From 389a7f3b78d4cc374ac87f77eaef76762a391fd0 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Fri, 23 Jul 2021 12:38:01 +0100 Subject: [PATCH 1/8] WIP - non erroring deployment --- examples/connect/Dockerfile | 6 +++ examples/connect/README.md | 28 +++++++++++ examples/connect/build-inside.sh | 3 ++ .../connect/confluent/control-centre.yaml | 22 +++++++++ .../confluent/custom-kafka-connect.yaml | 32 +++++++++++++ examples/connect/confluent/kafka.yaml | 39 +++++++++++++++ examples/connect/confluent/kustomization.yaml | 11 +++++ examples/connect/confluent/namespace.yaml | 4 ++ .../connect/confluent/schema-registry.yaml | 12 +++++ examples/connect/confluent/zookeeper.yaml | 7 +++ .../adventure-works-sql-server.yaml | 47 +++++++++++++++++++ .../connect/custom-connect/kustomization.yaml | 3 ++ examples/connect/kustomization.yaml | 6 +++ .../connect/operator/clusterrolebinding.yaml | 8 ++++ examples/connect/operator/deployment.yaml | 12 +++++ examples/connect/operator/kustomization.yaml | 6 +++ examples/connect/prod-mssql-connector.json | 42 +++++++++++++++++ examples/connect/topics/foobar-topic.yaml | 15 ++++++ examples/connect/topics/kustomization.yaml | 3 ++ 19 files changed, 306 insertions(+) create mode 100644 examples/connect/Dockerfile create mode 100644 examples/connect/README.md create mode 100755 examples/connect/build-inside.sh create mode 100644 examples/connect/confluent/control-centre.yaml create mode 100644 examples/connect/confluent/custom-kafka-connect.yaml create mode 100644 examples/connect/confluent/kafka.yaml create mode 100644 examples/connect/confluent/kustomization.yaml create mode 100644 examples/connect/confluent/namespace.yaml create mode 100644 examples/connect/confluent/schema-registry.yaml create mode 100644 examples/connect/confluent/zookeeper.yaml create mode 100644 examples/connect/custom-connect/adventure-works-sql-server.yaml create mode 100644 examples/connect/custom-connect/kustomization.yaml create mode 100644 examples/connect/kustomization.yaml create mode 100644 examples/connect/operator/clusterrolebinding.yaml create mode 100644 examples/connect/operator/deployment.yaml create mode 100644 examples/connect/operator/kustomization.yaml create mode 100644 examples/connect/prod-mssql-connector.json create mode 100644 examples/connect/topics/foobar-topic.yaml create mode 100644 examples/connect/topics/kustomization.yaml diff --git a/examples/connect/Dockerfile b/examples/connect/Dockerfile new file mode 100644 index 0000000..eb61267 --- /dev/null +++ b/examples/connect/Dockerfile @@ -0,0 +1,6 @@ +FROM confluentinc/cp-server-connect-operator:6.1.2.1 +USER root +ENV CONNECT_PLUGIN_PATH="/usr/share/java,/usr/share/confluent-hub-components" +RUN confluent-hub install --no-prompt debezium/debezium-connector-sqlserver:1.6.0 +RUN confluent-hub install --no-prompt confluentinc/kafka-connect-jdbc:10.1.1 +USER 1001 \ No newline at end of file diff --git a/examples/connect/README.md b/examples/connect/README.md new file mode 100644 index 0000000..9915dca --- /dev/null +++ b/examples/connect/README.md @@ -0,0 +1,28 @@ +As the README describes, you can reuse the Docker daemon from Minikube with eval $(minikube docker-env). + +So to use an image without uploading it, you can follow these steps: + +Set the environment variables with eval $(minikube docker-env) +Build the image with the Docker daemon of Minikube (eg docker build -t my-image .) +Set the image in the pod spec like the build tag (eg my-image) +Set the imagePullPolicy to Never, otherwise Kubernetes will try to download the image. +Important note: You have to run eval $(minikube docker-env) on each terminal you want to use, since it only sets the environment variables for the current shell session + + + + +/opt/mssql-tools/bin/sqlcmd -S localhost -U sa -P "nbBg8G4DkR83Xs" + +select name from sys.databases +go + + +Deploying a connector: + +curl -X POST -H "Content-Type: application/json" --data @config.json http://localhost:8083/connectors + +Connect REST API Docs: +https://docs.confluent.io/platform/current/connect/references/restapi.html + + +curl -X POST -H "Content-Type: application/json" https://localhost:8083/connectors \ No newline at end of file diff --git a/examples/connect/build-inside.sh b/examples/connect/build-inside.sh new file mode 100755 index 0000000..e2f18e4 --- /dev/null +++ b/examples/connect/build-inside.sh @@ -0,0 +1,3 @@ +#!/bin/bash +eval $(minikube docker-env) +docker build -t sandbox-example-connect . \ No newline at end of file diff --git a/examples/connect/confluent/control-centre.yaml b/examples/connect/confluent/control-centre.yaml new file mode 100644 index 0000000..e41eb03 --- /dev/null +++ b/examples/connect/confluent/control-centre.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ControlCenter +metadata: + name: controlcenter +spec: + tls: + autoGeneratedCerts: true + dependencies: + kafka: + bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 + tls: + enabled: true + connect: + - name: connect + url: https://connect.sandbox.svc.cluster.local:8083 + tls: + enabled: true + schemaRegistry: + url: https://schemaregistry.sandbox.svc.cluster.local:8081 + tls: + enabled: true diff --git a/examples/connect/confluent/custom-kafka-connect.yaml b/examples/connect/confluent/custom-kafka-connect.yaml new file mode 100644 index 0000000..47c00d3 --- /dev/null +++ b/examples/connect/confluent/custom-kafka-connect.yaml @@ -0,0 +1,32 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: Connect +metadata: + name: connect +spec: + replicas: 1 + image: + application: sandbox-example-connect:latest + init: confluentinc/cp-init-container-operator:6.1.2.0 + tls: + autoGeneratedCerts: true + dependencies: + kafka: + bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 + tls: + enabled: true + configOverrides: + server: +# - ssl.endpoint.identification.algorithm= + - group.id=connect-cluster + - config.storage.topic=_confluent-connect-configs + - offset.storage.topic=_confluent-connect-offsets + - status.storage.topic=_confluent-connect-status + - confluent.topic.security.protocol=SASL_SSL + - confluent.topic.sasl.mechanism=OAUTHBEARER +# - confluent.topic.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required metadataServerUrls="https://kafka.sandbox.svc.cluster.local:8090" username="${file:/mnt/secrets/connect/bearer.txt:username}" password="${file:/mnt/secrets/connect/bearer.txt:password}"; + - confluent.topic.sasl.login.callback.handler.class=io.confluent.kafka.clients.plugins.auth.token.TokenUserLoginCallbackHandler + - confluent.topic.ssl.truststore.location=/mnt/sslcerts/truststore.jks + - confluent.topic.ssl.truststore.password=${file:/mnt/sslcerts/jksPassword.txt:jksPassword} +# jvm: +# - -Djavax.net.debug=all + diff --git a/examples/connect/confluent/kafka.yaml b/examples/connect/confluent/kafka.yaml new file mode 100644 index 0000000..1680cb3 --- /dev/null +++ b/examples/connect/confluent/kafka.yaml @@ -0,0 +1,39 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: Kafka +metadata: + name: kafka +spec: + configOverrides: + server: + - confluent.schema.registry.url=https://schemaregistry.sandbox.svc.cluster.local:8081 +# - ssl.endpoint.identification.algorithm= + + # Overwrite the default settings on the INTERNAL listener + - listener.name.internal.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER + - listener.name.internal.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required; + - listener.name.internal.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler + - listener.name.internal.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/kafka/mdsPublicKey.pem"; + - listener.name.internal.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler + - listener.name.internal.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler + + # Overwrite the default settings on the EXTERNAL listener + - listener.name.external.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER + - listener.name.external.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required; + - listener.name.external.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler + - listener.name.external.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/kafka/mdsPublicKey.pem"; + - listener.name.external.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler + - listener.name.external.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler + tls: + autoGeneratedCerts: true + listeners: + internal: + tls: + enabled: true + external: + tls: + enabled: true + dependencies: + zookeeper: + endpoint: zookeeper.sandbox.svc.cluster.local:2182 + tls: + enabled: true diff --git a/examples/connect/confluent/kustomization.yaml b/examples/connect/confluent/kustomization.yaml new file mode 100644 index 0000000..c4c6f8d --- /dev/null +++ b/examples/connect/confluent/kustomization.yaml @@ -0,0 +1,11 @@ +namespace: sandbox +resources: +- ./namespace.yaml +- ../../../kustomize/base/confluent +- ../../../kustomize/base/secrets-tls +patchesStrategicMerge: + - custom-kafka-connect.yaml + - zookeeper.yaml + - kafka.yaml + - control-centre.yaml + - schema-registry.yaml \ No newline at end of file diff --git a/examples/connect/confluent/namespace.yaml b/examples/connect/confluent/namespace.yaml new file mode 100644 index 0000000..6b30586 --- /dev/null +++ b/examples/connect/confluent/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: sandbox diff --git a/examples/connect/confluent/schema-registry.yaml b/examples/connect/confluent/schema-registry.yaml new file mode 100644 index 0000000..f98f5b6 --- /dev/null +++ b/examples/connect/confluent/schema-registry.yaml @@ -0,0 +1,12 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: SchemaRegistry +metadata: + name: schemaregistry +spec: + tls: + autoGeneratedCerts: true + dependencies: + kafka: + bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 + tls: + enabled: true diff --git a/examples/connect/confluent/zookeeper.yaml b/examples/connect/confluent/zookeeper.yaml new file mode 100644 index 0000000..fbf0fb4 --- /dev/null +++ b/examples/connect/confluent/zookeeper.yaml @@ -0,0 +1,7 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: Zookeeper +metadata: + name: zookeeper +spec: + tls: + autoGeneratedCerts: true \ No newline at end of file diff --git a/examples/connect/custom-connect/adventure-works-sql-server.yaml b/examples/connect/custom-connect/adventure-works-sql-server.yaml new file mode 100644 index 0000000..a11214c --- /dev/null +++ b/examples/connect/custom-connect/adventure-works-sql-server.yaml @@ -0,0 +1,47 @@ +apiVersion: v1 +kind: Pod +metadata: + name: adventure-works-sql-server + namespace: sandbox + labels: + role: sql-server + app: sql-server +spec: + containers: + - name: adventure-works-sql-server +# args: +# - --copy-service +# - --loglevel=debug + image: chriseaton/adventureworks:light + ports: + - name: sql + containerPort: 1433 +# livenessProbe: +# tcpSocket: +# port: 389 +# initialDelaySeconds: 15 +# periodSeconds: 20 + env: + - name: ACCEPT_EULA + value: "Y" + - name: SA_PASSWORD + value: "nbBg8G4DkR83Xs" + restartPolicy: Always +--- +apiVersion: v1 +kind: Service +metadata: + name: sql-server + labels: + app: sql-server + namespace: sandbox +spec: + ports: + - port: 1433 + name: sql + clusterIP: None + selector: + app: sql-server + + + diff --git a/examples/connect/custom-connect/kustomization.yaml b/examples/connect/custom-connect/kustomization.yaml new file mode 100644 index 0000000..41def4a --- /dev/null +++ b/examples/connect/custom-connect/kustomization.yaml @@ -0,0 +1,3 @@ +namespace: sandbox +resources: +- adventure-works-sql-server.yaml \ No newline at end of file diff --git a/examples/connect/kustomization.yaml b/examples/connect/kustomization.yaml new file mode 100644 index 0000000..4411db9 --- /dev/null +++ b/examples/connect/kustomization.yaml @@ -0,0 +1,6 @@ +namespace: sandbox +resources: + - confluent + - operator + - custom-connect + - topics diff --git a/examples/connect/operator/clusterrolebinding.yaml b/examples/connect/operator/clusterrolebinding.yaml new file mode 100644 index 0000000..08c3483 --- /dev/null +++ b/examples/connect/operator/clusterrolebinding.yaml @@ -0,0 +1,8 @@ +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: confluent-operator +subjects: +- kind: ServiceAccount + name: confluent-for-kubernetes + namespace: sandbox diff --git a/examples/connect/operator/deployment.yaml b/examples/connect/operator/deployment.yaml new file mode 100644 index 0000000..71998eb --- /dev/null +++ b/examples/connect/operator/deployment.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: confluent-operator +spec: + template: + spec: + containers: + - args: + - --debug=false + - --namespaces=sandbox + name: confluent-operator diff --git a/examples/connect/operator/kustomization.yaml b/examples/connect/operator/kustomization.yaml new file mode 100644 index 0000000..c3fa8fe --- /dev/null +++ b/examples/connect/operator/kustomization.yaml @@ -0,0 +1,6 @@ +namespace: sandbox +resources: +- ../../../kustomize/base/operator +patchesStrategicMerge: + - clusterrolebinding.yaml + - deployment.yaml \ No newline at end of file diff --git a/examples/connect/prod-mssql-connector.json b/examples/connect/prod-mssql-connector.json new file mode 100644 index 0000000..d9ba59f --- /dev/null +++ b/examples/connect/prod-mssql-connector.json @@ -0,0 +1,42 @@ +{ + "name": "prod-mssql-connector", + "config": { + "connector.class": "io.debezium.connector.sqlserver.SqlServerConnector", + + "database.hostname": "sql-server.sandbox.svc.cluster.local", + "database.port": "1433", + + "database.user": "sa", + "database.password": "nbBg8G4DkR83Xs", + + "database.dbname": "AdventureWorks", + "database.server.name": "sandbox-custom", + + "database.history.kafka.bootstrap.servers": "kafka.sandbox.svc.cluster.local:9071", + "database.history.kafka.topic": "adventureworks-connect-history", + "database.history.kafka.security.protocol": "SASL_SSL", + "database.history.kafka.ssl.truststore.location": "/mnt/secrets/sslcerts/truststore.jks", + "database.history.kafka.truststore.password": "mystorepassword", + "database.history.kafka.sasl.mechanism": "PLAIN", + + "database.history.producer.bootstrap.servers": "kafka.sandbox.svc.cluster.local:9071", + "database.history.producer.security.protocol": "SASL_SSL", + "database.history.producer.ssl.truststore.location": "/mnt/secrets/sslcerts/truststore.jks", + "database.history.producer.ssl.truststore.password": "mystorepassword", + "database.history.producer.sasl.jaas.config": "org.apache.kafka.common.security.scram.ScramLoginModule required username=\"\" password=\"\";", + "database.history.producer.sasl.mechanism": "PLAIN", + "database.history.consumer.bootstrap.servers": "kafka.sandbox.svc.cluster.local:9071", + "database.history.consumer.security.protocol": "SASL_SSL", + "database.history.consumer.ssl.truststore.location": "/mnt/secrets/sslcerts/truststore.jks", + "database.history.consumer.ssl.truststore.password": "mystorepassword", + "database.history.consumer.sasl.mechanism": "PLAIN", + + "decimal.handling.mode": "double", + "time.precision.mode": "connect", + "database.history.skip.unparseable.ddl": false, + "database.history.store.only.monitored.tables.ddl": false, + "table.include.list": ["Address", "Person"], + "table.ignore.builtin": false, + "include.schema.changes": true + } +} diff --git a/examples/connect/topics/foobar-topic.yaml b/examples/connect/topics/foobar-topic.yaml new file mode 100644 index 0000000..0aeb130 --- /dev/null +++ b/examples/connect/topics/foobar-topic.yaml @@ -0,0 +1,15 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaTopic +metadata: + name: adventureworks-connect +spec: + replicas: 1 + partitionCount: 6 +--- +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaTopic +metadata: + name: adventureworks-connect-history +spec: + replicas: 1 + partitionCount: 6 diff --git a/examples/connect/topics/kustomization.yaml b/examples/connect/topics/kustomization.yaml new file mode 100644 index 0000000..c14f854 --- /dev/null +++ b/examples/connect/topics/kustomization.yaml @@ -0,0 +1,3 @@ +namespace: sandbox +resources: + - foobar-topic.yaml \ No newline at end of file From dec9d3290dcf1feeaade7042e1e5cd53bccd356f Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Mon, 26 Jul 2021 09:14:57 +0100 Subject: [PATCH 2/8] pushing wip connect example --- examples/connect/README.md | 39 ++++++++++++++++++- examples/connect/cdc.sh | 29 ++++++++++++++ .../confluent/custom-kafka-connect.yaml | 9 ++--- examples/connect/confluent/kafka.yaml | 1 + .../adventure-works-sql-server.yaml | 16 +++----- examples/connect/prod-mssql-connector.json | 19 +++++---- examples/connect/topics/foobar-topic.yaml | 12 +++++- 7 files changed, 99 insertions(+), 26 deletions(-) create mode 100755 examples/connect/cdc.sh diff --git a/examples/connect/README.md b/examples/connect/README.md index 9915dca..f42e2c5 100644 --- a/examples/connect/README.md +++ b/examples/connect/README.md @@ -16,6 +16,11 @@ Important note: You have to run eval $(minikube docker-env) on each terminal you select name from sys.databases go +/opt/mssql-tools/bin/sqlcmd -S localhost -U sa -P "nbBg8G4DkR83Xs" +USE AdventureWorks +GO +EXEC sys.sp_cdc_enable_db +GO Deploying a connector: @@ -25,4 +30,36 @@ Connect REST API Docs: https://docs.confluent.io/platform/current/connect/references/restapi.html -curl -X POST -H "Content-Type: application/json" https://localhost:8083/connectors \ No newline at end of file +curl -X POST -H "Content-Type: application/json" https://localhost:8083/connectors + + +https://debezium.io/documentation/reference/1.0/connectors/sqlserver.html + + +-- ==== +-- Enable Database for CDC template +-- ==== +USE MyDB +GO +EXEC sys.sp_cdc_enable_db +GO + +-- ========= +-- Enable a Table Specifying Filegroup Option Template +-- ========= +USE MyDB +GO + +EXEC sys.sp_cdc_enable_table +@source_schema = N'dbo', +@source_name = N'Person', +@role_name = N'MyRole', +@filegroup_name = N'MyDB_CT', +@supports_net_changes = 0 +GO + +sqlcmd -S myServer\instanceName -i C:\myScript.sql + + + + diff --git a/examples/connect/cdc.sh b/examples/connect/cdc.sh new file mode 100755 index 0000000..c75c1d8 --- /dev/null +++ b/examples/connect/cdc.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +kubectl create ns sandbox +kubectl config set-context --current --namespace=sandbox + +kubectl exec -it sql-server -- \ +tee -a /tmp/person.sql > /dev/null <\" password=\"\";", "database.history.producer.sasl.mechanism": "PLAIN", + "database.history.consumer.bootstrap.servers": "kafka.sandbox.svc.cluster.local:9071", - "database.history.consumer.security.protocol": "SASL_SSL", - "database.history.consumer.ssl.truststore.location": "/mnt/secrets/sslcerts/truststore.jks", + "database.history.consumer.security.protocol": "SSL", + "database.history.consumer.ssl.keystore.location": "/mnt/sslcerts/keystore.jks", + "database.history.consumer.ssl.keystore.password": "mystorepassword", + "database.history.consumer.ssl.truststore.location": "/mnt/sslcerts/truststore.jks", "database.history.consumer.ssl.truststore.password": "mystorepassword", "database.history.consumer.sasl.mechanism": "PLAIN", @@ -35,7 +40,7 @@ "time.precision.mode": "connect", "database.history.skip.unparseable.ddl": false, "database.history.store.only.monitored.tables.ddl": false, - "table.include.list": ["Address", "Person"], + "table.include.list": ["person.person"], "table.ignore.builtin": false, "include.schema.changes": true } diff --git a/examples/connect/topics/foobar-topic.yaml b/examples/connect/topics/foobar-topic.yaml index 0aeb130..40eb720 100644 --- a/examples/connect/topics/foobar-topic.yaml +++ b/examples/connect/topics/foobar-topic.yaml @@ -4,7 +4,15 @@ metadata: name: adventureworks-connect spec: replicas: 1 - partitionCount: 6 + partitionCount: 2 +--- +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaTopic +metadata: + name: adventureworks-connect.person.person +spec: + replicas: 1 + partitionCount: 2 --- apiVersion: platform.confluent.io/v1beta1 kind: KafkaTopic @@ -12,4 +20,4 @@ metadata: name: adventureworks-connect-history spec: replicas: 1 - partitionCount: 6 + partitionCount: 2 From 2576fa006368e6a95a0b1bad5aa07b059f784089 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Fri, 13 Aug 2021 11:44:34 +0100 Subject: [PATCH 3/8] WIP of cleanup --- .gitignore | 3 +- .../Dockerfile | 0 .../README.md | 0 .../build-inside.sh | 0 .../confluent/gcs-connect.yaml | 0 .../confluent/kafka.yaml | 0 .../confluent/kustomization.yaml | 0 .../confluent/namespace.yaml | 0 .../confluent/rest-class.yaml | 0 .../confluent/source-topic.yaml | 0 .../confluent/zookeeper.yaml | 0 .../gcs-sink.json | 0 .../kustomization.yaml | 0 .../operator/deployment.yaml | 0 .../operator/kustomization.yaml | 0 .../rolebindings/connect/connect-base.yaml | 0 .../rolebindings/connect/connect-topics.yaml | 0 .../rolebindings/connect/gcs-connect-rb.yaml | 0 .../rolebindings/connect/kustomization.yaml | 0 .../controlcenter-testadmin-rolebindings.yaml | 0 .../rolebindings/kustomization.yaml | 0 .../confluent/control-centre.yaml | 29 --- .../confluent/kafka-connect.yaml | 16 -- examples/openshift-basic/confluent/kafka.yaml | 31 ---- .../openshift-basic/confluent/ksqldb.yaml | 15 -- .../confluent/kustomization.yaml | 11 -- .../confluent/schema-registry.yaml | 14 -- .../openshift-basic/confluent/zookeeper.yaml | 17 -- examples/openshift-basic/kustomization.yaml | 5 - examples/openshift-basic/namespace.yaml | 4 - .../operator/clusterrolebinding.yaml | 8 - .../openshift-basic/operator/deployment.yaml | 17 -- .../operator/kustomization.yaml | 6 - .../openshift-basic/topics/foobar-topic.yaml | 14 -- .../openshift-basic/topics/kustomization.yaml | 5 - examples/rbac/confluent/kustomization.yaml | 1 + examples/rbac/confluent/ldap.yaml | 171 ++++++++++++++++++ examples/rbac/kustomization.yaml | 1 - examples/replicator/README.md | 9 +- examples/replicator/destination/kafka.yaml | 2 +- .../replicator/destination/kustomization.yaml | 2 + examples/replicator/kustomization.yaml | 2 + .../replicator/operator/kustomization.yaml | 2 + examples/replicator/source/kafka.yaml | 2 +- examples/replicator/source/kustomization.yaml | 8 +- .../{rbac => replicator/source}/ldap.yaml | 3 - examples/tls-certificate-rotation/README.md | 15 -- .../generate_certificate.sh | 27 --- .../kustomization.yaml | 4 - .../tls-certificate-rotation/namespace.yaml | 4 - .../replace_certificate.sh | 26 --- examples/tls-certificate-rotation/start.sh | 13 -- examples/tls-certificate-rotation/stop.sh | 5 - examples/vault-key-value/kustomization.yaml | 1 - .../vault-key-value/topics/foobar-topic.yaml | 16 -- .../vault-key-value/topics/kustomization.yaml | 5 - .../base/secrets-tls/ca-pair-sslcerts.yaml | 4 +- kustomize/base/secrets-tls/tls-group1.yaml | 6 +- .../certificates/base-server-domain.json | 7 +- .../certificates/generate_certificate.sh | 3 +- resources/certificates/replace_certificate.sh | 26 --- .../replicator-server-domiains.json | 24 --- 62 files changed, 205 insertions(+), 379 deletions(-) rename examples/{custom-connect => custom-connect-gcs}/Dockerfile (100%) rename examples/{custom-connect => custom-connect-gcs}/README.md (100%) rename examples/{custom-connect => custom-connect-gcs}/build-inside.sh (100%) rename examples/{custom-connect => custom-connect-gcs}/confluent/gcs-connect.yaml (100%) rename examples/{custom-connect => custom-connect-gcs}/confluent/kafka.yaml (100%) rename examples/{custom-connect => custom-connect-gcs}/confluent/kustomization.yaml (100%) rename examples/{custom-connect => custom-connect-gcs}/confluent/namespace.yaml (100%) rename examples/{custom-connect => custom-connect-gcs}/confluent/rest-class.yaml (100%) rename examples/{custom-connect => custom-connect-gcs}/confluent/source-topic.yaml (100%) rename examples/{custom-connect => custom-connect-gcs}/confluent/zookeeper.yaml (100%) rename examples/{custom-connect => custom-connect-gcs}/gcs-sink.json (100%) rename examples/{custom-connect => custom-connect-gcs}/kustomization.yaml (100%) rename examples/{custom-connect => custom-connect-gcs}/operator/deployment.yaml (100%) rename examples/{custom-connect => custom-connect-gcs}/operator/kustomization.yaml (100%) rename examples/{custom-connect => custom-connect-gcs}/rolebindings/connect/connect-base.yaml (100%) rename examples/{custom-connect => custom-connect-gcs}/rolebindings/connect/connect-topics.yaml (100%) rename examples/{custom-connect => custom-connect-gcs}/rolebindings/connect/gcs-connect-rb.yaml (100%) rename examples/{custom-connect => custom-connect-gcs}/rolebindings/connect/kustomization.yaml (100%) rename examples/{custom-connect => custom-connect-gcs}/rolebindings/controlcenter-testadmin-rolebindings.yaml (100%) rename examples/{custom-connect => custom-connect-gcs}/rolebindings/kustomization.yaml (100%) delete mode 100644 examples/openshift-basic/confluent/control-centre.yaml delete mode 100644 examples/openshift-basic/confluent/kafka-connect.yaml delete mode 100644 examples/openshift-basic/confluent/kafka.yaml delete mode 100644 examples/openshift-basic/confluent/ksqldb.yaml delete mode 100644 examples/openshift-basic/confluent/kustomization.yaml delete mode 100644 examples/openshift-basic/confluent/schema-registry.yaml delete mode 100644 examples/openshift-basic/confluent/zookeeper.yaml delete mode 100644 examples/openshift-basic/kustomization.yaml delete mode 100644 examples/openshift-basic/namespace.yaml delete mode 100644 examples/openshift-basic/operator/clusterrolebinding.yaml delete mode 100644 examples/openshift-basic/operator/deployment.yaml delete mode 100644 examples/openshift-basic/operator/kustomization.yaml delete mode 100644 examples/openshift-basic/topics/foobar-topic.yaml delete mode 100644 examples/openshift-basic/topics/kustomization.yaml create mode 100644 examples/rbac/confluent/ldap.yaml rename examples/{rbac => replicator/source}/ldap.yaml (98%) delete mode 100644 examples/tls-certificate-rotation/README.md delete mode 100644 examples/tls-certificate-rotation/generate_certificate.sh delete mode 100644 examples/tls-certificate-rotation/kustomization.yaml delete mode 100644 examples/tls-certificate-rotation/namespace.yaml delete mode 100644 examples/tls-certificate-rotation/replace_certificate.sh delete mode 100755 examples/tls-certificate-rotation/start.sh delete mode 100755 examples/tls-certificate-rotation/stop.sh delete mode 100644 examples/vault-key-value/topics/foobar-topic.yaml delete mode 100644 examples/vault-key-value/topics/kustomization.yaml delete mode 100755 resources/certificates/replace_certificate.sh delete mode 100644 resources/certificates/replicator-server-domiains.json diff --git a/.gitignore b/.gitignore index 690a580..b877456 100644 --- a/.gitignore +++ b/.gitignore @@ -7,4 +7,5 @@ ca.pem intermediate.cert.pem pki_intermediate.csr pki-ca-root.json -cert_key_list \ No newline at end of file +cert_key_list +nohup.out diff --git a/examples/custom-connect/Dockerfile b/examples/custom-connect-gcs/Dockerfile similarity index 100% rename from examples/custom-connect/Dockerfile rename to examples/custom-connect-gcs/Dockerfile diff --git a/examples/custom-connect/README.md b/examples/custom-connect-gcs/README.md similarity index 100% rename from examples/custom-connect/README.md rename to examples/custom-connect-gcs/README.md diff --git a/examples/custom-connect/build-inside.sh b/examples/custom-connect-gcs/build-inside.sh similarity index 100% rename from examples/custom-connect/build-inside.sh rename to examples/custom-connect-gcs/build-inside.sh diff --git a/examples/custom-connect/confluent/gcs-connect.yaml b/examples/custom-connect-gcs/confluent/gcs-connect.yaml similarity index 100% rename from examples/custom-connect/confluent/gcs-connect.yaml rename to examples/custom-connect-gcs/confluent/gcs-connect.yaml diff --git a/examples/custom-connect/confluent/kafka.yaml b/examples/custom-connect-gcs/confluent/kafka.yaml similarity index 100% rename from examples/custom-connect/confluent/kafka.yaml rename to examples/custom-connect-gcs/confluent/kafka.yaml diff --git a/examples/custom-connect/confluent/kustomization.yaml b/examples/custom-connect-gcs/confluent/kustomization.yaml similarity index 100% rename from examples/custom-connect/confluent/kustomization.yaml rename to examples/custom-connect-gcs/confluent/kustomization.yaml diff --git a/examples/custom-connect/confluent/namespace.yaml b/examples/custom-connect-gcs/confluent/namespace.yaml similarity index 100% rename from examples/custom-connect/confluent/namespace.yaml rename to examples/custom-connect-gcs/confluent/namespace.yaml diff --git a/examples/custom-connect/confluent/rest-class.yaml b/examples/custom-connect-gcs/confluent/rest-class.yaml similarity index 100% rename from examples/custom-connect/confluent/rest-class.yaml rename to examples/custom-connect-gcs/confluent/rest-class.yaml diff --git a/examples/custom-connect/confluent/source-topic.yaml b/examples/custom-connect-gcs/confluent/source-topic.yaml similarity index 100% rename from examples/custom-connect/confluent/source-topic.yaml rename to examples/custom-connect-gcs/confluent/source-topic.yaml diff --git a/examples/custom-connect/confluent/zookeeper.yaml b/examples/custom-connect-gcs/confluent/zookeeper.yaml similarity index 100% rename from examples/custom-connect/confluent/zookeeper.yaml rename to examples/custom-connect-gcs/confluent/zookeeper.yaml diff --git a/examples/custom-connect/gcs-sink.json b/examples/custom-connect-gcs/gcs-sink.json similarity index 100% rename from examples/custom-connect/gcs-sink.json rename to examples/custom-connect-gcs/gcs-sink.json diff --git a/examples/custom-connect/kustomization.yaml b/examples/custom-connect-gcs/kustomization.yaml similarity index 100% rename from examples/custom-connect/kustomization.yaml rename to examples/custom-connect-gcs/kustomization.yaml diff --git a/examples/custom-connect/operator/deployment.yaml b/examples/custom-connect-gcs/operator/deployment.yaml similarity index 100% rename from examples/custom-connect/operator/deployment.yaml rename to examples/custom-connect-gcs/operator/deployment.yaml diff --git a/examples/custom-connect/operator/kustomization.yaml b/examples/custom-connect-gcs/operator/kustomization.yaml similarity index 100% rename from examples/custom-connect/operator/kustomization.yaml rename to examples/custom-connect-gcs/operator/kustomization.yaml diff --git a/examples/custom-connect/rolebindings/connect/connect-base.yaml b/examples/custom-connect-gcs/rolebindings/connect/connect-base.yaml similarity index 100% rename from examples/custom-connect/rolebindings/connect/connect-base.yaml rename to examples/custom-connect-gcs/rolebindings/connect/connect-base.yaml diff --git a/examples/custom-connect/rolebindings/connect/connect-topics.yaml b/examples/custom-connect-gcs/rolebindings/connect/connect-topics.yaml similarity index 100% rename from examples/custom-connect/rolebindings/connect/connect-topics.yaml rename to examples/custom-connect-gcs/rolebindings/connect/connect-topics.yaml diff --git a/examples/custom-connect/rolebindings/connect/gcs-connect-rb.yaml b/examples/custom-connect-gcs/rolebindings/connect/gcs-connect-rb.yaml similarity index 100% rename from examples/custom-connect/rolebindings/connect/gcs-connect-rb.yaml rename to examples/custom-connect-gcs/rolebindings/connect/gcs-connect-rb.yaml diff --git a/examples/custom-connect/rolebindings/connect/kustomization.yaml b/examples/custom-connect-gcs/rolebindings/connect/kustomization.yaml similarity index 100% rename from examples/custom-connect/rolebindings/connect/kustomization.yaml rename to examples/custom-connect-gcs/rolebindings/connect/kustomization.yaml diff --git a/examples/custom-connect/rolebindings/controlcenter-testadmin-rolebindings.yaml b/examples/custom-connect-gcs/rolebindings/controlcenter-testadmin-rolebindings.yaml similarity index 100% rename from examples/custom-connect/rolebindings/controlcenter-testadmin-rolebindings.yaml rename to examples/custom-connect-gcs/rolebindings/controlcenter-testadmin-rolebindings.yaml diff --git a/examples/custom-connect/rolebindings/kustomization.yaml b/examples/custom-connect-gcs/rolebindings/kustomization.yaml similarity index 100% rename from examples/custom-connect/rolebindings/kustomization.yaml rename to examples/custom-connect-gcs/rolebindings/kustomization.yaml diff --git a/examples/openshift-basic/confluent/control-centre.yaml b/examples/openshift-basic/confluent/control-centre.yaml deleted file mode 100644 index b3bc192..0000000 --- a/examples/openshift-basic/confluent/control-centre.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ControlCenter -metadata: - name: controlcenter -spec: - podTemplate: - podSecurityContext: {} - tls: - autoGeneratedCerts: true - dependencies: - kafka: - bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 - tls: - enabled: true - connect: - - name: connect - url: https://connect.sandbox.svc.cluster.local:8083 - tls: - enabled: true - ksqldb: - - name: ksqldb - url: https://ksqldb.sandbox.svc.cluster.local:8088 - tls: - enabled: true - schemaRegistry: - url: https://schemaregistry.sandbox.svc.cluster.local:8081 - tls: - enabled: true diff --git a/examples/openshift-basic/confluent/kafka-connect.yaml b/examples/openshift-basic/confluent/kafka-connect.yaml deleted file mode 100644 index f6df646..0000000 --- a/examples/openshift-basic/confluent/kafka-connect.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: Connect -metadata: - name: connect -spec: - podTemplate: - podSecurityContext: {} - tls: - secretRef: tls-group1 - dependencies: - kafka: - bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 - tls: - enabled: true - diff --git a/examples/openshift-basic/confluent/kafka.yaml b/examples/openshift-basic/confluent/kafka.yaml deleted file mode 100644 index 98cc429..0000000 --- a/examples/openshift-basic/confluent/kafka.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: Kafka -metadata: - name: kafka -spec: - podTemplate: - podSecurityContext: {} - resources: - requests: - memory: 256Mi - cpu: 100m - limits: - memory: 1Gi - cpu: 500m - configOverrides: - server: - - confluent.schema.registry.url=https://schemaregistry.sandbox.svc.cluster.local:8081 - tls: - autoGeneratedCerts: true - listeners: - internal: - tls: - enabled: true - external: - tls: - enabled: true - dependencies: - zookeeper: - endpoint: zookeeper.sandbox.svc.cluster.local:2182 - tls: - enabled: true diff --git a/examples/openshift-basic/confluent/ksqldb.yaml b/examples/openshift-basic/confluent/ksqldb.yaml deleted file mode 100644 index 8b222ac..0000000 --- a/examples/openshift-basic/confluent/ksqldb.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: KsqlDB -metadata: - name: ksqldb -spec: - podTemplate: - podSecurityContext: {} - tls: - autoGeneratedCerts: true - dependencies: - kafka: - bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 - tls: - enabled: true diff --git a/examples/openshift-basic/confluent/kustomization.yaml b/examples/openshift-basic/confluent/kustomization.yaml deleted file mode 100644 index 140eb58..0000000 --- a/examples/openshift-basic/confluent/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -namespace: sandbox -resources: -- ../../../kustomize/base/confluent -- ../../../kustomize/base/secrets-tls -patchesStrategicMerge: - - zookeeper.yaml - - kafka.yaml - - control-centre.yaml - - kafka-connect.yaml - - ksqldb.yaml - - schema-registry.yaml \ No newline at end of file diff --git a/examples/openshift-basic/confluent/schema-registry.yaml b/examples/openshift-basic/confluent/schema-registry.yaml deleted file mode 100644 index e4d8c43..0000000 --- a/examples/openshift-basic/confluent/schema-registry.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: SchemaRegistry -metadata: - name: schemaregistry -spec: - podTemplate: - podSecurityContext: {} - tls: - autoGeneratedCerts: true - dependencies: - kafka: - bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 - tls: - enabled: true diff --git a/examples/openshift-basic/confluent/zookeeper.yaml b/examples/openshift-basic/confluent/zookeeper.yaml deleted file mode 100644 index c2e065e..0000000 --- a/examples/openshift-basic/confluent/zookeeper.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: Zookeeper -metadata: - name: zookeeper -spec: - replicas: 3 - podTemplate: - podSecurityContext: {} - resources: - requests: - memory: 256Mi - cpu: 100m - limits: - memory: 1Gi - cpu: 500m - tls: - autoGeneratedCerts: true diff --git a/examples/openshift-basic/kustomization.yaml b/examples/openshift-basic/kustomization.yaml deleted file mode 100644 index 7c29aea..0000000 --- a/examples/openshift-basic/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -namespace: sandbox -resources: - - namespace.yaml - - confluent - - operator diff --git a/examples/openshift-basic/namespace.yaml b/examples/openshift-basic/namespace.yaml deleted file mode 100644 index 6b30586..0000000 --- a/examples/openshift-basic/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: sandbox diff --git a/examples/openshift-basic/operator/clusterrolebinding.yaml b/examples/openshift-basic/operator/clusterrolebinding.yaml deleted file mode 100644 index 08c3483..0000000 --- a/examples/openshift-basic/operator/clusterrolebinding.yaml +++ /dev/null @@ -1,8 +0,0 @@ -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: confluent-operator -subjects: -- kind: ServiceAccount - name: confluent-for-kubernetes - namespace: sandbox diff --git a/examples/openshift-basic/operator/deployment.yaml b/examples/openshift-basic/operator/deployment.yaml deleted file mode 100644 index 219b035..0000000 --- a/examples/openshift-basic/operator/deployment.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: confluent-operator -spec: - template: - spec: - containers: - - args: - - --debug=false - - --namespaces=sandbox - name: confluent-operator - image: public.ecr.aws/h0s0v2g0/confluennt-operator-mccullya:latest - securityContext: - fsGroup: 1000610000 - runAsNonRoot: true - runAsUser: 1000610000 diff --git a/examples/openshift-basic/operator/kustomization.yaml b/examples/openshift-basic/operator/kustomization.yaml deleted file mode 100644 index c3fa8fe..0000000 --- a/examples/openshift-basic/operator/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -namespace: sandbox -resources: -- ../../../kustomize/base/operator -patchesStrategicMerge: - - clusterrolebinding.yaml - - deployment.yaml \ No newline at end of file diff --git a/examples/openshift-basic/topics/foobar-topic.yaml b/examples/openshift-basic/topics/foobar-topic.yaml deleted file mode 100644 index 41d76e8..0000000 --- a/examples/openshift-basic/topics/foobar-topic.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: KafkaTopic -metadata: - name: foobar -spec: - kafkaClusterRef: - name: kafka - namespace: sandbox - kafkaRest: - authentication: - type: basic - endpoint: https://kafka.sandbox.svc.cluster.local:8090 - configs: - confluent.key.schema.validation: "true" diff --git a/examples/openshift-basic/topics/kustomization.yaml b/examples/openshift-basic/topics/kustomization.yaml deleted file mode 100644 index 45f0bca..0000000 --- a/examples/openshift-basic/topics/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -namespace: sandbox -resources: - - ../../../kustomize/base/topics -patchesStrategicMerge: - - foobar-topic.yaml \ No newline at end of file diff --git a/examples/rbac/confluent/kustomization.yaml b/examples/rbac/confluent/kustomization.yaml index 94b2f6e..55810fc 100644 --- a/examples/rbac/confluent/kustomization.yaml +++ b/examples/rbac/confluent/kustomization.yaml @@ -1,5 +1,6 @@ namespace: sandbox resources: +- ldap.yaml - ../../../kustomize/base/confluent - ../../../kustomize/base/secrets-tls - ../../../kustomize/base/secrets-user diff --git a/examples/rbac/confluent/ldap.yaml b/examples/rbac/confluent/ldap.yaml new file mode 100644 index 0000000..8110e93 --- /dev/null +++ b/examples/rbac/confluent/ldap.yaml @@ -0,0 +1,171 @@ +apiVersion: v1 +kind: Pod +metadata: + name: ldap + labels: + role: ldap + app: ldap +spec: + containers: + - name: ldap + args: + - --copy-service + - --loglevel=debug + image: osixia/openldap:1.3.0 + ports: + - name: ldap + containerPort: 389 + - name: ldaps + containerPort: 636 + livenessProbe: + tcpSocket: + port: 389 + initialDelaySeconds: 15 + periodSeconds: 20 + env: + - name: LDAP_ORGANISATION + value: "Test Inc." + - name: LDAP_DOMAIN + value: "test.com" + - name: LDAP_ADMIN_PASSWORD + value: "confluentrox" + - name: LDAP_CONFIG_PASSWORD + value: "confluentconfigrox" + - name: LDAP_READONLY_USER + value: "True" + - name: LDAP_READONLY_USER_USERNAME + value: "mds" + - name: LDAP_READONLY_USER_PASSWORD + value: "Developer!" + - name: LDAP_TLS + value: "False" + volumeMounts: + - mountPath: /container/service/slapd/assets/config/bootstrap/ldif/custom + name: customldif + - mountPath: /var/lib/ldap + name: ldap-data + - mountPath: /etc/ldap/slapd.d + name: ldap-config + volumes: + - name: customldif + configMap: + defaultMode: 420 + name: ldap-ldifs + - name: ldap-data + emptyDir: {} + - name: ldap-config + emptyDir: {} + restartPolicy: Always +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: ldap-ldifs +data: + 0_groups.ldif: |- + dn: ou=groups,dc=test,dc=com + objectClass: organizationalUnit + objectClass: top + ou: groups + 0_users.ldif: |- + dn: ou=users,dc=test,dc=com + objectClass: organizationalUnit + objectClass: top + ou: users + 1_emmy.ldif: |- + dn: cn=emmy,ou=users,dc=test,dc=com + userPassword: emmy-secret + objectClass: simpleSecurityObject + objectClass: organizationalRole + description: Interested in action and conservation. If you like it, you should put a Noetherian Ring on it. + cn: emmy + 1_alice.ldif: |- + dn: cn=alice,ou=users,dc=test,dc=com + userPassword: alice-secret + objectClass: simpleSecurityObject + objectClass: organizationalRole + description: Alice is great at changing perspectives, but sometimes chases down rabbit holes + cn: alice + 1_developers.ldif: |- + dn: cn=developers,ou=groups,dc=test,dc=com + objectClass: top + objectClass: groupOfNames + description: A group of software developers and the apps they are responsible for + cn: developers + member: cn=emmy,ou=users,dc=test,dc=com + member: cn=alice,ou=users,dc=test,dc=com + 1_kafka.ldif: |- + dn: cn=kafka,ou=users,dc=test,dc=com + userPassword: kafka-secret + description: kafka user + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: kafka + 1_erp.ldif: |- + dn: cn=erp,ou=users,dc=test,dc=com + userPassword: erp-secret + description: erp user + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: erp + 1_sr.ldif: |- + dn: cn=sr,ou=users,dc=test,dc=com + userPassword: sr-secret + description: schema registry user + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: sr + 1_c3.ldif: |- + dn: cn=c3,ou=users,dc=test,dc=com + userPassword: c3-secret + description: control center user + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: c3 + 1_ksql.ldif: |- + dn: cn=ksql,ou=users,dc=test,dc=com + userPassword: ksql-secret + description: ksql user + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: ksql + 1_connect.ldif: |- + dn: cn=connect,ou=users,dc=test,dc=com + userPassword: connect-secret + description: connect user + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: connect + 1_replicator.ldif: |- + dn: cn=replicator,ou=users,dc=test,dc=com + userPassword: replicator-secret + description: replicator user + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: replicator + 1_c3-test.ldif: |- + dn: cn=testadmin,ou=users,dc=test,dc=com + userPassword: testadmin + description: testadmin user + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: testadmin +--- +apiVersion: v1 +kind: Service +metadata: + name: ldap + labels: + app: ldap +spec: + ports: + - port: 389 + name: ldap + - port: 636 + name: ldaps + clusterIP: None + selector: + app: ldap + + + diff --git a/examples/rbac/kustomization.yaml b/examples/rbac/kustomization.yaml index 7e1c9e5..411326e 100644 --- a/examples/rbac/kustomization.yaml +++ b/examples/rbac/kustomization.yaml @@ -1,7 +1,6 @@ namespace: sandbox resources: - namespace.yaml - - ldap.yaml - confluent - operator - rolebindings diff --git a/examples/replicator/README.md b/examples/replicator/README.md index 2b180c4..69eab44 100644 --- a/examples/replicator/README.md +++ b/examples/replicator/README.md @@ -58,16 +58,19 @@ tools ldap 1/1 Running 1 ```shell ./create_replication_job.sh ``` + +** NOTE: It may take sometime for the replicator-0 pod to become 'healthy' when running on a local minikube. + #### Check the status of the Replicator Connector instance ``` -curl -XGET -H "Content-Type: application/json" https://localhost:8083/connectors -k -curl -XGET -H "Content-Type: application/json" https://localhost:8083/connectors/replicator/status -k +curl -u testadmin:testadmin -XGET -H "Content-Type: application/json" https://localhost:8083/connectors -k +curl -u testadmin:testadmin -XGET -H "Content-Type: application/json" https://localhost:8083/connectors/replicator/status -k ``` #### To delete the connector: ``` -curl -XDELETE -H "Content-Type: application/json" https://localhost:8083/connectors/replicator -k +curl -u testadmin:testadmin -XDELETE -H "Content-Type: application/json" https://localhost:8083/connectors/replicator -k ``` ### View in Control Center diff --git a/examples/replicator/destination/kafka.yaml b/examples/replicator/destination/kafka.yaml index 590eba7..290e32c 100644 --- a/examples/replicator/destination/kafka.yaml +++ b/examples/replicator/destination/kafka.yaml @@ -48,7 +48,7 @@ spec: provider: type: ldap ldap: - address: ldap://ldap.tools.svc.cluster.local:389 + address: ldap://ldap.sandbox.svc.cluster.local:389 authentication: type: simple simple: diff --git a/examples/replicator/destination/kustomization.yaml b/examples/replicator/destination/kustomization.yaml index 3a77dc1..9d1da5f 100644 --- a/examples/replicator/destination/kustomization.yaml +++ b/examples/replicator/destination/kustomization.yaml @@ -1,3 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization namespace: destination resources: - ./namespace.yaml diff --git a/examples/replicator/kustomization.yaml b/examples/replicator/kustomization.yaml index fc8a1e9..c831074 100644 --- a/examples/replicator/kustomization.yaml +++ b/examples/replicator/kustomization.yaml @@ -1,3 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization resources: - source - destination diff --git a/examples/replicator/operator/kustomization.yaml b/examples/replicator/operator/kustomization.yaml index 339e199..ec102c5 100644 --- a/examples/replicator/operator/kustomization.yaml +++ b/examples/replicator/operator/kustomization.yaml @@ -1,3 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization namespace: sandbox resources: - ../../../kustomize/base/operator diff --git a/examples/replicator/source/kafka.yaml b/examples/replicator/source/kafka.yaml index cbb3969..a4a90ae 100644 --- a/examples/replicator/source/kafka.yaml +++ b/examples/replicator/source/kafka.yaml @@ -47,7 +47,7 @@ spec: provider: type: ldap ldap: - address: ldap://ldap.tools.svc.cluster.local:389 + address: ldap://ldap.sandbox.svc.cluster.local:389 authentication: type: simple simple: diff --git a/examples/replicator/source/kustomization.yaml b/examples/replicator/source/kustomization.yaml index cfd1129..1da0e4d 100644 --- a/examples/replicator/source/kustomization.yaml +++ b/examples/replicator/source/kustomization.yaml @@ -1,11 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization namespace: sandbox resources: -- ./namespace.yaml +- ldap.yaml +- namespace.yaml - ../../../kustomize/base/confluent - ../../../kustomize/base/secrets-tls - ../../../kustomize/base/secrets-user -- ./source-topic.yaml -#- ./rbac-producer-app.yaml +- source-topic.yaml patchesStrategicMerge: - ./rest-class.yaml - zookeeper.yaml diff --git a/examples/rbac/ldap.yaml b/examples/replicator/source/ldap.yaml similarity index 98% rename from examples/rbac/ldap.yaml rename to examples/replicator/source/ldap.yaml index 72025b4..ad64007 100644 --- a/examples/rbac/ldap.yaml +++ b/examples/replicator/source/ldap.yaml @@ -2,7 +2,6 @@ apiVersion: v1 kind: Pod metadata: name: ldap - namespace: sandbox labels: role: ldap app: ldap @@ -63,7 +62,6 @@ apiVersion: v1 kind: ConfigMap metadata: name: ldap-ldifs - namespace: tools data: 0_groups.ldif: |- dn: ou=groups,dc=test,dc=com @@ -160,7 +158,6 @@ metadata: name: ldap labels: app: ldap - namespace: tools spec: ports: - port: 389 diff --git a/examples/tls-certificate-rotation/README.md b/examples/tls-certificate-rotation/README.md deleted file mode 100644 index a302fd6..0000000 --- a/examples/tls-certificate-rotation/README.md +++ /dev/null @@ -1,15 +0,0 @@ -# MTLS - -## Description - -* Confluent Operator -* Zookeeper -* Broker - -## How to run - -Simply run: - -``` -$ ./start.sh -``` \ No newline at end of file diff --git a/examples/tls-certificate-rotation/generate_certificate.sh b/examples/tls-certificate-rotation/generate_certificate.sh deleted file mode 100644 index 92b8e6d..0000000 --- a/examples/tls-certificate-rotation/generate_certificate.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -cfssl gencert -initca base-ca-csr.json | cfssljson -bare ./sensitive-ca - -# Verify with this: -#openssl x509 -in sensitive-ca.pem -text -noout -cfssl gencert -ca=./sensitive-ca.pem -ca-key=./sensitive-ca-key.pem -config=./base-ca-config.json -profile=server base-server-domain.json | cfssljson -bare sensitive-server -# Verify with this: -#openssl x509 -in sensitive-server.pem -text -noout - -kubectl create namespace production -kubectl create namespace dev -kubectl create secret -n production generic tls-group1 \ - --dry-run=client \ - --from-file=fullchain.pem=./sensitive-server.pem \ - --from-file=cacerts.pem=./sensitive-ca.pem \ - --from-file=privkey.pem=./sensitive-server-key.pem -o yaml | kubectl apply -f - -kubectl create secret -n production tls ca-pair-sslcerts \ ---dry-run=client \ ---cert=sensitive-ca.pem \ ---key=sensitive-ca-key.pem -o yaml | kubectl apply -f - -kubectl create secret -n dev tls ca-pair-sslcerts \ ---dry-run=client \ ---cert=./sensitive-ca.pem \ ---key=./sensitive-ca-key.pem -o yaml | kubectl apply -f - - -md5sum sensitive-ca.pem -md5sum sensitive-server.pem \ No newline at end of file diff --git a/examples/tls-certificate-rotation/kustomization.yaml b/examples/tls-certificate-rotation/kustomization.yaml deleted file mode 100644 index 54d0c86..0000000 --- a/examples/tls-certificate-rotation/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -namespace: example -resources: -- namespace.yaml -- ../../kustomize/base diff --git a/examples/tls-certificate-rotation/namespace.yaml b/examples/tls-certificate-rotation/namespace.yaml deleted file mode 100644 index 6b30586..0000000 --- a/examples/tls-certificate-rotation/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: sandbox diff --git a/examples/tls-certificate-rotation/replace_certificate.sh b/examples/tls-certificate-rotation/replace_certificate.sh deleted file mode 100644 index 2736c21..0000000 --- a/examples/tls-certificate-rotation/replace_certificate.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash - -cfssl gencert -initca base-ca-csr.json | cfssljson -bare ./sensitive-ca - -# Verify with this: -#openssl x509 -in sensitive-ca.pem -text -noout -cfssl gencert -ca=./sensitive-ca.pem -ca-key=./sensitive-ca-key.pem -config=./base-ca-config.json -profile=server base-server-domain.json | cfssljson -bare sensitive-server -# Verify with this: -#openssl x509 -in sensitive-server.pem -text -noout - -kubectl create secret -n production generic tls-group1 \ - --dry-run=client \ - --from-file=fullchain.pem=./sensitive-server.pem \ - --from-file=cacerts.pem=./sensitive-ca.pem \ - --from-file=privkey.pem=./sensitive-server-key.pem -o yaml | kubectl replace -f - -kubectl create secret -n production tls ca-pair-sslcerts \ ---dry-run=client \ ---cert=sensitive-ca.pem \ ---key=sensitive-ca-key.pem -o yaml | kubectl replace -f - - -kubectl create secret -n dev tls ca-pair-sslcerts \ ---dry-run=client \ ---cert=./sensitive-ca.pem \ ---key=./sensitive-ca-key.pem -o yaml | kubectl replace -f - - -md5sum sensitive-ca.pem -md5sum sensitive-server.pem diff --git a/examples/tls-certificate-rotation/start.sh b/examples/tls-certificate-rotation/start.sh deleted file mode 100755 index 1976c22..0000000 --- a/examples/tls-certificate-rotation/start.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -set -e - -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" -source ${DIR}/../../scripts/utils.sh - -verify_docker_and_memory -verify_installed "minikube" - -minikube start --cpus=4 --memory=8192 - -kubectl apply -k . \ No newline at end of file diff --git a/examples/tls-certificate-rotation/stop.sh b/examples/tls-certificate-rotation/stop.sh deleted file mode 100755 index 1406068..0000000 --- a/examples/tls-certificate-rotation/stop.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -set -e - -minikube delete \ No newline at end of file diff --git a/examples/vault-key-value/kustomization.yaml b/examples/vault-key-value/kustomization.yaml index bba1aa4..83836f8 100644 --- a/examples/vault-key-value/kustomization.yaml +++ b/examples/vault-key-value/kustomization.yaml @@ -4,5 +4,4 @@ resources: - confluent - operator - rolebindings -# - topics - vault \ No newline at end of file diff --git a/examples/vault-key-value/topics/foobar-topic.yaml b/examples/vault-key-value/topics/foobar-topic.yaml deleted file mode 100644 index 3c5d00f..0000000 --- a/examples/vault-key-value/topics/foobar-topic.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: KafkaTopic -metadata: - name: foobar -spec: - kafkaClusterRef: - name: kafka - namespace: sandbox - kafkaRest: - authentication: - type: bearer - bearer: - secretRef: mds-client-c3 - endpoint: https://kafka.sandbox.svc.cluster.local:8090 - configs: - confluent.key.schema.validation: "true" diff --git a/examples/vault-key-value/topics/kustomization.yaml b/examples/vault-key-value/topics/kustomization.yaml deleted file mode 100644 index 45f0bca..0000000 --- a/examples/vault-key-value/topics/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -namespace: sandbox -resources: - - ../../../kustomize/base/topics -patchesStrategicMerge: - - foobar-topic.yaml \ No newline at end of file diff --git a/kustomize/base/secrets-tls/ca-pair-sslcerts.yaml b/kustomize/base/secrets-tls/ca-pair-sslcerts.yaml index 6265089..db798bb 100644 --- a/kustomize/base/secrets-tls/ca-pair-sslcerts.yaml +++ b/kustomize/base/secrets-tls/ca-pair-sslcerts.yaml @@ -1,7 +1,7 @@ apiVersion: v1 data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURtRENDQW9DZ0F3SUJBZ0lVUmswcnE5KytQODJYK1diT0JLazZLcTFaU05Zd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERVJNQThHQTFVRUJoTUlWVzVwZG1WeWMyVXhEekFOQmdOVkJBZ1RCbEJoYm1kbFlURU9NQXdHQTFVRQpCeE1GUldGeWRHZ3hEVEFMQmdOVkJBb1RCRUZqYldVeERqQU1CZ05WQkFzVEJVMTVUM0puTVE4d0RRWURWUVFECkV3WlVaWE4wUTBFd0hoY05NakV3T0RFeE1UUXlNVEF3V2hjTk1qWXdPREV3TVRReU1UQXdXakJrTVJFd0R3WUQKVlFRR0V3aFZibWwyWlhKelpURVBNQTBHQTFVRUNCTUdVR0Z1WjJWaE1RNHdEQVlEVlFRSEV3VkZZWEowYURFTgpNQXNHQTFVRUNoTUVRV050WlRFT01Bd0dBMVVFQ3hNRlRYbFBjbWN4RHpBTkJnTlZCQU1UQmxSbGMzUkRRVENDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSmZhNkR3MGkxaGxwUmtUOEN6QmhMZ1YKRDJoeWh4K0wxR3RlVU12WnBOOWYvdkRtZ2RGUW5QWFRUemNqck4yUTlYejN4VDFnUWsxNERnUFpaSG1qNURpdwp1NHRUWFpMNnNqeFJUTkc0Tlk4QW1Xd3hzaEJvOThGU0RMM1dmYzVablVhUGU4Mk1WSVludE1kUStSaGFQc1pYCjJvc2pNN0FYanFnOWowaTQ1M0RlMmo0aTRLa2ZLWEh6S0lUc2hMQjhOMzA5cXhHR1BaK3Q1NExtNWNRdDREVnkKckhQTnI3Q0pzanhqc2pKRGFuUk92RnVYUEliaVJJaUFwUnFTWi9SZ1Z1d09QeFE2ekpwOE1DWmsxY1gweHNDUQp6aEkxeithOVlMMXBtOVcxQ1h2WEIyUkNpYjBvQkpnaUR5bXB6eFYxWlNpR3JFZjdsRnRqblFMYW5EUUlzTVVDCkF3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0VHTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME8KQkJZRUZGb21wcDhNR01PeW9xdU1lc1QzUXRaSmd2REVNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJ1V29jaQo2MjVPOUlGYWwvbG1oUVdwOHdOSGZESzhJWDRoajdCS2RsUGV6QlZQTnZQTUxEd2tlYmxqelE1dWpNUEVaTmZMCjdOcTVuWm5PZmw0VjNBdVB5ZlJaOVFHemU0blV1a3ZLclU4QnlxZGg5ekMzTElCbktjeUpteWh2eDBySyt2RTkKY1oxR1BxZFdkU0RKR2dKTmc4VjB0TEU5VTZTZVNJOHVuSWpWZjRsSnhUN3hpRW5MTTJIMXZncTU4YXdUaHloWQprWEd2SUoxMytGR2ZtR0hBQVNDa1FGVkhIVTV0eWovWjNvSXVlYXdFRjZiK20yY3VpOGt2cGR1WWk0QU9MbTN4CmppMmpsY2NOQmhCbnBubHdLMTRGREM4Y0Jyb3hLcStmbmx5dG96bnJwQUI0TStDRUFtYlcwVGNtdm9yaDRjcGoKUzlxaUlZMmwzME5mK0ZzQQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBbDlyb1BEU0xXR1dsR1JQd0xNR0V1QlVQYUhLSEg0dlVhMTVReTltazMxLys4T2FCCjBWQ2M5ZE5QTnlPczNaRDFmUGZGUFdCQ1RYZ09BOWxrZWFQa09MQzdpMU5ka3ZxeVBGRk0wYmcxandDWmJER3kKRUdqM3dWSU12ZFo5emxtZFJvOTd6WXhVaGllMHgxRDVHRm8reGxmYWl5TXpzQmVPcUQyUFNMam5jTjdhUGlMZwpxUjhwY2ZNb2hPeUVzSHczZlQyckVZWTluNjNuZ3VibHhDM2dOWEtzYzgydnNJbXlQR095TWtOcWRFNjhXNWM4Cmh1SkVpSUNsR3BKbjlHQlc3QTQvRkRyTW1ud3dKbVRWeGZUR3dKRE9FalhQNXIxZ3ZXbWIxYlVKZTljSFpFS0oKdlNnRW1DSVBLYW5QRlhWbEtJYXNSL3VVVzJPZEF0cWNOQWl3eFFJREFRQUJBb0lCQUI5dE8yQ3lVeUJCTVBERwpzbzdnb2RIaThlUmd4MXdjK1NJYlM4ZFVUSTI1OVMzdjFtLzJLZldwL0p2aHN6WExlVEthcUdReVZxWm5zU2JVCng3bHcxSnR5MysxT25HLzltQU5wbytkSEl6WnNIbFJJMkp3U3pTdGlDcWNEQzlnM3JaZmJ1L2huRVZzT1BwaDkKUm4vbXRWVWcrMmFPSzNWRytzd1FxV1dZZHJWaDU5RW9mbVcrbHY5VVR0UDNPNGNqV01Zb1AyV3pudFVRTUg1Lwo2MkYwci9RRTVkcW5jaGVoZmRDUjdIQ0xJL3B1TzVJUXhKd0lQTlhvM2tSWXY1L0t2aU5aQ2c0STBmUnJVUTFICjN5M2hxUEVnaTlGWGRMdFRRSzVYT04xVUxtVHArNU1WY3pRS1dUN0VTRTdKakJnV1pyYmtVZEJOc1pBVFdjNmgKek5hZkdJVUNnWUVBd0xBeEozUU9pRFV1STJuTFZKL3VqelNpYjI3SUROZ25IWE4zTjU0alp4SFQ2UGNxSGdTbApqL3NVdE9YN2hLaFBzQTBMQUJnZ0MyVHRXU0tYUnhrVG90dmZkdVkrT21CTzJXMmpTekhiM1VDdmlGQUJaRGdhCm90WnZvTDdlSFN2MnBDTnRhVjh4WkdlYUo3V1lnbThDSDRTdXNFbHd6TUk2L2wzN25nNjAyKzhDZ1lFQXljQVIKN3JHM0JFdFYwemJwamQybWNSVitKN2xDcFBYVGdWS0hWUzhuL0Z6anJaNk5LMWxxY0dWZFVMZFVCanRrVDlFUApxd0ZtaUJJbzBmbnN2d2xzUTNRM1hNZTVrTW5LZTJ3TXlXcnFWUTE0V1J1RCtoUVIwZ0w5RjE5TW9jK2lLcmpEClYwUEsyWGtBSGVmMlNxemJ2NHdlQ05ydk8vd3lZVmEzdEl0eEdvc0NnWUI4OFFJK1lkdVdhRjFOYXlrRDYxd2wKa1d5T010Z1d0QVhRNi9EdXFHU3VUWG9Kd2xLVitrOWNaK01LVldIY3A4SmNGbWorbTZZVG5WTGxqQzlwVTVKTwo5S0VXbUw3YTNWM2pVRnNrdytTYnQzamFPMzViZktHUTJ0aXc4M0pVbWhBb2FDeG11ZW50Lzl1T1Nncms4SlFBCjJlam51QWNqVGdJd3M4SVd2OVI0RXdLQmdRQ0NnYWFYKzRuaVUwRlBnaVFPeXlUUjNnOWZidTMzZTdXMzRFVC8KQzZRWUVaYU9SeFFXeUo2YjJsWkUwbktlSFdsRVlINThKa25IRjhna0hFSFRTaXNvYjFNb3gySDRrVEJVS284Uwo5QUJseUhMallYTThJQ051OE5QN2ZJQTc0KzZKS0Qva2dVd0U1Y3IzalllNndwcmNDNjJhR05YTXZkVnhOZ0ZiCjN4L3BCUUtCZ1FDcm00dUdIbzVFUkZOWEhXNE94UW1pbm5kWUdGTVBEQWZ5ZzlzRlpZZ1Ewa3BHNkJIbHFSd1AKdkozc3A4b0xRay82aFlXR3RocGJLVi9RbWN0QThWM01aVDdrQW1Ibkt1ME5wN1FDZCt5VGRPOXl0dFR2TGl1ZQpGaXNuV3duVTlWZ3lVYkxOQndHbDdXa1h6SWlBcmJhMHFCRzJtdnRvVk95QnU2WGhTSXdZaVE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURtRENDQW9DZ0F3SUJBZ0lVVkMvQWhadUhNSFJwcm9mRjF4NjhGYktqY0owd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERVJNQThHQTFVRUJoTUlWVzVwZG1WeWMyVXhEekFOQmdOVkJBZ1RCbEJoYm1kbFlURU9NQXdHQTFVRQpCeE1GUldGeWRHZ3hEVEFMQmdOVkJBb1RCRUZqYldVeERqQU1CZ05WQkFzVEJVMTVUM0puTVE4d0RRWURWUVFECkV3WlVaWE4wUTBFd0hoY05NakV3T0RFek1Ea3pOakF3V2hjTk1qWXdPREV5TURrek5qQXdXakJrTVJFd0R3WUQKVlFRR0V3aFZibWwyWlhKelpURVBNQTBHQTFVRUNCTUdVR0Z1WjJWaE1RNHdEQVlEVlFRSEV3VkZZWEowYURFTgpNQXNHQTFVRUNoTUVRV050WlRFT01Bd0dBMVVFQ3hNRlRYbFBjbWN4RHpBTkJnTlZCQU1UQmxSbGMzUkRRVENDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTVFkcjJ4dXlvWFM4WFRxRlJaMjFFU3gKOUxxWDBrUVNMNW1YaTIrekJDaWJPczR1aElnT1NBdzFoU29pMWw4NHpjRjg5Sy9qckczTUJ6d2pFRVRxU2tFOQpHenFFaTcweFdPZmVNMWh4TW1kTU5hYlh0cmVlMjU3NS8xOW9QN2FNL2hwSEdqVkVTWDJMZzBpK3d3MVhqaU45ClhqazJiVjR0UURqZEFQN3hERnZ1UncwNjN1NkdEUXJxQUN5N2ZLb1plT0RNT3Q3bTZNL0dvVTRDWnh1MDcxbGkKUFRpTnc0Q1AxZ082eVROZk5qL05GSFNYMkFtWkF3OVFOUjE1SzRGTzJYRGlGQkl6SWhBcVpsZ2tYeWdZb1VPbQpJdWFUN1lQUE45ZzBPc1JIcm4rVUpPNlI0Q2FwQ28zNlFEUEJGMWhSbXYrNzNrUDFiVUQ5Z2UvbEdjblpFT2tDCkF3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0VHTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME8KQkJZRUZJenArRUgraG5lbHZ1WGtrdVg1Y0czV1RyYzlNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUFtUjJjRwpZdk9aZzl6V2VmczloWmZUdE1ISGxOVDNkYkx2R3IyTzRxOHByaGRmeFBWVXBhdHdzTkMvRDRKSWc5Tzd6WmtoCmVjWlRqbC9aRmNVTVEvNTZlNHRrK3JRWlhGKzd3eEFMbXhuQkptVVo4aDRGQXRwMUFEYkNxbkU1MUhYYmNOOGQKUkVaMEpvaXN0aXJHUndJMnhWK1R4TGRCV2hBWHJGU3NwWHV3VHlwRE8reHZiOWN1MTVyT2pTZXo4a29CV3RpNApGc1Irazd3T0M0MnRxdVRlODJVQ3FvcyttaGN1K3JqYTZuMThLRFd3QnZNY0ExSmdod1REdmtBMG45NHJjZ09JCnI2U1lNYjZha1lWeEpwVVVxa0hRZDlnRHJLcmJEVmtsMURWOFFvMjhGVHl3Q1Rld0t4N2IvcDJ3eVJXU3psWXkKSnFPQ3l5RmdNaVZ3aHpHSQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeEIydmJHN0toZEx4ZE9vVkZuYlVSTEgwdXBmU1JCSXZtWmVMYjdNRUtKczZ6aTZFCmlBNUlERFdGS2lMV1h6ak53WHowcitPc2Jjd0hQQ01RUk9wS1FUMGJPb1NMdlRGWTU5NHpXSEV5WjB3MXB0ZTIKdDU3Ym52bi9YMmcvdG96K0drY2FOVVJKZll1RFNMN0REVmVPSTMxZU9UWnRYaTFBT04wQS92RU1XKzVIRFRyZQo3b1lOQ3VvQUxMdDhxaGw0NE13NjN1Ym96OGFoVGdKbkc3VHZXV0k5T0kzRGdJL1dBN3JKTTE4MlA4MFVkSmZZCkNaa0REMUExSFhrcmdVN1pjT0lVRWpNaUVDcG1XQ1JmS0JpaFE2WWk1cFB0Zzg4MzJEUTZ4RWV1ZjVRazdwSGcKSnFrS2pmcEFNOEVYV0ZHYS83dmVRL1Z0UVAyQjcrVVp5ZGtRNlFJREFRQUJBb0lCQVFDTlRCNEI3K2oyZGo4RgpUMG9XUDFNOGswS1IxYVRtNm50bEcreVljOUJCT1dZcSt4VDl1ZHhxLzN5TUdVRitwYnlJOVhDTjhXbGdTaW5FClNEY0drQThqNWRUaVduRWJ4Sndib3RvM2xJY09LYmhXRndGTVZxWkJhamwyRWZRbG9Idkxqd0x3OGR4SkdlVmkKMmg1S1ZKVFNPUmRUL1VUYkg1c3YzUHRFczRPR0QybkxSb1kxZVFpUk9kNVZIU3hrK2xNd2NXbjVVSVBodmdqSQpJc3ZiN2FsQjZreUgzdFllUlhsUHJGUjBpRXVQOUpzUHpZaWdFSTNEMkVPRG1YU0JyUWhyYWVDNHpqMllFSklWCmNxdFBTVm81NkMxbjlCUEE3ODl5ZXVnSlNSaXA3T0l0eEgrN3pRR0dtS2VqMWR6MGoyV0JHM3JFZjZRMkRZMDQKQzNld0pDMXBBb0dCQU93cy9helNjRkdQcHgrMURsRHRscmRxcHhQWmJMU25SQVFPaW9FT3o4bVU4ZmVYdGNtcAp6dTJpYmg3WU93Y1ZhQ040S0FBaXRFSEJnSG9DSEs5UTJNZ0J2bXBxMExCUzhKMURRUkI2SG1HK2plNDVHZU5jCisrcitYd1ZtMGhtUTV6WElONFRBOUJ5cXdkdmF2U1Nnc2RqazFldTdjN3FwREVJVmVQeHk5NWp2QW9HQkFOU1QKNE83Rnp3WFg5Vnc5R243eWZDUHZ0NW1lMm44dWlpQTJjQ3JZNmpHdnV1L0txTEF5SkszdHFFcHo5KzZmOGlNNApraHNmTWxGOFJtSEtpbTE5ajBvRjVIVE12dFBGb045RVZZOHZ6OWV3TWMrQ1BJRmhIRkVxTy9JMkdrMk9XSTBHCmFtc3UvTUpTUG53Uis4ZGZ6VlVWWlRTTzd6dW5uNFF6YTZ2bURvT25Bb0dCQUw5MExXUlc1M1JHdHAwT2dmOTYKeXEzL1NGZmY3cTUzMWJ4UUtWazdyNWZqSlUrbjdWY0FUOTMxeWIwNVhvaDhnd0lWMnA5WmdyUzNielg0MWxZTQpmTitPQWxWMEo1NTRiZE9lZkhVbCtkRVV6eXVwb0dIZXM5MG92ZEM4TEY5TFJ4TWpMbFp3c0xNNGZaU0RPc2NoCmVXcXcvdlZzN1FFSkh3WEhNRis5dHhlREFvR0FSN2QwSlZuNjAvL2R1VGFzSDdQekNiU3YvbFhIWlN6d1VKbk4KRWNlSWl5YThMSFgwbnl6cmp2b2swcWw1TmJva1dKbVhRU3N2TUtwNm5EZFdxRVc1OThFeEorNkRXckxMNlVjRwpqbjRVNHJHQXZIODFwbmg2c3k5S2RoYW1uUSt1OURUNzVoaytFTmpxVjdWQmVpdnAvQkJ4eWwrR2VsdTh4ejhKCnpqNlpHdlVDZ1lCc0VpVDIyRFFoOUlWMzhwd1BkMlRlOVlVU05GSWdQdW5VUVQrR0E5L2hWbU1tOGdFRVhFeGkKaUtoM2JDL0h5d293MGNXTW5SUWxPRWNVaVpjY1Y5NkJDZ1JBZzRhMUdSRHNHeUQ4Nzl3bUZ5RzdjcHBWaWhregphUmI0cEhOWEh2TjJqU2trZWRVS01pQ3ZrZzMzejJzK1JySDJQRE9jeFV6MXZiS2dWaEJjL1E9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= kind: Secret metadata: creationTimestamp: null diff --git a/kustomize/base/secrets-tls/tls-group1.yaml b/kustomize/base/secrets-tls/tls-group1.yaml index cee69f3..dbd5a2a 100644 --- a/kustomize/base/secrets-tls/tls-group1.yaml +++ b/kustomize/base/secrets-tls/tls-group1.yaml @@ -1,8 +1,8 @@ apiVersion: v1 data: - cacerts.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURtRENDQW9DZ0F3SUJBZ0lVUmswcnE5KytQODJYK1diT0JLazZLcTFaU05Zd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERVJNQThHQTFVRUJoTUlWVzVwZG1WeWMyVXhEekFOQmdOVkJBZ1RCbEJoYm1kbFlURU9NQXdHQTFVRQpCeE1GUldGeWRHZ3hEVEFMQmdOVkJBb1RCRUZqYldVeERqQU1CZ05WQkFzVEJVMTVUM0puTVE4d0RRWURWUVFECkV3WlVaWE4wUTBFd0hoY05NakV3T0RFeE1UUXlNVEF3V2hjTk1qWXdPREV3TVRReU1UQXdXakJrTVJFd0R3WUQKVlFRR0V3aFZibWwyWlhKelpURVBNQTBHQTFVRUNCTUdVR0Z1WjJWaE1RNHdEQVlEVlFRSEV3VkZZWEowYURFTgpNQXNHQTFVRUNoTUVRV050WlRFT01Bd0dBMVVFQ3hNRlRYbFBjbWN4RHpBTkJnTlZCQU1UQmxSbGMzUkRRVENDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSmZhNkR3MGkxaGxwUmtUOEN6QmhMZ1YKRDJoeWh4K0wxR3RlVU12WnBOOWYvdkRtZ2RGUW5QWFRUemNqck4yUTlYejN4VDFnUWsxNERnUFpaSG1qNURpdwp1NHRUWFpMNnNqeFJUTkc0Tlk4QW1Xd3hzaEJvOThGU0RMM1dmYzVablVhUGU4Mk1WSVludE1kUStSaGFQc1pYCjJvc2pNN0FYanFnOWowaTQ1M0RlMmo0aTRLa2ZLWEh6S0lUc2hMQjhOMzA5cXhHR1BaK3Q1NExtNWNRdDREVnkKckhQTnI3Q0pzanhqc2pKRGFuUk92RnVYUEliaVJJaUFwUnFTWi9SZ1Z1d09QeFE2ekpwOE1DWmsxY1gweHNDUQp6aEkxeithOVlMMXBtOVcxQ1h2WEIyUkNpYjBvQkpnaUR5bXB6eFYxWlNpR3JFZjdsRnRqblFMYW5EUUlzTVVDCkF3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0VHTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME8KQkJZRUZGb21wcDhNR01PeW9xdU1lc1QzUXRaSmd2REVNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJ1V29jaQo2MjVPOUlGYWwvbG1oUVdwOHdOSGZESzhJWDRoajdCS2RsUGV6QlZQTnZQTUxEd2tlYmxqelE1dWpNUEVaTmZMCjdOcTVuWm5PZmw0VjNBdVB5ZlJaOVFHemU0blV1a3ZLclU4QnlxZGg5ekMzTElCbktjeUpteWh2eDBySyt2RTkKY1oxR1BxZFdkU0RKR2dKTmc4VjB0TEU5VTZTZVNJOHVuSWpWZjRsSnhUN3hpRW5MTTJIMXZncTU4YXdUaHloWQprWEd2SUoxMytGR2ZtR0hBQVNDa1FGVkhIVTV0eWovWjNvSXVlYXdFRjZiK20yY3VpOGt2cGR1WWk0QU9MbTN4CmppMmpsY2NOQmhCbnBubHdLMTRGREM4Y0Jyb3hLcStmbmx5dG96bnJwQUI0TStDRUFtYlcwVGNtdm9yaDRjcGoKUzlxaUlZMmwzME5mK0ZzQQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - fullchain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUU2ekNDQTlPZ0F3SUJBZ0lVVVJVU1Q1L0ZqZTVFRGVBOHZsS0h5eEpDMDM4d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERVJNQThHQTFVRUJoTUlWVzVwZG1WeWMyVXhEekFOQmdOVkJBZ1RCbEJoYm1kbFlURU9NQXdHQTFVRQpCeE1GUldGeWRHZ3hEVEFMQmdOVkJBb1RCRUZqYldVeERqQU1CZ05WQkFzVEJVMTVUM0puTVE4d0RRWURWUVFECkV3WlVaWE4wUTBFd0hoY05NakV3T0RFeE1UUXlNVEF3V2hjTk1qWXdPREV3TVRReU1UQXdXakJTTVJFd0R3WUQKVlFRR0V3aFZibWwyWlhKelpURVBNQTBHQTFVRUNCTUdVR0Z1WjJWaE1RNHdEQVlEVlFRSEV3VkZZWEowYURFYwpNQm9HQTFVRUF3d1RLaTV6ZG1NdVkyeDFjM1JsY2k1c2IyTmhiRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBTkVrYVN5OG1tVUZhU1Yyejh4SEdTOU9pVVdCUEx3QmN4VUFSUzhuWmxoL0xMREUKTVNXNVkzbTZuWkpYVGtUUmw4NEUxSHphbk5WUVllSXNWNEFSdGxGcHZ3a3ZwLy9mOWo3VFV4dDZzd0F1YzN0cAo0ZE53WkFJNHl1dG5LdEc5S2hkWWp4ZVQ2eTA0WFpYeEdUcHIxSE0vNzZmQ1dxa2s0b3ZzQ29kU3hKVFZqT1JiCnluMk1HZHdZdXFlOUozb1kvY1YwUWFza0dYNjVDdytMVm9BZHpBUlFYRGxseE5FNmkxWDV2R0t4Sng0UVVvZnIKenI2TEwyakNaMkUxaGEzd1ZEMG02ODdjYTdiN3pBTEFDMEJ3aERDY1R6U3l2dXZPR2ZicTQvMXBqWTRjM3Y3dwplb0UrYkdQdmNLYUVOK2pZM2RaZWhCVEZpRDFDWkJSekdUa3lWa01DQXdFQUFhT0NBYVV3Z2dHaE1BNEdBMVVkCkR3RUIvd1FFQXdJRm9EQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3REFZRFZSMFQKQVFIL0JBSXdBREFkQmdOVkhRNEVGZ1FVY2UzQ1E1bEFBeldlWW9HVnpPWllId21tZkJrd0h3WURWUjBqQkJndwpGb0FVV2lhbW53d1l3N0tpcTR4NnhQZEMxa21DOE1Rd2dnRWdCZ05WSFJFRWdnRVhNSUlCRTRJYktpNXpZVzVrClltOTRMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNnaVVxTG5wdmIydGxaWEJsY2k1ellXNWtZbTk0TG5OMll5NWoKYkhWemRHVnlMbXh2WTJGc2dpRXFMbXRoWm10aExuTmhibVJpYjNndWMzWmpMbU5zZFhOMFpYSXViRzlqWVd5QwpDeW91YlhrdVpHOXRZV2x1Z2g4cUxtUmxjM1JwYm1GMGFXOXVMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNnaWtxCkxucHZiMnRsWlhCbGNpNWtaWE4wYVc1aGRHbHZiaTV6ZG1NdVkyeDFjM1JsY2k1c2IyTmhiSUlsS2k1cllXWnIKWVM1a1pYTjBhVzVoZEdsdmJpNXpkbU11WTJ4MWMzUmxjaTVzYjJOaGJJSXFLaTV5WlhCc2FXTmhkRzl5TG1SbApjM1JwYm1GMGFXOXVMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUI3CjlFQWo1bVZ4NVA5TE50ZCtUMmFaMk5YR3JLejJtOFV2dUJIeldqcjliSkhtekRKRHdDSlA0YXZ0dWJsY2t3S2kKWWtaSXFsdm9KKzkvbGY0TkoyVGJBbGl4QWRudnVvRmJCemltT2pna09HZkt6dnlZSjBlU0dHSWpvTExKU0lYSQptQ0FZbEJFNVB4VFYwVWFxM3IyeEYvbGd3RFVYVTBlb1ZDdEI0S241WEVCbUcwM2pNcGR2akxuQmtYRmNxRWx1CjVrVmlkRHlsUjNhaElDNWlLaUc0UlY2MVFVTkRpNE9zTjFrZzlnQWhidmZnN3dveXNWT21saFo1SmJjTEhURjEKMDBCeWFZbC9nbHc2L0VtbE5rSzhOZzJ2TU1pQ29nZytMZFFOVXkzc0pobjlRb0Nwa3JWVW1VaEJkOWtudVNPSAorRyttVklQNmhaNWpzcDQrYjAzQQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - privkey.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBMFNScExMeWFaUVZwSlhiUHpFY1pMMDZKUllFOHZBRnpGUUJGTHlkbVdIOHNzTVF4CkpibGplYnFka2xkT1JOR1h6Z1RVZk5xYzFWQmg0aXhYZ0JHMlVXbS9DUytuLzkvMlB0TlRHM3F6QUM1emUybmgKMDNCa0Fqaks2MmNxMGIwcUYxaVBGNVByTFRoZGxmRVpPbXZVY3ovdnA4SmFxU1RpaSt3S2gxTEVsTldNNUZ2SwpmWXdaM0JpNnA3MG5laGo5eFhSQnF5UVpmcmtMRDR0V2dCM01CRkJjT1dYRTBUcUxWZm04WXJFbkhoQlNoK3ZPCnZvc3ZhTUpuWVRXRnJmQlVQU2JyenR4cnR2dk1Bc0FMUUhDRU1KeFBOTEsrNjg0Wjl1cmovV21Oamh6ZS92QjYKZ1Q1c1krOXdwb1EzNk5qZDFsNkVGTVdJUFVKa0ZITVpPVEpXUXdJREFRQUJBb0lCQVFET3ptZG1BblhWc1IwQgpHOVJ0RmwwVUIxLzhKOGlMekE4bFZDZ1ZjYXRsbFJQM0Uzblo2TkV4M05QVmtwbGx1YStYMi9UV0pVSnlPTk1oCjJHRUoxZm5uMVY0L1VpMlkrcmkvOVMyMy9ZT2xpVWxPWHl3Y2JZV25JTXVmTFZ3TkhEWFQ4aEZFNmxMaVcxdEgKV3Fwc3Q1WFVCUVFSYWtGR0FxQTJaa2tlK1R4RVFvQmNHeTcwSUxKdFUyTGhKdkUwZk5nOXhXcHRHd0ZWaUNiZgprOGV3RkNyZ2lVaEpyWTk5bm5yZGJGK0pBcnV0ZnNUcUtHU05NWUhrV3Z4QUs0MmtGTGZuZHdRdXBhdlhHQjUwCjUvTmM1RGJhczFXY1QrcE1ES0plVU9tbWFJenlqNWdzdC84aU1BU3I4ZUtuMEluQUp1UitVWkRWSjgwc0NhVEYKK1IvSkhVWmhBb0dCQVBZZXF3U3FrWmpUWklRejdjeW93N1RmSnI4aHFIdFMzVm84b01IUEtSbURCclpqdmg4OApwMzhvQ0gyTTNzZEFCN1hRNFUzcGRVSVB4aWdSUjFSV3pDM0FMeFAyZGRJa3psN1hmN21ZdUhSRTMydnB3M28zCktZcXYvMmp3SkpodjlDWXd2T0hWVFkwWDhCdzZMYXlJMjFGaFhnOXVidEdPQVFwVjNoeFhQaVJ6QW9HQkFObUoKdXdRRFBxMGtvaWFzTnBjL2RiSzUzdnE1Smt3WitTSit4YWY5TTQ4TVZvclVsYjVKOHZ5bHIrOWlrZ0ppMzN2ZApUM2tRVVAveE9CR0dCdHYydDNRZmQrLzNuZUh4RUduRmhtK2FaRzVlaEhMU0lNaDc5OHVKQ1AxWkFRUEExclRnCnJDc2I1MjE0QUd6enJkQUFRb3pYNU1kNEd4QUdocndPc2RtSnltTHhBb0dBQjdlb2R5bitETU84S0NVVXRORXAKNmRjQmVRYk9LS2ZOaHhIVm5KNHBWTUoyQ0d3U1B4cUF5Z3p3VHplR21NcmFNd3BNdGt1MndJNk1FUitSbEFSdwp2SktGSjJRWUI3SGR3cjJSSkxtME52a2Q1RjFkSXN6dUFZcEpRUG9ldTZUdkMrK0ZUTE9LamYwTksyVnJuemhmCllDcmtieWx3VWlQWXhvRXd5TVMzang4Q2dZRUFsS0F0VGdpSmdmSk5kdTZpUGFQMTNpNXYwZzA5eFREWnJsKysKMjQ5Njhua1RoN2JHdUVQOTUrK3J6SG9rRjgxRnMzTDVJVldzZ2JGbEJWUDB5OFE4Z3ZJZEY2NnVCL2lUcGpCMgpNVG5pOUNWUGlNTlg4cUlBSXVkMVpPS3lkc1lCNjRLMUhwN3A5empOMGFLTFZsbFhIck5DYzZYemwzZGVCbzVqCnBLVW55WUVDZ1lFQXFJeDVwemxmRDAzZ2xBUW9EeVhnb0JmMlhTOGJzQXBmbnNuQjQyNE12ZjBJTUhlV3doN00KMFVMRmt5NGtYRFNKNVE0d3ErcVBMYythYnVmSXRnVlZ5Nnl0SmNRbU9ua3lQcWhDS2E4M1FMYitPVVhoUHh2Ywowd2FydG8xajA1QXRTcjJvaFQ2NW8rSUM3ZDRoVU5qbUhoc0lzZ21MNXJJSWl2SytZdWV3M3g0PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= + cacerts.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURtRENDQW9DZ0F3SUJBZ0lVVkMvQWhadUhNSFJwcm9mRjF4NjhGYktqY0owd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERVJNQThHQTFVRUJoTUlWVzVwZG1WeWMyVXhEekFOQmdOVkJBZ1RCbEJoYm1kbFlURU9NQXdHQTFVRQpCeE1GUldGeWRHZ3hEVEFMQmdOVkJBb1RCRUZqYldVeERqQU1CZ05WQkFzVEJVMTVUM0puTVE4d0RRWURWUVFECkV3WlVaWE4wUTBFd0hoY05NakV3T0RFek1Ea3pOakF3V2hjTk1qWXdPREV5TURrek5qQXdXakJrTVJFd0R3WUQKVlFRR0V3aFZibWwyWlhKelpURVBNQTBHQTFVRUNCTUdVR0Z1WjJWaE1RNHdEQVlEVlFRSEV3VkZZWEowYURFTgpNQXNHQTFVRUNoTUVRV050WlRFT01Bd0dBMVVFQ3hNRlRYbFBjbWN4RHpBTkJnTlZCQU1UQmxSbGMzUkRRVENDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTVFkcjJ4dXlvWFM4WFRxRlJaMjFFU3gKOUxxWDBrUVNMNW1YaTIrekJDaWJPczR1aElnT1NBdzFoU29pMWw4NHpjRjg5Sy9qckczTUJ6d2pFRVRxU2tFOQpHenFFaTcweFdPZmVNMWh4TW1kTU5hYlh0cmVlMjU3NS8xOW9QN2FNL2hwSEdqVkVTWDJMZzBpK3d3MVhqaU45ClhqazJiVjR0UURqZEFQN3hERnZ1UncwNjN1NkdEUXJxQUN5N2ZLb1plT0RNT3Q3bTZNL0dvVTRDWnh1MDcxbGkKUFRpTnc0Q1AxZ082eVROZk5qL05GSFNYMkFtWkF3OVFOUjE1SzRGTzJYRGlGQkl6SWhBcVpsZ2tYeWdZb1VPbQpJdWFUN1lQUE45ZzBPc1JIcm4rVUpPNlI0Q2FwQ28zNlFEUEJGMWhSbXYrNzNrUDFiVUQ5Z2UvbEdjblpFT2tDCkF3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0VHTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME8KQkJZRUZJenArRUgraG5lbHZ1WGtrdVg1Y0czV1RyYzlNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUFtUjJjRwpZdk9aZzl6V2VmczloWmZUdE1ISGxOVDNkYkx2R3IyTzRxOHByaGRmeFBWVXBhdHdzTkMvRDRKSWc5Tzd6WmtoCmVjWlRqbC9aRmNVTVEvNTZlNHRrK3JRWlhGKzd3eEFMbXhuQkptVVo4aDRGQXRwMUFEYkNxbkU1MUhYYmNOOGQKUkVaMEpvaXN0aXJHUndJMnhWK1R4TGRCV2hBWHJGU3NwWHV3VHlwRE8reHZiOWN1MTVyT2pTZXo4a29CV3RpNApGc1Irazd3T0M0MnRxdVRlODJVQ3FvcyttaGN1K3JqYTZuMThLRFd3QnZNY0ExSmdod1REdmtBMG45NHJjZ09JCnI2U1lNYjZha1lWeEpwVVVxa0hRZDlnRHJLcmJEVmtsMURWOFFvMjhGVHl3Q1Rld0t4N2IvcDJ3eVJXU3psWXkKSnFPQ3l5RmdNaVZ3aHpHSQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + fullchain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUU2ekNDQTlPZ0F3SUJBZ0lVWDBxaGhocnN6M1VYMUlwZmNUQW9haGFMdHdFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERVJNQThHQTFVRUJoTUlWVzVwZG1WeWMyVXhEekFOQmdOVkJBZ1RCbEJoYm1kbFlURU9NQXdHQTFVRQpCeE1GUldGeWRHZ3hEVEFMQmdOVkJBb1RCRUZqYldVeERqQU1CZ05WQkFzVEJVMTVUM0puTVE4d0RRWURWUVFECkV3WlVaWE4wUTBFd0hoY05NakV3T0RFek1Ea3pOakF3V2hjTk1qWXdPREV5TURrek5qQXdXakJTTVJFd0R3WUQKVlFRR0V3aFZibWwyWlhKelpURVBNQTBHQTFVRUNCTUdVR0Z1WjJWaE1RNHdEQVlEVlFRSEV3VkZZWEowYURFYwpNQm9HQTFVRUF3d1RLaTV6ZG1NdVkyeDFjM1JsY2k1c2IyTmhiRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBTkpaSFBaaWJ5VWorczNwMHVMdkFZZkVsUVpmMzBYdUZwNGZYckdQM08wZk80L0cKQ3ExY1FHMkY4UDY3ZDROYXp1ZHlPUmhZekpzQVhPaFl3ajIvUGFjc051K1R2NWZ4WTdnS3lQYWJnNGZ6dm9zVQpOeVVFWno5RG1RdnM5R3N2b3QyOU5LL1p1MGV5ZFdtZUEwR0RIczhTRUtoUG1BSlhqTUdDY0lOQ3pNdFBsbUM1CjFGYTdidWxCR2R4WDMrVXJnMDZtcGIwNHlYSU5CTnRXTGI0bHNTRFNyRTlTNnEwek1DOUNhQTRpN0ZhRHVMNlUKaHFUR2lPNCtOZG5tSlpNcUpXdi81SElCUFlIOGcyUXE0Vk56SVIrcTFweFhIcHh2dzlOZU9iV3RUTmFxVWxiYgoxcWlQZVBjSFQ3SnR4VnVCMTZRVHZPSFZnQ21kZ0FPcXI3aDAvaE1DQXdFQUFhT0NBYVV3Z2dHaE1BNEdBMVVkCkR3RUIvd1FFQXdJRm9EQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3REFZRFZSMFQKQVFIL0JBSXdBREFkQmdOVkhRNEVGZ1FVZnFrL0x0clFneXMxUldadlpOODk3Rzg4Rm9jd0h3WURWUjBqQkJndwpGb0FVak9uNFFmNkdkNlcrNWVTUzVmbHdiZFpPdHowd2dnRWdCZ05WSFJFRWdnRVhNSUlCRTRJYktpNXpZVzVrClltOTRMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNnaVVxTG5wdmIydGxaWEJsY2k1ellXNWtZbTk0TG5OMll5NWoKYkhWemRHVnlMbXh2WTJGc2dpRXFMbXRoWm10aExuTmhibVJpYjNndWMzWmpMbU5zZFhOMFpYSXViRzlqWVd5QwpDeW91YlhrdVpHOXRZV2x1Z2g4cUxtUmxjM1JwYm1GMGFXOXVMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNnaWtxCkxucHZiMnRsWlhCbGNpNWtaWE4wYVc1aGRHbHZiaTV6ZG1NdVkyeDFjM1JsY2k1c2IyTmhiSUlsS2k1cllXWnIKWVM1a1pYTjBhVzVoZEdsdmJpNXpkbU11WTJ4MWMzUmxjaTVzYjJOaGJJSXFLaTV5WlhCc2FXTmhkRzl5TG1SbApjM1JwYm1GMGFXOXVMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUIvCkdUU1U4OWZOSHp4TERSY1dtWUx4ai9yRCtjeHRFUHM5VHVwQjN3aDZscktnUlhVZGhaSy9jWXFwOXVYVmwrM04KOFdJQ2RoNGRFWnluV0V5MXVvSDZQWkg3TElCUmFoRHFseWFBaXBrMUMrcE42UlhPSDJtTWwrWWxOQWlzNGVGMgpDVFBJaXF4Zi92b2JRajZxQnZJY2dtN0ljVnJublQ4djFUWW5lRFE3bkFZU1JZV3dLOUwzeDR4TE9xN3YyK3hJCjJ4TDhDNWwxNzRBamN1NktadGJVWm53WFVEQmE3UTZnN1hKcXBobUdHMFhKUTBka1E0SndMSmlCTVliMDhYeHYKb21uMnVnL1RqZHdOYUlmZzAwNEZPck9jYUE0VlgyVGhmN3dONG5tZERLdjJ3Q3ZqSEJ2akJJZmZNVm5sQm5YNQoyZkZBMEhKdXpmVEJsRzJoUWg0QwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + privkey.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMGxrYzltSnZKU1A2emVuUzR1OEJoOFNWQmwvZlJlNFduaDllc1kvYzdSODdqOFlLCnJWeEFiWVh3L3J0M2cxck81M0k1R0ZqTW13QmM2RmpDUGI4OXB5dzI3NU8vbC9GanVBckk5cHVEaC9PK2l4UTMKSlFSblAwT1pDK3owYXkraTNiMDByOW03UjdKMWFaNERRWU1lenhJUXFFK1lBbGVNd1lKd2cwTE15MCtXWUxuVQpWcnR1NlVFWjNGZmY1U3VEVHFhbHZUakpjZzBFMjFZdHZpV3hJTktzVDFMcXJUTXdMMEpvRGlMc1ZvTzR2cFNHCnBNYUk3ajQxMmVZbGt5b2xhLy9rY2dFOWdmeURaQ3JoVTNNaEg2clduRmNlbkcvRDAxNDV0YTFNMXFwU1Z0dlcKcUk5NDl3ZFBzbTNGVzRIWHBCTzg0ZFdBS1oyQUE2cXZ1SFQrRXdJREFRQUJBb0lCQVFDeUo5MjY1R1lFaS9PNQpnVWduQW8xR1EzNkF0cVN4WXRUdk9keUhBVFQ1OU5FS2xZNm5oQkhoY1dkTEtOWXhmN0RzSURjeFlzeHduNThRCi8xUU0zalBHcWxFaEd2OVVIcFA1NWRDTjVldENNM1IzOFRnL2R2cEhmK1paVG1rNWUxQXpCRFJpbUVQaGxzbVIKR2M3aUpyN3FYUCtVdmswZDlxNzFtcGZXNUxYMW56cFpMU2ZxNjk1NUdkUFFZUE5LeHhJNkdzVEhMKzBaSFpSago5K2d4WDJ0VmxXa3U4M0VhaUJrNHRKTzJTRGp3VVlhQjM2SGV0NXZNWFY4M01oclFvWm1yaHFJb1B6bzFQaXZvCi84Y25WN2NZbm1yZ0xRbHNNVkhCMEtSMmJ2WWwwN1k0N0plT0RzSFBtckR3eEZQV0QvTlA5K1JnMWcrU015ZnIKL3dxMjc2R3BBb0dCQU4ySmxtd1JIWU1WVGg1N1E0N0V4TDNWdmZBUzRNSTU5SXc2UzM0dTNUV3dzazVNcklaagpjNExXRzA4Mm50cU5yU0wvMjlrbnZnY1hvV25YRjBmK0hPZm85amd0MkJmYVRwT0p4bmFCdXNBVFRoditpS2t4Ckt3Y0hnWW0wVGZDcjJzalhoZ3VyZW1XamNGdHBCWmdXYk13aFdGODhhTkVNT0hwRFVFMHpka20xQW9HQkFQTVIKN1BCVXc0YWdVMGJsU2ZjdkdsbVp4MnVvQm43U25sbjlJMVRzT3k2eitIZzVOUmpTVUkwb1BRczBhV2JWSGpBQgpvZEVwTGdBb1NVR3JwTkZQa3Z6ZnFPakxpNDFKQUgzWHlJVkwzSHJrZjRHS01TRmI3T3VIaUhGZzFKSjJCanNmClNscFdOVml5ODBlc3ZWZ3NmTHNkTnkzRkcyL0d6MEtSektVR2JPV25Bb0dBRWFEa0xsOUNTTzhHRTFqZHJGdXUKQ0NrYy95Q1JjQU1xbVluOS9lRit5c252dGxsVmxUQU92Z2VKanNrYTVPdEhMclRMYXNGRjFzeWpsSWVBRzhOMQp5MkozVFVzZ21lMU9PV0ZLUUozY0hYS3IwWUIwb1huL0lZVVFZc1BOTyt5QThXQnRFenFtOTdXRXVGRm9GNDBaClJUa1dEaVlCZFRrU3VXL24wT3phYWMwQ2dZRUEwUTFRdDk1ZkQ3RmlEaTV6ci9rOTgyUDBCSjVOZjlQTFIyQVUKZkJ4MFJoV1pGR1UzU25MUHZxZWw0TFlpRk1Ra28yc3o3ZjA1eC83ZUNuSUNYZGJQZDFjeElZNjJKanhzQk0rSwpjVUl1alM5cWpsSDVNVlNyYm1KeHNmbHl1Y2h5VVhUMjhMMEdRcFFkOGo0WjF2VGtEZFh4dUJhM0l5cGM1VWNhCk43QlFCaThDZ1lCcEFpVmp6OXZyOW1XVzEwdVE1NFhlZUdXZ09IbVBnN2k4akZZV0hobU1oQUtZekt3Mk92SEYKQ0wreHpnbDlHTkxyYUZnSFNjdVNJRGR4SVVxb2pYVDJPSUFVVXk1dGRLU2pNNVdlUllGMkVsRTBnNmZ1ZEZhWgpHZTdJOTJRd1lwT0l5UGpSenBrWGJwc250ZSs2bGVzczZUelY1aDNvSFZIOTdhUWo4d09zekE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= kind: Secret metadata: creationTimestamp: null diff --git a/resources/certificates/base-server-domain.json b/resources/certificates/base-server-domain.json index 85cb543..7e669aa 100644 --- a/resources/certificates/base-server-domain.json +++ b/resources/certificates/base-server-domain.json @@ -3,7 +3,12 @@ "hosts": [ "*.sandbox.svc.cluster.local", "*.zookeeper.sandbox.svc.cluster.local", - "*.kafka.sandbox.svc.cluster.local" + "*.kafka.sandbox.svc.cluster.local", + "*.my.domain", + "*.destination.svc.cluster.local", + "*.zookeeper.destination.svc.cluster.local", + "*.kafka.destination.svc.cluster.local", + "*.replicator.destination.svc.cluster.local" ], "key": { "algo": "rsa", diff --git a/resources/certificates/generate_certificate.sh b/resources/certificates/generate_certificate.sh index 61a7fcf..940ec1a 100755 --- a/resources/certificates/generate_certificate.sh +++ b/resources/certificates/generate_certificate.sh @@ -1,9 +1,8 @@ #!/bin/bash -SERVER_DOMAINS=${1-base-server-domain.json} cfssl gencert -initca base-ca-csr.json | cfssljson -bare ./sensitive-ca - # Verify with this: #openssl x509 -in sensitive-ca.pem -text -noout -cfssl gencert -ca=./sensitive-ca.pem -ca-key=./sensitive-ca-key.pem -config=./base-ca-config.json -profile=server $SERVER_DOMAINS | cfssljson -bare sensitive-server +cfssl gencert -ca=./sensitive-ca.pem -ca-key=./sensitive-ca-key.pem -config=./base-ca-config.json -profile=server base-server-domain.json | cfssljson -bare sensitive-server # Verify with this: #openssl x509 -in sensitive-server.pem -text -noout diff --git a/resources/certificates/replace_certificate.sh b/resources/certificates/replace_certificate.sh deleted file mode 100755 index 4095ce6..0000000 --- a/resources/certificates/replace_certificate.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -cfssl gencert -initca base-ca-csr.json | cfssljson -bare ./sensitive-ca - -# Verify with this: -#openssl x509 -in sensitive-ca.pem -text -noout -cfssl gencert -ca=./sensitive-ca.pem -ca-key=./sensitive-ca-key.pem -config=./base-ca-config.json -profile=server base-server-domain.json | cfssljson -bare sensitive-server -# Verify with this: -#openssl x509 -in sensitive-server.pem -text -noout - -kubectl create secret -n production generic tls-group1 \ - --dry-run=client \ - --from-file=fullchain.pem=./sensitive-server.pem \ - --from-file=cacerts.pem=./sensitive-ca.pem \ - --from-file=privkey.pem=./sensitive-server-key.pem -o yaml | kubectl replace -f - -kubectl create secret -n production tls ca-pair-sslcerts \ ---dry-run=client \ ---cert=sensitive-ca.pem \ ---key=sensitive-ca-key.pem -o yaml | kubectl replace -f - - -kubectl create secret -n dev tls ca-pair-sslcerts \ ---dry-run=client \ ---cert=./sensitive-ca.pem \ ---key=./sensitive-ca-key.pem -o yaml | kubectl replace -f - - -md5sum sensitive-ca.pem -md5sum sensitive-server.pem -rm sensitive-* \ No newline at end of file diff --git a/resources/certificates/replicator-server-domiains.json b/resources/certificates/replicator-server-domiains.json deleted file mode 100644 index 7e669aa..0000000 --- a/resources/certificates/replicator-server-domiains.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "CN": "*.svc.cluster.local", - "hosts": [ - "*.sandbox.svc.cluster.local", - "*.zookeeper.sandbox.svc.cluster.local", - "*.kafka.sandbox.svc.cluster.local", - "*.my.domain", - "*.destination.svc.cluster.local", - "*.zookeeper.destination.svc.cluster.local", - "*.kafka.destination.svc.cluster.local", - "*.replicator.destination.svc.cluster.local" - ], - "key": { - "algo": "rsa", - "size": 2048 - }, - "names": [ - { - "C": "Universe", - "ST": "Pangea", - "L": "Earth" - } - ] -} From 1d7ca8be6eac510a3b54ece2e029d038f9655419 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Fri, 13 Aug 2021 11:52:26 +0100 Subject: [PATCH 4/8] moving connect example --- examples/{connect => custom-connect-sql}/Dockerfile | 0 examples/{connect => custom-connect-sql}/README.md | 0 examples/{connect => custom-connect-sql}/build-inside.sh | 0 examples/{connect => custom-connect-sql}/cdc.sh | 0 .../confluent/control-centre.yaml | 0 .../confluent/custom-kafka-connect.yaml | 0 examples/{connect => custom-connect-sql}/confluent/kafka.yaml | 0 .../confluent/kustomization.yaml | 0 .../{connect => custom-connect-sql}/confluent/namespace.yaml | 0 .../confluent/schema-registry.yaml | 0 .../{connect => custom-connect-sql}/confluent/zookeeper.yaml | 0 .../custom-connect/adventure-works-sql-server.yaml | 0 .../custom-connect/kustomization.yaml | 0 examples/{connect => custom-connect-sql}/kustomization.yaml | 2 ++ .../operator/clusterrolebinding.yaml | 0 .../{connect => custom-connect-sql}/operator/deployment.yaml | 0 .../{connect => custom-connect-sql}/operator/kustomization.yaml | 0 .../{connect => custom-connect-sql}/prod-mssql-connector.json | 0 .../{connect => custom-connect-sql}/topics/foobar-topic.yaml | 0 .../{connect => custom-connect-sql}/topics/kustomization.yaml | 0 examples/rbac/confluent/kustomization.yaml | 2 ++ examples/rbac/kustomization.yaml | 2 ++ 22 files changed, 6 insertions(+) rename examples/{connect => custom-connect-sql}/Dockerfile (100%) rename examples/{connect => custom-connect-sql}/README.md (100%) rename examples/{connect => custom-connect-sql}/build-inside.sh (100%) rename examples/{connect => custom-connect-sql}/cdc.sh (100%) rename examples/{connect => custom-connect-sql}/confluent/control-centre.yaml (100%) rename examples/{connect => custom-connect-sql}/confluent/custom-kafka-connect.yaml (100%) rename examples/{connect => custom-connect-sql}/confluent/kafka.yaml (100%) rename examples/{connect => custom-connect-sql}/confluent/kustomization.yaml (100%) rename examples/{connect => custom-connect-sql}/confluent/namespace.yaml (100%) rename examples/{connect => custom-connect-sql}/confluent/schema-registry.yaml (100%) rename examples/{connect => custom-connect-sql}/confluent/zookeeper.yaml (100%) rename examples/{connect => custom-connect-sql}/custom-connect/adventure-works-sql-server.yaml (100%) rename examples/{connect => custom-connect-sql}/custom-connect/kustomization.yaml (100%) rename examples/{connect => custom-connect-sql}/kustomization.yaml (57%) rename examples/{connect => custom-connect-sql}/operator/clusterrolebinding.yaml (100%) rename examples/{connect => custom-connect-sql}/operator/deployment.yaml (100%) rename examples/{connect => custom-connect-sql}/operator/kustomization.yaml (100%) rename examples/{connect => custom-connect-sql}/prod-mssql-connector.json (100%) rename examples/{connect => custom-connect-sql}/topics/foobar-topic.yaml (100%) rename examples/{connect => custom-connect-sql}/topics/kustomization.yaml (100%) diff --git a/examples/connect/Dockerfile b/examples/custom-connect-sql/Dockerfile similarity index 100% rename from examples/connect/Dockerfile rename to examples/custom-connect-sql/Dockerfile diff --git a/examples/connect/README.md b/examples/custom-connect-sql/README.md similarity index 100% rename from examples/connect/README.md rename to examples/custom-connect-sql/README.md diff --git a/examples/connect/build-inside.sh b/examples/custom-connect-sql/build-inside.sh similarity index 100% rename from examples/connect/build-inside.sh rename to examples/custom-connect-sql/build-inside.sh diff --git a/examples/connect/cdc.sh b/examples/custom-connect-sql/cdc.sh similarity index 100% rename from examples/connect/cdc.sh rename to examples/custom-connect-sql/cdc.sh diff --git a/examples/connect/confluent/control-centre.yaml b/examples/custom-connect-sql/confluent/control-centre.yaml similarity index 100% rename from examples/connect/confluent/control-centre.yaml rename to examples/custom-connect-sql/confluent/control-centre.yaml diff --git a/examples/connect/confluent/custom-kafka-connect.yaml b/examples/custom-connect-sql/confluent/custom-kafka-connect.yaml similarity index 100% rename from examples/connect/confluent/custom-kafka-connect.yaml rename to examples/custom-connect-sql/confluent/custom-kafka-connect.yaml diff --git a/examples/connect/confluent/kafka.yaml b/examples/custom-connect-sql/confluent/kafka.yaml similarity index 100% rename from examples/connect/confluent/kafka.yaml rename to examples/custom-connect-sql/confluent/kafka.yaml diff --git a/examples/connect/confluent/kustomization.yaml b/examples/custom-connect-sql/confluent/kustomization.yaml similarity index 100% rename from examples/connect/confluent/kustomization.yaml rename to examples/custom-connect-sql/confluent/kustomization.yaml diff --git a/examples/connect/confluent/namespace.yaml b/examples/custom-connect-sql/confluent/namespace.yaml similarity index 100% rename from examples/connect/confluent/namespace.yaml rename to examples/custom-connect-sql/confluent/namespace.yaml diff --git a/examples/connect/confluent/schema-registry.yaml b/examples/custom-connect-sql/confluent/schema-registry.yaml similarity index 100% rename from examples/connect/confluent/schema-registry.yaml rename to examples/custom-connect-sql/confluent/schema-registry.yaml diff --git a/examples/connect/confluent/zookeeper.yaml b/examples/custom-connect-sql/confluent/zookeeper.yaml similarity index 100% rename from examples/connect/confluent/zookeeper.yaml rename to examples/custom-connect-sql/confluent/zookeeper.yaml diff --git a/examples/connect/custom-connect/adventure-works-sql-server.yaml b/examples/custom-connect-sql/custom-connect/adventure-works-sql-server.yaml similarity index 100% rename from examples/connect/custom-connect/adventure-works-sql-server.yaml rename to examples/custom-connect-sql/custom-connect/adventure-works-sql-server.yaml diff --git a/examples/connect/custom-connect/kustomization.yaml b/examples/custom-connect-sql/custom-connect/kustomization.yaml similarity index 100% rename from examples/connect/custom-connect/kustomization.yaml rename to examples/custom-connect-sql/custom-connect/kustomization.yaml diff --git a/examples/connect/kustomization.yaml b/examples/custom-connect-sql/kustomization.yaml similarity index 57% rename from examples/connect/kustomization.yaml rename to examples/custom-connect-sql/kustomization.yaml index 4411db9..2692ff6 100644 --- a/examples/connect/kustomization.yaml +++ b/examples/custom-connect-sql/kustomization.yaml @@ -1,3 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization namespace: sandbox resources: - confluent diff --git a/examples/connect/operator/clusterrolebinding.yaml b/examples/custom-connect-sql/operator/clusterrolebinding.yaml similarity index 100% rename from examples/connect/operator/clusterrolebinding.yaml rename to examples/custom-connect-sql/operator/clusterrolebinding.yaml diff --git a/examples/connect/operator/deployment.yaml b/examples/custom-connect-sql/operator/deployment.yaml similarity index 100% rename from examples/connect/operator/deployment.yaml rename to examples/custom-connect-sql/operator/deployment.yaml diff --git a/examples/connect/operator/kustomization.yaml b/examples/custom-connect-sql/operator/kustomization.yaml similarity index 100% rename from examples/connect/operator/kustomization.yaml rename to examples/custom-connect-sql/operator/kustomization.yaml diff --git a/examples/connect/prod-mssql-connector.json b/examples/custom-connect-sql/prod-mssql-connector.json similarity index 100% rename from examples/connect/prod-mssql-connector.json rename to examples/custom-connect-sql/prod-mssql-connector.json diff --git a/examples/connect/topics/foobar-topic.yaml b/examples/custom-connect-sql/topics/foobar-topic.yaml similarity index 100% rename from examples/connect/topics/foobar-topic.yaml rename to examples/custom-connect-sql/topics/foobar-topic.yaml diff --git a/examples/connect/topics/kustomization.yaml b/examples/custom-connect-sql/topics/kustomization.yaml similarity index 100% rename from examples/connect/topics/kustomization.yaml rename to examples/custom-connect-sql/topics/kustomization.yaml diff --git a/examples/rbac/confluent/kustomization.yaml b/examples/rbac/confluent/kustomization.yaml index 55810fc..046a112 100644 --- a/examples/rbac/confluent/kustomization.yaml +++ b/examples/rbac/confluent/kustomization.yaml @@ -1,3 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization namespace: sandbox resources: - ldap.yaml diff --git a/examples/rbac/kustomization.yaml b/examples/rbac/kustomization.yaml index 411326e..f053a2c 100644 --- a/examples/rbac/kustomization.yaml +++ b/examples/rbac/kustomization.yaml @@ -1,3 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization namespace: sandbox resources: - namespace.yaml From 93cbaef388f081045786bb10abbf698f163be242 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Wed, 18 Aug 2021 15:22:39 +0100 Subject: [PATCH 5/8] WIP of connect example, almost there --- .../confluent/custom-kafka-connect.yaml | 6 ++-- .../custom-connect-sql/confluent/kafka.yaml | 17 ---------- .../custom-connect-sql/deploy_connector.sh | 4 +++ .../operator/clusterrolebinding.yaml | 8 ----- .../operator/kustomization.yaml | 1 - .../prod-mssql-connector.json | 2 +- examples/rbac/kustomization.yaml | 2 +- .../controlcenter-testadmin-rolebindings.yaml | 2 +- .../schemaregistry/kustomization.yaml | 1 + .../schemaregistry/schemaregistry-base.yaml | 3 +- .../schemaregistry/test-user.yaml | 32 +++++++++++++++++++ 11 files changed, 45 insertions(+), 33 deletions(-) create mode 100755 examples/custom-connect-sql/deploy_connector.sh delete mode 100644 examples/custom-connect-sql/operator/clusterrolebinding.yaml create mode 100644 examples/rbac/rolebindings/schemaregistry/test-user.yaml diff --git a/examples/custom-connect-sql/confluent/custom-kafka-connect.yaml b/examples/custom-connect-sql/confluent/custom-kafka-connect.yaml index 204a830..fe29d59 100644 --- a/examples/custom-connect-sql/confluent/custom-kafka-connect.yaml +++ b/examples/custom-connect-sql/confluent/custom-kafka-connect.yaml @@ -17,9 +17,9 @@ spec: configOverrides: server: - group.id=debezium-cluster - - offset.storage.replication.factor=1 - - config.storage.replication.factor=1 - - status.storage.replication.factor=1 + - offset.storage.replication.factor=3 + - config.storage.replication.factor=3 + - status.storage.replication.factor=3 - config.storage.topic=_confluent-connect-configs - offset.storage.topic=_confluent-connect-offsets - status.storage.topic=_confluent-connect-status diff --git a/examples/custom-connect-sql/confluent/kafka.yaml b/examples/custom-connect-sql/confluent/kafka.yaml index b80f976..ec90359 100644 --- a/examples/custom-connect-sql/confluent/kafka.yaml +++ b/examples/custom-connect-sql/confluent/kafka.yaml @@ -7,23 +7,6 @@ spec: server: - auto.create.topics.enable = true - confluent.schema.registry.url=https://schemaregistry.sandbox.svc.cluster.local:8081 -# - ssl.endpoint.identification.algorithm= - - # Overwrite the default settings on the INTERNAL listener - - listener.name.internal.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER - - listener.name.internal.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required; - - listener.name.internal.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - - listener.name.internal.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/kafka/mdsPublicKey.pem"; - - listener.name.internal.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler - - listener.name.internal.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler - - # Overwrite the default settings on the EXTERNAL listener - - listener.name.external.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER - - listener.name.external.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required; - - listener.name.external.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - - listener.name.external.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/kafka/mdsPublicKey.pem"; - - listener.name.external.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler - - listener.name.external.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler tls: autoGeneratedCerts: true listeners: diff --git a/examples/custom-connect-sql/deploy_connector.sh b/examples/custom-connect-sql/deploy_connector.sh new file mode 100755 index 0000000..9ab5b03 --- /dev/null +++ b/examples/custom-connect-sql/deploy_connector.sh @@ -0,0 +1,4 @@ +#!/bin/bash +nohup kubectl port-forward -n destination connect-0 8083:8083 & +sleep 2 +curl -XPOST -H "Content-Type: application/json" --data @prod-mssql-connector.json https://localhost:8083/connectors -kv \ No newline at end of file diff --git a/examples/custom-connect-sql/operator/clusterrolebinding.yaml b/examples/custom-connect-sql/operator/clusterrolebinding.yaml deleted file mode 100644 index 08c3483..0000000 --- a/examples/custom-connect-sql/operator/clusterrolebinding.yaml +++ /dev/null @@ -1,8 +0,0 @@ -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: confluent-operator -subjects: -- kind: ServiceAccount - name: confluent-for-kubernetes - namespace: sandbox diff --git a/examples/custom-connect-sql/operator/kustomization.yaml b/examples/custom-connect-sql/operator/kustomization.yaml index c3fa8fe..339e199 100644 --- a/examples/custom-connect-sql/operator/kustomization.yaml +++ b/examples/custom-connect-sql/operator/kustomization.yaml @@ -2,5 +2,4 @@ namespace: sandbox resources: - ../../../kustomize/base/operator patchesStrategicMerge: - - clusterrolebinding.yaml - deployment.yaml \ No newline at end of file diff --git a/examples/custom-connect-sql/prod-mssql-connector.json b/examples/custom-connect-sql/prod-mssql-connector.json index 31be404..621ac40 100644 --- a/examples/custom-connect-sql/prod-mssql-connector.json +++ b/examples/custom-connect-sql/prod-mssql-connector.json @@ -1,5 +1,5 @@ { - "name": "prod-mssql-connector", + "name": "prod-mssql-connector", "config": { "connector.class": "io.debezium.connector.sqlserver.SqlServerConnector", diff --git a/examples/rbac/kustomization.yaml b/examples/rbac/kustomization.yaml index f053a2c..e76303c 100644 --- a/examples/rbac/kustomization.yaml +++ b/examples/rbac/kustomization.yaml @@ -4,7 +4,7 @@ namespace: sandbox resources: - namespace.yaml - confluent - - operator +# - operator - rolebindings - topics diff --git a/examples/rbac/rolebindings/controlcenter-testadmin-rolebindings.yaml b/examples/rbac/rolebindings/controlcenter-testadmin-rolebindings.yaml index 2ceddc9..caca456 100644 --- a/examples/rbac/rolebindings/controlcenter-testadmin-rolebindings.yaml +++ b/examples/rbac/rolebindings/controlcenter-testadmin-rolebindings.yaml @@ -25,7 +25,7 @@ spec: name: testadmin clustersScopeByIds: schemaRegistryClusterId: id_schemaregistry_sandbox - role: SystemAdmin + role: ClusterAdmin ## if use other kafkaRestClass except for default, need to configure accordingly #kafkaRestClassRef: # name: default diff --git a/examples/rbac/rolebindings/schemaregistry/kustomization.yaml b/examples/rbac/rolebindings/schemaregistry/kustomization.yaml index c51cfc1..2dd2b46 100644 --- a/examples/rbac/rolebindings/schemaregistry/kustomization.yaml +++ b/examples/rbac/rolebindings/schemaregistry/kustomization.yaml @@ -1,5 +1,6 @@ namespace: sandbox resources: - ../../../../kustomize/base/rolebindings/schemaregistry + - test-user.yaml patchesStrategicMerge: - schemaregistry-base.yaml \ No newline at end of file diff --git a/examples/rbac/rolebindings/schemaregistry/schemaregistry-base.yaml b/examples/rbac/rolebindings/schemaregistry/schemaregistry-base.yaml index 35404d5..300f7a8 100644 --- a/examples/rbac/rolebindings/schemaregistry/schemaregistry-base.yaml +++ b/examples/rbac/rolebindings/schemaregistry/schemaregistry-base.yaml @@ -28,4 +28,5 @@ spec: - name: id_schemaregistry_confluent patternType: LITERAL resourceType: Group - role: ResourceOwner \ No newline at end of file + role: ResourceOwner +--- diff --git a/examples/rbac/rolebindings/schemaregistry/test-user.yaml b/examples/rbac/rolebindings/schemaregistry/test-user.yaml new file mode 100644 index 0000000..3cf7dec --- /dev/null +++ b/examples/rbac/rolebindings/schemaregistry/test-user.yaml @@ -0,0 +1,32 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaTopic +metadata: + name: brand-new-topic +spec: + kafkaClusterRef: + name: kafka + namespace: sandbox + kafkaRest: + authentication: + type: bearer + bearer: + secretRef: mds-client-c3 + endpoint: https://kafka.sandbox.svc.cluster.local:8090 + configs: + confluent.key.schema.validation: "true" +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: brand-new-topic +spec: + clustersScopeByIds: + schemaRegistryClusterId: id_schemaregistry_sandbox + principal: + name: alice + type: user + resourcePatterns: + - name: value_brand-new-topics + patternType: LITERAL + resourceType: Subject + role: ResourceOwner \ No newline at end of file From 07efe075c9716c1de1e5410193547eed1080ee14 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Fri, 20 Aug 2021 13:24:10 +0100 Subject: [PATCH 6/8] working connect-sql connector --- examples/custom-connect-sql/README.md | 124 +++++++++--------- examples/custom-connect-sql/connect_image.png | Bin 0 -> 57291 bytes .../custom-connect-sql/deploy_connector.sh | 5 +- .../{cdc.sh => enable_cdc.sh} | 5 +- examples/custom-connect-sql/img.png | Bin 0 -> 49472 bytes .../prod-mssql-connector.json | 6 +- examples/custom-connect-sql/topic_update.png | Bin 0 -> 110671 bytes .../custom-connect-sql/transaction-jdbc.json | 21 +++ examples/custom-connect-sql/update.sql | 6 + examples/custom-connect-sql/update_person.sh | 4 + kustomize/base/confluent/kustomization.yaml | 2 +- kustomize/base/operator/deployment.yaml | 8 +- 12 files changed, 102 insertions(+), 79 deletions(-) create mode 100644 examples/custom-connect-sql/connect_image.png rename examples/custom-connect-sql/{cdc.sh => enable_cdc.sh} (89%) create mode 100644 examples/custom-connect-sql/img.png create mode 100644 examples/custom-connect-sql/topic_update.png create mode 100644 examples/custom-connect-sql/transaction-jdbc.json create mode 100644 examples/custom-connect-sql/update.sql create mode 100755 examples/custom-connect-sql/update_person.sh diff --git a/examples/custom-connect-sql/README.md b/examples/custom-connect-sql/README.md index f42e2c5..71e1827 100644 --- a/examples/custom-connect-sql/README.md +++ b/examples/custom-connect-sql/README.md @@ -1,65 +1,59 @@ -As the README describes, you can reuse the Docker daemon from Minikube with eval $(minikube docker-env). - -So to use an image without uploading it, you can follow these steps: - -Set the environment variables with eval $(minikube docker-env) -Build the image with the Docker daemon of Minikube (eg docker build -t my-image .) -Set the image in the pod spec like the build tag (eg my-image) -Set the imagePullPolicy to Never, otherwise Kubernetes will try to download the image. -Important note: You have to run eval $(minikube docker-env) on each terminal you want to use, since it only sets the environment variables for the current shell session - - - - -/opt/mssql-tools/bin/sqlcmd -S localhost -U sa -P "nbBg8G4DkR83Xs" - -select name from sys.databases -go - -/opt/mssql-tools/bin/sqlcmd -S localhost -U sa -P "nbBg8G4DkR83Xs" -USE AdventureWorks -GO -EXEC sys.sp_cdc_enable_db -GO - -Deploying a connector: - -curl -X POST -H "Content-Type: application/json" --data @config.json http://localhost:8083/connectors - -Connect REST API Docs: -https://docs.confluent.io/platform/current/connect/references/restapi.html - - -curl -X POST -H "Content-Type: application/json" https://localhost:8083/connectors - - -https://debezium.io/documentation/reference/1.0/connectors/sqlserver.html - - --- ==== --- Enable Database for CDC template --- ==== -USE MyDB -GO -EXEC sys.sp_cdc_enable_db -GO - --- ========= --- Enable a Table Specifying Filegroup Option Template --- ========= -USE MyDB -GO - -EXEC sys.sp_cdc_enable_table -@source_schema = N'dbo', -@source_name = N'Person', -@role_name = N'MyRole', -@filegroup_name = N'MyDB_CT', -@supports_net_changes = 0 -GO - -sqlcmd -S myServer\instanceName -i C:\myScript.sql - - - - +## Custom Connect Image / Debezium SQL Server +In this example we go through the following process: + +* Build a 'custom' kafka connect image with [Debezium](https://debezium.io/) plug-in, and make available to the internal (minikube) kubernetes cluster +* Initiate a SQLServer stub populated with the traditional '[AdventureWorks](https://docs.microsoft.com/en-us/sql/samples/adventureworks-install-configure?view=sql-server-ver15&tabs=ssms)' database, and enable [CDC](https://en.wikipedia.org/wiki/Change_data_capture) on select tables +* Deploy a connector via a cURL command +* Observe how changes to CDC enabled tables will trigger events in Kafka + +NOTE: For ease of readability, we will simply reference the scripts that perform the actions of the following stages. For better understanding of what is actually being done, please review the scripts themselves which will have their own comments/notations. **Assumptions are that you will be running all commands from the present directory** + +### Building the custom docker image +The Dockerfile installs a custom plugin with the following line: `RUN confluent-hub install --no-prompt debezium/debezium-connector-sqlserver:1.6.0`. To build, run: + +```shell +./build-inside.sh +``` +### Deploy CRDs +Deploy the CRDS using the standard way: +```shell +kubectl apply -k ../../kustomize/crds +``` +### Deploy Confluent Operator and Confluent Services +Deploy the confluent operator and services: +```shell +kubectl apply -k . +``` +### Enable CDC on 'person' table of AdventureWorks Database +CDC needs to be enabled on a table by table basis. This table is also referenced in the prod-mssql-connnector.json file. +```shell +./enable_cdc.sh +Context "minikube" modified. +Changed database context to 'AdventureWorks'. +Job 'cdc.AdventureWorks_capture' started successfully. +Job 'cdc.AdventureWorks_cleanup' started successfully. +``` +### Deploy Debezium Connector +A curl request is sent to the 'connect pod' to install the connector. +```shell +./deploy_connector.sh +``` + +At this stage, if you log onto Control Center, you should see a running connector: + +![connector](./connect_image.png) + +### Update CDC enabled 'Person' table +Now we will send a SQL Command that will update all users in the person.Person table on the AdventureWorks database: + +```shell +./update_person.sh +Context "minikube" modified. +Changed database context to 'AdventureWorks'. + +(19972 rows affected) +``` +If you observe the automatically created topic `adventureworks-connect.Person.Person` you will see the update event messages streaming through + + +![topic_update](./topic_update.png) \ No newline at end of file diff --git a/examples/custom-connect-sql/connect_image.png b/examples/custom-connect-sql/connect_image.png new file mode 100644 index 0000000000000000000000000000000000000000..d393a314505fff9eee13684e34f14cda5be9ac31 GIT binary patch literal 57291 zcmc%wWmuHk8#au)w_8vt=>}G~#~Ub$h9-cmMu<^n&I*?oV3xR|f97&erZ;Z(XhK*f=>mTJgJCxLR2` zxxI6C-@Dr?cjwOIJIa6;dfsW31r8QE9_7xtbIq8O~TXpWEQV%^8B8>PAw0{J@!mqmD7W+?^vH^S1mphR2 zYtqE+e=Ng}k09p_sAYk*48OQJt|7@aLrFhP7TofFKdOgn`qY13?>wje1pM>*UE)6I zuYX^EEIu~4_vd3o&>PA>Z+yi6A8#1#(YW0?=cOfxc_B8aQB&q`FWuMxhugWhINDCN zZ>J_qiKAB@{h5A$?d{68?22-Y7vaNYMRg9|;=Yn?MXw`Z-pb}g%3!qYNA=7TXn)qT#xh2fP*?X zymaNCKRr}O{LCla;(tzmUkKFXl#@t!Hwbei1UZ_R$m%y4r36$;?7oX&c}F5G4H?t( z!@RhMZY`vWK);vxxBCZq5_&Ghf^W}_^dTfh(yVZ9-g2r4W@}6dKkwdVwy5`b@m}Ti zMfKZu`Q5o|HbG39D4MK9I4!+N?&7&8%ha3a$oHObZvN50S;t*9-0-#X&=-(DyYPdi z``aCCeI>jj?soKkxFE9)@*w@NLW$i%eI!1A*?4YfdV2HT>=5MPs=zdv1@{r1w!7ngH9dqPAkqG&>xcqnQyxW*Y$ z)YoU%@18S^&+k~cF$D?8Or^1YYT!ZmQ0pqAoVG*?@7{M~lLX%icSrCPv(JDcg_>Vb zNr@$OoZ8;-I0`kMP=3=G6;D3eyAjhk&>fd?nK$<)?6*ntr4Q6OHlD_~y@R}fcw}un z8L{`>^tx*GddCiqYhK&BO5>W5Z}(a&s#Why5&cDuVJI-~*OVMvW$)PGPN*>_c#V0L zYK`lzWw{ooOl*ZY(!?j?PF5K1k-V?Mh)za;p0k#r1PzMO?}J$+EUz zazHWm^FcZ|Ltw1o4QkH$5g5Gj8Mf)a(OiD27uJb80TvSU>MNw$Qwi=#h2pRaLi+Xq zQN2f$2blOUgjsxQcAri2#mV^=dc4LH+lnc#NBA=Fq$}s8{nmAJR;w^67(JDOp|8JE zX-IJcR#WF0q_sLKMif8DW`%c>4LsM+T;A7I57eKClk~&GX~LUF@8*K!HemvGXbnG& zdFhy}hYoK_W5w>r?3m&OAac)+(%&a@>3{iZFbpS}l*zc7#^^(mw2jf??z@A@E6lTg zUOW7(o1%`Rer}U%*6LS}Lw9Ne&}hHaTbmj2PDWk3h&Se-X}gNah5{2Cs(b?3QF!%E zfLRH$&*`QB^SJxlbJhkdDnl;N2 zQD)%sY%><+)V=W6kgw>F)Jchc>l$Y;Wk9PLS1w;;oauMR(53x51q**kT?Qt5jD~D& z%h`Y;UR7J-PILg3pz!tRZ+m%O3o3@&-sC`fJ-Vn4+FseWPR6;r>JQfQqhHno0E8Gv zH0SZknWKEG;M!thwJ8A5;SD+M;-@VN?V!EXZS|IgmdOj2|=6kx$Ms&z78(sj(3v#48M7IduQ)y+{X6XTw9OO!1uv6G>_> z#^`0c4DHSO0It=eFr2N=lsO6()$WMy=4k2&?o!(@@JL{LYbuOIcn03n5>C*Q#ztu_ zALfoJERLDjh!L*|!A{%LuVNcci7C_2Ee9M5YlodTxmH8=6Pu@FZkMjne3|3jS|fdB z4l`f87cT-kI69RNT)4u0oO)O9;1Emxux<5@AA)AdwPqvsWjtb8)KhwF)f8tfp4xj3yu)JmMa4sE6&X# z#-17JzZm6>e$kFQ)Ultj(OZiIN# zZF4p09&rYR-)rgeEfKffXQ+dUkIoImH~n=)z2`ivtfpsvepFA1TaTzGeyqPr^5Lx= zxNrWYW}2M2i%Bq%2_imiqjy~84PK)4L3cY7`8u{)HoIqUf)2xLZx*GzZ zqtx?Lo&pTnzcwfy{=uR zHeF;4w0SjbzsJ`w<-CMgU>LQR#vZvqk^_hKoxoReat%Pmj{VuX1CPsGqPd_oO}RHB zkblb0`8#K4_e%Deu2$#0%BK_sz|u1zP(AVZp`PY~V0gK8`2-i1S4Cy;-DuGZd|MOo zH;K=`@t}OaYfdE`BX~D(zHO<6>{t8v_;lnCWuW08*?qN=H(Py4HW=Ykrx7pwXScR{ z(n_9fKlBvr5~ga?KK<=CIkgd~#orj`w6wk~W|P>~o7ey%Nh}?_8^NTnzeRoM0t7Bh zG&Y-$-)ChzZj`!<+g^9S({jEcbw@(>T}Ec<>$--~qC@QR>_jnC$#=zYFn>ZOox2F& zY!QN~(vrGy^0x!?Yu{v)mm{Yn{Uw%QQmcFyCub>SQIB4EU_1lHf`&}V(1@ij-s+=tussKPUr{-y5hC#&|h*BH4IpLxlzZSixS@hc3 zFO_@GWF}xGE6accI6$yga~2)6W#7afL2 zNvhn5{@2z)V|nXoZPJd^SElP`%e@1uMUD z!IrgE+XkI3^tGV4$Wz zFMZ^lX4+o6L+D5oZ)c(Dl?wWrsAo$A1j>Bn84D~FVkNh` zkvD>WPxGkKJJ$oN0b(7)QDXE@Gt8>|P^_IXqjF8-64ImX?aVjrZlg1@Yi!`WTgd=P zY~Y}1!bMP6y5CgN9J%=RQEc6r_Na8z!e}i&lTfm=0)WqRsP9*X8Y`u?#?OT89@3?B zfw}vP3vPRdzx*6!sy&Z!Ic+6qYXTe7xcXX+aXF^Z>(&nuMGvdD-ui@U*xbx-o%l*e z{ADcG&cwsRBNpJvQY4K20Z`#-KKBsiHWGPfP^om`J2^!bTLFfKx5y9Uc4IW2AN4h9 zLyi8rZu*@i+ECV@=0cE;K%MA^0dpWy`geNMg4S|1e*zjy2Q}`Zb?LixRc(_Xa z@jiO5Y{1^f#QexOJxm4K(^ai0m~f?S)qgp3`?kG{S?p1_Ju;~gGv~cEUG+KiRX8l| zEZIfAZyID7fTYf;5#04S6Xf;8_!gRbJ4;vhwFL7U8ig3zZm{_!nG)TaA1^-hnhQw2 zSXzq@WY3SsqS5+}Mj5HOLQ_DrP)266+m5um|FrZp_ZDJ1D$vJ^jg<794}Ejdyi9og zy!QAl2m0gaqr2$+G}_$VX9F}1F1q&vS_GbC8EA+t)dW;l*v9)Mkzo7+rX`$*dau&X z@@Ye)SH}zwBhwu**rciYdRV0^CZWGLyyHA`=d6`ScSI}n0tam7k36Qex4KGrI?eMd zEh36hKp-w-j=P3+>|)9Tk#r~QYU;^@(HA5^BYOM-HO!Xoc$`?t%DVCpvFl1l z`mnAah8pE#62znroW0%su+f`H(Yhutkx+Qv-BD>uq$6K3F|Vdn<5U)-j)z`-g3F2$ zVXI;``K85RetO(qd~5vvRv30$^}THIEyrkEsV#)Evzoc=DQ9^G)26wCWxLCUv}9HJ zi1t_H+8Q6zZr|g<2=W^$JGT`zP()UQ&3d7WX>&5*@KZ`<+R>JVmgt= z7$Va8XnOL^nSH5I`?IPAf8rp$hedj(7VOH?Dug%N>GtyGT!Mx!a%KT8^q2+jb37jx zNr&C}iU`lwr!qI{2nZbPvE@p3-oiK?0Zle#88vl)E6{T;#hzv8X>@Fp3;Wes&-Q7s z&m5)HFMA|4h6V;qek`!Y!{O18O1HtyYA^wH>ixfOd-{hA>m+PW3_~g_<2}<**Hr=r zz=Xt;?Fm=&ie4R+KmFjWNrOUw~YA3L`SQRUy`*?_0D(v)M&rU z5Q_hUoc)JP%+4k=i!{4cfiXCry`pb*UJPF65 z3Q<;K$v#e{I8Zv4n9w+sGSW^J&yNEtKQe=_dH2GENmS`>O3aqcU3cQ_8;2(Oq+FHK z8UmIg0D2y)?WOb)myXhi-?`UOW38w;y=-2+avlqp08`)f8cleNiBHW6#Pd{uO>Vlm z5|?Y9jm@-7w3_(kheJCa+#0ygk8GhmsVo`#WUEhev;=em6Cd~8-gGn60vmDpt|s!` zTTe4o!V+5GNSx`Mbz?qJc8O_)qLu-aqK_A)FmvHDG7*!1?PjwXyW{s-2KmInKj`SH z3Yck`&q!7fP!s27wX!y~^Tlsl#P0My{^bi@GKhU$iOs5b2c|@h1>K6~RzcI&re#(@ zmipKglAgyldpfeZ9VAAwp@&L#;{%Jc7fxXI=oSIu*?N(ao<#EE3~KRa4FKSmNU!*$ z%;i>ZK`NOJql=yO`pRXt4qq8Rud@#@dm7=IXK+D37&^P55er}JxByvp^Il}Cf zJ*|kw%#|P2?!70ZJDnf1#ny`uv`*)UupS2s)=&oo{&3F(;$Vc6o3*kayR3vqgRL75 zr$ENW`nFT0-1umXaR3(jW||&{E2Ma_CiQCRd?3<SXftyemKZ#?jusuKiD8vM1Gi$T_)zut3gHkwa~)YNpkC?btBnJEtf zQK)nD0HgfbGrQSjR9{JIOb#m!7t;9aMH+(brkQ=bGE<+mm%5JqSE3MExbvotu0{=VC--Mjzf?nB3YMZ*~StXMGkyJ`j={HP-A%sVR^icGht!1q&I9tV$Y$Qf#obZ9mEA(kPljA6$Ece&2=AxK) z-)-rnrB6m^H8f^hUi?let3)h8jiqZC$vP`5=8c1stvN~i{ody$IL@XeK%cMmeD`vb z`)fu;CF60Y%{f|rZ(TBqPo+2r$hwK+MjDjNx2G~T-y}eBo?zpj;$1iEsfGs-v(|b? zt3RCLnTVERf%-Ks%HjfMJ|Q1g^H1^SLhKkZM%d*;#8JB5bhT9jl`hk{G(!Z%! z+_QNHcyKw(;Lif)m4kqyeyuM~TLf_+5J%mO*VK5RP%0I5hQ=j5jp#*P zyFU%@xL0X@|DW8$(HR??zscs`&-%;%K2zbh@%;H_!0=D;pSL$Ik4pZu{LuO0|BDT~ z;VmsK#r=OKz4Pr}%KzW^)w!3}Ph8 z2W?DLGEl7Ms>i6SHH0Kiih*X)J#6h*} zG3)6UZlTeC)I*1VFje?FNwlU9J~wmpIXxfy>Y%Lril}0n;cWM##cMo*6aWBqtFEf1 z-kSh?Vh8Q?Bz+jv{t1V*VZax}a;i5}n@$Sux4%{eD|rn9)|?qiXD(0LWbTF@hWq+` zylkcC`3QxUOc6WHwdaRmm!=BM3VDa>eT6s53ISQUOb(%QrXSn8qA1=&p@mXA?~o(r zuKOmZ3re#WPhF{qQr}T7q6P@?r>k_&!=Q9!5R<`}#=suPjJG)U7_D zS|BTGeb<*d!ErRiO>?Gg?Oe?r)wb{02jj<^D7Po8T-yi1EerJ4bvWIPhl%1xKzAxF zO$r+?R5)_k*Lrxqc9>69_{^}p%~1#@Ssdq_(b{C5_L+gz{(WQ!r#)Z9?;gD*)*f|4uYk>*G`Q^q&e^ne4tt-4Rb_`5cseNJ*Rs6OW~;Af z9M@<#5WyAC)u)EPiY_-a6iP6i?0x7pZ(G38st_G%##aAoqvAtL* z*D;MOB>AxL01oM$w7GgfdmjES%Npr$nhp|KrAUAtr)IZ_-KMGI>pjB}Z%JFZNV}bD z)!VDXpDRr|!BIh}sX?XL&jhbuZV#$v+wGiCWFIq7l4_T-ue=U!GpS%mo1Ga8tdlvq zx#deptZnE(#eEheVN?^~gFmh@a;ENP>bvyPLG*<|;d|ZJO9d7ioe0DHi0`#Q>OgI$ z)3)^PxbUs2Q!SUZW1@Pe1)pYAu#FLU5u1*x0#( zndF^qmhFM+(xN9kGDjxA_Nwtzub!;!x0)}x9;(25vT8#KLi-{{b$98V9`YCWOTxUj zyMi7f+{jN?CF8PlpVk_@>X>i9db+uJy1lI&d$lB1^`txhNw4?7_d0))tV%}{pt5Nf ziK27u`v-Jj4Yn~Yn7=8OZ4#+P^wmth!a~0DA%P*Fa3USdJV$?UX|C z)@yah^>)i>FvmlCeDM~780D2t@gtr>Hahrm7m2*}T0)_N2~N!S1|F0?lGuUP?9!Ht ze7X9=Elg*in^db7Xl;HRJ&;wF{p1$e61dY?7La9BcN{}7WJXDQLm1cASHwR!jg9#% zGS!K&lg^-@h|S~a9c2vdHDSeoPsN!^_iKDrk*vQ z3`&?(RxHv3>SJQY)S9Z+M{+j%lPWKc7cS3F!~=^LbC>%$VtN~}b$Plk&&P4zXC>Q} zlXO--(>>=CbVn%Q{2w!7?NUBl{i~F0{MNK45%!CF8b@+W)SM=iM6~=4kj{ocZ_7Yd zR-eAXJxwZ7K?w)j(G6A9?ZQ8U$#mO=4J}?~{&P!*WcOm(diOG9uAeK*8o$ivd*C-1 zqLkrg-Hkn`oJxW`pwjSg?gu}6gH653Fcm%x>)U%IqbPDT70JQCB-`H1GL%#DMEeUw z0|EN#yB(4pz1@_rk;1tCP62RSXrR|A<{O^h3&0jbC;uW?6C2YhH8ylq?08^8L#qNn z)nWtOSz;#VM(6C{T_KGIOQK71ocQCWG~xkBGJ zwH=L>f81>3A`hnk5Vu$)A=kTESmE)QB<|A8CE9XLVSAF*iSWcY88BmPe=>KJ85{iY zP%4%9T_Fm~!Qlb;8Oxhv_8mxVWN2kAP)wwc>BuX;zV1tz;lTxid(N*;Y{-fLii@`? zrm;!yIl8^lG~H4R>yGtY)~=#hMn2-jXI><*wYmsbYblQ#XWrZU{16vl?D{!4I$W_r zrYL?}g@NR=@TZN|YGQtykuagkLcG-MSTX0snt*@LN|q-vXfHGRRwe}sg|7^7Go4?j zv9g+b-)kNILg2yh^yiw&Tof!W&D^KZqP@9V6f;r#?E1BaZ^banN=w`d)o?4TtkK)! zN8`J?bF@w}I`+er1v^kuNN?|i--$VP!@{~?;jpRcA*=Z%-n}FG;+}Es9{C-UY>n3z%_^q>0QK)v~@e@jl5iT`jeP{t*u@A+Ru(h%e0#R z)dJ{u1XSAP=UHR8MJ?uD>5V#uYYwlXPha6~q=yrxB@KW$T5lbzqyzs70H}#I*2iG;mmmW#@D=EM9Jp^j&72`Q2WXv=j zv6E_(B(dZa;JZQ#%M5{v06uBYBcf`?p+u+>xYTYG{0v?km!KzlWs-#osw!OxEcuck zcJHJI>$KJRVw6lE&sJNJrh>k+if^8i`4A`bsgYB+wA6 z*5OJcEGpAC6#2B>dtjOI%6H`jD{Erv-f`ha>kz)g$@?ZDkrj~lPqCZlagXorZK9r= zcqGI@4IDyi@RBrJ@EMzg$~EFlB{Gd*siv^hj29j637EvCXJ#X3YY|xwLp4c?psL&g zeS-phoUG;qLDqsai%zC0#R>nKw(b)k0N~KLYUVd7J2ejQfNyTDhD`s=tMy=JEF@!W zzEp*2e)w2>!lS62SHi|Bjei|ItC^o5YO%=sa|ULcHRbhsAlXPSNd4f!w2Zb<3lx_h zH|R)XeAYF-=Ry)XElEj>D8d`M*v7djVxUk5Nxp$!`~E?}Q{4a(iseUS$XX2%4=Bjx z{ru#lfxLfVYJupdjW?=#FCG>(CA#lY?~FMERhdO!O`#4IQ23={}8s>EEFGTrCh=vtaD_iCYzmy-~iXb~-{uTYc<3l*d+-l(c^wz;3(9M@O3$ zzY*3~F7j90YQ@={3^2A(FU$Lj{^64`lh);NheXEMPkp?7VMu9swdl!XU$wE}@y$&p z@um{F2Xj9Pv3MHXNnyK~A@yDjL3o|Z;pQXxr2w{6Rr@OINhc;J_I_TSC#vkhlpfcT zt2M9t?LT|Yy;U%F)pbs5Su+1t*C2{R{@tuPJd~8KA`No%zY=AijX9Yt@n0=T4NN#@ z5M)S;)EPp|*h#HyxNMTB@{Ai~Eb~X0G6oFMS}8xj7uk2o#8FX3Kw4Adbe@psWi$!B zvHezWdpm9%K%O)Q8!#sW#%8OG99wTYoq|YEr0S<3{y8T{>LllX{5Xf zYsb2*mYaOiuzSsnNPc3CZ`3 z%BPCxK4*&lfS$BqXZ{Ckm4*3Fh3Z{6N$a0%ot~6ju2cg60+7GONPBnF>P_b)I>X>+ zEy#{5X@}4ZKrSCdOAVl>&kBFcYF@l20>rujI#HHOJv)2imUeZacS(W8@TkEIbE>5I z3b#2Q`-XBxR6;((Kq9O*!Ak5U{T#uP|IXL!pD*vaoo|-%Q9J|#jvt>}9wAK+FK_w9 z8|Bd7@jY&hbiO9`{LW$JpK!6-ODl?zYS*vt?yY!O_PbzdY3M|e5w8GnJCVW8f7*$F zzVb%w<<%R#xp^0&qJeWZXLC+4 zY1@q>do~)`uBf~xef+{XfSSL}l9&K7M{&BTtDJEDq$=}hZZ^Zq`lkn!Z#@U9#Vbg<&OBATXj83%L_3dhgtmE}HezKW42p5^$)JCW;A~WX zSuy+z$biJhLLH!q{SvF-O6IIb!E|-$#eJ3Gp#u(E6aq`fWITH=u5Wo{+~ZwKj~`(e zaOCh?o}Jgm+MOrGQ!Mdji^ufha%(re_#C|lMy_?nXhn`!4>@9k_IgHO3OUd4Xbq42 z3x;UkE%HS=W_!p^>)fmgnOM&H9skr~-l_Nyt?(&?{o1`g`z&eswuRz`0jL^BV%n24 zr)xfQ*Rkg{&9hGZLxmbv!QJ6Rc7chSvX_S13la`1e(Fcnn>)98e+h6GaUdcCof?KJ zOL@49e&;6eP=Fj+x~7co&o^$8#0>VY4uT%C+Ix9XyEQn$%4p3mA`d)zHTb!EGrld?iqX_ttesbCuueN$7Nwy2q>sF9|* z@0MLm?(*|aazPBc#%12`xA*X!_6xIfUn+N;`n2_jK$T)WHd2qx42T&ra!gFlgUC2Y zi))kG{8P%tMaK*`T9;Y`*{M>ymkcI=U%x(zP5<5so>~z5*Kg$C?z@S|C3RxlB1JFi1s%pmaH#!>$PqZoV9IzsK1@w#t;Fhy#+t86SgZaWad>guv*%b%ob z#ZxZn+$jH|dtU6fE4iO>E^3iIMXudFp~fqaZK~`4Net5^$a?3_2Z1r=n6e5N=6d&y z;=fD>YpN-Ov%~F-Y|1};X?-@BURcUy_T=e7tB=(yTjj8e7&Sx3Wm5&Ca?|bM;Vdz+ z()uC<mRGe2RqST7k;r> zAv$dgtqUJHT{F8}{6h&{9_vtX6!bt#&e;n1(nTiG17$UfFWzb=5GBc5{`$%x^4U7PP(@|1gJ!b{PGX_w`8dO zfrWW-i65!``HCFbi)61z@M~M*siIGXie*ae3&jKkBbgRge?p8+b&U105i5tGfM88B zn4hRoz=?W*tE3=*WSV?SdFovt1tm4`OOO%9g{XgjOc)CO6 zmj(BNqmFiP5SfRxH@A;T#tg$Epn2hDvn5Z>*}`h5E%G|G*)ViM%|0AHOOg3)fV_Gq z;y&)SYRdpMG2!Jw`#*NA%3a6$fAyC?{QrMlp80>L*D$TO-~M0ruM?i1U(=FNQnIdz zaNs%tfD)TZ%FAmJh~*V>6GgoC{AL06e`PV?EQY}hRijE8x(E9-?TsUQ5fV-}z-kHnLc^oA;gaNTy~dWCG_YDN)6)@vUj>AQ_wAzwBeF!`6@d|qoqngX;0 zOGgA7t6TmlTK#r!=$#_)3vO6w6bK3qkf#Y5Ak0ImlR;-k*i52V?duH+Y7eKQb9_>@n5*-$iV|Flaz=zj}s zXa-q+4|UzpXagO)=Alny zq$-cQ(V5MxRK;x+XW|Y+Iazf-g5SojWL4U{$Ytgt+LY|yDcrq=)>ldzIQyr2>p^Vb z@!drG9XOx8;@W>BO3xzUS$rTHOEACa#5BtR56eV2@(-n*oSO<3{o1(+Gv<9=RpXpk zEgkiaqaVzW=!wmQd6ZHEk6QvIIA3mQ@!cN>-Qulcq5rxk(f`mB48}d#*J@ zY1w`i-&U=E<$vyFZEZ~n9`{5dSSK!)RsSeuwZzVTYjbO>v_vYf#CDC3XuV3tW*gES|dZ#GD!YfPC)9gjT=vl7+ zbLeO+XKRplyh)-D2u!DWCcUg?wVJ&KVCddsL?!Da7xDqGCO=&R@H@7z;jJS&D3)$L zaCuf;z}F9Xu?qIOVkd`wLAUT}2(RZ?s})0|)Ih2x83@b7Uy6lh;sfo_w|ZmLKIMS`dWZ@Zt8$Q9?;Jw7^aBdNU)xwb2DbkjgC zL)4ZvdM!N5G>ks{PW6{pqu1K;fWK=6{>p3$wdq7?3 zMxX*z6PrL;>=zb^P`A)_*x#BfVKtd+E?|AgPdZfehM|vHRZJ*pT)ycoJ#90?oO=qZa%jj^dEHhl z8;1e%&0X)^ywJ7gPZ1ff++YAMj#>C&nbZgQzxGh55o1OJ4bDpPL=^tv6VV)}$zvB~ z5n5Qxn@M|Fp(ch zC^D^*-Hs+^-JuHG^clA5A^8?R5JP(SIZyNjEP!=ky?$Bx-o0S+l$T|!obheT@9WD3 z%gSDAI-3RFz6iR;Z=fp{%wu12F#lPvni6<un@WenE25%i%0_f#oGzCX2 z4{UDn3J(a7jYZuq+C)#T_{nU@IwRnNn#Qeir~VhRv_f^C{vx+HEu-hSc;-GrN;|Us zR{>P%k;heE_l+emJ+scE*jL@=?T<4nA$wD|QZ7U`(xbhAQWG;LZ$A;{PO5&jaJc$B zU7|97zF=U>D_tY0F!|G87OSPvDGN55C%-bSTM_M6L*Rwu$l>d3pEIj>RC1X(K=L#md2p#x7=Nx2t3Gy%1!wiM|*~X?b~Tv&U5xnjmoYRtl>bZ(scZ3Foo7MXY;J0|sid9xAU^pCRoZT*j16 zRkO_?XO#py%fiEC_4y`zt6vN74kl2p<(o)+Pm$leK9Nq0bm0D_N3Fu4J}2fpMUsNZ z*Qbb^NyYsMd)`^i=~&S=y(f3E;~P4#AXIo zS|C1r&8}NH(&wTOH!(^mkvN*EK)T6y56!r|-&z;be`(dVyS~0d%^|f?6kDvaQlFPS zBW=4zM)D~3{m3~*>6cWf5_h;!vv>OI3S}TH)ssbh=jGK$TWQZyNBgYl=dB0iq(yq7 zJm3mr5MN)DkI(`Qsf!K7&23Amd0<7-B^Bf>H$J06U!$)C5a-BFrCtg=Lk9N2H02|O zss7q5Y-$diTJ%^8uMQs-;d349idci?U}rveq;cH!uumwQcQ7woO+;qJE=)6%=dEwA zCMVyWV3%6s6{NIE3>Plv*hX^_n$<6jN(K#FCa8e-k2cqV2laHVe1&$A<-|BYh*#wz z_GUKk>QHly@~#aZ(fqsCx&91YO%Mnd%hFrz`66zs7lYh)vzwKtxhoJg1Npv zXOCYQ_XR8#NxZ_tA+3QcOKl(!ySlNEU%%r*+@uJ1l4hV}W<0`tWR)*LYD+1%;cADp z*hfBhdHI%Zsepb>X{cFzr@cSTr=mbG^ZYG16KzDzf35t|vXfp!@;T&OsR8kJpwBGk z>b0QaKWJT9WzAv|?8=5}l4kedQf`Ss6^HKBdn)(K{TIEUx+$`f&cQ@ zUX%^Hbl@`Q+RDVW!N5U6LIP#%=4shfCCRT2b(dCCxc~|4LWk~b$^w-z=nD0ALBl!P zk(V{j#)RBu5?<0@4*-EUz~IiGcg!+A`ii)CNU@u8*d^t)i4Ffm#IvD3T_5F_k2iyz zy*1+yP8Us+$i&g8zO+3IooryG6ST0haWNuwO*7fA@JFPgIf%1cEfX8$MEH$UFw*Si z_3?wS8|fWW!hR6!yTgs^z?bqc_*2OF;v~aJ*g9=Lc{q_tD{SU&f8vg~R;V>8b9hD> zbrDRJj9Rw+eMQ)EN@xzoF!8aYMZKY_ujiBuTNH*6QCU2fTxTq(g939OO&&sNg^KcF zmUk1Lyq&s2tsR$B+iaJN7!Odpl9Rh0*R}?TEkv)@q-i@xqpn1=4>$9n;;TEOQF_%V zD4EzRH3QG_G@PLu%X-y=a(`!er4t&Je?{ymLHUp03pEhOO2v)!BJ2dM%xNF|{rc=d znvcxFk0dV5!&+zL_gL$}()pgbqff1ndMTvlJksqXV)A&dA2BL#1;=ohA94x!34XBw znhm|Fa2IxsJHq5YsT0SI4t1k^{9~7u1N@dNQ>4s|Grpiw*rsIA-*}1E zR$)**@P>FWDZyRK2}G`*S;{rq(Wdo-T*zjrpCx#}P%N5umqJoHskG60)7l8)hWVJv zKZ8^aG?jB6eU;w)KCSs0|K5e)`)W66oSTrFxLK(~mO;4NW%LS60uF!n_5?2BqDbBT zm1{@ga#_!7koLX<40G*pLEk@=KwDRR2oQpo5pRPTTL};r$iKTGkG$KNWR(9 zFZeZgL}D2>l-WbpM7N{~qC0=i%gakP+r-aHseU9|=)?UPYYC9yeeoglC>rAg989`R z>^wlrnI>0bYu$bR!5%uUeuI9b8JQkql7d}z*o3+t=Bu?0-?N_!dw4isXj$LuC+4hy zbY$UT*PLtOezBF9$yoPhD_S&%zUvG)H`nTL)8Lk;-c8B~4U3Y&W<67PS`{q>$A&hP^?+=kR3%a?94 zMm&(UHxJEBzFVq5d39k|*Q@0^&mxNAxS>!9rUg~1R~H0IS8gR5j4A>gmO5I+-P9_= zZV{q4y-X*)F^yEjW830}+%4%TFxOKDbA$$8Vbd{qTQnW7lPK-F7bYGgQ_s$;Hrwhr zD;M9IQI*ptT?89pbo+tx$Y%?02DFSg2I^rj&kf_3<{^VMiwawEqbe4{!Q~Ky#a2nk z0B~{Hab!f^QY;;QHEoj`NQ@C}OPi}U-kbmOoJ2sEBc5V4p9cyxXlLy{B-yqv^BkGV zq1_4)4V7JEXSeHwfBN3@WAzKzm(}{{RjCs2sa90LCSle@ywN6)GNon5}q)q$U*;BMGn|EhZYq} z81&YhkeyW5hF9ly_GYD5a1_SY3T&bJ;?9#UVm5~^p9pL;Wy`aWe?MMUTFvwo|flx6e2U9vc3jB!RbDQ_Ybh0>Frv=4xIl{{J} z;d?Jw?s}L%^_%#}qJ38(dyX@2+?k~>qI=LzoHPG6I|yI@qOkm9^WO3a#`h2x!_GD6 z{Z?zjRkA3>-0-6qOX4Z45B*p9BT9U{jq#$l zwvoziJXPmp3|o$mt0OetMDp13p}&H6C}ms-{W{yqb=YeDIr+uV5BKg_IQ}(Qf~Y5K zFv%(5^5ZSO@a1VSdAV$FW%cUB(#opSl~Kxbb$G(MB>7;Yu2)e2O2tPuP9Cq6rvnBH zZEf}T^+CQdn|VCtHaWM0mVQLCh(qDE+c;;W=I`C8^)<{`)T*4pG{CK_b`dO+OjQh1{<%mNrOdbZccfotO(n zxN!eyOZfng$dc)1r*^S3tlmL8xO&Ad!SV8+y8&s{Lx zXI#v&tcQ-X-}$ExNs(R!e|)v0v=f;X(DN(!WA}JotWY14U|QORNm^Ghpo31#^Xbxu z+YSaxVDeSXp+=~oEKG!o+ z3sUs6{8tO$ro<~<(ChZ|vNB|foYbWbmesJSv5l~LCc-!D_o2A>LxJuFUui^gsxMHw zw2!87-jTU<`ppH>_!*Dqxui&!Hyy`~q~{)xEl41x>5HW5%YOg>1{B z+Br@42=kT)Q6lmXw#>|96iq%z3?=&hiPywIPOVuCQ_mNho$D*Titrq{@qxR{W=qiz zn4Y+s_Z?|iC%At0U%T*SZTX<82x$aS?6Za%oSqU6K{+glTW%M!<%Ej6E?w*_ut*G4i11Z9di8&33lK56R-P^oz1F{+Y1{FTBomz>2sa__T1%giw#z|7LKN4{HZpKuVa9!$W z=g8*o7$8E9+L}JdsR1jVY$1J6%L5{KV-pibQzQ>*3>t2rGlJF;vf9m<`|?x2*vOK6 zie;wXy1UfkxL%~qiwHo8$YS&Y<9e}I4)^`zwfNK0`utCX=_#%%B!FYt;l&E8;Cl&{ z=3Uyi+AY4$u6Ut@Z!$&+yTUuoC5cwum4v?5Vh1B`cy!(N+1vfv%AAu3tCIa(AaA~b zCXp+f(NrhIv~W?3U}z~hPtmhACm>aZ?EAB{*fh>jv%2pr1}k{MgyyCWEsqY79Rn$0 zM8z)W85vA-b8L!HM8pq%`PfA?eS7Yw#_9I_o0D*S&zyKq>LBfHK(5u|*XGM;+AUSS z+y_K$JpI_}=dWKL4Ka(>Kk!TB+Sa}eV%y(8WteBAU=X&mgvNMQa}y9$NjJiOnfsfV z8}fkEUpNWH9=u7Ad^i5`n&b`n3-9IO0o#GL++_#zX)ZPe13<1y)C8S>|8XW+8LcIi zCG|VA@tJ`Ifm9=&a+R;#pxA-~(>p)E-(y)Fa3#bA)-G8EYvhC-2$Dd5ib`o0`pX^C zeHq^!#VqeQFhRXhJz)P@SlI^2GrD&@xiZLQ6GbC@g#u%S>5oE%>7#$X?G@ZJ5VF65 z#VbO+)S=B15Vynx%7dSB5fSNwlFg9mGtzRvz|H$W zsmd7MVjNdK63q*qd&aXh){l*ywRt*70yVM8&4_RLw*5vp8kAb`u z0TB^tC8ebsR7zT6gV7)(hO{&T6=?xsz-Ux@0WugJD%~QC?v(DX-vIqw-|PDQGx0gk zbNbx*y6+Q)e3uhoK+a!HwRZL>yLM)H&(t40vu~?fnig~O!$@Py*0tk(`OYg>t}tJP50znEDny{Yz>Sdfzgtr`HX$7^PTQ2Y~wofErQ&s#0?YP zi|!lt@KtQSU_bA=)dOEuR<2HU)zI-$TjzTH@h?51wj>5|ZEjmxhw#{tGNZ`J)Kbya z88W>aG@&IkF+YpLLytrX(q!0d{`5v^*eLp7ewWNb4Q;YUuAH(--rQ=e5mzZH#+csi zg+|BeQN#%Q6PjID46jwZ{42kJ}QDaHCH9#J7(ex7o6GMParn!Q=FshByYw_aN!k4Uc1tx~u#`CoM`AuC2r~{Nx4}3fCMB>C-S< zYc-FVE7F|N&P#bA+QUK#Pbzyg>r^J6MEzo3i+JusLYhKQNb}%$@5-A9UHsX5!U0=k z%NC2EHyti`u=!DaD}&5N`fdzK-eIVN})r^u)jRddY076%rxcnh8C{I$^5%oO(3yqi(#~7Gv(W< zDMjB4#~fBu)sA-FJE|;G7KNF*d$*MDzM6(d8b4-Xnvz)3sGnin_1k|N&+O85C40>N z08VISW|{Et)JeyZQ&q;j(1k^ClB$F3hR1SpMsWb-epKC~-$qIgYHZ^D!=*hF^T*iw z&D}Mw(&3%E$#(WuxMgm;CT{iiJHs_?8sWO3FZ>6isdb54u`z_!K*D?mwcjc3ST<1} zLvfI`yOFX%cJ~#e{LJFY50;L?0!|Y=s^^hrl5$&Bf-$wQfpz^WMNB74p|75vM&*6E zxFS*SF+GoBw#uEf-IY=a7y;G0>Uo+twF5s!`iC4%`DsdAFl`l znl$W>OA(lf-|qlO5xecrz*&>FtROR7PfsE*BohVjh!LDAGQu){ZC%#QD3VHKw^{0l zL8FJ>H|S`Zj%>d-O7Z5l8f5DT{p_lOX>1`Akfj{dAdIESFh9L zWI@uLc8qD5>V9Gz>Ohc0)_3m7Xy2m5cbKw4EwhsnpV6P;FA9YCZ6%nf}5Uqv#aO-5UMId z6w+P1z|%ux&+3W=2ZgC>hf*`Jd;rB|I90kO=LGO2KqZ1cbecxUx<$XH&u%lD_r|rR z8<6U(R;gmqLESHLgz(+9lZNK&4d^La%B;kn=<+hJ9#99{68-(W@r5DbvIW>zHkASB zPhDHxsb0B4c6qiw{Or8l-MlTm@!)5E>nV9+t*?O#+VaV{cP_sbQ^MIlMD3Zuth8`l ztG};W*s&*c`D&gTXH9CAKR~{?B^Y&=+;RJ-lQkNeY42^fx@uYIepi=+t9jqcQEmIf zmkc)E(^HFZkUTE6qbH}S-k9f3Tc(8;WJIYa$4=TZF68>F@!PLe9!Wd%XSN{64DyAu zIGqDz4;+>Tb|2&}F06f_e;V7!mt6RIt*a#u-q~m$o+f7OGi0s`ro$C#vTR&uL2?C$*S>5 zdMnu$<)b44{5svY)$Z{t+yn_d1p$Jt22rPuGu8=wf70&V$(_E3?02;m7o2bZ+HWm0 zFK*r6HhJx=Ts9!&&U+t1w8}!!o4kel;Sv$oxM(;3>YW}U!>O?fncLavk zdiT_)TQ&Me-CX@zo2UvIZ)6&(0+N?$u(NV2A`!LPp6kb7C}(*5{^e=U6r5^B&3*@w z1um~;IGhTom8Ft--MX1d%|kYNE}>+9S!##)#0ACz#=}B^*Q`N<={DdGW>bcOBH6_@ zSF;pk9aGM>6phm?>oI#@b*LDD3tM3tzK5HkB&&YUql0Np4S4c69mTKbj^-L3;OxV# z9qc@?*TxNUD=IVIB}aRBc6fN9lQK8cr-KL^@{D~Zkg{pMO2&Gh(`@SZU!LNGaP#ny z5vp3x^u8`L2No}?J#@B}?)`@JW^dSrz-Ph%de$hGOe>BfSi#p>q1E^X5^czU!uKhLxk&?LDI_vX8d zl()?iEWdbwv-A%xUCqwTjG<1XuJ}xaO5NnaboQj*vxz_a?`T#<7dfl7AXT>I~OUNH}fxkMFLJYKR=9KsbBBdO7nfGMI*PcFqB zt`;(bGN|k8WLcV+u&R$pTU$Lr%qBn*kl_*)MxDL;UFm&uOZUp^e-olh$PVJ?sfMGR zJbaxmDwE>f1(6*E=ey?nZ8Y zwv26x^M-X=)x@oro?q=E>gA`z~rV zdfGvO6Dn#PyUl#}g_0(a-)NhZEiV9Se z7Iv~v-xZb{Ew@ckDwbgbA%mrl#@;cT@;t~rCG%0eTKi6m+=QMFZ@D12Avk06eMpaa z*$df}R-p#GuLIPX#~J8m>i}k65ieoYzjHVe`DlhW=EX z!^qJd&)bIk`asDG(%kz6Q1b1rW4$E%EIMMn4H(v*Uibve^`+5oEElI zh2)@RY52Xy`y9#ATiUf9;(nE$h153irjUOzkL)c=HkT*;v32Uf^kyyI{>ZN;CC-!u z>wyP65|T!w2}`v`RXZO7D^$rWhTINRPvod_y#2nd}VS*KAaA7=quO|sY%F@ZU(SI>LtkQi!jdOzaY zS~}=KfA7ckj~|oE0~^4Bv$HXf(AW@1zVm_9O#QNMl8*{s_)1d7HSnv%O{c^L z6D$$9Q9j+@Nmpf-fl?$!m2KgM?PpAjTP zMq2}g`{Sh_^~4n?;fg0>u^e{bY)k_75}AV&#KVT>5MDR#QlRO9kb_aLCq!ouQuT~l5P=NyOX_zG?PXG z6~OFGO*UkrZ&G8P6oZEGc?>my+3W-9F2tkuFG?1l3#=-0z_}1#MhU-C=QO~1F#$5i zR@AH`*5{P~&~W#In%-{+kb(j|1dLd7Z>lA}c;zilhYe}4A`Fok(0Cb*6^Q@W{x_{w zORRloHd!XBFBbnC6O)aiY`FkWy^VnIfv^d&fY6oelpI{wIP6^e!YnWFFW(ojaFl^s zs|v~rZAr_)RR^*Qra)h`WVTbR4CLXq14}*wKL%rG|5qEXhYe(JxMRMKUR+}FUcd8eK|pXsuQ<30ldv(Q2VV$tP`9no|0|{^ccwW# za6}F9&)yo$r3-vtKD0fys81QB2irle_^sZkGD-cnu#%8=)a^Ds9yU8L7Z}HChmDQJ zj-qhA2Nwe-(664e1Q`1@$hRWuRa#Y=4b)-(=852%FgtQ_lZ#6e6pBLu>LeWtLCB;v zf|$!C_!W?Ci5uWRmLxu)}-ISZ7mpG|g z=#fnstAuc#O<}xlvLkM*fN&Pv;H)_m?zIlEt4p0Av+SH4XlB`T;{ru zKcq@srcwrv%Mu zwEC0LW@9K|8fvu2Kc^ZiPrT0a{ozkqQ&v#>uU`&f zA(>QnZyd4TiPlw_8RK(U`t1}vr;F}NsZV@&l_@eHfQietiE?it7^qIlLKtd=3au6M z9P7*gXIOg+SvtfN3p?^iHJets&bN<|%FEBnI!H997kS`%$K>UOcpsfk4T5}ldr9c0 zpVBeWY(spD3$BriZ|0R%87+!f?LYO`WOCWNv*X~64VpzF;sQ~CaY%|xVl*l6X!$Z1 zD=Nh~1^}K7#&cJzn71LBlzK5hwobz-Kbv7)a&nH4l#}DCkXSgYmsi8_r!Vg!yprUa zf5{ZHaYZ%DJ(G{!OZVE!^mF#{=-9R&>0JIuyCd4E;q8rWE!jGvjH3t*X*T&YpP>e( zyfqclR4wH@??Vxs@<8a#%b8E}>9nKcFvn#}9Pr|Zvmh^KPNYpt5J>|2;LG=ApnrT^ zlTPf3)eh$7@z$`1HHB8)M95%-pA@9Py@}x}!DGuJ=65o!jtG4ruOWK9p8^ z*MCaW6a1b?I0wS}W6Q%KSOMALadRB>r{D2cZ{SsIL8v2N$3VqvA3rTGY10Q!Y<><23&u@j z*pl#ARsL>B80s$-ykO$v>exlp$L^K{Ns&X#`-c!KZ#{;nw%z$lv}$%kbQ`1XsG~k* z`0CA$qF_sIu)-z4)@)~aXjf!KlbuGW8=-FRsI9d(#BY_O58%ouLIEZIt+j?a2BFGp z4fupHP?_CGGdpU#T$b!CHW0P~1u#TqqUt^S5Np=vK#spGK^z?ez_Y$2EG8}bAA`ph zs{qlD!8j2+Ff$kcG*kwWwEd;MtqUnACOd3jEbcu9_;+gqHRmmHi}+oDr_(V!;D4Oy zb13=$s{VXg^|zNEjHf&1n^^&RTdGLAh@uds?|F zbIfHkn?@w8-GhF<(cn8RGa2Etw`Vnz*3K*SgdI^`v$0xNoBdkTkN2q%kM2m0Ays3a zUD3xB6r|rx{}J)ZO&%dTg$sejtaEI@b+>H`#AY1WoeapTXZ+2`buV=K#-ek}mO}c{5_;q>&?riLwrke?q8nwLgq1YA@u6Oi5qOBEW_AtmzIM^BD zmJD(&cjrv}D&j62qziql*Qsxxh!xNiuG+Fk%xRh;hcKq+W*dSnz=j_EaPsFInb8WH z2a5O^_^$7BwpeVE4BoWFX2iyQLE#?Y*{$^5b9OtV(faqeM|N8RDlb?cakIgo3dpU+ zAR^`xxBoV-NT&mpu%-u621UTJknp(JIFzUzZlU8`7r-a7w#-QaC7QNE=0Hf92mi!B zKo<(ICdzp626rI6ty<}T28g=VAR-zA8GiN%EGz}aZK5x^LmOC$riUjJB>{v!Nya4M zQ(|69OQ>fvhjPp^lJ&bleGy*UROiBhO3ZH_oh4VFMFT9D8HB6>tmIsXdhzz%A=aeE zJY~?@A^EO!CvM{d&GCJzpF<|X(F#PJrabvCO=OaN;2}weI6o7IrJURRqX_g}c!>Vm zZM2XbPO0q}mIwi+X9EFir5CKAy}sVsxBtZc#m~a+F71376k7Cfi=9DJ&*Y_h4mv;S zg_TwyM#(n;jS70fO)+yeKn;G(DaD_{qU9atJX`#|Cg!cG{e2^+M;P963y?XHNWyCP%u^BJxMNuAA2Z3HA9 zw)L=@O>93hnLDL2Tsh%`6+jb>*EkXNTqN88$ZjmTmE6GH~jmjiCjhI<+QG|7M z`Ph!ymNt{cchN0R>$-`$c2!jOoW}1Qh^}dDT3DR$n!{v;C)aDWdVLe$_;shJA=z&z zmTxScqFQ(>;0HM$U$_<_0y}@=U>^(Lolmj&>PSIa^^$JSWC%esBnGhJB3_hggCoM9 zjdDx0cdf0#(b5FFVdPf&_|bU(4X!$M)5*6_98Y8SOZ8Gh2Lyf!o>k^@aJ;G=TrYSV zL=?+lz);u;osT-BYiEzS=UaJNOB*?V4+v8#_@p;wa-yei&BS!*X7Y!sc%P9WXOE%c z@E5cDfn)>n6m(|L81#sjL=(0(w$)b99@d|iInzzJC>aS;e`Gk&@wKm=BgPrn()MLuR;n{C$)_WK^ z$iTfVg60-~mY7WHR2c5@NH|R|#YlL!g576&++>ZpLTNm5*C^!OIApEsjdPoixA?`^ z0|KRMBX@{xw$3ThcRF2MAN#SB^GV|Pz}TH9lHTp8B%f9YGX)y2AGWqWPa2woitx8I z1kBsLw_qm$j*`F`x98OSZ4VQB?lO%(f?aLhrE9gVTKln4C(fIpxIIsy)!lz)aJn`% z5p`NQxf!Y{o339w-Jw}BBPy-hv0*=dGHwiuE1cgymSJWO5=)VFHTdmhYW%c*2(O`B z-VtyZI!!6f9+upC znJN`lV2V#!RN;OK1Uz-}?{P!O*Sl@Hd#0osdmHxc)+i;icPSZrNS4 z6g9>Bt{*e3Eh-RU1mjBER-0IjCF*x%wh#X-FG$l16zv@ku7^|@_GhQV)lZjv46{*cde!5M^dmgHD38rO+fgC!LvOEM`0N-fQ&i!rYGTdw^31A?eRzPLWJCn1 z%fqkRuV^s=GKYIJT2~m-On&|-Bp$z6Rz2_ZtOs_zgH~AkcJeOx6?|M@a=Z6f- zT`X-k?E2`1HQiX)t_^AB&4C|~k!}lh4EMa9PkgempivI@1v28J1SO7aI=}p^2&%N) z1DeLDr;AOv`BOPs=S+-2`^hHRO)K=i&L^dLOC#nVS~IzX(Dm}{cZJ0g$;-QyZq@h= zh?}c)z3|A%AFV($tWiCUiX+SQc?|tCA=Nybg)D-3h?a($kKRGzWv7H>x!Tzy?(w*F zxe5*qjEX#-R>z*@RYSBB8z`gG>9tKFkC$IsITK#v!m21Hf`s?Z=^Ql$TCremVxf@v zM!~ShlasY;KbOzMpmUi1?@@>389T!k6yI)C}|BXDH6s1!^@Mjdl(L=_xHl<4+* zyjG?{!EHeU$0~2UqfgTRqf%!YOcboa!j;F&#L026HL2t9qcg&zyz;s%IA=LnlF$=> z;>fY5ezB#7nfhY<%^k`8bGCSK=Pe*xLnk@13Au|{$dy(g=`_q>oV_C2!E{!PiN$&1 zg^7>SIS43t%C+~%z8mPl7Y*$|zh|QP{dJtHgO9gp?+%wH!JLSb#en}A^zl-_lf8i8 zuoETT<>BLXJPF<(B0%?9%8Ge^YZ~vO<6{t%K5FW@x49OrSz`P`r7D`yeq2(k!!A1kV>X9PI4c6e;NKd;=@r64%XJ5)~=xUmga8leoT8VoqTRN9@%auso;nQgHM`=4gy2p0p`1oU4&;}zU!~IVVp&45_x)!bV#J3cPb7eJbx_hruB$7 zk(uWFh-Sv6pc*Uv35+HD3UyDiZ;+CDCRFS-wf#pbJ;W+JN+`gg$RiA{5jn5 zZUz(V!X#R1=AiD9KO~qnL{8pfIP!ITGN95Ois(t-6HEqbo5UT=PtR3)k^ZQL-dFb& zncbPlm0g2EkD^U3!}IzcCj)j8(@GA^aUOyV)$&ZjXMv3;LoQxBc~;?mzga!^W3`xw zxY`Zy`V9)=oyuN)6czoO(fZ_Mt3Y#hq?NDY&1wBG9~2`eu--GvoaEl)MlEGwc@h^j zChN*&R?jltXjsQqO}%T@mYn`t+;m+@VGxbft1&L!EqX(;w3#ULd-^b+Pb8(3QJi1i zc(~8&_c1xcf@yWd;c?b6QC0&XTmyPGwkYT?G_pj#p_XIVQaf_%KkD!7Q$(bsk7W{! z95&wpm|`faYs7_l(T}sfaaLAw&JJN0I4DVFF^Q7duk9{(03LjfxCu{&AGolsE`3MS{uf+-x}Lt4^#uygxZTWY4O~ z&paMmT-(CX3J%2B^-uj?Gk#pak(XcYbYfC6(o)$&k(7=HOyC8f2p3VaottSTiC^0O z09vY9wV9Y&qRR$Y_V%HUfp^Kt$45&utZiUUVTwG49j9YIKkl?7*a$b_y@XYY%g5ga}WTzjgpCSDd@S7`iUO=n;NMNfmEw&=2qKQ;fTKL6?sCa8va>$?1 ziTNOQkBWGw$={#Xz%$?X+?NETF<&Scg;<;p(@?oPUI3EHTb1n$E2$|d17QMv&qft5gcmQ@w8E?uQ0~L=SckIbKPH_ROisNU7E{^t@2L{X1h7>leS3ppG{qM< z*ned3v6yJ(Z%{rexUbwSeH^zRHLvhy>hZl>oe}tq0tKDQqry02{Hu^Nv2vM>aAvB_ zwotxpS}|)}b|Um1o$_w}hy4}Vv3A&}r++8~TyZ6Yk9>RFqks*+*$v8#GA(~K22?fk zZQkgB`UxN6Z#5z)alY>$u)}%Jv|Y4Y(Dl9pWUWPb1pFJX{;9VhWH{`YNrUAA$2*g; ziklWw`PgfO3bF-;G>nFiUW|ziDI9#%+hqxK7>UQUWbpcrzaQ`-PKCj;!;{jV;X9eT zd{mml({ano4p-A%(-||xwE(__x7L+cIsaIsmFr(Nrd@mn2ox>Q75kPJout%?us5|| zz}u!(N*yVUCfq~cO!uUd)o66qOw66IN?cfP?Ye!1%#7_M>GiG!K6hrmwA|^buV%b- zk{6VTI5*uzGG}F2NQ>WMy8AKhZ1p7>6X7_!)dH8YmSp5iXTn;J%`y<5f`!TPjEa39 z52{P0|EcFB_B=XQG`LRd@ggF;?Z8j&XTXQ6fj{fy9*a1W4QgOZLV?68pdG(NGy7AN ze!9!_PB2D-S9aiNL9XYTv&?zVTqkxjwH{a}e5i5P9en2hr=GRt6qx}BOflh@EVLMzrSiSh_ zW3S*3#{Zf7Fyp)QIfCPnpJ`f`g%8(u;hD-<@15G+)ztf(W69CUVh#`Mmaw3t$QvlA zec~PMEihr;2+}1nB$G1=fh^F0>b6-s*}x#~VV-;ka7K|%#uebsQnnYLe8)k4NZx96 z;w8VNk>v=2w4rcnkvGm=k_3lG4tUuH4t>UxP_)X0*7Lbs>c1-jlhiX_+ zvEd(0k3re`?TWTFfy1hxI59e^!U5GJ7yj@dLKiW4mX70t8wZi(t~3lfZ#Gm8kf#jw zlTLpc3q&(bbWZjW(Eoy`?><;$9X)eZ9R2o^2xl25mpSoflQ?RZB+3u$3>j$#5%s9B zH+W+3X$(DDA<~!b4ztb*5AV%G%tB~W57`;;rGc^C2s_#R3ODx|+LH$w=O!JRDGxIZ z-8~J>l2SGNFGB(ab{3A}7}gx&_WC~HZGXSCgQsyJ@ZK$jbK77Hkk@#~XO`BSw;>0} zdR*`CJbK-OkX#9Glr6Vi=>Ph`xdu?{pfR8$V>1|Tq5T-IcPoE+8Ip6lb+F>BI(D~_ zkB0KkOVb3m{1-w;4Ke_#68~r}-$zm}|DYasNqHBIRF^gfVi|tBXafTx!UL(LX> z-|c>dhgME0dQ1uN_FEtRZbl+4`bHklACa8RmtY0udmj`EO9wQSVUKKf5M6L}BalYt z^V)Y?{hf18bo;u_mZLx2yeMa9mZ=0J{Dv`3!9gb7blNZ5TJS~@hyS^gV&_5jQO>(E z_QQ6gLl2}yz?%!uqBN0!{I2cM3;=&{Eam*AWA2-`JIxy29%C=vJ@hhe59=yrUX6He z55}0X$Icqjbb){<}o4PrNH?{BU^tmJ4H1IkC z-l}`?);I4Yk8341^lK5X8*mSf9FzH$FE^#x&Kq?gfSSES5Hx1P%YkgLLLZv3{Y^`Z zY{Hu|vC@bLoK`v`X6%Q7Mk~Ywgv^5hGSW-J6&lX=IERxj>Ni+e?cFuv5$TBhm}mr2 zYsEt~su42(JT?r=xf!nt7k^%FA`$TexSxMC%4sTCXa$#eZZQD!?58o&;AJK;gy94|0hM4WVJ*OJ^$XbAC+~b_r{F!HWF=?nYTNnT;$Un{E*=)e`$PRb^Z#R-H(pnIl znWz^aL%GWinC-;2AOyIWgOKi@&h3O@1NSbfpmAc5_U;uTv3c|fJLLV(Qulq)d1h0| zUNS{{;Z=#~?bji})u|fv!bulwf&gjVH2LZI7aPEp1aP}+@r7~uE#)_z$02o-#R!7- ze-7m0x0aOc&wN@q|L!5$K>Yu&L_WA&E1riSLf6kwOj!CkuOuLNeKiK~gy^q3^D`j} z(v0-)@;@bh0elCgBh3L^8f6L0rtu|5cuIl%=Z9^41R~tUssknedDB||zX#5=J-UGq z+*V6wL#?le=h>d9U**=fBu|IYioIKm$D3SyAIfRmU?h58E}aARaC{hKM#1TtmrqIQ zjb7ht!$^6$?MoL<$y>W(ORT_2UB9fPlTvn-l_OuJ5BuI~s?nmj)azrI;)umJnIss% z?SHoQ&J3j}njXa5F+%rHziHkp;dpM!gRl3F_)e=TmnVpka zKB;LnU9ZiE!eQ-Dru$XWV%BG?MIM~XqeN49 zHv|27JbAyDn-_8ZCWV$vFK4CTb0)jEukd@09h0RWS~Z_l>Y^)FMjKZpq>iZN#+84i zvyW@ESpq=iBkTiXmKQ7cghx_aIUmn(*0NV?U&_gMe&Iu#3Jf&ilWeXnQtp-x3LXtp zXl?AJH=fqkvFF44WpSfTahwjuqt#O<2a*n|fV7OmnG%m$J`Z=dss8?BKldggL&v=Q zM{d(OrpD}gdL}37vw4!TN8Gb~OiT;tor2oh<4R=zq9n+#JY+Vi0FCix*=s z(<eVY)8 z_E_H~S#3?kg%C2DTjA(z((`D9bS`uXg7^Sc%fpN-tGS7My~op0z&Ndg};D{_=Mn{>#3;kmk7qiA@a1XlcejDLZ{n+1jw_f72|AE|u*O!Bci z0w|)Pd)8GXL*D79W4lcby=TfY)24??nzN+U{*;+u;P&>z{-C(i(^0a8>G?o$if&WF zQn1WeYDjZh$P1t`pIzC1D1k0Zz?YX&-rM?Yur^D9^5bs&8SO4Qr)6*7#gZ&iXbw1+ zYp#1rF+?5JQ@GoJa01#GmDI0O^EtJrgYP7T`*&X_lvxKrU-3#<9P}p6oNZS5wQ%JF zO~%P--7u18=0B=wm`uhO_#&Px|59}5s@~o#4Lz%Nn=kU`mZD!=0iLa|u2j~JuWj#T z{xHu!J=1?O(S8J99mDUxfo&7%G*pcqFa7E6!oHcy%2+jVH&n&AT5N7uqjR$0wdn(! zU+!=pKzHSWvGFqtv_Pq%U=Rwf8|8rP;$c z$InTQ%v&vs(@jxX+6w_hcgv5XbFAUK#zrZr>GC-jo-M^6)6S`>>2KWJHnx|U;IiK9 zPnqKSWc^S}gK}uo@GX=GE=HnC=Q~}IL>J=umrp87tTDCM-?P)x-98b&@Tfg4N=mAz zJw>>=`^9w4oBNvq+!yciR6YCtIPSz}7}?H>jAD?^N5|bIzf_9M-oju3&%flN(LUS% zMVk}5qq6}!sUX5%raBPB?r`q0mohdf65mwIjJ9ocuo4w4AD?p!uONit|IRBm;e}5- zr6JDwl@Nn!X!lyq`Ky*v3|((7xrt49(=@I>17v@th4Y(c-3QLPam~QzkKnRXTius< zm5k+;@)tnEXP8^dJ%=BKZ?hn`|8&1nJ2y-c5Y*Ap?c+PFSb(^7{(ajtf#BAO@9{vf z679tfIIo@wXis=vn6uTFaOyO+FM08${#z?7B@6PqOsWLnnEK-7Z-nmht*gZVLbJ$3 z*30gFmyvW!<&5DnyZ7(l2O>p4D~rEU$`+Hnu{z3M9=hh=f4;&;ETPK`P2$!ok-eB^ zf+yv>F}S&*v2tEFRHhQ(aRQQai8TnxD|Q1|ElWIVx3u<_{0Lw?E_^-;f^T9g`0PfX zI;k_XgX8MVvqY@X?YdBokJ{K{?l%Q!S?9k#=FioUFu-u9L1-L;UJegWECTL~U-?`1 zivbz~z=JI;*zLd)V6dnim>Vqo#7=ld`eM8U;h!}z5F`heBnZjN%>)Ld{}0my2x3EW zTcJPZpz!7v^M67Rfi86tYRJ7$1*N<40Dt*M0(McV8*y@BXD1-I-@4zz$%O}F!LS0U z7)A*!0geC4e2N#<` z2h+JAi2$@hnz=6hui?L9Q6=cPM2x}9e@)|Shnz{A(@TQy&xKi$_Q)(tG`_3hsJNC; zpqvT&c?p63bxBAfm>-6r5w^pI#Kxtf095g@n8m}Pi{kH716pm|#2iRrF#1qH=)Bo~ z(i0FL?}~i^x_REA!T*6Kuon+oS}{OcWf1;xMDkw;GHyDCcY#Te1F2O6gd)Cnlxsi8 z>!9Zr1W?VzVcv%-clyzsscY0xPG**oHF{$zq|e(o3on!B$-W}2XC(l@av-BCp1J1B z--lr^$B8tU9joQtv8?pe{9Zq=`Sns@`zp9%MutWL8NHN4?S?S z84>~AO*ifv#seW&*Hf+_KMeD-kP1Ni&e7rQ27}5VbnIt6{SQ@&vo}DtRt9OA3l8a@ z%%U?|M}IQ9 zv$#HzO&H?1wn`;swd%8>bB&I_yVal%Vq-NnIS+2$O)TX70n5389DBK=8mdyXNF#DO z+ik47TAiBYx4v|YiTSFntZolbPc_moQnIGfBTF~A7OW7s?J|iqk;AR@>dgPnALq?O z#rL*`mPKB*erE^IH?H>HxkY_va^-h7Ti=X-?OczJ!e*oTtw>`5+1>~|3v^-K(H)8# z-%{mbb#r0j?f=n|6>g`e8Qol9y8r#NgT2TFHF(PWiWS*09Yv?!M8dWraUbHGDEkH% z3Z9f_K{t1ZmHQhW_cF_(RE8Ls9hP4wQ$6k)Dz#dOIq=;`tbdt_x}AgSJ!Q|A!%kWP zL@~!Ym3zkU(kd+zLt~JxF(}q!VL8uyi>iu_#m3}xY>)&=HrrcbWVHDixcRyG;Tpss z@!>M|Nd$csYJGXGtJfWY?T7U_%IIZR@Vj`WW^U$ZZaO^ciyH@zJ?p8u?Rf#ZGz;HO z2LS|?2RzG{+c$4MVxD8}JZ6F>dBw7Le+LBvYt!#{DQRtk^z+TxTsZ>?E^O)6tK9E*aiFkv4HMCqC# zBh2LrIV!pvJ`U42J<5J+6;z9ZP$Owch^e0`BdQB}D%a8J7nhBHmQzdx0d&DDNrKks znFjTv_&`aD=;vA{`Wjyc9(`f*U=k%Gt9^h}ECWOo=I$5vt-|VIwqqd$Tu3e2+-? zRwR90j<^u*W7U&Ksu3qPNR7A_b9BRXb5Zp-C>QSFUIe8@QYefz&Vc)(Wz#9a@l2TMhGt2a_ zdf}}yx&?_qhKz)S%s*OGfrsI5t(oana|~ZNgJWJtyT%x^tF!SNdNhBSxAY<}RS2--BFEF-2LA-F z{5IRp$q^!E;p}KT^pT?Jj=fAI4~kwK20T+sT6WrM7YAl(|z-IB~bdG`Bi5wh%B<)a%5 z&$J31{Wo#-Pt+IwVF98u#aF41{90M3LY~(j9~aZ&NZNWw)!Gp3U*n-KBwHZ3hKS1i z&AKLqisJr`y8z`ZHd!U4%v#Lk%@PezsX&lr4W#K)EN%{9e5{DonRVa2d7JtU!+iz@ zk?&2Q6=tKKR@Fz1xqi>*OM+!$R97=sPN$aMgeC>&;bCY#OMI*tk5v!l>K|4Df7hWNCPxxRvv(@g%g)_@177gXxOnAwa z+gyt@R>t@3!`}Qsd{AcS7)2FJiORx5ax0#!EMeIfPv&k@E(u% z%4Vj@k2h-2?5{6KqtGM`e-l2QE%KDlUTumyq1=qqUgF!&aJ~btm8r9PaeAr;CQv5R z(O9vuz>qrUo0lNSQUm)jo9wM#HDA@WfuR&9!^3+c2tcsRTA7a!OyT)Bdw#}lYVwDEC; zDx1Rj#g`Be{9Xoc7Yk8s9&%UR80XZM*x)<+Ds;blxIjUacj0a|51)ZfDgIw+zM)SG zN|xws^x<<1A`}+>R@H;{5Erve(N9!E$MSISq`i8$mg}Wtqd`*DA`+EvK51UYJ~e#%d3`KJNGj%e&mmS zyt5d0cppT&W~|DGvh%%~&rHT{av}PUIt^!-1+AhWFc4SIdB6i# z3_v~QYJhL~pg2je5T|76Bbm6Rr<)Su*}v_32K`| z757u|_n3;hLga@>!!NfiBpENntFa)N`%P=Uj?&=cWOVuv#4JdJr?FD)u3vuua6GkLq2Ko!;8_5c3SC zDy$8=ba0nHdZs5LhqhCDYvOlb#Cw09r29e(9imrnVK!ZEg{yM10%Gu!>P&y#Ax%bF zj!9ABx`!OJfC18FzF&zlO+I&ifiWuvu2_ioAG+!WmO_S%UU2r7Xdhu z99$s0X`Yz_A7XUD4w5aDEWCMJV4ksQX~e8K*1ke>bH1Eb%(H>{pU*P|AaySOSFMOMSbqtKnw;IhmOT%g19bP z)0Y-*feg2*wLAEs+C|)US~_u9%?`0T?F9t`8F9M|pm-E;>MaQGoe3pbq=5 zmy?Q0695T!vV7q|DSp#48r*becFk|%a7{d z3pty>Y)2Ocz^Mf3DQfq*<7dGHjs>Gj#Qy=%3#u*8!^P01RNBBc)qn9V=b=*gNU_Sl zJ`=9P%l;ak`v78bAsk$f?1VEf_Rw2g5i=9+_OA+U;O^f!j*UzBpJM79+WerLE?NPM z<^~e0fp+q41>Qu4p5gO3za5MLP>yjt=0>9sXap$L$s#ZZ*MoOu@NZZBtQzSkQ*F!mFXdY*(k*>1N8&;pC5IN&Ss6QOtj3M&CL_# zJI?s8Cg`g>9}b3t>??H$8UaRwwFgVOZuW?nD$K)^i6E}|t4&?0qI9EIADF6dgZ;5W>ci@$Q8+aH*=R(TNVhz^NJ@r7iG}oZjV~d!c zMsTlVfZT-C3LlM-j)J6KkcW|2T)qEeyaB|h*J!-f+@nN(hwWL^74t{$YK*T(>KcNQ zV2NpIfWF?AR#k0L$IX4Sh4uV)M=t%G-#W=9>0Da&y7W@ljufvG;f;qgtq4_DOixb% zrO;WvQ7YD_&7t4J>i@C!)?rb7QMfQB2r5Vl2na|G(%ni*=g=V?LrBLEDj-TX($X8_)OL|GqnapfhLZIeV|O*IMs-7rLP+`fm&X`R($vq`bYRGmI(W zVCTtA(IeRrnltGBX5b-v=yu?xrjyIiOJNS_JmnGq_k8SYLSjvWg2s7)y-<^RcPjA&(w(lW-mpnZu~VeR zW+)Bb8mg|pcRjLrk0SWk#6{;1f6S}flbTmCb+Qk=qgMKU9N5^3`-(meP4EVr^wsFbY$abudpyLXWg`*?QwTNi_G_gh(hT;brrFT)`gi{`owd>Pds^Q3>kFfcJCpSI-Gj z&Uw9;i_2;;8D_QU$*)JU71Je}rL~5kY(AwI#wkN>0A6MBA*Q71nAu+t}{qafNl&LwWy=0W0bXQ%BM)g_vv^?|NY z9r^|0|-0CS#S{?~h@GZ#>UIPM_6^XEQ`OcO;HN(y4XK`i_p z^jr(b@8v=F*D^uI1_#M21_4zp4U>VOdFatv z#3S#{I!{=bwLrPmWxc`mqpUWfy2>{NitRUAict&muKR~!1Ch>B8D7bopo4;`H&7}S zj!_x$Vb7|I=80R3*aG3A-~yi)6(;*hoDr`-?Nnbs8DxYIwK3fYUQI#MFc+dJbgmBC zmIroiWM0xQ;HPTgRhaa)kxR{N?tZ|eioB_{G5DQ5oi{nXnW<7;Yj%?lPlKEmZtwod z1J%YWw^r;#qjK-wGP}dn+<#`QhtlcfZt3>Rj+Xr>DoB`qse~mFe@_Mq2A3xJiL8cZ*BIr>Syju zsEq+Nbqs*$$psLwg=#_FKpGObF4!zzCiPvTvN7kb+BzYduw1_@1zrw`&74DylDaL*R$!+$5Y-}>J{{-08N~Ke3i=V9?oj3 z&XuUxRHx&iEa}8^^R)IlHWp_WqVP-^QE|)$`{D=!2%WgxSz8UouAobm+(dL?{m?orUW z6X)GT#h>tg`A2}ivu!=7$|bL#Gx0Gu)otL$r~21#sfsd^J*FF}Jh)t82UkZBUQVvh zUxK6In9!hHewK>L_1IXg_ye;TzamN^8*70xrZ{U&-Is@`cr583#c5aR*A$9m!p`7t zWtQPq|GvDMpsJ!Rw0QNWg+0>rUp!U5a$vPqTJIS4%x@A%oU5gLl8vO=a@ z`xNH$8pGZd^=vi6TRHb%83~5Yh7`wD10FTmGdgIjn7_ZNIUeHR*L;6{?)D?v<*4jt7_?yY#BUsyR7y?M_v%iJ@%)WSz2Im?PRX_RRaqnnPW5gb9D#9?|v6yVd_ z+0)f?alSX=nj=UNr!KX0Fg0cIzB9i?NA<8X$dxjrs_cm5ls02YlOjC|4&pG71{T8VJgE>+V@up z=L4`eOXR%Pe@>eH7YG^Rt=RKC75s$^5{hYTb^e8f;*i(b+Q7rV<9}Vn9o5r)MS)im zyUR?@%i~gFpi9f;k`~gJ&8I~Zx(dL=wkrxR1id>~msRTDt&#E@NmkZPn8ftu98g16 z3wvPnbmk5H15XU>;KzB-mAELHvi7V0zzYZs>Lc;bXQc=}pTce+w-c+B|2 zj>ZVi{3rM?^lTVX1575cjLimbd(-|=^?DvN0K%X_NcgMo^@Tq&E8 zf~}qaMz{STDTey)j3PxV1>^$S%XWo2_Sr?C9zeXcO4r^gEOOa?+PXMTftqr zRy#z6tCkS(PZ}YS`8gk!`K>7A_zu+K5HYAZUD&U<1VZ`j466tE#C;Jt)vHzT^73hk zd%ui(I;;eS!b}RZ7>QwkCT4XlBcFiOHo1$=RF|h!-DY#wEf|>wg^i}?g?CKq;Jm|& z57zcXcb~ZZICwA#Ds0-NLHnkZ2+x6lK>gxNs3533Ak~m&X{>-==aK`W2CM}m^BF*V)px5^ zKhHf8`B`>V?m*U$xc^dg(&SE2)hkhFuVs%cDF+;s*D_23|DtAXc*}V+BWu+!CDY0! zROi>0{1omTEiC1F{LIw;0SITfdbWoJZ3?vlGx|pip-3JA(h~dvQyQSxmO=m81qI> zobqC@)qJ$=UpT$5#Quo!APN}GgjuJ|mKg#F_f+oz4@)d-J6mSO3f!M9geyrSAL{8w zSbgz!)6>;cD~QF{usY?{YVktRJYuTvK>Nk9_y)ETUa}F1jGT{&h>p32gBNRhv^!;h zy@^Vy_Q*3yKZv|CLXguk_Od8fO(3N-7HtW~a1>JuKm%4_tu&VbE9v*eox3!>R1v@1 zCm($@4o-m^rK7k@)g@K$avW{a;$nd%A2S~As#zT7HrC#ck^D0>I+=BCdXLlLXnTFY zQ{G#E(IC;yATrgb;hdyGO7Tkn{>PV#bg*p`gh>Gd%+wU{9p548K0a_;_!uEm0Cr=N z4KjYaoHMINZ0o#3ux5Jo>_OrHGES3brm(A{cF4X$JIafz;rtZ0!0w&m*7xThUq;cw zK4{r+n9``4|GiPYY^>>0juoIjfjI4nKh!2wtAiAr1_VcBbC3l22c+|)xVeJ}nL*W3 z{tb1;K~*1(ZE({C)g(G=I9Y)4fe8S$1Tc{Roe9aTO;q;ZSFY|?>igi6hs^xWRH}>p zA0@0Ds$~i`hzSR<0t_Gdx?y9fj^kCHObn!Q-WXAJT??NpI2LZulM{aX0!9-XXTa}% z18dg?4k7@2o6DmC*m)zp44j~J$3t*O%(V3A#3YfX%kEa_?tvORQ-iYd82ZbnG$dRy z%S3qY0|RzZSd+3EkU~1IsBDMVA4iMW{s0Aje|!dTumG?E0Ic~y3l>^9EdI~z(jUL; zC;dPzouMNu8FG`TJeaMO+aXfp-jkLzkxg3JI1u&C_*RxRsq6R8+#OI&#w_32cE z#7I!bjybJYF`v9M%h9i&9W&og?mcaDzdEy@^o~JTEqF=w&ry(5U!N!?v%)w3a%FV2t9~W_jK5K-`174$UBER zEFO2kJ^r2tGfxzalqD z`a^zCBKBdl{QEz@^;qvYHi=5eHO`Q%mJMfH7amAGxXfl6TuKy@%M44;x zW$r#x&z;L)v*TZoYlXSY&{%v-da`{w!pGYo z(nCMfIi0OnR*WEKnK_C3oWisR3-Oz59VDk|gh=h+Coc!0g@3yd@9$%W1V43lhFLfn#B zaid%iKC`zmAejiufMVapSR2fcE(WQg1?t{c!Mv*N2c6&Qch6Px?q`YT@W$tS6o)7y z+>XniZlF4a0Q;GeM0=0mH+ka4?DJBXe?Q9A)7Rh7&O-3C>x4p)u3+t*%O8 z!RGf43K!1RN!(v$_>5YJ1ZwS|h!XWPIGEHt3PAfRQ62EhU&>Y3xv#Vr&v8WT1I)3Q zX)wF#Oy4-yfNUfKt`e=4rt?b?6yMd+A8PYPBXaW#(Od`Tj!48 zf#YDO2^EA(XD-vDi2}>6Jf@46_+Ck{&YxhkclyLXij_}|D1_u>u1P81AY{N->a`v^`dW~gazE%rz73^R&2Nu8qvSgp4e=7~l4vkg3o=lp z8($W~XbMm-c=-!4WkiGjp?|^RFFLIJrL`CpMnL*?DD_V5UM)z3RN`OgbnaDPJiK0R zBtIk?c|XL0APW_%*a<5BYeohd?>0exHAR5mm=b9BXb08hm`42NSjt_}=htG=>ddc$ zBYBNq%T{@fUnv12G&{~8{%3rRnUbZ05zv~VY)7;s@2kQ`@g5XUh7Lkw%5?nysi03|@GQO`Zae*WW#!q%h)sWc z3+yyHStHVb4MM;|z9~>~x^1F-Z5oC8e!dMy-;&SQrq=EP8sda7ouowmg@Vz4E}&;` z0V!waTW~wf9_W8#-(T9<2Y=xRpdk(@*v`Byx%M+P=Jda3476^XjC`EdYFV=Wy0Ju)(q-J+90dr~AV3>6ftA(6w- z;-8pAM#zgn%=_+fU|&Tfa9xk&laI_Co)nO5PWPf(S`dqCNb@Kx8TF<(rxM~yI$;3@ z`I=($)*=N&G8{psH+3n;htKFI7vtfq^ZR!wB4K=tm#+-q?rHL;+ZdghoIJ`bX9U+i5$sMoz<$Cf!4i~(W=bxOgr;to@dagt{k`G*j zai~s)YYmg9NX9vfEQhD+CffpxCC&lXE=CAb*x%TOcUh+t9r9j_bzIT|mq^-`#X{v`5|U!ZO6(YIvsD z_gl!ot-ZNVkYGo?hjA%;>l)$#I7Y;ydKoX=slZZgDPqvDjSTSj%U0o#pd@7pFECE|i~b65$=`?4DX zCZ8D}Rms8?6|AXn-Hcg=`Cyd1u9U9^#NPw`p7Srk;hLoyu^yZvAIG~f@uI+FeS;L zmfmKLRp@pyUUZ2)EA6rYrLGE1nr@P0@KaJJI>p5u+;p;>o#++EP;P53iSSSbq?vxG zo-nZ`gBjwMPq@ltn^7OoD$vj}Sw^Qn%TBCx)Zq6>?g)^*x@bBHt4|w^j;TlJb#Pi(!zxcF5$0OgfsUY8 z$E}?v9U>n${wEedG)vfqVxZLIs(-`Lna4(|$KTBIwiPe|MDdDjxNi7O*WesmL@ zQB30<6cPNjS! zo};}p^_Ubc4S7d*N__X3_q89k@i9ZzW9t(Y-1VP7&%CI;o6kH0&^bj>hV`?{cl*|4L{y;=LFt0VmyYcOWr($czDdf4&^gGw_Fn z{i>n*njCL9Y?!CiY5<{Fn2lUEt?Zn5ro-Kns~QV=ClUFg-n%s}Zjdv3*eR9Q{Ik~! zmU&#!yv}Pj3lq!L8AMoIRJ{uiW-h-Bs~K`lJ&Vl@oK>yqZKo!{VCJlNRiWO^<@8U(Yz(3#&P(u4<{oYEY7$po!agW}E@}8~c{L;}ukFuet4mA+U&b%;dvVQ2D zB5eud=JDTdfsNI87*QhRhGMK;T+&60=VWf`Rr1 zO9iLR0@b@L7GBA@X( z0ni()Q|xc$?Cl=uFgx|5L0wULXDtd};yi4s&@F*Vk0?)tcLDqpGxWc#=usx%+ICrj z6za!`N1Eja`J+kM(;^#4!?`Oq4*a3V73H}ppLQ#-0{VtuvE{g)=tVcGKejFYdF|r6 zgvDsSBlGFHti~pyBY!j8zNcP?^}=|OFGJ7qBnkWc=#JQhxp?Vk7|U?GVD%D-7XZ%7Kf=U(K6RPzO0GQXPK{jfVKKf;H*aI znXo-Iv-HccGBWnYNnsdaRk7(+Hva7+cu-xond67uo= z*;TCE-1Zw>M&XWg;{a3M()JHLpQk^^>ns~NBu>F>5P?KDrdzXtD+a~@_lMbxZ%N$c zCpo)D1#47rMLD#<^n-

?^C*IzMwvEc8+G_g(0Tt9kHFN>dsL!lA>;kbQ?jvz$S# zug7NtN=PN_)K|{c#V(RC)TYnuO2TLS!K&W&cOLNtQ(XWyD=IFhRZp7189BZt3i-WKQ$3pE(no7>v6 za*8P=P>;6Q5S?e)-fJhRLL7^Va7|*}jHb`h*N9_wBNprBCs)X%pjyO#a#cPu+ls<5;B?`1MrBk5VUJTwsM=V-)6 zJn`NTHX3{>D-?0{nwFpIl0Y~0-8~t=V@Tmdqpb%vQ)Jt&S^s9IzF(?Rl~R_<6T^iX>M0G5w$h`Ny7lDos?F9ZhSX@)k-!)v zA&)6jGNi$%v(lZ4v$q-Ygq4e@jB9u}i(tliexAh^1pSYBscLO!xS(Z*;!A73P; zUx-(bewLD=$31V|%aIW)rcLNt6l)rgLLTcO`kkL?TJHoNcqW7tOWwi)H~erdlzi+! zxui}uwULSu8cYykjp-TJ7%Nxh&HlE@UEBv7Dnu#XRWIBi1+P5AynM1AIDWg|eytV8 zG!rkBk)ahLNmgyvhZu7Fy&Dn4ESX(tnx*Mq?M}tp+v{p56-Oe9Vc3sMb#0!)Gv9?C zvlB6lD(cHQzv8d-txLf{PJcVO^4iERVxOc`QzH&*e4bRvAUCxQ!J_QecIn=U(w{WW zJw@(Iv9z9)F`W5s`9}wI5OZ~tZOd=A`?K~JMsehS-Nd8+U`Y#;D3i!Gp^-t!WVJbH zAv592Q6=i8()Rm#lIqVKzjeMG(;Dq~8szmxJAvrxYxE>tIR*a<`&&b+Y>%%IrX@J| zFnZzRj{rHd>*CrBEc-?%`6lDF+rB7uX%eG+freOSW+r9?7{0NQ_|r7!37|WQ%UH=! z?y9T-5p|1xmgrqu8ydDV{c>?eNQc2!rTH3@au}46P1sukZfu|(L+uf%L_s=J;9tn-W^KRhlvM1KZVUfMS{PxG%jykLSgH2`8^eeE~IW zOTl|FfE`&{AgWiF`IPd8TASm8s4?4+ic;f2niAlo#eA|Mn++$K#rXA8g~e9O^-UgX@3-Me;bxb_Mtl~>b1P_~ z(tru}h{v>N@YSEPXO~;6PhA))Y1`j+)DT{pAzBP@W5D%nupeza2)>L_n`RT�jn? zs+~(3$Dm^giEsU`mll?(qB}H6mnw_ZO<3cn@ll(^sDZv}PWE&c_!!al*lyE{knX2P zOT?o*!L#aTVYZf@f+U>8Y~~);XUE^aw--@whQ6|7H>$o6ivi~H`NCD*Us4A!&TU`L zwt8|5FVM6x6ISSZ`M)~InuK5X6u>((yv8}G^y`@VqLFi0Rh_J?94M%p2rb*CyNa4z zdO>^^f5Tu579~3;*0-}+V-6d^+9dtaIN*n!w&s}3Bs7O80e5#|y;OldBeMh3Li?kX#K3YIYBx=&!A_(fO;wj=BRjhwO zsHgPa(9D*0A!E_OOz8WvLnGG4?v`AS0|-nhzOX%pk5^&a^Y+=%lIZtlf#UcC79cx} za)I4=8DjMJ>HVD3QpIX-fEsk};vr^Q)ZvHenv!4Y;A$JT!3Lx9NChpf67{s0Xylm9 zfO&(a4G@w|B@j|ry>vo0)w4q}{)zSNiSmL0&sUyT*VDhi=tRz=udC`K^kuA-(&+~(bZoG z;4X9bE7Ec-*(7eWqj>&AX1v|NPPNoU;{?>J}Rso^71FIhx4aUp$j9kd5SOx zp%*?^a|sU=qg4GK<%*$~& z8-ShqGl3*#;PL@I$0>F<#>KRk)kmovipOZVxeJRFB*erU8|p(R-#+*&d{Kpc=*$l( zh6h_P`4gh~0Y-(+A3+t1k&#ijb_P@R9GrReFsv958d{7Lo6lq&rYT~1+{#`Ya#D5K zr+&$2b#qrqR4|0sVeP}h(6C%qy?^rPm@v8X%_SFrr%$J^BrVE}mh`9oA)}e^71@P6 zb;uir@$)-90Ag(3nTqku31aR%*5w4Jx%xA0d6yOr6ACFN&0fS2GF$%@ne@aIdMqt{~T3sR#uW?6ZpfWu6uO;oX_BuW+p_9p!AS)Ir!~f6n z1r!)(QJ4M8An*=x6okS|DIo-?LM1!%{a+vk<^Cf3)I72b;42!oS`f=jIKgYkorx|I zj$Av`|F7xX&dv-?#GDo*wYDQtrTs61teVHNGTaJO5e<&k9s#XKgKM-P(!COQyPoMU z>$;M2v@0-PRdva-6)R-S-^jDvqs|)5o%*X(vN5TOW zqH5xx9g{5MfA>|oP7~GqeT2PB+h0v}LqVI!^vhpxLP`*$i?a8n>F02rpuL_>p+8@)5Y zE=5E}sw1?y8o}~0IY4__j0}(t<{;e24wLF?6gxY6r_&va(mQgX&FX5P&1l8q1aFI6 zV;J#jm#Lm;^y&AJvZkh2Iz7A^H(D@m6(D~u0_X+Lp-PZ?akfPN1yDPDan>i*+{{e9 zkU2*krIz1fr81U6Y+O6Z72b&Q6S^PiH@xc^g}f%-&aEy)>;>O+KB9 zIx>>k`sQj=jR+gmY%Qs)(BLpurum=!M0G4zb6L^j;gZL#2LfGve)Z!=*zr+xb#?U{ zSb~%6b~5>^XKO+Pzf$Y_U<;8wZ-*lne}tjtWH zw2+X0sKPRFrWQzM^V1vjz9f51H@k@jv!pPnBb`pp%8oEKq0ix>(Ws}-wn56grO;7g z=2i~&$PSe6D$JH3d-kfoWxV=J zRY-MnDL->4q^NH64A8$gU0ASH&|A<1W?U3rK>3lO` zPlLfAANPEGZj&R!_kP~|1|A|kH7Eu|Iln*alk@WBRjO`*Y<_|i0}V_%4f-{eU*Yn1 z&+AjC2VTBk4U~RC4bbKIjCsseb8E7w&fkk`M%UvsE=Q$u)AEK%V+U#u2}A#&OVJ&r z-u`N%gRGR5moK|lNLRprHS%`LkB0K^{39iqdCeQx&5nk z)D#uYnBL}RaMAi*#1@!w88G>r&tply#+Ikme|rz5 zG3rMqhIdg(v2(UKFi@@qPWK=qp$1XAc#)Bo?FTGpmyjAfU*j+|+#Cv;Snn{|54b;b zc~w7}?gg1TT2y3;N4}O@tHFp@%2U%&57EP!VYcv5QZ+^mK_lWQ)O@Ox;S&m4T}%)r z9U#x?25R}+H?G@rIxgXx2;Bmmy6OUzyznmBLb|)Xou3~Z++9|71pGDcV<*5ohZL?4 z+^c+-b=2m%6#`Aq&PZ;7)yW!dJuu{JudB)`#%ZOcEm!b=ON4awDq0R$71`&0A&RkB zA4Kb4mQsA$nbR{3yuRqWp>j!EW>kJk^oJ|eRqBRT2}sQGac4kc_dOw-o_U8sDJRt( z@78$;o12vkh9n(!UNIOMs`}aI{J@)*j}iUe>g%N^Y(VTGyR!3U$LsRg-G4WGTsVXP zWH^3W8rEA`?<#>26W)vEwSiI3JsNG z9z|#!a%Hh|P~Uwxn6~3(vZyQo)cbE35IN5t57*`*)0?*P@Q|s}tpNTHLfw}JF<31L zqz`=l&Afe5?gH7}Sw2^Q(p`Tgl*MlFWW3&b8duH1Nvpnl@LCJw_<%dqg+`}kTEzCv z8(q?o+%GHXt+YQ{NJ|q=Ly?Wme^lbRGz<(3-iXMnOTg_ZPYmZ>ml~&5{Oxp~M1uWSbVEi7_k=f0z}dSO>-&e--h9WZ zA3m&g8g|82F;6t)xz-KV*cFXTV#dK&=J4*=tNR00s{cfOfnpaXyqK&PjEaVOs5q$H zn9Ac*oojiV42^xiOmK{eMbtf3)UQ3CBx?#O+!7+E0hS1*--kYT|9Vx&prfv~zWS}g zg(U<3EMw|LKde9VqTjC?dh>BazdMD@o~vO*oKQ&t>^?omHNU7Xi{*_4Uf9#T<$`!< zH^-2Q=0<^Im0UQF$gus5RRBD9+O7{qPUD5z7_Wa9 zxwgRt@kz*?89{m|Fgmx%LH53_^%Y=ZEc1ad#yA19tQXiVlLqJN#ISi|_|1&24Fbr6GgI9^XCI ztZBd77{BMYw3K7{h!&Rq+XU5UuC#encW6#l|Kf6PCZ_I7mxAebh1|(e_cwO~ikg$Q zX+J+Gj{;eJ#7ApG<MX)OgHQG35&L7RMT>e zN4uw8_vup3t2aQ2iuxS(GIMC7&oI5ZR<6H=Svb3dc__$BIINX?b}oLRI7F}#x-Er> z-?n+}hf`iZbdj9!Vs2*5vbwso;K%8K9lin6nL}%h!JACRBPQzvV+v5&p$4hN(}6n>6Rn{IJPgrNpt0t`YTKR1Xg;fXpQ ztM_!h%>wM?DaF5ZswPEf0Zd%rs1Br~T)9O$xqjwUEAuXGm!x_jK?sb$!vWlcDk?ev3dy zI#`Qo`UT=C)m;n>NJx76S>=7VtOVBMjd{D&i7I|gQ0le)Mo>IdA}(b6sUQBPbVt~o zfbe5g|1Y+QEW%Z~AS~R@# zm)z_fS88v7Z zbjk>iIpFzs{&aW)&9KIm(fx{GaqI}ocU0uc$Ox|=PV7)sK{2K{f_SJ-d=5_K5 z#Dp*aA^SH4QzaCjr)>VY8}qMcZ(wdT6Ea%Jy4nAAU6tTYkJ-PIOuqms5_+y>zI5>9 zB_J}x9)b<@1fYIIcy8$d` zI!TpTLGA9oM>9pD@(Tc6K`kHn_6`itry$&8JpaNDmL*F9i9ntI9qh?FKyUsrv3;hE z1mjC2{N?TXEE8rzfSc7~a@?C-S)zA0?{LNI3$uxthnAFD686&Of74|BEk=N5tiC_E zGxcLpRt6CFf!|FCSj2!hC!h{+-3a)i$3{5Z*_rnD>8&fn)19Kt|HfDS8qCm?Sf}s% zhgisxDh?df82R57vkKv=|FjSC7Eq_yy4m0GE09niI67ePUp&;^Vx+e#O!-ekqE}a* z(HHtp*-(ayUdkl=r|QtFr+Lx*?>gbJ3wO}wyKNK*{vd1r-{u4Q$z=BVPY=q_^dDYU z{7=inhvk0w%g**0^wo%f;K{$GA))k-q~=Y4(cP^@d(DRrLsRM$y$=W8)ZLVOy7sZ5 zlM7kV9VRlV(~6i$spXSEn(vP26v(2C^BvD{W{431eO1|H!2Rn9-k-#P`%R345uHe} zVL+#Gu*4k5Z5IK&^h*aQY23QRyz$>?&r>l5i@hthk_UQ=exhe%ho&?y_=J3W+;NkP z5;(!&TkgBsw$4@&=N)M;?WPZ(l&9TiKg3ozl$BKlRe1unI00k{jkB%m9#H-|clTCC z7Pyop9Lfh}rH83_m9)r?J8f`L`h7PT)dvWaqHVs~Vo?r?5}vzNYsLd3WY0>A7b9)> zEml$5IOcdy-9zX!6DXh<=B@`6e|qhUDjlRkQ33}ywFEx53v~bR+SmeCu+`mXBg7v; zAc`?BxSa3t6~xZU{2LbH8xx-flqFday0VPWxnHXbFEP`ua=UnxEX(-uk)`4L6f?ki zZ@FA?>GEC&r=mqRFDEBw{24E^Nkmvsyo#j-s?}$^>MIl-*w|`-ym=>WO7l^1fr^@1 z?7<$~uiDK`p9B$*U`cmI`m6!Z40mIsob|JU10^O4bz(IoB((q4C zg~A@ctH7CVcurdRNjp}SIn_=cMaw$+Fy&L=H*2B zDg6YcK19EGg}a_rUJ5))f&k2SPo_0@48so|^ zBn5$cpTI;mF5AXsZwaEV_lD0dL@|^b+H%Q{{c$iaDQk={4Gs+wYv}!O0?BKJ3q@ew z$aLgIZ5w>u=r!*yAon)XNLiJPp5LR4Fn48og&J+Ds(RqM=l}yX-PkT;m1frQa z#1{{lJJ}&+aX~@8Vp>~74naY+*WwsydrvVi_YU_hqgIoIs>saO2yn^-c;CEbXSPl& z75$!BG!BJUU=-pb!fgcrduU3JlmU?x zLr7d=Yt?WPqF5{Hv<}()AIfjblUA zBIgiSuIMaBz>Utyxj2J|yw$IpFmw7G0F0|CW76&X+}-`cCggUP2$1V)fVt|OG~XFI z6UFRk(|CP-o=PU;Q@L%O)8rCHlORPG5k;{=t@mQuqdYkKJbkGm6fOet81uMA(CzS% z;~0BNosn;u=S-Lu$>uN9o7R3Y=xxapth*K@i}*0B2*si(U!P6=Verz?$@2Gqh@KiG z$KkXt;2ql_d%p9DAnQoC4C-!Ru4*sfwjIk_I`DoY(a4nJ@Mzzj%@fz1`K*85(Ow1` zM%jgpIPM#Lud|NpW^qby?*CncyS1yqZI*-g;ns8gv8Hj(ZI=%pG6x~sjm*J!$2V}e zT$YL@loah3e5wjhqe0l%6PPTB{9o|(=cWJK>kwFoXdP*qcQ1dm56@dbcmKX~pa){3 zfKQ~@UtA?x_^ZIbHr)RwO|+|lVt|mm@K^!Yg|fQ4v|_mq8>2i!C$t~1{=T>WZ~foB zN?-FiECMK!htUbae&Py1xa~U$@xSKZ|F`4&|8#Bxb2+@?}fCc%ZC+SKVtHy(AYXezc zapK~7ZGCdokSfeH#HBqs?(Vdun+^LM9YV3wU_Ap*kL&2}zB1bX+KWg;I$QC2gwJm4 zC@&YAny&QFp5%CAjGUfv@ATD*(tCgBR#UXUAbV174f+d zG~a3R^J7?)tbjJ9d2!@uQ7CpFTKc%n?$q14T5S&ZcOhHgVRXXYXRPKUgH;?*mm`bK z;XMSQohPePf5@Iemt7p%uaaMykMt!MY3;T|TpU&-=AH~?r#`*$UZ2u3t>zzfA>UQJ zs+80C5@@@9kcIBDi;=`}3!A=#b-}{O*k5zeNKBGG!he^gVrph)1!dINtnpk=^Qxhf zPepFlP)MT7O;vmMoP=zmN&$RRW-;|nYcqVR_PP|jS*Xj)v$+`Npnul2uIiZM4KQc# z_EP_G6uDg(g~f5LjwtsVA3&_Jh~?#&n?lSd z`|Ev2C-tC5g13&j9v%)VD!_AS(DT`U=CL}`bK|=9`J%X*W4^bCv~F5&lE?Al>{?k` zF=grPczzn{CV5iiC4YNUmVMZX-Obr_M3R>KMG--9CeFf^V$SULL9C8(4P{+*@&%=4 zDGxQ~QQxc&OTzh&I0#lnt4p0g#qG`B`{N_?zLZByNuycvj-!(0zMeBxpH||M;%blb z@I|j)IXHy(2>=hyt)`|xlT(C=iOGBz zmV%iY6(Ur2OSJ%u!mG|Oxld<%f}eYB5jDS8Kb@fCK+DCa@(eG{6q-DtH_o>y9v2#n8nu(lh;oHz zvzDVPrQ<_fj3-ns?=kG><5Dl(oRw~yepD03`-EJU+d*q=U_d#b(etH&jHGpcva&+; zg0-pY@r-8i;~~p?i;tarF2_sF&u96VxSVIo7?O2(93j@L+dI{kJu;NdhpTZ`f8XRj1Bj_=|Q0bTfRD##t7i=pRfEKMR8`zY!Bair?UYmD}9V$;+ zKUTKgoMo_0Dxi?cD{OvIO_1tS3b|}vFFkpj`jU*5&0@YbDecFqH|DdKJG1E_ljXir zquzBjF_VcKD6(flu;C${5|3+OkRnMeA6Zmx&dm?TB9dqJZ&m_SbxtUDrtN+K5aGVT zn68{&ts<7Q=A^9mz&bi}=n(B8A}q&xg1sO@a;<+jV&md<+SJdsD4Z%n*GFP^y$@ac zLD4W)X0v@FR(>XhX;n-OpX!}IL7hmHjDg`5Q3Ei0%9@mYf+o93f zi=K+huZqFgS4+sz8%2x(M8)nILn`Md3wZt8*=-Ree0O))_C(2kP>7D0Pl%I~3xiRJ zNI+83t@K>YHTw4XY?zp2$TMwTp0i1@4K0Z+H*Kr@+uULUiVNH0@?;c2ptP~1)yYav zofHMc`+9Y-cG;gpWcEirjoC3+^oDjCF;3a0-ux();R5Kp@N89d`^9n>wIw< z)AhZMkIKr*geJKaQ~26SRf#B@GuKO5k_Bp@o7q27dsSHW9C93n5?C&u5s!4)ea2}l zsYd}NgkN!690c?6^YdT2dg|%vd+m23WwKN-lxHWh0mcv3`7b!>E@X>I49MV(T)GvF zu|Vcj5h8DMA7G20#A-&IUX z_eK{Is-v1QpS8+i%RAUW>2!a@@I<|~jA{9a{Q4y&nWY2v%_x=I*hkNhmzQ4ZPc|Yeo z-}C*Rb3X6W!vE%nkS4X__O#HE0UbEKhQG98@Q4}C&%Kr}Ww2KU(~9K+ueRBk9KbP( zWW^3$;}7)-rKOuI%yth_@MpQOJ~W4Ht4~M!btZb)M@3|f3=dbXzDKBPXpA^bGHnRQ zJj?@_i~Xsoc)65b;?H){G9L3BYUfU5_2;figy>;9hd9+ZTqhUSj7>eVbr@sE=eI^g3m;Ygy$N;oinM zfb!{%1?a1W4uNbxb}NoNJ^$OW#8Y3v zoiB~(+ef9MWg@5<#G=L>w&3O}Ufxl4Jh;w|2?IHMtoBlFJVzuL8K-*Hrw{6_>Go9E=S;%bYR#Q_Y$DT=crFCHgF zhEle~vr9epZw#%tC9k*pYq;$+wfA^_v#0LhjRX8@k0FY2A8xhMm4+UB`eb=8 z{^BE0c+9Hu)(6nk|Ivk|%cMqpEFPV}K*ED!#cm@#yo|i#IE-QqSvh#L1tWZy9M8Lb z>(<=MJ9f(nMB*uSou^D+jvisI6|25~s-zVe8Tmmjvaqr7dU0h>)1~38>UL!-^uk8@ zI#qH?D1A)ip33g1Gn|ot=hw-D<*3k;Bi0x}e%g;3%9gaQ?mW0VIQ7tIzu-9M;5rh&ljcfju z_JIP{BfE8$j@UOFY4eMk@_y~^b9SMg{L+@|)&3!Cf|-j4*hbqXS=l^?WF0>ZF@BQ-R`+V z;+O)*N~$Z%eqJ6t=6ZOKlU^XMMn1RdKcG|hcLgIjC7DBykQJpgVX7DBeR+!;f|)J} zbfg?{qb8QW0H7}g|B#(&KpXch?@ZOx0$MSnsS-KzJmjn*3 z*?F4eeMMEL#qhd6#|LxoJjz8Tv8GT#!w)hf%3Ht4dtc|AC-;A|h$Q~wOLf(HXGZL16@Ms8+ zLQeVhD*DG;;g*16TZhSC%3_?r<^<4N;}xaPl8OYYo7H8d=)gBq>8m>C%X{6Sex4nG zRvjzie;m+Jk1j?P?vk;7wXztgkKNMGkr~^3N;I3Hclz;|vYAD)6|7&-l4N&hd=$p( zwvE|XWF@SWl(-(nDXK78F$9i|MjLRJe0rLM?59mi~SdesUGzW{y~2sBAu^h6dKmbB1113pqJ zpq4E4k z3fIQx3w_k}J(U740iGDbe6|HddsEy@0m;h^k3wJU6W2u>7!YAG8|S@jG{a-qgyzDS z-TNS$K(1RuQLP#pxSLz)XR#P%J+q2MU1)`W73$`v_3|fYk`HC*<8AR6^=DZ4Sap$^ z*^koe4i0Qb8o9CB2fg%QnnLzZpxQLx+4Q19N*TMQ;b+Fnp!#MPSUZ5+?)t#2!NPe) zc}f7zi0`?jQW$?SCXSxv2z=vpV!aPwo$mhpvL0vF!-w9M_)Vun84rAvl!U9-J9f#z zB1NRH0>A<>edVj2yLIAkvNu7RI+NVNSTC}5T>0?66~9FUxV#%NYDzOP!?vyb3eg$7 zU$g>*v}o@$kYRt^^`gw1NsI<1Ohd3bOJgd>EDkv>4$oJAj}ElGNV@>Dcgh(VC9qqA zTtqR^LVoZ3^P0vnQf*xKC@EOHP+?+SjI?iOPav*1@qlQ}h2K`5K5l6y4W`FGy#TqL z=>y}LT9ZSn+)OGhf~g0(_FO0hRXSaG^XuF6f|yj{&k?kCsn%eQWh;soNPFiV$|$n9 zvd$ymeJF89AoI`Uo6=f#u9M#gP+g1)Wv>cb(%A7Tx_`EDKE?CAPpqQ{m)WX&sh@vATepj?k(O712c8VMY2#gI??{y^-R>lr(oFzPeg|8z*^; z^Y4*$-B&u0*BAo1H8Rd{FENsf~(G8*-`gaLRHs;9Bt%Nluu5*s&7@Ma`NDNTeod$xylFC}6z zm?(r5vnCq&Bc+KKzRaC?Ol>fv*Fa!(B9*L)6;i5oTv;^8;Cv&!*nugxhXPqY|EfV%93|aQmNC!i zyd|RL-o2SuIK@$D@0Z*5JWEwa{-}q4b$*e)#ROd z9se0Vsm*jgtfiuOg|UCUtqTxMkk#IP;#6jvtgcKFdfh(v_RE?MyWQ(u07y*g%eHa6 zY+i|&;(D=WX5S#NDd7CwuS;}($aD`_+PS;s3kA@gPe69Wge86tPHp>-RNMdkYIY>4 z?Tfo}x4!!>7^`t5@5Bqxq4Fz3z2cf=YJwrRcbk@k zq04`5y?6I0As%NDib`nsSJU9L1$RCFIqC9$RQ3PMtpAht%D?aM|7Mfte` /dev/null <p%N-8ND0ynBAp`L9YZ59Fr?%#q<~6;3^2&h-8pnBT?5h#E!_xG zL!Lq2;EU_~bH3}Geeq)hdq2-w>$z929jL4*h5LZ`!HpX?aAl;$Rd3w5y?x`x&8&Mj zF@I4pJQu%l(#gCrz5vU!*8V`o)p?VHN}odO!0dTORw}eK!A)RGds4i}X1) zCFKLrh&SJozinr+*gool}xV{JWs?>HYu1W@!T(edjiVB4_8~?;y=~Y))Bv?(*@c z@|j;&Pn-T-oW!mAcAyCT__QlO&yfd)#P%?Vp8yX>W?=+oiqx~C;)f5`|u@bk+d4q6#Y@LM+oOFEMc@ zi|)A9-ThR4<7Y8`Er%B}S+md9E3PJi)O|+hNl6&ryVYqFz>~ zch77T`Y+DbHBJex4mz2AQE-}n{3t9T?gapa&3JsbOU;>W!52VFTHlywva$D>f~R&Z z0o$bDWO_MMN-A$U`-Q7AfIU3n1(w6<=%~l$kGz;}w#Yk2s|eA@(ul_TAIKJ!?J0ze zlpVg(d2WJXH&bch`OP(&=q#GXQ*YKM5uq4#oaQw>@RFf~ZVh2a_H5W0b7)~0`1l6R z^hlwCTCF29$|m>Odx>%{hM5;gr6ekHoG0h2KOwzuS)AjT+)pJ&mjB{8T1QIN=_-$l z*CQ{^!t>B9Z~ln0)lah?0(6yC`1X8NaGL0SEQqmWcB)_kAHDjr)8ILMKxSh}&O+!@ zuNv7`5x|7N*pnIkW&`K-&cxasdEMpNg`uGZ>6wI}(Cw4bm8K?r+3r- zXlFpHJ$xUWQxwp1yot8;I=24dG`P_>VnYcCj?Grry9AwdzJ@PBW2%lR_Ox;5xwtU( zB1mg(Oom%=H&g=f%v8^JyPNR1087_PgSI)DNP+p%ME*TWNw{!Z zI1NNYf1fsGZ@KYA=zctP7o%9flWvlm+^mSl1{mcN@HUkG)vppuNm?%-7L+8hn>gRt zu;j0HRxtHYd@2)+vCJP zWuWb)RCt7oC-R~W(apeS?d>hLpMaGXIse2Yfe^1gab8sfF z>7$y_O7050uuvs=;Vp}?*#(oIx!_)$a3zJ%aOgZ~RdL{py2B9ulg~w8o@UA9+BE`D zBMf%$(~Al`{5(qc#+(N7kDj+|(vlA_#S!bsFoohxW(ynG_r(DRXL8ha!Z&Ja#f#bY zrA_SeTp|$^C!SzF1UsF(ZD)NaQ`|xq%(H#9zl80zhQHhP5z{Fn8{cx)i<p4Co<*kBJ7&*|b_ns*VL z0$c-S7tgl2H9!Z^p7r4*viPfg>l-jtQyQ`a)IJ`MMY65>4UyJ0PoDoaH6P-=l)}qqH-V?-HmPVEW`sixS?*?9EY92si=kbqlUk>PLtuJD8xnXFo|X>C^b*qjQ_fuf$D*R;}@RB-_L2c3&GP$XNaTmfgF|Xf*SS?KGPod-?g`F zdjJ|q%8UcbXg_P?=7=B=T%;!{w(o2*mGP?4qJ~Di=~g0?UDg+MTv#i?Kdn=%gDA;> zr|I6_7h4TU2jDBSFbS&%L#(4q+xfckpk)%k|55VQb}kO4PCW&>{!t{Fi^TI@hn~@a zwQTZ}sO0Rz+H}axZEwbz=AA{)TZ!>Y=0q3mvqe(| zLSq60#S;mFn-dMB`{@9kG3$wFwAalf#;JFM*2|*cw{bD3Ut{`r_Nm-$e-@NrnO9VI z&vr@AXNncE>2cYi!yf1W?Ivbf!6)LXD<*~o(dmOS{n93G>IsSFYW?9dd;-LY+fTcm z%~L2MwOi%j8oLtDcL}v`TGoKLC7w;JAUs4Si=rgaV(MkZnF;BWhFxr(`(c6mpI>=X z-e);_J!FR`Y?=Ez5&A7UznhIuYT6YO6$CEgTHZ&P-5z9~36U??ochq!Hy!$mWKVXP z{mP5YDLB|vq)^*KGAU2qg7kNNJdcLx= zuxOIxMbh&v>uiXc@;B4L{7MbbMjiM-!yC|le%_Y(vmKYFA@xvhE9;F=rkMA(x;nQA z!PHG5JCon8{@~lYxjec4^&sw-n@6j7> zE4#ce2*0Cwq)%ZAa>bjE1I~Ra0>L|aK8f2UidY-q?H2}Jyx9@x;E63msptTt%=<|K3_05 z$s!I8c{p)IG{a|>_PQEu4T%6WHK+#uzS&LZZSIh2wLH&>7{BH$9v~xC=ZxTdtfB<5 z=|AL~B~PDN1o#ZGibP;A?&po6$Q39%Mt$6i;`s zBno?qx(Mna@s=Sl_%gT}#=h-1li#cBalU#;_w@wmOt7?_YqmQ*b0G)g(8gF*H7D%G zppQ(s8Pt|Pu|aB8{`#LHfXf|OGUM^_*nbDq2r;iD&<0yHQU>L1(j*k6K2pQeha+gq zfBxCQ-BflAZet+%QV1-2K%@b70GIv!;aks(~KD4;M$5~$il12`?0tWZ;t*gQy)mN&AdYm z!%16PJ7%8*foX;AcqPS=#Ph9BKikb8RCf@%!OP8|^m&s#8|T_Wh$R7RLvUuFlDxNb zGis#YCrG|O*c%_4>9`|HEY3F3@giD92^SW|xSjEEk8&_3M(>wmOmuOMO}gEzk6wyK z=52e+&jAf?%S~t1*fT%PcPN7+K7Hy#a+P2V=`Gq!;_;yUO%t%B+EoYsFF( z$%bwki6CZqGg&g#daeX43Z_?3@61;SGa6E8+MHNUWAm)ms0;!V>pvm*5?%Rd=OGOq z6|y(N@E}ed;>X)aCGj^VW2GlgfLW7^YTh{^!r2uyC$BtnZ7NS}HBL^pH7g2zBh6|8gX`dIR{$ipEP1y4J?zu}9fQ4nNH^wIIM19}R zaw96K%tL}TbuAsm$7a@`J9U;^RJlKrz+~Q=xb=IoeO&~3EO7T?vtlh;A+*5rRsz`+ zPY0_YRp@fYi$(_}FWKVL8^-^P1mePO@! zy~7}4^)&Nq0fYO(sD|e9VP1gzVI{#;R=1!fjmR86`Bb?gmc_K7Yh$9&HJDh}2cZ;6 zUlAs=SztA+4ZIyb@0eUGC~H?#R5OS zSai9MH<1EH90n?{>xt0xDzofA9k0tGjFxQy4dP1|G{H92Y|1PJ2L%yX;vvC5osvB`P&#uO|Gr zLg4Ev!GUB{O;kCZz@EC;J9$D~rK9PQ9dIhYUP4%NOZXPie~<1xLv!Y>n6Go6&3kKJ zW^GJGf;5U==le@kr+&%*mIx^5)rq42t0qu%@c#c;g!sQv@nDnx3sVL9bM4$6VE+5| z!_h4e!Qc09PJKAB|GuXGBE?`2zfBofdLw#MNJK+?acq4*2JO z2kZaR@@*NY>D=((Ql6)qRxS(|uyIS_N#&>naAq^2<#)rulMH{6&J#iR=4G@l-nPKV z^x@=dyVjZjJ<93SX#WC(iz=W=KJy}j;z^{hRpkh zR2|2^=KWgRw{To_Of0*&hFmi0vYACH=>-mdD@^1vuDeSK{Z2H@gC1(LSv(Xm|7jpm zFyI2Qi{SHOJj~j*6xge_d$%>M6lBTjrmOl*+;FhfQy}W~)JbR9T5cxY-kZq@5f6xT zeX;vI+TSh8TMjww#71uDbP?yFDiv1au5W;HIV^N%{5_`j#rbGX`4J0MFy~V5023M9 z@6`Bsd^oN73!aVZV-ys#1PCQD})|5RPP35J?Ec0e6O~}s>u-X{Xg9fV2Eiv|c z3E^IrW%F~fb2eSyH%`)5dRp(#dQ;N`KsYC- z$`e%vYFMHjENQ>#DBpD79^FhE;`mOMo6U5*`ujV+o8K+WdA@3q&p`EeOYCxq+aqen zc!z3~&bMb0Mg$2TP+NOw56ROC+2y^AX+@W%w`BsB-tkbFnDm8{H~yF;J&mTzP|Cqs zcANi;FEgc3_&C9{FOUPxpVsD?!75a(Egt^6c}^4Jo9kP-NLtT0V4%=dMbh#_(~J`o zswbWEcHH7b7%l6z%y0<)m1bkUAg!!P(`R0EB(xI$sZoQ{>D02!M-2r}%1sz@RunGs zJSoJ56!x_p*ChUsQ`$M$AGE%>PmG={pzeD?_FQ8>X?gQR9l4T7kZl(Ag4b!Mxb&-~ zMq`UMow}A6USj4lLrwm&?kqaN0X=#UDFzl~80H!u+$IsFuvEfz(|vT|i@-`#K#=)c z;3)4m2d2EtD9(IT5_ViCv!&HqkoXr3>p*0kpWNR4`N2{2N(SEHwwIZ|YJS`bKP_84 zI8$Lb#7o%C`KNwhZBtJhPwz_kyJ|n1+LiMMPy%XqcaPveIR7K#vXI`SfHy2p^eV$; zyKh6Xn+l(2_pLvcygG_cKSA8y-9HlqO#7k1%lMXMkgIU4*7?N?Zpj}r5lbk zS)V%O<%MlT7QJ3r_p4jW72AU*6d`NCDo(94T(6tIeN#4DL~Yp~%uR}j5rThsM(8`v zKx)k)Yt&K8$l=|XMXubuPS2ArJnyQXjt(@`pCaxi9VR8ar{pO?8j0V>6hBRjACs&s zJ{yW;I1ic$?FCq@*~z-U7#MPC5@52;l+&~Q<>bG#z7S)B%)Y41uP!yE`# z@9%?mXzX%_Mnl>lIRCx3)d%tcIF$eSR%isEK_RP+F$1y#Ig>sVH-6Gg=@@ z#iMi=Pm?=OM=Yx0W_gGbT4KLJV9J*Q$e*%YdaiCKM+A!ZqjRgd9kZ{89dMjNpyHm} zKlK(3XY_eI>4+zBcV^zxwdwvF@%`%tQ5l0u20q3@4ny8{#r&0(2lzUv457O_SThv}TP zaDFV`dLsJ=)g>5IYYGnVj*T!mm|7&a?8rk6Aw&WPZeeT-JL5iepMNo5Sy zaIThI%u7u$8%|08UN0bL6|^{!Ej;N`BGxeWs+haGkb`S;epzY`QrJ_W9v#D2`DK%( zp^Y^?Svo#&u@T|o5X@+{&hmH_YXLgd-YB?e+!w#oMu z`lQ^)$Jt)+Gu!DAiRV6A4Py+&b(*Sn$pzMuT7eC*T|O?WTO>8~N|6`mXI=E4a7<)V zd(-XOJ6BJN|J645S;Gehs;ncqtt6fdyI(jVm0{*9s9s;VQrU+^n|>DygSvM?M6w7q zu`cgrbZf!Z#TWnaJBP@wa?Qmsz~UB4Is+i%5OGmQLZXWzI=7Dr^9&zOiO8n=s7uf} zOnrv0-(aVvDGgGtj;FL={OFOEzuf>hOcRir=F1@! z7(z6*`fK<8s@zmS3duej2dn8t9%fbrHoQnU0eVV!p~dy|or>L5Tq0C`5>`O#yF&c6 z%ak^p&N7C7AUAM}E^1lMGrQr%Fb#}9WxF&nUfO>*nYo&5Z!mwYQ0s8M{a%{T*>t$< zSR(OW#q2Vn-YS0e){WD;*mKX0-U67|$&m7BLfA{YdHM`)bpDihVH)0EnG*ynS4od4 zGcKBho&N3FrT5!riP6~dpR93H{B?*tK3UO-4J`}f_^6@zp@*BxO<~nYKrnnOP3r0F z)(@k5UhM zvHr}6>-E zi%RI4H+6hyMNYTgQ1{&CK=0Y7uXj5aqb5HL?>-C3WBY1OoM-Da>6x8i+japs(l@JV z->xmPHt%ocK1N#>_S9*OQD+Z&*ZdBz)aDtXonhYOQ#+4sn>@gZ@<(<(tkpC~eoKy< z`xF^PJZf+pFg2I9_cO_1`Zrk_z2_ZEA|*O7d0&H=s9-Hu8-L1isR8SQYOEi}^>!nJ zH`nO!2Wg}2!nJUT9+lJiU9cRX?;J{&*7?;2TVQ`l;;BxO$s4K??wfIV54IofWpSWd z81AT7eEE({1MPQUY=BZc7NwsG84>Y}+gIYf1hmpQca$5szwV+tY2k^M^hMgJDYskL z?xS#PZp2RLYnuJ3F_w$F{d9)}MTa5c3S~P?=-NhUSy7@&nh4TO;WJ@+Qtas6(*IjSlaL z(9nXPr^_rtAikf=p5bZrG2uTdv4Kp4RlZuDZjH>|4m#D054dsN8cq(Q%%e+M7LI}6 zP8tAi5;Sfz`8om%B+ylt7W1Fp(V!QNIvTs>u?Jlt`SMtA29l?D1USmMEby->_q9?Db7s4G|K+*Oi~Hv5rR>=nbJb%r;`dwe z?54Cak_T2WC>6vZtv%+IJFx6`zU=bT@AA~id*$W2!>V#_JqC6kojeik2VKH{Plxtb z%7fZ>$-+faRabuPL0iVZncz42{|~dp{};)qYf9Gg<9~YIk8We85x!6p7Ik(479K;N z&I`YKJkP4ojxPkcXOE3R` zli`8M((ikLlKI*$#uOn!ghNJWd=o`~=g&YoNh^e9Qo2ecIHuF%vv`^bXF_m(gnfnK zWzdYddcumi^IUvrC5(IWU%W)m=~>sXQ?@~|*GeqSPq?n0`L@v_YNNRs$!U7*7}F`Z zmfHX7xcAQJ`}qGzd4h3kwQnL**@430U&eR|tyn{XOO~_$PU+e60ukfP+mW1>yIUNw zeP1k`LNXmAxU{eB@KGgBq?E!g>xJ6H>q{6g5?QbId(1?B~;TE@R z(tPqAL*h+^pr)_?E}-2TaD4%TIE@qPQ268Dq}As?v&JYFq&csld<9#~xw_W^Z3i#wRVU_?K2 zhX|j~}P~A|>S>+K|%HN71EcVW?@W(X)+UxuSBuxw< zk6&R3X;0<8Dmi_#mb~P^=15p3jdq(g5;D{(saJIUh?V0O^^;{(p1)3#lJ>27t`;`_ zcM*%C10y`&HLGk42iHz-E1>&7@j$+B?5O^EJ5Ng5+L?3Yx`Mda5IB#&_kezu_r~ae zl-hrMlPTE1z{b?Uj)WGfPuqHyALHv1hTgfR8{+90<)V1*zczl)Qs?i(o3tqT5BoQV zfXEkYf1jLqtEOz)b;hm(N-*uggyHV)w8s?2fdKZLg;*WC%EXwf(&-sb8x9i^MT6Ax8@2-J2lp@vExgw|wz@jEvZ!tp)#TU_~Y| zgZasRj}Irwy>yg?-&NTW!J$@;GS^stLJAqJT5Y-WomV~Pwms)vPkGyqd6Roae=G#Z zmNOEI>XJ!mgpaF3Ij0C+dzSC5P^t|M3g|yOKG%-R5Oz(YWb*_;rz`QAD;+_x>M6ceAxh*>M5rg4Ok*w8z z(k&(HM((dWwac>D955Q1fg%vIOM7WKz}<4I>si~EfsKwSN34p4bp9A>)CK`|AklqI z-Q9QQl8PWC(&xSli0yn}K`eJ+|vm$49!oeBHiJo{Zd_N<(|)}(T@ zCNA&5QRiP-F8k?7y(bRc7A~UI@W^byH?p6!FGivX(;Hw56y|UvXJ$a8hN`=kXV{a6 zMVe333!@0N-;5grEEPfecDDy+T(^h2pz$H)=@Vo5_sjM>{?dLDNzk|?kL*IJssbil zN0qEkL;`r<&I4w@(f0g@&8=6mZYhMrH&)3bl5K z?A0&LDtQ;`p>Du3J=kk2|I@aUV-wmtVBkXJPLsXGjr43>R@C8B&?rx|z~aDWO(MeVVOBvMgT(IfF#sadYE_61~ zQY_T{wN~~+vBdK|y$U1@62`g>PuJC*?P$ogF34bStvL?&)LRH{z?igFE?4uDav%9J zvJUA1gDl2U-f6~qK4NP)S@ujMJRdhh2LK)2$RU(c5k`(E;0)Oq0Oz^in(9L}SgIt! zPqvK3`H&nk8pZPLAeZz!eyhM)QI)+I8 zl7|1{VDiq08M^!-T`H#G?cya_5%1=r(Pg1)7FHGGrlki{V+adKwS7I{MG=jzgKdCF z3KWOA?~U?2-P(dEAPUWFXnqrggNF(7omUd<-l|HX6^w5aW}tRzxd6fC?Z9r)KTU|t zTM7t=p^!3futUAs_W>x@hEt`LCBgwN#Jv)GV$-Sv1={r|kw-BrNOuXk)Ssvr&LrqA zhih=*b#}imM>Rx(!djkvqFaR?+NzsoY7;&)xDZWr7wQvbg=*RrZBxk!yUUuqOxW6Q zfIG#}@D*&VZ8l(qYM_Gi4~G5SS0=xU6jss#6G5yQdJ# zaz#-EYE(-|^`LgThP^1_Mf2=W^*p4lZo2pxmZ_Q?*g3aP0u$9)?kYN_#p*qtC<=Wy zx8+mLeGsHcv)<(!AN|+hhN~``c*@GHh&1OJ7(M$v12yCu-^xEa32VVoNlxfBZZU>? zvP3Hg!>irLYjV}f^DLr@mp&xp`pp@)5@$RjRQBbZ(9Hp>V>8PT5%tn%pnS%0u)sIo z1`cdQj>pq@O&GGQTiww@zv*_4Gef)IW)U0M7;@Ez9mH@#ut)RN)HdA-tVYT+M=aj0 zO3%a0Tx?Hn0-&Xq=pz0j&bWO5?ATo!)5gZ=-?u$wOT=1srxu`j7iJU8d?4>UJ9IQ= z&)31Ab~*~QTjImlB!`J5(B_sLA_s7)=aiGcv03Gyik1yGw7E{4La&u+#q9nIVz$@o z3$8L*oJ%Za%;R2h=Yo3W)3)7$C+dm9+R?V<^>m}siybv{!NS`viHXtRWj=f*295su z(r8$ElO)ZDsgvzz1o#Tk?3ua9nuo4EBm;ux;$B-QIo0)Pfim8BkfDxtJWv-fvJA(} z`5x|;%wrtB=PkLN}K0l7A08`EfcWL}Mpx+l~ z44`LcSIH!^K?j9)8musJI^edEcT6B@Z^vjNsJMJ$em&isbD%;7bM3g&|w;v{PK_VX1h7r>AbpalOnQLfsYUc9pMe zGoa~F(DsfWQ32VEKy|+3xE@rM<_!BU2IY||B#qRWm;Z=!@9gvATIJStLsFotFMb{0 zjuY4$c*;1YKl~;A_Eg5ncFrxwnUvv?mO3|``T9yQpG-v;g{6W`g_$mXt*8TN-Jmq% zeTp*|D2W6jLk){OvY|V1)4A|zhUJiE*%^9yV3GrG#X*xgfr%nq<1+r}`fugDBeprV zbppRkXN}#beDYg;@kt|rQtPE(qs+hr@xQ0crLmM~EwSEo5w2K%1dUXbCYP3Mz7&Gy zMWYo9SJpZ}>iTw4bL`?FGX=6{Z%b+T@(uzmA9KURUn6y(92M$`wQl7NZr!?b9BIxn zZHc)xd7;j}-10a~kUf|s-f%-^SpwSa-AAWHjLRGvCG7!(jGEie@Q%gD<=MI5hJ@fv z+T^f43Vq5>j|>}1&z+B5EN9_~eX!Q@M%UAMbt%Lw5RVoq%nY_nBSTZ*9cd=HYF9#H z55VoPl!7RSskX|6xysT9+;%8vQgn$+$tG7uOlj6ehk1jVR}mkn@jk<4Xy-a>g{Z@RYh*+oB}Kfw zX`EH7uNGI&ItpAo0m<<8Px8oR3f6-QGOcwFju)v%3dizr^35y}V$=jWgO>IC8ll~X zNKN}&Awr5+EJZNCY>q{cLS{U0v0BOM^=iP(%baa&s5D|dsk0lWyVh~kI@YF(Yxtre zD|Xu3wVb2osJAfVey~e<*Asn==an;tnxP9PtfkfTs+}t`GhB1@_GxP0n~riZ@*sm? z;ar$t%+0#Y3UO<4F~@oHFAZb_yJ}3c8MO_3k-JI1d=RHu9cIn958wNq1>jfK{Cy*3 zr=oAHq`e}ae_NB%;kn?gWrwknsKA_P{qav@+W6vdv&dYdSfhb_F(FE)GH$;!TVD@t zKIevy+{&Gj#M~vfC1QZ$Oz8A7Ps!%01F?KF5sU89zA~;iD#*cPP66cEF%0#zOL`iWHgY}{X*J~i3!n4e z(t%0~aSo>l2IW3suvig=eqc1|`0eso?qN4#vO{Xo7TlF)jXefs@}Y;8S>8O%qefii zsEJzD1)th2Gm9$cQ6Sg)G^2b8GvijWh+!8ksA4G=%sS;ee+#;|z@QUjg=mjq z6J6XHkyx$GU9)v|nzqdmFnBxj!!hWtoPx~(7CvtQQ?PA+*D`oCSZjiyC)x_ZI*Kf< zn}Z)$xO<*?Ru}x@zzuX zxKiQ87v_8KIeCNIiNQtv1Wzv+YY%Ihh8|z>{)WCN z>t}q}K-D_jLnls>mC5sPrY%xR`n7Ugy>8dj@A#@{i|^q^Lz$=w7P&G|`8M(->`YmYDiH5RqA4Z7Zgerv8Iicq}V;!a>mF3GLU0?+0(D z?(P(Q#Mw`%^ngFZ`Fhy}`Q~&#m%Cf;sguO{6tWqzDz~a@zQBXZKTlpb^~-W%{oR22 zxlXehZ0!<91p(>o>`-D_a0$<1tq42q& zCM*qD;w9w(88^*H$-@07no&7=Pn|Pib}hDVcEcv;`y1#&3*CQxuvj;uaIBMgohLex>R9JyJU`9<;tm zVrbfC_4@0hMb8AFDPFUbo%3DYdkS5`hc$e0y0NKT>8)kKfpd`_ z#eK{yeQ2e%@pLyOem&NN?!An?(s_LrqHbSD+cd7mprZ(>ikC zLEdGs8sVFftg?M#l>Y6hVflgJav<5;zNbD}ZFwlec#85&)%|^fQAj?~^6jJ-m->_` zm5r%yq2F61zkb#8l=TaHaqKV^<)vjIxt|&b0ai~*tZy3RuN$HZOLguQz8im~M z)3_{`eJi_<;Ld|l2UL|T`5KYt%K1|KUG{;Km<*!4Y;LrLa4PDlDXZ!bD{JtCl7UD^ zjFlzrY$2ibfuo)E1>&~|<*GP!JJSIT4|oicS_R+pwhiXHM^DFs;aHx)A!or@$ zyMcvOnO$mc!^$Jtgxj#j*BQGj7fdq>0iAVm?MyTJU3y{wnAxUrEle6N>-^1@%IGxr z;9Q$nuR0*Eb?U5_OIo$fe52&Px-ytZ1iqnt6He%tgV7{TjiIM559*_Q&<+R5K{6(zrR*@EYE9zYQ0kDQsT|> z{1)%kY4X2nL%+aS;O2yM=`XUoet0~D<}-eFpAG74k|w`V`1`7UBl*Z@oS9ALk&_AX zss?mbQK8-D6l)8^K>S`+<+%6)u8^jA^;Yy*WZZC)21kYrD^l?SSIC&Ot$7V+$&^KA zO>6du>OHe@uKAvEae3}jp6MnbLB7nvjiYZ*5`OXadca{g+xB6jKzl=iV!M^TuFkw)3Q57Rkl>k zTULcEX*xwFN`iGdC0TIKkI(-U$R6FH)Qt;$uZJ^Cqw*Y6K9qjG+_NScv^o0uTfH$< zk5piKTy@F;JlpxL`Jm<&U+|s2j{ZzkPJa#afsahs5VXdB{AT}AWG#=?W#xzue+8jx z#r66Q2-a~K$L?&2IZ*3sG5t>Hd84NzW2-Llb@fHt8+}FmIM@t-ve!Yl;aK*!c6_gp zJ-u}+Kn9ny*18pwNcSUQmB3({5{zLWpw@{T0dD4G*Q2^e3fdi}VMRFkx#xxO<-@8d!V4toWW6Q9+tr4T(W6&p)&(Ewg*CF$_dkZvS}5 znN|8pCV>r z(wa(%rU7Y3Ay*KOZ^;r7(ubyT8cPHg4@{>Z}rWtZ0%w!}PU++fBA)KDSM-vyitQr0_XzlxY zp2hYfLKfB%V(DD={&i@xQJTb!PjFzCjv)5h&`GxsRhs9KeckDz| zyGwaR{AH~AWe_!`%+nsxQ>~HXq_)as-V&_Hf!dZ&GxxOB^2SuF;Sp^t-M4*4Fki`D zHb;rR|N39lj8#fu8bx7QhS9P&wBvYnG+x6&HfEwzkv?7Je+@F5C3`8Y;s2DV(7Z3x zn=iWr)8s}%pL4raa>#M^#+t^_08;7KX?w1yjt8zHOEOaDp7Y^LS#}~HZ?Oo!iU*?D zSEUHrb=_@)wrI(=b9?c#bLXR;a?_tn|7Bl;Ia0YFSS*7wM~>>mra5!**p zayD+%ww=g?gjmH25{$m}*DFMh&3U;i6oWK@3$~t%iKm!EiH2{ZtJolT*w&F5u;jr+ zwT!qm916w~2dD0WG#iE;PL0oed~vc4v!R;6r|NpomLK4zkl!U?xk(?wDF<;tI5>WG z4D?HPlJiAI)G>24mKDn3z1xWbMw2jGG09adnC9Deg<2~pyV#V_(y|!D!pp16VD*9O z*q*)0qHVIJg{^N#bvAm&=Bl?jbwDmb!nH?B)m;O94jj`Cth!KB$3ueMRc)Kj;F$Vo z6=hXV1kbmM_N2*t7Pbzz?rL6CX4x(MgoaJ?>4vK6Kit{hlTgUCL$qa zqhv?SOv8t)l))z+qnW_P?Hoby??U=#jtN+QW`Nm!iL#NoH1~aN^Q$jg8c>P=_>aZx z)jkw2G2pW2f%yF4YFPMNe!yTp^*v|FT8i7mn^5}8+I}?qd2A1+J@GC7ud9a;1orR* zQ5oN4603jP6i$4WyQ~3egP5e@7Q5Bei1D|4n)mSN+xEQ{ge@Xz`uLwpc)>m&Res#Q zY%c+EulkH%%Wo?pUeo`NPJy*u(VO*N_RGs2+*htE=V3I0uXDK?D?jT!AIVzkpvw*l z4UWJ4GN!9zH1gq3tKkD67z(_QI^g|s&D>zRZ!v!K+rGubmp!Zh*ns`8MAT7>#=joF zv(sl0BW}#xt50E!`9%F%8z>vo$qm1CjaN)h#ECEJ*iqEO>{_Sk_0)L24wRx-qW#Xx zADE>gm~E$uKK8%5d#%$qU&P(*E-!~KJ~`$j%8oZoBTCAZ()}tLEE<&{ZgVxO{Q)IK zjmhQz7otK!9$zEswqaao9Df1j|0FaiO>f0pEdTXB+sCdE#ruc9siGs|RrzbJO}aWv zi|rMQ%p?0hK3Ndcml^uV>aU%2twEQn6}L!p|7}7)Yk)UK@DEJvw{Gt24_NU3x0Qb; zirhPWU!zsRc~n^lkNSUv8l6hq)yTQg!K=tWDRF#o81~y_d)B}v?f6>5ovTjNWxR;F z5X~b%D*dcbKg)vuAsl;gO#&^lHn5m~af(maGdFW*E-xp-`M>UHm;uI6t4wjJ|4+xa zvxdRT)lOd%#tJU=VouLV@6pXr$3Se*&i2in=;2jNHR|7He%ZKn`g&PVdl@E^59K1f zJ+G{ff4krHdXtxQ2q+K))79MA9#M?Coq_@U$2V#EbMJIdYu|VjaH(IT{G(yqVnR-B zVqaNbLhUyeOkJ+keR0%Z0wWe|YWe?36F6P2;m5?t29^%!9@rce;1>ueOk&YV;2k}f z&eP*N)=;bU2tq(hUs83Qi5W7I{(}UB4vW&o8 z#?D>FU5-MjXL(PcrH%A`da<1% z+l(Xty`9c}&3d>5weEa31J4S^0ridS(_u5jv=^s7@*C&x?gW;j+6%!VD^;fwI;y@@ zn;YQWnrY6H<^r}6feoeyMGS+Dwec~gx{3Ps1!*TLhXs)kxy`U1x!rsze=W9RZB>pu ze((2ZM|-QUN5SnQx=%)9^lGOLS0=V9j&n_78fhK}*it)OS{4EFwK>#TP*Kb7wJ!Lp zTy8nNYP*qlDXEpcNc^!I+=IIBqVHh`$`L!X#j&t{blk%mg0Qj%#Q}SVRIR|M)-+l>y_dpDO0<_c5>oBk_&(N&$KT1?UjKA)4Cww8?Ap9K;>8v~kw`=O+ zBiII$K=5)JeoUWZF(G%;u&V;{;?<)2$WRx4jVC1Cep&$&5lL2I`H#}+O+gNeuqlh{+>&yQTx~bhhxvG<4a^J+|5|l=+bGxxGm5SK zwx-?C@GJjtvmE1-h_0e0z0+Xt(SZM^hcM=Z+nP{f<$pHUlGE3y^0GpFZDX-K)ewU{9 zBE%&S`^s_uV~DkjFf$K9KT_OCrT+tj3MX#!HDZiMfPTR-nNa#GH_IDSmHeFWnvw=K zj^~d{Jmwb+2g&#b{0UBeR#QL7`|Fw-J;7w47-F)ka;P6%Mmgt17?#LPt`D>9=ws$l zo~DTHUk@TuXBjU;n=5jA!d{l6X6G_;sDm8)?J>zfFAb|?+rMK=Ezf7XL}2y{N+M^) z8=o$g8!7V)?Szge^y!XP2Zz|WwLCm(0!g{uX>~eon!YM!Z~XM@>4MkyD6}QQ5_2HG z1T$&wQ~ndG(f>CuMFFEgZFqbBn(=T5P9D=&j5|0_30KtjMvLS*`O?Hn5Kv$~UqwNF z;`ey@`2NI{UFKO?KhvpXW8$03prp!(kLn+3J(4peML$Urp<;50c|12is6ee-swTA3 zmw?x1gOdNk$#gFs=&bSuZ+QL{Nd!s189zZ5!sj2hLG};jK*?#;!IWX z1yoIx2We%vorTTv&@7oY?f2}O2R=i};0|W1$5KR1cW$%{$0pO41}r2`fWDNWW2zOANgW zd{{!19}@uuUWNYuSl1SOkE4bCZ4F$Quixn&Me7!HUPO`0(*rJhr1bx=^(Ej?f8YP@ zeM;JdvR0C0XAnZAP`0w~DvX9fwy_Rvls#mdVPqY<82d0P+0EFEv3~4fhU~lfzlZ8m z-{1dv>UnzdcHifod+xdC^*ZO=H#==bR4&cvAH4r5;KS(BPDJz5=ILgj2VVCW?#lTl39$vMxbgfEQ2&Q%t-0)u4g2%lzcHH-n9yiv*buvClLzp#T zJcd?sc1`fQ-SuP1@m~bflWDSZWWfNo^xI>j_1af@Ou2|v;2IG+v7sJ)C+^Qb-Ybi? zJ9||VYU{{j=SSCD2Zg9hSsEI+wYG)?uZ?BnP@z(R9VktNUjqT%FMm>4Th6%AY|X8u&kQ5jTFq4O$d*;aJ_#0$o*i+kl| zBW$}WA)ziU27we2;{S92HH?A*fdR+|Ut^dVnYFcoVZ6OXB;XzzB3^~JOf(ZA(N^qG z=HzY2o)bMNvy&<7r1#c-Vs!e|I-RRo?0c$6uStH!MUgNj7Ye}^i|~_G5yzREtrEVJ z2WLzjThYlQL**-<3~V*~ote{3n}w z*!Olw4ld-*#9_7`W-a8U4Xk{#MMu`07;#_C;*8%S>iWmeg11_Th;Ubw$9(d10y*2r z$M(CY^n6{fJj!D@**cV94;TG_?bvLYW|rG*NI3y`#_Vb*G5(yf@b);(Z#eXVs}eY@zM4wL&Ji4P=XYcxBbvRO}ENSre{HvnOGi z^2XILTrE7*%El`iFA+ee`B|XU(7H{z0q|!s_{qJq`0g3WOv1{{I|Z$zMI9-fOn2j0 znHJNBx4C9-H6V2Sjpp1YPDG<~3+$~Ult?R4=v)k%y{c8@M`_+_Gk4w=$oQmD*{YVh)|p+4i?0RVS17|yWvghQ zWT)p^1Y{N&5V=#ZS{bDG##BNvEaaxg2HBhX*hNczkF8aU8RPvB4wjd*&6HeHZ6GZZ z6F9i7&}8)sGQl9$Gao=I$>kiybE^4@_1kE}V@#+E~d;ROT4i zX|k8g@lO2FnfD+smpZM!tk9x{(VWZFXi0J1l*oM<*dW}<>fLGob z)sDD4Ebr1vDy6x-Bt61qyyBZ{w3FixQv#00ySItAtTtV~9lMNIr$@o7cUEfC8h8;m zhZ0J>szkpEUll;R-H7##akArahlR#>TqiV^@OlqsjF4;pR@EwFdkhMXg3wW~5J} zI*wPa;M74C5on(<&x^xH_Viz17S z+s?mcbo0#?fan)9|8Kzd5g?O*Bj4fxr*v^|!Q)xumrxS%P}9ujb{-vORq}*G2ffoH zW9@$Jv$c0#$LC}yHUi1FLvR;+>%mqh-5-9aM`ziIl?7WAcN=StwX}BhExZazx4m`y z@$-+1x=u9&c5J`ovwwgqwk8S9?!2*iJwx6lFGGxUTjdUCUTMSqx&&!<2Ir6n9_^N% z<1i{oYw`52g|3%91Z{--C=REQcrzp`*Q{rY231ZeNuz>{t!?4UnCXNMumSYq82T0? zO2gixUqm&bTDz|^+}l>!V6Me1-aWr`xutq^NIrUONv^=fwP?9%XHz3}E}@Cj4#=Y~ zpG%)t(%2};L>*X8FA^`wptb;B4DeSiYQf#11gsv7ak{1be*@OfAA8BGt5xfLX4D5= zpWMr8HgwCj#M&gcTgrSd{GaXWY6zUuug^pINcuk-@35Sl6l(S|H^(!&+zu0U_oyzH zqTP6;xw$mzKPyzi)X0~6nGc65qZY~>4D8^Cv(2jzqz0L{>VeD|M0#fyv2+OQgo2wS zVIC`tv(I_Lzvp0t)={5T3+CgZlbkxp9lcI!RKu-hd9Md%Zx$n32vr-F#02<3k5qZd z?eVSwwD%n_++#v7HP}cdp=|PmyuO)gIC{a4LwdN4!ZdCo=RMdu3UsEr54I|p9T@Xg z2-SSOjl;O;WH>(N@hQh%%5wi^w6yER&i!B2Tr31)a+4(CT2G&K!@%WAIu!4a$q;og zz#_}?WldCp^jwdm`Ro+?y(R$_I=+DR=&RhlQ2)U8Rnr{;CcdhXD|mB2Wv3MmTih5w zY4fVaTEh@wx})d5(K^&9rgznVVS=FcNm^5vd4O#+9ntK`umU0^s6ZEmz|nq_~w%D?fie#iFFA&^%X z>chXvR1am;GW~sw6GPO5*)$K84QrGy*H*p}xGCSRJOx}k)w0dg!G7#MWK(Es`L?U8 zQT2SmXvz1b8Q+HPd+TUB+3#~ctq$AJnyISoivel#u|-El-K2UdQ!$^+E|7_*~~HluH!}+ZnF86ugDWl-N`|L%L%cfliv4w_sO655X*K?$Vx2y z8SY!yCf~qpI%r@wF1o5@#L>$6sqNBFM1Sr3kzXA&FZ3^u)+elOT`&M}-f7MRyN&Oi zF0jm_+hrYJN(GR|e>f3bpCty5(F?j?^-~F3a|8^Fj2v(}(*6ih8 zDFP@7t>#HR?f*fDYQ-q!216Yc4dlPY6!_RzB4+!*VL7~_{`4joD8;?kN1cuphu!9Y zs0QXb+IDY58NZ0^(vG&(RHKB>JsR}EVt>JTgP5T^ZpR&~9$zm7 zsf=p%uwtRE$t$Q?q9m8D-H!Cv6Dj5UM+D09A5?D!LX%au+IL4 z%lAEoc>zB_YJ>E5sgOMm#$4|gAl?@fKScz0C4GTx%$@~0#>#fl;`|?k2arDD0*Zj` zr2jk@P;~)4-t3UI)fY8+IQYcRE0ad?-87)3vcq5T!JtV}4@8c}qxI|m(RBqbmdIiX z*647Jru7Q$(m4KkUpAcnc*z*>5~Mmv6YzpH>VR(VyqykX{v#0tqru|eLhJ^LUb0L@ zKbvB~Vr@W@b-+0(EF5?T4ADYkA`^0Z{%bSL2e^sATJ#iv)Eb&6cYWlW-(2*CREbS$ zgSwOX(%(a9pHli`^_fS6O?SPLKhQC0e2$q>GV+fXOat5|NLH~!jfWN+`aeYjk0e$v zet!C2Q|Uj}7>Dyh5HAD{dpB$^+^x(1V~C9+g9M+==EJuiMO=f<+_U>bJuiB*iR%^n zZ`b;_WNrL0AOJTa7f5?^_`;WmGn3{8%G5B9W4epC~+^(HI$NcbYmnQV309uo6F~yJm zJeT&%pfHOISGdE*>U#&ME_iY-*eaJjCnXl%zUmZLm(fKg=W_U2dP`ebQLyesM9pAD zBqw3haW?|w)w45NIWPeFG=%Jw>z|g0HvjkW03uE_?4~F zv9`#nt6E9frzU-cyymeA6XIH?DI^fzpCU1fA&XWFn!!hL+eJb)^UF;MId--)5p>j& z$?nyiQKO-?Fw}V^LY3Q+3SVHQyRRd3(?W;jDl>FqXhnB9LUh%eOiD8!O5a$r8Z%z) zn86KY5BMvi%vv?)nQ`l*_BS_;b4%C1jtF^;e$_}mH9%ZfGwZUFUmQOb=(*NBjG%0v)wX7XmIFdC~xl9NY=M20%`&?jK7qi}%7;e~oAsa4fzuS6U z5O0Ga5$0?<2wy|tsSr^smgz0mtcs1}3G160LXi!NM7jJ0%n*6Y%-!||zR`cyYG-Fr zBe%O_f+s7lp--_r``TRlq#Rb8lj^;mC1lMtv`Lh>nIT}XwraN4o7Up3==qK(6onPy zTtd@}mu=WC>iTRv3WLy9GBOXYH?)0M@KWs`j%a~<1EuxjbZOxRf7*jx00~-Xv{-v? zIoZTRf1CWpXd=tPgwH6`w<~gp=s5a0-%8Ks5@x#3F@)tlCLu%Ws+on%4}4zzi;ZC( zs#Y%BeavN^1m=W6>U=a)qlOb)bY^D>i?k3XWc83TWFKmDOpc!+@KtpRgVsNWdW$Xe z4!kVRIyl@_cmp3+3(=&>@=H+zZ!f=P;G4+DAn?6tQvKM<;?beD=q>xT=R+d}30|kw zFr22u%wTKzHB(<$>q5JIJZr2fCV_fN;9ZEbotrjYNsDQWaffC?_N*70XX|5tkUt0s zwv5O1M*rFm#z=fGCnQcE(RFZIMl{(v!f1OuI}F4sh19kx62}XA&1Q8C^*&CwkAuGj zA#c-u*L4v_NqhWoC-C$sD1Fztdyi;;#4+KUMVCDezn-Yn_{JQMXTdUHNW6ptk*#61 zV#=6du3-6jV;3b*^vR-l+pd!W5^NAQIib#nOUk1^VpH3Hcr`f{WK%0BO%*0sg_~vX z>R8y}K5lEwtF!c#o3qH$mw=Ji_^Pb1rnKO1{5u6Xlk>zTV;^CAag^ zomOD}c;j10YEPxtT;-+wEMC}+8as5)IwP1GusoIt|4^KdUJx zvn9B^k-a1c zpH&&6=XCMfsj>H#W6PwIub8cyuz&Nw4#J>!LCf5;U(}wc&Okk+s8shYq6s@UIH^HH z1<(C^y3WbOJuPu^UV`V-S>ssp0mq`*srqYXk4B^{p=6p~laP6|Tv(ihsOVKuN>5K- zOmYv>QG#{0yW;kvSshSX=GDRgsT_AK>_aJabM@^#gt!?E-j*tmy#h=gmbf~Lv11Ib zv;P`d>dWKj&P&^agZmd5fyZ7TzX^Wt>DdgjvK20o zr+vK_4Lb=dTP@n8+yI{9Ng&P_>ZzIQ}f!b3cD2myw-9H+TFur(W&YkT_zGMtD@qkXe-gD~84@Tq(hv@ z45BZ7PFA6jjTzk+`9+kQW-yZncL`(7Hz1o95K>(CV$&bmGimr_O-Z|D^Ox?pJ@atw;Enas9#IYPOd&1E@t^5P&MyX=%6!!fZkPIwGm6b`un)UQwx--3Qh3S^Nbg+kv zZN53xFP3sH(ZO&)`nF5n|L86jc#Z>oz@Ym-{mnd3Bpn0ODmCgA0n3>ZM~VY_`@E|+ zDr$xCWH5%@9h<53Kl8MoCP5E48CD)J=-{!a-(8D!S(!#a8E z{XU6J!D_`V{i-4Z@!#`f&WDLgnwR{iHHYyqnv>Nybw=;0(p zSFFFBLbB?9W89_ z3*r$&mL95LjY+^~67E9~l|+XP-_g1gF3&W|F5#kxY{6wK`lIXn7fo&eU#tP5#RI?! z%;LeDg`iEbriBYjA_90^u27i|xX5a7%iYku!u_xc>Uz#j3*9OYQ8HJ!B_aYlmO;;x zx1*^j3S3GzCwev2spUN)u9T2%#FO7m6FH(CWFyj9Jn$Y|QrsU{S&Xe5Zyqk+HiGN0 z67_P8_=pC2(|!6ylee~6iEnGob-VqMadPFAnVA)Z#@LpHf@K{XLe}$Cyj0(yET{~) z$5W=gtJJ{rVx`1v<+)>>qm|J{p>qSn3}*hYuJWSD@yH@0R}NY4a=ee;at*Lz7nuMv zZo-fR93`@Z@^fC;hQ{I>KTR9J$8rcIcTL>4Yq*es#~p93XKCOVP32*}oC&1DuQK-Y zX>^UAFdS`X?%70nBw!QjM}S7~rlZUK>A6MXb=%b&L2=U{nL!4p zQ-0TErsZ|b7i-q0=kCtY;^le3b8tf>`aEGB$z_3oElcm3xa`I4^q0$wLnUqq=;u$7 zAFt_h#al^a*RM{vIm+v4Z?}hy#P!qX^i~>xF{p6n;7}K89qaK4PrYrcyyCk?iEB0A zi@1asJtwI(t{VpePTv?1e61zDS}3&G?*fh|Wt+kvFk5#6h}$)3gVfCy4T90zKG*5R zp65A6Mh3;*r4|7o8SfHX;zon7-!<0bF7c%Ei>(tve!Hgd4`8nr&0u@U4@_f%SvQDz z0&^LjAoRzjPG6(#%F1{>0!rHH$+e3SlMnm+YEZAjxtQ%%2g|QNwas<)p7ql!%F4zV zDCl=>@a|YfJEpI|*grg=4W@nr8ocm&cSr7ptWPd#-;X73K2KJKVS%YOF-s7fW zLo`9~x^%nLQ+=O1M`(LAslCifId(F)gVGE}ThvFjPZD(qHrRIEZj2+j)%!t>?9 z+vk?|_Prgj@4W%cH))}ZVCO9DHnhK)6_J{0$kl+!D{K5zQE0tb{Q77}JjAYYY_80z zp;!dct>1l(HN5U7rvTCzUD01+P8?*Y(H=*L(Oh#ViUiMoUx&skse>*Ll%KpO_Ve+{sb_W5=&E4RH@AM z*+wn5?@{Y~almm#JG=EGfwQ~mrt6;fw0MYMzv1JYJiPREI@5Y8c#yRIx^{I_q`Q1s z=48p>h1iO@8<66qf8DDeMAXj3=Egn~}8v}cz>>9d};&GZ_4RA07M;djtGVorIK zq|%=L`$Wd}S<<|i2n6;$*rfIvw%B@xkbLxH{0*<~-(Io|jX5eHB9r@@f<3dmCL-?L zdx{>uI1Jo2iN{#V^m#;fbcfA$n|n&s%2*ZT<*T^!0YaV!e8CjPz^VSkGfq|6kH^jD zH^-!cl?J7A4;#Yocuv))!G(&q$-4GFb4Gc(%oF2G)LTY!>G6j%*Xn&ygGTa!afh!D zLSYN^Zl*U4*xlcvek9j%K)eh%AmrGpE5ok1_}w^0F`E|0Ok99g?D}C|;0_Hq)#94K zz>wW}Zx+)U>j#)8qY7}79X?8q06LVtzkEk2StV#FYV4@OMaulkof?1qs>1Z5nXfj*Sc394!bL40Ja9aT8>%Qn% zu^!4e=iM+NJi0W+AZmTJs;NJwc~)`Plpi3(QPcPD>MF!kx)#@-ey9VHs2zyHw?*=q zeLpTFp3vd;alq|^W7(WOdg0xu{wTXAU$SdKCA`y17LfHR;00=s08-m}JiTA%yi;+4 z06wr8%t*Y7(WpNUL!y|;wlQN&xoVp$`GtN?`I<{7I0hk*O|=sk|X;sEg8Bv^c)em;G(#iJ47U(R9;2gzU45ESJT`2=DS3Y;;0U{ijo>(-QcSY znPL>QtE!-XG+01Kx62K_@coG;BGR?J+;-vLVXJO!_ELVUuW2BgjLb^P#3~a223{}% zLCXdK%rNJ0eQzRTuE0b{R=T?ri2y4sd{EhmIw-DV>8K1$pv-)3im!4sF_Fmf6;@xaUiW@uWB1N>4lx({ovgr0BDzUk^vIgfYi?(Q_>qz@j#dY9#__q3Ua zi?b4y6md3uO>mhN4jW2olSnO~*kgb(B1u4azBgI@6~GsMj++(@Pj%8*+>L?qc7ww* zAW#-!1%fy`qnG?MG$X?RMz)1grWx6PC2vz3ozz*d@YxrYI7?-Zv}g7TyJga2TN zWgnp3QSIL`_x-DwIzHeyW7~_#eStuY1jM0Dr_wkc`sR~o4EG`7l67TEWL}}ap3+D& zP&tI}1w_gQ?A`*fd+pe*T!6O#;!qk>mH{B6$(7y7S)NM2Y_Q@Y0H6WnsB!u7hYx=} z#f-um9zN#)qVtS9Zec(}KI?0?gm;q{~!y#O|v7Mn$Im zr0hqx&fLX(0ziPxPgLPlPW(H7?gZjm6YqyBFRq7Mnh{@-$XKa~R3q1n=D))1H(-qJ z{(EfruYVu_-p-7@u=W?IOKtgWtNJT0DnF10l1ez|nUj0*_%A(3R{wv*3M2dv3Z1%% z6o;+fCLPRFj)D)IrGmThmxKp4f&j|p50ubhg}Ia?bM@o9WP_eRmNEJ2;NO!}1(TvbgK)nMd-`mkaPI+-X$kOeXE%XY^+k*#gva4nN zy)t;PL{l8>DhF(FL()2@6KE~q~V{JhmU-G|8*r(En-oGD|5=R!n zjvhL9`=@ylpQ4Ru*p3FUWC}+On|KQ^(M`@aMy!&EDW+7N_o7H6N$zhD*u2YYaqNtYJ z0$9@Kc4sVY<`KFO*yo|N8X{t$XU+P0JAc2Z<79;>4iNyNTctPlzN8)^uDf0vpY!cl z>C-U+snWqQJO6=AsM$o`^_XAi^Z;PN`FlHzHn}4;Q?51SPRj21>JV5V964TfUndMa z9F@x~VOT7A5BO*9{9yO?csIR}dd_0yznr2&hlTmL;_Kk!-N6Ft>#(AgGtWfK0p$s{ zfRD;d!?~O27AjEd9CJzBSrVP`o}SuRkCg)fHxRzN(AXx?dE)0Xsb0okrVm=vh$*QC zVzSPX;)JS^RWqrfUPmu0H3RbT8EZpNyz9Yc{UMTV+NjobxQqs<#B}nScgrqSdHzb+ad5V8?sJIoSTRS1sis&4*h3U z3Ztsnr-*4Njf}cK1HyJsW|4gU)gL7(6xF_tSH?UKl)^_v>vY={p?$Y^+ zPrO4I4_AepmDWIsLjSpu>9BUj!-H||i{JE0p>;yN!De#GhW@g%m8JX>}m5Yx=YE{p43fb{}eRMUV5UrLrUGIix1 zy!~y|)u@EkOdkvL@vP8!`HkMBml0z^c{ZEBCC&})^hs|lEwjs>3n{t&`1Kwy5%i_@ za?6&|jK`}e<+SDe;(!{|R+o!ye2JZjZEwNX88~#6e%mlie$w;!19hDE6}c&RK4^&5 zKW$Zm(VdyGtI|6;uWGfstJqJ=wz78tBZ@}_4^rs`@PnudN&6iwB*7TxFuD-iZi(7r z%sQ@T4=La1Hj17JWcECsDfGQ$+J>KCrd^sk|21a^*B7l3CAcV}u`)xL zG87T_G=q#uHYd(%(PNJonuDL=He@EmUqGg%Y_~icwZ*9OgzDN+-3O})B?C|QbGK*9 z62X|AUT#!HyHnJ-2eSbYsnsdWX3%a>;^pmKGt+AsD^C}CSE(o(zW!7#7J5(BWHv03 z$S;bd2R!o_RQJuaI;G%UHqUX{5rXH~_{X@B0GaHLZZDfvbJSOc$~NVj8=4NYNdXd+ zf;hb3ib<=W&7&=22X(u7mDdyRP_K3mTly#Z1A7P1tpmy!WxvFg?b^w5-dA^(o6gpb z1{15E$G4par()%<#&b|&tOEnKBOa`;bU#^S`K%34y+F>y4-n?n3lTq)48eEbl;I7& zYJr!ZXv#>e89Q$i22>pH?sN*Sb}|brxG@U|^*)5B%-A^h#97`usV zH;WoEZh>aT95&Y)VjvceYceFzfN)iu|S@X&y7hMckiA2SoN}W39v@l;_!3VLazeGbv-oFFYO4go^BO zjSDxHZFoAe!P#?PRhF@mj6%%$EBOMMVu8w za;&ZWX>MVywB&;;B|OC<%e57q#Q_Ho2?NzBo{kcHa`pP)_>Y8wrp4>{=(*O89|)@A zBt6xp&Gq}SBSWF6!c zP1C_{Fq5k{BXrZSgui7m9gNZJCqac<`Ko%ibT$!NvXv#$+qS_jtk%dQKvoY!N-Qp) z<`Oc+IT)dWGBZX*&b;pXAabK?kMKtk~~&H$XeXN9Sqjr-EHj0+z>eA(36-V72}+`vW_oQlm#9?t`gd* zhcuH!eunCvFI#S(9jRNW98qa(63~A%CgZ~Gp*|WzBKP=~w}0ghbd+73bYD1rT#{{G z1BVYyq(KY%$D{!P24bvB%?Sz9pNX1d7x7@4+v4UN_IXMSey08;E=$74Aao}+v$i^PX3Q;mYBJF<0i~t}}oy#{WicrSToX7J% zH>G%y53@Irty$pIT=UxV#!k{-Ua~xPEV0B4SM?Ss5S#hFiM1CGJg;`~6ykO>-v5yc z->U_%+OioxgERmsaK~6$mNc7Kbu(%K?B=C*e$7x2T}g1Uy%^NoW`)P&WBz)xEUuc( zIw*F^-0`qUaof)n=P-UGV-GFg%!z5(1&+Ae{f!CI=e$674&VfsgD;h{I=ZA$w)z~~m$E+CSE{LA4UNWO}M}5=S{jbKm8h$6f1HyrYft*sx@$|3yey%iF z6V($HIUwp95Bp=iZJWViPl3O*ESwk(zg{0nGjhE}gK))lytH)ITS+VCJr6o8QD-WN zjV9usg53uAce6)fr0nWMhw}e|Y3{GUIuT45b~A%N^&0HN!qs&HEwcL?u>iKMQ|w;v~C+Ayb1sai_QCYZv)wz1AErHT>H>aC*ixIgtvE|$dNe+r%2xZD;8Vrf}`(TCRzRM z9>@mERa4slMg*z14+`waGFk%Zdu}LKV#CmD3KYLp-9ya8!n{$d%>~a19rLX`j0O%C6ky z7xEE3`bf{SUi_yO5W(9G@?*1U-#By5-MyQ5ZM{ zVqTs?Y49IB_y|~C&f}^4rfIhTtR-4O^8laTRPxXMmhrxDFGs}jmBOpSU`l{{QO?|r zx(ntKPfwk`Cf_aP636ady=L9#!p8n$3fP<~cz{-T9q{L#pSU>v_*5B?3b^tD6lihY zddS=>7r8+%UuQlv>9kEpM4#k*5!@3^h*ICi)g8={Il*eX4l@M>(uSi00H+D#bpI^x z>4*0Uf&heCaFl;usL6w@OS!UV72!|EG@HNF&V<5xI0~g&St7jQ{#CcHomL_TK5jy< zMKroi4#zBE6RLwm4gzz{NB}tJhi9BSa%3*<0rd}3A%ucoi+V5o8;8^u)O{e*t&|L?H)I8GtjL*UGllq?rLvNckQ%D~p%r){$(zZ$#jiNNwx zDIr5MH^7FJkK2idZrub#p1QGXhu?qgKAIhVRL^>A9AOH9jRjL`sVrzc8NyZP0}nr| z6Z2ypRTpMv&mz`mUre#iCkUhbl{#sZHvq59a1+1bRV>685mmY<_PBS0(5+o7SEaK7 z!?pH%WK{d$eb$39=ukTo`y1x5*_j8U-D~*4?*QXV1a@fFo%lZ4!~elZZZ@!Ss9kFa z7ybZ{bxnCm!-}=51NnI_I0o+!5kHJyF8gZiLZ+IIoqbt#f|f81DRLgSzJ0Ns@r(F? z$N#KFwmL~67ud73vEI(VY!ZS>;JhB0jE~D0mEWjfusc5`hs9i<(0^(f+07y66M8L> z1Y{DB!+_c8I1nhb&31l|I{19{oLJJHi`viC&fi|I?CQDgogm#26-{Kb#i<6o$f`ZM zC2-Vw#G|neP9K4(OE`r_jQcK{_J~RLjM!Vh!)+bu0r**3AY9&C%eTI5{ zoHSJO>?5T`b)bz9M!f`DX5(`0W%pX8jqdgfIbaPTC!7ARbc)1&dhbMPWV1Zj zOlvrQ9}E~A8^FtXUir$6LBA0FNw_@r4}-Mts_ti1MH=9~VE3M@mHa)8r?fJ?7yLBh zcw=|3-iVGv9ccW;3Rr6*wm2N=fAfTrqrjT;jo54~?Ri4gTW6FopIG_ESbmd|LK(Y0 zY1b}3JmIh2rM9{{K~l1RJOpr(5g(c8!Nk87{huU*o~NO%L;*%-HZ=lop%0eeauE$sTuhf7kW= zOyfH_NNheZ7_4w#Twa(EqugnMnRT+yMXa+({R;afNJTai?KhXIYTYkK@u@MmQ_H$hC}yxs;_>Z*OGy`j#> z9OF+(OZDSlod3V7AeHkZjTB4VGAC1{ugpC7DvHO|UnXTv9b`$E^= zY4H#bltKKZ6IrBqdpM+D&j~6Ts^mf zapUgmmU;BnlGyxBk(P?Mah&dj*Ge)oflU7UNXdr>*7A^*?kU18*uo@S4hB7$Rz>M- zn?O3Qw`zoRiWhI%56;faOA?tTCK$ylvU2ib@GIhxV;)S*obHtvDus@oHOgaAw`=to z5lB%FjT-3oK6lbinP^*m{Tdxm5g0ISTGh5{H$=&@rAPNBB}!Wk>^E$0?i7?1b^VXN z2l9Z)iyAo#$3v|zi7nY}XU3&^=BnrVIB2~rNpV*-jRMlH8Qun_p5{Z2Ed>LTW0q1# z6ClyzSmq$nSIj%KxMn9+7+DfP+%}4G4^;Q%$(O}kSi1eBLB)ZRkli!tSH+UGgiR_p{yEW1vJW;2MpJp{ag2xW zq3z!0!E-JXV;qYXveU5wd65{>cv$`QO`FugxbTV9*Yki-?l0w*#eJt;`(V-h(ML}y zoxE;}qZWJTxJzsrLhJ~c8^hmi>kv&99I}sXlvp+eS!c`8xMyK?*k|sKYNEJ;nK#CW z;2``|8~bV2+a2XiYIW>ReE5|(QYlPn=DoYfdrjiW=%~5Mn|7uru3QH*uskE>6NuMN z;Si|#kn)9sa+`^oTZWG}o58?I0H~He4+-B?eloal5O7Fr?7=3$X^Qq>foFU}YW0Jd zfM_Y&8bkWA@M@awwmTi^^7cv?x?(+Rrq|<$(s+2EOQ>hm95&I+28Azf6v}vV&7-d^ zO*0IPRD9hFl|VlZjJv`*>+`=Tyl^~M>qyyNWUdXA#BeyOv80m1B#ZOhS1#y8vInek z_B`7pEG(E0Ow<4+7b2-If$X5Iy{)Bt*Um=Ms_{t#oKmM=s4nkyQ6+eD=DK;pL3mvr zQZIlJb1V!jVwA7(n$_l{#O7PTld$$#NdVD|lbeK%h1Wo~@(c4k?Xk&RyZ0TPuAxj5 zZh`8M+mc?kg+o2trFGbHoKV47(!2Pk73aqD7wjcit%p9$xvQEfVY@8i2m-dj{O(m5 zH|!m!XYwK;x|<_~HbYTLEP53ZEM=5?6lHTtej$k*l~wC0;Y>MgIW%*-#u)@JKd5~h z6kOhK+#jY0kpM}zI-!;LeBcx@o7Du$ai3n9b3$tG!NZ_3R=u*4ZS}bU+#rguqEIx` z-5H1S7TpJapn}n{+6tSjMxk(}8ZQA<&>S@k`GlT%u&6#HX5$*iE}R!>3{4;f0f7Pp zLwe7K6^wjK4)MM7+7@~Irn@h$HZXqS?gM7zsZB5Rl9nta4~gfyCfyIiR+*tLUa!MW z%WMpPnFk6G6_w}~D^w&pONPiZGxH^q98x?j5dKq!rUmzXG<&% zp(6I@$}j4h17~`CJ2@pWioGRUw)f1yOV)CjhrR8(;kwe(A%YnDFjY&9AqdgoT2$jY zbfY2%W)4{wvuSLCJAPs+V{Yd^d(m~&>uqxKr+F1@_f2dOcLk#h`(jStdad$UV`8`L z%=MNx=GAMFl{S2*3QaSIbhS(kadvRZ%N5-BtNotkV3V%cMFAyAJ>6U*qcR7h(d7n; z@PzQAKJl95en?IPm8m;Ymy%i4ULHMwB`3>bx(Z_x(rd9T-IV#9JmZoHQo(YOCsLZ8 zuZIJ2(-FPgiu$4TREPZDwjyu4^(5S>moV|>T1Usf5BpZcTkPy3jR>E|#ju%~jfK<@ zNjuNst$_yl!X8;!KfgRl_WlY}=$ohJi?)N18|Qr~3@N0H(i_OGcCzaRy~@V4o@b@T zloJtGTy5za=u~a*h$$a=_IBm6uC0WTexGv+w9E?|Uy*umv+u~bW7w5Z0=OppOV%=@ z2IJWDT&fGO5Wo8Lmh6mvLm#!1B*k(K;)iIWNg(+M zq64}muC(ofv-+lBTqOy5KDm|8{xl(c0GrLggAXy5>09!vLfb$7*R*9^%t(dLwMc1o z)3zNtL_#z!#0!k9J3ad-w8HDq=~KVjys>RHKG8W~s@F8}Mpz5M?#{KLR5`dPkQ0sd zJTgn)Pl4uSoz-|@5{BkMqU#)}Z3XS@=xz8xg=(OlV$vvY$&dJS^9>NypncOUTo~zk9EuBXv7E^4RR#BW? za*t9;=T`~cAMEV{f~@XiV#4PSn|tV>ekj3Op)leSh&6u1@6JFSF?!CLD5))woGU*Z zN?w_gBp>$y-^a{%pWFOk!?$XBa>(jg#ikoK)|FJZP)^E>s?VjSpf*^l)6UD|P30e% zdi?Nmj-aP6vEy5f$8iZY;xoMT*2=VRLMMlpq3W&QwjRxy*5xByY^)1iU4q2DA;jLy zje3Syd`B`&YQyT;!D5YPKpbow2Vg|&{ojDAGRVXAq)>*by~z2Wa)8VEcs%Jo|vTkjKnX9zNc8KzP`02M5o(1DYbPpLm}|JHs#o?@U1SvYL&S}s^Z&dkoK z;vmHr44BYyLdc=U%;9zC?pEi(ww|jj*^7=wpUUNvJ!3$O1CQpCxFsJ~XAx^#=EhpF zWOMfc@(bMIlbafxAL1@*_B@VRE;bmzlVs7I=}r_tPZB+;#f z^=(O4J@d|+JOTOBq#tAy$J<=CbbhlE9N2Rpc4CF_QaRgl^GyiArHSH?6y5ze9q@j_ z)RmU3y?rm;2@8b(YnISx&JVJ;5b=r#cG;?ug6xSP>g*@jOxudBAEPoRMw5IAHoC(w z4j|-j@%Y&oMMMrn$4c7<5nOT=0#kp;3E>x;-q^+y=YpRZJ+RlJl)q_*Qp9G=9wwY2 zl}pW+-~ArMQ_b2+73-?s4=I~#O+_U>Dto@w__8R16*bV2EG*aWL@TEFl5@FR*Dpbv zB$r5I0)Xm?Yw5mcc*-xArWyUDEYe5P17*h$OB$Houv$NA`_m9ml;`63TWKz$@7QpB zByb~d0M#Qj&nF5L2obJ)tSX}qH;0$ts=66i#jznevJuUorm$M4SEBe3*G?T4Zz8QQ z2QZ5eGxs9O0TRhDs1r<|H<{Rqfnh8lj3@(Xe}> z!hJl>K>PuNNTgdH($RZU*bJyNZdav;z(5Ln35WcqWacS(r#?)OF_Hr23X8{+jpU;2weov3(Jk7 zq_$iY$1AoR=&CXJSP&zM51>y5oXoK*V`;hP>u>CB?*KJz7&0`=SkL`OHkI)CbLC*J z4Fw%4@mA8_J&JvPi^Pq#7?tfk*3uJq(ExR%`Wwa=GQPq@fl|0!33iLJ=E@iejnIRW ztTRS=&I6T_Am_ZSQNi%0)G+|7flJf)wHmL|tAW)xp^RB@>X2DF zzY`+!qxR+Xgq1r5^)gE*jHQi7`S_M?v$F?usI`y~P;H^U>uBMb@3rRfyN&ggOvmGI@2SlzjStr4v+Y~vSGp_x=vyYH z9O{Qkv(hq+Jy}tr?$r&hLgt%y-+^Qz?{+{RHqm9~{sW2admXTcW%XkcX-1}s*?0Cd zL(Kkt^>=}V_D>_7YflbfFgat^k#m&sw&Xzh!E6WTs9liy{=SD`yzJ0`4Cp4P6~3dN zbMuhL0zdFo5ep8Wcr_MH`WSUl+vH5UXvtB=U6!HoUCixYziH^Y?q#_^5xL%!byC8N zQz8$D(G_V(-W{QKNw%Unm+zHL`SQohGy>;^ID+u;&p=)(0{q$#@zCX-a#KIxq-o^9 zL%-TWz;FErKL{y+=&yrzMMocHJOhYsp8dq7@h=3ai=ek&zthF|NWcl;w`i2v#}n@% ze}UEh2Y?MIAxSQOumYcs=vn>=kyR9daSRl?7%%OPGa23y@!-N$t-(J5UU(Q-OF2|Z z-Fc5Bx!VtrB%l0xp8YkB8ZgcjFwP(H1V!JU{c~O!_W^m1Cj2GOyCc2tZT>5$@1&{z z?r+r#O37wqYjun*{m(P!+7;gap`Hz>FO8)AiIq~#5nY)3P+*Iz&i(Y7E+Ny3e@R;h zLf-MXPNBfdaY=ypjVc3p87I5dbDs#>@zekF2%r_^Us|D2 zM_P0=-t#B<&{P4+;)(8|S?b{HfQOSXjr}tpT)=;lBtnbr(Bo5y5SYms<6lNW7L{{Hs}U@Qke{L%)^&S4FI46%}8AltS( zgvY7tyPQq7SdSYZ#r#s+kk4Q3I`t@;R$?5Jej70EtuYr$?#PkZ&`_VpINF_A&m(#c zGs+~T7_gG!z{^3&dn$V751XZ_$UH&}86Wdcf0g`A&=TG6rl$0sGmO~e3BJ=|c!-4W zlH2%Qy>G;&DVpBZPW`|3zB{VP>|4|sM;S#$1VKeWK}EV!MF>%;N{LGE4hV=e5$PmR zQK}GSq?jluU0Q_DOQJ{sfk^Kq(pw+~5(26B3%{A)o4ek@AWbx&E=j?O# zKD(S%kRXoW5U{5t|9%Ad!%lsco6;1w|}Fvn;VAJ!zXV6 zI|mgc*@vwkQtWUdUp478v4%XE?exIELnN}7*Cu|kkpu`~*9Bzy@6^ph4O|X-n7?xB zAyRy~fS#hD+_n)uAJLGIT3UGNXZx7jdc0lU$WZ&kz#GmNmCcU8gPs6qN*})M0r6Rf zrjp5T9e;B0*+;R_D25DUenCG?vbTZ9OOAtP&rvK@fH{8O1B~`KXK5t@LVEfzy$qz; z=L2`MyP6c@^(`ZMNQvRkP{s~Ec%O9vmt)s5(hnf?myZBK@l<1EqEb&U32VNB^y-dE z{jmUpJb8&~p5QLq%s`=ZLqO=@cb4Nw{W~_B-mFy6!K^*r)u^UD?wHJrDADY^ko(~e z->as`#zhB`?B%0QWjKy3ZP|UhQcsQ!#N6-8exm%>4>wy=pKfo=8_2=? z@NGzJmixA|@9&P56XQa)^$DnTP!V0NUqsPqmZng6521j#33}$Scpr+l*i)+|0Ws&S zCxceW?ax6mX%XinCoI<2Z+^WGp(ec1gj=!e^T?%vT{9VTl?RPFW?zh=Y;IbPX`D~< zM$P|xUY9(#J$+h4QBf0ly+|<{#XC+4Pjc7Ecc?#M=zE;zW%)jhDszJ z+MPOu&=l#CC1WGN`vibHP9E1@C*6-1H!mCecCjVyfg<6Mx=7f(GWcgzSeWfoug%rn z9fAAX&7DYL)i`b*H^t(hD6If6BsMiuXO-o~d(RJ%mI{;|=AG=JwTk+x!x8^KkC^X$GSrrskBS)UinBVqpU-3yR(%0-+r~;G4;0r-1hs{N_Nkn47bv zd|$B)`ay>`R0@&gG~tx~rwe7YpvuGL>#`%cJU+Sz#P)Y7P@$57*zd zz(i6rz9%RTX*!8xn(<4U@6Y~ruBcvVR#)&IoK{2uk_96oh!Nz*54^3=;41)N{^aRk z1^n6^kkIF9V?lZlKVfdpdHwrPZ!s?TqYS$9*d@0!=^omV+ghU)ea&w@++7t|NiT}( z%F;|8O1s$tCsL$7zMB035?N3SnBVn{**n`43@a@Yx?_r{Q0PQ)7!ZTsBXPY)Z@s?g zkSFb0EmFi{uH<{lynzRXoGJhPn_^fPkf1^Pq+#{fZfy=Kk4e6!)6FMo`XUJn)?x8e z9J9G2#b`1pKI=U17a6d`w<~_ar0h@GV0HW<&)!XcRVQTr2%XJmJsS=WbVG!FZeYGnPd1!Y zMhQp_dU;h{g*v6vPT#$f*dR6Jvllbc^tC6A5{-064z#qa*B|!M2sgV#xG(l;{6&mk zmHNra+f{X+wZXW>{?*0xkM)14!fTxozXJ&Ud~(Jfd32xZ6y{3Mnw^J^xoxzA9x`#= z-)`QnFs5ZlP9N!;(fMRuVqM<(mf_%Uy*~Z3dKC!{iep(&!EkFNiDUo9gZcIJ4QfWV zypD+vaNgQJLK+JKbZdt9J$#9?Y+sUE)o-}6&3M+Z(W7iWMZt@96Th71ago3m5nk3{ z)xJo!csT2wrZzi(_`%ckH*<142=>N2Mrq9@MH}us8-y`}GErmbO)74TxILQM)G(fG zsCa-ljsX&QrYj|0CB{^k7J;leg=_++ni=887!wn)?2mS#T{b`_(hma%F+f7kZgiW4 zTAVT#1{slHKd)gE?dI$(dmmt2bn1eu-3Vu$$;;WCkeKM`5^|mxTtjR*&GSjPBbdJ* z&nRECdw=c2)aLF1Bb2t^IIJ4CaNpv2iqoNyt1=%IqnY#kU)*1xkD5QT^sGFj-rZdwa-Yz1;M+n+-x3tVEnKiipX0=819r_HwHwtxfY6`-+^co0zSZud0(}34HDQ z(-e9qHP55pf0~YUF(my2ohjl|{LsVJ)%$BI9bO`RKVcDgDgRfx$CFG1{4gu=KahT) zg5T?cLB9c5ypwdA@I5snho>NQLa7h+*xsBmw%$71LsNmKAO}i&dfZ0}bZ_6wZ_E4k z0nVdc>42RetG@Xss3_IT$Y^0!M91nDTz&1A9=Y(?z^uRhJjlPuQx6%Gkx}AW59k}= z0`^k5Oi<}zpp(a1(P}6ws;y>y>F=dWgHfsP#dxZ~h1QoI6S)fte;HFI4W`xt{C^K> zXMza*OEv0u_5Bz1>mkiFKwM^-BAnwJOn(sV}6>D zmz>dLIdO78rH;?4&(c#Hc>EYpuC$Go_I1aV#-e4HcHR~4^{ML?dQ*sUa}c4vzmL6) z+UWrBC`#qzU**}N=Sp}f+vyg@m?e|0dxd_79v+{FDzsa9^mmv1dq9$xdyY~Da{nIN zV=oB(u}-Vs{gFT+FKmf7QXt?Wv*^ZT@$@Y5f58omo!2Y$78u*vkpBMu5%1LRDf(>76)2>22@sj@#6Jf-gNqwcisiM48DywXhiAV zF{Gcu@bthtrBZ~ZKfIO{yV#(K)Hk@UF^qPx-gT}{~=0`q`P52Ia ziu@%{9@ck852@nvpsAplN39*SsU8xhI1 zV+oEEWkF9mRRoUW?$;26TTWOf+m2rVq#?}a#$@@krh;F2!+r)<^v>p9ROVoL{DEWF zwtA&wvTr?8Lm8@^BHVCu>j6jG?yU2*9J|l^2oP|NLCUlT$nnL&VBF*TAvC4Pjb%B`N8L-{(fIJ#2HU-7F2&Ay?XAv8gee?XPzW?7!}hYVfXXFR(p)7 zf^+Q*?WeNZIYLqp$yT8{oln9!tXwBI@ODO`j zR*zfRVb;d%j(WPekB5*>FJPsA>G>ph=wyOT>Z)pz>44D*fkW-ZDjLIMV-su-y)u#K z5=jyrg_nCnO*4N5pIT4RrTf}`gqjz=i5|%rDf@DDJ4zIX@uO&K7jvniego4!TcVo} z0s?3K`P~{PUL{PaF@Fl-A#MBup_xfy?s|i2ViE%hM!hid1XE&%=mC_+P_eLw-jsGc zzeG~YXpFUnetEPC;ZQIs!alR~gwCh((>mi;xg$vn1L&p5#U-2Ul{@<}*D+BH3bqW) zj`@lkG;R~dRq#nVf7*(hE|JkT^|Ge_077`B=>>OhU>cbs-kHlr1!AQ#z>a;al?c$X zS&rrE&D+Nfo4#45czkWm)%|p5F6ryRg9n)zgJ82Wg!r-7ApeTW(~+O#^E5U9pcCPX zU!LQ&&Ett9gEAEm8F)#QzXs{N!*<*Bp2-K(&Y9!$uq&;KH;{$U7&WH&_YwnbCNFOuCd?p?Le&r-IN@CS`#&}lP&IcjI_RQts>jD5fE zcKdk5#?L-}$-yL*#P2Io9kZy?;_-m3FvZKqdwuTx99WQyJ6V1?EZA{In;L6me@Ayl zIPb!Snmp_*nrtiEWySg&HHpVF53P8v#pjHy?X49w#m*&DRwG=A{=uJWZJ8D=G1CnO zh_eK9Ahve5fMV$M_MZ+~y+GnGaD&pFr0bVi{l(*?5JBJVO=$+gab*wkASX?jIWbD4D@#%)`r+^7D#G#u#|*vI)0_ z!nIEmTiN_Myuo!Dkb#luAW7!%%yaosbc2_ZOw_U)ZX4AqcA})?Pm7!p{biRB4l^?{ zI4)?rQ|`G}Rm1~*)|enshtkMBf}=+f!>-PDm1xr!ZQ_)JMzTA& zvk-3ak`WqCCV9itxgV|I7Q&5F{AS7tt2x1RO*jiv-CW7f-RgsH4?zsj>@@h;Sx(f} zAIxnFuntqy#Zk8D=YTfZUh-Ym`F7iXP;>f?oRK+*&T)1{6TPdJpK}GrnxCLIe>dxZ zoa650#u1rp|94xZFgv1*2-7MIzIDCKb0aqk?Hu8Gs%{?5WuVE7!Ko%3V`UphbI4@% zH%TkMjdOMf^0MqU#C=~fjrL@QZB50b>8^*p;(MVz7x?MOb&Mv1kNcrvnjR<`D><44 z5sjU&gND(6v_+e7sS&tLrWlSQ2H&i8Kd4yJgX-L}kzKA=#-3Rt%ur&-;uG^%CY7^n z*u!u(8n<3CTq0^`KF*aFEtUz z5nxe%JmegM9p9=_>fbQsnWiN4MUTajwBrop#U>c*h5kOGV>nw5A9q2ZLryO7)#SXx z;ens)MbjO9+^Lh=8&P4YYW0}4F@DY|$oPf@1dU|`!>Q2}*u80aLBuppeDc>!XA4%o ziLQ)B;o`yUv)GkNckX#>5rh(!zPzg4+*A#x$WtD0$tb?8qBtUQtML0f+)1|Owuzcm z17U2d*p=ISHVZkNPUAbGDTupQ_J9k28_P-ht?bK+eCt>PEm1#5o1!N&1mlh)vJkmx zvV{26SqnI|)m2sGmv!PMw4=tO!QYWJs7qf!#4G*`dHB%O0S!g6S#AhX?pI6?1Rs1J z_JQHf?nvU?HRrs)9?AIA`yC_Sg~(E#mJFpvOYKfD>j>@Y0mj#4eUaz-HUgaWKNF}N z(gR=mX&8M(`?@R64A&0Jzey5GaHNtp#PHvXeh0f|LP)+wL&Ac_<6RwS7vT_jKdE4l zatLkF#;(t&K^@Pj9=2e$qW#0!%LmIGwm%xc)evglcJ~x0s*zNFNNgiZ6zL3`A)utB z3kVKsU}aginp98Eed9It7~BTkW1rM-{=HUxW@!oAC0l?wU@>z>e|6B%ME8a z2PG~!D=RJ9usd+8N8U^|IdJ6}nXIME<8WmSViWffQ4n$dcIMWTSYnMtexlc=CYTfO zYSFo#Bnp1}6c3kcN`|En1k9*lIE#OJK|yIq94w2yGv^|u&n7OPpa?jQJNn3&fy3E9 zLm(?1nm!Df8B<%<8T`AIv>EmhGj~jwOoj(OgrW&&zSz=oY3Na0Gh)@z<_1TK3G*fX zXQoS=-^FHjnyq$;w5a6SQO3_|ych*Bo1@lrL-kn>%*}7yesuYE3*H@ym0Mp;!!fF- zd$RcspfawR+{jdg*>6Kocz;Ko)SAdOmb+lIf%Opj$XNQYYqod1vO}b(YeXOTD7Xs| zIV(L~bQJ7awoftQQSBD-blt;>W`vE-n^5>d2vD3O0tLIM5OC!pf?Bq!O@YVd#aD;n zRNtvFd8{tQr9quA>NCkOJYv=~sFKH%KHCGyK|MwKXOeVpJ|%|oSSR;DHnC<&){=G1 zMiiY0lk25ny8PefzuSLRr^pE2mc^m0phP&7{6x9}ETw1WB{7cm?%MdxaTXvE9#OTf zqTdA(MO>n5ZmjeQk1@#ZD5pO9);EXJ!#<9j4r})@ zlEVhoip=(u@Yq8Joy>-n27ChqqCTBuAUytQDHEWJ$ET|z+2sFd;B4B?+fu%(8zx$Cp?Q3txG+Xe9&hrq*_GYbgsS*-bv! zJrse~WBydT>WhRET>H~a2xH}GPtJEsu-dJlR;=`z+$8y$GG(_gct7Q^l=i!@rK2-e zt~1*U@QHIutWWHQn#{#t1}Lz9Bh;bZGjq6Cg54x!MI81!&@u>Am=0SJiwiw9!vOa3 z2$9_^6D+B7q;dHsTlQ5v4ct2tIRjqadQ)RPuEFSLTrk0uA>BiB%%ez;;r2K&rhXbpZk?1s97SGD29Azwq$F17tIIsUIP|f4gb@&RF(_f5Bh9x{ zl`P#%=R{Qu0AGPMz`6=mZ^fQy2sC>@4Qy40zzMtls6kf~T#}shss7 zS-F8R_gq4%jK$_>0#@@9(oxJ|(8I*_W135?>*OCBGq5ZY9^(3(^y%xNfJ|l9QX-hU zfh*ao?je{(80?y}o)i}E^KcWg@eS_0k!SPPeJvWxMl;ZrM?f-r|lsv39K`w7Y;ZaA@2Y;}#5D=Gtpk zL?{KaCVZ>>zsw9aZjR6^RJ&loGett=22lqb=iK&|M*RwP=@zrdzssqrff3WOC7p-> zQ)ZXbH`)sM2C0eF@JKp104#4k+1+?uKPO|e`1Ltok?0_!RBL?=Zt5TUmE~_a~G85iGGy47uRk#ei>^|*E=to`RE3F zBXc6M0CR-~x~X-q>hf1Jt$UkEOo{Wvq>oSCMoIE;W~))~c-iFI@^Rp7MEJ$BUP)A( zZ@}hkUfhtqf<0~H{2dD)Oquzze-$y5*=6q=%zD)Vm0zujfC)zQuo2+n21PnwzcgnE zh1fdnov%$hH$650(G}0FaQ?~AaFvJF(+gA!UmUMljyoFK-JsVoR2DvCa0?gIxyJr5 z>T}=|joXe-W%PfEd5va@=x7X9jNTeSpq(U%=D7qza-vhkq-t0FVls3S<%Cs&)RPr% z8Yy4i96l>!4YxH9aD+aq&sg7I!Xe8_^``x&h0|E)$jE`y3zc*@&lV*BY|z(Th@iQS ze1ozPq%SW6I^8}6bHytE)aYK-VUO%Q30VKrhsd{{8VwJ-q7YW9KOSxmrsJ#ucN>7s zxjeYH_U#?&q!QaN5EkrwCnx3 zqK=oypSCHBw}gxOR4R|C&t!va7Q?7-h|Mb2LhOqI!u&_W7KgkwBSZ?Ya+mT5hDvqQ zh2kNjOUo<%@pFl}*v&kL!kJRC{f2RI;)Zf9$!5j*MYDY&P=c8L@+&rcQ)@-WaNx_E zo`s^WyM`bK*j)VLu^tJxl$Pn&d7|Jr6}!4tp)Qb%`Mg?+h8SHaWj;D{To)NBNZ6kJ zg*=q}-R?bXdrY+5?)|dSA$mzgO_x*1SV_Z@Xwg09YBer`kUijn7pbLvkLVcc*>poE z_)@5n&bsX4+@8TgxN+h+`RONt3-~n~uxUuAVKKVkVtt6W<#E*q@5-p-=T~p_x^9Sv zH@_MM`Y!6hTr&y7E#*~G!&kIEdFux`7X{#zRh(TSy zmH_qm($m_ky5un2fs62MR8-cQONbz8NyD_9r72gm$>k;u)9q%c_M_qR-^WNt!%MfP z5Yx9@;YrUM=~FV(r(JQ1ns`-2KXTbZWevb00ovhiY!hw|} zg_1{OKBiBz^;%|w)WRmy(rcO(f;Znn#vd^Y0VY^o{Hs|bA?X}(EUq@RlY8h5JXGgV z=cyGNp^-tAVGn6BXLylg<=Opu#dQwW6IL+JD3J^OUY_8}zv=WLpAo!_dZ?x~gMb}T zKXr}}P)$Q+IC7cikKTGaiKDg&8l@sKlFo$`uFLd=mv*ZnbzW1vMV%X%5)sX%$1JuP z$CKNcF|?VNz;@l75;E7VWa;eJTiFkST0MwFiJM6ziHR#)yA{vYWHPRQaIKS+KkXNv zW~$>_d#&r<`lHsKFIh+!DN3H&oKPCxe14N3;ozuYCj24+M_VoAl-P#pscpBhAd<8w z2bc<8!$IO=6-?*rZh^}+tUnqFE%Qm&blv8QZ5t^z1I&u-j1-Zs1yz1gytFkCz2omJ z2zPEgHp3}0lT6e+@sJfpGRSn=+8(S7&iam5wvnWi^i~V5$lveBMN}K6T-iLk!$rw0GmI%$*1@z61dTd5s9)6=2D za6Qg2V8bz7hx6C>5J;|FwoaOWAe|2 zOWPgog6SA~CWcfl?=S=&AIu`e$Hp3`R(R&Bd0{RTYnK~O-or>qNhP2CU(}bZxije9 z>;Hx+VKz}i9%yCPn~~C+LumT6)+QB}{Xe;@MKCa3DJci7e=Q5(SKGeFD^xt2%{ym) ziQwgAUeVpT1>^tlivy_iP$zxh=dOJIj&cKppPiEQ1$;b@BP)3R;`JV0)@Yj%@9z2k h|Hc0!OR_D=I(tS-+1?6>Mc%dRx`DZV>9spg{{#L)bIAYz literal 0 HcmV?d00001 diff --git a/examples/custom-connect-sql/prod-mssql-connector.json b/examples/custom-connect-sql/prod-mssql-connector.json index 621ac40..81e717a 100644 --- a/examples/custom-connect-sql/prod-mssql-connector.json +++ b/examples/custom-connect-sql/prod-mssql-connector.json @@ -1,6 +1,4 @@ { - "name": "prod-mssql-connector", - "config": { "connector.class": "io.debezium.connector.sqlserver.SqlServerConnector", "database.hostname": "sql-server.sandbox.svc.cluster.local", @@ -40,8 +38,8 @@ "time.precision.mode": "connect", "database.history.skip.unparseable.ddl": false, "database.history.store.only.monitored.tables.ddl": false, - "table.include.list": ["person.person"], + "table.include.list": "person.Person", "table.ignore.builtin": false, "include.schema.changes": true - } } + diff --git a/examples/custom-connect-sql/topic_update.png b/examples/custom-connect-sql/topic_update.png new file mode 100644 index 0000000000000000000000000000000000000000..d0676f30d013c585389d688014affe2800bcfd98 GIT binary patch literal 110671 zcmd43XCPc%8#bCQAqaw~6C;S;dy61C(IR??ZuD-Hh+vcuy%W8U=!}}^b#z9JHlz2> zm~Wnv_kGX5^Xofj|FPRz>t1(T_jS$MLf@*&;p0-`-nw-QUqN0*h*X6Z>*29MnXP4A|V=pOOW#7AMI#{@Rm^ho?vb1-wGiP`C=xlCo?_%ZP zx_7r#;?}L_w-jWgv^>+c=e-OxEoTJxSxI9)seEIgP`dLjkhPjk@BUL(tuoPfMbog! zccLP-o$ml;dLnv>msSOnGne%dwiNNOtWLwX>TN-t1S8q^lo1R-oLVaiu|&+EL>!*By#@&Gub zk1k%}jI4i(OHWPhURF~a-CL!VnE8-Y6x-bV(x);o%40HruW$9x;+W)L>29SAO(J@Q zx!Q(Q#(Re{AS}4y*yl_e9xQm_rHjd`r@vYf;Dhc?yC)Z>Yn|tF?Q+GetoX*h@ASIT zGz@ihV{TZ_@>=UvaoL-^2OWw2^y;~gb_We+*B$R&$dK(YB?^}nICVFC(1PUQD^$#5 ziDfOF%j_cM-{bZ-Qn*a-E-+0dq48-}8r^*ot@){SK}k;-OiKS9UN;#(zkbLe3}p(sxrsh*4Dl0#;mxwslrv*W}|5a?a_fCa?65O znCuQSq=q3=1V5~-n`w*Q{tdaAcZEkeIrz+sr81ikx2oCCqH4Y~xXU;`UZj`Q+de zAM5M)Ik%Y$UiqIm5GMV70!`I#kZLNe{IMT3aLFE4(4xYYaA=x#K|0gWfM^J!UAvGMe?5Knx9Wbw``wSb?5^ZQC)M80C)r96kAwA=X-6;;Q&#FmmyrN~ z8J`Opl*wKo!AGuC+#`7aUx}MNB_U_wH6_@4+2hbbyq$40shWw_E6?E2in+=hle9M` zKFUmSjH!b6)$9%WsSJ#)7NlKl98};82v5(-tl1{+MrS@qK z?Ht8pvOdb7z4?)&#o=G!!C4#L8%GUfY0B89ym6mDm(aY|F5R(Y(wZ5eZ4_1>PTf4+ zsB_lpYxU6*W3}gp95C#T^0odoy{Oj3bJt`j5N+7LD3F#60d4QF1BBnZiX*gqc7&M| z`vIW2x!<7W{U1CHpD6}-a)pjv=Fetw%z9J)$qYBEiX7;6hu%ThHMvT^Tnb273jw*N ztT`T5V_(3L?yFxvdN-|nWZv0n!EbXr<82}AqE+cMclF)rV=o7#)oe~$zsf@$;3kjT zPC=Cy$|4dY7Km!JUI`Ihz`)o2krJ6kb&o70Y@x~=bsHdu!J#K3cw|GU-$ynIdfw=$ zmIc*-+cL-dAvE(CfxQhhj$t4z+`6r0JE3ojBo*2(4*pE&1=OD|j?S1EZ?I=)_4v&eR5LNgJ*i%o%?lo>) zLnHdPbWRz8z|;P!$x<~1v6pIy%=3Bu0I?lhP{GaO&wBnbcNyPAXL~ex`OIj^9)pol z%|Up)lU$3E@Y#IULqL}Mn_756|LiHdq380d2Qw3Sqy@=I23g{{Bnd)BW_7#D8D3i& z7kC(lrocXf>NfcPKE{MLHW_C)bFK7b>o(irpZ2&f&jdMye$i~5O>pv>&0@ZTq-DsM zbzAl&st~VBo2@Ecw<6psYaOmgN_p{WcL?Dv*z2k7i+0Sz)dSK;AO65zAgYRNa zv&sB{LEEsChm3w%;@&t_Lw0&cDHXmK_WlMP{V+K<&E*C|3OO>B9s5$-ps6VzQt)yfxg5#!iG8oIjQE z76^D>PA< zp&=`QbuS_xEk3;2E1GVN0O$+88i*)312_%@tAA;i<_ii6UKxS>l`w-s72NHYVa%!l zfqkpEIUjHJuO9yD$c3&Pe>5|9mR(rN{MuDK6OCPGSnjVOR3&1Oy*LGtqJnixn=o{s;?(uhgsvA>`mzxPs#x*Oc%*H2$s=;Nzg z%$G7t*Q2T?izY#B7ay%QQF}B-w$31Wtsj+%o9GbzhT=jqi#*6{-z{J2J*v&$dZUN3uKHYYLYP)sQ`&Bc-yZL(!P z;hRV*BGkl&D9}h%muHcF|EL_dsq45fIhj}JI-KspIB3vyOLAPxqz z5%oE;`)K!AkAyqP!OuR?$cRIYR*bJj4_ermc#}nMdR3}>lpsB)lYw5$^lWnTG}=aB(r+^7T$3st*FNY2N9RH%a}Luev&B;l7gDBKnK&f!6dEU&bSb|rhjpfW z1|s9I0ZJ%f&!Mb{1cN;)tEwuV3uQCE#6GpK_~AlQH0sZPVl$L+ci??|VAL7OSPn*U z)Ze^Oh$RN=XyS5?)<>JDDxs+<^hzpFA0U|*{rZ@cX3k}1ffc5nQNNQ{r zC4Mo+Li>q&Vkn9Dk=i!mz?NBCOyT;#k$TZm84!M2eZ91{GnM%ayry6$boGHh9+B^6+a#I^M4PBD2mgLL;6v^W|x0 zp-Vg`BP!xw3bThRcS*JTRaWfqZL`tg6))2r)DK!Q>NoG3{%x#%F%VvAXE@fRHa4}udrgh{gS;E>&Y~TS| z6pJy`B1cZF(A3mRL3)Nos_mF8%RF-#GZdphY0dGuR%v?b^v46H;QK?#X?NY;JS4_e zQ1lkT1_GJsjrwo~q5)?AxmJhjQ%zZ^rFKB=nE`bcGh4ND7VAI3N>I8wlc7$PJF~}M zynM;@>SQcMafT9Dxkf3&0f88NdF_|@ldA5^_&B7}?faD*FA^2M85gM`*{fsQS~36! z|JoQq1iZ|ItXnGt9JH8UyIkos?MKytE;7X@JE~F@p(y>Uwhe$EcjwqwH5m{NxyVOX%dO;{z~~hVR@V&!jqjzxl%y9I_j3n3 zhv&j>tfs&il8VFjuP<8N&?OV#A-<>e%*=(pg;QF@2;$TpE4C=~VbhKhs>nYDwrpW1 zd(0H_?z;Ws4p?+ZZHep}bh#j{Ww|a&(`$DOrt>ARz|Mdxx3wn$ zQr|Sha6esGhB7-MX-il$IKrvLN7M{5)ou$A2Q5QuzLSGf!^bD!lO-s?8T;2>zRbMa zMa7ksusv4X2pp;EkwWZ6C3VoDseuA4`k3MCPt+uLykLF=S(Q?-2x68fx~Oka7)*F< zKyA{}<|V71wSWVZVCAJ~wkcIL5N!|5|E2Z@9qlD)x#xF=;O&2kd*rtKPd(A5k-~Hs z((v`A$WSf^hx!`eaz8dc86U1BmX(U9PD_MJ6Z@nmmFH0)h$>q#5^sN1^G{nFehE8XGEp{tcb@4r8Y#OT;?ER1Tf(NyYi zB)S-+QKpp@S0C$I7aeL)m#dXaMEBPO!M7X@(pUx`<*%C$~6S`D&u!fTBm%p~?Y`0MU`kaRAKr$+V&@)a{&Mrq!{M`&+? zgBnPn_Vk&^u)O(hSOJTQrQp;MzFhzW;+ZZ?id{Fbd4-sOf@0LM*{c7t?VA&$_#$|< zbhlP!RlwU!e&<|Hb?>JpPWU-!wD9Oio0Ksooida?rN(@Xyy@I494Ug%A8yTdGJHhzRX5-rJKJLmNS|*49#UPE@gQ^@??Z=@DREX-^GNTlxf09dxjD<1NaKi)*yRY_ zCV>Tl*cvpMJHNX?waPFpnXXubpk-kw;C7$Vo3NZI=Ggw4%sJFkp~9bNn-pxXTJiD1 z_t)hHt9=Dhq$b~E5vdj#nOmxOb1V&R+TFji9A9EPRc4(KjwJ|1 zgDsurs*&127V#?6_LMmzs;KS6f^D_=BRYCNlkcx6b)NVvA4+XtzUHo%DGdpT0lR;? z^^nijndMQ(WqOyR%H~<&am3MLNWc++n6K?h0=Co~)nsjbNaXmK)nzQOS<<|obDmKR z;cx1FH#4Q6!Ov%fe4+ z`FvI^tG(=e%*~n|{&9+JxDz$u+|X3{qi{(#6w5F4tsRoHKfI}am=KP7p@ekVKXK0# zUs=p#6X1>78v+18Guuyv)(?utu=qY2-A>Sqt5WV$$85QG`)H;AFW?H#NcQL6#lGMc zF8VjQl9;>Li*Wh=Gx@&5z3_q-!=$8KK^N>=HIvJPl=->;#L4p+k@$3VvTzIB0~LkE zY5c|+8=VWy-W-v``ft^y4n7*EaJ_R{w_M9Rhe=?8G4C9?-O0-%>C9#FdzQIS>AVwaksZj!S-S`JtpnlM-dMiN()iT z5c2J9XF@=Qqo2CxG=`NG{G)f&=JlY7HGWY{wJ7{oJ9a`?j4r^hW@0)DNIt^~lAryZ z>nemMd%t%eDICjASel#TzZ1p6O#^K`MqEM?0z!35iRVD0y$o%0^FBPM;1M!SUcqNd z#W_vSEK!U$s;~9nokZT6N&5aiER*?F&7PaHSbSf?3z%*Q#e&ZG#ASa;>s&ClDAU#< zU09!q@P4P4QsY$BO^mkxrzE@e>Ew}gS7d(b5wymcPqBYtz6=#3n*euUMCF_7reN6w zER1c8q`I2b*;4W4F~n*RkQwGiyKSsp4Dj4Eb67-$!vPp#TgHsM?w?b$s%(teJVDD* z12`5E1n^(UJ9Bdx@$rdY0tVv3Lp=Mc=tcz^*nfv$!R2)6-PVV~$yJnVW zrKQ{0mTx4B;X{Ke`jGj7nQDDLZ>OXg(Va=e(9pZaf7!wBw|l;A{xG@`vO&k}UUcjD zUmPHq%H}D2|Kg5Z4zfivee&7$Z$3AtpLr~bO&^yfA8NqWu+)jnIFqxNZshXF0{V^d z#DiQ&&(A4+&gT<$*c#U30GnL+|A&dR;DhIn zv9{ZP5eQ0qwThOMJMv(D2L zs+$M@TI?2l0&oU+G7|3V-P~5IZ4^=W}h?Sg!L>!0XqTX+y9|mZ^TlFzl}Q6ZetP;K8hj`MWcS&i~etQR8x1B2eu|+_pUap zDl0J=HZr6xe+EA1weo(Y*pD^yPn33KIPcWpVAl||xU|%OgEJOY%)7TW!H@Ijii0rT<@1<(1Z_luzY!Xq4V*?pfnW?AOp`_eB^3&n$GDz%8v7 zt^gpArN0?`;|e=gcXASTqM>O#Ii(P<&FqPUKn@-JuUbRBWIDF4ZVrijL7|YtkA$EI zPDbFuCxvLuPPfz#zwvdCjS349zJhs`FVQ}xuVKLQ`p@;Jk=gdQ=|dhU2+7Epw=#7y zGRntyZsIN<8Zg9suLzKMO@+*QE>|9eAsHP^SRa{iTPz@V`AZ;~iy=S`&sR{f$9V|A z^~z&V>NyZdm66kk`rez>{H1p0k+v*_pla8A;#yIE5edA)cJGr^PDt2=jEq)-E8n3N zhw!CL>9b;gG39O9L7+(bvle@M$yu^ZNh0+@M0wx2^;OHUWsPW;yDRBc6b(_fc+49s zX9q*c*!^|&7FgPJuY-t%miG`s;_?5kh^b* zdLRClPz~O)zAdYhGnMHB5=!6V6>x@iOwOHr2e%cGs69WV6?Tm%k1eZEl4Vd5B}t6F zkk5kxY2hRDwrxqnMz4X{1(o&Zu?k_=%ec!kM`_gaIQN1HeS1$EwmJTB&ua?tv&Th! zaypp3tMDlvyz$z|-Q7s{&Cdg?;rew3@$nl&1qlq6RuBja>7%;vuh6iq_2peCn)o3* zSZD~&Y2zBz|CD*y4yu0`!KyL)LT+kK9N$*5Rw);6d9 zD(-&e#EocFg5jpirzf%xPCTi&KM#X7Hr6*D*3Up6*+5?wz@|$#=-Wvl-tq?9#fnEf znx{0)vu(_U6Vu^8PN!kx)cPFoiTTd?`Ob-ng~?xA0jN=FptHwz?mMJGc$n}-VV@(b zY@I4-A;D3!s(v70Zo-sDjhak69KA=xFnxSTQ1 zFDMD^-_bI&{J7-d!!b;&Uz&-&b!pV(Cn4Eac_TcCB-MvgMgT;~_2Z;Y+Sxm`dg_ zvo8dq^+^9TV}QT{;Svh>Dm-b~W9qR=#XH_Ylr_u6STVBn2^e(cUCYSIV=Z4f-)Vvvr&n0a+(3ivs)3()v9K;s6rJXEgZYvq%KE zASMzILsaogsbt^wPsb>#d{T3pirLCSej3~3rt)ja*Xrj9D@uK3No9Vf*0ov~O6~iG zJ#9fL)iBRHm#vNt*w?T1j;J9rO$!`i6Bbs?7J5r?C-NU?@JTX@3{PHMga&OVhK-Y= z%_DBDC?01BWL|VVJ|&H@phda~YPkUI>F?1F5}FW$&q92BaAO=SU!WAJNoeC;=FwMA znF>l&?0@CY=0@S9Ms|&_&mru4o-Cf9>l?!MVIFmkpN!QlEVzjdeC`Cw)ZlavDPVaa zV6w7`Ok@Vyw;EkbdhcE+hs>ImxObf9MVQVYeWR~~8aVm*W+PY1-|k0va9`NrI2nS^ZY&JfV0(?<$jma%6e%V?W0r8B4c70a%vc}~ndUP2H4ShqTZW*0h6|Kwu zi(JGl+tlqci$vRK-di4an$YwD#O0l9e%NCrJ_w(B68&|!bL4Y8{|1n+C~HfqKn_b9 zDDo3Uml-mlPkPKMoq?N_Vp%#nyNLb9=3MkbZw0TqtkE2zS$6&fu@hma{HmEvTwY|t zyzW2AZ@o>A?YXv*!8c2x(gFibRhf>ZgH0Tn1JCqOmO^E1qs$Mc^p7@K8`GVy)^+WN zco%LN15)eFcvF8Ym9U1g^&p<$ravG!hI#P@LfF8sC!Zz~5gmN-37kl@F|Pdhc%^d1 zqn2JnC%(9U^J?W8m**=ZW#?;r-Fn%mgBn~_=&W-Lq%d~t6Vce6a~Un|{30L_Dqb!D z`^Z^M4`ksSoioeeCQI-nt4nf(0)fl0 zD`mVrOOsC}2jp2BP+fQNaeyQCF5$t5WTCcs-kMCunlR-o&Qi}3$suP(;vIF>u|InO z$mC=3a(kI&Kxf}as$MthR<^R&SN)^Y;eeX=uM}Gg8{AnE+ZlkPg%jE}v&9-EnZ!hh zgN6aWhrXX*Y;>DNO{_kneo?8wQy2Qi$#r#hW=6~_JJZ4ZPWMP;Vbb_TvEpbra@y9I zrQctVT!B?noShy>1s1gs`Br8n16e;Exw4F*Jb5+bzQc|rW3G%Ry@+~xq1~JY>g|gB zD6OS!RLntNjF7SRqaY%h8d9$A888~>(ZgxhMNhGc49z9qHE1A+auHXo(aAsIvy2DaMTa2rNjkJrDUJbDK=Ah}U9VMx~!G|oG;xWu-8yg23_k|znl;bCHcU6*%X^7(eqfnY@7Y>^t za<2vwbyZ{b=3UWk$ZA@$}?EGaGAFu7?Bq$5a>Xfxh z^FDKb0d#v~`r5GQurFJ#K`k`x1u-oVsgmYs4QVcGyuzafZ5e@i*vW9{<@7$zy-QJv z{#YbmKBJ(2+p5!%Bn@g$Ub`>iBg()0MWx#wT?Jis_tbLSjK=Tch*=E=qJtMk`CVJd zi+DG$zljc-RSrXxS9Y2SY&H+ICXUySu$1u`Q-gWlg4E=>Mh9tNK4ti(+89iDB(1zbV>FAOgJ@R@@W0I9OsVfBt>J05}>)abfkEUeD3;AGq-SE_gw9F#THE zH>Ng^)%<`;2R&;j-x-A)R?_q4H$UAgNxSwT*7Ncs-(u=U5h4l|Xkj^>tU$ALL4@_o zDcLK~TtiiQrm=B9m<{(4Z48AA``$sag9k$+o~L$R=S8Q$-324s$p-!X;oB4yb>USx zHy&!A3thBZc+}7lAcHr`>m`}yrdJyK&(3Dmg%iX(dC8wfJ=^fRa#TGiquTgMV!U!j zDbBbu(%bEIFtWva?@nWZm++=DP%blzKIwkOGxI3W7m2a_Gu|rle6kT?fXaryFFteS zhKQ*>B+;ITx!`ud-DSU)cWGd{o3p9c#@RfwKI5Irn&V=Z@yQ)Svz zrr)B6cH<3E;h`Xyn@deDU)=@0GPk6|6vQ)Iy)r~4X^y$Q=gA~%;PcnPS>mz-#VtutoR+^lF_EQT`{PLP053+xP zLj;PV`39V|mzKQjSv%fv-N;!6Q8;;VG>aQkaG%E8y9XZ$yzNL)&o7Sss2k6azBd|# zLQPFg)^aymGZCPz6zj$WiFuxS2{+h4n?KgI+-^~ok?~PDmy0z}Ta@qfNu$@Cb@YN} z#QgpXh0t%It_TQ(GD*ro9SOE%#}r(@eN>&DRDC`l)>PaX8CC!Y&kNCb7$=+w=_5j! zo_O7VOewBaN^<98f_U~a%MsYbCK`E~sV*HRwAlyaHm?C0;}Q@t00!Ax+~|E*WdP_- zQLu`?N7m|PP_A6mA;6NniY5q%d2W$xA9#X?(-v-|sY+L7^5EGvHZM9lTV#t7{JOe_#F)NnTtM+G(0>RrWL%=&j0L(#x){ zZ>`HlrtX$%Lj{QCarw#*{g#d^;Da!s=S%kv)iDe z{JMX89lqW4>cNE+4WDK4213J*$uevta}pkF6A${cy>0!L(euFT@3jfMvh11cvccf_ z53>&rbCc}!dy{R9YPE7)^8fAY`(3UWx=xU&RqfN{#jOXkwcpq~dy;L?V$3CL%Kwrg zuW&xRkPbuC)_{so3A{m|B7qp*pvV7?^(nGE;4!m>trUUM)nKxXcdgcJZ?fre!O2l> zhGy*_zQy$xzL`At?1L&D5yjf4x_-)=GXme3Izjr9YQ+qdc@eAs9jomx?NS|0OxI=! zy)OB>VLM;@)w(a)*Uyf3MUy(x&K98duk2RPH)iq_wRY_Kn+~Zsg*8>I5FoQZyjC^1 zECFlgS-skEm;Pj%z60yKUK#_n@l|;b|DEwnt3WheP#UwD5}owF)ZK6R%6*`z#m{Q* z+NU+WY0NekAZD9i(bjh{%5*&eA2iGjU9H&KEQb;($b7n zqw0wT+FB_6S4TU~rLkh}u4&9wna#YeeY%n&^~bf^GL=Ypa=)=pJaEasVMA#AM-*f1Z4t9tEigRUX7|9F7omZ_ z`afD6#CEDCtZ7k|_tvCXrRKlx(vy-*Hxb~HKjVPa$Wc%A8i@Hn&QjjVn>!momFMG7nUe640c+I*(4!aoH6_?DUO(Q z5>HMvKkEgrmCZB#?Gx+YKpB?7S}V@^14!1IpxTdSO4hTNY4rUPv(TOD;e{T~?Ffab zam>KkV>H)v*~#VITZ8I;XC2V@vS_$Z%VKVFz-MGB4}1&$@X z8ic*qM#Gz!Gq7xJwSEeCWO2KG0K%;#@oaqHlUDoecwszGjYdMcD~J1(Na807Rsl8u z>ZdPs_MXzxHg=F#vEoyd8Y=Jv8@xYp`&E<&37$YF4-(|$0X;(58%L8KXq2(cw9ZgF?iF-~Al7%V|)p*X% ztpxs+7=JKokLF((8_5pm*!@EMl}7OpZ^O0lSQM_jj-Z9Cg66n2!7IQ6eB9KdI_vh1 zxy!kPd~+oRAAt{97Gvpq#twM=xhWaE41T@?@-0f>o`libiE(#UY?ge5!}Q3o$uTMX z6#SJ%l$DzfIVYaCD^|JAK7toA)NyWH(*DFH^;{*V*rXlta0Bx*;@k&l@{AF5?5#6g=8 z7_5@q%r)1&?VJ+VBj^^^a~QJMQehVtZO(Th<;UwomR-a;%qX5#h z={Q47sYpxPN(h7!uhjbQymzX*jL3tJ?+oNC}9YF`IboS z_edS)hl0PpkS@w<72xCX_C?jOGP~Pxb;iiRqqKmYc*61*0RrA{R((EIyySK3KshNG+4B4;)8{#1&p6R!Id?QqD7;9#Kdtf zPRIov&-j$%i2zhCr#3d5;$AHpMa9ptVmx^m1XOD!`uX$j-8&470$F`wQR37tblNHD z3_8VHq#Y(l_e}+(X#E1(rKP)1Ja~=b8+1Kn!l5#j#wo5Iyi*?#CUJH&+&1asJ%^Qs z4vo8}svkn$DAe5-tT%L_zU~SR3E%S1Xf!jq9_@9B>`fxiKn@{f)&?Bu*GedT>23Mf z%B15-0pRoP39SwB27|vm!saIRFR=*WEg2aSerR7Y@q770(tce*N$b;|8_lI`K^odw zbOM=h50|a24MErOxQd)6<)N`uB66`P22*wv%8^iW-sj^KRSDea&ondO0It9Q(YgkDISq8oB!Givpo-7pIZrr#BH9;)owkhtEoS&L3~0Fmv~S1)Adq*q<{$w>jM zZ~W{~&-~nK-ni>IxH!Pn-P~$Gv-%&02n|Ff1Z~a+8;b)L0cQ&W$n&0+0&>qu8TUhf zsIJ{D9T(@_HvHxEDIiYedo9B<#aZ+jzWUVYCX9QqJ3w|VQ4&!3zG`DeGT5m|#1^Ih z@h0o>tcUM>+olby(PUt}(S>uzU+EKwd8;St>oY*I*^8vtl<|65u!3*%N+KTHA)K-f z9E(4^cAt|FMpTjz;U&mgPGQ~^Gk;_3RE#yv$+5IssO>mL3Zn}m;abWyoHST zZGgu9U56zjmJBw{l3X-1S$d!Ft(2{q^_!??>Qf|jPi{zZ7RPnp+5+=IRh|fp$w!+-3S0`N> zSkj9~SjpHK3gSL${1}fZ)Ptz-XPKuL}chhSW zcXy-S@2@o&q~pz1j_@;t29LblTT^c&KP_(->NjUf*f2WfZ!UYw;v64lV7)o$G7WpqTHg1HBTz>h}^55!dr4*Jl)rrybr_)B?egRze^!Gi1m_Xk)T>lbOqW3W57)F=pzs_U(#zK-? z^k}3}AS|T0%DX*Aoe`LO$vPkc1KrG6b)9@yN9JdU#(D3)KgOBOey3mCuQIA=DHmU9 zd*hQ%C18qRvM14l{B!BZV`QKYvOUyodS}7A0%CZS;_Oi?j6v zK=Mjw=O%0m>TCoP^^EjIH+HjLc6RJ>&i6H)3~teW>^|!kciyafk*x!M7{u=3 zJf8S{RDw!o?a;XchEn!d;+~zdb*#2D-{@BtEkU9 zsz|;p*VqWwPW7WtO`4k1@18GnK~i;zvT4Os`p(qfmt5}_J=S{3v6sqgKQkE@?7;lh zwL7i1Kl`gOA?c_g5m5+fmyr$gq@*b2M!-eBeOj%%`|1c$ENV+8XVcm_hn#&nd7?T4 zTgg|0Ir#)JvQBDJVxb)qu1(k<3w)U0zEs!-tfG*>r;1`BDrvt_-&2V+t1?RIMd9I? zQ*!Yoy;DZt7fQ0^G~rFn=xJ7tiaW(CFg1k!9Ps8gl7 z+)7m8TA!pjxa=%60i|!hWEldejahtTR?Sp&p`Z}>rb)#P%-*yywI;6J;ds{Sj^@MA z+P_wBostYsqlXc@DfDLBwAA^xey*+tktxL{_{b3pOc{Hzswhk_VExqX;AC$kfkl}= z+uYzT`=}n3@$`r8_>K(vvp2}#a35c<$xQl2Vake1Ntp8 z?lNR)Ho5(xPW%W*ZVl#yN&09rHFPjG3`dqWmrgmggcoFbd@?2s z*aftbqJWF~9)T1^`w#agdvCv8P$=`S9?oUV+p^P5Niu5nyh)cyM?Eq6;Aq?xl@eF8 z#~D`3<*7v%ZY0v}=^0niH7>n1MA5)Q7111*3rZ8PG-f&aOmfecrUncpU%9o0sXX~) z?;s4Suw4A~Dd4uBuXtw@nL=j&jIjR@6s!XAitmtXsbl;3E5teecsNZMOywyLiWbdQ zV70!PpI>dC_SSN4@bkZ*PVX-l7Odn(E{OE4cx)?A_!6QT<*%D+Fq-oBKrXC9l9b$* zu?PEK=+@HRToN*d{V`Jo_0%P;dm`hBb@pl%pgvm`kmAFPv!GcAl*RV=7^dpOZ%2dO2i8j34>8ajMmxF*^-QSob`KJ zgPSdryVjkdti?nQBCDB_@oiqdC6bANQVS5M@69pt35r_rNjA> z)@Xs>ZG(#o66@uq88-Ge!B0!{+)>cVR{|4EVP3>92;(PSn1x>Z8VVRUX!6LpF?_{- zq7?DM4i#^vo%DQ(qg%ApSig{cf{aC3_kK5nXWue&&V&1x7xf#2pGSLE>SScL3o&-u zu{18fyDX_5Ob~`KW7q$Z8_vGZpNje=!A!%_uP)ArbLvWG-MX*K8|`xzC~9|y8elb6 z_8lFp?a3!XiX0s;xc!$bu2hmcp1FT(aoeCv52L-N2qmai0)K-wM6Y zaj~@wgB?LFAKyp}{jH1aPrs!yOlga7S9Ldv_`$_t#&rU3m=u5FoquRYuF>0s?ZwT_ z0}gHyQJWYo4$&tKZhZ};ZWWU7tbotbBPUaVY~0fPQ_@r<-x%_rJ$|OpoUA9ID_U78 zb`m_a!qLst7FE%$3vQjuBQO4aG5Eg1XZNinw{ecVWTVSYB2E%_5H@D{aehS&)O@Fm zYvX+>^gZNLjyg+aUMT)5QCtBilh-apl~0lSc&D{CXbYbqc453XGe$W~1V)!6e41~N z9PdrfePcR+D8cs_d3mvrx3#-IZ$RxdjFUM?fPZ}O#8Ey+OMZ+5PAmGvSK0$G+8Qdx zIA-|v3774}A>wDook+!K*V8LE*a}cvL4T5#wz2y?5j73j0ug&djK$)-if}|s5IHT| zi;olG66Y7cY%#BMtc`Ne8dKGDS!9Dr&+&)E-QBGi3@av_TtG{-!jwz(-tE~7?XRqEBXEXxg!&o0@wc0pm|$C?TJfE7kZ`js zYV9x5M8y1X%P57}sSl=UNu^0BsR1%Mxrw);&k0wl735p=zvUlBt}_w0a?B+7pg1s* z#ft{Us#V$Y$JAAMr3NN_EYxq<=00rlN9ym#z~9i|iN4LW$d+$TkqzARbKy`EaepU> zAGjjS$zl_lcv?(~`>XkZmm}jB^al?1&tK?&1x{sz7ll97dLe5(KdtcMJ;tLrHLoj=w!>bvD{3qI?5)XV zlTE(pe2h!r$_#*QQ|C~nlpeFC4EU^ayO-3yPG@deES+!EdBF3Ter=7CgJ{iox+t}u z@u6We_ylq(hZo|h*V6|661-l0 zL-LD&3m0v(ySU$O2A3Yh zYxeQ8q$`cudVVrucm{2wcTAJ}U7yU#x3;Fz@L0orcY<}d>mZHP&CDF_v=SzMr;|2d z#lp{BFp%5wVy&4Qw)8R*umW9G{A_7|x@!A|t-iMytAF}{*TRhK5O=uzOXN`mRU~BZl1he%&djV9qPA0Pi zX$L_vr{7Czg;}IaPDcJN{xw<%Ue^tZVnpk2LU&^u)N(%%q{{=mDnO^XYlru z2LQec6*shPO&WO#%q|7pU(wOCzQ&)IEUyef??`i|F9r*v$^G~SK&v4TNl@QIWKJOC z$vWbaSgP+liAto?=kub8-(%xV-Fb=qkfF!?g~^-zz*m-fvZD=DNI87@{8ED+>TCvT zkv=sK0`q`Ma~#@g`Ta0Jwc=TH45Z$GfGEDeXdEB=za3JzRWXF~b5c2%TaORkb{T(o z8n%q{;LO}zlesyIW>cG^jP-dZm4La-&d(v$vLb~Xc@^`H7)Zx$i3sYtM$1@NBZi^2 z2D}rN^`pCzS6r{op7h3WBmt}#lPh!uv7fM0YpVHDUi_4W<>&~-R4mfYTRi)U-6qo( zCm5JJsyo(;q&9(t4#VX&jjy&I?9Hi+iZZ@PIXH=Vm6QC40FB-D zF2;XTyldD?Rr7Wa`eLag3hBM6JR)Dtm_idVhK0l*|3G3JGj3aQ_V=|PepcScOJLWl zwbqG{Y6_GWTU!~Pp~`2lH~XmE>h^HnwJX`sNYH;{$aq=P?9iwER>lxoJH}I+lkz12 z+B3{Z-L6gnPukEm-^$)VKyW_^0yst-5=CSOQ6U>ycr_s-dnMw>e|4% zjRTwA&bH&Vgu&po!E0h1oUNyT7hg3Nh6|Ok1TaC-28BiqyTj|%MR@B8qN%9(;;7wt zj|pk@)FT!yv-57S;kZ53ApJ3O1?JVy+7-E62ljol#N6FE9~PbVsW&OR*VUW(AI#oL zhVshAd$E*#;v{-hm?F}v9Wc>{BV*~PU|LGlVM__1B)GM_s#{+tK8WV z*23icHgy`~axGlMfr*g^YqoJ=i`A)Ay@Ce*{Nb|KQ;Xh)M`!q~LY01ih(xZcib5nf zL=Xwz<90jxwRR0hoqM3HoXxE*hin<4sS9&DlHG5Bt*W~1$ zLR}J0tq!6+#%B;3Duc@5%LYZqPmw!?Q=(b z!yu+1-Z^mb5h-9+8$-S#I$}x6i^6U}Ipln^6%pk~!5?^$XcpuL&>}}2?;w8LTdg8+ zfn)wTr1wKM^A;X{c`ZOx#e{UW(+mGFzWtVja6*^ao3tK};LC~F@Ndd^gf7E)>#1Eg zdz+lH$EM4>%2CauUM2aWgPKQg(^`JIglH<4zLwQGQ}AIBBzDWF^F-gJxS!isRpokD zi8?APAQ(({e0uc#1=72+vZ}9lmFfR5b=7fEHC-436j6~9Y3c56LAqH=x|arNmQ(@h z?#?BaX6aNwx>LHlW9fx&^?QAN=b!!k?!7xRch1b5bIx=M}%4Y?yMIl2(n;fm24%lQBZz@tHHNn!F26%=yIIJ!2!PRnoPh0ga+%dS(`~-_x=|0b`7I&DvZi}kTHwar?fUVP z=P!skrI?M#5_Z-*D{r0hUb3U2KYMjTk=mK_Mn^`Y>6z=d1rW&EIU|EMn3Qj7@CncbVPBm%ziEqzB9A& zgT3oH9^YCCa}2U$YXsryJBI87L)rXi(ZXJ<6C!2dnh7!tnBmh-=DQqs+Y>5X&q3s# zlfm$wRAQrWZv@6$($|I2ay5`uEz)aqy6}b#IJpr3k3YD*vr(Qen)?(){saB6SIltL zYc~NieBNp6W@bP>t=hQY+ICV0SSUiO2 zTP3|ovSdtfJzphZRQ`7}V@IC-CEiK)ZzfMAz?ND#F4cn$#P6LuzndRWf-M703Z1iF zppyurXMCI4BiN@tj+3?9Nfo=xH0*x}=zZwB+x_FG0m0{hJ5{xoBq;ONuGvRS#?JE; zUc1C3PrQTSA$4Rt5{%qJrQQSGaNa80=`T^f4?D#P`^_)e_nyBY#0pR8sBC7fBjXEhXj_Ewjm0A7v490Bnw>8Lv88hr&Fjf6~fzvMMUUZ zgT|)9hfKKM$vOAU0#`f+IpO)$vSFXII9{Akvv zETV5~jr&SWui*lLS`{>G>(nlvwvx1b%lsPK^<_2b6gK&8Vq%ZGcHwsDq9YM7U}WEU zSjV2_{cPxPA9mCBd{u0M;WbR#eS4&`f%eOGz@fayopW!Ypjx8)-JP(<1@V+B{QkkM zAQsmPl%2279tAv4%MQwX>PA2nyr@cp%K4+a3E}U2bB?xuqf!pIF6?1Gw*7kH@mWiu z;+w1iUEs6er@<`9cyugdFBrUiLi^sZ*!qTDxeK{_5?7|Boi6W%^4RHZdO4tvA5iSG z+!5KKOA!j?mpwU$Qw>zr>Egsq#?$`5@eyRgKA!lvPkGJ6^U_HzS3ExUW6E45 z*qOZEZf(e^OzC^8kB5n6Hi)L-L&06H0fIVDiE_Cfb9Q9=J&tp8C9)TPO!duEwGy zUAg5i5YEM5uZRb$0IkN=OfRBgL? zC>Ntw2^=4_mJP%1iYIM9hs7iLiyC#9kZt*oYwI~R^T1zEP1{^#y zf3imDZ<%4uzNpaHTktUrHxe+;oPx9y^g>#r;Yz5I|GJ^YSamogmz zRjUQzLYOL~L#}9(nTq236Kz$RCVZfqsE-L{RFmGL&i44+jZdO4RYjg0c26v(iY99+ zK?~K6uM)MmaqUp80v6-|FFI%$1Ridm z-T5GP|DpglrTH?m<^*S=J++JmZ z%6l3Z_yNnONw{Kpy4;-~ZL4a>yN{0`=B(ba9UkHK@G~tXB-M=0wu?GJ4hFb+ZA(dA z#QAA=KhyQ1+4BFQ6CD#GKEbRW6qjSKnH(dXxqi!yHap|B!f>(k=!4!zdLcFn^RE3J zS#q_55=|=zSQ?eqq0Er;B8ZHaNxUQ}>Rsl!51EaUk82_jIJ0Qs=86zmrjVLoE=Pox z0!p=^eDDr|_QGjFoJ81m78gVs!@|pYJKX~6r&?0s!4#4Xg; z;nL^w)&`yW^4SU2kXB&-$u)o-XdQx^p_hH)12nuyXvZIpDPmHAOZPAPs z?Unr}n8_oP`64@0bTq*syYRv39WOmJtPaQ+Q;>G`d6mlnmfH7zFYAHE@t%&TCmai4 zg=FmJ4JANHz>`o1fc$fsI|0wS6A9p)2#!q(1K~V<5y9xCz9k`&wIq5qL6Nc#GvbF= zH#}6e@r9AJ=$d-9hv;-Y=;biSJr(pQ_>#2=Xh!p+nFwm;6Qg>QMnhY0_{!)wHJ>SY zC$q*$WwGzh)>fU91XM?DB0t|{b6lbt*Qm}53WaETMhB6jkKd{SKD)IaB%2!Lz1Iy} zb1wOjajnS;Yx_*a^m!nQlGHtBDpBn%yYT|^a-hfIidYB5)7l;s| zDo}g^kt#DMenHMS@ewFPBH`617j-@c7!MUxxl*X+L$lHwNMY4qY&kHoT`#LaM%6ZB z7D!a<+J#hz9fBsBl0~9wY&t{ld1E8vwBHU4+@21f;6b?;tgPSTLY43IApWSDVR_p+ zLz+9Z=<9?J#~pMn2yh24skl`3Q=uQCv0ax^{9BmXo6O4il4kMcfj?7|&Cb9<9yL^J z@#COM1FEh3c*&j_R*%k;M=N!w_A8J2gcAikhT0qSrXIddceGmg)<|)jf-W?JpI^hg zHrk&XGn>Gixwk5#x2wYds9?bRK;R`>j8 zRjdxcU-Z9xt(Vuigq?2*vs+bP(*=eE7iu1ixY-!ar*5JYq%qNrx(pnp!UwWW3+pKz z>P7V!2IPY0;RB*W%7=EUw1iNx2i}~*7{P1RP_wcig=p+PoRcrbe)A&iUj}6?8I1Ne z?$Z~LbE}TGZO?5f5N?c#1@1x~OV{Y!549IlTtgh(s8)2Y99^~f zE=>D%fnKl8@gPH4a)N7|&eJOc!`w@CkqSfyMH;)ZP(p;zvvb zr3gL`DGTBe!)HW!Rcu^kwW>u}ffCQu=S%H*`<8#?tW5Gfn<1+P?KF+nazfu$FJ{|LMLG>B94gyelkt}- z>7UF7xTyS#Gv8_DKo#lXUK&eV-|{%(yp*Hs23&vEK$t;}=X!d)#Va8X4g>dUz!R71 zra}Di)CcBi^%#isSMgrkY2`c;U~E#}W|z+G!+IA1E3}s?r1Z4$8#2$-Y-`jv_c4+b z$RvUN>oWlXJ7EokbA;0#gOh_XPv>-Zc+xN)`wd+6)Jp6F;+x1jTqUIh7egxAQ{(PR z03wDjpCZBnmf(00_#HSwqyIycyK$vqM@UtQ$y&$LFy}hElk@y>AFJEC#|oZsVSFmZ@vKnL zq6EyK(W}J)(n-wKFnXfs3UwvNP`0CfvMP8?cbIo3+D#Dw@r~Xtr{Hq&PQg8?f{EBZ z^gmnJ7PL}4)RYyoPLHcb4j3?r&Mtp@suw>KkjmYk;~r7o9Ph;|M7mZb^Ibg3*=1r6 zTC_8Z>1zFxO|iLkP3zJB#at^vm8-?d2p+S3y!hZC7tw$^ygDk1D zpCwW3yBMv&I@UZitFPs1pH0%(m7%yK1m8LOc3Cz#kG{2wiu<~m(r&bJou(f=UaLhn z(2$Vo#>;x;q7}bm0e~0T6RT+$Z!aj&g@FcA19-dPPSUnLLsdsLDrwmApbKz$_b}(Am*P5VNxnfM3O|?QxdbDA? zAds)mevo3mQQ?q3Qyl;^=9imo;(dp{sw~5J=fv&9jcG4<`_=j~y(E4B$&lNn#o*tp=X9X1e8M<;RifyDzO?i!+v%qUj>>@84Gf~Z z8QbwhQp=oV?5N4E&V$cf-(gz!?=RgH($tV@=J|IoBri3&=ftMX;0yBJ&AYd0@%u*$ z*T##JJ7T3GK6b6%)!aQ!i9%{)w1}KE&W?K{%y2?{dpjzsuAV-XVLG!Uxd>Bw_&&b2 z7xd_=rsdS6X8tGa#s#I(O1Sq2{;P7~^8nM;UGG*)wi?G%>^D-i}u3;>@IeP<>b`diq`8X6epgO_phiRARg&Krn@Dy zipqgk(5S=8!kGJOXhz6?W|Y2T+$zVqG@9(~)it=M!{c_Z52d zW}zPItNh04#wZ3)^{*aNa4bM=)v1Ur1?<2LW^i%-ab%`d4T3L+4aysW%>7*&hV*I*=oU=Jlr$lEqU0%tYx|AIfl95SYxj)i4+4^25i;B z_4sr5d@Dt+sWceev2pYmKG*!{AzV@uTAY(WRPb;>SDzg z*^iGESyzN(*h%P^tqs}2rUla9Ep08s!V{)wL}qnZ+bUD49nDG)L&JI|?6S#r^ZnUF zFNom1^VYq0v4({`K2-T&3hMd3SOEr_NEulfoZe{%(Bzkemj}kp&4TkK+HTLfu-)Kh zty8z-bx>B;&6qLU%?%kaCAfoYy|NxSss2(SM~s+UaBkNP?0<7h!Ynrwdb6%1XYDZ4 zEVqu9)M?G6@pfx-NoaD`Bio}L$Elx~wppZwy??h#W#t@e|x!EW5#{Sf3 zfRr2=DGGdML7Qfl7x^bffdxrkO3H$t-M=a}Jr_Kq0{m0?^LHVb04Z5g_K8jlT8iBN z_ZsQ<)frjYY8fD8zzSeOlSB)bm;J?jMwCwvw!RrCfj}UuP%(KTycr_rw0MYz^q0FsHOA-yB6_l2(Rt5(D+aoudDkD*uvQYrvfLv6%SswoJ z%N^PObc>!Uw+f+1;`(ES5FIuHLc%Noet!RidwlwAnd28r49s(ijkkQu4nD0yFy@m+ zO||~M7QsIa7fx|7{u66~g!0Y|m9|+%cAJA;+&w*Mw5aM&M9UkbG{p1&wilTM5&Xl+ zf3TJ5P*b*=8mnjepXRpt*#E6H^O2g%<_JhZ#v_T=DUt2x-&#Mt6vNrP;vBk#kx_%G z5h4NRJ^k-6hgyotI9tozfpv4iT9m(}Q_80D&)69tSyJR$Mj*tlqV+6^cAxn6pBtG3 zFiOM?_o(<$2_V9@nz8@SYd=Dzov5fD18Amr?ZLAt_8Ad+xgWdP*5c2+VL=L0lqwA8 zJYlxac(FfGlo1wIu2JUAb^g9f?!`ik>S)s$76zXjp0$U#@U%_M-X`aoGL*&A!QfiraoBhTd5Fu61S=S7keA^{{pJsZ?fORsh{KVbX%6 zKD*RUb&&bHu})KbdK}xE^>qqFxM}_ZIm-FA+2QSZarsswb6lTn#324!#o1EJk_GXg z-HTM`f=^Nowy-(WU(ZdMEe*2@^@VTl@G$!K$GZGy#qeQr(j|==gk`Q^{AjNuPXOyk zN)|bwyia-)oi=^e7rY-(dd{sz^Jbm*$%a>5sR>}~z`0${aY)j$-Y9;2ZCpaJMn-hU zbmz19X$yT4HpqON#RUZF0S^~`pVEEbaszskLD_iHUO9~3x^~-O>&NTcTd3;bq;WFS zt+F^B*Ba|ecLh>dDyzC|%%DCQkjXHiTBHINnPkpL1A{pbQzKf;DhA`+TE{b)-@#h zXB}@V@_jCX{Z#GS8kWR`*?nCO&kws8s8Mo`&hj#nNJzBSXCuC6o}9RfYUl`Y?=EEo zN3AAyyd|3g(KqcUu6Jy8&?QKLpAFV2Go8;DHqEuQHDq)?S0L|l*bi?gQdEm5NkFzb z{~6dE@OQBeD~Ja3x*cRWA123RA1Nvz}JtM7wbXhAzO@8_5Uj!aw4K5pG`9IJ(ALQc96Xq^ai=G@Jd2l>3HcUK9|E zqc}Xf&{F&D`wu%z85fOj(_2+wByG5atnxUJI z+M}}TY+h-5TQl3xQ9c!RoLM!mxw^*F4~za;1ja8J4}A_hf_Cv8xO=C#OgVD5b;%Vvi(?ga{^WXVEr1L2o4(luq_#;?=T2PbqT(JUN*> zPKOVh&?TOCyFF+Qa*LLex_`NCYbtN)F)C}s!a#-6+$UJe$8wfnrRg8xXsgc;og(A? z_=gL?&v9lZodzmu6b`TpSCDF^j(fd9kt#?{nw}Q-^-d|*Cy6!}%#jcNXBR^VAU_~> zWyU3gbv7t4u~UE_cd`4h<)dk|j3~sNzR6Zo`&km!{3?&Os=XSQ~Y-dVh8Kw)R-zx(YkRqZ4g5U<{G2DDzAUzu6dy*e}F zVB0C!&B6KSDJ>a(!CWn#$>Qy;KB@8Xkw`X`TvA4G`=3C#=b!WtyY`s#B&r3iAW_s` z{Yy07G6~WOma5LnVJ0VKRJ#xSvp$eGg3_sSRk!(ebMupEy}Id1{{#mj4P>TA0>G!K z*o7K7XJm|E>Ll8<$*)ox|Jlv=-;%1OltLBU6XM;y*i@wc#0b7Yl1D9^aY~OT1C;#g zYlDL9b``$3O;XZ7iVf+}FcTI4;*{n*I`&J+CjG0LKk;!gl7eM6d1(P<65HZhGKy>} zd?kd+yWqdVqrn2GIs2WfGUcQ!^6?SM%sUV4q!pHZE%C2mp{ET& zE#xag-T&R?ttIRwKnCX_Y;AI5c zCH>W?jM7pT)Qn)i-*0?Y*8Zo{RUR`kQi!pEkVTB$jR8=m4gc6DGlCMD)ASQ%Xfjdn zKi9N#W>cBwg@*F&xcC0kpJ4z|0Wc3G(}t7tUqfSG?+Ii&;3?wTD&Lgepcg9?kcXk6OFx)p4e0U>J zCcQ_Aw>4HA3Ap9g!E>8wzVL+tw@(wDSieWeyo(R;gJ``sE~j+!Q5gYTR!XohsfJwB z+6YHzM7M*Lj*cNTSn*;8@P@O?ODmz~XG?u^`|F#UpGvaM>}GfN8yC^v?~Sl9qR5=5 z4oxTL3*L2&jq;z|Oo=}^y?l>Ce8##fVtVEOW5o$1G_tD^dCgCG-n6xX)N+(`1@4=VBjkLhP0yO4Z-Ti@DJSU;w7W1cbgi$uk=p`%F zgPz`mH$NglxI_U+UvU`FK?W9ghoC8J1m4=XOO5H&u3h!x5sX4tkgqhDo~AIlK{Cl+f=b4|U$86}L zl}!CbqEKl|jaTRS%&60`^wx739F$%&oE+vMrww3i(ytW{l4Y?NWrqz1ZkdJ;%{X~~ zt9xoiM)zFH=lGs)Mpv6-I4bZ!Z4o{wYxwc=d?gwq@%|+WO-r27jmWDE1^EEZP-Q9MxcU&U=MzJ$XgOr=**pbJ-6<&_sUF&rbw=HXz_6 z2ewS{k33p@JMC2#*ckp`wXGyho9Ve$Ok{~?@S3u4Ix4s8Q};NmDB8YFp4_48m_-HD zVCFj2%k02Vzov9jtS9oTEh1+eCh&~LHL)j(gk)q`DIG&;I;WNj@6LH{*9I7qhE98= zx@%E0c!p&)$6GS`7jMYAYx}@Z-eYl7lLf)?E{o63^gc$vC-vELOhBf#dwit3=0}#s zeq|GV#_-Wz+iAM`Uc>+tlAG@fkY6W?jJN-oOnRau9egR*ozcZqOa z8p=~mWps}zE}mM>8rX4fINz;g_>dUE^{#3^r`2KH;I_T0W+Yup<@e3gy=8rd*XY$o zuk&nl>z#LGPV4MYQgAxqo2SC&$41AG>1(oSP9?Zlg96uZeNr#lp&+Zt1I(5}8qY*` zcv&z`Pq%wpzm5I}O_qBZxYyz4{oUlsR>M_u&{o-^x;OkPPRPpp*82HoSuRP9w|7M- z6^G+)N&b_rKtOuuW*qN%F}$?9W={~8>=196U&~}6tDyX7vh&rsuMC0^KOdEK5gpYYBPJ68JD4ePzrFEIdNJ?NcL)NT}Ay5H}(Zz`}Tf=m` zoy$lJS12U-1nQf8|C|NH-*COsrydm@oiMnACn&am(!@>ICO=f^nLQee!V~PpyCDwB z8tKuK!tM_gFCjdlshF@-v9RQA;psxn1ge*^pvBPMJ0J$QmF)zR*Z*Rx-<>if zqP4}~P~JN;r$~9~=tuj>1k<#N+Bt{7&d}5Nfq347a8*yG)IBU%EzhuWuD~-r90{FD zo;NJZnS}y(9pYs<+od5-__z#Rf15Q`9(8@hTk+|Xxxv9ueLPf;g4(L>k@l*tBHV3% zF_WED^Z2xMN9n5$_MY#a@k5aZ3}g*H+)d@Oer3KILxX}1i9r&4{wF5Nv_I77?VX4U zo{N-+22z$E8{$ZSdxHYE4rOU0Lfp87b`l=91h&u^zQAiRWs&>|W?!74YU}$N=Pi6k ziQ)YE_``ORzqpwA^w6lsk*~V|u553ho=$YPzkou-Q}%<+VFT?B*TZeUdDSX;(RZ1#6lQlK9a{42HHx=X+f)A4e=B zR~02jAqVO;b~jJ%v@ee~g`Wim$}k=B zsqrm`eB1VAXwaU%v%0b-Q8=w#a7XAn@gtlpZEse6pUK^K4wrFV)24Al^Q{C-+k|X3 z=ATONT0;tRn)knWPjsaZPtY2%NOp6co?u^>n;5P4;q&$Tl`3F7YJ66&n;%x~=yfM2 z^o_PjUxPFOi)FI&_zEfuKtzd*dwrK8P*zm&##QO^end`~bXwlQ=e3x z4zTD27t2!BC?C$$xok63RfnAH&<^$UT^65M#H42#H(szHYH|K-Jmo2^=c{|aKCP)N zt}E(w6Ihq#akhsiG@>AN&*4%ja1;0)$Uqi9LLf##xK*A>@=H7!vx46wY25W*r7a%u ztxaoU_~((fgbNAspL(1>Ki+3{Plr-A?=*93E=_bz#0GvKn@SHKLR-zS_<;Az-uU!D zRP>pX><}g(>>J59th50hH=oR+eS+yibmpY9&~hrW-a+QU1l(2v;*y4st}(b`y(o)B zeuQyIu^48_-@2*S4eyj1iA|A}w@t~)(yJj-m9kg&Iz!>cI;vj74B86gL4IGDietaX znsUYJGGISHiQcs7@ub70=|GSjjb|Yb_-EJKmxaB(cvkh*%}QH1k3HyD$9Fa>V@CS` zWem%Anb!|*bnukz63_$gPU;W4@+Ej)lJL2;Jx(AcG$vysI38?FnN%c7UKL$DW@nsU^!PMZ4`n z7VyAl2E|9~z9GtZ<6g1(owwanj+VcbXEBw0WfIP27y)_o^@o{qLsMvXK~}rmx*C}favRmJO}G6WUPq|lU>F@U5bDp% z&{6=@E#&1clR}DK91SCOesn5d{VE9q|GojiTwU!eXg7 zjG((rvewD(w^xf|&fsiSYNgAj?xqkcwYcf3qVC%a-z#SGOgs!_$=9ux1Pt-L+P{-A z9yPo}N0?@UvQkMY$Ncf&&A#py33+N^{rJTSs1hESwK};|7EPY^d95jtTomdP9yNXQ zoIP@t3&>(-IK-^nF7WHw9tLHQHxM^6gPdycwc$Qm-dz+{SjHA5u~t{LDubTul!k>- z4}0{R`i5k_mK_;tGyug(Y`E?tH~IU{lpeQB)vgsv{sb1ZP6n54gb8=eZ#LR_q0$dtG4JxpUa;E=Cj z%jR6a^=`AM>{*xH?8T3x1>Fy4Q=hL$%4luefbt9O^v2HHI}_ldsdtU9l*1KG9Jatl zBts~6;vW=y-j5mPokL!#P7y6uVwGLyHeu}W%k;Bza%b9IWMMom zBkXBLsw?PxWj|lWejsH2^Njbj_D~;QUB0xL7#bXqq>B=Mlt^--*+24))!&D(2_SQJ z6meF$?0wiW--s3xxaGYA?+r;u5V*IONw(uk@@Q@%c6PIpt6?>UGf6|)WFS1+h@@<@ z<58-nhMoXTqC15IZ0MznNKM{`1R@(T8EE87HD`Q|v0|10^DRWqhE1ILo{A0A;e&&; zq0D-YgS3c@Bv#jJ9ru}>fS{|>d|EZ_nAiCNWlbh!IZ?cEIBIHfdc7y>F#Q1y)l@R> z7q5;9<--C4gVXagF0OVmv-Z`|!-GI0&{zoCv5Dep2wy?&!Y|1n>A5oQk;a`&Bo_MW z?A+OHlm^VCGrmbaIdLFcug<=XiX@w?3W7K5tzU}iPCMLKG*n%V?iVBT-_4!$8uf{# zK%mBsSz);A{$jGDyj)|D(%Q;u^yLI`!e)H?TArKfkh8fiZ^CSx(G0tpZXF=d|z`>^nR*zf!WOvz~|CuP+mr zM-GXa?dScI<;SZkixR|jdPkSbaD9z~P$uiUNo~bm{}4UleDQhj)M#qip@CTk3Q9=e zHszkEn28lhTZ}(R6Q*-3&wUcZy6s^6Y$b~N)LMIS4fo|nS_lQ`n2qe3|NeYnxW5ub zKL=Ux#tzRgnM{b8FN(6|oao(q^cpKFrzmar^ajm)P#SbjcH^!7i6?@x zDrNGEm7=C+Bhsl^mL&TM_{7sf@3N=(45AdRtiimnxKhM>C8l~#rj<(Rt#%*W&wt9_ z@+!Y?P3-K%qN8Uoc4za0XN(VE6s^+KRGfK2){mh@_m$*p_p>~nL-Cd~`^ypSV=68* z#N7SuvOKyT=^_Tae_x}kuOrj1-WrJFqyYO_1R~ri4N%3M-9k`H^ju!#BT?m zNhcL$mf%aN8MbI{R+|CeZ%W#&dpCO@1_XeAj8D%@y3{Sov6C6$_mtf>nGChhQJePL zs<(T+wo9}W5o4fQ@32n8RaSjV&OR$7w0L{5DT+Ao4!-*>cgV-d^=9OYv90jNJgA-A zRn2;Npf=&&Y@oNBlZ5d$wTEc+Vq}wi(r1Xna$!;%J;RPNc1d?Gn(@B%X z#-O12gos<0#qqJMC;RPEJ@PLn$0^>dK?sbB1XztK{=ODl7d7zK|AT~}`v>F~tlE+D zsdgnn3m;*Gac#2b&2By-y#u!zMEwKu;-Za=h^T7}=ZcV*m;75M$uy#*X3nos(>ky~ zj5`*lj{U-{7{Df`?xRzmmv!>=PfDQGSx>oHN0 zc34Ei`hM=e9a`@wB{Vg|gkRvsa$TkBXVFk*^Y03u-b>3+Tq>Rg_sj=&Cu+KL16S|7 zj$IFh8I6-a-ZX@z!3&2z%93T%FQ0DQs>%sUmZge!x$4(PX>{T(wHRCx+O<^lLb1*} z9yf`LiTMYO+}G~TO+2?Sq)l?!<@7wD)|am$o1Q0M6yKNkJle9rOG?x{uiCj;2)O6> zUtIBeXcJ&1Cci^!YBK(g+|Vs-{=QXO*5~3zsI%1>O>US;un$ulSU-q|yPz_~{(k_I zY*YrFmTD}qha(Rnfc5JaI65CVZP@42;JjHFWy&l&2H2kX`6#1b@AL*MPGckO#@(aF zg5;)!$}|Fzl1sn*Dx#rOomK$adEfeyP|^FWpbBcE$fOc~B^e!CaMtT;)pAG4-Wbbo zau&Jl)lYka!-+KpVwCrfPA z?iP>xCHRVGl7KKXvj86)vx^RCg68*L-8@nO@r`gPo1zb$Z#@*ji<(}$*S?RNO$iQ# zlMIE|U!Cp5KbkgvcoiqB$#i??V|GE>`}2^SePeKpo_`4YMMkzuT<3fmL75O4+X1J` zSbY8aMhxW0D-=5dl>OyE{oK*ZA-+zDbpa#zg`De}II#mHfb_w9~% z)E7SOr%&!LE>82g-F^@>38mvobS!EqsZt$wBQp7lDLTH|ahLerTP1J~+vjW;G2kMm zQZ}f&!?1ETMXY0w-CeFMF~xP;TfznPnEv(7jE@xJV1XTWbAzcwe#O3neBfAY^1M>| zTyu=1*!V@W&x`#$&+fT+MKO+#pTPDfIs8xVS5H*T`qJaQ(gIq9_x06hu2C}O$EV&y z?iK(@bbeT_Bq;^E(x1{-(23nG%1f#LFLv102aT8FAsntB8C6v8d}UIaEDe{YJgz$k zgPK#)7@JSuvLA>5b#8NrSTmlhwa(&hm330*(nb86pYVcjd}lm|sAka9n9SWefFFh}>_oYbeqkwM+6oWsp+2;+i3g?0l2+z zR@xuQ8F>6`OvrpQIPMU3I9t6p;w$OjIY*j4#=U>*DaRdW+7PC91v784Px=zd@FZ04 z3f{(==Ug1besC&y&+Szi1E$1TY^7IA)Ou;Zff==LezEMCLp|+!&*KX3j2ZMwlPJ?+ zH{&Utvifh!ta{DY+SOFB566lG)-ajNCSGA2l_69QqlXKYzWbkBR`8>GiO%qe!$KE^ zVX^-gE`n&mx5Na@eE%FJXX9UF<OphOxc zmdx*=O;=l@vYx_olnLQUsUti*=kfnkix?7JNL=JEmcdxhA5MUalNjQ=ffRudM_R7^ z-09lP!7bDBz(V=9(^|Xj{%q#r$Y&Gr`+FTA&6rJVDwc8l`hYCNKrO_#pe0iH11D7> zBQ^tFh;u?S%Kujl5)uoNl+ zoZp4f-w%5Wpe71Am->tT(7^o0ciAyn1FMAa1F69AGY(>+|Mce@QUP`DOeL}E(9d!H zGET?hViLsRsN_Fw)8h@FE6@_J3g+(mZNJNFvP;A1k zcX2ZMKYjSkpTI{zP$ldtd_&Sv*VP^kihl_s!w7977;-TCM-$HE%w>RF!;)U}zxFr~j}< zG9OJuAz70Ay38>QQV52O0cQIDf>z?TJ@h-Q*{A$VdCBzujhnGBPAssi;M_dw%q>Mm!p7^q$EpxU1|jD$KavQ|z&mNL4{-33mhCYTBHki)X|A`R zeYDFmLD--mrS>ZY!mnb0#D}RYOD{C4k9*^vY8ZZNa_nmRFug)2+IfGfSyn@{%Lcz| zJmxn=#e$jfhryQh<4-Qj$|L%-ShhqmgH37oa#N0l!)1~Qg$iHl58#Xgi`E~PQ&Uq3 zxNWgI8FzKyY}3J;^U`F>SmCMH@g;}nc29S3)>Emz6A zemYXy`zR9T7b&Zqlw{dI6^Y{6-iy}flSeGNe`wp|<~4ymv*UjqhlN9&&I^oryN7i( zl!8cQPxlkPsQ9C_k5ozU@M5c35 zftf_e(`~&Mhnt&QC}VNyhAWtF&eWPuH1L60yDs9oh8`AvEhx@nYe=P#ByC zs^<(F%J|moQ6nQ=+j+Dx>MCZvgnPKW@aQu26izAe$+gfs*%(MEEiHZc`ImV(z~{U} z@#?9LuCCoe({$qc#r`a}``H$yYns%?a4XWW#yt<}9pzG8?`+Izqa;SqH1B*cSG-xHM`!YZkuMJZ2bKifF&x8wl)e z^zha*A3lC9_+DOF86%?0D&-16M3j~7%g)a3WB}b>9{0ph*PeSKePap5W0xo^ z-Pd*G`Y|M(xvR;s1poe}x)od?c-dM(tC9xu+HlVvByywSb%YSN!d~0~i#Erx0P>2m zQF&&LDwWvH^C&6mLI@wfK{&_hg7G@k#L{MY2EzM-LxrhkUe#7|K zZoT*f_5)qTnAZm>eBCn*Wnp2%GYyA{M^64{dZfO}=_wAfBid`dBkJgg?cWlGB3FyX z;z~;PcQI5-E!})LEO+hb>}7+P3pO9!O-)TDBqVIuNsu0WGhyrN?Zt<#%{RJ6g+2Tv zVFaCKODbMopOJAWRlUcOfV(>t&QsFyYRr@cv>+DCc>N>0P2sU2>)2?a`<3}Oh;v?A zn&fgu`6l6R6n(w!Qp8OS@yexg@F<8MHtPgHcwz|C7aT202B{;-$i5R&!eK6@UmPFx zQ*C?$%W98(K#{w);tvOQ(WsIbu}xd2f9sj|u+403RT!MI;I= zoJ}rtcNkSK0Dk-sTUYnpOGL+t385!xO-R-0#yQ(ir^uDEvB^DoIw3_Ib+Y)}s_U-b z<9L&JQaP#uf9+cnZpH_tB7m`+m};r{gv={8m1;Z%QJE~7C?I9V0<>+)QNjeGp!E%wxp5(;UWh}y#V9q@(jv*AwZib+ixOA{6Tbs5d+obuXTgIb?!NQ9 zgoFh4enH&9EiYPukK+BDL1%^vJ6GhAOae^IW-K2Bh_&7KMMqaxf_Lw#bYsYz5+Snu z@=|KXe3$biTy*2)?9W(jmWu+$4;w#;#PsYFF z*gCnx%@*{qnr`E5gY%Dz;=_Q5<3%cFgXg1SdLuk{_79eEle@1>Zq5~v738!D&4bohM6hj}gGsdle6zxtwZv*=3T znt<6f#WiU1W5R>MJAUZQ)(&qj*wV@ll{UQ_@gbuL-9Yj7u-+tmvThu_R_A9#Muy3Z zt@W$SxJ%>#gIll6vqOd_NA2x(euSV!zx0BB49-Vfn4DDSF<*;~h$oSuQ<@dE-^pSY zIwGW~swU!aK%D&L$7iYQa4b68yRYgTtZ-=*SvfJ@y)Ml;nLr!<{MulpTSQb_TYLE} z?hq|nLWr6=-4M1Uir3OM;P|$i7OgdCP_={$hvYib$clupw>UL*y+BP`tt@?Io2`3t za&&akC9u+}#BGV+2ykKr}WIP+m9&STV+4&CMbED&?c=%Ga+`b{o z$WM6-4Yf(&#rAeehPr^&a_vQ)J}i2T_*@bQvl>XfRX>EO9J+M;+UR)?948ySbc#ef zZleDdS8iH&1Ri8;Y9om#U8u`nkWq|MvElS}{E_G4X6?!s=-0duL~7 zL;COY5I(i2yw0ss$r=U?hzoaJj{(Y@fsm%uH=$G!4a%vsdbQ*g*^%w9pZ?^`hzFY5 z&u{qMczl39V_O%mXcL+ItC)0%Bjp(Nd(xo-Fvr(9Ps4}qRMph z=~{X?VPevXntpL$4qiMN@YLg2luT;ZR&p z8nxMRM!(FBiyd!sRDlAfCS#}-71H?B^z;UoKN1oW5(~IR#>by8efO0 z{jBW145bDO<{$E7%q2X-;_|G&{s35TG_J+T=ayrefIZHF*Fz0^B@0Oi7y0~EE>0uP zpIoM6?=O;kvm3K$o)p6v5yK`~8@o(k;PKHw_I|b@T{eW}AvY(m;-p(Kx#11@M-{I!%QcDFs152|{BF7G z`GP{9n870DYu=j0D%BJ~>RoOvct-JI-k6S$E9_zDd}`W_Iv+GJP#};7mh!&m*?QaO z6mlSHVE4RkrW8RnnWji^Rbsoe{>zVfU+Uhh13FIcT^uv{LjnaJQzoSsMem|XvvS7f z0?_wM-O|$TH*yx$`$y*6&Eik4bdHyUcM@oL$cEd$1Tp~qp9KF1S;e8iIed-lCSQW# zXvBwnxJW|tKeE08DvI~}dl3~BDFKo0?k)l8&ZRq-2I&TsQbM}BS-QKC?rxBVrMuxB zzrXsQ^UmRL_Uz2gGjpH&-2B}86x?a0i4TM(WPK*>XJE$AKzdyd{Bf;4*MhLtp9iT7 zM(ySmYQ8Y-U`nm68)N_6?K12HsT)q^Ug-MfVT|9=km0*uK6sQ;uqM(|Qs!CBmXb;Q zQi)3sM8Q^0Bl21%n?Fz*s$=Y*AoRI}E?yIF~T8n38>D zgomqE>0}*mOQ(N7>*=!$(>i{s_o2;DS9tW#qqf*`Xqep3-H~t32yeykexKhlhshwbva%9>BB`@m=L{`76**Jt40Mj9imptL!M%1!V`t+2@~Q34UF_bKiTV@kVcx8V6pFxG)fVf4)L|r zG`d;vDzcYqPsdmhq2_suZKR#ZCAC5+Cz_*$qMO&T(d}pXTny+5*(7iKx{I4n*!tBS z-x3b$y&uOVx~4EDD2jVFTKeOy&eqE7>|CqeHqt}j%w|DKI^ccfb!ay$zdGQ3qSC|a z(UoR(#5Z@enpLMEZnyhIZS2ULjU=ENsBB@#YY;G{wCKl=xldGFsBH}$ zRbRRZ*@w+N2k+?~vl(-l1Y9b1O)X^9R4JVHJd)xZ--X2~y?b8CItg5D!CmIt+G6u696vk#?Ss}WFYkT5>q{x%kjok^;*`^a9yHF{Al3u8>U5*l~ zKAy{JWmu#V6^+Xh%S=k+az;UPw!MYmX4q4Sz}Hgcw9wx#0@Wh9^T`7e%H#q0w*0$R z<6@c-%4}nmi^N5?vqSa93A@(lxQfDBWbxzb9 z55uV7d7CxY;whDw?Z846CD>|zdzPAF^onJ;@!G?xK!$0{)D6|>dW9KpULq~>^v1s8 zR#AVn6=rJbe(E= zoC%dhdI#Gsx#<+|3OH;R=$#?NGcEPG>BvHs@0+LdmH3D*QVxDUoG#uyxRKVc|K_)t zz7cazSIsf5%oeyI_E{>VnOBN5V>QWpuum`1f|YVN@LFqo)egl79#z$3ZqNzia;b-< zr*nDJ2=0CM>LJ6?Y#i0DFp}0a8?3|#q4bTHj)C!!NBu~Nr_I(1=A)YNt~(qWZdTq% z^A?5c=m5W-@oZI1K&#@$S)0i^(y>WMl>!?#t);HX&#GcSKz0J zXuxUH2(@?_V(PlJ^lwxR7N!-~#nRvIMWV8#%H)LHakFOQfgo2IpeGV;0yE9Q=PkM_ zg(Kcx{5t2ooNuzEJ}1F6Z`e@qn{I`^w5Urhe~Q+C)mFFa{|F6Zxb+f1KfR@s#&{n` zP6=Ux4Km3F-`RHk%sFVL8mM!zIEiV+>Q!6&c^h4K`4)wm9~~?GG{^4b6f2m54P_HO z!2R7DGFHMCPQz5m%cvIKaD>YtmE~Tu>Fv0Y?C8ajW%n#*0&W^Nu`gs`9b8vdc9YfE zcce)VAKGA%dm;yd4j8Q+yJHroGran&?iq)dK?+y8{pN;3(l~6-?kg|Pc-3J=z;lZswzQglYG*O+t1A_s}O6TvvGIm<8eq9NT{h~r1Ompl(N~c5Jqes$x77Kqic>)o{x9^ zU(63eN4`t8DOru?S#!Jk{dmy5dnyaR$0PVCis^Rq&~pxLX-q0kI%qtbEovA|<6Hbv z=L_uk(Zqw^ziFEOoN^+g$z?S&1=S;TR?mjDzejW%@Rgd3DoQ%tq0CpkfZuuh5+Z8CP+oeo zucIaGuoZU1S`=5PM^Kfel|$WEQlFaoNhw7|`B)s|_Zx@8ZY^TP(!jkBE&?raNOXAT zJ8VeTnsi)5AuTCB&nt(53jX21W`#7Y-KUAjE$=hrw^I``kKeTrZ9lIuGd!f$hsDOm zIv+07Tx|^e+V*|Cj906JJk5|R;8D)Ijim56ZVz4S#;7LGoug{lxyxT%US4_)9-Icu zorf3cDW=$O*q3ESucY%-xo`v*aBn!g-Yd=>07HApsaJq$2fttV={pmhwmM{HIeX+&!dc8M%OH@=WoCupOkyf8($kUmsu)vkZ zqe1rKGL^e9eqA1Dtr}~0))Thgns(eK=m^LX6(_Q*PI%ZB&-kpX3DH1($~cUKXRKu+ zw7}-nd)vFs_jzG2@6>Scsb#Z?eCJQey{``6IJbcH~ig!}pR1>?`}1{I1SzdwkHb!2JO zX!z1ziS303vwfErOGS6qDhB6TcH|PP*<09K2wDG>5u(fbp81{l?YEhi^lx6cKXa4# zQ;>WnCRs@z+}AnX+}!NftX%R+->IjfqM{p-m6uNw@V@KtL-4$W?o(WT{y6B%j`1?K zfay>F%8R$|uP%S3rEI?-jqbuxOO6N2K9w<3mAQQE&24}g9l$KK)8oOw=2;x>Jl!hT zsPWsEydI6X{DXtw+8wyJtX2CwlRU5~gMuDV6z&_))U2Yezz;wjz~(pf{rNC`PNj5e zJHKf@A3U7mhbL?#&f}!tC$owC!oN587>kj5x?k4zlti$z3@Ne1M;-X3a66gWwF>cvd1NFv2oFzn*S%e>O(L}=E>5dD^`NRj^YW_{C&MH1(Cf+9U<9aJOfmyJ zsM6P0Z*^=c+ALi1k>_0L*8h;kb)XP)XO*Vt?DjZuNMZ{eD(HIC?&#hgK9gFF+jYREM^-BcF={3K% zO3MgAOsdnt`ZHYk>-;J8=Oz~c$st4qaNV~^J6%SefpIUfOkdHo^vgP@#7(3Q#lSvTnl@eb ztQ^y(N=iD%%X}#ZkOaj2Vfr|c32CXRk@YHE>paKr~innlw;)2Htf8hqI1LBr@fNOPJ#uJ$h|jrOttXeT>Pfsw%b-@?Hsl z>yg)>aumcfW;jrUNl)pL3uS(_vWBLn2NM-Pj{xa!x=jO%d?q?7pS_7ogi({trHyzs zY4TuoJQa?5EaB8j4mN@JybRkdQVX_{vmbGAVq;>e)Ahk%c#udCimIy^R-JM8&71`&C<;CL?gg$w*IlW#~lQJ2NwWzCn>T^=XAaKrBcORe#;`9jK>NhBP0{ zrl3=(Tst!}z?Ax@<05SQ8@@K>q%%ZTHp7186#R;Sfwo`3zHn}BV@}def^u@kQOc=a z;_`NbAg*P6tMcV zwRifOLjw>C0er~V*_^28=-EaCgZqd*0npwU3 zY`$KkX4Xp;3p+K;A&LeOTR+0{lk8aPo$J1woaq*tS5ztFI@{kIvI`H_@s(T=aCkJ_ z&dyI2$dM$z$E&)GU<|!5HMM*RS`X~W?_4P5s_IU}V(UTXqI=5j*=aM|c&MPV zHJ8=fzTWZeObJ4U`+7h6+MHqd4`4x3JRk^D^5xt7em41Vz50_U-~z8Lq42GR&j-B4X; zbWnTe%8IDU6z}8jw}@vyMu#!sew=}`X7fO3Y9m*aw>H??t*#O-eSsmS@6k@8I8UNX z&gH)MWya!k@VTA{&*WiBy=?X_f*gUp=sT|V9#o~I&zUH7n-iv7T7ODV*V%j~$}FY6 z&8FP$EFt3}v}_{LWrGYQBy-sbcwCrI6(|Lt+bz|@f#^TT^lvOE;fn-A3a?b@0S>UJl_8L@znL7$xwa5^WHpG4VZcuCM((flZo=?U=nc94*MbN;HvrU<}t>XnkV z)QSo&9#k;rY-QUbI8~{Un75Q;*b^0!dNudCAL;Ig6d5_iD=aJnveE)#daA@1UvB~w zh4bmEV{N5^-mf8nz?zfE$LMWn(z|cV2Bs#WKs8041#MXijoj?d@?5NJz$ebv7hF;zX(FMsNl6|k^nGQ88J=n(`tgfnU<1^=YXyp$H-AcJHp4R#%t3mA79r?4AZK zyc4b2SYLO5O+nk++iR>$;Z>ui3&8pE4fPkcZ9c}wVNIRJS+%3*^DjOVY@c>G$*;Ih z>3I)a1+%$trJ$-#Wy8vRc;NyRhsx}rgmOmG z{DS2d<}~?m1vbj6+dV{MvaHrdaZ;-g8-u0D&%-sM`iH|ehqP@=QxR`LGT~1boFR!g zEIOAWmK2pQ!ho%6@Xi8Mr(CBDEhSCFhxDRuz*;ND>Cb8N7&jk4^!#@ipn}$yX|Oc9 zt z?RX0k*G!0eP|{X9k6-T;dG|)2$_n(+f)VdqPG#Q6w%mqmYOxPJ{o>=K-F@X5K8{G< z9BSAJ&TLpupJ6G8Yug>%k{@za=a{5$R-jw zrJD88S%IWl@NqLR3j=QjyykCZm4&4}TmH`htN%nP(R5 z_c>8RgXQDQ2%(PcS6m7Twe~Y+DHk6ffi@NL_dnZzcXlq!vl-aCeVoZwbbYfAyM{b` z$Y$*`)Aa{(f(()?9$5juvM-FsaMXc#S)5C2C)sdFS!7nfH|<>ewt+h&+p#k9}Np@5Yvi znf^ix=~FUlD{pg8EU2I?pV$972x+edDs?Hx0ibU}b>n}hYLh|>3rRwU!$R5+AAlwT zacTvS9`VcRX^t~o1!s4xk9>W?O2A7fDy}Fm7L}Hiaz!EcSwkS=CD78SJ|azRT_i}? z0ty~AI4xE42zM6>3rnv$niE%eQ6LVHz2&}og)k#(%4@siytMeuLiV%X(hyca3DI3Ol@fQg2WCb&ZZjM`8}ENa#GC000YF&^G?Xz zQWCh>SZX4Cb%|PIVX5ZuB+E5U)+Fg;S0oI2dmg4!Tp@LJu1I~9 zF<99)tN9-+K+7IprJv&%2wu@`&BUS@>O3ljAu=CFju02cbmhAGrWVq(b1r=pr_S&8 zw6lB$1FXUDxz{@He4i!YeAJ7d_Rol zSd689-d)BHzHo$Nm4pq)5-+R!ZtlVBbp2B9pmXip5tk6SFCxByQB}e3+}K zs0ax1ZEtPm&gW;t{m^C=bdmwrt16QMIq#l2rJv=(?<#2%>V>IEc84igz{wSHbw?jQ zAjPi_3!Ts2?%>x-&(6oBifynbJ)4sEV zc}Y~Pi^_!&ojee_X_IJD(OS_4vcM)rg?@t^89srQ)-NwP&KPMpwnnG+A7{SZeNPdV zB2MIq+B^;JaA^!a9mkyKo$KV{agRz&+eBAQh*lT0ZnTjIicc&lv3CYq;q?hqs{-zW z!F{F&ya+r9O;-K*v-)v6g^WByqU)cf7LHPUgGO#e1ye{oQ-!K8zZO}U6x?Th)$C0~ zN5>bRqa0z%KNExK!{xc%xRp059W7rxhQfgc939edB3rgV?cX*mooILTc(_^NK$d5f zA<)uqn-u7wx;(X)RBqSgJ|+iHV!kqugnX-BzRY0Pnz`{+5mo+R%im7bH8%WZdF3aG ziLOIK+Z(y{<&DwdqO@2UsuneL9$sFwnI2?q@_p^-JVz5N?sm@H_-=UFK`1!ppDoOz z1PU>u2u`Pz6i;7(hF)WwA)Q~2MUGk2+9gF`Cj!k6UV+$jZGsY;Ph~IEm%?2WE;^8? zcs^oGWznw9&ZClg^|0*u1x+FdVzqv9&fmp2u9$*@Zyk1j399}Euftoo#~O+ZmvJE` z=Pfb`f*+V~>c(|fI>b_IMZ~vj`^xqf#3)FgO6Xg9&^?&Xq_@yKKTJ+4p3a_C^a{Fy zYb=>Rp`4I7aaxTjT%g}{SKtLKs%~GW`*>3%u*ka22Mkc3pv7VmPV}?tj<&%l4j$fU z0?Wqj`A$GU01zku1Ooks!MQnZI=X!TD+9_HPr?++77`N+ml6h~;2%(Tq&7xC)gKg`HP0Pd?{XN2Chq23Nt-mR zqHhkBg4%{hO;6A>?A09!d_&iZ1A*e=@;bE@z6!)KYWGZZMEdAumT=MSq7Vd?_fgoX zX*6n1eAaQODu0o&5y_w^C|vK>ID^maToJrs#z-?7$`=JjU2gIB_I7!QbL?3ogiJTz z)XSdy@M+p0w1dd9S-Q)+d~3sr&cMaPXis_i*2|?`YiA#Z?7LW;yI5Ah1D$vK4$AjLAU$9tGUCJ1PXl1)1Qa= zX$@ZZbEgzng@9oDlG0i-=uI64@TBUF>4&L$UR;^rQ5(SsbyR7lb%f6-BTfQA>JPPb znnCy4m#1TX8&x+dQ&-mU&h{h(gg3NYXI4E^5sKrJB`qCOLWC|NWmx%9AkY{6yf(&|UE_bh!Go8elZIp$Ow z*?rsoBI-PdFPdzcCZldtF^LohQkS=^4HbHjq%tEP6+)Cz}GUlG% zLon8ksi&aNUZ)%L+4Cp1p6C=MeJ|Q46?mBwQ?yVTT^)o3gd21T)kh8}Hb|k~{(U4h>mr@)5QG2laX!}ryaX&Vm zh&7+J7BW*+`_)8~*f(dLOT4r_Z)01)sRtI2rw$a?|dv zO0TdN_7B{4uTE)bnED#ba-1HlWAQYfyLIZPEexr(Zez6t&hWiUb~Ry#S=54>EiK{? zg$0GCFT(+LgT=phB%7zQj8^fu8!-mm^cl;dYOjdLw+gkG3Le-_eXmcq&0qCB1DF-| z8Q#;;gE>e{&(yBpgbI+kg6g(FB+9bb3RiH+>vECNFpYrAEv{&J8wUgR!Rxu7s0L6M z*s>;K`n$0TCwti?GS9`{Cl908zN+us{Z3pfZmsj0nze~0K1hp*kOh$9v1nc1nB1XQ znLHA+aeVpnwe=Gvn(%VQ_G(C@sGqM+mcK95!zKuYK&#eTb2OcrjxJ<$CmfeUdc*tL zBe8zd0VdaY?8TLfJvW&Dx&~GCjhnWYaN7>2c0;)Z<(^W8LoT&Xt(Uu* z9@x1*vrpi2puE#nb7XPY=1SS<6}b~iAMlaL|AlP2N;Gx5ki8xfl#@Abzh4n0XleIk zvqFv+SlPWf@^Ixg(m^ygv)%T@U(hA2aqr@CH;h07^FuB;EgN|Bct&{{F`db-6xLad z3CUw-3qTVFwZullY}TqO7H6ViH1 z;_rm78ErY4sSwms?|$Z$>0h2Q)rgw@tMtQOCYC)9{`0Q+@~&%OghxUe3CV&jJZ$wv z&%&$F8nB}wR?9OQEPR17hdn-y)DZG^QaK?`7_p_bFG)qv5XR{nsokc@Fd@q^uPEjN{Yj79>FW~3zwr1 zKy216`k_srl1BE;&1o!_n0M6H);}L8*wkfVpr$?d*VdY|Mcde%{%I(!(~)qhhm$}h zaCn|4(y|EWb-E3y<84fj=p2gC%gMc4M*KT2_7KFP>5X)1vo5>u_ZFC`teo87;NX28 zKjPjupy(3}u3^mJwwfufG8?^e@kA58Tgy-P!R4@wsns4|w>$o&(7$EXgq6zep8UL5 zeQE=FT6Xnv`1S9>{pO2J2v#mreX6GImlY(}5W$b^4AYtr>0Us_ljznhIfm9Ik9`B) zdG747Bm_0BIAOimLkbXQ`?F=(SXk53)0c9KXt4aJyL~2sbl=B2XLWUT=Q#cPFKa-c zA8`MfsRGcHg^1B|^76zbB+B$!v=(hF(79Kh7LK>Hed}|REwX`7(b8R4Nm2N~P7R&H z5P_L*iKMG`DVd6O`&ODUppcf&9vPO0q@3@D)q0h1adBxdBcz3@CTG(yzfSlRUh>8; zD)22C+2p|^pp0Fmi6J_dK6DS3`Sc6AH%Yp--h~qKnmoO{#{#D$=K1mI-T+`y*W(rM z({(X#Z*QV%Gn>D;8Gq+bMlF28@ETMBFfMw~=AA;0UX3jm>Za(ah~dVP60?V_#aK0O!X(PTaw?&=`(YQa`U+uABbAwMjgtHWmu0l|}9yOLZP1gxchapnYk628b=i3DX< zRSuu%nIfgsT1C1=mdOPzAC@Yjs&77(f9u}Qhw4mhDGvqof^r~-(AYM*o9k*Hul>BEM@l{6y z%&3xYL9+}jwJCrfGYM(2f42Hw>~0mQFW4gf>zQ_I@>2g-Moq9UyCnu7B?}16oWd0Y_fDRxf=5qbMB+Rinu=pc*HhE z-9XgnmtrbH9N|UXdH9Z1JbDk3DIe( z6Wm?T=1q|v32gBAy|k;T6`aGB2*h@z@r)(WDQDo#bYE{=vrZhTL$Z*9wR2mO_hTmR!wlXLKUH;qUb{CePP__wbx0P*n;UmhyUO47(@$|TZ6K^&EtM*J&^ z2}(--{%MY2v^)yW+B`F=ujN-Umzcs?#nCM?IT;W5{qh-u0sPGcgbyO(U{>oBp_pmy z--jvrhBXoVJ!0~5`-<3eEu=n$d?i-E9Wx^uS?HvkQ_|c5j__~4+C>vJ91D>*CUhERU)i*(kUBdA8BQavCP3X{$@vd4NM~R zP^wjOt#nzukPASe+nPv8EbM?jvS+2v%pEA)@4k@cMKw!p(->Uw9Qy^%EUyM?4g7g zz()nX?)nCgS3&%5r8H6a4d|JNRTCI@rxFBikdId}E379ZZm!i2O`?A#-SRcvacgsS zT*#~~TuvI%h(nNK4J(;&3l8*N=&8THpl|x+e*Q<7_b~@ zWYGJcFX=yJq1c?pTz)hDf_?wHRAF7r-pd?xJ)wN2+2P3}tp-jcOc&So@iAjY0=0Ww z%`i0JAc5VCh#2MQX)(~~6;QFQctL)K!^)MxC>meL$oO&CL0{e=8})XZopgX_a?4oB z_|pmgh#-K_V&0IyD-EX#fdjn@bapHgwBK&^i-o%fV|z}3+LO>*o!uMlls&c%y5AMZ zhRC4XUmv6HOu&IY&d{4OmGt_@#*!K^%WkrLoS`H}L-g3cRSani3{;nsD=Ysmt!Pc( zKudFTC6#GZAmXDbCnKv@)+ipN)fFv#_ekUn2jU!%t5cKJG+QeHZ6^j;Q3s zOCUeAG*I0=2oy6Y>+~puhO|ODbl7MwIn0=zXEs2Kj8; zC}u5@q4e)IHxhNDUYAGfaS#NMxX!&CN^&6qy(?_vs7f zFjb6IRAho4&4|1dwi|+dNo=VYDO{)LsGoyaxB^4nYfy%#ZHw2&+0(SZhpdAe)7Dm* z(E`s%o?P#H|M|C<)S&%8U7B3KY>>CmOlgvLsR4j15DqlBb9`b=eSK`+Xgd zc4tARl@T*A%p92y@%Zt=fXA(z)1#gAU#d|N$@#r9&|DiNdMjmkZk%>^C^LU#0|!#J zP)!6CQ+igEFwoPB^Lmb^a&)`|BkW|{I6n3QRaRzSko zzg1>cZhKM)mO^+cHGa|WO9@1B^@{p7%rq2fe@2~DZcI#^kkpda_K%9Ih~WP*fvTweh5Wg^YIbUe7~XLCpceQCIn zcWBR_FMeHhM}odSA#8#S4A{WR*%00|GjY;*GOEyw7~Qz+#(HHjLTKH$)8A{tG(5bO z{N+>Am@~TbEK^T`hv?!ETWqB<0v@aq$o?z8api z#_v1b!=zxc9b$5xzCsffdhvxbl0S}fp$h<`C{VqDZvP1V`M|k`mHO1x9U_=xMo!gT zAA5)x(l|G*WPU-(kh@PNYeCL1EkT~8ERa6BbAD_}RTeHsS9P*RtHP@ZmpRg4U$OU+ zYf3xQGx?RDPz=OuwFvWVfDs5J{@J8J4016rYzB0(ip{-tn84t&ql{MUJn&1#m~_0! z{re^Bq{FKZGc%N97)E+poPPUcWxFTQb=~Rxt-WQ%#q`7SgVYqonkMXnp3e1-K1-FC z{qqkK1Ij+~;%Bv&l@Hit#H@YfHs=F37oMBCKg}FGig>&KFruSCXaH2byr4V>olw$@#yC_f#OmRFWX3C0Z=gjLrO^&5p<>s1@4*8Q>WyoR}W!#=mk z%d~tTlf6WivOO4r0!gt{Ugzz~dYzCArtm=t4xkB-m2Ct9NyYl>nk1QXJ%TN=AIUsE z7rUo}QFL%$j~XtgD!%ML)SI>*9kn8ntxr<8V)VKTHKI-i&CYh`C=C zd?ee>HDhaT(S9%fQa38P+$Xc`-pzIO2PWcNn=1=WT2_NU5npY9Zc_P#Z()<&pMg2{ zZyYjl=UJXdpM1<&_`T1Yp+{hN^&V5im}|5Hn#R$%4Nosx)Y6Mo7+$3KO9I~N{#W}- z-rqhlw=evDd3WOfZ$mZnYN}yCFCR>-A@iQ|7ZR#2!OMGj+eFKWrToz^{!RJ?e6FYY zAw~^wRAnb!0)(dgD{0)`kFC^G3;x1z7R&H@KKyRf4FiNAMbPH#AB^Rjvt2v?UKcx$ zB9Y)MyzoJMKDbNu?)yk4Qe!5wfV`_iMY-?Rl%aWQXNb z{4tO;uzkfoa`u?NFnaWLXJnOd@VV=);4`<*n*7mIuMPly*vT_Xb~{l2_+}uf>5^H! zpLZ|iPin89tBYHDjlzvj`U%SM1Us(P)d;wX&-OKpe^kE}v)PNLhtc!j#!dkU?9!>no>C#J64koWWBo~-I`_a=;_~MVXZR{JX`d444e$!dUN$p-COMOuC z`M}Z4WIXy76hoN+>CpnjGfh+oxu zjOl~9Z5P4Y4j9zhF*FjV*I z-@eC!n1!|VLAguzJoIhiK4mGH%Z_dOf;v;fB2XATn+Uzqw*K=O-iGKk;-#I;Jl&9eW|{EsWRnAn0X%76WvM3$UJR-1lVsAFu)O0wk(NZuVI z!*oibFrss`3ayQ$^*iIL$AiOgpcdIvVXEv|+7FbGv&nPx+XwkNgRnid0O1SOm1{l1 zCFn?WIX@D(8~-aPrq|U&(&D}MYtK1g$BBPOGcs8N&|s8cT!y9Lux5s~Z~vx;mf_gW z8yZy$nnQU{@xoK6%7Pg1;r7yA@sz#mrbKCoOROn`ZuK6QuBpecc9H(%t{e z-n6}zG~g{A9lrVRKzo>fuh{)8T&Sug9nJ~{e7^}`^NAhL7yt2Og|%jBNv3^*0Sf2q z<^x%5)kGRu$^V{}Bq({We3;K05p4++``hf~u&cix?;66S%=zz==KPX>uN(}Pm4PO> zq^_9c-8uO~k8G^|_Y5)roF|a{Cvri_FfEe^O|$#oc?(_aze6M>!oK`7+sd(to&P7$ zBl)@n%%CgNyZc!laJXTBFZO>P?}y14Z~u1-nv(onNss8ni4#OH|9sy62!w9)UimIM zZX$9hhH}?Xt8g)qM$QKO-$%1hO7@R|OelW^zJ}!e)seJpKw&COK- z`W)0u|My&um?dS-1vlF(-v9D|q456#3{=bVl6%95;Kr!93DF9%bD+INzwG~afvJ{s z9V=Kj|F$|tjSWnIZ@0Y2h)B|cO-Lx8sc3CuQ?rbgW2maC3aD}6One>((QYFs6uN2D z-QDdy#p>;Pv8yB@Awe4}ovG+@Fb5c0&O5X>!EOVt0 zEyjT8&}LBew{LK%^4Av^vQkpxE=|>T8IlK1iAz7Yx~R1^O*+@bExw__U00U?^bVI@vKx1MBvpn{98J`&`otNmp)of$ z1_J5(K5_(gk(h1o?7)AGj2!O{!LFI-&UxR81N*kLw3L^Z2M7Neh@?oC72FhvdH?J- zLdIp^y zC%{~ZVnRblH#9fj-QA^5Cwu=>;PC?N>FN2Mc*W~n4k%s6X41PD5Ai~dxV?&qhyZ{e zS{fSf2tVEUp$aH2bppWZin=;3PR=}KXl-pRfXV}k1SpQ9t~(cjOCJDiLTIR3i53<* z`e_FOQ3TREJWg4{w6elNR`$P#thDrtt=>`BRc{GKHDzVt(wvHl)79sv>)r9}H{UZR z_gY(9H8nNQw)>kn2n2nW`ui<_mjkRU25RcvM}~Yl73=g-f%~Dw#pGsw`*qQ`0S-W8 za^QAcl$5VQ07RvqK|!tf={)_Jn}?_6vi3BZ|~qNC8}zwpzq4^^77c&7*GwDle0OL$oA{kFG@;EI5@Z$ z-@fW-JhfKXEY{9fnE~S`bQp+ANXT%^mSh|&QDdIj0PQDRN%aZl_Y#I7c(}NXfM2Uq zEQ9w}CCwvaGX)5g22}O{V0g&cX8*g_e$u%Udlx`i<^4b`-C0c}3%|DZ;?&esB$)&* z4vzQ5xP-H_^Yh(o+ehHqjvt|+*4EbK*lLeTKETf#|2d9Z?|-F4CnQLY@VFl793Q~R zEda9)NQR(yIF;t(SxHH_w-5K%$D_$yqX4*5I+vH5`(UA_2nv<*DGMHz2K9}OUZ0(1 zjhh2&)odii;yH&_ZDmb@fm$#G{paWoTcYgSfc5=-nWs#dd2w4y%SvFwU`1+lbo5Q* zeHbh>G!&3OzR&miSPJ%c7kj`+`i)LMb$)u?KOg%(les1;QosBfgi17^;N<|Azzq5-p54&&_edA?)uW9i6!1!TP{HMO+Wmn} z*0%^mi#N07(>_U!kRTcXrPtZwVJ`sZ!VkcyL?aagf-um~PL7(6 zqkN-utIg5f;~#=B!oC4-NE@*`Pg^PQA~wA0E>F6%LRGb}g45=7kj$6p(Gj8I;XX z3+Ds?(h%}{u)CK55Syl^`{87+*Xg=KCc`_eHpGrR4V06k{*8P3|CACG-GnzlF!CR2Bhj^wk)L0>xzBKRtrn{^f*Uf=&E zTZprT2vp!QCbf!#gJS^qyv+A89gl%AG*Vuyx@S;+1cbz3@Y|&x<;u-1rZDkjJE--ZYKtnTS`hwn=QaY6+Y0yAV){XpQ5C(()}bc=$60B)+EKPoY1FjgwYrp={fLzaTTSA~REHV^Y1$ z!?p16{1r(K+~&19p!2&EH|=y?U0o|QmZqlI0otEw$4HV#(Rzg}SDA&Y&;p{qrn>s& z*N6zTvo#wZKkvuO+08RRdbjoS0L)ojQgT=|J68sMKD3!DHw2<=G19rux1+v&$a)$Y zl8it^5Xb=m1sMZ7=g(JlZIPbQ4`SrcaYIHGX@b6tvC`c}6)I~IvsGpc$mZaPC|Vw$ z1)l9rczBA`Jdp_RKst?1QnazQ%Z;%Q$AI3Q&bG;)B%f0ADUi9%Cw>=Ahm=lMNtXBmx zN94(?tk2%VOKA#8ry}RxO@Zx4Xsu)cQ_k2pTanu9;l>^SbZR=^9aN11a=;G_1Oz9h z$HqR_;)8r1P9-WdWLqox=;%{@VxsSig@TEH0J@+AFmHw-@L!vn_}q`P#6m#r)6+Gr zt$*bqpUXQCAkX@Y(p9$1wlYP6Fzfuhs`^|bV6m<@N=0|{GcvGaQ9(h$%JQcb&*Mma znVeLc&B8+3N>Q;7vBJW_n5)?f5!gAH0fB)7*uV!%OUs#c;76OR* z??P+yPWIfg{R`uMDO9Xo_bX)suxOqqDJEiQz%JfR?J# zps&;crr{YVD(((q(rt`+;K(}tmhSU-sebl)KJ15le%tkmXYjd{NZ>mXZ2^Z(Ne6i# z!35FHN}gI0Nc8|T`oAn-z|7I0pZWd@X;Yo2+5Man)a-F-3FIIFqxzxd9SFcO&MfVJ z1}3!Q1#TE8Wa#5rTL?B2A-g%+?X?T204US=3N$x}Y_jP1{tB?5|FnPGWFmDaQ=*P> zU2#YFt0jyrEqP4`Vsx8aA|sJa|C%;O&YYZ_fEpt8jE{+ruhX>No5%$b+bv2EdA|gi zEcOM`M71qOZ~+$bVsphVi!)~o46M-2QzR=S)KPE0vFp?b0C<7YmwB9$VfmcNy}#|D zm<>Rh6O}bJ|JW*o?ipTGE_X^R;j+n`HV1PRK(ZWH(C1V2A_1@m;U<<0V0I&d5j!sw5gAA{Nkd#yz2#lY5|un3$M^gaY~V3%6Bd6}2$f7uv&E zrLOy9l~M5oSZ8ELZuToHWyHM(d4+TJGQCJH*#168rSKHSfJ?8szW3!;yuLDZ3_x9= zyV&!^q=E@rc7;1R`b4>5mq$}TAu5P92o-eJ;g|d9{wc|JckRvk-rnsXQyV!Y&e-!TU>|!B8ylM<_n&?erOjvE zR@oHN-KJpT-o273jW<0ONUW1L z&Aj-WOwzAfrc*jBVWU2}J{uGnsRW3mR6f^{R6gvFA0zkg!%;{m2pI=e-bBK5=5{V~=~ z+ctZRH(;RwH;}txEhs7BU}GyPD;w?a2PWL!(UH&XzzAi4`0)ZSS6hGqlL<%S6~zwItr|06 z!YK&ciqghLZLD7_N=v`xLE)Nz4(T_EGEMT4-r!TZgyyfO9G0_SVPTor0;ZG0c$OHD z2|e^BclApm+Hx38<0q5gy6+WyVsSqMY8y9ma&iC{GAB0|uAK^?;r(&j{mo4us@C$_ z_VyLvWB^zQ0Gc25GXWrZ8n^xT&<5yJF*%ovt}d__Y#pUs(gncKoSJOYbn#Z_N=57R zKEtnGzXtq*-@ktY&K@8T1nYrFwSbzZg!Otr~ zW#St=0uZtQW=mIF+seQo<6v>8GXSYyXqb%b|55c7U{$SK*INM*6+}t_LApayx<>lfMve!+^&VDnTt4gnyr%?Mc_09r>qk4LJ&~}C@ z_=ZtHIm8$?HZ~+|du~UYjy5)rxa|xjB|E)uAT7LpQFpyqm~<+iI;{MHP@yl8cNDU; z`ugb~KfKqAOQ0}O!n3-#$N|<1Qc&mP?OEXRL^=Dbm-u-oy#Ua0d#x*j)y@9i!G1k2De4RVsP zX1tq1dU{Fa<>ir)!|)ox)OuaH^^NAdSa9OCokNC_gLvy-(&4NmfBTB&HVrMUFv$?e z87;?4K0dzswj8Lkm!`A1*cA=d8`wQfP-eOD2kgXxSEpNPNeTSVl=!K4X{o7TV!+@) z6CMaXGNG+NTd6AS$`>!)>eX;p4~a^Yeq5W$CVqKeM?4`bYJ>dKT^0 z*4CDL6T9Yjgz5ri^y)+M7Q!ArLh&}~O9~Y?J+s?`Bou@spD>7|>M47Z_~R3{R#zpR z8sUUT5VPlllPiClQoqTo`dY$~l#%k3kpq|fi%xdZD*_;SMoYEfD8$%p&tHK;NWwAK?&uXNJ!5t#=r(m zyUYisq>!B4&g+U|JcBn0kRuj0Ha#8P#8x{7Hy4-1?~1@qLjkYL^R__34PPQsN0;-m zBiK4ylU0M@PAV&}#ngkDvS(nuvt;8(>eO?+*h@Uxf{51U=atpeoMxLoLc=^*Vaa@N z!}3rdn$&~xQ@Ff9aama{R3Jbb0hwF9=Y{Kujjq|Ic)EzSMKhT8btqbcn1z~p85G|* zcPJScy8HTqYoEb}mCKreu*CO?C)8BHo(Z~ale|^;UEWIKcZ1ksaA;^BLRstmmHq_< zF8=*-lVoTY2?Z%=)F~U!>9N~M&99$@*V@ujdoZGnEWEI^w6w6W@BT4Yo*#GF!Z+}% z0u4N6CwqH(CZ74}gpHjDzE1yZL_b6G5;>WZY$Z z4u_hOY5nzAmuC>8eHKlHR-qQqMX|S6?jn*tZH_?PowlZN}MujbI_~?(GSlZ#RSM*_TXHc$i&^8XDA` zI3}j5ipwq22Yzl5ADPIPw>Z%ANHNGw;r@P)Tmrl400_Pb9zLXQh{90PKf+e(8I0SH z=`oqTD3ss4n|#6f`)&H&sumqfhB&W7Cb?ruw;N{w(3DTW0^Y_FbY z@-a6H{%OA>MMqi6rmn^-uM;13U^Mmx?XaMC`qh~Wng1WDbrGicMV_UNB4+E+4ttrf z)UC8=TmA&1jdq!xy8*IZ0}0mEMEv6d>s_U`U77N>#`)a+Dp1TH03^f)< z6Gb1t)qniOPrE9~(%Z15cXncFmrmXI(J`Q6$|Qe0`jTyHu0B|%WaOh|SB^RH4M59C zUsRv3FrS$m1%WC^^hkfik|`HwTatWka!H%MU0KwpE`cV?&e3{tYl{5_|{?~O$Wog zRN?Y{7y)R+FHl3Y?4plb8LC}tjCXFomQq#CXh~ROi){_Lsi6_{h*6vR;3ZW+e(diiHv)nIHaExwvSGE zew^rp9$138zF=;^XJDguHy8EJ|FxSF}9X>F%? zW_)2e`ejJ(#yNPI1Q~R<+5XjPuy!%lEft_>V_H}y3B4IIhb9Qm3 z;$id}Z=(-%n50PWh?CnhCt2e~v@x88mS_bR7o){!kKK=+GJj=tlf#D~M5^`3`ig1x zg?(NcF6T{0*N-70ETK|2UM|Fh?#f`Zyz0LhP&7O}I91DEOLbP)b@13UwQ6l=Rna)t zw_P4p*{HlW>AR|>fv1?1ffNC=uRa~7r1#TegJS-w8^Xdm81F}XH-!FycJ}3i+e1nS zUZZoIr)K?(ey0{o>#cS|6?cB>iYUSP5+PEIae7KU-Ou>dB6Zzx-F@rixAo{Zz-qPD z*aHpf#VQQ>5i#8p?acHL{xC37X1(<_9_+mH0P*V$Be_tl>*c(`;eGuA&ruPFy{;mB z&#roUH}ry^qmCZYQGdxJ$9G7TJsw&~NX#!rqlsccEeH!|QBTHSmxGy1cFY-F_&@il z1oxTRz|qxr>^bm|@73Cg$X867mmEPa_!bxM#4leZ#cLbAvbOHW>LP6qPi4d8RLO>Q;&b8aB3MV7gqzm&*NjDMsk5`E7(skKai+6&AC(RZ<+? zk!z+GrpJmoBvxrq?cC_-vV ztymu`p`>Hz_&x5kk|wrKZBSgH?fq{AEW3dPfoOfKJesxd9mD7uHu$7RzlwQ7OQ7L% zvKJ%cs|)vrK)zy}mHJnuGOXVVrT^fnMhVCSPZia4(6V>Sl5PwrisY_1tk)}#Ze8g? zz1``ey<4fsSo4MiZLgliTwDLpOe;yo?ShSI580uTTd}=ZN;o6u9G*6=ugBg693`to zU3y-f9-$FB>Eb9ZpwWIr4qrJPE%sY=_Wzknm&8};did^#!SU_tPuNN@1~_a3HBkPH zfwWcrvs_0c%r5g2S1}toxzKKoX4b3cb6=aDkG7uV!s}I}ky2fvu-3+3S-a+Znk=*T z(%Y;qEhI>_mbae$W{H)d8niNUHI)XJLB@WUO(^MupDd%<6GO4FfYhoxP?B z>K&&GZU%^*x`qGa-LAL2MF}g#@jF@Fc|clkHJ@NuXuMd#=H6=bp_8;k9XqVMAzG%M zU}&wG!>D9lJCa=hdK73<(Bqf33g$4Mn; zF9$ZuYr4$5pME!SL$RD$kxfG=@Ee33ZUjx&(Y>s>&Cn*Jd*Rq^hL^#8a`P9f7N$2J z>5B|0yZaUrpP8_Su+`*@-8Ls;NDi%lvb#r z(Vpx{W+>g6zo^8S`xV4&u;fJ=f=Q)DK0bYSM2S~M;(-e2%QlDI{Bx0CS_sZg#T2Gd zVb?{6475JTWdCX+u8ztt-O9@1T*vE-$4I z*>o%XRTjb69>nNu%Ks~Z!p;7rD?WbBO`0y*09_3!9f5`f=xLha*R^E%$8SM80NLoo zr{vuI0k6AlJe9XADdPiXo~N|>hwd+8CC&HfPj2|6f6&>LM1E15UfxBq-{n?SGOV5{ zj$9x^8%9$fSLRW>FEjo1HLu5`{86S^YKFvUebIt0WJJsO+Vdq!+;RpII{Kf?^gove zkvMJhhs{|2;q8px&L}RH?9`3RC*N<#`BadZWv#wASa1XBp6e0X2a~8EeMiNch!6Hd zi(Rt}8PdD+7ap(eDG@K{9^>HRw~!s1+7?Szks(MD)RSv!J2QrrgvL-e#_)SdH(SN? zDDMg$zFID@Tto;N8Kj)uNs2sJiSuTSP(1&{(mWB(dqh4N(@zIv5v z(CF6LS;B+O>wY!e%7ED3Hi(e)2%>4fao1s}7$rYN#8?pk9Vv8edC-stYR7O?XGNQ;`( z0@x?^5)_6LpJ%ZbUfn<_L{z+*?atYp7oXsMd%`@GkTAGGf2wK2*XjBwurY)`5v{#F z_7*}Yd~_m?P$905+FF8jG|1%V7b}eClE){OVm@RERg-G7EKZoCNeILP=2yeDtIF-c z#HP=BpHYwrq~VD3iT~TT4JF+`lvT45WyhFNGY<1AuMDW5Vkx=uHK{~r)_v(U=)A*- z<>~r~3Uwi~|IN>>G7JHS%dsd0!TWCX*x-T4=ziA46gkb7v~XI6&`jp3C>AJX=W%4^ z%G~xDv7#j6E2ujxW(eopVIeSCI~n5t_P#bT-%y<_;`T0^vcbb!VkWO8{}bkETVg8} z3TsLAu_|BJt_O=h;8Y@`78~J4PF8+C=6pbDYwETpXp&=W-6L)7$R3B-5 zm=(bh@S-4jdo1jrDA8Pd_|Yx@UbN}5qvOT+27V?lo8^IM;X?#MAu2SfFh`B-=^;Py zKU{!+>@*>ga1_#C63O&@6_u=i=@(E3l{`3_R0>~zv_g}P{m!g^lVq;7H$JWxefy<0 zn~+jma!=QvokZu!9mD<~lw4!nq@4OU!zPa-A5et~Go-RJG6jhT(Jwy69EuFBZN-m& zm?|1*b}H&s!pY?Fa7qTf&B_E0et~&yd;DoJ&VDHU*-M;dGex4NtE9AD_AeP;r)@Ee1y2dNF z3Pa|}5L$$y=g&_@w2T27E}|QLQ1G;uLas73tu6adv6o-jDByrV+;V1t{y?$_5?ZMM z-S}Gwyxv~ClODgkBm?BF$;P{y@k$gAwh!~;s^oVBd^QG8?uecTNSZzjpXj9;YrNqS z%Ky(zTINVeta=*fJ~QXJaL%O%QqeCMPlNED#rNb3hz|{m3G3~ejlLsFM#8|5m&lLg zBZ5>}Qt!eZ-P+E~OWjVLZn&@zjYc69qftC2Al%jb(2Z54uz@koUcvB@;WES*caX_K zk!2Y2Gs;*yB*`Q7gy360I3j<QG^nUHd5opr;E0a7rx~2rJ^e- zseF1D8=Dck?Sg}lAn1-UCrpkCjnr1q08WXatt8L$_A#ddU)}lYrGGe37kCnnF}~yP zGUv~z56_-H{Vc8N%j>lLi+K3?8YBqi>>Y3 zP6!vw-vU^^&6amBxGXCLvk%T}Cq(2G2!9}vyz<2nvDBCAJsYvQ`G5Yh;iJ>kD%CoZ zTOi{a!H%zfg+j6l+ZU{ZZ*H0I=IuGmX@3#FAvc=8STOh}uEsPo7e#z#NsmiG##E}1 z)5?AOvuy)kX)Ty;SW!IY-(HyXgF?+v1X|7v3FE=H*qn-xD69?{;dr_S|9rk5zw+j_ z#Klv#;Ue2Kn-4jhcdjL3Uza|SdsjHSAoC*lJ`*8`TMjXTU!r=W7H^mrd{B8msPwCs zO}U}kYeGgV*U~8SpT|Wy^p0ckk&+-s1x}g4^$i{JH{l4y)BNXZL+{E(MRG%dcNrh` z_cplW&2rYe8x&j0-~1#z{1 zeG|Sip>CYpoSuOx!kF^8$7+M>-?20g*DP9&m||%rY{~;TcpCOpG{wYdMGjRI?P8W4%#~%0@bRlwsin=1XmVIl1U? z`{0Lf`mvOaWYj!#4|^pKs8A^u{DTz>g;9$znPuGHWb#lHXRz^CaSch6)=1RV&d}`N9NF~4X&95ZPvn<8 zl|F+N-5$O^k{>9F1wa7s618e@EjubKe?tj&^xtm|;hmiPWQWlSAQ{EIzr*yYZ36=( zj=w)C)chKQ9W|h2Nx?Qe@~;JW8hbH#%T7s4b2vLJCWcfNSL2)KdZ^ zg^0(=ZAE$O!9Qhno=vGJ!?ALjgEqCxom=K|!FqEqvuUZRv+|zRyWT?cS8C?Zr_YMz z$&<#35#xxRGd5`(QdAy%CAYopJZPMip}Ix?Gf;0%`Ki&`P0OzriX=vJvkgr>y)s!r zo@{8Dx{CqXt1(rUx-akHcdnKn>MEMW1RVTzSSlFvT3<;O(Z4sW)VS!$Knu+RtT#TD zeYoaTb#&n1Iz})pqTEjxQ`e0&OsK!U3j*c!j zJ6k4+?*tGPpN+DT5`(9Y*a>=m{2-yB`P@7^G~K;AnAO$Mu|Ct#aF|XN5gWU@xmf^& zxU~KlnI(W1PYAiZF5L~nb5#BUIH#VcL3+Fv6(6tdwhW+&n9U*-&!ZwE%ZrNsjK;*q z4(myYiM9Rug^5T_OEZ@T5}dL};Iec3keY%50s-jUbnRRFz*`M(_dYdz0{mm}4Ld%5 z?9h-(YG$$J8%Ll+TF=y%S5#0X{p{?7S1|&BmZSDZ0=eU=eb_sAcz6yxy1Kd^&_foG zRv%@6g=A!878Vy#(FqpdMHT+g&Hb1x4e;zsLqiH`>UKlc`$RlL?%Jb=j+f)p*~Z~BzNdf{hl>cHkjhY;$Qd~(F4QMC4jQa3?2Br@(sq-+Pev-3UD z8Wgcxtm$K#wrhO4lbt38Q!5CCIAT^)rI^annM)xeTAB{2p4_bQjH=Gr9sIe8ULWRU z+$H>$!_SV&^jg$;2k2^AAp{Si#YXf}$hGQt`rG^YZ&@6*pR&bM-x+DNt<=HtQ+XG? zejx!HDVj-_=Wo}=FL)E=WMmaqQ^3InAZlZMy+FTV8nC|+tA}RU0|QF1Ddpw+_}vbN zlB!=e`jnNG0q(1mGX$LrfKdm~3A}g2pB)!KOeiTSfsqC;b9#Cjpuc4=gNG#~(Otj` zieWX90$snIy*(gZPl4GBkZ;)}r!yBEa_?62^mM(L_`O#!uK~y)ySuvs!^8R6*_i7$ zxtup2e-w%3dusHW!zk-t4 z&(E){DO}x=hqKZ}B_~4Gr}R3R>FQ05A#&WI!(;jme+26k2(R#vLv2 zcDJR!-xhi`0t*L5z-d%F&<3^ z5fBgnB>D-fVFwrvJZ8P?rU_`+RAt+rzT@gJMK{l0O1(Yt(i#|Wm=l+L9Wk8x-1%zW zj_Wbgkz401d#by~k2p?)QMS}2$ELU!XV&g!lLYnA!6Wz5xJ5lqbBy8}^0MD#h7I2M z$>ZhHv-Q)R($thd_W5#&q-jc-0dThJcMo&Bb@k!9w zAh0PiGECoZ9PwS&&$#5ZH_qRZ=iU9(KEFd;NF)X#bm>tCPtJ`qJk=SDxfkgiZTWSy zMc9JLF=F9RVi;(~n>nAYe{t~kV8%=L{34kD?SMP8E#N=E3I@Wjf~uZf+mt zqxJDLpv5vX3j$#P7~iDNKVcpKW5CJQcDAo=)~2ky9JYikA0rc!UfG*a@MhqiK7MS4 zIb$dG6Juj}TIFWI5V?2jxvnlh35j>t;;u{WGwW%IyD=Q*c){&w=O?9QW&7|hj|0H> zJ>hlw;!^9lHUikF)l5AQDB=MIhy)u$02IVPu|a47a&%-;OgB>o_k)IkK}Fmb%Oi0HPQm!$3WG`sj;MR}{24-qzPrQ{x1{d169KSojs7+vm41 zmGv7u`3*ZlK=@$KCF^eGesP+(jjzEF<>S)?7QinH!aB0cMY9Rxl;p!^a+)`DEq-8? zd^o`1!0rY!bspDnd1?-Hjh1Y3_S>1QQ>hmY!Z)QL%qJ^HPn# z5fk3rNfvEW!_}p9TED^T*MudNz*_S4Mcv_ofs$HUab8-N`>WybP=E!CynM91y?t;n zRb`)*n`;($z@Ss9aBM#8*)Xi2qr*T??*;^piEt??DPW-idl8ww!Q%|fND+{afwBTr zT+izs=x|Noy?xF)+M0=uit+@qN+R>$+1Xb{MwA-iv9Z7&i;a$^W@c`%o)MTOR84+D z+yVw0Oaq84<_fW9z(V<04eZ_c1L|3rVJkBH>9VFDk`#&lQ%>7 zGdlXcZK%6j#?*8bOc@rRC;ULoh`U2@KVi8D`J-V8Tuj z`0+!iG3s23Fi!2cCpySwHa0fQN3AEyI-8nO@d-W>EI;ha0D%Dl7##%k2?!|8QPc}`xD8r9w^?eS4vev+|E0UpF~KHJnFufD z{3|1NYq+~^v>wA{_=X!O z?M&BNjJfi=?G4EKds;(rEa6Zy&+^K;}BI*N?BJwY?xt$V}cpo^Pv04 zxb&{w-5WwGzsJ?+`lmXE8V9K=kF9X|>Y(=?dwT#6ZC-Gyb+Lkz_22 zUaiwcQ}IQYquu+-=r(n|e)TwlKe%$b#BaoLODx{|5uE8>e`B=+oofBIy!>S&jJ;!R z9*YTk_ykAs>P3h|PTy?d-!Y)vb2u9~ijl4G}sjDk=)fN0`=xjEYK4 zK>?x%t?fmT=g+}o?gJYenBtA6U%mjIe;0yvSaS~^gx=aX%7k5@3ECc=nHvZgMxdmw z-r&5YclQ|*2R4Rp^P(Nf9s~=HHTKIGJICO+VdTiU=&c=2lA!u+6qLo~W#~XBB`;qH zqMx4cqz$F%=@f97K{2qCAj|>sg4#!$gZf*P@cx@NMCblJQgR zY^u08i>R?&C&XTjxsRJ^=!Zl+&nIGjanA?FXlcnPA5GD|P$hqS1L0McwlAB8laMN? z66mE8hrcn;WA-_&wl;3WCZ3Yo{)TsZ^^@5}!`#BOl$6X=YZjBOjlPx=Ym6A}$KA#= zJH|9Wf6~!)S9Q$qAjX(eJrX{x(a>b)V0_>4uhd6wF~@7;%0bsBz@0T>(~;I4UbVRq zVuw9i9Ym0uo06T9%RA{Vsbf`oq_m^u_JI~^Y}Bfj7POaJaO%)}#skO_n zhHNTTukoDU><&ssC(F*qwhH3|=i;JqAUt*GiYr)=h~voRQqzAu5@aMR=4t=_Xh058XDFItu($uQZP;^7+Lv# z|9dQZ87`IzWUOuM_P+_GTY z)^S0d5tiDClwl%GN+{Gy8&0iO9JIIX99nADE*{$|_7_?>mFkt40K>@Gm1m>l43JAfSEvIK%+82$)73SdMkD+|j>Rj}j-P*I+qok28G3g`#AzNL7eG}OeevSKg*niaA-Dx@DhN3kn3$aG?8tc1;WQ48j(%%f7$6A*GO`6Q zu)rS!f3&Y}3xr@ke5&1tsMP2V9hr zP7(DNY$%}T0aK1mP%yc9HUVg2jEozw%3FpY_yJD#t_dDC_S$qEukHRvW(f#%qM%{` zvFo^nll}dkJzjFAUw6^b5BByzm-Qr|6~c(zy}@26KtRo5abZD}Z@9mI7094MLO+0% z51jqegSEGO#8=SDz zaTIcUjvwR^?50?VM~@zT_VXLAye)UT5ts8M{{;*oHiWs_phiM`_V)+LVcuSKhp{D+ z2)dz#MFPymfo`5)VBi^oKL7){73b&I8O5j#4&n4@t1u&D_`9|K_U!hgA2P zjvtVDimhITe)j1+E2Nx}_p^EZ#37L|Qk|DnHQyb7c6}j!z`1Rt5_-yESQeRlj)E2o zdG{V2dY-)wQ<@7t!N>j7yCZP$03mS!gAq7X-{pO$oPXW`56)^-^ES*i8vUksL05YEDcPkFdveIf7MFHd>)Tsy5o0{q(!mP zjb=q(K~!HkgBNBHwiYKJCj79ktK*Ne8g4q3Nhs6>5eQ8YA8 zwM+ibkBJpHB|dwX=EYs{e`W%B>=aUm(0&^@$KoP$SHDailBb!s@jfm|9p`g9w15N; zC+)U7=1@t7a6;JH{uCDGp0mZ_2Q%%`Gi^j7y*? zawDUopbVtoxt_fNWRv1!SfwBoJ(+P?TV1uSnp|JExIBf7z>NJ5D8qqQtyk@k6CeLu z-ui|8o2gQEGc6E&h;9u4rP^t8(i99G-_I7oQ$d|y?d{iGZYUQ5NltmAF<(&`Mty+2 z@$~cr0W5H%VQ)f9W>G4YUl81Y-h&8qn}U)c3UGtM!*{DG0xpnSyhEC)bIZ!hlWBR% z{rGzH6Zk~4xHW2w@CX^l!blg)fS6xPg2Tl-6*VP+$@{;<_>cwTELO6GTXI za)bNHE@WjqHEi|nCvzJc`GtjEpg)2*1RXl0jE~1Y;`Q5tm*a3XTPmE0DO`#>cDL?mvtyG$i1 zQLL-4=9 zQ%&w&L8;G)wwNox)zpx_ov`?ABr3jWi(s70A)vILX8Q-L&GR_Fo@sJsi-#(gM4U0J z=CsUr5UIMPg+<;|qumgQ37h#k?1_f0?>uLJ)<#Y8 zVt{i%0|x<_hekXR&IA1)?BR4hf%k9A8oaly3w-zG*zo18zuW4GxOGfP76y4@(O4!X zt&~e)IZ@DuIn&p-@pyQ1Q|Z#a=MmOAOukKz5!tXLmO-G+SM{pwA)KG=+C8Jfy~7&D z)T;hkKbsh2 zOPW0j);4n1G!<6U6E-!qdVt_%Cg;}`QSldv#zOJ-X$dJ}xD#HQGyMD?E`V?(j_+Jv z#OGgiZ};(|IIMS(5K6{ibQp`BoE;b@o>ckxA-&=h(Pv??Tkg&C_czuO3~mSKNFd;T zU7tULJ)WaX4VJ^D3#+k@ltUmKqyd^*TJ?~iLg@?SD=nC{h#xSX=V&uANzX){PAI=& zXYzDUznt0Y8;gCQ4kEe>`2P6;0n!_)5F$XenV*~c1Y9&o=D}Hac6GUd{u!zmY6Uu- z$@xx#K`#UU(3B#B4YRe~feI(&Ok^3uyPscby?QkZG+W6bkUm1aCp$aw?@YrLY)pvT zp_l-h6yTWbp`UwIkkP-4W(sIMJ=`F?Vk-(kL4(}_fBvP455i|#0-4p{zkeAkbQ|u^ zMXMCW=Rld<=OHW74`}fO1_jCi$ID7L``s=fRlXqv!W{g2w^*7-3-uwvI6mHaJ@?bV zVEz7`k0qeg1~`PE@HPTcx4a$yrjz621OX2oPEIu_M;;Erj|AyHfL5M8V0d9T8N1WE z#vH9}L8bzYX!;815P*q~hKAO1;sxbNC`N#;V%{sf(K6hag11YyAYWM%UY zeE`o{va34Za`_yr0@p;Z!YJ;=r%uj9jX-wS0di1yjS?q9RD#?}jq7p?)us!ExWvh?r zW;Hv>oQ0OKrV)S8(_vSmu9sOTF@)C$AAW2Na)#u@Cf~aHMun3Kn>G?_yn(THzS@w> zrd@aw$(}GB-FuzXy9gnl)hC3j!acX`ScXTRIqu){Ga2;rq-MpxGw(B*AGnW-&t1@E zaJ-?f*B7`q#CIrOEt$a(YnU!L%^ze@bM^EJ&rQkc9ihw}_b(9~2i^SG<%x{6A_U_t)L4GdJ8r$9QW)n(%*q+}^ zApjwLC=8lHSYMgx=}%*2V81gm=0mW%hZ=Gd@!~}*U|ya`;DZ53QCjw8sfR$D2s%87 zl5z9!c%B{RzapGyQBhH;c3g9U=ErlZP&7G$jokQ#@b4o?XCO_84iC3K_^S$H&r~R4 ze6OsG@uJ1s;mo$(U(+eNMJA>_e>t9=gQ-7{t^VQ04+slDYeX{!V=l1gS689n*h^5S z=>C7>7)Jprgs6fQrcWVO#!Hu>Qv;J~EVq3oh=ZV3@p&iy4ZGG%y~hdI4NwhmRFkhg zpPb!<6b;IS)TeLEfH2PMv>x;R{rf-8w;-wW+31J3jFlDk6IQ>X+=s8n$tV&q$wxGI z>-Xn>nKstcuD0gp=QicA3t{7%XU3O6dkwH4@Qg-3OQB73>xDqy07&r&v33F2f&2ox z;^KQfhb|&{xw!;HL{sdtS4P+K*(D{R=L=xKB>S%^uvVewgoBL@LdokkIVWDbP~Uy& zi)8DQyR)Wqrt@>O%HAY(jgFOd0Fu?ij9(3YnUWGWG@}F*gu}9gj%Kv@I_);~dX(94 zBq(S;7PM)H-yi=xs^t&kmj-g%DX@ZDjh`H<&ji9MGD|nQpD=$@*gj3pUd|@^ETs+#` z*>W~Ph0P>$LUc1nmNH$Yg5RTN19cDQAzlf-ld?nZsDG~PxTCGq0S|5FZ%*TlE;CWb zNvBrMZ8JjJ%=Q8{4%B-j3e?DLa<>-*%duT{2m&SVOVb)NjpD6TeT_T0Qa|l4 zzB2Lg;?K{qe~%FQ+44GCa%v+_*s}FNogSHfh4`U98dK*z_hU}XzhtB^G)(4rS+)Eu zLn;PNA-)+JQ7wqUYJC2q@Tn_|O8Y0&+FbtO`DP@}#k05nBE1@9xHN*`|K_ z)CNc(=mr_NK#eVvz_kN;cU4uDPg)=B1L#l!OYijLgyqo}Na&!>8ro^ND?U{a3@H5*-|!W5v;{{k zEHA_15U2-qG|9G z75%sls{T-|hx1I=I9tQM18)mWFAyYTWFn%Dx1oFjwV1il&!0b6*3>|CmF3Yrbo4-| z_Om9I+g@|Btkk3 zJ$pb^RsMEw3CgsP{FK(#y2GP``YIuh0}TrY7gr@Xa8V>BWo75}F&3yR%mph3Mgy!0 zcjD+2e!&C98}Q*E`<(*qXKU*VIk`=EK07-*@R)=B{Brmkii=qyrO*K$>fQbTC-V#N z3Lb}vN=J}JLX$3lbnIZIoWD0PHGRANM;Kt~C)0P*#O5@Fg}?T$k$HU#4D7kCnrKh& zS_*w8S%A1;Z6u$N(?SEPD6opJ6}*ohcW-e+>-!-n!UEoGZeXyxImPSc5G26T4m}Q_`sRj4HAn2`h(zobd_W_s=aztO!KBV1o}Qk%%=vLpeJZIaEYk?AA!N zUrh?JU~Sho6bR9Yt4RGGl4~Dw+U&kfSo*6HwX57uf-%Q+eEORB!1>$pqhmDVt~9BN zsiLr&yMjwWG7nHtpc56WVrY#-NtqGLWB5gS``^EG&z2djhP+fC?LemKO$^?*ad z)`sFB#F7x=0*-iI#Nu_n(+#3I~_14$}qYd%XP$UYWA;AS_KFcmiDc zx1IMv3KSV3)U5da9V`miAPTWa$Q76btpFosyX=O1AB>0PL?bKo@@ZPMgTL<{tf@of z301V))6BQZJ>Vfh zjF()G34n44Z1))?dUs(1p+HFTOEmHT0f~)^>rEDHQ2c)HIR`X5+HId12P60iop60) zg(&z`4~W80`d7S^DaMx=)vvec%){Z?%_8zJOFe~(Z*&QLKH(IBYu8< zzi)~J2Jl-T^8rW=wu6$23ZKIY=G9>I_R()hA7EeU=<1$)+dVwgtF$4#GKDfCbeIC% znXuj-fE|p-TtW#6ypDh2hMeFTl6^s3<0g0R-}gG%rSucM&S{|G!dmTaHA+lOOai}~ zQ+p5*a1X#Vg+)ekJbilmUfxkx8FZLp)UN2Bno9I??1N4&$R--)W|1{DZYnB6zrH>< zcdvV8WkrmMX#;dUp7t*fRptvmLeOHpTR#sb6Yc6S17*S+Qy8cLV8-EP1JDV#4&_^H znMfc+XK;i0Aw`c7O)C#Ui zeOl%#`2b_wlS{Xr03vb~-+USRSv$cg4el?QM&-NvQ_D}L>v}8Qtge1Ww%b+eVECT7 zx4XoJjTD)lS=U}}U+%0%zE+J~C)c;<(qTF}xM4o=S+@@;2+>_{akzYzFb{&7XKlC> z9-`)zMTjx@SMSVC)g*{NlY3Gb0Uso9Jd!6Y-fg1>B*nwobn!MNkL7xS$zvwp=GoeS zvMlsi$Me=2`74jpwnZDREf^G$f}V^Ud3dVZJ2f95Mq@fIUN>t4z>hDD+wd!MR<6f$ zj^nD|3>@ zG^1K8&|RxG?)kJfs$D~xJzVQ~QBWT5?TJR*h=I6oaLx3sGw*l+d0YAS?}fSzKqt9- zH^BG}j@jdL4vRBUArey68Vh%kI}#Kq@%X17#h!?;DV$1>6h&#iwoaARov|GMeR&;28u(DKZ2+AB75c7IvC}$9eOmEl;1b-!lhXa-Y z9VmBxPqU+c6(faOBh{nP+8raO?AC0GZ{ON875~Q2E%@h0t?igPXM|iFmKsSn(0giJ z!sNscznJgTJDRI1g?)ebu5Wube+qAi$Ifp0{-f>q>AxATe~@33#@7)%1HxdF@@y?h z5c_MR%#cE;P7Jd03_LiuoE5e>%MB!@thJcCL_v6;W>#EIO%jBUuWrZYaI!b4>|KeG z?AOFUGwi4(eGdH7Yc{YM{o`wYMx+h@`4!`H;ctNq(2+Jb1qqR`z``hU87o=$O) zU9W|?Zk026X$}&$;X9@|#$DGG?*E}k|G2+dGP+%Ya+dyAmik6nmC_rnI}>k>|EeGL z$!GNaL+~aY+Pr|tp+y!MWh&ZzGH9~W!l+Wx(?3a>(8ZSq|sYAM-%r=P)U9U zu&<4Cum9os|6O?Fn&ll=VR6@#78vS<|KDYU(w#(dozP^pE0nbUqQ>UjTKAn{`4^w} zpT~*$7eNpfV%GLA2tbAW2q`l|i~7H^^sg8xq-Z(DGSb54#+lbN{IFQFA%XvBXccNk zfhAlDX#+e~Hf6^6|7}3K?*^+;r*SzyTHWj}Ww0pOux5n;Sq@{g$l+LFpy4s%(*Cq#qT2A62BMUK<9< zx3ld`VIHuOR+eWUtRuEb{v~hVVQq(LRP6|~@pHbpdH%xQk{$9V!uApQ(NVcI z=Q;d?`$it(`NM3=vbrN&of?b%^D-39epP-@8O+FtqXbqvEvZp^hs^Mq*#CUKvxk zZJZl-B%{o?H+l1@oq~Ke|=KWu%8aQU5bGDtpQ_4(<$S^W0MKiDpH4 znMyO8@;|EL+g}e0O`)AI*}wSoUAG?ha7M)5{O^gqdLlzk;gC|pOf6c*;Sn}vbS@uD z8b*|VZXVO@Dvq9XxNQ)c0_P;dbFtI9^WPnGc`dM@WmW$5m@+ftFT-ywEvct$|9h+! zGz=aB)_f3b0mmqGt~kcH|NrudA#{QEii7$d(j9yo+>EUPi@BLw_BBW*nFKZw+Fbv$ zW}OQCu#{fhf34QX@@zmcR6RodRU8i!nshg_Z4$`!PS7+oZJ$W)AaxTf=x%fNolMOG5d!W2N_-d zQA;KniGdo`L9UKju`7Lf%1Chqtznvmmcm1Bl=&l~->a{3^N_G_gWXhx*ri{I^%?QFr~mk6qWWBII$3>=F${4JzlJ468KKn5WbYgyhY$@RvJL7top8sy~=nlhkb3G zmAX`T*B=L^Tv&{=Ua~b(Ie;~o$)1%UJrh_A)&kV*8JGx(x2WAc_l--pTymfQ>A$=A zFhITvTw7Y$ zTFspsD&od_KD4kHo3`}05^E{_sk=Q-Khgm=TT@q?#EU=?Mdkiy_IErw{*u6|hW6Gg z4--EN@Xazek667REMazNXEzTRu|m0imQc{|x@h3HMAfwl z^si3B=>_L^*;5&+@xr%1&aO8`Wa}~aE2nN|q!hHjeV`{DMrpEHoAg=AWhW6%dafr`c#ZNKTo&0<%Cf_d4|GJL0fG`k|swv4ZLldLAm6lT%nQQ zrwecOruU+2WLg;ybq|Iq%o!`=uK1X@-liuS_H^SQ3`L24mQKWn#J#-=vD~>)h(4;p zM-uv{S(15_ky$mGsLqw%`2EiN{IB;@=-eVJ?0Zk|MJ~3_4Gzr7Z|S`JDpZhkJ<{$e z=`a;;#wTXmr^Cuo;lP)L24_yesNO11_~&wxE$lrhc@=iIwduyhSoa3nM_9g4No3;W#CZ$%deVvz=0#Dd71Bp|~k6&s0ip6eUZx1xi9gsaJ zzp2KwIGUx?@Rz^KaUV1B)n6%$rPpQ*@$q}E{Ry$;2evr#dthMHxYpyw;pNr?393{evgEjLoy*GttaM;PiQF0?CMQzhgj(R-Ls@Y(o@A#%1ic){N_=X*Kyss`VVtApjO0mtmKA{KfdYx&L z$GAvnOx%5LT)W)gM7Mrn<`V7QBJ%8_LFAUCqAT6wlNbNglRbIHH?9*TM5^DsF8$?l zYiQS6p6^Cz>Dady#{Rv3&S>moxiAr-`gFB8j2TYX2P0AD+2W!*+5(t-yS==RpESiQ z9Qqh6pJ^uPlOiFuvl6Df$s@iUOR`}+ey?(+B@jfje#;cWXOmtL^Cw03=UmRKG4xSP zn+u9|(Wn^5)!*jD-8}Uu&-I98H*VC*$1?T#XZ#he`lweu^FXQNDS2r4*WdW8<%$V( z>Y(=WLws&RNn`eJ6V}UjC(VIGcJFiAB|cLM&nxkyy?R=M)n>MdUB-W#id!?9@=>`1 z(*qMJ*xkaB_DVLxk)WsLgxk4jdarMHUvY6wxmhyPAmgFH*Ebaw1rziGvg>_)b>ZQK zwo8PQ^+ksRES)%6yp{EC8!ou29aWWBdm4#pJ>(GTBD`AX=o06Y)f(=dEWv^piPsNw z!*R8oe0 zH|(t8a*~L-@m-y7v@|T>u^(HShyawO41Ik%%8|=Ic}E$0hHls{pX}ERUUr}&-cV2w z^(UrNM-rYjaN1*zl(87qtqrs(EO9z+c4?oF4HxBMcRe+Gu^+&PgMr|ZtYtIIZFI^L zQt;4Zp1a5a75a5)g5LrFHy#U)1G_v@RcZ5D@6O3h!H*VqWu&!5R;lID7G zv43!%HQNg7EB$ItG2jXwf13Fi7b?_I4S4rZv+HdQ6uICl$YmQ%Njv_A<4oFsG?tPNv#IVcVO)>xhs zA$;-W*jBDD!^eDWc=KKese!E0@b=V?AlT!2#MQRe)-4qx9@cLfB6p5h^yu=n6f=ku+);$C^7p!T&&c1i6^&x zdEt_>P#0KRvBi0pmm}t$>NeW|E*`Vmg8^;t-#KWKqB(ziWUVz!3?8NRGP4qxzwGfL z(HcI_z%^zVq2^I5=D8739Zdi1#)Bm!L|fi-#YIPxpce-h6sVukx+Pn1^FBq0Zd1~f zeA`aV%l$en9TrJDzoU4}{q&rO^ef3h@blY<@aKx(J91{Zn^P+*{qKsH1XNMV%_Mb7(jFsAA>_m1h1hc)gva`0e zi$g+a*Sn28tfb%36`&5x$o|UV*?teroKRQ#i2Be@n8Lw$CF=eTDf#j5=!1W10Uk== z*RbEmju1_+aIR9I48G%4Z#RJS(=PGkbR)G{SlDwV+b`u+S>yFYUY-F%C1igmGcovzMW38^_)*5PnCzlzR(kav2X zmLlBI~UyBgLviGhP z{dtG@$!k;-_g=aot`epEkZuHZp9Z;&=0OsFR`BcL*e2cYg-t2yxDVQxUm|<4PX-o( z6cCoRSM1fV+M1B9tQ}7g?84oHnsEAoi%vmMwhqTx<2M!&jBeo|O8bDd0R-HMh&+ssPmqvPf_+-}D zpuNJ<7Mqroquju$E5$_rlJzLa`zt2G$Y^c*>a~%Pu_2d>6@(4HnoE+oCvd9g_{_%B z|9B2sSSjd~jKIPxJMdlq`?P23S#4_LtrEJ21+M!=iU4EhE1#LL|hAPW?9G=KN#-9604bMm#SFZeCN@F_-r|j5sZMy7MMo zA&Vzmo>#+RTxgA{HKhAI1!pIQX47cDGGGX1*0~-2gHvIFo(!Dc?J0Q9nC=sE z5P~Ztm)a1so_}7Qbx%SRg@=-9Jb0qI+P3N=SGursT!Q4i&O+16mxu=yf8&y_xOlIG zJ@n)1JiTvuqRaiM7U3if6T-C+35X%ixc=9F*SnDsnD|~VPZTfr+}@|$8T)+evTsmQ zbg=LwITW*ioswflW2AM{ z+)><3Uf5-2U|8OA_mgSGzhtq2$j|X)$~7cJL>RqqP(oB};_<`Bw#(B|K6?ma!BpRr zS2qzV@=vEaT}nJ$ji7~qne0MSORMWd0{-^q&!hyl=pNgYS0giRRe`47jU zZjG>*UV58iFeMo(o(*lP8u;cFM6JBqTQD7}u(E`m0k><%bLv0%9Fb0^AV1uJS|(y_ zOgD}?AX!O(9@F_4>nzz3YlHG|dQx+CC+#eUySe#ji%!a?7oE&DrKJmdB zKbI@%VRL_$?GIBe2bJxa3)m(+yNN7W5%)sgGBht~a07qX^Xme94f>>dj#?IuOY+0R zcd)2Xlr46(3(|O-jC_oP;vOq0*4S?mIWkx0=YMY2O$rWLVW5)9XdjFP*Q}SxTkS|A ztZsR?KD=3%?r48oYevw{fF;GXBAgc+yRzpZpbG8qCa0+3uxQM@7X1 zdgYLUxZX2^k~|X|rrq0FpX3j^Gik@aT`A6^wwK0A zs77&fAm}z*L`hO|PKpVX@w9)?_ zb)RU@m;c3nPrlJTGlXqG@p`Kmp)kbET$a4KY5Owo7tQPH}nzWwsXT$Y}Y$Xg&}-icTG2CyYl>0dGv$N| zo`tnVPsLW^E@ZQrAx=10wD1lJsbOXj&2HG4*l-SME@d{ zz~Yyh>Z~Xf_h#muvsoc6`{KauO@F+*h{d9hK+0zdlkcf`Ry3PxIF! zH*io-WEBxV^tSe6o|_C|5asExo$r(JddIAMmd@e z99z*v{3Xu6>rNn_y#FLg_HOGj57oQiyTOr+?SE8FzY)Rl)=({H{qE%i=caT-R!=;W zBY$_V58d2U!wtmpgi5$}f1Zr?S4?}vgzNtAfj?*%XJ;242{*ag@B2Y-fM$)`_xEU68afeEYC_FbA3dTze*PRZGSI>?Z_r+U%$|=7Ddpv%OfGojZ$|j23N%~K0vv%Sr&DlTri|n z?~U^dp+NboNz9mDY^uyj3~hH2lTwlo^kVcLm@&%Fq_aeCpzuYLqO^-u*rJs-rRG5$ z?}WqT^4+40!d;KfR@1;3>_r|ao+vTR@-|6tmBFWq+C6JJ$E)h{X+cl+>*i;(lo*i6 z7rUyE4c(Wz!gdo3TbA4D-QuF1e(<>_+`;0LkG|K6rBECcMA5EijUpEs8BV@5A=dLP zJUz4>bJiQb^-4Fb(C1NepDM523J34TPj*2UY^@1`$R^~Sj+!kBzuSg#t+?48;-Ng5 zE&ABvxw0;->1?@DpPvkhlS!665@S-|IIb0IHlESR>AB=sKd!YNLGXPq9SoRKXX$vP z&Hp2-%vF-LK3+362@@wCGbOT^_ho3MHyw8qj)C_ba0~B;(2^uBMvXSd^%f)O# zDJQx(23Zt(SrpAw=Kd4gE(6Yt%_|Yn>9(i%D+P3(!6{GK%n*nlN88p;4f99>zzP~T|Hgt0u z_AUOcaLCR|$jNg#&<-K98S9yNL)FK;=Z!*fD$-6j7z6kyIWjL6+&dd?U|dA#}>(F~m*hjO|=l{NW-d^b3j4<82vD2NLm-RB$V^NYMgM1VNIg z3r+m(9Q}GGzV3FgaL>>#$6AcB@klk+4Y7<;mWFZXn9JoL7$R&C-I$6$+f2ZW>D zWk`Tki-Bh2nc4=wN;jL0Xu>o!J4}X_VSgM7E&r+F9#8nICSe`Kw#e2bzMwUT=%*3+jlbhE=7avDG4!lmuGJF(~G`r zu4lgXjuDodJOm19OLq}k`n670TNc~A56|O|Ecb3+DBs?~C@SHcTZ>`1l)y1X8!Aaz zRFl)Hvo!pcHMalZd)6((N!wRY207oJ=9kL5s(&8s?wz0;uJ}NGqzEtf+-*LIqTgO!zILu_r{oDpotFJQp58If*JT)88;??<=4c zeiQ{jQ|nhpvC8I5L0e~oYtG$?dx=cFU2)RgOest3IB6klE>Tgey9@Z^EvQ4k_wU`! z&Clm@+2;F`z{ZqscKm$1n`CgQQ|0y*kEa9G#bU}Y9Ry$6AIb!2UQGP{E?P|c%gm=9 z*;l52hhjPU$6cNuN$LEGn-lrqcu5xutq%lgsIApSyXX_&EH2`su2J#HOIB+w_Mq3G zYd&;Q^K0!K`+PIk@>t>5no7dO@M+QMhgT~sHuUChja#zsY(-fd%ZXbU9vVKLV>J&! zwHb*#LRv1)9rayY;|?PCV!$CwEwRfR`}CLB8aoveS>zl@vw69aOUMJLU< zEWe5#KHcBdy+G7$gkm>$f&32*PrTh!f%e_MEZT%E3<($)-}-q6Obv{5ZfmNE2`9YM z=eyc6lcuy=CHJkCc%*&LX5w;6(CLa4h~m^E8=oQ$k1(_uO*Kh=FGT(w^+nJ8IfoRq z6PTbLo)@#S-5_2qb{tXAg891sLTCQF@#-?~^Pfh0Q5PlY?NlO{{5cFHw{0jB93SVu znPKV77E-gHz2WG`R!_7+!he$}MB1<69e=%r%Wmcamu!=eqsg*9zGC)Txv33Q1wygl zHKX`g%($cZ<(@~5uYUzM2_QJeELf>HovE}3z2D&Ad}R}FZ)5s7oG8^Ry??aLahgub z)Ylwn%jivW^GG4sKpEjxTDP=`uq|hfd^8XJJd~8)s5^$`?e`F`K zpBlyo2x&CPm}u@Pcsr!WV?}5_raC?I+zbk5Qd?hX(}7^?WJ_|+)W*6v2I~(#MM3?m zzpc{hnZzt+A5HZPgeT<~aNIvQ)wtB8?{i}ivT;{87#kYgMrgY3SUfFc_WEpd5%F4I zr20XvoSl+F3c`{8{>zZUoo(@Un)bVnJ4+hpmM-)>M`X360l}2U<)HOOy{2HGA^X6S z?JbiQBe|Uu*CeK2Ra(pEi5M%5&DJ_-MMf5UqZBCtz(_y4jnhHHa52jMCG{?+i&g!_ zq%lxhnop$sF*=%D>q@0rkA_BkWltPRc55w{^SmJXNJ*dLB9C%#Xoy~Y&Qyo3VzV&4 z+FrrXbo@v3;r1w^sTkMrK_mN9>uiZ-%=3D(Vw=yK+%Ab6 z@h{r#IKui?o!sZ2AY}J5WrKIfzRypLu|2=JcJlcX2et5mhv!Dfg`$?0ynNU3_pR^~ z+eeX+{z~uzj+RrQEC3GZ6qj)A>|m`TnOT_=sUKCfmCCF-|DM~J+~er)|1hlN_Q5(( zC7zC`oM?CByTgG}%43OPpF^)No9I)v}1wZ|+xjtVCHyC{ycG+AsT=x2I$cCOl5fs|@c9B*pLZaA6H;7!Dxp2Fo(x>RJf z+lN%sAjslp+^af$3t{rXZ`+AWrPcYq=J;s`4PWC@A0^xQWGNTPfs&_Rmz8Zw!6J{n z>jQF0$0@c8%Yf40cTMafHXEc0hO_0l&Q_7m?(PpzdvXO6qXsB2JFpVTJ}0dmDlg~P z9`5gLoMOt;?oD4T+LwcDB5^85x8o7>RP~gc=-R8T>Sak)V#dGpv$2Hw?^ia@G7(@| zkvdQQDtvtz78hT7utM(D8%J$y?pLrxz^kpwF!+vBb3{D)4l|zS7|C(yyFk}39M*v0 zGtLPnE8raqCR|EUjje3Ff3NR3VtKTrdt|y-n~{x?zTg(Z%VM5ry-NpyXtb!c)%|KJ ze)|#SrUdP@+KW23{QPI_-QC^#-`HO4x8t@tQUS|(I?eRVe z;`zM*>G<%^pSfPVMRF78j6bj9>|iF=rBFdep#BXlSc(_e=%JRLjCli;Kts+u`SZmH zKIixlL-DUt8YGc=O%w)W?DF&sqTzBwe^L#_J)J-P9p&IaqYB$>-R#UpAVTK~$IT3h zkr1e@h}N`swJ)C&ZyD*uhahE566G*(OTmwd+~O=oc%>C-Sb47YPz{)LJ2i*?cD`6$ z$iq2txQ|W!3<8_9e9zpxy!Nu2imD+`d5E`oJVJ#h9J0%UzuMH7w1!O7Mp@`_g%LEf z`WNifWiLygO3@KcSel?dl*-M}*r;(0A+qDRxTxvNb?Y+v5eytlNv0i6ki z+!qNd3Mqz$>fK2UBqYCv@XB3HpRm7wgvkDeoXka_t)L+2rdRF0=NlXQrk6vAq~|&YDW$gQrg>>s^mvSu)>G{G%}-Dk?56D!zD; zV0*ADT#RGCY?XvTK>;gQ!sn$$x)w6R#$)+4>n*Q4aYusqk9PnJ1qhs*jef zr{`6R8+Lp?w4%3c`m;AJ(_kPvF5+s>+A!b!zRNC?f_i>x-u#dC zK{5iG6J-d+z9n;}oF@Ge{lGYIc+08ibmmTV-ja!GO9+BbLo|4ODhqnj@q)JQ`(7Pt zE2%1}in$fWm29i%^4K>JFkvM)qi;km_W$YMBBQBrHGO6;Zws<|hvpN;>4=}doZEMs z?@Jk~g=+pp%PB1639~ZVk;f41d1W&bpHbL4hrw~V*r&W@M78ZDATNpff_}!D-@?Gi87k#HfqN&pHMC-h^Bc*zZ6|>AD zv{FwycE?(SW3q$s@@eJ5k_cAqA5d;Go9&yp6fg+0&<%bkXYL~0Z`4o_@0$(2@gR=c zS7;)@)t0HGT`bC%x^lOmpslCt_Sfv66>UGSZf|;1`$_WZ`@M5b zv&SR2Rfq$7QTITZk&%>oJUT9uBAZg_2-}i9FNLWOZXKQHT$VAV<%co%FwJhFox-A^ zn%bxF^^tk13TdXe&i1R4WVS1C2ML$^sh2nw+`YdXo8>nZ`+wmHG8Jk|aJYZP(Emz` zhBBCT zby^PcI){!iP3>Q=Y)zGE%8QF96(AuvTuy5$d{NuvnySZp@isV(9DX(h0VtH7y zM1MZGy|fdwRTT%t#$D!1>!a1e-?e$2g`54Q@WH!ECF+h+a*7Zx&hQ=~efg1}pMHGN z=(%~deKRSsb8+^>cI(sROQko?SBpYsli3aOOlL2J>|!_XLJ(kj^`@?&wWzq*W=_qL zY%T!SiDJLWTL5JrN9|?Y(^~8}%U-{`ar2!{sO1lE2*a+|t?K7^?|c zpHN>J6JYKBR!Wr5_y_?#PX5{G{L0ZJl=RZ{53#TkHojT8E*q5n5=1sNO6CgR-cFH} zskhg=cs*%3**Ou>n|wI&L_JjlyS>XRQIpg z*|aaGd@lDh+uhs$mdsXPU2US`l${b2@PnF_%RcKUQ_4ojz!-rY{Ls+;+``k4m zrh(W~5aj|nTYQL(zL>=$j>mSrw`BrKv2%YTL3_gQwyH-60k(YnR9-bn4X%~_fVmy( zI{XjqV*4$@Oz8WXSS5}Xzy79Z)w?_{zLc>qr>xQu{Exer63Csw&Ag?`%9WzHCxP%P ze@0^ya(d>v@L1WawC`KMn#0LC?L=~|oIu!nlZq}yKV2)rs!M8Xp?T54fnV7Gs9R0i zIp4#Kem8)!(Dv-|?g6%3v0T{WNmW>#-m1z1qL< zZ@SlhntXH^9fhA;(4WXqs_$}m?p|g1=B?L}jpLklCMM3P`pn!?iSCM!J7HXMEdlnG z$3@4&>%$i|`?1@#a-0p`O9{OXfaU?AR``nN9KY{caQYvkMmrHqq-QYgIU5D+_V?TG zxzEpon?o)-Dq)NxAFQp}nWwI2+gh8on5gmF47N))JUer%p{qF*vtK*R{5B2l_oc<* z{vQaS?d=be_7f~e?fR^#D)d1yZEeUY+WkD6U4zqY%L5!{CYzu@T6Ohk%lw|%OVy(- ziWDiu)!`J5XU1FQ{wgQVFca8YusrS6FBfcbVUx;gG4XJ^)?`N`0Xq86nLTEUS$GDx z*-CXrGXkHAi--48Ql?y3IwU8IT$OL_Ju*JB(5Fp4bAFv#z>i;!Z2lrizsh9-SvO!R zlMZ&K^k;()5x(fd0sfy!?wn92akS6v_)GayjFKIci##Q_@O(x+d8TrF<|yp`_|X!> zWzrMHK7w-e`?0$%xzVqE3|?Wjk&1y8jqT@q`x0i8Rm%5 z+WeXI^rW?Jx7*Vi8ST&A(Q;D}qiwf9T-e)~2>wm2A#0y`0cNB{MC9V^oEi|SimOZW z#REUye=&7sdSY5ib-A4Ezs;Az@>KlO+4E;6Ap{40mPxdiIIM^0NLqOYoV0r9e`DV4 zE_D>``buyq_c&-c?Z3_6e0H<0h^76a!jz` z7J@v_`u?@fpv$0rP6Xx7*XPhMp@jda(w@`)^B%2wO>RfWaqNW-{_xQ<33tQW{n-qn z`O()s89|oEwW)(cyQ5W>qW-0}PeVgv1SVYncF9ZTPjII5P;j7?^Qs{saszv{)N+tQ zFSBL_wy6+y<|%6{)CLo2j&m7xp6MD%6NH?yBL?gTs zS2hD5YUsY)f3wyrc({yJF*(U3h5RX`3;)pBFeOEK@9{cQzdAqHL_tN`)!LDmHj~Y2 z50|+5=9Td)l5-S9TbzjI{X$PWq64wtQjWZV(>H!z@CH%&7~Vi6Z8&cd>?rbP6fs_M z>B-pd>`2hqA3OHXOMK#J3oKsEq#+?uRyxki)4-bJ4}Aedy&K!apMW2pq-h&G4el(3 z$3+Mvk-yRD^&bp$*63o57T9O2)qiK}R<8r-PfK2N@4{a#mt$oajzLCbi|#m{?uois z@LTiqZ(i&-{e6LBD!4{ig+SaE(a6`l9FK{OPfk*om6hLFsrPz7NFFc8@BNF|yZdom zz*#tO-L{_YSfO-I2jYq?C)oItNPiR=eszJHkeK*nO=l~rK}E{<-LI&di0rnzHoN{( z-Sj}VYU`Gk2}awCHRM|8J^PK!OiNq3BBa2T*nqj^>7gl)b#$?!XRvISUik}6D(G)Y zib-rlXK>T}Jef`*eVEK~F3U;yzm+itq??+XEYmd^pEQVbIrzK@Ke7z|^1Jn1CeM@`drZH1k2@IaD; zPfNVgRQwg9?fZy$T%5DEiu%*_(2Y{2l5}#iKKsRC?e*+pHSTzH1mX?)FP@blEyLaC zyFJHaDJRe0OQ-y8V_9QKbSJf=hNLJ< z$ZqMhE#7z%=OIO=fx%LgqE~4m=7-d-p(PusstyFA54mK*kV&3t%Ww%BJNg03n^6K= zLqkr&00X7a->SG}>Mb-z+BODSw>6a#OqW*LKQWchV4zd03nhl4sA1VL)73nfe{-6- zNmDfH88fV)S%A_6HC@Zb(>3zy!dcPVKA>GN@HxhK0cvp-NLGE zFUoTA>0brysmk#dI@}WtYQKT=9`FS{Rxo!*-v2H~8TpSm>i0)P;re&FNGRej69iW~ zyWZR_!%q~)OeudbW0dPB=itEc1o_7TwTP6zd1{xn34kGug*Aqp3~iqjmzbw z`WR2<9HdInIIf}XmqCk0F_Lq3&f7~OY^eU`t>vSC3Z(hh{Mpm3d~Q49@o?TvFB+9h?=?tzM63u}_OR$??P zFlf3%>gyAyEk_?7*Es~lr-AuD*YV*H$4Tv|ziVi)I@S->^$k9eZ>eonkZo^I-2JB# zKAS{$;PNA@IC7Z|iuNh-Emcf9V@;F|xqE^Jxj|Yfi_!nBhsQ+Hl?qO7ELE(H%dwyk+I64zTe@d{$FVUl84($0=X8{%RU1t*ZmuCv;Tbz(k}r%k+K;X&*G>bBo}8m zKQ$VY=Yt$X&;RKU5xvD67TQp%7?JTHGlS0#u>1df8xv_NG!%2FH1aMK{Bw(kNlN_l ziGb)WfA{thH}#arFIe)ViE-YC&x9%ePx(B_L*he<#=h{x$ZrOjd`{3SP-gx=4JV{t zP|rcfX=xy?*C)Rb9*5~$su=ixU6`3DWSA0#x~}w*mu!@Pkd-rq&NKD1&~Y2dWf`a^zKiSr)?q8Rtae{s#JOKn1jJ{c2BcJ?BU z15ehwAz$wP{BUi(9UT5WyJkdsNCuq(m?X<2;Q!p$Q2+P&gS!6n8UO$Hvu;VzGJON_ zY4#kBcSrDy?+r6=MMj&DG70l&|1;2c1H7=Q(uK(Anz53h@8@5yQKwBZtoPx6-z4dm zW|W+AF$om0>t>FIn7G`l3*Y~C3_Sb|Z$Yj@GE9u%S4@F~M41F!@qaph0=!to{(T$Q zBafo3wp!oy-zo1S2U3uT|-`4^+9= z>DWs1`8em^=br5oN7Lnpth&Nqs-xvG?ELTnmcv779V+QpC2&uqWGurMLT+ANS?lgl z!F~33$HA>V+q>y8D}TzkqxR?F(38l7WHihIcbEUZN53;)crRutrHZCZ3O8gVu8q*` zRvaG|I*JD=9i7QI?oP)i@O%C0%yl(@Si?Q(} z)|T@FWPPjL@NuZNBn;TkMvdDLUOvUa$ief1|GC}(ihCo0d{9h7XtYV1o-BSeBFV#o z`m4|3Gxgt86!*lTaB6EHtz8Uf3ENGTx}fX0SU^p!nmFdF&jp&pf6BIKJ^N?A zC#m1ZlDGfQSc${5qU*k%a!C}>)03{R_vPER1Q5t{bOKOE?%%#WGT$V3`!*2JuQCqi z=jXo=$MCZKw?oRF-aI<=Yc$*#W?k2#w+6Wf#?jw%Ck~ zXtQ!BB_Qc@`HQfB7b3YaeRqlBLXK~E(WaRDbJ;*^wVuhHJDfv=39Yf^JRNaFhDBM0 zg@uNMk@8+DBZAorKv+rp@QDDxBh=^bZW)v1~&d%=6H2N7>EYHj^ zf@C&OV%~|^CR74H2&gD!rKQ8OMcz11Ly(bw0f`!Wt085!=2 zGG#iPLc$+dcKKWYTZXQEc~2-*vt6ru1%Spco995wh2ji2Z=1)2lW9j9c$tENf(ZYh zpn@7;L1m}5L`*PV(~l58p}`#J`)$M1*KmySMj+wFNoIO`3%Iy&e4kezBesHSBnGV? zFPNCfHqoEFmCFH&wzz0D(@r%GMic_e>M(Zp8>ijx+k1Ac zq(%WB1s(Iiy#mM}D3jCD(!yRGkb4x%4ylWP3c>pD%gWk%q|V)SqHJ?>6JSjMmylIf z255gpc{%8Eb49e@LJ)-*T3Tu=D+5hbK~;4H82ozen7df6WcZlC1!j8r(gJj-AIiuN zz{7qYF@v3TUGS3zK>LIK0wBr&L;=8%98Cm3D*&AVz)d(nI|6E$=h+4uHFXXkP9L5D zpI8yD`{@((z)yjIJ&-S;y&2jj1S~Fh=0rgDlkr^(Oi#a4f1nTowCe>M8|VXkhm(6? z4b-8c8_ixshlalJIClbZ6ucm8A|eYNov_5j{Os(z2mTy;DK$Gj+L&FD+0Z{e;7Gz3n?DE_k77mVx;_tq`duV6{ zIXUe;Jz7;Z`o_k_R#q?UG2Xv_4@~m;3BW7J4Zju^?oQ%70zfOkXNX=|5hHy3{H__z zeA3dvX=!tSAoZ7Nz{I@Ltc*L2zv=ZE_39C3I>1Z92^j%#lL&m*j~{PaSHL|TSbY8R zHwAp{{`U5pV!d{-A*ngGIe~$JNfVw=mp}*|5CI&kEBBs44WzpInR|3u zS%bp8uz0)~I%m?2{jdB?mmYM>%ESYk(xC9t$xx3<@ap=-gCGSI?hTXyb9NZu?s9V0 zR#ta0FrKoQJo@eihAECQmW2LOGz$+vHbM-aLj09z3W!YczZ<~2l) z=+h~;=VkHEJ?I7kk6W1WTU8y^AT3X3mQV&6Jpi}SV+}vD3 z342VZy@La#1;F>=Jw#+JK$)Sl^9kI!+#29ufbMAtpc@ztw=>mhJL9Ib(DjABy`uw+b4O>Vf}Gq)nW@U0OfHEOQ4{E$z{H3Cy`77|v&C-w*_N&PE5P{K z*;Ex3Z2?TAt)@x)JB>;qbLkb}S6Nufz+r%PfTg8nT^W209vzT)>GWJy(_S!L=ejN6 z0R(}b(NH0)q7rj_Cd}#tt_jfm^V)@AU+&zxC9B>S&stirc#h}d>Z-1)I;ctXTB#cCIEw6ULO4>DmJzf z^q$z*D&XY-fKj3T4l5HACm2_D1UV3!fwI(}=`M}Y6URiw#s;gmR!mF`79aRd01D2R zLq{gu5nx%^owlcwxm|%cavK5D4lpXnUf}R>7_`n0hPAtm&ud+ez~?D|jRn1zX&?-N zgvqzEGAU_k^!xW~tY*B6ww6Apy?@VdV)A@s6kH;fBLD>_L4gdy1t?k6Nrk*`Ztm(e zP*PB^H<5jAVL{lv65y&}?YKS8|F*XWRC6&g^+VEoV1OBTCX$l*szt72FyNs4MAqVn z;Dcq!%)-LBNBR<&yC$ZlInLKM9<)-hDnRRonvPD2@}++TlJ!3R)B}4s*@%SI0Rs!< zN%W^YW4SvD?q&D&?V~qEbr6{#1$UHgH@U z3ToSd_1)Ui0^T3>$qTO{H7TiXh(8n*6ml9xVbMU;H9t2em|i;Cd(HO(bg+g-+cVtM z&3*vjUmFq_K$hI0bfCOFr=~{3eW?da1l9pLdf`v&SBbE10nE$IpVwnzV*_+Y(&g76 zz}V3t4x_uvrU-+SndwWQm7A3nlL92pb7v540pkMkPzXL-@SDN;sz`u{u>dP>cB)|u zi_z~9A7>Z&psZLUZl;j4FSSufu|mkODUU_d2Pe+g{Raua(Gqc`{CkQK0u7XKU$msym zL%>4=rwf1|3Ucz$G2n2;$HfH%24dhbgEUv^`a8@Szo#A`39=a)D+IDpXf zeqg+?2nnTu z_#xSAvx#aJ@XeW-i$F_*PzI(p&pBBIT?xf1wY zn0&zJyvCqfbYGku0iUxA9-=ZYEv-LI1jEzw3QQUN8xVupapKyoID^Fj!YeZ~GoW;5 z$qT*=@c<9cL|^|g7FJq80Z`|g*)ogRhw@cHX9UEY6djcSBIJXDm2H>|tg?wp>&CIM z8jA(6drhsaF#jNgBS0$MToK2uh)}SX5<(ftfA&lFHX*~W3 zorK0u}pm4i1Ol=OI|TfA1b(TM=I8HNc|; zF{b(D<-hPc!Ad|mYB*CSiw8Z0J4n9#{r--Xm6Z^3vS`=y({Cv~I|DKfKDj=YiD*d21^rIa&Jf2TS7c#wiFWbjxv7J{C%P^Hpc}RfCxLV)Sq_PIV!2kys z9(h^W-~Ii0`T0M9kq@(fe}5k^T)>4#5VNpEo!_{gtJmIvZ4v-k`2_{;yYndQ2Q6Rt zKOEz2pP$$Qnhm5y*lia}k5xU{71z= ze8AqmEF=VjkwMJKsWLix2soXF-SNT&4#56nU?>77vP(V!PXGnJE>2Dm0?A5Bn)RiN zfpri<1x-H4P+x=E3S70k8MGzUz_zKY-}HjN2a^Mc>>8lcEwZ@+bqcl>(xRf%YwS0? z0BdTPrKLgoK)wjx9h61MDF@GjMeBa&ut-4SJK^R|lv~7JPhsU=~Bj zRis`~=y`P+92|_W0&@lC7m$gIY&FeJ-FL4*jgA?pcMvL2Qf7YpW(8y}x5vkep`@Ja z;C3A5T7vxj?;^hZF)}bPfF8x}AJQ~sYq=In@74ff40<=$+-+ETO+K825NXEGWuACnf+q4t5ggY}ZeixR1vkBM%k_io#aw z>!woax9x8%tjRw+)xXt;MUG05VR_dlYu??~qu@JkM}3*lU3&*EqTZpQL%0?PL=q73 zH8(c{YyBXcVxX7AEkz7)Z{QhDK>`E}32ap#Ds122gMkA#3&^vn-yg!SI6@Ebb5)N# zZ`XCWU11Lo4FLjjWNd7BLJ9V+;LN}!0IK*EY{3Do21H|Uybx-+g4B{;S@p%M0g3@t z0~C;!Qd8sL;h6+>ny9fo7ip~Wn>WW0AYw{@43NT>q2hoTc=|2yU=RYrO~MofZ>ywy z={BK){9y;;p<)B@_r}K5C%BbiXmTQ?9%4BYlHke*-ghCa070mtG7S5kT@7)t*OF3F z?nj%1i2db1AG!^&9`nG)2hfK=j($iM2qFz3tq=x`!mb%YkQ-1Q|t(ULw>j|_p5M?wqg~bq1BebLfOW(GIWT>W* zHT~tCnXd;mR&3BRn+O^Mc2Ye|`PK37g*Mcntw@M*Z zpW3qtqMEQ}g2V!to=qqM0Aup+vNizlE*g-Y@AdKyz}mM5rnlpKTiEfj6Mc+Cux>vn zU>g@42^#R%ZKxp1!BKSs&1n_PoRoK`#vCJ&FLD?+HXbkQqZ zIW=`aY<)nx9!!Ankh=&7Ba96k^>{yn!pY8#jIT?^Oqa*};in)p0`Bg}NL;l#3QE9~$5}z@BN-apCr{ei z+dumFYzt>(s|063p#mBTO6uWVw)E<14tn~{5Z+7Tls1?NegM$J#~)*rvSfiN1`!5q z+xXdTrGnI4=~K^hIeGbA*l&PQWjmoN0$rk03Q}wD*)#h>S9*#G2qD1rO`SM#16xZm zHX8G^>(O1AksZj)%NoMmqaq`Vh>Qe3cnm)PIxn(U(F||C{Tv*$hcpU+$$>h!3JWWz z|0Cijs6@bI1{Hz!&aRtYu*V0{DVUI8@BW${0(H43iPP}yTfUy^i3gB|Vq}CQMmkKH zKPz^mR?J|pAPNb=Wy*x`0ZdGg3@+>n4FHU~vSR%19T^G94rB=6>1=3IVHN?x6hfN} z5Jeq_*MbY`bbnxIL6C9;f<7>M5XDADAZFOfWdF zU_S^kG=Rmuyb#DA_#Mz&nwn@es|NttEGHNC>H$0={) zQnwM1jw8(#eEZ@FR8`Dl!hiiseTJAdf!l8RH~b5*iYY%{aWJ2H*jih&+pj7b85x0D zmJ9mz_CXj;18^xn1qK57Gg}6#M>hu!Q7Gq|{;3791K}R&tOyB@%abL*@m-5q{PMmH zeh1zkB)?!KQ4T@Gb_jr6BR&_GQ^;*VpeAFH^3{@t;R zASUYZ(+de+f{di3+y1f~>_a9_AqNQy1_GZZ++=uvOt7)uErd-mKr|uXgH$JsUbd$! zxQVOFGfNzt7)pkZzhYh~D=8H?YUr7E#j}_;_@E3#JAx@CWd`93FGvd60udD62?Q7+ zK|w&Wr)b>8qLc&_<{-?G01{Ww{DIxtyf0dkgczhn4Zpt$xGO_Wy=1XLLj?j4eTdO#_NO)1ktb~sjRBHo`o8m#(n8vsvw{Sc~CSw zW+Ql0;43mMEDQ{=2?)lsWS*}6M8gXLVW&DYd{%&>0;2G(8q9O0n)&5cmU~d2-+-kb&FwHXKD+1!J>!kIwTNA{{Fp|cq$Q} zs!P_fsu ze_#hKhHB177n+=GVQefm4tj2o@K^)BC@da-3fPpu)}+bnn!pMkBK(6JWDIS@5YxSEA!0h!#GSL~1#G&M335)p~8EC=lAPjpq zh*KfBD{`E-zcX$13bfY7!9&1K2fhGgT8IsSqKlVX54ls`%j3rO_G{^grts_3Dh(*+ zjkdQ_Q&Jj0h~uVh3DQ`DQ&ZP8*MlBhnP$hq2G|5B{QuNO!6pSVCf6`o6_u$nQydm0 z4#=IrVu64Q9ui`FFs?2A{Sg{tpaKVZ1_)UPuqGS>TX3GInLPha`sm{2l%dS;;fx2y zW4LLn(ah^HfcJBVj@ZlfysCr4BolTnZ&C!tS2%b6JHoPb_w@Lf3+4gG1dk3(gKHsT z2o-C}&{^(Z;@zun!Ay{%P_FAQjr_6{k*gj)!R*bT?&y}_G5pVw?TZIEIG~{OGNPUQ z<^%*el9aZ<)po;C35J@IOpGq0etQ(zC66uP=q7{=a1zeA|TbXjvKlyPWVPZ3A&pgMY?}#78!Z z>KHwz`UM?DqA~SMn^^G zBvT}FG7Fh!niR^Ad8WyjWS-f_Q}6rj@7rtdwf5Tkx7Pk+Tm4budG6=Fuj{;y^Ei(4 zJP&f^(U#0*9h2Zyb?*=UvfKJ!w|17xJ4Z$#wOO71D2cche@-=N}%`Yni*(?tO#-P?xU|7oLmxp18v5uRg&HJ|2Fo>!%mhPx>j zhfjiUhVpU^dxfTzvBz062kueJGg<68Ej%g>oSf_g+Tp=DN_g$Pdf)QXN!@=^!a~u^ z`S4kz%lpRKWLdU3THBw`e>|fqv2P)3{6Zlh$|tFJHd4i0c=CSXC8=Eh^M_Vs%b(fi zzL!ramJSLJO>S`z`^uDj!Y}Y+i>QT*RpUu2g4gZV<9o7cuXa(`hgUvR^~&2sLWrkt zcln`KD9SW*#nD>o#G8{B78FQ6YBG3Be5iG9OWVkk`X5|Jzv#E0x~MAO#xm_L5_6L4 z^k~55y^8V`rS`oey(>HmE?GLf4%TrteR5{D%U|rKDtEFAeK}cu^q#wQ(iRl(720{1 zZBk5LT$f-w{Fr`1u~I~K%`gAkwc*A6n|2ZiWR9wQAMC5>KBnav|6?lHmvc&jG>2Oy z=YiM$q7qx5`y9_>48Ap-);}(BN>Z~&5@Cb+V)Yz?Afjhk((5^ z5KK@0h!&=xqWUKG-M-L=$@f#;-Gj_W>Msbp*oLu4N)2w-8dk}#@ z<({Q-(NUn`_QSuIVk(J4rT2k0C*Ivzd?`uYVtj39YvmO^OKQ)BAFbg=S<{zUTBG$F zX(iQ!b86}}K^$Aov09wnD3bCIJ3zTvW=XM#QbzZQk&e!0NzS0)r~5y!5aK~hwFUmm z4a2WLtSGO>A05sJL(#UgU3Z_PsiebGu>Z!mhPC6Z{Ae12WO`ML#PweHDV%d1*>Vwe z{Kfngm-igwV%thuV$7>XT2eyMY@0bb^v@3V*2}bWl5ab$^vTG$c06KQkvGFi5r!M7 z6f|v_9kqPBdV_I_?_79S0qF|+*_}O4jCP)L^EB7ty|>o#!4FU%IYTkmvLl%aF%y)sp*CqPYe2`rB+82KC|4&ekF7rHtfQ(L<*}g_AY&;rR(R^)I-iOk?=GUwi^Mlr8^7hV+07{z7kHxv)Vhog0swNH~V z+R+Bb;_gs8oGS+}W1IeV7m2je?}GLJ*5_75^^s^|Ds`;BAN!5FM_)ab z7WMsC^z`lyPesKtIb!>*Ch&kS4x|ew>M6fpXcm?#`s41xUE0SupeUWr4R@2fUV8t( zxtl~PCW~Yg$oMpf9+6o$^|_D7eeC4_xv$cULn{+O2{1JsH%}HpruL6Vg>350?xTdK zzt58~)&Fj3OKo|xJ8k)*nSxG>`oGSYvDp_g=^oOs@#P{_8u z#^PoE*#T&O>rJb!ykgy~9)o7l3|na!m^rb8(Q2HuZ#%<28k$uon`EWG8(429{F<6l zJ4gJw7Z}JEj?se;bW9+%bQUtS9=+hJsd(>-Ui$uz$J;LY9%7gkFSZ+g2wTC88#(cZ zo0l}TwO24nidIAuJ^`@D7-e(YdhfCTk%pk;q84|_2gEBY6CLOVrgL$24mfne1Ze@( z2cjsc8#k7IeU=#)l;yfU+MEP@ZF%*o+9^~pi`~55TYN)_6^xc0 z28Df_1_20}-Qw!iG>ok|e0atRgV1M?O9Rfm(BX7-U4gjN+BX9d9^3D|S>94Orh7z1 zMS)-3O?|QkT$fmxz`93Io_QdkBgPLQH$`SdoXnXeV*Bl$G`w9;+*~^=-OF(KckYll ze1_Ttr85hu9Hb2->Hym6J;ImX?G%WrH{}H;#4rJnAY&5s$bT@C>qmb@+0S%=M`2-@ zNeZ}JZOXfA=T1r~KhJ{(Lh40;F0SvS1p-qhfUWG(7-szvyomBaZ*g$;D`ZPNCBBf4K`vu}^X#m> zNo`S~)F5;b%!9cIlS?n{@e41(41sI?tLIp&TR@y5Wb$h!Ca+C$Ko(Y%mqQ9mv%F+t zB18i}LmhNYWNaV|6|*c>4fNF1a)8L@9~Kwszy7vya9=WnF9_T zrDbL2rly!pBc-d0d5Hbp-OG5aO04?{H^pKrD%^3$kOy79oCIncwwW5$A6)(91(LeD zR8jSXxw&7)?=f8KDdd6+qODB}thBq-vd=oy4gtijOxWc%iI(>gsYvY6%$rRN@P=V)#%nRvJr-^XSnf43haW zpm}BN{{#C*Yg^kUNoncZy?(#_8xNFZCLpCVbnWE>VS^bIx;i@KPM{PFCt0ypb8>RN zWyAyp(X+8ZA#BvnT(Xi(4Ff^G4)zhU3w~$Y_U$f60R1R9Ahu(Sz2x(?fsOTH@GKyF zu3cN5{;s%ZPat;5kAbQqkvF&vi?4qsQim{9q^B<ULHgGc+_qfZN!`- z8KF=?D1G<-y`Z@r_v7&&Ka_ewY~b^-seZtl;7&l*PH1<6BsV|bk5MsjIxNoT!NT|M zNXE~V096=R5)w@8?d|)tFmLwGmR;L-?0CivKNc-47#J!7ofQ*GRJoB{-v%#aWJGsk z0UrS`jM=oQ3sNyLG3Fm5qzo|z1=C6(g`*QyF67X6ahfubV)u|g1NcCE__A_j0sP3@ z04TMXXf^uH*4TIevT(4|{VEgfEQ708Ht_xk*a-A+H-dj~v&_rQ1w%k2D-3TAzT5=w z#Ji|Ie1N-{FymtbPMUja!T;JX94VmCYpV=Emh2%Ti!V&%x4NQVzr;T~KaVh!UM7YJ z^!9BcEwxXjGDl+)h#sPPXT$y}YGZyv|I1I@7EsDHb>Ka&2}Bk5EtZ^w*T8dQ9Rrwb zKH2T#7c$K*sEndY)(g4%nrP8*z~_Yh1%d{I(1$81Jy3bt+xKPc+rJg5&qF!0aZ?uMlcIPwuPOJU;yh4I4|&$wY9aF%yf|3 z0E#+`1=b@5+Jt06B@?_sGzEak!~i}a!U0N3J$-!~zR=?YPM(~_gN9M7)py69J;w0C z;6BD+YUc-x-NUH|?ho|J+qWXis?Lxx5ZzByk`O>>fh{Idi@UA2Sg=8LhYHnN4pP1q z0Q-Iq95#=_!&&!Jz3uT5S|*+g#0jAP`zDQ=J7fe*H^ctZ%P}DxPyrw00Mi_6D3M47 zr-&IxI6MpEzk_pvOm%Hf8|M4rr*R;p?aj3`%U1;^SXdSNl8&**hlT4nGAnWUwF_ z&n%QhoTn3^bYT&KZY2)e`ZBnk#`g`1+ljLU3B6@bJZx;{P={_?ACR5{MU4;5>?wl- z55cPDa}vA=Kw?-CFn>S^hk8E?9_*eLPXGP;_aiJaGBM#s0-0d+>JpTI-R>r@{}N5? zj=k4#ylu;~2|Z)SPAOTkf+Ki1+>b>syd(%j(eB$f4ZwscPkS@KkO}|Gj$-)w zn)d}$(^fzj1i*bx`}ggGl8wQs1R{0L!~}(n7W|?TD=ZPtaFxR4_pK1%2CEhXE~3Gg z>q1;B5wb)-0Y;}|?AfOZS0@75wr#N6!4h{4fDDPKJ$mMv2+1vh*QZ*h;CkZ z3hf;ovsRwGxJ1r(2f|ITqUq(!_kHC50x|9ml!ixI-`JR)mL?1z=9x3^kkj2SfC_?0 zV|p1A7J(f1%2ib#P7sjW*@R`iFf~PVkP+=yRD5G=FY~awp#XMuckgp@u(t_5*0zSj=r} zZR;L`H0oBWM1INiNm~1Yg~LbUx{L$!jzbynK2)3sOZ_bkB@zu*^JfIFU?#Z`cP%Ix zkV?+V%fBcr%t}oa!iI{AJCZYoXb6_rZKGv>OFOv^{268N`F-=;$Mw>bH*G^?zj3DT z-Mi}J6NCKx2yc&E6V!wV7ykHog-jR=uFgi9CGH{bPIjyj89@EIa zwH_v}X3Lk@$6Q=o@CgimeA4p8{1e?`iWY4hJ4~b|DDmCqAnX+w%-9j;6#RIAEIO`R6*Hke89}pfo6RR5mb( z)*+%$EPfOm?Dm}jjKq$BCcdAo0`~{ZH%DUyQc8^?01we z;Gx@dCI5`V(}<%6UKNTFLCc=5PIT>W+vYbd66Ta8$xbWRQEt0Ue%aDTS}I4~|6S#F ztw(*N2RM8@b`{6h7@by2rH?Q8iAq&#_IJ12!ngZ<@uT3>a=z8Qnek~Zlbh!Q6%BzK zByR`YZ``zIijn=K7I@JA=k}f+s3bfT`A-_f})*6Jz z30S7=#@8)vxy6~pFJ zHmLHb0N~AQlz7IPW?2B4Jxo0xaThU~Xdv#`03IA48%s_}QS=y=YHP2lNd=_i` zk3f@^m}uIXsy1szLP7%nOe7}C&s-X1z~+^f2T6gYseKtSIhE%c;u%mXyeL)6V;r@c zfiVE-X|zCn(YCU42$Ay8FS6^OFBcFhfrhyH95$vs>; zFD{@=1-PG+G6U`y0fBHj5qc33%xdiX@WG#4dM-^6K6i|6MXV3W%1-hQTIhETtT)s6 z#4b(7KPU-dy@x7DI<%r=hq#i%%wc!=P31m62dYr-Fa)2@cU#EOn(&o1H%s%NiiNpN zaQ}CrH{77(?ORh=;N)OlQ&y%R`^%m~00U(4E`T=@HkVT!?LwZpbFi}?KeSWCVH~Pd z-yVLe3m2M{naFnR@W+T_&>5&Y#USQA5{vZkO8%7eBZvGL`uMS&Hoc&rHcGNud{0D1 zM;oZC6BB(*eFrpc+&xQinBU?Nz6}V;52EMIVL|JrK=I=jV06UlI(YEl#%zn~=38Eo zS4~VXy;NpcT;iY^*ueiaXw+{`~Xp z{r!M`2_`2eK!kv7YU=9Jofaj*E~#CPc=9CR$SDavzR>NDG)QVcO}YO*8`H8X1Fitm zSy&`U3-tH*heQFI7`xADY3qvd)V_XwyWZ^m+qe0OVIefaMj?TL(7+#DP! z2pqrX8_{ne7l`!9gI~+@DohQ~(C{yJ!@XYSU?^NBD;5Akh~leh4f%3|7Pj0H3!}p= zi-qCdDLnV z3-4_5)m&n)L( z^t*5ci7v`P+J0LVKi1TM%ZYdG`{{?Zlb>&IW;TTT2&fl!{iJnoF%aOx!-82bG1Jq> zuW-MCI*lQDYinzU1_lvIX4u8Z&HKWeUcdfQHdz@O8VZ;e&kFVlP8&ti*JKP>X?;*# z@rRO253vQxI-J10ZRfi3U)|Zt#>y%J%qc3$#=@d@s{~uJxLC-A7hWoIX%^nr_ICU) zss#}4ovOamq23DF%coDD;0H#uz@$s$T|Y0-^&ikwzlaEibk4&=;?Ar1%0w3LRoqtM zDUYUpNVe|XYx?x*Y1BRJauAKEpSoEe$*-)e40{Zgsx`yPYmV1DQZqA?G!&5y!1aNW zrBt3yU_4fp=tKMVF>-KZpekbT-dCTmj|>iCN^m%*?iWlO2Jzs&6V^;6r^O2Q6-Nq+ zFl46yD@QRrxvj0OsVRt@5lA*^>>T(w$fV+OdV1YJ9>4I!Fi-~B>jW4S5)F=&^0k1?{XTnXgRJGb14ovCGulRa~WTQ}Df z3-%q&&bJvJRmwe z`uYsv?=3CWW8T+S=`IRC&!wep`&qA-^mcaYjBQsf!O&O#>I61;_FxSrp6*&&-@kle zbe72}D1ddT=p4J-(78hsycmR#FJg6YiPsD_7ZZzXBNseq3G96airW|fN9hEuqaQp_ z0$Rp(Uc1H_!+8o83@`L|}xXtTcR|G}Z`$5wg~C#Ln~D+P>c2N+{%+ zPzq!ulb@^f2;(}vtlOZe`sI9uT_j80v3M1jPZ6&-dTgo+a&m%U!fkF2xwc1oP7XGb zGX+#s82*kawcs2_HeVAEMbrTM*xikUq5s`G*5k*2b=fd7;E}>ogrI??if%%h!%bi( z6I<#*s*JwIh2vjt1r>5&=nD!90i`ifx2Ci6CY&50molU_P{|~{N68UX9I`cwD_7(N zP-p9pAayxMM+-oU5JLC8g77*@?giK_zyTHFx=tE5n{!R=C6IaL>5V(+Cg1Ze4389v7TSOocv2yO)fyxum>^XmC zB>PpHfJv~ko56JMtUAxB>VpW)zh-9x7qQX$aT%4cLnd-+`?Pl}{mk6B@|sL1sOq z6JPGO*eZVe)SLA^?(%aic%f07Sq4%9@oNox>LX9p>g%slBi^XJHK7YE!d-DBNhe6A zG?`|5N)>7@h%3#_Eo~zH_{}nAR@Oqx!}4Tms3}9`ZCq>01{oRIm5xpY8JVvj*WEQ~ zy#)90CN4kzy~~UnG$*5d`Za82uUNeuJ}k_J&|KH}mooqNnSkVX4#GFZi7zXeZ424w z8HwyO!r*rXne+|mJsL5mleau7&-^S{?_^Ma+-#q;yqdxzdC@OpH#ml7tmUGATw~3x zdNE^Ht!*qvd<_D@OM4HM`r1L4h_UAr{gTa)b>FnNcu;#D<2gD!awATZ`p-uu{CX!P zIi@U4YAUkQ*DhKWXJ%H>JwS3wCjIHiy||d8agD=K-AgP7`N^g4=`iQdi|U8&x3;nv zjXw8?)^x%-f7a|#UfO7Do3l6hjsEk3mP`_Hje@)})Q|dpnJO;TN{cEoRk9AWHcXNg zBqjXS_$xXx?^S!UYRBL2J~Gf`I;q^8otq?o)TST~?-F?06<3CxKq%nbfL>A3am8R4}*Yy<=Ss7d_~9^%-S zaOFpZP7}L=v*VGVov*KORypU%_ew_4xVv+Qk~31WM1OW!6urW?O|5l7hm+jDfwH1z z@1OS}%yOB^SETiK(v!TXMm$yxskxn0kv z6KtjPw=sA>IuMqp^W5CYu%VUmc`v8VS!%zBoK7=41uIK+Uz+7nU81D%Y<|1v&+7~Z z_^`T?NS*o^&X~<+p00Y__n7Knh2WEAD&Yr$Bf=dWc@)QGZ|Kidd*7QWdUyZO=9LqT z25HRtj|>@Ey^nX%P=;cDtgPDc_v!4`&bE~izc?dH@gle2r~?F9YP892pnZK!yDHD{CO52x9+FvF34 zg?Z=vp`LqWn?lJG*gIdy00Rk26ek3~`ZA`=NtTCpM#)Q?_Y^ky9OIjyi#LG)J9$2=2L@wHt9Lble8sW@utI(NezH*W~tAt9)IA$Wx@CcmK~29T9g zC%XrF57C=PCPb!h$m&zl_OpJu8x5tsjX zl@W2Cxc|76CRZbg|G1QRn{u81ycGAZ)&IkbxQaK1|NFI#{Qiblk%EayLP?3UaYw?D z`wt(kPkL_jbQBP;5OVCUUEr+o1=N}})LY^DIPww%vmytQn@sq)YiinE>LhQdo(A`| zhg4>f5`sXlLRR;y{!*D$6P1EQ9cEQ$-U2G39=|f*Y4*P@+EFmABGIpQI7)NKq$JQgpSnwpkv-@x;KR&>tL5Q-u?E6hw! zrwTXf`$`C2eCMTHbqvW6x@ch@{ zri#=k%Tbi4ce}rynVB&jKQV7UIqN`55c#B4*cx?|r$)V|GrB;1qc%UbqH3%ETBIYZ zile~(F5}Lnk}sCsn+OPnSFNq-0JJ6h`uK>2k$7mth7H=E-zz8)S8$%g_X1AJ!^>P6+w*cy?83aq-6(QNd%!#&F~HD&5eDdkun| z%T)Z{KQ%SAd-rZoKx!HqOx`-Wx@$;F?Q3nS)(TPL z23;g1154u)47b>tA$;HgkjIj4eg!cDJ{L4cnEdt)sw)e&kF>nLevf&a`_T9}evDX^ zrkV^Qz}!aVLPA2F@QR=i24pBIOXdJZ&o*Wy5nHHi6tpxq zkA+>Dc-&1`E^2T0^r(8mP5SU~(byTDiRUg=p+C#tv{mE_dL2Z^nfn{-3stDGq(Pn( zEsSAp{w$Bd6D?rFBKm={lX7!gC1x=7ME?L>O@==pnO%DK0L5B6_;ryC!)y+w1EJ{f z;V2Ml%`Esl6o(GM^P-NGg`kC^^!E04F#N>Iq+|Ok7r*%9AGp&X0Fdf7XTZ@$ zr2=$7qr?g)oaFGJfVF5vne<06TQfJs_U{h``GUJ@v5qv=oOMC+*n1Gq6P)lM(xPVKJSdKfY0?7tO0|wz?#B4l&m<_N5I#EBlu(d7B zJofF~yIZjA5i8m~H=hhQTifW!2o92# z_wU)5nG^e(5e3syQ=z1vwH?C3MJijG?Wm0pQ9;bXh&p)c%0WY->kL+uCZ{abQ)?#~ z8KrYsc{F^rGuS-uGB7Y8@24Fmc0zdfZiruVdu*ek5iy8o>gK(J!;PEf$dT-n6uF9@ z>v{@(XGb><4cK1E-MZEn70cl8u8}V(-#*YEJbKb_uM$H!WDE$W zC{eU`a1ck$x`9D29t+G3XTtJdyr^ktNVXIORcpbEqSB^#sUvQ`HZh~BBO%L^qJ%bM<@PQNqpT(*i*_!nN;Rp<7nph=(8a@Y{h2YZ*If%gr;<~xHx#GMwRHmvc zpAwpy&K*-6pA&ZaX#h{tIreKE8W!*0*jQSw03|@R<$7W?rG#J)KmiO&beHU*5t5AQ zl`y}2xeZ+q;B_UJ1}BXwA~B4;tIRqeIb2$02j>q2tQZORQd~8_0K698z$&GkZY&3p z2xG^R+j{=h7W6G?Q+(gT!$42^Yp17K($t-Kv9+^3bAw$O^0|JU*Rr!DL{Ff3ljY2C z^zILbdHikP$(kPM6_H3e(a^#@l6zsMkyLv>Da+@KKy}rAli)yCgJ)|EJ4l^)evm)% z-ch6$@W5aFb`fs{FU)h>xoM0o8(F-sGAr`8$SZqr*tTPb z#<_Dru!ni05dq3@QF$5$fc)f%`%Jwc@x=IIiGDFi6i}%MN3RNu8W|ZJ6hU>hwNUM! zhU7#3So>KviLzoNSOuUIojeJ%)Y;sW2l#PN%Ah}Y(TPRGI)lpwdO*7zCpXp~w3?0d z*XBd?Mj6=b%}a6YfabS+Je3<>K%MZpDH}B`%VUPs2EL%Mi%%>pQnR>vII)*v0_= zBmz6`&0#*X2ce-FWdiQvdk-9dpNk(4=Al1KU$71`JAW5;{LzUfZZgu+B9wF@_Cz_# z))w7alEEe8=FCqHY{YG>%H=+I`jlZ#Du(y6pK0THyc=52RWvcp;bbCXfElOn5n95O z!=Z*R^s++=fTOR6B0|_M*;Msp$XY9SKP-+=auaK7ZVrx~ti1+;%z}$`zLYTbKEWr! z@wJTs*PB;RFp+Qg%`y}Eri14&WLF{zM;i;2iLbxfdSvHefd@ZNWUg3_LV`n^2ROfS z(LM+F2R(+0gjs#O4!q<$+1k;Uv0V16R@HEhqhCy>=i=0Gx6 zIA1gmAK!M-!t>|l54DZ!DQxEoU%rts4kpjKkZZ)$QnzxIKi{9bWo|c4A2evUN zS*-|D3I@hX$!<5&1C>jZ%jf2hMFR}!>FbX+FnOR29N=zgVp`hKwdEM6emuCRua&Sj zh#O}mvlze_A@||K-D{1O5WD8=Wnl+RHpY(1hnK{Mqw(t$^M*quehivMg)vSr$S(+< zxYK54D7d$WK96!{7_YFqj?st3#K0{tmFclEZ-w_=K5PR|8nE86GVg?pjGnB`SWI^I z_6C)1CBWG`j#Q6(<(%6Z0x9MgXVTNBIWXJYlB8#1YEgDx{(+uZSWs5o`J=>R3A#i; z0NO1jQ@TSjg`-bXP8fn=tFhBUl+VF-tl8$~eZRZK@B@qj(EIsqKgOonj7@Uq&K)S> zqyFEBEv>A2U_@Mk@8%(m@HCc%n?#(#8yKml9vgd%e*M}qRVqt%)zXs5TL@C8sHleF z1{y5j6do^0U#k}!SVg2pI%089n9+L`OQ)oy#D4GrIU0)%O-{nqF>qDrD~`4KxjBB^ z6IInyjz1#q-hGEM?6k_zD^O*K5gbYjdPEk(mS!;oKVt(@O**=D1AfmFR^o?p-#0a( z0V2+OcPwd098b_7q--+|oDHeXv@gnV^kGM#QHBZ`WCOUC6qS^IT&!jmj0g()CHB6R z327cl_Tfl;B1;_wpx!}bM z+-W@fv5T?mUfwG8o0bpxSG!F6y`raS2;G*<_$((8KCXc;qgo=H{r%haauIv$Hrqe-`FawAR=Ko2h{3&9F2P979I5|2<`+kg#)qR&JnY9z5sSUy;5O*sp zuC<*sl$5Lowx<>5gR@zlC>ntBH_Ds_isob7sVcNes5YUXq{OBw9QUF!qWE9CQMOZv zqiF;KgY0joSKzTvJglfYQ$l%1W# zb`TZDTfOMUh8ienX<<$Ifu3n(PnTPx_#X9pa}o%9&YYE%(ll>CJ2phUvmG7H58pkY znh}sQ3}zs0YDB}#cM;X^^J42N!lx2X&}rzuu$`HDemf)0$d9q{mnZetv+UhN`?ajg zmTm$HTK|05)jeVNBQC9cV-;McEqCl<;(b}Gvojl zXfN}jwl?R*iwnF@0Li74ly>&rI=}!cC>u=BS(4V)S+Fmp?74JOShyrHkr{~w`VJuG z#nO&&2w1eTB`fW@uDK1___PCGiuT~|b zBp??|OS`|l>!z!#qBUIp9&>HltuJ)5qtTu-s{Y~q`&Sou#ebDD%H<51rA3TX>2S(HRXJucH*H!`uzT4L+SaKQ`A>DX73I$s zrg~diztS?z73O4pb{qWSoo6-dTwDy_Y8&2u-?ekMwqYZ%+1lLTy6C0ha~O(%9U z9+TYAfdTV#pFQJ47G@EQm6DT#wuSy3&vnr~=)j>v?BrxO#poDh_4Hh@{(xu=xF0tT z8^cBqTmm|DmJa8DING3~0Sdw{C82c6H{o8%;UBEXu;Wba}_LWI8P-|{! zsWv$gV<8ueR<_RrVdjTD=r_HEmjlbBTYUW@TIJZ==SN5P;whyi;rEGGPm0ul*zJYb z)6T5bx&vG;+W7JZ)HIm#f-uFs2ZZ|k^Ji9Cny#TC*S`DK1C=qbuH~$v*Y1m=^Ppva&i=491qnPxszfcrckG{YFWPo;9S+jnIhH%!v_ak$6=cl$d zD+>z|x5ZybpO}58oO|eriEiDyBmNJJ%}BZncRZJsGIL{iBX;sqip+bD`Zy`I7Z-i8 z0`1(cpJuvK-Ik|AZicGd02aA7YpZ_8sJGn_e<#2w{gT=Hc>TefFMPOHi_a9go1Blx z$yrd~P(5X7x!bqCIq$f~&z(o#9lE6z99QtEe*4{6EBpMdU(|kuY}rMfkEQBQ3F%r34_Xt%2s0#%i2J_EtfEJ&h--KlJbakDUlLM~S%>8^9+f-WmH5h#~ zjs}$KyjFPsel5C*#p*tB8gLh+r>7SaGhjaeqvg3>i&(utua`_s5ypsJGlw@hparZg z{4vBnPJr@QsmS(BUCGl=*&=AB*Vo`#6D!u7=ueYf%n2Ra8^kv(Iu?%<`iR$HCn65A4CU~66hKk6ZXBRC@3gsYiyi^`4un)rCyI| z9_?DL3J<4rxsVG~8Ykwg4*O`XnmTGR(aXobI+FKt9jKSl_GegFun6honE0T{vgl+v zXb#-+hVh?WjnQeyLB|@8^Ii2N={0`&QQxZXD6{d!sJ3vmZL+1VpRBal9P$} ztDRju2Q;MM_ObXr2+2 zGdA{weWd3j=~F$#R}kRL;gx%y$;=)&d84hSzO#w1E* z@Xn^C5!E(XS$nN@f1XO>-9RY-N*wsjQ9>L-3SSp^_l1cbK_ttLXvY#Iz=alW!*QNJ z^BZrTojAiK<~+?T{$eNtmYJ5dBA$wKTL}sa9nIE14Nz-@A{tx<`aGj&5PGD{EG(ov zcC;hfqmb+KplA)E7Bs?v>B9+{s--O?UPYlbp;c|G!>z)Nw6Y{#g4+Lc&3(L<3Ux84 zI3}8g1yAwv@^WyD19WC*IyNya^8MIo^8H&)emR49vjlAv!8N7{QTXH6DTJ4MYOBW zN5(~nzbbhID>RrUoAc9cld1-(M~io7MmMds7BEhMWHR z@-jm5{?C8R9{VftpTEazgEsr;9~Ij-{iEOiU%y2fj+|uy2w!y84=}Skx1DZW7WpHVUE_X2eee3Lp zV=A)6vZ_M3J+Gc6H4C`2{b*Er3l%*?bguhqye-kCo?1$FlrpbVl-1-{iupPnYo>EwY)ND7%WCvQvYx(P zH|hP6yLXjXLu*Zm0PU42@7ae>3fQV}Pde^^r>4+Fh5x(dbO2|JcHB|6 zKR5DMJG>l&RO=rVzHXgxUJflBe>Ib7O_9@OWa#b)7RtJPs8N_UT+oQ}`-A&6?8Odl zDwm>D44W>$8j9PI#kyVLwf2#uFVg=Lsx>(7AF~w74tBin=(gL&&}}EM5|zj5ZH5v_ zI^(NKXu0rI+E~y9;S{ezxr+J_K`_LiRO({KGkCDt!73)Qdp6;=>>wop1H(*se zS;#+3*~bafPY(O%ogHrmq@vE=OQ?Kra!bd)@E*DJA@5H*9y4aa#kY6EhgZ8N@1pC|xGbz$%-#bwv_U?o6%gg&-=ji;n=%(=~fcejs z_9`M>4%$3&iIZ}?mSfAE>q4rm5q=Neg`ANlgU)rOoND-5$=unrcht$5@JJQsF)`LX zOX&URXHh&fzkZP;vpD8jCBrFUAvb-;;NoC%b&XF~dKT@s$po)3j zR2nk!?|1V4Sz3p@5VS^y0eLTdy#4j;Zoi4g#|ua~1b3VdxtqZBp-=2hK(;ldeND(Q zV)9x^KU#dJkP&+}v(GZtZsGfB7S%7ZnD;~d(9u^o-Jf?m{%h@2TGd56;c~mJ#P6Ivts Date: Fri, 20 Aug 2021 14:40:14 +0100 Subject: [PATCH 7/8] Adding helm update script --- examples/basic/README.md | 12 + examples/basic/confluent/kafka-connect.yaml | 2 +- examples/basic/confluent/kustomization.yaml | 3 +- .../basic/operator/clusterrolebinding.yaml | 8 - examples/basic/operator/kustomization.yaml | 1 - kustomize/base/operator/clusterrole.yaml | 219 +++++++++--------- .../base/operator/clusterrolebinding.yaml | 16 +- kustomize/base/operator/deployment.yaml | 121 ++++------ kustomize/base/operator/licensing.yaml | 20 +- kustomize/base/operator/service.yaml | 15 +- kustomize/base/operator/serviceaccount.yaml | 15 +- ...rm.confluent.io_confluentrolebindings.yaml | 3 + .../crds/platform.confluent.io_connects.yaml | 3 + .../platform.confluent.io_controlcenters.yaml | 3 + ...latform.confluent.io_kafkarestclasses.yaml | 3 + .../crds/platform.confluent.io_kafkas.yaml | 3 + .../platform.confluent.io_kafkatopics.yaml | 3 + .../crds/platform.confluent.io_ksqldbs.yaml | 3 + .../platform.confluent.io_migrationjobs.yaml | 3 + ...latform.confluent.io_schemaregistries.yaml | 3 + .../platform.confluent.io_zookeepers.yaml | 3 + kustomize/helm/update_helm.sh | 8 + 22 files changed, 249 insertions(+), 221 deletions(-) create mode 100644 examples/basic/README.md delete mode 100644 examples/basic/operator/clusterrolebinding.yaml create mode 100755 kustomize/helm/update_helm.sh diff --git a/examples/basic/README.md b/examples/basic/README.md new file mode 100644 index 0000000..594ada4 --- /dev/null +++ b/examples/basic/README.md @@ -0,0 +1,12 @@ +# Basic Deployment +This example deploys a basic deployment. No RBAC/LDAP. Just a single topic 'foobar' is added as part of the pipeline. +### Deploy CRDs +Deploy the CRDS using the standard way: +```shell +kubectl apply -k ../../kustomize/crds +``` +### Deploy Confluent Operator and Confluent Services +Deploy the confluent operator and services: +```shell +kubectl apply -k . +``` \ No newline at end of file diff --git a/examples/basic/confluent/kafka-connect.yaml b/examples/basic/confluent/kafka-connect.yaml index ae8ceb3..56d66c8 100644 --- a/examples/basic/confluent/kafka-connect.yaml +++ b/examples/basic/confluent/kafka-connect.yaml @@ -5,7 +5,7 @@ metadata: name: connect spec: tls: - secretRef: tls-group1 + autoGeneratedCerts: true dependencies: kafka: bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 diff --git a/examples/basic/confluent/kustomization.yaml b/examples/basic/confluent/kustomization.yaml index 50b9d09..b214b45 100644 --- a/examples/basic/confluent/kustomization.yaml +++ b/examples/basic/confluent/kustomization.yaml @@ -1,8 +1,7 @@ namespace: sandbox resources: -- ./namespace.yaml +- namespace.yaml - ../../../kustomize/base/confluent -- ../../../kustomize/base/secrets-tls patchesStrategicMerge: - zookeeper.yaml - kafka.yaml diff --git a/examples/basic/operator/clusterrolebinding.yaml b/examples/basic/operator/clusterrolebinding.yaml deleted file mode 100644 index 08c3483..0000000 --- a/examples/basic/operator/clusterrolebinding.yaml +++ /dev/null @@ -1,8 +0,0 @@ -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: confluent-operator -subjects: -- kind: ServiceAccount - name: confluent-for-kubernetes - namespace: sandbox diff --git a/examples/basic/operator/kustomization.yaml b/examples/basic/operator/kustomization.yaml index c3fa8fe..339e199 100644 --- a/examples/basic/operator/kustomization.yaml +++ b/examples/basic/operator/kustomization.yaml @@ -2,5 +2,4 @@ namespace: sandbox resources: - ../../../kustomize/base/operator patchesStrategicMerge: - - clusterrolebinding.yaml - deployment.yaml \ No newline at end of file diff --git a/kustomize/base/operator/clusterrole.yaml b/kustomize/base/operator/clusterrole.yaml index 675fc52..c9b4d85 100644 --- a/kustomize/base/operator/clusterrole.yaml +++ b/kustomize/base/operator/clusterrole.yaml @@ -1,116 +1,119 @@ +--- +# Source: confluent-for-kubernetes/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: Role metadata: labels: app: confluent-for-kubernetes - app.kubernetes.io/component: confluent-operator - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" helm.sh/chart: confluent-for-kubernetes-0.174.21 name: confluent-operator + namespace: default rules: - - apiGroups: - - cluster.confluent.com - resources: - - zookeeperclusters - - zookeeperclusters/status - - zookeeperclusters/scale - - zookeeperclusters/finalizers - - kafkaclusters - - kafkaclusters/status - - kafkaclusters/scale - - kafkaclusters/finalizers - verbs: - - '*' - - apiGroups: - - operator.confluent.cloud - resources: - - physicalstatefulclusters - - physicalstatefulclusters/scale - - physicalstatefulclusters/status - - physicalstatefulclusters/finalizers - verbs: - - '*' - - apiGroups: - - platform.confluent.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - route.openshift.io - resources: - - routes - - routes/custom-host - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - apps - resources: - - statefulsets - - statefulsets/scale - - statefulsets/status - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - configmaps - - events - - persistentvolumeclaims - - secrets - - secrets/finalizers - - pods - - services - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - networking.k8s.io - resources: - - ingresses - - ingresses/status - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get +- apiGroups: + - cluster.confluent.com + resources: + - zookeeperclusters + - zookeeperclusters/status + - zookeeperclusters/scale + - zookeeperclusters/finalizers + - kafkaclusters + - kafkaclusters/status + - kafkaclusters/scale + - kafkaclusters/finalizers + verbs: + - '*' +- apiGroups: + - operator.confluent.cloud + resources: + - physicalstatefulclusters + - physicalstatefulclusters/scale + - physicalstatefulclusters/status + - physicalstatefulclusters/finalizers + verbs: + - '*' +- apiGroups: + - platform.confluent.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apps + resources: + - statefulsets + - statefulsets/scale + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + - events + - persistentvolumeclaims + - secrets + - secrets/finalizers + - pods + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - ingresses/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get diff --git a/kustomize/base/operator/clusterrolebinding.yaml b/kustomize/base/operator/clusterrolebinding.yaml index 89d9d60..c502054 100644 --- a/kustomize/base/operator/clusterrolebinding.yaml +++ b/kustomize/base/operator/clusterrolebinding.yaml @@ -1,18 +1,22 @@ -kind: ClusterRoleBinding +--- +# Source: confluent-for-kubernetes/templates/clusterrolebinding.yaml +kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: app: confluent-for-kubernetes app.kubernetes.io/name: confluent-for-kubernetes - app.kubernetes.io/instance: confluent - app.kubernetes.io/managed-by: git - app.kubernetes.io/component: confluent-operator + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.21 name: confluent-operator + namespace: default subjects: - kind: ServiceAccount name: confluent-for-kubernetes - namespace: sandbox + namespace: default roleRef: - kind: ClusterRole + kind: Role name: confluent-operator apiGroup: rbac.authorization.k8s.io diff --git a/kustomize/base/operator/deployment.yaml b/kustomize/base/operator/deployment.yaml index 2b692b1..03928cc 100644 --- a/kustomize/base/operator/deployment.yaml +++ b/kustomize/base/operator/deployment.yaml @@ -1,27 +1,24 @@ +--- +# Source: confluent-for-kubernetes/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - annotations: - deployment.kubernetes.io/revision: "1" - meta.helm.sh/release-name: confluent-operator - meta.helm.sh/release-namespace: sandbox labels: app: confluent-for-kubernetes - app.kubernetes.io/component: confluent-operator - app.kubernetes.io/instance: operator - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: "confluent-operator" helm.sh/chart: confluent-for-kubernetes-0.174.21 version: 0.174.21 name: confluent-operator + namespace: default spec: - progressDeadlineSeconds: 600 replicas: 1 - revisionHistoryLimit: 10 selector: matchLabels: - app.kubernetes.io/instance: confluent-operator - app.kubernetes.io/name: confluent-operator + app.kubernetes.io/name: "confluent-operator" + app.kubernetes.io/instance: RELEASE-NAME strategy: rollingUpdate: maxSurge: 1 @@ -30,73 +27,57 @@ spec: template: metadata: annotations: - prometheus.io/path: /metrics + prometheus.io/path: "/metrics" prometheus.io/port: "7778" prometheus.io/scrape: "true" labels: - app: confluent-operator - app.kubernetes.io/instance: confluent-operator - app.kubernetes.io/name: confluent-operator + app: "confluent-operator" + app.kubernetes.io/name: "confluent-operator" + app.kubernetes.io/instance: RELEASE-NAME confluent-platform: "true" version: 0.174.21 spec: - containers: - - args: - - --debug=false - - --namespaces=sandbox - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: NODEIP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: DD_ENTITY_ID - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.uid - image: docker.io/confluentinc/confluent-operator:0.174.21 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: confluent-operator - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 100m - memory: 256Mi - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler securityContext: fsGroup: 1001 runAsNonRoot: true runAsUser: 1001 - serviceAccount: confluent-for-kubernetes + containers: + - args: + - --debug=false + - --namespaces=default + name: confluent-operator + image: docker.io/confluentinc/confluent-operator:0.174.21 + imagePullPolicy: IfNotPresent + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + readinessProbe: + httpGet: + port: 8080 + path: /readyz + livenessProbe: + httpGet: + port: 8080 + path: /healthz + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODEIP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_ENTITY_ID + valueFrom: + fieldRef: + fieldPath: metadata.uid serviceAccountName: confluent-for-kubernetes - terminationGracePeriodSeconds: 30 \ No newline at end of file + restartPolicy: Always + terminationGracePeriodSeconds: 30 diff --git a/kustomize/base/operator/licensing.yaml b/kustomize/base/operator/licensing.yaml index 68e4689..c536271 100644 --- a/kustomize/base/operator/licensing.yaml +++ b/kustomize/base/operator/licensing.yaml @@ -1,23 +1,17 @@ +--- +# Source: confluent-for-kubernetes/templates/licensing.yaml apiVersion: v1 kind: Secret metadata: labels: app: confluent-for-kubernetes app.kubernetes.io/name: confluent-for-kubernetes - app.kubernetes.io/instance: confluent + app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: confluent-operator - namespace: sandbox + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.21 + namespace: default name: confluent-operator-licensing type: Opaque data: - publicKey.pem: |- - LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FR - OEFNSUlCQ2dLQ0FRRUF2YUd5OFRPZGJDTXlTTTd6cVpzeApuNjJ5dUUrQmhJUGxjOXo5Y3RyWCt0 - QldOQ0NKZVBaYktIVFpTOXVLTGVLVWk5dTA3dHMvMzVYUm5FNEFURDZxCmx3am5Tb0pPa2VJWGNZ - aUorWEdFeE4xb1JFOFJsNW90dmRtSkVzYjlZNkpzZmUybFJDQ3NaTng2azFzMU5tUUYKUjR3blJp - S3lsSWlZSjl1V1VHZkgxOEpLWnFNOHo5UXFrWi8relFrekhOWXNYbi9ZeVJ1RElRWGVVU2VjaHI5 - MwpKanQ3OUFpa3NraWNvVDA0bHF6L0dhSHoyV0pFeXV2TExFMWpOQk9Db21LbDA1UWIreXZKbUdu - dC83SFg2SFQ3CjNobkNYYnNsd3R6cDBDbWVHT2lKUmJKeGJhaGtURnFoMW9LcVpYVURDWnJLQ05O - UnZYcU4vUUhxbmF3bzZrSnkKOHdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t - + publicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF2YUd5OFRPZGJDTXlTTTd6cVpzeApuNjJ5dUUrQmhJUGxjOXo5Y3RyWCt0QldOQ0NKZVBaYktIVFpTOXVLTGVLVWk5dTA3dHMvMzVYUm5FNEFURDZxCmx3am5Tb0pPa2VJWGNZaUorWEdFeE4xb1JFOFJsNW90dmRtSkVzYjlZNkpzZmUybFJDQ3NaTng2azFzMU5tUUYKUjR3blJpS3lsSWlZSjl1V1VHZkgxOEpLWnFNOHo5UXFrWi8relFrekhOWXNYbi9ZeVJ1RElRWGVVU2VjaHI5MwpKanQ3OUFpa3NraWNvVDA0bHF6L0dhSHoyV0pFeXV2TExFMWpOQk9Db21LbDA1UWIreXZKbUdudC83SFg2SFQ3CjNobkNYYnNsd3R6cDBDbWVHT2lKUmJKeGJhaGtURnFoMW9LcVpYVURDWnJLQ05OUnZYcU4vUUhxbmF3bzZrSnkKOHdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t diff --git a/kustomize/base/operator/service.yaml b/kustomize/base/operator/service.yaml index 0ca50c4..430528e 100644 --- a/kustomize/base/operator/service.yaml +++ b/kustomize/base/operator/service.yaml @@ -1,13 +1,17 @@ +--- +# Source: confluent-for-kubernetes/templates/service.yaml apiVersion: v1 kind: Service metadata: labels: - app: "confluent-for-kubernetes" - app.kubernetes.io/name: "confluent-for-kubernetes" - app.kubernetes.io/instance: "confluent" - app.kubernetes.io/managed-by: "Helm" + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "confluent-operator" - name: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.21 + name: confluent-operator + namespace: default spec: ports: - name: http-metric @@ -18,4 +22,3 @@ spec: app: "confluent-operator" app.kubernetes.io/name: "confluent-operator" type: ClusterIP - diff --git a/kustomize/base/operator/serviceaccount.yaml b/kustomize/base/operator/serviceaccount.yaml index 28f5498..48d5063 100644 --- a/kustomize/base/operator/serviceaccount.yaml +++ b/kustomize/base/operator/serviceaccount.yaml @@ -1,13 +1,16 @@ +--- +# Source: confluent-for-kubernetes/templates/serviceaccount.yaml apiVersion: v1 imagePullSecrets: -- name: "confluent-registry" +- name: confluent-registry kind: ServiceAccount metadata: labels: - app: "confluent-for-kubernetes" - app.kubernetes.io/name: "confluent-for-kubernetes" - app.kubernetes.io/instance: "confluent" - app.kubernetes.io/managed-by: "Helm" + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: confluent-for-kubernetes-0.174.21 name: confluent-for-kubernetes - + namespace: default diff --git a/kustomize/crds/crds/platform.confluent.io_confluentrolebindings.yaml b/kustomize/crds/crds/platform.confluent.io_confluentrolebindings.yaml index 6ccc8de..fbd2bbf 100644 --- a/kustomize/crds/crds/platform.confluent.io_confluentrolebindings.yaml +++ b/kustomize/crds/crds/platform.confluent.io_confluentrolebindings.yaml @@ -1,3 +1,5 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_confluentrolebindings.yaml --- apiVersion: apiextensions.k8s.io/v1beta1 @@ -247,3 +249,4 @@ status: plural: "" conditions: [] storedVersions: [] + diff --git a/kustomize/crds/crds/platform.confluent.io_connects.yaml b/kustomize/crds/crds/platform.confluent.io_connects.yaml index 032291e..42c6afb 100644 --- a/kustomize/crds/crds/platform.confluent.io_connects.yaml +++ b/kustomize/crds/crds/platform.confluent.io_connects.yaml @@ -1,3 +1,5 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_connects.yaml --- apiVersion: apiextensions.k8s.io/v1beta1 @@ -2952,3 +2954,4 @@ status: plural: "" conditions: [] storedVersions: [] + diff --git a/kustomize/crds/crds/platform.confluent.io_controlcenters.yaml b/kustomize/crds/crds/platform.confluent.io_controlcenters.yaml index a0cf157..0f18682 100644 --- a/kustomize/crds/crds/platform.confluent.io_controlcenters.yaml +++ b/kustomize/crds/crds/platform.confluent.io_controlcenters.yaml @@ -1,3 +1,5 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_controlcenters.yaml --- apiVersion: apiextensions.k8s.io/v1beta1 @@ -2893,3 +2895,4 @@ status: plural: "" conditions: [] storedVersions: [] + diff --git a/kustomize/crds/crds/platform.confluent.io_kafkarestclasses.yaml b/kustomize/crds/crds/platform.confluent.io_kafkarestclasses.yaml index f7e02a1..56f6cf4 100644 --- a/kustomize/crds/crds/platform.confluent.io_kafkarestclasses.yaml +++ b/kustomize/crds/crds/platform.confluent.io_kafkarestclasses.yaml @@ -1,3 +1,5 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkarestclasses.yaml --- apiVersion: apiextensions.k8s.io/v1beta1 @@ -321,3 +323,4 @@ status: plural: "" conditions: [] storedVersions: [] + diff --git a/kustomize/crds/crds/platform.confluent.io_kafkas.yaml b/kustomize/crds/crds/platform.confluent.io_kafkas.yaml index 8bdbf81..44f4cce 100644 --- a/kustomize/crds/crds/platform.confluent.io_kafkas.yaml +++ b/kustomize/crds/crds/platform.confluent.io_kafkas.yaml @@ -1,3 +1,5 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkas.yaml --- apiVersion: apiextensions.k8s.io/v1beta1 @@ -4128,3 +4130,4 @@ status: plural: "" conditions: [] storedVersions: [] + diff --git a/kustomize/crds/crds/platform.confluent.io_kafkatopics.yaml b/kustomize/crds/crds/platform.confluent.io_kafkatopics.yaml index ecafc0f..bd6ba8c 100644 --- a/kustomize/crds/crds/platform.confluent.io_kafkatopics.yaml +++ b/kustomize/crds/crds/platform.confluent.io_kafkatopics.yaml @@ -1,3 +1,5 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_kafkatopics.yaml --- apiVersion: apiextensions.k8s.io/v1beta1 @@ -265,3 +267,4 @@ status: plural: "" conditions: [] storedVersions: [] + diff --git a/kustomize/crds/crds/platform.confluent.io_ksqldbs.yaml b/kustomize/crds/crds/platform.confluent.io_ksqldbs.yaml index 2b45eba..8a16e2a 100644 --- a/kustomize/crds/crds/platform.confluent.io_ksqldbs.yaml +++ b/kustomize/crds/crds/platform.confluent.io_ksqldbs.yaml @@ -1,3 +1,5 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_ksqldbs.yaml --- apiVersion: apiextensions.k8s.io/v1beta1 @@ -2580,3 +2582,4 @@ status: plural: "" conditions: [] storedVersions: [] + diff --git a/kustomize/crds/crds/platform.confluent.io_migrationjobs.yaml b/kustomize/crds/crds/platform.confluent.io_migrationjobs.yaml index ead0c24..2a50c83 100644 --- a/kustomize/crds/crds/platform.confluent.io_migrationjobs.yaml +++ b/kustomize/crds/crds/platform.confluent.io_migrationjobs.yaml @@ -1,3 +1,5 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_migrationjobs.yaml --- apiVersion: apiextensions.k8s.io/v1beta1 @@ -667,3 +669,4 @@ status: plural: "" conditions: [] storedVersions: [] + diff --git a/kustomize/crds/crds/platform.confluent.io_schemaregistries.yaml b/kustomize/crds/crds/platform.confluent.io_schemaregistries.yaml index c6a9dde..f0822c2 100644 --- a/kustomize/crds/crds/platform.confluent.io_schemaregistries.yaml +++ b/kustomize/crds/crds/platform.confluent.io_schemaregistries.yaml @@ -1,3 +1,5 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_schemaregistries.yaml --- apiVersion: apiextensions.k8s.io/v1beta1 @@ -2183,3 +2185,4 @@ status: plural: "" conditions: [] storedVersions: [] + diff --git a/kustomize/crds/crds/platform.confluent.io_zookeepers.yaml b/kustomize/crds/crds/platform.confluent.io_zookeepers.yaml index 92d1b74..19b661d 100644 --- a/kustomize/crds/crds/platform.confluent.io_zookeepers.yaml +++ b/kustomize/crds/crds/platform.confluent.io_zookeepers.yaml @@ -1,3 +1,5 @@ +--- +# Source: confluent-for-kubernetes/crds/platform.confluent.io_zookeepers.yaml --- apiVersion: apiextensions.k8s.io/v1beta1 @@ -1661,3 +1663,4 @@ status: plural: "" conditions: [] storedVersions: [] + diff --git a/kustomize/helm/update_helm.sh b/kustomize/helm/update_helm.sh new file mode 100755 index 0000000..b4743d2 --- /dev/null +++ b/kustomize/helm/update_helm.sh @@ -0,0 +1,8 @@ +#!/bin/bash +export CHART_VERSION=0.174.21 +helm repo add confluentinc https://packages.confluent.io/helm +helm search repo confluent --versions +helm template confluentinc/confluent-for-kubernetes --version $CHART_VERSION --include-crds --output-dir . +mv confluent-for-kubernetes/crds/* ../crds/crds +mv confluent-for-kubernetes/templates/* ../base/operator +rm -R confluent-for-kubernetes \ No newline at end of file From 2dad862a7f578557ec469940fb44d23817d436bd Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Fri, 20 Aug 2021 14:53:35 +0100 Subject: [PATCH 8/8] paramaterise update script --- kustomize/helm/update_helm.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kustomize/helm/update_helm.sh b/kustomize/helm/update_helm.sh index b4743d2..85f625c 100755 --- a/kustomize/helm/update_helm.sh +++ b/kustomize/helm/update_helm.sh @@ -1,5 +1,6 @@ #!/bin/bash -export CHART_VERSION=0.174.21 +#export CHART_VERSION=0.174.21 +export CHART_VERSION=0.174.13 helm repo add confluentinc https://packages.confluent.io/helm helm search repo confluent --versions helm template confluentinc/confluent-for-kubernetes --version $CHART_VERSION --include-crds --output-dir .