR&Y9PSxE+J8zRu4ifFg9#O`G8hz?{Hmd2n#;ii+p)lFMf{^Q~H26HSVBIZ=tXYROBvM)W-2VPRbIx~YoHrbgrEx3u zq`WA*=JiNYXxEdI*CyeGn@$I+1e-wZFe?>)G93@(4bRP8cJwWAGxiV;uk3`>+}OY| z8r;K4L*XW>JV*_4*=+ClZJG1-sZL%VdBX>BiQlGVpb`tQ9imHX2KI#@o)dB;_nH<| z=LJ4zi1O+uJPxUDS7Pcq%*^8OP(L?e5cVW5LI8Qpy->~+IKSLCPlwMGY9kRh-mfw6 z3>$m2?kSH)45oZt#tE_s-+_+f6ctufQA%Eg8?j6vO7egPe;u`Y8kpW?ZYSxUxJ>$# zX>rab6&}~&u1>QI)C1T%gnx^m_?_7k3>|I0PhX8=)?Z*9C38vKsnnws+WEgR8a86w zZBf{j=S4b`pq^=yMRNC*$jQ1mRV~F<-tJOtG`qRrimAS2o;1Fi;8a-p5#X~ToY+?P z#3rp5=Ub96)kmM8_rNN8@~*+3e=RHN^?_KD1~0^b=vB`sh1gbx>W=Y`@(&T^KZ;iZ z4X}P+Pj7W{_i%N1PVgKH`UiOVJI&cOf9?l-J_YoC9XNYnGQOzqgTbtjk&~+yvFYbD8eSI`YBo!S; z?sm}Pz=Wa=0X0`OB|=o9xqG4-N{;9=?lAs}KgD7xyg=HCd=B7UFIcIpyzU9`_U7RY zm`|S2b4b1H)?97(-23~iPpbHJ;f3yMof#^el&SWHO6d<43rY%)P%@M$Fc`uK-RmW^^%Z;%q32NEt7qi^QTdI}@cAT8MR&Y+$Tz?^@rSd^yCo0dA5%fK``$zPSH*0;VGLpF)@8 zzfv#1@GQ;^7OMPhlZq{#U`)c4i{n{l64Wk-4E%0`0~VpXHt+Mq;;L|ft(E>{b^}8G z;eF9z5N+Gk8Z^qVXy6#6JY}F}MdaK{G(#fQ&VOAqkQvhuFXukmwmE!T8*bf)u;G~q zyiDOXz%uCKQ~Q9KS1fIPw=-@#s-%SCU{iNv?ZKNV#TT1>MaKO{%N z4{a&bG>&LdKE2F8@!v56tg>*P2_HJHbT3N;Wl^o;{@%xt8}oSs~3+x>Sc zrPVZc|Ltxad!$$W(wjeni1Cesg;y%+h4CBhXrL&fUWj^#>s9D~rCA_O^IdUUHwB7%CpG$0Q!O`%ZT`t{#Z9e4ogsY>91-pXSWVg!>x@NHu%0_dINbkdY z{}QM!2hN!DUKWQAoR!-H5)s+w!GQ@1JRICZnxoqKvLpb&?ZBkngKPNK~zl z*i{%QF=KDbCm?S#et=7(o#q8xsaMya0N~zYQ~t(Ur+NU0r-;SsQ%Z$5VWk1*9st$6 zb}#ACv9WauczCBhPyjad#onpORJUoDrtE2|;!!nk6I2q&Pp=;{4PLWkUdU;Sesw1Q z{AwrI6cX4<8O{<8!b+jHrS`OB=Q*Q^wfhfx4fWA$!cQf`NGD}`f9@)3#4*!cng^j| zqHWuzQP&^$`rxiul;z(S+<|ueJs-GtpKVl)aLNRr`6H6m{nBrwbL7jyWhWL+X7G^1 z1LdJstmjgm!wY<`@@tyo@Cou$WP;TC(NHEEefC2&HYk(iq)iU2f%gh0xU?PdQ&P9? z)zs)d)3G*BBRbr7r?B8Uy+&ucf~JJ@=LU*cOE%g1I=rWD~jgK zJhk{-tR`wy7RmA9gHrcr!hN-vudSlLg{KZ*f3*q@1673kD27&l-xzH51EJHCL748{2hkAn6zp_zUP-zjRxNPTc1 zy|TSxv9RLb0h3O2VLMX5o2>WwU_Ynq_$)lLWO%Z$VDENC4keu){JE(zYBy{JeIeq) zLdfzlw0ZzQ9Blji;Md+-ME zn!8s-7o}S-%U!gejiW;fOxV#u918Rfnv63<&`c&`_JUrneI3<4HRw9T)y&vqug_`{ zK6^k#9qkDIkbC``2W+@a;<@2=xx5`_TzSat%T)nt&O7nkOB1V3>^7W0O6Od1XSZIJ znOe&-_1kGKWZb%LjsDqsCFf+^cQIbyR)Ww>4n;f2My)^_hS>lV%d1VU9XV;ay}oHK zPxyQ|18B~l`!86Y3K+iNg71w7fu=h$soYC+gK_u>xlpliC~_-W&O%ee>5g#G=jf#B!y1Tm zrc#37G$O=Rx96&=81dP5{!^MFKz%CHcMN6&8@1LHH~G8*`yEh!X;BB}_h_kYz9Mw8 zrDHVkZ90G~Nl7EvE!@9Yn~Nss{%P`(yF$6SC{XYXMyi7XOr=pt8<$a)lAGuvDJ6sn zXBeGCyg^a28)|AC@XjJXThB|v?7kyG)~8jj8`idNZ*hcyy)Z(UMXJ^%#(&Cs#IiaT zUiIuxGp0N*cCLO;S&{EmW?-S~N?)yK4R8cx@|t+S;d$HOb@~Z{1ZXg_=jBLD*zuc!d?J^~nT{=q11;1g)%;J;K)wxW@I^%i0!iP3I|pwb`hMDr)W`io|peV={f z41ROadflLgKb__a97;rOwHwaZrR^blGRhhGfR$1gG%`%W*gG5QKRcik+oqeT2@DxK zPT}xPm7MNod=-qvBq~9Ie=HZw0#Zh!VDM%6ngc(9Ah6{Ox>=;W> zivInZNH63A#DpgbtXUL}UD~pF33lQsV5ZA;Vo%$Lvr5gdlV!|!7jpvH)V0sGu zrlqJRwo}O>WO=GoiP~@2?2NzcHGn+tNq0(f8H4mZlnl+HyUH_CiN8B6%4woYs+^8g zTZ9OiEN#!3HJ<;dHDjA>$PcxiY5{(eIo8VP)b^2GQqyHY610gEQ#67X(X32K0GXYA z3o{b5MHT2&)2v3Y#&bgYSYnjVx*xOATN5GDxZuaTemd#=QkR=1kBlmCMPY!%~0R)T3 zlEvRdTP}$miUuxjd)J@Y%cTN+#8?j!nMb~7R z=+W*3z#g{;xe1FsE859~k!&x-I&8FPh?7J=AoZt|+t2D1@B$XyO}9HtEJ=S-oSzCXltH^J|hFV>ksYn;UFP{1WIwFV~t#Ewa9CUf2rkavhO3 za~_yJ#>1Nk)(p)pTu$acY@o{X&q@0^czpT27vljVJ{Nmijo3L0Ju^1m2ImcSL0r?4>lEb< ztFBLFObQt&Utx=Z@^P|2EJh$Ex&$37fu2{=!xX zyxQHxB^RC^G6t#c1*xjBjmTAAY?&0c4vf(Z)O&$ezjON8?!k*T!6|$kp6!{}$JR*@ zM%QT?1!OhE^;ON%z5}0oWGRdbbn_2A6UGU6oxrfD2-a@39K=EFuki48!tekN|LkDy zNw!}5_$k&&xVwVJ*Ef9_0x34mQOvyfmLV8rsGpi871>TZVbdni3O{@5?YCK4p`u_C zMg{LeXwJ2l>jiS!Ic@r*pNT{r>fLS&k&z^7M}pW`90R+M0xK!Ohq13Kh2#UHTrkyX z0tet02x}k~G(nU_=U_o^7UGc^ub>gFVHjQ~Tw}`g*zbEpMj~v#D{SzPFLe%|!oB>r zn_4wK>wil!{`|k{(){Q6Jx1Gn8r*S%g7Modn~QcPAR3X0cKc^(=u|=uU{(_#anEJ* zi3aLosi3GpX+>W7Eostc zIwdgOii{vOGo1_b6Pi{-XlocH(@ak#4xmKP7Cbd&>~G*5-_e4QBuWq%FxzRx7*b~7 zdmBpC4ti%0mr<#o^;D73HX$lDY(tzO5RbN8C{Q21`cn)MJAaNafRP$FiSa)kn59G9 z)wSv}{e8BeP9ZWI8IN^FYrD`pN*LfjkDbhv1sM?M(BU;UA=KZY}MU z-!+#F(QP*biWBV63NZ0O1lsRF>xGd>UbjVYg5lthVQmxXz#Zha2nmLhs2g2eIQAFe zw3=HeB$Ap-xb3viWBX7v0Zi^sD(ui$jOQzj4a_F37a}Qcgq#YLz==dbxE6HM>JyaG zSBck>{XdK@PLM@Mlo}+)+2krI6M5vCcvI8(R)~n?Y;n~$tO62^ihn|wUSLVMxQ*XJ z&cD$AruCtS(o`ZsyjQ!|^w)h_Pq=jdL#!03QG+;Rnki<{T|QU}&)jLL89mJaELx1O zpX&=Hfv@c2m5$``rD$#vt?QZ9Q#Z{sdsG}mOUcj{D-X$v!DZj)g(pL7hMhn3WHx-CWRjNL# zsfqmtXchr5+JSzF9T8WSvH7H|NXozqI_n54W7rcR_whh6Rgbq5E0>_AG34MsIS-Q# z9WQH4S-5nA7&C~85rD(~2T%;IfYI~g-+z4Cp8xIG`<5s1|BbTmMu3a2&#tDtF>8Y( zqcS6-iYx;u^oMYZfe49i_AZrdLPxM~GoEOU*ryq2M|+JIrbttCn@5M{;Wm8k>}E3q zsMJlA{`MI!OW>k96*g-~O?cZQPhR77Z}}LA^e+4|+@lZ|#8uGWGNvPce#B=H%w<0h^I!Jp_qP6}hw1?ALx zS>njgJREk#S#6lXS8kzMv55O=G<7)l!~c&Lx91>WN76Z_AM#fbg16I2z6G3alvaxY z(aIsozptsvbnShUHC|tbba<*d#WK9}T+~m96xtepNx|)eGdA&o8Tdvk$?3KSp`+ z!Kaz_rC7fb;w7IRy#ZDl#igZX}n^j84-^&3~ummFyC_Wo`Cw!acSxHJC zTTM{(|GLfhIdj-{)_TD7Sg%S0H*qm5GL}{F5(%yBF0<%`7tI8`=x^w9{$=`fc0eGF zZR9gv=3ctxzfcD6oG?yA9tq#t0Pv|7B^L)uHx#IC+kh*|Qb#yq`2OtP7EJ5eg)wV? zvCBT}sg_YU@N$OgdCXZG=l35q_q6*97RqQV^Mc#91(L2Z z8<;=|wZ6_Gy%Ko+A_E8^GAj=lOrev3^FVStI=q{FuRQMxc9fj4Z7)4E_G{Fi4ESxD z?hhJ#K`_ata|KLBCJ{lWdwiDCEHqcvTHn&2&Xqq5o(NDMl}t!UEq~7rtH>cM zZy7P0)?7@&t`Psc2UHWW0hM-rn%Lo()-2TOu$7ztB}+K|3u^v3%c1hiOZvv9@ z?Kx15s-iy>3^Zj&!KL+=x;;J0xJ*2_k7g2DwU=rSOUH^X`qg@4JknNI<=543v05@0 zFJh-<(L?Tl?A(%GS!|Pw#tJfs2Jd+#@nzOlGpF8vU+xq%?a9w3&4;HFgDF6>uVOb= zRgzd_=;j}RxAJERqNM4HKmff`-h1{fNLI=1@^*s}p?;T zDrsMoZH-n(el|yDL9-w->EONUl9kr%gr$s0Rl|dajHbIM!9>|6R1jYl^t^z?hNo@e z+#h0%<2ue?(&eNrlTmhl$?34=IkgHy8<7txl5*&kgcTcUmW17h1_)sy1^tugR{@#h zd4eTNQag$Jkg}|D8Mj<@U)s)9)4A0H9GPBf7caqMo9hJgyPJ;vsfg5^#n}eUL6gt> z2rgRZJgyCFmkKwj&}TtU+K`Jo;<~3s#b^PbXuAdzyw9~JIPbE6PY))T762B%M%UyY zX4C8Jah#u~{+^f56=O=&vA# z>!}DvU9#?`v&B1!n`u@EWUPv$^gpUxoV>QgyWw0UhzsQy=L+k9&~&d2GY|EW7ZrqX zljlDm;0A#Yln)vZ11b}^;H3Idd(toi4LCo>sqO^Wk-CnoEzAK#TX&{*`|_z8))Kx+ z*x^J-(7?D$Qvhav+&DCoHAdU$%UN{RoS7ZJ5h7@-Umf`sP#Ft`yI|}VzRuztfXBb7 z$@mw#y8>xR!IEFSf&dCseUK~o+rOe$^nJXoY7baaS1kc8M$zK}opmb2&z>mat9ot` ztoaMqT2fb}C2vr)Hgwz6)N;+#LmQuY3DSvF`9G}O{XkHzEzN(6 z6a0C8LSf%TpANk>!vi$KjFT2h$4Pds=+h(V$PO}}8*F@6W4vBYA%Byi%+R!tU{`*? zKUp>Im%Bf^=hr*HXqUIo_13Q30nBMU9ZwI1F1``}cEWcxyWJ5YT%B2>V&=|5;kLfd zch%xVqRfu`9@(FLak@f_=+;M5>(;E-ak0Z}h1(-r&xl=>z~jsKso|EE86ROB`5O6>i(BUQ)I|Q7)60uz|XQ;KmhI4F4O5g!AsCh#6tWQ zyA-wez1MCmQcjABgN@zCGcFF0!t#RhJ)CiRJ3B#XWd(12r9;VIe*xgLys?H?+w5^{ z|3}!xf#H0Lpo2`;Wd#P2-ST=fzWH&BunXj4&U*k6x6|{@rEBPju$vo6;v%dn0B>^F ztZVA$?_u6~b4RNMfUnQi?B3xmZ&FPhXO{$vr-$DTy-}`J8`RuSY@a3;|vMY37>1qD9aALLQ|<<&*&jTY$fDfjr(8oCf;P8J53*!*l<-McO~V zevUJ{lr?r8>WqZ3J8#V&r;)RpG)D28oz-^06%k9o4GOu?Iy7jUc@JF;hy|H78z z1X9J4D9;r-^nQgzE_x!KI}vL!FcaE0PbIi4%_||~3sUvGTF~x@>b9|EejI@47l9nl z3fu+Cl(L0racsLNHzxdf;ssjUSkOL^%wmfgM3vkg3E)|`&{N4Bf%|B_!kbEUy|Iy2 z*cckoCnT$5T3-k!gFC%B{$zVj^{jn`c-p(yzoc@eo>vZ6(c? zc%x}%CCZ+ z;}%)$OB=z%24p%}O)zdq4?g}T?c;e@_hrZ?XpxL>Lxo#yB=H**0Xu&LGoK=a-x1Ls zEyvhOHkI>V>+Dl6pr`#J#yeP`AI93XMy1_0>rZja*1|vcBuyH9REY7dEOKXcPg6v( z-2Hum)~s|t^c55p{})l6$HETrPo^nMt`&GKS8NDg>VnKvd!EC1 zY`_6)DeoPkhg32;qJ)8eM+=H+6(~X(xS!wfXho}{!!|}G!w4F#nI|O-i6Hne50L&ns91k!V6a&qM!3szRa4mx}CKWI0U5p7BSUP%~1y^3WU?fV9M{N}5+2=gVR{ zKpz;YL}v~C1$C{)qlc=PR;d8YwECeqkip;n1j{IN@MAt!PP~%+)8Bb$<@sX2^Xui} z^>ukDUa-j?*WY9N=9^;(we74pCHzNTe0OVfsvM z?PR~5QFp!@{`suYV+V-eDPFzt=lFv}32$gel8M#wJZsRKEBGMzWA$>tbMh4_8fkvj z@>bj9*qiOI)8^o3M(yh7hTJa+Odfz2g?00%`KNu!(lo6?MTTJZ@9?sT@Jk;wmhL$xC()c(AdtF zpjU5=Ll*A5SzGmrL?s@!O@_IzE*xF@58q@qqSNMNSSwO8o^C10`L;X}1-$z<(Pr&WY6A8-d+#Z!mowS4Yna|?mEB@NvJaSU-y)oNrD zquLmmJ8Z@>aur8dN@$v@aCV8FJq3zLSVKHY{Qd;q%Z`^|YmY(+>6*H&BDg5YSMr}- zP9#qu8dj3a9^Nav%sm{O8`;Y3(AwQI&a`>LBid-YTPkB(clffv7Cb7&^{RQo_%%KE z;WiUS2(#5BvgfgW$rnvOB^rmx={JS?TdKji^F z#U#{Q+a{2~;{o9u$7$M+p6RHa54AHXBBUucCFO7|obX_)*Sjv~1@hxazC;4EoRT&Nh7D@@95@nq^ zL{DTISa@CB=%<@)lXR#CP)zLB9g9Sgp?ED9k$K61)$|(WZF67Y3B_S(z^OZ``cg)q ztr<|Sm+8MLhE=>0Dv7<0S_-=&^M&)U{Jjl24KvaU^13O03X_5I%*0zmj|+GE0bMc) zX*Rx$4ZyHj@*;izAm<%eD0+94P*#;OElf%*dyA7y3^p+ng;?I%5Mtp$23=RgQ~C{l zYWVUfbLIu!pB)Ql=SSfyt{_fEG3LCH9>?65&;&u;u=W%PMXT7A1e8nwrpaP5uw~*@ zMS)}s>ts}kCzHV5uT?VHdRHOT(Cv6ayt}{%dZTlbF1mrga(J7>iaqMrdRCWNKBlal zBUcXvKC-e*7-_GS`Ijc@qu{Hjl6wbpVC8;~5?_6Mp&Fv?s}HRIax%<~QC+fm3{m2?V3FqLxw5et@J3y@^44cx~_gi zJuS=XsI3I~TQ#Tgd-k4(pan_P7C5sWaf1%p>mS8EU3`mJ#?KuX5(Wdgi12e;NM_v+ z)FW3S*uoUN(fz3VuNHqMFy(>Da0HRvD1bgw7vmL)$i(y_5)btO3HV&RlYQ`O2d>cnE#Wa^ApF z`u*~9l~aLA-i&C;L|WoQWM0F5)}Fb|->+CdtRX5VX?cfY!lR4Gs>D zLTKzRM{GpK@WQ}74Mr+De3j--Q(_~l-E}&o2Bw|spLPsQ%gR|!OEpggv1J11suZJL z^xpDHjDDMKNs_=kh!Q|(NO&xyR&}+i6=+O3;W?K+4$|23)t;! z#f|IC@xnydv)u0oHXU)(crYcMV~Ie``yUl<*xfJ-xC|?#$MsyaPc+6zqbLORIxpeO z@mF5;YjBV=uZo-)zGULi;2MCKzQTOy1%dsNtr&1{$qv6n!(yMj@#y-ju8H|BaLF1E z3>A%t;*q6)XGrafQHvaPm41YROiXHvR5R}t@19*Nq$~cB{Qb>DFGXHIXPt;?ogpNY zGx_i3d&pR{B|?iIYy1^xd;->o4h@7gqaA!JQ$bM$rfth7dDwYsno zAm*vA$ZHuC%2Et*( zq!knOqrd#*@H35&#%ox(ZZu+i2)A`*)c6}wOd_E38=wQd#&N$$hQ%jP*G4vz9^+>= z>nBbo!zcW)|C)`+JAB_>Mz1a;rO92U*$%EAOe2P5wQhWgmzvXxUG4Tz2(pp{=S*w{ z?2Equmn8d9y=>ieUJv;dd;rE58jA^?mktj3vx;R@TlY*}_ePL3EkaUlXIVrHM))QI zcmW`J@rbgYu%(nL;K&A7DA)4+ovOx8t|eL1x@lsb@MNe)R96L1g00N-gt$v9d+D4s zhwyT&Q+NWiGyu9T{JX2hi`EtT#BgAfh*atJ!sHgsq;j);y`YR7Li_K*c?TDJl>`mwu@iJR{2s26khKMN`~O3R$iYM828oQZ>_*uZAb2NB-q^iThuy znNgLNsT>fW{S!u~y6!2nD&GqzL@M-$s^>a70Xt%da>;&TE)F0w*lkz$mP}>MgGSz#tiPJ zR1V-a1KqOCR|kk-0HAj;zpNc zGU*FolSZU4zIK&nXB5HSnbc~Y(v<^|C(x{>eEj*WvJTaUMo6iQ5sstxnt88VCc$)} zsG^X!?s#d!`(wsLp16#S7w~cm?UOd8`&4nDcqfaxitaCnYZ|#llsfeM0z8czgnwrm z%}8wnAsf`y)A(=^8BcN`b!T^BDL!AKPP(B`Edd4uVQG-JQGv_n;@-ybz+IW%PxYcz z7mtCjw6z(kXA`0qrOFC$@x>zgCN} z6LI@|n<0$#J<99ikab7q3^d^`_;bU!a{P9x21AFy>);L>Nxg9UiZZ~!G zG|+eA&Stp3`}UbWC2=iCcf|kXvFRGXmrH7l=D{ftvj4e~i{gp`RV^4Ns0LO0weyAN zbMyqiWW#20PttvZcD{0ZUTulxw-q|nkt;74XCKCCD?orWlDi7Ds2VTK>cW|V-v2zY z=el3>Yip5zV$dG3Vf@!9_|El5oJ)f@zVN)``XTGdo8KIYjJJbi^vKYgb%E&5boiF& z0`rE`Yoayz@YyL4p7pV=@##bR>pO<>^=nfu+(m0+Y`~MR{X@>rIsDF>&s%Z*#K;-^ zjXChP1t92CF@ng*HTsF?^3?=@uaYk1i>w9OrIPDoFxxZx9i3Hrvyeu&lip=Uf$#RK zDbL6M(u{yUtEFr&m8is;ZmZ!ty{(|6sKq=UqV>c58R}Uk$So~EkdXQaI?8#tor(f7JSJBbU zzKN_rV8jEpu-=z1%EqZAmIk{Tg1!lJ$Vg=rL}lgDnVY82z4gHd#Vo)Vld z#m(X5gGM^NWJ5Jw&9oK`s)%;)_Eub^OBVPb3zk#nY=r=}saGqPDiWUadf^434 z5?<9atJ&Smt`d=+@OxT`C9RD`hiy82+;o3DCySKkI zYOV#MjB~p?oSXYkMjiKqw%~em9yJ(EqP_GGA?*MsviT^Ic$1xKwJH}720nBjJe;QN z-Kk3Umz#Z(9r;m4W)tNG^(*(xe6);jU5&qZg&c-3zo1f5Dk})How@pvaF?x)?mxi@ zUV5i)7`xV2NMz}F=wpqrRaGOiT7c*YVi^|r-rqrIh~muv|I{+|esYTP?59p$^@kJX z5<1*W-2XI|XGkz?^(Z2LF|0jUfIZ@dZ`>(SGd}RlfW}>d z-H@G7e43iw6A0GXfOg4>RkHs##g?(g9EeN7K#>?7K_BYzG-N#0Ty0$_9Kl!54Qbw+ zpPQ(XYTOBABH%p&`5~DFRa31kq!I5aK;9Qs9?jGv{Vi4x{)An^M1tN;tTSVHw#KVh zvqk-jaw;R{EqG*HYbTk+sGk#(p|g^q#vy&xjv^m;CB?8YItQ9X)-)0`W&>MuxfJ5> zt;Gl~aqC+={o7QZMcPale|a1sel%T9YwZn7kCR_}I!&9dFBRyMLG5Z{3^Jc~XTLJ;|a(gOWs+}gO2KwDJZ^A?`5U6@g`~bqw?|h&C zMy_AjlSFdXoGq7@61dBA@#&@`Q?}f-1h}2uWcZgSwgP71=L+8|eAYBF8ejJJ`d_qC7q-O3hpYF!6&s=G{#qDL%+=ePd(M+!9L4pwR-J)qpCd6(E&%;6 zu(A~pYbfaBqFXne$obvdjK3Q3!zx34QNYmvg{g&T=q2Vj*_st$q&Pw=JSEPq)XZMj z?>pis7DaIM*pF#Sy{O~hX&;_Dox$_{{q%YZ?t>~z4&TQk|0z9h`sA9=+y2iEy7L_@ z`KxyPFr(VCVdfC7p@>*p+TMBF%b$#=6rydW*XdiUj;kOJVJ?3f`j{D)h5cwDoRrEZ(4L(*o{QUX&u%`)4{ z0MqnJi2?a@b-A;@LhxwfhI+*-{!<7{bcHNcp7ETNro)bO8c@bq< za^0qxFad3uW0Uc7{5#M3V=ckGs7@4#MRZ|;KOa%CaUX0_K|*qT zp16eW78wG%H0hz`5HH`7JIy^5Zx#dLc zx0P5}$W`aahwv|F81zhs7n`!DL9=-J-q9}TpTDE*!z1lXi$tlDdP%2^jgA>v26aDw zCPH&O>UzmzO3(PN7k6czR{Ay0+n=~}z`xc^#nmK+Ki{q%fTTl_+iq!KBq4(-P|OcW zop;(~M8usv2Fa{8C*U}(2^)YaMm1-hgIm2?4$Kl`dcMz`G_ptHRD9ypXubUqd3Qv4 zmPcsN60_@k&8D5HC3c+yo_Z*-?b}!E|5c-ikA!1NcY);!`sRsW%8?e60?9#faU*Vw z>*+YNWQ?iz2sD0}hswRAdYvaS7+RvmI6>+IN@2Xc)^_T+!KxjJL!vqPllS1ErpRbp zTMX6D4@L>;*=p6Fo8grFfJD zxEGOX>T#Wmr@_nqTgXEIpoa!n1X|pq6tDgo$|&VACTABtJfeBzgbo35G$Q8yBSoq- zyYeHCl~0z$3>&v8P+zJW0@oZ}Ew9%o26>M&57`sYQy9wS>0?8^q_kVi#2^VzHVD;( z3EgZV23m>o=V*A{M>qma4t2?o2CjZRn6P!MA-$SA;&C$2-_T}6KixuyG@OoW+C%#Y;Q>$KSboCtt^q>PJqDd%){sw&orrzi=-zm z%sECrj@k{48*_;=Egi+Cd3nJ8TRJ27On4dLRk4cz+awkOyD0Yk%ueREQ@@fN*c`PP z+@+R*#CrXi%80=&74eHN1fKC6h3+Sqr%>v?vW4&!R?07OG#FG|((=T$SHN0f;m=(B8m!QEDko4W2{ z>=%~?vj0`MDpLUtg)@Pu87CJA9xAt425|tY^X0ew|HFDd zo0xS|S6^LKZP)M@*Wpa#e6PAiki`({H!X*OnGgQl+r?bM%?+jJRl#eA4P*ZN;az{H zPpad|bD+I-zv-fBQ?i(%08uZLw-99D)8AFYqEt@PMaO9HicK|?=m`;A-MF3`|A@s~ zs|4*M3?!NcstB;FrkrF>@>uL4uxr19XUH0ok0uTNN2$aFAqp6D7a4L)?I8igh6iOG z;E4%#0>_>Tx@ed8G+NuC=}Z*Yar0<^P&@Gn_Kp~!?@j6 z$6xTwCt(vhSGyKRK^YOu=tUMHl@DN3v$Nj|15;`oZN7*-Wu`BVpplu8JNz975SpRE zC@9gj#t@s5`lf@tV2VST->}7^tR7TwentP_y=ZU$p1urUl|83q8(-tSu86jhV!3%w z@bp=QUcb_AeTZ|eZ%69ZwDJ6-gQH|L(^UlTE+eye!skXaxMxWkevd_zr6>RCPPxy8 zVmpeFefSA@I$^i_PCobeduNIhYH_Upq3v4>h*h&`B!>Q%YBjo4wG~WbB-S=iZ&BgT zvcsp_4EX5SwPib*(W#ym*QB)q&$&xC;D){I%#KgGn6m=h=za!VbiFy_ai>vk1l&_2 zSG;tmaY&t+uQC9qZI#f;8)b^LicCG+Wb3~f7oZp zZJDNaSS-gxu?#^ZwBh69|CzXs=vlCSqlB&yiuc?5)hmOB3C5Q#h$0HLtMTglY@zq;fX84qeQ7M>j_ar3o!oZc+eKpO(Qy{vPK#W;N(QqX%24iB zW%;Z~1TIKRO-T5CaU-Hc@#je+jblWjUzR{->(yrJTm{d*0KwemERG~yNg(~U^Q zpCx9ICd}x+X&O+ezDHdBKbJhiWx?-U(NB*qM5b;{Jt0L9h&t@fHjNBP^f_c<7_vMD z{n1D*HjUJmMKDuWkF-wigc{^s9&_mVdm867%W(-m&?w@_`mXXUk4u~S3bc=~kjJo) zoixKY-_Yz){fnO7*(_I`FIDETqBy9HCqyfr3dPVb=uCol$%V+$CyLub=5fgDq%&P4 zS)Ftw&!n2sPB!BrfjOQ*$sdFaf#6xZpmp+N{zSQ&T|Pz<>(Pil!JI}JY=O^ejeg6S zo-S49cCK0&P($QD(M&DI@QKDDaC|}TgocOJAZ1MboQIsWB*pE*nUs{=FroItNX!*a zRC_1>j0<@`#nv<*RrN?`&Ltji-ih}kkEfx!QhZ=(MlNXlaCl8W(>nQCNi%iwH%(-! zH-F>vF&#g#;#7CyDNHp=QTxYusE$OQ&GfdZlRlkuXy%5cBAW?)l0DJST-9CX=KfCc zo2tGj+!aL*E3YJYxd(acSFeUPNN9LiU%#c=-Y*DU0Q#I+cS*e4h}0KlJkU8S)%@eG zE=G-q#>cYQRqks+&Ap3;*Vk{Q`Fu_>X=1>b#=|xqFk{Fzn;D&c2~-f(Oa?Hvut-bk zWZdioVxBPYHTP>&Ns}!(RRcE6NZmVYPoNL|sMb2W8k`|XJe;^aN zkcwi@-CC)lLoP_j$PYATTpf19ADnF2p7BWUmo|Uo`eiVNAM!NgD9(;(oN+o8P7vz^ zISqx>Z-Sb?=HV0_Eq}^+CJ3ejW&s*q!M$T?705pIeZ@c&Ia?B#^}Om38uyg6!R`G@ z%hQ(}1Hqj*HefQxCUob}A(M~un7Rb%zvdx_i4JuGs1KPdF@(v0hQi5U_cEX6ba7s_ z8}!P6T=B?5CY)eZl3R-v=PZ*V5s^CN)TX257TZ+PfTp|1U?^pj2q99Jp_shqELMkw zE=2abam-{xP3FOWZ@Gj*WWhh3d=gV7o_uXNrHX?L6a)1{mTyAG3kw|vqXc)jC*D0n z-gw8SGre>?CO?Q7jboOMb21^BkE>djKr^!<1j7@%0g2-(vJ{kP)*2bbkSR+p|54Bc`ndYV?s- z@kwwv^MgOnmsBZ6Glr^^I_btCUW62jAIx|JE>1?se9u`H)A@O=cDY)xtMCe`ioqH) zGT{)BNm7j+H}ri+@&o<|p&08N|) zs!U^)yu^e|Xps4#!#2zkWd&_iaVe2Ze}zo#%d(kd42?AyOPA_s2=G_K}@yC;Y?$$J{m zIN(kdoQM=?(bjT{6GdKUBuim4TSZ^D)ozko(7Hd`Myo4(2DVrrY%KDfY|+F}6fGwk zkTHa}wIEGt2960cwjfVTVs<5ixQy>!5D^5ql!)&;F}b3O-ar%Mljb~rEV8ei-?%Wf z>k$=w&^_G%I6KxowY^)`Lc4~n7$8D>&&nu~*^Cux(v*PHVYD#bcnOoy!o8=7*WRQ& zt$xUYe`|!Brx&pWt`KRl})+`cUquKL;bm3|ozLh4)4?3-Ud;Hfh98!L zUfSS9$#!SSA}-)FH;IRiroT3a-_7*m%6rbr~D$3Go8_`WKNTTz9@74Kp&{gP&~$sw@Uc5 z%-cNp%)QQy%q9>%yO%0)t3d-6_vM^P_h3110t$NTVF*+weNdzA(h7A zp^!dXv102ss^(W{!1!kFFPi&t1y`A@mXA5_%u;gEBNvg87X4HrlEirgqQok_hs%C$ z^%ef1pt{)>alj*9@G`B`WJE@dp$i!siHhO23*dIe@7F|@r?cv>~7u8&e%O`y*VU@NYlZ!a@T zI6tq|=Ic^$sxo!5H!z*Oq#51AFaw?O%Y_pc;Vyk^np(FaG-t>kd6?6P%xTCx?9=h0 z;;KJl=MQluz!PERv8h{GP20bh6}xd6~8`A2Xmj=SQI8q&+`lJyAV-~P9rE=j1xMmKsVn03bDA*+0f`(bBb&AE3 z`Y9wYExZ}>+@OkFt3E5vcsPCiym2mx`vMA3l=IquPmkSe#xs+5xD{m97AE}){Z^SyX z$U$Lf<_yDE{R!6hr+f}%0ux0n_0#5fVvuKT3~)8eruSm+Wi zq*gL~J)NkK!k4MDW6t7m6Q%p_=JPRFj@-M7*~R=UlnDJSk^WKf1d2@6vW}6pK=aG= z?A}_@NnFnyA@BmmAMsA+B|0%sIGX)hgK!sw(F}CdaFY5;>wrEdi*J8aSfi0!DDjkYN z8LEVJv|bAGlr$B21+45_K!I99e^9Fp_yeZ={>g#b%jIr&FM5B$R1TV8_m8n$9FqN4 zw#rhP-M<*vINScK1GQgG*CUz&QhWx&GLNC%aWSgAS*r~?!}~3;&MQP_${! zR2!ZvF0Dn)oB(Dj7aK5{KY~J3$0USW2f8LTz%tZHYB`a{YPXZPOldmr36G*l z9+5eu5)bnrBl~-yh{PUTw5L*}g{$)ZUXVu#B|K)If;?680~eh8KIC{ZIhn4AR-pM= zqj#7_J&rT74|Nal5U|*98Wj%mXtN-bLP@ugyHpkxH}2fCd)v?j0)CK`MmkhN(P~CN zxg^oc8Q1}}Qn<8kN+w>dcGzdlX|qls=O?P!;CR9nJy7C`2slXQR^W1DQq5=xzzSVh zMJ5e!0azN0kM?PSwK4rd3Gvg<4x~u=w;W;VFivEg8?I(o0$m?0N*~fy8L@CR+qZ1~ zw5&G)6grG*2i4Vm%A^uzFkgG1sFO>E4l1Fk@jJ zG4kfff@OHXu@^lbXl}L2N1eU8>ywgWkvdcmjS;nYz$QVll|dwjh6-_}hh02cnnkbV zN?mp9esni%-E`ONM02z|*bAqR&Ypz#Tuhd?=DAG=KXt36NUatW!+{m+(MU%QG6lcZz6k4Y-Zz0}5F>OUc7by3x$Su#c-5!Mi!1hg- z^JGgMDSth>(-GsTMJlI0Gi}XxNVR;xNo@y zs8Z4jGIDZseB@<-al$+*G$cbQxPa%smG{5b)R#*H#hKi}T=QYZBs1D)9_#cmAgq8B z1UHP$<|*TIOc$(2v~luGCK*p2Ov}?HSwgu)mII7n?m2mbRith*Cqc>(kfD{d{YWEK z5{f`>ZKE)%?mIFxy#5=mn6fCUlizaAGLX`lPL!o&I7TG_PbK?$G|^D069zqS(8xg` zDUTLjZeMi+)Ms*?gleB;JW#F7M4qylh(d#+jmWr(l~H4mM$PDbG0aF?&Q@oxK<{q* z*W^d_zfo&gC%sm?b&p?L{Y!G!>V9bTYqeJD-vKOQkxQ~_U@7bkEY+YEv}f;x9>VOiPjsHBIo`{vBAww93nnlcd6~qhgIdZQ z+}R#5ZmoTB^{3zFtMD;$x| z@tCJ3=D%*71kqDzD@SMWqBHk=o$Cv)_b{-6S<9a5#x`t~h8hUlB9R*(S0)t;(B`_r zdpsan>-i$&gmGiXD63$hRGOh3E@Ct_+1<ZlyIM1|A zdMwbF`Fpbff#_VA3gF_@C1@Ss*<^E%@3^ zz?IY;7m}fUY@Wjg^(L=btNqX#sB>)n9goK;ldw`iUH%2B6)#9A@^My3v$Vq5iN`$S zaJjd+-%T__o|Xb5*0?oUgeJe}7sn zbK^nok_UiNDlDWAK*RIerb}9?WhR4Cp7YEw`34|=f|o5;le!ZOOIaOI>*v7Isal+g zk+pz{wE$iJ8Om!bygQYM27D|Cp*!?u{j4o(1*-_51n06;+>UtAxgFee{yZYX&fxyy zrrRdBSET)}+i%rsubQNdX16tiZ>e2M;|D;4sW8%IYh(2sB#n?UTS~`(4qCQ3k!Kjp zuw$F3k{Z10-gF0pZof0yZKH2@6sv824tX++wC>4V7)TIl4KAA}5tR$0ls%}Exsd9D zqF7W22}HFRQ%Y(noNbgDw`6s1K|LL}k`&-R*J`6~|GG7}9d>qSY^lfDK$JHr4)-wp z4tbl#ShnN;5`T4lA=-dbK>9?c*cuXSUL&R3}tRykKb5 z>Llv?9jZ<#;HR;<%oZ4{#^2o^q7UE1OHIRBdH~xx6Aqdf^L{FM#ekNYTjT0;qbP3_ zkDhJQ^RChedW(I&ea6yKR`KdZ+CFXRR?Th7U0NO80g)YKztiiq4l4DhSgqA3_xrs(dU2vs~R z1$c2S1D8o&P2`i1QTW6|T-M^6pr++rM=xf#Ga``DwR_d=T#}2<&FzO;ts5{5hq>V_ zm}M+ZGsfdO=?nQp7j-gv;@M{=u?&Kz=)C;)=4#i)=r`a{ozaxAn8NHtA^?W$xd~#X z^-NESzZxl@^N32r`8xMxE<$i3*~M>~X{E@ek|%Upo(A}zmgSFv2LvmFV0*daLa!;1 z)6UV6$l~I+b?O^GzgfddHw|3gbIK!EtYqa7XG)}5!} zxpc3ZAnW|6NN4RlXmzjl#{!?4f!hTwYbR>pUDp21(u|HHp3WSrDOUzw;>@LO=i901 z)$<~cN(V7iVl_oF0T7AqtOm=4J@p}i%`6Z8LXIV}yc&kvStBEY%IMi$?-na4Ug z8CTRe2Rz5Awjsc6%;wPO+-saF{>aGpXNRv|A9mVgU)%7CbLLcMsc|kbi4bf!TZ+cf z@&p6f>p&W*uDRmTS}#BaqDrAlQ@K+oM@J`zXK$ff1$D&cH&!gW=Jdw9-7P{;Tm*Da zJAec&`r+K51otnq3#2lk6QJm1aj7Kk4rxwd^sD822b@* z4zxH_rnS51>Ejcf!og?OcxtTWp;~L}1`g5AI(RfKY0WbuZ zY0flKony}E;FjFwpnDrrXKQgly<^Qev_D?x^V|24#%+wLgH!`dxn$2R^DASaS+lQkMp!UCr+b8fo7F^9%Y?_f>p4%wNxw+CdzpZL4M5H&|Nu z3o;i_j;Ly&sDPx9suEAr+^+(EV-1ttHxmcdl8vKIs;@-W^%`iD+8wIfQaAUL^|$qcimTe@+UpG4?^^x4)TGPa$uVd3H7Qe5=LTDCu&-fR#O)zTGn7}nkR%ofFXWT|1x4)&Vs)x-VG>hQ7#yh?GsMo)dwxw-D%_v++o z*y^`Cb<(|S-TaJBGdK5t?es2g?}yhrZKP^l^EOchij)-H;L2o+LX<&;U*Q-My@eD+ z*oZ!zZ@*=5+v1B#-Wz}{gigvvu%AxVbtrR=zGiY2KZw9(s?xjHPP|8r7$9UWNY&e9 zD|j%)TM)?4sm5@ZuEt?oc07ZigE+OTfe|fW{HYkEK2|^<2M12Hu&yI+J>@VCxT zD%G@DF%Rm#RhkR9Ec%nN&nLz)k7fjz4mi(P#{o53otM|@v9)t2`^^iSHr6rKV8MU2 z5WO_vpLBXTQ=v{!ddQww^r&vOaW+f;Y@T{T0Jx+Wk)hywqGTS;`q6_F=2Sa0qeaAv zBUv3iQ1&YVwNxdTgsHKsZ_$QO{2f@;egCpEB>h{`?hf1cz0sXwEhEw$LE+mWY4v|5 zw^yWlHzI@K?e(zLBbS}`otxW1XE-7^-PXlThg`XWckk4nH#fH*y8Y`q>AdgsN%x9$ z`&YNaUguI5=?=-@b~NguNC075H@Bk^xxK2ZmtMAdt?LfCyRDPU)?EwYwYvQ_sHj^v zb<+83r#HB14S!aJyZy`Vu+zTNwMNi_>5(zWk@jtW)cNVY)4%JsZcNd?0P{Rl6;7cC zcWRJV-MdkpT-=Yk{my7qCqp%e`%ax)-`-w+=-%AaaboVe?e3rj0UfRP-Tw8+4fpO{ z=V#Iyc1Io38j)6?bbGzdWw&+LaUE%Q%zUX@cjWF}>yBJ^`kf)PsUGNV;(DHvQKdoe z(i(TPq07-|K?W+uVJTsO$0o?xn5e)aAG?Smb@_Zm#j3*})xyL$*Y>RqWl?Fc-V|9k znQhz!hLzbw$?BDoCl*DBsJ@M@bG_Z`x-;yx`af^&c;ftaP}m={DUV~V0vkCeaV?@+ zyUc(|E+E>wz^F=o>tf=9MT#ktZTM^1$F#XDth;WU_@a90NH&#ANyQ!W>bLSvH(L7_{w=S+W0-ImjNO?K7cdU^9}VP6Md)j z*u-0ssc}&OR_4ij`mn~>BJI_=!6(%QqL!{J5G9BTz6frM75A4W2%cRZR77zFk*0O) zUK*?09ONs^0Bks6amX`3YjERCBQVt$Z$<@|e3qtKiuEtO9)Z*=X1feu3tNk(>Z-fs z7+tz_pbKRA%0d3vTR~m1Iupf-k@04SP61yCB%rgSqx#X&5n;I$<{JN{a?bI|vt%4k zzA4ghle9d{RDEwWZe^L6GL7~OF>oBG1}24%^NfK@ahi|StyKFVqP=`xevdfbojBX%Ku%vkZt`26!FW zJY6W_Mt+)5i9zhPuL&)LyMqHNo`-4_imx)O$X>~nuyK5s_A#&EbU?sG|3Wl!7~W*X z)j~r2G@nf12rs$Q6?2xLEQ+R+F-p@r_(2uh(hl9N*kWwCKI((CaFr_g`cYp*O7K92 zv07j6x_4kf>}$b4syg;-*;#%ydRgU=_<61Nk~n5BfmLQFVt-YvSkZ56rM>_xcjts3 zY(Cvor};rS>|#A^nUf9od2D>`)gC+839PI;>=^gsb$ZX`{68x|7JTnIL^0J$Uvv^c z_Yn*ivy*6}SBiP(!L#-4_YeULxGYX(Tr3FQ7dGx}WXwCQAghz(@82G2Ll1my1=-#~ zooIk&-5oCo4Q{SRhEeN+;dFIRNGq9~B!ip9c;URAH`ur^1jW9t6tTDUB$)Ad6jirJ zAbk`(H0n<9sdxFyPro-4Zkjl7lmPcb9ku^sw|{+k+pE=1njUW%0rX2QS9%BfG}0H@ zObdCX*f<1p1}`<(X5c&qV$>(IKaAHnD!P3&*hJF&`EHCAO6U^4CiCJo&kWy|InA{6 zMPpy9Ryf`^z!^F&_%vf4zLS*%)jA596=kQ(uP!@XTG?qA+rZ^Nmu-LyUs&?j%8!>u zzFDV^ju-xVIAIgTG-O36yy@7Dq5+^Bv}Erqp$T8JHC zfS(x@x(P#7d(wL|g_j6>UanK^@~y2aL_% z72^E?yMXL3sQUnX;0a_`Fb*_zWH?Q@qj15_fq-@xi4z9za5{PHBL{D zjvL3X$o|or!;_=qDlS)(^qfa9KZh4(edf&>G7Y)(Mxt>)hACgD*tr!#qTN)?!U>W z_MHZ)0R?dz(eo@up>%gL<7m-I8S-T(psak(rNR!c~X8xAAotb@=RzaA3bq; zMvN4()LK9@8i{GM)*$_>5zGOTuJv7}&BbIUk|~iJ_0qtfaXtXB6_oZmi<+VvoFw&C z`s;5J#d;I;tmIpDdcc8`uW}8-hMp(zIoLAbQp*^)CkA4DcR&O6A2H}L&+u| zgZW3rpjH3pX>*p%BRu*c>sW|X+g!28Erzc%O10lfWAz7`UGu!MhHmy3 zwO9=vB#mG)Rg}dV$>T3o{r;t`X;Ay?@kmQrkP19o{8DN!5}VuGetGmuh-y{6sRm$Z z+G?i=Te4K-G5~1~wP~KWqFWnW8boz9Su#E4TW&)fD%pmJQxUQATJ4u#eyP!fzsGc) z=j8FY_Q2!teCbWKIm@Wxl;<@9!9C}sYQ}3yYEwlJT(~Dfma0D+WXNdvLGq0CXuPNq z63~POJX@%z#PEW1a(vCz3nnT4p3rP|P7Y^c&JN9M4nc52PI4(l!sGN%-QpwHya8^ha!o3VV$fm3Yqj^0c@8v4{J8DT~fo1IDZJaB#mTe zV%bnt&y^lQPlSB3FgEFsNmM?A<|x%Ys_FPW8bwvScYp96!pG@@x-Uu%qWu&z2~PS3 zDepZR3Yd$m79t~4^wbAXO7~*8`Ps*)xRZ>Ahfj)V4w*?muR3_;BGMF@$fr;0zs9Hk z`p^IRPjaH}-ABjJnEC;J{QKa&?)-l!+M9`|m^6kHEP4*_t(dr)ng)%x=SF8EaJA&VnqXfcQ zdHPyz4jw1oQCr^mZMALo2k+YltB%~}|7AyR@X}}Q>IT2y&?V%Hj@`BaO8z=$FT8Hc z131u6(}V_0G4@ukGa9tooqyZ@crkOK&k>U|;9RrI(s{GxX-V|%T2ln4)Y#X-a(T97Jkj+0%d0|LGD=@P3 z;Ug+v*hd!3SE?^SYb8RH!U+X@NIzrZ!E676cw5_wI<%r1YKbs!kjXAZ<&V>0Y3^AAv)fpS*DP(OAM1uB4<8hogj~R=R zCvZ#SW2iZ^lAm?Qb-X1$TGbU#nraUq5hLhn<%9-I zjqb|$Di$I6>ab_4T6RuEGKcOVW?w`M{LSEiVwnuIwunvr3^$48s5gyVkks* zrKIjfnz6Zi4lS^-?X4XO2JLsZANug^veo{0`@SDt2-Mutl@AcPy=kDW0 zw}1I@)EU0-wpG!T-S9a7q@|raV&`O-$E~ylq6Rq0GxUIkaNBf6L8-ppr%bMRK1rea zil_S8jiW*?-=hiqm9jvx4A#mnYa4mYP()5Ky^0!^msyT!&@_R)$lD&?rcEvmtq|(H zV8c>tb|+Oy$TxjnYY>`nH(3pjt~~itiGupM-=3nJk`US;i3m;pxkL?$gI45`$+0ew zrwoSq-FIYYs+tobtTjlF#}F4`+jV+w0KcKZY{mVFr{wthqPe+^ops=e2%FGpLV_ee zCuc`T^BN&@HWzYnPR@=`dfbY$&Pgz>HONcLv7q&e7Hb4io*I}37OKg(T*P$F12Ql! znOaOjQ@mI3$5=eY7zdvkUOj;`l1Nc-A~?9$CpEdD{$(87*ywA~LmXfbhlBEc>ZvaNB^Wmo{wI~LHeovqYc0Mvt<9j>9j_j{_S07 z^kQBB>+SzXr^lyfCHw!Yle4pL_W!T(`TODFf1H!=$i8-+3Q3PStRVeR_b*KpPW`@ncYgOZC`NVyeLmd7oswQFDO%mRmT32R$l-896ywZsM%e#PMzlZ0qemZ{ZRRm>P zGLOAANEW!&j5T*_S&X&QH)Wg;a;YWt8=n<^!iY7 zTlI6O72M}!@A#yret{6MbF%lIMqC4DnV^4Yqv`VdKju;F4mZz*8e$vb8I1#tA*vC` zb-qvS(Exz5nJ+~Z4F((mPWEaENCu#OFscdE?L62+)R@eYWtEJv5u-k3Z&_)(2SxaJ z4il!?zNu$~Gtkd0HKuhp1^2$a+QZxQQvD^;RozV49NcX7;F#L0X&nMQR(Jey#EeSr zA5EU$K7a6M7ykcD_P>e$AH9CP#Q#r@Uwz~MU*ofu|8K+f*Yo<*Z@m6xczubnKl;`mLLxe5k)k^p z%y`BiikqaUF@rFF$tFxfh8Lvju)r1Wz<>tO9 z`n&R#5XR_UkT%ULvPGgspcq0tH9zwCJkKadT$#+7{?*u<3O@?yon=4`w?@6o*RMzt z(QG2*Jl(Ur19r2Uw1VYw)q)T6n6y&Rx>hZ$aUfyf?qWC~med2pXz#sR#Xz)_x$50F zVp{di8v(h@lN=$YtSJSN7J#cF9`P#L@!HoVtCt<4Le+B<;EeBy#56TMuy~XD;h$5Z zomsoiZX%4WyJAWGMg3uP+jlGJ*7Da>#CsLxFKEhxstRL#P=iBm-RyT&fvWi*Wdc*N zVeGukDXnJ*@gYSN!ggnffhi{06GB@X&kLEy0MO$_W$l3hI1wq&gj{Uc`L1Aj`?q`D z5uV{>xlnN^mm+uoxPhrUOTkGf$)kvPO(;QR>pkl)=F+BBE&H;;%AvV}OPme51YJxD z1(pfdz!`gm2~SBYdZG)1w=ky<+6V5(e9R*B=7$REHyl5O3NJDN>$z6pJ&s|U)GILR6KZHs$q*rz zuvG|Abp+g0t)W0W6Hnw(8wXHUEf+?)m!}zzr#a@k0f8C;=du}-FG13h!QO3)JkHjh zAy|$;!77f@w}2qJNp!zgyKvj1q~JKRx+A(!RVU0t@>?#lRXy;hX^FmzF4IAh8=_ez zBad4R?oCBUn9JLFZkAvR2 zba^t+i0kt1rwGEvKe67u#H5iu32z!yab70_UMF|F zPOf>K^mv{8$e%GMfKjnKnLxF5vyvwX)5u4Vy!4AmB>ktRk&SbqDZ`(VO;qxaCJfK> zeC-`9&%_9eRq-+Jv5OnpotbIB_f0Z%2Z~jna`?=5s4pElV<93&<7J^(_hC*y>9Zr< z)Q_G9KsM#8dsHq}nwQFhrm9~&-nw6!QEli~snj$3h4|B#fe3ycX6d@;>lsUFw|jooNeS}e{Q zX(kz+J8XS)MEW2k`a!BT)0xPl5K(v%?x(mi9@nT9dZHShgX3|MXN1Zr4h-V)raYe7#KeYG?#dz`qc#m@ z8_Bi({)Rxo6)G*3F*%12Ducw?o(Uc>#cEOuiy5dE6nSd4qK@1=WwPAsjf(Ck=CxD7Qt%7)my*KX1e%W zgL=qWYBm#15=H?w6%IVr{bK5DNVOS-Odf`2lUbFl>f){g|1D>7p-wLdIoUMepHyiA zhuw{T6$IX86y*_Z^+J-r_HIZX^FV|U ziIm#>k{WYbJwI+95r7$`GTi+pI1)5br}MTqK~)}(^Xd`Wj5$#xp5SEuz{bWYnv8B+ z12Si6idF=;qQJ4fo5+<&9%om16pb<(JlshdZ0!C(RUxVlfl35wt=L|IOj%|UutjQe zg9nmHia8N2-KH$7>I!D{%(rHddQix9uDDFI5i#5Tc>(< zHP-VDlNuV1t@%==ZMz#`6w;>NwE}>y)-g*PL|XwkBS~f&2S|0X?U@6#V{x;BwHDNY zD^{gP@E%tw9bQ~XN4#z?!CU&urjofAa#LsR_o0_Y~(q z;~DnpocY;~_iBWFLMz+geS0FLYO$>`gEm+YS63|C5=}`mc;9v!koE*IN>}M#O{F4q zh-pG&PQ8d>dwC=`;+a!mDsDFgH)8D+==}u(v0gw7?FN5y=L{=-=D0@N3~a?gTv_yGhc;)K z!x(sR92Xi(()r}88IU$R@SIsJ51(W#5ZC(n(-uI@;2E-(dFW0 zQa0VXO|q4iG~-uLEbGBH6^6f2>0cVjW6+7iMDW!*|KdTC|1J=FVs`I*RxzDO2 zrAI4z9OZ1zKVf0wN^jrc8!;VFx%wJipc*K-Bt@W3Iuel354_&T%&?gMwc-Y1Dc;oC z?e;$xG0%kDz_fd|)XVX0_vWw5y1lXdA>7-I>kAlod2*_W)|Gk*Hm(H$fP&qQlb36h z3EG?LZTR_8agU|Xiz3bTEM50;C$_#^XU)jAY-0AN6b`4f)pi_FYta3XZHhJUi*6V}YtSWL zspZdNEX#G-N^ZW((%?}xi1I0q2km#8$5g7YmU97X9kkz-*=xzy)gYyMB{kBo zK0&{1SiK8Iw-8a6s%#z_6x(ueg|c5TJctz;Dc zVQyr3R8em|NM&qo0POwym)p3NAdb(^`YW*N?CDaLVm<6?cUMpLdt{YtYoqs zsbu|3iuicAr7{oqbeH_gFYr4#IXQWCeh&YCa&l7t|C3keFaPEA#miUcXWyN_{O8HzM#X-+2ej&Eo#Bw6TMZ$G`#+F`s(EK>B&j>*KE_dW&3*}V|CH#lYxb* z(Hq3~noc@>J$3!x;cWhHI-GU-r1j+JcINL+pU_?W-AioMxh+=Aq4wMV{fE== z^fWyAwzH!=%_&cr1UOQv@uu-S8X~UYT?e1HkD2o%VbbsXEc_un{kC)GFXc(6ZT;KN z{~b*VrhX{`@W}Z;e|2_NKmX@1Ui^0ce~sTamu|oUDa}ZN{QqpGR5P`GzdF zToJAaB_9XZSN*k+JDTS#CTpHB{lO)R5={c`sN{5&Fhz1fR*Ym+DHao+=7Q`+AxX}5 zSweHB!VZ(#w~vxSJX9@Niq`& zkMU6&OhFpowhNm0A#l4WXiJ-CSBw};XAvpUB@>eBN_*gO}3K_AE{fE*3 zenUPmQmBF^$(~3SiQSH+F-b+PaicO8@%5g>2KTNhp=qo?NEp3iB-eO}&$lGu zd7d!n+kp}gRYY4o{54OxCSM^Luk|{TSde>~R%YTgD^i?o4#2HNl8AerZlL#sr}`5b z|Fux?ey0aWS;Um0av#9_CEE#@JtI*elRa5U3bgK07@*dwI=aRo@B8|5H=ngv>-t21PDZL=z@E z)cljDdOHx7>Kz|nkTp$|M&XWrp5wMvx<~zlr`{9ThjPR6;q2xn=L!E$sxQ|WlMzdE zy}!x#Cji4}L1t3KMWo*o#qwOEk*V_G0-tF(a=v5#N2Kh6jPmICW;yH-^4GiFJ4UlV z?i8TFfASe;t0$l?UoZC=yCCuE4F3MN$>sQRF@YOrG`t=roTd5Y0^Ti#TehPYWIUW) zzJ@1DJ^zJ1YyQ(gyyNKw8IA^**W(GGK4Ph27lcL;%W^%x%Y90BJc9iT3%`+~$jJDz z^NqJf-_zux^9>;}etk2()C+v-J$j3ePIRBwBGqKUVQYtfw=Y)tawyU@-xLy-LVvjv z={3tGkJJarb0()*enHMi<;~(Q8l`b2xF$|Jd={pgaFrBn$3KTD%P)R7`QaQJy}thA zTRp!E5{VtKEiBrF287UkWBZOo#`L`Y704J7k_fq>so5=LQ}FnIyGDcA_}|(7g8b`v za7_lYF}Y=X^L8kbghlySvsQOBxgg)2;EOj&p|+LBhV*ew`YiquB!w-=GjG~3cO^E9 zEzdHGw(_Zuu|#ZCD6%`Q>KHq96T1={WvKB|+_Ln7{A(gM#EeaH{j5X->_R|V&QeXF zG>-JFHi=l#gk+i@QaMW_W+$jR-owf)b6GIG$qL2HMx9A<$2CKx5n`~Qd!KpTW>nH0 z%bCQR^f;zDT~Wn4`XBE_Qta5pV~s|ib0$-oAYTaiN;v@Ng~`QdeDWT)|#~H7DTM!-=oi5X>5>TLix_z-i5xqS9`p_A7cNCL%95*~l7EGzT2=Iu@prx#tkog7q;pF?1+6!ggynOkh^9@fo zk|_l=x<(?t(O3SB-bT3~nkUI&bBwVCuthS~3?$hKxWT{Cw{aiYl|K7ScUi*1L_{>v zuV|Wz9JZkS^c$l25}7j1QgU%@U1~h%REti8o~1DgAPlSCuP427D<*X zveSIZijf^nk(a}1Xr|Wf9H7vlZP_OZ+T!9@rqa(7Wk0LV8UAx%=E(KViX<^Wm8;gJ z`kD2kCP^UwKL$QX~vf2S``>iVDWUcEZ`P5%2e zey1UM%aBv|NIbcjUun`Wi!_CMcFPpge9MlevC3sQz-yP{=8087su$=V!?)Z?u{f&fkmT0*poVcey|4jMi0O7~>0AE_HUWwX-SI6Dr$;kTzpZ~HbJpDyb`0L|Pj}~o(RR;df zjCt`phpoyds{I?p=rbwi|6RYw=>I3WUh|aa`!LVGR2TRN{eN+C_Nq$%&rVK$)BpWC zzrX$M`1i!FG3mS0QstIn5vk)yq*`)^f0QEMF;$9h(tal5zCPo}>P?QeY& zvo%i-QV{*M9l1+>{<-tb*AK2aBN4NK=@vCTlKoV0$>PgG^YDvk%i<#8>1Mo1g?l{u z%%Z}|u!Lyvc^V}}{2=^xp!tCz@PYwkurwx5N6h0L|NJum`i;@aSw-BgNOGPf4DhgE zTJ{%m$>dHEs+5R0aIc{C^T#3iK4U7tF7quz?lu!KiD;@BV1+}on20nNghFe=*F>aF zbZQRC6;U+jYRy?3V&@M-y`y=w9evI;8?PDtR-h|mJR4?_CVLGyO_Jttwq+~OcQoNK z5gC&-7gAl2aT<_`$o2n$jH?22DVUmw9R3W*+dLpwIkYBC&@ar3egh8sM!&md`wOyS zISs4lg34&?J|hk+4VCv8)%s&~0qm^0Aw=*v&Y%-RbM9FgZt_~}#alY7QD z+x!A1+wyHWPc&#){Sy9uz4dNckIG84ufae1TKetxEBzkj|F$g2m{ecE{yi%HpL};x zlmB0RcmC=({_ofL0snW$cNavl91Oae5%|MSqb1t13*_eXSDn%446KtieJQA{!jAdw zQOXS>W54_s?4Kbz9BC=g(PjPR^o~i%W9EqKcQ4?de77jpYyO#Z`(yT{IMn_Jb{x933qDFBYiu)E{XoZM=(&w}$@EP*>j<342sVmcuClOMm6f@e60E za!GTxF}jN!JTvAZ(Gtx~7So*JWc??0ydC|#D5Rd?Y5C+PrFWDkbd~7mgmj35#{llF zuKp#JIehV2J!wfEUDT(noBhsW-8U23cNzN3j4v-p_x#n1SN-wXi*Eg`vDbo^Ya)u6 z%;+s><_ASCcF<*`jXOQv(;vc<@U-y(I&@r+?rc6CjuwmQ{L}lv)y?SB&1Af6e62CC zVX<@kR2QT>ND}c6;F81>suq1BCBtf zJ{eqHc{JX0do3UOPMP*+{VcncYt=LlZJQ83tE?)q4x5iOjk2QF&Ug8I8XVZ-3!pF! z>o9<&)mQMj?O$=Qu|M31+dR)6X!7#qi`FK}J!R=#m000NSL5MmvKUpS1SFwyP+ELU zL*u|n{!V@>M9%6uU+jK1pI+V!mu=m5FJBL?hut=qrf)yJna-~Vt?fLp60r%<|C;>W zNy6Q~Dv@^E!TGoM*Pq^v2D49pyk4}z^vIk`2U_y;&$~9*y%GNSRU>>pG{W-#e8FN_ zZ{UYl3*2>=A7@{(9jx2%qa&a<@fVFyIwC(h%3}C#bUpZ@QP8FN(GiwkHiyzZ`q2@r ztMu~+0dH%sf4`58F>2TzN~h=0xa+k8bUmGXx*jd(3H%Op?Dky&lCA^C|+Ox@zdM+^k(+u!&>j}rw!(& zJ)F))pT?J8HEz|T{AmCTX5&x)KKl4oDAR}xcoGpEJySAgR3tG zpyv1fJTTr|-7Mby0zg!J?0pbwRyXf>8rSy6&!)aL7w^Wi*;5Z@o5Oxs_tt+LPcZKD zj^jfkKldD7P2Vo`f8LHKZ$B-k|2{f2ZO0#6j~9#a!v6OZ)P;#UO3$lNIega3P|{`8X9~9 z505`?q0C=Au*zv(s4x?;*R2+_c*>N%epk$Iui5UmEU$K%K~FXYnP&W0GL;{L7vl9iy=)D%Vk9;<5XqG!ik!*;RjLBX0ha`|1Lo@|@G;k|lJ%V39~; zrN{TBPA0jC-Me$|m1ZwRk-K-Ne!Dg0Ng>&CE1BAgB)%Zuxwi?wWB=D<@x{p(qVfER zSiFNcqH9s4TCg-12u)*h#C~$Lr3^R<4~5b^gczS&RVo?jM-!_beGUTZzJ8584Z(GnTwajB9d-+>wfYS`4L0zrNW(t^N<6@R z8I)8UO8?PD_J88vv;04{8U2!+Fpv5Fy?9ZN|2Tc|-EZ+9zsj$6_`T#7{^759iIkrl z-<_>kPOZmCnKNT1VlQLHFW^3+w_eSKL?e0$Sw)<5+veG$pEtaF$aAcp4X+-P_d<`^x85o?BM$M*gZ6^Jk)o_H ze`79`!5x!y!@PVb2Pgk<@|55F*q`@%7X3Hzq0hYo9;5$f-__~=+1dGT`Tu^EUoHP1 z5(h)i{tNv6%nnNHtfAdm>DSZnL-#_zd}31-{vAC1Xv9eOe|1UsQ}>s5CG?E{{ibO@ zlOh+9NG`~7XmyRK!)n1zJvB$k?IKC6c@y+o+ycIMJoUhU=!;NwhWw(n!`owG;?bc` z@PKlDTLe>4jc32n^#7e#Ry62>m}he|6UI|9<&f{LioQ zYo-4)5x3C(ZVNGl?a=MCINf%)EZK!>d%P9mwtGQf->4#rm{Px}GkEtYl-}w)9AR&p zOt(hbyX~~S>xla|;F0_1&;tJF5dXFwsei5ns{T2AULZQQt^^GK`A>g3>HqMT|Mlm; z{5h<B2`5>T#piwH6oVz(11c|Tl`m`l|OH#|Rv|04LEaP^<^82)P?Y&XaHKlV>`mmZfLt!Q*x zWDxtTI=>Iqeb)JXxT3e6--r1w>-_%z-}#2Tr;>|8k@4k7b;3-Fzp^Orggj>S7{8O^ zubt?wkNk3nuXdlJL=^F-jNTsaXv)`2VbtV5$-y_j_VaJN#DAeN9zOqP-<_S-^Z&hk zasKkR^Z#r7%uTi2GNNfdGS!4Do3A-0MH(~AO*hDBv}NQhJh5*>(rID5?9Y6Eh2OS+ zXc_dg@FXDrM$>}IJvlo$dD-%LS@|KP&~+%}=GcIujscYAXnwsQgUKZsPA8Y+<#;+- zkT=sgxmk!#d1D=eFOfJx`We@Tr%L2HRl@I`E|`Kxp5OUL#`4F!a=m!T3$s3bnF)L&y6jLQu-GbXS>Y84+l6qDzj1gn!9y&tG+#0#5FDThu4H&f<9eoj-d%UP51arGF2pSKGss~$c{x@n(~O+ z1CmRcDhz%y8w#Ez=Fc^u1knTC1=R^!+go*-k=SJ%vZDcTW||w8YH^#z)d~C5D-x+G zEdyL5p4}abImI+`<+MKtdD|cgS_%hO17troqPG++N znwshj7*Vs8sG|#(x}_rL5p(3tgcw6gXH8ae$b4hcxgfNrizCQv4!N0i!%T`h9+$bG z2U*6_n13cKmWcaaiG@oh`5iLF8X>A%-vN4zb{v@5o1PE{7Vs5SklGH8Vywr|yI+bO z(keX^EEkk9+45-X5d#)O%mPh_WSG=m1-=q5AS|IPA?;s6+GX}nlT#yQk|~zv0ah!y z---kd1rd^OcuJF&HE+^mOQ+VA;~$VZ`V98;Znoj!_wXDLBiW8}cRpE0CF~T97nsJ5 zNtW!jTyYDCTk#b3NlJIDXBVBPIg@LsIwIDAcSky;Hh|LDVPajb`cRW{bH}%?c>N5x zBkPUl5NHmZy-OV&y0glfz#fhbCt`aNh#P1nWh>ni6z^rSnYUjh==7n zuwame9KbV20R}Q@kZNp&U1hlL9=t7lMnzL)7+&x972DEeO~m>z^YXOYo^;)utUnyy z_l_)!H32=R6e*7ay$UOuz&^T{x?Kv)N0HjZ*~)rU5WAHeqBNdzRUQ_=zX~3_iX83o z#}KIp6WLLo=*9`=pY*OQ#|ojMOZg<6D^)Okg+y>inlEtq_05OeisQ9>qz4`usq6v| z+Zt~%S5cwhmWL5{Kram&`2i?ic{Q=m775k4+Wi=bRAoFWM4^&B*-?3`NuMmaBg=9z z#W$(V(684B5Zk&FHL>bWL{2F2&uZ9h9^o2)?WS!{;G-;$k3dZyceO#umMXGhEG3df z3@G_(Um2%7go^!CuryEfu#u3NkS;x{cl?kLorUDBW~=nDLpOcPS&>D7m#f*Ut-_3V z%zUcMXtX6Bf`}#|t37gYz!!WJ1)-Y5%UE8}#BM(*(Ra@^uaSzh4=bh*m9i%ZNUY4;VsaNLS@DO{;PAuK1VFe^#N0PSuTSs zqEH~}kqqbRt=^8_vVd&q9Rn`U0t9ljSg$poCx~K65}5z;T_$9X3*+d3VU!J52xP|2 zOrrqT$c_pn5A@ZLCVRxPrd_1oxxz!g9Q|6iW30VR{;oC^Y|sfAf@3lF)lq@LW$dVOY9JW6T0y z@&q-i_z;1EI{^V#M$|6*iOR*<+iBVL*a4>s38VG2syorLOjZ~*C&daHu485cKlCssQP$V*Ld7BD7dVtG= zCDCjni+QmNa35)ohUZ)1Zse-ij92&pN*0u&5Fn)7T06#SWdJ?ebVZ)C}G%G1E|&7KGk(m}d!OwJqF4Oni70MeSf z+c7Y^JJ4h?W}0sbJZ1v6XkH#SGdEO0w7^p*sa4Jmsi*A&fQtn%v>B6nni`#W;$&W4 zT*Pqj^@&!I7WXvKa_esdKfTo5$#gj$j=CggpD~54K6Yjd&2oF=_@~Pw0WBw`fmv8D zuPZBhQm`w7j9G3v){0i^58$KU5H+9-I1!ja@D#lIcJEdUx8fBx8_h|=sM6w;ubDSZ z%F_z&k?O*NNiB>eu1gG6c9nV%h97-mUfE>+xvnap2w#_UMqinm@&;`7FJ#cfGPS&( zr{%KAdYf2U*G>vB5O+-CV&z*dak(uVe5u-NF&SYuo~=l%Tc8QbW3vWfaeqJ*@wIdA zC_#UEXiuA00?@ElRc>L&bw^@{thC-o6}60$RBDnyWkJqC*fEv>lvPVEP=(|sO_)-! zXzX*A@Q7>i7kcyzBu>AvuXB-}GRsqA9aLSFoW35huE;@FZ{=&BpCg(XHVeS?HVk%w ztZQtokJx@9a^1*TZ{U7e2^7lovE6`pr>_wJO%)lFip2~KLHZbYOJW8>?gAC0IV(k? zjbym-_vVCvM8?1g&>b-#ybd9fZKy=MQeE~iwt(+Kva}3{GPSBL9~}#zoH?@Go<&F_ z-Wb%7eX(W?x?{@YXjEY13W)hrNSjX;Ken6JLL8J@CnKg>Pe|Akl2Iif`VE(~P`TJq zxd&)?N@AuW$ya76oY28Hys4kHr^&9HxeZ#b0L0X*kX&*Fq7#$)s}EFayzJc}aGx`PE7FS_LQ zU@=};$mjPiMEx_nCTF!(6U5Pz4 zX?cP`Pf9JF+LL=k6$nJKNn*vCEXT{MQ9vfsNq;} zz8Wt-!WMcnUQR{}bRV#(2&?OkOeRUE7iV3|Rw zu)1AnmPwIGuGw>#@R}5$D~0`6Qe018irPk{iXF%*mRxgn+boj=MBUg~K^yBETARWw z?!E6ra^+B}8(neqb=-$!tZ!bz?)2W(a9|&)APFct^DPr{@2Og>B`X&)_f-Zd+a!F$ z(unl}XYCFus$8e}d33)Y*%I|JOZW;HI$KCwDQCB^L*|4=xdQ8W`}siXS-C!hBrCgQ z35S7=MgW$U?&zkf!`H2?OF-!y0ClcPB^ys89z#y#!0c3`)8#a=omvVVZK*~PlY~mN znd@8J-PNi{^17f4*eo24DewtT&0>0V)z=stJ!liRQ0ZwW0ypeNi1?l-zV7grs9a_g3<*A;Q552sA0@f`;v z>Dst&D8&sDtaF3u9#6mzAsIk@dW{83dG*MH@}l+*#fPnC-K)p7ZY+Gz+-AAZXe$J2 zK|#}5F}8!wl~A%~Ku-cwL7%1(!%1YQ1~t@g5BrYoQl7i>=&ZMig`J31Vzf}ew;XG- zqd8wRwP1b+D_?O{G54^Lyc73Y5<*eZAq?>8bzII5JX+GkvxYdH+n7Z_iEAEfLRykh zfEPHO(uz`2^iosgZ3CkdHih1RKI;RI=N)jfcDRYznx!$e*oq`>QJqt{14?9>Ylp@1 zI2Tfu)-t0xrb;oXkB?EJ22H*3YHyg0aza>c-QmrR3vS@iDEH2mLD9r_> zByZ~Kurx}9DL}uHG`eNEBHcgzrCSOq361P+x3`-KsH&0rJV`nvN0(5u-6(CmGip2k zA3gMf1Tj@@MUljs#dmNR>A<_TJ=?54D{7zS^s_UBf>4hDgyaJwG*JR7p6joTp43ut z_!jq#GUbIp>;g73vzM_ot*%(_WjG786Z_yZWxET0V{Qiw2WX#hpFg zV9wfIoqDEJa!?s<`JJVdr7`hO`~80Z7xE`t6sl%r{R@14b5vfq~R2DB|0tAOCDRYUns9+8Bmn}Ti_*@!zP z)4FG$(Uz3_x@yiV{O59v|9|B7p#T5E{^Qe|$?*EqX!2!aJm~*_cK-6@#aW~N|8McX zzs?W!51r1^_bxB3EB3&T%e&NlrO?k2U2Sds-kB5|Np~tFBYpip)ZSe=Mh{_{9;sew z%jUVY(VOrfw1qqjmZeT!houXoY05xGpphZeVA{qyH3~VLP~(I-CtDWRl(?o)@EvFO zEC%)41^JV^LDIOqApde?>ssI6-}g^mgnYFNBe6TSB>z|?RR1qtg{fK}E2eMS|KBuY z=^G(;J#;OBhcJ&fJYf@-+mxl`8eFv`xjPTf!xx=DJnPr#bUNmclko(rFhD58vP7T) z-!grj!FprK!^U-9+Kk#(r&U49Q^(0#C94^-hU`qTJC3ej2wClDyd7+ z<;h#PJDyz)x=42_Y9;SL2l~KSZ!$+ysnZyt0N^R`Ex4%r$JY>M=G9JRBw=?f(KDYGJ@Zax{^+XyF5N3mx5{vMaqJ}5!r2vOD5yS8ccBWq&y6occXwfiXR_W<%LcpmJ7 z1Fg0KGLJ$84c{@%^@0EG80@$drai6U&J-5Pe6E8r*hNSQ)7`;tMr zX5`)6aks_}=4=4Qv$J8-H^8?-9dZtMUh5G8n0NMGik2#EnmUey-`eQB5V-ut0?pd zvl|g^)WI{FZv(OtF}j!jwUB#j?97-%-5@J3ET=pVJDqFI zq1%g%j8m2Cvp?2vE6iRcu*vh{p~&O+tzDIy9x%a3aeCcV@z9+v`_R1*fW1(`Ze^teL%_9)l zDkrBZ3|6BGA#nAMNq@d(GgC+94FWv&rj??YL*0IS^#*g4u+)b?j1i1GGeM%TNYKPC z^*!^2XALZwy}to@u));!$cieCLbJmjbl@G|!<)Emr@?@yCnqqdVKT{4w%seZ5rrgo zT;>H$dM2{z&_TeS6cjG0cjz&9_tuQ!G~${`#kD^(tsYqTc1nrD@&Y2($R$E-J)A1thCK}N_1!51IcN@Wn6GC+pWjmWTzg~^#kE`hEIx%b~Tq0x_0WN0d1jM9x> z@7G0gOU4j8LzY4$2qtBJrQ|(l_tVKpqk4_G+h{_rMO+wHmTMkKq3+UWq7dB zkm*f9$s!k0^B4NO%~>uvyL)7~%lY~F$rrR+q%=!Jbo<1nPypS2TIpz-v2>Bs=(cZD z#K)|8it59Uu7_lh@5JL@jTKMKVjP^yi`KC}&|Ha>j6P?HkW7+G#xgQUX|m6Gq}-|V zx%Z*iWg-Rt>`vX!5tuywi-;zSL`k7?Cc%A7OFU4U+ja0DQR;OT|8Yf3f_co<^|WS&m@SZ)UH=F9 zK0Nudw(O6&WIIM+E(-c6UpA>^PcP`_J;C}xZpedlv)7qXrO48x*BKP~R^LLk**?(x z!ONtGD(y)X0j)J-=qe|Ti8Iug_n9D+= z>FFJHYD&)1>#x%pS0zvgn0GPN7%}a)?FLnWm8QtHuNaA;#z0k!^bEepxM7ZIeTrEk zvYl1u=S=0kC~Nd8=Id0X{nAMt5)0iy;-H74>7iFp_Lu-)a1_Xk6rN#`#+cJhDinvV z%y27~M%x{gw`i%)=?4DsQ$fL%iYiq|=*j@Hw;okyR_Kj_oh5q|5L}7|kl8=yEOq%* zDvBn|l2fb_uC}_FxA`;tX6L$xgcacv$&$Y!cC=QhMU@`wAn!U4^wJfEc#GllbDDuO zymhiKeL#jHHcAIaUCZ@-5o~gT7@68iTalj>-VgV=>K} zN3514CZYEz6rr1f!Vz6EGcZ{ilz2qCV*N6?2zbmiJKH@py>4jEVEgMzhBaSZR}U$$ z(PX76(Nl3Yo%WAZk0=JGCEwZ`YcidD8o$2&WbJ%wo-nYof*9?jPF2-2wq1q>8c#s1 z+=rFjQw9=LRAXR|1K*tS>+7I8(=x8=q50XhYs$M?AUcR~BkPq~f>gLw4LhATMP5kn z++{J%Q7O9SpBW1HCVtP?VjdbUB#WB9^B`atB~Y<3D`R9;CSb-2Vr?t=;4+$dm}z*V zfkwBfxKCKTvHFyXW=k@P+B3ksqe_kS@M0Pt*==B)bz?a5tnWL$NwvrC2wDle$BG-hc|hpZ*U;kXzuJo(*gk+OY%MWb8t zwxEC&*0tJrJ5P;i!1L8$0#vosCj!q7MI)X@tRBQd@YVF}qH{!h0HPOR!`0!l@00#E zhrQB8@5j#33cJ1>FNRlxG5Gg>1RvkQ)fE~2aW)?<(C2r2J-Zr@F8!Wr88OF`;nmIM zc=9$NuWy!QGF_6Z@%4B)x+KeKK$h=Dw(&=BCvFd$A=5d5BI$2N^U-8Df>Cta#{rnW zsfXOa7nP8kmSCFzutesg#cVWOlI0YJTa0Fd`CvJ^`bZ4b(PLeXe(W4Yh%>_pl@S~k z>vrFod}7uayz~;+n*iLxJ^EO42ezhoMW z{IS`FO(`3Ry-73!Q3E_BZ$UeQu_1#(<&slyIrvtUj_?493uv%zI}fp3$T~1%Sul~` z26Bz8((%GDTe{O0P&9;kwVH&~Q6&A^4-K}swH6QEvl6=pFr_a{;D~G!?paHbR>dr* zJW(zURU@3#+k=&^V8gFilUICDw_SHw(M-xA@Gm+8jDhPIV{F`E8B6-60!Js|t4$>L zS>6XBsiPQv-Y;^VsE*pJL~Q!$rn4`0eUxnbYpS#ax8qU@+3A?P0i^~9@UX!AjMp@0 zlG8+0t($sDtVIdX@A3IOtz=Jwd;~|`#wg~RHt7)UFuw7Pss2t15eD-TzpZWv?UC;?9%T z)0!tn`v`$7)?9eU*?nCl34CBH5ZxYnpBRIvf%j%H2*@~%LUPo_N8Mg%LU-iuP*+~U zm~`)t?@Qrkgw-D05zN>UeW(gA2xw5{7;#*^J#CY2nIj<9UmAEl_hGhgHY?~5^mb`y#gpgHTj!r%b3?dmj>oVuSw2~n$27c98SN%3kxxzt^~~N@Z==s!4va1MiGa^z zL*E&a#|T^>AhQp! zn#I>L9vX)KO2(r>Z5`#;2!ypXW(T-U%0ouWFB_+!a*!)3T1_eF3Nj<3g&0{_IGve9 z&nIpYQmvT&49zm@+z^1~R$*!E^YKn;kkehpWEm{q9NLJcuz$*H7lVv*dJ6$65iOk4 zFTE2SB|4jGK}+H|gB|eJCh-GQYOxt%Lo+`yRI0791#CYKb1WYzI z$z#qWQ*dD{NRe9id=>{~wq2NLMtR&XGUH8+>J1lLPkWAoG-$W3xI()8N05s;W;7tTskrZN z#XTfh(MKsju9yE*Xpqu7%!n00nr?B&(1#L}bQ_-1dT^ucW->`y<%2H{))wWdYrE=U zc*TyU#hON7e?gC3dCT%L^Fec-rr<^oc^J>LIu=!z3$s?0Lr_{YB%}50q*Ng%KNRU2 zZ}6(8c-JJmN=(ik=jFa-CGl|q7r?SNIVfqunPZg|J~h zRUiL=WC=|n<(Hvk7-p_N$TWxl8E#bdwhjJ(I_HZM#+Jf+qwu^%vB{#$YZgt_6B4B|P z4uN1QhFPBLZs$<&z~xi6aJK{}J&u)!voS$nW}^2%Ml%o>?G9-!vPlhV1jWY&?v+#o z<)}V{_-1QigLIfeW#uNgkKnT&=v!ZP>JF0#&3H+F8wIq`^LT+Dby&CWt|3 zT-x{hZof9{rUnTyqSEE$jwG`%AOq)5dHwj3Q!l)vuzoi_RT1|oQGCY}TFDbzJH`%M z_n^ygw*f;c!@Wdq$R9x#EC%Lc&EDx5tr&qDF5lABPlu>qRstIRG*WGLpa&-m!|O|v zr-dt2vOqtc|K_6CI#8Cm`mq=tviwtqNLkF;;%wCe0rxw1{vmE>9wG^%=+SpM2rWvfAm+kVwmFjdxpPjgD{L|-ND62_Q;ahSn!v%&U0Z{Bi z)J$Q$h`@$>t@eTbe_8jkwK}G(^a!qo)G~w#d1L*rgx)L7x@?N1EVu-Im^J@HjMg#3 z-K5a>A_wi1ndl(i@stBIqqp3=?9<=2knmBVv{uQ91}6rTgdh*YIzmWSMU__t7MTVM zu9vwL_Y-E4vxPMb?nE_+fkHA!8#xbbZ$A}GA5f*q=2n0)o8Pgt#%WgK)M{JYXtHd|s69y``GnOp z7rEgh(2E**WXOeA2gy+m#dk%L)0BzAXL+lA!?0<@8YhoJ@_BF%Iust}$YacGMZZRb zWh;me;Ko(IplJ%h&L&pSE9RN($k*wuLv#ZmYM|zwo15R}5=<#sNtME)mZ$@(L9j%nCekr8}P61;IES zn^~p$U_QjYvJSRn*y+@=T{Iqi)v;*g(tysY#{n0+rWn+l%sM;ssL+g4COFtE&BmJ_ z66bCATvhhD=5Sj_aw(9&vp?{=fOHExg#m?)s z2GrALf8YSq=1zy>S|J?uwQWc5Kl;={&`?X_k=gs3-b3%cX5Z`WP%ca(SkeVm`n5oj zIkV9ChIU(H+Vc$2T`sLf$eRO8V<7|bTGBKQ$a0^djB_nwmYAGH`eb?85gR$J5|J0` zIHOAGdl+oEIo+`1?5_BPGvw*!(^|++m|mSp6>jrgV$;s}Gk5b*_4=>%Yfm$nR-izI zAWRxC}KJwaY2(lJodhVf}U$X6nIM& zh&0u%lrLlI4S+#2EioV_L*ttwNyw09G~&*O)ub~qv5F>pNcqvxqFD9qUp=o4I`n#q zftgt@GO+7K{I=$h>jvmXa)cqtt4x1ss@{^Z^*uNMYS2zA8r$0o4tFu%z}`kVzXM*N zhRWYtx!wgdZ>fwSr-L6!)Z9X@I=8C^Q@8cvmeHHVaz`MOHqWrjJne2)NJFp_cc$zb zqUO+2J%*&OL(uc4?vS zIhMJNs6AYU1`y{me8J_M#}qp1;4T)e7;%#d^46 z?q|rg5Gv2SQEDP{yoAwzw)qR%>FW0(jj)HVH5n znG(t{CXhMno4R88J!3WpYIRcf_Vg1cnP$e90BKBFyS=TK2Irh4WyQ(Lq|V8Xr%-9x z%*ywR)AtTkcmc3CiE6j2xZz8XKiW=&ljskSx$6E)@?$WvZJupa29y zJ;)+8$tu1EnikWq4d(KE&owVfir)h)(>aVc*IW#{#aqVBe z41cKhaMIet`H6w@1mP?p_`cr5tM6KS(1V&eoSR9Mll|fQS|{JNgQ3SYGeJO3gOjqG z7ccAGoFAHv?MAmpX#9@O8}Ph*)jla`WgxO$ou2r8odqvnHF`S$me(6}VsPzu_p+tC z7l$xz`m+=gsB*QtAA;|j-5uCO2E5MMlQ=Y&hujdK2RO7t3|hU5L9N#|=8Wx3{u!S7 ztY(>osNv%Hz+H)4L2ZQc@`sGdtG&HI(oOZ&XdV8)G56TOeT{dlzW;}Ej@A3sqF@kiqraC2FF=2`-gGM+p1%B{*<(9|FHR~mE~l)YR&aRM?DN2-ac=vpTpEoYU!Jt| zcy{=XG*`!qur*bGd41q5;l63PDCV_`0!5Uz@)ahxlct$>JT6da3x|GBnEhTec(zII zyzH%OeasRLZt|Hk(4xGj;esM^ZKB^nc%GXNx1>mI{lTSLB_`%jTl`syGB*^(KCd6& z^JX*i#3wEQU_hV0ugsrbM=j^rojiN+yk1|v48E`R`rXOFUJo3=^Jc%Vn*E-gKLG7x z$HqrQTi*}C>;r8&^yqE9`?HqrPaZ(D?ZaEa8lzYr;fIr!5nevBl;sevQ*Wa*a1@-k z4f5jPASI;Uo~cvp2C9Oy^OjN09@#%_)U17g7wrR_KDLoygwC+o0ZF=JzKU9PI{G?4 zq_+%6r z9HFMag`(Fo09JzbA*#xDVOZxcVY_-y;JZy>6*uE5Kl@aUu_j%(q=gR*{38Z+tSb0! zUF(LCrh;^htg6h^h<)yKI)jj0vNcalnelT!Q?m*5l2thv zmx1vI-oEs30w>~4VH{jznp3@j_1ImTTKEz~5`Q>MZmZ0D=|DmYMfYCvoDq>m4Aa!@ zXu9u`qYu;hbq~y|t{(2|uq}1@B`RsqzVLX8?!JG9FUUlYYnDqMb^02wUg}hJ0S~~F zrk0Ss)9Jc)cBYsZ>|iy3s^6D_S=tQi%I3Jo3Zv$w6-6lMMxE3C-V1Z|Tz?A1Dq2F! zB3P!{Yy~dtbh?M;SkB7?)wRscuPx#NBuzLudTE<2TI)L`6XX8kh)HUThnHe(;9IDS zio6k$)K6Dp~3JrY!jBr)11o*(uJpNw_8CLtW%vl?Foo@4~rNH{`r*5$F`c@>8%;evM zj_Y97;!%bog-ZOt#8f+-Vd&_Ct?h+ggm@8G$WLKvsG96(Cg8}`7K@?A{5lc$coSCN z?OeqVl2di7szqFCE(T}e;WV-p&96Sy`fy<`Gj}K(xmdyHRPjw37;J+Xx!q|> zdatabP^^+uJn%D=+k_8TxGlnXu{H%N)pq38LUx{&+rW{uF_tkaMPeUmTAp<}PfX(7 z>1Y|8oRU6yi;1=H66I(inoX$SNKL*3$XtBU&SL5No zk0)=*bV3Fb($%kK%Px6+vs_Lm0h!Lpbop*H|1e&R$j!p$mYmI}Z|8&Sz-Brgk-^*f zXtc1oke8$RHKb`;z8f#_-Sud)49WNn`8d5HgZYTyP^QO)YcnCQNACt#Z**(hdjO5* zquG447)_Rt?8#(@BFlG!CA@w&ct0X=zIW|H@epne?RJ(=>BK(>Gf=R^^wd+%bWQGzPXv) zEJl~)dUQD+1mto$ywNB$dA2kLX7lM3&@`Grnk`7IWfovIm@hw)H}mN=`S5OfO~y;| zVXz?6*UQ0pGP*P=vgV^VHF90Wlt+(Ads?bQzG#(PBBDeuSjo z!|BYV3HMqcKULN1RB1++^nK@KSMQkS^}4hT@fm&S98*(^Ii0SA8YX#bk zc05U}Bx8*%=-YkNyD8_zO*%{ z_gh7-#?{~iy?SlY6)K_F^lA(a)wcF@rDAT`ZEULr1y&tnt83H(3y?2Xgp!pIw+YM3 zM2#(scGszi`c-DE8Zz&dI{@q?3D$jtAbTnyX+R`0P#m20tU|0W8I1u6nirErT^xFnd~nS^^T%LmhA|Pvz2- zSf@HKYa8%-Gcf|bK6QywHQ#_a0dq60%7y`BfP#u)E<=bb?QS0n8JGUNn4IIt=oa-b zLc(E}OtBb3u1Gu+R>OH>~j zO^Ei4N+>@it))YE4C_+CgHOFTrqYNfTcFfirf*)rfhi<22{syuofT>4c>;WXM*0}< zCHH;f6=R|UO~GcA&aTEm>251V=sbzIfgBc)Kimy%opwtn%rrJhsr-x;Enx#>oD<2i zghs}0g!znw#En@dTCusEDo(#xs*kDuf~wJ65UJhm?SHaZ=nN)+DUsKz11t;DCsTkQ+FMrKBJN?IIzp%k~^B} z*_L_*a8#8@^aj-}P0qs-UnCW&)9L$(3r~BEg6AmBy zfOs{efv8sd!)d*+&5afvCW&6!l|$R<(6CwtDWUi4B1!hGN8V)R-f0A?W<{J@lCd8< zomB`QctDgy(DGHLN|pVNK|V+?9LoFl$4)2m;FSz>pO{oJWg32)cfZVem#_^>V*t|2 z?3to)hRCU2xB5Y4xBuAb#NOB})oh+MBBgtgqJ_4oM+F=i&-U1cGbaMmjzg@*PUI}v z_w22!#+CKcrJVLM2mX`g8DxqeW(l7fR{0%=bGEBGM;O-waUdhiG^t36b_vw7Iy z#uLh=55mIVT7rhy)qBeCnEX*6ms;u4k~wT)q8tO&#ytgoA)FRYNR`z?%%x28(iASF zW~3BkmeVaY+DxBNM5JLj?{wB-r5YBVTUE^<1UzfgSQ6B-uT|RAtKheqDPd1~xuYO~ zuV-U*^*9`DZ0$x*FnHoLS{hep0X6ZSP}aYi;pr(8sTTHsBV;AY4&INoxX@h(T|!B> z2}KvZww>9~gjCr~?N%?RubZ+`TGQ~1DI=&nBrIvG$w3}j!xDS# zu~4{HkU-kxaP;`%`bxt>p26zHARyRIaW8r0w5luvriENXGmVG9=LNjIQ*N1B;(yRK zc+Cxq)!_79DN4ywc29T?5WhfJ^+!uH0=P@mMI}YpdTq*x6=}|s>K?Wttb5ox3y{az_J6$cA9eY)GUNqg>{jvd6MW80}3VU;RNCnu((Wp z>(_uYg}Q~wfMq2wuknPcqnn*_DJ&6mW8RN0f43?v?M6r7)o8G*$VaIq{7qvBoQ_@HRd!+%W3shAH zQ7v1neWB9R7NfL|dK54-nL0k0>3;8fZ$WBVoEloQmh`is3-A?on(rYqB`_E@LlKD! zy@_-BIUotULk51$Sb%P3UOrB@R#-D2MYW~aF+)+?&H=U7#+@ikv8Bp7QoZf&gpI5M zp?Z(i7%K(z>Vc&|Z%sx|ui7Iz@==gZGX~kBH9G3{+ER^WR6za}Z#hPeRK6XHlwj^H zbqIZKNR#^%OylN}O%`h7u>xb(3))TeM3_=ZsPF-Gk;Yw_^rNZ2x~HuQtV1hh^lnY8 zdPP1n3R=s(SxbWoO`*RFNn17A>LJ169*X8%!QwYc5Y@=6r{ro(ujWNi-V8nw2cg~a zq(})YV$BT7^zD>4Z2EPzq{kxV1r|WB>N7y8DxS!oa%Z)DaYACccNE|0Bz1T9;E<|{ zYLa}%e0bMY{i=5ofhUT<9%dELL*|5`jRXSMN49GRF&emFM*3449 z!E03_aT}JYz8mFwN?g<2JgSxsKg71QY=bZ1T2OefDV&iqn%T;FD#<$VEiPbX#i7#c zYfVmjRf;CbS+AxbsoP(wf{E=`9oQ)tqM9h-1F)qs_Jq1><$|j1>}qTeaY)9y9g8{Y zR?4bICADr@Y=?M#3x6My4}PWHkt@)v-<>-5V*3&DxW;hgxq-V`LaicOMiDHk?hY+; zmwB0z0+$~iT#=xnTfH(!-6mSE8v=Tahli==Ha8ikoNcsnbswxhRa*2Y#3b~04Af)2 z(g4NlwGz~}RLGaj^_7u|B8`x#O<0~Y*=tEg0l^lKxxWgbQ}UKxXlTbYCV5v;6HhGC zkWspU!iNb>HwE1=CnS|xN#`}T+N09;`Km?G+c_ANLq^S*tOPNSC@sOQ#JEnP%SxEGm|=3DnNwsYjZ_*b(fVgyeSlhO6$`J%s=du z@$^)cS$b=&_8An+(IR$LUxDm<2u{OAf;&QkWK%atuTPTM3M?k^LCiXPWG2NbVa~t;*$9+K?ktB_0na&Hn8Q;+e2u9?_TnH1 zQsK0|*bL2clQ#;qUQgl^Lo$FX0pY7rv&Zg+e@gD>`|zxCMWG*=U&wGia?WVqF39MQ z!>gOc`2DC}>~KDsT@8jK@UH>~JpY5~+$)9{JXWUh_01BT*Pu+}=#ng_!J#sXm5y7g zECysTSdJHO2E*la{*nC0%>bW1R(LV6bs%kt$FfAEH=-V}UMMmoi|O@^L^aFUG8H8eIO~iPU4afprY3 z#0id+@ARYTInEqt_F)`9SLRo2e8nxtKW{_m)n{wW~1Tw&3H(zMsEjKWIlfT zZn+4{_qyxB)nbYso4C92Bb@j9!Q8km!ld=!_>bD;^$Y)Rgv^Hv)@!^VixD>Xo*cRP z>#gV(ebIx(o6V>1$Csl^vY1|tu0E32AF-I1?)GxL7+wv=*Q2@D@6Bu1b$CXOy#4}> z{n7i;Jixg+JdR&qf2&*0^m@##lkEJ`xNHummm@vkbTRTiGJxTZ)1TA}xYkdvU(Yo} zU}uB*;O%@cdq*y(qXjJP=XGV0lhqUmr?&W_{tV=DwBB2e#JfU_ z+aQWdilwm+na7(*`z01TH3dH3iFKh%q>r2xu=F~9;3_+PL zoH|%@D~!lWbKbz&+6W+6O4Q+EAy42UY)u@LhFr9x)o!cYFgdyM0v92bFxu^{iCC=H zP}5(bwHFPZ*5+I8m%_xGLYx3Mjwh;ES%E-<>s7boX(d<`Rf8Z1RAZm?M^0bpGv8Vo z$ysbXFH1qmO5)0H(O3{A{ESd&GH9~zr#)BJ*0G3Ij55wyE`p?LRIMggAHTj1tcpM} z8$=Hb;4VX#PA7?!`A2QF|6Gd1uh3-GtBOU1b6&12lX5ZDM^$+4sQ=D6- zAf=+``T@)zf2?ETYTi5?-zO2iygS${3$-p5nSXuj>4C;$lc zhZXY;Yd|n*irH0~b~oc=Xlw7nj>Px~2SMq|YHhPeyx~>h*)KfnhG`JkKJHm^$1v-$ z`qsYfJ#64{CK9+~%rIud!J386TWH6PZrO7fGERQD_@z$hjwK?qHQ=m|umaa=GnB0x zRTk^@6XHJB6OafSm<}00JW`E^{jBw{j}@7S+#Pmgktb6!9M6Y0*Nf#~GStGy0_o^@ zxo}}rm!tQitLY5*{<+8BUyTQ^uSO_8Pd?gEsy9)F*{ z{t?=ZCzs>-Xt*>TEa0JqZZw=urq|=4mNpin|F{`VmgB*d{q#pNoug0ibg|SEe>2u{ z=IfiqcmgqUb3K=vQ9#~Kr#NPxzZf~UVMSg z@uG@V-<65UB#$6U3WAmRM*7P01J*gkKz#;^%f{L?{A4`+s42c%qh8K$*AsdW9w0`p zOfQtL2U8R7pVP|P+gQHVn#!0eAs~|Fl&66eXC6$pO{1u&$Zr_kqd8<0BXc1V%`;_1 zZp0lE3xuzI&Z}BV$&L&|!Opw$CsGlF%U}@CN&p#{AS~P+11DcM_kZ9Qg13B8$*Kj` zJd0G?=c8N>H^dk06!KF+6AxHOvGJg_;E5RtJvR5-A(uy-ksF)OZzc>q=@h|f=S$ZtkZ0k}QtKgrfSSwc5G*%i^FhA>N zo=dpi;mD;oH@PXqRkE)7NIdyqAF3gMUX>Z$m)Xb+k@NXTCyJJVgcV;iUsVBEFcSey zz**0!ZPwtDR(bEZNG+d~skGyww2anU_>|sh2x@-P&O5P;G%|vO2Hwj~V+`eBD70hw zYpD0cSxA;3pA<{JHz(3IXv@^V7I^qI>TGRbhH4H&73p4si61Tkzl))WS>Oh z^b$lp&`o($9gd~4aZIMbjy;#)N3f>;Ie%!NMi4Mp2a|loY*lPFwZKyJcZf0#3Rj?|Eg3;CP8$?92V5&kCxp`%p$+i`fo3A|t-09ioH_80%IN-RUO-MB z!;hj4M-@BtbfURuSO|8;RPq$i$5Tqn6UAXJF;``tqRSlDs+)?$XKQ->&3VnsP zJj*P5oHA5j0n+E*8gk?SF!&n3zV2gUFVJs9R7!}OZ8*vRrH|2%+Fe$weIwo= z1X0cS=2rCXc_Xx7%M$1j@`B#cgaZPLlEYA{m+D&%w&>nOon!!)g?FKA|!0LqH-f}2UDBd&}(5u z0nj8`KL9hBPr(=_-%_a9a*qp>A;}N@^eqF=NC#pC5I+$JIWqPEF53eKR6u;YhmAFH zBWc=^GO2oS)?LD?La{bx(0Nh#cLr!S?~t19Ni00p5i?WSY@NtC<9TW`2!X?eb;+S7 zNdyua2LLL=MG7Iq(4lkah2Tp_vyX%d7&x>Mg8c><0*~u2(?aaMy|rR%sNj`bm7{Yc z#11qU2erjm4y#c)&8@fh(s-O;kg$d+&)F^mK5ipKOx6@gyRc3_u(e~ZvI64GVy+w? zi&!#{`Gv*o0KT!H5pJ;w$<0H4bzh?*uR7O3a+K8fmHq$N`}f{Nk}Yo(p1=7NAxrPu zu$885S5;qJIy%A_yXeN?4Y+D*j*eOZ89;O;8FXIkqCfpnthM5nnP9uR_kNzyGh3Qz zmz^0I*A?sf`;l1!)&XaUSo4Ia&Z=y+C`^q(gzo4{1R`|wR)mWKS9h)fmw@Wr?-UKo zR4(3|8`{ca@pUIF$|!)m!4M;-^HTRHhuJIRp{pq9Cb>je!gm0Ju{nS%Op)fQoxI{Q zDKk(#=$b+QskZ}Tb|3b}hrVW+ z<1SA2U}YqZe8?Mdx7GR`g6RwU-Ewe$sfKo^*_@tqKvbEziD)A_^2`)2z|-y3IGUQ)Th2mAGKAFK88MNBd$a-)T?J4QKWB`igV{$hHZkYe!+ezGnvPd z!03DWGJkengzucCrOb-IxUgM<_&fw_h0(9tjwUCFOJDLp2odDBXrRJw!iIvRW|3*x z8`EQ2N)c3)o|(!o9khU+Rbuz1TIxKAnvp0gQ}Yl?3uE>%h!oT4Wo`s6I_$9P`DLs1 z4|Yf7f_93%Z|GwW-HKe)=`Cvqrxm{IuXyLZZnn1-nOySxK(i>EypnM}4ftX%IlJeG znfRKQ5j5r>Y*1<`8L>MV$BAGAp3_%Cbv&nca*va1`)lOJY z1L>G})QZ)6Pz8(#cR2Peub&J!50|Z0?`|+1_ItBdt9{V2!#zUb%&?!;HQRQS?L!~jp{PsCI}xz$qt8=uwhzUi38NwUofL>K9$>ry5O z*FP0&AbC#y_ZZ z&3@JYZ`PYacklR;m-=7f=e!3A>#`S;x=h7df2Msh>rGFzRBQhPUzl_G#M7`b{N4Lj zYw$3g+z%plH@v>-eRA}sEt9og!ie=V#S8tzjh=*zeJj@QGWYvbFx< zLz%95wvX7a{7?P`2u~vR>polW|HPl~R1&L4u75}ik&1PuB6hD5z>1x!E%tp{<~i(d zkuBiAiF)K;^iOmCyZj=tt$CS!(PPAaJ$%Wu$ih?b@aIC{W8rkd4v~5{0!cZ{*IK}s zdugn)OizPIrJkxX`yx}$Zg{Tr!QF~XsZ{^8gM^h>M655gQj^dP;I@9m`Wqfctgp5z zQ~KPibgjHUU;i!_sw`y0uEka@^~P8RlM63IZ16|P3zg|jbX&?)=q1s&{zm^3#035G zUM2ffz@**sh3@Aq-@@FP_wc``S2E9e8L{D`J_CIPx7bK5c&cBz<1t_Je91HYb0YQs zFEd%-vf$5B@1HxqSB18k?o_6hOBKQC?DNEIiLnHtovA2O@E^_eV)I1*uwQPp>5)fl zuJj=1Wh$ZPA9-5xqQoWq#FIp#=({P4GOZly8}L5DLY~7y4)OxOJmSTp{x4>F7n@Rd zzVfn6^^SwL@rLN7Yo!JH72jl#U2>(0{E6eS$jUU95gV-cyCPzPOct4*(Lu41Y6o+? zfhT`aSqvLqq^BuDjo zY_OFXUT@xw_p40Tu{J3_iM(J}JpJ(bmmDSlJUhQd5lIjp|2L*pLw zt>3*jC?G-bu)cpwx7`kuE&zQlY`P@cHY)d384q;MYBm4sOc&$E!{B38?W*=QaC5)L z!|VIE@^ZW7NQ%1@g7C0S2FwE3#0%rouYd}oo5=vi28&c<40E%yRNI|^Tyy`8CT+5p zt@VJ7aG7MWOgYHK?N(%PdG~d*cFxJSepQN8<*X+&)IU&&TxEL4Ub?l?k4~jxv0%UO zR7icr*V!c6l@B{c4@tPg4LH>6KrODqI;>e#)=N^F8U zhY6W-QKmex+xYh~mN3yVHGuw*tyV)sw&byLI@m*2u1mhZY&s3JGN4yH%2+6;SXK1a z@WrhtGPP5QzU1_wX)VpucH$KSqhL%pI>=(7+ zX)5wXnXTVDJ?1tOVkyi)H@A*G^1WgsQtSr`?qQyBkyORdTqLabC?8LM;j0xICn$!8 z1y5?y?oM|S9wITTvZ7q`TB{?OFBCqA(sQ;0qUK6#JkF$3&&U!jvoC@^Jk(oaQ6^TX z&>e-bA$`H<+xVIoK_I76t?XM-O<%*dQB!-vdf7q}m*8PVO&_l~HaUT*c&aF6Z&=%F z=Ua3#$^fY6!&E;+`1%O1Z!!9x(GiOPx=}29 zL8_^F7?PCqR+Q=3%K9+8`PiDhjA74FzaAg`g zu|?2J{=~C591>#LNF;2vsd+X>1fwH-w-fZJdD+Y8!VsXTvp|<=ikg>Nu@zqye(A6+ zvqW8if+~&@$@Eucx&2tN$%MdQ4c5}-R1E?7YPh^?ArQ{W)erLBPRX=@dTG}z(NjFB z;8XOh+pb}r47J25qVC=VaDRMe30VWn4VT%LTg}~5M7!)GU-EP*ohx{!a@dRZEw?yH z;&mnyIUHu|=o|L>T{Z!)`=f2N`DHJ_mMVmeMY&V#yI6`sda?l-LwH*Y(v%mFn6MFh z_9QZ7S2Bpp`0YJYOCZLJ5t4|wqQY#TmB~qS89x@;*UoPmOzm+*MIUsJ8h~WS$aCAf zWewUj+e!c;wD-3vN@TGS!J9m1kaU>rO*Y<6WXaxrr;BFqt~#xL$%1b+g5~K|Y(Xjn z+8+>R4y?%o7-hJltG{KBB0G>r8Pcb?y7B6(U9|az6nhYAmx%B3P*dJ$v$EA1rfkU} zRhvX4e28+Vp)!|{x}BYE<|Qu|j-wIUs|dcqQt6GmMCj>^$D!cVIw%$SL#B@}@RmeP zWw96a#&z)2_S%81z-4@(;kqb=&KLZPpkfYf7Yq5jk%!fymp&v>ir0%|l?M3CUFM;q zY4wIOrd*2=E;bKuFng*ob=Ermji1Dq{9e4kCJ|(2-OKl%4`Xi`z_7&ZG zQ6i;HzNEKJI^|zdIr9yFkS#4FXdR;+1@bZf_RDA#c02S5STmKdv)qd}9S5kQzf3GrMtXQ@6C9dYT z7{K_SaDN!?#}zyjvZ`Nm-kqiOqDQF`qb>SWA{k4|1XPJbehm{S`x_2|*TxfAoBj(Q@1Xq1gg788n=ihcuD%0Gy?2*Zf*6jq zQvpT-q*sx}R2QbUH986SxmYZ{>Ne5n?x^2=Pz(~<0rQQ>KpT$OuFUe16JUdNC%*gn zC#J18`VfsF#p+CLxj{hf-uT<1KoN4#a7 z=5$~oga(lz;m<_a<>13EYR&qShw*&+nf2}lP-t$EUXymr z#QZzz)f&syNUJ`8S;)-ZepPu|^Hx1xrFM9Oeq#Y!xPE@T%q-#dvenuiqu|ufMC|0= zboQDT`~=Gki1Evn6Nhk@el$(5TL{e=%SRcPJYicN3lIBrv2QRnB1D*lKBOWE!8^US z$b>Y%f9A46q3=Z&U7QaO8i_qX(#7f3UBmr_n61IIgb1#-BbOM8vx23~JN~WIP%VlQ zM0W{=NTpH~I!Dti4dSpTWgr(`Yc2qEy36DvU+x90Uu8hjaeZqP+euFr-$ z9&TTsH_mYh5!Q0ps6j%sE=2VDhFg=I`!mAOWi!4K>yl@2URzVX{F17tM8xZmT#V>6 ztLtsxZH)WHBbaxdcvGzjdS#||nFOO*EH|l2)LP4$$VnYY8}y1Ed1AqT*;a7m-1djN z%Tytjm35|VQJr7p>?X$LU?P!ANjG%RnsEKd?F4!wrph7*g+am@hOhgxJl>z`Jy0kl zim3I|ay$v(Sz7>HO+EA;l26f9p!*SbSnmMms=-AFCb&w*sSlo2fnzO^Vn8;+ZYlttoNr()@uyst+9LlPTXNPEf z_}oiQ`xDO_&eGcs>miQw6bIdKj;vB;kNci274q|r|Cq86n;$K9b1vc&+T;o z+j6^r$dUV2$S&ryP$KkmhWj5KPvFSZEmMuG1)8t#XZO{HPU3o&2!Xd0@)2z^kLbie zl{-&gz_gZy_b8czQ!pSQ)uwu~EaI49qw!@CNG`|Y+ALC2#S)dSMfUnjqP}e!FmufC zof>C5SJN2+A}VlJw}0rcd-P>psaWsyPaDO0z&T{Ijp>0IWHPaPx=%-9E%U@fH8m<` z4lZPX3dI)}*s_)lR*?l?$pv#QTpIu7R9nCQ+n(Pv$&QJ7OtW|r1k5V^$Keiot1?+y4&Ep|MLse1oR zKMZ~qu)^E)$>uzM(%AxJD{~1zv;>4IZm4CMa0)y(7_Fga&!1aauvDd@*a(n90hYai zwQfr1tAwLrCZ=soXwU zmdTDYnToH=GS~A12F}A6IGzkA(+wjBn$H^jifN>Aykl*6w}Y2}#eO4HIN;G1%OX=+ zyG@)?89Hvt((?~54#=OqPy-!3^+g0 z%?8&Ku4qTAD{3i0Gq(zt8$1SQe$psJvN-P*>WS|G7;>@GYgjC0mok5`9O1rT|WBmrLM0kiADNS zK{Q76;(?e1$5sKA90V2OLJzOWXz7Mo$&J41-otD@?Tv;#YJdOVRRaK z3(*2a+KL_DquzUfTV7J!9+d#V_RZ@&*%?*J-_GWQ@!@eU@%Z;Lx50&MEga)V*a=u% z{zV`TmcB7c;}*k4Ypn9Z{9z&V^yMy*uzQFI_{ceQ_m+OOU42)tvd0P=;-~~7n^S%{ zS??BD3r}l+H3gtaE`-|$%|rT;TYxHMy=B2J&d$#~1{kNzqeCMTs09aj{x8b@_nP|a z8bLUduL#$C+K5aT@3TyaJ_eK(NP>_?uvwlmxkb8Q8qu?pXP9I>eK4<1S0;8`W+-w% z5Ny39Z-|OShB*l+LqLbt+V&$)^po%iaBCZfQFGr>prQG1q+%|TBw~M*QWT)23nI$W zI-KAcgG?p+c?{9;j0l6iNbtx(A*oFE9=ETy0O?MSSgg-UA(y(9jVg1oQAuo2v=JG1 zXLZyRv{5s9Ukx+bmW$OH6X?Tae9L~-|8LftM(nQF?>*p;z40}h_lBQ(<5sJe`!;|@ zEOI2P2A0BFU^#(W@DS7@15k@RvXCyt1}b~e+6ly_$2+VWd{SA=PAHIlf-w8yE8p() z9G?_TmCj(qLI{i}9+Mb%P)mh_J3E1{H#hV$z#GKowkS6CQnsh=(iY(aC?S{ZB>4A< z%^LThLr(0^C&tL8t0BbEStek-v>hT)_q=11i4Ath3I5PMX|;yq>)~Gy3>Q8xKQ?oY zNSw9;I}8?Mz&B)vdOgbHOGCZJuNp`X0Fyo%0%jK-iWRuIRhUc~GbTu?8G zj@Pz@RyfzFf2E4$r7VIg(j^|t+|>L>CP@%8m0pzS3|Vx>&L^%fH1An1jA zorVO2ZIQ@Lj;qMD2%vCX@Es3G)@Ht_Y$c?LV^m$R@Kj!494-+&H|*}!?E6FC>B0$~ zj0ZD)ir;kK0JI!ddbrHA=lodUFZ0i40D;{T#Rj0_6sCcJO7_ zB00fw8XS0cVzJD;jT+?Itss@uT^E_a_}I3D1L{p)x7GTkcdzfU<2Ig5bCJPH!S3=6 zq+Ysbu__luK(llp*-56dkYLF1*tPbe)b71LQFV4#7S|G%FfUf@y&TFf@JC_InJ_btYD|&N$*6Lotrj1a6bE!RU zM|?k++>Zv|&DeBs|8O-L_Sxiy^*;>9y;kdOm-R91c4Y89eM))y1<+s`f^@~vT0I9z zqq0=g=om0T%QmOV0*e`5*(SQA?mrAi!~6T;crbh2L4Vm*tdIRA@MIWm-P5_SkRTxs zuGsDpp6!iOwiB_f%Cv!^MN|v~qNK)DNG+9%jS7>NtnC)`(@CpI0q%3FH5-m^d-s#+ z;Prwn_aqyr@`mE@1k3MGwh_j%9sgfZWaMS5H4C>b$*u}{FZd=cVPzUOvRZm?c{tnW zXOw4lFs2kSP8u%+8p)l+UA{xpEd}y4HO6cpSP6f(J;fZpl}Ak@Mc#p9T_^`ljJ%&( zUooJi#%er#Z-n|rc=f!Lp7)SP&|B=wmot`DSjC$c>E*PgFKX^N?$YM!4yf#4?ZMrk z*J<>h;%mJzdl(NVV|F*VyBbU>&Y>5D9RO~BiP!re?0W|TM^L!}2)I0D4=Dmz4jxWA zk;mf$n-8^pIxn@HHCyW7-{B7S0?ZPEf;R0MUk=dd89Gb4*pOq$#{;mbeYq&Wab3NW zjsV{uCKLgWxH|%Wo}LyDrAR0hj8A=S-v= zW+zcg5XfGdATq5NG%5aS$$o*BtEcwk!njMXt3zL9{%lkbhd$KY|Ph zQ3b*FxZ`54DbUj{F_FmP;`fRA#^*OXwc5?8vA>%ba$HW7fAJfFe((0=Tdnl{t`_J9 z%p*^GisMY=z_D0}MC>*yH6@Z1Fx_&QxW_6{E`1fNz3|!nQOaQ2uC28JR3L&Z^7h8j zSpX49>~bNU9AD@|5~wO=-9=t&`3hLnaJp{=H*UgkLa-?F=)D_R?ck( zt74RH`X*?1mfO^#DrN$p3y`iOF8wM=$6|#W0;VGqg`#Z9>css2UpOtNtSvjWm@IW|K@=>s#-+lk~hwle{)}|OVhyRwo#?Jr&Yq+RRmtHhKXr5d9RUG*vrwadvj`{kxx_TY)>``7bssJ4t$z z-R>4)87=~*r*(j!r7dOW$QGbjkI=GcXWMXQaI$ynoNzOGL*cwZs1VuOw5uiKO@lP`Y0fm#%rR$taJ6(f=-#u`*`yBWZydRY+KWBi-+qoX9%G~q(haytX(Z5N zZ9R&Unf09A<4{jJ27zw@>tVE!;|pQwCAI=}4B`p0s{*kI>9Db?pG7WN3LHCnzd+b#d{CXPwV&&wrxo{Os!Qom!=AR>FOFO5fs3m-=6W}n_CNH-^WN2PG@O5q z*sM1n&Te}B`DFT;{qv!xfBUUo?7J<(0C>i3!@{_Vj~KuGQ*^f%U0{eb0n|I zH0E1y5mS;-1^jVv;Us&TI-*CMGP#9( z>jJe>+KUbIpzW>7T!69YPexm=Oky4{7ziCmp0SAodbGsLYyH@i+$sL>3a3qUOg9+h zuLjjiEBTe^<;)8aL+zn>63L^sY|~FLf6y}r?nlU2c z)sY;o9;oIOfm^B(Ov1eJ+T5aNO7UMIsvgGIgDD$NSbsR}KitjcTC~jAa0U-grmQ#q z%qBN%IG?fm>Ew3WyJOdbkAup|WO=d*}iJsUF0`AY!+Z$@QnrIEV0qf0JZ_I{wcZ2I;Z$5Ax=?~0&>9^)={-HN#w}bIu3T^5?P&aWs->_L@K=0ZH zcPP;1_Gq93g>_h3S&*qIayB6Z-r6P2h}&Ynb)Afoz9Vx7n1UblnkU2pvP#fc{_ZwHnAg;>ipB^TJtC5e-YYU48Z zB9jWLy#qm2$y-+|S1b}zCfoAYYL02QuB^LmT==Sb<>vM|g$`tpdgGxajGP6xvdviz zD1TKG;0$;g|Mq9sU{W7o#&pU9(dby!qWul*yo|<|~ zwl*m$Aj&*_k1lJhEuyT>XL3?)A!@~3fhs|C@Fid^HrOv+P&|h|sEC#dD$gUEUYcra z4)_WS02|(kG?oRRHMnu+354oH%P2_67kN%vtZ(#s8zgF&?J9gN94($}Q@55FT`@W^ z1+r>#uz#&p5NT0osyMMS-ki`i;0u8U^zQ5|Iy*aKqRf;r2Qr?h`kWNd@HjIh+PJF9mPD~>&=bw zbjLF+Vz+(W0J}g$zww~l9THISKGdVoa#dJI_CcwHjpMf{$Gkz(!3GZV3o*!HWRq1_ z148_~T&>^=ucXt3oF%A>V(4Un+Vm^(pu)B&p}Ut_j4jtkx<~_4s*>x+eHCek7cz|1 z=6Xlog$1>*L4H(o?N>cn{xEu3%0oAY&ad5^y6cG&pQ9l0gwehyADxI$?1zp0+>F6 zu`K~J-KVOF1nsn#Z46vdM=6d(XJBFs?f^{Rc=N*wiz{1(?Yxw2KXC` zLZ8D>rA&HnrqGD6_vJCyu6%J6DyRA@-CO}q|6B1Bs)1N@%xLj^Yc!t^&kK9zyAaNCl}k(c)?G_*COBWOq}jA6@Nb(_6OtHU}k>!ZP>s0 zZ7}}EZ=9W-o&EUk9sKv~>@586#k;c~e|Y;J=WpKr`0nC|cW-|<|BtitAAWfA?myVs z-#pgF|CM>cv;R2z%ipRF?!U?Z#*_K5KcI>m!*=45$?2*La(Nsl3ew1H5xOmt0*YQu zbt2*U9(&(GOXvRG)XqDY@=XAe6jq?^flq3n3}(<-gIl|B@6LQikw-gR(I< zxk4CVHYEFKfD*~yqZCgf28->I{XeE(h>Wt^gD2wuZEuQVmtTJW{nOLa>DimETx`2b zwf#OR-Y*Ze$|HqJTUrJ&kv8 zFJ$cTUH4u0P3!-9)&E+p7M*blF!tud$r#6OD@_v#7Z5Ht&n)_epDN|<$)?3=GTN(E z#6=yQgWlU^;!&zntDXU*a6gftC84?khaCaSv!Rh=;T*Ywhi z)amhU|2DPAncY^)yfW4{N!$JlOrFkV3n9R8J#SQ*#@tU``%}cUx~%=~$BTETqjzVW zL+=czkm40@BoehPs20>3LR!51?Oq(8PSCej-H`)5YdbKX2DHxKGNRXg;q~KxW&8ie z+4>hXs~;Py^zyP(zlHmgE4b6pMVB$%U(gc(H6a8Qzb2CkF3UHr}onV*#Wi4@`mE zL?(-4W%7DWcNyH^_~&}!Qz9Nk0%Zxo3`WG`m@|%?NKp9mktZc$Te9}a{YR(+O{&{Nt9Q+o4X`LDlOv3g9a+z$9tzwjmN39wxy~6%XsTCB|xO=)=T|e;EB)O_! z>2UA!TP)VVu4#1wMn1!W1)wP~LLcg`tO;p|S`pq6&`DS?4|NHB+t>jCGA!;VTR{H^ zGZgN!h^3}=Jp}0!ngm`IzBh?uUd`l6XuW9YuF=qG1gTYSz3ZEXa>ey*L%og208d~z zcQp-^aOXMsqXTbk6f!;N>r-xpwkE(+fTT1zU?=FVY3mexml*@-oS;L54Bp`X_hA)X zs)J*pB~_#m`YX57;1Vlp=f~p#pgQC&f@n2Ea#urj2Ny^W6#M451+c1*D%t={9g6Tx zoJnMlq!ZiYZrCM+b)*&w=u7AX*E-+W>u#$>DgKnTZWWX7EaZ#HXD0=B1(XVwk<6t3 zuxk*5JDVgm7t0Nx;|6-4g$NI~{dYO*rKu`Ys=^wHqCm2udm=kR`ILKjw0br4jwTpA zyRq^3G_5ImlvBT^jbw!M2%i2D2KEcmi5teTdg~7`Iw81 z4Uwmf4fS6GEt*(0a5MAVI_EjsPN!5-WSHKV#FPU6Jcno5JZOqMD3{fJux-kHugWw| z5HzPQ>Ja3Hr+eQ>;>e}xn?+D8VQOHoE(+Jf^h2Qt^9t}t_>+}mj7qziV1(wxH=AX- z*m1x;4eT@2(0Nh$fZp8o;dwjg*(t<0O|1!^0|{)P*DMPh&!$FAlAtMo)iwalz`df&Fiq zC9}&+nb;~|jiUHjm-QN6w(@(qRNEa-DJB}&eUS(ML%+b&5FJ+&dC@qEYSztCrK?0P zi^wYvaPa*{Tq98Pos0O;p8U?>ws?SBWp1#bAlf09Ugk%#0vRf<+~e6fZSP4gAM;BkInw`;QM`XxEh5 z4n@U~EYskN0+g&fzK1t)(@ujAo}Zn;M@h+KZOh}NGWIC5qU1@3&^-Hw)la*Ux(9X=u6Xjt4y&^GCV1ja^?|`0wiPYhxGHAb8@FSj=_+nbz|-T=7Bd zkKwSw8hw@R{lC@+p?^gY^gvPRtL;vudY&OaAqblh=sHzL)6M547(K7A2Nmtcq+Qxi z0#;XR(gTjpW~Vj#=ZH;(o5UBs7OukGKiN;+ zvu}G>{AZDgtza;g9NIXxydAwfU-w|fh|GTS;DUEr_dL(p9AS;YNY=-vGTI}rf7-}G z>>!-?f~QA7bb~+}t1FryzTL51Qm*BTKHEcTycn<<04H*%61m(X)$=PFYE`^5 zE(r}#Un^ngSmbh@n*52A@ZFOr)UNyzq5! zG6?DERHa6PhO5dJQuqK7ixN{lecuSu6GlPOMp34i`vfTnvE=JiZspcBfr`3G5AZ1sy~Xe^B7O6aQjl1mPYigo zXf1^~os|@?pxn5IPP?bvxx_F($`q{_Fu;96As4j(A|I{IAxc?}UnE6>VptYK*oxdB z9wGrxDVH&%mz*3L-bt6vVDq1u`)nNe8C+jI62p+(&`Ux!%B}T_wDS&trL9y}Y|Q;L zo{WDRUfum>B0npc0C5}Y|5jbjLkCII)keMXG~3{I3wDn~{jGzROXKIO8=Ix>VU!?Y3GsWl?6{x!c9W&J3wHXqgb&z3+ZG^f`jKd%=@bP80+k za|*lVhLV#s$flJ%x{Ndq8ir4OU1K{9O!7={kJB@EfUlMH$jzKMJO99LgK(Ywh7H&u z?W-Yr^|pNe%udfE*61q&BjwPdRQR5(@Z}c=N_=7~&J14p{ip}?JnD@>s`>>3V^xUD7YnPSvk?7dd3FgPOg^Tx!K*xQ z_I=U+X*mBdd6=_Lz3H?!o)3xeZ2X!1IviiW2RtFrq=&Qqs5iWu!QUX~dNg8#|Gb|L zW{6Wcyt^L_2iJZ}`q%x*_cn0P*z-VCNto@+odpYOorhE-rr;E9{ze5^+S)yV9= zH=Pgr52N0c-9Jq4C$m8Wv&5!@+5MnDXY&bsZZ^2@O?&gf=rbd!qrY`Mcn`>cl<9}6 zU_DdWLKEo+VzClwtX02QY*V>HzcBE*c=9pZ!c}6lB~uDQSOJhvTjkd}ER+x}svS3V z)Iu_V1|QjE!Z6{`W+8f+hr2SB;J81OZs=DT)HUS@a}5!54Su8y!pI;dc!`Kr!p3Jr za6_tTEc-x!^L%ErzV8Zs1V7Js31) z^5Sc{;!&quHPWt?ltbOWZ1u2uszp(xxFvQXIVA>-Rw5VcWwzfHr(h(ta)FPZmW536 zR=&>@wLVSPt$n#YMa%Yd#dB@JZDp1L4mk#>oj(RkdBA7L?sy?G$&)+`%jhLBu5g%s zPtTVrqnP(n?-xA*tbJ1Z3SH9#*JeKBM-6yh>qR%bHI{0J8w$_}_v~du35{SI1+v~% zSYiq+dsi`RJ!?vsJsY4pR}0~6lN9Wh(C-|!q2ll-^)RfC{h5QEhecuYF zFH|8oAo-*8z)*Xk#)#k5+ta*qLgi`T1QS~mDx_(`uQ(KX`vU7LM<8wL9GLZo6Pmy+1xYo)ybdg+!MW^#kh z=NlV~y~o1O(d)^cGFcSBpQq&r;dwhz3^siwO~W%NtDSk%sf#mmvw20_@UnIPf&VaP zS(%!eyT+-t5@(l5mDzqnst?rf5xk{Q5l~Jte*+;;x7zL!31fd0nFFmgUGo8WLG%YL zeCJ(lgzFgMX>z^1_DqL#*SN7CQVBiN61D`kB~PNy9S%6wnYK?J`op=liJc8Pf^T;s^KcAnpC;23_K&-EHxSkbdgfgwmb|ptico$JnhMr4uMkBY zVHiQTrrKyAk~W)g$@S&P5|yq+W>RPZj`uv5Yy1Kn|Af*9BSV9WM0bVAMDF7PF!hv* z4Dh+(S|SC%V+b+PO^}!Cwa6VngSq#di3I&WHx#UacjVATK;SD5sK=f>g+(9_JBtOA zi9bq_`%!jeZj|f5W$!A7T;7wObC?_y6KESXDr8`q zgj|R_y~vQW`9}%Nn~w;66#+iELf|yOtH_Arz}4`h?Z$Ros}08a;G2V$MS1DkE;^VO zzU67T;(!U^L9io=zg~^{IB};gJE+5WDWS1yqyz{Kfs1Hlg02Y9rIDj1-&g4hZ}2e1 z^`wHgWz%yv!U-RnIsPaZg^hFY-7UE#v{?EdNI49i*a*Po$R7n;2$5Fwh+};tebZsi zmzlT(Q1c_J5V7_GAK+K$1hU z$6uTtljV_n?Ecv9QpJX7p&i31AQ`+8B3|(2mp~euY=i>>`7a*hW7)ALAa``vR;eOf zUa~9zILz@m1?j2gJ+wOw^vQw1H6GGtbI_CIBpl#YR~{*eh>URv0y7staVx6%viY*i ziDL$B6=Z&>S5-VeEA69+EX2&Kw>$^5PP;?ui@Xz=GW!D-FQ!?Fh| zJ_0Mlrj5Xb=wyvI|=`vg}um5XFj6r@19Dx^AE99c8uY5|oL zP{Am864_%Le1nH^?%FvKUuACT0Em|)JQ&$4g4Y#65%fg*C5s@e^%}$hwp)(ti7_^G zzi9=_)JZ+NQmxkDt2LL0TljJ6)!-3ofgi~+3Ks;D6!c=>Mb8wt6p^-HAK1k{(*Mn> zIkU#cv~&5rVJ)D*KA~=`e@gfhK(08ZEWH&}BA1o?Lo73(&po8j_N)N!6b-Z&Z)GY$ znbBKr>e}?TZJw7~k)yR{KnY#Q6P$!#55qb_ElS|Z3p-txEt7($LY2PC z8@3If1$4E_$>RlJe-&~o4%M|-@fZs*o~qCt;B{>3;*q&A*7KI9DO71vk&}njlO0UUDwZqBgxS$s9f@IFu3xNwSpW(X{Zi>;`(X`h;JW zw-5{fePRSLg|I?_B_rtA5SG7FU+GrohTI0os5L^9R;l_izsJ6_4z?s#ayHbH-+z4Q z9Q)f}IV^gMyKPphfw8qRGG_};bwY(>U(_?;g&_@Bz85#wP0o$K+#7>PW0ghhDnlOM z{SGz2I~9wBFh2C=*5aumoh$@QqKY#AUK@B?Ny?y>w0M<~ zJ~yLFl?g0rT5ja7%X%y>d2$NB_MY0v9e&7Gcx`wN3SZb%?rY$B17Jx(Lxwyd*xr;$ z!uov2m(phVQI+~fEXksxaQ9GqRxVD>zdGJKnC|GAP4~21tY_AX`R|ep(=T9q%*0#4-^Jh!>;PPJ<@)0CuWh(z+0V_?N+JfedMpSeCd{+bsuY;?;06W4R~_%x}~h5ZTxP0!XXX2#GR<8}8tr{>lY6{rG@TD0u}7 z1p+9+o#t)>tK3>3l%*aA_O2u+TJxrUWp%N+DBQQFA0NDXSO49oM6VQcc}e1~hq>qc zb$*%xFJX+aPpgs;!0Jsy6 z@lEQG%S14r>b6>-K>0i40X9wJum8%1d3g1Pf%&1ic>wd+EDdVVf7i}tId}0XH7nXf!97tFzyk zz@*G0wot{UzDdl4RL@ttV(vtGsUs$eWfxU$3p5Yk@-GGhAyGkQ3im%vWzZkPH4=E_ zc)?PIB{Lod_8%ojc7C-A+i1p7vF8sacV~A@n|Hzq&uvJ#sqFl+6;#F_Mwmmc>(I&4 zv^&999;gf6XLDeK7jdPBl}`K(NQ8ec?%=-;W$tDrbx` z^TTV$r%2G!cFB`vX%I=Wnp-0O`+R2q;}?37U+6hM5O55EJF%L2Md>*?`Fh2&H2z)C zmX<<35}=6tBZmqV^iYzz4kkfdW+Jc7tw##zWrP|##l>lxwckpxhdVeMnAEEC5{h;~ z-U6$DKP@~*z#3kd@dMlpH@j`pF?UrD1?F`N0tMoF z`V)F9f?=s;jY%S2h~h~IgR&V8$|&+aG!MPzxHFa3hc`S~*?3c>m6{QsB*x*#!$G}c zTbY)Hu%q%57_|yqWPJI>&FG@Gp0I|Hx4pL%_xh*{OgW;-@d?<~s@6tV_th)zfv@U= zwG~=VmH8HffO*6?gD?^dU8Jmie%7gX2_kezAFP+5ecq{Ulm`D_MG$w{3{w|Vb-Y&* zx(92$fC*d(wp3;6v9f$?ZyI9srs~cs63}WZFJoD#EVqSorbf6v0EhcZx_Y^TY#)$e z-B#;Hi<)!&fr~R7R>aP`XJ^p8oyaga1W#SSWAE%^7iVY>?UFKQXWgIP&_C%VVots| zWBB?zc>Vm$zW?@Z_vf&Mv&I(Qol!5(u%E66KUG`!@rTA1^haq7?`RNius{D)Y2=6I zZs_mQNU$U4z?wqMym?z~=G~#um}d0**c-p0ceVb!{jqsa@D}yRG>f_*OG=BEoJU5B?u0vAKtD&VmuUA?x1;b9hm2^T4I? z&a@d^8nqVRo;9?1arlm;tK&_#5e(j4A9zdHXBsYwY2~6o6Q#-NK_FaOWQ;aE|TCGY8LW_3hi}r%J0ooE>cSzyW+$Z}-P~yBF_{ z^!B-9<4;6W+sFFscbXdXBy!x=+|fy^T_v zqv&1JN8TL#i0i4hXQ~prHdWEZyN0h^JhOkAq*?O^-ZX#U{JD(;UueDUvVOS*sq`oU zUv;acZ}da1O9&4fP@6HsavJ=-i9@Cqo3MZyDRu{WU{}CmYeem{(ORtc@x)Wrpgy8R zrCuz;Xj80>;g|-YUO{UN02We}p1L+jef}2JtMdZgo9H|2kVBpJrCMXf!mtRFM?U-> zD{vOUgf}jBEoL0dx}L4jZmLK7TD>m27Au(|2E=8nbutw@mCHh9drKN@DI3VK>bcq! zrZndT#ExXkbRAgnl8i`o(F%_iiMv5qI2QlZv)Y=?IX>h!AgQO07-~7>-BOLsr zw!&iX)ueivh-EGUPa#4+I$YGo&UIU@lS5;4%L^^XQyKKv_CtayJ@8EX!0c3Z7} z*ACC{-(X56ijiRUO5$%MATFwHvHUwRds5k#Rid8o9EX4NIeK~iB@c-XDiZvndl<1a z@Lg%~pm!F+W?2-M8tf+|@aA%zMr;Yp)DTE3(Hb({*1t1M!6u!~rGR-|_k213vPnQ| z(gW;zFeD#?yx>q@32BigQRqnGc&My>+KAMWCK*NPCCTBHRHT3b!!LiS5JVn$&XV%D z^W!Lp97>tiY55nCGMVD3grFluGlr?DrDp?KSeFh>^oz2 zHTcjQ-RQSX>k+&(9o$a`v%z={s4WEZ!sZ`(bNKUz-p2vEc^HjY?_vI7G9Au8>+W0) z$Jef#*gx|%+n?(Rz{o;JE6+r&)<4YO&D7d?#Yr_YO4E5{E+2HOZvNiuk?8jCr<1$; z`RFs74(1QjF+B4yewYoe+1=oJ*o)Zpr2n9&kN|V^4BSsA6PTvK81QlcA%_;=zBiqJ zW;fHx9sBfQa>s^q_Ng~xldE}eI38RR*3EQq^Dw@~bsDhV-Q;0BXZO9~HB5}xQFz&m zesCSJ>%nY3oqPuL-u~pC@P55F@V4@l{#NTGH0Ms(sh>w{85em`&7!NRR+wX9uZ&9Z z7%!+LQgA6x4pdk#*BJeZTbU##fNh*`n1W!#|` zg0gHu68vJ}gZQg{QYvq(&igKBqhXjwuUD_B5Fk%DzB(F0?yq6L3^@B-v$3K5h>WUk z^De_2c+@(yIk!;iOCkz~xYnS?oLCd$G`#A<+E)*^9A+m;ka-HKWwm9@6Sh=4&??V6 z##lPlMj}jtzUi`ZX#p$<;Nqg=T}lyv%TrD3R>dX!<4p(R{Oa^k<|R+8joLQqIWW=X z5i7*k0+n>A-aw^tCjp2i?_jHMJ5_9cAFjkU`91C|`I6%rf}A;2y}HQLgjK~-=;W!Z!%O-1foMSEI- z#RJIFz(k5XGZt^aBwcv$OT|WSdo=*9DYb})+6qH(uY!gZY#4A9wpVc$UJSYf45C2xvv1z|$_D`gwi zYyZhWRo_Dvkv=k75bXuefJY`XUNGG-tV=KtzVu!bWq_x-p-tg%SZ8ox%1ltDd<~&B zXU#fKgulOFr&yYl?N2FcN`-7h8Hu{@Xc)P4EH%L78k`#_Mh75Z`)QNZ<&t!ezP(a< z-jLzWhK0616TT#;A_9}B3^%4jOfVoVK@wT*djNx#r52xI#sFl_xK28=bakmYPmBm(aI^P6>)$Nxac5>E#l0f zDT9{)^H?lFs8*S)^($}8>*Qg9L1GqPaA;dC-VIaZ6aKU+lVsm`#AN0H?K$|1IZglB%EyD#-GT&fWyz$AcQ0JDM*3b1lRz~ktd&MfvoT@_G-tK8y% zAoXaG@gIKBYAymst1`<*W->598!hpXIwYhMzicT13C-q*OU{;^?DO1Y5CB3FpFMZuO z%AVzH{-y-(RNoP$aD`-c`^0}g<5~d{EP=6kdU187VIePI^(t&L$$JAL<-BSk_0s*J?&I-5hm*_GSP1^pFqVG`FB2<6EW^8g0iBdWssL|yR5(A*;;Q|`XMZlKVZ{G z2AH&=O8s69x}iU0t$VS|L@W*P*{amqI>5G>uO^w`@t(ycdB$YyD}(MUBFV)Q@E_Oj zY}hfL*CpQ&146pYK)uo(s2WsZ_K>zMR=!c`d5h6nM?VTATM{7$LRRnn$Ub01;?TOS z*1Im7^RFZq;3;gh*aO5IC>SBjAZKx@H*vwgMl2DJsKBp;h%g1g1J<)^h2Y;Qx-HdK zkVI`d2b@Z=_*Rv~ni8xd*W2z&7A%kblJ+jZvbMZ=OZY5GE==G=27y1Y!t*NBWgP{WJOc5hY1P%>huRi1P#; zKHx6WbLa3W>i(-I-sr$Ov{K}EtIw*(*0({X>^E(MpDg1X22PUdS94 zzs4m}5wo6?t2Vq!jMm)@z7Pka-RPt!3CzUO2pkSGm$is#)h+3%NJWWE#-Tq0oT}=D z3aTtjw$Yn27W2K8_|_+>n|p#}rMwK$uC4OnU02ns-dY5nDFT->PpW$WGFqzh1Yi>N z0$eTDzyq0?c?bdARx-X0CqMgf{CDeY65C>~cG!hcQqmxjCCi)W~mZPXLw-Z=P6 z9BjAM`q8DY7%0;UeMTc`k_oefH+Y5a4Y#4g?5*)`xVh#9{VL=DKBTrZY=dvnTF`hf zSga@+X|!1-1Gd)rh6Ec&9pZ9oR_wgPD#gSXor;5`8h;556Vq&dV5eXSQ<5vc0~?;j zo>3P?E*oyQB9`b|ar7ikS~o1Vop^l<|I}rle9Fv$W!lt#JGZH4<{{K^ zDRAVa2-;Bs>4@P&gNUlVLmkYP2kH}9pl3+)0BWWx#D6s=S|tDgKgRLTgdoKPj$~t_ z!PR|`NXA9s^cBx3gX(!q;`Q ztmMWpjwvv0Q}D;??s~_tsDe{E=yGff_?HTiW#x{LnMIbV>~sZK`S3b~^yVN#o54iiDi*Oo0) zHyQA0roix$R)-VO4`#@CdO~NG-dcmP(ire24&EAve*Zn z#tWssz(lRetadsM<}qLc-J0vkF2BjP)hFr6vZcodXV%6ecbQrw!UkBNS~XY6qtWn! z?%9M3Iy}L|KhKEnYaoH9_03^uSrD!Wc)ebvCw5s6t_18~MVdW#H~ep@{ruFu2(Bp1 zBl8)_rURRd_T7vP{M;s;p(x!TqS$A3%N;B;WQj%^EP9S_t%)Q30AE_r za06Xh#AdzuaCXz{&nMH*?4J)k{O$A1=S1jcxY``ooA*Wi!7Afhm(3=312&uY=Gebq z9;UayV& z(+vk72jh9fW)J-j^~J?m9*)`d!xXahOirF1^!;EuoLqN3vR-%_zSp~%52pAP^VrL0 zz)|W!BIO7DtI7D5^~Ti+_{>JV*}OUl?)@XP(6Fm-hacUxX0!W2e|R(Ov(ezTH)7M_ z?T7iS>;A5r?u}*>%-F=;jSu0tKlY}Sx(I{TAIBdmgV%rX|BXHK`vvPYoUz#eU-*f& z?fCUpw2MCLz~bFcCm)B`gKIXMj0U66?CLYJ^5|x-hqL~uH@q86y>=h2Y}4Hf*7n+q z^z08l4yF-~)z0Ja>h3%J=Dl8zsY#NZUQ^0ue{wz0ADqkv-b2(e+;RGmDidS%^!mh% zUF__AZ`!+^_U=Eh>&ajSi#vW8jfOX$sZZ`uUX6ygw2dCd*RUUhG~QP0XHWIG<^>1Y ze{JrcR%?!&bh#(-wZ5IJ#A6ZTHmA>AeN|6JWV5aayr$wnI5#Y6`Z2J}F?w$_67LG3 zv_UkNa*@V<&jPM*dJr74A z6YdoKoagC9B|cbJpOH%CMZo6=N^K)E1LB!PI)c*fKc6LPnQ)0kYG+-qRuw&ZR4I$bwx7cRJS|pXwlZi& zyY&2wwGXt_@oPv0Ta`&-QWtIcGbQ#KhumUcp%;3c=K#lc4*4YLCjMk)^Bv!_D*?Sr zM61=8*|OXk?ik1#CM+hAiHI$PclX6&#kH+!qd}N?VrvS_fI~kcl`6$}>tQ)|%po}( zZ5p_?rU6(z=JVweteCn8^P7a#tTpJLU~Tbm5FQCzWP&d@5lh87k!z7IMWpv*CU)9( zB>CdiNtn5Xok_Gwa@&b$0(3_*;YN-Q*d(DnW=viSaBa6H^wZ1rGRY{OuhjXH%uA-I zEQsS;nc)E$lLXTvFT710MvoPiur*x5STp0%KLiU zjdBbPi6-nwtdFogaH*^&Hrtl9tO_rF;YBy-g~+t=B$7vgsF?Y8=C7UO0UjG7fjfpi zLmLj(tZTD{wvv3yUcwM1`QhR_pU|U7)XtDOnH=F9Qmg4xTmDsU%dLmJ?E@x0*Aj>b zgE;`z;hw0*!+z0t*oQeAtHK_3RFTIM)*nv$4|lV9Z`{|$#|-7@a6YqTRM&%#gVE$3 z^!}-*-;aj9tI+`M=kaG#N_8{QRvj4e+Tvux8#Wx@Os01OQ?oUkvir$wHbnFM5_5+q z+T^`~db8`^UGH`PCjWJB-ox}?u+MrUa1so!2jjW^dGMcuyZcdZ`WfCEj<1K)L4QsS z%;1-%cZ2?9Jh>b8wY4!D{PSTjo)3E?^XPjvnPN`xWH#3WzZq&f^Xg$X97B!VRFCCh z5V70IwO%KZ)bW5&avV)k)TX}6q)s_w_1(Ke)i@#XYB)T zb|Q8%ydU*kph{%h+@K0TcqNbpCS!x{4K4IyLOwB?4#K&5?A-PWHn%AqVn}y4&PdB- zhurAs8b_x;Z}45->&N%(Ni1?%2-a@$Pnsq>$BFLfO1B;G>I+Q$e_k$5Eu+aUlS`!D6wc(q?gUx^^6|u4+ta6w+TGd5Ng8xa~`a{ zspV@VN5w+)h-ISSGL4Kma}YLN-gqLlXaC=2j|^94JF z{ZaD7>ns2m9F10-cQAn;cL63*c!ddY3pb?#(ZRwEMW$SJ#P!j3TdfDg#I?#eRwy_N zlHiYngtF(F)#sK2ZGS-~lu=#0SYO^?L4sY~wz)Sb)jDn^y}P?%Fl?rk_+Wb&>tm@> zZFWz}u@h+wq85)8CP3%P7&U0f9s#4XrdO02E|pSOw);r7xnaxB$Sd zq{REhM&KyF%=cvJZ^33;IcqGKe`3rRRi1L)RR}-p*SwT)y~9yUuWxeVjB={0J`yiJ z*oQEtF{^UN_YSFsgq*KOT2s^&5(c?uzN-Refd&GefQycG+pHiZE%>|DBDH$gw2r7BfHapQ(8j&HPJMUqCP@o(Fh2~rS8tOf9(PeWma__;&CDQG%u#Jp# zpdtw@VigNJe~|&^@*j!3WMj{j*JP1&&9`0ItC_yqH`^x-eLm@czH6(aYv3V%d^Xub zPD3ti-BvXvAxt6xB@S&Qv|&_ZE)Be zNUd;52;1QQ5tl%r$I{u;1Gx?$<39~pQB9EdSM zd>|0krucx&nhOW=i1~33Q)^S{8CBx95P3VQgCBL_%ypYjMCmBMMlJ;50Yh-gC-0!6ISZr=k$s9q4gurDC?? zAlj8l`hl$-%Y0Wty;&@CtHi`@j^>by( zECK6)vqY?ULR2_aVpSBT#vnp>bR_~2I(jR@#ewfS*MLhvb?$eHhGi-j@68Qu<+1p> zlNDtY*zI75k<)ppdz8cMmGRJ36m*kZqAcM%fWg=tz?`H=bJb2>aha4Es2+69p#Rj{ zfiZFS8y63F@YyhT1c*!qu%&V;Gm)ElUus1&RHOm}#ak2+1BXQ&u z-iW)c*6$EZhoC>IGPNBWRZa>leX=Kv6-+<(!zmci3=6pqWo0)w02>-~PQXi(WKMvh zD26ka+E`0kby4yF1;FJ$>UE?={E4*>p59d(TGtj@ZKkgU%(pDPixg7%yl(Z|pyZN!x*hI;jkCve5xDi!C>wG7(?SN($hQf4xbG1gmh;*?AGZ zbC#AeEB@lbb_wG15UdqOziK<0oFFcJ$paxo2-Tv2wYdo!3X+;dre$wTk7+4IP*Hkj zD!+8l0(w@7h?;7t^B`(QqO45KLntkb*~cJKOrw{%5xD5E!>;F-t=2!-9g$DjDfYgh zk3DoNa#5$ZtR0+I_^!X=o%g!g-d1FC$@2rvqHyv`#`QGdi@D_No+D=BYhFgsn18TA zsikDZ?qnP%f(>|1XSui1J$g->-B#=GpPpus2bRqyruIs_L)1*vqDfr6o2(mPX#FEcN>gK|6?qk*k_e} ziNf*fsdx)h@lmAW&r&43-pG|oI&O_Q|X_J<(FF{S$m)&gBzN!^ZG;?^~_G!*p^#h}hlm z`g$~AgWhaT1sgZ|fV5iepK%V71y3dH#I3*|{uJ4Q%inn#u`7}Atjr^JrSeqr(+?v1 zQ>^vL(VMnR)_Mse*3T3#^ba?B5;FF=T&q0ckKsYlM_R!rZiUL$`iBo?y5`wFV!!e~ z`Ik*z=#T!o&(`}t@#j00#OjgjAJRgkVx6go-Kzw!Vy9}0eV>+j4*OeV3;1uM9{Csj z)13bs8mlbR(;!l* zr>e}p$dt1io-2KDw<1$2)j#bZVI>w3>kF;aBytF6kEKKCkJEAP+O zzsrRx3mLI%u~kdGF_yvP!V3`_{892kWqK3cmNFH3N%XD1(fO_3zI3^bBU{tI@e~>K%r!XyfCRPJX15#xf{+B60MP&`S@!La z6IBTy%|c~$WfduSd|&B4#C@`fJSVqWuu!7i-7)45i3DKHr#ws5iuSW57YVHK5=y=iX$S|N#cSFm-{<#~tJUQ*JYqu{(R*0aD1$5T0Z}!s z%B$L=f8{?k6t4?sX-df@ z6Y4%p#Y)jcb$8-laU*XQ*qWxJsvhaDc#6-P_u_re<3*@Mig!$A{~sjp3wjOdC(GnY(?Y$^0hc29rh zs&18<`!~gJs$NjIF0ve!UrA872Y%}puZA{AXn0s(zoptfEHGUF`kYyJNtA7b^jR4X zbk1@$|2)yfsPWMFSZ2G*V=bt;AEM#)^;edR*v1292H9paqth>e3Zk0H z0LB(Jsgh2{txh0T2?JkqzeXK5*-aN}!iKn9r6G?g(8bk?rSN$7RI_%?wQl`9XR(l^ z%Twe(kcgb8>cpP8y;4OdT#%5FH#BBkJ$92fj<@VBd8F@4kKb|K8O-5LE;Eko?3BhC zrwid2v3`)#P^7visQF7CF3{2PZ#mBd!F0eZK%*?U4ryq@{q$qhq?jOhpZGE!qR|-!tr1? zX}-wm`mF9Y=$!$+;*N(*IL4~Pw-zg|SeA-JMCy@KmyVWO?9r44R6c|ULoTCq5F#ZE z#pEq#v3e|YA#yl~W0tnmVjlf_^Cc7_3;yN!lb9;@L|!q5m1k1`IG5*WTwMl zl;92b*t<{QH(v9_Qg0oP$s4hxam?f_PZxi2e9Wtqv4EM2ZeAUG<-6IE#W)Tm+yj|X z7M01+HH%31j^DN3(D@vN6C}ffj7Ak|H&la!LYmBqG|LyX(&{CbGl2z>dQKC_;#q2q zhADUKnU+NJ^p@$42kJ=7^2ibu{YIf}NIfv>HNMapLBOX{%x$e^gT|`|w~o==QMc0hlY}q7s`GMoI5!8WyL7ST;Pya603fXMIG_Izp3#>7u5x z=h1~GKoe(yD$^J_FEJ-`8f1Rxunn_BUO^jGTuLM}UXe=MS+-0WLt_ob(n%c+0sd;Z zy=2A^&dS9P(j*Z)&LCdeHLKH8+>1h2x~w~{ML!wc64e%UR};Yfu}lD71HqE=bVV)a z?lGcm@|FfP4!BbVCqlwmw6)ykM3Fa`lu5YER?#=;_S)nMwC;Dd(fZ1sfh`sY8;f)& zTemS3Mf1r9WDMbLEl88hz%gOT*5sb0m|e*rE@R(oB7z`KQ^fb3n_N*vZ=kvHNpl`Q z7TMRXZ(LZ~?TCs#=$>u>oE@8<+TLwzp-<44!vn4Ckq>_NsVYD{hcnM3R zwd<#iVsBDjRzGCHml{Fx^dh#v6$0fCFf$jV$qg7~c%sXnk~@}e@S`lIPjPYM<*IFz z`3Bndz(f+UuVj%^UMjJ&(HO)epx~;lNhEZneWxKZS0i;hIoqs@%xC(g$ON`mB7FTo zsDm3I^mIzYBH>g#s1EW6PamJ)1v)jA#a>hg*TGZUX9tb~<>7{gtE3bLpV3>UgE^F3 z%=j;c9+rb%df-IK9!`=)T)<~;6Av9tu{YXd%C*?U&8Ec{%-(8rowbU8qbKnxzh^J7 zP6VmhH#0$t=>h%=3jv?IQM6I`AH?dF79bLxH5z}qL~eA6{G;3@i-vP0Xhye&<5bAWa2rwOG5j(8v|=spH`}4QXsXl8lU~#Nw`Jk&=V+?r5+#Z(5xD zLzz=s`w!txZEycf_7n%PgFn@U9)&^mcF1Qk%dM(iuQI3`D(}sqV*URQSXA$9{UJQ6 z?eEcwlnz6sb}$O13Ajn%3m^Hp8*Y*$Pi0OuV1rdBKKu3?qNF$7k)A`0(V0qe1B2Sw=-ZkFTIhSvE3%wbornFN zo{_`O5t;Kvo-*>a>9S|yGs%jsn`CL=3wbOvp5<9_xd0lVtX(dcZh^toSud@W@eByW z4!4L6*X7gIe>|?TV&&8GnnjYwx4dZ_F*Y$`eoH0ajSAaT5uvs)5tXwAjs2p^yXTa#|SRdQr(OIMM30PdoaxHm4BeJ9j z>;E7~E)bCnxDO=oF~Dcq&QXYA-nt@B+TqzB66tDf3FxS8q9YdI4lm|Kmq(o_MpIqt zVDzj=TNnPiCG>U28t}76k4f7mVm?N^T5Y(R=BhVf77}x|9~7Qee^j?esck->pBTVa z+&|x5X0~v3)@ZD@rQlR$n&edVpaDI^&lMCoaNW`qnhHZ$)U%kl*nzrx97v zka^grvvrNA(L{t<7(>jWB6z3QmKGt+=Q|!NB>J9Z(b@U%qG_@RNV>SZYG`=A5VN(g zEJXxYJCHLp#aY5~NRRwisU}(!DTo>p5|L7*C=5<7GdGCC9+d%Kc*VH@&}owLI~uHO zDGfP1xTN>;;7BnBvm+bQ>b;i+!nrt89iDox5d>ovFez!e_5)lqhgoqbkGvCX5^X`l zEYv#1VoCiiBrh%W40&!)MXpt!HE%q;zJA^~mrF=vEf*U#NQhR2h+5y`(bUTQsm9PH zQ#xmhoTj0y>?sXyV{sp`a8XPyrqgMb_uIhR81;*nVBTrsO|&NPm8nQl4ni{vma&M$ zLeZM0qdMR==mkB}$b$cp6{DDQ+n;Wdii`!Neb&dKyuO&TTW4G@EF|VqQVngCCfqor zT|jTfIg`yuINWv8{l58X29_h&S24SopM?^kpHn>lsCWWJrfONo z$XcNJ>Unm()(jH&Ge-!#fblz&$-G1-2CCd?`U;uW(&9U+#lZ;(kl<=lzF8J=%w(hS zX%SE^m&di9q{f0oB3`ic;g3Z1*wkR=nCUw<&JM1^GZYe0fwKDW`4JhTF6&%`>ZHG0 z3ets~L)P0^7np)46B+CG^pY*Oj676R!(vKMAp=w>R-9qWp8vA`LSl>dg?24AOB`4w z#Z~E1Eb>q#tfTE*kf)@n$tz%a-vSC$1^q$oHsBAK@`tBK>MoauJvbl!1yecb1AExP za&brwpV}&wG`oK>uyMBir$_3(nxRKj0#bYi%rcLm-B~fJyxnMw`;(hJu+D2(X5*`6 zawF{tcYfAr^sT_*bVQ|t_%QoqvzmXJ$B^vUYPX}pa2zDJ+0~trj)QqNBD#}J)LmC> z6#CR_F-vhRh+JZ2KZ{W1j|Oz67CRovRCRo290tD%vcg;U$$CG2&9fDdt;{0;))FA9 zc%XtjqT29WBeWJZd;Z$;jKm^l*^&VjDqz_gSnE1>zLGgw4Me@p2&=wj1wU1P<0QST zdTfiz8gxY|^J!hRND(8QC#T;SS!~SG{0 z6COqLJR&PdB_8HMMh*``5s3p3v=^z61yT9%AjqSH5+1XUK`zz$fPix|f*emKC(}!! z6=;6e=m#vLp2stC2z8I}5wO^A8Wj%mXtN+oh2m}_CsY;{H}2iDciWr`1pFY9MmkhN zoz;wfbV;JC8Q1}}Qn<8kiYMNzb~t41MY~BL=O?P!;CaFwJyPt72sm)&mf>=9Qq5=x zz#3gxO(qR+0jNyINBgwE+L(T!g!t)a2U17*A34I(VVuY;H&o5;1iC(0ls-IHWyHeG zWZ#ncCuO|}pwMAdJE*R1Buf=Di}5NfBop+1Xd&itn0w}cLP8Hz0hn5vjd?ZglEF2Z z21^#^5hGupSg;HaIQD$#1I=w#`KY&74}D&8EK-jOqA{Wt56C1awlaw1&`=@H^zaam zmUhuAxmH)*y_sH5x|f43H_<%p4)((7qqBSAeJ|$Kt9fSA!7toysiRnv*4(BuCx;$B z66SeVA0L&o#ES~Rr4p8ki5qz)Su}5YOmS9}r_ef$c?(ej#k3U(T_fMSA-6o&c6($3 z0NYnq^JJ$wQvTKST4Q{8IhSboOD?T(Azd(+@uN5h*j#$c5C==W7`ai4VWX9-^2~fO zV`}-Nb0lnUN(8*+9=dl+RXr@%RlDqEg)QQ!6i7DJ{^eSFx4>F>TMJlI0Gi}XxIN%J zxNo@ys8Z4mGIDy-Iq@>UIA$Id8Yx3AxPa%sm-oNd)aP>q#g%-3x#r!HrOarbd92gN z0J8#45Zn+po2QJgFkP^o(ayy)nPfbEP?nb~WeMdek{loeE6>RrtRhX5ISEpR01vIW z?K>K&l28P4Ya4}8{n(M9q4;m8qGVCjB>%`c%YaK~I#HJ5;TTN`cq-ZM(L_U2oiON@ zgGLSlNqMyPa{DR?P`}Ad5~_QW@j$h*6uD$e5rqat8l@k+@CLEDEsBkOlHoV^5LV6N2q5pdq6IzeXQe^W1$$%1@d39ATsA! z;fZvP$6T72|E6&gL{Fu?9G$_7&dB*X*B6TSFtLJJ%f9QzHf)uK8VK7WksBXZmMRjU z&2@!-JRn)?`6ALe49knV}snVpN*!?q%=$P5rdt249W(Q+11n``yd#=;C3l`8KY*oI>hz7;nuhzRD>)Q5hb(f50b)wMr^JQ;>t_joQ0B#5*Im#vbBrfZ{=J!+Db zNR@!1NK^<3L^T^zN@^*bZIl_eWF@zto{n2i3UHqrjp<0@=X`9Aaw)6iSMuwj?8q?yj)wHXWyccwnHeqEP)@HTzYI!)@ofGY6w$Y~4Bvf;} zU})6pBRu_Jr?C-c3xrkU?;cLjhi~qsrr}H;!L`nWgC@qjpNd~GpruA?-2847 z`HkY!vu}FdO&UROv(NU=SX#;|UcX8Er!C#9xm~$S>!Uj$vV$DU2IXG&1d3@mTA-AvZ zOT}l+hC29fxP!d_u|z{bn|6&Z2h!-7be8&I!yH3C9)NZ2lPm+pb@@%&0&uTG%rr!( zqG1x?#WfFHKJscI??oDg_dLXHE$#_wT3+|{W)AvO0vTNgF9-b#a^AnZde>+S0*2u* zmz)L5jKwlzJZ_SaNbl*oNv8Ka`<10w2EkKwUVbaN+I=zl4R}sq@tbB^DRQCs37wXw1^%aH{-fXl!O9@mUhcTi zYYOhLX1pVIYNmq*L`$f!94Jex)_Y{UH zlaOOEV-ZW1A~qqC+F-h(JaWZKRxb4vi#7AJ`y-V>w_O`+1E@e6vdB9dTUP-{q|Po^ zOeaTY>XH;#9h;2A5IOCIj6s^*Qf1Z~&7@BPNN9c}K8T;6} z^Rzsd?oA71o&VI)*}4u|-K+hvz^7*HZb8@DiCQSj+P|61=q%!L=}1kvGSCudF6}wr zPIX>AFCuIDaa7TU@uZklCl+z5f8zj)nx)~CZLKm-SbB#VD@_K?u*BS{&0tpy)2;gi z?#|{mwWx|I1Ly)w*AeD^l%&gIg$DwbBW0P;-jd~o`Hwx9r9}?;QN<<#l&frH@m-sF ztdo;*bsATI=eW=|1dzsT4vqee#;M|WjC}j-`04ZGevce#8(wkEoa#&(=Ms|$!G^O* zG>(=R7>>OTq)C;SEAFiI0#qQX6uLB(2X%UKa(evi8yHqW9kIK|nr+vV-gvjWO$dsc zfbMBWkf7y|^P??Cu(T1!V4rb&kx+0K-F(1{Ko8pws+pDR0Bk%Pr{OfSg?4=Ez2lsF zSqgolQ(8#5h^Jl5)oEv#GyGL5@`SV=lqwG5LsufcZTi6G({8hpK+Zbu@zf6puV#bM z;Hm!0ffk3_w07r1{d}TRIQYyOPmQfKRBLVB#39;QXO^7%9*Hivsia{v#a&`K8dsDP z07HP8=1e2?Ip&NGuHr5S!`qoUTeAbIk1g-e;cTtnZ{J56uQ8?$QVqC8sZF3q4%I9U zrdD${#;G1083eu=?1$k-wr_+@FR^0CW9U3Vc2~d_!5ubMxm(O7tBpuX$nm_)X%y`` z2B_L_Ug8_nouB$1_^4`N%_(F_txQI{nqL<*(!K-cXN;xktN3)7zg{PGgE(^AR?Bv1 zu(a?KBrc#FQPn_E0ZAcMB`#&|SAoB=hRN=miKBYX#+^>8MI!5Z4Y{yD_*W7=&|r5o zYHs{a&S~qqKif!SfY9sUgY6yo8Z|4?*ogNopr2Op9cx*dq5x!ZgU z9OGvU5?-^O1CMpyaEg^rJW*}!4mId1$^CS@v|dng)!ST${Yme2cXZu7A6yQu-#5v$ zdp(%G?Dnp&Chy7LZo2BzPt__Hzu4jiYPBxTbXmyvHMf>t-~F@V*{SbB(HZoUHAn?r zAFiD5L0-R}J)Q>n3Zplq=cEXkRGVbRoOx2or8JK+V*xe*F@AQw`Ch17o`u7#pGSGP zETH71EC7@`8(VF1%vpVnWNPW$Wa|y~O?|we@svdtMu)}Ol4THOhE5%4jmCkeNS^0$ zNLQdD)=olAZxfqp>xwxHn{IyQiefx+s$t8H4%*w*!=v5m@UjNHPI0|OPkr9Md^NZk zHp$CLchu`Q$>6$s`5v8SE^mJ556`b|Ca)fJk?M8L`$QF}qomFa?o75WL>bih70w{h zTS$S0jp+T^{#ORCEp}A$-T-7FbW%2q{bHfSq0Bk@n#EQ0AOe@ETJK)F@ZM>}03jnF z)nAjn;K3AaK_EY;8pB(<8HcUvcm_cSv9!B^5iMZ+shOmHRzM#I4^FhUt|My3G2tul zx6Y6&)n~D09hAIPS_=>s{lz%sbK{stGXg{hoM)`#fSRq&%WL)6+PRbc!wZ}?)-ly! z!GE<7y)@?^b$U5dp-GT?$nIHmrzG1rTgtD@w;mG!E-8j(DEOWzo=1~@^dN;b)eg;Q z5%JRSPCzYCP1pXh$gi14z})=%PO%qbt%IOnNuN>9ry)Q!|f|2g9#a5O{W872_S6i@@hIIS1+5Y(~It~`>Ic_ubSkdd)0OPc{lDGxN7sYyr78LsAfCsn z!V?(5wVLG1!S%FB&TpoJQGYsZl8KtcO}|NAU0q$g8(dyCabd0py}`H(0Uh19gVC$0 zo9^}N{(I7$45oe3os#Z|42Hx0#h`oLcLVA5&3dU?*W~(j_nN%wkNOj6Q+=U_iTnA4 zOlu8#7uL9=4PEYx7I>gy9F}4hcx-~4jfn~@^0A93Qo`pQDpno-sAeW+xwdcZD2qyi z?WV}4$!y~U7*-||C99Vt_biGKQGFj<=XSf-tNvuz9lhV%@x=M1vYg~ z;+jRZc9}6txqxWz0--ATt&6z}7AdAow&Aa3AJcY~S$D%Y^;z}O%kAeB+TcOz%||<7 zNK$x}tNH&#AN#57%&q{#Dg#3i_{w=S+W0-Imw`jrIf6IV^9}VP z6Md)j*u-0sg>g{Ccx{&V@9&gm!d zI39mfJi~3$^)OSl+-Tg&GO=J9?HOX=I4%t=3ZLZ}1D9f%&y-ZE{SeV!zAE?QklZ!? zlA;MQGd;E&jo|k=px$xQ{&@O=&wU@FO(Iwm217KLdrys}QcYmCA#NHN-_j}rVwVA4 zM>0>>>Tn}HO=yZi>~^dPErh#+11i3UY8HyFGONhmNR_a0>`VKY*HAh*z(xN;G;$c) zWZBh1LVTIe=kSD=-06xrOOO{u)5#3E=?C~h72DDd-QCz?Y`HP&hqNF{m3;lE&mtxG zAj4d(uXodXupsue;2%{V`&D(8-;7>XJ0*VBXgns4*<)ap*@ZaV6f0Kr8{4Qa0L$GO z;YYh)H#KN}R1Uk?4qN7U!$Te$Uwd`OjvfS7HkkB{`|&otXEp!N29O2cyADxIwbB=z z1kim1!^P|(+US*H-g)qB{pMSU00vwZr!p=U1n&zQcQ!TVoof&nHXq>h^+A;;`mpt9*9q6Bt zk;s;s$t%UiA(%6Gslhb^=P_WTKAQVsyv9+{?W@7&Da}9Kjj=`vUBcI7UcBZRf(+Dp zO6ej^Ldn4ezUK#I#b}JN-BcYxAg4&4gh>GcKvRy9bO{)Y*|4f%GXYG-+6oMaA33z5 zndZJ|>}%Bu&)W_-Lq`Sgm(0U=vYepWN0DYl-s$2G=bbJr@AMGcz{S6oZGcQ3ne*4m zkH<#7*`|(;*ZzJuW)s;oBt^))>DY~;0iYbTWc9YlVwF4qAEw0B{B^TlLOJXl6{VCz zeaF4HWgcsnCx|nMgEc644^NLs=k(eCw!vz@gIrT9$!v=hBqNcjZG|W|!yQ|Xnr7Wb zJP-!>6N5r`VW?_PdT*srh_LVFHq|cQ+X^Lh{FNH5`YkAgWE3MTY#_$QV2dp_tDvo9 zB}J+b?+?fYWPd^32jBzGA-jTcplKRU%_ewPt2@+0wAG9UJOR2V=^f<0Xf%H8oIYzk zd2-Teb)J&Lldq3YPdc5WM&k?bhtF26a7J6~VELVK!==$(414VwJc8Q@sCRL?B4exZA`P41qwPukBlUjGaT+g<0| z_DNe&CLL3(F6T?|PlVW*405uds$|=!ngpENmyG;`#lANvwmR{|-w&5rmdLZ?0Mlqu;2Rs8VO;UWU|E!aPF zLOOLXaRBPq)K8TGmj}ET%5CX51sC~^0Hl1O^B-MabjJu?4|7_iB2Q#fH-suQ++!Dg z>!;|j&czxX*AR%N(HKCw4v;Q0k*e!k(~8`1PTGXL6gqn!m*l62$F~o=P1EW7*FS#q z0j~N-dzZo)HTUT_6A2IGaVBp+;GEfq8I9GQija--$-#z$*>&(OA|fB|ION@(P;bzPLR5xx6lx&`T31p zFd3vAFm>t*)K+TzMp~PHpxG_o*VfR@{>)^H2T3cKFVrDpt>o_Kx>5h!)5lReVe&{H zYW*bqTxcy4J6bDkj{ml(x~jEC17Pg5y;U9Llu41N0r26tF`l2PTYX&ovqt0RpMP%9 zgulg9sb}P_)41hvcvdOfSh0+%+j!O>5Lk6as>{+){IV*5u+BpfGO7M-kqM*WyOd{a zNaJ;bkbovM;MrPzOU&IpBb`@VH9wd5c|x=08982x6+1TF9P=PP#*2TEiiF33bQb@X!jVcMU(?N7dI5bp@%d?pM8qp^s1us$Obbphjs9ZD~vQjRuFv(;*S z?y7m)|A(v^lgFyd-*t)nIjJR5hpW*dSI9@HXBB%kClg(`Qq;uj^oUWYo(daXV27mX zPP+}Q60*7tc}iMI%{=|XAq%HtOC`NH(0YpuMabuCWA+bOiu!#}&Pg+bU@7in(wcxd z^Q3d8{ynKSjmuEdmzN1Di8Zo5jUo}yOx?{oa@hmT&c7+u3?7$kZfI^Fy7^gTvu7ZR zxy=pjnVfPP*jM+ID>hj~52C!#-CpE3(BH{~225S=?yx@{cYFQs_9roBB{VHDSpE1{ zh34!+?y!xSWy3j{p&2KPg`pjwD6!j+JXY@0zE*1r$YrnQ371@ zFoZO35E-ImcXR0R3V?V;0-DiCEZT4Z@$xNMw1W6RP!(GK(PJKw;6gd`B`987@U=Xy z)n}1b%OsCiqV5T4wbWjca7I@_i%I=A>@9vsS}n;k!sOWMJf$;mM+*0EV^T_vN77Yo{Ya`L>zWbN#kyg0vJC+tNyt6v@_-;6E> z7gKevU-Wy!Uc_0PT}(F=p7xe(MPCehql@zmMXuFMr)q~^+?)?S40@vt1wq7m5imf? zB&}8!$%Z}rZ&}Lc>*CpOTnlmspKq6`oIIt(YqWnD%SV!mk81-lU_)qQ5i+8r%_g9U z>I^B_F6EWiQ=UfZCDQtX5=Mi*Xz~m%)ongwK^Bn(%b;gTS`iNHMV97_v;_G@idgZK zFTVP}Z4ml@I{AAWNle?~BdE{xAOH0gL_0z_oi|UOw2R%zyMVM}pQ<9DD+7NNX)PEw zAX6~~5g2H4$x4lt#;M42TP>pesq^=?n%G#R*?)cI8vCnRKUh9sg9p978q0U2G^_?O zI)T5ACs#kb|1cPT_t*aP!|3Xw|6zPJx&H20t0ic{k5eYIW4IZ|cb#J%&xJimH!-iH zqv|Z>=Br~J;iJC(d9`k7?cvW_#$T~GJ8Lxl7g9rA))gbIR+6U+W{&VRMoFyDrFA6$ zRb127@ADZ;W0o;U^^}Mh{EX|6<&nmNl?OVM+6@Z2#8lKCfkA5|&=||eyTKF4bd+mk zJ~bjjUW=6fD!>hKEJ9FOsJ2*24quPEM{PAZ(#(oS zkpH|5(*y03LBOld3wgSqepbAJ1M+VrGWprnTcMij!QiQN@~#1{Tmpb!u~-_fpIgZB*kCwP!Nr7b?ALC{hM%ZUtX8j3gO5nHgnqI7Vf&d6MGWFRxp@G6eh6CpD7+{?Ah z*vfqmEwHfX?HzLWz1LUoM)2E3xA)=dZGSQuT=e0CY5)4w;KKZRqkkRsuRoj*Mi=J& zQz8hvyRr-N0)&+?^cjZ$b-AHns(!tZEZy+^Ttf8?-)eOa&I+mc zkS6e#WI@U@t*Fu4+Cv&M5s@!zalQI`zddzwN>XHtBqB5!8xu7t4(hEtmdd~iuRug=?z-HmMHSFI8)$*(A%rV7Kko7@T#-0-Dr`E zbxc=0AYs&~NO042ElBA_hH~MCwE&r%ti$DAN$=9vH=@ajx|2*vd=Mm|NWQ}h6#$N8glTJ@M z&s(P_oo`7uicI>Y2?J9=*!G&bnSOHOCa)DQg;Ozq)2nHhbT7s(c~dcSlN)&ZsL}Y6 zoTrQeI&lw^^MF91_)|c$gm5VXUL0dk^q1t_l4g*=;9f}*=q~Zr*FiN(Ix}nUw<6JO zO+s-WM}mSuglEoubCX?{0A=U^nhHyGa_?Iw+)04`lVriOWjT?4B0#9uQEjwb z^&=3ZG>gi@hggs`tP(M5I4)roo+CygwH^po+P^QXpB5`nu3bP>?W2lcb<|UhKz@kX zJ6TtI(dtq55L(Q}P>W{HArZzmYe2%*bh{ zsp!VH`0;b{8~N@9>9ji?D02F@&bRhp{Dzv9WRcQPt*H@Ha{R>8U)YOOcjcT^uPZ7=d;y^KrP9Kgx((i zBd3wY(QB{iDtcHSJKq1!$&=Fif7*He^y@$0|3BiVu(wKJh}a#A(42H&-;kC%CU78H z3B5fq#XK|f89C_L7pL$*s(ToX1uv-zn8q57(&0f>1$6*L_-q9Wrsaq!)XPW#(~h8C3IYbDIglmw0nhJW_){PX8`{;8+`cQneGY#H^& zC(wNVXFL5reO{ISzJAjAlm7o9KQs-N>f(R+;OnvoiRg?)XXK!p21}kXh~gv?5&n5G9Xt|#Tw<(spalPddpIqN~!5&w8$KIE%ao>8E1*Bz;j}r-6Ni?G2Wzk45%2M|Na5!kd0Hvj_c+MmhW6i+=qFPYVqQv zbRJ=tj zl5TWQ*Cz0JMQ^p~T*=uH%j{C9&v5<}Dm=;pY$qRue%u)@e(uVT*d0r&#S0(1(u4U( zWMc#ls#Yq0o6*INEh+?)UDHMVMtNTpH>j(+z(6CYq0!yY;nswG#gNh79ObrZ4W)>s zxF>g7>w*G8xiAVF=!%tN;t7yq5cw%vvh*>IwC}04jk-**9D#y$RAyu&^L3NxT2s7_ zSWyobWBCsnwWIPZQ=5mR3)KzBd`bS1i){B;{H3d$`J#JekmTkdRgab%U2lA2D!Rj3 zz2Ylt?b4btRWA^!l23u(S%V>a0nk75)c7wPvi71)PTJ3oAZmBTqll|ocpW5u-8nf~ zH4&5meg_{K7ipde((XWCM{PI6+Ot$k2()EwkF^*=$%iZlwhd5c>x{|jVxWHACB>GA zkiVSp{89sMp!EK*&{?rv^T!F$#|q)O~xz@Se$8zVcVclyatkz zyZR)t4Q${}u^PQ&5FcBverORM(K(NL4I+yGF9AMxM+Bg1jI&xI!iuE3bqQ*mueV(@ zMMO$cLSpL|ojW(kuzp|>q(Re-A?yH<94}ZL*gOC!*q`Ib_=^1~;@!K)SB$8F8+OTj z-6R>kW!B@E#qE23%M%uI+7{{JSp9W;$z}FI%s*tmelYRVAJjlT{3^glPy&1ED?!-D z1d}gb|G1qOtxV9xHSC(=o3}$UGTvbkpQxRD!+kZ7Z1M0Ldd)t`|Y3~SFy*~RACsPez;V% z9YcgLeO(-?$6lR%2Z`|<4_UlvplUp9`6SfYJ-~gXY(L24K^qTr2E2yj-3wek1ND_Z zb0T0<+G7qS+tVHcr*$s~SKg$epV9W0FaZeD86{hzBxU?p$l#*uI0CihZ!ySTQqMtNx7>2sQC z?IaAH6o;szr4{A!^Hv=+$fh{E9SW#T)yj$}Q;v+^_K;nilHMHANjBbbU8NYTVj9q~ z%a5WH-4rhPz{#6xyC+|y0+(XHg{V|VZtXt`aomrxAZmgSIR=&TkJ?z=pxC)PbICP}oRx&;{aKd$j zyEHys(!_BcnCOA+%W7)*Oql7u?z@sb$t&?VRuv;bDfwh9(v5~dJ$zM!XnnKVv)9+x z#uA7-?Egy~kD%w|?(_p%kJ@U}Iqsv071ZAyEM(Wb=Aq*&J@4|^`^O2n69F*$t?mrt!3)>Yy-%L-l5%G+XDFC4FMH1<~D;mGcSejGyn^8IGw%5R!V`TOmY zF{L#K;KRh&m59%WKd3iQH+L;=*+!wtO{AvMrrBivm-R>MeE5Ue0#az}A(H@+c5t!R z*mc?RkkvR!Uu_t0l(QB8h=qwOz0Y`8BIcP$cTl;ZE%k6h=X&^KX`MIb-BM(mi|Fgu3Iw_iUF-lwWkm1iIq^@k-T?Ul;N><8!9b!?cBiIAiG@jdo9_RAI}M z%0)I3WZk5?@#Q*uU-XwzE|>eyqELLx9H88enV6lyvRs#~rQ`c;40uM3^C+4^eEwE< zAavJKg^4b`?Zv>-81`>H=D@$I?0LA40(38#8@j3&xhr4Q4_fE+PBlD8)zj}0r15{Y d8~L9Dc zVQyr3R8em|NM&qo0POwym)p3JD30&X`YUiXxo29r6#M1&%=B#T_sDA5)}~w1N@_d4 zNsbRhLK0$%-~eQ|m1Mqu`{$qv0Ktd);h9XbyQ6b5agzj4C;)|e7hmoA@rw4@=Ui>6 zWc^Hv_;|RbG7tB3m;Bq$@H;s-kZ^e#Xl5L)6>hk#b{{BAXt6dn0 z-7!sRvd?*>jth0n(&L;(+f*cCvp;5O&SWOJV*Lom>hEYuH*Ck!{J6s-4TEz zyl~xSROTs@_d+J|@kYhRriWv`qZ_7<$FFWi!<&z%-<*6tJvj;gl5IMl*#2I~SY3Ad zWMHA{^a+c0`oH?0rjt%zBS8OmIGewn4riS{X+1@{o%y@dCv+FTe1WYxpNbW8X#V>D z{_Zq9Jq=I3?(8T}bIMaD0gjYvylHHYhKO-^*TLuQW9B?bnDje83%?6bzwX@m%X-?e z>)(FYz`N6!Dt(-$x6=l|mL#jof8m-u}}uGpFuNltLh$y!L*S}fZ2d6b2n zugG%C72%3d@?mgu-Cqm2qj}C^vgQfXA6&60(TD$zN={b^QzRE;#Yje#Vlm-qF34UK zlH_ccB{XL$>`)nPFFOR!#U<&UlRmi-Dkqs_YbGU&yPb|K(t)~FOkR?UlarIvj$~QF zBRUjCnqQLB4jgFRjbxcnJQs3*Np|}vDOAp6$fNA?+l!Nv6x|E?DG@YQokVOd zI|Pw(N&ccl3Li_RL?I*AvHwsS%&*9MMhaEXB-s`qH-U={3Y87m^~v=A(K5>NeZ}G z=S-5XOFVxa!iM;vU@8Z!6B1N(^H@rhg!gsv#= zt&se$nh+;sCSo!ua-kxcFxjEzpFGvufv{8`g!q!IX`(a=cl7fdH?O)RrziRePrWCw z8|8-O!`ba^&J+Gus&CsFlMzdEz01kBCji4}L1t3KMWo*o#qwOEk*V_G0-tF(a=v5# zPo(UUjPmICb~)@2@|U~aIORE~$y-J zkBFs;T@o5aEX(zzul6b3@d!3G?1qgLMMlO~ov*xo`;I1;ov#Rq@$1|1m0tBz@6j84 zbfWvb5visa4uw1XyL|=AmqU@R`KFMtKKjd@NN-p!d8FP;o-;Yk@=J0?DsL8d(I|~G z!8P65;j=K^gsY@rJN`LLS$_H5$#)mn=+(_1-st&Vl1S`;tzpqFG$4fT8{2mzGN$MC z??B;*kVME0P0bb}n}Wyx*EJf<#=mF#OY-mI!3`PA#^e**o3}%eBrM9un)SM)$t8Jt zf-hbth1xbBj{rrpq}cFuHhgNbi}wWSY75fMn>LJJi_MHm zy-CVJuf=Au(1p1UH0{DGH7U|cyZbWEGnC=id14?PTf6k6vLFdivW+f3|gX_37KD#?@qowsl8C<&5IZ3 z-Wx+r&AZc+^Uha1-AJYs+yym~@|ET{ZuJ(+16N)8>4vAD+rP{c)u$0G zohAaXe0fs#yI_%IxgtBwB&`_P(G(d;oQ7t!-L8V0Aha#}L_u5J7?r8?^F-Ots&j__ z9GE#W-m@Y}3{d5YcB#J3L&-K=<#PXt?Yo_Swv_Yh@6fMZ{&#ZP@npIjEyDbB{u9P{ zME*a0aq^-j|G)g^;^bHP|CjikhU5)Hk<7bl$?g1FU%|3SQ{Z>DOfk)i?r0h-%}BUb zZ&3ZtMOI*F}=(p}Qm` zKmOROK{}q*;MAk2r$PI7vXLw!nG~P*Pf2**8`Ce|B-L>XifN^8U&zTmPv{2OwbY+ZZ z!z|KduK}k?(j3mVYz6v`COjr0W0K}Vs!K9X12Pf0{y)$)sDNAvrY0hXKLhe656E>6 ztw|H~OY@@NfWyAg?>@2pC0VhYhShUHWwdpl5eJrr%6p7vow7f@{Ul8{jQr*k+Xv(~ zcQhfFza!y0wE5{??cOR|@HN@w^bK=~L~Kd&W20{1PVH@@+X!G-z2pAO3#1^=?^@%1X4a!9V+2`t|n< z{T}82wk*k*R6l|JdsO~Ed0F@W`R3*MH^1_Kzr+vtzdOFWB#Px=(ASK>?{*q3(Ux5z zH>bbqj6P>zhOX(YK|L6D%y*AcZV(y!<+oty4$o2EwOiCUzM_gZ?!$0|M zQLNYeGwJrr&NS)j9gdCJX&7n7T3+^`4BRQnt2p`wfhF z`MalM%(eu%c}=?iTlN39>Q*Ig)9rJR`_JC5zy5yS-(&QjMZ5A{%(6u6cPxFLZ|KAH z|Lo-D*?CR=Kl|q5>{t5#OZjVcMUZ3>7RKik+NMj6pQwQEt4FbS^O^+sPxnyX)0};$&6c${?JfY z-}MZ8R7RG=DFI7=?alEEXQ^^YbG9+MiyXXd<|5G&&21LboZ)2sCw9CY{k$lop5STu zvX(&SKp+$=Y`rI!BGKE=l*| zoAYn_Q|V-8U(ED8>kr4X zVfCS6Q6YK02Vd^bd5J7=yPSx0E<|n|QjBDrikuvULz>YQPk7Fm3J0^X!GQ|jQboG9 z+fZaIRa?H!we)&-+U-@gM(Nt=A2R#Y|8%X4Gt`BqtnRTYvMd32aGJmeHK`ZBZm1n- zMK}0lO<$?03_-w;S(=lVKA4$^2Wid+wf>1y0X$O$Y3E@T4X57R?RaLaC6l|$%1d*M z7Znoa{|;*)%8@}6L9?v!>Y(<){+e2dvez#oCHTul2H^qV!Pc$nNAwIRIZ$m(0NPX^c5-hJiyYL^dvPh$JC&cWRZi(s0EwoQniRrU_CUdE3!jk2QF z&i7M(8XVZ-3!pF!>o9=T*jHA%LsoIxvOnDJ+dR)6XoB8c%_i!BHm4`eHpUOkJ!k1% zm5}0R*W=-6vKUnm0pzN(occQ6lZOgYzHnZa$7D>A)YpvoAz)z8+{yK{iJcLF&0k)U@#kh{Qc;| zPZ}4)G#(#sG`w*W9!{^XN5kdE@nkugzZ+bCIRLdtkmrH%`ucY9_GbX15_R%02xjJ2 zA4ikHtLxFn+4b$4@#N!d`1Z?(uSK_f5db%@MuVSlsB(&lAUe9{GD{*1i-6W`p4aWbun2F%eJ)wr2}0A3n~eS05*Xo0hHj zT8f4?1I%r6wr;8v;LVKY+e@d(1nK$VQ2`16sG-4=_3-%PmYeX42Ua=F3l(M}_PW)A zG*6k*?9Ph$?X_U_hUL{RGw8`?NuU`&mQ3ZxppH1cJ3Z#QkMHXhnB*dM?=HMonw=L#?%tjH z?behhg=EXEWNIst_>#PIZxepU{@Y{m{NxMKc=1Fm-a+)?jVRJwIi(d%V{*iPaI~ci zQw$FU;63GA8*bKXr8>T@@Ir-nz#k%a8eLcYL2@$Ayx|ipe`B)v+O* z3;6Rm5gS$QL=`LSf+=|WPX-VjX|JTnc&d(t@f&ym<^v6o&?oA^t@GHF?27#(aQ-ia z*2aC<7D9Ij>iV|;y9X|wv46_(`bkKxF|J-rbUX9vKFG0q2=%Q}$w)t%SUvl55K#9_ zZR}|X$-Uz8lKkzk6Kk#2ujpy8fj@~f{41cu1MKHPNyYv77xn*mmjBN-qhFE}>M{S% z^YeQA&*}M#U*ms%kzegNd0A}y<5ckyDnB{CJ6o}wT92VJInGSPUTU15!F@|{Ey=}^qO34~W74C+9g}p!yu?QbC;xDkq+jD0p7(ne z{WtN!&%Fa4jsL%RQTP8mJO7pb|02Iy{!b(hhMxTc{65VNO6$y)-C5~Rr{Rb0g?{yPdfVU< zTV5uQ(f^#OTpinlpiK4kgMKFBXIui0#s8n4)bhWcou8bY{!0IUiC-)IpNY7I_IF!| zA#4XNoHv}VyIYp*LbW~K3h}9XNnqcoB8r$&KWi{R_bHU#Y7iV@Z<|cFM%ugWw7u(y z`&ZzR{io0Z{-+TCw!XrDsst+kDSTcc0&HCg82{5B|9H~>?$7_{Pk;VXSa;y{-+f~H zPTkYFnHS;9G9!?OBH76!(d_n%C&oDA??GSVhdhnDkX%?VYpb_>!&AQDCEw~H|Bv>L zf36R1)z7*A#Ui#op#Z?o;UsNxMO~6VcGb2UkZwQH|GnR^+$QaLHiVa&w|UsU*8Q_# zGk&Q6|}%f3|6T{#P#~nw~*Ap$tJH8IzD2KJ0{7 zi;s(3NY?p^48?9IQu1!NATgJ!6K;5Z4F5&&JK^fD@)-VWA8a?r`akwhb(bEO9j$2e zsmLJrf$ID=RQFlux8aI@>ijm$cUkAR|NqWc2kqOTkPbUFhD~K5`6w|~oa{&i|=}LbabCpZJ01POo>i{3w8*yB%!Fd9#Hw3xyGC8pOV?yxKjJ-;T<)I9 zK;Jto$~6!?#eWBoP8`z3w1UpCEU>i22$iHdc0lG2&alUKKgWgi4yebN^=ZN&}q8IXOgKRf%CDJVn=o?+R~Iq)Em zHR9Rbv6xd#BUw)Sy^x<8MB!e@PXIB{A-&VeBfwKT4R-(#b!J*S8Z+V&T6mX}*(`yk zrg{TL)NCc{=z^tgsmOW69C&}lj4rYW#0Wk zma#PEpUH|P;=Wg6;fhIqhfJ|Xi0amNfF7eA2WIxBC&YmTd_@(cwuGY?>oN51mtu#s zN)H9g1@)@7JlcB1fW;7VLK7kx78g;0ufz=qOXx~S`Y)82}pDd#ic8bOeOk>9+ zOZHl>_ymYs@f7w+N_VVh7oDd$lWQn1CDws=M>?c7fYR7uVqLEKP?K_V$G5I{{S3Gx z>y76SXbzmcOC21#v&x#l9*zwsVtW#Z8)zluLEr=LP~@8GiT?))ck=n%h%6ilgyOkWGG@f!*9u~mA3Ld;ezl z8gDUIQK8_LhY@!`FAW>{9w=UUHL=eY3DvpU{TPWQTa)eK3Q@{mgQoK zZ&F(gMXwPcwsj|JV%439oKWJQ)v((pfto(SLcX*j#!rK1E%t_G!a)s zp+M9l8P3&Py&e6;0=DbFb{WvXE!-+XyveQh*olu_M>lQFN)D%UEqS`J5)I?_?(+}+ zk?IkeKoWH$0Pa>ibzD6(t2eL{LJ8O0wz)7&UKKbq#Jye$d)Gn5&JUt+vXIJouJ^QC zl$;wiE!|N48igo&%kkDyDAfmq>1jlw(EJnr%~L{2Lhn_FXDi>#Or)Ae;2b?M-jMvku?nKKnSz*+i6f0~aNiVvMBVMM&n%*9?U)^p5UJ%2uaBk;u5^Z7THW0WJ@g zM6-=7=EW|+eWW=Wo^OS_k*i`eUf~BQSx|~XfRJ))?HH@od-Z77Wyi@?J)CKwa+7UL{cB8=!u?Q}B)*4h)Q-9G#ze(U$x55r#tM}>Qg0zCc0ASl z1f@qmdQX!$x21KTT6EtqOqC4%R7Z}yktNG1PXo(0dm=nY2kE{sId5P$V7VazC~M$u z$H46FK$FFoX}&4&mlX-b@ z5yQdPCt5{X+|xwMt-lfc^ip>x)8%+L>XMv&#uV22*qJdj%k7QhpDvFCw49U%W?{X& zuB_-u!4?lPX1VEDD_X6mhL3(j)POSJL|_WRQ}F8h3bbOl6|b<_XigGFl@_Ob&Ae$+ zo>p*=RhJe_YGEvKU1F%RtJH%qeD4$U$|m#AbyWdH_`0Ms`pVptH(;}WA%iBCspa)N zEtgH!-Ne$mc2a=;V`%Bm$7s6uj^CQK<< zH1;`5c*M2%3q5)U5~ttT*SSbfndPam4yvw7PG65$SL7h8xAL{m&k@ZGn+0Hc8wR^T z)-|@)M{GY4xo+gFH*mkK1PW#P*ls|))7J=qrizS7#bSnrAbkwHB{2gbcYzAhoRuQc zMl#&^dviiSB4gkL>W&x?UWX9LHdLZrsV;jMTfobZEG+|~LUbdsd~_^;a^}c#dln&$ zcw3L8qzSz*$pEY(2rs1;EGQSuoPAY-dZb}x)Op|f!maz7=c>B6JtDy3*Bva#c+n-V z28;2+BKQ4x`F47{B<~0F`Czgfj}~M)_s#Ot*JLpHKz=`-Tm^)2v;d>ma5)nWbS3uG zq~!?$Jt?(xYESMFRUi<_CW#emvK%k3M**2kC;jo{^?W>eGrAc~mI1jL&4+IXljY#m z_`iJgAGS)XQVRw4(YB;cuRFDLeo%xmtx%X5p){>PAnfoe(lx-5e zVQIvAfwOi86;-a&{5-nfkC0JNBxVU;0YeACZKP1j*)8mlIiXRmz&hT3K9G7=t`8x} z$}U;LVPK;XfTg87x~b~$b!+PqP&x-dox4)W#?y$$khnZBJJslPIZbS*mO@8cs!_xw zp%QK8`WAP0wJMUlF6aU_3rAxLe8N++m>ymAH3mly+QcnXdfJJ=4Z9H{zUPUrJN!gc zF0zbnSO7dhp#eA9fzS&gSr=)^+`uK+;t3Lo-A->_A0Id{Q@sH8p=QwQia67UQ>N4S zj)ReOZQM7M;sy!UxxsXgC*Zq~3?h9eXe?ODt4AJ`7qxdN-fuPQUOldLW8s75Hp_)Z zTOm*j3YyM}u^n`-gpxG_dJ+%{5YjYaIEf6^poaSGVc)S`%5!%fo%J@cuoJOLj1~&` zmSatJH0O(^7R;DoY8?y)~am`~* zNJ}yb@B*h(T2V@hUTTWGZD4f5rqCnMXMN!DyaR654mUAdvoyvQTam;qs&guLK#44K z?XXxL=R(TTT4prIR4FF)@i9u&ps6=r?G3Y0PH3+&P~y}v^Y`9v^w>rR3vS@iTByZ|!u{27ALZZKtH2TDHMY@0dbGH;y5*pdtZf`deP*o%Kd6INUj;=)dweuJ7 z&ZzDDfA!D{62w%s6-5$j7T>{Pqyz8T_H48Itf+mO)6dQj3PL>s5R&(d&_oF$8Gdc_ zq?U@qx43VVDK7?M7qFR`y^O7Cb;U}T6|j)HdLFuA7Ycr{m}nZ@)pteJ@@br3G?j?<}P(jfsEU@AvyZlRw&`a5XFIpW*ZCgYKkGF7jMK$&voR z`CRtC*Iih7L=ytMzKr_Zvhh4MVknSCx1$`3<4OHu1==!NQQ6szOmpYe`iRS^@ssYK zg(uMDDIEGC-oyBub$l&l1z#3Ct|}iK;=q3*`)wI-K-+?`3J9)RJ(Ta|5lLveDd>ig zjksent$X$vZArl7<)wAS9{6#2m%6VM`Z=Pjt*zfZlVT(3PK9Koum6YIyDP`& zAxzUF)hlh;JhwJ_6CQ-NkcYvt)XD3xbb&NY8OR7UGK3mT+gMCWA%_!coG|BP%i@|6 z*AxoBgdBSGzD0yJJi8k5xkT|Ke4cs`asA z`lkK=O*59h7IN1^*AjRL^LWh@HetC<0!wbdRZEh)i|`^m@BHprzfPyqF^8OtCs>07 zLLrtV0u}g{>FW&E8%v%xuJh7n)V4aU3R0drPSz?}&5$)@XOi7e3s@8O&ERDI%tnkOV^R$!*Ft%(Hj5-CjVb%RX0qJ-4qbPw}DCju>`U(|QXB znB+3b(J+VYec*IP}s z^voBi>Cs!o(Iz2@D!l})%Z!!|B4aumsOp^u{up*bG)e4!Vv$J2jz^eLqqfTelG@%2 z6hVN!&#k^$6zJxY(Y=ju@^lnyrtj}@N$rCYB#sbOUA=3YMnAG9R!=cFURt}4vVIRB zuY%{nJ~+^7DQR@$v$ceyH?a*vcL zgtIRhB)~@A%^i1Z>|o9YU_3h;HhlwpE7W19voNBi2{f_y=hw;!od!pS5nGEQb>}d` z@-_U9kt0b)Dx5mzlNz@Ip^1^b; z^RUyo(Hy$H*vL3lxjy@2{kFpFRRWtlFCL0Ke&5iE^bGBZZx;(l7~{@HYc8m4({;il^olM8qC?DIDZ-bYChdFjYh|yDl0FtHxB6FA ztk*mOfvs|Ks={D3st^KK@0j%GYc?}=RNf%KV{ck1iaFHn$5(GKM+r-P_`?{%xHA(Z z3X23y>{8z|UwGEQlG(dkkOvz~ZI7&|;wUsb>_G?K@jbkW+jbfZczSXIgBm829A(?R zf*Vmta>r#}(4=P~n+_cW>`6f>n0kjEb9ZmeC{81;nN(c+Gt=sUg>R>nC@e1^VvSr; zwOt7bjf93)H8WtbVFhkbBKyW}><6cQA^5uLY_NWTvZh zJ)w7e* z^2I3K==FY8B%jC_VrR%why=l;>@SqOGciZ`-eJa<|#s~$7T8vFm^~yajiQ{UG_jScWn%7 z@AYkTB-Z2sBG&6ig{eN0O{P&MCm@E}p@br%15O-z9S%+>X@W`>w8 zkeJ>4C;2u!`Led`54mJJMqn-q`Y2yEsbo(t=;uAbicD_EgLJdknNg+4(xlfJ6!})) zLbcgG(ERl=PuB$#mkbPqY*Wh8_0o=@p$5Z_TyH)T|*dm&?z zK^jIP3yr3ychspVIZLm#Z+U&wBNQHR0UR=BHO-VB!(IjRWZ^t_#)$m z3BUCzW{JplR-K*Lvse(Usp1$ z`RclQNP&$eD^-b}inHmof24XuF*q&x*4|i?>Ez@1)y+q1=UelHft3}+XeV{5s-Cg! zGBnV50%GMptn8jLkf5R(1A83!=8Rw61l5_Aaa9k^&#qll-qixpL5v$&uhbHx!mVo9 z>AWuTLVD*ei)oHZ(KY|fP{23wd%hO)&~PDH)byPP0mCSPij7$rBdan2Ggc65TgeBP z(agh4!y^qe`jm?MgvA@HPpN3OB%`Q31I#Yi;R6Y|MzjCIla6|=Zhfp*8&gNZS@`Q$tIQvfB- zT2Qmi@WYsOUU1Jsret{`(<&bTj=n<1Rp&apWT>F>f;vlMmgaQGT0$I-ivh!v-@Oqj z+xJ&A`b6Fo6tKd&RvT~UsWA44oYnFb?&Y_?%j%0^;u63sx=08hyq(9U3N$e>WU5QZG0Q1WluJX^2q*RSV5KYA@GI8j6(7`X*Bw?glX3|B%gz8};5x<_8+Ta7lD?_H z(nHhBpVCZieSukozPlgq>SQCM@YqhOiE7Gj=S_US0VN=k=IM18QWiqYYeWj25 zXuNzon!B4;Uw(Mc1?7GEoU0R`{gT(GKEXg2^hTOW8YPTOi(E^yWSpXJ1ZWBy{+~5> zPk*<#^W^ok=84fhLLiGZ7v6DpUsp*2AJ_^+w};**#vp3oypogB;&J@Wp(e5Zv5+YO>Abq^bdFAYP3-I2sKQUX z6w=aYYbuuiPUq;XSEV56S>UH@vs8Lzi5l!6)Oxyvn>Kx~0E$pe{-)Y8<~7izfjRFr z$(d2JS+1Z+kZL;hALtJikwt0(ui8=TC{8B1mngIhh|%M}=s6Yv=_K(tkV31x3ud}w zvW(5LpkbvAy~yTvuk`S>ceUvOFM4EI(V;;hB6p^%aZ0$cZ&MDC4Q(K=&lN27!ck+o z7(`kmz8#L2S|%=KQ0qxw;$|k9rUF(6*#3eXEoZ}?b&M#Z-DD;5$qAvJ+1u)E^m)sH zu?0U7@Of$p5NW`eztEHwL4_2Jaxd!8teEE_W&!O?cEcB?&}9SrnJ3AGB`s`9w> z@icm4-9Mb#1|tITgm*M4jB47dj`i`>(3tc#mBCP3>{R?n#4EGca{=xJ53n~tfdQv9 zt&GYf7nt2piGY{{gDj29O!oDUYknyaczPBtX>F1Ejuy+=u!Rl5MSmKP5p?Tf{ul5V zf$IZg_5oJ2_^FJChT$K{cr>W3qx>3yu$IQ`0Jlkb$Y}Xx<1|zbaz#a}DFt0YW@NMw zBMS?sGn44~#7#n~71N)gS!SIZ0?^zlERB6W-YE@oy33d>gXNn;8_^W@PkHTPka12w zL4Zm`3+MDp?*vDQ&Zb(>k~q#_2fVdO`~a1j>?VvTcB!pw|dp40IstHuF*)Zi2Qn`Dt6p;Y_(;krIns(&SMW7+_ z`G)f32@LtU%|vPx1CsqvFy-6jVTtsdeaW~C6f4~aHO>J!NG4D=YGugQLb8qU(&;ef zCDjGA))VJ?`EdhMq}Dy3#X*^E7bcof9`}pPcvGW#!^PIqp5q`5+N~?DkS_lb zi}KX9UG*@$Vn@?rO(U?spvSKK#PTxpL35s_;6@L57|*jh7FCxEvsRTuP+Bx3qxI~h zR3Rrn6zLjo@T#YH*Ce}2OwJzX<-TPl@o@ndcbJiiryEz4!pj3y4vm39F`NQJgV&73D;j;OP-E+j zaDX8H#AE!Blesm>J-BP@r2|U$ex5_#YO|Yb3IAO?lskd9hZ~{Q7KDeiT^#f%xgid4 zs|&9b0Sl~f2n16x%<^1!JBNY?E}yc6yCpd3ajZO?jR^uX6TJsAnt`}zcSv)QO=?&p zC_XlDucRUv!W*6>*;u#dkcR zl{~SvW9+bX54sF@8!)6Y+)Lz!{1IfqVqh-T?46#`iV?Ws@-0pMbcp(8C7{tyBh_XH zdT_!pyuLJfS{P%O<+U}w?giO1Dor|SZ%`yW8YIx{u`-c;eA&jua@UNsqS3|h5wH_i$B40*aR4;bp+YX?IKYi|nvYI3nz9q*p zTwq8N0L4B;%@o#)2yD35Y9HwTmvt{&t7FPakKk%ZEkl@)H`f13=)Kac%ce-mf=l3s zS@S={XdN@$Z3=xaa?nnhi4Ni&PdP9%ddtnrKK*SA2_F?oYn7a6aAH772=XwjBZPES zRC!fkk!i5tdYM~sKVc?0TUf*3PE>;e$Zfa?D>2AWu;??E3S4gFtUO=#?E-UIc}IOi`1CIc8mgXhKTH^M%&kt5;Pv5 zVqA~m53$;pCD#`5jAZoMt6Xt+vIDCd;Ob z+LIKLPgqTJksCe&y{M5#hFo}ckR0Vud{-nnO_?ZsmbcnB44X!*aq=i6p9lA#L*ZeL zJjTpc^lL;|wu1NoZd~;Xnx+u!Y+?nyVxGyK9IeYRu1j*qsSSY5680I$o;?hx;z4I2 z&p8*d*mE^pvET-Ui2RC^ta0*aTX?hVwt8Fr3qQJb#jvJl9FSDt67d`(uTZhUtiS_T zy5qTB5RB8YnN_L}=0of&>tIWUolY&=MdQIwIu?yw8qitwIN)N}6oYz`S!ZV+6`FC% z1P7a?*?99q;=JvitI9st9B%7KE(H>J_6L3!P!C6WnH+TEgw<#DbDUb_@mfz)OKh?x zeV_TR*m=FyfO^{O4;*0H-05&!D}aT+pNskG-#; zpy%2T1>RBxB2Bd`<;$3Q17OfhOALs~(D=GY5;CM2jkxn+HR()DtfI*tQhs!_C{}&@ zSI=vM4!xdYU}lz!4D5OlzpXjsx&gY89AQZED$`$@s<&ipeGd+R8nn}j#`gAt!(Gfb zu(wgp?|>Jmq4Kv@u6F^=TPkD7>EK5aHMfwf&h4tf)NQ@EW%OpT+!4s6%`@yWPrI8H z(h%&#ohiG9s5!J$k0I%&A?SHi_sY^YHp(IRt^43m-+21_IYg#?A+4~zd|a3>Kic?+ zkATLHR!#izt^&_TNA@^FsuFfOzXk640BQ_FQGI4r042hzR_tcjyxASWVIu*FEUIiu z^6Hr84iK`E9LwBB)majMmH`nN1gpDZuAsf7pe}zko-T-Dd5#{unp-ehq)Mu&PNy|@ z)*NoQgRg$d1vh_pi#fAYEol~*2rGA5c^f$Kjh6XmrG>6AYU1`y{me8J_M#}qp1-@T z)e7;%#d^46?q|rg5Gv2SQEDP{yoAwv{rwcCsHPj7{sTT&I-PZDM-J{2N zeJGq9^VrfF;qEb-wZHqL96hQYZ)l$jn*+~zTCH9O!ppssqJ4Q~=$WEmB);aYJtk%R# z1@O9qY!YBDG9{E@OdxaCH+9AGd&X=I)as<{?dc~@GR=%H0n(VVc6(bd4bC}9%8HYf zNnMZ~PodJXnU(Jsr|%u8$X{Y~)mTqhLvRP)yBf;-vd*qSj-P2?tQ&oV8dfi61V+^d zYsd8Ez|{_IODZ6gfOP_<&Qfx8deUox1co2>1C+l{896%bH8x6%&|M?MAz7eDTq+)h z%2YRRKmiDZdXPnGl2!Z^Xj)9aHkixvJ=eS_En=Pvsa!mk4Lxm6pv=l^F32JSCla7x zVW;z2lbTaKz}X2-D5q?+g;iR>PixUIo3Bp-I@NK<^Z(g?cpa(T`xG<9_C;Q#EwN75PgQ3SY zGeJO3gOjqG^B47QE)LDccB9)PG=4`H4R~IB(>^I^WgxO$ou2r8odqwxY4mmgEU!1{ z#NgWR?nO&?=Z7$E`m+=gsB*Qt?}Bfe-5uCO2E5MMlQ=Y&hujdK2RO7t3|hU5L9N#| z=8Wx3{u!S7tY(>osNv%Hz+H)4L2ZQc@`sGdtG&HI(oOZ&XdV8)F!$KNeT{dlzW=9k zj@A3sq*TYxdX<;rU5r#^sdt(+UpHntdL) zG%jqPl}n@1=_+4_j09m)8g067HLpi(+28C{RRcD_>!9J87DE$KwK( zws7e8gxT*kgJ+xM&dc7q*2gU2;3l6r11-vX8ZIaz*CzTMgy*^Wa7&8R)*oD|RbpZe zwZ)&MD04$m?DP8Zy=XQwPkiF?jrr5-sO22HlV=Z}*XxTH!MC+uU!EN7^}qqVX!iR} zv){9e2cUiI*!YNO>-!;?eV|Q;9=)x1f7a6d$peVCeRwNaV-)Kne0S0^!iz_ivK+#7 z>TQ$;j)IG}LCy~jQbOwOnL5R8pei`KXc^_~k^R#~&DsYzZy(_Fv5f>HbcV$aNYWki zRn)4}(bxGQy=6cuZz~)WdhN|C@7s#>G*reeNkfX@08@uGd>x&A)INeSBpz+5OVbZ< zP^nij#j;Z52sQmJ6up)KuoAQnQB}4J!#aNn+tqsl-)#!3xEWXZ*{5=hHR-}7Eqq|$ z?=h%jRl#@bS~rX|6{KrqRb{3|>~p8n8HD7Dt$Aw7q<6Y=mI=jkA@^OgSEwtdVU((# znoXdWtjfW-42(bU_N9jtI1z6Ou$2NGH+y7!Xj zjEFR1n5J$=(|wm5y`Ro+dSG64^>AN>ZK=zzP)URKg~wBL_x&?`NhX5auw3$})7NwS?@QPS>@wGsVPU2de>8{k{~;(q>p!Hpe|y7&R}gC_+Iu>YVoXUYMij z`co)Y(Gp@7!7|lmD{x__(>*lDa$Y8=u4Qh1Z4nnBX~N0TOWSPGTHhg=821-POj27s zycA;t-$G?nJ!UR%qm9Lg- zs*s6#0&I7rIa8Mv*i7xTpzR@NM;VF~D)IjuQ|)wyp`#DBwikL4;ze8`KZU8GYOqOk+O;~-ma}_^GPSqz>E#gvhF*pkkr;)8_e)Xx=hYNF=xkK5=#R@*Bif_`uU>nTP z1?mzk*!tP3Q2HuY)&s2cTJk{mG@<`6B%m(FTh?1!z-Xj$3PG>n$!C3A9`JRpN;~hj zEOiCp>}Gz7KXc7{rc&LDHJG%Fe$hkZre}C2GLNA#C$6=4LkG-zlr~2RUA&-T{}VYIl{YsD>>rGEj%SI5}zh zDs?&+59DpKFfjiV=x?! z77KiKJs$pkJb6Q=6Ec{Pu6{LJcFC*T<#IX+$aGGo%eSNX`|)B#ZWlJUP^5=L5LB)xDPZ`(DpP_dlCYZ)VHu4`e=C z-p(iR&F$oNF}fl*qpR^CAXn4jtwy2Av!yXGn@^{JrqKk_Y(ZizvjDTfeEEUAo=i^EddD=c*QITU&*($vn3`J5Da}n!Mv380 z@5+x`E6{GV<4IyA8Ea%g-|nOC&Ei&ddqFF&p|IMss+4Z_3pRW6!jv_dT^_%>(bKLT z^H-J!yRnLup^%x7j)ed*c5U)>t`v_sl~~Wc+mb1{OOCqN<8F`ieZmG8mCLQ-=NLGc zw%PaerL94|Un_Dwt_COQ)oY8cPzlAR*JE&~wza1#6?4mOV_PjKu<96FU85FQfPAqc zl&pmKl(4)^)Y!skcb%H3UuDLsA@g3j1Hev_VBJRuvZoS~21FtQ#ldOMD#ZGd(HM}R zc`;c;F7J)Wi*wfV*rot#QkYQq9aMx<0Xgr1AD8IgaaGX7=^>A-3I^)Hs(|F|bB>A_ z2#GOnVK zMvP#m=ygBP3~iugRsox1Js@kWi(=}CWD+$cuJ|Y<6Ua?A2a|~2d3Qx;glNyGgz{6;S~_&cur3um_|$u2Dvfxu1xmeT`sM{3m_jm>V55=PS&??0 zC&1@tq>u4la^E*zF(x|D6l_N6?0OuO?zUot&Xb56$YBBb!`;xAe9h*v`zh-$SzoYuK*ZnWqyN%YdL9NJEYhSf4i3B6wzNwRM}@+K?yP9sn? zE8^6WjD6qftU~y}1EM5?maj5Zs_b_R@MhTRH0o6ex*E8fRGsaTnJs)E)TWs(>!>768Lm3i4EuC8eUXLrQmv8yR zkZU+4OG#taFESO7TTCq9liUeM7^B{ zItT2sTyIQJWoxQ|V1{Q8LkFe??A;Y-MTN)F!iL^^<26aeBV$tOa=fckJ;xdW_3!jiU{ z9ORKTEV0)f3x#V138YO9M~^SAuQV*=8LVCm0)p)n_mWpmtI9H9TF5mt(|8DcUclQs z<(8=>{s(P?*W9pJ4Nl*cqLeIU_k`yF@j1e(KU$g*z+Iv)Dk;L&Yg0z7NOPW4_plXV z-NV*dcqD%foIWO@&6542>`mxSWIIl5DLM2D(#vZ&FrY)vUSUvLXj&)swg81UA;X;4 zC8R;RKLkD=4^%jDX%k|DKopY|+lw@Iv+=V6mK{j8)0CU1W+BWftczsLlSH2wP$*ds zClH^2#bxSizXqHs)GbT~JQI`x^zubWhFdB(ddr%BRPzoTkm&=P&$uP@e#%-L^2xhNn9As7>|8supEUYirqum^yZxnJI2$xsI4iSl138P zD-A$hpsG5EYT07#3zeR>7^QX8qkx&o)bYVg_j})a3sTGC)Xq@N94fUmIAd=Hr^ zfx)O5ib!1OO`Oxu0ZG^$GVp800(3L;@^QMg!kPgosx8Hi8H(C=4yd&@?nGgVEmhW$ z>TP!?Y-AM()qAYQSSg@a4=e?GYchIz)gIB2kAifXF~}CJ(NVY8mTD}c0`jkT%Q14K z^6glp1aohxL+Eoun%t*g8aIz@vQQh36&SN#&~Bn9!jwuvg%7BUH15izA5Hz$J#AHB z9a<@)cWYwREAp99&|2=zS{hVn3jH!9ZPjS2hXjjzD4KHxi{B_gR3o#VlB+SjnioNN zGx$Utgm%l5A|DSeg9*dM0SOC4M&j6*Wcp`(!oz?dIgv503D8AE4 z>hA8rAypOCB>9f{@UE-+RqrGMPZWX6nI`o;02cZ>p0tR=n+X;)SpyBEw0Njy#anZ! z^7@p(m}U$#^;*{VX(DJ`R|x+!=AY-L$dYHz5GmP;dvLETv*zMt!%pX$(!t7RK(2Xp zw$@s+W|ry=UaJy`+ptXa-6+>n;+p2>QMGjVA-1Ju8+-}Zg2IDM;f$2g%vRP@N!EdH zaRDnU4wYVCYjWDFQZz}Xkw2HqmhdA*s|#Ilr`GiU-&klx@qIltpF|x-%(-?60B3fpbTy`w-f!K3L=iww{#w+R^0E zqBCY%xKIysak*bW(o%HCuC?a6x+)xCmS(pzh_&!AwA7O|`P3S{3ya2hTW+z}cio4V0zvdCMS#w#H{0ixE0 zY@CjRehk<_*ib#W<+sl9`XrgHz+w^~#H_PNW>TyY<_s*5jX;Uy&T@Da@SMYiIXo4_ z*O)qFFAj1b6;A7m&ConId80t<^&~zqBm=k-5WX5Ud+cubm*jrF4bLi96#9|*g$(B- z=ZyCCf{gw!yuMwG-;L_U4(FrU^A0oJVn7yy<#_RWFkDXOAIN{+4)Ez?g%<-`2hx^!EK5XsBkBR`g(5?;nBI)Y zVmVkMeE)GfA1|)PLj=+K?Ok6_--Gv=K`3_CM2t7tfGp5eZt!aQ&Tn`#_<)_xX4l|B zXxA$w;|aPOj^2$X%YZCyhi{vUi&!2{$kpu}y!EV4o}2V+G#^i|La)X*w1)8pua~1a zj$%K1ItI#0oZv|LRzI3f-jKnhj(`v3dazj5kx;gO01GX<`px)Vxvj}!HX4p!kB8)X z^k#5P=HoYSmy57`ue%;xFQ(|RiMty=!g;?N%#G_JOj-|)|ENt~zwrM?$b7h9y~Yc& z7-55N$&s7C-imI~7d=?K*?jtLd^Nfvi|O^~`U83O0gHL*Zm-6R;q_pAGn#w--oA2O zhiBx->o3sQAH5sR1DvbFRH} z$9i1RoC58?viDD?v&2%C%A@$2-&P{=iVsrf(`T=~x+WuVURNeLSxtd(YKt%G&p<9m z>%HYjyeq`G4WhWDSQ`6~dAy0VUt+OSQ{eNhxMz1Zu8-qIZ$we&;12#{hKJTu2R)-< zVQr!|&sibIB23o8XI+9y?<0)IK-H8p4b(Hhl~NsuIwm8k;Zi)6uhCwkzR|I}zBJup zP90;w5R~b{se?7Q!icOi=M9{#jR1nBL>(>`@&qoz*2F<+$VEF^?Y7Ddlanhia1l}o zqut(`h{bvhHT@M@d(q%&ZNBAxDNMX6#0hZYc%q7x6$muAUUfU3R)R%QH3))0HTFq= z&~QYd@{f@@*Doj}4j zh31K^9PHuS*DxphzBQWz%=+7&bDA=aN`|*IHDYViw=T>OYlGglZ6%W7)T3J{93MDT zm4ZQsK&nXRHlYH?5FQ(thdV`o=V^M8iLb1yU&v0Vyix{qhc#N90EmHIQ6Vd3_FYX{ z{~+!(#redv-0Ig&HGDiMw*v@0J?;AIzuj_VrNTEf!DCfwZ|k2$clM)U(D82%c{;Agq|lZ zroc|Ps%JFuPchzlm~tbg;2e%J4P0B*xW0)qezh-Br=Q30DIW{+8s*JTZN zTNB{)e7&qQil-|rbxF374STHEaUIQIpCe|ZN+ZIWy?@#((IX^TiI{^b>o0}e`*?~O z&9^-h1puM`uwuSp4G1PpF}q6B?q+-pZS7sykr*H0AShi~t!?&*H@qr5`-NxSFbx9R z$308#7-l_IU)#66hYdW=L;`n=8OCflShLW13+=ekEqe|_#>o#Cztjocu|#CH2AuT~ zR^VD~hO%{|%3{5KLfprC0uo^Z(;)+hN2>9#pS2$Lu_6Y&J)HsHKlk|i>+#^#^$6wX$p;%s^?ItMIuPQu#7V}l$$0X5 zI=>m&n62@g%%+RQ7{&8T^c|jRk@q#kn_UfV25&|n@?Q;>19bld`D}0vN`mp#XtLD* z9{pi-GrJzlKR~e094RPasBauIF+)3do!3^y>Zi`WiadGR$y18)(^iF?ctgyjkcaIK`Oo zgab4Ej!CCi?{r$7{oKuQN{$Y+>;l3Q6$ z2h(+XMg83sY;RL@h{4_6DkEJ1OgKJ9HI7Pu+M>Ih>CgA%o~;zm898dxPuebf57);u zSGohhi!ZP_UR1H_yD~AE4oz3U~0nsb6Qz@8_U;PQyEhw1Vpl&@-(pG%!A3cX%rO|`3<9cG>430 zWG+Oad8Vw$jksfCf$+7@c~wg(*^yx=*m-yUL@I)C84TiC2_OR#goV3f;NdS@qPj*+b>;QsbRbZ}aVS;o>BNG%>KUs8ay}pFMA0&ku;Odx zt118sW+I>oIO{pJ%^F@xw*ncQF((3%Ypq zm#Vx{=?Z~`UV^9xx+!m}!?9F0j>#0*vF8%}2-eg;=MN3k2m|0B_rs?X@kP%fNMqRgm8Ku+7Mq5XeJ`xnv1>8nFH^r zjP8%-1?1#0{3z;hRIx)(Cz^YPbx`QU&J_gtbgPvJK}yong}Z($z7PIU)i7Df9aVq& zQ{(Qf&{t^7v&^zbE`PVrDMR%YAbswwAx91XgRk+cn?5G?0{uorrG&WIhNBEn`WXGF z-DS1fH{uOK5Y>!tZbk2&H$n@xEP);&FX$ajI3Tb{nLg_gqYzSv=5Wi4xgOh`?MoQ| zly}exDg5T>7(%c&8G-idf$evG;O=8`r^{j5ysd>HwJIORlDZs zs1=X_L|2l*&Wm02r$36dR@^cZY*+W*Go#;ZX{KFvW@KDftn2f5YPwg80Ekyk7bWt3 za&GG%6HdrvnOGA-yRYi9hwiM)#CE~6wZa|D4Yr~8hA{=elW6h)=wrSF69~SQqhrhd zx+H`ozx30O47>sk#26qx5D05id_ZQ+g#&rS{J4jyHL+jPvLh8)-hs1j0jtVfG%15N zi^9J%z_a;?(rnLS<*AN{Ol8nIQFF%g)D#ecgbS0B!wDn;1&!?hI>S{8CBx95P3VQ< zOMux&K?MpN#t0#P0}6qs^*dOIy|=d(Vg(Fdg>gCBL_%ypYjMCWCJI=M;50Yh-gC-0 z!6ISZr=k$s9q4gurDC??Alj8l`hl$-%Y0Wty;&@CtHi`@j^>by(ECK6)vqY?ULR4o}wptXX#vnp>bR_~2I(jR@#eu6k*MLhv zb?$eHhGi-j@68Qu<+1p>lNDtYK;B@8k<)ppdz8cMmGRJ36m*kZqAcM%fWg=tz!j!Q zbJb2>aha4Es2+69p#Rj{fiZI6z#whpS8r2_=XF~xsjpS+9_*#ce3*InuYBo{JE1}< zOaV^OMxk<>S~W>MQpEV0%hXE{@Jok+QubN7$Zb5Rd(PU=24FgbhyN1CyvnM6c`dsS zd*ef2v&?Z9Cws6m5=TDdjkw!t{SLu&2>PQcQ`@mo<)pyUCwszJ!Sr)KoPrU}u#oFe zR(68}u%SWc1iUm!<^&pzV%XvS){|CUlsrHIaQTmV9cdANV(kMt-L!7+O}JWo-HA*J z2%;g6rrK@=!674Zgq<-da;ViOgU}|vW-RBAGF?{8!Zr9DgEQ42e3^m zp214l2SvIn3lOBJ8|Qc*O2L zFw)8!s%p5+1FGFr5sS-0n!Fr;;r$S+!_y$M%p->@R1`!3w_4B1nu?`eVK-qz zK~l5GwCs)PF)gJCDoW2x<(CdxK+h_%ds8iS9z@MZl$EJ@2&IKF`xr!uY4kET0v8>2 z*!BFf)%qK|BXU7I#ojmcv4?I&F6#7_wS&_N-}P6#^IkXG+lovsd48Z-6i!~rxSj@l zF_)a(bHq%1&C3WH^EWmqwUmt5os8o|umR8MEcaHrN3UtK+iLyw)6*>Sz_Qt7JQwWb zuaRmeEU1BWOgw7E>OH6eMua;YdzRNv2Aqe>R;zb6m=62BS*z7P?`S2h&r=@rODCb7 zxARewJvvDXo=Nq-)oNdK^aFR|t6VC4X(eKSr}HObDxlnIssD}7>UZCCOyeZkW(A^) z^wM=HlZ5M^3b`)%_g6eyl(GIrRxWtNt}e7rQ8->b6>niGK8jTQQHq4u8@W=6eB_zrX)u}gjrXlqZ#L|) z`yM2pw_5FY&}5%)wF!VZlq0Ubv41~6W4$sjGM>nW{!t^Dmd_c2g9nA>ex88zh`n{= zKSJXlRJvxr>i;+EO`*GYe924wukdr;gM@Y23rSt3Vy!>ZKAH8VCt9kte}XT}xqRYj z*ckrqeXBKim`?5o5xW~+UylZC(3{PvVB;HiY2xE1)rA0k_D`8!V| zb|n&?m3hRjRGvzH`axuWh_yaBdefH4S}$S5`kCT|{^3SXLdHIqYn3PbF+3>xNGtfn ztx(xo|L~zq*F4)t>{tE={{n<35&LzYt@nT6&vz<`)g#wGq=iVuI#Ut5R|#OnPSqCs zJ}vVc_P59u@ZUr|@-OUqZ&r3=s#iRZ& zW_lN!Qg^=cvP|`kgSYX9=%s6=1^N}=WRP8QrHcHC zv5{&AbG(5ke^FTs8(yS)9hYf=%1ya>C(?kwz`FT zZZ`Sfd7&3$`oz;1B)(#EMewi$QYQ4T%UH5r#__mFk!75Xgwp3>rnXup>a&ynfeZPt z#@0xV>i5`SD>J;_yc_RVnXY4PQhXA5!LE4v<@;Oy2aniit<6O2KWUTc-u$QBF8Ja} zgi}38*D%$nMYYfIQk|)?*wC?w*qCo6G&2&pDmIF4vM2tB)bG}%xqnjprkV|fd8l$& zePxHnJ?LA%dv8!cg5Y6&|CVmM9VlG@`drv_NwjTL?yE8$=$zGR{_9K^-+b+dNP$+v!0id5ySCo|MPP>5V*ddFV6wbGAH zrDCyQzwlH@ec4Taak^!HBNI9=efcQqV=#ta%Dj-M&dzvRNWNB15gRN^9;=ML1aJOc z#%oNp{Cg=2h147X0;}abq<7R-fwj4xD+a2_yPCpG^GYQ&?ysy5Y410rPhU$c1b6D# zy~s*zf;xu@nQ~F4Jh9vO_cE3+(J?iE{*bL!LqxXZv2r@tLsqU!zQ1fb4YV?#S3JsC zD5qFe^w#jjttc|JQ;ELh^r7R`7W+KoOP;?*2SY8RvJnz(45jR&6sf)}=poh~rm4tI z^<;MbXX_;#DhvMG=_e`I>dC)bPic}M_ga8@D$D;W9e=UXVK7SYgnR1UH|QH5j+=t*EB2VcV#wy5r4mt38Xj~CG(>cMGCy1*M}9mhOCgL8mxt2D+v{uEEffo zr!Dr3yTu^Y)I1DHN_s2Gbj^1PAt(8A2{O!2p!3#~P0bXzx5C(g|8O5mx7#PPVXu#` zo2j)ufP6JvUbYYjXXWY#`EI9VT0p(D zYnJFKo>cHDde&{%Fi(bB;uKMLZvwbKKC^_Zf#rtFY|E|Y?kS>O_K`1nx|Gfpyi+;s zMf;XpoFwr&lZhM-vvu?hd;Kn(fY<%eHro8M7hp>j!p5T9DfV3~MIk-efQ%u$tp#by z3rI}Zh&_7}8L}%G#AW>Uo~b1eR01?{zTNNd;*ofdwo-;@~O!g)lZzr;3@4nMTvv*gWR=;Gyw;I9n z^eVO>6$0%K2r~!P%>RVcYNp#t2{clR-!Ia2P zR6F~M?!73H(k5Th+a{gzPpO>whQCPXMBq#Fu+cex;a_-Gpn8l4?~w9oh2NFZGKi$0 zeJ!OF7oNBWeCgP};xSLnuX4f0Jjch~msQ42u6pC)i*?g*?5|Z$?c4tr?bLqlzfwKL zPCTQZ(nEiVg6gf1uVhwR)vI1tP!GKPVht7F|35%Q_4d}kMMt&Y`^%M7p2pv+%oi(G zZGDNW`7H)8{x{qohWl{^4~4Ai*PM4}X}#!Cs>EoEK9xwu(lP;6;*j6N@$*}Mg?}mN zZuV8Wl!*+oOdCBJiE(4lLng*z_5J>agW$FC1lFei!pA!(KQbW>$jau6FQ=>TfKu<> zrIjFtW9?LckpSscWHHr+scnr;0)8$QORu_3G`c(LcOMjkgm%DuBQns2BepBEyyOJf zVBLxDe*TGR>y17{V@R<&Q(JBjP`fw&wkVK=e)hZ;%SAnT*#FWy);{mBm0XvZU_Y8q z_Dy{z+wy(HHU_>>rg+`H~QgMGGe z*k_@S-DWue3*Y&X%+8uO{AjI@{b1*^)%pf3uH9yz%Oy|Ph9j*1t01|+L^9w$K;UD5 z&nV6j)G!~NkvHA=^50VFYGVnQsBNkv){qXbR$pP2)B z`IpzE9Wyciih8xiay8Pb4`3EDv$tPWp4Plok5{Q3-k{%Dz!t8bA1^aYxV>z(w#O(q z^)nGWxi_7?<^?~&G6Q1#a^=J!+@&8))9V&ObH?&f#wAbKmdC=wK3(h^OpOQ;W}y$M zNJ8*VuPrhm&F`PNtWfBCkwq8h!-Ga*50G?mdUe-ue<5aTFfAd1tL?}ohT^PXY4eVM zD>YP$q6E=hLLpMA6ot;wG)sdx>`58Oh1Z%30G;kK`N)_1MoGikCnNrppLDchu;|#5 zR`0$v5YFL9sXXM0TN zIwTh(I?d{O8+aSze(?zAohRN@Yl2>xsa+<)Xco&&suH!l5y&TXI0=>OQaZ( zjqteXZIOy6+Z4qI9&!;x1$;`MaD>n@ptdXks4O-ld-|s>Px%_+OKuV(12JqJ(=>;& z>f+fU8XrFQlGFag^MW%DDY`I(IJH&(|5;K zr15h*-T$`SE+BH`z7?{I`7D$O{hZO5GIh&TBWr=?>-*V#wV{)^o+U!yEronU zo6I9RF;L~s(-$zUW#K(a=HL_zNJzD*o-B(vX4q(aSp<^H@whgN)KsxVrE8JB{*tI~ zn+D7rGkmAU+0NB;hJc6)oYn0gI_w^OSyw97JN?r}u^w;^*=%EaUumaE+!UfsP%DhJxI?Q?uCjamDxeWgaT``*CD+4kRd^m#R1 zPk0VU@dYT$GKF>*VO4pz)w&-{A6|fU-k>s@TrI2z)RUQ|wH8D!v9_N@sPcOQK2wVw zk7BCcKhqC`Uj?l2Hhr==kDqk50NKi10uU_$p^6)7StgtU&kaUv=-KnomZ(yyP()lXkXx$NgJ0q<6ks16}|BbWsiu$$Qq|LXdXf^s&fi@8WNfi} zk(H0&5T%-gn0%l|r~&FwC%KhGgw<{*vA)xY_e3Vis!Z4xsKn!PS+Mp=tP*tshW0vB zd0;BHPnKn}<4mUF>$1%C{D6V;Fb0k%!^w2R$bsgwM!#YjX&moZ8{X~UC1A1N2o(-^ zw8gT>l-6z&XHhQrhqmah zyAcDNf!tI;?63*VRKVGOf&Fy^4t0 z6!RZW5%V}My>LK4=z%T(^A@Qwx3eA_&e?3a5pkIa_T!la%kY3>ukL)Hxx+3WefLt= zSCzyfeW@TCBYN>bOoC&pfJzR63UQ%_*JQMG!>r^+Uv=+cHlOxJ!y_lrTHr*g$J;>C9Q%!$(4%cm3;5l_g%)04}w$6cRVeA{WUj@|5Bt zw5KpSjl6|ufg)|ij_*L9fSXC4ELQ|8g3kqOj-13dp1 zW&e9k{dtWboXJ;&Yd&p6CXDx4rbHhD$_gYwNF&%RPnp~zT`-O4*~v3ZGM+w|SEnlz zJ1#R6IUoqOUXnLNMIytT1e775Lu+mOktg~|cm%k$jl-z9?g?9V60$fm0y#L-zMV7#;)B2f3dW0Q#ucE}0-&^>9jhU4qupAQTd zJ}*BubB;)ywgNj07GuCSWQTe^%HvBzy~eK^NDly$J{kgM7afWfxbTwUZo-aunGm4J z%Az#X0gozqL;{7>M_?qLb}#3|z~$-&p7_2BG#XGbg`S$Kd~6)1y~ly{$%l_N8KGXp z>=j&4FNu!VwuM$W*QkG`ishv&f-BM`9?RU+{6{895Hpotl;{jubjHpnt}it2VPHX6 z%iilIHf)`S1cYso$W4x`$g~Kca9!{n4@lN#zNl;^q={oxU9j*}USJ$95j;2S?$zx3 zL*MDb37(7xGkuERbl(8999DX`%(UnHSl}=7&t?FD=u(&haB*&&0vA90(2)HcxCH{` z26J}sW!EA(!EzcLcz0s4%)E^nQu}*RNB}k7?ai z3aLM%c$2PpTXML{MGk7?`OiPUY1X;%B6s8g;FO93`Tz_(A8oqgrK$@V)bd0B?)%II1k#Cm|P{|(M-tGqjx2mw9@O6V(kb9~n7Ucsh~ zP=Rx)J#I&QKbYK)2H(xtba4N0H5&HW49C4z>us0yG3<6^@I8G>dHMy=U>bsS z#nDUr^*708D7~Yx}@$u3`fKJ`{8&nd)+~Q*;TBM{Uz{Z7;W9t zxv-ERArG$D?h>BujZ?N0v8~FqfucoJ3sSz;_w8^?@+c8#+(f44ow9KMxDO(R9#fn!}L z2ThE;pITorpryuYJbZ72`bK#5yp*2zkVnv4?8}!kmR4BBn-}Tjw52a|pJ|-JsWL^q=Buy)kfqnu4)y}f5`uy@?HXSW(C8UDOS;&QW5~w?u&I5y zD8O-Dy_1dr+*64eL4;}A=-3uP5?JWl8)bV_ep7P0-WwVL*#H9LyLnx(;uK zgKKs*7)?I4TEnHla+r}6%S|EDybv;t*jQyxd>^sdlPvxa89syHDa6ZfEmylP#=ilV z>W1e`q#R}^QA-fWUYZ~>trs*Y{%YiMD-)g>$v1dlTNOhR$!qea1vy2owLU?#Jg1O< zTGc;-3F&&%?L zK$HD^2h*`?eZRNqJf~ht_n`^0$$xt59GwSp_fkF<RfS{! z4#Rn7gLZuB{mef1SPK21Qx;Gz;%-+fz1szHhTmqY+_BSFQN=-h=vJj)A|Kd%){ANc zayD^KW`03B1ajx-))qz=*z zxJhXw&|_^qij$f3oZaJ4PdWyHZvpFJw2|WrVd*8d0(A`H39_pKu?Xp~v8ta%E?Ej9 zX(PwWGUrM1+%`bhhRYH^;O_j^`@lz4gJ@2`l3E)KrJBzJkF=kF`6v1k`7S;x^QU>z zCrF~UZM|%5gQbPPLE!?<5&arCDu5JHza;a#^k0F0;~R$Ew@{sC&BpCcP9~8}y#_8U zF#feg4>H(ojfNBdtmbrd-rpURF(Bxv_~7^le2<#7Xl%uM571BR_zt#hNjc<5m1a|E z(YFJYG>?b3fm8fUK*DR*OW?7|8_u!vjXSDK=}^O-w%jj{TkC;~t2yR+H<7TXCPC5%= zGUzvZkOE&H&YYh?-aMaunJvpLR&V59k|HpvMrjs0 z>%?;;ugWy$TW}Fml2GI=Vx*TYlf_{L4}ynqN{?ptq9VH@GszKBzKi z$SYg`(Ob+xg-!U=<;#x@9$WlSC3^#qg)m9kDE8~MHirtA=xZid%Yy_`rW&(*?ZkV# z5etNjfz*6VUIY)OWeWoNIoBAT(!)4x^~5tMI!JT78d%W+!Jmdf(zOEqIJj_|5*804=8)k`b+mFVTn3lT%@p?DI>qqc0*Vv~Po{^}_Kkdk6lh9LJu>pUd-F@qH5 zloFaTBI4DN9IhUy<`scksu4`Wyz$!HqGw9+Um>a<#@B->8&6n&IPE{&&E{IP%-C=S z4^O77H~!2fH*7ecvHR)dcG|mR*MpCP(d2$Gow3odcQqQY8~5P+gZ}4eH2E|f-$rck zaWH1X8#Wx@Os02(YkFijW%rZWY=|lWlx>YBvl*M*MEaxGy}RD+fXycnyY9__aHpK z*Dt(*9?bP1Z-(<(#I7D@!|`A?i`Y~T;$aZ6+sWkm({MD3aAM}e{_wsB1s%PQ!}0CR z4R`)w@R{|d!`XoKW~?`6!@Ik|^{_V|xQ_G(X1?@Wb2k6bo3q=&crb-F^&hC4xSns= ztTCW>ZG$@$=yH2B(1F4_EUhfa)D$_J5EVq^Q&&->jn7APtUCNrQYIE9#kZb$7M%vi zLy?hTws8iGsEUb7)GKFCB1sTY{Ux!^<8iOs!St>-{`}&^6PLGx%Kk#EWtx%;Z03^0 zNkz4BnR}5*1=ZexpsM7ptCcGj2`Q6p`D-=Dv|Cr!T{kX#RlRa^`+>B9QhZ&hcWD=@4pFdTueTt=g<-?M%h*o5aDxMRKCP_Hu4 zPfAZsy(L?l6crF!d4cH(D&(Omn%mbaV{{ZaR=A zE9Yv@GF5m}8MEqN4NN<^Q>@z%0boxzSG4TxY(_=1@$@@CwHeNyS2Em@1-pLUO;cWY z=9EjZBsI0NW`d?aWdTVXtPGTnifBMekq?gf)k@>SgYIuF@3>)ya<9@_WJUen^&6J7 zKdjh`8@9=D;^5v#CkVJqeMF})#I!FFSrWx~z54=NEEL@-nqY%;z@4#1IX6$oVjk@W zm}vDI-Pi64*Km+!?)c}5=516}#2da4Z=cadg=hbKE?|Os?v89XaGZ%m17wzS>mg!k z)QE-6T?8IECzKYc3dv;vOc>R>txeAi{;LBS@~u&-f7zF0IJk3FF{u^!E;F&-%#K&S zd7aq#v?kkRnRDOy~mb;epBaPgy856Jcv#p>ti`?)mAKC(G?wyh6e zYF&^SS^$y4UaMp?=ukSoZ! z4IJF=qhMf~e*5dkx_-TRCuF?*Tk1varwK-isUHejJKUjebzfrAa&4(45luDx1$-Z9Re$yc z@U@rPK%D`SC1GqanxI1~Hy>h74Z1CvJKl@a59B&Z?Sg-XemlF{!^zdx^EzJLuP0vF7&I~B-xvGY&KEnn=MMYN z@5kTm1^&a!%?)`A9jsNF_|I_~antydopJ#daC&i<$ z@rUDMVW$G_+Hdq{IO(m9KQ9t{z;!=y?5qOD(F2DZYJSuTv7I&vC{j<>g=p^$&ud3e z`s90Sahf~*UKSt`MdPd?0(u$mM(wBpnvnA9sAsPAClLixDfHGSsDY8aO$ft)jpW1J zA8Bl-5JjE{Eb1!pi@!uaJi1{ch# z*^3{~r5~+ov}^|`hUepfF^mygYFT7RbObu~8JhRdT&kn%v63MRru9nIK~dc7pzRIQ zeZ>l;${fHVd;WyHLqjnN0@Ar!Bhh@0I&kbAcz(k%vWgCH)og~hmB;z$#j`t`AGYSv zj4ic^PNrox$&GJlnVe};Xu@85UOSbH;Z1qn58=V4_NuSzktny)LbpHJ!Z$Ew@%yND zBuLG)WoV07LRy`lS9&!TM59tR@@A^U`^9IOa&`Gdrt>`rXN4UYwzf+mH60| zkB@i@>4qw2g_9_O6UVX#|21a zU=$+G3c{%gsfPgNC{f-SVrlCCZzB@|vC639u7v>TqszQoIbkF2R2Rn4RkzdbC! zaX!)fEV8lSWcr_h9W$)stBsPQ#H+Dry86Fm%281k|9Q1*>+;_&k+fA9oY~(zXwxkJ z-Z2*-F}{I7&^$^8A^h{2DoBfPEyQiaSxF6gco#^Yja5KECYozmEkaAVqu8XWt$Dt={;jWlb0C@urH&)nW`xDN$ zLSQ=^6eix&3uW7o7P4Mt{~{Jn1M<@viwhL*G)&;rzj?yJFx$I7FNUbP6+y=Nq^d=T z@6@deyGYcQCnE=dd0dCIf#$5jj_SfL;OG+YC?CiFKTjM{UHZ+15JiXO_(hDsk1@|;?5#r zMW2ApI{@>{4S|4f{c_{HC@!Z`uIR^#C=h5U@FLfQcame zZO}l|cwTQTtxBeab%#NohMq<7s3oc*5~D{>5!QsB`ZV{OZ{)UlOOJ|yO(>0lebNV} z&D3DEXMWh^I^kTGD^*c4N#9N%Oa}Vl3H!6gV;;#vk+$ShXEW~eTZ_vfu$0oBBOHd7 zdhJN;j~1V0i7L<-S{l^RL9Glt3g<&SK;25bCZ!lhOLb%z1RoEwXPLIGI`s0wUNSGv zdMLj6Z*M;Bd2pYuQ4Vs*Rzv0jLt5vp&_LtNl!(bD=250`7sUYlO)k~IF?CrCjtCNxTkjk0aqQ_V~!)za(POrxKe~JYLpt@{`N~; zhgjhuJL+{d=W}|u#ob@q)V3~ys3d$#V?1AO0bDNn%d*w$$~sPPxI|u zwooKrc+1;6KxIHeC<^IyGMYdpP?R(tg`QO!_H)FQ_6xOj;7~GbmiO1KZyjOjMFs0Qj*E8?0`V`x z{EGgxnizVAhEkY*5C&I{>;v#y?TLrbg|;ebD)ClU!3MKBKp9yt_v%5&dX0649eP)7 zWybT^!o2M~7MvIBLA${2l#z+YaOmvXH={kV1LVClDoAdXyyo1e*pf6 zhSP-UmWQ7CkY+IU5;g}c28ubouHGarGlp@`kz|EZBokYkwJtvY6DAJ=ux|LIlngDd z+QxS%jp(LZVf2;SsC&80_Gp%@VoHm3rI|ZdS zZ}VTMTu13<+aLq~I7&4JL$8kzA$l_a5q|X)p_FE&Y+XoM=C6y{#`Z zB7W)&00->zA2r=+VQ|TXC9$qMmW^FkXxBL5uj-&dp*fg52T)?rgR`}}jOI$}bFCz9 zjssS-c9k{Ns}?PGQ$@4wwvC~|X_#_$^9+Rbt{Y#@N6x^1UVTX_aws6UPEZ|3p@~T> zqa`Uk?a?f7SfTPhy2jkFGWRm}aSP0D{u5xPN+WgY2`vLSa`4uPO;WpIW@X zC*@{{mrtpIh>vCqR9A&|?{HOWNSCKH z9jGP-n5`xj^jI@OIpQskY`zv94ll&Y@mFoF*Z;#Ny zrM!)(r(yKozRJKKc+O)4E8anYja9=Z(4i{}8xg)NJX|3OWcW&&`YL(spMBxWu^CKRC z>op=+mMipWTFQ0u^)X&`c;3=&_NW-w6DdIns{lqztM9FF(WJuBmSVHGED13Mg5s>1 z4Abq+8xguD2Xr%}>^JeH*dHrl&NCf@+d{+J!1$HG3{4P_J4FVm3=f!z{t+&*pyS=c z+zM?%Rc9M}mI+UY*b3s`u}+fnJ)812mvLddQc?xq+OO&irYF;GnG3697?v!7mZwOB zR!js>Pi|tV(+cobTqR`8qm!A79HVA@RJErU>ey!-q6sf6v)fZ_@5pAaJRpx!x&(8?{j zSnl4;DKPbF-*0Q#ZDE=K2*UwhoW>6-=GkR7aqC3LIF!T-HGNFPQ0I{8DLt7;R-E)I ze~HQgSmrDD38}FNv|`S^D+J@IeJa4-#*%IxfCV)V_Ihr}4;HJ70n)soqG1G0?W)9R z$zdg(%z;(Nt_-nn8H@2miX*Bl3m4nlmo(%k26Tm}pQAve^DhBKkqQ>5w1|G{tE@5v zqF%9F@QO(?t5R1_*&9Fug7UE&4sAqk*BMUQy=F$Y9|RkC3+r3lZhF5T@S<~kIkT#f z``qezcwZ#PI1JpDNQ$OM?js9cVv}JkgU;#K5;GtLWB}RDe>iMzN`&;lCw$o% zuV^O`gtxvNlpM)Z5g-YBhyIs2;Jjvfh5We`0sOIzXE}cKPslguquVZI0lfkNC;n5> z)1a(N!FcfI{K`U)Gyk5&J}{yh5_O(sPaOxU>ua(uhj1-ja;=xilpq6!b~}Cx*`sl;|3vOCYGHapL&ps~7bI2T(y)qLdzf z%0`{|WOkiFUV!}%WC@TD!19Q@#3@l{LWF-iETD)}j5*-D`34SQg~4H)VKXz_=B&qM;=-t1)kf=RbpR0%!F?PLp&9Q5*Yb$+ zi<#&f(f7!#wzcjj#bD6fMLj_@435DK@b0;yKgNL%Y96G5gPLLpAdXtzvps2EcQ6Vo zN;U$3{1?RCXZKEC=x#xe%t*Lgh1oazDMo?~u(hkio?pt;cA5Jr-zPO{TxL^qqP{#q zRk3{g2^^-I{IZ;|eLOIFbt;N?f&uD2u?~h-h-i2`j53=^!0@}!=?DXjF(>qewrEj( z?TB`%U|%bDf(J)vvwV^T)W?W!2R6h7Fz*8$vb5g1wJ1doxGd;JhI)8GEJJjjwz3Ti zf@GHLzr%M&lL)C5B4$b!z!9&U307agSU;h&poIKB(Si;k6QUOfz;sV3QLxudd)kD+ z9me4FQ?k*CC#^%cyuMAZX_3J1Tx_W2UT()zB7$2~@I_~6l8O3Rw@%c#i}ouBfBh%kXw>BW<1eBlhg?DW|77&8C)Ch zLyAA~1Gy8gO`D2X6z%L3UXqO4^;kv5Zech=DH$Moug%e*ajR)6yxF#k%E3C}++Cyb zjc+qZ>FoH3?^HnEjv>7k{^|*czo^)r_(sgtKQ-*=hdy?2>ZtqqW?g3ndhdw^$00!E z{vZQ!6u&O4Cx?AGT~~#$J0&6GB?(9b93b?$Q4n3k9BE>4+3wnT)a_lv$O}nOyNQw$ z+hAlqHm6TT1}N;4-41O>Y4iF={&+_Wo_a+8i3EPA76hW|Q^b*XvGL&rBWs3dsM~qKnP%)I*{lz;!zq+P~(C%9N4-QX9d~V`qXy;Dz!Yx z)3sQux=-DT4!-sFV6n1~coB#{(HMmef`syPs5>f$(w>sYriZUC%BScjOV!CNCeGsI z-fKWhAizgxOXDZ`mfT;*K}OS)x=e(Q`YlYuOd!`wBL7MgaGMg#oPK*;C6KAGb#t-# z%x;5+zLiMaYRVs}J)WEcvJWrRC0HxDHwE1lEd^{rSLtBWcYZ6`BFBWPxWp+sYJtDq+IC@e>tu~-t|a}*RjqrPDL~q5jOQ;Xbb~=zX7|XjN&9y< zS__RbRG1AY_#RAg5j`z(4GQUsZ$PZW7wivmRF@!oCCLPx4xw<`(>d!*NwZ&SK|euf zY8+9ud8S~1tZ7sdc@z}cd{X6* z5*2wIy8oBzXf=n*iqViUO|N@}kemNXeR-7l@vz2>c20>xv81RRo|C`#0ujaN81HfYh z;vh;t6liL6p0TjTx13M0b~d&nHbLPsgsfKa`N${U$28Y!qQ=;og1qm~UB1($o!@cY zDeZNOW;NLG^7!aqT8<@1)L0+I8GrOp7M(Y}O&xYl_HRc!7@`=}UtY?gLZX{2)l0z(AV_@|f6t_3A1VohM}&`Zb2Jv+`X!qro)^1RV73EljQ@ou4P z6d7lrY>i&IhqF>sfWid_cKgP(hg>6Juy`KU$CO31-FzPmP|D?BX^Tj%*uQT^)2Wix zm07eUbkJSY|2rI`{9O04BzAix)ZS~}s^pCWE|qz}1(^ z+7nkj$FC=eitOJKzS3;tVEs9FzcFYp{KK}j;8>rdNq^iU%_P&~FZj%+mPzaSE*Xws zh(`1LDxh9yrl_&8tv8iRdlWR`r#UJf|BE+%W`S0*xL9K63@KDxtY|K_B7`R;*Wx-` zvm%9Ri`k($x%m(4@eg>W^p%?)!KtL#E)|A%mH*n_XJqGdv+`D8vri_&qu0ea7yXiS zmefg^HstbcPq0lxERI?+dEc_e@P1%R?${4RKCT!~XYAB2B?FX-e^EzR=Qv>HAf@(u zZexNrNN8j4CrgQST-9-)nUL{Rvx-x+3h$(A0Fkqn--&459z_QKcz8K(GF^#PsEU-PM~_mrif;{yAg9AEF-YuzumT%<0g$s^K;4!q->hm|)AsLo)< zVZLf9A%IGDSXF0UCv7yZqVHB_#kuUkm7~y7D@5g`w6C<~DHvfaQ=COEfMND>VLIeK z?}`n}0HC9rXz*2*n4WKD?Bl&9Y_Q|7<72={<3^S;!5>xbgS}$zgSDd-t(}3&Rsh&~ zYlSTR#>ZxOcKWU#&LaCNF~qR}%;6lp2z5~c1K=M1>g7BO!U_aPHIs+G*(^;?fhFcw z@X3h#ZA4Qi%+{{SU1#jOgV zX1$X!A}jIgUq!YdpB2ZZQ>5yuw9(G;cu(|TzyyncW>9Yau%rn3!K_H^CLDlDqoz)} zW32vm0~#JGRaeEBV1+pr00d zoIuOB{n7ZlX8$rsLK|6R)G<>{d2bqdZYfupms|lZN?Ir%0ef4hQTsj9tjF@C`-nRz z7cd0OazwN)H9tQ0tAgB7kD~=dGxQ3?4d1}6pH1V=jN{rWJt-J!wGk)~Ru*z+wGm;Y zX{}_C?u1a}g)ow*>=nckUh+LoSx2(VoA^5S#>R)UsHzvEUr89@`0?P*aW}@BXo7K5 za(l~EcZm)r=xxQ&o1cPNgFCOfivO*M>l%zB%Erp~)~GeJwYS&mIlz0X;#XDAdR9!f zVt`B%4`T)=7@QKBUOhC*bx9-S3%?t5!CXDa*%Y$8{!j(}n=ngnPp>%Wik#)uxB!*e z6{;(yQjSYG()L-};3EG>EbQpWD$LH0pkZ>3Vi{48$5eraNX zxSZh2D3-@l8091^Kv2vlX(BRMl*h ze~hFB1eu)A_ZZF&aNh!N{TJi5StTevA3XMA;PFzF z?5u3QUa>Hr$jmRvKf~y!cW@IFR#&k%Ry!1Yb5^vxRyNnMYn$Ev*!~rCvZFhn!fhwf zaax6dWi`Lqifew}#_I(5n)4ih#p3b%aOxU5#_Q&U7P}0s^246o6YZJ;P8;T4FtfK< z)bjRPp4}hX<4&xJW#1BGaCh_Br8Ug8_(xHa5(OliOjZgWU~iG}Msa|2AP$tR-_KKv z%JU#)I6)`_8%!FwqghM7?$xfZHD|^01^0Z?99}6$#M%s=W=SD)s*v@@jASZ>H1yf+ z>Akb0U%2zyep!&AG|YFC&`RsC)6TDJrYeyiKHg@19S*U3G(WoTLV16dZW;vNR*0!CFMHqVGz)o+g=%c};xha;tU)3gHE}kwWuq$CK#zWu~bf<|BD`f z0W{8k`Vt=t_suo>s+X1=gYyu0fm=mim86-^)QxtDHHq}&guy*}c9U_1B=#Yf!=wpO zGG8np(?=`+LSFS{!PIpj&;nk<r6S?~{c@Grcwl@msB-`zB9BG;wQgSc_5{cYSjR8*IG z(zz*7Y8wPk2*lf|y&^XEicPZ|T+Ccd6cqvX@G-N-s-;@R*GRJGdO=D{hqcU_yIN)u z%K3xL+9-T_QdXxLzZvYG0U)7Ldtw~ZDM16zq-?ZdbzNv!JM$r=uCZvZwzs(cfz1{U zeUV*1!x3VJQkcQBBWQuqs z)l&zrg5ptnO<^7m%XiYOq7@_Pw|ZHL`@YI0ek|*^+ggG8{V!S5D$b@go91_2Zk_?Z zAj%91vA{Lzh@J%he`PI0_cw!=lBW7<5uW`{INwtzr$=vTJS1FY61P#;hJ*9HZpA}E z+nNwrriwb2b-D4qSraZ;^`s2S!UWYKR-?|^Khq4LSlJ)gxw2p+qf(&GoyafJkq z6sB6GNBSb;CXuB`fw3r47$qf%%BBve>CIB?3$vbeu~g`Q-Y$nhhS=7CBtrF?+^_8J zrSoTr_6<1POI9VEJg}wDr`zP6014a@D@>@>%cmcAq{f8{agEz23ze1n$Nb;3?Y6I5 zJ_9#e)#wFxEm~Uq#wVA_TSP)|k>P3==gb{B-dJ&Dydc_`v40-6%|ZBI$X{~z!t{Fh z)2D9T3Jrf&_FhwEhkpY`ggCf|k(Uo3xNR|h8j2e;(OTNk!< zO$emHtK7J8Va&i5o%zzY0k_9L2kb-rI(|F3x@?_>x#aLw?6?e{D9s#=H_>ZLyTW$P zg*$B3;HIPyx03^}hHU@L+=4C)>5W#BzJqdvfF|dd?fJ813^KutdnW*cakTtDww=E-wq(fN zE*HYaaDOqB((P#3n&YlLcY9e4_JzKwfmf^*i(XH+q_DfcTQ8w242*i>d#23qeJ+DF z;Eiw2_n5O@A4y*QA5Yu88{^9F+SN(3f4L1yeetSIbq+;YqiRaD3}ZvOn5c$~JM&T{ z`iglt6%4y{j323OO%u}rS{(Wfu^c}RZJ*t|qJPg89Dj2;L|`Sa|(o|{9o^@M&g?Or-f4TnAxGgY)tb-+07 zDqhSUZwi&uM^NDGYXxCB8Oeq(+*Uwa>GN(nre~7~9#fX3E~PTcuPR*$RPx+l7@w(N zM=(IXmrRTogVquFM@7ZDQHlc4$+K2#qo&=)vEzn6R4#~Tr18|VS#Fe_^opd3S0U&_ ztIX$n0;h~;gAinP232=osnoyu{6pF}M6aI#E|VTq$~&t_$ThCldu;E2IzoUGMDxPQ|$vyF-0z5L2a``y|MsBgC~#% zMy9-<)aV3Ea^CBsN5$^CS^{V)StP=7?vN4Tij`O}0^~{UQfe z^?}zEc^@?wY(nP&#><#=?{glgqwC{&o%fPW2Fy7QWeXWF%cRI7E5QBmP7e&!OfV)Xxto^;em zX4}7EnWqjc%&Zi#n>D*XQz>5FIUtVDcC$>bJevL|LS34tHV7!RTM$Ij63!e}0;2~s zXUp8~?IWPD^Djc%xk{ zijH^7wHKT>R~c?Q%tH>aI#s!Om*cZzN!#^p1|$dr@zA$tfel~-u9p(tEMa_F1U{E$ zw2mt$=e~8W57P1FQ;F)egI2Eg5FNz0Rf*E|V#;dOB%2XeU*0K;vJWmyccX?%wC460 z8xS#unwd&9dPBIvFZkJI2I$=j!2NInLLN3Sh>R7IUf+j+(_b{gZ-XcgD_#6ib#3yS zmrn(z2wMe0%6W^q?q2M%FBgjkNCNN$oP^?|=pBazj4S-Z)wl}mqAGw`;}``TxL7DU zoTgy*Hh5Gxx_xn=WQgKCZWx4Qidsf?MR|`&i^Y<^IR`LXJPD0XrkJ5tq$dUy>y1&Z z%AVKEIJpgoGAhXRf*?leUOGOoaoQisdlt|OfK+U202#(QZj{!>`RtVr& ziH-mrra()NDIr1YUD%KZ1^msoc-%im#bx+6d(q1wP}66*REF{;^)XYa>(S+aBJNxe zlBO975FQ&+qqkZ*yI zcd8-$QUSp7ViV%la!W8JY%fZndhhQPGhWn!W19FSAY%csD{&9j!)XrsM9k=(=Fb^f zzqpb!gF*2S2G6er>WbO+e2Rm?zG({;l4%QAMK5~mQV-__m&38EGQL8HhNmS}P5(@d zIyI}e=Go!1w|BHstnFU&?as5FWR-6S@2DC7wa9~b)*+9|5kgF{BIm6{K0+o{(J;TO zGB>G>x3^77WFDkuCP!14-D|4t{-2sZh_r!qj-HOLg~lkfMi&MQ$O6SRX&gGa3MRsi z4QTC|N4U4{uYTQjLIt6-Z)3Mh?D{LWC+OohEO@uCDeypVJ3W3ca#KX?oC7 z)LXz*Ym{VjU^uwB#~LSu{9Zlpj5zaIPAp{*2Jiiv{lA}&>U6G zv>{QlKpuu8S>_RYl3c+-^gCPrSR}e5GOvol0`u@_gYLr4y=7TD)fYng5PtPB0g%k5 zOsPjb$o3Ro^Foh?8BrS8yM?N`1+LEKxKfhLz4MQQWDXU&ye*-*50!Nc= zNj8ti(L>&Lq}@-F=f^n&nw0dyO;(lO?klQK6|HCie$b{G(IPc>vQzx&YLp zSZ@W)% znth$msKLgYgmUL3GEMqv_F(n$y#{Pf8N94Iv2ANS1bd)3{o%`LVK;WQo6uPBV9=Yx(WM+6~q4h%|zwCsgq*76D{2*C?D1r8W?2B!e6D-=ubWzzv&JAQ~zf% z1mV!|(wc=O?B7J_Ms+ypyBZE}MA9;BlnuGwPCviP8hI|0lR*aC)6TTbd4>msiw+cy z2W6mZvH+LS>nuTm<&6S(<59r72-+#;Jdb~7Inh+W}q?C0Ll#o#_*rDcQt69i=>sAP_symgi?U$e znUoBjMN4}kk3pDBIXSZ##jVRmJ;2A%KsfiGsAb)5n)<~8j4BAWt%8^=IW*4!rFXye z6oXxn1ime0xF^qkH4;$9jilGpP!`M!$Jc_~m%i%Mh$^8rbXJ?hUN54*Q05c2rHY8VLBUax| zwBxi9j%NGI`QE{u_n%qgm^s7yWDOrNb)4<9C&xvc=Ril_qSedZINMg2flY0f#LV~Z zfdST@#uX1-?REEp-S)*(dM3%*8EdiiGx-YeSKpZRF0Tmg0B$LMITNFre69TC>d^G| zZ$M?k;^rH;BL~K;?%zS!oVoi$#`_`M(UQ5l^v0>7H|z(a#KG?q@T?MNrDq@iwQ~Gz z(R@5AndXJ0f3eXf#e>FZ>-0Xkr2b?g!gdkaYefYY>@-kNg8#c&r|?CL_^t*)3R}d9 z65ZnRg=Y7?ggl`+KK-4KAcf;ud|y<)gu)X=<{RT|*7J1t4+-irz?=IR6lgn+$)>HLasQo#@1f#zlco^K=rU0U* z`4l#bwz58;bOfJ{$ssUpf4p`ctBJH>v>P|Q#29567%}fn`ZxJI>_z;w286FP7X z+404*v}ChH{5(D79SJ@9Fv0BBlX-;+mI_k76#`5^U4sa}$yZ4CeRXw$&|tF184Rg$ z#EDtdaOBarI80x>pso-9jfSsOB@q^LWMX4pMtz(MXV!wBeJ= z=%uO^L>Hh76G4t-5i!Np_k(6ZDrA~Qk?Zo4rRrRvcuIr0^#>9y&)HS`#aNByS45Lw{?vB5AO+J6~3%2jawQu+GtKx-0q|6IS1*5%V5hBd7y+xX8b~A>zsJI^@K>j>+G4E_6(-l z*|g26$67B*VH6Yb>AD{vc_T%xU^0@%5T^;7Gx?g2^p9FLJx4eA4ECL91Hu{7ffaDC zBP@9?(PP4V(i`ikE)B&|J$MYi_L_d|*|T1TeQdlZ6=LB|n6<@Rcwad%WUmEpay{R_ z%vU?GU}t^t{Md?B*pY3P0uXCy<$fC>19wv)+5?mwxsztXEHm_sZtexL+t_97 z9oJh=w%`W$`Y*@4GC!anRqR0IeYc(rITyL$KNy=^ah?k^x7+r=fjYQ%Crbmc9+ocb zNAiQQt-9Lkn6=#-_@F!QRqPD$oyIW~r$F+?HoVsML6vtK4e$qSrB_pEw3$i1N`Xs>u4a6jaI?VcAN>a?O~1*sJ>|Lw zysrR|&^l_cy8;mZX+RdRXAF&x_U<3z+_|+=Q90Ep8F#eerdn}LfBe7ntCW|yr1G89 zK>mGm=0hIf$gd9Q21p_5=>Vj5?8Ok6 z;qoXPOexw7vc?&Ij;0B0URB{#GO;v&Rmfv?Bt~fw)gZ)w;hZYmT=x-h*eZfQHkjuK zEhy2r6NU*a?=%9Gb~!=s&u=@Uk+!f9Bv|HWrILUI1l2-S6>3!9iN+(L0XC(iI`yqV zV(%xsdlYuWaQHnrS0d$cl$v;5XM-I zRBqlk@s<*!Z=OZ0qPm2J@m9wjR0e3~1iO&`PBmJmpp@nVd$ehlHpt;DS?P35n%+a{ z&#J@n63J~Ek#&m^F_GFI@Sedz#|ah8yN_z~w~^6x*}#ck@S=5yw&0*QMkTgyiRF%9T`5=N!jo^?EA(Ii*AH&VJX&nkTyedcFRlHg7|TDaQ5@b*XkB=H`y9QH5U zs464%2PfT`@GWxPNRbs}yR`!>mfg-r!4LZt=U zf0tNEdH3aERvHPTd#N&mZ!wbZ;L}S1*b)1n_;7f%4atz}xd*t|pANF2f;>4Nq?`t( z6jeieeSx+8=T!G$O66|KawtPLrsUl z>nfdli`u`SHbChIi}^7W0C^(`XgmpqfLSq4u9nMMK&v9`RNwc6U)@sx2Jj#_kfBW^ z{Ag91JwaSL{tH7h*|W5kYZ1`|xBW773MBOWVjj#o4b;yxz|1kRR3mRxN+}mnQf7do zQ}ovqAfd!R21?Gq0z?Y4t8jVDI>ic1FtF>vdKBFt7-lFcdA)|w2>a}L2<}=vK_RPN zURH!^y|+pjX@#;RgJ4Z);G4_^{!0*YP6t=KrP0VVNXtG{Q1x2@c&%zwX4G&6x*0|I ztLycXZlsG@LrkrnG}A~=ljJ#!__slz&5ltnX}mZSl^@J>_Y7@ty^2cw>Zy}Rb#NTg zgPG(aA_Ps9J7KMX`V_ zxKIqv?6h`q&PhE?cwJFJ_A%0Nq;6o0=qbQS$w(IUt3%W@$&7$=!4;Ty`7T@xVsRjt zc`@H7wqo~Rze?h}*3fmIUd3cshTG408Yia&L;%nKReYZI`M-(J<@Wyn;&X~fBMztX znC2o?bW(T)0G;nbJ#nqU+~3MXj=g%r3%LeO-;F2!E%S_q2==Xd`H zp;}m}pjn1Eo=O=-IFM~~P7*6>48{=9jZfe!XcggClNzrpL_)j(DMUPHF_NTOy}VBf zpJgSU4~);em`;RInfi=7kosn|lEbymM4hbt68$Q@DcJ)?(v)^}PWNPPHu@g-9}CLH zeR(?TGy*>OJ}tw?%9g@0$o=^=9t5Fa1zIePtgO0xf^tn0t>@v#^i(Af)Z#xS_tN0B zd4E#E%gR%^;0w%1#>W?Vg6I3wePD=&SUfYZ1ES!#FFk#KEt@f0h;PZ+MmN~+tHP~B z=q{cU>wOj>H}BNj9<^ClHlk!{Jp8jXP~^2HI`Y8X>C)5JoJM5b$EF}LZ`jz$T2f+{ za>EWptNtg>sb17ug)9Hf?Y`g7EYLg*)~uOwpk41*B$|=Y76rI6!J3Vp@KgYa`*CA= zCoaf=rw2?cmpZUz!oIevmMnAKni7{!DC6FWlV+zk-YCZKvWq}xiad8Lo9VgU1Gw*0 z=}^0ykQjRx-jEql6>OUqe}?}&b=Yy0I3!v(0?mnfp0y`S_CLvo=%jsqQ0LH&Yy1#V zqw^T4XV92*8{(U`q*7uZ|5|9D-+U*!{PZiUWsVZXFWHbi4G=qMUwDoXvm7$eF4Z;T zVfoPFnAm&pQlu?%+YWfBK}1FF)bXEG;*ko#{j05x_8MGU`^p~qhxa3V)Yj4{aB6cR zTNzOCMXA0iMEfsdbjn5e?q%*-(q%q|Kh!GOv7c9c;1g%GtDm{e8)jP9L3(k<5!H8A zd+_t>^)k>gam5bA5 zF=0}j#$fa%b0_p;Ur0`9oIBAxj{J>*hvHL&>b@VO` zU!Cy`8EnqlA^;5r(&syLzE6 zoj0XgraY#{PKYCJ#_!lk@vu{JdQA$%(HLa=P$+~9^HXV7r^pdm z7lp^nQSz|5C)p1uL%~l@q$w6tW*szp!dGt=buzmq?5AbgJ$0@?GW6vh<`Hz$D9u{V zSkpp8xIIr(K>3Y#|NcjG+(`%RbNc8TbFO)`c##FE90F)AcwwzHVH?T#e*$GUn#c}W z7^bXWgRS~=#e$awUC3nE@BQne@o+n<^?X{cQlGPlD^kPUc{wC{Tj57 zu#jC?$U&Cln=fg8FaJeP?|fOv&X+3lSnfEejW|dbTbNM2$^S}oxfs(28izpf1-TXq9#(;rG5K>5a?(pF9v9Bil#)v( zpXD(8N`k^Y@LNASHIzX@!Na=xE!p;=$8-Vcb8g%vQMM78%gQ*Q zbB3$==ZP*_jfcj^GTT+|tEc9EjE2|MZ)L@5MKNh&z?j0r)*di($Tpj6oqh>a5YJ2*2Lv14S7s~F0NKAh0D7yn>BN;bn9mYi$z9y zJVpKkiO5+hckHQMD_L~P1qm7XhQ^G`%WnFOwoO*%^&< zP8Y&5VuPTdp-9!6pytm-xIjnCzZN_f1k(Yt0FAET-m$R?L*kG8|ys8iy z`;_#-?ftdlr_VVCf?IZM!qNhpP@O}EOg=ASY7?aYT!b7ZI#dmyK4c}?5S9is6qX0O zNsC26*QZsdL9Gn%756-3!ZKDRzSXa|VtFbO5y?wV9y(fXu}@PP(Cjfh7;+hBX8q#l@SDdD#fj-)!g9Mux;ejo{?TU z=XpxEGivg9g`xHdjM+npDSJi^opwHkCsQ5(oBlB67b$#wgx5D1{X2NX+=K4-u(uuC z!#rZjS|CRsDHUG|4rgxg=jnzjMQg@TmC_``I7C56lK9DzN8sY5nasDGMEGzfr(xej#BdXlN0 z0$ar!y(b;4m9S->}zjlPl1=-TSgU5!!iHMv2Uq%&SQ=0#1j~T6^Oq zERELoJ#7?wlk&8>Aq%e52$H80u?4OWD1U&N*^?$~Fv@U8mwzSqEUodQ^wX!k@&`{Jm*52|HI>0$lpEK=Q=4lCwgTm0O~ad{6gr>NJEnp; zq+HDS&zc^VgI@aJM9Cgcl11#{Gq;I@jwaa~?yrl(*M5m3$A1;x#E|I^NJ7kmaPjrWTj02>0 zymQP>xD5OgoFh3uQUxoWA>9#_JNt<4?d3>moG(>v?N0egEN8Z)d-0q)1HI34enanQ znj?FR2d|F#G{o;rNE)Q5ps5xs7Z)1Y0xoqtJfk6v^-mciW13-c`(}}ngR|avxHoU= zkNvUCsj2BN(A6Kx>WVLzCId_)ii|)CIG`Hxc5=lv1 zM8Hba={;=rbEB_tF9q4nzK8=JanH-NQj-yBHHIprZ7hc0?=LA3USm%nhw5K=`4Q5O zl(8CGS$*+k>guau>Ycl^WW=ypI|X1QfP0mam^O*2X-%C3d|k)_C%TPQsyjCCJ_rW! z<$&uYOMx41lB7tpf-1lUqfUJB)t5v{Z|X&A3^7J$O34ijY7?z*YkIWM^`4hxIp1_1 zcHi`Z9CnY$EngHVBVXuO_H}$FSNs+AFux7@g^%)-aT(vl=1kEH?<>19V6zpRPx=}V4F5Xs4Yyy#@>R)ewO9! zb>Q9J7=`InQ_-sEM6LpobYUm)mQk9k0}CcJunaMGCj2gYFSb@|(!aVHUr)a$z0qKN zJ{pX#XN^X`H}0MHc3_{)E%uqOV>ez7kcF?i#j|rm8@@Hx$Gq_9w9)toEUsj^&Uip0 zvZM&>|0qZ<5Ro*v4z-P+N;l(g-osnnl@bq_ybTzgFbkx?-5esmK7q`C4qe>K` zs4lfIdPbzJ3V+=a`nqEd`010!q-_&1pCVqZGF(k@)is!fMDOiKg{M_-)$LJg^&9jf z1K9labM0k%30J3$#%fy%PFbc&4ko&@=QO7W7-pa{e%WwhAMVn%rpa~lp*cf-&%=U7 zWJN>fV4u#{6{1EH5oVzeF^hcgPNyv;Lh9dlTvkZ*9m}G%^Wi~LWDk&Zae8IfaDO3Y zt2Zq^f~)DsDVpL8VL7Bn?yXc2Es7LGb_t0{DN+2=}#9@cZfG@n{Tma}aN%=hu z)|Hfo93EWKhwR`;G6wS_6VmG3mm0#^AE^pYeNYI3F$-9h(RA$wxaJnK;xIdMcCb#g z1r4)M=@k8v>M0~I_1+A5Zcs(8RG$@hJlwu+-Z+~}NMSAejcO!Bqe4WjufH{wa(|{U zbjgg~vPD7DFxyyD8r;R=A!6aePcEj?X_nVp!`o=}i<4m9YT|XYCh(Q1NKy_$GYgin zh{QtDnx>^X;5O(4J<`a4|B@A>m~-15Zjy?e1*LUX+oC+bn6q1DT=pgsb1BJ&YNZL= zkIYPbIgJ)RaP*S82kd5%T$!!s{2h)_Y58PzTvkJH=ef$wZ%YfQ42cWW0 zC)tzVRy3vyurJw3XljUIqnK86$jd681kw1g+&-uMfo2tF>G=`qA&&DD2VHTF3{z!} z`$Xnu1)+qYJ964$dp2)uytdz8tXL?;@m+-mx~Olzrsk1BC+3IZg!+LTY0K^)WB zXk1zZl*{IEttP3lAd!d{EPebXvAJz3Fmv?qEgNS#x4|=biKswXefaW-Oi-6~CPKN> zzgr5@gPcRg+gKHtfhQB0sQdJiEqE3=sHU35%s_<%j!XfEt(tJw%9Cj zU>hl}N|&O~LzS?OwsS#_lBOcBfZ=^T6sQgK2f5mSKcLGWo*c=uT<-SpZ1iVL<)Aj~ zVHeBAAvt_*s%)g${j-LRGwnY=lIK--J)#*P#pl2*^BCHl`%&fXMq@IV-t2*OUcoYJ zUoD**X-~NG(?(-p1P-esDs9Ba*(aNu`KNgd$&QV7JMy|?A-VOc?v!*a%(E8Jt!yIC zx@4o!r(TI!l50Wa5+nN=getc;pffet@kpjN`=|S%@v9&!ym6nb_TyJPn}=+rF9EQY z08zya6%-LwhUW^Q)z|E~bIWrQiM}-h1Y3>wSTMA0(rZ z3YCz1HK*@wlIYD0?0{M+Y+5(T6W6O94q1EAZW74(iE1{uo^VBvB)cL44xG7Rxa^o@ zGYSH*LKjw%NdsH}HU{IOeHvhGOutY<{B*Me$*ufLfv|KKCo(TIRWmDrt`7#K5BF6W zv9O-(8#4c_tTzD^I*e)u)zwYLQpwC>yb24+6#XAsh{La{U(Bu*#)p%0iH1KHnK3S;3uZHZ_?>{orFRT*u;h(VXtfwNx{+0$ z=?8Nrr!TXPgzdUSz+29ty|-l5!*X4@%1%~TA4kO_*;M(LE9u<;YvF12u%-Ys$(nHc zzHAs6i7`S0cZ?=@)Su95Q3HCA6rAP2r8AW%OY(4xrUX2d%pcd2z zwMYTfB5N8*mwXA4y(sN?WYftzEE{|fX-E!~A^QMf_St*7O5_|L0Zfatn8M09~(cXg|Ok#O5|AHs(?`r|#4Q;dm$^r{uu<`@ndOJJ2Bq=KFybvenh# z4xFl&C8F?bPr*`Xef z^0=?5SL;H%QVTTQ^^v8&2@mcrcTv_*wfIK+9pI zhxJU`rN;t&nR_-p2t@0`1@S&%v# z)$_Hx1y@pgU8D@{W2*uVs55!(M&p~_MBZcDWjr2dEQOVV-Q@~My?9MRQOt8M%~FlC z6OVb$LAW=$-*q%Yk(B}?wzxGJm$pb(s6?*9d(D1yq>5`UelgJ>KXFW4?z5ℜAD$cTir5-rK}F9^|N5< zR4&e~=Cy!`^#EP}Bb3*MdABMN1^DPOp^xaz_F3E13RZ1|5}eCMaWmq{;A(O?_+AUeiEvTpChLZx^=SE{T9AES%SJT1c30vk+Hels- zio*j8zeC!lFqX~uKZTLur;WzU-?oZ&m6G>@Zqg*IjKj*TmQF1PXS>@`erB~cr6!?@ z;{`*bQYTUC?@)D10X>biFzXRkg}-|^MIXLfCp8Uc*%2J;Tv%vg%=;<%6%AUdrN;Vu z!{;~rt7qTzymcBuXR%NB&sbW@Dqg)v`=>44tGQjdORJ+hAhLrT4n~9CQKkMAtM$g@ zW<0zalhI&wHkc|qhg=j=1Khrk*1Hz={Rj<55V-;fxHKj=F#=c)ZVrx`P97iFe8}yq z^RnTyW6y$xV+`%L_UZ#3Lkig%j&NQYFge5)M5??GXfc1hp&f&b8Fobk9x#v*;7>n52!@cdVnVi^QaQF-}|o?$1UDAxOn8NHtA^?Ky zxCvsW^;}JgyBZl^@rb6H@(pgtN`&A<@)*Bqrj#P*lAlm%d0OCqTIN4I4+vHU!FF=T zg-%nzr=6lBk-^39tJF7cezTV0ZdzLYuF8;OeWKipUnl5yZcn2ObB zn6eCVEaog?$x_5RL{b?{SCmJ#SjoyIuVS%gZgzj9GU&EzVr>8wNI@1kdt>V?0EtxD z<@|JVbS@8x$Lg45B$~)6FJuhTLB{z{Zk?_3pwzv}9}9eHCiWEcjGd^3vaI==WjUQkJX=~)Q?3lO#F|U{ z*0)pcSI3LUn0_o(G+{g`X4Q#B+#1|iz@lcUJ7rsIRwOLFM~#&tgSuPd)~d~5RW#GB z-U-~D$!%&-6;lS#1(>cQEZitbo5cz@1WZTDa-qB>%M9P*GE?NuO6D#cuJZ>$%f0+FTArK#MhlTPR4_{EpdEl(Y>`;8ULt|-0sZnujN z_=|wrtuVAU<>@;=85`Y(DEXHxkGh$33390pXk3 zU=(<&dvl=0p)#%A*+^ZV=oAh8{AaVFzVtqu^f#z zloJ3$fSKlWBh@+Pv<_~=T@JdpGj+CN2jn}p+(U=+wYtAuA89_~x)4nj6`^5GK9EiXo4o@&uVx0b2yO*jVM)VlG)_M3O>|<7G~x zXxBDC)rR#FuTgh??0w*(s)04f%aXb=80Bhy?P;W42h30COVd^HsW5*vPx1tDMB z`fXqtKW&h3nspp_jPr(7tbF8-YAbiBVNXi#C)=fUPsLSja~%z){Wrbwb?(btm+$M=SbAOe&kfH`bryVQ(2v$2 zdAdHFIoE@{dOrI+4T=>;Z)A>>B4ko+k~y>HNhz1oBFeP|SOdhk+4*kwLfvvK9D4p7 z%EL1cB`0M8pwyYzYMo=w=xZ`2r_K(x+F;*Q+Y1^`S!7^zSe!3e4pC<4)N$Hq95{;P z+aeC>3RJ|(NvP>8VpA@ipTn?e$ES}d#v`W+w(RJjy_!X_ z(gITTG1&_qOwtwv^0TTjJf-zGY@3c}5Ofe{W;HOP1&luxgH+cF=;PqRiPpw-M2fz#SL zCL8qpSH0+^TmD|9m(vxR1i6R&fkpRHvW@d)_PKuQFah9_qFDyd_eAnMiu9ugDa@&I zXhw^O6Gu`XJy7;50<}~nn1rtJSl^-@q4&;+%J?vfTqJIYB zc`PeDgC1PVLB1Yd&zj`yW;PrTX0s-l%0b)=n&jf@>ioOm5a*7G#Z=_d)EWok^Vr>m#lS7uHW>o$;Dtim_nQKf$Ao% z=QA>^H0Yfhj+F{* zW}UZP08%_&slLF$Z0 zIbmePyOoX4vX}B#R6(BX1WUD=E{u=;SaxPtfZ-+sLlOAOdNi8&J)@U_P1rqxJJ#_H zbs`g8r}S9ITatx#Q2|os@O$dA#@Hg|)w#nb)dZrJ#1)7VL_ zNAWlgf8+1rHt9K-sY-6tZe_VxFopIEF>oBG1}25ii=2T=aaPQwRI2aG%&uUSq8)| z4ZMzIp04HQMtYji6oc4JUlZzuyMqHN-iLA&lCCnN$gZVI*f_pR`IuKwI@rLze<2z< zG;K2Ms+SNyD{gP$3NN|S`8i9F7e&*_9J%R7_(Az?DTnS}Y%sQLAJs+biBctBKkBkb z30}xBR^#j4bS^B2ef9jKs$;)4o#pG%%PNP&PaBP=#4&pctTHnZhjp=HzTa4_z5pzD zr-UEvzTIS}`B6FSVmoY^{Jitv+4|*I5CIIhELLUg7X-V+W&SqzBs=cH5w;vhqlZB`lU!~y#w7n zG8Xw#F?prfI0SPBFEu!3;5-Iw)O&qCwAVN)x?MHcZAy!ecVnzjLYMG0nG>&hiXa1( zo>HnvlTdPSj`#TiSuq-8Y&Vr#5XdQ#C!te-0ML|WBy9o)Z8qH0u;~CMZEXbx#El$U z(Ohv~GhvJH^w6LbDb z`SH}qH`~hNK9YHx;|#8vx2dOGa;tELO<_@Nr69#a}n8C6vSNkuRkj zsx$7yE%R8pJVBg69IQdXdw6n0x+gFGe-o_s8^|@4lFYV9K{6J(Tvmv3)7-J~sA*O$ z#3NyVKQbtE7lx|xq<3Ztg$Q$BZd2{@y{%B0iocS*mEQs{B*TxeFo77g!4_L=RzX|J zN|IC|-XD+)$o_)555Nb$h3pF2fu^ZFHJjjFEzeLB(N=RF@C4{yM(-i_MWgXU_vA(E z*|Sc!)qPG5J6{~1bh_Q6M&nP;htF57a86t7eV#38%34V(!sF?ncRm`lSK*(Y;?wDL zI$yka0snS7ozlN2otMu~{?vW;;@Qg=-IH#o`=?I#`OD6WKatLpynV-~$a0$gsq@M2 zDi7}8}9*=+g4|&ZaHfA{)ya#8vh|J`6fbgxn(fI5$GK_Qdje_{qt(6p10QzB2 zaxQ{9`5mbO1pI<)OGehBK)g{V2|3hdx~TwiPbe@Qd4%=L`s%?XqPe_|$sk_vn2{n= zu3Z24AM3KxD{`ScRmSvQUey{+e(MOZuRN32EHi$gd$djNpS3&fmxRCO@4E`Me-7mB zzWY_X)0Xr}MHb5=`Wn0xAwnjH%q*xd+19rv0T=frBR^uXZ#9;!NInM%#h|( zu82Z?Gf2Q80~d3UCGlJy3&~mk>@zY+8Spw8&so-JRn~ge?zT@F zEi!&R16h%!wqVU3v?DQH!gR1;|7e@~+xO7Et?V_WHjbO!LpqWqWm1MgML%44IEjFO z3sw-7mQJ2d?1225x(PGj2!Rhnxh)l~VB^0LhLkT<7NpDb-UI>cVN8ou6iL=p4WS|p z*VxA3x`{fBi?PDU)nuZn^#+i%17yrxr1B6~w35~AlQto*h05W_GxB4^`xtfiH1Ny;&8fh8q|3(ni5(P(@CS4h>+TWE+> zd_ItKmIWyXWSy!4m6aMFNUQz>&2D*KSwl7Z6U$mWNLs<|LT)nFO74HE>h({3wH=i! zCXdvnR#(DLUTcxq(OPM7+`C2Am8~@z0A{DGu5u%%EE7c<05^^c<9M6e*~iI0Z8U!R z>8A!w_*+bvdP?rQjXNHPryFG(E0$Av8c!Pp!mCcn=Cm{<*DMPlxbsMaER%n>$du9W zyOif_MB{aXkbovM;Q3lUCHm~1lI{hU&EIDDdqVT&DLGz>6+70iIp#rpj0gWb6$y`z zr3{_&kY(5wQ0`Omm+|Y_yV+p+b};?AL7Xj&|ra&t9W_8y3=k$tAwoXLY|UVQZY_2+-|6e`yc;JPRNT+r_+V@AVgFHtGB_mNzvZp;tZI74s zIK(XK{XopzVBT5>H(IH#+i#WM9btS$aXS}l1)vTR}$ zQZtrI>9Vb`A79D&O!8(`k)Q8ZLj(kS!)P*LsTAGlg1vg)sVhIC?@MK0zHG`(i5s=e z-gC%>G9#{X`2Vh>6b4$onx56W4!{ZN=_HA7PR%O z^RmUV%2{C9`Pub4VXwmZNlk%o#^=NHncVEJ2K`Y#;w;Y3XElXq{Uuw`SHu4J{H&(P zwH)b8F8iySv*Ej8e_T@##Nk%~18h^$YUNSZFelcHDtwA9ShZBpCkwm0<6YyVEPMds}y3u)4kw)@*Qo5d6CI?R1T`^}t9+3sh z;msLoMcA=dd0H^i66EJh#FGDi_4)s4gM#MA&fnWeciINgLjI=y_^;0)J{1BWopJJ{ z?Y}O&4@fI^Ni9O~GVmbEjLpe}&`M4r0+U*iu~K8DeoC6%mXnzM*!_E34s0UQ{J%c8 zjr~Q>A50&JEW`dl_T_6*>Q;kj{mow{)2qLI|86+>`Y(goyYbce;N9eEdj0jWQX$cV zAEzwKkKtq--*=CBd@IaGx`}xeag}?i(2tH)OqP87(`wyPn%d|Bytg zvbGp$wUQ!TFujGZF|K8WPRJ_(IPi+#ep}308nc{1a;`+g;2B<(3jhf}*yZ4bnQ~l% zS7P#Thrpoy7-)35 z~>KCb;Qrq5HlXA$Zwbtp?ihAjqaZ;q0$X=qv;HKGzD^CuFSF;PU~+4Suv(io*l>y#7O}62+1(x^?`s& zp&M9WU!a~Piiw8|`&1{qTGHIeOpvj@4Z{OXp~fuS92YWrKmH^c2Ag`Jm1N0JcKzf^ z%=xd!L2@T4hJ1PiaY}Q>Vx;ff>|#Bi0Q?Br?2U;sS>|-S*=E1wH6TR^m29Dg3-Z1TDF-tQ;YSAsJ>Ku>~7QN(Tq( zl-x>=3%Y5tJD5&~=L7g* zHn_eRp6jnS>g#xL{qAfyKG*l3luOtpkBj$8hAAR;N~T5J%X%P0Kp+r9FMog($Z86v z^6O2;(wgVD8C0)%s&rmBDx~5gn!sNf3sROVrJ7pSKGK+}h^(=uZZ~W$b2_I%TZ0!M zZM*w2YjbgI1WV@yJC<6JyHu8hocgDY7NH5Zlhtzel_NDuu2(&G+mkz|BwDseB0`;G zGm(Shpo+X_>0A{kGG@4rsjjQL)I?p=YFG~JD zFJ3%*`G^0{@A3KZ`1tRq^l0q7%QAS$wte|fmdT|^zOz{_AJo}9#)o7qPv?s8gjQh53K zyDnxu(mS8n}hFrHiY-8zdt0XlO6XgVxa$=&a)sF;EI zCnF1?_rWjrpKE`)I!DEjteKdH-Jr_)8GOlmw( zj0WMsn?)t6psc)r*y<-0>8dEQ>_PS}W)Db@<mAt2#kcwh$&S3{ z?^)J(OH(e2jLeG#xDIFXk=|-=c$SNF-DrGJd+-A}m;L*&mmksxSIwaL53pdNvzjqW zDf82wR;cP?_E++OG(IS0@CPzuNls3_XiDnw)dzRmkPqbRSESqScH15Dfjs+b_banK zKByMtgKvtMk&~|9f?xN?-F`<{7XS2 zgQMAA(^d4ickJN*x}9ew{_mvw^5ly@_`l!dBRzmL% zbTP-1;glTo4aecJD6%vNQ}W_DB?q0C$C3`qpF^eGJtYU-lac%dLO@T+!CM+}1)Qfr zKcI~^(fR;#UqmrWb%>D@LIJT&@sh@Y!Vp#&2vojbcPt~duY@p0`+}^k zUy-j9IRZ)i6YKpbpm&Cfx9l2?&R;$!iIOI>19MNnF}9P| zP(;3NtuMu*YAyRlijTx1BcjNYB9{db1h{U&oK{uI>bXXbOZi+!6>q%Ef;_5+pJ!Ue z+B&&*8nyAIVjkU@{APAFw$o=P@aIg#2NmVdXvTx83UhqW@C+$+^FA$N(#t^2RWtu! z2WMbk*9-=hRKvyq`-4Ws-e~|Mv+eamS)l60vs_>bHjJ4!xun$sAugndLOA9Ou`k7K z{(z9y+8UV_F#z*8!9xdN6wzKvJ5IbUSU&b8jT4N6Y!>$irGgPtwvbE`n9!3VimC$u zB?G$m`E~c$#sQY^aCySo;o5>5R1UfXolU#~o99VG8#{#w&qyzNplgl2u%dU$7v$Sw z&LVUxsE)I33aw|TegOR%u+m%d!_P28KqnpmoHiR6kFPLJ={v%upEJcRa9ndz(G`#=qu)*$9<`tXKJnQk}6cy9sQ8} zQiyzaU)-tN*z>*xBW-Ri+q?ecMpv|(b@Pa?jQLinWo5lUq*6o%mTL{384Exk zyG^x2&LL|r+N9HdaRk5tD;`B$*23eE;p1+nvuYwP3Va8rFbj5(3)1ewyN=qniBiv(|UgM+hKYDx`PyY89pN=Kk zd4tR#O%njV$nrIJiGL&wL`?3~*l%ySAxwMpO%{d@sw-7i+tEcpFHyyzdhFEMx04t; z^_a<<1+vEDrZ0m!yF0kA{O`tdJ!;{B0)m5nynBMnd!V}VCk_M*ZhMTOWSHBd?eqwcBzf(A$xgZ!`sT&83QjtGqADh7XV5@3U@rfH@_*M6-a(D(! zr3%(Z@JlCe@%|U-6EL|qS#8hj_}sm$0XBs6v{CMwv-_;tUist0OZ+Y>v;s-F+@yX7 z4N@1b@*OlqOuR*_-R@NqHFC%9O6cijvzU%PkHb$gBxMZUBfFC+de>5_!EbSzeZxQ*rDUN#3JfS-s7~Y z(@#{}doWnKhfly^>E5~l>svKq_3YM`t)YhI-89?ga8uC}IdfB5ZVX;0dL({bhXn39 zsVfm*ip6ZnlZ2&L$*vt-E?(Zcx?5L?<(@Zar&68!Wu53=Z)@zWKEF9Gq| zddwg|Y#*NQ)pu34+-2F1(xaLVM+IB)_gI+N(tG#!QYUkM({SqSYtz8PyAmM3Zpy5#}zYd^AGu2J5>&YbT6*g*!Nx!#P3fFH zZa}@s@LRUam(DG^V*tI$kT|8P`>zVQi}5ML=wr&=VVtw{o<_R|Q>w6KNaZ561X(pH zPkgz~-Ut14RAkHjN8uIUG6pEOVZJdsOjk=z8yYUhDXHL|)E&C#sGM8I?d9l<(LGqvjVil`2F3OqoLBY}h6j$2lOl>{ zfG@Mv`wzV{WnrR9Z@cHQG{V*x2U&2ZEIS(SV^!Eokp-`+)?;lvs_rxb??GYE0&Y0= mK7oqspB=dJ$LEjFAD=%ye|$da^M3;X0RR7oUs#R+wgUk8?`w4c diff --git a/CONTENT/k8s-yaml/CMIS/cmis-deploy.yml b/CONTENT/k8s-yaml/CMIS/cmis-deploy.yml deleted file mode 100644 index 99d3eae6..00000000 --- a/CONTENT/k8s-yaml/CMIS/cmis-deploy.yml +++ /dev/null @@ -1,173 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: ecm-cmis-svc -spec: - ports: - - name: http - protocol: TCP - port: 9080 - targetPort: 9080 - - name: https - protocol: TCP - port: 9443 - targetPort: 9443 - selector: - app: cmis-cluster1 - type: NodePort - sessionAffinity: ClientIP ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: ecm-cmis-np - namespace: $KUBE_NAME_SPACE -spec: - podSelector: {} - policyTypes: - - Ingress - - Egress - ingress: - - {} - egress: - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - - to: - - namespaceSelector: {} ---- -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - name: ecm-cmis -spec: - replicas: 1 - strategy: - type: RollingUpdate - template: - metadata: - labels: - app: cmis-cluster1 - spec: - imagePullSecrets: - - name: admin.registrykey - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - cmis-cluster1 - topologyKey: "kubernetes.io/hostname" - containers: - - image: /default/cmis:latest - imagePullPolicy: Always - name: ecm-cmis - securityContext: - # If deployment on OpenShift and image supports arbitrary uid, - # remove runAsUser and pods will run with arbitrarily assigned user ID. - runAsUser: 50001 - allowPrivilegeEscalation: false - resources: - requests: - memory: 256Mi - cpu: 500m - limits: - memory: 1536Mi - cpu: 1 - ports: - - containerPort: 9080 - name: http - - containerPort: 9443 - name: https - env: - - name: LICENSE - value: "accept" - - name: PRODUCT - value: "DBAMC" - - name: CMIS_VERSION - value: "1.1" - - name: CE_URL - value: "http://cpeurl:30540/wsi/FNCEWS40MTOM" - - name: TZ - value: "Etc/UTC" - - name: JVM_INITIAL_HEAP_PERCENTAGE - value: "40" - - name: JVM_MAX_HEAP_PERCENTAGE - value: "66" - - name: CMC_TIME_TO_LIVE - value: "3600000" - - name: CRC_TIME_TO_LIVE - value: "3600000" - - name: USER_CACHE_TIME_TO_LIVE - value: "28800000" - - name: CHECKOUT_COPYCONTENT - value: "True" - - name: DEFAULTMAXITEMS - value: "25" - - name: CVL_CACHE - value: "True" - - name: SECUREMETADATACACHE - value: "False" - - name: FILTERHIDDENPROPERTIES - value: "True" - - name: QUERYTIMELIMIT - value: "180" - - name: RESUMABLEQUERIESFORREST - value: "True" - - name: ESCAPEUNSAFESTRINGCHARACTERS - value: "False" - - name: MAXSOAPSIZE - value: "180" - - name: PRINTFULLSTACKTRACE - value: "False" - - name: FOLDERFIRSTSEARCH - value: "False" - - name: IGNOREROOTDOCUMENTS - value: "False" - - name: SUPPORTINGTYPEMUTABILITY - value: "False" - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - readinessProbe: - tcpSocket: - port: 9080 - initialDelaySeconds: 90 - periodSeconds: 5 - livenessProbe: - tcpSocket: - port: 9080 - initialDelaySeconds: 180 - periodSeconds: 5 - volumeMounts: - - name: cmiscfgstore-pvc - mountPath: "/opt/ibm/wlp/usr/servers/defaultServer/configDropins/overrides" - subPath: configDropins/overrides - - name: cmislogstore-pvc - mountPath: "/opt/ibm/wlp/usr/servers/defaultServer/logs" - subPath: logs - - volumes: - - name: cmiscfgstore-pvc - persistentVolumeClaim: - claimName: "cmis-cfgstore" - - name: cmislogstore-pvc - persistentVolumeClaim: - claimName: "cmis-logstore" diff --git a/CONTENT/k8s-yaml/CPE/cpe-deploy.yml b/CONTENT/k8s-yaml/CPE/cpe-deploy.yml deleted file mode 100644 index a3995437..00000000 --- a/CONTENT/k8s-yaml/CPE/cpe-deploy.yml +++ /dev/null @@ -1,187 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: ecm-cpe-svc -spec: - ports: - - name: http - protocol: TCP - port: 9080 - targetPort: 9080 - - name: https - protocol: TCP - port: 9443 - targetPort: 9443 - selector: - app: cpeserver-cluster1 - type: NodePort - sessionAffinity: ClientIP ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: ecm-cpe-np - namespace: $KUBE_NAME_SPACE -spec: - podSelector: {} - policyTypes: - - Ingress - - Egress - ingress: - - {} - egress: - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - - to: - - namespaceSelector: {} ---- -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - name: ecm-cpe -spec: - replicas: 1 - strategy: - type: RollingUpdate - template: - metadata: - labels: - app: cpeserver-cluster1 - spec: - imagePullSecrets: - - name: admin.registrykey - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - cpeserver-cluster1 - topologyKey: "kubernetes.io/hostname" - containers: - - image: /default/cpe:latest - imagePullPolicy: Always - name: ecm-cpe - securityContext: - # If deployment on OpenShift and image supports arbitrary uid, - # remove runAsUser and pods will run with arbitrarily assigned user ID. - runAsUser: 50001 - allowPrivilegeEscalation: false - resources: - requests: - memory: 512Mi - cpu: 500m - limits: - memory: 3072Mi - cpu: 1 - ports: - - containerPort: 9080 - name: http - - containerPort: 9443 - name: https - env: - - name: LICENSE - value: "accept" - - name: PRODUCT - value: "DBAMC" - - name: CPESTATICPORT - value: "false" - - name: CONTAINERTYPE - value: "1" - - name: TZ - value: "Etc/UTC" - - name: JVM_INITIAL_HEAP_PERCENTAGE - value: "18" - - name: JVM_MAX_HEAP_PERCENTAGE - value: "33" - - name: JVM_CUSTOMIZE_OPTIONS - value: "" - - name: GCDJNDINAME - value: "FNGDDS" - - name: GCDJNDIXANAME - value: "FNGDDSXA" - - name: LICENSEMODEL - value: "FNCM.CU" - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - readinessProbe: - httpGet: - path: /P8CE/Health - port: 9080 - httpHeaders: - - name: Content-Encoding - value: gzip - initialDelaySeconds: 180 - periodSeconds: 5 - livenessProbe: - httpGet: - path: /P8CE/Health - port: 9080 - httpHeaders: - - name: Content-Encoding - value: gzip - initialDelaySeconds: 600 - periodSeconds: 5 - volumeMounts: - - name: cpecfgstore-pvc - mountPath: "/opt/ibm/wlp/usr/servers/defaultServer/configDropins/overrides" - subPath: configDropins/overrides - - name: cpelogstore-pvc - mountPath: "/opt/ibm/wlp/usr/servers/defaultServer/logs" - subPath: logs - - name: cpefilestore-pvc - mountPath: "/opt/ibm/asa" - subPath: asa - - name: cpeicmrulesstore-pvc - mountPath: "/opt/ibm/icmrules" - subPath: icmrules - - name: cpetextextstore-pvc - mountPath: /opt/ibm/textext - subPath: textext - - name: cpebootstrapstore-pvc - mountPath: "/opt/ibm/wlp/usr/servers/defaultServer/lib/bootstrap" - subPath: bootstrap - - name: cpefnlogstore-pvc - mountPath: "/opt/ibm/wlp/usr/servers/defaultServer/FileNet" - subPath: FileNet - - volumes: - - name: cpecfgstore-pvc - persistentVolumeClaim: - claimName: "cpe-cfgstore" - - name: cpelogstore-pvc - persistentVolumeClaim: - claimName: "cpe-logstore" - - name: cpefilestore-pvc - persistentVolumeClaim: - claimName: "cpe-filestore" - - name: cpeicmrulesstore-pvc - persistentVolumeClaim: - claimName: "cpe-icmrulesstore" - - name: cpetextextstore-pvc - persistentVolumeClaim: - claimName: "cpe-textextstore" - - name: cpebootstrapstore-pvc - persistentVolumeClaim: - claimName: "cpe-bootstrapstore" - - name: cpefnlogstore-pvc - persistentVolumeClaim: - claimName: "cpe-fnlogstore" diff --git a/CONTENT/k8s-yaml/CSS/css-deploy.yml b/CONTENT/k8s-yaml/CSS/css-deploy.yml deleted file mode 100644 index cb77cfa0..00000000 --- a/CONTENT/k8s-yaml/CSS/css-deploy.yml +++ /dev/null @@ -1,167 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: csssearch-cluster -spec: - ports: - - name: cssdefault - protocol: TCP - port: 8191 - targetPort: 8191 - - name: ccsssl - protocol: TCP - port: 8199 - targetPort: 8199 - selector: - app: csssearch-cluster - type: ClusterIP - sessionAffinity: ClientIP ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: ecm-css-np - namespace: $KUBE_NAME_SPACE -spec: - podSelector: {} - policyTypes: - - Ingress - - Egress - ingress: - - {} - egress: - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - - to: - - namespaceSelector: {} ---- -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: csssearch-cluster -spec: - replicas: 1 - strategy: - type: RollingUpdate - template: - metadata: - labels: - app: csssearch-cluster - spec: - imagePullSecrets: - - name: admin.registrykey - annotations: - scheduler.alpha.kubernetes.io/affinity: | - { - "podAntiAffinity": { - "preferredDuringSchedulingIgnoredDuringExecution": [ - { - "weight":100, - "podAffinityTerm":{ - "labelSelector": { - "matchExpressions": [ - { - "key": "app", - "operator": "In", - "values": ["csssearch-cluster"] - } - ] - }, - "topologyKey": "kubernetes.io/hostname" - } - } - ] - } - } - - spec: - containers: - - image: /default/css:latest - imagePullPolicy: Always - name: csssearch-cluster - securityContext: - # If deployment on OpenShift and image supports arbitrary uid, - # remove runAsUser and pods will run with arbitrarily assigned user ID. - runAsUser: 50001 - allowPrivilegeEscalation: false - resources: - requests: - memory: 512Mi - cpu: 500m - limits: - memory: 4096Mi - cpu: 1 - ports: - - containerPort: 8191 - name: cssdefault - - containerPort: 8199 - name: cssssl - readinessProbe: - tcpSocket: - port: 8199 - initialDelaySeconds: 60 - periodSeconds: 5 - livenessProbe: - tcpSocket: - port: 8199 - initialDelaySeconds: 120 - periodSeconds: 5 - env: - - name: LICENSE - value: "accept" - - name: PRODUCT - value: "DBAMC" - - name: JVM_INITIAL_HEAP_PERCENTAGE - value: "38" - - name: JVM_MAX_HEAP_PERCENTAGE - value: "50" - - name: TZ - value: "Etc/UTC" - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - volumeMounts: - - name: csscfgstore-pvc - mountPath: "/opt/IBM/ContentSearchServices/CSS_Server/data" - subPath: CSS_Server_data/sslkeystore - - name: csslogstore-pvc - mountPath: "/opt/IBM/ContentSearchServices/CSS_Server/log" - subPath: CSS_Server_log - - name: csstempstore-pvc - mountPath: "/opt/IBM/ContentSearchServices/CSS_Server/temp" - subPath: CSS_Server_temp - - name: cssindexstore-pvc - mountPath: "/opt/ibm/indexareas" - subPath: CSS_Indexes - - name: csscustomstore-pvc - mountPath: "/opt/IBM/ContentSearchServices/CSS_Server/config" - subPath: css/CSS_Server_Config - - volumes: - - name: csscfgstore-pvc - persistentVolumeClaim: - claimName: "css-cfgstore" - - name: csslogstore-pvc - persistentVolumeClaim: - claimName: "css-logstore" - - name: csstempstore-pvc - persistentVolumeClaim: - claimName: "css-tempstore" - - name: cssindexstore-pvc - persistentVolumeClaim: - claimName: "css-indexstore" - - name: csscustomstore-pvc - persistentVolumeClaim: - claimName: "css-customstore" diff --git a/CONTENT/k8s-yaml/ContentGraphQL/crs-deploy.yml b/CONTENT/k8s-yaml/ContentGraphQL/crs-deploy.yml deleted file mode 100755 index 3b45ccd3..00000000 --- a/CONTENT/k8s-yaml/ContentGraphQL/crs-deploy.yml +++ /dev/null @@ -1,135 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: ecm-crs-svc -spec: - ports: - - name: http - protocol: TCP - port: 9080 - targetPort: 9080 - - name: https - protocol: TCP - port: 9443 - targetPort: 9443 - selector: - app: crsserver-cluster1 - type: NodePort - sessionAffinity: ClientIP ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: ecm-crs-np - namespace: $KUBE_NAME_SPACE -spec: - podSelector: {} - policyTypes: - - Ingress - - Egress - ingress: - - {} - egress: - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - - to: - - namespaceSelector: {} ---- -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - name: ecm-crs -spec: - replicas: 1 - strategy: - type: RollingUpdate - template: - metadata: - labels: - app: crsserver-cluster1 - spec: - imagePullSecrets: - - name: admin.registrykey - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - crsserver-cluster1 - topologyKey: "kubernetes.io/hostname" - containers: - - image: /default/crs:553 - imagePullPolicy: Always - securityContext: - # If deployment on OpenShift and image supports arbitrary uid, - # remove runAsUser and pods will run with arbitrarily assigned user ID. - runAsUser: 50001 - allowPrivilegeEscalation: false - name: ecm-crs - resources: - requests: - memory: 512Mi - cpu: 500m - limits: - memory: 1536Mi - cpu: 1 - ports: - - containerPort: 9080 - name: http - - containerPort: 9443 - name: https - env: - - name: LICENSE - value: "accept" - - name: PRODUCT - value: "DBAMC" - - name: TZ - value: "Etc/UTC" - - name: JVM_INITIAL_HEAP_PERCENTAGE - value: "40" - - name: JVM_MAX_HEAP_PERCENTAGE - value: "66" - - name: CPE_URI - value: "http://cpeurl:30540/wsi/FNCEWS40MTOM" - - name: CPESTATICPORT - value: "false" - - name: CONTAINERTYPE - value: "1" - - name: ENABLE_GRAPHIQL - value: "false" - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - volumeMounts: - - name: crscfgstore-pvc - mountPath: "/opt/ibm/wlp/usr/servers/defaultServer/configDropins/overrides" - subPath: configDropins/overrides - - name: crslogstore-pvc - mountPath: "/opt/ibm/wlp/usr/servers/defaultServer/logs" - subPath: logs - - volumes: - - name: crscfgstore-pvc - persistentVolumeClaim: - claimName: "crs-cfgstore" - - name: crslogstore-pvc - persistentVolumeClaim: - claimName: "crs-logstore" diff --git a/CONTENT/k8s-yaml/README.md b/CONTENT/k8s-yaml/README.md deleted file mode 100644 index 783304f4..00000000 --- a/CONTENT/k8s-yaml/README.md +++ /dev/null @@ -1,217 +0,0 @@ -# Deploying with YAML files - -## Requirements and Prerequisites - -Ensure that you have completed the following tasks: - -- [Preparing your Kubernetes server](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_18.0.x/com.ibm.dba.install/k8s_topics/tsk_prepare_env_k8s.html) -- [Downloading the PPA archive](../../README.md) -- [Preparing FileNet environment](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_18.0.x/com.ibm.dba.install/k8s_topics/tsk_prepare_ecmk8s.html) - -## Deploying component images - -Use the command line to deploy the image using the parameters in the appropriate YAML file. You also use the command line to determine access information for your deployed images. - -For deployments on Red Hat OpenShift, note the following considerations for whether you want to use the Arbitrary UID capability in your environment: - -- If you don't want to use Arbitrary UID capability in your Red Hat OpenShift environment, deploy the images as described in the following sections. - -- If you do want to use Arbitrary UID, prepare for deployment by updating your deployment file and editing your Security Context Constraint: - - - Remove the following line from your deployment YAML file: `runAsUser: 50001`. - - - In your SCC, set the desired user id range of minimum and maximum values for the project namespace: - - ```$ oc edit namespace ``` - - For the uid-range annotation, verify that a value similar to the following is specified: - - ```$ openshift.io/sa.scc.uid-range=1000490000/10000 ``` - - This range is similar to the default range for Red Hat OpenShift. - - - Remove authenticated users from anyuid (if set): - - ```$ oc adm policy remove-scc-from-group anyuid system:authenticated ``` - - - Update the runAsUser value. - Find the entry: - - ``` - $ oc get scc -o yaml - runAsUser: - type: RunAsAny - ``` - - Update the value: - - ``` - $ oc get scc -o yaml - runAsUser: - type: MustRunAsRange - ``` - - -To deploy Content Platform Engine: - 1. Use the deployment file to deploy Content Platform Engine: - - ```kubectl apply -f cpe-deploy.yml``` - 2. Run following command to get the Public IP and port to access Content Platform Engine: - - ```kubectl get svc | grep ecm-cpe``` - -To deploy Content Search Services: - 1. Use the deployment file to deploy Content Search Services: - - ```kubectl apply -f css-deploy.yml``` - 2. Run the following command to get the Public IP and port to access Content Search Services: - - ```kubectl get svc | grep ecm-css``` - -To deploy Content Management Interoperability Services: - 1. Use the deployment file to deploy Content Management Interoperability Services: - - ```kubectl apply -f cmis-deploy.yml``` - 2. Run the following command to get the Public IP and port to access Content Management Interoperability Services: - - ```kubectl get svc | ecm-cmis``` - -> **Reminder**: After you deploy, return to the instructions in the Knowledge Center, [Completing post deployment tasks for IBM FileNet Content Manager](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_18.0.x/com.ibm.dba.install/k8s_topics/tsk_deploy_postecmdeployk8s.html), to get your FileNet Content Manager environment up and running - -## Deploying the External Share container - -If you want to optionally include the external share capability in your environment, you also configure and deploy the External Share container. - -Ensure that you have completed the all of the preparation steps for deploying the External Share container: [Configuring external share for containers](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_ecmexternalsharek8s.html) - -For deployments on Red Hat OpenShift, if you want to use Arbitrary UID, use the steps in the previous section to prepare for the deployment, including updating your YAML file and editing your Security Context Constraint. - - -To deploy the External Share container: - - 1. Use the deployment file to deploy the External Share container: - - ```kubectl apply -f es-deploy.yml``` - 2. Run the following command to get the Public IP and port to access External Share: - - ```kubectl get svc | ecm-es``` - -## Deploying the Technology Preview: Content Services GraphQL API container -If you want to use the Content Services GraphQL API container, follow the instructions in the Getting Started technical notice: [Technology Preview: Getting started with Content Services GraphQL API](http://www.ibm.com/support/docview.wss?uid=ibm10883630) - - 1. Use the deployment file to deploy the Content Services GraphQL API container: - - ```kubectl apply -f crs-deploy.yml``` - 2. Run the following command to get the Public IP and port to access the Content Services GraphQL API: - - ```kubectl get svc | ecm-crs``` - -## Upgrading deployments - > **Tip**: You can discover the necessary resource values for the deployment from corresponding product deployments in IBM Cloud Private Console and Openshift Container Platform. - -### Before you begin -Before you run the upgrade commands, you must prepare the environment for upgrades by updating permissions on your persistent volumes. Depending on your starting version you might also need to create or update volumes and folders for Content Search Services and Content Management Interoperability Services. Complete the preparation steps in the following topic before you start the upgrade: [Upgrading Content Manager releases](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/com.ibm.dba.upgrading/topics/tsk_cm_upgrade.htm) - -If you already have a customized YAML file for your existing deployment, update the file with the new parameters for this release before you apply the YAML as part of the upgrade. See the sample YAML files for more information. - -For an upgrade to the External share container, complete the preparation steps in the following topic before you start the upgrade: [Upgrading External Share releases](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/com.ibm.dba.upgrading/topics/tsk_cm_upgrade.htm) - -You must also [download the PPA archive](../../README.md) before you begin the upgrade process. - -### Preparing for upgrade on Red Hat OpenShift - -For upgrades on Red Hat OpenShift, note the following considerations when you want to use the Arbitrary UID capability in your updated environment: - -- If you don't want to use Arbitrary UID capability in your Red Hat OpenShift environment, use the instructions in Running the upgrade deployments. - -- If you do want to use Arbitrary UID, use the following steps to prepare for the upgrade: - -1. Check and if necessary edit your Security Context Constraint to set desired user id range of minimum and maximum values for the project namespace: - - Set the desired user id range of minimum and maximum values for the project namespace: - - ```$ oc edit namespace ``` - - For the uid-range annotation, verify that a value similar to the following is specified: - - ```$ openshift.io/sa.scc.uid-range=1000490000/10000 ``` - - This range is similar to the default range for Red Hat OpenShift. - - - Remove authenticated users from anyuid (if set): - - ```$ oc adm policy remove-scc-from-group anyuid system:authenticated ``` - - - Update the runAsUser value. - Find the entry: - - ``` - $ oc get scc -o yaml - runAsUser: - type: RunAsAny - ``` - - Update the value: - - ``` - $ oc get scc -o yaml - runAsUser: - type: MustRunAsRange - ``` - -2. Remove the following line from your deployment YAML file: `runAsUser: 50001`. - -3. Update other values in your deployment YAML file to reflect the values for your existing environment and any updates in the new samples. - -4. Stop all existing containers. - -5. Run the deployment commands for the containers, in the following section. - -### Running the upgrade deployments - -To deploy Content Platform Engine: - 1. Use the deployment file to deploy Content Platform Engine: - - ```kubectl apply -f cpe-deploy.yml``` - 2. Run following command to get the Public IP and port to access Content Platform Engine: - - ```kubectl get svc | grep ecm-cpe``` - -To deploy Content Search Services: - 1. Use the deployment file to deploy Content Search Services: - - ```kubectl apply -f css-deploy.yml``` - 2. Run the following command to get the Public IP and port to access Content Search Services: - - ```kubectl get svc | grep ecm-css``` - -To deploy Content Management Interoperability Services: - 1. Use the deployment file to deploy Content Management Interoperability Services: - - ```kubectl apply -f cmis-deploy.yml``` - 2. Run the following command to get the Public IP and port to access Content Management Interoperability Services: - - ```kubectl get svc | ecm-cmis``` - -To deploy the External Share container: - 1. Use the deployment file to deploy the External Share container: - - ```kubectl apply -f es-deploy.yml``` - 2. Run the following command to get the Public IP and port to access External Share: - - ```kubectl get svc | ecm-es``` - - -## Uninstalling a Kubernetes release of FileNet Content Manager - -To uninstall and delete the Content Platform Engine release, use the following command: - -```console -$ kubectl delete -f -``` - -The command removes all the Kubernetes components associated with the release, except any Persistent Volume Claims (PVCs). This is the default behavior of Kubernetes, and ensures that valuable data is not deleted. To delete the persisted data of the release, you can delete the PVC using the following command: - -```console -$ kubectl delete pvc my-cpe-prod-release-cpe-pvclaim -``` -Repeat the process for any other deployments that you want to delete. diff --git a/CONTENT/k8s-yaml/extShare/es-deploy.yml b/CONTENT/k8s-yaml/extShare/es-deploy.yml deleted file mode 100755 index a7b7e980..00000000 --- a/CONTENT/k8s-yaml/extShare/es-deploy.yml +++ /dev/null @@ -1,151 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: ecm-es-svc -spec: - ports: - - name: http - protocol: TCP - port: 9080 - targetPort: 9080 - - name: https - protocol: TCP - port: 9443 - targetPort: 9443 - selector: - app: esserver-cluster1 - type: NodePort - sessionAffinity: ClientIP ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: ecm-es-np - namespace: $KUBE_NAME_SPACE -spec: - podSelector: {} - policyTypes: - - Ingress - - Egress - ingress: - - {} - egress: - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - - to: - - namespaceSelector: {} ---- -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - name: ecm-es -spec: - replicas: 1 - strategy: - type: RollingUpdate - template: - metadata: - labels: - app: esserver-cluster1 - spec: - imagePullSecrets: - - name: admin.registrykey - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - esserver-cluster1 - topologyKey: "kubernetes.io/hostname" - containers: - - image: /default/extshare:latest - imagePullPolicy: Always - name: ecm-es - securityContext: - # If deployment on OpenShift and image supports arbitrary uid, - # remove runAsUser and pods will run with arbitrarily assigned user ID. - runAsUser: 50001 - allowPrivilegeEscalation: false - resources: - requests: - memory: 512Mi - cpu: 500m - limits: - memory: 1536Mi - cpu: 1 - ports: - - containerPort: 9080 - name: http - - containerPort: 9443 - name: https - env: - - name: LICENSE - value: "accept" - - name: JVM_INITIAL_HEAP_PERCENTAGE - value: "40" - - name: JVM_MAX_HEAP_PERCENTAGE - value: "66" - - name: TZ - value: "Etc/UTC" - - name: ICNDBTYPE - value: "db2" - - name: ICNJNDIDS - value: "ECMClientDS" - - name: ICNSCHEMA - value: "ICNDB" - - name: ICNTS - value: "ICNDB" - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - readinessProbe: - httpGet: - path: /contentapi/rest/share/v1/info - port: 9080 - httpHeaders: - - name: Content-Encoding - value: gzip - initialDelaySeconds: 180 - periodSeconds: 5 - livenessProbe: - httpGet: - path: /contentapi/rest/share/v1/info - port: 9080 - httpHeaders: - - name: Content-Encoding - value: gzip - initialDelaySeconds: 600 - periodSeconds: 5 - volumeMounts: - - name: escfgstore-pvc - mountPath: "/opt/ibm/wlp/usr/servers/defaultServer/configDropins/overrides" - subPath: es/configDropins/overrides - - name: eslogstore-pvc - mountPath: "/opt/ibm/wlp/usr/servers/defaultServer/logs" - subPath: es/logs - - volumes: - - name: escfgstore-pvc - persistentVolumeClaim: - claimName: "es-icp-cfgstore" - - name: eslogstore-pvc - persistentVolumeClaim: - claimName: "es-icp-logstore" diff --git a/CONTENT/platform/README_Eval_ROKS.md b/CONTENT/platform/README_Eval_ROKS.md deleted file mode 100644 index 21a2a977..00000000 --- a/CONTENT/platform/README_Eval_ROKS.md +++ /dev/null @@ -1,110 +0,0 @@ -# Deploying on Red Hat OpenShift on IBM Cloud - -Before you deploy, you must configure your IBM Public Cloud environment, create an OpenShift cluster, prepare your FileNet environment, and load the product images to the registry. Use the following information to configure your environment and deploy the images. - -## Before you begin: Create a cluster - -Before you run any install command, make sure that you have created the IBM Cloud cluster, prepared your own environment, and obtained and loaded the product images to the registry. - -For more information, see [Installing containers on Red Hat OpenShift by using CLIs](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_prepare_env_ROKS.html). - - -## Step 1: Prepare your FileNet Content Manager environment - -To prepare your FileNet Content Manager environment, you set up databases, LDAP services, storage, and configuration files that are required for use and operation after deployment. - -Use the following instructions to prepare your FileNet environment: [Preparing to install IBM FileNet Content Manager](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_prepare_ecmk8s.html) - -**Important:** The instructions provided for preparing storage are specific to non-managed OpenShift deployments. For OpenShift deployments, the cluster you create for OpenShift includes attached storage. As a result, you don't create persistent volumes for the storage- only the listed persistent volume claims. Obtain the storage class name for this OpenShift cluster storage, and assign that value as the `storageClassName` value when you create the required persistent volumes claims for your FileNet environment as described in [Creating volumes and folders for deployment on Kubernetes](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_prepare_ecmk8s_volumes.html). - -The following example uses the storage class name `ibmc-file-retain-bronze`: - ```yaml - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: example-pvc - namespace: default - spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 8Gi - storageClassName: ibmc-file-retain-bronze - ``` - -## Step 2: Deploy the FileNet Content Manager images -When the container images are in the registry, you can complete environment configuration for each component and then run the chart installation. - -1. Create a NGINX pod to mount the persistent volumes. The following sample creates a pod named `example-pod-ecm-eval`: [NGINX Pod Sample](nginx_sample.yaml) - -2. Copy the necessary database and LDAP configuration XML files that you prepared for your FileNet environment to the mounted volumes, for example, by accessing the NGINX pod that you created: - ```console - $ kubectl cp datasource.xml nginx-pod:/path/to/corresponding/directory - ``` -**Remember:** Make sure the permissions for all the folders are set as follows: - -For each of the folders, set the ownership to 50001:0, for example: -chown –Rf 50001:0 /cpecfgstore - -For each of the folders, set the permission to 775, for example: -chmod –Rf 775 /cpecfgstore - -3. Use the instructions in the [Helm chart readme](../helm-charts) to confirm your environment configuration and install the Helm charts. - -## Step 3: Enable Ingress to access your applications -1. Create an SSL certificate: - ```console - $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $(pwd)/tls.key -out $(pwd)/tls.crt -subj "/CN=dbamc.content - ``` -2. Create a secret using the certificate: - ```console - $ kubectl create secret tls icp4a --key $(pwd)/tls.key --cert $(pwd)/tls.crt - ``` -3. Create an Ingress service for all of the Content components by using the example `ingress_service.yaml` file in the OpenShift console or CLI: [ingress_service.yaml](ingress_service.yaml) -4. Apply the Ingress service: - ``` console - $ kubectl apply -f ingress_service.yaml - ``` -5. Create single Ingress endpoint using the [ingress_one.yaml](ingress_one.yaml) -6. Apply the Ingress: - ``` console - $ kubectl apply -f ingess_one.yaml - ``` -7. To use the Ingress for the repository connection URL in Navigator, CMIS, External Share, and GraphQL run the following commands: - ```console - $ openssl pkcs12 -export -in $(pwd)/tls.crt -inkey $(pwd)/tls.key -out $(pwd)/newkey.p12 - ``` - ```console - $ keytool -importkeystore -srckeystore $(pwd)/newkey.p12 \ - -srcstoretype PKCS12 \ - -destkeystore $(pwd)/newkey.jks \ - -deststoretype JKS - ``` -8. Copy the `newkey.jks` file to the `overrides` directory: - ``` console - $ cp $(pwd)/newkey.jks /some/directory/icn/configDropins/overrides - ``` -9. Create a new XML file, for example, `key.xml`, and save it to the `configDropins/Overrides` folder: - ``` xml - - - - ``` -10. Edit the deployments for all of the components to resolve the hostname in the pods: - ``` console - $ kubectl edit deployments dbamc-cpe-ibm-dba-contentservices - ``` - Add the following lines in the section `spec.template.spec`: - ``` yaml - hostAliases: - - ip: "" - hostnames: - - "dbamc.content" - ``` -11. Get the Ingress IP by running the following command: - ``` console - $ kubectl get ingress - ``` -12. After you save your changes, new pods are created that include the changes. When the pods are up and running, update any existing repository connection. The new repository connection URL is something like: `https://icp4a-content/wsi/FNCEWS40MTOM/` -13. On any system where you want to access the applications, update the localhost file `/etc/hosts` with the Ingress IP and the hostname. diff --git a/CONTENT/platform/ingress_one.yaml b/CONTENT/platform/ingress_one.yaml deleted file mode 100644 index ef23ef99..00000000 --- a/CONTENT/platform/ingress_one.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: dbamc-ingress - annotations: - # The NGINX ingress annotations contains a new prefix nginx.ingress.kubernetes.io. - # To avoid breaking a running NGINX ingress controller, specify both new and old prefixes. - kubernetes.io/ingress.class: nginx - ingress.kubernetes.io/force-ssl-redirect: "true" - ingress.bluemix.net/sticky-cookie-services: "serviceName=ibacc-cpe-ingress-svc name=cpecookie expires=7300s path=/acce hash=sha1;serviceName=ibacc-ext-ingress-svc name=extcookie expires=7300s path=/contentapi hash=sha1;serviceName=ibacc-crs-ingress-svc name=crscookie expires=7300s path=/content-services-graphql hash=sha1" -spec: - rules: - - host: icp4a.content - http: - paths: - - backend: - serviceName: ibacc-cpe-ingress-svc - servicePort: 9080 - path: /acce - - backend: - serviceName: ibacc-cpe-ingress-svc - servicePort: 9080 - path: /P8CE - - backend: - serviceName: ibacc-cpe-ingress-svc - servicePort: 9080 - path: /FileNet - - backend: - serviceName: ibacc-cpe-ingress-svc - servicePort: 9080 - path: /wsi - - backend: - serviceName: ibacc-ext-ingress-svc - servicePort: 9080 - path: /contentapi - - backend: - serviceName: ibacc-crs-ingress-svc - servicePort: 9080 - path: /content-services-graphql - - backend: - serviceName: ibacc-crs-ingress-svc - servicePort: 9080 - path: /content-services - tls: - - hosts: - - icp4a.content - secretName: icp4a diff --git a/CONTENT/platform/ingress_service.yaml b/CONTENT/platform/ingress_service.yaml deleted file mode 100644 index 06820565..00000000 --- a/CONTENT/platform/ingress_service.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: ibacc-cpe-ingress-svc -spec: - ports: - - name: http - protocol: TCP - port: 9080 - targetPort: 9080 - - name: https - protocol: TCP - port: 9443 - targetPort: 9443 - selector: - app: ibm-dba-contentservices - type: ClusterIP ---- - -apiVersion: v1 -kind: Service -metadata: - name: ibacc-ext-ingress-svc -spec: - ports: - - name: http - protocol: TCP - port: 9080 - targetPort: 9080 - - name: https - protocol: TCP - port: 9443 - targetPort: 9443 - selector: - app: ibm-dba-extshare-prod - type: ClusterIP - ---- - -apiVersion: v1 -kind: Service -metadata: - name: ibacc-crs-ingress-svc -spec: - ports: - - name: http - protocol: TCP - port: 9080 - targetPort: 9080 - - name: https - protocol: TCP - port: 9443 - targetPort: 9443 - selector: - app: ibm-dba-contentrestservice-dev - type: ClusterIP diff --git a/CONTENT/platform/nginx_sample.yaml b/CONTENT/platform/nginx_sample.yaml deleted file mode 100644 index e2148ef9..00000000 --- a/CONTENT/platform/nginx_sample.yaml +++ /dev/null @@ -1,110 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: example-pod-ecm-eval - labels: - app: hello-openshift - namespace: ecm-eval -spec: - volumes: - - name: ecm-eval-cfg-pvc-0 - persistentVolumeClaim: - claimName: ecm-eval-cfg-pvc-0 - - name: ecm-eval-cfg-pvc-1 - persistentVolumeClaim: - claimName: ecm-eval-cfg-pvc-1 - - name: ecm-eval-cfg-pvc-2 - persistentVolumeClaim: - claimName: ecm-eval-cfg-pvc-2 - - name: ecm-eval-cfg-pvc-3 - persistentVolumeClaim: - claimName: ecm-eval-cfg-pvc-3 - - name: ecm-eval-cfg-pvc-4 - persistentVolumeClaim: - claimName: ecm-eval-cfg-pvc-4 - - name: ecm-eval-cfg-pvc-5 - persistentVolumeClaim: - claimName: ecm-eval-cfg-pvc-5 - - name: ecm-eval-cfg-pvc-6 - persistentVolumeClaim: - claimName: ecm-eval-cfg-pvc-6 - - name: ecm-eval-cfg-pvc-7 - persistentVolumeClaim: - claimName: ecm-eval-cfg-pvc-7 - - name: ecm-eval-cfg-pvc-8 - persistentVolumeClaim: - claimName: ecm-eval-cfg-pvc-8 - - name: ecm-eval-cfg-pvc-9 - persistentVolumeClaim: - claimName: ecm-eval-cfg-pvc-9 - - name: ecm-eval-cfg-pvc-10 - persistentVolumeClaim: - claimName: ecm-eval-cfg-pvc-10 - - name: ecm-eval-cfg-pvc-11 - persistentVolumeClaim: - claimName: ecm-eval-cfg-pvc-11 - - name: ecm-eval-cfg-pvc-12 - persistentVolumeClaim: - claimName: ecm-eval-cfg-pvc-12 - - name: ecm-eval-cfg-pvc-13 - persistentVolumeClaim: - claimName: ecm-eval-cfg-pvc-13 - - name: ecm-eval-cfg-pvc-14 - persistentVolumeClaim: - claimName: ecm-eval-cfg-pvc-14 - - name: ecm-eval-cfg-pvc-15 - persistentVolumeClaim: - claimName: ecm-eval-cfg-pvc-15 - - name: ecm-eval-cfg-pvc-16 - persistentVolumeClaim: - claimName: ecm-eval-cfg-pvc-16 - - name: ecm-eval-cfg-pvc-17 - persistentVolumeClaim: - claimName: ecm-eval-cfg-pvc-17 - - name: ecm-eval-cfg-pvc-18 - persistentVolumeClaim: - claimName: ecm-eval-cfg-pvc-18 - containers: - - name: hello-openshift - image: nginx:latest - ports: - - containerPort: 8080 - volumeMounts: - - name: ecm-eval-cfg-pvc-0 - mountPath: /cpe/configDropins/overrides - - name: ecm-eval-cfg-pvc-1 - mountPath: /cpe/asa - - name: ecm-eval-cfg-pvc-2 - mountPath: /cpe/textext - - name: ecm-eval-cfg-pvc-3 - mountPath: /cpe/logs - - name: ecm-eval-cfg-pvc-4 - mountPath: /cpe/FileNet - - name: ecm-eval-cfg-pvc-5 - mountPath: /cpe/icmrules - - name: ecm-eval-cfg-pvc-6 - mountPath: /cpe/bootstrap - - name: ecm-eval-cfg-pvc-7 - mountPath: /icn/configDropin/overrides - - name: ecm-eval-cfg-pvc-8 - mountPath: /icn/logs - - name: ecm-eval-cfg-pvc-9 - mountPath: /icn/plugins - - name: ecm-eval-cfg-pvc-10 - mountPath: /icn/viewerlog - - name: ecm-eval-cfg-pvc-11 - mountPath: /icn/viewercache - - name: ecm-eval-cfg-pvc-12 - mountPath: /icn/aspera - - name: ecm-eval-cfg-pvc-13 - mountPath: /css/CSS_Server_data - - name: ecm-eval-cfg-pvc-14 - mountPath: /css/CSS_Server_log - - name: ecm-eval-cfg-pvc-15 - mountPath: /css/CSS_Server_temp - - name: ecm-eval-cfg-pvc-16 - mountPath: /css/CSSIndex_OS1 - - name: ecm-eval-cfg-pvc-17 - mountPath: /cmis/configDropins/overrides - - name: ecm-eval-cfg-pvc-18 - mountPath: /cmis/logs/ diff --git a/FNCM/README_config.md b/FNCM/README_config.md new file mode 100644 index 00000000..7291935f --- /dev/null +++ b/FNCM/README_config.md @@ -0,0 +1,202 @@ +# Configuring IBM FileNet Content Manager 5.5.4 + +IBM FileNet Content Manager provides numerous containerized components for use in your container environment. The configuration settings for the components are recorded and stored in the shared YAML file for operator deployment. After you prepare your environment, you add the values for your configuration settings to the YAML so that the operator can deploy your containers to match your environment. + +## Requirements and prerequisites + +Confirm that you have completed the following tasks to prepare to deploy your FileNet Content Manager images: + +- Prepare your FileNet Content Manager environment. These procedures include setting up databases, LDAP, storage, and configuration files that are required for use and operation. You must complete all of the [preparation steps for FileNet Content Manager](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_prepare_ecmk8s.html) before you are ready to deploy the container images. Collect the values for these environment components; you use them to configure your FileNet Content Manager container deployment. + +- Prepare your container environment. See [Preparing to install automation containers on Kubernetes](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/welcome/com.ibm.dba.install/op_topics/tsk_prepare_env_k8s.html) + +- If you want to deploy additional optional containers, prepare the requirements that are specific to those containers. For details see the following information: + - [Preparing for External Share](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_cm_externalshareop.html) + - [Preparing volumes and folders for the Content Services GraphQL API](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_gqlvolumesop.html) + +If you plan to use external key management in your environment, review the following preparation information before you deploy: [Preparing for external key management](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_prepare_ecm_externalkeyk8s.html) + +> **Note**: If you plan to use UMS integration with any of the FileNet Content Manager components, note that you might encounter registration failure errors during deployment. This can happen if the UMS deployment is not ready by the time the other containers come up. The situation resolves in the next operator loop, so the errors can be ignored. + + +## Prepare your security environment + +Before you deploy, you must create a secret for the security details of the LDAP directory and datasources that you configured in preparation for use with FileNet Content Manager. Collect the users, password, and namespace to add to the secret. Using your values, run the following command: + + ``` +kubectl create secret generic ibm-fncm-secret \ +--from-literal=gcdDBUsername="db2inst1" --from-literal=gcdDBPassword="xxxxxxxx" \ +--from-literal=osDBUsername="db2inst1" --from-literal=osDBPassword="xxxxxxxx" \ +--from-literal=ldapUsername="cn=root" --from-literal=ldapPassword="xxxxxxxxxx" \ +--from-literal=externalLdapUsername="cn=User1,ou=test,dc=external,dc=com" --from-literal=externalLdapPassword="xxxxxxx" \ +--from-literal=appLoginUsername="filenet_admin" --from-literal=appLoginPassword="xxxxxxxx" \ +--from-literal=keystorePassword="xxxxx" \ +--from-literal=ltpaPassword="xxxxxx" + ``` +The secret you create is the value for the parameter `fncm_secret_name`. + + +### Root CA and trusted certificate list + + The custom YAML file also requires values for the `root_ca_secret` and `trusted_certificate_list` parameters. The TLS secret contains the root CA's key value pair. You have the following choices for the root CA: + - You can generate a self-signed root CA + - You can allow the operator (or ROOTCA ansible role) to generate the secret with a self-signed root CA (by not specifying one) + - You can use a signed root CA. In this case, you create a secret that contains the root CA's key value pair in advance. + + The list of the trusted certificate secrets can be a TLS secret or an opaque secret. An opaque secret must contain a tls.crt file for the trusted certificate. The TLS secret has a tls.key file as the private key. + +### Apply the Security Context Contstraints + +Apply the required Security Context Constraints (SCC) by applying the [SCC YAML](../descriptors/scc-fncm.yaml) file. + + ```bash + $ oc apply -f descriptors/scc-fncm.yaml + ``` + + > **Note**: `fsGroup` and `supplementalGroups` are `RunAsAny` and `runAsUser` is `MustRunAsRange`. + + +## Customize the YAML file for your deployment + +All of the configuration values for the components that you want to deploy are included in the [ibm_cp4a_cr_template.yaml](../descriptors/ibm_cp4a_cr_template.yaml) file. Create a copy of this file on the system that you prepared for your container environment, for example `my_ibm_cp4a_cr_template.yaml`. + +The custom YAML file includes the following sections that apply for all of the components: +- shared_configuration - Specify your deployment and your overall security information. +- ldap_configuration - Specify the directory service provider information for all components in this common section. +- datasource configuration - Specify the database information for all components in this common section. +- monitoring_configuration - Optional for deployments where you want to enable monitoring. +- logging_configuration - Optional for deployments where you want to enable logging. + +After the shared section, the YAML includes a section of parameters for each of the available components. If you plan to include a component in your deployment, you un-comment the parameters for that component and update the values. For some parameters, the default values are sufficient. For other parameters, you must supply values that correspond to your specific environment or deployment needs. + +The optional initialize_configuration and verify_configuration section includes values for a set of automatic set up steps for your FileNet P8 domain and IBM Business Automation Navigator deployment. + +If you want to exclude any components from your deployment, leave the section for that component and all related parameters commented out in the YAML file. + +All components require that you deploy the Content Platform Engine container. For that reason, you must complete the values for that section in all deployment use cases. + +A description of the configuration parameters is available in [Configuration reference for operators](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_cm_paramsop.html) + +Use the information in the following sections to record the configuration settings for the components that you want to deploy. + +- [Shared configuration settings](README_config.md#shared-configuration-settings) +- [Content Platform Engine settings](README_config.md#content-platform-engine-settings) +- [Content Search Services settings](README_config.md#content-search-services-settings) +- [Content Management Interoperability Services settings](README_config.md#content-management-interoperability-services-settings) +- [Content Services GraphQL settings](README_config.md#content-services-graphql-settings) +- [External Share settings](README_config.md#external-share-settings) +- [Task Manager settings](README_config.md#task-manager-settings) +- [Initialization settings](README_config.md#initialization-settings) +- [Verification settings](README_config.md#verification-settings) + +### Shared configuration settings + +Un-comment and update the values for the shared configuration, LDAP, datasource, monitoring, and logging parameters, as applicable. + +Use the secrets that you created in Preparing your security environment for the `root_ca_secret` and `trusted_certificate_list` values. + +> **Reminder**: If you plan to use External Share with the 2 LDAP model for configuring external users, update the LDAP values in the `ext_ldap_configuration` section of the YAML file with the information about the directory server that you configured for external users. If you are not using external share, leave this section commented out. + +For more information about the shared parameters, see the following topics: + +- [Shared parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_cm_opsharedparams.html) +- [LDAP parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_k8s_ldap.html) +- [Datasource parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_cm_dbparams.html) +- [Monitoring parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_cm_opmonparams.html) + +### Content Platform Engine settings + +Use the `cpe` section of the custom YAML to provide values for the configuration of Content Platform Engine. You provide details for configuration settings that you have already created, like the names of your persistent volume claims. You also provide names for pieces of your Content Platform Engine environment, and tuning decisions for your runtime environment. + +> **Note**: If you plan to use UMS with Content Platform Engine, do not use the Initialization container. You must manually configure your Content Platform Engine domain and object stores after deployment. + +For more information about the settings, see [Content Platform Engine parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_cm_opcpeparams.html) + +### Content Search Services settings + +Use the `css` section of the custom YAML to provide values for the configuration of Content Search Services. You provide details for configuration settings that you have already created, like the names of your persistent volume claims. You also provide names for pieces of your Content Search Services environment, and tuning decisions for your runtime environment. + +For more information about the settings, see [Content Search Services parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_cm_opcssparams.html) + +### Content Management Interoperability Services settings + +Use the `cmis` section of the custom YAML to provide values for the configuration of Content Search Services. You provide details for configuration settings that you have already created, like the names of your persistent volume claims. You also provide names for pieces of your Content Search Services environment, and tuning decisions for your runtime environment. + +For more information about the settings, see [Content Management Interoperability Services parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_cm_opcmisparams.html) + +### Content Services GraphQL settings + +Use the `graphql` section of the custom YAML to provide values for the configuration of the Content Services GraphQL API. You provide details for configuration settings that you have already created, like the names of your persistent volume claims. You also provide names for pieces of your Content Services GraphQL environment, and tuning decisions for your runtime environment. + +The section includes a parameter for enabling the GraphiQL development interface. Note the following consideration for including GraphiQL in your environment: + +- If you are deploying the GraphQL container as part of a test or development environment and you want to use GraphiQL with the API, set the enable_graph_iql parameter to true. +- If you are deploying the GraphQL container as part of a production environment, it is recommended to set the enable_graph_iql parameter to false. + +For more information about the settings, see [Content Services GraphQL parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_cm_opgqlparams.html) + +### External share settings + +Use the `es` section of the custom YAML to provide values for the configuration of External Share. You provide details for configuration settings that you have already created, like the names of your persistent volume claims. You also provide names for pieces of your External Share environment, and tuning decisions for your runtime environment. + +> **Reminder**: If you are using the 2 LDAP approach for managing your external users for external share, you must configure the ext_ldap_configuration section in the shared parameters with information about your external user LDAP directory service. + +> **Note**: If you are deploying the External Share container as an update instead of as part of the initial container deployment, note that both the Content Platform Engine and the Business Automation Navigator containers will undergo a rolling update to accommodate the External Share configuration. + +For more information about the settings, see [External Share parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_cm_opesparams.html) + +### Task Manager settings + +Use the `tm` section of the custom YAML to provide values for the configuration of Task Manager. You provide details for configuration settings that you have already created, like the names of your persistent volume claims. You also provide names for pieces of your Task Manager environment, and tuning decisions for your runtime environment. + +If you want to deploy Task Manager, you must also deploy IBM Business Automation Navigator. The Task Manager uses the same database as IBM Business Automation Navigator. Database settings must match between these two components. + +For Task Manager, pay particular attention to any relevant values in the `jvm_customize_options` parameter. + +For more information about the settings, see [Task Manager parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_cm_optmparams.html) + +### Initialization settings + +Use the `initialize_configuration` section of the custom YAML to provide values for the automatic initialization and setup of Content Platform Engine and IBM Business Automation Navigator. The initialization container creates initial instances of your FileNet Content Manager components, such as the p8 domain, one or more object stores, and configuration of IBM Business Automation Navigator. You also provide names for pieces of your FileNet Content Manager environment, and make decisions for your runtime environment. + +> **Important**: Do not enable initialization for your operator deployment if you plan to integrate UMS with Content Platform Engine. In this use case, you must manually create your Content Platform Engine domain and object stores after deployment. If you are integrating UMS and Content Platform Engine, leave the `initialize_configuration` section commented out. + +You can edit the YAML to configure more than one of the available pieces in your automatically initialized environment. For example, if you want to create an additional Content Search Services server, you copy the stanza for the server settings, paste it below the original, and add the new values for your additional object store: + + ``` +ic_css_creation: + # - css_site_name: "Initial Site" + # css_text_search_server_name: "{{ meta.name }}-css-1" + # affinity_group_name: "aff_group" + # css_text_search_server_status: 0 + # css_text_search_server_mode: 0 + # css_text_search_server_ssl_enable: "true" + # css_text_search_server_credential: "RNUNEWc=" + # css_text_search_server_host: "{{ meta.name }}-css-svc-1" + # css_text_search_server_port: 8199 + + ``` + +You can create additional object stores, Content Search Services indexes, IBM Business Automation Navigator repositories, and IBM Business Automation Navigator desktops. + +For more information about the settings, see [Initialization parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_cm_opinitiparams.html) + +### Verification settings + +Use the `verify_configuration` section of the custom YAML to provide values for the automatic verification of your Content Platform Engine and IBM Business Automation Navigator. The verify container works in conjunction with the automatic setup of the initialize container. You can accept most of the default settings for the verification. However, compare the settings with the values that you supply for the initialization settings. Specific settings like object store names and the Content Platform Engine connection point must match between these two configuration sections. + +For more information about the settings, see [Verify parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_cm_opverifyparams.html) + +## Complete the installation + +After you have set all of the parameters for the relevant components, return to to the install or update page for your platform to configure other components and complete the deployment with the operator. + +Install pages: + - [Installing on Managed Red Hat OpenShift on IBM Cloud Public](../platform/roks/install.md) + - [Installing on Red Hat OpenShift](../platform/ocp/install.md) + - [Installing on Certified Kubernetes](../platform/k8s/install.md) + +Update pages: + - [Updating on Managed Red Hat OpenShift on IBM Cloud Public](../platform/roks/update.md) + - [Updating on Red Hat OpenShift](../platform/ocp/update.md) + - [Updating on Certified Kubernetes](../platform/k8s/update.md) diff --git a/FNCM/README_migrate.md b/FNCM/README_migrate.md new file mode 100644 index 00000000..ccadd7e7 --- /dev/null +++ b/FNCM/README_migrate.md @@ -0,0 +1,22 @@ +# Migrating IBM FileNet Content Manager 5.5.x persisted data to V5.5.4 + +Because of the change in the container deployment method, there is no upgrade path for previous versions of FileNet Content Manager to V5.5.4. + +To move a V5.5.x installation to V5.5.4, you prepare your environment and deploy the operator the same way you would for a new installation. The difference is that you use the configuration values for your previously configured environment, including datasource, LDAP, storage volumes, etc. when you customize your deployment YAML file. + +Optionally, to protect your production deployment, you can create a replica of your data and use that datasource information for the operator deployment to test your migration. In this option, you follow the instructions for a new deployment. + + +## Step 1: Collect parameter values from your existing deployment + +You can use the reference topics in the [Cloud Pak for Automation Knowldege Center](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_cm_paramsop.html) to see the parameters that apply for your components and shared configuration. + +You will use the values for your existing deployment to update the custom YAML file for the new operator deployment. For more information, see [Configure IBM FileNet Content Manager](README_config.md). + +> **Note**: When you are ready to deploy the V5.5.4 version of your FileNet Content Manager containers, stop your previous containers. + +## Step 2: Return to the platform readme to migrate other components + +- [Managed OpenShift migrate page](../platform/roks/migrate.md) +- [OpenShift migrate page](../platform/ocp/migrate.md) +- [Kubernetes migrate page](../platform/k8s/migrate.md) diff --git a/CONTENT/configuration/CPE/configDropins/overrides/OBJSTORE.xml b/FNCM/configuration/CPE/configDropins/overrides/OBJSTORE.xml similarity index 100% rename from CONTENT/configuration/CPE/configDropins/overrides/OBJSTORE.xml rename to FNCM/configuration/CPE/configDropins/overrides/OBJSTORE.xml diff --git a/CONTENT/configuration/CPE/configDropins/overrides/OBJSTORE_HADR.xml b/FNCM/configuration/CPE/configDropins/overrides/OBJSTORE_HADR.xml similarity index 100% rename from CONTENT/configuration/CPE/configDropins/overrides/OBJSTORE_HADR.xml rename to FNCM/configuration/CPE/configDropins/overrides/OBJSTORE_HADR.xml diff --git a/CONTENT/configuration/CPE/configDropins/overrides/OBJSTORE_Oracle.xml b/FNCM/configuration/CPE/configDropins/overrides/OBJSTORE_Oracle.xml similarity index 100% rename from CONTENT/configuration/CPE/configDropins/overrides/OBJSTORE_Oracle.xml rename to FNCM/configuration/CPE/configDropins/overrides/OBJSTORE_Oracle.xml diff --git a/CONTENT/configuration/ContentGraphQL/configDropins/overrides/UMS.xml b/FNCM/configuration/ContentGraphQL/configDropins/overrides/UMS.xml similarity index 100% rename from CONTENT/configuration/ContentGraphQL/configDropins/overrides/UMS.xml rename to FNCM/configuration/ContentGraphQL/configDropins/overrides/UMS.xml diff --git a/CONTENT/configuration/ContentGraphQL/configDropins/overrides/CORS.xml b/FNCM/configuration/ContentGraphQL/configDropins/overrides/cors.xml similarity index 62% rename from CONTENT/configuration/ContentGraphQL/configDropins/overrides/CORS.xml rename to FNCM/configuration/ContentGraphQL/configDropins/overrides/cors.xml index 7240bd98..596bd753 100644 --- a/CONTENT/configuration/ContentGraphQL/configDropins/overrides/CORS.xml +++ b/FNCM/configuration/ContentGraphQL/configDropins/overrides/cors.xml @@ -2,9 +2,9 @@ diff --git a/CONTENT/configuration/ContentGraphQL/configDropins/overrides/crs-ssl.xml b/FNCM/configuration/ContentGraphQL/configDropins/overrides/crs-ssl.xml similarity index 100% rename from CONTENT/configuration/ContentGraphQL/configDropins/overrides/crs-ssl.xml rename to FNCM/configuration/ContentGraphQL/configDropins/overrides/crs-ssl.xml diff --git a/NAVIGATOR/configuration/ICN/configDropins/overrides/ICNDS.xml b/FNCM/configuration/TaskMgr/configDropins/overrides/ICNDS.xml similarity index 100% rename from NAVIGATOR/configuration/ICN/configDropins/overrides/ICNDS.xml rename to FNCM/configuration/TaskMgr/configDropins/overrides/ICNDS.xml diff --git a/FNCM/configuration/TaskMgr/configDropins/overrides/ICNDS_HADR.xml b/FNCM/configuration/TaskMgr/configDropins/overrides/ICNDS_HADR.xml new file mode 100644 index 00000000..a8dd0e82 --- /dev/null +++ b/FNCM/configuration/TaskMgr/configDropins/overrides/ICNDS_HADR.xml @@ -0,0 +1,17 @@ + + + + + + + + diff --git a/NAVIGATOR/configuration/ICN/configDropins/overrides/ICNDS_Oracle.xml b/FNCM/configuration/TaskMgr/configDropins/overrides/ICNDS_Oracle.xml similarity index 100% rename from NAVIGATOR/configuration/ICN/configDropins/overrides/ICNDS_Oracle.xml rename to FNCM/configuration/TaskMgr/configDropins/overrides/ICNDS_Oracle.xml diff --git a/CONTENT/configuration/extShare/configDropins/overrides/CORS.xml b/FNCM/configuration/extShare/configDropins/overrides/CORS.xml similarity index 100% rename from CONTENT/configuration/extShare/configDropins/overrides/CORS.xml rename to FNCM/configuration/extShare/configDropins/overrides/CORS.xml diff --git a/FNCM/configuration/extShare/configDropins/overrides/ICNDS.xml b/FNCM/configuration/extShare/configDropins/overrides/ICNDS.xml new file mode 100644 index 00000000..643fa38d --- /dev/null +++ b/FNCM/configuration/extShare/configDropins/overrides/ICNDS.xml @@ -0,0 +1,15 @@ + + + + + + + + diff --git a/CONTENT/configuration/extShare/configDropins/overrides/ICNDS_HADR.xml b/FNCM/configuration/extShare/configDropins/overrides/ICNDS_HADR.xml similarity index 100% rename from CONTENT/configuration/extShare/configDropins/overrides/ICNDS_HADR.xml rename to FNCM/configuration/extShare/configDropins/overrides/ICNDS_HADR.xml diff --git a/FNCM/configuration/extShare/configDropins/overrides/ICNDS_Oracle.xml b/FNCM/configuration/extShare/configDropins/overrides/ICNDS_Oracle.xml new file mode 100644 index 00000000..bb125c06 --- /dev/null +++ b/FNCM/configuration/extShare/configDropins/overrides/ICNDS_Oracle.xml @@ -0,0 +1,12 @@ + + + + + + + + diff --git a/FNCM/configuration/extShare/configDropins/overrides/oidc.xml b/FNCM/configuration/extShare/configDropins/overrides/oidc.xml new file mode 100644 index 00000000..3cd04fbd --- /dev/null +++ b/FNCM/configuration/extShare/configDropins/overrides/oidc.xml @@ -0,0 +1,22 @@ + + + + + diff --git a/IAWS/README_config.md b/IAWS/README_config.md new file mode 100644 index 00000000..492c0243 --- /dev/null +++ b/IAWS/README_config.md @@ -0,0 +1,1084 @@ +# Configuring IBM Automation Workstream Services 19.0.3 +Learn how to configure IBM Automation Workstream Services. + + +## Table of contents +- [Introduction](#Introduction) +- [Automation Workstream Services component details](#Automation-Workstream-Services-component-details) +- [Resources required](#Resources-required) +- [Prerequisites](#Prerequisites) +- [Step 1: Preparing to install Automation Workstream Services for production](#Step-1-Preparing-to-install-Automation-Workstream-Services-for-production) + - [Setting up an OpenShift environment](#Setting-up-an-OpenShift-environment) + - [Preparing SecurityContextConstraints](#Preparing-SecurityContextConstraints) +- [Step 2: Preparing databases for Automation Workstream Services](#Step-2-Preparing-databases-for-Automation-Workstream-Services) + - [Creating the database for Automation Workstream Services](#Creating-the-database-for-Automation-Workstream-Services) + - [(Optional) Db2 SSL Configuration](#Optional-Db2-SSL-Configuration) + - [(Optional) Db2 HADR Configuration](#Optional-Db2-HADR-Configuration) +- [Step 3: Preparing to configure LDAP](#Step-3-Preparing-to-configure-LDAP) +- [Step 4: Preparing storage](#Step-4-Preparing-storage) + - [Disabling swapping and increasing the limit number of files descriptors](#Disabling-swapping-and-increasing-the-limit-number-of-files-descriptors) + - [Preparing storage for Process Federation Server](#Preparing-storage-for-Process-Federation-Server) + - [Preparing storage for Java Messaging Service](#Preparing-storage-for-Java-Messaging-Service) +- [Step 5: Protecting sensitive configuration data](#Step-5-Protecting-sensitive-configuration-data) + - [Creating required secrets for Automation Workstream Services](#Creating-required-secrets-for-Automation-Workstream-Services) + - [Creating the Lombardi custom secret](#Creating-the-lombardi-custom-secret) +- [Step 6: Configuring the Custom Resource YAML file to deploy Automation Workstream Services](#Step-6-Configuring-the-Custom-Resource-YAML-file-to-deploy-Automation-Workstream-Services) + - [Adding prerequisite configuration sections](#Adding-prerequisite-configuration-sections) + - [Disabling the Content Platform Engine initialization and verification sections](#Disabling-the-content-platform-engine-initialization-and-verification-sections) + - [Adding the required Automation Workstream Services configuration section](#Adding-the-required-Automation-Workstream-Services-configuration-section) + - [Custom configuration](#Custom-configuration) +- [Step 7: Completing the installation](#Step-7-Completing-the-installation) +- [Step 8: Completing post-deployment tasks](#Step-8-Completing-post-deployment-tasks) + - [Configuring the Content Platform Engine](#Configuring-the-Content-Platform-Engine) +- [Step 9: Verifying Automation Workstream Services](#Step-9-Verifying-Automation-Workstream-Services) +- [Limitations](#Limitations) +- [Troubleshooting](#Troubleshooting) + + + +## Introduction +The IBM Automation Workstream Services operator deploys the Workstream server, a server engine that runs workstreams that are configured and launched in IBM Workplace. + + +## Automation Workstream Services component details +The standard configuration includes these components: + +- IBM Business Automation Workflow Server component +- IBM Java Messaging Service component +- IBM Process Federation Server component + +To support those components, a standard installation generates the following content: + +- 4 ConfigMaps that manage the configuration +- 1 StatefulSet running Java Messaging Service +- 1 StatefulSet running Workstream server +- 1 StatefulSet running Process Federation Server +- 4 or more jobs for Workstream server +- 3 service accounts with related role and role binding +- 20 secrets to gain access during installation +- 7 services and Route to route the traffic to the App Engine + + +## Resources required +Follow the instructions in [Planning your installation](https://docs.openshift.com/container-platform/3.11/install/index.html#single-master-single-box). Then, based on your environment, check the required resources in [System and environment requirements](https://docs.openshift.com/container-platform/3.11/install/prerequisites.html) and set up your environment. + +| Component name | Container | CPU | Memory | +| --- | --- | --- | --- | +| IBM Automation Workstream Services | Workstream container | 2 | 3Gi | +| IBM Automation Workstream Services | Init containers | 200m | 128Mi | +| IBM Automation Workstream Services | IBM Java Messaging Service containers | 500m | 512Mi | +| IBM Automation Workstream Services | IBM Process Federation Service containers | 1500m | 2560Mi | + + +## Prerequisites +- [OpenShift 3.11 or later](https://docs.openshift.com/container-platform/3.11/welcome/index.html) +- [IBM DB2 11.5](https://www.ibm.com/products/db2-database) +- [User Management Service](../UMS/README_config.md) +- [Automation Application Engine](../AAE/README_config.md) +- [Business Automation Navigator](../BAN/README_config.md) +- [FileNet Content Manager](../FNCM/README_config.md) + + + +## Step 1: Preparing to install Automation Workstream Services for production +In addition to performing the steps required to set up the operator environment, complete the following steps before you install Automation Workstream Services. + +### Setting up an OpenShift environment +Before you prepare to install Automation Workstream Services, complete [Step 1 to Step 5](../platform/ocp/install.md). + +### Preparing SecurityContextConstraints +#### Creating a SecurityContextConstraint for Automation Workstream Services +Create a SecurityContextConstraint for Automation Workstream Services that looks like the following content and save it to the ibm-dba-iaws-scc.yaml file. Then add this ibm-dba-iaws-scc SCC to all service accounts in a namespace: +```yaml +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + name: ibm-dba-iaws-scc +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowPrivilegeEscalation: true +allowPrivilegedContainer: false +allowedCapabilities: [] +defaultAddCapabilities: [] +fsGroup: + type: RunAsAny +groups: +- system:authenticated +readOnlyRootFilesystem: false +requiredDropCapabilities: +- KILL +- MKNOD +- SETUID +- SETGID +runAsUser: + type: MustRunAsRange +seLinuxContext: + type: MustRunAs +supplementalGroups: + type: RunAsAny +users: [] +volumes: +- configMap +- downwardAPI +- emptyDir +- persistentVolumeClaim +- projected +- secret +priority: 1 +``` + +Run the following commands: + +```sh +$ oc apply -f ibm-dba-iaws-scc.yaml +$ oc adm policy add-scc-to-group ibm-dba-iaws-scc system:serviceaccounts: +``` + +#### Creating a SecurityContextConstraint for Process Federation Server +If pfs_configuration.elasticsearch.privileged is set to true, you must create a SecurityContextConstraint for Process Federation Server that looks like the following content and save it to the ibm-pfs-privileged-scc.yaml file. Then add this ibm-pfs-privileged-scc SCC to the ibm-pfs-es-service-account Process Federation Server Elasticsearch default service account in the current namespace: + +```yaml +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + name: ibm-pfs-privileged-scc +allowHostDirVolumePlugin: true +allowHostIPC: true +allowHostNetwork: true +allowHostPID: true +allowHostPorts: true +allowPrivilegedContainer: true +allowPrivilegeEscalation: true +allowedCapabilities: +- '*' +allowedFlexVolumes: [] +allowedUnsafeSysctls: +- '*' +defaultAddCapabilities: [] +defaultAllowPrivilegeEscalation: true +forbiddenSysctls: [] +fsGroup: + type: RunAsAny +readOnlyRootFilesystem: false +requiredDropCapabilities: [] +runAsUser: + type: RunAsAny +seccompProfiles: +- '*' +seLinuxContext: + type: RunAsAny +supplementalGroups: + type: RunAsAny +volumes: +- '*' +priority: 2 +``` + +Run the following commands: + +```sh +$ oc create serviceaccount ibm-pfs-es-service-account +$ oc apply -f ibm-pfs-privileged-scc.yaml +$ oc adm policy add-scc-to-user ibm-pfs-privileged-scc -z ibm-pfs-es-service-account +``` + +**Tip:** You can use the [`getSCCs.sh`](/~https://github.com/IBM/cloud-pak/tree/master/samples/utilities) bash script, which displays all the SecurityContextConstraints resources that are mapped to each of the ServiceAccount users in the specified namespace (or project). + +**Note:** Specify the value of property `pfs_configuration.elasticsearch.service_account` to the newly created service account `ibm-pfs-es-service-account` in your Custom Resource configuration. + + + +## Step 2: Preparing databases for Automation Workstream Services +### Creating the database for Automation Workstream Services +Create the database for Automation Workstream Services by running the following script on the Db2 server: +```sql +create database automatic storage yes using codeset UTF-8 territory US pagesize 32768; +-- connect to the created database: +connect to ; +-- A user temporary tablespace is required to support stored procedures in BPM. +CREATE USER TEMPORARY TABLESPACE USRTMPSPC1; +UPDATE DB CFG FOR USING LOGFILSIZ 16384 DEFERRED; +UPDATE DB CFG FOR USING LOGSECOND 64 IMMEDIATE; +-- The following grant is used for databases without enhanced security. +-- For more information, review the IBM Knowledge Center for Enhancing Security for DB2. +grant dbadm on database to user ; +connect reset; +``` + +**Notes:** +- Replace `` with the Automation Workstream Services database name you want, for example, BPMDB. +- Replace `` with the user you will use for the database. + + +### (Optional) Db2 SSL Configuration +To ensure that all communications between the Business Automation Workflow server and Db2 are encoded, you must import the database CA certificate to the Business Automation Workflow server. To do so, you must create a secret to store the certificate: +``` +kubectl create secret generic ibm-dba-baw-db2-cacert --from-file=cacert.crt= +``` + +**Note:** You must modify the part that points to the certificate file. Do not change the part --from-file=cacert.crt=. + +You can then use the resulting secret to set the `iaws_configuration[x]. wfs.database.sslsecretname: ibm-dba-baw-db2-cacert`, while setting `iaws_configuration[x].wfs.database.ssl` to `true`. + +### (Optional) Db2 HADR Configuration +If you use Db2 as your database, you can configure high availability by setting up HADR for the process server database. This configuration ensures that the process server automatically retrieves the necessary failover server information when it first connects to the database. As part of the setup, you must provide a comma-separated list of failover servers and failover ports. + +For example, if there are two failover servers: + + server1.db2.customer.com on port 50443 + server2.db2.customer.com on port 51443 + +you can specify these hosts and ports in the Custom Resource configuration YAML file as follows: +```yaml +database: + ... ... + hadr: + standbydb_host: server1.db2.customer.com, server2.db2.customer.com + standbydb_port: 50443,51443 + retryintervalforclientreroute: + maxretriesforclientreroute: + ... ... +``` + + + +## Step 3: Preparing to configure LDAP +An LDAP server is required before you install Automation Workstream Services. Save the following content in a file named `ldap-bind-secret.yaml`, Then apply it by running the `oc apply -f ldap-bind-secret.yaml` command: +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: ldap-bind-secret +type: Opaque +data: + ldapUsername: + ldapPassword: > /etc/sysctl.conf && sysctl -w vm.swappiness=1 && sed -i '/^vm.swappiness /d' /etc/sysctl.conf && echo 'vm.swappiness=1' >> /etc/sysctl.conf +``` + +### Preparing storage for Process Federation Server +The Process Federation Server component requires persistent volumes (PVs), persistent volume claims (PVCs), and related folders to be created before you can deploy. The deployment process uses these volumes and folders during the deployment. + +The following example illustrates the procedure using Network File System (NFS). An existing NFS server is required before creating persistent volumes and persistent volume claims. +- Creating folders for Process Federation Server on an NFS server, For the NFS server, you must grant minimal privileges, In the `/etc/exports` configuration file, add the following line in the end: +``` + *(rw,sync,no_subtree_check) +``` + +**Notes:** +- `` should be an individual directory and NOT shared with other components. +- **Restart NFS service** after editing and saving `/etc/exports` configuration file. + + +Give the least privilege to the mounted directories using the following commands: +```bash +sudo mkdir /pfs-es-0 +sudo mkdir /pfs-es-1 +sudo mkdir /pfs-logs-0 +sudo mkdir /pfs-logs-1 +sudo mkdir /pfs-output-0 +sudo mkdir /pfs-output-1 + +chown -R :65534 /pfs-* +chmod g+rw /pfs-* +``` + +- Creating persistent volumes required for Process Federation Server + +Save the following YAML files on the OpenShift master node and run the `oc apply -f ` command on the files in the following order. + +1. pfs-pv-pfs-es-0.yaml +```yaml +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pfs-es-0 +spec: + storageClassName: "pfs-es" + accessModes: + - ReadWriteOnce + capacity: + storage: 10Gi + nfs: + path: /pfs-es-0 + server: + persistentVolumeReclaimPolicy: Recycle +``` + +2. pfs-pv-pfs-es-1.yaml +```yaml +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pfs-es-1 +spec: + storageClassName: "pfs-es" + accessModes: + - ReadWriteOnce + capacity: + storage: 10Gi + nfs: + path: /pfs-es-1 + server: + persistentVolumeReclaimPolicy: Recycle +``` + +3. pfs-pv-pfs-logs-0.yaml +```yaml +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pfs-logs-0 +spec: + storageClassName: "pfs-logs" + accessModes: + - ReadWriteOnce + capacity: + storage: 5Gi + nfs: + path: /pfs-logs-0 + server: + persistentVolumeReclaimPolicy: Recycle +``` + +4. pfs-pv-pfs-logs-1.yaml +```yaml +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pfs-logs-1 +spec: + storageClassName: "pfs-logs" + accessModes: + - ReadWriteOnce + capacity: + storage: 5Gi + nfs: + path: /pfs-logs-1 + server: + persistentVolumeReclaimPolicy: Recycle +``` + +5. pfs-pv-pfs-output-0.yaml +```yaml +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pfs-output-0 +spec: + storageClassName: "pfs-output" + accessModes: + - ReadWriteOnce + capacity: + storage: 5Gi + nfs: + path: /pfs-output-0 + server: + persistentVolumeReclaimPolicy: Recycle +``` + +6. pfs-pv-pfs-output-1.yaml +```yaml +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pfs-output-1 +spec: + storageClassName: "pfs-output" + accessModes: + - ReadWriteOnce + capacity: + storage: 5Gi + nfs: + path: /pfs-output-1 + server: + persistentVolumeReclaimPolicy: Recycle +``` + +**Notes:** +- Replace `` with the Process Federation Server storage folder on your NFS server. +- Replace `` with your NFS server IP address. + +### Preparing storage for Java Messaging Service +The Java Messaging Service(JMS) component requires you to create a persistent volume and a related folder to be created before you can deploy. + +The following example illustrats the procedure using NFS. An existing NFS server is required before creating PVs. + +- Creating folders for JMS on an NFS server +For the NFS server, you must grant minimal privileges, In the `/etc/exports` configuration file, add the following line in the end: +``` + *(rw,sync,no_subtree_check) +``` + +**Notes:** +- `` should be an individual directory and do NOT shared with other components. +- **Restart the NFS service** after editing and saving the `/etc/exports` configuration file. + +Give the least privilege to the mounted directories using the following commands: +```bash +sudo mkdir /jms +chown -R :65534 /jms +chmod g+rw /jms +``` + +- Creating persistent volumes for JMS + +Save the following YAML files on the OpenShift master node and run the `oc apply -f ` command. +jms-pv.yaml +```yaml +apiVersion: v1 +kind: PersistentVolume +metadata: + name: jms-pv +spec: + storageClassName: "jms-storage-class" + accessModes: + - ReadWriteOnce + capacity: + storage: 2Gi + nfs: + path: /jms + server: + persistentVolumeReclaimPolicy: Recycle +``` + +**Notes:** +- Replace `` with the JMS storage folder on your NFS server. +- `accessModes` should be set to the same value as the `iaws_configuration[x].wfs.jms.storage.access_modes` property in the Custom Resource configuration file. +- Replace `` with your NFS server IP address. + + + +## Step 5: Protecting sensitive configuration data +### Creating required secrets for Automation Workstream Services +A secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Before you install Automation Workstream Services, you must create the following secrets manually by saving the content in a YAML file and running the `oc apply -f ` command on the OpenShift master node. + +Shared encryption key secret: +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: icp4a-shared-key-secret +type: Opaque +data: + encryptionKey: +``` +**Notes:** +- So that the confidential information is shared only between the components that hold the key, use the encryptionKey to encrypt the confidential information at the Resource Registry. +- Ensure the encryptionKey is **base64** encoded. + +Business Automation Workflow server secret: +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: ibm-baw-baw-secret +type: Opaque +data: + adminUsername: + adminPassword: + sslKeyPassword: + oidcClientPassword: +``` +**Note:** +- `adminUsername` and `adminPassword` is the valid LDAP user who will be configured as the admin user of Automation Workstream Services. The password is necessary because it will be created on the Liberty server. +- `sslKeyPassword` will be used as the keystore or trust store password. +- `oidcClientPassword` will be registered with the User Manaement Service(UMS) as the OIDC client password. +- Ensure all values under data are **base64** encoded. + +Business Automation Workflow server database secret: +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: ibm-baw-wfs-server-db-secret +type: Opaque +data: + dbUser: + password: +``` +**Notes:** +- `dbUser` and `password` are the database user name and password respectively. +- Ensure all values under data are **base64** encoded. + +Workstream server integration with IBM Content Platform Engine secret: +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: cpe-admin-secret +type: Opaque +data: + adminUsername: + adminPassword: +``` +**Notes:** +- `adminUsername` and `adminPassword` are the Content Platform Engine admin user credentials. +- Ensure all values under data are **base64** encoded. + +Process Federation Server secret: +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: ibm-pfs-admin-secret +type: Opaque +data: + ltpaPassword: + oidcClientPassword: + sslKeyPassword: +``` + +**Notes:** +- `sslKeyPassword` is used as the keystore and trust store password. +- `oidcClientPassword` is registered at with UMS as the OIDC client password. +- Ensure all values under data are **base64** encoded. + +### Creating the Lombardi custom secret +#### 1. Save the following content in a file named '100Custom.xml'. +```xml + + + + + + true + + + +``` + +#### 2. Create the Lombardi custom secret +Run the following command on the OpenShift master node: +``` +kubectl create secret generic wfs-lombardi-custom-xml-secret --from-file=sensitiveCustomConfig=./100Custom.xml +``` + +**Note:** To overwrite the Lombardi configuration settings, specify the value of the `iaws_configuration[x].wfs.lombardi_custom_xml_secret_name` property as the to newly created secret name `wfs-lombardi-custom-xml-secret` in the Custom Resource configuration file. + + + +## Step 6: Configuring the Custom Resource YAML file to deploy Automation Workstream Services +### Adding prerequisite configuration sections +Make sure that you've set the configuration parameters for the following components in your copy of the template Custom Resource YAML file: + +- [User Management Service](../UMS/README_config.md) +- [Automation Application Engine](../AAE/README_config.md) +- [Business Automation Navigator](../BAN/README_config.md) +- [FileNet Content Manager](../FNCM/README_config.md) + +### Disabling the Content Platform Engine initialization and verification sections +To ensure that the Content Platform Engine initialization can be completed successfully, remove the `initialize_configuration` and `verify_configuration` sections from the template Custom Resource YAML file. + +### Adding the required Automation Workstream Services configuration section +Edit your copy of the template custom resource YAML file and make the following updates. +- Uncomment and update the shared_configuration section if you haven't done it already. + +- Update the `iaws_configuration` and `pfs_configuration` sections. + To install Automation Workstream Services, replace the contents of `iaws_configuration` and `pfs_configuration` in your copy of the template Custom Resource YAML file with the values from the [sample_min_value.yaml](configuration/sample_min_value.yaml) file. + +### Custom configuration +If you want to customize your Custom Resource YAML file, you can refer to the [configuration list](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_iaws_params.html) to update the required values of each parameter according to your environment. + + +## Step 7: Completing the installation +Go back to the relevant installation or update page to configure other components and complete the deployment with the operator. + +Install pages: + - [OpenShift installation page](../platform/ocp/install.md) + - [Certified Kubernetes installation page](../platform/k8s/install.md) + +Update pages: + - [OpenShift installation page](../platform/ocp/update.md) + - [Certified Kubernetes installation page](../platform/k8s/update.md) + + +## Step 8: Completing post-deployment tasks +### Configuring the Content Platform Engine + +- [Creating the P8Domain manually](https://www.ibm.com/support/knowledgecenter/SSGLW6_5.5.0/com.ibm.p8.install.doc/p8pin328.htm) +- [Creating a database connection manually](https://www.ibm.com/support/knowledgecenter/SSGLW6_5.5.0/com.ibm.p8.install.doc/p8pin327.htm) +- [Creating object stores manually](https://www.ibm.com/support/knowledgecenter/SSGLW6_5.5.0/com.ibm.p8.install.doc/p8pin034.htm) + +**Notes:** +- The domain name must be same as value of the `iaws_configuration[x].wfs.content_integration.domain_name` property in the Custom Resource configuration file. +- The database connection related parameters shoule be from one of object store databases in `datasource_configuration.dc_os_datasources` section defined in Custom Resource configuration file which is already persisted as datasource configuration inside CPE container +- The Object Store name must be the same as the value of the `iaws_configuration[x].wfs.content_integration.object_store_name` property in the Custom Resource configuration file. + +## Step 9: Verifying Automation Workstream Services +1. Get the name of the pods that were deployed by running the following command: +``` +oc get pod -n +``` + +
+
+Click to show a successful Automation Workstream Service pod status. +

+ +``` +NAME READY STATUS RESTARTS AGE +demo-cmis-deploy-7f79f86db-crhwb 1/1 Running 0 18m +demo-cpe-deploy-774c856dfb-ss9p8 1/1 Running 0 21m +demo-dba-rr-63f407861c 1/1 Running 0 24m +demo-dba-rr-7557164eb9 1/1 Running 0 24m +demo-dba-rr-875b9f4a8f 1/1 Running 0 24m +demo-ibm-pfs-0 1/1 Running 0 8m +demo-ibm-pfs-dbareg-5d4b47577f-sp6qk 1/1 Running 0 8m +demo-ibm-pfs-elasticsearch-0 2/2 Running 0 8m +demo-ibm-pfs-umsregistry-job-bqvv6 0/1 Completed 0 8m +demo-instance1-aae-ae-db-job-9bb4p 0/1 Completed 0 9m +demo-instance1-aae-ae-deployment-bdf69b4d7-qpj5t 1/1 Running 0 9m +demo-instance1-aae-ae-oidc-job-fgzzv 0/1 Completed 0 9m +demo-instance1-baw-jms-0 1/1 Running 0 10m +demo-instance1-ibm-iaws-ibm-workplace-init-job-wnvcm 0/1 Completed 0 10m +demo-instance1-ibm-iaws-server-0 1/1 Running 0 10m +demo-instance1-ibm-iaws-server-content-init-job-7k64r 1/1 Running 1 10m +demo-instance1-ibm-iaws-server-database-init-job-czmdn 0/1 Completed 0 10m +demo-instance1-ibm-iaws-server-database-init-job-pfs-zzlwr 0/1 Completed 0 10m +demo-instance1-ibm-iaws-server-ltpa-kh76r 0/1 Completed 0 10m +demo-instance1-ibm-iaws-server-umsregistry-job-zt7rj 0/1 Completed 0 10m +demo-navigator-deploy-64cc4f44f-hnqbf 1/1 Running 0 15m +demo-rr-setup-pod 0/1 Completed 0 24m +demo-ums-deployment-86b4d9bc6b-bwkvn 1/1 Running 0 23m +demo-ums-ltpa-creation-job-zkdxb 0/1 Completed 0 24m +ibm-cp4a-operator-69569b68c8-d49v2 2/2 Running 0 31m +``` + +

+
+
+ +2. For each pod, check under Events to see that the images were successfully pulled and the containers were created and started by running the following command with the specific pod name: +``` +oc describe pod -n +``` + + + +## Limitations + +* Automation Workstream Services supports only the IBM Db2 database. + +* Elasticsearch limitation + + **Note:** The following limitation only applies if you are updating an Automation Workstream Services deployment which uses the embedded Elasticsearch statefulset + + * Scaling Elasticsearch statefulet + + In the Elasticsearch configuration, the [discovery.zen.minimum_master_nodes property](https://www.elastic.co/guide/en/elasticsearch/reference/6.7/discovery-settings.html#minimum_master_nodes) is automatically set by the operator to the quorum of replicas of the Elasticsearch statefulset. If, during an update, the pfs_configuration.elasticsearch.replicas value is changed and the change leads to a new computed value for the discovery.zen.minimum_master_nodes configuration property, then all currently running Elasticsearch pods will have to be restarted to. During this restart of the pods, there will be a temporary interruption of Elasticsearch and Process Federation Server services. + * Elasticsearch High Availability + + In the Elasticsearch configuration, the [discovery.zen.minimum_master_nodes property](https://www.elastic.co/guide/en/elasticsearch/reference/6.7/discovery-settings.html#minimum_master_nodes) is automatically set by the operator to the quorum of replicas of the Elasticsearch statefulset. If at some point, some Elasticsearch pods fail and the number of running Elastisearch pods is less than the quorum of replicas of the Elasticsearch statefulset, there will be an interruption of Elasticsearch and Process Federation Server services, until at least the quorum of running Elasticsearch pods is satisfied again. + +* Resource Registry limitation: + + Because of the design of etcd, it's recommended that you don't change the replica size after you create the Resource Registry cluster to prevent data loss. If you must set the replica size, set it to an odd number. If you reduce the pod size, the pods are destroyed one by one slowly to prevent data loss or the cluster from becoming out of sync. + * If you update the Resource Registry admin secret to change the username or password, first delete the -dba-rr- pods to cause Resource Registry to enable the updates. Alternatively, you can enable the update manually with etcd commands. + * If you update the Resource Registry configurations in the icp4acluster custom resource instance, the update might not affect the Resource Registry pod directly. It will affect the newly created pods when you increase the number of replicas. + +* The App Engine trusts only Certification Authority (CA) because of a Node.js server limitation. If an external service is used and signed with another root CA, you must add the root CA as trusted instead of the service certificate. + + * The certificate can be self-signed, or signed by a well-known CA. + * If you're using a depth zero self-signed certificate, it must be listed as a trusted certificate. + * If you're using a certificate signed by a self-signed CA, the self-signed CA must be in the trusted list. Using a leaf certificate in the trusted list is not supported. + * If you're adding the root CA of two or more external services to the App Engine trust list, you can't use the same common name for those root CAs. + + + +## Troubleshooting +- How to check check pod status and related logs for Automation Workstream Services + +There are totally 12 Automation Workstream Services-related pods in total, Run the oc get pod command to see the status of each pod: +``` +NAME READY STATUS RESTARTS AGE +demo-ibm-pfs-0 1/1 Running 0 2h +demo-ibm-pfs-dbareg-5fc759c745-mgsdv 1/1 Running 1 1h +demo-ibm-pfs-elasticsearch-0 2/2 Running 0 2h +demo-ibm-pfs-umsregistry-job-g2qt5 0/1 Completed 0 2h +demo-instance1-baw-jms-0 1/1 Running 0 2h +demo-instance1-ibm-iaws-ibm-workplace-init-job-nz9vw 0/1 Completed 0 2h +demo-instance1-ibm-iaws-server-0 1/1 Running 0 2h +demo-instance1-ibm-iaws-server-content-init-job-qv9ms 1/1 Completed 12 2h +demo-instance1-ibm-iaws-server-database-init-job-pfs-cfvs5 0/1 Completed 0 2h +demo-instance1-ibm-iaws-server-database-init-job-t8gjt 0/1 Completed 0 2h +demo-instance1-ibm-iaws-server-ltpa-gzhwp 0/1 Completed 0 2h +demo-instance1-ibm-iaws-server-umsregistry-job-hglww 0/1 Completed 0 2h +... +``` + +For pods controlled by Job, the desired `STATUS` is `Completed` and desired `READY` is `0/1`, while for pods controlled by Deployment or StatefulSet, the desired `STATUS` is `Running` and desired `READY` is `1/1` or `2/2`. You can see detailed information for each pod by running the `oc describe pod ` command and you can see detailed logs by running the `oc logs ` command. Although a pod should be in the `Running` Status at first, if a pod does not change its status, you can use the previous commands to determine what’s causing the blocks. + +
+
+Click to show an example of how to analyze the Pod "demo-instance1-ibm-iaws-server-0". +

+ +```yaml +[root@rhel76 ~]# oc describe pod demo-instance1-ibm-iaws-server-0 +Name: demo-instance1-ibm-iaws-server-0 +Namespace: demo-project +Priority: 0 +PriorityClassName: +Node: rhel76/ +Start Time: Mon, 02 Dec 2019 14:06:10 +0800 +Labels: app.kubernetes.io/component=server + app.kubernetes.io/instance=demo-instance1 + app.kubernetes.io/managed-by=Operator + app.kubernetes.io/name=workflow-server + app.kubernetes.io/version=19.0.3 + controller-revision-hash=demo-instance1-ibm-iaws-server-78d49d6667 + statefulset.kubernetes.io/pod-name=demo-instance1-ibm-iaws-server-0 +Annotations: openshift.io/scc=ibm-dba-iaws-scc + productID=5737-I23 + productName=IBM Cloud Pak for Automation + productVersion=19.0.3 +Status: Running +IP: 10.128.1.85 +Controlled By: StatefulSet/demo-instance1-ibm-iaws-server +Init Containers: + ssl-init-container: + Container ID: docker://e518904579fedc5b276a866f16af134924dba2b62fdaeb3c89e07f52f24b3872 + Image: dba-keytool-initcontainer:latest + Image ID: docker://sha256:e1d8a09881697228664b9a69d72377f7a2f3f0670d4649511b94b1890aa04b1f + Port: + Host Port: + State: Terminated + Reason: Completed + Exit Code: 0 + Started: Mon, 02 Dec 2019 16:17:06 +0800 + Finished: Mon, 02 Dec 2019 16:17:23 +0800 + Ready: True + Restart Count: 1 + Limits: + cpu: 500m + memory: 256Mi + Requests: + cpu: 200m + memory: 128Mi + Environment: + KEYTOOL_ACTION: GENERATE-BOTH + KEYSTORE_PASSWORD: Optional: false + Mounts: + /shared/resources/cert-trusted from trust-tls-volume (rw) + /shared/resources/keypair from keypair-secret (rw) + /shared/tls from key-trust-store (rw) + /var/run/secrets/kubernetes.io/serviceaccount from demo-instance1-ibm-iaws-sa-token-9r477 (ro) + dbcompatibility-init-container: + Container ID: docker://246c6c72e669101162ade46aeb1b40706d2141450becf11e359655309e591818 + Image: dba-dbcompatibility-initcontainer:latest + Image ID: docker://sha256:fac07eb3d6848ca7c3e63c4ce86b40a25a1bd9e69f595aa68056836532dc05d7 + Port: + Host Port: + State: Terminated + Reason: Completed + Exit Code: 0 + Started: Mon, 02 Dec 2019 16:17:28 +0800 + Finished: Mon, 02 Dec 2019 16:17:55 +0800 + Ready: True + Restart Count: 0 + Limits: + cpu: 500m + memory: 256Mi + Requests: + cpu: 200m + memory: 128Mi + Environment: + EXPECTED_SCHEMA_VERSION: 1.0.0 + DATABASE_TYPE: DB2 + DATABASE_HOST_NAME: + DATABASE_PORT: 50000 + DATABASE_NAME: BPMDB + DATABASE_USER: Optional: false + DATABASE_PWD: Optional: false + DATABASE_SCHEMA: Optional: false + SCHEMA_VERSION_TABLE_NAME: PFS_SCHEMA_PROPERTIES + SCHEMA_VERSION_KEY_NAME: Version + SCHEMA_VERSION_KEY_COLUMN_NAME: KEY + SCHEMA_VERSION_VALUE_COLUMN_NAME: VALUE + DATABASE_ALTERNATE_PORT: 0 + RETRY_INTERVAL_FOR_CLIENT_REROUTE: 600 + MAX_RETRIES_FOR_CLIENT_REROUTE: 5 + Mounts: + /var/run/secrets/kubernetes.io/serviceaccount from demo-instance1-ibm-iaws-sa-token-9r477 (ro) + bawdbcompatibility-init-container: + Container ID: docker://ead83f436f485f20658205dd00a7fa7e63d50cfaec8b1f6e63f459e5c2798c6a + Image: dba-dbcompatibility-initcontainer:latest + Image ID: docker://sha256:fac07eb3d6848ca7c3e63c4ce86b40a25a1bd9e69f595aa68056836532dc05d7 + Port: + Host Port: + State: Terminated + Reason: Completed + Exit Code: 0 + Started: Mon, 02 Dec 2019 16:18:02 +0800 + Finished: Mon, 02 Dec 2019 16:18:28 +0800 + Ready: True + Restart Count: 0 + Limits: + cpu: 500m + memory: 256Mi + Requests: + cpu: 200m + memory: 128Mi + Environment: + EXPECTED_SCHEMA_VERSION: 1.1.0 + DATABASE_TYPE: DB2 + DATABASE_HOST_NAME: + DATABASE_PORT: 50000 + DATABASE_NAME: BPMDB + DATABASE_USER: Optional: false + DATABASE_PWD: Optional: false + SCHEMA_VERSION_TABLE_NAME: LSW_SYSTEM_SCHEMA + SCHEMA_VERSION_KEY_NAME: DatabaseSchemaVersion + SCHEMA_VERSION_KEY_COLUMN_NAME: PROPNAME + SCHEMA_VERSION_VALUE_COLUMN_NAME: PROPVALUE + DATABASE_ALTERNATE_PORT: 0 + RETRY_INTERVAL_FOR_CLIENT_REROUTE: 600 + MAX_RETRIES_FOR_CLIENT_REROUTE: 5 + Mounts: + /var/run/secrets/kubernetes.io/serviceaccount from demo-instance1-ibm-iaws-sa-token-9r477 (ro) +Containers: + wf-ps: + Container ID: docker://686af04f1b5bb136f546a8ad34a2574f7500387099db812034d9facac33f9020 + Image: iaws-ps:19.0.3 + Image ID: docker://sha256:324ae272532971bc2779719239ebfa88adb298bf6ddd8970b568e97caedf4a13 + Port: + Host Port: + State: Running + Started: Mon, 02 Dec 2019 16:18:34 +0800 + Last State: Terminated + Reason: Error + Exit Code: 255 + Started: Mon, 02 Dec 2019 14:07:31 +0800 + Finished: Mon, 02 Dec 2019 16:15:32 +0800 + Ready: True + Restart Count: 1 + Limits: + cpu: 3 + memory: 2096Mi + Requests: + cpu: 2 + memory: 1048Mi + Readiness: exec [/bin/bash -c if [ "$(curl -sfk https://localhost:9443/ps/rest/v1/config/getProcessServerDatabaseSchemaVersion | grep -Po '(?<="status":")(.*?)(?=")')" != "200" ]; then exit 1; fi] delay=180s timeout=1s period=5s #success=1 #failure=3 + Environment: + JMS_SERVER_HOST: demo-instance1-baw-jms-service + UMS_CLIENT_ID: demo-instance1-ibm-iaws-server-oidc-client + UMS_CLIENT_SECRET: Optional: false + UMS_HOST: ums..nip.io + UMS_PORT: 443 + EXTERNAL_HOSTNAME: .nip.io + EXTERNAL_PORT: 443 + WLP_LOGGING_CONSOLE_FORMAT: json + WLP_LOGGING_MESSAGE_FORMAT: basic + ADMIN_USER: Optional: false + ADMIN_PASSWORD: Optional: false + UMS_ADMIN_USER: Optional: false + UMS_ADMIN_PASSWORD: Optional: false + DB_TYPE: DB2 + DB_USER: Optional: false + DB_PASSWORD: Optional: false + DB_NAME: BPMDB + DB_HOST: + DB_PORT: 50000 + SSL_KEY_PASSWORD: Optional: false + CSRF_SESSION_TOKENSALT: Optional: false + CSRF_REFERER_WHITELIST: .nip.io,ums..nip.io,ae..nip.io,icn..nip.io + CSRF_ORIGIN_WHITELIST: https://.nip.io,https://.nip.io:443,https://ums..nip.io,https://ums..nip.io:443,https://ae..nip.io,https://icn..nip.io + CPE_URL: https://demo-cpe-svc:9443/wsi/FNCEWS40MTOM + CMIS_URL: https://demo-cmis-svc:9443/openfncmis_wlp/services + CPE_DOMAIN_NAME: P8Domain + CPE_REPOSITORY: DOCS + CPE_OBJECTSTORE_ID: {E340B318-CF17-4C14-8902-AF713D3B0A91} + CPE_USERNAME: Optional: false + CPE_PASSWORD: Optional: false + WAIT_INTERVAL: 60000 + DB_SSLCONNECTION: false + DB_SSLCERTLOCATION: fake + DBCHECK_WAITTIME: 900 + DBCHECK_INTERVALTIME: 15 + STANDBYDB_PORT: 0 + STANDBYDB_RETRYINTERVAL: 600 + STANDBYDB_MAXRETRIES: 5 + RESOURCE_REGISTRY_URL: https://rr..nip.io:443 + RESOURCE_REGISTRY_UNAME: Optional: false + RESOURCE_REGISTRY_PASSWORD: Optional: false + CLUSTERIP_SERVICE_NAME: demo-instance1-ibm-baw-server + APPENGINE_EXTERNAL_HOSTNAME: ae..nip.io + FRAME-ANCESTORS-SETTING: https://.nip.io https://ums..nip.io https://ae..nip.io https://icn..nip.io + ENCRYPTION_KEY: Optional: false + Mounts: + /opt/ibm/wlp/output/defaultServer/resources/security/keystore/jks/server.jks from key-trust-store (rw) + /opt/ibm/wlp/output/defaultServer/resources/security/truststore/jks/trusts.jks from key-trust-store (rw) + /opt/ibm/wlp/usr/servers/defaultServer/config/100SCIM.xml from configurations (rw) + /opt/ibm/wlp/usr/servers/defaultServer/configDropins/overrides/oidc-rp.xml from configurations (rw) + /opt/ibm/wlp/usr/servers/defaultServer/configDropins/overrides/processServer_variables_system.xml from configurations (rw) + /opt/ibm/wlp/usr/servers/defaultServer/configDropins/overrides/security100.xml from configurations (rw) + /opt/ibm/wlp/usr/servers/defaultServer/configDropins/overrides/ssl.xml from configurations (rw) + /opt/ibm/wlp/usr/servers/defaultServer/configDropins/overrides/trace-specification.xml from configurations (rw) + /opt/ibm/wlp/usr/servers/defaultServer/resources/security from ltpa-store (rw) + /var/run/secrets/kubernetes.io/serviceaccount from demo-instance1-ibm-iaws-sa-token-9r477 (ro) +Conditions: + Type Status + Initialized True + Ready True + ContainersReady True + PodScheduled True +Volumes: + key-trust-store: + Type: EmptyDir (a temporary directory that shares a pod's lifetime) + Medium: + trust-tls-volume: + + keypair-secret: + Type: Secret (a volume populated by a Secret) + SecretName: ibm-baw-tls + Optional: false + ltpa-store: + Type: Secret (a volume populated by a Secret) + SecretName: demo-instance1-ibm-iaws-server-ltpa + Optional: false + configurations: + Type: ConfigMap (a volume populated by a ConfigMap) + Name: demo-instance1-ibm-iaws-server-config + Optional: false + demo-instance1-ibm-iaws-sa-token-9r477: + Type: Secret (a volume populated by a Secret) + SecretName: demo-instance1-ibm-iaws-sa-token-9r477 + Optional: false +QoS Class: Burstable +Node-Selectors: node-role.kubernetes.io/compute=true +Tolerations: node.kubernetes.io/memory-pressure:NoSchedule +Events: + Type Reason Age From Message + ---- ------ ---- ---- ------- + Warning NetworkNotReady 16m (x2 over 16m) kubelet, rhel76 network is not ready: [runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized] + Normal SandboxChanged 15m kubelet, rhel76 Pod sandbox changed, it will be killed and re-created. + Normal Pulled 15m kubelet, rhel76 Container image "dba-keytool-initcontainer:latest" already present on machine + Normal Created 15m kubelet, rhel76 Created container + Normal Started 15m kubelet, rhel76 Started container + Normal Pulled 15m kubelet, rhel76 Container image "dba-dbcompatibility-initcontainer:latest" already present on machine + Normal Created 15m kubelet, rhel76 Created container + Normal Started 15m kubelet, rhel76 Started container + Normal Pulled 14m kubelet, rhel76 Container image "dba-dbcompatibility-initcontainer:latest" already present on machine + Normal Created 14m kubelet, rhel76 Created container + Normal Started 14m kubelet, rhel76 Started container + Normal Pulled 14m kubelet, rhel76 Container image "iaws-ps:19.0.3" already present on machine + Normal Created 14m kubelet, rhel76 Created container + Normal Started 14m kubelet, rhel76 Started container +``` + +The "demo-instance1-ibm-iaws-server-0" pod has three init containers, named `ssl-init-container`, `dbcompatibility-init-container` and `bawdbcompatibility-init-container`. For all init containers, the desired STATUS is `Terminated` with Reason `Completed`. For the `wf-ps` container, the desired Ready STATUS is `True`. + +

+
+
+ + +- Error: failed to start container "demo-cpe-deploy" or "demo-navigator-deploy" + +
+
+Click to show detailed information and a solution. +

+ +The detailed error message is something like "Error response from daemon: oci runtime error: container_linux.go:235: starting container process caused "container init exited prematurely"". This kind of error is caused by Persistent Volumes and Persistent Volume Claims related to IBM Content Navigator and Content Platform Engine that are bound incorrectly. The solution is to delete first the Persistent Volume Claims related to IBM Content Navigator or Content Platform Engine and then the related PVs and NFS folders. Then, re-create them in the reverse order. + +

+
+
+ +- Failed to start Pod "demo-ibm-pfs-elasticsearch-0" + +Check the value of the `pfs_configuration.elasticsearch.privileged` property in your Custom Resource configuration. If it's set to `true`, run the `oc describe pod demo-ibm-pfs-elasticsearch-0` command to check the SecurityContextConstraint of the `demo-ibm-pfs-elasticsearch-0` pod. Also, ensure it’s set as `openshift.io/scc=pfs-privileged-scc`. +``` +# oc describe pod demo-ibm-pfs-elasticsearch-0 +Name: demo-ibm-pfs-elasticsearch-0 +Namespace: demo-project +Priority: 0 +PriorityClassName: +Node: rhel76/ +Start Time: Thu, 21 Nov 2019 18:10:11 +0800 +Labels: app.kubernetes.io/component=pfs-elasticsearch + app.kubernetes.io/instance=demo + app.kubernetes.io/managed-by=Operator + app.kubernetes.io/name=demo-ibm-pfs-elasticsearch + app.kubernetes.io/version=19.0.3 + controller-revision-hash=demo-ibm-pfs-elasticsearch-8675f484d + role=elasticsearch + statefulset.kubernetes.io/pod-name=demo-ibm-pfs-elasticsearch-0 +Annotations: checksum/config=6a3747ddc8ce13afdfc85b6793b847d035e8edd5 + openshift.io/scc=pfs-privileged-scc + productID=5737-I23 + productName=IBM Cloud Pak for Automation + productVersion=19.0.3 +Status: Running +``` + +- To enable Automation Workstream Services container logs: + +Use the following specification to enable Automation Workstream Services container logs in the Custom Resource configuration: +```yaml +iaws_configuration: + - name: instance1 + wfs: + logs: + console_format: “json” + console_log_level: “INFO” + console_source: “message,trace,accessLog,ffdc,audit” + message_format: “basic” + trace_format: “ENHANCED” + trace_specification: “WLE.=all:com.ibm.bpm.=all:com.ibm.workflow.*=all” +``` + +Then, run the `oc logs IAWS_pod_name` command to see the logs, or log into Automation Workstream Services to see the logs. + +This example shows how to check the Automation Workstream Services container logs: +``` +$ oc exec -it demo-instance1-ibm-iaws-server-0 bash +$ cat /logs/application/liberty-message.log +``` + +- To customize the Process Federation Server liberty server trace setting + +Use the following pecification can be used to enable Process Federation Server container logs in the Custom Resource configuration: +```yaml +pfs_configuration: + pfs: + logs: + console_format: "json" + console_log_level: "INFO" + console_source: "message,trace,accessLog,ffdc,audit" + trace_format: "ENHANCED" + trace_specification: "*=info" +``` + +Then, run the `oc logs PFS_pod_name` command to see the logs, or log into Process Federation Server to see the logs. + +This example shows how to check the Process Federation Server container logs: +``` +$ oc exec -it demo-ibm-pfs-0 bash +$ cat /logs/application/liberty-message.log +``` diff --git a/IAWS/configuration/sample_min_value.yaml b/IAWS/configuration/sample_min_value.yaml new file mode 100644 index 00000000..aa28e00b --- /dev/null +++ b/IAWS/configuration/sample_min_value.yaml @@ -0,0 +1,234 @@ +apiVersion: icp4a.ibm.com/v1 +kind: ICP4ACluster +metadata: + name: demo +spec: + iaws_configuration: + - name: instance1 + wfs: + service_type: "Route" + hostname: + port: 443 + replicas: 1 + workflow_server_secret: ibm-baw-baw-secret + tls: + tls_secret_name: ibm-baw-tls + tls_trust_list: + image: + repository: cp.icr.io/cp/cp4a/iaws/iaws-ps + tag: 19.0.3 + pullPolicy: IfNotPresent + pfs_bpd_database_init_job: + repository: cp.icr.io/cp/cp4a/iaws/pfs-bpd-database-init-prod + tag: 19.0.3 + pullPolicy: IfNotPresent + upgrade_job: + repository: cp.icr.io/cp/cp4a/iaws/iaws-psdb-handling + tag: 19.0.3 + pullPolicy: IfNotPresent + ibm_workplace_job: + repository: cp.icr.io/cp/cp4a/iaws/iaws-ibm-workplace + tag: 19.0.3 + pull_policy: IfNotPresent + database: + ssl: false + sslsecretname: ibm-dba-baw-db2-cacert + type: "DB2" + server_name: + database_name: "BPMDB" + port: "50000" + secret_name: ibm-baw-wfs-server-db-secret + dbcheck: + wait_time: 900 + interval_time: 15 + hadr: + standbydb_host: + standbydb_port: + retryinterval: + maxretries: + content_integration: + init_job_image: + repository: cp.icr.io/cp/cp4a/iaws/iaws-ps-content-integration + tag: 19.0.3 + pull_policy: IfNotPresent + domain_name: "P8Domain" + object_store_name: "DOCS" + cpe_admin_secret: cpe-admin-secret + event_handler_path: "/home/config/docs-config" + appengine: + hostname: + admin_secret_name: ae-admin-secret-instance1 + resource_registry: + hostname: + port: 443 + admin_secret_name: rr-admin-secret + jms: + image: + repository: cp.icr.io/cp/cp4a/iaws/baw-jms-server + tag: 19.0.3 + pull_policy: IfNotPresent + tls: + tls_secret_name: dummy-jms-tls-secret + resources: + limits: + memory: "2Gi" + cpu: "1000m" + requests: + memory: "512Mi" + cpu: "200m" + storage: + persistent: true + size: "2Gi" + use_dynamic_provisioning: false + access_modes: + - ReadWriteOnce + storage_class: "jms-storage-class" + resources: + limits: + cpu: 3 + memory: 2096Mi + requests: + cpu: 2 + memory: 1048Mi + probe: + ws: + liveness_probe: + initial_delay_seconds: 240 + readinessProbe: + initial_delay_seconds: 180 + logs: + console_format: "json" + console_log_level: "INFO" + console_source: "message,trace,accessLog,ffdc,audit" + message_format: "basic" + trace_format: "ENHANCED" + trace_specification: "*=info" + custom_xml_secret_name: + lombardi_custom_xml_secret_name: wfs-lombardi-custom-xml-secret + + pfs_configuration: + pfs: + hostname: + port: 443 + service_type: Route + image: + repository: cp.icr.io/cp/cp4a/iaws/pfs + tag: 19.0.3 + pull_policy: IfNotPresent + liveness_probe: + initial_delay_seconds: 60 + readiness_probe: + initial_delay_seconds: 60 + replicas: 1 + service_account: + anti_affinity: hard + admin_secret_name: ibm-pfs-admin-secret + config_dropins_overrides_secret: ibm-pfs-config + resources_security_secret: "" + external_tls_secret: + external_tls_ca_secret: + tls: + tls_secret_name: + tls_trust_list: + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 2 + memory: 4Gi + saved_searches: + index_name: ibmpfssavedsearches + index_number_of_shards: 3 + index_number_of_replicas: 1 + index_batch_size: 100 + update_lock_expiration: 5m + unique_constraint_expiration: 5m + security: + sso: + domain_name: + cookie_name: "ltpatoken2" + ltpa: + filename: "ltpa.keys" + expiration: "120m" + monitor_interval: "60s" + ssl_protocol: SSL + executor: + max_threads: "80" + core_threads: "40" + rest: + user_group_check_interval: "300s" + system_status_check_interval: "60s" + bd_fields_check_interval: "300s" + custom_env_variables: + names: + secret: + output: + storage: + use_dynamic_provisioning: false + size: 5Gi + storage_class: "pfs-output" + logs: + storage: + use_dynamic_provisioning: false + size: 5Gi + storage_class: "pfs-logs" + dba_resource_registry: + image: + repository: cp.icr.io/cp/cp4a/aae/dba-etcd + tag: latest + pull_policy: IfNotPresent + lease_ttl: 120 + pfs_check_interval: 10 + pfs_connect_timeout: 10 + pfs_response_timeout: 30 + pfs_registration_key: /dba/appresources/IBM_PFS/PFS_SYSTEM + tls_secret: rr-tls-client-secret + resources: + limits: + memory: ‘512Mi’ + cpu: ‘500m’ + requests: + memory: ‘512Mi’ + cpu: ‘200m’ + elasticsearch: + es_image: + repository: cp.icr.io/cp/cp4a/iaws/pfs-elasticsearch-prod + tag: 19.0.3 + pull_policy: IfNotPresent + pfs_init_image: + repository: cp.icr.io/cp/cp4a/iaws/pfs-init-prod + tag: 19.0.3 + pull_policy: IfNotPresent + nginx_image: + repository: cp.icr.io/cp/cp4a/iaws/pfs-nginx-prod + tag: 19.0.3 + pull_policy: IfNotPresent + replicas: 1 + service_type: NodePort + external_port: + anti_affinity: hard + service_account: ibm-pfs-es-service-account + privileged: true + probe_initial_delay: 90 + heap_size: "1024m" + resources: + limits: + memory: "2Gi" + cpu: "1000m" + requests: + memory: "1Gi" + cpu: "100m" + storage: + persistent: true + use_dynamic_provisioning: false + size: 10Gi + storage_class: "pfs-es" + snapshot_storage: + enabled: false + use_dynamic_provisioning: false + size: 30Gi + storage_class_name: "" + existing_claim_name: "" + security: + users_secret: "" \ No newline at end of file diff --git a/LICENSE b/LICENSE old mode 100755 new mode 100644 index f878f629..6951cbdc --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -The translated license terms can be viewed here: [License and Copyright]( http://www14.software.ibm.com/cgi-bin/weblap/lap.pl?li_formnum=L-ASAY-BEEFUW#ibm-top ) +The translated license terms can be viewed here: http://www14.software.ibm.com/cgi-bin/weblap/lap.pl?li_formnum=L-ASAY-BJCED8 LICENSE INFORMATION @@ -6,7 +6,7 @@ The Programs listed below are licensed under the following License Information t Program Name (Program Number): -IBM Cloud Pak for Automation 19.0.2 (5737-I23) +IBM Cloud Pak for Automation SR1 19.0.3 (5737-I23) The following standard terms apply to Licensee's use of the Program. @@ -22,6 +22,10 @@ Prohibited Uses Licensee may not use or authorize others to use the Program if failure of the Program could lead to death, bodily injury, or property or environmental damage. +License Terms delivered with Program Not Applicable + +The terms of this Agreement supersede and void any electronic "click through," "shrinkwrap," or other licensing terms and conditions included with or accompanying the Program(s). + Multi-Product Install Image The Program is provided as part of a multi-product install image. Licensee is authorized to install and use only the Program (and its Bundled or Supporting Programs, if any) for which a valid entitlement is obtained and may not install or use any of the other software included in the image unless Licensee has acquired separate entitlements for that other software. @@ -36,7 +40,13 @@ IBM FileNet Content Manager IBM FileNet Content Manager for Non-Production Environment -IBM Datacap +IBM Datacap Processor Value Unit v9 + +IBM Datacap for Non-Production Environment Processor Value Unit v9 + +IBM Datacap Insight Edition Add-On Processor Value Unit v9 + +IBM Datacap Insight Edition Add-on for Non-Production Environment Processor Value Unit v9 IBM Content Collector for Email @@ -46,8 +56,6 @@ IBM Content collector for Microsoft SharePoint IBM Content Collector for SAP Applications -IBM Enterprise Records - IBM Business Automation Workflow Enterprise IBM Business Automation Workflow Enterprise for Non-Production Environment @@ -56,34 +64,24 @@ IBM Operational Decision Manager Server IBM Operational Decision Manager Server for Non-Production Environment +IBM Enterprise Records + Supporting Programs Licensee is authorized to install and use the Supporting Programs identified below. Licensee is authorized to install and use such Supporting Programs only to support Licensee's use of the Principal Program under this Agreement. The phrase "to support Licensee's use" would only include those uses that are necessary or otherwise directly related to a licensed use of the Principal Program or another Supporting Program. The Supporting Programs may not be used for any other purpose. A Supporting Program may be accompanied by license terms, and those terms, if any, apply to Licensee's use of that Supporting Program. In the event of conflict, the terms in this License Information document supersede the Supporting Program's terms. Licensee must obtain sufficient entitlements to the Program, as a whole, to cover Licensee's installation and use of all of the Supporting Programs, unless separate entitlements are provided within this License Information document. For example, if this Program were licensed on a PVU (Processor Value Unit) basis and Licensee were to install the Principal Program or a Supporting Program on a 100 PVU machine (physical or virtual) and another Supporting Program on a second 100 PVU machine, Licensee would be required to obtain 200 PVU entitlements to the Program. Supporting Programs: -IBM DB2 Advanced Workgroup Server Edition 11.1 +IBM DB2 Advanced Workgroup Server Edition 11.5 IBM WebSphere Liberty 19.0 +IBM WebSphere Application Server Network Deployment + Development Tool This Program is designed to aid in the development of software applications and systems. Licensee is solely responsible for the applications and systems that it develops by using this Program and assumes all risk and responsibility therefor. -Components Not Used for Establishing Required Entitlements - -When determining the number of entitlements required for Licensee's installation or use of the Program, the installation or use of the following Program components are not taken into consideration. In other words, Licensee may install and use the following Program components, under the license terms, but these components are not used to determine the number of entitlements required for the Program. - -IBM Business Automation Studio (Component of the Program) - -IBM Business Automation Navigator (Component of the Program) - -IBM Business Automation Application Designer (Component of the Program) - -IBM Business Automation Application Engine (Component of the Program) - -- Use Limitation: Non-Production - Separately Licensed Code The provisions of this paragraph do not apply to the extent they are held to be invalid or unenforceable under the law that governs this license. Each of the components listed below is considered "Separately Licensed Code". IBM Separately Licensed Code is licensed to Licensee under the terms of the applicable third party license agreement(s) set forth in the NON_IBM_LICENSE file(s) that accompanies the Program. Notwithstanding any of the terms in the Agreement, or any other agreement Licensee may have with IBM, the terms of such third party license agreement(s) governs Licensee's use of all Separately Licensed Code unless otherwise noted below. @@ -136,7 +134,7 @@ Red Hat Universal Base Image 7 Red Hat Universal Base Image 8 -Red Hat Openshift Container Platform 3.11 +Red Hat Openshift Container Platform 3.11 or later versions font-awesome icons 4.7 @@ -146,6 +144,26 @@ dbus 1.10 inotify-tools 3.14 +Red Hat Enterprise Linux 7 + +Red Hat Enterprise Linux 8 + +Erlang/OTP 21.3 + +poppler-utils 0.48 + +LibreOffice 6.3 + +OCRmyPDF 9.0 + +Debian GNU/Linux 8 + +Ubuntu 16 + +Alpine Linux 3 + +libonig2 5.9 + Privacy Licensee acknowledges and agrees that IBM may use cookie and tracking technologies to collect personal information in gathering product usage statistics and information designed to help improve user experience and/or to tailor interactions with users in accordance with the IBM Online Privacy Policy, available at http://www.ibm.com/privacy/. @@ -178,10 +196,6 @@ The Program may contain links to or be used to access third party data services, The following units of measure may apply to Licensee's use of the Program. -Establishment - -Establishment is a unit of measure by which the Program can be licensed. An Establishment is a single physical site, including the surrounding campus and satellite offices located within 50 kilometers, of Licensee's site address. Licensee must obtain an entitlement for each Establishment at or for which the Program will be used. Licensee is permitted to deploy an unlimited number of copies of the Program within the Establishment. An entitlement for an Establishment is unique to that Establishment and may not be shared, nor may it be reassigned other than for the permanent closing of the Establishment. - Virtual Processor Core Virtual Processor Core is a unit of measure by which the Program can be licensed. A Server is a physical computer that is comprised of processing units, memory, and input/output capabilities and that executes requested procedures, commands, or applications for one or more users or client devices. Where racks, blade enclosures, or other similar equipment is being employed, each separable physical device (for example, a blade or a rack-mounted device) that has the required components is considered itself a separate Server. A Virtual Server is either a virtual computer created by partitioning the resources available to a physical Server or an unpartitioned physical Server. A Processor Core is a functional unit within a computing device that interprets and executes instructions. A Processor Core consists of at least an instruction control unit and one or more arithmetic or logic unit. A Virtual Processor Core is a Processor Core on a Virtual Server created by partitioning the resources available to a physical Server or an unpartitioned physical Server. Licensee must obtain entitlement for each Virtual Processor Core made available to the Program. @@ -190,6 +204,28 @@ For each physical Server, Licensee must have sufficient entitlements for the les In addition to the above, the following terms apply to Licensee's use of the Program. +Permitted Components + +Notwithstanding any provision in the Agreement, Licensee is permitted to use only the following components or functions of the identified Supporting Program: + +- IBM WebSphere Application Server Network Deployment only for use in support of the following Bundled Programs: IBM FileNet Content Manager, IBM FileNet Content Manager for Non-Production Environment, IBM Datacap, IBM Enterprise Records, IBM Business Automation Workflow Enterprise, IBM Business Automation Workflow Enterprise for Non-Production Environment, IBM Operational Decision Manager Server, IBM Operational Decision Manager Server for Non-Production Environment. + +Components Not Used for Establishing Required Entitlements + +When determining the number of entitlements required for Licensee's installation or use of the Program, the installation or use of the following Program components are not taken into consideration. In other words, Licensee may install and use the following Program components, under the license terms, but these components are not used to determine the number of entitlements required for the Program. + +- IBM Business Automation Studio + +- IBM Business Automation Navigator + +- IBM Business Automation Application Designer + +- IBM Business Automation Application Engine when used in Non-Production + +- IBM Automation Digital Worker when used in Non-Production + +- IBM Business Automation Insights when used in Non-Production + Entitlement Conversion Details These Entitlement Conversion Details outline the entitlement conversion options. Licensee is entitled to the below entitlement conversion options in any deployment combination of Licensee's choosing and may choose to convert entitlements between the listed programs below at any time provided that the sum of Licensee's deployments do not exceed the total amount of Licensee's entitlements obtained for the Program. Licensee is not entitled to use entitlements obtained of the Program for any other purpose. @@ -202,821 +238,483 @@ Entitlement Values Business Automation Application Engine (Component of the Program) -- Entitlement Value: Ratio 1 VPC/ 1VPC +- Entitlement Value: Conversion 1 VPC/ 1VPC Business Automation Insights (Component of the Program) -- Entitlement Value: Ratio 1 VPC/ 1VPC +- Entitlement Value: Conversion 1 VPC/ 1VPC -Business Automation Insights (Component of the Program) +IBM Automation Digital Worker (Component of the Program) -- Entitlement Value: Ratio 2 VPC/ 1VPC - -- Use Limitation: Non-Production +- Entitlement Value: Conversion 1 VPC/ 1VPC IBM FileNet Content Manager -- Entitlement Value: Ratio 1 VPC/ 10VPCs +- Entitlement Value: Conversion 1 VPC/ 5VPCs IBM FileNet Content Manager for Non-Production Environment -- Entitlement Value: Ratio 2 VPCs/ 10VPCs +- Entitlement Value: Conversion 2 VPCs/ 5VPCs - Use Limitation: Non-Production IBM Business Automation Workflow Enterprise -- Entitlement Value: Ratio 1 VPC/ 5VPCs +- Entitlement Value: Conversion 1 VPC/ 5VPCs IBM Business Automation Workflow Enterprise for Non-Production Environment -- Entitlement Value: Ratio 2 VPCs/ 5VPCs +- Entitlement Value: Conversion 2 VPCs/ 5VPCs - Use Limitation: Non-Production +IBM Automation Workstream Services + +- Entitlement Value: Conversion 1 VPC/ 5VPCs + IBM Operational Decision Manager Server -- Entitlement Value: Ratio 1 VPC/ 5VPCs +- Entitlement Value: Conversion 1 VPC/ 5VPCs IBM Operational Decision Manager Server for Non-Production Environment -- Entitlement Value: Ratio 2 VPCs/ 5VPCs +- Entitlement Value: Conversion 2 VPCs/ 5VPCs - Use Limitation: Non-Production -Business Automation Navigator (Component of the Program) - -- Entitlement Value: Ratio 1 VPC/ 5VPC - Business Automation Content Analyzer (Component of the Program) -- Entitlement Value: Ratio 1 VPC/ 1VPC +- Entitlement Value: Conversion 1 VPC/ 1VPC Business Automation Content Analyzer (Component of the Program) -- Entitlement Value: Ratio 2 VPC/ 1VPC +- Entitlement Value: Conversion 2 VPC/ 1VPC - Use Limitation: Non-Production IBM Datacap Processor Value Unit -- Entitlement Value: Ratio 1 VPC/ 2VPC +- Entitlement Value: Conversion 1 VPC/ 2VPC -IBM Datacap Processor Value Unit for Non-Production +IBM Datacap for Non-Production Environment Processor Value Unit -- Entitlement Value: Ratio 1 VPC/ 1VPC +- Entitlement Value: Conversion 1 VPC/ 1VPC - Use Limitation: Non-Production -IBM Content Collector for Email, Files & Sharepoint +IBM Datacap Insight Edition Add-On Processor Value Unit -- Entitlement Value: Ratio 1 VPC/ 3VPC +- Entitlement Value: Conversion 1 VPC/ 2VPC -IBM Content Collector for Email, Files & Sharepoint for Non-Production +IBM Datacap Insight Edition Add-on for Non-Production Environment Processor Value Unit -- Entitlement Value: Ratio 2 VPC/ 3VPC +- Entitlement Value: Conversion 1 VPC/ 1VPC - Use Limitation: Non-Production -IBM Content Collector for SAP +IBM Content Collector for Email, Files & Sharepoint -- Entitlement Value: Ratio 1 VPC/ 3VPC +- Entitlement Value: Conversion 1 VPC/ 3VPC -IBM Content Collector for SAP for Non-Production +IBM Content Collector for Email, Files & Sharepoint for Non-Production -- Entitlement Value: Ratio 2 VPC/ 3VPC +- Entitlement Value: Conversion 2 VPC/ 3VPC - Use Limitation: Non-Production -IBM Enterprise Records +IBM Content Collector for SAP -- Entitlement Value: Ratio 1VPC/ 3VPC +- Entitlement Value: Conversion 1 VPC/ 3VPC -IBM Enterprise Records +IBM Content Collector for SAP for Non-Production -- Entitlement Value: Ratio 2VPC/ 3VPC +- Entitlement Value: Conversion 2 VPC/ 3VPC - Use Limitation: Non-Production -"Ratio n/m" means that for the Bundled Program Licensee elects to allocate Licensee's entitlement to the Program, the entitlement for such Bundled Program is the number ('n') entitlements of the VPCs for the Bundled Program for every specified number ('m') entitlements of the VPCs for the Program as a whole. +Conversion n/m" means that Licensee can convert some number ('n') entitlements of the indicated metric for the Bundled Program for every specified number ('m') entitlements of the specified metric for the Program. The specified conversion does not apply to any entitlements for the Program that are not of the required metric type. For example, if the conversion ratio is 100 entitlements of a Bundled Program for every 500 entitlements obtained of the Program and Licensee acquires 1,500 entitlements of the Program, Licensee may convert those 1,500 entitlements into 300 entitlements of the Bundled Program, allowing the Licensee to use the Bundled Program up to the 300 entitlements. "Non-Production" means that the Bundled Program can only be deployed as part of Licensee's internal development and test environment for internal non-production activities, including but not limited to testing, performance tuning, fault diagnosis, internal benchmarking, staging, quality assurance activity and/or developing internally used additions or extensions to the Program using published application programming interfaces. Licensee is not authorized to use any part of the Bundled Program for any other purposes without acquiring the appropriate production entitlements. -L/N: L-ASAY-BEEFUW - -D/N: L-ASAY-BEEFUW - -P/N: L-ASAY-BEEFUW - - -Back to top - -International Program License Agreement - -Part 1 - General Terms - -BY DOWNLOADING, INSTALLING, COPYING, ACCESSING, CLICKING ON AN "ACCEPT" BUTTON, OR OTHERWISE USING THE PROGRAM, LICENSEE AGREES TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ACCEPTING THESE TERMS ON BEHALF OF LICENSEE, YOU REPRESENT AND WARRANT THAT YOU HAVE FULL AUTHORITY TO BIND LICENSEE TO THESE TERMS. IF YOU DO NOT AGREE TO THESE TERMS, - -* DO NOT DOWNLOAD, INSTALL, COPY, ACCESS, CLICK ON AN "ACCEPT" BUTTON, OR USE THE PROGRAM; AND - -* PROMPTLY RETURN THE UNUSED MEDIA, DOCUMENTATION, AND PROOF OF ENTITLEMENT TO THE PARTY FROM WHOM IT WAS OBTAINED FOR A REFUND OF THE AMOUNT PAID. IF THE PROGRAM WAS DOWNLOADED, DESTROY ALL COPIES OF THE PROGRAM. - -1. Definitions - -"Authorized Use" - the specified level at which Licensee is authorized to execute or run the Program. That level may be measured by number of users, millions of service units ("MSUs"), Processor Value Units ("PVUs"), or other level of use specified by IBM. - -"IBM" - International Business Machines Corporation or one of its subsidiaries. - -"License Information" ("LI") - a document that provides information and any additional terms specific to a Program. The Program's LI is available at www.ibm.com/software/sla. The LI can also be found in the Program's directory, by the use of a system command, or as a booklet included with the Program. - -"Program" - the following, including the original and all whole or partial copies: 1) machine-readable instructions and data, 2) components, files, and modules, 3) audio-visual content (such as images, text, recordings, or pictures), and 4) related licensed materials (such as keys and documentation). - -"Proof of Entitlement" ("PoE") - evidence of Licensee's Authorized Use. The PoE is also evidence of Licensee's eligibility for warranty, future update prices, if any, and potential special or promotional opportunities. If IBM does not provide Licensee with a PoE, then IBM may accept as the PoE the original paid sales receipt or other sales record from the party (either IBM or its reseller) from whom Licensee obtained the Program, provided that it specifies the Program name and Authorized Use obtained. - -"Warranty Period" - one year, starting on the date the original Licensee is granted the license. - -2. Agreement Structure - -This Agreement includes Part 1 - General Terms, Part 2 - Country-unique Terms (if any), the LI, and the PoE and is the complete agreement between Licensee and IBM regarding the use of the Program. It replaces any prior oral or written communications between Licensee and IBM concerning Licensee's use of the Program. The terms of Part 2 may replace or modify those of Part 1. To the extent of any conflict, the LI prevails over both Parts. - -3. License Grant - -The Program is owned by IBM or an IBM supplier, and is copyrighted and licensed, not sold. - -IBM grants Licensee a nonexclusive license to 1) use the Program up to the Authorized Use specified in the PoE, 2) make and install copies to support such Authorized Use, and 3) make a backup copy, all provided that - -a. Licensee has lawfully obtained the Program and complies with the terms of this Agreement; - -b. the backup copy does not execute unless the backed-up Program cannot execute; - -c. Licensee reproduces all copyright notices and other legends of ownership on each copy, or partial copy, of the Program; - -d. Licensee ensures that anyone who uses the Program (accessed either locally or remotely) 1) does so only on Licensee's behalf and 2) complies with the terms of this Agreement; - -e. Licensee does not 1) use, copy, modify, or distribute the Program except as expressly permitted in this Agreement; 2) reverse assemble, reverse compile, otherwise translate, or reverse engineer the Program, except as expressly permitted by law without the possibility of contractual waiver; 3) use any of the Program's components, files, modules, audio-visual content, or related licensed materials separately from that Program; or 4) sublicense, rent, or lease the Program; and - -f. if Licensee obtains this Program as a Supporting Program, Licensee uses this Program only to support the Principal Program and subject to any limitations in the license to the Principal Program, or, if Licensee obtains this Program as a Principal Program, Licensee uses all Supporting Programs only to support this Program, and subject to any limitations in this Agreement. For purposes of this Item "f," a "Supporting Program" is a Program that is part of another IBM Program ("Principal Program") and identified as a Supporting Program in the Principal Program's LI. (To obtain a separate license to a Supporting Program without these restrictions, Licensee should contact the party from whom Licensee obtained the Supporting Program.) - -This license applies to each copy of the Program that Licensee makes. - -3.1 Trade-ups, Updates, Fixes, and Patches - -3.1.1 Trade-ups - -If the Program is replaced by a trade-up Program, the replaced Program's license is promptly terminated. - -3.1.2 Updates, Fixes, and Patches - -When Licensee receives an update, fix, or patch to a Program, Licensee accepts any additional or different terms that are applicable to such update, fix, or patch that are specified in its LI. If no additional or different terms are provided, then the update, fix, or patch is subject solely to this Agreement. If the Program is replaced by an update, Licensee agrees to promptly discontinue use of the replaced Program. - -3.2 Fixed Term Licenses - -If IBM licenses the Program for a fixed term, Licensee's license is terminated at the end of the fixed term, unless Licensee and IBM agree to renew it. - -3.3 Term and Termination - -This Agreement is effective until terminated. - -IBM may terminate Licensee's license if Licensee fails to comply with the terms of this Agreement. - -If the license is terminated for any reason by either party, Licensee agrees to promptly discontinue use of and destroy all of Licensee's copies of the Program. Any terms of this Agreement that by their nature extend beyond termination of this Agreement remain in effect until fulfilled, and apply to both parties' respective successors and assignees. - -4. Charges - -Charges are based on Authorized Use obtained, which is specified in the PoE. IBM does not give credits or refunds for charges already due or paid, except as specified elsewhere in this Agreement. - -If Licensee wishes to increase its Authorized Use, Licensee must notify IBM or an authorized IBM reseller in advance and pay any applicable charges. - -5. Taxes - -If any authority imposes on the Program a duty, tax, levy, or fee, excluding those based on IBM's net income, then Licensee agrees to pay that amount, as specified in an invoice, or supply exemption documentation. Licensee is responsible for any personal property taxes for the Program from the date that Licensee obtains it. If any authority imposes a customs duty, tax, levy, or fee for the import into or the export, transfer, access, or use of the Program outside the country in which the original Licensee was granted the license, then Licensee agrees that it is responsible for, and will pay, any amount imposed. - -6. Money-back Guarantee - -If Licensee is dissatisfied with the Program for any reason and is the original Licensee, Licensee may terminate the license and obtain a refund of the amount Licensee paid for the Program, provided that Licensee returns the Program and PoE to the party from whom Licensee obtained it within 30 days of the date the PoE was issued to Licensee. If the license is for a fixed term that is subject to renewal, then Licensee may obtain a refund only if the Program and its PoE are returned within the first 30 days of the initial term. If Licensee downloaded the Program, Licensee should contact the party from whom Licensee obtained it for instructions on how to obtain the refund. - -7. Program Transfer - -Licensee may transfer the Program and all of Licensee's license rights and obligations to another party only if that party agrees to the terms of this Agreement. If the license is terminated for any reason by either party, Licensee is prohibited from transferring the Program to another party. Licensee may not transfer a portion of 1) the Program or 2) the Program's Authorized Use. When Licensee transfers the Program, Licensee must also transfer a hard copy of this Agreement, including the LI and PoE. Immediately after the transfer, Licensee's license terminates. - -8. Warranty and Exclusions - -8.1 Limited Warranty - -IBM warrants that the Program, when used in its specified operating environment, will conform to its specifications. The Program's specifications, and specified operating environment information, can be found in documentation accompanying the Program (such as a read-me file) or other information published by IBM (such as an announcement letter). Licensee agrees that such documentation and other Program content may be supplied only in the English language, unless otherwise required by local law without the possibility of contractual waiver or limitation. - -The warranty applies only to the unmodified portion of the Program. IBM does not warrant uninterrupted or error-free operation of the Program, or that IBM will correct all Program defects. Licensee is responsible for the results obtained from the use of the Program. - -During the Warranty Period, IBM provides Licensee with access to IBM databases containing information on known Program defects, defect corrections, restrictions, and bypasses at no additional charge. Consult the IBM Software Support Handbook for further information at www.ibm.com/software/support. - -If the Program does not function as warranted during the Warranty Period and the problem cannot be resolved with information available in the IBM databases, Licensee may return the Program and its PoE to the party (either IBM or its reseller) from whom Licensee obtained it and receive a refund of the amount Licensee paid. After returning the Program, Licensee's license terminates. If Licensee downloaded the Program, Licensee should contact the party from whom Licensee obtained it for instructions on how to obtain the refund. - -8.2 Exclusions - -THESE WARRANTIES ARE LICENSEE'S EXCLUSIVE WARRANTIES AND REPLACE ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. SOME STATES OR JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF EXPRESS OR IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO LICENSEE. IN THAT EVENT, SUCH WARRANTIES ARE LIMITED IN DURATION TO THE WARRANTY PERIOD. NO WARRANTIES APPLY AFTER THAT PERIOD. SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, SO THE ABOVE LIMITATION MAY NOT APPLY TO LICENSEE. - -THESE WARRANTIES GIVE LICENSEE SPECIFIC LEGAL RIGHTS. LICENSEE MAY ALSO HAVE OTHER RIGHTS THAT VARY FROM STATE TO STATE OR JURISDICTION TO JURISDICTION. - -THE WARRANTIES IN THIS SECTION 8 (WARRANTY AND EXCLUSIONS) ARE PROVIDED SOLELY BY IBM. THE DISCLAIMERS IN THIS SUBSECTION 8.2 (EXCLUSIONS), HOWEVER, ALSO APPLY TO IBM'S SUPPLIERS OF THIRD PARTY CODE. THOSE SUPPLIERS PROVIDE SUCH CODE WITHOUT WARRANTIES OR CONDITION OF ANY KIND. THIS PARAGRAPH DOES NOT NULLIFY IBM'S WARRANTY OBLIGATIONS UNDER THIS AGREEMENT. - -9. Licensee Data and Databases - -To assist Licensee in isolating the cause of a problem with the Program, IBM may request that Licensee 1) allow IBM to remotely access Licensee's system or 2) send Licensee information or system data to IBM. However, IBM is not obligated to provide such assistance unless IBM and Licensee enter a separate written agreement under which IBM agrees to provide to Licensee that type of support, which is beyond IBM's warranty obligations in this Agreement. In any event, IBM uses information about errors and problems to improve its products and services, and assist with its provision of related support offerings. For these purposes, IBM may use IBM entities and subcontractors (including in one or more countries other than the one in which Licensee is located), and Licensee authorizes IBM to do so. - -Licensee remains responsible for 1) any data and the content of any database Licensee makes available to IBM, 2) the selection and implementation of procedures and controls regarding access, security, encryption, use, and transmission of data (including any personally-identifiable data), and 3) backup and recovery of any database and any stored data. Licensee will not send or provide IBM access to any personally-identifiable information, whether in data or any other form, and will be responsible for reasonable costs and other amounts that IBM may incur relating to any such information mistakenly provided to IBM or the loss or disclosure of such information by IBM, including those arising out of any third party claims. - -10. Limitation of Liability - -The limitations and exclusions in this Section 10 (Limitation of Liability) apply to the full extent they are not prohibited by applicable law without the possibility of contractual waiver. - -10.1 Items for Which IBM May Be Liable - -Circumstances may arise where, because of a default on IBM's part or other liability, Licensee is entitled to recover damages from IBM. Regardless of the basis on which Licensee is entitled to claim damages from IBM (including fundamental breach, negligence, misrepresentation, or other contract or tort claim), IBM's entire liability for all claims in the aggregate arising from or related to each Program or otherwise arising under this Agreement will not exceed the amount of any 1) damages for bodily injury (including death) and damage to real property and tangible personal property and 2) other actual direct damages up to the charges (if the Program is subject to fixed term charges, up to twelve months' charges) Licensee paid for the Program that is the subject of the claim. - -This limit also applies to any of IBM's Program developers and suppliers. It is the maximum for which IBM and its Program developers and suppliers are collectively responsible. - -10.2 Items for Which IBM Is Not Liable - -UNDER NO CIRCUMSTANCES IS IBM, ITS PROGRAM DEVELOPERS OR SUPPLIERS LIABLE FOR ANY OF THE FOLLOWING, EVEN IF INFORMED OF THEIR POSSIBILITY: - -a. LOSS OF, OR DAMAGE TO, DATA; - -b. SPECIAL, INCIDENTAL, EXEMPLARY, OR INDIRECT DAMAGES, OR FOR ANY ECONOMIC CONSEQUENTIAL DAMAGES; OR - -c. LOST PROFITS, BUSINESS, REVENUE, GOODWILL, OR ANTICIPATED SAVINGS. - -11. Compliance Verification - -For purposes of this Section 11 (Compliance Verification), "IPLA Program Terms" means 1) this Agreement and applicable amendments and transaction documents provided by IBM, and 2) IBM software policies that may be found at the IBM Software Policy website (www.ibm.com/softwarepolicies), including but not limited to those policies concerning backup, sub-capacity pricing, and migration. - -The rights and obligations set forth in this Section 11 remain in effect during the period the Program is licensed to Licensee, and for two years thereafter. - -11.1 Verification Process - -Licensee agrees to create, retain, and provide to IBM and its auditors accurate written records, system tool outputs, and other system information sufficient to provide auditable verification that Licensee's use of all Programs is in compliance with the IPLA Program Terms, including, without limitation, all of IBM's applicable licensing and pricing qualification terms. Licensee is responsible for 1) ensuring that it does not exceed its Authorized Use, and 2) remaining in compliance with IPLA Program Terms. - -Upon reasonable notice, IBM may verify Licensee's compliance with IPLA Program Terms at all sites and for all environments in which Licensee uses (for any purpose) Programs subject to IPLA Program Terms. Such verification will be conducted in a manner that minimizes disruption to Licensee's business, and may be conducted on Licensee's premises, during normal business hours. IBM may use an independent auditor to assist with such verification, provided IBM has a written confidentiality agreement in place with such auditor. - -11.2 Resolution - -IBM will notify Licensee in writing if any such verification indicates that Licensee has used any Program in excess of its Authorized Use or is otherwise not in compliance with the IPLA Program Terms. Licensee agrees to promptly pay directly to IBM the charges that IBM specifies in an invoice for 1) any such excess use, 2) support for such excess use for the lesser of the duration of such excess use or two years, and 3) any additional charges and other liabilities determined as a result of such verification. - -12. Third Party Notices - -The Program may include third party code that IBM, not the third party, licenses to Licensee under this Agreement. Notices, if any, for the third party code ("Third Party Notices") are included for Licensee's information only. These notices can be found in the Program's NOTICES file(s). Information on how to obtain source code for certain third party code can be found in the Third Party Notices. If in the Third Party Notices IBM identifies third party code as "Modifiable Third Party Code," IBM authorizes Licensee to 1) modify the Modifiable Third Party Code and 2) reverse engineer the Program modules that directly interface with the Modifiable Third Party Code provided that it is only for the purpose of debugging Licensee's modifications to such third party code. IBM's service and support obligations, if any, apply only to the unmodified Program. - -13. General - -a. Nothing in this Agreement affects any statutory rights of consumers that cannot be waived or limited by contract. - -b. For Programs IBM provides to Licensee in tangible form, IBM fulfills its shipping and delivery obligations upon the delivery of such Programs to the IBM-designated carrier, unless otherwise agreed to in writing by Licensee and IBM. - -c. If any provision of this Agreement is held to be invalid or unenforceable, the remaining provisions of this Agreement remain in full force and effect. - -d. Licensee agrees to comply with all applicable export and import laws and regulations, including U.S. embargo and sanctions regulations and prohibitions on export for certain end uses or to certain users. - -e. Licensee authorizes International Business Machines Corporation and its subsidiaries (and their successors and assigns, contractors and IBM Business Partners) to store and use Licensee's business contact information wherever they do business, in connection with IBM products and services, or in furtherance of IBM's business relationship with Licensee. - -f. Each party will allow the other reasonable opportunity to comply before it claims that the other has not met its obligations under this Agreement. The parties will attempt in good faith to resolve all disputes, disagreements, or claims between the parties relating to this Agreement. - -g. Unless otherwise required by applicable law without the possibility of contractual waiver or limitation: 1) neither party will bring a legal action, regardless of form, for any claim arising out of or related to this Agreement more than two years after the cause of action arose; and 2) upon the expiration of such time limit, any such claim and all respective rights related to the claim lapse. - -h. Neither Licensee nor IBM is responsible for failure to fulfill any obligations due to causes beyond its control. - -i. No right or cause of action for any third party is created by this Agreement, nor is IBM responsible for any third party claims against Licensee, except as permitted in Subsection 10.1 (Items for Which IBM May Be Liable) above for bodily injury (including death) or damage to real or tangible personal property for which IBM is legally liable to that third party. - -j. In entering into this Agreement, neither party is relying on any representation not specified in this Agreement, including but not limited to any representation concerning: 1) the performance or function of the Program, other than as expressly warranted in Section 8 (Warranty and Exclusions) above; 2) the experiences or recommendations of other parties; or 3) any results or savings that Licensee may achieve. - -k. IBM has signed agreements with certain organizations (called "IBM Business Partners") to promote, market, and support certain Programs. IBM Business Partners remain independent and separate from IBM. IBM is not responsible for the actions or statements of IBM Business Partners or obligations they have to Licensee. - -l. The license and intellectual property indemnification terms of Licensee's other agreements with IBM (such as the IBM Customer Agreement) do not apply to Program licenses granted under this Agreement. - -14. Geographic Scope and Governing Law - -14.1 Governing Law - -Both parties agree to the application of the laws of the country in which Licensee obtained the Program license to govern, interpret, and enforce all of Licensee's and IBM's respective rights, duties, and obligations arising from, or relating in any manner to, the subject matter of this Agreement, without regard to conflict of law principles. - -The United Nations Convention on Contracts for the International Sale of Goods does not apply. - -14.2 Jurisdiction - -All rights, duties, and obligations are subject to the courts of the country in which Licensee obtained the Program license. - -Part 2 - Country-unique Terms - -For licenses granted in the countries specified below, the following terms replace or modify the referenced terms in Part 1. All terms in Part 1 that are not changed by these amendments remain unchanged and in effect. This Part 2 is organized as follows: - -* Multiple country amendments to Part 1, Section 14 (Governing Law and Jurisdiction); - -* Americas country amendments to other Agreement terms; - -* Asia Pacific country amendments to other Agreement terms; and - -* Europe, Middle East, and Africa country amendments to other Agreement terms. - -Multiple country amendments to Part 1, Section 14 (Governing Law and Jurisdiction) - -14.1 Governing Law - -The phrase "the laws of the country in which Licensee obtained the Program license" in the first paragraph of 14.1 Governing Law is replaced by the following phrases in the countries below: - -AMERICAS - -(1) In Canada: the laws in the Province of Ontario; - -(2) in Mexico: the federal laws of the Republic of Mexico; - -(3) in the United States, Anguilla, Antigua/Barbuda, Aruba, British Virgin Islands, Cayman Islands, Dominica, Grenada, Guyana, Saint Kitts and Nevis, Saint Lucia, Saint Maarten, and Saint Vincent and the Grenadines: the laws of the State of New York, United States; - -(4) in Venezuela: the laws of the Bolivarian Republic of Venezuela; - -ASIA PACIFIC - -(5) in Cambodia and Laos: the laws of the State of New York, United States; - -(6) in Australia: the laws of the State or Territory in which the transaction is performed; - -(7) in Hong Kong SAR and Macau SAR: the laws of Hong Kong Special Administrative Region ("SAR"); - -(8) in Taiwan: the laws of Taiwan; - -EUROPE, MIDDLE EAST, AND AFRICA - -(9) in Albania, Armenia, Azerbaijan, Belarus, Bosnia-Herzegovina, Bulgaria, Croatia, Former Yugoslav Republic of Macedonia, Georgia, Hungary, Kazakhstan, Kyrgyzstan, Moldova, Montenegro, Poland, Romania, Russia, Serbia, Slovakia, Tajikistan, Turkmenistan, Ukraine, and Uzbekistan: the laws of Austria; - -(10) in Algeria, Andorra, Benin, Burkina Faso, Cameroon, Cape Verde, Central African Republic, Chad, Comoros, Congo Republic, Djibouti, Democratic Republic of Congo, Equatorial Guinea, French Guiana, French Polynesia, Gabon, Gambia, Guinea, Guinea-Bissau, Ivory Coast, Lebanon, Madagascar, Mali, Mauritania, Mauritius, Mayotte, Morocco, New Caledonia, Niger, Reunion, Senegal, Seychelles, Togo, Tunisia, Vanuatu, and Wallis and Futuna: the laws of France; - -(11) in Estonia, Latvia, and Lithuania: the laws of Finland; - -(12) in Angola, Bahrain, Botswana, Burundi, Egypt, Eritrea, Ethiopia, Ghana, Jordan, Kenya, Kuwait, Liberia, Malawi, Malta, Mozambique, Nigeria, Oman, Pakistan, Qatar, Rwanda, Sao Tome and Principe, Saudi Arabia, Sierra Leone, Somalia, Tanzania, Uganda, United Arab Emirates, the United Kingdom, West Bank/Gaza, Yemen, Zambia, and Zimbabwe: the laws of England; and - -(13) in South Africa, Namibia, Lesotho, and Swaziland: the laws of the Republic of South Africa. - -14.2 Jurisdiction - -The following paragraph pertains to jurisdiction and replaces Subsection 14.2 (Jurisdiction) as it applies for those countries identified below: - -All rights, duties, and obligations are subject to the courts of the country in which Licensee obtained the Program license except that in the countries identified below all disputes arising out of or related to this Agreement, including summary proceedings, will be brought before and subject to the exclusive jurisdiction of the following courts of competent jurisdiction: - -AMERICAS - -(1) In Argentina: the Ordinary Commercial Court of the city of Buenos Aires; - -(2) in Brazil: the court of Rio de Janeiro, RJ; - -(3) in Chile: the Civil Courts of Justice of Santiago; - -(4) in Ecuador: the civil judges of Quito for executory or summary proceedings (as applicable); - -(5) in Mexico: the courts located in Mexico City, Federal District; - -(6) in Peru: the judges and tribunals of the judicial district of Lima, Cercado; - -(7) in Uruguay: the courts of the city of Montevideo; - -(8) in Venezuela: the courts of the metropolitan area of the city of Caracas; - -EUROPE, MIDDLE EAST, AND AFRICA - -(9) in Austria: the court of law in Vienna, Austria (Inner-City); - -(10) in Algeria, Andorra, Benin, Burkina Faso, Cameroon, Cape Verde, Central African Republic, Chad, Comoros, Congo Republic, Djibouti, Democratic Republic of Congo, Equatorial Guinea, France, French Guiana, French Polynesia, Gabon, Gambia, Guinea, Guinea-Bissau, Ivory Coast, Lebanon, Madagascar, Mali, Mauritania, Mauritius, Mayotte, Monaco, Morocco, New Caledonia, Niger, Reunion, Senegal, Seychelles, Togo, Tunisia, Vanuatu, and Wallis and Futuna: the Commercial Court of Paris; - -(11) in Angola, Bahrain, Botswana, Burundi, Egypt, Eritrea, Ethiopia, Ghana, Jordan, Kenya, Kuwait, Liberia, Malawi, Malta, Mozambique, Nigeria, Oman, Pakistan, Qatar, Rwanda, Sao Tome and Principe, Saudi Arabia, Sierra Leone, Somalia, Tanzania, Uganda, United Arab Emirates, the United Kingdom, West Bank/Gaza, Yemen, Zambia, and Zimbabwe: the English courts; - -(12) in South Africa, Namibia, Lesotho, and Swaziland: the High Court in Johannesburg; - -(13) in Greece: the competent court of Athens; - -(14) in Israel: the courts of Tel Aviv-Jaffa; - -(15) in Italy: the courts of Milan; - -(16) in Portugal: the courts of Lisbon; - -(17) in Spain: the courts of Madrid; and - -(18) in Turkey: the Istanbul Central Courts and Execution Directorates of Istanbul, the Republic of Turkey. - -14.3 Arbitration - -The following paragraph is added as a new Subsection 14.3 (Arbitration) as it applies for those countries identified below. The provisions of this Subsection 14.3 prevail over those of Subsection 14.2 (Jurisdiction) to the extent permitted by the applicable governing law and rules of procedure: - -ASIA PACIFIC - -(1) In Cambodia, India, Laos, Philippines, and Vietnam: - -Disputes arising out of or in connection with this Agreement will be finally settled by arbitration which will be held in Singapore in accordance with the Arbitration Rules of Singapore International Arbitration Center ("SIAC Rules") then in effect. The arbitration award will be final and binding for the parties without appeal and will be in writing and set forth the findings of fact and the conclusions of law. - -The number of arbitrators will be three, with each side to the dispute being entitled to appoint one arbitrator. The two arbitrators appointed by the parties will appoint a third arbitrator who will act as chairman of the proceedings. Vacancies in the post of chairman will be filled by the president of the SIAC. Other vacancies will be filled by the respective nominating party. Proceedings will continue from the stage they were at when the vacancy occurred. - -If one of the parties refuses or otherwise fails to appoint an arbitrator within 30 days of the date the other party appoints its, the first appointed arbitrator will be the sole arbitrator, provided that the arbitrator was validly and properly appointed. - -All proceedings will be conducted, including all documents presented in such proceedings, in the English language. The English language version of this Agreement prevails over any other language version. - -(2) In the People's Republic of China: - -In case no settlement can be reached, the disputes will be submitted to China International Economic and Trade Arbitration Commission for arbitration according to the then effective rules of the said Arbitration Commission. The arbitration will take place in Beijing and be conducted in Chinese. The arbitration award will be final and binding on both parties. During the course of arbitration, this agreement will continue to be performed except for the part which the parties are disputing and which is undergoing arbitration. - -(3) In Indonesia: - -Each party will allow the other reasonable opportunity to comply before it claims that the other has not met its obligations under this Agreement. The parties will attempt in good faith to resolve all disputes, disagreements, or claims between the parties relating to this Agreement. Unless otherwise required by applicable law without the possibility of contractual waiver or limitation, i) neither party will bring a legal action, regardless of form, arising out of or related to this Agreement or any transaction under it more than two years after the cause of action arose; and ii) after such time limit, any legal action arising out of this Agreement or any transaction under it and all respective rights related to any such action lapse. - -Disputes arising out of or in connection with this Agreement shall be finally settled by arbitration that shall be held in Jakarta, Indonesia in accordance with the rules of Board of the Indonesian National Board of Arbitration (Badan Arbitrase Nasional Indonesia or "BANI") then in effect. The arbitration award shall be final and binding for the parties without appeal and shall be in writing and set forth the findings of fact and the conclusions of law. - -The number of arbitrators shall be three, with each side to the dispute being entitled to appoint one arbitrator. The two arbitrators appointed by the parties shall appoint a third arbitrator who shall act as chairman of the proceedings. Vacancies in the post of chairman shall be filled by the chairman of the BANI. Other vacancies shall be filled by the respective nominating party. Proceedings shall continue from the stage they were at when the vacancy occurred. - -If one of the parties refuses or otherwise fails to appoint an arbitrator within 30 days of the date the other party appoints its, the first appointed arbitrator shall be the sole arbitrator, provided that the arbitrator was validly and properly appointed. - -All proceedings shall be conducted, including all documents presented in such proceedings, in the English and/or Indonesian language. - -EUROPE, MIDDLE EAST, AND AFRICA - -(4) In Albania, Armenia, Azerbaijan, Belarus, Bosnia-Herzegovina, Bulgaria, Croatia, Former Yugoslav Republic of Macedonia, Georgia, Hungary, Kazakhstan, Kyrgyzstan, Moldova, Montenegro, Poland, Romania, Russia, Serbia, Slovakia, Tajikistan, Turkmenistan, Ukraine, and Uzbekistan: - -All disputes arising out of this Agreement or related to its violation, termination or nullity will be finally settled under the Rules of Arbitration and Conciliation of the International Arbitral Center of the Federal Economic Chamber in Vienna (Vienna Rules) by three arbitrators appointed in accordance with these rules. The arbitration will be held in Vienna, Austria, and the official language of the proceedings will be English. The decision of the arbitrators will be final and binding upon both parties. Therefore, pursuant to paragraph 598 (2) of the Austrian Code of Civil Procedure, the parties expressly waive the application of paragraph 595 (1) figure 7 of the Code. IBM may, however, institute proceedings in a competent court in the country of installation. - -(5) In Estonia, Latvia, and Lithuania: - -All disputes arising in connection with this Agreement will be finally settled in arbitration that will be held in Helsinki, Finland in accordance with the arbitration laws of Finland then in effect. Each party will appoint one arbitrator. The arbitrators will then jointly appoint the chairman. If arbitrators cannot agree on the chairman, then the Central Chamber of Commerce in Helsinki will appoint the chairman. - -AMERICAS COUNTRY AMENDMENTS - -CANADA - -10.1 Items for Which IBM May be Liable - -The following replaces Item 1 in the first paragraph of this Subsection 10.1 (Items for Which IBM May be Liable): - -1) damages for bodily injury (including death) and physical harm to real property and tangible personal property caused by IBM's negligence; and - -13. General - -The following replaces Item 13.d: - -d. Licensee agrees to comply with all applicable export and import laws and regulations, including those of that apply to goods of United States origin and that prohibit or limit export for certain uses or to certain users. - -The following replaces Item 13.i: - -i. No right or cause of action for any third party is created by this Agreement or any transaction under it, nor is IBM responsible for any third party claims against Licensee except as permitted by the Limitation of Liability section above for bodily injury (including death) or physical harm to real or tangible personal property caused by IBM's negligence for which IBM is legally liable to that third party. - -The following is added as Item 13.m: - -m. For purposes of this Item 13.m, "Personal Data" refers to information relating to an identified or identifiable individual made available by one of the parties, its personnel or any other individual to the other in connection with this Agreement. The following provisions apply in the event that one party makes Personal Data available to the other: - -(1) General - -(a) Each party is responsible for complying with any obligations applying to it under applicable Canadian data privacy laws and regulations ("Laws"). - -(b) Neither party will request Personal Data beyond what is necessary to fulfill the purpose(s) for which it is requested. The purpose(s) for requesting Personal Data must be reasonable. Each party will agree in advance as to the type of Personal Data that is required to be made available. - -(2) Security Safeguards - -(a) Each party acknowledges that it is solely responsible for determining and communicating to the other the appropriate technological, physical and organizational security measures required to protect Personal Data. - -(b) Each party will ensure that Personal Data is protected in accordance with the security safeguards communicated and agreed to by the other. - -(c) Each party will ensure that any third party to whom Personal Data is transferred is bound by the applicable terms of this section. - -(d) Additional or different services required to comply with the Laws will be deemed a request for new services. - -(3) Use - -Each party agrees that Personal Data will only be used, accessed, managed, transferred, disclosed to third parties or otherwise processed to fulfill the purpose(s) for which it was made available. - -(4) Access Requests - -(a) Each party agrees to reasonably cooperate with the other in connection with requests to access or amend Personal Data. - -(b) Each party agrees to reimburse the other for any reasonable charges incurred in providing each other assistance. - -(c) Each party agrees to amend Personal Data only upon receiving instructions to do so from the other party or its personnel. - -(5) Retention - -Each party will promptly return to the other or destroy all Personal Data that is no longer necessary to fulfill the purpose(s) for which it was made available, unless otherwise instructed by the other or its personnel or required by law. - -(6) Public Bodies Who Are Subject to Public Sector Privacy Legislation - -For Licensees who are public bodies subject to public sector privacy legislation, this Item 13.m applies only to Personal Data made available to Licensee in connection with this Agreement, and the obligations in this section apply only to Licensee, except that: 1) section (2)(a) applies only to IBM; 2) sections (1)(a) and (4)(a) apply to both parties; and 3) section (4)(b) and the last sentence in (1)(b) do not apply. - -PERU - -10. Limitation of Liability - -The following is added to the end of this Section 10 (Limitation of Liability): - -Except as expressly required by law without the possibility of contractual waiver, Licensee and IBM intend that the limitation of liability in this Limitation of Liability section applies to damages caused by all types of claims and causes of action. If any limitation on or exclusion from liability in this section is held by a court of competent jurisdiction to be unenforceable with respect to a particular claim or cause of action, the parties intend that it nonetheless apply to the maximum extent permitted by applicable law to all other claims and causes of action. - -10.1 Items for Which IBM May be Liable - -The following is added at the end of this Subsection 10.1: - -In accordance with Article 1328 of the Peruvian Civil Code, the limitations and exclusions specified in this section will not apply to damages caused by IBM's willful misconduct ("dolo") or gross negligence ("culpa inexcusable"). - -UNITED STATES OF AMERICA - -5. Taxes - -The following is added at the end of this Section 5 (Taxes) - -For Programs delivered electronically in the United States for which Licensee claims a state sales and use tax exemption, Licensee agrees not to receive any tangible personal property (e.g., media and publications) associated with the electronic program. - -Licensee agrees to be responsible for any sales and use tax liabilities that may arise as a result of Licensee's subsequent redistribution of Programs after delivery by IBM. - -13. General - -The following is added to Section 13 as Item 13.m: - -U.S. Government Users Restricted Rights - Use, duplication or disclosure is restricted by the GSA IT Schedule 70 Contract with the IBM Corporation. - -The following is added to Item 13.f: - -Each party waives any right to a jury trial in any proceeding arising out of or related to this Agreement. - -ASIA PACIFIC COUNTRY AMENDMENTS - -AUSTRALIA - -5. Taxes - -The following sentences replace the first two sentences of Section 5 (Taxes): - -If any government or authority imposes a duty, tax (other than income tax), levy, or fee, on this Agreement or on the Program itself, that is not otherwise provided for in the amount payable, Licensee agrees to pay it when IBM invoices Licensee. If the rate of GST changes, IBM may adjust the charge or other amount payable to take into account that change from the date the change becomes effective. - -8.1 Limited Warranty - -The following is added to Subsection 8.1 (Limited Warranty): - -The warranties specified this Section are in addition to any rights Licensee may have under the Competition and Consumer Act 2010 or other legislation and are only limited to the extent permitted by the applicable legislation. - -10.1 Items for Which IBM May be Liable - -The following is added to Subsection 10.1 (Items for Which IBM May be Liable): - -Where IBM is in breach of a condition or warranty implied by the Competition and Consumer Act 2010, IBM's liability is limited to the repair or replacement of the goods, or the supply of equivalent goods. Where that condition or warranty relates to right to sell, quiet possession or clear title, or the goods are of a kind ordinarily obtained for personal, domestic or household use or consumption, then none of the limitations in this paragraph apply. - -HONG KONG SAR, MACAU SAR, AND TAIWAN - -As applies to licenses obtained in Taiwan and the special administrative regions, phrases throughout this Agreement containing the word "country" (for example, "the country in which the original Licensee was granted the license" and "the country in which Licensee obtained the Program license") are replaced with the following: - -(1) In Hong Kong SAR: "Hong Kong SAR" - -(2) In Macau SAR: "Macau SAR" except in the Governing Law clause (Section 14.1) - -(3) In Taiwan: "Taiwan." - -INDIA - -10.1 Items for Which IBM May be Liable - -The following replaces the terms of Items 1 and 2 of the first paragraph: - -1) liability for bodily injury (including death) or damage to real property and tangible personal property will be limited to that caused by IBM's negligence; and 2) as to any other actual damage arising in any situation involving nonperformance by IBM pursuant to, or in any way related to the subject of this Agreement, IBM's liability will be limited to the charge paid by Licensee for the individual Program that is the subject of the claim. - -13. General - -The following replaces the terms of Item 13.g: - -If no suit or other legal action is brought, within three years after the cause of action arose, in respect of any claim that either party may have against the other, the rights of the concerned party in respect of such claim will be forfeited and the other party will stand released from its obligations in respect of such claim. - -INDONESIA - -3.3 Term and Termination - -The following is added to the last paragraph: - -Both parties waive the provision of article 1266 of the Indonesian Civil Code, to the extent the article provision requires such court decree for the termination of an agreement creating mutual obligations. - -JAPAN - -13. General - -The following is inserted after Item 13.f: - -Any doubts concerning this Agreement will be initially resolved between us in good faith and in accordance with the principle of mutual trust. - -MALAYSIA - -10.2 Items for Which IBM Is not Liable - -The word "SPECIAL" in Item 10.2b is deleted. - -NEW ZEALAND - -8.1 Limited Warranty - -The following is added: - -The warranties specified in this Section are in addition to any rights Licensee may have under the Consumer Guarantees Act 1993 or other legislation which cannot be excluded or limited. The Consumer Guarantees Act 1993 will not apply in respect of any goods which IBM provides, if Licensee requires the goods for the purposes of a business as defined in that Act. - -10. Limitation of Liability - -The following is added: - -Where Programs are not obtained for the purposes of a business as defined in the Consumer Guarantees Act 1993, the limitations in this Section are subject to the limitations in that Act. - -PEOPLE'S REPUBLIC OF CHINA - -4. Charges - -The following is added: - -All banking charges incurred in the People's Republic of China will be borne by Licensee and those incurred outside the People's Republic of China will be borne by IBM. - -PHILIPPINES - -10.2 Items for Which IBM Is not Liable - -The following replaces the terms of Item 10.2b: - -b. special (including nominal and exemplary damages), moral, incidental, or indirect damages or for any economic consequential damages; or - -SINGAPORE - -10.2 Items for Which IBM Is not Liable - -The words "SPECIAL" and "ECONOMIC" are deleted from Item 10.2b. - -13. General - -The following replaces the terms of Item 13.i: - -Subject to the rights provided to IBM's suppliers and Program developers as provided in Section 10 above (Limitation of Liability), a person who is not a party to this Agreement will have no right under the Contracts (Right of Third Parties) Act to enforce any of its terms. - -TAIWAN - -8.1 Limited Warranty - -The last paragraph is deleted. - -10.1 Items for Which IBM May Be Liable - -The following sentences are deleted: - -This limit also applies to any of IBM's subcontractors and Program developers. It is the maximum for which IBM and its subcontractors and Program developers are collectively responsible. - -EUROPE, MIDDLE EAST, AFRICA (EMEA) COUNTRY AMENDMENTS - -EUROPEAN UNION MEMBER STATES - -8. Warranty and Exclusions - -The following is added to Section 8 (Warranty and Exclusion): - -In the European Union ("EU"), consumers have legal rights under applicable national legislation governing the sale of consumer goods. Such rights are not affected by the provisions set out in this Section 8 (Warranty and Exclusions). The territorial scope of the Limited Warranty is worldwide. - -EU MEMBER STATES AND THE COUNTRIES IDENTIFIED BELOW - -Iceland, Liechtenstein, Norway, Switzerland, Turkey, and any other European country that has enacted local data privacy or protection legislation similar to the EU model. - -13. General - -The following replaces Item 13.e: - -(1) Definitions - For the purposes of this Item 13.e, the following additional definitions apply: - -(a) Business Contact Information - business-related contact information disclosed by Licensee to IBM, including names, job titles, business addresses, telephone numbers and email addresses of Licensee's employees and contractors. For Austria, Italy and Switzerland, Business Contact Information also includes information about Licensee and its contractors as legal entities (for example, Licensee's revenue data and other transactional information) - -(b) Business Contact Personnel - Licensee employees and contractors to whom the Business Contact Information relates. - -(c) Data Protection Authority - the authority established by the Data Protection and Electronic Communications Legislation in the applicable country or, for non-EU countries, the authority responsible for supervising the protection of personal data in that country, or (for any of the foregoing) any duly appointed successor entity thereto. - -(d) Data Protection & Electronic Communications Legislation - (i) the applicable local legislation and regulations in force implementing the requirements of EU Directive 95/46/EC (on the protection of individuals with regard to the processing of personal data and on the free movement of such data) and of EU Directive 2002/58/EC (concerning the processing of personal data and the protection of privacy in the electronic communications sector); or (ii) for non-EU countries, the legislation and/or regulations passed in the applicable country relating to the protection of personal data and the regulation of electronic communications involving personal data, including (for any of the foregoing) any statutory replacement or modification thereof. - -(e) IBM Group - International Business Machines Corporation of Armonk, New York, USA, its subsidiaries, and their respective Business Partners and subcontractors. - -(2) Licensee authorizes IBM: - -(a) to process and use Business Contact Information within IBM Group in support of Licensee including the provision of support services, and for the purpose of furthering the business relationship between Licensee and IBM Group, including, without limitation, contacting Business Contact Personnel (by email or otherwise) and marketing IBM Group products and services (the "Specified Purpose"); and - -(b) to disclose Business Contact Information to other members of IBM Group in pursuit of the Specified Purpose only. - -(3) IBM agrees that all Business Contact Information will be processed in accordance with the Data Protection & Electronic Communications Legislation and will be used only for the Specified Purpose. - -(4) To the extent required by the Data Protection & Electronic Communications Legislation, Licensee represents that (a) it has obtained (or will obtain) any consents from (and has issued (or will issue) any notices to) the Business Contact Personnel as are necessary in order to enable IBM Group to process and use the Business Contact Information for the Specified Purpose. - -(5) Licensee authorizes IBM to transfer Business Contact Information outside the European Economic Area, provided that the transfer is made on contractual terms approved by the Data Protection Authority or the transfer is otherwise permitted under the Data Protection & Electronic Communications Legislation. - -AUSTRIA - -8.2 Exclusions - -The following is deleted from the first paragraph: - -MERCHANTABILITY, SATISFACTORY QUALITY - -10. Limitation of Liability - -The following is added: - -The following limitations and exclusions of IBM's liability do not apply for damages caused by gross negligence or willful misconduct. - -10.1 Items for Which IBM May Be Liable - -The following replaces the first sentence in the first paragraph: - -Circumstances may arise where, because of a default by IBM in the performance of its obligations under this Agreement or other liability, Licensee is entitled to recover damages from IBM. - -In the second sentence of the first paragraph, delete entirely the parenthetical phrase: - -"(including fundamental breach, negligence, misrepresentation, or other contract or tort claim)". - -10.2 Items for Which IBM Is Not Liable - -The following replaces Item 10.2b: - -b. indirect damages or consequential damages; or - -BELGIUM, FRANCE, ITALY, AND LUXEMBOURG - -10. Limitation of Liability - -The following replaces the terms of Section 10 (Limitation of Liability) in its entirety: - -Except as otherwise provided by mandatory law: - -10.1 Items for Which IBM May Be Liable - -IBM's entire liability for all claims in the aggregate for any damages and losses that may arise as a consequence of the fulfillment of its obligations under or in connection with this Agreement or due to any other cause related to this Agreement is limited to the compensation of only those damages and losses proved and actually arising as an immediate and direct consequence of the non-fulfillment of such obligations (if IBM is at fault) or of such cause, for a maximum amount equal to the charges (if the Program is subject to fixed term charges, up to twelve months' charges) Licensee paid for the Program that has caused the damages. - -The above limitation will not apply to damages for bodily injuries (including death) and damages to real property and tangible personal property for which IBM is legally liable. - -10.2 Items for Which IBM Is Not Liable - -UNDER NO CIRCUMSTANCES IS IBM OR ANY OF ITS PROGRAM DEVELOPERS LIABLE FOR ANY OF THE FOLLOWING, EVEN IF INFORMED OF THEIR POSSIBILITY: 1) LOSS OF, OR DAMAGE TO, DATA; 2) INCIDENTAL, EXEMPLARY OR INDIRECT DAMAGES, OR FOR ANY ECONOMIC CONSEQUENTIAL DAMAGES; AND / OR 3) LOST PROFITS, BUSINESS, REVENUE, GOODWILL, OR ANTICIPATED SAVINGS, EVEN IF THEY ARISE AS AN IMMEDIATE CONSEQUENCE OF THE EVENT THAT GENERATED THE DAMAGES. - -10.3 Suppliers and Program Developers - -The limitation and exclusion of liability herein agreed applies not only to the activities performed by IBM but also to the activities performed by its suppliers and Program developers, and represents the maximum amount for which IBM as well as its suppliers and Program developers are collectively responsible. - -GERMANY - -8.1 Limited Warranty - -The following is inserted at the beginning of Section 8.1: - -The Warranty Period is twelve months from the date of delivery of the Program to the original Licensee. - -8.2 Exclusions - -Section 8.2 is deleted in its entirety and replaced with the following: - -Section 8.1 defines IBM's entire warranty obligations to Licensee except as otherwise required by applicable statutory law. - -10. Limitation of Liability - -The following replaces the Limitation of Liability section in its entirety: - -a. IBM will be liable without limit for 1) loss or damage caused by a breach of an express guarantee; 2) damages or losses resulting in bodily injury (including death); and 3) damages caused intentionally or by gross negligence. - -b. In the event of loss, damage and frustrated expenditures caused by slight negligence or in breach of essential contractual obligations, IBM will be liable, regardless of the basis on which Licensee is entitled to claim damages from IBM (including fundamental breach, negligence, misrepresentation, or other contract or tort claim), per claim only up to the greater of 500,000 euro or the charges (if the Program is subject to fixed term charges, up to 12 months' charges) Licensee paid for the Program that caused the loss or damage. A number of defaults which together result in, or contribute to, substantially the same loss or damage will be treated as one default. - -c. In the event of loss, damage and frustrated expenditures caused by slight negligence, IBM will not be liable for indirect or consequential damages, even if IBM was informed about the possibility of such loss or damage. - -d. In case of delay on IBM's part: 1) IBM will pay to Licensee an amount not exceeding the loss or damage caused by IBM's delay and 2) IBM will be liable only in respect of the resulting damages that Licensee suffers, subject to the provisions of Items a and b above. - -13. General - -The following replaces the provisions of 13.g: - -Any claims resulting from this Agreement are subject to a limitation period of three years, except as stated in Section 8.1 (Limited Warranty) of this Agreement. - -The following replaces the provisions of 13.i: - -No right or cause of action for any third party is created by this Agreement, nor is IBM responsible for any third party claims against Licensee, except (to the extent permitted in Section 10 (Limitation of Liability)) for: i) bodily injury (including death); or ii) damage to real or tangible personal property for which (in either case) IBM is legally liable to that third party. - -IRELAND - -8.2 Exclusions - -The following paragraph is added: - -Except as expressly provided in these terms and conditions, or Section 12 of the Sale of Goods Act 1893 as amended by the Sale of Goods and Supply of Services Act, 1980 (the "1980 Act"), all conditions or warranties (express or implied, statutory or otherwise) are hereby excluded including, without limitation, any warranties implied by the Sale of Goods Act 1893 as amended by the 1980 Act (including, for the avoidance of doubt, Section 39 of the 1980 Act). - -IRELAND AND UNITED KINGDOM - -2. Agreement Structure - -The following sentence is added: - -Nothing in this paragraph shall have the effect of excluding or limiting liability for fraud. - -10.1 Items for Which IBM May Be Liable - -The following replaces the first paragraph of the Subsection: - -For the purposes of this section, a "Default" means any act, statement, omission or negligence on the part of IBM in connection with, or in relation to, the subject matter of an Agreement in respect of which IBM is legally liable to Licensee, whether in contract or in tort. A number of Defaults which together result in, or contribute to, substantially the same loss or damage will be treated as one Default. - -Circumstances may arise where, because of a Default by IBM in the performance of its obligations under this Agreement or other liability, Licensee is entitled to recover damages from IBM. Regardless of the basis on which Licensee is entitled to claim damages from IBM and except as expressly required by law without the possibility of contractual waiver, IBM's entire liability for any one Default will not exceed the amount of any direct damages, to the extent actually suffered by Licensee as an immediate and direct consequence of the default, up to the greater of (1) 500,000 euro (or the equivalent in local currency) or (2) 125% of the charges (if the Program is subject to fixed term charges, up to 12 months' charges) for the Program that is the subject of the claim. Notwithstanding the foregoing, the amount of any damages for bodily injury (including death) and damage to real property and tangible personal property for which IBM is legally liable is not subject to such limitation. - -10.2 Items for Which IBM is Not Liable - -The following replaces Items 10.2b and 10.2c: - -b. special, incidental, exemplary, or indirect damages or consequential damages; or - -c. wasted management time or lost profits, business, revenue, goodwill, or anticipated savings. +Red Hat Products + +Red Hat Products (as listed below) are licensed separately and are supported by IBM only when used in support of the Program and only while Licensee has Software Subscription and Support in effect for the Program. In addition, Licensee agrees that its use of and support for the Red Hat Products are subject to the following terms (https://www.redhat.com/en/about/agreements). + +Red Hat Universal Base Image + +- Entitlement: Ratio 1 VPC/ 1 VPC + +Red Hat Enterprise Linux + +- Entitlement Ratio: 1 VPC / 1 VPC + +Red Hat OpenShift Container Platform + +- Entitlement Ratio: 1 VPC / 1 VPC + +"Ratio n/m" means that Licensee receives some number ('n') entitlements of the indicated metric for the identified program for every specified number ('m') entitlements of the specified metric for the Program as a whole. The specified ratio does not apply to any entitlements for the Program that are not of the required metric type. The number of entitlements for the identified program is rounded up to a multiple of 'n'. For example, if a Program includes 100 PVUs for an identified program for every 500 PVUs obtained of the Principal Program and Licensee acquires 1,200 PVUs of the Program, Licensee may install the identified program and have processor cores available to or managed by it of up to 300 PVUs. Those PVUs would not need to be counted as part of the total PVU requirement for Licensee's installation of the Program on account of the installation of the identified program (although those PVUs might need to be counted for other reasons, such as the processor cores being made available to other components of the Program, as well). + +L/N: L-ASAY-BJCED8 + +D/N: L-ASAY-BJCED8 + +P/N: L-ASAY-BJCED8 + + + +International Program License Agreement +Part 1 - General Terms +BY DOWNLOADING, INSTALLING, COPYING, ACCESSING, CLICKING ON AN "ACCEPT" BUTTON, OR OTHERWISE USING THE PROGRAM, LICENSEE AGREES TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ACCEPTING THESE TERMS ON BEHALF OF LICENSEE, YOU REPRESENT AND WARRANT THAT YOU HAVE FULL AUTHORITY TO BIND LICENSEE TO THESE TERMS. IF YOU DO NOT AGREE TO THESE TERMS, +* DO NOT DOWNLOAD, INSTALL, COPY, ACCESS, CLICK ON AN "ACCEPT" BUTTON, OR USE THE PROGRAM; AND +* PROMPTLY RETURN THE UNUSED MEDIA, DOCUMENTATION, AND PROOF OF ENTITLEMENT TO THE PARTY FROM WHOM IT WAS OBTAINED FOR A REFUND OF THE AMOUNT PAID. IF THE PROGRAM WAS DOWNLOADED, DESTROY ALL COPIES OF THE PROGRAM. +1. Definitions +"Authorized Use" - the specified level at which Licensee is authorized to execute or run the Program. That level may be measured by number of users, millions of service units ("MSUs"), Processor Value Units ("PVUs"), or other level of use specified by IBM. +"IBM" - International Business Machines Corporation or one of its subsidiaries. +"License Information" ("LI") - a document that provides information and any additional terms specific to a Program. The Program's LI is available at www.ibm.com/software/sla. The LI can also be found in the Program's directory, by the use of a system command, or as a booklet included with the Program. +"Program" - the following, including the original and all whole or partial copies: 1) machine-readable instructions and data, 2) components, files, and modules, 3) audio-visual content (such as images, text, recordings, or pictures), and 4) related licensed materials (such as keys and documentation). +"Proof of Entitlement" ("PoE") - evidence of Licensee's Authorized Use. The PoE is also evidence of Licensee's eligibility for warranty, future update prices, if any, and potential special or promotional opportunities. If IBM does not provide Licensee with a PoE, then IBM may accept as the PoE the original paid sales receipt or other sales record from the party (either IBM or its reseller) from whom Licensee obtained the Program, provided that it specifies the Program name and Authorized Use obtained. +"Warranty Period" - one year, starting on the date the original Licensee is granted the license. +2. Agreement Structure +This Agreement includes Part 1 - General Terms, Part 2 - Country-unique Terms (if any), the LI, and the PoE and is the complete agreement between Licensee and IBM regarding the use of the Program. It replaces any prior oral or written communications between Licensee and IBM concerning Licensee's use of the Program. The terms of Part 2 may replace or modify those of Part 1. To the extent of any conflict, the LI prevails over both Parts. +3. License Grant +The Program is owned by IBM or an IBM supplier, and is copyrighted and licensed, not sold. +IBM grants Licensee a nonexclusive license to 1) use the Program up to the Authorized Use specified in the PoE, 2) make and install copies to support such Authorized Use, and 3) make a backup copy, all provided that +a. Licensee has lawfully obtained the Program and complies with the terms of this Agreement; +b. the backup copy does not execute unless the backed-up Program cannot execute; +c. Licensee reproduces all copyright notices and other legends of ownership on each copy, or partial copy, of the Program; +d. Licensee ensures that anyone who uses the Program (accessed either locally or remotely) 1) does so only on Licensee's behalf and 2) complies with the terms of this Agreement; +e. Licensee does not 1) use, copy, modify, or distribute the Program except as expressly permitted in this Agreement; 2) reverse assemble, reverse compile, otherwise translate, or reverse engineer the Program, except as expressly permitted by law without the possibility of contractual waiver; 3) use any of the Program's components, files, modules, audio-visual content, or related licensed materials separately from that Program; or 4) sublicense, rent, or lease the Program; and +f. if Licensee obtains this Program as a Supporting Program, Licensee uses this Program only to support the Principal Program and subject to any limitations in the license to the Principal Program, or, if Licensee obtains this Program as a Principal Program, Licensee uses all Supporting Programs only to support this Program, and subject to any limitations in this Agreement. For purposes of this Item "f," a "Supporting Program" is a Program that is part of another IBM Program ("Principal Program") and identified as a Supporting Program in the Principal Program's LI. (To obtain a separate license to a Supporting Program without these restrictions, Licensee should contact the party from whom Licensee obtained the Supporting Program.) +This license applies to each copy of the Program that Licensee makes. +3.1 Trade-ups, Updates, Fixes, and Patches +3.1.1 Trade-ups +If the Program is replaced by a trade-up Program, the replaced Program's license is promptly terminated. +3.1.2 Updates, Fixes, and Patches +When Licensee receives an update, fix, or patch to a Program, Licensee accepts any additional or different terms that are applicable to such update, fix, or patch that are specified in its LI. If no additional or different terms are provided, then the update, fix, or patch is subject solely to this Agreement. If the Program is replaced by an update, Licensee agrees to promptly discontinue use of the replaced Program. +3.2 Fixed Term Licenses +If IBM licenses the Program for a fixed term, Licensee's license is terminated at the end of the fixed term, unless Licensee and IBM agree to renew it. +3.3 Term and Termination +This Agreement is effective until terminated. +IBM may terminate Licensee's license if Licensee fails to comply with the terms of this Agreement. +If the license is terminated for any reason by either party, Licensee agrees to promptly discontinue use of and destroy all of Licensee's copies of the Program. Any terms of this Agreement that by their nature extend beyond termination of this Agreement remain in effect until fulfilled, and apply to both parties' respective successors and assignees. +4. Charges +Charges are based on Authorized Use obtained, which is specified in the PoE. IBM does not give credits or refunds for charges already due or paid, except as specified elsewhere in this Agreement. +If Licensee wishes to increase its Authorized Use, Licensee must notify IBM or an authorized IBM reseller in advance and pay any applicable charges. +5. Taxes +If any authority imposes on the Program a duty, tax, levy, or fee, excluding those based on IBM's net income, then Licensee agrees to pay that amount, as specified in an invoice, or supply exemption documentation. Licensee is responsible for any personal property taxes for the Program from the date that Licensee obtains it. If any authority imposes a customs duty, tax, levy, or fee for the import into or the export, transfer, access, or use of the Program outside the country in which the original Licensee was granted the license, then Licensee agrees that it is responsible for, and will pay, any amount imposed. +6. Money-back Guarantee +If Licensee is dissatisfied with the Program for any reason and is the original Licensee, Licensee may terminate the license and obtain a refund of the amount Licensee paid for the Program, provided that Licensee returns the Program and PoE to the party from whom Licensee obtained it within 30 days of the date the PoE was issued to Licensee. If the license is for a fixed term that is subject to renewal, then Licensee may obtain a refund only if the Program and its PoE are returned within the first 30 days of the initial term. If Licensee downloaded the Program, Licensee should contact the party from whom Licensee obtained it for instructions on how to obtain the refund. +7. Program Transfer +Licensee may transfer the Program and all of Licensee's license rights and obligations to another party only if that party agrees to the terms of this Agreement. If the license is terminated for any reason by either party, Licensee is prohibited from transferring the Program to another party. Licensee may not transfer a portion of 1) the Program or 2) the Program's Authorized Use. When Licensee transfers the Program, Licensee must also transfer a hard copy of this Agreement, including the LI and PoE. Immediately after the transfer, Licensee's license terminates. +8. Warranty and Exclusions +8.1 Limited Warranty +IBM warrants that the Program, when used in its specified operating environment, will conform to its specifications. The Program's specifications, and specified operating environment information, can be found in documentation accompanying the Program (such as a read-me file) or other information published by IBM (such as an announcement letter). Licensee agrees that such documentation and other Program content may be supplied only in the English language, unless otherwise required by local law without the possibility of contractual waiver or limitation. +The warranty applies only to the unmodified portion of the Program. IBM does not warrant uninterrupted or error-free operation of the Program, or that IBM will correct all Program defects. Licensee is responsible for the results obtained from the use of the Program. +During the Warranty Period, IBM provides Licensee with access to IBM databases containing information on known Program defects, defect corrections, restrictions, and bypasses at no additional charge. Consult the IBM Software Support Handbook for further information at www.ibm.com/software/support. +If the Program does not function as warranted during the Warranty Period and the problem cannot be resolved with information available in the IBM databases, Licensee may return the Program and its PoE to the party (either IBM or its reseller) from whom Licensee obtained it and receive a refund of the amount Licensee paid. After returning the Program, Licensee's license terminates. If Licensee downloaded the Program, Licensee should contact the party from whom Licensee obtained it for instructions on how to obtain the refund. +8.2 Exclusions +THESE WARRANTIES ARE LICENSEE'S EXCLUSIVE WARRANTIES AND REPLACE ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. SOME STATES OR JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF EXPRESS OR IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO LICENSEE. IN THAT EVENT, SUCH WARRANTIES ARE LIMITED IN DURATION TO THE WARRANTY PERIOD. NO WARRANTIES APPLY AFTER THAT PERIOD. SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, SO THE ABOVE LIMITATION MAY NOT APPLY TO LICENSEE. +THESE WARRANTIES GIVE LICENSEE SPECIFIC LEGAL RIGHTS. LICENSEE MAY ALSO HAVE OTHER RIGHTS THAT VARY FROM STATE TO STATE OR JURISDICTION TO JURISDICTION. +THE WARRANTIES IN THIS SECTION 8 (WARRANTY AND EXCLUSIONS) ARE PROVIDED SOLELY BY IBM. THE DISCLAIMERS IN THIS SUBSECTION 8.2 (EXCLUSIONS), HOWEVER, ALSO APPLY TO IBM'S SUPPLIERS OF THIRD PARTY CODE. THOSE SUPPLIERS PROVIDE SUCH CODE WITHOUT WARRANTIES OR CONDITION OF ANY KIND. THIS PARAGRAPH DOES NOT NULLIFY IBM'S WARRANTY OBLIGATIONS UNDER THIS AGREEMENT. +9. Licensee Data and Databases +To assist Licensee in isolating the cause of a problem with the Program, IBM may request that Licensee 1) allow IBM to remotely access Licensee's system or 2) send Licensee information or system data to IBM. However, IBM is not obligated to provide such assistance unless IBM and Licensee enter a separate written agreement under which IBM agrees to provide to Licensee that type of support, which is beyond IBM's warranty obligations in this Agreement. In any event, IBM uses information about errors and problems to improve its products and services, and assist with its provision of related support offerings. For these purposes, IBM may use IBM entities and subcontractors (including in one or more countries other than the one in which Licensee is located), and Licensee authorizes IBM to do so. +Licensee remains responsible for 1) any data and the content of any database Licensee makes available to IBM, 2) the selection and implementation of procedures and controls regarding access, security, encryption, use, and transmission of data (including any personally-identifiable data), and 3) backup and recovery of any database and any stored data. Licensee will not send or provide IBM access to any personally-identifiable information, whether in data or any other form, and will be responsible for reasonable costs and other amounts that IBM may incur relating to any such information mistakenly provided to IBM or the loss or disclosure of such information by IBM, including those arising out of any third party claims. +10. Limitation of Liability +The limitations and exclusions in this Section 10 (Limitation of Liability) apply to the full extent they are not prohibited by applicable law without the possibility of contractual waiver. +10.1 Items for Which IBM May Be Liable +Circumstances may arise where, because of a default on IBM's part or other liability, Licensee is entitled to recover damages from IBM. Regardless of the basis on which Licensee is entitled to claim damages from IBM (including fundamental breach, negligence, misrepresentation, or other contract or tort claim), IBM's entire liability for all claims in the aggregate arising from or related to each Program or otherwise arising under this Agreement will not exceed the amount of any 1) damages for bodily injury (including death) and damage to real property and tangible personal property and 2) other actual direct damages up to the charges (if the Program is subject to fixed term charges, up to twelve months' charges) Licensee paid for the Program that is the subject of the claim. +This limit also applies to any of IBM's Program developers and suppliers. It is the maximum for which IBM and its Program developers and suppliers are collectively responsible. +10.2 Items for Which IBM Is Not Liable +UNDER NO CIRCUMSTANCES IS IBM, ITS PROGRAM DEVELOPERS OR SUPPLIERS LIABLE FOR ANY OF THE FOLLOWING, EVEN IF INFORMED OF THEIR POSSIBILITY: +a. LOSS OF, OR DAMAGE TO, DATA; +b. SPECIAL, INCIDENTAL, EXEMPLARY, OR INDIRECT DAMAGES, OR FOR ANY ECONOMIC CONSEQUENTIAL DAMAGES; OR +c. LOST PROFITS, BUSINESS, REVENUE, GOODWILL, OR ANTICIPATED SAVINGS. +11. Compliance Verification +For purposes of this Section 11 (Compliance Verification), "IPLA Program Terms" means 1) this Agreement and applicable amendments and transaction documents provided by IBM, and 2) IBM software policies that may be found at the IBM Software Policy website (www.ibm.com/softwarepolicies), including but not limited to those policies concerning backup, sub-capacity pricing, and migration. +The rights and obligations set forth in this Section 11 remain in effect during the period the Program is licensed to Licensee, and for two years thereafter. +11.1 Verification Process +Licensee agrees to create, retain, and provide to IBM and its auditors accurate written records, system tool outputs, and other system information sufficient to provide auditable verification that Licensee's use of all Programs is in compliance with the IPLA Program Terms, including, without limitation, all of IBM's applicable licensing and pricing qualification terms. Licensee is responsible for 1) ensuring that it does not exceed its Authorized Use, and 2) remaining in compliance with IPLA Program Terms. +Upon reasonable notice, IBM may verify Licensee's compliance with IPLA Program Terms at all sites and for all environments in which Licensee uses (for any purpose) Programs subject to IPLA Program Terms. Such verification will be conducted in a manner that minimizes disruption to Licensee's business, and may be conducted on Licensee's premises, during normal business hours. IBM may use an independent auditor to assist with such verification, provided IBM has a written confidentiality agreement in place with such auditor. +11.2 Resolution +IBM will notify Licensee in writing if any such verification indicates that Licensee has used any Program in excess of its Authorized Use or is otherwise not in compliance with the IPLA Program Terms. Licensee agrees to promptly pay directly to IBM the charges that IBM specifies in an invoice for 1) any such excess use, 2) support for such excess use for the lesser of the duration of such excess use or two years, and 3) any additional charges and other liabilities determined as a result of such verification. +12. Third Party Notices +The Program may include third party code that IBM, not the third party, licenses to Licensee under this Agreement. Notices, if any, for the third party code ("Third Party Notices") are included for Licensee's information only. These notices can be found in the Program's NOTICES file(s). Information on how to obtain source code for certain third party code can be found in the Third Party Notices. If in the Third Party Notices IBM identifies third party code as "Modifiable Third Party Code," IBM authorizes Licensee to 1) modify the Modifiable Third Party Code and 2) reverse engineer the Program modules that directly interface with the Modifiable Third Party Code provided that it is only for the purpose of debugging Licensee's modifications to such third party code. IBM's service and support obligations, if any, apply only to the unmodified Program. +13. General +a. Nothing in this Agreement affects any statutory rights of consumers that cannot be waived or limited by contract. +b. For Programs IBM provides to Licensee in tangible form, IBM fulfills its shipping and delivery obligations upon the delivery of such Programs to the IBM-designated carrier, unless otherwise agreed to in writing by Licensee and IBM. +c. If any provision of this Agreement is held to be invalid or unenforceable, the remaining provisions of this Agreement remain in full force and effect. +d. Licensee agrees to comply with all applicable export and import laws and regulations, including U.S. embargo and sanctions regulations and prohibitions on export for certain end uses or to certain users. +e. Licensee authorizes International Business Machines Corporation and its subsidiaries (and their successors and assigns, contractors and IBM Business Partners) to store and use Licensee's business contact information wherever they do business, in connection with IBM products and services, or in furtherance of IBM's business relationship with Licensee. +f. Each party will allow the other reasonable opportunity to comply before it claims that the other has not met its obligations under this Agreement. The parties will attempt in good faith to resolve all disputes, disagreements, or claims between the parties relating to this Agreement. +g. Unless otherwise required by applicable law without the possibility of contractual waiver or limitation: 1) neither party will bring a legal action, regardless of form, for any claim arising out of or related to this Agreement more than two years after the cause of action arose; and 2) upon the expiration of such time limit, any such claim and all respective rights related to the claim lapse. +h. Neither Licensee nor IBM is responsible for failure to fulfill any obligations due to causes beyond its control. +i. No right or cause of action for any third party is created by this Agreement, nor is IBM responsible for any third party claims against Licensee, except as permitted in Subsection 10.1 (Items for Which IBM May Be Liable) above for bodily injury (including death) or damage to real or tangible personal property for which IBM is legally liable to that third party. +j. In entering into this Agreement, neither party is relying on any representation not specified in this Agreement, including but not limited to any representation concerning: 1) the performance or function of the Program, other than as expressly warranted in Section 8 (Warranty and Exclusions) above; 2) the experiences or recommendations of other parties; or 3) any results or savings that Licensee may achieve. +k. IBM has signed agreements with certain organizations (called "IBM Business Partners") to promote, market, and support certain Programs. IBM Business Partners remain independent and separate from IBM. IBM is not responsible for the actions or statements of IBM Business Partners or obligations they have to Licensee. +l. The license and intellectual property indemnification terms of Licensee's other agreements with IBM (such as the IBM Customer Agreement) do not apply to Program licenses granted under this Agreement. +14. Geographic Scope and Governing Law +14.1 Governing Law +Both parties agree to the application of the laws of the country in which Licensee obtained the Program license to govern, interpret, and enforce all of Licensee's and IBM's respective rights, duties, and obligations arising from, or relating in any manner to, the subject matter of this Agreement, without regard to conflict of law principles. +The United Nations Convention on Contracts for the International Sale of Goods does not apply. +14.2 Jurisdiction +All rights, duties, and obligations are subject to the courts of the country in which Licensee obtained the Program license. +Part 2 - Country-unique Terms +For licenses granted in the countries specified below, the following terms replace or modify the referenced terms in Part 1. All terms in Part 1 that are not changed by these amendments remain unchanged and in effect. This Part 2 is organized as follows: +* Multiple country amendments to Part 1, Section 14 (Governing Law and Jurisdiction); +* Americas country amendments to other Agreement terms; +* Asia Pacific country amendments to other Agreement terms; and +* Europe, Middle East, and Africa country amendments to other Agreement terms. +Multiple country amendments to Part 1, Section 14 (Governing Law and Jurisdiction) +14.1 Governing Law +The phrase "the laws of the country in which Licensee obtained the Program license" in the first paragraph of 14.1 Governing Law is replaced by the following phrases in the countries below: +AMERICAS +(1) In Canada: the laws in the Province of Ontario; +(2) in Mexico: the federal laws of the Republic of Mexico; +(3) in the United States, Anguilla, Antigua/Barbuda, Aruba, British Virgin Islands, Cayman Islands, Dominica, Grenada, Guyana, Saint Kitts and Nevis, Saint Lucia, Saint Maarten, and Saint Vincent and the Grenadines: the laws of the State of New York, United States; +(4) in Venezuela: the laws of the Bolivarian Republic of Venezuela; +ASIA PACIFIC +(5) in Cambodia and Laos: the laws of the State of New York, United States; +(6) in Australia: the laws of the State or Territory in which the transaction is performed; +(7) in Hong Kong SAR and Macau SAR: the laws of Hong Kong Special Administrative Region ("SAR"); +(8) in Taiwan: the laws of Taiwan; +EUROPE, MIDDLE EAST, AND AFRICA +(9) in Albania, Armenia, Azerbaijan, Belarus, Bosnia-Herzegovina, Bulgaria, Croatia, Former Yugoslav Republic of Macedonia, Georgia, Hungary, Kazakhstan, Kyrgyzstan, Moldova, Montenegro, Poland, Romania, Russia, Serbia, Slovakia, Tajikistan, Turkmenistan, Ukraine, and Uzbekistan: the laws of Austria; +(10) in Algeria, Andorra, Benin, Burkina Faso, Cameroon, Cape Verde, Central African Republic, Chad, Comoros, Congo Republic, Djibouti, Democratic Republic of Congo, Equatorial Guinea, French Guiana, French Polynesia, Gabon, Gambia, Guinea, Guinea-Bissau, Ivory Coast, Lebanon, Madagascar, Mali, Mauritania, Mauritius, Mayotte, Morocco, New Caledonia, Niger, Reunion, Senegal, Seychelles, Togo, Tunisia, Vanuatu, and Wallis and Futuna: the laws of France; +(11) in Estonia, Latvia, and Lithuania: the laws of Finland; +(12) in Angola, Bahrain, Botswana, Burundi, Egypt, Eritrea, Ethiopia, Ghana, Jordan, Kenya, Kuwait, Liberia, Malawi, Malta, Mozambique, Nigeria, Oman, Pakistan, Qatar, Rwanda, Sao Tome and Principe, Saudi Arabia, Sierra Leone, Somalia, Tanzania, Uganda, United Arab Emirates, the United Kingdom, West Bank/Gaza, Yemen, Zambia, and Zimbabwe: the laws of England; and +(13) in South Africa, Namibia, Lesotho, and Swaziland: the laws of the Republic of South Africa. +14.2 Jurisdiction +The following paragraph pertains to jurisdiction and replaces Subsection 14.2 (Jurisdiction) as it applies for those countries identified below: +All rights, duties, and obligations are subject to the courts of the country in which Licensee obtained the Program license except that in the countries identified below all disputes arising out of or related to this Agreement, including summary proceedings, will be brought before and subject to the exclusive jurisdiction of the following courts of competent jurisdiction: +AMERICAS +(1) In Argentina: the Ordinary Commercial Court of the city of Buenos Aires; +(2) in Brazil: the court of Rio de Janeiro, RJ; +(3) in Chile: the Civil Courts of Justice of Santiago; +(4) in Ecuador: the civil judges of Quito for executory or summary proceedings (as applicable); +(5) in Mexico: the courts located in Mexico City, Federal District; +(6) in Peru: the judges and tribunals of the judicial district of Lima, Cercado; +(7) in Uruguay: the courts of the city of Montevideo; +(8) in Venezuela: the courts of the metropolitan area of the city of Caracas; +EUROPE, MIDDLE EAST, AND AFRICA +(9) in Austria: the court of law in Vienna, Austria (Inner-City); +(10) in Algeria, Andorra, Benin, Burkina Faso, Cameroon, Cape Verde, Central African Republic, Chad, Comoros, Congo Republic, Djibouti, Democratic Republic of Congo, Equatorial Guinea, France, French Guiana, French Polynesia, Gabon, Gambia, Guinea, Guinea-Bissau, Ivory Coast, Lebanon, Madagascar, Mali, Mauritania, Mauritius, Mayotte, Monaco, Morocco, New Caledonia, Niger, Reunion, Senegal, Seychelles, Togo, Tunisia, Vanuatu, and Wallis and Futuna: the Commercial Court of Paris; +(11) in Angola, Bahrain, Botswana, Burundi, Egypt, Eritrea, Ethiopia, Ghana, Jordan, Kenya, Kuwait, Liberia, Malawi, Malta, Mozambique, Nigeria, Oman, Pakistan, Qatar, Rwanda, Sao Tome and Principe, Saudi Arabia, Sierra Leone, Somalia, Tanzania, Uganda, United Arab Emirates, the United Kingdom, West Bank/Gaza, Yemen, Zambia, and Zimbabwe: the English courts; +(12) in South Africa, Namibia, Lesotho, and Swaziland: the High Court in Johannesburg; +(13) in Greece: the competent court of Athens; +(14) in Israel: the courts of Tel Aviv-Jaffa; +(15) in Italy: the courts of Milan; +(16) in Portugal: the courts of Lisbon; +(17) in Spain: the courts of Madrid; and +(18) in Turkey: the Istanbul Central Courts and Execution Directorates of Istanbul, the Republic of Turkey. +14.3 Arbitration +The following paragraph is added as a new Subsection 14.3 (Arbitration) as it applies for those countries identified below. The provisions of this Subsection 14.3 prevail over those of Subsection 14.2 (Jurisdiction) to the extent permitted by the applicable governing law and rules of procedure: +ASIA PACIFIC +(1) In Cambodia, India, Laos, Philippines, and Vietnam: +Disputes arising out of or in connection with this Agreement will be finally settled by arbitration which will be held in Singapore in accordance with the Arbitration Rules of Singapore International Arbitration Center ("SIAC Rules") then in effect. The arbitration award will be final and binding for the parties without appeal and will be in writing and set forth the findings of fact and the conclusions of law. +The number of arbitrators will be three, with each side to the dispute being entitled to appoint one arbitrator. The two arbitrators appointed by the parties will appoint a third arbitrator who will act as chairman of the proceedings. Vacancies in the post of chairman will be filled by the president of the SIAC. Other vacancies will be filled by the respective nominating party. Proceedings will continue from the stage they were at when the vacancy occurred. +If one of the parties refuses or otherwise fails to appoint an arbitrator within 30 days of the date the other party appoints its, the first appointed arbitrator will be the sole arbitrator, provided that the arbitrator was validly and properly appointed. +All proceedings will be conducted, including all documents presented in such proceedings, in the English language. The English language version of this Agreement prevails over any other language version. +(2) In the People's Republic of China: +In case no settlement can be reached, the disputes will be submitted to China International Economic and Trade Arbitration Commission for arbitration according to the then effective rules of the said Arbitration Commission. The arbitration will take place in Beijing and be conducted in Chinese. The arbitration award will be final and binding on both parties. During the course of arbitration, this agreement will continue to be performed except for the part which the parties are disputing and which is undergoing arbitration. +(3) In Indonesia: +Each party will allow the other reasonable opportunity to comply before it claims that the other has not met its obligations under this Agreement. The parties will attempt in good faith to resolve all disputes, disagreements, or claims between the parties relating to this Agreement. Unless otherwise required by applicable law without the possibility of contractual waiver or limitation, i) neither party will bring a legal action, regardless of form, arising out of or related to this Agreement or any transaction under it more than two years after the cause of action arose; and ii) after such time limit, any legal action arising out of this Agreement or any transaction under it and all respective rights related to any such action lapse. +Disputes arising out of or in connection with this Agreement shall be finally settled by arbitration that shall be held in Jakarta, Indonesia in accordance with the rules of Board of the Indonesian National Board of Arbitration (Badan Arbitrase Nasional Indonesia or "BANI") then in effect. The arbitration award shall be final and binding for the parties without appeal and shall be in writing and set forth the findings of fact and the conclusions of law. +The number of arbitrators shall be three, with each side to the dispute being entitled to appoint one arbitrator. The two arbitrators appointed by the parties shall appoint a third arbitrator who shall act as chairman of the proceedings. Vacancies in the post of chairman shall be filled by the chairman of the BANI. Other vacancies shall be filled by the respective nominating party. Proceedings shall continue from the stage they were at when the vacancy occurred. +If one of the parties refuses or otherwise fails to appoint an arbitrator within 30 days of the date the other party appoints its, the first appointed arbitrator shall be the sole arbitrator, provided that the arbitrator was validly and properly appointed. +All proceedings shall be conducted, including all documents presented in such proceedings, in the English and/or Indonesian language. +EUROPE, MIDDLE EAST, AND AFRICA +(4) In Albania, Armenia, Azerbaijan, Belarus, Bosnia-Herzegovina, Bulgaria, Croatia, Former Yugoslav Republic of Macedonia, Georgia, Hungary, Kazakhstan, Kyrgyzstan, Moldova, Montenegro, Poland, Romania, Russia, Serbia, Slovakia, Tajikistan, Turkmenistan, Ukraine, and Uzbekistan: +All disputes arising out of this Agreement or related to its violation, termination or nullity will be finally settled under the Rules of Arbitration and Conciliation of the International Arbitral Center of the Federal Economic Chamber in Vienna (Vienna Rules) by three arbitrators appointed in accordance with these rules. The arbitration will be held in Vienna, Austria, and the official language of the proceedings will be English. The decision of the arbitrators will be final and binding upon both parties. Therefore, pursuant to paragraph 598 (2) of the Austrian Code of Civil Procedure, the parties expressly waive the application of paragraph 595 (1) figure 7 of the Code. IBM may, however, institute proceedings in a competent court in the country of installation. +(5) In Estonia, Latvia, and Lithuania: +All disputes arising in connection with this Agreement will be finally settled in arbitration that will be held in Helsinki, Finland in accordance with the arbitration laws of Finland then in effect. Each party will appoint one arbitrator. The arbitrators will then jointly appoint the chairman. If arbitrators cannot agree on the chairman, then the Central Chamber of Commerce in Helsinki will appoint the chairman. +AMERICAS COUNTRY AMENDMENTS +CANADA +10.1 Items for Which IBM May be Liable +The following replaces Item 1 in the first paragraph of this Subsection 10.1 (Items for Which IBM May be Liable): +1) damages for bodily injury (including death) and physical harm to real property and tangible personal property caused by IBM's negligence; and +13. General +The following replaces Item 13.d: +d. Licensee agrees to comply with all applicable export and import laws and regulations, including those of that apply to goods of United States origin and that prohibit or limit export for certain uses or to certain users. +The following replaces Item 13.i: +i. No right or cause of action for any third party is created by this Agreement or any transaction under it, nor is IBM responsible for any third party claims against Licensee except as permitted by the Limitation of Liability section above for bodily injury (including death) or physical harm to real or tangible personal property caused by IBM's negligence for which IBM is legally liable to that third party. +The following is added as Item 13.m: +m. For purposes of this Item 13.m, "Personal Data" refers to information relating to an identified or identifiable individual made available by one of the parties, its personnel or any other individual to the other in connection with this Agreement. The following provisions apply in the event that one party makes Personal Data available to the other: +(1) General +(a) Each party is responsible for complying with any obligations applying to it under applicable Canadian data privacy laws and regulations ("Laws"). +(b) Neither party will request Personal Data beyond what is necessary to fulfill the purpose(s) for which it is requested. The purpose(s) for requesting Personal Data must be reasonable. Each party will agree in advance as to the type of Personal Data that is required to be made available. +(2) Security Safeguards +(a) Each party acknowledges that it is solely responsible for determining and communicating to the other the appropriate technological, physical and organizational security measures required to protect Personal Data. +(b) Each party will ensure that Personal Data is protected in accordance with the security safeguards communicated and agreed to by the other. +(c) Each party will ensure that any third party to whom Personal Data is transferred is bound by the applicable terms of this section. +(d) Additional or different services required to comply with the Laws will be deemed a request for new services. +(3) Use +Each party agrees that Personal Data will only be used, accessed, managed, transferred, disclosed to third parties or otherwise processed to fulfill the purpose(s) for which it was made available. +(4) Access Requests +(a) Each party agrees to reasonably cooperate with the other in connection with requests to access or amend Personal Data. +(b) Each party agrees to reimburse the other for any reasonable charges incurred in providing each other assistance. +(c) Each party agrees to amend Personal Data only upon receiving instructions to do so from the other party or its personnel. +(5) Retention +Each party will promptly return to the other or destroy all Personal Data that is no longer necessary to fulfill the purpose(s) for which it was made available, unless otherwise instructed by the other or its personnel or required by law. +(6) Public Bodies Who Are Subject to Public Sector Privacy Legislation +For Licensees who are public bodies subject to public sector privacy legislation, this Item 13.m applies only to Personal Data made available to Licensee in connection with this Agreement, and the obligations in this section apply only to Licensee, except that: 1) section (2)(a) applies only to IBM; 2) sections (1)(a) and (4)(a) apply to both parties; and 3) section (4)(b) and the last sentence in (1)(b) do not apply. +PERU +10. Limitation of Liability +The following is added to the end of this Section 10 (Limitation of Liability): +Except as expressly required by law without the possibility of contractual waiver, Licensee and IBM intend that the limitation of liability in this Limitation of Liability section applies to damages caused by all types of claims and causes of action. If any limitation on or exclusion from liability in this section is held by a court of competent jurisdiction to be unenforceable with respect to a particular claim or cause of action, the parties intend that it nonetheless apply to the maximum extent permitted by applicable law to all other claims and causes of action. +10.1 Items for Which IBM May be Liable +The following is added at the end of this Subsection 10.1: +In accordance with Article 1328 of the Peruvian Civil Code, the limitations and exclusions specified in this section will not apply to damages caused by IBM's willful misconduct ("dolo") or gross negligence ("culpa inexcusable"). +UNITED STATES OF AMERICA +5. Taxes +The following is added at the end of this Section 5 (Taxes) +For Programs delivered electronically in the United States for which Licensee claims a state sales and use tax exemption, Licensee agrees not to receive any tangible personal property (e.g., media and publications) associated with the electronic program. +Licensee agrees to be responsible for any sales and use tax liabilities that may arise as a result of Licensee's subsequent redistribution of Programs after delivery by IBM. +13. General +The following is added to Section 13 as Item 13.m: +U.S. Government Users Restricted Rights - Use, duplication or disclosure is restricted by the GSA IT Schedule 70 Contract with the IBM Corporation. +The following is added to Item 13.f: +Each party waives any right to a jury trial in any proceeding arising out of or related to this Agreement. +ASIA PACIFIC COUNTRY AMENDMENTS +AUSTRALIA +5. Taxes +The following sentences replace the first two sentences of Section 5 (Taxes): +If any government or authority imposes a duty, tax (other than income tax), levy, or fee, on this Agreement or on the Program itself, that is not otherwise provided for in the amount payable, Licensee agrees to pay it when IBM invoices Licensee. If the rate of GST changes, IBM may adjust the charge or other amount payable to take into account that change from the date the change becomes effective. +8.1 Limited Warranty +The following is added to Subsection 8.1 (Limited Warranty): +The warranties specified this Section are in addition to any rights Licensee may have under the Competition and Consumer Act 2010 or other legislation and are only limited to the extent permitted by the applicable legislation. +10.1 Items for Which IBM May be Liable +The following is added to Subsection 10.1 (Items for Which IBM May be Liable): +Where IBM is in breach of a condition or warranty implied by the Competition and Consumer Act 2010, IBM's liability is limited to the repair or replacement of the goods, or the supply of equivalent goods. Where that condition or warranty relates to right to sell, quiet possession or clear title, or the goods are of a kind ordinarily obtained for personal, domestic or household use or consumption, then none of the limitations in this paragraph apply. +HONG KONG SAR, MACAU SAR, AND TAIWAN +As applies to licenses obtained in Taiwan and the special administrative regions, phrases throughout this Agreement containing the word "country" (for example, "the country in which the original Licensee was granted the license" and "the country in which Licensee obtained the Program license") are replaced with the following: +(1) In Hong Kong SAR: "Hong Kong SAR" +(2) In Macau SAR: "Macau SAR" except in the Governing Law clause (Section 14.1) +(3) In Taiwan: "Taiwan." +INDIA +10.1 Items for Which IBM May be Liable +The following replaces the terms of Items 1 and 2 of the first paragraph: +1) liability for bodily injury (including death) or damage to real property and tangible personal property will be limited to that caused by IBM's negligence; and 2) as to any other actual damage arising in any situation involving nonperformance by IBM pursuant to, or in any way related to the subject of this Agreement, IBM's liability will be limited to the charge paid by Licensee for the individual Program that is the subject of the claim. +13. General +The following replaces the terms of Item 13.g: +If no suit or other legal action is brought, within three years after the cause of action arose, in respect of any claim that either party may have against the other, the rights of the concerned party in respect of such claim will be forfeited and the other party will stand released from its obligations in respect of such claim. +INDONESIA +3.3 Term and Termination +The following is added to the last paragraph: +Both parties waive the provision of article 1266 of the Indonesian Civil Code, to the extent the article provision requires such court decree for the termination of an agreement creating mutual obligations. +JAPAN +13. General +The following is inserted after Item 13.f: +Any doubts concerning this Agreement will be initially resolved between us in good faith and in accordance with the principle of mutual trust. +MALAYSIA +10.2 Items for Which IBM Is not Liable +The word "SPECIAL" in Item 10.2b is deleted. +NEW ZEALAND +8.1 Limited Warranty +The following is added: +The warranties specified in this Section are in addition to any rights Licensee may have under the Consumer Guarantees Act 1993 or other legislation which cannot be excluded or limited. The Consumer Guarantees Act 1993 will not apply in respect of any goods which IBM provides, if Licensee requires the goods for the purposes of a business as defined in that Act. +10. Limitation of Liability +The following is added: +Where Programs are not obtained for the purposes of a business as defined in the Consumer Guarantees Act 1993, the limitations in this Section are subject to the limitations in that Act. +PEOPLE'S REPUBLIC OF CHINA +4. Charges +The following is added: +All banking charges incurred in the People's Republic of China will be borne by Licensee and those incurred outside the People's Republic of China will be borne by IBM. +PHILIPPINES +10.2 Items for Which IBM Is not Liable +The following replaces the terms of Item 10.2b: +b. special (including nominal and exemplary damages), moral, incidental, or indirect damages or for any economic consequential damages; or +SINGAPORE +10.2 Items for Which IBM Is not Liable +The words "SPECIAL" and "ECONOMIC" are deleted from Item 10.2b. +13. General +The following replaces the terms of Item 13.i: +Subject to the rights provided to IBM's suppliers and Program developers as provided in Section 10 above (Limitation of Liability), a person who is not a party to this Agreement will have no right under the Contracts (Right of Third Parties) Act to enforce any of its terms. +TAIWAN +8.1 Limited Warranty +The last paragraph is deleted. +10.1 Items for Which IBM May Be Liable +The following sentences are deleted: +This limit also applies to any of IBM's subcontractors and Program developers. It is the maximum for which IBM and its subcontractors and Program developers are collectively responsible. +EUROPE, MIDDLE EAST, AFRICA (EMEA) COUNTRY AMENDMENTS +EUROPEAN UNION MEMBER STATES +8. Warranty and Exclusions +The following is added to Section 8 (Warranty and Exclusion): +In the European Union ("EU"), consumers have legal rights under applicable national legislation governing the sale of consumer goods. Such rights are not affected by the provisions set out in this Section 8 (Warranty and Exclusions). The territorial scope of the Limited Warranty is worldwide. +EU MEMBER STATES AND THE COUNTRIES IDENTIFIED BELOW +Iceland, Liechtenstein, Norway, Switzerland, Turkey, and any other European country that has enacted local data privacy or protection legislation similar to the EU model. +13. General +The following replaces Item 13.e: +(1) Definitions - For the purposes of this Item 13.e, the following additional definitions apply: +(a) Business Contact Information - business-related contact information disclosed by Licensee to IBM, including names, job titles, business addresses, telephone numbers and email addresses of Licensee's employees and contractors. For Austria, Italy and Switzerland, Business Contact Information also includes information about Licensee and its contractors as legal entities (for example, Licensee's revenue data and other transactional information) +(b) Business Contact Personnel - Licensee employees and contractors to whom the Business Contact Information relates. +(c) Data Protection Authority - the authority established by the Data Protection and Electronic Communications Legislation in the applicable country or, for non-EU countries, the authority responsible for supervising the protection of personal data in that country, or (for any of the foregoing) any duly appointed successor entity thereto. +(d) Data Protection & Electronic Communications Legislation - (i) the applicable local legislation and regulations in force implementing the requirements of EU Directive 95/46/EC (on the protection of individuals with regard to the processing of personal data and on the free movement of such data) and of EU Directive 2002/58/EC (concerning the processing of personal data and the protection of privacy in the electronic communications sector); or (ii) for non-EU countries, the legislation and/or regulations passed in the applicable country relating to the protection of personal data and the regulation of electronic communications involving personal data, including (for any of the foregoing) any statutory replacement or modification thereof. +(e) IBM Group - International Business Machines Corporation of Armonk, New York, USA, its subsidiaries, and their respective Business Partners and subcontractors. +(2) Licensee authorizes IBM: +(a) to process and use Business Contact Information within IBM Group in support of Licensee including the provision of support services, and for the purpose of furthering the business relationship between Licensee and IBM Group, including, without limitation, contacting Business Contact Personnel (by email or otherwise) and marketing IBM Group products and services (the "Specified Purpose"); and +(b) to disclose Business Contact Information to other members of IBM Group in pursuit of the Specified Purpose only. +(3) IBM agrees that all Business Contact Information will be processed in accordance with the Data Protection & Electronic Communications Legislation and will be used only for the Specified Purpose. +(4) To the extent required by the Data Protection & Electronic Communications Legislation, Licensee represents that (a) it has obtained (or will obtain) any consents from (and has issued (or will issue) any notices to) the Business Contact Personnel as are necessary in order to enable IBM Group to process and use the Business Contact Information for the Specified Purpose. +(5) Licensee authorizes IBM to transfer Business Contact Information outside the European Economic Area, provided that the transfer is made on contractual terms approved by the Data Protection Authority or the transfer is otherwise permitted under the Data Protection & Electronic Communications Legislation. +AUSTRIA +8.2 Exclusions +The following is deleted from the first paragraph: +MERCHANTABILITY, SATISFACTORY QUALITY +10. Limitation of Liability +The following is added: +The following limitations and exclusions of IBM's liability do not apply for damages caused by gross negligence or willful misconduct. +10.1 Items for Which IBM May Be Liable +The following replaces the first sentence in the first paragraph: +Circumstances may arise where, because of a default by IBM in the performance of its obligations under this Agreement or other liability, Licensee is entitled to recover damages from IBM. +In the second sentence of the first paragraph, delete entirely the parenthetical phrase: +"(including fundamental breach, negligence, misrepresentation, or other contract or tort claim)". +10.2 Items for Which IBM Is Not Liable +The following replaces Item 10.2b: +b. indirect damages or consequential damages; or +BELGIUM, FRANCE, ITALY, AND LUXEMBOURG +10. Limitation of Liability +The following replaces the terms of Section 10 (Limitation of Liability) in its entirety: +Except as otherwise provided by mandatory law: +10.1 Items for Which IBM May Be Liable +IBM's entire liability for all claims in the aggregate for any damages and losses that may arise as a consequence of the fulfillment of its obligations under or in connection with this Agreement or due to any other cause related to this Agreement is limited to the compensation of only those damages and losses proved and actually arising as an immediate and direct consequence of the non-fulfillment of such obligations (if IBM is at fault) or of such cause, for a maximum amount equal to the charges (if the Program is subject to fixed term charges, up to twelve months' charges) Licensee paid for the Program that has caused the damages. +The above limitation will not apply to damages for bodily injuries (including death) and damages to real property and tangible personal property for which IBM is legally liable. +10.2 Items for Which IBM Is Not Liable +UNDER NO CIRCUMSTANCES IS IBM OR ANY OF ITS PROGRAM DEVELOPERS LIABLE FOR ANY OF THE FOLLOWING, EVEN IF INFORMED OF THEIR POSSIBILITY: 1) LOSS OF, OR DAMAGE TO, DATA; 2) INCIDENTAL, EXEMPLARY OR INDIRECT DAMAGES, OR FOR ANY ECONOMIC CONSEQUENTIAL DAMAGES; AND / OR 3) LOST PROFITS, BUSINESS, REVENUE, GOODWILL, OR ANTICIPATED SAVINGS, EVEN IF THEY ARISE AS AN IMMEDIATE CONSEQUENCE OF THE EVENT THAT GENERATED THE DAMAGES. +10.3 Suppliers and Program Developers +The limitation and exclusion of liability herein agreed applies not only to the activities performed by IBM but also to the activities performed by its suppliers and Program developers, and represents the maximum amount for which IBM as well as its suppliers and Program developers are collectively responsible. +GERMANY +8.1 Limited Warranty +The following is inserted at the beginning of Section 8.1: +The Warranty Period is twelve months from the date of delivery of the Program to the original Licensee. +8.2 Exclusions +Section 8.2 is deleted in its entirety and replaced with the following: +Section 8.1 defines IBM's entire warranty obligations to Licensee except as otherwise required by applicable statutory law. +10. Limitation of Liability +The following replaces the Limitation of Liability section in its entirety: +a. IBM will be liable without limit for 1) loss or damage caused by a breach of an express guarantee; 2) damages or losses resulting in bodily injury (including death); and 3) damages caused intentionally or by gross negligence. +b. In the event of loss, damage and frustrated expenditures caused by slight negligence or in breach of essential contractual obligations, IBM will be liable, regardless of the basis on which Licensee is entitled to claim damages from IBM (including fundamental breach, negligence, misrepresentation, or other contract or tort claim), per claim only up to the greater of 500,000 euro or the charges (if the Program is subject to fixed term charges, up to 12 months' charges) Licensee paid for the Program that caused the loss or damage. A number of defaults which together result in, or contribute to, substantially the same loss or damage will be treated as one default. +c. In the event of loss, damage and frustrated expenditures caused by slight negligence, IBM will not be liable for indirect or consequential damages, even if IBM was informed about the possibility of such loss or damage. +d. In case of delay on IBM's part: 1) IBM will pay to Licensee an amount not exceeding the loss or damage caused by IBM's delay and 2) IBM will be liable only in respect of the resulting damages that Licensee suffers, subject to the provisions of Items a and b above. +13. General +The following replaces the provisions of 13.g: +Any claims resulting from this Agreement are subject to a limitation period of three years, except as stated in Section 8.1 (Limited Warranty) of this Agreement. +The following replaces the provisions of 13.i: +No right or cause of action for any third party is created by this Agreement, nor is IBM responsible for any third party claims against Licensee, except (to the extent permitted in Section 10 (Limitation of Liability)) for: i) bodily injury (including death); or ii) damage to real or tangible personal property for which (in either case) IBM is legally liable to that third party. +IRELAND +8.2 Exclusions +The following paragraph is added: +Except as expressly provided in these terms and conditions, or Section 12 of the Sale of Goods Act 1893 as amended by the Sale of Goods and Supply of Services Act, 1980 (the "1980 Act"), all conditions or warranties (express or implied, statutory or otherwise) are hereby excluded including, without limitation, any warranties implied by the Sale of Goods Act 1893 as amended by the 1980 Act (including, for the avoidance of doubt, Section 39 of the 1980 Act). +IRELAND AND UNITED KINGDOM +2. Agreement Structure +The following sentence is added: +Nothing in this paragraph shall have the effect of excluding or limiting liability for fraud. +10.1 Items for Which IBM May Be Liable +The following replaces the first paragraph of the Subsection: +For the purposes of this section, a "Default" means any act, statement, omission or negligence on the part of IBM in connection with, or in relation to, the subject matter of an Agreement in respect of which IBM is legally liable to Licensee, whether in contract or in tort. A number of Defaults which together result in, or contribute to, substantially the same loss or damage will be treated as one Default. +Circumstances may arise where, because of a Default by IBM in the performance of its obligations under this Agreement or other liability, Licensee is entitled to recover damages from IBM. Regardless of the basis on which Licensee is entitled to claim damages from IBM and except as expressly required by law without the possibility of contractual waiver, IBM's entire liability for any one Default will not exceed the amount of any direct damages, to the extent actually suffered by Licensee as an immediate and direct consequence of the default, up to the greater of (1) 500,000 euro (or the equivalent in local currency) or (2) 125% of the charges (if the Program is subject to fixed term charges, up to 12 months' charges) for the Program that is the subject of the claim. Notwithstanding the foregoing, the amount of any damages for bodily injury (including death) and damage to real property and tangible personal property for which IBM is legally liable is not subject to such limitation. +10.2 Items for Which IBM is Not Liable +The following replaces Items 10.2b and 10.2c: +b. special, incidental, exemplary, or indirect damages or consequential damages; or +c. wasted management time or lost profits, business, revenue, goodwill, or anticipated savings. +Z125-3301-14 (07/2011) -Z125-3301-14 (07/2011) diff --git a/NAVIGATOR/README.md b/NAVIGATOR/README.md deleted file mode 100644 index 890aee7a..00000000 --- a/NAVIGATOR/README.md +++ /dev/null @@ -1,39 +0,0 @@ -# Deploy Business Automation Navigator - -IBM® Business Automation Navigator provides a console to work with content from multiple content servers. The console enables teams to view their documents, folders, and searches in ways that help them to complete their tasks. - -You can use IBM Business Automation Navigator with IBM FileNet Content Manager to accomplish a wide range of business needs: -- Browse for content that is stored in a repository. -- Search for content by running a text search. -- Save document, folders, and other content as favorites. -- Edit documents. -- Add documents to content servers. -- Organize documents by creating folders and adding content to the folders. -- Use the version control rules that are set on the repository. -- Create teamspaces to provide a focused view of the content and objects in the repository. - -For more information see [Business Automation Navigator in the Knowledge Center](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_18.0.x/com.ibm.dba.offerings/topics/con_ban.html) - -## Requirements and Prerequisites - -To prepare to deploy on Red Hat OpenShift, see the requirements and prerequisites in the [Deploying on Red Hat OpenShift on IBM Cloud](platform/README_Eval_ROKS.md) readme. - -Perform the following tasks to prepare to deploy your Business Automation Navigator images on Kubernetes: - -- Prepare your Kubernetes environment. See [Preparing to install automation containers on Kubernetes](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_18.0.x/com.ibm.dba.install/k8s_topics/tsk_prepare_env_k8s.html) - -- Download the PPA. Refer to the top repository [readme](../README.md) to find instructions on how to push and tag the product container images to your Docker registry. - -- Prepare your Business Automation Navigator environment. These procedures include setting up databases, LDAP, storage, and configuration files that are required for use and operation. If you plan to use the YAML file method, you also create YAML files that include the applicable parameter values for your deployment. You must complete all of the [preparation steps for Business Automation Navigator](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_18.0.x/com.ibm.dba.install/k8s_topics/tsk_prepare_bank8s.html) before you are ready to deploy the container images. - - -## Deploying - -You can deploy your container images with the following methods: - -- [Using Helm charts](helm-charts/README.md) -- [Using Kubernetes YAML](k8s-yaml/README.md) - -## Completing post deployment configuration - -After you deploy your container images, you perform some required and some optional steps to get your Business Automation Navigator environment up and running. For detailed instructions, see [Configuring IBM Business Automation Navigator in a container environment](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_18.0.x/com.ibm.dba.install/k8s_topics/tsk_ecmconfigbank8s.html). diff --git a/NAVIGATOR/configuration/.gitkeep b/NAVIGATOR/configuration/.gitkeep deleted file mode 100644 index e69de29b..00000000 diff --git a/NAVIGATOR/configuration/ICN/configDropins/overrides/DB2JCCDriver.xml b/NAVIGATOR/configuration/ICN/configDropins/overrides/DB2JCCDriver.xml deleted file mode 100644 index 937c2ce0..00000000 --- a/NAVIGATOR/configuration/ICN/configDropins/overrides/DB2JCCDriver.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - - - - diff --git a/NAVIGATOR/configuration/ICN/configDropins/overrides/OraJDBCDriver.xml b/NAVIGATOR/configuration/ICN/configDropins/overrides/OraJDBCDriver.xml deleted file mode 100644 index aa2cffb9..00000000 --- a/NAVIGATOR/configuration/ICN/configDropins/overrides/OraJDBCDriver.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - - - - - diff --git a/NAVIGATOR/configuration/ICN/configDropins/overrides/ldap_AD.xml b/NAVIGATOR/configuration/ICN/configDropins/overrides/ldap_AD.xml deleted file mode 100644 index c8fa5155..00000000 --- a/NAVIGATOR/configuration/ICN/configDropins/overrides/ldap_AD.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - - - diff --git a/NAVIGATOR/configuration/ICN/configDropins/overrides/ldap_TDS.xml b/NAVIGATOR/configuration/ICN/configDropins/overrides/ldap_TDS.xml deleted file mode 100644 index e5725463..00000000 --- a/NAVIGATOR/configuration/ICN/configDropins/overrides/ldap_TDS.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - diff --git a/NAVIGATOR/configuration/README.md b/NAVIGATOR/configuration/README.md deleted file mode 100644 index 519acfd2..00000000 --- a/NAVIGATOR/configuration/README.md +++ /dev/null @@ -1,8 +0,0 @@ -# Configuration - -Follow the instructions in [Preparing to install Business Automation Navigator](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_18.0.x/com.ibm.dba.install/k8s_topics/tsk_prepare_bank8s.html) to set up the following environment elements: - -- LDAP -- Databases -- Configuration files for LDAP and Databases -- YAML files (for YAML deployments) diff --git a/NAVIGATOR/helm-charts/.gitkeep b/NAVIGATOR/helm-charts/.gitkeep deleted file mode 100644 index e69de29b..00000000 diff --git a/NAVIGATOR/helm-charts/README.md b/NAVIGATOR/helm-charts/README.md deleted file mode 100644 index d30b8013..00000000 --- a/NAVIGATOR/helm-charts/README.md +++ /dev/null @@ -1,186 +0,0 @@ - -# Deploying with Helm charts - -> **NOTE**: To deploy on IBM Cloud Private 3.1.2 you must use Business Automation Configuration Container (BACC). - -## Requirements and Prerequisites - -Ensure that you have completed the following tasks: - -- [Preparing to install Business Automation Navigator](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_18.0.x/com.ibm.dba.install/k8s_topics/tsk_prepare_bank8s.html) - -- [Preparing your Kubernetes server, including Kubernetes, Helm Tiller, and Kubernetes command line](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_18.0.x/com.ibm.dba.install/k8s_topics/tsk_prepare_env_k8s.html) - -- [Downloading the PPA archive](../../README.md) - -The Helm command for deploying the Business Automation Navigator image include a number of required command parameters for specific environment and configuration settings. Review the reference topic for these parameters and determine the values for your environment as part of your preparation: - -- [Business Automation Navigator Helm command parameters](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_18.0.x/com.ibm.dba.ref/k8s_topics/ref_cm_banparamsk8s_helm.html) - -## Tips: - -- On Openshift, an expired docker secret can cause errors during deployment. If an admin.registry key already exists and has expired, delete the key with the following command: - ```console - kubectl delete secret admin.registrykey -n - ``` - - Then generate a new docker secret with the following command: - - ```console - kubectl create secret docker-registry admin.registrykey --docker-server= --docker-username= --docker-password=$(oc whoami -t) --docker-email=ecmtest@ibm.com -n - ``` - - -## Initializing the command line interface -Use the following commands to initialize the command line interface: -1. Run the init command: - ```console - $ helm init --client-only - ``` -2. Check whether the command line can connect to the remote Tiller server: - ```console - $ helm version - Client: &version.Version{SemVer:"v2.9.1", GitCommit:"f6025bb9ee7daf9fee0026541c90a6f557a3e0bc", GitTreeState:"clean"} - Server: &version.Version{SemVer:"v2.9.1", GitCommit:"f6025bb9ee7daf9fee0026541c90a6f557a3e0bc", GitTreeState:"clean"} - ``` - -## Deploying images -Provide the parameter values for your environment and run the command to deploy the image. - > **Tip**: Copy the sample command to a file, edit the parameter values, and use the updated command for deployment. - > **Tip**: The values which are include for 'resources' inside helm install / upgrade commands just suggestions only. Each deployment must take into account the demands their particular workload will place on the system. - -For deployments on Red Hat OpenShift, note the following considerations for whether you want to use the Arbitrary UID capability in your environment: - -- If you don't want to use Arbitrary UID capability in your Red Hat OpenShift environment, deploy the images as described in the following sections. - -- If you do want to use Arbitrary UID, prepare for deployment by checking and if needed editing your Security Context Constraint: - - Set the desired user id range of minimum and maximum values for the project namespace: - - ```$ oc edit namespace ``` - - For the uid-range annotation, verify that a value similar to the following is specified: - - ```$ openshift.io/sa.scc.uid-range=1000490000/10000 ``` - - This range is similar to the default range for Red Hat OpenShift. - - - Remove authenticated users from anyuid (if set): - - ```$ oc adm policy remove-scc-from-group anyuid system:authenticated ``` - - - Update the runAsUser value. - Find the entry: - - ``` - $ oc get scc -o yaml - runAsUser: - type: RunAsAny - ``` - - Update the value: - - ``` - $ oc get scc -o yaml - runAsUser: - type: MustRunAsRange - ``` - -To deploy Business Automation Navigator: - - ```console - $ helm install ibm-dba-navigator-3.2.0.tgz --name dbamc-navigator --namespace dbamc --set icnProductionSetting.license=accept,icnProductionSetting.JVM_INITIAL_HEAP_PERCENTAGE=40,icnProductionSetting.JVM_MAX_HEAP_PERCENTAGE=66,service.externalmetricsPort=9103,icnProductionSetting.icnDBType=db2,icnProductionSetting.icnJNDIDSName=ECMClientDS,icnProductionSetting.icnSChema=ICNDB,icnProductionSetting.icnTableSpace=ICNDBTS,icnProductionSetting.icnAdmin=ceadmin,icnProductionSetting.navigatorMode=0,dataVolume.existingPVCforICNCfgstore=icn-cfgstore,dataVolume.existingPVCforICNLogstore=icn-logstore,dataVolume.existingPVCforICNPluginstore=icn-pluginstore,dataVolume.existingPVCforICNVWCachestore=icn-vw-cachestore,dataVolume.existingPVCforICNVWLogstore=icn-vw-logstore,dataVolume.existingPVCforICNAsperastore=icn-asperastore,autoscaling.enabled=False,replicaCount=1,imagePullSecrets.name=admin.registrykey,image.repository=:/dbamc/navigator,image.tag=ga-306-icn - ``` -Replace with correct registry url. For example --> docker-registry.default.svc - -> **Reminder**: After you deploy, return to the instructions in the Knowledge Center, [Configuring IBM Business Automation Navigator in a container environment](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_18.0.x/com.ibm.dba.install/k8s_topics/tsk_ecmconfigbank8s.html), to get your Business Automation Navigator environment up and running. - -## Upgrading deployments - > **Tip**: You can discover the necessary resource values for the deployment from corresponding product deployments in IBM Cloud Private Console and Openshift Container Platform. - -### Before you begin -Before you run the upgrade commands, you must prepare the environment for upgrades by updating permissions on your persistent volumes. Complete the preparation steps in the following topic before you start the upgrade: [Upgrading Business Automation Navigator releases](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.upgrading/topics/tsk_cn_upgrade.html) - -You must also [download the PPA archive](../../README.md) before you begin the upgrade process. - -### Upgrading on Red Hat OpenShift - -For upgrades on Red Hat OpenShift, note the following considerations for whether you want to use the Arbitrary UID capability in your updated environment: - -- If you don't want to use Arbitrary UID capability in your Red Hat OpenShift environment, use the instructions in Upgrading on certified Kubernetes platforms. - -- If you do want to use Arbitrary UID, use the following steps to prepare for the upgrade: - -1. Check and if necessary edit your Security Context Constraint to set desired user id range of minimum and maximum values for the project namespace: - - Set the desired user id range of minimum and maximum values for the project namespace: - - ```$ oc edit namespace ``` - - For the uid-range annotation, verify that a value similar to the following is specified: - - ```$ openshift.io/sa.scc.uid-range=1000490000/10000 ``` - - This range is similar to the default range for Red Hat OpenShift. - - - Remove authenticated users from anyuid (if set): - - ```$ oc adm policy remove-scc-from-group anyuid system:authenticated ``` - - - Update the runAsUser value. - Find the entry: - - ``` - $ oc get scc -o yaml - runAsUser: - type: RunAsAny - ``` - - Update the value: - - ``` - $ oc get scc -o yaml - runAsUser: - type: MustRunAsRange - ``` -2. Stop all existing containers. - -3. Run the new install (instead of upgrade) command for the container. Update the command provided to include the values for your existing environment. - -> **NOTE**: In this context, the install commands update the application. Updates for your existing data happen automatically when the updated applications start. - -To deploy Business Automation Navigator: - - ```console - $ helm install ibm-dba-navigator-3.2.0.tgz --name dbamc-navigator --namespace dbamc --set icnProductionSetting.license=accept,icnProductionSetting.JVM_INITIAL_HEAP_PERCENTAGE=40,icnProductionSetting.JVM_MAX_HEAP_PERCENTAGE=66,service.externalmetricsPort=9103,icnProductionSetting.icnDBType=db2,icnProductionSetting.icnJNDIDSName=ECMClientDS,icnProductionSetting.icnSChema=ICNDB,icnProductionSetting.icnTableSpace=ICNDBTS,icnProductionSetting.icnAdmin=ceadmin,icnProductionSetting.navigatorMode=0,dataVolume.existingPVCforICNCfgstore=icn-cfgstore,dataVolume.existingPVCforICNLogstore=icn-logstore,dataVolume.existingPVCforICNPluginstore=icn-pluginstore,dataVolume.existingPVCforICNVWCachestore=icn-vw-cachestore,dataVolume.existingPVCforICNVWLogstore=icn-vw-logstore,dataVolume.existingPVCforICNAsperastore=icn-asperastore,autoscaling.enabled=False,replicaCount=1,imagePullSecrets.name=admin.registrykey,image.repository=:/dbamc/navigator,image.tag=ga-306-icn - ``` -Replace with correct registry url. For example --> docker-registry.default.svc - - -## Upgrading on certified Kubernetes platforms - -To deploy Business Automation Navigator: - -On Red Hat OpenShift: - -``` - $ helm upgrade dbamc-helm-navigator ibm-dba-navigator-3.2.0.tgz --reuse-values --set image.repository=:/dbamc/navigator/navigator,image.tag=ga-306-icn-if002,resources.requests.cpu=500m,resources.requests.memory=512Mi,icnProductionSetting.JVM_INITIAL_HEAP_PERCENTAGE=40,icnProductionSetting.JVM_MAX_HEAP_PERCENTAGE=66,imagePullSecrets.name=admin.registrykey,resources.limits.cpu=1,resources.limits.memory=1024Mi,log.format=json,service.externalmetricsPort=9103 -``` -On non-Red Hat OpenShift: - -``` - $ helm upgrade dbamc-helm-navigator ibm-dba-navigator-3.2.0.tgz --tls --reuse-values --set image.repository=:/dbamc/navigator,image.tag=ga-306-icn-if002,icnProductionSetting.JVM_INITIAL_HEAP_PERCENTAGE=40,icnProductionSetting.JVM_MAX_HEAP_PERCENTAGE=66,service.externalmetricsPort=9103,runAsUser=50001 -``` -Replace with correct registry url. For example --> docker-registry.default.svc - -## Uninstalling a Kubernetes release of Business Automation Navigator - -To uninstall and delete a release named `my-icn-prod-release`, use the following command: - -```console -$ helm delete my-icn-prod-release --purge -``` - -The command removes all the Kubernetes components associated with the release, except any Persistent Volume Claims (PVCs). This is the default behavior of Kubernetes, and ensures that valuable data is not deleted. To delete the persisted data of the release, you can delete the PVC using the following command: - -```console -$ kubectl delete pvc my-icn-prod-release-icn-pvclaim -``` diff --git a/NAVIGATOR/helm-charts/ibm-dba-navigator-3.0.0.tgz b/NAVIGATOR/helm-charts/ibm-dba-navigator-3.0.0.tgz deleted file mode 100644 index f1e5c93e0062b739cd23f06a218f28eaaa69dc4a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 63308 zcmV)AK*YZviwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POwym)p3pAdcUk`Bz{y*)y%I#D3U4kDimDF~; zNsbRhLK0$%-~eQ|b(8u2?Vp1x00bXWx9yopvO78_6E_J0g#u8hck$J(AFpUXrT2V8 zb0JTMTPpK#Pj|_`{Y<~Jv$L~rFE8Q$&(6;3{}1oZpFRKf^5UE4&z?X3x3lx-muDCM zM$UdN0FM0%l~eg|XJ0&4eRBUIKbrA3Oe!wYD{_Ax&@6L*J`2ynZ-SVqNb)R)N8=Z_ zWGK>{r8$|{9Yf3)=7X)+u`9C8^Gscxo<2N0gnYFNBe6TBDNXh{kJM?QPFZ@IvuK-& zL~Qn_EX|qBBv-5-VgLOdP3ea1Sel;(Jkq1*$AJb)9ezmhByiswS^ugGp6 zC56hF40)7YeRp|wcKYx7q^OKW?0=t@$AplaZm!6N_Me@7)7Ph*kgQ0OnMioFzaoR= zf$miheDxK%5t|K9H-L=?AwML7#wtj}Mh}h%xFUa5B8AqHDN)FX5t_z?7P(LnP4wrA zW?9^)(0MLM!stCCxn2{h z*CZ0Dinu5gbRBI4j~Kw6Z}l)thPZ$*NVKJCg#RydMP!i@krI~Pb170y zbrpHw`IaO+&l3iHJ5YK=7134?f6G&@iCRd;YrVuI7UY4Zm6>>-6)Da(2jJEsNyLN3 zkM2F;scu5!zZMGK@ALpEiTWF}%V zFzd}^;4QuGh^6{4#8+fZ6QxnOqaWwEqm}MaKjEqO1a_$0uzWbXyUTgP|C{Q2cgAGI z(p+zS^4%H0Fdk0GOp3UObOX1~c$Ah;7x+*^lJgz=KO$vUWRypzcgtZw$Y1YwuNlq$ zxKn@x|H((3Z$R`_c>Q9z&)5}-R~Pu;KPK1X>%|1_qS5enm~fWn*9&~P7;f2)UTFZY zU*Myq#==4$#>(SCyyNK=8IA_mx8q4b${X}n#O#VZgGGs0s@N5wQN*$wrhY3@eem6! zcldWZ&dZlWk*@iskbqI$awpPTmP;O~x02^fPP6=qT#(9}#eFnN<4kZ(es=gQOgG^w zDcFvG3{#e0eSh}-C4Thc_K&ZmD6%UOi5;*fEZT(zgwVCIeMcf=;?LHdJ#{bFoSLENvgIh9~jmZbLH*bd`Nm!JRH4Al5lPmJg8NPU#6lz;} zY)BjTX;Xrvt_6AKO&jKJ#AdPOS!U5zKJ_t{h>Z$GcF$EEW9M#SH)5ji|cq5Wx$F3gxXgtIXzhi45 z$HU2Ry-~T4?22@Fl=h?brmz3*R2pead5sd$)@YU#8=m^@GI-L`^v&BLjke5hd;idn z^t0C1wejyC4uCLF8I#nsqVR`lrLnRww}K|&`WqtF@bA$_uJm$|VM6)NFc5`iA69#0 z9%u%HQtv|D5!+??o~T?OZn9%ERU{Va*SY?P(3CLUA#|o&yY3%d6=qt_-V9q8hew%S zAb8YiYhS~YZl8!F?VC%cKgr6ctzWgQp8m|P;IR)|0K~;S{1L8c{VQ5N?F2!fn7rqB z#*CyArRqL{{&FT$nrI1bCS-m^zCZi!toA~gH_x9x3j$>IW<`=LSR@(V%-Cy(>YF2! zY{OM9_aE54(8>o&6mH=yQ%rL;JDSFD6oaqacdwVr8PR9gNgaj|1aQDJ{bn+~ z9=)GU=gU9*?nKKAQJ#N> zx>xn5v%iF?h?ySzr;Z&~>7MK^CY{C(57$MK=wUk~BtQMstwA}S)nL>ksHZ{tce0Tz zBbgK*_vG({K71fw|1Fa|&B^c1fBKqqgBsozPe$B(X#Vq}@BCj6eR{NLE37W?cV^71 z-#J88nyB_Rh|J$^jpOwHJzcMP%JY4gXJ4WVe1!f#J8S6wzP)&M`5XQJHGY5l+v)F# zU1!pFhen@ZnX;Uzkc-n;MCvpWsTRWFAEiKeN|oZ9w4aH%uaEjE`TglnKLx?x{?;ck zTl2J)hUk`d)DHRSr{JqEA6PSpB4z{AEvj-P`?27X#n*+F6Bf~y#YMu?&3Kav_jvS? zMTM1a3DKbQG)jv2AnbOK`GM|{HUbh@8k46XzWY*yKfU!NO*f4E?gQKR$nWlHLazQm!Z&E^(Y@NeRer(O zWRsHFWK60rWd9zO|IaSZ z>ipl?H^2FR{3<`-|L*zjiYS(YL02;cf7ofXL|b-++?;L|j6P;yf~+ZS!GIVBrrl90 z4nkwUYzGF;5FL)RAn0hcZaKYYQu3HNLi^1#_$S{jiuIa*B%OZQnI>a>yhl!d9}Fea zvMY6CXpwbKek^Fh^#xC8mcbmt;4Q=6p?$8$(DPAb#UffLMwHkw@}G__s?d!=xw*^B>#-i?%5L8Omc3!`O@vi>xbZpr#L2O==&i_>X|EW4v zf!lQZDTw_?@6+FYzs&C#{YMv&v>&r95&IoWKhrJnIQ_r4ym@ znU@kN+f_raXd7&qjv342sVp2O(?Yk%X-?=xno za!GTxF*=JJ{4M4p(NfJ_7So*JMExgrtR4NhD5Rd;dHLinrT3I4bd~7mgapLFVu1Em zRR59+{GYW(Pg;sc7xO9WW!qV7r>V$6CFD&YLpPZ5^%dz{e*5g({`lfqr~VdwSUTX< znusDMGx`B^@q;24JLt0UjXN!!^Y6p6@VwCg-8-&GXEvV>M~lUD{{GG2=5F-(k)AOu99M6W;hl)jo+P+ zR%#4G5V~WQ=HwfH>trGxq&Xkd`X){+|3p=w1>6e%=iXH9cxJ36le??ROLMFi6>{PK z4r>L=ZfSv=|XYMK4PqjThh5JHngJj^7& z=Ly@ek&0-7PE?g+NnmrDMsf3i~d zp8OBkB)&(!Jj!s=~4XXIE&%y(e2=)H0k_l1``giSJ{~UK zznzblqxt*kY&o7jhLHpA++m9^_wg0*0a%RYZ^pyX`_bfjHXTnMqfw8;;Q2s54#kVx zKfZr8pWe+re^~2x{7Qmi^i?`vOf)g!EF5gKS%GrXk2uMe|)^r@YYRu zIK8o#}kbEX~*%{$e(%+Z>Fyn`aiG6lUMJT)BhYDnzmz2ZpVwoc=D?A zC^#*V4o`z=F&hkz9MjK(dX*fcG$yn8>JUca9VZd7LD$5W=%Oo|orzt=4PE0$Ng z%%G=AT%-50P2|9iUNahd!gzhUCa$|bN+S_tP+s+CHr?jGxvz}iDbG1gu319&3l@nq zR(gD2wq=rw*uA^-UTGFq6uEnM?tizYJSikwZY5J&k;GTz8}~Nh_w4^Fj6FO1Oq5+d z5o7ldnRF|PR12%-VxVbEPS}r*W|SdJ;lVJNCpGrsMY_Mt2sVi27wX;%%K3#x@B?^$ zu^~zPEjZTo9@CC}7a)mxt^j$xaI;PZg8*OsZ4ESuEhs$58m|An!Pch}3H- zGM=haVH_fkL4DwhUw$G;9*;nV4Uj8K)BzUpQJ_2`_Spyc$%B=|=4UvepD=1kMSqSH z_~d~&y(T8?fYqGp&@~^MSvcHqTUu@@y18)=QqaZ|82(S%g$9znc`&? zXjiDX208W*vFKGBd?_S^QfnfT(1p|QON{&=%ccY z@f+6&UP8)1XL)M#=-1C1Uj5{${*VoCev=7LkJq=}>c&gXpcDVFR|<|2Wrg`0lN=82 znWP)$B|1Df@#9$$e~V@P{NGdPzex=9*>}KW^#9_r9{+Rp{I~qyzs|3g{~L*fp=&>L z+>hBtX`QLG+bjJt8h+?b=$B7yqVm5(qz{c4>HMz_>Adg!{GmjiQ*giO@|#JKi%29_ zWI42c0BDD9!Am`PUdc%#S*&>(_gmbBKYKiNWI*&$t_DMW^19*eF)>-Fpg)L(a1k5? z^UIEBztQzy;&+Vx=S=15v`hw`_Vtr~CgM-K3Lc^V7nf(xYxMu(`EUIHuk&lA|1%M{ z(Ed&fQG^}Q30i{iI$M_PLbW~J3h|+HMPTcwB8r$&KU+X(=PA_QYDye&Z<|P`M&3K^ z^u1#U{8td0_vg@p{O1t=wh?N7uB5E_bNFd#sPOAb+MqxG=}%|<@Bi|@{`{9ehxM>A z|J?_+59+aX&8%3Tmlum1%V%^vqtPeixj7Qo))vv$Cmkpupck+;MzRqf*@%s74emM+ zP1O?ZRgH7&f0l@=PY3k>a|FnlJe^nMPaU=G^hl>4>Hj`#SZ?zseiC$7nztyu=Q@8e z?A-r@A#sxF>ms*NhZA@FeExhGaDQKsQXeQZTB>K)fMp%aR0A?<48w>87WzS(@{E z241(`bDGA%S0rT{%rJbCNw(%6ZHmAD(G7_{(U4j&Ly$rkK}*(=Hk4@|DQj*{N^|Q|5y2$`)#>p zMALm_tO-}P^h!*MG-jBcdXUj*%g9A|X5WS+s9clPpJ{)CZQC1KCjBBj>yiJUX+h!Ffoo8Su)QgAMKcI%XCfqPCDklu=AQnq!*PG}e4zj9)NGzfP5;4`_ z60!kUB(lBan{7_SL&_u(lCU)A`JT`s-wMh98^*Jmot7{1ErqSHku=Rs8hE>!9sq1Z z6EcFX8$cAPo}kGTM{zw4mo}P_H8L@zuF`86#Dit^T73P5|W&7-o@onTb}8j z)_k4s^;H?^u1_w{{%044(-%1+-gZ>vDyJ#j>1sYQuy8f!u6mW9S<3jf(iN8Ng2kax05m&%mFuCI<4=?O9JOr>Tjjgr-t5OFF zu+?{(OYeej*MRX4P#Z?Xd~FIFD7(OzX-2J^F9RF(v;5zp?9#hhYF z>2lg{h5XPU3R*q~h=C62omL(Jp4w@+1AwSA)7sIP5trP`yPV8s>1k@JH(*4~R-%qB zSn8IFoJY)&H!QSs}X15~e@Qq`2qiL%bg|md5-eS+PVs zbW1E;Gs*9fDb@&4o%#;YW3=PI%--~bIIw`PsDd=ta1>)bhTi>B?2uOJp;Z?NF99!dwMt9gi#Oh91tVfj&gTCSw5$q0N@ItKb-C(8P0Gz3-@4-UGvJP_H=aYFIdJwa zb#Um;Dr*9JI5wP!?MWbR;42{y0^jovMXss7NNJK-vaO2Mj^~DWSiS=bhHA(GJaZIa zAd?EU##Y!>hU@O=ZQ(O2nkvKadcUvOmL_W=)`yvwr``6XF~aHWLc~UXgj4y zdDPRZu%ZdAjSbknz-6K@*(z!6nmQF`~F%o z)+1a>b}u4L$Q!r0O7DGMuZo zdOP}o^~jdqGvM+pKp;np^;+|Jf+&_GJ@a3_%Y@8vVH_PWjI!Yhfy~&MX%yfZ*-@e7 znZ6p*WRF~V9Ysu4%m1r2Zcb|XoPgIxC1PZDc z0dTkCspIP5v-$^iLMY*y+cp=5$*TfqhIr6RVedMq*8ENsP8L!*&-I>mi;{DrrllLI zUjvadg8NB%VL9Gf3Z?phFg=Y(6qQ1yQlNCnINwI=PdB)6@XSpi89rO{^t7rEL zRhD6kY3??k!!B1KC&ow$o`+=4e9ce@L+|Lmq-=F66p4&m-ljs2j&OOfB${nxF)wyK z+((+D;rUj$8@Vbr;}w2@lJ!ba2oO?ktsP^vTHhY+x(b|J)y0_>DkmEauLck04ap*& zai~Y`v%Zxi9*v1oxF710#1C+d+A&w&n5eiZS!q+-UZGM)>MbP2j;DH`p!DbmiE9$) zwzTe3i|!kSr4pc@>d28dvSc~sY0vV_o(K=pLAq~D&KuYbSZ;_OlsIy?W6$jFo+gVi z(|l9UVk>niU8Rn~@PkjxE1S$e*Hr}+;p>vl=qqzm-hj>ih3qx4Of9eHX}N5{jwY7Y zwUYu2#66R^SoxOAxUVOog4zY?T-^X+KP$ts*Oie1I(K`wtOw$ZpY!qEe~=wiT51$N)X;Rpl0TTz4dP$V%&dR8h+~Nu?$UR2JkCgdJlEKv}iq0#!)v(u64mi^e`?36HoI zf1yXuK;rZp`#KltDYHB^)xvv?^;W+2`BOwQ!)5`P-iE<0kadl%^%1|H zh+KcW`q*wjywleRfToI!NyTD@h9G?myd^OMA$Nfa(wvnd(MB@d_8u7-UhU|+q zW6&K_9!H~kHnxD6KZUgQ6|k}0v=-uCsdX}9s`ZD2Js}xY0;1n=Neh*W9hG~4hNmQE zDw2Fy% zrBi$IfT#k2NH$5VSd-;=c{A#f$#l{mPhQT)lUJkL(PY^px1;&+^?0K<0cB^tWkT*fRg1M`< zyL%N?uG9QHy5CQbQBWji310z22f%HlP|DdY?2tL3QLex`-hMuidRDFvA<4=vS;App zqY;3mr8~N*>hSf~)+L~H4uG1srIL-O5s#rpO3&<6qtoRyv7K599c`&b5tD>Uw3+K$ z+}+ixNb_j_p#OyYuL*w~2+Fh*e^=P{6mGYO>ML>yb9&18cl2L#c zIGxgpQd0C%Q{-&}qZ2kopMgH>1CQq&aIwC4$4G!K9 zX0y@cdi=*Ly@a4G$g*VbyZ7Cc8hHTa!P$}sATShA?JG+r-?z~zbaXB@<(*29@3_f`Z zhkl6nFg|C2ucfTu%Yw&MrNJQ%{0rG{%XkCY7K~Luu$vr9`SXY*G~E<*!^lS5Gnv*s z`;4}v_oK<@k8#xh|Kjrb*|Uq9|Nl4Vm(PCl z|Nk|9sDB88rSDx{T376WAD4HjYo*Z75nXMIBWV@dS&sK`6ws zM4$rSGJT!FdSlu1#&urWjM`SGRYA&A$H`hHs~NI}>`bzIj;>$j?YY{U+z`<1_{A-_ zHJC?EsR-K3*6*uB@RYFi+E}!GP{2$`pwLcg%`z5BJJW$vnx6ch^NY*=vu9`L{qyHt zw|RrWegg64C+@Few_>t;6^vip9$eT#=>~~wOinJpy?EZAe|O$J`r&AoC1TImr+$|3 z4QQ`sROUS58BOy~>|&8qsU`mzjXr!n{N9Imib=9$a`%Z{d|GS0^b?Wx%Nl58l-_eG zQdrzi>ue}cEKGBRzWFsAvhv)3exJ(N9u^d|gdnkiOQ9P4EfQRR(yidaV`hh+~OM@%sPoH|j?`X8;DKoCOnri8p zFHqB?w~C`pLK0Pa30jvKEgeM0bT&}cI}iLZ?1X5N*!{#Jk%}FUFv~)1m-R?$doNG~ z0roz(`esp}n@>jfHp0o%QLLH1zsDuD@0B2NgsAH3UE4JJku|Y;iox;H+I^JudjNSA zJP-E017B?gW-ES71dy zXH~O;PmLKtc~m(x7$K?c{CJv3qp;H(YUM}8cr?S`9mf|)PZVJ*?bfinTtRQSN6Hk! z*_RCJ2q5p~j=ME>FlPfWo}CSwz5%`!>M#fvMzl16CiedPS~;Q9;K(pyYf+@`97b56 zkKZ$L?I}?-L0htD3vpEy_C(pB%j&lOT9HATiXx4WG~Td0XVP5fTfTy`d#9MvMA#tQ zS5fE_W;Zq-pSCq6d|j%@E8~+0^iT<-sDo!T-}cB##OPl7*Fx^Cu`^>5b%U(Du$=Nd z41!zDq1%g%j8m2Cvp?2vE6iRcu*vh{p~&O+tzDIy9x(k#QJRVguoC!;;-)D*!QerULBAsBS|tX!+RD?+|Eh}h znnxh8RZdP-7_3GWLg4B>lm2|oW~PqH8w7alO)Et)hr0dv>J8>7VW|&4juDJIGeM%T zNbreW>Idcv&l*@Vdvgc!V1udck`+}Pg=U96=)gO^hc|KCPJ;o@&(2^_!(@_^Y`a%* zBMM3Gxy%cibWLQ_p@V=uDJVi%@6coJ9;_L~X~Z>?ifeyizB;n-?UWLQc1#ap&g8N{XxkYRKqGVEeuGHsD-pld?z{kKhM^rI9Rno5gN zy3yU_1O_Wq-`RvlvF1;Wf|o&Ubj8B{bKR z;pj(0rZ)v8i(E*}U+D8TXSw9;{*mFX=a-jfpYh!yrCB1P4^R9w5k>5pRyvwyEM4R@ z`p~y2;$zl4MfKrFw?i_>cjEC@W5pA*7zgL_taa?SG*==eqmNl4B$MQtv5X8-n(T8P zDR=68?tLhBnMlDuJE;3vf+xMc0et^Z$ILuMi1oNkKLW-MsVS~?hpEdRNak*gVePHH zjZVax93f)eAS)zWL^NR}N(z-T3GQQB;t`41>|F;(iBdOM{MQXJiRLj^*V8^T#B71Y z?DoINcj4LRearrsOSWSK=AxjF@@11scJ+dO+!HKp=Y~8;H@m@%Dn*tiz0RP>xB3>U z&GyLWZ?`;W8F(crrK9h2ALGS+Yj~!KG*bnf+tV zQkPGqqG-Y_ImIgBYO6oqjYf8wM@^Tn{On|wl=`U2{<6Kd<4puZ`mFg^es!!7^LNPR0e<^ zi)r3GVzneO34K7J2;CGEj_8t^fyvUK#3Rxb>zBzzz+Sw11+yL@_um`PSZ8lj-FB_{HseYv)_@gn^Y6#AqjVs;Zu`?J_jb zcmiVOKCJAXGLWF68UuSA_~wjX-1e$7E#s<=&Cjk~Q{L4A(LszGS+CR*q{6Lg7z8hi zypZ0x%VL_NQgqEfG8FJl{GPAHJTzQL7Bzk6LBKFdpkiZI#>lEnz>F2d+E()DGMagq zX?Uc8Mjuk~kg#}T^(ht2mShyQXMlM}l^W~e#WX&$+rT*M#&G6Y=a*UE^6HVDu6m?Z zL?a^Urf)gf)m;W5WNT+t`47l zpY*pm?3FHhKLjT$?D~4V7~TxV;NSZWe0&EtH)Qn3*?hD>pWpHA>}EW=_Is*j#2inC zH+R?L$*UfDaknIs>5|-xZ^z5gHCax3WchkzKYj=9#O+}-WI89~$#OJ*Ihv0q!x4<4 zzkM8l>C1Y^4Ya6)+_VJS^Z-j_K3dF1!zEcxVYtO;Hkc2VqnmfcP#rzi_2`G-Bto1S zPNeXrzQb&>WYdKFj+cBn66L^L~-@L*$!Vgh)=j-6)}jRH_xOCCRp4-v?pb4hZ!^<*!QopB^r^9kmf@mFj+upHmarV< z%F_Mc3&7BA8d)%ENl%6qwOA8@wQIHQyH=!G>9q_@^1`Oz6XQH@E|-FFb zGj96B9!MmLi5B9P9js~|Wz?>4coZ=(u7?NUff zqphh}{)6D;qFbdP=vm;WYqL~(Wr-T>Ak=!ggqt>fuKOasQDk6*21YWhH)=`{HaxYP684#n#f8KR00@6w1Zy<$Mc^Axd&tw^! zWkJJA8+wt=?Oy5OYwv2)173E?vZ6zSQatWVSL2j$W8bA5ARF31UY{#i>V>1mbTNpu zNPIUOFSSfu%AnShzQoN;GED`n4zT?NIa$tzUF#T8M!U&MEmhi z#=3tvwGBoD;tB6*QW({=RUPZ&si86HZ7PGIw%Dook%(7jujc~X3m#x^fC2+fX<8YT zNiHzEp%Oh}5)865E;HHJ8`u0&BJlJqT+-Si^&KsivtbJxf{Xq%9;4T(i}|0yWAt1f zAhQp!n#Gqg9vX&UlJRIzTSxgd0%0wU*#T~o@{rN8W#cqd4su0Bt0@ItL1tvM5F-l< zr!$l2`NT~^suk1C&@8jg4FPCw6_&<6AMca~Io)MUmcjDPp^az?`=`8iF~~TlA0R*_ zqJ?w%rT2oPL}ybiXh|Grumj%OBz}NOO?DGT6moPVBHb`)J<)v3Q>FL@M}Xs>7%$u& z0h5hQ@|ZKpR3&Lgr6h!7@VhpVB&rEivDq-?5>mN)uN090{_`%7J1lLPrHtTG-$W3xI()8N05s;X0%5> zq~f8!6%UYPMIWUea=rY=LW7jvV@9kVr0Ev-41FjuNw?uCtp_*CZYGnYRX+IQU~N&J zy0)t>hF9!pTC8aV_80Wnl^z|1a$(l0atKO`hGev!os=r% zSf>M5uV*I?9r8;DdozQT{_80|hO zDTEF4srvZ$NS4qPQhsR~+#@QNG-n$y_&e@gRn7V?Zw^;Ej})e(p^_^TkZ#rbN-?E& zeuCM z@)sWCV@~GQAa``v)=LMJ?)^N6ywzqm*Ao7_?@;ap-X3m*R$CAr(spssqvVD-z^yL4 zQUt7Lg+m~iieZ-Ly4yJvJaGAxE!-`^NsnXYcs3>o%uMti$Y=)QqTM0QMK-BnjiC70 zz}=FHpnUqlW%fBvdu;CfQp#{{BXA*>G|A(Vo2!+Vxec2(O`wXjLOZLuj5OE>Pg_Yy z+XOKPjZ6D}-|g3i-P9lvA!24vv;DX$-2a_WVb6xQ#?rz+whC5rEOLMwS< zYsc7O>j88b?lxdZWw@8f4f!L;g2ljGtl2v~qZK1?!{u9=`son$%Su3_pGK<94s>+F zFucArd0H4_m*urJz8(bGGb&9wYHv^|k&)$3L27vDZ2N~3^+@|BPOHv7l`GpsT}jSz z!$6k7e6n%ejWlCaEx?j$_Rj_$^t@^^-WarM=Wd)6_7U=QVIDBlz1I$g`~>55jZjn| z;eO7+f`sl=E|1axawpPcKl^(&>kXnW?A#bezmCy&JS(i?d`{c=>w`X+1v^+X7hWN);P^doLX&*8%>r?8MP-V zB%iRF<{~$I1bR^;j|{o+>L5AFq4=&ya+)$x_$+U=Zx}X>SmWeTNInnlL5IS_9C?hH zt?1W?uxthK2yR^U3!0`7>}+BMy<(opo}8@9Fs>_dW7%@Xzz$euk6sNz9qA59UMcE9+oOhCxuvcF}n7MaQC%O9MKq9tT|Pnqp9IGVAQjqe3%Inc!fv zG#hVzNSwFbb5+^rn!{}!$)!L7&;Fj@1=Pb)UM2_qal-1e`Z-Q5@_4PMsUmGaeCHr1)hjL*W!ICbh z(ys-I%$bG8H?-Rt)1GID?s91@Lf#x$8VlJYFCVqRn%x)gafUqIyk86X9@DEcslsi(OKjR1f97sJs$T!Ke(h-n z(+U)*5QIsi%?bPHwbd$|y}9cn3LR`c6IK8lw!~-zb(JA?Bor|nkhq{pA0B(HprGg4 z4+Y**1tLwgE9J|WdIMn4OiK)i$5&xC3$sB za|Z}nNseW1qv|Y)Kg%8w83e1lVy>XQq@XT;F`h1nVtI}pyqa4uTBJ&mQV^0RhnP)7W@ zcE;UPcgCa3uerXvPu>D%ibacH_$f=@7`T1u{o%qOXt9$U9e&li`iY4R&qGq*K_v&` z7P}^?8i()dTKh%7^%NtTM1{>4BOB7L`uS8b|8T+OUqjvSn0jFV+HEcG);)TR*M~AH zL>9R+Wk8~!n6}XrxtA0IA5ergcO=}yaUq$iOn$+SQ@8miP1iftHKTp1$(C64`d>0YzlnrNKETNm+5SGO0_l z<0({HHnZ~m;`F@(75Phyt{UqJYY6VZdsjnwU)I?*$ni7ni*=)qP{ZoQjKHY+VC|T` z9Jtz{ZAtYAC19O^sk4-voS$`@Ac5hB{RrjnQ$|kCyN!*~B6QaXaYz>E5toYNP?_rH z4JZJCP!F<5O|ptFfu_auYlFEw-*e52(jw-$kjlkl+0fJG1j?+u=7KCTa3TR376!pf zO=`~d02gOCtsXfK&&~k6j7e0kLaPgCcIld3oFNmEC50kq;djr>pXMVRP`AR*FX8j^ zGxz=T=i&F&9?n{OxI8mZo*|qi1mD$r`1YID9`vAQ4wq&UM`-+xE*tPX|F(Tn@Rfncc6EN{_jS>G{%xbT17LZ*K_>>+ zes|AXx_fpAzY)}Dt-mApaG3P*?)il90M+kZwooba<>SN~8y=-n z&l`Px`zbW)S*5e@@DHDyUml@Q*x57J*=3b}o;P~CZ13%v*W2Y;InPRW&n}wX9l9jS z?ywUx)k=St-!}Ste((bHXX{P3(&72@@0&fgL-_2hGUIZ}`e_A+7tKBoTpE|Q&&s9I z=<)ekOOF?a??`iXJPTV>^_SNN-V&}&%SAD-T@)yyw3V+gxt%o4yytO&N?SPed%|pc z&EVNja_41lUF&0(aB!2)oPieQJq;HWk!utE4#M-P`EW~$)Yczds#RiQ4z|n144&Y_8-*21! zUR)l5_OWB*BciSEV=((bn+`pCTkrm&rTeoZh_-!rD_CO`>mz)B)-uBLN0zc2!gcCx zlm?D^mu-VQJ2*%Qskdk96uW_{-o<6hC>M|HpEhdNKESi~0nQ)WNH9V$EOtPW?wPNm zRzaYz^Fw;e9;v*oa8T&AH?O>JE7H?Y8M`D6DS`t`9oF!5boNpE2*!|jw5cvlAK{=< zuVRX2rN{|t`dcV^EdyXBXdj}gY!`-g{v5We`vkt*6jpIFuJW@_Z#cT zddaFBjLX3I18-k?IDr%KrZ5h!G0myozuXSYgz>w4w+F-KcZg-+N(>p6gGc zSVc>SSp>^eo2|fwLC`rg$8ugKsIFyher*vKAZfzM(M#KG(OTajnHcvMM@&*%JiHWR zd%lIrsK^^3Nls|C^;yg*+_JKm(7}=c)*YncMDO*`@`Yw9QIkxl=k9&ayu{Bgbyf3o z8xXgm(T5`IK?PypLO~iWXI43AAt+{SSunj|k0*)`nyEPoFO7cdMiO=%;Uc(WLWLfGG}ez1)b(oOM&&>Pu*bU^{q%G znaRHi9oNCE#iI;G3YGYOj;RL0Fm&|6*7ia#LcEA8mZ$+6hp^4Rnw!~#f2XX{ALMwAx(8gIs@+wpq8hfi$Uq(P{Oqjhs}uy6 zNAfmV@^XH8=GJYRnVpTU7fxEE2}@%tNlf=;utq&T!#B9NN_&mMO@roO8Z_w93l%GK z1NvbJ)*D7y_dvhGs;MhhD9yZC6MGm0H>Z;;LT>tR7K3;F7cZVKZodt#Tb|8Yo&~`Z zlXwS#mchw6>62HOSPL()Ab9bPTunx^IJ@dDr7jwZ{Hj9-#>(>pSlj|dKBdR(|~CgjEF_2A~E{@V85 zgOBE;*?hDZO_q@C$z+Ej%h!V?yna1+Ga@hVZf?lnZuxpTA1~i&a9)fj*Cm(;pB>G? zb3KLZ(*S6#O)m(3Z{J(gI=muMEk+GGkKpo7_gdob2R#$r|7RbWLtY*W*EtTu+C08igj$md3zrKAi%ZMiWT01&OuH0?Y>UEUNNa$SC4dsWGhiz!$Px*Da#_5PZP5o|D9d%ULRt{!x=WyA<} zieC2vpP>!3%qn1WtoO(o>!O%CBAG-@i7P$|$pmtf&A}w1H@Pu(!t7}QY6(b44|Tw? zJe5mRVx8)|tZl&S&BO@!`qU*#)qDfy1kBB}DjNoj0SYRHxeOt$w7Y#QWL*05VsefX zqg&L&2nmN>GR2aF$*zs_@)D4EOph;tlqs{oGdOotsOA?-cg&=c_gBhws@MLl&2T>h zFHwDDG$GnEDxv(8w3ZItF|11k4?gwYm`Wp_Y=Kg5nZ9`e2d0qBB-m&qc2=aF=jq|| z3)07UFS+j5Mwrh?NZgoZq7|Flsp2Hu7!R`NNf2L;hby=g)Nr90%wRDU00z~eMxSBB zP64lBEitc`%%v>KdozZ#mFQl2&m>uidU8>k;==Q8qu@D8GkGJ;Kr=E1h`>b`OUPq- zN))#75+Gg;X&|cA{%~5)?B_;{4wFPL?aHAI0vcA!ASLu+T_nlA^~js7+&hgx)vSn9 zOEUID5UfII-~mw*LCaT}Dpj@}gM5%)IF#4+haiYNcqPN!Cni-)nTFry-7j#a?b0RS9IK*n~ zM9z|ZSML}=j1nkyi;DlIG4Gnppr5h;ex4DB`E!$n5~qnLv{y|vU713en3jFaBvUHc zdjhwu5nT?eft2i?Nd>ul*bWkC+9w)(t{;@Hq~PF~K-v?)3N~b*iK*sE?>z#{Y7Z6f zY#uha@q}{egRtkvvhO(;6(we8G?CZx({YPWhhechCm(wc^6Oc_zlliFJT+{rq%9zd81$w`@x$_vx- zQ}DKR>YXmdDgo8KMy_YbS7wZ*$a_Ay`MhBe|G#P`YRUN%+Q=;C^1DykQ zS*|xGsIoQHKrq9Lg|kFqzRJCW@;v8CkDFGw%1;lO|neew!}(n8ZZv9|>%ya^fRye=UP z()}Uu@pz!ZiA$Rh8w8@5tk_fJT(hpR$*NvYn~+f#DGG{dN_gj z1S~F7U;8!SOrdUJGT@n@6rh*SLo(b_xzStJ{G*z8;DAiuv-yl$LjPxC6jt>i8x2Jy zSM?DIdnM@rY%yhr^y|*B>EKUurSxfrS&;@9Po#uPUObHA| z%}_+*LT}=ne(aHi-6I3PW~_&9W?nu{w^mp)AVsyM*fB#<+s*;C*2bMEOtGcPI#Rvu z?uCu40-<`3)fg)U^y-17KyOV(Pp{e|I`UDFPBRACqBT0|_S#a7WmG`^6>m94j#R!K ziL3uOy zL>z>6%abA{u!uD?DATu7-mvM{)sh~Ilowb4y{gXurK)%$gUX%N_SqSU>E2O%r<2s( zJ%B^1Dym8H9rNK`SM{sjNd%rK0+%yQ>U#hz^mROG5r;PuENHR@8c1pJP|b?B=2GSL zDSxuQX>$MWpwp7TMpX)0l6-62$Q=70nXR_Opi~@o!Aaj2eLZ{>{z0lB(X-x92 zq9&eLq#>hp1BDM0nr;fZVNOUYwUW+jY_&(F?We02L2u`@NG2_JSnav&8>>$ActM{quI@1I0FAFaKQ5$Oy^!P#NK0N8eiNk!FdhJG>)#xa@spo zX0g(7OO?eQSqzrr#mm8PIi0^F|8+OOr;in0?Abbyw!~vuBGMaC4_Gf08Ir~Hc0?A- z!4l#7kGuJJaXlU)h}LiK=4Sd9yw40mv9l&(yvg>+0$t?>FQ#w&4{rzWu+!P>20RGu zdWB>>L3hK^o6%(1Ba6G?>*nGjmd6uveK!YhJ?oR_COsR?$J6W3tMLtA!+3+2%h4Q1 zvCW>2fwB@OI8wgWkEWAXWH6~C;2pUcES7a7l;0o0Ld&jxHGWfWYqFS)hU1sxA-Ng7 z8r+ci_|@y>A}rtQt_L@ZDSB+;?#4zq?>B?Fab1K->%s9KwaM!j{@)0h4;QT0ctI8; z{NOus;^wcnqFeMu7Zz_epS~GikFLpLdNaCtM_#+xcEGZ^2F=3c*dFI?B* z1v&Bh>uKzd-i+owoU6m*_{Htl`pcPKkGXY{onIT5&EfQVqz9ZXMqVQW816XTq+Y zEl1*AA;xVG#U;hk*oVyHO{8s!#ZFCu&)4FC-P^c6ju*WVMV*5?_>UPLT2CGHjE04^ ziP}78g&d18SqqdyV==$L{*lbc;E4 zi~&PXrVFPI*4zpsveKM4aJDuA2$m9cxLC*&xCmPl2c;nw?P#^zDmP3{uDrlSNF|JR zdut*V>owH$S7_};gQvCmmiwhJ@umVXHDppn?(BOL2?RZ)V7Dd${2m;mEC*8>D z3w`EWOCvdpjpt=4C|OBd*)19iqJ*Cj3QY!0_Wiu;%Gx>>(TY*VIm<_&OP|OC=0|U6r(52H!B4z$jTkSuWBJnFUS@o)7Q6YK0?-7@NQP67ZlQ2|;80Zx z1|0&aBAwfW3LHatY+xSl6y46#^db{qSy#W1oltqD4CoGPv^W6}1G}O^R?6(Vnza5w z+-ZvQfoZwbubXQ4cu;N$jPI)!1Z;GK+JI&aF)BIMcqrWd^NY(x3FR0@c@}#42vDPE zvLT?b?fY;*c_+s(I~uewyY&2woE+$@>*onzWL+eQbzO8RE{tQZRmiROwW?&Fra8d5 zor6CKs)^q^+I&m*+OHP5;u*tQ@BS83YajE|wMy$d@M<0Bjdr7Nqo&7SavSA}Q4@T?o=gP!f< zfhG40vmUFj?c45g1CKM2z#U_TF&hrnEOg#NJ8pE#p2LuF^25b1bwc+n5t*$4XMKbf zxK^8?Y~84`Sg)TD_pzRUMA*P|$N=JzYCP;0t%rTA$VBAsup^5+nUdjnKD@hKEC-XJ z7Csh8N5{*B3!}Ooy&2t1XTbN*J^ub?Ja}<4Liu^}&W2LGoNB2Kgm^7+lJQG2p1hpS zZ$~y}Ydj~j>0&WP@%##Xho@TPeF^bq*Mr-^s}YF&*MsE%-G4zo8{B}BV0=BAEcL%f ze;nP;ZU*yr@ZETFJ)Vz-OVhyu9$M%|!|7ytJ05CjV=?-#yU}Dh9^BZbKalAheS)Wp zrJnf9v6eGm+%3ivh>@G?x!jF<VhL94T$yE)Fu$$>AsJ<=J^ZU&{HipibJTL9*j3N5f68|L27L@zeUtt_X5 z>AJn5{_YC4x2ZYA;O=gfk*)wH93P_^N2Nb)(Ou4T^F4WBE5&n0PTKU7w#)AE`k3ZQ zcK~?t1vbZvDpq}0CMJ_Sf+#5nR^l7!E6)#D=M)3=87M9rYt!(P@${pn_->7QIlo;` z=s|dZ7`ZaNP`(~aO}Kx~D{F6K`C4l#W2%H6ku0Y??OAc=XtHe@MMXt^!{{E(A)^?X z3z2A^DJya#?wD90eC=~y)ly1!WEcu|-n~DOiXdDDgLqZ~$iM_);qDkX`MSCPdwwB! z%NLcbTF;tikxKh~l*{3U_=256ek^F>0ShTMj#?|uyXe4=y8xXiyubvwh1*<#%)!D9 zWkk99jGMC!gWwKxo;zk7BNR#r(xkVqIFvosEu;cS5~2^Na+?$Kv6Z$y)gnQHTz%qv zZ;+~W%a!!*?v}}rg=XR_+rvs9kw~@JZCr$G3TGrZJmotOO=GTPk=bNQew2d=P3^ht z$(1gvArYBmI}Sp)In1fv*-4pWWGf1|zdaEhoR(siu`~u!i^mF>0#7NR>eKT)N_1~q zuz9vsujbYTz!+HxMnRRmnh}v!TtGs_q`>>dS>TL+nXk#xW5H%ym(o}T|2)N7v8txA z(x8I*S%2oagzFuSTzYepn?hVA>#C2$lMnWx8UpB5nbCcjjm!`^pO18+Xc$Mv&0Jd)aA> zp&Sf_b}WAl^`5v0$r6Oz83?(iR)00H%?Rm90e)qkL@Z+F@Yl1+7yTwZ&)L{h<+Vv9 zp&h#nd$s6mjCs;&fw|KKe%D1uH`3eq_Ss|)J`IYwxUITNLe=49GF^@}&%5RcJ5k-R zQeeMfGBY_#0aoxQ#ggyMiL?#cGBvOT9)68FTN{|6n!`{)_R2 zs`5&uD+CsL38Id4Q{GgEW2tN$lPR!c&n5T~tf_y_j}6oa0_N&qlCPMpip{1LSc?7* zQR!xdl~8JU3k@$|(h$jM{)QPkn6VuzkiH1`bapwNk(D+u!GRx1&Ll%%B#cl}m;AN-@LVX~4ts{V9S zq(K!-g2bzn6+F~q+)u^22*4uk&JWeo3Si_X(Y?lEaw-F*HYYL=YSf?M@+A&vI z0r6%rSB{TGEE&lB!eVv+-&oKHx7dW_?wDWQm#E0A&UKI+CG~w}jaUNG0VN6B(8QEF zt5>T3~|Q-;Fg)3dMe~H?*V2>|@4j%qS#zgDL)h z?EQOhBFUCF3eVqsijbxEZP-fFwyUZyE*%|Vj9qkN@CIBpHAhFSfD9nIk_je!gm0Ju{nS% zOp)fQoxI{QDKk(#=$b+QskZ}T zb|3b}hrVW+<1SA2U}YqZe8?Mdx7GR`g6R8dP1kfLs!<9#R{6Perh9j$x-d}Dk@F#fgy!yKY$a{Pt&L#z%@gUm9I9IjAN5Cz<7Jtu1_8Zn9m-ur~& z4p>9_X{~zf5F#OgN)RCHOF?{%sZV{CK5DBTeGGllMqG(vs8`Q8qDbE=73a>i4BG@( z{et~cW-^Z@fzkK$W&Z5E2;VtNOPLklxUgM<_&fw_h0(9tjwUCFOJDLp2odDBXrRJw z!iIvRW|3*x8`EQ2N)c3)o|(!o9khU+Rbuz1TIxKAnvp0gQ}Yl?3uE>%h!oT4Wo`s6 zI_$9P`DLs14|Yf7f_93%Z|GwW-HKe)=`Cvqrxm{IuXyLZZnn1-nOySxK(i>EypnM} z4ftX%IlJeGnfRKQ5j5r>Y*1<`8L>MV$BAGAp3_%Cbv&nca z*va1`)lOJY1L>G})QZ)6Pz8(#cR2Peub&J!50|Z0?`|+1_ItBdt9{V2!#zUb%&?!=#Rsqm$hhyk9?pNOe|a;v5OH$JQ1ebX_GlVqC} zh%VAg*QHDnu74`zy5!$q@oZ7X`WIQb;1RpZWFhkn`zW)uOxZ9`kU_l9_gn7$`&w;f zDwjNBx0%obi`Z?s=P8fajLWoOzsiDa@UeK5x%u^|TuS@Q9p_mgC?bl#`lzRZln^}t zY+Wl4m$kbMMy3BT7EkQ6%DzP5c=c4gg{k-`Qt?+Q5?*iQN+t4#`S;x=h7df2Msh>rGFzRBQhPUzl_G z#M7`b{N4LjYw$3g+z%plH@v**eRA}sEt9og!ie=V#S8tzjh=*zeJj z@QGWYvbFxpolW|H7Z|R1&L4u75}ik&1PuB6hD5z>1x! zE%tp{<~i(dkuBiAiF)K;^iOmCyZj=tt$CS!(PPAaJ$%Wu$ih?b@Yh1%W8rkd4v~5{ z0!cZ{*IK}sdugn)OizPIrJkxX`yx}$Zg{Tr!QF~XsZ{^8gM^h>M655gQj^dP;I@9m z`Wqfctgp5zQ~KPibgjHUU;i!_sw`y0uEka@^~P8RlM63IZ16|P3zg|jbX&?)=q1s& z{zm^3#035GUM2ffz@**sh3@Aq-@@FP_wc``S2E9e8L{D`J_CIPx7bK5c&cBz<1t_J ze91HYb0YQsmYFPYS@376_s<>Qt3q2%cPdlMrHbHm_IYBq#8?8+&Qz2s_>X3Kv3a6@ z*e^HQ^vEMNS9*~1GL_Ktk321TQQ{JQ;z=S=^xc$2nN|+<4R{}6AC9`WK) z{}(g8i%qFJUwK)kddI=rctiBkwbBCpif=N=F1b=g{>1TEWMvx5hz-{JT@kTCCW}nZ z=%Cn0wSzg{z>~kIEQSp)(mjvZujLb$z~-~SEq2Ef{seQH6mSIo(rffbDQLR%Gn1`u z;hvjK{!d=$#h5{p&K8te0^-E>dI}XCtBXd6=oKmWlf8q<`T; zKCH1dlB4=PHrUDxuQ%_;`&FjvSeq1|L|(8fo__iMmjA^g_E~E)5&JLNWV$#1CASN{ zcoN}M57ISEHEL1qbG%e%sw_5iY$7)1TM5mKM6QaBqMPiA|0VUib!qOO6u+rvLt!4O z99Cc1p>YrT*6-dM6p$czSl_>;+inL+7l1w&HeC{J8>K`aXt}?x2FWp+{ zN2gM;Sg>DsDx|*broTAdvcHiDotM6Rl=Lwe!!KoCNK|KMJS`+&E2oGJmL-o>Mqh$A ze=p-TCR+Zpl!ZcS4gi7Gavstr9qb`1*CpRyHk}4q8PF>p zWh|6atSWkI_~KR+ncAsDUvm1;@oI~Gp7ABmU!#MemQmRVi8h8(_ECydUl#NbYY)>@ zWT$#EJO91)5)PFG|J&&&Dc9=Bzgtgfk|6h5fO;y+|0o@Qv(jNOO7Mhx>fKl98z1C) zLrW)9_KVu^G!^-x%+~Ln9&?)su@vT@n_I^o`ChRRDfR;e_b|`6NUCCJE)v#zl#i#s z@YM>96BNV4f+sa;cc(iE50RKvSy8Tet<{mt7YZLl={eg0QFEm=9%s_2XJm<%*%v_{ z9_lTzC=)AG=#IkJkiKB_ZG26PAdpk3R`#u^rmtb!sHweSy=)~Zo^EEmdWdPLkVX7Y@e0_x1w;27;=!iuC-5+3Yd$ET_A}Cs*N1u?3FN1_L zzxeaA=1MW1F?6LwY?#Jq2x$?2zmW-~I2k4LqZCC7yr0*H6}yJ4kfs`}gIeC5r({|{ zy|inV=qa95@F{xMZPzeQhFanjQFm_wxIaF#gsg$(hRbZrt>*42qFwfpFL}C@&K0~< zIqXIImRp=8@j8=<91gQ}^bLFcE}MYY{n0ks{IVBdOBKS#qTDI=T`WZ*J=uVaA-t^x zY03*oOxTD$dlDJ4D;dOP{Pv!yB@pAq2uVa-QDHXF%H*WEj30~aYv(r&ruI0Zq7S-9 z4M4JEFv;7y)0NIFdRCL3=jvSjbR(?zp)SDjYBWWl!@ z!SeJfwjdP(?GFeu2iD{Pj56HO)!(v5ksZjR4Czx`-FWrYF4}xUiaiLmOT>41s3~u> zS=nk0Q?}%gs!bviK18|GP?<|e-OkQ7^OBbf$I%GwRRrH)sr1HOBJ^~|<4|yF9h8dv zA=AefcuS(Dve=7y<2rb1d+oqh;4(hYa9xx_=L`NtP%($Li-r8%$ir&UOCORb#p^|~ zN&|f6F7wdQw0c7sQ?A7b7n_GSm_5~)I%^&O#!uo)elK2NlL#`iZf1ZM(*yDs)(U>_ zdeKGWf0*i9T7gM)*=qeyO60+m$bVNlWW?k*rbE6a0n#Mid0{792Kf!iky3W(!Nz1r ze+1RezM^|CN~E;Om-Mztr~D?BGvDwR>6{3BX&yE@=P&#V&k9tJ@!%a&KCSS(Qd$O) z6tu6Ul;Xk@_kb@Q+gCj1srgkd*qG<|xcjoo*vVCIJbbZk8jk(7%Bg+(-=dw`ul=u7 zPq7ov=%@71-=d&;E95Jg)mHVY*A>(QFTYqr#rOXYP*J_T^>5Kp?f3q6C6%Y~_bT(n zid9=*;%a`20gV3%_lMzrT){&jtNJzP-C0^MdXy?L+M-V-lCiW*K$SS;_i+6D)?eXY z3c8zpl`dr>gDlfVPex+g81#^du~>b-zu_QwZ9IXs>A&#t4$6;Ahy${+`Qppz>N}v+ zdv|Fih~Zc}6<{PldKFnrbzy2-qmzK2i^bBbZWE2}j{4mP#UP;_FyDv_wBd;D$}BHA z0XA57;=7-JV%mD6578J>tj^Sy8wAwujlV4lWTBruuf=jvPagKa^p3U9J8UJ_WhU5< z=97I>pUJj-AF+*rFO+Fs$f7L5=>lkgs&_dE-GYKkte4ixcn1RFnY4%l$K~tYe=@DB zV%6RAK_t0MzsSfWVjNP${FW-Y8#T45W3^{!D~j4nFLn)~r8y7|*AlS?_KzzP=lb=d)I;-y8R?d(U8> zEgbe)=wr884#2{9ek8NA<_$ku>tjFIxoow*0*h<6+2?Y}6Sm<9>;Ec9E-;Y{xDOEc z7~nICa|AWaM`z?sH@^J0RJz(&0w!vk>WDR@!>d)8@<>E6Bz3ui(X%FPQ~B$W(${C^ zKwkdsHEG98%)g^vt+8BfYKJ%IR~E2^>*vSI%o1)dTdnOe z3Qqk@#7^!_XRmp|Pq55@7{6ROaR_(mN7MAWh0vU_e3Ws?6Sn2C@UTx8`vy}ZLWEi9 zLn@LGywhuoOi1(lXD%xg`d(zw#rg1{k=O$yU7TLsHQZl_*&0ksh~R2Fa*3fhD_GjR zsd zZ3RcpZGX7COci2TS!dc7)%iuvZem;xCK9=nbVCQN3D=L@PM|kpsw{F)7$lrw__{yK zk8e@qve21W^H>(kC1tv<#>%3jivM4auJVY0Fc-hWL`3gvdY)TgNob zp{%-ic8JD@&%NZdKk>ZbEWPcp9^yDpanKFt$SPI#xbN9gArFtYr49;wnoe{`;m7pd zu@!0j+)nquEw>AZ9Jz0W>|#C(B|<-Exc|}d1ddGIGS$dhp!xcKc3*AiB(7(P5O_-= zAJHcBh)xVtx%2b|Olw(qkCHh!1p^XNZK@~BB90k08ebNHf5FPGsg_ysd2V*HJu?Kq5@}i`-cv@M_<;JiuF$av{9@FoI^I-m>!rxCKJ1-`*bAM zGEY2IQ=?+$;6etdP<(NLEqnRP^oJZhr@(WA(HeU8{JE6{OI0e0 zjQ}YWVA&g3>!x(RN;q0~MBmN`tA1n#zt(@_EWM(>Z9``brlM5!w4R=%M6mNW7e5(W z>|SK$BRE8z&;D0)j=sE*CpjIkJ>!x+$!)}MR z=&rjF1I|x$v%&R*E85ZOidst0%&o%Z#-y7e2*3tkSOb#=qyW?g_B=e|4||=9oC5~N+Z?mN?_`PMd`zRRYfd3EcUIKe^d3F016#ewS(*GAs3leX0cvH z#B7TB52uKE9G6}=ARzQW7l3(-)R@~@j}7N+w%mxgOa%M!%z|Zjz_C|%KG57@myf=C zsq3psVv)X75RDPNcpxUhu~k4N2SJ6n(8FsoTDoCYa-*-h_b{7Jd!ylzlW4AX2YccC z(Z!SU{;pQ_qj_oR;MZ=o^j2)3HMex;tnJ|=A}TeYr~{>>eTlK5`D-y`^7mSKrmE?6Jaz zI4Xh2=9FJf*1HAP!qXaHO#x_<3*q)b^N@bz7NAO5Z&|R5v-2~L0mdow=+MXnYQX`X z|BJH!y{5ihBM4{m72%ps8<7d)eU>TF$AGc|Nf6QqHp^2cw@4REBYJl743mtf59ZbB z%EXS#3`GtIf~}Y24N;NEFed?J2RLn(^MC^}J ziUPEBK}1HX`Hhtd5$3Hfl!it6@gla?3+Ym9pt2XOoj`1Qyu-S|CzZwQgaX+o z2(vH#E=XD870=7wGdc!Sv77RAP1%J$S<+9I3) zCFGKw1phvqmb$cg>=#2DFhHH0`i%LI&9Q7#Az$A!(cH6d_#7q*P}eXG}LSSs)6(XFzKTqV0O`=Sb+;K8SW#MiSE^WE$|ATTUE;CKP0fE~k_0hR=|zdokVR+geB$~-^Bx8k zgthFwZeqjMX-GiW7Kz;CxQa}R01DRy-|>KCZRU&0RzjLMM%4uiPvr&1;S#}f!|qK+9pJhs#WR&W{EDGXHD_5Qr{?DF7Ge#wl>|!w(JF&w*PY zP;M}12VZtAk`pYa!GU)t7R$`rs6npX3Q|ekb&&~-k8Mjhpx)$lTdiMu_xc_?ZsW-` z7a6P+>@MFx>ZN-Yt8!5UG)o7Pon$Ht3C6wUemB(&WnL+aIFi<6krVY;X;ej4=Gut5 z>y3J!XC$}}5}c(T!P(s2p+p^af~CWHjAz}8g`R*|Bm(nW$AeGozXrWgZ+!ha)%=*& zU8Ruv7R8%%#oLm@RW5Q+8_$3K`AxIVjTgBi4*;iB9MA_~;Q46N6)#m?$e@N!Xnm8GIa$AAf1wmDT6Sj_OsHqj+@|6w>9-ro<$gW2m2`pd3jee5rRC&Os# zp3a4Z1POU?#deqQY;T;horrB!rVSJ=qGBKrB{il(YN=doRG746ZMUGGPFhV0aGzVP z*>HT@yPr%4uNQ2&C)q%iHx!2_Sbm4HjWCw&_`gMwk(aI3EZnvvyDH?p;G49Bm1*3_ zYU#b@;cTCuQJ&esm{Pb`3_CD6v)%m7_)(3CH&p?6m$4i9yN^=c?XVl zp&T?Z@_uT4#ekL?tMTx?5$YS^)$>w%-a{TiZ?P|5&RAMu6>naom(!NMsJZ93OPi}Z zpt6It2X}*Br_q0kul2_4VLY6S+1=poYA~fZhh7wR0J!}nUhjjj?;Q*rLFEb{;PR9` zqzGU+csS`q9*+-fKGgQ z84j-5)nGLF)M^cv0?T1WQY<%xNb^F-G-6|wJ@I|SW>2#COJw*Af~OEKzqMTLx)}ck zT&f$MGm&zbokT4`AbV+o$h2P2r1-0m%dJd!W+dO>fo)X`NhGhyn-=60xz_pw(ej)^ z{%KYJ2r?i<6$IPkj*GpfKu^2GL?Vle-zVxDpWp1%YB#6G{%&H(aXC@`#cv4uz1x#- zwbJ*yTA&*+k38)ujx&)1$6_H8vD>KBlt@y*bjxMp9;-yT^i{0(!e{qKDT8Udw$=tv zfe5n5+Z#t`0YoIR%Y}4ue4!6Xpz2sM5+md&3mJ)yU{O@*PBqq=mphR?qQ{EF zpy`%cIky?Cicz}ho1ooUZc~e@m7C(?gJ3x zIXDdGnGM?UrS~)Y++!*9gHBmMxrn=6t@Lge$Qgc{sdC3oUquxM^`Tppeu;cw^I0#d z5y;uZJ(>9h;dM3`0#EgC4vaW7(%N0!(e;T*;gB zH{d3vkwA~N^(ane)^m1`Lp|vj1il5VhtWokFNCF+*b3A!h$qOd3dAC$!^Wz97P(|8 zh@_1iFUy=K$#dHPT^lY-{D8ajYwrUeRSlv!0ZVFaFqCRO4?NO-0_HdLCGuT-ROV0f zq)(7UZQFX;+6GGte}lpWoFn=*a8v*(q<%@}dFj6b|Hd~AyKkX7&6C}Tj-Q}My^5BMH6Yth(>_a301*6|%|+mdp~kt)rm z(xPt%Drp`MZv&_JnSg}Xte3!JlQ*1Wfjf9Q?p zy{qA9IR6~6S#Lg^-SqnN$@DY(=R;5b_G`V$;UA8qfm*MN3ta|$Un?8w_0vCVnVobN z!er2|_8e@`!ZXWTddy5y(C3oQjOR`xbUR5OL>_TCIV~#VtjVK)r(NK zyaNM4m`%(vhorX-=rTf|5&UC3b=x$&7JiuK4D!IpJSy2sta}J{<_XiOh&U>TJm^3qb_|L)J)#PD%`>KP~>}!5WRe|10df(v66#Jmc zpdqht0Yq;x2NgEqPnR!0GI(t9LzV0eKo-IzWuw@y*V-H^T%xa;TrCe0NSSKP?zI!| z?M5sRG6qufF?kU@n3gRFA&pqf_%ZmC8v3G>ElbBmrS#eapUdKh01rffW6{o%C#a5tN4(K2Jh z89Y3hvflVJo7}MBe8%plliO+Uj$IEv4n~vv!F0w(!`{_sz;4`w^AGx;qtWEkaC{rF z!Nj$n#^Wwauex~Uia>Lw*xkxMC`gZ??JuR zaNGwMb#D~0!G8|!?nk}pXZ`SSd_9~F`g3|~1}&H#nSdPYPsX#sKOY9;`LH)KkG==t z`MrMO4fJ5H2YEA`&mwm9FdL2svsuKZdJqqTh}}*m*Pn)?QG^pSANGg$Jt*kteH@N& zXKuLj4};IFHyzFftT$u5F&p094X%g1`M`CgKQQy9-Ey=xoXp+J}0qk#?-)?sO7L8hk2*@UPdBA>d7B5iy=qGQ$JkCHO6C@H@6%(Lh; zI39|O46}_hU_@0+RH9xvdlE^4i0Utibsmp<-43RAz47N4C!V;x9aQ!gVlC5@TwpVo zBu*--jmzANOe(1M4g^&tZ(Xfiu}DanY|CG(Ii}sZvhKQZ;j8MEo7?9UI*>u?jfavj zau(dmHfK4Y{8demC(nYVI!_nY$9}Ck^IU;pU4h{UeC0A4ZT+70%fKc)@4y}F<%W8d ziGEUgYU(Z7+N7v}DD(6^x~#Fbh_X7L$w{?^s1g{V83)h@f`Y~B3de_ zJdbR8X{xO`;43TuYp{tMIjOw0N#f z-CAOF#pu8k$g0V~{5~$b3)gEF9aIUyR)Hk|5iQc{Nk&0 z98bRq_i&f>Jj_(G8%|5b?hH*>I@R$mi4Y~KWGnIS)bj`ordSnI zk8z!_u+|2_A7w}DHD2`}Mi2GFL}L@`=huTw?>x2R7ov@bOHrYoCXk=tNNpXa_4gl_ zB|LOIOZCwQwPx}hwiAno>*p-Xp6Hru4&02VBO@Om$XQ>J9_{=)~Z`jlUz<{B)m;p$l_x|PVDOr!w7FuGruX_axw39#r?}_~)R3;G1 zk}D4}OT)Hbc;Yp%X$xXGN$SvCW+1fDL)&IN0;mW5C}{6((nH(P6n!xx8%l{?Ag_f< zb&l@B@?8fE{`U?QK~Dh8Jn48R*NJu1>_vxa z)(1$F*!7FM=|Xo{WlH{;_eS-@b90v+ed^c@J^ZnCeb9P+D`@&%M`S^8tme{lB*+IB zhrh1xQJc|uht_{rw-83Cpec+i1^~^bsF30T2Sej5^VyaJjEU+90pHSuH+K?VMwfPL z(6w&o1hTj&-&m3G`cPCrpSh}PA)m>we7kL(uAj-*M8fNSU!&s~F7#;KQyh=%#QHc- z;$>fbK01t(ms?RrDS8&J$1(yb(rMTG>8RFGV+YhY?>m{-@<>T4YimQXAfxHx1}oF_>}af%LOuKm z=>tB&eF*{(J3-vQlLb*TWT&9&D;}|gOHxb)aw z>-}Qnnqhi+hNo)T|6}I+liHO{(8I5e`b2R|69M4=lwRk<=gS==raDA-p}Lx=yKzmljnQy;_}tMwxP%I59D{v zBy7&-$Qp-#1$XN=`8P+-WcVkr+9p;rDnM3V!z^LqfKw?!Tt9l&E(1;R!MYq3dggic z9YLG>`MShyyD!BaB%!ER8X%`z`{dC=4bX# zNr0wEe&H8;pfG9L0xrIpK7~zFw(xn8zwNzM&^kWu-mi0Wa^z>WUH%zw=#^hSw`rp* z@S^Siqt?9+NNPpx$t!98>&88FnN=Wx@bI)H=254E826iN9{Y zZnxL|Ua9!1S+btvDg`q6S^C5{UNq0MCOQD`Io(ed{2aC@U**_p{~<5z(iYQQoZ~v_ z(j&(&rfxdJ7KC|5g_g!Q4*^j|`J`4yivsnoz5TpFO|va%_f}kjPWG2$n3BxK-+8iE ziT<-@*EC6EVwc=_+0%P?s@seN0=IH6{w44uGNh zX#f)|Z3I~hRS^{pP3&9^-JXK^+AQI5%{DZH-dhQtf3T5wZDHyQd}%a)+yANZS88~x ztCLo^W{SlYPvsw%B`RBw?s?mX{H{jy>NqCC#4a#j+^K#`Y=j4W#3MIg1?&B!w=kop zHZl$n7KLOp#kP_{NRX}@1!U;9N=IN$geC8Nmbn|>{5CtdjAFtNVmQ}C1RE0HRuAx#>J^2Tu;j7EZm3J`cI6E~CDU0;gkn2NJC+_n4djw4VA2qt`Fn
-$ kubectl cluster-info
-Kubernetes master is running at https://cluster-info-ip:8443
-CoreDNS is running at https://cluster-info-ip:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
-
-$ kubectl get services
-NAME                                                  TYPE        CLUSTER-IP  EXTERNAL-IP   PORT(S)                    AGE
-kubernetes                                            ClusterIP   ****        none          443/TCP                    9m
-my-odm-prod-release-dbserver                          ClusterIP   ****        none          5432/TCP                   3m
-my-odm-prod-release-odm-decisioncenter                NodePort    ****        none          9453:dcs-port/TCP   3m
-my-odm-prod-release-odm-decisionrunner                NodePort    ****        none          9443:dr-port/TCP    3m
-my-odm-prod-release-odm-decisionserverconsole         NodePort    ****        none          9443:dsc-port/TCP   3m
-my-odm-prod-release-odm-decisionserverruntime         NodePort    ****        none          9443:dsr-port/TCP   3m
-
- -With the cluster-info-ip name and port numbers, you have access to the applications with the following URLs: - -|Component|URL|Username|Password| -|:-----:|:-----:|:-----:|:-----:| -| Decision Server Console | https://*cluster-info-ip*:*dsc-port*/res |resAdmin/odmAdmin|resAdmin/odmAdmin| -| Decision Server Runtime |https://*cluster-info-ip*:*dsr-port*/DecisionService |N/A|N/A| -| Decision Center Business Console | https://*cluster-info-ip*:*dcs-port*/decisioncenter |rtsAdmin/odmAdmin|rtsAdmin/odmAdmin| -| Decision Center Enterprise Console | https://*cluster-info-ip*:*dcs-port*/teamserver |rtsAdmin/odmAdmin|rtsAdmin/odmAdmin| -| Decision Runner | https://*cluster-info-ip*:*dr-port*/DecisionRunner |resDeployer/odmAdmin|resDeployer/odmAdmin| - -To further debug and diagnose deployment problems in the Kubernetes cluster, use the `kubectl cluster-info dump` command. - -For more information about how to check the state and recent events of your pods, see -[Troubleshooting](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_troubleshooting.html). - -### Step 2: Synchronize users and groups - -If you customized the default user registry, you must synchronize the registry with the Decision Center database. For more information, see -[Synchronizing users and groups in Decision Center](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_synchronize_users.html). - -### Step 3: Manage your Operational Decision Manager deployment - -It is possible to update a deployment after it is installed. Use the following tasks in IBM Knowledge Center to update a deployment whenever you need, and as many times as you need. - * [Scaling deployments](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.managing/k8s_topics/tsk_odm_scaling.html?view=kc) - * [Customizing log levels](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.managing/k8s_topics/tsk_odm_custom_logging.html?view=kc) - -## Upgrade a release - -Refer to the [Upgrade section](helm-charts/README.md#upgrade-a-release) in the helm-charts folder for instructions using Tiller, or the [Upgrade section](k8s-yaml/README.md#upgrade-a-release) in the k8s-yaml folder for instructions on how to use Kubernetes YAML. diff --git a/ODM/README_config.md b/ODM/README_config.md new file mode 100644 index 00000000..4ad1f1dd --- /dev/null +++ b/ODM/README_config.md @@ -0,0 +1,71 @@ +# Configuring IBM Operational Decision Manager 8.10.3 + +These instructions cover the basic configuration of ODM. + +The following architectures are supported for Operational Decision Manager 8.10.3: +- AMD64 (or x86_64), which is the 64-bit edition for Linux x86. + +> **Note**: Rule Designer is installed as an update site from the [Eclipse Marketplace](https://marketplace.eclipse.org/content/ibm-operational-decision-manager-developers-v-8103-rule-designer) into an existing version of Eclipse. + +ODM for production includes five containers corresponding to the following services. + - Decision Center Business Console and Enterprise Console + - Decision Server Console + - Decision Server Runtime + - Decision Server Runner + - (Optional) Internal PostgreSQL DB + +The services require CPU and memory resources. The following table lists the minimum requirements that are used as default values. + +| Service | CPU Minimum (m) | Memory Minimum (Mi) | +| ---------- | ----------- | ------------------- | +| Decision Center | 500 | 1500 | +| Decision Runner | 500 | 512 | +| Decision Server Console | 500 | 512 | +| Decision Server Runtime | 500 | 512 | +| **Total** | **2000** (2CPU) | **3036** (3Gb) | +| (Optional) Internal DB | 500 | 512 | + +### Step 1: Customize a production ready ODM (*Optional*) + +The installation of Operational Decision Manager 8.10.3 can be customized by changing and adding configuration parameters. The default values are appropriate to a production environment, but it is likely that you want to configure at least the security of your kubernetes deployment. + +Make a note of the name and value for the different parameters you want to configure so that it is at hand when you enter it in the custom resource YAML file. + +Go to the [IBM Cloud Pak for Automation 19.0.x](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_install_odm.html) Knowledge Center and choose which customizations you want to apply. + * [Defining the security certificate](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.offerings/topics/tsk_replace_security_certificate.html) + * [Configuring the LDAP and user registry](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.offerings/topics/con_config_user_registry.html) + * [Configuring a custom external database](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.offerings/topics/tsk_custom_external_db.html) + * [Configuring the ODM event emitter](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.offerings/topics/tsk_custom_emitters.html) + * [Configuring Decision Center customization](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.offerings/topics/tsk_custom_dc.html) + * [Configuring Decision Center time zone](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.managing/op_topics/tsk_set_jvmargs.html) + +> **Note**: The [configuration](configuration) folder provides sample configuration files that you might find useful. Download the files and edit them for your own customizations. + +### Step 2: Configure the custom resource YAML file for your ODM instance + +Before you configure, make sure that you have prepared your environment. For more information, see [Preparing to install ODM for production](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_preparing_odmk8s.html). + +In your `descriptors/my_icp4a_cr.yaml` file, update the `odm_configuration` section with the configuration parameters from *Step 1*. You can refer to the [`default-values.yaml`](configuration/default-values.yaml) file to find the default values for each ODM parameter and customize these values in your file. + +### Step 3: Complete the installation + +When you have finished editing the configuration file, go back to the relevant install or update page to configure other components and complete the deployment with the operator. + +Install pages: + - [Managed OpenShift installation page](../platform/roks/install.md#step-6-configure-the-software-that-you-want-to-install) + - [OpenShift installation page](../platform/ocp/install.md#step-6-configure-the-software-that-you-want-to-install) + - [Certified Kubernetes installation page](../platform/k8s/install.md#step-6-configure-the-software-that-you-want-to-install) + +Update pages: + - [Managed OpenShift installation page](../platform/roks/update.md) + - [OpenShift installation page](../platform/ocp/update.md#step-1-modify-the-software-that-is-installed) + - [Certified Kubernetes installation page](../platform/k8s/update.md) + +### Step 4: Manage your Operational Decision Manager deployment + +If you customized the default user registry, you must synchronize the registry with the Decision Center database. For more information, see +[Synchronizing users and groups in Decision Center](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.offerings/topics/tsk_synchronize_users.html). + +You might need to update an ODM deployment after it is installed. Use the following tasks in IBM Knowledge Center to update a deployment whenever you need, and as many times as you need. + * [Customizing JVM arguments](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.managing/op_topics/tsk_set_jvmargs.html) + * [Customizing log levels](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.managing/op_topics/tsk_odm_custom_logging.html) diff --git a/ODM/README_migrate.md b/ODM/README_migrate.md new file mode 100644 index 00000000..18a9908e --- /dev/null +++ b/ODM/README_migrate.md @@ -0,0 +1,46 @@ +# Migrating IBM Operational Decision Manager 8.10.x data to 8.10.3 + +## Step 1: Review the database configuration parameters + +Operational Decision Manager persists data in a database. An external Db2 or PostgreSQL database uses the following configuration parameters: + + - Server type: **externalDatabase.type** + - Server name: **externalDatabase.serverName** + - Port: **externalDatabase.port** + - Database name: **externalDatabase.databaseName** + - Secret credentials: **externalDatabase.secretCredentials** + +Note the name of the secret that encrypts the database user and password that is used to secure access to the database. + +A customized database uses the following configuration parameters: + + - Data source secret: **externalCustomDatabase.datasourceRef** + - Persistent Volume Claim to access the JDBC database driver: **externalCustomDatabase.driverPvc** + +If you customized the Decision Center Business console with your own implementation of dynamic domains, custom value editors, or custom ruleset extractors you must note the name of the YAML file you previously created, for example *custom-dc-libs-pvc.yaml*. + +An internal database uses a predefined persistent volume claim (PVC) or Kubernetes dynamic provisioning. You must have a persistent volume (PV) already created with accessMode and ReadWriteOnce attributes for Operational Decision Manager containers. Dynamic provisioning uses the default storageClass defined by the Kubernetes admin or by using a custom storageClass that overrides the default. + +Predefined PVC + + - **internalDatabase.persistence.enabled**: true (default) + - **internalDatabase.persistence.useDynamicProvisioning**: false (default) + +Kubernetes dynamic provisioning + + - **internalDatabase.persistence.enabled**: true (default) + - **internalDatabase.persistence.useDynamicProvisioning**: true + +## Step 2: Review LDAP settings + +Make a note of the Lightweight Directory Access Protocol (LDAP) parameters that are used to connect to the LDAP server to validate users. The Directory service server has a number of mandatory configuration parameters, so save these values somewhere and refer to them when you configure the custom resource YAML file. For more information, see [LDAP configuration parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_k8s_ldap.html). + +## Step 3: Review other customizations you applied + +If you customized your Operational Decision Manager installation, go to the [IBM Cloud Pak for Automation 19.0.x](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.offerings/topics/con_odm_prod.html) Knowledge Center and remind yourself of the customizations you applied and need to apply again in the new ODM instance. + +## Step 4: Go back to the platform readme to migrate other components + +- [Managed OpenShift migrate page](../platform/roks/migrate.md) +- [OpenShift migrate page](../platform/ocp/migrate.md) +- [Kubernetes migrate page](../platform/k8s/migrate.md) diff --git a/ODM/configuration/.gitkeep b/ODM/configuration/.gitkeep deleted file mode 100644 index e69de29b..00000000 diff --git a/ODM/configuration/default-values.yaml b/ODM/configuration/default-values.yaml new file mode 100644 index 00000000..a12d9f9b --- /dev/null +++ b/ODM/configuration/default-values.yaml @@ -0,0 +1,126 @@ +# Default values for odm installation. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +apiVersion: icp4a.ibm.com/v1 +kind: ICP4ACluster +metadata: + name: odm-demo + labels: + app.kubernetes.io/instance: ibm-dba + app.kubernetes.io/managed-by: ibm-dba + app.kubernetes.io/name: ibm-dba +spec: + odm_configuration: + image: + repository: "" + pullPolicy: IfNotPresent + tag: 8.10.3 + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + ## Ex : pullSecrets: admin.registrykey + pullSecrets: + + ## Architecture - e.g. amd64, ppc64le. If left empty, the architecture will be determined automatically. + ## You can use kubectl version command to determine the architecture on the desired worker node. + arch: "" + + service: + enableTLS: true + type: NodePort + + decisionServerRuntime: + enabled: true + replicaCount: 1 + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 2 + memory: 4096Mi + + decisionServerConsole: + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 2 + memory: 1024Mi + + decisionCenter: + enabled: true + persistenceLocale: en_US + replicaCount: 1 + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 2 + memory: 4096Mi + + decisionRunner: + enabled: true + replicaCount: 1 + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 2 + memory: 4096Mi + + internalDatabase: + databaseName: odmdb + secretCredentials: "TOBEFILL" + persistence: + enabled: true + useDynamicProvisioning: false + storageClassName: "" + resources: + requests: + storage: 5Gi + securityContext: + runAsUser: 0 + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 2 + memory: 4096Mi + + externalDatabase: + type: "" + serverName: "" + databaseName: "" + user: "" + password: "" + port: "" + + externalCustomDatabase: + datasourceRef: + driverPvc: + + readinessProbe: + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 45 + timeoutSeconds: 5 + + livenessProbe: + initialDelaySeconds: 300 + periodSeconds: 10 + failureThreshold: 10 + timeoutSeconds: 5 + + customization: + securitySecretRef: + baiEmitterSecretRef: + authSecretRef: + dedicatedNodeLabel: + + productName: IBM Cloud Pak for Automation + productID: 5737-I23 + kubeVersion: DBAMC diff --git a/ODM/configuration/evaluation/odm-eval-without-pv.yaml b/ODM/configuration/evaluation/odm-eval-without-pv.yaml new file mode 100644 index 00000000..78d7526c --- /dev/null +++ b/ODM/configuration/evaluation/odm-eval-without-pv.yaml @@ -0,0 +1,138 @@ +--- +# Source: ibm-odm-dev/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: odm-eval-ibm-odm-dev + labels: + app: ibm-odm-dev + chart: ibm-odm-dev-2.3.0 + release: odm-eval + heritage: Tiller + app.kubernetes.io/instance: odm-eval + app.kubernetes.io/managed-by: Tiller + app.kubernetes.io/name: ibm-odm-dev + helm.sh/chart: ibm-odm-dev-2.3.0 +spec: + type: NodePort + ports: + - port: 9060 + targetPort: 9060 + protocol: TCP + selector: + run: ibm-odm-dev + app: ibm-odm-dev + release: odm-eval + +--- +# Source: ibm-odm-dev/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: odm-eval-ibm-odm-dev + labels: + app: ibm-odm-dev + chart: ibm-odm-dev-2.3.0 + release: odm-eval + heritage: Tiller + app.kubernetes.io/instance: odm-eval + app.kubernetes.io/managed-by: Tiller + app.kubernetes.io/name: ibm-odm-dev + helm.sh/chart: ibm-odm-dev-2.3.0 +spec: + replicas: 1 + selector: + matchLabels: + release: odm-eval + run: ibm-odm-dev + template: + metadata: + labels: + app.kubernetes.io/instance: ibm-odm-dev + app.kubernetes.io/managed-by: Tiller + app.kubernetes.io/name: ibm-odm-dev + helm.sh/chart: ibm-odm-dev + run: ibm-odm-dev + app: ibm-odm-dev + chart: ibm-odm-dev-2.3.0 + release: odm-eval + heritage: Tiller + annotations: + productName: "IBM Operational Decision Manager for Developers" + productID: "OperationalDecisionManagerForDevelopers" + productVersion: 8.10.3.0 + spec: + hostNetwork: false + hostPID: false + hostIPC: false + securityContext: + runAsNonRoot: true + runAsUser: 1001 + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + #If you specify multiple nodeSelectorTerms associated with nodeAffinity types, + #then the pod can be scheduled onto a node if one of the nodeSelectorTerms is satisfied. + # + #If you specify multiple matchExpressions associated with nodeSelectorTerms, + #then the pod can be scheduled onto a node only if all matchExpressions can be satisfied. + # + #valid operators: In, NotIn, Exists, DoesNotExist, Gt, Lt + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + volumes: + containers: + - name: ibm-odm-dev + image: ibmcom/odm:8.10.3.0_2.3.0-amd64 + securityContext: + runAsUser: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + imagePullPolicy: IfNotPresent + env: + - name: LICENSE + value: "view" + - name: DB_TYPE + value: "h2" + - name: SAMPLE + value: "true" + - name: DC_PERSISTENCE_LOCALE + value: "en_US" + - name: "RELEASE_NAME" + value: odm-eval + ports: + - containerPort: 9060 + # + readinessProbe: + httpGet: + scheme: HTTP + path: /decisioncenter/healthCheck + port: 9060 + initialDelaySeconds: 10 + periodSeconds: 5 + failureThreshold: 45 + livenessProbe: + httpGet: + scheme: HTTP + path: /decisioncenter/healthCheck + port: 9060 + initialDelaySeconds: 300 + periodSeconds: 10 + failureThreshold: 10 + resources: + limits: + cpu: 2 + memory: 2048Mi + requests: + cpu: 1 + memory: 1024Mi + diff --git a/ODM/configuration/odm-eval.yaml b/ODM/configuration/evaluation/odm-eval.yaml similarity index 95% rename from ODM/configuration/odm-eval.yaml rename to ODM/configuration/evaluation/odm-eval.yaml index 15dbfa35..205711fe 100644 --- a/ODM/configuration/odm-eval.yaml +++ b/ODM/configuration/evaluation/odm-eval.yaml @@ -6,7 +6,7 @@ metadata: name: odm-eval-odm-pvclaim labels: app: odm-eval-ibm-odm-dev - chart: "ibm-odm-dev-2.2.1" + chart: "ibm-odm-dev-2.3.0" release: "odm-eval" heritage: "Tiller" spec: @@ -30,7 +30,7 @@ metadata: name: odm-eval-ibm-odm-dev labels: app: ibm-odm-dev - chart: ibm-odm-dev-2.2.1 + chart: ibm-odm-dev-2.3.0 release: odm-eval heritage: Tiller spec: @@ -53,7 +53,7 @@ metadata: name: odm-eval-ibm-odm-dev labels: app: ibm-odm-dev - chart: ibm-odm-dev-2.2.1 + chart: ibm-odm-dev-2.3.0 release: odm-eval heritage: Tiller spec: @@ -67,13 +67,13 @@ spec: labels: run: ibm-odm-dev app: ibm-odm-dev - chart: ibm-odm-dev-2.2.1 + chart: ibm-odm-dev-2.3.0 release: odm-eval heritage: Tiller annotations: productName: "IBM Operational Decision Manager for Developers" productID: "OperationalDecisionManagerForDevelopers" - productVersion: 8.10.2.0 + productVersion: 8.10.3.0 spec: hostNetwork: false hostPID: false @@ -103,7 +103,7 @@ spec: claimName: odm-eval-odm-pvclaim containers: - name: ibm-odm-dev - image: ibmcom/odm:8.10.2.0_2.2.1-amd64 + image: ibmcom/odm:8.10.3.0_2.3.0-amd64 securityContext: runAsUser: 1001 runAsNonRoot: true diff --git a/ODM/configuration/logging/logging.xml b/ODM/configuration/logging/logging.xml new file mode 100644 index 00000000..a441b16e --- /dev/null +++ b/ODM/configuration/logging/logging.xml @@ -0,0 +1,4 @@ + + + + diff --git a/ODM/configuration/sample-values-custom-configuration.yaml b/ODM/configuration/sample-values-custom-configuration.yaml new file mode 100644 index 00000000..1267dd1d --- /dev/null +++ b/ODM/configuration/sample-values-custom-configuration.yaml @@ -0,0 +1,44 @@ +# Sample values for odm installation using custom configuration. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +apiVersion: icp4a.ibm.com/v1 +kind: ICP4ACluster +metadata: + name: odm-demo-external-custom-db + labels: + app.kubernetes.io/instance: ibm-dba + app.kubernetes.io/managed-by: ibm-dba + app.kubernetes.io/name: ibm-dba +spec: + odm_configuration: + image: + repository: "" + pullPolicy: IfNotPresent + tag: 8.10.3 + decisionCenter: + # Configuring Decision Center customization + # Following instructions at https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.offerings/topics/tsk_custom_emitters.html + customlibPvc: + + # Customizing a Decision Center time zone + # Following instructions at https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.managing/op_topics/tsk_set_jvmargs.html + jvmOptionsRef: my-odm-dc-jvm-options-configmap + + # Configuring a custom external database + # Following instructions at https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.offerings/topics/tsk_custom_external_db.html + externalCustomDatabase: + datasourceRef: customdatasource-secret + driverPvc: customdatasource-pvc + + customization: + # Defining the security certificate + # Following instructions at https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.offerings/topics/tsk_replace_security_certificate.html + securitySecretRef: mysecuritysecret + + # Configuring the ODM event emitter + # Following instructions at https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.offerings/topics/tsk_custom_emitters.html + baiEmitterSecretRef: mybaieventsecret + + # Configuring the LDAP and user registry + # Following instructions at https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.offerings/topics/con_config_user_registry.html + authSecretRef: my-auth-secret diff --git a/ODM/configuration/sample-values.yaml b/ODM/configuration/sample-values.yaml deleted file mode 100755 index 2f9b15e9..00000000 --- a/ODM/configuration/sample-values.yaml +++ /dev/null @@ -1,117 +0,0 @@ -# Default values for odmcharts. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -image: - repository: "" - pullPolicy: IfNotPresent -## Optionally specify an array of imagePullSecrets. -## Secrets must be manually created in the namespace. -## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod -## - name: admin.registrykey - pullSecrets: - -## Architecture - e.g. amd64, ppc64le. If left empty, the architecture will be determined automatically. -## You can use kubectl version command to determine the architecture on the desired worker node. - arch: "" - -service: - enableTLS: true - type: NodePort - -decisionServerRuntime: - enabled: true - replicaCount: 1 - resources: - requests: - cpu: 500m - memory: 512Mi - limits: - cpu: 2 - memory: 4096Mi - -decisionServerConsole: - resources: - requests: - cpu: 500m - memory: 512Mi - limits: - cpu: 2 - memory: 1024Mi - -decisionCenter: - enabled: true - persistenceLocale: en_US - replicaCount: 1 - resources: - requests: - cpu: 500m - memory: 512Mi - limits: - cpu: 2 - memory: 4096Mi - -decisionRunner: - enabled: true - replicaCount: 1 - resources: - requests: - cpu: 500m - memory: 512Mi - limits: - cpu: 2 - memory: 4096Mi - -internalDatabase: - databaseName: odmdb - user: odmusr - password: "odmpwd" - persistence: - enabled: true - useDynamicProvisioning: false - storageClassName: "" - resources: - requests: - storage: 5Gi - securityContext: - runAsUser: 0 - resources: - requests: - cpu: 500m - memory: 512Mi - limits: - cpu: 2 - memory: 4096Mi - -externalDatabase: - type: "" - serverName: "" - databaseName: "" - user: "" - password: "" - port: "" - -externalCustomDatabase: - datasourceRef: - driverPvc: - -readinessProbe: - initialDelaySeconds: 5 - periodSeconds: 5 - failureThreshold: 45 - timeoutSeconds: 5 - -livenessProbe: - initialDelaySeconds: 300 - periodSeconds: 10 - failureThreshold: 10 - timeoutSeconds: 5 - -customization: - securitySecretRef: - baiEmitterSecretRef: - authSecretRef: - dedicatedNodeLabel: - - productName: IBM Cloud Pak for Automation - productID: 5737-I23 - kubeVersion: DBAMC diff --git a/ODM/configuration/sample-webSecurity-LDAP.xml b/ODM/configuration/security/sample-webSecurity-LDAP.xml similarity index 100% rename from ODM/configuration/sample-webSecurity-LDAP.xml rename to ODM/configuration/security/sample-webSecurity-LDAP.xml diff --git a/ODM/configuration/sample-webSecurity-basic-registry.xml b/ODM/configuration/security/sample-webSecurity-basic-registry.xml similarity index 100% rename from ODM/configuration/sample-webSecurity-basic-registry.xml rename to ODM/configuration/security/sample-webSecurity-basic-registry.xml diff --git a/ODM/helm-charts/.gitkeep b/ODM/helm-charts/.gitkeep deleted file mode 100644 index e69de29b..00000000 diff --git a/ODM/helm-charts/README.md b/ODM/helm-charts/README.md deleted file mode 100644 index 08020279..00000000 --- a/ODM/helm-charts/README.md +++ /dev/null @@ -1,128 +0,0 @@ -# Install IBM Operational Decision Manager with the Helm CLI - -A [Helm chart](https://helm.sh/) is a Package Manager for Kubernetes to help you manage (install/upgrade/update) your Kubernetes deployment. If you are using Helm on a cluster that you completely control, like Minikube or a cluster on a private network in which sharing is not a concern, the default installation that applies no security configuration is the easiest option. - -However, if your cluster is exposed to a larger network or if you share your cluster with others – production clusters fall into this category – you must secure your installation to prevent careless or malicious actors from damaging the cluster or its data. To secure Helm for use in a production environment and other multi-tenant scenarios, see [Securing a Helm installation](https://helm.sh/docs/using_helm/#securing-your-helm-installation). - -Before you install make sure that you have prepared your environment. For more information, see [Preparing to install ODM for production](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_preparing_odmk8s.html) as well as [Customizing ODM for production](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_install_odm.html). - -1. If Helm is not installed in your Kubernetes cluster, install [Helm 2.11.0](/~https://github.com/helm/helm/releases/tag/v2.11.0). -2. When Helm is ready, initialize the local CLI and install Tiller. - - ```console - $ helm init - ``` - Tiller is now installed in the Kubernetes cluster with the current-context configuration. - - > **Important**: Helm looks for Tiller in the kube-system namespace unless --tiller-namespace or TILLER_NAMESPACE is set. If your administrator installed Tiller in a namespace other than kube-system, make sure to set TILLER_NAMESPACE before you use the following helm commands, or add --tiller-namespace to each helm command. - - By default, Tiller does not have authentication enabled. For more information about configuring strong TLS authentication, see the [Tiller TLS guide](https://helm.sh/docs/using_helm/#using-ssl-between-helm-and-tiller). - -3. Download the `ibm-odm-prod-2.2.1.tgz` Helm chart from the GitHub repository. - - [ibm-odm-prod-2.2.1.tgz](ibm-odm-prod-2.2.1.tgz) for Operational Decision Manager 8.10.2 - - If you have not done so yet, follow the instructions to download the IBM Operational Decision Manager images and the loadimages.sh file in [Download PPA and load images](../../README.md#step-2-download-a-product-package-from-ppa-and-load-the-images). - -4. Install a Kubernetes release with the default configuration and a name of `my-odm-prod-release` by using the following command: - - ```console - $ helm install --name my-odm-prod-release \ - /path/to/ibm-odm-prod-2.2.1.tgz - ``` - The package is deployed asynchronously in a matter of minutes, and is composed of several services. - - > **Note**: You can check the status of the pods that have been created: - ```console - $ kubectl get pods - NAME READY STATUS RESTARTS AGE - my-odm-prod-release-dbserver-*** 1/1 Running 0 44m - my-odm-prod-release-odm-decisioncenter-*** 1/1 Running 0 44m - my-odm-prod-release-odm-decisionrunner-*** 1/1 Running 0 44m - my-odm-prod-release-odm-decisionserverconsole-*** 1/1 Running 0 44m - my-odm-prod-release-odm-decisionserverruntime-*** 1/1 Running 0 44m - ``` - -5. List the helm releases in your cluster. - - ```console - $ helm ls - ``` - The release is an instance of the `ibm-odm-prod` chart. All the Operational Decision Manager components are now running in a Kubernetes cluster. - - To verify a deployment, go back to the [Post installation steps](../README.md#post-installation-steps). - -## Customize a Kubernetes release of Operational Decision Manager - -Refer to the [ODM for production Certified Kubernetes parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_parameters_prod.html) for a complete list of values that you can configure. - -### To customize the helm install with --set key=value arguments - -Using the `helm install` command, you can specify each parameter with a `--set key=value` argument. For example, the following command sets 3 parameters for the internal database. - -```console -$ helm install --name my-odm-prod-release \ - --set internalDatabase.databaseName=my-db \ - --set internalDatabase.user=my-user \ - --set internalDatabase.password=my-password \ - /path/to/ibm-odm-prod-2.2.1.tgz -``` - -> **New in 19.0.1**: Use the new `customlibPvc` parameter to customize Decision Center in your release. Use the name of the persistent volume claim (PVC) you set up when you prepared the release as the parameter value. For more information, see [Preparing to install Operational Decision Manager](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_preparing_odmk8s.html). -```console ---set decisionCenter.customlibPvc=custom-dc-libs-pvc -``` - -### To customize the helm install with a YAML file - -You can use a custom-made .yaml file to specify the values of the parameters when you install the chart. For example, the following command uses the `myvalues.yaml` file. - -```console -$ helm install --name my-odm-prod-release -f myvalues.yaml /path/to/ibm-odm-prod-2.2.1.tgz -``` - -> **Tip**: Refer to the [`sample-values.yaml`](../configuration/sample-values.yaml) file to find the default values used by the `ibm-odm-prod` chart. - -## Upgrade a release - -1. [Download the latest PPA file from IBM Passport Advantage and load the new images.](../../README.md#step-2-download-a-product-package-from-ppa-and-load-the-images) - -2. Run the helm upgrade command on the release that you want to upgrade. The following example command upgrades a release `my-odm-prod-release` with the new Helm chart. - ```console - $ helm upgrade my-odm-prod-release /path/to/ibm-odm-prod-2.2.1.tgz --set image.tag=8.10.2.1 --reuse-values - ``` - -3. Verify that the version of Decision Center and the Decision Server console is the new version and they are running on the same URL and port as before. - -4. If your release uses an internal database, go to the `my-odm-prod-release-dbserver` pod and change the `volumeMounts` definition in the deployment YAML file. The following definition is from a previous version. - - ```console - "volumeMounts": [ { - "name": "my-odm-prod-release-ibm-odm-prod-volume", - "mountPath": "/var/lib/postgresql/", - "subPath": "pgdata" } ], - ``` - The definition for chart version 2.2.1 must concatenate the `mountPath` and `SubPath` parameters. - - ```console - "volumeMounts": [ { - "name": "my-odm-prod-release-ibm-odm-prod-volume", - "mountPath": "/var/lib/postgresql/pgdata" } ], - ``` - - > **Caution**: If you do not make this change, historical data from Decision Center and Decision Server is not available in the upgrade. - - After you make the change, restart the pod. - -## Uninstall a Kubernetes release of Operational Decision Manager - -To uninstall and delete a release named `my-odm-prod-release`, use the following command: - -```console -$ helm delete my-odm-prod-release --purge -``` - -The command removes all the Kubernetes components associated with the release, except any Persistent Volume Claims (PVCs). This is the default behavior of Kubernetes, and ensures that valuable data is not deleted. To delete the persisted data of the release, you can delete the PVC using the following command: - -```console -$ kubectl delete pvc my-odm-prod-release-odm-pvclaim -``` diff --git a/ODM/helm-charts/ibm-odm-prod-2.2.1.tgz b/ODM/helm-charts/ibm-odm-prod-2.2.1.tgz deleted file mode 100644 index 4616450045531f31cf6b1a37b5c9e94c4810b31a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 28975 zcmV)6K*+xziwFQ0IB8t~1MI!)a^ps_Abfr+V&9>b?Gu*z@FMDJ%kDX$me_5M)sj|} z?Dg6cGDsFlOoIRnfKqep`5tK>VxR2GOBGPK@gh;`Zkvo5Hw6~5va+(WGP5$X?C!Yc z^~W_o@cNDac$&}l_V(fazMy{(_}}fFJ^ojHM00n4cV}mJx4E+~wwwF=yUqU)`%i>V z>N5!=D*#j+YZ6E|8U|J*tx3KeG#dCzG7zK8Bg3pB& ziavHJ`=UD)9ob_bO@JSGli^5wExZBzVM9BwHyH!RW%2TY9AZ7sp9c1D6bbL%m4N`1 z;6*!{3TqOLyukh!^{3zzy%CM9NI<8+-teM3q(+Jk1_E+uIif|Nb4W~F93WvYh1DY{ z8Veu;v{hg{XrK_ZWyoCvL8HKPs=^AS{=*@pt2i2bI&u5(TF)DgJy$_e4aL13jTjDh zSQl@+fbj4qf$sswBvg$jT+dNOL8;JCLa}LY@vGjw45~1F0n8F2VY~djDk4wxESPj` zr=ajpM1eqzE!P@KoILC|ob*Ntv8uQqNg6)PKJ{x6Y?CtgHgXd{*|Y%@nx1fE`v_@Z z4}hA!40;H9bAS6kx2QW0$isx!fF=>hBfuBt0H!IBp@s+`yV3@8Y+hvSrRX{10hzXZI%vD-b4sC;;*UU~7kn2;e=o!;l!B_>30;O-qi|I?!7W zmLM#zahB8kKn`RO!0YtufGGYRyBK?Y8-`}ls?rl|yFF(@q<}>zTrU!iJ+`rTn8(l? zMEA&EA$16o(g*76wMT#y7;aG2>wjPmCjtEq)8a@&d|Y(@39OJu-Eyb=45nk^(E1nz z-WY!DjVu?i)(ZrVqJ;vuwxeI(q#Za;b{a6dAB*DOR##xuB&RkO3OU;*BWU6-BtW5QQ|h3dAN1 zKz^{sKJ*MPf@lXe=NGZ%vF}Uh`2#E_$GhK3sBkI+`wpmhCj}BDtYkR=`zWS?8oh$V zG|-55tq>>ArKQ-%K9Ku?dstRsS2SI?7VbxOZ)6Aqn5+o)09cuUyt8R4k&A&eYMlrP z6!rrB7l2UHY_28+40kyh0;dr5E$Ga1Xi>mx_Rw~rm;9XP<*}AigVge`iY)mQ^^lv@ z+!1)SYXov^+41_6z7-IsAYEt}V;M+i3hTgqPlW3Nw;-Rm)>v-oNw+}|1p})`n?%*v zBV(fGkV5K6Z;;IT35s&H#~03cb`8W!*61%LpjvQxFOBg)V5vDF9_}kmL__kJHuM(! zUWRTyi+QmK(YlEh24Ciy`V zAw5>jk1&+bw|f(B62jsgTfuu2eLRT z3a_#JSP<>h#amRXu-lV(_*%0Poe6KQidPGb8Dp85Qdz<-DGUM$6d`~!X>p_%fN}_< z1P#xZ5l}|6ABaAue{Z9%;d*Y3Wi}$I-AU5& zG(u!YdxHV$d9Vpc2gEP`7bJ=oL_9IE98ij~(h5n;=#e1_c#d?hmhU@gZh9_EI#C&A zmqM-QST@j`+ZuxdDiRQry0P4JVfBWg71*>o2LVVQZP7?u?|tUN-we0F4E9{9c0>?= zppnE{J-wEFK@W&6T(#Q*`mE%okyBmV<5cLqt}faGod4Js3PDmKPsfuI*+WLb8d~@> z2{~oBZzda7tXl_O7}khjIE$ziP)sAA=mZ(5I7`6M zp1_EQ%G6Ha^peS$>S5{m7?Y+7U|1DPbD~z6v@xnyiZ(QoHKw*atyS^vfJ+o-PxFcu zYK5&24>j|})CFj0C-zws?A67UG(AIg>UwNV6Umm9LLdiit=pvJ(F`q*rUcbS=xhQ) zj`#>Q8u-_XcjUC$%v*SgB&#N-5D_F{t+A9m%LC5=n~3*!ExV5NKD%jc@kl4YX+y*p z(PMi9rqzZaqR=u`-`G0DPi~+V?GIT?;v3pVb)Q|MPj=iSsx;bBXuq>lCqNbg^TBqJ zPuO}4jqXvz#Vn05(R3dYF(kuD_uMmj4rBxitg7{9!-Oa605Hl9&geMqFky%)uCQcx ztSauVqFC%p)SIe?GC?dFCCg2Xja?80_+&*YeiF@%rKg5L$n`x^XknMZVInzs#RXBa zaq&pQ7on>GrkKKobR}j37>=|;G^b22 zy?P~Ct)Lh|r$-u1OXHZ(I-yXCtHPN$d}9jp6qA|jI_-cG_8^fnxMdEL9WW2y3#xf4 zTUysMyj;pQD4^0HvrO3jhZF8V+(A&y9=zIWU+}v5*!Rq1Pj}!cczY$!yFw zDGzK)$4)-5Arj*iHIy_uYHg9knx=g7@wQ?0`}jRTd&lHR1BymnQD~8sP-W_eFcIdM z$eu#?M!zrJ{$#Ax))dER!NT^Rp3baHBLZtD29Tj}F_E_lY$nzNf=QPDm@sAM7KJ2A ztO`mr)nwTW$XJ|~ zm?EZkE?!Cm54$$Jc?kl!)2h@i9BbX^OD0ts`6%UV4_^gb_RnkhAl z&@>o^L9puD*QbyC{<#<7OY!Lq?Jr%AjWS%eLo)Ah8zI!f32X`Oif!ewAgiRy^8 z3wDqK6=RcV2sRxt{#30HvdH8I*)v2u3Er3>fgD-^pDSf;4|NuB0HRPUAR&rHLyzuz zBsn8ixs4McB)mFMWA#NJV_0MKo5dOpdc9X-R)fj6|NzBwh{x-4I z=@D+|A*CZ7 z$#lX)+kyBI^iQD6G+qQTs@*9Yuw;3oiIs=}nnf~R5-(UanJ~5X!vxh$#1)+eSrgT4 zjqc0TskD$~>08cq5L_ ze-huf&rdI7O;!;3Ni8j>reNd}smLG-@*)<9dELG~YgK{j z=e73vo2&Nu+t$0*`E^yiYh9gu2Us4zZlATUe5u??b0HojTCT3|ob1c7d4-JU_5eJ*NQ=fV;2>@n0fw4Sy+n z8^aKEA{?$3*LFyfJ@k5ZY$mf%SLdwcjWrKi^TsUm-dA<_Tay%DIW>={9t;B>IppjF9Kq5yTrK(}3m7OeT?VckIyPuuJ-JnlPrIurS8nY2nal5+tSF#Q z-?6)-&=GP&^hdw9us_8Mw)Cnet_`tHANx-|2 z*yhxjo5)@YxNjq~DbIPL5p+ElC_=OjbwZF1)UzyilaKG*IlI=F3MdFdkel z%D%F-1dR=h@4S1ogxHjf2}blZ04L+4h!)o|PD5gyTOEs#6IVS(L7IqB!k09iITCMhA)dXOMN7}1VO)U9= zEuDTSV1t0g&O*P7r<4*nv-11DE3x1s&xG3Trka^Zsw%6`u%zo^^VD;{jN=82HL8LC z&n-dLI+>{-Ve)EYZ0?PK2jAMEdB@;?suw|Cb0AJ6fzd|PeSN8+xz0b5-B=U4USc73Pb+%S}v zBhh~SPF(mh(8n65vPUte;vI#V1sfx8ERSfn4Pm?OgKgn>(7q0wR);;k0o>NuuzLtg zHwvu#`Ve-lNf(rXK)KbZ@x|%8Q+d}2CXVEAFc~z)7FaYv13`oc4ZqZVP)Xm*DJZP{ z@MxoEqNp*{2-d(R2ICv{Mg$we-zTw!3V(#VUvGbae|^7qu;)nlW{vv?d+=}j{8!gczW;sq6H`J;Fww%A2kOOV_h(}$wRaI=LGwIY-)7^O?<6wD3@yEz3bhB4l$INS_j&LbQ_({|GGRp zxFuXaG@voP1dE|=_xwiW`F1aa$L{St^by`d7hg5Ecj}{P>|jFB3vn4pau0+yY@8d- zy7(S6g20s+#E8lOn%*OOI6~(txiE-iw7Vxi)$v80;6S-5E;-60t4rhT1(J?J&2LjWM=8^wy&fG7RA+KY3y*H$5l=L9$?o_f)Q z%TaZq^$~^dZzsC5gs889u_znmgyJW|jhEsa!_(j=?Hl|KnAr=a8-EBgJH;R36nPOp z@Kp`5{PPFASi_G{|E9l|e&|J}?H{6pzDCeFzJ~ATGNMB--*fEVlvfU(uGpccGBfp? z+tB*&6Ibdtk;E+VG^IsN+`Mj6R-dr(OiI1mq<7z;`!)A+(|EbVQ$o%;4BZbrFA@sI zHo*WEMF?M+5Vj2n??4P-R-nq*`R-UH?NB^ONT8Yuoxe|fDi5e3r&;EBrdc+)*>v$%t0HLyQGFaPJvb|)Y7A(+@iLu{)A>~S#A!3G6JHi+<5_AyWY-#3_|=wf^@UpBI>^gh~f# z2R!!}^Wlo_#CB*0@vYu_K30Fh(OznWV)Cwp^)__8u7J(HH=@%ISblsy?pvVpB+v2S z-~|S7urS@kEPvQe)v@3I+^UNUJmkgn8J|%?l?Ri1WqqT5+PUq3Jd*(8gi1t+A5J!?BhW%M`d-G2oQ`mcU48aD7h`p@vrZ6tuYFusY;(fu1Q>*2i*|Lt1u;lI%s zzW;x?X<32oO+wK=Z9#{ySSXXbZuh0t;CAq6qjy(h7s`h3TQxjUfv;(!dThD&0NRk3 z^%Ian8T;?}^j&L(mLGp+uYXwf&AsgU-`-u<|9O_r3)&_JNt7k2W{GLHX)*|?c4!X% z3?|+G`@b`dx?)Xp64pRfr;Oi-&ior*0;ASfFltG8l`XLe=xr%nel>CV6;Hz8yiR%8>6fv&vS@G zJ8AmCP&78W}$}`a)hA{Z4h8NPITZ7Df1Nl5Wi+obOFXb zac_KbYpJ3_Xw6ygB}amr(PL-6<=j=mDQ!(L_hKrGvNklB@fwBdd_cAz+qe*w(hCOm^;?9RnRsac*L^cgr;4**6a*K!*H;ICN2Cg zj0Uv!f<_&rLNMc(s|hTpamg=Or=ongu`ZL&mGbB*xF=;IRRaTv(X|2k7y zGC8k}ii)=x>dTjER$snUaO>hSapwHM&YaE5AGU;T1f19uKW2mza$aLmZp^ zipX#%bPA1ZToFACdLet(RU%>#SeR?mLkAndpe#mA!XdAaQq0(O^bTuKT!BRW5o}_4 z;i~M_9B^Rk{kOI*T2%#T0~9DY5alF9c3~+PJD;FyU3RBGrpOQHUWPe>{16jIoX^P!z}e*JLqU0r@m!IlsbpqPSlKduWBH_bUiOdl;ieF& z15Z8zMZjqnC;XIgasC(2&}$IU;`p+SyDAF4KD0EPoro`n2nO2Ag$J~t=O?Q`Edp1{ zK5c9U7lK&u0uHev28y#USn3aA`k(4qHx_JN;qwZU%2eX>jMmDPdTDr4UkxlL1fsUw zaH6J?XNy9nd8NhKJaL$Ivi^XXF``Xv=CU_(J;xi`EGm=jtBS7F_vk5(Wp0YvabvJq z08*Hq3iXtXB~n*5HeMI5yo{#DEa<8jHn7YvaEy}QIlaZ$;|!gE_f32gBgRQCAz0Ea zl=H<$Pw-aWGMsLrRid)}LEF$M%6} z?-C;=8M$G()Fn5hAW{{v(jWz++@c9;aWqU=yQ|@8QVl~;YC5!q)!r9E%O-IGiU6mQ zgjh^8kQmN-jXWt?HG~}>L^En(xIY*>O4-Sd<%6AIMRMNhPSMUCpZcX1dAzSZNXz^}PohF>)1^H<#1f7KiQjCNI2$tCYEo+?y3^|>sUo<5}Xgi^n7&-VHqwVE#Z zEaQrGN-}j(J-{Mdw0kOL6D_CwTf7Z}+33av6eG-EQHhwK@yXogtU~mGMOC?wM5E8G*0|3#MNut;R>XaCzN4zBErila>!diUPX_>O;*B{a+If z;wUp>p!Vx`4f4y?&@b0@ysnNcLkt^QATS>8Rn8z!D=hPv z5EK5&4T0A$nrpy~y^O?)b)Nc0lCm??|ly3rQvygrtYL`P?yylBmMnD@Y> z1({P9$42Q1y+k;JC-yODqXHG;BQ-siJDu3ssljF1wg1)V`R{Q8@K-=8^}-0WV)QDn zW>QN4ldVzIGjFs{(su${_YO?;Gd6++b_Zt9a8;a~hsizGQ*wbaTzI90iT;r139eFQ z`WJv<@hxW>S1cs9N)iYfXe&~h6LJS`%PAM0xsrZTi-Gx6{ZxhuXWU|E?UPI1&*I9T zFt|5*hfn{KtT@UZQ9Gb=v?VrF=-R$7x!78ajVwjxXyc_gDMK`=SxH5ce*N`VItsuv z;v^Io_XU^fb=T~|4%>tV?`;>BP!8e-)@F(h_@Y9Eo>8p{t2|%o&N=?{OM<{)xdNy6fY!Gj4}(+`uFr6$3l>+$&Gj z(+MRVDW_Xft7DaOjar05Ta)F`kiu1tiQ{zQA+W~r&hpjYa_mRbQ&mc?Ce*2tD$Gz* zx`z6r4~p)+74*T#*3C1<^9g1uGDB@7{CC2e?3L#vib^@#mhxlJwR&}3!<9Gr_g{r| z+XMEDIn(HC4o|ABKj4-WhKqe zx^bfk@jg)xb?_??OW%Rcd;z*wXJii|p^1e_pMcg0m8!v5?{FanYsTwOplNYlG9}2N zFGZ%l;j3)xV}W{i&~Kc||7z21!d zAAZehTXs&}(kjp*>edVdHODNbe~D+%zh)r2dPQvhM3gCF={FyslK_B1MGT(LQ^cO4 z?*#M=MQmjqr(rIxh|OS*C)LQFR*fnjRkEGU82Lham7an+$T~Mfv7Xt(W+0K>(u@-O zMSC2~=!Vj^z5~vJeV+H}OJ_2)4Q(rK(Y`z>c&fq@3x2t5pB6pE)2z(%SljELXybKYV9zCBei6 zVZ_Bj#q>({82b;gziq~v!r#puk^7`x}X8V%0N(&H>tBd3jEmEIF22|@zHb=(V-mFcBFSZ zrKpjwFj3pA7)D%0LI+u-&zq=pQQTNNeSaNKj3fP^Z)5~`GZQ>#VjpjJbIZU2UxE9k1Prq0u;zE14-)~EHq@?hS}=_~S( z|0+N?r!*0L&i|`P7Na9PPf(#Q4<+O;C{c=usnv2c9+8gy?yS}ekRIPIC4ZYkl2C!; zT2+qBp2*ec3Zx{sfvVygCl4wLNLRc{&KD>^H+wXrbhH)Fur^R#Gir-)SV8cTMUiAY z-v+o}RgD}TR8de4M&prjse-xaq8HRf$#k8%y;0z~e0vBLei>7^FhYbK3ronW66bU- z?t7|eScoPY7-#yBkWUo!kZl#o6UN23%CI|%56JPTih6K4?gsA+@a}bF2IE!~J;uA& z4`|U&GZOFIy2FZFNd+d29}Wl;i_|F;?{Dhpt@Ir3M=H$kQF&p|7(TmWI3&}JYZvYf zAmS%(Eaa)g5@ipjMRP`#7#ZI^`+2-XBC*f9Iqyo
  • h>Fcjz^O`AmA}#UUx2MR|5`b&@rP5)z?c zT_zrLA7Hof@~=L}ZYWA<_D@coaT7Lv1iTEF{9GzyEd|i!H3a{zC%#n_zQuX`8x#JH z@1dx<;@jBK^S2GHCt}c4&2*26P9*&>4vL^dMe-);SPqS!rWjeZfgEB@CUqJ|Aujqj zQVSmp=d>fUW_el>OajodD|6%LP7FiGiiEn*B`E8H3U{ZVJ<-B5#zKK4VZ7`p^fs+i zUwet_RVo>)@Q>`hr+SsxMkn$n@vxt8)DMig!_kbW?qEn`s7hqckN4!T&}5D3ut;72 z#=l?vu@k5sRWFx%41+m4y135ZEU~jEqt00Y)wrFk znLKzu9q-?f7dzM&@M0bb3bET%K(`io71-`HA92T!7^ygJGd->o92cr_lp>U*LxaG$ zlSXI;S)*p{=?sMl4s!gA>9bN%2SpYw_M8i41f6o?Ctmw>uyHiq2lVc+_ zfvFfnyj+pe!O%4xhAN;nWct)%!$M6)e4!<0EW|Oy6g3PYM~RuFMsb*pTSZZU0s;0> zo0g(31;Bb%WQMW+{6_z1+$7n50ttfU0F2Uial&&p6MmzkvnHM~W#S?EKdJmLX1tnq zbFQiq*zEkTy}kYI{dE4S!1lxQ`^67Ir@6+p(O^QdhOc0RRJoflJ^{Cuf)=H=zso)5ekOL4-53TB;rya#s-ye|V#<9z z7+G=yJe0Wf@?r?b&7YgBOW-&*-gpq2Mbb;hG?Yp&)nFOvrCwQ7dgW25SJn${z0g)m z){nN()M-`00^?s6T3Ot5?uyFw^_+SDcfRcYZ#d1*JTUC$Dvg)P3&No{7BF#h?~v&= z2lZ7cm&bwCwR>W-HJtjtLpe*$EXT$r9n8R=_nam-VczwcDjIU2C_W zsCKI&>kG77{$(NUmYdGiZgYJ-r*_Mof7;$HO`x?`YtePH7Ds;yan#Nw1)Gr;nK-SP zB1ykrQ%B39d6YokOrjLGilo&WJhD`$$3`MSL0L%!D8zWjIF1!Tn&}hs1V)T3HeOEi z$=A1B&i0+e>2~GlVM-o#x*Td09;^dQdLBr$UZjKj9*Z`9MwHf=_#ad)uDSZCYPW#1 zL09)$#en=wx5a0)nK9+EYUT|tzkYf~Q8bl^L!|}Lg|ggynzhkXY=ly)jV@L=)tWA0 zI>}gVY?;C)Mba$Azf_yRjxjgmQPRUtwaynQD0shcXD(sdJlmS}a`E?+8Z>)g>fqUQ zirH@77%CfSxw2$J)S(RpgffMJCPkcI4@jy#s#RDKCq?IdWZWtli8l=k^Av;G2 z^v%=PJ0g`a^)Oo`E`y$fm!`$)0=aZWRs3FDMt-(%H!##i;=9v0!D>nM5I+l@-T`?E zPi(rzOHeV+xt-q`qPA}@b>GCTk?dic=B~MEGN4E9l%_QwSIC*h_1|L$9_!0ja^@Fh!N z%y(1#8t9)c@t0YAngLRF=oOUqMQBqIKF}tmV@*4F1y_FoA0NGf)gLUX=@RmL%bYZ+ zSA;b{^^9bi_G?iUQB3oUlCn|RL16U^!XnCR3UdyqV4iI%rMt*bFRAguW5mmyJs6RT zr9|~BTXZdn4Ddo0<}@6_l2{Kc+W{$YJpxT{X{hYcT@<&=c+~)o)PkF#TVeIIT~=Wo44@`V`+gb!CN`B-iYtQWZ$@S``?lz zK~%j-wBSr$bL*9`D_3ZU3KkcW5BgbZESy?@CyOP5qkfqy5YiyZ+?M8$`3Rf?YZ*Q|w~daZ2Tr=Vq*y*}dNwBQBwO`RzC zRNChCS;xH2Dtk+o^6|)W7mt4ShJ70p=U&vd8VFzgR-{y@qDJDX2Oaht2g4&g&tnv2p~W#UwVCY z*(Cltab$e60X5L2({PO;oSCfU=V1k~7kFbQr{T?YL~z})MSOaf+;m0+%Qf#s)XH?O zJ;DLT(AuYqBG*2hk6O~^(TM3f>I-70n$Jh^F5U3qcw(W21(E#zt8hMo@1fC(klT16 zR4sR*?(K2;&!j?2*>;?MuWUa~x5^gYdD>W1TG*=pbQzg>(Wo;f(A-rC5}F z{^Iq&3hKYDs_a|*nKS?UyW0nP{&$-@`#ArH>-ulc^TB+HRMl>bJ^+TGm@OmDVQic&>;gsyk9QC`R``LL`w04 z^t{s}p7hF+6J|{Ks-_wPGDzr_hco2D1&kB+f>Y(9gC4QJkv$QiN4et$v4@W{u6Jmf zKdUP2W_No#-%)eBuqS$4&{NJiUg*LuaZBd>xkX;MjkN!XynrWoU7)zM-jm{$xB^qo zAhCbAdsu7l?B+c&;)mwfbWkkewlUzh@v*1vjP5* zKPC2mzsu50U%Bxpn{bZ(x3j%-n5qB0d$_%`w*Q{v^ZV~LtcQ(DxBdg0|BKuimpif-Fb7h`m%v|ov1v~|(WwV(~X#jipuI>XQP4W_1RJL<5%@pV%Q#-cNW{+d|`s--Lm{;=%yMJ?z&&;bV)X_2-#BW&3|v3)rPn`{y0B;B1r{ zpKp&Xe<^)np8tP;cRREH9~|!OulN7w_+)la-fU0eD}M7kYJN+d%PXJr7OMx}4+C>_ z@J8(vjrlr``(K_bU$rKI=gY>W71&|rvk{p!R|L#xKerH?TH=B)qb-p)>D{qMp5 z*6aT{J{i?91?b2>ovmr~6lt&?@rsF~@>?~=7U=~p2^E~>5g61jIb|0Np zSaQKr34CKK>W$6}oXOo;G;~G&fXSa52&j~xq znMqdXG4=Q`MpLP#{D)uf?d_@;4HeksF^8eTY`UV{_L3;Z8HF|222E z*YQ8k@+nv+80? z?I{%v6L&aUYu_qCD18UY5{NB^)XYwGJkP^B&08h~y{RaYxxJ)&d@K2WbJ)flos@HP zbrzyi+bCi}$@ml>6`ITuCyXSQcjYv0Do4YeEv}Wz4^$kXbMjs5UF#JEt0l^}p`GX3 zWp(tTZp(R@30un*AdeGV6bEU=T=jo`aoW1Qytul)Jw18##ikA|8v=1_wK)1NCwurQ z$c36G{uz3%Z$+b5mEY@VRMp9r`FZ;vbyt!0-xYmFTUc&I@mi5xPlk`me@$X84MQ`MZFL=(58jUX$I!9laWNf5IR5~*){I4I_ zz!U4ad9JwuwPMT)*v2yJEicD%v&v1%r||0IPGO;w;xnAWtHx<+PG(Lc>@u4R?SotS zb_LsWZqC!2bNSqNKJxlyj#p;M=g$M3lLoxC)B-Nme#+)lHJvf1A9+FZoT@XQKf#

    s^xFl~94k{PP43LI`mZeqEuo-Xn?q=5SRaXYB*qrlSJr#bBE>-73(z?ykxVYR zHX(}krAn!=?kw9u2CA3ia^g(z2IltVOtmsSs%uXG=>u1cu?BnoXZ+*%Ewa0 zstrfX#9xS!bjE_Gr06BH70!QAlaFl)|2045{@=dz9d9}Y{p+y_VYB@|JG;&Oy=?s7 z&i4BJ|5-i@TY0KsD94n?GWId$tMa#3&3Y652eRhG@~y7z*pUrzzE5J2>u>GIIM_2C z&UgbjhVPn!EDh)QvaMQ&_3tc@Zt4{bC*G-)z@r~GOtZJ7QPVW++4X%IbNxa`kh83m zPxkzgAk92iEFO8z++w8#;gTY*f(bA!jG4i7VT~ z7vwN_Zo55a(&wSoEZ6lSa+HOLX&iQVpy6uPGW2LH^Q&ToH;etU`5cR_Ey1!X-F*bM zM=+~f4*Zo6d@2i#1hSQvx`N>K@z3)0ppNK@)r&x)!ze0 z;knL~qTd}S->H6c?lA5w#|F4`GT{XwUdmJz=U#;WwCG}tsyOvz2#@H`s(1_kKZ^_) zB0r>~)X%jXe(B$_#d|qD61c6^(+SFWQkZEhVssJP+>adAo$VnXXHLg72;LMA2|~FO zowBA`4|NVqBJ2=EM%bmGxc&T3j~6I~q&9{(4@?od$qZDOODY9uXT}2@eGFE2kv#FK zn$?2@N=@8LEIWm{aoZ^*us_uoGG&${BG306Z#exP$x%sj9TvDXiz0Ce+;C|jpUcAA z+Da%=D^bi6dCdusHFeWS$)3uM%+c|aIAvf#)Y8*Tu8Qn3CeDHXV4i@i|MPvAAu0Mf zW;9R$q5u$?4Wh7#VyPI-g=Zmk1iH`+;2Td${en~3C5O0BzS1INWyJJo`{AQUx(H^= z40#@0o!Gm`V7c*}IrWRuwakH2^3}rQ*7)Vdya2vBHfc7(Jst97B3Wkj%?Ws#BL&nN zPN1aMFE3y9Q~kr(nKwW)=zgVxoEy!*@IVbnMT3Q(>*=4%SvX_snYAbu;@(~@e&uO+ zcm{$CurH#8A`em*6WmSBc*D8K< zYC5y7*6-Fp$LhW3&cFOeGEMH?Q686~S8LF;45_S8pOf&HbAjYi{F>Vd@LuWcJEL>5dCS>B3UE-jk|R=6k#z-=Sa0kaVk2Wml%m3JTu40Mj;eO{WlJ#Qc&( zZh0qtJIFxHv*P3R#+7J}vqwa578%VWRfpMF0E_}8Rg{@LFekgiw$leHF);O6o`k7XE}XnH5$>J;h2C*2UUdAETt#aX9HNeVRy%kd&h5h zlgOV$4VBK%!4nM)#&DSg1;To6Fr|qe3=E-|nxEc3FI67Y{;ttO&X=_~pzVY0Sp>^h zUD6*6<9wU8EteZCe$Y#bcz$<%ec8!DD)P{oZ{%OdJL9k>gt_n6unI3-*nrozI98bU zin4i-32SVOq~%1T6V#wG-YTSFp2&qIql_&-P1Slq^Ykz>b*9Q8r5dJTQM^#IJv(!uBT^blN6ZZBI`op$HCb$-&iJ-awLJ}bu7WUq{}nyWgSX0PS;nHaU! z`SEL*0BBH*4;sbUZgP7{4DG6Q);jLY=A&GwM3$3{(u^~Bd4&!hog!9XFeDBRT?*S2 zs@a;^1^%IOKt=A&ziejx=kY0z|NOZ1U)J%T&+~a?{g-^4=rh)T$?@oC5`Ve6`Y&Zp z`Dd&DvOlN(%fY(-%cuP*um7hM;Ez=QZ(aZEc|NPD|2Lag{uH%f!rou1{-3V@y$UUG zuKu^(%&hq)&Fbmt?Pe1%O@#Uu~^-L1?rO&s+2mjeu<>YIez%r^0-(QFQPyG zK{{fE7SgSGwlET1RX|JRiw zo=U0tq&#DfR9&94n8X~S8ztL@k=V4|XwG6V3ruW@?XB|n)auB+@b7dji{?f)7B2a1 zdn0px@>vzLSSXn0v#4o-&6sJQxj@CbHicN%rdZdeP@i>eichjO#k#yhLi}}khZRu2 zq`bpy%HPXwN6ng%IiIFnahrA7h{d_3;12YK#tZLBeve}Vo|JzIkX&Zy>xvmGt(cLx zlNPutNPo&JN`#+y?TjTNViq6q(nU1>Y&9jyefwfvX5xWmCKk*(VE>1zHea56kdrYF zC^WH<$Kc`hCQ{&^cly`mBbFWV98F{8y2b+spX+R0Lt|Y-V_idI?%=}vIzjr$6QrLpm37IgD+Q|*EuMK*SN3+(%e}1Z%6w39Jdh~#)z-2vG{5>P>HD*< z%A!hO;LS#<$6V_oPrY?Pl|Oqyl~r@ZU%ULtDoyMZ$E@@F*Pq9I%H#jk{cZ&g+hxN5 z=f!^>?(JstKby^U{^zrNR+Il(&MTjDgju=eE__tr&U!rf-V-W>bPrk7o ziG95Kr4mMc*b08Bs2}M5ad`atxYIt-PdgM_qArkzA78$*CVe|P>UrZjEX#T@aX<>c zd}X@>@5qLpQcnPia$=r&!!vm&9RSfje{=Cmr2)8o+fZoENkuKM|MB>|AN`q^|FgTF z&HvfiJ6PBMc$Uw?bv;&<)$_2c(mwHY9twMkgV#WSIyMZmeYvq*u1|T5?N2AkXMe#Y zpIBK;C+4WKpQY(N`wId1FbB`2_o(~L^Y6#?Q`Z{mVxRf>A0I{k+df?9e?H4+we>&# ztomQ?FR1@LzV46y%v=Ba&BI*%kNxI){XfTN73+V2n}R;ywg2ZV`xAfW)&E(A6*$lS zYc{j{|L)=T&U*bn$LE=Y{T^*amKLk|tnJ4IOvKWGugW+)abTilKt}6Aw&4EW?#|k{ z`piFN@;_KX-oO6L$^UQeA7tx4VkwBV{C|#5iT`h%)xT6$e_7%EPqSv+d`D#Qc%Cz5 zzl@?uUcBMVoRMvhZ*6>LIrFoxari8f<+D*^mg{;^S%N#l)VyW5mY*xXKJPDHC)ux) z?AJ;5>m>V6Eycm(Tg_@~Tm2zxpZWRUPk;Z*-d;BTYwvJ-9sl(#pOW~m;>%yw zVPLb}b*vw&h4WdbKM+@gkQcCoh0b}LYy70@NRoK`ZLh$F$96h$amt`F? zwhkGKKkJaOb;y`lhm5U5#y(QW*k9qAkae`&I$ExbTb}oRl_g5BmCt*8+sG##L6!`6 zW%sK*Ae8Jc9S->?i=Rsw&+$OkVRTP_sZ8R1StOb+dGO$?W#)KD9(%Qn0>2Kf`*Q}@ zt*@l{Tp|qD@phkSyxm_XBy=5NxQ;MfM;Mky7y^^pg9YLYKeG_MaCI?y^FjT^g7kDP zu~ZXvYsorH@2?)Fw^Hs{2kNcf!e7VhJ@cm|{_l1q9rP{MBma??Km5nM_`ltq?cKfX z{SVuR>-%4x<@5XRjhEui9v^|a8i|4JNDT3KHAb?4tUVGh8?+!AFE?5re01MZ@CNEo zDv*PMh3XrsT}^;F0$YoYE2W`i#F2YNZ&o;cX0ulBez84TaIa^b5e9+b~4nci70NP^&v7hLjtr1lkb00TdP z?GhAKD;@-Dq*L+R#Bywm^1z@fB1wJYN6F|@`v?btTDFG4y4tfZmCktVi($K|gx6IPtTD`_HiU zpBVX+(w!OXgXam=eKw8id6Z{%ti5{hYDGK_fr4_XrBtiv#+649%>eQ^#OI`9El$Wn zNKb-Y){J{3jx~a}QcUwl0uRMeL0S=ZxeH;IM~gwM2%lU%g5~jH5Rb$sKKATMI^cW| zM*bbW`$$wkiWdp8yc8kF3^aa}6iI+Q8tKC0^5w8dKs=VedNbn|mf*4iK##?3c2S-s za4P`xSlkx7dSwY5X8?RWu8YK|EQM<+z{m6ByugyBc(M@KRTju{IL$+; zhTgT6;6;#Dfm}A=1Y1@b%r=c|lSXCs6qH73EI!aQh)1%-%n**nams^vBwl4fHOp)` z2873A(^I^FF({A0DG%qdqPsX^72D!Y;fSBb7boAfPQJfAeSOP;2cjl_6Wih+--x~^ zWN+jZL>d%dq$E6-P6FvxBN0Z}J`4RDk$Ldyi%lP}6t&+(ZM1k-Le%==i_5pC$JfWN zk2@{+yC*7~D=nHZLZ7ktTca=U8ZNy24UOfC|K9qBM^!mNTI3L{d?P|fN?+_C0bKdb z0|?A$DG;2v1DfLf#XT9hMdp8K5rE1!`MO=P9Y-wlE$big~Ut3CL3iT$JOWPQQ&uGX`n2qPKoG@7B(N;4`9A8TJC3wmlHt zzfHVIwNC|FEQ@>lG=q8jbUxng(^9O}>qbC*atK&o0lq38EQ54hLu4N2s$nVmDL_p3 zW8XKbq!dOa%(ip#dYt}g9-qc>)v34f@qERv;67UcU^KCb5c*<8E z&Vgx$95Xn6GWR`Gg(=gA;kP+pibL;Hpt4Qosn#VCs{~X3cB_Az1FJMRl%OTQmce`R zLfk~EFwe#d@lHk~j}ELuQ1E;@t#07iH-5pFRG2`LK0_Ns&Yh4;uZd4m@R!_airpRe zym2KH*kg2(*IX;Yfc1w+>7$LjJ__S(!PjK0Ig~L5uCA}gOaRP_fHSc|5M*YugpF}f zk|Nu*pyhnoQ11tIQtc+e;#h)2O5u3aX#8h*gn_AhK$*eDpoyI<$Ua(&_7-lKYqp)AyAxcl|?he!6PVC4FXd8}6UYVlmmW}hn=O#)X?<3*W)%m0+o z;BoU@Jk6?x;R0& zXONJc8-1`u_*+dJpPkM0u$R<;!=_m0=$ucvbZ_|R63yA<&-Ues{|&Y)r(*J0Z9%w;)flbJ=17nxr%Vp*uT(WiChR{Fut-Ew z{5CIFGHG(gPVoI9;wZDX-Xn zZFY#Y{BO^1-n~w_7twoNF`Hpe4|N`|%qt9dd`!16QtK1*3uh>@tYi4$BU+(nI6tJ! zA}A<(6AuY<9kN3*7RQ26jP;l$PvP>I1&hw0GEkO4Wr@{OFpQ^LJ@Y$z^40SY6dt~M za=m?;tEcoUZY&==H);KO`cGN?e;ow)`0D@j^8cE<&7IwB{r|n4gLVGjb9~hPFrzM8 zVTrW|)o@D`-1YSVi|E;ZmKy^~hNmwHNGkNBeZTmX0p&&Jm&4<8Df3^7K7T%o%KoI= zsClPX@}7|72g4tdJT$x_{II|`5|dFoL%#m{>-g~?d>eQZ-+Z{Pz`w4*zplWq5c=2^ z__OF{-4I6Zr+G1vqCvW1d|`RFwEWDLTU)ZCZdyjq$V)W_zd%{q-e~OgYq&|oJwIP9 z+EkBbQPD~cSgNXMvR&w!v|q z;?r#S!xVuC<$?Gaqif5XV{kCanhYZn!G+j9JUpE7@;9ls26p^s=_ZughUWP4ObGS( zHFHLa%e6j$%hN>#=g~H|Mwh9*J4bDKezsn0u1uAoCgPrsF+i8 zr&9WpoK7X2fu~d{Qa_+baH@i292I=gxqf@q>fD~bHoAO}hhM+^XitABj>=D$!ZKg7 zaaO^`M>*s5C*|2JMYf>Il~pUmthcC;Dke z#X6ID2S2`iWlj2abky_4by$sH_=A;LfBDLG2i}nlJ*A!i6cvts<_*u}opb<1`~1zt zFO>%1_H9Fvi~ita-}p0U{Wo`an%VlVd+YkI&-2OXUHw$Pjj3rB3JP6M zdx<;J^Qk(E$cJLtu!v~*gU%OW-HFP7RYc{sqG8NE(n=&nv7jiq<$U%f-DSgHV9;|A z=3`4kchd`41-WgQ#vTT7bKcsKxIR&()cwrm1B)cHQA1@jriNIfWEK7$R@hKR*}Dx= z8L=f$3f_+|G+1k&EBKVj|Dulp8Rj_9cJYJ{?5T#|9h5?TH{_Yr*^;I z37&DMSm-X8zsR;xnuxgC-Q&c8r@?3NCA2 zn+Om4l*<2Hz22vj|NFW7fA*Sd|IhP$GRs-bImdvQa{meJ1l~K&%^p+Riy^hrXeEsh z%p#l40tJ;bE@~uQt+_X1n zvq(Y*7TpwT+3h4F=i}eC1kaqI)=cvvLD6=*-UM2~uv|%3IfY^ncwF~ z7i0d*bLFenB=CIMxU>R0T=dZG6Z({_e-#M#__II!%(wp!GV8y2xO2E(|IhJRD*rPV zbNjF`-4Y)HHeE!UD+|*6jHC;jwGfCn6()&%+kCi0B2TlSOm|{QZsv=PpSQ%yBX){ z?Ek&}?X3O3(_HI+&+=K){$JQn{H(_P+`y*G_$^i_Y}BKr~mEmALh<~cJ_AH z>;E}Eh3o&)>o2_WKkM}l2&OON5u!4Z&KOo?W8``7D@TIXKsX^CDOS}A%hu#d*5u07 z6lR{6q?V^k`Leu=+O-ieo6jd@=xQfYw6->&i zmn>GfB&E8ht09zDLMUD>aRmf*rAY%=#Fy=bekQmM-%;r;F4r8+EZb z_}2OH>$BErK@aRM+aw?G!Uz1b&-b?o(&jM2OC+K>AXNdl6HL0@65Cr3eb3BsEu+TO z%{ksZxG1rMC5f%UFGlQzDE)A9%s}^~b$*=`Ii5p>g*i?^ec0en_+F9uqgD-<87@rA z`NG3pc+M5nhYdHkUdo268ZI#0%hpw=-MMa^pR`WSj@$3%4t23|RT}(v*VmVqR~Oe8 zCl_aPL1*s9N_0I{8A|+IX>@J3(Y3(%sftRihyQJ446A?8J4MO;8Yy}q*`+S zBv{dFJ#Fn8n*(1n_70SwBZ0_7P9w&!@0 z{;hAlZ~Qi~oH*Y9F-O7k{Qo<<+4zsW?Stmp{(Fv3YLamQIG9t+pXk=2{ra6a!PerETianck*8PyRaCYQ8avy~ukmqTU9|yEK@-I% z5t$mI@&i?8B)>0KTg8%<1f!1U#H4kKyNLsGku|$1m?SP}(O7Yp&a$ODvOucg-=V-7 z!+nXhNCLhv2>smT=ZM6evMW_hOfp6J)+yA=!+K={tQ^p(!z06fV?mKvH(GFz7n+-> zm7b9ssN>fxcRI0wkfF~iJeWalII;(^2Axr?;U6qeYo|(^arYM0`|?jY_pP zKmmmr^aan6IY1Z67DEv4zY0%bTL`?cY@l4f`6#a3yj?ny!geJXrd#jS_ddgTn$PW% z@&6ULCLiC&JpcdUb~gXNxqrB>|NbnW7ymO>!`S?#>*cS35wN}maDe!tDO5FU+li(i z5P1n>q0KK|h}uw!UBP;qQC5?|;N8I(_`|ykmKRp)Ze153!xpb9wTbv*=je-FembyK z7q8fPfaVRLv5AfmQF|}Gz?Vd=rcMZJX#9ASNHo9NhNtk&hd&y9dDn134TDFa?clyp ztBs`9hkvjR6%1?Z8`1Y-IjAl*`?CIJ{K$Uw#pb5{U(KzpVqA{#lzD@MI9-9(PZVb@41rcq9I>=kDwko{{`z`Yu_v3 zFZ|4n|J%vNe{Am_uJiw%<&$0i%-|&^u6QNzf@m;natl5jiQ?@e4=lFALat^qbBqyZ|9+OwH5k2MT)Lq{7d3#<3MQOnJ6vC;aA(VV_-zDs@R3lrMBm@vH}~qHH;C@R zyr#lsba*wiYq+1>%dTVj4fucEcmCV4Z}9-jos3_d)s8#IKh<8hT5oQC{2v?tV?(i; zz#3*(?~bowedA-q>oV|QIsgv`os@k*1p~y;npbG{K{xEnfGqcchlfF^w4SLkwA}#} zU_;fD$769^S>NWcGTRkapa0O&Z>q}-9sEGv+1?~{rotKq68eSa-KjVsF-TzBuiw>0 zd!QfnJsDCV>ydRQi{DRo0l3J)0MuE!cGN(nN`JIDJR4E9oES?z(qjZlzK_lS)7;sw z?e1$3g?(wlihSRF>nu3l)fQj>gPwhxwP=hukT|i^e z&0YAm77xH{0}1O0xF>#AO;EBKBP*HjJk#JK*kqB~bO<7Yo(*8z*Fpuh!lf#3Pow7?JZmB}aUG2Nl^n+b6Qnv~ zsw!?E3DQHml|>hOR9Woak8EJ*m;NcxPFcky3#5NiJ^d(Vk_B{8zy(m zo**13oDEe7ZzX!4vgP>s#F?{VL)UIW3r$aI?Z zp|@k#1<33Y7iSV<`r>_IWOr!=gOmzc94o@(tRQET*bWi~=Veqhx2XTCI^P)_U@#L0 zrIOWWB3sd@D!N|Z#_OEie@=oaF{+RGl)(G=UAlL6;JGw&j_6wy&4U=e!&|3n0J%Q_ zzG$;+TeR`_jP^k5Tr)O^4qR8nIec>!DZU6pxyRY>Ur(*=^t#p!aT16wDBH|&(s{29 zZ1Eaqk}j_b3dCMm<-EJ;7A-ekOP1hksbnI05dmIVh`-y9=S1V-u{cA?p$M)v0;QWl z!=5wgCjy>Es8@eVtXe$|76Uc{GU2(4fk>z{6D!JeKog?Jsz;Y%qq#Ihw6YL{O-X~a zmyqTMVk6rq78|`D-X-Z$+i6<0swy48OCB)ctFtu}7-yz8692T#+$r&cC%({G#7bJM z$(1P_pceKfG^rqwVExE`;m`pKC8L;+VFGR6PsyVZm z2XTn;a>iYI5pvhX8x$rVtg(-n+5>(?)AL@MCIwgUI zQK6)7@s#hVw`R&Jpef>73d-g0p zwo(+36W$*^2GbhD#xuJKVj(&dN*HEa_EIh1*}cF+5hpsJUCB$&POvG4-8sG#$E+^J zyFIpUq0Qn4HZbQE%uvvee|bF#>HZMY&ic^{-Ve~uOp)RYFXUZq3nVDPJfGP5+VdPXpNzS)$qi=@T_sTL*pTQOuL8Tp28U&Af<#b`-4D}p84Hk+tO|W- zXQTD3U7uwDcxBs>?m0w(ft%tm&2BV_VTfU$v=(4jd`}PK&Nyf+Qfe>}9B-rdT$+w^ zkZ3nroV9@Cx{e)=u$wDAp@wsecCjDv`eN-kV1z(UlXDemlbY?AD-e9ya#m(tR*NSC zuDo61j7_ZWcv!S`z|bP=Js@klBvODHeYLxjfMnLkiW;G599YxB?RZvyRl_@J=#c8ZkR=BnO#F=N>eAA^leXU##5dl^VY1F&#gOqh@o;1eBV$J(W!$AYZahc z?vSL~Oh7ecYeC+26?mCe*+}rHUBQX{#C=e7`>|hz_J%NVGTG!)v7irs1p5JdLiOfM z+wBKZmf`D^=6EC>K0rZER@ZQ&+fL%X(v##zGdRb(=Vd>{-4FeVBXYSDW_8g5;Ts2U zCcKn7F@pA*&*536Y=9N^36}jVl5YDc?_`22YY++>!*gnQbmNr}ds8>VE!a`$+$S1o z(RzMyehbLl>eI0S*e%$QRlrzd3e#>?kXyK6(>V;TNy8^(C^yDANmZouwHT-L!lyGV zy22e$s-{Ou`t#iJ>AB16YA8@jDX#RCM8gH%ij{oi$2XG*9gVT>?PIVod4UJ^2g&NG z%FZ+0wq+gGVarcDcuP^^-6VBr8mgm7;ymn7sS!nUIddY_IMgtVUDN8lcfEVCzK7Zx zNV)GYWsdhgqGP<<38d;O@gGsn@k_h;q~m6qJ7Jxsg_L&O*GIV zadT-mWwP>?J{JUdi@u{QTk)e6;8CIBbpdE+$LH#l(bR3o3me!VkpZ$3ACP4Ba=VjFQDw-bw~0@kZKe9+@WN)w%dMkHAidl;t_gq1v6SY*wlL-o;8ja2JRYm4wy){ok1 zN=1OV2mIK+{_f)DTKsr?b#;7x-EMWn#T#*a{*(B=eSZ24LGLp3({_ilvpV$i@%bsH zo{HB0zPxI6I`nt@-Q`)kb!q~`$0rx(r)`Xn=!o|D$=S_m`}}QHyoO#ezVxj9u6+$J zU0+ni^>;1(@=u7zb^H3PRmDYKYoEWlg7;eQTIbi|;tC*Lx31o_t}tngdck++BLG0( zwXROSgI|wdx6j(wJd!u<>vJ5%8-RQ)E|0IS+b1_?$5-O==IZjI12`a|1dQ~ub#e{3 zQg@vev^>6Uo&6+~{K39XTTHedlTDqmI(GJ)O|vj;B-o%Y2h#0V>B7{pYY+HPiLRS9 zgk>JF7# zg`NPf4{Q`9v=Y!hG7eg2isbCdW$`aR079f4;_$>h-Y=H7YAH!?>p4xkFxQ1>W6G? zlk2=M_Ui;u`qHWC5?|E9vAe@wF!iGvS^J_{-zT_|0o5iE&}+NCU2pEt^J(aK!x{`_ zS2YYrSQ`@FBOIrbam{xouqD@q7G81`jqM-+>p*!)u3)g=fkt)XVxCwCgnx~w(2+7D zG_%E5W{V4*2Sq0ZR2o8DswxhEUXwZ;co;!@FNt?-T;4z{>PQ_#^lSeFF3}JB-3gAR zNrSQJDyC^I@;o2{K-}Y#eEZJoO;b+wl*(x8hNwMi)}D|d?!C8Juf=Oh-_w%D7y}Q; zYO^+}5W~2cka*KJm<#w0%wjCM0&nV5^+|}tLG=ODV!OvEm~WY`B`^$qVUKa4kvkb3 zig@!lh9}{R4GwR?l|lh3Fo~85cOdD7uY_e951nJU4%*0yPJ(mvsz&$*&?Jd(jDs3| zZr@)d985ZHgh9(|f{!&XIyFazzOd?O~=tmOJpY9{M6 zW8IN?_yHzB7LR&b=jnMq3&6402mTR@4MxQSapBb@<{@?xlR#1-Rfa0b6-Bf*r)8`P znJGFZsU{#t-aV#BXN(+eGFVQ8uAl(3I%UMM4>&Xxk!P?Mw85o<(N#H{CqH;R#LE#d zqY)OpS4cD+Qs#9X^cN|`Sj%mErE(0KT&JRxqVtQC&Zc$8s%XKlt*cl=M5T@OvudIT zE~E1Cv*%R%c)!uY1Qs5~!^-=_tyKJz*u1_x+0y4kaTp8EJEo`Fpz)|9ij>KN&Lrgs zz!QUrG$ZX?EC`LL3+N{0-AU}q5QAlvIuWL=H_&t>?01$CUZhSR5uDza)60`qiZ;0w zU(%8ECP&;^u0p+^{#iQ;rrNWt1_%av2c=0m3KIJ_4(7%dka8$7S=zxc%vjoi;)Kj? z5#wX;T5P8s^+}YZ3im?zBmr`A0Ut<=y<~n@=YPCF5SxMWR-2t+LnF?M&l*#s$FYzw zVR>P6K)wTvnoRWy3()Jc)&)AS#ZjGDtx5Z`bUo5S_+Wv&-L84=1j8?o3OwnH zE%|CCYcM`w$yZ|-WcpF${8FZ0p&URQo>mUzq&cM@3}C?_328Rf=`k7m$uhH&mbvwi zTFNP}AIb_mzk!CJM`GbO+EZwKVq89j*hOsebtNUeq6n}CkrDxUW&u_*H`dtnj9?4E zvlA9bcy5;MTG=+lK}mG$h>i>KR0c8XS(7+$*1Gd-HVD92qpcK;IUd27HaoC-CQgKb zs&34N7)k1S@QRD^8R}?0O?yy`LG7YGNCY@4mKCfKJX@(MJq>7pMG`h+GgEl?Sm$hH z`+R<`_S`KNUQ=ajhLhnCGl=W+JM z4Q$8Cwp2yXs+mc`F`K59wueF^q5`Q-#9>jv>Pjl`TO*3`b3>18@3#^N8adnWp>{s!`&FSCUYM>b0UYqzTCYdc{b%F-?ZN<8zBD+?%(G*qX z4e>ERgV{g>pau$66&D3ArYbA;HqZ!-bX)=y&kpQLAqEsyqV#aq%XAzxt5bj-p6F=n z)zr{3ld|aCcDFc50SxrX0CakE>T|4X@LonV7MhLxIGIy>TU-myh)eE!rY|v`tIRS; z9OZ#j8--yLhoYjwy#}_r!NRnsD=@sF74-R#Vvt0O<4KnmKyf0&ouuKQ|AkyYcy6bp zSI_LgwP^TsHto@kYvifyN<6boX%n+>!z^(&mvB}=dQ32R3q71O=AkOkNlBcOf~3?N z)8VOf2jw*yQr6GxIiBOH(wvgW2%RpIj*|x?!Ljfkm@ya6sIfLmB+*0#z+ftlkjmIh z1~dk=0B(48z)`q`sxoPkG|$2 zOfr2GTr?V$M-TmvD9Tw152Wm)i#{cfwH;j|k{`K{XGPxWbDo)8tG$0pb2LKZVUNDI zLe0%=1|$cA`aNI(Ij~8?r#+$Yc!3vba%`2hL9@bvc6N`lZzh;<5n(dbgd##nWQKBV zyXv^kjKvFklTbM(*kU2P3zB^1Q^nYS^Sl9jDDbp{Jm6dCnMpV#KgpO`VW|KWZ*Iq1 zi46pd=ofVFK zhiqe-OA6Xc4#RTDvhtwORq9;AQ;1eojWnj6myYl?$5^Dk+|)buR8B8O(lY3fPg>O< zFjH};Y|=d*(1KB>mB4K8@H$T|mnR5w{(G_-!Uh8a92@Ec44333ElEr;VLz_Q#x3&T zYt{mj{yhnQFE+19%qvCDSm|W0>jd8_{fW1h;d!g<8b9dRStF6#1k+OqCz~*pRZ&rY zR<`Qm*ibH6K1C{NFjm_u$DP_DZsyO}zpTlia%eejl=Rj3aM+P|7DXXysv@hi$!7-? zjBIY&78{*ZS2-;rGf~|VeIy)98;8>yfmQ`^JlJm>=p4^pvaDzWR`Xal!wD>{E_#VU zT+}B=Ka*3GQ@fLz7xBW;-h={$hJ{ByRH(GWg41M-TcCHwpe&%mL-hg{uLlvwTsk6>0))l>ws>zl-Wa2q(H%B0$B!MMV+p6JBv}OK(MSg-7dr;M zriWqCc9fV)CK2>m1i1mrUHg6MJKmJeAY3iGlc?*S=OgE4c1q*8FNF^gI*YbdK>G=~ zp;&&w7&3!0(w#BJ0Tc21SjHjX1J#IEBm3)QKNg&pVMtQc2c`Fcen%e6K>@nRV?S^X zh*6y5#0zBkFOOnFovcAHV!p$*H;MGQC&}|M<@AvX>~r_=0;{T98ML<+UTvuIhvuCJ zDu)UHN~&-sWB(|CC769coSh0-`>^iwhhDJ zS222M8z5WP488PLtShj~P%PMXb`mEskk~<-Y{;H|;*VrXmJ@po+8xM48yGevN;E}L zA88D48x8)6IVOM~fN0DLPM(ZEO1qv)Rw?0q3s};P)ddQ_1Nx~vz&xXxlfjwDx08eE z*K?V2lyY;pZGaBE!(!k@M7o`^(@Q?ab2eNa#C!g|8Q^R+$8;Yyc{F7(c~&9nNz8Kc zt8FGxJ(W{%dTAv>^A96xZHoJPhhIWMXau)FZ_mDP9AN7Fd!S!21)cAUDaX4}SNWAq zxrgDwNKSdA880MGW#9yCyLSay!lrQGDl+#qw~FsOo@~& z*mT;;-;V^nV<*Nudi=h`SlE?KN|IAMt#9S8#rtb5-|IrCl$&y#gF9BkrI~M9Px8WT zgM`@AWm&o-Yuv8Dg^c&^hI60_Y;N*uMXZJ zFerv^U4}l0l$|VLe3r)FT`c{bHm!58&_kTm2bW28qadD(kEXk0!VHtK>9$wih|^z_ z>+$7yz?vWvifxbKun=J_7M?3d5Ro!P|G9WiiLslEynQxSVvA*89SRlBB;Yn1MnY=f zS+Spu-~&(=(of)TM5HrA${RLsPF1?fW_ydDky)R#%u@UA?RfIfPAVG&?f_y(2hR$7Z*v3lG|3WsT>_IogFoO470fKaX zAg&_DpSpv!_{%SFhE{hb@U@7%kfYzwFHtNfTsr9UJX8whEGd}{=J&}rV36D|GSZq-$<7<)DtCTI!N@v{Hso|>QJ`ilvtH)s;gu@D!-hT^iB$T zz9KOl1i$MmcgLbLJ!L*meVTL2`;z4GZUfNPidFIlGa!dQC)3McW*yGg*gskct_>9} zs@hGw5x01XTSSTajbB%hj?}jrqA9DAOR7t?v303VcjBXvvS$PR1t0lszD)4(!}GaB zgd$z9CCuk&;jd#-G=%8QV${2*7xZ9pv%Y{JX2D1x>pzE;=A2iC9|tCs>WV_%EjzkK zS)*|0j2U#`q=s#ACN&44udj-$LEz?*eF3Z7+F`<^1FEskZFU^jT{yNlg%|!g*WY-9fe=gQ4YA5H_D-Sn!x|yLl70cI@XV#-_vQK@*;aP+E~75>ur{=%CK@p*@WQ zE^P=A0xyP_>QHMNVTx|P-Y1Q+_>a-6&ylNd{RIIfB_$;#B_$;#B_$;#B_$;#B_$;# aB_$;#B_$;#B_$=Lx1_(xDVRe5_yPbMoZ|QZ diff --git a/ODM/k8s-yaml/.gitkeep b/ODM/k8s-yaml/.gitkeep deleted file mode 100644 index e69de29b..00000000 diff --git a/ODM/k8s-yaml/README.md b/ODM/k8s-yaml/README.md deleted file mode 100644 index 2b00a5dc..00000000 --- a/ODM/k8s-yaml/README.md +++ /dev/null @@ -1,131 +0,0 @@ -# Install IBM Operational Decision Manager with the Kubernetes CLI - -If you prefer to use a simpler deployment process that uses a native Kubernetes authorization mechanism (RBAC) instead of Helm and Tiller, use the Helm command line interface (CLI) to generate a Kubernetes manifest. If you choose to use Kubernetes YAML you cannot use certain capabilities of Helm to manage your deployment. - -Before you install make sure that you have prepared your environment. For more information, see [Preparing to install ODM for production](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_preparing_odmk8s.html) as well as [Customizing ODM for production](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_install_odm.html). - -1. If Helm is not installed in your Kubernetes cluster, install [Helm 2.11.0](/~https://github.com/helm/helm/releases/tag/v2.11.0). - -2. Download the `ibm-odm-prod-2.2.1.tgz` Helm chart. - - [ibm-odm-prod-2.2.1.tgz](../helm-charts/ibm-odm-prod-2.2.1.tgz) for Operational Decision Manager 8.10.2 - If you have not done so yet, follow the instructions to download the IBM Operational Decision Manager images and the loadimages.sh file in [Download PPA and load images](../../README.md#step-2-download-a-product-package-from-ppa-and-load-the-images). - -3. Create a chart YAML template file with the default configuration parameters by using the following command. The `--name` argument sets the name of the release to install. - - ```console - $ helm template \ - --name my-odm-prod-release \ - /path/to/ibm-odm-prod-2.2.1.tgz > generated-k8s-templates.yaml - ``` - -4. Install `my-odm-prod-release` with the default configuration by using the following command. - - ```console - $ kubectl apply -f generated-k8s-templates.yaml - ``` - The package is deployed asynchronously in a matter of minutes, and is composed of several services. - - > **Note**: You can check the status of the pods that you created: - ```console - $ kubectl get pods - NAME READY STATUS RESTARTS AGE - my-odm-prod-release-dbserver-*** 1/1 Running 0 44m - my-odm-prod-release-odm-decisioncenter-*** 1/1 Running 0 44m - my-odm-prod-release-odm-decisionrunner-*** 1/1 Running 0 44m - my-odm-prod-release-odm-decisionserverconsole-*** 1/1 Running 0 44m - my-odm-prod-release-odm-decisionserverruntime-*** 1/1 Running 0 44m - ``` - - The release is an instance of the `ibm-odm-prod` chart. All of the Operational Decision Manager components are now running in a Kubernetes cluster. - - To verify a deployment, go back to the [Post installation steps](../README.md#post-installation-steps). - -## Customize a Kubernetes release of Operational Decision Manager - -Refer to the [ODM for production Certified Kubernetes parameters](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_parameters_prod.html) for a complete list of values that you can configure. - -### To customize the install with --set key=value arguments - -Using Helm, you can specify each parameter with a `--set key=value` argument in the `helm template` command. - -For example: -```console -$ helm template --name my-odm-prod-release \ - --set internalDatabase.databaseName=my-db \ - --set internalDatabase.user=my-user \ - --set internalDatabase.password=my-password \ - /path/to/ibm-odm-prod-2.2.1.tgz -``` - -### To customize the helm install with a YAML file - -It is also possible to use a custom-made .yaml file to specify the values of the parameters when you install the chart. -For example: - -```console -$ helm template --name my-odm-prod-release -f myvalues.yaml /path/to/ibm-odm-prod-2.2.1.tgz -``` - -> **Tip**: Refer to the [`sample-values.yaml`](../configuration/sample-values.yaml) file to find the default values used by the `ibm-odm-prod` chart. - -## Upgrade a release - -1. [Download the latest PPA file from IBM Passport Advantage and load the new images.](../README.md#step-2-download-a-product-package-from-ppa-and-load-the-images) - -2. Delete the odm-test pod - - ```console - $ kubectl delete pod my-odm-prod-release-odm-test - ``` - -3. Create a new chart YAML template file. - - > **WARNING**: You must reuse the same `--set key=value` arguments and/or values.yaml file that were specified during the previous installation or the configuration will be reset to its default values. - - ```console - $ helm template \ - --name my-odm-prod-release \ - --set key=value \ - -f myvalues.yaml \ - /path/to/ibm-odm-prod-2.2.1.tgz > generated-k8s-templates-upgrade.yaml - ``` - -4. Apply this new template in Kubernetes. - - ```console - $ kubectl apply -f generated-k8s-templates-upgrade.yaml - ``` - - > **Note**: The Persistent Volume Claim is not recreated. You can ignore the message: `The PersistentVolumeClaim "my-odm-prod-release-pvclaim" is invalid: spec: Forbidden: is immutable after creation except resources.requests for bound claims` - -5. Verify that the version of Decision Center and the Decision Server console is the new version and they are running on the same URL and port as before. - -6. If your release uses an internal database, go to the `my-odm-prod-release-dbserver` pod and change the `volumeMounts` definition in the deployment YAML file. The following definition is from a previous version. - - ```console - "volumeMounts": [ { - "name": "my-odm-prod-release-ibm-odm-prod-volume", - "mountPath": "/var/lib/postgresql/", - "subPath": "pgdata" } ], - ``` - The definition for chart version 2.2.1 must concatenate the `mountPath` and `SubPath` parameters. - - ```console - "volumeMounts": [ { - "name": "my-odm-prod-release-ibm-odm-prod-volume", - "mountPath": "/var/lib/postgresql/pgdata" } ], - ``` - - > **Caution**: If you do not make this change, historical data from Decision Center and Decision Server is not available in the upgrade. - - After you make the change, restart the pod. - -## Uninstall a Kubernetes release of Operational Decision Manager - -To uninstall and delete a template along with all of the associated releases, use the following command: - -```console -$ kubectl delete -f generated-k8s-templates.yaml -``` - -> **Note**: The command removes all the Kubernetes components associated with the chart, even Persistent Volume Claims (PVCs), which might contain valuable data. diff --git a/ODM/platform/README_Eval_Minikube.md b/ODM/platform/README_Eval_Minikube.md deleted file mode 100644 index 300b71ca..00000000 --- a/ODM/platform/README_Eval_Minikube.md +++ /dev/null @@ -1,72 +0,0 @@ -# Install IBM Operational Decision Manager for developers on Minikube - -IBM Operational Decision Manager for developers can be used on a personal computer to run and evaluate Operational Decision Manager in a single container. - -## Step 1: Install Minikube - -1. Refer to the Kubernetes [documentation](https://kubernetes.io/docs/setup/minikube/#installation) to install Minikube. - -2. Start Minikube with the minimum required CPU and memory. - - ```console - $ minikube start --cpus 4 --memory 4096 - ``` - - > **Note**: If you started a Minikube cluster without these parameters, stop and delete it before restarting it again. - ```console - $ minikube stop - $ minikube delete - $ minikube start --cpus 4 --memory 4096 - ``` - -3. Verify your installation. - - ```console - $ kubectl get nodes - ``` - -## Step 2: Install an Operational Decision Manager for developers release - -Install a release with the default configuration. The name defined in the configuration is `odm-eval-ibm-odm-dev`. - -1. Download the [odm-eval.yaml](../configuration/odm-eval.yaml) descriptor to your computer. - -2. Accept the license and deploy the release by using the following command: - - ```console - $ sed 's/view/accept/' odm-eval.yaml | kubectl create --validate=false -f - - ``` - - The package is deployed in a matter of minutes. - -## Step 3: Verify that the deployment is running - -1. Monitor the pod until it shows a STATUS of *Running* or *Completed*: - - ```console - $ while kubectl get pods | grep -v -E "(Running|Completed|STATUS)"; do sleep 5; done - ``` - -2. When the pod is *Running*, you can access the application with the URL returned by the `minikube service` command. - - ```console - $ minikube service list - - |-------------|----------------------|-----------------------------| - | NAMESPACE | NAME | URL | - |-------------|----------------------|-----------------------------| - | default | kubernetes | No node port | - | default | odm-eval-ibm-odm-dev | http://xxx.xxx.xx.xxx:31074 | - | kube-system | kube-dns | No node port | - |-------------|----------------------|-----------------------------| - ``` - -3. Open the URL named `odm-eval-ibm-odm-dev`. Use odmAdmin/odmAdmin for the user/password. - -## To uninstall the release - -To uninstall and delete the release from the Kubernetes CLI, use the following command: - -```console -$ kubectl delete -f odm-eval.yaml -``` diff --git a/ODM/platform/README_Eval_Openshift.md b/ODM/platform/README_Eval_Openshift.md deleted file mode 100644 index 20783610..00000000 --- a/ODM/platform/README_Eval_Openshift.md +++ /dev/null @@ -1,62 +0,0 @@ -# Install IBM Operational Decision Manager for developers on Red Hat OpenShift - -IBM Operational Decision Manager for developers can be used on a personal computer to run and evaluate Operational Decision Manager in Red Hat OpenShift. - -## Step 1: Install the OpenShift command line interface (CLI) and Helm - -The OpenShift Container Platform CLI exposes commands for managing your applications, as well as lower level tools to interact with each component of your system. Refer to the OpenShift [documentation](https://docs.openshift.com/container-platform/3.11/cli_reference/get_started_cli.html). - -## Step 2: Install an Operational Decision Manager for developers release - -> **Tip**: Storage Persistent Volume (PV) is required to install this evaluation. PV represents an underlying storage capacity in the infrastructure. PV must be created with accessMode ReadWriteOnce and storage capacity of 5Gi or more, before you install ODM. You create a PV in the Admin console or with a .yaml file. - -1. As a developer with a user name of *ODMUSER*, create a project to contain your release by running the following commands: - - ```console - $ oc login --username= - $ oc new-project odmeval - $ oc project odmeval - ``` - - > **Note**: As a privileged user, you must grant access to the privileged SCC to *ODMUSER* and the default Service Account for project odmeval. - > ```console - > $ oc adm policy add-scc-to-user privileged -z default -n odmeval - > $ oc adm policy add-scc-to-user privileged --serviceaccount=default -n odmeval - > ``` - -2. As *ODMUSER*, run the following command to accept the license and install the release: - - ```console - $ sed 's/view/accept/' ./configuration/odm-eval.yaml | oc create -f - - ``` - -## Step 3: Verify that the deployment is running - -1. Monitor the pod until it shows a STATUS of *Running* or *Completed*: - - ```console - $ while oc get pods | grep -E "(Running|Completed|STATUS)"; do sleep 5; done - ``` - -2. When the pod is in *Running* state, you can access the status of your application with the following command: - - ```console - $ oc status - In project odmeval on server https://x.xx.xxx.xx:8443 - - svc/odmeval-ibm-odm-dev (all nodes):30341 -> 9060 - deployment/odmeval-ibm-odm-dev deploys ibmcom/odm:8.10.x.x_2.x.x-amd64 - deployment #1 running for 34 minutes - 1 pod - - 1 info identified, use 'oc status --suggest' to see details. - ``` - -3. You can now expose the service to your users. You can use odmAdmin/odmAdmin for the user/password. - -## To uninstall the release - -To uninstall and delete the release from the Kubernetes CLI, use the following command: - -```console -$ oc delete -f odm-eval.yaml -``` diff --git a/ODM/platform/README_Eval_ROKS.md b/ODM/platform/README_Eval_ROKS.md deleted file mode 100644 index 98d98dcd..00000000 --- a/ODM/platform/README_Eval_ROKS.md +++ /dev/null @@ -1,76 +0,0 @@ -# Install IBM Operational Decision Manager for developers on Red Hat OpenShift on IBM Cloud - -## Before you begin: Create a cluster - -Before you run any install command, make sure that you have created the IBM Cloud cluster and prepared your own environment. - -For more information, see [Installing containers on Red Hat OpenShift by using CLIs](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_prepare_env_ROKS.html). - -## Step 1: Install an Operational Decision Manager for developers release - -> **Tip**: Storage Persistent Volume (PV) is required to install this evaluation. PV represents an underlying storage capacity in the infrastructure. PV must be created with accessMode ReadWriteOnce and storage capacity of 5Gi or more, before you install ODM. You create a PV in the Admin console or with a .yaml file. - -1. Login to your IBM Cloud Kubernetes cluster: - - - Login to [IBM Cloud account](https://www.ibm.com/cloud) and select *Kubernetes* from the menu [hamburger menu icon]. - - Select the cluster and from the cluster details page, click **OpenShift web console**. - - In the OpenShift web console menu bar, click your profile *IAM#user.name@email.com* > *Copy Login Command* and paste the copied `oc login` command into your terminal to authenticate: - ```console - $ oc login https://: --token= - ``` - - > **Note**: As a privileged user, you must grant access to the privileged SCC to *IAM#user.name@email.com* and the default Service Account for project odmeval. - > ```console - > $ oc adm policy add-scc-to-user privileged -z default -n odmeval - > $ oc adm policy add-scc-to-user privileged --serviceaccount=default -n odmeval - > ``` - -2. Create a project to contain your release by running the following commands - ```console - $ oc new-project odmeval - $ oc project odmeval - ``` - -3. Run the following command to accept the license and install the release: - - ```console - $ sed 's/view/accept/' ./configuration/odm-eval.yaml | oc create -f - - ``` - -## Step 2: Verify that the deployment is running - -1. Monitor the pod until it shows a STATUS of *Running* or *Completed*: - - ```console - $ while oc get pods | grep -E "(Running|Completed|STATUS)"; do sleep 5; done - ``` - -2. When the pod is in *Running* state, you can access the status of your application with the following command: - - ```console - $ oc status - In project odmeval on server https://x.xx.xxx.xx:8443 - - svc/odmeval-ibm-odm-dev (all nodes):30341 -> 9060 - deployment/odmeval-ibm-odm-dev deploys ibmcom/odm:8.10.x.x_2.x.x-amd64 - deployment #1 running for 34 minutes - 1 pod - - 1 info identified, use 'oc status --suggest' to see details. - ``` - -3. You can now expose the service to your users using routes: - - ```console - $ oc create route passthrough --service=odmeval-ibm-odm-dev -n odmeval - ``` - > **Note**: For more information, refer to the [Openshift documentation](https://docs.openshift.com/container-platform/3.11/dev_guide/routes.html). - -> **Note**: You can use odmAdmin/odmAdmin for the user/password to access the applications. - -## To uninstall the release - -To uninstall and delete the release from the Kubernetes CLI, use the following command: - -```console -$ oc delete -f odm-eval.yaml -``` diff --git a/ODM/platform/README_Minikube.md b/ODM/platform/README_Minikube.md deleted file mode 100644 index 5fd5fa84..00000000 --- a/ODM/platform/README_Minikube.md +++ /dev/null @@ -1,103 +0,0 @@ -# Install IBM Operational Decision Manager on Minikube - -Before you install make sure that you have prepared your environment. For more information, see [Preparing to install ODM for production](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_preparing_odmk8s.html) as well as [Customizing ODM for production](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_install_odm.html). - -## Step 1: Install Minikube and Tiller - -1. Refer to the Kubernetes [documentation](https://kubernetes.io/docs/setup/minikube/#installation) to install Minikube. - -2. Start Minikube with the minimum required CPU and memory. - - ```console - $ minikube start --cpus 6 --memory 4096 - ``` - - > **Note**: If you started a Minikube cluster without these parameters, stop and delete it before restarting it again. - ```console - $ minikube stop - $ minikube delete - $ minikube start --cpus 6 --memory 4096 - ``` - -3. Verify your installation. - - ```console - $ kubectl get nodes - ``` - -4. Install [Helm 2.9.1](/~https://github.com/helm/helm/releases/tag/v2.9.1). - - > **Note**: Version 2.9.1 is required to use Minikube. - -5. Install Tiller in the Minikube cluster. - - ```console - $ helm init - ``` - -## Step 2: Push and tag the downloaded images in Minikube - -1. Follow the instructions to download the IBM Operational Decision Manager images and the loadimages.sh file in [Download PPA and load images](../../README.md#step-2-download-a-product-package-from-ppa-and-load-the-images). - - > **Note**: **DO NOT** run the loadimages.sh script at this point. - -2. Configure your shell to use the Minikube built-in [Docker daemon](https://kubernetes.io/docs/setup/minikube/#use-local-images-by-re-using-the-docker-daemon). - - ```console - $ eval $(minikube docker-env) - ``` - -3. Use the following command to load and tag the images in the Minikube local repository. - - ```console - $ scripts/loadimages.sh -l -p .tgz -r ibmcom - ``` - -## Step 3: Install a Kubernetes release of Operational Decision Manager - -1. Download the `ibm-odm-prod-.tgz` file. The archive contains the `ODM for production (ibm-odm-prod)` Helm chart. - - [ibm-odm-prod-2.2.1.tgz](../helm-charts/ibm-odm-prod-2.2.1.tgz) for Operational Decision Manager 8.10.2 - -2. Install a release with the default configuration and a name of `my-odm-prod-release` by using the following command: - - ```console - $ helm install --name my-odm-prod-release \ - --set internalDatabase.persistence.useDynamicProvisioning=true \ - /path/to/ibm-odm-prod-.tgz - ``` - - > **Note**: You can also install on Minikube by using Kubernetes YAML. Refer to the [k8s-yaml/README.md](../k8s-yaml/README.md). - -3. The package is deployed asynchronously in a matter of minutes, and is composed of several services. - - > **Note**: You can check the status of the pods that you created: - ```console - $ kubectl get pods - NAME READY STATUS RESTARTS AGE - my-odm-prod-release-dbserver-*** 1/1 Running 0 44m - my-odm-prod-release-odm-decisioncenter-*** 1/1 Running 0 44m - my-odm-prod-release-odm-decisionrunner-*** 1/1 Running 0 44m - my-odm-prod-release-odm-decisionserverconsole-*** 1/1 Running 0 44m - my-odm-prod-release-odm-decisionserverruntime-*** 1/1 Running 0 44m - ``` - -The release is an instance of the `ibm-odm-prod` chart. All of the components are now running in a Kubernetes cluster. - -> **Tip**: List all existing releases with the `helm list` command. - - -## Step 4: Verify that the deployment is running - -When all of the pods are *Running*, you can access the application with the URLs returned by the `minikube service` command. - -```console -$ minikube service list -``` - -## To customize a release - -Refer to the customizing instructions in [helm-charts/README.md](../helm-charts/README.md#customize-a-kubernetes-release-of-operational-decision-manager). - -## To uninstall a release - -Refer to the uninstalling instructions in [helm-charts/README.md](../helm-charts/README.md#uninstall-a-kubernetes-release-of-operational-decision-manager). diff --git a/ODM/platform/README_Openshift.md b/ODM/platform/README_Openshift.md deleted file mode 100644 index 8e6bf2df..00000000 --- a/ODM/platform/README_Openshift.md +++ /dev/null @@ -1,165 +0,0 @@ -# Install IBM Operational Decision Manager on Red Hat OpenShift - -Before you install make sure that you have prepared your environment. For more information, see [Preparing to install ODM for production](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_preparing_odmk8s.html) as well as [Customizing ODM for production](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_install_odm.html). - -## Step 1: Prepare your environment - -As an administrator of the cluster you must be able to interact with your environment. Run the following commands to connect and check your access. - -1. Login to the cluster: - ```console - $ oc login https://:8443 -u - ``` -2. Create a project where you want to install Operational Decision Manager. - ```console - $ oc new-project odmproject - $ oc project odmproject - ``` -3. If you use the internal database you must add privileges to the project. - ```console - $ oc adm policy add-scc-to-user privileged -z default - ``` -4. Check you can run docker. - ```console - $ docker ps - ``` -5. Login to the docker registry with a token. - ```console - $ docker login $(oc registry info) -u -p $(oc whoami -t) - ``` - > **Note**: You can connect to a node in the cluster to resolve the docker-registry.default.svc parameter. - -6. Run a `kubectl` command to make sure you have access to Kubernetes. - ```console - $ kubectl cluster-info - ``` - - -## Step 2: Push and tag the downloaded images in the OpenShift registry - -1. If you have not already done so, follow the instructions to download the IBM Operational Decision Manager images and the loadimages.sh file in [Download PPA and load images](../../README.md#step-2-download-a-product-package-from-ppa-and-load-the-images). - - > **Note**: Change the permissions so that you can execute the script. - > ```console - > $ chmod +x loadimages.sh - > ``` - -2. Use the loadimages.sh script to push the docker images into your registry. - ```console - $ ./loadimages.sh -p .tgz -r docker-registry.default.svc:5000/odmproject - ``` - - > **Note**: The project must have pull request privileges to the registry where the Operational Decision Manager images are loaded. The project must also have pull request privileges to push the images into another namespace/project. - -3. Check whether the images have been pushed correctly to the registry. - ```console - oc get is --all-namespaces - ``` - or - ```console - oc get is -n odmproject - ``` - -## Step 3: Install a Kubernetes release of Operational Decision Manager - -You can do this step without administrator rights. - -1. Download the [ibm-odm-prod-2.2.1.tgz](../helm-charts/ibm-odm-prod-2.2.1.tgz) file. The archive contains the `ODM for production (ibm-odm-prod)` Helm chart. - -2. Install a release with the default configuration and a name of `my-odm-prod-release`. You have 2 options to install Operation Decision Manager on Openshift depending on your security policy. - - * Option 1: Use the helm CLI to generate a template, and then the OpenShift CLI to create a release from the YAML file. - - ```console - $ helm template \ - --name my-odm-prod-release \ - /path/to/ibm-odm-prod-.tgz \ - --set image.repository=docker-registry.default.svc:5000/odmproject/ > odm-k8s.yaml - $ oc create --save-config=true -f odm-k8s.yaml - ``` - - > **Note**: For more information, see [k8s-yaml/README.md](../k8s-yaml/README.md). - - * Option 2: If you installed Tiller on your cluster, you can use a single command from the helm CLI. - - ```console - $ helm install \ - --name my-odm-prod-release \ - /path/to/ibm-odm-prod-.tgz \ - --set image.repository=docker-registry.default.svc:5000/odmproject/ - --tiller-namespace - ``` - - > **Note**: For more information, see [helm-charts/README.md](../helm-charts/README.md). - -3. The package is deployed asynchronously in a matter of minutes, and is composed of several services. - - > **Note**: You can check the status of the pods that you created: - > ```console - > $ kubectl get pods - > NAME READY STATUS RESTARTS AGE - > my-odm-prod-release-dbserver-*** 1/1 Running 0 44m - > my-odm-prod-release-odm-decisioncenter-*** 1/1 Running 0 44m - > my-odm-prod-release-odm-decisionrunner-*** 1/1 Running 0 44m - > my-odm-prod-release-odm-decisionserverconsole-*** 1/1 Running 0 44m - > my-odm-prod-release-odm-decisionserverruntime-*** 1/1 Running 0 44m - > ``` - - The release is an instance of the `ibm-odm-prod` chart. All of the components are now running in a Kubernetes cluster. - -## Step 4: Verify that the deployment is running - -When all of the pods are *Running*, you can access the status of your application with the following command. -```console -$ oc status -In project odm on server https://localhost:8443 - -svc/odm-release-dbserver - xxx.xx.xx.xx:5432 - deployment/odm-release-dbserver deploys docker-registry.default.svc:5000/odmproject/dbserver:8.10.x-amd64 - deployment #1 running for 27 minutes - 1 pod - -svc/odm-release-odm-decisioncenter (all nodes):31070 -> 9453 - deployment/odm-release-odm-decisioncenter deploys docker-registry.default.svc:5000/odmproject/odm-decisioncenter:8.10.x-amd64 - deployment #1 running for 27 minutes - 1 pod - -svc/odm-release-odm-decisionrunner (all nodes):31705 -> 9443 - deployment/odm-release-odm-decisionrunner deploys docker-registry.default.svc:5000/odmproject/odm-decisionrunner:8.10.x-amd64 - deployment #1 running for 27 minutes - 1 pod - -svc/odm-release-odm-decisionserverconsole-notif - xxx.xx.xx:1883 -http://odm-release-odm-decisionserverconsole-odm.xxx.xx.xx.nip.io to pod port decisionserverconsole-https (svc/odm-release-odm-decisionserverconsole) - deployment/odm-release-odm-decisionserverconsole deploys docker-registry.default.svc:5000/odmproject/odm-decisionserverconsole:8.10.x-amd64 - deployment #1 running for 27 minutes - 1 pod - -http://myserver to pod port decisionserverruntime-https (svc/odm-release-odm-decisionserverruntime) - deployment/odm-release-odm-decisionserverruntime deploys docker-registry.default.svc:5000/odmproject/odm-decisionserverruntime:8.10.x-amd64 - deployment #1 running for 27 minutes - 1 pod - -1 info identified, use 'oc status --suggest' to see details. -``` - -You can now expose the service to your users. - -> **Tip**: Refer to [Verify a deployment](../README.md#step-1-verify-a-deployment) post installation step to get the URLs of the services. - -## To customize a release - -Refer to the customizing instructions in [k8s-yaml/README.md](../k8s-yaml/README.md#customize-a-kubernetes-release-of-operational-decision-manager). - -## To uninstall the Helm chart - - * Option 1: To uninstall and delete a release named `my-odm-prod-release` with the OpenShift CLI, use the following command: - - ```console - $ oc delete -f odm-k8s.yaml - ``` - - The `odm-k8s.yaml` is the file you created in step 3: [Install an Operational Decision Manager release](README_Openshift.md#step-3-install-a-kubernetes-release-of-operational-decision-manager). - - * Option 2: To uninstall and delete a release named `my-odm-prod-release` with Helm Tiller, use the following command: - - ```console - $ helm delete my-odm-prod-release --purge --tiller-namespace - ``` - - The command removes all the Kubernetes components associated with the chart, including Persistent Volume Claims (PVCs). diff --git a/ODM/platform/README_ROKS.md b/ODM/platform/README_ROKS.md deleted file mode 100644 index 2bf40b2a..00000000 --- a/ODM/platform/README_ROKS.md +++ /dev/null @@ -1,145 +0,0 @@ -# Install IBM Operational Decision Manager for production on Red Hat OpenShift on IBM Cloud - -## Before you begin: Create a cluster and get access to the container images - -Before you run any install command, make sure that you have created the IBM Cloud cluster and prepared your own environment. You must also create a pull secret to be able to pull your images from a registry. - -For more information, see [Installing containers on Red Hat OpenShift by using CLIs](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_prepare_env_ROKS.html) and [Customizing ODM for production](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_install_odm.html) if you want to customize your ODM release. - -## Step 1: Install a release of Operational Decision Manager - -> **Note**: You can do this step without administrator rights. - -1. Download the [ibm-odm-prod-2.2.1.tgz](../helm-charts/ibm-odm-prod-2.2.1.tgz) file. The archive contains the `ODM for production (ibm-odm-prod)` Helm chart. - -2. Log in to your IBM Cloud Kubernetes cluster. In the OpenShift web console menu bar, click your profile *IAM#user.name@email.com* > *Copy Login Command* and paste the copied command into your command line. - - ```console - $ oc login https://: --token= - ``` - -3. Go to the project that you created for your release in OpenShift. - - ```console - $ oc project - ``` - -4. Install a release with a name of `my-odm-prod-release`. You have 2 options to install Operation Decision Manager on Openshift depending on your security policy. - - In both cases, you might need to increase the default liveness and readiness probes initial delay to prevent premature termination of the pods and reduce unnecessary errors. - - Refer to the documentation to [decide on the file storage configuration](https://cloud.ibm.com/docs/containers?topic=containers-file_storage) or [on block storage configuration](https://cloud.ibm.com/docs/containers?topic=containers-block_storage). Obtain the storage class name for the OpenShift cluster storage, and assign that value as the storageClassName value. You can list all the available storage classes by running the command `kubectl get sc`. - - * **Option 1**: Use the helm CLI to generate a template, and then the OpenShift CLI to create a release from the YAML file. - - ```console - $ helm template \ - --name my-odm-prod-release \ - /path/to/ibm-odm-prod-2.2.1.tgz \ - --set image.repository=/\ - --set image.pullSecrets= \ - --set image.arch=amd64 \ - --set internalDatabase.persistence.storageClassName=ibmc-file-gold \ - --set internalDatabase.persistence.useDynamicProvisioning=true > odm-k8s.yaml - $ oc create --save-config=true -f odm-k8s.yaml - ``` - - > **Note**: For more information, see [k8s-yaml/README.md](../k8s-yaml/README.md). - - * **Option 2**: If you installed Tiller on your cluster, you can use a single command from the helm CLI. - - ```console - $ helm install \ - --name my-odm-prod-release \ - /path/to/ibm-odm-prod-2.2.1.tgz \ - --set image.repository=/,image.pullSecrets= \ - --set image.arch=amd64 \ - --set internalDatabase.persistence.storageClassName=ibmc-file-gold \ - --set internalDatabase.persistence.useDynamicProvisioning=true \ - --tiller-namespace - ``` - - > **Note**: For more information, see [helm-charts/README.md](../helm-charts/README.md). - - The release is composed of several services. You can check the status of the pods that you created. Pod names are always prefixed with the name of the deployment. - - ```console - $ kubectl get pods - NAME READY STATUS RESTARTS AGE - my-odm-prod-release-dbserver-*** 1/1 Running 0 44m - my-odm-prod-release-odm-decisioncenter-*** 1/1 Running 0 44m - my-odm-prod-release-odm-decisionrunner-*** 1/1 Running 0 44m - my-odm-prod-release-odm-decisionserverconsole-*** 1/1 Running 0 44m - my-odm-prod-release-odm-decisionserverruntime-*** 1/1 Running 0 44m - ``` - - All of the components are now running in a Kubernetes cluster. - - The release is an instance of the `ibm-odm-prod` chart. - -## Step 2: Verify the deployment is running - -When all of the pods are *Running*, you can access the status of your application with the following command. -```console -$ oc status -In project odm on server https://localhost:8443 - -svc/odm-release-dbserver - xxx.xx.xx.xx:5432 - deployment/odm-release-dbserver deploys docker-registry.default.svc:5000/odmproject/dbserver:8.10.x-amd64 - deployment #1 running for 27 minutes - 1 pod - -svc/odm-release-odm-decisioncenter (all nodes):31070 -> 9453 - deployment/odm-release-odm-decisioncenter deploys docker-registry.default.svc:5000/odmproject/odm-decisioncenter:8.10.x-amd64 - deployment #1 running for 27 minutes - 1 pod - -svc/odm-release-odm-decisionrunner (all nodes):31705 -> 9443 - deployment/odm-release-odm-decisionrunner deploys docker-registry.default.svc:5000/odmproject/odm-decisionrunner:8.10.x-amd64 - deployment #1 running for 27 minutes - 1 pod - -svc/odm-release-odm-decisionserverconsole-notif - xxx.xx.xx:1883 -http://odm-release-odm-decisionserverconsole-odm.xxx.xx.xx.nip.io to pod port decisionserverconsole-https (svc/odm-release-odm-decisionserverconsole) - deployment/odm-release-odm-decisionserverconsole deploys docker-registry.default.svc:5000/odmproject/odm-decisionserverconsole:8.10.x-amd64 - deployment #1 running for 27 minutes - 1 pod - -http://myserver to pod port decisionserverruntime-https (svc/odm-release-odm-decisionserverruntime) - deployment/odm-release-odm-decisionserverruntime deploys docker-registry.default.svc:5000/odmproject/odm-decisionserverruntime:8.10.x-amd64 - deployment #1 running for 27 minutes - 1 pod - -1 info identified, use 'oc status --suggest' to see details. -``` - -> **Tip**: Refer to [Verify a deployment](../README.md#step-1-verify-a-deployment) post installation step to get the URLs of the services. - -## Step 3: Expose the service to your users by creating routes - -1. From the OpenShift web console menu bar, select *Application console* and select `odmproject` project. - -2. Navigate to the *Routes* page under the *Applications* section and click **Create Route**. - -3. Create a route for each service with *Secure Route* enabled and *TLS Termination* type set to **Passthrough**. - - > **Note**: You can also create the routes using the `oc` CLI. - > ```console - > $ oc create route passthrough --service=my-odm-prod-release-odm-decisioncenter -n odmproject - > ``` - > For more information, refer to the [OpenShift documentation](https://docs.openshift.com/container-platform/3.11/dev_guide/routes.html). - -## To uninstall the Helm chart - - * **Option 1**: To uninstall and delete a release named `my-odm-prod-release` by using the OpenShift CLI, run the following command: - ```console - $ oc delete -f odm-k8s.yaml - ``` - The `odm-k8s.yaml` is the file you created in step 1. - - * **Option 2**: To uninstall and delete a release named `my-odm-prod-release` by using Helm Tiller, run the following command: - - ```console - $ helm delete my-odm-prod-release --purge --tiller-namespace - ``` - The command removes all of the Kubernetes components associated with the chart. - -## To upgrade a release - -Make sure that you have the new images in the container registry that you plan to use for your upgrade, and then refer to the [Upgrade section](helm-charts/README.md#upgrade-a-release) in the helm-charts folder for instructions using Tiller, or the [Upgrade section](k8s-yaml/README.md#upgrade-a-release) in the k8s-yaml folder for instructions on how to use Kubernetes YAML. - diff --git a/README.md b/README.md index 4e8dbcf7..135b616a 100644 --- a/README.md +++ b/README.md @@ -1,120 +1,55 @@ - -# IBM Cloud Pak for Automation 19.0.2 on Certified Kubernetes - -## Introduction - -For information about IBM Cloud Pak for Automation 19.0.x, see [IBM Knowledge Center](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/welcome/kc_welcome_dba_distrib.html). - -The installation of IBM Cloud Pak for Automation software uses Helm charts and Tiller or Kubernetes YAML files. The charts are packages of preconfigured Kubernetes resources that bootstrap a deployment on a Kubernetes cluster. You customize the deployment by changing and adding configuration parameters. - -The repository includes one folder for each application or service. - -| Folder | Product name | Version in 19.0.2 | -|------------ |---------------------------------- |------------- | -| AAE | IBM Business Automation Application Engine | 19.0.2 | -| BACA | IBM Business Automation Content Analyzer | 19.0.2 | -| BAI | IBM Business Automation Insights | 19.0.2 | -| BAS | IBM Business Automation Studio | 19.0.2 | -| AAE | IBM Business Automation Application Engine | 19.0.2 | -| CONTENT | IBM FileNet Content Manager | 5.5.3 | -| NAVIGATOR | IBM Digital Business Navigator | 3.0.6 | -| ODM | IBM Operational Decision Manager | 8.10.2 | -| UMS | User Management Service | 19.0.2 | - -Each folder contains subfolders, which contain instructions and resources to install the Helm charts. - -Installation is supported only on a Certified Kubernetes platform. There are dozens of Certified Kubernetes offerings and more coming to market each year. Cloud Native Computing Foundation (CNCF) has created a Certified Kubernetes Conformance Program, in which most of the leading vendors and cloud computing providers have Certified Kubernetes offerings. Use the following link to determine whether the vendor and/or platform is certified by CNCF https://landscape.cncf.io/category=platform. For more information about nonqualified platforms, see the [support statement for Certified Kubernetes](http://www.ibm.com/support/docview.wss?uid=ibm10876926). - -> **Note**: Use the instructions in the IBM Knowledge Center to help you install the containers on IBM Cloud Private. The support for IBM Cloud Private is deprecated in 19.0.2. For more information, see [Installing products on IBM Cloud Private](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/topics/tsk_install_icp.html). - -## Legal Notice - -Legal notice for users of this repository [legal-notice.md](legal-notice.md). - -## Step 1: Prepare your environment - -Before you install any of the containerized software: - -1. Go to the prerequisites page in the [IBM Cloud Pak for Automation 19.0.x](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_prepare_env_k8s.html) Knowledge Center. -2. Follow the instructions on preparing your environment in the Knowledge Center. - - How much preparation you need to do depends on your environment and how familiar you are with your environment. - -## Step 2: Get access to the container images - - * **Option 1**: Create a pull secret for the IBM Cloud Entitled Registry - - 1. Log in to [MyIBM Container Software Library](https://myibm.ibm.com/products-services/containerlibrary) with the IBMid and password that are associated with the entitled software. - - 2. In the **Container software library** tile, click **View library** and then click **Copy key** to copy the `entitlement_key` to the clipboard. - - 3. Create a pull secret by running a `kubectl create secret` command. - ``` console - $ kubectl create secret docker-registry -n --docker-server=cp.icr.io \ - --docker-username=cp --docker-password="" --docker-email=user@foo.com - ``` - - > **Note**: The `cp.icr.io` and `cp` values for the **docker-server** and **docker-username** parameters must be used. Take a note of the pull secret and the server values so that you can set them to the **pullSecrets** and **repository** parameters when you run the installation for your containers. - - 4. Install the Container Registry plug-in. - ``` console - $ ibmcloud plugin install container-registry -r 'IBM Cloud' - ``` - - 5. Log in to your IBM Cloud account. - ``` console - $ ibmcloud login -a https://cloud.ibm.com - ``` - - 6. Set the region as global. - ``` console - $ ibmcloud cr region-set global - ``` - - 7. List the available images by using the following command. - ``` console - $ ibmcloud cr image-list --include-ibm | grep -i cp4a - ``` - - * **Option 2**: Download the packages from PPA and load the images - - [IBM Passport Advantage (PPA)](https://www-01.ibm.com/software/passportadvantage/pao_customer.html) provides archives (.tgz) for the software. To view the list of Passport Advantage eAssembly installation images, refer to the [19.0.2 download document](http://www.ibm.com/support/docview.wss?uid=ibm10958567). - - 1. Download one or more PPA packages to a server that is connected to your Docker registry. - - 2. Download the [`loadimages.sh`](scripts/loadimages.sh) script from GitHub. - - 3. Log in to the specified Docker registry with the docker login command. - This command depends on the environment that you have. - - > **Note**: If your platform is OpenShift, do NOT run the .sh script to load the images without preparing your environment beforehand. Go to [Step 3](README.md#step-3-go-to-the-relevant-folders-and-follow-the-instructions) and use the instructions in the respective folders. You can then load the images to the Docker registry with the right privileges. - - 4. Run the `loadimages.sh` script to load the images into your Docker registry. Specify the two mandatory parameters in the command line. - - > **Note**: The *docker-registry* value depends on the platform that you are using. - - ``` - -p PPA archive files location or archive filename - -r Target Docker registry and namespace - -l Optional: Target a local registry - ``` - - > The following example shows the input values in the command line. - - ``` - # scripts/loadimages.sh -p /Downloads/PPA/ImageArchive.tgz -r /demo-project - ``` -## Step 3: Go to the relevant folders and follow the instructions - -You can install software on a certified Kubernetes platform with the Helm command line interface (CLI) or the kubectl command line interface (CLI). Use the following links to go to the instructions for the software that you want to install. -> **Note**: UMS must be installed before Business Automation Studio if you want to use the service. - -- [Install the User Management Service](UMS/README.md) -- [Install IBM Business Automation Application Engine](AAE/README.md) -- [Install IBM Business Automation Content Analyzer](BACA/README.md) -- [Install IBM Business Automation Insights](BAI/README.md) -- [Install IBM Business Automation Studio](BAS/README.md) -- [Install IBM FileNet Content Manager](CONTENT/README.md) -- [Install IBM Business Automation Navigator](NAVIGATOR/README.md) -- [Install IBM Operational Decision Manager](ODM/README.md) - +# IBM Cloud Pak for Automation 19.0.3 on Certified Kubernetes + +## Introduction + +The repository includes folders and resources to help you install the Cloud Pak software. The following software can be managed by the Cloud Pak operator. + + +| Folder | Component name | Version in 19.0.3 | +| :--- | :--- | ---: | +| AAE | IBM Business Automation Application Engine | 19.0.3 | +| ACA | IBM Business Automation Content Analyzer | 19.0.3 | +| ADW | IBM Automation Digital Worker | 19.0.3 | +| BAI | IBM Business Automation Insights | 19.0.3 | +| BAN | IBM Business Automation Navigator | 3.0.7 | +| BAS | IBM Business Automation Studio | 19.0.3 | +| FNCM | IBM FileNet Content Manager | 5.5.4 | +| IAWS | IBM Automation Workstream Services | 19.0.3 | +| ODM | IBM Operational Decision Manager | 8.10.3 | +| UMS | User Management Service | 19.0.3 | + +The following table shows dependencies between the components. A mandatory component is indicated in each column with an "M". Optional installation is indicated with an "O". + +| | ACA needs | ADW needs | BAN needs | BAS needs | FNCM needs | IAWS needs | ODM needs | +| :--- | :---: | :---: | :---: | :---: | :---: | :---: | :---: | +| AAE | | | | M(8,9) | | M(8) | | +| ACA | - | O(6) | | | | | | +| BAI | | O(3) | | | O(3) | | O(3) | +| BAN | | | - | | M(7) | M(7) | | +| BAS | M(4) | M(2,4) | | - | | M(4) | O(2,5) | +| FNCM | | | | | - | M(CMIS/CPE only) | | +| ODM | | O(6) | | | | | - | +| UMS | M(1) | M(1) | O(1) | M(1) | O(1) | M(1) | | + +The type of integration is indicated with the following numbers: + +| 1. SSO/Authentication | 4. Designer integration in Studio | 7. Runtime view | +| :--- | :--- | :--- | +| **2. Registration to Resource Registry** | **5. Toolkit for App designer**  | **8. App execution** | +| **3. Event emitter/dashboard** | **6. Skill execution** | **9. Test and deploy** | + +## Choose your platform and follow the instructions + +Use the following links to go to the platform on which you want to install. On each platform you must configure some manifest files that set up your cluster and the operator. You can then select and add configuration parameters for the software that you want to install in a custom resources (.yaml) file. + +- [Managed Red Hat OpenShift on IBM Cloud Public](platform/roks/README.md) +- [Red Hat OpenShift](platform/ocp/README.md) +- [Other Certified Kubernetes platforms](platform/k8s/README.md) + +Installation is supported only on Certified Kubernetes platforms. Cloud Native Computing Foundation (CNCF) has created a Certified Kubernetes Conformance Program, in which most of the leading vendors and cloud computing providers have Certified Kubernetes offerings. Use the following link to determine whether the vendor and/or platform is certified by CNCF https://landscape.cncf.io/category=platform. For more information about nonqualified platforms, see the [support statement for Certified Kubernetes](http://www.ibm.com/support/docview.wss?uid=ibm10876926). + +> **Note**: Support to install on IBM Cloud Private with the Business Automation Configuration Container is removed in 19.0.3. You can use the Certified Kubernetes instructions to install the automation containers on this platform. + +## Legal Notice + +Legal notice for users of this repository [legal-notice.md](legal-notice.md). diff --git a/UMS/README.md b/UMS/README.md deleted file mode 100644 index dbd79c67..00000000 --- a/UMS/README.md +++ /dev/null @@ -1,76 +0,0 @@ -# Install User Management Service 19.0.2 on Certified Kubernetes -You can use the User Management Service (UMS) option to provide users of multiple applications with a single sign-on experience. - -You can also use UMS to provide a common login page for all IBM Cloud Pak for Automation web applications. If you have multiple deployments, users can have a single sign-on experience when they interact with more than one of them. - -Because Cloud Pak for Automation combines several technologies and runtime servers in your virtual cloud-based environments, UMS helps you manage this complexity by consolidating aspects of user management in a single place. - -## Planning your installation - -| Environment size | CPU Minimum (m) | Memory Minimum (Mi) | recommended number of pods | -| ---------- | ----------- | ------------------- | -------------------------- | -| Small | 500 | 512 | 2 | -| Medium | 1000 | 1024 | 2 | -| Large | 2000 | 2048 | 3 | - -### Prerequisites -1. A database -1. Certificates for HTTPS and signing of identity tokens -1. Kubernetes secrets that contain the credentials to access the database, UMS system account, keystores, etc. -1. Persistent volume [optional] to host JDBC drivers, truststores, custom binaries - -### Installation options -* with Tiller - which is the typical option for ICP -* without Tiller - which is the typical option for OpenShift - -### Secure Deployment Guidelines -* JDBC over TLS, see "Db2 SSL Configuration" in the helm chart readme -* LDAP over TLS, see [Secure LDAP](configuration/secure-ldap.md) -* Account lockout policies and password complexity rules must be configured in LDAP for end user accounts. The built-in basic user registry for system accounts does not support such policies. User Management Service connects to your LDAP server which manages end user credentials (userids and passwords). It is expected that the LDAP bind user for connecting to LDAP has read-only permissions. Locking accounts in LDAP is therefore only possible by implementing an account lockout policy in LDAP. -Because User Management Service is just one out of many applications connecting to LDAP, locking accounts upon a number of failed login attempts has little value: attackers can just switch to another application to continue probing. -* Encrypted file system: It is recommended to host persistent volumes and database storage on encrypted file system (see "Database Requirements" in the helm chart readme) -* RBAC for operations: Installing UMS in IBM Cloud Private requires the `Administrator` role for the given namespace in order to create and assign RBAC roles. For daily operations, the `Editor` role is sufficient to scale up and down as well as viewing logs and modifying configuration. On other kubernetes platforms, it is also recommended to create a RBAC role for daily operations - avoiding `kubectl exec ...` permissions in daily operations. - -## Prepare your environment -1. Download and initialize command line interfaces: - * kubectl - * cloudctl for ICP - * helm for ICP - * oc for OpenShift -2. Create a database -1. Create a namespace `kubectl create namespace` -1. Create an image pull secret `kubectl create secret docker-registry ums-pull-secret1 --docker-server=myregistry:port --docker-username=dockeruser --docker-password=dockerpassword` -1. Create a TLS certificate for UMS pod HTTPS communication `openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt` and store them in a secret `kubectl create secret tls ibm-dba-ums-tls --key=tls.key --cert=tls.crt` -1. Create a TLS certificate for signing identity tokens `openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout jwt.key -out jwt.crt` and store them in a secret `kubectl create secret tls ibm-dba-ums-jwt --key=jwt.key --cert=jwt.crt` -1. Create secrets for system account credentials, see sample [ums-secret.yaml](configuration/ums-secret.yaml) -1. Create a secret for sensitive configuration (such as LDAP bind password), see [secure LDAP](configuration/secure-ldap.md) -1. Create a persistent volume to host JDBC drivers, truststores and custom binaries, see [Db2 HADR](configuration/db2-hadr.md) -1. Load docker images into your docker registry as described in [Download PPA and load images](../README.md#step-2-download-a-product-package-from-ppa-and-load-the-images) - -## Customize the installation -1. In a shell, extract the downloaded package -```bash -tar -xvf ibm-dba-ums-prod-1.0.0.tgz -``` -1. Review `values.yaml` and create an environment specific `myvalues.yaml` file to override defaults where necessary and to specify values for settings without defaults. Review `README.md` inside the helm chart for more details on the individual settings. - -## Option 1: With Tiller (for ICP) -`helm install --tls -n -f ibm-dba-ums-prod-1.0.0.tgz` - -## Option 2: Without Tiller (for OpenShift) -```bash -rm -rf yamls ; mkdir yamls ; helm template -n cp4aums1 -f helmvalues.yaml ../../ibm-dba-ums-prod/ --output-dir yamls -kubectl apply -f ./yamls/ -R -``` - -## Specific k8s env -* Sample for [Openshift](platform/README-openshift.md) -* Sample for [Openshift on IBM Cloud](platform/README-ROKS.md) -* Sample for [IBM Cloud Private](platform/README-icp.md) -* Sample for [Minikube](platform/README-minikube.md) - -# Verify -Use the host of this ingress to access https:///ums to view the login page. - -# Configuration -Configuration can be applied during installation by editing the values.yaml file. See the helm chart readme for details on the various settings. There are also samples in the [configuration folder](configuration). diff --git a/UMS/README_config.md b/UMS/README_config.md new file mode 100644 index 00000000..d3cd49dd --- /dev/null +++ b/UMS/README_config.md @@ -0,0 +1,237 @@ +# Configuring User Management Service 19.0.3 + +These instructions cover the configuration of the User Management Service. +You need a copy of the custom resources YAML file that you created previously. + + +## Planning UMS installation + +| Environment size | CPU Minimum (m) | Memory Minimum (Mi) | recommended number of pods | +| ---------- | ----------- | ------------------- | -------------------------- | +| Small | 500 | 512 | 2 | +| Medium | 1000 | 1024 | 2 | +| Large | 2000 | 2048 | 3 | + + +## Prerequisites + +Make sure in `shared_configuration` you specified the configuration parameter `sc_deployment_platform`. +If you deploy on Red Hat OpenShift, specify + +```yaml +spec: + shared_configuration: + sc_deployment_platform: OCP +``` + +otherwise specify + +```yaml +spec: + shared_configuration: + sc__deployment_platform: !OCP +``` + + +## Step 1: Generate UMS secret and DB secret +If you are using Db2 or Oracle create the OAuth database, e.g. `UMSDB`. + +To avoid passing sensitive information via configuration files, you must create two secrets manually before you deploy UMS. +Copy the following as ums-secret.yaml, then edit it to specify the required user identifiers and passwords. + +**Note:** The sample below includes sample values for passwords. For `ibm-dba-ums-secret` choose passwords that reflect your security requirements. +For `ibm-dba-ums-db-secret` specify user identifiers and passwords you configured for your OAuth database. + +**Note:** Team Server is an experimental internal component that has been in the User Management Service since 19.0.2. +`ibm-dba-ums-secret` and `ibm-dba-ums-db-secret` must include Team Server parameters, as described below. + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: ibm-dba-ums-secret +type: Opaque +stringData: + adminUser: "umsadmin" + adminPassword: "password" + sslKeystorePassword: "sslPassword" + jwtKeystorePassword: "jwtPassword" + teamserverClientID: "ts" + teamserverClientSecret: "tsSecret" + ltpaPassword: "ltpaPassword" +--- +apiVersion: v1 +kind: Secret +metadata: + name: ibm-dba-ums-db-secret +type: Opaque +stringData: + oauthDBUser: "db2inst1" + oauthDBPassword: "!Passw0rd" + tsDBUser: "db2inst1" + tsDBPassword: "!Passw0rd" +``` + +| Parameter | Description | +| ------------------------------- | --------------------------------------------- | +| `adminUser` | User ID of the UMS admin user to create | +| `adminPassword` | Password for the UMS admin user | +| `sslKeystorePassword` | Password for the internal UMS SSL keystore | +| `jwtKeystorePassword` | Password for the internal UMS JWT keystore | +| `teamserverClientID` | Experimental: ID for the Team Server's OIDC client | +| `teamserverClientSecret` | Experimental: Secret for the Team Server's OIDC client | +| `ltpaPassword` | Password for the internal UMS LTPA key | +| `oauthDBUser` | User ID for the OAuth database | +| `oauthDBPassword` | Password for the OAuth database | +| `tsDBUser` | Experimental: User ID for the Team Server database | +| `tsDBPassword` | Experimental: Password for the Team Server database | + +Only specify the database settings if you are not using the internal derby database. +The derby database can only be used for a deployment with one UMS pod in test scenarios. + +Apart from the database values that relate to your specific database setup, you can choose all secret values freely. + +After modifying the values, save ums-secret.yaml and create the secrets by running the following command + +```bash +oc create -f ums-secret.yaml +``` + +**Note:** `ibm-dba-ums-secret` and `ibm-dba-ums-db-secret` are passed to the Operator +by specifying corresponding properties in the `ums_configuration` section, as described in the following steps. + + +## Step 2: Configure the UMS datasource +In the section `dc_ums_datasource` adjust database configuration parameters. + +```yaml +datasource_configuration: + dc_ums_datasource: # credentials are read from ums_configuration.db_secret_name + # oauth database config + dc_ums_oauth_type: db2 # derby (for test), db2 or oracle + dc_ums_oauth_host: + dc_ums_oauth_port: 50000 + dc_ums_oauth_name: UMSDB + dc_ums_oauth_ssl: false + dc_ums_oauth_ssl_secret_name: + dc_ums_oauth_driverfiles: + dc_ums_oauth_alternate_hosts: + dc_ums_oauth_alternate_ports: +``` + +For information about UMS configuration parameters and their default values, see +(UMS Database Configuration Parameters)(http://engtest01w.fr.eurolabs.ibm.com:9190/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/ref_ums_params_database.html) + + +## Step 2a (optional): Configure database failover servers + +To cover the possibility that the primary server is unavailable during the initial connection attempt, you can configure a list of failover servers, as described in [Configuring client reroute for applications that use DB2 databases](https://www.ibm.com/support/knowledgecenter/en/SSEQTP_liberty/com.ibm.websphere.wlp.doc/ae/twlp_config_reroute_db2.html). + +In the custom resources YAML file, provide a comma-separated list of failover servers and failover ports. +For example, if there are two failover servers +* server1.db2.company.com on port 50443 +* server2.db2.company.com on port 51443 + +in `dc_ums_datasource section` specify: +```yaml +datasource_configuration: + dc_ums_datasource: + ... + dc_ums_oauth_alternate_hosts: "server1.db2.company.com, server2.db2.company.com" + dc_ums_oauth_alternate_ports: "50443, 51443" +``` + + +## Step 2b (optional): Configure SSL between UMS and Db2 +To ensure that all communications between UMS and Db2 are encrypted, import the database CA Certificate to UMS and create a secret to store the certificate: + +``` +oc create secret generic ibm-dba-ums-db2-cacert --from-file=cacert.crt= +``` + +**Note:** The certificate must be in PEM format. Specify the `` to point to the certificate file. Do not change the part `--from-file=cacert.crt=`. + +Use the generated secret to configure the Db2 SSL parameters in the custom resources YAML file: +```yaml +datasource_configuration: + dc_ums_datasource: + ... + dc_ums_oauth_ssl_secret_name: ibm-dba-ums-db2-cacert + dc_ums_oauth_ssl: true +``` + + +## Step 3: Configure LDAP + +In section `ldap_configuration`, adapt the LDAP configuration parameter values to match your LDAP server. + +For information about LDAP configuration parameters and sample values refer to +[Configuring the LDAP and user registry](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_k8s_ldap.html). + + +## Step 4: Configure UMS +In section `ums_configuration` adapt the UMS-specific configuration + +```yaml + ums_configuration: + existing_claim_name: + replica_count: 2 + service_type: Route + hostname: + port: 443 + images: + ums: + repository: cp.icr.io/cp/cp4a/ums/ums + tag: 19.0.3 + admin_secret_name: ibm-dba-ums-secret + db_secret_name: ibm-dba-ums-db-secret + external_tls_secret_name: ibm-dba-ums-external-tls-secret + external_tls_ca_secret_name: ibm-dba-ums-external-tls-ca-secret + oauth: + client_manager_group: + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 200m + memory: 256Mi + ## Horizontal Pod Autoscaler + autoscaling: + enabled: true + min_replicas: 2 + max_replicas: 5 + target_average_utilization: 98 + use_custom_jdbc_drivers: false + use_custom_binaries: false + custom_secret_name: + custom_xml: + logs: + console_format: json + console_log_level: INFO + console_source: message,trace,accessLog,ffdc,audit + trace_format: ENHANCED + trace_specification: "*=info" +``` + +For information about UMS configuration parameters and their default values, see +(UMS Configuration Parameters)[http://engtest01w.fr.eurolabs.ibm.com:9190/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_ums_params_ums.html] + + +## Step 4a (optional): Configure secure communication with UMS + +See [Configuring secure communication with UMS](README_config_SSL.md) + +## Step 5: Complete the installation + +Return to the appropriate install or update page to configure other components and complete the deployment with the operator. + +Install pages: + - [Managed OpenShift installation page](../platform/roks/install.md) + - [OpenShift installation page](../platform/ocp/install.md) + - [Certified Kubernetes installation page](../platform/k8s/install.md) + +Update pages: + - [Managed OpenShift installation page](../platform/roks/update.md) + - [OpenShift installation page](../platform/ocp/update.md) + - [Certified Kubernetes installation page](../platform/k8s/update.md) \ No newline at end of file diff --git a/UMS/README_config_SSL.md b/UMS/README_config_SSL.md new file mode 100644 index 00000000..45bbc55a --- /dev/null +++ b/UMS/README_config_SSL.md @@ -0,0 +1,85 @@ +# Configuring secure communications with UMS +To reach UMS from outside of the kubernetes cluster, +the client (e.g. a browser or a programmatic client) connects to ums-route that is created during UMS deployment. +ums-route, in turn, communicates with the ums-service that load balances between UMS pods. + +![UMS in k8s](images/ums-in-k8s.jpg) + +To ensure that sensitive information is protected in transit when communicating with UMS pods, you must setup secure communications. +This documentation describes the different options and provides instructions on how to configure a secure communication with UMS pods. + +## Option 1 - Without an external certificate + +In a test environment, you might only want to test features and functions and might not want to deal with certificates. +In this case, do not specify values for `external_tls_secret_name` and `external_tls_ca_secret_name` in the Custom Resource YAML file (or just omit these parameters): + +```yaml +ums_configuration: + ... + external_tls_secret_name: + external_tls_ca_secret_name: +``` + +By using this configuration option, `root_ca_secret` is used to generate an internal TLS secret + for the pod and an external TLS secret for the ums-route. + + ![No customer-provided certificate](images/option1.jpg) + +**Note:** If you do not provide a self-signed root CA in the `shared_configuraiton` section of the Custom Resource YAML file, `root_ca_secret` is automatically generated by the Operator with a self-signed root CA. + + +## Option 2 - Customer-provided external certificate + +In a production environment, communications are secured by using a TLS certificate. +In this case, you must provide an external certificate that is signed by an external certificate authority (CA) that is trusted by your clients. + +**Note:** You can also generate a certificate using openssl, see section [Creating TLS certificates using openssl](#Creating-TLS-certificates-using-openssl) + +Generate a secret (`ibm-dba-ums-external-tls-secret`) to include the key and the external certificate. +``` +oc create secret tls ibm-dba-ums-external-tls-secret --key=tls.key --cert=tls.crt +``` + +Generate a secret (`ibm-dba-ums-external-tls-ca-secret`) to include any number of signer certificates that are necessary to trust the external certificate. +This can be required if your external certificate was cross-signed by a second certificate authority or if the tls.crt file does not include ALL certificates of +its certification chain. +``` +oc create secret generic ibm-dba-ums-external-tls-ca-secret --from-file=cacert.crt= +``` + +Provide both secrets to the Operator in the `ums_configuration` section of the Custom Resource YAML file: +```yaml +ums_configuration: + ... + external_tls_secret_name: ibm-dba-ums-external-tls-secret + external_tls_ca_secret_name: ibm-dba-ums-external-tls-ca-secret +``` + +**Note:** If the signer certificate is chained in the external certificate, `ibm-dba-ums-external-tls-ca-secret` is not required, and you should leave this parameter empty: +```yaml +ums_configuration: + ... + external_tls_secret_name: ibm-dba-ums-external-tls-secret + external_tls_ca_secret_name: +``` + +By using this configuration option, the customer-provided external certificate is used as the ums-route certificate. +The Operator generates a certificate for the UMS pod, signed with the `root_ca_secret`. +Signer certificates are configured for the `ums-route`, so that clients can trust the `ums-route`. + + ![Customer-provided certificate](images/option2.jpg) + +### Creating TLS certificates using openssl + +You can create a TLS certificate signing request by executing OpenSSL. Note that the final certificate should have a `Subject Alternative Names` (SAN) value that matches the hostname. Many certificate authorities allow you to specify SANs during the ordering process, otherwise you must provide the SAN directly in the certificate signing request (CSR). +``` +openssl req -new -newkey rsa:2048 -subj "/CN=UMS" -extensions SAN -days 365 -nodes -out ums.csr -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:ums.mycluster.com")) +``` + +Two files are generated: a private key (privkey.pem) and a certificate signing request that can be sent to your certificate authority for sigining. +Use the private key and your certificate authority's response to generate the secret `ibm-dba-ums-external-tls-secret`. +If the response from your certificate authority does not include all certificates from its signing chain, you can provide them in `ibm-dba-ums-external-tls-ca-secret` + +## Continue with the UMS configuration + +Continue with the UMS configuration: [README_config.md](README_config.md) diff --git a/UMS/README_migrate.md b/UMS/README_migrate.md new file mode 100644 index 00000000..7d770418 --- /dev/null +++ b/UMS/README_migrate.md @@ -0,0 +1,82 @@ +# Migrate User Management Service configuration from 19.0.2 to 19.0.3 + + +The following table maps User Management Service configuration parameters that were used in the +19.0.2 helm chart to config parameters in the Custom Resource YAML file you use in Cloud Pak for Automation 19.0.3. + +## Datasource configuration parameters + +| Helm Chart parameters in 19.0.2 | Custom Resource parameter in 19.0.3 | Comment | +| ------------------------------- | ----------------------------------------------------------------------------------- | -------------------- | +| oauth.database.type | datasource_configuration.dc_ums_datasource.dc_ums_oauth_type | | +| oauth.database.host | datasource_configuration.dc_ums_datasource.dc_ums_oauth_host | | +| oauth.database.port | datasource_configuration.dc_ums_datasource.dc_ums_oauth_port | | +| oauth.database.name | datasource_configuration.dc_ums_datasource.dc_ums_oauth_name | | +| oauth.database.ssl | datasource_configuration.dc_ums_datasource.dc_ums_oauth_ssl | | +| oauth.database.sslSecretName | datasource_configuration.dc_ums_datasource.dc_ums_oauth_ssl_secret_name | | +| oauth.database.driverfiles | datasource_configuration.dc_ums_datasource.dc_ums_oauth_driverfiles | | +| oauth.database.alternateHosts | datasource_configuration.dc_ums_datasource.dc_ums_oauth_alternate_hosts | | +| oauth.database.alternatePorts | datasource_configuration.dc_ums_datasource.dc_ums_oauth_alternate_ports | | + + +## UMS docker images + +| Helm Chart parameters in 19.0.2 | Custom Resource parameter in 19.0.3 | Comment | +| ------------------------------- | ------------------------------------------------------------------------------ | -------------------- | +| images.ums | ums_configuration.images.ums.repository, ums_configuration.images.ums.tag | In 19.0.2 the tag was appended to the repository link | +| images.initTLS | shared_configuration.images.keytool_init_container.repository, shared_configuration.images.keytool_init_container.tag | In 19.0.2 the tag was appended to the repository link | +| images.ltpa | shared_configuration.images.keytool_job_container.repository, shared_configuration.images.keytool_job_container.tag | In 19.0.2 the tag was appended to the repository link | +| images.pullPolicy | shared_configuration.images.pull_policy | + + +## LDAP configuration + +In 19.0.2 LDAP was configured by providing Liberty server LDAP configuration using the customXML parameter. +In 19.0.3 specify the LDAP configuration parameters in `ldap_configuration`. +For information about LDAP configuration parameters and sample values refer to [Configuring the LDAP and user registry](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.ref/k8s_topics/ref_k8s_ldap.html). + + +## UMS configuration parameters + +| Helm Chart parameters in 19.0.2 | Custom Resource parameter in 19.0.3 | Comment | +| ------------------------------- | ----------------------------------------------| -------------------- | +| global.existingClaimName | ums_configuration.existing_claim_name | | +| global.isOpenShift | shared_configuration.sc_deployment_platform | | +| global.imagePullSecrets | shared_configuration.image_pull_secrets | | +| global.ums.serviceType | ums_configuration.service_type | | +| global.ums.hostname | ums_configuration.hostname | | +| global.ums.port | ums_configuration.port | | +| global.ums.adminSecretName | ums_configuration.admin_secret_name | | +| global.ums.dbSecretName | ums_configuration.db_secret_name | | +| global.ums.ltpaSecretName | | removed, secret is generated in 19.0.3 | +| tls.tlsSecretName | | removed, secret is generated in 19.0.3 | +| | ums_configuration.external_tls_secret_name | new parameter in 19.0.3 | +| | ums_configuration.external_tls_ca_secret_name | new parameter in 19.0.3 | +| oauth.clientManagerGroup | ums_configuration.oauth.client_manager_group | | +| resources.limits.cpu | ums_configuration.resources.limits.cpu | | +| resources.limits.memory | ums_configuration.resources.limits.memory | | +| resources.requests.cpu | ums_configuration.resources.requests.cpu | | +| resources.requests.memory | ums_configuration.resources.requests.memory | | +| useCustomJDBCDrivers | ums_configuration.use_custom_jdbc_drivers | | +| useCustomBinaries | ums_configuration.use_custom_binaries | | +| customSecretName | ums_configuration.custom_secret_name | | +| logs.tracespefication | ums_configuration.logs.trace_specification | | +| logs.consoleFormat | ums_configuration.logs.console_format | | +| logs.consoleLogLevel | ums_configuration.logs.console_log_level | | +| logs.consoleSource | ums_configuration.logs.console_source | | +| logs.traceFormat | ums_configuration.logs.trace_format | | +| replicaCount | ums_configuration.replica_count | | +| autoscaling.enabled | ums_configuration.autoscaling.enabled | | +| autoscaling.minReplicas | ums_configuration.autoscaling.min_replicas | | +| autoscaling.maxReplicas | ums_configuration.autoscaling.max_replicas | | +| autoscaling.targetAverageUtilization | ums_configuration.autoscaling.target_average_utilization | | +| resources.limits.cpu | ums_configuration.resources.limits.cpu | | +| resources.limits.memory | ums_configuration.resources.limits.memory | | +| resources.requests.cpu | ums_configuration.resources.requests.cpu | | +| resources.requests.memory | ums_configuration.resources.requests.memory | | +| customXml | ums_configuration.custom_xml | for LDAP parameters use ldap_configuration to configure LDAP | +| customSecretName | ums_configuration.custom_secret_name | | +| useCustomBinaries | ums_configuration.use_custom_binaries | | + + +Once you understand how the helm configuration parameters map to the parameters in the Custom Resource YAML file, continue with the [UMS configuration](README_config.md) diff --git a/UMS/configuration/db2-hadr.md b/UMS/configuration/db2-hadr.md deleted file mode 100644 index 232f0355..00000000 --- a/UMS/configuration/db2-hadr.md +++ /dev/null @@ -1,43 +0,0 @@ -# Database high availability -The User Management Service (UMS) requires a database. If you use Db2 as your database, you can configure high availability by setting up [HADR](https://www.ibm.com/support/knowledgecenter/SSEPGG_11.5.0/com.ibm.db2.luw.admin.ha.doc/doc/c0011267.html) for your database. -This configuration ensures that UMS automatically retrieves the necessary failover server information upon initial connection to the database. If the primary server becomes unavailable, UMS fails over to a secondary Db2 server. - -To cover the possibility that the primary server is unavailable during the initial connection attempt, you can configure a list of failover servers, as described in [Configuring client reroute for applications that use DB2 databases](https://www.ibm.com/support/knowledgecenter/en/SSEQTP_liberty/com.ibm.websphere.wlp.doc/ae/twlp_config_reroute_db2.html). - -In `myvalues.yaml`, provide a comma-separated list of failover servers and failover ports. For example, if there are two failover servers -* server1.db2.customer.com on port 50443 -* server2.db2.customer.com on port 51443 -you can specify these hosts and ports in `myvalues.yaml` as follows: - -```yaml -... -# UMS OAuth config -oauth: - database: - type: db2 - name: umsdb - host: primary.db2.customer.com - port: 50443 - ssl: true - sslSecretName: db2-cert - #driverfiles: - alternateHosts: "server1.db2.customer.com, server2.db2.customer.com" - alternatePorts: "50443, 51443" - clientManagerGroup: - jwtSecretName: - -# UMS Team Server database config -teamserver: - database: - type: db2 - name: umsdb - host: primary.db2.customer.com - port: 50443 - ssl: true - sslSecretName: db2-cert - #driverfiles: - alternateHosts: "server1.db2.customer.com, server2.db2.customer.com" - alternatePorts: "50443, 51443" -``` - -Note that the _network security policy_ automatically whitelists outbound traffic from UMS pods to the the primary database ports. You can be more restrictive and specify the IP address [range]. If your failover servers use different ports, you MUST whitelist these explicitly by editing _network security policy_ `ums-database`. diff --git a/UMS/configuration/imagepolicy.yaml b/UMS/configuration/imagepolicy.yaml deleted file mode 100644 index ab0ef08a..00000000 --- a/UMS/configuration/imagepolicy.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: securityenforcement.admission.cloud.ibm.com/v1beta1 -kind: ImagePolicy -metadata: - name: ums-docker-registry-whitelist -spec: - repositories: - - name: some.remote.registry/* - policy: - va: - enabled: true - - name: some.other.remote.registry/ums/* - policy: - va: - enabled: true \ No newline at end of file diff --git a/UMS/configuration/namespace.yaml b/UMS/configuration/namespace.yaml deleted file mode 100644 index f8c744ab..00000000 --- a/UMS/configuration/namespace.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cp4a-ums - labels: - name: cp4a-ums diff --git a/UMS/configuration/secure-ldap.md b/UMS/configuration/secure-ldap.md deleted file mode 100644 index b8f345b0..00000000 --- a/UMS/configuration/secure-ldap.md +++ /dev/null @@ -1,193 +0,0 @@ -# Connecting to an LDAP Server securely -Because the user management service (UMS) is built on WebSphere Liberty, the documentation about configuring LDAP in WebSphere Liberty applies: [Configuring LDAP user registries in Liberty -](https://www.ibm.com/support/knowledgecenter/SS7K4U_liberty/com.ibm.websphere.wlp.zseries.doc/ae/twlp_sec_ldap.html). As UMS is expected to connect to an LDAP server, the ldapRegistry-3.0 feature is pre-installed. - -A secure LDAP connection implies: -* Encrypted LDAPS traffic, typically on port 636 -* LDAP bind user configuration with least privileges - -## Bind user -Engage your LDAP administrator to provision a bind user ID that has read-only access to the parts of your LDAP server that contain your users and groups. Because this bind user ID and password is _sensitive configuration_ information, you should store it in a kubernetes secret and pass only the secret name to the UMS installation in the `myvalues.yaml` file, see [Sensitive configuration](#Sensitive-configuration). - -## Encrypted connection -To ensure that an encrypted connection to LDAP is used, make sure that you specify the secure port, typically 636. For this communication to work, UMS must trust the LDAP server's signer certificate. You can provide a dedicated truststore for that purpose by placing it on a persistent volume that is mounted into UMS. Because the truststore password is _sensitive configuration_ information, you should store it in a secret, see [Sensitive configuration](#Sensitive-configuration). -Note that the default *network security policy* `ums-ldap` whitelists outbound traffic from the UMS pod to port 636 and 389. You can edit the policy to be more restrictive and control the target IP address (range). If your LDAP server is available on a network port other than 389 or 636, you MUST adapt the policy to whitelist your target port. - -## High Availability -To ensure a high available LDAP connection, configure `failoverServers` as described in [Configuring LDAP user registries in Liberty -](https://www.ibm.com/support/knowledgecenter/SSEQTP_liberty/com.ibm.websphere.wlp.doc/ae/twlp_sec_ldap.html). - -```XML - - - - -``` - -### Create a truststore -An easy way to create a truststore is to connect to your LDAP server and download the certificate chain by using the Java keytool (in the following sample replace the host name and password with your own values): -```bash -keytool -printcert -sslserver your.ldap.host.com:636 -rfc > ldap.pem -keytool -import -noprompt -alias ldap -keystore ldap.jks -storepass changeit -file ldap.pem -keytool -list -v -keystore ldap.jks -storepass changeit -``` -This creates a truststore that contains the full certificate chain. - -### Make the truststore accessible for UMS -Create a persistent volume (PV) and persistent volume claim (PVC) for UMS as described in the helm chart README.md: - -1. Create a `ums-persistence.yaml` file. The following sample points to a Network File System (NFS). Replace the host `1.2.3.4` and path `/binaries` with your own values. - -```yaml -kind: PersistentVolume -apiVersion: v1 -metadata: - name: ibm-dba-ums-pv - labels: - type: ums-binaries -spec: - capacity: - storage: 1Gi - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Recycle - nfs: - server: "1.2.3.4" - path: "/binaries" - storageClassName: standard ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: ibm-dba-ums-pvc -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - selector: - matchLabels: - type: ums-binaries - storageClassName: standard -``` - -2. Create the persistent volume and persistent volume claim: -```bash -kubectl apply -f ums-persistence.yaml -``` -3. Create a directory `custom-binaries` in the NFS path (`/binaries/custom-binaries` in the sample). Copy the truststore created in the previous step into that directory and make sure that the root group (0) has read access to the file. -1. In your `myvalues.yaml` file, set `useCustomBinaries` to `true` and specify the PVC name in `global.existingClaimName` to ensure that the volume is mounted into the containers -```yaml -global: - existingClaimName: ibm-dba-ums-pvc -useCustomBinaries: true -``` - -## Configuration -The LDAP configuration is passed to UMS by using the `customXml` setting in the `myvalues.yaml` file. - -### Sensitive configuration -Some of the LDAP configuration information is sensitive and should therefore be stored in a secret, never in a config map. You should also never pass sensitive configuration information through helm. Create a secret containing the Liberty configuration variables for all sensitive settings that you will later use in your configuration. - -For additional security, you can use Liberty's securityUtil to encorde or encrypt sensitive information, e.g. to encrypt the sample password `changeit`, you can invoke the following command in any [free] non-containerized [WebSphere Liberty](https://developer.ibm.com/wasdev/downloads/) or [Open Liberty](https://openliberty.io/downloads/) install. - -```bash - wlp/bin/securityUtility encode --encoding=aes changeit -{aes}AKy63+PNE+g5rNQm4t7Y1nFps9B44emN09iA7TSPaGUx -``` - -Create a `ums-ldap-secret.yaml` file as shown below. - -```yaml -apiVersion: v1 -kind: Secret -metadata: - name: ums-ldap-secret -type: Opaque -stringData: - sensitiveCustomConfig: | - - - - - - - -``` - -Create a secret from this file: - -```bash -kubectl apply -f ums-ldap-secret.yaml -``` - -The name of this secret is passed to UMS in `myvalues.yaml` using the `customSecretName` parameter: -```yaml -customSecretName: ums-liberty-secret -``` - -To reference the value of a variable that is defined in the secret from your LDAP configuration, use the `${VARIABLE_NAME}` syntax, see [Using variables in configuration files -](https://www.ibm.com/support/knowledgecenter/SSEQTP_liberty/com.ibm.websphere.wlp.doc/ae/twlp_setup_vars.html). - -### LDAP configuration in UMS config map -In `myvalues.yaml`, Liberty configuration can be specified in XML format by using the `customXml` parameter. The required configuration comprises of the following elements: - -* A `` element to load the truststore -* An `` element to refer to this truststore (and optionally restrict TLS version) -* An `` element to specify connection information -* An optional `` element to control the realm name or extend the attribute schema for users and groups when using the [SCIM](https://www.ibm.com/support/knowledgecenter/en/SSEQTP_liberty/com.ibm.websphere.wlp.doc/ae/rwlp_sec_scim_operations.html) API. When using a federatedRegistry element, make sure to federate the existing BasicRegistry as a `participatingBaseEntry` unless your admin account is specified in LDAP, too. - -The full server.xml fragment is passed in myvalues.yaml as illustrated in the following sample. Take care to use consistent indentation to avoid accidentally specifying the next YAML parameter. - -```yaml -customXml: |+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/UMS/configuration/simple-ldap.md b/UMS/configuration/simple-ldap.md deleted file mode 100644 index 48851081..00000000 --- a/UMS/configuration/simple-ldap.md +++ /dev/null @@ -1,66 +0,0 @@ -# Connecting to an LDAP Server -Because the user management service (UMS) is built on WebSphere Liberty, the documentation about configuring LDAP in WebSphere Liberty applies: [Configuring LDAP user registries in Liberty -](https://www.ibm.com/support/knowledgecenter/SS7K4U_liberty/com.ibm.websphere.wlp.zseries.doc/ae/twlp_sec_ldap.html). As UMS is expected to connect to an LDAP server, the ldapRegistry-3.0 feature is pre-installed. - -## Bind user -The simple LDAP configuration assumes that LDAP allows anonymous binds and therefore skips bind user configuration. - -## Network connection -The simple LDAP configuration assumes that LDAP is available over an unecrypted connection on port 389 and therefore skips using a truststore and related configuration. Note that the default *network security policy* `ums-ldap` whitelists outbound traffic from the UMS pod to port 636 and 389. You can edit the policy to be more restrictive and control the target IP address (range). If your LDAP server is available on a network port other than 389 or 636, you MUST adapt the policy to whitelist your target port. - -## High Availability -To ensure a high available LDAP connection, configure `failoverServers` as described in [Configuring LDAP user registries in Liberty -](https://www.ibm.com/support/knowledgecenter/SSEQTP_liberty/com.ibm.websphere.wlp.doc/ae/twlp_sec_ldap.html). - -```XML - - - - -``` -## Configuration -The LDAP configuration is passed to UMS by using the `customXml` setting in `myvalues.yaml`. - -### LDAP configuration in UMS config map -In `myvalues.yaml`, Liberty configuration can be specified in XML format using the `customXml` parameter. The required configuration comprises of the following elements: - -* An `` element to specify connection information -* An optional `` element to control the realm name or extend the attribute schema for users and groups when using the [SCIM](https://www.ibm.com/support/knowledgecenter/en/SSEQTP_liberty/com.ibm.websphere.wlp.doc/ae/rwlp_sec_scim_operations.html) API. When using a federatedRegistry element, make sure to federate the existing BasicRegistry as a `participatingBaseEntry` unless your admin account is specified in LDAP, too. - -The full server.xml fragment is passed in myvalues.yaml as illustrated in the following sample. Take care to use consistent indentation to avoid accidentally specifying the next YAML parameter. - -```yaml -customXml: |+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/UMS/configuration/ums-secret.yaml b/UMS/configuration/ums-secret.yaml deleted file mode 100644 index 082be816..00000000 --- a/UMS/configuration/ums-secret.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: ibm-dba-ums-secret -type: Opaque -stringData: - adminUser: "" - adminPassword: "" - sslKeystorePassword: "" - jwtKeystorePassword: "" - teamserverClientID: "" - teamserverClientSecret: "" - ltpaPassword: "" ---- -apiVersion: v1 -kind: Secret -metadata: - name: ibm-dba-ums-db-secret -type: Opaque -stringData: - oauthDBUser: "" - oauthDBPassword: "" - tsDBUser: "" - tsDBPassword: "" ---- -apiVersion: v1 -kind: Secret -metadata: - name: ibm-dba-ums-ltpa-creation-secret -type: Opaque -data: \ No newline at end of file diff --git a/UMS/helm-charts/ibm-dba-ums-prod-1.0.0.tgz b/UMS/helm-charts/ibm-dba-ums-prod-1.0.0.tgz deleted file mode 100644 index a46230ddd8d7cc681a39a1d0f8f932e91d2baa16..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 72595 zcmV))K#IQ~iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYccN;g7D87I5Q{XbY8)=rLUVbFXX78aT+UATz@rqPD{_XC` z0lPsGQM1tlpe1uW`R>1iDgcdcHXo7|$JsT{nTgzu1`0r-Q19ZCMLV9*cD_*UOp5s6 zY)+-_Ea@Wor>FWI9v&XPeEuB%dw6(Q{qNz+7cc$a@cii6(eaCaB2NaureCf!mH%{j z_^JI=C-(>W(TxAZq~anyC3i;+nq~f<&7;m?vk@~DNuFtV)PHqJ&JvNwWJqtxR7ldz zwOCN|mbA%@Vv=0al+M_KrJ9VGyyFpT%*BG8lDXE|>A?Y?EIJeZ_XFy`Y-b78Qy~}a zm}QArnr|CCG6R}#)ak*2r1zZ}*YkXmD<&h6YL@CwBo+t#SCMx^4o1BTog2{-}q|qjH5x;oWxXmZbuj04=@#9hF=%{n}ZDT=sswq#Igi%v!R^^dP ziXT@`Z$tAWVKN;2xbuDI=-bAfdvw$}>>M`y{;!<>JDTK7Jt+a$a{f7FDU>3SSY#q)saB0yA|^CBZ4mMe85%57nxzr@NhJA#oh6hn z0F%i**K_jc^H*mimfWCQgAn$CE6vjxG#eO{g>FVHl1$?l=OVggl0=flEY+MQ<~zQi zGd9eV1Y0Wn>`bIuiljyOlu%-b030SF^R%nrpe%Bw$%GM=v4~GOi^*h3^qdi%Dov9F zPgN#G#1xF9t}>R6=6tG836KRd&duehZF`6aPTwsLX%Lbx03JdVp2hJpGv_#+N$ix6 zxllT_vn3=GQlFA%&raZ9<=NAC!PCm*2|mSU1K&+$*`0N z4-XGwHl=x@5AuaF|2sYUzH`_)HtU~qJ-!%i`OMI#Tej3fByIDB-}#~=1L^~M`9(}> zI?3`R8H$8Q%Tv;y4ul>`rp#T`sBBv5cAG>@YJ(&SMBrWubn9X=Pa{wn|h6^B4B@*^p$OYA>(O{5LFL!WY~v ze3a#<tbxkNI`Q}Wl#3)5slwe6;a-Le$<@?HlQ;@VGV+tzB)glG=WT1 z$MooUqv8WYh}SfRSEk{3&en-S1f)OG{P>Y{P;LPoryoDU>i+tx`682S%0CeN2m7E6*%GPg zkwA}uq;DR=*es1581~QK8)3ixp7ghY{{K8@Nyen==-5(dOaOyO@Jznz9{ z*CsKW@|2NgfLTDSnx5iYiL6Af9q~6UukM(XJZ9t{hM`O&^5O*k0H6*OrE;=)0 zsg307;7^S+Bf~O6{TN8`|CZAP^#L@?0Qyej9mC$Cy*6W*nJ6-05zQ4NN-P-pOFm&T zWtu6R^OUnBR)k8194L#8M6Ksskv*$wI3J8mTSMPf#-jaBqd)cc4Rm5fPi1c|c*c!v znIuLy&y|5w5emRtXg4meX;)riKJ_c=UiwvaZPqr}Y1tDMT;Zv`?|0tW08YOe*h~2~ z_OOEYr^Iuf^Uku|?>J7(z2(GRByM%+m=9*(;6|iPwVS_EUV5@{qSh8i4 zp=ERJl)@FqzpWOS{DTzT_4g)FUw^;pZ`1v+qInyzu8o52V;O;M z^54y`Nq)x@ zHe;~^N-`Q>rOEPI2>qHTOf8jW3-^{LiMSuSk9sPiiM4^)uk*C41|l_IThodanb_Z| z%F@7)jbD>rf5i^awnh#c-bxO(lEb4=sTa|VPI$sKM?xP<0rt2y>0VqsU~R3En1HTw z%WBprlwlRkr-gfrnO6VY>`=-gP4=$(=V$xmsB>5-PaA}wYV(vF2p&h^cVM-fr{uu3 z1MBlgYqS5=OfvLrx}P)2h<{DEB2Aj>xsd$ttl1(>o@yzKK(Ecetce-lj320oFDjGy=ss8n zvVRXS8{|_6FCe!n0A7cedpDP(eIs{E!c)!UltwHBE?=lBOc|Z6g$LdNEcYyl#DaBx zQCXAhS@p+0z?O&^PvM0JFEnI#hy4(O!j8SNI3m~UR|Z}hP^jV4c)T*kZcAejvpeiN z#~CyW*KA)E4L@XwkN|TDx=Vv4EB$%=ek!1L2WZ41k;YUmH$k;KowH|X+l679ff>u| z=fGA|)gW#E9=`ql*|U?~p)5S4cD~pi3u(EBN5G0sE8e?f3&21VJFaynlSXhcmlxh4 zgn(8up6F!;ddWR^T~pum^U4=y4*wuLH6kr}hH4XV^KBEFaTG95$$vJR|4qIj z&8BGyj@$~(w?Z-yDQ2c2c$+#WRq~%rWy$k@2QR>n%)ETabaBz4pF1We@coQ|CIYz|9z42-xjL;bo;;S`A^Xq zx1B+LoHot4wXN?U1#Ub4&yP=5_`k!i`Tsu4@5#@!a>X*FEezJZj+u%_{HE4 z=&MaW{`z}w>4SccJpbOKW)~&UHu>-PvgZ z)pQwM;2W)0KdAHD@?Sk6rE#7AZiMF1qZPxwK=xuQX@ZAZ6p7CYm#@;kL2ssQCWRJ} zNKVQ4Z0KScA&=q5k1L;4ysk{Aeq(p+F>GIS_j@0X{{_Ft(tnmNX_7pN|Ht98=d1o7 zCtv+PKFjY*;{U8$E+E%aP~~07^2b{GStN6HwDkAhr{C)L*z=!0AVu_6{m=6%|95h7 zc=+}Fe~#ambpC-WOV$5YhOEjb-JF;Cq~|BU!Tvw;{6lCMPbVTz-n$7{~td; zKKW|@`z*gN?fe5`eXh&@vyy;Y-jSe%mo{4HGs9(n$gm}WaO z0Nc+0%N70a$+MHM_y1@4eQD?4Al6p~pk7gO^4<4a+q^h=@u2;GT^M1HJ0!B}6rCI+Ev7z&=gPXfSDi4eX8~HL z*nzOYs;iMIxm^t&5hmzwUwcbECe+ZDa4X$TSSifhPNg=(byc^Z7E^gmH*LX&?0lV- zs~A$$E~vrN|7@yxvqhTi$oxN%Ol2Zf?8krJi*lKe_AP0*6;I5^?Y78umTPhlv%7;d zPZH8@-%GBUc|rc=qhVKmjzr9U4NG!ts)7PVIyPM3khKm{iIIKs1L0HhpX8q%jHI11 za(sA5{`&`_=PV^GnhWyn&E<%sLKAvNc|s=%>wHUoAnXIzBRx-U#_gKWQM3}x2pqo$K+QZ;V<&H;r_SjU#EPw zc!08}=C}F&KYH=}s9OK`<%_TSpU?CA?e70GXn0ApPvZifUid>$uwZ59!y-8)|M)kc zcK?oUNB^jz1mKzqn<3Od>M93rf!4KOf!23>x(nBW zi4!|+5*r3YmpZJVxxfmV9f&)uTc@ybSZ;IIapDPNO%U(xUzSLSwG->%)mddFh9+xo^9u7JxV2=TeehMNY-(kde9C;rXh3leUcsIN*-XX_X97v6*eB% z$-ytT<|&}jFSlyTqL|@-xz~Sr3J89=*X>PEI56BrDj>BpO@3@b!uzIQ(_KbIF8072 z6hr{S2!@kg9R=b*$YVwUjA)mVPW#~;k)Ubp(WtJ*H`xoA%-RM9zWv?rks;Od2W*r1 z(mBe64KNFVxf0?Uc(VsAh7qtg01eEM<~M5OEO zwH?=iJYu-TMRQ;Ci^o4UG3tkEikR2*FMmm6K7e%vLXGXrz~`f;zqbkbck>o+E0XYu zq;h%9rav~JX>T!Mam?ZiK4~6=ABB0$O~VeeEqxP0Lb2k<=FR2k{8ck}jVV&kZKEGu z%G7|T2pEC2rzKcKu88R=CL$#n)?JBhnKZJ8E9^D^SN9;23~Hv(MD2glQu`%@rGs{V z_RltNiK`G(wDQV_t{txEG@cY7mo{;|Dq}-YhEB1TtNZoOAJ^#xehqiA$o&4}&M<`8 z;wv!VS*(M=NQR}6jZ8Pl7ZWC{O`*7YbLW#fIc`>fP|2C6venL&N=jfss?Gbk_9bqz6890m~`j|zJj;D>!6u=$gq-KjUTmpSvT6J`g_;y)oo*NUp5mMoXHigc^>4L`Eu~ z+T8R!)q+qW8I8gGF$KQ_-=|0!em@VY1%Io^_+k|H(<(Lm^Sd!oe3n)Qvz?Z~bc^qz z2y~*_rbVIuSQjQ>S{X3@LH?Et%|b+92^(1bI`ePqI(YJ^f}_K*dvxHq1pkc!``i-T zvSnM#T@*{FFE|pH5U=2N~tEja3CUe_xmh?N`1zOYc@;`%CZr`0DE7 z=kD3Ke>G@Sj?yW4(;M`zyW?K_FTMAp@zr&&t_OJW^RPP_y}PgQ7Un6DnqK&y^zJBerTA((Qz?|oA@vH`hPoS zTMwR3!*1KjR}6nJh6j#VPm1BuT54{fJ_G(_fKHm*kw1w3dN{&=K12^|I{qFlt_#I1`QbRLBxHfaGvo}naF+0OkDtH_nur$sDPc;Oyb?#Y` zw4v_yfyh|OW2;`wC2;K(9p4M@Wzlbxg7o6J-_S^ZbrT9&qvDYNf@-cQB1A} z^Yc^P4WO>j*$~{(=)&C4KH0&}7>>Vd8E^sRFf zd4Q{c>1r=!yZDFgml|$!EZ7ex^o=*@66Z#T;%BHjk5LcqTS9MKK^(H}w066$x;Nvu z=dXTS;uBA{ZWVf5y;@6qES$eRX6+8^#$zxZeF2NA)rJ){5PlKMX`u9Lx!E*ahX3rM z-y4kkzdM;JPBWUi1BmJX9`(+yd*d$+=uuhL+bn55ymtN?A#%qMj^JyIw~dhAmE5>KMwTa{1nOL)HH>b;-S{=EHmSKHzR49c9~k-0NYj~QcP!OJ+%b7CIjHD`Br!`E{yin^16S}j z25RyYWOEEs7jn6>D7)#{J~{TUZUMG8-9jIC*AYHRW{K{#hmPV7(amq(bD*yR%8GU4KOUxJcN~s&cqHE|qqj4~rz+>fhUi z^OJsC{C}a8y+OF7or$FX6%$)Tfqn* zcT$q0vN)3{%k954EKv83nJe%{^MwB$jM-};SocBYn*F_x&maD`h5p-8MW2%Wbu0aU z_Uze7HUI0$$?;eE|2clY1^wTeFEy}4@02ffZJJfCt}>R6=6tFNB%N`s|Jk|JD02Ga zIv*>C+`cVpYz*@aDj;8`+FdE7zBb-C)$6Y27Qh?8RR#OPZZ{*k1c4MJW|^V50#(y4 zzpD{Nq(~Ab&8;wJiV=}AMIhS12rQ;?I^*ewnosI7`$Jp5FJ-^_APyxG;+9(n`%Rx@ zQhZppCn8?975_UsCC%rDi|wC*dX}{(G`eNr&4pQI$+rtP!zMVB?KYE$XLBaiDe3jj&for9 zw>Nroc6r+Ke{Suh5*ifuoBekw1gpCIObgIK=+-Ne6d8=>=bKeM+7^IDFb%Vv$b#Mg4>!(SM*IWzr~7^v4FnR*=E= z)~48<9iz7T5WZR;%7m7_wzK8=?OPkj1UAA?4&nQJ5ls(vawvUW3LPm{?P5Ia{*3;l zKM%T>z0&<{BkFcCY1T%z?Gkaf)_Zlc|LPOP-PQW}|DlwUTkii%#O;_XnL`@%_9TyI z?7^vEw%q@R&tF#W|Kp>hulb)o%kRnWe=Kra(Q*w%eD1O66(G@{`P&+@D4 zvw~kYqtTp^3m&mlu@%i%@UzT6Iqn>`$e(GNQ@JF^hlkJBegu}ugM<6~`woR+IzrA4 z5*$h$Kmzu0@A`5?x`T6ab~QNfkNa1H5qW)eO>RcL7P;;XudmK;AdOcGTAlYt-|1>5sS6cE(?g}*r)f`7y06>u=qUTcNvpM;mh$+!?u1GAR91<&6;1Y5Lut;P} z$!Bv-#C^&n5t6V}bG;-q*WjWJ<2jD5<_kTi+VIsgNmB?l)y2*R0I(TNNDsPR0U}S$ z1cl9i8$mA)iZmuPNo+Sl&zS`f!lca5*6pVSc|*JpkO8`7W&_DA)0jyTiN(U_II<1V zObz|ufF1JM22o_W%!Fd9SXIB_ZjYL_mnKX_kv+bTpNe}XTQPoeK{W$wAbCLzfl=li%lYR)s$)09v3 zl4MLqrt7`uhySt|@tI^QPcWcciUnD)XiifeQFlNv)(0}NT7>fXTk(WZVoT4M zMy>J$z1UrvW+WCFHwQ`paCVwdmIeaYN)ryLS0vIqq}~u=glBibVopKO4yOH1$lDd7 za4+O7Kn!%qU|Mkmctodo-7I5i%s-F`OT_(tu?pu*@;j>e z9V2EzRI`c!W{mnZu(P*4;Tkx=eSx7p$PFO*oxy%77D%hiP_SL*EZom|G!KXYi@6q( zL&5qx4qMp@T`OCJC3GUB`pOX8zNZ?QqA^D7_G^yG1ReJ2` z)UcG!7UFXE`VNI zHu4=%yy9wNAKW68=j!k=5~<2~l#5&?OR}Ky){s6~a7T{iVv5gFp#3~0E_X^jCK_VZ z90*M)3D0V$xq5^v{I#F9JAqqSo^SyTeOy!qC3C9CghA+k#DJ1dmZfouL#Wu_a+Ye$ zqbFo0@VYh(Z*csO5FK~O8^czaVbA>Z9cM*GIbN<7S8Iit;FyI}nbBxYf(3$#Gm|B9 zaljY67dfGZ!^@b?Y2wiDUdSZA=Z4ovMcRg)SNsnC*^cH^&WzwBmNe1J_Ea*~B3w## zCn7`0S8j7F|6!;zN?WXD*ul);@d~9Y$a$7e5*{T>gQ!_Tm#yMS#w1>~3Z7WTB9z-g zHs8}?V3t=#thvsCw%`Vx1RFG@hUoqe*quH00n!0eMU-}j5dc&u5bcu;=NjzZg5I(g znbSK4T%H36NEHSY<=I zENGApL)o^$*$Q{pbx40|_TS4wN^@;++HZ>HGX#OosCf-U&I;~( z#f9a0Yblg!!-APek0&l$2}WlVG|lM_bmNpXTkamMVG=eR1o9n29myXSC)D#x(JRD0y} ztIHM0i7}FbXB~3QLd{SIhF;KRLD{NQC=wZWyiJK7ZQ$}?OAOn{VxBKrh)0H_;d(Co zja(L+@d{r<$y$Xd1PfB2)`BtI<*7&#agX=Aqg|&BFIVm3Omn5l%)o2FLwQ58h-aJ` zq7|~fLI!HWm5EZgAF7hX4{(jTF(<*8sJJOuX(LBLS~XDWNP|LBEO=`01f|DPk}yrR zM`_ci5#4977+CI2l}C<(ktNfVr!B`f2O>O32kCNUa>2lUzycv!=7bfuW6NT9%aFyG z8NR6%FcW~Hx;SojZm5E&fu~AR%bXihPuB+k7Ykr$GbYV6AyGV>IH`+^i&zf6I??i? z#ruY6`TY-y?==Tki5gG_oCr*zwadB&-PEse?YaW8QB4v?l@X^xExrAuIIU3GP@Ot3se`dt z>tcmUSfw_?@Iy$#_oh@M%G3%#}GSZot+4g>0>^GIhLOpyjf%LCq>nD<=gQ zh&v{6v-F(HxNRo6^m~&ExiA8=VJsMx9Wu5xk_`P?UFKlFfq6ht+AH~J5(uw`Ln(t} z&lXUuWl1;huMHZ<=5J}_oe(2~UL5Flg?2d!EnI!Y;}YtCJVjG8C`;pf;n>y^#yG-) z@}JwzDouk0c1jGI)E_3$R*?xqK0xMG{KJJ=XSb+bqC%pn3guyP5b&Z|%5x*Y@Z9ekW z8@OL40);YjY-b?enQH_~9 z8r5$$T?RaIx%Tly`$2s%hDeL59(xz0xU@0M#L(}0PG?N zFNGGYRcx3&`>FsHl3Fqv&8s46*qUoq-rRj6z~a~Jj!1vhB(J)o{>UxvyZ-p?)yt0`X2jhNkM6Rwwv;5U-(jB}ff9Vg-TZD160Aq2-VkR8uN*t(3ixUKTQtIf`lHB7` zfj}fzNvxQXaesW#Ymvd#pxqz5zU~j+^e%gYaf@8`uFu|f2jlLm{zZTM9#H6Ye>~`o z(0!n5`xthw$NjULi|#cU-dqo_Mm@Z3(OQ_W#K>wY6RG01bRvlvN`+-~p;;zHCb?nH zVZu|AE1Tz822x<4FGX#mQuzX86-TbQ0?MvL#J!k|MBUn1K^q$yT33Zx#J%r2vb2yoR2igfmhc%%Bevi2*6vnG zmFqP>Tk(Al83jdRmhcHMbO78;3Z=Z=!VRejjkE&mc>Vc6>RGxzgd`KUWeJoqaT)>G zS_;8=p$^}C?OXy1=Kz(lh!;vWo<=-2j4hfH3a3-OPZlh8lytjW%%ym6>)T5MgIR#P>W2b%(b^X^~}g##+D= zX~b|68LB}o^;-hou|>+YKabven>g5sm?TyU1$@haAv=ci zMNyWqN-bg|yO8NzZ^$a>L<_8`vX%bjNJkM>-A`~+P!DB;63o;7u z0;f}0Q3{G)Xo>zqoX8u0F#(-_~upk2W2IuBpt#gBe z_ub*JH#qPA_0()3XbZ9|Sz7mn&~?we15ob0Er}2^-tmK$b)zV26C7JDc)}#+Dnx0n zRY>wv&XQOWmPUzCNc1O?Mz>5W(){>qvk+1e8oAqU>5vJis+IZzNxDP!&PDpI_ZJAx zsO$Xy>=TgIK}=P1kteZX@jVlKxFd0?c z+vDxZIlHS@&lE}yDx*2SbCj|$CLSLieNXzYF3FjY8NReA5eE`d8ChDP`zP5m4ZMft zK4fEZ(uX*d@&?i|7= zyYS=dI1TGz)(CZyrS)>)aaC%tj^F-7X4|pZuxum7N+39t1}0|8Ba+Z`meUy{GjYdc zTJ__zx{-oASF7{teD(hSz1KJI8V!qNq(69lb$!`I*L?%iP>PwPV6#`C+GmNl2hluP zy^snUhof`-f?=pv=<(EZUQQ`!hpenYCfOZFSEYjfPnHC$)v z-(Y?frj8$Isg*Cx=Jvqi6fhA)?c0xKALL z$)5jLzL+q%f7*ciJ`s6LhV&Ld=;m73#XI`GbJ#g1d(U5ogh{RvtAkf%#}Oy2`2J3MOsm$v6AMi*9otHl!p#2dK~j-p2aP zH~6%~dE%n^pttx~-OPN1GOa-skJUmFRro_W=K#YQMb=2r z4fbbF@i_Sj(Ij#B#3GT31&=TbPzB43plN&0k^KVJMmx=#$kCx8qe~ad5lCZG#uVtv z+_P2zk_+H3Iki@h28+L;F)2`i^v6!at(=7yICHSEE?aB9nhWJB$7#M`YEC6EpF&!9 zTJPE>!9_qwunCs|vPwA1DkjUqZiLnoClxui*V_*q(}zw;eie`xSAH2RgIITd0-cLh zO&Ellg#P~l%?Pn$^9GrTB5Z|)4zMfB5Rs`|B4z5p*_RB8xS%BEkGoUrGOz8lK5Q%2 zOACB0)SX6SWZ7!#Qtv45x5_izc8%=KIu&{9&tW8zghilQIuFD}L(s-7nnMIh>0(nZ zysV7&-zw5gQ<0|;lEw?BHIw!tnDYso-5bS}A;NaSL-EXnrtdlW`S`e1raVb*RF{dW%G#ZzAqIr90?LU32IYs*B zZHY}Ng>VG^3Y09M2WLUDRjV*bTc>oM%V*g&1ogPGrLMy{f{}%5MPB7;oS*~qDyeg> z2h05+a)TOT#bflrLo9`|VH0#Hfic~FI5^Ovj2bdrY)kxIcvBep0#OfUhVI0dNGXl1 zjO*=%0U)Yyg)0xxX*AqS-P{87*}8rPr0VxxPvO|R4(V1Kc`^}2Vv*65qikN{pIY|L z7sUfy^wwr>gzD;OKC1=|mwxb?heq1<2~CBvU?fE8Zh z%J#{GDvt7kUpnX@KxbI(k9p5`ZMSW>M$NtUP}*P9MGg7iy-(oF>N<7q|JIbYRt&A4-N26Sg-RsP z*<2b%y1BN~rag9Oqq44~cpc@6snvjjWywTtP0ZkJfJzvUs|q#8Ca}SZg%o3TH4y%~ zRdVdbgkhmlXAQ%itaZX%$EzRz#y4`^EPkU)d3C7bUjDr=&01FSfAqasgK3YvI@k5| z8E(&-ZNm%n{M9k(#&;C-E{5dKq{uTzfO}REd34k{g68koWRyXS(*>V^jCAyU=djT@ zXLl?S86fjmh{Om%!G1wRtm3oO5)tmjfjIb3ObfAr2Dco>z2RM2rp0T#p#pWmN(VOD zQ@fFsArj~nRYI}C4@v?4ORk)=UFb7_ZWdD^JB`MfSY#rF4HyV*Bv~Y2J*DX+;R>86 zuiX{~N-foByqmMM>cvG;(1b#KaJaiAKf-m#*9vA;UR)O?lIz+P>eE7I_LG9ELTIAt zEdz&FfqopZy~%+fBC6jTHY8;6>9Y3v-85b+P^4F=_yiSX)+e|E9$XwH<;kvVSvoW8 z_@a@{V=l;^-|fm8@2~xGK=1gB8eZ-Z9|vq7Imff~$^G=w8BnhEy|fJ$2M&9u6@IMI z7+Ip9EDMYLnTV|#1PH$>bU_?cAao{aHg~}V{^o_d^aHTHdd`-xp>vj?VZ)#;swY6R z#>}M=u}XrDgx=%%Mx(L95fkT8)T7bdO))^6k|oE+fg7Y|F=?)wUK7=J>t2&$*tn!X zth#f%NS;Eu87N&>9j5oxK2Z$pF?#N3=-_JbbN|)l&(3Bwi^LJIaZ6@FJc zjmGO-=Q2<^XE9WdH-Z)az>xE_u~VU5b=`0sGOB1`*8+x@M#+q+tie#(UFr??$XPu0rdR>Dg&xkM0AAL39IG z>(72j`s>`M3Wup58haD$`n*3nyXf}8xAHysS9UKhNbj%1>)r_cE&G?li+=As?5UEC zus=AvxH<0+-n7W8n=u(&jmbs-vOn&flkruHjNkU$$M3%8|v zV=uxrvv$wId)}?O!&{rn$vNT{9=Zkzz$G`Jj}=#3=W1(R;~~BfA}G98WD`-s5Mzif zUIEmNuSk186fe_k# z#Bw3)z^uy4M%`M-&0-a>hxvf^g)jfoP!)Kq9i8J?zBO^;PlrI6YvEFG7cmhi4_-Od%OUWQ%1GR9XHi zLbyG~TEn2}&fT@;qY0|kE^RcmpvUFcPSE#BCF}(EJ7i=iN!iWNj33y{ zAagCI9f1rXp2|&@fY=n{Fj7Jtxi0I|3pYgTS7rK#)4xI!Ah_p_COP7|Pahm002S58CeAeVG@hEmW8q$!Qrolm|Dr!$jiqvbX`%!HX{U?`wdZ3)0Cs<1Q; zuT(EZYP!gnEFxD|hqkf`;7{Q^iV=UB-h%giM04+#O78?m7T?7^8_^7Buz+jMMqxue zDu;v-g@E})q%$U+%{*Lrstl_IBf#-btfOd)fCW4Rf?c5$$rW*V-9=y^I^Hi9tvGoC;~8!;ky=Sn8mU+5R%MIKoI_E` z$u}x+bTDfUi-TkW*_4u3wF7i2B%6sKw*_NChD%u1Y8J~NS!Ijlsq-LbajQsu2@}mI zkK1`>9ez>X^?|N*-}8`m*&T~*L`$2D1QNr>jJAkj`rC7H4;c^4QEDMG&;OPikkUI$ zPt$^&xkgT2+L%1Udm}&QoQ#o;vT5C%0AWC$zcdYWtaQ=-&s0;LaRXPNPid!;TO%+HLX5nI z2No(C8OrjB%ahqs&8i5ZvHcoR(dy>*VmJks22UA_Cp5Y(QDY}LuOY~vc#Jo>!#NAh zMy##o@h&{jxrQXN7Mm;CxBYimM+A6#xDjfN19(UagHu`ZtP%&f)kTmOoY_pxY7PWb zF-*Byb&!MX<372mgS#evX8WpaPK`pP=22pBAfuU~eI7$rH`(TC1i~Y>4!mDb5mXM{ z`ZODxX^%@}T}T-|>lj>!1x*UL=1aLUu|TTX)r2=K@ZQl0@-5%(!ke8Cf1O4?XC#(uT# zxta&J0YfUogRDx(A3;hQ2KGb4-kBLq7=as3&uJRwCNnQfF?V53mpa41#tFml=F;S8 zZml1V*EZ{QFUXQnX>-E{gF?RgOz*O&oponBJe;ojt!K6H>2CEzl`2cHXg;10r;bCy9 z#@a^_13`7mMyCtt^|Qu9aC0>oRy{4#19Oj^YrG;<=HeL1$~jTUT}U4y_WN-eS2aFHQq-x6EB| zzCk>9@v<%W=Y%Tr=RKPQFPuYb5EmVG<1#hw(IjbMML3q~=02tfa||U?C2iyJJgeU9 zj@r8@l>fk*WVZ}9EY+vJj|<~&!tN+|47yb{XpUkYw`snDtD2&isriCcj3pKKYL;q9 zE(rA?tY3TJ7FFYS!F0ZJ;kYJNx}`cKb-=4)Oeu z-10;$m}XM7Fo~s~yBUbkI5r!!CSJqrU=U-Ad9tE;Wf~MNp;BSBA^^hL96;f>UWFgC zED=xvD^DH8E*zmtbsd7Py-BYG4=i*QY+AGSIjEe7s|Qw@R1iZvVOS$FZjltyHZH-0 z!+`&^HeyFIX&^R&zXn!M5tz<&S_5vQ@e>AN1UW9wgkOV717CEreV;t!$R-1Ci@2*Ce7Dy1{U3VZoZCm@nDuL0OD_#yQm8G{P(e z?TOi_FdSkEi7=Qi;c59KNg|sl29(&UL*7BChosT1YLQ7oW0$Nhca=SDFt(LZ4E@X; z9-xw)Eer~pJq8pniskuLvMTevX&CWC?QkF>7y#M}DEJcF=GMD;ZcTNba)*ZY5--oS zV#ySuZ7iX~Ei;?v5Te*bo4ky=K%QbNBg5k2{R2ebtf-?W(k4r(N1O2ex-|=Pk}C1maoyM zv8Gr}Pgw{5zzj`65M*fF%J0 z1(?dk=&%nFv&DwA&@>?w$Z_Sv5?nrQNHwx*C0kLrq-MkGyQ#1#^^w7i#!WR0#24zV z_`rMKDE1jlpjHp0*@eo7)|$`aqA)6W{esJY_j4+(xOM6*TtKNEXKg36(glPyhV>Ui z122@CF42@$+2zx+RRPJd<=smXHQsJ6wRG8KEJQX`(|HXj)te^MBBOj#&JJXwPRZWr zUq|~E55g#32QiHd%_)4$N-GFHFzLhhqSI)cGbom9I7FL6st~5!u|ZW}96HCcR*llk za8s7A2Dbu(Du|n=|IxpW&?1PTy0IWi_>^F|^NR@sFKzC17~h|ax_Yu+Bt!^`K!%_m zXl*_gr+@PgOUbLK2B3>haTO|2c%hn^d*!dwiU7|A-AwCJj0DSQIA%pPS5QTWmi%U@ zH=ETT{J?k6Va{Yp7L=#q>aSo|kaebfWk6`SYBZiAI&!7oQ*v#-CP(C_;n@K>`e}Gp zKT@e5o518sM30odC%_qq0@`O`-bRhO_bFLr2VQ)93$@1@;1GPWpkU!Bl4?pZSK~in{ z&>d!U3^O9zda6N_U6*V7G{~0ZPA#BCiu^04X38Kn)ArF%im5%Y^9RoMI2iAfW;^N* zpJHC4?(jFA!J1T8n;;JWfB4tO4*{-;-=qhNrmgM|T#n;kt4Y&5Uj#Mw(E~I=CG#42 zY9*IXRc?iNGs7lU$FfnzR_(j@ZTjtgh0#JnVd&{vfYIBV$z>4t>w8@6(qk=K)-11M zY3=I3Fl;1-_OU_~3DRnolA%~<^)SN>u((X=&wf|FAgY?lUL5oxRf~nlnmC%$$S>DzE*@<`0l3^^ugQn3|9-o)*;f0*j_}>piJT2 zf{H>Y&CZ7x4Gl)$l$1(LFosjYjzFqJQ?6{@@L{8j$XQG|j8wxJh2!jK^1l z7P-16SL3(6>v#Q8kKBx$iFSB>_2#;J*>VBUJ<@%1-Rq59h%^@Cxq3~;Z~G&Bci9_^ zJEZ@byuZ33-RmB~p=^&M|IL8B>b>n=yf$CE-dpg|b#Hjx8}$ZbFxFb@E*Zb=j^Xv& z?oU1P`sU(-bZ^FQude&!_XeC-{lR$wCc@`N^YENsK~OpXT4~d2H2&n?yQTH(ii_%2 z)Gp_SwY)LC7VGzenThFtczty_9ACUA*S+!0^#I!33~olfb8^``?{{0|{Oat+ETN6I zFe@;;zPf^C>J7k54u)~N0mJU~_&s@jeRWCRy}i05{V{ph9g(Y7<8FV@JGUn8>)z`d zTRrJ*k904uZU$pA?Do%LVFEzmV>kQWd5fI)M&s+N_mB(V>}qJU2LxYq8jYh4IcHOz z+KPmYW;ySBle8~ncb!nzuKIWd4zQj~( z3d#xz>4ONtk^yzSK^MnkP9>HsXx0Q!H_2Y}qTk#nZ9|Wpx;~Y*7R6_C7i$2_&E=hhVwRh1iCLRFuqjjxtNq21KG-pq2 zxhl+LBE)UNbP=vsjn6adW&d=z=av3dTfEPLVk`9_j{vS#RD$amnyXLA(Y{NO*Y;J> zLvt2-XM%V1@qQ_v7}Uvcxro>t{&BKTXdZLXzT*lFebyt#d8Tt)eo?azx&_s>z<V-cehozr5X==xsBk;wgKkkq^Z--L zzOVU=C43h8mKEjwrkF0trWeX2dNcWCncz~UtxuoLPhmYI7sBGS0F5o=sbHuWH%z#9 zR&~1GAa+O34cd#It(xy*)v-{WkIEFiGQvRl1w|7U_=$SMw0kUMToeXJcbh$H z77((*DV8Km?ql2gdEkaxC?rdKc-f%BwWmVmJWamfT6w2@r)KYcEyy9b#F`^x2+@*J z3A`cZZ?vjx*q72egw%Ux6A%TV*quh>xD#Y68o`0dC9`gp#T$E`6{+WWTKN2!w8@#s zQ!STm>+%7w$)3$Dk21HD*E5*REin zvcXc^pn*ihEZl9Khd+>twc|ky6_y>_Y>u=A{j4jMT^Y==1i%#Ku?zoDTvzah47BZm zOK*`x_M#8Li)gaEW0FjSor+FDOI7nXO?7juJM+ z&!+iz)C)^uDv=ljt*=p&iqwa`h2d*Q`zw_h^2`Y#l~YjM-0og7MBsQIYh47U6X&xO zB^xd zKQtPX4jPIJAPOSr_$r&c&b4C@6&OgpLE9f1jVOTE)&8~)!_^{;VdPW7W-N^X$RNHm zMGpjAobq+MY*n!RhejiGH)AO{0@)08=~6(U65+B-heavCACkq+u_h4_2&`blTL{gP z<-WlfSQsTx$QNmN_JSI&_FCU{142(vzw$>m77?e3C$v>gI8d5G5uO~BsqwycE~jxZ ztN~K8J0=x)bh8B*YuytAJ~s~vJGC!%*1}c6h762QtWtezGcc1SB*H9J5-JxZb~UjL z!*fsh9g{zp<5H>QQ80%!Oq6G!>bR#?m>;W#6H-M|A$uuP?QzU}`)q&5+Ci9It1<1A zlH|DpK&uA9x~fm*7@X2K)vWD$ZCQ-KxQgX_i^7yXL5io1wcVHrwsxFG&Bx_gK&s3g z($JUv{CAm1IT8J9AxqY3c;7eTLUY<`5=xq@P&B=(7fi@GNBY`0HZ4G4yEY7Pb;dS9 zPB~h(HeI)ubt*l8Fx4S@MNmTE9T)~;*L514F2zdG53QAme+Vy#bijLVV=rs6&F@=2 z&F3V;GI}7LI|5#HlBwp?xn;;T9Fei4F>B|UYLOdEFw!Eg`3EN+4XKXiOhMbQb)(TQ zkHA$?CV8^N)D6(Itf}^Giluk+z=(!Lrjuph-;ZE+jyFRGS+j$yFk<`;t~@Ka7;5#w z-fB9Um*na&2owYiRTaubSiB3b7hf_VOxSC4udNx|P84g6kA{} zQY>8>qR@4*E})=8y6JKq_;@@};l!m&ivR*qOeSn8(%8=?409!Rj1eO4MtV6O}SRe`GPkBlh_1EDg|7Q1SONy0GI6jqn8`A(KdWDDwPr`BmSo_ENY zez0@_T4ASp3Gs=l@HFdgmSe?&>eX0Q z1r%QKj$`CVC#htuah+0nO)>c<>gcsGD76u48tP7?qyr!o$N zx^n)SvhD1m?+$T?^cM>jbJVRAx$O#SU9;JK;ms}lU5C626L9x@-fr{mh`93Tt`YLM z)^HTK?)X`Pr#v{OSh=UTLj`(@rnAr=r{%MRKx$mb>sieYRkev$vqym*WAiZO3>Ve1 z$EB-#Z5G19qDP^kMti|PJ+@yMpm;T74*1$wg?#b3xiW&v$O%+N-e1jS0?Ui}Tgni6 zC2vtj3GJBHByTnTz8D}(qnFMMKqR5*ET=QpS}mgD11l#>RN6jVwFr7UuSK#!V&vP3ys=6tX>qL^sYWd8N9Bt1FDD&H(kK zG}n$Hk8U|*W`qm1nTtcZtn#E3{^Z!T+E}*p+|#Lw`L9(@JX$f6`uqa05H9-uY}?)NMRGsib&g9{6#9{c ziAb({-Wl!N5$XN)?BZtB|EX6^R&w1NUUbiT;9ms}c%?cm*FiFqEg4nnE3T|bwp;4B zCQC|-jJo6g=ymsOe0BYv{J)znKHXkN#pZEwiGGU|FTsdrz-pqG4jElt_Q+`59V2{y zzPav?&iiKwqVwCkxVU-;-e-0}v9r~M2`1YjBXpJPzPkD;{P42-9y=WlFTjJ)?N^8N z2k36t`>8h=x5((`?Ct92;wtwC?cbSpBB|Q-RiGH0+)AU-!?*Mej}b zf?W6Cyd94^#e36r_hNK~9-D~W*a+wSQ}^1sF2bbE;P^*n^5#YOZ-gv_3-+r&BBLID z@EzIn^EasIH+{4Zn>W0^`l)~3J13*7i{8b1^6EXNbTr+%I!L|ipx>KUzU$60*$et> znbq(8)VprsT>U!sUtNA{z8sqUxOPsm*XPz{^X%%pX9m0)^@2tgFvK|1q_%uhTV`S@g2 zL@2jP6=lrd;GOUC)Tn&o1OfwYkmHo6rFLvy>J3!jSp4Ihm~IWg#dz zNnAM;g<$M3vnQGiR@wKXeV^RivxrWNvd&qK;j0)`%Q-%v@TFA|D2VWJA{t+0=+fyW zks@J_^(%s$Dq)^Jr(RVo$|cv!7GWu*KLo)wciv7Q;V-yyy9l!g);rWNC(E`on*+?I z?Y?)KvW`lYx3rnUE7Nx_%t{L*9Gd5KiSpspqgyB(A2?KAblC(_Nji5qw~b(Krd5g| zG3^3PFEa6^eGSu@3Z+ZQpn*xQ)JEcIlw0=|n;O%{;D-lsVJOZmE7iua0-4Lm0=fKU zB`xeqN2m>0%_Qjx&Ox1t=}L-GEKApEG>#5CL2w#s^la5M6t+Vj4$K1N7-mm{Mixtt z4$0n{zV^$NdZ&4ktd#4uj=fGHH(6G4Q$9>{fO9(ne-cy^zw@;Dk}k{w`61A=%J`!+y|mecZF;j**2(^;~`H-tKQU@OTpm+%a|-SJ~R^S;u<| zEx6S!2M$Bl$qzTb&&u>t+3H`D;nir=NAdg=eTT1%$om@N z&Ca`*-8VfD`OmxKF1r7MeAc}HB|-nZHyE40dw=a+4llab?^{@A^}K)GI~&^$M)1%< z*E_o!TwV6hjI=T8{lA;uVBGIsxTZglt84TLz8a0q#9#M~ocZcz)E_{M+_jm@O|M1X zTwR^N>t9?z=SGG(>kqp|b{=(q>JQ$G%oZGV{(tuVbh(iu*%!q7>p!0&{?N>b&;a04 zizIZb=Yk}v3KF+NkkZkS+KPe9AP~hw209~?ET~In^BVK*KFfWSd6Kbkk2N!~kX0>p z-z%C)MFO#SY#tuI{2Wr9r5uFm?^$m3>Ihd>bM~`0$3CJDG}LT&2&7YXhANiNrHS?h z^Gd)AjK_w)Hx$!L90V#zI+z8}OYPz^bLrbuA7XHKH_Av0gN%uFP&JN9f7+nC#B71& zflUC^bEio^X_{__Z&2d60VEBM-WQoplpJaa%o?V0vZfNoZcxIGwz60J*>A@?6=W@ zA9n#dQFws~a0@rN0_lT=8%jUrsw1wCwiiW^xycj8F+#z;AYrzbp+niGW&zwTMR;Fn zH>diYZoChr&(qYVCOvJb9kC2 zT;}D%03-TQ4mvcoW8wdTCc}`3Mb73N9^v{hXKH7swh=NDWv+8tnkPCqEhPYq2CNp3 zmC1)?lmfCkJkO&=EZWO7Ai;yjSmvFViQA)3GaxldBW>9q`wm#SmW?RpzazRbLZ+uIE zmco-G?NihR5(d6zzN!LK9O6Jg6L8QD6HtfWH$a7g+fJE#84SZ3KBu=Df{LHC^-gq= zM%=*_Ck$;!#z9{vvNL`8YpC|bL67+0{W@dI>h!uHntsCU{9))?5kRyrJD#(#r^;)3 zk@QU8F6`AzU#-ubRs+o~%zI~}qgCwypv1S&rc3Z?kjy2pt+*tF4ku^lS0g3!-tv^~ z$aXJCvr;peRT2)97!!Zg2h!AO!_dGMxcY0<*_yx%S?`8Q(mDkbKU@TU6OeeTg;&2* zX#LfC)SGaJF5Ov zQSI(6(N}237YidEB`oEr!t^BNa$%yV?YEj8Spr--qb?>a2mMA&^Bm%4YmPF&=@ay$ zwwKjpS&KL5!Bb89<_3EAq83^(V=1%_jBy%rvPXY z!<;e!2V)4|D^am!KL)IkUKsl6TLvBh2Vx!|J`f1m(e?qJHwO*?{Jyh$m{=3rlj0p2 z%VitRdLeX9u~M=oVbFR}_;&_qHt$U)%0zggBS$#@qW!dz@g9u%f9b*n9zU+*F8!+)`le!Z`h4Rz)rsCB&O0TspYm4rWIH z%6!0W(}8a+sD)chd!&X+?fcbzjEX#Tt^;tC%=eYm&k}eYP?EAKO$q8wI+etx$V|I_I@b) zxSU9959;lcos9;VHUj%^rI;6aRWGl2_iAl?sB7jDcX7IeS4Qd*&3Gg3MbSGjri0O6 zqu5nKxo=KEi)I+ewaP2IDT8OdL8k=l8z*xgJ`fxwwQFO|Y1LWD z0~7$~|EShcFXC5ZXN6CoiGwV64)mN!h}G8*LhJaN z6G`tO19CO|cuCX+%kI@7yz5y-f==~Q&8}tca*z9Ver1m9URW&PeHG2J513l;cMbI>vIh@7pFx zgf$PFx0QWsn`o}an>vd2pR4zWfOL*LCgWHva73>mwIsZi=mV77uYPvu1$4St-eSfA zKueP$K*^@YOjZp>TMP8$;{jm8%Z|&fgBwgsf@xN9^jsQ-iwZj=UG}5s3vybfh1wl>;$J3 z`t?`5{b$weV9s(LQ@Ns9WKLelxS9s6C^;n;6fqMYQyD>Hz97R=amfxjnQ%Tk=QH_5IjlU7ulzgZDHy&I9xu-OyrTQ!E&MT;~F8xf- z_iDFIA%}l!Jh*HruD0_P^l(M_1I@z5@UuTh(eV26{9@Q4r=#QJlOY)n##cIE@l7SP3OCi1EJr?y34ED_F*+x#*A!kpfoirI;h_m!*`jzga$ke^YT!@6>Ns^c}zB*w$5<->EU; zU)OiJVp(_!u78;@EEY~D>=3SY8lwg88fgmuUfQ$kIuZveOTJLG6alMXo&bCC;m?nO2g-q*+P_(YTi?~r3Q7qQwH zaWJ`1p+km$FKHoiwTWJrJY#A})U7{Le*&A(e_n`mnK78O*L0%jd`;&tccvcx+dbq` z(y~KF_v#EB3An{h*o0=P(kV^ol**Xq>i3kZ|Cc#0a9QwouJ+F6{IWqF5OvN8kx(O4}uP1P^Uc&45nvO}(f8st@(aiIKrnw7LDaS4B*Y08oH zy()_`s~qZApnZge+=qo6$^v^np~b!W7d^d;S*eJxROXr5aZnp?h(R_LilHCUSq|PM zhoX=V6puw-W(n_*;dHquI%JshB3CmyEM{CRV2)={@>`K7u;E#@q#g2I`9QgvT|U7r zc1lzF0CSoaa0Gr)YxMV$>FH8s&gZIy3u-p`f6ziL#^nRe65#lPTnP;it3k?``nXIu z8RQg?3uk#w$q5tcJdDL$@kDiYvR`l^ucz3W=A)_}8P0i**PD0aeaEwDqMj5#FjrxU(b#I7o>ftvd<8eU(&CCmAo=1UA;U>XnGc)&~` zq20Tak1DVKSu6AtSt(7Wz$puLm`IcsktIO{4TPIr{&3LNM%Mril zx-%HVx1}sNinC*y6`W3m6U2sbNfVLlo}lKtGMS>I<$sjCzI|>Ii-n% zTqp+Wi7bBz9iLd}Fc>9x!aecs3G&7pKAq{M;~Du@%xIP|IVtn$pPd}@I%h0q=AfHf z#~%4XF=H9hfsA`3bIQ^x8@ggC8Qk;x?zi;z79S_bhDQZWYuxTs5ebDfn-zIcPHC;x z6D}tL3nKR%FDTDytVQEq^}?b#kCDbv;hHTqPm_;PSK^MgP8HC2kyjG-!}Lq=JG4Fq=ZC&%M zkBCk|wpcJ-)KvC7y3hn@;w(^QnxW(+Zpkf;3qN$&hFPMlpp7anC6b|62Qb$98zZx#DP6h7A57GrDkrWy8n$_tk9z@WUF6*{y=qICFqS~VFY67@FmWjb@ zAf8d4 H%JwdcbzNazGV(wJI3n5`I+FEXL($pg+XA%yxRrHMpM?G>5TK9X~Xme%H zz?KPwjYYmwEPEJ=qUB@*GKTQB7NkiQ;FtiZyjhOfl?>uC_Prz`h8*z;LK5j*QK2`` zt?@~79zPb@*UoPiOznC^MIUreHvrC#9ZzlVmNjVCY%2zc(B5}dl*nSnf|^tka5_wv z#v5EW|?QJq#lWWj$m!pqZ(*aBAwe1CwMIe1O3z$n8VUH#N$g|9h1hUrsW z+<3KW58r$vZF^v1k+RQaC@Ig>voeZC8Hp*lYHJn=9ckZbh|JYU-R_-j=0%nhlSW=( zdlkkvjD^~`F+xx0Gzl4}l0kKlKY0513@_HHsVw%Q+PDs$+Fm=b6(~( zm=5Mp?_$Q^8Gcv|dN~3oO7?h`EV2Nfxko&7G$r0>k15w;2N#=$H<&%u=sIf^|3**Z zbAHcWV4VnZvu0758f)_(=xw9p?Hwyg0@x*5Tl6 zw6$y+j{UL1sjdB+NT;^9-%~tAA~wjUy3i*PP`wrMh0JQJYSrrk>Wa!+OQ=}?e*qEI z+grbhjB5M)L&%dewBaDmsztfFx7cOT1;3=K8>b2@Nbm%%6#ncy=|8qNBmt;CQeB`)uN{&q5u$^>TnLeEVxWJ8RnTwXr_7!*)N4o`A)*m@Orb zX-Z}kVf`Nk$pud&1MUL}d<^iJwsQnA%xh=lSug4TCXuezmVl1hCOTpY?(pI^ba~W? zVl>yK4o1&DX`8}d*Mz=qm;>Jb8sqtsS! z&?g44h3n_r%ghqa`%yGsmx5E3>5$fiA@-OSw1r^?I^&lMCl28*eQTOpw-A~$;rBc# zX-eiaVIKDBWZCf4=pe!@(2%h-1n>0P(oab9`G(61nZ9RPbap;GXqxQ-k}giKA`SN! zVzvg;5+b--Li%Wmvy5ejw*6bFAzBnUh$0D@NF`Dfh||-|4dSrJWxy9+NiG0%y2$xG zjhBs_hU~OX=!0yvm0&Pw+mKf8zBCZd;Yf9O>VrlQ%vj8%r1{bha4j5W#g1%yJJ=-J zf`(b5b&6q0{VgOf4SI$=H>e`ls?UZy9&TShZ=A~|q_LL6Mhz08RUx9*H{6<9xj)tz zx@1gm*|em2B5P|(hA zq++UgO~-K^a2xc39%*X9f61It%(?9kcae*N#g%o|+oC$Zn6q1FTn;7@b1A8YR=y@2 z9nwyqH)0)GEO0kvfUKxK(Z zvZsEV(~M5RzT_sMV<3jDVp`83uc~+!h{lKIwmIz&R5qNY=WQ}T9Op|Mbi+BaLX|!4 zOA-sr!{cqKl?-1`Cn}_{Gj(^&S(a?t>3-jQJ^{;->nqGI=4YWq=;s{wKPsL;k*QkN zF|rnDzP_JbuMI@vdX@-*7c+j3Z!#~@iGeD2n!X^@S{~k``Z;(B4@hvesh%v0IA*fZ z_`C=>m&@bY%u+K!Qjtwr{`gCxzHJ&XbIkCa7-xyA$qYdvDo|GMylj&T)MXutMD6q+ zW`YbL=aBU_)&<7k$wV&neR{&CT&5nXsSzdcGzLPX|F>d=O?P!;CjLpZ7Xp_#2h4ZD{#3nsb(|; zV1q8KA(IBU0MrKKqkURnZA`yVLHzWy1F5b2_Yz_0FivDr8m?wn0$m?0N+0g4Dq`Vk zwr|<|v#Q<%Q0OqK9aLA>lI2R6#dsB#kW2J`=pyEEQhMfqAfX4U08A|{#=IU6$moiU z;~7iJl#ws@ELesI9D8``1I?{g`KY^BlYU!qEK-*WqA{Wt57;CqwhD;k&`=@H^zayu zmR{(U+^DM_T#v6V2PdO7C(&H(4)((7ql*XOeJ^h7N3(C!!B5?4sjb+M*4(BuCp#WK z66SeVAGfPn;zbSMQazT!#Era=EWPb`LU9qkr_ef$c?}D~<8t4 zAgq8B1UHP$<|*TIOc$(2v~luGCK*p2l-23V*@E&MSq?CQx##2!R*{a$oCGODK!#S* z_B~BiNhkujwT;54nRaAo`206qQL;4ckiVCl6(FTEohVDmaE#^zJe6$sXriIHP8f8@ zK_dr&q&!`Exqa0OP~XWNlBjc1@L07n6QyJ`ktPO38AwLiVv$R-YG5hs3ruQI3mSr2 zE#_(4L*oGAuVmlZXwJ*dr#*JHOH-@Dbg7pv0wtDsh3HN zI;f?>!JV~$^yY@P1H3_OZi`}LFJ*h``ZfqBKndxSR`7SrdX0O~AuaoR%RI96)ez$7 z#3?*pb{ry5Z@+Dwi4As03xDagqG)t>JoRHSlkqc@Y>v(NjD1mc|@>eE^EO`-J zkbWAiUnwM zUC@sQBx^liM1IS-v13$Kuuw`CXopJ~l_tA;)%$)`KRr0X=V!yQI>pa=&j4BuBR!mF z+9o{~=*#@G89*R97p4GQoEoLT!ONEo-p_$rAP{cQX9p|07PS&g>cN3_Ct-2!ZPdWm z?iO50-F1;Ow2#e8IH2C-^`hw8!G*fV*1z$1CRq+E1-r|CAPur5Nklm*f;3AjoSk^a z3l5KaoBQ2FGnBFt7_r8!$s#AJvFcG3c`4N+>U3~2_;IWm_sRrknU~<~%HE+mbyy2S zht(MOdIu9V0SQYP`nR49e<1%g9Gnc!jvptQuaml~DWpC|@Yb^8>ypA%&LoJ9`(JTB7%z|yH& zoLeJn0TUYly8aWC*H(CUDiIC%7zm+{pl1E7)wP068=(T{QY&spd@($~I2nFECYQsD z>%)`L5jlTFj^2#U22u39M~=|!wr21HbxLV=2WT)2M!I5cte%6U5qZXH=@`&K%Qh#< z0)rVI*(R!_F5ZkzMi&>Ov*Gx02YtJ%SRMO5iX}&Z{*>;D_ zMXnwwibW-mKvat{m86!!*+!XhOIGg|)YEY*NdfM26pcq`uLl?Bm&3<1HtBIT5amsZ z!xo0$A#c+d%Xa)9BgpW66ph1et9e%?c`xWDZNkbdY0PTr)$(w*_xH4)*-D#Ihfpo? zf}v5Xlc@7|Xu731?M*S&P8=R5r zv(fn(IUSxJ4llKxLoEtf0o=Zg)_W!Fdm9Z$5V-;fxHKcz83I@iuUqYom&XS-A4>cB zywrTwY^Z~OhdbB{c$R1=Xw$CI!Tx)#l=6;sc-!JW?d`Ybj|y_DMOC)iSjRglc3+bJ?UHteec8s)qt|&Nl!_V zGYL5s3zo9QOk^fRQX5R?l&7v(#mc3wVzFd?c7NnD=(cNPZ2%QWLl${^W9=*ei`3cW z!gO+Uq7F$Q>eyr?hRJC!WDL^eCKskv(s^UZ**(ijhFi_$`18EH!OZ=*X_jrI%c z&eQc=x>rq*b^cRZXYD*_b+7iv0-u@-cM1m9PSnM>to@tGf=*H{XO7iWD+4ca=F%hQ z+o|@e=S5^qKaMNfFrFN<>SQA84zC?xQKv#q)z&J@1J*={l0qkCJp*tZ+lXbmXiM+FPHh6F7;oVV9(!OBAHf_=uV#e#yn=;{p~0zItXsAg2I1F-R|9EQ`(2JQIVd&55W zvK0D8r#wixh`U|fs@={oXZY(}lnc^*RH`_L51otbuHyrnj|ZJv0y*or$8$d*yq*n4 zgQxm82U;8&)7l-L>gyAo!og?OcxtTWp;~L}1`g5AIeXO~Mb|y=GfBQbtc#JW1kZQn9N@D^&vZF@P z8e7fT1rD{sF(Y}`qz4(;%c_Jo(?aM-VDyJ28W}Q z(bbO~G9Fxw#;*oPSLc^MlK;3Ks864&RSv&c;|6NAF3xlr4LMGJ?nJ{ObRPRz+riHNp8-N%;JKybAs9TDgY<0&o2s+55T@8$A0pm}@AoaBZ`Z&07(xr7B zQ6tU>pM$@3fl{g7iw*Oj-dmNqfXAXg89V&eIOfrU0Mh~I8S6NpMyvDkT0ORQ?qq-W z0;i32Of?wzuLjXexBR_MFJ~%r2ucsd155AK%Qh=!@^ka8Cj@{?iV+zC-xDSCXx5J& zq%f!2p&2bAUL48l=z*$V5vZja!6ZzL$NCm+2*rN{tGYfr9$u2Ob8AwolZ(sq*O!A+ayn zemf}aPuP@anO1>~os+m0QLSC(g5_L5w0FR$Dt_zY)&+}%DU)sZYt_fJR~ObD83(?o zUb(sboI)!+NWJlBCk#n~TiN<72PuC=6XeN8uvDk%!uZ&yiZh!64C?|6Mc^yv(P-oM ztX>8-;eH$LSkE`qi%j&L(lZlpNv6g{1z4FU@9E1LV~ey`=LVlt8;DwYu0WI^D)>@( zEjGMgdLVd?d{7a^6@-)>>t33v*Bs<4EC6hH!Lo!GfY#u~DN``jhcBbRC7(&DrC9&b z>ur!u!)#aKYvE{7sh+wu$LPwV16?4iPY&|WeHC;Rt20rY7#VL)=oIjUKmvNPx7XR* z+as*Zg?Yw*temrd@FW?>lW)R3+#>@IGgZGEjaykErc9$fLkt|psewu1ld@poQY_1f zdX;KFM6{RBtNl16ca6WKctXZZkG&|0|2Z4f+iuz)Pap7G--l?`6RZQo5H00CP-Cf7 z1DLFcn+CzRGRuJ2Wq{X_&C{jY+{jNCG{+!zOY4FL;qKsoiua)!h2pEsDzaB{C2Sn~ z(mv)5oDMc{=wFCN4#S(QxEdtHm*wp(T;UaWx-e%6%A#mGnV>ZN2tTN>E$z@f$SlT| zqfuX^!BeW@>qmVNX@M6qjMe&jcf1P=VqXLQsOH$Oy0iRh^s>ew@qQG2N*uFKfmLQF zVrNyXSm-ylQeOa;yFTIV&9|E(nzyTA7wcimoNTzmGvjNo&RF|VU}dArp>aQ6r}wPq z|5*XD;Ct60im6umqLTo+k6^f%okSbG66T!;&(^QLh6rH5WpOIwupoF}*toN?G4BlG zqC@t-{%TJfdf?YVT(sI9q5+yUIbIMNyj+b8qt*q(={lZ}Rxvr{3|)VB^9N z6x&@TVsGn7FyrxdRL5R{^j`49s5`-@-sLZU_O+RC(?r|t1b83nsQvFoXRnXXPowCd z=kb;?K);mvO7B2_kDQ5OriHvpY#f3)gO?f{GjJXQG3vcJAI57O72UoX>^7(6)7=;w zl+YD?P3FaG_7P;D(Njtn=@3d<$9SK&$ehs(W4o!^g1}CZJqeQn1c0WTAn6h?7_(tr z!)5}QjI|X65I=HgP75u4(ahJX1=rgKI77z;A7;$Mce0Y8T1Sx=q3m@0o6AneR(5)f zZQ%G{%QiqRKe6Pml^>rP`DUFuI$Qed;e<^T(~uRR@TOxoLIXfGXvykrQN*fv06tEM ztL5uX^9yBXza73(cJvwd;+A=)U7jG$Ad8ov;N3ZBll_Ai|GN!V`zO3>8ecN&A_d8r zDAck-l$()`tw&9#X(1j71N_9G&`lVs+LPX!DSSlO`*NLXmv3!_k~;oMQLBE7gOH3c z!omh(tPHkTW3!5T>aC<$72^E?yMXL3sQUnX;9JP9U>s;V##6Hc-qq?1br5Z};4xnS z-;?wna$iKzf9)T<=stV4x8L1=PImUb+&$Ra-)~2M`d9hklX*9p&~7=G-9;{v-OJ(N z_;lEtC!em5y}iA?FJHWXfA{wG!hiSo_V*9$XZZR4v**wE|3p3=1#5mvSa6AD!ClzHvF6bSc=0RBq?R8R0Et9Qif$UtLj@#OLslnW1 zF<*#`X>BPL z!bj5rLP^(-(o(FQSt*e`o2HCNKFzuURH!WHT6sBgp_?7T3)k!AaC}7u7bAo}hl@=y zk|O8qo~gSfflq*Sqff!k(dG4V+nW@a0&7TKM>NjO(M(CG$E=_{l{)GthR+hVNX2sf z;=!_EK^-Ec2JdjLq$vl%x>I<8xw-N@Dby85b9hfeG6!lW$2!$l_4!>gFmwzwhK`>5 zOGsOjCHmJx%w^Gwy5#CXkR#|~P8aIQni-&IuUm3Y(^8wEZGlo2VooN2I>MxCYmkwV z9uoGY2MgbkV>cxTn_RcJycanGNm25GN%hHRYggfMNiGR zt&7Pp0eGv-5XjGeM9pZPJOI88a}I*-HD@zMbI>u<_^w=NQ=;w&74%b3DTD0UBSQ}* zTWu0#O5t+ZY|>g7hn9D3tL80W%iG3EaQK9&rWwT8l?(Fi@!^r0^n3{u8l-qshew|g zMYx>^JUqg-tf$8Sc5B5aV2HDHX%cQTlCeT<%<46@)D&qdD*br4=g7`Qu8#x0WHASw z!Od1{P-fPTHL-C|y(qd8WQv1^Whl`c{r8f`cj?lRVO(nAd{w5A+v8^=CGbYufsnJA z@5UQ4e#lkc?vXc`FbFjSVqtJqz_cJsURaAuCbI6r$`*uW_dFLF2E>>X#tW@90VV>Q zJvRK`Y(-E|JY@BOsCSflfN_a$X#h7hPz-WL)il!>?4!U%Gp#l0AvYegOmc{32v}bf z9ctpFEfCIxWJLkVk$?m0{=(>!IxFlro{7SXwnj)6=jwu*(+o8MI-9C0t+Oh5t3)M{ zGc_4HbNn$nxFQSrvux)=~sk-QU= zUKHKj+^C^NbiuzjcisJdbjP!#PsY%8G-m}>#PlNqk&FF+93&trmJ8M==L`Dxl0~vm zeEL||0gx{xT=hw-oJ;t#Wj?>4Qa*@0>66w%|Ej)|GX0J%;fQ%9q)acoLhl}mhC=Ti z3cpan=p0$cQOa3XjE?)HRmi5VaJ=v}{;CS8>GoRp|7=CwZucXmu4yI1iNw0yZkMQ^ zkLW6yY_U*6ajWA)y;Sg5GAU)=a^HC~p}$`|;518Hv5>Zw`qZnUzJc;LH#brAfm|4A zgslAeK#rM=bB_FJo1YKS2hv^tgAH#eRI8#IzOkG6W;Mm|kQf~s@ka41sD^L2W{Piu z)6m$snlJp?UacFNhK3uC(#^((IR>Gn(8G9qLhf`EUc(K??~x6E`@>aJ!}TLuosSP{ zdQFp_Z2Y+-=cD5z5<|V(R5Ty>o1kI*Z2QKcVV^5BZ;W+Q0gU;ME&qS@#q*BjiVf$s zn`swc4)&I9-W8Se+|YOf#T#12IhJe5ZKSyAb<^1Jqvv=-%O6k*1(_$)DP+tY9Eh$~ zRN%L8qtl#apBJRG!P0gyLt#wP4@Pg?Tffs3B+Y9MSp{ zXK-qK&fn^Xj7LBe4ZuL>`z>P6y3P)&xzWE}kqBb12Ih)`IVcxxC!WSLAtYvO*HVZf zB4&3Z@`1a=&Yp2AEuG=?3dM4V6m9bK|3O4IcHwl{6)_0xhSPtum#!-AP=XK zBca=b+&CFZ3z^i<&EV(b)H)EPcR|r!4IZW$ikZg01T4cS+})KE78j`*ME90d`Xk-0 zYws`i*T2FI{iBg|0X`N~1a88-C;*E#dNWPMgr>c6E_-k1v9_A1C%-~KgvK@6Lb$a{egwoI8GZ60 zBIGY96Z|!b)Sd8`G@*-2Hsumfev@xn^QHN-MS8v7Un9Ic6jMAt`=%9V-+*emlf>W9 zq+qg8zs;91FP8c@F<;OO{)olAW$N=R(e+g&)kf!I+A^2lH!ahgmd)*`hJdtjwOlZN z97O$LitUEwOqsvXLi<1jXRW!3b!D*wGoLW!f7vzj4@~Dw6y9YaojB$WtzPw2d(!GN zXlm~Sn%G0SVz+*}3u3GL;ikTQ^#!06C$jMhdED&)H@W>}-IdTl$;PW8xDdkmX}%qN zJ`iyI<+eQkSj2ZMH#{Li+3Iu1o|UF*u5|(Kd6;Opssi!FCBW4>$g5Tla&$ulh^A_j+<3T>RpzwOM5Vj=sx zyUuXY<6>9U*e$5Mle=c)v+hD9U8`x^RkP5Av3GU5T{Gt0&ycb%)oa|HEW0-2T-O_9 zS7hB{#=3gjcGXd7_XwUNjZ!dS%xwImQ?()#5_g2&17M2@Ho{NwdYgsa6-HcuAzhSd ziVH7q^maH>5(8kWFufHpf8=~4$e43f~6@dF?2{{_LyL$>Q+5tQA zq=cpSVyW?`KCp)gm9t1JSSBUpb0yvPFZRABT{)u%FJ6*vCK4t|H=#>Op1piQx*2=8 zV@r}t+CSKP{uSxou_ZWZrLw2K=$b#`yg&|r8jey;q?>6)jL7r`!sy>3o*Dc4=@^V; z`1Ou2O{$NPr);;$+HTH3x;4u7I@@-K+A;|@i^YSmbDn@;FTHuJ@LI!SQW+@c)Zbk- zZEnuGYT3=KtzyJDn@9Q?mIbL^VS>Q$R5<`ZqPjU?x^qTinx;zV)O~9?U3Yzhv*Zr< zW7xfFqe$gP@cYlmw?AC%e*43BaF!>G7=KS=O(dgZawYCqW}mT;O3^rTQ>hwImv!OW zA_as&5K6xN;XC!@G#T@$=cb@4z>?Im7Aw}T`v>#fE3mMF^#|F-EU(F{FcRj>%-g4r?;v%nCEdW1$T>HlBv!Q;sR=s+vxrONGsuKB^GVoaEzrp*#) zNbOH;Ukt8Jo#H=G&>Rhd8?F$lr5?G`d0U$o*PKVxs#dO$jl2nX8ILQ*gM)5Nfg^Rh zN~G#4Ch`q_q`1U4e_7CC)-6QW>k0~aGJPMUV*ffb*|~W}E{3Q2k?t`Z)Z;i8^PAP( z+<%y68zZYpaXJAE_V$L9rM}z!n)q^_U zo|l8Gi&b^nKkWkGC1KyuZccNaL1ek)zpy^pC$A473P#v;_q8UEQp)FQ;ObU{t7=9~ zdO@v%x#zUOx@#@xMyz1(Ir!s1i^ceb-de7Rg4s}n!3vO;{D%GWPCG5dv^9cjU zYBflY`bN3?2EPMw$zOMA?(dscGC6n`$IpB3Xio6=w>sO?+qhJpwr-Gfs0SL)N)2cC z6MAR7FH95;+-C43=oZU`TA9eZz%6U9ZI_ha;X||URA{I(s}`+l*47(~7xxh%DV?xX z_CaZbYBjTx@R4}PSPnY4NG@2c%Efd+V_qz=j&_>rll|8`BHAtHR6QQ>`!2a;H2ERt z1v}4T77@<{1c|<65F&6PQXVh+ijA2aY^xs}F! z2w(1aK%jth&vWl}eym^T)rnMt&u;Y)u*p7Y?e`9P&w9^M*QV~MK56Zm=|V4o=5+zi z^4P_R?Tl|RsX3FP%wto)q`2>EWnE>JBmkp|9KVK_*NL|e8h1jl7vQ$Pg8U)i?fD>F z?3s-XsZ2uOi2CY8>a&d=%=fs@)eQ`p?YuLq-!X7pwX6ree+wGl(WwuQ0T&S@@yk3b zNh2jSMgSsel2rBOCXmo(a|TC26VoH|rFo2)=s~k3xwOwMGlw^AJiXDbH>JkgGG29z6ow-UBs4rMsF$oj@=2}m(k zpLNS<0U8o_!L#=Z78jst)DCjibWmR{`{*-4<>PW<=1g4?7_w&QHsT=~%DkJxIY^V6 zWO8t$-diyK8+Fm$%%%K$syM$Q83jqTksIYRwV!Wx8|5DO>aiET_UFP|AA}!s>lZAr z$>9FLX{p|@U=Nz4G`s7Xw_1W8yiP=^jKjaInuoLEI@?-|xe}{3!-@ZCvT8q zwAv#F!9f+*{o7}?;{rBaP>tc$4m|eL4LIv=uh+xlJSx!AfQnuci^SQ(+51JxV_u|7 zk_ws_<)E>E>U&SGmZ!P8`Af0-B(`7Zi(?%MmQIs-S4*mI%e=f71<49C@Sq2uh-Tinw~YgLfC zs2=E2r_(nW>AupaqmS$|^jfwo?UDSUYtk)yLPwmI68z24*It^?i%!s~uk_Sn;}x(f zHFjMC8Q~GOH@diiFiX8<{Q9b!8#sK^Oy~qxxAY#-01H26#YBOq8fGfEB+s8eQ?h?W z-?SB}XCh%20#uAw=57wO?sY=DE>RmO1A!W=WqG!@x3`CgO9x-R{8I0LOS8dDutoyg zz`QGMTtI;HZ~g05g#_h{9K6_@ll!BKYv}UD-X1wUgkUN*hX4?US%-N{H6;#kLq@9_ zRssUV>=xjKZDKA&M(8|w`JB)^p7DaA^r3;bVVlS511}!ub;%Q!@{Gv{Bp)T{>8GUc zDgkF%wO(hR9n`cJP7V{=oS~Ih=*A+KvS4%HIUYdpt*zEi6S8AGDLiXaTWk3NOJ&09 zUhQ>)d$59_(lcmyhzYD+p8Dj_`V6fJgTn#KAodR62|%6f@{aiSKe(FR``BvhBs0z) z69)697j4CK^&(sq1C@Ze48m{&MF4o5n7gLQIAoy~WT;qFvXv5tz0jvcN(;3V*4N6e zmlsTOcsU##y&<$HXnfZr#~cG`-dtT>bW?WEFm5r|$*hfcI`RgvL*^n)S>8<BP^p23;qzMt+CP5SB&z z{l#Lgkz@*C-JDj=VFvh72}?i+oOq5AkaH$f+}nt=>Yx;3DKmrpi)5-v$r(+;;Z>se zs||7Km$o5+s>Ocv1vxjf>L2MskmIv)Z_U@hAW&F%_SM(0J};lW^d+~sxW|Y%AV1f+ zBy>s)k~3N4JT9#Fh^BgU0YPNy92!9gyhIYZ&?{Iyt-7XOUQ_sH9q}%Z4C$(5gY}fN zZa_~Y-0NyP;!On@z)0=?dBX@mtN4BaDZdnt9K%q08hGbHz53MIqe>o7TW6=&>s7)& z-U$SEP~Q|x7HF%~`V%j2nHiut?Osj> zc{n&~2V#(U4{1kV|Ik4g7J2K1UZcCoTZ_?Rf^UsHn3oy3!Khn6sVKk)?Z&gN|2Q~3 z@zpvyTsYIbBC%Jbk(0G2rCCWtckbRoyPDesxpZ#^i4yz34^reeBp0c3Qk?R8migXO zUhWH{f<+%LKFx@lEU2&ZswI@COQIgt1~C&l946fL1h^`S7eM$xAqd1bn<&5p^db%_ z_ntFMlpv-W2_W!luEbAkQ8yuPXhF^wEE~`GZGmzjFP3VN+56&1WNPqS@%12d*^7wx zj5TX&qd8?F%FJS(*Zj{GIR^;Nz)cMl@^c2}GPgc+o%lP)e9jZ*-a@fhpdsH(jO##u zx5#m67V55}=5VSVWOOegj>}wQ{4JC;huMkOj1RB+&wsk%lX=(h8kTfr9N#$qEIyg{ zCj6J(cyXsVm-@E-IdKkB_bf+lhMUaHvGFp@8-4b?NyUVdt7tS&XM4mT9yh!lodPs~ zJpj#=!3Q?J$LsnE-d%`GDu}9{E{PU|(4xw64HYJLW4b`dC4j4DOkdpAQ_4`|n7id? z@C@2SlO4a)I%sU^ByeBY#rQERUo7a|TYzl>8FrDgu9+>Xx#>mG7vz-*n1I+Sa2&e@ zsl+;diUq<5EvPK2-a|6uiv=sHe0t-sB0|0}nyEE|cWEs9jY6)G4twCrrI(Md(at*(n4X@rFj?RwXj)#}ukB)|sWG6f;-z!?s^l({b13Ac+ z5iB)Bj9^GeBpV9l>K6!0tbcbap_=+8FH`>;eC`6}v3&@1wYA?#_7@^C(}*^zl{_^O z8n9inJHk?Sj{;@R?|I5hW`Qz8-(inQ)qANirG;FqVM+_RXm4am+pvc^B^syr$xOjs z^Uk@dkwHY!Cpn9iqj2`i{MR<*X)oTi0bM1(+`JIV}bW2^Z5 zy5QG7Y55N*lW1C9dS);1d)CnwA>3)8e^r7fZZ6|8k%_FE3sI2k(J{hP=;xj-kB-xU zB6KEX(L)pGXLPZk`CQ~Z%VyLp^g`M-Gq}iw66(&>9oJV>6nxHhwK3ok&FLCmbIq+u z7RO?~aBb0aG24nZv^YGzu_nqYZCQ)0>i5DN`k|5lwZRP;C{gEf!jpt$fCdoJ6+xlrXE9b^0&`x-1v(YA4Z_Ddm+N{& zM$m>LV~`|{5o^8vrT=_c#iN_0gM32cp1~$Tx%}=c8Au3TCo7m3@aAs9?z>u8SFfB% zEf-v!biv(%cQxDcJQDEG!FM4`3|tnvz>oBh%-dJ(0hUj6fl@MeDPIG>(zD_D0HTT* z-ssj0v=E6kGNbQ*VmRd0$vE&JL^YLo(64-}9m4n$Ps?fmz;;CLy~A=*7OdSfuVip6 zt~l*lN^EQg=EC$F*Zzj;b-!GoFD_N0pt>U_#*?+diI`{Pr>m2(_So&|t3C`Y02j4; zj=1CcNoNKlavVXg=E7-=kUAFwiU8_*#25>Rl$S1o@_|jrBo_}5;$|cVZ@~IRulx0e zfKEDU5Na?D^PPyeoSSSAYa?hNCGw(>yCw{yt5qvJo9^o7c0Vgp381MzL8^Rj$ck*= zDVJydI780s#7{n6oBZ3( zX91>M8&%~XK6@ln3+5j4aI#o0L=1?G~wV1B1r^7!1f`?VQY~{jBxov!3^c<2wng$W?xd(dJHI|fO z#+J@VgAIrr4Smk(!-l$gHh!8GGf_@G2RP8HNrskMvkhXA=SuQek_WW~#hjy?xI|An z=S7Z*0mI05c((xpvOcc8Eg^l#lVE*ZJ)DR~{cM2=WN>~Si3{|R^$^-*Rg`0O>_fw0 zl=R~JM;Xar#hg9q$EU2p6MhY4bx$nBeFxt1i7DgK-o8zsFduBHX@G9=^wj2-Ro9NY zz;}#QR~vgYf}MQ}dAfl%`2b-Nt0=2Ey;LbPpoTnVS~ulAs?(O&XecN zIn*>4)xvRJkR7;?F~tSHXUHb->M^96A+$fmYKDQFD=4$#rHcgJ)WxTvtcGaf_Yj-_ z>I_Y4+8RL&LdTZJkyxcHgi@)DJ>(h|FV$t~_>|;TDNBn5T|rxbwPpO13>KCoJHANP z4(dJW2Pi{a07cnqd@49&z*S*y8B4w625aiwAXo00sQdm`FZT9~7HGGeOZ8uW|Lfjf z@8D(yaf-iOos3rzSR)P}MZDNR;U?mgICsaEg%D|1HD_BhZW{&FfU?@V zwz&rvWQ&qAIQPXfnq@3SorA`p+cCml`y9beaY@=Dy1}*-sC+t&3y8D;7Q--a@{>3>toR>(&+%1})D zEh&>SZI*N^l#RzH+S&!)6+0lSiX06M9f-P6(%lo~wiT2$F_1>ejs}4qvFZKt3Fj;b zepxeTpw6ntEv;YQ$H_(&%4iD0Y{A|L>Am~? zsprg6rlkCjp$y&oKAtkX^U&2Z2h&3J6$&2`4|5%oJ}E(h<$9^LO4`3UKc2D*&PToI z?{IIf4rvQ1YeY!>XWdaNDXU*mD=6FIj(R#jYoe@vMXjK0i#zJmQdYmBR#3LZ9rbA` zt6xzoDEnvKQR^tHoYXaxRp3{uchskyv-%aag0g?s9kr6O`W5wi+)isLvscvbaXY1A zDtocWq)6E-h;?d~&#q6$=*_FkYQURKU67l1Qe@k{Ggne}BBm$oo;Aph4V0x~N-*4K zJ!PY_SLYv1*%++-Th5tw`P|S2xtTL5>6CSfoW`t!o=hiV+PS?=;tnkn-mplHGN`qB zEd$D+>~?Djlnu|`49<>*HB9@p)k4a~Cd5XGFf~qFp-e7VyiFJ6=8JE5b}JsYo$D6xL)Sah2% z$jytrz4?>&S&cG`Pp+-zDTXaSk~l@#{=q4KBxx1O3@T02tX1aB6y4kfxjFdwIkS{C z%vycUwj)ka_TuH!=FCHlU)uv3Ear=pnebZ&k8Pj69S;f{91}j~9Z<)1Zl=t>gd43+ zCymJ70gC@)Xbd&T4kn_JvbqM@qJFIF;t^`&fHK4&86yBw6b&SK2%PzN*5H+7E$dyh zthaqE9xrrjk+ZHz2T{Wf(}}d6Gn$?L-&8Q3_)blF*jx#v6> zP0o8C7&O@uAp?C3>xfDSbEyGPD7it5AX!ejwv5H4$VgG$(FME`#A}GkA1^8R_1NysJ4umuKDoJU!{+*>3~XBSb_sO_WfjzRj-FcjY52H&Ms}HA#B~%6PF^)ew!Fn%h>`U`6zzA{x z8WRXm7Pq%g#0^r1>3f!Y;j-H06*24~n#FU6bm^^AM9N?}cm^R?#fT{l4pQaNH$R=7 zUk%5-;(hVAo!+hqZI-)dqF_>e+`e(~jSyFL&)I|auJ$07Crg_L)bn@k>yT;n1}P<( zFS|KQ8I=tEEOD&ldNIvuQW@%%ASHZmKx?61hp_i7E^84|xZ{24HQ*Yuw96#Q8=Bp~+cd0yjoyA)|Uq4Ax++brIMNK<0Jga*v` z0FJ|^Gg1Fa3|+qxHvN0!gv_|a+kNfU?T5>&E7ev97DDwH5UMekR?upvyqSQRKTUXk zZvJvP{C+eZouB>n#zg9w;h2%TglsDYT-~v`nfKa`bG-$-tzpew8;@J`&&YMg8>0vm zpD|zU>V*Bptl{7|l}~kGx>mzMT9o;e`99^C0>*_@AkqeSm+NdS9Z(gPsrKvtE)x$a zOQwt*v8-UZ^Avx0c#MimVDx@B7IUbSOlS|F zTO+-d;q=NTUMj8wNS~{fcjUWNd&ZX<3M_)}D53j2#4u z8xcMRD-mL;lEa+QJJ7U3as>%-nP(z{9?2{IzWPxRUKPP3;c_@QJ{|Vv$=`PDuk8p* zD<+2R#!X$T2OLucq;UHVqP_^HklDZBO~}p*A4h#<9-$9|8S`T2GT zAshT`gSIQX$b8(a@v7Y3zxSE&u%I|9EYWH=7 zp6UHaf7SQSCB(g(97;%ptLPW(<};Rd0Sy+@4U}oxeMHe9>fg{>N|r-lztt|W?7mM1 zmsg`#gQKhS%OBrfkB66MgVUidVR9+0sc|tFkAFD7JjT9txRog{WM925%J=$jKg_w0 zV7G3XHnFS?leek*#wmSL1OM(5-N5%BG0zRPA2rSO`g{NO)BG=W-Tm=X`Pp#)2dHs! zH=%Mi5j0OAqN{tyCp4p7`)Ti;6j{BGP4B;FFJFfD|G}5)pFi&Z-{9w`h>(B4>21B` zNvls<^vmZgx!vFEe)Z+oNq2vreck=)WlXz!UncSX?d{j`SGRGiqpK9l1yhym7O>x- zp`z8-trOBJc#%Tk>(engu2dkTHRFYB^~s+7z=Hu()m+I1%~&eG9iN}6&wu*I&n?M+ zVQ=66-0JTibo5`#pIiN}J3nLLQI;_Hy7O~O(fo6(|8q++#jk#Db$)K~1U`BBa&PbJ z=g-%U9m>Zd)ve{?LH`zuw47)1=T`rxpIaUT%R(ejClyohE`&d{r{2%4zbSe}USPHV zR`5BK1)VRTl$wE`TYvlYZ*J`9#$X5kkDpr!&F`*eY_0|cM)_Y|>5`8NS}f^*F-fHb1oT^U>md|CMw7#b)PtaBb36I4sw$ZZ~uH?QIN^e}l+|;xC`fL7A!H&5TT}twIPQ z=LBm+kZT2C+^q`sr769rg$u%f0OYHdCk4S)!gqL^!5?9l%|}@K2bG)?~(oSv&~QK z{G%UD*MOgX3Kp>b{69PR^4XV_^Z#=H`SU-{|8MbwphfEBzkTZi-s)7yebRajCA1eB zp8OD>dknsb#utvpxscK`{HiK7BsJ`!+NBjmYURx<&JcC+{gH#&@gYx4!H`7N1Ui5_ zyvk;8?p5t!YO%i|J6LGEA$6Ih(?W5XHo3}S5`;_BB3yNE0lAV^O#(Z zjv@J81FYSSMW2Lx*&^#&YTCWZtW1PR8O>HsOF8%QV{7y~GavOCvUB8>ZrSh5ELE}c zT#3pF^vbv_j;CW+UTck9_g&M;=N57AbNeO1!`%F(t7*XSnkv@6bM-WoUsJWshu^o5aTR(XbT=L|1P?wJO$3arn&&Y60P39iaT@$p1jXvIyGR`UhubbKb@_#^38 z8}RYOhg)XT2psUHt@4pnI{?NFw7Y^e;kHau5`Gm@tw}_*$%fL~QA*az1+78)K$jk? zv6po18&}82h-|7ky3HECclFQMy?411eAb`R(FVRt$cwD0ZBZ?ekSp~a|7Ek()#?A6X z(fGtU_QBUyi4Ts1q`CO^Vo)Q~^H~sJNBJzsF`?R5UaiT&iaOyJt_GmWHP@+qSG^#?hz{!7ToVT-1{bo9ImvY zuY&p z%GNVDc@P`DYPccl-ex$!C#`4*_xG5wLxrb|9TZEbJo@;t`;Czu$^KqK7}cB>@eE|< zV5#ayfAbvGA#yiJv-Jv9k=BRJ)xIS;nffJHZTxk0HVCn1JOQxohM@#yn*{T3f4DLa zm9yVXFn2JPkCIb8B+$o5t3H6}?<%vdL>c}=at*3|GRf7S@U7+7m59r~xfI(-{w7&= zH7xV*BGEREVUt|D62SR4mTnt~-(JRjJlgZWgrvK2)cAN^nb{{f5^W7 zRM|I5#k5hw8H!W}OZt{iA0tPlVmj5`2SDGOq-(!yRU|zMP{3CU(*_bV71IiG_#=gB zvfj$^PKvC_;1GW9%1@}|aZ?5RMFn|$yU8-8S523NCf{zxf})>hqDE)0&YQ*^e(sr% zu8&7oO%*C%xEenUF3(11ubb-BzH+sOmzU?4O?4_?xEklLUNx219|!R4+b!PMv+C5B zP6pquUbnch{FaO7LAP(Rys^@!nR*1nZ<-GCP2@wuuQ9Iq#jrio#~7jI z>wxK4tUme>i{4c10uW#+S%L{#edu#8waA@dn+^U@RTYI-eVxhGKpe$1O_xMfP$EOp zO#2EjCDRpi;IUoep!X3R&&?jWS}WklF84_?XY&`(#UN_gB@Q}MuZ1jM(V46emuZk9w{l#h#L)Wwius+f?B!XV>V-hcg2EbO1fZK(T&A?F0!sV z#}XdyQ*|8odj}Si&HNFgE^q1WEzfwd>=ld0@q!KU|1Y1tsNlaJ>_7kVkMsYV{QTn| zU9$T{WY(6<^!*OV>ql?M&Ke=09Yt!3`1`_H{xM^b6TnqHY@FCVrF!`v|2@Lct8D72 zIv_<*nPU->iG&eLA^@_B#D1_#vx0Xm6;X68=@gy`Eg8>x_KPoCE>~Qb%LE=(6K3+y zB!m``DluVGd|ruLOLRX{Q>IH|4>-o2>ZL_?z#81s-+=V2zt;!~ZPNYq*XV!z_vnjH z@S_?b5F!uBs<@qZ4Z{GBxJ9agtz-u#FV^VpI?)@FLgtVaCnGV-ikzm90SQWD%zerd z6Jg)eHI4;2JHH}xk?`9k0`~(I_}l~}En})MefB!8$>+B=QSh0K9Nh$wEL@Hy}MY1idJNmzmBzr9u2L zB}_4+8PMgU@j`wDvuoAf{#UBjUGU)3OuTi=wx0zsHuZB}?AEjk@HfhoAIR zog0_ew59?^hn7m3wntrByp$^?6|?P!gUk$^vN0 ztPc&&BN7FMFd@*LjJ+=$UPl|LSEB3Nw~^jMn&kuw0{N2^qe$4TV)84wGO!dGLmVA^ zueCbfsH~Aum~(mV4l^YfZThSmK9EP{No`|Ga}{I9mrR?w%WfDl#qe*<O zu0?+^UL#qxcD|-bv%fkNJWUuW_>+ToiRSCBqFWB6> zkS0qHzp_Wp6mP*Kcz#ki*uSQ~8I|9$Wo3A+ZFoTV`4F<`agnv`%x|%oAKSLx`?!ND zQ}pYvc3|ot!k=1}@&+vOj~R2T?P|mN>zk;h*u^Iq`Pw0No5uLap{-<+TaIlT9<{oU zb)&QF?4WTiy+6EPk>%;*F#rG9d)Mu@jb=e~|2=q$-mqs!^dccqlI?_Fk~OlVZP@(`$teCO|$r74^%&Ejl5b2eiGlmhmWHc{y5l-DKcCctoB6w}Mc2BlW zHJ8%OQdjCwsD!q)(%cN_*tHfAn69M(m3Vml;dD9GckjIXdV6LCm@}3@A@FlZuI!Cq(Re`QkY?uH`(H4@O)mM%4Qo)|#;J8vHDQah$p_r~l@ z?{B>|AJ3wzf0sqnHF)(Bnfap?>ZDHHEaReCH#Pvl=wP9hn9hQP@(57lss!&^D+czl7jHtE?D-AF-bz1`Y6mMGv)bk zyk@+)7S`bBODI!97&F9C>NjCenXEJ*hJzQCKNLNQ$6!3(s2yvEY_Q+SMw^(`X_ur* zCV=Zn7B`YAt|d`iQ<_*RNnBrsxQ_Jj5iqU@-YtQ0EBw|VR)Xnzkhz>_w;CB*oN*bC z9ADg#1je50x&;s~xoAsP3@N+rE5Q$xnU+XH#jAnuqymf<`(WlV|mO>@;TXJ_@^H|pH-n^V@@7CkJ zMPFI3!AS{0)G5b`3B0i&W z8Z^+&KO{u8D+Oo$6?0r_g!^-+zN7wV1vT3mDnAYy{C5wl9zmLAtG$1vg_I|)Gwpv` zzo5&1zCgENX?kC(SMa%=wbISrzo#fxi*_n{}0DyKoKoSJ{TExX=RZ ztKoa8;L>c2ON;oF`4)~Y_e5$`r;|9Omg zD`(m)7ysFJt-r+IHSYf_a&+C>|Euo*_jk4*_N({*``g=h_y0e~PpOJZZinmJ>tFr< z_I0ob{`lSn4XFY;*J5EniRa`fB{Yg+xX??jh zSC7@>%a|(O9eE4MNlnfGt!zXPt%3k1ffx(YY(0ghhEoi-b?h9a3P^)`5rA*6ls>J zggs7fyK~4zm-4hH8F~DgMeq(&`TWR?&L!sKar}Bf{0U2?dSbINVpB07zx=Aw5h;yn zJWmq0(8-Lxe#+8GF&&UcJ4ORc7!^!5JJ087s2l8Vs|IS)rI*`VX8e6V%WnFOokvT) z(bv60^@Z|VoF3f48_$!oazz(s5<9CV(SNvP5|5Y7;Tw2)$&>kv?I$#zohuMpwI3N5 zA|55|IUKk=(qt|QmXAd*TBLLqhdq6^p&YkmS`x@(QLwalY3Fc@-)`Npuh%-Z#+moG zmk@+yI-DU7^j3(26vlzumTA197Qh7}&ICk=L(0rgKuW zhW^T_8cM*_#9mNvflMMZmQOHuiU_A#&XQczoN1gEyutoRFDUUNUie+&2Y$!%!2AkM z7Wfoocnc=1I4ao8_q-NkC(UyTFvC;kEPT1e(|n}SAZc@$NPt#S9T_bwYVFw?^L4hODQf6pX3%F-d*;QYHEhdZ<3XVFJdx*;0t;&OWf8WO8XlQpO?`J}~BaC^e&G0piV7 z9v1~mmDsyLiS~0)GPQ_yI#za=I33!dU2n`%Q~Mf3R`2QhlXJQ(K}K^{Yg*VF!>n2% zO^YrK;J*>45qnJnozw}%7tr)dulx3OO9)geT;7*3CFT9^jIe^^Lj=xS@*9s+DJ7E* zc?%V0Xvm0PSw!Fy-;fT+HG)cM=^mzUFKogX9fzjh3_HydI_?b0q}O2s<*ySTiMbSQI|42s3qZ{iY?Ai~H|C+fe>D{awTVV-Egy z^FMF*A3m=6e|C5KcmAKx@l&=2eYQ8r|6Br$TS@?J=A&Z#Ff7r8N7a%%n_W;b}U7M=dBrjGfamZ&GPg#n>IW^IW##OuUl-)wj zO~<1;Sq7y*Fwdk=6JeHVq8EUj(BBh~b1BtJ-5}*x9?i0fC04fTN-8o7#B@_x2J6jc zP-iRZjTW%1hJm1NL>jVyoTDib4d5xeGDdL03Tv$E{nz;*0qqK zd0evP4R1N>RYQ__EG1~36aQQ7oBH0DEkOh3V<}fEF*2jEVoMN4ji6SFjU5h$9?<~r zRRfJ$5y%pA--$rnCGXx5a*w3knKg9vc>YnJxvy7R{n|ZSr|naGj%=V=0b1_)#NUIB z_0^LnKJlO6lg@fGLvmoKfIbp=3=VzVe6W&Q*5Ve;KW1vt_$2R+a=iV?syF?X_gIY5pqZwjXgn4xZqibkhkRbIWO3|cNj`zZixg~ zwheYbwUL^-Cj7SDDH57Mmm_oP?QV75qvfZ#S)>5vR8XBp26bz?}5boAtzr~5u*MIMLbobx2`)Kl3sbD1yqs3I8%GuLrQhkiD)(4~E)GWXw&OF@;94PqyG-WBk1?rvp2o=Dn;fE_> za_B`YOlYoD8P$EPZnil9p>#Z_aEKK4$k6wPz@&$1oD5}0PftPLxq~#`tO&@_7zRz6 z;LS8Nx5}X4z8BI2?vbsrlCE5GDy6B$F97O|m}k&LB^~GUBAXY%^>3E_DHpYHECpN| z=~58AT=*-4>%XEd@Ea3}z!0M%au%jv#tEmml-6}W<)%;Xv)+5jHxnFK}bTAJ$#>fK-F=X*ugMvc4mm z>X%KIs@6YaNj%KC{!1Tg>Am8$#BXA#m9};6NPzj3TU9w5@sFN711h2D!%502U0m)( ze1q5h`=4Qd=rj(kO-*l?@1lsv0-3%YRjA@+6|KEhpuBo(9zi$5KM=RNl zIzhjx6X<2sHG*nW_F6H22?gl+WJ@CEJ)%A=MkR;?5c>Ph)^U$FLF#-}o zgyV>jgb6{yWS(9u(5?g36t;u@wwBsyN~XA2TkcMmRFH%jF5e8l8{%DBXLTDU;z+~8 zqYkFbEz!+4ZyK~i=T50Uf(q_8?ue@EQyy-|Db-^UsSO&O8P@19uAzUi?FM@g+W2U-rX~S++|( zI_;mVE!AmoJv?nSRjjsDq?0&(9mMG*XF}A>74Vj*w~aOn(rmLhcOw6BOwG8Urm6Nw z*b#|}l;LACRNpIGoKWY~o(>ZPGAu2i(go&Wrf+dE8amNoIniJpT+`zRAF6OP`zA!0rfMNS^6 z6{_|J&zG638brcjyMtwnT|9oJQP zo=Vvby#gfxKFe9iBCvPTH1gmA1Wj4UKD?JQwlj-?;))jj3t87X=@2Gva0@fG6ZM zVIpMZT2t=P)Do8I-nAF@RtvsyB0w5G-k_#e@K-0NXh2~73Mum()WM+%=aAipIy&(f z;u_-u$0+i78tPb1AOV>q{+19Z6;oe-j#F<~pHc8YqAs|ioiV7?kJb25mr&vhK4Vu? zT1Y89;xnJ@0_~?^!E%+ZL!yaPsvsW=xDhkFlMUuVjY9xIPG_OjbTOsd4<8Yrz|Pk_ zyc@GrNk_D*EX*W?7`C-&&iT;Vyq*DKSWZtmYzQ42n&&v0`sQAi>0}~)JKeeo*{TFO zE(?b;P+1}zgn+l=S{=#5U5DtjvPawRV@M9P*nD8=fj02u%mH@f+fI-zia8i)1Hz0d z^^YP9cBqHuD%ppZ4-7Q=Wc%R`@ta{!y{tnTyy)D3K$`C=4ZYCULYHAo z`8$Q3h8^TO(USL_flDJdZ^9ZgZSGheyuOKR3|#M29@LE(_5G$dmG5m;uM_It4QSOs z8_HP?&DWh{ZQI1A^*2qj(>TGmB;i*qCvTAumw`Y&jAv&^^!=XS7*f~30WHO=aY3`P zb}rb}Ebzm7iOKQUi8P|Ab05LPAE(RtrMHS-l40}wKZ0jQ@gy!P{1QU0ZjE0O#V z>RH+6^0l_j5E$(BF7_pYzVx{SH9 zmcNib`-FvbE?8-=F{tK}k(c#Mi^{GGSxso+HMKBD2&n@x#UXkA5^c2;BVj^? zAYvX)2^HRtm=y7cGdL6s0Lqz|Cz4Elc&~Y_T%K!cB!K^Qxfp5BW4_ zW1h1v{`1588C^)a98$rA&9er(R_X1fj737_d9gxH$=a#HY(Bi_dD$TC`WH-5l66F) zDp0jbMb(Du2}adkt7W5VkH4jORM)U_HkLE0#%C{tA$*CY?AQH_9g3&VFz ze8CbatJe8W&{|W_s&D%jCu?0p*lHy+A180EN0e?Za;+v`A0c(ELFxV?f)`egsY_oi zNtCq|=88if-e;Gg6=dwq!lfcn%Ljr7Lo}U0=rOJYWtAGw{uCnAhxeaQhH4asq?F;v zv@7HxPsu}MsXRokAr5(Pf~(~rvX(gH!RR0keRz-Z5Lk~2P9n*xXOhXNW2KigP9UUW ztoBaB(b^(V8xXaMLTw$Ia$~RCx17NH1`^I_9w*W53pNHTOHcJ-2_-pHTYQYrlU;_U zK|~As{N?_qm5M&RUuCgsqhoeVJ?ZM?*0Dsjj(!`mk_O3-PW;fY>(>}>`>!Q@wI6t+ z5Jvna)K{Wb8MFPy)cl`H>{?0M%HJ(dwOsh@I^?Sn0@sp>u0vW~crpnw?FUpnwYGUx z;JMPT3hhk`s&uia=I&^2>o?f;G>XVWvLXMcJniOLbs9ha%su`YeciIvxX)rfDv5yg zc~y4Pu#@LBN5TX6>|l%UF4<2M$T!W;pQrKfbLNv>cO_XKr^T4~|4pJ@1JSh%tvZ`F z0kkH6wwBUpumiTX{qWvPSNQ8nhCx>b>3(>BbEn*g_ro=o5#n+W zMY8tQwhCqKU8`ZaPYOKQfBq$+aG6b zyDq7`x!vtLM77f_9)09@mI$05VU08N;l}2;rfIc=&#V@omG|3CsUMnv|wYT1)b4JnP_YlCeLeN{^WSCrSuYv`~qdi>z7}$ z3j&%1hO1NyX=-X0Y|&K&)@5X>h>^MaR~LpWl~`I@>5?XuHzgq&{-^I-3Hssf44d$D z!gBqG8v9XYY>56oMT_6yI~2)pB#bZPxlZ3QkFB#P~z53eh`x%MMsv2)qzi|1j)Y{c?SKhSngi5Oh4$<)aB~2`)tBW0v zcGi;>cD7b?`R%PWyk!0U7wha=M&6pHbql(LGjA(}mU5pqUk+-b-qmcdP|~e6+WVu- z#0`?`wXDS34|l49`zkSY{qc7i$6qFxu0Qr}6@Ko9<( zUxpK&JGbninvVdxFk7;TcOo$w-S{$Y(R2_J9))`awU~?m5-9bDaU!Zil<_ z^#>v(nV3;=a!*HMx zpQn*FGhu=))C@BkGRbn_Vz1n0%=?Zp(d3+y8G|x5v2dZP8l8l;lBPRz!8Jqv3T@V}FBWu03B)-QMIMI*i+Y*J zpnA}Vu~fn>n)=7MV6%ykzfi0ko*n^z0;EV$AdB<2MaTm<+f$yf z-V;FDy$}i`?qh}(B3L0Qm(Xjq`Dsp{?CqNzH|X3jIZAXKR~d&et4Ra}7_kl$q$*SN zks0c!sf&YL8NGPLUKcEtC@wa$ob}XFHtlKBXcnijDDYF8f)#TRbl`0uB=(CikF&yV zewOpgSfMi&Lef7lGQ$2qA|I|Rqzh(Oi$~81+$)LGf=zTndt5cf+0iiMb8R+IjvX88 zAEzE^sj#Gsx)gG{na#{O)~*~ebb&-FkT1oOv2i-_h-xI^*o6^_hy9f>O>2|Psl*@I zHHEM}Eae~}2rFhusHtxR5lpH#1xpsNC;fn^+97*5E)qgb2?@<&lTqff505V5G#XTT z=^WXRHqIvLD{+J#f=h40(ozFB?E&%MydlSX&koO?@9iIwckg_1?^M-1t-P@(ZV^lp z0d&`83167KP}C6CDRE}W>hci{13E9JJdgiCdU5eJWc(|wTaMDW+NEpF=ZWSFJ^9ri zb3V_+fc)b7zj~Tcsw0w5b>(UO@{;8vcp*8y-!-+ryTnIaR4vP^eG;b;N+P$gXf@ak z*3J`l%Er2_Uj34ftCp1wU-20+AN|I{!t8P@n63oNWk6|n`7ZO;tz_OBR^;j5_(+w( z_lKqXW=f-q)3G4oxx%k zjt@&0>_-}|Cu0hO3`Mcum; z5MbI&fWvQCQ3-~sMk#4&+O*BX!1Lr(&YzxD*uPvUcn(-H?umFJ<)!^S60*FIKtT%@ zc-|521-oQvp-Q^wjn%`MJ9ecVq$G;RAT$?bM$?q#z>K}|JjGn$I{ds;RZeU)hpH_=hP{}<5GNy^p z96*%F`7zM(*#dD(z0=De_sE%6I|`1N*eK{hF{~NCWF!VmnG4p=8x%>RfgxP_sdbK( zXZ7sov;Xn*)#=H}`K#x9XJYSlnV(Lvs>SW zH*W}=WyQi2-zXAshH!8Ev3h?bIXC^&`sA)(Yvfk!FttG%xt?-afsCOk!1i(qAQb14 zJ6ciQJnsO}w(?F>*+C7xakDi4G}e@0L`59#&5Nlv``+JR;gl2qiF`rsZ}5zzLL?CB zN_tcFnrv@%1})Eh@)mr~k9NshLW-R9BJ$P$Ouy>X&gM*&z_oTA%;v7OtdQq96B!5T zRP9QARRt3c#l9n1e@&8QU|=BO)MdlXka{D+Rt3PeG?&fTs}a5CgI?i*Msc{DT~dTo zG%T8WeP9_?Ffg_TT~;)jY=JmHArLcw3cONBst3TQ*vH908;@ax+MH_nEcH$}8Qt5O z=<{--c+lUZ8=R^w;&i*Ak2?JJcjMb=3Ih?kB8nyOLVVS1o2B5Y#^n=2$*0eC9 zML6BO?0cw)|0f@LuGwH&{CQKRsmi&PJ?_q#-#5Eb%8~EXuD)LJ>dJTZDZ21iEv--~ z=OD?8uWSEKIlu4+#CHs$e!WHSip7&@;bXf0##8u>kDljD4e=8+uT}*p4~cf7UIy0Y zwMRaHUdl8snPtX8xug*dFZg);G@ix9fJkYu|t6=*p zSG<#Ss%3=jwh(P`1)8Vjs;) z^>=#4GGcgSbqVER%xTv5-eH#gZL(@|W?A@kMd_DB*|$0?l>cpQXNB^eH#jS>qB&^& zPz_VvBNVDj6s-19sFv14`q4fL@JT_Enwb>n9V5IGeu2^$e%4#!X}GS-L-{ehPvG+S zvQ7Uec9Y_YTj0<~S|oyunB29Hr%{YK@9wPhe^Zm!ot6H}veGMZ?^x+uN;WljyE6~| z`Q}0QEbh#M{}Sdwy}SDCzj*T?7lpFe-P}CLMS*g}t(ynAD6st(Y93s5+~m$YcxN8G zUGw0bkx&2bjC_AHBj3%;aZYN98(6Y7ACU8tgOdR{hf5+;sx2JUgszY)cy&Y~o)%cv zpx`9J3l@PZsD5%Ama|!eT+Bx-ERymi31{c^VXkSQa&1woOjJhys9F1Lbc9k%Z4^&A zK1T)Rym>=(QjB-+;Nqu_&~XEI+TwOrOh&RoJCCIrkp-P*oyf87R_epAFw>S>Z@Wqj z`@N};q>OT|AuY(a-yWX)K;D|8rdgIONN-Gf-W#W^ds9;tt8Cliu~zO`=-_p^cn{U( zlZ^g8XC)!o5n=Q`R7K4ygEPQ~V>n1Uj#(197@~ARr97wxh7!5L+J-HTij8cn)>@$0 zApt2v`QgbA?w{+xQ;~=-4VLZ~i8z^qzr!)b*Bu{z`E;xueiN}&W9WpXxuB%S=SWYS z;orRrF4%%>Z|#0l@Nb*%j$YiBgcBY}eeoC+4Hyh`+gi{G9_aVG6f# zdJ$a+vh(QS7U|{eclNpvnj^Ij#i&QqRuniqtR3zn+O_3Hi>_-<%X@W)f%_noY@>_KD_7pwR-WHYn zv$~WP*RZ)8X#mL;yMF@?e z^6UM7p8RxN?(pK^=={}Br$^_9rRN8G`>#%39-f{a9h6`EaPrgf;c4m7+2Q$*M+enM zFDj3Y56@pcIXXUgb#{3A@@T(2>ek9T%UD_16$bu{sSHlQO*GlS;}jf$>r0g%;WMoCYLYOuyzU}{7tjmH)r^67;#kzgZl+9 zXi_cpB3lM<3{Fd2-&yWMdYmrOm*udMlh-F!)04W51ktx>T;fnUETw)VEW~ zwp*=L)AB`U_KgF8FL^!^MNYP=Rqkrrp?XHK2x%TUT`L{ky=@&uP0YkFnql86ycF{p zfWbTs-3@h)qhH;W+~hM3XPA>;bhFo}W;rSM zb;u@F)FAL;MYEtJFT5Yeg|WdoWnE%0+nGE{U0h1a3nVwOAf9>oQ55gvDllLk+t*l> zhKa`aYDEn#Dg_d-;W-n~$@E?G@Yg zI|^a24nYM)^telyg!&wA8vd~gr@TAc(>lLv*ngDLbKCjOzSMEBuf%9N%#me6vXMIOLCUbBEDoKqs7#D zPSeP{M^ZLH3bKJV1)VVA-#Y<0NfV51$#6N`oCvcL-t&R(4rJZIiLvX7B7FZa(# z6z9SVCULO||HbKh!RU{C6aK3oOedT2Kl)E`nQq#FMl`&bXJ{t&9t7el^Bx2vdf`0? zidp78_iuXz&X_8;(@HqGyptgeHm3a010u;8m;xCYAWyg+e2aEInFupp6L87 zv``-m$PX%maW>C0E|{>pY7ShVk*`MaVJU)a#2xI)uUOudEQp1LoJ5@Bzq?QufzC10 zyBY;w!4BkPMpHV$QqO!$#5|m;iFGCGh2@VhkTs_;w!1S|v4kd`lZ`m;;PHrQ3}KAp zcw8(b*Ob}^*?741-#R8v6gOTEG%w(4HAGxXsa)t0;|>|Il#Sysrb&5pXP)-Rf97+a zZ15cZmHQp{)M*NPav4W+IaW?w_)r6|*DMcX0dfY*XR*MmEC6S^zE~{kpmqk~0zTwN zsX|%?nK@K#r5P3=Ko=+|S#gN>|MdZ*old?U%?q%G!fjTpfFSs|xRT(d;uAt1v97^A z7)XcvL4&Twe^hZW;kT45?9@-7SW12BG+p2`bee!GBIh$QV^ZylL#h#^$Z0C9E+#=) zK1oakCQ5L7V7P91f%?{ed6^-fWwAsk4wF;Mv_&II3wEhj$Wx`2fdGlPJ7ZByvDk-Q z_D?*&s1b!Lo?pO>feuMXvnUX!dKm@*aO>2vK-H#~G)_R1wCqX&OIK1;34rK}9xVtp zbU{TQ$T6l#;@5;8@t&Sjzam2lYnd*92-{bnGr1 zusps*`B-j<@T(9YztOx0YV~R)+yhg+O1l9hDn{}f68dvKLs}(21;-_EK{>??Fj2X*WvXCmq1#H|XP619* zs1mFWJx&Xjk7)=@qU-QTv#GU7!36+5wxJnR0xYKu>YdFloc7;<$i;w&YZ}M#tDYQf#=R)SwyVKW6gayr_brM=I2S^D-{Tq3OC?7B z1QgG*CiYryLV2zB=1eNGIGppjNET#9^9xD(aw{Eak&B6VlIogA@{C|(8zE5=EB}}m zgc2851HX>K75UmMTVvo#k;mOYNgrpGkJ^fhISUz3^3kI79gBp5{XS=Dk;u=6JkNM; zl0iD?hlFT5AU{g6N`7|VEMH4j&hUoDye)h$JDS1xj%s7yQiU zgh~l7W5t{%8vL$!oVG_Tc12d{AsMdKIlURZU|q~BBBeY% zA<(1wc#L5Xf+a~;{TDNk;=vd?paf+l6#|*jD}x()a7Oy8G|LjHZt^r);4VwrrKT1p zG@fbGh_krS0taz-*U-(Bg-i&V$AF#VJWeO3Vsfl`pNse#qC;q+F86@~I2*;OTURyC zs~z-$bcRv@z=A6wuRJ;Ri7R;&n%6_(%7Y`3Vk3*<`K*g@Bqf@-nA-H= zWwjYucnc-#I%R_8hFH*2m8jjYeM`Frp3$p1xYD^O$VARpP7n2soP}`~GfA{u(bs5) z@>g3Z1^!UgB>n+xRDW~id=m{fR+N@{6aj)D7 zqJ>2_wKg+CTI$N(@AO$T6b2ozl-?R~`l$Gni8jQ0lk%ZQ^= zCed~R>YZdGFf}pHST0zk5{5`LaE?TM2&D@&kQU6UM3bB$;4c)0fJVk%v(O>&KzPlD zFM6_ z`O)DSIXQLR@+Uu#z2l$Be;pkkbP0>m1N=J6C}Q;;Z}h{ zl-EftACvQ=^QVVha(r^!J39X1^yv7W-epax?x{lVmGK;YH zbwHk)EtQ>~#+Vvp5s)Lvc~#kYIS(8ow?0p9Uu{6OkiVjnywBYk8^ z3?Eh&0XSMZqm!}?U-s4^0X8@Qf_bfxEl$HYl7cO|5~KiwHr<#edQeTF?Im2Aqt9G& zal@W z=`1!r-Iv-X?nPgpU$sg#x){Q<5Di z`J$^O7Qm#Geie(7yN3njpZrQ{La0ib4TJr32Da;ih?X>Qydg&BR&Eh6;;P4zkXkYd z^94!AdQmJzx0WIY43te+>P+z%>9a(5#CO=6vDur5jaeFDk10>02GcpsXF!RxaBX(c zqVqh@t+z~Bj;RnVhum^#MD5n?#-oK2Htd2RotoWKBg|hp(CCPbW-bW8hsOt!uQr9j z!TY`E&kv6ej{fg~JVLM*K$cf0;P0um$iq~wj4z20a=vDVt_q_lTNAWc&EtgSm@W#n zxvtgZ)%AXsh6xu)^hY@jFIXXn|I4qwRZ0+9gvL!o_=NG1sojJ zga3PnfVK{5s;a;?Vs;)%J8;;xuUmHiLzEv}$ML>RHgeHQMoMCHaC)HFO z+9KQtRZa-6a7r;V)67`AR^8l|cn4Iw1|bUpqz+&aku=zsyrS&+RKYKDnv9Cr_~X^i zX}_y6&sZY|&BJMYsVSv(CjPQmEEd0#UvwFyikJ0QX#TV{z|`nPPCzKxkPS@CW#=Dq z2(6DuLV)Z`-X-P;bfpvyWE zdYkN_V$M9*N?F=3J-t|z8nj8^A1Quo!5g;ijIq)bG?1G+N(oITb2?#U!Y^5#RwMhA zwZzKnqQ0)+3k;P1oBmeC|DPW29XvY>X3wNs7%-`;(E7yth`e)ovK z`^c})AjCR zYo)=ITb_6C9yv-2V}A4`N1kw+tZ|#rUS=q`HOT5@yinlPB&jr0*KYe#-ZC`X%)#d` z*Kn!s0X45h%1}ZI%*cO0=uk?Qu4ILlK}Jy%pM$!6?;hEQ2_LY6#)lE~UU$=i+Sh^PB;j5^=%g$61x$%>FFH?P+Z)Yzl9sX*)FySm3;C$sM;0yU>oY0B*RX6?R#p%;u@k90^?*Hls+d;ptWN|2h zIUr_2#_l$NTY@x!^rsB$sgYhD=qj(XgxXLSQzTh0_DsbNV3kc(V0Z}0Q05fEGgJ__ zgdA;EP{mcz6fqA&Cd7E2B#WRtrVgi-qpIZ$ONWMu(;!vOuphh*UJu<6Ty+9!&=*o@ zwClDj0fip4PzB!xix^=L-){Sn3T3 zS85Mbu_<-ON!|6tAeqtZRhaO3^eUqlW}sL{Rp?zpEnW^_9HnaB&h2YdZzPAgB!r!u${QON(MN*5V1Q&rr=>V+(otPhpNOO`Lt*Hmy@ z6D;Jp;y*}|_uWe{K!8mWo$~z{j3Lri(m|I zg#5a34_BPTf556c9o)5hp+$hdVjla2!mUCrm2*HM2HXX+Y(2t zm35zH8CJjak%75|KTUm9=b09I4&ac_!YPa9QmC=n%ArEgh!r#_*E6DdXbbl746ASr z$dQe|sMaWl3_9oxhd9>sk{T*vhYj}&(1Bd^3o}96wWfD7&S4^V+ z^^!?EUOETdg-f2yXKX*A@$6gy>#7Yww?o37L-vCK@h8b#6f7T$UbIN*EDn3xt_h~& zmU&5ZLc{z^JBM5R_Kmj8o?GM0``fjW0YLCj_c>GcBX1wsZb(z2GqNTNOEns39tb^A zv(`q3-yk6DgLJv*|d6O>`dH=9JH<7JLhDuoImm6uSd}}B+Rdm8u zE|E^+^z|tlx2?azG%EY;a*M)Y1U9a~bB=Hsr&(nHXiO)xdh)B7gdPF0L{bKxN=eGF z3i;kr@YLz$e{!;1$1QSH5-~smD@z?j6fBdlAw@rg3~+fFpu%eebD@hYwWfC0kvvV~ z&saWT+W7!L8_|NIq+L|gnd%(UY6e~68laR5BjQDu{Gb2*{|5i(fB%2oQgi zIC|@l76GG!)%7>{0;h$?359CE%Bufes5=iC+4pKL!RynTkRYhj>P4l4P6hdUO%A2X zjRY`8`eSy`(-ev5db5<0Ni%w3&=`Ml_@UY)WeE1%44rY;!)_}j22!jrubKM`2qdoc zwrZ3~-CcMtr?#xw=H984Ij(o)JjJG)yC?btcyYwFX>qngzdxxju)+`5x%(m)qWyWl zP1kaA4UxGFYCSMcv%CPjm`%})IQm?=(X^mo(-j_E<<0zMdSQ{3MCAi6qM;E$MsbCT zHj-;mYd&A2bmcRNNU&ARe%2(0-IPo4S(P>X(C$~e+Pt+Rs@!a@=cJ{_SkdPhjjkR) z!6}9zN8j!blbVqPlgVmstd4$A{A|E=#1NqsWLXB|21`f!0}%M3cWTStoetBJbV{uD zXBdjd5w9C3jOr&rH(qu(;2l)amHr+~DJZM8u!Z>M(6m|$X~=vl{64d&s*jO-80W+LQPf@a`vwy(kn|m6;-6N@ z*{*Ap*Mt?Rpc-}z%wb;4HTOrISR9AnQ-)Wh3`0U&SGYJ9#WtqgJ-tvaAM4pkivpGM zq8y4(6LudJHB&1#1#&p?iOPdtK~kvun4gVs6c2M56EH&JG=*u7H=c~+NiaR?3VC&U zsi_cM!`Rz&-AJ=ci3;7bmtKh`UB`A0A{UljhQalMlNACx3b7)>?syBtg6kjUZA8rM zqi})W>`D^esr`guyV|+r`sE#Gc|c_|=JtUD;PZYZOHjqBoj1o%3}6h8HnKjhyH*j2 zi|;$RuP~qP>*$2(%y!l)9&J18`qlS}Vpc<9>AGaI_uaQ})X;G z0ox%s?Kv;?GQg`_LCUEp`d^furO>(3d&*$uw=QnD!AgKvp0Q$*k;+^!=7n?3M1Ys5 zp~Y7X!_@X2li-?KS%+o96$Pi|4z2Hl?b^zNItGobY*fp<=)@r{ z6;yh?aw9cL#aU`wL-X~R+`=Z7R21m${>jvTI&QIA;dAIE_uRw%=jvLoX(tNlc}%#_ zex%iU|D*Pjg2^KD4TsMX%fwOrxk;Rhm)S%YXl8}7cGZp*A_NR2$~u+kA6T?|E`;Q zIS^eE>SIfJYKjV53cGDjbqoBX$cC~P`irx24u>UKR0%EFj51C5vZApjg=Pr~u3K`w zkM~^5W!>`vsZCbnJR8~Vwg>$Sc=Dr!@uU5{mgykl6WLM^%FdL_B;y+e*^k;>p{wtZ zT@6AsqtDiY8WV;@I%qu+$&++4azLBOQc&$RA|tmSr{$3-B7w>p9JE!yGnkazRTAIjh_2OJoCfvrv3U(|s8zwTP zz#9QADs~8vOy}`m(k*3!HBqLOAk`X&|3P?2*MwI#f$F|(GG~_>IDOMKCvq+oI_S%- z8%#n>Z1pJd(?8y=7tjzBHKlv@C|lT{0b4|a*|c;lqs(4N@(t#?JvKvO>}u&yL7?Xg zz0iA!*cYvARJ9CcAdEVq`IbV*vV5>u-2cGO)cB4Yks@_u>CC zZ7~2*NqX4Hcb!*2EAZ^pMC!u?<%-DB`wYR2WG&Z*O&3jt@lj_%pkMtXvgn-k!>rg z4b~N^Fur_41M>W@w$Lf;=_R_V8?#HJDO)lpmqJ#889@ys7MtpX+GZ02cp8X}QPe|1 zR-nwyItIvF1CrN~$ag_}->%{-Bz{+qlp**N{6rrD*!s3Y|5Wfo)Ov($RBi+$euh)Z zS32#z3vwFz;3xD8o2wK0JngFXJ5;j17M_J~nb;86w`tRte7zg+V%%aI)1#vkMLkX* zmrjlsc~-7*WV15jWtj*Yo!+*cH(AiBDFdd#I6xjZqY97LEuqO{WaE0dYfypeMwZ~O z{BqGMaoF~pKQl$Wqh8(x_A~%DM%Wu=e(rS+kxpkDS%%bk z*fgh=ZVRY_9s1%&9;E)|8i;!8HwX7gu_l13GsXRkkGQYkmHv3k2f^S-j@58${dzQev>8W)q?F%namZw@|24kYh`j+vPlNv z|3HuEjyW2?6jqe9=Cfh*H^C7?x0p56QC@Z=a3O&=)cI&XZ=bV!7O!$X9Ed?uAEd9` z&VuZ|%fzP3p7FjH$wOc4`%_%g8Puw1vpxOYF(xbGVE{o0{S{p^a}``Jb5s>m>1v;b z;ZA~uQ(d$<;S`n1GIQm%`7vD;vc^Zwr#XYzHO zAW7HP{J??g?XR&`1qqWWRoI@L=dla^4955H-fPZL&aFS(hCZEp4do4gQux^#4Qi~% zEW~}9C5L?vkQP92%W@}!O;k_k;uY*D6<;!Lz|+)F^X?}df3Al3gv(>u2BdM6E-Aq8B9}qG#_*4ut-9rB_#BxLR4pm z@3hRC%>+Ww&Ut#Y+>Qht!nWAIiWFr00*j?svo6f^tH3f}l~qhDW5O3xto|Um2@d$V zHsd6?L#e)U;RD5t3E!z-3$ydt{l|!hRTM2lt@yFpuH5s4TsR3PN@m(|E zBFekFNmUh4!0q8Ho_CF0x{6|r2fTqVY&H%>UJ5e?$z6ga}*Y;apj zQWVcm)-P8^pWwF*d*@=p-+1|7{jO3f2djSs7`X>gVv_ftjp$z|n4|_n(zgp3C32~+ z4@raeQTKCLN?^Vqy5H0F$hbsWFdqg*au3D_;=q}q4*)*vYgTaJf%W37yRyI2#PtVB zcPUx&&2J~}*>n-xOB6+hk(K)fHu--K?f6>v1B8zn9l}GeHzBDRfEiVv{w=8o>;daC zf;;aE180qigJdzFk}HQUk!W79V0-&>hSB#~MV+BMHH9T|q5K>5Bs{;9rt*0P^<5^0 z;BV?8!rH}?pb|BGXYNrwRW{3+T-q4xuOv|tOJi`X`&cnZ&ahncx_Z-2?IQ!^0((_T z(9-F-%IWOsM$8lfL(AHUR!TRwr2K0L=#nA}!>+TpHTc-Px}|VcRa9)q4KV`z`@lb3 z)e7IH@xZAPcLp`iylwH~$|WQ-KLy1XrdV#(trlhvlIYM4Ocf3pb%UBH%JadcYe;0 z_)g!0B;PV!h7_&$B=9D=Mm6A=`shH4Z>jDK-?sFq{=4B8jPr=j{tJOMzCmFLB4{7{ zQ^=BqCkiz7D1-}p9d!YzXl)jRdQ{qq@^K%&#uiFV%-^6Fp~!zB+$L<)WL@b^5&k}d z1hArP5#t?enjij0Z4nHYZPK;GvGMunL*^r_LD!dQe>yJD z8$m~3UuAVt)^&xmxmHp< z;uD!Df=zYfiIp`|X=OQ|0&5V}M>q?@w8$hv&1C>hbtyriWFNGO&dP-Qu4VRX2Du?p zfBm0gL7@DE(&i>2+!FqQps8ue;L0kQ!bgQ!uhkNyRWyA{-|=3DWUdCWr|dwA?r>0L z+O^VFMPGq=uT@ew(_i{dYAypRk8)2R;@#Yey>NI@XhPCG^j2Y!oiw#PX`K-}23H^6 z!NtNR>1qO`$ECiIj<$-_36kUrHAkb9D+7VPe2Clr*~ za}9ZuZ$mRWWsHmm`N=PCF2^L}I7ZmE|5Hz6TK{sga=DLg)=;IJ&T21B6CY)&@!1nZ zC;p#y+Hqhy$x?F~ZB{H-nr3apQLg8=2X*f<hlR4DPupwf z>lt~K+A-He<=yg>8AdX78oDa=o_x;BCU&yOLBYtetC@%8p#dcIrBF0BgoBjt zctq5<{t1I=074#W)gPw2a=-50(cka~Ufgxq2NSZBNOrdgfwRJ}-LIQnctUN4$2>`e z>0~WrP**+p#vJ1czY+jmFm57gIk~&h#&XP-AcYy^8%gA23V}^(saCV4SwvG8A>q|e zULHhaG)rO^lcE;tmwsDaz-O8DL|FO7y^HEk=;T}g(tnzWRL)&3!nfQIrq_mro15x; z?Hm+u#bydeC(+eYkmP#eMfVBf2AsiewLnF)MdJ3pjR>`cH_`8C#ttXp)z!CskHP1# zO|RGLV=rHsPSXP65FfO7%E^Vp#9yIcp`3@7aWZ@*|aOByXDLWzZLZ`p@j<*808xkZYyC z!;FVc%UVtIz}gQ`S@Ywkp9LEZP8WQbW_Oj#Ur7Z6)@~gCkY@ko!5FrIE;t`4%WS}# zmW<`f;&eh7;SoL)Z1`3IW&hd!R>nbmWoRdh;u#m!`5TQ0`Vz4x{#`^)Xn)LZ`+Tc zKzH*X?CxyFQ=dh@*A14JjeuE>9mvE){}3i*`vD}}=MyYfv!eI5{0?a(eGjN1kuXvD$c@Ro#Xl!KR216YGXTI#yQjUqFi+0e;~S6Q;M5*5=zk-(qYG zIC87;#^(jAVl3@rEDUf4nt8&`Jnn95uUR{|MbMGoSH6ZD0AE0j&xaTgQT{hlK<(zV zendbx5HxIZCfLLHFo^PUAsW!AIRH5udj0eQA$tH_Z1Br|Z5JpsKVAc$C*(b@CL50* zFt_W>p<`=utST{Io_iY$F?3@=-h}gR5`%7rYa!o+D%K&Pbq++hV#oI?Xn~i)5{oCT zRQ}FnzPZG&9nbz3n};`_Aa4lBv@{UL$SnlItBY>$de6H_9bJoqwD)10kHtGl7yPsy zZ5b0uAr2r2rT;Z0M7+K-!p(28L-qzf!hD2mTWd;w20vmt2M>kaAa};ktX~vH^=E`1 zJs)eM6S(r(I=z;U(Inv+QMN1#-7nQIuJ-(sXU%bS%`JY>IDfR`x{t_kiWxHm2#KydfqY22*|1PQ?jkl^kTq;Yo%!QI{6t$Ceu z_Rc;h+2{Ue-}mml|9#`YsL`ENG1ruDeydikS#>vYw*bI+At5aRfP;er=)-;icZ&c< zaTjwF06Q6mX4VdXyJ>(Z0P+6)2lo*WAKZU{ zgoucQf{BWPjEsVVj`0u^ABT_t9|s?gh?M3j5eXFu9zHoUITbA(10w_B6BafWdR7{G z2Kw(p;1H3JP>@luQBkq!iSdc)|MJgW695wlE(Bf<9*!Jv4-*a^6Yj1JKn4K7-G|xs z-Mrs^;O@aA+<$)AM5FJ;RlZu3=qj} zv02|nq#{v>lr-Zg4jxdl8QS?Equ}D<6A)5S)6mk@8IaVIGPAOCa`Q^d${`h% zRn;{ut!?ccon75ML&GDZW8)K(Q;SQ>E30ek8=G5)N5?0pXXh7}SKsY|1Hk{?tRI&B zWEUpPu6qaw@CbAi1UQ5?MkYQ+~?WiRZDt&?Y6j10?H6LT_pA z0CZ}>hhMnW=WhA?nG7uj!d~40{F)c<0GFpD;Qb-+p#!*O z;ouH%bF~FL-vnON99ksxOz&0>OuHUTUl!o?C7z|Zm+a8bX$8EviaM<+IAi%QbtI{) zxTadEfI28$%Bl7FRZ=Y1BrTN}cmU7(Q7qiXr<^?BF3Z#O_J6MT-cEX+EUI{bZ9zbMwAbvM=jeQIN@#k-s93Wj)%e1c2FE?+YV>uHyZp~CO#fN__y+}*+xURv>-N){ z?D9LnKl=l?XyXEgdODI_pCsStxInPMCW|-FgR5DkDeymaksVa=1MdKWHDR|`@=)eF z%^+Zz4HWF+X_dPR{O7)~pIoTRBu+M21qRj$Rw|z*|J3;_25{5Dc4mOdb7We1|DJi0 zXI5nW`{;$E0@*(s|0m9E&q=@LLSH`*7~4u3{>AqjKjFu5X++^~-fP`F+T9M^7(;4wXb}f>xI+8t+Z9aGXmdg!I&T+}gFI{Nz)|RZZZHt0md# z@*Mz@mKW!hY@fGY%24N*pA!6^0c{g?!!w%h zzcQ_BURgF(v{?wUa(+b%lMJRVUsC^n4T=@b ztmNCzUT2M#kh%%D<3h?~3Lb)mr9`8w+lrwhaK+^GZ8X=VGuDo4&4Dl3^X2TSJZOKb zR=gJKwo0+l*d5@%NUh?(B>>BR5RLaA?)ZM!`e#u8_h;$C{)ZRCa);WLn45#z9iUN- zn-hhE^(_1=wSJY&#s|RVYt=hIk?kFTv*?ZLgAjVw1ZRnITMilp@uV_wY_)f8!s6Jk z;QmU}@S?s0M98S!0g4G4Pc#Z&^c|9yU8t#wDSjPO0;If-`f{iyzpR_lyJ-3?&T%Ks zDih?6c-8BwDo)TL#nbMV{eGxlW)LD^*yE^r$Q6Mt_V%5GcJ+;f{hqk1^_gla?9PV= zJYQ{W3EL?Yg?cc9_j|#9o;sQexm3)ST8G=0NsQDBaV5JoJC8i*3frA2D;1bN@H3GM zJ*8x}$Cv-4zr62mSPB8z9g&f2@UqJiPRbKw^`t$I1$81+>T(7f)+Jvvz$P!rsL9ty z^NW)Ic*$x5pLfoY?k9Hu9}uHhQr8(7T05gN@66b_lKytoWr-FeU$nEMJ=Cw7P_5D36ietP7xz)#?39 z`BBZ{9W!@;u?8AO0U3Y-~Yxyl4-bK5E_29ZObeMAQBc#9-V1 zXT(3c^}m%rVjRF1M`OV4&O3mmxE2tNgGh&~BfNgQz?>0;Rf}=2q=VJnp>tW8J(2VB z&8f|p8UPaWz|cxQo{WTn?H_@sE-jH^`r!NyKp|C$M?h7wk%W6Ndk64!+%B|kd)#_I z7?b-kfiIDdo4zUk6{&q_`L3y6?J#W0?QV&Q{cH;Zl;El#`B|a-@qkB1-TFUD{->-g zadGMKIF7U)?!LU78J>cWs^^pTRFw8Eh2eCYP~mCqs*n!%9*?-bkmGN`L)_lpRd!^U zzV5m)xXmDU%$YoJaAYOG?w?^wGM8~){&G`<%cL(^q zg=MM6aEK^9Aky@Pg^^3n|H;b$qll>8FX(MhQWi(7W>G+x}uJtcOrN;@h z{HOaD5C5Nci*EdZ5fliqzFH?cwm6>uhg+MQWb?I5yyfhxndx36v*pfDe)hd?t+__8zQWqomoeJ9SUefPy$S;IA}g=SM~r(c^ik6i2!A42>5@$)tznM-Z@r`3_Lmc-~cjj68i+%sS4HA+L!++jQZphT~|CQdjz z-OLtER4wZE-pD+-_gU@a8khxhSGRY~P6*+YM7w0i)X5n*jR&67yIxVaEpfhGy#q9e z+bCY_7U+-YkDQdoK|YQhFeO5oBA7`RmPjI5ixGT~jq#^k_+K|3%9WX&#~F{snuGH0 z0H)pUCWCtHU!-z`Y_!`5G@Ri>-VukoEout*D%C?LYN1E4dlz}w?uW*GmfItShy%g& ze2Y1>p?yf#ZreGoO%Ij7;TmW#m$|n@&vItyidUwXCl;^980Rf7q}yXTt~4KSf`RXquure5mMu>;ni!${M1Anqx%WG zU9>Sz)0PBxdW=ATlOy;SAKB~Dj>ooYBGkk;uOm3TWKYthb4DSUN3^(Sr-cY#QV=59 zNg*}JXa%8lxUk|tuFF@24(XM2)pEV}8c;UiJfDo50AL7HrTHq={py@=ATO$E9rJT9 z*?P!a>iro`1yKXHvSwSx`K`0Qas#(LD!W>F#NfG650(6l7$^TbfYAGW77m0`e+J9j z!-f-+MOK?MuWIMIdgCGcP;h1}L!SX2lGt*D0ql_yPeo9UQFf{QQAG(vX%^5=^*looDXi(dPcljpjF{+ z0(~ijx5HFvm1y$vKSJ>%jlCNVi!#y1194l0L)Yeo-pt5QoyQpK(HRSBzI*cp;lL>r zv9BAhrn1eQh;M_5F>@GKgK@czC2vc{n6#Vi3*FS}r-jJp-p`}Dur=XwH-6KB)g1Y*Yx06SV&V8YDy`2{yH>ySJdz^TU*S`~@MdSyU~)uqC@1xJ)s22u zdRu%RoL{d$c}%TN9D`^^1D}cOZQ+LZ8$V!!e`gF`YlEdii|IC9CXgM2aQepAqCS#l zQy*Yi!6)&ffKOVvy$`X3y5JcyJY>s8I6j~<_-6WzU`{)8NoTI)viPuhY@in zTjt^?XfpGEl10gk?kGF;KM4BwK&ueau7>H?viz{-2meU~@fb}o_x_ozQ1vs^((_-m zR5pWAozH)pi>MUWy_#|mG#=@xzRttOnip13W3xAj>wjOQUz?aNh4Dt5g2vnZ)-oQG zMvhL{y>AkeN16%Etbu}|3s*dn1K9S8*wa=kV%r(3qg0Zf_gR-d9D>?MotBF8$d*t_ zWxLc)HxJ&B)jAPw=FAX8an&a%hq)$-z82-y8}^-;l();He?m=1`@1^w`e4Wmhz797 z-DhqV*O0>T+GnAcxBI9RsB*qmOSi^u%0a4@n^qKGGXKYYNs~}#XI%ctC*Sgi`i5UD zwM6a!8e9Wv+1#0rQ@QL-f@q73gwld&0e_|C6x{)qd%#y~^F5h4dw8DZ`3Y7ctX?0- z7Hqtp4uLD{IC3@xohPBQAgadrGN-;C3EPMS(=2g?QGO1lC3Ch3JycmqDd5I&H+nqL zy?7EGu6x3y!ARUZ%ZLTgZ`PN)WZO_|uqoHgS=cG;k#lS9ee~z%z6FVfiV>O-N0F=c zl>=?29o!}Mx4Y90PbnDZX?eOBrDtYBpWDs1oOAKE#U%$i;ul+ab)4B`7Uoul($4s- zTk=JAqIPpPZH@~BoY{l>&F%nt2kF;5jqBy$;tK_rFr}cO3_+BEo$?UfwRHt87gZv2 zMs~{pa>`dJz}Pjk8OKZeO^Ng~AmLNS9Zbz zyyKR)3G>HO!0{W}AI9js!8LvCxfo)k5ZQ6Itpx$e$k%Y;?yxVPIX+53x_w1sqQ2%h;-!8q)+jUeY&X1 z-*m5*i=fR&DEYwe%{W`_>c0Qg0$moHk>yh|v@ODpaPpB;m%bY=h1sbYttnUAW=d0r z>(a04q|WzlR+d3jcfK)H&l(XgXE@F#2bf=V(2KV%CVSQq${0NG&mDdnh`_o&>ZI{`|bb&>9=6m>d@L9 zAZZZVxG26v_%SEH@lSf>Kcjrj6xaC?vOn<06Rz&jKUj)_u5b{G6`zK{|3TogVej@v!e&}mlV|x1iKScac z<*U#Cr`8DnF(;tV9c1DcPwUT`|BOrL6hX;UA(bd)>?rUF1L?}SD2U;K@<-R)V`{#u zFpIF?)lpm%E#v;o|GZ#}ZPQn098|PhzMZod+co@^?d1lN&i)$fk(}I!_Sv-ja2;Eo z*-*cA#8cWMdHkI_z@K>ILmLMV=Hg5A$9I4% zaF@sWt=d)C45Mx%*KEJFyjwn^?|yl0uVo*in*ZFY!^RtC@zKw5bZvUJEd_x+t&D<) z_*S0@ik5%ZS>Z<@>O_@bOJDDt%=yJLw$6Fq#(@OKT!`^SE;|$hoDoqTeETHecKD5C zzjeF!gQrBxyjBnz=d}`HRQnm)uxpZGmvVRAz1rBYkI#rCr0@kl{E+)2z`9R!JG5Pd ziyT3=EA_#faVPiqrbVqhn#6QfS3W*NJzDlD>{azt?yzNb9hBv^iEjZwuGIPyZx+`~TX#o!MJ{h`O+Ii9GTVzi~1 z-Zu3WO5yKlV-S5&!MXpGxiDOC&sLC#x1?uVY#ecXyzSY zmK`ou+-`w zBS@?A;VE2^HjEI>2yBiX3HCwSLfY5m$k5yJVmfFHq&O7cJ#lu5!?-3Xx0kkHc|!lS zvH-_lQ^XsGpB4f0I6@75nvtJxL6$}=&J;41f;B@FVzGqIF*Zv;A>9>+OsBAamJVa_i1*U4OT%@8*MaxT_k;f&|pt6)AU zy#rvK%%fB17KmpSy|=YF$jTMm)Yg`OGnctcu;%wi1TZ_TO4|tBD{~BSniliqu^Lk2 z4cXEVU-fpXWx&v)v^`4tEI7KZ=>_q0O)-yq7&)&uFO#n~Db$x+pPWci+wiaw>0vbz z;>>E$%_LD?w11{^jyWN*^Ejz%>0vYEz2CGBAgB~0%>*t3-U+ns3jEzbC& zA-=%Xn6L1**j5BfJ$rEeE|hj`V+G^!8*xkpKumr|n=;+c2G67dr{3*k2$XzVVS)HN zgJvGhcvLktA=;-};zFMu+=iCCj?An-LFKokg=_iJg>X*-{8(+f!{OKyv9>$RSZ$?Tvv{jZaSrrzl)9!O~+J6`@<7JuB&%r8(R3?XVw3DujG7&=>)W zkJRj5JI=b7K+>`7=-SwNO>NcS8^-Zn4D-0p6;)q6YF(kKB65!~-h@Xqw^T^+RF=5} zw9Qc-zEoAiY`u*om$cX|)>ik7AjENuP7S5jfHUl5#dr^ic84 zzDU+gLf@Gs9fD2x%2-w)p=#kgam%#IHU2^mcJe|ejXpb!RF5<~afwqKbtLLyuPRtA zsR%tBqHzjvS}F<0f39$JI~>)?4!6O923dt{b&WY=YBMUbE8-_SlT`9o3Vlb4w8hZF zPt7l1Xs%0gh<+AQu4na`@N7vQV}`q0wJQ<_a`aB2iU;uY{tF|TgnbXj!QBF*@il*~ z&S;L_3zS|kdk?mp6cs_weg`saf_Ee*iwEDBR#qp@81AB{9D`@J68gYfV5s!mP@slvHMXedbEF% zfdmkc(TI-M+m4l9l(lijWfhydTbjC?=k)=qtH#&;85D@8#pKOO@B`_>>SRb3OOf%J z5x*$tYJu;sr8^%!T9dU@^(&8=&F-}Jq*R#xQWkOyk(xoZhm_X4AVeDRW;HGqKh~T8 z6eUk^R&H8xa9M^m;ne-- zyy5D`)2@K(4OVS*?VzJ6_xHOCRY4kspBN9*eFm}M0Zn!pK1lsWadCBNe4?q_^N%?^ z>Gml{99FbGsLw%NaXw8xxS!4}dNbLiZv#N}e!zI)hK?m}n`VhIHwA%=)|PM61e(_K z#uzYXaVJrUfttAXdc3(F8UgU&>&8x}K@W&{tg+OzY9|=ekGv`Qi!i0TiC-VjPmD#o zBs8eZ`+A@j%~@7f@+K7)PRQ`v&9k*L`Y&n>8W^hZmqolo4XF~?p8oy-OXvOXEO@Kv zC@Db(PbP~Y$R0UQ2~0YqVfPp6LN&}o;a6r?Z^k3|r#yJyft-n5yI*3$-i=;GXuZnH zQ-0<7@;MF(y<*(PYhXvbf+K|8JZ>Ji{cwR3INJf#+&@XQYSkJhZx~)z^A{dSU`^VR zG-PPv*RW61vGkWm(<;aH()1}nx_=#xER~*@k%Mw^Uo;YlUJh#b*^^qjR1zQizLxwR%=Ioiz zF6y31QvgW@bhCr|{IrYo!$GU`IC}{77Mk(PXUKs*h^rri_b6^7-Q14ckJrXq6f+TN zM`X{SpSKndAr>RA5@~SeuOw|%3mT4Z@2lji>bXLF>bl>!8TZhpmC@3s1p)p_ql4WJ zbHV4byy?}3F{NL&Fd{CMwBE+6pUt5kj7Hag#q}Z?DqO4)ip6X7 z1?GY0?}hCm-zq^ba2hGdH@=MFg4}VIHHEBFMTzY{b)1L>=UAl>KSIoW71okO@dXo<^`;JxVtf73f3HD_%sxXzbvRT_Vh zCd%x=l{z;O&(KFCUsY}%((I$9Z1y!HQqLTJMus@4E?LvfOj8+m6Q|;{5lTC45|x%Q zDsc)33jk<^>yYGLW(S+eZzZ2MrC*DHm0@AMPaMn~JYV9{5B0r5ha$nAR#$2U2}zSV zP6(r+$p*H0?dTt^y?WAwo{8S4Va#*p>a9AE*VOyFyRd&37U4ID*6+tJ;EI-^7We2g zzmrVqC{9Cd9~FW}ZS{&vS7XA1A~eEB}Bdp3?u( zYBy4e)Hbp9ZHEo78wvy`v7Ae3rqvqTeg<@$DF&B0^{h5b>1|X0i^5;EBR~vb=hM+S z)dCU82PlM>xOeR;m>9Z6F1%iEfnS>H93Cx@@-ZEmis?%?5Kx#eO zT8mC02_B7f6u~yOuo{tHBN~``&={~=oOCuXI&4_$>akW8`i&zZV||_Rfs99Azpi|t zI(ct+igUPo2UpjIch^`!FtUjuBqj_B|3|Gjs`z`>km z7JLrQ$x@Lj&U*bZvW{A^OF&%m_e5636T{WTKG=)T@obbEV6T<=CO@TL7DBmR{Plrr zKL=$4@xb~Ro@%nh@ajmoPi2^ezwr}&j1{W|cUV#BFGh&XPgVdo!5gshmCeS()9XxF z9b<3h`tsVP5b=5_J>(AHe;?FD8~?!r zi4NOTNpr?!l^P(U=R!+VvslE&%FC;W76;r5ZYn%=EQ{BP5?a?G=&~_KZ(L(pH9Cd_ zp9hx^a8EUcpXC0ENzrM^VKOyYm6L6W5hHmfmWL=ND(kE0Ax(BJ{r0amp~M3x@tfA{ z^+fWeHJ>mU&&G0zx{$l?f4pZW#DD&$p$|-l!E&iS=7qlAy zj6`eQ>-?vMFaD3iKrb!lcUt=$BruNrUxiu)9nEHUODf2WG&^h2cu0pRO8#$%i-6EY z$nZ(zrBg-&;N)Xu6wFRc>F1H^xW~OL>bE)*F3A-tHxo=xi@x>rOv{x94Rzr7BgI;f zhXRUJ8mP^X9nYLbchA=eFd`ez2eiE)1CqJjjFy!0MCsl=J$a(=1HLMZVuvW-JjRa6 zxz!D3mmg_e60-lCn>i~cvEo+{_8C?PkSrVKkd-^$!PLF)XGGc79?Q75m0FtM^nQ!Z2ulZh8 zmkiGvpWYx71Wg26cQKPx+(Uh%+DQ?KgnuUZXskR0*czz;TbiAj+c?Jyp=AAb*hy(0 z%g-(GBslv%&w8?|^ucY)=&3Zt06#~*c#e+1kgkQTiKPj+F4LppSeaC4?sGQ*iMf00 zz(#C)#j#5q2&+@Rp)P4gc9knaq@(TU+>A&sS^k5qkl3& zfZ_x;po~bi<~X49j_)dL=~=SWSG>74PbQd7*j>)ny;utoPle=N6bX=&n&62$3*!flH6?7qLotI)awTdme}=f^JF?J>vNGL)Q0Q-Ma#R7MW~a)Se}k8J0v z8!>M9MowKF{cvlTMk*_PmgZIJO)cYHI$EBpOgMR~c++1rUsqGtaF30*Kqz32)$YiENKcy4?k?zZxzskEwmX3W>asz%>@GE-9JFMR7K0NiYq4#M6G^>FF_5u7+%o zI=Q8arPXhp*-u#_&$mnJ`aT*533cFgg`C#dUdTctok#6H+J&jCb!i=|uDR`+IVyFF z+H;ziN75bZ+hJ~+{{GR$A^Nq$DvNjyzaM_hJ=GYAXHLhBm}M;c8$rkd!X^K6v_~%wyIDuG7famTEM? zUf!JJV@N_XkH}`fU2yMyvw&q-&4Ko~F2+a!V|gN?SZ#GAfl*L1dQ2bo2lC5E1d&OG zu<9e<8v)afJB09W#f~|@($cU}*H_mh?>$GPlyC*SPFS?>RIg!bx_C=nrOQ&r`6Dry+j70=`n$dO&beSq?;)s zp&K;>RBXPsHE106I_%-V*V@Jv3r7o!J}|Y1zAw~PpYFF5 zNJ>GE>^b_3D`roGDQy5jSr4@@M2#z2HddaHgoL6Vs3GLSzBXwo>PhH6*N#(hhJmCUoeU;7UHz7b2T@1 z%omB1%XO%EPG%K{ls<`dX-U0P7Sd|z@Jb!TukT|udy$8<7db9dQa8p-IBONh$HM4p z%jv{MK!Uf{+=LM2+d&_A(7r+X{C0=zke_neqwffuUZ4jg_UMr(SUxH+7bKI#xsBf5 z0sMG_Aw{q3pp-OXK}aOOe9Hl=29K446|E3Bn!S!0V=(*p z{Af}%-`W^SVmYx5{bTStV6y(u!hD#ne(;q0&DX)E^RE$s>CXBon2oMPpO{w_>kg#W z@-;6s-K{Y;xCYv@r?kw+)SmTPn-YZJteQ=@S_T`fzKIH6=UxxBSHEz~v*02OxMKcb z%h8clSz>W6x9dzSB4!I9deoHq!iS7Vf-|Je_tn76u!p%b*L!|(^E`7ljm;_1B5Q)Q z>4#oI;pJ5yqmrbivH>9zJnh#k_*yetxT@oBR;k&{DFtInvl#}=oJBimMPCD~`vOpG z&LQ$`=!>RWDZ=RbN z_@!Ik3NrRTr&oJ|Ki)%$B|UT7=>bzJv)E)=rzQPNK_mfls?RHB> z>-x&-$jecF>=9NzQiuy%XJE;B}D>}{)R||={4oK#j?E!d<5dWIazj6Z9+6Am9JWlazj=qjy-DP7 zQ!&hNFSSO4O`G> zgN;x(o*}+)c-4L{+Mhi{2KOm8K$?eUOV-W7X4JetPK8J(jI)9|QOd3(?xp8%uhF^- zL8!N{=Y@5m1#xXV|5i66`q%4b_OR;<@_0YO_PJ4U>YcJcH(~X)3DEv{*wRR<}lE)rBU4aTURM9*t8F}LNt(mEol9Hg~(4YEz}8D9DV1qUI}^ytB(0wZ~lqGx0bHd z+hi`-@|j53-#c-Q}F(1c1fVn%I6t5T7f)w`~#BUai%S6b%S^&G_ZkXYp^A|4Taw>Ts$brhe{ssyHkGaRk`}E{;OYIM!drq^qVoXzxAqZ zq$m1Ci2hKw`DakbG@z3RBm@N%&;>cWB6Q(?&3$H2NIi9%X-y?NsKh7t*b9}7&Urc0q@97(Fm*Xv6doy=bYBT5yuDo5|Z(b^VXw6$f-26 z$u~H`h&q?%EkBU-gLNhoq#IHm@fyMe=977&A`(Wgc)bjGXrTVkG*lKBKB|7q17wgg z-Rg9#uC49jGu1P6bj4s!9W$lK`dUi8vszjoWw%RZfjBDLVe0&bCeGPk|Bz$FsV}47 zRbW_43(^)`mR5uwgDFQwW)qU0wOr*ux5z}m^t95_oJ!pq>r&V9^XrK0mmueePi5ga zLNih=ZwKJiw4_Txb^->eeK$^h7G>5}N!OMBM-`Ls#Hk@8eqb&SfMy4F6CvmM? zTuyxDy;5lH6P3=23%!9x3v`C9h?KMl!KP@Iuf`m90hXk;)n5)%%9w0Q3NjTa85(;8 zbr<6BwYQ1($>v*cbe2&Wl8!ia1aO?g`)!ZtcH>1T9G!w}8xz98I3zpOKHL z^?xLVvyJPF>}+(ujWuJikFcxsNlO*QleZg|DAoWMJ5Ry6w#j~y!up(2^^}IBrk)blrMuh!L6MFdFs*$2p2Ge7rZ)F8RG}r zr>JiYZ=8+sIylQR6)5nRbyL*5{j4xT9@r0f9kcb^*KZjeYdZ#Gn?|Z}WY4M`6(?q6 zLPN9DBJxt#bieM5xyc(pP)5ZZ`Q1yvw($+kI(-QV6}Npef|K-%p z1M?SLVk0c~XJU@0wOvKvsr**P{FccawYnW=5cTatM=GJ{gB%1*8IeOW=1lt6?5yhA zy=J}WWHqy>baY2y9}k`nc|R-I;}-@WlHLKN;&ol#lux75&4NINO8iBy(Ru^uL%yuK zTG#sH^L@DiF3A&J`1HRRFL>i9Oy(C%RYEyt#h^c z-GmGTE5VDAoW_FhP`YA;Wtp$e)em-qt#jv|nWrTy#G$&%VdK%J4hUjo9XWe@{M8_qb?Fa~oDsZY_TwGW!|g z&;3yv6=Ori+5bKqk6|{GpMp2mb_ZdLC81M#_RQ9}o6fgt(xh)^6%pz+{8?BSkIxc& zY>yw8mp*S&1ndpBO!2#!L}zCvF*&@ai0J^ro)zu7GL_eP-aG)hbBNst9CSB?ZcIq& zGL*Puo4}5+p=%8|#$vk0tb7=m#}-~-pO1tmY^CnY-!ZL}_C7j3;th?ts0l?t{? zbA6+zsAh}s9FQx*DkqOWFj^;Gbit)wA9}6`vUOb9BS_-;4mwo!8+aw z$E5b-@{0nv>n}#xCkrYyEsn~^OD>D}$MxZf*BQdoQ%UIiI^JjNY<1^qPZd;3gQ!wW zDZ}WxnEmX_eUu$Za^OS0?_&+29%FxB1cGRsTvttOq2-_=_%mj$x*$Ay-LV)_+_-8b zCn29QMjf?qizikUq$7yxccff^+3OCgck}JsTXtq3Blbwq$KoYco&EmM_DeC$??o_G z$w6i8UdTr)(Wxa>4Uo!_*GeH3#jFL@0&kUkcVwNq&-HHSx9Cyh%~(Lj6?Hy*A6&yT zB3`_W7zxG@Uhv(NdZeX0k}<&IpoMpE_L=zu(`kKleqlGd)rv>(mrFh&ojQZt=Rs>v z4_QJWRYj+=4?2~j(?+O#<_5)mChBZo8qx3U(aeaHFg}B$KoMFmD?4C*Yh-Iq$$2hU z@se~5HAG~|O#cZ+Cb=_ht#Hetm+nM%rB69UuB=-{nZ)^H&omdq+RsnobXoWBRfSCK z5>Uz6u*CsZSx$jiv$Gd#mOuROKGt^bv-A3Ui0P+oXtJh0i2I7{^Pm7g6=YN1Nel-0$}sk}47{7m6!qMgHSDB-#-M4Y$f z#achc&yc>QmMv1-P*NMEfP2tNu|^Y2@sw{+8j;eY3DF?fTU^$?eX2b;mM|vDHGfWH z^D2Xrtr}7u+6BENkI=GxT;|he{gU~x2|##)x~(0uDYnx2ll!05YB(<(eWG3GV(mrcHFfxbKF(FFQ%{Oh@0h-4tD^8kMF zLmC~z#MAjRliuV~sqnx(sZ!Nft40s+9XuG~)^#S10*j4$m{is{?v7>^+Goqccjpi- z>PJXk*KZ9V5qF2QT8+;iRnkzx_5^c`NOasM{-2GmwPbzcMKSOr%SU4%xFERlJ=;8&Lk+82%gB+N5(=4mw7|g|z zOg7S4DuD3`w1Cj(p$u8yPqoVWw+@=nHmT=KU7U5(k?Y1;sC`A|7Mbb|k4PdQIWlf4 z8_6ES8LF%%fluH11d8KlAy@DwF>W$~`SPcye+F^I-w#H9veAr4CjX*d*OM4R)2A}i!tLnZ1v?675%6xJ z!++DS%cJ`V8J(UGuu!|~z&J6fw9;(npaY&#_8YNte>S+#;iH;i^S}pLu~9{z4IGQ! zec*tK=HFlEWoZ${!U}A@ru>y1IN!&nc=rfzxUee-VS2`p?RjN|mA2mYkBpQn)!t+I z+twJO#ASK{F)Isb1O?`9B`eSn`@S~gVfNAehyTU zoHT&0Z&_&4{@*VJo$#=~9Zj!QkiB7uk}0U{T=2yz*+FfcC~PfKzt-?#((qysH%PtEKS*%hKW@cg>~U0ZQ7?c$rSz|osxsE61I z_(Esy=^Y@&DGGK{2dt)a`6KwB{ZY)F7FMJNH6h!As=|aw^y-ufKasr1<7%SI{+K{DH!&VjQQ_4Dt$W|b~-}9RU_=9KQJlm zCp*J_Rx^4XTj8|l4)C@0RuA^E-X<^klcliZ%YM@HIEeOY6})EfKN}6$R_}kdRN*Hr z|93>AkOW>LzK!%r*-&Ak!d?b)ea(|Ctph-EOI*7lQE3!;mgGkz--L~Js{9j4&`cz0^jXC^r*aU2ciCOjq-Rf7TsdqyigECJ}1E0_r`XGLj>iXuIcjV&LDtd66mAb^e zw^r2lV=-jffMgUg- zSu*ewsD8%1;nc<)DHzS7W|=zM)*9rD{Y-==6t6Xx#&%*MT!IzQul;br)TLOoa^RFm z!GOJVN>8KR-Fh8BDHi^k!N^B~Hx!Ldtu5!+K31NwJ5S~8g^zrnqcmsb&fw^OopLzI ze?u!D_&+J}3qfVmbONy?6XU!h*~ZWRmh8tCv{$o#BvBT)<>C-{bFm3LUxU$$Z{O#NCnf=bq^yd*U!udxDx~Ae}THguk3v1)$LD)-JRv#{b zFArga_Z3EXVHbL&G%!*jp@H7?e&^V)8|mAQ->Kv5!FPVb+)O@b;FpJel~%R-yJGe?U68x*heJ?vZOcSd9VJEM8HBttzMlCO`y z-xG@2(!vVIVH`L?0ApFnf5T>l)0*$xbPfNV0Fh4mf7W^f<>Fhz*J34>eBOkay=$-R z7F#bpzh-yz{AP)p@yb}1OIQhyZtB6?zq(rYKN_!Venp=w^8sz3il~K$eMsn|K zkzP=j(q0(OjZAav*IZpq+_6OS71xf}_R*hCQJV zK6X+@=Ptyv^)S3MK84#zWNcLKfXORwy;8yMDM(}S}+0CWl#9CwZ&iZ)i? z`!b*#(p!|lUNHW(J>zM4dRrBQ+PWs`u4tvpVb7arHu#`8Fs49$SvlhZmaH3r+vNXn z<|1`EbCcYp8j;PzkeSMCt4V^UJOYuCCGRV;Uc*e;;43+SuP!Lbh8=5g2M7<%$4$ok zW-y%IYcwa>4;07wdXX$NRK9B@rR7WOvpAtWE6X5Fv24ZKmhi}3Rb?tuw&xr?w)4$C zQcWsM@gmxlS?xuIj0dM^-*F7-JKLM>gi(&#U9U}M$kR8ajE2uDwweIQ{ChM>7GZ5P zC8gsOUk;*N^9GQqo&!H&tQ-&}O#nk|4z?=Cj;+|b+DH{eqy#58FnXR>?Xah8)t+! zC`5*F}9HKPda0}iZ2vaxo^Cswxv*gZeD zZEpI8OhRw+LB7i6BZ&Y_sElbf-?B0V+8PLoCAcSYAYW)#uBe{KI4F-+I1>7GX5t%Y zOv&(|g&CK&*-y~3?~C0dINcQx4Z&Jh)JRqp^?La{ zhm;P!Z6~zOU&)95{Os$|VU9T3!D*rw_``e6iJbQd`HRT!0=96Qin+|+0iHbU&%xKGqwN~CmlycSwWbM;AH$uhkPx2aS ziqp#kje;1cVtUhSZlKF-*KD_Oz%t-uQR6k+RM<|x#VzVoa@4JUW|jxn$f*v|^^3<3 zZEzxD|DX2WGcKwxOBXJQDk!2LAfZq|GN=T}B_dfwKynl%mVo3;2`DI0KtM?)Nn(+6 zmMB?r&N=5;fp^=})9t^1-80=i^M1Maeo%H*owMuI+54>UtY@v&aaobWb1qVq*aJ^e zNQfx6Y5Uu(XjGtT|N4fvkM`_KGTzVWUpJ>;r#Tx`(c$Zmh|=?rkYsVf(^2i8Z|Kh? zk4rLI8IduGEukzFXRV&N_G(WTe@tqDbEAp0IkOJ#$o`@oraUIA^*m9({Ie{(IJZp=@#8 zhaoLG)kVJc(l)lta)#j#^YJAxn#qWI*>viMvARmr55MW>mSwBDzLz+>i?o)0u0JNe zv45nR`GGYo#VGlW*8JRFR+?%WpZ$%Tt&ApwDWXvJ&$#ea_ zYX0?rUvoh#bWV8yXSOwLGcDEQB?+jtw`cw$ZvVwPn7^O*PYZQIaouMnJr1$)GT1iV zF&X_IG_1py=MzA--i*QR9rdO6xz8&GQ$j{3n43~R!?+%g<0 zS_dL|lpd0^meIZk){@T<{){+JpGyDcmgDmaed}tiW46J;oVlHGJN0yky0xgnh;Sd# z*E>PRtKz5B`Ua;jpyySuDLTk;eYpK+vDFLd{=~qBXo+W~eJO^fj+aPtT4*@DRt}6L=c+yN4aHnS zWkRL_G+b%;x$!*YORmdL8|How;ct`OxRS+QcEi;l7jTXf z{uNJn6PJw3b=3mKYk`F#`Qvv36wQgJT6YXFX!FiyWP-mLni({ zk}zDn+0L5vw)TaC@e!tNlqFmC0=xX=lLh9e@7kk_fi|FIvV~*hlAT=gCmR(Vehs^T z@WSC6O4jBE0#;nc^hv&;^ zEltsLu8BN=Fuyq`u8eYX5wooCTL`-5RD3#?iXPrsGr5zc7W*Z23=0Et@M_Q7di8DqOPab0h=+2bTU<_NBd{WRJnCwYeo8v-i=hEMu73tisWEq&4IV zTIQHBPYmV^!t-N?M48mm$tivu;-p50C9TE1fO#FMIM8YFw8&FAI zz2mAZ-$K%taap)k3ApBR?n(S~OwYG)#vYp>Ysa|-%IF+~8DPtLF26=NEDLk5==mLv zKbebKwI7VI9V=y}>0&ECq?Wj-_4pBI1370?TB+4g_ioQPXXP>6n)OB$!XNlFBWrJS z3hQvJeHbC$+9Kn!hz$mVZkA_r*6T~mZUF~&F(1=DEXFFz*7z4UJ>xXK*Q%CC#jbB2 zIk^N}B(vON4lTwo#dASHJ6h1~!m2;jmiPZtZTT=9+p&|-$mH15i(kV%Ql=48jt5y( z(v=)x=%Ev2Xgh1iYc_; zJjyzxR2Gfx+mcPTykSxlPGtiLb@0mpJoa&lM|a3_?yG02 zs}@|gayE1mJ^bn5Z6mhA)qDP_b+9hM-B+HozGJ0y2brhMk!A!xx#PI6n5&Q3Z?-b6 z;5-R!?|Im6_qRPNSk0j}@(UHFM^ryX1bbbNRCy^9n@P%ME_qSB#+to3{@G^Z!eY(7 zBXneKL-x=Ot;r62)aZKHct32L9&wxro3T5VMaTH#@WC@dsbkljFLGq)Cg$ep+*%$5 zD_nXJ*@Y{EDTLy#LQjD|@B@jpY^!h#-!+qpw4nA~y^x-jpe;e9YWI2yXxT5DXAo3* zhxo8YkJV-a2%-zt&H%(O%@6~8-ofPG=4eVvLsJ2dK>{>@z&*#6E+O{LAZHL3|1-!f zD@4828RSXr$u%&WEQT4jzXqm)oel&_Lx;=APL7Ui_s9-vL5Wi&Xz{=WJGln`ZD!bS z-S1ZvL##E`c*HIM1$07>X_+U9P` z7Bn2Y(G{68VJK5DHZs}D_%YeD**LwG+U9V?wtw1Qe*VO55*k$70S_!}0WzR=R|~Pr zLiX2r(tn@7I9q~Ve@biRT1{#4s3M9#&oJWCO7KQ6 zR^-D{IV)?cmv_fo9d8d$8=>(EA+9_R-<)fe_#yxs5q7FsoU}WG-2JsWTNogK{&Wi> z5x?E4-xtRzenxRZu_?lwycKNsJeT#C%@J;{J+_8q3e3Y7&ON4#Q$_E z9soq3A;_;wEB<})p}*}44Q>j=UoH(ch}ps+zz)d+|CDn7!K&q(C;uO`tpi~Buc3Qe zJBUT-+HVWPD*rqaTQQTo>-5~&%*j2}#;qsE{lOU|^azx5mputshR^f866ca&?@P(f zu0<&i3h6>Wble*-yvAdppEbf=eHB=@nx8y{G)E$L;yu3@G;1E>3^Pt@=@A_;Z0#AO zcjfSzL#y6A3%d&xai6V;x58HogZt& z$bU<4*H$rUw-I$&c2RGc(eDoO5EE0M#>&d@FuAAaQ@nj0j$cl@ZN&L;+q%>lwOoj> z7(-QWyz7s;e-r9f6=uYTzpP}UVqtG-v;N8Byixx;%YeyGZilf?Wl`r%L)zCjxEO;3 z`}TO;t|(guHYW|q!4+e9FX>onmL6HqRb~@>dmu;5BeBxL7#G5sT~Sk9xZAnW@$>?% zF^wLZX|rv_6r>MjJzeG7RhS?=%bXrAIG*C``{O7(7u9K%8p1bw+uPPYd6>taK!rq& z`O%x}qAogoQH)NsviPIb#C0Mm6+;bJs;3DP+zIeU5~^nA_})Q>jQGbxlykAM=#>2J zlCT>jwd6Eb?;1mkjimLvhFe&zUvu_3w4ZlCar7w{Q~M24_}#^|y&>L3WuSOosH_=x zQmE(vMfi8J_$YPuR15n0X~)tNxsTL`O=^5IFdWFk;)$Uf24DDmd*Oxitn-rgASZVq zT|O&(J}gT;SAbSr^`tB8YhaE$=r-s7isQ%)+yAbVE0YT4>j_oSM-6tGwwb=YKNY4d56DI@}Y(8TZfM7skKVq?s z-2MD#H|<0j6PS+hft@OVIwJYvjK2d^>AZ-!`Z-+r{oRaJlBwhEGVoj|VX`ctO`(~X zEO$QS?uV1_r?s!I z-2 zMe^~J-pRGb`!^_$c}z<_FI?kM2rkG0?a&tLPWuzMeFhI4+CN)wim7l%uHTQoZqhtr z)oe!zA&;APY!wJCwATC9l}+KAdmOLni?a4GnH~1fw}&9^z%|XzOiwR^c*qc?)fcUol)wk*r)$_ zbN=)g$CvZ`Jf zN}bnH_mU{y;U=55f7`nn=Tly_S5vJXe532Ok+64ur*pd=UCWd?3^n;}=^qk|C1r=YNx zzV;Qh77PEZwAuZ6t`FFv3XObX_H{GZl$+hRdxP9d3)tfE)yTI5Q9)+sykSxH+8wD{ zS$OA#7(*h5$B(1V7agbh-Ro71lWC!S{n}m+QxSB3sNU+~$O9o#BNpYMxW%lB&lB9qiJ zio=33iB$J4zcJ3wxFBzC_SsgDggWuOjG{q)ews97DV4JM!GB0iVe*AAP#|>Ty}CLL zb3)xyeDhQjjwY=ulHUm&QofS@3WWd2&qNHxO`V?0CC+u(A;SdTNW;1U|KRJ5Z8vn+ zb=)Oo^%E#%BeE%N8CY;h0i0{yk$(|)hX@)Ep>1qwD8JM8#ut4$_!SEg6f%~HI>k(b z*wt#x;67c*JGm}+Gv@#oj?-dr>iU6|o1$pO{v{2$Nw}u;o|JTP(#K0<&YU^2;uo?x zGA4u$5s4|nPG)yuZ@IU`v@^8EEJsZvudWtoYd5%ZWp_z^BqFDOL!(l@ec6TelArW6 z$w8kZEmm2z&!N)u{!=T#`H8mq>^cU@7c#s*L!((Un$Iz%=N(6;=$-^qHkYQr4*N&n zracb1Gy3-NShz6KEpjXzAoVT2O)p&vn@_E)li*HHul1Q@{NHzFkw;Px2DUkj4!_tl z@yBPHOjST_JTE5E3)q@5MVUFeo1R8R+)lK3b>!1bGqI3Bc&@6k-fH2=!+cGq_-YPR zXhWwAdL7(jbBn>#kTjdaKzcz7=4*O42@(lz1}hqETwY5Md8x5;9GHUqKqbM57T+3S z>Ae*2t#OY4X+~~Fn_v3+pi9&#N%_N-iRDp|OU_Lqk4~-LI@xJkL=gHcwd*kv?@_gL z-MO$k#o$lP8B^?UPS-Jcv9jnVcd@wa)4Y6mS!&d17f5{mruE^HZ(dSd#yM?oW+T#% zm){za7SrfH_DAc=>2B!sSg&*GxQdMoM7S7Sv%HH=c4uQv6t|oVoKw2hP+zKX}V(-+9S(LrlWiBR8y%Lc#G`X*yf;kdQdZ_xm^Y2M_aBNA+`(9k%FekhaVT4ngJ9 z8!}q0jBl7tSZSKivv7$~+S;e+TIz&kd|Uo$@Z_fs!d(8=mysvb!SBbOF^~xUBy-#F z5ZzHz>_Y-n4XNEX+2(56&&6LBX4L=EnYF`dk0P9ih(`D3146gKOH&`J1ZL?;p5zVH z7F%8Z;%d*VWI}3pvfau0S-n(b{k02$HA6E}Kyel15cr=#-f+q^TO+4A+kfnX)@G|Q zrm=z1vqSOTP)R=YOn>cDP3SJDkKtr&nZ{r=^kdfr_ zoqKVBwa+ieXVv0X2zww+vo;fH9VFFDwS}2MQ|wWB#jA66iUnW87xw2gZbCYBTIiMP&?(ezp;~{;5!$0kb*_^S0nV#Am`9A$+Sw_#ZmFj zDQguWg=teR?&wF7j{VyY1bb zwsqg`Vn*ac#sz=M1>b>HMtJuYRq4*fa>MHalWu3^tR5jpeNJ)?)YUI0=;k!3Fm2$! z7V5gJ{3LSeAm!HlN$Srp{6)WF2F=fZ$Nv93Ci>=m27zv!LG(iRD1Q!#e?_#QL9mty z)8rtqO>=}^+n3#p1J=?lfZGTB^3D7_)BmAw=AA2k90sDRA|=7ohGYgxW}eyQQHQG& zC9Uw6$Te!{442naui|C(X&l9I#LO6!4pgmUU~yj@;NeZEC-kY;4kyuiGVru5#Uw;4 zR8Oy=sObmj6=*tMCKfCY790_1iS+a%x6mNVc!(5EAM_;w6&l)%$((gXzC`rU1_ zqhdo0rSci1u?Ij|?cb4;1Bh*P02*9-zyJ`c^G=DtRPSy=9Bc6YLbRd{$;6PCwGF>d z=TazpiiH%e%rzdv9f=o=(RpLl#7_waw6p)t73HiQB$Q_;IX}&o}G`LsF9CO=gFg?c(KD2@~ssI;sz$QTrRC9+x5Y{wp_kdO;X<0JMTYSI|8zsK=o4Hv!6AfJGNRN;TjbOuTJ zimJxLjWC6`JiRcl;EadGcgIP^G$!Tq-l^+rnVGm4oV6M=A&?30q?h>m)8a<9TC951 zz}Mk7=iUi-Lzk-URm;N793BL8$f;nMdSfGk%t947`okqekQX#knX#FXN7gIYAvesy z#nIC3;*F-n_#0yUmOG?aOwinDKD@Um_XK|gNCE&>|CBaS%}y#3v8PKWdz(f@Qi6_U zxSAKheVtaf6%}L7ljschSH})@mP=ZHwQcbdLbX)py;q`Bu~^U;wIC0YYiwOA`HnQf zCmCmWtH~*CMkf_eTr5WO{8Rkc&y~$fK~Y1}(s6fZOt@*@7QJnbO;%?t@EFT$uVeNR z=NzHEP&5{)HCGhM5>(huT2Ml@33+y>+f?QI!G^aq>-(x)BQ1BCAzW?FlA)tuEPWsK z2A5b_l&O!D*gay}%S~*VWKZu_vWl5zX?K2WCqym$D5AQmNMDq9VxF1YG2Tnr3>n2+ zO1oVi!;!!~dC2noYH*GtM+wnlBmN6)oR;U;2&yl&9X5tYn~9a?spf)%p$`lG?ZtjX z=cTC40v=#?kZgp++u4~MtcEdSCAiw${$2`UmQKXlDfXhsQZ$e`o5@Sp$+1!T3q(%@ z>EDGa)9=V}W3aEyf!_67iBTe}TfN1|(VWz)1{zeQj22qQ(gLP<1 z=^g$-gVdQ#ZRPerD_+ZD0+?{@;9)VKIZXU7BF&U@IAWxJ>9O+c7Y`-^=NoPC=qZzc z$IoNCXu9O+`TB?QG`mN6yq~+K9@jRHwgePUUDgV=oL96-8vktkAmp0u(`@bGIp$y5 z!fj6PI16`;CP`NdkuMX%9P;FzO(`-W$7!SGmHVJmtovMP@wRP0myx{LJw*KjqN(vv zu1{lrxI+=s@`&kR7RRBU?nWf7XNf3ugD4cOQs(P4aWWE;oTigyF%yq>NPkh+=0lC3 z$qv!h`W!Z;p=&fX_Ex)w3dqO-D<=#vZ{zmUntKeGAMrG?Z} z2j=l{Tn*vSB2uw;dLY^RNgRKxj_C_z+{Wv3MpfyXE;$zaP!cH$ccxqR(NKZmciqm&b=?;bvSh9#Gb( z$L4r%UVjaJLS%u`qIY~+KDdw84!ZQ3r3|`TPk65t_}@875BT|PyHE&w_k?`EU7(^q^>+R(`gK*m*7coqa zaoOyMe1oNU&8KA*^s_R%FTgyS5yufaMJioG4PWh!ZWb4orft@lqJ>;9$ts`;S`MY7eU8d_H<@1-+t&^hM9l9FC83fX=Z znw?E%g)>BAvw))RJ}AZF40n>zn!tELuGye5wQ~k=X|r`r`%YX#8fJYzcS9eBL!fH6 zc0q<0ljW#ghG{?d1AOK$(V>G?qhG55#!eD?IzQExlR*E(^8Uoui7%2EtO^Ek}%?kqZYH6(1FjI!-vt#WqxY zvbBs-W*Sw<41E1IpY1iI`!?tY&N_Nb&K_yK){2a3a5kl-Xzkr;r3dZe zRU9f$B`&h#R)kx`=2F#@s@bI#?Yo2GoVbdU6l0?N>IxVTGwclfxhvX&>A-rHgWye#WOuGEIUD53SRN_wTQ^RYzm+lrJ3Ru#R zN7khgOE1zU<^~IkCPej1inrYiTxv!w_>)-=8$45xr6%VMYTXHZ_g)O4AjU1I)%@?a zc$n)I<~i0no92^?Baw?X)i;S@cMsCH1e6qxq^o;Pjyav8G+P(Or7v|B85nJ}P0uq( zuEXuoyp3s!{a;Iuy{$|fZL^h}ZR{6VhN3MS=6&HGiO9s%#ibtY=mD|1zk*{Nv#fYG zf3d{Qm0bITnXY2

    kI(kGtd7%bI9q-EC*@gJFl^X5BF3RKTw~TIG4AY zUaa;GB*biVQoMvF^{+7+8RZ=FmsOCsE zYJ5?%-Hg*4*Gf<3H88nuqIW)t!8J{X04VS+6&B+nmAv8nD6Y-9d2?m zhlbCJ_1#O;c$UW(L_wijU7p%G!oRQoI9^i*sc5A4;ns_HA4%<(Wi7kt;SU$l>VETq z8B6lSqFU2l`kXpLP1k29q!$WlWJ!C{zaOD)g@@Zbv+J9Uv*O|iR!{&;q8OgZkU>n% zTNS8`fP5p0>xJ+ zGKfkBF%1R%6EM19c0A!MxKdUB2wz6ppzrrj^_sWSJH~|;U~sHok%u_-Gw01_y&BKp2n*LnsWb!k8mm~r;n*^qGMw} z)>*!&)aM&U+o<(9$%=P@v7S;8E{&9;!vApJ;atC5MEYz$JG>45?s(?HxZwewmqje#5cc zINK+HEnNuw_bci4D_*wtI4Zj-r8Hnxkk&w0R%Kn55gm{#%`Ppk9dggsSvs|FFMFZf zPcEO<<7ae3=8oS|`VyV}hPru{-wdzLB?6tpB@kT_B#c*92%=kiu!Jhj?QX@X{X)Ge)mP{3We1iLCoGL zr)$sKiIJeMDVyDj0}{8EOJ{MTBvvwAZF4`&-_nt-adb#?3O_sz>k8}-yh|o5=lrTY$Uu@TvhtPI6!q|FVdHf zhgcM{sw@$wPvL%EXA=3wogb)NYi(K03c(VEdTP^4jD)5^ca{<40JI$AZ>^o1dwdtF ztKEhRtvm_n0}(XeK3qlUJUli>p(vT%aM#L9);A=BZLoCtOY)&Uhs}XVP##qA^JQYp z1(ItgD%cOUtQa>XxC3k@XbrFr>U1xiYB*9x7pB+HU{_#mQ(qdoiL1PpaL!zM!}=q1 z`lFr1Scjn8z03p4G1Zzv>f*`-%FT?M5F9;6%VB>wqGcg9eh9ry07`YlDzC{3m{chD z;E>x7`x82I*J?5Nf&o2y`yXltNAz^>XJ7LJ8u8q7B*rZ?Z)FeBQj(eO&fU-Dzo*}D zkUYk+Bb^(02I2HCu$i&IY@7^tB^4p^Y^HGHs-pR0>jl|qxDz#GZ-$bMKv68ut#DS{ zT87%`Kr>3XQbs<4!``PV;*o=jw7IEvVNG}^(o&Yoj#Qo^t6UFp_kiGra$)13gq>b) zOd1&pDV>>5TC$h_ShZ$Sa+txIa(|68T>OF0Wiq0GiXp@()g8d(ef*4#qc7!o-0Ags z0A&g{X(o_y$m7Ws$^@5o2GOHd`teVCXv9;KF%sLKGLm!598v)*Z@%bmaGA`f8HN=YO|A!yP`}AP_|o8^h#}W zDGv`*ajC^O=357KtrBl8FJ_Sh%Scv;QmZRV3VheVJkWrm%$zj*%rJ}zG{B>K1Uu^c z<(>JsnBlyy0JB30Cy=qYiriZQ;@BJTkeiqH9FVqn zzb9vZ1W{=9F10>`?P>Uhec@cHaKQl0VBGFqwFAn1L~JIaJ3b9Z2pmP)T)whn#Y{#1 zf3Q~{ekJ0@DnzN z1!46toN>jCV^TEs;FRg;$$7w6eS~NN=WsSi^mDGa{V48lRm!~}uYpR!h0?<0Hmn^<3u92w&w0Kvx z?%Ave#S)vRw)sW{U_;97dYZQ$WUvA3TXPNZQwohdgD{)n3W0a>Rs9GsY(rTG6Dyr` z*+;Z|n2gVh3uQf1Z@8I7!|wTfWgakinMB5AWm1JDpNCgi9s#OwGqz$2=LO0P*ZPH) zg4kMj|J2d;kcqS>FVm)%Jr)T&IX;8re)&g-(S?>F%(`)2u(d^7RlV+e8&MX_dP}5@ z{f;Ash#wMv;$;am_seVT?YKD0$O{|HNK-tE`%BzR^ZB47^|khpLmOV4Yo)a^dVXG= zgTv%}r;fscjGb?lelT?7Wi$@PKgN#LesLFydF_3wy4mv$-7`4~eP;66OV$FbWZI+c zem>W4tp^wDMU*hAJX?5R2>Nq=NXEv(c`0w$;ekNm35uhyx!*GL=~PS zYsB$XAy0-aBt@H@yx^D|&AYndaaN?chw)gFwlX@s(ZB(#f{e~1jEH1RA*hFMJ zaI(5;a7t8nhyR%?j@Gah7mFj7M09o~q$TU^N`#d|(!;f2_WJzNX!@E4@@3dZi*_3tj|MU8jsjMp`S1(PWYnkj z^}$-LBlx~D>Xc4Xk6qVq?Bp=|5Jt3f-xTiR`-!JKqe_2u#x(L}I7I;SRe|p>7B*}u zWQd-)8>#QLl$C48OPdE@U0CwI6;8txub8shVx*34oPYVEMq1g{jFf>&TV*gRuni~iq5(^3%`cxVu(^N7zmel_?Kpz^ENdu*Q%Y+ePrBL@!O?k>KF zzE{Hsm~z8yxT*F7*!{WO6F^u1vhwgJ5M(1T!9M|>|7!onf8uxv)8lf${a4lm)L+=? zP0pa4?mu#^YShRv7N@lxK+>`U(dtOHEqex$m(;zUKwVw_R&Ie2fSdLwPMN2q>=MOz z3iryneaGJ@ImB4!+q!3VTXE+FGj*LO=JcH`kZ^v#=izlNCV`OGj>FD+^!BKRvS&OX zt1mjzGps2!JWfnz#d{EO7zNE__CSHI*V}+=DU8WkZjx%?<`C7Jp6Daxc!j|>4bLZVCx^k2FYr5%{5ha>j3u$5}Ot^s{NM@vh?H-?gh{@yB#4^kArxSE+Q2SE+6k zMMS%@I_xq9`#cx?c%N>Gi~6#VKz^pn4NgP96}K42dP~7=Nq6xPZNawiLSJg)1w!H| zdAfs6I}HQYfg-GsmaabU2x!8^A5Ia`hS<7k!a_SCC%pJUOgXDP!_ctRxndCq+`ZaQ z$f}?>skT9vDeOSqfeDe)o`YJ$%1uB7u)htukVmMBex8KOCkI(O1^a+r+>5n&TeTl< z8Xn~^87>a={H7>|#7zW;I1QaK6fUmF7O0dI`ue=*N_O;`C)vIwtbp1Ry+#S1k~fGb zxI{opRGPLIbX%GEC$9ai=Y~cTf`)8YO7_t6GkUZs;|$`&uDmCyy|1#qfZ5tUgD~<- zw4{+$XPRN#onYM*o=7>U`_l^8=1A_rM-5L3cVUDm2KM99r5Ny-M+Yu}$K!l0S~yum z2uA{5c!O|@)UU}ZTR}YWjk)Wn(29xMlx`6e{Uo&5;>G4l0rF_G5cBERRMbZZcfhsd zmzXe;*bKV>N@iG)?LL=1jLbt5@OWu4FvZuUTqklvoC>qKk720vJ+JI$yc2{Z+u3{@% z@aZ*vxmaW!&T*qyqU%mCM^oDCtQeEk5k2`OCNaK8Kieo~d`eZtTXfQ-Z%1gnc+$1# zt3Re|5izPwlM0VgV-EkSlv(u#!dmNbxS~V8c9^VFo?!kmyvreo`UlOpw^KsR*P~@P zGAXeyaOxD7tr{znIB>Hp&)nv1&h8{ONs58E?U}ES`~0bz!Rh2B23=a&gy&)b>wSz5 zKI2w>T*bTG&S@8^%|Bc;9mp${ApfXelwNB^tHVMnIWm6r-ra=R_}hhW5oI{DJxf*t z#oe-V@g6mAgWlLD$iOcL7<3w}d#sNKY8QJO70WHcANk1X|G<;k6Zy#J?IT1ZpfkJM zVGe(8u~ZotDx4CA=es-im6g64k!q^)FpXl9t^)|_pT3>AKT3Urj2%B|!I+n>Ck>V4 z>%cs{xLYwQdi4m1>pyiZ_+O>}y!%6H#(x(q`By*xw+Q&mr3s3Qyz^Y{yaDfitEcCOJjKol;0>$lz{ z@PYe3zkNSw+qMtDPefm=rQWn#q^tPYoW#c=yCxN_Nbq)zj3w+B$=`Q*ZS^L*I+r^e zceF4kEG8$__#v+tTQtes35j_HG|4pb;_qH2EB}U2mR|%v3uJl3mu|>xf!o%(RR15V<|ny|F`S<{TfrT)jpfJIV4sNu!N&v z$K>5Api?zrE@nR#cM6@6{e5^yQi=Bczx=>=Hn!ZTdS&ZHVJ6YYPrH|#1*fhTyBIx- z>K%2$Cmdr$w&j7?KR4np`0#IIW%2J4xtnAMtU?=5%=u-+jLj-?|8fy#3}X&BWVM-y zpCWyGHaj`)|8T9!z4yQh$ajeXD-2HrdaMh2F5;tLf*@oJ`|E7*1Y8~1_WuD&v;AQ_ zUU!21j!Rjh2jOUMdNK?*Xv66}h>ZP(ag-h?pAzeMS>Xh_5k@+|`};HW{QKD2$OAWh z22r&S0T6Fph(GT7ug-uE)|5MIn?rxUoTb{|emLy+ap@fi#A`%`a0~d+)3Sh-L-MOL z=2yqG#i=>j-!900>aRQcx6KV5`wWGZ!TRIoiV)jOfN}WO8tWhG+T_VQn*b z-q%SCPgd?@_hI#+zYRA!$dKdE)hD*2V7DVt@aT$zlZt-kaV*8<0C7SyO)0E5{4Y?u z%I`1K5!Ta{wcxvhrha{QLQ)0vw|RdXZmd%|9}%C1#hyX9{)Gc?Mg7k88Q>JZN6Q`* z#{V{QY>ynrFyK_9#^2c2WUQ~?t_@9p-KB5H-988G$=4de{0%Ly%@`I8(>y`eF2Htq5^(^jS^3p;wsHSo2?OB$7a@Xw z>N8M}D`;)K?eJc0=`L2e^LP#S97K4}AlM>sEr-gT|9@Q!*_WC>hLhLZINLI!?K|6J zoyTw&PKmAs)u8;-q=pS6S-h;)QJA!52hEXB8i*0Z6b3dO4_h0;f@cMwHrR}vctC8R zK!8ji1TbZNp#Sfq|93b357`@@U!*C=-qmA)3$WB_R=#yuTZo-vWjUQZDh*#poQ?c{ DP8F%K literal 0 HcmV?d00001 diff --git a/UMS/images/option2.jpg b/UMS/images/option2.jpg new file mode 100644 index 0000000000000000000000000000000000000000..fb82f36a22d667f89bd64d60f50e4c2ca23bf7b1 GIT binary patch literal 48338 zcmeFZ1yo$wwl-P>4G&GRZI5M%+m@0?Y)?!7yt?i3ZMh|1w5?+XhmI2 zjQ{{?X#h0<06>7e#{_r=IYNXKTu1?k+Zh^K*_&890G{RnA^><;SU6Z1csN)%1bBD^ z#Ft2j&z~b=prRqa#KyqI!N$PG!Xu=7gGWG4fQ3y$PeM-hmWGxFmzaTtfts0;nuhvk zB~b7P2#C)S(UFkQsqwM#ssH1jr#8S#1gJ1*DQGAXz_XW7&@Z8$x&TA~02C|)+fR6Z z|ABf24Fd}YkMJB3333Av4e$&K8u}RwG%PF(4CHQ4$ol}8m$0wiFbToEmeYkNu|;S0 zjmbhF6|QW@kRLrJW6`todya^Sg^hztPC-famYS7~or9B$TjZUnn7D-Gdj&-$WffI5 zb$tUvBV!X&GkXU|CubK|H~-H8fkD9`p|Npa;u8|TCM9R*l>R}+dI2^C#PrU7nfJpH@81=K>?uu2J1Iu|Agx$ z1lKbd7-$&ypSYl&IYSEcOBmQUOmMG+4Gna}>L)Qtr5GqxTl?{3Qm zE`6%GNx8q!k7%?FfBCSkmF8*<&S=bjFn$8eIZpe3Hr8f}ZJ0h~?2-hhm<&7t0=mn+ zM-tMW0A3qUfVG`}zOauZbNuivZ^ctw5frOmuzOkL6x2pX49dxT(>JjszbKMO|yEU)|rBE?*tVKGOg3tp08p+9gV6eChV= zgUjK%)^Nu=y_^Xj$p;$eE&%@l?&Z1wZ(jK`@-RRg;RW|6N(T za#h+|2qbx74(~_FBl1H9=bT5fXI%xCQ#N z2yGp7ga4xi|74K1wH5GJ@ND?bKD=$eIhy=1j^Z!L6lttdXq@quNa!B$SJyos^SuJI~Hq-L% z0;!;>xwd?GsUE=mVQF@~@;*ZE_}WD5G)lvZB7LePEsm}A-zYVw;F@~r?8Ep41A>&T z>x+YLs3hBFy-|LyybQ+~<8jHM%WYRv(Myu$yP(S8gN?edgVRp%a9+E01Iu^&U4?^V zr{=_bxidY6`hPL`Ut~T7o9N3cUZ5e$SC&>!F1Xv^^1UiO$efY$p1OP5zwBF-RG36X zlX-Em0&g*I#i55~Ulcs&c8>j6@vKg{`5XH+I!|fue-j(^mY+K2ru?nZZ-HSN-87bB z^d&6eD=VplJX4~k`1F`&C!q%1li3IJ|CL}U{;62u{|%j=3G09J({GK`|4<{)tRXl- zKIy@y?`>01wIE!@o%u$HwAOqp`Ie!*^_1L{=wdIUziAL0K>abyuQuNZGk2RJcc_6X zyGh|YB2~7}e^gGFBLtj9Z%3X0HTx6ALDw;>(z0Fq-<|-5CDNDn3`tx3%grF7+vjD2 z=sC#m3@HuEH*|x;;wfUb9^s}AStHcf2(~^N&w}P=Qs&>y$^=dGF;D?Md-~ z)YQ}q^ZM;>zv^mH8 zAl-rm9xbgAq-?aVUKrnutsPW_zT!{EMIO>m0N%saAJ;jL7_uR)+i9SOCjbVcsszp3 z%e@AkNbNb9`_`!*$pV+^j+}RstK(&sqd#cpI45ZhB&95gpObMd_pN{9GhWi zH5)Ted`ppHM8Y0swP|3Pi;r*P+J0cewO0QGxK`q)cmkw5EnnTs{Q+NqEJA#9{#r8+ z#*q3G0Dj9%{d!q4*u`s0%$j-b^2j_G<2e&;DaClI&bkXPZdmst#n=yC9(&{5JzS44 zTN^SHy7PJ+`(bA+x|(!28LlFtzk(&Hi$3w?@=WVUdcSV|%UVI%^zT5Udv_F`aNM8O zLi!JDjr>57o6(@k!uyhccUx5H$43W3aQyGjAHsA{rp17oo6beY0)(1n}>I8A4pY39f@EvQ1-84O}CJu_?I@{Ff$Mz3vN7Y-FJU#zBXRNIe%cs zUI#5(BatP2b!2YzrofQ;o%S&NOM_A^wk@q&lZpaV8w<|aEIgDlO)Rr_aVDwv zgGzVVZk)&0)YI=BEBqSTcVv+_k~;C8xP|wQa@K3<31B=A>brBdnBN6`qmKHAqG_;& z1Ck5nJW5R8DmJe_i=H|(x;E!eaO%K4 z3p&fZWD|%_Rl=Bi0{kvJ{GL*|iz1?7|CxzLWm`oR^FQRZ-{o!bsRD0q)c>^$lKTHA z`SQeCS-yEy6LotbyQ!`42WMS80Z>$jzPVV-Ry80}_`!-J+A+hIy1K@jIljSo{z;+w zxr}X`omf1&oc5cY0CYJ)*#D#$?1v9*Sdw`j1?{R&#*{nwKf*px@7_zu&-9-W-5uVH zZV6n?pOp!8skk+zbB?lFawvLo&z(+fX#|C0FNti{XgDP*1Ma)*5ZZZ-VLoacIxB%r zFdk|f>HK!a2h6RlYLBbl>k4*n(FR1Gy1fy^!ro5aZD8Sne0hBWv@E9)>OTQITe(*p zJnfZF628TV6i8x4ZQr3c$ql!d1&O!Y)Ddr>*g$Q?e^M>ln!bKLIQ;i2l;p#uW!F6_ z1#poC)B0FUYssia+Z%UCWBjEfTB+kzFBZadC&!&NAor-qi+GlCB< znAZ<#3yo^Up5u#^Cxs7_5hp&r$fReK97f9Iqa5`90ooS-+kdGGGaqvA(tgug@i-bM zY{@(}n@(er{iW$N%VaAO7WbsfR>A9!I7 z)g$^vUOB(O`H=1N|IJfcDbgE8kHafe@5_jf6Kw9%6yF!kl0UO6uLQ7Y4w4GW3MCLL z&9+XoKSD-kzDL*u^G}|*%iU?(4%z4LGD+rkGj)`I9j0*PWa*P*2e#M*{e#&`O?De;xIEzpLt4C&_)D>o{tD7@w&Z@K4RzL4b zckQUvBJKOw169H7w$7TETpo6whSkNvLXk(1*Ahq94O}Xq4IkAk;QUC}r!3EPljxTp zmnz?YL>Tiswl(qH%BpkB8;Dyc$tG4OOOD7B;QTnJa7ZHz2(>2{(EU1*2i@!yd3j19 zp%V6Pa;;{<(C=YAcJFOK>}(J8g-K{@Mm)^RMzWO+yM~hS0<57|^Pe>EFEHmavBp_2i;pkNB_vi>ReeADHa>fX+5f-WW zW*d2D(tt!Th&$9gTowJ8+;QIa2*7TZe*qi27^Bc^$&eu(5kt(mFv8fPc>kzqZ)wDTV zT3g5YiA_g5$&?$s(qN)#!BU#LiT4Ch$v#THds&zCJT4;=-zqIG9q^Jq-4 z2ZCzGCtWV6|IYxu4~sj z`__==T^#1Aw%vh&3kzDjW!J-cOaULic4ShLQbwAXXwy#4ok=FD)<+zCOTLn-a||W{ zcAOM~i_Z`p`T z?w+8WVvB;gw(r6XtQw=wDViCaB7CPu<*)fxG{P^aKm3_m3hyyzN8N8N6|+Vh3rGc$@{%sPCb8c$_q~BF$B=()qYXkEXW#d_ zrYXn$AFpY-i+62I5u?Q|D!NJf!7oXZq@H!l9Ovj$BFfmg(EA)Z9Lf`@NY_r#(&K7q z6eOq`bkc9=M%&nk!#At_Eo|A2uO21Kg9Hw6te*hc-404pI)BW_zNo+J6nv8t{P(BW z4bvehGSTz%UZ)<0VN7$aYv%OxVCO!nJNc5B?X)Ch{?xH{_7v-aJ*g7$1_c@n`jjfZ z<`?!65j|G6=`5evLb{dZ6~ga!=N5;#CgP8hcA54r$GXZul|G%M%m8oN@z$EdC&2b4 z!`-a_xM>YfZF_N}>j%&oAH}bX0O=#4nC1KxWUk~PqddRVL7cgi+)-w;Xv`B;FmmTZ zZYO6n%5#+=N6dFA*peFu7@IBl6%(`wFs@$lulPcsy(EegDTx&>9(r4G#`I(fF1of(w z9Oc#86WUkQe8~GkD4gmW7x^uAy~B-eILT1QqAAQB?u7}Rp$jgwA9Fd5GXCpy*AceK zhtTCQ*}DVp03tomdEDb2(W*GB@ZkE=cDE!c87_O|$=f%$(s~~Un?s0-2mSSS+=J{f7+xok}9U($F>3jC;iMECr)a{OLeTlFX( z500YdzUJ}8*nL8e=Z>^C{lbUHdddi@0LGc#HsTG$O1|k(R zCM?ukdX{Ca1PjYO$a6mJDSR4&8C}q%F74D<9D23@3quv7uT!Oi@6mSBBSTYqhtZmw zaRt!^BLA<9N16mA_3iP$8U;#a+1p!^e0Xz;Q(9&SIwO5tzp-eXo~?qDEiA5ela2_u zSX@l23pMWubV9b7$I?4VMW%udSAGKg!_?nsu_vzPA`oc5rAV}kozakb)pbY)xzX&) zeAl2P`5U^;e1(W2rnpdG{tmZSqPMfNE_!sI>zf1vtXJ5xGn-$>VdzM+5Bx?F64(CR~`J$ZhXNLa&{}bqtVO0hAyPzk4 zFk4iyi}#1Ar6p%?SCjF>*=Ny$K8nLY`!6*F)%f&azd1%<-y+PPOZv^9 z_0ejnu`VJaTI{zSQbaZF1^S0ZN5*N}ZBWjVq?nv-Jpv3CA6s6H!A5N6R%$MEdp`HG zcXVex8jbPuT^yj=&W_pFvi>vr-_Z_xo|`{sprubo9?GYoE4H>?4Ad$G+t|Tz4arp= zdxd;kB%5L%>#FP>>#?HGV?U`Ri;c!So!E%$2!Ca(<@{%rLd55E433dhEDZwjPYZ%4cE)6hE#3Hw=g=#Tdm!GX`V!HWtjFYDkDBTyz7EAeZiru z@mEz*{Ud6)vN4T`o&X5iArDEGdOGz?>il=c9OFr)!|bc%%gu0{Z8}VIxrrTatheuX z$2BC$Xt)!VAH`Scku4Hqw4Zcn~x!gJFwOX_#AL%cl?<0SD4sT(V=r`g8; zB!HNaSfUc!)se5N7WxdfhcgbD=fjdjn_@Qz4guD5Da5bdpNh%yPWG`9@JqWoW>71( zs&*Mkl#zu?)@9#UCLnilNIZVRqH?@#)1 zIxI|P8HHeFiT!w#dOaw!+x1`MI(=#gJpNQ@nwC}uZFNR4VC6L8M9GWd_m_mWOd?RdM(exp=%(b1&IN5Oe^EuDRi=NDZ{OsMBfalgoH5!a| zjQv9Jd@` z=$`6Y9qFUnyOLKQB2hNE@bN>nL^^OO3Jav&T}_7Ay37gMq(Vrg0yGa_Wml*H7Q_cp z@l`bboa)yyDWKP*M*rflvlnOUIgBjyFW4wF;relp!89+|I1q0 z=%CpxGH%u@I3^i54&P|;x|01*@J0Q&N84`DS8}!);Kq!94JI1bRhtXS5vo0%UD3uG zLvh@0+#cKjQEY${`ri0I;`z5$u%SMd9&G4{DR8oidgoWw@@wl@OZSDm#;m^WBb+&R ztTYC?q$s*F`F}i4rP%U_3ND?L`mu6v+GEQ?sxW!J_-aCPpF5x|!)h2!%9*<>Aeaof z5}KEgufSh*oIbZ!%2I61xG{Lds&cr*C|sZ3hbYMvKavXr>@wW{$UtO@+g>+CcfNCA z47?MIGfK467#u7eGw;);#P8mV zn@u&G5QgX%3gv6>b9**lfR`zzG;$>k7i=0orlzLDaVM{2(HRo?0GU<~rDUqdrq;%e zhVkASxr;Me5>Y=p3W)Y4hQarfWfT4(lyt{kp^rcwW^5m-MZhmm`Mr8PoPx zq5&O%Z2CK-8vKGSA3px|PooDvV*7t6SNiR4NW?z3lG93iTnnHiOYbZ!$UfosWxHo* z+)uVhwBPOnN!1O;>O?!0+1V%s5iRn^`>!q%9C}f@q~E%$Nw`a4>og^^BnjvIK-{qJ z)tdPcep#lz+<66=nSw9X3zA6Zlk^Z~z-6l?v4{{Sk!Q-d5F}V$ga!iKlzM_4G^Ew( z=zpkG_MV$~)wy?)fe?pkZ{I0^(PNRg@Cs3E{&G33Ep)59Z z=vg_=w?v#TlALkDPeJ?lD# zb0tIE-Z(idyr7;Ku1#(}0oEBtOMHjSr8G6#MFiLe^m45{vVqo8-U1om_u1Kt zTilDEuSSUR8=1^NjntR13)Gm^wxSx=jswx}VAo3L7E}k21VvK{X$iy!>U$$R$1z>Cj<37BUTXELGBFe-IQ-;73A#R!x*6qSq!WSk6whw^M0!-LZ{Y!igp$ zR%okXK6aUeD7K-myXKG+uIzhCcZXg?D>xE2hL=FK9G#`oyBp(_5xqBAUiI)IltnRP zG^@qMpE{~CEh|RPCWw3`&)%!m;A$9V%tlzAxvX)G*9PhLx72{fazU||bo{eq>BwyZ zTL@ZswkkRjGeZ-;F@glz)hFKs8>nsLfC4OOmV2uo929B24-^5{o^!{M#%0GP|t zdAvJ5`F@@u<|Cv5H9P(EB_R@i6clU&LLs66*TB-%GuxHrSD$vpyKwU+4~N1}A6mL~ zVy&wO!#~)R$W`)S!Nd<(0*oG{wp;5aK0g+Dt}CZ^Tqj#Q}Dn)U4Czt`7Re-9Oe^s_~<2U`jXI;56Fq z6Tl<^TYZsZK?p~AVIDlzu7RWP9||~^^7IyK99Q`WoGdY}GKG<{C+KH29Dqf{#y6;h zCa@DM>I7?JvomW)z1*c3dkZ74iL}#HW5 zgr1b`+)6ERt5;I&6Oc|}p_P5%yO{Sb`m4K; z^GD#YSqphxP}j>HZp`%L$ZtA#A3DsVNbp>$Yp`s}oS9Gw5L0V-lo09*cysXC2z z+trK^XSdDnh|Q(MV%1KoaWxITfqChd(LSSKqyt0iCMc*t6lP|hT?;lzEnR<&z!w}J zlNR-Bv81RnO!`bBF}~`Y#mjT`f}h8FTE7R@HrCZo9IX2FbveuT*@RXwfie0x70wvo z3B*h7)DO=={BMq1L-fWjMDkS^v_v^>kpp$AL;~V^0ev8w9%@t%eVA1tz3I#3hoi#$ z{ad}EHP)8O^rf~wURcYVS*9TK1Ys3ZC{@21ojSctg2=oRypB1gqd05Fl39yMks1yp zN31WwMLq6Jx&h>fek=)VKn4%#%w5n&4KwbgG*erftkqEWy3tK}8_1BO5HGSyMh|_J zMu*!aFn7VCVzQj~s%o4}jXY#E{?%$}qC>D|v_v~87w4`rvqKWEsd2H1Tg1a~z0J6K z6Rt;G-U2FO556U_eB~i^zp`+a(1=JfJ-l7Kf7SSGWAImf>j=fdaig;~zCwo#B>zE?KTC4rK zw%Q#W<@Wq@IKjKmcDB>0F(Yn$W4v6B`p4t#Q^zLb8jC_}*j82~Qu0yQXA7+1fL=TV z*r?+>IU7FePiQ+8=Ff9Sif6Lpf5=t&vX z3z2eu>=xc8J2d3n4}@=abu15}OdeN+tS1dFYf``mao3EyVsbmk!nT<<^=@gzLBp2^>nyt%w2DT6VGOO>73mGp{r{&+hVmRQSreyU)YaQjai|_miKP0zSK{$ zA!)qXtVya%)4xIY89IB}MqAGZLRF7&d>}ZVaYUaiQ3pHCV|=d{K@UpDsP^+x-rez} zi8yKQZqDdNh11ejm3GHxzxCHc(&y>&wt@bPqaP0WvPL%|0}NvKcP-4SwHkqJ2fE$we3xVK+(wYZxiP)j;4$XJQLjzJca^&bCH%LK9H6V~m6DYg__`+Zh>E)G}%)-XYbOcUTD2RMggn?DDr`zh|S-?pXNkgkC8|h75DP7d(#aR^?7Rh?6{s~IW$XB z=HF0(EUYA~b(p7O!)-*-afHXrf^$%rD0_6?;u+FmazVRdOzR$LE zVYmHIEk9xDpea+^4J$W2W!qq&b$+=dtc#~gKQ{k(Lg^dn1j@7HjtV4c8hw`#ZSGd$ zmKb6|+4MM3sTy8TirYsSTbZRe$JiZhY|88ReD_|kYUcjK@nb1@-o})0|K6CSrKPqv zwYW*B6~c4Cq4n2rWIGdR6_IJ<)@k4($qlJg1pO*+H5##`H8osBq^xF;!u;Fx>(c)9 z8YPx{trO`k*Ox;2`exgeaaUC@FAyO;BTvKw6F|Y{M$tB4;>)!3{*Sq)l66#t*S=}g z?+@pt<}OWv-mIl(^eJ+&7J;G&Gw`h6yBs+4U1ihbNrVA6^=voN$SI8A^*mZWEK%1* zsvGTTZ-(A;0tqqh#%R`g#Gp7+{eV8OY#wpL$0OcN3Pz-eWe4|Lm3Wt^uH>uF%ZlIg zqXzx`&7-jE@BZ>>BVP%MF8pDPf-MYsPiW!t@5lZ{9mEdGdJ0U!A+4 zGHqU#<4*!*wI7>X3D_rYZj&}SM`pos)}V_A)l2y6q*aLx151h6T>skV2=^Ul3Ns!; z$5VOU7-`>flC~@>gF?PD9Waa0gj8I!*^J;!Tu_aEkZuypjgPw)q%7Exm6df%UtXCN ztuh4)EYa3CATY8!&Df?sczV`9pw8%!;<<}0d+*}Qm45{}OKaSo@yXOc;`(F8`vIl7 zEHN24E-to0_}kC7DiNe}B0Jfketv(ph3DU0D_VMMnIgpJh6q&S-X#|Dk7|CP&Mv2U ze!w%}eZ;XTp6~=%u^jk}7va8p$AG`84V#VePG7Vy7 z1>xOPx7D&Gb-zgB6&N~N1j1***X2ahOXgq8jC^R)C^mI;juC>gax`!JyrKUkR!reK zl1Bd*NUDt~6OWGQ92J^UtWH-<1LTbdNv{OK>}{Mn-1ulV?k^z*&$Nsu%2mZqtslO{ z|GF@B)(0Jqf4n1tk`{bk63mN{KffT(YQG<_ZnH-=&7dU-&s+Rn1XT}#Z%_Ik;866< ze@|hh^H0bNOZjIIGc8@MAHeqoztEygzjYyyh6gdq!47t){BQK>?-9PPp7?>gx22^; zrURv6seZJ`iM>i1qv!>lZ1uYj3^ZtmVMalBnoN(;)UH|mps3fejl@;fgC~IM*81!E z3IE1>_b>MR^kAf5J@6O*E|PVBh|2fXrsOFE~xcREbAxmEJ5eLf(HBF zZHwEwD6nDj;6m~+shn0`^>A~cQ?C!?(#FX((<}t$EKdKML)xTf$Qu%-c)l*J0ZM75 zh#9ag4r#f=SJwG#%zg=+|F=k2au_0+7q7x}v#b`fBG`E8*Y(zkc4pXyxyQF{hml6$ zPrP1eHb?NSQU8)od9sYIX=alt!4SE(eVUV$nAsmP2*f7!C!hI0$_{^`6yY9;+Hv*W zlG1QXXPar3)JkTFwr5=#hR_5601B-7f0OW8kIv`auRV(QIgj**outuhZ(d4Qjg>mg zgu8i$D;KzxFu}r~Vzgc7tdU0r(GMkyl5ft1H;^7Gp2M7t)KW7b-@mV%{vnz+NT+M_ z1la2wXvV*_YTG_8;jfgInzi4bzx_VH2gLU*ryRMR_*JEUS90gs^rKtU-QJfE*sBJ8 zmuAaxgZ*2}f6K8oy4V4bndr@*S#&?Y@(B=y;Jtv6CNcYhCvH>}BSuIR{Ug+WQq*v- zBm`DIjRE&bwRhp~k#3d7ucPxSJNB?1WxJ#?dkzxHtZ2(J4jC|wqIAPHl@IcrNn7Ca z?B@i+@5OC1udOvF;-oN>hq{!@Ev=FLB*K%Bi0!UPZE&QUpsylXwBo@bmiB8jbVlM| zG}T0CnTld6N&=(|^to=}xCr+7QDJwd9tlRz4U%`}P0l)bk+qzw#pb^-&HJ%T15~8b z28UJNpAgn(?(n~zVoTX^3 zEJ)@{*(K_WHdaL9=;NF&e2_VA+rS`>$bH#MYS@IKOKNs9WbaHDShl4R2IqL1AdiOg z((fkJOVH~Pip+QXwZ^sS*pv&y#iEM5WNGq@XWkm2dPOH1X@m#|^p;JReYllHG2{2` zlx}_s|MmtkAhW5wra2a-T&G!OZx}+VkF#W5td}7dBKukAMRDO;g!qTnY1Rj?bt&fE zOF8XMmzRfGRGZT%ND@NGX+m7RE6!6X9kmK3ZZcoS77$pIEc1N*>9-is6l}o=JYqKR zwbXPP?G0Adj)j`ql6H73-cH+=c@`J2gJR_Led+I77=kAwk z9XqeJx;e*=Xi*m(4VeZdb+06JZ2Pd+8Z%J5drR}Yr@si?0!qrSg-XBGwboCtS;{=F zJpp7rxz&ta0%ub0ieici@y{afw@M;}&%`77xJNqGo6j*TbLAGq=`z&-A6d=@^Uvgj z8y1kGUJsNrbjhMZ%O6g}t zC@(i&_CAV?Y>0gq##MNwn@Y897VS;Fd*tx#ghthjd_f)aczUbf%Z;9 zZblekVZi{h4h!UJov%vgr)~zi{XA8i6-pAjqP$yaE$rGq;|Q12!!ragp5SrQ9nT^3gz9I%PKGGScPLm6fvf zxO?GhHdK6bqyjUiWD9e$21!*d7173etT< z)73Gbbue~;`}LbIx**t(0BCGPbkz5e>m9bWrOpMWbG12n&6l0d7&&6{MshXm1lT#2 zZRCh?z6(ZSjNjYFt?xw&JYzIyUJ;fgn7TiG@*U6{_vv7ep#7( zIcQzWiokAc>yf9}{Zn-fBd-Phy7I!yrthx9UON3=`U&5>J46d1>qFB@A!~#886G9R z)j+2;pLhqajeAHIYkW(ftwEY4VdRx(O=QYcwoY+*Sv$qasUxc!X?S8Baa0oplFVC} zlc1%89ZblPsc&$CmGUKviB7lyth5~Q>vvlTe5R%Re$mXf(V*(sXPCV4L+hj_6vHo7 zM~7-Z16;JH{j7RILr!UujYrB;9yaiDX-=X;7RX!C^@TRy1aL@d#>Uc9RvZf)G`Gc_*KOHX(Kr7L2$2A8nqJNR%9 zH(WlatHm9PTnQe3vO)k@E~cB0?x$BDe^z&dZ0|STyG<+gU%>PK)O)7eiBNh4Wb<3>LE@ zUq>j|Rg}dw&jJ5+=PUAj1TFUAfJ$yj9mVAqq?4hjX(_Mj^;1ZT>+0 z2o>H7YT4Cp8m1j1p*1a|9<{Nx=>Y$Ev)XD|+}WfChh<9UXm2T zR-FTaGqQc#VQ68lizMqO5+pu-#mC`VJ)Q9-MJ6$339WYCjvQVZ$T-3dET-Of@c6w- zsirA6xVk{oevtLdt!W?WgS#};dQHeYH%#IRbywC@1V6T!G}ZYWxJrB9#+|kaLk= zl>0HG3Z+iiTvLD7Hp5bn%qlRm-(wfhsWUG`Gol3n#6q!t5c;@Xki`zVVaHwPLv}Q> z5^!&=;iWvtz-1iTnyS1G&VDCT0X{foGKO~AB#_*J<|o26x1XI;3xfqsGO&qN`fVNc zo4ko77kQg1@*p_oyvSTi z9gS*ZS1m2zlgvtj*RQU5RAck!?LEywC0egLE^jG{3(Tb4-CbP^a;5C)CPL?%n&%}D zGZ|3C0MNcZT*H&{GuV(RkS=sNQNVwtxYXvb2bmKEmpaaK8B8S~DIjMOZc~f%qCBpI zu4e^mgd|Xrx*F&Qypxx_h0?xSLxtUWB#SX>iCC|bi{geu>~h2RLtUd5Ky|?rKZZQn z!lXu$q8_1c zZ6+zXsUg(Qap=@?5!)v3S$MB^5M9CAT}-G#X4yUq93lQFuH5digDmx|ANZ?e@t4=L z3g>ell`jqFQ*}J4AAVW9P{b2*VB~EKc{Bwd(JA_`2N-&x(@Aj#Dvu*Uk8T1RRDXY^ z=1EiUA5p9tFQb@s^xpDJ<_q^23ahV&h6Y@9Yvv>c#C*ErC%S<=DkD1Q*MnkoxxtR! z@`nu6`*ZJJxxc?Eh4zd=wh$dMyfROgooy;VNDSazX5qI^Li751W1H&8^|P|9fBKO8 zviAILgX7S}LAnyKM4EM^CaoYdffGL+YFCXrDwL$U;rLWT=<=)MKokX+^Ow`I z@YK&>&V9&Y%Z}d3e}>bIZqHan14+*R3ZLt%8pac#8nSgFJ?aKg;MapnQT##L&?mqw zWQJr!{62u_*8|n;NFz*9?}Kaa?VLy9sK39KDDi11SADN3yr5IICK+3FmZAV#=5X$0 z#`PUgZRr|F{u4r_(4SZTh4%jgJJqbuLp`A3T06*T#U|? z@3PF;qA?2N-eMv!}Jr?lnBKq^vjl%uQkE`iV%CVsaJ0aE$u=^&@5w zr(w1J>Z(8bEI79^xCf0{pg$J{zVO>`I=6gW^Asr6HG8B4ja|@qG9&Rc%PQ1Ge3POf zmtG@Z=^Z>MD2|06>?B(;PKMNu`{`GI|K@n{JjnjcY8FXDXMK`-aZqD8O%~za`-&%k zscMvmANA&6=tbPQSWR`09g{=BqJBba9Vi{{0e(l{Nvxx*m~J~(_UAG4-zAQ}60s=X zs7j2d2}ZpmhL9V;FQ~PyHxRnuoW`zcJF5Xka9?5HK9}4lLRtO zo_9Xy>dD8s_!&*CztR5NL8TIqXZhfeVDQWW3HMrh6vZOACWzHyfq0dTUrvNrUXHTsQbclLr4*NRTn zYUMm0i!|swl5)zN5dUq^tnp-q`K7;5_8mtoU=;Q z<1cer?=-j=;J^z9m}2otwSJ+Wpd<;nMc72c_S%%|KWxwq^~APLc>=eaSRg z%nO*|SUvqE&+2Is0JSW>smc+5C5xiHDRuIwc{Z-5VBVRv<;s+8XM`NU>j6fhi2pRf zR!l!Gt{v)&+_8@w^jhYfH4WahI46M@Y@-+^w)rX{@kc81YnJ{kT^F^GOd5P|;_@!) zHkl6W$4tvqnHvrp&{;XFc?ECB1h!WxEhA|HhHlLXk+BfRa%hL=8oc}^yGH#>UBwt1 zUVJC%An&3jQ$lQwcwl93L-G_my{hLy#a$7%(~h|r>$bA;hp{vc4gGQDeI^ZO|20R`97)#C_1|{Sw%4z1!5hT@sztARCk;Q3s{=si4ln zlH;++xwPqDE7V}`e>KGhPfP_!J|nu;)W(G*b>}C*)u#7#(S8%@x+h+DvB6Sf<+T*_3qcyig{So=!AC>YxyQHXI6GJv% zLl&I6JZ+0t(zaNm+uK$j zF7-R_iC<-3WnYZqad|wpZtsDZj4K`=1$boDDq~H`-9XET2<`FcuB0em-lQLn_cN6Q z6=S|VzCo;Kr|G#sJf3XUec=o$;>l9JIonpF14@`~iRtYZx%p1EnmDt_mpQt$b~irV zFX4%)(ZNS{;AYg0C%~z^hwT$U>!9^K$-HXL6LnJ&D9ye9(U-Jl(%PX`dBLzoLhY-5 z)|tL-0)LSbM`P#zpEoAiIM=AIL%(J->m!KrSDWif1_q<#oW$={j z)OO2~hh;zVZQ@j%)~qCK^I~^+R0IffFJL_Nm_W_5USX<=_;{=EMVFoA+JlvYIP$3E zi)b}~fWsjO9zGw2NSF%R_c(qz(9(nQ#cZwA2wtb5J^5i1eP6*4cTSSLd~4H3RkXav zj~>lU2Sw?K4ONgW{Sm7-tme(n-nEX?tDmsau!ksBzNQ{}6Vo&e1NvCPEJ?&zZv2za zkBjqC_Qqt43qz))Wtc8XNMKJvN5hc`Tv{05+8pn0zNT3M;cHI;jY;~N#{FP6bF@BB zsMWbO+KyCFCvxE4xb!$7Pv0313MkyzY4tL8jOwOs0}}_dGId;iZ8S4-X}>N| zrRi;AEMRq3+nTn$zBQY=K6oQAdH9HUkp_tXMN9sm)9f~vucNEuUWnH+KV$;urg%mw z*+K4XjUUKrPrqgenA7kIg+9yk`@DV>uBhG<#M&4Yl+I8$&h`RJty)ztjn2W6W1zYw znfEA`SCS;;gE1u4L7VEHJ@f4OO|h!Tt*G9*X|GDUCNOy$!=PO!A}yWi zidm^%WjxI+e3;RL!5{xkYxkrV{Gi+Upei%H< z8Vsa?)iC8C&&wXd_tI~mU_tRRmcj7VaiOTc$@Ar-#AV=9yQp_iOG@EP+qzgUpwr=6BCqvN;s+xAOt!zW*iCZkA!|_inTEp?nd?1Vv_wDxy4(=ZGx*D?B4~~ z-`F1AK?1zsr>11u>;zCs-c)=q>yE56FH#+HIi1JDGYXu7B{t#|a)yPr5}?6=slaZ> z=uNp>WLdomC!BJ%+$N-`3q9Qfh|IT>?Y4Xrr&h*-;W$2aH)^*3=?vpp6B|`??t~l* z!&hcv?CB(8LpzPmzTts1HH6;2ZuZfr^bHw8qZjTG_NyDpHoNNdK`wIhnnOV3 zmsr|l(K?lVWL7u=j0N{xc_w1(?U?+pOv)}i`EpW}CrGx;U6kRK1C8$b>iY{qDkJiJ zYt|=ug)-aMq*2x-TU^&cb@N-;63D_8mi5HPw*CjQGQgall*aoUH*@!Nj@`3PfaCPP zb(ZYoHttr7TOynC<=QV{chSNR`n=0Mbo3Fdjl{+G-dG+P&zV0H6 z&t&}8Y59DkCYI${Kg(&Ppf=wxkpG@BDZbZGOkCXI$>PMh5(V*cz&Q8W+^r|Lh8Vqq zjv-d^l^sfV0)2d8Xd=Hmx|9BV+~X4&`y)}^co~o!)Ck!&WJ~kD6b6Qn$iObPaM-B~ zs;vj~Gj?)*vWf}a#Y$stK7fa9L8m^q+(pRbnhk=CiqENSe4f82W~;+@!S?eS3< zN{aqglkJgFf_{UfR)~=^F>*B%*)jKJ<_pBPPLRwX_mjV`DBg7$visWJj{gsP?-|!r zo4pH1K~X^v=^X{6gP`;hLFppWJ18AO?>!>YdsjfB^d9M*(2*uW=)Lz|1B7t4Gv}F^ z=b4$`l>d3pm-l=?Fxk1Y_gz-G*0t7x+RPhjm zWxqEW=#WZn;&1T2+m#t7C#T`buLqzPJ!})FA2iw5{2(e>1-NQP%?@sMkJ9@pr?uzL zls@{ZWad%%0gQV{%Hh)@H-&vQq}53!sj7RjP&(|jU-FMdoAOtAf=m)2Cwp?B&mWoD z2+Fp9n;nq5KRoc5WX~2}Y@s6-m~b=8!`y*AAhzqL6n}?I%(DX>rBBzcNr-w5U(BMU z8mAWq79Gqli&jYnNtXyjw$kK-#XE#AFHr|Iv#Ey$&3|(M<1Hr0M@4P2Cf!H6?26-B zNF!WsjLl@*@wJjYKPbDd#7IrOQ0lD6JBVzWxi$JA_zDCOueniYSXcJrEpNRv=azzp zuVGJ_h)-Fcm+fzATlE_)1kYfE1 ze;^(XyN71D0^NQhU2Cjsb=^)h<~9&!^S%uYGIKb^=q-vBe2g6&xsVSX`A&zDUfC~X z&EeosdGs!uk&rNInnJXRADzQYty!$UMta)#5b2Vq^VSJS9C)1{Q}Ursz?Qs=p@+Pg z=6oda*E4|*E-tw5SQ?1emhC4L$C-a^&2GI6v-2UgG|8+FT?vGxHKyCN}!Za=;6ojhdT=NaLMEdEX~@nXer)~A4awfBeU zk1LRC!|Gpk1OcAcjbXcrU_QjXwOXZMM1?8ou2WWha;6ni@6BoSv6-YF{|CiPQtbP> z!our&=;WM8oNx`&(fCC&i$tcrR4!ivZN3bG+*Ev$r3YuYS#R#FXviEXhU+ zAdw5el0WD6PNGOZ8JR&WaL*JTV0UDNVUuGm>uuBQ;XL|CtG@u=G8=w+Ys>b?O9@Am z%!qxCH&>UmWt1#2RR{}>EV36PIDd} zAP>KnZ*0y=B3o*P2cJ$Ww9e27N5UYkN)fhSAGwnpQYqSN3(+|zU`GaF4K^TtoA2Cj zv?2?{u@jq}A!e~s#xy(eRRva=#ASrik3ifHUU-#7&G#9M!s{t4zXaE_;(wU1naRQ? z8^ujTa)xL=l#Aupn%X1IV@M1ynTHJjvUmS!>xzjVHeuLgqFy#4j~YCGSkR7i z_Ed(F@~@Z$@*0|$D%_V~YbrCpS;eTk~ zvkRtN)O|4Qd}*`;5ozsBgi|r(g+xuA)rdHxofY}$N~N?lGVTvoe7c>>10PSrFdGvMcw4sBWd&ze)_;RA0(M_VQ`4Y(>t>z&+)TCFDRzg0yl zSM@|N9C8U>fr<;eeZ0R;k|4bWBP|-q-7UEs87cJ}CCKSLjIj>d73tn@J=|kPKXmAF zt@V0lvlK0OXsRLP(-#R(oO(v*zDUv-b8A55=|ukH{0tC*Jczy1d|&Le6-u<3=(s*G z)d>~Rmw4b<&m$<*JSAcrDY4QJ^=l89Lkwt<-Vzp^6<&PR&m1$Cc0zD^RXd zmiy{+D3TlnG^w3FcqBQ!v{c^SREOipvBQ`wTNC(N6UONTi&_L=2Fi%ka@`GzL)H))FZu_RN3AYkq*Xphm%KWH}fmppdA>?gtFtT?LH` z<`B*=rJ+)7s!inYFyTU?=Kzb+|px3PfuHsSZ-Nxs`taS z*vCR*o1JNFLG0zDGm)wMq_uDy77=}CpMDs0o_8O7iRW2`!BGHiO&L&rNg+U}&3G8G zCv1pe%eVr4FxLdiHY=e+VT&?o24MvH9J&M)!lOKcTVH`v_QAm6{jj?OUCM;*eR79k z0>uDQ6BbaiXdxGPqo?f(bi}hUi=yEM%1Z*nw>&8T0OuTxl+u0%hVZi?#s_@B292N{ zzXAy?(CvM`>_^APVTibifKYB{0d&q8fmWyc!@&8sy~Xk+aCDxZ^)Oo(%et0RZZJjncRRHLU}fOhA+F>J*M4Yld|_a$GeFwV|pEo zk<=afu(xMgi+<71M2A~c<4}>_Qlfn1Ia_fynF)!z=R>{!dT}?ND&C*%)FG)yPEJl3 z>TcNUD2Qd^f)a1v{-OL#ar4J5>Ts+ycA_@QCFPCe#1!+)^_cbVyLNa`6D8iqId?Gj z*CofPYK(3(-jgA5R1Nn?E%%}>-*~$*>})LMB(pGJSvdjm8JTfq{llXCaUXl~&BPFU zZoS?RW=cQ={D_U!n@PE~Kv)xeuLnqp=}nRT`O1wj^xzI#9`fROQ$KFFVn?hFbE(&? zVwJ|QbM4N*v8-Aba;N4Q|8HOZ6S4OH1jD}+wZ9V#qvE)b^NxZ=k!n6go%0hWao0$QcM=V{j97&;N5 zDX&?94*PIM(;uxh3lUD?e^lR4*z`_ zh?4G0Z=Zg;cO6P-K&AI-#3?xEmSj+!*DL~kxBqJoF%SML1&A+V$q3L|oNrImf_G+$ zs=Ly3C)YLTe_9tEUvsG{si&px=kecir*HFl9iEFT|!#26@wtqIcRSbH!pt?-WOtEybn4G7w zuvkkOo7h_bSS{aa4>8qX%zH>5WU#{U3~L5DiUX*7MUNt9<#CvH3{a8N_bX7wVD;w> zVwEjB`H4i@3djYEkZ!4UOXZ^gTrbPqSx7m8hb3!lCNLsm4PuuI%-iY^Vvh_X13pQ_ z!9ZoMK-Uddn277Beh!p0+@*Wn4(Oyj=o~lN|3U%l3IqlW8$a&D`=R;~YZkyLQGXpl z;xfw*(ANWi4o^A@k>ct&dTMR=TxN&|dbnYT!o32~V+Nam(bld&a|-CT^dw_X$~)gE z7>Kjpw@V4hr^Xt*%v~WD>XPO&n#3Fcg*bujxg;X_TRukR5%gZWX{P= z)u{bpuuJ%I#B8De?K+a~bq3{Ms;ideKDxd<@QfWW^;Vi>2z!H2v_P7GQ83h_SlxY4W zInsviiJLEa8(x7JWY&O;mg2*uzvi{DzuT8-8$!afk>$7+yIgOL;`Cm&JtxA?=jn-= z!n?Ma#%9Vy;;LrMS|>$wNwQ$GPt;y~0bs(MM3)~*sh}Fn$3+cf3+-*H90tr~;Z5!W ziSo0|b<%Qzrz*Y)sSspbso7wwdT5s+xnd5OT%Y}^3H5$8TiGcJYTP3j*O+J^qhOY)Q2=WYC ztqCL;-s!Fh!&>qqEV(&H6zCWDmknO9X?ec$=p2FNpxoq;jE6QH8ANe$qMtl&AJ2?~ zi})4Fk(eQ5TYp4<(}wUuqj@l-`!kz!o|^N}bn13xL{@fRW0gSq=gHW~uRk`!jO(Wi zHi;~ql&yLdZEX&HtQI6m1p?eDh)*Db#0JB zpoMozn*h7xbNSHvuI2q!TF^^6c!NElKPu}bfExE4;9VqiUyUHRHn4QlJYQ$x6EsZ2EGnU!XS->CKYL_S@fnt<)!v8BO8vMQ=5b2@cF z5}4h%NmWTXTv1ON1%{o3@h2pxOK68hEf`7AqNziZIbAy*tlp@$T)JR&9{Z}vGD>+2>d}1~_jWop#Q-xS@RxH*jg2mZzlsvUzm4UFNR{ORkcDqrVGaMAV zzPIPKVt61Xm^rm+_j94$*nZsVw0Lr@2#P!(GyD1=>}72N3jysqcsMHlJ8lPafcslI$js2Q|O zDM~u=^$LrA3)d=J&4ifJ7kIIY^A!4U^TwDsojagmw31$yBI+()8Yw^EtTAE%a!=Z7 za2W3iQ#)GD?)j~efyYN)Pa5bd@NEzA>WR*O%+#AJo-*yMddbUtsyC^{mjcr_ z#D~isR`-4T;kz@3o~rvIyx%wm@caVkw`n@72VnEXK#dPw%PWwz2WRnO0DAI+@gw~t})Z;yzzMWp zV|=F}{9`wm98?F|OkjNxm@$8s{pDUq0aNJhwh>pidp(cw2NDxnZy1HzOGeFOkK$f_ z+Scz~eO-&s1?Mum4=QF%NU_I`##a(#1US*aj6=(GRO8b>Pj?hd=6#0(3&5$-zjfkQ zGTd}|*9|rf+Zw?M=fL!5bf7xS0i{4=)k&p-(kZwoMSt2b<*O;XgL|=$9%u)kq_dEV z>VHN~_zz#dwhp^?1zPf~zXE-O0BFZp!P=cOK%IlpQJS!myUd^VZS(#g46p+ z#^jpHx^QGB={;mcLrk&|MF@x7nw)j2=3Uv^ILoal`P5-H2Z!k$dqa8a*i80XbFERq zo=TzOX>XBvks>xlWoPyj_h=pq71pnDk<}rx%zM;BI{Hb0X0@ax?nT|@Wsu6S$nn5g z@ktkArpApj@4h1%rFq3i)6ppkj>9Bzmqi}V4q59?yeG+9XSdJp=>c^9r-<>|h*{yt z?C%ZpC59|MxYQ-+JHrRM3$A1WM$?m$_6<&$Q!Z>Eg5{)Wv8}}jl0l_dg*(*>;MJUFjwd0Do)U` z&GVH}zV#C#SlRmK68*_^&ttTd#d;&{ptFCS(zifXk)DVjzJ-oZox$`F^%RXpn0@@i z3V^Iy#=%ChZCq_QgYQK+lAT@xmrQ(^lBL6@>_d*UoTjB(i2C5UT{Pw2iddg;5{jXJ zf^89%P5#a|BTjLk5pUD!L5ju&2lbn0$osP@YJ}&bwaNyCCCAG$V>xzwh}qeGr@oxT z`LDVY6Bs4+Q{SNYoEF{O;bCZ5Q;ej*4>Vx4UdtnzH$8HcdB~qubbnit21R$;=b1pV zpl~b8*RpH&qQ3&cDMsKa*d;mjEwt)X(+lHyo(9N`JFCAizA)~KZJ=FCa#0?NL1nN! zr9pDROCxj;=kqX47>PQ^v+hWH_F;Ca4#R_oo3kf(s{zwZQLnUnubVRybBG{FHnP(A zz&M&8NgmOEdGKcd5BQS94qycUOtHF_ef2V4X%tbi*8rPw-FGi;SuqJv zapr2e=>j5v^L_hq$1n8o&RE$#-*&mA(DffUl4sLr!z@yCtT6kLNAO+VlM203rHY+o zyP>Vjn1>N*(zil+wIe}=>-7>jl6oF3k_FY)t8U-KD|)Pir)M(jnAiZH!r|t%^AR6Q zryo6nckp52;&v(JP))nxCNXwC>+Ula2PAm|{!Uz05#efzDe> zEi!!!bX!n(RrgDt3e_Z>dO|P?O6{Aunw4uB-7_>uIU1XXVALG^esN3Bf<}??TRTgV ztS}k7`)yeR2a@4<=xKMj8%z5@Yu<&n&dKiJWz6cnt7>>}hSXbQUjxWS;z{MUtJssR zko9wo$T(`{u@UbA!W{j)+e_b!Rs2c+1x*Y<{XAOIj=Z1?R1uowS{4DzCEH2latJrdSei zTkY^{v9Mq;4jed61)JiHR9+p+!xqw;;cX^wD?XO-tnOn?G`avxo9#ltGh+r|#7^LQ z^TG385b)7$U}^WSKp3_<@jQl>lNgL$KRU`IZB$9PFGGCbHmK)bT(9g8xhA`p2fo>b zt#{KoqBux-r*P;VmRn`R>n3Vcj4Aif(4MM_dK-%_ zP_T2b-U&li31FemJ_Cc${TYV-!&5l4{@_}03cE0bozXU*yg0gK4?>kw_BTVG;y}X6 zL5t%BfaL$fXWI77+qR##PjH{uYzGt)o)xgTE0{BgXYO|usgq7;7Ka8HnsT|n>a!l+ z^-UDA+YZ}3+XVs;+$iPC5+8t*4$K&!NA6@vap%rMSBHF;F@Rk)sSUft9s(TAWsK?U zKmQ1watq*Z=3e#y&MV}}73fPc3`LFTt^3``;7V@9Dgq;jm{-fq*bp>4JEp6FMni4P zphrZifFeseOM?F85}A|sQ}ijYsAOoi1Y#ckHytjhRIbMNycmH}3 z3uX)m2c-cEwE)bFN_y094aZ%))VtwH zGQ1b?NYQklAfL&gvGOf?4@gO6;7c`+hoBQ@@JsCeKh12a`9GT~S7Ex=3o*?mA}d}+ zXTF;4VmoIP1DjDSuB%k^X+jMo)tF$_Z@A1a;^@N0c9lFo2WM$E53 z5`5r2A?PQ!zg|QP{mb;`Da#DmBMvvfz)_+9+cgkw;5V;EF2-t1ZKtLh*A%GB09!R$ z4ZO#Fd24tBy-Gnstti{B%?j?tyze$=`{YXNSd3^SF$KVqDQS*5LM7rlqL11#hy!jTerjt=Q&Uf#MgY=m6QAqH?)Y z4Q-WVWtOhD-!TLdR)mmm$O$q}H1O7@7sd*i?9u}WRqWqmHEM8|2(Xd^&F~;crs-S5 zWa)GIE^xxr6jw$CXVY9 z&I6jEeNuX*NRIO5x5f}+Am$T#&3Hpe#kayLtl1iV3DuVz^!mi0fT&$n8#bAop<+59 z!kl+Oy8?7e2Me9iDI!`6t`~#XlI#j-l@_d~iBp$`{iJ~BWV`cE6Qnx!lhDDnr}YjMVT z!#@{9Kk);kzWh%h9QM~Ruv`~suem{jfMpl+%0PmY)jy5ua#@@*Y`WW>ozXQ=sD~`j zodHwq2bBkK6^dcNIz(Q99_FA%49e!FJ$Jh<#3C>2$}ZMAowx z{L`nb@||ys0m6ey?dS^sflgnROkTy7YlvC&bC(d_Y|{v}u4tUuRXBa}L{#UwS;0J* zw6nl6*|ajRP|0f3-@U~Ze|gEs)TU10I;d%t{0)x*L`oqGSIc|rSX-QNZ9=n6?2!+H zd`aElk;VMC${|zT7@_5 z9=x+&1TDD~o+ks5hAnv;o8^xZ6p5;oqz6CWkXk!qF~oH~U3~R;_;%O#z|iEK!IhTv zZFtdgWtym6s0m9?OiZ)~HDzEq5VWUkP;-W! z-FOZJ4giBD!T{d0KfCJ!1^5g6PLk30^G@xm?}~n04sivU>^c@0rZR( z4&DONGS2zg&aXFyabs|L(RN_~)?jgYPgxp5&?e5eHyc1nvQJxKnN#2NanSN{FOGeK z!>;~n7gf9_AwWh>nqR%Vn+&}?0#rCk4?zH4vjz^zZU%<<+T?&9(2mk>r$PMR>c&Hp3z-960GQ{ssz96z7t{ zTGRL~%?9!Oo;KKMCt;zCW0KRH;I(Oi;PHk470>%)JHG63oX3{UHKLV(`2zLF^`7s=2764 zN-omv#xw8ty`_;?e02iFM~k}E4>8gkS{=#`cADj&!eI5NAHxQ$>g5Gt8BG1}6Bw<_ z#NV(e89cLf^jgT*opDcT#n2;0MFlL4_N^2MYX^5=H(o+2ylcq(I*oXg?+`WSGKYVu zOcv8^6{jiNg9jCrM+owS-cyjh0(ojOb8LCVIzn{ncNI{b84Yc&X)Go6d&|hrUuL-0 z$S>pt(XZHl#*AnUFPb{Pxl@|@UQD9EvZy0Dww6YUSmjrWE=XDGb?wN}h1^SSdqx<> zT@nxI;J_ZIDAn*`LN{rx5MH@43f*7MDaxligLtAZUqE7^_sd~pvD47+x+*ob*iOVU z-@^_JKSr4uYkp4x6vj9yH(!x>hux!vW$(kmTg|b+W&`O}t*Zl(3O)q{Y7Z&;0niy| zExr%PIDCU_49iQ(zlHUbR)$UsCxl%0KT|t0U^hJtNSXd*ICe@Vx{;iEh`$feZ8ACm zR|BAJrKtA+^*WR!EBQ;F5g2lUIFA9pgR)GDS%~kA@-OJ>-zybXQf~@KX08SxJTn<} zNjzMpHNy+YN-_fgF0<*xgj$8du!QYlyTm}{0K}7}ZkF`M7ntBXBS=xOLv9C?*}WD| z9tzGQlGw*u=6-3AlDfwF(qWrzPMgkg`;48qnAxhY6Tzg=m6&uAR%GtUpfNa?RW+5 z(!__he$^TxJRb@Cyr8QvnN@jRb{w-FjYqUTQnN7_cN)%a?$pb}vywhnWTWHLm(S)> zT5HBui6o_R#5QMen?@h-Y^um*ZQSeV=Zxrn$YN#|@b0zeeTSxETRB(0)hNd-62A7& zec7`WlRY>06Atec&u=_Y0Xhe7(3)7DP<=iqUK{PQu0F=14i#eZ(h^#POyx=GDDq;| zT_Zb|+pN{QTRJUiBo_VUXad?28$CNN6xech#&)|H-rp1scR4qUlyk**KV?_e1efx0 z3#DWFYY$1>cs)3y8>>5Cv3+Ky;QTq1!TD(w3S|DS5M6<65GV47`A3GK00?vY3RF3J z!Q?UQ3yTIsSS<{&E#=KuwP!Cbm69;AK+Fwpz2EY`qm=|QD4qiGfI{~u^+=|V<7-b8 zm%(z^`);#&?n%om>Ix?Xz8$E?UDW*9+Mlt}`m%0t>bipTp*X{i8|#_uCXgp~C`Qyq zri161tlfzl@v42x>`?7*diI*H(WE)C#jf_V!a(oz9-C*sHtJy`5P z*YNFcF8{bC8n>y3%wZNcT}DxM$d8y|3idX-M_W9Hw_Y2J&syv^Gcb*0*s%8&H|zS; zL&a*&{BM|9JJv8KBfzb*x1z{4e5n*7tb_`kn{)Zr-9Jk|l+)oM{i(Zb95_>-YK+C4 zGUUrRGdm7>%@vU`AzpoLh>LR}Uhc_Fg1VLH03qzpU$ClUpS)*Bv~jAV)pH>$GyU5- z0U;#`*TIP;9}_upr$0}s(aKS5PsB!O)?v!8K<`DG)}GD=dCG(U-e$Sbt~I9%B&EPB zc$Y~ojr##!O2YduLeD(?{HH<#7n=>pV`n;`+riF0=kczi_xg%-tnl7=`<}fNoGf2` z;73ls8ct2a-U*~F=B)E4+gF8K3OG(nJP0p)B3q}g%X~wA$ryCtk!!xMX6J!@l1BA& ztIdthB9>))=0)li$mK)v(xcmFuX9($)MblxlBP5RA}hf`I;Nd%ciCUWj%p&e?0~jh z$f;JxB%aJivde*L&mz(UxbSa^Tf>rAMVT`oGt_bFd$m^UCt~vKB4HktdOc4aFS{PT zP&+#)x~NZG@P zgL#OoC?lWr@JdRXvb65jp%mpL5&HvQ<*=x_1MlkQv&d)Emr)VSl>^pKd$t)AhTkGh zJUEiiS#c#As(9yV)JNS!^d2vrEY#}G2J`b%;(Rbhay;!*Ih8LzOFNj+ABnq79+Al# zGzXN_cf1J_`k|<3fhgKOCr&lUk(vYFwDQFt%@}%%UrSvaYT% zx_0Z;9gr-&ov5GQNygkLtX-VBex%$-!NfB)=0%jf_%Gd#0uY#s*k*Y*CXC!%7N zbzXK0!S&C!%4R#=tFp2T6Xl-o_FRj+y&0}iPb*fhb$rY2sOX7GMdJ{-Jb7kEh+hgU zWIDEC|J)dI{}xtcjo4=?F36PkfK{hNt`#W)w_YJ1WjoV%eCy^{hzm!*phhzJkRmbj z9hq5Ej@Dh9IZk`Z>@253t5MH{!`+&?Pb&%Unm9U{Y5kL{7VPd#qYBytgnwjE^Gr>B z!2k9@jY|3ToBIweq1{D!E#14m*^UWEx&S{y=lZa1GL-4wBbIu4>tIT8y)s|_IQWxTpsZ6Y6#Sh`riR|s+a+Ej1N#`*6K$$ zy#J0KmEHpkdkCfi@VPTe@QddzPInVBM>QQeUQ1BPafI6wKI>v$yWxQoST9uQzS63; zKSZW6VVhH|my677DAE0Dm(!W>;#MaJF~hvR378Z#t2JTsK+3Kh7`UdeAa}uymiA3#t2w50UnF9=hWq3^dsP5 zDZ%pw?x&a_P5{)noeS-N1MZ^Kz9!~_7(39{0x*F>GBEeKLlH+0)(ug@bZAA8X6YVI zgwYV^Qscf^n1gj}fg(^;oP?KNwAiUbhN7TK{Q4*tT9L7A<6H#gtL^K_O^vaj9a>*NA;5Z=*fw zuM1%O@wHfmrzZw3MX1!N7Xyhr- zAFhGW?D9@aZbBtb#p;FZjDs)qtI+6Hpwl}JYT%>}@REZt7=ry`IEDo52VT=E0pjjT zs9!cdtO<6+p#{Xjn9&eup$9eHc-R?&0L4t_IN`HgHaXo;zW4p{!1rzmI{B)-6g8hG z2197dQLsf>RfwJQ2zPZS5w)ntkp=^u&N_5n6-9&z2&20IYQaQsC1kj>x75bRqP$*K zMPA1BxO|JqinFAjTNLrYDi&6g_Z`q?$RP+guZQ=29Uahqw5S7wOrs!z)(qf-!R>m$ z>_k{N0Iy((X>Qm;m)O0Wpqo_SBr>GY8$!$pL|m z>6fJh`NgtmD{#feDQtiJEln)lnWg7N$_9g^6Y5(LE=1Q$@CARg47PE)wBIxI4F#E} z8a=zX0(HEv0!KwRY6JRa3uR|s8lHB~#cZ{W1QdO)2!F`V?q0Nr*^(vpP2eNpa`fcM z%>>S%>~E&b_1_3s|LXUDY5lGr!3kSWlx^}zRSL@G!UJh9H$SHPcl9}jb3vq(+c+x} zEszIX{kg9aBXTk~nM$j=n|=3wSS1jvAEqhNlC=)z`I;>@6q(JY7%qh+D<)e}W@?o3 zs7DL*irmYL8q(CYn}@J_TcHhT__$&-0n36f-fFv>Vw86(F)_anlo0am& z`!_Xj*5s^6F32&bJ&e=mOEoFM%W|SH%GrrlqKQ&YURld5AyPzao*z!x-MtyReF;@C zwp}$aiyhQjj@7o=Np>}lFeZq8=bbN0=N#2hEVZCO<<;?6x0_RW{$4hSt)RNnW3#4< zq*qzd$cowd3RLuAuRM7fa^BFlNu$!yGQ7RL`q517leri9XFpK5jTyZQ_G6*VcB7Xo z+B1@Fq(*JqSVH3dS-hd$F4VDMFTdDa8`>mM{No^v@3#41kZf(hk zz85;#G;rgLkI|8Fq!fA>7x8_3YPvW(aWj0- zk)2Qdio$|iv!nl7-T#sNnjYx-MN2xcqNlvtnyQ{P-&;BHet~sUmVT;R?F}1yu zN(-3`M-Hs@(<(y@-UDHClmC=f_s8pL#G?QNGZ#8%curU_{Cm_HL4!HfL@OPdA7ukL z*u!3dORu0m8T-Z0hsB=!f%pJM1K?TA#v!H|kkuJR@GtCZr2sp^yT1d4z(_|8(0c5* z(_u)$4?mbij+~5mgyxAbXvdemam7kz0{WzJdAryw2x90hS*?$roCBdokO?ZT0kF$xitiOE^tLPbI1uRT^N&XZSs>DQA5Ld=j8JslX*VeikZ z<)c0j75%-MH@>5^t^VA!{$Gld^n+R__$$OBs+vDl2rhI?)+w@$wLf|WW)IO9R*ViMZ^l?BcW3$8;u9Z<>-|sza}DV&Dbq!kv+gRO`a{Rd&Tw z>&Pyq-by4#=EKQtULlodUB^3+(F@IJt8?+V4Aka)W6>7?VI=vHAsRE)ZgZziUaWDE zDgfw)W3bR5xhY+Ss6Mnylp6*52x{;+U^-l3ZIo7{L$5AxD!|v**`=_HJcRd*%Ad1i z?N$Y#WwR+N>iSWqmHtZ4(Qce8T~{FQ2a|wW@FmH@Q-|2FD3ck zO8Wm&s`Eqpyp0?nZc7Eb_*I|f_lyV!XSEBK)Y&nVLI19Z66z)3I-V^$0rLi& zI1+U@ux~U(L?^vk5rPw8lb9R3dRa#9K^T4D6dDdT;8o!$5QavurHEh@)5z}4TP~lO z>M0V0@>d+s$oan91;W*U_8^&k^9nTFi(`HY zi-+1RdcmuY?NB01Z3tS$DyD583=>Z9u*X*0?wa{DHp)0J365V;NUz@(0 zf_qKq1`Ck$$qF8W7Sx%+ZtVD9hASR#xW)3debbhmBblTf8*kV@b=u;ANoXI+(~%Y+ z(AfI%7#cb|6cZ(@EJG2KmDxYC#{b>d{_k1s9=n}HKtw)5QXnGD!@MeTs9@`0mAAOF z|BL9wQN9DPDnx@8h1sZ(bf0hSD;~`9D$CN>tZlKwQ_V^8_QMnq!@ksd#R(9m<@Soc zhSBi_3J+2t^^Yt&_5?JW$w>?5t?Ot*f)I1z1uGt{is0wj{T0UM_!8H|_ZW&H^=A){ zT%m+affHJdOemklI-kUyS|h?IPAxP*sC{lv>@I=%{(V8)M{x^=L4)ktqIuKhZMa1H z2PLxyX)-uNnj&u(U;z`Zar4u{Gm6mfd)r8TZCm6jW6kvE)t)8qRb&OzZm2k!;o8K> zC(&e}^xX00ypLOzQtIPqVle9gibA4OOcCUg1DM1lIEJ+ASeqFH7`B>S;%QV)Yn-;s zLVt)abw#ZCv~?9FxzR0*c#Z|dMJLuwS;e&R93sT!)3Ls}!f-LSEzgQ9r=6-R2rHn8 z`r1!*y8D~HSR;484Y(9Jy@(X!SUc>b4dYmV@H#E~Ka4FJU0wQl^LRKaar30#uZ)(%9WkDl*=(nDGP_UC$2W2#ogr#E{<)$AZwI(4zK zSsKex{-3_vh0Kt58*<@a2`I1_34cb}d*Tmk!0-kqdrK$3@5=_Ut+kPew`tgtj!^nG zW~ZJG>R{6RSqj1!1Q6?@G%((TdT5mMu&`g>pXfU^1N$-4xR9) zL-35*^U3N|&!WKp)=v7rW*gm>;v|{zj*eFucn17Q42myTe)dO0?Z5v2@4~nRW`Eop zB;q%n=fN|qfJ^Ob-W9JbB|!uCQAYExC&x=jR&B9sXG!INl1kuy%tO z=sp$pcnJ)n1?=u-c1PjHJmjILmD@hf)*G9#a#DbtB(NJ(!hb0Ja2N%um8m84cRCfi za%FR=lXA8us_2DoCNP^^h}+QhSB8ll=>}Fim$15qy1Or_#vJt%7kt^!-=@Nx(=Dpm z>@ZbSYkzT!45AMOM*2{E1-gia{&Hvw?kdk0u$9P7W=uk8+_!f5i=J=nFI#50XkY9~Uc4_@6};#~66%04u9 ztCp67ebJb1rYmP@?2V_g-@3jpY+i(_+ME7B!5+WH>8XH-w(ql8wun@Fd#{yBKDt2H z*)e|P+ToO(57TZO+e--vs#kjjATlBBM;<#$B+1EE z^J8eC0vWp-MN5RjiPAL*Oxl_b6KiWA`eJ;ZXdg&AAN_;@!Y@>9vLaG*iywBlNpN{V z?DLl|%So>&Wgl-X6%y0FFQ#G=p-ybmlG{YblCPdqtgA$u!Pt)-Mzqbgd`sg@=DBu4 zpYu#m&jLe_jzV7mv9iQp*uQEmI}R2$-Xr|W{vQuJd}O}nT4WA-MetX0DcaoaYblN{ z>uJCx*LHjAzQHSgiY3%^t}d+R8ZkT&TACV&gH5MXUN$+!*=lvutlGQwRZ$&hWH^Cd z+S&Kh!pk+T&3z1lPUUjEv40PPAdt)=c{&o;jHl8=#NmY30XP`5&o9|12jt}R?;&6H z0+BDHJ1lt&RmpE&D$CBfux0+lc2)zb>C^&zA4|mUc*d5d;o-Kx<;Bx$H%P!^#fa4j zyNeTx3zAXvg(6@^^?@X$lup>;XD2C`%VhC(7r>lCLTAgK-BVV*4Bf=|WCM$27FD7T z?Ju7_-TH}5{GX1_&dxyM!q%G0fUWYoE)F}}SSEqDO z1a~L2VHhw9(Bqe^vA|_z0ENL|{tA@&1rXuU$4dWmBGG@;P~u-TpZH@KalFuu0{T4+ z4jtoPyaGw_Nh$e#7F0S7g)SI=IxrDCY}Q^n}+Gq*_3p+p%+p8jd1FP(?%KmrBJf zz8~i~wlqv!e0LXyd)n=oE8;|QWyC4P+Hk+DiBk+DFEUAFo~Db}DlpZ%?>OauuqT)= zY#0JRDl*zt4VMz@n{w=A{q&09(`h7eBvi?&^ZRk`QgtA;M`@!DQOZEFeXO0Zf?|hXfzG5bll~5Oz<+Z1=phD=JLg1y9n9hqh zwNHztE+Y2bjs)Fo2@bC!gygDdypAvWQ-GjXVQgZOZ%Q)QV$kdgr2AH^26J40rVP+^ z-Y8+jWX8(Z5sQ=Rgs`3IXI2r0V?VJjqq{m&jP}di1P@T}?=0Yp}uH|;G$59xMB#t1=b@%k)B;cqL z9HRYCm1@z@o%>o=aUPNw&Z-l^X;K9%Hj!oc|Mp@PKf$c|) zEQmzJ9u#!q0L4q{S3=Q+e3r5Ra$Y7B0FGE~QH@xvvqj1ofE;z^QArL}CWekpv22X= zmJy)slc8E!!;_;*yTMnTYQ1h2g@1$8zzXYW3kBK_f^zNS0oa=yqX|4vqjnlePD&>1=^IaI4)x0#zs zVnlvVq8X=xNk<{f$&$m3e|g2YhFSB0-_aY#Tj)rylk6#NMH@U-!Mnt*tPlB@#WTc$ zcUV+M29d`{ICr@!E^low66v*52;$Gn9d*Ie%WWu;Qpohm@&F>EcfB|qUI2re)bQY5 z6;LUs0KK{H`G}ENoi)2UZNI39!bq!$w^v%0Io%H_xXL^c^=%6JQ)3r{0{qb6!VdlP zJfFZt%=;?nX&V@A`lL0( z8s}5kteKmlGv67FK_)zdBoB!btt*)=Dki(+t>ad{rz9E3#kX>5$>AOq_IT?#LMN$ zhF(G?E?Lj-sua3~>s}-PWmJKpeK`Y$c9Z3w{}T&-GOgEEkGkYycWJVQn6MX&LtDrGNS&K zRo@L#QAg`*nr7t0!SSskgM>oonlUP^-ia;0Oj`#1V`7`oxa(n7)i@4Be7L6~88_ zm+t^=-}vMqR;rJ9#SL3j97Z282Oa!YAjB?0EBz=oOT9(p7k%@U{ckQ-mIh06d;-H) zoGd2dYhRLgGII%cW=v@A&)rt@#lMw>K~^SV#E%Lz!LuLA70+o9sBLp)t&2OlS$2wG z20J^|0z@(5Q$_@(ZIqXV4~53tvxuCdr%;nlZnVdSh7+`O=Pek8!a6S8@N8wj{65_n zs>u9G8D)k6rnnjXd_oGXY?y>5XsY50%acqq*6s$(jDFcsPw1>djQYdqR^G;Tn?n3i z3Y@Xf3OmcZPI@n0uX5i$%E#a=%e?)k8K);?n!w3c;`g=N=$1uq3aQ7dXD(n|0o(v? z>Qw;mM2EWGdz4Z5wN$p~TXzpux3AHy?<&yy*MznK!BWt|X>IEDU2!%@=RTuh8U-c8 zXfgRW^gFoSVX*b_F^Co_zmmxHxZ>mt+*OG&3r%G%Pr&TN3+QB!0g>Jz1f__8v=BpiDj*6$lp@kZK^T=L zg3^p5C{3Ew0jW|(>Hxz4Q{FuGvc@QT+&$TxoZUTV{bS~wIcMIz_xo;p_xJsN-%ZbY zsPoiuki}%tc&j}*x5d~#NWPhCuCh^h?2o%#DghnSG#6}cQq-%krxdLLpoFw zVTxsA2j$uvsV@TGr!ua5^45cJibcG!aYL-0DdC-fpV6>v0?4v*XO2_eWy*wt`WD&<&n}62M-_jt*+0_`bA~UpK<%v zef=v-$lp8+r!>}5DZTkCYGk_acy2LnCdZ<%PH$h2#!bhow{K`)(JDWE=d}5-Sn|Tq zgx)NK{Ne{Z;{YTuLhbl(Echbhy5c}Kg%IpPW;IGUXofzqVs-3vW7eSry|+KU_St#y z-2(Cdxjq4{zTtTMnq!lZd;M^vqK;CP*F-*vmvd{Y`+A^?J1zpA>R}4FRy((*l$ZIKE?)xd;=YCCariJ#MiGtF0 z)$SCHVeP@gcCmRs9?VD8s?5gD1S#jrDf_wkt1)kNKn24T>#+rSm(?xWCw!dj?zFpEyU3FyJ6o1TO3G32ev7BtAfQ;YvawC`VCJT;WiRY}Kf8M49 z+)LHEONuvL$n84}&O6Y*T^(E1P!4tVHp*XThHbWK$Z(zMsq|4Je!KmKu&;$ogn%S( zoHo|)K1zyAOP1YJtHW`*KXkNl5e)9q&o=&gQq<+}+VRoy$j((#oKjP>F2+@gK?y|b z3PyTN`ZvRMMF@s%D(qz(lAL7dN(1{3)w6$kGb>2@C7t29#G|O*u*Bm&O6KfM-?s-9 z1sl&fDUe{xf?@2h-l03BdZ1Sfu1lGNyIU~aOlQu~SPfc|5@4fFL$zz1nhE()ev9Ne zzC%+Te6%s8)WtV|fF~u3wmii85gtg4P$7oalZ5`m2%ptXTI9S4qu4eFsKpfms!cp@Y<;$tW|tkTc+)Y$EM+1buno^@*Fo^ zJDX130;^hYx^_wVb8U>>X;;%?Ob9!)j2UFbGoUY)Jt8n195s`R=Krkx(xlk;i_0&q z^jE9z%JRU+`_<@M3vU~k1?0sH;hi$Yt@-{O+u@!jrA;xapRMgJHr7%K<;&#PaUGAx z+$NC3pB(mh{JG!|C3q@Y&nPWk+8>jUxaH)Ox91KpzFI}rM~j%dRZIxs;;+-FSu8^;7=-_vr$$s}d zCk)e`+V=HXxKU22Xp_7Idj$peAK%)TmSGfbDw^az!e}3%2b5j6FWn#+xADah(}SMp z_sArRg`Y*&BkdlrNZ6oWiyF#np=n}A%{gA9nP*XkZD4f zX|=5;09m_+`d+dOk}kUpD7CLb+hmmL_A4jW=Z3t~5B#U8>iA_4^CQ{?K#E=_M*sPb zsroPEVLXLADGKIOTH+(um2zSOqXDO*TeyR%%y?=*0?;(oq&Ba~fsUo>70dvI2;@k4Q=NeMezKm!Zi;qcYMVwSJi zmCD@*I$LyodTtIDJ$utxY+{(B;5=_iWbDaDR6?^Z#O{iSPJfu>)@>3f8mRCKnRx^n z1CXc`JbwoOqcLa-OqW^Wu`CR#bOk6AP~P z%}wCQa1=IdBNraX>pc@>3rFm2JoxLqNZe}t3=t5& zAzxU|`?&mk((?2ApPqj^cvp1%zw}>LFEhr198!7auC<=Xc=mkJ??Z6KEUF}+f#lyt z5Axp|JvFKys+Ka-b~t~bwm$u)!P#%x>E_|#IWBEBR$_g@#%dRNw;32pt+0RCU~zyB!=rhazkZFX45y#M~ga|#MOGQ*{7 zL=&!@RsKor#yknXJvZBCZ>hJD70H|G!88t12OyUWs#gy3Dl`K|X%q;NFjfQHq!{o) z*pA_Iku_|yy`Yf5t3(?&%s6y0A?@(G*4Y)~!G6brDDAv_1$wlH4PqYRA zrb9ol9lNr*d6~}XoZV4=OptIPwY4K26$Xk2-zsVrCHB^jgZ-itxD;F+No*@j%wawgbsP>l<1a) K*7ky>uD=0DAvE&< literal 0 HcmV?d00001 diff --git a/UMS/images/ums-in-k8s.jpg b/UMS/images/ums-in-k8s.jpg new file mode 100644 index 0000000000000000000000000000000000000000..1aebe2761b7ff46a67386ed0684dbc5c8bbec3ac GIT binary patch literal 23402 zcmeHv2Ut|gmhMJCP*6m2Rsl&0k~1wTNhC^;ECNc9oP#u?pf;fi0+NL$N6Fb1BuUOW z=bSSg-uBEr_u{#C=DvAvzIpRz4t(|XuHCz8*Q%{8 z@y`&XMBalHy?N0VV*z z!3SykN#0-naL(c4;h!fUyl{~Se4ykCa1I9-_Z%KBK0Y2E`1C9AdjO9V|LS#K>GNc2 z#soL)$@yM~CJ{2VC} zKGx9G(te_&Yhr5l{DrxNrK6Lxi>sTv$D6l){_oy@fQ5yBjEIc-6djX{NJ&jg&&bRw zEGjN3Ei136tovTy(Ad=cqot>}uYX{0Xn16LW_E6VVR31BWqW6LZ~x%%==kI(T{r;l zzmWA;%KktXDM;5jJUm=Hf}eEZoO1;WE-4=Vb>8z=rPT zeT(9mL-$2W7J+Hj?VqImM%n)!VZQ%Il>L>kztJ@U5aZ&2i-$`JK!6ij7^i4j@C41x z_yG}w`o@|aIZl`opdjN`GTC_BMw()eDuJwPZ?&sudE3fS|5dUZE``o}X&>s$YaW`m zNBS{?=u6Pc(9QM5BUOS5HA6ZqKoqWv1(NcoJJINBEO4>Pew)8Rt5PN{(|(5JUBS>q zQEK&qUQOXgk*6Z-p)tULE?2-7Q&3*DjJ;>7Rmkx7tl=h#x|+bigF}~|Jd>Ck-^Ep~ zz3D<*6_W#MGXL+2b}Y(lV5+pcxbw393aLeioB!t8plh!@^AqcjHn9s5X8z>R8pBXS z*V$GpPbAEUkxz2fDxG8 zrkfs>EhvKtoC`SA7;kvJN0X&p>77ZjP+sZ!T0pUUJ?*vAq;Tt-b;2LfPf7=BwWf$K z{^(EIrZ>FMZ!`H#S13NCt}DR)`3LVtAv@L(xdK-{p6i}i;0`espgWqab4j?-C80On zNxH1njNsQ@I|J)ih+gJ0`)- zePiC&5AWdWS#6i%NK4`YAEA230=wj#zi}z&@LKT&YMLM&A9;#57K}7i2E= z<>nm?TIUtVFwZ`TiXO_q^O|&Aq~AYCK9t#tcuQMfw3;Bum122i`H;@}gYq)#aB+Tn z3ufy@`uzs$;>0TyrnhIHxPE#`xZy8u;@2`0LfsE{w1cZ*tl=|wRu0d%A+P(5D}=KR#dP(drRc z#?UIvjEdK|u8(l%6FUr9dSn~vMVpjAFz(PCTxd2n+<%o(8t;s&e4Na zG9I+kRAkIlGv&SRMz5Ve1NISOWcb7~Yz3Z)V%ZiP>Q9AP6-VDNbN%3w)D+uDkgDcs zz$tldSE0w7%nczQyd$6Lo@3(2qI1K#yZq)ozT8e`iuG~?InMO1#mLu!sZ1}r6u0~J zT0NE?z6OStBct~au5pD5T;w(?tv*@!oR{}j&%wB&x8ZPsPCPXHREwzM>oBtQl#k2g`PiZ($>zoAjyrIH1pgy1Nqr@mhk>?i zg(&41*e=hJ5hFDgNMz8%pc=416FV00+n$CWZ}%fN+l){SUrxqJ79>^HhA&X5~SOCcj-ENU8yMO%V6juQ3@~WiJKkpx&+l6_G z`PL3utcNQlSGWG5JIEj2w(11=1o^_Ra=gvlYo5>dhrz=CNX*Z{ll(dMf3U89&ih|B z_@8^`za+1A3UmfZG4wlIDM?MVYUtQ3%9AFr*ZDucc;R~jpHmZ4UI+YOn9H(1+XSw&wi;?e{BhTc5nUou6x#`f;Gi9Va_Gsy9nr ztwf^nd7xX@u|OkyecTA+8-+Z&f(2#`p$F}d`4_3^508(#*9B)G#Z;))$%9=iP@I`~ zwpFI(RjJ&0EMQq>G5ihZnUow=^&VY@{C_zGi54yU-A(G{}z&t_)&bHZF-i~ zzC;>qFMq8Dg7LCOZnl8pn`zhsiaHvFPDX%U)J{#|+N;BZdC1(0m~O)ebW}PP=nN`D z9~*6DRYt~|Fh;m6o7v=i5hcE%Dm~)9ELUm(3wBmkSDW)lfXa|-Emr?CW11ofVP2-Y zK07)>jUbhM9%GUC(yoy=%4CU8%yjo#&dG8$v%SU5#60suZMEUn%#kd;PX4vK%hz57 zj*|=VhBp`pq;l~`QK>s+RNQ|hv6h#&K38%~!M0U0IK*7j%WYj^g^pptq5! zEo0+J|8%dzQlXlSMfhgh%8A}2B3aSANa|?#69*ma<+D_u>ojlzn%ca8x|4|f*DnKB zT!qT`CyYiae0!$3B|arTYrk&F>bU!q+i{>U_JJY~8Fv!8Ahq>bnT5dP+bjGnX)?@* zPop0DDvXg|N>7L$?+pqst?`2MiBxu^B+qZ;`;E?yDvwACOnL`qX1R$iDwXuzgsT>O z#k9pqdomQs)1JSj%_7DvI~|zkp65|HNqL0m=odso6iW+zI}TM{V`he`N``c(5tJ{C z15uMVaZa>Zbu`t~i!`@KN&D|?4PZ`@87>X62{2o5@6~; z%i%=OYE|r*zZSV8X%0EKT80I>vyF5HDebwO4r>&JVfCX$!BlS{-myFKGU_@MZ4x*i6mi-QBudPN(g*8vc!3k$P2W z78~5rt|0{6bFM$GnV|D6E1ajtJsR(YTR7-vEDJ_ou_Hr{KR)n&SDJ=a&^?wcUCDL*RzW8LkaCl=7fyruw0-ba45FqyW>gk zXy}m=_iDXUZP3zip^4^lK<-$%ynx;}m2Kr@RwnhPV_Xn8xU@OY)TEj^Mjg2#dTXmG z)?NG7-IKLzXsU@4=L(%uqxojK!u4{M|c$o_Dv8x9A%3Kq|3 zITs>Wi*<8IyvRp4zHboElC*=;Nj=3w3vhxz#gfpC;Opayr701eK5D+SF5rOUjl5j3n;)s|)w*m8=QS zUcu^FE65!J5F5%P!2+LSkPh7?W9{es0;|Y1S$z1v;rT!xre=u1A5}gNGS&3^A=^PW zFF}6=%B)|-|25!n2Gzabq*bi0YdADHt5jO%_Vg-Cs6+)pn+%4H8Nt{eZV-|vxK{%2 znwIihw!$Y@(=z{^vHl}J|NTtrzcV1dO0&*=ekqUHJkBGVn5nC;Pdm%o+uhcet)iqb z@w;vc4@Fchywlhjbkwc13xDeHn83=z&Z3Oez%nwcZc={m7K@bWZ7%ZJg44Y8 z72dr(_r@MEV=jc=+JGw+uMy$XNVmQmZJhgjnJW}EBqh%{6=rNdxQIDXZrnmia!yP> z8oJn1{NjhqB3q_yU7~xA@H>HR=iHL`)WZBITNBeX1y*m^hY&tbfNDDz37C8M1$|A* zwJLZoC~2t~qxjU}HbQfh-t_RPSmNV#O=YpMn6REEBPI8%?5)i$?-8t@rY^#EXwu7g zNA*jx!!aeQytqS*{2Jlk2k`5ovJQ9NgdD;bo}TzY*ik^wYMKANM+Aud}HzxgGF&D+NVU;8r}vWj^>6;=-?Rg zgeKo2j~fe2FOE9X#pbU|CV1uEoGeT z#x-#(2Mes+#sXoJ=y;~H6*uT`IdTrAeVlN3kVbZl1qd*51b=8?pLoR@GL47nJjP5O zO!AjS6g{8Jb3~4&$~-!MGtNDgK~noTUPND$-puUYo9cvC%|fJs5SN;MKI-P=KFC|m zljtC(typLu1Pd@j4+PuS7KaY7Kw&}RkE8ruv8?PY@EOKkOgRMOYn6xv-i~6Du)r~h z;TB}%RT~||ihe%5JSilkG~r?&8i*dTjLR=bmB^=}Nt+(5!~*~7XTN_hDfC&yR zTD|{k)!a*cA5FTyhv7KEyax@wzCKQ_Sih1oixgr_`;Z!snba(?CX{a)7VyCWOZO`8 z6whi^bF@D1IUW8Ut)0MxuUi6v@rD~_3cZJxtwR^%CJ&pj04?Oq^(T10V72hj5 zi;9z%tN9S|vP=O0OZbr1KHMjzza(2ySa$pJ2k7m-&I{&d5f2_^7~NtNe3rsx9Qwrc zX=vyt_nYU%CpT$l^{3Zn!BvhpyL4x-;o4g{BZdLiIeL~tVrlXA{CWWa%r}`MWL@~0 z-+!A8Z6wUBR-1aISI4*9wetJ|Ti=b{t8_28yT4ec3C+@dKSxM2=ZrWd15VM?n94ln}V*xMtHsZ{6o(Bv%B*NXfN%ha?^MB;#v-FfyrW+2lzvbgM zzKesA+HW05dyNH{HnD&{e3zmr_{UbUU2i7dMwH{gkMbh^#^>Z;_I2mOi@KJ~lVL~S z_h(=H(enL~a0v^9u1aHpFA+#gknTxGO?Mo#Udk4@vd( z>V+kWL^RbllvE5kX3$!_4Uj9gFZVsmsT8{6jr}`x?&Tcfy9xxRphg{wFUMOA2D-D!iWXm61}7MQWtc z+BaRM=vI8dMjg2J!dyZtW~EY>U8C<-gvL|$cz`LF=inydaDi6-2xu;r1z(MQ7}mmKQ8^jy;bfuyn~}p8pvbFRo0E+IeQt3yo zCjU7Z#t!^m@@deYkqd@cpezxcYS?bbe<}@atHA=ckkg0d+mjnR$KK{A%9P*=H87oe zVgZHFSphW}ukKTGFm#8L1j_oR$ZRZN_y!Be$?5F>-Hne@93GhWEr|^fqi)c2(~a>{ z8-UDF2%`wFz&j8&$ci?JA7Fur(k^&1wb>A?b5QQh+|jCO9-V}Zd6EU$%_KN~q4(aW$ zTyH-d5U(Ls!H9<8*mtgJ-xox@c znJ9#09wNmk_WhtLGT6e#qykcNp;Tn|o#wMU@?*;O-*!*9^whT+3sQ7S22xE2wr_nP zqjGL`g|`vPI+kLD8L=ET#kf6f22|aaaI# zjS&Qal8ito>KhmssDmHfl>i~4dtc$8!r=v7HYajb0?^bVBzOy1((c9rTjwEL2+S1{ zLTFb$0t-wLL#GY!$#G&+j~pL#vxX_r$rpTar?M(3sg!-Pv33x(A^6u@QRHH+B^eCgM66MydA@y{M8&?{Byf@^+IP`HL*ZGC@m3) zoRdG+TbRgepbyMcW)kz4d|~XlO83q(SdE4={1{&e3*caZE4+a)3=0+$mnf>MdiZzh@91;p>cV6bmP)>jys*W zCVnqZa1E6n)3qX=-3n@J>^9{mg5EhcZU#yxV!r^L`WHJ=MEhZZ6*_BDx3@Bj`)_OO zmGsU9+}j%eD9mr9uUy(K8j7HKLe=gSw?674mLMXyzj?vU>U*eL0v0%>6z_gvo7QP% z&04=ou4I=(@2o@PfP?d8?6Tao;~Z~}Z9H9{uK@;qJ=?~VGt;&#R|#J?D-Cyy9W1Mk ztyb2obd<&9uGfv>>AWqwT&J37C!`|oV4o15&HB)C1Pka=E;2SDEGHPZ>MNVx?|ELr zf7uZHR#4u?Z!Dj)#RO)M$Zx%~eO;g8cB89@a6`Um~eey#KY9X%F`0lHQcFwO9@@~eL5FrHXAunR?i`#_V!XIi9_H6c+vbK5 zrL~LJ;;`4DA%IAp)q|tgIZxcORR&73Ti5M|E<8{jpQtiv3rzYhv|b~<+<|YZe-vd< zQ(anBJy1dy5PLt?BDKoJO~okmL(3k6B!{P1)a3R)lYn)>@`tI!OA{mJmBo~$Wkk1w zQymUG^ve`4?T%Wr2P|Ut$g2ID4n>-Do3;)@Kd;hC<>#-^3PwgS1f?))2=h(QiRvnh z6Hne;E)7b$Lmf0V2d@+vg_BzyMnxXFdMu<$wiiYDTG-6J`0yTxc;=AeXDIi1@3UKa zJ+7wMr$J|)bzG*8Hke_y*rL;_-8j$ZiAC|b(3P2mpabrsjHO7!8)fBNui9)$LdiR> z>pZd>Bl()S$nK&lD{VYUQSo_2*ig8#pLH9QCzf)E<-^Jxp{fUpx7t*{?ow-UC4Tae zBdR@DUUUC3vVWs}AluXamEAXvm<6rSW`^?%EWNk#^Y%uYH}+ODbGe_12Ai|6FE@%9 zH%|=&Qw3Fqw`VTVYQ-YP-L&hyuP4@~8nzH|++L@hnQg8Qx*>sBxNIUWUF+zZekqvC z^vG3tYkw_f!+$``B~>WYmNhuqHM4<8S6}(9#OpLWc^Nz(2UmIIcpjTFxN;UJ&rAJx zP7G8uJ)dLxPOUy9@3@lG90qHa?o;E|IJ!nf>H5uqW)i=Fev2bZue`z7Nu)$f>u`IS zYdVTozgvDEbhq3r=w^5V1cTH^6(ZZYjUPl}He5c?O8caV>;G6_s6MBG)5p*vcY9W^ zY7*D2S7YnYe`BtsH}|=VuLOsATUUk`FI^$|IgZ@&!1PA+XAxuIBr(N_xo|A7hED& z(~JH)VRKe1=s0J7hBlpo#sD*_!F@RWG(zS6l87xv_6WMo05&&@N$kGa`35@Y(FI*& zwFL#E*4Lu^a0yU}Fb{xci7^)xODSN z#hK6T#1SHl+2*M`78uc7>pvSF$c8guHhH2J;3?C#$MkBT0fpR)X547ZvVu2gTqwe)&a9E>mw)0Wbm=`#|$aW9gv#m@g z$hvKA@V1&&&}HoELv<%F!TdP4GFjGQppGI%#67`W1X^#&s%Kg9tqjsi`nFcMhCx^a zXKN6R3*C`OL}@Z@`5akcUL%hgRWO`iThT9SvB0gb^OzTN(3J(AW5gkHN8%am0D5%S zOArg(okYReumFV|>Y5ZShzHtYJBIBRsT^`9yz8=?Lv@boNbyHf4GeE;8+*E#4wZ|zW*7OpVqpf0G z^+!Oa0k(^z%>1*{f^wa9j^imP93S};1*F5KK3^h^C59Kcu8X^~;B<&>>)m9a9ExzW z&Le3LKZwLoQ~2NsyYoTrNWNEdgbVgaF{YYba2PIi)X+j5jOdh9xnVl5FzRt#aQ)Jf zWG1tV)681w&rrx4;~bF?e9%Rc5_rAhV$Y*#QztCoY$|?U_OhI^>*WX|?I^*#_a|-c z?l~PEuqEz6`C@ld#V6^<(~N4dK7_C4UF0Xn4Rh=h?H{w|!HMA(2Oq-(!z3!=vf7|- zvUc{bKdO5=_6pn*uc?RvWgaof)m(3FH1vC1J4IK3f$%B!io$HE;%6h$T9K!T*G7w@ z-Dx`Pn964=R$5YpiHtIH#j;Y@ySCv>(B^IEZ&SOcJ1B1WZl)D_QEA31f1R%8-o)YD zu6$Eed_bV_g=Kh?U^x2C^ateZsNwjUyb+rEDpJ1oxxn(Yg{)mzu~v27D0ljz$e2Vb zETh+mY<0mwLmT96Lg$a4PNk9@g**tKmBxasQ_i-R@nXw$c+jcW@=E^m*oP6)hs~W7 z!}OyBY-We0m@ViHIiGLZWVrbe~3ERRBHwVWVR*C0nA^rK;EmeJ&^Hh-TEb+~A!~ zjG^47^qM7<>ohQnb1p_Io$6#LpDQsKC&GupA#K|zu zAHrUAh=#nQgproHME3ci%TvTNHI26k6#Q9(C4~kp121*sp2Y0%_zAnESHBz!zS0Pkok7)M@<} z=EO%%nNr_D07zO7c{;;{5mvv0Y3zk8(OF;tZz>e~FO}0vO=x@@EU@_=dNj^tTn@e` zcM`o#0;WZN#y$J0U*3yY6K2|@sKNqYK|f;F>6QO1#inw^J89@CLT^h z>)>avzl=en1Ri=Ni?zE7xOJh6)B#y+$Wb9>HlqrN00l{f&ys zd^{}Bx`{5r0>jx6x%rn@g-%pPqBIMBz}zxD&;vS1L>Vw`6$=<0?<2tw2e@Gy2B8PC5X>w7@0h+?XlK2PlNNWxOn`yq zkG!1Qc{-%9@~5vqzD|g(S*1p)c1ts_fgFFh4mqmq5VhfUun!U%nQVrX*ct6^(;LB& zb8cX_rO=bxR`Iz;WR@YThRl`75}m6YrPfygYU6XezMim_{JuM?5fZmW6m&9DFtfXD zrn3@C3NquOkTypa%Ci=shbsspD#Y{gz(%X~p8H^^*Tww#=6C5oSYsi@fu zck3kx@zlxLfxCOxEN#rQB=8|r;38DFIl1C%x<5wdki}v>3(61L5hZ)ekijF5Hl|H! zfo7G3HOO_j#OY9VT5m6X?o?Q|v?$!-iEZSFVu0U`jK<0l&PUanS*d*KG8porjLHAVH!R9HGWR4X&GnHqP0oEo@Vr))&U zybrRj^$BHGgSGQ6*zl#|421OVsZD;~8xIw*rzSss%+*(_=)=-*Oy%%BEYN;Qj_QMR zIhm?+E!4-rr&&La_~h|yX~NSqYL*cG zm+BeHdNkh-n=FxO=T4M!uM$`I(c>)TU4Z!HN&?hVJrRw>WjkV?8Fw$Bj&j)48X&8w z?aXvT3xVnvs>A6nxLOYvZ*)E~8AwwSJ5WeqU)!LS->#v&$?CYm+hBV&m-guWRAFs# za78)OH4#+oR{Ba5;YezK#2CLj-x#x;1jL<%^mQ-7ncmJl^B}j1Me2b={nM!}^V|SQ zQKkm}#_gc4tMYlZ@44@?iLS=MN?xQ5uW;Bh>(Z&)B-{*Q_-c2hRO*?s18-CQ!!j){ zdv+nm5}x7IQ??No%px?Zih0vSq{%R%B7OP5BhF5NHKP;@DDFhxaH)S|{L-sFZq6jo zIm0HJWh=vN9X~5}%v!x(xY_;qgVdxSW3L_yeT;rRD1RRFFLu&Eo0q{@-C!$JtUecc zwwC8t@LRs}e+ozjVoLieoprxu)c(w>{RgG`#epvti1x%xKo2531%H*fvrW*d*7;+^ zvWOl=jvTtaiM}Zp*eye`E4Q9>7WMnZIWhb-O1K5tbVAl61>AK8Q31S={SD}eq9_bB zy;UJG?F>8yUwfD%#W^U{pQXu|H9zHV>ROEHE>DlO|trfM1hU%K*m-bZe^Q1oFA$Kq#Dm7zV zo?JTdUi4p2u!cA)Rth)1{{E#H_|T-rtFINu2^H3J0zlnRBHSXU&^+3@6wbS*)NHEn3Z zH&!rn;kTtdGc&j|5mOPSA7El}*_ZqK8n(IW3uH6O?7yf5R!e_CDLFW)J(UXWM$X|H zgBUx=iAy)~20ytO%{a#=gi@px(N|3wWV0w%*_~(&qHY^q#sa;Q=wqhYC*@TUj^!|m zYabQxg6IRfyWcZ!lONPndis@nM#q?)7SdcW-jlR?3qqXP(~~Ejph^KltH0DN9NaH2 z+AsW=JC-tW*DHHD=CVlLA!%vamyd8Y-?Sl(n{R3PRyLSm_4=1)zjk6ihrGKWjutvR zg{TIvw(bhq9J`u`;yI%%MQv@;o!s-Dhaye`cdlwLFYB|NB|z?MMKN4&$ZO=uChOO# z@=!+4%v84ywS;>Q(fmDOo}<}G0kP3(G#xA=Q))e z%?|a;Paqiqm~#pT6bUWO4f+&jBG&@1Sm0cnv$K+Mb`&Greb@zsVxg!97MlN%jjEiH6{;MQ7s;XJ&k)+Skk)IVnHo^kS>4;;tbbDmN)}dv`+Y708K#l4BU$1x8^%X+*$Nknqe=^S=@F)( z$EqWD?Z~y0pmm@7Axq2_$HGTypda`~1N26N(&r|p6{9aVC3GA9bPoS^Qx3&>=`qGv zC@~!BN8fzQeVt;-Xe&cd<%Dp=TM0vcwzD?h|NG_!&yicZnq4oIMyp-#dL z^w!k>j($;`!EeoeNf%grp17eYN%DCbc}zEr1?rsyz~GZ5^g*oDA5#LpKH9QH!F5T{ zZ*##YmF3`o^M+X>UX4m?`6PMuL2@qZp}h zKjfUf9A*Lw^q9J}gV?fw_sH*L{QRVldx8Z*G$yy0(1e;Rh#Y7$r|l65<}Ft~F6K}X zrMN2>5f5!HA_JB6A{e_X`UIML`?$wBXUD{ej^Fc^FY2R6DQ4r;-mFvE=GixVH?+g9 z_L!X``_8S2p&zEJkvhg9HZarELK52*k{j8Yt)Tl@gwPvnS{#vg*e3HOIsABF3;i~y z=4pIjrtmquv-l%s<0)_F;S(qkiApPT%=`9+ozA&aEKrMy3V93;L-k?}W9IcB0UHzzWmZib1ju2lVA~;@;I_(DYfw2%N15y1;-`bWs|#>tQbjjI|zh zpRM$du;bD_=@%H@QydyN8IU!n=lt+7%q7k~QTG_VZo{nJiI;`QWWP(X*Dm8|g+F)c zQlH|jmv=P%EkEYmghyxO@?05~OLq&#bTIAPwY8MQ>W2Ncv;Jg~vrO{ynzKJ*cep68 z`_|QNG>#qVtyQ0IKec+F=nbSI=qBKRn0)#ZXC8E;*-uS%&^Qe~etH#ZOdMCw7dUNiu^ zo#z!;HhCNs$Sq4H+HNAu%4#B?GLUA_5i)S{NISu1;Z^Dk5hhnpT=~_uLWaec<@w~W z`Jfigg8P&dg*eB060?%uHgzxMj2Mhh%1H3uw{`HNG`lQ6ipdEL6Tj@66t+RQ7rmZV zqqqN!vf1QmS6pD+mt)!UcP=n>Bt3NPvzAMW#*gUl*(fcIF^+pK(&~7mE@S2_0jHOnk{ zA*4Ez7H#g7DlzQQF1$Cd#hYAMl^_>PXOZI8!Jy9f5G`jJrCA)@q#ibLwc!c}K3pOL zGEkE5%%vnN{$6Ws6q+J;EutIgL2+(zzEhNDk->^zuM)QVB*xQ~Pj=d_{)#d=?%??eEo}e z{c=H+Dv2pW3NezL9IlXkM_|4*K>b6W(;R6V!f62J;Zf+ywIT+$@8wG*FO=p}Br0~e zPMnjDFTcSh-^5r~hlXOx%ig3&6Y)h8}K#&hv$+_sAuFR}i_rL?6igia^He_?MeZXP$1ZTkQJ! zGC?Jxrn+Xd^hMxahonWx?jq`@AsAcv+&+m$2|(-2W_V7Be`59D<*qq0Np~Ab{c`W@ z!wz>U_80`C)rhL_HEC`s0~EW5XTBD^)Cm)8ZGNOJmfBX3kku*2OcW!mTAS~s5XS0N z>*^Wwy({Lx3QA%@S-MQD>s+8gO_!_%iKdvI_-QEhJ_L7j1jc!ffecUmmmmhF5d>R* zk8g0UQ{YO#XChylq$yf>np}B1#?O@;NbDn;CwC?ay2ld;*&zX&t>z>)YbPxIEj>%$ zJ?b<_<^DKmtu1(`C0*~zDfHc?$yb~uVIpW0$#ADA zwe0&b^xMvI*Lia>iOP*4{I_@DPw>h-=V&WmRQ*hncM!TOpmB@|e7_IE;C`Bafq}lG*ng>UW$Zeu9Pff=(l-$7 zoON=qOh+A$K&SMe+m+n^A2#i*R@$oT=#`J$lnqm3;nYDyl-V%p?wp)(ZVM__5e3*5 z>9WO>$yKdC0uM;cw&vfdIa15f9jX2@Hab=qcx*pMcHG}+P~YA8^GKf(7v`(>@nDzp z?&jOjr0vpAVL>@j52+c)2D>!U%e$S6+w*UrOWW4i`BblldaU7i>qu1qQul`#)x}S5bZ*sc7pqAX^R@GcS$Yx)D%p zo}hDXM@!v~Bu~nyBlUT4d4ii$^IF)v4I!!igYszL;<>Op7nq0Q_A?J!lbNo!scF9y znDug;ik%UzGfiJ z&s6aUpo-?RHXU*C;SD4{_|_n8k%118l}W7*doYTK=r7|yfj@WGN85-Q22(FsK|KT= z1W$FHsaSZ595C^VUAlq3z0Z+nGiEju9;xsDj0Dd!#?s2MzMJs6Kf4LBgdZMa<8-u8 zL6n-o)BXwMtb6~9ug~*5wo1Bf-NaciI@!&;llV@fcRavqII!86nP)J`KEn2~oJkj<7xLfD`^TS0j;tFp zj0&49G}^z3Nq|*4Mu=uMIcM?Z%2F&p43csCAut%;{V8z^4(%PpfcYw`plwcgh?a!T zK`=Ge-G=E00}zb2HxUXBYCH`-@CR_PK)4Eclk^HE?>We|ZO-8}ICRU#Da zF`5it&w-*)D5_(ElcX?cCma<6MTLGi(=XHCUNpS%`06(oLYew5C}d-8k1p~xI2plZYE*@mS@m9 zNi3jZbW8#&4>=U`)G>e7}1*X~jNCyk`zdBoTzfaa1wCWG=$B8gX5R82N*|EdV5VdLp zgOnCvf!*CLqdBG(e+4Wc1=#_aa7UKy%-HwN5~b&)hAsg`OJX7z2)_2`iv0Io5#296 zU%%V+xKBLSwh@{wKRn2#<>IW!<11zm?N~nM*%7-l#{Y5JO16ep>!Y(ujLNPH=%82k zE(QIkWXN`6*pEmaZ8EKG_I4ka9`fpffVboXW4-$K z=T2Dz5y|usmarw@Ja8To<{&Z!ab?>$zAo^zkIXp4K2pf|0gCIK> zLco=p2#EK#ws!(9Jz0$_AdLjnQHnJvIXS zk&Es&1R?8-Od$8|qEkRvVEJe2;8qd}lwFV!6*LBPw1T?#L2td~`zaKBS>n>J7*{W3 z`uB5|2pWuqv|9TI&X|dMu79P=N?b7ocPB<|2D`W6))K0x6(HEwC aun$V}8nT&x=9rxOCyvX1)b}LV;r|77aEcoM literal 0 HcmV?d00001 diff --git a/UMS/platform/README-ROKS.md b/UMS/platform/README-ROKS.md deleted file mode 100644 index f574496c..00000000 --- a/UMS/platform/README-ROKS.md +++ /dev/null @@ -1,244 +0,0 @@ -# Install User Management Service 19.0.2 on Red Hat OpenShift on IBM Cloud - -User Management Service can be installed on Red Hat OpenShift cluster on IBM Cloud. -This documentation provides a step-by-step instruction on how to install UMS on Red Hat OpenShift cluster on IBM Cloud for test purposes. The documentation therefore does not include steps to setup a production-ready database, create image policy or configure persistent volume. - -## Prepare your environment - -Refer to [Red Hat OpenShift on IBM Cloud](https://cloud.ibm.com/docs/openshift?topic=openshift-openshift-create-cluster#openshift_create_cluster_console) documentation to install IBM Cloud and OpenShift CLIs and to create an OpenShift cluster in IBM Cloud. - -Log in to IBM Cloud by running the command -``` -ibmcloud login --sso -``` - -Login to IBM Cloud Container Registry by running the command -``` -ibmcloud cr login -``` - -## Prerequisites - -### Create a database -This is optional. As this is the instruction for a test deployment of UMS, UMS will use the built-in derby database. - -### Create namespace and switch to use it - -1. In a browser, navigate to https://cloud.ibm.com/kubernetes/clusters. Login with your IBM Cloud ID. -2. For your Red Hat OpenShift cluster select `...` and click `OpenShift Web Console`. -3. In the OpenShift Web Console click on your user ID (top right) and click Copy Login Command. -4. Paste the login command into a shell -``` -oc login --token= -``` -5. Create and switch to the namespace you created by using the command -``` -oc new-project cp4a-ums -``` -You see the message "Now using project cp4a-ums on server ". - -### Create image policy -This is optional. As this is the instruction for a test deployment of UMS, creating image policies is not covered. - -### Create a docker pull secret -1. In the IBM Cloud Console, select Manage / Access (IAM) (upper right corner) -2. In the menu on the left site click on `Service IDs`, then click `Create` - enter a name e.g. `ums-serviceid` and description. -3. Select API keys (right tab) and click Create - enter name ums-apikey and description ums-eval-api-key -4. Download the API key as a json file. -5. Create a docker pull secret in your OpenShift cluster: -``` -oc create secret docker-registry ums-secret --docker-server=us.icr.io --docker-username=iamapikey --docker-password= -``` - -**Note** this secret will be passed to the chart via the `imagePullSecrets` property. - -### Generate TLS secret -To ensure the internal communication is secure, a TLS secret must be provided. -The secret can be generated by running the following command: -```bash -openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -``` - -This command generates two files: tls.crt and tls.key. They are used to generate the TLS secret: -```bash -kubectl create secret tls ibm-dba-ums-tls --key=tls.key --cert=tls.crt -``` - -**Note**: The secret will be passed to the chart via the `tls.tlsSecretName` property. - - -### Generate UMS secret, DB secrets and LTPA generation secret -To avoid passing sensitive information via `myvalues.yaml`, three secrets need to be generated before installing the chart. -1. Edit [ums-secret.yaml](../configuration/ums-secret.yaml) -2. For ibm-dba-ums-secret specify adminUser, adminPassword, sslKeystorePassword, jwtKeystorePassword, teamserverClientID, teamserverClientSecret and ltpaPassword -3. For ibm-dba-ums-db-secret specify oauthDBUser/outhDBPassword and tsDBUser/tsDBPassword. -4. For ibm-dba-ums-ltpa-creation-secret do nothing. Configuration will be performed during LTPA creation. -5. Save ums-secret.yaml -6. In a shell run this command to create the required secrets. -``` -kubectl create -f ums-secret.yaml --namespace cp4a-ums -``` - -**Note**: Secret names need to be passed to the chart via the global.ums.adminSecretName, global.ums.dbSecretName and global.ums.ltpaSecretName properties. - -### Install IBM Cloud Pak SecurityContextConstraints resources to your cluster -Install IBM Cloud Pak SecurityContextConstraints resources to your cluster. Refer to '[`ibm-restricted-scc`](https://ibm.biz/cpkspec-scc)'. - -### Persistent Volume -This is optional. As this is the instruction for a test deployment of UMS, Persistent Volume configuration is not covered. - -## Install the chart - -### Download PPA and load images to the content registry -1. Follow instructions to download User Management Service images and loadimages.sh file in [Download PPA and load images](/~https://github.com/icp4a/cert-kubernetes/blob/master/README.md#step-2-download-a-product-package-from-ppa-and-load-the-images) -2. Load images to the IBM Cloud container repository -``` -loadimages.sh -p K8S_UMS*.tgz -r us.icr.io/cp4a-ums -``` - -When finished, you see a message similar to: -``` -Docker images push to us.icr.io/cp4a-ums completed, and check the following images in the Docker registry: - - us.icr.io/cp4a-ums/ums:19.0.2 - - us.icr.io/cp4a-ums/dba-keytool-initcontainer:19.0.2 - - us.icr.io/cp4a-ums/dba-keytool-jobcontainer:19.0.2 -``` -Those image names must match the images section in `myvalues.yaml`. - -### Download helm chart and customize values.yaml -1. Download the helm chart [ibm-dba-ums-prod-1.0.0.tgz](../helm-charts/ibm-dba-ums-prod-1.0.0.tgz) -2. In a shell extract the downloaded package -```bash -tar -xvf ibm-dba-ums-prod-1.0.0.tgz -``` -3. Review `values.yaml` and override defaults where necessary to meet your environment and configuration. -Review README.md inside the helm chart for more details on the individual settings. -Make sure to set the global.isOpenShift parameter to true. This ensures required configuration for the pod's container security context. -Save the new configuration as `myvalues.yaml`. - -*Note:* Minimal changes to `myvalues.yaml` include specifying serviceType, imagePullSecrets, adminSecretName, dbSecretName, ltpaSecretName, images location, tlsSecretName, -database type (if using derby, name, host and port are ignored). Hostname is not needed, it will be configured when the route is defined in the OpenShift environment. -See sample below: - -```yaml -# shared values across components -global: - # PersistenceVolumeClaim name with JDBC drivers - existingClaimName: - # Secret with Docker credentials - imagePullSecrets: ums-secret - # Set to false if you are not using Openshift - isOpenShift: true - # UMS-specific global values - ums: - serviceType: Ingress - # hostname: c1-e.us-east.containers.cloud.ibm.com - port: 443 - # Secret with admin credentials - adminSecretName: ibm-dba-ums-secret - # Secret with DB connection credentials - dbSecretName: ibm-dba-ums-db-secret - #Secret to be filled from the LTPA creation job - ltpaSecretName: ibm-dba-ums-ltpa-creation-secret - -# UMS Docker images -images: - ums: us.icr.io/cp4a-ums/ums:19.0.2 - initTLS: us.icr.io/cp4a-ums/dba-keytool-initcontainer:19.0.2 - ltpa: us.icr.io/cp4a-ums/dba-keytool-jobcontainer:19.0.2 - -# Secret with an Ingress certificate -ingressSecretName: - -# UMS certificate secret -tls: - tlsSecretName: ibm-dba-ums-tls - -# Toggle for custom JDBC drivers -useCustomJDBCDrivers: false - -# UMS OAuth config -oauth: - database: - type: derby - # name: - # host: - # port: - driverfiles: - clientManagerGroup: - jwtSecretName: ibm-dba-ums-tls - -# UMS Team Server database config -teamserver: - database: - type: derby - # name: - # host: - # port: - driverfiles: -``` - -### Generate and customize deployment yamls -1. Generate the output folder -``` -mkdir yamls -``` -2. Generate deployment yamls to the created folder -``` -helm template --name cp4a-ums --namespace cp4a-ums --output-dir ./yamls -f myvalues.yaml ibm-dba-ums-prod-1.0.0.tgz -``` -3. Move to the yamls folder. Remove `ibm-dba-ums-prod/templates/test` folder. -4. Apply yaml definitions by running the command -``` -kubectl apply -R -f ./yamls -``` -Your output should look similar to: -``` -role.rbac.authorization.k8s.io/cp4a-ums-ibm-dba-ums-deployment created -rolebinding.rbac.authorization.k8s.io/cp4a-ums-ibm-dba-ums-deployment created -serviceaccount/cp4a-ums-ibm-dba-ums created -role.rbac.authorization.k8s.io/cp4a-ums-ibm-dba-ums-ltpa-creation-role created -rolebinding.rbac.authorization.k8s.io/cp4a-ums-ibm-dba-ums-ltpa-creation-role-binding created -serviceaccount/cp4a-ums-ibm-dba-ums-ltpa-creation-service-account created -networkpolicy.networking.k8s.io/ums-apiserver created -networkpolicy.networking.k8s.io/ums-database created -networkpolicy.networking.k8s.io/default-deny created -networkpolicy.networking.k8s.io/ums-dns created -networkpolicy.networking.k8s.io/ums-https created -networkpolicy.networking.k8s.io/ums-ldap created -networkpolicy.networking.k8s.io/ums-test-container-https created -configmap/cp4a-ums-ibm-dba-ums created -configmap/cp4a-ums-ibm-dba-ums-custom created -deployment.apps/cp4a-ums-ibm-dba-ums created -horizontalpodautoscaler.autoscaling/cp4a-ums-ibm-dba-ums created -job.batch/cp4a-ums-ibm-dba-ums-ltpa-creation-job-39987 created -poddisruptionbudget.policy/cp4a-ums-ibm-dba-ums created -service/cp4a-ums-ibm-dba-ums created -``` -### Create a route to expose User Management Service -1. In a browser login to IBM Cloud, select your cluster and open the OpenShift web console. Select your application (cp4a-ums in this example). -2. From the menu select Applications -> Routes. Click `Create Route`. -3. Provide a uniqu name for the route, e.g. `cp4a-ums-route`. -4. Leave the Hostname black, it will be generated. -6. As Path specify `/ums` -7. Select the service and the Target Port (9444 -> 9443 (TCP)) -8. Check the box `Secure route` -9. For TLS Termination select `Re-encrypt` -10. For Insecure Traffic specify `None` -11. As CA Certificate, provide the certificate you used to generate the TLS secret -12. Click `Create` to create the route. - -### Configure hostname in the Config Map -1. Copy the hostname that was generated for the route in the previous step. -2. In the OpenShift console of your application, select Ressources -> Config Maps. -3. Select the Config Map. -4. Click on Actions -> Edit YAML. -5. In section `ums.xml` for the variable name `ums.externalHostName` specify the value of the generated hostname. -6. Save the Config Map. - -## Verify UMS installation -From the Routes view click on the Hostname that was generated for the route. -UMS Login page opens in the browser. Log in as the administrative user you specified in ums-secret.yaml -or any user of a connected LDAP if you included an LDAP configuration in myvalues.yaml customXML. - -Congratulations, your UMS is now on ROKS. diff --git a/UMS/platform/README-icp.md b/UMS/platform/README-icp.md deleted file mode 100644 index d062eb14..00000000 --- a/UMS/platform/README-icp.md +++ /dev/null @@ -1,233 +0,0 @@ -# Install User Management Service 19.0.2 on IBM Cloud Private 3.1.2 - -User Management Service can be installed on IBM Cloud Private 3.1.2. This documentation provides a step-by-step instruction on how to install UMS on IBM Cloud Private for test purposes. The documentation therefore does not include steps to setup a production-ready database, create image policy or configure persistent volume. - -## Prepare your environment -In order to interact with your IBM Cloud Private 3.1.2 cluster, you need install and initialize command line interfaces. -1. Access your cluster at https://{MasterIP}:{consolePort}/console/tools/cli, e.g. https://1.2.3.4:8443/console/tools/cli -1. Download and install - * IBM Cloud Private CLI - * Kubernetes CLI - * Helm CLI -1. Initialize all CLIs by logging into your cluster: `cloudctl login -a https://{MasterIP}:{consolePort}`. Note that you can pass credentials and a namespace using parameters `-n` (for namespace), `-u` for username, and `-p` for password. However, it is recommended to avoid credentials in command line parameters as they might be exposed in command history. - -This guide assumes your ICP 3.1.2 cluster's master node can be addressed using `mycluster.icp`, that is, a /etc/hosts entry exists. - -## Prerequisites - -In order to install the User Management Service via helm, you need to create a file `myvalues.yaml` to override some defaults of `values.yaml`, such as your database specific settings. The following section explain the prerequisites and the corresponding settings in `myvalues.yaml`. - -### Create a database -User Management Service needs a database to work. - -The simplest test environment with a single replica can use a built-in derby database in the container. Data is not shared across multiple replicas and is lost upon restarting the pod. If these restrictions are acceptable for a simple demonstration environment, you can set `derby` as your database type in your `myvalues.yaml` -```yaml -oauth: - database: - type: derby -... -teamserver: - database: - type: derby -``` -For sharing data between replicas and keeping data when restarting, you must use a remote database, which can be installed in the same kubernetes cluster or "standalone". Follow the instructions of your database vendor, e.g. -* [IBM Db2 Developer-C](/~https://github.com/IBM/charts/tree/master/stable/ibm-db2oltp-dev) -* IBM Db2 Advanced Enterprise Edition Helm Chart - -If you install Db2 in the same kubernetes environment, you can access Db2 using a kubernetes service without exposing a port publicly. The database is available at service-name.namespace, see [Service discovery (kube-dns) -](https://www.ibm.com/support/knowledgecenter/en/SSBS6K_3.1.2/manage_network/service_discovery.html). -For example, if you installed Db2 in namespace `db2` and created a service `umsdb-ibm-db2oltp-dev-db2`, you can use `umsdb-ibm-db2oltp-dev-db2.db2` as hostname: - -```yaml -oauth: - database: - type: db2 - name: umsdb - host: umsdb-ibm-db2oltp-dev-db2.db2 - port: 50000 -``` - -### Create namespace and switch to use it -User Management Service should be installed into a dedicated namespace. Use the following command to create a namespace. - -```bash -kubectl create namespace cp4a-ums -cloudctl logout -cloudctl login -a https://mycluster.icp:8443 -n cp4a-ums -``` - -### Create image policy -This is optional. If you intend to load docker images for User Management Service into a remote docker registry and let your IBM Cloud Private cluster pull images, from this remote location, you need to create an image pull policy, see [imagepolicy.yaml](../configuration/imagepolicy.yaml) as a sample. - -### Create a docker pull secret -This is optional. If you intend to load docker images for User Management Service into a remote docker registry and let your IBM Cloud Private cluster pull images, from this remote location, you need to create image pull secrets for each of these registries: - -```bash -kubectl create secret docker-registry ums-pull-secret1 --docker-server=mycluster.icp:8500 --docker-username=dockeruser --docker-password=dockerpassword -``` - -The name of this secret can be passed to helm as a parameter in `myvalues.yaml` - -```yaml -global: - imagePullSecrets: - - ums-pull-secret1 - - base-image-artifactory -``` - -### Generate TLS secret -To ensure the internal communication is secure, a TLS secret must be provided. -The secret can be generated by running the following command: -```bash -openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -``` - -This command generates two files: tls.crt and tls.key. They are used to generate the TLS secret: -```bash -kubectl create secret tls ibm-dba-ums-tls --key=tls.key --cert=tls.crt -``` - -The name of this secret can be passed to helm as a parameter in `myvalues.yaml` - -```yaml -tls: - tlsSecretName: ibm-dba-ums-tls -``` - -### Generate UMS secret, DB secrets and LTPA generation secret -To avoid passing sensitive information via values.yaml, three secrets need to be created before installing the chart. -1. Edit [ums-secret.yaml](../configuration/ums-secret-yaml) -2. For ibm-dba-ums-secret specify adminUser, adminPassword, sslKeystorePassword, jwtKeystorePassword, teamserverClientID, teamserverClientSecret and ltpaPassword -3. For ibm-dba-ums-db-secret specify oauthDBUser/outhDBPassword and tsDBUser/tsDBPassword. -4. For ibm-dba-ums-ltpa-creation-secret do nothing. Configuration will be performed during LTPA creation. -5. Save ums-secret.yaml -6. In a shell run this command to create the required secrets. - -```bash -kubectl create -f ums-secret.yaml -``` - -**Note**: Secret names need to be passed to the chart via the global.ums.adminSecretName, global.ums.dbSecretName and global.ums.ltpaSecretName properties. - -### Persistent Volume -This is optional. As this is the instruction for a test deployment of UMS, Persistent Volume configuration is not covered. A persistent volume is only required in order to mount -* JDBC drivers for a database other than Db2. -* custom truststore for connecting to LDAP securely -* custom binaries required by your Liberty configuration (such as a .jar file for a Trust Association Interceptor). - -## Install the chart -### Download PPA and load images to the content registry -Follow instructions to download User Management Service images and loadimages.sh file in [Download PPA and load images](/~https://github.com/icp4a/cert-kubernetes/blob/master/README.md#step-2-download-a-product-package-from-ppa-and-load-the-images) - -Using sample values from this guide: - -```bash -git clone /~https://github.com/icp4a/cert-kubernetes.git -cd cert-kubernetes -docker login mycluster.icp:8500 -scripts/loadimages.sh -p ~/Downloads/.tgz -r mycluster.icp:8500/ums1902 -``` -When finished, you see a message similar to: - -``` -Docker images push to mycluster.icp:8500/ums1902 completed, and check the following images in the Docker registry: - - mycluster.icp:8500/ums1902/ums:19.0.2 - - mycluster.icp:8500/ums1902/dba-keytool-initcontainer:19.0.2 - - mycluster.icp:8500/ums1902/dba-keytool-jobcontainer:19.0.2 -``` -Those image names must match the images section in `myvalues.yaml`. - -### Download helm chart and customize values.yaml -1. Download the helm chart [ibm-dba-ums-prod-1.0.0.tgz](../helm-charts/ibm-dba-ums-prod-1.0.0.tgz) -2. In a shell extract the downloaded package -```bash -tar -xvf ibm-dba-ums-prod-1.0.0.tgz -``` -3. Review `values.yaml` and the `myvalues.yaml` file for your release to override defaults where necessary and to specify values for settings without defaults. Review `README.md` inside the helm chart for more details on the individual settings. Make sure to set the `global.ums.isOpenShift` parameter to `false`. This ensures required configuration for the pod's container security context. - -This is a sample `myvalues.yaml` file using sample values from this guide. - -```yaml -global: - isOpenShift: false - ums: - hostname: ums-hostname #replace with your own hostname - adminSecretName: ibm-dba-ums-secret - dbSecretName: ibm-dba-ums-db-secret - ltpaSecretName: ibm-dba-ums-ltpa-creation-secret - serviceType: Ingress - -# UMS Docker images -images: - ums: mycluster.icp:8500/ums1902/ums:19.0.2 - initTLS: mycluster.icp:8500/ums1902/dba-keytool-initcontainer:19.0.2 - ltpa: mycluster.icp:8500/ums1902/dba-keytool-jobcontainer:19.0.2 - -# UMS certificate secret -tls: - tlsSecretName: ibm-dba-ums-tls - -# UMS OAuth config -oauth: - database: # replace with your own db settings - type: db2 - name: umsdb - host: umsdb-ibm-db2oltp-dev-db2.db2 - port: 50000 - # for demonstration purposes, we reuse the container TLS certificate to sign JWT tokens, you can create and refer to a dedicated secret here - jwtSecretName: ibm-dba-ums-tls - -# UMS Team Server database config -teamserver: - database: # replace with your own db settings - type: db2 - name: umsdb - host: umsdb-ibm-db2oltp-dev-db2.db2 - port: 50000 -``` - -### Use helm to install -After having created all prerequisites and customized `myvalues.yaml`, you can run - -```bash -helm install --tls -n cp4a-ums -f myvalues.yaml ibm-dba-ums-prod-1.0.0.tgz -``` - -The command returns within seconds, summarizing the resources that were created in the cluster. - -## Verify UMS installation -After the IBM Cloud Private 3.1.2 cluster completes the creation of resources and starting of pods, you can access User Management Service for basic function testing. - -Use the following command to observe the current installation and pod starting status: `kubectl get pods` - -During installation / startup, the status shows 0 ready pods. -```bash -kubectl get pods -NAME READY STATUS RESTARTS AGE -cp4a-ums-ibm-dba-ums-76d48486f5-4g9l6 0/1 Running 0 45s -cp4a-ums-ibm-dba-ums-76d48486f5-wlfjv 0/1 Running 0 45s -cp4a-ums-ibm-dba-ums-ltpa-creation-job-32881-czhqr 0/1 Completed 0 45s -``` - -Once the pods respond to readiness probes, the status will be updated: -```bash -kubectl get pods -NAME READY STATUS RESTARTS AGE -cp4a-ums-ibm-dba-ums-8f9cc7c54-46mjw 1/1 Running 0 33m -cp4a-ums-ibm-dba-ums-8f9cc7c54-ml8bz 1/1 Running 0 33m -cp4a-ums-ibm-dba-ums-ltpa-creation-job-32881-czhqr 0/1 Completed 0 33m -``` - -Note that the -ibm-dba-ums-ltpa-creation-job-- pod is expected in completed state. - -You can view the configured ingress for accepting inbound HTTP traffic: -```bash -kubectl get ingress - -NAME HOSTS ADDRESS PORTS AGE -ums1902-ibm-dba-ums adenoma1.fyre.ibm.com 9.30.205.41 80, 443 2m33s -``` - -Use the host of this ingress to access https:///ums to view the login page. Log in as the administrative user you specified in `ums-secret.yaml` or any user of a connected LDAP if you included an LDAP configuration in `myvalues.yaml` customXML. - -Congratulations, your UMS is now on IBM Cloud Private 3.1.2. diff --git a/UMS/platform/README-minikube.md b/UMS/platform/README-minikube.md deleted file mode 100644 index 5b9e7fad..00000000 --- a/UMS/platform/README-minikube.md +++ /dev/null @@ -1,325 +0,0 @@ -# Install User Management Service 19.0.2 on Minikube - -User Management Service can be installed on Minikube. This documentation provides a step-by-step instruction on how to install UMS on Minikube for test purposes. The documentation therefore does not include steps to setup a production-ready database, create image policy or configure persistent volume. - - -## Step 1: Install Minikube and Tiller - -1. Refer to the Kubernetes [documentation](https://kubernetes.io/docs/setup/minikube/#installation) to install Minikube and kubectl. - -2. Start Minikube. - - ```bash - minikube start - ``` - - This starts Minikube with the default memory of 2048 MB and 2 cpus. - This is sufficient for a test install of User Management Service. - - > **Note**: If more cpus or memory are required, stop and delete it before restarting it with different parameters. - ```bash - minikube stop - minikube delete - minikube start --cpus 6 --memory 4096 - ``` - -3. Verify your installation. - - ```bash - kubectl get nodes - ``` - -4. Install [Helm 2.14.3](/~https://github.com/helm/helm/releases/tag/v2.14.3). - -5. Install Tiller in the Minikube cluster. - - ```bash - helm init - ``` - -## Step 2: Download PPA and load images to the local content registry - -1. Follow instructions to download User Management Service images and loadimages.sh file in [Download PPA and load images](/~https://github.com/icp4a/cert-kubernetes/blob/master/README.md#step-2-download-a-product-package-from-ppa-and-load-the-images) - - > **Note**: **DO NOT** run the loadimages.sh script at this point. - -2. Configure your bash shell to use the Minikube built-in [Docker daemon](https://kubernetes.io/docs/setup/minikube/#use-local-images-by-re-using-the-docker-daemon). - - ```bash - eval $(minikube docker-env) - ``` - - > **Note**: If you are not using the bash shell, execute ```minikube docker-env``` and see what environment variables this would set. Translate it to the corresponding command in your shell. - -3. Use the following command to load the images in the Minikube local repository. - - ```bash - git clone /~https://github.com/icp4a/cert-kubernetes.git - cd cert-kubernetes - scripts/loadimages.sh -l -p .tgz -r ibmcom - ``` - - On success, the command prints a message such as: - ```console - Docker images load to ibmcom completed, and check the following images in the Docker registry: - - ibmcom/ums:19.0.2 - - ibmcom/dba-keytool-initcontainer:19.0.2 - - ibmcom/dba-keytool-jobcontainer:19.0.2 - ``` - - Remember these values since we need them later. - - -## Step 3: Download helm chart -1. Download the helm chart [ibm-dba-ums-prod-1.0.0.tgz](../helm-charts/ibm-dba-ums-prod-1.0.0.tgz) -2. In a shell extract the downloaded package - - ```bash - tar -xvf ibm-dba-ums-prod-1.0.0.tgz - ``` - - You find the main settings in the file `ibm-dba-ums-prod/values.yaml`. - -## Step 4: Prerequisites and prepare myvalues.yaml - -In order to install the User Management Service via helm, you need to create a file `myvalues.yaml` to override some defaults of `values.yaml`, such as your database specific settings. The following section explain the prerequisites and the corresponding settings in `myvalues.yaml`. - -### Set the global settings and fill the image location - -The `myvalues.yaml` requires some global settings: -The flag isOpenShift must be false, and the serviceType must be NodePort. -By default, Minikube accepts ports in the range 30000-32767. -The hostname should be choosen as the name that will be used to access the User Management Service. - -```yaml -global: - isOpenShift: false - ums: - serviceType: NodePort - hostname: ums-hostname # replace with your host name - port: 30000 -``` - -The `loadimages.sh` script has emitted the location of the images. -These need to be entered in `myvalues.yaml` as follows: -```yaml -images: - ums: ibmcom/ums:19.0.2 - initTLS: ibmcom/dba-keytool-initcontainer:19.0.2 - ltpa: ibmcom/dba-keytool-jobcontainer:19.0.2 -``` - - -### Create a database -User Management Service needs a database to work. - -The simplest test environment with a single replica can use a built-in derby database in the container. Data is not shared across multiple replicas and is lost upon restarting the pod. If these restrictions are acceptable for a simple demonstration environment, you can set `derby` as your database type in your `myvalues.yaml` -```yaml -oauth: - database: - type: derby -... -teamserver: - database: - type: derby -``` -For sharing data between replicas and keeping data when restarting, you must use a remote database, which can be installed in the same kubernetes cluster or "standalone". Follow the instructions of your database vendor, e.g. -* [IBM Db2 Developer-C](/~https://github.com/IBM/charts/tree/master/stable/ibm-db2oltp-dev) -* IBM Db2 Advanced Enterprise Edition Helm Chart - -If you install Db2 in the same kubernetes environment, you can access Db2 using a kubernetes service without exposing a port publicly. The database is available at service-name.namespace, see [Service discovery (kube-dns) -](https://www.ibm.com/support/knowledgecenter/en/SSBS6K_3.1.2/manage_network/service_discovery.html). -For example, if you installed Db2 in namespace `db2` and created a service `umsdb-ibm-db2oltp-dev-db2`, you can use `umsdb-ibm-db2oltp-dev-db2.db2` as hostname: - -```yaml -oauth: - database: - type: db2 - name: umsdb - host: umsdb-ibm-db2oltp-dev-db2.db2 - port: 50000 -``` - -### Create namespace -User Management Service should be installed into a dedicated namespace. Use the following command to create a namespace. - -```bash -kubectl create namespace minikube-ums -``` -Verify the name space: -```bash -kubectl get namespaces -``` -This should show all namespaces, including the namespace minikube-ums. -All following kubectl commands need the option `--namespace=minikube-ums`. - -### Generate TLS secret -To ensure the internal communication is secure, a TLS secret must be provided. -The secret can be generated by running the following command: -```bash -openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -``` -This command queries for some additional information. Ensure that the Common Name is exactly the hostname (e.g. `ums-hostname`) choosen above. -The command generates two files: tls.crt and tls.key. They are used to generate the TLS secret: -```bash -kubectl create secret tls ibm-dba-ums-tls --key=tls.key --cert=tls.crt --namespace=minikube-ums -``` - -The name of this secret can be passed to helm as a parameter in `myvalues.yaml` - -```yaml -tls: - tlsSecretName: ibm-dba-ums-tls -``` - -We can also reuse the same secret as OAuth JWT secret in `myvalues.yaml` - -```yaml -oauth: - ... - jwtSecretName: ibm-dba-ums-tls -``` - -### Generate UMS secret, DB secrets and LTPA generation secret - -To avoid passing sensitive information via `myvalues.yaml`, three secrets need to be created before installing the chart. For these secrets, we use the separate file `ums-secret.yaml`. -1. Edit [ums-secret.yaml](../configuration/ums-secret.yaml) -2. For ibm-dba-ums-secret specify adminUser, adminPassword, sslKeystorePassword, jwtKeystorePassword, teamserverClientID, teamserverClientSecret and ltpaPassword -3. For ibm-dba-ums-db-secret specify oauthDBUser/outhDBPassword and tsDBUser/tsDBPassword. -4. For ibm-dba-ums-ltpa-creation-secret do nothing. Configuration will be performed during LTPA creation. -5. Save `ums-secret.yaml` -6. In a shell run this command to create the required secrets. - -```bash -kubectl create -f ums-secret.yaml --namespace=minikube-ums -``` - -Secret names need to be passed to the chart via the global.ums.adminSecretName, global.ums.dbSecretName and global.ums.ltpaSecretName properties. The file `myvalues.yaml` should now contain: - -```yaml -global: - isOpenShift: false - ums: - ... - adminSecretName: ibm-dba-ums-secret - dbSecretName: ibm-dba-ums-db-secret - ltpaSecretName: ibm-dba-ums-ltpa-creation-secret -``` - -### Persistent Volume -This is optional. As this is the instruction for a test deployment of UMS, Persistent Volume configuration is not covered. A persistent volume is only required in order to mount -* JDBC drivers for a database other than Db2. -* custom truststore for connecting to LDAP securely -* custom binaries required by your Liberty configuration (such as a .jar file for a Trust Association Interceptor). - -### Example myvalues.yaml - -Review `values.yaml` and the `myvalues.yaml` file for your release to override defaults where necessary and to specify values for settings without defaults. Review `README.md` inside the helm chart for more details on the individual settings. - -Here is an example `myvalues.yaml` for a DB2 database: - -```yaml -global: - isOpenShift: false - ums: - serviceType: NodePort - hostname: ums-hostname # replace with your hostname - port: 30000 - adminSecretName: ibm-dba-ums-secret # defined in ums-secret.yaml - dbSecretName: ibm-dba-ums-db-secret # defined in ums-secret.yaml - ltpaSecretName: ibm-dba-ums-ltpa-creation-secret # defined in ums-secret.yaml - -# UMS Docker images -images: - ums: ibmcom/ums:19.0.2 - initTLS: ibmcom/dba-keytool-initcontainer:19.0.2 - ltpa: ibmcom/dba-keytool-jobcontainer:19.0.2 - -# UMS certificate secret -tls: - tlsSecretName: ibm-dba-ums-tls - -# UMS OAuth config -oauth: - database: # replace with your own db settings - type: db2 - name: umsdb - host: umsdb-ibm-db2oltp-dev-db2.db2 - port: 50000 - jwtSecretName: ibm-dba-ums-tls - -# UMS Team Server database config -teamserver: - database: # replace with your own db settings - type: db2 - name: umsdb - host: umsdb-ibm-db2oltp-dev-db2.db2 - port: 50000 -``` - - -## Step 5: Install the chart - -After having created all prerequisites and customized `myvalues.yaml`, you can run - -```bash -helm install --namespace minikube-ums --name ums-default -f myvalues.yaml ibm-dba-ums-prod-1.0.0.tgz --debug -``` - -This installs the User Management Service under the release name ums-default, which is the prefix of the pods that will be created. -The command returns within seconds, summarizing the resources that were created in the cluster. - -If the install fails, delete the release ums-default first before trying to install it again: -```bash -helm del --purge ums-default -helm install --namespace minikube-ums --name ums-default -f myvalues.yaml ibm-dba-ums-prod-1.0.0.tgz --debug -``` - -## Step 6: Verify UMS installation - -After the Minikube cluster completes the creation of resources and starting of pods, you can access User Management Service for basic function testing. - -Use the following command to observe the current installation and pod starting status: -```bash -kubectl get pods --namespace minikube-ums -``` - -During installation / startup, the status shows 0 ready pods. -```bash -kubectl get pods --namespace minikube-ums - -NAME READY STATUS RESTARTS AGE -ums-default-ibm-dba-ums-76d48486f5-4g9l6 0/1 Running 0 45s -ums-default-ibm-dba-ums-76d48486f5-wlfjv 0/1 Running 0 45s -ums-default-ibm-dba-ums-ltpa-creation-job-32881-czhqr 0/1 Completed 0 45s -``` - -Once the pods respond to readiness probes, the status will be updated: -```bash -kubectl get pods --namespace minikube-ums - -NAME READY STATUS RESTARTS AGE -ums-default-ibm-dba-ums-8f9cc7c54-46mjw 1/1 Running 0 33m -ums-default-ibm-dba-ums-8f9cc7c54-ml8bz 1/1 Running 0 33m -ums-default-ibm-dba-ums-ltpa-creation-job-32881-czhqr 0/1 Completed 0 33m -``` - -> **Note:** The -ibm-dba-ums-ltpa-creation-job-- pod is expected in completed state. - -To see details of a pod, use the command: -```bash -kubectl describe pod ums-default-ibm-dba-ums-8f9cc7c54-46mjw --namespace minikube-ums -``` - -To see the services provided by the Minikube cluster: -```bash -kubectl get services --namespace minikube-ums - -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -ums-default-ibm-dba-ums NodePort 10.107.19.17 9443:30000/TCP 13m -``` - -To access the User Management Service from outside, see the DOCKER_HOST environment variable that was emitted by `minikube dockerenv`. For instance, if the DOCKER_HOST is an IP address 192.168.99.100, combine it with the Minikube port that was specified, to access https://192.168.99.100:30000/ums to view the login page. Log in as the administrative user you specified in ums-secret.yaml or any user of a connected LDAP if you included an LDAP configuration in myvalues.yaml customXML. - -Congratulations, your UMS is now on Minikube. - diff --git a/UMS/platform/README-openshift.md b/UMS/platform/README-openshift.md deleted file mode 100644 index f91432e9..00000000 --- a/UMS/platform/README-openshift.md +++ /dev/null @@ -1,274 +0,0 @@ -# Install User Management Service 19.0.2 on Red Hat OpenShift 3.11 - -This documentation provides step-by-step instructions on how to install User Management Service 19.0.2 on Red Hat OpenShift 3.11 for test purposes. The documentation therefore does not include steps to setup a production-ready database, create image policy or configure persistent volume. - -## Prepare your environment - -As an administrator of the cluster you must be able to interact with your environment. Run the following commands to connect and check your access. - -In order to interact with your Red Hat OpenShift 3.11 cluster, you need install and initialize command line interfaces. -1. Access your cluster at https://{MasterIP}:{consolePort}/console/command-line, e.g. https://1.2.3.4:8443/console/command-line -2. Download and install - * Red Hat OpenShift CLI - * Kubernetes CLI - * Helm CLI - -3. Login to the cluster: - ```bash - oc login https://:8443 -u - ``` -4. Check you can run docker. - ```bash - docker ps - ``` -## Prerequisites - -In order to install the User Management Service via helm, you need to create a file `myvalues.yaml` to override some defaults of `values.yaml`, such as your database specific settings. The following section explain the prerequisites and the corresponding settings in `myvalues.yaml`. - -### Create a database - -User Management Service needs a database to work. - -The simplest test environment with a single replica can use a built-in derby database in the container. Data is not shared across multiple replicas and is lost upon restarting the pod. If these restrictions are acceptable for a simple demonstration environment, you can set `derby` as your database type in your `myvalues.yaml` -```yaml -oauth: - database: - type: derby -... -teamserver: - database: - type: derby -``` -For sharing data between replicas and keeping data when restarting, you must use a remote database, which can be installed in the same kubernetes cluster or "standalone". Follow the instructions of your database vendor, e.g. -* [IBM Db2 Developer-C](/~https://github.com/IBM/charts/tree/master/stable/ibm-db2oltp-dev) -* IBM Db2 Advanced Enterprise Edition Helm Chart - -If you install Db2 in the same kubernetes environment, you can access Db2 using a kubernetes service without exposing a port publicly. The database is available at service-name.namespace, see [Service discovery (kube-dns) -](https://www.ibm.com/support/knowledgecenter/en/SSBS6K_3.1.2/manage_network/service_discovery.html). -For example, if you installed Db2 in namespace `db2` and created a service `umsdb-ibm-db2oltp-dev-db2`, you can use `umsdb-ibm-db2oltp-dev-db2.db2` as hostname: - -```yaml -oauth: - database: - type: db2 - name: umsdb - host: umsdb-ibm-db2oltp-dev-db2.db2 - port: 50000 -``` - -### Create a project where you want to install User Management Service -User Management Service should be installed into a dedicated project/namespace. Use the following command to create a project and switch to it. - -```bash -oc new-project umsproject -``` - -**Note:** The `oc` command implicitly passes the current project name for all subsequent commands. For `kubectl` you will need to pass the `-n umsproject` parameter explicitly. - -### Create image policy -This is optional. If you intend to load docker images for User Management Service into a remote docker registry and let your Red Hat OpenShift cluster pull images, from this remote location, you need to create an image pull policy, see [imagepolicy.yaml](../configuration/imagepolicy.yaml) as a sample. - -### Install IBM Cloud Pak SecurityContextConstraints resources to your cluster -Install IBM Cloud Pak SecurityContextConstraints resources to your cluster. Refer to '[`ibm-restricted-scc`](https://ibm.biz/cpkspec-scc)'. - -### Create a docker pull secret -This is optional. If you intend to load docker images for User Management Service into a remote docker registry and let your IBM Cloud Private cluster pull images, from this remote location, you need to create image pull secrets for each of these registries: - -```bash -oc create secret docker-registry ums-pull-secret1 --docker-server=docker-registry.default.svc:5000 --docker-username=dockeruser --docker-password=dockerpassword -``` - -The name of this secret can be passed to helm as a parameter in `myvalues.yaml` - -```yaml -global: - imagePullSecrets: - - ums-pull-secret1 - - base-image-artifactory -``` - -### Generate TLS secret -To ensure the internal communication is secure, a TLS secret must be provided. -The secret can be generated by running the following command: -```bash -openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -``` - -This command generates two files: tls.crt and tls.key. They are used to generate the TLS secret: -```bash -oc create secret tls ibm-dba-ums-tls --key=tls.key --cert=tls.crt -``` - -The name of this secret can be passed to helm as a parameter in `myvalues.yaml` - -```yaml -tls: - tlsSecretName: ibm-dba-ums-tls -``` - -### Generate UMS secret, DB secrets and LTPA generation secret -To avoid passing sensitive information via values.yaml, three secrets need to be created before installing the chart. -1. Edit [ums-secret.yaml](../configuration/ums-secret.yaml) -2. For ibm-dba-ums-secret specify adminUser, adminPassword, sslKeystorePassword, jwtKeystorePassword, teamserverClientID, teamserverClientSecret and ltpaPassword -3. For ibm-dba-ums-db-secret specify oauthDBUser/outhDBPassword and tsDBUser/tsDBPassword. -4. For ibm-dba-ums-ltpa-creation-secret do nothing. Configuration will be performed during LTPA creation. -5. Save ums-secret.yaml -6. In a shell run this command to create the required secrets. - -```bash -oc create -f ums-secret.yaml -``` - -**Note:** Secret names need to be passed to the chart via the global.ums.adminSecretName, global.ums.dbSecretName and global.ums.ltpaSecretName properties. - -### Persistent Volume -This is optional. As this is the instruction for a test deployment of UMS, Persistent Volume configuration is not covered. A persistent volume is only required in order to mount -* JDBC drivers for a database other than Db2. -* custom truststore for connecting to LDAP securely -* custom binaries required by your Liberty configuration (such as a .jar file for a Trust Association Interceptor). - -## Install the chart - -### Download PPA and load images to the content registry -Follow instructions to download User Management Service images and loadimages.sh file in [Download PPA and load images](/~https://github.com/icp4a/cert-kubernetes/blob/master/README.md#step-2-download-a-product-package-from-ppa-and-load-the-images) - -The following commands need to be executed from inside the cluster (e.g. on master machine) and assume that you are already logged-in to Red Hat OpenShift using `oc login`: - -```bash -git clone /~https://github.com/icp4a/cert-kubernetes.git -cd cert-kubernetes -docker login $(oc registry info) -u -p $(oc whoami -t) -scripts/loadimages.sh -p ~/Downloads/.tgz -r $(oc registry info)/umsproject -``` -When finished, you see a message similar to: - -``` -Docker images push to docker-registry.default.svc:5000/umsproject completed, and check the following images in the Docker registry: - - docker-registry.default.svc:5000/umsproject/ums:19.0.2 - - docker-registry.default.svc:5000/umsproject/dba-keytool-initcontainer:19.0.2 - - docker-registry.default.svc:5000/umsproject/dba-keytool-jobcontainer:19.0.2 -``` -Those image names must match the images section in `myvalues.yaml`. - -Check whether the images have been pushed correctly to the registry. - -```bash -oc get is -``` - -The results should look like this: -```bash -NAME DOCKER REPO TAGS UPDATED -dba-keytool-initcontainer docker-registry.default.svc:5000/umsproject/dba-keytool-initcontainer 19.0.2 19 hours ago -dba-keytool-jobcontainer docker-registry.default.svc:5000/umsproject/dba-keytool-jobcontainer 19.0.2 19 hours ago -ums docker-registry.default.svc:5000/umsproject/ums 19.0.2 19 hours ago -``` - -### Download helm chart and customize values.yaml -1. Download the helm chart [ibm-dba-ums-prod-1.0.0.tgz](../helm-charts/ibm-dba-ums-prod-1.0.0.tgz) -2. In a shell extract the downloaded package -```bash -tar -xvf ibm-dba-ums-prod-1.0.0.tgz -``` -3. Review `values.yaml` and the `myvalues.yaml` file for your release to override defaults where necessary and to specify values for settings without defaults. Review `README.md` inside the helm chart for more details on the individual settings. Make sure to set the `global.ums.isOpenShift` parameter to `true`. This ensures required configuration for the pod's container security context. - -This is a sample `myvalues.yaml` file using sample values from this guide. - -```yaml -global: - isOpenShift: true - ums: - hostname: ums-hostname #replace with your own hostname - adminSecretName: ibm-dba-ums-secret - dbSecretName: ibm-dba-ums-db-secret - ltpaSecretName: ibm-dba-ums-ltpa-creation-secret - serviceType: Ingress - -# UMS Docker images -images: - ums: docker-registry.default.svc:5000/umsproject/ums:19.0.2 - initTLS: docker-registry.default.svc:5000/umsproject/dba-keytool-initcontainer:19.0.2 - ltpa: docker-registry.default.svc:5000/umsproject/dba-keytool-jobcontainer:19.0.2 - -# UMS certificate secret -tls: - tlsSecretName: ibm-dba-ums-tls - -# UMS OAuth config -oauth: - database: # replace with your own db settings - type: db2 - name: umsdb - host: umsdb-ibm-db2oltp-dev-db2.db2 - port: 50000 - # for demonstration purposes, we reuse the container TLS certificate to sign JWT tokens, you can create and refer to a dedicated secret here - jwtSecretName: ibm-dba-ums-tls - -# UMS Team Server database config -teamserver: - database: # replace with your own db settings - type: db2 - name: umsdb - host: umsdb-ibm-db2oltp-dev-db2.db2 - port: 50000 -``` - -### Use helm to create the release templates -After having created all prerequisites and customized `myvalues.yaml`, you can run - -```bash -helm template -f myvalues.yaml -n cp4a-ums ibm-dba-ums-prod-1.0.0.tgz --output-dir cp4a-ums -``` - -to create the kubernetes release yaml files into a directory called `cp4a-ums`. Then apply the files in the Red Hat OpenShift cluster using - -```bash -oc apply -R -f cp4a-ums -``` - -The command returns within seconds, summarizing the resources that were created in the cluster. - -### Create a route to expose User Management Service - -To expose the User Management Service release to the public you need to create a route in the Red Hat OpenShift cluster. The command create a route using SSL/TLS re-encrypt option. With this option the Red Hat OpenShift router will terminate the SSL connection and re-encrypt the traffic using the User Management Service TLS Certificate internally. For that we need to provide the User Management Service TLS Certificate as generated above. - -```bash -oc create route reencrypt ums-route --hostname=ums-hostname --path=/ --service=cp4a-ums-ibm-dba-ums --dest-ca-cert=tls.crt -``` - -## Verify UMS installation -After the Red Hat OpenShift 3.11 cluster completes the creation of resources and starting of pods, you can access User Management Service for basic function testing. - -Use the following command to observe the current installation and pod starting status: `oc get pods` - -During installation / startup, the status shows 0 ready pods. -```bash -oc get pods -NAME READY STATUS RESTARTS AGE -cp4a-ums-ibm-dba-ums-76d48486f5-4g9l6 0/1 Running 0 45s -cp4a-ums-ibm-dba-ums-76d48486f5-wlfjv 0/1 Running 0 45s -cp4a-ums-ibm-dba-ums-ltpa-creation-job-32881-czhqr 0/1 Completed 0 45s -``` - -Once the pods respond to readiness probes, the status will be updated: -```bash -oc get pods -NAME READY STATUS RESTARTS AGE -cp4a-ums-ibm-dba-ums-8f9cc7c54-46mjw 1/1 Running 0 33m -cp4a-ums-ibm-dba-ums-8f9cc7c54-ml8bz 1/1 Running 0 33m -cp4a-ums-ibm-dba-ums-ltpa-creation-job-32881-czhqr 0/1 Completed 0 33m -``` - -**Note:** The -ibm-dba-ums-ltpa-creation-job-- pod is expected in completed state. - -You can view the configured route for accepting inbound HTTP traffic: -```bash -oc get route - -NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD -ums-route ums-host / cp4a-ums-ibm-dba-ums https reencrypt None -``` - -Use the host of this route to access `https:///ums` to view the login page. Log in as the administrative user you specified in `ums-secret.yaml` or any user of a connected LDAP if you included an LDAP configuration in `myvalues.yaml` customXML. - -Congratulations, your User Management Service is now deployed on Red Hat OpenShift 3.11. diff --git a/descriptors/ibm_cp4a_cr_template.yaml b/descriptors/ibm_cp4a_cr_template.yaml new file mode 100644 index 00000000..ae5d34c3 --- /dev/null +++ b/descriptors/ibm_cp4a_cr_template.yaml @@ -0,0 +1,2029 @@ +############################################################################### +# +# Licensed Materials - Property of IBM +# +# (C) Copyright IBM Corp. 2019. All Rights Reserved. +# +# US Government Users Restricted Rights - Use, duplication or +# disclosure restricted by GSA ADP Schedule Contract with IBM Corp. +# +############################################################################### +apiVersion: icp4a.ibm.com/v1 +kind: ICP4ACluster +metadata: + name: demo-template + labels: + app.kubernetes.io/instance: ibm-dba + app.kubernetes.io/managed-by: ibm-dba + app.kubernetes.io/name: ibm-dba + release: 19.0.3 +spec: + ## shared configuration among all tribe + shared_configuration: + # image_pull_secrets: + # - image-pull-secret + # images: + # keytool_job_container: + # repository: cp.icr.io/cp/cp4a/ums/dba-keytool-jobcontainer + # tag: 19.0.3 + # dbcompatibility_init_container: + # repository: cp.icr.io/cp/cp4a/aae/dba-dbcompatibility-initcontainer + # tag: 19.0.3 + # keytool_init_container: + # repository: cp.icr.io/cp/cp4a/ums/dba-keytool-initcontainer + # tag: 19.0.3 + # umsregistration_initjob: + # repository: cp.icr.io/cp/cp4a/aae/dba-umsregistration-initjob + # tag: 19.0.3 + # pull_policy: Always + # root_ca_secret: icp4a-root-ca + # sc_deployment_platform: OCP + # trusted_certificate_list: [] + # encryption_key_secret: icp4a-shared-encryption-key + ldap_configuration: + # the candidate value is "IBM Security Directory Server" or "Microsoft Active Directory" + # lc_selected_ldap_type: "IBM Security Directory Server" + # lc_ldap_server: "" + # lc_ldap_port: "389" + # lc_ldap_base_dn: "dc=hqpsidcdom,dc=com" + # lc_ldap_ssl_enabled: false + # lc_ldap_ssl_secret_name: "" + # lc_ldap_user_name_attribute: "*:cn" + # lc_ldap_user_display_name_attr: "cn" + # lc_ldap_group_base_dn: "dc=hqpsidcdom,dc=com" + # lc_ldap_group_name_attribute: "*:cn" + # lc_ldap_group_display_name_attr: "cn" + # lc_ldap_group_membership_search_filter: "(|(&(objectclass=groupofnames)(member={0}))(&(objectclass=groupofuniquenames)(uniquemember={0})))" + # lc_ldap_group_member_id_map: "groupofnames:member" + # lc_ldap_max_search_results: 4500 + # ca_ldap_configuration: + # lc_user_filter: "(&(cn={{ '{{' }}username{{ '}}'}})(objectclass=person))" + # lc_ldap_self_signed_crt: "" #true or false when lc_ldap_ssl_enabled: true + # ad: + # lc_ad_gc_host: "" + # lc_ad_gc_port: "" + # lc_user_filter: "(&(cn=%v)(objectclass=person))" + # lc_group_filter: "(&(cn=%v)(|(objectclass=groupofnames)(objectclass=groupofuniquenames)(objectclass=groupofurls)))" + # tds: + # lc_user_filter: "(&(cn=%v)(objectclass=person))" + # lc_group_filter: "(&(cn=%v)(|(objectclass=groupofnames)(objectclass=groupofuniquenames)(objectclass=groupofurls)))" + ext_ldap_configuration: + # # the candidate value is "IBM Security Directory Server" or "Microsoft Active Directory" + # lc_selected_ldap_type: "IBM Security Directory Server" + # lc_ldap_server: "" + # lc_ldap_port: "389" + # lc_bind_secret: ldap-bind-secret # secret is expected to have ldapUsername and ldapPassword keys + # lc_ldap_base_dn: "O=LOCAL" + # lc_ldap_ssl_enabled: false + # lc_ldap_ssl_secret_name: "" + # lc_ldap_user_name_attribute: "*:cn" + # lc_ldap_user_display_name_attr: "cn" + # lc_ldap_group_base_dn: "O=LOCAL" + # lc_ldap_group_name_attribute: "*:cn" + # lc_ldap_group_display_name_attr: "cn" + # lc_ldap_group_membership_search_filter: "(|(&(objectclass=groupofnames)(member={0}))(&(objectclass=groupofuniquenames)(uniquemember={0})))" + # lc_ldap_group_member_id_map: "groupofnames:member" + # ad: + # lc_ad_gc_host: "" + # lc_ad_gc_port: "" + # lc_user_filter: "(&(cn=%v)(objectclass=person))" + # lc_group_filter: "(&(cn=%v)(|(objectclass=groupofnames)(objectclass=groupofuniquenames)(objectclass=groupofurls)))" + # tds: + # lc_user_filter: "(&(cn=%v)(objectclass=person))" + # lc_group_filter: "(&(cn=%v)(|(objectclass=groupofnames)(objectclass=groupofuniquenames)(objectclass=groupofurls)))" + datasource_configuration: + # the candidate value is "db2" or "db2HADR" or "oracle" or "sqlserver" + # dc_gcd_datasource: + # dc_database_type: "db2" + # dc_common_gcd_datasource_name: "FNGCDDS" + # dc_common_gcd_xa_datasource_name: "FNGCDDSXA" + # database_servername: "" + # database_name: "GCDDB" + # database_port: "50000" + # dc_oracle_gcd_jdbc_url: "jdbc:oracle:thin:@//:1521/orcl" + # dc_hadr_standby_servername: "" + # dc_hadr_standby_port: "50000" + # dc_hadr_validation_timeout: 15 + # dc_hadr_retry_interval_for_client_reroute: 15 + # dc_hadr_max_retries_for_client_reroute: 3 + # dc_os_datasources: + # - dc_database_type: "db2" + # dc_common_os_datasource_name: "FNOS1DS" + # dc_common_os_xa_datasource_name: "FNOS1DSXA" + # database_servername: "" + # database_name: "OS1DB" + # database_port: "50000" + # dc_oracle_os_jdbc_url: "jdbc:oracle:thin:@//:1521/orcl" + # dc_hadr_standby_servername: "" + # dc_hadr_standby_port: "50000" + # dc_hadr_validation_timeout: 3 + # dc_hadr_retry_interval_for_client_reroute: 3 + # dc_hadr_max_retries_for_client_reroute: 3 + # - dc_database_type: "db2" + # dc_common_os_datasource_name: "FNOS2DS" + # dc_common_os_xa_datasource_name: "FNOS2DSXA" + # database_servername: "" + # database_name: "OS2DB" + # database_port: "50000" + # dc_oracle_os_jdbc_url: "jdbc:oracle:thin:@//:1521/orcl" + # dc_hadr_standby_servername: "" + # dc_hadr_standby_port: "50000" + # dc_hadr_validation_timeout: 3 + # dc_hadr_retry_interval_for_client_reroute: 3 + # dc_hadr_max_retries_for_client_reroute: 3 + # dc_icn_datasource: + # dc_database_type: "db2" + # dc_oracle_icn_jdbc_url: "jdbc:oracle:thin:@//:1521/orcl" + # dc_common_icn_datasource_name: "ECMClientDS" + # database_servername: "" + # database_port: "50000" + # database_name: "ICNDB" + # dc_hadr_standby_servername: "" + # dc_hadr_standby_port: "50000" + # dc_hadr_validation_timeout: 3 + # dc_hadr_retry_interval_for_client_reroute: 3 + # dc_hadr_max_retries_for_client_reroute: 3 + # dc_odm_datasource: + # dc_database_type: "db2" + # database_servername: "db2forodm" + # dc_common_database_port: "50000" + # dc_common_database_name: "db2db" + # dc_common_database_instance_user: "db2user" # Will remove it, and use K8S Secret to replace it + # dc_common_database_instance_password: "{base64}UGFzc3cwcmQ0SypT" # Will remove it, and use K8S Secret to replace it + #dc_ums_datasource: # credentials are read from ums_configuration.db_secret_name + # # oauth database config + # dc_ums_oauth_type: db2 # derby (for test), db2, oracle + # dc_ums_oauth_host: + # dc_ums_oauth_port: 50000 + # dc_ums_oauth_name: UMSDB + # dc_ums_oauth_ssl: false + # dc_ums_oauth_ssl_secret_name: + # dc_ums_oauth_driverfiles: + # dc_ums_oauth_alternate_hosts: + # dc_ums_oauth_alternate_ports: + # dc_ca_datasource: + # dc_database_type: "db2" # This value can be db2 or db2HADR + # database_servername: "" + # database_name: "" + # tenant_databases: + # - tenant1 + # database_port: "" + ## Monitor setting + monitoring_configuration: + # mon_metrics_writer_option: "4" + # mon_metrics_service_endpoint: "9.9.9.9:2003" + # mon_bmx_group: "ibm" + # mon_bmx_metrics_scope_id: "1" + # mon_bmx_api_key: "testkey" + # mon_ecm_metrics_collect_interval: 60 + # mon_ecm_metrics_flush_interval: 60 + # mon_enable_plugin_pch: true + # mon_enable_plugin_mbean: true + ## Logging setting + logging_configuration: + # mon_log_parse: false + # mon_log_shipper_option: "1" + # mon_log_service_endpoint: "9.9.9.9:5044" + # mon_bmx_logs_logging_token: "testtoken" + # mon_bmx_space_id: "1" + + ######################################################################## + ######## IBM FileNet Content Manager configuration ######## + ######################################################################## + ecm_configuration: + # fncm_secret_name: ibm-fncm-secret + # fncm_ext_tls_secret_name: "{{ meta.name }}-fncm-ext-tls-secret" + # fncm_auth_ca_secret_name: "{{ meta.name }}-fncm-auth-ca-secret" + # cpe: + # arch: + # amd64: "3 - Most preferred" + # replica_count: 1 + # image: + # repository: cp.icr.io/cp/cp4a/fncm/cpe + # tag: ga-554-p8cpe + # pull_policy: Always + # ## Logging for workloads + # log: + # format: json + # ## resource + # resources: + # requests: + # cpu: 500m + # memory: 512Mi + # limits: + # cpu: 1 + # memory: 3072Mi + # ## Horizontal Pod Autoscaler + # auto_scaling: + # enabled: true + # max_replicas: 3 + # min_replicas: 1 + # target_cpu_utilization_percentage: 80 + # ## Route public hostname + # hostname: "" + # ## cpe Production setting + # cpe_production_setting: + # time_zone: Etc/UTC + # jvm_initial_heap_percentage: 18 + # jvm_max_heap_percentage: 33 + # # By default, the containers are configured to support OpenID/OAuth for SSO with User Management Services (UMS). + # # If SSO is not enabled for the deployment (i.e., if UMS is not being deployed), then set the following JVM value: + # # JVM_CUSTOMIZE_OPTIONS="-DFileNet.WSI.AutoDetectLTPAToken=true" + # # This enables the container to recognize WebSphere Liberty LTPA token where LDAP is used for authentication/authorization. + # jvm_customize_options: "-DFileNet.WSI.AutoDetectLTPAToken=true" + # gcd_jndi_name: FNGCDDS + # gcd_jndixa_name: FNGCDDSXA + # license_model: FNCM.PVUNonProd + # license: accept + # monitor_enabled: false + # logging_enabled: true + # collectd_enable_plugin_write_graphite: false + # ## Specify the names of existing persistent volume claims to be used by your application. + # datavolume: + # existing_pvc_for_cpe_cfgstore: "cpe-cfgstore" + # existing_pvc_for_cpe_logstore: "cpe-logstore" + # existing_pvc_for_cpe_filestore: "cpe-filestore" + # existing_pvc_for_cpe_icmrulestore: "cpe-icmrulesstore" + # existing_pvc_for_cpe_textextstore: "cpe-textextstore" + # existing_pvc_for_cpe_bootstrapstore: "cpe-bootstrapstore" + # existing_pvc_for_cpe_fnlogstore: "cpe-fnlogstore" + # probe: + # readiness: + # initial_delay_seconds: 120 + # period_seconds: 5 + # timeout_seconds: 10 + # failure_threshold: 6 + # liveness: + # initial_delay_seconds: 600 + # period_seconds: 5 + # timeout_seconds: 5 + # failure_threshold: 6 + # image_pull_secrets: + # name: "admin.registrykey" + # css: + # arch: + # amd64: "3 - Most preferred" + # replica_count: 1 + # image: + # repository: cp.icr.io/cp/cp4a/fncm/css + # tag: ga-554-p8css + # pull_policy: Always + # ## Logging for workloads + # log: + # format: json + + # ## resource and autoscaling setting + # resources: + # requests: + # cpu: 500m + # memory: 512Mi + # limits: + # cpu: 1 + # memory: 4096Mi + # ## CSS Production setting + # css_production_setting: + # jvm_max_heap_percentage: 50 + # license: accept + # monitor_enabled: false + # logging_enabled: true + # collectd_enable_plugin_write_graphite: false + # ## Specify the names of existing persistent volume claims to be used by your application. + # datavolume: + # existing_pvc_for_css_cfgstore: "css-cfgstore" + # existing_pvc_for_css_logstore: "css-logstore" + # existing_pvc_for_css_tmpstore: "css-tempstore" + # existing_pvc_for_index: "css-indexstore" + # existing_pvc_for_css_customstore: "css-customstore" + # probe: + # readiness: + # initial_delay_seconds: 60 + # period_seconds: 5 + # timeout_seconds: 10 + # failure_threshold: 6 + # liveness: + # initial_delay_seconds: 180 + # period_seconds: 5 + # timeout_seconds: 5 + # failure_threshold: 6 + # image_pull_secrets: + # name: "admin.registrykey" + # cmis: + # arch: + # amd64: "3 - Most preferred" + # replica_count: 1 + # image: + # repository: cp.icr.io/cp/cp4a/fncm/cmis + # tag: ga-304-cmis-if009 + # pull_policy: Always + # ## Logging for workloads + # log: + # format: json + + # ## resource + # resources: + # # We usually recommend not to specify default resources and to leave this as a conscious + # # choice for the user. This also increases chances charts run on environments with little + # # resources, such as Minikube. If you do want to specify resources, uncomment the following + # # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # requests: + # cpu: 500m + # memory: 256Mi + # limits: + # cpu: 1 + # memory: 1536Mi + + # ## Horizontal Pod Autoscaler + # auto_scaling: + # enabled: true + # max_replicas: 3 + # min_replicas: 1 + # target_cpu_utilization_percentage: 80 + # ## Route public hostname + # hostname: "" + # ## CMIS Production setting + # cmis_production_setting: + # cpe_url: + # time_zone: Etc/UTC + # jvm_initial_heap_percentage: 40 + # jvm_max_heap_percentage: 66 + # jvm_customize_options: "" + # checkout_copycontent: true + # default_maxitems: 25 + # cvl_cache: true + # secure_metadata_cache: false + # filter_hidden_properties: true + # querytime_limit: 180 + # resumable_queries_forrest: true + # escape_unsafe_string_characters: false + # max_soap_size: 180 + # print_pull_stacktrace: false + # folder_first_search: false + # ignore_root_documents: false + # supporting_type_mutability: false + # license: accept + # monitor_enabled: false + # logging_enabled: false + # collectd_enable_plugin_write_graphite: false + # ## global persistence settings + # datavolume: + # ## Specify the names of existing persistent volume claims to be used by your application. + # existing_pvc_for_cmis_cfgstore: "cmis-cfgstore" + # existing_pvc_for_cmis_logstore: "cmis-logstore" + # probe: + # readiness: + # initial_delay_seconds: 90 + # period_seconds: 5 + # timeout_seconds: 10 + # failure_threshold: 6 + # liveness: + # initial_delay_seconds: 180 + # period_seconds: 5 + # timeout_seconds: 5 + # failure_threshold: 6 + # image_pull_secrets: + # name: "admin.registrykey" + # graphql: + # arch: + # amd64: "3 - Most preferred" + # replica_count: 1 + # image: + # repository: cp.icr.io/cp/cp4a/fncm/graphql + # tag: ga-554-p8cgql + # pull_policy: Always + # ## resource + # resources: + # requests: + # cpu: 500m + # memory: 512Mi + # limits: + # cpu: 1 + # memory: 1536Mi + # ## Horizontal Pod Autoscaler + # auto_scaling: + # enabled: true + # max_replicas: 1 + # min_replicas: 1 + # target_cpu_utilization_percentage: 80 + # ## Route public hostname + # hostname: "" + # ## GraphQL Production setting + # graphql_production_setting: + # time_zone: Etc/UTC + # jvm_initial_heap_percentage: 40 + # jvm_max_heap_percentage: 66 + # jvm_customize_options: "" + # license_model: FNCM.PVUNonProd + # license: accept + # enable_graph_iql: false + # cpe_uri: http://:9080/wsi/FNCEWS40MTOM + # ## Monitor setting and Logging setting + # monitor_enabled: false + # logging_enabled: true + # collectd_enable_plugin_write_graphite: false + # ## Specify the names of existing persistent volume claims to be used by your application. + # datavolume: + # existing_pvc_for_graphql_cfgstore: "graphql-cfgstore" + # existing_pvc_for_graphql_logstore: "graphql-logstore" + # probe: + # readiness: + # initial_delay_seconds: 120 + # period_seconds: 5 + # timeout_seconds: 10 + # failure_threshold: 6 + # liveness: + # initial_delay_seconds: 600 + # period_seconds: 5 + # timeout_seconds: 5 + # failure_threshold: 6 + # imagePullSecrets: + # name: "admin.registrykey" + # es: + # arch: + # amd64: "3 - Most preferred" + # replica_count: 1 + # image: + # repository: cp.icr.io/cp/cp4a/fncm/extshare + # tag: ga-307-es + # pull_policy: Always + # ## resource + # resources: + # requests: + # cpu: 500m + # memory: 512Mi + # limits: + # cpu: 1 + # memory: 1536Mi + # ## Horizontal Pod Autoscaler + # auto_scaling: + # enabled: true + # max_replicas: 3 + # min_replicas: 1 + # target_cpu_utilization_percentage: 80 + # ## Route public hostname + # hostname: "" + # ## External Share Production setting + # es_production_setting: + # time_zone: Etc/UTC + # jvm_initial_heap_percentage: 40 + # jvm_max_heap_percentage: 66 + # jvm_customize_options: "" + # license_model: FNCM.PVUNonProd + # license: accept + # es_dbtype: db2 + # es_jndi_ds: ECMClientDS + # es_schema: ICNDB + # es_ts: ICNDB + # es_admin: ceadmin + # ## Monitor setting and Logging setting + # monitor_enabled: false + # logging_enabled: true + # collectd_enable_plugin_write_graphite: false + # ## Specify the names of existing persistent volume claims to be used by your application. + # datavolume: + # existing_pvc_for_es_cfgstore: "es-cfgstore" + # existing_pvc_for_es_logstore: "es-logstore" + # probe: + # readiness: + # initial_delay_seconds: 180 + # period_seconds: 5 + # timeout_seconds: 10 + # failure_threshold: 6 + # liveness: + # initial_delay_seconds: 600 + # period_seconds: 5 + # timeout_seconds: 5 + # failure_threshold: 6 + # imagePullSecrets: + # name: "admin.registrykey" + # tm: + # arch: + # amd64: "3 - Most preferred" + # replica_count: 1 + # image: + # repository: cp.icr.io/cp/cp4a/fncm/taskmgr + # tag: 3.0.7 + # pull_policy: Always + # ## LOGGING FOR WORKLOADS + # log: + # format: JSON + # ## resource + # resources: + # requests: + # cpu: 500m + # memory: 512Mi + # limits: + # cpu: 1 + # memory: 1536Mi + # ## Horizontal Pod Autoscaler + # auto_scaling: + # enabled: true + # max_replicas: 3 + # min_replicas: 1 + # target_cpu_utilization_percentage: 80 + # ## External Share Production setting + # tm_production_setting: + # time_zone: Etc/UTC + # jvm_initial_heap_percentage: 40 + # jvm_max_heap_percentage: 66 + # jvm_customize_options: "-Dcom.ibm.ecm.task.StartUpListener.defaultLogLevel=FINE" + # license: accept + # tm_dbtype: db2 + # tm_jndi_ds: ECMClientDS + # tm_schema: ICNDB + # tm_ts: ICNDB + # tm_admin: CEADMIN + + # ## Monitor setting and Logging setting + # monitor_enabled: false + # logging_enabled: true + # collectd_enable_plugin_write_graphite: false + # ## Specify the names of existing persistent volume claims to be used by your application. + # datavolume: + # existing_pvc_for_tm_cfgstore: "tm-cfgstore" + # existing_pvc_for_tm_logstore: "tm-logstore" + # existing_pvc_for_tm_pluginstore: "tm-pluginstore" + # probe: + # readiness: + # initial_delay_seconds: 120 + # period_seconds: 5 + # timeout_seconds: 10 + # failure_threshold: 6 + # liveness: + # initial_delay_seconds: 600 + # period_seconds: 5 + # timeout_seconds: 5 + # failure_threshold: 6 + # image_pull_secrets: + # name: "admin.registrykey" + + ######################################################################## + ######## IBM Business Automation Navigator configuration ######## + ######################################################################## + navigator_configuration: + # ban_secret_name: ibm-ban-secret + # ban_ext_tls_secret_name: "{{ meta.name }}-ban-ext-tls-secret" + # ban_auth_ca_secret_name: "{{ meta.name }}-ban-auth-ca-secret" + # arch: + # amd64: "3 - Most preferred" + # replica_count: 1 + # image: + # repository: cp.icr.io/cp/cp4a/ban/navigator-sso + # tag: ga-307-icn + # pull_policy: Always + # arbitrary_uid_enabled: true + # ## Logging for workloads + # log: + # format: json + # ## resource and autoscaling setting + # resources: + # # We usually recommend not to specify default resources and to leave this as a conscious + # # choice for the user. This also increases chances charts run on environments with little + # # resources, such as Minikube. If you do want to specify resources, uncomment the following + # # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # requests: + # cpu: 500m + # memory: 512Mi + # limits: + # cpu: 1 + # memory: 1536Mi + + # ## Horizontal Pod Autoscaler + # auto_scaling: + # enabled: true + # max_replicas: 3 + # min_replicas: 1 + # target_cpu_utilization_percentage: 80 + # ## Route public hostname + # hostname: "" + # ## ICN Production setting + # icn_production_setting: + # timezone: Etc/UTC + # jvm_initial_heap_percentage: 40 + # jvm_max_heap_percentage: 66 + # # By default, the containers are configured to support OpenID/OAuth for SSO with User Management Services (UMS). + # # If SSO is not enabled for the deployment (i.e., if UMS is not being deployed), then set the following JVM value: + # # JVM_CUSTOMIZE_OPTIONS="-DFileNet.WSI.AutoDetectLTPAToken=true" + # # This enables the container to recognize WebSphere Liberty LTPA token where LDAP is used for authentication/authorization. + # jvm_customize_options: "-DFileNet.WSI.AutoDetectLTPAToken=true" + # icn_db_type: db2 + # icn_jndids_name: ECMClientDS + # icn_schema: ICNDB + # icn_table_space: ICNDB + # icn_admin: CEADMIN + # license: accept + # enable_appcues: false + # allow_remote_plugins_via_http: false + # monitor_enabled: false + # logging_enabled: false + # collectd_enable_plugin_write_graphite: false + # ## Specify the names of existing persistent volume claims to be used by your application. + # ## Specify an empty string if you don't have existing persistent volume claim. + # datavolume: + # existing_pvc_for_icn_cfgstore: "icn-cfgstore" + # existing_pvc_for_icn_logstore: "icn-logstore" + # existing_pvc_for_icn_pluginstore: "icn-pluginstore" + # existing_pvc_for_icnvw_cachestore: "icn-vw-cachestore" + # existing_pvc_for_icnvw_logstore: "icn-vw-logstore" + # existing_pvc_for_icn_aspera: "icn-asperastore" + # probe: + # readiness: + # initial_delay_seconds: 120 + # period_seconds: 5 + # timeout_seconds: 10 + # failure_threshold: 6 + # liveness: + # initial_delay_seconds: 600 + # period_seconds: 5 + # timeout_seconds: 5 + # failure_threshold: 6 + # image_pull_secrets: + # name: "admin.registrykey" + + # ######################################################################## + # ######## IBM FNCM and BAN initialization configuration ######## + # ######################################################################## + initialize_configuration: + # ic_domain_creation: + # domain_name: "P8DOMAIN" + # encryption_key: "128" + # ic_ldap_creation: + # ic_ldap_admin_user_name: + # - "CEAdmin" + # ic_ldap_admins_groups_name: + # - "P8Administrators" + # ic_ldap_name: "ldap_name" + # ic_obj_store_creation: + # object_stores: + # - oc_cpe_obj_store_display_name: "OS01" + # oc_cpe_obj_store_symb_name: "OS01" + # oc_cpe_obj_store_conn: + # name: "objectstore1_connection" + # site_name: "InitialSite" + # dc_os_datasource_name: "FNOS1DS" + # dc_os_xa_datasource_name: "FNOS1DSXA" + # oc_cpe_obj_store_admin_user_groups: + # - "CEAdmin" + # # Array of users + # oc_cpe_obj_store_basic_user_groups: + # oc_cpe_obj_store_addons: true + # oc_cpe_obj_store_addons_list: + # - "{CE460ADD-0000-0000-0000-000000000004}" + # - "{CE460ADD-0000-0000-0000-000000000001}" + # - "{CE460ADD-0000-0000-0000-000000000003}" + # - "{CE460ADD-0000-0000-0000-000000000005}" + # - "{CE511ADD-0000-0000-0000-000000000006}" + # - "{CE460ADD-0000-0000-0000-000000000008}" + # - "{CE460ADD-0000-0000-0000-000000000007}" + # - "{CE460ADD-0000-0000-0000-000000000009}" + # - "{CE460ADD-0000-0000-0000-00000000000A}" + # - "{CE460ADD-0000-0000-0000-00000000000B}" + # - "{CE460ADD-0000-0000-0000-00000000000D}" + # - "{CE511ADD-0000-0000-0000-00000000000F}" + # oc_cpe_obj_store_asa_name: "demo_storage" + # oc_cpe_obj_store_asa_file_systems_storage_device_name: "demo_file_system_storage" + # oc_cpe_obj_store_asa_root_dir_path: "/opt/ibm/asa/os01_storagearea1" + # oc_cpe_obj_store_enable_workflow: true + # oc_cpe_obj_store_workflow_region_name: "design_region_name" + # oc_cpe_obj_store_workflow_region_number: 1 + # oc_cpe_obj_store_workflow_data_tbl_space: "VWDATA_TS" + # oc_cpe_obj_store_workflow_index_tbl_space: "" + # oc_cpe_obj_store_workflow_blob_tbl_space: "" + # oc_cpe_obj_store_workflow_admin_group: "P8Administrators" + # oc_cpe_obj_store_workflow_config_group: "P8Administrators" + # oc_cpe_obj_store_workflow_date_time_mask: "mm/dd/yy hh:tt am" + # oc_cpe_obj_store_workflow_locale: "en" + # oc_cpe_obj_store_workflow_pe_conn_point_name: "pe_conn_os1" + # ic_css_creation: + # - css_site_name: "Initial Site" + # css_text_search_server_name: "{{ meta.name }}-css-1" + # affinity_group_name: "aff_group" + # css_text_search_server_status: 0 + # css_text_search_server_mode: 0 + # css_text_search_server_ssl_enable: "true" + # css_text_search_server_credential: "RNUNEWc=" + # css_text_search_server_host: "{{ meta.name }}-css-svc-1" + # css_text_search_server_port: 8199 + # ic_css_index_area: + # - object_store_name: "OS01" + # index_area_name: "os1_index_area" + # affinity_group_name: "aff_group" + # root_dir: "/opt/ibm/indexareas" + # max_indexes: 20 + # max_objects_per_index: 10000 + # ic_enable_cbr: + # - object_store_name: "OS01" + # class_name: "Document" + # indexing_languages: "en" + # ic_icn_init_info: + # icn_repos: + # - add_repo_id: "demo_repo1" + # add_repo_ce_wsi_url: "http://{{ meta.name }}-cpe-svc:9080/wsi/FNCEWS40MTOM/" + # add_repo_os_sym_name: "OS01" + # add_repo_os_dis_name: "OS01" + # add_repo_workflow_enable: false + # add_repo_work_conn_pnt: "pe_conn_os1:1" + # add_repo_protocol: "FileNetP8WSI" + # # - add_repo_id: "test_repo2" + # # add_repo_ce_wsi_url: "http://{{ meta.name }}-cpe-svc:9080/wsi/FNCEWS40MTOM/" + # # add_repo_os_sym_name: "OS02" + # # add_repo_os_dis_name: "OS02" + # # add_repo_workflow_enable: true + # # add_repo_work_conn_pnt: "pe_conn_os02:1" + # # add_repo_protocol: "FileNetP8WSI" + # icn_desktop: + # - add_desktop_id: "demo" + # add_desktop_name: "icn_desktop" + # add_desktop_description: "This is ICN desktop" + # add_desktop_is_default: false + # add_desktop_repo_id: "demo_repo1" + # add_desktop_repo_workflow_enable: false + # # - add_desktop_id: "demotest" + # # add_desktop_name: "icn_desktop_demo" + # # add_desktop_description: "Just Another desktop" + # # add_desktop_is_default: false + # # add_desktop_repo_id: "test_repo2" + # # add_desktop_repo_workflow_enable: false + + ######################################################################## + ######## IBM FNCM and BAN verification configuration ######## + ######################################################################## + verify_configuration: + # vc_cpe_verification: + # vc_cpe_folder: + # - folder_cpe_obj_store_name: "OS01" + # folder_cpe_folder_path: "/TESTFOLDER" + # vc_cpe_document: + # - doc_cpe_obj_store_name: "OS01" + # doc_cpe_folder_name: "/TESTFOLDER" + # doc_cpe_doc_title: "test_title" + # DOC_CPE_class_name: "Document" + # doc_cpe_doc_content: "This is a simple document test" + # doc_cpe_doc_content_name: "doc_content_name" + # vc_cpe_cbr: + # - cbr_cpe_obj_store_name: "OS01" + # cbr_cpe_class_name: "Document" + # cbr_cpe_search_string: "is a simple" + # vc_cpe_workflow: + # - workflow_cpe_enabled: false + # workflow_cpe_connection_point: "pe_conn_os1" + # vc_icn_verification: + # - vc_icn_repository: "demo_repo1" + # vc_icn_desktop_id: "demo" + + ######################################################################## + ######## IBM Operational Decision Manager Configuration ######## + ######################################################################## + + # odm_configuration: + # # Allow to activate more trace for ODM in the Operator pod. + # debug: false + # # Allow to specify which version of ODM you want to deploy. + # # Supported version > 19.0.2 + # # If omitted the latest version will be used. + # version: 19.0.3 + # image: + # # Specify the repository used to retrieve the Docker images if you do not want to use the default one. + # repository: "" + # # Specify the tag for the Docker images. + # # It's a Mandatory tag when you enable odm_configuraton. + # tag: 8.10.3 + # # Specify the pull policy for the Docker images. See Kuberntes documentation for more inforations. + # # Possible values : IfNotPresent, Always, Never + # pullPolicy: IfNotPresent + # # Optionally specify an array of imagePullSecrets. + # # Secrets must be manually created in the namespace. + # # ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + # # - name: admin.registrykey + # pullSecrets: + # + # service: + # # Specify whether to enable Transport Layer Security. If true, ODM web apps are accessed through HTTPS. If false, they are accessed through HTTP. + # enableTLS: true + # # Specify the service type. + # type: NodePort + # + # ## Decision Server Runtime parameters + # decisionServerRuntime: + # # Specify whether to enable Decision Server Runtime. + # enabled: true + # # Specify the number of Decision Server Runtime pods. + # replicaCount: 1 + # # Specify the name of the configMap the wanted logging options. If left empty, default logging options are used. + # loggingRef: + # # Specify the name of the configMap the wanted JVM options. If left empty, default JVM options are used. + # jvmOptionsRef: + # resources: + # requests: + # # Specify the requested CPU. + # cpu: 500m + # # Specify the requested memory. + # memory: 512Mi + # limits: + # # Specify the CPU limit. + # cpu: 2 + # # Specify the memory limit. + # memory: 4096Mi + # ## Decision Server Console parameters + # decisionServerConsole: + # # Specify the name of the configMap the wanted logging options. If left empty, default logging options are used. + # loggingRef: + # # Specify the name of the configMap the wanted JVM options. If left empty, default JVM options are used. + # jvmOptionsRef: + # resources: + # requests: + # # Specify the requested CPU. + # cpu: 500m + # # Specify the requested memory. + # memory: 512Mi + # limits: + # # Specify the CPU limit. + # cpu: 2 + # # Specify the memory limit. + # memory: 1024Mi + # ## Decision Center parameters + # decisionCenter: + # # Specify whether to enable Decision Center. + # enabled: true + # # Specify the persistence locale for Decision Center. + # # Possible values "ar_EG" (Arabic - Egypt), "zh_CN" (Chinese - China), "zh_TW" (Chinese - Taiwan) + # # "nl_NL" (Netherlands), "en_GB" (English - United Kingdom), "en_US" (English - United States), + # # "fr_FR" (French - France), "de_DE" (German - Germany), "iw_IL" (Hebrew - Israel), "it_IT" (Italian - Italy), + # # "ja_JP" (Japanese - Japan) , "ko_KR" (Korean - Korea), "pl_PL" (Polish - Poland), + # # "pt_BR" (Portuguese - Brazil), "ru_RU" (Russian - Russia), "es_ES" (Spanish - Spain) + # persistenceLocale: en_US + # # Specify the number of Decision Center pods. + # replicaCount: 1 + # # Persistent Volume Claim to access the custom libraries + # customlibPvc: + # # Specify the name of the configMap the wanted logging options. If left empty, default logging options are used. + # loggingRef: + # # Specify the name of the configMap the wanted JVM options. If left empty, default JVM options are used. + # jvmOptionsRef: + # resources: + # requests: + # # Specify the requested CPU. + # cpu: 500m + # # Specify the requested memory. + # memory: 1500Mi + # limits: + # # Specify the CPU limit. + # cpu: 2 + # # Specify the memory limit. + # memory: 4096Mi + # ## Decision Runner parameters + # decisionRunner: + # # Specify whether to enable Decision Runner. + # enabled: true + # # Specify the number of Decision Runner pods. + # replicaCount: 1 + # # Specify the name of the configMap the wanted logging options. If left empty, default logging options are used. + # loggingRef: + # # Specify the name of the configMap the wanted JVM options. If left empty, default JVM options are used. + # jvmOptionsRef: + # resources: + # requests: + # # Specify the requested CPU. + # cpu: 500m + # # Specify the requested memory. + # memory: 512Mi + # limits: + # # Specify the CPU limit. + # cpu: 2 + # # Specify the memory limit. + # memory: 4096Mi + # + # ## Database - Option 1: Internal (PostgreSQL) + # ## Fill in the parameters to use an internal PostgresSQL database. + # internalDatabase: + # # Specify the name of the internal database. + # databaseName: odmdb + # # Specify the name of the secret that contains the credentials to connect to the internal database. + # secretCredentials: "" + # persistence: + # # Specify whether to enable persistence for the internal database in a persistent volume. + # enabled: true + # # When this parameter is false, the binding process selects an existing volume. Ensure that an unbound volume exists before you install the chart. + # useDynamicProvisioning: false + # # Specify the storage class name for persistent volume. If this parameter is left empty, the default storage class is used. + # storageClassName: "" + # resources: + # requests: + # # Specify the storage size for persistent volume. + # storage: 5Gi + # securityContext: + # # User to init internal database container + # runAsUser: 0 + # resources: + # requests: + # # Specify the requested CPU. + # cpu: 500m + # # Specify the requested memory. + # memory: 512Mi + # limits: + # # Specify the CPU limit. + # cpu: 2 + # # Specify the memory limit. + # memory: 4096Mi + # + # ## Database - Option 2: External (DB2 or PostgreSQL) + # ## Fill in the parameters to use an external DB2 or PostgreSQL database. + # externalDatabase: + # # Specify the type of the external database. If this parameter is left empty, PostgreSQL is used by default. + # # Possible values : "db2", "postgresql" + # type: "" + # # Specify the name of the server running the external database. If it is not specified, the PostgreSQL internal database is used. + # serverName: "" + # # Specify the name of the external database. + # databaseName: "" + # # Specify the name of the secret that contains the credentials to connect to the external database. + # secretCredentials: "" + # # Specify the port used to connect to the external database. + # port: "" + # + # ## Database - Option 3: External (Custom) + # ## Fill in the parameters to use an external database configured by a secret. + # externalCustomDatabase: + # # Specify the name of the secret that contains the datasource configuration to use. + # datasourceRef: + # # Persistent Volume Claim to access the JDBC Database Driver + # driverPvc: + # + # readinessProbe: + # # Specify the number of seconds after the container has started before readiness probe is initiated. + # initialDelaySeconds: 5 + # # Specify how often (in seconds) to perform the probe. + # periodSeconds: 5 + # # Specify how many times Kubernetes will try before giving up when a pod starts and the probe fails. Giving up means marking the pod as Unready. + # failureThreshold: 45 + # # Specify the number of seconds after which the readiness probe times out. + # timeoutSeconds: 5 + # + # livenessProbe: + # # Specify the number of seconds after the container has started before liveness probe is initiated. + # initialDelaySeconds: 300 + # # Specify how often (in seconds) to perform the probe. + # periodSeconds: 10 + # # Specify how many times Kubernetes will try before giving up when a pod starts and the probe fails. Giving up means restarting the pod. + # failureThreshold: 10 + # # Specify the number of seconds after which the liveness probe times out. + # timeoutSeconds: 5 + # + # customization: + # # Specify the name of the secret that contains the TLS certificate you want to use. If the parameter is left empty, a default certificate is used. + # securitySecretRef: + # # Specify the name of the secret that contains the configuration files required to use the IBM Business Automation Insights emitter. + # baiEmitterSecretRef: + # # Specify the label attached to some nodes. Pods are scheduled to the nodes with this label. If the parameter is empty, pods are scheduled randomly. + # authSecretRef: + # + # networkPolicy: + # # Enable creation of NetworkPolicy resources. + # enabled: true + # # For Kubernetes v1.4, v1.5 and v1.6, use 'extensions/v1beta1' + # # For Kubernetes v1.7, use 'networking.k8s.io/v1' + # apiVersion: networking.k8s.io/v1 + + ums_configuration: + # existing_claim_name: + # replica_count: 2 + # service_type: Route + # hostname: + # port: 443 + # images: + # ums: + # repository: cp.icr.io/cp/cp4a/ums/ums + # tag: 19.0.3 + # admin_secret_name: ibm-dba-ums-secret + # db_secret_name: ibm-dba-ums-db-secret + # external_tls_secret_name: ibm-dba-ums-external-tls-secret + # external_tls_ca_secret_name: ibm-dba-ums-external-tls-ca-secret + # oauth: + # client_manager_group: + # resources: + # limits: + # cpu: 500m + # memory: 512Mi + # requests: + # cpu: 200m + # memory: 256Mi + # ## Horizontal Pod Autoscaler + # autoscaling: + # enabled: true + # min_replicas: 2 + # max_replicas: 5 + # target_average_utilization: 98 + # use_custom_jdbc_drivers: false + # use_custom_binaries: false + # custom_secret_name: + # custom_xml: + # logs: + # console_format: json + # console_log_level: INFO + # console_source: message,trace,accessLog,ffdc,audit + # trace_format: ENHANCED + # trace_specification: "*=info" + ##################################################################### + ## IBM App Engine production configuration 19.0.3 configuration ## + ##################################################################### + application_engine_configuration: + # ## The application_engine_configuration is a list, you can deploy multiple instances of AppEngine, you can assign different configurations for each instance. + # ## For each instance, application_engine_configuration.name and application_engine_configuration.name.hostname must be assigned to different values. + # - name: instance1 + # hostname: + # port: 443 + # admin_secret_name: + # external_tls_secret_name: + # replica_size: 1 + # user_custom_jdbc_drivers: false + # service_type: Route + # autoscaling: + # enabled: false + # max_replicas: 5 + # min_replicas: 2 + # target_cpu_utilization_percentage: 80 + # database: + # host: + # name: + # port: + # ## If you setup DB2 HADR and want to use it, you need to configure alternative_host and alternative_port, or else, leave is as blank. + # alternative_host: + # alternative_port: + # ## Only DB2 is supported + # type: db2 + # enable_ssl: false + # db_cert_secret_name: + # current_schema: DBASB + # initial_pool_size: 1 + # max_pool_size: 10 + # uv_thread_pool_size: 4 + # max_lru_cache_size: 1000 + # max_lru_cache_age: 600000 + # dbcompatibility_max_retries: 30 + # dbcompatibility_retry_interval: 10 + # custom_jdbc_pvc: + # log_level: + # node: info + # browser: 2 + # content_security_policy: + # enable: false + # whitelist: + # env: + # max_size_lru_cache_rr: 1000 + # server_env_type: development + # purge_stale_apps_interval: 86400000 + # apps_threshold: 100 + # stale_threshold: 172800000 + # images: + # pull_policy: IfNotPresent + # db_job: + # repository: cp.icr.io/cp/cp4a/aae/solution-server-helmjob-db + # tag: 19.0.3 + # solution_server: + # repository: cp.icr.io/cp/cp4a/aae/solution-server + # tag: 19.0.3 + # max_age: + # auth_cookie: "900000" + # csrf_cookie: "3600000" + # static_asset: "2592000" + # hsts_header: "2592000" + # probe: + # liveness: + # failure_threshold: 5 + # initial_delay_seconds: 60 + # period_seconds: 10 + # success_threshold: 1 + # timeout_seconds: 180 + # readiness: + # failure_threshold: 5 + # initial_delay_seconds: 10 + # period_seconds: 10 + # success_threshold: 1 + # timeout_seconds: 180 + # redis: + # host: + # port: + # ttl: 1800 + # resource_ae: + # limits: + # cpu: 2000m + # memory: 2Gi + # requests: + # cpu: 1000m + # memory: 1Gi + # resource_init: + # limits: + # cpu: 500m + # memory: 256Mi + # requests: + # cpu: 200m + # memory: 128Mi + # session: + # check_period: "3600000" + # duration: "1800000" + # max: "10000" + # resave: "false" + # rolling: "true" + # save_uninitialized: "false" + # use_external_store: "true" + # tls: + # tls_trust_list: [] + resource_registry_configuration: + # admin_secret_name: resource-registry-admin-secret + # hostname: + # port: + # replica_size: 3 + # images: + # pull_policy: IfNotPresent + # resource_registry: + # repository: cp.icr.io/cp/cp4a/aae/dba-etcd + # tag: 19.0.3 + # tls: + # tls_secret: rr-tls-client-secret + # probe: + # liveness: + # initial_delay_seconds: 60 + # period_seconds: 10 + # timeout_seconds: 5 + # success_threshold: 1 + # failure_threshold: 3 + # readiness: + # initial_delay_seconds: 10 + # period_seconds: 10 + # timeout_seconds: 5 + # success_threshold: 1 + # failure_threshold: 3 + # resource: + # limits: + # cpu: "500m" + # memory: "512Mi" + # requests: + # cpu: "200m" + # memory: "256Mi" + # auto_backup: + # enable: false + # minimal_time_interval: 1800 + # pvc_name: rr-autobackup-pvc + ##################################################################### + ## IBM Business Automation Studio 19.0.3 configuration ## + ##################################################################### + bastudio_configuration: + # admin_secret_name: bastudio-admin-secret + # hostname: + # port: + # # If we disable the User Management Service Certificate Common Name Check or not + # ums_disable_cn_check: false + # # If you don't want to use the customized external TLS certificate, you can leave it empty. + # external_tls_secret: + # # If you don't want to use the customized Certificate Authority (CA) to sign the external TLS certificate, you can leave it empty. + # external_tls_ca_secret: + # tls: + # tls_trust_list: [] + # database: + # host: + # # The database provided should be created by the BAStudio SQL script template. + # name: + # port: + # # If you want to enable the database ACR, HADR, configure the alternative_host and alternative_port both + # alternative_host: + # alternative_port: + # type: db2 + # ssl_enabled: false + # certificate_secret_name: db2-ssl-certificate + # # If you don't want to use the customized JDBC dirvers, you can keep it as default. + # user_custom_jdbc_drivers: false + # # The persistent volume claim for custom JDBC Drivers if using the custom jdbc drivers is enabled + # custom_jdbc_pvc: + # # The custom JDBC Drivers' names if using the custom jdbc drivers is enabled + # jdbc_driver_files: "db2jcc4.jar db2jcc_license_cu.jar" + # images: + # pull_policy: IfNotPresent + # bastudio: + # repository: cp.icr.io/cp/cp4a/bas/bastudio + # tag: 19.0.3 + # # Optional + # custom_xml: + # # Optional + # custom_secret_name: + # # Optional + # bastudio_custom_xml: + # content_security_policy: "default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; font-src 'self' fonts.gstatic.com; frame-src *; img-src 'self' data:;" + # csrf_referrer: + # # The custom whitelist for Cross-Site Request Forgery (CSRF) protection. For example it is needed when you want to integrate BAS with the other editors such as ADW, ACA + # whitelist: "" + # logs: + # console_format: json + # console_log_level: INFO + # console_source: message,trace,accessLog,ffdc,audit + # trace_format: ENHANCED + # trace_specification: "*=info" + # replica_size: 1 + # autoscaling: + # enabled: false + # minReplicas: 1 + # maxReplicas: 3 + # targetAverageUtilization: 95 + # resources: + # bastudio: + # limits: + # cpu: 4000m + # memory: 3Gi + # requests: + # cpu: 2000m + # memory: 2Gi + # init_process: + # limits: + # cpu: 500m + # memory: 512Mi + # requests: + # cpu: 200m + # memory: 256Mi + # liveness_probe: + # initial_delay_seconds: 300 + # period_seconds: 10 + # timeout_seconds: 5 + # failure_threshold: 3 + # success_threshold: 1 + # readiness_probe: + # initial_delay_seconds: 240 + # period_seconds: 5 + # timeout_seconds: 5 + # failure_threshold: 6 + # success_threshold: 1 + # jms_server: + # image: + # repository: cp.icr.io/cp/cp4a/bas/jms + # tag: 19.0.3 + # pull_policy: IfNotPresent + # resources: + # limits: + # cpu: "1" + # memory: "1Gi" + # requests: + # cpu: "500m" + # memory: "512Mi" + # storage: + # # If JMS storage persistent should be enabled + # persistent: false + # # If use dynamic provisioning for JMS storage persistent + # use_dynamic_provisioning: false + # storage_class: "gluster-fs" + # access_modes: "ReadWriteOnce" + # selector: {} + # size: "3Gi" + # #----------------------------------------------------------------------- + # # App Engine Playback Server can only be one instance + # #----------------------------------------------------------------------- + # playback_server: + # admin_secret_name: playback-server-admin-secret + # images: + # pull_policy: IfNotPresent + # db_job: + # repository: cp.icr.io/cp/cp4a/bas/solution-server-helmjob-db + # tag: 19.0.3 + # solution_server: + # repository: cp.icr.io/cp/cp4a/bas/solution-server + # tag: 19.0.3 + # hostname: + # port: + # # If you don't want to use the customized external TLS certificate, you can leave it empty. + # external_tls_secret: + # # If you don't want to use the customized JDBC dirvers, you can keep it as default. + # user_custom_jdbc_drivers: false + # replica_size: 1 + # autoscaling: + # enabled: false + # max_replicas: 5 + # min_replicas: 2 + # target_cpu_utilization_percentage: 80 + # database: + # host: + # # The database provided should be created by the App Engine Playback Server SQL script template. + # name: + # port: + # # If you want to enable the database ACR, HADR, configure the alternative_host and alternative_port both + # alternative_host: + # alternative_port: + # type: db2 + # enable_ssl: false + # db_cert_secret_name: db2-ssl-certificate-secret + # current_schema: DBASB + # initial_pool_size: 1 + # max_pool_size: 10 + # uv_thread_pool_size: 4 + # max_lru_cache_size: 1000 + # max_lru_cache_age: 600000 + # dbcompatibility_max_retries: 30 + # dbcompatibility_retry_interval: 10 + # # The persistent volume claim for custom JDBC Drivers if using the custom jdbc drivers is enabled + # custom_jdbc_pvc: + # log_level: + # node: info + # browser: 2 + # content_security_policy: + # enable: false + # whitelist: + # env: + # max_size_lru_cache_rr: 1000 + # server_env_type: development + # purge_stale_apps_interval: 86400000 + # apps_threshold: 100 + # stale_threshold: 172800000 + # max_age: + # auth_cookie: "900000" + # csrf_cookie: "3600000" + # static_asset: "2592000" + # hsts_header: "2592000" + # probe: + # liveness: + # failure_threshold: 5 + # initial_delay_seconds: 60 + # period_seconds: 10 + # success_threshold: 1 + # timeout_seconds: 180 + # readiness: + # failure_threshold: 5 + # initial_delay_seconds: 10 + # period_seconds: 10 + # success_threshold: 1 + # timeout_seconds: 180 + # redis: + # host: localhost + # port: 6379 + # ttl: 1800 + # resource_ae: + # limits: + # cpu: 2000m + # memory: 2Gi + # requests: + # cpu: 1000m + # memory: 1Gi + # resource_init: + # limits: + # cpu: 500m + # memory: 256Mi + # requests: + # cpu: 200m + # memory: 128Mi + # session: + # check_period: "3600000" + # duration: "1800000" + # max: "10000" + # resave: "false" + # rolling: "true" + # save_uninitialized: "false" + # use_external_store: "false" + # tls: + # tls_trust_list: [] + iaws_configuration: + # - name: instance1 + # wfs: + # service_type: "Route" + # hostname: "" + # port: 443 + # external_tls_secret: ibm-baw-ext-tls-secret + # external_tls_ca_secret: ibm-baw-ext-tls-ca-secret + # replicas: 1 + # workflow_server_secret: ibm-baw-baw-secret + # tls: + # tls_secret_name: ibm-baw-tls + # tls_trust_list: + # - ums-ingress-tls-secret + # + # # ---------------------------------------------------------------------------------------- + # # images + # # ---------------------------------------------------------------------------------------- + # image: + # repository: cp.icr.io/cp/cp4a/iaws/iaws-ps + # tag: 19.0.3 + # pull_policy: IfNotPresent + # pfs_bpd_database_init_job: + # repository: cp.icr.io/cp/cp4a/iaws/pfs-bpd-database-init-prod + # tag: "19.0.3" + # pull_policy: IfNotPresent + # upgrade_job: + # repository: cp.icr.io/cp/cp4a/iaws/iaws-psdb-handling + # tag: "19.0.3" + # pull_policy: IfNotPresent + # ibm_workplace_job: + # repository: cp.icr.io/cp/cp4a/iaws/iaws-ibm-workplace + # tag: "19.0.3" + # pull_policy: IfNotPresent + # + # # ---------------------------------------------------------------------------------------- + # # PS DB settings. + # # ---------------------------------------------------------------------------------------- + # database: + # ssl: false + # sslsecretname: ibm-dba-baw-db2-cacert + # type: "DB2" + # server_name: "" + # database_name: "" + # port: "50000" + # secret_name: ibm-baw-wfs-server-db-secret + # dbcheck: + # # The maximum waiting time (seconds) to check the database intialization status. + # wait_time: 900 + # # The interval time (seconds) to check. + # interval_time: 15 + # hadr: + # standbydb_host: + # standbydb_port: + # retryinterval: + # maxretries: + # + # # ---------------------------------------------------------------------------------------- + # # Content integration configurations + # # ---------------------------------------------------------------------------------------- + # content_integration: + # init_job_image: + # repository: cp.icr.io/cp/cp4a/iaws/iaws-ps-content-integration + # tag: "19.0.3" + # pull_policy: IfNotPresent + # domain_name: "" + # object_store_name: "" + # cpe_admin_secret: + # event_handler_path: "/home/config/docs-config" + # wait_interval: 60000 + # + # # ---------------------------------------------------------------------------------------- + # # AppEngine configuration + # # ---------------------------------------------------------------------------------------- + # appengine: + # hostname: + # admin_secret_name: ae-admin-secret-instance1 + # + # # ---------------------------------------------------------------------------------------- + # # Resource Registry configuration + # # ---------------------------------------------------------------------------------------- + # resource_registry: + # hostname: + # port: 443 + # admin_secret_name: + # + # # ---------------------------------------------------------------------------------------- + # # JMS configuration + # # ---------------------------------------------------------------------------------------- + # jms: + # image: + # repository: cp.icr.io/cp/cp4a/iaws/baw-jms-server + # tag: "19.0.3" + # pull_policy: IfNotPresent + # tls: + # tls_secret_name: dummy-jms-tls-secret + # resources: + # limits: + # memory: "2Gi" + # cpu: "1000m" + # requests: + # memory: "512Mi" + # cpu: "200m" + # storage: + # persistent: true + # size: "2Gi" + # use_dynamic_provisioning: false + # access_modes: + # - ReadWriteOnce + # storage_class: "jms-storage-class" + # # if you do not need selector, please comment or remove below selector section + # selector: + # label: "" + # value: "" + # + # # ---------------------------------------------------------------------------------------- + # # Resource limitation + # # ---------------------------------------------------------------------------------------- + # resources: + # limits: + # cpu: 3 + # memory: 2096Mi + # requests: + # cpu: 2 + # memory: 1048Mi + # + # # ---------------------------------------------------------------------------------------- + # # Resource limitation for init containers + # # ---------------------------------------------------------------------------------------- + # resource_init: + # limits: + # cpu: 500m + # memory: 256Mi + # requests: + # cpu: 200m + # memory: 128Mi + # + # # ---------------------------------------------------------------------------------------- + # # liveness and readiness probes + # # ---------------------------------------------------------------------------------------- + # probe: + # ws: + # liveness_probe: + # initial_delay_seconds: 240 + # readinessProbe: + # initial_delay_seconds: 180 + # + # # ---------------------------------------------------------------------------------------- + # # trace settings. + # # ---------------------------------------------------------------------------------------- + # logs: + # console_format: "json" + # console_log_level: "INFO" + # console_source: "message,trace,accessLog,ffdc,audit" + # message_format: "basic" + # trace_format: "ENHANCED" + # trace_specification: "*=info" + # + # # ---------------------------------------------------------------------------------------- + # # custom configuration in Liberty server.xml, put the custom.xml in secret with key "sensitiveCustomConfig" + # # kubectl create secret generic wfs-custom-xml-secret --from-file=sensitiveCustomConfig=./custom.xml + # # ---------------------------------------------------------------------------------------- + # custom_xml_secret_name: + # + # # ---------------------------------------------------------------------------------------- + # # custom configuraiton in 100Custom.xml, put the 100Custom.xml in secret with key "sensitiveCustomConfig" + # # kubectl create secret generic wfs-lombardi-custom-xml-secret --from-file=sensitiveCustomConfig=./100Custom.xml + # # ---------------------------------------------------------------------------------------- + # lombardi_custom_xml_secret_name: + ######################################################################## + ######## IBM Process Federation Server configuration ######## + ######################################################################## + pfs_configuration: + # pfs: + # hostname: "" + # port: 443 + # service_type: Route + # + # image: + # repository: cp.icr.io/cp/cp4a/iaws/pfs + # tag: "19.0.3" + # pull_policy: IfNotPresent + # + # replicas: 1 + # service_account: + # anti_affinity: hard + # + # admin_secret_name: ibm-pfs-admin-secret + # config_dropins_overrides_secret: ibm-pfs-config + # resources_security_secret: "" + # + # external_tls_secret: + # external_tls_ca_secret: + # tls: + # tls_secret_name: + # tls_trust_list: + # - ums-tls-crt-secret + # + # resources: + # requests: + # cpu: 500m + # memory: 512Mi + # limits: + # cpu: 2 + # memory: 4Gi + # liveness_probe: + # initial_delay_seconds: 300 + # readiness_probe: + # initial_delay_seconds: 240 + # saved_searches: + # index_name: ibmpfssavedsearches + # index_number_of_shards: 3 + # index_number_of_replicas: 1 + # index_batch_size: 100 + # update_lock_expiration: 5m + # unique_constraint_expiration: 5m + # + # security: + # sso: + # domain_name: + # cookie_name: "ltpatoken2" + # ltpa: + # filename: "ltpa.keys" + # expiration: "120m" + # monitor_interval: "60s" + # ssl_protocol: SSL + # + # executor: + # max_threads: "80" + # core_threads: "40" + # + # rest: + # user_group_check_interval: "300s" + # system_status_check_interval: "60s" + # bd_fields_check_interval: "300s" + # + # custom_env_variables: + # names: + # # - name: MY_CUSTOM_ENVIRONMENT_VARIABLE + # secret: + # + # output: + # storage: + # use_dynamic_provisioning: false + # size: 5Gi + # storage_class: "pfs-output" + # + # logs: + # console_format: "json" + # console_log_level: "INFO" + # console_source: "message,trace,accessLog,ffdc,audit" + # trace_format: "ENHANCED" + # trace_specification: "*=info" + # storage: + # use_dynamic_provisioning: false + # size: 5Gi + # storage_class: "pfs-logs" + # + # dba_resource_registry: + # image: + # repository: cp.icr.io/cp/cp4a/aae/dba-etcd + # tag: 19.0.3 + # pull_policy: IfNotPresent + # lease_ttl: 120 + # pfs_check_interval: 10 + # pfs_connect_timeout: 10 + # pfs_response_timeout: 30 + # pfs_registration_key: /dba/appresources/IBM_PFS/PFS_SYSTEM + # tls_secret: rr-tls-client-secret + # resources: + # limits: + # memory: '512Mi' + # cpu: '500m' + # requests: + # memory: '512Mi' + # cpu: '200m' + # + # # ---------------------------------------------------- + # # PFS Embedded Elasticsearch configuration + # # ---------------------------------------------------- + # elasticsearch: + # es_image: + # repository: cp.icr.io/cp/cp4a/iaws/pfs-elasticsearch-prod + # tag: "19.0.3" + # pull_policy: IfNotPresent + # + # pfs_init_image: + # repository: cp.icr.io/cp/cp4a/iaws/pfs-init-prod + # tag: "19.0.3" + # pull_policy: IfNotPresent + # + # nginx_image: + # repository: cp.icr.io/cp/cp4a/iaws/pfs-nginx-prod + # tag: "19.0.3" + # pull_policy: IfNotPresent + # + # replicas: 1 + # service_type: NodePort + # external_port: + # anti_affinity: hard + # service_account: + # privileged: true + # probe_initial_delay: 90 + # heap_size: "1024m" + # + # resources: + # limits: + # memory: "2Gi" + # cpu: "1000m" + # requests: + # memory: "1Gi" + # cpu: "100m" + # + # storage: + # persistent: true + # use_dynamic_provisioning: false + # size: 10Gi + # storage_class: "pfs-es" + # + # snapshot_storage: + # enabled: false + # use_dynamic_provisioning: false + # size: 30Gi + # storage_class_name: "" + # existing_claim_name: "" + # + # security: + # users_secret: "" + ca_configuration: +# global: +# arch: "amd64" +# service_type: "Route" # required, supported service type for application engine is: Route or NodePort. +# frontend_external_hostname: "www.ca.frontendsp" # required, if service_type is Route. Otherwise leave blank +# backend_external_hostname: "www.ca.backendsp" # required, if service_type is Route. Otherwise leave blank +# image: +# repository: "" +# tag: "latest" +# pull_policy: "IfNotPresent" +# pull_secrets: "baca-docker-secret" # Specify secret name for image pull +# authentication_type: 1 # 0-Non-ldap, 1-LDAP, 2- User Management Service integration +# retries: "90" # The max of retrying for CA deployment verification task until all the pods are in Ready status. A delay of 20 seconds between each attempt. +# bas: +# bas_enabled: "false" +# celery: +# process_timeout: 300 +# configs: +# claimname: "sp-config-pvc" +# logs: +# claimname: "sp-log-pvc" +# log_level: "debug" +# data: +# claimname: "sp-data-pvc" +# redis: +# resources: +# limits: +# memory: "640Mi" +# cpu: "0.25" +## replica_count: 3 +## quorum: 2 +# rabbitmq: +# resources: +# limits: +# memory: "640Mi" +# cpu: "0.5" +## replica_count: 3 +# mongo: +# configdb_claimname: "sp-data-pvc" +# shard_claimname: "sp-data-pvc" +# mongo_limited_memory: "1600Mi" +# wired_tiger_cache: ".3" +# mongoadmin: +# admin_configdb_claimname: "sp-data-pvc" +# admin_shard_claimname: "sp-data-pvc" +# mongo_limited_memory: "1600Mi" +# wired_tiger_cache: ".3" +# caller_api: +# replica_count: 2 +# resources: +# limits: +# memory: "480Mi" +# cpu: "1" +# spbackend: +# replica_count: 2 +# resources: +# limits: +# memory: "640Mi" +# cpu: "2" +# spfrontend: +# replica_count: 2 +# resources: +# limits: +# memory: "480Mi" +# cpu: "2" +# backend_host: "" +## frontend_host: "" +# sso: "false" +# postprocessing: +# name: "postprocessing" +# process_timeout: 1500 +# replica_count: 2 +# max_unavailable_count: 1 +# resources: +# limits: +# memory: "480Mi" +# cpu: "4" +# pdfprocess: +# name: "pdfprocess" +# process_timeout: 1500 +# replica_count: 2 +# max_unavailable_count: 1 +# resources: +# limits: +# memory: "960Mi" +# cpu: "2" +# utfprocess: +# name: "utf8process" +# process_timeout: 1500 +# replica_count: 2 +# max_unavailable_count: 1 +# resources: +# limits: +# memory: "960Mi" +# cpu: "2" +# setup: +# name: "setup" +# process_timeout: 120 +# replica_count: 2 +# max_unavailable_count: 1 +# resources: +# limits: +# memory: "480Mi" +# cpu: "2" +# ocrextraction: +# name: "ocr-extraction" +# replica_count: 2 +# max_unavailable_count: 1 +# resources: +# limits: +# memory: "1440Mi" +# cpu: "4" +# classifyprocess: +# name: "classifyprocess-classify" +# replica_count: 2 +# max_unavailable_count: 1 +# resources: +# limits: +# memory: "960Mi" +# cpu: "4" +# processingextraction: +# name: "processing-extraction" +# replica_count: 2 +# max_unavailable_count: 1 +# resources: +# limits: +# memory: "1440Mi" +# cpu: "4" +# updatefiledetail: +# name: "updatefiledetail" +# replica_count: 2 +# max_unavailable_count: 1 +# resources: +# limits: +# memory: "480Mi" +# cpu: "2" + ######################################################################## + ######## IBM Business Automation Insights configuration ######## + ######################################################################## + bai_configuration: +# imageCredentials: +# imagePullSecret: "admin.registrykey" +# persistence: +# useDynamicProvisioning: true +# flinkPv: +# storageClassName: "" +# kafka: +# bootstrapServers: "kafka.bootstrapserver1.hostname:9092,kafka.bootstrapserver2.hostname:9092,kafka.bootstrapserver3.hostname:9092" +# securityProtocol: "PLAINTEXT" +# settings: +# egress: false +# ingressTopic: icp4adeploy-ibm-bai-ingress +# egressTopic: icp4adeploy-ibm-bai-egress +# serviceTopic: icp4adeploy-ibm-bai-serviceTopic +# setup: +# image: +# repository: cp.icr.io/cp/cp4a/bai/bai-setup +# tag: "19.0.3" +# admin: +# image: +# repository: cp.icr.io/cp/cp4a/bai/bai-admin +# tag: "19.0.3" +# flink: +# initStorageDirectory: true +# image: +# repository: cp.icr.io/cp/cp4a/bai/bai-flink +# tag: "19.0.3" +# zookeeper: +# image: +# repository: cp.icr.io/cp/cp4a/bai/bai-flink-zookeeper +# tag: "19.0.3" +# ingestion: +# install: false +# image: +# repository: cp.icr.io/cp/cp4a/bai/bai-ingestion +# tag: "19.0.3" +# adw: +# install: false +# image: +# repository: cp.icr.io/cp/cp4a/bai/bai-adw +# tag: "19.0.3" +# bpmn: +# install: false +# image: +# repository: cp.icr.io/cp/cp4a/bai/bai-bpmn +# tag: "19.0.3" +# bawadv: +# install: false +# image: +# repository: cp.icr.io/cp/cp4a/bai/bai-bawadv +# tag: "19.0.3" +# icm: +# install: false +# image: +# repository: cp.icr.io/cp/cp4a/bai/bai-icm +# tag: "19.0.3" +# odm: +# install: false +# image: +# repository: cp.icr.io/cp/cp4a/bai/bai-odm +# tag: "19.0.3" +# content: +# install: false +# image: +# repository: cp.icr.io/cp/cp4a/bai/bai-content +# tag: "19.0.3" +# initImage: +# image: +# repository: cp.icr.io/cp/cp4a/bai/bai-init +# tag: "19.0.3" +# elasticsearch: +# install: true +# ibm-dba-ek: +# image: +# imagePullPolicy: Always +# imagePullSecret: "admin.registrykey" +# elasticsearch: +# image: +# repository: cp.icr.io/cp/cp4a/bai/bai-elasticsearch +# tag: "19.0.3" +# init: +# image: +# repository: cp.icr.io/cp/cp4a/bai/bai-init +# tag: "19.0.3" +# data: +# storage: +# persistent: true +# useDynamicProvisioning: true +# storageClass: "" +# snapshotStorage: +# enabled: true +# useDynamicProvisioning: true +# storageClassName: "" +# kibana: +# image: +# repository: cp.icr.io/cp/cp4a/bai/bai-kibana +# tag: "19.0.3" +# init: +# image: +# repository: cp.icr.io/cp/cp4a/bai/bai-init +# tag: "19.0.3" + ######################################################################## + ######## IBM Business Automation Digital Worker Configuration ######## + ######################################################################## + + adw_configuration: +# global: +# imagePullSecret: baiw-reg-cred +# kubernetes: +# serviceAccountName: "" + +# adwSecret: "" + +# grantWritePermissionOnMountedVolumes: true + +# logLevel: "error" + +# networkPolicy: +# enabled: true + +# registry: +# endpoint: "" + +# npmRegistry: +# persistence: +# enabled: true +# useDynamicProvisioning: true +# storageClassName: "managed-nfs-storage" + +# mongodb: +# replicas: 2 +# persistence: +# enabled: true +# useDynamicProvisioning: true +# storageClassName: "managed-nfs-storage" + + +# designer: +# image: +# repository: "cp.icr.io/cp/cp4a/adw/adw-designer" +# pullPolicy: "Always" +# externalUrl: "" + +# runtime: +# image: +# repository: "cp.icr.io/cp/cp4a/adw/adw-runtime" +# pullPolicy: "Always" +# persistence: +# useDynamicProvisioning: true +# storageClassName: "managed-nfs-storage" +# service: +# type: "NodePort" +# externalPort: 30711 +# runLogLevel: "warn" +# externalUrl: "" + + +# management: +# image: +# repository: "cp.icr.io/cp/cp4a/adw/adw-management" +# pullPolicy: "Always" +# persistence: +# useDynamicProvisioning: true +# storageClassName: "managed-nfs-storage" + +# setup: +# image: +# repository: "cp.icr.io/cp/cp4a/adw/adw-setup" +# pullPolicy: "Always" + +# init: +# image: +# repository: "cp.icr.io/cp/cp4a/adw/adw-init" +# pullPolicy: "Always" + +# baiKafka: +# topic: "BAITOPICFORODM" +# bootstrapServers: "" +# securityProtocol: "SASL_SSL" + +# baiElasticsearch: +# url: "" + +# oidc: +# endpoint: "" diff --git a/descriptors/ibm_cp4a_crd.yaml b/descriptors/ibm_cp4a_crd.yaml new file mode 100644 index 00000000..b847a676 --- /dev/null +++ b/descriptors/ibm_cp4a_crd.yaml @@ -0,0 +1,57 @@ +############################################################################### +# +# Licensed Materials - Property of IBM +# +# (C) Copyright IBM Corp. 2019. All Rights Reserved. +# +# US Government Users Restricted Rights - Use, duplication or +# disclosure restricted by GSA ADP Schedule Contract with IBM Corp. +# +############################################################################### +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: icp4aclusters.icp4a.ibm.com + labels: + app.kubernetes.io/instance: ibm-dba + app.kubernetes.io/managed-by: ibm-dba + app.kubernetes.io/name: ibm-dba + release: 19.0.3 +spec: + group: icp4a.ibm.com + names: + kind: ICP4ACluster + listKind: ICP4AClusterList + plural: icp4aclusters + singular: icp4acluster + scope: Namespaced + subresources: + status: {} + version: v1 + versions: + - name: v1 + served: true + storage: true + validation: + # openAPIV3Schema is the schema for validating custom objects. + # in kube 1.14 schemas can be version specific + openAPIV3Schema: + properties: + spec: + properties: + license: + type: string + pattern: '^accept$' + readinessProbe: + properties: + initialDelaySeconds: + type: integer + minimum: 5 + maximum: 20 + queueManager: + properties: + dev: + properties: + adminPassword: + type: string + pattern: '^[a-zA-Z0-9]{8,}$' diff --git a/descriptors/operator-shared-pvc.yaml b/descriptors/operator-shared-pvc.yaml new file mode 100644 index 00000000..81f9c092 --- /dev/null +++ b/descriptors/operator-shared-pvc.yaml @@ -0,0 +1,27 @@ +############################################################################### +# +# Licensed Materials - Property of IBM +# +# (C) Copyright IBM Corp. 2019. All Rights Reserved. +# +# US Government Users Restricted Rights - Use, duplication or +# disclosure restricted by GSA ADP Schedule Contract with IBM Corp. +# +############################################################################### +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: operator-shared-pvc + annotations: + volume.beta.kubernetes.io/storage-class: "" + labels: + app.kubernetes.io/instance: ibm-dba + app.kubernetes.io/managed-by: ibm-dba + app.kubernetes.io/name: ibm-dba + release: 19.0.3 +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/descriptors/operator.yaml b/descriptors/operator.yaml new file mode 100644 index 00000000..0c3af855 --- /dev/null +++ b/descriptors/operator.yaml @@ -0,0 +1,134 @@ +############################################################################### +# +# Licensed Materials - Property of IBM +# +# (C) Copyright IBM Corp. 2019. All Rights Reserved. +# +# US Government Users Restricted Rights - Use, duplication or +# disclosure restricted by GSA ADP Schedule Contract with IBM Corp. +# +############################################################################### +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ibm-cp4a-operator + labels: + app.kubernetes.io/instance: ibm-dba + app.kubernetes.io/managed-by: ibm-dba + app.kubernetes.io/name: ibm-dba + release: 19.0.3 +spec: + replicas: 1 + selector: + matchLabels: + name: ibm-cp4a-operator + template: + metadata: + labels: + name: ibm-cp4a-operator + app.kubernetes.io/instance: ibm-dba + app.kubernetes.io/managed-by: ibm-dba + app.kubernetes.io/name: ibm-dba + release: 19.0.3 + annotations: + productID: "5737-I23" + productName: "IBM Cloud Pak for Automation" + productVersion: "19.0.3" + spec: + hostNetwork: false + hostPID: false + hostIPC: false + securityContext: + runAsNonRoot: true + serviceAccountName: ibm-cp4a-operator + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 3 + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - "amd64" + containers: + - name: ansible + command: + - /usr/local/bin/ao-logs + - /tmp/ansible-operator/runner + - stdout + # Replace this with the built image name + image: "cp.icr.io/cp/cp4a/icp4a-operator:19.0.3" + imagePullPolicy: "IfNotPresent" + securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: false + runAsNonRoot: true + capabilities: + drop: + - ALL + resources: + limits: + cpu: '1' + memory: 1Gi + requests: + cpu: 500m + memory: 256Mi + volumeMounts: + - mountPath: /tmp/ansible-operator/runner + name: runner + - mountPath: /opt/ansible/share + name: operator-shared-folder + - name: operator + # Replace this with the built image name + image: "cp.icr.io/cp/cp4a/icp4a-operator:19.0.3" + imagePullPolicy: "IfNotPresent" + securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: false + runAsNonRoot: true + capabilities: + drop: + - ALL + resources: + limits: + cpu: '1' + memory: 1Gi + requests: + cpu: 500m + memory: 256Mi + volumeMounts: + - mountPath: /tmp/ansible-operator/runner + name: runner + - mountPath: /opt/ansible/share + name: operator-shared-folder + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: "ibm-cp4a-operator" + - name: WORKER_FOOSERVICE_CACHE_EXAMPLE_COM + value: "10" + imagePullSecrets: + - name: "admin.registrykey" + volumes: + - name: runner + emptyDir: {} + - name: "operator-shared-folder" + persistentVolumeClaim: + claimName: "operator-shared-pvc" diff --git a/descriptors/role.yaml b/descriptors/role.yaml new file mode 100644 index 00000000..5d76d4bf --- /dev/null +++ b/descriptors/role.yaml @@ -0,0 +1,122 @@ +############################################################################### +# +# Licensed Materials - Property of IBM +# +# (C) Copyright IBM Corp. 2019. All Rights Reserved. +# +# US Government Users Restricted Rights - Use, duplication or +# disclosure restricted by GSA ADP Schedule Contract with IBM Corp. +# +############################################################################### +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ibm-cp4a-operator + labels: + app.kubernetes.io/instance: ibm-dba + app.kubernetes.io/managed-by: ibm-dba + app.kubernetes.io/name: ibm-dba + release: 19.0.3 +rules: +- apiGroups: + - "" + resources: + - pods + - services + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + - serviceaccounts + verbs: + - '*' +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - apps + resourceNames: + - ibm-cp4a-operator + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - icp4a.ibm.com + resources: + - '*' + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' +- apiGroups: + - policy + resources: + - poddisruptionbudgets + - podsecuritypolicies + verbs: + - '*' +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' +- apiGroups: + - "" + - route.openshift.io + resources: + - routes + verbs: + - '*' +- apiGroups: + - "" + - route.openshift.io + resources: + - routes/custom-host + verbs: + - '*' +- apiGroups: + - "extensions" + resources: + - "ingresses" + verbs: + - "*" diff --git a/descriptors/role_binding.yaml b/descriptors/role_binding.yaml new file mode 100644 index 00000000..17dac646 --- /dev/null +++ b/descriptors/role_binding.yaml @@ -0,0 +1,26 @@ +############################################################################### +# +# Licensed Materials - Property of IBM +# +# (C) Copyright IBM Corp. 2019. All Rights Reserved. +# +# US Government Users Restricted Rights - Use, duplication or +# disclosure restricted by GSA ADP Schedule Contract with IBM Corp. +# +############################################################################### +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ibm-cp4a-operator + labels: + app.kubernetes.io/instance: ibm-dba + app.kubernetes.io/managed-by: ibm-dba + app.kubernetes.io/name: ibm-dba + release: 19.0.3 +subjects: +- kind: ServiceAccount + name: ibm-cp4a-operator +roleRef: + kind: Role + name: ibm-cp4a-operator + apiGroup: rbac.authorization.k8s.io diff --git a/descriptors/scc-fncm.yaml b/descriptors/scc-fncm.yaml new file mode 100755 index 00000000..96feb774 --- /dev/null +++ b/descriptors/scc-fncm.yaml @@ -0,0 +1,38 @@ +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowPrivilegeEscalation: true +allowPrivilegedContainer: false +allowedCapabilities: [] +apiVersion: security.openshift.io/v1 +defaultAddCapabilities: [] +fsGroup: + type: RunAsAny +groups: +- system:authenticated +kind: SecurityContextConstraints +metadata: + name: ibm-fncm-operator +priority: 0 +readOnlyRootFilesystem: false +requiredDropCapabilities: +- KILL +- MKNOD +- SETUID +- SETGID +runAsUser: + type: MustRunAsRange +seLinuxContext: + type: MustRunAs +supplementalGroups: + type: RunAsAny +users: [] +volumes: +- configMap +- downwardAPI +- emptyDir +- persistentVolumeClaim +- projected +- secret diff --git a/descriptors/service_account.yaml b/descriptors/service_account.yaml new file mode 100644 index 00000000..160efb74 --- /dev/null +++ b/descriptors/service_account.yaml @@ -0,0 +1,19 @@ +############################################################################### +# +# Licensed Materials - Property of IBM +# +# (C) Copyright IBM Corp. 2019. All Rights Reserved. +# +# US Government Users Restricted Rights - Use, duplication or +# disclosure restricted by GSA ADP Schedule Contract with IBM Corp. +# +############################################################################### +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ibm-cp4a-operator + labels: + app.kubernetes.io/instance: ibm-dba + app.kubernetes.io/managed-by: ibm-dba + app.kubernetes.io/name: ibm-dba + release: 19.0.3 diff --git a/images/bai-architecture.jpg b/images/bai-architecture.jpg deleted file mode 100644 index d009081022b73516077e18974df7f6edccc2078b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 182269 zcmeFZ3Eb>dc|U$xL_kEqU6fugh}dw+HpwKnK%Fg_nPf7V>=S7@-pggt;{VtFm(Rz!pZC4< zCg(ioJkMF4=leX*Id|Q5*Ee^a&}BNzuEP#LY}aMr->$oUu_1+| z)+liE-L^aSqjUEB=!4hq+3h>$?9quH(u*7J#BZ0WE0=;YDuWU2?D^w!k3D<6Z#|1= zZf@;f&%!9%w?1djhWI}4edjT}XZNN^9-OnMw$tivqbKfe%u{zaaTd9EgjVp~Rr)NH zL@^XOb2o;dRT!aQ6y1v=`!H%BPVV0S*>mo(;M>`$L%UU+3)E&(~_TI%|cW zHBZMdO4BrqU@(U51ts=oMU-3Xy-{}RmdF7*O*b2*ew_RBX!j0X%bqXtbN1}nY3Sf* zKVP%>U_g>gcaJu~3ovN-{Z?{D2b+r*X}A%GGlJdF zow-q-fqLlu)&s-X>m96mkLC`{k=g8iYi7CR-aQKUTQgIN*o7rGn=jIl3yPn5fBa^7 zYYD{v+otI~3AL7hrMt%z4B6R$jeU*OwQ{!!e$EB+iQbEldoff&(R~$cABIB+whuwh zhVNDK?lHfc#ynN#^YGm5yzPYHBFj@NpQpPUjolb_7P9+{o;C8LohA5`LkRA#b}x#( zx#N4qy?cewn_f}ow*Dc7?p+-$CdbOHdlR@nwt9z_y%!y2vY6SC<%ij3Jsq6pn}t;i z^Lsws5$Vp#2>s0hiLEqqcgFIZJqHH!;EFm(Y5y?n%=~>T-^nNEVg$Ki?~q4#_v&E1 z9l38xOk96F$ma@^iali@m$v{)fM}YaVRZI^gAa(5lzeR(-58^>M(~2g7b-HD>GM zG2g7sxyEYFZ3s5&wO+Hf+W8qYYZb9oqx#KyPhsi^d8@*OYhgXVq%gS0kZW zLx!M*Av;keMw)NlZwMYNcxa^u_#LJIql0lR1?<*VEosYgts~V2JqfVZs#%>KHrurw z?gpUH!OwuHtvW0aOS@4E0DIuwxYN9Mxh=s#tpT_Nav60RgEwz!UHw4wZJ?X7YpK3_Oc-aaErKAK2 zR}68nA*h2WAp4~-aa6OdG?7K8)1CLajmg-Ybb;s+8PRe<MnK3~7`wxn zxgnU?Q5SO~f}6&iK8r~|PLf5ITI6yr)oLBUey3RogWw$9c#}i9d3*8@9`9>WVWx?&X#%o6n zR^tuJ-Koj2z7sf%ic?9yTovPZLlA+)a?+K9yr-yyD22{Y*J9gXP}e}E(40AQOOI2V zMHe>qU$MU-2sOj5u7`wg&f>)=GD$B;`ax`2QNqoVge>wjftIiZCK{L~wMJ`aiZ!Vk zEmF0_O5s{BquOwXhF8sGLvZS+OBFTXTGyXPv^Hb7ak7MKjdJBtQygA3l0LVf z70rWmw+YI&m+-2tjx>jyB`~!^vepp24M8|LKr)QRFab)U(ptlJ8ZY*fBj=T*iV7M` z>~FIs9%z%Q9Vk@mC;bh2O5VDkh?bvKz;|>Ts8L>qG~&AYzS_6Sv7V<1ISUegAA`~`=t$pf2dSe4IpT$ zc8_*fH6Unmz9Cpi<|V$Euh@>PQ?*vgxJH`QxK0@aGd`A@ep)n39@3YD3)xj%7kin$ z#BemBHG;5bZLJgY{Z?$|<_O;q)H>mCon#fhiAoD+W&~D}LDT{odi*RTn{hwD`l+P| z7M2NVO#5KOgJ4($QoX~dRI_lUA(_+{xXtMDhG06fd}7Eq?MxM!6+f8{kow%i4SllK z6hr0XIGSj-6whZ3dF>NjQ#V~JS<&3QYm8isOQS`VZp%U?HH{6yu-mePQLnMCC4+fS zhd_~fqOHvCaK#Ub0i#6s_gHU#UT z&}c|4XEo9^Z)b+@%%9&P_)3z4Wf_b0wpeEqrLQ)-Tp6@FCEa8<1S2W}V@Qlqw*m`{ zVDyEl~C3rE!@=BB!l}dza6}s*x8l=L#Hj!iAOf1E8m^tR6 zVp}f3>CA>8wV30~l5dWzvc^CuhK#2YJI<6IB4e>ThmiV!D-yHtW)kGGb7K|^@OEfb z@_DhC;o-{GS18*Lrb~t%ZU|1J(3M&(Yl7GPwlEnm`9fnfYm!%QH5jH(spinMA zzQSduC1F;-gTq|c457L==6hP5NahQXD!g(v^T!rnlq`euWkH%r%S$=CDDts3wubV6 zX)U&+9Cd;&!8Z(sA-TC+fqQ^`u}@4Fsm>3KJe})qJZMNlXBpOj@cM)hj|Orf%j;ga zLK<8Gc5c&L8$sUKDygJLEg{D%-8|-5P8p;=JVl#o$e<%!h}?B+ElXIt*9oQ`+47;~ zsF=jH;c8g6mDxyB7!S-L-zp&$kGk7Iu`_#CP=$^zJF~!>&##2FA4BTBMPtYJ3@Wve9Y+mUg*Ky)Ue00M zd|J?u*(Qiaqk%1!T-B(qES3*rqRLSju^kj2mdoC>J`<~<4rM9HORBnr-L9l-V22#S z;*uya8U?!yG!s2+;3MlQhZvF#;Y~?&i?%E;*TCcMgJOeMj)8cIN> zK~yDD=b>hiHrBvGSSNy=$IzTr!Jvg}!znyPR|~K>+5ZHseRsbuVO zGR9LlPv%5VKs9AUP?^*HiY0ZEc32j;V^9nf(g{5sS}-}H7pkxxx!KBvhm*N!8qPeC z`9Ur(O^wA{%K+>GRkSV^a4yJ;Ey1{Ijp*2fOb?jD4J5C06l=!yWho3NIT5SoqGMNT z92ILUH=p&Dg0bs?81nKYZjF3+PMW!=V@~Q~%ju?vd_!qbW!^vrvgMjaB?udh#WQw1J2-@H`43oMER5Ni^MsNg8r5 z;@ELa%F>dK=p=N2Zs)c={O>Y{cP!xz%UcWkfc<*VIy_+MK45cr#}eKU)PN2-K<@v< z9Nw{nHv|uw_WR9Yb%ELgTh!Zmgn9#7K$)sgcFo+O%(6km+Pv)6@EY6@(6!b(XkBfM z{SCqYyB7cb8T(t7w@~B1w)mw;(M+?$(ha;e3HX3DOO+Ln7=3Qe= z2$hIY2Y9GRxG{#qQr6X8yAifJ1h+*2JwYLtXtS{_LAUjG&@Av6O7oPN5*D(+Q6|uP z$~u~^G?SgdPD+Z6-b^a03;=@mEU)`%=O9+x^zgR>#$=Dyk$4ZM zlT0bQ-O-dT8MYhwnneL*o+AA!^IZs!97bXqu8Ok zLu`WbvOP(ysP;7XMvJq`%B6ahvOSte3(Op@ zwiCNsPcaBU--es=a39Ab#+bDuo}yI%_#8eh*3Eb{i)BoY07fP&fghQsr#S}A0;dqu zEofOmh9m_U+?Jr#0h(OnN_bTRP=j-IM@AQh95>Ji0KkDh(vaAU3A;&Bl(Ry7iLaAp za}ap!+L0MGvKiH$12L7sWNQ+us9m;AQfQiF$mVdjZR<4NW#`it6=a#mDt@)D!45YV zti?49Tr2Zrg2F^$QrUV&X4O)m2R`bfvnYc%qnuG$PEDG5}r1~mXdRXwe`*+dW^-aS5Mji@fu_s za_|t>U;*e}i)+9WlyhAo*8*o)+E8xJslcbufcKMiUu$;Qd2LYJM{-$Tj~zTx584VgQcLii(UAaFxe%v6&Z8iHk!K8d)&!tQ+tw(jr~vm1sqp;If zXw_%)=Ax&$G9Jy^aMayuJzGhAjxW}6o{oxDKM>YTw?+l(YNGgL%)6|x7?t@z$oy3G z6;s!gnNc#36D(qKZCl=)@zH3gbeltCJIZJ|6;|~a38)D^n>K5>H(zsP)9))@kqwd{ zidYQpi)FKE0i@dwstOO+S`^F5#K1^bOgqRLAuxsf#XQ=uJY;oCX9A8=+LX9Xsy#oQ z3l3NcM$^||4vGeA44pzm)-mmoq!^NmC({f?%6V(rD&p0!)~*^ob*;_3?b0({$1Y39 zBFm(O$Go*7eTt1FiL+w6!3q^vb7Qq^N4ivBviPc3D}rHCii{dl2=GYhx?hx}*BuS; z&Q|MmYbVFY5Kci6sD<>6-NcZp%#?N(rU z;A?I-8R9@)x2$xj`2gjX#g0+EAvn_!L@x4WPoF?0Jw)r(3Z`OlVRhTXJ`>JKMP3a` zS>l^4Tgf|d)oF}0H!w7~KMjWn*typAbRjmaS*x=lI7qFj+ol&$RujpgrP)xxm#{a1 zDju?qHPQ-Q4MJGjuft6?RM>LS?IOdXyY5hZ0E$>i_IsMu3x+~twINuiK#LX)fRp1b zSzrR)_uE!S?r6q@MHRK$mh&F42A70XA7ZUuSUSL0HR%l14MD!>59VDFxUeyn%Q`?; ztsxnnRi$~=GXw{j>FCIfZAI_~z^k8W161 z2weHA#%N@_P%n!jpQZE4q_i4}X7>hMlFchcv6}P+y;GUaV$sT*3fEuGBxE$SSm5F% zi8&mV)TW2oFd8GgA^;`a&{=~7fMk@HO{Rk+y%x=J!c2>srP!_vtUO24Sxc5}eg;As z<6>D02TQLy_eh*-`blGJIaC@8F4x3~pGycmFbvUask3yX zF^ZD=Nn$d!VKiT2Q`NRL9GWs(CajwxyY-3;4P6%&)A`C&=uV$YB?nsva!;O{UDu1_ zLQmb9C9W9<>h@vKY^p+F=n@Z1+L$W!78a8tKU_)JsN5oYdBDoN%7$_+Zufw5hG`5c zBQ95C2$dJWKEeT8foS%=Ib^rFwT%XL|t}Ze(Z$Jwo;D z6otAP*%AvA=EACOVIe}-ZG4o`sDmYVUJS8?z2Fg(sI9|hT1>k}MXoRPZ~$T)XbhO$@yQ(lA}H&Z9Bp>d zz+BsfteR{*sG@P9sk8tKGH0kNyttZWBGv_OCB?S@v9`e~MGIEKZ3iuMaq zqyglP7`*{`xlNIh&P-iM62#nbUCRW{K3Se8u(qgotu8hj8{w8Ze7CK?8nRiu&oC(qzY^I zu;lf?3JC`Um-^w%61o*J=}mj#R_if*BS~8Zu-fRF0-S0~-3nsE10FwPZou4f*%>S= z`Jf%9@+4`s=Dn^shbn4mMt+o#{!cDq2oqGlU|0zP${RHW+Qmv5WS4HeRQFy z_RLT_#AM_(8`*~7$Q;#I95U&}SWqom^fE&YMz>&K656m=^(de4APc}R*jFTAoFDQ? z>Q9tZbjwl-@)nWoXSsvT`|CMSts8Td2%EKJmBd&_984KCUz)?AsD&ZW;=_>dS6g*W zlhgpH$euRrCNSY+0v@**g7DDk*5FKALI+1Dw4+zDSxbyV&Ei;dXtFj+ble2t@_bQL zlJ!)D%NpGC`*;o~{nQ0Uo9oQAAa-QQ$6-eid)rY?z=odOw<*QZ@J4b->* zs-DucW#UBe(g$<0QuoMVG7b<3%PL5oa=6~W{90?I$`iFlj{(~yG2U4!Qv$$+EkV^8 zB6OM%Q7)N%PYtK=2yPd8rgZSN8!wkwo%9#n+*uYrHHETnh3>g*g|<;Flr1kPnV204 zg)`P{a_fWTI2CKQLGZ1knI1Wcs2HjOqiF~50>k)TzYf)!x{L*_I3dRoh^&!9E)v_I zKfPLO@*XfG4uDGEFT>M_CAR`|{ED_g2CwVBrT60bo99aacFw?=#I_O1fFmUO> z4z&OdV8h{oCUww}q>sXc-fj*fATLCXr*>stqRo!pmP1Wo)oN>)M8G_m+6pxAMm^1e z_J0L7TCzZ9l?k*gFvLQ7`Wgyql_YYvxgr}uCBoXo(A6~Vjh${yb7XE3cIJbD;{y{z z?m`A0pdFwo=JX61)nbMWmjEnNR?(s&HPd@OM|1^wYtA*>9-~hoBMM@F-Jg)IjJlE# z*Ox`h&y7l-EQ=cG=>n&Ke^d9Vz}1Fn!c~1_f%%J}DQdFLv3+6TwYNLA8rJ$c+Fy>F zXlD0b(q`1!U^B4^s93d2#sehKH3;Q_@I8!y zrRJ4u0&9l@OQtBRl*q{C&Cu7CNulN-{h_GOFtVq$Ar;JSc-|(~vbD`~Nb-EBkX?ry z1&C5AI8&rt)>un@YCK{jYTz~`&PAOB#Qi0)^pH|d$yMIXfj^&5WWC>6%j@-$xA9=I zMFAsyNF`h2h)9JL?!|S!` zY+U7laXuKpB2L9hTt~-NbwkilBr>-HJ+El+XxRv6_#DMt(l_FTj*%?zm5E$CDvLF- z7%$?yu`mEY2Tp!Mwi+(x7#!ab$B`_Mz3J9iS_yp+JP&}?VRZ7%iD6EB$V?XRQ zG@wBLD|f@(Skj0{+YoU1)Oy_}JsFF$#@70(026u15-?r?o+FT{MI^w@d#}I8Z0tq# zcot+D$}tPO0Qzx-jayWb4%0FK6C-bQ%*GagSM;;bXHF{% z+b{A8E_2+V#H#g1tv#!a1gyf$L{kRw90e}SH0v*2y~?ZAZH&Ha_p#9M^L(ZHy}8>3 z%gdQ#YRhI6dJUYleMl(bclPZ#(4o6XfR%E~y33Y$?DC$ps>S)Cc4r!v7z zgf2*kND`x)bbOBhF@q8y_*xFxsymlg7!-KQFmOBiT z<;B3W_0CADB-x5e0W!Wc@|QL}^xd8G zCP{2F`l<+!bP0nA-dbzRo%M3)ir}$U46T4lPZSs^9CW?#Xs8Q7{oQL}LvUw-wBcFG z=qw%)VDZKyu|>zu!Uukfz#mrxHb_^jTEjcul*~+hVuX0Cc#M`uASNDKbe0;LZ_bf$ z>t>1a)Ff`pcp5ySpl%m0=YZ3XYFho?%2YCn*!|JQB0w>JJK4(3h1b`nWXb- zJsg4!uo?TwklLCe5$yROiUe#x;8eIL8+_iL5@gj)svu6sg^j`kaaF+s$|~?snTIR| z4(u*mg5|SJ0)s*}EJtt$Q+8O^!gY+as8+y>90L@2SJ%jKkF&Kd*im#k2&eV7xh~`) zuFVH>xiEp}x1aVgqR(Y4+*=lvEz1Zx0bo>d+gb|p2y$NIWsAd@E|~9XBrF|yp4N*= z!xmM}%?HVf;k}aK=dB>G#_nR!C`W03CnIJMRJLI_Gn@_zfE?L!HE3wW!r}PU0JRgw z$i)y_3sDT*9nq2>7a6_M(K@Uyz+&y2OL>Seb*8Lv%PKbp_@2zSu6ukatV63G3Sna> zZ?0a?fQ2{+VZ!Q)iz!UZ*P7ptF?BX28HXG!;$o1G(mKhe#%MyzvDnSxu<@W~PgKFgU%LtdkDE0n0iKJs2J*v(9fHS6 zB;_ayPmI}oyM3{6BE_P(mivs{P@zVb6V@csY*%$Io2@mQt*`6Ve4$jpmI0Efc9et8 zyEd3Ac?<(!wq|H@VyJd#%gxOwBW0_WW*lmx?P(&KRu1CwYq?25OAblq-T-BEw}p4q zLEI6Q`dn`N0RWIWoXyuZ*ngLB=q-a}9MaYZ+YmIT{*0-_V^^FCy^fg091^yIZZlt1 z{E$OI9We*izb82kwZ`!fDtj9vw|d(;EIh3?jJfW#JX#AJxRY-uC{ zgtNQ{^qbdwg${vEgLOq|XEIOobr;g7_{4JZmJ5dquFv{8770b!06w?GXhqzB!}*a0U=whEw25tI z8cxG@L$4q+ddc@hPe&}D8?Hgzq#V^5bIj76jt0&kh}cfj0vzJ{k^{-Pfos@R#m|=v zS?G@6SpnO!y0u^pX^2%2Vmw)h1KOc91)qv=ALMV=y8HJf4|o=-+F03Hv>+DJX$T(3 zF{=xbK8~S6jQq4qZ6k3TmIph%A7!cI?nK~)Sg6!sWoNZ#_yp>#wM-wyB+>@>*dKO0 zxsE4_p8&r}$x|z_%&4iWdp*?)rv~5O5QG-|8kSuq6^14!aA`JCCjESs!XQ0Y31n%V z?&N0e=wy&A)tI1lkk!S~D6W*et)pdwUR#6E6w^^p-R?HdB3;EiPtJ9Ru~%IP1p^&= zVM*a)u|S&!z+LM(mQb|5T=(hRV(|rP4KN~XRRz8aaA*yqLb*hRKD~|j_+Ycptf`=? zP^S&>Fo@3Nz*+^y2|R1YSZes>2n$KaBqt+%F&`MM`BIw>rIj?!xuMcwD`meZwR(z$oivK`5;&0#zu+riZSdWRwpt5NH5v6v!%K0Ak$13l2!}Wj1&rSXLo2 z_v=jyBo%|$`xIDd7BD^yUlQS@gYs~KfvnuF0nbWChmmSxz*-Iy986)u#25L(;K@*Q z6v+)qY-@crmLR{ej?TpbTeEI~Z=56N=K@ z(RLofVG7(bAoFX)&PT&cnI=biF89NjAFVA1q%fl$6(rO795p6-6(VS*RHuq09tiq&u_dwKM_V;o zi@}y=@dk>`6qE-ECex`;vt832mA(cw#IlkAKU%##tRzKLOo(7gtx28%`S_Yg_K?Yt zU86b@Zt8*g?d| zuv|5{o~#V445X}b-KdAQdVB;6YTBzeW03NfFzkX)SUljOkw7YSpPP#d!1PCLy$$QqlJ zbz;&o+BAhjp3UKctGW*DQHd39;jKo*CCBYz6djhMs1nmA!41(A z1u4*i1|kZIFra*^PAu3=!WQ{5Ws~J-u$FScHny1HHsgJC1v;yHFS!Jn zzYT@EMu*p89PO9Pk{ZR4ux_;)(X^u!sXW%rrm-5jK%w^LxeTCztn*WFa&>O?CB4ZN z8Mos{9|QktZyQpdfgISyyeioXT)??;=;!O+1bCEZV@FL34rMr?k>M1FBuJ!ZT;@ihsVz$(*s6dEDb^HtP6+GX3M4WiNULKp^0KPQN)BR#lhXC7 zPT&ptQ6jEu*szsX=l*y-tIhy?ag(GuQ9BLOL;?w$ZB_~`52A|fOn}3DK@f=98(@_w zR4;=D*iK2ORi(zb!2?%okY{THH5R;65lC>5hUYY*6;+0WLJ1B9d^5QsmMAlamMg0z z^5Uk4Gf@TU=Z+v}ye?a7V^*gZqhdXA#i|B2$hxJ0{A6%I!?g9DD+4zJNIY?dZI{Y0 zU+?Nx*8}0}DqM%)`j+6B@gU&**W*~rhjN+MkSSXYEN}*?+aA@Y1Fyk$f#Wo%L70=$ zWUthSA;=4LXWkqlfExyx5O{ud*^wokI z>Pq0_W47wmrY)omlo&WCKux?Z$n9{!)?a#s=;j?NYXzAa0H5bTZjFVOj&+#6(ykWZ zhzzhtTxA=e=~0=42X0i9a@Q@oe5dPADzkof7&b;N#rDUTu!)VR;>g1jkD#f}K&4jQ z1LQGn^xw8MhZ|F&cyC&hBwj0ly%z;MPe)B z$e3v;q~o)e(XDUo!%Sh9Yeh#Dy1_j4XR8@8HhpngBk?R zZ7d0%3YT%yGwjNG2GJri>a9K5{i;C+&p4qJ~;3=3+RDsQ+(vA3SEWk%R)yN1jZF1tIv7%;9)XIi9 z#P#Q94d721FTBK;tRkm9*Qr`$)@o(8W$=zIElG8Nxz3R2y6qUww}T>J+Twq;U0dXfC3|1f%RuY*rIVYpa0-z`6h|AU@8gDQ5v7o6fd+ zSuTP=*UMlQHU(+rS}DsINT^QZrM|R*sy1QGTsA3S+aJV2II7#L9cNHDih^-W80=vFJ1ZxrW6w4x-zGdlEw42V%g*Z)#}F*8ZfL{ zPewt#L$*Ol+XL-xrp<3?JOk#jtM`H$*Q9g+FB{3Q!rVQ@?(dttHHmdvhX>fi=*Pgw zNL3GbbP`Xs8$6mOdMJ)3KGY2GJO@Xg2vjbmj!jk(TwazUlHegK5atj7_dI69<<=D8 zeIg2F)YniKWL*xb>=M(uMpC4hP34X=UDEw9@6c_uDkDAtoVCPc+)`7|NN1IR?i$Ty z(G%O%E)JCHhGlEE;4*)~*ys!cJ|cVJ6%Z900y;8O5P2_g6^wmzLTE(M2M6a`+^Q{s zdAWm0+iehFm!%PwqmWOQn6e?*rxTC`3O1^sLj+pT!RP(uum)U_p=Jld6u<};N?KY= zlaZ*U4s5mUJClJ2M%|LyLATp1g0=!_9<6%&_d`v+Pqghmkr-f;-ruuW%y?=7M+opn z>==TZ9;$V)i2Mkp*5u7Ce~``6=o%qnu1?94b!q zs2gg7G29bN#7n6fwN+9jw6v54$2zk}Z)kc89Jgzuqiki2=YlZRbBO|0mxr|w6vV+O zBw-ttCA5R-e4v_Py)&=Wq1F!a7gBd?5_c-#WWl&o7kx!Zfd3u@-2N-Ae&`l>XyL7W zh=HIgIDB;o6a@mS9WW>vy=6^_7Ftw+ON<5~CT{>zcJt9dFJ=RfzE(&{XTbrN;GFfl zTT`S!pib4!bP&%(U~Z}dizEjjWWgcowgk>s8BX3L3%=jw>RK1d+LM*)HP=C`{WG*iNu2rOTY2;vkk;ai?(L0rV!(O^_MrG6Fz8?G3@Dkpmh6x5?Tq&Azp!A_M|c{$~v!^@m$j`u~D4Cls z-Sl@64Cv~;d$n_|L$9|_awEszxoM>lT3L2(oX+RoJ|KsUFz@^R5Kg!CoAc3P=LVBb z^IY)YEXQ~DRS+70F?+NZAxM00#lxJvlw(nQ38Z2ZM72VZmVJQyA=U3gx)Wu&6^-2e zr2XHK^dZ&nL%N^(;4&R6Jf!)>0?;Q3mvjjd+lzyQs=XDE&9v95Se3mraCH(6O%qlX zKhX92p>dyfnr`YZU582Mvj=!l$Jv`}TlV?)<=p{&LoEy6YgG{sh}EO^(l$oyrLhX> zddR3sqCl+oseX5#b}j(fzIN_AXuk{fL#p2&_4)siaJN0Y9~$@9RQeld@0QHH-rr5) zz#twnK!>c@{cEG`XW&+u;*b|RBHUTZvYXuV>46u&>xC?vyLI+iqn#CaZf1eGvNMF> zzMTWl?(Xt-!`KeuPJ#QGBGoEQU<5_%#b}${OF9*NFI~Yadn?sZ)j|ox0rC9<^be{2 zo7-4T+-T>r9&#^&@5KlOt?t9HeJBbc=;pGXZC5v?elwA5?g2+m>ej|!pZE>8_8=&+ z`wZQWocSsPclK=Q-m~IwZeTP4JE!ZM3m>R>;K9AC-2ayO|BbPGV7um4Fu&8-{ichS z{@cdxJ~uA?KRSBbF}>%4Jg~a&wSc!p54l}zvxc`%!QExx+BEp!y=nJZ-UpZ8f9IEb zPtgBP+6QU`{q>uGS1nv0{5!k^}}7qZ*HC3<$Pr49@o3Rw(G)OhduDm;dg(IIQZFL z{qVyM18>34!50to%UvJYb>h*7fAq*F9C6r*yAD6`up>@9?5-OQd+5$Jvqv5QsDqwv zKM#J;QAZzh#F57ye%M36)6L5RuK+WLA9>V+k9g40#~gdYu3Zm0a@XNU9{G^tk9+8G z#~=2{BaVE~Q4a|0Gm>pZ4A-eX;uG$G*{ibLB0kU%UDnYW@DksOenzK63e` zC;#OO=;C94*J7W)@44>BFS@aF-AA9Zc;5Jv?H4}o#KU$Se%KM97ohc{AAICPc6xZk ziAO%@q@$jQKK#M8fwd=j#L*YL40~iz7Y3 zuK01tKEykv^{!Kj?>^#^lfQADJiGO0kB*=4gZF>;=Ei=Jnp?0zc~5S8CSjb_|p&PUZRgqee~f!e{AP% z>f~LtcMAF0Ump9&YmU26`iCEw-C+9KzyI`mp6Y$~N7Q33dHrzTWnU}zzI5-~Z#whV zlODoWzVKe}D?eTSd+l2PywAOMU>ru%XP$M*OOJor*+2f|?wfD^pO*9QIFzU4*L~`H z?|RzTu0Q+o+g|$qm#8oM>B|oL(FZOf2mZ5%cf97y;rm``-S!{1svkW4#)o3R_{wX( z@XFV{?J;k>eAnng#@vm5%>DQ$&%EXYkAXH>ECwcyPtzUks zI#Evk;S*2&CG_;GFa7&F9#(nbvF@i|aNK*J^1@5^P@j<=^oY+s{Hi|IX#N-}&<|Uhr4%x#7qg4}bb4?HhhLdBO=7 zE>3vQ>#z9~{nbm)KmWPN^DaB)m|vcH;vc*@WKTZ)TPLOdMSt=9Dsn?ldiAk;|B$(B z*OR|^&3gyO+24EGKc0Uje97NjcDwt{zd85(=5^U$-15`I9)=wAwcS@e{-UGm@B6?x z?!TOH&TAgetQy)LreDdT6KmBv3+Si}L1gq|KmHaeAwBST>Kxe z_~2c;essyrpZeF!#Iyf}g#JbN(OtX#whF6G=Qk?wAUp{$t*RF4z{Hj;qdFC66J3{@A*MH-#UFS#I(_eS>bKmx?`L(D0 z^5GYz-{C%e##^7_XBuNSKN1>_Qa2W=$*ye&OPte(=L7UncUU4f9E~_ag{r~nESI+IKF;Z>zltG zepfi=r+dEly%&7v=9j_Y5xd^AzVkBbr_Xuu?hCHC^0#;Ff;(S!)ze?Tde*Oha^3LH z)0-dsyRr5A+W$Y7+A%NHubo``nLRhNM?U{aH$L%}%a5p%kR8v7xLgI|5_vJ_ebC<5BcGdN4=f?`9t0~ zd*Zdve&xe_<-Dg$r@iDQuX*}kKKq%)Pl*#>^zzdmW}Hs_+YO(4d^t34Uw{3%f6ITX zb@=o8msX6Q9P#mIQ|<4gAH&3NHJ)grqZa?%%bs!hna_CqPd<0tk8l3PotOOJ&;Imh zAAYd?Tg3I8Z_GaUxOeY4;twm2f9KC7E4%Zg7oTzMm*iI;z3Z)4KIu8EY+?Ip!m;l`-Z0fBCtGL@(I=kFUDn(eP2^hrf5$u@5@(Sx@0kbRK`hpS<#| z*PZpp&;Q5MuV1b|wddyk>39734bjiP`msM-oP7PCeD>p~UG(qlpS}N)H=hW7^|%Lr z_4vmf{rG+LV=k&5+pM1b(GNcAmXn_P<(pn}#_KP)px4hY{@F!$Fc)5V%R`@8Iq4#0 zaAb;Uk3R7|`tCn@>S0IiP2PbR$DcAB1>;M8c+!Ut0g<&!j{nRpx4!ieA9>Zg`|rH! zOBbE@?;m*A7w2!PefFlW?~V9}Jmg1jJo@k(o83zu^@QfvFFy81C#v0VztT8q_~JLd z?9z8U{lv3Qe|+Of-}`@O6d(Gmf4crZenr3NSwDQyUAs>G>-;gF`^+Ub{OoYyJMTQ@ z+FO2h#m{bg75SQ{)h_+kKh$npoMXTGN$)-V>#zFfYku;`<398T*81r)u28f$fAl?9 z{v#>=(?6Vc-5Xx^?u)3CPxB#0y^7<{88^_()|HzA9BY&EE zjQoBl<-hyB>n^_iBJbnRf9pq>cU^I@cg44V{e~Camc8T?AL-rt`HTK`>fLg-^R}<@ zFZjw!+g~C2H@yC@F1YIbH{5>4I8&-g^^^7o%{{Rv+`2L9QHZs?qF-aFoO^;cx>Bd1<_ zgY&D)KK#yG9(Lw?p8Ilb)j0q8gGck(sb78e&mP|R+5awHd&S?w$Wx-Tt~l)q{;m5+ z_YaxkW`Jmdr~Jk8gJ(yoNxi>!T!aq3USM>Ey!5($lX;)pD zr59fHwtu?)_D7R{(7W>L)6T?Q6xCUHjZm zJ^bdsp?>uE%Zk^b7rgI?qZ-bKK6v^iZ+|bL*2n z{AKCvZ_VCIeDt_qop<&0e3HdZf5%BL#J~0J{t;JP^p&rD=;NOIoJ*-MJIr?<+CA@^ zKY#M8Uvm@o@$)YHca-_i^FI7o^mT80>v11oA9`-veE9GLR3^PoNEiO#`9D17q@SH| zy?Y$7%pP~!ciuL5=E?5Ue$p_l6TkMxm$d%myutH+{&e+8lgo!szWhCfGx{pXcGI`bs+4-4{J zPd@D{$6e*@{rKy?`Xu5Nqt8F-O>cYR?mwBm+WY=9zWjw_zy0cqKeoQ@ZKAX5S3iIM zli&A_SG@0H33>UGj(q5AAN9m5uYBk^yTAU#SN-&@fArZ$oFa3{ryl=*vGtX0QMO^X zL)XwblynZ=DKT_+cf-&fD&5^J-5}i}!T>{emvn;+f+9Y;+28iD-}gV<$9=AAW#3$1 z;w{%6$6S;%T!uv1T$e>0B}HrxP+5~yKsUr-SGpQyj3Ex^OA?5xK2=sY+!3|&g=bUlm<~PVJQ(Wn2Bl zabCxE%xATK06(;!Z{2TCC#hITCca;PB$d-RUoL68VbKR%8~%NN!lwA_GuXYvyr=M$ zJ1k|oftAcxbO)(WgBzqhOM}}R#+PIPym$DXc|>b3A=@IE1Xh$mb~<6oZZ?WgrIgcxCta%q+pU`}1TU z00X<{Y;YCiA2?E3d8Gd!5W~#!jy}sH)dML+23=3*n8!Mok@dU7xFG}xWfltog5vd` z9U)W~zR`NG5idmEW1}x+$cu>9_owD-{axy=0~LJTEi=i9qKqGfy!pivEI%xH`{>Hs zSIz1^p;0kYie*l?Q-?F6Qpis2% zbU( zG)fg)uN)2e2k7Fhvi&R8kcDH%Z7iYqXqkyAqy~LB2#`U`J$%<7LQ1$~S(OE|bjMR? zo)b%ECn&107}?!?2=wzOLog|iL$o{}T;ql1=-kIWPYfY#tj+;zBfM@Y$J3U2rG#Ui zB=4&0i1?=oEx43NsRZ0?N;{H;_vw7f_;q`4RZ1 z;(_`f;1qED5701Prwv7pdLH;wjR@O#{%}1xo9gkvwJ~0W){SV22+}2w4al?K0*om` z{m`{*GP6yOji{14<;Gzatr38%^x;Eh*wOiqc6_zBtd^L2qP|)y!aTu0RgStasa(k1 zy2nQ=lpjb&Ihsb*$syKd&&G155?uL$7DHh^T14bhiOM6{B)TAn++Z^RqBqF>#EVDD z(!KpS4tNzO^k1HXIHU0?!sp_-C!`0fH{2b0&R+PFy^0`gFtbAZOVFpNkA{5ONSEGo z|9Prz9HiS1ZuXczNo#pLK-}MT?1~I6m-m`A7f4y;9&WH3*&bZza!4K;d5BR>j%cD1 z(aZ$u=wZeIh7at2jH0D{!`#5M@4AbRxD+|@zXrcFhjkyYuJvmYqar^U?*7`Wsk@J1 z>Zvlk)O9V5=+?1*aFHDuGnF$E-4|_%hAdP?Q!$KySO9%CVPEmV@}z%N$VIRi-8KcJ zvu_~7KXcFWVUq=^?CH#L?GG1!pA*(ovowN*vn@PM42-ZZ@)x(DttY?l$B0Q*XJqj< z@)+H0DchcP%&)uYq|Vvv3r#wRAtckQ`cWFs7L&+oTJfz9zdihHORLTy7RJ`iWz=TM z$wX>IYM8Bu2@wWOt6X6rhT~88F2z~LkfQ-HS3z2*^^8Jf+AXn!P$8 zQ;z^i74scEvmFl2jY7zAge_7OnBuU#rjqZolL}#N$=u>WvB<<#WVUu*_i58wYJYW< z1po6B=?HnA{cYsLI|-k2hUq6{efXI(csu#7u5i~tM;L^zW-71PFEh3?Y)r`ge$=59 z*^I8Wt8GZOa3?&t=z%{`Y_I{5x2IBl*9tQ%)?2Y2lx%p>&ZWLDZbWH+gTTtek<+&l ze782Z>Xn&>n+`ANkk6Y(iAhEUg^dssqO4!H&Ee-kXnJwov9h}v$KJJt3>E z#F~E=wYc#{8uF{&Ukrda$6Rre)FX z{P))04oYT+PG2)#e0{ZW)eOEb3k9y5!d(?=t%S-_^HHDU?<_x|D*ut-SOZ9(-bS(= z@^e%|(xX1*vU6C)do`ZG^{gt5-$^*4En$fstTbHp28q)IOELGbu93{r`RS*@8%Qove1uXdv&5t7uH@Z8V#g0IGTApMR;&5s_=#2ZlRmoSH+FthkEu|*85@yuu8!?9KxRm!MTgS> zbjPQ$7WmaS7yzO+$+SVX6d(F_*7`zxp0t%9+c)KQ5D))DBu-}jro#IVaCE{6As>Y` zSlZ#!^6I4yaI#5Yn6Z)oSXY3`15taF^OO6#++tH`GK19KezklPXEQr_({eXZ&W9u9 zCz51@7KT2{eKr^E48|d=R~Y(zxe0mt{B75%u?rz3bRX03*4UU(hf5ISqdO93 zDJ^fzvS#h_KJu*U*F5dsfIkpQkYzRv7ETZ}*5A_sqv>jJ^2`Y%s6pfzm- zjeDHLQit!SRffsFhfg>6xOp9hW>8htAS3e)CQxwGjgh0`NZw*bqSHA)9Irm$?w*PW z<)xO({JGet(`pW~2>Vagmr>(Kpy@AEjA6G>;uU7vF|0>60!E zq-wZyPzMLdB~|-gU2C31Ujm&3S=L*6;Ku%CKyBzLg<>@MjecsLWXYbK@No_FI5WA4NBvJ64YMp`?GasuBr% z6t&3(o#cvQ#hRdx3VXWI(TImznklsTV1hAe!f~{xoBx^&-h`2Ba{mhGF>clwmP;d` zNzL&x*yV;HHXM}`lI3Azu|&U+!XvFIu=3tYYah7%R-7-|Rn)Z?J_zd1=NgNN1;Y|= zefo`$wMi^sW;*9jtIWvyCeFkKqg}ygZm#s>`IHqI{M~*nz@#k~C%g*RmaxObeA;v*!Zfrk~uAcFpmNejCCgGWYc zZirktelC(dbM!pW2ggY-xbz(Tp|L^uQOWf%Az>p~p4kCiSG=uLX+Z@kncjO1*=`_S zWVekQt^y2$`-Ue<;@cFG-SJe)l! z4`XLUf?YaIsfw6VK+`UbI_9PSt&cVrkRCU9n4-R$)$FRR zo@@y71cD{nAk^e+(_-Hofv-Z9G|Q8>7hbHcyxm-#YKy@!<>=Xfbk7&9oIG3evbDqq+|3hEr78p|p^BJQ(aoq*Rd z6E`M9pT?6@u9+N}Dj&V5+95HS( zcI@pEtW-zbLBK>96$_>f1cLj;yl?~LsQ>GehN_1v@+1Y;fJL7S%m>_QxGs|zVKL<7 z+{_W+;>a&t?Z!7_U$c`P;vp^C8ylrmlJY#>zSGnml)TSY+R|UtzBzkOPKSX^quqJk zW56?RDs7r$D$O9^r@u9jAW_}eb@+%5|BjEqi>fy0Ta$jTtHR3t^^u)V4OewDn z$0ujYUb?|EBD`@D#wJ2>+ouub2|2sUPu(Vq{e<4faiCh4%sl7vQZ4pvagG{pF`_=Z zi1KK1Bs91X^XIqhS-EQiGQK!@W>4I2Hvda=tzjijwi(~5tQ9_*UFtknhFXi&6GVkv zH+FB0=}(wy!{R+f5U#k3 zz1x^`F_;oR(fyEW3hQ*H&I83InhWqP^hf=pN9Fvb$>7Z98={5$CZf709n@gRJar7- zCPquM=Wes^_PM|2yS0R`1$>ZmTTXH--%dqsihzS-eu@ST<~}MVWun(gg(T*Lh$13! z2#PH^37;1}7!@BJHA1@{RuyjaydiVP6|`3%B$87o(SpP80q1Q0xAn0iOo50?(xg+6V>sptY>auDFh&VGQGc{2r56LR6|JGMwD=H;v=wWO{`f!W?;`y%k{D(R*Q(J z$3#(+yeC>?>rui)beYJyr;OrBcYA`=qARd0TU(br+I2;59i0)d0C|n#;OhrF0KLHH zwq9$n!2Fx+&VK*~CIvpr#}PNJGvs`>lpo9;bLh0(Xjx)F5K}g(3ldUGY-ddcFF9tt zPmKb}!e%Um@hM%oUA}|kvB%#}KK}sm!zE9rng}&g%D_tAVgH~!`Y+-hJy=2xsL?G) z$%URGv{FqKgiXI+vf8YFw}28-O>Cf15<18fGQeH2~VKE=dzK%@{BWyQ>M3&INhI4 zdcT7X+A8QK+^PG;UF={7LrNTA+ypME&`N!)D;&-?gVtuY`?xnlQ}FcTzmiQz@{@!4 z=5dZ`$@|)!!as2SG=dO=z3_4SP8>>u&vM#EfqYgGh-q;9)YAmD_xO%y=r1l;d{^At zP{~RfJ-GNv#Aofx0t(m1H3`TYzbZ-p0GU`u9G zsn@ox5IJFB@}&V}1%dI zDyjc1(KVm{$&cY80!_=ttf?leoK^Ub<3((1h%hGGXBzMoAGPtP*kAI}1Z)#&iD);a z=pKNGW13O#uo|(^OX2PF2Nh4L?6<5MAw@O3*%3pkmu*%3xiz!FwGi2&TyqZARl98a zxQjm}O{@2c17<>D>X>KrCZTT7mxANhSPCg0${Gz@r17k|kHL z!u=k*4dyAUUh-uz)29pVG{%$`6vPIbBd%>xX#Jm)WvdMYY zpC%%Aw!KS$!j618`88gGRv6Uz>mE`dh*Cz@k$i@Zw!t>{%7aNEp)YduJ?$?L2_XtO z5ZQHQ&ic3KXI1{+0acpKeRJRCBe2?78akFr^1F%1sK;_N>CxlA8+%rFy@8OZF;GsU z)M4mPnl&7x_wIw;(`_L?=a;j|+NTn=o5lv(E(J5=TLj(>$F8_cEtRt@UFgvhOQxRt zjsY<`G}>$Op_X+U81v)=W%*d~Ya<6(P?T5K>WD08%crpJ2IK5wi~*AL3#(O^(Z;8wNoTzs+mIFn~Pz&A_N*gywQM@^y_nmlZo2^{w zdSO$uS8dII@~HT<(Jm>T|Cf6+L@@d7E)lSZ!?K=xziQ8l)Lc49?=uM9SJLoWJAh{}3U+t75bG1rKe@Dy-k9YI+lY{y-|Lzcb7t2njsGk`fn^gB>n^W<&S zIW(U>d;_Wlg>l)-rWb06xrXSn!{jSleAPtulZg8NH zAX#W*F&>hVuqRSe(ifaC%C!@t%Ov8&U0O6vr${c~R?D-}#0V|8@A*Vgz;&##@eh#m zv9X0c(V)=MyHN^Ua0XhfCCrG=(xMX4hE2GrYQD2l#QZsP;WXvpHWXTMRB*<|vD31EbMrWX;lIG>?Ma`uuL zbgH+LeUBt>wr5A)ws?ZLp8krlOXgAk?)M3PV{U{gW-o-4Gsg^a!%XFy`E5da;AZ;O zuju4!P3;-789@MxjsSDbBp!Q$Bz?6@k?2fz)4d~?(kC&BPV!)UxEGH|rPzpb=2R-z zHl^Vx-GfN}NI1Gp3>r?(TB=Awp(ZCDM?LG=@lHD*hWVuU5LW8~gP3=mq*9Y|e&d|F zB{Ee~I&<&m!LEQJJrc*ouS+=S&hf)GtL7~ByW(rdX+$smf?%u3)0xTb#Q9eP*C)Qv zN_$5w&Qe{bFPl5IKO^$qQFjx7b{Hq^TZfd&eut-=c&WGDV6f9CDBUjRJl$~owsKVm##8>>eo$b#d>>39L>>;d5Nly9I657CR@ zw}f2cm;&P3?7A1XC=o4l!NYtbat&GjG!+4qkO7PQVD`?`rc#_3`f%A{d~N+-O7Wx; z83Ms*cGlSxyjAKUF3kdntP4leq)GABs@~m?#8TO(UNU6*=@N4F$DUn z=Li)+jwR$xwLEhLZE`*pD&%Je7(+C-NuleuYqkrc()?ldAAqgWVnlx=+@slg)3RXxjf2H8!+dDYtL&wQ)>A;iUvN_UZlzdPb!xu zzsVw=S0+mQ6ZVx%54fP~vf;z%^*P5jUPx0O_18gjkz++U$N=cg$4{4^P|`x)$fMcS zFNsh(40ASNgll%NyQ~=eeYSL^<#hA;l0|!;@^&Ou;PWrziHz?3Un*+d;DgP- zw@*NSqZ67k95y&t8@&^QntS(ntlf|CBh3$+Wbz*bcVFAvOuZzkO$dv4=$U&RdSf~l z)tL6)v7x$LW?M)C0R|&qZH8H5aEVsOjH*)q(@rx?Zc!5mqiXl85L3w4pBZL2z&?4mTP>UIZKl-kh4^$S*M(zbHisXp6E4 zl0OM{zXbVD_KmpbFp17zLo3N<1?U62r>>8lakp7Vv~o$}hzBB|QZ>v^%jQ>v@3}n4 z>4?N2i1Km= za`?yxMO|WP#gu5xghkz=I3MU6RW|3kJlGy`qF2~B&}_@YfRK2?oc6x7xh;ROIQ*OE zRTPuX&fJ9xAKC@k)!G`Hdt8>oddEA1;HR%%Z>>C)Y_j|=t! zM;^J4Ts?AGKV9b7n#f(I`F19nwG(Dnx8EHqt{3p-k*l>aHfSkte6Hpg&!K7HuatI> z)}A&$WYe&hR6({bV|+uQmkTWADch=0IiC1XtLVzk4M#vWu~d3%l31pd%Yj$hJ@vul z_Okxf)zXty%D_p7OZEQ9B!{s6B4@rtvNj*UH)9|Q_TN62fNocpI2|~pl<=bXy}Fx7 zP8#^FeFDk7urImLfpOci{&oIcP@(NuvW*2taD|Z0>$)+MW0?~}bVTon6&)NyezFYC zR9yALUw8{^8c%URi0P%=n+uRx`T2IJbk(6tFNKqm4QZXRZ=uOR2pn%>?;`V@o)i%t zg%wMV<9^2v;miCJwvx$gyeI9arU@=2)N{Xmh6<4%uR9_|a%%)V(*$crCe4n;E22yt zXT5HtZk(n3rsnS<=mX8OM8~gsN+12yb4S1fnFzduXw^?(Jpu-E;dNFhE=lfZ*zA?{ zI4ao85STVFmqJ?+pVJ}MsOu&KC-c?e*1cG&fk8Ri*T3g4yk1QByFc{Zuju67+`86D zD?<;4LEQ|R$!HBc|L&HmMITmGbLDfuP*Cmjdsxzt*VVZ;^@%Jr#ny4K(aAmidb zB5B6=A0Qtk>u)1vxoj&oKIT6FH|w7)pYQ(w$r=g&08u(z7_~IW6hwcrf0TWVkOu(7 z%-w=UQ-y<~G3jFJXLevDIs!wY=oCSAp(i-U<;c*VM$F9Uahzh12#gO8n{#kMIk4Lo1w)r;B_$f#aZldLS? zKospv0+neNrHm3(B&cTYTh;h_?r22zlUrFYwTN(gcy`N**=yxJf%lB9Fd&sSU)p4A zNi8dTu3J=FADgrMlc&9SXJUg46iBG2qQCaJO0u|2eVlv9A@h<}vRaxVoV zzrGz<_-rXhUC_6C@!g&(YUn^XN>!B@wS!S4agI%yyNY@wn2?Q~XuQaGg`Y6{K?W_~ zHr0j{;*ARPl}+%P2;P^m@IGT4zY_@l!FbuRhIk;ewa6blm?p+k8yOybu^##sQ2MH7 zh+{ps>wp=`lNF8ln~S*&{--7Px!S=d0ZAH)u?NXXc(z9aDrCk+$QHg9LpcH5@I6%0RI3QrOp%o z0E<-r076=v^U|-z>(Q4#je!DcdeK^aTmdyALU+BH@aKj! zQ^c~z^mLVk1GfwHl~r@?vA8m?(=gR|{1lY3&eIZ;*G9bUF^Ussr2Uvy7m76n9gruy z*&xVDYioiWKpf$l4*a&w91~eM;#yu{6tfB!la5+n6Y9+%vYdnBBao z-fJ|KUk5?RuGV?R9J~(R=Y_a3k|eDnHc+26p|u6uF9L7>9{mI4_WTXL>iP4g*jc=A z9sUoX=%|$y`D4Gp;tRdh(b1rcHOH@cG;L+Y@_G(Bo&#+d>+a+_$P zSZwyVSqd7NgYZ~@to&sZzcd7zduX;wvz(CjQQD!8b{L?=&FR$JC`>fx;q_! zzG)G(f^{00KyQ};&Yd8oIFwKfz^bKGspEtZ)65^^@Gc(T?RN8DN?&B?7t9YpkX}>4r zCxg1K+laV_n86NkyzzHp-JF6(?L{E>5XF>LPqHjc4Nhyuem z2U~4p0*U28mOU8W(t@L+92KS;J(sR=5W<3ve2-se@ zgN~HJRHl1WFULs@;vlpd>-6rn&aQyjrq-o@kEdd*e~vdN9PTxuCiHak>KfhhoYD>x zX1dGT?dDfw)+Qadk6v048C7uZ`jux4l@R`9Zj??6_%e$o%l1p|;BSwFwp|+hHI8vW z`N}w|^%ecafOOLO4Ji(w6>+)`{TN%~3>Mpcqax06Zaq}!hIGuYR#Nyqi-PM+B3PSR z0H04UH-kh8EG;}ubxhD_y53VMi+yQXczLycV$|O`yN<rHQ+FVz0J`9&Xop9-jjf5nexcNZ8N>^=+XjvGBJ4KqmK8w zyB%T(ViP)MEIihNf2`b6PW_rY%UaTsqQGKc6`P_kBBkDzH7>gTg-YCpL9i53(HE6# z63ILPe3v4u@z}c0urbW5 z<;njCXx|XwnyUami(U`e4quD#gBo-~=COf-_M7-RM`x%tPpU>FiEd%p?{9)mM_N@g z==}onrNCxid($IKhZiuSSXhKbGKLXfPpp)W=0djIIT2yHnT$6d^gcc&A+vE0?^dM= z731|0a%F(|^d3SQx%yX)Q*#%0u6dnO3ooLZ?7PJ_fGDGYJ*#Q6by2bCP~9i`5>U6< zG8FMMhqwmBELvCIXV0KB6N=Yud{V6F^M*G$c2kA}r2Cng_Z%&z`Mq=sM!B?EzguJf z<77sLz({%)gGhEaXO6kdP0`*>1!InR=1wAIgUO1&!;EN6EO2odkCpEs*ddj|tVNjl zm)92@^yne^H~#?D#Qy+3p8o(6i9o=y5Vri_ZQr;DZtf{}kIpFMh+Zg8dvvnPx37-Waj}7+K{mhrK8i&-@Y%FQr|{6v&@MYB zzEOLalxZnz-W=W)(Mm%bxAMJg{$uvg>V}dC-Dg``N{(Zlv~8!yoUwNHSuZ>a+C?!6 z8#|J*JYM_nbI)z*Rpr{_Qp^7(69=-`Nh3v+24NJY6c)bM+FEA}s^E>VtB4k>WoawZ z-f4_b)Xg;8sOpz>$ts2Q?jkBGoWU3pXz)~%u|)A8?6`X_U;F+F2OoUSSgMgcyXPss zXQC@ynn(?E`H(!f(J6R5US!;)SbC)r51;bn1bHnNi7qCwgU>xkJH6`bG?jV3b9KZ) z%IJ_V=Kk@VkI%xp?7Ys`2p{8vu6 z(a!?q4$qSm`*%u zBiXeLhQ_Tv~6bi5<09tP1KoZ?#xiK(Mu=PZBbC ztQ!Q60P*g0rcWy-q!ZFI^u63;7U_ZJaF_T=TTJ-1=`5Y-5!0_yQ*sGo(Nx*KTmiXX{4Jj&yj z2JesNpynYw#TYJ7*DL!)W_;|`GOKV?R52nP#r!)08<=)CAnb3= zHAY8;i|e#!=&nKS!}^(pS1j|{K^$+4#zu~q((7`0AtdQU6PoJU0Gtgsdr*`O1wNDc zz3mV7ffMbq?*nBBgqfpd@w4C9EwgZY-8r}4G3zgaWgYVeZ?8{3b@}fhk2a_*(6^g7 z`4dQd-;Z3e1Wud~qf1gaQ0J?8?Q&FO!RbHOO${|TIS$Zq z52i)(d35$GEISN2zLex+uCM67(EY;S!geXB0*Md^HD^wjVVv{7}JoEI8V zPhikpHz_hLX^q;Qg7~UsRAxxBUe#qz+k2%TgY>F*G&0fer@;a}=Gqe94?M_m?e82{ zhL=A~iEgmtrYfG^hAuO}yc!tb=pRv(VESC$>|4_>w1& zrrzQtBO3U&VP-B&j&W)~MdopCwdHxc5YnXAq$IYxC)X7#)AU!jB)d1pWt0(5pF5~h5D4Pnk2oJFQv_nFSJkLSi>Ho;^9 z`{o)7iS@mGR&9D!lRtm-E+C0cIz(ekCH)*9|8+IZ5ex_<9n=#L)Z%?WCAbGOM+^%x zBgXs?fb{^!1h~#JPju%C?|tg=a{;`j>?p?}n?jW(y7K&ZCihO~jeus?v0=L?z%dL8 zwVn%r>-fy5Bc=|{akK>2jr_0DO=0uca_aGWx*IL(H%`#KpYDXz4ad31+RG@Km5tms zV}iVnsrlYwX+_guuaRBvHlER#U&eyX2#SAz|JXjhWPNzv(Y9sDc+G;l@M!(EctH6F zX!Mv|kQ>}OU@FOeHfgyD_3AU9MPJ#JxDYhG^yZ%>qr1^`l@_wHFl#C5Ucn<1HxP1O zekTJ*n~4YfA}3J8@`^tH!H=&mQCVBK3zyFd_4tYJH5Da(IrNuJZq>A9+#Rv7CunPE?C3Ur!sGNezUgCNL zinAZgH5ln38CMP)GigU<+X>N&@%&`jPR6S`$dJ1+G{%W}#nG&$BT)uifrPd^D+a7T(~p z$+|Iucf)LrSh|^fjMTm)Oq0)ACz!wO6Au(O7P758%5JW&8!Vq0)rAy)n-A&!Q!_Ub z680-;rjplR74)9zxjFV6)CUoNv6t2R`#f17XG`-&-s?d1r zVv&Po6*Q~fK41iW>M?vm$yA@q?S5Smb|13i!jc_?N3WCqG1T{}P36^EIQBoxM{RIU zzi_jm;P%rN=qny&35Is9c<=nWgJ{tj>Avo5y4_Gg8F7qh`RjserX@28{bYXEM-6ZA zk1uq_Uxmjqpt1yt*?|&i?lCyyth)klopNXHTu*P>=%pgVw)<+$oEDfnh;VEGu z9LBL~U(G^0m(BZ6mb*3|#kn(oG{^M`@41`@*lSxe)FyLLI-Hv)diQp(gXf^R?-Y`3 zrq6CdC$Z5Kh#eY!G!fVp zD;6@ieX*{k>scPf+FHtqH4&wLo-G*L4UHqjq9BkQHF)8w^H7NmI4gFgTfs#(w@NEc zZ$}O8?nwIa$3^OrdE30bOTmH0$$Uz2IS5?Jf={C?MBoO`ujF!9YhK1azW{U-I@A~9<$6o@)YLHS`W&q3M|Zfn&ZISk5(mgYK2gWj!kTp__Z?Cl;>&@;yvlGQT6uQky4jS5M$^Tfl1R zGfHvF=yGCcVSf?~+6%k_Qj^H~{BF7n0fwa$Ii^}#EDFQ=+iJzdk28a~F>d zTN3mP(QoC!E9#F`!j>X@n(lXs&qQ z2-(z=4$UtjFn}`oKev3KRsCybnG(CUo@*AgXT23Q2b=CeD-{y-zAhW49g*isT1~8UE#7e1g zrhKOO`gmw0K2<<>i`tq?a$$%Vb=j+YJe8WjKVspW{A8?>#@erhTFF(QXxYG)IW4Z#X}dQojyax7L$FoV34*E*)~l*!27q87a6hC^FoZb zal^7Ky0>}@q9l`Bwlq@l6vgV%_ssbl9DGShs&)`%8DjJ4e$aAdqr6H6o)U+{EHM=# z|I&1!+4rg5ozW)+d{m5=vn4 z@K|qcUO;%Xu~(EuvqjA|*>5=2pp(PLX`)x6`}LqOCup4Rdv|{OV?BP<1Fd;>rO&D% zN711KLtBVlGm{I3QuP$7FgLI1BiBT>2_VV*z&0}QZp1GMJTY_jWJ5` z53cgul0LJ(62VacKQjFiU>EmnTN_ge!yumgo-qx{bUPBy4uRWR*PmPtPdll=*z;f? zaeHNC)d#RUPRjrTkeMd&#E9_Qm#p1p+KIWWg`rNqGlvO+1l6fna4$A5%TBFiclx&G>=ObnqsRgRRTPh z&7mqyKLwTO3)Y%du*9yCERzK^`}nNfG|8BPvT(&eN%g*d+XN*PpJ!&8&!p*ObqEM9 zWfdxJ!iwgo=le&dncIy6WM(j^Jd4M_F;XUKs>Q(h;bZuQEL)y(wnfayBdtHEoHu{x zf{nL<<5(A?OeX}=fiyu9AMvSpC^aGtZo?+a+i9n4x?;FGH=JLxISdyi5Y5|GA9Is;D;NNZ79YeXTs`( z{X%IrKXUjoUY9pJz4=^pHn7gR;>s~zS_Ic=9*d67(V-i8!rqW0DFtpGrfrZ5=^h*U zPE@p+&`J@Q9M&3nY%PJSk@Mc?=jP4dk4&@i1_eSDQl}WS3T6rP;$~ilY9%H#yVDpZ zs`5T4;l}}!_8l1|_nix?3U+L{^57i}ZQf&EzDSCE0P?puC%3-vyVU+G6&F5Tom_(e z0V}~ok)4wC*rSaob)5<_pPiqKlMPKzu@lMyN1s!e`YHusjoC=BLO|f(*fktK9NXkE_IJxL@mbjZdQK3w; zcm@n~*lTcA79b5{LAmvPoB*OonLXmAezJJ+=h)`!B1cH}8_I~TP~?r1;}aW5 z6;7u;g+2cKk=?i})Q(Kt8^Ls*iX<+Z$V zN^nPg&{C*@|D90EnlMk#n$QFoh=_n09uxvA*rqsCW~y@XbgJB07hzu&y;&#NaZlL; z5|Nl zfuygTHr$TOMT*C>4jb2j5u@uAOTb6L(`^Djub+|8O+B-@Hx*&C(-g-d+-KP%<-A}z z>|TQRu{RfeWph!fg`Jcsw0VaKYHtBgzQ_v*8|Ng8pGn~IVKf0i!;lsO(O_c)Qp zeei9)H;Yq-u*TUvdc9l23TXN!dSlqaun~Lw8rkBfX6)4JWvuPvYF89x32RN35{I{> zSWEf_0a6trMmYI3P#O^^nP+4?4XN%h3GWD$@fG0>YUMIqTeXy)Ejj(DYcZu+zX19{ zJQ-dcuARwOcBlC@vQ7q?2h9x{OKT$*Dyxe&4k#J@fn{FPhM6@}qGgE0y-6#vK2ab1 zv)h`e3@VYL)uWAr#p*nIv^8yJf5V!#OHVrweVS5PwWUS6#Z8vWge~$kp1c)(@K!y! zxJ8{s93NOoAUzQph&DbiC#*I^!YLjO%1d<2I|QfeA&d_XY;Sm7e6qn!Cfx zJcXm*3wj$^uGfvrkP*daY2+^P4T<+CW_!Lj6!=$IIP%F5Z54iKOfwEaF|)QT=T8R-e{}g<_BxnF8-jZk|2MK3Kl5Ip) zM4g6JnUZ5z!5jFp*=KAD+)Kf;=}N8V&MZ*1z|uk+iypXh?UTwcJ(73;UNe8Y^b1qJ zpV~|09zps59zQ*{eXbRA(8Nt^0%1^fOVI3t$$G!)OXujO`Bhi%D;>`r0!U#fdAFthmhC$Jd9`eeUA z@6v*68AXvv?eS*(Bbr8*c3eJFP>WmZcL8Y%H8erxX;`N>jp*I0XFwZRBz$Gr86HE> z)RkS<_1;F|<`8D@J4hGMoA2PVpi?D?mPfMjQ7LasRh+yP1uI$#M8&jC9fc&Hn>7_w zE^f9XEO~=-T951FA1JJ$WsIgEn@U!kyQnI#&^Bu#yXG0(!0b?oW6KrvwX1-T1~H!| zD$Y$A%9Z93HP(q#Uf9SJ^O$~)f%(|5RYYv)yN{W5)s{M8hV}Z}=+?ydN88Wi>oRw~IK+3-qrL>b>c@$8>+wOjunU zD&oUwBP1b*O76X@PLRgjRUFnsB&3gd`vY6r$PU_j%}D@+ST4kLZ9Gnn7Z~l9Plb%R z!iwuGZMycb+@2kiiNi9o21pxP2r?}C{5mhWV1mg3nCM{7{U0<*y9Girs!Oa@a1Gg zuFV>N7!mF`a->ojT6@-t7D$%x= zn(D?WLh17DL~sew2%&1~b8s)t6#Ozjc;oQj+lG>vK;m>#zpo*t0AKHrhwBWKhBIEV&ySu~jiB!K2*ZVl}v#OrQ^5Tr(Rw zsYoc}?UuUdORj-lIKGQwC^WBbQ_OlzD!VfCf9d2h{<5zbyW&EV@7<+opc4IP!(oS` zho^HWi5X7>y(~PnOAQ&I-(wZ*TRI?Lr1jN$DH zm(d?hzp$kqdHr-hTa@OaRKfm95{`ddT48chB)Znvw?#pMav30Ak^Zw`sI+Nwb1h`n zuB0*t-5W1ojv=#YQqjHpqrL~vMlDM9iW}#<7r>HFA59gnw5Q=3am4V$?9fx}XsP@z zk{`K?z|Ov)43Nt16t2i?{i){Yczw3S;wmF_-7Q*msOEdp4wDT8BQ>){_Y9ttqnaCP z9u@8yl5f$u>Txs=>M8CJf#-6JHuA5;I_~>ehuJk?X(ueebNbVykd&27UOpvHL9&s9 zeurOX#&WW-^$SKH1+g0_>e(W^nATVuT&(|o2qJvK*(eI#^d{zC@|bzFNSbP?P9|n} zS9+5?=1RGh^cNJ7*r%J&7?+DeU+c@U=bdB|N(FA}`I5ekZiGAWf=<}%rdpP(rlz^5 z3N5-#l~MlRx3vm4w-;(DV);EAGwv~I#`8jZ<7w(}9j$RE3bm<-QLU5GjL4z5F>Fl+ z1yh~71p+|_-TA}0PPFbRKU9NwX(|_q!P_o`p3E7#sn{L)D)6%Kf>x%5q(O20gIKpME_N zFN682Bg|+24({w%3q#kFv0tzI zyl)B7CtG*p-gy0+{kjj-W6>uN6W+M|20nux2C6$AaLM(RYjMjczt`DKk~nSJY%-!P3W|afcF#f#%6P#vefb z8&8_rjNI@-*6b9^No46hA!M5dHM2(>G;9%!#1_-U9DEhvsWTQ$e4&}Ld_%gaNu(T` zW#&vQK=|n~Wkl2sy60`LZydjeK^g<`(>cgfp!0&wt7O^V4Bx)< z>lT$LInyNf9$jTbi31SeNY2>=z6D11HkjsCj#4~ zC0+T#0*#=&ICPdOk=*9i#wffEaYc|}nqNdBWGI4)OTG>5d-z_g{@jz5Q&ik-l~=F3 z4{koNN|B4A8ql{#F39hKu@u^69s|e01I4HGSjeA22?=xi+lgNplrp$e|SjB?|XXxoEyR3kA z%HoGaZtBtUeQRq1NU!j%Hpp_%<4YDAAYuyPo705QTi~@H3YW>@{>TD$`3cXrV&2<6 zwzIG)GKgnytPlYi@RSa24QDw7NbFR|l9&Q>x)kjiG=w#$*U>;ca$D)|bum@c<6*nj zs2lpg>xAnqfuC2J%^FW0P3K@LE0nIAP{S4-zjT0rgIabu(yT#bC(mvbZnfFQVplh* zR-wHA{wF~7i-=Ddwpp@YgWhb>(!ViS>P0l0P4;8T-8D@zV8^0TGt1tb`-N8Qs&`}^ zKn(f#8FDqcn25v-sNH8);ihuXrCWV_-OUedY(OCjeF~#Nd}%1PtW!yErc3WcaHL^s zZW#@)3LqPW#|*#~5JlukU3A_vczF!}V~YiCC11F+OF{#YM#AbwOul{*CuC2K*3m^- z15ZYAUaH&}klpILC;R`}27H;F zd&$1$M#3x-RnFIIII~Xe!hXE!_s&7;w5;k)diAG&LE<55$sH$cX{1as{9Mh*LXaF+ z^SuJaZ_EWJ+Hc(~2WBtSmDAa7Cx8@xD#8>DE8p>l)yx-rbDww*1kxU(TJmtTY&XKx z?WGm4Iu5$XO3VO^WVHE}Oxx&z;6Lsw4%7-kyVwDtkMsYF0ZL%`k$&Y_U*CIRAy6bl z9z}6w?_JP}+cH(?nM+&fCt-G#%f4+0%MUdq!RkysdCR9N$Q=%4GD(Qa7LLlgEharp zIkk9H*dNF%;)Jo~#3pdFF*(PXz)31<@qlY@_Yzlku98ByOTm*sO0%t>4jH7aU?)@+ zw;ry#Fq$+l|Dd}mHO)2Z0^phuq43O;C7c7Q8J>8%cUNEambG~MLo=WGT2#`-VfW?a z{R$E&^UiukEk!ORv7VKpD~bqLLqQ1F6{6DTBKeF8|ErxlhKs%AiBsgJ`Md|W_0nP2 zOdyRWMw1#Z7R5=FQ^-;%jloQnnu}!uk$AmNnU0NxGZtwAn)X{*LNxV0``y8)ICoHi zP?2^-H}`3~G5>fP+y{n^*S$U)U?qbS@I!EC;I-okBaUE5yJ=i41|0CWYkh{8emfy% zJ1!sAx>p1)S`!J@@y1kr&Oo{6J4&|r$QReD1wnT^RH7(V5@th4f0OgB0lRDio$rOH zZWy(3muxx-_qYwuT3VVJOQgh?tc3{!Zfugi@Iyg}RyB8sB`9e1Id*rut$j{tG#t=L z*|%OdYrC|UsOabIEA?@q;itwH9HuzH{>Z1alNo)a+yg?J4inXMZq6 z7oqclmGIqFIfbTnW@N91+1_6Yr)MOS0EUj4L`4TS)c)T*(F^8>h+99Q3wlHuEx1m8_PWg^#vdYCir9XxVeVO z`5Kzvw=FDxX*pgrN!C(TDKzh3*JXoZwoZKj5gsEQy_6e{$ZapXRY<43m;F&INr-ns zb$rL?tiuI`Mm35XP3$L4(_MPob!<^iwljQ!JhezYZMj6LCX0A5%&$U4nrYGc?9)Ei zZev?sC$4Vz(Yv>NLs$$_35BOAJG1Y9R~Ah_6%UPz5W&rl8Wf@xeeI&x*`lcm~)t(=ext`&HOqGzi&kJQClpb(BEw3`Y( z?3K7fk%@fhRl|+&x^U?(tM4GRGSS1?I$wkXu*`8B@+Qi9dm=-MgeR^vF>{eZkHdOW zy|LMhS@WTAjz>&f#kZgI1AmASHerJ^C-X!eE&H}mam=O>NyYabrXjM-Li^_NF4bfm zxm`1UQ)A0_I{GdZc&4)oPZ}T&0)xFUv=Q^apqQ7kFiu>+F=r%+QmXQHcHgvhc{2vG zmSyE!d+0wF&DbvD9?RNtr-#$YXm^R_!Ot2Z3w(34&VW0EA#D3uQuss(*(&cMA>{cX zaOD73UondwvaCR=L5tXzPBPtK<4_9jMpyVcGP|rQq4?1*Lrc?SSHLhH!@`(j1SGPUXy0&jYsXNbHhbXE za6BDyNO@)mRCPPEf65XKLfcn?m|PGkm^ASP<~k7`3GjhQ0p4|_0nL~>k z3_I0;-U!nKX9l1UntE)COhqFq;YSCjw?SHwtnrLVeiiO;1waEW8B>WJ?J8VqS_GVc zfh~dGKE*e|bX}6Ik(zwO+Gc#olvF#R74OW5*lzPV;JO(p)UuIF$z(!`MKJ_)u1@#4 zX29atpZwCLk;+AopX`Dl<`mT-Nh-@3sd`qx!#5dVoXksU-kx=vwV`1}(Y=v^l2k9G z=_y8Dj3y}LRPiH?`6(hY-4a|3$~PB>ab7;6u(RH@^rZroDDpYZB4_S91YwEC)P!Dh zy*%+n>|M6i);P3jPM*x%#t|1BBo#c1*z{S%{!Dpq@3NwvY*V03bji0dn21l$@5C92 zIm_LbvcI4v&%VJ8f-h9r{A6=kuLA}3O|kOPbqLiQ16_9F3HHY=PppK}V3TRvh~0Ho{za+b~h948@CxZ1sX0(ky_J zqAH}KY=*6atog$Ipq4w3`8AFf#`@j70))!fjcXlC$gsU6pTnV0gL*(U43@U$(TSsV zu^;_XTR^y^0Kv3PNp8c*HoTgz2{&qvaA&$y7_vpp(c8WW8D%bv(L)P52~03%8&PZT zT0~BYSK`{MIo*f7yvDLNJIL`1AxgijpOV`)<*{P z6U06GnAsk+Twm9W=+WAN^q6`6Ru1N|#YHp(!;c6K1WGG*%5N4H8ER{5WYugF?6Tc| zatsPQn*M@Hr{UKbTg4?evT%tcj=`N1){=u(#itwo%Ak$F8dhd=J3xRZg6h12ek!oR z8x>Enpx1EG_ZhbTVv0h*o4d>~vk(n}F3^p$>VPt*r|e!f;p(%*zGxuv#bb0nU0D;A zq8SR!0x&}ICCZ-%(D3tz6erH@Xz_!4q~U<-St2T?u8rYdmS%if#=2vs7vuMgeyUDo z-joywBja~hD0g)x6)0$sMI;4L^cdEL%Ia`ii+}qfpfj7Yu6DXPGlLJWBGWE!U(^9R zC#Cg5lS-p|0;kScyuBd9;LFT75!~|anArjh)r8$PfII__7^;%6FLW*cd^*43#rIS zqQ*=YkVc*ZSGp=zWC@*Y>x+R_ErJKWSXX@XEgG8#5C0vSe()EQUK*r*hL!B5PA6C+ zqC(plVs2~r=~5BNI7{q*BnU8B%HVGR|hF86Fv+19rcP&(IT^36lPdS9g+A+N0T^ljE!EI`{6fd?+cbbL`ntr_6(;Kswyc=(=;?Xp@pTirUo7CVM#o$ z&`WBI!j^NcjuEznl=3m}A)E1MUT)RNAGXxggz2g2DRWIi<-;dHMuQsW_m|q?v9i!P2Q)-5-!;rQ05! zXmQjK_QL?5CVHt%J;qwDu>%@Jq(7CrKm+7cF>)sl4O@d8Fwg5N@~OkmR%@PqZY9zl z2)A2Cdu%SdTtyHk*la!KNG4)uX<*XjxMI)HIhnklC=iY;U25*I1l0<@8Wu7Yn=u-B|MX9 zvkdVn!m_unOh~>66~-Y)MX`B6){8YzCFU*MP`|}B1Z)rr=CKn^n|=RrT1(ll22l|h z!C|!EGoH!CmxZ^fD|xdo>->tlWbCSa8AB3oKUEP9_p<^shcl%U$=z*|Znc;Hz0tWW zZ`u+3k49&CX^26DDf+)PI+vUUh-4^LWd2*DvxB0>&#uGwM(0!&%$x}1B41Q)34{nO zqXt_R9bPJr4X3N2f&~sj0V1MEc8<0d=@vEe!{a%U=5{${Z9C{)H zjWM_9faJ3G`M}`7;ke1-V+8eD#yf5;g?qX6JTX^|nL8ZA@>s%xXE**w3^}{`EtyK& z0G%qd(@Ey_kDYt`W?FYlPrvTNI>DR3Dfuk5y&K||?H&ET_ruQjp0Jl@(38S#>D!a& zUFlBYUr=vY=P#cwmdPA68U!MrL>bFuTGGTaD!gYZ%Bd^4HX+yPXPh$QG_0dfYZfvk z`m^Ldw6cxi@s_bxZ1Y(z^pWCsLt!dXNTAhJ2mj*({Gvcj{?G$C4lmXLT7i}t6lSh% z;7${~W_EVrg^pyNe-)o8s#7$ah`Xd1&GAhBJar^4HD^#0j&>e$Bt@0AbTg9+i%&sz zF7izV$a$86Pd^cI)1$iPl1Zr$QCC5Ne>SPoTdLkxQELK$3LIVg$m$aoVBuZQO>{m+ zN=HcCD4T{>S)otLm)7P_EmN*Iyp8nHczQN%0yz-{Wf6(iE{s;z9m%8XBoIF9oiW1f z;#bEJ$V92wIt7_$xbUxjaVtYdpS@*#M8db z#%;?lU6l!khJ=N~21bQBRDT5L`xaE)l*mM5diX7Fo#R@U$R{uUMMBccY`St>PzC() z8Ej6?p-F74GR7$UyJS}kG%XE`UyC~|+`5!aXxGVmPx5e0b~A{DgnSDrB~c2v)jOL^ z`>ijVlo$8wHTAg6hQm$U?I}IBB(-lrkd&ZHXmst$!(obsHi(7EAeG%bBCfpY`EBT3 z7VrQAEyj?iuYO`GvS1-GSG5~O;S>ew$?y4IPKNH#&nudP!uJ}NLFg!2@ZP->3cTP= zs6*w(r1tkSFo-)Il zRTUMqppi)v+$E(fupV5OfjLq3{|98wKZ~aS6UXI0rhyT{mB(= zcu}ooDX$v?%HpM;UE)@;9ZC9?F+Cje+L!?B0%ccsID*2vKW4ZO%6*U3X8k1xg@!3u zGRT@VW2%^Pbb?s}QNgEyEkikQkZ-()P~!E0MnSd^X6jQ|#qq@M+`vz)`AkP>-=+TO zF}P-47a~k`Q+mh%yM@Ma3^fi*t2S2M1y;EkA;JQZj?`FkwxP{F2h@p?Ea98Eczkzr zv?KX^!qbTj5*A2QRF)=C(&#_F{ws{=KOWt`OvV3L7y zGZrF++~2FU#O~0n`x-lPz?#`)zeH|WXwb?;3gn4}rWh_ZaPuv9z<-CC8KTKU6h$aK zhGZct?%2<}=XvohZQ-?K1q{9L4HD<{>+Wlg@r}1T2mu<^HaPzUw^M z3Z7F;CTFJJkA0?UANJ->Q5Ri=azf}JUt|DC-Kq%{L6q%IN_2efN8GJRLo4Dx3MZeqi1iV@G_5Oh z=Sl*DcxX#nu@S{@g*Vc6k5+gLR3~t9jJ`?5N(CG>Zi&5S59f5y#TRwDxD0w!9?s1s z8;fGNEv1wytZF-6@uJwoGXkR3sJs_>{R9?KM?{fS;&Yl-rR;5?S>4eyOJ)n{SAE-= ztAp%9K$x7ou_6DbFYI)1n0|sg($$TPB?cl2RJXs-qq&)E=r` zC=to~+a518A&-`Ne8efz4oaUB3$0?0RnF{q(Lz>p+t2tl<7<)UKjnG^A<;JVVw2I7 zG}!;-?g^hpD%s+OelZmwl)j!=6`rT>g(CxHB_E1WE1``uz>TO zFG?)+BwfKBEqD39Lnu+&7DDWwNB1&6U1j-nw`=h~__-5nk-+O?jWFt>%59;9Psy0q zlrjjy2ViN=SG<>C+XA5CXg3B-)-F9)s*U4)zcFLeI{K6HK6v=+>#eVy=YCHR-edeB z3O5S+nsRu53LtlOpy2}t``Jy6c;kvK8Y5eBMr!l7T2k;4T+p`572am`cUUtQCLSbx z5Ag?imqlF&!v6);b!mGqFMivx!S|r1df8iKgq@MkH{M(rtMf_5v8j<^7uIPbS5j3& zZz$D$487ag>!mqwZ??^Fmz0-VCMD6McUs+-IC8s9`m|!mv8%ui{7FXlr%h$CKQjYk z7g@Z5!ifr8hS@;@j{#`I9K&y~7;3RJm(jvfN^^<%`we}=rphtka(lXRUon3k)Yqb% zaU0ej$Z;5LSXr=u(K?Tc)7GCMIZh4vU(HQ~_!iq4&B zcCCtKwN1-4f)Z%rDis9u6QmSh{fxCdii0e#E-#_cKwpUDZ&~Y+t7f+v=Z3b2d~i+U zV6+C<02wccw2n8P6nn|3rg+9zl{w%M_8*=$a+{BQQ7!msf_z1+n(PBpzPZ*pZiWY0 z&`1}2v1Kb;jmKps!1PApafI>Evbi#;l?{J7B-XfI7qpC?pJz{MTt97v`dT6!et~K$ znGRb>CmsYNU?lZ*&ID5x5P@HvrJUP-5Kc2;43tdGiek(9{!v}WGjj+V4TX9EN&s(i zOx@B)Pb%E%RM}kM&mcMBq6;7`QR&2HhNm5#YKE=G%C98$MZu0(dsK5hUQIqX7Jjj) z3DZ9lj2c#OuA`L0R8^udsYa?r-MDi2Wg72l1Z(U{U2jz8p6{x12)q=_l z$0c(&1TJG*mpGB@~PVjoXLj(_&P8ZNV5^o7b}F) zGP+rJ4N8IfTZ_joBIyhGsq_4V;A@-h+A-Y%@tU}drMg-s>jwBQY)qC2LY=>Hj13(x zW|RppNz2C=tv+Y)K687@zK$FRucjz+P8Q5qJ#sp#^Mg@T63P&HH7C7eube9<0Sq_v zKAvLFL-br&O)Mi7FvKGqGv_Hpq^=DZxdHwZ_(}fhBP}|1jLN-7TuybY1RqkK0>%SX z$|(RR+*at_)m8_OLd&35Z+>)Dp@}590+gCb=|)4op*>q7p^h2m&Bg{1rSz5;R)&c1 zbN#$XzXO-it?!#lwNgv%$ZhQF2YO~WX4~pK;Owkms)?@=iM4Iczihm!wVUY=JDI@& zUs#EeLQOGdW4?I+@1xUfS7cEap0OrNQVkeIwDcehn#|INR_^_t6|k*Xkp zZ>s4SRfIL}w}_4X1Uk|g>nHF0#0`g}Q98G2D0g8xe71P2FtH?SnHH(a5htC0f}{V3 zG@1Vi2JnB|rT@_z`Df@MmR{HS7Oj5Sg{9EXyHv@R$Rt6?I*|{Bx|YFMNN~Qj@a3V_ zc-o?-(l=`11Nvf)Jo2Hgp{htID-?4892b*X`#%lvUp+sral0j{R(h)|Gc3AH0jKrq43Jt6(J+4B}GYLdXv7_EfCn1A}Uq9I5H77k<8 zOBn`>Y6}X4T=(D2oYP-W@}H+Tx#!=^G1Q+M9HS71n7GKcAu~F>a?*@tKZ(mMa!6sS zqIbrm!gJX}b1k9vGr{FVEfxqUtJ74^UqlE8F|tgAwng3ypMbBhzy5+cIIevx(GY99 zBY#9Z{|jnjR{Q2-iND>k=ugbGzo3%ys`tY_-p3|GWdIyKz z7=Lla^&^^KC1m#a-7(T1xo5#ajQIEF_xC3MUo>Xn2a5*74i@+uF&P(&c3ft>S98s? zbQ>x$H?{oq?K^^4BiP+I3=|BxGi=Mta-t-;yoD_)uvjCMXnsfU37}|~|2${&KS}5O zeF^?Q&FcOCN&)_T^FPzN|1Zr(__~*PZeqA!jX3#ibQs#RDePR-VFir;y(|ZUDK5+S z6l}JPm4!tJu^$g1YJjkDvIKh5iMLA0L)z z%geFV31z=i>Fn2$f;VL6S|2XA+Bl%Fc|r7>BP-=RSv1^$u(?WjO9Zi1Y6NtQ(-tL$ z|3Pwjpwa7--+(&2xXMe={lpzubTsJon2e}fLQwpf>x%20$j5TnFn<-N_{(zOKh3uO z-(8-|f;=vsMjg``DYLS7w8~pZ?jLY#Qmm*|a#$4ia!|2jYZcW@h9%@gWrc`xY|*2j zHcLzHMx_qr5UZF1aa;R4PI~7Sx<;@&_x8QOfupA%geE>AL+l?{F(@7?#JdDS=M_>8l+MmX3`Ezcx!38f*iI*(#sXC{ASAFtTo@6|1 zL{L@@7E%n11_VN^lk_ujwCs6AReD2XO;ym)9v!!6B?8msuBs2e+xv5e7Qq9Xg87qo zkgmnI4=Mox-bq0N8|^{PoPu{dXTCAQfqMCIo6d|=IsDZzYm6_DLb10W4X>=|qFrP_ zLd%xQ6Rq2&T(<{byxZw8joYb~FFaFE*3^~w*fRy(g|}0``|sv{9|WvFy6tTpBpL_k z<&;l##5Tz9VOQ`Un{2cl7Ia@b9Tf|=&&<5>O0ckd2)(Cw$VPl!bukz*;Q%wO5EWHC zY)L!YA3}$~@iUQL#IW_fHE%HYHULWxV-5QQTMH&oXlJ$G%4EXMXYhj|P~WO^I`Ff4 z6>Iu~b+zijgYj&tJNdWmKKwGj{;LCg+GlcYz~@f#p4ty*{U#p2pVVi5FQ&nn4zk15 zEZASkY9j;SLQEbLVeO*uaK^?`3}FsS>SmFQKUG<1ihbD^Ae6|mp3It{=K5;7cVTwo zpnUzJOy9PjWb5<9_lrjCT^x2W^3$oYtaJ5!qbu^xx5{hVUGD%uU_H6pVId9g!P-*p z?b~e;uXK-1ttgWp7BB>l3y6pM0dYiq{7OLJA4q0}cS4W_2}_LK?}-ngk+mf8a% znu@%jl64fQ?{PU&F`2CstOtQ+eZR8_Oo*K$#GO@^+gDfGRgBtjD@I2j-#;qqiORwI z(+LtH$0Lrr=;ye`dhg0%L6(+Q!#eu{##*-U()`mBq4Swmhk--`H4Q(`mh@2~!=GZEgkMHaLgXO%O2lJp`^ z=7B5LG6)l~^FHM}YkPqj?|6*=6LwbeWUa_fh>Z_9TnjS-ld*Ve=(YOF(z_H z9}TN3YuiqV%>LE9P_#(x+Dl?q%g4ovc@hrcov9{7`|IU6M<^MNnp+R%hbY3R7?so& zSW2)>PJ}fFj7{O_@W$%XeqeG6aQ(7>RcJ)nwbKuD)aZa;T`kl}u$Y;Q;&;%L=kLH> zmA25=>9mH}zh{R-)u6)Yg$z&=#B> zQN=~CsjM#M%VV{42h|>9;K2=z%CtO?SezqiNOF)r?~jcgB(FqLn7DUZWcNM2`a1*r z`yoah?W5{?m_%`RKl>(<7i}f9ScztZLyU7w+Rv<|L7M47OxEMJrt> z`qcA8Crxs@?{>bt*Aw3>+?Hkyb({VjvAi~IdfB#@XU$GBaXjdy*W#*UZce$mi$g?O|ciJQx^TH)v$F~_MOY2%&TPp zBMAHVpm|ZVwE^Sw!rgi1FPG1>1RT;BPRAAF;D#l554{%NiqX~8oMKFJF@q)vTq`m= z{;sovZUJJqCH#G_#A*~b3$3VLZif`ou18@k1u-nfsbG7rLQ5a zKM2w_@Yc=1b=j=06)aq>E;A-V(=BpMm^-*t;m`!*vA?=rX9IAKY^IS~3|Xu{FYp@i zu|`FU$Vo5r99L=%2Sc=i=aW zyXdT{E&Qr1h#&+nUu6|MC?`}@?TbJvu{E2lm9k7>yA(lQb&7F|u2S6Q0nyO=fd6!Wp9kmSd( zAvZ3SQ`)FItnRYtgt*wSSPDanqJN{gHS_FbPxw!yF?6%?;^LC1sQ9U0X$ zrlkg`7-hxgHC2c7wf7AhlO9*-D;cGS6=1`gbt>vNbgqQj#zG_>V0NbqQm5~6a# z?SMo(4=89h%;UVq)HtfqhdyK-q}_qjV-N%$-_G5{7(`FjV%G*=+LpSqy72mM$`H9Y z;xjblWl}aK;d>cOF#zGwKZ2)DH1gI?Wm5MJ__2Q-1gdxN&XS`okhJpaH)q>DJ+{!W@aIiO0jGp& z*9C_7HElh?KsO{1Id|mXxqJV=|MFi9O0z)78}?sN!=L-nG?aDzPZ*hS@^!`j z>_#`QdI^PS54PDjgDb?I9co)5+xf_N8Etq??SS)rqI%Rb0;D*q>(3jiIhd$^9!=9R z`@h9@nLGD=+?!6^v)Y@dM5@P^?i-w(g31_7ec2(GT`s&ISbGZvwu1Ef2RxT3uqlnz zGLs8tq@TDhs=g@XYl|wrAhOgR*F0qu$`{0Ud*{aLvegtC$_Q-gMm~cy@@nXn8B$RG zg4&GB#H7T;;J?R>+!qK!#E*zs*ROVpAk&lZl<;|n|2aP7c2pnmaw2$&fv*dXcyG7P zyF#P$Pu{xrTc1b=<|ORpG-bvvS~6tj z#5J7qQfPAHa^J|)#$+7$K0O2_9#&K1@=fD9+u9lACa9>4l^ev}<>ba@>|Y#B^fcHL zp=WzbDl2mRY}7lyuxZ$y;Z=(S^L8E68FSjfnaeIaYCH3;p`FCo>S)Na$*91Mh@yU- zM{8cWe3=LPnzaAS5B}y13CNmQT1sOTtZ;JFXItbp`jsrQdS`!=#2;f<-1d_0G$zkq z?Bsa!R_NNS%dnt4m)YMkR?Y6<8r7)KJYkCMVHq+v;+`PBvuTo6{y1Ux(~nBvRVA2G zK|LGFf)!@bhprBscfL-k!;;m|ZK;Q>QbnCJ8FT|PY_;k((Eli*9Gvc4)Wz!x7ANR5 zrLn`TCHKndsIO2N3+QNgbRaqX-cl(%AZnBB9=*{5=mK;tN}?Ll!~XF5NG%H)#jZ;-lt37rpubJ%<)EHTYb#+=(_~yA@HDCStG>@erZcvnOjDM{(u5`X9Fy5#ISu2Qm8KQXaNqTWSN9lA*fQ8udaoWLJFQ_ZU*OEqZ<-AS|f6YdsRb zwJDbg;cM7wc}JFb%lOSlDwkEg1SUH>XNhe%we_6?+yiA9LOczMa*HvAqr@}*1dUH0 z6{arDu7B}LM;e0LZm7l?(G99$80lgNV{46c3y*~+M)*CX;*PUAPx^C^R5!4(YArC@ z=VjaA&b(M;rzK#n$Y`w0YUHOT_?rvZ-%4VhLB;T3>OHPlXf8@OjJq*SPe3tAJhDp= z@TKZ0WKR`QRlG2rYlV#(qDjbQiYRIMWz%}5^vGPOt6~VXYPmgGX0sM-`W(z^91;KR zX6xz$#YtSAF)$~mS~b9_($Ofxbi4k;xoEx4p>9~lA-d63AP*iM+P2lSMqrBcN5Q24X(Z-! z!}00JXqAD_TG(FY4mLk09>khIv%F*bavp)Mlpop}^z8=MnrOsWi+a4(r^JXB*ThUmnytD&{h|=?v+MVYdexuAtXt7n!WA(U{tsDu$NFSWGOQ7KZw6 zirx-Dlr8zo(>UlFjJsKyei28u#8x0M5D3Krlr0S=10FYLtJY2FpF|~ee5{|-e0Fn} z_27gm^L{+#`S0;fzxO(~;L|VMQF5$M^DVBy85_(<@`9C^qg$tj-`cnqIUyI$15f66 zVhW26HU?j0%q&FSBkw>-u3sQ1jU$>1vcm@B{d+jBhw!!E< zs-W^e=xb}f{6H-=*^0G~QzpX#nkd-o+hLw094PtlSx?J3m1y}YRKp#4b#6*uGSY{V`6Kss)o;83XLH-*=;*`HZspy)@K!&k zPn)t@Z-GcW>9BH+86IS4b(?9@QNyY*52UJ>cRwY z{s~;j;}Cc*v+ULnjAEID-H)?{1fp%DnS|q_!eCM7ZHdn>x$_s?SHDA?1ukIJvZNM6 zZ#<9vQf&AbSZgdUezT1*T`E{2OuJP9ceTufklz);8s2MlA!U2}b?9T`_Z0CZwS@^S zDeamPa*Rn#6X|RL3+cqR^O+YYhMg3#*4c{@I_g~!)&&g)wHMNSMo%`Wo+`BMg}67XaK%8lC+!pgW5U5~exeo%M?DpLFa!~~#Gg!>bPQKA z+I*<#7h2%d1`*M&?K|q&{A4OLo%rUh>7rm{>Q*O#Z|<`jz8%YjWNjk-a>W|=LEUh2 zVi3@h4!|^!zBN03b6|MvMJLLZsBwk75pM!ym`7L>j`dXab+jFE3dwZxX=ZZW;kz$gJ^4{zT?m=&aInL6Pw?W!SOJ!Z2zOeQ7N8JRxs~ za!Ka0=#IwNSXxh(;{OGDOl=>dM{eWnx#ih&l_#!HX!sKefYP4eE_9J+(xZtff(sq$ zt)(K9Bm1a^L8O3vGR5W@THl2Er}n5{&@n5|xwjj?81}L)T-|vfH8Zhi2ya@}^pc{Q zm-LJ+1Aia-;ir60>h=uXckX@30uBuSuWDP>bC-JvR}tls?RV1jst@ZwrbHDo7!d9x zWR(+f43fM@tM)foGeuY_pt2sM@W#m_bBKH)Zo@5llIkjr!wWn%$8{lbF3BG3_rX&?VKdH>GO2i9Rwk!xP4~7_$vP6~*l6 z_AC=a*NdXMfz1MkA|a9Ce`V83JmQ z`%rad?gM@X{0oHa-DeK(+jx1D{|gHF?Vekb{oewP|1QS(U(e%5Bv9Q=y#j=~ zjL+Rcf*k`hWVb)x8nLTaekV02H9DPS`95Ft2)qMp^h<$6j~}$+g8%V+Ouo-7QeMIo z_D&S!ikg$9mtlDt>H13MAN14GF$C0ve(NIaSq0j1eH8!V9G86$?r)qJ33Bpz!5-81 z|CZ~|mbscQ-ci+d3we*s-X?06B!1s!ZTf&YM9EH_caB@^pO(l}PyP(5zCPElH8b)= zc!8PF!JBct*2?_wR$-j|s-jX3z?SgG8owL{mC86I5Q&ExVr!@Msn>-G2RR2B=Sb2s z$HrcDXBT-hDxj$0vPD+p{`Bl7cTLq!{X;?Tz~RwB@rj_=jMaU)dwO%ZSyM4m68|Fq z?US@Q4Pr9q7F((>=|3=zd2E`fuU!DXD?jd+^w?-P*;O_1kq;b~- zcelpf-JM{KLxA8;Bf;GXS!U<|+nSx4t*za8*KfM3>v{U=`@QF$b3VnBYKa|QV~-j- zS2VQ)R!l;f08!9DxT*l5Jy*Q1Urw?$J{$?&;ZS>cFC!P2+)Vc7w=7P|rTtaEV$YOd~2@L4%M zJL{=ADi{I)zS^YbrH)+HBN}%6gD9!@cgnoc(#wja<@Dz@EMDXBT-M@|+lxs#E3t`#Tt>lrYv}$REIlyi! zlMTq)sJyj-Un=>=+*=^%X5=c%fOog!aUJZ44_;*BnJ{Qs?3BvkG^FLu35cm$nKn~# z%lmYi<$}8S5TZ+UK~gxHeqS^Bk`bD$PqS{Xt^VU4mIU}CSr`6VkLkxfl%w2YV73Gf zA^0-~`HmBR1MD9!;i-KOfxl@E+P?9^6H)zs0(#KFBmL65TH)%&<7UOGxCWUhNi!?T z8)&t%@04dCVbAgf`&E`;22XabkL8BmQ;*!8+G3v)(e0uci?3p-BQRspj*Lh_YQLk$ zF;RT`6QXF?DYA(;D|*O$EE|bDJO)7+X$XnGKb~{bA9Dx3!!+IfK=cdWN89Vojr*KZ z5U(fyJHYKKYwLAjTIlC_=8zUA=r-aV)dUQDgB?iYOFMhrAnPz2Bi;E_*_g90muy5H zTjlfKghYZPN4*erPp3}w3Dkuxh4ci|R9_tb8UKEy$geI;*W7nnq|w(kdQ&~HaiqQW zgk*9N)VX0KXlCYKa-)}a3BGKx!tZ*!IVV%L@sGQqMFllVNEQOu^prz}AZevUtAb{N zX0!Bdu0VRyh7|@}6Vw(2i}y%0a_XF2OkL2ujX8JGViEIHbxn|qVjR5vperYVaZ{+D z6aMn%QZG->MVDPz?$!?b6>joEwosr)4*#7+4|Gs>UZyqIb+6%E*og1knumqpFa5;q z{mDX^694>+%#u-#U(r;a!4GTBgg`Ek9|SVY8qB_T5KKyrkS=u$zco6Dw9N1xDAIQd zN>WXjw6t4&wf`6#`e?MA-j%KCtu(ahWtR?`&+U^P5qXD9O|(Go8|!Sn<(+dbny=>Z zp;ZXI4PGziZx(8S=FfIZ;hS^+rJ>x!d0F~hjR?Ao3f6p28(}iqIrL-4S+=$_j^i@` z0473T1vy&&qW;o%*yy6UWbXZw9}lJmLVt z^0)0{tHHng1W;1e_hZ#D07loP^K#ad?WMy<0Chvcs8JM*RO+v`h|^5`(cuYY9A}5{ zm=sNuz|d)V70+b*6+f`IW{Sh)j2n(jgIe#&StYd%xzH{II-5N#8adrZ>H>q@X6t!n zmgZCQ;8R#({xMuI&;ADG;Ol4dA))iVyFS0}(pZwM$7It7`ONiDWMzdAO^>8x*stk( zt%6n?BsUZA8eF?Gx~k*wE<5y!mh@-AKa;%S81vu82_To_J4psFdA_o=uGIVaXJLHq z7w}7DE+<*U#7Nr-Q1pP5jaXT4(p~7H>^H3d^Fd|a%_jX_uH|7CWgo7V5(#^g04SMGGTWNyUH3;zs}X#AAMyMi_uU^ub0nm zxYM`2)6NZ6@-_O6em`Q=+GVV<2I}~17R#il#wBd<;@)Tg05+P7$qUZec7&*he{7)U z40jUDNNSEzQC>`SKR zWa)#rQ>Dy^y0;I#6ku$zYRGC(Gaf9KctCd(E7o1BSsFEc2HzlTN#NAavJ#7&;j6Wm zW-Ec2dQiYs@=Z(QdtQURQ5H5Y)k=1AEhm;%e2jT3Nn`~R!{~W6F0;Q#9UMs$ zJ+HTO9~l=BYIuvawK{EJs$XSEt@?nE)o}j{L2_LbT_GWS0rHBbb48=%tU5(g7;%4k z^6yWRtchsl^k6b9h&9ZRfTi=-RxyklhTn#D{;!!v+Vx+lbUX<6d8Kdg1WRATGV7a@ zc2dC%6$uA3B^C4nMa^NeBfj=gKABIj&?u)2iV(iJox}Ihz+;qyb068F_~wAB)c*Dx z+_w^h_BJEqd19NF35H{nG5|i~aqtOkn0Su3yhLEuH@oowuS6`GowZhi-J_jxY)!fa zQdT#12xTOM+wbG8H-8BucE&&O_6d2R7kTQYN&F zuBK+h9~UvEOB1esi+m_Qx(S;e@JP(D_ zRGHNi3tI4zPplZx8*o$JT;{srFa==KKe>qRS%?=S5}?7sn9NLjbnYp>^u)=2fQ~JB zmAtKyG|rl%Pwk&EvhI`jtRqJXsqDxx-%k*UIW~^B`kZ3Rmh z!GlN+(rI78iqQ)_skF~Yty7!bTfSdsi#A5AC7NT=0krhu3Uaa8OwtQ@Qx)A!%mYqY z@=EOX>X!2K*z&y;NC?sJ1a=)Yp#F6X#qO%zTUKM@@`0q=8%yqISlUG}U-Y7>pFJ_w>LSMa_4?rtW>?whcc#at z4l&3*miCi-oBJ@IB9wY~dU4f_I(3oAs))S0^1-{S--a@bRZJ%$zcOp4d6&;u6a;T>>j_8FCQ8*PQn_W2^Z`````D|FRK%I+)oS5P4L7D2PI~ z{V#pxze_6reGU5GAFI8lo(yRf%#73DyQhe8f@50{rI{i+mfImHJGG{tNK{zTHOPm9 zc!3m$zQ)Xe&jNb)t-8*)WkO03Qb3sCcyc+gsFtaWvT~yNK(~u*~*8;+6D6E`$~>sS;p9 z+F#hF02Ht?KijQe zDXeP9^?1B&aDl$s?pv0$V!g3t+Ble3_Q`oWXGp;YO7#3Y^LAz$RNIG+t&({${(v$DUMXIo5XRu#RGftVX;?`c1`&oOhWu?CB!Rk zbbc^%{oTfXO80(~O9gj$k;2+tCOpg0cdcBjgX<%Sk*Sioz8(K!0cLMc+tAdYMS;X* zY3S!=!@NxUSz*Msfx5;3{qZAC_Z`GWPRyFnNGH7L( z4piOU&{B#z$XH1)z}fQ#R11INVPr5=Gi3dv=ki&@S1?lKstGTVM@xPXcXMehtzFnq>--i(rXeX&PFR+*C7S(Hl8Q{~SFY~?=a;Di zfI;Di2b{Ica|cJq8HcNR|E$k^;r`KN^YJmN_WC(JWh9CR^Rg{v)JpP-P#S;2;*s#M zbU_i&KRiT|>mm6J!RH*c-1 zTuNzW#yu>r95Xp{r7)8T`L)0uqPR03ns#kv=KvpD@?GN>R&aa9L2s+LrY*6oXsfBe zj{jpmmLOH-V0nk z0`&C*b~vjcdXrL#Q2yz}7vtX}<5mN&@9d@fxzYPjzbD_{*Wmg-M3KMEjY0*Y{~NEx z4kldh`@WGInX)a}d+`4@I?+*xo?wwOWl0GD8a#$fi8E%(I#Wj&j`wo>@OvgdAkfKW zTH23*gQt1cAdBF>R?jR&VxZX<6c005YG{(Y>~b2D<0PVgYDpe0q#{jxrX8AC6<93S$O9f*2s?(@%heJ0f>IXsGzBM(Cg&)Aohr(3Kv*fnuKqY9 z$(!L9`?hsvvE)v1Fs!0`CZ_}kcr#-Q3uQvJ3%2(zKIdRu(D9{!IyAzEpLVlIZPYv2 z;=Mdw_~wPQ)l~cjQQc>IGQ~$-c~%@1M;Ek$hnL+YxvS^h?75`AAGnkk_2yvvG$1~s zG<6pij{WWc#JxKVuuVcH5q`TCbGFh(VPKic=^WtZ*Bo%-D;sZ;ihhl?#AOX~&JJs6 z{MBhrBncc!j1>Jp&P@!`l?bIpDU6km-8dsIm)PjV6q7p^_`8Px)h zFxk6B37g!6PU8+a?k^8|ds!H@i1+SC>#?MFPl9b186RI!%9EN>yuPhs3zrmseLich zhB7D!$2%GEz2}P9 zJ%>#b2B(6hHD;X@RZoKqjr_^x%!~3xhV4(OX~dz2np^6}an;EQQf4%-#;?x|zO5EO zwTh5Ivjnvde7|Sab;JcZytiH9{b0W^2Yp7XpI#haYJrda??VO#g*1Gx5CDQiBHXRY zj`>CYZe@$uZ`GzQp)l?klm=a_Em^(4b^iGW&f4+o>`#)R>CO0(Kbp>QH(0nNL{G=j29xD1|7)t&=jBI2?mim-%cC zI(XOPAm&37;D{++dCTFCsa9L-GWagz;T-QeKM$0E2Jd_Z`=3QhAZ6DN&s4wb7OwU| z9j7#X9T9;s6;Hme(6_w$JEl9qnl_=3wg&*_RjLSEV0PgAJy}UWT{TVGqIORsbN!d# z*~tp|)pw+?L-m^{RC!|Sk5B4z7q6V6!J}J~@Mq%7=SI&yR4?JmzbZjqA`5>RlOXQ8%KKfb^; z7E$lvR*(eEfa&UTfiv#vGUZPDpys=MMU`7LA*(qViPv{_bN%q(!6CuMHcWJN0N|iX zCy&l7|NqChC$^8eZ#s0aPBc}G%cmv|#sGi~(KK;k!oTON=do~!X*4AB=`e@EB1u5AO8+gHe7Bb-Kwq=a?@(T+_O`%hsNkc|Jw3uXzGw10~smxjvyKwc<3|*IZ6-Wvt}NrQ-->^E-lbqI^n3e$P9MYrzM;U zTdv9@wW4$kTYRIBHFL{hnFl!J5K42dbhjZlx86AWw;FggN(s(}v$*IZ%1cbDb7?_cv`>DNuQq=-s#XJueld*_{w*nH|qoJ`F}8+ ze~tpEyVzBns_EJiqR_T9VJzJjOsfq6qypIE;j6#n;{zhdcZS5+{^;Glp3f96-8tW? zHQ6a^cxee9`1w%^b40A1AKaCdB-h?YE%IAK=J&C8pq!Uswx`-Gq+yF0`x7(*+B+XB z{p?T0OqD?GVP>|n%8K589fJT1{Nm{?abgN$MmZE}bh>4=0WxZ$L@~JtVK{v>PKcMo z!_HIB8BpKHp}|;Kz@p!N*)c9FN?WOFr=>57l9r|TcCFNGmWV^ixQQ=-*xLVK_r<<> zFsXUUK({LC#dqz|F0w7bMkngkM^4G8u{pT(cnJTVk>9m9}HypttD`J zM1-#EA53WSU;RL^@JU?egfC+i)%P&}AD_7?AjfvO`pJi$kutU1ak%NJ^5iWOoh0(2 zNbIN>`-7$_@{}J;r*eoMjt6@QtaF8=x!1crk>kN#*DK;~;|BpsjS!)d2w=QG77KWEieawN>%1H#3{eS|asIPE5#i8nF*9Yg{@ z-I=vCD}p|k9C<~n-FAEFrBx3NjqLC%C`g%JTSqBP8vNoKZdRzZa(0-EXlz(N%g7H= zNnzEvZKNoI3-zjXssC)U+>J}gUoV^rmwEJJ8CUWAEjz!EnlL-?W zJAUF^Z46$aC-p~XVWBRbgiEt?hNBT$d*rLs2COZM0!WM81MEeNJnoMBXc+?A(YQ(IO4Ggw=65 zz>TU381aRX@T-fhB}UokwI^ySeC|MUAinr`Tk-Lf^O(m%N{K*ID6^I_!=>5pELr!0 zvt!h;e1SZedR{e~w=i>bV-hZ5`-<(?dq*4=Mvm+DZ^QAmR2Fsz=`{-U39DZV8-UnW zST-i&cj_knw}Ezyie}s}7kU9CB%5A|;|6j~b(!@!F@=#M6YdaZ0>9IbA|Q+QRjyj%x*OAx?DywP3f(A9q}hl`BPs9h*oa>R0Nr1Pxg*`3xyn=UCRTY#G}+qC+`S zPtvQnoyrkDoRNfCTvB4-lKqHSit@8Koo&)@7AY&D&Oaze8PUBJ7r(E^X%8EYadY`$ z5NZI6MGx>POvLJ+!lnG4Dg}Y9{`*bBjx__ zA@W8FjsIm~2OeLTC4Pzy--#a`Z+wJXZ7A?R4v|8WJMNo(I zes}pWqif6T@-G zBH~0jZJ;n_+vyzNej-ezQ z+VgbPIFPNipj`tDS#~El;&B^Q=T{n@MA4T{!XkY{z%l@gQhahS&s>}8`r7e>-E1H9 z>vuXcH);)UNx`}^OpGi9_^$4%`{Q!0k48g*D3wJGG)doj83+Y%m5IrDGa?g3hdRCw z&@F5_=_Qx=fw=}Pb5ULr`G@4^zGr3xJth*Xs<@8NZ%0;`sz?hwaa;KVXB_M2qeniD z@V+1ZDZ6kS&wfOCr+CxsOmH)wud*;;-O#%s?3Hu zk*a^AL)%mFz`~mMi(D`htt?IKC=LS0&;7JR(qWIg&&%6mLK^ku!x`XjX(#qL_^r{B z?SUd1v@5!f<;HcOOkOffCgm5^tEtJ{i8F4pQ$v8v!!CF4CiX-4ae#+j9xHmBfQ zR^se1H6`mbuJ&4&w0h!3PoWE`9r~0B8)g&fiKlJaqy&pm$Os>Yt4(e7GfLt~6=qb> z1>>RJp8r1*8-jP!!)5#%?%zLV!J1!PW|tH1IfX`gXDhG1&jeHYj1S^S=uC zl8Q~W!>vsXypWN^9$<#i`DQ_kak|T(ru=a^)ra{l*ta|`bGM5Gi*>lo&2&lyOxIHi zVMY}=66Gnrrg}uk4Gk%+^&TcJ-d#kh-y8ga=GoWsAR4SBl;S$(?9be$1Jh4?q)6eZ z@I(E1rs1oD*Q_`+%@@s_xzmkF7+u3U3F#5%h=-^DVAvW~b>mhPl>4PvwKhH>SbLR9 z(B%a*W67sYsYKdY5f}+JJlQG`eXEaQuH3fkkPL58tSMLh`n&ppYZ5H961yP5Inar> zvy_FyY;HG4mJi+(k>7cgZ_Vzue5 z=ih_mjre{vTD0WYBC4-Xv1R5TY%4Aaem^p=-v>K-cVwQ`Q)Ro<4Y7<6%)a=GxDiQS zseYh57H7=Q!5Mqp{Q!swGivT|8?({BVgbR08qw=SZ87>*f<6?1LvN zo#Lo+txeWh(v(0<{)7fYaD~uBX=Jp^jshimcojeec!J4ihoDhNK7lB}AxRZ67KIE=lEN~xo(LC9 zAJ?~BZ2UQN*j6wl#4l z8c&henNPIhnm5QEmO8#1q48#KfrmFYsU%H2x+IN(u*Bh&^qmQbxB{=dttL@2xZb0St zU7w0pcKO-mv#r%B7T9zish7Zl;>XztGsq+uvPs5g?(5uh7TXIt)6`1qKGIMaHrJJ? zY+RXTOZay5GYvELEHZe-;O9fz7ep->=3sc{cE5=|mdf2OueX%;GU``+hNY|m@rN^1 zY3KJUuVO};NYlZ&Uid5675zJ}tEZL;f~%1f@yMRC-PWOZLU6BHWJbr<>^q2jhUu+V z*XW_INVDKdE$BZ_ENt)tNh9Qbf_RIhW~WtW^S-Cy;r`4Fp;<=b`YDVVwX^8|?|a;geyzkLYG60P;^H8eDYE%nS1 zY;pxXTKd#_m$!4NO-Q$!rjq+j3FEuPPMp(bx zIS#`GvJ8^DM+?y(;c{YTWs)Or+w8)hTXpu+c*X@d+ga8~r3+5y~n8RIK15%<*U4M8_S*F#4DsQ%pQqUoaEzTOyPiA>JC#@W1E612cot)zde#jpSp-U!&R z*3zGN$acI3-@gV-U`zmSgg6~s%zNdP3{t=?K4$ZPs2q>1+a=>JWl|~$*SFMOOA!pk z%!gHvz!=7d*AFWq&srmInj(`;|6oWT(%;J7eMVV^W z45rvKGH{9A z4)}g(zz_Vb!n$ntz9Zo=pCRsAJKTD|bRJ#IJcBL6Nf{>u4Vw+}k_V}gQ;tfMiFP*F zhVR!-=gd3cHcr|m4`akK*t%oWs?=~=!DGy3A}N`tdXCK|M)L&RJ?su{yKRoeE_>E` zN_pi2+HKjays=kZTz<6p2XmzV}2BAbJO@a_u=h*D4sqWTpu)!Z~$MP&$bBO zf_){HEqUl@e|P@%q3+Bcl=?WvAcaA#E8FV{xt}}1>qmoS@M8rSjO{1D!lelr4wfaI zo|PI9%U$Yj!o|wL66VrrfXB?c-5ia%J6 zEzB6}R4nbcD9+a6a5hwj*We(~QMU>mHK*moQu?ryMq#@8eme3oyzTKH%$WI@-%4HD zlgoZ@jxNW3^A^nkB_&nm{0=segbf)dRLELr%JQ)7A58XGT!ynYDZqS0(Z_jrM5mTt zVsdgi^&wAQ`6j#mq$QCFNXl(X5iwpH1t3(IB3#YAyxxk8rcFOrQzmK+y{TE=Pj z^WY%cNKS^vc_D*CVfZ~pDF8Lt7l$tDMRu!Qz7ku;#=zwLVnt`IKvIx*2+U&#gr&bGs*{do#s*=oqcZg2 z2mENQB+i8Zk*UTq>==Ceu?@s%J_fu-!9uMUXn-f9^%|EE66f|zDhex_E68H6_e%Vv ziGXF!nFF8YJ9LGN=kl_p=7t{NsMebLIc0{g*AbBW`>XoR>{)MeqeOhgAY?WpK9xa{ zQ0#`SS5*h?1~C=oGe1hF;IDV=tBE6g3KR(rrjUa9`v}Y+L$B13+Y6U+cW6Ttybw0mKwtmyPnU}2&UCW!1bM?z~%~s z-7#|;qkcrySHPk*S*Wjvexl?DXZK?=*L~N`z<(!(;0jZeWqh zKd77JWznXh?WPl29VljA<&Yl~^N)KLwFmJ7RIFpWze;STQamvFYMT+Muf0Q$`D>L2()h8PBWfK!(8R=3$8hy`Vjab zwCkFBWNgFvX2HQQ6MxU~Kv2%bWO)0AuE_X1GKyJ2m1|lfqPPszrgyG&w;ZrXo1J?+ zmYtEy;d7h?HpLMdqjs9S|2b)>Q{kJ5H9Uz2Blt8Fwc6Ch4oUmNHQ3m_m&d8$w;KvR zCd!6{nn6K1=H5-J7sSjm$h1N6_Sf=p<`$o*ihd-3iM2oQs=PQ5#C|V@MUQdKb2*NI zn_`vA=FId?ciCGhv)~_cIBfjore%2e(f-_0g?RXbJ#ftA)QYukFCk)4R9*!#u1iIz zCN+pHm&)g&Jqt8+2>fk48@^12Fzd|mH%Ectw zVzkKS(V|>Wk%aHV-3;Wa3o}V}X*$eKV$Pot*vA}nUnD!{hZLs~db_w4vz#ZUI*MGy z9vy948L1K36Af|BRe3C@x-%UP(tc-GJctoGaV`_-YK>+vAe*n@d{&)oH4Os&5(iwn zJ_&y36^ny;Jt6!VgS2c${uQ1o-OdS%;_LK^3AveR>RB33%h`MQ{SS|1o0n<)`2D_J z8ZR_7Du-@_Lvni-Wezw_$5VU>==Ur=w zCxMzMw{BWDCs2y23OsPCXiV~;5H?FBnfkF_Ax}-#&m)&8n1RRw-O({s3KIe!95La? zQndYAjhUpcXajBNCAv+)yiHf^=03y#gU#KyjFMA;r2d=+nlV3J-~+5}R;p0S%aO17 zZGsMBVPs8ymT*pxm*F3Nrfkb3hB-~+=FVTjAYbaWb~zEv`fQn6j4Bgvq@ILoM74s? z0S>KkiE}Y)CY|FfCkL}K!B=~$lGh*N&0>$#Q%j?0%uJElMjARraa|CRpA0}Lt;GCK zgT<*6#!d%KpDOBDjRl8WNt9Z=?PKu}waQgTTZ9+xAUN-xz=?=yIeqgy(g*l8|BCUZ{1exF zdob52pi1~#6_U}o%cYJ7XX+0Typ)pzdROM#$${^assui=cC(iDSg^C+>N?v?h}5W> zllk-CFL_X5AiKz8^6hjNr+Z8Usn8Q)YbH*j5r%A|d_k6?*w|}G&?6To{h47;ZaB7+j`g<(wOEHdk+5g7^tt3fUi(ZIkqh^ z=cB$H6Z0*JzWu2tE{eOHwW0fgjN~Qi z6|@_w)RfRk!cpQd4EGa?y(H%qe266+RVI8w$}ZQw9D}noIuqy7ND!ywp*d~s$OMK< zr^W@U*?|XW=;IV z7}y<`DghlTaWT-CtxF_3B;gPvB^AF?H}L*Tw=j+c$aSqn*23;`Zy{So(spNc1QppO zX|f`T(x>$z!VQwZw*paF)#W)rIt7LI?LB%rVh4yKbvx$Pu1DdHM;8IY_5PFE( z2a{S}?B9ugc?4g*&C>{tNv@7U`et!H-_4EEOXN_(<@G7KF4 z5yF9%;Yn~qP%i-}I^j9b1SbeHp{!0y0B{}5DcFWuwFh?H+W%@3t@|fB$ZeE0w6UE8 za%N*6`}7!zeiz^^iF7n>m=a>%=3IiseYeuTc#Mcs%#s2a|wgyX|u_Vaz-Uyy{rNHD_OG!Ox)o zF!2QVkgZ3vW|e0%3Q567VKFDrv7Z&=BLA^0oEo*COUhigY=1GM%sKUFEHl{l+H71k zdnbf?C&iZ$k@?)|K56r}2A{ao$$9W{lj~}#{dIDwY~jyc#XL_0I3rKlC?fCH-99{H zSF1f`u_yQpiKGh~xomPa(Lq1lZB{kN!_+7=M9mfHhRm5Tv(WvZKHlq80{T(f%Z%`p z6dLc;e%HSEX$8zz$^X1;PPbLK3iGyY#dJ>9rSSbd{L5G_`}&f%NH13Np}~g z%Grg{A*L7(x|ds}tiT~>_$j&Z>`7?K-f!8}2C(?P#!TrPB&FmL$A<~IUtd((i}Q3p zT1)>2gC+HXXI~M;5g_i-#Cvz=V?LLW`JCImms{SftxPk68Q*3dvU;}^`6emA+|=Ew zTXtCFik+-1U+J&&(jy`T7*SXR)nzFzr-s)|NSL?p{=EJN@I5xl zm>9wD)pGcUXRX=hlX+~!hID9SpT0c^l(;Y!7`xlI6-fW4$@!N}e(`lEu;|#$=5K9Y zk>Tyt*7jK2gYi^frbM9h!mU5@KN$J>lcg6SV=ebumzOqnR@-Yl!qUjoly>;oLP>4G zRH76a5$xgFyIl{=nCOy8U`QkKLJPvr85mh!iUv|ehg}m|G3bvb7_;`SzE_H6UT>rQ z?AHCmg(&C*Ct>5>or~Mj`AcDg5xAw4tA;CMNpEPM&{z3YcT2Z@dLu@2w`eZQVg#GF z!Tk2!7k>6)HSbU!HFRQkQk$t~{!ISU$=$fYML_|+NspM1;i`965nHgXA#HXVe zXH|_&3OGxIg#}KyToq0~!07BeWprwd--QwXeuv=&&zRMI2eJDF=O)PJ(N0(u`?AJd zZc+GCM11fPi8f)=PW!2#@fV}mTog&WFJCbEz>ll*H8mo{3NyoO+6JfpX-Hs6cifEW z3;A&Ck{|u;|E_I`Re1ZR&ZHVS>NQOnPvkj0HH)4T$d8I7v)*1U^(6wizd#%r$yC(4 z4Nh~NNUhDT-Xj>g8$x7#WD9ew#NYn2-TZGJ6fRiph)d_zEE{eJ_lOSV8>x+~ z5J34AlT0dRH9=HL1hB*%_G?(RfG0LC{v?vb2Uz4c%3q`;U3`_NW?yG;&O8ZL|1ymH zap4@a7|n}LHU)oZsmJj@PG&eaGREjCeMi^?8;3a)dntNI3VYL{il7&$yGbmjc`8OTk=&@MtmL#OY8oA; z&H<#&WV8_r8Q58~y&js^nozA@;wJ6d^lqhIG#EfFl+L*)Qu1dMURE7{mD)u15lym8 z_q`h?PLClyQCwd^VGJh>!_xY#9xjhpaAS%_dhOT3^_uN)64kAc{F`XzBRuQAV18HA znjADCA>J-|y*L>bE8cS9DMwBxD)aK@w9JPGn;6vwX^b|UGts48XQc`a57HWbB;N4! zgwDZ~fXLVb#gn^t6f`ClH2glV9AE{>TDMtk5Blo`_hkrOQyV7=rM>dkHvO0hzp5At zBv{wc0>#OgxdwjW@r^v)bj`qE(cRAJ!)Y=JfkdY+0R!f zsG7W6dY1fKJ=x~V=ooPyB_iSS2MyQL#@vp5Ww$vW0udnbDPEqK zl&SK}z%1lBdFQa}9ND9*mD6^}TO2^_@4h;tqTyi{HYMfwMUzsJ2~VsRhog9D{4Bo@ zdvr*JrcM7|E6>uu&Ln@B|DuOeqg*RsDMK}{FqyOe0aX$^>p(n8n=+%|I&Q>3)T4k3 zk38QKEsVm_*UB90Ih^RVAO|CjwR$j|Fj|QYBkM@vy5EwfhgMxuiyKb%Fda8fIoC!R zL2^AYj!uFzV;l|*;rF!>kk(M|kyh5-OGQJcvuJz^OGjJrhp4>OI>&fTAQkIVmL=gy~n4XBM6Tb2NK&QV+ANq?~4 zF|#DtBROJOf3@bIkSK6mgGb{S(Q{ADssbG*0|m95ErtzUxqlNf(;#q$fiLGt!_g&G z)QK3Pai+oi0{#gR(-9Fl1k57@>Q%=m(l-;tS@mM@QP(ejK3>A~^`fijQl&83uA{+V z^`_noERApdK72k6Ebyshv3-|s{zOLPag$ihIb}PLj=;W4h|9?HkgY0HP_A~{Eyy4- z_v)~?JlkDe!q(bBNOjWjNJrE$erAH?=K0eYam3?5p8P&*8Yq<{P~T-YP>ofq?}e7Y z%eH(*xl%}gzk|FI`VYosi^<0;3eosjM+x|}pj{Jx5Et#2{aIFRWR}|e`NJ05sn=y? zk3t}?v|_K4@VUx8@=QnAyHiU%$L(q4f**99K4Qjq`c*ieZB^q=`w(eP3F5jO<}Yg8 zQl=T;WW&~bArgolk^Pe4*j#>6HZ9`g^Zpi^q?E>6WP-N{Z}YcW0~TAKl&AiA$K)(L z8iT*EVEyNU4}&ihEIwrmBR9&Dy-L&QC4zm1CU9@nMuI}h*o<_-B9;CE0tGFIefRUG zrbln8zz^S!yWl-s~4M#yDST zp_U~v4Q%5h3D*3vo;^Z72H%GKgVAcQ@ztNUG|-|NbL9#6i}iP2WK*(IExr7|mX>-0 zCR+=QCRU9Z4fJ>5vgz;ind8QhIPD`Od~YwuXE!_%!gQgWw*!VVpN}yUxzqn(T=DLE z;2@SW)`1;SzD7Tw9EVMP>%&5IqE}$om92BL+@*Z4$&S;D2Y|BOFF`AVd(W4QvX(z& zoUFbAe<#&fZ!!P3KG6fYM1?LaDxdeyG;mKPMH_CGFk z|Kke!QR9eG&LXz70*^62J71%pY7ZkFX@#mdHZ%hV1!WnDFjcJ5U$pUxEQTcGLUC~qala6x$Hmzg(^hN4RwcRb zuNso_&R!{0^Km;X>}YUxPsNZ!-b1J)wumrN(nzYDkVhVkCPoP~AODzb9UWNw+d$Ko z6$0n^s0)UcDk4cwRa~3-of9p=chehA=c*rn6=%(+&qcgd8BqQ@r|46(a%}57KxYa1 zXVs7D9}LE-mY@#^yTnMKc)3zBbQ8t-w(CoG5#4~WR%4dp{koPNTgsr|&`*jXd0j?@ zO-ZzM=31m>s8bl^y?k-v3%ZYhdEfH2uk8iz>2lKsUk4ZsnYK`_VW zY>{_SCyu-ieWUkQg$3Le+GL;z4iuyS7o>-l3qQrkTp=yJzOKJZXT3`$^`HyG3zp)e z=ud@qy8mFh$A}j5bmFT1!B|lZH@+yZZtkAzFA49atz79rIykh<7UN&KT}x_i!AE8H zWn+Ioa4pHX|AUdB7#h_!Ch~`bV3?HiWk&@C<=-V_FQ>qR%j|aCIEI`bsE z$M7(})5w2Ec|3Aj}#fa zkZ`}+`;u_z;Lx%b_N2zOP8A4g*kG3aufNmx`JL+U)>Ob^XPqE&}8|x%g2e8#3t(O zGOnvWd3{ah|ymC9U@iSMoDUF)@1W+9=$S$44VQ%Hr&QFid=B)BTv0IDScQ9rrE_ z7Bom%)Em3;A51VxsHjRFq%-qY8# zooB#@%CSU!XBQ687>)$XB%w_#;3w`nZxN^9&SS|>68mKQG6?L7*l4O#Bt`o~kjd=t z^HC>$mU2%A)1E<7hd-ItEMpao-fyPS@j9$u65W}RQ9cfM|AUc&O5rMaqO+V<%j4J7 z@~=GG)^;CtsgCZ_W*=x1z{HTkF=NJHqkc(ddeaT4C0@=Vj&#xuDv%V-V}BWD-)X(c zlw5za#s%&i%TfOL1aB=fd)(T3UJ7_Te!^wUiA@z2! zc~#|MgLeCxy$RLDFTR>GN=xQPvU%PIS;u7m7>HiutNhj6iR>Z2Q0vtt7Vy;(N8#s^ z4ITyF+y{9)?ge6(qBZFh^rot&w8F;vRh=dA1xjIKR&G}n80$jsjl|CGk%MKbsUb7m zkg0=Hu^*r1RFO4IV>`~00A?Rb4$7UlZm5umi5FOSGN=M9hOI`7svk=k^*p&1Xr{(4 z%CX*$43h$8&m}McHeIf*ZF`nNaZXPJON-8}ZRQ@WNlB|h3mXxG1PY`1P{fySRMP2N zq9WfB{$AP!&E>0@_`Ni%XYp8@)o3rZGt#AQUXx(5+oM$8PBdU5p;xZk4!NMQkYvgz zlP1;(kk{@yu~bb-B4U0(p~Hu1pr~_hnqg*d*QqcVtPQX7O%_m8xmR6}EQ+gu6-e6! zX1yo<0i;uutyHw|wWAKh9Ngd-==4BilZT#tnmiuVnf?!Br8gcyE?=`;_ySr=Sp5X581h?Ss0UCFA2<{FcKmvK3bMF0}bMLG7?yaw0y{b?CTf1xT z-d(Gg%sJK=V~Qj;?N)$OA8#2ojZSEy0KtdvJ_%N`X9Su>v>`<7hK7?lT$Ya4z`^IJ zG!b3VcO=2M11neK>Dm@gx8;$ds3=&S)iJXjHE6NK8be*_cE2VB?wOybplA(p$ghud`Oft++}Xw!moEN^dB zXB39boaCXLnwLWqxU673u`mkFBKxI4gh}m&OV~iL528bA>vK9yt9iPgdz0?zs||#) zQjQa*AeBcdF6~@3E=uCLu)iwlt@xfu)|>8K;Ukyv$Z1e2A^-)M&f6@&d#le`(wDO4 zt}we93oEa{JJKS^74~ROLW_}opO!~8ASe!CZct1lS9zEn4ogtpW{NohHT8s$TJ6a9 zJ;1CIfh_||axKDN*ZAkToDdu}n}^BV_2+?kPWF4C{L!*xtiL>F&?&eHv@<|kX3Uvp zX4K3;pP_ge7duW^pM9v!ITk3U>-h3a`K#2wD_V^8-?la}JVBA)NWTKeSGI!I{!aWOpV)Zpoo zG+xZoC3{9Uso_(XZPVqJ_tibT*NcZ>Ki?x39~(h=*Si`PtC!BT_alvv^I8kDR*gN+ zBoWQ=V*f_n=_ft%Wk)TNZ_VmE++K2;X7G2J@0lei?w!i=62CC+?F~H<$a#;Pq75_g z6(0D02Mw76!H#%4_6~M>D2KjRolnnGB5MA5kMvWi8N;%_ZQ>YpUh0{LBhKUIx2p;H zHsg>j0?WKJFUU@7h*R{J0~ybWuj+J z_pjme`R;8#{^BPy0vp2b3+|6e9m&4TJiDQ_qAMML5JPrfDXa$QSF2r@QnpFZD?$A0}q`~kh$u@(% ziBLj0b@xTg#fpe7vWLjXnT(%`%dza(Hhj!rA{kc@1!FRXeQ1I>v9r&GgHbzPTe=)1 z$36~HNW<3_poPMg);bh_YEY9mfss;G=imAT$O~C?hc{c%4U(w1s*xA|0+VD?jE}e?Bx~KPbZ{}u2zPj}~ zQxQ>-I^Qrz*TPtnss8m94^z~XQpN5rGxSSXcGb#HBM&O^T>W`0bH3b~b1TDi{_lOc zhC#HO(O_XT86@8Tk!E~LmSHFHn!dfgi>2|3Vnq2lXJ=QGQcR9zzHsbRM~MVeL>6lW zh0q_;l0Vxocx3P_ac-t{T2eK2nj$?aIhaS2R}+55Ydh$*B{?>%a>(Dby{yGmM2RA^ zXh8>nUH)1og1Edt-NQTrjK0H{voOKIC;XgEn0e!E>g-3RmUY7P%L-UE#RPuQHH`dL z#9H#vk+4&3IV+YoI6l3?zWDy${UO=JYuj8?stJ80)jC^K^mWwAzy78 zoZ(`wf-s&lMV76*l+x0Vmt~Hd9uWdi5!{IZ%XKsaw$hH-oX{=7n)!MQew4YV~E=%!#KY*`qdm9;$UFU<}%9Zf@z29 z`}k4Q9zzUm=AfH&J4WQ>4eZB8fZ<&}#_RE9(}DB*vJu*tP9g|0pkjH5p^f6>oWmhu z(WLb^1KLmb3(-ii}vSnJs~!O@O2ej46gO7x6xUInX?6|V%% z^Ejx8?Bmb`Yr`=-B1Um;;X11rHG|@=pr%`mtw|O?Sq=$)D(S>vVypCB1OD&~INiC^ zH9|VI?Wp8D7QUvWh5&alhG$E@DD@c#o(K|KX7eqXrwEzPWRGzdHNwvJV;Ejq(z zZC_Gsy5)-LoZ0^w7Jk6oy{Mno#v~jtyUud2Td7^J_%p`B{<*A?b2jYYG9nX#l zsq7WpyIS`Sur<5~Kh2xU581OFI@%QSsv~*!%;!qYil}3}HKd{W!h9Wj$|qSRwY^iT z68lOyD>g@uGU*yg-CKxO8rK|Ji%Ocy0iuc7&084?+(;4Z>DnlnydOwho)SlJsU;vi zw6RVo9SrJX>E7YiZPp+PAjk4MG_<1Gv5pr*}V_u@b0{{X!4f(-v{;|^l>`1FYV6Y##i z8y>+?WI`tEEUcwK;)WAsl<;6=j_tnL5KB4!HKB;T%X*)ad!p1pu9j|rSD?mHzrl}< zof#Ql6q{1&eV8YX(1)?ra3cerun&o}gs%u+cIo`+S}NkQ~81q{-UjBs6KOF-*uz zp(`>d?I0Cz4JQ%r+iEPMl2K{1^qnrP-@As@J9G6LP`N(GMe}U(TRarzN$_DeGD3+6 zvtc@SaFM{@>Iyi_9Ld026IJ*x*DXC|evMvq|XSS>bWGjR2bEdgibpxRV2 z%c4nw)r5PdHd~Vgnh6^?XE^~4)Ar&t zB~uPU&K_R&M6I~?^-l>aE3mBgOz4_)9>X9)!=?O^0tdPtk-9Wli97xGtb&wWKY}^r z=y+0eSn&lJ#VFu_w^H84JZX41S;#O%@&w&=A^`qf5TV&@_s!S>##A|YfU%`xX+DPl z^f)N{Xl7_eIHew>qk5(&>D_OuDsPxg14Z@?6dlN&;!cGxz=$zXUQ8R|cyNn1D1IFp zp~2Palb^c~xm)H-BoXPrB9yP~=#n9uVaN#?1vU1m4#T{^Tj znMho!S*BS;8sJ@|@eNWI_o{j25c3rHV&9LC2jVP0k7H%r@EjY-TPY8vO}A$-3?FgIbJ zEYgRXVbhKrvCak=F#L-Ih;l$bHU>2n*(71GW9GuI3e!(|LfVLiXJ}S->I92CYJ1XU zCFGb^#M4c|K4CYLP}mYR;8248iGD0k26!*=;|@CyNkY!Juqg0rLT|5SLwhGafK#XV z%I4cT16Y%~pyP*S`@9@;OKvr7(=xS1f1H~jvVsPxH^JyaiTS*V;VLY@vjn0%c$lQt z7NzyS7cc*3ROvt1(Tnvmqz}*RJ?o2r$;ivz(A-9t%;Az5kkxysKLAz4Oy?KR;68tJ zB4p7rbr#=soFBxGUN-~fKU>k!gZpw3(7~!dxz#Q?$-!cGTTF&;N#B6k#WCq_$)#!Q zhLp%w;Q#sXKXyp)!x*yGAHbPy^*8m*_}2XAE9$id>mH}&$zCy;j;xw% z`Qk*RrnP52IDA%fGKJRn2&!c{7r*I7U^w$uaFOtCFQSY(+c5gt*ridIcur1E>^M+8 z=n4C|?k0H6d^sie&;VUSJ%lRXygQ)HBRbrDbIjj>tU!m~Vu#bKrQ$U)B>hhPYhVkTs(f#v6uzab4ekO)x+6)1OYzTe1xp}99QnO564mbj#AFaHPoLg z$M4LGe}>V8+SHeCd*cTZ!A*Rvup4Nurd=DGSRq3SEBb~zmx--=a*jY3C+l}Q6M&Xq z>IPtA5rZW-Aegq~Af8p{WRpE%FN)XYekWxmwSJ%xSEI61nU!(m--#JVzaNfE)6tks zeq8%wNT47eUqw%wH#a=Rx5|QMVfzks;IAAsZq}lFap2W!(0W?)X_f5#WmO(9N68pF z5eIHSeHd9~R&_#~nl4$9rV0-mThx@%*PLD}%>$q0dVr72=o8=-fd8|v66NFHqEoTU zil>a}6#_fGRP2qQ9xH}Rr=&IHkVv|yMVfFZChwA@xla2?Zm8=>`UjAnSwm0Mk}KAj6{TAw>Poj6LS2@@EG<;N<gauz8W(g&bGQ1 z_2LUJ?RH@o6jn+fGrz1?@Cj`qo(!QE?xO=!#6cpTWMi%;*l0C{Qf^ILaqUjH9NLf) zFArLOuxe+PQl;axPpqH3X+`gRQrIU zHTFZiz!($BU-Kcgh1Gn2~1C)9Ndh$T*}KSCQjrxlf@FF%a5Gr@TW5tPdzYGwhZK$VRyh`z{}Qa{5SwcPs5Fmga@gyRTSrH^ z4??Il9@0J}%sSc>Ihd_kdxBQd9k0up%;ywGHvc3?^pn!AkXZPJ(dE)t%;8~9KH|on zC(#`D=<~FYUM+S>_Ryj<#XCQ7yNm=i)(9LziKm8zmgNPBZiiXIK-#m?dcVsGhGEqW ztdnKDkL%0|OgV+BYnnk1p1hdUPdXybd1R=RuA}+x14|4B=(Ns?+NQ-fI809opG|vak?mMTlD) z9=pv^!yS&CB^vjGKl#ACK z8L_LxA<@+SkMVJ#$g5>Yce{dlZC`dfgn057Tn7EK%Y$?fgseU+_qz!Ca zOm80-N%rKR6}G+_P(BewT*WKc^UtU7=RJ@im`ZY{-K9pTA&?D_wkCxtK^;I8^&Z_am@y#ksZvi;E&nvPUYoQw7d} zJsS66o*_#_z2Ep8r6=bw(*=>BQ^KdX&nIItWlFi@Z+sG=f&ic!5lI2$U9>e7hcpvShnxoWPL?oss$jJdrzHEP2Kz}2BXr=B%d^>( z!1cIvx`R+1s@trfG>3m+t+Krys&&TKq9cGpFnSUorcSr(N(X7ld zmfB+ZEVK94l9$2nUNO~r&6G-I&59ziR+(?uS8GAi?-wh}^d301&2nK=#i9iy8wng0 zi_c!?w#UZ=nofxFN3_h$cN$wR?3aS3*)h)#8;EVkGg2l5*M@w%atB*cHkgHxfu;XE zxoIdCe_5H(7e4lIiu!&&oq~P_`}_y+@g5^v;rluWwZqRL71D|pk4ECl`*IP#tgOhG z=KRhiktgZa*P-9|+atTP3IZ=9?2SDj2$?cP2v?a?dEmo}C24(qoxqzuu9e=oG&Wk9`FV{Q*oHzzi4^Jc_?H@y+~?Y65pbGjFwD{G;o?-7SmW;9Gyj zxcN4?^8M*7-z&Q5J)+n5-E;8oA2UM#V=qI<%qWPX<)}-lTcI_Doc)4F5=>-Xg5X2)ZoN9G(K{w8>eJO4W2Fju#}rQyKaJFMq{~A zM31Y8-nB6qb}0jUu2+^vJ0BD4*V{Mbm7ifXr#cX%F=3L&Gf^D^p$tP}dP_A1bN9Pu z9YE_wyd;_pU%J*U*FQYi?~9<-GA_rFc$n|cwfk{mU7qWcO3qb7ijqPDTeMnuyU)o! zspNFE>gd@ZcDq5fK8GS$&^#Sza?H#)bLH2H!wQ*-T)^3>e+TU)cz>k zpLXh2!rQz?YUlxmrA6yBs3E4MHNO5ts8qj44?6(edz7IcrAQD%rq#7ys4bjbX{Vq` zmRelRY;PDzXdu5-VKerPY-}_h+A(2_74`{S%ghDKOc=SRY0IPjloetjF6&gTDeAL-rtxViF7<|*L6=I4FG`ttO2 z>|O2cdZoDh2TLYqp6kneV(GQf+JI~ZCK?p|2AL>i zojf*5)179<7Sw}-TH+*?=oaU=))4E<##! z*$l9ug6ZaTgw3Hv=E>0!_A@K6xQ$rL81mI|LSSFr;IBuC<^IUI;GZ`!{`ZA}|DRk1 zE6q`zj zey?BKq;w=sX>6|hO_OkIQA^vtR>Kv<6d`w91|^bKE;`~lLQRVbl_nM$Pi#a|y*&=R z@N;QyXudFhd|NUpKLup3XWij{9aW?$8D_|@Uv*W*H1%;Ucn-=_O=jy$SCQ9}g5n_8*O2iJ znbd;gJR`G)0vBuP$(oU~DL*={uxAs&L?vYvXCsbnyb`$Zga2cYUsR z8u6%h$cB^M;h041s%&WRVs2>P;7j5X-;qhG=VbJ@uq3q`PkA-RA=BJ3wb((yj$lkw z!a)aNuh95 zZ?GaWNAfM@w=q@v%^B<~ZcE}ZIrLAkOZs@^cf^7@)K}FgciCNOV_?#ZzxCWD_UvqYVFbO@zN@PPcAMpY|$>Ra{j`aqvf z>H`vZ`WbmyhRWW9g|DaxRA?hGi(v(9+`OQM-GkjP1mk~1GwAjcFG0uRs7N!#0m%UC zSp!@?cI8t%AuVN7u$OgrFEJu6kU*9rWskl#66qV42}`LIa?j|%TJ+ljJxw`+1Dn$L z6A-J5(`0n%pz6h7x1h9zU{DG<4(Kapnu;@N2Lj$x-&*^9<2dLDC84aLjOmvO=1j(? z4J3tQ*Rp5qoE)bobyRE5))cC7Di}vuLRO;2$8d(x)PorflwD@OwOEvSp!8~Yhe;P* z@{?INqa0H)mNKjwC?jCSdLG(~T3;>bF&w+}MrN|E$W|UiY_zVxygd!O@InoPYUBTw zwm~eS)Mz-^WuV$&x8`+le|yk!CFcO*LTXmaUxv)iJ!`u2j8w8~YK)E@EN+&HgS=+< zA|CO2nO)_v16!f)UQIN73c)ZejPeD5 zerA*YeWsbXNJ1tKit4#GMr6Jqd<3Ok4kWzgXIOj;}mC6)UP#AL7j-RBG~_B8;F{cK8X~PUq;n zfXbv^uqL6oJ~3F6b$vHBGd5%4sXY z9J=>*ye1Il1%6NI@P|X>%?Y~PD8)R=*iRpqc(E$&x?>CwOm@}X@2;rI=Xc4R%iG>% zPd=6k92fDz+G}f&T-evQ+rzL%n0{qV)U1_sI;_nHoilg9KOfL|*GS}x z_?1A;1?#-f7xB)_O_4mtHnOc@!I z+`wjsW^)VL(r(b%qVP%quZ&>finzm6k|U%o$Dx_t?ow2DvP=KOY#;>-26pfk!Y0WQ z0e~iCEhTawwLUk#ilRoqUYz*uHJJ>1>~?m&i+PY#Bb&MFe!MNqB7?X~=% z`q=430Hxudr}yM5Mz?T$e*go&-_&c+OXXZJRJ@2n?R2+NmS54T3`n)XwQRQ->k}RPI9p%QL$@L$n@%=Hm$@uNW$b7?M<;1|dISJ++QB_%6HdqnLYPoJ zPjeK=#}z<&mm@~%C54^WquKdKmur{fX+)oPhZASAX>(XEIuoTgEViSE^gx4Oh==th z3EOy=b9(n-B85yXka3V#0a#RS3iJ*e+1;wZ^g?FR49~`vUnVAeYi>T581*FaH9)@N zTUSR`rC`jkn2qp!II36-L?Je<4Mw}rovL}qRq;A!WvYn1YlOm~6^4TRfsmBSvvXEoT8Ae0`Oecm^@vt@^_wRhR}X?&@|nQHv3 z3>ARf3ZsoFvLre{599ewkmMQntkn?OLgN-y-A(B6lY z@`eLK0F$@6g)Qa|8@)^#>NtlXp>ZC_JA6n0tTs(%G=hve6SGiw zAD6V0FW6elFJ#I4Wzfm>&*#eoEAtg|P1b5>jv7G>#>JV2ddg%^1S+~(m%j*jjP>>z zgQ+a(ye-nSx*?-e zxWZD?LBep8+$TZg>2ul?nUk1t`>xR}{0Y+}G*J5bP$Bp>b$j%18DeD_;yT7F$q8wl zcQDa98Ksx!3bplIiMZ29m&*Vb+mL{qU*N)4lZ_22JgGiKZaPWRkEq5CEvl{LWm3NVzjy6vk60UCY`N;159g zwY>;e@{b>hh5^Lq4*QTsf(^CH9`u9=XhRL7L(0G@sN1J*#h=w-1MA0@ zx@&FGZ2w(Fh>Se%c{Pi^$@#Lci{$f<)rKfE;7LsET>36fCtDiY_AP4B+Bk72ffml< zanR8)U&~Yu6(^^Z_F}*T`kEzF;@30Re#WDp8^#0?Q#hwF%RHKorUME%LS)mJ)a%3o zwCjzb>O}ED0PSrI3TQmMVIX^R{V=iaQY$ht>f4z`?aR?fgWdP^?B-qqZ|Op=$Y^H^r44K8eH@!sB(qsn-}0%?ZJM}eC9-v2~i)WE(mV zhzA=8i%xuGUqAGCWCxoQb3Xro^Np+f$%|J}@W*Ds_!mc#&bfsJSGy3rjbs6)Dv6@n za$8%(A=xVWtHL7tt_;LdJV~TmfcHUGk9Ouj?m5xCv%CuTHprzOhaj`;MqlRU0JM<2 z%5IryANUd)VGy5Iu^DY8=b}noqDmAPq>;*I!@xDauUAsSyum(R0<5Xwh)fg%@KCm? zOto9rjI_;}S=02xQi5)eGM8H5IU`AHv?G}eTzFeKrHXL)-_A98>_6E-JHSsI@38#= z_!2@XfO&Kl15-GZ`!^NE?2maMXPhWzypx3)=|$}D72Z)pYR)TVaxGMMarOM+aiqjl zn=3k)VI3~$OAl=|6f0&t^W>B~2@8n$?QV%UIJY9k9|j@bYsf3U9ByhKSCdp+LuoA2 zO3so^UNxkvuAryQ3B0pXPC>raKuTZZcO?h|hG~2U^UZG-KiA3@C2xab{l7%E|2|f^ zE;wAv19m1O)<4-}8}NRVcRwMP?RiiB%(4Ka#96_X0Te`r7rJNS%GHwQiC!w>IqXeD41S>A;5rtr( zYPyNSfENyvu6?eVL|Hs0WC}&9_6k@&Qvx7RoQ=VDIbBJB7rG2o4dZUF=WD`i<--#j zDJ&yZWS|>X)NI3V5sE!^b%=DrKD6>tIc!(vDIr2R>m!@x1ffDhRG4-cz*2t0uZpmy zWNKMmGCn_D$dmN^_adD=@v}>eE>R~wBrt0=?bngET$spED-Gh!?ujKWm&Q)qiW07A zFw?%ZF9RN?5NCemk}0udl)3t-2bakhLpiHQgW5}F#5vVkQfBncMnHgpeE@x(v^NJS z>6=h(ac$D;(9e_5OURg}~9R=v*u_!F_R?nnQNr0@Nse*k{C z`JKmq-AMebEk4yUFNfm+9- zjf*j!3;hIb1|>Ev#DPc~JN^ftVb*3Tusn1}xa~+8VIfm#6`cjrp>Gnndsrh?gHxpjqveqnmif!=3GRR-VW4eO?fuBUCCI8!@=xA*@I&bjKWGzCB8Niy;?gL>&1=M&NQ1dZ8?an#itwrQGsf1x+YQ zrruWGf$}3eab`3H4)Y0P_D(15AlTCWO_)*+^JWnGkw?3IP(L+x-%0G2jpYuhfDR!l z(V|&)BiY>kAax`(6Q)XNLEo_?xl%>_^PzW_ZftUK8s2m<8aqC7P>r<(N%W@rgOvbX zOl*MYE`eE>)wq%D&WRYFQQQu6x#D4A(%3jEm*+xWH<9Ex2)b;fidp>nYwT$)D&%xn zZBYSlWZVRf#!rrjfW&2hQUXFTDy7asC=FgsQ?lZ5mi}aql3973u4P}<<1rp@ zko7pElF2e@i-O1cLVcMg?yxOvAwDuR0C8@vhfm*xB{NyuWDct@pu@YA*Znl-fXLC0 zNI@vC|1xal{MBi``%~Snb6w)WWUA-*jYZ04y;}XymQ*s)Ky2BUKCz}AE3Og}=aGub zCQxoL8~1kw?rDulfmD+)jzY8CYXget?#HLZ5~Mr@=MvrlWx}4IY6b;Xet2=dbx~6N znGiJ>wRUJzLVOA_2qkAXgnai>Wux09)w*6$V0r7{9Wsf8R*Wt}iFf-nK?^BrPnb1$ zgG$;wr5*pPY-Bj}z_z37349KZ^3X8I<*?eMoJZ`RkqgTC`zK;wf4Gl-0K+Hh1PZu5 zw0pBL%3w!||-(QJM{`KtN8<<7oSNY_<(65i&Vm5yd zhv4IfvRj%%o8jkLY>ieUaPzL$f)mX}py@j8nlg)6BXVEwaEodY3&vwhleQpI^8-QZ zrzV)wLRt}2czz`HY>89!5sE{>gzl7%pCYM!2kbZV664xi&T^Js?LrSKXj5x#KR_5& zQkz(s<~aomQiN{MrmoZA;esp}DH5qR7x?7VYQ`>M85&tm`|*ZB z0*2=oIR_FO7WTi^Xu`sMw>ZBGXDLUJ1L?nt6^>a#rqW>~1w>S^#u%+pXYUl8@E{~8 z*)TA>aLL`BCY(0eQlAa&uU<#xImil!$}h*I7@nyD8Q8Ya$WG7{1-7;bAFvlN%@7mr zX3JajVRJB+sJ<5PxGJd&M+F2UI?bp)ML2NP<^KVECtx9V`mQVl!7YTCb4@EyVNxG< z1$PdRCw8)LoA2;iWJdXl3MAj^t2nWV^5b`891JzjE9aH5y_3 z#GLw4rM6#GtGrL{LD%_>drZaD_B_Cc^nJ`t{rvo-oRil6s5-p&Am)~qN13r`-)`$< z0|*S|2~{~x7?YSHGA>8SQ$d(X5NKnHfdN)%ntml3`9Qx(L@2D1(ICpbVfCp)OyfFO zp(#d20-nNrJ7%`#0g~RrIFO&~v`|C$mD9!F1`*<=a^&7qK@BmTl4IC~wNCGfE0F_< zvL-`BL*cXm#o-6$eMNZ@iLV7cSaT-MF*N17HViL8b(YaFs`+sW?fn^VBDXY#|h3Jb;&L`xfp2{R=fO^De^E_?U6l`i40wLSW_|Kg? zs3uJ@8w{S`v>e?@sE}>jh#1JR`Ejvc6yT|Bhne%t&M!jtUvE|sT9U~k_|^M65o*i( zK18{ea;UxJy)IkI@&9_P{rghM{%;@*+lo z=rq4l#Do}?&Nc_kXL};^U~8~a9HFbWJp6mDy6&7&$Wt6OU*!khv_tq^pN-J2He-zh z<}4iiN>1C0P&vn?@_sE#?I{;8Fkh6UJXbL#Gs-%XHsipesCgFFCG9$u{R73OSKr+P zn4*ndYJM~3yFDgFm6Hp=_y=qoA;BP9pS?UHapx=_n)G6~$a1xBdMRzivs~n!n`QQp zo*}M;>*bg>Tx45xCi15wL)!fK&MyR0feLCO=^&O_f@r6y5#N{oLW7=utJZ-Wwpa8dN-co8DuBp%E zEx+SnC^RBr>%M{zUpKeSnEGj}%X6^U?WGr@>3dn6l=)Y;mWX|+kHc^108hRiJ>`6w z*-EpNcYT~oplMTZ8#sehu;IspoRv7<;Drgb zu?RZqoRI>1M~W77k{SY!6N~;WBD5dS!9Y2eUkkS`#vJw9PZQ9yHiG~=MZLzz<1Fu)i|OWA(KS7SrAir^`ai7}u?GRs`Wqa*>`#DLpXjUJKs0kDmW@0cWk$wvWHd2hm z=s;1FdAeMyX)U+a4aR)ysvV<~+P3zP-@JsfA$r@2CK67b4PJ(OZFxL8|Gh8t%8|EzS_atD5sasgxxEJjX|kj~9(~D2^K1>LtUZ7C?1ty4 zlJFZmP~A=ZOmTF9E){$<8qqT}yx{T>3iE$j|I!Bt7e$yoCU*X!BrgSG`m(XZKzqK_ zu?>!)R{-bE_Q?BRLtClvQuRcpI3sA3h8rM!@|D|G6leP5H)9pEA5DbbWXY$R$<>f> zK;zJFmi{-EexB_Xc||k)N4VIVVaVO*H`wj(A<;hot~Y+oe-^_9{Z!6yaZ{PT)o|VD z2rBKe$(b&jl@)vbV30MhesI08c0%hwLDDcm#e^08#aMN;GNXSb%Bhi?i}^LbhUA0# z!f_I+C7XVY_0JS1AHK^wJttE-hy~&8gH6m0?7TAyXDoE|TI>5Uj>j-k>b;;=Nd=lL z>kK-J#Daca(|jO7P;3utHN}C&_{noNoAtTJqUmkLQoA2wtCFR`0ip*YCE{5UIfKwvdZ|y)bXV}WTaUQqJ1iO&9btyi!Up%`|0=zdSE(06o73Rs4 zeERJ~2B5+u!ml&|#2{h8ORiBKdplnZIXhc>&k7D#RRS+cMTaN0y9Ups6jSX=7td18 zeJQzBQVvANmds?V4>lIu@X=@7xG}(^RZ#{E?-)E1mQHNJR;OYDO(Q4KdSniqSYht9 ztot7^r7d**0!4^TlFk{NT{;|m1_*_uv9d|ojG}FEt=SH9FfA%dNX`o}SqfbGqCxk= zS#GrrE|yKCs^Dg=!q{%6JvDIM%GyOEst$@KCR}VT*12Ujo8mOgySki>s8fd)Hc1Vh z?+SK!vd&eQ1Nl+KAjU4}!zk~>9wkS0s2ZhD0S8BH4CiWd)~1!c9d!>pXSv+6mRynh zvZ)NRDqCD5XDkdQQL)5CAGA1wal=jJhEaa-5x_s`25m0C9B=W9Yr3T=x@0U8Px_56 z6s5g>Ysq$I?#d+V4Gf1G*MnpIR&oI6{i5M$OKqvH`o?rQ6_HPd!;y!U(9i%hV#)*d z*Xnq+ZCX=pVXB9#DmvlyJX&bkGifL}ENJ;;-3wmhKNaCkFXK>n$jE=9j&Yf6#Udz>5wG8ZO@pk;S9`XubAgJ$XaVY$!5L_VNfUz^Gk(JN{Cu*Z1P% zXXVV|4p>1JskexN&fPC0(5+!V$Nm7gntziKA-k_ifd2qYS^XD#$)ztpqJP1X{XD0& z(Em^ZGmvD|l=_3MyF&DaCjEl;lRT@fvXCt8FIgisl(iJ}|1EDM*ECOTEyVo%zL-E{ zA^$vJnl?;xn?T>e*QhVRFtipd9;oM|jvu8;>9R={;bjIX>VJTs7=?C_C1}4mz?M(3 zgrS(Tf)PlhTZ6-iuW2l|&@y)JwEI>e3N49@j*B7lML#X7?xoP55O*lFy085j-$4*uIg zH47)bNJ}?Ri^81y%%uB;DyMg6Owm4fWXNIrbgd(o3Yy*jXc$z3+kp zU7)#DjK!(MWT3BAiJUV=T#e~+LP1Vx{GJq(z+$i2o2G1g zTW(&A7K*1dA-bE$XpR<^u=NpnX=EA4BNVhOh@nR!2S4{9-#Fs$+XBo^zCwKpIa7eE z>_$7)leWPb&35V$?1K?onvPV{CMo5Y$nh5Cbi@I9ZN8>NVy5zekMZ}s`OXU-Ia=i^ zdYX3?oO*u3CT&jCzLO218g}N zKdc0HGisC**RJSP_nPa9xx5VRG*KB#sA}m8s9A+H^{V?Ty^YiIR0ks-lu!Ewh~C)q zlYwi=nuAOOi3M7Oh;lm1-%*W?BUJduvYdf#rBQY&VM~dm$K?t?sA(`Fy7l846y}2O zvHBUE0!App_qH^d%V)K;hQJpht7vm`Ka=dDwTm>wpEoR0@tWo8$y7e>s|5tu=}0FZ zBwa)q(d(6=w=XVj4vefr&Ew542+S9TG<_LAC6`!a@m$24AJVojwGHG!%zELXX60tf zp-#7VS<*149FZM6%A_wEq!&93j?`e6X@8h4rlmPB3zb%!Xj?|^Q?@-G7sDNe6UoEY z9FTXRLFbdn1|3@Ntjy9-FSi1b znW7b#6_}>a3SpAg2dgw4j8C3)HqYlh%G%UeyknL@zX(q{;0@^+HBVs9SP}(OK__B-|89HWK_frlXxUrJ7pz#oF*IK8g(0vk3&z$Cz% zZv`i)wrJm?5ni&i&QX7v1|JQEvRWqpg2`LS_o^#7pYu0%UB^Mk!|BdaI!E(04czTd zZ;i}8KLRR_~UH;1v5i0Mn9Tx5_Lju z_ZG4_@Qb#wF@~CZhI+q;e$x!fqh=WV)=Y*V_28@^JmwtnO*apZD1Js zJw|HDr`>|t_+c*r@w?FW`sa5ZZwx};>?y7L@4BBy_?NCm|v#QH<7<>0e+evtlSO`yWG7S2gUXJjkMMRregH$e|e^k z5nse&-Tf{X2UhUoaC~Wc@}co3mSSz{dkQc?=D#bv4xi%oC$t(|_x95ViyC_7(|}J1 z4=zM!Xzg$ti$Gtx2u2{zTk7~FfPty}$-;Ts>ykdSKMlp?2dtX-g7*<$SkjARfb

    ?w~*W+?eW9wtQDU8HDBT%LkR!XSMSf9V%u+c{oiSjB=g-6aJvzxj_t@&3scO< zMF7n|UyF0DDJP-<^<-&OC#$w=jCjsrY`1U12d%D_(l$A~w~%X-wIv2u^6OGmbOz`w z6c8RxjxCAQX^a8pI}RzVf4axMHByaKk1AQonDM?}(i$0y(7@#{ys#!Cb{%$E+YQ2r zhN+6-=;+WR3mHH|N!TErL_Vr@m1+^B#sI1e>@otB6exaqqzS%HR@qTOFEg8tl zI|kq{tcl#$PaBTN<0+#&U~|`t>h)X?*<1%f4LpkWisv##GX5q!wJ?EC%aZZ^fk7?F zx72PDuiD;+s~T}+2_thuQEsL?!8~M=RWeh>rO7UVKDsU=DGh-M$QBY7XbM5wj3du} zb3Bl4cC<66Qd&_gI5FpenAVWUlFE6*mUpK$Lfo;$v@(JAKqaHexS48eJX~W_i(J>~ zDEh?q(;a(5U3!d~0uLTj2hmk%z!KM!7P6^|Y4q`}aF6Xs+z{B4GzX}txN(fGV$jmf zqUrS$XuWHLVx8O{jcCc9JWa#+-nKe2z=Ye1O|HctR^fc*UrR@EB8AE>7@g}47&O`x zBl85$8)+!L>u~?<4;2AFZ|vDUfaA1#XxB~H*yIZiF*I-M^7XQD=|bL@T+(6(*)Mj= zy|J5b$O|zm#~d>zd^9ChZDnb^nj)X7BE3SsDcU;O zDN(V!qC5{8oMH}@N0(JDhsw62BNC$Nx1@!z3kFkiaT4imo%aqBCv zQ?=7+e=I^qJkviyM5+F%9uOP*BV4j+?4n!v%Lik(5V*mQI<61CcHnzXhOulg%L$jJo>D;lC%ZuEN@3U?`)LWjL&aw^8}yj zG~n}B4gZoAa(0M0{#qDG$1S`S2GivT$IX%r1<2|rkb*IcIV=^OZ#%kG7fBN2Zx`?q zOP{C=7Fm}u^NYO6G)BLF_*oV~&>tOx%5E2eOD4q}dRiSe8=Cs1BRv2U3~n?w)&m{H z6vVy7BIBvNQJ~p%pn%Nd%N@JahUC=k(1#Q%hpHmjrfx^?D}M`6YdGuZRb%l^*X8&tg`xo%vr#9 z9x{&Y_^FB8^qO(>*!cQw=mi(dr1%&_S>aQ`cwV+ zykV)er~C-=(D!z^gb?DKs6RlS)1NB1FtK5MYAAiDo)kU(be}5Nw##3-11iSOOaNPd zHemlL;{0cx`cJp_J`aD9K7crAU_TJZUzD@@*szNYaJkOpDcO0t^%Zp z%S0|4KM4HO!0X1IoZi)uz7a2soh$SGi@TtNW^_ube5l+Y<&0Z%3@lc#D%FN{PERV# zc~fWGCTOF9gGn6dO6iMdXUFQ$G*~9#1|)abEDgOHJ@@S(H4=Qsb&mYnZgJ2e$~7Dl zt_Zvl^nA22I15|a!-flTiEMnAeucsD$#ty3yg-5n7MLt^#CPnT`#WWsIE_Q?=yiKG zZN?TX7uMY1_!Y|*ok|G&neb+#?tDE`(2i{pX*v~JL`X!MLJ64^Iuwa1YEv4pSQ4lZATFwQUHteL|KPw>`~{ixT@9eVh$Ri5BX#utXcyjLmh?HtJ@j~y zi8YiYf`B*yuo*lqcfvErs=$K-@1|rLTZGx2b`1|qb-zt_zKd?l7TQOCGK*b|n-GK> zI4RDeOzo&}AR{u4g*Jf1#2bW}J7LGvt;e_;q6a!dRz+DS%|xLNQChaPxQOpYTNvGN zuSq5k3C&l`uK*FPtp+Vlpn5(W$UvkO4C84`h*j!_--wxCJ?;6CJOfP5)$kafQjn~| zchmlT)d*Ip;VP)EiawF+##56n4z| z$8icl<5jNVigG@#)y$bnp$@adG^zo$?3Xz>Rg?Xczt{ z+j`rMPaze3`4v0uY^7?tY3~(~DY}>q4i}(m3hDU$i=Pb_bgU4WX^qq3))$tN6zb7q z`?HP>3)kHz?v3}}MQ(X&ii65Z*dtX{=@dCRIVx>lPEMW%ij<|43Gg6eQ|S~26p2Z6 z8X$uh49Wc%$ld7rp^eUJE40i1qZ$2=?|~>k0cSm&u$_%l&(hL|u>0a?Rc8pe2|=If zSX{k>R78otuxin}IzCPe^N11E%llG+xHZBz+K+nV3)bIbct|_{JFPHWrvbsx6oNgK zR#ezMGX7S)_U3{9`c_>1{^V~sIJ}{te#H%7iJ+eBZ)8v>*~77)nrmApuJte6g|Tzv z4>Y*?{e!pY?tRErFb8_Q=EQ8TdkG~0c>wY5N*diiKpOBb{s4J(mO?I=FMNBbru_|K zAUp~y)GG3Sw*Oy`1K_8Xs_I(<{KZ~{AK4!uABxMU+Z`VPwWG78E0#g4TO^i6Km-O_ zdQPaEa$ux#=X&q3JrC$RQE0Dk`%Ui+^e{AX&VugDwT zPU@op^1l6J9`n`l4-kWbhyj4}-z}a*v+WYDO|Be?V#;TIxv3@=m%2W3yP^#J)T*d` z8MKiSjW%XodfS2eID>;d2pWxHe@0JjpqIe_AiA-fy@xH$)ZJD-^dlLsz7thsksXrB zYE`df&GfW6u-L2YGdV{}`~yKUP71t1eULmJPDO37A`=Fc4Tj)490=yRk=L+R%WFhF z@spm4a>Q2R$B;9Rv}4s*p0s|R2egdm#w zCBFtCqTw(QC&;e%<+Gi{DGj^M9vYc7!d{b^sY^o+i2Cti#O|@N#w$|B-9RNZMJ@m^ zf(bDaf!u?b)cHHG1O0Ls0>}bijhoLoYlW{b=IoXNYuVj0YgdTJ_nH^aDR9X(uH;N; zFu+XJDfHkfBTTjdc% zakbC-3GhyLL{Facwsg!>rEMvLduj{3pAqbNyxoMNvw5?9{;jIfZ61TLZUI5!%F&Sa zf5L!BohfEAkWRC>OzH%FsPeHmpj#)eF6azSm62I@32f%%GZsWi*{1crwnbUf*JJSz za?zaKM2Q;*sJ>~>hm!sAXmVDuIxBs{1$@w02d*EPEXOH@9A+A{2;K_HpDsGK z=0?@u8}Gtkyu1vU1hZ&)h~?_1C*p}BN>-vZ6K0-z^PJl2N6m<8eqkh;VJqi)gP}10 zOyV~i8XAl1x`%qphpS>Sc`sRRE~JRQM=!Jgab}Y7RFtGR7V*sME*IrcpmuinMqana zt;s#rph!sBtnumfilKl#d3p$Mjq)bqa~`YGVQn4d13`gsof zn5MzEh~7Ekmh!TMV`#lzhi+n|Y34D^p^QExV$J0!hei~J#>02lr^a6?YYsWhq2c#P z+YHU=8i!*S6V$Li??g!HW^9wIcivb%QY8t;pWVMc59`IqzeM`wLXh|ye=o2!q_zI@ z8Tb!5It;Gez57}VA_S`0A)nR4A9}kY9LLo1WH};Pmo_X5h6k_kcXjWM`2*WB>KZZ@q%3I_2G@?u-oBzUTF#GefBS!)Y@;mouZ+ag_K;*Z&&Tc}DN@4C~#ucs0 zFGU{*E4)+yck5rL^wVg?x*gqh;q##ogjni9hT^7~N7}XDgV9Sj(5)|a#!2=;qy)q< zl!vPO7Pq-s9sKc5ImLZg*#SCll@E?e>OCGS6LY4pAp$o(Myj+5OgCuchQhEM893g< z_=%!efNnYrnHF$h7mZG$Lqh2|VL8oAuGc~OTSyj3&*6@oZ+_YH zV+aIwsE(ryb{R-uVh%qjC4{TT$8=-n^j|c&7Vf8_<{?}O8pilfKvMB37Gfvmb&aND zY-9528iE_yr8WaFX~L4k2E6!|-C?*rGo{s;SY!EHl}yaq`+36&@5TgDz~|`Ae2mf{ z_@@^GER!~B@z$W#pd3?iA`>L+W^y;@2_PA4<9hC5*D zzdLTwV|0d74qOIfDA$k}P2+Yljr*h{?G7it$?(x9ar`vQ;hTX*W*1||*;Pz+*C0UPT zzksU-auJ`Hhxb%I!ZB@LFqMGY8ZYLsotAYL7s3Q2OHLG(vzrOb$X9J>9HeQOu@&~K zljJI`M@Bx{Ro1D6-4n7{No5e=sV{fUlgvS-ZIr_z&>%RM<%aLGhp(HqLtzKdC;#>& za1dx1F~sVK@N)9<;yv75$8C0tBak-@J;bc9cY#PfBs1F)`eav`LI*^vI-6a7{LYiI z8grO-8#Os*23f;aB-u$jv~QqwbL00n4TeLOk|xRG3CWbf=j1ea(imNhPejX}4aM;$ z1Vch_je2|vpYq3pCQ9E}872Aso&Dk|MzKZ}kYS&y(7*CTXq-ZY)(smZ#?$keJO;sy z3xyY^=Q~oJH(>SmLV(~@;Lh9s-K7XdTfeFerTLir9hS262gv=VUY~3T7&(A3Gt<+~ zN4IP&?sfB*lkg|$(pR=$xSp$N^P@}RI^bNe zb>-DFAv*4AS6KyE-?X;60}gp`nUzNbY~h&sodHr^L{wi^(c5QBJw9 zpj;b*p)i&T*(96t8HgXulv!P(ahwZDz3a@SZNTOD&X`k##9R2p{B=asa zjvDs723NxyV(RYnCHE+*D-p(p^}yyN{H}d!$w{Ybo|xy}uP+Ar-fc)lWH>^W(W?EW zEOd_K7E=7`AnUOnr2!BJZ94M!nmBQs*u%k3wk=yfA^B{8L+wqm%=FoDh1zZ6<^^l( zWWo+`g=}hH#w(l#pQ-ZgXelbiWZmI%17=AlfB8y=Ij^YTp;~vjCzs13S(H{>+sQ6$ zhjjm>7Pt^FP96_id45e~Q}>s&4Rz|MgQUin-v8Qk{>4$%!IzynQA@>wvnL-Azu%5E za`}W2iqX^d?GTlA%HMHO*B>et_kF7)`0|o6ww>y<{IFeaCfMO^=}5^|Jndd!W?3wqsGM2fE)Sqz`Lx zeQB|hk0y)EB!XG>+7Bvn?3sn0hX63fiyEb4VdL*1uUUKs0GIa9bdN{0;;UYHt-P`p z)oOJ*W&daREPwJx82X9=miy)l+Y|l(X@mcLh5h0+4^;mfyh9;cyeuKMciS~w^`e!T zj~~ijzeK>6t)_Xwm-0EjYuv&H~A zH?C0Ut?tZ}o3j)k%Fwdm=j>#^%hG81HDJT?Wy0S)c`5-(+tFLNbUPV}8z~MaLnzD( zl|kiGiK~Y2p>#!cuEv8kETrhIB&NT+T!}A#&pq-W@81*+o+wA_g10J++)`jkj10%s zkb{h$m6H&oVgirX3KFpA4S|Bd=`T_;w83yAklEs-EXs1iYg=bz+d)eK1y0g-oN?<) z@+n0p@NQWel47Wm)%-RsEKPHCFDaMHo1o|@3I)l+9q$)^ub(;rS+?VQBuuDza2!H_O}0Gdb!b}|8m$QV!@`v{`zu|tAh&z-(ype<}2VQOX&GKGXo;gCr*^oriK zeHIh|9NC^X5+@73UMDjYp8%6BxUSTvbT9|)NH*noSSpE(WJ{9@on6S{{cUd zd?_64tZm_KTSQ#oSpyc?1~4ov6;YXe86urZCa4gr5z?Na8eXVR8G5w-!Eac=*L&bs zH}tBQ90NNV9IGJ_m49~`1*=C}jn4MV9GYwENDYUc7-cAjeOPwe3=s2@JSu9gyf7{! z=bq%TKB|OZ?#kmo|K`eq4F`^!0|GwFkbLw7tB#hiWxFDB+l!$PL!X9XxD&MC zN)!U;b~frW4d%GB8Rb_1kt~{TnlS5fk>yGm=BPs!t@zf?rucrTlO8VHyvF3%RkxEA zI(WRqKDzG2U?dXMY)InwEtYY{@Ws*6TM}+6s;3b_8`I?-%dB|u^yiuNMf)y2)S@)s zZJx0?Q!msAYN?ym3zI;j1S)eU3<(Sq$r{e8HMOw@WSDy$kq}KjCA? z`2V8#%oTPyiv!qP#nw*^5~rGI_U_Mi4Iob(6=!+#$AhhF??m97w4zU2ClxNiu~Mmh zoCO9yJ9MTQyPsJ=vxq!T0TWbF0uKyl!6B&n=b5yYoPDe&P-tn#uQMMBjWC62e7w1| z?IMDgvBo1QYBjvOQA>6rQM2!pbDV;x*e2o2Tswc@#n^D9;1aUs^V)_Y1ergaEOxxe zCY(T-q6F_H8*fybagl~!Q0)6`ANm_@9hF$>VqGINMu<#|4J9STy#SXK!1!bhL9hmR zDg|UQ8%X^GUH9}$X|vFLU0Q&_NEBn&ax~^GOrOx@<@^U z#{1b0ReXsW>ZtM8Ix5s4Az@;U=2&Lrv4@Qo2>S>8Oy$CQN2I#FfjU)3;G3^--{HN55MEMYS~ zo8zWWn&*2*#_uS!8E-Ix1hHkH=!Q7Cz}o+t7lq0YoUJV(();PQTSS4pH#+Vcu^bq# z;p==xZ_~No+WJD?IrW&Wl_HXJG#F1Jr`r_6e71W5Swknfalz>CJg5E#Vib!Q|Q!VIA5s2Au6ZU2MMD1;9QyuO=Cc z@U7t$|J8wnEPfAQBgg70SrvEZ-cXDryVC1V=tx)njpcr$o!qRN?7(YML-*SwaiUJ%D!ttVk3^5 z#XS%dSdf^%I$qqSJ&dm9p_k9>4fM?HU&qZ>O6!=x2GWQEtLTj?Nyp_N9elPxLNxgf z=O|)lbT-WL9_jOq{1may_R8`aJ&BNvjN@%8c+9e?)-Tn50h!kz;BOF>t-yr5_E(PN zow6j6;9y0(1X;zf`1HQNl-Y;^LWgXeiWf7U|Oh3{?%Dq2hg8f%iD65xfAVY_y+ zD8RiPu@(DbJ@6h=%CLidM_@AN>jyxvxb%AItWLhhk!E{ex4-{rsSHOHTZD5S+%(iS zKQyW~r1uxMj)dt*=Rgn3tTw)+6s7TCDj^4iv!X(^-otzr5rwiD|8;=>ip2gE;PM}Z z^X%m1MNvL0hie0kjq<(pe=)}698qbT1uTBr#}#E?E;T+)z9#ve#{IFHDSpSp`ThL{ zZT}620)PpAUU8GQ0Xnj&a??{YijVKK!y~*wL3@3pXl&g%{OAcgc~-Y7M{1_@{`gM zEZLv*(4^3{mAQ$Lv{(~lN?}AQ??2t~(cM!-5k{6)qDyiDT&Iv%i7}L$5xv`Ufb)3o zF9Qrl1|Cuh$*r1cPiyTLs&x5ReWj_|W;aLMgIl57(UBuaC|vrSPE^&!5}I&?m-NBc-@jcZ;_mE_%Nm@4gy6!-L)MCR^W&%_Bh>~=WQ0c z7bxH!sbGg*rincucRpFfK^xt24>8nz%OUG`Uy+TwEzR-bi?aQw19~_PPh$iz9~Ok^H`@-{*G=*bv<$I-H~ku(mMfO{V& z?YBIipTub0>tC+;zgT-qE5}H%Rh5D**y^6opp!*ZocS9Y&&EC`RGhu7aP7l_>BP!s z3#9vz=<@I5svILon+|}AfUtAOu>KxYV*qXFGE)pjA`c`9f(`e8mHh99>>um-`3}%& zxQSXCotOi1GD(jE3Va=W^s8cY1iq@2D&_KN7nQ-Dr4H^bo74CT5@&^bZk?>CWKj63 zENH*-b#g7SJ+TraUr2m1ea&Nh)oT+^YUe8h?v2FI;x6t_uSZA*{DC}omA^)QD|@Rv zJMB~%oZ#U{Odp10f96yUsJ+Gb77?ZT?qOR)kM(;95wl0~?EVtgtZBz9m{uBp>aCx{ z1b?yjFG{FedPIK^WUjs)QT;uIf5r0dMx5C`i7YE*FUJ`bAaA&G{jLd5{A`c)g*dZs z68&6iWiG~wn^>yF;zPNuow#8LS+ZoUZ$T(eFBc`b;R$Yw{@p8*%Qv9NiBI_A3wsX5 zFU9CzdHv(b&_A_BUk#QTNS}JAN*4R(s?1*sc+>P)iIlHbXldvb_WHzyUFUuzSyEp7 zb*;wv)`qV$ynOarT{#X=*nV)U3}1~l{yK}B={boUk^w{UasjIhPe?$*z#I5Yd$tfL z2Svp-%o_WNcLyTw)03t7NseXLkxZcF1PKf?Z>0}4&}L3OWpQZ}vm%u_TNcAdXh}X5 zMpKoeFu}6X9>IgjCy|8>4U-+q zVloFBVttA(Z4s~x5jg!tZ>hCbIh@&+YiF$Mcf+dD4(utt0`vC>!Wftl=~ZXpHR<$@ zOk4v219nJsT}Dw+$O2%oucPQ01Q)=VSy?ayMqA9Gt*ls`njmZ{+gQmo%r;y@kWfwq zqU}Y2)^@lLNZ`2fg{h^2Gdj%48KI-|iRUov;e4;eN-0DI=KbzsU9eDdhi732w`O4Y zg_7Ka0H4X|=2kJ)IP!*{gsh|r+*u-opsARzO4W!TJW#uAcMt^Bw}CT?w5wajp3Y&Z zCt%yuy!#ffqn>E$E4rGVlj6MCS4TycJCuBK(p(Kf0acM66me(<7L3m6M$RA~QyB8} zUhM@UIVqjCQB~VXvzAA9v?X1ak0=689NCJ(Kv}L0sztr`-dFq6xR?wXzwHh$1UF`s zz|pr)(GG|<&Hh&8fo8bSf8;LyDf;r)Y4A5X;4d5h&`jtr-3}Flw^c^h2oRjxcy(JK zZSLRN&QCx4r1t`uZ8n2z=&V0OoLeaqh+{8{g|O#-o*qxNj}?5lZTO-AwhpAHA38D! zJ8&p zKzz?eSwPw94-m?&zTv3e)k4q0rQdSx0a56FwIcU`@?RPDpWV`_e(D4rgebi+?fj-t zcxeUyPp*I>P|JVbg3_^PtBB6jG^D8MfQ+fT*b;>$WfO0oxKluky{LBybGq6k_95|& z#n@?X;Ov!#n(R7Ud+<9x&8|&0oh3>v7MmU=h4aa0wlP^S4>*JY$tZ;3Lz~ud+`lQC zzAC%?E4K(?!_;kUpD0*98=h z+V>TmA`oYd*WM#wOxJ*=|I`12X_N62S%9mNk0CSOvZtL@O~TP(U{2xL%*$i5PT~Aa zXdv5YIIEDQOmb#fj9*36+Ke}Y(K%*79BViPK`EmBS8nz{8_)kWPYfpB)0P`<*Z~kt zQjAW(Mp1_wd>#r9hj~+15O*6maG*}`lIadvBL=&kM8PD;ql}_Jlj2^(W??PPTxYEL zv4wLzzZi4Uk#=CW9@<%Vk2R@)lD1V>3k-1=GgWNbaw-K{S-qYml(*9`YpTa?H>y=! zNf=94-k1*2e^moa_xD3F7Cufyq~T1{0&J9ixW(Z~H-PqhbLiEp&}oe3!i(HiGcA+h zrz-x^-g?9NP!n0G&DqAb$wU$A8!cnoSvrh~HjsnSU}p9f#S*@r(bln#rT|No{RsBE zgGv!z{2*u_nrpb&I@wG^FovXmu)pvVqs{*uG0p=KSkVkX5Ml+0T=Wtmn1A(-z> z8m^}FvAT4EzB4)#RF2F@F^=~UAUfo|`v*t?nKm7{(=-bPW1}+beM57dhkrX?w%ghmyU*FDN%8} zwt+nrC579j*n{Dtb17MiT936K#_DumIvE%RQ#R!@eg&S(7_i(~7X27#k~v9)=E+;b z#o;@8E4sYEk2g0h5ntRe5AT_6^lz%`Mu7)lStrm<;*(-pAK3UYhURc?8kpXUqr*nJFU8xS7}}uGk_pOt{V1m7{wTNCgJMWYIto zEz>rMdO(yh+fvAjAG%WYUa?1`!Vo-a3f15~450P|(~IbcYyy9+hjeH*#w z;``pRE=eIHy@rOoq0h6CDeJioL**;Nce0@lv)_&`&3e+(-8=+M9|XIc>_*OZ5n1Xo zg+DK?JjW@0Vm~se@~xKNI{J*9X!3UbIkI;?B2M7s5d~sAuTB?iBraKdDW(OZJeIOS zjv`xbgMZArczdFMdAx$qVO=5?tSW8#IQ&#=?Q06Zew)Jl&jO5>5y~(5nQ8`&s%u3p z!8R6`H#2#87-=trxFuOIt1@1JNJ3O}-H<>AARyU^-$>@AFocB3t!srcf7KoBbvC4~ zvn;RLYL-`|m_dnNZe-WQ2O^Gl7F&g|FLq=j>k9r8m{W3o0~6m;VYJ;be%vOYUf@^ zv;|a{_|gjBk^44nHwl^aIsVPnUd{c%)t*0y><6&}bylVSIjCjV*Jt~0c}ioN~1iT@-?a7eycT*ff$JC(me>oO^xeDV+I_7^x(R?%aSd^i384XSK_(_CiI#2xu~qEPHx!4j)O@cW+v^syuTs?k zbSB(ViRD%{KS;DA2_7v5WC$epj>652!vz8o2qctd4q?;nlqa3Gy)+r9u!cLe!XpJi zZd)A6+n52U18jyX3Lt_QcxQg;6mXslJRGvl0vrd_CYT5pm}LQp@*k!E`~$T4C;0R4 z*ob-Eu~)b6P9NROIr}~DUa!J>4v>(atvryZ|R(-<1R!Cc36ix z>bi+KmQ2sFc&zEulXn76sP1EER?S9IH87K`awGs^dP8L&z=o~+2zDzTi;I=Ocys&MG z!zn56q(O$@klOrzfHWr9+3d8e!x@|3=oV9f6$*qpB)22ZU(_bl39`63kL2OZDRM7rlT6( zur1h>%8jaTpGEE&?HN368S_AtQ2d};xIqF>)&Br$i5Y!r*K!b%)kIDQ_S>=Rr;q)~ z=rzR*6p=bU(}@k&MAv^4!%9Y1K|+Rx~kuzS3IUuL4)>8uE*zx-iBhbESr6 zS_#EQ>e&tX62ITkmUygAO}h@PG7JS(ik6VC%iBo>kYy?Y5cmz8W5!1Y@nK+kE31I$ zDg{0d{8Y0P77{l1Q^rd}c`dU(porQxf83;&ar1z>Gtkn!J2Ab`alsiX9zuOp3IL+m z%|%;3_YoTYL%~4ywDRd>p{$Ry*2MCFR%QWT$|*N>m1!VVXTda&P(W6kaW&NOTGUSl^xbPvXa1aUYO!z~LAOB0jOs_v>mGW3-0k3xkL+y$vSWa5 zo?B??_x*SZ$)hnAo9-bjN+Df_w{X-4dADu72%5-Ae)6$sOY|BQZi(tR>gZwHEoIiI zwzDz0d=Uy(G0NM(JWEl~hlOYm=ayxWEG|thQJt4>y``3E<`ND9+33IOtIBcd99?_Z z_zUDU1rDrU*VJP1h6wMyc6X#5jkn3bI?<1va6p4MG>+M8r&z?m^%eN3Y;jS?n0W)z zlhFc^H0+T~P$*V4kg2Ym>4;{9P&tOHQixz~^X=RZI#-bLFLz-q8T~Cv>UHfy0y5@cl+Betem8j>woWKJS z%S2z^x)(QGRb)wBbK%Oa25axfpwsTi1aP5@2dX*c;5xE2lYRAwV6l<6NLqkq^3Nvkl9R!07$Oc7w{75*= zPlYu`GNtA{3RCt{!Sjyhlpl>Cwh+{_l7-^~+Bj*4x=1E&l_WiM08E&w27wRy-X?)J zI-RBfQbZr9)gjsBL8ql}n0l-o^alv@Ts1TFPd$~UaX}O1pf51c>`UsLjWYB}CLJw! z1mR~w!`W^hrETlfWDLCv_kf85IE^ZjsReDiL{0ha2--+%$RB;Y1zYQSuY{W zO%WGjD)MBK&GkXhE7}f@JoLal+tTi&H<4XL43bwM5t45OKOv|ZNq^)MZaSB*Nf({g z+@>E^8FSQECGCEdR2hdylJrV_mi(O~^3A7i!6_n;Vx0nkmaeAphsvsvtEh1z%wiTt zqa2hx3L-WS26s74t(`A>>V_;cZ(+7~4!;YoC@x(qLBZTN?i8m?-9D!62mW+s11sK1 zswt-hjHBhU)D^0?(ZbQi4D?ko4kiz{liG)d5KbPgJuZ$QhK}gr3V!GHgaz!B?~*ZJ z8g_RqmKmw1EhB5rMByW|BgadRc+?>!@5#ht(8ZfJqfkV<%wZ{12X{g{#V>bzc@K^& z7Nv6+bCSMkpoyv(M*9=ZuqirSK7kCZW?o48j8hgRr%aM(!VJ>cLHV&3-`TXNr=o^% z7-6#_6kHo6;gysj^eE|P>C>{ARx=A*m}x}Eygf67p`tkwgGT1oWUtd1!st*&;Lk#; zzB1>bJjPi@SNAxo+;>%VZp)<(cbLNev!LZauPBT~0YySX zis=W{mvWjI&6Am2$-tm03CjF__wYn|fYG{Ii)8a6i1NHgX`d*=&`B_YO#I9(L1 zU^`^|_y*0wC8gn*<-3Y$f7ks$hE#`iK1||{=kDdfWuoHhxwhwovDsCo^|L#%fSsHG zXoWz#Wy8(emPC3qh%+;?Oh7bZ^D3I8Yps77S>6VSGun7EfQTIrm1nFd4G2T6Ui?o$ zF8@>(^^cf^GrFY22Nh44GOdUr`l380aUS@Zs!m1;(zZ;%gDrNq7pwh?`8# z-uSwRcEej+NlhPmF4c6OA_YQ&7>9raSn_;0b_G#V*HivI+m&)UqsYmXCzAdmlMz2% zCL@ba#Als5_>HWg-+Sl~%ZZkm($EaWeR0aO*%mYwg~9;i{(;`GxS7}Qs+w}ARTYfu zCmn@wTiOKjBt5hFO=qK;CO+Gd{ht2*h%7UujOsqsYl!d}1x8Cn-^r=+^|PKMW(=xhOrw+^%$C zSvpymP&rcxmr<|0+k5%Wm8x;8GtNwtcl1z&WiaXcL@1MlbRfyWlh_bL4Z3T4`J=sy z$%FTDT(QFHnCoKjlxXg}eghv@Kdb(jN$TMlLnmZcEdM)`u9?h)of$kuy!(Z<4D>iE zX;f+>J8fiEs3z${|A;E=a%4E!dU>kW^-5e7XNM$J>sL8_IX}5(yr24hu)p?w$_rR_ zY{I?el0UVqt8pRJ*mhDt)nu@#1Iwn9V5jsrx#W%H>lIQr^n$1xm!_hH6(aDWuRUX9 zG4V!GVWCMgl1`fW1VL{pYjA*G{E#3Q4}&E^A})FBB53>QAnh6?77~A2fdDYJ5yWH; zyV(2ww@P>K#2>zLpF9l}>*1*@F~{aTrz9ZEHSw#2moOFncz(aJ&Hu#ltexMu+MVAkEx zy^wG;==2R%Yczx$XYfuMM$rY2G~MbGfKZ_$@j4(erUuQ&-A`*85?~{k)jAE=+I>Ba z*V_B6dxE?MSpNlXAsSv8AKjDOUZGbntj@`9t`T)`oSIpbv%b3J)gf{7C*9-E@U;?g z$k7(8dlI>mD0E4n0X3&Z&&$-tSWHNqr+p5HMfX=CJh0@9ING2%vhfzFW|X{FT4CRZ zbM+w&IS2g|kMu4O>Bf-+D?soA5Bw!xigs%p7)MwS!fqlrxK*_7iTQ}`YM znt&h`3QGgsljBO3@MoL0Y&n#z(p;?Ex2XJt&NgIO&&E8z>xS#`Uzb^bfS^w7LrrS} zoa)-0v<#&AN-dit;&VW#!-R|!PNrrc5ua;v^oYi)9$ej^E0yY@d^Kc=t!L1jhy3z) z5;U5XvM`QXQ5=)Ek2Z_>l5%9H0h*Al(REq0z6wX!R0s0T3~Ce)ZvdnEgXkolTT~op z73ySJy1d-`g*@fWHxhApq?%mMO(qSW(ea2YI|0!M&!h%Hx2ae|)R5xIz4V+aV8S6Z z0%S8P9m4FDcVnSdwvK5N-hJx)rE!~{k{g7^qBbwBxtTeEjw!2#2I{>xhtAHG1P3t2 zEo+wwDuJ}yWU4{04w>-8LO8+obu z(Mj%(#LQ~dmnwKP)xC`Y7 zLWY0_8b@}>Aq?OMJW6;^SR*SROEv7At1Hqvl^wsIlI?RPH-lX2M#Tbs5iM&{@N9pe zy`jlA@aK4=As?Z0IQg-!oy`gDW4OyO{ak21TAzD$z=o{O$!2e1@4V@GhIt13u%ou* zWV#k3dB-*vlZ@GXLnadm1E)g6I4zWrRt1OwTSNqX;;R<^sSgLoTQjjb=R$MUJUbk= zojLCIR#Z>r{P&9*+zguyU8e0zmz>Ghb>ExP8YXw<$W9niXFwpd5`*aIGfcX~yw{oK zwTnag=-_n=X$a>%#l@1lq_Ok~w#n1(rkECn`N2Mpnt2_B3yJhepqcW7{S|}OEUt;; z@aQVadI)svTlw6*c?4%}KXaXmd{;V&7(oP=hrZd@`@+XLP)LGr%@AxG7;^-6>3W`u zHWq_#(Dpc6Oo9wft@C1*&oF-~N%+6xBmPcd{kg%C*$4dZvfp8lT}5e)ECvbJpLNd# z;lZt0xh#jHFZ&Kl?dJh??d5=_2@wI$``KM&IR^hv$+bSf{jQN;!1Mb1F?jdjX9Lg6 z#^*_BudwGoK-NqyQ;{CwFaH3k8(X6xJi-2KaHyA1r_4XiT>twUF|g1h)4<@vU8qy! zmZi7v{mRcd=>KOw73NOyYCL$`a6dPc1V$iKjhxw%7JrTFua@A;Jx^>vOJjSkkRsqXVDmEWa1`56| z!z2N?z)-K2na_T@);7grS3RyN5%;$OlV3b00hQZ!U8B372rx08Xfkcz3Lj6zj1A3d?C*0V+P4X6c<%{HV9+QvRJ+5N*4 zM^UHWxeZrEx|6H}dZVA{HNDXm+(m@~WM$Rzxf!ilQ$L$YGR>Ud{NmgjmU#K_ExrX`PrJ&Bl-StZ!euJYzT%A54 zo9414Zbdc*3>vDkEH!DF?pGr^0XrDf0Td5Mq<%3zw<1QSpT zZ7(qC=3%w8o})!lUUfG5-#N;Erzt~(V^|;PS z@hI-O0p%TknW*KwSY4BQ+=}LQF2WUBbBK{w*+JoTjyDo}raEbp}2+O?rtr`wLnkawZHSd?^SsnW+AZ!YX)&*g+4xJ#1){m35{wWX3ZU*K{ut*xQ| zK@!#fUw=w&Pm6YfrZeX{Q6qRTj+degyIph`1-1SMRCrd<`%o-(0rT17@PS-up2x=* z8R3Up`61YbB-~wu?jHBCcyK}OEGAkfzz(_1ca!Vli`@k(%K5f4G~qI_lHD{h-`>IS zSBk7T5cy5$dFT5)DCI854HN;(He;xJf%ZUcU#TFQH%7@5!{zWghM@E-u!?A$>#;Cn zQB{p8=etA)V`(Cc*y~FSHzuHya~Gu1X*ka9*?hr`Z(@3bB@^Fc1HUdFR`3+7_H2>`@58cu}y6o9eN?n*uEzw=_>7!^V+k{nzQl4d);!@^C8?_4@I2o%}9A$ zo|q}xG|xd`L#Kr4qD@9!qVcZt8-zWDSUHF91Yuv!7nfgO5cT&B z1Uuh%Q_&k!<(n>d1iRl}Ep=cmQ{aX;g39m0Fri~ErQ;MxyYQDITl=B1c8gDd;QgB| zaq}s43&O-iko-AKwzN%&b)tqLNCN*qw}9Ml7o&vZ&BiYY4}Xx{-yA?X(7gDaFBr?O$P>si;4n*>YU$9z$2dQFr<~c%z&qzV&nI& zWIxcpjlOWcb<4--E&j;^o_d8Z6FQ!o_1KB9NjHV?sl0$1x88_0(Uy{@mjA}wp`7$z zCHN?^1VO2}RQA?AAp1{&%{}&F$rahQ_o?+&r6rYyFS^jc$~|bUHcXt-%=70EY<3nQ z7|T!n*zPm5@pcb(5TgO!b@z*`xi&ZV6hnC{8Ty0NJr7rcKr_)y>RMJgqBW(4fSt*W zjS-W+%@aRE^Y}* z!@zm}b}NGu1fWrEc0xfGYFAlI_+bDyf`aO>X`ghbkCIV~NJJJYPWFmjkfYraG)Pzn zc?}PI2NfTQUYZ%5HD;M_Vz2+?+oh?3`3`$!F`Po+V(Mku_E1eOm9a==)Q+ms&ZPip zWh|($;rDwHLi6WEGeW(By*b!|qD!jGm)+z_UVRi!nA&+I|b7SiRzy}U({hfcHm4ENpw!=JUuQY9%GF~D$1Stk0vZr*T;K?-{rwy!HP(Nh+`%&CJBH$kZRk%aYe7VJ4gjPH}Ak_*p!b z?$JSPN=^Q!m}_CLAMF3XV4rdWzw~D3dcj(mxhxR^Jb` zQ$H6P<7btSG@K-cRI{V$@?cZG(iHWH<*+$;S!c__#Ss%)ys%D~@Fp6(EZ{{VRVJev z8kj~+GnOp${++Y0?LB2CE-R04N@^|^f;xW3wa~;QdQx1YnjZp#LLDTh)qk4RK!W+l?WkG z!=ULqI?nX%nIF0NM!m{>*K}Qkj!`W(JJR}MXfld-VOD#S}GruZ}u_dKk47woAH!E1w8mlJxIN)Tui%D)Dp-fbGSK0Tt^9^c8( zCOzU)hq&>xuq^w4#0oOYs>?^S~y$weq}~ zTp6G<9cdxjgI;7pgYxCjt?{kw3Gpu4DA$|bOp3Ehacx`)LM^^eBC*xPG=0%>0y-u@ zfrgdSeo;yqDOnYS$b!;B8&;g}`K z=%baW5hn+0cW-AKRAXT&gXL7|XkmDb4y%&$h7$}sG=EIe7^HWd-gKWWKM*Ac(m^rnzc zg3xqVt-!sS_$9lK0SBNcY}*=1`B~;TN=~}0RO6%jz80hx;BtVF9y%SE?+7~^*p+iE z!-DSWbH=9uTqNeS3FfI&&6tr4^yQw9+%(rZuU$7|PBorCC#H(aFi~t^CQa{E z=fnX!OmmuWXM@HlB!hbDvj_>{m_bj)i*L9-K<7J-<*ss;WF1>!eLCz^Sa1D#_Ua%D z)(U9xYUWRB5|EMWUSddEi&@ag2eRH?xpP$?8YMspBsE0=@8XbUUX5!*RFwX?M6n+` zxo%%jo49ddX;VFP?15+E8x;!YxljU;$WUadfhM+A|01(g|`D;ecfJGF&~nU zE-)qSuFUz8iV)LC9hKs_iNaz5R5lr3%1x}WEupN_q$75jO5d~K-1R?D54R(IHw(xI zu1Dq&_A}68uA>rfo)Nd1zVWx6aq1RFH$GTLQyip0!q4cj%@O5+79>-sH5vpdvJ3Qk z?q?CQ?n&R4c5dLxMQp0sb)RGLQV*d@!Tp|6c0@PZqCf_}zUUl`nKjyRw(W}G_Jw_* zZ`FQ{#7^n<>6rmChn>OKVg`+q0v56qygelYao0@owca#gnlt#`o9-aDAUEfg7dqzA zyxf`Y@`lXSY5t&P7uUYXz7Ibw=&^OiN^?79kP_3eHjGFJUee~*1`~ioQg`HD3%4oJ z7^kK{N9sK4ve-o#W7BIFRI7YZA={5Nfy6Ro?^+_~4&5JpB}}``{@DOS`rk-33R_5d z`rO6WpT?fuo+9Xu^3jL?bIZ&LnRp8cgnr6 zRO%eYK=st#&#sOtcIqV^%zK_)jt4yFD)u-GB;4%#{ld0drS$&rcfK8{%FwIA53&mJ zEjHTF3q2o$T@hu_02qv0TPHo1Q;};8avYcnu+5xyVOP1od0`Ve<3pGcqT+7(u5sTz zjH7@-@YP_;%dGehtaI%xE{iSoAjb{I{rVKCdCVVhmH{-CZC{3F;K^;uO`XnH=^TX~ z5$=|C>tu7*#)A3+m2Puaji4UdZs2h4WOo(rw2c@XQgt}zmG&aU%G!9$Kg!GDU7c0q9!-@8Z#!&C z=jv@!i{^W+rQL_++7^7zFN^H5#6Q<8n4S1Om2)P70iGm>eNCR7D`(Oi_bV&^L1T%L zntRpFph6U<(pd8O`z*3va@q{3xjmd@)P4FFzMMV1RpPPhxdd!GqkOo__3*8|K&F4F z&~kMxq?u(;^Ea!Q;@oN{Zyi<}ll8T#vD6m}?YE?irK_*8kcjhCDQt_ZTa$+@Q6)tN zy{ODEE_Ki-uz3}dLjd!Ef9!v(byo$_U z+(%>)asly$x{dtE-alB;7%WH2f#+t1EnGQ7*(i7`Y%;oI-Lia+$&O(fzOfcg!z!vd zBGoBdA>W5hqDX6cb{gq#o!QH&h7E>tu$dGi8&Z(_q#EmOv^qU+gX5$Rd+@tN93r2a zNWa|EWdCMJe>mqKp+0c_H0gyD<||Ex=RMXoNI$U6$H^#Wiw=gW5ZQWXbmxXuW+8n~ z>k&k<%bZsVD1;lwFL;SIo_MWtgaJS86S~Y`1$+CFdCTePy)l#7i=8Wfd>{DYMpJkW zbt|t}+emg>uve3w;C zgvKH2B^<{}7}r|(#=c@u>6o<+movf2#_)1_2*5FPQx5OoKf-48x9v9vQNOaE&Uw%} z{$-ZXbe=1G*9?hf7PtFJV7i>VjDxpbVoipM53vpMpkeTfwzlYA)og1-_S)skn%T02 zl79owP}sl+e0@H(nBQkf;ib^z&erreK9`jeeMc*wsBVt(lfwj{Kw_eobG_7Bo@vFabBKFu~&o?Lx~ngX2{7wpb|kOn}Te~`HF zN3t(8?w~H(;crCLYYxcRKWMz#?ue+MYtgFvWS1zn&^;OorLSPB*y1(D;A}jv+#qJ9 zIdR5u?DF$yQ40h3zw3KNeEe=;QM1&8z*2P8xD@uzQ>EpxMY32icA&mQZ9V}ed$>X+65JMfZc><=W$iWcRgDRGO zLZDV{?MFhv(yl|BIS4txEztC)qXR>?JGOXEQIS}>*!+cD@A#0R zKS=SS#y`g2b#jVhNBOP_?zW5B!%TdjOF*s6WAMt#hjM=82W zT~dvlZ#A&kqANl4XTZ~Nm8fV2bMr=+l?}*aGXbIAm{H$@n7OSVSlkD>6!;Fz!6mH* zi$IOduw77q(dOX9wk(vwOe!2ov7ph=3uuCh9`1&`8|UVS^U`o_N6Om;noTsHf2#-} zSW6TgxmyMX_}e5(*!8S(Z6};}im&r2-);w;^sEadJU%BFi=>gno*1lwiuEjBx=cgK zI~qI5;8E%&LAB1Om*PvILHwP5F+l<_2trS1KgeZz5ScI1WHZtHx#6Hx*uYIoQQ)?l z+6-L>&@H2>Q~dI5klOaH}-PZ4|0cfoJ1nx zPB`vv!r92J#WiAE0}p(?lg+5y{3Ew^nH0Op{%`nCGDSOj$8POuE_!ZSfSxdGyCiBq zKfAyH^1{bX@!cRdM0{~;H`Q~~To>foDPa}VfS8ao%TnN4PUy5daUvM4@0B4N2Y5jx zYzm|i)KM>`_y&Q9Tyis0>~!fVp^|blBoivJndrC7E!5mJuxPp%Rltauj|iJq>H7v2 zZGx5mQZK;6{AIkI0kcc|4}7pTqc+gHeq?bo3-=F_W}@HH^|#Ru*u)2iNE90c(RiYt zohzkPfhZ#QI8jSKUA1I2f;zytxiB$kcosh(IO(%7*_!CWFzB1GNPP zfdYeozm5n3)=#L3qb8f@b41#5&+$M0Rm8Qt4PFIn~~y6 zi1WplBM_{_wQ|1`#StH}`s*k<2=r)fKpa{Ch+#JO=7#241h4rXg(a;t;prg2C2(zF zGob+{Z8-T#T-EPpu z!8Rzse{HV$0v=I2HF7;Lw~Yu3LlY@%g3b}rBSRXskSxT=-IfE0AAfN_5V0F${xUH$@<)cAZ&!E!B(*^RC}FArKUgIF9g9@jia38LPpNpE zGapJ0=PdI(YhW{ioDKdUQGl5H?(<`W*C5Iqzl;D5tS|Aiu~m^@4lu@4Vd4^V1~sho z2o=yr^8VB(s>h|0?EEcr7Ft?Ng0c1MIu^v~3$0&LJMWw73-wv@nYt#C<{0`O2lmf1 zO{O@hB>P{u@&m>tw^sWIWyxD#ncYZS^S$O(yw3}PDv`B#hC zM>l)CdE?8ccd5qH7JHAQi_XFwHYj=^ifx&XSU66gNBGsuGXzwGqs_0UxH+FAI)sU1|W9jH2< zJZNb8!X3x9rV$w=*t3<10XE-%@dt??Gx(8NA~^WIyV(~!tsB@T9On6sRXwmPSAc&& z($5ns#pYc>OV6+2-^}E;h{=$i#D)B$`6O9G-v$jkU$uZG>$XsOv&d63fsiP8yuP_7 zfXBaAk_cZ`>Kk*$dtXSwxQ*0a`Rn6M%Y`yPY3x-P6HS=HItLRoOU)!H@8Zx5D2=N$ z*VGPZiq6t33BaN`MB2xkshwe`=qTr)CJM#ePwjRI+;b z@FIyA!J7OBNiYm~n|e1Ha@JCWpp6PvNaO?tNl8gLit>?}J@BSDKa6U0y7h7@&75mCtH;@U>5y z@m$_G*W?g;l}#v7ikHNU6wEgk@Dy|Xu!Cci)@!!MPQr<>x{57z2L_I6qs%_4@cxg@ z{rBD$M95?*x^<+UXkcvrleVKSInj3xIF7vVxz|6Nd;J6Slv-exv5E=Bs6LiQsjHtH z>3kgc>y1Fu;E_Cq*+S-5Ye({|&a)A|`fCgl_g?CH#!M$YDekt%fG<%x?hA#|2d7Ec zS+BYC_MAW4J{z-TkhB#y!Szrcq>n(G%s!I}w&6sOiB`dvPxbe2rjq|4T}I{%*Fe!R zyU#wiDJR?}GRu93_Jj7yIZZ7;si|XttnBo+rn1x2V)qg&^MF$^XI>qBB)pMg2+xi% z>D2OM_I*b+l3%J4(zD--jFoB@zn4=Y!Pq|B7(M#VNzQA$=OEzBU4~ZC#|Sf)%)>zI3Vr{ba%2c@YjbJQy71o^`!dYiX3acr{?I-)2N%29L+7t=6HW6OV1CeiR z>(x}4C^Z@J{W4kF>(NOmCrMJ4)Z~_`2l!ww86AI$62N6ZR(37P^1&+aY_vf-nI&Z< zEO`TT%Tivj$ux9kZA|d7(Vz7Vcf8tU6f7WejqOvnrwN#@NyQDdo7hjAC&kY-7%neg@Q;QTon9DksP_gByf8uyX;lvqE_6z~+DToyaMeEAuzm#v!#eM%ecE?WX*S z<)Cjg;{BMMy%%2LRhncbY{%Wy9KZD}jG9|uGbD8VsFExFpLZ*`+rmPZu~fji*DA!= z67OtaBP#zmsCSUNvzps2@T}v2{Yiu;kp4w$_ir`K1a*rcf?w_*rb4%M=NnOf=h1yB z^qXn^8S=D`dCX4xf8<1PDN1#}VnU;QBX(GKZIPwdH!pGhO3gC@t8Jvd-!+w6iS<odZzoJ=f*+^9xj!t0F7@6&$iV5Kg}(Jq-v}B9 zk1J{ZkDS!MS~`1Ou+*|plZ~R7y6my6tCm!{FZ`ibyyul0+)2Rsv537P_nb2P zq(!Co0%_xy)Uhtx<-D|V09#ohm^Y=;|67~?_qAe>ju%LDuf70y4&1$#io!*}bx)7w zZziBd--_hG0!h@^N$OEiWxY{!*)dNt2^jsw@TH?evCA`wgQvKOqDZe(O^F4aWe}b?O#uWt&U4a^zFikd}Z$h%Z;RaAF z5Q(onWz@>?PW-#S%X$oc*hk*{HU_5ZvTa*{*MKTGoIx3N4pRMT(?t-IIL@GSch_G3EHC#Mz@=;iY)q_|iZF3@=}Ly+XGubEIFFM5IcE zL2+ckE=Y;rayuL;HnmGDA%gtq7p;VM8>Q)dd1S2i#h_p|9G57fSt7p{?_wTiJe(_a zi*D!LD(4Qb5mx4~M_sQ{SK{AHHfFa3LBQ)kulro=APY?JNsNSd^HAsX-eXm&`EP&8 z3S1lZL`uR+>@zr)MdKbf;2mii5bi-js9~|V4O#W`!zaVQ1?xLo+&DQcqW`;$&dxk> z&bndtrfuo$t6@wjX(Lf@Vf?yE+e_D{ABs%YFo4Qdh3hxa*j9{HTj5uVOCC9kf1*O9 zMC#QilSwP^r;7;m_W$xHnjSpEq zbxau@x9-Ory?DJ*MuSN&B?C-?ervycX-d-7YO%9J<|w|thqEloHrl(l5Ue$ScS#!9 za4or~8vkOiXzj(f)53={I@=f6H81wE$1Mu|k{ap4=jbjp_Up8zUM>>!I1}8Jd(BtU zGX0F&6p4D6miRG4KyK*M)KdUfp9|n>uRtGexQViken6Ary>o4FWrRZz@EhwxviZ z^dbME@31gV%A~Y-q<+*AYx!OXW&$%tvXUR%@=R^^k%(>&lFWU>Po{WSo&Ztt;cV72 zZwIb-$BZj4y0={agq?PZZUz9_5Xu~M>WD{qGq`qey72gKEA*E+!qhlKiADBd?Wu<> zC!E5sTB9=lAe9qHzBd#@%vt|I5=%gbctBX{f}(QbklFeJl1uUiefN@rx6?!QU!zR7PVRL+$kHxV@LGTrs01D*of za@pP=db#~b(h+$*TUCRR%k|1yI?3GQCmI{Sx)w_mX`1jjQA(*|N=a>8#I$aTo}P8F zLR54=9zpURX2-yRxfDMZnf9JUGe1V>g(43}v&iG{7hngY_@232+XB0%nm0B_i@kky z{#&q>33wv__+EsJC<8LmpD`up^RZLbxN?)GXMiV>AtS|&|9WFd7SSrZc-X$h{P8nb zf{75wzG3l3hmrk?GI*y#ZicVw)ve1eBblhilA(spO}Ki-i-YZnvO$ z5`j6ex4(p!jV(vPWR~$HhBI(aYHPiz12t9)JoII0&`aYR$<<1y-n98jtH`5_av}ll zHYE*|{?(T{+LU*>NYp^K+!_IOfbjqW1R#K(A$}pah#lyiYKb`)JE+sya4dM;A~MNJ z6ZCNhvprYzK?rxm8fLTxs;x*$R@*9eGHKOt=M8nv0#s-rq%comc4XDAQySw%Rn*nI z3>E#@Lx9$ZZvJHYQac~mfcYpREYs?{ zNLJ=>4-ry9u1F*V{DZZM3eoQq<5AVK$ueo^fS!w{vAi}M6JpjGQ5F({R^~F6ReR_K z^=N;#bBF}o@0LHpwtr=l>+i6M`cP;DkO|37SUnCb%!`wQEM=Pk=~c>XtTi zpBu9`2FNHczUy0yL;wE$XLOoxd0q5!oY54`pa7OqNP?vSL1<`genjDN8T#!6Y$4rX z2xf(2y=u^fW#x%Pgi)`sLf=n^q_Kx(vfs1lVAOGKrSTiVk&BWK2+)hR zJul{AE&cdRM>sXp%ErrXm>pj`x;zBSY;9rJz2UO+)4G9s&ELlGpOSv--OlS%g)REx zJC+0rzx|9JWoV=xqyoeWVU>SHc>f|9<6f8Sqgn;l!1dDZFvOCym9^O4_jU3=8h>(T z3sF~8RMlcc?th0G6B&~TYEjGvB#IC;Uv13OA=LYP#%ApNZJ0tXE!!?wq^Gn5^M{Vv+5|l z2Dtl#kf}_?&J;1z${+tmlI)k|;$bm8@eGWp6FaY8|E3tZb@N ze207&LEdCFKpcqSn3UsLW4`~&f3U99^T#opnnApYvAL3xqPzKp+)1vVukc z_z&c>PHxg=*ls0NKbs0;I5p*Eyh{BzMW6(wno2|U+V~W%8d7@vTBO@*oy~VC9arL0 zr63MvJTkzWPt;V{oM6;&QJy3jK9G<3hy(3+%X%y;aM0f|k+woEYL+rBqQ?dVBVyX<6dgefCIHHp zuUfDI-~8m03-g$>+AbhJFzcS$?2;1q0|h39wevS)d>A0_RDWyYzUdk>e(2(C77^J} zG_x(2h0gbzOcap_JD;^&i9d{y6(0X5^ZpH5U6@l)a4AEZOf49xvl>=)*4v-MY>F#r9EU|Cq#<%3vj^;5>cVAOr+ z(j^emOw@2GNB!a`igT=Fsl&XgQ!Rfv#DNc8@GIC(-}JNf8WnI1d`u4m6;N3d0%<8e?J;i z@o2MV8-vvi#HlgFG7LCP!ySr@7spDI5Cp{h2{jEgv8pz9nTQTEPa1M+_fB(1;qFdC zncCWm+SKOg8{Ru3FD9P%J7;tQgo>!OhtbO8a-SKeLTBgHN1g=Kb^L0f)u6l(21yF` zw;HFYoM8~#m)k+7xTv-!?UItRZ&+q!Q1ZW)9>Zlg*C=I#QX<=vJTFFu z+~>b|t!iIgqAC&QELljJoS$%j$CmDZI+uXx`_?$6UgJ$c&wwE*;ggM3_*ff6vuJZ1V ztnc85cNufz&N=?xCKHP~M>8^`#gXEu>D-Y5fj|%X)bY|@41p8h^MthIpM5LyTFoa< zlS-2_y7O8K=sr6V9J$QO8WsJEEO~;Y@t@KvJi@Gk92kWtnW0?as%-42F%K8Qw3gu= zvDnL%uCn^mr}eC+hH`~ zQG6wu_H|KoXRa;#!PqUrkR70BmiXgM{Oo+Qv16F-vztbaz1O8}I`sK~%dS_(%W9{Y_F*}6xSiV-?!XUJ28Z-G_CjIlMb6ftmN?#0> z*Ip(_EJdvNC(ftS7ep`83>Sy$pw$^Q%CflRsn}nM$pQto%KL?qEbt-#>eehhScp;N zzw8Jp>1DrewJSQ4D^skhQ^)iw-WkF(=rk{=*`q{RKi98UWBa``UzEn8a z9+-J{^nV-vzn&O5(zeb=ipSA!C*s;RPu*6KWac#rzuf}=K0!kYt4J}p)WtBQ8BqyJ z6zxD%HP#V@9=sE|?bqPI4CK#-+8EknBYe`WDNqp%G#~kTGaFY?-k{e)9e7yTrLA-V zLx;Xt0tbROsvajYN{PPv9FNNS z9{x?ByxF={HtWvsE*t8HIMt`{*#eJ+NKIMTYBbXp1(r-gAO6B_<~x{CYt~V`P<2p& ze@0oKqpKAeGnUA~Nopx2_R|xDrHW@nl}LcT?PnOL8n0O3-Hf0q=LaNGtjUKFHnM@u z3@pNvOff)bN~>r6j`X(W@m)o3sK}RC>bHk1T@mtJeowC#jD4h4n`^zADy15JGS0?fsI-UrWk zci?{vn=Jh772wd`EEV@%ASa}-q2_CkZ?7s)jl*#lQwp zT}kJx$)WFHg`SS*cU;C#yZ$T<(V<~D98>77YSjace`T7-*}98e9M|$v!NBF_j7TRZCI&C`qFT#l-@6s3Fm+j@{f0Gp2vDTCLhX1tdfcv$b zu9l)&Y2Yf&gkSyjh)DF_?dGRVJf(o6-JhTA_=kHTnLm2~^emxR^xvYb_%v2v&2d?| zSf||e*B1`uj@1_Vd<);Wa=74_X1nCxsSD}0u)M0uys1>KF+7LnoB?%vPLAd+H%57T zaaMgvB@9zKyW_;73#>W3?8W!7F%B54ldN&@vs+ibxrhWm^vZ3+XXE_NOc9H*ncZ5V zKGwpCnQb$g)DP4#sBY@0ffPd(B1uWp2=(qBmKxKw}T3sNF`7?vN z2fq!#eH7&m*HQoolBc5&9SYoF3GFjK2D#;*!Ak~{a3{-_ct zv*0$E& zjV-=R;Z{I8uu1qxD@Tp;7^#c>m08EP4bGdKPKm=&U5e)rCe@LU&TiZ0w0eee)IYuu zgG+|z->PE-J$c>A_hMhw{)0(!)Se6LkyrD^;Kx07_vzsVjO|fTQI(W*VuqU%%CBic zd}QHicvL=Yq?~Qf5@^`5Yp|(+$f&~5RO0~2mWbI;_Bks(G!qEf1|Z-H4_9U9nZ3f< zA;aje>)T%V{6Xsq|17Z*(^o-=2)wH``2%_Qgj zR{i`d4Y(#E^tw34ZAhcx zkh~GCH%X&9L1^7E-N=nWSEtYN`q8F z5l%pcKnoP^%;un2)J%2pc^PFr*KXIJQ80@LN;3fTgq}F}k95b5g=JDEHa8{;j~e$+ zsDPEEtTB-IjX`xG@@?ytgV&4}dt*CnU(7VoYQ!W`R8)T=Sq?{-3OR~eC|xP&>Nh68 zPO#;dRnHudSc)MNOg?Vx!C+3SjYbP0?QV#~tMmL_@H$Ybq%FIFpoe98orLvU|M)%x zEp{Q+J+b*Z)vAT)vRHK6TIDGA4qywB@;r)-rw5?7=yWTS3-w4|6%aTzi-7$>LICrLY>#vc#|Q3(3+X1#@7i94MclKAKebF# zcOPimZN552s5$E-U5iin9{inx{T;jh(>MQZ5kgk_TZ3M%!0Fw@u$^od*b9VYcH}(T zv1NIEQEe}7`hC&|C0&TtghMHZOB0HUC6lAM$h)dMBL$=sxj&2a9!5Yc&03P1biC}1 zpoev%&e;GvX(@(M24b zS)A?=3cHneBT>fIS(v=@s6=W8%HMcU%m4s-2v;qUaon+yV>S+8@%^+Y(D>~~cgZ~X zK;|o6;}NSJjlk1`UfhtflNgY^Yswceb*iYdmT%!=mf7ncrD#z8c*RM(_&LRd+0ey3 zCsbDX;nNTxlIi7c3iUSYSWWPA_F~G08qa#ah?vngnRD%4vQdzU$PvH;=a{92 zrfL<1-=Q5cHV7W^DRJL*2VCjXGv}MZKjA61x*t=O0e~qaVnJ2}x=8?D^|~xtMy4%- zC#8C$O4o8r6(WlKdes&aIgm=xhg639NS~%4Vgt{{cH@(*mm!w>Nl#%_+o_S z0kUWZRzdQBxkR;`n<}TtO#ZblS6y2dbhwijDK09vMr}XDl*+{hBwrGP|Ms8eWC42Whj*G~(_fTOYuzzG|% z_=NE_0y?8pdq#Ic8wgZ6s@v<=o}}4g@D=3zN2k-*(aO0BUsk35$k0jgPSa`QvT_jK zI;g}xKqlfO^kvHqTyc)4^!j}7LgTF8(W1x2(RXFy?y3Qe5LAiz92TvdlAEYVCa+FP zdTsoc9cy2$D6t?VWD W_tnDxFPm3QWVhoAE__`xD43z8N|N$MSG^C^Q&M}?pJE~ zgZWQ8A#}Y5c6@(o%RLI6=o0Fc5ZMbZbGpwSljw*%D zPaNPbO5xFe7zfe(*OS?qBacJG;vtL5q=1=-f?`I5ipzwuL3oFO!59}LPr%^S+yFH} zh%zTp-?H<1qmDQ^zQy5UFK&4@RzV_M9wIU2q`*WA1fU7$FoHk$r%I*>G{W9H8XaIy zZo8r1Y8(7*0eG_9*5bc~BVT$J#_=7zx#GKI=h^;)bPWE3)Q`mmL9`Xf;p^SR;XASfDrWf>9@C$ChyfjrgO$a=+*zM9CbT$9$8amsE(Elq3fH)1iO08k)?>;)7Hfwx9d_-opjno!L;XXORXD2AjWzYIvb%nt0`mC_WHFzz-Wt|l zZnYR|LZ3m}CEqrD-WQ5wlZ^_hA7#{cHK@mIX%$NBehz*D!9$#eJI1D^FV-2&?J@iJ0FG3K*8y&JrCn57df!9Wv z%(B9$__7HcPC*G_A-gQz@nYfxC$0#+S)sUKrGKJFJ=jO{&< zWa}tvlb1Y$y02Oz*Dd1R&qmV}*+P58aY#vkotr`e02c!Mjf@1sL}&ot^4Z$axOSeW zVwAYj`H}F<>u#pjl>@jjcZ#p14hph%mHZArHt#iiuJ>sV-%R*S@N0@ANyX`9tMq&d zRqg|P`FX{ekXI~=nRZFcLmu&&UrGzJbJ*kLpJUZ2acq(RSqRlOw7c`rx%snE*pY1y z3rbqPe{7f|)3b)gx_`NCdoOtK8ug^`@~uu|}Tj8-Oaj`5+47=w`-n zsdHFVc=N5cHSM?hCWzR2&UD5J;fwl^UG^+pkqRc_OZ_X$=CXc@LY@}a@6pGCf;gx_ zCR7rQwy8OUu4wgRVq~#ZraM}cJw0!bGK*c!bVltj<5$KgPn_9&zmgW&z5fthk^P!s zpQ5LlMO#0|F)raehC8#j|9-KKZwc#R3K2k$gD)MsOMs9Q6lj|E)L0Gs+L0D~NW|(?3YEkBBn+`Zw$sGkNz+ z+IEWwHy-@|)Qcn5QYLXOI~|B*8T?{9Hlmbjau#+sO*^;kGUS7|7v^pk9;*2?{TPD-KRt}+l?z5_N zhw5rcCKWs{7JFORuXp{fTab!a7h}7=i>gA1ey0%@HHsyhwDSIwr;>g$$@M#(Yhr%( z=I`meruEjpKZseCGcdsD60N^GUZqG;87`9R6kiB?`c-w?B5Nbl(4%ap57VQz`rKMl zvj<-o%{msXj>^@s0iJA#b~8sp=p->NP25T#Z$DT3ERk^8q+;oRKeT7))w+TqnKNvU zOQ(To0>=e%V+X}!7ARO!;jYT~QZuGVf`+d@T`wP)(-56EML}i7pDd?_1hyr_%AY-1 zb62`w#>UVLokSk#owYqi=i5!R<$c^JEnCpDF|JoX?9J*E%WD3*>NBm!qKd=zI{w<; zP6u29U1|Tq+Yu1$kqWu5ppXnP*LIU;^GN|#vJt7W7ee))d9WrMyfs1tgY!o}vz+~4 z7qy)B5u)YlLv+}L-+u-bQi zSi%MWD=@^t@qb6*?20@yGnF6~fAcDiql|czR8Q?l%>g_gSQTAti|)D-a2x%mn%Arn zf4-Nu@#fH&Yv!Nv9+<=D{k_2N?BF%`!WKv2Fri=29+8$SX}g+ZRSx(QPEIqT0Z&wu zQ27(`X67~B+oftaR$b3IdsSF}qXpfCdZd{*SHm}sV9t$mL!dHPel5RmYYrS>Z(~j2>}GlwN%m?X;o47a2P*NL*WJx9^@kUB7E{qj4S||5)oR_1^2g|}rug$5 zx+!pUdw)q!2YmW>v7X@V@V0E%Ih7|TBRnYWg6Lb#OgASOHgA~(p6fHOaW&52KH?_( zriJ61>bGDBNv-zOq>?UtJPYS8PY0Kj@f`_LF$b1-#80I6?q-3{zKkCG2+%@Do0zKt zjI#8zrWqm1l#24N)9A9^vW9#%&V4_=jESgPX)d-A=t z*_nyK*B#F2PgJepH@AQ=TODNKLNAnEtb9_KNz)5{c30Wy_p81gD!+WIU_MHp@~UO{ zmxpzx>D;yzGnjh_d~<$!2ePR@(Hf&a#p_$@>BsRDXwnfTl8;(qplQ``5zCxw*5bcS z$t);x*55geF=~d&zUOJBR=S!SI{G0#vNXD+mNPZG>a}clV8{}cwjsIFCJP8k~% z`WdpJofc{yR4XB<&8no@8jD+6o*+$9eAD!^GodjL~F_!DPzlNF5Pm*9Y4{7rppm_cgVy zh>F+pCkL`*-Dfj8q|`6d(?;?{Luwcp^iwhU$r!O@4`K$ih=)Ay>?TKUu`@bk$hQ-~ zO@BLw|3*-O=#F#wWHm-@?qIW8^I2?a0Pdpm3lSD z&V5I2KgDb>6j7j)2g`XrY2Ah4K3UuY#_N(Y-aQ}X?>^jh-ZH#yA;=BXemU7@Tog+O z6m0ISO9FbfTvot>7mg1nK=^!^+=j$o$y;XfE?qv*T|3|FQ#u)SMLunE#R? z{HK-w8%X%~UG=XQ=%0RT_|!J6sf@mqvzOd_UAd`Y-=RgH<(=;Me7qFMx#mp;0t%{> z#5cV+*Vf#V)d>ac(XVhf4FXRx!p0}0T3aDM*9PBK|3QM_u4g6WJlA{P?2F9mFblah zQeVms^&VtbkB+~dzWg!CL0LprZ_fHGOxuf@G1q{xP{I<7M7$Y}FBh(OxikB2`((88|>e<;w8337IdxqiHJYSRhVR(@^YOjA187NQ1j)Y!NT!y2S zlW$tqwo3@Rl1(yQ*$bk=8AD^l(E*Fr>@{o$FHZ_4n{hB~Gjuz$`N znZN6Z*DT`S@XGV<*HTKu;&M?$SKk6b#1l;vH}%&}2vK@!sQ{bHi6+a18~Jx(9beWo z=WJCjaz-hsk(tz^Rtt8pfBoC;u0DZxtL@lx2ygn3813KjycB@GCu%RcRjbDDaFrT176I|ni4@hyw zjC7_(j!1A7{DqJvk1ahE*VJGgDZ=Zw!rvo0%3u1OO`0|_lxN5*dj(4eO$Ow0Ak0cd zOFSwcj(R6i6&?({3KI%fcOMJgQP$pyJR;yK!cC z(Y|}j>6#2*wF~Y~Tm15Qcc=t|ffs&E8ZrFQdT}FkE%RJ(eb3Ex&+ZGy=WntX;+f6% z4h3>b_E-kGP`tfog*u1W;^RvQtqO9oD+vB+jX5SJ1JO3;T-h>$fyW4-5|IMBGEGB>G8LOiliML=3vr9t~3~%Xfk#Y5>#%O7WJA)>ilA& z@klgtucB&7n)1YvI(CSG0ggx*MGIo~+%Ay^SyFcdwD3@q#bDbOKk-mr^ zsifjdacFxMN|-cT$bN3>1r-=zfPWx~v?_g~Q@B*}7%?rtY>~0ys85rb%N}+{5_N>f zZ7G2Aa0$Nl)!(|~EROQc#oT1!+%XB;-Z^+?t$rs`)VcH^l-%Ey#9U|yAKV2Mm9Et> zWF$jzRy_Y!hTR2Xl#KQW^$9R%a;Y46Q_Na2m7BD(6E*Md1xh_dP>j?bC0+41xb8Nn zmQDrRY^#89@F5Gs_1GqX3t!GB^@Y~-YqC)~ofBf6&nToWn?f9A&TKtbrNUMY=5L2TrtM)4)xU$<==HJ7WAqc4ZxUsDE8{X8E-4u`n0wRmrp%I~lqWjqujW&)bmAxDNBJ z=jx37wqKyck(hmo7sV)TzEC@&AFqR}#Cai~ETKV|W~?%_qmkltvVwnQv`)3cVbM7? ziij5UONuIpk62Sdj7~3pIo3fCE)Ni}T~>blG@c8aUR7^?xO~vWaX;KmnIY^;mJHwb z<7%R_RA3&ac}?*N1lzc+?v5c-Yq~JnrEVnyZ%j)_MClQ%r+10$7_kYhjnPW55h=_r6iG}tvVhr{|L1J6tQQ+vN z9`z{<{xsVP9BT>IRs!XX0N;(J0HN8&>nIu80>v;PVgbF(PvZBAub&WjqZGy>RD1YV z_BC~XKs$&iQADmDL6N&W|Ay%YEYrZ;&Jga6GR7H6vpcZ&0P$F3`O`_af<@e*kvS)X zIPeYPWQYuzY`v@PcpG6R{eNa26N>+iU>Ff+D8*9#h2zp9g_~H%0}HhpSgwpr2wxXq zkSD5qg(Ya51HNKQO!HrBKmJWUEOU2Qub8ANR0*kDW6LAQo8Wtc{5Q?pLrOSZ-vfuv zQ50KW_3uBO0=F^2J&i)H8T@6W&O z{c_&HJ>u7zekMrAVD&ycWucUfrNHNqKY+nGG#dAN@~-cGSFTW_`fuT^WrnZ%qW`}? zRqVy8>fsNd6{h((0Q_p;ypwfP30B^+dbe)Hy2&KK$z3?mY<{MWO?ISt+$mn;s|e|j z`^FAfAEbK)-?kuzbZUW+0g#J_i;exhhY)#O+Ja6Hwg1r4mi=5~xBTzs?_$6HdE@`r zh~EF)Ir#fIh=_jCZ;x9S23uG5uUOlq?hj$UevO~RDOS(n!wZv)-qLh8$|?5C%@UqyC zk`h)7o456!)mUvt^7@faN!_s71L0|(|3``g5h?n6PE4YH3CHWl z;@b^l9@G8gZcQ< zu`UgKh#+KER$A$|U)@t5PF&FbKRLq2JWHOna}722f@REsfN43}GLdE3gH!$D zC@JQ|Y_c3&mOrYFgzPXy!QLuVoy!MeVvX1A$RK(E`?^ATmA{4l8$;g}PG0->CdW73 zr0zceu+~u@H$U(Zi+SrE?uOa#E*Ynwf}6a>D$Z}4o zq!Dt7Gu#pRU6ivp1&Eqqa7XyVmiKjICnAEu!WK~XP}%oy(f|Lg4=pe-*La8$L)^mw{mngd?D!>}g4_2JQ!*kQlTnl_7c`nNS6W(^jOBqdm~) zGrno6r(thQwb#lV#`rqB?dR}`BZ9V~tynX&;8S%|PceQfuCR7J809`LV+=$jVN^JF+Lkw!xHM&LY*nsc zb>9WzaT9mS(0?RP3342$#^e zClPCY>){Mbaj)q0)=`9y`PPS8s-;VxvHZOP&9G7xarcZqfF$ z&#@$g|Fn4Hh^c6d%6Moa2=IYMXtJWemY7(9A#u_R{XfRTkbHAsuo}L5Wjdd~d>e%N ze|-eAw9b00p%31eV;s;6S2^~$74u$7>@?2!$ZW@j(*QF! zEI=p`gKw-r%~Fb`u0ZS*29L~-wP|ElR)DDtD4%JChfnPmRlb}e6(Q2O#hr^Is4GtG zIm26FK|XV6F_`*9MOY`-%iPH5)43gmN3$$C>Bhk32+(eFYC!LLD0m9z!lfReS~F! z{%q+lEx~d%2BwZM^#b!f{6%B+%*z}Iim3*Idc6$h$Qu65m-#o7gTDdimwW~$4k-#U zd@uV}DVF$;yZc|(1$$@pAAsQK@O#X2C0KtOl<*&&^zSeGuNWn15ifh82FjuPUsycbA5!_>=}J2)GQtc_`Gt>#9+f%_ z1r?P>8g3MbzKuw$$Lw_rZmM2?6=p#C4&zGmJ3MhmOn@+va@$i%t#EUj1%g;f2o@GG zy&s|m-iC>eQs<2rOeErQ*$M8~fzb)dFH22t$;^*#$QCmu(aK2PlPnewnZr^`nheTt z4#tMhLN+Ny$YP<@LPSqD_fI$Xb^>!{tOTLIlwbTHt8e<$O1);zgomZ@+b;hgDc=d) z8McP3YcPzvYgH7kCm?HLCa{9fx6yvXqXbAAht=TDVQy}BC0Y5cr{Kgx3=Q}qsV~ik za68BW>v#ld_Py@O0=>n2tMSngObYV2zA(1f7})*qHm@L}&5P@tRgP)b>1&3wkkDnj>1cM{Ps5l%9B+-68Y04j`(o5?w}1}vk2Mc+eKr&#Sn`0Wcr|e4S-r?t z-?fN(KU*5zL2&=l$C0{A7xFv497Wb%4&#iNF~8lkn7VKmm8B9YvcR!x#CuB@TEsXd z`QMwB|IQJx4LF!&Zo!P^RsSMe=&s~morS~6HT=ONd1AEd5V`yYk;0vCX$gy@4DyYF zqp|OVeJ3UG@1#`!V#X-bG&c&#TGQSR5Ru&evaXGMmu)7h29h?{bQh$PP?qc3Vbf@Y zW>SiSsxYUSq%Z~mJdnPhoDg_?MR@rAHmJ@Ja0rmYkNOzO%GaNA=^%^;Yt+fpaxZwP z@sQx`Gkyz(#A6}v95vRrJ!D0GG=j{J{UI8->PRKY@$=~R#%PyiDO+&A)lj55v+{~-J!j&*sK#l)}26VB%0?+Y;d3QnxsO}AZn(N#ZR-{>or}ccdXu3<29m$dhAj> zs+!Yl^}5;eOzWobh18N(J`a%@i}XbnKn44&c!TSaQ}aT8x`E9N3qv$GPY8*|8FM$=$P z$zgKiDVf+t*h-E@L;nFKAW#MYzi-)}-%+CTazv=6`}^U_JJJf6cIdBN!R&Igm>nj= zh;yZtdn5al%N+~U>Bvtts@j;^9Rnj$aGY$H>GxI(I-H@}<_Qz*=dN4KHrTxb-j`pP zu(0)+Ig95cKAnB}fRro!F_W>is6&a`Jqu$DAQtIZb7PN^YmuN4X+l#y-FXA((Kcas zlx86}*~irX2WK5zKL5YBh3YOnO_x?B$URYPf?R|n3EhTNqFlqr=vMho;;H4pojDTh zUNDGLyja4CvM&o#zBDB!wvNU$=qWLJ&Ig~8kyS2{ee77i68&IMkjru1=Uh-#Sw-OD z4EEJJph=d5H`&62M)S$o z^CB3ToGT|YYM}g>hR@33Tz|%W!FV#ODs3+NmAwF3FONe|u9_9ynU~b^`=XAn3m(FR zm=L46Y&o)mUWC8+gaAESth!E6Kv@pN#`uY5P;Qo~!Ut2yFxXac4}~+BTi5*PPtqAh zF-?vMx;aSDai$LEb0-&tXu>z=IW^nL4=z;p`T^+oM=qc;g?nYsY;@Y z(lLx8JJRrWI+LI5QWomkc^{i6(feV@`0AdXZ%x2L~=vb3>P5^D@3Po8wl1(LU}GnANTdEA6WI*cn8&V*NKJdzGj z*p@>VG+8k~x2+06D;2L_$KV7^6t)f4rwG@_FRX@)C|iOAlt+l-GO>|I;|CZK{FN$} zb;#p8Kwa5!02y8EI0WC=d4Meto^5DC3>r%i1ZG-8GI;2`0O~C4d_yY6KNd(7H@<%= z+8L1^Ng*L#5gm-C!B<2lW>HYvir7m~K`?`p`Pt&$MS@B!gpDHr28m*TPs;IC>V4PV zCYz{S*%+e$$)FJqN;+~Ol}~61@k=xPR;@)Z!URG4v~FO*VHmCi$q|q-XFFq zJ0G7HT6Fs7O$zD-ei-!t{_8@^nw!ylm-#pUB={~KccX=ZO67=$n%oBcd>zUxJ;K%J zM4CCi;{NI}L{DC9orxLTs}6DcP^=N^WI&H4q7tjNR>NTgZCQ&cRLt(=*OB&BN;{d= zQ0&)CYNvGi0ssX-&n=YNyAU_ylTjT!FA?@Dy2HR=oXNKZ8l%B|O**+XO!A1r2c#xc zO&t^K2Wk>WZGKnYh`F68p+@(N;dx3LVsSgyPUn9BT|5~IH!6MS4pp^O zo=8dJ%`C3a`>jFIB{lMxRA0??FdWiN^tl3(0kxb71qb!5$l~zUPKC>JvTs8TbzwM+ zpCc??#c;XQk^Jr_;4mq1Ynq$*F$j*wmfBAgC&eOZI(F3jioSL5TbZR$x3Ujz zX53wO^cmd`9e!0)9qrBE=ZT)91rn-lyoEgerJ@<8?9``riCS>__WCQwEbGi>!KouP zFT7!4fAQN=jYEcC`OemJHH_Ywo9?f>H|A90);jNUT?0Q?6Z2{3wP}#>&&JmW=W9Vy zUNC_JmTSvkb7@%KM(S<#lh(EKw>v;Y^f*dQLYE0#e{lkLR#{p%kUAJ`db?P+3 zfSI{sA?1595McV9m-Rhs^k9FnQ@*h%d42-NKG_+ga|` zvLwj4ZgnByKqRN6_B~m0_(>ZL>Y}t>e=4zsPvmg3{=E7XjAHo%Gi-NCLz&V_%xEMmhgsmH6MGHn@_=RX9Pj!PO`4o~66$@J?7s?W69(?R(+RL&qb> zONU!4mLj`@^W-VKm*$psh|l}ycH?Wpi*v?HUiGzpj`yg)rjOgIm!63QL{PDD82%cj zi!#>=C}b%r#d6S=Vs>rw>&ieYneI?EIK{)IxD%`9O0$7~O5l$7t4#;!!BToRUbEOh zj314H@#oG76LX#-lw1r_U;@0^=3iaPC?BZ?R*urvCv=g zI0K=I%PiRguyBGQGncDvk{HN0;RC|~#sUP#Qmo-ip)@y)sbDgJy--i+t^eR||5vB> z-@TcySz8QP&q*d~FIEFgs+#ucer&NBY3064h!waJB$eRDSdzt<{v}kG1CmE)d+D^U z!X{_{dHhLSN62n>nZHDr2^NA=G9|rb!?Ud zcafNpL%)VN6d9b|I1fp3YFZb`YJn9BdF#~q*9f6@9dzJC6d@yPD@0%Rf_3w_)>y$< zdNVS>aY{%GfF9J3flMS|176+$z*c&HR4yM}tTvd&;KHTH!HZBHCG;VtU-pGj^Q? zTXr-dU9n#?vR+wVzMj;oP-(c!s-}9;;W62X=|SCP5Ky9b7BlCoc{`0QEeR>)4J`~P zC_v<#lL~G$3s>&kyH*|K=1thWzVT&5t3N9xubZ9}d+(G?Z$Evwusk{G@JbW0Ls}6~ zLIJJ(^5aizYyvY&dAh28_(?j`6yp*(q;Pe=&S}!r5F_`KS(w_A%wA93xhp3M$^;Fl zCQ!ELKp&T@ZSKz(Z6)!8cA(31&l^mC+fB3)^3%$szkcWb4IdbXx{$DkfnDKyMoEge zajieRPTalUD)h4cC3jW#b4S{E%T(elXA#i4OMbFmKqhXQz4#b+wgP+L3dJJ>nt|rb zD1=nVIq{^n3m+jof76qzCI}*xQn!GXr;ETarqXMDacge(ylQ38F6!bw$55dm@43X! z+1RGj|Div=mnf&&>H&K*k3J`KKl4%Y1jE}kqhjDuhY~0v@VS;z>{qq-ilJEe(m<@`4DMPzHy=B#rQzWJR#hW&ImkzvT0m(Gdhqyy+hibuDzOE2k- zaJLBbrj_G2awr(LQtj*|fzm8I3tC+ytFO-0dtn|DGSK-0=xpK}7LdtJz05Av1KwjkNzZkbQq zSHny$_@&z(@$Y|J*E|~~JCcb$x{Pv_nNIeyd=7X3uIN4f0rb9hZFi_MSDfBV94xPh zus?YxaSzYGF>YmR3pI3Dqe*>poN(h@?ij7p2jIk%Fas+!m*(~v}hCduuJxfKUf+$3AbZ)fE3R8a{OYc&WEq>7|GDW^nBW$1}#iJ zoHQRD+yyM>-h#+%on1@O&aoH!?SUsj?(AePr`I64EO52B+w#ZG$j6=R`4ag>GaP^6 zU}d_0jB}C;gU_|@gwGv2^rY-ik7Ej#e3TrEW^g=33K_Wt zjnEnyIo+iZa`5z!*Ynr|31aAaWNWZ35>ggx`G(wF=%upg0`FKOd*LV269Q+P6X?P< zH6g}wWf=|8CD>Rfq8vVQ+D7@(IFsu;S+mR$Fjw42w04q|q_CEnqcva>U3N8A5Jc$v z7%Uqpep9fol08w9C<$P*MV8J30MrPy*rw01Qp;}8ggVEQ4BZy3P3f)u&%LGFPO~xX zY{TC?$Lp>ex_aXj$SZ*peyFmT1hZBgH+yUGinn|IpyNS_nn1ev&kTSdBLZ$HJHfA3 z@u|k83SxXfo2BIOKE)51r=Vb)b~TD^7NQoFgNfADr2NX$s|-@`Kk!(Z6MwKL z4YDcIX*Q;`^qL)s`~h(Dc2+GU6jXXI?<4(bwOfE=5{oR_| z^YX_&HAQcI>vmZ`_e8LycO+x_TUZtHJveOyhNohv>dFxP$VSq~f%q5>1EL}DqC-8R z189PV$o*4D>)<#Zm_vN)FYq)`;H$VX?33CyofLcu1aW~VO;jpBj06oS4d#FX8Ki@LMwgoL<3M5zcJNbC zA0y#gw#hwBbNTj+2IE)lZPiD(o?xVWWfm^aauJ-$C+AxJ078&Vb8%VHSS@3QRNRN5 zdpoaSR!AZ9owGCM%Y89f-!wik%mEYH;K z&j~9oY^L$Y3(7ZZGJf54 z*E*w!)Ot3BWAdjB#)K}~2oU4?L#^?37gbnHmjwh`KkGd1U4Khe5^h{%hx1l}(NA~! z|LP3>1K5I%{XnUj2?}WY!kNLqBUsvbNx&{!t{`|=Vwv=UnNZ+g%5WPM<`uClMN~F^ zEO}_|r4!gGChNdj$c>(=cg{^&c8IcDKQ8~NRPs3T15F7o`qoZ~^On~(f=SO_E;wIz z*&Mjo>9pCK<(!%2(`oT^t;47@oV{Wx8~$p(c)eOp((C9I3rzc^*p1WB>%CmJ?ouM8 zb;8?u_K{(M*7DL5eH~@k`7Ah^ZE#p135)wPAv0-1Jr-N-1hEr3aZc3W)#MiPo;K{O zJ@B@c+Tfmr{@LO7ayOJ%42tG>6cFa6HyZH~`T*I&2@V@jsFIc9>ey;nNDDz>X z{VWNkZu3+)R$kM%F(W-9#^NJ)ZrhPy^z`Epu`_--=iA=3dm~7BhGZhh3#L|y>HC_! z6nBErf)naGzuYG=Jw3Z1;u2J~wO@Pj`S7GNOb}VF-w*uBW9Bm^8i^lV_Es*a0yiDr z?ejW-vwr}Vksm8lO-z;ea&t`kOe{=w2CIAu@8RMOUVtCkNzbo2LF-et)w2W*e*o)G z#0k|8#J>EMZLh$ulLpawuC{s}*De-K1UP=_gl2kLvl5?-hip)n1{jmt->h-?*VtP6 z`W_C6HMF$aY9Ui`m-oCUj>Dzbe!0u!8C zUd6`vvWwVsC%RVvc%gu zwf269jp>|cktJv1X)QXVhgfM5HinWP6b#nTdjHPdQIMLA7y1V<6Y_QB$}P`kt5k}I zNUr+6R`urP4C~{b^=Fwoq>F0$)|`cd_LtaJ%dIfKR?zIdX>SrK-&;z^W$!**^VLy4 zECp}7UWmk0_)#K+|Hi-+jMvpfZGyg7d3h*$>ZKt$G9+{5GgwiW`N7n!>bV|od3)IU zI$PyP!N;^v_U(%O)~xgAbJd&Zed@Q}l?N6utzqDY^Wm-r`*M%Rh1u5V49X7&3ds#J zDc=*U6L|{kYEtbK6k+dwC^6(IN3joYZhoe7VMdv04DfD3#fOKsTjERY9L66KM@SW> zzz%E%NFF-b2$nWb-4JW&W#=InZuh1Qb2Huyd&IRXB}*q<4vRQ8H|cMjq8)=ZO~-`$ zcJ6bc&Qtx6g_?#avn>v|UU}PrD^zHDQ&$_*E3M@Wq_J zr!&>8I}~JcM}8e8kJeL5(-pG^jG^)i4YSU`>)Bug_J_rr7@=<+g!1QMj9+yQ4ohEH zvio#y1HZ0N=}hLivKrzq%3a0br{|bh(9-OGbnI-o@H6+CS!-Qgx@g>QTCCC|isor9 zO--I1DJcZa|Ivez*y{z)3$YG?NdqMYR>8fAc~=44OmW1|3pAfLKd zdUpwQ`Prb59g%Q~Y6swPgxH$+4&uL~g;W|t_b|hq!&%DMpBKjOoO~SP)KwIEV|=;= zzG+`&`eJEcN90xe6?V@xDS5OI=j5&PTmJz}7;qx%*l%fX*cO;{r$-JY5Y$dAWQE62 zTFi}W%{){I7ihG2S>^vzkyX%SM+j6Fn1bASwJu-iH!`Q&C%vyzY@m9H#SbY90!v}W z@J$TP(ur6isDm=J#NqSKQri2Fpm0j~NR&ISQ>O2slF`9>)S=R~0+a_zR1FqtNK7)n z;Hw-~=}}c}TGz&I+D;iv?B|&)9Z{+KSrVD7S;mkO&Eib>3Gsc;2aQFkXF}oL_eYe+ zM{t54rS|y<43=hk^jK57M#zZIwxi2N}UbwRi44aA=Gp%)mLaW z4#p2c0>$?P1_XCKDp#R&UZPzz`) zso_Z1H`Z0aL+u*V^sVVKNa^D!H`X_Xu$ZBTBC*11t-K?mB!a_qcsru#3d!m$M&w~E zAJyPDkx3~7*(ifWAcN_&K}^u_3LKqaiO|k!;AJPwL~wXCNLoS6{sX40ge)}#cG29X z1B+}1<)bbDz=H19gdY}*d+S5A(eDKgryMfO{VfJ)Iy75PV~vU7!EW42(23na;t$vu zJ>O#T0Mb%1Ml4~EQ)ZAGQOxKeF5wS+H%;v^Mq0J0gCkaOr3@vcS}@S^sx8yy$C-d{ zl}?1Rh56-#dP;C%JW9;f=KxKKR9LC_jfxwR!yB3#LlKWPykN()I0&p1;xHNH7rAqv zBGK=-1I)l8wm-b;VZ0ODI0efa3;fLyK~lfImWo}Tw49B`!wAMrWC(ojVWtIki95q* zryFugpN0;{{m#CyR83PQc`l&0K0u92n+wMEG+4;*$K~bp;Yc8-kFo;IAp3uY2>3ET zx4X=IRQbY9L|Kw*_mfYVc&jOLq~=E5L`wN9A7SZi${5c$BjG1y)@8*|_@_`(<6%N) z!C86@8H<4trDcjAFA3NvRBWpIIp!_uXP}f9fPP~iznaY1b z2Mvaut*2L2W`cx1{ChYbMJO%7E^%Dt&&9_DzaVbg6ROferFQDiqADRf-l}?$kyW>c zoi#qY4=VW20vv%@+QKv)sb)rD+B~@!R{(U#3{+F35Ti;Po_=d@JKOwfja_XP*u?+ zQ5)pfCjrchaUpdrc#XCOX9pY(*#_-=CwuOA(OQfLoQdlg0^TNFz9Lw{+RM@$jtYc$)HFVKI3jlu=#fMHcrk2t zbRZ(lnkpaN&+T}!99rynoB$roYG)ihJ+63L=#jp8O?N*8we7GhX1TLwICd&0ui?vYnhmY+2QY7aq{hce#5OS^h~<*oJ9u-SLvesb|I1?#$%lf*Bpj%lVKklfL(JKw%HYkNkfu5IMX z=fn&inEC*JkyTz5QGL zX=N#i+)UHPS!w+0O6Ks@IjzHPMuX(%)W+?m$Bjv^BM@HEjh%+wR9jO7Lb?DcP2{Jx ztz0X7-r>o|t%&~GN9xmbt9&h8Ff9RQ**ZK#q+qHA`?qsj>WgZHWv({AH z!^+P}(YE>;o1^K+8263|eN2yp`W>IHJi;an1AoT)sxilAD>nnccmfYVJH*CH?IcQ**wS!eO${7jyB@Vp~ajS1~C(38MB~;4sZjx5pw} z{9(b>AOV6>oQ%E)@~kV)Y6$qBipe?^5I0uZ%_X+v>MQd3;_v0uwiF|8rJR8k<$Q5= zNftmXQ_e}&Eis(io#j?fI`!=AFI&%2o1R^QtscU8j*fVDe3kEuxH~9+0F_ZZ0=vWZ zaXGeF`z?$CpnncI{#!eZokEkL5K9$rG=!oJ!7N%ORuQ?KBxAh)g`J6whZaFuEB1UH zArP$G7JMSwg?H&yPAZ`~%4N1Q(|(ap@8B z&Q1#kAH`6^mERwQq`^9ANq+mP0Xqx7UrDL_qUE}8=tZwitbEZhx`(JYo|5xD?ixPA zg>UR&+P{t|8; zv+ZnMBt?R5hkJR`)P%wZWtcw4o^J!wduNTFzz$?@^kBkKJ4*OT&ht`ZpgA!3+NC^g zyof+qfT9M~y^keiJXQ{;N`?9*o&H2(z%Id1nJ+%r)g9$|K`0TCnehWHa~UmlhH{Mu z0UHFBDI}`4r9b6fOwb5zsN-i7%#d7+{V_II4bo_X+LQST3#s{>vL!gll?5FKiVPV! zO$+G51$e7W!bGbuXEww#B>x;G4tVi^P|uac0XAI5rK4tJlXG3drh<1jUN;5)t=)~a zQY7==H7oA=_2XiLiNxoQTF?B6Cyx}TTti~fk_-6A1m-+9o1z0#96P({0nxi9YhlZw z`va4QzeIqkS)+6XURHF*PF1qSR`H zB`~Ivu}xW~7>N$0OfS|jFE^0OA}hJpP#35&8Rw8}I`ZtslVCBr7sKh<4qw7%^f&Kq z0tA!dhZbr%R$V&%USy}lwb8E@{8`E-Xue}62@(d&)6MUpm^j)_`XCrL>{)-zZ_PRN z56w5LDS^{B58XRI-z-t{fs9-ZtSwSazHk~_j-c{LYGop10W9$={V#VA6_;T?!;@k+D(h*1+1u>~Wp+9`%f)@8%)1 ztTh8l4}Z;dL}r-D$y4y~MDL4DKN$$#M9?ppQ~885x9r@i2Fq3eQsFSJaxjGr!x7~C zfP%~h6b|@kJMjllVPYp~Nphp3ySg|7Y*GuYwdK=!v;yl1^W!NEvss6u-XwB4wPI%2 zB~gQP4b*Lr@5co*zVsZzRfYtiB-;|zQF_bAnk`d(<$Wr6k&iSzDLUDYW^4L&`@I6S zSwKAVA(oTwn>vXczCg~TR}OOq_V8PX_(-5HKaLVUCqeoIyFRK*t~(F@)5ow?&Vf#h zO51l;x_0dCz??v7ASSJ1C0>>RQpm4me5B$8hFuq~7b8tT6J!Aq8C1D8hKO=PK`*nU zz~+tbIm@B7X`xed{7^SA2u;2CF#dYww!HWzk}QmOhAA)|MyYkP0i@ zT3+4~KA7_96&2Qnd}LFZ>E0%wwHAI*w%|;Fw2>v@A-}P zw5x+d4_VXyGyVkRXQ>b42ql{y(BW0#4J8Ux-#pBthli~kip?JkwR*VEL!uANyhHP1)E@Eg&=dO_l<{-jekYulo??*ooCEq!si1J zT>TA|z<@1qCEK|{7&>SFJRjV9^{1c1gu8Kr;5{K!#m5cF+_ph@yhVAa@xm^!95oG1 z`q9ix2)en@e$hDPOwEA1=pFIrtIA{DbKBiti~0U;cmI>BpnrxT*e0K;acEo{pzmC6 zqHL?qt^(+4^Fu^pHfWp$Qr4wv#>YEn9rCfKLGlgy_;m9I?(_^-Ab|MvFMbcSl*1hr5_fz$9udkYFXj+j@8(&P^ z&~7YMx~HstA%py=L-H%D^`nZ=sllvmHQAF-D&5r!FbtM|l&sm&`~LFsrAx%wi#K`? z#cABNs?;*T^7E{sxwbSagm)BKheHpw!*b#yQp_p&UR6h?OW8fx!S`1iM*{Vy5eePB z+n&=h@e8@F+D$r1dJg|gHKFuPn&nP^JWGaHFq50jg zw)g^EKK#qa+q2f-W2kj&=7h&&lM<`dTG@7rzUpbTJk)eo6I<#&F9Jmcsd&!!YB|T{R9J5w8OP(v}1Jq>u)*q*Pd7fpg9yiFb+y>eB;u^Ys{Dn$s72v_c(R%UlT8p1zHs6J>qxp#N1@9ph9aE*7K zPg;8F8285Mx(rs%hS`RGcyu(WO0H^?)S!LHu~^8Sb_RCE1K9&7I@6MiBPdM~r3%Z`fWB37?Y;@ePk$H83pP)i)gublGNuLU~^hVrb5(~_(Wh%<3l7=*BEJH16@&% zF6bk>9|cK<8s5LnoaSxII{caRYG+6Be(Wwff$Tn=*)B_CLzs3Q>oOwaQ948B=u1n} z+DTl}8<%@b;RkDX9uW7vMtAh7rvhIo57VRNv#{$R=hr7gS|OKNg$$ENt}$l;ql|!# zLstLt^QGE*wXMJ$MqMVg%o83IMLItj2mq&3K`If^)iB%5IMG$(g?8?ZebatRMHbN7 zw(0hW@A$?< zQZV7b5&2lTby_Pq@whHOSa=p$E6kTDfxZstKCCq5tvn|^Q=Qv%jy`*AJK8bNx9m9E zxqbP#Jeax6F7wRCv0dcDh!Uy+e^>AiTzUU!c*T6UqJpgwTUD;c$rW}29BYT!A;-x> z;T;BsF(AhwB*q@ieF;oc>Y59IE4O$8keH^%C=@Nx@WnIeNfE`g0RH;0AwUFxjY*9H zwG7qjs3HhjP`89G;~)(U<>DJ+=ilr%u37{MM{%grgdZh2j!V5B4@Kk(#Fk>Pq5{`E zhdc}fx05ttEQL2VR__$svk!#h&?ACP%{Y@CjtRV#t;G@@O0rq%H6n+BSt9!H*+}Zb z;zR)PDFWB-z@>a5wHl)bJ2De{KhZbb{D`u@|397T)a|5BuwrbXaE?mb&j1`T>Y%4+ zECtIb(dn5df2@Eytg|1F7W)lZsXoTOH!`Xp7EJAGTGHPXVVkw}%BiHgGL_oswwB(C zlF3J(gkNRv@_u}K)!!l}NXea&qg2p{Su8yBG{!{{JACoU`NAIgq<&p2)k7Wusn%H! zEn0=OSEk}PHmsKGuItW|liugeOvS^mUcU}_i1S&5|3pKKw2+i!Mx?s5;|J)YylQElC zqDd9k)JQZQUZw0(+*ZD3h}grfJJW_x97{$r}JUgsaj|4v;X#! zLdzI5s%#vFH?MkB)QOO7|CirB6DV|VHA4hKPIvKYyy<2Q$1icZ*2+$gc)vUAWL{PV z#S5;W_{gDS>7{TQ#)j7p3-x0|WSi%TCKh<2;$F>8pua8EYRWT}5GL4Kz1G@_nDwM- zjDCkRMB`qTpFCfsCg6=-%w}lUT;Veo>luMwfuhhYEg*>~*{)wp9JW9DHKnmG{ZxbR zFI2lPr3_abgK&m$d7&|F-y^}fshAc7h6NQs#o2FX%#~&klSoWs`hSn#6#Q(gAEhf@A#1+K+fuW}Do)9lt!TbB=+rCX(^u|aIO;wUcFb9=Qpd5+=5o2Q9YhINv+MD8kSD#>$IdF$Pr<~J<7=+O}?Kl1$PtA}c zhw$SCH33pag(4oil9UMxz)W~hN|_Kjqq)APO)+KP5!OU5XJ0R8Tt=Z9=MY*CRYfyh zQI=1xI+&@8lQDugZpfTmdiJzmo~k~?1Ef)x-=w0IynMaKCm0-R^60I$+AOXfyS{GS z8Q1M##urEl(Angk5xkHn<0V%Qkf(m2jSn zf#JP&ed`!>Sb3C$8*WiiZt#7)Io1$x)~S!VRdy!69vAN>#w8KwLSDEnLFK2}rkYcB zc(yH;iS5M8JOyS@z1i^_atp3VsmCJ%f%{x1NrmV@Za_F8O`4j2s~%CDK?apsx#$=& zrafzySynke0*%7~6iz&^phmmSBYiLLt>{)8DGC-5PZ4JSzQv)=f{|Oi^-^fuy#0in zhun+?r)kUgP>j2ry;}@QXxbeAGmzz#^mQA;g=%O~9s($wfZe(RdeVv~ebMVhL0i^h zd;#jLLT93u(a=<5OpTj<4vLR<>JbvZAKKUz)ZS>)Qm2VxF^u_Rx;51tbnW))YXTC)s+6%EoTpRl{es zlt^h$c}=Yk^8i??8EzC{4`4s7{4|!Y%sDEha-U~c;xjMSL}w1lLwm;2sCGno8qMUP zx#E7IlEgtCu;o!&90 z%LR1wXrjJ(+)-*#C#zfPY@B5zEX!$J|gs&rqIY zB6qV(ur!&=z*Otvi#szV7l;Qhl8Ad9aXZcR?$vT0?YN7^S6u(ycVV+|Ft10;cTW1A zZeb`dd!D%pHXzLUjv@(d!y4-MmNc%^>Kkud3>gD8yu)yX9HOti{ zZc&6$m3+?qT@nAO%kJ*f71)oUZ#Eq;7MLFtkS%(5n2cOd zve~kEZc41b6pJ`aoh#%enZ|5Wzqt$yFv%4%yfk@=(BAiAPI9EqhA6a$S2|#mIMCob zKSoB<5|N%UvJ@-6Hs#J5+XisRioA3u_ABlBrTwM?kD&p8MINw9!jfs-qoL((x!mSM z@+0JK@b(>fRiRN9@Hu8Tz-9UhxEZ{$;S9_I6*>2f7_HLl^gNXB^;s_Ik9Fn~w17oy z`zePD}GTgAlIB(`E36o7wx$roin`l2}t{+aQBpPr|myF1o%Uk6+v0mHPy8;neiWPcm+CQGM}mU8Vbc&dGhgx9tz;@!qg{ zc(o$x4wz1f*S?v`bP+p@L6Y_EL9CW`iFM`)E!VDI<6V+N#*#M>?d8xBnbT*ja9^Bi6m!5s#H4nUkmWQc%{)`wA|!4&$Ju!;>!CD8JZl%GRI`1fkDsK8=D~rPG)FTD`{UD_&2;aLI7JbBrO7*zf_`98a&2AUK|s13;@AX^7j#>X%)9*DgozRi^w-QeLCbDbo8m8 ze)BV`OJ2Qen~n?7i#bbp21N(GGS2%=376%DbS})jVon7_?k#e6M&Xam5&QdWdjoFb}(xna&DPiXBTvVxOmO{Xk$+7J1r5Gd74Y#iI zP^tPLwJrw3526&*Hx_QHYd~lbSem{UW33wwnN>Kki$oJn>|Z0hkvO0Dp#%sWG?ZQE zsW2PPr8jNz#{iPa5dpU^UElco-?-D><@TS+`@K6r>)&=x<_G4(7B00=`33JzK=}1q zZ(9L@IgC!J1YqBVN?~cM0)HcgliFt+Q!-VXzCxC&ht^K&y}ux00(G6A73=8mwHX9# zlvo)oE9*QW=cCB=R*!Q6abcS+_l(}MtD-uemh5^z9G!RO@tjC(_&&0Nzdg#Tj4C_w zCQ>UTi;DPD>*ob+sC5n)Z-cuZ*H2_yH>y&J#{u^qGqP`Se}KD-(`^S_iwlM)lNUCZ z4F^L0CvM{>+xU&-H$rt{ca8{q{?#WF6F>~iN|1fc%O+dq5WQ_eFq(zwHnAtW$3A)y z8vidlP;zu+&nIu&wym{;mP2A8$Ct-r@Mw0S<11K1<-Dt@C1BGQ*mb>?R|6tv3f8m2 zCRgic|3oetEW|f$IQA39cb`VxMj`@Ny~X%v2wxW!j1|jmN7(pE-whd|)uZmOR~{VI zYs#DTPwM=a+GziuU*UVW#ya9^vWH$0q0BZT7*C!!0ZOa@mixi=Y(EjvIg2CG@_OU^`Ki^J_(_lf*IkX)lH|Gm`3S;y{I3BKQ?(X%Gx8g&!w<(kb-Y z0nb{tSRD#Yct>t^H~#UMf-aB zG5))KgogY^vI#CCctPj7)oL`0x~V>{VoilM(Xs@L&pwh900psOM;uIQeBb!QAyXgX z<>93HM8%i~tUwK~{JHJ5iV$p}5Jgl$dYQgrWa$R;8l%AXO=D_In+lV+UY1ErBF_oU z&aDjW2mQ3`o0h{&-!WonfP`hFGP-L-(Rz}%c73g!;O(_ix-H44fQ#EznpXW6gupBe zWM*QBg$2ySFaevHhyWOtD7e2ZfsVJ9PWIYikK!o;BQwCB2DLxqb_aSSBAQB{jZbow4%q znax`h$AYYDXq+_p%~N`qgp;lLmvY{OYxm(?)NFMxFo>aD^)Cn*?zcHljQ^2e{Ua43 z2=j4_M;27RO?LorySrJ!jlWCE=O)76V3topc=u1X?sxLwW6_mR*Q(xm6b3k!3mpn1mQPU} zlH%&B>r%BO(IH1Qc$WV`CgQVxQ5aJuMd6kZm;h-_CsVTv;82DjOOXrVhoU`L!{gBZq;c&S2>2})IK_zQ_ z76!?R9V?HEw97f94s#Mm)R}_A4Xu!~1>LRr;E@p6rRDvzeK1S9dj_)jB*PxwNF|}iwn+EPF1%{fBbJP*k+Dt-qN;Rb=}lPC>Yg!`EdS%Ows{C%w;X0ya57uaiw z$A8A`;K-pid6s|;tvJ}fE_Rwk_9tFuqrXjPq`zp)nz3#jf8C`03&IEadFC_ygl(o* zUF-i7`u%@2GyXSSa)zS>3WWN069G>*d?g>B1aT~!tj}Yw2kR%PyAq+9bFeGvKt0yg zjctmqUG$pbdUZe1lNM4!t1r;qpT}BZnUusG`?2mp$ZII0H_ds-`Uk9Chp7o!o8d`x zBL4bofi3~A)5N<=!RtRS`>u`ky;j+FoP<@lXGihcfMORrkZ zTzhZMXjN@;pUZCYIKI0Wxdd#895&Lc(DBwtS@-t2zvfe6ece`T@D0W&+K6CH#+F+L zErR5HuxUfQC)^|ym~E)T4wD3pC_$`=*N(d+Er-WVf71KC0~`ME8U4Wq_Wq%!QPZId zCii^M6-#xgecqe}M5=Z~le?xg+d+yZVgVMO0RTCQhjhkMu}!XDbHa}hl`?>%!M z7k!!%Ns7D_inRFM1ZNDH0gKZF;o+ko6d!+Qc%+v}>iE&Yo1=3ykMb9HUH4rxvHJAo z@^{NN{i1q4_=~!JzJj-(Mf{U)-VI$Ug@#UiOD001teMm>vvj<%7592Xs_?TY2oErOH6MzGNoqof>W_&Pc_2sdh1n zW^fRhL`Rc6q$&f&Q^+ztvmx-l@8|GNBpgR_=|;H&DkjjDnnH*Q^1VbvI;7FA3qXME znN7wPR3d4FPtQ9eXs~#n`QRu2ij`%%5MK==J}Fr-uBbEvkUN*v!l(ZxK?516DDp5zi+n0E14Lm{-#D zfC06~Qlizd2CZZ&xE|SWf)bfi0tYr?_ujnujQ8QOD`%Nl_>#U1>?C?pKDB)rw*;}F z5p zi+LN80-H96F~u3qXw}qqt@#4R(tid;TscR;bjjoSYOL^F4UhgZIjrLo+pDy#lw2}{ zQ|XBU)q5QK1~f&sBVP?NMYZVl*18i8*XlBc-UW=Mf{}DhLB|@;M8JgjHycs%6$60J z(CR&`@nU;iPD2fw5Aa+7%!yVN-|9MSO&OlTVrvhu z%iMy|Cirt_c~^{6q)vne9~bOO9=dz@NNRg@km{Brp56m`gYsNx)I|1q>^B zfq@zw#{?@@bu6@x8;J*d7L39HgpCfo@ro!{rRzSZ(%8w@KZxS46aDPAIQ;D29+N-N z8a+YF!M2}kEyBaQja<4jUp5P(x|j{<~7_N;YauE=E{f))^3n zF73kGRvs{WO77h$NzUVTW9~XXTWNn$IO;TWvS_d*ntKAxG}b_HA{vZiB~V=MEmlMB z#RK{ZxC({pFWodGpl6D4d($&_@!MzA)$GjNO=P>FMKqX=C{rcsHMT z_v^NJ`t!d?3;Y8}RnB&}sKD>?SYmVL_HMrqK9{Zr2{sO5q*zX!OtHSwA*{VxP=#z=W;d`%r8>0EPUB+}>s)J!&Y zUh2LSlu(tQS`hoOWukyay-~ED-=5HY*U`x8+Go6avtNx8XE6K>1REt!$y^&hGuw)@ z;aL)Eo0B7u6HUX$_;l(su}KeVj{m+r!)LKwGpeLVz8Y})7S^lBE#iH$;mn__OBYzi z@)hPUh>H59+uX~2bkyK)qJ{G}@IcR>s@V87TPB@?+=d;oc}HtI)b~1xBB$sw{FseB zR-jyFQoY;z-FlCUr;Ztw98m(~8casF)a}`;HXwu$VcaST?GfdxS&JE`Bs%1@v63}` zol+Q`{;?B#;&YXoD?m6rb`oS;m^Z(z6zGsPFk=4~M6Ks-?hGiZDLr^Ppk^w7{|0Zm zuj}G<)5-r}+k92=#yiI|;l;Trstpq##JAEhtLy^+G^UH);5AdXPgglPL1z{i4l%~> zG(6%Aj?KuQ>;KBxI%J(veepVnz)~MoN3v#rs&DSrXtHP?KlBW$+4A$z?S!2B>a`VM zf8MV4-e5INOaE#(p6)F27et&0{mAFw;=YW-7ZUxT-KW~GqE}UdE_!gvZrmclMl+9B z&p1nUxDM&HfXdww&NFMkq<%gC)?j3+0xBFR9(pWQfvtr|tf8UKg~)|?gq+}dzGN#s zigm1r%N`P*14i3yl5mWWv`#Z`taSX;HhlmoOr}|OT@uaAoMU31a&zxvA}2Pkdh~A{ zu3xnr&Gt_FR&Xx11?)T(FdOQ&@O3nBW8%i-fQk9Uwum%j#_F0w%Vjj|-RW;m(w^F3 z;Sly$#Dru((t~nWbC-gt9$Yw3S(NU4N$Q}~C|es8-50)={I=ac%ZyR1A6RQg7adjl ziR1QnF~1iF1}g1L=pL7Lc-E}m$=@uxw(j`HzyLVro+poZG^SbSVEm;1!b+tX$EEH` z&T`d0?yQc4Ag@i^e1KB*>r+b`cAgk74Z=(Di3==fqgof61T%+`8j5K@KMHNNi*9~D z3nq5=d-sxr;WJQ_rDaCAtYB<&i_cW@o~*w>;PTxm>x1AA^-IG$peTN}aOh2CB4GB$ zhkX6p=M91GNy5%5@BWs9-<*=!Qk%oVE*LMj<-1sqj17DO%>q-+}b zl0Z&`Zp}!^L8!41bYdfnAqb3H5Q+01kgua|;<>NY)ZNt9#UUrBNHFI%C;M#L8Mt}% zwDy!|s7JPn%dDu`QsJmLs@qX7m!V5VMZJ%4t;6Q|?<_KrZH^voK`N2a?P1qWErf}S zK#@Hkk?gcQ)Cej)91a#Yiy)^3obusL5+{yJczhHgzl|;5oga84{4L<#Rg3%u8*5Ph z{`zu%l06mEWy)6WRC?;-T(ZRtBrh(X;>J1^T~v#O5M+Fz;PLYD@UB)cBx?OV_VLS> zf4yuY>G@IyAz|-{rVV>D9$11&$-ksGRU0Iu@4&*VCOT-M>_JnXiBpmW9U5AU3ZG)I zpX9qs3@7>Nc%qWQ0qP^8{OpO>l0YO10KNS2;M|rgRUzl$i`C0l$Df_l%=gTrC3`l7YUK( z{@IO!o4{>+9wHPOrEQ+s%5f(wZ7QJks50H}o#flb&nM;%mfAy|vnewLFP{8~D%VRy z7XEyD+4-^t+B~#(iUd3Y@d(gJl3vHZ8ViDj5v?t0wWk;xQ>AhCeD@H-Yp^I>NIXzn z8_g?bPaTcL-KUcTJ>AFG4Y!=XN`^It^ejnA$;)7gQ}s}3y7By3$u^D|U&(Z5fP*l8 zttsYW!pwv=K?9UplHtt@@BCpM4{JJ1m-?-}`5~hGv3Iz%HRn<7ILU;bj57UFJ+TJOrp}K zbOVVrW0Sa#P{egG=a6+fSJP-Y6w0F?fa9!Ar&MWqE$RPI1ZSC2<(3K2-q z6D$K@PFgXSyb!io^$eFR9t3bQOq)x4o23aFnpY|2zH|nfYwPmeU>r~(88|7{o|L2w z(ut$&(AB%3$Tdr|eHg!nym?~YX9*rQ=(5jdZ8$8ecJGHmG+;< zasQj%#J|nQ|B-vCYan!Po=-E^O-?FQ;2Q_6A7YhQ4n`C=ZNqxdrS8~rjE@lA-1!|5 zhzjqPME-R2WnlIshk_#*I>G2NXOP@av5cS-I3Wlb1WlL%?vJ^$-6{Fdj#86Dc_8?PIQR=HAbx zp0fJ5qkbuy+Z`h(Xd3&pyn3#d@-&~d6%f6a7hwBz=#%A=jVCm-nK=2CSa*T^BWY#D z^=OefT7M{Ah0~0U)X{r&qGzkLR)+wmGsFE7?U=kpsh60c&7>R#nQG**LUu4vOZ$$s z;MeGPeX|NjtC;;H+@8AQf}u@ev^|iKZJy=s!7V7akdRT#?eI1+82gQ`?cjd3t^dvE zYumTp7lDhtqX4O|q{27cUSwb+2!*6PM}v5OKOsB$N&NyV#p6apIVpN=YE+bU6{CX--_=glB@uUi7m&tD2rPzZ0FyxA#tU&CoU|Fq%*nr!iOUm6WJpnzE*(WWRKTp z4}L05_o9h`)O_eDJ%K{E=M7bAqEup??JslZ+fRDu9y>~3xv#{61JHZgg4P9g4C%H! ztpRUkE`4BL#~A;Lqac@|=OQC;#DvihFR+2n`u%lWF<+E6bvnwNvE}F}JOae*#)S@q zPwPS$ehPGP^4%>1U0gdFJ|B+cicVf{__{EE+uS`Qsspxp zKXU_%2qs&PT1>MVd%Qq(#@tI}L@$As)CQ}n?tePHh%3jN_`1LH?I7TlvGIbGYZ)=oHJJ^m)-lI-zM5bYHrcYmwA6Fe9%u2>erjz`cvnD&;Fb2**%>d4nVmkCNHr5?9+0H=|EK}eBOtLeTJKc>m;PI^u11)FkjsdOi?meZEVmPPOBcwkc#ICb&*v8BNxBn&uGU&_!!r-=}a90e0& z;hm$XA@q%*tGZ_Jtl_(Q+wET5ijyYNDx9k|elQx_N@_ZKAj-m~JdS@&ODvX$)l|Z1 zE6?`@Px>%cQ^&Yh5Yhyo*GQTN7ZPBRzOwkXa(*2%YBhK!;n=Cj5-j%MSI}d-w&&jp zVX8m{F8YDZ+QJM}g$R#sm1469p;%kdS-AT7JCS#O5Vd4dSH`cZ(vUKGmK}9BET~Q4 zt-Q-waH$bFb4#0O!$SjE_c`^>=w z3Z+llT2j60Q^ME5`8e~5stDZD_#I|XduqaU^pTW>V@NTT(K;9E?@b4oLw<{cP>$}( zKHNaG0obn6kbhu_fO&ssI}`6$vv5EDjt=mrX)$xMgA+fie<%GEkw+T`l%L!28K0&} za9eoHO_p}0>2RZqVKLcAdb~I%P`s0xD-PAeWF(FAxCh%i+tI<_u(m4ki(kBjU z>XCHmM^WCFRPiCEjd~DTEl#b$C-#Z)A7&1>oh&t)g&?Ty)Wm;K7W=hdX752^Ki67< zAGAH0v(WJiM8x|AVBmlVK2Nnf7=rSXeIPKq;%Ff>#`tTNnw zP#{nB?s!}I_(!y`!6506R1yaIX(pR3CeQ9@?YISl<-w$W7uD5Yrn^F6v>d3@00NXg44E0>k0L4NL&uMb>o2@( zEBs5=#0@{5RzSOa~VsgOt+xz zI%=lbx&P#U`N#0bR)g_|a~f&golV36_|#nz9VWMq_#5_|k0V++D%t+^Xs5Z%DP=;Y?%*tiQx- zD7B>nf9Mr{Ii%bDmTWDe`(a9S(ON{zo;#sMr_bz5h#BHJ=Vz>Z6X#hhn@J=p(mHTO z5awFYUj-4)8d>M;ecBVym+9DkTH`#9@GGHXX*uTOhid9qkm2Sbw?p8?bJGLlX3%`s z>=xO=7f#o$h7)J!B>VO&7l+#-*@t-RjZ2~TROPk6Iz@|mo)HEI(}htu_@QGIksE20 zrVlb_dh6RSC*;V-A?vKXt-3T?n690QYXlRRZVy}|VC7FE=i9#B&ACGI!g;Wa^&}Ahv z)+;M>#tgYlB~W^Zqv#I`dcr~s`h{^AY>osm`~WG?GV@wtz7BoNzSbVQn7(V*uCzOU1sDa6%l#weR}7CRafg zeNBH}}Pvy1eplxN7?!lSS zjm_AEZ{PGr%+wr{Hdc1rDi7&)tW-P!OJ?G^>ow{-^_|l4i79QEZt@Vr?qYgeFmK(U zK(0|G7&j>hahNo7ODo4H`C@b2@s~~E{gloL<#r!eA34^ooOe^O^v%{v@Ql~5icbi) zE5Y9FGkk(rQ6el#W)^@7i>EARuS;rN%N?m~QnVZeheC#!kXptr5ECH7^_TP{WX?iFmjoDI zyfdL8>nR`hJ9OlVVc33MC2p57J(5OE1OjFLPJFkGDmYu~-f)W0|Y%P&6~%pay?+VP2sL7jm|J8g6{{IjpqZ@1&^1Bf9-?4cjiLCwqK}}f;RSgMBOw8HrlHo8WkR!^g+lF z+l&Y`wGk-kRslYK>{_I4h*x9Qy-uQkAnq|mhG;>UOP2c+rIw}8108&r1QCle9^K`U z(8n+cy5SbN%Gio%=~J{3(~uH_EFlOetr&9__@fe>=yY5~tc(W2PNgwF@(?9LNw32D zR8-Q`2I7R1$7hD^X6t*1RU=D7OxSK#sA-4`W+0+O%s76ANRSE_LM6IBcG@CInUt?N zaW6ruO52ps@?k7Y9R}BzLUB@Hrz7HnMzVCNwEGDTU1VQw2cjNujHsD*wgS3NAH=a% zf3J2leTH|h3&?l*;qj`CcC7m>uv>llP)$13aN{^*b>6zmNWlN`0jUoS= zBxs8e!iN^DEzVI@a-%E}f!!0+Etj+9Ig(V&B|F@6ZlPf_OTM-*G-hDri4FF!{?Ig- z2y)So#6JqPE#eaBe&IIt+;=^`EpoRXuo-!o%=&u0e~eUP3V3buKhXWJ#CurL)~Kwm zeRmA%AFM*(ss@t0(=DGq4jFS`25#IE5Y(G&7-)aJM{v9b`kpQhME&3HI3!>?@8==? zNmmqo$YCDXXar6t#1xlBm_ZX;K`*Pw%$LK0E}O)61ebs zMTVIJDy7R8F$Jt-x`}}ef*IjjdO8$>5PaU zK{+%(9eElEIB>M|P+6v`Bt3GOsN3VcBt&wI7nX#UwfNOX#a*W%WcKj#h%L)vQA}cC zdzqGh)-AfXD==Dnu^qP{ZpGusaWno=7eJ#^LhRzUq4{?338F`~XRjgo%6pokhf>hF z?2{BH$<5%T5+BJbL30IA)sdz?wx3JG0>PQ0OO63IL3xYd6w+_8<|H}yH1%S};%_YA_P0^5 zhH)H`1U*!<(sU$tY_^^eqySHdPKE?D3Tky!7Q%^y+UVZeu2>Z$*Qi)FvRPy`)5E{! zY~yth(dB{izxc(L&KGv%~bk<$_-z#Gx({3ddB3`eQlhE9BC1A2UpIH z>}c-R559yQ#}~I(QgyFhHUueZ=HMfG!~RxSG;XFJQk~}*$7~*#U=Ccgs-&=$0$Nni z8*Y319&j!s5uFpx(A^@3FoYm6K*TW`-{Ulw!be%+V~9sUb3)9sxTFZ4Ky+IK90r)a z*aZ0F_rdf27aCaqVIuv%F@9k2^F73lNbZ^tA5P^-oSTSr z*+^BHO9`xJ&UH!T_Sg|le=yXfxC#8?klBA|O)239mi{3ua4Q2pEj$+1P)d6DFhwYErjq##K)!Mg34BY{^er zgScg2qfBB5?CZW$9UNDW aX%Pn)^JN#mVu5$GJ5FjRMmDQhf!3VQAnp@HJL15sm zh?NmZ(=Cnc3CtaX7{1b4{cDfUsD3@L<>m z!=#Vil>^L(YT9_+gX4e_)Mh|jT{h3D!JN@)WJiNval_*s1Di?S!b7>lHG9=5=Aa<3 z#tPnGZB5P|!$^n^#G?*oI2&G~!JrzG#?G9h)?MBrkTI%b(l%E zCyxgEjQ*@4I(1K+ZO*rh`t3MUFB}q2$opueZp(KRoQ3-RwUy;T&^(4svSxo1tC$Tw zc8jAWUSAQJmNv!^>u7pPA-4WknG8kNi9okM-POHA#3{6KYhDwbqXE6rH2xppq7+ws zR)e4@U;;I>LU|bHZc@i-sTFU#t-^fPnKzs^2H%T#G$*$Y`s@nsX|-GOPW78?07uk^ z+E>xsCV{F^!m)G|YB?v#hR3K7<|%vC%!7~zTn@L2gOWm9)Hf0yRO ziE|RhIoai>H0miMZBmuNzaaFSa``mW;J&cw+)pVg)O#MvTQ@4;RGQPKjTQ@pKzI-T zAf5ncd+g(pQ4^(&w4(^r_!spMWw0rGQM|)sLkJ86C`O!NBVzc|$Oxo&onh-%XKQSH zXUJnIn#esk*vrP^Rhg&`3N#@#4prLC$i&1P3L+kMkxUS!8_yu(`0T1jzSlfh+rLo= zMr!csx?;}Ey{0!Xm2D<4jdHlFx=BznA}M&&7{4yziCLUeMiL7tBk)8iW${I%&`H{+ zNxl#aWx3DIZmebBHo~or=pN?O-|}o0Rvi6l8GmZwc$KJ@M3F(`?-<2e@h*aX?4sUy znlYaoH=->g<pGbuz@|({Cz~x zeL`nod5@BEiSI=oUUT+!k1Dv;u22o36OxEI#s2n_mNPZjNDR?icRJDvK|%0 z4K|c~3Uzk6Kg{g<7aI{2)D!sW8@>~Il2MI^c;<~8A>%JxamrYkTB`oQ1=`N0&`3A?i7&lUEm6L4{NhXfA-cr)DdHg2lSJZ7u(5^ z6TJfJY2JpFVgXXpqKS%awgeNh=tr2m=awpM0f-}hjoUY8gylNL=`)jMUV>GYQ*f|E z3awQG4wigWd902Cs;R6$nig725`0>oL+_$XzUimTSE&;fj@W?X*FjfMWHk*qg#O!l z6-6emT}{uM@H!!t4m52rAoC^Fu3lIlt9$^ZQG{^PHbb?NyPW&`=3^L3+JXvKvj^3= z}KPEZR06c#f z|9!Mj=JPr13oLpjpEfe8#V|TFB@~B+C%=XLWEHEzQdv-2Two0spA}tT+WDA)@7Pwu zny1`E%W$xL=t0%Sgn&DYzjY4W|db~-tJFSHkqO5AxNkoQbEMh}Ba6_0;(JZLnnDgEX z04>U+4Ks=zJ9&K{$;p?GsHHdK6m}Nod2jmI=RAB7w_YdSyRE?3a143~r=9Z9j&W#C zGPjCV!LVkmxTFx(%BcY<+X^roCx-zDRxdfB);HGmX<`)d5<2E+llQu8+TyvGm2^Ovl*J z=z0Xaof51HWv;Ah$!oe^BD0{ZQ6u&jf&4%{P%`r0{B$_xwUTnnGfWygI>ynf9wrRg zK^aWLL5s~hMVObe0#vaRe-oX^c}gJ?A=7`Ul_g-Ow0cN_t7Q_lWwg>yXb=2Iou#iK zW4ApuMZduITKO;$W5dM!j?*8^YQ97&g+kK+Th zIpXp;@-ko(NZmqy(>E>m)`SZ2C2$v+h7;3AIM*NHWqxszr}@r3(>FqY25!RqcjcfA z42)+cJ6-!mKQj;eIegS!C?(|DOGsK*#1 z)WybYVk@}SzB!1bp=N6`m8;kK(m}Mapv6=QYC=a_Qk_=RV5f~YtQU|vyOXGN&y}`V z!?&x+v(t_DvCmeelVUtrb84#RFfXyN{rAy+oPbW-mWxGR($G5QB znQF-7vZqg~+ZGud%51it(U@nL3$U8G5L-`l&o&pe{Qgv~`)gR&L$-!S51`=aX7OAW z(f+t~Z*?~GSd%D)6;*nm(vG$m#Nr556Y2#CjkKRxpX8Q;oSNQt!#_g~?D_M&Y+~eb z6W)rjMv&P@rh)|r)&O-|Fo6+b4^M|GjB8pj~vUQZAZrq4opvkN?!BO zQ}j>hD7I8d!J~v@C*NNkKf#c0>%KH1S=Eq533uy!)yon}BqvYxoe zv%6k36bfdI(oM9ITT3I-FKt-Qp;h+!;M#?c4F`Iij$D7OyBKp7**f)CME>k|7;r$^ z+D|(bIfyj`1t$O-qxj$XPU9dUA^A((IevlFLZj88VisN6K7$)p9^&lW9^+49Mq z?}_RA#ivUE`b+|nR(3Y;>GeHy1=p55lryUt50UNPd~j~^Io6j29ZuF(GaD>}q=?hJ zt;7?O+D21h(sS;Z88_h}O0N{Y@~kf7BBRMKa4s!tC2tAG=$ns_Lo_+4G1VYz@qdOb zij8k%;Dj-o>KLj-!;=P^h9t-D1o}Jg2j%$$`MeE=;>|qN@fw!DhMWHj} zoB|e-%b@WJrKlfSpPGhx(C zTw1aV)+zHjHsze^tg|fzQ4kNq4EK|;WxwAI=h2ZueK#?rB|ob_IbE*qVYHlVFv&;q zRB&Kr3tz^0d4K+Szh`(ISI-J ze0DpiGf-z^X~tG)jI*g*NKQjIC;3`Ag7-Wg-_**lKhqmw(OZfir+_!&AR%}+=C?wt zE9ZwZ($S_HzvPzArD7kff$kHr@m|KrQp;TCwYV6}T>SYz`WqGTj_=wyZnjG>83 zLc*gE^M{Zr*&S^P!m(a9{x~O@Mh>@bllo2}NkmKf`)kEm-<7h`l^5Y^@T6r~Sb5k? zGN7r)RE8iJ?W`TUwmkIL?&`R%Kq4bsMGRpMEVP$8}XkO#OB$n#4jV?+tu2p&%X=( zA6x|c>j%zkEHeT^Q2n6qevbPA`i}#FwFohZaJRcrCFq#$jkR62#8(k89{>q~)y&*v z4jVAud`Zi=%!@;(EQn3*=vNqH?qwwdP2jG{yw3vlyNd*zO+Ufi@e$UM0Qn{Ysxs$5 zoX9)up^N&L(KPh_=f73$4Cr(HXUb0*^r6esBJr^aI|vwP?+CesETgQ5?cyAecex1< zW2&MBEVqM({r>4m{&!@N;6UTQ?*&4A6b4@nHff~MtC%?S?5*^CfH)hJXL>0UNltEB&{xa*8+ za!c1CbO=p41Pqa0L$7M+1VWP*dME*r8k$t;2%)zCDi8@>x=NKJy$cG6Ac%AYMVfL% z5pHJgT6di@bMO4Pvu5V^x4!l5y}$Lo&-3p6?C0&p>#Mod?b0TIaT|RkbAYZhHL`V+ z)2-Q&q-RQmGEyZ#XL#ucYbBp*|DqiNt2|Ga94>^V)w$QD_E4aKRI-eFZEy(&*R=h* z8Rv=Tj+%IBRl~;ifb(UdBkT=>mx!{gPOkU%{SMK*vEbHAaRXz69O;56?;2okxF&2A zP&`Ts)}f&Ra8q{p+dga3GE4q$#Hf?wn-I)|2pKsbV3UfIU6zBI>5 z_xXz^&D(0iOZkoqnqo1aoaY9Si7(imGTWMeGVfY;5z!MHd^PqVRL%pj0er892J4#% ztA3q)EZ+Fgt@uL_b%ZNTfcGY>c&juV6Oc`s;=ivd`0KYw!7RPO;M=Qq@1A+pVd>5x zMxop`9_QtVKpxobhsd%aV;h#ToLT68}I{FfY9CFEEO}JobL(=?L<@ zyn~?Fc2p1jT!CqZYe#HO6$?-!9TkTUAB}b7<`%QxPv+aZEk=t`aQ`H&$Yzq=$*Pi$ z9vY%Sl9LBdqum>zn<5SJ9j!lc2B8za?|ib>wQd;Eme-BO;j6<1x;Z)J9xNwbsmf1- zw4w@wim-GfjQ^D3prvFg?ax~@K;Sm7kF5CCwyec$cWq*FsT*u+(3)y%6(7=N{)e=cR zX75CTm-fy4k@*}54T?x*lmf|^DA*ux5V=2@cC#WEai9@4{o*R0BdsypLm#7D7Wlo? z-MJDEfZe2HFI_yg1m^Hg#r?+vmrw3 zt{T<)aVv^qe5H*3aJbL*-=1J8DJeCSl_dPg*cqU7%dA~d){;8KFF6c@={#}o?>qpn zZcc}M=u&0hB_pq+doyya)Yz&hpsKkwZzjczx2QD5QwrTDNz5>X(z@(A zGgmr9bsD`-0t|U5drV_?^pvEdZu0&vqgiLk@1zbVnM8ZD(ibI+)mEp9cEavAFhl0Y zepPr5w8_Mqb3G(JttyL7RaESnU(d|#z@&%F!0~_&7|AK})JKW0q;?W>@(FROxAcZK z8ZUL2)8C-TMjEjA*+T~LZZxM>SU;t)k4rW=#Jgcf3V~I7_FeWV%0hS9*dND<#>Vi* z%~9UFjUTtIu~yB{DPE?V9(4Se)V}Rp^kDL<_M;%3r#!|D+)0xL6PPZ-3><3Z(83}amFkKw8o{@U?)d%j63Mb*mpya!Rs}J?^SSpNh z%NkWs$&=lm(L}Ir^Jv63{#qXFJD9wwn2QLvn$>loXSrj-%YsYEUVJRquXs=~$Ty7& zXwtB2<74$ZJ&dC|_Y`QDEvQSFY+&IUgPOc|u*YX*YUH!%@B7ITPC}R~wldQ6Lh4h4 zjUMmv8h6QP`~0n(zx&_w`zR|c+#Sy1@3a`PB|Vs#l0)*HfBP!Soz@lMEeWe|A9KtH z2d+MjN6E)6XF)pCiY1YfK%Sl*+xeuGoLOn z!=_;eqb?Cw!M;%~Pmg*!R^~{4kd59oUi4amj|6Dy9vEvYSk0`l*%^*5a4`kaRl;F6 zq2rVh(PY|#$i3vyo{slPlurM|#mWCCJhHJ}0Jwi14y^PHtiS&*GGwy9&vNc()3#*p13zXet_eqxKS5~pgJw=#LtuC8=rd^hr*;&%S(hZWd!k&hosWdA2 znpi{hk1VdXUI1LXSnIEeebEaVV#`ZyeWuR}FH}rbOtfMKQM!=#8li={P#brYnw|a| z>Z28sTU-sdrMU)Bpa7mVPI`fKdUX6{^<;obG>Yi?YAsXgV5?xy+sxr3J(mje45v1v zKA)!xs|aT0G@#3WQkL2a;~#u&p}#K14*Yd3_8}(nJ!mfy`<$q0^B>8X1L?Z$06MQ! zUHhT#>Y)NCE}5aW?%R<33-6v;3KL17smoO#ZJF0a@^9`&ekinw4EAH+{Ug8nyK~%< za31&UP$r*t&8|JqAUMkPlV!(ZoIu4pP-H=xZAOS(cCeLrX9a@NSjjy-e{+nb_qoLT z$ATTB4GO6QR@0BU;2>(bj%bw<^*p)qBipo-OIiz3&IQ6dk8Ty&^MgXS3~_?`$4=t& z(f7=5)vAxSm`Xn}v#ey};IT-#v2*Gfx{hl|uSn5^r(U7dI!X!Y+y1re_;O}MZ_8gG zahdT2T3Azx8E(sVBlbgU3&?(C8k22ZKIp z=JXO!Emf1I)5hq{mCc|DQ@4E)5k)ZxTOm&`p}70w@)lGegKZI(>|qn(r7!t+g=Ihj zI=VwQ+&D*5CXxme(ei&5f7n{-`Wi>md zD&T9b&s{!(uK>;GC738|t3W<|u)iwEGDVYt*YRTuWi4K;b-34Q4e6KQg*Uf%k$p^K z|5`VZvur^z`NDV9uFG04C+FLa`l&*2^ zgkqr_HT(m$FkLL$Hk8^sSDS2peTL8a?U;?rNknkrwiMQ9^&`J~NtvlN!u3NYs|KJ} zwzGhlB>qXI!qIRB@<6>_1_)5MJZ1R_e+OIs_E!c%IS9lNKez<;^4B;VQm~|FL}}AR z9X0DtB#Xrj^)!4_amlpZilI{K*(XJl@9P=AV79xL0t^8xcBZ5aZg%(Cnq5tRkE9+G zc`Xi7sD_NfPV6>M(>rf3Wi)v&ODO!i%K$imQ2ihP)V3;Gjzi*TrFRaoX!c03QukX! z5Ao-|h|iGQ%Aw#k0qUQ!nXfW_#F!5d|1kqGLw{~4e^L0g{!8)3;wSf~Imf~kZRQ@V zYDY(I<$@DK#kK3@igQk)fs($$RU+y+_v05OMd$!G8+of@QEi^BpkfU;eJnmpOLSb# z9oxB)7hIJlb=5}TNnobQiFl(gsm;=J7iGT90)2B%`iCpBZD+V>Bl%D>ae|BA0yhlp zBMrMkk^WD)=O$9U-kPO;!o~9%EUdCcmaXXQEBIn8b6BI}4LicxB!9k5HavuO6;0)W zW7;G5y7wJ7zFuMl{1x71tWx&<5{M%C;&6Mj*} z36v1cb@N;(Et#Qxi1F;nuwhj(QD1bwc5iOVOzuV2)T2rj4xak$3cFq$u>$Sj?fZ3B zypC@iI$r9PBzbeSgOeVt_2YFzu-mRu_rQ;7o?0~yt^gt*U;MmPM5&QQXpJC|IvX>k zVpYidFB@R{rg=?$&xR zkk<%wF2k2-<<3YIu+HUVVQIIM>+_fhI#TBN!`S|&9p@h(nK{;^iDk@*i2r!?jOI!? zD~pxcK@lCqeRg)dSRr64j69a;8B5teA+ZDw96$L>pJ0l3ogFKvE}KC{YP|k9DW44U zNuX6NG)bj#^IycouA*A@64<9r{a^X&{sU_@KP|=5bv1|N@7FTaFKD%&TkHPYmhNS8 zPPOigbf8T5rZ#M#-JOX5>G1>yw(FgA*ogj->HTjM?0?oPe#@hSRojufp zL8&Zr)kPwz3soH4#!8-n(^>X`aj7}+j!!`TMUEaS--_%`-G*0qn6j-eA!|!@rE4Cj zjk^Tu&E;yUp{x{+aLTgo$NDK~X+0e0^}zTA@ZbPgclYtfm0!FERP?k^@ytY?@_@7? zgF;J%jJTOaalEk-YzrrvS(4JOM9Zp2hvRa?BqdD4j)vd#9QM>-cHAvoDH&VQQUBC@ zyD2!d|JTmDXkzQ_Li8tfXY^i7OUOIMrurYH8c}SQRqF+l>wwI-)V@X@sEb*hlBbbt z9Y%rB%b`>b4Aoj#7&I(WV0LB5M#Ts!Fe zIXV%Co_q!tfufFkN)Aacl3X4$fm-Mr1}Y-xau?FC4C(h zU5WfKD_C>?s_Ze~k~Cy-l|ywa1%)Zu^YM*bpvGUiF>EYdRrBD1+Sn(d3P9M7Yl3*K zyF*Y|wQw@p>{ufbTB*y?o8*(&;j&f8$hC69MBJ_Qiq3jAmm+dI^=Jq2>)BdhbdT8w z(^lcUJs|bltb4mhyL|%{!qL26Nj4pXPjxkrie$3Nfm+%)UJYHzmI4dGF)A;FP86MR zH9&T9V9;&k1#JqPJmU+b9OHw1x*utmux0rv98~RZuaust|Ab9!$x0tuYVov&hawf& zQ?Y_hc+12GM-EPD9qKZ)#8B)XdfQVy{ zR+bRV|T^#X}sR`7c=}nPJ@CqC+ zNd=Bl{eV|lnkD?W=0Yo`^0uF_BUVd6M;CSU@DPz_A_(uW0S8r0bB)Rk;ed?F)3Wjt zVAhwG;_s4>mB@x@hPZcH-jeMVEHSyUx2+|fk1 zIR(S#A_NB^vn>s|a^tbR)`pp%fQB1e*OeQ z(T6C5y47-NZG=#bZ;D|f9`;Xzx>TKsrOLzSyiRkM#q{kblGGyvo?zmy5*AI~=Bu&; zOBys@4w@G13CVNuztq{mlJPPY8VCeTfEs*Sdg>_#8ny^XE`6o+dNPZV8!s4(NHB`O zVJus$%eDbzpL8J8fWHiik+3`IskxTIqiMNUvfv`1-&XuF@H1o2h?Sz-Ee;679CGQPkg?)!BIj|qvbuhS5)hL>2s`pJcd6A zJ6p4_^7mtlLn-C8>hK@qW#A?$BmuTPxFLe^$AJVH=atYIL$X=b`U;B5__4SYAdsdy zzRzb(5+_nRI`dHH>@jl(_cu+DP(!BHnm+?&FPA3eNF50F{b1wuS|&Iw0vw^#&JVt+ z`X{*f6U_cgPs5lsV$SVP=q~_I_0L$;HBtT-fI?d33jl0=`pol+*`*7>#KiQu_{RQs z3#gg-1>gc867y600`RMkP%j=+i1$3R8oho{rA|<}K9NXrp(+Y2JD1PADSAYG>i_2b z`P&P?fldLXE6J8>qC@5aa2mIc1KFIVBB|K3h~`cKVbv|N5~| z->+3gYK4(=-HPe&?V&M!vroX&O-FKv7l1TQrZaX`IO+Cm4*vETs{Q$Dtr{a&&{>*Z z%%R`x1t6iKMg{GEB*S?D*fxs!*~>%6NZOUip)$PyrBvL;roHq%2t^%BzRn#m+XXJH0`R8_TsAm)LX0pg_%BZ+w+00P*W9<&WT zN(*Sy60YJWPo5kq>vp$z&VL3F;o;%o;o<(dNBrym^{@Z;pZ=pF$ikog-T(CO{v?54 zfBM(|`ltV7KKi+TKKkJY{4dC#=(DW<`~Ui#sB=6=iw(9 z?w)^%vp&iHlJ+gU#RH7~1%dzc*Z;f?aa!l|4@rJ6yTASU|NTGy&p-cAW`Fy0KoNT2AKtIb z_22%?e)al8sGC1<{gnSe{)PH6Me)-QC+06G$($(qKmC9qC> zv3vf@hse)#F8MQ^%3&`1?uReBandjI-~RmPua3TdzKyFLzIXJ80{kb9M7h2H+YRq< z+1}wlYCimGaKGsjd;um6|HDRE`n|hhnVPpavJ}pnyv@7$3EH85*bYpiu77X(o9=$r zk+%KAme1MFf0>0pZ25HeA&2e!*)LO?gV+D%kH-6)`4x!&-%``x65>}dq+jL~Oxa(- zFn;2uJf8Cl`1w1~C+0^4{Kj3B{0aQVCJ1{QaZ1a?>o& zd5Y(L`hnxVH1+hu{~DBC*1w+r+poxdYxFyMdY_fW{trCiZ=UGr)Baa4{k}O^N?AO| z|3Kgm2BrV{-QUr1A4{8baoIfItLeLvzn2x;%)fp5CD5;R(UkAyF~rj||C-6a{rTsq z{Jx&PQ~EXuUwZ%3tIX!d-!YPU5ARoxe&OnSyDzD~-+1KZ{W1R?B|dZX>u3K~v!b8c zc>cR$^5QSOeS7$CwJY2Bp8p+YDwtqd%c zO!fc&a)1CmRa@!pDgz2iH|iCnIjgN zmweF|on;BDZVVPe*!Snmg7?2ZJo~@=%f|lito79xd@S}1Lj-%Ng*w5Mh85lSW43@3 zRt8_*E&j}U{Q2$)=X))lt((HV?&A4=*Dh?Ya<5)}6TF;R{ldP!eyj^im^@2gFK68q z&X&t>uSDFQskG6>_n#LponNVOVUZi?;U+#jTd@20_iuvVU;K5W|IUBIG#IFLXDcvV z_Ql(uA+xg0TDlE}#`SSbsJ_Ie61EU3U zNoCIJHSj72I=HZRiv!PqL;#^q2a~1SK>mVk%bVr%B9HN9dgDEP5Fh6)*sRh#zX^J? z^w77cq&a)PuY6-2wp)+te#1@9@T{(;u7~l+yhw5{$Rf*1uPfZ+9z7Hwy3s-W+3?l# zv=gw&zX_sO7m30^XyO3fvan%-2zv~1J3o_vTyMCIW?e?);czM>6e{p5|G33cDYt4# z>_*i?TunNDGvv26dJ`OzPQmhyRI5P^+JP#Eaa^8LOs&1mvN9OHd^uY{U920=0fk7u zWc%PRXO4Gtj~6`Kc*yr?yGQ)~CfFy^OVA~oa12iHl`>uVL%G;lBw&mqrPKhAg9YSkf+{ih8`(LmYRb+KwZ&&(jF4a10a;s0qvQ zUn+K?S>{5Wd$Dw5<+ksbuI(#Vy$N1VGUqtP?zT@PuQq41l~U_7v6HIuRz{khjBvK>NoWvn<)!^3!O$ZaR zV*;*Ilitled=bpC{+9UmGwt=Uow|aE-vsHEW?_H5!!PdV_N-pf&8PoM*Z}T6{r_Rt zFf07h^_$@D`)AGf;8^(&+tchnVV(Wz`b`l2CY*oZpI%|s{9>IHrV6rO@FBxWajEbt z{Q45xi<^owylbIER}Z+gAqRRBl%yqtAJY!x#sts>W|eR4U+iy1_qzNWUDNDW*KdM< z+&|4iU;V$>68$6AUza~*{WIhj`=uA}_P^o(JL^E_zF4n=#U!N*{M#9WS@o?kZ;5|~ z{5y?d%`dUj?9c7l%Wp-;UjIRK-@E?C;rWmHek-||>Yf(@~+p%%S&y`#D-pN3xM^hm) zrbsyiCks_vro$__J-F~`+ljd2kCJ=qpsUT7nM8LgoQk0rH-++!`}pRf{7^xu4|4% zu&&;0-p%m~Uomu9MUK;Bw~gyrO*&oS`A(Zol8<4>bm4=6ZNWO>Hn!IILkt%ZO5X%a zcok&x)HjWZJtW%Z=m*jliFh>~PiwT|bPbyo1wGEz3FR%y6sBu;akU4D=oHjPtYtev z2|p+3Xx;>iODP7@qps61#QQ$A2FfR6n6zOREWPS1!JBj)5tBJC&?p%j?C|@cM$6`7 z>hJ$}6a1que*0`p=P7aKy(u00uCmWw8JMfpRAqiUTb9tF+zTe79$2k6!MgwtcUqKE zvtBu=@U#ouv?WZO3+e`4E{n8>kIOm=4|qT90=Nnq>`Jd&_JSN*&KT%NYtE#^>w0J zW}}{JT+dHuk+83Ya;8oG{NiPH5Qeaelni>!PrNaW0?gs4L!u78 zig*9B>!Bronb>B(C?c$2E%D6N^V4_5gRbHBaVBGQ*;_OaX*6J-jP`gYW#P>Zr=-|Z z-SE1*;=-!2QN4U}xosJ~W2Dgt*M_1t zo91uJ$uh+tBo;}aHcITNk|6fiAXeM!`YgmZL2s9lN{^f| zEuW6esw!{x1?j`B5JTbYAOVfW!YL-{<%rG1YME6l*-&qqBtYD}(RjXeu7Q}l?Ol5l zxwrdxWj`Km<<36ay zKnqP$E7~`~A;X%-khViy2t88`dQ(wnuu{CK-oq+(je$C71&LLq@D|Y&6#i1vo*59yo|#P=TpvzsY=P5&#w1O{W-Biww}pIhWJulRllYBA@VQE zmyY(wG(3ZmLWLq=x+18NI&FJ=xY(E*r$7oJ5<9!e*xl{*<`9T0Pr5_XLLrPB$nDw% zDbd6)v}^wg;I{KKcRAHK|D>5A*@7Cyjnwwzt$cI~=yj_enW2g6cDA=SK};Q+sHjmA z3wO829%25p_PFV58r>r5uC*ss-H`c|BdYbhaw4)|m6}@S!&;xGW$@ixqZimjmNNcq zqYl}^`LV+xX_zWAz9h59^|jXa02n$T#{zL3O` zvveLZ1^Em)&THDiXXXaY(%>=3t@dv>(iM|ZbTGz-qDZR7Yas;cL%7hBc{qy(sSZse zt`cp_MH9}za>&RbQuBMrZQGf=4RzE!N!Jpi>TT2Qm$~r|KN=-6DB2>&OWUP3!5EC5 zGUII?m$8f!#0bizHz&cOR3vLe#Cj8~t#l{HEiRwqi0=&Kg=7h?9QA%1+=~$2#%66bxN5<+YUU_Rl{b3Jl8;NwN(GcjaCUywWTD{A z1UC``_F72iK}eov7dU;v<0CDQhyL8##1ThMyGl^1~Zhj7gXt!J=QVuJ!ELwxLCiq zn2n9Au={;(IOAQLXs8;5ISQ{syRQk@(rU}-n^Ebf)s-&1h^~@{cVp->G75Gzuz3?7 z|1cqXXZ(`IacpTEB?oq`;xG=Of$9cehtMGndFJIk(D-F+7b8vi`%P9Hv+@!;;s^g4 zsr`t<>@}@FlXAn*MjLo8u9N}o^5eh-REe?L#r-uo=wT4=O>h<3rEsg8eiH3mJICX3 zPHcT8@%*L**L^vS+iZR~bfG{qkMs4#kINS{b}{4uTd#d#u$@mOY69kNBJ~s7yK_^m8#KQF-iAF6z0= zjdnqOtPNVhBWl3=wS=bzucCr+Aw*wfW|vl@SSJ%PC$YVDXzAbN6@NyP%;Yk5#a;E; zK09tvB~*MY*T{-Kik$&tSQ|HhYq$kn^(#dt1Qx;`JOj-DxCQct)6}@XTwY(Tf zx?C}Gyn($t7(gdq{k;i>S|RQ*)iJ%h0kq(^+!Bz{z^Hk$RvsWQlm+Ai0`6}^`OTLX zcz`~72m$Kog%M3AW;7IbnZSfjWU8W*dkXxbQ|RLS%EyVUn%&-7YT%3E0^XTCFp1n- z^6NLrD{l_LP_M8fJ_`nL4%tY^q(8G9mH;~X{jlC*{6$C@5YiGQr7F472MBVo0wEvN z^VV-doOA`HkB>>&751@8-NJK`Y5$5RnbM#o_*oF$_a4!>g-Pknpnwrs%(+OkYxX6a454{G~6NzOMQb{BRnK^k4}Pe*{ny&d{w#<$!H-(}UK&3O;3xJ#fH}1AXwr zXNzoGy7x#O=aaOIj2q1Qczw1?DY3Z>-ENSajP++Z0lW)n%g+ooK&ij2)6a@}bNJu8 ztiYQ4t}NMHtN=H7UIw7(LPH$-2$*s2Z-N&PhR)Z;mjai7E_YM#>DNYExc_ZseG~$S zV8_3&;|8oL>r3k4lfz)@s$2R~o8?b5dfQo<^wSfIQd$$-NRS7X?o*oCh^&cz7uTo5 zOn@n@!*+!Sw_s)m19CK;C>~1?*fy@B4LfL*cdPs65I0Kf4Mq$Cxx#q!74o;{45OU^ z;sZuEDLR-mV9VTJy$K_D2qzODyj4a9@4(_K@af|@jPTyQe*H3;!2|_%VR{2m04GP& zEWmkGP&g${(xK+$Ge9wQ(kh6kVKjjKI-<+_V3Wo-{LpT{Opw1q%G?TA1ebKNp|@Kx za9PyN)zf#hFD44D`Akkq0o(Ow^hRv~-v&?AD@K7Md zh6gEp9bpWABB}OTJWPq_r33hz;~r{|7=jMnMLUGd+7v+mD1jjpC@1$qXQ_REhF7;O zB-bugzDG>J*_hb1Nn_!gL(n)Zh;9Wj@faE&L>=%+O&fxRyA8q_2T}|2xjy0G1cSi< zJocBtRKI`eO%M+1uD#*y%waNe@#RR4&U@Yrt60pew-j@+lM_>5zGS{2knsW0KIDeA z(!iIuIF1WhF2t=aEBX^wQ2jFnfK1Q~PgcFa6?t5%0a$O&i=`Fzu#5bS!v)^Hh6j5~ zJTPbnRIRx>-vwR>U_rb&G#aL(@UKCGmwz7gi`zTtb%xD~S*eEhfZ`MpG|Rbgz-7Yd z1yP_bvX~n1H28_aX&hpVtNA8akmOX5N(J5Mu&Tn0T8bS$$1|jUo1K4@UAup0Z2sOE z4k;hS29rTGhi@)V82UrDHu?y+^O;`a-pWDP3nu1Exi~Py?*n+T*q3U&Idmk8UosWt znB~!nqr*jG05*O(=ObJ;l5PqU@`3|3GoS5MOouehpb$;h8nqThA>N`efw;c(`AzWG zO8rmA0=W9OhjEF!=^L^HuuCJ_^Dy(dL$maA?1QN81tZ-v9S-VxbaEfZ}SY#2*G}oxRU!X!d6{rpat@&l8WN?|o!1fI(>YgSbY_L=cR-z#j1B$c( zt9*HjN;P$6D`IpY?%@uPX-es0S>J-jqVc*{e>XRdt&cdnJuu>ICrX zpQnIkpTmCqtm5^r7B+h}K^p1u^SZ%20{W~Jlcb9o_SRo)RlcoReoG3!r5CCdDk16@ zqodQ(V~mxdiWRbsFv@p5rHLJA(NdTxbFIAWv!{fw_ux){AV4B zpD&6b+cB?><#0t`?xPwO8By$&fJa+1t>^Y-pU`Aiz*ZOl=jkHqKtFlx^>ODWh*mS8 zdlnBJQquBZ3pU|4bTW5Mf}QR{XvF58=9JvxAJIbtn0B>|GOh%o_1e0PTx>Wq%1MDW z?9Jg21_LGCs4Bx;D$BxDb&h~vHB=67zMiCL6_3otx6ASNju<-!ZY#1+Ji`JpARjjp zkhSx&aish}RZ@Ql$$YzYmW?6LNd^%|8`U<*|7&z;xaFk6YP(X8$!}6zUa||IDMrc#n@yyX zpLc+`1n9kLoTofiRz6&hA__}^l-kcmzxf^XmAcVjJs5D1V7QFeA!r(9^wB6lp0wCm zDB}=y1yT%7>H}b?PHo$zt8(H^;Ot)`shvDnzqUU^rjV0a2)3{NLovs6t99>ej7mA( zU&Eq3BKfkbT@zn2K0kYtFk|{WDOEPw>c1*%@GwErUWa-Z_GE zD`cO^X+Oh+B^dzVSUGM&9TA4cbnE-lCNwg48g@UZXv91&Uln1_be~X=@Mz0 zl;W4*(DcYN4r+UPaJtRnsy`fSdW?y;`IOK%ryR#B%s3SRNJP=gO(utv{0u?HUlsM} zTX?mOnOkuS8{39N&AcqjAxCZGBp4ua=>i}65Lt-zCEt=mmLNvcx=(wIfN zk_fa|0dqj%CwS~%J>CzQJAxoRO^>^wmW}4M_N|F*>JFV-k`+t(>3bWLnBB|KL!iM> zaCuO*1>BN2x+5=}kA!Di`tKnhJU%`znr-_|ej|tx_?Fwa^q`*1=th9{XUZTjsT?es z(cBhVdz6Fq^eZwmstrHg#x|mIb1tVHD?X?QzFu|N$3Oct@f%0b_^VC zM}1*mmTG+yM7pHdU6=t`ZLnS1<+Of#^13)CP*@tdjir}Kc4*&so%L^GFJB2+-u$lw z=d)@|98k9_Nl-r9C~KpVBHaAVpBM$hL9UEukqQ86rXi{e>|`^nfhrS>CM1|WUj)yo zdP)U5vVG?!7CoNV9(Zx=lRUCvR82<#(p0CangH`XHe9pCx%EEFIH8T&t=1|a3};n ztHn2`9q0xK3V)VZ7TvF;&c9eFQavzv6)FR;$*oOy*hy59Drb%%@VxlqG>XdW#`D`5 zvN`Vxrt&@HFTGHJzP%L@unKCP{4wAvuG zTQQx;>f^xa-Qo8=5~1?b(MtyHsJRoa9qee z$gf_WB;{RgW1YG>(?_v=k55n{Z7)11TEw=XJT5MQJ6KN;4XH%zK;0cjC#DmU2%4x- zFB%bJA<@EN)*p`t@6BV|mZyvJa6W;L4}?1TYYB(=W?7HZ1;ozte0?U+?NmBjrOp5! z&z-=U6_qZZq1C8o0`=$?3wzz~XKetGU__8MIWKP+s_Yo`M^CDY;9K?@KK7gLf(pq* zh&9!pBOGao2TK6BJmBtE)C@8#SRYL9gPOCG2f#8Lgo=iefWn+lZghJ}g3Oq}Js~TK ztx!nO3cavW&-2VUF31B^TnMoK1jTx$J$KjE&`I`D*-^w%YF>;FOjhFAUdvhd)E|OG zHrdQ4$_c{blHyqp3JG4%4tY%w38_zMtP_7+x5OJxoe;ZJfG#)2nE5lD2QL@B%H(Mh zJ@Q;&%jG>}sr#z80sQADU=*_Se8=1UWLssc+-6O;`CV1@V;mG~QJ;;<^OYb7i@MQ_ zgQY4Swi%Js_Or(O*m)B?sfRwWAme9`qjT}C-nh0Z;zh%?1H0g*l**=Ctbc)W$$(Yp`mYrhor>e1*^sZr0%2(bBp4AyV{h0@ve2EgmbW{ zfrMjaUIa7J&aeS0{Kjkv85RJXmUUIGvfS8w?JpmT?KO_4oUfW#w)V3y5|ITiIf(My zX7EFxElx67Kzqx_13dww7ppf)h~vF_Ri5G2sN*P=%xp@`9qb2#6;ML$Ih0IMvp6Y6 z_R@V04<Iauab4MVzHh4{&xx1`v_H29UMYDzK2`X5L~72B|A6 zJu8tm+!tSVt_Js>lzTgXy0gmg5?FBOvaHWNR72TG%m}40gs;?`@PZ~WaR+63Y*uSI z&h;)sTJIc5E~=^uQlY^78MXbX6=7Vkc=mG;4J(lCBs+JmBJMbUez|s>h%FuphER8C z3?LS}06|hoLK7vTh0BDf>Coo0IJ*NQs)6x|0+u$9PNO#hZtzQF?tHC_O?wS0eUrGG zwp-)CPVO9Tn{5Yi5<|K0JcLnd4Ulbz@$?xqi{o9!qEbHYoK1Uiov5m?&W0<*>d9p^ z8nq2Y%Ai}sxbtw69>Gx~2&izpc2XN1v<1oZd^jzp-j$W4VbWTI6}o*ab^@2@Lq=BS z%ZLNG@MrtYDz*ml9Bd^P0IICU_4JwsxaZDja#Tax^vYMP)naq72PTxT##9ROe%VG) z+rS4O1KXag1j<$MKufCCkptTuExFqez@_U|$B2*tev4Uvgtr7jFgJizr!&I3y4}6A zo-`_g4`CIwU{2zX_eJi=;qv@4gfp6m4qkzZCPEf!3wmxK$0~v%G^lshlP%;uHrbZb zA5c+fsV+AFZDy1pR&hQK5&`zQw;r;w?m<&^a=Ln@U%Pf$`HscsVW+bD8T4v+qYwor2N=JdfxV6m;4jbl1=mQK#G!` zEVd21eMSkWbBTpGkHrJu0>tiNAoDp~Z;9#7(V|Qx@i2}Au>auek8k6bl|=Nn!_pUs zV4nVLnp6FpyJ(f1tHThUiQPL@-whgmc=sGq0~OTyRFJPZgt4X+n%PHBkFE{fKLlG7 ziNsPfUXLW|f|8EAR0MP9rIt^^X3@0x;@?|zAuF;tJ#(BJJgC`3npMa$3%q+8C+HTu z+G`En-b2<*?-nexxq=0Fy#}i4T!{xCAjiXcO#+WwsDw*}V0kYzhm1))HCR=aGkF># z;yyX)jUCip8fSMueWHNjws&Ni`{ClvC_2*G&hd7Wcuz4W!n(e37@0JitO!@)MD&1$ zLXz~nf~~)!qUE926t)B8&7(>2v+E^_!!iUeGR8*mKB)3%cyvTj@p#VGGnr4=wqm&< zHkSRIwg+`O%g6K9dZ=`_XVklc%uIYrFn4pp=3}vq7^9hkaqqEcggxPPjpi$&2ZG`= zJ0J>XfK{cOT>7=DD0)#eX)*`_n9W6+;`aV1sXcupO$>b0BYj>^ zE9%IHz2xaqM3h*)PO7VHGsgBipA_b>mMbrY!Lz=%%{&12(0)jchnyot{aEaDk-c_6m_r^ZF)?IK0XG~2s(0_?3VpnE{8{8^TtTPi)a5n^aleAs&(aftng4YJTjDXNVAW$uT0>Bz z;brGz*)1$SI3Do!g9U_g>C7Z>L$51Thwu~Me0(bCwfR5l3Hs7o>bttXg}XvJIPj;u;W&SSFAP`^7sWgBlX?!#fo2&=-FF5nRFDl*kKW za#76kVsH4z#}4}un2Lu5H3A53JZ@cGP%GmW9Iw{ZZd~L+-FCZb6gmJ}OsxB~QK^ee zKxk)ZhWD>=uzU$KU>t85E?~k~rO;0BAb{SFLh$p0;hdz7hGD2Z`h4vMeQX<0dQ{zQNL|}8?ZKM~*q`R@qJQ>fw;@j4o$?2O67@fK2}H*lU!wb+dWe|%%Im|v zB9CnGru9kYcQ8CVSHKA>^q?YICNHMTvGnWqu_Q^vo!pcqJ5jBD(pBBCT08c z5skCrG{WG5xan$~OZ2+6i;{V0enM~iLntqp_TqHS>p<3#sGk9aOdprH2a(x7i;qpP$ZXwz0%BMki7gjoc;viOQz8; z08!i4xT<*h97sR6#i)r!`s@;;J_zElVgQmrGpuN-IFF{{(9)m=5TDBk0BT7+CCQby z4AnxESZOObfH#1sBEyJ+k%Fc=x+N*)SN^sE8x1?P-(_trsI>}wIxoujEv$uoe=5leer6*npv1f}yi?6R%sacbVrwwE`+A(*6Kv2se;E z<`;J@%SOlyn%qHAQFnas!&C+3nrWIhHGf9AhpmpA;a_MgvKB~10>AY_A5CViE=!?} zeNx5&t==c9R#3+63{LPgWplx;EQvo$Z+2*eXHZbE8K$~dKcrC>z!cn!i^SAiZ@$nI zG1kI7tgVC20~&(jf&=I2r`L_(01@J`_MmM((z54|=OBU6s8^d-QO_$gbvCm3v|ueN zg#i1$^_Hu#*)_&5i=V~l!!90>;ciK@%&9-r#<1skPH@lKTUmMfOp31w7C1@d-#L)A zK2;zv-ke74w-DI4jY^WxgSrs09wCKF$+6!>q0uzxM5Ils`dHDYzUoC%-?>Autlg%!U9f|6!LoXl#lxH1n zA;d-YSC@0hBF1*`88VPOqmPzHRhvxlL@!%7Y96H*nY44rmi&6Ykf{!cO^}k(^R&H| z^CqCO7#tw!LH&r5*|7l55rOkJZ-U|w(xWpbO90LXkgFB|Z~A51I~}vP;ZpqCWdF)h zLa5(6N?$(Go8YeuuK&4Xmf;MZ$O9<-eR#fse@dV&kw`I)F0vJ(Q_5OY=K>QQYeqgN$6 z6tPz(MskY@0J|EAApS!Hhm!^(u+Op-8;$Qr)|GXON1m{Akpv%5E%!jXv z=cZ*&qXEZ(@w|_RBX6t$%0q9va$GS~7z>cF;MVqVsJ~KScAD65o?#szZL4ZK;@pbb2$0f916iwxXNSd}A+l(#VQ$RtZpa>S{b%ycuK=CsJ_aRz6Aezh@%FkAx zaX~qi+PNJ*Ai!~to3W$xK$$J{0|XuOL#MVEIMHzrvzEK7W-x-}cMLLIR$8xfevWE}Z8SBCQjl9{9PEYHo^OZe~}@c%z^x2EGXdjiQ3k+?ZcwS3H1t!OnJd!$fiV~(l)#bY?wNrCe}vU7sr zW$GwGijnpC#*W~mb3f{_USP5R6?ti-hcMAuotq)v#}8E1@b{;1;p{+DnZld)i|$;A zP7vgAM_OmU8*5bf$rZmfU%rhkELpi%tp`$f9@teXEG^LdDryW)NuT5bB2u(-@4*Vh zFtY^Z4hu-+V^AMnLIXbELJ-+;?3@OVMjA#?>n`N}-7Jl~dk_~P4q(DX;Cd>&Od~(( zkHHq9Uh~vL*n2q7xRbE9G0_jwi^@O{?Jvh`h%MnFos$<-pQ-3<+jMeQx%2Z}HX%3_ ziDw{z&!_aaldXOP{PQh;+yu)92ao_H(6w|=6=nvG(16osSsEHUuI39<{%4;JZ93fm1_SatR0&pNRL&*lFk4qz4;)Hl%ewV(%7~I zkW#FI`%7MaWwBK{%TCr_N!lfVOav@!C~<3ewD|(C_J`@d^^mWPTE@6yM*~Z$W@K}n zC}0*O%1DWEz^TH8QMtRof*Py7r&Y!&0A{hSGZ)ZLa7JlkLJ%iZYjs%!1}BkNA%#HF-k5tOB@yM)p2Bopu6&woG zL`-L%5&O7}&g+w--|0MjUGl~TncIdl_ijLL#MhMdDsVUMy`ZXBq=T##zq~fvG44o1 zOgAhR@yD|z&x96V5a9hesCxalB9gj5nCc0?N{jp^BXa#EBl10?&C0)u+7$)_yw~@^ z_V=Xx_K5qt7`=CWEHczJ@R}gtyzzy}vUREyQ0peGw}S*07xGW$QITZ{4$y*{M;iyX z=p-Kl%Qz2{4d6j~N?>$Si?; zSZ9ueN|XzT*Ma|(*r&Uu(@$0V%<@+1I_H=mgQ8CWm*2xaKJg%Rdk`--JwFQ+%R>;i zs1XY&N(97kp;$pN2-sX{Lg|&#AB=B;x_qnnL;W?X7woJc!3`$QoCGvaHo@rU5Wue>1iEpaA^{7v~NN7gQ(6X5m{(fh zNU!twtYw3_#mc>}TVbWvYw7HAch5t$7rhO=>UZfbY5RnSVTyHUT>{~WsmPjhIW$AB z^<}2+&!Z&M0MS?7(+4NhO5uY!2q94s$mDVNQu3I`Fy1oc(s|C3}_@&1F%!XQ8}Y*Bus|9inrIxloD_i1*q+J9Mb>TL+L?> z`F(1-t%U8}%*d{2NPPo$cQGM>VGvpi*GbObF4ZKsurTEJ;=vRU0CMC5;J{N68 zymiDUtgynAICmR!V~YyUD7Wn3s{%{wsU=|*TQNj~W)hSe24ofJppx|-6VV`opx{x- zi%;%0I2SQ#R>G~%4@w*n{K=}qZicEU?gY8mB)SmJAy$C`WnTm5q%J&)s!woW*?&>{ z)i29??wQ7{J2sUq2XfQGr)wddq+4HJu<5brqqtWfvLgg}+K#uR>FqOmj20R1Ku^7bK!zBUq`$WxL#H=qcGuhAI>AHHGJ zPbfNx*qk)00RT+l1<+hj0~Ih=)j6Na*sD z85}Z|$SeDog#ss2rjuuo8!{c|er`e5aX+m@gz;XlGyzK!9tiYIkgGU@@o=*-A0Dy? z?QXT%n_z!0F!;6|R>Ol}^Eh@C-e;HLf|b%>yQ55EW&)-_K{THp%-EtS3MKTqbtN&S zhd|(*O2jTG^-?Y$q#Xp>V*&i91~}$-kos^V7@Sq%$`f4cV1}`;1E}=`CP4=1JCDKz zjD!XK0H;4V)P#2*oHz=hc0GZ2KR)&XlNS>P?OvC!cK4Mrim&>A8ytW7LOM@2Hk-y#sEXkVnQ5@e0B96G7IV(U^#*z&>yQeX+eM5!TqNz)_4!# zdsnOpx_YsIMbOpj@+%g&Jry7lmCw^482-=K+ck9wA?b6_OC)z0FwQ9d_6CiilPw+jgs?PG*O zh81C++?0ORYr{O{33V$w8{O!expQpdQZ}D>l>nSNNBwzkPKs=O+Ih>tEyfE$5#*9Dlwk65N;iQxkXK*3<3BEHC1vng9Ivtc>sf zrO(>`(y#fnmig;1X*T_j$OdruduG0FjMVj?E`17$d%9V^{2e^_OIBt-6=X~RXa)H( zP8j0Hgd)-(=@Wtdc%m32OHX)~rQ}=Ozis}jv42R*-E#)z51k)A|3LaW zm0<4T<`1|>k&G??Li;04f@^R|n)n(5Q~Vgm^ogNK`u}6^E5NGkwsjYcbT>$McO%^* z-5}lFh$t!D-QC?KN;gP1NDI2V)iyx ze{&m9-mhE2a-03ueNIlmzSHAmGc?dQ;-q8OGv=aWWnls~jDwk#j-87I_{oYP2XKE3 z;GUmCEdyS+v4)rNl@bQTsiE;defHaaFIMowVgv2xMrF#}yNa&j7Q8L=^P7_l0D zXaC9k&)9ALyMuEdkB0Dl^wpVsQPUOVR_wD7@Gq{^${0@4+xpLRfz`cCG%YF;_K2_Y0;~n6qDRQ@X z?^f8~oBsFwKbilv4;ND->${DB*@3$N(=oFtF>!D+F>?cd@y*EebtB+=s;{WOCULMa zc68CRHxe`frkcOp5t!}g9f9w8e>MDT2L`6VoM~jp&+xtPz6*YD^5?K@cZfc@8tf$^&clcy5jE?{?lE5riI6z=wU|`{35#ZnuP!JFhP|$!U1T<`9WE5m%Y(h*l;DJeq zM}UKaLx4v@LP$tLLPJAEL-WI)`Aa(h85*Poj2aAt7yyb40)`Cor4w)kyrK;l2=D;L z{_OyVfCPgAy%PZy--UPgAYkASphy4!BnT)tI0QHd#Jw3PPz(uzhJlQNijG7`2F3V< zh?Sk0MTG6?BPL=Y5R(x925f35EKdoSVIN}pg<5Yp$Za@u_DRqjWS1N zWsjr9K-zhcM2oPo6Ea3t3MuH@d$TzBR8M49q5C~;6DEDqZs>&Z=;&}o(V(W2tQG}$ z@g6V;Fc=6>aHy}5f&d%F6h#z?!ptJL0!H{m-p(ttlGr;-ug$&+72FZ&(WnCB;gOJj zI|II}GE}VL-x}l!$JGjd%MVGo-oc%l` zzbn5zD5#iDNVM!wqI6+URJ}B(;@>AwdQ(rrp=V0{1wf}0tINI`T-)3qpIfD*TOSa_ zcP5~>kvwMnDV4`Zx8iqfe^!NCiss1KRJ=1u;`4v=6aavBVA^a8ykx&Qb`;O&T@y3o zGTf0}7%X*bdP;$d0jnkVlwVG;v|pSLJw1bC7t_JAQ~XgmSM2w?Bc!ZvHM>)^gZA4cP}?*X2S~SwN#r`pBIHnO!KWT!qSih!qrMpasgJD zX4{FhD|768Tk@U<^NmwGI)99Dq01WnybANfrWN7zWjH5)U;XBfe(;CDNI>p7G^PLR z7>id-?*c_X4tdNHfzi5G@@m?PT_?hmZU#?rgBEtdCe--JJ6d6OThq7B{ZhUFm})sJ z>D0FeNu!MhMluMB+HLtBB#!@Jxhwp!2Y#p(7vP*y4>QB_uxFaugmE7;r{k=|Z|7h& z2e&1MmtavnBT85+MWb1XKFGzErin}#fBC}{SipWwZX-FE&yh2<&H4=9^X<>NzbLcZ zP3OeNHj>dz)ss=R#gkDr>NKMN7f#mEG(}s}8dZ+8rRp$~5vA&IMw2?x@OE*sQz|8X z=Dqi)jdQgWwrz}`WeVfl9~h@?tE{VP4QW(_zMisPX~%bH@ANhG-!XlqgW-OSPLH$q z3!VJrheF$F%b!h!$#`Ppa0bXfey0NR*w3}_} z?>v+CTvP8|4FCX225}3;U;5;O25>rcFcb`&>`aIGWdJW-W@cUJc4`hK^bWXKS?iTr zu4=(DO@V3Ly1#B9T{+^;0MNNt$$M4TaVG}=i2H@X9KghTvO1k@fYrQ#eLIgJHjI=j zCwfGC;54FkV#Tw(Dx@%Y1iTp9u>8krEps+S0Ri`Os6qgMxwc8en*O<*Lv;oz0AOU{ zShJvYm9}L9#Nst&dL>i$gr`k^+Wi0|&KNpi=5=Rv)=ht{>9g<>DrL~RZlk?ks-(SM z7-kU;b7>on#xV}P2}|XJo@S<>wLj*XyFYr9G*Cz5$XNOg2!lO(4TO>bbw6MiOF(GU zJ;goj#^ydvVNt74b@&*jUd$N2}4q_nPtd?dC+gt3$<$17`#UF!P=_%Zn za>f7y4gud#h;?Yu$DlX$f;@`c5o}ICd5O6f{YoxI@aiT-K^myovU-yGkp2xBc&{^=rNu$#&lZn; z4o*G|t+BffvFhwsG#A7p?4HX%e+d9NdZum+qE0YYati=>x~v#WfOB6L8GHf&$Wgsu zASRiv0030Uj90oYQl2jX;O(~57wS_FGXRKv$a@Iyi`I-ZfMNmC?phwua=%nPAo?bf z;NAYuqi^yFt#Q9HT2U%g)iT6KwmYq6#$z2a-1jPHF(n9g=W1N?G;BZA1gEK5`y?#F z{NzP-wE5c1u#WO=Jf1!NXxWx9-o$gGR(NG?$VtY$G3~^Gx$>;7Fu5$Yg_D~hjw$Kg z38nE}R1|Hp*_4)&D|*g#o^0)5f3AY70S}y_BK)GK!#TB-HW?~7awRT~7MzolNe3w| zvlYY7`(^7#I+>eJQjxQ-dQQdaLwSW2PlDnsSW>?L6kRT_J2P9o)XexR7e`ChG@n>} zwttw{!8RpjwQz;qVmyMK7rZ!y>4cKgY|;d`bCG*Lmts77BT2znaunmG8yw&<9@1i52UKrg|uOmC+zD> zOWmH9Rgz2|zl$lRH$;Dzt1V9RY<4P60(BT&tA>nvAo77Dm8yLIQeACVP}5sK*tnOu z>JEfue$+c$>fF{I?*#avBR(?(DTlW~drf zQS4di&RQ?aR5f(=ZPP6k+mi=1*&C*^8xu&KTpw-4^%9RPFH!f?nbU8$_!+Ome_RW`fUw4 z^j`o1ZfNc}$$Ag@ka5ZyvBh#@_f1c(U}EMzAMcnrD#h#bDQmE`u;}`Cg-4lv+v74eKBA6*=`(tmy3R{O-hT+V;$$(iEhl zTQzJ{wHG%5kKP2*iVvQM#i=L=<{4VT?wV0GJr z=eEZCW!dF7m^4L~rZc0M`X&*P2U$?P$-pi=TL?NR%(@d1K6>W_$l7)oEWHA%10=K1 zpC359vduWK`%U6>?hyYZ`?_&cUsePfJYap~_k043BV=}sb@W+N`+k=2-NWinhxm~!+I4aV4%In_ zKca){)BnM{Pd7&R8)*S}V&c&;{b$c0>M~718J8JTQ$Yd>r%d30%x!sV>Y~it;PkDEx>$V={ZX@wz0?npb-hTb@YO(;Ahlg9*p?hD9G|YCVZbIsnW<+Dxmep<|SutZ=l1!WCE)8|8m$ltcius(@g{O5y{>yi|-TCas z-YL^*Ft*+)g!#}^?fK{n-?Dn$qNb(z2R1HJcOny)th0eyz=o1n`S||2I6N?LjoYBEd?RkBlZbnuojksT1GVd_! zfj`dcw_`2cQll$ksps%4`<$kqvZck*nSfawjp^Hx<|mkr&6mg3v; z*$zMW^+~U5lbss%z`0>cK3BKvAmHl3BVDx8jopDc9j74TRZ-1*F6p1sp`ceV%u>iW zkzfwo00bu*u3=d0PWVlNJ?sP&!rueqf2kFW;NOeCLRor#*pTC-g#M(lzoUhhe5LvY zfT`Pj@^H23b~)h-0DXG@rstyUjmxG$m(%qdrq49xiXvdm7xR{x$l; zeEmm*`miM)*S)oW;VzWov-KO7Tf7(7xD@RvXb-g#8U#S?R@3A{iWHyb?I4ytRw#@@ zCGR^Kioykh;9!DHF@X>uw>$j;NObTn4tX(v#gCY>-q@|s7Q_^ax%depBO!TjxYf zQJ)UEUGaGl(xBwP^1a62ZohZ@?+8GIj@R%U!XUA`#o@vf5wKT64DAza88;Y*;k|lz z13!mH6=)@6$;!Y*3if8KKe4A|6lLT>!wW(Xg(CLJvl~cL`T`Iie6gGU;WGR-`t~8y z7eLjE>`j3)xlbNFpZh+C1IK=r1ruVE@_+ia7RH;4_w@!r&vhxq_3eg6&y=PR_U-0_ ziFfl2gqI8TGYn44>AMA&)GrmrpEU?tPZz!s97mt?7QJ{Av)s5L@bNhLoHy@wgkHd< zKY!o(BG;ZnJ+u`*P(?6Gf9ju6D z;MiQke=j2zT!j~0UGit|@VCl+EnnPss${EK0 zm?U6r{jUpaH~wD$!1>T?bH#7)wcPP?W#c_30>NXjmn-XkUicXuu(q+vdD(F38pdzU zuR{_ZAD#?!_*wYH=*h!%j@ySHrZn@|eANE-pZpg9J20YK+>!Gh1_~6!vu=AG@|Cw2 z^g?b7D94C-FqYAf>`Vh;cr(3y!Ea~RLK0eTJkt+{Sz?a)6Z@F8;7qXFF727pNVq76 zCEqr7GwWy>aM6o@0iZA^FmQLI>J3+HsX3HzP2qh+aC-F@0=wufUMP^aws`;KgqZ(z z>4V%YeM8AWh-YlR&KA(SQ^>O=B-Lu-#uZ^hdiY80JpccTiChpzbrB!pk~?4IO|{@m z`)C|m=)fy}mbGXrb!97utbH#(=xqYjBqF5MzW)tzuLgJMN%W*%w)>1tb{i~o(kvfE z%B9g`l&9ZY6qOQ`am5)>JGS!3hdo@221zKf*tI5p0279SeUzEr89KHv$}~pbwyy*h zT9`IkViJ{BO1dCM3Y=^0ofBb>AoRvDxS;9suBhg|KnLlYN&Ti)6T#U;Wzk9-2vOpW z6M3vjz^j%go~H43gou3s=-)+-wOWz1&mLu9M*gp#(8FjwdW)a;T;h$a6PKPpTz3$N z2&!N35I-&<30+<6aG`Q7*r<|9)8LFs2f0}jV@^j3)5L!PX+JumeL)G-1YUMWFd3(q zs-NFkkU5ozzV6%=%reMPm#hj)e--Uo^`Tz!O#|yW{VD~Hbb7a^T@IX%Lx>)t?RIgB z%rL7zVN#MFbT_?lL-k>Fv;kUI@KhCCdzdC^d8{~Hl+y8NXUxU;eN56{01McAMUQ9t zC-vBbAO?L~L|Mm~(q{RR8>@3PbJM#^V*J9o=uAS>7JWT0Y1S>~W8?Tv$Fw)>O8laT zXVuc<o%D%2DC&OPNU6^_=Q@Q%_=tTFkAKKZhxs6<^0|$Cw zA#tl6my?ld-AoSlu-eQ}v00S_XBh9K*Ti`p%oo6|$``=-gI*b?H|T~6XHx{a=vW6f zSrh)%+ES9R*eDW#ox>QQ0OPltLjM}Yo1vgEcRYoux?DyxFyq* zZ7Xw0O5R+@OkNEK?T?T#OS8@)vrf{6W9jNvY3RaB#1allamC4Ebf?Zl;(AXl zwz3hPN|v&DLaEi4_EYc5HSpDGPGhkc{a!V-X9vKNiX@L|98YEHD1b6nuvqTxeyr<7 znR<%)GGs{obCFcR?Q;FNoHx z()f%g7)lw76b{u>m`6rZb#26K^N_5?}Cn^>wp@W?B|DHQ{XK2@RxT?9fJP?a~rbKNSl) z{OJ;C88U?!buOtGpMJPO)ciA2v%0uuYpsSvWktVWT^R&(mMz3~s25b6H{F93woA3ei{VlkMutqsU7V z6p5K(@+juAe${tBWS3;EZk?oB%>!1-jcIc^dohKD*kaJcA#WNL7@madrQ0qOw;Mkm z+uTl=?YK^*JeEIG=d2c*rr3vEkUbcqQK20yv3hu&dx0;jHK?&lmfqMfvytAXVEj;v zCh`n6Fj!ybmR6&4!EYFY4(iO*Li%noP>|;AMk=0}*vZW-=1%(Mz0nXvjJ$8su{1A; z$?D>?mEuf@x8vBjnzs{D$*JD)ajCjSItBstN2EZ)RE&>QU>w1Z%|}ij? z@p1Z0C5T}_bmdza8BzZ78D-ZRk! zdJ|gzr}#bqF^%1gn*{_pW$(hPeid>#0N0by>RS;5(kijV2nwT^?+p_B&7=7vFq=;J zKNdlf9hGDMN(nT104-6YHa*Mky7i~#_oVoOqU3WB*)BG9f9(kLF$NPP`X-$Y-R~p) zDQFbi$^gc4Ci5e!KSuf^{z~y`L!y;6t?oZ*^-o+#d!r6yzxVZ^tt%(Lt@ech?yXBl z_~(-qsV@LcrRx#j^W7cb%NY-<^qrj-c87T{iVJUh+UtRj2&WGb-rT;qf>k|ZdNb|8 z`2}#mk5+zKE7x)%=Q&({8{eMzxh((uA&kjYQ~H7jjcxfCfc)XdFM#-6r-5o;DU4IouH3SCOqL5QlelgBDB3Dw;Z$Od^o5`N1Yks^lS9X zrc4fvjYy;9eS`g>jN-|yepkbbR7UdH+u8EBBd=P9dAll`6hL3>q{nLe@uz6y z0L>-zJP}f))JW<9D?EuoluK6lbOVRfw0J7JVo7uNS{sh;Z9J_^#T{ z#QL>Ae)Gv-H*#Ysl4uy|jeOR^qD82p#yqI^yOR=37E%nwo8 z7R<*vrPI6GX#6z9FO?&%k9#7|=)K3;7eMEXTx!%P+y>3C`NP1Q2R1t^CJ3W3G*Czk z)Xe5MazoD6O^43d9|HZy?BVh^BaL^cnd;9Z29SH|xj7imrQ#P|fom0YKwO@A(T&eY zxoSsFSvwmoI2io3pEnGb4R#;bcO}pMnT957t&wFU2qM&yS8C-(=r}U0+<}d&++ne}3bk_=fT@ zDONjAu{fuWJ%(`ZiI15Od@l6&B1Go;Y9%i5oNTyvIjONOMlNc{FM1%9MKQ1&*@X<| zyj?@~tRhyW$l&(~_83arlw8L`>ZHCvNs1i-I_1ctnoP(sUtB39D@wtyMeIVML%W5K zMpQxefo|e+?aCVIKWV=gg>yEFb3_f}MQHb>%=W46xVnEK0m6)PQC|l4QJO5_6mo5; z6^hvYzC~b4t4IFfhFQxO)ccRE_NnE0zqj>!vtLe9mgqrM*&f_5ya^9-*&u+2^`py6 z=2FyX-)M-6_xxZy+)5J2eabF5#x72Zr5s|wrYQdD-Bgdp(RSi$@oV%L5vsjbP5D+(jDCXlsj za7vXWK6O)=5V97qajRVWy17qQH4eS#5lJOCLORFyo5mFPrLITtym?9!TT zW=V10eg+<;;e1=V7}8N|VcVbMns8F0aU*D3WVb7-6;!Z* zmCI$`LzMLl+=QHn_%Nsvd1sZsBG@UyCq$UjE3o}_5JMz%9{h+wJA5XzP@W)O8Obi0 zPYAVXXHRCdpeQz5v5|(fmCzQfP~;Z7M|V>jT3r z^9Zvlyex9|bIXJ=@4z1_D*fasB|3v{Cp>Ve*D&FTz};WBcB^r==Y`0)W3!^kM{Cq6 z=LBoNqEvvP6UUEZ39@C9d}YxiR9(tqKa90b?OW=I>CZ}PH`Yn2gRDZ#r^QlKFDar& zg2b#mH9`!6ZPjv)sT%4lS+wJz`r6%>3$=%L*0BusmpW9pRtor7mmJ{;_?& z%L)a!&lbdAMF8!C-a?uY?Ysr81snET^xIlcQt#pBmhy-*aeHvv6&_#?#J+x;@KyX% z9CZ6o$WKfeRom|q7h#MV#Kp>2*jEk4Wedzkdw|U{)rW7B` zG%L>WfLqYW1E)!F-c~WqZ?ix0r|O5c$E%JoilAkUBO~s_ z)gPi2m%#7v8?*F+Q;gws^wIZ8@uf_%ln`wj7U|P9S_p~G!BGBYis|SL3B?61PdXF9 z&_b9LWu(CUXdjP0+7MblCDTQM@To(DA1a+B-;5TPlYr!(d>i9IStNnz=qb|Kp>NkeLc97I{OY?O!tC7DPS z%}l~HGcHRW6`EiNqKDyQ8$-DMG80)U5Jid7m&h9%!K)WMQS(w-N!W5_*O-(MRw4U~ zNZlS19tCU5o0J;M)H=`b*EI}BjAN9=jVkKSE z;kJ1g50TtxJGZjL5*OJ1O`V>m(!H1oOo7-B-;a)3z(%ZddGv5WtA@jx=(c?U=%6Sk zZ`#aXZcsD@iS`g-;}Kx1JrFCK;}agC;WiNu(_i9x`ND6-D3Rar_D!0?vs8(ObrKRE z4!;t5;fReBymcb&Cc0F;6a&sM_f%5@&SBpEq9m$<^}1J{a7z?wO0S3pHo1C*8l9zu zmN4(15n>)PMv2c(>QxtYm?--X7sIEj;BuF+JE;=IJcIt!BBPMfm_KQ6^-Zc~xl?fu zM!PCw7DDnna#Ahh(f!5p9%Jbrl2|F+)umCl@%#_QCd&3WHKs#|n94zGwP#Mhv3@7& zHSJ4A<3$j{13Gs|{ewNwIh;a_-=RF~q@0Pe*l$taGdb?@Re&z>0&v&J+k|0fuRW)dl4Lf4z>6|%0{ZX_sv^LRUw%;Wlr(Lf~_(}1#7&0tP z5zrWLsdPiYYuZ&w`#5Fo4;+J2;7)$Q)BK3KEKg_ZFw2;h$a`Fq@mDQf0xQ23u@jTJ zN%Cjj=(eqOmuRANZx8<(!kwp~r{XheuN_vXm>!~~QIN&_$^axYwpVAurf-)Qc)(R~ z(H7X~@P|O)c_`yZ$P%P7SEyM2f&|B2nHPAWrvBWOZ%?Kp#arZFg)10~+aK*t9=UF? zhoW*R$zDT7(a~7rW9R#6!|@YJ?nu2hqa!%gMc2uR9yPVelEdz{MHNP6Cv2XGuyu3& zwCLLE9*wbTOopvu%S4CP~GsISVeD- zHIjSKK2|@|i*&r#(uiGNDBTT^Oi~)nmOK*Vr|1MMaZgX>zQ$;5twO+YKm8%q+pN6b zcFk`}J(9v^x3iI?E_oJ9I;XmnkXtT6JX8snYzL7-MU5BH&rw7zY5^)lE^-q3@t}X1 zNh%FOtuc^tTKSxwk^8rX*CR(f9z7Eg^R>-RjN|#Y9flUQhE|J1@0>oxP?2t9NVfN%L`NK zfFfT!z0lx*k9OI7WT8~3f{WBwpDrqnBu|sGNy!};-#N#~AmvkVPN|yS-d~Po{?Si_ zS8+4Sd)-pM0w1ZzO8H5Uiiod>cXVj+F@#M*t{iBIR%eX)={Y@Kk0`(Ojb;q7lOeR> z=(iN|pkV8jHm)xw{*WeaQXL1IB}R`L;lgBPWAW3epi$e^f%uJp5Gi_rw@pdoIeSii zl8wa%4k~TCPJXaoOWm8LepXJt0S4SvO^4Cur@m1bb8`(}3GQ&TPTrUfDnL-k>_@eZ z#99;RzGP?GP9KxXD2aIsskLu93w0ne>L+BOQ3HJkRtSJhz|@( zkea_nYCNLRjW<-xE+#WyX$)hcoG+>I5hnU8qtDDon0q#$5sb#i2S{_tH0j{z8YTJ~ z7T+{L4Ac)+^g0z}Vpk{qXYUmoN*bi5)s&LI`XK00dvfp1+I&V~Qcb31*s{#y+am)x z)njc`rYvJtneM=ZQ5GC>19%(*e#KhL%$gq(kwMc$Z#K)smLS5Q?7K?nZx+?Z1>P`Q zzY06p6GkFMS6gWOLo#zo zEP=iT!yNV?Xf!egb|70me=AX4HL|Ja;aR$t5F2O_+rn^>axfqlwQzoc#;9>-ak z2%F&{WxU`08xrlZv@*j6Slyrp3WDv!$d3vn$XB*PVl1e{l+4iqTR{^Wl!Lm7NeiV+z&Y!{+}G?o85Z;wi(Fw|L*iz}Jl z9h#p~h`Ue^6;a{!$aTLBG|&RW%B9n5tz>{KS8#M;mYGMc>Q+a@WwEa~`u0%CJPd1r zF=*%0$r`CkqVpog`6}==nbn!1o4O*zq0bjUN`<{Jnq0Im)@L`=sW_Gv*+i%Uh^6+ulQX%uK^dGTQ57Xp>aEbWTiG zRW{dB(KX7m=qEmJ&#@$+8->d@&+=8NAjj1k^6G>ewy$;C2^oM~;h^2=8c2Y42~owU zm59{?W_q_zN;)uPjwxLaRHXQlqJ0un5iEj=ql9@#Hfs&^O29SiU|}OGgWfs{XgU=$^07@$xN4M20q5xkzE|S=xWo%CiTM5{*9sfK3BBfgh7ydL z`A+=T>~f!ofVmQw6YNYRH;GoqgTfD~QdG3bEJ~zG5*SLJnr%#r96^GHQ1&>i6yPFZcTu)?U}tF2aH#RWd;j)aF*Pa%PAmFPp6=4@++CUt zrYZmS0xc+zwCuOcc%Pma72Y=hbCW^xk8Jf7L88*h5h;TF`=m$isf?RZ=J-o44aF6p z4j?Z0HRZ9&+~k|j{5}s(R>H5dsN}PM%gx^+5F3i-h}hG_n)DTp?lI+>+!Pb-dj z?%#RnTYertVzwOPk$OH0O)mPJ&PcQ}R)r~VNsxm|bpdPBjyX!!Ud+Ee!c;u(n$apy z&xKhPy0e>A1xY3+S}QWMA_oU~yVVG75jKm8vZ~r$UxME-(x|9ZO^?!bqW4&B*nS%= zN(h4uvQ$3-|G_KyVD@DD6itrFT0Dw}h~!le)iW%FX(m~TE(x{Co9`|!(-Iw{Ea2vt zqUYAmw&P&*g2|7z0?m@uv!BFDN-|T@JYbd?eSlmVo7KxN+BiR0MGVmqZzvL$ryyBo zsA2`V0ewcNThC$^XS0@sQ%Zw3TB?tX7P8qIM3dC&O`~_?Agr7w*2D3#f^?;j7x={b zYqPm9jtX2XF>0joQ55zuFVXa<^MEHN3h|hh1w)Gjs>~(w=q6k3%ACf!aC&3Rsqfq}}Rn_jlkPQkc z0I*ot>Wrqq_cMMj`oH**2=6IA99q#>WXi$jGk}z()x#%5W>BARtifZ%Qa$uOfhDVc@lq)%uOb8 zkV+M_RPs)n_jw1~I*`3c=Mm8XqX+>tH%K5}6#z92__#q= zN+d*evsuKbeu|*6F@q^Dcu*+xgh$~DM5UnY$(lzG+2BaBZ&Ou1W!MIIL-R`$Q92@e zBUutM25Zu)wJ3*xStTH20T5Cc!S~U4fnUkZLZ0{Cll|zj;MTX?U^A!azIaYx@3N13 z7PD0UyeB2~+W$6}qjcGBi^6l|joF_9rn2dJ;hFyNb4nSM{Dx<8dF=Oxrxa|U_sFug5C!>3~noK@-Y&(tKqELVI7W~ zeOh=)+5~EB5;gS-<#BQoZrwV#qz3o%XNT}w09l3@pV^y}>BA@y3WNwNn5MrZWN&S!t z@$zGP1sw0Gb2^r!aH~AVr@03}9UZQc+J5>)1~dY7_23KyZlL=ecF*H=1C-+NeKY;R z{Rrq$B#ht}e?UJ4@4v?LJC7zezp>)Uz=aVn)GYna@SlL7XC;xwv1r^P+ceP z!Xe_S|5JTO%Bv~W+*Z7G{;Jn>hg(FavD-GUxDZRq|Dn;PIG&nqhoMS-z5B%3fkxWm zN5%Qq=FeP8<*ZK&_m*n;ny3Cfs?7GDnkL3eQDE>l*;nmdV7_iPiGICMU>22owl!G6 z{FII$1Y-eSCy%Uft@h_$twRz5Xc+@iqJzCo;0&&`!AH#)nJSXy6x_VLEE2daG1RBg z55ZbW7)g*!SuBaT_8vv(izg9=uv;>Fht@TbK3Mqz5V3s){GK8Y{HyhsgmLi=r^fs2 zg0`y&^0*I9Jc0SjMQ!i5Y{&xp=4`+eor*;3X+b2S)q$Kt}*~iey^7R*T zuVpowpX_bwL6DJs4wBM=0sh^eU=bE1oKND5*I(IixwrmBQN)kQJ>j*CP9B3IW?}F| z*N*<_|BxWWvg=p@lL|J*uU}|=1&~AkqcQ`+Mr0q+D4}&HBM*T1mn#&|(1Q2Ycl3P` zpkv?J7vk-cr~7TFQu2gfuDS8@M~!U}yyBJ8s9VV&4Hw}G){ zIWBiqvn>XxJ>HFN?fjJ2G&Lvjxz1_!pZ)|Q(2q!KaOB;$+-P{PQ020(&T~$idL8%p zc7VcjBl?Z~e_Ij1-cb!l+$?t-vZtocglm1V6ox{J<@^BIs^C*JYy=aA$Sx1aAgjG_^X+?)jx z3xc$j;@cm{d0~gpp*->i*R@goB$Aknj0{*YJv@}J0-brz!y|-5D25f9J}1y8gNzK0 zI$?7BD2fOyIFAw_vhvyU!Mm4CNZ~>iA^fJHz5SfF3*<>Wa^~$4fk-XIgy0m&xFppV zf~5$^?A@?3N;O@;>stNYQ*sF8Fh-Z`KRjOC|LOn)xbPF7wm7Y%Hm=*Xq|RE*_2`~d zeX^Ur*?o=Y1k8^N;`lFy2S)!R{ePz)IwSc8{nm`dh-SQ%-W|MEPE+W43Nn}T84ulT zLj}?oR&bFDG^G)O{qm_76m=}`Q0ru<0M9w9Br zN@!Sd)_GKQ;f>Rxkk$;dcq&9tHMJzP_&y*r)r;q0f5O#_OPD!7$N4OP$ibWiY12Qb zc}J8(|5@XSN11Y+@~i@~0}Bd5+uTN%FHthxn8+ATkPnFwm$Sa70&1C4;meaPfZz>m~CqAroW&e41;u_rdJr8 z?S&<16Fgj<#7=`QbFhp{oG3f$W#7#MH^ZxZ;t*%9QoF?LRgLkcJN%}j((PIx^v(PE z@-@lN1_7IS*0?kqi&}X#UF{=?C`)c|3%p%YjTGh;_}Q{E&g_>N78&5`L*ji0h_cr_ zY9X2`bCfYTX1F*n9~&22mOiF)FpikVpi3QqB8_@*3;gOvMX-KFV4O>FoN)$WAuX5f zxd;^VCQ7!o(esafQFF`wHAb=61FuxjXc`oeh9D}#eOHCx{Hl!z$IW*a1NY(FvKvrn zBUMsn;U(Z@m_+-1Q;Id-ITr_q(W+;p&=C*S;-gVIS-u{gqMOsyqdj{|Yad5wq^Jxb zPPyJ$F=W*lrat!qt`NeH5*jaIHxM3l{pqS4Y=Ky|@{Lh8YpsZfv`TsN+$!rE1Sl>G(3 zxU1tivSxF^t{&Q^NK?Jh56^-#?#VrR1SO4cdf}5BR^uT!)}z5sxNT7S5XrG}Dm;K& z?W1@nKCM&sDni`93s~i6$PDS4&V;s1Ml~?^EvBfBOWjH9uC3kAz#q*8(h9`hs@!W@ z=StUG$X}<@S^2A2o=9p14noG}omB6GPmSfgs}<_Qg;I=(Wi=|85#?W{G>S!0??dVy z1mluV^aiUfVBhU@7aq=*k0arAzIMQh*`RAm{(O?R?Lh0lrp#R0ObG$v1s!Au~=%(u7nP zml1A5%orMBDr3I7lD^Qjim!zXJ&q8&FLH`4!&v@xv#U0sB(3Qz?-L&sqCe>h@ba^p z6TWAVE6SI+}F2M?%Xh*x>DiJK52!(Uhxtbm0 z`opU|04Wi_#UevP>CLb(|;z4~JQp!MU61LrqEG8Ren>4oBYCi-<%qgoorBoXt-xR?9g-f{MaQ`buMwT+v_#{Q2srqkeQWY?^LS3oHKH0C%&?O<&5 zKDTrHv3Hea%!Y_YkY!;{lU-enY-d_cqlDHZ0wDQ z9-L~K>VP?!HU~<**Mb9qPPYv5!E!Y&F=j~)nk89Efr)4%G%5YsF&8|Q`%{HE;NB-H ztzl!Xh9KF4u9Z!AZ!2_&RgLHLJH#f-*Cy$lT=QLx)G!uT;uamMUWUv@ge@&!RxMk| z&n$KE1`9OHSq81Ll2WQ`1!Bc!8*7AZ(vyc>(XmB<+L$~!>SlrKEM^8Zt57=VN{jql z*0d3qi8olCY@=do=;xX;rK}W*ZPE1l)>uye~n4eD5$i#S#-_ zMCdi&^*Pso0%m8~xA#)Hj&(E}hEuOr61UQXps-+`?sKg`pOoGuES5ajAZ0#lmpSO> zlATpHz7C)B)MqLj9^aROq|EItGNBRRMoy3^wVfyCI9cKjs8aPh`&bxUbnT65BS>i^ zmYEc$^MR+&c@)DX#zU$^^XG#d8_Y1ssX9}0*sv1_%=fzkddNzzEdq1Q`*8e2t1wmr zE?!398t-M-hr87D8VwkE#)mo)D02-mL4~J?=?S?ZusxUBKP7(miD$kujtGXex(8sq z;=kz&-Dv6(t+6_-8Ltv9SJynit6{0qM;(B*sqB`+HNb2iq==J(Wbw{4V!N8Hv_%e( zT1FP)k=;L}Rk^tt(rlMuZr8M}aupLLUbrKM$~{-39-+WKD~a!nvA_fuZ7#plwbS6Rs`iN-7JCy$_NmS6hS7nrmrHSl>E{adqlSZ)MSKqsx>JKX8_Tz`W~18ge?3&X>l`JE zlQ5-&-brSJ+&Vc}!j2~h+)_Z`3!uNJY597wd^MWjQ(b&cs`4BS0Ws}STU10!v(a+0 z_3pDV1k+k7`kZL_@qVmZ4b4Onc@#PixaQ<|f|G3r%P#;4{>Hp+7giS^R(S?HV=lRl z;9Gw4Ch+cY{oQ9{IXNK2>XK`q(rzKjx;~t`VR&ey9&}_iEl2*RIKjdjF zg8h?hm>J>9xDFxmNtvsTrV->OwrbFMiV^n^V>`3RJvMXJ*-P730*hvzh8Z7)=>+i0ueRf`cu#d9zp zUe%U;aW-b@`O>UeSTR+TV7RO~{ka>Fb2JtqbX|;BR#`aP;~S3Qm8KrXpq|bjtLziw zd0%Fcb+Zm;c0p6=NnDouAxiS7C27?IUs>sRFVz=esn{HKS7|*>oRXJoB>R%8*byuRUVV(PdO6^i-tnmm7 zg`TP@-06YLxw`KbBh8I*ZoEg081+=qZYp*e6g%gx^QFx3M!n;BVk@nD_Jt}hMjn6Z z_qO8eubAOR34eNSJWS!F?us(;Q<}AyIilUAf@I8pV^3m&$O;Va^Cw%s!awvWWlaEj z!0j!Lxk`2=flwg!lb3i8k(H6rJ?&f(cPsObGa7pJJ@asz%5NO${b%ZwogOGQ8vxa&zZ@BGC!E| z$7PT{fr_)M3N17sX4marL^scenlj5U#~1Uf=TZynh&Ow>_*5TM+S88BwJqN?hPx1| zFOAkoq$;(p89GqRb}k@L(@Gf4EkVkeUQt3eJiYVi*!}|dD$ZF)#>2IvAO`<&|GJ7A zG|my@f~t4N4*hXFwLTVdN#5ua_-odt?9o4VJe|FNuI4;yIO@Cm-kwYrV^ccxja*o- z=M9l7`F&!NdG%H`w*09Ku zmo)VWZ@_YC6^~#H#>JQ*G)t}-zRMyaT+YY+jUq1PT8XGNe4zckV>%P2p!gTZU1$Uz z(?DhcSCUc2=+2CXpo#@sw9(gyclFF<kkcem`CKj@mC^@<8Sa!hS=#g0Pu}XzY51DtQv>+NE8H90>OB$ z<+LNq{n_r8u1#rwB(af=dm5i+jKCFkOv1RTdR1C1D`>@F!B(70r%R*h>|lgH&t3XQ znun^tt4+2y7Rm|lBL}J6_;;=?d3H^>0t?tF~Hn(+`+q=g*4#N!((jcjf$vw#5tJHH!zw8-pmRhA>ONvWT ztm+f$yBlb)H|UHl=4;EEzEZ?>Yk4dmu~jKOT|gM6Vf*fyho7_yj2t1ZeR3%)Kp=8x zW*-5wP5`E%P)4n~q#U>~4th3hBHJjHl(zYI*RXW8+4(hh%wi&}Pjj<5n^t>i)%zBx zk+pB-Y}1g0y{6c6Ym^bCDnw?>%|sFyIrDf_c|n9o;gZ}_6#%tK+)Fr%S<4aEzicxH z8n|C+ic9L2@f&rvqJ9YDj$I4&_*B!>;_NmxH}lt;li3>b_vb2Ur9j69%D#Rp8Y>>c zjMe{+&^7xdEksoIP0@kDSM<{5ollGP?1v5hU6BAJe^k6os^bz>r!mgRbgMjlqfJtU=Fm9Gwq zn2s{P-!_5UFo5${kA%7Nf{>Ew&EOICw6%iZ8le^ zVycg!CEyJp2rRdJX7RyG;$yK;pdrP9SB7?SL|Q5|nfI#&K5egoov&tG3YLn0+t zw6?fDYM!CcIpZV%^z=P-+h3s#9$}!jbJxTQ9Eiow0igFzs%jC)*Tt(~fJvmL{U7UJ>kWgJ;+f9r5(W7O7q)?T!l=oWw@W2Mdb$%dCE>01gZ3&Z9hVjh>h)B(dG5_g z)6(y1hYhaS?o%|!q*he8>Kl(|ZyYXqbuT~i(J4jmtt+2!6a9#{xy^DM^{f7}KvwGK ziROIJ@yFCzCXI0 zPfk85pHt>b%?VI?RSZ)4;?JqLxD?omG(q!~&xAUXIXGGy4I*sxk-h`N`bnd5FXxT0 zh-cqDa_dJC0pnNYllen5IgJtGa?A_80|ybs)XcO-5l8`-dMzH~hU2@lzjqIF3tT&R z*qyEfDWBCCW{+uf#yMNg{u~*9IWEonER2)J-`}u~DH2ATt%EAA*g-i9;9fr($!5K6 z6s+Qf<+RGDt1>zz+isDehgy8b`;20DsHo1GckRIgS1!Tm87vgy(`M3a6~7-YvJ4Ln zXtc!+<5OV3m5d92@K1Tbidbfau)N5etx+RMX{jj;ivh70G%0~fUy)L~^IY!O<7eWI z+Oa|pmZ)_pH|6SVtkGgZK6(9ep6|_QzK_QVg`*kf)%{n|vjSs1!hy`dJ&(nb*5=wB z`m2}!x&8PJ2rOuF;a(2eMe6E;8JS)Q?nN5Mw8~;3srqxv+nJ0)FM6g|2z~W?U;H;X(`Z zmHP?HBH3$SHj5Oj%&-gYDHBL$Kh=L6rT1(w8ax7Rs46wJz*&-my(*%=6yT1o&gD~S z784K9)lI3~BkE2=I#kYH)v99XE-4<3b z?9Haq<6f6aa480ZKEFC){MNCD&HDVg+_n6FbLOFSlk`lZBE34H_%F zwXFnXOjVsJV-$8pFXwn!P@vd?`KHx5Jg1+uRT;=EzIOC{YJ~KAwQA!bZnxjG$OxX>N}__$A-c zq~OkOf!R#3s*poR9I8G$T9i`Ll68aC2$I%r4t`TpCQ0L#|4fhDO`P3j>(Bw3W?Jn> zS8QETfZ`xSZ?=U5h!(z)a~PBxYxmnP?Z)WDh`>)5FkC^NU@fEc2Zkjo=0@loZAY5v z_P!CWQIoaJ=7g_QD5As*ye$PvKS7JMWX1W+j}MneJ(@v|3wq0=lgz@#yUYqXre=_r zwTietNbV(}7->1e#=;#95~J`vQv502U3s}t@(+BVsmnl+BboLdknr!>@m(QqURd>`6-9E_iO3dpfy`p3hgJqSU;`Gv2L)149)mf^X$exCMxm2XI;Q z!3qc5idVnt7FtH4tWzC7n5gjcGY+Nje727eIy=3||JpMsuZwa)TXmQnNd}3x1g+Cj z8L5xiaXXo{6R9Ivwr!&Ou1$LD=`NLlQ9NDP^0u6Fa!Q`f5~h&u)GpSROD83;Iq{bT zVXf6xPy%93u_Z25Q;p?KUw`ZI;rs~b)@9(~6BV}A8f+b_?PWLI?V*{7)V+y83g3)1 zeDj35*;QCX+NPw$8mL;135rfT3K^B7nebfTR6Rs?kx5dDt!2F#5H^X-(Snv+T!I_k z#iDlP2zP-DLre6d%8KHuzJmlA9za9W*9Tx+))NwghT!UZ!S z7gG%i1u^?R?-Cpxb%`j6WL-4`2ym>CZI|r}WM5spsiYs|;!3gJa)_1nY8@VK7ttbr zZ+(lx%BgDhh}~Kx5*r+saBdF?fi4Cm)XZnhIw!?(&Djg?-)M{eb<7 z^Mus<(5hOxzbrgSq}X>xizDte3@cP%rh>-$c%63&?@{l#Rv(NB>Yyu>i%O?&^~H6N zxh+e7Cn4LLKVu~l%9s*x;eYb0Z+Jzrh;92-R$Hz!ERcK5k-&NsI4TYIIHKsd4AZvP zKR$-dugq0QhllH;D6OFECgTS)p7&Vhx77#D7C$chsQr)#`r-R>kH32M!2c7%m(`)( zXK&gm=0my!Y24!&Z$!V*N&j@2mk9f^UE%#~YC!*tK0mg0=e0bo<>1HI7X$Hk|9`jt z?k1Uvs$&>P9$KNpf6uewYvD19<_6~&Huze|Jkj_ zsBNB@QL~ZRj4cuN4=4Z6Xa2Jr@dyp2l?+5Hbqtes9$D&|I;HiTlo|Hs7S8vtGJ+hB z*O;PA-2bpi^qLEUD|muVYPOVGl0HrD&pP;9Z2UJ>W!dJAFoAUH#d5D!h(W_PI_lcm zF^zXb|2j`UWbq9M?J85pp7k%LI%>Tr3(PBkRewqNdj|Tu%z^FplIw`DJ_DR@b%avy+w6>h)tk zt$VMQJISm2OShZsAAJJ{&jv2r)%N^$`nryO12X@(cKYSF<8&YTdb9dEo2;ul?l%AX zgD05cUf{C5daD_Q-01xc7=3l=ax3y1z|nnA{ZZ)G+Qfn11UY@lYx@5>KJ<3tHl_Kl z>qqkj=r_RWHs&{Aa^RNqH$VWjaK-lPC&!2Ap*9neZr~U?fBKr+!zW4aG`xl-Qx^A8#rbD&&t<4PsI$X_E zUa24CVrWRd0UuwSlI8`Ios{4&sYtQsteEV7cNxNzcKpRT48|1`Ig7?AC??czsXE9I zykyknhZ3ku3a)!*cdA%3sN(wXm=zULZ*L5R!U2V;t{FXfN!1P(VmzOTMMrgH+3~kd z?hceJ2)a45sI7&DdxD+T`TE0nd<(sM^1`r$7BzqwyE-I!nRCk@={wadpQ}>iMUw=o zAB&%S2WXB1#6tY`_^3_PReLH()UnS#9QaTMIxjky6%d8FY=n6|MmRqj<$9>)6ux{A z=s{|h=dbtaJ3o-OH!;>SR(h!GvG@S@2?9WX{%qHgc2w5dNdSnWISbe|oQs`W`?aj% zBmnBjm~ME=^(@$R3ldVN&^X)+&&y~bURN+FT%n3bCyzgT;`bZy#!#q$*e$z#$&o({zOMx)Vf z`3=!On6L9RpEL_QL1ovE-EV@%`|03k$z$@{gj1(qi+@DBJ)}Mqd&cbRQ`;A>>HTHQ zWXq4mZ~w9tv~yzY@G^h!BR91HA_}YGA*g!it^$A#SOom)J1WZd>J0z}b3Iolc%_ap z>OLXbdH9bTUb3yXjH9guT5>e`>9MW*`9k;c;nM0RRzU3^gWVTH1 zq`AAlW|mA>8?=xmKj=utXzW>B1>pq{L5#2-^C&gb7X1(Jt(zN5Kv{Yx@`6}bg_>=Uha;Z z993>ZA@JZ`h1qr?vSKru6t4;!UVeszJUEA$Z%mCSc#5L*C_veC1nSBXrv_Kx#nhz) zhU@gtQI@V41`UPtg5E~J+^AG=CabIxr1LfWnR3qVc6Z} zgK$}H7Sz&NLd29n)l{Q>)DVaVuJH5P6lXw4gC+sytQ1i5(RpdDw=ftEPLM{}LL#s; zN8`9{tDb%Nbm?krtWYaSlnj?=)X|2qM6B`&j<`;Bqxl-JrBUWYu}IBXr3uQFnkyG9 z5X-}yy=vH~^b2G4tq9|80>!2%liSewFzT8Oey$+218uhxM#P)()aAn83d0gd!kR;& zqqTaGl~9iW_KdfQHUUyUJdThHwG+?l1L+Om-XKRyRkCr{hWL^XzaGz`=DpcKq-V(u zd_Z_Asil3OhK26yc1>p(w^bUrmtWN0C}qw-PfX9-Tw6<3>Lbc$qU^V;F~(h-)yyGL#^M4&@%}&|EzweDJoB4Ke17i=f0uC=otT zF1T#fiEF%ME*hcKv$dC%bL$4?463?fbfQs?+e%b|F5hpPD3p{^SI195Jr&Q@M7PAO z4RDP54<2!PX6P$@3!k!c4d=E}Y#U-+_0M6TP2AUV9A%B32`B|)wJ5z8Qhu|;YiLdF z)8#$O)AAd@SST3r@%rt~GQ~U;oqw(*`k8PGm6gb&>X^25OxG6Hr(!w>!{pv;hNv59 zuUx?;+0JhSt3xV)XgBXea3NW{hf}YbtrcH+%1RVTjj-7hFXFt1b0YLo?N&9Po6_N)6*{(rS3LGIDS8W zA<{z+=B-Ruol*K55y**NiLLfzs*s)cYeh*gZ)mY{Rx>%l7^Ojm^8^)lt2At*!y?~S zJZ}BNZaq~78C|QnJ!K<;8Q83Z*c4PJeP5b8q8_tlIeRF$i&G4B$$h{k21XDt0P+T@$zY~Ywsln)r>SVU=wfq5lDw)9ojDuZv>#|yC_A1b~g&h-RglkH#X z<}1+0Nl25LCc2H0E&;l#ou#ox*oM)1K4ha&)w#-4_|@O~uvc31lRdd<>5MY474!(@ zfHCtGmWRfLIkAs1c%(_?xRsBcIA2i3)ENzwK{e$}#iDPGMg*aBde@?7f)UJAuoKU1 z>4y}bM}B$P-ktYoT{{lYn@`3AWibLWR!v5>qZZ?y`pgP!Vi{my1u4eVW|reBt;jl# z?a|M*w@O})>tbmixi2CoB;pW2&Ifl)8upd=IB?qGoUqasaZz@%Vf|>+-JEI#%xwk? zE`HH4R`0YHM5E$DLN2^O?lCAJ*mN=qR}PR588e(oCL{iu%;krl{=vzoWaTr?VAB@^ z$}|Q6H`=-3>2^L#m%Krq+?k_l)0<-kWxG#rEMjSXMF}Q4bfmf*S3gqv`U1Huc#N@* zcOca2ac3~8eGk8M`QFw0>^I;Cs&6j&X0Grs!S-}_W-|_Wf~GJVK_7ixr^m4u(=yrM zAN&>M=I&Y8vPR*f6#KIFm^ou;)y~y&UF~lD?QcMw{Uz1@{f7G;`9OP`9kcK!?+>JR z>97L+n+DV#KB`^;_;$JH*Ov?EeacM&q(eYgx>x}tgJ314G}&Ur_@T%M5A#%!uJHPo zo1Xq7Lje;$G8?BoBfXPt$vGj`&9C3{-#1q7L>f{!ijDyTr6ll~te2t24OL9jQ?Tmd zmN{kHi`}E6{kl2@C!p`K4TC^@5-GI{MwmB2;J)HzAQFguD{JJF9@65^ovQU*z0W?; zvA@x!Vi;sGOEh=rX!Vr2fG=g8)R`mIv@+RyECyhp(B{w#sx&cVL9&{XcFafuT^bBf zoQi4RmzH}glFom&x0xuzh1Vjoqk970=!$D=nH8_uy-;l&n|ld41H&lwhu-tBz!la> z0jHwj-5!obtNJV7F2VLMzL2>Pa>01&SBa^=Z@SpINz1EkJ(*TTMQY zsxz${;>Zx9c!rSj?n&t&CoVkiY`EomsVRD;GoYcRr3$O3UT2JUBZf+##8IYm;+|nH@Kfh z^_=iuM9x5gkN#*OI#^inyp(ZEQ3Ex+IXl^G^qP|I)ji(sZoL@kQj5dbU*WlXB|)9- z(Eju4#PLJj_nE&*5_v&7x`3JSRWN-h&34yRC)9fcOneX1FLrPZcdC52kZybws;h~w zD{m^Ni>~iVxRf=bm_7URm&oS&0cY7+M}BYMqNo+6h+rZ)}#r?#lIyXHd#}| zk+;VoD(gcR7~EBrt!89{+&-9Vp*|bifM-9Ncr|nh72#*i_djLj-?^lI2~}eT9ieKj zC~Zo*+s{+oL3qMz1FwgTSJ=3xh5=9w&$dp(bjervPjYdiAL(M`1hoV$M#)c;QfsD) z)~m6DNE=AG`rXlNAZAi5vML^vG>}DTrvt3{OJA}L%eg#?P z8;MJTewr&^67{2PaJ*B-wj^){g1v}Pvw`o80jX7nkp;sb9T%1rInz+KI7;BY}X`=inp+PjFupRHrD z$##3xmEgw>)1&Rc&_xAG68Y90h99jt+C*Gj>uPM=@C}oCdI`W4;K|TGCE>C+{CU3NskNAWSVwams@L8L zw^?j&xVta{f|<>_^reckKP7C3qwfzyZ_io}>b5v&q<3u%DN=91Sx|dAs>B6m4>OxU zh$_Z3o}|i+-KMmOxCA(16p}W8a4RaFP;@+J-UrbYJ8nE}4{k?{fEq`MCLl67^(T4u z{&hU65G%t&P*_uIGuaQ!{FZ3$j5kw?2C}N!`H$P>ueMDaH5A}iN)$9%wN7Z$&tl~u zSHFmq6n8Xdk0$lVL^RC=;!$%(7>&swHU2fJ4bG zb+k4Vez;Yu*9nqv?VquhwMA1K`xNSiVIV7(PrhJ_&E2HtMrvySjKQ61?upHb3nCnp z#mTFE(#Ewo|DD>Q{w+oMa_l-gN|tsw)F~tuBM0=fY+S=3jCdCaHI}DyA4+;u>B}5` zI6tKF%UGx$2`RACrPs#?Zo#!5;u#1`fZR=!D{5|nIL;@va4ZA{B`SIk+w)1yg5yzc ze*H6>Z&4Ny{@ss^@ls>GTUoYt_qwZw8}CbB)!Pd#JbN8zzV(AE8Rqu=Hvm@>=3-Y4 ztftYdaFvK5R$j6k*QE*a5;vxs6m967&Cd}q@i$8<(M8XQKTTBMXdiC(Q-U1I!(7bJ zXKw|ZsFW%7!Aw$auW_xddBiY}QJYExq4v-;tauSZH*~$SCY=(-0fwHHxV7cg^<^n> z4I@)EC!$+01#OJsY14>HiE4$P+-j7Av>s@3hn&_M`ibDJS+6|jeT#DXgFGNzg_?nRd>7;7WX&5Tk(D_MsW&Da7dbNst( zAmOvaAW+UZS5$F*?B>wK1U<0;MV(^>B;!!t^Po7};&MsgcyKV|#qRDz*DW7fBepQbO%bW zrETowrGDHU~yvjo$JlB|fC$Y>x`ymZGdIvSodG4g3J783!}`0H)NOub-VHdq_X`>Xr9{_d)9wjvd13tLBF z^@<~hV{2$LurZ=pB`H^#FOO;;4nOt8 zbD=H13wCmVD_a!=%_D?0nFj3>hvfEsNs-OVkplU~rZTvm{QNmh2J}oTDf0q#FEBQS zUAR3xq{Nt&yaC|)z-Hq2f80||R{aJ%R9ftAY^o<#c3hu&q7+X@!{uz85u@_6_&31e zEvSN>HFRyiIYXd9x#Sx)Rf9r>oLzKbm?t^edUe{}F>?UpcD;1UO2m+!ZNDrwo^87- zk+?m>56pe|J8xGs;b}}O^=^70BNt>_v{|V_URM)aj{y^h3*l8b>7f$Sl|pn+XAM`3 z@MgK<2i>*s+fvpREKTsPw^ixORaw}9M(59RUydQcvkPi|@J?coCopD}{ayKhQ zMzBU#ERE}BQNI@%s-$o!KXpPPY7DW8j7p9OC?8|+cYhNb8iXopX5ZENHcjTFQG2!o zI**_7=T|tmNw8By&r!PJ9|P;peJ{_#Ntw25g9Iwhh$!qGkte>R+s zP^%=7RwC8vB&i{|b&+mzyiVrmloiXzt4%-CNVkz2wM`9W$P^F&zDy0JnYzE$`s2`{4#*h8VV)J{JACr5-krQ+vW zDI$Zll5$*w4BaAs+yO_PbAx=_g1IWgBW9PRd4hzMmC&cQtn51BJ8U%?AvytQ9^JjR zBK|__iGSp};~Y&8RVi5KuGh=TRXgU#Z)pJ=qCZi)?2ji=D(0UGaK=jzKqGRDoNHEP zYLp}OF=7O)sqrUpkEormbJ04AHut#YDF!}|>o!P?C9XvPTN91BKF{Yd05O>?a6qhS zme=Bm{^I(&vBas?pk5DGG>H1z_$rCN*@NCYSzW|zU+KL3PeyePD1n3N^e z(ghA}MP}6WD-rnwc~fXh%BqvfJ3G+ENGqqOv^|6mmOzg^o?eThS|j|xlur_tKW-sw zG1V}f@ace|eB%?^al+bSA$B=pVb~0)tZhx#Tc|v$C?7eX`Sa+-7*HV^us1M`*U% zom20psgyWXY=YRxH_fKp;!ibTn%ocOykmDes1%v9=C z+UpwGtpvhYHZLI1ZYCjxcqkgHk3JS4ee|^{h*Fct`*b8VbFKa%f%muvNJcya8r3N| z>;E13&ai$&JS2ihXl25c^bJi*LsMIE^mM=~{$6H`ylTd-iAu;_Q0AyE z`({fp{kSw$r?|@M|4SBr$sp*p6I=?H$`kAI3NQSUb05Po6yQ9W#o6G<0gP@*=nq0{ghFrdB#S6^TtU_X1nw*Ru?Q~0d&0mJC7d)9e6E$9lvk;#ellqm`bdDhfXo>K z@Ua;tQ_fQ}Q>sJi=X!yS6M|(%0{ASS-IF2_`xxUMj(vk2eun3Xv8?p$Wu=7Nt;+D> z&Drl0b%BXJ5*h?wxm2shk5}d60>_nVSxf7kdb{w6R(HL!9#;aR^EfaeF*+F`hB3XK zthBhwZfy$Flt6x)7&Kdy=5;qVhq`kpyVMEFi!Av5SPp;lXeBiSEban59!t44`a#VroO(?i$y#2=-_zI(Fz)!e~}5tbVK1`|?jr{B}|5W&C= z)C9)XBG|_S`z12~BS_wCjwg2WDOt<_!d01gW&gS$67xWIY+3$2@tSF8dBV&+ZY4q_ zoL3LRWk^*t?1+r>WUJtkKKMp~Dy#5DsAPZ(&7>KMGyyvlxCt~U4VTQFgvH?!3w(pc zPh%1-&WL?3Q)>?OYZ|j@!u}ZfgUE zGo4v}$1d{?-)*vgWw=+0FYVv&)7q6`&~n;nAZrVpE#PZn(m?X09hIB;qc~ z3k}zA)|d@PqvgM%w=s2LyqM2C{P7#$7TZ|t^Nc&+>1W-F|fAhw* zKhz7&ko{1xE?nsTXbeUtiB|zqw21{w=p6~v6Ar14dQOh8AWE@!B5!b8&xlj{m|Cn7 zux=5wQ_{_pAAHmh=>_%%32{B;?_@vX{>R9F8+reY+W*#c2KDsc06?Ed^#%J@6me!? z)iGPF{>gM)($#-fo~lGU_PNKdx;UiR$=d125m+-j%e=hZo}C^#MNy7j(`RKeG9wg<((|MwpkQ9rNfm z5#Vv)aq;%Q1~05i=oa~0L{H1rHK*+fF`H{~vrjFwrnMZrh^twBFX2urzv%dq?nP|= zp$J_Zt-Qtsb)0-`e#tMqf&2lD*$<)HQ`;p6uXo&q-n`|f*T1s^ z$y&arxVG}4uE;-+MB0iMLx>Lgy^dko-3V6vqVzt!MAr+YR_sVD2&@02j!%KycNTZr z@z(WCStw9uX=@*m2oTQ{pCcX5uB zuNGm!c7iLuXw1FJjL;@EV76@LPH4doYx(S<#D`tRIqCs;%F#{svG!w`0{_yAnhV)j z=qFjq=v$S)X_~(+BfupZgL@PqX>{%XC8YOB=^V|f^W!6qRvP<5AdU5$Za46iDe+vZ)A`8$&PDlbHS z`@bNefU)EU*u#WNCft_i88TA0Aj#mi`cxiJA!)2_%8Td6{Ihf;Yj4$P8|(f8Pi;Nt z(p`xl%G{=|v{zuF{%;(2no}V8cMksoWYCM7y8`(dMp$AdC2vM+Y4Y1V%y}w`m7<{N zn))d(vSWOB|9k^a=TA`>D8rfI3@jk2Yh-B5@LE zY|DZmGmB{y8-h)TMAo^KO6>7Y8)N3}^|WK{`++*os3#+XR_*Az*}MH&RPb!&dY&`3 zYSQBS_=JxemP_p+WpY!G%l%u#>j&N^88DD`W|LYZ@kN_L2txn@2Ii8HT@Z?edF zyx_)bWNbz&8^<^X_GYJhX_C0k8(F=dz|J2|6h}*~gRM1lAe)JW_08qra=C&!lqr+i z#}s;6I%e2ei!Xzr8%%>=iKvM65(1eHtImAT*8=k*>xth0cG+sy&-4R`@;T;n4AHXI zTTLOobu8S$XTn!Ect+X-UC_*VKK z<+2wJl8}(-ybQCYf6@P)IE_#~Ci2Bm5lWnBRe8xggbGX*Jf#h>l+`t;SF)=5kbjnP{)K1z6k#E} zeqd)*xMS-L5BwWt(<}78EuGZp{ImQJgEuC95!Hcwc)4cvidB;X(v6lQ>CQPt=8GNy zKPntg#d1l!7W1o?9hqxE$T0+kMnOV}3aK1KkW@UBbaqbvadFc#vlq{;V7UP$%q?;l zxy6JSt#$>=#xbd1o9Fg!zht{S^$Zq{HasBYkZFyv+G-9C2@|7kD>gq=Gk4LQdY4bp z8g%C9xF*xX;rBu`-^!vrrKYO8X?-z)T3OlS)Zf;X(G?vXozw?^@|AncI-4L<95spi ziVD($r6skl7h4c6gq2q^+8r}V+;8!6aP0LG>mLv30IBtwt@{BtHZ()ojvK!wfNSX*FVW5!;V1=?@ja_3{U!~CmFON|JI)Z3IFG9YOQk3N@UJmn(GE@3IGm$c9J^_;1l4iwkqMg( zDH6vOP~A(L5RF|$+Cb$c;p3G=lu<-F_w#%(vw9k5^r$VTCoWfMSq-|H109k}U>CX( zLXa!uT5;{+xLE9GDNv)c$f@$c!J*%oIAM3xi>gM)c4hWL=xUn`806 z1|iU9nyB_a)arct1<`JJPv8QhQQWy%s~3xHO_C{3?Gv%4wjT-$ig}mz&Xbr^kqqU{ zpBR!?8Yq*BsQ4)sUez02amfPdXxd)Q>ud)TEom&(#cSIDXxpjVqYQ^$LE)!t_F2H% z+(;cI2&Vy5`-m|8BcVH6mI4~|vkys{Xmp3%M4!H?9L?$<)YcnObhvu_l-z70!lUDl zhXZgqbMC*!TA;tCV{A-QLe`xZv1)uHXvSS3A2x(Q`A>y)(*5ks$Tg&#m{Z;=@4YZ- z8=-_!@gc(z#-9UCRDT0-2n0)}6fC7q+ik2Z^2)}B<(=qG`Mv1ci9VTx%nvV!Tv^kT zTWHX_C7LyC7&;UQTGEPs%!eV;(M7>A7H6}@4_N_M8gql&B7o8y%$yGJ>@@o>D)`vT z0ZRCh?vhz13N9QgiCqyWjeppXhfy_Zszkk3kf3BkTgE&{%nZbOr9U7Tpj%qh!?n^k z3l`RAY_kqF0e%wi(G;O%fojk2nQNur^1*1zeckEx8|}B*s5uj!qa=i`8OT3au8N=z zmLGY^2&m3`0#+4~+|C`~GY6bdh@D_?Ng=zZr7{2eUhzJv<&{16=qy~#*LcE@-2z`@ z9&L%5HVY+2)l7WT2-lWZr;a;wg*a|V5U=*vjK7hzbk)zC-Fn4{i)l_3`t*aX$c0eS z>kbn|Q#Otj8lI%Pz?Nx$B1||`d0NH*I|$8RXF9~rLywT9uWzoyE;e4VW9z@iUF245eEIpJ@?yW3P@mUd)f_dZ!drG6VZ4 z@ju!D`Uq}Gsz9hN#3{%^Da#pJ`C~VgjE-?E+m2YV5jyO#trCmYA<#piW~o&0j78fa zRhWfita>Q3Gs3`^Y*t8EQ-t(I$P}6{b8RW_o$PG2Xl7fg5{sW%mEiXcAQtH)T;Cv{ z(!QzA~TF#HOAkssfZO z5W(pI7INtTALQ*}Pn{gIfk}M#f-C23wFFw}pk(8(gw#Denzr>LzdEkpZMPX&$)>Cb z$_W#qVd+N^s@xtfp4;jk7=g{3_!SIM(j>vdK(5c`j3hc`jMUc{+{EheV^KIx79Sor zWv1g}86f9UndP$B-0}DRI2x!YGNNwHkkGk2r4GZ5&7Tw?F*9mz2s@P1>xLdLakP}S zrIgb4h*N#prHayiI72%45%wnn;$=Q5Lf}k;+7!UYRf$|$buAG*JUo@#+V27%!hJSg zsBwnIOEPJn^r#O~Dtr#V8PyP6&WN>uGUE1YKj&kYyDRkZ!+4x(rJFXq>PP!n zpp>lagKj_6G1$X43tgN@Z<{0RiHv^)sW@eG57wOGJN!~l(37^mw1`->87>mgKfH%W|a zvefTrB*&8QxHz&k=g9*T3@Z$$1B>_4zV{c@tGV=Bwd*wLvw0Q7&fB$mr$VQ(tus~8QS2`V>JZd7=un3v?lW6)SXBLf$5lPP7Vf+pCrcggAH{ANAx_$S3~{71!)U?HZNf3Ll&WZ*eqx+M=WcKI$GEQ44QLy&s)-Xux=@A7ic)uG#VS zQ!?M~$$`hV0sl-Wx1*c3wpQS6N;uefi$utCKHWY>!=jpCS(PXq-;r1|rQQqLW6R7p z2MB$vj1n@Z z=KK`@Bu#OTI-tK?u>V*pIpKW+_F3>IN3+LYwBRt-)-E^Jk}6*@0-3^%d!96-)wf&H@{q!{ z*o* zSK-8z6Mzcg!7dTA<+NK3a~x~o=)jnjv!UI^S)T zpQRi6XlQX3Q+a0gBalX~7MwQ_NT;L>*Oa z3#Ee|CC@YK>sXLflke<~di%b}Y?+U4w>+ng z?`^{6d2rD4@hm-#-v3$J{P3T_e~lP?Zr|oBhq8ZX%L^m7oNyR;J+xp$#7Y@YyIHf_ z4e#G#<*L)~ptO9Q&aEOZcl?~*%bpsYDzu?@r{PMU?5T(MqP8@}uFX}Mhq+mrD=s92d(}khscyfSy@_;A-zd--80rZn z5!*l1#$UkB>fZJBu1-JPzN%;u307kIhSuj*4enhnf`IyO8r8h_?3&klLgUV#`k$uw zD59za-B-b`8?!1M`QL+BtNYfvS8)A=)1KsZU@_%IguhaEddrDzBc)*ui>c3%JXy9) zk=g6+dRz;-%Stgcqy1&{-DljCfVyd9AzJZ~h36)db-wo;{&Ggd?E?d$2B8Go2&+Yg z=#9WqVu5gj*@5KX{O95Ah%xmQu4KJw+APwRZ2=)YVFQ;apHkB)|1L=>s;$kJD;V%l zy?3u)F}JLB+si-<_N(SkR(l*<0@KPUWV*0sgihFNq1)K_end&<#eEGSB_AByXSMd* z-9jFV8~bEV0G&{^a=xkMU@qqtc$C?$>L6GlXAS&xVaPtdmOtfiVBVkdm-M zkcr??=-#zS(o^a7=)ogb2#cnJyG^5Kh*P4w+ysrr%Dvd?vgwK=idHVNaQKpTcrDPm zu%}aO@u{Z>A(+6O>ukf?-Z>4=el6aJfS;HC+&btd5^D?e(bY5FAQ0#_1G^GDg`MeJZB4t$4w3P_u$ffD&TWr(@6LGzmUjJ-_b&bb@uZb&`Wu$^49Coa* zsdYA?<~DZNrp3yrYwTC~%O=Vo%X1lwg|?u(VW5giDl^ugQ^uGapt#%QD}nG3X1mU2 z$dQX|!!o_tJF54ibpETxDN(nRtKFFZ8#RNH^9nw9jHj1i!!E@+yN!MxdfZxsAJg4*-8@uHQNw?K~tab5?@X(^O@Y?}zLNM9~rhBmo2vmWA0{+G>2*Ju5DI zuB#KU&OZS-E9O?(zp=?O@B1VeR`ldcWCzf9ulLrSP&T)-$jGIoy_0YA^BWHzJ$}~n z>5HLZM%%TLlE?dttH`%+PZbmu=eNFotFE40|MKiv`%gFN2;6N#upAP8*gKP4Vb+A^IJ?sG)$h7qQ?lWQQf>;8Z&WU~Ai8>E|09`y40+tJ?^-=Dz6AL! z1w4{*G2H3`pEoAHx7@T8&u=`C{ZP9+r(A?JuWz7$y(?ohYZlNnq)0O*S~98rvIM8Y zEj!wqA(X49fcqlT`R`b`_WI$w=zh>Dtk54f$p$}PEddk(1gU`gqU{SzG` zRunSNG8;&bNk*v0L0l(Sv8VX#`5U{3$vQe>A0kOb4Cfhi$4E z`UtT|(64gw#}{pd)Ui>OAw~SUX{WbWb!Y=~Tya`6!Z|3!UAkhx9z40f03?5(=C(Y> z=hu-R6F>1-3voGbPx%tDu~G#69b->;47};z%^-RXThwITirEqUR#+srK4o3zojr2& z3PJM$0m6W3CBl=5F5y}E{geo++{zMFsdIEHy~KfBqOiEu*|#0FoeS=EO@*zO&C54e zf6J|B6{8<=eyvJAb>-?c78ZZDj=MAOe22;ysv9S!!<_aW6o~i0apOLPt7KnhG7q=V z>7E75!;bg>$~P*<7Ug{~;r^@o#S^~`fBG0VBR#R_UoWH|7r{I2GuGR_IMXu;Mj zjKj8Gd*-;`nkSmvYDiMA1v1p#hhxySlz%$nhj5IO$;#QeC5ao@)g{|>p@;qAh7?O( z5pUo?|3FfS(U=~{pU;Rw)`F_hQ*)-cd)H3a_%hLxt677W&x4UR4)?M{5gpNkg+Y*) z-8S?BP^-lXpY`~xN4K!zBh)Ra*B!=qI`bhg$*=4&k}>29nhOC6Y5NIY1HvI~@R0Kg zb2B(2+fRjzlwBbM*&l@FXY7xh70MjHJmvKAqYd6J;QO%Yyv3T50wx>p)JCZ)BXoie zs@^PshoKvGXSCgQy$Q;Jd1=MU!A&!bT3fd3&Avi2+83GlHX7OBknj1`_amk~#T-0R z#(EHK8LrjfF)`DT=jKc8qrLvWJ@Z=vz%y@KUa@kt$9I-HNO(!);Rfa}YM7m}OtyIW z?xyDXPBQ|GXf<;VH#h7amd~iK!^M$-(Oc$J6(pJBf!JQx_~`o+A{S-ESm4}MZj_dw z&xyZvsuWcTcjZRpB~eZgx7yYLb5e~QxzO36G3zuLE7GgSEq;S>ITSZ(v?b_qpftQt z{bghINJw=9u4T!7x&`By$ESABF#D7UNwV=Co!epngm$ZI)0-vQNlcd6Gp{^h3&hhq zG`!RW;*d>vNA;HaWdf(QbF^wy_+oRKmx-j==?O$@=brN2&RZ$FqarM;1Ro6!@6Fi6 zrq~{;uw=7~tCOkf_D`D(KHo_nyWA$dV&bZ>$YjHMVFNDIS&OtJ18Nw&nnm={cb+j! zhn!?(;$f+K82AiSPS(j+=odK4Px7&j8#5{Q;7GCa4Ep=>kUCQ^QI^tJ+dJ9s2X>-{ zV^p0=#JJmg4N)qxH`Egmo=*tZLYz>CyQ=m<=w6L;i!j#GqC5WDX?Lmh0UJ8Q*RXeP z{mZYDeV+PZ&!&5YIlqWCDNY{w9Wi3f zI7kL#t@a6Yum$+J4tIC)b4@5SdeGlp+5GHO9Q{G4c{;eNDWbLfdR2K9&Cfq5@Y}>k zQ0sG41n`F{R2rLR{Jgo+R9{y&D=4`{D>R?5f+@L{W#i}Bb;s#wTZO`X1_m$1?FE%K zZ7+LEcjU<^GsHCHS~OYO9rffaIg>r}htv9sk1fTjQD86!`>p)?)~QGCi8ho9a_rMc0GH-rLwPcJr&WY+1LPI6Rp%Ju|-fpeb-Op zawH!Vnx{jn0e-r_09IS@+a`JaFjvP;MNVnff25%1%+3mxIZ1M!x8D=7VZB*{GHddS zZK?25n$*;Cwn>vI2d1@8lKGGt4r^mU%_#e`rsfv6>Loplk8PMb&$Wc_RA|6fNm6Hz zU6hydgbA%S54>(W=+M`9J6+Aq!j1@OQCZx4elDp))OVvTeMsYoedP1giB6MRZ@mu~ z${7KqtZV~6Ns}v+CKPDhoJzazbdi8Md*f(cy?$0)>lz2&HzfF|rK53{a=%@UuxJwQ&) zIC&=Ul&*<0-x}QTD2#`)A?tH{z!)_B1$E0T&uDJc*X`x;F?09`=g})&ygs|>mbQzh zps67<<4)0o@e_-z$zaI+Q#|NLYu$OyS$|p`bs_4Hw?wOXggE-U=5a|L)xp|*a&%uk z^;ds{(*3AG5acQ?I+}yb$=7a7*u?d!Aww+wHLLhw6^! z^*C!Q9NR$I+=a}L)Qn@I8xwPd6d55}d4DY_CdvEt?5^=~q@IM-xSWHDuJrG0^=M04 zd1_!BzUXd`zD2Dqg7FRmdZhhpjVcD0b`?D24C732Gs-ip%p@sH08)>wLmSwWlVYcJUP^9mX z6IuY_NEPf}iM`$AvbKIR3wOCMz_-b8iM|rl-s^2`4v85LZ>V(3a_uGtKBrF(Psv}( zrq4v#zKy|qX|7`#zeDs)=7q6OQF-A7>sl;#DDW}({b&RP$^_%mCfDpY*z*D7lf)SgshyzRG} z9$Q1BISlybI}+AX@Uc4C;z%V-Hs@}w+=vSxNDhMpbbbMNVvdy*62-t+w6w!1#zoee z9Ko;+QDWP&dWL-o)fvRBuh){udK<~Z)v^zF;5zGhalmxtB=`_B)Wxpe#Io37^{ZhJ zxVOL6-nxsj^-u&DpcT~FhgFU(^8{arv3%Og`}&vxSphUbFm@SXZRduN8%#8vc3W=& z@GobX1!~S^mX+D=8BPyEoFbLJ3B)#?MoZYyewrLe&UQkm~ttOjSI7! zZ66c#8L?Hjar)-W2;b|gf~b?bPyu8rZOAkMlUiBbQ^CiBxVnTlebo0VIMK+513p%b zK>l%)twUxf5Ci^NB&8_ObXew|xfKhMQ=px02Ic}kYiolUe$8@CX%(qWDtbngqyhda z$z+?%YLeqQy@i8UkV8SjY`*Pk2Sxa!Rs&=|2QUyp!~cLPr!dt{lLQ zX1n9_M5DQ&a>X5MWDHb@8&UV!+j_QcgH{s|4o<;vjfMu}l%}Y;nYv!y(_aede0Gz9HpMf>w8vB>S5vtyfFTUyUvaIt@Wx)*nea0+| z`*cmk5pqlNu&D_h$iqm}K6-_MNvtykR8Q7hi|D&BYXrx>WqkaZjm^$*5avWj%ULiOH+7_CwDfBOsY>u*PHioRoY6 zATtRdZn)!jcG}mls3X=MxQ$>YNT%k+g45k+fa8DxI6^untU>y5TghBj!E(6l@-1aN zGG$2B3umMTMM9rc{4iO~u%E#9OVs=E{&x|Eq@P$LMgP=L0-l`$<$;Z3>^_@QKWYUn zc9_EI|BSSk2PgKW&a#vXO|)atpO>Adl85s(vbR!w>jo6t(__WCzJF?-C_)0xL|(c^`ulMEd7N2y;e%>qcxyGhw6NFCI3-F zY9C!*Vc+z=$i`-AItth7d8)6OGM(8YK#0<7iM6!3uvJ#wVQmVKyH2`QkWm1}W<+m= zXLs%=EZ^@ccoOdS0KMU&P@V87eURZt*Lmy*Ii-4VP6xK7Gw!iKQ%auhd;k8oi=PMb z+BKHOf7J{1*j2cMX>xnQO-IxE=Sp1Lk;D-ZIqyQ7Fd2c;Q|GDst(|u8t9LEx1C=T{ zAv_lGXA0ZhA%!v=7BE{K7pKeev8Xmxq#kzZK`kz%3~O%{1by~RUHL06ea+wXsFy7+ zfKxkl9feXHvyz=LoM`UBzSTwG$x>Om-n6p}+C2Fkg1DJn4`3ColIL-v(6BHq)rUl0 z<%yJKHR4d8;!fp8QUdq=$&F_{ji_0{DLkg#pU3Rwe;D)-McrC6t_VJwrrn3YE719O zcmL7b<~|P;O99#@kcJ-S3~je}7&?1kL_!Y)`SHexWb+StizUao)Q7}07~k@Fii61j z%$V}$D!}g_47ui6n)$O%P^u1QVVSqwt*0Rn0wH$|KL6VaPE)nN0G8D$hA?aGM`?VY z8&fz?jR8aiXrUi_{#bY7M_0KJ?&QtxRoMt9%XnO@ZIL{#>NfbBuE78Xq1{p(kGGuSZF|_|K*M9}Wi|W}N?l zTZQ+l=)W5OZ<_pcNr&@Mc2;2>=ER_-+-i|f6f+vL?ZviZ!9q}#9Jjh zC5wZ5(qkb~nTA#ObhQ&m#>~-Fomu)cIwT!R+;$~zw}5%A2Ob9692y?nx$o_=G#K21 z&Pm-8x4)nmw-%>8sFa$0Nhme||Mj*15gHSc>bve29l$^-6Q%oh_)4urqa8&(B{Z-w zdm9<2pe|60Hr>Kkt~TzK{b{^*H3`_1YF+yK-_fH8YrQ|3*~M|wycaI>DD^**_dh7k zo@$0VLhKE_S3KKZtP4V@q_ni9wNH(tZ9)o^EkNRAA=B$hUY=*C1G?mI(U_dJu`I>EyQ=T8M_}^iF7|{Cq zH_+NOUbw4uv$HOSaI1;Gb7ZOQlv9Ix_2Cclm=-Q& z8Q3kJ1;MjuzTodPe=8;bJ0nj07%>U$kceg^8qR29ivwaUow{aeys zGvOVLe=?-OM3sjAMjcIK6;emcHTgL+r-8mw6)jVAuM$0?6mq4_oWFw{_awf5KqXDaz0&dEXKU`l$~cMfzqHmX z8e8X0UMYu5RR-!|$U1ZPXzPzlT=d;X^Y%?XlgsaSrV9>2_1y1u#>Sl?5VK9QKQRNg zDA+?>r$`+T;6>}J(Lw_HiejUTk7Ri33Zjda-w2IF+cLk4>s*A2 z6~|F^SX=p6n6^{3vlzNP=74{>TYU01AId0JhajzbDlRX^CH0_W`nqu6t#>)WOKkL7 zQhgQ0ciboY>P_clx15y4I|d#1BN#Ov(F1Eu`+=%)1cLn+KzpjbY+9w!A>t;m(2?7{ z1mDq=wkPPtv5PC)-Zk4-_(~wkqrT*=@SH+n;g%Y=JgC;vV2S+w5c@J~Y5MrsYrT?D zwJgr|xEr#tR}G7HA_t-s&|3RR(KiM&R>s})GzMh&b~RH8ReeV{P<|FrHmrpoHEz~Z zeNro3P?k0(DyP{dX#}Hn$`~!D(STHHv(9&mv@!TP%j?Otf7_?QLgrEg<@jVYKo@++uNW8DO zh-%cGMADrgE4Ep=;wSu`qF#@txL_{$?$I?mmIau&K|89oZrHxt(ob62r;ds^7|JR> zH+q?>!&w)S?EEt4ggc%&^+IB20Wy=Cf#e~y~4#rI0#xQHD+#?$mwv?OaH{k0__SMS^LV5S>E zdGZB=`YmcMQ`~H2Nm#%yfN9@6@L@&IX`9cEbxUKv=<8u*PUvaN89Amp5k9qzY(-qO zsy)4No}Wic;N_IkDHn}Fxrdod>vxu_d>tF!=zOzrVY}nc>x_vv--fOW*Ias+EWzu> zUyj+mDxrq}@i2j~^o_95@MFA|n@0-^#Ji)ouv+r>Lr67oXHCxIuYmPZO+sk2N{L?q~QGq{#*o zwxrS8pMNXFLeR^%5@}&DoqKPkDnkx**NljDnWeffd2ChYIraJ$cS8v#he`1O#F zjI1i!n`55i?)3rlc0?4|H{OaNDIcdGN^&Jsm5%g~o7EKFaL1W?@X4{oWVhRoYb!U7 z`V9;wa409IbxX0@vkp~xs~!SjyRMrr)TmwiiDdp40PDABVLbP?pRVl@biUfKB~YT0 zi4-1dc@g(+Mv#=K@S+{4Q>#5UwNQ?Cg;r8ROF{BfyOQe=sP!1d0xVfPsl+B zaA8I-p7c+#{6hY>#R}dTINbtM{40!@rNg!CA}j|RC!Km^$(kl=Lt$?K^p8W1Y5)CUzf=kToh9ngbwpl`Nw=Q7L8r5VJ;(&k!=pf!kI=+h~ z#@2Oh{=w4DSeuP4$bV+jxpU^C$wu6) zkY>R4IrGTUNo51A)WEx|LwhBWgxY*fInVFqSu?KrN7RqmJdft^TYqepZ_|V7?wR*R{U-W~WvD_5)0Azjms8 z^Ku8eS0Ec#Hr69cS~#$e*s%c!ePWc3bLOO>F? zv4EdN=g&COJG16*DF@@0ZqcZ?*ON9QGp+kHM}RQfpb^AVZr$=`x*2k$txf=B0*d;q zLrtV$*BoO-r$QX>WY_u;`eH;ddSY?$jK@0nzGiZuwp%XDv>+$wxeHdJjPiEMs{n?Q zD~nc*qUL%n%Few^J?~A%v%*IVa4$Vb8rMK4Y@y728bI}VPQ}5U7i^h#9^zK;Bv|3w z*UY65&HiVC6tB-;%HK`G@F~pkFQsUCFHp#eo^*N%wN<{W!f;!+E(z1l1-@eoN4isW@Zpc=<|-5|G6iA>;|+Om_apuH1H$HQjNJIB z=T-gNS(oWY>(Rft{uHk$$x}aP%h2tkpeX!H8%cBHZQz0v-{y$Axe_7m zL^ZBctDc7}`)Qlz&~MPt6$1?wI$SL7ohzi7@cAe>?Qd>24on0aT85x8Eo$Yh$bQx0UD4_=2vFbSr)fJr1p$vt0z9%Av`34vTp6?KX#!uxUWM# z385JAuM|?%&2xe*$FgHDgEhL1g3{f@h3)#gmpBSvQ4nwJt*$_u_okW~f;WP0yUuvi z-iTE0?M`y%cK5u+DLmD?D5%l5i8JqsV1j)&%ks|*L78xAu#t$cCTD3_XT_wiv+rp? z0GmSmx^|LPFgLfuW)okuG^es7Q%0RZyO`8d9_Q))`=d6qfS!4A`D}8M9zV+%AZ8b; z!wUAEDCo25wf45~LNv;vM8z3WgpdO2(79PVWZ=hy*{2sUX6|%IAB|eAAZMK|!Thi} zuHx9C3nGt6-7>`88A|l+u~j{}L=2tXrhzkZT|ed-K4u>RrLNx1o6V$4A>H4}rsroXvYPco%`WFGU!naO zm#D7&4l^;)HNws2BA1?Cd)ZSBm$pI94am0w=pkE0hr^keUY*rcE?I7M9JH3SD!zxX z=Fi~HA0X$)F7S)K@L;)B83iZB;39(Dx5eSrcMkbM5o%%Sv#eGAHacf)qi_#~X;9;K zs8ht#KJi$R`Lk1GnyftWqK+G=TE6ZTJIK+Md)O!t<|%giBhnEkGns_WP)<)KiW=z< z+k)MRexy8q1~7K|j;>TRe*t_+%Gkl`MB{0@bX`A0X_V;jSYW^o*Zm7l^&PR11{`q_ z#u~uk@|8hP)rc?L%&J2UuQc2_wI$tMoU-5QBUR3gUTX&qes2z?b~{=n5RG!-&Dwp& z^`ZftC*WkCDL*G4D?}Az^>y`V=vz$42H3{&vyNfaFs_6*biC!G z-2ed7Oi;Y`8KjpW>atULQR!V$S6IOqcQs-=Y5EYmDkrqdhvr^M+8!umffQ?j`9 z*3Z^Gc@G!x9MidWQ(PS{Tg6T+96UepW{!IK#>jdrSNW>iuCwvW!0Oxz-h)RWmk=Xo|RnDR&-t388L{oYf@*sL_&ppxujB?S*6h_|3$hn;!I`;Vb2^ zORMy-Tql19)dn2ckSn_pWFvyYD}V-Z_EAoua#>&zTpDO!T1?$Ig8PvL8*tdcM?_vY zo-OEuYp1a^s@q$clsjY@ATN_-bAWresayE(=P%|%{rXZS=%S5g!`uQ`vNPU+%+&EI zvzG3T=QU;NGOb#x5Ct=GCVfn}Px1#n9L3PXc`kk0=Gx!rp*9MLm&%9FHqt+bj{m^?ni)AX9D8D-v~K_+-w(Y%HTyD!5kG&4r+E=Q0Cx^JrUo|`Cs_04a_F#h=T@YuAFQ?O_F%(8 zYVJ)}d(p2FLV3E9n5zM<;(C{<4dH>ZQwv}m@-L0r1|W`3}s&^`ulgQ)jj=Y3%*vs%!JnN2m@7T>Fe9&Ks}*a4+jZ< zMp7S=>D!~tORm%m6PO6^r1ISS1yY59x|)P#5Y{qQaXF)dn*KpyUqHA|P?Z{fJd4Zc zoj7&N{b7@AK+n_U)~5mB)pBYC>E)y|xj!KVe|>X}gh2adn&!$L^s&j7OKVq2jFkVU zd(M;$2j?midiB~TZ&h;l(iJJ?9&z>!;`8?A(pC0m+HSf6a?L8TWnW)e3@jygq~u#1 z#EopM61<>DvP_z1r>!BGj(Hu@tmflP+GX0<>Tjd2ER)E8y407j#M9apU8N-n8!D1a zS2sCgOiZZCk!f)xHLmk)%AO~w!K$Ltow*Q28Q9mKJL{Cl>3Kkkg>f4t1UY0}IdqUx z(QTCP`JLV2FIzl`tSDtDMndqSwu0DFZuxg+({;dR5Uevc=jrB=5bhbN=nFJSinK9% z`jMdRX0Q>ZsKC@ZpvuxzZJXh#P6V@7$ImIH;>xKzyi_Y{RNW9}k<m#Ki%i7M z5Du8i!41aTZTIxUmLxpuR6)`2n<=oo@;Z|5Fa7j1q@7OPHEvpnd}vlE2>)PwuChiw z+s2k~Z<;f~h6QJhQ>2sJmogR zzeqEjRjt{?5Uk-YhQ35IQ0s**ZW?tY1XI_E)0T2vFTB20%iSP(4bKE4#ciue#U?Z# zJaF(>3t@6vv~n`SW$L^h66K-LW?Rj*)@_izM71^Hd%1{6t9JXAMk4~NaWl(OXehU+S=7h zo~ll2ZVythRv61)=iLF1QBRI(@7>$h(z2_5tRV`C5J-UOd4PiD+?T7TY1G}XAlo;! ziLgyGbk{d&CL+4dVkC;N^weqH+bO{d^OnL_6_!Z*Jc^}WnzUmxu^2*8RnaKRB!Z+3 zpqFpJ+SuCC3*c{nwaJwnGZlG+#+rr27q?Rxx-scmZ*a`(mpPaFzDZ19)CK}d$CF(A28DpZ$vnVrPQUKXQtL+6=yQ^`0848+Al1bc|zR;AW&sv z_L|yZ1I3IvHHT*uW)f-7NkQBeSHNPlt`vT%T~>4IG_;PMCFmAOda+>j}53C9-foJ@YYI@#AD+{-R`LQnMr(RK~tt)OUfBXJ+3j7Soa$~sCo zl#e&O+KXC()q-4{dy#s>*7x8@3HCL|;*+ zs?Myl;5|PjKYlZQ!j$7b?DLp8v5+sykvE=MPLl*ojw_S#xyjIE>tSc4P>{*9a@{@E zFhgqe@R|OY8P`)mvVx>)8LvLE%gukE< z>xNbsa~T0?fL+_nxPC;jn11~QX@q^RKwb4!_-!J3ZOrEw>G=!3WeqfPl`)0FfOLn1RXksK)`2dG; zKNB2BEdgCt;%iwcx1n-)4A@NeZ`tLt?m^?5>+Z^=U>eQ<(I zZ^c+Em`wk4)!gQ05m+aNJI6&DvQT8N0g>tN?>8X1OF79BKx2ucB$Hy=k-~78Em^V= zxQ@zfob?SVB<<6F=!3&lTF|;>Z?7dUx=`YdY;WWfYsB9oaW7&{sSV3xw=BejYH{4? ziAR#^9CM^KBE@VCOh<_LsvOUqezL)MQ~gw0D%%Eg z!koadpBP_%Gz`ViX3US#anuv*`H5_>m`Ts9huve|*}eCQer!4)!#*26om_l`Qp`TQ e`01HcM#ZQ8|KIt4(+J<5)DNl+ec1bD{eJ=6V@(kN diff --git a/images/samples-structure.png b/images/samples-structure.png deleted file mode 100644 index 8568e5068f4e7f502d27b90159ad765af5583429..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 39946 zcmeFZcT|&Kx9=PDho}gs2q;o46zM;ug8>_2=q>bOqZ4`!O+`Rdiu8_jNGQ@fK~d?Q z(0eEJ5<&|(E57^P@7edbqXGh$Xkc!c@Kjas2SZUGu+PJcqWwU z_ACc>cG(3Z`zYF`7$(;8gR6a`zQAyGH91bQq&;y}M$##ShnKgNAACFcaBpyTcaQD$ z9G~}r|MicjAdZ)RsQ=r;fF}~<0f3_+?5sS+KOSDaJbmXMk06h4u~7cw;qzzj)Bo+s z3qkf*{_*h5%}XJt{_*f{j{iRCKW5@TXHFfRT)~}cFfuFAqoO@%acfdJV3kg7Xm~F7 zR8F!+AM!@T9qHaYTJr(dk4i1i*Ux!aCv`7Qsk49)0{Ip}Hks8`1u%dX*(uaQdx8+= z6?dW$1LOfCHW&W5(S$wiUZ$c{4KD=pAUrTozS_5p16alls!eIvN19o_Y2P;O&2=at zVaf+P^L;;yZo{*+X~<7N8gG-|7q~-LiTd)2OYfa}L`z2UxD?uaFa)KRnpk@unq>GG z@<9LAt=lfsKREOCD`4mW+pyupeLSykz1QLE->;Ejryx_W$>ulr91L$mCDyDeYNE#C zQZOqqi@6`YG8az)xwq1gdOKdmv*489J5J7tm$FVc_un@tAq_$I&dbN;vq2!-QufVV zmp{iVaRqyNN_@WqnbV-bVX;F!cKScmz;KF29HCTS9C_3PO{b{>RyLH!Y+}mKJm^$`!2M`)%m3|1QHTn3nfUqjs=MV zce-{HjJ_f0)M-C~P(H0Yi$CKb5Ef1k&*a)9DhNc9j_hbESFSObdbH>5LN=d2n@Hxi zTcm(I=pII z;<%A=tJFYTe}6beC-?EF_WN|#SOT7Ko`xo3vS(Jm%r!mPD=)MJ%>nxu9E=@Ulg1NT z%cLB4D<4;|Ub&LzvE$nvjUY95bSOvhM#p$2->-IWF{ya`7@nyiS0}YEDVk?8n0h4F zd6AK=fF{AK%xe5;l8jU5Fcz5Rw?9$*^rw)Z9&y>@G)~{b@L?P6ngN0SIz@R=OD&Uv zf&y*RE|ba}25T{kUpN>2@|VF%ToLVNCCmf9&9JgABk)@Z`gvdNf$SX_8RNGPztfJd zXSSU%OPYnhv-4k?W-}7mKX}U4!me~w&bZj&5MGjsU!hDs1)>!`N zkK3lJyahX7#frqB647;Ha~^F7JhaBe(ba`N03-7xe9mq4eEc+{*@x<>L&VD^}tucJ*k|kNF*FiJk8KV_; zlWi!Ozop8p^D&G*h2VvS=B=k~F?=iE5c$TKmdnX>UWY*F<%^g|nRk;C%ArP~7mm-e?o8k|fCo zvl`9|8izjBL>bg%jg(pDUPOk-T+|4;o4_i5+K)f6{PE&)_IEW994O-;VY+SNpkvZ6uW2=;Uf}^5eJYD$~|TtI?sV>Mk~e zQgAzP+uYZN$_%Ur>@@nG()3rTc3mLQv$3W61rnVlr#{Zi%xIN9dx6b2QZ#LgEMB>q zl<5{)aQJHL9w!IK9YI0k+3fc2U7n3xh0Kr9_io;-z!Oz5uyCa7O62q=Em-J$npBqN zmPDQ%F(V&+NAhyR#n%16Y;9c50eAXLRvRLN)%L*}6tK8Gm6Mbm2H=cTp-8ZXJ zde)3h5@~2xFQyw#cH4a2Iu(#zXsK-qz%&kuO?$n&e*9>}H>zSR=SOH99URnw8D62k zjutlWYO@hT!_v|DyFl$6`>^*MfdSh>;IlV_ZmjB$stcgCkv#|WYoGS54@ zxefkOJgH_yx;+cbPFY&%{>CSLG*<1Mz2HkKDKM<#V&6#PH9}4ixF5E7z98TQtH#kxF&5sgc}PD3c?a(1^UD1(E_t&3K}O~2fG8^G1!~KVmcu3 zZZIClTP=O+WF5h+RZN5>7~o_%4C`DUw`ms)phT}=)-T=#$_dNn1;%LzXy)Ad1 zsW+jJMjOPyRd=1Wh$L$*$Ib(g?mG&Rlb#DNNvXHB+dxdNSv(pme-$H>2$grS!uG#A zNXgY|xg4Gm8>>q^Y$ENpZG0-TXmMnfc2HpV{=233^xDdXuSP@EPvch=>z`q9KS{0d zI%yx&*q9-<+Eh46+E@LALWcvE-Idtal;WMqGdt;E;VpKw-fhyR-MTRpq&0fq0at3~ zbzjH9VJmuZAa62H+~j&*utB-y@<-9?Rrar87mv6Ks-1^TUU7SWMGxBM=ny)Qh~}N` z-OVtLHCgv3b*PeZH#fyO#iJE?$(ob zxV6&7|JEL?d;^FvRF#QOI&i2!Hgng#gV8k3!-YT-j+V>E)s>ZZZr*%o;!B8N6woWU zE`C}RF_68zy{*yrn zMm3si;$u-a|rUsR6U3YxgK6;SPJl@eDmoRw#s4oh^X2Z4Vqm|Xbz zNw{@N4K>>}<>$5lKhHR?tN{v%=u!VrR@q$35*auM+M?du5>-{>#G&c+Wce;SF9in& zheJfqWpYhYh%xw@TFA9`!^^T8QdM1TMf%=|JgVb~#urRh<`QK0pB2`NJVWS<#&G;< zYO)?XVz=5jc^sa>D(%)LJEef?{#zPZ$NCMaYSwk2L1bIY@Ba38 zzF~yKfm$zOBWa{UJ$nyPN}9S_8~LWwiuKM*bMd4!7O_y>dSJ*l~!!++Vqxi|>q?+;T~pnuohhYFYZgw}WE z9Hpyf9|=$S4{~q@aDuBP-*e=F|6A>w@{XbR$Huqa4{-Qs<22Z8fOftORBYzNPhR9C z=~DD_kz5;$yr)5w^r~CCm1GTmdAtN&?Xv!Lx{$7%7c=Y@s4s%ZBhOFsi$be~{&Tp& zii+QuooIMfD?{7pn27@THVu$|hG*Oqx^G>gw9SSoM;1@;fi;xu3?WH1_?fTfBGcoS zEYGCF3=Iu;J3ol;uJ#f0k}<5zC{>vwUaX{LTLJWlgQuhDwRD+XIu6b^>TzYS1t&uq zE^ETkojut0(5qX=;ZRa#*80(1Cbf}P*I^r$5l;u`lh&a2&+KTt^`Om_U0O}A3RnNHZulW2s7OB~C`dUy13^lX{B_Ul zwE{V2=ZKs1^#^SzguAXyWP{qMrL9d<6s-gI@~Z7f`Qd+Fuly1dQ?@r1tpQ@N@pd8B zks!#bmFhLDb)+i!y*)VLp>|scO0_3VE-!j#t|k59>Eu#=aa�LK+{Hd5zCJxcMlD zi{5if4r>z$L$3-Ahwo`eFmVo|4a^z%)gFZR*DJSOs8~5$R8$l%wxS74_u;FjG<|PQ zLPzUtb=@mfl4Q`pGPNrnY=AgiNaM@h5w{vKR^KP>&@zecd~N4dr^92>6})pT`r<41*JUpi*eA`Ehsa>K>i1`6~#tPaXzq7X2(LZl-tZKRnA8wLYs504JBSwXj~ai7 zSdPe7`^;u#{Is|I84HV-aLtGpw|wn%o%7?-ovBt)a*}rL+&ScI6q6>UJHnu%Tk`ts z3p2PjVHoXcPH9+|Wj$DcHZfV5XorQTP`5PYDz_x>@WNVmWCeIUi?eD~GWwx{31YTk z3#*%D*4jF=XYi%wq=&GerdhYuC-J11<^O4}$U@B3CtrT}=l|$wJE7377$0f-^-HeI z8eVZ;9<7uA629;=w=bLn=(9xUD-|4B4_8BG!R09f-0kK>jPl9EF-9d#eT^sQef2+oA>Z*~n>Iv-`v`KG&$DwI-4x0pE6_BVyApF z=Ocs@I>t8-ULXczH)F=c}2juZgC)S6UKjJu31ln~#KNLH*G-CinNmix{(9`{3br;vzTuWxn3xK&E8@$) z1_M@_OnfTh&+@>uCqJ#OYKEt!rQtj1FiXQsCWFNc)*?%B-1xQ%lcnM8qfF)+;fkFt zL94P=TzpwQQ%LpGk|SRrvV9KxleAd$q2jQyepGZv%fCAsJc|o6)H*=XJroo{c+DR7 zr4RQ?aeGTiHANC=bR4|8U*BY@xDVbFTuZ$zFG^@TaLuoA>^RdlTU};7%s;!Zkah0W zQ`AfUnhM;J?PSz~m~<&3lO1!SR7m47VO5+CN<(6){TG>Iix4B1w$FL1J7Wi*nD049 z`WTcxF>Q+;5I6BklV@8`&b|A@DI&7&cM0=})FHFW??3r9w=J3q(s1KG^!~1Ws35sw zgauXD3Ki=|1SRDyA=+98cU0c_z2CG=fqTmpV+xA0nOF+T)M;oa| zu2pv?VPdDRrkHn`sHv%a!*1o7oMboRv~pj11YeU>ipcim2iZoHwOG!h14kTTsd2f$ zZD!80ZFbkTiLlv>)}f;7jXl@L!5QM0z~)A{Pksy8seDXowWvvkX+uN0u%J44f;b{W zkabkAReGkbxm^ZG2Yt;&5#%I7m5$DP|3m^kyv+Wj=kDD<1w&h}>-sOz_+fJFy-E)S z`rhAR=0}8*YV2;IDS92Y(SwTG=q#^y8I_fCTK5WAIj(a|vK?#Rcio^$l_}3iOg$;Y z=$KV@c2P48Lp43L%Pg^mr&HF=^-eH$OcsQR)5`^~M9r+uR0xTK>d|9|Yfq&NTjMwv z3(HMzOAs$SL$g%qK}vezVn8?yHs~9VsVlDTD#VarpwJA@h!%*yfAPD;(~175cLK*mx&b2LOsyCXHe7?lY%9^i7B92YZZj{;d{M?oR zrQakiUmF|)q+w*NvW%uj7vc+wX=b3o#w73>FrZ=fB0l!XI zA*%wn1M95xIy-gqLxvXXPY3dcQZw*d4Awgy4#nJcL+WSEyB8b(NE#{oQsX%gKxhB2 zmG4h9SBeP0i|$4-3A7#2vGrt|c&&AZWxc8y;Em549P|GagCCHdMTBH}OwX7G$4Mx! zjh1S?J#~<8tSD(+Q|F@eOubVb4=ZDrHjh%(vomPwDR7}?5L$Sp7ZMse_&!${G2k#N zOTziZrJz7=l*`rFirU{Ve;vUuS`p%|SJ6C(6x64^ALvQoK z!2CtSzSxY1vxjtMq^>2c zEGHeg#&rA?i!iKly*)lCZo3r~DG{)$sk+YG2K4S_B77-1ZEv?Lf9!Tu#>uNVPH(a-!aQhRQ6` zt=nF$PF(XOc}Jcm;^&Vc(b<9WC`TU8w*gs|DmKFkzgW_zoBI9!^mkdcDJ}gcel0?4M$mE94YQ zJvS&kJdjqc`)*n{eCxGFhk(|C-9GUP)TE3IpQ~xC9-ANr^1qUmDweSpw<*`3s58f? zB+FRu>_?2AbYWasJhL6=g2tY>VxaV_D-yK6L>=2Rv}Pj% z0{pEf1}9evP5IzOk378pwzP?Fq6en$u%S8##=s+WxPIiiqWytf?rO{&jDcLco!y$iH9%wvit6==7_t@`o`1|*N)k(jIr)8Clw;Hz;KH-BQ zSHBo9tMryRw27hT$B$@vIppZ{Tka0#%q9LwrH!+4a&i)(-IpK`x^IC;G^O`l=lEyi zT$Y;E$)$iaY25nSVpmg5j=~ioE|81(kJSs1-k?8*hQ^@LXf~9lBEmpaXE6j3C7ZJL z=2iq;?@$ry>#7PJy4ia3XmM&4RC6?QRZgAe_2R{D44Y=Q2ErtX0v`(ZS;;^n@_` z>zxpdJpN)Fz4-WX33s0m1xyMTV|0d zSX+h?kIOPK1M4_Z>jAHN=@F;Il_cY-vhFb^x*5maztI!OD)#e%Ho;OXLDYQ0OTeV8 z(~20*`O$jrn@)euLny1XkA_`6bi&b?iC6c5UENmkNV)Az*x^ngrp&TU3@FNi*ea7s z`8gv%yKyDCzZXQ}lu-Ir;Ug7@T%cN_DKRHEffVVy?uFZ_c>eYj zO1mta>+?0ss^|!I-<0I>D{Plifi{=>Wa}j_D8qnu<+652!yusl#4qLgSKB1%Auo24 zahW#I>3UoG%r#g)#l&Qzbn??k_jjJ4o=flzT3iO1wbeuD)J|FU&9J9v|%Ff<7PFFSn~}%#ou_Dv7;8n&wv+ z8MDA^Xxn^dRQ$_;y(6A%EH@`egg~#*8MmwV>*sG&Y-k0ucwXTxe`?7Zt2oAM44IDu zLvgKG>+_)>v`)N?$#>Oi5cOiPiX2Qq)LbbhF&NeOJf6OEiL4}7-OI#+iS}?GqSY?B zEq!#~Wg(B2O$POT|1a`_4P>XNgwgSyybz$85d%YV!1s|?eIX&$z(HB*@Ia)h%z%7h zt;jPbp@WrglXuCEA|xaP8WbvY*xdQ-oc=%u5Qv1Tpn;UzX{Fxh|2?a`v_KpsCA2()k)e8J3L0N$%cXPn;Uza0!L+^of*JYD` z@>Hsb3v}CH|Dl%;UiD-ux?gWU9Zqk33Su8Qx8||!3b2H^`{Wc%LOn@els{A_e{}Aj zjDT^rwlensfOcNLC*J~Yt5KBy{1zxxou|4laSxnQzz~bW)v7=3Gf>2!0REv;0J@CNLjRrpc>WsH*aluP(Un$K&IhO9aCyG&IRK6_sgFdfyT_PnvzH6 zL#hHmLZ1*A7|2sMcn(}hGsSU8Qg`HXitZ^5kTt_^_{xCxNUxQlC9njRKSal6@^^v= z1(f0GRTKnLoI{TBCx;i2pHD%;9$y40TG*%94l`DXIc^YSKu@<4&=d^U80J^4C?LI4 z%hNaQHg2Ib(OICEP6jlZUn>x#0cTYi`Y)hKmWOCFbj%oSa--lF_+2wirPpjVDjum!K)`+XHcpfsJh)+~G<((1g80Pd~eA zC1LdXbp}Vv=;&yRD21aKJ3G6%4h2Lj{VBkdD4Orl(a~ul3v0#;KTdtO- zh8Y+P#rMVYH@ppRLmW^2P`}@NR{o3S#KeTvcy$^1yVO(?B~t0RRhGWUvpKlJA!Dx$ zHz2DI4JdAKKePJuhUyx*#Q1ak*Ntm`F8@EBLTb4Jv{hGEPL}ULwQ0C13+OB!0Bv2l zdNmJ}TIM>`-#%pr2G-VnBF7JMs03ix?TD7SRjYZ0Qc42jBCjL;h~H-i<;JrX)a$Gx z7w5!EsVa3W=$ypp=t7-I!fYSx`~L&`)^L-I%7Gq)dR#AOl2MeQfBDqOtf8EWoM)J* zVV`?CNUA3p#t*9<~L3Ixh(vKu)rhNKZf~yR+c@l-hrw;W%}^3fQxC!skRv zsfHUxgQ+MHZ=JdWZg8hT-w1cJEwIozOW@e;;kTQVibd?XB47Y!(e5f>g{MA}1XT-& zu5Y~m7fjAwZ=owjHKjea-6Y}O0|R@KeZj5lbZ9e6f#v-iFj6`&(lcPB>|mtjRAMZm z2^~ncA0mn|?i*=xBCfj$R%(R>5!Pp3cfEZqF9PZ~$}^OT3acT1_&GkqnGUmNH z$})|HVA7Iw>8B>1`4}IuO0WNnpR*~Y>};y~nD}n5;cjKtm(d;bG~+w6IUR>>l+hPp4uwJJXKjm+Tu4q*6Sq4pOFEazOoS>&$2OMJfv>3rfD z>p3@KFLIB!bvt%=e)EQck1@CGE zs=&C$)}sJ4`H}0xC%E1sqkyACsabmbTAwD!O-=D$Po8A>9M8KU#)>;oGUVn{pld$< z3DADZU4}^?ef0OU#Sr5Kpt_vzNYDY~q*fHj6Z?M1x&TN6y-j(3P6wnzB8Zt-tD+N&#v4JaF(XY2k+GD++2l{QG z=gbGxJ5WukRj90yfdo)npmJ*8OisLb*Jty2qxeuB5l^iqO1~Hy8RfSYj8?);d@CAI(4{_f0sz&1 zt{<}RNoQT!P$}gn7h^Oy*^F~Q3HQAI<`Mu_jHyY-Z8$e?M?pbBFoN96oFCD~N&2{+ z{0Ls1ys%~B>)oTfEg%aNCVH|y*qe_mf8JSppkHO?H#0jc&;{^A^_Y+~5yv64eu+;> z{r;h}+>SDFjkp7nK(r5k=CdFdm-h9F z{Z`dGAxEy!3ZvCPM(VbQ$Fi$M?B2TU9gy?B z7E8e9!5%C7Y#;zK)l@*ZDI6YR5U$OCGCV!%dvOe1ek161XC?q!SN!x+6vBaAme1J1 z+y+FJ%a<=Z@0f+{u}Nfr0sv5kXqz|&hr(lq$4Hx&b5eaXu$|)E-O% zF9#hy$L+rbJlqYQBAQqUvkXH+7PlP;SU}%-4zt+|t)iDp78Sy)-Il+CHY}g7j1VZ7 zalP{p1i-Gy-}3sN%&4Y+(>TH1gm8GLb;$3Z8voxtqyuYS;S%0qN++Vi!~Jl zQ-?wf-?QGmB$Cy7t({hlHVqWJp$;te*S3)uVD_$y9aw$;A0pGmtMk~K? zHDq6<-kKmo7MeMhTbd4YP9D4Dh3c3Af3RvQfR4=6G~%EwmQCSCrGb)uWXkVIE2mq#@hQwuv2_#q!lm?L(VYno4E-c!> z05q)!OH`o+fQuZjrym<>OnzlMTpNTWtXjEE=@-~o2E(>qbb&Mo+-xy*Qu<>94(zz_7P}zzESuZ{JlrvXvHh`AqDaCDz@wB*khsHy? zT+7)rD0oRVSls37JYBJ?bljFdyLHyRs`N5ku2&5Go3V6lxIjW;=ttfG-vI5Vap@Kf z*UoLwi@NmKq^Oj7nMfgPXY2-oGL1K$GmtX<&6ndM_c$))qi4h;C<^vUKGzJ7(w;Qk zS!~Oe_at=dIGMH7SiDFWwg34~Gnn}5W7IZFj?CajYRd{Fh^jBrB18coVuek!43S~H zdU`ShaYrvLHsj~$D-gcOtXWe?ic*P}v6~xc#+44ux?1D_So{{yYXGQ7v|HX5X_M(i z*O=A-z_8iA24G3uv!VABab(n{2x5|Kfq?8usAIGl8s@+EFjPJND*8%yW`+YkRkUNZpQiZV#axEA{y9 z-6HM6#f}8=aiW-YuNt(5D*$dSy!D-_Dlom1lP+|(i<4*Te)3L_2o|NT{BJOZ{}^o< z?<^>pVOH*ojlTis0QjSYiRJ@N%@UF;4)&bp$lVhlk@F2dT;-tnL1K@BnT{;9;g}5O` zixf?KNfAONLPGb#uy47C6@nV)1%M8^>A{S67M)?hZJn6DLWE@^X}3+NDQb6!i_XPx=o@c?KcFG||8@<*{%j}2;Y zXQv7PtJOi=z7CAOZZjo&O+OnDu(GP@&cUK0dLXl^liu62?e)EJ zo{9mpYd{Od=;UM5y^*i0RYp$^bQXmSwUS0e;RQC=Y6j83i+SPvDKDz>SeOzKns zhzVktO2BLhmnHUo(REVqJX%=PqLc$94ZJXvT7k_1??;vmpA<#d#{+k?d4)>&Wz6c( zh>9Q5g}he?);q~JsQ;U@+;p1VH+L^-ln5E~gf(_t;n%&x`XZ_<=_32uAHd5MdR(~#izlx$Kwu^6%mQ__6riArdJuv($gs5w^uS{2z8F2S zJJvNB3RzD%!ZM0jkEzLh;s|+B=}KJCDlDvXN~q^ROqAcoy2X-3c+(OtSE_rE^^y7= z6PN-)%-sN`g|aB~Dy(;skZQ6o1vv__-aW|3)akHj>iYu;t3Y+TdfRKW8-U36zE42& zBbsc)tb0t_@Icn(?;;c00EAxxR*M)ezun=I;?959i~7R(a>;`3;(6=-Y#p~6DrS}S zeZcBuT>kYb)4+Cc-TSa>Di!HC^&Fi-y1*8{kS{eXxsdlPz7z#$FW17^SpmVDI7rkCA@+9RNgkczH**^?^&5+aAfM2Vw+aU}H{S=lD_Hz~r};7oZgQP}v$)~Q~70*+RukDr3n{Te%#xAxzJe((xhU?6?$Rav$NK+Fau_r@slpR+zVXj8O&V;?-Uu3ZIn35vTj4fYc2D=-;MxkQln%VQP0ox&)DjLc+v+YUZCS92AEMqn) zeZPPU@WQ4P?C6H_K(4SkUM)#K{@(QX1<#kD0tkh$2yv5rn8W8J^z+Bwfi;qDGGV+( zk%2c-6YMi;>*bzp-BanhV! z&!;|)5aeUB=^KY@_@Ws?NhkP2U3wmH8FZ8E-0T}aF}?izcsj&TB62l(_xJ>3%G@pM zqPDe5@68Fz?o7mj{;XvI>B*#wSR1jKBMH*Rkvf%a!2?(YTjnkROm{n&*jE|}O)Xf_EqB#qnS@-- z=1sRMoyBlyT3Y(LEq9U-Jl{YB{%d=l1KiDmZ(fz*86anZ5BFyFSDTjb51xL5xE)ZJ z#(rW~P=Df84sNMo8xt{4)m$0Ak!<9$yAPxBT6Q6BkIpz(IADBbPubTdb~8qTP*k=) zHc-PgoR0@>YxPjUpo&Gem9dB6rA`EyHi`KaF=-mMG>il*t(>obs?$tl$eKPGZSLu4xS?1D)-AB3Q(ZV)rFq*S ziU+R2t(t-b+cnmBH>SS~ZcEf*>?LPnh0!+48d4sIdA4ULhwD1?!$zZ`d=T;kDuG6KkD|2_O@{)T6o2f#kUMHwI0Kkl&UX>)XP#B#& zILRmU4#!-%cHZ#UFO9}6y=vDX_nO9`p}2v9Tyg`%J3*US+A^MO_6+>G54@2sitveR z7fBYrpWP;F7N&|SP{ui*U6ziFRtCN$ zqC+~MA5kFYDj!bWZj-pVeDG>ZBlzm!$LN!j^p2Ff>7b%@U7z41K}JWNoSfj3GSK{1 zGEE0|6qSz&MldLEIGaz_xnUktiMjr~Yp(4lJsXxN;W4uA(rHr30pr!Ijs(PH@{0os zBD%v%zS_+E{*qlt zU(zeBtgl~hbc7~oOsAC0BHof-Ng$a8t@`v;Wluh2)cPf0He1oA$-avPuMs21HPyz$ zx&1qaJzMwW22pWtYI_Y`t?n^kBiPrVH&5qce+Lx*>nEM z0^BcP{_>@@rKQI@eX?ik^EQU&)X8_IBMq3LV2qh>#0^+=xz3hOTq6ISJI~z4!U+R4 zjq)0Jz|Gy$OarQoTBz<)BrkcpxJk0m5-U&43Ddl-=*{U>uLE&; zxy7sX&d2Tnw5+@&wEdcw!BonA+kuD+234|NbL0x^U56gE-roS*C9p@h_470W#M7bg z{Lo9)*4qJzU{3h(`zcs7T(b*9GUt|g@nw%)B8N}fMItF-iqQz2wN6?z3eTXEO~{Kp z|0GvrqPByYIITeDdHE?}ByX^_8Fka6*|l!g7k| z-g@5^QUTPEfC^jlD!($o9gVEt-JNCL9tVbNW6=k_nG$WXn2$y?)GZ)D-u zuQu#!-3q;S{HbCuGchsI(P%PncycMdt6ob>i-v~vemC)j<$;2=roBDGxa$snz0hvO z^Kp^rm6JHlGMWbt^WH4n8^h>fr$t5H{Tsi$CXNYPTBL&0IV`T$59_IgKDc1&%H;f2m9>={Mdoxv+5gSS1zqa`>HRvRjwR62zw8(H{^JNKFDR z+Mms0R}+;1Fgk`|8HY6Y*JtjJn5fF^h0(GpsgrzVGkN-EKh~9cgV3OSJVy=F$k!Le zetSr~m96s|VO(`cMc5l*A57V%r||Rh6Fts+2yR`1F^ianiBeo@e>!DXskv!VcQFGR zzZBtjffAT{1j_s!vu~kMHAzcx zv@=kzwSQHDN|To1fJzb=3LsAU`noV_1etwZgnkpQ?(S{u{^|^sPM2L@s4U`+t9~Jy zPA(t^Q65ht3zpT7eJ^U~^SHAROK%o6lfFSD%92`Y#z&9nSorsHi@}fn&y`h&U7A8m zy86|&_4O49l<7Fe`c6OMMT^V zY)lDwzf;2ImJvXPrWYgf7CLQY$!09clD}6m2V;M!(eA<4Xln zf`u0QA#eTU$_SXZT+>fx)!QFKtcKI{irOTrltI9u!3|;&;*(z|bljX$?2u!I^9ysh zfrLUQU%QE8|3k--yqBTrIXTQ$ebrIMUhA;Xjq5?)40~$VpwC81^G;}bd{)D?7NR@!k-fEXb{&Jme!!XRyGcGR%V{lX7ugJ+^ z)n0==-Hew~wTlG$7jf%Sv!8Puja1}F3!4ipv#(1Qy$w<^Efs4+xh7(^8prQ`jcgyW zhi{*_N|rqI_P>HNRIv@AWtB+-A<|KTCH{Ep2&E}KqFwRJU?~;)-rrxcRVr!v&huCA zcl#~gLcbOMpj~=P*o+O3O{W}4zxj_x<~sywBAzF(%+Ii(fy za)LtuUulY-8%nvTQd1e>e{FqFBs)7Zhl93kz%B1o#e|8 z%*lF_GYliw1vXj1wX#BUu7YpTDs2$AID1S1eIwNU*pr%?+9}ed+JsJ?lbmePu-^U6 zDs@BciFRQY6BQIbCn0$U+y&Yr-qip$_kbpmQ_-P=`E$!T@(JN$-eoaBFcgvRRx<>{&A>Ym1H6A z_NkWH4Btb?P&B+Og*=c!LLQ`1Le6)eZeV#zD<8@#oi#W2`v2iou=9v~y!rpmKmLz6 z-T!}1`dwS-Mp&hxAmW))?{*YAs?@SXLxYyDak&(!_r}0oH#RNZniqJkl#4~7SpKVd zdx<<_?S@p!Z_@fx(z_5>c{(pY#)fr^w;SE3hmwMz&n0l2Ej0wI)%|k{Bc;Q*Oh_iM zr7}K`P*={4o(k$1^2x|~6HQm19lrO}8G$#lUn%P!(oNAVJ)BRc+@u0tu|#qFHV8U} zz#E5w>q%zbz4z8{^2H=xa9wquZ_j9BR>mLm@<0B1@5SVNR63i&M4irK`OoV5$ZC$3 zY5N?V&;oLAjal3_sbohJ%6;yf+}^YWm&Vfq(4^Ka2`yY)I*T*D6Oh zr3$Vnm2#82^s8gf>3w>7&j$Pc(}FRIpzOD&60Fu%hLYN6$qU^tzS9bfm)Hto89T1@ zrNtHC#?)^=#iU0*4vdOUE-0Giw&?%%ox+#@OX~ybDLV^rR;o?$-LH<_r}nSwt9gLo z2LBl@+fZ2SoR3}+DEg?oXm8kWUPtIx^zL-sUk}j->-0!i?CUMmF+G^Fbjk^Efn8vw z0p}3bpEBBooU})>{mp`J0C#bGv<~Tv^=JC2U&;J+W~9_M(->M^jWGuP?T_9vDTSPb zFuK!0-(b?ICLU5xfly88KD{qZk0cM!pYG`>+LH-H>BRaUN4C9Lll+E3q%_L2f0Z^! zFHxML0FhSU!Hut!6A$Swo;_7ZbwM5)7VbDyH(u#*`=6hh_GX@!r@naB;;mcv>Ay}P zrzG{?Ja|A|>&JHE;$KL*t0Bl6jmyq2dd`5;Gm8 zK&U)$tCK#2gG8qfXL|T^#jY+p#TRxDCwBV4;vt1Tq_4;C)GmZ8os!amLP?$ugg?($ z5+BdEb#!3)3WK#3T3^%=57j6sDJ_>i+>OUPFJhq$BQ@(*{;aZJ?GU|yCU$WW$B^%Zo`DT0hHIq_V`r3AL6%!rC&07W{XsDMZn5u^qS z(gdVKAQTZ8K|z{GZ_))60!R&tNR!^X)X+l-H6(mjW@hhkpMCcJ&N|L4R{{>r!$6N9>|WlW&4IqbgAsmgM--S%E@Cu~puDrp zdq5~~PwAETH3@6Dh zBbe}|iuKb$I!w0%*xDF==0PPPyst8w(`$Njw=sHs*J%Y&xg1q-!$Abn*%X;PD;vPcDBxGw$|DajhE7vD${wl zmcflm&l0Zc37PlO(dqd0oX9LDqv zjYnA&PV+&6HC$$xti=6Z_rnLM{Ka|>rihJh+lDr6Eq6A=TtupeU2<&;&o<7Dnf`Rf z9KHvVixddv61+j{8smVy(CB~gxAF7QFe|v3hTCfXCvFR-(#N{TR z{LBZNOZCTR`m@Y6&3@_96&}ZV)N+(gYQaNA)5E}cx`@FB+9H>t$KD2Ccea~9d3Vrdp`*|@AbV{pYBs(-Kikqgb7M&=Dfy)0 zd?|atEIef$Sjy51UbXlO28H-&H1AKg!B{lEPJU#~kFP;;?_icZfUM2RoK{o~dJrS- z`HVLU(imRl&Am1CP2ZjJDgO2DXZb~@^NDFA=|DhGQIY;(s!lj0x{gaG zUrp4a*)pzxm;P(`-b>zLtUDThMmwvTBPs6kUsIWINz$}y%iZR?x@-KymN`9=ua(I3 z0In?UgE)>l&Z1=4DaNjk59$Zz)v1)D92~zYmsMPm0{ha8N#id_>XQ5Bb|H|Zw6T1C zP?)HJJ>$(nc7P@AFFr6Hg+L@&6_e$s@=`g>rXnv2a>~6S*}e4&+wO|(?U)POC)MIf zKKhrW&|yOa!H|}CN%KAx-$v=y$t>Y@$Z{Q>Hgkp$XJpE6Tp4yV7-8I44%LS9v{J;X=gNN!&njZ<1iy-RQ1}L{eO%OH$t!*c2Lh3NE8@Np#30ru0+<(+oXI==eXJ zv2^XDE`Oce?Hgf^J<%+I@y>9B9Mq1V;~kvk`BoEIpjvM8ZcRliU?b{!7>$JHdhMRd znmP0NsAn{GEFbQ_w)t>|WJ0Y^IK#_)<6+6A#kTC^qh&2&llThbFpl`{w|%o_VwRcj z&nB9GssANxHNh_SM=|IPrj^4C1$0aEbKVR-jDkDCj$A$n5j`1^kc^<^KEe=upFonq zoh0O+DvC2B$|#@P%!sq5IK+ae;@j?Zvq_E$B@TOiC9b`shT56NPd}9`T06AgXshp7 zSVXMB50PuJaq}zd5oQ!X27|@KHb}l^)=NfiQg)o2I@c>vRZAatr#2bLDNG5;OyBX6 zs)b2(K9AX4{n>tg(Z<-?#(3m2Tphzk_cr1{WrhdAWvX`hnx*B_4BZ@^=1MM(pT@`L z)X}Xry2_32{yEEq=OKUqF%;(pT&BAt34!vo$8IUN`wo+lott~*PUG5KUsZ0l_R3Pt z2ehZ)TS0xzQgiy){ zCYqAA1>ec&QH7P^jMQ3f$D7l1>bXjWl9~pLQ)HB?yJn-GYC)6(X>c+|CqC5vdu zmyBLr23oaS7h()c?}k?0hBf~p=Fc;a45BGbUz*Ys1WlL%N)t3;J7b{`Jo{d_QaLEj z_1a*|%`M(__U3A6&$Xv6<>$}zsfXd5hcOcI(X}o3y=r;o4iI|h%5<8q-?rP{hd|7? z4BBWtRCS<~Sp@CKZs2I$RQ%{9=W{Qs`&q5jC%cq|Yx??_P@T4R#$x!?Oz3cBLmJH3m#}w>s@!|G1(kmIV^HUM*g^ZMqG<3 zT&#?^4D({^iSKgwI5BA0Pvmu2GZ6t%Ntb-`n&+yTrkB0BO^R8v~5 z3SM`&Bxs0mb}@I~DK4*5!u%>>B(;yfa>*wAq71O$M(4zIS*yc&q}tOHUQS-|JOeN~ z55WF4QZbiQQ$=&tZspHH?T=GHeJQdArXYllA_00--zO#UVdykyx1jKZNY~*I6d%Ah zh%3*rwvY1`2Q{!eBe^bnQa3bq$?^({IxdN_v>bnTw=)m~5Ib6}cb6$>nDr%u7Ryy# z;q}A-qAuKw&DPhPk_#g;+tHCY(!|nYjZz@@=H324k)=hR9&5hUBIt-o&QKyVrt4)Z>g(^9M4j*(I<%klS@)79FOo8LrTfd>J9AL;Ql{~{vLdwCdL@}Y zmwG4OrecX>({2AD?sN_O*7Y#Qh1)S?vXslBKymO!l<|3G8r&+QB(l!-cv99^UZ0)A zI(?Ak3_-1Xglg1C?NwAT%6N%PSYf4SRVq-d$iQUyv0vv6QwxbS&+ysG~-=I&( zffTZ6PcAU{bvh^pZEL}*YrY7XWSCFksFW8pneM5;;OiPmErDv-mfsyIoN!UwILE6*y-6h&?Ovy+m} z9boys-7CSYDVA_S}BudckYa)FT@agV9!NwMu#W zR!F%+b^zCtfO0Q#8TIrF2*@(q6u>Ms)X`!A?(Vw2f}-M_pBZ8%uJA-@?+=}CvP7+^ zMhI4JEpzisTKWu~s`Qj~-oj{;8$nc{b;eo7;CQ-Cew~l#GeX>@)simcT?4(izRN0_LoBBRqW`)AQ(v#bYTv~J! zmMM93s!D^LRN0&1 zS{ePLbm&wjy47|@x}T7AAS0^J9aI`S472QNJ39v_aFYsj^0wP44Yu1foZEU@qdQ{O z4)b-ST&45~EhGLmd&r4E1tTgZv-YIl^p0XQyle*ZqWqt0L8TzYs#_cGK}QHrZ|KP^ z$<4Szk)5KbqfnmgZer3@Hm3*0Ob6)=9f;+(2WoC?T_rRL-fUuPCPB?==g#o{Q^fvM z-?ITnj^2VeBBiVAJeO%>B$;(R@|=#~QMprq!v4b<2*b6Qr>QN*%@NaeExOyk{llU1 zKl=Od-T$>Pnf1wET=*;L=!gq5v6D~suRI>&bUOnO*RNao#T66BLMy~i>UckjiNmrSsqfA{AqpFiW?J~~AW`gb^B zT@EDO@Zie#K{&v{emV5#Y@qZ?L#|%KSy!Z(btmu;-MNs<+>i(=0mEji9&KkJ0(NmZ zO``1-NT!o4^Q3+0C1Al%4td^#)t?`u1cPwk&AQdZW(nAM{MPmvPz8$26+zt9iS3L; zU_oZM>T4}bFlyhGFku<~g2%pS_)W4=bDG^}U+LIP4?ml>l(!*Z+zI*%Zj_%8vBL zr!b8uv3|{0o$+~>&-onYq76T-R)Hx6P&VkyYt{Ku7ANdh63nHd+w=6Wapj@v!^yw= z68P**x*|)fwrb&;V@p2^U`3cQDlbT&tbT54n-fVR4R$2B06-cTXxc-G)g)VP;X{_O z1jj;-U!R)hi%s;U`A6cQ+6!qv6`uWc=MYG`7a`nqFQ5$qS`qSnSJR$-D<}J2U9gTI zqj&8;G)?d0;?w`X)mZ*peCdBnHRylGk!ro|X8w*B9+wk8h2uP?EKgYvy!m?xV%P9L zXV7ebQZC6-uK5hS~5mbASgxM7pr5Tjk34=Je;7k;}3qx=26nEp~nH#>>pRtSC8CNQuV& zfkJD%#rL!0Pi*}}j;&lF`v|`KkBhes=5wxVLZyg9^6s;aj?PoGd;w_et^6gUE&!wo zPXY`oE^n37ntv5GW1Ri`4M<}_YNVxQSOMwd5VrrWbzlEJq?~Cg6V;bHsi2*44^Fk; z+-ENdk@*lZCE%@Jq2qGi-RJTZqEQ#{;XKh?1HFoi`@#Tn*W%360Yp3AA_Q|>*x^d! zlzf9DIX>r-m4_Pq^zC2S0J1abf908>_weEF<3U38iD6HU^(!-Mx*~Uk5$?i};0)$&jA}k zyv#RT99im4%@L^hx#wed^%0=hTKU{Y!)QTt>F1B#Q0}3LfioC7eoz8XOJMkO!8h=Z z_?*v2MDZdpdp~|3ivvVk0BePhPC=V~bA@>!0Af0++87ot|GAK~OJm8Wrrx@j+f694 zq*$~Zl;mZ>_fvQI?5+2lWM z|8E1d|9b`2|Dh%&io0i4AhYEfX0zCfW{x_a6ES~nq*CdyEah^^$eKx-k&@|hEtav5 z2?=#WZ;KiE*%^A(%goo6m`yk^nvxjrzyrk?dOjHMCXU71KL-y+QAgfA#UVo^)y7YB z&)BW^#&Hk3Q95V&zt*7(Z+qMU9kM@nL@@VP$K}Qwv89zn7LJRqCTYfX&0?hXHg^6^ z$#cGfOR<6Cjx%qmL&d{$ra#NI|Fv2*FD}UuVp}pIEfpcobx_HgFI(}s_xs>RlME-X z3r^|O-Jts9RoGF##W0SpN{;oqS%y<5qqeBNrleGEEL$}@oXY~v2J@8%@=(o3k0O6x zIm&4d_sb23D&@DB+{<C&K(QIYpvVkJi8j4^QW_xR0OcC>}!kn}B>hX-a+FsHQQXCif#tab-aimW!f6j?Th z9Ds=#9_YOE+_mr}Uka$XkvCXku}0*OzW;=Fdc^0)v)bBzz?OKV`9H^~fZNS-cQ92u zXZm;scJ#iP*?cs+al5TSvE`PEZ&%e~t)%mLHOBpidLk_BBpqjd+b^?itK9KPqe>Hu zA>gNjDN*Ym%@v7#wrm~2(ir37jDF142uz7jU{mg(>{ZZ;0%KKqp|({yJ-K&DZIsPx zVa^MxJx%#lc{m)&ewbZO5121a<71#y;mt-zLxa_`6R%Q5H))7AMekk@{nk{4N0>BVCY%_ zzm%#+6?KZB${V4I3q^x6!}c3t@D2j%uY_0;!U6-EVp-rOqbuFkKludoM8qQd+Dk~@BQ0|+N^Bc5c&PgS$ z?$S=vrKZr==Wb=sgi<%Nv4cTQ4GQcpw+g2!Z2|vgSa$!~Rd%cC*U|i2{6xJpKsdE6 ziTRW?_N=jJmaYN?;mYL&y6)VYxz4KjuiiLK{g}Y*c;8_`;+=CdN<~ht=!l7 z*3FvSN8^SwlgHCN#y#0i1Il0%&`W=!FsiH-`m^#m`=L-pGm-PXi!WBkZ)Z5;(p7^x zHRcaHk&$9^t4#yvz(QPOjL92{VvKn5&y_n@|FO(Oc=H9Zw(1PN3%lpz8}_=~mY8FO zabBO1Y{Z;(anq2J;7n`qO0PeW_*G{B8;&ow9(0*$vaq8;9uZxaZnfUco)fls-ElV! zB}lIQtHd=0S-q|p6jQU3PmX9;mN_{BE~Y^i@I%_`M=`^JLGD+i>d z8#9tJl)KqgF)Kwj?~9`(i*4uIO(T^++AdX+Mb%=&)pd>BN_j2F!A2N|1#+b4Fx|fh z+a{v^sr2I?nO6^SRAB1_nqw$x?>fyqQTg>gL5t%&)&lVMf}tXVQ2~AZ1rjvZNDL`c zsrLdQ*7lV0`g{*^U3v;D;iXq>J(?WpM-7#jc*a+`{Dsb_TSCxL)^@jhVxCUj?_XSE zp%Z|{CF2o8&wGt0WTtDkzE1={=NSuNYXjv(@2WUa6#ykSCOf+t%MRH}e{GsipU0F> zkYQ+7%;Cf&a9^sMrGs~CesNPqlbA3pt#1GwH}7oh69q}I;fB$2`Sdy%Ax5~ZAM=yS zZ<-c$ml|Xb)hFXwb+BJe0>d^Jy20cfn7hKmKJ8cGS=n)t_B{MkN!gW^cAOr(-Iej7 zW9RMl$MTsI^P#Rw`ikFCZe;$@b-d7Nw1&}flM-S{E8fF=nCz9omlNe&W?pNg@_Xph z@OUSPcV=rIL3@2na(>9`mqfkT{{j$Z+qqQUS!z3g#=HaK2RLxUOXjr!dA+wTJUw%> zn`y;kA&UT!olCjn-93vXB5|mw{F76n*GOsD>-+~Exglq;StWJYB*`Kxe!Gc$j_v7k z7%y<%R!u#F?L1ZeRJfZ-I~ z63B}uEobXCfSnp5PSrfV`xx#ieGmge8Hs} zgRA63aM$Uo2Bja6sBKzpwYAR!QqxUkJS!O%lik*)SyZ|8D+~A56a8ZI=@sl+h-hw+ zS*!8la0z;B?9N<2jAwOUy%6v8fDz`!&BEQm%l?>Lyj3 zJ^+@x{8Q%VRYG;OPUW%g$0!o9G3b zA@S~fG#X3ZSf8=Sj2a5Hqs3kHj}!J)t+XmIU;ht1e^sK@=?UNhrEFbB&Ga`_Mj z{4=bpe`ltDn+)&&sGNlRJ62`~Tb|Z>0C+-bW0c%w&+n|-7;gKq^?}>y){IZ(Hw*IH z7dY4D939m*H#QcfkcQu@-gNciui*K}fuqw&X4<&IYH}1~BKXaMrYEGnKb+_ss^r3( zJpD62e0KqP-tc>{h|K@%Y;UG3xzb$<29yBE$2}4es`dZ$JW%8IB(>~jfHPa({-2QE zBH-Qq-AdWViu6AEw*_q=39L8^u6a+kdT{!DnsND#>s&XiP0OqyX;;?Dd5P>wcY0Hs z!vM)fI}|h#%OV&P4M9IdIx8JIg=s^P^{Wag>FzV^l)1KcM9d|N@$M$4 zQp17blX|hmyU8%lz-i%jS%G@o@|;t(^nb<&CsDIM{z(YOkM6)`y)H9DwbolU84(%q z?fLhsuQ#@vpplQCe&s3Liwn= zJ96Wv4d%6FDJA7T!7rbPT&M2f-y)19=8`9e-9;Qf9Rr!D0v@&icu7yT@o;%2kgLG& zSW8^}mLvZ?7i1C#Ll%yXM7KTT({E0{+Ro6%2)Wb7r+;Zo^*#FQ$C{&HO1-Opsq4BBoQA_@2Rq1NR4XWPc}u*uN9O zu-8BvXSdC`U6hdER0rp9f$Ocz^EkS+WTxq41Ro1{D3Ed%=00F-y?%vt!S_Ewf;Rub zlqzoudu2unF{9-4W_%>f>4Ct0xy-7`hB0AG%nCLzQjwCw+O z0rd?OysqVn=c~Z~{I-oD?f_Bl^iHEIV-Yy1aa>xHpyZ4PN5A{gbB|`6B;Mf z=LxLooE>K28J5F4SN;5M-BR?2_w^LFp;ZwdWyZ(0ow4sI zav7;lCzXn*Qeb5`QPWPR^}D&UrfeNNWnbk2d9!BS2s<8XbRHr9P`o`-hq$;MN;C5I zjvUJYn4_!(Ng>9$Tq^|S0fqz>LNLt%nR}b!tCMd8?pIyEw~)A5Ucn-$Xb6*13ArYBCI7R}^p*YSi(P#W(R%HgpQ<#NhvJ;dr6pXKX?a30gY4&$0 zmvV^OKl8^+U$gSuQa+;|*Jf}sAQLjXK%?nc;;wG4LG4U3nFs`+FZxXs8f#=>F?&>h z(06Yx1D@8lS1x;Jl;=8g$`iIWeHB{P>KXU6Ba?onxlD*5SR)uJ9vL5>Yi8`KfVb|? z9us8IA{VpI_r1Hsa!ma8&Gg#Yw&ar>Ta)-x%61OpB39}ZVJ<{F^fbH;Bkj1|ns$+8 zCT+6Ub=kcXU1P4?72A-mda==NusxoWmR60{)1!^ETk7OIq~vGAV{(SZ{RO2tmocNginCa><6HdZG zd~~Al#6iitXMw&5PWkBL58`edVL!63|Hpm%?`!%zF4*$bd2~l9iK*<2MeNWh&jsc1 zOKLHTBSXXqyF+!c9{AF2k9@J#xHYOLSuKolnwa={{&Pn_)ncx4SUKCs;98Lq=f;Ky z_1Osi2bcLpSv3_EmAs0{*wWo`=Cvv&qH@^ov%=1cTI@<^|L zO0dS0DHE~ShnmVbIp(BTZdwwS#MGw3O7dkDQtl z#-2_xB-X@wE?K-(e0;oem>2a+of59cO=|I#Sk)c8qod=&_fhpBwxvi!rG;l}Kis-! zo!wEM{Ad}%7v6@|DSrFf?p{J*j#mUPc087MeZA7ebm%EY0RVD48={cNz>mVzck4z{XY zxmR;~)2R5NoBG}-v(AnJg+pG1!7$#!2M=QfJ!W^M$pHk1oij4wds~eX(Urq*c$KZK zt!4H!c$&;wceJ=Ei^R3)?p~Cw+AfY;rA}P59_Tq6dA)RHdT{k=$nK(detuR~!-R%(w2A;;68!lsp#gXl zbFj=gwB(+wXc^JOzdYAV{LaO;$3Emkip-hL7@iqd4}L=bL>H70CpL08U3a8BdJv?U(tt zqxZ^|2eDNTN{ptbPM|5*)jjv@ENma;IwJ-f_i1E*v4 zZdbRP)kl9E-Ap=y)-4O7yxUjQvme2`!?$;j@4Z6C#I8YGXxQ|8RGUPmF68+she>!z z*K{swjCg2{VCsF8!`zAPkG^i2TQ(xpWquj0Tz*`!n2R{0Onc_yHuKSo{RFQ(yhq!f z==AHuY`n^Om1F5|^g3fsczRd`OD}LSZjd)N1)5m%-k+|kApb@?D7DHXn&$d+j-8B9 zXG)6VuAVs-tj>@>{=ID~xx2@aGTJ{<7%*>JNC%QJU&-+g+< zf$$Mc@{oo*y4|HD8&^`9#_z}~gERkRb>C)_G;X`1V{vTuj(A&OP{)s<0d4?Wq) zrAAFTtiSL9OJ7g()IysAGmfro)`uIeiauQ>w8vu-HSGs*?|9~XSv~HJcnw{E$3=py zviCA0al6JFJL0h%8^(*T@cOEkK!`f87FID8LUtsN-Rfo8@+2<}AN|xn$ikg4Ccd(@ zd0IKIY{S38f;x{F`c6W5px2pc+dtN}IYz|D>p0N|jf&tg#$sD#_;qs|^Qp&%R=!L4 zO)Kl4db)S_#PxlQjf*P?D}j+Y7;dlSuET|7oAL+UbKTorgsL{e2)DBR079chK#CY4 z#ZLXT*KltlfoCLujUuUQH_TsgiRVLRXC)QIhXw@;k+T#X&1M>L`q@>F#`WZVYKp+64!|P zS;}Y}wc(+d)q}9fsi>%R56|xGZft@T9M%bG<4&`|ITjh?Vh@Ex>k~2rl@rqb_MHGy zY%ocP7v?@}@C>#weh$X#pzjFa=gNjw*2>*wsz?D|yDAR@DpCA8c?%NvRu^~@TG4xy zI)}+*+twQa_>+UpG0|B_q{N=eUR+atg+TAfqniTds{@xrMPFA{$(-TB|4eJWEG+Ac zRfODwc$^7KuGHRlWU zgnm-bm58-?_^>{i=xQaioN?xLQ4vzt5R1K@HW|)CDW{#VP3dB=q1Qw+79HE2Q}`97 zG}Yp_IsG}-cD{du!eba3h4z%F<62ufzgvqf9ZNS5>vJ}JDTodYSHJzjeW_BgcXuXz zgix_N_r|#JG*M=}?Mt8YPG&HV;+21T91TRE-}5UM-FnO{P+#G;WidT?`)Qi%E7+!&c-Px$EW&?iNGJ)}b4c#RqE7HxzUse|#H z&lumtbfA@I1mnotJw@BhgGU0`Ab`<^WX+@@v>7(xRU?LuD`};hQLK~ekX~Hz zOS@Cr*({^%C#uky0{YdOxFm6sck+z<1#|ie{5y`2Ht= zk;I_N4Oge*x*uIT{>@tAlhuqESZgiU?W-5gUYh{&~7KX^{X>r&k{P$eSWehGGrF$>6 zvLblhniKL{Wby}dzU17kFsJv0Q*3A4pNgnWVLGVD9H_*4>>0OqaG7w6_=Llh@u#ch zgar43X3@d>CBx1qy4Sk8y6(5?5)%@kg}*T>5rB4BI#n!HK&p+pXg#0X0g-=he!kAU zTf0moH+OrH$lc^3xP6DZHa|L7nzj1!ron2oh6k?!$c$*+YhL=*u5FJSlv$6lVuZHM z=_llwPoF`VNYBW-#X0rpnb}yns~H#=SfsGsJS*`2>*Fu6VuDKCZj-O1M{9z38VIda zd!1Zk)ah2G^*(z`73%EajLp*4gOOL5U-9W{Zj-#9rXV8KzFC+6eeg#E*}3qxm%E$* zN^|zPDv$f(JNFi;L2?Sz`JcnJ>|hjyp$1CKeaDb|r%@*NNJ$ruY&5p#mW)WQO*fzD zBp@TNyX`iZ6>PPSPGy-T&>CBz^KjV(3b%Hi|IW_CQd1RUiOr+^6SvCmXK+oYr>D

    q*O++u5(wU}z`=PJ< zf4x2Ye{WI$H*Dcj+7L5e%7zn{UKPeje^9Ex2CLMQD`;w@WF{%4GG)x+rEOpkzEd{P zrIDpfi72}y)?+&V(*IJARAO~s`{Tw8CeCw8ktD!FdE zrMDP#r+Qo>R<|5-X#X>1eBkJHW?Gkc2*tM_WdiN-pnmlu=vQH=zQfeavH6AbQw{7o zX8qYk@ZG~RrBV8DWllf$srdCe%(IL3(M(0A< zl9(WjkRTGZF+l6VXu2I#s{2h$YH~zz zolZDJMmWT~v;+O~@5VdglGjJR9Q-VZzuV5RKb5IA6>$)H9k}1m*p7s73mrpc9`sL5 zh3S3_ZW-^V_=KxBKdnp9Tr$;u5?aN^6`ywAXo=nAhPnKDCxgEVYjz@xzSq~J;Jn8= zeCIL{;js`3N__-k3p|Q8m2Q~R$3mb=K|BPLdH~zov-+CnG1cia^4rIQgD;cIf^oTv ze47_DO>!5xEYQ7rOQu3CIPYXIch5i^^u62mSHx;;edKrq#xd$Hof7(9oLQT;$F|3J zAyQs}gJ7c_#6g&!06KBnrme_*iImxyM~Ybk&+5oe8X?XEupRM*W5xV_tbbdx(dv3B zyHIqlfoz!=5zh0)=g*&aHxo+wYS{vujF@* zj3h)0n@y`BxL$3Z7nfvVVZm--ci+`HtUVVqZLeV^)TRm2B(c;I?q0C*Bh?Le3YD>E zxpS}bq}cHCg!KC4O$&4L`VsO{_)VEdb1$r@pIrnSi*${`2W`tyf&xY{5)RXoTZc93 zcNwS6rUD~NC&!5d_RW#l9+BK=lo?FOx=|@H^THP)Jvz-f=$dcpfDRhtScFr}VAB8N zVk9AIp!I1m<4nYHNyi{9fh*ORv-C{3Wy`RX{X+XvDIwuYyp)&&p@pk^O?q#2hB`iU zG>Rg0GhMYIjNQ0CC4k*@Ppm@5z(ztOpklolMc$q48C;zbOo(NV5@?>^=$9&AD7G@j ztkj;baKFPQTfv9GPrc~s*)XQteb*@)Q|GyN+j+nuV__u*RoJa#09PhxbuE#4zP!@1 z`@9P)TJiJ0=Qc~mM^uy440k#{m~QZ;-0Bio*U6- zYdK_|FA4d>{J=}LDKHtdpUZGOm&?Ef_P9Nw8*mey=*}2LQqeO(CDK%yu<|ZR~Y%rTW=y{{39JaBs5$DnpwK{oN<51Z&EWI%-y|`yjEzQcwQRz7P zbUwdSfRIRzTqu|qfJ2~W5e~M{?xF1NhpE!p&#?uqp5)-IzRy<3R5zsmJ<72Pjm(F@ zziN`1YLgI{KiY#Fv;P(7HCag};-sXCAqU)->uFjeE*)gVJ^|&t@|^*oJd-%QOzs&5 z<=*3dONBqWjJoN9XXerFJ1j#KudU=(HE%<>#s>B6$m&FFIPaMRd#zShr!dHp2Exwn5{d?WlLE5xx_uaM3uqO)ibuUJJb-_3)%NhhoqL;2oAyzT4wr1VNTAShp|pEkMe@)Vd0Sr4-zC(y?J_` zZ-4F;_%f~#1b(yNrgrAw*{5dk&(m>n9lMd6pReKW?%tDYAogWUXNqEk>@jj8?TqKa1lQx?xx%b)fnA1bKScf)L*Uty{^H zQvY_tYnh6;sjC~sRL3(&2ynV5w%@aMNcT0csNNtp*1lrb_Hh}rYoBYTxd&Z2h`o0! zM$befvOSAq)3hd;Op?4UQFlnDa9g{$rq#O$l{@8;&fq#R2Q?VFts}bh0X2m|8 z#*SVn%!N%-(IZh&#+WREgVW9Q*Qu!|HLQOqf*b5He}bLGbxDk?%c*cG2u~S)V_Z~5 zSmW1uQ(q#;`F`*A;LtrQYil*KkU$jA(-lu-v5mzs%$d_7$YT;f@n$~M&(e2a{p-}L zudcMtDJ8$F5>R7tvM`V;i{)qiJ!T-5%4J=KJe8=_D?BY$#+w7Gqs|!p-Zu@YA-ktl zqRux&waAJA9@Yrs+@1EN1(m77MC$KRBr88L48h|n5-HLl z6zaP;YKd23<>v62G%d3wJdwIkNUYK;xZm(z!IZad<7tS8bhE)FLYxC$eA?=GYi~;F zJAvoxE%Mq@$XD<0buyfb=T;qhH%lL>%6xjM59fV7198~pA*T8o1l0~)77Itj2bAmW7Q?OY72>#ZsyJ zopf6%Q~*g7X#gOGDd*iDrY=CCxt)B`?;UceSOC zN67M&+~a6?XI@EeuXVe#P;XDpl0@fq50 zZXqoi^+-#0$q`^Td?XLaO5*k!A!MhNCX%+En$FIgA8M-qVb0R3pf0%cVpi=O5fSTECgRLqUyx^S1s|WuBRtzGMKtS z{IZ}j1>iBafDDB}5fo(*x2lXESFjAsMi(vRvh>7jG^ri{M;!%D`!?!$!gVOemTJ`2w7Y&I`~kyD#%p(8)OoA zD&+1nUT zKjw}=(g_RsZ3U3fuZyv=5aP)UW1UHhKL20B4&t Ac>n+a diff --git a/legal-notice.md b/legal-notice.md index d8e67a52..dd2daf30 100644 --- a/legal-notice.md +++ b/legal-notice.md @@ -1,112 +1,112 @@ -IBM - -This information was developed for products and services that are offered in the USA. - -IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service. -IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to: - -IBM Director of Licensing -IBM Corporation -North Castle Drive, MD-NC119 -Armonk, NY 10504-1785 -United States of America -For license inquiries regarding double-byte character set (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: - -Intellectual Property Licensing -Legal and Intellectual Property Law -IBM Japan Ltd. -19-21, Nihonbashi-Hakozakicho, Chuo-ku -Tokyo 103-8510, Japan - -The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. - -This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. - -Any references in this information to non-IBM websites are provided for convenience only and do not in any manner serve as an endorsement of those websites. The materials at those websites are not part of the materials for this IBM product and use of those websites is at your own risk. - -IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. -Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: - -IBM Director of Licensing -IBM Corporation -North Castle Drive, MD-NC119 -Armonk, NY 10504-1785 -United States of America - -Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee. - -The licensed program described in this document and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equivalent agreement between us. - -The performance data discussed herein is presented as derived under specific operating conditions. Actual results may vary. - -The client examples cited are presented for illustrative purposes only. Actual performance results may vary depending on specific configurations and operating conditions. - -The performance data and client examples cited are presented for illustrative purposes only. Actual performance results may vary depending on specific configurations and operating conditions. - -Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. - -All statements regarding IBM's future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only. - -This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. - -COPYRIGHT LICENSE: - -This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. The sample programs are provided "AS IS", without warranty of any kind. IBM shall not be liable for any damages arising out of your use of the sample programs. - -Each copy or any portion of these sample programs or any derivative work, must include a copyright notice as follows: - -© Copyright IBM Corp. 2016 -Portions of this code are derived from IBM Corp. Sample Programs. -Additional license terms - -The Oracle Outside In Technology included herein is subject to a restricted use license and can only be used in conjunction with this application. -Trademarks - -IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at www.ibm.com/legal/copytrade.shtml. - -Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. - -Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. - -Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. - -Java™ and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. - -UNIX is a registered trademark of The Open Group in the United States and other countries. - -Other company, product, and service names may be trademarks or service marks of others. -Terms and conditions for product documentation - -Permissions for the use of these publications are granted subject to the following terms and conditions. -Applicability - -These terms and conditions are in addition to any terms of use for the IBM website. -Personal use - -You may reproduce these publications for your personal, noncommercial use provided that all proprietary notices are preserved. You may not distribute, display or make derivative work of these publications, or any portion thereof, without the express consent of IBM. -Commercial use - -You may reproduce, distribute and display these publications solely within your enterprise provided that all proprietary notices are preserved. You may not make derivative works of these publications, or reproduce, distribute or display these publications or any portion thereof outside your enterprise, without the express consent of IBM. -Rights - -Except as expressly granted in this permission, no other permissions, licenses or rights are granted, either express or implied, to the publications or any information, data, software or other intellectual property contained therein. - -IBM reserves the right to withdraw the permissions granted herein whenever, in its discretion, the use of the publications is detrimental to its interest or, as determined by IBM, the above instructions are not being properly followed. - -You may not download, export or re-export this information except in full compliance with all applicable laws and regulations, including all United States export laws and regulations. - -IBM MAKES NO GUARANTEE ABOUT THE CONTENT OF THESE PUBLICATIONS. THE PUBLICATIONS ARE PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. -IBM Online Privacy Statement - -IBM Software products, including software as a service solutions, (“Software Offerings”) may use cookies or other technologies to collect product usage information, to help improve the end user experience, to tailor interactions with the end user or for other purposes. In many cases no personally identifiable information is collected by the Software Offerings. Some of our Software Offerings can help enable you to collect personally identifiable information. If this Software Offering uses cookies to collect personally identifiable information, specific information about this offering’s use of cookies is set forth below. - -This Software Offering does not use cookies or other technologies to collect personally identifiable information. - -If the configurations deployed for this Software Offering provide you as customer the ability to collect personally identifiable information from end users via cookies and other technologies, you should seek your own legal advice about any laws applicable to such data collection, including any requirements for notice and consent. - -For more information about the use of various technologies, including cookies, for these purposes, see IBM’s Privacy Policy at www.ibm.com/privacy and IBM’s Online Privacy Statement at www.ibm.com/privacy/details the section entitled “Cookies, Web Beacons and Other Technologies” and the “IBM Software Products and Software-as-a-Service Privacy Statement” at www.ibm.com/software/info/product-privacy. - -Last updated: June 2017 -legal_notices.htm - +IBM + +This information was developed for products and services that are offered in the USA. + +IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service. +IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to: + +IBM Director of Licensing +IBM Corporation +North Castle Drive, MD-NC119 +Armonk, NY 10504-1785 +United States of America +For license inquiries regarding double-byte character set (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: + +Intellectual Property Licensing +Legal and Intellectual Property Law +IBM Japan Ltd. +19-21, Nihonbashi-Hakozakicho, Chuo-ku +Tokyo 103-8510, Japan + +The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. + +This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. + +Any references in this information to non-IBM websites are provided for convenience only and do not in any manner serve as an endorsement of those websites. The materials at those websites are not part of the materials for this IBM product and use of those websites is at your own risk. + +IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. +Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: + +IBM Director of Licensing +IBM Corporation +North Castle Drive, MD-NC119 +Armonk, NY 10504-1785 +United States of America + +Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee. + +The licensed program described in this document and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equivalent agreement between us. + +The performance data discussed herein is presented as derived under specific operating conditions. Actual results may vary. + +The client examples cited are presented for illustrative purposes only. Actual performance results may vary depending on specific configurations and operating conditions. + +The performance data and client examples cited are presented for illustrative purposes only. Actual performance results may vary depending on specific configurations and operating conditions. + +Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. + +All statements regarding IBM's future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only. + +This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. + +COPYRIGHT LICENSE: + +This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. The sample programs are provided "AS IS", without warranty of any kind. IBM shall not be liable for any damages arising out of your use of the sample programs. + +Each copy or any portion of these sample programs or any derivative work, must include a copyright notice as follows: + +© Copyright IBM Corp. 2016 +Portions of this code are derived from IBM Corp. Sample Programs. +Additional license terms + +The Oracle Outside In Technology included herein is subject to a restricted use license and can only be used in conjunction with this application. +Trademarks + +IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at www.ibm.com/legal/copytrade.shtml. + +Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. + +Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. + +Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. + +Java™ and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. + +UNIX is a registered trademark of The Open Group in the United States and other countries. + +Other company, product, and service names may be trademarks or service marks of others. +Terms and conditions for product documentation + +Permissions for the use of these publications are granted subject to the following terms and conditions. +Applicability + +These terms and conditions are in addition to any terms of use for the IBM website. +Personal use + +You may reproduce these publications for your personal, noncommercial use provided that all proprietary notices are preserved. You may not distribute, display or make derivative work of these publications, or any portion thereof, without the express consent of IBM. +Commercial use + +You may reproduce, distribute and display these publications solely within your enterprise provided that all proprietary notices are preserved. You may not make derivative works of these publications, or reproduce, distribute or display these publications or any portion thereof outside your enterprise, without the express consent of IBM. +Rights + +Except as expressly granted in this permission, no other permissions, licenses or rights are granted, either express or implied, to the publications or any information, data, software or other intellectual property contained therein. + +IBM reserves the right to withdraw the permissions granted herein whenever, in its discretion, the use of the publications is detrimental to its interest or, as determined by IBM, the above instructions are not being properly followed. + +You may not download, export or re-export this information except in full compliance with all applicable laws and regulations, including all United States export laws and regulations. + +IBM MAKES NO GUARANTEE ABOUT THE CONTENT OF THESE PUBLICATIONS. THE PUBLICATIONS ARE PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. +IBM Online Privacy Statement + +IBM Software products, including software as a service solutions, (“Software Offerings”) may use cookies or other technologies to collect product usage information, to help improve the end user experience, to tailor interactions with the end user or for other purposes. In many cases no personally identifiable information is collected by the Software Offerings. Some of our Software Offerings can help enable you to collect personally identifiable information. If this Software Offering uses cookies to collect personally identifiable information, specific information about this offering’s use of cookies is set forth below. + +This Software Offering does not use cookies or other technologies to collect personally identifiable information. + +If the configurations deployed for this Software Offering provide you as customer the ability to collect personally identifiable information from end users via cookies and other technologies, you should seek your own legal advice about any laws applicable to such data collection, including any requirements for notice and consent. + +For more information about the use of various technologies, including cookies, for these purposes, see IBM’s Privacy Policy at www.ibm.com/privacy and IBM’s Online Privacy Statement at www.ibm.com/privacy/details the section entitled “Cookies, Web Beacons and Other Technologies” and the “IBM Software Products and Software-as-a-Service Privacy Statement” at www.ibm.com/software/info/product-privacy. + +Last updated: June 2017 +legal_notices.htm + © Copyright IBM Corporation 2017. \ No newline at end of file diff --git a/platform/k8s/README.md b/platform/k8s/README.md new file mode 100644 index 00000000..40670b4f --- /dev/null +++ b/platform/k8s/README.md @@ -0,0 +1,14 @@ +# IBM Cloud Pak for Automation 19.0.3 on Certified Kubernetes + +Any platform that includes Kubernetes 1.11+ is supported by Cloud Pak for Automation 19.0.3. + +Choose which use case you need, and then follow the links below to find the right instructions: + +- [Install Cloud Pak for Automation 19.0.3 on Certified Kubernetes](install.md) +- [Uninstall Cloud Pak for Automation 19.0.3 on Certified Kubernetes](uninstall.md) +- [Migrate 19.0.x persisted data to 19.0.3 on Certified Kubernetes](migrate.md) +- [Update Cloud Pak for Automation 19.0.3 on Certified Kubernetes](update.md) + +Choose to evaluate components: + +- [Install ODM for developers on Minikube](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/topics/tsk_dev_odm_minikube.html) diff --git a/platform/k8s/install.md b/platform/k8s/install.md new file mode 100644 index 00000000..1fa9a517 --- /dev/null +++ b/platform/k8s/install.md @@ -0,0 +1,284 @@ +# Installing Cloud Pak for Automation 19.0.3 on Certified Kubernetes + +- [Step 1: Get access to the container images](install.md#step-1-get-access-to-the-container-images) +- [Step 2: Prepare your environment for automation software](install.md#step-2-prepare-your-environment-for-automation-software) +- [Step 3: Create a shared PV and add the JDBC drivers](install.md#step-3-create-a-shared-pv-and-add-the-jdbc-drivers) +- [Step 4: Deploy the operator manifest files to your cluster](install.md#step-4-deploy-the-operator-manifest-files-to-your-cluster) +- [Step 5: Configure the software that you want to install](install.md#step-5-configure-the-software-that-you-want-to-install) +- [Step 6: Apply the custom resources](install.md#step-6-apply-the-custom-resources) +- [Step 7: Verify that the automation containers are running](install.md#step-7-verify-that-the-automation-containers-are-running) +- [Step 8: Complete some post-installation steps](install.md#step-8-complete-some-post-installation-steps) + +## Step 1: Get access to the container images + +You can access the container images in the IBM Docker registry with your IBMid (Option 1), or you can use the downloaded archives from IBM Passport Advantage (PPA) (Option 2). + +1. Log in to your Kubernetes cluster. +2. Download or clone the repository on your local machine and change to `cert-kubernetes` directory + ```bash + $ git clone git@github.com:icp4a/cert-kubernetes.git + $ cd cert-kubernetes + ``` + You will find there the scripts and kubernetes descriptors that are necessary to install Cloud Pak for Automation. + +### Option 1: Create a pull secret for the IBM Cloud Entitled Registry + +1. Log in to [MyIBM Container Software Library](https://myibm.ibm.com/products-services/containerlibrary) with the IBMid and password that are associated with the entitled software. + +2. In the **Container software library** tile, click **View library** and then click **Copy key** to copy the entitlement key to the clipboard. + +3. Create a pull secret by running a `kubectl create secret` command. + ```bash + $ kubectl create secret docker-registry --docker-server=cp.icr.io --docker-username=iamapikey --docker-password="" --docker-email=user@foo.com + ``` + + > **Note**: The `cp.icr.io` value for the **docker-server** parameter is the only registry domain name that contains the images. + +4. Take a note of the secret and the server values so that you can set them to the **pullSecrets** and **repository** parameters when you run the operator for your containers. + +### Option 2: Download the packages from PPA and load the images + +[IBM Passport Advantage (PPA)](https://www-01.ibm.com/software/passportadvantage/pao_customer.html) provides archives (.tgz) for the software. To view the list of Passport Advantage eAssembly installation images, refer to the [19.0.3 download document](https://www.ibm.com/support/pages/ibm-cloud-pak-automation-v1903-download-document). + +1. Download one or more PPA packages to a server that is connected to your Docker registry.. +2. Check that you can run a docker command. + ```bash + $ docker ps + ``` +3. Login to a Docker registry with your credentials.. + ```bash + $ docker login -u + ``` +4. Run a `kubectl` command to make sure that you have access to Kubernetes. + ```bash + $ kubectl cluster-info + ``` +5. Run the [`scripts/loadimages.sh`](../../scripts/loadimages.sh) script to load the images into your Docker registry. Specify the two mandatory parameters in the command line. + + ``` + -p PPA archive files location or archive filename + -r Target Docker registry and namespace + -l Optional: Target a local registry + ``` + + The following example shows the input values in the command line on OCP 3.11. On OCP 4.2 the default docker registry is based on the host name, for example "default-route-openshift-image-registry.ibm.com". + + ``` + # scripts/loadimages.sh -p .tgz -r /my-project + ``` + + > **Note**: The project must have pull request privileges to the registry where the images are loaded. The project must also have pull request privileges to push the images into another namespace/project. + +6. Check that the images are pushed correctly to the registry. +7. (Optional) If you want to use an external Docker registry, create a Docker registry secret. + + ```bash + $ oc create secret docker-registry --docker-server= --docker-username= --docker-password= --docker-email= + ``` + + Take a note of the secret and the server values so that you can set them to the **pullSecrets** and **repository** parameters when you run the operator for your containers. + +## Step 2: Prepare your environment for automation software + +Before you install any of the containerized software: + +1. Go to the prerequisites page in the [IBM Cloud Pak for Automation 19.0.x](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_prepare_env_k8s.html) Knowledge Center. +2. Follow the instructions on preparing your environment for the software components that you want to install. + + How much preparation you need to do depends on what you want to install and how familiar you are with your environment. + +## Step 3: Create a shared PV and add the JDBC drivers + + 1. Create a persistent volume (PV) for the operator. This PV is needed for the JDBC drivers. The following example YAML defines a PV, but PVs depend on your cluster configuration. + ```yaml + apiVersion: v1 + kind: PersistentVolume + metadata: + labels: + type: local + name: operator-shared-pv + spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + hostPath: + path: "/root/operator" + persistentVolumeReclaimPolicy: Delete + ``` + + 2. Deploy the PV. + ```bash + $ kubectl create -f operator-shared-pv.yaml + ``` + + 3. Create a claim for the PV, or check that the PV is bound dynamically, [descriptors/operator-shared-pvc.yaml](../../descriptors/operator-shared-pvc.yaml?raw=true). + + > Replace the storage class if you do not want to create the relevant persistent volume. + + ```yaml + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: operator-shared-pvc + namespace: my-project + spec: + accessModes: + - ReadWriteMany + storageClassName: "" + resources: + requests: + storage: 1Gi + volumeName: operator-shared-pv + ``` + + 4. Deploy the PVC. + ```bash + $ kubectl create -f descriptors/operator-shared-pvc.yaml + ``` + + 5. Copy all of the JDBC drivers that are needed by the components you intend to install to the persistent volume. Depending on your storage configuration you might not need these drivers. + + > **Note**: File names for JDBC drivers cannot include additional version information. + - DB2: + - db2jcc4.jar + - db2jcc_license_cu.jar + - Oracle: + - ojdbc8.jar + + The following structure shows an example remote file system. + + ``` + pv-root-dir + + └── jdbc + + ├── db2 + + │ ├── db2jcc4.jar + + │ └── db2jcc_license_cu.jar + + ├── oracle + + │ └── ojdbc8.jar + + ``` + +## Step 4: Deploy the operator manifest files to your cluster + +The Cloud Pak operator has a number of descriptors that must be applied. + - [descriptors/ibm_icp4a_crd.yaml](../../descriptors/ibm_icp4a_crd.yaml?raw=true) contains the description of the Custom Resource Definition. + - [descriptors/operator.yaml](../../descriptors/operator.yaml?raw=true) defines the deployment of the operator code. + - [descriptors/role.yaml](../../descriptors/role.yaml?raw=true) defines the access of the operator. + - [descriptors/role_binding.yaml](../../descriptors/role_binding.yaml?raw=true) defines the access of the operator. + - [descriptors/service_account.yaml](../../descriptors/service_account.yaml?raw=true) defines the identity for processes that run inside the pods of the operator. + +1. Deploy the icp4a-operator on your cluster. + + Use the script [scripts/deployOperator.sh](../../scripts/deployOperator.sh) to deploy these descriptors. + ```bash + $ ./scripts/deployOperator.sh -i /icp4a-operator:19.03 -p '' + ``` + + Where *registry_url* is the value for your internal docker registry or `cp.icr.io/cp/cp4a` for the IBM Cloud Entitled Registry and *my_secret_name* the secret created to access the registry. + + > **Note**: If you plan to use a non-admin user to install the operator, you must add the user to the `ibm-cp4-operator` role. For example: + ```bash + $ kubectl adm policy add-role-to-user ibm-cp4a-operator + ``` + +2. Monitor the pod until it shows a STATUS of *Running*: + ```bash + $ kubectl get pods -w + ``` + > **Note**: When started, you can monitor the operator logs with the following command: + ```bash + $ kubectl logs -f deployment/ibm-cp4a-operator -c operator + ``` + +## Step 5: Configure the software that you want to install + +A custom resource (CR) YAML file is a configuration file that describes an ICP4ACluster instance and includes the parameters to install some or all of the components. + +1. Make a copy of the template custom resource YAML file [descriptors/ibm_cp4a_cr_template.yaml](../../descriptors/ibm_cp4a_cr_template.yaml?raw=true) and name it appropriately for your deployment (for example descriptors/my_icp4a_cr.yaml). + + > **Important:** Use a single custom resource file to include all of the components that you want to deploy with an operator instance. Each time that you need to make an update or modification you must use this same file to apply the changes to your deployments. When you apply a new custom resource to an operator you must make sure that all previously deployed resources are included if you do not want the operator to delete them. + +2. Change the default name of your instance in descriptors/my_icp4a_cr.yaml. + + ```yaml + metadata: + name: + ``` + +3. If you use an internal registry, enter values for the `image_pull_secrets` and `images` parameters in the `shared_configuration` section. + + ```yaml + shared_configuration: + image_pull_secrets: + - + images: + keytool_job_container: + repository: docker-registry.default.svc:5000//dba-keytool-initcontainer + tag: 19.0.3 + keytool_init_container: + repository: docker-registry.default.svc:5000//dba-keytool-jobcontainer + tag: 19.0.3 + pull_policy: IfPresent + ``` + + | Parameter | Description | + | ------------------------------- | --------------------------------------------- | + | `keytool_job_container` | Repository from where to pull the keytool_job_container and the corresponding tag | + | `keytool_init_container` | Repository from where to pull the keytool_init_container and the corresponding tag | + | `image_pull_secrets` | Secrets in your target namespace to pull images from the specified repository | + +4. Use the following links to configure the software that you want to install. + + - [Configure IBM Automation Digital Worker](../../ADW/README_config.md) + - [Configure IBM Automation Workstream Services](../../IAWS/README_config.md) + - [Configure IBM Business Automation Application Engine](../../AAE/README_config.md) + - [Configure IBM Business Automation Content Analyzer](../../ACA/README_config.md) + - [Configure IBM Business Automation Insights](../../BAI/README_config.md) + - [Configure IBM Business Automation Navigator](../../BAN/README_config.md) + - [Configure IBM Business Automation Studio](../../BAS/README_config.md) + - [Configure IBM FileNet Content Manager](../../FNCM//README_config.md) + - [Configure IBM Operational Decision Manager](../../ODM/README_config.md) + - [Configure the User Management Service](../../UMS/README_config.md) + +## Step 6: Apply the custom resources + +1. Check that all the components you want to install are configured. + + ```bash + $ cat descriptors/my_icp4a_cr.yaml + ``` + +2. Deploy the configured components by applying the custom resource. + + ```bash + $ kubectl apply -f descriptors/my_icp4a_cr.yaml + ``` + +## Step 7: Verify that the automation containers are running + +The operator reconciliation loop might take several minutes. + +Monitor the status of your pods with: +```bash +$ kubectl get pods -w +``` + +When all of the pods are *Running*, you can access the status of your services with the following commands. +```bash +$ kubectl cluster-info +$ kubectl get services +``` +You can now expose the services to your users. + +Refer to the [Troubleshooting section](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_trbleshoot_operators.html) to access the operator logs. + +## Step 8: Complete some post-installation steps + +Go to [IBM Knowledge Center](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_deploy_postdeployk8s.html) to follow the post-installation steps. diff --git a/platform/k8s/migrate.md b/platform/k8s/migrate.md new file mode 100644 index 00000000..a38699e1 --- /dev/null +++ b/platform/k8s/migrate.md @@ -0,0 +1,20 @@ +# Migrating Cloud Pak for Automation data on Certified Kubernetes + +To migrate your 19.0.x data to 19.0.3, uninstall your current deployment and follow the migration instructions for each component to point to the existing persistent stores. + +## Step 1: Prepare your environment and take note of your existing storage settings + +Use the following links to help you find the relevant software storage settings that you want to migrate. + +- [Configure IBM Business Automation Application Engine](../../AAE/README_migrate.md) +- [Configure IBM Business Automation Content Analyzer](../../ACA/README_migrate.md) +- [Configure IBM Business Automation Insights](../../BAI/README_migrate.md) +- [Configure IBM Business Automation Navigator](../../BAN/README_migrate.md) +- [Configure IBM Business Automation Studio](../../BAS/README_migrate.md) +- [Configure IBM FileNet Content Manager](../../FNCM//README_migrate.md) +- [Configure IBM Operational Decision Manager](../../ODM/README_migrate.md) +- [Configure the User Management Service](../../UMS/README_migrate.md) + +## Step 2: Install your chosen components with the operator + + When you have completed all of the preparation steps for each of the components that you want to migrate, follow the instructions in the [installation](install.md) readme. diff --git a/platform/k8s/uninstall.md b/platform/k8s/uninstall.md new file mode 100644 index 00000000..a3d605df --- /dev/null +++ b/platform/k8s/uninstall.md @@ -0,0 +1,24 @@ +# Uninstalling Cloud Pak for Automation 19.0.3 on Certified Kubernetes + +## Delete your automation instances + +You can delete your custom resource (CR) deployments by deleting the CR YAML file or the CR instance. The name of the instance is taken from the value of the `name` parameter in the CR YAML file. The following command is used to delete an instance. + +```bash +  $ kubectl delete ICP4ACluster +``` + +> **Note**: You can get the names of the ICP4ACluster instances with the following command: + ```bash + $ kubectl get ICP4ACluster + ``` + +## Delete the operator instance and all associated automation instances + +Use the [`scripts/deleteOperator.sh`](../../scripts/deleteOperator.sh) to delete all the resources that are linked to the operator. + +```bash + $ ./scripts/deleteOperator.sh +``` + +Verify that all the pods created with the operator are terminated and deleted. diff --git a/platform/k8s/update.md b/platform/k8s/update.md new file mode 100644 index 00000000..1b59080e --- /dev/null +++ b/platform/k8s/update.md @@ -0,0 +1,53 @@ +# Updating Cloud Pak for Automation 19.0.3 on Certified Kubernetes + +- [Step 1: Modify the software that is installed](update.md#step-1-modify-the-software-that-is-installed) +- [Step 2: Apply the updated custom resources](update.md#step-2-apply-the-updated-custom-resources) +- [Step 3: Verify the updated automation containers](update.md#step-3-verify-the-updated-automation-containers) + +## Step 1: Modify the software that is installed + +An update to the custom resource (CR), overwrites the deployed resources during the operator control loop (observe, analyze, act) that occurs as a result of constantly watching the state of the Kubernetes resources. + +Use the following links to configure the software that is already installed. You can modify the installed software, remove it, or add new components. Use the same CR YAML file that you deployed with the operator to make the updates (for example descriptors/my_icp4a_cr.yaml). + +- [Configure IBM Automation Digital Worker](../../ADW/README_config.md) +- [Configure IBM Automation Workstream Services](../../IAWS/README_config.md) +- [Configure IBM Business Automation Application Engine](../../AAE/README_config.md) +- [Configure IBM Business Automation Content Analyzer](../../ACA/README_config.md) +- [Configure IBM Business Automation Insights](../../BAI/README_config.md) +- [Configure IBM Business Automation Navigator](../../BAN/README_config.md) +- [Configure IBM Business Automation Studio](../../BAS/README_config.md) +- [Configure IBM FileNet Content Manager](../../FNCM//README_config.md) +- [Configure IBM Operational Decision Manager](../../ODM/README_config.md) +- [Configure the User Management Service](../../UMS/README_config.md) + +## Step 2: Apply the updated custom resources + +1. Review your CR YAML file to make sure it contains all of your intended modifications. + + ```bash + $ cat descriptors/my_icp4a_cr.yaml + ``` + +2. Run the following commands to apply the updates to the operator: + + ```bash + $ kubectl apply -f descriptors/my_icp4a_cr.yaml --overwrite=true + ``` + +## Step 3: Verify the updated automation containers + +The operator reconciliation loop might take several minutes. + +Monitor the status of your pods with: +```bash +$ kubectl get pods -w +``` + +When all of the pods are *Running*, you can access the status of your services with the following commands. +```bash +$ kubectl cluster-info +$ kubectl get services +``` + +Refer to the [Troubleshooting section](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_trbleshoot_operators.html) to access the operator logs. diff --git a/platform/ocp/README.md b/platform/ocp/README.md new file mode 100644 index 00000000..9284438b --- /dev/null +++ b/platform/ocp/README.md @@ -0,0 +1,14 @@ +# IBM Cloud Pak for Automation 19.0.3 on Red Hat OpenShift + +Red Hat OpenShift Cloud Platform 3.11 or 4.2 is the target platform for Cloud Pak for Automation 19.0.3. + +Choose which use case you need, and then follow the links below to find the right instructions: + +- [Install Cloud Pak for Automation 19.0.3 on Red Hat OpenShift](install.md) +- [Uninstall Cloud Pak for Automationr 19.0.3 on Red Hat OpenShift](uninstall.md) +- [Migrate 19.0.x persisted data to 19.0.3 on Red Hat OpenShift](migrate.md) +- [Update Cloud Pak for Automation 19.0.3 on Red Hat OpenShift](update.md) + +Choose to evaluate components: + +- [Install ODM for developers on Red Hat OpenShift](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/topics/tsk_dev_odm_ocp.html) diff --git a/platform/ocp/install.md b/platform/ocp/install.md new file mode 100644 index 00000000..69895684 --- /dev/null +++ b/platform/ocp/install.md @@ -0,0 +1,304 @@ +# Installing Cloud Pak for Automation 19.0.3 on Red Hat OpenShift + +- [Step 1: Create a namespace and get access to the container images](install.md#step-1-create-a-namespace-and-get-access-to-the-container-images) +- [Step 2: Prepare your environment for automation software](install.md#step-2-prepare-your-environment-for-automation-software) +- [Step 3: Create a shared PV and add the JDBC drivers](install.md#step-3-create-a-shared-pv-and-add-the-jdbc-drivers) +- [Step 4: Deploy the operator manifest files to your cluster](install.md#step-4-deploy-the-operator-manifest-files-to-your-cluster) +- [Step 5: Configure the software that you want to install](install.md#step-5-configure-the-software-that-you-want-to-install) +- [Step 6: Apply the custom resources](install.md#step-6-apply-the-custom-resources) +- [Step 7: Verify that the automation containers are running](install.md#step-7-verify-that-the-automation-containers-are-running) +- [Step 8: Complete some post-installation steps](install.md#step-8-complete-some-post-installation-steps) + +## Step 1: Create a namespace and get access to the container images + +From your local machine, you can access the container images in the IBM Docker registry with your IBMid (Option 1), or you can use the downloaded archives from IBM Passport Advantage (PPA) (Option 2). + +1. Log in to your cluster. + ```bash + $ oc login https://:8443 -u + ``` +2. Create an OpenShift project (namespace) in which you want to install the operator. + ```bash + $ oc new-project my-project + ``` +3. Add privileges to the project. + ```bash + $ oc adm policy add-scc-to-user privileged -z default + ``` +4. Download or clone the repository on your local machine and change to `cert-kubernetes` directory + ```bash + $ git clone git@github.com:icp4a/cert-kubernetes.git + $ cd cert-kubernetes + ``` + You will find there the scripts and kubernetes descriptors that are necessary to install Cloud Pak for Automation. + +### Option 1: Create a pull secret for the IBM Cloud Entitled Registry + +1. Log in to [MyIBM Container Software Library](https://myibm.ibm.com/products-services/containerlibrary) with the IBMid and password that are associated with the entitled software. + +2. In the **Container software library** tile, click **View library** and then click **Copy key** to copy the entitlement key to the clipboard. + +3. Create a pull secret by running a `kubectl create secret` command. + ```bash + $ kubectl create secret docker-registry --docker-server=cp.icr.io --docker-username=iamapikey --docker-password="" --docker-email= + ``` + + > **Note**: The `cp.icr.io` value for the **docker-server** parameter is the only registry domain name that contains the images. + +4. Take a note of the secret and the server values so that you can set them to the **pullSecrets** and **repository** parameters when you run the operator for your containers. + +### Option 2: Download the packages from PPA and load the images + +[IBM Passport Advantage (PPA)](https://www-01.ibm.com/software/passportadvantage/pao_customer.html) provides archives (.tgz) for the software. To view the list of Passport Advantage eAssembly installation images, refer to the [19.0.3 download document](https://www.ibm.com/support/pages/ibm-cloud-pak-automation-v1903-download-document). + +1. Download one or more PPA packages to a server that is connected to your Docker registry. +2. Check that you can run a docker command. + ```bash + $ docker ps + ``` +3. Log in to the Docker registry with a token. + ```bash + $ docker login $(oc registry info) -u -p $(oc whoami -t) + ``` + > **Note**: You can connect to a node in the cluster to resolve the `docker-registry.default.svc` parameter. + + You can also log in to an external Docker registry using the following command: + ```bash + $ docker login -u + ``` +4. Run a `kubectl` command to make sure that you have access to Kubernetes. + ```bash + $ kubectl cluster-info + ``` +5. Run the [`scripts/loadimages.sh`](../../scripts/loadimages.sh) script to load the images into your Docker registry. Specify the two mandatory parameters in the command line. + + ``` + -p PPA archive files location or archive filename + -r Target Docker registry and namespace + -l Optional: Target a local registry + ``` + + The following example shows the input values in the command line on OCP 3.11. On OCP 4.2 the default docker registry is based on the host name, for example "default-route-openshift-image-registry.ibm.com". + + ``` + # scripts/loadimages.sh -p .tgz -r docker-registry.default.svc:5000/my-project + ``` + + > **Note**: The project must have pull request privileges to the registry where the images are loaded. The project must also have pull request privileges to push the images into another namespace/project. + +6. Check that the images are pushed correctly to the registry. + ```bash + $ oc get is + ``` +7. (Optional) If you want to use an external Docker registry, create a Docker registry secret. + + ```bash + $ oc create secret docker-registry --docker-server= --docker-username= --docker-password= --docker-email= + ``` + + Take a note of the secret and the server values so that you can set them to the **pullSecrets** and **repository** parameters when you run the operator for your containers. + + +## Step 2: Prepare your environment for automation software + +Before you install any of the containerized software: + +1. Go to the prerequisites page in the [IBM Cloud Pak for Automation 19.0.x](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_prepare_env_k8s.html) Knowledge Center. +2. Follow the instructions on preparing your environment for the software components that you want to install. + + How much preparation you need to do depends on what you want to install and how familiar you are with your environment. + +## Step 3: Create a shared PV and add the JDBC drivers + +1. Create a persistent volume (PV) for the operator. This PV is needed for the JDBC drivers. The following example YAML defines a PV, but PVs depend on your cluster configuration.  + ```yaml + apiVersion: v1 + kind: PersistentVolume + metadata: + labels: + type: local + name: operator-shared-pv + spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + hostPath: + path: "/root/operator" + persistentVolumeReclaimPolicy: Delete + ``` + +2. Deploy the PV. + ```bash + $ oc create -f operator-shared-pv.yaml + ``` + +3. Create a claim for the PV, or check that the PV is bound dynamically, [descriptors/operator-shared-pvc.yaml](../../descriptors/operator-shared-pvc.yaml?raw=true). + + > Replace the storage class if you do not want to create the relevant persistent volume. + + ```yaml + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: operator-shared-pvc + namespace: my-project + spec: + accessModes: + - ReadWriteMany + storageClassName: "" + resources: + requests: + storage: 1Gi + volumeName: operator-shared-pv + ``` + +4. Deploy the PVC. + ```bash + $ oc create -f descriptors/operator-shared-pvc.yaml + ``` + +5. Copy all of the JDBC drivers that are needed by the components you intend to install to the persistent volume. Depending on your storage configuration you might not need these drivers. + + > **Note**: File names for JDBC drivers cannot include additional version information. + - DB2: + - db2jcc4.jar + - db2jcc_license_cu.jar + - Oracle: + - ojdbc8.jar + + The following structure shows an example remote file system. + + ``` + pv-root-dir + + └── jdbc + + ├── db2 + + │ ├── db2jcc4.jar + + │ └── db2jcc_license_cu.jar + + ├── oracle + + │ └── ojdbc8.jar + + ``` + +## Step 4: Deploy the operator manifest files to your cluster + +The Cloud Pak operator has a number of descriptors that must be applied. + - [descriptors/ibm_cp4a_crd.yaml](../../descriptors/ibm_cp4a_crd.yaml?raw=true) contains the description of the Custom Resource Definition. + - [descriptors/operator.yaml](../../descriptors/operator.yaml?raw=true) defines the deployment of the operator code. + - [descriptors/role.yaml](../../descriptors/role.yaml?raw=true) defines the access of the operator. + - [descriptors/role_binding.yaml](../../descriptors/role_binding.yaml?raw=true) defines the access of the operator. + - [descriptors/service_account.yaml](../../descriptors/service_account.yaml?raw=true) defines the identity for processes that run inside the pods of the operator. + +1. Deploy the icp4a-operator on your cluster. + + Use the script [scripts/deployOperator.sh](../../scripts/deployOperator.sh) to deploy these descriptors. + ```bash + $ ./scripts/deployOperator.sh -i /icp4a-operator:19.03 -p '' + ``` + + Where *registry_url* is the value for your internal docker registry or `cp.icr.io/cp/cp4a` for the IBM Cloud Entitled Registry and *my_secret_name* the secret created to access the registry. + + > **Note**: If you plan to use a non-admin user to install the operator, you must add the user to the `ibm-cp4-operator` role. For example: + ```bash + $ oc adm policy add-role-to-user ibm-cp4a-operator + ``` + +2. Monitor the pod until it shows a STATUS of *Running*: + ```bash + $ oc get pods -w + ``` + > **Note**: When started, you can monitor the operator logs with the following command: + ```bash + $ oc logs -f deployment/ibm-cp4a-operator -c operator + ``` + +## Step 5: Configure the software that you want to install + +A custom resource (CR) YAML file is a configuration file that describes an ICP4ACluster instance and includes the parameters to install some or all of the components. + +1. Make a copy of the template custom resource YAML file [descriptors/ibm_cp4a_cr_template.yaml](../../descriptors/ibm_cp4a_cr_template.yaml?raw=true) and name it appropriately for your deployment (for example descriptors/my_icp4a_cr.yaml). + + > **Important:** Use a single custom resource file to include all of the components that you want to deploy with an operator instance. Each time that you need to make an update or modification you must use this same file to apply the changes to your deployments. When you apply a new custom resource to an operator you must make sure that all previously deployed resources are included if you do not want the operator to delete them. + +2. Change the default name of your instance in descriptors/my_icp4a_cr.yaml. + + ```yaml + metadata: + name: + ``` + +3. If you use an internal registry, enter values for the `image_pull_secrets` and `images` parameters in the `shared_configuration` section. + + ```yaml + shared_configuration: + image_pull_secrets: + - + images: + keytool_job_container: + repository: docker-registry.default.svc:5000//dba-keytool-initcontainer + tag: 19.0.3 + keytool_init_container: + repository: docker-registry.default.svc:5000//dba-keytool-jobcontainer + tag: 19.0.3 + pull_policy: IfPresent + ``` + + | Parameter | Description | + | ------------------------------- | --------------------------------------------- | + | `keytool_job_container` | Repository from where to pull the keytool_job_container and the corresponding tag | + | `keytool_init_container` | Repository from where to pull the keytool_init_container and the corresponding tag | + | `image_pull_secrets` | Secrets in your target namespace to pull images from the specified repository | + +4. Use the following links to configure the software that you want to install. + + - [Configure IBM Automation Digital Worker](../../ADW/README_config.md) + - [Configure IBM Automation Workstream Services](../../IAWS/README_config.md) + - [Configure IBM Business Automation Application Engine](../../AAE/README_config.md) + - [Configure IBM Business Automation Content Analyzer](../../ACA/README_config.md) + - [Configure IBM Business Automation Insights](../../BAI/README_config.md) + - [Configure IBM Business Automation Navigator](../../BAN/README_config.md) + - [Configure IBM Business Automation Studio](../../BAS/README_config.md) + - [Configure IBM FileNet Content Manager](../../FNCM//README_config.md) + - [Configure IBM Operational Decision Manager](../../ODM/README_config.md) + - [Configure the User Management Service](../../UMS/README_config.md) + +## Step 6: Apply the custom resource + +1. Check that all the components you want to install are configured. + + ```bash + $ cat descriptors/my_icp4a_cr.yaml + ``` + +2. Deploy the configured components by applying the custom resource. + + ```bash + $ oc apply -f descriptors/my_icp4a_cr.yaml + ``` + +## Step 7: Verify that the automation containers are running + +The operator reconciliation loop might take several minutes. + +Monitor the status of your pods with: +```bash +$ oc get pods -w +``` + +When all of the pods are *Running*, you can access the status of your services with the following command. +```bash +$ oc status +``` +You can now expose the services to your users. + +Refer to the [Troubleshooting section](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_trbleshoot_operators.html) to access the operator logs. + +## Step 8: Complete some post-installation steps + +Go to [IBM Knowledge Center](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_deploy_postdeployk8s.html) to follow the post-installation steps. diff --git a/platform/ocp/migrate.md b/platform/ocp/migrate.md new file mode 100644 index 00000000..b4780d89 --- /dev/null +++ b/platform/ocp/migrate.md @@ -0,0 +1,20 @@ +# Migrating Cloud Pak for Automation data on Red Hat OpenShift + +To migrate your 19.0.x data to 19.0.3, uninstall your current deployment and follow the migration instructions for each component to point to the existing persistent stores. + +## Step 1: Prepare your environment and take note of your existing storage settings + +Use the following links to help you find the relevant software storage settings that you want to migrate. + +- [Configure IBM Business Automation Application Engine](../../AAE/README_migrate.md) +- [Configure IBM Business Automation Content Analyzer](../../ACA/README_migrate.md) +- [Configure IBM Business Automation Insights](../../BAI/README_migrate.md) +- [Configure IBM Business Automation Navigator](../../BAN/README_migrate.md) +- [Configure IBM Business Automation Studio](../../BAS/README_migrate.md) +- [Configure IBM FileNet Content Manager](../../FNCM//README_migrate.md) +- [Configure IBM Operational Decision Manager](../../ODM/README_migrate.md) +- [Configure the User Management Service](../../UMS/README_migrate.md) + +## Step 2: Install your chosen components with the operator + + When you have completed all of the preparation steps for each of the components that you want to migrate, follow the instructions in the [installation](install.md) readme. diff --git a/platform/ocp/uninstall.md b/platform/ocp/uninstall.md new file mode 100644 index 00000000..ee9aa2b4 --- /dev/null +++ b/platform/ocp/uninstall.md @@ -0,0 +1,24 @@ +# Uninstalling Cloud Pak for Automation 19.0.3 on Red Hat OpenShift + +## Delete your automation instances + +You can delete your custom resource (CR) deployments by deleting the CR YAML file or the CR instance. The name of the instance is taken from the value of the `name` parameter in the CR YAML file. The following command is used to delete an instance. + +```bash +  $ oc delete ICP4ACluster +``` + +> **Note**: You can get the names of the ICP4ACluster instances with the following command: + ```bash + $ oc get ICP4ACluster + ``` + +## Delete the operator instance and all associated automation instances + +Use the [`scripts/deleteOperator.sh`](../../scripts/deleteOperator.sh) to delete all the resources that are linked to the operator. + +```bash + $ ./scripts/deleteOperator.sh +``` + +Verify that all the pods created with the operator are terminated and deleted. diff --git a/platform/ocp/update.md b/platform/ocp/update.md new file mode 100644 index 00000000..4c6a97ac --- /dev/null +++ b/platform/ocp/update.md @@ -0,0 +1,54 @@ +# Updating Cloud Pak for Automation 19.0.3 on Red Hat OpenShift + +- [Step 1: Modify the software that is installed](update.md#step-1-modify-the-software-that-is-installed) +- [Step 2: Apply the updated custom resources](update.md#step-2-apply-the-updated-custom-resources) +- [Step 3: Verify the updated automation containers](update.md#step-3-verify-the-updated-automation-containers) + +## Step 1: Modify the software that is installed + +An update to the custom resource (CR), overwrites the deployed resources during the operator control loop (observe, analyze, act) that occurs as a result of constantly watching the state of the Kubernetes resources. + +Use the following links to configure the software that is already installed. You can modify the installed software, remove it, or add new components. Use the same CR YAML file that you deployed with the operator to make the updates (for example descriptors/my_icp4a_cr.yaml). + +- [Configure IBM Automation Digital Worker](../../ADW/README_config.md) +- [Configure IBM Automation Workstream Services](../../IAWS/README_config.md) +- [Configure IBM Business Automation Application Engine](../../AAE/README_config.md) +- [Configure IBM Business Automation Content Analyzer](../../ACA/README_config.md) +- [Configure IBM Business Automation Insights](../../BAI/README_config.md) +- [Configure IBM Business Automation Navigator](../../BAN/README_config.md) +- [Configure IBM Business Automation Studio](../../BAS/README_config.md) +- [Configure IBM FileNet Content Manager](../../FNCM//README_config.md) +- [Configure IBM Operational Decision Manager](../../ODM/README_config.md) +- [Configure the User Management Service](../../UMS/README_config.md) + +## Step 2: Apply the updated custom resources + +1. Review your CR YAML file to make sure it contains all of your intended modifications. + + ```bash + $ cat descriptors/my_icp4a_cr.yaml + ``` + +2. Run the following commands to apply the updates to the operator: + + ```bash + $ oc apply -f descriptors/my_icp4a_cr.yaml --overwrite=true + ``` + +> **Note:** You can also use `oc edit ICP4ACluster ` to open the default UNIX visual editor (vi) in situ. + +## Step 3: Verify the updated automation containers + +The operator reconciliation loop might take several minutes. + +Monitor the status of your pods with: +```bash +$ oc get pods -w +``` + +When all of the pods are *Running*, you can access the status of your services with the following commands. +```bash +$ oc status +``` + +Refer to the [Troubleshooting section](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_trbleshoot_operators.html) to access the operator logs. diff --git a/platform/roks/README.md b/platform/roks/README.md new file mode 100644 index 00000000..93d4062a --- /dev/null +++ b/platform/roks/README.md @@ -0,0 +1,14 @@ +# IBM Cloud Pak for Automation 19.0.3 on Managed Red Hat OpenShift on IBM Cloud Public + +Red Hat OpenShift 3.11 is the managed version on IBM Cloud for Cloud Pak for Automation 19.0.3. + +Choose which use case you need with an operator, and then follow the links below to find the right instructions: + +- [Install Cloud Pak for Automation 19.0.3 on IBM Cloud](install.md) +- [Uninstall Cloud Pak for Automationr 19.0.3 on IBM Cloud](uninstall.md) +- [Migrate 19.0.x persisted data to 19.0.3 on IBM Cloud](migrate.md) +- [Update Cloud Pak for Automation 19.0.3 on IBM Cloud](update.md) + +Choose to evaluate components: + +- [Install ODM for developers on Managed Red Hat OpenShift on IBM Cloud Public](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/topics/tsk_dev_odm_roks.html) diff --git a/platform/roks/install.md b/platform/roks/install.md new file mode 100644 index 00000000..f0c04d9d --- /dev/null +++ b/platform/roks/install.md @@ -0,0 +1,298 @@ +# Installing Cloud Pak for Automation 19.0.3 on Managed OpenShift on IBM Cloud Public + +- [Step 1: Get access to the container images](install.md#step-1-get-access-to-the-container-images) +- [Step 2: Prepare the cluster for automation software](install.md#step-2-prepare-the-cluster-for-automation-software) +- [Step 3: Create a shared PV and add the JDBC drivers](install.md#step-3-create-a-shared-pv-and-add-the-jdbc-drivers) +- [Step 4: Deploy the operator manifest files to your cluster](install.md#step-4-deploy-the-operator-manifest-files-to-your-cluster) +- [Step 5: Configure the software that you want to install](install.md#step-5-configure-the-software-that-you-want-to-install) +- [Step 6: Deploy the operator and custom resources](install.md#step-6-apply-the-custom-resources) +- [Step 7: Verify that the operator and pods are running](install.md#step-7-verify-that-the-operator-and-pods-are-running) +- [Step 8: Complete some post-installation steps](install.md#step-8-complete-some-post-installation-steps) + +## Step 1: Get access to the container images + +From your local machine, you can access the container images in the IBM Docker registry with your IBMid (Option 1), or you can use the downloaded archives from IBM Passport Advantage (PPA) (Option 2). + +1. Go to [Installing containers on Red Hat OpenShift by using CLIs](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_prepare_env_ROKS.html) to get access to the container images. You can access the container images in the IBM Docker registry with your IBMid, or you can use the downloaded archives from IBM Passport Advantage (PPA). +2. Log in to your IBM Cloud Kubernetes cluster. In the OpenShift web console menu bar, click your profile *IAM#user.name@email.com* > *Copy Login Command* and paste the copied command into your command line. + ```bash + $ oc login https://: --token= + ``` +3. Run a `kubectl` command to make sure that you have access to Kubernetes. + ```bash + $ kubectl cluster-info + ``` +4. Download or clone the repository on your local machine and change to `cert-kubernetes` directory + ```bash + $ git clone git@github.com:icp4a/cert-kubernetes.git + $ cd cert-kubernetes + ``` + You will find there the scripts and kubernetes descriptors that are necessary to install Cloud Pak for Automation. + +### Option 1: Create a pull secret for the IBM Cloud Entitled Registry + +1. Log in to [MyIBM Container Software Library](https://myibm.ibm.com/products-services/containerlibrary) with the IBMid and password that are associated with the entitled software. + +2. In the **Container software library** tile, click **View library** and then click **Copy key** to copy the entitlement key to the clipboard. + +3. Create a pull secret by running a `kubectl create secret` command. + ```bash + $ kubectl create secret docker-registry --docker-server=cp.icr.io --docker-username=iamapikey --docker-password="" --docker-email= + ``` + + > **Note**: The `cp.icr.io` value for the **docker-server** parameter is the only registry domain name that contains the images. + +4. Take a note of the secret and the server values so that you can set them to the **pullSecrets** and **repository** parameters when you run the operator for your containers. + +### Option 2: Download the packages from PPA and load the images + +[IBM Passport Advantage (PPA)](https://www-01.ibm.com/software/passportadvantage/pao_customer.html) provides archives (.tgz) for the software. To view the list of Passport Advantage eAssembly installation images, refer to the [19.0.3 download document](https://www.ibm.com/support/pages/ibm-cloud-pak-automation-v1903-download-document). + +1. Download one or more PPA packages to a server that is connected to your Docker registry. +2. Check that you can run a docker command. + ```bash + $ docker ps + ``` +3. Log in to the Docker registry with a token. + ```bash + $ docker login $(oc registry info) -u -p $(oc whoami -t) + ``` + + You can also log in to an external Docker registry using the following command: + ```bash + $ docker login -u + ``` +4. Run a `kubectl` command to make sure that you have access to Kubernetes. + ```bash + $ kubectl cluster-info + ``` +5. Run the [`scripts/loadimages.sh`](../../scripts/loadimages.sh) script to load the images into your Docker registry. Specify the two mandatory parameters in the command line. + + ``` + -p PPA archive files location or archive filename + -r Target Docker registry and namespace + -l Optional: Target a local registry + ``` + + The following example shows the input values in the command line on OCP 3.11. On OCP 4.2 the default docker registry is based on the host name, for example "default-route-openshift-image-registry.ibm.com". + + ``` + # scripts/loadimages.sh -p .tgz -r docker-registry.default.svc:5000/my-project + ``` + + > **Note**: The project must have pull request privileges to the registry where the images are loaded. The project must also have pull request privileges to push the images into another namespace/project. + +6. Check that the images are pushed correctly to the registry. + ```bash + $ oc get is + ``` +7. (Optional) If you want to use an external Docker registry, create a Docker registry secret. + + ```bash + $ oc create secret docker-registry --docker-server= --docker-username= --docker-password= --docker-email= + ``` + + Take a note of the secret and the server values so that you can set them to the **pullSecrets** and **repository** parameters when you run the operator for your containers. + + +## Step 2: Prepare the cluster for automation software + +Before you install any of the containerized software: + +1. Follow the instructions on preparing the cluster for the software components that you want to install in the [IBM Cloud Pak for Automation 19.0.x](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_prepare_env_k8s.html) Knowledge Center. + + How much preparation you need to do depends on what you want to install and how familiar you are with the cluster. + +## Step 3: Create a shared PV and add the JDBC drivers + + 1. Create a persistent volume (PV) for the operator. This PV is needed for the JDBC drivers. The following example YAML defines a PV, but PVs depend on your cluster configuration. + ```yaml + apiVersion: v1 + kind: PersistentVolume + metadata: + labels: + type: local + name: operator-shared-pv + spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + hostPath: + path: "/root/operator" + persistentVolumeReclaimPolicy: Delete + ``` + + 2. Deploy the PV. + ```bash + $ oc create -f operator-shared-pv.yaml + ``` + + 2. Create a claim for the PV, or check that the PV is bound dynamically, [descriptors/operator-shared-pvc.yaml](../../descriptors/operator-shared-pvc.yaml?raw=true). + + > Replace the storage class if you do not want to create the relevant persistent volume. + + ```yaml + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: operator-shared-pvc + namespace: my-project + spec: + accessModes: + - ReadWriteMany + storageClassName: "" + resources: + requests: + storage: 1Gi + volumeName: operator-shared-pv + ``` + + 3. Deploy the PVC. + ```bash + $ oc create -f descriptors/operator-shared-pvc.yaml + ``` + + 4. Copy all of the JDBC drivers that are needed by the components you intend to install to the persistent volume. Depending on your storage configuration you might not need these drivers. + + > **Note**: File names for JDBC drivers cannot include additional version information. + - DB2: + - db2jcc4.jar + - db2jcc_license_cu.jar + - Oracle: + - ojdbc8.jar + + The following structure shows an example remote file system. + + ``` + pv-root-dir + + └── jdbc + + ├── db2 + + │ ├── db2jcc4.jar + + │ └── db2jcc_license_cu.jar + + ├── oracle + + │ └── ojdbc8.jar + + ``` + +## Step 4: Deploy the operator manifest files to your cluster + +The Cloud Pak operator has a number of descriptors that must be applied. + - [descriptors/ibm_icp4a_crd.yaml](../../descriptors/ibm_icp4a_crd.yaml?raw=true) contains the description of the Custom Resource Definition. + - [descriptors/operator.yaml](../../descriptors/operator.yaml?raw=true) defines the deployment of the operator code. + - [descriptors/role.yaml](../../descriptors/role.yaml?raw=true) defines the access of the operator. + - [descriptors/role_binding.yaml](../../descriptors/role_binding.yaml?raw=true) defines the access of the operator. + - [descriptors/service_account.yaml](../../descriptors/service_account.yaml?raw=true) defines the identity for processes that run inside the pods of the operator. + +1. Deploy the icp4a-operator on your cluster. + + Use the script [scripts/deployOperator.sh](../../scripts/deployOperator.sh) to deploy these descriptors. + ```bash + $ ./scripts/deployOperator.sh -i /icp4a-operator:19.03 -p '' + ``` + + Where *registry_url* is the value for your internal docker registry or `cp.icr.io/cp/cp4a` for the IBM Cloud Entitled Registry and *my_secret_name* the secret created to access the registry. + + > **Note**: If you plan to use a non-admin user to install the operator, you must add the user to the `ibm-cp4-operator` role. For example: + ```bash + $ oc adm policy add-role-to-user ibm-cp4a-operator + ``` + +2. Monitor the pod until it shows a STATUS of *Running*: + ```bash + $ oc get pods -w + ``` + > **Note**: When started, you can monitor the operator logs with the following command: + ```bash + $ oc logs -f deployment/ibm-cp4a-operator -c operator + ``` + +## Step 5: Configure the software that you want to install + +A custom resource (CR) YAML file is a configuration file that describes an ICP4ACluster instance and includes the parameters to install some or all of the components. + +1. Make a copy of the template custom resource YAML file [descriptors/ibm_cp4a_cr_template.yaml](../../descriptors/ibm_cp4a_cr_template.yaml?raw=true) and name it appropriately for your deployment (for example descriptors/my_icp4a_cr.yaml). + + > **Important:** Use a single custom resource file to include all of the components that you want to deploy with an operator instance. Each time that you need to make an update or modification you must use this same file to apply the changes to your deployments. When you apply a new custom resource to an operator you must make sure that all previously deployed resources are included if you do not want the operator to delete them. + +2. Change the default name of your instance in descriptors/my_icp4a_cr.yaml. + + ```yaml + metadata: + name: + ``` + +3. If you use an internal registry, enter values for the `image_pull_secrets` and `images` parameters in the `shared_configuration` section. + + ```yaml + shared_configuration: + image_pull_secrets: + - + images: + keytool_job_container: + repository: docker-registry.default.svc:5000//dba-keytool-initcontainer + tag: 19.0.3 + keytool_init_container: + repository: docker-registry.default.svc:5000//dba-keytool-jobcontainer + tag: 19.0.3 + pull_policy: IfPresent + ``` + + | Parameter | Description | + | ------------------------------- | --------------------------------------------- | + | `keytool_job_container` | Repository from where to pull the keytool_job_container and the corresponding tag | + | `keytool_init_container` | Repository from where to pull the keytool_init_container and the corresponding tag | + | `image_pull_secrets` | Secrets in your target namespace to pull images from the specified repository | + +4. Use the following links to configure the software that you want to install. + + - [Configure IBM Automation Digital Worker](../../ADW/README_config.md) + - [Configure IBM Business Automation Application Engine](../../AAE/README_config.md) + - [Configure IBM Business Automation Content Analyzer](../../ACA/README_config.md) + - [Configure IBM Business Automation Insights](../../BAI/README_config.md) + - [Configure IBM Business Automation Navigator](../../BAN/README_config.md) + - [Configure IBM Business Automation Studio](../../BAS/README_config.md) + - [Configure IBM FileNet Content Manager](../../FNCM//README_config.md) + - [Configure IBM Operational Decision Manager](../../ODM/README_config.md) + - [Configure the User Management Service](../../UMS/README_config.md) + +## Step 6: Apply the custom resources + +1. Check that all the components you want to install are configured. + + ```bash + $ cat descriptors/my_icp4a_cr.yaml + ``` + +2. Deploy the configured components by applying the custom resource. + + ```bash + $ oc apply -f descriptors/my_icp4a_cr.yaml + ``` + +## Step 7: Verify that the operator and pods are running + +The operator reconciliation loop might take several minutes. + +Monitor the status of your pods with: +```bash +$ oc get pods -w +``` + +When all of the pods are *Running*, you can access the status of your services with the following command. +```bash +$ oc status +``` +You can now expose the services to your users. + +Refer to the [Troubleshooting section](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_trbleshoot_operators.html) to access the operator logs. + +## Step 8: Complete some post-installation steps + +Go to [IBM Knowledge Center](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_deploy_postdeployk8s.html) to follow the post-installation steps. diff --git a/platform/roks/migrate.md b/platform/roks/migrate.md new file mode 100644 index 00000000..658ab562 --- /dev/null +++ b/platform/roks/migrate.md @@ -0,0 +1,20 @@ +# Migrating Cloud Pak for Automation data on Managed Red Hat OpenShift + +To migrate your 19.0.x data to 19.0.3, uninstall your current deployment and follow the migration instructions for each component to point to the existing persistent stores. + +## Step 1: Prepare your environment and take note of your existing storage settings + +Use the following links to help you find the relevant software storage settings that you want to migrate. + +- [Configure IBM Business Automation Application Engine](../../AAE/README_migrate.md) +- [Configure IBM Business Automation Content Analyzer](../../ACA/README_migrate.md) +- [Configure IBM Business Automation Insights](../../BAI/README_migrate.md) +- [Configure IBM Business Automation Navigator](../../BAN/README_migrate.md) +- [Configure IBM Business Automation Studio](../../BAS/README_migrate.md) +- [Configure IBM FileNet Content Manager](../../FNCM//README_migrate.md) +- [Configure IBM Operational Decision Manager](../../ODM/README_migrate.md) +- [Configure the User Management Service](../../UMS/README_migrate.md) + +## Step 2: Install your chosen components with the operator + + When you have completed all of the preparation steps for each of the components that you want to migrate, follow the instructions in the [installation](install.md) readme. diff --git a/platform/roks/uninstall.md b/platform/roks/uninstall.md new file mode 100644 index 00000000..9bc76e8d --- /dev/null +++ b/platform/roks/uninstall.md @@ -0,0 +1,24 @@ +# Uninstalling Cloud Pak for Automation 19.0.3 on Managed Red Hat OpenShift + +## Delete your automation instances + +You can delete your custom resource (CR) deployments by deleting the CR YAML file or the CR instance. The name of the instance is taken from the value of the `name` parameter in the CR YAML file. The following command is used to delete an instance. + +```bash +  $ oc delete ICP4ACluster +``` + +> **Note**: You can get the names of the ICP4ACluster instances with the following command: + ```bash + $ oc get ICP4ACluster + ``` + +## Delete the operator instance and all associated automation instances + +Use the [`scripts/deleteOperator.sh`](../../scripts/deleteOperator.sh) to delete all the resources that are linked to the operator. + +```bash + $ ./scripts/deleteOperator.sh +``` + +Verify that all the pods created with the operator are terminated and deleted. diff --git a/platform/roks/update.md b/platform/roks/update.md new file mode 100644 index 00000000..329e4995 --- /dev/null +++ b/platform/roks/update.md @@ -0,0 +1,54 @@ +# Updating Cloud Pak for Automation 19.0.3 on Managed Red Hat OpenShift + +- [Step 1: Modify the software that is installed](update.md#step-1-modify-the-software-that-is-installed) +- [Step 2: Apply the updated custom resources](update.md#step-2-apply-the-updated-custom-resources) +- [Step 3: Verify the updated automation containers](update.md#step-3-verify-the-updated-automation-containers) + +## Step 1: Modify the software that is installed + +An update to the custom resource (CR), overwrites the deployed resources during the operator control loop (observe, analyze, act) that occurs as a result of constantly watching the state of the Kubernetes resources. + +Use the following links to configure the software that is already installed. You can modify the installed software, remove it, or add new components. Use the same CR YAML file that you deployed with the operator to make the updates (for example descriptors/my_icp4a_cr.yaml). + +- [Configure IBM Automation Digital Worker](../../ADW/README_config.md) +- [Configure IBM Automation Workstream Services](../../IAWS/README_config.md) +- [Configure IBM Business Automation Application Engine](../../AAE/README_config.md) +- [Configure IBM Business Automation Content Analyzer](../../ACA/README_config.md) +- [Configure IBM Business Automation Insights](../../BAI/README_config.md) +- [Configure IBM Business Automation Navigator](../../BAN/README_config.md) +- [Configure IBM Business Automation Studio](../../BAS/README_config.md) +- [Configure IBM FileNet Content Manager](../../FNCM//README_config.md) +- [Configure IBM Operational Decision Manager](../../ODM/README_config.md) +- [Configure the User Management Service](../../UMS/README_config.md) + +## Step 2: Apply the updated custom resources + +1. Review your CR YAML file to make sure it contains all of your intended modifications. + + ```bash + $ cat descriptors/my_icp4a_cr.yaml + ``` + +2. Run the following commands to apply the updates to the operator: + + ```bash + $ oc apply -f descriptors/my_icp4a_cr.yaml --overwrite=true + ``` + +> **Note:** You can also use `oc edit ICP4ACluster ` to open the default UNIX visual editor (vi) in situ. + +## Step 3: Verify the updated automation containers + +The operator reconciliation loop might take several minutes. + +Monitor the status of your pods with: +```bash +$ oc get pods -w +``` + +When all of the pods are *Running*, you can access the status of your services with the following commands. +```bash +$ oc status +``` + +Refer to the [Troubleshooting section](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/op_topics/tsk_trbleshoot_operators.html) to access the operator logs. diff --git a/scripts/checkDeadLinks.sh b/scripts/checkDeadLinks.sh deleted file mode 100755 index ad374d20..00000000 --- a/scripts/checkDeadLinks.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -# Collect all dead links in a file -find . -name \*.md -exec markdown-link-check -c ./scripts/config-check-broken-links.json {} \; 2>/dev/null | egrep "[✖]" > broken.txt - -# Count the number of lines, extract only that number -n_broken=`wc broken.txt --lines | cut -f 1 -d " "` - -if [[ $n_broken > 0 ]] -then - echo "Number of broken files: "$n_broken - cat broken.txt - rm broken.txt - exit $n_broken -fi - -rm broken.txt - diff --git a/scripts/config-check-broker-links.json b/scripts/config-check-broker-links.json deleted file mode 100644 index 37531cd0..00000000 --- a/scripts/config-check-broker-links.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "ignorePatterns": [ - { - "pattern": "^http://.*example.com" - }, - { - "pattern": "^http://.*endsp" - } - - ], - "replacementPatterns": [ - - ], - "httpHeaders": [ - - ] -} \ No newline at end of file diff --git a/scripts/deleteOperator.sh b/scripts/deleteOperator.sh new file mode 100755 index 00000000..877721b1 --- /dev/null +++ b/scripts/deleteOperator.sh @@ -0,0 +1,19 @@ +#!/bin/bash +############################################################################### +# +# Licensed Materials - Property of IBM +# +# (C) Copyright IBM Corp. 2019. All Rights Reserved. +# +# US Government Users Restricted Rights - Use, duplication or +# disclosure restricted by GSA ADP Schedule Contract with IBM Corp. +# +############################################################################### +kubectl delete -f descriptors/operator.yaml +kubectl delete -f descriptors/role_binding.yaml +kubectl delete -f descriptors/role.yaml +kubectl delete -f descriptors/service_account.yaml + +kubectl patch crd/icp4aclusters.icp4a.ibm.com -p '{"metadata":{"finalizers":[]}}' --type=merge +kubectl delete crd icp4aclusters.icp4a.ibm.com +echo "All descriptors have been successfully deleted." diff --git a/scripts/deployOperator.sh b/scripts/deployOperator.sh new file mode 100755 index 00000000..f41b82d7 --- /dev/null +++ b/scripts/deployOperator.sh @@ -0,0 +1,67 @@ +#!/bin/bash +############################################################################### +# +# Licensed Materials - Property of IBM +# +# (C) Copyright IBM Corp. 2019. All Rights Reserved. +# +# US Government Users Restricted Rights - Use, duplication or +# disclosure restricted by GSA ADP Schedule Contract with IBM Corp. +# +############################################################################### + +function show_help { + echo -e "\nUsage: deployOperator.sh -i operator_image [-p 'secret_name']\n" + echo "Options:" + echo " -h Display help" + echo " -i Operator image name" + echo " For example: cp.icr.io/cp/icp4a-operator:19.03 or registry_url/icp4a-operator:version" + echo " -p Optional: Pull secret to use to connect to the registry" +} + +if [[ $1 == "" ]] +then + show_help + exit -1 +else + while getopts "h?i:p:" opt; do + case "$opt" in + h|\?) + show_help + exit 0 + ;; + i) IMAGEREGISTRY=$OPTARG + ;; + p) PULLSECRET=$OPTARG + ;; + :) echo "Invalid option: -$OPTARG requires an argument" + show_help + exit -1 + ;; + esac + done +fi + +echo "Using the operator image $IMAGEREGISTRY." +[ -f ./deployoperator.yaml ] && rm ./deployoperator.yaml +cp ./descriptors/operator.yaml ./deployoperator.yaml +if [ ! -z ${IMAGEREGISTRY} ]; then + # Change the location of the image + echo "Using the operator image name: $IMAGEREGISTRY" + sed -e "s|image: .*|image: \"$IMAGEREGISTRY\" |g" ./deployoperator.yaml > ./deployoperatorsav.yaml ; mv ./deployoperatorsav.yaml ./deployoperator.yaml +fi + +# Change the pullSecrets if needed +if [ ! -z ${PULLSECRET} ]; then + echo "Setting pullSecrets to $PULLSECRET" + sed -e "s|admin.registrykey|$PULLSECRET|g" ./deployoperator.yaml > ./deployoperatorsav.yaml ; mv ./deployoperatorsav.yaml ./deployoperator.yaml +else + sed -e '/imagePullSecrets:/{N;d;}' ./deployoperator.yaml > ./deployoperatorsav.yaml ; mv ./deployoperatorsav.yaml ./deployoperator.yaml +fi + +kubectl apply -f ./descriptors/ibm_cp4a_crd.yaml --validate=false +kubectl apply -f ./descriptors/service_account.yaml --validate=false +kubectl apply -f ./descriptors/role.yaml --validate=false +kubectl apply -f ./descriptors/role_binding.yaml --validate=false +kubectl apply -f ./deployoperator.yaml --validate=false +echo "All descriptors have been successfully applied. Monitor the pod status with 'oc get pods -w' in the namespace $NAMESPACE." diff --git a/scripts/loadimages.sh b/scripts/loadimages.sh old mode 100755 new mode 100644

    • v z_KHXXf4jtI+? zOOiZj{4VVyQ(v5p9|09~9n}Gwvkp6~4m(4jPr#>qnsS6SR3lJp1WxBh+sooi9>tfU zXdcgb zRw38uHPtd-G8suLmu+O-XOgF9U{^Y6iYklv)g`ZpV8uXtUU=H9?Y@4;go%Sgtbl`a z)&rrwAv5P5^3jE6xVW!@57R^(UzT(|*Bjx>PCH{xdQeJP7 zXcS)IxjS(%QD%W7I#08IvDZ)!tvdWPTp0NXeK+xjf@TCO)s3YOYAVv6eZr~kAi(?A zszq7;eZd{@58*a&?>5_@65*Jsjmi&+vMN}kg~6F47n?~cq(bj5i37|@rBKJ&e*z!* zadBu^NO1xE#8*t!>y#j-w_bTwyGXeUCp2P)60qesgT=dScO$SLv}6JLzQZbG4#;4x zQ|tXDcH2OI&em!B@7d{ZGf$4PENksMG2&OaUtlQ_cQyH4fg{>dWmd7YMx-uAq6Yr% z?t6Tzc-|2Y=50RTYj&UAEl|t&rlF8fqX>N;3WB`6rI|$87q6XakflAA#@+Dwf;_iS z!`)Jrc%*Q6`|AtH->}3G46>UHY@u|pXlX(!ee1MeFY%Y+i`iz+1O&aa)l^M*QBg!% zC4HFSlv?gSi1zy>*$@Q00zAR-Nl9btX(Li*7fR-0W622l-niUQt0+rPs=ppmczB0l zksVOy)(vKLBrv+Ql*9BRu(|)pK7oEzop}nMX=_qsk?m#Wtut$bmXde!ZyblN*4yOR zWAs*4=RQs@%sMUMA$qa0(_6n>J}!lRSATW0yD7m3QSe6&*+M2*@x>3I6AXS~A<$IL zX{>F3+xQ~AX`l%qqNR4PU#XTKW8a|$)nW%$tGKdm`RE7D-M@J$&i$5MFa9JobWOD? z%yeB_Pt8cD^CVtnrn(P`s)FBI&1s_I+dZ*$({AvOTUBk9^4YW5qu%^X{#@jHZ+9Q^ z$H-WPfiM}%k2RUtn47pi#-GGWTvNc;y^%l9Ip)eDsbs<$dwWq8_da}7z|o4p3%S?7 zd4P)ejbv$}MlR?PBd*fd!qY4>-sCf9;Vl`93Ca$-D|)3$4Dc@U@)HxOigF(&%LhKQ zA%nw<)~!}a7H~xA_C^WKWLKaI)}rlY!#wFpx4hco+?AF387aNY=>eOF*^M9%LBy9` zzGyk?ptdFqLqKS(WISGajU(jMPbs-hIgaL>O9)Ps=968nE3ER+7AgtIqMPaNb@uFA zxfviJ3;!Aadu$f=Cv-Kjt8XDs$p`|KJ?%oNfr(rQ#;ct=8o$?9K6GE%@^)ikebDYiJeOHcUJ+29wl$pS+)rLieynH;ft$ZIHnydKQaR99j$TIyH%;~UZ5gN*#{{c(NYxEHwZJ?@zHFj3 z+i5eoYp0%rzkJ0Ei*U75V0MySd0SPUt*^Vs^*<0o#bhBm9n9P>llRIvN;Cr*x`W4? z2HUx4LUpCM>|pZ(= zyFc~?BNc3iGWuwG2p$b{B)XU+)p`sKD`6a8jg4GgFbeF`EC4|LhbGcEo#UVuJD8uj zVfTp1;au;FS@PZouL)2y!?|lU1GkUfy{I5^UYzIgUIQK2AMj4q5+v*|Gw-K{VVtQ0 z9q)4v4wo%O{#&^*HR1Prro1Ktj{Xl0@ZcjFh|cUelWUe9kXjq}Qeef656sJyh{uIO zMe$FkKl^RGIQyT&;#=J4$m8JCDMOflZ4jjQuL!cgHNlU-a$2#cN4(G!V<)e?7hY?> z8PDX_J_jEBm~liIWo)_Aw-Dc)*>ii3&4b^!8#xGK_*s&;-*i@jp9A0|GyKY6mRVBi zSQGsSF=!HpwI8F0*i&g9U_o=EDF_akgrVmO)*V$O=tw~= zZxZFm;ZPCmFbV*ktu!joaql9hVScGXdMa^@D@aT$yAtDsF>uB~fCx=8TOV;Sj-t$? zevuqt{Ro}>CTCehSIdl1x)YM_u-Czn?#faOHAqkau}~y@gsf<+wpcFMq339-W80^pDpEXf=R&ot4VDNq)*sI942ux@7O?Xj6TW%O!(>ZgHHx? zlqbWZ-yCZ1Iz>~>ESsEz-4To5V!&~ezRQ4)$zQkDe4to|8GZJYS*T_u!gIY)vXb6< zcl3efhLVuA2HZd9?!~|eO849^RK5?9o&Qg6CNm=zDFQ&tA?E4jOpuH>IQxuGh$c# zzEew)J@4-Nxo=>>y0bV|Nw;Rit0A@PVN?*VeJYw0P?e-WVZA&qIh|?h%tY5DhhJHo zBZX)RY5>xcz}RfgQ>+x2h(kqxU=8PV`i@H9pdM~V!<`Kgxi(ylQG17-=PHLcVe}x- zBmrqexF$^Nm>0b+z9||C)f@gzapfZuIKlqx`?VKbWSsH`z3_8yQFNn@*sek{r z+5FL_adgX2&A8+!dK3J_@6-8(4*ZYwo&)L5rQ(u4k?~0)k!x0afsG&lQ`CR9-+g;Y zyfuy}hkRwiX2wO*Jr?JkD0P;F&Pc{k=Z^Gkb1%Ro+v@!=U*L~T*6LawdDHsTlrMQB z8Y6%2kwER!NB0gBvR;-{09>ak_=!-B$1V3k%iM95;2>TBrsa*h+uBDrLF@h>5}5LRI7Y3g#ufB~3A{A#d8 zKte%S0V>GuUjm|>ooAdyB;5zVDb}3S(&RS`9!b4jz!U=2M@{`24m#pixPS4!QgXBU z-8pnf(}UFWCegvw*t!)Ig41rnQc@5DN~N$*2&_m&EfjK+(Rdi`tfm3fCsvplt%Z?q zMFi{9qsKWb<%=5yGvY|?lNGa^(RZtjJE)Owp2fDA@t90j71Y1yyuXHg_b^I}$YIDX zHs!Gp#8wT^09}K)|4!(Thm!Al%s96VGxXjnQ2H`5v$jgQXhg^!{$T1V3V%m|a&fB3 zly7*#kWjb4Jlpi6H-TBxy=O8cXTP0A`hIyxAn1XCb?*mwU5u${g5A|NXfkHJ6r!~e zm`NOow;||0RXdIT<2&UF9}{8jmXx>ElN-Zs%it~w$hPEz5 z!*ON#r}TEdM$Bp;?>AU;TGl@oGjD@jKo+Tpa}gV>q9v~Oo`p}0c`hfk(HUz0;bFujO7*vjsWyZJTz=&; z(oM^{Cw|x?04L|R_%|oRA#=PS-ciOR{4!hHV<770T@-HaUo+p5&aNwPQZ7<&pM!^V z+W1YA=MgsmHM=P6C6+w!*lsG)Z4g5b*!-#~2`(q*+^!<=A52Rag>ASSUu1# z=o-Q1tiFdhh)~2kU~hWT~9AO*md)LklGlSyZY#&^0PhB)P52;L<7Rd2$grYp;2gp35Vf0bA=@Bmggq zAn_|RY6)Ul@2iMDU(ey@L^Olkb}WP1VzPjD}iH@D%-4=``0tz0`14)9hMB}I_- z>XmIqbJFNERqhC%ZuaM#i*Kx%u}Z%{)m>AiPm)qf068sBIJ0y#ol2+xS5+1SFWi+f zjkmjj#~*I9ITrn(a+ZM<>?Gam8`VedtcHrpqnKyV0yC;wAw;O%a?(|Zsmp(tqtPsp zKU+(+Zi4XFcJ^!yB`DR0$Ir)jNyII55F(TkVtCSfkPVbUwt9aI)Vm=0+^NiDvGI}R z0qo!`gTP#%o(;d1h6n&3MwyJy>j;rKX^jaCGK0Qtion>-z}(2s33}hEm!PCzcl|4= zmh;~@@@zxr(zby}nGNOblY)9;tRz`10ITk-Z75?+ze@Ub{FHp9E=tnmT-tx}e!!K6 z?0qubE_6$(LdBMCqWkA-&dfP$_=sXvA_xfoIRCJK8Kb%UGfzoiUzjam{gD!S{0tluK6}qh;Z$;TE>BIlF@D3LPSg0L ztnn^A;xDi|3k1-14@Rv~ndu>|#S%>Ni~$PpaOHhMsk9{COpKhgEkS$r+?$CzjG%uw zIj1sYYOSL6y-CO}wons0e`{PSoJD?vnlApzm#R?xOy4ot(Sp=Lq2a`<;w~F})=V2r{ka|5d<(lk#!0{)@xNmEAJqkhr$>G7uZA3z>=`P`5;>!F+IRMbiQ zwJ+fTLl3t6VVjB=B2F()-z<-R8F8KH#7%Y1>44)Z+Y(fF%_bl?FN%hcYac+I#p zHv|gVyw5lu(S^+#Bed!Aa_M7DnZNY|5b6UarIj)6uh}cDQrf(y1y|hemo4TC8^|g3 zx-K-LPGZz*_F&HB4rzJu$Wp0+{YP8*mg@(xdRhcq|2fb=DtBP2Q;=e2xNJ8nBC9cyjc!{wOC2`ryJQpUt z2HXi0fOW^eUD?iG^5(RdVu7!*+MvWZJc2-0O}~hgN*o68J{DSZ9Twsdp+b{1Y843s zP&R+Yw%3kVfeUM$IT~I|I~B0mpJ}LLW<~e=dcWQFb+|w7_)0%WGXVgkS6=Df(+0<- zR5vKYSnrM0(7=`3tg3U5lXhAciElg8qGIkS{`4HYdeQ0S-4{KLzs<4cDG&0Nff>7{ z@SHNBj#RePVbLi4EqHrNtUexFY}3Ov?6J}bGP58VLJY-rhW zUSn7_+q0}eS;fu@_%zh=Sv8@g{}MkEw;(-Md81yzVoCS8(1i8xGJ zHBIINBg1bcC(~n%irQFnTy*a*Lnn8)kw#C7KR26UDOuyw3_3z)A4VZuhwTX2v~nG& zKK}yScYWC***%aoyfjY-cLGFTp7#;H&J`iP)6%~2eqxBro&Yrl77MsF?^35>N)~}m zH=iglIy(TbRvJViX+;~^UC)fglYn17=4)uqJt*)9QY&i3UyYQU=OxEb;-F%Ri# zVO|#coxv*iLa_yUryN+M;4G}ttC?vhytXYocU5XF$}fSI5ZJ{djQ~d74wL zw4ivX1p<{Sdc}qT2AeVT*8g$sJvY2%9Bbm+ds9d&Mya;#N1`YG96lDMnW&wGnUheDB(2 z*!12|Lm9Oae42@srxGG@`|_(!V&JOgJLa^|aVH&43+s?`P>0rzD}Be9E4Z#RgojYzm)k()(u-lu7PH^;E2S$ZmGx8=`M_|Ig0;-kZ8mav+h z;FXz~i+B4SH-7{jP8-|3E$qiTxc5`98dI)i1&MiRB=DctFSNn zSTG(Zgi5N#$*h(o^KHCeu~yMW&Ht>kpr8~vt!~cDDLft_*b<-VpYMzP$^>5^-*Xlf;VH^f%Q{ih zwo{%SObZAyJ=5uuN3Qx;fZs-=L{sL|N3wd1^4qUnaNgC!hSl$@r|wBJ>pkiU>+941 z?-AB^jp^iDiT~6)%FCk_DzpZ?oZ!Tl_-K#yXH{$XKvBH=A#6XWvVhkLVe!e-aVQ7B zhpKc}Rny~vjp<@mUR~}DK{uzryQr{{iM_4K^$)?LZ*!^VY-8WKyq(?V2r<>wR>t9e zlH@RDM8dk5*X1s-yzcG&W7|ud!*f{Pd|b{vVq|&09MNLc;naWGF@|G4vj5oj*RolC z#Y#4}ms%px|FP}cxwl<#`gXS-16x9TOZE!V)#+hal`{X}gY_4i9TmpN#1KHc_(9)y zs^3h~gwlmGvLU5G`B`-3SYDs{S&7xmJ@BmNt`JvqM=mbn>z3y;=8M=J%}AzDNuk}p zpWXUu_{aJkzyb(PbM-~wk5_Yeoo_nTce-Q!${XJX*80>DaeLh#-TW(Cyl<~0?Q?n9 zzeHJ^d@E=CO8*KeY^!JWSXzEvjEZKlccNEPMlCUX_$=Rqw#?8LzlYc@ZcsLHMQyYB z9!~Yex8`_xmr&Q)sG#e0+PsVpvAmZ`WwQD2%H2aw=Wa;egf4H;p96Ffq~nQi)LOLP z#03u9LvDJ3o3L4a!m2x2oTk=w(6D8R#_kD_Zs4@d;*0z^RYP6`3cPCYXC%_9XG6p> z>_h8VaaKrY=#9fbhD2(oe{F&nk86~=xEW@XN981$CRXDOBoI+GtgqTZ;P9>H~2raw_DEq@DEz zt6?d>^L9kIxnIr+54`o1*_|d~tKDn6Yvs*D$6vH-Z5U-fW{fTfOM5JuWw0)JJb#+^ z>CylYCh!*Ct=!tD(y@nX(6yfqz@}YOb-NtU+R91Usc_7mC*g_8H~+Z4kdX2PmQ;OFlq`3rCJqKJJrBxiovswtxsh!GwR$+Oz$DS}w8{yqU~8rmm) zxpF|H<`MA?8u4M_fSBEdZp#uk7ppi2eR+T_R@RK6QH9puCjyl-t7!H0t9mB011+m0 z<+2$TGZFzq`QLZipXqFW;9;S%`(qta*dPOc(sbHb2Cj6ho%!f859BOY|BeJ;5S=&n zW0nj!mZE>oB9*U*MYduj6}Cr%f|tRMV~BF+VV`($J@LegAApu{cJhn8M%gmYo7@lk}tM4oBFD#vp6dzb$M34fKEvMLlz*)*a3M=m}@;mp5?V z@Fk`NSkUG*q+jA7`vvP56FsO66sf*iWM|MbjxQX!g@9v&yM&WG;y#AtjKvEceyUu%~B#_m|ZP+0@RTCz_eGcLQS<_#`lZJdHbIG zGklLtlYYeThPBmaOm>5cTQn3GC9!r@#mt4*ofU891Cp&7XU>#&A@axO&-G>)f!F7k zA^X5iY}ltk_<;^PcEfgh_KCpOjKb>DfDb>mge|jK@@shC!-505AtDPXin~Dero6X% zVjwME?e?V$V>-6t!mFVdqzBDC;sEy7pNn|JKO!Js*!yU>nqG47xonU8 zWHD&?Y|8=7zlU=m_9QfFht;*K;qsmgqnk{j3C)9Fwblrs?`TN_CyR9QPp1|fCcd&d~G-Lzk^Z{dJ1odUNF#%5;MJ@F3f>ezhZzHAd#Fbf&X)=Y~jX|y;-L~ zK<;kKX_4#2!rqqo9CpyhX0#;>$$@xaqgx7mz9ol0?CiFKqdzd{ffovxI)Pk4?!ccs zS{SnsyuMVpg1%ny2DPVAIJIw*7k0i1$$s-}Omj@cT%v8yv<~IMcp5K5i@y!hCI$!G z9SVj%I>pY_w5CcKgRBlihg*$aCU>lf_{~TDBJ+&%N%j=PKUER;IuO2qu9`=vxq7G_ zF!3|{-O5ww@~qaZl7T*(cTfrCV4palc?b8`OW_xxf`aC|DJ$=3t;#T-7ZK$I25BDy z27g4)8Ab8k@LA`z6Z@|)&j+u^Oc>z1kb{asqQkFWPZI$RGi*3G>+z#yXYAL^lYtUd zB3aI`#oeR@4iPr+){~KJMDha_^p(Dk4iiRhNnjbJdD`ka!@Nc^O`uhGohC8GDt4s( zq$gSQGysg=ARu~r?(JeU;8xzH#@}kX{Q}!Agwr+h1ZMhogX?8>g*l+8diZt1A6j`y z2unC+s#l~ybBB1gk9MU|Q`ZBjtK>ZqzW9QA#AzUM8nKhA*EQa30r2Ll3N-WyH+c(b zN}#J$UR#KrVf;=S__n=CB+bG>pu}LSW@X|!Z!Bdn^kuYJNX36geJd;#Xlgxxw0@;a zCRz;d!>1R)BKrMZJ+Z5S$YU$UxK-3Kg1S#7~^ zmUAopiW%RnwIIfnBCe04lDbO(!|gN5+u^#v8O5ckL@Pg(yR9OWwe&BxE%dq+z%D!U z9wnZa5Qi=3+Qq&ZH64a6!3lGPKI#K(+Z4dvuyQm~;Ub*FA;@Mxm#5SaH6B%J9Y@|g zV_u-iB-ejZiOKy)9aM4ZUnmJuwR@$^Ra!AZt6?USG$x?)Jh=6(R-qh;bP zS&A0F<11zT^INMb7I?PPYM!VTc)65!l#h5cgdC+iE07D-eSfHwY6<#ZKw=OHfw;{Q zyrmsngF6toQ^GV~h!V{9-@6<3_SzqfoscnL@bq{yn%q=^8cdm>OO*>H{r5nHOb!q{$a3OvL$uZNMdK!G@1chn7;qLOTPNqWc6HWB2v%JRF5nfp53e zZ!&YjM_0f*yAGOV!TWGJ;kVD#=sgQhb>!P*i}oYOK)gO6-pdIx7clc&>a3~%$yTZl zLaLU8%J%cw%4)t(3@dpM`-5ll7f4+teKwrQt>lazaWR=CW3enx$o#?@&DW@56w^?dkIYLDx9kc{P-IDljd@&PMJX;rQP$a6+_oV)|)k7#fy*W#BK0CDHCj^LU5t9x}Hhi1CS#{e%Q6^cH8N1 z(l#IkqrxG4!Xv>xC@l!CXqm1^*e{Dgl-mfH59tUf6(n9mz7BP$uk3;iWjk=G#S-V< zzi83+YEqR{ecVo6m-wk;osflI@r~BNsOn8OP=|Cv_nxU!>4$xN+*{BAzDo;AG!req zX`O&yH9F_8$fRG7v<~5n3hqP}ECi$o!;n0R46qjkl4}T*l0+AAfy|;f6=wH9uZa2F z5poNzdc5{y5h_J!#Qa*`D!pudc@Xp`_^Qa{LepjiT(nTDOg$u#iUp2CCyj1xbcxZK z&bivG2Py_Fx2ASs9U0eS<)e~%Wocu3_ZXeEqSMv4l5(O{e|~AWZ!Eok%k|6h#`{fi zy0}c3c61``eUsYTC?wU#Cy*}JsR_1S)w<5A#C9`?9k}j`+93%Gf8xwQ9hZnc?8bXoH~;DLiu}AratNP?`waFCJF1rB z>3xR;Gt^I5en}h6WGvIu&F?{Zz-7{tbYJmSZ)l%l+L3~I zW3pqzj*#5f96HeJM0cVJDIDk9jp{B3&vjl(>E91k%n@i8O1?JQUY z(-({o89chs^ztn`0#j;%^FiwSIgNI#Jf|Ctv8n3(kTs7BDzxQ9&A*2|ie()3dAM8tN35P}1Gawi)eX0SYYO zVSq;NKM{V6BEt))+zk)Q+86G>N!NbWz{5P!nl#k%# z)@tTW3yzHOz&Iz%x(aTua?MrzQVMBweEggZ?D%aHi^Rz6y&y~FZPNI$VVEv6L#e^@Qy9z>JhM(7hSEc!!vyY7&?kVKUd{7w9$viRp z`BZpAmcBoKhM)Pj&&i&Bt_44ZFvq~sQR{Xm!x^GF_D;JkdmB#eS|`WI*XJE0-gI@i z??u7b22Lz_F5!C&IT}udLJY@h#1x}iwL9DENsq_Mdra*1PCQ}oY^4SOekA=j=L;v+ z3<?Z^Gf*@>^)ux84Nh*!!IP)Fs1@#%kg6JvyuKVkXXV729P)hwN`NQd)=))Qg+*E==^$fGUPBXiJG^ zee%X|@LfnA)s~d?B}kCQeJ8mspin{MgCX~iak1ocxnW6yu?g_$Gz|q=Q>|SH8u1USwNJGM(@g8pzzV4M zuJ6S~+N6@FfE14(N5}-}x=^sg$;b>lUcdk3FK(QKfEVkH~miS%;n3@Rg&EArpsV-QAij^#D+m?}ZX_F`} ze|G*QJ#*@dD$Q_LX0%zxm@xrUB1kYiR(0{18whMJRv{gD8OKg{IM-TkW-Zr)mcT}x zluAmOXggUVpL&?Ra(X^LT7z9ytNh-gi8duJ0jDbP{YXAN_;MRnbE>9=^>~g$>B%v# z0t5AJU;A5(Dm4QLzkp(rvjvdx+GPDCNVlyF{VBm+$4Cy>_ire=qtc>^UzaXS4Gtg%HOr1x?oVOO77&iQdnazk4$6 z-?GDq;4-5TQ>3h@Em3C&0|rgCof-~&|0Jr8iXjB<8}?sSs$m_(i8>R6u|3O$-X=Eq z-ZQ3L27uwvqFDM4X{C9U&^MS(ba?QMUdD)q1Ie4 zi>@*CQ0ECHjB*SSbLTY#U#!3_Y;x=n>Nr7LE_eM-;NQ=LztIhT!+mGEzzD{4P({3} z$p7%_vEjby4RzEPMiS_r|F2;7JnU=dGpQJdaLl43?#lP`zb1Djbe-$<_G!7=@e6*| z58t1?Sd|0SZYdDChEATn(`ev!%G8U4kxgfSsv~#OT!eLofyv#YKyDkSjHBaf>+v_F z;hn+r5ufZg_2u0tG7h}$OF61{?YX`w&N$y_P-isF}-ox=?FPxv17srXhaB_!{ zfez09Uo5joraA&sFn8v=$;xkLslhiNU|JlNd(^~-K<>zvtrmcnAhFclVEo+kRoIwr z*dEz?aVr7r;?n#^g&u#9NYv`_s#r?Du&|GFUgp0sr!b}%cvqSMFBff|f-eUO(E!mh zWM)6vo)u;wKSV7&CHzw{GHq95=$tiA6z1Z75Ys5@HX0jO?dbA$53%#F%g<*fXOI{W zYIsThU1U}7{O2UD+GPW{rn`6X`}p7fB6H>ib6W^C6{UL8`J{UeLB#YwkWGu-*2*e5 zI)&l;c$8>!F|V~wy_u7~uK>n+pR8UH_OL*+5QQ^O$=dvC3gwEmCfj2YVN9grm=?nvhQf|eK;vXi)nSw~$*}l0 zO=$O`hM=1HOUq>{Z>*No7!X+nM)C*2x!m1t9|@PeJmh_YWsb;-3WFzcn9%xGGf;V# z3;gcvrZWa*>lczF>-?;AGKip%dYGDGwb~o;coZzqrnGdYfh}0v-Gq-q+82gxb85qI z&@08TkJ3M?6}`}#2EQp8=oKE^riV9jifPKy_A`>({a{}xlV1(g?mpKE){>*IUPWwT zdPGJEHb))Qh8UKFyU?vCnk`c>%JV@zI&{h#6bROA^m?X^Z($6lRpEI_6m|`$dd0}t zDDC(7Pmti_M2eQ(|7!BLQ8D${AxWO`V|0nP5MVb(B_XMkdWqHRYVR?z4e7rVM`hTb zbUo!Tq*i=3eqi|13f~6b`Pt)Sgp-bD?sf?L{Sk{~zC+f-{$)Eg6_oyvl$xW^D{F1XYu!)PEr5)Sl@(}j$XKa* zCAD99(p|Hil}2>DW>N>>0t}jE7(;V2&n-4vu>cW16}Sik_(9c6Y@~hq@~|t6MKHb9 zSRl8UD0T=Kq=D>7e9?S4J==z4DfB%8T^&va+0nrsT@F%Df>MjBV7)&f+7Q2#mVBAh zc-p@n3RAAKO{!>R+n6OW;mE2;VLYq;S^|IK|&oLgaob*GU%Gi&M)eW`gr0 z=@NDfG`TgAXYlQYLAhze9@_;+{DS5flkgbpHsj@lC6wXTz>?K z6=zow@>q0>6`A4S*F*FvyTP!`(Nyz#jbf1YIr5M^w0nX>SG~P$h}3&;l(7JXa-@S0 zjTn%dECm5eQ1Z?Pmwcr$sI(}{zSJ;vTY>m3>eS{m2nBi>ML&#s-K0C&V%89Iix=%Q z%Ht$O4imvmFnE(wv@3uQccS7Q1Jg5I7jl>KZ!V3DIkYC^A2Q=9)PnxMC=~^aY!Jxp zg*3`u@tQwbx=m4pVz%!v0xHp9^JS-9k5V(19zeo0B5B-*VFSd2V`V*ng1?sJkT4ke7>0eRr zJcW0^X5WLez@H%GsoI2dMRm7e(As>VW3WzEsUtATC}U3Nzp+h4YM5k*ia@$wh58cO zgSndTg7O?y8{VkZ82(qH1bSwXURgAs0J))_YxV^6=9sh zueL=Vi{UpiE8Hj%_=8e9oko*-)%9!&k)>P~mt?}nIjq~I6nG{!6~dyn6AcUn5g=k~ ztTwD&zwf6mQpjesK%U8q<6F~n0r~SO$hPSt4})l(4yHv@J8D{*PWkrkhp1{_#aX-X z$Cz+dh2X|C#r{4IK+RS|ESgmBd6F7tz(HuP2e{WFr|F}c-Pe}?KzB#wJXTlLmzUX> zbYnSOD_poD-$ix4H>|g!*jAJw#hRR3u3L=IAr5+503knOpSICMMRVa8^!_}67fCook?xmf zR#t63;a@FN?Wf^~^fYBK^kR#WI~hp2Jd4zbvcGBEhy~`P&7 zfzb#&7hZlp#%Ayq@@q=A@iordsz?hlrmNS)dY@J3^&8E$XHC|noftWQS74SFhN8w) zR{^v;U1s`<%b2|T$P6s@6%r>!TUz`=e%O(CHQ?AK&6{ScaHa95Q26zAYK7rxxMs_o z1M7D8EZKyLu_(x$3DIQyh_4Dv(vKI%H*rn@Iz3=kvDASh8~(Xnxn!N|-k7xfgO9%! zC(llAyi$(gXBUCb6nX7fH!*O(1@hdM>Qehykr@Y+-cuM;=WSa5{f?bEbKh~1Js@2( z2QP?zn0KX04mr<-X`_FA*5K7isrwRBr}r4FX4V?@8Q>qcrBh*_L^Vyny#Gw|{_a-S z$rvY#U$rBD=p}a3x$+z*VLxD|Tdk=l#POlU|CtBQM-70?2|9o)g`~Q>-d{k_q>Gt>IcGHNONk^SZ3equ5-jweUrxY7 zgn{dUfbao}cc$?O(S_hIpu#tYZAP=EVHXu!8h-Eyu~?xfcOD&5k$Kp*Cj z?vGb(3+Mmbz4VJ$mg4yb9)Pc@kpN{snL1Lfbu2`btXTTOJ|@(sW z(0%sR%WSLsUldDhaxO`pXuhNU*A7F!PHNt5yS`!lyH%tr@!P(L=tQZPGon_zq=9JM z%9~f8tul^ld&HUpzRAxL{pSRxUa#+>2b+(~p2XsjzaMYN7KmXL`UVVO1LH#%pm{{k zwxCFx84YZJO|FXT#+muxf4cMK;}_AgTpfFD^N{W|%*D!|3kWFc#>jQuv(j?H9040| z$mjMRxOLs@<+7*FHS9uO^Y}t*s}DUNOgS#WDKe$9CLP5D)|7> zoj06M1tipm8Sm5!72ssI3C#A~79Ut=i|v8$9Q`rgW3$1q_&2x*^i5-uy4}Bir*R`b zQ}<*u4>OUA-#X^?y=Hy6-vUqDu5Gb68<;Z|{NU2B-_Mezl4tueC{tV=Q3aM+agvUb zV>y!-dI+oVNfDW`@&=SFsTSObjyV@-%l%Cqo(*OSCGrnMiA$EOwLr9$=k|_m{tzy7 zPJh|pMX7@XS@&GrtcqF&6GYI%m}rb^3FHoq7bL&x5ipb=M>7xQN2RvWnZgr$3LS;+ zK>#;=vBYte*J_EFj;D$}Am=2shg`I#3=_8#9IOUo-zG)w-IRyBG7R^cSDYR=_7U>D zm`V8tb7C-aWE#XX_*D4OjS(W-q+PGvV_8LjJKj{Z%YU%+D0#Oa+TG|@P&he5HtVDU z81X4GXLnS;>wsfVNM>2b_nwTV&P-BF^N#I5H=Oumt8g!QvQ3vlVY@ zVTxkL1TcvxvQzdQ_h{v)+KhyA!Xq`Mb0}xzKXB*|KXJWPd{n#tE3Y+B%13%jp5pc9 z+;~6ocpgfX;yuf9az*2Z)7SJj+9W?oX{Jg3p*EQu%|G~ZN~e#^Cv`8L1F2DpIzGos zbs~y%0uvlcI!&8($kcnKSa>riUwUSN8T#%5Fw=`y4UUuWR zR<`Uec%;rtm#?_`7|h{qk>wo4*$ItvPUpf3V!fcCp-9!2;LTr(aE^hNe=B${2$ln8 z0XkhFyrZ%T1&RO;8q+Pv9!Q0)Zj26lTVA7 z+5+jn6d?yfhpGd#hb*NS!qR|-!pdOxX)!P8`m*jcsFeY^V#PxytYB4=Tm2W8EKfxu zB6-QlLr2R!c4qLjd~G?Uj)ROO19e1}KZTAb7CJOW37&9Ay!!-s;|-rL)Y9>oycG)?$1Ix`>HM!& zj(MFj7BGF#^{r!$d?#P97{`H(yPu_$MP)X0$0E{M@m1?Boy|}=K{njaX;k5M135@& zq}Z%T^I}dbz25L_DzG7P&q)GRJWIXNFy&S}Q<`XzJ}~v+zT6ViA~H-x-BIWpk{67; zjjvTj5QwQ1GxJunBClcJD5*Uoopj3clx`Q)&=2)O;ku-4%U>B8HbEalCd1p)23@e?P4g=R5yko zCAk%OJg133$VnOmz{A`CI%hq}Sd+lM<@*lY#$8O^K0ccCJ6(MB2;7yiZ^UNaDCr|j zLw`z$Wy51kr_-T%CPoCkBQ!~vYN}s$BD&B8sPin)WE!L7C1zwsgWOFWHffe9D=4Rm zEs3PZE7Ht-EMKIIp|b{a=`xiK0r6_MykyD{&dTNw(j*Z)&LLmgcB{%$JPPkqs;%9w zew>Wzi7Jn}eG|a_u}uI`1HppwbV-fm?g*l7@{R^H4!AW1CnAHrXx_4m6GhHoQkKDC zHio`_r`smCV0B-aPU~NG9Bi>b*jVH{`MQm%C`wM&AY%w`Ye1T^90C&-Y)u|niq(}g z;xc}FO+*kBX^Qy1GhHjnj|Q6Qm^2&lV~~9fePfTb+YuFA&^^@w1Uohzv%OtbuV1~b z7$8DB&&nu~`GR?G(u_dRVYJrKcnM3Rwf#;T)!w8`RySqA)fz$bbTYOe6aw`Ra5H<_ z7{otE?0TpVJ4Xk~ySa%=j;wAC{9|x)4Ok4rj?C_VAh8#6d@s;*E-! zvOP9&v8jK9nNy9Sv&QhR?IbSecl-q=h#=MLrYC4HJs^HzF5vHW6m3-g`?0*G1*k-q zjmDoLksCuIzg9S8lkm?Bhdd+zQU~5SZYNv@{u#lMoS&$MwZV|?49bH&V0e24QkvjP z^|lVD{49|(ThP5^PF;cCmpR|k2b$(69^=8=Bzzj?cO@hbQe4oy7OM~!8rcRecRaqL zA&vE)GDe0p!{+wOA|*#xone1(+0>u=p~9(o`>RN&=4<~-@e~KKLq1iFo&1H z%e~4~uL`IeUfx?m#rOXo5K*1I^;Kk4^Svh*QfVBXiqvH*Mr_^3)chPB7=OC^eRn^u z;3k(<^_p|;EGZYQxQMj0=#~;mNnAuAN^G)w*y`uTUg2H}a+qBa2R!0llxeLcBhqFJ z)kynTjJ)4nP++{qpFob)|KZ~&$UjoXHt@>&i!W1G-v*)Hxl2n<3|qBR07e3YS1FCD z%1ljf>LlRjLKZmLZLHSZQN8;h8N}BE?iMTsX}C#}BFze_02_=s@x>3{6REwa52-oC zn4Kv#H*lzpw7sqA@j^FxUb5x98a(WN=><7HKOr+dFH%On)1U0>{7kZ>>n2%f_(C3M zInRsSCl^2il&#C2>lOrDRrS(n883iA>OkptE0OdwU&tw>M^CIS*$Z2(15wl4j3OX}+m8t}^}&q>>+Vm?K_T5YTcQ)HZL>PfTF**U$Br=_OoVHX6%qB{*f9COI1E!Cupx9$}h+ zs`zEoiG8?B*PABS&4=a;`HF`HjmVOQ%)vgLu4`0{CL+wj7-AOr;GIriN`=&a-*H(X z(|0_J*3X9rO|d;d(na#hq2c~Q%vO&qK7y+m$R)bs3}ZQ_C+@9OlP!uIL=Fj=NGVek z2B*l(HR7i;pey17<(U=g?>g#V!W!#@A3|%szGd3@18fKL>rNKii9wQdc{o-P(oMw5wHN1^B zzc>ZvttDP(Yl2*viX`QrG_zn4i%85RuW4GY17U+s(j$!w_%B&9iZ!?0=_aYjSx{PM zwJpl@#hTr!;<86btfeG7+Ne#~ab$*o&Wu%Nk%hug%o(OH#}jNHPx&6m1r~~^jMLP3 zVo+yo3UD=5*SlYQN?iqV9N`J+Y^b@aaS=QMmy2=AgJ(qGP;#UYkd5%T$!!s{N7I$^ z58P+W^9r~nef$|h&w$!81)#D}7ul1)Eon^W;9s&tXljUIW0+PnJv1%}ZNG38;_vsCr^DJ^uO|^)bfe9I) zLh;2Z_Uyzjs|OkOXl`iRW3wcIRZ3iyE=6C4Dq$UMmx3H4O-)?^Bl~(NP!;qCx!Qm~ zpxYl`oXE3W9(Mm~@K-G5pf>FBIkt;Ka{S!9QYo|hR}C9y`hR{R&#NAKL^D8&&p}w` zG4wn2v&!3z#;7;G-vjHsMr78pTDmsUo^a=vjYiKX9M(ou+K7kwC!5v!(>#V^$HuxH zdBd@g+2YZM zDyRx?!YAwF_?67&AzSH70K6r@RB=NEMMRb3xkhRAEqg9)c}`*xvwXpT3wc=f8rHfl zoUi1LmIINuGs3EGq2Q<5Z>*-5SGTQitie!}vYghDM2Z+We|GV`*2P9FEmmL%HIEnM7~Va>OTb{iDO5P9qs@Xm6;is5 ztWxP4ZtT5h&bHnc2>3xV8mUwXxmR=g(H4oWR$vFzN@2^oNtt-F+2NSA=j|qenxAN9 zgX;-b^hAm)BH$pI8-dHtNp_o zVd1y~yn-HR0?= zx`n8LV%ds>u2JsYP+OiWzdZ^8fbE-A>tv@YQ~vejPGNjFHJ51kOOYApLON%*;)g#7 zSX}zR5C==%7=<>AVW*X<@=QONGD*J71`@V66$0LJ4(+`qUp+3rD_7a63hU#jcr2T$ z_;RJa8(=Lwtsd4CfF@ZNZWkmE?s{$ks+4qsoLroppE(s^tT2xTjg+Aj?BV(E75(pY z_4yKkPssz^HSZTJW!n18V^ux|gcS&a;F__SI%Rx`<$~3Wb`noll5yn0tW2(yC6uSg za)1#mogi=UiZpfQBq$jIGPIPoS2U6>p$XL1)&`^cu_Hr6^V*U88rrJRL|ZO!?d(zeRWy|dUHE`O@5UBnRLcYGU#+W_xNjPcunp){r8<=qtVG+ z9l#(K*&?eNmcnRYnF6(-KBz?spcYxvK)U1$$m~UJ$77pL-C^0`qew$?q#W5t2(!;V z(q$rPe3aK^I)f4mE-)H7mBgrpTFNcl*%1uAzN7sBZxEZ?pxBs8*_^sdlZ4};gj|v% z@83rzYTSViIWoT=X(d}-4L*)e5P|Y?Y!QLl=O-qZSYwAA;VjoB#A!0HeP=N`eEsTBhoe01>+02ZRgZfBnDkZ`Fu6EUz5?rB(zTm#AWkF%2(mmc zbm@SVh*nrYA$AcMRh@Px=0wBg$_^gsx(qbxm16QOHD&%-J56(sL(wM}K3YeFIv%qF zYC-Me9j|N)DR9nF{)z?33Z8pcqzydgna=rd>L5XkRN5=h8KUU4p08?sp?VJ!^W0kI zUe~^1V>DDi*anGQ$GEaovH<0-^SMj>}BrR^dJyz2$KgcPPI|s;^oVl=x5I?;0ZSv zvx6_&9+eR+Q84_|{?XJ^4qkbJH1KA10b_le)_# zq&`RRR>(DeqO zeu7giR&8}F7?!F!pw-WUrBk^$Gc9WY6YBuF{wEl(jqq+wA`0-)6G9Id&339)t%7wM zp#Mjb>fMfRdViUaac^{gb<^*X+gGIfra$a78qeFLi*C0qlkdn=O5+DWgQ;=S zEHB6qyDfrIqabCcNNQHe+hLmw6yNX zT$o4@DGM%JCJ{~7+9-R{BukM>1x2!`5DJJYF{V`1Qdr+8(_zU{Z$Ud9H zJ0P=z9QOvj&PlEP6kqEM$^Ec@J0yeN;Ho!Peh#@PWCL*fK34CIuRf`ZolYFiGJ(bMHD)y0N2hFm-V z6WW)t91PdxJ828Ry-G1t5TTNXWdJX(WZ?3amxO#2X%s&45SP_o6STCv>8Zu+_a+1? zy7pi7d)MTucXRu`(dY*Z(_wBn3l=$xvz+m`NrobQr0XV`Jo5ZEmSP(OPf>OGjpl0B zMcX&vQeDuDu$TgMA`t*XcESX)(t56l;;u%@8T~+$Vt#8&c(oIY2-*pvoY)q7U@#_Np z&h1H;Qt10dOwkOOH67_G3{#dtjm4ZrELn(Hr${P?>5}ruHY<6#%jO;1s7(Y=9by@Ro zmgRIB@oZsPP5EWuCDvWqwXvOYzdBJw#`R;lqDkXPv8qli;#Tk80v0t(!zue(vm#;X z3N2QO4eDWunKhfis%W8GeG{ZRQ`^*_Dy9se3$R>ASh!h|wu%*Q2p~twa-pIn%Y^xl zJ;~A{$NZ$?69LXucCxsk%{*4c$++B&OTcrSD<1-AW2S~i?_S|l@f9OKyf}US^0e0_ z$I6H2)6AOAG96r^3n7?vwhW!4Wdg&tSBW&KRCC43crU;NB3ofdQ+ZGqXJ;3uFTRIi zdFF`SU#wYn#p!i)yIq99Ujz(KJAnc%$DE&R*@C5oI0gTVU5kW5xaj5$?gKq+->7<4 z_5PU^PJXBe2?ZhG5Syh&t zxewzjwZ%(Ho~bMooEEUDXfQ|%AnbRoRwGGg;VWY%1m^(l9K5$Xhz?y-*Pyt0DXmm3*-M1Fl8QXf!6{y#wf{ReT52 zH&-#_SSrng(xPn#GHF(uw}BP>v_rz_)(PM-!5h}F@`*dDt-_)D9jUorY}eL36IZ>@ zb@lUJSY-R<}%^0)hr{OhM$mHh`>!a$AH#kwxNdS5f+ z>2#S*hOGABq8DycTflv($r)Jtg*<=O+R z0b<}2a5_D!|Dp!1YP21bX) z`GVz;Wrjf=myO1eV@RGAaY&b7B33~{O=l6Ca_RgUhD|#^eMB)IIaRP_Cr9n==HcOP zb9mVTUT3)8VyC|9-MsGK51QoFxHIhbnxuc%x%ml$W^V5P-Wy!q-j81&bdc(8&HH2( z$gL#z4X#YS_Oc9W;tHow=q;om!bbG*a{nWP#}+?SirxTZAq-O1g8h6h)uG%5`fB1z zeh@*(RBd#xA-uC2F+oTxNcG2LFL*G?TM)?4n#S;yZpLA&2A)CEL7bV@z>F4f{?trT zT`ORZg9|5Go6r$Cv3m5u6yr#H@BnSctURaovWK3d1V{k zy^;UCxw(DcAHHsq-n-tA^k0$w@YU^j(7RSm`eQP>olN>D5FJtFOpBi-BK zr1!V`-tey9xzSDk3e59VzVHl2a3?4Es(&|WlB@ekf7qK$nq({|ao=l_*SELV@B245 zO(e`+zuO;mAfco4u0MP|vD3YK)BA~Z#{Ef;bS9)TB>lmlcir#Y_3S{pJxwq9)*ZQf z)43zBd&Axs`jijUFmXMfkx8vX@7g$bl%vb;QBMZ)^RT3_z+;`{tX)*#k&kUgkyJic zXjrxQqe_^V7RtZ1qb(W@w!0#my0VQ`U|5+=l)PRUd1O(9i0b?JI=B11UiZd>&hV$b z15a$+4hs8IHs^7yOkfimB(6kMb;CpOf{Omu_NW1VkF<~l?LSeYa5smmI3i&RwSj+j)Fh+0xtAWIMp zd=Y4iHTp{%1kb(;Dk8ap$g-vhFO8)(2lWbb02@wN9P%8{8tgo?2we5PX5@wBvn*3m ztgG}o8>Cr7?J|5V94(qjRksotT~azQ1hTAhkT0thG$pIkS)7;|uTSV4@P$AEdU1Bv zJUcrhtVo4c<3Cr5V$9EEjX8(4HX&jw5M+D12Jv3_^;t zVk)^Dra@@4ru7Rg=VFG-#dGyTPOqY-?W4eD$+6_2M5_{@zV+N6RtVK78VxsOzP zD&+*G8}g<>@GVgp5W6(+IVmD(=sF&^z0jPK%%2`Oh%8Vg)muNEXaNJ;-l(wzpBCVo6*Z^r^GKCjiuDE0C@P54E`yV(M-E@@GG2g6l3$>`nmvP-X4^*dM;Wz8y3g z7j1{POaS_&NH<0Yx_e|O@`V!eO1W_e<_uA4aLgch48*99`h4i9aWr(hX0TaGi%$<@ ztT95D@HLr}uX%|e1GSM-s!5Yja&(RN`4L$%8e?uZm0J+lDY7S_OMn2-locdx0S4_h ztXkM~0+aT(f&k)X4lQY}q%Rt~RyFT>+W}{2x!~i1IrvUS5|ryG(%hGwuD`nMbZum( zLwp0*e=Oes89%Y)uZ$m0jeN7s938LS^{~PwifPD-PaeoU~-@wkTqiA^;CF z;wt&NS+AiSpP%?z%CS1*PTn$)Rmc)2r%M>I- zk;`R;EH^D3n~0ib-9j7)1N@0ep}R0tRV2MbDO4iNeYwrF%lGy|Wh(zlj#mB_cqtiv zhJ{JQ*qCgw#b*_?rLH7d72^E?yMXF1X!`(s;2Bg`&;c|}9jV!b=xTX}nuxZV^MEJ7 z_cFSI+82$+Kh7^+w4OaXJ8zvoC&y>sonD-spPw`u-#9;fx@?70+KTB)@-dN~j(eT! zL9e|Gzj>;kv$M0a?_Rus|DTA+-<&^t{@sgKV_p@VfsJwD)SR(>s;VTA-+^0;zIFmtc8carUSJGffp3sSib= z@wQ})rojTs20hZXGV3f@l*kvC1~8T(kPep$c=jL{^4o98C}ki=WjtqDqoqdPjYJV5 zJY~+vv-WxWqWp|Lz^&y>O@$*W`f2g4(px}t8i{$k(IUfF6HshfYI@&JGn?nlR#2`a zNtx7f&=CL^A|i$935U9Dojk7UjIKqIx&<}hkU@+?xi6K?VDrNfrj*ZBm86^N&IkeS zVIk(JD3YwHIzmHRPN#rXVl-H%kcSCDRv5algA9yjAYv%$0Xk?dQhBOtdVyuHp>vy% zS3=eJ)ILj~9&9>uuT7@?pBYjfJ#QWwZm)5exc+YXOHZ5 z*sB}X>T&lROTEB%OWn{cVJY3-O$XYLB8dbI$#FmbOGZSZBnCNG$$YR3GK~?My2u#8 z*G}XI<)OP*!M9L{9B?IyG=SR%_qY?&Yj-kk4X3ad=s2 z+gP%kN}hJvAdtj%NouxOLnX)149>+5J_S;S-VVUvV0dXpxwIagsgt zsr2u+uSPKZ?3blhX=;*M@|JA0$SrEyQnA6W>nj%Hep7Vcs+zi>!`YNHGb|;Gw%gDv zASnjs1mAgH6x6@~TTT7H(VCF3{5FwwfbsSsBQgm2@ zw<*))2^QipCap2V=bW8i%Kx6#bd76N@&K1L01~TOF*J%qKyxVp)d~1r@Kx0P{5#0` z!4nJm8~Xc1Nq^JmK3&w`(Bq-9{(jx;7WOyv^90iVX9@dVUBrOrB%m?aQEX63VN(BV ztvYDJIz(T9&+Vr)1nOay(11yX-Wl{JqfWQ?pZnh{niT2+(dB&bUzLkyKN+7WuCciV z1XyIBd-3gkAMc{6yP5w$G<9W>8T!xOv6Ro&{>YWzWrw>A1_^jpG+cs!wt~L)_i^J0?qgm@K1shqKRQ+U*Yfet z%XLdRbAMLUT(UU7Y&8BqvS86t=W5$#q}57_bT0p&M=FRm5X&Vd94!UZd{G7Xek`Ue zjakm15N9G{$O5aY`-6)FF*xwSOa-aKC)-$NrN~7V&`9NKp>NbCMA*R-s6$yO++;Z- zLf(j!|0WOx1gEz_$=F2?8ah))Ez2&QgR{4BZq%`vLVVNipCq z5m~MR^pyi$8v;ZS6loi#2aZ9FUR<3Qa{Yh)%%{tiEyC1FvgBvGesU$I{I}B}d64X0 zK0Seq?8&%mQhpLVv(_cTx2h}Nplmw`H zSGzXQ*akrdf&ya(#Z}`x6_GY>X|v6#ycJA=E=gt2$!jOwCO@fx>!1jDv}q`ge%eK^ zJY>?PGa4{CyH`3h(|^=7PL0q}`9z(-kvyj@KBWQdD=SaPS;+g3M{Le|k`2Onx+F6iWefxg8s5gy zdMrdPuf1%Yx-RXX~eb*b0``11A!=!ijx__;Iy;r{u zdv_nM`on85$o9LkX~u4NTzpirOcAk5GA`my)&U^`GJ+YV`vJC4wxMAvf4$FGy5adO zgV#4aRYq5w6|(pNP2gV{3sROVlcZYJF0z=hh-_5Grp-`Y<#bAewni~R*7opy*5=~W z2${|YcC57GcByPBr=^vqcgS>SEi8oD>He^NOWY z)u70jk>|$xU42D_jTRa37_z`k$2PbGDQ$mWK$5rA1Ga z1wjC96Yv&9>x~jB&oqV|3)_trxn9R~$pa~cV!oM@iZIUDY4~F-9%BUg$~0@9!4>gO zc}YH5blr-jE6yI>;5rAl31x}4AHn;1KXviHH@(iJH@v;;O`awSczgWs*~NFyUzFp2 zzx(d|&-mZ3@$=8q)BnCC-;!gMIuViq%~{H6l#!M^7Z{t5;hHB6)BMGE&%SH*FP=Gn z`mf{ef1Qx7NYcciMrsPa2JH$yLfIRHx`-aYj&Cq>Kw_=8!J0i&w-5it{abzo0o3 zuzDmsRw1$Ksv^(YXYDgDFc#%B3m>vk!BsM5hJDDpLZg>#Qi7aVS`+~97A78=h5JU; zLJ+F{8pqGSM1X5*BVi*I+56~CUg;I6_RawkOY!GNa0f?Qmf*fG1%CdT1?1v;=-_+ZfqeD6 z{R2FI{v(WS^ zPg+_i9rz1ue*6xP=kD$|e^k4F3;(a)|9raq5XcFCNa(}quLX?^hH`sNm(k&O%#Qp2 z{Os9x{{4S(e)i(e{GYG#+;F27@qY+oYsT%YN`e+la29i|~ z#Vpk+rcMeS6s9;%3+ebc;=es}K`Tw(LFDm(; zFJD|d|C9fJjUOq5$%FslgKH2YB%)ImU6P|t8Z3Cu0L6o3s4qc~U&>}Ig$iHD!9wpY zxC4`VMyM_~8IaqF4zAL+y+@Hgu$06iWNq0AU4}28u1xuJObrX{`+Fc^e%-$Z_=v1(aQ zI1B}q&oxE_X3$1ro)J;xNs(K~UiI)VnU<}$Qp(aqThMEW;*#a<hm>vO(Q>nB)ShSt9(1Da)^@gW07b3gN^sgb~)s%hsKf7BOI) zIeC^xU{+2<#-%Q~xZj!N9Xm+=REM2tt0zJgaLR%;r3$Sxn6*nP-kzqiR=y)goSt{D`l=h*}vQx z^$4EjJf0U=Qw$Uo1og}pEPaZ#Oc@;Rt|;Ps8><;(I|2>sSkBOZE~zd{;obO-8Yv<) z9W`nPOJ#Uk<_KOpMVOjDh;_@}z{uw?#KRa7C5oHQ~ zhp-z99h3{wK8KH;wCxyccTnxYS5CG)h%tbchtLE22JG5(&a!re7-%pTv4&F05b~0L zWZ5O@HOZ(+?waIvlMI^VN1#z69$DHFvsV5HNFPWA*_t=Wh&Ra{Z<5!%Nd~-0e&nA( z5^$IuzD?k@ZA2-OgejOgs1&_pi)`N^*&lj~?4*U-7%oZdCfTq{4%ry&3+xOh@@=ce zQ{-ZT&FYw$^VnvBd?HIz!FRi4?jAI&zxD8$8`W33gQh}6jK)qk^>RY#oKd#7%2Jl=b7ie>E>T&dOP3=Wma?&$tL=aC9I8L>2Aajw*aZR14^ z8MsJc-zSObV1saquhA6)@RIWD#|ESuWAv!gA&LUP`|*Z5A%HfhW7ZN8R;1CbB;Y|j zGFVU(mghT8mSh|iuOi3FUpD%)?$DKz=-f3!-ooM)PX)S*r4$EvQu`mooG;lwM7(>^ z_>vLXaKqy0$4!#c2S&7uhsEtj{=gF!a@rQ@{8awy^oD2o2QmAQ|Mo#++I)}$`S6>7 z2*C`bPuG0GJ|j$%4^@Wc;_X{=VY?nL&NrYf$v#u0d(m^Erd!L4196C!6jVQ@=ZeDspn&h@hIe8b+rsDEZz#<0Gm)ydOI+?LE#(cfpqQAmU8| z`O4np%b@x0(e0}{|GN(QPBxoB#>+ul6?h}WImdhM3f#5z?|tqpzBviQkIJ(VPRQ1C@BGZ`5fe@ zG+|r-lzY+V*U%#WX z_Uz964-bOk%aCGZv#AfIhV$x9f?(1%*>5`l88jy-_27N(Nh$H}eb*%B9!d)L-Muyk zfN!J(-rBZH6f*|DmWSlx>uFwhlP^f3Pdz#I&7I^?bCJhq@>GPWoW&<4OUEW0A4(VJ z)t!VR zg1UD zX-uO-$f-##1NT2;Q-(;(?g;%e}BdD*M}?!*JzXp^=xsd;JB zbaMA${pPwF{9P{s@%lPw7T^!)U+*<|)wVolIgrw$4I_>Uw&WkNF|n=p8t_uYJQwK> z4mU8Z>R84uR%gHQb-A50>MzFd?A$(s=amUmzs|PRQ*gck%Tpd?fN8cL^DDnm-mnh2 z_hEsR<_;HJ;-?Phf@+Khal-05TV}Q&L#%n>b9kZy?y`fIK+6gzQ4GR+xS5v>bW_-y zgW9FoZ`_))fk^gchW;yC76RC#Y(;kQN8JjiQ#xt~&Zsl$|HyWQzPn9#%%C&s6Q@=E z1XLq;IX-J1T@ghr$op~5(iM$%&!+UkmN}K1Y-Gr)OL^?e@9cltUqwZ>*nb*c^DUEr zb~~n`*9O~i)wY(K@3}M(?LI1^Xabl_TjRVj246NNs`a*u16w21lSvVQnE7&k$vz(2 zy>xE)RK3bwc~n1WD4dFo!AzmYE&tA!PGH_=XygCttiL~h{`~p#=g*&SzWKia00960 LLK9^C0LB9Vfo`Dc zVQyr3R8em|NM&qo0PMYeciXs?Fus5DQ{d5b&)9t=`YoQ!c((gHimW8s+LBh1lV;nV z9EgM@G!(%BNIPmfzt8?0+zWuuCjy!htw`T5z!>A#$wJ$v^2 z>|e;~PX)lCU!ig;|K;?H$Er{6zsZkg{0)z5=*2A=h%{$uPR4fM5c6H-vyIrYE3(P+OkJIvJUl#ve7OxHu|1(FO?Ekt)JdUE zSbCDPXp@RWtam3Y&6&(3SF9J|D7`IB>6&d>nx6zb(lF>gvCH1Y=`+`DMrEEd`58IJkX(_WbnY+39Kcmuww;V7mt)V|5kuNZ&#g^azW#L67h# z4SK}%67=-k^?wJ`+3U$*svFb~P|zd(zv(vq=2_4q1F_vQ8F8B6_rZr^$sDe~{`cRV zg=c5s>DR%Q@-(MBWfDM2sYanj`EY<}hj#%!Z;qbxBw^C;_&oeBJo`GhFW2=vJPpkH zH_!h)O$w%dN&@i6`M><;;-qmBeqWJmwxUIn6I^$)5)yV5i?%%;Wnu6Y zS!}o>ToFp%^>1%_D>ML?1)@z=w0Z9)+enr)@a-kxc=+70)bDpjP+d%2hzanoLDO5p|WJe^6G`&b; zl8RhoQ)MjTs~w5WYPnCL^IVXG(R)U6y;M{$RU}dsaZxDfI@$;xF@QVY=wX-)ab0Pm z1mS5U8C6V?XhYKo|6k^c$RZ^oB`m$?Qly#yEAqhe4M}*OCk*;_pmd2UqKzK@mZx0P zw~&lhdgVzh$OBC)Gx0tvQk-oLz^z1*hzE@y-Fw1Q-Gs(}DHOcl>H$&~F{P;7bz%OJ zZ3WDpk*JW#jw~ew+^ljY$=4;GzYbxq{7^8J1J((NvI2I~7XI3@E$pGov-4XX5R&jM zue3a?G&{Sz_~w?wYQGke|5cOcgiJ+D`ewbE47{b+9kEoOk@$+NXreRYZt3jc1vE_ed z6JQn873p*WqA$_w7mHoSu1LH*#|Qs0z8+oA$8d`c2e*TSvoyb+6!t_Y1HmgSo0=p8m=TamMA zQmlEZ-f;R_vlM1gG%{~RstJn2;uimIU&Zp}K%^_aE+njxZn+idEz2d3)LY4OCMQ{b zMb1g(&HO$Zrg0{?rgK|-7N+ZPnG|fxKZYsGuf99|?h-$Gar=i?QWV)0iNqFo9~Nyx z148K9*uEo?vC;Jv`8ObdL`Wj!nxz1Bh8=P)8vYLbBZrsCWYEG9}fXVh~Vkq^%cow!J4mbUoe`Qmxjo4pGqc3bX$;a z-n3!-My#h)>P0UHy%FpAhG&^wg7T@4{Y0!)D6)I5>exSXNV*YgW$uE7_`uRD@^6V) z69W&)^|KPCuxnufa+Yc;sPV05x=zHBCM46GnaWujF*|7$cn>Qxhv|GpGzq`nrF6@q zsTB8IvvwLu-u|6>-DXtMEz6n23;ragIbBl40{xFSA}O})>amYT13X__wi0qQ7!Ou! zl?%zPNJn3t(Q4h(e|IX4G^V^piD+wN&Y;&WgC{Lb-@F~rXv6%r_Yb{DKWlAW8~^@c z4+wpgF-c7;3V)bZ8Y^>iXXy(@e?!Cy{yqH2m0m6~NGRVLuBXsE&vJ(x56ys#>z%1P zV%sd=5tVB~LAH#hio_!QI@cc&ni8fvgwAwp*Zrfb!c5EQn?dX1@F>#@1dlpx?Q3|_ z?GtgJeRIk5Ct3Nl^{bZE)1TQDJoI4;fVi0ZKf*Pwe?`luogfGlllL6Ym=UR>RNY6= zU(RGo6D?{^h0L$Wccr@#?AR9|AD zWNWT+x%ge)pRrEf_?3Le?xNy`B@y$lv}(!Wm1n91@P*(;t5%JpnRRM)S?@I)4kb01@h5 z)gMp)9Ht^>dhj1Rc37o*vb&gc8aq5(6-lCp?U0cC_~UU6%F(n2qaHy$4bs1pwPYE| zr1-cae<$?e1Nr)IndE6seslKY*W@^;;cfn8#Jz{+KP~#s{`;X%j}~o&)&Kp*jCu7N zhp0*u)!qh?`HK1e4X|(5%=^_KOw(8`SHgf_}kxl zBxWm~w$c#Y(vI38KmHhe_2mO=eoDlwZ@NXDjbuL*T(bDO&@A^n+OW7tc)A{~Q{f&D zKeDK>!XqIXbe={@5$}cF4l>)*J<>)%0!w4^G=x0f>5o4GfL|G{npLH3izMe+!eIV$ zriFAN7ffyyp-PE})11YqxAVs#`7UFsi(Td$mckvBiI_w*)sl?Dp;=5snhQeVYrK(Z)3+4lE6o_ZU_AWq*3>Nt&)1`OOEm>yqEx(}Z08j)ZT})}wp1d#n6{ zugE$lN6`51B$q`Rku&ml!qfbioL1ZS^rfylZ+2t$f6JrKI~`MNAJ}s|K4r2`pJtCd zFuva8S1{3*w&fhrfMFFk`1|G7x@9dYtI&@BfAlr<>+c`*JIMcSSduZRzL5QURQ^A` ztlNK|pI%=4%K!ZmKj8oF`Syw^mV-f8GX=lfYP3Wfc7@!WZWRnaW?*Zq=|I6!7zU=@ zK`IVHW3Oxnmdp?xj+k3J9iso}0+RM(mL+1hW$9w2Sx#e`)6!(|Nh-pCkc2K-Vz^YAWsi1H`Iz7x10VVH z&%BgK*{<McZJ*Bu765zr`HYow|{x(8h_#_+03QhPwJbNZ6w?@*GYFSo<4qexETz zl}nnlwb5DR;3+W^iI!^avY6%!C+a`3V{Pfjc_H=W&dMiuDZQsWq02-+CnO*a76Y`m zqWYIq;Qy>OdeTxnx|mN{FWb&yJ55DS^Qu^tp}))M`igWepIz)Xi$-&v28=)Kr7n7C+YS|y<`ZYeazCF zeB%R{iMXHUykF~^IN|>j6^?ceR>g4U&DxG<##%7By{f!4hj(5fO8#%Z?x7qRbPzPl z8n5>19qg~Ee<*wXbOM6ETx8%14vt8js#ZkrZ1~W86O|{&Y1Ysylytm}29LthOO*Wh z<5lBzPS@neAImf9O!n3lwDCphC+g4QNq1z+>>CI4CqIQxI)^PJkJh%g03;mPt<{L&Q6=(7^fQdoTc|w@`=rEMuXvaKCB=Dh*b6X zwz$NG#!-~~o%~RUoYhs_*#C4kxxO1L+WPNYzv$l%I&DBrUcG-gncenVzw_Wq#5zPr za`Ja4^mqQEMA~Tw=Re-uz8{T8i&6jP{p(?W`hGf`4Tj@I|J7%qV4wT%VVr0nZu@`u zi2!Ig7(YJv;BLN{+>ZWh_I($F6{-SZKkqu7+pg$eG|NZdY7mbU-5s!~I z9NfAI4<OQ66X#9RUc>Vdq*J4UO3xL}f!~Pc>`9|zYoicgmb&p7y;E=~Dl;#zu{n?`|Y+Lk8 z=!L#KzCZLx^Vg&4^r?jKz>sBR%@fD{H1c<7X=Py2%dWbv~gF>yzGwr2}0@7_-**YC&u+m@~OQi_J+3GARV zwrXmB;LVign=7Yk28GArQ2_}**U;c)ynp;r%T4&%1FM|og$gqfd)-P#W1cdlrcx}K z|Gk!mU$MN}Wd=P}qLsauZPGY)^qSGw(}vZjYZ5o~hG`^X46?2M%%)ramHYe~N1^bV zC3H7ukw{~u$M@AfOmY#scbDEPE%AsVckj;p?^cv2g=CA3WNIUl_={g1-f z#p!3F?DB~iyN6i5TT!IBa{5D>#^i|o;Aln}^cU_89D7n@FT(2h=NZ9<`dtq!p z(+GaZ+s`&ciKSM;?yCU3j+&vI4GrQ}ZzQB?ofDDeCw#d*F;RZima14{J07LB#m^7Q zJ!cP0qF?w)BG!k1!nV56FANvNHa-d%wEFoWdq}dALdg@w#BdgK`13Io{xZlr z3?d@+T8fOP>O>g7r$bQh`QqoF2$IJGkYNMl$`ZAQMSK(}kBEKt0eBc`=F?|1z5cCk^A|T@%i7)_9rs542mMfB+Bji?^-R8QqbG>`Gb)Z_JRw2JX8HR!}Y>|KMSL|I|} z#%!kjdnW0cc^OUjPW*8C(_drRKmYd>`fn0LefAyj82x|ttQP-$etPk1{{LU*SIhs8 zM8eRupE&N%Y@@W!ZQAXXei;qlcPI49C$>bv-yzbEMvQd+Z-;c=cYgX%LeG)D*L0K5 zq{u}ik}I+pSO)<#P`BWvo`4*G-8C>PL0Fdg-1`ak|MIYj?+rgC*s76V9o`bjSn@uyt{kLG_n zuhakYi|4=Q|M*3It@M8?;uhN9X(5WRBRWA#5N>C~l5MCqCmSI?bgl?&9aTgTQ|c!R z2=6?F+FKQhBkpYz>D0)3r=7lc41xa&Vsrl#T9E$~;@>uQ^iP$PReuUUEe#!hT}d1E zr$7GjwD;Yg|L>pv{HL%U(CNSXz;;1B>b02_@ALBFkwf{+4res`ggjRVB2L?4O?#vR zB}DWBw#G;|;-ed}(XDaOKX**@r^aDc<6L{6B}nTt2!sC=0kS3=@D=%EM{PP?(&{#WJ+@_d_m1FTz2xXVJTS_Jc)U_CK-)B z&^1%86qqV95O0avuq1&hCV2Jpbluf#7R~uR19xoiIZfl>E0VG`W|%+9BwO*1HpT1z zISz@Yf{)va_-(kPAA;Y8`8ErF`~L@DkvCLwQ7AIH z9;zVBr1%Sq@*w0fqbJx-ioXQWeGg@(fG@Z2qeK+(`;2}#+0vA+n8Nf~|6C-tdHzlO z{7*Q>Bl*9+IX`<=JO3A#m%r-&evzNy2^JehG~GwRig0C%X2qmPV}{iU`WcNjjGTw3 z_H9Ul3TsjQnf5o>w!NVh($2%vF8L3d7F6!Y`RVDimgZ&6&yYgbp^)nn1ByBUP!_}4 z?VR+-*JLmmUymRc0C_o?k-Pb@OJ+lpyH|4yi&hO$;*^;oLP{>9#Rfx#UX_t_W2oCnS^& znzINyIV1T-iekMX-(jvzu1GAR0uu4n;1aR{SR}HYK5Ft zQOESsF-4k=__0Ye{=j5c-#aYIH4r?-e|Poui77*K=f;n(00WYgHEi{`P$>}s>+1U! zroY@F^c4E`G4sInZW59laej=;qc%L#J+1gE-|4F|(p?{2p8o4G45u%0M7-^&$W=~L zxYN~!N~Ua&{Fp3R%2qt$G^zIP!C5Z(J5hAVk&y5&**W%Cou+`3dmb0MFG>9UVLD(R znT)ss=7PyBH+k4$pWz{ZWoc}+Ian1tP-(Ni(_G>$e7gdSe}FPuBIYYo*hbj}#vEY! z^|Hu8n)EWcDzVBR^!76KJ0lUZt~+~J%nQ5023>pp%MeUtCrZ#KOU*GfL8s{spGl^Q z1kT4wiY?i)XhTyTQF}mgNmGTHVa$etCyDuUMJPe^KzH5h1g#ymI?YIIGY*;Z0XQ?w zHA|U<-20UY`_wBEsi`ImTqB;{EsHtDk^<$l-wOGmK@=W@`~VOG9nw3kJOVtm({Kj> zQD>&Lr7I^7466sKuCK)H5|+@VkoGSj z?K1nP$te>v$rMZTF4mrX*oXuU1rd_3c}kO(HE+^mOQ%+qWNg+>)oTPg1&N$9Beu6HPM zP4z`elf;s3RV=qWH^js89au10Lk{4XqW}Y$RM<7P!mcu0cL#3^pHb0N8HU&UeaSX7 zSrM_?&%8YCwkI7oC+lX3_q`*_VnsmPEk(+su3m*DO<*5ANc~+3%tw*h!fDES))2du z9HKOya#bD{z`yDqyowy{^2ZRV2NT&+4n?ICtVQBoS&kJ#m7?-VI9IA*`U;8Qjx;TB z`Ss0*+=}D1e57|hGE&(E9=0{!Vy>b>!7UFXZh>AJHu5b{yz**dA1xB9bG7?15~<2~ zRER<)JF=zngC>2lK+LYXpdG-HDo5b;cqml=x>g>@<&XjlXu&wkPmW zmd8h+rjOg&pkzZ8Su&Oq$sz`ne7UQPQyxOaekfR)CwkaO$V^CAD#ts1NQllu@=CK+ zdf0)RzU8dQyui!V?A2Cb#ye&{Rc18W5D!5_laS>Oxj5hp-id-x&EaJ%FKA-7--D1z z{J=G@k&3hjE3f!H{Mm~jA8waOv7<@8>#ZbXUBabg_af4Sym6b`q*H@W2wJMppW z=%y`9&*5~gBv02?qG8go&%kkDyDAfam>1jlw(EJnr z%~L{2LLXGYb3N6BVU28!F$;Xj6V#~UAp!??0s^j#s9p9Gm5Z~p)3WQa1x^);hv{im zccNvPtT1X$iWM}@r*M~w0zdLlHH{-Q404%U6S}7 zu2DPY(i;;MHzg~r5xkt1(p z$#TlmuH~CO5gw$2bk~@iH?SM9+z?$Tap!KwuG!sPO%`LO`KGSNOu!b+%j0I|hAM~_ zcgiPV^U93qZ3b@%*%_57!JNZ(JIp7V@GDWG%SmZq7S_w_%8H&8EchT}mYa^XqSg9v_~Qs?|ouk z*<}8?t}37iUzK!5UzzLj25j~(WVeZBYI!|R%Vi5THLRKYQ43ni-Se@A+~SkMiIo^leph<(K?X=w$>Q#93svNSHXmTj%<7)w}C{t4EF_8f3JO7bTy6^o zU#j+6Oh(v^XDbq`7HGQVu~~tzxZ5L&_}V#ll%PL7w5QE00ccpODz~uXx+AegR$A|) zidx1=Dm6)=;V`%Bm$7s6uj=CQK<DNrcW$94_k zoxVl@G*x6wDi$*|1nFboEr}TjxeHW~=ByNn){^1I-MfNTFFSV#9H`433a}t~YZ0p?1F(u9yp&q7Zn#PJd2D^A35@pO5Aixo<~{*OR*idE1}O`s2lDI46^t zZnL_^83;Fx=R>G3ov>Qmowo&S7J|1TAm=#lTu5kcH{w31p<+5l31}Ki_zj{ z*d^o1xHlTVoQ=k>hPT7!CedYZZ@6Fhj`nfwJ>3cmeo`yQpLgQ0G1h)3ai_NW|2x>DGGCB^mh zrKoLGs@Q_8V#zgEADShzfv6ihD`;bVLu*r*#l81!NNyZT^+z`xy-If>8R?ssuzS6C zH5}MSDo6s#&V0j!+AvovDIU1#m?R#dr8^YiF_KSD-9k(ecX z2@D+ox0XUFXSc9J=7dJM0_%AD`9SJfxjuv>OS@zVhk=bo0G5_+>AI@J*I!$gfYLbt zYMz%$Hl9X2hC)_dvr~;um(#>{YAJNIp&CU@5-QPVu5WR7SF0k)>w+#|vv4$~z$ZL4 zi|Nr-Ut@4|&?au7($h`^ZrHUD@dHnM-QfqKa*<_p&APx76dG`ouoS%@l2wtG%ne+E zEuJ8e*lzXa_3?oNGj-gBeW)4qx+2c>;gsn#zUN>hT^aWcrMN+Yb#5@-;|cgKB>hO= z2^tHQ^6HWMt{D-B@_g+-AAZXd?t_K|#}5F}8!wl~A%`Ku@}a0)#Y; z7)~NXHK?I}JJ@$@oATV9M`yiFEbK%q6QhL!zU4%d9nJZosRh%9Sow;pin)h{#uj6ul;L(yMo;Aer+{P>dN?h|;6Vj550=&TKlvb3IqL-Q?ZyOk$uqpZv z^jRNxJnw*;mBUTURxFM2i;YO)7S%bGTcAXixpr7Ak8>eqX)QCFW2zLB`uG?nYPYF3 zUhWLDQBG*5F;L>vG4l`JZuHnj2MccC;rLqLt8H#@@V-Bt4#(G{KV0c01Z_cgqe{4?9r!nZ-oY;Euj4s+LdV{G!2RRB>mIH<+__SErsSl^j$?8-8yoWobZ^DDn7IGLY zOP#z9OBYDX&Z|RE97uOjT7daY*}1W;zm^Sq6E@R$Dn?@B7bx@NE(+H zC`NO|fwS*v6=^sh&l0`{?bVdZoJTyPY5s{_%yTNW zuZIooRz;l!yvdZS{nTlC{7Ucl~q!gqRW%FaA!2V>35LsRMbk| zf$r)9XT8ZBO{Gp_gaUx4z_;L{?jK)6n3>Zs=~fB5XNjI+b?J@d4Cbq;6cJNONCJWS z#e3*dggP~^ysbPXp@jcm0p6@WkyQ} zkujb1RrSsTe+)Yznk05Vu}Gw1%OlLPQQKu*lG@%26hVN!&#k^$6zJxY(VdNO@^lm{ zrtj}jN$tBONE{)mx_Z|(jecZJte#?Uw6Jy`W&IvNUIovCU3bq{8vzMzA%cc)nc7eZ z0+^7-$=o@7N^qPJ5~YCAuk zCekSE^oCmcQ86CP@OQ`I1=15m*h;%K?5-@sjZEbZDN_h%Uot2#fxMeL?$+4BoDINu zb~bGK2KZK}!yuR&(b5E(*!%Nq<%CXyBg2TTM3K647-6MMe$U9Yr$o^NZNZ`q#8p+; z6J>)gtK0r-MfzzfiZnvfc*F9XNpqcV_!7?UonlH8VS{jAMWIia-Pm}1+SZitRjDGc zj87uaLnVx&4xZ6`(#4U{z$*A zFng82CeMq9B9Gs*c2#bAz{D_>^ISd4wjmgeG)_{ZKC}aZ>5=D(yeQH*LAU-Usk06_ zJD-`Snpp7)`>p}N)1=`~W49g_4)n7?y)h!&5Puu==f{IVERdd|J@M`0gR`Pn#7OXK$w+@&NlD75K)_4kf=rG1c_8-c{^}#{LGTSQOphdM#y^Ltul79~Z2N4TQf9 zOLmtn0mRsu3a}@mx(!LcYI8Va7!H08c~rFq=s8)>({jXQMS2 zRJQ3V;SqX8mjcl~=C2gtOHY&bJ^8h=S4K%63zb{_t14D29)ZACIXP8fuo_hefvfjS z`tvoLnK~+O5a6*ltrW!^>h|NSH<+V@r9S*HMlkNo1c|~T!6$a9ADAyZYhcOr%^k>t z4W{;(EUDrsG&}4;2j21Bzlqy+8Vq=LdJ2OYCX*axo1KCiQAl#nWnR$a*hDt%I|$g5 zg6fp@4n5}X!J1K=MqD$gxc2Afs{;$)PAO4Xop_PrLU){v>L()HNYAJtELR0H=I38#zT$j73T1x3Aq()9WK0 zw7hv3D*Ptz*BXxe_TEe#{afnIzYYWu%|dWS8?uxl`wJ?*p;TL<;`dLEX<1 zJn8if;QNOwO|OkMUsGIwJPYj5>!bR<^f01-P5vO=;m$|GXil&;aJ@dfI1(n9Y%x-To)}Haz{jZ`mJm$+nEZ zTom+CzHCy-W4)jscLXaQx*_+{&EsH7l_Cq1UZ-E=8+{AaW_#fCw;P_b47`$_(E5fd zaB0^!{HjPW;{fO$a=Oh3R^xn1NB#Jog1RZAN<9b}lMIqK5?N?8J-wr#rsOQW{(@js zl|Uh2-o;d7#I*lyr&|?RX^L$7l93o{O;p85&)|!U8z%nNrFTFsmrHQQ8ZzeoMM@9wb7q> zn?J)gTh~1#tO%b-mi!g5qqRycs`OX~dDnTMm##3xTMVC{(+r&9t&?5p12Pb?Q93y4 zTBc{v&DWA<8yn!_1RM}qJ_6;-H*5zC`i3QF4AOEtDg!`|#WZgov09Rtgg&59gl-B7 zM|8=|z+`Dq;t}bJ^~>ZU;4#zeY-iu}I-xm(?XN2t)_iqcJ*2=!la;DOPsQ1E+CNgq zL@_um`NrN@gn^Y6#AqjVs;Zu`?J_jbcmiVOKCJAXGLWF68UuSA z_~wjW+;*!oE#s;V&Cjk~Q{L4A(O!%jS+CR*q{6Lg7z8hiypZ0x%VL_NQgp>XG8FJl z{GPAH+&5fE<~4oiUcfL)pkiZI#>lEnz>F2d+E()5GMagqX?Uc8Mjuk~kg#}d^(ht2 zmShyQXMlM}l^W~e#WX&$+rT*M#&G6Y=a*UE^6HVDuDYaEL3=nUrf)gf+KniAbJrtTe>CI?(?e|p6h&dV$Ztku}<5yks;%-64lLfgM z-HsN+YqFSh$>R0Ue*6yHiQB_w$Ye%FnF>Y&f3|2Me;8z;N^7v_I=FhBxnsp*ni3>*4poQG_@%oKP9TVX_BsRE&u#b>!UqULI zl!N_iZ+M9pPu1jb`KO}yJY5?_G(5?qSaD4{VE0R=!N?z*ZP=8uk=UC= zGY~bvQ}PP5GZ-7vFH|l$1($=bRp|&1khp*b>$Y=<du#*M4ZQ#jUk?=$@6>9>A2oFo7eopK#AwinJ*37ZwEFVHd#+pFr=N0l z;F=z`uz6G@|lkx7wjX_kyq^o;;bVZ;Bk=I-h57I&V!o>n|D+D8avvF5^i z&K~M2N#Fxpf#@8g_lYrx8hG#K{Vo}$QAmzD_^5Lnn$R7&-Pe_uFecskz2miZqS6ISg!|fm{HRoc28n~#(|}n^vE*>My5`ZlWY(=LUyG}@YqmvGaj?-f81s>$C}TgJQwx->8s$4zo()NGb3C=#TaPW=b^Lq%kf zn!u}e)H;fjN$w>IEdyfo_|J|Vi-2^J_!~%}Ro(?N-7{InW?9g%(uQ7SbGui1_}aVL z^njPgWKq$fLHQzgrmJyExUuh24v-COAg|9AEcC)rW4h=^S|q+3j22oZE@e>bNnhe- zDw(DNRtMPrf*dWTgJbI$QAWGTO5~FhLOrv$)!XRvmIGr8ej?!W*wA-|WHBA=DRuzC zbmsJ_s<>Tdjd0hbaktUkS=Oq`55W3Z4T-r3U-E=O3S!Xk7|`SDYpd6Bd2GxCk3%xo z>`T>$Q;+X?qCm22%ya}t+qv2;cX)O%&?_a>DsZdHOE}Wjr(tKPThS zptg?kYXrht8nXl3CgmZcWy{8Cs2t>qidIt!x`fQgXdy-x7EWg-(esI$gj7qWo1s}| zl^X)k+$t=MeLmhP4RX58m@I?kn?oDX6!uSf?P8E|PCr0^N<<6i^h@srM~Tj+TF{a> z&R`3?wMqN{m744(j40&jNJP43(t4u#n5RndHI4wsKQUgoT>>T>o8&QPlBr74j!H=g z$KW5^M3Sf`P{n%9luJnE?!8h(0{G94fh5UM+a*P6-Sb)8 zEwk;yL^I0cUXdAZYE*By*m`>GI7owb>xwI+%YOv9sAEREWoNmlex>LS<6 ze<(Ca={;t|>Oz`sanI0)5|eZrp3-`7qwHofNm}KDFAmlg<*94CJjU>fElrCRjllkb z9=q}b%gf9M&3T%F8^_4Qc%IdVZ}0LMBwqVea>2^SOEoYQr@cb>A8yl@71)BRWRAPf7}5!+fef{#}wKG=-F3 zng(}?$|cR&8Vvr9J6Bb+zRR1#Rn8-Y>1e3r$^@iawZ2kJsjZ)2c0Z<~CZ@c-?inO0 zID32{daRd+DkGFkzmbTUQN3$GLb>ssLu2&Q6~<+<*5 z4h0WfK4lAcOK{TTSUH@H2?8?{y$3Ryfw*XQNOO@*YFHyEJ~r@iNkvdT{opeD9Hu=s zcYY~lIJXhF5KEfmammfq%FEn_O`9fAMOvYq)m%mz?7gS0B&2PE7=*^9J-_evYr}48 zkPss(T~6*uG7AGTaQ>86k1sj(!b=M4cjHqP@sJY5w>+VhJh8Q7?6CC!x(s(4Fr+fv zOXP<95oEz)U@q3|ou1K>5xC*<4Nd)Yi27wEpwUkw)n*4eIAIuGUz$8EjIqn|+8SRE zg6tTTCLOgmD3r*^@~0p*+;_J9!-;yNT@$BOXP?TIZKAFuXSrb@%V0j)IPON8F{&0| zNj3Xt0}r}hH5qRVTD5aG&I$VndAcwU80y|@2Sa{>@w!GRDv)qL@;AqFYY{W$VU53* z!u3QO8>-(lgSGXtT^?MiAQ*mh;+1iPbuU}1W6Da8;A%)MLzs{^*8fWAgVLRD)O!`&f3#T{sUbG00G`=p&X42D`ZVBP0tK4N?w|S+GiNXKi!>b^b^$u85ab z!{yX4vVuCn&Um^$X_zgG)R@Dzi~@0ni0r3E+t-p3G#;R0T#w-ovD}p<*ecGl%Q7A) zB>l9J^T77@L&5X`Rhn#W1Q@gVJxgnxW+hIow#AJm%chLlkra|oSWR=08$JTPsF6p8 zTzGYm9OY1aTO>J6nJ9dgx7s%hn?|g0@+c&q2lt?T;bD$E#>`gqYeZPKf_MNouKEQ{ zQwVl8v4UPP&tylAR%IC16}jis2Eb+s`v_#u9tKqLptF$YoQqgIb~RkF;0A?={ECyT zaq?(ec(d%bdRx7PAKkiSSkp7^l2qUl@f;(sP_eL+mT- zU`vKUP|J4Fc<@EXqLE7jI;$QBTa+SOPA&3yt*5CaHd&Ltk9=Efy73c z&k)_^!dis9Ij}SqvP)h_n#NtS*kvf=+=`ebCTEd8SzdO;Moz0lYcsaY=4x9dgx zZ_OdsAD|n_5r!l$Gu_fuy(J^-d$0%8Zab}LY;P|(+{JtYdmH8a9(aKoDt~L`dKb{V zp)!V?4t^w2a|^lZ+^!l--PVg+MsF6&9f3^RJi{*Yw7Xd$4Z&92o3d+&nte<47?QpW zL7z5tuPl9IqwIs}J@!*&W^eMgkI9RN0i|)iKQ-AY>&umbs0pvn2j3 zyF_FVtnP}rg7%Vvy8OjxGAD}VIePGFZoz1gDygD^pfz{a3~so+ufF7ho4vWioLQ=t zGz(0Gl{>Ax4V?H!%lxy_LRT0yar>tJ#55H4qA16ny}7H^3h~6ndbnclXUMe>D$l%8 zY9e#Igwcy+R;PqeT*7u#lV5P7XjB( zjA#-SHeZZvNW1E%Q^owl1(*LG>W0VE3w_XTYk9Zs(PO+mlu;qF$dxGr5(UMyji$)G zq!9RkBDA?9;U10)$y6P;UO7z9(aFM$XR3R;2mHIra6e*2GK&@VbR;5@0SeC6r-IAam9? zb;ZI)L=_gJypBY~Qq%mdf_O@OcoO62VVzF#NC|p!|Kx$kEwxW23YP-8DiSk~wKvL~x@PC6$b@7`p~z|Y?S=W%e1rq)R`~fPe13N7zJK;C{I1%=X=@Lc zrv}PXgtLU;+j{h91|<1OYkgo|fHQJgawexoxdH31#MsIt-@_K_#46gm|p0#v$u@B>>KT9Ej zDp$MvuKR7XyFHu8fES!Ui9>UF$PMv1z@hD9(CS_EYrVEHXKZWo&+yb|HOnkS4Hw4) zcO`NKwGqn8A2KR0clH8F*VS92b@>0r+yGTTs=s3c_ch+J`u-ovIacpilk&kA>>46Z zMVV$c5i5giO&V-}BdE_>e@E`&FzMsn^$Fn~s^7hAp;G3{$B8#KJV>RUHTrt~DKzS$ z(%HB8hfmHg4^SxV?80?+S*4$6jovQXd%N&@yF4xDS?TWLyxHBpOQP%!J26wO^mqBZ z(ciPZ7oa~|Z@QHZ&z^nP?6Dofi_^-C%PH%p6&#*7``mMBT-rV>mqw$T$`4QVph8-P(*1fUtw}PX_|S@;{uhoaOii0+4h>jv!CS7%ig-y z$1LICCZ9P2Ey{ZuE+`_`Ci?A#=Tr0HmK3S2Ke$w@#KatGi$6OIS@e$G1_aT^l zpiPG!y{&hD-qQW)0YuwAycMi5iuDn`J8c=^*&|C?4&gfWHcA6W-OIK?F7^&mLh9|A zI>m0Fs(XIfGRpZQ`=^bXwGVL7KET;y8wo}T2E`Ug(mnH4)G7${b-qt;*(H^?6%Go$ z_GXp$ZAE$-Dr1+VAw_V2slyt+j?O-6AHf(Bk2ck%=>r^8>Qzj!tQ0vyO@9kTuVnzN z1nomqmF>c?&Y#0}9Y2BZHicE(jH~?YQ#r<(bm5W~9vJw04C+``@ZGxB4I@nj=^9y8 znW+)`90Wl>B-d=kQ&T2A=*(Cq6wig+bl?cA)H9`%9Z5yZRQY-+1qYtc?3o6lrV`dJ#g#cua@zQzZ>=Bv^38ah{wl z+>2^zZl9|l=p8~98A$q&pf1IxNvDaQQR!&1dSX`f<1#Zu?NVPBJOR|0eB}dop{UTn z_s$X_>P&@PbbBsinaB?x$|B^7>XJlFa1agpTWA*5XkHB85u) zKgCpoU=TX`U~7A!7a?B674lP<8mcBcnh7{^wZ&qnF~3U01KxzycUxESgXC0wP}L$X zH5Y^PaDN)viso0JYJIpcmzg`1ja;nYbE^0{?HX)@8M;7Sf(2VYTNX-R<;r@1m0n98 z=$617I|70c?rMyrUrCjl9!d0_dW&9)zeU~U}8$f1i`cL;5D+Z-0M-tf73ax#Pfv# zWXs*3#o6x^gWE_cpBRP}!#g0wFo+(Yar5O8WR&&@BBonoGAKL$omuah3KOg`4`#!8B;lqZcYx<_7e`60A3jvhIO?g;i5m ztWcVHvnKX12yRZsSA^X3-pu>&dM{o)o8LYUu3Mf>Tb>2M6O(ucftJC^8R?N%m{n#XI-5)YO~Wyy*@DDcW&x)C+2S2}Ih)*)x34F+WV9e}`*SjRvFMM+!)ucw zYc_m&H@?Po8j}9)r?;z>-U@|pn!o4q$pQ`G0 zsx+fRdcJeAt9MNEdR^Lv_>4Yuj;X1|oYLI%WRw{0^e+9lwF2!%Tb?9VlCee>^zAm@z> zEJv=(4{WC@8FDcNi$PbTl(^nsQ!#`MW^0ev)ZEpBZnlgV!cNiazUMQvftFbXY>xFV zSz%oiQ%59|s3~#9M+3F)B@IF_e!X-ce9otL!@c)h6@ z0$-oHM5&r@z?^`&nO0@PfH6Qp#W0s4#FcipkA;j&e_l+^ab$FhdKe+$uuG;`k}!E} zO4UkbzB+C*S8M_hYGZGRv zW|?Tk=60$$2{*=r?0FKz*TdloE(JAQXa+M_Oa*{Jb*Ry2*sxQ;YgkLn>m_q3i}K!# zAZ;bOm)5_C9*0SG-ZuTRf!hIz)X&C0lUUE{99*XsTyh>eYp#szjnU zsQ%LAJS_1=Qjt2HzMr`8?6^_z9Hp7Ok!GM783RP%{1{8fV|q#yw($}mUJYp=s@48* zS{L?nqeX{FqL+5%&;|hwt7VW9`midJWY>D+O;+x$Mxbg|#Hl42`#uPkAvExSD2bru zt4x(D+m1m#NG}}9Yx{i=L>|17VeS)?DyB@sZ}aY#Iqwp-W@!vSdYL^_6wVMi)$3M2 zsO&Tn06duHMSyW$?jP17(k2?D0Pd9 z|E4kTn#`b|vH*Ub5r_FRlZ6tei6^vMO*LJaLYbJBeas|ND%p7gx2+Lf4y%Eb?4C&l zxqR3b5@^~d8hoxFl&+-U;Fv(#6Tk{KWT1(u=1K290?cv;74K{wHn{PGa_NJx@VAzr zA$IkF@_Qz~*TLKP*rg>=!7g94)3Np*-FE!ds zpHM`kVK@(hRamKph38gPGYA3C+BBAQYuVQ--_)z%x0)$oPkOndAc3!EV|Dd79Bpjv zMo+N&#A&pAT%85f#Ct+n|7wP(r%a?;*#D)Fl_)!SKhoktXVvWxN;*v_I_S0S%!VeU z%4TY}dO3aFl$Fw&hG$F}QO%RuTK?S0I<+1^mAF2yPV)!jy} zXUJD(jHSqXKE__Q*x-*1pXQ1WWk>+EbZ!ZFJ+7=?zU2c$uHlRYZ%cD(2uJ+S^f`FmwLOEOps}%zsC|)mk)5&UOP7}AZXGr@+ zg~!pthTeOl6-mV-V^ZmIw8lm<%3Vc(`fyyi1FS^ClD3*0QPg6$Odl2=Zv$}(VD$Q691@zC{o0dMb=Tc(!yAG8hL=Z3{k%U1t`1;8Ron$A@$SUKJf8)pu&kun-CiW zqL?h%PNcD$jh_{;>_D=urrbO=3t?7aRU|8(B>KdFLdkkKf%pV0E>mCoHQ-F4ZecRu znV=M)m(M~n*igCFTh{!ens;E2Oy9Nnj9Wtgr(zgZ^&x8wMI>3wZN9`+p}BR)_Gm{< zB%|?;#D&p}@z`eu%TZXO*aMVJZ{FFkV?3>k+L*#AX(WNY(g4&2s;YyimMvDkQ0Zxl zQCdem3YeKp9Ushezw^DfAhj$`4Xs%V`q9t@Xoa2TJIG843`WgRMB+kk;+%f$l7!tO z1HWRdi*9CKK2En*STi6+wWZiHLs8q#0kzh~ttd>frOG-|z3uLWjjRHpdWY2*D+ToG zfu%riO-4_z+9NvhQIJkE2HB!DI_mb?QjKL)K>ihPIYy3Dz8#B{VD2ro4}ES(llv4* zDSeg9*dM0SOC4M&j6*Wcp`(!oz?c@l*DxBD8AE4>h2!EAypOCB>9f{@UE-+ zRqrGMPZWX6nI`o;02cZ>p0tR=n+X;)SpyBEw0Njy#anTy^7@p(m}U$#^;*^sX(DJ` zR|tO@^UrfrWXZEc6WguYvr{lcHBrI`U_)i>33b)V1y$SG&Bz|&kc_rl7IW0ClvRyNYTdHf z4)OXH{x&3U{Ytw-SD;tFJ9F;Ewh{8U#&G1hfxB5kts+}S5iF|i4lQ$+d6|;BEW6%Vj8 zDBG4ZDT~Y`bZ1fu*;_%01LuxZ_aU@deXz(4Y&|LUwWG0z??UHdkayu=*0*gt!7qiYDnMtusm@}|IHUcG*d&}Wfz;g~4=I~SyUt{W!z1YivR5-2AHbe8= z%>pdpZWnN}S+G`C31k zj9-!dxQ>8#F(5hkq%$A8o&uV46oBV;~YuwJ7%nGf-UZ^@CHzut;&(dWmo zc+=VB&FFe~P3DuE;mtep;vE+A(%oK<=7XF5=yo{s`n`MMx(?6Dk=I{WV}JN&IP2nE z9Uez7Zok%FPW5`stds2Q+PG{ECf7qf;AB4Z8X3TF$LS{Z0(_G)5!h*e)_*nY zPhXSk$#4#fJHETQ8NGaGU@8ygi<{9avyJY?*RUTeZoEP8oyU4y)0_hBzqa>J5G=5i zrSd4g=C_qdyyAn@`SjVVudd1HIY!&dEUZn`<~b|mScJ)1_^eA% z>3xLp7^s?Zrh$3}xKgSEQO9INHC&3P@-^CP)HgbI*O#VS%&8*`7=kigICZe*Rv3|` z=DdNkwGlwDl&HhSLY}}y*qS&f4Y_DXtKC+)VRCZi1ujA=VYJ&@6R}vWpr*eQPg-cBIln?m!%Ru1;??Q58mUC)}$ z0cPFy*f~uZM01|Oh_yj)+qM$PaO%-56pjxZs!GA2eIQk&bDL0sV+fB8 z%)_0c+j*K^Wa2C9>KC#TDzB6Q-C~UvCjeq#S5(MKnSEE2)<1|_O>sUjEw}o0Qw<*v z$}NHMebs`1jgC+o(5xXwCC3^Mh1-9Aak(g=9K$G2LoXizYV=Gt1QfP?9}Xz*)+&6-i=U7hQ@Aq=HA^Gb)%#Jh zOv{djzIbsG7Pqi7O|>q&dS5|AAJ>m_o3eSGwSvSlFUE9Y4OYRwFJyu`ax5tMK zJkCS{cZ?avY&cl6(0L1OxzR0q4nxMt4;R1G3Ei_qWVQyJ^$}L!T5X21b)(8+y?#R6 z$9e)1VFS}41Bgee@vxt_9`=zUW0AYVjx6$cLI$JR;O=(5=#K|l_?ROd9WCZAjOu#$ zW_UB10^dLL`1_kt|HaJ^<>&D`8%p(ZqNO?z;e>CfK5ccbz3 zXf_-yOb2s#XrUVpCgaKNXrQHy`S3sQhU3Mke`A||PbM?;37*Usdg3ofTF!iNHy@25 zMsB9(ayRUfSCh&0+tJMpbgpHX!D!movh%$EW;A{^*Gq7QG2saZX8H}2POlyWt+lcEzd{N1&b**_8skF~W zxg2hYFW4#Mhk_;^u#jTopta)c7#;X=7oZb`7nlIIaGNWTIas)%j3`&1adWm|5ZqzT zbH|KhghDAnn)LP+hqA}Ig;W4ZLi7PuZgWCDw$j$8S|mu2tB;)T4N|q^awWaHyJa$D zu9^7C_OQ}NBvLJQ8y6v)!Wjt;Px%%^)0it+WHy|Q@bvEa;3{^NJJ*tmV*#( z4s)t^c2edT*@yz}Z%;%Ar=^%>ERBKG;;{mzz*7pS`t&@H65ZPdY@Th^tGRUnFh*8_ zQBY;CW<;bF=a5h_De!)A7C7Ty=4-O_Sg_evr8HK-KTok%tg30OG^k*H)}MJU;d+N7 zm)_jurVv-jy6PkG79n4<|pmE6U#^=BS>iAz3eo`P!5JdJC?tOdQY5( zWC23%6ogz;tG^o9W`y*l0KYO%A{H@o`0Lu_i++=?=WOh$^4cVl(2iY(y;}4&#ysk@ zz}z_oe%D1uH`3eq_Ss|yJ`IYwxUITNLe=49JXwr1&%5FYJ5tACrNDl}WM*=f0<7Rq ziY4Eh6KNZ?Wolpx-2WPNwl*+BHHV>!bZ)`K4;O*o#X!WY+rg{9ROOXQR|qWh5=0&7 zro5^4$5PoiCR1R?o=fl}SW*9+9~!6;1kBamBwsOG7VC8_uoV3rqSDO@E1}fz78+i_ zrcJQI6=-QoM$n7X28GQY*NV~!;p`%`A-*8cj77dN7kiyE2i{Q`-5<>h$jM{)QPkn6 zVvC+mH1`bapwNk(D+u!GRx1&Ll%%B#cl}m;AN-@LVX~4ts{V9S-d6EayQ)`ZaR zs=Dm4JL@vBUGQw3;tu8-+t7JKn*!iT)Oi5(F;{{K1mDWhv1NW;5<-$&`sqdnUI7Q9 z4G)(+84q1WUN^}l%3{6)7>vykTw#hdSMB5#mvNba>Ot2G z`cIu57$FA^4AMk?)i$MgUN;D&x>m7!u$LE~`Z1tXe%A=k02>;?y5Lxa`{c%_rf z2{anTu*LnYC#~8jxrYK^^B>hZ(jxxE+DCG_Y2DuIaJBejCo(A@h=x3x>2@m!4jGXn z%#2BqL#;j;geLJdV>#c;WL-7H5z1#H#agwki!*e=tTjyO3%rfibk|zf%iV4xC7RZdRnO-JA_Dxp%Mhh z`VtUdW9m~sP4>#FM;}9-kj>{EgicxuBV1 z=NszSL$^X3b$ZL%-f4yJx+~s!ubS;`MJAU#Khi7;C#PgwO#{A|OU@oRVkW-kWdx1+ z8yl2LN`~xSMo}!-fai3Udn?tW*R%xnnfO1Hk*v+g0=n{sn%j%4Wwn_Nms1i zgDPNzzr(R-dHrO-dAJIK-u+-Y?Du9t(7xy>C9TgB9`P$Hp{=)bFUcOABn8i8`aTHS zmmT%Mz4${eQ+#P9B7moJCt@m~+-j-*jnArg-*j~2B-v&KqKovBbt&VRtDg$FF8TM@ zJX@5J`bAbQc*w3ZS;&0DKFVw@6E@6aWDxK3!^u75o$m(o0Q&v{k|iiqN`KB}o8B}5GXTUW}%RqbwrQK^57#S{CS zW?w>oylN`m!c=?|iTJY=F|RjroyKy{GszQgGR+(BgP=DX_Si!YlFx&n{SKP!^Q|%g zFo$x))35B`571bz%!`c2vY~&}NT%d-hTz~{VY!|rTUluIp;yby6pL+E>p2qpJ}&dy=hBHwf0Z&g*lf`JnVO16`)8bkc)=41J8>)Uhd)KO;PQ8#gzQ?xJS+2%U8i{>`Pm1N z{VCS!4t%=i95QAaw3Puz(#TdN;Fl*yWBhmifs z|KwkQ@FZlv9e`J4jfGM9BI=DK#ek<=e}b5xe?Fw~ArUZX zcYLAxdB?Xfcltg2@7cA?b6$pQxL0SOpTaFR5(}QFm+pDQ*F0bHO#K{7_5aIE7Pu_< zvsC-%o*&XeSxxt8mM)iR2&c2pW4$HD5{P!DqD;VlG*gSsWA(#fxlyJ^9$J$9I3A0vOd=Vw!TPW(LN>@`k*OIS6dRfDV2(HN!z|q@nW)ZA@+U6j;~HBdIjY`cgRRW) zdUI~PUuCk6lu7YPv!i3 z3P=zlP-z2O`5x^i~~Anw3`1q(?z@SF!)$iyQ+Ql+}yA6@Vfr3 zyxeX%lHx9fAUtfH0kZ%$@k0CbE1-htX3~JM-Xhf)!|d!V)9p?`uDSb0lQ!AQ)@s07 zxJUfH!$k4|OEBEf#)iID2D zoBm>T%l<~jbYA*$FX>}2hF{9Okf_eicv48dPOTy~Se86WGx`#|`Fk0yG12nxr7TjU z<^T{_CFdc%qqYjH&D~rvP(|L=6lR)NDxtA|Wqn9{za@S8Mq(kjRmUDgR$>#>IZViu zi!$M{*~Y(@k%Wnkr~&kcY?T@!vL%mFtAjme<+|jDtESUHD+7APUPdCdid98#^G zQD*D+R*$*MgjfoF(Dkijj(o4!hy?qAf_s=}T*Or|G#4@J?dAUL7rt7dae`uaSn#+e z?e0}4;UN;UX;zeLUTbwE^F@jeqV$~YfT+3B8jmt*)ibh0%j}Dw4-eIrSd_65Ds)F- zY)D-&>NdV1Mi9uUOjqWuu%@qJ+o-9%VZCf2iA(UfqNa{l6zQD6L_AfLvNx>lwDUDO z8D#*}^I@tVB7A*>*Ebmb&*+GS2i@;sZ#%JvMJy;M5{q`LP4{;Xambw_CGeuaB>`AY7UFPHf@z zl0We*@`r?2HWCS2O=_OW5y9vP-|YlFs$X_8x-bN&>nzY^nxN*DuGoq%3%7LGlv$## zKtUBtiKP3RX1V!TvB`wMU=7yNXt0HRwG!RPQ@0aLZJNt zVP?;oJc3b%JG%N?winrvJW8KF#nz2iU+tpJH>B8uNO!ULF84L%jWR2PV3@Eahg5A6 zk?Lh815ww{-~Tv(1qXs;sp2Fp}!+$BO!XFT!+r_w>G$R9F&T!FVFYAS=h zs5Y*Jr#9CPYy~c(BMsL@DRjQzUj!9%D7#q5-?cof7QOT#iBh~?B&Ugo&)j7WI+{{% zC}YaD7~*1c{{}Os8dGPD<6rwpT*>dm3rrG0rq@jm&|rE%{=zzi-`iev(fA)G>XuHy zB)STM|4oTJniBc%N{0-Y{Kj<1*Casd#5*VKgv%hmAvsdY4n5eI4C#)b+Sylh??s7} zCi#-y*6Ebrq;lpP{vw?dfiLyLTIc+Qf8kky>MIteg5{f30$A-u|~}r{-(_mFg*W;u-yv9{NiZ zRA+@;C9~S9TJ^eudgSF7YpD4C{{bqhv$y^&I;#2JU#_I`B>FzhT(M%*)|a@N-(mpc zf5ZKLxF1*WSjeh=%{h0L(u?*ojkUJuQi)_NDPvG2j`=+-Kfm!;xR-+JW0IE%aoen?0|@a#2qncE9wFwJ$nsCD&yp*pK>?eO;f)w)_yX zjfO9jNnXgJEd1#LXn?AB*$dr*f=jHI#>#jH0^*sph$F}4>)n4csjFhu-Sa`jxlF#u zP$yy>Q^eesD!CgqwW(%8olqibdkY%-T|IBF1Ml|6Dop1!s#e7$aw3p(D2Ajiw=jCfq-`pHJyH7l%pAz8zq}^xl!^IQ z)T=d?tC3cH1hbIoz5S~4wC1gPx=QW%2K~wcHh=xxc$r?p?NtzLPf>8HXF}F`(4D>E z1#e-Q0Wp5ra$+Cu(v7C6b@QP)Be|DR$z!(Vk#Mk27l#H@BSeH*=tCl6AH36Pi%dxU z`)4jI6#7nN(Z>1kppn=EBwd_d)ivB-h}r5*i;v)HI&y`fI3rlvyyMs6NQX>vKQU-G2mF5CKr@Kt<`SQ>xX;`~8;!k<2qZETh$CR`>_oaq#_D4$P zsZWF;n24pwbDkaC0@uP~Rh^ey3LSc|_hT*IJEKm2RdJhyS5=GSd zX*iw)@T@HWuBIM(_sOT|Dp381I;?kub5-LacoSSD<5UOFsKAkuND&|#;c-*jA`wrf zDT)s~=E92#xRgHr2%%*_ZCL?DL5V%RvQX%1!8#j`^+K78&a zr~QfN4QJ_XhxHK0d5VK>I7ddQGROVEmMQY^I9uwdz^Ca%hZKHH-5pzzM9=MX_uF#2 zfXI>kmd`HcvQQ%QbB6mL9Z%rMR4r4DtO1&@?`QkfhEC#omI#5j6mpL?nL~7`Ps z15_x!xWJa3{AKz>jxCxS+O`;0G_V@QRpnCjb*Ku~(P=HnandyK3K-qjLxHNHKd99P z`~m%Z`?90Xa<$vT>-+aef6?L)?g}1RZr`wNs0x#cysxaw#6PqR_?(eN;L@) z`9M!l1Jt2TawCZdtKCdueWwxciHze_8M7@=iAUwKVC`0v#%T)-?RA#so~hh!Ez5Yv znM}kV%Q9E<0|w6H7&x9ZC(|t>2b#+o{fcR%alB(~c(;R>fWdwvR5;+#7Rw?_m3A9j zqtbWW*n7{MZM`oL@Pp+%rcw#DR}21!C5f&xumfskYH8h+PJG<$&=%cwH)O#1iEcKy zo^VAwN?l2p5;Sw8aM>}bW(WeX!57xRqyZ@awZXV(p9WYP=@%-9pDsI)+RFbd5ta_? zL>8r%YGx%c^}(R@;l8RO79JP-M$Esd`b_|Z4y)S1b@iBwOewQiuOcEg#r%ge#5|5l zCmi4rdY}tHzeQ@y-K@ukb2eLUL{!Ft{djJ`G92L8>w6by?zqcG-M!THRVA@VT`Gvi zh+aGpli=7Yppt{2LTu>aH5n~kKP$P>SKWJ@&8NN5@We^fSG$G1u>R=cDRusyuIfkg z%Fw~D?P{s5*g$J;=*(H$!AC-#clGN|l_fr{0bD9$$tP}pa;RRm$JZ=7jO#a4zxa_cAxZg={S>h~SX}-^ zAP$zgF-q+g!$xbY@+F{h(cNA!7{%fh2i#QJ1KT9bJ(9#7FWhos_ z@QgvGlKDJ_Xn011L0=?z}DqqB^`cxhWipzcM-Bok}wkQV;XZ3V$_d^7y^z;NO6@?$d>h{S0s zu>D{$27G;XsMn)BzBJUU{i>ey05Iv3Az*gdp;&me6-F8bs}c3;DUNdbiB4L zl)|}2{VPdXUdqC|B5mTa%yrFwsFMUSQ|U#C&X7f??R?_;Lh~L5=7qJ)y{==!#%V}E z*anGQ=eUYYi2w@MdEaq>WKHHvnyrM?ag3@97M{urjKjr(=bGKUntgxlJ6$-zlks4t zPVt-W8-SL>N)MZv_M9IJ{AKRh^dJyz3X=ye&b3qE@`oQ9vY$P-fT!GG&JMn8TO=n~ zPJ;vQP9&C@vr)ZVyA`C8+Up_{7$4h~a6p~O>juFuy$5xVowo60l8X#h3U-%kAoY?1 zi_&sYcr;5#lAUBC3kk-(;eOZE3}s#^j5v|jWRMfpSZP#6R_4lxy6=s8pJybvj}n|E z4#C;n+@VAr*22eKb_Md~^s5icOooaqc>#kBreT(8vy5e2Q z;VKt7sErpt|NN#|=f;cNk_UiOD)Q(9Fz|e`>57-CE@V*4vzZy1Zvglc9JW~6>Q*tV zusWdE&w{0MwKyxSYk?5!0lNNIIIoTJZe1b-_~mn>IoP&ZYLa8S%ql z@-P~FH)GSm!{ha6*k_Yl*8eaZ_k!SUm-R91c4F{7bxL{i1<+s`f^@~nT0IL%lV*vi z(J^3xmT4|63oK@MWt-@ddiXFL4Idtc}f1bw}sILV}n)xMI7D zd3MlF*-pr|X{HPmC88oA5G6IHLTZ`X*r?EH$;xg)Kbpe`SgVzhT z+>vac%4>?l7M9I$HPcesYj_TYZd>oodL z@wMKVJ&uQyF}ok!Uk|1f=TM8njsUm6#Or+&_Pv9FBdA;f1YDl5#{>Z^2al~z=L}UoHx8TvzX;69D&A zVnz_5N`~bCFHSmeb<3-Xd`h!8dXfaO9x5L2=yB>@tpMqex z6j%;3l47|jM3NUmCLtTA*%Lp6Z1yCJKShSmAb1M#@*B(5tc&(njMQ)TnL9{$)kbhd$KfDYGQ3b(v zxZ@(HDbUldFpM4JWF%V1Q5G^5X-dt7X`FP<7&5UJNhxrvS&ly^%Nqhs=JOp)$Ex-H z!KCw?IVs)8CdefJsjYKz9?0EG`B;!s^I%Uw&%}w&(3Um-7J0!JvCKDC)Kp&vSz^Pb zeVf~<_N$XcWI{hyDw;B$3|V!OG&vhQTEL>P(w%CoH7|D}+oQ*d#Gvk0y0UIFSQV{w z(>Fo8Gu);IRWTC)U4V2QQR!AmS{5tZ5HKB?C{oIntWM1T|Ao_X#@ez|i-~~bss>ry z)Ml9wIhj{5i9(vs@>aXd(nt z&X!|vv^v4C?WvF^Q)X_uH_;1lfvBf2rK#Gf%k%Tg@8A6d-SXTK&wsID*-6st>~^~d zOMekCJ*@)-Eo~_~C$?Z^A-;$Bj9rTzhjh{78{7waIK5HzsO$$I#&dKS)-&t1<4W&m z_PN7S=mwoKk8%-rd%9A)T_9)pU6z(RcJ?Z&IH(WZrpcGk1va1c!Ww~`N!*i}TM%An zgCX!#_vXNeLnE!-^*vpmm=q2pA6zY64!ZX&bvCI3>KiBSq4wfH_qUrPjmH?NgH!`{QW^>LSX+&v zH8Y;G2OMgvqY?NPupU|)IlT~uUScay#~_{{vnmjakQN)O`dQ?Xr67_ra-1x49>>pZ z19WZJEb$}m&ab@>TvRoP=6EcrwZTxT`P}nJy9t=z(3jA4@llyS&67Go618pPWov6J zE&L4%7jTZK*T7K$q>$<*ndhbZ3j7=2(CofN+G*Bo?C#`b5}DL%;KBmqUs?1ZgYDL6 zIPuSFPABL6-BB3>f}V;GPJh7ls2PjKRJ`{9{j`qnVA__HLylBwCY2U_J5WipKfVpD z;->==PP0w|k4fIJj+L+6QC&)h8upasetFtj_gq}fG1vRSwEv+up7*YYqv8B>$Y#Cy zaCY14&nMH*?C*~~_1mxYD*Jypkp^nKE;e-O@qMjKq}NUVtYvo6S@4rVzuJT3`TB6? z+zj&O`RvPVS#Gg7^IPt-xj;IkQOl~3HxHh0{7ZrW*9}SH0?` zmHdO~<@5_7L+zn>67gPHwn?$cztewplmJLc(JF(Nd!lq668)G#3Uf*c%@`4J>PU`P z4^;Dtz%A7XCZXSWZEn#srTDK9RgdGF!IX_BtUsLgAMa;#C0b@|ID>~LQ`Q@QW|Lbs zoX^<9baFTC-Lsp)$H8dwFqqERXxO_R4cM)HaQ;F4b2OTK8jkNmHuyLgv*9fpj&CQ^ z`@s!8GMuu9$!s=6l>o}NMw8i$O>RT=(VO0V?{2{6laSr?<~^v_8jkzmqVA1CHu%Tj z{$bRcepU|;$2Y_2pg*U#X3&D}kq*eQ{$xBG{QYq-o)3E?{pfoTp5Ln%-arrLYLK_X z`7C7DkF();Fq?&Jss`~m2-)3aa`S088ihD9^I?DZ(1U`G-pAqiZf1u&|1kK>deh-- zz*>a97Of9TEG-C#VJLYwLj)JuxZ;?~OmdIPt{h?Vz&15Nnwv8&OBF~-2-!GQM4xD*y()%& znwmQ`HFf^OslC^J-)HHnsp_(W{9TO{QS34KV5)_t=d>N>Y|E1|%Fjs5K5>_9UZSKT z7{l?3p|hx@&99s?u~(2LH2g_!xlvcDB`K`ipymwdOh$Gr_`)r%?h%=#7 zkL{$P9#;*X$0G=zIauZ=9v4xM6swS#0&A3{fJZbm-m-YDM&i={SAmJ}*IUFUf!db^ zptNC=0zU@fWo(j=)7U>~22(`i3S~J?g4Oq5T)UZ^Cw0Tm@+mA=+<)A>rIS&2j>F6} z`fOgCb~PKg$a1%TlnUhRl`%x0os&-&% z3g=%lNlPR2PYnIm9;okfKbk4>I#MtqY1c*D#ds9Ub?mK|E9J#q#;~CBnywwd4HW|g7DlJ*r+#h5)%6wpG7MMLL^r# z=`FPDa%i7Wm?gz3lJ(ZB;aE1`Gc(fB@H6IAC|z{9B0soh;{Hyjj{VWQ&0NS27Bs)^ z*m%#Om!%yqWPsjd%b$F3e;USQ&-}KlPKM)fxqrtlOr3K(M2F1k2uW)cutRjGVv8V# z;o^t+qTU2^5VKgLqpg?Wo5x&VAI&1+Wlmtai*3(XYmf|c85P6vpfOFVusf$UEva4o zn>Mwq_>oE|vK6F(LHHC^;u^u=I4#wlYfnMQaIL_>2di+_?))3+vs-mouiZT$re-Ai zN}_CUvLeY!ml!8u{<^fkww%kbiMY5+Tkah7s9O3;f9p@?Wa9g<-c3@vINIAT4^U;4 z7Uxk297dV5eE{(_nU20#$^R=i1nQm&lYDbpvCM0v=j=|JD`vi0pdAlX$j+T2P{-@- zTkpQ8jTm?N=2fhGqOY~UqD@mw^0&-HGgr?WleQQpDalj}~6u+K8 z#rk#B&3(9*L?111sN_@RUg53bPKxOr6ht}5u3>3MWZZN?r70dpHTVu{2Yf+)@($#= z^ShS%1T0<7#5_1wyJ|`<)U+ZCJ`++Wo#_Ia^d>G`x`_zJek%*o05e!0T^ zc>eg<_`W{uxX1T#eaA<)+3I@T-Hb^=x0(9h|JVz;XG{6+oBHmz!~6W3hR*#Sb8qvd z;$-_R_{Ekz5%LMFykXjmk|8CdT9h(wz#$(iq7yb_g^4crP+oxoJ^j4!j;6usa$W4a z)t6`k5?k0Sks@tb`{dX{m6C-hZbtVV)&7}MI1_W>6Vjj~4$kV_K_F9u&sS3fNjV(x;zSD9gqx zwB=3CJ7xu zD75+lCzCy<;)7z)nqF^|BDyNB{-h+*&|dO>-aqVUnC-Zqs&j!*61xp&(+^uiQ-Y;} zC#2N*a;6WTB0JHnxEk?GZ^BKL1=TpN!Tjl8-@M)S)PMTyTYg5QE5}65A6x*>r|Kz< z>KIe{mv_BX(0kw1yyZ4{;5oz*nu~m1mg9@BGRSS`-3xmGZCu-{9OWaEK~M-e$_XaN z#UB8bp@w;;jRsW(y4G2m!sCl{B@cBZMYT{5sR5mi04wg0#f|Q$op$PMYD2KGf3;=5 zphk3s=F#+J^u@a3I1I(1K*RX_xoZ`&lw7jr@eJgYn<^%f9k-Du0-k5U}) z7f(;!bE#cpv>JKfP3wrF$}ZThUae&B+FI} z!gt(DRb*~MmY~P_X}h>!@tY@UU%wUSY1y%^%h?b!^`c-*SxJMEZg9wa-Hd2vpr+w1 zJW{q0ZQsCggNsQdfI9o1rPs^!xuh}rPTg_}jqJdG`Jk)J7IUhhX($L|<@MMz!vpH_ zoxO4JfXW58h(cAENnBW!Tpaxt`08wuHGwMLO7r1+7xJL~4yOq`%*jC*~bzMOK7riJhwaZI&Gsn_%=47F6{FbA_5Mj#t8nEVryON4u(4t}UjXpp1 zf*{)1e%d~)Od&B#ll#3Sh6*14n+Iw2*I3C$Ux9K(o-<3|Nm^9YaEY08nig<^QJQiL zu4b`OW#O+FTYI-UXs;S&G2w+1Cx3e}2R%%DX*Q^r3#|6*Yp2jc+>AjLPF3_3?a!&iu~JH(1S4J`?_T}c6BiA7Rc4Zt7d#a)2Dxxl zjX1r^KP^KzWM(eiiX)~A+GVW1;|gFcPXKdj+hDW;+bP8Pw+B|hMsnA%G%KQc0sX{N zMA>T}E3BPfY2C9hvJb~UY;@tbX*Z0)y=ZmAyXU`X0{XtqBI%xT%2by$j3s>AKzGjC zX?gH$pJwgCotIi_@*ITlf%pj`E9j~reIUF~QLfH5&Z7R$UOiC8%{SP$3Sa5vrdZh987vr#TJVMD(AxF zFuE9PBMA$I-}D4jKM95si1@8S*Fvw4B_RKd#^dD$D%e@N>{3n%Zj_0&n}Tn2ZQsKa zh3%5%W#`{3hi77<)DnPO#%$<`iCO~B1!{ADg}*nsw7Fz1w_szJQ3om}BXsF2ev7m2 zW-@;6Szuyjx3B?!$3}S?MPa$0GmQp%8B95O7K@#A_i>ewelU6S#~IjJtf9Etl@oW_{TSL&Ptr}~B9Nz_42FUmU|ccW(sGS6H1 zm!quwY00{FdZ}CR2N=DjNbb23t~6Utg6>0S_my&^MS`>0A80jgqq$OJZSW2zlm^lm zaLpkj9l5%uVr;HjKoMkS=A;b6`+KN#P}U%N_fbv%=k}`X=6#Ka>PNxIpb7(qB!X3@ z##XdOHZOwiQ0Ro`-HE@8KV@u7GLttJ?qkJOt(I0*o0g_ivaR+GW*<&;!b?avCcaZ5r@V^6y-!vRQn?<4}`~V-=9Fb7a9>8%$|mIkJ*a>1#GxgJnE& zH`>&gdB?!2Fc^BZ1qiX5fQaymCJ80fqyLf!`|GPg2(E-`(c=*T%TlKNDokmNhOb#H zVqW<$G3Lc~^M+Vg4H=vvXLF2~YqGcaAiC@X)itYNp$5EtVag8mz}H;+%*W**tw5%(QmK`QJWVygaNe{&p%F#m&0Kg4K>s zSH6Vk`^gukIb1pas$&*BgV!JnbiQu?8|@WMaHVrYl7!;MKb+Zb-Bx@+0$*=NDoaNk z6%f3u@OODdh9`j=Wn=eYf_BHkh{v9Xd})feew{$eq+1WfS?s+$Oec#rhqqz=K9=<@ zyjP5)nc{ah`Mzsy$<^Z4CyU1|7b@B;=1qU{W|QWCyp2>Hh^nVYl0}`JgG%Pu-OEJ! zU8AaWv2nEHqpvX^MwcNWe`l;4xfULJ+i%OH+bUag(3^vnt9c=uDKyX5fBwiVQvcG1 zsC_UVb+bjg7{!!ZbagY)_RjwGpB>NyZqrOx0|k!$OI&hI5}oR%e&dBd#wUw$cq(K2 znK|4O{>qNxZTK6qpYiNV4wn94yM+H3{LK7VGi4{NbX+|q^#A!kHE59ai@mOQRSj0@Z9HLYromgq*n*_AM}{8 z0~sVOIa7Jy-W&iqy~oA@AzO`X_>q5@<2lbX*#e$@;l$Fse_o%Nli*q6+zF7Wy3hJj#SQ_(PjCudb)G-orCK4d@2 zWmN>(7LQ85kvtJql!j{T?%CyW6ahO!)y-1;nhGceN0kWVt1ydv>?=_p08^=6EPlo! zm)5LlrWy#M1w(z?ii9_zZPyw?xxSi5w;lN*r9%1^HX6@A=0B4z1R8e0tAqc49lX%hShH##IW29Zn&KU!#Zt8&1hV8t>OT5y{o<;xB* zeBvhO$U%8>v3gpxIyjw&jSEfElF*N+NqTZWDblP?8)fCpv9P2;K!D{Hts(aqGn5DN z$&M!uJhl>MTzN=hfgjGTbUu|+JVLb_7$5qC{2ItKGRn8O!YWx3%hV>DpLoDl z@XGa$*`aL;_qC62!~Q{)=P&7!8J@aEXiTfF(qVgH^S3Q_xsJ_=wM6k{6Dkf_P1Z^} zhN3=G#ZJ=VYe{QqIgq`q?Rx8`8aLf95Rb>mngOLhwy?u}EHo*2BVz3r_8(6f*UoGUC0SI)<>2$z~{uHn*AKg*Iay6BH0!yT$jC%S;GL1sE?s?uYip+N+KYlo?}MFbIj#B&g^nF>M?XX-rz0$ z{XJ2_t03Xmcpo~W3gOjmzZ?~fK%il2Js~X161o6SupZ`sy4p4sQJ5Cb7CSsl_h#5c zA7iCgx|HGy@6*~QpBny2noFA6-JBt{z$=d_mD+Tt0IE}<9@u8Od4ZpphD|@IY6@}0 zydf=9mcYJU=W(0XKKjnfaN-{fb1W^Ac4{FqdvtW)BH6GJpd9RKQiU6?bR?8bFt;|H zhz$^y6OZY1v6*jJ>Ao{J(P(Wjux@=n_lZ%-I;aCXlUiM-+i8UZ>qOi%?87yO)%7vL zjOW5595Tp%U~3{#FlmaY7Jmd^*WEP;xy8RCyP(o0nCfIxOq)}}ilPu{58>=z95Azz zxFkS@pCOFsiy~bjAM{cvWlb+cQ{HOG(LTGpiE|4f$ zLpmO1Y#iMf3;`2mK>ZOJBY%xTP3Y+5pOcAGuRXEo6D~En6HA!5hz0T`!ZrO_`(;1C z+^qzE9HezbSUSL+&^FXg*7C>JA6qAGp1G-VI*8zWiYba^ zR)EW2k&nrhRH$)hoIaanX%$Ko?2Zj@UvagLlfcD(S*47~Qm381rh;xG#pI zJ6l*@nJg@B0a{yP4vk%ZJ_VRAcE?#}a5~|_OI1i`JE%pU2J@-PC&o)l@0!1`6t%LY z*cCbYUtqD+$&`{-K`hDR5?_SLm@~(CD5f4NzAoVqYZ1*%ak&$vv}{dQ?dyQ)@v4zo zjrrU_zyY+3Ky8Q~ZXVh{hr`z_;Ua#Qlm+&V9HkZktg^I@h3TI)o(7op!&jB(zh&!L z@`@cIBj$PAEv@HPE{|84REkq?omIN0nEWI?{^4YTgVyJkrFRbx8U8FLLTjc$feEn! zhunoLDx{}HsYWGT_V$amdxU>Ri3kv3s~{Ptvm_Kuc|2pCZg28Q&hIDaO!kOVVv(-t zEw2AJnjj30GTO(ls~I1_whTztYdaX1u96h7Kd{#v0+$uiXs4>#26&>)EK-rjp!EdW= z4Z(1+`)^#zsW(qHV%LE%n|`*kQ7Q8tJ*_w`^(7BVOa;5&g~Y^UDf+x859BwuZW=dX zVJK1)J2dYokt?Y^3A2LAU??~oa@jd79%#LfXEBD7NHoN1n~dyxtmHws=7Q&)vskB>zyq6l5{>JTL@1O27R|%6 zutKkaqSDHyL>_Yc1I1SK?W_6WSv!*dEEQ1uU*+RN!v1 ze1`BgZf@Q3bghPwtvO~J=wi{jBR!Fcc{J^!L&Ad<%0qkJeWqEQ{5r+(TTMd6n_1XI zvtsG`tAu)<=Bt&6>{oHauup*5hcwr$_qxaD>trYorChmVz>ZC>2TmGR;#|_U8R)1? zD*k?js^HvJsR9~1ol^6HqHv4cVTL0lfkewJ$7%4R=;(%gFwG|aseZjNM>6Tppfovv z`PQ91txgLS{D_STKGf0@5tsxDi%`DUb^!NtzD3J+J|+e#C|Gi26+hMy^#tU zxKf8rY4-8KN*yQmZF@pU*ag{#hK*Z2BDB1Fq9@V17;}zdKX(b3p<5icJ`L(kagzWD zeC!8zuQkK+`J}}@x?RMEI0`vB`ZZzD#Zt=ut<1H5Tg0`$dZ?6s)I_%tG_$%g8)P2B z#rwtTRIWUYv)C~GRpF#{pvi%jjR<~0F{RkFk55^}(??NVHR z&R>p)EwhmY`cwE)S5p_Mfa@2O?2K4@#no5k9pxc>(Nw`|i|x_5My@{9t1{Rr69?S@ zboru?B$*Fzu|OZ%tDPPMqZ@j&*KI!n3@~(Um9B|OM#HPDG0cJq&+j!mO60^w?K@X> zbD{XkqvVlq&Yacnw;-JZboVJlFdV@hnaW}vd3PC^Zk;-sCLi?1qM}$25Y#%K1GzkZ zJPC#6K9bNese{EfCo$lxNI9#L6?UtJCr#)lTUZm&1Pv!0fmyl{P2JzNB|*nfY6Gx5 z-o6>T?(rB?a}4T6YRQkC(|02!y3(xq7725Tr0d&AI7sXOUKxuBs z;&!^15##p=KlxB*kl#k;VNd-xh^ZIjc#6Y#4yucCx;iZcas<^SfAX4%Fp?#fPDu8G zD6#`*C^Eis8;Pz3?q@8LxtNvTZi0uYQEbW^6`1$-)wn)dc}ra^sT1mvjFqfG3KaYz zBI$cpFtrz!P?nJHnh}Hdba0*gC`DN~=zu-i%bRAEy_~{5b}G(vt%Bwhjk^C4=;AR= z5k!IsqC;E!&2%}__J_iqgRC$z{p)CsUDWrj`fE@dFtG5CglDq?X)~Znrx%P4>}Qy| zS6lCCWrL;v(0(>Wi7aPMO;4;|sBR5&>=e2<|O9{$UzunP+m*Gi60Im?}(1KWa&8Ocfmq7>rbEML>uZIZ!ZpIZFr%H_WxXA4`%BH@QmiF&Dfd^pMN3-? z{A3pgV1FSyIhG*l^T->)r<~2j5Jmpke;nP+6hbN^a2gu^GSy$jDqq#CNt^>k69gtc z%;Hf)xG_1xeXm-mD)$aNL^nsW_4O1)eCexd_T}}vZ_U8!in_hv`}td8a<=F1XsVO+ zclz_c`}27+f-+`iq-Y?bs60;f8ur{7Ig^BK(7U#pu zBc*IQ2E4nxT6SMofr0%)Td6}^uXp$POKTlROIz$!U0f~u59uBb>NZy^qGgR>;uqA`L!MyOv8-ewr8w&6``N9Rs!x>n zK1>S!X^xB_{P9XAx7SUk%62!rPkH0p!0W6^3{J1hqq9$Ci^uDgkWCI3;7W+4$*X+Y zx}=O>bW0_p$I|rcV^HWEkomikB7Bkl!*lBtJ#=W+j`` zqnN7BLh-jwx5dlYA@h5Qcsi@kj`TewUG}=zP0)XYF2`xbin?w*7x{Co9}KD`p%8K8 zGZ+W#&px}t1dGu!7<{pyogv+HReSX-gfAOrH7cL&1{D``|Ktgg%FqZ{C{{-8rb6WD z@LN0pq5Wjn8mwa9K3L0DkHLQeV=k$L@0^#CO+(>9dProlo-aHqJ2aipHd+@N6Dt`` zteV}MN-ctuY2;l*V@CRy6T2_?BEXUvn?Y?)2Z#;zs z0X+yz-OHp##G;)$=8zSz6|B^Aku~5Qzzu_+I70~bZyv_&fwSF9ie#{TbB2^iinikk zf)P!;(#6lXBTv0bN7hJME*U`eHZ$_`K^Oz~d^09jgx&i4iJK8b3FA9blNA9D8Grle z3F>M<-f_Wb@3ZkJ^ILKMWj-rfIA9bF-A=K_b6$9Tidse6-o&KCL0NA6at^PQkt2NqRwz)00J%zwO;TjlM-7pdj5rP-0Q`OxD`SOqYv_-L!r)4kkD zw!yMGF%$7{5Z@zcpl33tdrHu*+}j>FVI<7~E7^F4NN^%kSln>}kX4;{J|*7lQl^?Y+tqt#TUry? zD3(RxNMyI6y7ZI8*B47@%zubKxRIcWANJi%?oomwis3d9bGvx0L;a~nNS!u*M2MwI z-6#pn#N}fS2&vi^t1E#USItebG+tF1q{AY1b2|3bvNi)D=cQKSeqeVho;r%Nt0!lj zvCd!Q1T#B0;_K`9j^L75q=gb-c=2}YTRJ}3Exmg>dwq_74CDJ}1aI@Oe9%GZgbrbY zN$?t=Uqo&a3Lu1s6109zSd--p6^JADsRZw@cCumhO@EFKn7rgIUn3ebe{7nrd^@ps z8zeBEN2yDGp6YGsFUQ=!8sgNCCQ2XSL(Iz#torgyv50N_XOb!etKPBK-DSQ{x0ql0 zXKKr{Q#HX0XY$hW-sieyG@$w9b~oZa4?G|%AHjS-m8y;S=Ru_9%xcpeie4HLalX%z zAsf^jwy(4HHDn9t>m%>kuGbo0lz7P_(XPh9)@SnJ*cgPNer9%z zSr6$$`deGJDor(0iKl=ii~Q(LzRCRfx(h4J{9BK+%_lYHPs6G17d!3%bIktm>Q3+` zqIGar?55OPj5!Q6gXm=MfFqNi8CE1PJtUI7De!-cluewuvNjrI@yVVo*-diXnE`Ft z&p+{Oc)d+2$d;IWY^@UD^G#X2VTY#~?5*BGcHE$p#}i04!Vb)dqxn%2zUxa_JgDns zH&7dD(NjeKWSgm`m9z{|3k-BO`N{l>GL=*Vz3NDbTMYVAQUzN|Sp+3D@@0(Aa81l% zPT#65+tlC<>&2y=_5S1LP^ZiNZ2~^L}0NZRWMy}$F?0Rn6Pqa!f%^`y26FH)vsG7Bu zk=8&U^HnwL@B7(K^1#I)Bae zJw*X(=T2$9UAh4I>$Vuw?(4yl{yu(qNW{wG5hwNJF823c3`mk==@ws+JvneF*|lzk z4VSW|H+uCT%d0SsJ>nU19ja-&xnZ%n4^JWJif;O6;~vN@BBxcFBM_Hx)qC9XjHvZ^ z0IQn)h>DmkUm#Ei+@h(V4}@|bc#;uHKFjYm8^yJGN;Pg@8hEL~5oUuM2*khr zg=SgETvk$uTRC+-s4L}}+D>@T=zN?~AE~k)!j#1xnTC-g54|L>j0>5^G?svY>@cmt zx)IKHl2Lx-TCk98Z<9J30*6Wlh0=Joe=YtDd7DX0QRPkFg?Z)p1QBAmn53Zy{wBS| z31;-E<`_%=G9XpmYr>d%XE$bwYuPKA*%^$;N)@_;XVM#tv&aXx|JF0pNRJ_ypt2ST z0P-V+HeFcYtTi-yYlavsFBoty= zOGTvS@@sUG)UQ1QK~PKLjJ*-3JwiyL(Xpgs8VdVP+}H_?N=LX=mlYPS{;y|4(1#Xi8q=!MaVz*s zjtC2f-0;#Vhz-_xUNSWNVWvEEn|C{c(s_k8@_xR6_Pa6nnZNd=A5@0C5^2Hx_w3}! zF&Iz>M-tam!*zh}=>r=Ils;c7BATowsHx^nxmu+#GCw(PXgApWm9729xyon%`sEML zZr@FdTy$gxX<#pg^01Y%SUC$Y`XkbQ2ax&2i(&89Vn(rCfd_$YLQ+5M6q zfWqxs$;}m8d!?2f7YT!J&++4@8@4?%G-SL0G=Pp!uxsRl%4huuqOXTven<*>TNY$9 zKT*-|+k=?YHlqx| zP~2W=WoMMh;*BoZP$qxuc({mMLuE=0gh&f3`s^vwWf?l{C??BHL&SyZJI1*T(y8Gh zcc}M5Bxlj8dmkyfSGjRW=pht&61zFZ+vxVt8*wOda8vp2h_Xve$%#>`pbv-l$dh}7 z$@S=tgTcOb6^@a11x!WXZ|zJk`;36oHl-}4ObCIeDPF;QqC%aFJzec=_tD!sQX%4Y zR)4qus4rHl9nLdm!FwnE8C$=*HY`(jP)Dm^K9at1QBRi|0( zzXQJoar{V?(z)~iU!p~Zd^>0e%;O#4rHnXv3M<#H#+qbLrb4|3N|him^o6%XR{3hQ zPk|HH10sz-OX707tNvJQA!B%-c~UPPiCJ+-3J-TMQ=y8Hi6*gB1Q|tg4HuetUmmm| zi7?zAGYpC=!!$qAtcxUUNr+&EoHpBfqtomsWtnu43{4AG)n6W|$`rjA1{@L}?H%w6 zMpZr1<1m^TYR5)OK`o&H;r7}*{)U}hwU}Il|AG8U4Dc%T6UQ!Jz@Ot^eh#TrrcX`_ zErj@^nIxeJxdQlHWJlrVtSu#(PL0$un(-DMY;y(q+JDP}=Nh_gKfu=K6HCS{RV@cq z4j7xpQ)vD-#!7{2!>Dn7BI;)-Np!$Bau$HS3K=PeqrnEX<+Pgl&2JB!-7gXW$~WQX zzuN$3kCtSPg8mT``%gax=0hSBNf8N0m#0Am>MJXEooN#$zEt|ySCJBJyO^}D*!6s5 zv3b3O^Bynq40NvCO-gOCpE$M!Z1PwMU=R-pdG1IK^rS2;T1B(nS~miIpmVEXkVtWu zVG_q27&aCoo%2fKhas>N=UpWK?bz)tCXTG<0F+oX=;n`rZ;M{m*6@Pr^u35;C3E+;vDVPc&cs4L8$oum%AK0)K zCYf!~KNYWRv{tiZzCAI<-V-xCLs_n2yHkRL53y_8tzEvqkXKV6%^0Fo*iFR>0 zOM5UW&@z&a1=XzmOq+=!GRplvdDFPc&6Rq_x`lQCI?q!5;JA1;dpRaTF04qh z^KWMijWkfIV4XVjb0{5^kg6b0HAIuy9oS!*=DfU4^j*|2_aj;&^{2fg1zv0h0X`3+ zKb?YM{-h>LPFIY_H_(w9e=zPCb+5D9^q}e6DptEf{9Va=EbClJ*wsol{3+|7@vPxn z+UI9oNRLTDpW1}~ z1#`NbW#u2nDP2LpfKuDm<3Yjup4T-q;O&ONA5Nf4M;m}+(7wB~ugi_NdQtbC*WJoK zKET-FmMPGjJvGW4;Ef>_l8{j?xCCo6@a*1l--p_hkMHpcrzXK8R``+Y&5F5Qx7ErC zoU>ZWmZ3`C*X^T^hUNUYc~h{tWckE!f@l-s1;E;P6tU#&d}qjUy4+Tt@0zvr$INK$ zxFy7S9^Oh+K-Zf&+kX)>x;aC<>Zvoa?$PZEW(HvI!1C5LWA?0t8_$~Hs&$5(9_-&3 z+YT5f%<4X*Y5Rz%;4NNE{%71JpltqXzsaoKV{}c%BQO2)r$@pvSeNdGqqFT(vgIjv z&bTOEKaVZ3dLe5KaTbuU+Upj|8O$ZaqhO?8nXQwOS{IS!bt3KIGQTwd>CB8dp=&oB zQ!sn;#QZplH+DXI6Wu(!{{rz;kn(eLn7Qy)RFYWm!=OP2wJ6Qe|1SS0Nt}9rKkh zV&(wN6h2J><8pHfR>2;oyl+IDW690~mqg~Wz|VOaLs(mFMxsJ#qgSW)n0y*l$u-0n(+Oy*6WtwxKd=L?a}(S}{rF?nY7 z!#(DuTCEQ{!Ia?53+%r1=G~?8Mmvo*OgYt64RR`KKLv6L^BlXn%ZEKLEgBU{-1qO_ zgOYNzKoBHP(u_~+j{^?kulP5p!tRABIu=R!NOz%`TXDizVC zUztgt%tJQzSd5BF|VF&VAREQ{TpO@ ztQPR?VB_P#F(9L$gqEItLJ3pRGhh4 zj2ODQa(nz@XG)R8weD2zH_(D#e|Vc8D^evMVP6etEdt`}D@Cl4OdVu^KCKvTTih+Ho;{=@dR zO4gKq&#`1Q(=pl>p=|M?jP_g5db}#2^Ad#Y&oXi-R1^o$;%;>5(17=<>q-a*c1aM& zMJZ9t|16i?Z?)D$#$b-k?s^)Jm0CmKLl%sJo_s2b_Ta;NEEfQ;P47>)C!RUyS8_7! zCH)%>Zuu!`XGvW{wi{cp8zCmFT819I{ysvGO&s-reKcn4df(avlKRTn`uY9z=;l0% z?2uq=!3{Y)-tXWCyobo!ykTzr6w-p{`F&*ICw5ZWT>^gUWNr9QNllFZwNwU3)0eq1 z1gL`c;8Jnjzu5tB1fw>Tq7Lnl>N`dcj^=Gy{D+d@=kfnMBwli#d*MW18=FJZ)$Re3 zbESMx({3vu`3>rG+BoRc-bXUBVw-{y3$o#r!Ynf^lz^dXT!gR2GYtmohn})|Mv$)!) z#h@}?e%0U87G#zwYj^{^5eH@=6|yDLqa& zeMrJ&EeSl0O9?j6$C;Hr=TX!L^A9+e%{9UxbD$MtC<-Z%BSJ1C!*K7)^5Z9dd*qY` zeSNt`=|BTTkv7j5(8rEvpN!r&joXDI8W5a}2sIsNYHv&jPy$6}KUix}hJxRT?rt!V zVm0U9n`sCCO=xPX2<9*hxCKA*M_r2ClUBpohJEfO{Yc(5h3e7mMFvQB(A8&T@?;FGjr1!)-JNo z_)u-KX5>g)&WW(K)jDC@l|s^u?dUKBaml!qFcJ{?h+&vSkYUPL)sSPu#L^{SzWlgg zl`~Wzn0ls4|N5#qba@pmkR27Ry-$52+r+;|?)3{Tx(!v8tVff)j7JevvTbKnfjNs7 zG7_z8yQM|TY#eqX>Wj*_Vd(f51{m|H%5D3Q5lVsrQ;Wn=l;*I|U0Te`%D@eLpun=d zM#HUEDzWiLpPQy}V}I)8D&)K51Rx z7qeS0>Nzml5OoibPn-X)h=_2?#kr!{VL>zdkA+oiQI;0JL6I3sc$GWtq{fVJ-a2)cT5XEO)LY~K zOPGV&mT?Yh_GUUTLxAS`F@4go7=-Ee$^7$<>H&2-AiM*Zl_mbwd~?=P&7H!3lE2@7 zooPC>r8I0&=7@{(i{Zop+6|2QD*Ij$zx+3_q=cy{P=CZ=zE%x&P*Li2ZKIh=XyV_r z7P?aqEC4^Y>P}Hpc&=gzJVFL>*>3>!?w+)2%8NfgvrGiM_J#5!j^l8qr%xvZaA(wm z{KM|SAsTa*>n_+&C=(@3329-zNi`o|OPphc%qqyeP$(v$~Lc2?Jn*es( zy4mB%PDgt>Q|^7h39}EWogt?#=IJyN0Qv)4GTTUwO;a)vSR7vuuc@t4tDCHx?Zm%K zq^&J`yQ?$_%~A-C7Q}cXdl;FlRw|J5T(U2(5NTjn1D%-`K)SAp4V39J1H}oZr{3Z1 zR8mmP)dcl>%vMi)1$XF21K{G`TLOUe+x##0oMy5}oLmuzJM0f_D|sK70QTX@3R4e6 zWnA^&|2OuWeohJ_wiv=_#!$Z11;Q2ZOfiW-BZ0g4D{X-#F~jJ>2I2pvp6iMHH|jb4 ze^JkQi2py-^XZfS7xjEsDNOl)SI@gG{yX*DZxi9aSI;NJ|4-_C`?o0H-4ClJ*QT<`^sYbjEKE zcinc^s2{aP?1QRd){&Ojifq99Zxf~>@cSqknR5XuGf~yvUidJmQ@yW(6&dnR(d}`^ z$EaP zUjnSV%A)luf=Vf&Xa;67VT7hPL!|V<<;X)%`UIy%BvFc-C{zz8s2;~CV!spq%Eo`# zBHM>%%}3C;EXS2yLMIz4`(A5jrkY%|LL)!T1fuX6#YCqDjrnuH_JoSMeI}``jlx@K z)GG%jl{98wx|@`=R3EIQ$lAvy%e^Gs!ez8)ewoMVkn2DjxZs$n--^U39zLtDmBKBY z%Ge)@Ic0SqdSPv@;dePsGNz7eE{Rtlc6(gBrRJo%CMQ4_ z&E3$exh{y^UD=xr;YXKc8UB*0!yq@8RNIpmU+eM#!$tkZ1U^|hyk0DKKCs>nDI12l zG3;{l)=|*%O(nvJF@dvA9GBfqq>6v@1Pv2}h*Wbk5g^t{*$J$_qfGySTzmPyfL9Ve zHY)HqL&YHpl0wCDkRpq#)X9FbtWsCtdBJ(jiCBi^*Qidr!l`a(r;D^X(GCFmlzR+& z64NG#r2vTj+3gcKS?If*CT5fkd)VmBl1Mqjx>XEs%ImWSV0EXG2vCFqrD*V#lhP}4 zu?sXzq#nfXQsR{U;R?)(uSG#s(bg+AjaNu9X|Qszwgtk44jkcMlRHE6jS) z9Y$9{MJEQAJ0o)$eGCE=#7AQ{$0@?Wv2QY`>}`tNAJTsw?rxT4WgA97$Bh$iwQ86C z5-(~@RQNTrz@LUMddPuC-ng(o(bVL?u_LPT&vf8Rg?w(&K&_$U78O3a^%Hv=kv2X$ zUy-gBBoywXNo_;&|A=yUt>``@M&a~TLSQ$JS3*+YiJG*FJ-6zQR~gaPnI!9#e2#HC z^>ju!4v&h2%cS35=_V0O3OyrZ;E1bEWUy&AE23#tM*YEVk#G%O-YfRU+ia&QWcH(i z&MDBWwXvH?kl8n}ldV!PPZcyH5cm;Y6OT2bhYIN?R~*wY{J-Qs7DZWq7Y3FB>z+%v zwU%#MG5kcf>Rk16<}V~qVpOI7X{Lt95dHE=COUc)sh(H6awBuwlP-4K_dDWB z;lFc3YTV{e@ak4313Hq6c703wdXb;+dZaJI+ecfc#pZo)KYlxZ+xhh&X_NkD%q?k%a*>NyBUt}!pOZ1 zUOJxn8C)}E@E`~~@V7Q1AuMMyCd+j9Rd8boOur)?kmy~B^vJEjzivuK(6qj$5@NL@ zQcaBT>d#qZNqFB0>UsZZWZ^WKjk{JQGZ=o-90tAZsz?hA{Yg1ziFw`Pr8pBSxe4Qn zGq!jf2w_sczd)-0`ceArK9KWr?}a6Lnq7e(FYw`W;q`8h&9-#>Fq>Oss&TP*0wAO$~VwET%RoQbM1YHa6fXTZ_mj+Z^OzduhF8 zxH@_vk`zvg%m-TH7vS)jl{%>~OG5k$Smi>E#`bETXk6E)!4c+LL|^>+(1z^+wC9+8 zNjh$8oOSPS%X68bx+{#ePa2cuQ38rHR7%IM@D-3QW4NV_Fu}OucsQD)cqL)?X#)wJ zIjNC=4&5@Ox(`}E-=tVp@f7hqG6go@%{S?}tod5;c6~wx!s)J1lm6GYJJ6hPqGM_M zQ8c1hY~q_xSlsl&X9s?VxH0L6@*T#68lkN>hgb4i=*MF*p^8-CS)JLk%wy_yptV!) z7n^f`6HMCl!k$EvT4Wj&xDTV>6GdlntfNt}5uKF!2+Tf``~FAZ-Tf{s z;q3L@DZ)B~MS`Eml`%I&vb(}h^*A}6!uLfV=)_(3ZiM82&n67o_H)^`kg{CKNCbOw z?@{w5>4dU*p9`kQCEHvts@fyNdeTSvf5q1tS&ZTclpK{PXIz*z4kRm#a&>I7nuFo-pGd(=sjopdG_teMMo8uFL| zUtBC$3YT|R4r^$xZ0i>Vi$z8{JVp5fnaD*dckH=+SF-7t3lcK&hQ^G`%WnL}%9hI z5pp1Os0KiL$U=%CEDdNVtPFOW7PEq`&g)KtdNUwbEP2R;6|72ftKV_K@>C=ul9!x3 zbhJETm!>qJ**-EDN*Se%5J_byCT}^5mr%$o_}$4TF_q%U zmzGoNILJscP)B6>L+E&7p+jSo;0brcyGO_yula1QULB9g8!@MG%(7{b&i-QMm{%!d z0n-Ov-#X^Vck(%laURIH`&mj^RAxgrEFzsHU$)-RyE{})kPY{98dbR6Ku!`GDK;z8 zyqM9-s8>9j3T%knbCN(6&(df#Ot}@$lqOoF_e?#wFSo?BhzwIvcNF@DLX?1OCjLQP5wNum{PQ53{5Fb(vL$_gd~d} z&3ObNPFl!(%UK@N#d)J~xn8iVi3+L9!J0C1#~~w=WGsjDwCRda`!bYhsvAR)lH7_s zp3y`g2zqGi4j5X2u%{En(EF@L>IaMb)E&9Ok0(56_iuOmPFF? z6=`N3md{hh&{>1IbeYPAfOs{0y=2M|&dTNw(j*Z)&LLmg4y(#jJP7Yms;%9wew>UN zi7Jn}?Fr!i*d~CefnZK~x}ZjKcLdQkc}oKt2i%&16OqAQG`;N0i6Un*Da+t68$(~e z(`}P$u(~hJp!J;{2U{!OF+hZN zzAK|d=5yxtq#1#r!)T?W@e-CsEBl-_s=Y~>tZvGJt2Kh=>11p{Csz+0#%yIU@yvzYvHNQ zwF6s$@^H<-RaOd<&*?o=$sAHIX8eQZhvlS~E(B4s{aLbzJ$&XianRAEc%vew?1)W# z+0?(m%&ErES!4Lub`qEKJN^O_M3CzDrWa^1Js^HzCg5{Bi#96%{aD`80#u^&M&pl= z$h9GnUn(53N%$v*L+%p*sRQpEw-dew{t3a6oFA!%wZV|?3d)n+V|qIUQkvjP)mw*C zev-(U&FM}ur>;Qn%baiMJxy~IkMZEG6Fv>|yAYBGDK2Qb#VW*wMz(>=9S<*PNMrp` z#>kLn*xWu@q~zeDGwkmyoBC_tS2#7jzld~dp7vXcr#Oi%@~LX{Bm%1QhFl@DJgR)_ zRRMKP=ba@~?En9Pi0bUEFCwFw=RLWQO5^ZYq%K=AV(TuZ=I7|Z_`}`ryZiACu5(#c zuQ}(=l5)|Ki%3h0ZYhzJ#6<+6#5%i&t$uFo74D@Vr`Z*8z$5NOnbuk|B5lS{jkJ%& z$ot(n1;%Uq3FJ`y3lBd+{*f}ahF8{Ke3`oX)(G{^U0QNt*s7fZFcKiVN@+}0W@<)L zCjlQ9vcSo1W3}dv>fHy)Aif@OGiNDC!%dPDX;x4L*kH_wFTVShNbOBMNUb5p>`bY- zfkSPi?QKnu7rN2&k}c=e;9>VkFUaBP5xL{DB4y+o{m8D)&m;@FYLdBzFXVBS^SsD? zasf0z*}CkxZb86RRWFT}@d6mcmavF5$K~_vGVSD&7zFQ_q?eCG1duU?ntHB zjf&V*QK2>n5tY3KgMEth~xblzw@0*fn|uQDFch|DR%`tJqF1uBvT_kjXF8u(24IlLU^jTCv-4$r?xrmOKK zV4$|nj+j9>ytwm29#x?j#dWEL(K9M-UHa>W)YmOE;O9@CleS64e2RRv+H^G~Rj2)JOknfhpX)EvuW)hRXe>6B;FN8e5>J~U^@mpm+JL>4q;4)*DERikP&5n&eQ5VOb!?{vmeDy05=%VmX3-|;M3 zKOY`6#r6P67s)H9hWiUKTRpP)2(D%#=je(vjOCCXxwleHwkUECIVEHwrA$$noFX&V zh{Fz-fmnDcxd6~RTvY>OC3i+@OhEnLcaoc({Gtx^cFakiuH_ z2h~W3#)ODgUw>;V4uKt<@&%JTgN-XT>VB$U)kItrLF=wkMM|e*3?|pxCkDB%f&e5!80OoC^=FH$VPbF}gBeQs2W~Uw zc?H~(KK=?}WI%110#I3~i|onY7Br?a@Gn^+G&RJqF-$8O^0J91K{P&Wx65gNpjpjX zdVWMYh~qrQMc14oBUG8=z9NCZIy}ynTFdYiInf}650iJtg2myso$fxHFQ(u*vd{9X zi@8-O5&AjB{f~wxFl5S+RgSCyny>C>`_!6A;`=NR0xw{Ei8`56=tM)6TT7o;X)X2d zQKb%!L4kx&oASvrh-11MjmwLGbJ;qs^(-|OBogtArTbqJ)ooLQnWL9)#W*v$ip<~@ zq5@;};nzoGgtn{;5z3wZZZ1d%Y7UubW7S{+kxXQy?$awa<5}dOnraa<0~0bpg<{7k zj_kxQt1mJf(cI8>#AZnXtCYAZU5dU8Rl+*jECo46nwq)-M)vhkpepDO@@)hDfNpDR;rBY`1FB&$^jQ{*do>x8fh-QEkpM$W>V;Fbp zXO*`bjZtrWy93sFjmWHHwRCNy9pTQ;8;zb(IINARv=R67Pd2Odr+Ey;j*WFY@}^@U zx%FG!s_9smXRV@J-9(;sDMn#Ty;8HJ)Pl$*M)xxaRqkxSW@@nGkxfgMwS43n1rNqM`$jRYBC?atHiuNoOnWrir9t1^{P{L#O zF(@)gA5d^^hfw25*JOH0lmX4H8odV@)jD2~L+E>imw>^3Q>buIN1FwCDx`E9S*6l9 z+}L~1oNc`?5b%R!G*YP&ah6M*ie#F$r;4(Z>JNib(&5i#=3i2=)SfMYKPF3{Y1laIW6)zt4wfkpCCK{Q6R z;sKik!&VNN911GLx*qn4XleUV$+foX&h6x8+_~y+IEngdx3Cx19-Ti3=X-HiJ(}mH z9Q@3_Ex8qI%9@*U=H$@9N5VSq^5dg&m3UDBxRlD0U$~Ly8H?_kj!>NY`V@Mnv2G!1 zpjfsdp(~Vo*VLBh%5RTC0ATxO)jHX!%9MXKxltG&PR%76ekd~ITu5ikR{ZcM0WX){ zGsMA?H%6h&VmN4}syx$QOqnEKW&;V^>k0vHIEVJ$l3fqWedSwrs>1p>Djv(GD!yE4 z?*>>4PpgMD1)xdRh1&(mgS(zvfGQ=OASY)hrzcJY7%R-9K_g`-1$%h@J4OFHLw&kL z;8SuBcg?#wOPRJl^H`OS0bvD#Ah>31rcN1OV7XwmqOHW!m1G=wFe{TQWeMdevK(Lp z3n$1Mydq6qISERJfDA3A?In$5OK1YMwY9;he(uQ7Q2p0jF=J8GBtI9NxSzn!2fnHw^Uy<+S|0bPrlMFiD&Mp4h8D5f`PXAqJ*l2VzR|hbN zMYhPQhNUnXSf)TNs1It90;omSG>|U&95Q=R+ws_@Q+HSn_#o1d94JTj0mAIFk93hp z8Xx3!na-fZf(wjBP9-sFp_XzBcXj|%uODbPz#GKoHYhgcQZ}dV+$7<6C?V(M!2A2a zM2$PpAqVF71FdAMtHH<72_jHl4lN>3`}D{J6Km{{1N^0Z&}j6Bm;Fz74CiiLejMf$ zkvL5Tw(l%Php%59YJZf+U0uD}uIh0Q0F&P60w!li%2#0BOS*OwPQ;0X06~`Lg)SYi z6wwk3D8w!TqpH*H#GGijTsgo4U6p}Gy;4lRrKZduYnN&6aVYxa!bj_fP{(7oM=hvb zyyKN^AqCDE%3rY{S;2GfinM{pJkvSb8q2-_f$>ljy-N*18pb>4FvAXyXnBGNm?wI8Ewf`wLDj()g^(M(r&FGt_6drlip z@b$1ak*D}s`x!vXVWx+TOxtG10(+TzHa!SL8^Yv)i&JeBIQ#nRn&@ZGEZ_+@7_)<& z?TE?TFam*6t2MN$qu!GW3rv3OJw+@!E~Xo6bnyW1Dq69%n3tHwC-P zRggOIiiDz==3belHNj3i<~axD-qe2A*$hQiN{rYL)?|tb$*yA z#=W+{S?m-zyD@jDDjjx!sl#%OC+)MTBtXa_hViY#-aGPRuXEKIUhXHFZ<4ypC8Rz@ z@K&-cY_TsAFCD$)W_jP~RX*8aRCt{k;bf2jsXL-%y6Q}F_~e{G0`M7dfmV3k4F7rZ?fM(-|Z@v$Nn7ZWN2yKk-0FD zAW{}wwn!qHuC!71s7V$gl?sYvQ6Ur%Rbou3sHL#JQKrL^rQU*eI&LH>zVUY9sL!1O!hZ3<)Atp8I48GhbqO#E%Dcvq=-FW4qc!OA$St!nA? za&Wd!PgI=QTAxyrP$lt#qfwcYsEv21yQP4i##)*67^}kHJse{U-&f+X*JZ_SqNFV5`NhS|G|AnR42EkKQU4Emvn)jmZ z8*r)4X+~H~fjW^0fFV0!f>>!iS445&M#dLBqN(P5y<4&nAq0`^6F1G2QRGs}6RIpv z3*t}9@`o1z!O9@mPVKnR84BdIa||RhxcFUF`o^tq)-uvfOY7ft6>@A$lzZ{(0{zbI zNf%P+`yi%h2F#j{^c03E%b><$&LWn~MXXaKmBVyFd1RZFyj=1s7Axjf_eU;+VY?>R z22g<%WRbHsHc|mtq^d6Gmy@GYc}P4_#}p&cOio21W0EGc(w(VoYETtZ2G9jqt|KhmEJ<6%3O59hBW1Zz(UN7t{M(LX zX^}&IRPl)b=PEl{+|XtotKwu_?#2b+InI<10kknwL!)=AaH{x{k?&p{KmYo;*CmI_ zhv(DGn$9vET%rphm~^%boug#}!?st6G^tc`#nN~$zyu;&VMtSXQfDV8XU8wTg=u-_ zi0x0TdF_hR>*#j-5(57vV0hXQ6lgi*{Aj}#EWL(1nQan=Y{V zq|>YvkTZdMJarSotJPo>c&dAIpvR%Mtlh;xU7r{f4l%PjQez_zRaRTOaL9I6l_l@o zh(w#*RI)JY=C-gLjVs0pfFZz2b9#{a8gtqPR|%Jc>1{2Yt;7NOj1BkD;dG_$Z#PC7 zk1>`Gk^@+x)E3YqhjJAM6Jt3W;ZhHdGy>lg-iMY(Hopi{USh#e#!z*F%v%9p1h?2& z<;P+zS>;5MN{$m{PNQhsHbB#cjS^pD?tJWh;G(L5H^-}zT3L(=HNWvJ(ry6eC(Nbk zn)p?{cDgs$;~&W1ZaebR$6A&BFE)gM8mo(SU3&Gt?u@6` z4gah}cB-@B2ZKJ^g5=rykaBJWc|AS5JPnEkW^ZIpkRnu4ZIUUo?n$Ya(jv;W2Ur8d zxYhaYc0%29JRF*S4(H*Shmw=B08r{oZnds4XY4f@lcckYt#{Zr)%JqHQx+K*9Tw+v zmP3{q26db_8V8Oc`L2jVx&RZg3KD8MFR>|KonOPSY1gNZDCQ%l3byR%puO2VJlt*$ zFI&Lt4A&d%)EB+0SN+>Tle`>vhTUG1^lv&>KVZ!SN_*E}^>5hL?<>hpTCPC>Te_+v4YPNAc&;G2xb%X#2Nzo#M z7keUQ9>w}Gf)r?~0-Dhy;^dL6&mJhp6@gi*7ED6-*f+LlODg^ztm<}n*&CDLHR<-p z-P^(BMzWR(=}(~X^_X;qKalH}q<=FZqw)2tac4j-dvAMJ*Q4HeLazFqi>n@aX&c_W zmVaJdUBBxOUo}bZZEr~WFG+v+@_IbzU8*MiF&SM?CVdnMAZ_dFdNLu`FPrkAmz_c9 zRgc_UH_2t^rUUs}{b3hO)Sas)>HWPo7+rP7Kgh=Y;bni^>)xnd6Bt3yNIT?6_j)+# z{q43lyy;}z44$k{9)(7 z6C1aK!v2)acpNJe*u(~jD-qTBWkxLJ0QtprAwlnxAmEUO&k^J)c6$?9|#CuYX$6FLKYA&`JxoSZaI zPEH6bQlZuOPnB~{&mJY?IP#6Zhufs%V5Ta)QHPb~V#XBOGvvT=Bn=RSPm7#ENO4w7 zrBBLE)BenY@V*<=0<*+&=ix{&0G`erMp7_D&B{36_T$qW5{01m2hx; zmWna2;dHQp{rEz3a%kRU#8s~#epcMw!4+N#r}Jx;pe%~6lPOBmd&EKcW2u1dPHZr? z>>Sla>ZwwtSU>8DNC{rZuvQc6-E=N2$bI$Vqv~_Ns=@N>(aUO=#LpXzr^GRP3am0i zh{JWcVt(A%T6+O_?#>B6+J3vqN%Ny}+QnwrGAkP%@>s{(%QJSg7g$+;+|%L5o9v#| z`af$x7ToAML@`xHUknn!@DWTGGek7mD}LR1h;04#JIDYATo!9G_8UUacX!lMh z$eZN!yKhgFqX&NN1o^>HlPG{@H614j4K!CR!^ro7>2ys;NGrLVQU;pEbY-KRxA?d) z1;sqBl(Dxn5%hYT9n~~fAYBR`YI7&V)Z6;y&%Vb0y@Ja^n!p8KTtSm_hIuh*2N)`Os10Xy|s$V0S4k9v{Y7 zV}vf@YceNa^Bh42Y9pmolP00$;1cii1F~Q=#@ucyw;-@nWKTku00E#WD@fV`4BBm2 zwXo>~Chctn0mRK5TF_icUo>{DYTos>1@STh#DBq(nM0l1$L zSIO7SdJX09^vKsz4%HcV@|Jn5LY^ScAP!bw;5|G$BBy6B{<}$5`wV(bttPW6Q;-Zr zE?+BTxoPRxMAS6vUc{a-z>iD{-G-s6BIzAUp%P*4%T1x;i&i+Lt(Yz)9~0^ExYxNH z^xBK?Pfzu8a&mI=&5IZC@5#wY>EE*#FV0T?bo%VYv#(!#b9Vad=Yj|K(TapDiNtEB`I+K5Bu}Y{JkP{k z{(xDH4#+-a3+yteGjEtH&*ZJkOql2{V=SMwPugD-{*r$@Qy~6R;C9Q?@7gDA$*xqQ zu{^OaA!rd2W^yRhg7%Xg9@Hcd_-nXT!DfjgSSg>WT1i)z zoe{#^!;6@uqDZo)8VJp8Ih_JxiP2-7avmlSSt04d4l-bxfrz2B2WXl&z4n>vtko3}}$@hgN%s&U@JIHcz1S8~a+ zAmxC(Q`exjQ{z|CTK@yXZuq{ohZ^=L9>gskB(30XCifR>CCi`cru|b_?L-x;$s@I& z)g|$hKU^fX3};`3d(+5nrIC`Tm`S2n3fs8G~Du`6;R12Hx777*#}DA za`wQkhrPOKEg!b8u`~)iw=@jR5|+}~s%kcAr=JRuMJQoXgtRHjCgZLQv=VdAq9v_P(OH+B<;#hF!oRj}G zd^veP>5bp^#{b?R4m-dFjTz{oBN6dnbxy{TkHrl$m2O0{Y`Auvtyb%k>E`USFGe@{ z%+E_DcU4b8C7(}xF+!=wejZxYFYPI)Rc3=6~BG;&MOT`ACuCG{({!P(|t19b)4rde7%(Rp& z+HS+Bge>kuo|0Cw?Uu{DYi?67#p5?MvD|G_D|dTtZ>P`xrj{tXz{*=>AVPk(($Q=o zOVMo&KBr8P2lM`E6xE6IhoiRuJ45doQRQ725f3p-A-PW@?7qbS17;Cfgve2!LuJf) zELe=q*XZy|84ZsgSw( zb19bAX1nI$w}@|NukdXrJ7+xz$3FMCZ2b*t-2 zOZZpi_TNqMB8qFQZvn9{*{4b)I}1tMXzFg}-w{n+fv}#Yo=-xxOtx|P5Q(sUd&>)nICTd>Z>s9l4Q5r$7;sd8~fEC3HP zdC4O-WI3QbNYQ_!uqJx(jK>U}nr~Uk?^gcIl{0LM4-+N{P-8S)fPl7yv33tXz!}`e zypDX5eue((Sf$3xuYX#sTFS%zlcMH=#rb)o@!!atMGKuqZ<~=;D=E^M{5OwOe6!NV zNXixh%JHb$h~F1emc}e+P$M-FF(l~Km1M$~1mRKez)a;2z$4pO0jJ1C7SKqg(V@fI z=Bn7q6DSc{C`fBLBSKz_l>Z_ie`h2@Afp_MrR4DSsB_eo>%A|gEXX6hL zRf+V{T`ei0DP6E!!PeNFswHR>)s6DA+*ft4);>q1?cbj}^{cNW5p^kHv|m9PREC#~s+j!!ILtIHhIbjEVa7b~t%?LHS|!I&z=;ozbnm=(mZO06X-vYe%e zdKtRepY{RjyClU}$V6nh%AHVA4cZVOf}lv-usrbAYGCQ=x{&Mt<0n2{v}}E>R+1$@ z+4m>k#FYPX93=OW-OF!}Aens1Sd1)yn>}vX9>2q2f(oHbDPRo>P@UIG6tEjrMJ$J^ zj(6FAe~_xHvo|RTQ1z}3ZBWY%xDmu_#tiD-#(65DvSH|0-U_C6nxwMldAEyhlONQ? zb)*V>wQeeoe%i%Q2}p8G?`Xi}>R#%kS^ul1Ax|I@49QGrrg)_jpda%jVW@PQ>9Do4 zk(zjS-Apb1=Xph2hG1T#)ADr6a%zN*$|LFoj^sIQ@hJ^pUs-uVu0q~_JYqA}lWY*q z(>b}LQN}=^py72Kt;Ry+^4iN*S%RJm2pcUj;4viVn}KcI4WO{nV7|s8#WQmH>H>m# zwhXdUFq{arw!5^X=Y`d{FuF8=$f*O~N&*EhY% z(?o%9j{iP+cJksyIsRKV|0DkU3;g`!`1n81$yel1rOt$8Ky#LI8fBy<4K&9iS>{j+DzNB?oy{f{Hk70C+Ibd^HrfTy0FoPOOpJ30N1bfQR?UmY{>=Z0-( zsN2b-3%5F>I3-;D`mL`f9n!fR+2XB!CW;lktkTiPDI!()o zqDCq6W^Ur)S-5LFHH07Qr*Zjs6V;9|=hQ|*M=G-W!6SiEVNk=K0Wi+fhNRc8FI*}K>!3|-FJCv7M(3K{(JX)pOlmNnkel#3!G(_#k6U77q!Z-&=A%SF0s zG=5d1{Yoz7B!1oL)%@yOAhh%WK3U8kFpgH`P~Fk5THnlmN`57cU)3J`l}uQYle2G{ z@_c{ytGhSIujJqVN>1CSr_k`(-%h_Xd*IgwHkDtzDPl&>PW=)5zGvmWXX@z#ng(-n zcII||QTzDQ>Ja$&OBRr`Z()FM^#HQ#Y5P0){`ucdzjZo-87i5jG-QpI(b@|9#4+|5 zi<~bI>6`>eP8JJeTZ+KShCvr-ieRA`Ri4p=eNGB{`h(F zpQ`-Fr;GQ2+^FvpdVlt(#`X77)F805{x0L+SDGwbZqz5!0ry z-+Fug@$;E~s{DURqk?5EZG?Ly&v$<|^Z#exoR#_i>DMn#|KR^$K=C0N>dO#GnzB2VLWMu%V4-&x+<@OEBUG204aoIGNAPI_@`Fh4 zSxRCNvbG$AF2b*$QpBBJ%a~)|BUjx-+)Z#HXS=Nj^AKPu64k z^PjjYGPLKLfty~73)oUE8{v`;8Z{dMq>@cf@5=^t&z**o@62ctW_k)@3A`0Qm zG6XW$@CnvynHDjiEIK*f2jD$PM8-WBWCF48uvFe;c5%ro&CR1cA^PT@2Lyu!Po$VZ67YTVI9 zrou_SFQzQQT#M|UC(s!%?PCpLaYvx?YRYK1BJ3m2^4r*tT|QQted!Hm9>K?+@S74V~4$KIaSnwRPm!h;afv6mmG`SLhcI6YA{k zHj%@jiZT}uWT{MrsC|@Mqb9?%oX4{Qs~Uoegs{T-oTX3kE>i}FyDN$~-^l2&9f5{* zEN5t7-_($$EQVc~p68ogKO5DkZYKIm@^c|_x?vVBy((MWk2?&KLhqaEPO|grj&5~F zyEm)HePKMk%7!cZ1tMi_qG~s-Ac$iI;3Rjcj@>zA?OB_gv|k(n5Y&Q45trR?`)By| z>B-5Wi8y!gJ4BaR@UmQx_9;BFrBg@W7uSrHta?>QQnq<%<-vf;j@xaoSxNGGPfHj0vkga)>jChmW@Fsc1 zn`FS75(i=#h7lB`g_o<{?^0q+~C#H9W)gpVl=Lb@oEkW z`cYja*|vEMRMiXJzJ5mKR&~Uwy?5#+$K#zRr&!jO$(34t%H&X;?T&75a~`S4su4>A z7UxP$*fd|%(SeH;wm(VC0BeL(>_(RifRoDI4^5c>3`M2RfG7$8@5dYNhydQH4$VwN zSdm6Il7I*C$e__pSe|b=S(0&7{MsCA585E-O=_F1s_28y5f(3bDllL{N^yW_xBEfN z`GWl@;_WYuFBp*x*SsA4b(7@uo)PUFWO4g}-}8ipoVG0*5j|mp;zxi>qs99OyhvlLl^PJP@HKWPyyY$W50U7X^$X;Z^ ze_>>_WrL2q{l@X3qZJ;iP_Dk`jR)-sqB~1Gxc+1t;}db+gOX zG@T)CpR&t=C!J&lY_9FX1VB(Z4)Z`!qybn0FYehJ^}L}~&CA8AowF=&e^@TsG@YIP z_4MqS{_^jCKmVT-v0!iB4ipQ@%vaf5Jm?S4mkT-I&78&6C!dpAO8xbq{@KmCr#8!v zJJ{2n#)J6s;zqXJ@>cuZAyiP6yNt*V^>5U&NX=egCi^iC9>i~km;K8LI3;(Om~0KR zQ=*aVx6Ay9Y7hNmr_;{!oOI`GLH8owB#>QpCSL~4x6f`@tIfaaq;F)i38WP6wN>F( zhD4Hh$6bNDw!Yt|t^z!_yDXsO;@v!JTG#lKrfQsn0}<{-@KHqbJCQEPV6BJ65yN!j zh12+x<{M!w>$aJ80sz2Qk+1dBe5Z;VNKPQrG+t`o{ZxDeVImi)t6kuoB4X5lO0YYbu(i;k9nT1;P3e+_ zM3o0fuoz;NizH!TS>7(G)jRnS<)bwGWSKykItuYe-kJb_+Z|%vcPTaEe)H+!ws#7{ zA2iUtz~kBIZTC*3{qC@(~8uTK|>UZT-5BPWQGu_uoA1qR&H$k%i&dml{sjtpq`|53<{K05WJ! zP#VE|+>=t`?Ypi)bl8^^Zr`0Y2cR~k1bS`SC5jn?r`Ur4^DQ6VaFfqSqQ{;b+jA>< z)LP{6nLHI?DrfOY$AICL3a4uyo}#)a0s%RngpJ7M>~)n?JCv78-22Pi zA>Q4vVLSK@Q3QzfNRi^A8awidNwDLYsCFomppF7tj)B?OcC~i%Kl$xpm$3V_QQK#i zm1FZwi+{-@=C0nZysq!lEPRh!qQ28EOJC2NmU+ z?81=a?o0=4z6%W$E8nmiRIeIFP}lbpmYZR{&W+)3-Jve)S*K&#si{U9^W{K84QwW$ z?&X>k^`q;)D{GFn#nS{`v5z@RV;ar#JQ;~}ZS8@Ld_+s#PDbT3#Zp1xX>rb#Nsp+(CIl22~{pPwD z{9V5U;*GV}D!`Z1zual^s%?4Baw4U#*3396*n)q=#>BSXeZp5_Hlpcz4}-UBpk+l` zn2RC`CE-XyQ}A9-nPxNpdySfHcD(MhnFE!lz7R3bMY@GK4@|2%Znup~+h=@PM(xb{ zv+-)XwohQ!WdhZ2QQPV%n6|p!0jqR3zFqE7-o6gGcj4ZZ<_-g2_=3vr3|!4|FD72? zvtebs@$#AupTf=^(6%jX5L#B4pyF-bm+RT!KsT+E8TXpErfeXRUHQ1*Wy6aA&MsS# zZLD3l!sV2X+MX-wjQZcRZMi;f(=99LjQYfBRlfk$$bB83w2rQbA{ONRIA`gSM%!0Y z>abx=vdm8obWXWH{=+ z-oB<%hmD*ISnH_!y3Afnq2xO5&1tFdYSk_JY0Da1FuH?4TIsTVY0zxP#d&Q%VR?|0 zH7cTL0tlHK(~&S$Og1K}^``3{TO;tM$z+7ou5udWE@2Qm8M5F}^>(bvSM`(5=Vr=a u`_uE5pYw$izWNC!uHQO6{*RwOe*XCR ``` - - For the uid-range annotation, verify that a value similar to the following is specified: - - ```$ openshift.io/sa.scc.uid-range=1000490000/10000 ``` - - This range is similar to the default range for Red Hat OpenShift. - - - Remove authenticated users from anyuid (if set): - - ```$ oc adm policy remove-scc-from-group anyuid system:authenticated ``` - - - Update the runAsUser value. - Find the entry: - - ``` - $ oc get scc -o yaml - runAsUser: - type: RunAsAny - ``` - - Update the value: - - ``` - $ oc get scc -o yaml - runAsUser: - type: MustRunAsRange - ``` - - - -To deploy Business Automation Navigator: - 1. Use the deployment file to deploy Business Automation Navigator: - - ```kubectl apply -f icn-deploy.yml``` - 2. Run following command to get the Public IP and port to access Business Automation Navigator: - - ```kubectl get svc | grep ecm-icn``` - - -> **Reminder**: After you deploy, return to the instructions in the Knowledge Center, [Configuring IBM Business Automation Navigator in a container environment](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_18.0.x/com.ibm.dba.install/k8s_topics/tsk_ecmconfigbank8s.html), to get your Business Automation Navigator environment up and running. - -## Upgrading deployments - > **Tip**: You can discover the necessary resource values for the deployment from corresponding product deployments in IBM Cloud Private Console and Openshift Container Platform. - -### Before you begin -Before you run the upgrade commands, you must prepare the environment for upgrades by updating permissions on your persistent volumes. Complete the preparation steps in the following topic before you start the upgrade: [Upgrading Business Automation Navigator releases](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.upgrading/topics/tsk_cn_upgrade.html) - -If you already have a customized YAML file for your existing deployment, update the file with the new parameters for this release before you apply the YAML as part of the upgrade. See the sample YAML files for more information. - -You must also [download the PPA archive](../../README.md) before you begin the upgrade process. - - -### Preparing for upgrade on Red Hat OpenShift - -For upgrades on Red Hat OpenShift, note the following considerations when you want to use the Arbitrary UID capability in your updated environment: - -- If you don't want to use Arbitrary UID capability in your Red Hat OpenShift environment, use the instructions in Running the upgrade deployments. - -- If you do want to use Arbitrary UID, use the following steps to prepare for the upgrade: - -1. Check and if necessary edit your Security Context Constraint to set desired user id range of minimum and maximum values for the project namespace: - - Set the desired user id range of minimum and maximum values for the project namespace: - - ```$ oc edit namespace ``` - - For the uid-range annotation, verify that a value similar to the following is specified: - - ```$ openshift.io/sa.scc.uid-range=1000490000/10000 ``` - - This range is similar to the default range for Red Hat OpenShift. - - - Remove authenticated users from anyuid (if set): - - ```$ oc adm policy remove-scc-from-group anyuid system:authenticated ``` - - - Update the runAsUser value. - Find the entry: - - ``` - $ oc get scc -o yaml - runAsUser: - type: RunAsAny - ``` - - Update the value: - - ``` - $ oc get scc -o yaml - runAsUser: - type: MustRunAsRange - ``` - -2. Remove the following line from your deployment YAML file: `runAsUser: 50001`. - -3. Update other values in your deployment YAML file to reflect the values for your existing environment and any updates in the new samples. - -4. Stop all existing containers. - -5. Run the deployment commands for the containers, in the following section. -### Running the upgrade deployment - -Reminder: Update the values in your deployment YAML file to reflect the values for your existing environment. - -To deploy Business Automation Navigator: - 1. Use the deployment file to deploy Business Automation Navigator: - - ```kubectl apply -f icn-deploy.yml``` - 2. Run following command to get the Public IP and port to access Business Automation Navigator: - - ```kubectl get svc | grep ecm-icn``` - - -## Uninstalling a Kubernetes release of Business Automation Navigator - -To uninstall and delete the Business Automation Navigator release, use the following command: - -```console -$ kubectl delete -f -``` - -The command removes all the Kubernetes components associated with the release, except any Persistent Volume Claims (PVCs). This is the default behavior of Kubernetes, and ensures that valuable data is not deleted. To delete the persisted data of the release, you can delete the PVC using the following command: - -```console -$ kubectl delete pvc my-icn-prod-release-icn-pvclaim -``` diff --git a/NAVIGATOR/k8s-yaml/icn-deploy.yml b/NAVIGATOR/k8s-yaml/icn-deploy.yml deleted file mode 100644 index 6230c0aa..00000000 --- a/NAVIGATOR/k8s-yaml/icn-deploy.yml +++ /dev/null @@ -1,191 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: ecm-icn-svc -spec: - ports: - - name: http - protocol: TCP - port: 9080 - targetPort: 9080 - - name: https - protocol: TCP - port: 9443 - targetPort: 9443 - selector: - app: icnserver-cluster1 - type: NodePort - sessionAffinity: ClientIP ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: ecm-icn-np - namespace: $KUBE_NAME_SPACE -spec: - podSelector: {} - policyTypes: - - Ingress - - Egress - ingress: - - {} - egress: - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - - to: - - namespaceSelector: {} ---- -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - name: ecm-icn -spec: - replicas: 1 - strategy: - type: RollingUpdate - template: - metadata: - labels: - app: icnserver-cluster1 - spec: - imagePullSecrets: - - name: admin.registrykey - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - icnserver-cluster1 - topologyKey: "kubernetes.io/hostname" - containers: - - image: /default/navigator:latest - imagePullPolicy: Always - name: ecm-icn - securityContext: - # If deployment on OpenShift and image supports arbitrary uid, - # remove runAsUser and pods will run with arbitrarily assigned user ID. - runAsUser: 50001 - allowPrivilegeEscalation: false - resources: - requests: - memory: 512Mi - cpu: 500m - limits: - memory: 1536Mi - cpu: 1 - ports: - - containerPort: 9080 - name: http - - containerPort: 9443 - name: https - env: - - name: LICENSE - value: "accept" - - name: PRODUCT - value: "DBAMC" - - name: JVM_INITIAL_HEAP_PERCENTAGE - value: "40" - - name: JVM_MAX_HEAP_PERCENTAGE - value: "66" - - name: TZ - value: "Etc/UTC" - - name: JVM_INITIAL_HEAP_PERCENTAGE - value: "40" - - name: JVM_MAX_HEAP_PERCENTAGE - value: "66" - - name: JVM_CUSTOMIZE_OPTIONS - value: "" - - name: ICNDBTYPE - value: "db2" - - name: ICNJNDIDS - value: "ECMClientDS" - - name: ICNSCHEMA - value: "ICNDB" - - name: ICNTS - value: "ICNDB" - - name: ICNADMIN - value: "ceadmin" - - name: navigatorMode - value: "3" - - name: enableAppcues - value: "false" - - name: allowRemotePluginsViaHttp - value: "false" - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - readinessProbe: - httpGet: - path: /navigator - port: 9080 - httpHeaders: - - name: Content-Encoding - value: gzip - initialDelaySeconds: 180 - periodSeconds: 5 - livenessProbe: - httpGet: - path: /navigator - port: 9080 - httpHeaders: - - name: Content-Encoding - value: gzip - initialDelaySeconds: 600 - periodSeconds: 5 - volumeMounts: - - name: icncfgstore-pvc - mountPath: "/opt/ibm/wlp/usr/servers/defaultServer/configDropins/overrides" - subPath: configDropins/overrides - - name: icnlogstore-pvc - mountPath: "/opt/ibm/wlp/usr/servers/defaultServer/logs" - subPath: logs - - name: icnpluginstore-pvc - mountPath: "/opt/ibm/plugins" - subPath: plugins - - name: icnvwcachestore-pvc - mountPath: "/opt/ibm/viewerconfig/cache" - subPath: viewercache - - name: icnvwlogstore-pvc - mountPath: "/opt/ibm/viewerconfig/logs" - subPath: viewerlogs - - name: icnasperastore-pvc - mountPath: "/opt/ibm/Aspera" - subPath: Aspera - - volumes: - - name: icncfgstore-pvc - persistentVolumeClaim: - claimName: "icn-cfgstore" - - name: icnlogstore-pvc - persistentVolumeClaim: - claimName: "icn-logstore" - - name: icnpluginstore-pvc - persistentVolumeClaim: - claimName: "icn-pluginstore" - - name: icnvwcachestore-pvc - persistentVolumeClaim: - claimName: "icn-vwcachestore" - - name: icnvwlogstore-pvc - persistentVolumeClaim: - claimName: "icn-vwlogstore" - - name: icnasperastore-pvc - persistentVolumeClaim: - claimName: "icn-asperastore" diff --git a/NAVIGATOR/platform/README_Eval_ROKS.md b/NAVIGATOR/platform/README_Eval_ROKS.md deleted file mode 100644 index e5452d39..00000000 --- a/NAVIGATOR/platform/README_Eval_ROKS.md +++ /dev/null @@ -1,108 +0,0 @@ -# Deploying on Red Hat OpenShift on IBM Cloud - -Before you deploy, you must configure your IBM Public Cloud environment, create an OpenShift cluster, prepare your Navigator environment, and load the product images to the registry. Use the following information to configure your environment and deploy the images. - -## Before you begin: Create a cluster - -Before you run any install command, make sure that you have created the IBM Cloud cluster, prepared your own environment, and loaded the product image to the registry. - -For detailed information, see [Installing containers on Red Hat OpenShift by using CLIs](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_prepare_env_ROKS.html). - - -## Step 1: Prepare your Navigator environment - -To prepare your Navigator environment, you set up databases, LDAP services, storage, and configuration files that are required for use and operation after deployment. - -Use the following instructions to prepare your Navigator environment: [Preparing to install IBM FileNet Content Manager](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_prepare_bank8s.html) - -**Important:** The instructions provided for preparing storage are specific to non-managed OpenShift deployments. For OpenShift deployments, the cluster you create for OpenShift includes attached storage. As a result, you don't create persistent volumes for the storage- only the listed persistent volume claims. Obtain the storage class name for this OpenShift cluster storage, and assign that value as the `storageClassName` value when you create the required persistent volumes claims for your Navigator environment as described in [Creating volumes and folders for deployment on Kubernetes](https://www.ibm.com/support/knowledgecenter/en/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_prepare_ban_volumesk8s.html). - -The following example uses the storage class name `ibmc-file-retain-bronze`: - ```yaml - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: example-pvc - namespace: default - spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 8Gi - storageClassName: ibmc-file-retain-bronze - ``` - -## Step 2: Deploy the Business Automation Navigator images - -When the container images are in the registry, you can complete environment configuration for each component and then run the chart installation. - -1. Create a NGINX pod to mount the persistent volumes. The following sample creates a pod named `example-pod-ecm-eval`: [NGINX Pod Sample](nginx_sample.yaml) - -2. Copy the necessary database and LDAP configuration XML files that you prepared for your Navigator environment to the mounted volumes, for example, by accessing the NGINX pod that you created: - ```console - $ kubectl cp datasource.xml nginx-pod:/path/to/corresponding/directory - ``` -**Remember:** Make sure the permissions for all the folders set the user and group ownership to 50001:50000. - -3. Use the instructions in the [Helm chart readme](../helm-charts) to confirm your environment configuration and install the Helm charts. - - -## Step 3: Enable Ingress to access your applications -1. Create an SSL certificate: - ```console - $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $(pwd)/tls.key -out $(pwd)/tls.crt -subj "/CN=dbamc.content - ``` -2. Create a secret using the certificate: - ```console - $ kubectl create secret tls icp4a --key $(pwd)/tls.key --cert $(pwd)/tls.crt - ``` -3. Create an Ingress service for the Navigator component by using the example `ingress_service.yaml` file in the OpenShift console or CLI: [ingress_service.yaml](ingress_service.yaml) - -4. Apply the Ingress service: - ``` console - $ kubectl apply -f ingress_service.yaml - ``` -5. Create an Ingress endpoint using the [ingress_icn.yaml](ingress_icn.yaml). -6. Apply the Ingress: - ``` console - $ kubectl apply -f ingress_icn.yaml - ``` -7. To use the Ingress for the repository connection URL in Navigator, CMIS, External Share, and GraphQL run the following commands: - ```console - $ openssl pkcs12 -export -in $(pwd)/tls.crt -inkey $(pwd)/tls.key -out $(pwd)/newkey.p12 - ``` - ```console - $ keytool -importkeystore -srckeystore $(pwd)/newkey.p12 \ - -srcstoretype PKCS12 \ - -destkeystore $(pwd)/newkey.jks \ - -deststoretype JKS - ``` -8. Copy the `newkey.jks` file to the `overrides` directory. - ``` console - $ cp $(pwd)/newkey.jks /some/directory/icn/configDropins/overrides - ``` -9. Create a new XML file, such as `key.xml`, and save it to the `configDropins/Overrides` folder: - ``` xml - - - - ``` -10. Edit the deployments for all of the components to resolve the hostname in the pods: - ``` console - $ kubectl edit deployments dbamc-icn-ibm-dba-navigator - ``` - Add the following lines in the section `spec.template.spec`. - ``` yaml - hostAliases: - - ip: "" - hostnames: - - "dbamc.content" - ``` -11. Get the Ingress IP by running the following command: - ``` console - $ kubectl get ingress - ``` -12. After you save your changes, new pods are created that include the changes. When the pods are up and running, update any existing repository connection. The new repository connection URL is something like: `https://icp4a-content/navigator` - -13. On any system where you want to access the applications, update the localhost file `/etc/hosts` with the Ingress IP and the hostname. diff --git a/NAVIGATOR/platform/ingress_icn.yaml b/NAVIGATOR/platform/ingress_icn.yaml deleted file mode 100644 index 230cf588..00000000 --- a/NAVIGATOR/platform/ingress_icn.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: dbamc-ingress - annotations: - # The NGINX ingress annotations contains a new prefix nginx.ingress.kubernetes.io. - # To avoid breaking a running NGINX ingress controller, specify both new and old prefixes. - kubernetes.io/ingress.class: nginx - ingress.kubernetes.io/force-ssl-redirect: "true" - ingress.bluemix.net/sticky-cookie-services: "serviceName=ibacc-icn-ingress-svc name=icncookie expires=7300s path=/navigator hash=sha1" -spec: - rules: - - host: icp4a.content - http: - paths: - - backend: - serviceName: ibacc-icn-ingress-svc - servicePort: 9080 - path: /navigator - - backend: - serviceName: ibacc-icn-ingress-svc - servicePort: 9080 - path: /sync - tls: - - hosts: - - icp4a.content - secretName: icp4a diff --git a/NAVIGATOR/platform/ingress_service.yaml b/NAVIGATOR/platform/ingress_service.yaml deleted file mode 100644 index 400e84ba..00000000 --- a/NAVIGATOR/platform/ingress_service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: ibacc-icn-ingress-svc -spec: - ports: - - name: http - protocol: TCP - port: 9080 - targetPort: 9080 - - name: https - protocol: TCP - port: 9443 - targetPort: 9443 - selector: - app: ibm-dba-navigator - type: ClusterIP - diff --git a/NAVIGATOR/platform/nginx_sample.yaml b/NAVIGATOR/platform/nginx_sample.yaml deleted file mode 100644 index bb2954aa..00000000 --- a/NAVIGATOR/platform/nginx_sample.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: example-pod-ecm-eval - labels: - app: hello-openshift - namespace: ecm-eval -spec: - volumes: - - name: ecm-eval-cfg-pvc-0 - persistentVolumeClaim: - claimName: ecm-eval-cfg-pvc-0 - - name: ecm-eval-cfg-pvc-1 - persistentVolumeClaim: - claimName: ecm-eval-cfg-pvc-1 - - name: ecm-eval-cfg-pvc-2 - persistentVolumeClaim: - claimName: ecm-eval-cfg-pvc-2 - - name: ecm-eval-cfg-pvc-3 - persistentVolumeClaim: - claimName: ecm-eval-cfg-pvc-3 - - name: ecm-eval-cfg-pvc-4 - persistentVolumeClaim: - claimName: ecm-eval-cfg-pvc-4 - - name: ecm-eval-cfg-pvc-5 - persistentVolumeClaim: - claimName: ecm-eval-cfg-pvc-5 - containers: - - name: hello-openshift - image: nginx:latest - ports: - - containerPort: 8080 - volumeMounts: - - name: ecm-eval-cfg-pvc-0 - mountPath: /icn/configDropin/overrides - - name: ecm-eval-cfg-pvc-1 - mountPath: /icn/logs - - name: ecm-eval-cfg-pvc-2 - mountPath: /icn/plugins - - name: ecm-eval-cfg-pvc-3 - mountPath: /icn/viewerlog - - name: ecm-eval-cfg-pvc-4 - mountPath: /icn/viewercache - - name: ecm-eval-cfg-pvc-5 - mountPath: /icn/aspera diff --git a/ODM/README.md b/ODM/README.md deleted file mode 100644 index 9a2d4e5e..00000000 --- a/ODM/README.md +++ /dev/null @@ -1,116 +0,0 @@ -# Install IBM Operational Decision Manager 8.10.2 on Certified Kubernetes - -The following architectures are supported for Operational Decision Manager 8.10.2 on Certified Kubernetes: -- AMD64 (or x86_64), which is the 64-bit edition for Linux x86. - -> **Note**: Rule Designer is installed as an update site from the [Eclipse Marketplace](https://marketplace.eclipse.org/content/ibm-operational-decision-manager-developers-v-8102-rule-designer) into an existing version of Eclipse. - -## Option 1: Install a release for evaluation purposes - -The following instructions are to install the Operational Decision Manager for developers Helm chart: - - * [Installing Operational Decision Manager for developers on MiniKube](platform/README_Eval_Minikube.md) - * [Installing Operational Decision Manager for developers on Openshift](platform/README_Eval_Openshift.md) - * [Installing Operational Decision Manager for developers on Red Hat OpenShift on IBM Cloud](platform/README_Eval_ROKS.md) - -## Option 2: Install a production ready release - -The installation of Operational Decision Manager 8.10.2 uses a `ibm-odm-prod` Helm chart, also known as the ODM for production Helm chart. The chart is a package of preconfigured Kubernetes resources that bootstraps an ODM for production deployment on a Kubernetes cluster. You customize the deployment by changing and adding configuration parameters. The default values are appropriate to a production environment, but it is likely that you want to configure at least the security of your kubernetes deployment. - -The `ibm-odm-prod` Helm chart includes five containers corresponding to the following services. -- Decision Center Business Console and Enterprise Console -- Decision Server Console -- Decision Server Runtime -- Decision Server Runner -- (Optional) Internal PostgreSQL DB - -The services require CPU and memory resources. The following table lists the minimum requirements that are used as default values. - -| Service | CPU Minimum (m) | Memory Minimum (Mi) | -| ---------- | ----------- | ------------------- | -| Decision Center | 500 | 512 | -| Decision Runner | 500 | 512 | -| Decision Server Console | 500 | 512 | -| Decision Server Runtime | 500 | 512 | -| **Total** | **2000** (2CPU) | **2048** (2Gb) | -| (Optional) Internal DB | 500 | 512 | - -### *Optional:* Before you install a production ready release with customizations - -If you want to customize your Operational Decision Manager installation, go to the [IBM Cloud Pak for Automation 19.0.x](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_install_odm.html) Knowledge Center and choose which customizations you want to apply. - * [Configuring PVUs](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_config_pvu.html) - * [Defining the security certificate](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_replace_security_certificate.html) - * [Configuring the LDAP and user registry](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/con_config_user_registry.html) - * [Configuring a custom external database](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_custom_external_db.html) - * [Configuring the ODM event emitter](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_custom_emitters.html) - * [Configuring Decision Center customization](https://www.ibm.com/support/knowledgecenter/SSYHZ8_19.0.x/com.ibm.dba.install/k8s_topics/tsk_custom_dc.html) - -> **Note**: The [configuration](configuration) folder provides sample configuration files that you might find useful. Download the files and edit them for your own customizations. - -After you noted the values of the configuration parameters that are needed to customize Operational Decision Manager, choose one of the following deployment options to complete the installation. - -The following instructions are to install the ODM for production Helm chart: - - * [Install Operational Decision Manager on MiniKube](platform/README_Minikube.md) - * [Install Operational Decision Manager on Openshift](platform/README_Openshift.md) - * [Install Operational Decision Manager on IBM Cloud OpenShift cluster](platform/README_ROKS.md) - * [Install Operational Decision Manager on other Kubernetes by using Helm and Tiller](helm-charts/README.md) - * [Install Operational Decision Manager on other Kubernetes by using Kubernetes YAML](k8s-yaml/README.md) - - - -## Post-installation steps - -### Step 1: Verify a deployment - -You can check the status of the pods by using the following command: -```console -$ kubectl get pods -``` - -When all of the pods are *Running* and *Ready*, retrieve the cluster-info-ip name and port numbers with the following commands: - -

    naBPRnLkwP|!K)KFnyelb7*^rC-Aq(a8LA@luB|I+ZfIUfTyE_dac7sH1ne|O% z5vt*ps%W<5`axc5Q?%4ni+U~(g#-pS`U-F+3kYsC4;8%VfYuf@(x{yrf?xWQc^(tB zaN|e#y4h$fD;RbI{tXB?6H6iHq}GIQ9o9@2b9YVdk(Z|J9p<7BCHI*QY#W04tzsIj zPX^kMOxpJdV}P+o8nsBbLWUJGsgUyu=~u`PFh>D@pkbBItMLQ3ra=^E6*6QMGGP^R z&MKtOD&z7!=93DyX0TJF)R@3 zMiC&1`524kkumGF@t@h7mPrI`(Iu$*(uHFAR~){xp|zPCXUe%p9lu<}Ei9c!d2vMB z`q7u+cUAfP9%W0VrzQ86$?F#LckY%XQ(L-~DfMODLRqRayt;~+Cy`#pfni%uQ9uNe zk(l}<&X1jcMhf9C%7m19dvM8Sd; zQm-o{cJ8P~O;Nx0!0uQ;XUwVba8Vb3)h}2S-|+cO{QHfH@^K?Na`QU}cy0ttrY*wL z#{g4@PJZ6ZQLYWJ$T4Tzfd78oCw=A4<(iUd@kZJ2Q0Dm(?KD2;@r%c&LXm%s@ks})KA%x<+qfj6i9q3EkyU|I zWYdZmnvOn?98NZgqP@;pZFqe(;J%}XJ^<2AGVn5TZQIc7JE@m9k9UNsJ4@=*IIakyerK@LCaDyNTHQq_N(%ZS5aZl zi&)2vsKD=%_s<@crD}Qzz5b?fVDM@)XW)wi*kwNdx>t*E9F@@BRzT3EUojjH;9gW~wWD#oESJub0?AZItdyrM)c^EYM z2w8wVA+QX27;ovmC_B-Y`pu(#?L#n zC5=Poe#zkaSaaL(GQ~CzP!@jT5b>$U7mF=gg$pcFNJt8_3hNh=I@9u-JFsA?=g+`{ zsZrRD@ar0>VlHgMK9S=|-AJ1zbY11*Srd|3d-Q-Os{84>(#L#{nOt)Jf-lCmEC^_L z8Eo6m+2YxKth#j>7^ZrSkV@5bx~%03oZ1gN>nyQn_iopp1)TXij>MEN8cO#4=E11a zGIrg5vf7gS@A^LpWPw1SHkgK7$wsj!S!|JM~?b z&30MzBlD`D!(Kv{>=6qSQ+ntAUhu`x35%uo)RuvgYxLU*BkLoXJ#xzvZzkrH1Xzwt zsUkf8cUO}Ep4cV#SIvjIJ2m;+(v*4* zDlIR02%fbYq0ZLG?pbT1cOlnn#Vv}xOtULHQ*7DAy{Ptjoecxqjd`7{tdRa{P`l@Ii-?&e=)x5eq*p+ant87>XAmySI*+$D%DI87aob5ND_OSN@ z-G)K4i*6Y}d)OmZsr>%SLiS=jWf&dIk=pZP8s0mF1_(2lOoa_Y$`&c4!m>$m;?NxrKF=ihW2ECx_w|LH$mL>KH gI<9}UufboxzkYxH{#?KR4gdiE|4Sz%&H#J^0Jj*P?*IS* diff --git a/CONTENT/helm-charts/ibm-dba-contentsearch-3.0.0.tgz b/CONTENT/helm-charts/ibm-dba-contentsearch-3.0.0.tgz deleted file mode 100644 index 077b7074e0911d9398ba83eb03e913a847cc3fe2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 62185 zcmV(`K-0e;iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvJciXtND2(@SehOU8xofOmntn+>Foy>IF-eWRt zcY1d5;^OpoHn~HaugOWFv|^4Yp#(F3Gkia&>uf^6>Bw@zpMh z#qNY=G~E|GRwt!8VcAK+;%z2UvDu%ntY9*iTrs;Vk9Rbq8@6LvaT4%YL!$e{E{|WF zzI5H@R2CVN4??EN$wnn7riT;0qZ_79#;&j9o4=h7XTdS)JUYQKNmjJ_#66|E8j>(wQ z6nhKq$`x}s|N4Lb;Ve2ki%!1|c9drYc#VM7H+*8TvDrJfk zf~*+HsZuNu5vm}$WNRiROL{>dS)THk z4n>(2m*gyfQ>?#|EEkFwLhdigZXc(mDwvFToL_!-ae8|4@A`D8oW|^bpXd`zNI^H3 zWJ8ZHE?ykx-{G^oOw*Z2dAz?QgY<#!RSroj zzbcVIYsr)-Wy}c85<<&DsFVY2i5Bli%i8_lnT0zw}QtE;4Zd$7$zfJJen#&cos`W z6;mYM(k#aRmxUs-%!tSc%kH@pnWnOeJn&*mQeG4(gT5UoAyH+#)x+QLjBDZ*k?~qD zFG&P>pjmAu-e+Zovn>F)wMbL(pz))7PkE-B(B!YBg7-T;K*nOG6qWlB<}cY!!0Z`` zOPTJ;N>aehx?qxgUE%rb2zJPiB~t}posc*$FUiH}=??zdu^sH3i?j0^9uSi99j~=K zt2H}2J%4$_VYP>g1(`{al(D`L-5SSARZkcAPx{;#H$@nVx%3G6nG`$SIA|%1qx8o~4qciW(8+>%C`@9jE zJ{}Ij9sX_LVwpas$t79SR59=6P-JVqDJ6ybJ|JW#vKv-N9;^3~7fep`;*y-#UM%k8 zQI_O_>odB;XHm9^R%yw0{8N;%;_~~`?=SG9S2urrqo;RCVzGmJo5j1xKoGe$w(nTv zOi%0I;WQH=iI5wb@&5t{$)@DV|8^e@X5;^0`%CigY>SqnK_EQafiDuiU0q!%l79IrRW`tM$?k;atQC>33emb=_y-xlJ1D@@?uX^q0cATF`6loi0tb^e?(|TnC=id)2&_iPhystma})mP6YEf*GPs( zy{`5RT>jZ!Cs|zk1pW0)?{5rCG&G&E2c}7`iK% z%xJn;T+f6oF3ERi-+vzPA~N&c-`ugiba)Be|_Y`^`U^LvW^f28X* z&v>zqiu_A;K~K>C7pLdn*6IKG>DlRv-{}9Z@%!7~PJU198k1wEtJQQ)W~^W;;^HI` zu{w!GrX^PRMXkp8(LWjPk{5Ty|wz@H}OJhXvC@uaHY7cZyJ@M9gWy z5>)T_>Avtbrly4QfyG;I%Ozw8A1o~Aq@B4?5oLaIwL&O$N~ zh5kQ~yHrT71XB}Hz@H&`Q-tKYfUij#^h@*NxCMuOqu<@J{Uuqkf=2ao0jhrDeikeZ zmG>Ccx>bLA`$?K@82Pt5whzg_-P4p@{((gAQ0EUu9kaKpFZh~l3UUOE|CP{nY)9K_o~Y2a zdKLWrdh6Y>9<`O|UW0%1we;KXSNc84|7}^CGpT+C`}ef`|IKMr{{Qy;+u!)VU*iY- z-#y=562%HI=xIja4?B&Pc*`!4o71g=(We~DPz`-17?GmDw0n|rgXDT#wFN_0gbpWK zaCUTAx18QHDS5&iasB26{FCn%<$BFOk=}9DnI>Jwcz>MyJ{U@-g=p%=&~o#h{8-YI z>x-SxJcoHi!Fz_iL;FIHq35K?ip8{4j3}{Vb<&w*@;w&f@;FkyMHJc5eR$V_yE@`53cb=8|W{n)LpsI{u%kS65P)Za)XP|LFbt z+wYhCJw^XnygQDSI!;)giv5mdU*Hz@IQ>6AJAHZ9kpIt5Pk+<@{whD;|BL3iI=Md! z?s%45k}J33!HyL)p#`nXAD^kG1Wq%hE0!A0l;-)fI;nL)@UDRmefno!N~CO;EnTc_ zuw{}Lbkk^I9N2UtO{I-@Ny=lYu%V%@zAp;)sEjO!Qv#O$+MDAS&QcYU7Hng57y357 zBy*8!iRLy>Xu)u@{u4Xij(%E{Qcv)#dUBi5d&*O~O3iZ%jRD(RTm4IGGx*|_de(wG zxunlpH3Mgsi2{^D9`HFjWsI*bN$=v@7vCO_&tLSKZzpKbbFOt{M(@B7FenSLgDzX& zxHHo``#w62&RPx7f8mn!X7lNAv{+2%AKwkGZ$}?*C*x(SwVwHgB}3sn{zz|-rr6Hz zNjSEhK`%h_y!Gm!F2MfU zI)SR!FFV@!D?|=1yWn)wt7|Lt-h&U#H*vMMoz@H8`AE;BvhXOX-22E+KV7z77j#2@ z`l&ia&P;E;`C4C8u73V3o_&{fVBp{}dgQbaLeo?{%p||(Dci7-ifM`-L$xDHV3V3g zN&B5-G?`}UUZ2$0JY{OH3byNLclbmT64RWnc*+aj+!~1#dHu;T8C+j`blvl4tRDLQ zcJ^mo=z6t_)O;SR_9-42&s z{r9e34Q__LE}*7wKE9sLZw8&;d2pp-6QKt!`EMu6_Wr6w*6Rl6|Gc~T_;xgyef;Ci zAHQVIl>??fZKLM3Usmpqk@0%#2Igiu`FJy0&d0;W$M^H`ay0)qoh`@H$rF$raIcIy zd@CPc93OziX#Q?I9DN*3u4dEm(OxeaXeX$=I;jAUk*US z1@`m6czu1lc>4;J%`uRHw*orH{;2hkIU(Qj1EoP5!{>cVlke)={*TfhwJh4U|P%u!$*$k7eQj& znh$K64p=^XoK3GjP6js}*X3&|T0AyYNTiJ0{A)y*u;2TT`Bvk}bEAsjWzpOY)6-oAP`1Ww1X5`q_71 z2>Zn|LB9v*`5RGYn#VM>l4c1xVn4cLRC(D)2i?4%)!6!Y_y0cKTbJ;^Q}>=zc)y!S z_iV0I$X5=K-%<{u2P4ip}%jO~vM)09^EKdmhAiL*fmXssq>YKYDjR z8xBhc{!Sb9*>G5L_xIU<&tH~`ZvDbr>rsyBak#3OsK;OekoanM0`WRjGOA3|u3(x& zqc__E4BoJK3I5-7|9K1Y^G4M82p_~+5Me+r~{kp0?7>AZmcDUjkp_G=^M&^7c=ftNaPzXX-} z5-c6K6#wxU0>FMgVt#Y@`oH`4T>mc=%Zm-O9{`rM{#Ez>cX2#^d!PASzjP(9jkMutFetB0i&lG&zW$4YN zC`2sMOR^kV-6|>@JFwHpQczLyg31jmYR2WdbJ`c-5`E7mB4N5`=o7qCoKFoIrkrKP zc=p>Z@vr)OivAZ&73#z$1cPiTOclquNS=QcJVF1@FV0>x=>LoJZ-1lzzsj$Z{?A0x zLHm0h#1M9aW_w%im%S}ZcahqjY=yY%T@u(fs*Ga>xz~O6XXNdb(;F-UeiGQwzDgHV7yf9?^x)v__=Rf`F^!WR~{I5U%<^TbuzM!|HF==!`#;jen*$m61;%*d{y+WZMJxa7#mnE~KYx|q zS7b&DEmc6yR$OxOuw@xpl{`&&wjnu<@92gpmkL&uIfykxZCRQ^Qb8p9Jlll&ilqg= zXC$Y^)_YE~B>0MCY=ar5j&jM?{F6=V@IU$y(PtUbN#qC;$(e-IpivNAEj}*53jP&j zP!<_^H(Zc}OBF;LUYx*x5&R%p{g*s}|Jn!J&58bx{Zrj%Csju)8sC*U#J;NF_mO(Y zgWpFhdKdgYDt3AB`~N5SioBzei&ByC)kpZD1bnso7^k94KIZi9B&T;DwHTMd<=A++qZwZ_g&}soj_R%Z{2MRhUucXc;{U!m zZ{>e}`SSebZ|DEl_?eq+xn)Gtd}OK#S2j;=Ldq;*m=tZ0(|F6sd30*uMkHwYja5I> z{u2Hyvq3=QRq4na&uxpQ6~V(ax}kLkiq1N45yQ; z@p3$!EXeEWoZK!(A(@YifBSek38B^1c(I(1U)_SYsP5n_B3BIfWPLy*JHMWpMUSX0 zB#vPe)6Eo^S|>|1518Or5It5Zrio$he9}YHm2R7GRY<-9#+p!N;=v&W=z_)A$r&lO zQk0u5`5t5Kxgv>(O9;Ykz$Ii0uvp}K$v4}Ah=+_xA|zp1!HYeiWw8~K{}+sBHAo#_ z6k7^gVIyf)m^6TPH9Y{>hNff$UAKTJGd)3*DS*b%i-jUfG#_ZX5yh4n069}Qw5CZ? zq#*>^n?F(jI@Gh#PjPd`K*&u`rXgM{&<_q6k=G`wD5ff`x&^mu)HA*GOv2S8 z-Z#mG9+(XEy~E-{1Hm)=cL-_qAYDMQwR;_30R|+gY8dEoA&E8u7V7&JroY-F^c4E` zG4sInZW59lao)$}QCpttp4NO_?DbU{>#mP3PXA{ghSL{0BHngX7OJ2b-05mdB~!LX z-X|-Tu{Do5P3ygTa8^tHL6kjmBqaPx_WJ&+(+qHO&y!O3C5gX3Ob6@}lQD;Eg*lTu zZgMZdKEp!*%hK9v3kbXEK@#@nPIEzh_;w8#zk`&yBH?S3*izXA#u!8WdQ}#Xf8ERC zpv1a((A&$Tc8^8ELU;BsF)wz54MKbVE1zX#Co0gVE6p*qL8sXspGl_56wb$5iXGXp zcuO-LQ+q%PNi&79GiF1LDNTLnz7jB9I|5paAuktmTA$OCG`pW z)GHR5sU!hhBc9zIOE|?eV%4}Xri&xUwoG?<%Jhf1 z6!+YGi1%a8vV?ykE0&6feuafACiy)w#Tp^1*W3YmjBXs5*_)ma2Nv)ZRgl^Yj$)$6 z(7RuX9nva26f74MGT8EX>k$K%K!gTOiDa0}TZO(7FC;9bD*4h0dCZ+J%2jx}%7V@s#jwc{U>Ci)Ea^lrAH!VmBq5F^=+a(6yiP9^LV zjTe~4j!Bm8wOnxrh+FXt_DM!}tZx^cX9bgMC@&z^p?60*q_%+4*kNK_t@==ta&yOb zu6XkdxFhS0=MZQPoV`mO9J;gGn!p}T3@2iH5{Mi4O2~u2hu)#k;s6&JO;by@Rk_;n z!VnM3cVNK~4LN{kjsgs1(%>}M3cJd1-936+_>79C$}qg%?<=;Y>6(c3Vdmv|w>{~( zIa%Kgyzd=Z7Ha~UPAM`Thk6xOG=+WiAoX_{Fdt=R6DR9a;3J(?h|+i}RCQPY|0;a+ zDsr^TA46mwOk_tn)Eh}L|DbneIaUZ2W6CGtT&a@jDD~{Llksf+v zq_zt@Y-_wFT*ak=TOLN-0lhSAe2iJDmTCZZse_-8fhwU2Ovzjo8MC-6y@$48*1kGsa8WJ?uU zF_sa@Vg{6awXcm+9YV!^ELm2hde~UVTu7H5(>s1hh|VMOMzd9V*rA)g<*dk}#LLy} z)lOl?J7zvrW;EUs4?#qekkuZ!IN%FDh>}pv;pMC-X==A06z6*2n%Brgb_^@8_&xl2 z9786IkVvtoX|X?EOU6RNrDXRa)`Yxuo7=GFLO5xQg_<4A^*(Mu zPw76ap5#p8Rjc5MVJv*P&1dr+Ee2+}HDbqg4zvXq=!LgHGYXZ}{`FVqh<%D#Ug!g+ z3VRpfy13ugm{x%?XeRdyN+(!nnfH==UVb?Viz_^kPXoe)a6=C&<_Ve;z0nIRtZQrNo=DmHx(rIUqJ z!3({o-J%rSsA=hj>eoQzjNpD$U09B{mO`mxK$xCJEK1Ek;om$Xl%(`QmAueXO&Qj# z(HOJ9S3E(3Dn3Tw;7&lml@Yb8e&T9z_I6r!J$AsULc(A@t@=*1ERz*R%}KF>Ms>!_ zm1nssydCrr)vIUs3RRY2OK9OXpTjO!ASWhB3SLHJ&V0>K1ViuWzM^bRDin*HTi&Kd zj~?OjU`aIF$P!-eLfl81qv6F?xEr}HHsck3fRcrkC_C}VhpgapL-|UI-ART1;*5tf_-GJ4G z2qCStyB$NbyF*PD6Q=p5&|@ZGix$;!Gjl@~LW72 zCr%dC#YGGU-<)V2X-QubEw}zg@Y74(n@pGE;iyLn_6bv%>SJfd&@8t%j(@s563}r{ zT9}3P^18C3Cj~n+$e7ipW1VQVUIIS)4N(KifD?f!gwMgNZzu1>a3@}2v(bX2j4CZo z`I>q2Np)JmJyKm-FsX&H!gYnA+OATM!tjGn%xjy>Ki72y6yfWN&gd(1Q{8~={)G(N zSf-ZO^R!$xS!)|h>&8g|2I8JcT&!ZtWpb=1xp!-m3AuyPjx^61h3bpURf27!*;{X5 z9#E8aNfo5O1r%#v)6KhUgC>dox76~Ezaza~Ea(P9&p8PpVqfv3wsk=vCUs-y~F zTd`WD!1r|}OSKfb6EhDVWFbky*O2(#<8nJV_)4|cVKTyQJX?`icR&+X$7T(};{Jdr z;%n#JQG)*T(4IE00-$BBs@=kl>yE_^S!unGYHArLsWc>k+JanwuwyI%D63Xnpo++C zmNKPa(b%UvKH~QiQRt7H^#<;jl|Z3PAKMLxclsIu&{UZ-saV3$5TuWRwY>gV+;5uB1_AFC{vWy^3jO^%2^=G z?OB90;*CKK*%xcZpgX2Kjz)zxu7H?7g|wM9v9aB>7UHndIvFw5`a;5f4B1aRs6ile*P=Dm7mA?hrUo zS9@EtO+%W}hl&iqDuVD*X~Dv3!OYoL6{trVRz{r{rZ3#O*1S;l#qART7QfzLLB@+7 zc{Ny!7Z$ni$IG|V+a-BFn9m23<#@Cp)46Y!pS~u8$p`Wu7)J{*dX82z;Xqds zPfc2#AkdRiOQ-ha0Z|14k!+J#u_nv$@_H1K$#il&p1huqCvQeKqscNPH>3IR?O?JT zyc%DRmmgpYy&f+oqXoJT3``%h!F)L$-d+#pWOh5BO&24)ZP8koGAQe;a*-(xRtK=m zpj24jE;P@j$R*e8IZSv>O3;nY$pNBn?5v=T^$o3U zVHWq^cM-XEDAgZbbM%eeM`WyTUc&D6-qmnmADJL2C_9TS6LRmVTC63j5VG)91{vF= ze8aMs^+RXv4r{7hr}=quzaQCJ)Co)Z3K%+DKv^kgx3EJNgvNye>v;G1Knvg3wkry89ur>X7KQs{U~HHw%d zRHDsX-{S7BR%Kc=1zo^q>1a%ePk3e))1#}t#^C5to4AEaPdgR3VK+h~4?OjChj&C3 zBG2iDg}@V(8gP@&2)!WEb(vMn4P1g9o*+;wT*ftg;J{4vL)eF!L2oMJOdn2}PLq2M zM$)x$-%yGhBv|JL(>2+Mq4?J43)U$>-p4*s3K#6M}YeHI) zQGgdXoyv+*QS?evc-RQB64i?v@ z26NW#>eMrpl7q^4%kM3vtc;0&+VA)KzmPxKqCgER>tCSx^+9)1Cl`6HpyWt5a6Xs) zA9NR19?^sVuP>uMw`@Gmj2H@}(d{V5;&@WOSb?^T)>L+OBh$ipwLal;YW$>+&!bcL zPCIoCUs?vW71U9#^#nhdA(`$$neL8_>33tOkNBlMLk>c}!B8ZA!XfWFzjG z%$lBkMq5(x>#9Ak=wCB{=3o5xsQ>@M{^R58$?)dmX!2!aJnH{{e)013#d)j#``K^t zKflTk^$$U?^u5a~>xw<_qN}Z~-#U|GBk4{>WTdbE$G&%0j?qJyPmff; zvSsta+UQMq5ZXc>2g_0?ufxg((tOH5Mxe1F)L`1iiX{p;oJiw@IVW3|G?cieQ0zTt z4=e%o+a>vvyFs#~x*-2@Wa}C~JUkqqzKHm07sX!qKF?6@i#3tKoJ!p#b11@GZEg`^VQ1X6Dt-WF%$xEY< zFTIhR!F)B7B4$bnNg(i@+-6+EJbQQB>xYDrxv9=le?7OaYftf^(~cN+R?~V52bkn? z%F!_3TrwH>7_fVNg~b($XHp38@Ele5Nz`0F(1&Pga8)ZEO1v-4q{_E8>sr72mTm#LNrb7eqyo6#E!?9VWF|hLXz3uOB6wX zy)Uf3S(NDJlheJ8aPo8%Yo_n-aYgOJ3M7sY)m^ZN#N?Us+Sprf78qR`hdL zH7ocum=Tmml|zFOlDf{1r-?KQJH4S+epHM{GyL80_yXyPB5al28g`c}S%;jx&&*Rztay!m*8t#Y((q@ATMr8d`dOgf7?Ev=zYY5HlMGCJM@9isBB)bzA>u+tuSfPIe&eB)<_l3%HqYI|GnYxYB9e*;r2if(Yd zRx-t^f#?wPSBdbIr%Cso{94&7qoR+cDy;rhmFqQ+ zL13$$oVqYrk1B+~)q5uW`I^m49hEl-@YtJ9iee6R_wm&m%u&KhAO1K-Fz(C*iNYem zCw8eHm@hnQV9D&=Ey#l{rnXO3RB;rV9rmCD@Aw|x#9ccL20S}Gg+UFINsjXEUcrqh zB)R9ZC~4X^kxhpV0`{b!c1^QGkGXrWW)!Cp*Gwv|{ki$-k%jN3lqf7OAYzSNQMFwO zEi~y9H_{?bE;S9POJh*R8Y=vn$5<)BW;#`!g4}DCFcZyf+rcRIy%wl8kfp5F^@QH@ zjeC0a>f8ql%Q27YarQ8sj5Mm(n7@styTu@w3qBU62F*;Aj+ znA}nDnxC_T#@@tCuTON)@%kNZ(9eXbA*ALn^m&`JLUMNh#Bf*hi;L4Q_->KWJQeZXGe3n=*tTh{qiN2vMM2}c zW1Gu7VeM1Y9DZ~&B!glno^CZ(JT;4Pa4s)8$9_)>B{DMll&3;6Nv;^n$snWYzTmNP zr_SfzhhmqD4E(c$rk^Ev((4<*_YZZ<%yWcTkIVEUVC;~Z;#zl@rtE=a?%EjE-s{`w zNUX^tM64g=rDThkri{dCsR|~+eN0O{P^Z~-@F-F02aEr_CUaKNqGx_)h}i;(+0B2F z@1oN$`54= zN$CR$Md+rWa735P3`~{=B_5HkS-(s!0-i9<&h`#XuNRp!*!{YeVa-?9HA4z)G+Cue z^i-T}r~M<Q`Pm1U6-MO#uE^0_hD`K zRDlFF)fm|0z&B_7>L#quw2G^GY<_m_+VZXzhz?@h$a4H-gbQO|Ll`F{lhZZFW zv~=#2Hco$6ox0C9k_q|jZ;W-(`W3UJQi1ly*Mo^Mx%uR~@KXS#&RWp0&G5sRbzX3v zg-pqcQf75N033aVOzO^ccF9md9`uvV>X4m7d~qd^8!3U=;oB(*R6gH$!fq zMJ?o}BiJScERp$WF&hn+WI2W57Ngl> zEoCFIH;HB-YJg|t4QOXDHe^t$LUIZ&2Vbko5gs6M0S(q|=P{NGSqEk;3nud0K(3Kh zIbIlMOLy7rw~#wG#FS$b?La0Dq|ZDP64i(?Ry z0>!ZTaar(G1!}KSu{q8*!M@xbqhx!$rb!vga&-q3xCmzmBB4&P#+PlH9Y3>Qrc%q*O+locpfR_^~^0ETYU z%7W2IdNQo3#o7pLT&rE*bt275uT@}@7d8c-80UF&xlE?DyRY(*AB~r9M{{@6>dO!B zxv;uVKj-SiXTRq4sZTJ_1-+4`lEx_`)3VUgEE#9$8v&Zamj7qN-P7MK?mT%tt$Av+ zj}XXW&4u@zJv3F4zz22$(d(o4i7|*8cyAYjkc_i9B1b)Z)ayqkbVu$Eb>$_D$@c#E zz7%doSna_b!Hg}@hpO~~fChDr5y#cr(|*#cas(v0rLnjhG~p=L>%kjl-1dh(kXWE~ zU@0a&GEJ&zV%vhP>~q?5$oKnkt$E|}?_$tpI>f`*kg^dg(v zz1G9m-qofDyy%lujBIA zm&oNG$J6MIb^mZ`TZ{Twr!XB|>5n z46-b#GTAp9H~dm!@boNQ(%Lff9W9o#VFw$6i~c+wBkVQB{4d}!Le~e#>;tT3@pBmu z4a47)@n}(7NBK1ZVJ(f>0dAA(kkP7T>on93a!p06DFt0YW@NMwBMS?sGneT3#7#n~ z71PboEVC{Q0cdX(mL)zP@011w-Q`SH!Sd~)jc5w{r@D4A$he?)5TFv%(mDOod%;nn zv#A!eB#txK0dH**KR~4>y9r|oIXY62ZJ4y4Xg=ntQhb9W!0}Iw7j8(vWMh*&7ECf# zOWIK@3E>$0zD*>FY64YmHcYvMRPNrZL?nR!tPdo)p&dDN5om~fzM(pK0z-aobCDUv zfMh?GO!;Hem2~+_|co^qs>76&~_ZioZi>cT5Uz(Ok=0>M-a zvphH5&Y|Fe%cpGN?g&nL8Y_=yV}iiURPTYD<{&QG9nxN8lN#0ticbyPuc!#hr*|&1 z&*QYm=FYFA4Cgii7h*+|JTAGtT1A!Hux-->sz__Jv!2UHgMIL{RfM!l5QEUT?AY(S z``WOZ8YIM+N|%#6mdwI{44gmZ_0vmEz3`IK`rY_cMLc9g@f}ZTEl+IY7&~k|fG)$` z1`MeT_Y%1we*{^u7?_JSd#7i#VgzouVoNhW9io0&3uyGyNOjqP9-S}@uP;rWmB!d* zd2Nla2SN6XN|TP-8x%@p@{^3MD(!Pz;y0cI1$~I9~lC#1vkX10BY#nza z%@|b+u%w#(vw;VpS53wngVycbt#iUYL7pzm1BSZy#=(%EVZ3e-iW(%`kNhpL+*-^` zd06AGrEopb#)j%Q&0y`kY?qI&R1l0lIdR$er_a4mR+FT{x8zuc3k*pDpx8&KnZkMz zp$+$1?L+;iE!nt(FrFP7EjsK^}&6gpjV9Dz6SKG7T17FLNvI zC(I;g3u_qMiFy#r<35%lxs4W4Ee0717Jb5!!C)6Re?(;IqCu+RF$-3u?QD!rpw1sD z#3k|4YPg&lMpjTK*cs0@CoQvOnHh7~j!_`a5Rv`dX!}M|g4P36jO#J{Ay)gU1Y6Bn zc2&g#MP!h*avs>;ek_?jph}a?tpH;-zh_y4)2zj*HMY3XWZ9Hady+x&39D%?3&TgC z7d7(8kPEK~lA|1o@5;2G855uv77Tll^ zkzaF?HBKH~3vZU)R&Q&z@S|H-3~PEOA;|>zSrBKT9{U_qzkI_Yk?wjW})#7 z?Y73W=NY2ATw05eHwTs_LWbm(q*)S@Mq{X}45=fbi0ObNB~6dvvDXR;danIY;4M`k($u?B zzKp3i00zx;#DJI#jjzizB}1Cim^&XMa>t--837hTXKHwY|OIa2N9p>}_1|d*B5csQkT^ z>s>(emdXTjI{1-9?JeZ0bGvFVOQIKdu8cc8|4uE)_riOZ#><84v}eJNGohF9~Y+OM;jmU5zzS2s);||*Wmf+ z$R1}%RiYsHJ#g0tP-7U1`ZKEns1R1SVzfRMH1SmrjW z&yx7F42j4gSltzK1??pTb@{9DbU_p=3iROB+=9^})lx+TL1*r)IoxmuU;Ug5ZvO5T zb7rYV(kw6$*6y_GHgMt_t@6)G3tef{#NC_vGt*Gmi=rBP{_eI>E5s8Qo8gLupCQ*m zs66vVrHL%?5=JkQd6N=CaS7W|Lz=O-WuY%=v92)DkPg@F}Oi~)-Daoh`-d%xP9)<|n;XX#r5cQ3s^ToeQyc5xXON00IPP)3EwVppaNNE8&) zHku;$l0x7EiqPhcgnKwCB~wk@dgU-ZM?=dTROY|#E2m*YpjEOVKx$Jb2C<+(L{w9H zrV7&u(ZbFjk^xygNJJ1z<7_Q4+UIFi*ny#7&oujiOhm0sp$`D|-3UCz(uBxGWuWNW zmRSNRfF4+;rINGr(>^Lo>=}VTCA~!VjGUd5oydxWUQ)jM*Hh^-0;=(@&gaJ~O@qNMown?OnaJIOjC2Do)lWbwPGKgG$S0R=!`H zzIUJ^e}&OiYdv8N!5w(-YAElkI=corex`k~ZuJpqSiP7L7*!vv9n+TsS39&VsgO_t z)(Mz8%gE8$X}=8;7=GA~Q2st+ugT(k32WJ2<^ROB@J?uGf&e1rq)R`~e^e13N7zJK{L`o7-7 zX=e`?rv}PXgtLO+yJipHe$&~59@Na?!c3x??DyX_I{Bs>3_Y%y2?BB!o>twwc-idc z;?QhtH~M>o#_#B&1<%WGyC(%-8Hj9GXQzH&=i$q5TfH3s%j*p~F}U`-d)d+5i$fSU z{aFeLRJq>W_u+T#?hb4s172|cEDp`(AveV55f1GTgVyX~(CD>`Ib%DMe}-p1t660s zYPmQ*a#tc(&={e*{2`g(Ijp;0et zoqdOY_~iWJ5ekK!y>Ojf)amD0tGA2p-d=dUU7S|)tabO|yxrZQOQPxyJ26wO^>^`Y ztG|~AFF=2`-gIjnp1u6O-D5X|FHUPSuBNP?)^K>bH~HKdXi?tNa6u8dF46BGJfE8nx1va0{lTSLCnn}lTl`syGB*^(K5ri1i}q*c ziBDXU@CJ#YXo+Wmgp?)UuS5on(}Ha;S{`hE;% zA86B|M{k?mpLcYB`Us+JAKnT!7{%rY-=B7j@bZbJtcGx%dK;yMqwu0@kQWCBsUY?C zOp{`_P!*nEbc}NT#Qy1`X59n4=pNwgsf`391jBL%B*g@Sm!TcyZX=IyG>ygH{&`#`&^E(Aziqng^vvU0|s@hYWVJ4>z0wGhIEar zy3EvyeGYWQa z6Pj&(7IO->tSTmSuw;OB2dO#Hdp&e~p_xk5Bopend*3rJ@v}=^)&ATD#I0z2SLPv9 z5C$$3q|s_-wSyLcV#byQ(+l==qWGYlnxpj6=y!f(!UQsKm9Lj;s*#Ci0&I7rIa8N4 z*i7xTu;(n9%+x1UF&{nQ)JiQLiHQ(oshM0UyCwJEJ9yIkTD+9A^cKF!&?a! zTydOdXAAeDn%djvG6;?zLlzlI`jDb7#imK8sh?5lXu5u8R`q_B8KQBiuS%W*YD~WJ zp}SC2WZ?T}gsXNXKm$MX_}>*WtoCV{vo7$0Ui+z~!20f|Zm{b5RwS0pQ<@s8COeu5IC8bc5~wl1PQ?S>g!OkjSMh@s zRNbk15toLG!FhBzjciTxt53B)T$szu9m-ZNR`5Ahe3OL++hB$+QI}xB*3VX@(pR~% z9$=N%k_Wn{3H`ev0d+CnvfkPPMk7^F2zmuiKI_}^h_7>9+IhcanJWlqH}iA+nH%0S zwdy{8Oj4sp>w$J1G_@+PR;7;95+S`~nq=d(1}1xB3mj)QyjIAhnJu?jN~@#y+Byow zYB|M2KSQ}q_<%*8R%KDaZ@y^&U7F-&Rpq_UL38~yG%J{xk}*N>GJ5nHIaKcTsOP`w z^=t8bQ2^O;4`*@qJH_BOQpqQVVa4zcNHGke2WZ@Uxda)d1A>U@)|d>c&VL|~ZMT~x zYQe@KZ1bo(2J&PLY@C#}(xWeJreq5CRWqZyy!8(dtay;k9-L3=O_8uaLeidDG*{jdb<4Wq1k zpkHCt)DdSKJezeq3xa1R@eTqlgOf9I zOx|E(Exg2n;ME6mHGMz1o(?ca(|EF24z91^-^1zb1N>t!9F7(Xe0Dt^{>OOohD;}9 zFd;qtYPRf=SGUXMbP|&3oJ^N*NAvgN#faQ4Y;MWfeEMcSxCw2h;}IFWnU6*bn+th4 zn%_X0rsdo50^i+?Cd-J7Uy~2hTQZoB2o7a>T)1y0 zOGx%)vO|&O+rbiEza6|Ak=M7^*JN7Qo{8>%HlN1k!9lVlA@(v%!4%fxMniZ^-+%(;G5glJ|oJnZ8;M z#*@*NNs%=ly}q4X;W~}T;AVO|S(4dcd_=B2xf(5&^XUgj`aPV^Oqy`- z3*@KjdYwAW=#gXJIoZ`arbV+ZZA*McA3Dd>G-6I^VR|x340n20e%xA#cB36nQ!B|> zBMbU=AN6h)x2o3C&Gy)5dFII$-l@NC+E2>0|9gKF* zsfmv3%ve2S-Ya(i*hy2Y`v^hyR6^2#SmdBMIO|)5*s)|Z0VHT%OqQ|Bdt>tAocBGp zDTJC7CKP@L72#A!Ui86_OB~;GRnpYyA&;yI2I|17kQD4wfr=Oii9x+V&LMx5>SM1j z`^}ObewHKG*G!CHgW1~S4K;WDpqnitMzB-#x*zxqZJj7lZf8r#@Gq7rv<1bAR#@}0mt%GE=`Gbs`Ik8 z0k1a`BjD>Zmnc>94VV+KFw?4S7%&DXs2Julgt*e~_OXyj<|9CpbR zOH(HMHqOgSK;khyz64UG%mUBg!cn1yUo71*lS9}UI&{adE;T&()O%wpjd-#JO1)M3<^>#>QZkcZqm|fMk#3$R#OLSa7~{R<{@8fM znCL)Luov34Q+lmo7Pa(9M6x`kv9TLr zJ|iJUxGs17yy3>$U|c#Rr~dA(#V zRZ-sSF{G_T_tJYN$x0Mk=s=-%(%wgJ^oqAidW(n5U5BX8sAUTd?Q*!}j;4CHrCuQ% zRV7lrLG_m==V65}l8Mae^!>zzXZ=>ebChO^R+@o!WDF32^FEf4$MlpaY~v+Byc*I# zRO|iWv|iZHjTRjyiC)^ZLmLD%s+U1Z>BG8A(|zZWH(9xN8iA@^5vP%4?1vy&MbN+l zq9THpuQFAtY&!<|AiZ!Xuk8;(5PR@ShPh8ns+cMbzs1FoJP&h;6 z)UR9pptjq82!g~Ln`N5Kvqq$BFEX^ymd&VuBjeeg*l^}lVA^qr)!2!GrTf0#F@P8) zQ0f*n|4n1wHJL#_X94^?BM$RtCJQA_6HjPZPc>beLY0`7eaamLl)@6noiWgYO$Y%@rTYkpODx+!F9+Tv@Yx%N;|m;fyRLP1tdntB~Ac zYWa}7=AW#1G^0hlWeVE*t-I>P8b$}55;Pfurga^?Yg3`#&I6qTc6p&UCaAJC)j%+# z^T(kBQ-gOEny5dQRbNx9Pv%xD;%!Z?_S1iYfT5Z~Ia~(oH3JDCHs24twV6gy@pYS%fS*4nrer75;lTSuz5-Mz4pRUlOFu^MBo zfL=4O6zHwV=;>8^L`Oaf(rL~hTeL<;(_UMtv5X4Hzv3;&$dSr-W04Zfy`>JJ&kbpE zpMq)JJhI6`Z9GjtfkmvD zL6yFp@|I1%sh0Fuq@u(E=yiPtC{@KX8C349wl7XeLidj1JDsHN?g1Q9RasAx@0bto zx@unaP9pF`5xAUb+S~(Rp>N_zi#WWUU_p~L&_GIyhk91LHJ7SrP6>=@#z51oW&Mz) zf+kIc@XurZd0~nydG-vEk*#1QIf^RDaE1Lni;nmq$Yt5Qj>Nj|!N+fQ> zD%E$ZTu+5-T9`-m(&2~LmX2-kC0q*%4>pA}Qbsdd*-Rzb1ir%stg1Lvd3~+PS-(!v zBsuRl6eLaiOIT`W%WTMPsWNK4Z6ioIzl2Jgg1!V58L+F&el@}V?F^x&yRn){2i!@}EZJ_XB zO0!K#H_Qo1l~&Sujji^mwEcY5BIxa$7RjXLuBtg3HHKA8foPk7K30S49mArT@w2LU zfSp0vwt`7n<|d&#lTygzHIz7T?nq4^LYvhGi`>B0lTu$hnmk%`CQJ(#>Txcv@C!&< zitgC8&RkblrK3{~^IupmIoB|gI#(({gz;;0MRs+UwKBXJ6o$&0(+SN#?3D5J)RkF! zYpwP<6wJ{gc3oeA?0W=G!)1y)LW5*eH(E^=c}ufoCBz*dYF*0K={V@efE`3F)stI( z>m097lGzF@A<03^I(uX;#VTdazyjF_lt}L_hgSp7Ib4{-Q$u`%sYCYSAO}+8w7%F3 z%?pz^3bbC&;u9k>fGYvvYf!VN?uLI#?&rJcymm#QADLgsa6WR*XkRbL=#Rte+r{|Z zs9EfAKAK$*h9mH=0tY<5!F28wLkyoP)A;Ik3C?R!rg3ydmecT1nZ;Vi9aR=XvKTDK zi`RqUaytJ&{_}Q#PoFBh7}`3Jw!~vqBGMaC57;ae8Ii^GW<(at!4l#7KezMo;%YoZ z5Utucq((4{rt^u+!P>8axQ?dPQVBL3hK^yU}DB zlEv-tZF_MM%i{^Tx}Af!p7qIdlb(&{%s9Kjmhg5{@)0h4;QT0ctI8;{NOusoVqUu2tMOuZJs97N=3c+IuUyyBIXUwB3pMsf??&?w z=j!k{es%M;{&J?*V{V;f=U2vMb2z;k=>eyUk=MuohC5C-X%=v8o?gG6YlOhg2J^w2 z`C#^zTuny{Slr3&_4WAm2Ln@eC|_NV-g(LiL@=T*r_S-`BprzdmGos@uD}PsB>@!|1rZu>#2jD(Xg;KQJd$iP+$=zYvHpl zL6!Fr#$%vr%9#e58Q?0Z4n!T35!G-hp32u~uTkIV*j-2>BTz&lNCbTL7#cU8gFo3%p zT{@j4Qsp1D)&2`9QollzRj(=*my#FzkgyC2UxDCST5l(i@J*q4Vk-xG`1Uo->HgT7 z%>icJw(p##jH8m_ElrKs#`LWVGsN1Uw{2I6WH|Nc77E7)4ppsS&>@g&(z#8jz%hi! z2Ik>T(d|4oQHP>!M3>VH|s{LTmBs4E#w@P5j=`<{P>v zuNXj=vLG088J9a-atgeLO|CsASx8pQyZaKhrdn2Y)*$peaWMsU!gW2PiGND)*29z= z2?ghHlxg7Fs@D}le?G-QifNNDze`xnR)_ux))Ef|;*pY-WHjD}Bx9SDZ&((yQ13^{ zaxFU=`r^e&Slq(SG}YGlt{)l%Xh0;ZW{wKjG&Ot7io7msxZ9clr|0Wsol!hpX{AfD zAK9?SnjP2C4E8BzMyfO-tl9f#{R%xol9fm}sIvZA%Ds=LgwbN#H&Fl(>JKaC8`gke z(hRe!wC!%j$I#Z^g&m3U5e|aNmDSp2k9f`&$LeeQw*R<+ z$C*grjxocS4F_u$Id7pIH@aodVaPc7;o?_1p?j8!+}41zKEeuItIbfhZd6sQ*H4K1 zR8K%6Y+yQM0P#pQ9`^Ij!#-AIA_{ldkwu0kj5Ep(&dbTYje54E(h82#t%XtEp+u5HsF$aIcA!PCW3PyF>*%bBlk7vl-U z$j$X!Zbu<`Go4<&A75WX=URptj%NccJ1++B#*;S-y#!|%6P|Klrr$B?^y)#->Fnoj zjx%y};LCnUdgIykpfXf3xpR37z`RnU1=eH3+#8zcB__F*<#aGzw^!8PUBUJ?HHR47 z-K{dx6~Kh!V^rg)^rs!V%b9MzCl73;c)`d~mwwWA*?+t~rn%A`0A757&GDkj)v+rR zlS>{$loSLj@s0GA=Lf8Fih=qJ6ql{FY5B=``cYGSw?Vy}->xV0AUr^fT$x@dUk|1x z+&^cvwYRZ+oi&v)RYFK4D=5!GE6zNcY@5b$S(D!|x<_-!C`J}Sq?%{S%fg5|CKd=^ z`j0A^gd#`makxRDYAcUL4 zoavpNRyjttqJ;a~6VbtGDPcLw5+JpBtbi%-lme=_qGL_XIJ%VZe0M3k(FQ+ zRMo2)5oyIaBvedGykDFJ&iI%4nk+pQY_@eJjn(kaGprS>8X7ANDwv=3XP!&A-r>ll zw>P;d#8t7b`ba$cU>~X>fL@h3-B;Pj43YEsNGFO`frK?*GhbB!STGX-O~85IscqKa zl2&`~xJWIZRH?L+va*aezwjx&(-1WLq@8zS6=`Gy2@SlLoyHi-!BA+&^4C!BiSvjo zLCBqfkZWr7*8|&(ke-&{SLR8?B4G}Hp-sN%HwiswV^5XWC6PpS>?-WlqOUdPQLh8$ zULW{f7aiS7Z{yo%(>?e!DCXj}nl1@-hm*;4Io3Syny2hY^`lyW{g%nh6u)NLbjztG`m^RZ3R~Ec6mYJYna;772g{yBeapjHqtR|k`PC2Uo0HjThi^mm9WH!G}!(!g6}cmbO> z!3tNPrL7o2FHRd2HV0fQDkp@q7m*F|1%YNFimkcWo18iDj>_o%Xi-8=9>b5K4o8(c z^mL+yXIKY?PU2iakWaT-i3p@5EnT?lx90ocA5{&LmE2MFr<)pgZ-u@>Tb}2ZJ#zWG zeNGvwuK?+DZw)ze02q9YU)>yIVlU8d#8gU%n{7GD0HsgRkJ?>Ut9>ipAOca%_~zF1 z?nNuKV9QeI5%PlG)06`O%Z%x>9y1Cdg=h}9yqN2;%h|q?0YG^NouEPxmNlwJcY18P z7mENHuPR>D6z@06ZT-)bn#^R9ZA^xCpVcL|(IO&jx1w?*a0gSH+tB;MiUOcXw0;0) zFrR`kOunU1vE?3@CPR`R`srH+J|i876+rw%Amqr{2e|AG98e+g?H)GP#EqnBN5-V; z!&!F;t4hVXm_g@7;oljc*}O+;wkL`3SVzoEWwUi6=Zxp6%OC^}7uF?*nj{fOXdD2j z3>O)M3`2*`p%;QLA}ze)?S_x9F`t)YTfVO5UKkq|r3TpZLE zV+E{6?KF4Z-b>?gfrlMfG9Qe465D8gRAnn3B{lL~vxXMe2H%qv3d@N$gK;{<~ zvjh0Xf>yZ2CL*_w`PKa#6?xsc4w9o}zOSqiOF%lHBxM_#no?)YYPCpAtw4n8=!ONN zuIOzLmnyk>r5dOlP%HJjv4%;Z*bnxGcJ!Ei%6Wqsg(Pn<#jxUe4S2?f*$d+_S5Xa2 zqY@=4%^?lO_CQ`?V`*;6$!p5fQUdE?t{K#ydOI+|8aOaXXZh9J)Y$W)AmI91MetxR zHSl5a?qB)5%G?PNQgs*L3}qA(Zqte;XQvGKIF|f3WC3aF&&Kl$jY>KY}hy{u=MHP ziBh zIXd9eZPx7vYp!OWawa(gBO2Dx6uTWW>5wsVgu@tT3S#w*K|HM8hGwStwIW9`rbq8}-lx63m9<5|Lb9Xsjul~zQMTP$ zPA}@dnJZ?=QQ(&Z6sD@$s`6tt)c>~@bUWIg0U-|ky_U-LbQf*{2k z&JP&ULJQbdO8@xi3GA|lX0Q?VVJuyZ1*o~GTjlr=LdTe__I+P7A5d|^nuo1yh?arFdUU>nXRV**yy`Hui^d6cwwPvzr zFxsPup8R|O8-T!6RnDc|V1_I2h^nE^52$rhh5s*m|K6KOlC6)z`)@u)$kO{ZjMB92 zs_KhNM@JZA7u^^grSzij`YfOFWtMpM@_2^^hlQ!Z?6hpmw#t}vOR;f65u4ULJxat?|r!tdyED4Oh zr!Vto=SBF=Sz5}h_>&9UC5X>MuvQrTs_kfUg1Gc04}=gwev1Yw>?Uj|NNN_Dmc21O zrlk}?Md_KT{L(=S=vgIpZ>puvgQyvavNAOfp|mh&AA?9Sjb7$P;G)A0yPjXRT7P4A zL@sEj*!zY)_Ry`!MV;QVc5qtZyZ(xI-s@(2Tan2n&kr<BESmXZ;>lX08~HsCp(<=#s7=rwJ2Tdlu-dYVNZST>uC=YpO5HB#+_1vQY4 ziASwiy$4mmh;WBv&+_`ofb($KYW400(_z0iYqi?v9j&DGdCFsc=_IuCc0Nk7M<;2) zGpXLUTJ4LDe&A00E|&^lT8S9o>HLY93MjW)>VM<2`rS7j(>O`CS%K&xy>wm5B;op} zLas~x?G?`!WvqXZl?xuRt4tO$->{D|Tg#LU^8^{h`+UFU-oLNaR;F^vBX*k!J+O$~ zmV2J^h|Rc63-+@t$Oa#aN12;nkIJRA&)jjI6@nt7_^Xe4Do6>@1Hjg`@^D$Z+hA1s zA7k;vKCA3Y6pmL<#aoz)k0KR+lp^8vMy^yMA9*Hu8ce2r<9(~un+<#Hz6Z(YtycRT zG}-4{Z318p<%p}V?B93LSg*{Bj3=_8f7D2(<#UGM;6Y)zpC=$aVsG8}_t5wUm9E*( z`hRA(PJ>db2qdY~1Jr(rUGT#5qV7Je9B$w*r6oLu3msf8}Y!u0+DKGLP7m z%2UZtKZxuPvDPO?Z`v|h>m`g>KU2KWKiud^$k^v{t@4CFh6hC-X$7CS6)IcnA3l`n znrHin{mlR1Ux4r=Vn6S*_5Kh1`A#LVdgS_tv=FISXDVX%Dgmt6soG-Sr)8eQ{ubE+ z{+p;r{zd;Z=fBD?65E=W*%v)V{MW;mOp7c$1rL8L1U?o{C+rZZcO#IL!+fm;jJcP_ zD$DdVh*avSDzh&#K5*~+2nucg3!aRqd+wHE?sk#>4CT zxAJnkD4RUrQ_mck0-^$VzO2I)@3F za#5x{vD^69GL|sWF*ShxkgZljM7HFyayr;UR<29Fzic`Uv@)PqJjz%or&v|=*6_ux zC^EHEiN56Yq2tvS`#j@Ip1(#1LoK7S5fW_-rR<{=slF`eA=VzIsmMm?j2 z3;xIHCn?wJ$-i4qX_6rKT7Y^g%YT%PzgX!o7$tbZJ@xJ@^oxnc$$iQ zQD*D+PLH|Ggjfo5(9Nx5k9@D#h!p#Qf_s=}TqIR7G#3f$J<7+^pZIEp#tDkyVZoD{ zw7b)tgojAXs;ns2yw>VS<_m=nqV$~YfT+3B8jmyS)HAX~%j}Dw4-fU0Sd@tsDs)F- zY)D@)`Zm5MMi9uUR4e;dRMXe6ZPe7>uwJ&1#3guGQPamOj!jNrDxNAz*&EjO+W8ut zj4}Y~`7qTF5xzdc>syTeXLQ6OfbI{lx4qcIA`uiV(4$Yt#g{?CnP2>QS#zZr<K= zA~sB8G=#K>zu(9NQk;yE`B91@1>Vo=!-`!)R!CC~)MYP@nxf{VR&2$Wgs%Pdh> zprDGQL^AzVS#Cd8Y%(D*ScA26IaNbIz8WqsTL^@+a`l6Jw^K4LpkCTFOY{^^D)$Yo{Cqpf9im1Cc0o)&-Swhypa>He|;7mPZGPDcu%!xNV^QuD`!1HEke+Nn#t`1tf;8m?BqnUco;`^S z*_909GJbo{)DnpCVuU0juBb2@Xk~KJT*i+@_O+yQ@yCU$Wp^jbM3t6u5P^gY8P$3A;lhq+9l$fJk*po+N^A~hACTeNYy40 z2_K@|X{gL4q;6+tn|aC0h2v<1_9}vJuvB{EE)jY<<8dfBwGK)}{*dY83%n&!Q(5dq zy>T5pwY_#=D{vVfXt*v)q4Nd*BB+={+r>iuYUE+H=%o)yl;ZUwS)~C!bC-GOXj;9Y zj49V*gp19?8_b?+Or5okf8!_dCBGLhut@}&SvNC4i|GOR3u^_xcfIJM@jp!UEv>*L zx@@)nlM;C_CGy{u4jD1|C(|KclK^QF@4T=RE`$6N$&pfa=)uNhNPh&?&c331FG{4e z$(QuDNvHf%DrdgoFVZ;?_|iOVbk3jn7oHWU9^=6~qb<+P62x$oODUd-KV@sn29vzK__( zz!%CiFJw^`;dB8sK-Ie(gl<8>CDu!8WxN9c@l0C8f#dS^?mwBM&rR5PKDC=s>21&#fxpLf?maC>7FruQ0Et6~y46(pI5J>o6vG^Ya# zAvA~#34bQSE(afWQES$pJdEel&#ZSh7+>EF#`9UL)$fga*S%-3&lV2*EcCJ4EC*oW zJ3o@yS@VV;t@W`V>|C~5UxCH7+w60>O?AW?(&5!AOnD@t7?Qf&!RT3&wyFH}Na^b{b09DO@|v_`CgxvJ zuhv+uMq2d&%tB`N_N&U%nz!olDz(EK^eYS4!u9jxWo8Mtm#x-tljxhH6oiAi7H^ zL@Je{&^elBX%L4!DFeCiT5|!Q(_JPX`EuVVX;}MY#Gmq$j#dm79b3}s-IoT!IUFgK zr#=yaU@Dd(&v~}@3tS6_S<%ir-VQcIThOqG$)^}TNq+_M(%{R$bAv8&a(y=3@o@Y4 zym5|8h_IH!Mhz08bs?hHH{6=!+@BGKE}QX{SeHDD^V*v7<(E`FB_dvjKix#G7hO&?_^w%On`hV!26GqSjj0L{92J+MrkT$P)|x%eI0e=e9rGU8V}L ztgJI_i|YI$XE!k}2NQ{0O1hzg)`aUvZYR(iF;x~hC=3$LFnrygPUqgJ!O+sWKhOJ|o=1^8$JUc|=!{=Ud z+MjsdaF*V7SPyZWr#R?_b7Yk&d))VIsgQ@q+foMwK20Y&r0`?@KfA9sbQ0IILt-O2vAof7&S41I{6vZA=f$Ad`vR(|tM;Yndk=s;N;ib8sO8 zR4Bf&jBgE0A*RG z(C#9vD(|*h_k-!f3$V@`RA!T_Ww?=E2zP$jY7MNx;e14ujrh9wWK`#$mMM@OTkm!f zbjLw*n^k?*(s3})#zc3vi9YLEjl!IIGPAVSg2*M-_Ol38es92MYO&){Ox62m`eE>^ zfEC`RPd4ZAlg<_(TbWA$q9q_yaYHT3gj3+T!DtOVd;Z+Yf~6`I#YTV>3b5=AtaVd5 zUnLx^JECuAgjGK>gJ0{vah6_D-?pK%22)Y0dRk9UQX<&-n~NWeEp{)m@(~=ORFe>s z5A+B%KppBNw~~mk+U+FPcN+1Y$Rt^n3EKjdcw8DXy#Voa%0lX5CmX@FRXz{15yBLgYnTmEwDDyFH{geeRd$dm47P{mJaJg z7NwDDb|ozRrXk6LmZVrWOK?dC+pn; zYvE}Pu%-Ys$%SzHpm|6?atlzUthX%K#o76p#{lD$d30!G0=3`(&;Lc)|6WsnULy!+ z@)hBlPaBa5<9(JX(Z_(Y0!a|k2sX=8CbvizOe1=B@(h!Vrw``U>B_{8%M3*h2!gGb z1(p-21rI?jG61#6BMa$LY@o6it(`z@dc4EB!6%i)?1Tc@CkV4Ie&^erp5v3E zsnQvYSO|gf#A6cU4r-}zaAzmb_2!0N26%(m+!n>gUdr~=UD_g?043y-odo|rv039D zbjXSQ`NSC6bTx!HI?Du%m$pL$>YjIOGO@u9Il&*gC#}|Sd_Da0f#JgE<;P~u5sA}Q zV28nC4EToZP_IXMd}*lH_*Dbx0btTcL%{5!L$LxEUNYQG*by%i0u)(Ul!iLsQ6-N^ zppg0qjKtIK<(wF}T;0GE-&cV~11hG_Q&W|Xjl;C}IFLU1@X;nC)QgzCf(z;;(ec{0 z&r_t<#Wz zuq_g~$#E5#76BBl3%=t4$=b{pm92y{ag3@97M{urjKd{@=Z4+AntgxhJ6$-zlks4t zPw|`X8-SL>N)MNr_M9IJ{AK>x3?L9)3R3_s&W%&x;=At}vY!LDK%m@U&JMopS|le} zPJ;vQPArz0w^4&!yA`C8y6Ykn7$4h~a6rAu>$X}y_3rgOcHG93X)ZEYDcD`Ufz(U) zELP>B2xyiLBs&SA0#+S zJ%Y2jy+esQ>;y}P^%&2(7YjWBu}B2ww~hy&*gproQEz58`{ zhpSxVpf;ZW_~V;qof|K5M;-u9sW_kyz`*m-rYl~mx{yIF&t+y9z5(D*@YrH$t2@Q8 z!s>utKL?i1_2R6It_4D@2k81=;k>rWyK{*U;A5bKzM?nBXRYoPY}yDFIG5VvcEtCC z$^B^X&5TV4_YYU2VV_NISpUOt+-tSoc3B_8Zbt^+)2EcDUjPlJAxKvot<`goG%8C) zjgA2mv}|*#EU=j2m2IL+>i)xUG`znbjt8^X9rTx7#roJ^0#Am~);*mI3keeP;EL@o z;o06eWjhhus!SUwT13S_AWCXXh162H*r+gR$=Yr~Kb^Fi6yQF$TC?H!ws$|74qh+V za!;~>DsLzbPq6$BWgB5E+wuPyMMhq>TC;H5lI*IG_kwTI5>}>hBdewNmWQ)_enxp_ z2V+VR3I)%1ii(+d^uxjg;l(HkzP()`l9BZ<1THk?tsb;)*jpqdYwl9 zDZbVlvxo6;GG=#!yQ{&J;v9NW*a6`7mw3Go!oGJfa0HbrfPl+W_K+fg<>29@6L~y7 zu=!Bir}I+FS+k`M{vGaMFTgAzC}`8J@#O%Go}sg(iw!x3d^`Y~+Lwz09M{!5=?K6* zm6#DksFqAX(T;1||BA-;2#7{EDWewK^JuM#ww3x%ei~*zT@Mbu;W>)#a8vDD6A;;xJ`4_(-==W|RP<m$AF=XOVq@}>E<~aVmEN=)j+0S<{9jn&& zdz;R4>ZNoanjo9}r?<}0c_4Q$xWQhxx z_FZnL-mhL3kq!Mgsc6f1GGx_BReCyjaDYWor90JFYhLa|_J|%U5`(5&YUSK!uqsCB zrf-6FXSq!+s$wPpx&Y}q;?l2@bSzf5Az(T(Q7FomtWM1T|Ao_X%G$D1i-~~bss>s7 z)Ml9yIhoYEaSM2kYl&XyXSqo(F+>Qq zoGr)TXmx^N+fyM;rp;XSXrmY40?|)lN>jB{7iVV|-@f|+x)r!1p8sOQvXi7Y+3ju- zmf<2`dRhkvTG~=}j%>loLVOGH8MhWY4(XzYH+Ts2aD1bhQMnI5jOXAmoM$#@$CuvE z>~oK$&<{Fg0p%j@cD2>_9)pZKlc{JAD;Z9Mp$yRr)3Jfz4;Vs74@X6Zd517lhZ@ zUjn3ndVF*%^Y*a2Ukm%gYG>`olWY1{>G7esJ+d{i}v<^(LMwZTxT`8@DQ`w5tTqA!u};-fNunkRjNBx>8%%honn zTKF3jF5n!|uYsciNFnu0GS5r@75F#4Vc2~O)oIpj-0tLL64}&i;KBmqUt9DbgWc9> zIPuSFPDkhc-9Z@xf}V;Gj(@=Ss9B4~R=oEB{j`qnVB40ILylBwHkB5AJ5WjUcz7E) z#m@vJyk@-w9-F-394lYBqq>w1HSB52{o=T_9=N!gW3G3DY5zlSJnvl%N5lE&h|PNQ z;q0c@pHHTr+20>}`nO-}RSy4fBn{MhU0mog;QLzHNUxv%SFuiyQnRo5B~=A_E9rfMD^u))Duaf+!UYh$#T-=F zgg;%r{K(+3#Sc}oHvm}(la!5Ozg}x|sBnqCW^%PWNFZgZF}v4Jytf;%K*$(K&Bx?L z@L*cDAdsJPjo~RhjKfw>JcFWxG`FjP6)h0_X&5A3E8vfV3n$sz)Db=6l*ujRTNkL6 z(q3$s2W@Xv<^qgGe=^!~WfJpv!9eIh@{CO!(4!?@UhBuEJFH zTFKvuUe3G_G1MN4Cy_jA%Qh`G`8VdTo)Q2lDMn=oa!<6*L!uuuNMTMXp&270ULDEd z>Vaxr5xAuq!6eKZugxubrWF4bqUvFMJ(#lbg!PBh{=?mDu0_j?4QKH1WXgKu&untT zhVvP_pH6P4y*qY2_&69%?g!Hu8x4C`qXD~d56(a6e~w0zPs8zT#0DP+V>Y~D!|}~z zdN;VHM}|{&Kbg&js1iWg)@U-DvB^!OKYHD}>)j66d=jzi-n<9(TElT4T-3c$#0LKu z+})3Q)6e?h;rMzu9rWk))(l!OJu(3~)}M@LgTFrv#`9rsWFCDF!t-1G!W-zpTo3YQ zIG;uA>R~n<4`#E7P4yri1`)fROs+o-N23TQW?|V?t(fc?Y-_G1{=N|^2S#LU= z4Onl+dSf=cyBk~&d-H+oNPl4FOTRT|^AEi_yB&-NQ)pBFfx3z7`G(CJ1A5msxI=+1 zw?_jVD6GTM%7RQyk+TU=K}0@v6-C2p!yhGOVo_3j>zQZKX>dFg85w39XTXT6 zn5aa(a`q&W1QFF=66-u3_qrWS?|S3UFHSshc{`}=FT`4=DY?LAE=inJR2!GM7nxL0 z?HvfJO5VC!xnhx!GTD~DR&z|db!FXkt{#DRdx%)Ef^aVdN~hm2J*)K>4eh zAWxnJOLd+utdIR#b>_JO!@2^)5%|hwG}`(->z9E|c;10K*2@j`Dii&r^wiW_vb9N3 z0a51ZdvsZ2Z4qU4K9iGb3sEcP3RDTAgD(MVvB7@ng5o*!K}EDwPr94E8mv5`zaY*ijzocbCD$EzVt=95i zvq8P>M)`Pjz*l|_(IFEog3d6~a-X<~RO$gN4%AJ9;#-+zKnP^=UT5(=T%^3!|A}JA0P93*7<)9fGqggb%@ACvPQ(bHnY!Z@p@HRU zbQrxZSWXvtN?Il4lnJmb7JHZN{7j4sOHl0RDiwP#o&+-U+VIrWae z{LPPM!c7w$w-dlVq^kX&hvVDp$z7{;(e-4@44_}i>|l1FzemQZ*pQM}sf|N0XUI~6 zV+P4%pho>}&WFhwM@P5s23uvk{Q5M;1}Ag{UsHJXnwJPN(3mMjk3@{KlWV-sPuN!Q z6l=S=-hv=bQ9LO_0Rli%PLXs33?^(?_pq4)CKGK11;no$+VX<5FP{2dwcvVt2F}n) z!KaPz@BpenRll9ACaBj@WkskvUH{v4r)#S_y(Ttr{XZ)91+UK3nN@>#>_v)5qN-0lJ zXOJ%U;NWdvblCaDyZ@gpR{Iy&HI0_cu}VQUR)tE7y}mO)8ISYcrcF%A}69En*iyV_RLq6+c;KwJR( z3;I3)A9w}q3MPRjGMSnYWLN7m6d~GbA(wIoaxdqPz8cEJc^oGS(#UHOx-F9eie621BH{TS zd*4Az=lQN963O4A6i*@si|vyAKc-)ZjI!H)G*_*ChY`aUf{We#t z;)!SC+dSd=|KmkB%~#*z8T`K|JCWX~Y}=tEL;Xt_$Bj(HSQL;ipQud$MV9nvC{p6>(8V=b-m? znRt|{)T(CyDcnyaD0!F>3P?%xt5{Je4(!3k_rp(EvWe>MK~*PA{x!WcBXxRw+rLdM za%Q*HGOvuaP13gi0+Xk6*+K{~T+bU-rZM+Z*ZvSOtuAZ7`~KqH>FC{A=g>O?Dx`SD z8;L}13#tXRhL9F7f4djQrxWz8Rd?h-&)N>mrva_=*No_OUwHlaU)lb@aklWd%zt3K%Mo`+myh?-G_o8kw95OFoO~CIOdEaClVC?eB?=q*p{q)a{m$PKslR=T$R~Ugnyoz zKL@|XUs|Vz1Cy}*fLtaUWUCnE;!&#xORum$Q)&eTHSV77R@V=FHA${2SUTMM{1%Hf zuxnbKfRWFzU;$_fjL?U=D{Dd;qE>`=1auPC%R^m4-!^tYfDDWK$rjK*!VHDGEMlo? zT@OL}geHMkh3`$`m{&8o5?U`Bx@$Ca8bNB6Tkra&p^{P(WWoC%D%6#$I<@ElTmHtaYoHd}ASBOg=j)xGSJku#99T{fAwH7~I(; zskvBg03A2b`z%Cwxb45mSuaghnNk(jNE8K<72Olr5z43B!=u%!p?5UF=-G{p$ERsc znOp&rWtmlv9b2k0(b9;=IJvyoM4{Izq9SVaIzc(4y|Ap0rrT=WY0Jl4Y;1@;ZEUFj z8fekPs)3uC=hivT(RMnek|M+O#w4Z`_~$u1%jQ8-*MfC%)M%%f*fZ?rC73 zp@z$q@L0FO|A-4#pAGDP(=3@?X3E4? z0c#Y+&$_JF@UoTP%ca`xcuFzR!0wAY_#gTOo`&eSn#haBQB<>TmMUE(a#=)Pd4PlO zKjIpJn(ti1hxX(*2Diln+$wW}1qIO#xdcl%I60w}9ijU3v{4D7y*Nn zS8p063LWa^;|ru3MiN?-z-MLzVG=AVfuwk;S!&=vwi{7*mfe4R07JW`)OIK;hGdxr zUlgEZ-SIuViJNvBeDM723_eOqCTm+BCzY{BnH42ZI)v_V=pbNARNGT&&{OX47%xP? zO+;&dL2n&d_-08NdLd@$a5C8s@VBbx38`ygootqbZ-Q#eXbqg2@cL|@7h=ncW3le_tEBs0P6kpTuIe1IV{%Cu3< zx@_&rOw5)%5p0>1c|pb2hHh-n+LRt}bT&J!+22QOD%>Q#@U?Ii?*7hx=$?JuyW$^3 zCbojXSaN9N*z$Jt^8CIBGe%_glLr^P)4Jz*&gKYf3`Vj(K9$iPdHvHy7GekCycaw@ z0-_rP+E|qd5FVq^RPgPN?UHgWU-a1?Qsc#d%>X!&JC(@g9;u#R(NL@6opDKMfcjbq zL&qYQ>(t~=oP_V5M4_h5Q_El$3vkT^`Y$G$dp8a^Qxa2nur&_eLga<7gOfo>Pp2w1 z8Z=y0wvfUHh**@E^6C3Vke)CKk~WGm#oQ-IL5L+^rz)4w6n$=<36~?eP9f6V*s6hr4CQA4MF@a3K0h_F zcx-L+E4~zY_k}{nUlH@QMs+KX8_RNh0F5gcDHu=Bj?b)JT~XJX z+`$>IvCyT;u4=c{x+#k?^UmEaCU#~>y+O-_(C&Tr%c0K^#N7*?q;jGl=$KR3EjN^$ zq(L^VgyWYX<(9Pf_t2vxdVKytVeF<#M$`=b{mB2>^E${4ryNv(W|%R z^JjK?9>WwK@;EV5|axJlL z&Wcl69-diSp7yHAG|Z8{9?%R3W0ou;h!-;NgwNw5w}P!Qz7<|=0G|AlJC%z4>4Go6 zI8fpfTXAOa%I`-#nCDS%3{urE7#OQUT)tRX9i4^fPs_7Q0Acbmr43%?fwS+6{!hdC zhsnd7edHOj;JXb|b6 zeL5W9Oo!v!!QEgy$7167V0tr{LV2zM$$Y*8lN(lnIe{l`hV!u=1ym!m``&au>_3cp zQ+EF_y`Rhm5zG>s4rcd*{+!Jx@VVLGzBld72cyr7q>ld9_24}q15&0Rs)F@QWeZKD zABe?Dq_I~0VzEu-3jM;s=i>#$Hlw5WF6)KLq`02+K` zlL^CwLz{)@WghOzRD$FFP`aUCWl-0YBg{2K%r*FtG6*AsnBXNMRtX!Q5y1_qrn&Ht zXMh*tR%q=U(?cCvCUOh5504 za@9z?R#Fai|FYG?>Zuk*k>ZxviR6?RG+K#Vte4q-SDb>8)XD`uep(hX$y@n8Pt^J} zUAOk-_7pAK(-qIP1-F%11~}vxpmzQkEad^8A-m&+$RtnlFf5~&#JIv?`aL~gri^0V zOTAz81hDo=?JIOm6I`45j2|`Nd94@S@YYzW9d0N4J9;!Z4}6QS7C`MuRc^^vrTT)lXw(aMMX3U7f%YqDGjhgh>b>xZ~-(epim+NT1{iD4_;*r z6Ii)co8D`jG-JKGstg~t5K!oQGd7%^(B(3o1b3ggfFm{-&OZ#M_NLXBAKr73yH8(p zb>i>-o!6&6!5|m(Mw(=NnFux^thQl_L0#|^)-nPs34kH+4xJ~jrIk#``v|%JCeHCF z#Z%QK33^~-Cr&yBr2-;3)L+2W9Hz@IYoFk+P8`_x_E1wU#})D$-1mJeoW4+n;DF?h z(gQ>7g&HG%S8q@A$_bUHffGz@O{kEj3BTe{=U(p}@men=(sOiS1j*p@trK6g0aSZCTkdFT)4+9q~3s7bAMb90{wEd`7Z zu=x+HJ-_dFOhnga5+DOFRRMa?D_*?L_-*ugD-dyq=mi@5on1D+?+30p=LmpmLOOkU zXl}b2IfvGUc>=mQOE4Aa1F$~ELqZqfjZ6g8je&=Ux*msrHh!JGIm|S`PM6ITRt0&{ zS^a%4gbpB@YeWmsN89EIQ3WH<4Xd4T;D*j)mz+j^W8J<*ZVeO>0Fi&>2{G$g*RejH zx;HDz7x6!a-eT+GMl{as{l=ainEF;4B)T=wTCMK^(CaJ zq3DDFcAK}8#Dl9^TWSFuc3pCajLO+IK8OvE%-zp-F zeLdbf4GO;9iOj<>tbLkHQ`kT5+TB1{ALyBPnOO4DW-CJZJ!mRe&%8nub%bFA-I{8n zfk@hH!X?+2BTH1e7MV$*2{_*KT(0p8aQqWWAB+qQE)v}pA``if3&7M|J+cp2HufF7Xg81DCz49CCS2dd^{TP)wk0)ToeoMX~lXl)r7J6~dF`&v+COlUXJn)e_D2GIg}^ zk)xbJ4u3A=({e{?py=M9>?Or`$7+y{-5qiWRb~=+;ny-2JYru`^>n&XPZ4q4-f^+ny6m71}mm_}^Y#~Hi(Ibxajr2{2IbUYt5)!4X3!t2G4t zt#+P=Vg2QXXMCv}&I`HBBT$EVCUb*zO>TYQ1h>2*$7gC;pDAyzdjUxf$sT`ldQ6r_ z?y>u0yGs=tqJ?%0r+{SeN{D#DmtO*DY_bs!2;@I`jE`ll;Pw6D);nCuf=*;Fo)Nl}mj>8g?8f(teP`xd`vr+ z-y7Bf3hWc=#`>p(KLO;5W6IK7K_zlo$v?z01Nz)U3T@8{@J`V{d+}DL5|kOe<)*Gp zf7|AHxfMBDYX+3ig*?GY2=*|nBh;b`@L51t ztDHPu0QOfQx8hJ;ixrQt0OP3&-2q<5rY;_t8)H3hd746%CKWk(SWU@3V8y&-kCL0p zyKX9DkcKPYi<|2v=f+>|jX|Wb$|81^A&>8VhZ^9W zibX;gA9{0Z@l=sc76K+wMVWuA4LmKSAi`DfwfJ`TSpI?|l(ye+Fu{Sk`mg>1l`g0TXx}o!&8Ie)jD2MuQ zlB@cvL}uG5)a`twtT3(oGNUJdG1=q4z%>41oM^v12L1WPiajY%s&reezk%*?U}{iG zSAJ&U-)+0slE-9nXb(j9;(-B#zM8#Wvz^G6vmwS&^dbj@-s zOI)h$mV-0#YB-s(ToeW7H);)tZ0rC5q}6JKM47@3ckoYt=7O7kd_X9ayn=-S0hHiQ zbGLz2ZY>bXQjY_BSCSL0c~if#y4YM4?%UIk58l12|L#+wSBkm3Byrcn+;jdqKTUy` zFvi%YRY?e7^`@bUu4it`Vvp4Sb|xyillXnP;ptk$RP|;5rFApIkVY8?wGM#sP3n-# zL@=M~wpyS-`8(qQHcjKN|ICJYc=d*X`JuUa0Q1-^4QkMT)y{Z$>CSj|`L)*f@aio< zLo6HA=GQEJ?ZeGW?|%*{9IH`8@^FT+r&r=t5eV48?@y~WXj+IWM1mFBJZC2j?VO+~ zTKfZKgm`|+It&YX84WeYQl-CAxw6aGv549y0FY zP{pRcNz8;)&sV!*?nHX2BPNPv7gcTxG!NhMF9ri4Q9))3_diW#&>zD!5_sfz!BT}K zGad%^ZzV@|ezgkQXvR^o=MN@#XLn4ScftwJZAiJP?EJD7RK_1hm_x4X(8_5YMpmk^)hqDkiB;*XN)rQ!)wQ< zNYK)D$&+Pi5J|F{TO$AKd}jag3%$rM^qe0EIEKKTSWUg6^qic0y<%A!|1M}tOCcW# zP{jR_Lxl=@C`nxhlOQfLkyq!|BL(y_LXDl`;$u4KK|20d9tyNn$ul!*rElS=RGD%LAW+JyUH5ux@IbLLUHZyHX*ncgdCvx)eOJ zn=*|7Wadev#h$g#FU~rMS7FWwRFvr@dK8v_z-C|em_GKHyQ+r*^ST9r0&zY43B47; zu+*}~BoQw}@g#&n*$f9|6nP(-hhB5snM&)!8=kCeys6Sk&4^DD6Yon|C>J|6ESM|Z#3azKg ze2YQAJYt+d7zu_hQr12{>(sjh5jvy~*2~a7@6|fcXtkA>u`E=U+rl|hBU~SV!+j-Pz1%^z56G}?t97GA z&AI--#TgDOV&~nnGw9wUu*3^x4hP% z5t?hixwj3?y*V`F)Si)$AeF=BevE#oH+NtYQTJLGFVfH~m^KNYBO2Nv1+CgduhMFh zawfI}6eLsM>UD}}Ef@93U5Q#jzn>H?@QpDS{M``=g^j(jjlB!y=XtHQcg?N6@mhO#=EfN`_vWJB+@VXt zHHVGRP=of~eP3(u?ZFGsAFVgspuzLEKh|4p?%|uWV8m|7`nSOxUewz>aA~|VZ3dS{ zt;M%z4J}?Az9Z@Cc++hJgLl^l-V*kihKpiaxhT*?X>xiH2$zTy{l4Dr#k(WDeeT%! z6VcT6u|E5qrUpHETW$WLq4~2T6K&e?RH5MRdn&L;VT!}LT5r3oUv5DvJ&M3r-D>F@ z{gCSt!UG4?X3Vgh27hnjkg3HcETBe;-9aAM6|mSEQTuGP7VCXH@l-Xak0?>87mG03 z6l-HRra`Dz&>91Pg;b@dt_@P3zee@yyg>IR`VKqfP^W#V)>yGHEW+fG55LC>oJBC< zjf-8283(hjXDhUu>e0Sdugk8*N~VYbaoK8}OvO&+vQXLHk_KDK26C)=t~P}!&3OU2 zE};B_eh=yB;ID&>?{!Jp$T2Ut-og69I++zJ<7>gL!7TAVhp~g4{+`(`VYKh$DU*d@ zDqRZ16x{N3f5O_ICeynPWP4yLbGOyH>NWvnU!$X@3o(Z0fuK+QLww1`irtAKlgrkr zo>vd&Hot^lKw@77_PfCO@2mh$8u-JPw zsa_^xnTx(vC7qzi--B#=5&=}pgr~2%f^(AXQfF> zp+3))jr@Q)xyftwW7cpsEFg3WH^NcY90aB}*=b>X)wR&@hE^=mo6NYEoBt?0%x#M^ zR)5`8FE0415|H(he|q9C~F8gfdVN} zg&wyjT8jLVHN=CXreCs2dM&n)AKQc^AG})qqrsLB{|Xc<-rrQlnnRo2R;%B&!!!Ih zn39QNB$&OD_!|j`i)vde|4z)FRQ6?+s3$zf;op3YUY>u+L!yI<1i$DWMl20{S6V#i zorSPj7R99o`w0oWxm>3aTLLpR1ky^hhD^8h?+jD0NvCruU|!cfU(Ua56409T0J|Ox z$;TisIMi1{TBJ!7I+8dZDr=uMBDJJRMp1f6a(E>bDPX|x%U>!4kq4f$q&)8YI0_<% zQl@oU{zarrrg$nL=t$9wVQMNlRTfu)S*vt24Xp?3sB#g&S4Tb=w!s!aA{3jogMWi} zDxEF~C(E%@y=I!j({O5!?tQ`w5V?bNEmP5IjlLaUGB!H>IO}~ry}J5o{{45Y>xSRm zH~g;EdLbHbtEKfbcFs=OEh6Ngh-kI0KC|n|r}1dgL$HdKJ-R6 z`fbyC1TReo_tU{_FrEWy3&Fgw`G?*d{`{f$almdKMkCgHn17f|hx5<6J6FT;wd*GK z&wS1H=XwG#ve41WGf}JcH}iKhwRT={Qq7FgbRL<@2i>ZhzxR41y8Zj<XH@F`5B6dCLKjdn~XYTg@;2iJskGacMKjIVK>2CR2Cc^J>xeQ$UT6XSIhUN)m2Tu1DB zFq=;&p8>tMKe;EoU+)dPtvsc_)jA2yxf6Ek=h0fmMP5|1=xVAJ=2+M(qf$J^3u=iJ zT*{LJ71ql&M!(`#CW#4P8z&s5A-7NNW)JyECu)@BIr2^B0ePfP8R?A+u_v@jJG{En z!w!%6mAT>WjMCj#*-m9vK!c96BEY>xE@R0vr0P9sfIK~6?UT{)q{B`bcj$$nEL)HS zzgYMn{;Hpp${VZmzRB5W80OLI)oUsQ$Puez}I)x#}^*+~*)o`PywZ5i`~E!7UR%JYsfmQJ;i z2$P_1x~yDU01E=RxafG7QUu`gRMWauaS8u;(}6g@I(?LR$rEd%wvBoYOmum~3h{e^ zN;*_;pi;S$07R2_u+_JnDmK3lS7Mv|BKCOzb%|ICG+i|^Q@y|L)c`h_VLz?7K*EDg zTSg6Fr|5M*@EZEaU3stpOODtI2@Z%5V3(m9ZRyXTD!8DsY(kW#BKNJLJ*~jv0c2@l zB1N7Vi#K4BEC71_adasExz|-8&rf@i{GdM71Ca6-rhR~X`W}PR( z-(Rp(EKSPxrxZ1%LN=m|MBR5Zj9faF8enn_&J7f!0}!zNv`Ol6Njga1UMW3q$Z%)F zLR+5+Uy@T1fk{+`8`B{s7?74AiLCZLfWgXAkFx$iX1&Fdg$s>l23ZlHGiWQ5wP-3N zVP3lxgiQ~X!O;SahJZhZ=|_(u!%TJEfWD31SR;|$>J_h%imIp7UWaHc2C$!zSq_WR zM*N*ddPQ(lbCu`~+Dty3s?_>>d<3%dPK|Q4+!>c>oDej6717O@=L7(|d6hffv+rB2rPtp~Acz5BJ~%vW1EB4|s}ivmX$+n8Ao@~F zyTi!|uUq|#V7I?-wPNqvBGqc1aWJNPm7@2)tY(e2Df2NlmA8pP{9wrC-Ks()`;Oi* zFfqA8(^3WbJ>>c)h`-k?fDag8Xa1bv+a8UVVKdEvq&D$|P8%SgeI52Ll} z2DCPY**ky&IY{Ro!YBprRC#zCUD&WEJrEc`;`IFQ7FgfP#>Qs!0HYTUqv7Rn6hLnE z0%GA1s^ujE38{r|R2EcWz~6`3TsT=pCycX`dM{2etIztBDdpahUQ?=SaTGrbBv~ zWf9q-0MypG5#ZIjgDMZh7lB&CIh$uZ7N_MdkJtlZL`UpK{%*{pdtNLzB8O-Fr<({L zNzuW8l@??0Xy^g8&$y{KL$%^QJ^167ejFp5(3%r|{XWU`D33+-L~ zoXqV3&Q&6kCUAZB%o@7cYtEI&wE`qq0%P;^;_6DnLSDe?#b6+qMsY8Byf~rCfcS1J zcumhk%|g5V9_2JiJMm%P#REvH;2Qt`xO0X=?$ebo=m=?hT0ST&V$CRQur z11i%(CgC17CanEs<0w3lzXDAk(Ij`t{#o^=YfohJoS3pnj2Y|YB@GPZ(5qJ%oEBQv zsl7px_Xb4DdDTMdrTatO$K!zxCz%;!TQG=Xwh()j#&$G5yq9Yr6I(60Wl9S{tFS7Q zl}r+SV!)wfqTgUXfr=~gZ+tQ*V%${(WkpHLATQr`S%1T`wcfJyLs%kzz^0E3Flj@T z`n?)-Lx0Fx_hOleSQ_B7RjIXgfNe8hO)|mbJ&Q~7jLFzn2HjUgl8YzcKd#@|uwy*0 zOTHlngmjsKdZjy1HK@YuA#Gc%e52Cy7NfO}eiTTyBti~^tls;PeZYvsp>NLfC;Nwcm(p6p!vMYW=!(nV4dy+z`p9~sFmeg zHx{{o{43sQj1r}M^DJ_PFj4uT>9e0C5JLz&(yt8apUKycC`lq}4uCR6oG0k;0e6v} zJBLqE_g_8nMhDiRl_I}eeO5iTz8wdz<(}4(rb0{T@4BpsRx&&!h|-_)LgujeH7=2g znDv}owc%A_wC-l`g*X`PMkhr{U?!GE;Bc6^tVK+#Zb?r?DoSKB4*eP6R8=ojP-S7V zjozHGnD4E`w?0YT+!G`#~nhLkQrul389 z_bz?KK$%wPGa5;gOqeCS!7FrcxD6dI|WOal3e*6*zhd&jJgnl zJdB-JlRu|(gBqbG6Fx?!>H#Oqu5hc5f%Q)Uh<)29C0xlKJY5221rfg>+P z(2f#FM+_etL{#k^>R`4!P@l*GJwuuYP%~8_{;M(3DgglaF^+#G1SuwPBpVwIuI__G zGA^RWAz$@$E5JS0aRDe<1w98|esajW*Y%Z=sxn=oQk#gP5Lu_8SQ!#=0fIa1p>^`Q z93PBhQb^uX;~A(OJ&ZxR1_rZ)r|XihMO3Ffw>deBJvwb)?^*=Eo%JFSzOJKXB{zm~ zOo3^ef&t(Rr` z+R@_COlK^#agiU_;tHP$&Pa5tt~J6kU6)o)Rl)>`a$zOsvo;>N%hVzfHoyYas<}!YjfNL=&n8^Z z;Rz=Gc}8?!0|_*(uMR`Yf^bE^>-8c%vCDdJC1C$5((Jjr;eVv|^F#L{xS}wR%x5H< z4s0^oH#0W)M}PD%8-5&AS<9w_`%$kyfcz>*zzdkwryi?W^c>$>6G!?1zO2D-F} z&3g0U?55YBPo|&Q-yeGT+vl0jiO|h(wK=Xg?~D3_RmQh2n@#QpY&P%Bv41~3Ooy}U zVIR9_^7clf$tTD@qY1^v>J#G)HexeOmFrziKKd`-^*&>x_xB^nAT;aMWy3M18xB4W z#`B2H9{L~Zi;J^79JA|(DP-%JoIE?|`@wWLx$b&oz3?`CuXi&aOz|t`v6s()qtt^$ z$`ATilkqLk0d36%p`$uM>VOQS{Ke}zrX7_{s@MhR&qrq)&#HPdB5A#{q z{arWR8_gz|v5C7IAHs2e>`f_k5eBV4jz3feum9lx8++#W3)X8mW3vIi@B?ex@$0Q< z7k$=&#k-$QJ`S%3*K9T!4Mv~Y)n{bo(al~DXZ=xccsH1O?LJ)Drn?uc?X?%_*&loy zOd}ktoyXzT-8cHpd%Yf0lO#L6rj*V8@0 zB8~l?1zg|sB(fF~Q{M-q636~Xyy(dkMUR5XA0r)F4;}oBq{12?A1_&@-|C?X53 zd4pza>MLL=(T9tSe4s@batpMEY$=TKZs!FlIR({V%TH-lL}Nx#a+Xo}DnZo{2Yh&S7a11;;#3+FO>TFX(rGOb zhfil{yNgUEKGlkGujXP|X0q5vOr*eI1BPp9vYo)fC&p+?0qV`S?_o~%rzUI;eb&!* zY|<1ZDv@qUWRI2Mn-pfK55;WTCazOB^_Uh4#|I8o!2EHjOM!K6iftv1f|`7K1G>IJ zA84!N*N_UfDwD*dF52>EO6)Zbxy8OhFZ4Rk0gmk)@=4H5{K?AZJHBUE0(zH-R;w?w zWw|xnF_1M(SWF@l5nBlF?u*5WYg^SugD~^N))bflhkiyXRf_S}!*cAHLvlFUG;nQA z1F(9`=gTEnF?A8N}6<++pi*C>hk!j;eB##17G4pTCUpvPGJT^oEcMN@oHXN*3 z*JcZCCHa=Ugds}u!^L+#p+}LZogs5FIl?)lR@0}p{CBx6w;uAg519B|OCTZ)<^WWO zd!iZ-`$gknALeYV3VYa5MIKLBe>m+w+|A~_abFuBGnAvl`OKD4T@OAEMw5Hc`=_3M zKN|L~Mgz2;$Dd6p)y+g(bzsD6i<1p+*l>I^ncfXd&DL*7ANEG((f4dJ#hl>DY_11>Gt_qG)x&H!h8nr49?QcZVz-mY z^{3%z1dVGOra!#zY1?_$`#2om&h!$TW5sPEL7Dz2GV51wwHlNC?9Fk`+6Uh3MC@dE zKkB(amB_ZaK^1`TN+1hN#s=LRTIj`ud}1^mgmd-Sx$PBfZc{qMknV1rk(S90xzW)z zj!u8x;JdunkMG%&Smd%0tli|FG);Dn6W!63Zad)B7nu70yj+}GMw4A8mrx}I#Y%FW z`OfnL(YaiJ`wSeHwY90`$$0)zV$rNfFPpdP89mq^5Jr}76L_d0)P(!zJXm{E%hyPb ziiPMA%S6Ft8X0ruC>SeWF3Z4v!|EQbA)^^tD3xfPX;&6x?ocfd{@K^OLe?MiW%v~A zyhnc^fg$XQLA)pdpmP9?fjtJ+zOL{8$Y*pmdXZDrA`_lPDedb~7T^cx3w8?ot>lT< zSpYCN8m&0*U;;nx0!*Ut3KQTKZb}8BgM}N4Ou6ca>!aqq=ypzP!PL1iQLzb8k?pb=*pNcXz{J*i0+&!S*oL$5N%*?4}eU z1M!IhN2YQMrfDqmtlSx-4Zq5PN>d|?t{F5LmPG6_v6Wzi(_v2a&Q2VH!$y^Ge|si6 zBrU~aC(;;1EgmaS3OuJkULBs7QKDM|0*OW%T4_=MD9FmN3d*%gUqo4P0f1XciT8_* zz)^mg@5$2Ng3Y#a)>ttA#F#ItJmtEp5PsILc`4y~hohEW-{iy@54`EDW zR^^WG9a0SmIbV;orl>0<406qUR|U)h4Fo&^7ai-iSwTu#@OP_4YWu`Nt;VH`j8@<9 zCB5|!RPv;4cA~2^B11xV-oyT&Ksf{o&A0qD)O+Hh%jRI@-h+`#q}yR(8yV?9MG{!V zDi(JBA_L6jKN5M##-1y$$s*~RZ@aQrGkvvhwoe-Re9{4Z*H%Z@z(f4_Y_f-(hFsXX zt!hd_m~b+l%!gX%UCBhW^G-Kl%C3dX2-6Pw3i+hS-CQ3?(?=VI2C=}ye@36JDa^?0 zpW!(>xq}ctTm*g-eHDx71h0PQ%JUh7&O1K*&XH!^O?9}I%G5Ct0fRZ0kVmlM{y9JP zp;{5Jq=beBAiP*C%JsTZSc>@$OP6MaNcoj{>yj>DU=xgS1zuXG2zqte;IKK6TH%rq z&fj!Ri7yy5V^wVEVy|lEpgZQ|`{P9k;BBOjq7Nr8x0va~3ooz^4xQMhf}oymyb@io zlC*VUuiqf|!9S|HPsVab*Pnir(!F!c723$%&ZtKg-__TY0i7R2pZzO|BijMTNPmj3 zN#NgD@+^b8*;=9uNctG_sO@Ft^EFYuK^IIl%FPY@?nSM%U?UP}5isK(c_Lu~%T(yI zz7!lv3NajRbTQjvQ?k9Y0l;|&ji5simbDvJcY12NSBp@g3>S`s-D5l_=ds5l?rb9< z{1)2<&(;ceFgIXnK218A0^msuX~6>tCJ@>vN5_`^HDHZ&!_rSbGVlsG5MzM&Kp?D5 z@d24N7Y^hR^Wz?-*2I2E%Z^lJc?ZsVp)z4Xni`Zrn?>Q@8Q|G`L}|8XvGP<$WKuIw zZjQ0PIUocH7bYc#6G#LK8ruPMhN~1xhM_^5&X>Po|=ag}RMZ&sIMIp93(Bsxh#cahvv@4VJ z16wRXcgbWm0CKdeAk4{!?!U#>kNX zgS3%fy-g{e*KM_=zE-h&u$Lmu60YNn6SyS7sAgoM8j<7Q(MGm$4 zWDwfK*No--QKsvvA&yW!8z~<3A^g&{js&6yancrV7;~4aY|T^RY0g=DiO{(xjrZwE z$JpAc5E0w*?29O(Kv6c$8cna;d^0;`$#a&#y-DdKF6QTDs5E5+8|E=RF$FIi8ENx( zRTh?9=-VCnM3sN(CV0d71w-0sf!IpvA0It{ZCddRR?0po(p6c2AVu9c$NNw^CNj70 zJ6ibwIC2vnHnx?uwM{iw<4xUaoxj!ghXQ19xn#4Y+Tn<9)uRF7;ZN|~dG&W!UO}g; z<%N0om~iO$fNpBSWYuD{qd-qS9>5xUKm@?M%xo~y${VU`xXlBq-Bb~a%R-vG9Dm{c z5Uaz}AhXOP4=Pj?L;<&2&&isKMvP*C_dY@V0@jdzTB{yAgh)uB5(LPcQi&w1*r&cq zAGKAFK88MNBd$a-)T?Jafh+D-sW^A8W!NUT>KE*%GLw0X$>yzAPhaNG&WrG!v$T|1 z@h2CyOAw!jV68CvRol_z1aaw09ta^qs1^;Z%}v-)kkl+PEqh~nOiL+(iqbPv`K5yv z(6dTJ)Kp8I2T?N;Wo2p}LTO>lJ_eCu8okVoz(t20c0Iprwf@HLhAv=TAE)A<>9h+x523NKgQyTeOB3*C>*bz zinlNoA4MwuC`H2Sja;cjKJrZRG?+~L#`{*QHyifYeGih)TdnpxXtK|@+62HH$`Myz z*}w0gv0j-M8Bb(G|EQ5n%jXPPB!a?nKTkk<#IL&X@1gMzDqXXm_5aLzQ|Rs;U-DA_ zEBu`IAYonhLcss2SnJQUPiDR8iI!^ZAK(jfE}wWBHio}@-)apWrjz?Y#O{XI*P{U& z^k#D^*tpRLq}6Kwh;xuEcq(BhZUz4EhsYLO{>sycU5SKeWgf9Bm8X)Qeh}FoVy#b( z-n3=1)=L<%ex`V#f4I?;kg?C@TIC6U3=fJv(h5FtD^#}DKYS?DHP7}D`r6%LUL}APJ5^ik`?Sn+*xw>sz<(3<$iL{H=KNRr zMPgg?GW(*(i2r){l4+5Jr{Lj_g}}$c>4Y63^=29ZiVRb}=? zrkvgITw~`ks)0^nFl&R25qHq0;{wIhD`sck$_NjnLyX6br&s)BQ zxijzKe^0Mup7Szd!$*Av`U-Bbky!9lzjViAzUKLoXZq(v>i;b>S>UqZ&r3=s#iRZ&W_lN!Qg^=cvP|`kgSYX9=%s6= z1^N}=WRP8QrHcHCv5{&AbG(5ke^OZt8(yS)9T83$JV668UOHv1nqzn8L%>5im2THk)aiegRYv%}g3F)?1`f zIT=fxAX%*$#G1QrR7sP)bRj3Knafog@|Xf&T&-9Nmv>)wYiO=)>*qO(6G3`BMfn4n z$ayMvY}c-pY&ziy2^sm3#*E9$Zt|m*E&EFzsq@n3_gsAp=I~=KGLGWxl*SpSi^K|I zgCM72lBzGko4@7Z0s}4on)56nSPqy4=yZkfj?yZSBkIPAfhclT5||ZTRSJ!LO8OA? z{zl2u7aSA8tvGhg(j2=`gTsJKKFecj3#9*+0kSbo&W9Wb9jXq{9JSu8IL)rcGo(~=<>}%tR*rd_G8Qm>(Dkijj(jg$vKYsKjC&|j z%Az70x?vIN-Shj_k90mqU%4BZdYL?_R>>DMu7o?ZY zc$U)Lf|@*DVW?vQWA;!G%3hEor=QP}$y5YDIUc6?A%(Ax@cIU$e~*lqdC>hH_O|1D zm_9E(wSL@)ejC~_E^F~P@Xd3!cLM$5|V>+D<%`-6~=pCW!HB(LX z%T7cWx&U>a1)5A_l)RETnbRP1Q-@8OCCUoQsbWha>G3A1Fdxg7DP!oY!CX3_vLPT| z4VRb97{XcE{6V^2Cp^v|U)px7%2PZf-ltSsyIuV_8PyY29(DUBfcs;c0HOwhCFSXg z8p+)eMBC&&4QL#2YYJW`0`{VL%Pvk7IfF@=fWvGIeZyYAO|HP|es4Ohe%W!b#R)LwH*Q(j+nnOjxoFd0;74SJH^f`0Wizf*?;*#P^-+T2X#9&|Jr) z*@z#5>}%*7d!*fssOW<3sSY66vFVuY?Xr6P>TSgU5!!iHM2XCn%zKjx0zrq-Mn~hV zSsHEZciO1-u8U-KQx;sU5j0OHV+%qdQ2ziov!_jN!6?HWUHmJ#XX%zWO22%H%^NSi z+D4sksC*ABSx4;8!k3hnQmw4jhA{~!gla1m2_I6i(~y~~kh-m&t?452nYt;m1p6y6 zzCn=4jT<2JbV@^?aY`9fCHX_7kIV1^Rhr6RFUpN;;i=8F16zUea7)K!Rtkg9=p9qZ z98xc4{5Q=Hi%Bni2%=<WfYfxp{Pv{CsV#`2aQd`tkO z4!m>RPPh#G3Bi$^H&nyQU`Tfc#lb#ecn1Yin&3Rr;nckSRisn%wck@b#X;arChwjN??eu)l@Z|;8I-H$7{&1F@-=A1iA%0>4)iL|unmJ&%x zoJSx^Y_ogV>gUE@;a&=InEfOUc*MOZ(@IN5q|F$rk@m3|dB4A;z<7;6fgGv-!^a!Q zKT^iF@XG3oPpGSJi%{>}r3EL3t=gFYMgoLaDUGSjOigd0P%E)W|$-d6dBrCdUlBI?(02-iZUG`kJAmFO1mqyDt z0|v1tEMm)X`F!&qkISN1areAqk>K$iZ|XpdZGxEFQz3SvBsP^)s2xH?X>UPizsdIY zI`D39%))eDQ`xE*M6ME&bYrLRmNA;E0}C!R@C-4R68@0A4_mJ_>0jNBZzjKx-e@qs z7!AfZ(^{?H8}}}Hd$7-D7W>S%v70CdsKVFT5!qR?hVRVvF&}JnYqih7;#w~^f(JAr zONy}mkAma^6-k5pKmi{Oe5U*yUJmn4io9rt-LI1AYJ3S8sI9Xj77z}f%>9r@RVYSr zU20+Uj7nRT{<<@n&!YA7;XzYu50G?`ymDx`zYw$4 zBa4sVY6j9pSDaxiN3`MIN)_3n$U)?gkckvBMPYD?%v>W5J6r~0;icpPK&R`J-_u}I z$!W+@{gOV2dP52ZvxZ4&b?!?I;q1>;rKdh91i_dEObD88+yvLmVpbf9hO>ipp)Kf` zh03Prw^UD|c&YbgsB?oRa%K9gxZ~mWb?e62T0#nI+3!>%AsQ1RT7CVksf_zmg`rEP zbj}tzO+!&yQySdG$wS1#gkmCp&q_?H! zs>Vg|2wW`2DG#0zfkVlWLO?dc<0iL7%pOcv%0F-`nCBI6OZxaTgq{JlWd=ZHp)Rr~ ze_PR*F2KKJiO|##!^SYJXvm8uo;9NJVY@?4`vVmfXX#~w^bp5+f|IT|M@FbJ$9+SB z1nclPTWTxASL8&46n;$J9V-@x`*ynfZN8d;=g5A`uP)|Rp+xBC6!$+Gp1_bPdsaEJ z257##pY2yG28rvLBLrT+_&w@mPN5SGRc5r5x0TJ?db) zI3!0e%`2rcyMNKJai;&54S8Pm&?71UDLw;Xna9xY%+D%s*J{^;$?XAH=M^Hej@8n& zkq(4A@78Jqqi|RoQDGxK&Og~K*PrGw6gxK7?Z_LBh2++&x>wV&Fwa^=x4MZu>r#xu zn0lpVNvQ>qON{Pk5USkKfX&ok$0M66k57+7<5xjdcoRNZ9mlU^HV@fKUjpDQ0j7!@ zD##t8dwJY0EPbCo#*G47iYoWv^katHSvT?r1p>c{?Ml`VIiH45BJ0AyhWd9i;)vP$$B0B8Am%h*;ifs_qGo zqIn*X6_gSW^B^Nf^)QK&Iw;zUG!dSvd{hteXiW)^*~cIkl0Kl|+>W8fldj41hA0D? zTQ&L-WK{DwBS-LV11|xC{iaaippG^RvNVy>ZDf^7-*98^J#)78zCgeaB50&iCFEYs z=to;5x?F)BP%9H#)=kR9+szI~ti5PA3Do>VGaFn_xS|ayt|S2m$=nEBc22Sz1p!!L z3#+K40U-dT$+&2r23Q-*FBA|z-ReMcEB`Y`SUSuTndO?RnU%oM2ZPdw`>KdoxSj1A zHvgh%Hvtqn%xVYI)vaKu6lO7Bg@t5-@eeJ;JPvcm9pDx8Kofv|ONlXWr#&*fA=6;V z!aQQ+^@#z?aDZdaM=sFZc9W01d)3hAg}@?tsUR97TJeBQf?+FzOb!JVVqFi9iD+s2 zQOT9I>fY`2X41PH?l_71YPYZ#)*hWbB+m0>UOt*#Qx1M%S4(ciin8XWoH;pi@R6|2 zyZm#bSS3Cw0bELD$uHcPGM!{2gYoD1oK*@_?jAYgIn9YY)}d1K_-EQXzys>(C{V8$f* zgbgHYZz}}6;~d(1OTKzkd{?frQx(?7QSn$dRq^FYdpE#Zcv?NIDF98fF5Esy9^CcZ z0#qsK1sOR#>6|zfV5~5Y291=V6zt*o9~AxXboF$Jz^CLR+%-QhS<1Bana8Sp3|9Gj+=N3d;qn8SN#Wt|a5ggQ7^Tl&vXGk>vm*SUEx7;1y}=%1KZ%1Y~F_ZQs*K zwuB~7TU#59s>hBD4b^|m6$Oi;Ci!R1Sq4%%Q-!jm4993nAX3SE9$hpvRRx3YI9TK$ zk(5Upr?#)u0M(t`B%wSf84qMH%On?UnM9#R(MDw4wUJR{kVf_FT`^2cTh>>nRiJlQ z^Y3$>J4 zxU)J8y}F~r0B;bR+o0H(OWB;du1Ui2P(r$-?)|%NqQ)KQkh=N3u9a+cHTXC>K?KUn zkwpY*cN!*`SYwCO@t1bJRvV5lhEI14XKr17?52ZAoF)U?cNU|=*RKxsc$CLOUA@|_ z>TwSMliuk9CZ`SME3ob*UAqYf;zUA#Aj`8{mkzj3qI)c$5W5JBs!qETbE4sLWd{#* zQv@3IN-_DCnj(L!oTj zWKHBtlFk{|evG0C7Fvl6{csVZLRWV$M&EDyP8&|})p#(Kr}#zt1whMTriYD8+h@lD zdzpJSJqSb_!sLOAQ*9JDef6p$`q?uJc)|_F?BL6`M`Z*PYI0!R30aUj8`X=on?oq6 zy)IIQ{;^dK2h<^6yH@+LcP;O+-8vqR1xsP2V0XC+QZL?+Fv(|`S7vETuoI7Y#zDC^ zwcm9%LoN!55j(<~4058JtD04o=0Yk_quyojm#JdhTML}UPJy!sP$BE{+TEQ@F~R0I{+2!w)a2Wp2F4 zZSepwN`+qe0CYU>?7Cp3Dl-|B@@!;=t~UVn6P#+XYO7npuu#`(HyrnBwU=$uN4MLK$@k2UnEcYQS(Jf5)$hqHkwuS*=(G5rpC zo5EN&^M8sU!@ITG)Zey>cNL2Ff^E_itc=6Ts+P`M4$gMxM8%nH^(i$8RT3{a8kIST z+IWYmTMGDTtd&`hu`2xCqY1|F&7IOToQVb;>nyR*#8~%J$}1YQRBMgf?+stx@UNaj z%kyrt2s(@1J-lLRp{jWGA{}0~^q}tc)h?~h?tsh=ax@qXdW}l^DZbVlliTs|YD`9h z(fMGa{2X#o$QI!CL#*CgVc#3*ID*U-K)|Ijxs4IPa&TL3G@Uv=u=!BhSLdY^vu08q z+&kRDUVvJnprCcX+Li-l^mI8(b+KWMAr}w8g!T!Rf#JG%C+z^ZS1D!+B2@A)0r28V z1}<)SNyvvJjlu^W;MI8MsqdmqU{@SsV=D?ET%x6C<%ZeJ7I!YX+2X! zaaTj|6_04DIp5%xtdbCdNFEb6&6H8(Ldp}WEKdvKPmA)07XiVFAlOdrxX|ee87Ri@2UzpHYUow_;rDP=k}y4DfIo8%+L%dnvV1ohA9(JV=-e9 zTQ8GXr${P?>5B5mHY<3!rJ9@E8}9{}Kx8WnX(|rt^yK99`0RTamS>LG|HX=BSDao)x7$Ss{6)a*J%dFRr%f0vPbEit7>vT%J zl8d<8leygO3~PqJO_O|0T8}Cf2l=6^B))69z~<9lvs6IN1n%+FO$aYngHhnA?#+Q7 zhsv^c=OcA}Vo*55%<4#uojg=oZSBM%+gVkXoVyW;Ho2)_VbslSVL2L?j1vGufR*NS zC)G9Pv<fnQK9BHo<-UXz`Bf2bhozdnYgNbuA{-E|E@Q_>75TRhc~}8$+UMfoWAMx zZ>}c4kiXvclxYvJ28eO1^UV)J-Euq}ntl%F;le}7Nm&3W zbtbo3*O)W*8o?y#>}0DQ_D!|Dp!1YP21bX)*^*_DWrjf=-CC{g7?S6C9MTn-h*gkK z(^{P=JNJ$gVFib?d0vF4pOzP`H-vvxs~L;!IjB2UY0>cT;U7~y@eD+*oZ!K z4?i+^Z1F>d=nX&?!XRZW*e@1R9m;H=uO_bK2N8r!RYvz3!aKVW6NI#aRDDbif(Mhl z1%dpmX$(*4b{w{H;29(x#KNowX0(9wr(%-oS^;|;TsYCjgpSA=$AqsS-a136RPDtI zI!Jx1KnqY7U1A*Zxem;u83CpP!80asK+aaxd^C;Gj5u`v<70`?x5hssid-gyv zt_aLhm0%M3jmO3o?McOd1gp9oUkoN>d`0@hN&j{}dT$5h=Bi09dN)1D*BXxdV506_Hp$>` zgVFV6Z}N+5JRDyPCxiZtdTRLf*U!> zH^ZB0lbqj9hvUI?+9VS>iQ7SwyuG@*_<4AF*+jzJ4Ew|D9wc=1-Veubr*^tG?*_k+ z-efo(klvK^#$-4e4K9Ygn}Hojf1v3l-?||;?|L`n?O;5ZK%eq~8YZsi3o@;A=v^4+ zj&gL_J?hCoejb(-7I>_aoVAMzJo2&4D3Z$OJsMUm{-_crX1Vfj?P-ffgWaykrmk#b z6&O}z69uoAAP+2x5K;XQU*~SW*W1Bl)EobDaNvoJ+d*M}#uhw|l?iNWgT$4HYWy7IRozlxbV2FB z5Xhp+LB6b3(3GrBXK`X?ygs1|z!w4u=Se_eVt8OM=t{5{+z zJqI&Y>5V$9EK3$lp*=$m97oasQTQy+7=#pyd?vM06^Dra@>TIW7Rg=VFG-#dGyTPO ztrmQl4eD$+6_2M5_}q;l+NOdvVK78Vxeru(D&+)bTk@ts@GVdo5W6(+I6)gP#BRpAre3-`1fb%5C}$!0Dl>-cty~E^$8V_^^9oJ}8`zI8L??&lO-5Yx3gU}= zK8Gv35KiaUEJ0ZmT_-b?rXLXp<@comx_hy~*s^0(7pbR86=MCUD-;Q2ZIVIk$)t(c_>^ZQ?3?YuT<%;=nV_WS7;JND(-q?S;$wBi* zG3{bEY?+k}k9e$O?d2J3JPNFAI2q{h<6U;oa{ZqzAPa7E9io^jqb~*tVE728iy0!C z>=nQ6JVdsB{{v(I11^g-8T$<(`oiR$O|^Tc7i3M+`QiH$<>-N5dqGxjG>HOeR>N_U z&_Hw5GK^doOs8u)LR!J)lrqpPW*ZyryvN6dDJbT1g^ay}iJ<4>?5L)>0_lCiLv8Ma zn0i~k{KXHN;JS;3-3g!{s;vE=hU2#vSEE|(wC(VgDL}vE>DK5#caMydY^j92LT(&_ zIYX2h95VKAyQ z*U5^}7<0R++=9SPkv%241PB04SwYekV9;*EvV~12Fllcq2q13e(28bC`l7LGRr9X5 zJ#dDW3qCBFgYRS{LAj1en)$NR#aEY|E{yE-7~jCfAImpDCeJMSE91v=Bj4;YN5>m? zJ*=>aVj8j{6y8+shVK9Ke@89G9f8MxYzK^!zFJnDNXNii_QB+d1*MdN)w}56eN*3)} zi;Uk)fdnkIy;l-Q*aXUT%A|aZMr2^7ICnr-1q-_>c_z055=8!*y34Aox;i~6;PzNm zWDr@B${WV0Foiu)F|jrwZxU6WjSKRRh{t#Td9=*3wdfunKRi6N`E1n=lGU*aay&K= z!2uNYIG#>_dH474KXiU*pR_+72gwTF2xqjNviWhAta%`gQ#St)tUd%n$ic5fdzq~w zyriK%Scp5Zy=5(X7M&wWNt#5g2z#t(wtKPLhcDPmcN5ZRHz z(%Sw5-R^i^`G)HD*FcC?Fki?G$y)3CU#o`vYhP_#6_LjyB}?_E(_d{jQL?8S2w5|f zRiN|z>6Apt0(*6O%h+nYy}Mn#$u~>g@i=53xAwQKJ0(;QcpLbl(`As0ELm;qvqU!B zN7yaAY4`y=mmSvt$xXQ&0u@Q|oH9`WqrUB13@+r}bu}eB{x$Ju`@b7DyExY7+nXK5c{>*V8#BqN* z{eV3FgB%cc0{`xk|2cj${V*L&-VY}KUL($###u}l=o8mT#Dh(jOeANEYi11nhzc>T zoZOSB1fV{2cNP(%6Q4_DL9m!pzD zx2JI?k5zv)Iw6Dqf;`Ee7BKKyi(H|xPl~_zS$%h4oMDRYB2~jP3R&u)g_!Xuv8UaJ zUI|&@y>~~~@B0m{e4q}5qBK^TxdyB! zs2W35u?j}6-}m7VY!x~{iS#$p|8pX3@Jur8mVQ24sIBPlX;N*u!>5Y16*E3SuEl_w zf@J$N(YCLV)W42=3!mFB*4`Tprq{jx;NK6wVKf=kRif*O;J->&&VJF9 zsP(9R3Z7l@)T^)6Y8`kT?;@mowEiH3bj8;)Aw9wU*$DY$I(j_i4?;*!z%5hKm+t>K zr1aV8AB2{^7+fZ1K?V5ZP}8|c{vf0*$jcSHvY;nC3o$_k1kZzKc~mZm8)K40!!C$+ zO~*{S-6HN=!mF(6+8Pdl^!OEJ{uh8}uuCvS3;uhS^7*DPW@U)pW3Y$e0X7Q_S8&hY zLuY#|yJ(SxkKe|88_jb4=vZYD%E!O1HZ6sE`l}-ycWbqOBTE*objG1=Mp~_Po-XA7 zvq*)41<7iKVe_j5Di^3SQa|N0mc}e&P)=^0#E{ESRlNci20cO%ynvyW@X0nIpc2dp z&9g)VG*Vdy=xDN`y>-n*q+MB-FJRQU8XzaT>^__CJW@d^7qQt#}Q61X%D-mxZM1 zf@PKomi!Ugag>l1V+y+5!I44m4~Y4ZvTu}&jHQSY7P{Fo_59RxMjlq_r07U+wzIm6-8=9S7?>$=v1B24vsO z7>khwaI?!T!{c-Gqm?LSYA5O}%JR52Ne=r_l@M{r>iBs41q7{Ir@K(C9GAN`Fs}v; z0s>rO289CSEKMS9IMGIeV|f>tVl$G=p6AO>8i@Wz=LY2hLeMgn&S}7!W>P`2#>kU3 z6^hR}afmTruNl@KRB#J0<1N#XjHkbCsut#~TT+!EW(j9^-zh%MMaGA=j(T{5SUU~t{j@G6crlO)OBNUe7xGPbhMp$8WB9a7`P+<$lV z^B8`+==DEby&p^_!;1m@VLG^ZJG{`p-l|{6gPRZM!|?@J<%WIPRIp1P=O2}%kw>gc zCVAWwJ-F&28;xPA3E*0YEe%uo>#bnvmgjQ;uWxy(3~)Fr5K+#ji7AXE}@9$%0D8@PojS+F3cgfkw$*M-kimj4#(Z=lT{vN064B*GVIV{Z)p3WP>t5@K-H#p%HHY+a>vO5U2I~y;sLqV z$rehG!XP_m{pXopE~ zZ2$Q|_7LOOr2x_ZY2zXZ@|Dg-lRMKDiN3f@r2Zsjq7Tl%K|HGc-XUF&`q>u$cRA=y z2ji=o!Sv}-fV<=WPEKEUP73jVXRl7b#s7VkpMM-5|7VwcM~+nJbVx=tV=1SRAT7xn zFg6!MAoj&7%)UAE8Z#VO$DSMPf}?UCNawJqJ}*X`58Zc9c(&QnGKnZA#O*+9#aN&z4l zL#nI>u8$EA<2&;6l4el6=7I27g&-en;N$k4)6w)08KWi0CN;#tMxzG{O}Ac!_b;&H@jEPv_-MVRG+%fuHNjcLw590x-k#rnzVJ^q z|G%eE&O}SwsXl|}yFYvKzs@?Hmj(Ur^^3Dt-}wL6_>s#k5B`S_u2GVZh|XBlCG}n! zEP2Kti=PP8m>|O=Wnfkcm_QB|dUwGMxFMiCJ^~L1O+#=v6RF~$l9_K zx(Z*t#LpLpV|X64sjI)~K@Q`LMda1X){JL_x+Av3#IK@v#QCu9${+sJohV0$Vfnrj zDz){Kkj831Almv9*=8+gAen!>(0}BsRi07cxLKMr^;c~W_5PT^=nNNc*)nf|w5^pX*$4%$#z~`!Ty`X}P)gXWQDPN%^JX(~K_mte@IcNUyExN~x{Y9h1@{0lQn~aGvG0;w)#2PqiZ7gzlxH#dpT4dI&d298&NL+q$%ZMtRBwK3Pnub)!1Bh4hU#TcA!cC z19K8~cCGaQBfd&t1yyUTf?7aoS1CIPt>sijJbW=#tm;0x;Q*`Ybt|@x+>BwCBoU+W zqjXI<4vgFB)`~-O)dT~FB6O$~e8wN7%6=Qu6?2OQ)oUmL^LTOnzCTaW{&d<`c{Y1Q z#I5fYWkuZ(viNisSbx4CUhD0P>?Q8`QN6N9Bg8ySdM{1qGWk3*==TmHgH+x>hYU_` zp7R}85Lq4B-cT{!z6cWklK8kIYUnr7;xV+ks!{d89 zsNy$-57^Y{EmV14LLA6A%P$lOQAG#IFn7$}@Y8*Bem2f&r*R<5EWdEby!Ww6OsjUL zUOnw+oUvs!hfTQ5ns&_>TJMunRb z*{rv-_R2fW?X6NysT7~@o{Vm-P&prC5rH|JkNzfw9@X7V za>wHR6RCJ<+iWuTVfEHJAN@@)0rC2J%p|638nEHTL1R~Ki$j*IJr~o`c_wSeEiY0JOnj zEU)-Rai=t$1(s@laTDrY4}W6&0z2HM zdnVAk9ulWj_4rjIcQKwajXu`S9L5<-?`gDuGKCj*OsUvpD;HK>$`fCF=ir0>Cd$R~ z@L71xcgz9W?U{*Q8Enf{+e$uu*up>v$8{b>Q^@w-8Nz^ZC9*M5t#{oR*cy|_P23X% zf)siwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvJciT9UD2(sl{1mwAy{E0YH2speU)($QcNAGkbk~-&lAKI_ zGjnnv5|S{c2o6Bn(Vgw*vp)w_00_Rwc9Nc+*?n5)OixULK%oE>>b>}Ccbu%~aV)Ze zWrbo?#@mzOmdYa9(_Q*6zrgSG^z`)miwpSw)6>)D|DTFmk*C2{?ARsQ7DcWuPfi{l z9wNTlMX}hO(2S=0g2(ElR3|JuDOkMCL@GA>6P6WB=8`LB_vZ1AW^}`LEGtd|9&31X zpV;N`i_@2`+nmZGWAZ`BG&$L*dSaL4u! zLMG}mI3@!NRd7sLybF#=tn|N4FTpVx4`=hY)8Q;QCY=W;I3~%8R-d@1beDYhGB_qf zvD+~jbDCmr!Ckpx4)fps@86$AXJ^srx519`te`w&5Z?0p3;J;DA4=tG9XA1FG=qOIVLwk6(pBz z&7@>WF9>9r4b-h-@{(L=P9cyiPkBs-qRfg*auxtV*WE~#3&jf|_m^b1kJC~WOh!D; zFMqf=Jw5q1O(<1PWA?vKG%+Wnpqopwp~n{&FOKscVx^AxT8}_TUZ&|xq&(hVl0o`F z_bLd!`G#DJ&4y3R1Dr!y`^E$zPPnptWR5lrm<7W(lEXAyiCL{kdXA z!LvF= z?mgw1ZbFm4lnUPO^Z*%)nNn2lLzus0I{~w2BravTCo4$-H|v5)@@<9ZZzI?ze=V6R z0PBRrc?mmf2Y>C@4))K*+4&6*2ub;l*IJ&{n!P;z@w*!it36yS$V`f)j5VL+);LzG zdb+@ey1T#J@5UJ~I8EO&n$MVwSyt$cOkVteuW#t5=BtZS04ZjfVwZ%*G0O`*_SHV4 zJ08Qj0zx)YlsOq+1>bl}_l~BQ!8e2?*!p&SrF%T{9=*Xwr@GG@k?FJKCbGl74frh6 zhdj9?Ynm$Ny&Q^c%{Qf_z%2%Z>_m3M3dv*jUh;y;X3c7e)Q_*4{!AJE=eqQ!0)km7a0g5*T(i8i=63c{Tm#8A|w%V zLo@z=0Yb7VdGf#AM}yh;-`W0>{M&eNLk6=kxnq0tb|})6#l=|jr1vzvB;TFli`QwX zw(Z9wz|br$H$0mS-(HeJmaP5i<`tuvd1*)t_i03mB&P%C=1mvEuf=9YrQRdepx0uv z*z!EDuYi8)V?Pxe6^Z$F*4KeVLLO-iey3lBc1t?gi zX@JHzOm&lr6-`O5Sy5H6EM|7rD)1iGrVjJ@hUlGcHvLSBd#-s|jU|H`-TTbzHm8#A zSivOTZ6^sW=!z;9=zqKuX}M#UPkb|6ECK?&_gcu|VliBAR3Rk0Bt3m`#Ouwm{<~Le zq%q|+N<~+rk0lc&A$1DEDY7vBvOAv#2WrR z`oxvSI2opt@64TD>Kl8t$NQS*aNX+Nr8{D~yx0>}=(A3CjAn`?BKx+`9}$`nraOer zbZgiBlbB_uy$yRd z7qTG3>)XY0H2*lB{r+E%G;0_aDcP`s93MNjoc!%?B$~5SbE472J^lG-ax8$W&S|mz zeeZ9PW+9{44*GM?4ySYvcHfd-=e~~CWt!?Cdn6*{=b!ujMD&Sj&7qpaY&u_l3HY7x z>mJn~PyY=6`06UDB337{$h6D}|EQ#n6RH&7WXHKkjx&+46Y{&0 zpMMU5zy0l)By7#IgM>`Cwj=k*&p!v>eEr~>^AQOfm~K&a*D^nsEV(K*`bsP7$hiof|XZBY01z(d*L5`sDe`-NIi^&=JPr|dJPfqLYk2M#gJ8ySm&OpbbFFzqOt1muq zL_TN2&!6fsd0>3AEiPfQ9c`<5qC(qhGw}E8t#`+I)K;Q<4gS&B(r>?C>Gvf6w`FP0 zr1}c>?`iq}yVIup|NYtbzwv*+#t-o#4Ye`eCFLpxn9Oe-P?-}+E?F&7Io|7Ug7SmEOqQs7o ze|NMPXTRnwO%$P$p`D0L()*w4_{ABv)?5gB>eqLJL|M7Cuu?37lq1S1dK0 zDb4d|byDkq;9UbB`t;Adlt|ewTe?`=V9O*&Te{!EI56r)no1jIl9b0(VM9Y*eb*E0 zQ5jhdrvxnhwKvBvoTVxxE!f8BF7$1DN#-Ke63uO%(1PJ){U>(39sRT@rJmqf_2f3A z_mrn}m73=k8Uwbsw)&UWX7I%;^{fSXa!H@HY6i|M69p)RJm7Qmz8GI!lHSGlFTOt> zpTFoe-%ij}=A0_YjNXAEU{Drf2VJ(lac8D?_G5G!owpjG2f`)k&F0hLXt9{iKfW7W z-;O@sPR7etYd!M~ONPSvdXnBCO|hNbm4FPPiU}(oguJu%?&`%%&$Ib(JR8;@Di)WL z7klvI{Zv%Q0%xm<$mT*6#@KG;;Y<|dC>qk7u6W7|&Qvs*jSUV|^p+~pv)x7_XPMga zb)jX}`?FrZwk0ZuF8^rRr+(A5GM*k6nx4AHs?75goPcQx4QjG8wr!~zXiXpZZ0%m9 zos2-JPgquv?|dM0kqoke4;uXwC-#4)+R@I#Di_YYncMNqSW6~%m$jGX@Gfd($^RYJ zI#eTr_JQVk>(xPxgZ;HN4^^*UMnLdah#XwP!8xZ_*NNyI4j-Ct;_3uB-5UA`lAgEW z;89fh43eLJzHGfN=!X3Kb9GjoncX@Ew!Wx52mM(*`^N0RKxxEc1kfSSJf_7;uN$2I^X}&3crsp&2iG6pjs~-jv(bDwnk)xzz6b?}Tu&dzi3Z|k z@P}UrfR=NsKe!=qwvWoWG%|jG-4NbPCm(M{%lUY?`1pQ4UXJD;r?cgFI(Y)d1J0{a zhv(|!DDnYVjOOpg!_mjlt_4B!Q8Zm z)7j|b`0A_1t-J0%4}igJ{PEvMAHHf_^!|N%ywUK+O?WuHz8(#iAIFpBX#Q?+{pA2O z9E?8?jMvw zxSvP<9vk^{>E8A9%|id@&3N+W<8u1%qeIhnSMSYuu^3O@^qvH#!}5f2hd3;nr!ryCX zaJD=={&7`QI0Dz7X*pD=r&yyycyV_naeVcEwV< zU$9tYi83)I?mH&ANZh*%e2_Rj#m? zSotkK>Xs);rFU!(0Q?gGU$9;NJm7W9e*%D0v3VZ6so4AzfQx>f&x06mNW1}4b>KSw zNAK=u!(r*b-)W;h8xBkE{yzKf`O8w#tzUR+J<2gX4p$YG_ZUn75?}33AYzP4My+Kv(DZz5 zkt&FadB0QU8W`S0lb_+0-#6QTM=DWRV7|33fzWyAmP?EJga-~9i6jb9`G zAG-b-rupyS_h+_I);zj)du5*U*DvfNcw9X(GbaBDo_;iDr1!sir1!D+%exYK=JVq& z<9IGbA!3nUlI76q6H&p|ft^Nfh>Cg@RBl+&FvuTw+SR{kKriV;_n^k0U-yXoq6I{U z$B9Uo?iu<7XC>!iMTRM7SuvjdcO=KZ`tK?FUocgu6PpkYa?~(Y9Ooi={#Ee#@!v1b zzx&Pq`&apO(*K!AI%t2dgBZeY(5zm|{kFGd=`K>+ldTYUy-NbyMwM~QApPDi=M3I^ z4yCvJs3YuMlj$``d#{_e_Y86W20U~B6j`wU6ye|2YxGaGFx5XrpBILXU)REg|MbT{ zo*w`B=l}JmKmRFex^nvO?$|zP`n{rC2W{#?(?x_9gGm-1wAXaRsi;XhZvHRQmp6xN z;1?L<3I6Z&yB9B8`JZ3>7XSUL{JtSGT4*5;ayH|VlZP$K$g1RN!m|y@X?#aFOu1Ch zs?0&GC2Gsk6jFKOwa>Fns97vp@OwsbT5P@NG)sbSNX9mpVeTlGY|TH}v@ZXn9}!Le zAe~H(Ad#F&$N?M$(beMP0xbXEK<<2zk$1xdNw`!&wBf}G{1?FwqSgPEC-7hUV7ocd z|FM6n`|PCZXhq|@GKbiA75pwz4|(vrXhrXW-$lhP4}SOm1mBQ%RB}-&GQJwAAj+lq z3yX^&;t8WC*iMSS1o8bb%1c3>(__sIs*`}Pb|2$Zl*z}O-ks$1?xU8fGq|A|FLyNK zYo;*7_SaE2cAtOaWB&_{@kIRZcjsr#^Z)YY*>CdSukth8z;eroruisT5w2{e>4cP7 z!Z0b~AgA$`k@M)(zKuxG@|CN8ru{Xx?QUoVwDagRB>#tIC6#+}etP<{qj^>BBcjlC zB;@AAfTB(Sl;voCvmk@X6&X$^SL5Y)I$4m{(>b|aj6yOWndpx3bP__VtMOtvAHTW< z4_V#8SwyZF$VtFL+WGa&EP6z3A#oI=m~N`T)LL1hx$^|Sg6PpwF-;6}7XcBPu5{ak zt3vV>2v&qDlMezC?=D!3ot%+kD@D24k{>bG23I5zaS1{A4Y-7C0TzpVFZpI$5b=;P zNrWUUD|oRdv@Etl^8X9tS!G_w7sZysR@g|I6($X+T}=-FwxKB*LDwxH%1lqtWD21% z^kSjN63siCZbY$V20+df4y|dD6ln-aHq0L>03GVt=%=_jV<6CjL2(~ z+%qp_E)-K0R^5WzHR_pOdM3^B5$~JiVh>D)`rcu2p@HBT{yT)UnvgD}*xJ30uK)v* zRMl(rxR5O$0Song3)5fi5qb)J`Ae!VISkR!b;E=sJ62fe*a4To4HEOciN(_v#b*dVm$zw*;YcA^4( zy3!m&8+4lO@tI_*OyPX2rPz@ji?=l6F|`MzkTg>mIc7E#JW0);YeEU42f7RE6EuA^ zrWuP}&LKM<0B5GTVHuNuO&DE>D^MFqh(HR|io{$p#j+yA`Xdipk;0)MLh=pIXxg#nZF+3!)Vg;3L()W_ z!JgjDHi-WLo&#be+fnY$C(EgXoucsq)7UY|(!G`|?f`Ksp20rJ=#KU6qVud^at(Dv z#5(luNQcxGP#QZ-tgBTYYEo|Q_|6q?o&k4cz406Z&4IIbse?mzR$CL;!-?TUY)=Al z178Vw5ctqL6j~hMBBN<)$+jw2J6;&#VfhX$7^EQw@XS$wflL~#23uiQ8LqoWZwsGM z(Nr0R*ZY0NwlrN6u|CYaJnyzAJvS%ouY&izBgRB+3~h&!N{hK+m=6tB9P*e8pG z`dsaPj76q$9+#q2>7MMUywjvlR@{+gxtQXc3}`>kV2uE=ojXwztKLKugcAR(M!ohC zZt&M`+V%uK$@2IJ)bw%J7?f2`3~{>}gu;kJpm1kZ>v4y@)j-Z{6lLsJ{?S z+G3$*2XnoTTa>OM=XtqGd7SR`M$J>Y5346RlX%rCcw!g}UvBf+d`F9cS#FKkah(Hg z!3BEZEzpcYWzGNkt8>IY#VjxM0aJxNi~yiQfv8V%oU6BbJ9@`LvZeP7xI7CG$kAfG z)_k5Iilu32{>yi{kOeM`qXULfHe4Z)89OtL0$d|IDwMp?S3{QW5zCr(8PLGV&?-W_ z$*uO-iH}`JH*Ik;4ySW1dA6|<4deFi^AG-!>Jyqm5^W;@?p8c=Ts?f&{J>5KC0ujc z7Q!%jb>Pep4|*x=T?eJvK8VuELaN|}-qUVT3U1W2bVK!PAaX`P+4pg|QMBXDphAmGY~+EqVswK#h_ExR5& z;8Y=DxSm#hCt8-t3Zv$vSV5yYW9G`UTov99`iSb)vwMXq%djQ1aGTFzmn)DH6C?#M zBQj^cW+;N8cXVG-wk8#dMb0g6Q=>X z_zA92JLbw86BRcVD{X39Dpcx7y@jOM@l5X%lpd8gye4sOOY1(h=)Pf?Di`{xj~sg= zOIA>xg_dvjM0k)6vVCiE-oS3aYD0vO*52KYq1oM`CW{Hvd{gK#6R<^#>bRM?p$eh{ zo+e4Hb8bjIZ65$!B7mXInbgzN=)@Bzi|XPchJ$ZTw2ri-uZfmhex$0kD|1ubfbIT;4BJ?yme=#NTsB#A8%yiPNdX4po=IG+V#{T6tS7m5 zYm*7NgBq?h&l!a>tIX8^Z==~;Z(tr!ly*u!ntH;k=1}V3n6m{GYhTmNyK93ciT=0L z@{YeFyDg*L8)m_LQInRT(T z-Lw|su+lmiG1dCQ!k&%jX3oBWShi_HCc|A*Q1b3 zrjz6G{fMEzo^nVEUL1=F9Q$_IfZU zv)lP>x)|YYi`K%FLH%}>i%fB_I)G&crNa7lp?NMvF1cpUVZv)tg02+yUqx{}eJN@i zl`3~2t5|Z))m^(x77%q~X9aDnZ)j}`v$*$uh{&}=ss8Aiqd)0BB4d5?5_Yfmu7(5q z$OK72*;#Cvkb6(nVl7#PkcF=@$k-<38qL1MAn z>CNlo0|#cRAHqJ=40=-$XZmo;bei0AFp{o~`-W27Ai+8}nC|fe{1}k|RMyv6u#{Ji zJg6>e?@+woYSz7eT${$iN6l@P3yrrzpcWJ~oi$@S=v)aUYXIRJCDwKn_Ae3Sfxe_1$@hiCOew*MNrdEJb?1x zY)OQWn_$^$!BZwN6a=NYu#)6WT_u*qsW7GJSCYnetWc!)$3OQfAtj}; zz3ujPGXYgKQlBSDN95=V3e_8>jdwt~4kI0S*S2Sy)n`TR zvx0tdhENdd5rBxiXN0Co5XrE$(UV##4sCJYC{tbv#4cbnb9)(E)9Q* z!<&zz$(N1ssQ>@@#mmzd=gs<$r>DQg|NJUH)IS8l()TW}tSk1wkE^@XwNmKkh_1G_ ze)CLLeck}J+K7SZVo|9k*#a~@bGYa`Xb`1 zT@;Jmi6!|bDy8~=$tud!`UKD5|8JVJ?6r`)KDw5`Lzu^Fp0Wumh{{^a2<#`2Yv9QJRqj?y_Ai6+tDA!hJE+_sagE8* z#rNkgkLN#}^&kCkw98YmXY6x7OZf)0S2HRL9`l@L#bCY~Lf`%x4q0_>K)+9AVh;-nTEda6 zZxyO?*8cX4g5cU{Y4l5=I6*K_R!LonF3;Y=z47dN&_lXYQ!9A~I@AZwdXqVtN}a|C z1prThZ^1>~KfZ=AGp}|oBPqLQsh(kd>5b$J=Bt?$F;hxN0wMb3Hsc!R*}L0bKO~gQ zO+};n>$!bhdx{U8cEqr=n$}x5z$BMbj)no}lF7iwfZgjWEUr*IlR|)p=cu|*qUQR6 zK154{t6J$`>J7i6@s?-IxZY~2rDwiCO^@Cxjy4HNROKaTU1qd&5F69kK-KR&@W-$d zqG@XP6N^PAc09%m8;xBSlFasAq6h-)ePQ*@qC_{JobGLelc%FtGkt%LD{3EBAaR7K z?&{sxH2RS>v3iQZ@zUCTl=XW6c@;bl_ThoAwgNH(LIe%pF}0-<1TZ0uleu&Fl;Aic zBzQ{H0Wzv-BQB-;%9@HcMXM{YqMx&>S;42ljG#QK92$&})OCJ5O{7uS=?%5=qhdUo z;qQ*e7f4SOVXN%cu)AEnMY%`H6v5e-Oe5d$Ztl2SV+V6K0OQ%&vgsS(JE4w(U|~c{ z6KG=Z&u^6zIt`8tBeoW0=FVY^<#hNxBUhdhMH93oi?usDNTe8!hIEmK4EraG@ z$M^6i?%HWE;MwUZ3~HE6a+GiP3T{Lp$vu}vNz=ZGY&vuhuqOredYT=2%-w@Eqd1MY zW>RtO&&^klEPOYmL}7UW5o_d%s_jZ>p-G>(krr`sscAr68iO+SP~qD=#_A9@)2-?h zwLrCjEOoW6C-k0g+|#R9=RR0if`W{Y4T2W$*-GUQn=(L#(T&Kk zi-pNxMy`Oa3Ay**wxQ9FGGu6KEk@Z!ulK7my(43YogqshQUsH-zfkgyvxn(qq*1-b z{CzYfHzFyGE6WX!rO@{nnd*bfp89mg>ql3L4)X+x+bbYoDU#@S~d{85BG5bgQxAsacGJb9vD@ z_Ip|=k&)4-JQb2ja>ZCq1{qEF1&@_Gbw2k#6uVqx;GZ2d{Vc(gUf%$|f2d<-o+HG1 zT&5oZV~5lf*SfY3hJ(d zM~PBDSp3H|nX`%(J@Yd|%oa$@ZvKP(5S@P6x9ksvWIIM+E(-dnUbd-ZUoYsVJ!k`% zbVDAboBd!$l_E=%UT07iTYU>PX8XwJ@3*{QId~;KqxCga;L@&d_;s0L#sSbh6m*x9 z9LkM8r=vk~PeI+3Q>7k+Oh}H^=4GkT^!$#3hLW@L`U`?_T>^!Gc^6ZS5!3#+y|6B@ z(hS-56(b1)^>fk;2B|S_m|$F=VwQ@0XVv)yQ-v?e8oi2Xor&zYa#DxHLidn3=<#TJ z=oOSbCcqaQ1&T6*XIO?a;dGM;#i1)R+=^xKc1PtMTIvhBfq(q9q~J#>@Fi*(++|@p%9p?w)!(~^XJ%R=emc4711-vlD{H$v`(o- zRUYdg?>Z0k$`yuqi{bNgnt?OCb-J&7K!zeQN(V<>tMm-I`9{)wYXe-IfCD1SC!l=A zmhFK--?9{qL0WD{WdP{0nC8u6)<_bQ(gzfZ&`m+%h%T8Km@ExSJR)7QewkbZJYkxh z?H!t4FEVGa`*khDny;>Fh7{OnvPzZcsW{tC`$wuz6ob=JZ0(ITnNB{AU)_APcD^-F z8CY3CjCN9|s_PlME<*#2Cm`1D!`kkt0tsrWF|fyhZ_fDDO<1346<77x{OsDbEoewocJub$ZHDkPmMSCI7&ElLn*>D(!8oc^vlb)Rh{6Y|;L80(_-D`rWh0_}~j z2NPp*^T~JNrvOTwwV+{};fFEnyx=|ynUWQy%<6mqIQj~i)Sc_>lA(gi3+k+lS(?)! zYYA~UE(Q!we(y$PY=69>@f~?nQosu9S#7+Xr^Ynk`Fbz`s#@t2foF$$Akq_G9X;07=%?T)Mw}T=sEXjQShxGub;FXuS-UQ$l?$O7FJGgcCHsKi%;|ftc zPWk*8QNl2Hh;MHJYDZ`Xl=u-OHn@baPmp0>LMoe#gZ=AZc!?KJ)#j8#k_uIjgcj8N zQ_*{#ZHyusp5#)jxh5U3`z6z06i>}IYD?Kj>`kH>h#KG-c>~%Rj13u-s*s$5%fYv* za)bv+TtI_$+j)%TLe_y9%YupgHjry%RgM>i+0vbMfTAJPtJNl?jw0#TerT}8t+jaQ zo|V`=f+>Ar0!L&&;hwb=X;s1s%2VaiP_@EIy**g#3O4+TwRy!yb=ysc70sj^0{=1? zU<_PfjIl|;a+V&O3M@g&SDRSw^WqqUq(Cujeq0tjRe{>8RBVp3O|UO_$0*qzuc^`! z+>T2rWDuCV0hI;^@UX!Aj5oAklG9Yxt($sDtVIdX@A3IOt7T7vd;~|m)+pwhHt7)U zFuw7PsumPc{nh}tbFfZg^#1dvQWt`qG1VC+tJ+JwEFVHdoHZ*)6cm&@!79=ed-eobU|;Vsibkr$h0i9 zG)u-A`bL1Ju;u^RaQF0gi#tzVPivkU?IQ%TSaab$XAe!4B=CWqK=k_PePRrv2HxAn zASB}~j>u6DANBf?3Eh#qLtS|ZW3s(JzAuHF5mtL}M=)bc^r0%fAfQ2=W5jXw_Oze$ zsvH4{ZfPv;22D7M^?LAz8Mpmm4nKhxxtA!k3W(9;zwA2} z0qG?1H;_WBybET!XR?aTvY=t54ZXv2lBv2QaD zkPU4hug?`M^}#ZS;97fUyNX5%76z={qB`oDB~YJAhz1bNWruBo~<7P>GP31cNL~s!aCH#tpxe7(6{om$bIbd`FArY}mnu z;G#c|#|V2(G5-sAjL`J~GW!6lS$r+yp<(!YG9E2z>nOiQAgrY^JHTyH9Wq+AY@LSM zL9VH2HKm{{$c&5@Vq{_AbmkI0pSVd#wPLy%nq}67Apq^I!m`BYbIWH(_ga&o@*jPhiN;Z7wpS7?A9*B~!j#9+pVY*_Vu~K(WewP~#ksgJc3_ zqfUlwEhO6rFP#o!UQ%5^Ycp}KmmfDIWoF&;SrS&+c44A9<;iiG8*gei0(=F~9`cPt$Zo^Yr z4{ns*OeRUIeDKA=#-coTZC8B^uh`M7T+h*_JMLW7&H65H4p#+_ z6{e%1k}DICZq@oqF{O5Xg4x5Eirbj-_PS?~q~PrFmFTfv9;%8^GX2IPVMY~ul)x!4 zGZ>Zq1*|)J=_SL zwjeyD-Qu7}$qjLUTU~gi2v}%^Lm-%nVV38n+c^|GaQT!i+#SJ5Ph;irY)lZCnd&`| z(;UP_yF=QGY*ND-LGh`9`xO;I`Si|Z_IaH4*xdP*l;PY);6kiulE)>tSF5OU8@6ql zKox0?cGhzlX|NBTwu+E;31Sc$mmT|kcV8QJQ-g#UQ|WSY$C6nXkb(23yncGgsTW>S zTE82gs)&b-D8AzuYr9Ak&A2he4>+khdJ;a(y)+drJB zN7}b>T6gxTUD+n;N^({h2C@p~lda=!q#2`X0hUy=e>U(S^s32tW6-*tyLC?3C&<%< zdB9Nj-Z&WYGmO^_LQ#W+`;or|mRpONDGzJ>wG^%=+SpM2rWvfAm+kV=l?sBXwG3fG-dO)D zr4LH8E}Jr~3NC>kX2bswqjk)1w;A-kC_p=9COSxVJmbL3=q)#|`t-LgBz#mTt<`d( z!HEGSA;`n9ju6sSQ{~lxMW(@m>t$}m{e+q1Y+((9J5di}dECb`B)8Ebs>L8f!Jn|EHh&c+c65n z86vWu8*Sf6O3-?Mig7)LKg4QZm0+tm%dV<;pok2zR?Y+4+h0qj52(^)b1T4@&F@*( z;52J-YK<*!G+8!f)ShIJe8Os)%fj#x=tYe@GUUQ*g5)TN;=3{}XvRe8v%K}bVc0BY zt&>L~`8>D>9SRR~*v74uB@5k`iK`>6oW>%>=m=Ce9tb;8X1wkX*MeD&=9g9{j4d|?X9B{E4 zib1`}tg|zZOU*dtf`iS{Y`pm)ao%>%Rc)VZ4!3h8mjVeq`$NAAsE4DxOb+_vlr?Ad zOPpHd@j6daM{KeteV_QQ+%cZpld2?V{B4kKjNtz`gS?+U` zac)GyQj@btpDZssVk@UrDvDB_aQquGo9(%2zpy%2T1>RBxB2B$3<;$3Q17OfhM+}I`(D=GcQ!=DEjk)t-HR()D ztfI*tQZ+hSl&fR=SKs>v9eO>*z|1Tc8QAqA{krV4LHTHD(T4tFu%z~06MzXx8Rfy&=mx!wgdZ>dZmr-L6!)ZRj_I=8C^)3o*CmeHHV zaz`MOw$HH3Jne2)NJFp__onO`qUO+2J%yyNL(u0<-78Dq+9-$Mx9)>OedFo&bBIj) zLRw*a`M5AGKic?+kATLHR!#izz6Q@nNA@^FsuBgk?|{2LfEvS4)Sp=uK!vcn6}ufa zZ+1s`*hoNPiz=IvygsJ61B9$4$1=B3eU`+ZWk^I0!RoG&=KzcX%O({w)mnhkUN z*&7D%V{n7~tX&$E5r3(jar@kz@#OMruJ87q*&!Hy&eFFA?p}I-xF`rZ?Bqs= zU$?G)W@5v$h%|Rl#eulRZb+)e;k&-pei3jz#h9jXY4gR%mb9yWIaSO*TyXiXp>B9e zy)Xdnww8CB9zDkELm3q!i(Q#AAW=|E+h~g1OA3JxC_y^Xw91SgV zP?`U_ubhSrfmX?e0I5x#7{r1C5m8O)nJP>tL<>8ANCsr}AQ3?g*ci_?h;_ zy46RdVfA80U{rmuc1&LmTZ(9`w= zs;s=`f-G}zA^{o}1;J}gYR>ck=chQWkeo%QrvP5gBq~>-)j2e~aLvw7kqODuQjyc> zhZp8g^AQfHTjA#y@cG%P`~Kz2=*M~wr=2}qoEj)k5zY#NADTUU|6OMfdQdZm3p0so zvOoUN=;XU@F!Z=)CJ4w`cv^My;$^d&i$k-q-RSQT8o#597CbM%@17KVWgxO$ot^r9 zorf>KZ}oNnEU!1{#NgWR?qx@JFAibc^k*p~Q001eKZZZFyF0Ln40yr$vp6)DhujdK zM>w=Y3|g~`L8I3$=8Wx3{u!S6tY(#ksO94L$X$tCL1TpK@`sGdtG&HIvQ7Qg=p6pP zF!$KPeS>$bzyF7Fj`jQ1qK|s#Ht`$lLp)02+A>o!zbq#k5DM=?1k&>qE0{0TD@I#_x8f; z?c%hWXRW&z=k4weT@qDy*om2Ht-p)!Tm8K}cmeve^`=|v@a*M}?H;=!d~sTvaW!TA zw1&g;cAp0>jSJgn?b2xV`0}))$MeH?q`5j?M4hSntLp=A3D>6MqL?=>3KUVg%2$}& zPMT)k^Q1(jEgbqiVYaJKi}Ix#Va+Tzbrl)0fO_IdO8UbH_mPkiF?z4_DYsN)>FlV=Z}*Xzrd;SY^ozdJqH z>wyD!(eC&AcE9Hrk3jp>vGEbn)%RmC`#_rxJ$l>h{=B36(?<|(`|wtx&A(msMQ zBpz*QO4E;UP?=XT#j;Z52sQm36uprFuokorQB}4J!#aNn+tq&t-)#!3xEa^^+2?YM z08v1$zYXcaB`thp;GZz4V^za<=UTUnG&Q7aWYuM+R_t>S1cQiNu{F<3ne?DHXSqpZ(n&hffMnjG!Cu_EvVkWdhDJ}Eqnzci9Z}B zw^io7bReOHqW2(q!HCFWhH2_{G~4&c(fjHArVr*-R}c49)RnsY3Y9cyUwAr2_pyJ5 zFUdrZ8&*gj2ge$(Ug}hJ2@k-Nrjd|62zu^2J5x*ycCZ>i-S11mENzB$WpmtPg;Dd; ziXs$rqt0o6?}a&fu0N$>H7y}#5v)>eb^;d#LGREUt9hBAx{kT|wMATjqzNZSFKx3$ z8+}J)V%%RGG0AN4@JfsgeG8RQk+(vUoX~9RvzSx3WmPeugCzs3J4nrm-s_>`3(Zub zCYeyr-TR(-iJx8Ss`lqLAZ|tDyD|@t9-p&Q;keC6JWa|&6&Ea!Decwg{|Crnzb%Rycw<57*CjTaM+yt``k1`Y)RO0_7rWypp$k7K|+Y7x2@glB~pVHJ& zHQCWjz>%vhmOzd9bt)e4Cak~Pxr!g8pz2Q5i?}pg49=s&X=H1fUwx|e;lf;I?ohUJ zv4YR3;+rfq*akCniMj*}wtluMmA=ZA^#H59mORisP3YeZ38;(lmi5*aFdC_XLeMLC z@>$=OM|_>@($4!W%UnS?yP2Qk&)o2ysa5y!W0D#*S`W1Aps7`PwJLR-mI&z`(duV0Jjivq}&dpL`;-zf&SkxD)>3@e6rK#E}y zJwW5;%O%Jt9S}rJx5i{pb^a59Y`fhoQ42N>VVi$3H?s-<&RDHK$nhHY54b$lyQ@`2 zHEeO2gF58p>1o?nDF`ke$=hVf%h|=LTeoR$b~d_RIBAWhEK8^)3Efx08qN3&-{9gZ z?X?Ow4cdcg(4a>zRIJJk=!Yd(Zy06W1N{oCrmk42H1lRn>`@S0pG+ z_3Gu~=KJ8Plzan#PmGa&UbO z{~k_fAK)K@;c&EA;Ir%T@ZZOiH)J{?g9+*BSF>f0yt-X3r<0IO=VZEkJDR^AFGl2c zVRK8)=F>Ox!A)p09goQ1&3rUk*j&iV(fkI|G%eqb7x?aGG+9Pu{F;22-jcz5L~tn6 zW3)7QPVz|@0^5fP@v>WYsnp#Q58d=b{`>1!bxK+J=*vV@stoE#GrJMbN&EC8) zWsPQ+$FFYmwCl(GmF2;1tYT#-WGn>?K>#S=~?)^qQ5WJ>Olqu%wn*C)q5 zVS|gx-|`?0fps&Y<3J6}cYQgA?@XbwyXGl;Wq?V{oXpwWn(pbE|F>TP-NG z>KI#HqY+que6b>wtc18rSy3fw>|nHePEB-NXU6Iw^Io|Fz)qTC-A4$rrxKC|#3Bd9 z!CBub#EvDS2_Ql9VzP`~-W!t_=e+N+O(E2zFrn}}s0gP*@}duZT;lkitCFTp4|!x& zFi;0pg`{Ag3RJ{ENDS%?at`^cR3CeN*>9Hg@UtAbF7Mc0)iUH_3KoN|Rw;44zh+_t z8_d=oZ>YKJ2i@g_%}u!+Q5xEtC! z?N&~hSz?k>`57xZ!Uo8=Ad=-Njg8$1^BD<=8?#EZVsksyoP=BBLH0Ze;_Kt#3N8gT zTxbR}SWE?gL3OCnXV|b)z-!b<%{Bk8Qt93kxNVK-YFG`VWcN%e$mPR!kU-Nu(cp9apmHSz2gelBo&Z*` zAp=cJJx_Z01Td>TRJ^l!*x<$!%B2s&!rxkghS=2y%I}%{NgtO+>C%ch>|mlC1J%Vn zg?=HN4o*l_)kDmsOpD4CE~I9p6l9juUuv|OKB0(6%Wxh9>!?-@3(u{pXAlCOwQVd3 z8`;-t-!!Y>cbX|-PkOndAc3!EV|Dd79Bu6EMo%z&<}^A!uFnE$;yt6Re?7y~b0$(R z?EhNGT9h5UA8T=;w+?%Rl3p8%9(rv%v!My8vYFbgUQS;(Ri(7H;Tcm#)bpfvmOpp0 zPNN49rXq4wrK9q~wEPsjU7dQTOR-u&b=b=F4Ef58u@rgFr`XF58+_mJX|DKCjs#Fk z=azssoj(p8m>RsR&_w;YtooW-eKNON5pQd9wV(bI z1Ps*_%Hc9tuNmk-@p{3VPSz`Pnz*F{L)tHDJdPGN^xhkAO;tl4b0H@B$!yfw1aEOEUtvOEg6#Mc8_6 z%7~R&!PEL4wj!*1*f|T2K;ccuFy~DPX^`y?fse-n6;52*gxDYuC1l0+B1_zC{H%ag2a@eH<>r}L2(t?7 zGF|gD)h7lNO4h>(#3x{JnflhR0cQ$z3zGrQ1f>AId>N79mdcIZvgRN4yaNYh`q1Vx z?g;&#iBVM7hio(yv1AFi`4ZQq=GGzGqa8Jsj3#@Mltweg6Q3EZMq#O94^TF}eP_dt z@w6^#YYL}iu>|%?1JD$x>JFk>wpjZ@rKc@MX&v<_U}iFPd@$4f-uK>u)Ur4=v}P^o zCqoyY6?R(eAu}Z~7!5-aNlLwm3;HP}DZ57oe$7~jZf0ISPPbNAGay5?rPwh;QM=9o zwbsU+C{3}Y+B#Cb?e2w*tOB8WkJT7!1@xMMr9f{@Mo+KWBRcX?kWO<3*`hT%n)cdC zjb&6o{uOUIMvhdz8;g`+?k#l)eQrpT`xH#$=8;VnYU8m&W7Z41P4q;VQc0-r0d*tje8+rv*H!bXcM^doiooSe)8-xk3w;w$TEyY)1Phw1 zfd*1qJk+z|t+`Z1b4p-LGX|PwE$fFY6*OrogujmY=Y=V<SsMz-Ps+$*cBxj5M< z2)?fztZWA4hF522tu?k3FLlAhcB>BT6bw;KmGA-BQki%{ zUA=Na-F9|8wud+( z9C>cwZkAB1$d*wAi>kXrtK4N?rlip2hX+?AsOZ+L4AQiTHtU9f9^>(0>bcEL#wlkT ztzF#*>rYh{Jqj@i$2$h}tKYFjDftIze7k%=;kk*Q5tQ83x>NJas{7Ld8W z4xv->R$gdm$22B+S5XsBEYgrswt>QjDa|$|-7qI4Ra!~sHMZKL()ROJi=el2S|pQ} zyQ=1F)EHJV1)^;R`dAIFcMOYW#?Pwa0d@vu+X^OSnVW>}OiCe-*HGfXxg#}w2yIp$ zEOG-|PfC65X!2;$nJ_I}sK>du!Y?3cDY|3VI&)oJm5xp|%zt6MRhP+5yr30 z71`BY*2?f^P#7v}PA4?~uv5m19lL#R8MaCt#iCSNoFgsgd_(s>+F%a6swdu0}Es$P$Ipz z99|7P=Wt;TPYv-6rViPQgB(bW)B0jFG%rlvDA0O6i%*Qm0ImdtuR+b8x*Pr}xt|}R z^V$`Keq??j!}-WLqkX#|qdyF>Zd3LNnK2GhA$3^9DFOyjHD zB{;7^na0r-Sx&=4Wfp54cT`yn$zre^FJ2FZ%jx_B`H$NHK7Fe2Vrc6?+7gddiAZlm zJz%p?WJDIzn-N(o2TO$S|J=^Ui>vVvL9~8**Vohc;C*Hgik-C)<4ras3v`tmyqdoA zKfD=yz)okgYw#en>lKml1lUIv^de$e;O?oz(kEd6W zSK}MLhVcfkm!mn3Vw*i5163tXaHM>zA5AB3$Y9b$zz1?YSS*`JsJ?#$3mv=q&G=ol zt;u3G8jfF&hva(nW^hgB<2P@Yi>P|9yB=IGrs%PWyBizfyx$Gx#&r=Utp~?{G$yZK z_GkOP19|lUi+Sm8uf~hv z^2!8Zfk1JYGp#4|&{t1F5ma?rmHj$BW*GqRzn` z{KpIrt)~upM#I9|L~Wk4LV-n?tcB0I1XbQg7>|LfDQ6mJW`L`tIuLbCMpVP4cq(6` zy+(bbV|RUNy2G40#(*Ix(}hz9Yi^AZS!vE2I9nS51WSoJTrA`XT!gKOgVK=sP~QNqs%g(ibG`+nAUWo;dcXvHYw zoaG`&>PFRia`o}6o6xEV6th9}zyR)Ybm?@GNR@xoR{JlcNc{>;R=uiNTuNT-L&7pB zd+rD#}GLA}yw=^|k8`HNg%n)mX-nLyO zlHt^&TPPeKI8?QQL5D!9N#{190>=;@8<>YXMYr=by~xDZ*3~a$Csa`@1G>W+ElvQ$ zz^=HIwKDszCar%EcbekdF)g?HbyE!=56Ufp@qP7zfUS;D8_=#HMkU7@52f3GesQ@t zr5wX3Pa`iM0c!M2HUt#5eIE`e@8lR}M}rn-m!6%HqXT{Q{X7ATtjjdDu8S_kg>me) z3c1z3QI+iTGzU1hGw>%tHSv2#n{VizykY=d%7S3XWnAuT$tmy}Ho5kgWFc8G@9s<3 znrd0qS%c8?#KjcY3D@q&7S5|AAJ>o5| z3eSGwSvSlFq3z>=rS}Z89;1#bS)&`6c=ePqoPV8sg2a1~-E@BM|wo2Fn4u|AKrr zxCSM`_-Zs+>VJ>^FuIvt59S}>yYb{|JRc30rh^4Mw9t)))5-K^Jk-+0V)P%kqsekS zxVBAyBGWng1Wy-BJ@MCLEoZ*EU5qCXBRAJ`xgCY%&2)P8etdlmoog9pIGzo(?7SGf z8&BRW^b(w5OnAzHnSRHl)2jzTr?a2CInKz@fiL?Z>5XUCgUV3F-Cj|DcLm$q)Er`Pcelz&R{#@^k5P@I(w}zdE@!&=o;qZnBTk!qePFAF2?m{=fu?Q>rBQc8AY7z%dYy+4tfAY285cvb?)zyx98 z?ie`vy1oBHzYx6Tiz-$vwB}i)(mo&Ma=0PBV5gA3mNfN%g%lf)S}V@_=)jM=0G%kj zzy!F3yIg_H!NLt?M7idS+p~>=;1+Y9J7yds6e(XPX5wqx!%82q$h6pPT!d^2XCyd0<2w*d6Ru>L z+hj_9l!FOP4PEx+T9@^Zh+MKA2O-=X=1lMGw8}BE6(!u?o`?=kO9{(amH?^6V+Bls zrxZ}l>3JR{y0AuQFW{8~6 zM>@>zu4u(QImcNF2Pn<_&2}14+gj`drzaH3Tg!HrozcNoE7726s3vKd6 zze(sh8+)p}E{PXB}$o9b{Zm5pOE1$OMY1V4f`_0RcZ1GR#HxjLBS zD`Bg0vuOmDqQ662xmjT)lm^}+!wcB730AlQEp5dJdU4vIusPsbQ8^);y@+gxF9Zax zjTRAMyA_oifjgMm+=kv4RulkDqV)qXgZUJUVe&17iY@oJG#Qfo&`;ko@EPeqtN`LC z0wG7nKEP#n;D8E=Z}+gVCT=86J2EC!AI`cOLgN5HWw^*7WEeVh4!sb332F9`PyqvnHbSu907Kw$ z{Z(3sy|=ekYz-B>3afH-j)d5O=Hj5X7%N~kYNxsL_Ffu~6ATj8Fck&c<-o^nghs}37PP`GHW9gf%&+ciROEH%I!KO^`M$D7 zECK0&l9X*|YD%3otJNYgwE_{UqZ<~8x}vv1T&m>im1>}JK&{m8#u_GtVn5j%+R0@8+XH!pjitFMC$A|_O9`xpxn@v* z>g~V;Yv8~no#j_=Q)ADIf`IF56~TkO)WC$+yHa2Kb0kTTM$ z_>ec_Cw+z|yCClVb(l&wXwTT~y+_NXDQ3M6R{+R#hOW?Y*C8 z;+ctDZ5Zc7ojOF}MrkkoEj!-^Z zDIWD9{L-_I1fqX((iU$RbC;`Z!&4%^&RJ)L@aXNv`?TFPwzeun#CAOUB8n(bluffn z)9W?g%uZSIoF#B?Qu>IC`FR;CO&P(4SyE3-!3#&Q+x%UXg(VmIcHi>HAorx#Y9)BX z`2|DTXo1*D=^r0GfL&Vg3|7iMDAH9~fFMQPIL8N2Iwmr=@4H(00LBRu9yYd>wY5z( zSL03HYF)h5_J;!U2f1SNmD=NoZq=g!;o(p4+(q?wS6)G56DF$` zqn!kL^6>yR&;w#s-e+cmkyhSNRl{u_Q0=CQSX>s;@)|Z0#noyqxDt**eJ^C01q>Z=|#Za%F zb3~E8RVvP%YZ&yJvc@e&ImXo zATE8$10h6^-=cvEy9pZ#lA1-PWp7N6X(>feQF>-7zjV+7dRB?un`)`^AZkXUtW3>A zC@qZH#~@NnqnEi6xahFMuIKMtt$(mPA{Vq%?0rKYd+1i=qE2sFCpfL}U4O;9Kj~)s zJCVs1&yO^V!pSQc*VBM6=905}j+lwBc^N@t{=tT&mXZ;>lX08~Hsm>-<^Edt=rwKj zTCKl-dYVNZST@^?=YqBW9;w!5K@Fs1;!$f>??DwXBHZEFv%G#X;5@uWNy7C{h1`_<+bf<>7tpZi7+je@w&^`>e7rQ8->b6>niGK8jTQS&D?$8@W=6 zeB_zrX)u}gjh|Yr{(RJD_kBn{Z?!t_pveK>X%hf*D92oVW&gf|#`2=&!D?^e8o%sukdr;gM@Y24@q5SVxvFP zY0vw!ww7w0AK(iME}wWBHip0Zsnr@j%%=Clh~15@ug60+?9UfeuyLagNUPQP5$7OT z@>If3+zI^QPmwLT{Eep(yAlb{$~XGXo z(n6$Slc|W^s|2uOXKIIipOtwI`&(p7_-~>f`4|1ug8wGJNNj6SW?%Fe@m~*LGA*+3 z6g>R76!=&;ov=fs-i<&~4)e7UFy?+5t1Q#gAX2HPs?5H~l(QS2D}8WxB2y~WKkXr5 zB^D7I2(8p4bOX4pAF;uf#}ON-oywFx_bS~e@6Xr2$)zd_8L?}zQ!BkOR>9=L3lSUs zUh+a^dK2B2G8KAB^sT?u{{%5X|GZbpAr&xbw|uGldCPY&cji6(@7a~ib6!Sl^r+9k zK*23G7E7M$m+pAXH#}eQO#hrn{l8@<3tSfbS?c|B#}BH|R@0rz)M}+7IGqEYm@P4p zK(sRxWeWbIxn69Z=pPQNtu{UKh%J;JdseQmZ{!x@HXBM{dA+WK)>SK46;kERFOY%JQi7* z#xi2V&0$|eY?#R+(=$3Owo>h3j<@jS&nk;y!;AF5Blb)A#3iu#EOCq7@q|CYoF)Yv zfj{*c{ay;1F8$1Or(3w^W|RMu7kV*fPdtr5;w!dL1P@CfWkUbDj3w)59FL0>S;pB| zD19F0YNutQK0E23xR4JUY>nioevb`zGQ;c5yYYUJ=_b}D#V3&$?24yfzP;st@`!!b z+Dyd$i#D0=&40<=k}sb`IMu^+15=G!RObRO)wwE*EghSPP54eiGh>mfVyoyTd*Xje z{cc^F`zOV3s@YIjger&CSN3S!gTD2f_XY(d2p-n=Z|Sx>fzkz_&xK8wMB7H?zAEE^ z&RMPIf1T-K+;|v#tg2nrz6NgY*LZk+|5je^b{t7@S3(dTw#k550-JbYeEJnoL3A@2 zz}R4sYK&oSc2;V)7m#c2ztN;k_Op#1un{iPES4z;xwzYj3@-11Zr08@`PQ#Wk*b{a zWrq3(3X!W!@7VWlt@NWasaP!7&pZ`UUv{&foo+eU%7o6#Kt4+P7>wcPGA|^mvvZyn zl5dn##D=Sq$10;Q!JEI8@dgtu|5?gHAvFhpz-l=U=^eFIU>)w~ih(NfuBI^4yiy5` z`zsqj+WQUZ)7KIU!JRsGFR~Jwpw3}Jrd*aOPwY1St&Am1bW9DPKV+xX5Rt8Tteg(^ zkd>Q~AKo{e23i@=D;{MmlvAuKdTaRNP86Bit3+RN`q1%eivynV70+LzgQ1pD*$9a? zhEn!Xid0_~^bqTe(o|$;dNRBJz4a0fl?DIX=_e`I>dC)bPic}M_ga8@D$D;U9e=aZ zVK7SYgnR1USLhob}IVk=VY2MX>{ zo^g>>#n3_|tp6w<&wl3XH5w-2j)ufP6Jv zUbYknXXWY#`F^itT0p(DYnJFKo>cHDde&{%Fi(bB;uKMLZvwbKKC^j!p5T9 zDGog>MIk-efQ%u$tp#by3rI}ZiUWHR8L}%G#AW>UfvFV`R01?{zTNNd;*oxpyo-;@~Ob#X+Z!fas z;J(vCvv*&eR=;Gyw;I9n^eVO>6$0%K2r~!PC1;*hFMA`(7CxzkXYOGw?$&NlOsmrKXd2<=q_-*Bb$ z#$6%wbjIUQaB3Ztiu@td#}{}jqNcLgi+bZacxrp?z*gWgKGJYqltSkV{zXtRhqjA_ z{LRS2YSGI8k|@RNMY2i*eC8hW(9yJdLm5-9#RwOhhc}o#)tEYK9skBp;!A!nUSN|5 zGP7=GfELpO@)tG=e(!qGL*svx>RVcYN%X$e`k$1@qbZU9u5`$V$-kHm`I-bslX&Na zop2fCUr3IWvP%y(CPVrosCM=h-Fs0YrA@x1w@o_bUs5^qEq{^DiNKfUVWV^Y%)jug zK=l|8-ZACV3co9*We`b0`&vpVELc#e;|FRP5TulkeGi*?g* z?5|Z$?c4tr?bLqlf2Degop?q+rHB3&1=U+2U&*Yts#m?PpdNYo#TqKU|9^mr>g}z6 zi;il)_qQvlJdM9qnJ-qX+WHb#^IHsH{7<+)4EN&-9t&C3uQ~6|(t6ROREg0ReJYWR zrDX!D#4*2zidH&2f=IO39Li^g^zbp zeq=%%k(JFCUrtxw5vAU{ODjPP$J(g?BLUK@$YQDsQ`;Jy1pHhqR$g_RXmoef?>;C7 z3GINzR%DYlZtaH(2Yq=>i!M-=29GLn{w&RD0Z4G>(O!Gn(Wf4vnKm%00%R%TC6kKAxv{uGD z5D?F#MI1RUU+?~tXVy(e+gs4sZ~A$6 z9R#;GR$+RtQMD>2kyAmEdDtV~vQBe4un}EZ zTaK{)uY%+P6Ul)40D+GIKBG8CP{Vw3M&9(|_y3kkR~t*fL~Tmfm@eTTw z1#IE^`SCKdguC~x*6tJqr+y}4?R(SNYhLg+mKhM^mn$a@;V%7XnqIdMnlqMS(>O|vwJ!=99ZTzIXy0MO|^laG9L zXp}Up(;oAuyxrA`!Ln;hTD|+yKsbjZrSjA#LJ&;FO5{1u4t{}a;V>&YdDq*)hG+{K z7BTr0!zbylKwcVr8F+5cMNY2IhC3c^U!OP5aS0LDa@eRrLbNVK^!kQdlbri=!q8=N zz80I3XK`LzQ@;9=s;5N6n~+?L=rpVAZQyN;`^6)ecb<4ttqFQ%ruLZxqgkxBsY=vF z%bLhZ9Y`DWiXM4l!GGCKaOB+fhr7>IAy$=jrfpH3U*zm2#^qolkxNN8bkv$~{mAVE zdLyRFA_s**!Wo9I`?EUTpXxnOC?txg_0w`Z3E){<0$fc!^d6E=(N&=P5qDYt2hTkEsD^mB&$A01EN$kZ)UjjRQl zukUB~)rL;udX@-*w-WLZZ8DGO#6XohPhY^amWB5ynS(PhAR*PJda^9ym|>&wWf4d& z$K%>8Qd7kem2O1#`b(m|Z5l9h%#}?FWnHOQ@AOYw#rnWG zWV4OwfjML{v3t5t$6_P%#6vYTDrOEYWPl3A7nj(wm%mJZ$gxFxL%SBEiUwArxT;)= zp$=8SIy$Wdc}|)JUIDB71}IQ9^as7#fIncK?_75ES*~__banR=QaR9u?OfnoNfPYSD#nY^@Qhu6kmX{EK_KA8CI3|TCMxx?BNAi=M5^e$<;F4NH2st zf8S~it-;}ZM3s&By7**N=bx4-kR4m^b`o^QL2{c_eb&-(Fwe$BceaT>>spP%oO&{| zwAO;iCD!({2vvS>z-MZ)<55i2`)B%L@T-6o-lk7B=kb%y79d-hO8}xJAXITft;&Q` z;JLwQ4Ly7Q+{%KbDiy_6fD{U_>%Vc9UQyq+p|b{4 zQL1`cUr$mZ*u|U6AB-(_FS7Cx9HLZ{5R(t|1T{b%>Lj<4h_Kr2B-VEt@t(*eS(gdh z0hM@Mt_s#^$0|{6Ftj(B$^%om(_WRyo->(>KUQU~=LZa&hY4^z8BV4fMh-NeHTo6P zNaJ|NI`D26F9D1FMyPPWqb*iNrnGjOIHNLj+_-zso^7))5b%TLJfTtvy;lqVha-uu zGq3|{rE;`xS|>j4cIb%SrWY~b{6se!Tu->7U9GODl?2V)DqL<%x*381Z19COFlj&v zKy5HS+NTB9M*4*c;-}9Jq_^_#CBo8Soyf8@Qq8UeraoAdKHOJT#KPlZ--`J+Rlf@k!fWX>s3U|W|;qQhM323>4gIVLJxESn72rcxt;gfXu;;It%%D+u1YJbWbNdDp-0R$1az z4d7B6OCfQiEOL>oBTp$VLVF6M)5u$h7AVqI?D+xp-Xq-dlH&HL1OT>gUgycqs8arR zz95Vbk8_E~zm>TSE@T_w7(c>Jz~b^R0&%ePjZqr67&cmCl^5m@OQEMPcZr0(V?@9w z&Y`=v^sAlfyLy#9R@e|nB@o%1^2^D3x4>F>S_7;p08Mfs+yQ7F(vRE%R4MDP3U+yZ zaqcm|IAtCk8ks;XIKcCNQTD&r)L+*K!kK(UxaQMVWWso#WlHohpsYX=gfxQ9@|4LP z(go9qo}E0yB;)CWd3CxnvF9>FkpqHY=OuYVR3tLYNkAC_I<(fdA91kV^`D%sCth=ylG81zMgM-B=}WpePieYFKh zcXGsHeNGCw(yeS&nTxGTVuPZM$hdo}qo$yZn$i1en9;Uetj?G~AEuLA_KW_Xd4CqM zyZ)g6fIs#p*KE-redT#eE%L}hx)fWe>_uxQ z5St$Fux{{4Wie}0AiIq)`{ED2+v_=Q7fqGUV8lWQj3*wG7p98I6A8YjF*l>1nOOMZ8EXJ z4r${Ly>_cLnp}_mdSJNldHJ!K3q<0y71&|07z4f`JJjn@9$y;jHGb7VdH|U8$q+ER z>{6`2g_jI>6L!SQgaAcW7NwyMcvQ(F5-6lT0weLXdpRctE>}13#1B=V(SV96^wd=4 zW8*OGJr1N#K76#v2=yXnui%1uNp!rnEwsY9LH#RLEH7mdT#+vESmvhYKQc*zn5p!l zL}$pNGj=|4eW7^|0}H}h_Fgx!Ve2#`AZ&|7ZgN~jrbPgS>w@oiK(aRTMP+LtO&p`@ zf`zB@0^@Lr;JIOUuV&vL`%Vu|@N_bq>r?!u_XeQlu+qb2rakA!0)Lr*HUkJmm%Ay&IjD^nKmPcpS?9)!+>r->Qz{PV12FJ> zvgwMKsxD+u%X66-hHn7)6Fjz9+Uia*tgt$u*Uy2abG>jS#}S2(Y&^6p$B z1o#*zp|9x8=~=6L1)DZP1>t% zu-l2j_w^~|=@&qQX$aC4Cu{W_B#p{aQKMtP1TEW~Dhn)Tcx9XDlDhve8jtSpN0Z_F zbqD=rSFt|!?|~=7XzQNNg@ptOd2q#UpYZHpoU+}B?Np`>6fL4+AP^-rrb23|Tx?XB zv}A3!pr1}!O$uQY!1Hnr8 zyPX;4@U1;+8Y%KF9P2_kXkz63)cT46Ej3o-@p~iGH^QsurS!bVJc8b0zkfMnX@yn1 zd68aDTl%8rp5rcUuI_-!4%Qjo4g1|j|0%xKpRk9?XgXnc!@H~DjN%-6QP>gS_Lq3Q zkHWrpF>nNxD}aE@Q}&P|faUO^-HkjRAJ}}T?bCUw<*eCK2mcOtuoqyK5EQg&*Z6XP zM$gb$(#3`xLp~mWP3_A?0gmhHopb`=o=VIJB2>$;9N@)C2d-{;J&{i;OX4RP1Z;8m$DD!;Ga^Z3~g+g^+2)CMtX4hltIeWbvoS z@EHV8AzprKx!QFx{tdWPw>)Pe`w#OY8drg6!_8t?7EH3_lsBe6JvoovRoEiJO zi6O`3MEMuLA?WvRPrlPi-*0M(ZooY9w5K@EL=GH_g-FDHt5Q=UNdeOxmx+6<66MlY zu{sE!-5;e4rtR8V8$bmj$RclVoSX#^k;E<+(#i3qJ|uyvW64O2kfSVQEYg&Q3)4F3 zyfI|rQKY57t>!rXyew}BG}+I0F&(Sc_j{YpbLORVADbYX{HM3h$$21mFXdxFPR+eL z1$`SQIzwC5{#)b)UnVl&I#E-78DxnImkwNRr{1q#7Lg78IH_pMcrs+wNmY6_d~kq8 zQKdW8SZiMHMfQjuD-wgITWamxX0R$o>85Xjc4xUwEvjNB0J;F_I^xo=l5{LqxFKLV zGEpeXmaI<9|Nn*4a>hEcTZ@T+XFyKx72jvI<0fHh`0G=>j^Qzah- z`|;hkZ@>F?IA9%$;e~VNTxYpSE-^$1wwx`;;AnM%VcSz7O{UFU^=P9P-~!Q4VM_-&@jJv)09 zRUFiZ?o|3E@`26g{isGDXA}2i<`;z5*U2#*z!)P9N#Bw~XIVS*y0GZ}YBh4Ih#s^nRmxJy-OPx*Xfd0mb zd#JNK(EaV_NaHa^>LA^Ko0LWZJ=W2qXwR+Z>>h{O?ivKXC9H?hMouq;rI*+V)G>%B z$gT>+BBaB{s(u!^WGRTGjT|q_oF~b1+W=h~E=&A~yYp-B10PilqB#LeYHcu-YQ6|O z(tZNwU+7EZyZETgpXN!QAc@+x^|EygmKOd7g$p=G^lRX#08&W(lFakce+B-HZy0vp zLUo%p8@D?-nM5}A8o02)_}3Oa$Y8fM8czJPn$yX7e|J>IfS{-1gVP`IJ!;mXu@&!q zKtHYHJJ_}*<&Yy)noXre-wssLJRaW$PVqAV39nf%fyX9qILFFY?x-H6Lyh{{a=$!n ztp_fy=9ufXJoJa$;UKba- z4EVm*Hqz^-f7UWP=`4iFpkM7l3VeMybAASS^L!3uwkmg6y^(uKiom2Av88a~No|+% zGAT?1*Z{=%?0oANp>BB*4l{qA$ZER z-NTdT-QiUac$4G$grE9qIKCY{+(qnW)}IW95gRS~GtB6u(@TM)?4xyJC69>-y;C!RskL7Lmuz={?K z{xl4dt`+dd!G)6?Z0d*}amwTl@~sQhN@*`P%!9VKDsutGqCXiOxi*P;ykH=7AbG|n z4(QPmFR%4uQ*x*H-7B0n(J|d%kiQyKFRkStL@#Gvh!|=Q#gj-LwPl+Y+x#2zS5FCm zloX>f1i2?#=ONLL8Kf|$l+cV35wDKqc=bRvuL#^yjbIYyjo0QDJyVMR3Q_eixgO5g zWXcAk+2G-BzR;p&&PH>1csgVK$!9jbVWY*I-Or}Cv;G~s9)28-r}x9zoQ+5QtMQQC zxCa*>^gqYr>8H`;He$n%!wDPRu+ijZI=dTQ(<7r9yPwYIBUA~XY->E7&)M`Q(jUF< z-}P^YY%z`4b$`)^daco9050nOIAX*99NyiJ`?Jsb;nC!JG#d^U^wu0&Fg-E>IX0M1 z=EHwJ3@3|Ge{3H8354gj`h_>pgM}XC&1f-?*ww>)G#Sq45u52jJPadtJDpyC8jZ&h zPRwF77~S`wprikBG`XF-;VwQ5KePU9G#|45ob@Mcbaywr9`zSP*O9@{%$I&^!4@C- z3wAr43}?`${sVOr*YgdVHwN^sZE%MIU2cyCI#5`LrIiJlnj&WtqJoHg>MDw~@%f03 zRfj)H%EYpy_|`MeqSN4XC^9n4HqL+%RWVVCdgbg%Bncv_za-XqI_`BloZa;&pI@AK z;_`M-*si-zCb1yQfpxQeSRF%ASwRXiKA!V{Hf34=2_Ug*I>&B(8 zs#k7qpHt{a2B|k5O2Wula4XxK<$&^6H9?*{3zq6UU05Icwd%}s1%`D6h9mHm%V@Oq zd)6-loA9CwcdVBi>QyHCN$IJnw`3cWq5`7K)A#7I#@Zsv>U<_A)fS>w%oV5-LhS{#d*TT`_xi)ociP06K15+TYCI|c1S_P37b*73FE91=x-2lE2Xh84I&!hA6 zb0*4688iN`>NyveU!~)C`c1fpd#vwarjp%g(#i_85rp;(HE_FApgzh;Aa+l}(^=zy>N9HL_;SOlG6q~$(w6RFe# zSRSdH2F15B%YfKrfY(vX^Ml^pC{Oo1!yH6X;#%k>(r@Jc#e$XSBAD27g!s7=2j4=QYn61w}T#n^Iv zq>D5#r7F38+*gtIcp<}BZLW9ZU06{28stYc*M8NL<&UG6H4aI>Z?*nT9J9XztISSB z=UA;+m^XIRUjUK2_e^%5zuk1FWw%;(aT>PF>4qJdnp}H*#=5TpD;v#*CjI!7-?PsD za|C3;&#prhQ*!!Zk^rWUV7Zu`L|eTQ^3FqM>kmId1u)>UIF|skKuo`J_#k9o*t)a1 z3Geh*MZ_+C{NbDeJ@8|HRkXViBYRmaEZW^txaPP z(-<3^&=q`5;ni!tN05QWOeuOKVw|}o!}|fc5}T2L7bv^QicKqfTo-x=?EB1 z*s$(lGX+d0+6oGYUpchn1!-SA^}TAr_4W*$p_777TjAk5Sxr!{qsodrU5J zcX~~1;QD{B*Z`aT&6+mMNt?L7hRmI)H<>bJ=AVm+$_6wpi_7VAnKSGN&p9 z*+dn3S)t0!Xva3ACTd!USHb{)Wl`vJ7^;*>@68k%5%#`3<=T}mjzZ;Bf2Dh?e_914 z8DWKmEyOrlY;huHwd!eGNsB7P`vY+S>@Vp10DRyzuq&7Zn#g2oMvz^t&rpPDtA$+2 zJ;=SBKLYnftMy+Om+#Kryg9!(yLihw=ih&Od46%xZMFX6fBx_Pfd7-r-C4ZkXDi@v zD00EG)%M%*XfT}2hja78ucN`uufxe#e&hW7{QUcO@8G}Z=jY*nFW;Si|J~dFxOnsK z&3ErEF1|az{EzdC@4ox~-G8w2zj>^U|5xS(&;H~5FMq2#xc?^qH<>O*gCSMi7`79a zOiov2kjvvZQIJMni_l$}6j1bPsuKy%_tg6iS~~adrcU0)ly3r%q`*p#O1C&Vq9;J8^F<5Nx+5cnug~%xT19&3- z-_Euu_WAp7zkPaoIy-;UlgnLirFP%uYF#|>OnjRsT>pQ(?4|koTRemR_jE7P8gXKw-aZqLQk7cu3?PLEi3BANGeQ9=iGCF;3dMmv z*!X_<2}?Fn-94!4gvr0Amu93+kMH=msYTB0wOZztiMB~P_FrJ~bl-;q%dfgXZKmJ#?|8JbFe^Imgv5890?lFxSMwLFwOd+V+i@*Bf2mh`Qdb{T# z7a5{v)Zec9k+cm1^&KW(Gz7r?CTC?XDq&)PLPQ5OWEp8m4vowhFaD(HY>xoZ^coYegB?L1V5szceIC3IE z;m=2&l!$G~I_>+9PzTD{OysJ}RwDfK%=|g{E&kFvH5{0P?FZyC*&tiRC>M`fHCTCt z{h3m0D5!Dwbg#O8;Hyb;Rl(BX-sg8%tbtwA>I95@js*)qQ(%NX)LmH<(h#*Gyd$8K zuznuu68g5W0|I1N+)uWE{t;#<++`6A>)D2S8<7E?z-ZxW8Ytn;bMi+=-r6c;deGOW+=+b4Gw>83DNPR83A$_A zItAZl#sE4e=nx@;H~9a3SVfoW;8zBz6Itm>nRHULwHB775P64@i^#P+xwb_rn}sf7ai5<0=P&NueD*J@FUKV_|3 z#pD|c`C{_fNx@wMrGjN7GwDC<8pPn+nAu*RY& zkgVvQ$c|7xrPuf=3-+bch>z{bZwzjW2e?({1`7(J9dZSh zaBy-$D?38<=V_}FM0>-yk~dzTcG3x&wXfbZN)$TO&Bqr=HH;**D1pz+2*M;-R02uy zQnS>+e{46R?kv0i_yC4>O{witR1C>74ZbKq$-3ivd=oeAH2C1f`8j-)luXvKJWeWO zk1{Jto^%P_g1HtC#1G1DG))v!6V=;N8|e z&vUjwSYt4f_3^2U_QdO-wz3d=2CaHb@t@L*>gyoJaMUk4|Hke*IeYBXrLs%#;J4-l~|G3C?ujUYW?6eMjFWs12^ zkb)3PzDZRsp(*;@QlzWxj%Q!sxxC;T_~G}GLnZ^y^D;xuLhQ)F;AzmPFoOvjOAe^n z7!xi>a-Bk?xv^CP3mMAK0E!R*YkYocV)5A7=GS~B^4<%DjK3o0YmMqwZe0_osGIZv zpVH7<4F4k1HxDTViS_x!fH#ZQQkc_ON%0EGjce$%2g;pG4D+K*(TV{B+$R)rQ41jQ z(b^oMl;!wEQY0vbWif=U$PMBl67ZCA8AEzW``GZ>JvxKUe`fBpao}fgef3BTLvlke z3DqdK)-Te@y8xE9R#~w%_s?WH`E_)4_p6EgtYrekZK(fSbvX|mBu!Tv^~Td|gWE0G zJr4D^4iXDRGl0ewj1-KgXUAvOuCAzSP44K7*I4LMWmmP=YTcAYnR(}K9}_z>q~4%q zLTLBC`{mf@2;%MqPf|Hi5OmBb?3No!PSPNoR`TRB(l}@sKJ|5t?KCjSGr>Jh&)fmN zR@NgobK>m$BfAa4b@m%JV28A?hUnGX^7%76J&#zUuLz8kV~bMZd$NuPcj{j4-B;O* z-=VOG$$%HG?5@)ujr$Xd75L&is9Z~|o3r9nmd9t-mZ!aHG7WR2uLm>(!k8tC2;zmz zJK^)V$em#8jPHb38-ORjeWy}!I9u}77Y9n*wiRavul#=8hj||NCm>b*f`N%D#QPTu ztCO=3{bhOf9zd9UOlgBxdF1T-qW{xq@nQO~V4wQ4S%0z^5#ib7Gy7#Ux&8_8gg}!X z%?IQD=xz>wgPiN}m<|8)em0yVPUYzCemojp`z`5T52lmr(PA{6%-Lu%7(ZM?!SU6@ zf=#9iHXhwU*7jl=K`AZ0j5W%m#dsL$qkT4-+{{Lk+u_}CvcO{E#c*~roI!c60m*#6 z1JfH;fjNOEZbplV9tBh*v-|#RF&aFK`!ja`FuR}5hY`#Yn+@mp!@+_rrtrD>@V-Cm zFNWjKjHHhK*7fiwKnA2tKU4+lnaUQLNIwvZwMb*F`o&_G$~F3hfzQR0kJ%2c5~D4d zQV_xlfPC62zt(Y~glJKnxT&KSk^waM$R-np35PZd(aSvCm#GBD{jqdIzsjJlDMy%V zh?r~eBV`aq1~I`)M641vJ|lt~QcZK=ADhB zgMpu-LI@9s%|(n!+0uf<|Osk-5*R zi#f^#mq~6hWIc5QhvMzQped6VU(*#&I_0X7cCDlw>;C&zAFHQY6h(?#VlR?2V$f(M za=BS$hkbDdMp7#m`1n~_$Ruy&hdfc6vvkusl)E#uY|qv_*B0DPW*Oj+V}RQEW3ZG5 ze1`0f7b259$-}UWUJ~O9hw1n9e3>$ed9U<-(G$Qr?b=u9nkKk5^BF&C!1G!!df~0H zQhVG`fJS&=FB?i|1luT(^{&DaQ()PaIBCXubyXQYY$2e~_vdUhZ`0*6 znFe>Cxqu@!94$T!XZEJmmml79k-JY{b9LhH{+-vSKEWUt^hTOye3b|`C9Jklia}lQ z6xK2VD+z!h@D80Pucft2$omMn|0d4yD8*CNB?)?9V<*~OgHi#J9O^INYL3!Xk9FGk ztF{CC-W_Yo<+wtAgZsX3h0_sg{ZM1X@9OPoUTIT#8aTnk&V&kSn(!+Q zh2DNFRwk*A>B1@?1xlB&$NUsfo;i?=nIDf zj&-J;_QPPb&^EENK}~A4o16PgXenTPfX#nkoyGm2Ya+TflK>fbsS418Uh(2}#&4s~ zTY-o>L@&_b@9eR~{UC6~IY$6g6VmC+Lv!2J$T_q&%oEVfS%RrRAAt2S9um3;Z)75% zZVWs;)b%+0v+?U3%weVhc6)5Duqw!l&g$=bA#?!I+#p(jKH4@%h$sIMSJ4Misez*9d$ytp4Us3ExMFViuicGb-P3LPV| zZGg=VDg3Xp*&7uP-G_gr;!%^fR`Tl!gthcZ_uL`l?#bF|2o7@KqScauFB7ane1r=_ ztFQ}t_n@g@J@Xn-)DeaebZe@O1|n&*30GWSjx15>Mr0<1Cg6C_bGgAU!0}Hg zeK0aKxJYzYh)m=@E&x+csmK7I8?Gf%@VkZ(6Ws)Px!H)^0W_F<&zVTj{|iIG8hA&J zT?7Qa;(&VW$x~Pa^02p9Fq!zh6uBQ|N9IPk30(HBa>(U9={bkVK{0{0QKLfU6~)@m zQ2w@=RtQg$KjTqEOlFyQR4X*w%hb`vM~-p^IsCbd&&oZefuehZvX>O&U8_Mlc6Z1j zRGCTOgpuI;jmdEq;rmTL}}5FP|OqWJ68sE-qO>Z*%6jF%D`t42zI;1IZo zMkeTr@LU=>YVre>uJHyBQ(W5>ye*rayA@9O*v#=q!6PdjK^*u?i9EED@qy1}!;mG&^&oH8fCY99!XMe2iwF zI0<3u6T;-=i0u=u|5IdI21g8`tTqtvx7v9ghV@rlp7E7#I4|TXk3b#fnamB=HM#YH z6WsEOoSvyweWtv0Tj2QnlGEL%A7c6&{jd_hk8}T^Rv=9naD!Syn4%XKC4d0KKa@C1OJMGY}cq<{`&rwl+eb+?b6 zHYZ4%3^AzbNzeSYo39PCslh^A@yq~;GucYWeese>?HxPY{^3MF(xE=5VX{wfWmCCG zCPhICq^m-zqs5UmL#`H3NdXm%f+vwZw!t@e80W5?6Y+=4Egb;yl7t5%dqwcNA}E5M zNWWwegtcCSIKXzxaXm4{hVD15V3|6pXIHA#8vbF;<FC>mYcaY{cW4)itr<{47xDxrA=tyPj!=sdxbniz zqS9cxOKP0kPr6$XjnvMa3bXG|=U7JUp*QaZ#gj~>)O3zUQ`#f7E+7z?i z&dS$WCU9xrGY@CMf-D%Srf;z^nQp$Vg)PgJ!eKkXK{!Jx=}XImD@Dn*U!Y@Lf5ZR8 z@?g--D#@}-SIE#~{d&!_Y3=t?R2YOe@=>G}O*1I4scdobWKqFHdhig~R^;H#jg4hl zF8OL(>ynimx!jdW!Be41U*!$khR*`JTIJ;N0{89~Q}u>76+O1C;UeVLff~9lCI(OxfxxlOkh#dYAg3W)@O0alQa0W_taMI@k6%4Ys+&` z_`;@gUjx@0080uQGUN%t_NGh{HsE`{k~YJSs?NNm;b7ek02>4 zQ~3`ISZV6iwmgfWRM)SwsBa+$N@TX3LEX+*$_mrUuXB3xSCc*dD@^0B z#)cI%suC?^V1Y~31f_XR+WSRR&N@r=z8Y1EDlKhZ)c*SJBdG5 zTb^!2OjTd@Us^Xa3~7{cQ0o8~-=q$?Oa$|(UaJKPl)p0`VAC}I`mb!5hgWYHm>-&( z2QZJ#(x3+YckPUam+p*bmtSjr53k+=G{mw&ZGO$t*FN05^#13N!m%1fBoAj8dwL~a z6@h>a{ro6?nWi-?nE0z96<;pH!$0BOC z0U*!T!L*M7Hy+z)G$)v=bJ&}}q|76>RK>QwNz8;)&sV2n?nHX2BPNPf4^?gpG!NhM zF9ri4Q9))3_diW#&>zD!5_sfz!BT}KGad%^?)K(!G9gf;NQ~n zzXL(A)w<}h>SgAPA$#vs&KPCphu4lzk)WmRiYKemAd+M?w?zK;`ON;uFZ3e6&~ttu z;1~jTVm0-O(sOe1^@>$#{JWqnt%Q6eKoR#x4izfsp(J%3OoF(~L|&a+j}*|$2sL(! zi_XN989lY8AN1`09(B(PeEtVGSW~`(P>V^-&j? zazvBk6R@jwt&N`Ut5@6uU)2X|C$yd_^Bo2O^N4WLG^>Po{J|M$-t=5eeH5d8=m*+UFh+Xu~&!KyJkzsHMp1Op`-r2`4 z&(R**CuPpgdq2FPf6`0DoP2rC@b!1_`o+0@|Lxn}k6{bvjV-)8r(T|8KV1)gsJ8I^ zca1IRkJ1?4(IDJlfBd1+$al@%(BGwzU`H;1HHDga^S0W|yJMp<&FJ^BH-1C!YW;cp zeef+pQ>oR)#eXX@4-SS$4Mrf}6=H50m_vYA)Q+q~2f>aKh`!V{V-rSK* zMBQs$zDPr}VA>>nPH1Sy6trp+{YtA%%9+>^P>@W0tJf)_wOrH_cO_~Cl`nV%`&`1! zPZvnK32%+Y&;K{p9&2-7(H+CT|1Z@X!~2ztS>N=pd0zs*K5Zi5s-X#J+208HSFOJl z_i&i>@s4~!ctq+)?;4~Oz4^TG#s^PIskgPZzJHC3dJ{DE1OCGo=kHEPC~WMFZR}kr zKQC&ny=!jmjn~?{b2rYQxi^>f=8jzwt~qRkh8nc@?)zGMZ;xJp{%F171`S@k{juI+ za}VE~2P1Yv*1rwr@Uq_KkxS#9X*0MqYAwD!Z)oxI_#H`C$D3Xw7`(ea@RqR8G+Y$3 z%0+=DN|V!rK)AHbe3WsC@gsrGFJYe73Z8kTu;mb@2Er1-@2%Gp?LFNut>`tHenKc!(YvOPygB+2*HdrLR3&z8s-nwx4PUu@X8$xvv*r)H zY5u^)a~lc1(0bcrgK`H_=}`o}>Q+nN=*L`_5FR+9He-h6Eckm9hfFOtVF5K#><;q4 zu7SnYh}vhPwOH@tiKnVTeL{&!y;y|NrdS8VF%3e!g4P%SETk$ub8V3N{57gq_XWB) z(RbJ(hdS*`wZ@8tVG$-zeE27jKI@==YG04*ojG_}-M1jU4lW>m95wtoFQ6 z8Q%zY4Q7e|IgB0T^!Lnm38Q`Or%V=tsdOa}Q*g)ALz{IzO=ovq$o9Zg=3c9H)oTLC zzD7q)4`K|@13{nphxk34D0U}`Os-mIdR{%8+x$KJ0uuWwu-~m#+rDQ;iYRVJG3Ue7 z+8jn{aJ+Maqz-%E{Lz>r9Q>oU!s6i7qHTg^(f|CmxwTeQ-4k4-2W&q|Y&LVcbo8~Fiqa+BBU$E@LOSU~6$ZiS<)ISNc~ zveUx&s%xR)4Xs$BH<@uSH~&$1nA;X-tp2*GUR?6kmvSE&>SjcG@rHT4EdB^ zu;<~(>o6*%2dLio4wZDIP}UG~0tHf{3O#O5v=sS!)({VlntsWq>9yEFerywxeDG@Z zj|N*l{3}qbcz;tFYYuJpTCG9P4$tu4U`i&6kzn>p;%_7%E~;&@{5vswQrVYvqMq;^ zhkx@qdU^gO4~Y&c68y4v9I-U;U1{;4cNW5CSrnHV>?b7f=5mupYz55J5J)T08ZzD1 zzcWn1CY{cufO%c_d^!KJNkD7T1MGS*Bp<`P;80%)X^|#T=tSapsH}b3iqw)O8Aa(O z$>Eh$q<{g#FMp{JL>_t0lJdCo<0yz6N}1Ma`4^Egnc}I0pd&>yMyaXfR9RdFX06iA zG_)S9qsm19Umf{i*alkwiBN3T4*m_^sdTy|oGiyq^_po8Ps5o#y7vh$K;#b7jZ8(W zHU4(;p0V-S$9ezr+11t0i|@Z{T{ryhzTtPR)(g>iTP>}hu?u#_ZV@2|MMSH0^_g8y zKTXEdK7y@`Ci6vqJcgeK)BDfxLw_(B&gb~M@o4bNXmZP@6V{)ww*J%oqRp-z7K`a5 zV$&I$E1gx;oN|lE{3x^z*|{-7|ro-cf-k| z$3{2o^YnrBXG4acq88`&oe8@de&~;H^xLNO2ws{E?`OmLaIyf@7J_+Uix2$;{P{!w z-MyCTHVOm`ATyuc;6qPdL6h z9zpJ}VZRJG`&_fJq5X)As&4Zx!yI_jIO=<iaawGZ@?s7c<@WbR&RSX1g$Bxh=S?zlOgO#No zW&M%NdW$6s7aGkBvLZld&{igE(Nsvny!I*xn;t5IqXis~0DlhCj~+#and-U$eH*>8 zMk2e_D_$cNRZpqC4$)c+U_T?X92TXG_&bgCir}c`D$yIXnS44`srC2x2xJ%C8s%!a zH!ji2DX0~3fDpLsB8e^H%%LfRmjLrvEJ3JNnXC0HZ_MlDVSzzn7GH2^TP@xTQ{xl< zv@Vn6(0JqtUUvuN{dH=K3R=)lt=6&!4|tt$LeS_{L^ore69DYyRqlAt{?ux%y#8ha zK@14+ zGzu|egCRJCNsoWpBAyzSO7~ga$xJ+oEC)~yu>&ML^BdiLsej>8jUWLg0sI1(6?{;D zl^X&cN6&O-c>wCFfFfMw76$~WM~jTFpv>}#%SVy@q>oF5QP3%e4N8<%pqjL&$Y-=@ z(1dbF13;HDFI<>JWm=JX87VmOVYJr0fY!z^dk0V;N9o){7^UEyDi3d?3mf*N2Lb~~ zoSy&P0_$7Z*w~C7VD!RaG`t*+0?4giKr9?WwY+2?A+_+0%7Q8k`1?qk3+;8(W}LO_ zy=Y@rpYr`3*W2(nG4p+uYf0=0$}K!sbnn2C>s^IZ6=LDBwY2(!Zna{y4eV+k#}5pQylRvypOqi47fXWeQ|wV*`;kwY zHv%08sv<{V6s78!Z~BzTWEm9}+PnHWncD-Lt3)JC;QH*DHFUGroGXuO1xT<2#^&k8 z)s=>YyoA+@!9XyL;$HH2aYB^=@!i(&nx2Qq*9E-2pYAWSStk=W`RHlVY!aZzESo_PyQFtPM4VpfpN$!)wv+7OH zp2+4oF=dk&GuF#X8W_l-SFbQQEwrpt2ZJQ<4TzNUs)f`~568NX#{(TsGBe1wU=YP@ zDGn-)?Pz>>FV{dOc3N`Floo$O_%dThb}Ah`ffVWY(XAm%{92w4U>i%Y$U3;svM67h%% z{91?zQxH60J-b#2{+*)RQtbpu)TVR5sT7OvR7tEU!8&ri?H-lMya%KDfV64>6IQkG z2;?n6^LdrcnB>91I^7F^ebv)ZE6cZTEOG()SG>^}B})0`S>z01qVi+YXFo|Gh7fq9 zUm4Utldm69l0?)T0A-3ePtf55?jk*R4xgg#zk1@04yp8hhz--Ob<&aWLAAPKuJiOe~GS;V^Sq zi5WsCMv%IJd34&=9psAA5KBbA`an&LG z*OY&0xXZnGhDzC1Jwfh`gTKVV_FAp)UHXcFGOf^OG?FHnFiUuYSLohw8#>J18t;ai zYhKW=LJr_#YD>d5_!_MRjR%9pijt8=n^iJkYn^XMuyNEOE~jSAF1oBzOnlj`I7q7T zm(VaV&E`jT3YIV>x$--(G*QcU1THZ~eu-A9RJTttsUzUtXdfP1X#0#LFFdJeq&nkHw zWx7J8HW5W3vTj4MG9=;x1b5g&>*RGgJ{ZTOki4bFGf+Ev7{hb}3}y*WHznVQs7`xs zb8?mkblSe&wFrJY>qR1bT}R7GZVcm?0@F4Hf2{7VcMOXvIHiLw$HstvsSsIK?g^P$ zWSPp&)__&M7a4D8Dzc~#$W{ScFU$0`qs60{&RA&UB0sIg6+RQ3k?2-kYlLOGF0GuZ zg#V(DJE{^UwF%}h5tMvw*)nyL0iR|H3@>SQI1&9|hK#2tbY|(TwLI*B`GNq4JbwkM z?>#n9DNqa*gxhUU28}0+ec)-lRO$;%)Vj=Sr{icI12)jBxt{Fun`~QslAbJEdVF+d zZ9HqUBEkM-e7 z!2VUF*>iWp|CZX%553Faio!fHpOI`fw8?1S%-Qfi2jhqN=;N@;S~eTrkNblmsr3DQ)(4|Fe-d~L7H~qn4I{VE2`OwGTKF@qkgl>kb&2hbX zU(_G0GQRcLe0n!z^F@Dw{rmZ0Hkx0L2G~WDw>KV7KSA~xO(-^2pBQhj5u0PGT>onN z(SPx-{}~&-zaK*ep;@mU8%;3XaQJaJSww99F!)ekT%6_6gk3+(AY0Gm;r4`-w4 zbv{y?h27r5+?we$c;~PHtI$Qk{U$Y}}tOs*~W}KQRjpyZUzY z(QRuszaI`pH=_X?4{!TpHXGf3Sj>Cw@4D&!cs|99P2Ao15RUs}e@3Z`Flha8{Gl>< z{RjWw*fYOhuwJ7%n-B4YA6UnZUvEXb=<_Zt-u-O)adbVrX7lNIIR4D8J|ioSZuWXK zAB_8>yWz}h_uq>-CtKB-z3rxtL>@F;-8nPt4fE&ffQD{o7gp{sX(74(G7AlZWwmbn}_|x#f@ zDh`AT!=k1i1G^lf_eLY}t`JHaL~|(@Y3%nb;QFQ~k+qPR`aU3)IQB>4MNg(EdK66l z80pY@=-_8071jXxc*zO{vZIlm*fNuwf4$<5|5m{=@8#G%}Uja*rK3rtv11-XkTc9;$OJR(6J1