From 75fb37059f1abec3f1cbf13615a4705e65bf94ad Mon Sep 17 00:00:00 2001 From: Jukka Rissanen Date: Wed, 22 Feb 2023 12:58:07 +0200 Subject: [PATCH] docs: Updating the text for the NRI resource policy plugin Changing the documentation so that it will describe how the nri-resource-policy plugin works. Also reshuffling the files around to better fit the overall documentation structure. Signed-off-by: Jukka Rissanen --- CODE-OF-CONDUCT.md | 4 +- README.md | 4 +- SECURITY.md | 4 +- docs/_templates/layout.html | 2 +- docs/conf.py | 4 +- docs/contributing.md | 12 +- docs/developers-guide/architecture.md | 262 ------------------ docs/developers-guide/e2e-test.md | 212 -------------- .../figures/arch-overview.svg | 70 ----- docs/developers-guide/figures/cri-resmgr.png | Bin 118893 -> 0 bytes docs/developers-guide/policy-writers-guide.md | 3 - docs/index.rst | 20 +- docs/installation.md | 98 ------- docs/introduction.md | 20 -- docs/policy/blockio.md | 15 - docs/policy/rdt.md | 163 ----------- docs/quick-start.md | 93 ------- .../reference/agent-command-line-reference.md | 3 - docs/reference/configuration-reference.md | 73 ----- docs/reference/index.rst | 8 - .../resmgr-command-line-reference.md | 3 - docs/releases/conf.py | 4 +- docs/releases/index.md | 2 +- .../README.md} | 0 .../developers-guide/architecture.md | 205 ++++++++++++++ .../developers-guide/e2e-test.md | 118 ++++++++ .../figures/nri-resource-policy.png | Bin 0 -> 71246 bytes .../developers-guide/index.rst | 1 - .../developers-guide/testing.rst | 0 .../developers-guide/unit-test.md | 0 docs/resource-policy/index.rst | 17 ++ docs/resource-policy/installation.md | 26 ++ docs/resource-policy/introduction.md | 12 + docs/{ => resource-policy}/node-agent.md | 18 +- docs/{ => resource-policy}/policy/balloons.md | 20 +- .../policy/container-affinity.md | 30 +- .../policy/cpu-allocator.md | 8 +- docs/{ => resource-policy}/policy/index.rst | 2 - .../policy/topology-aware.md | 52 ++-- docs/resource-policy/quick-start.md | 85 ++++++ docs/resource-policy/setup.md | 61 ++++ docs/security.md | 4 - docs/setup.md | 210 -------------- 43 files changed, 609 insertions(+), 1339 deletions(-) delete mode 100644 docs/developers-guide/architecture.md delete mode 100644 docs/developers-guide/e2e-test.md delete mode 100644 docs/developers-guide/figures/arch-overview.svg delete mode 100644 docs/developers-guide/figures/cri-resmgr.png delete mode 100644 docs/developers-guide/policy-writers-guide.md delete mode 100644 docs/installation.md delete mode 100644 docs/introduction.md delete mode 100644 docs/policy/blockio.md delete mode 100644 docs/policy/rdt.md delete mode 100644 docs/quick-start.md delete mode 100644 docs/reference/agent-command-line-reference.md delete mode 100644 docs/reference/configuration-reference.md delete mode 100644 docs/reference/index.rst delete mode 100644 docs/reference/resmgr-command-line-reference.md rename docs/{README-resource-policy.md => resource-policy/README.md} (100%) create mode 100644 docs/resource-policy/developers-guide/architecture.md create mode 100644 docs/resource-policy/developers-guide/e2e-test.md create mode 100644 docs/resource-policy/developers-guide/figures/nri-resource-policy.png rename docs/{ => resource-policy}/developers-guide/index.rst (78%) rename docs/{ => resource-policy}/developers-guide/testing.rst (100%) rename docs/{ => resource-policy}/developers-guide/unit-test.md (100%) create mode 100644 docs/resource-policy/index.rst create mode 100644 docs/resource-policy/installation.md create mode 100644 docs/resource-policy/introduction.md rename docs/{ => resource-policy}/node-agent.md (50%) rename docs/{ => resource-policy}/policy/balloons.md (94%) rename docs/{ => resource-policy}/policy/container-affinity.md (90%) rename docs/{ => resource-policy}/policy/cpu-allocator.md (88%) rename docs/{ => resource-policy}/policy/index.rst (84%) rename docs/{ => resource-policy}/policy/topology-aware.md (90%) create mode 100644 docs/resource-policy/quick-start.md create mode 100644 docs/resource-policy/setup.md delete mode 100644 docs/security.md delete mode 100644 docs/setup.md diff --git a/CODE-OF-CONDUCT.md b/CODE-OF-CONDUCT.md index 077c12368..c622543c8 100644 --- a/CODE-OF-CONDUCT.md +++ b/CODE-OF-CONDUCT.md @@ -1,3 +1,3 @@ -# The NRI Plugin Collection Project Community Code of Conduct +# The NRI Plugins Project Community Code of Conduct -The NRI Plugin Collection Project follows the [Containers Community Code of Conduct](https://github.com/containers/common/blob/main/CODE-OF-CONDUCT.md). +The NRI Plugins Project follows the [Containers Community Code of Conduct](https://github.com/containers/common/blob/main/CODE-OF-CONDUCT.md). diff --git a/README.md b/README.md index 2a048c0a3..ef6c74454 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# NRI Plugin Collection +# NRI Plugins This repository contains a collection of community maintained NRI plugins. @@ -9,4 +9,4 @@ Currently following plugins are available: | [Topology Aware][1] | resource policy | | [Balloons][1] | resource policy | -[1]: http://github.com/containers/nri-plugins/blob/main/docs/README-resource-policy.md +[1]: http://github.com/containers/nri-plugins/blob/main/docs/resource-policy/README.md diff --git a/SECURITY.md b/SECURITY.md index 6d7c62b19..8b709c43c 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,4 +1,4 @@ -# Security and Disclosure Information Policy for the NRI Plugin Collection Project +# Security and Disclosure Information Policy for the NRI Plugins Project * [Reporting a Vulnerability](#Reporting-a-Vulnerability) * [Security Announcements](#Security-Announcements) @@ -6,7 +6,7 @@ ## Reporting a Vulnerability -If you think you've identified a security issue in a NRI Plugin Collection project, +If you think you've identified a security issue in a NRI Plugins project, please DO NOT report the issue publicly via the Github issue tracker, mailing list, or IRC. Instead, send an email with as many details as possible to [cncf-crio-security@lists.cncf.io](mailto:cncf-crio-security@lists.cncf.io?subject=Security%20Vunerablity%20Report) or [security@containerd.io](mailto:security@containerd.io?subject=Security%20Vunerablity%20Report). diff --git a/docs/_templates/layout.html b/docs/_templates/layout.html index 2f2db268d..0e68b46ac 100644 --- a/docs/_templates/layout.html +++ b/docs/_templates/layout.html @@ -14,7 +14,7 @@
- all releases + all releases
diff --git a/docs/conf.py b/docs/conf.py index 6b23b769a..3ba21d146 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -21,7 +21,7 @@ # -- Project information ----------------------------------------------------- -project = 'NRI Plugin Collection' +project = 'NRI Plugins' copyright = '2023, various' author = 'various' @@ -129,7 +129,7 @@ def gomod_versions(modules): # List of patterns, relative to source directory, that match files and # directories to ignore when looking for source files. # This pattern also affects html_static_path and html_extra_path. -exclude_patterns = ['_build', '.github', '_work', 'generate', 'README.md', 'TODO.md', 'SECURITY.md', 'CODE-OF-CONDUCT.md', 'docs/releases', 'test/self-hosted-runner/README.md', 'test/e2e/README.md'] +exclude_patterns = ['_build', '.github', '_work', 'generate', 'README.md', 'TODO.md', 'SECURITY.md', 'CODE-OF-CONDUCT.md', 'docs/releases', 'test/self-hosted-runner/README.md', 'test/e2e/README.md', 'docs/resource-policy/releases', 'docs/resource-policy/README.md','test/statistics-analysis/README.md'] # -- Options for HTML output ------------------------------------------------- diff --git a/docs/contributing.md b/docs/contributing.md index 6fc0cfaf5..708eb515f 100644 --- a/docs/contributing.md +++ b/docs/contributing.md @@ -1,10 +1,10 @@ # Contributing -Please use the GitHub\* infrastructure for contributing to -CRI Resource Manager. -Use [pull requests](https://github.com/intel/cri-resource-manager/pulls) +Please use the GitHub\* infrastructure for contributing to NRI Plugins. +Use [pull requests](https://github.com/containers/nri-plugins/pulls) to contribute code, bug fixes, or if you want to discuss your ideas in terms of -code. Open [issues](https://github.com/intel/cri-resource-manager/issues) to +code. Open [issues](https://github.com/containers/nri-plugins/issues) to report bugs, request new features, or if you want to discuss any other topics -related to CRI Resource Manager or orchestration resource management in -general. +related to NRI plugins. + +For the actual NRI (Node Resource Interface) API, please see [NRI repository](https://github.com/containerd/nri) diff --git a/docs/developers-guide/architecture.md b/docs/developers-guide/architecture.md deleted file mode 100644 index ec801941a..000000000 --- a/docs/developers-guide/architecture.md +++ /dev/null @@ -1,262 +0,0 @@ -# Architecture - -## Overview - -CRI Resource Manager (CRI-RM) is a pluggable add-on for controlling how much -and which resources are assigned to containers in a Kubernetes\* cluster. -It's an add-on because you install it in addition to the normal selection of -your components. It's pluggable since you inject it on the signaling path -between two existing components with the rest of the cluster unaware of its -presence. - -CRI-RM plugs in between kubelet and CRI, the Kubernetes node agent and the -container runtime implementation. CRI-RM intercepts CRI protocol requests -from the kubelet acting as a non-transparent proxy towards the runtime. -Proxying by CRI-RM is non-transparent in nature because it usually alters -intercepted protocol messages before forwarding them. - -CRI-RM keeps track of the states of all containers running on a Kubernetes -node. Whenever it intercepts a CRI request that results in changes to the -resource allocation of any container (container creation, deletion, or -resource assignment update request), CRI-RM runs one of its built-in policy -algorithms. This policy makes a decision about how the assignment of -resources should be updated and, eventually, the intercepted request is -modified according to this decision. The policy can make changes to any -container in the system, not just the one associated with the intercepted -CRI request. Therefore it does not operate directly on CRI requests. -Instead CRI-RM's internal state tracking cache provides an abstraction for -modifying containers and the policy uses this abstraction for recording its -decisions. - -In addition to policies, CRI-RM has a number of built-in resource -controllers. -These are used to put policy decisions—in practice pending changes made to -containers by a policy—into effect. A special in-band CRI controller is used -to control all resources that are controllable via the CRI runtime. This -controller handles the practical details of updating the intercepted CRI -request and generating any additional unsolicited update requests for other -existing containers updated by the policy decision. Additional out-of-band -controllers exist to exercise control over resources that the current CRI -runtimes are unable to handle. - -To tell which containers need to be handed off to various controllers for -updating, CRI-RM uses the internal state tracking cache's ability to tell -which containers have pending unenforced changes and to which controllers' -domain these changes belong. The CRI controller currently handles CPU and -memory resources, including huge pages. The level of control covers per -container CPU sets, CFS parametrization, memory limits, OOM score adjustment, -and pinning to memory controllers. The two existing out-of-band controllers, -Intel® Resource Director Technology (Intel® RDT) and Block I/O, handle last-level cache and memory bandwidth allocation, -and the arbitration of Block I/O bandwidth respectively. - -Many of the details of how CRI-RM operates is configurable. These include, -for instance, which policy is active within CRI-RM, configuration of the -resource assignment algorithm for the active policy, and configuration for -the various resource controllers. Although CRI-RM can be configured using a -configuration file present on the node running CRI-RM, the preferred way to -configure all CRI-RM instances in a cluster is to use Kubernetes -ConfigMaps and the CRI-RM Node Agent. - -

- - -

- -## Components - -### [Node Agent](/pkg/agent/) - -The node agent is a component external to CRI-RM itself. All interactions -by CRI-RM with the Kubernetes Control Plane go through the node agent with -the node agent performing any direct interactions on behalf of CRI-RM. - -The node agent communicates with NRI-RM via goroutine. The API is used to: - - push updated external configuration data to CRI-RM - -The agent interface implements the following: - - updating resource capacity of the node - - getting, setting, or removing labels on the node - - getting, setting, or removing annotations on the node - - getting, setting, or removing taints on the node - -The config interface is defined and has its gRPC server running in -CRI-RM. The agent acts as a gRPC client for this interface. The low-level -cluster interface is defined and has its gRPC server running in the agent, -with the [convenience layer](/pkg/agent) defined in -CRI-RM. CRI-RM acts as a gRPC client for the low-level plumbing interface. - -Additionally, the stock node agent that comes with CRI-RM implements schemes -for: - - configuration management for all CRI-RM instances - - management of dynamic adjustments to container resource assignments - -

- - -

- - -### [Resource Manager](/pkg/resmgr/) - -CRI-RM implements a request processing pipeline and an event processing -pipeline. -The request processing pipeline takes care of proxying CRI requests and -responses between CRI clients and the CRI runtime. The event processing -pipeline processes a set of other events that are not directly related -to or the result of CRI requests. These events are typically internally -generated within CRI-RM. They can be the result of changes in the state -of some containers or the utilization of a shared system resource, which -potentially could warrant an attempt to rebalance the distribution of -resources among containers to bring the system closer to an optimal state. -Some events can also be generated by policies. - -The Resource Manager component of CRI-RM implements the basic control -flow of both of these processing pipelines. It passes control to all the -necessary sub-components of CRI-RM at the various phases of processing a -request or an event. Additionally, it serializes the processing of these, -making sure there is at most one (intercepted) request or event being -processed at any point in time. - -The high-level control flow of the request processing pipeline is as -follows: - -A. If the request does not need policying, let it bypass the processing -pipeline; hand it off for logging, then relay it to the server and the -corresponding response back to the client. - -B. If the request needs to be intercepted for policying, do the following: - 1. Lock the processing pipeline serialization lock. - 2. Look up/create cache objects (pod/container) for the request. - 3. If the request has no resource allocation consequences, do proxying - (step 6). - 4. Otherwise, invoke the policy layer for resource allocation: - - Pass it on to the configured active policy, which will - - Allocate resources for the container. - - Update the assignments for the container in the cache. - - Update any other containers affected by the allocation in the cache. - 5. Invoke the controller layer for post-policy processing, which will: - - Collect controllers with pending changes in their domain of control - - for each invoke the post-policy processing function corresponding to - the request. - - Clear pending markers for the controllers. - 6. Proxy the request: - - Relay the request to the server. - - Send update requests for any additional affected containers. - - Update the cache if/as necessary based on the response. - - Relay the response back to the client. - 7. Release the processing pipeline serialization lock. - -The high-level control flow of the event processing pipeline is one of the -following, based on the event type: - - - For policy-specific events: - 1. Engage the processing pipeline lock. - 2. Call policy event handler. - 3. Invoke the controller layer for post-policy processing (same as step 5 for requests). - 4. Release the pipeline lock. - - For metrics events: - 1. Perform collection/processing/correlation. - 2. Engage the processing pipeline lock. - 3. Update cache objects as/if necessary. - 4. Request rebalancing as/if necessary. - 5. Release pipeline lock. - - For rebalance events: - 1. Engage the processing pipeline lock. - 2. Invoke policy layer for rebalancing. - 3. Invoke the controller layer for post-policy processing (same as step 5 for requests). - 4. Release the pipeline lock. - - -### [Cache](/pkg/cache/) - -The cache is a shared internal storage location within CRI-RM. It tracks the -runtime state of pods and containers known to CRI-RM, as well as the state -of CRI-RM itself, including the active configuration and the state of the -active policy. The cache is saved to permanent storage in the filesystem and -is used to restore the runtime state of CRI-RM across restarts. - -The cache provides functions for querying and updating the state of pods and -containers. This is the mechanism used by the active policy to make resource -assignment decisions. The policy simply updates the state of the affected -containers in the cache according to the decisions. - -The cache's ability to associate and track changes to containers with -resource domains is used to enforce policy decisions. The generic controller -layer first queries which containers have pending changes, then invokes each -controller for each container. The controllers use the querying functions -provided by the cache to decide if anything in their resource/control domain -needs to be changed and then act accordingly. - -Access to the cache needs to be serialized. However, this serialization is -not provided by the cache itself. Instead, it assumes callers to make sure -proper protection is in place against concurrent read-write access. The -request and event processing pipelines in the resource manager use a lock to -serialize request and event processing and consequently access to the cache. - -If a policy needs to do processing unsolicited by the resource manager, IOW -processing other than handling the internal policy backend API calls from the -resource manager, then it should inject a policy event into the resource -managers event loop. This causes a callback from the resource manager to -the policy's event handler with the injected event as an argument and with -the cache properly locked. - - -### [Generic Policy Layer](/pkg/policy/policy.go) - -The generic policy layer defines the abstract interface the rest of CRI-RM -uses to interact with policy implementations and takes care of the details -of activating and dispatching calls through to the configured active policy. - - -### [Generic Resource Controller Layer](/pkg/control/control.go) - -The generic resource controller layer defines the abstract interface the rest -of CRI-RM uses to interact with resource controller implementations and takes -care of the details of dispatching calls to the controller implementations -for post-policy enforcment of decisions. - - -### [Metrics Collector](/pkg/metrics/) - -The metrics collector gathers a set of runtime metrics about the containers -running on the node. CRI-RM can be configured to periodically evaluate this -collected data to determine how optimal the current assignment of container -resources is and to attempt a rebalancing/reallocation if it is deemed -both possible and necessary. - - -### [Policy Implementations](/cmd/) - -#### [Topology Aware](/cmd/topology-aware/) - -A topology-aware policy capable of handling multiple tiers/types of memory, -typically a DRAM/PMEM combination configured in 2-layer memory mode. - -#### [Balloons](/cmd/balloons/) - -A balloons policy allows user to define fine grained control how the -computer resources are distributed to workloads. - -### [Resource Controller Implementations](/pkg/control/) - -#### [Intel RDT](/pkg/control/rdt/) - -A resource controller implementation responsible for the practical details of -associating a container with Intel RDT classes. This class effectively -determines how much last level cache and memory bandwidth will be available -for the container. This controller uses the resctrl pseudo filesystem of the -Linux kernel for control. - -#### [Block I/O](/pkg/control/blockio/) - -A resource controller implementation responsible for the practical details of -associating a container with a Block I/O class. This class effectively -determines how much Block I/O bandwidth will be available for the container. -This controller uses the blkio cgroup controller and the cgroupfs pseudo- -filesystem of the Linux kernel for control. - -#### [CRI](/pkg/control/cri/) - -A resource controller responsible for modifying intercepted CRI container -creation requests and creating CRI container resource update requests, -according to the changes the active policy makes to containers. diff --git a/docs/developers-guide/e2e-test.md b/docs/developers-guide/e2e-test.md deleted file mode 100644 index 560a97911..000000000 --- a/docs/developers-guide/e2e-test.md +++ /dev/null @@ -1,212 +0,0 @@ -# End-to-End tests - -## Prerequisites - -Install: -- `docker` -- `govm` - In case of errors in building `govm` with `go get`, or creating a virtual machine (`Error when creating the new VM: repository name must be canonical`), these are the workarounds: - ``` - GO111MODULE=off go get -d github.com/govm-project/govm && cd $GOPATH/src/github.com/govm-project/govm && go mod tidy && go mod download && go install && cd .. && docker build govm -f govm/Dockerfile -t govm/govm:latest - ``` - -## Usage - -Run policy tests: - -``` -[VAR=VALUE...] ./run_tests.sh policies -``` - -Run tests only on certain policy, topology, or only selected test: - -``` -[VAR=VALUE...] ./run_tests.sh policies[/POLICY[/TOPOLOGY[/testNN-*]]] -``` - -Run custom tests: - -``` -[VAR=VALUE...] ./run.sh MODE -``` - -Get help on available `VAR=VALUE`'s with `./run.sh -help`. `run_tests.sh` calls `run.sh` in order to execute selected -tests. Therefore the same `VAR=VALUE` definitions apply both scripts. - -## Test phases - -In the *setup phase* `run.sh` creates a virtual machine unless it -already exists. When it is running, tests create a single-node cluster -and launches `cri-resmgr` on it, unless they are already running. - -In the *test phase* `run.sh` runs a test script, or gives a prompt -(`run.sh> `) asking a user to run test script commands in the -`interactive` mode. *Test scripts* are `bash` scripts that can use -helper functions for running commands and observing the status of the -virtual machine and software running on it. - -In the *tear down phase* `run.sh` copies logs from the virtual machine -and finally stops or deletes the virtual machine, if that is wanted. - -## Test modes - -- `test` mode runs fast and reports `Test verdict: PASS` or - `FAIL`. The exit status is zero if and only if a test passed. - -- `play` mode runs the same phases and scripts as the `test` mode, but - slower. This is good for following and demonstrating what is - happening. - -- `interactive` mode runs the setup and tear down phases, but instead - of executing a test script it gives an interactive prompt. - -Print help to see clean up, execution speed and other options for all -modes. - -## Running from scratch and quick rerun in existing virtual machine - -The test will use `govm`-managed virtual machine named in the `vm` -environment variable. The default is `crirm-test-e2e`. If a virtual -machine with that name exists, the test will be run on it. Otherwise -the test will create a virtual machine with that name from -scratch. You can delete a virtual machine with `govm delete NAME`. - -If you want rerun the test many times, possibly with different test -inputs or against different versions of `cri-resmgr`, either use the -`play` mode or set `cleanup=0` in order to keep the virtual machine -after each run. Then tests will run in the same single node cluster, -and the test script will only delete running pods before launching new -ones. - -## Testing locally built cri-resmgr and cri-resmgr from github - -If you make changes to `cri-resmgr` sources and rebuild it, you can -force the test script to reinstall newly built `cri-resmgr` to -existing virtual machine before rerunning the test: - -``` -cri-resource-manager$ make -cri-resource-manager$ cd test/e2e -e2e$ reinstall_cri_resmgr=1 speed=1000 ./run.sh play -``` - -You can also let the test script build `cri-resmgr` from the github -master branch. This takes place inside the virtual machine, so your -local git sources will not be affected: - -``` -e2e$ reinstall_cri_resmgr=1 binsrc=github ./run.sh play -``` - -## Custom tests - -You can run a custom test script in a virtual machine that runs -single-node Kubernetes\* cluster. Example: - -``` -$ cat > myscript.sh << EOF -# create two pods, each requesting two CPUs -CPU=2 n=2 create guaranteed -# create four pods, no resource requests -n=4 create besteffort -# show pods -kubectl get pods -# check that the first two pods are not allowed to use the same CPUs -verify 'cpus["pod0c0"].isdisjoint(cpus["pod1c0"])' -EOF -$ ./run.sh test myscript.sh -``` - -## Custom topologies - -If you change NUMA node topology of an existing virtual machine, you -must delete the virtual machine first. Otherwise the `topology` variable -is ignored and the test will run in the existing NUMA -configuration. - -The `topology` variable is a JSON array of objects. Each object -defines one or more NUMA nodes. Keys in objects: -``` -"mem" mem (RAM) size on each NUMA node in this group. - The default is "0G". -"nvmem" nvmem (non-volatile RAM) size on each NUMA node - in this group. The default is "0G". -"cores" number of CPU cores on each NUMA node in this group. - The default is 0. -"threads" number of threads on each CPU core. - The default is 2. -"nodes" number of NUMA nodes on each die. - The default is 1. -"dies" number of dies on each package. - The default is 1. -"packages" number of packages. - The default is 1. -``` - - -Example: - -Run the test in a VM with two NUMA nodes. There are 4 CPUs (two cores, two -threads per core by default) and 4G RAM in each node -``` -e2e$ govm delete my2x4 ; vm=my2x4 topology='[{"mem":"4G","cores":2,"nodes":2}]' ./run.sh play -``` - -Run the test in a VM with 32 CPUs in total: there are two packages -(sockets) in the system, each containing two dies. Each die containing -two NUMA nodes, each node containing 2 CPU cores, each core containing -two threads. And with a NUMA node with 16G of non-volatile memory -(NVRAM) but no CPUs. - -``` -e2e$ vm=mynvram topology='[{"mem":"4G","cores":2,"nodes":2,"dies":2,"packages":2},{"nvmem":"16G"}]' ./run.sh play -``` - -## Test output - -All test output is saved under the directory in the environment -variable `outdir`. The default is `./output`. - -Executed commands with their output, exit status and timestamps are -saved under the `output/commands` directory. - -You can find Qemu output from Docker\* logs. For instance, output of the -most recent Qemu launced by `govm`: -``` -$ docker logs $(docker ps | awk '/govm/{print $1; exit}') -``` - -## Manual testing and debugging - -Interactive mode helps developing and debugging scripts: - -``` -$ ./run.sh interactive -... -run.sh> CPU=2 n=2 create guaranteed -``` - -You can get help on functions available in test scripts with `./run.sh -help script`, or with `help` and `help FUNCTION` when in the -interactive mode. - -If a test has stopped to a failing `verify`, you can inspect -`cri-resmgr` cache and allowed OS resources in Python\* after the test -run: - -``` -$ PYTHONPATH= python3 ->>> from pyexec_state import * ->>> pp(allowed) # allowed OS resources ->>> pp(pods["pod0"]) # pod entry in cache ->>> pp(containers["pod0c0"])) # container entry in cache -``` - -If you want to get the interactive prompt in the middle of a test run -wherever a `verify` or `create` fails, you can set a `on_FUNC_fail` hook to -either or both of them. Example: - -``` -$ on_verify_fail=interactive ./run.sh myscript.sh -``` diff --git a/docs/developers-guide/figures/arch-overview.svg b/docs/developers-guide/figures/arch-overview.svg deleted file mode 100644 index eb926e295..000000000 --- a/docs/developers-guide/figures/arch-overview.svg +++ /dev/null @@ -1,70 +0,0 @@ - - - - - - image/svg+xml - - Diagrams - - - - - - Diagrams - - - - - diff --git a/docs/developers-guide/figures/cri-resmgr.png b/docs/developers-guide/figures/cri-resmgr.png deleted file mode 100644 index 23b75624e1a8f205fe010bcabfbc830ba7f45545..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 118893 zcmeFY^;gtw_%1pygmg(a3W#(!2!b>SNJ+QSA>G{|JxCb{2GUByNH;1-!_bIy4-B!N z@!j8F&OdO@*=x^QEEdcsp19+>uKRux9&4)*;nU$mAP^!oRV6(L1ak!ffmYqZ0sqM& z4O9ca@H|vayde+ zt0g%%3R={*x(mfe15#t+rPX-nna?pgNvvTa8=)b*ke^ zcOpHc79)2)3ct4|2*Sq3_FlR1Q-A%+Hw&zc9j2uCu3@3Uoxi!+)nV`Fp?J#HW=cv} z_l!gX?z(L$H21QybuY)y4*N*bqSmKnUs~a>u(5gl;x>A}ZVq?;zU4fr{l-_Fm;TXR zw(5cYe(Tw9jCKsNbeBIc;yOJo*58b$_$G5R#CVdCNj9=iROpWkTrqxFHuupUto3*5 zyHgOPtwE2=0qz|bSg+-8TWwr=ClS0F@7}uR8B-9~&Fz*Fys**`1y% z{=LJ-jXJx(%@iMut0N0L$amAq~%cdLOrgjFTzQKE}u^)ft0He*5 z45wO%Ss#A&t4__9KJE_Nf$#8dBP%vHj1BPl5WYN|`q|&fKi4v0}P3)MVgOozT$$HZVS3 z>voT_68N~hMb8urm;$|E;FFJj2>47Xp?5_|sfz=>{NVF{AMyX=wYWPa3qkL0x>XVt zuT6I%W!qW=6gT6g$FlMy#U5oseEjWq$;pH{yr%1>6^38vHVVA8-=umj!Z8dhEf}l# z1O?M4zL=`a@$>SgU=vVP1)qDJZcjga^azJIF3Rcmr-R(~%NQ}&8IPaJ)VgiK=ZYz1 zb%Ve+H-Ek7v1oy{2AyT(h=$X@xWD(fhBb3HxsOb#vl z=FyQt>459=jq|^sEBpHU6Z|h%SM4s&_C^c+7StNO*4{E1JwKjxZx^)gz-mM7N~bbN z>Mfq);o-gbJD!m5-j-Kk-n{HlF!j5EmX>yVwtlqUtl8J~zG3;ZmH4|YjEV8n)Znpet z;DIuyQ?@Vm77C|p9aSj1z7M?~%@^&fK31l~?7O$HW9m1+RVLs%Bcd(6Q}+^8Zd#v;0mbpyo)Sbz#dRw5 zrZP(2TpoQispa6yO&ZP@7j|Ee0gJpkyIYS4edms78+s-BSu^BoyYnQUTjLs)nA;p| zulke0=U;6hL3AR|9)RV{%gZZy|GwI1%MjSYBR97S_gRC_hJw$2uwXyoIvE(bDFmUw ze*Ew6&y6P&rciZ!I&rt5y60mbj4Caru40MksYtuFCM!py@hF~6*VwnY7W*&bap)8c zwclL1Ti!Eo^kUa9(|&K+9(oWY*!>LA7BUxnH0&~6!)|pIuu<3>ayH)!){^-&sv8(6 zOx&Hxz3toqE>6PszHs0Ph)0P(`P(lQD=k_vBatSKh26=t!fZGPJG1piD{1ljR*7}FU?f|~g1jwsq3E7Pxa7>-Bb zOiKF!1ES)6dK*~)#UXsH7=z!oh6qLRTKTrt1@5(;A=h#(g9m|+Oj?E&TC@gI{*?fK z(7U&!OM0(+tmirQ1i{!m%Y-PwUfb;dHnQ{_l|6e|Sh!<4`B9&y?QqOoV=*0 zsFmc*X+k!)QK?!c$K~m)JEURWO;2C{Iq-xCl!K#Vt=qg5@X_A%J1P>PmlE0c4c-FB z6nXX|yi_Zn3dzbwWnyB|0_KOY1w2Ei-fiASZvA6f5nc5|t$WSBJ2q<%&VHLeGUQgI=}^G!Z0?{h8ijm53t5JWv$S%DY6W#~CO_^o-4-HHp*=w@Jl|vhDFTX_M1?!D)gsc z3zPpP<>hC;O4JDH#duhr&A%AaB4n16Sx&a8>Pex;<-si;r%46FnED3xcD%w|dixX| z(0{yEz<4i`4%{fl4-t}^$|&8#n;dp|(2FrB8+6K(9y$$nVJ;N4!(&o&ci9&>`B0&B zZotvH=cKvc0USzVWn$PBA|xav;lIxkzSqhq?#A%$Q3^it<@)H3uW;CPaOn9OHHUVA zY8)}6qMP6T;`d;M1ysRO^nHUvX4{j$zcG+!?Ki_+2^5`7oX7xSA)yA;ZZlYjYYJax z0awl&@a@6X8Dgy2&%G%0VpHh%TA9SAIVl-gLT0sXuaMVjU$_tOphe4@3!{i7USrhh zj+(ai=?VVLZu4GWUmuI0px|;S0Ts_J36tZ)L4FbxtJT)TmpR{AR}6(OUTXt&PQMeI ze75vz9kgm{YS8nb7k9Jkj3v@Nk>XD-FE0=0euZh~H}B&alKS{`XSNq{eOe#x`_jrG z-n8CL%f^N+=xo>iV7Z$?Ht@CpXI|UI-_K~fbu0=feLO1e^Y_W4WSS*Yxs_yLiM1?! z4+(}#5T`J{FreppG$MTt#;KTtE$T8wT0d+4A?aF4-$Eqda5bF8;@u-65V1uHv^k~y zcI`Gs3NdOIRMME<`|U08ShmS5N&x#T1vmDlt|VXkJlW$x?qN z=NK@^z~et;zrA;+s-xaKjKeH7+x)4*JUnR{3X;KG&|a&{d=sTW`<~}Y&%wC9&YJW> zM+^Z547>ykrP%!nCTQER-$C$>PQNMyb$Tvmh2B=yhp`?D0UOxSYakV2kB`Wo&3R)e zv;YqPUXlzFsN5pd%FvL?z4e6Zol4qi2n+?HI2ugQiadL)xgwkXX9XZyRkGFfbs@XH zm*FgKCR94ICr^eH=02ly1js;bYap#;e6DPJ1)_Vc{UB8;lk5PP0dQ69J1VKG1KgE% zlNILSA1Ro@>P->gN94JlU2Iw23{dFEka@1Rg3*`-?R*VJF2%h7DO|O3m>an)2du~8 z%|L+7!LT?&0Hk(38XFE1|| z2@e+cmV-xq2sL2nc~U-3@S)RkliKBLEhPznD(vj-e>QqMI*b&k0jE41ep>G`{p(D@ zEBG)32YtbwsGy7i*CPRk> ztJ0~>7eY2&w{Qq)9HRk-j@KfV-JOHZ`<@cz`i@b1~U|`1=no zy@ZDqJg6@0Ce&g073GOH2xp1C%waOiVqkrid+6PddCSVmYD2FsJ`}(E;51R*Kgi$C zaGFmYw%3ModvJwpJzLPo7jtFX9ebxj;?}T)gYW_t03vou2%Pg4n#-iK-I9B=1BOxR zI9ddp9%NrZ;Ez?D#{rUs+GubHqLn0SyY`M7y^LG4!@a0Zf6w~%+14QOBx?RsUU8@K zdn_!EmMzIK_xm}Em9AR+<~&uNFk4Ca?J`tt@AT=BUmR~f1mne@;}aGhn+(8y{q(Do zZWyu!j1kkJm*9x0=)=E=p2*TrZhd`uPRJ-FVppGJTvA%cf4~CbOiqKJLMnXfx*H{Ack19oyJxp0h($!9N<0&u{NX^Yyd3?rM4pl zl4v-;*M3uUh6pSE9)*jV8MC*u6YyG91!hC);Z-6(ScASVWDpqTTkwiGpGouJlixmb-yZ6%dFx_0xm?=^o14n zAY|6H9@{Lzdl4RihTrEG!o`7qKfc(WN(Ycx0Ki$x&+zl3jic?_(OB2cGmxk<-P^Aw zjNWGC=MNT0dc%YriM7izYe(hs!NPcb$ENmJilL5enbOc@XJ^OeQJLM7FoYU%?sBVo+%z`tuRXB;Cu2XmNe38-~%1Q`j9JjnR7^Z;f8d6(vKsF3}@?Q5_t zRkNc7lEMg0b{J`cO*cOHvJV~seLhx71X91>oQ6rHb5^}Of@yLE_sC+k=W`XaKxCB9 z{(&MFL2DhiQ3b=vH{}qLsCJ@+by=D8?CW-7;44CK`o1U~oB|0?n>YNV(DO=l+TcSg ziT?inb`fcClBgR2XU;=p{R0H$o12D~}?e%JQUS9u3aoC7~k$JZUf9vh~S4hAc zaCj;KUR>!->s_1r8NX(lM4_v@fZH0U{7+UP=L8E2P^#C}$s}%h7;pr9%03ciIR+1f zSAe!Xt$Rjxa!qaiLKp6}Pe~qSlB1lyl3T7_a0Y6Iut0=N4849o)ENyFV!qlC} z_!{klM&v2=wIfp8R*hA)``5F%{FZWmiSKrQuQ+_U$aJb4K*AdK@mK$&f0TvBA9@bl zj=JjlOZ~z!aQLJKcl2P?!lZq-?>)&)2Y>^IXY!K)_ur6CPpQK5ze_7VHEYV$=C?`r zg@lFwfoQYbHt&s*;H}6?^7C$LOQn#OwZYt4KnxKzH)~5fq?d2LG)VvS$8O&RYnZdW zz5U^IzR{agBbV=lR~$GPLR^xQ{$C)rS$-i!D;p>RSn(}mc|gI7!miJ&P=L#%dXGr< z))!=E>VMFv9EAzqv1)Xk{ieG|ujcU~?NpKfr$0!i&>U($v%dYMPFvzt%djia*1(g2 z`Zf^GF^q)f>z?bwf8V_m03r-DC#wDY-t+H;=IWo6tzz&gF$2f<5bg4R2WQe4rKxfU z*GyAS|CVtI{Wqx97g7P|Yq>|*hX*UYM;!$G(ery~U}?-G>18)X6>|;3@4(IVnLMJV za|yjW=ig=lOxMWa;oA4V1}Z{x_!@`StJ_XDs(h`-dVo;pg!=%p$^jyyJnC#O?LuO< z-hJacF0&ng%hozP+lcls_+gcGC*VvfT`Su8VkrQDpXYows&or_=`vII9PVWuR;>IJ zI8XQ*+B{K@IHtrA!4w{H4}ggA2j~Evgq52Aq&zN%CCqc6T=au=dAK`liK=rmg$#24LuG{uQ_7@eH zLXp-$qv!!Hp`osh59W@hOg>u^>6w`n9?4*2!Y)%)@heYj?C`)wFM+(jS~sS>0(854C zS0=5Dzd%`0;C&#AaB^`ajE_G78b#J#rv-Q<_|C(uSKkmVC&y=z-aG)hSutv&{rX}H ztlOP58S<(t;O|2KISfA}kyUbX`s5x0gg*Jp{fAu}e}BAzR<<0fPd%U;TJx#~X(#-8 z{SBC)5P(Y{ao_&!N$}aM(JPrr_LX*_)WMwhXf?oJ;k|$+;WIb_<&hTP+MBbm8*1Nt zKqutRS1H_@cf<@U%r;HiJy#w9QHsWkd9a2C(33RzYkyWtgM-caW^o`YIUcU|dp48m z*O60DoP$NC0W*2rKGsc){PQ&&KnGvQ%gAGrU|!4&~T!=UEka`~tT#2zqae4xC5 zl#iOwDU`|v0+u(>53pRqKo&mSsYeI}9NNht7o*~NZvgez$`=EPFW0%Ekz?6@YE*KA zVZnce2t;KSbY!l=80QAd>Rj2H)4bQ#tkh%)l!GYliiSwQ-Lfj%E)u(ws8x8rs;a6k zme-D;@$72TRz=cZMIkOOuAw5?d|F`#fzV526^1-3YXqR{hd&;YU>6wEtJ&DRbtnAJ z`Sg*Ei6ML{O1d<9=6bWNxD?21=lHOmW!V2SEt_}OzZh}X1><$ zEXx6P(}8#Pyz*&Qh@GX1DGo&>n#B~f3|P@nr+0AeSeyNWhyR}`Ze&=UL4b0(y6OX% z9f)u1rn|t4zL?g3^HgGE*Z5aw=@=LpaR8(c+s){WBK9Z4FX|vZ;o<%4O}avz2?rxR z5QhMfR|xQNQlhP!438Tq@jw|+K)K`U`I(Rva)7@g8crY4 zj#-8&8u1X$48IBAgtxs8xyGC$TQ+uMp)|%G!mYU@s=H~KAUMSAsv0Y=gB90DVm*9tWN*SBWU=x$lR z!OUZ2YG;yQp2BR={ga*;uWDxR;862oQ!j_ld;l=(0igekf^|N}}j??UWNOxAs25O|hvk>v2 zxF%(EWh?7GI^od>MxJa<0`ZrIXRsznmF>N@ZYR>;>gC3@x+cv9nXt4er36I-MgyKd zjX$<<5~Itl0O5^=t3aqv1TBpA>|B|_*<=}F(HpHPzR$An^+U|vI?|tNUt}MHqe={e zsk3F{rV9&MuWmOU;C6I5^!+kr9$$uet*z3!jS_?6mnq~1q8EM^VGA$wqz9#i+XKMG zN4BSHkG_n8q6wh;L!d&yrC;g+3NQ%U;?N5&kgVST(VSgEFTLi?J?l%R!$_nC4Dttm z#({TVkb_4%#iN`gd{|-Y5r#Z80Y-aru1w=>qDKsiJ{QPH3P|I`am~a$-k%E_@jiMQ z%N6kv*Nl*`#IDm{`1Ku!?HimTj0+5Y(s{zGNjSB_mIWlos*T7W18r)v5{25Ij4GK9 zt3g=#1(;gk*{&AI%~N&HGxw?i56DIrP}H;UXOBNt9*8zZC39ko2JVh_Wa(kydWLNY zeivwPlgSW;y(H$Cqnz|J%?{@ltnDMQj&#|%H9HBJ!E_AB;T4M2Q=x&Jy~H`aeF*NYH?}S>b#de-32e3a2jy*JLeYm4t8J^ zMg*Vn9eU~sIN%HMdF;gYxri$deZqy4Ww4Qf&&;mMKJR{tClwsg6v$7OhL|r zk)D>(dTZ_Vl$?GeW38{r)7>Wj@mPTdb2s=F0yc} zs^C{h3l!=}`CIg!vG$z$jb7y`q=|mVTE&MeE>c*Lyd)Gkmhn?3ti%}V&pPQRSc2?X zFLbtBtLLY7`McbZXjU^lR8mrZ46Gj7fdmsy3?2fC8(J+}A1NFJQs+=x$kNU97xQK@ zP)95UU=FN>vd<-u1qB>a&%Go;3VpAUi&+(L|&cB7@!N`f+WsmM^_7&|0T&MLBr7^DYsy|q!YBkP;dLB5eUL@& z(NVjhxP(?%#>+69g?9JwbOqE&2iCz}_+Y&DR>Cfp1P@D64dzZSy%+DQ38+x1%)Bz-`&w@ zogZj07{S#17Z+QV0sG%^CB5!mn*BhR$N&oeAJWxqUIp;IAjl%%4l2)PbhQjXTD0DK zv=FrS6L69b#Shi%jXV9dMn_vc>3R|U`MMR+AA5JB@|Nb+kxb*&P1yQW8R~x~!kDcc zyn`TqWKzj1)Ab+L$QQ_|#XUrSVtWeM3vJkF7cqu!*6(EF&82MmQkXfcT+M&Edx@7_ zt!X~qG4v^lOZQ*^yVQDw`;X32hrg(13UX!jcR{<>>cSD)B^ab$+_P!~GLf=e=`15s z#|RXIp9Ap;;GQy2wnhu`z@=-!P9wyC?Y{vMI$$4hJt+i!PLlw9bpeS}Sv&Q7qYi*i z5m4U*ajDvSLmL#vHt6*MSRs)^vN#ra;(+of|NayxwlVzE(TzUpu>=zIe-);HyLP>K z^UZ$$j0Ug;==!G*K!Ya{b{sh#UeK7P)DWi>uR?gsH({1Xw&JzKJyW@ zr+`9Oa#cz_vp&0GuIo0doX@s~pn@3gnCCiyrgX0=xqv-KShv~sI^m+?(6&GKP+W@0 zkQ$61dq)~u__GCc%vXrWd-;z%*Hca!_k@AlhocRZ-?KzaV034ysaDr*r?v|#KCp~8 zAfouQg{5(VW}^-Og3k|nnV}PfKxt5x+l?o?gSFG{-*DmpOaLoqPqhIXK<)z78+_MDP=T`|Huz+`N^DPc`1k`+XXS?&(Y0UtD#}YIC zH3i^z9VmC`Vm7O(JTS3bP|7+?3%l&BcLNxA=oRJet9ZSfu9+E+qz%XKi0?`p%9>ve zAHu8x={T}DY@c%WJndvi72hsZp6a=&e!S!#7VlGiaZ8_~5Nf9QJ>t?qGbKQ*w9C=? z#|l9NO6F{jqsn|qaA<9%xO3dXsMn0>m~zo?Nb{U4h9S&!)E_={C{MS%epOM!U%I6( z(JIh>W;fbk>OT>p*>9-^6jPfj5JRr_Zm!ej=34k2oX0z-f{|;aYkj;63>)Lk4!V|licbk&Bx+2?$kLwi7t>l^!qQYu@}_tPr^VI*ib*StDZ(EDFO9h-i_Hh?tw5 zsgzvLk9s_>b9v)FPqXHILozldORN8hT#KfiSU;>NWs{F$^Q@Un-_47+w18bN?kDTqqd&r=P{Y?3!8|Ze2g4~ZCE+wbK3kZDSp5BgE?grJ_dtJ(t3Nnu8&Hk+9D;Ec*Oa`Vb;yjTI+LDey<-65*W{=mTCK_E!{=v>^ zp_0mwa6ehPQ2V}7Y8%~Td#&0&E@tIoO$KNRT6*zFD*Jv76qmTGr80|H8E>Uoz@Erk zK)7ztN*mKG63^a1kh<$2GwbAE3Q9ST zK#A~ekxy#(YJXCB=$a0s$@8n%22v!XT$Z!852iU z!ZL|l6%JqSVIx4A*=;FQfBMzc;?T>Y6}#J7qnreXr*A1R;HUE?rxT{6j~colQO ziD0K0j?m9|F1aRC1Q!e^+os2ZO$qU;5%-NMhJaB1WIwihF^)O()~#hAD}ip5A74zx zMcHwuJsfjDMdPv2FPZ*sRE<_M zSL4W?gSsT7~3>80RMz;?li<=ehv8hOYs5 z#hqNdx*XM_OHKM#nWyP%m(6lT?Nu40Z zlS>lyAvTJ?8c9NYn%SfG%RfcL&6@w`Nhdgia|s|e~g(4YA92@0)7fwxe1#@mbm zl{>tG8_?vBmEw&B1-EgZ%%_oCQ#U_NV!Aa%$2Os|FNId=}>%5CNXUC_TU-fDg3L1zjo~g z8{0BJa#@-=cweFGG!_E#9WiLZF!v0*PfW+T+Hpoy70%vpj)5!xa)^$HO(z#@THX=RCk6fYtq_MmeIEtQY+67`mIPv6KS-beA_d=E zowfPKZWIOa0kM&_vi-WrypwnnsL_stIlP)hGPD8;L7=TkGfyZ6pf7aiTSit^^x)d^ zk2eop7Fs}AapLwln}Xg2OrR}S!^10g*fu>gJ<5EwhRGZIM`Ytc`|VdTF%;sC7>?GS z+-@u>D^i4*8_HDA02;F^DzRUJ>jdQRca+;Lq1kC)Iu zbJxpyk@p^R3i4V@2FkZ!vZMC=J0EwX0|2Oc3re{_B5iVSRL@2hnKB1o;#1yNn!A1z z$MjY?i3(^;-3uUsXaXG^T6E_ZB|kUl3!9y2uaKq#y)EpZjli$q z+41IBoZEcU0cc_o3OaQGO@4RWiZe14L4)V!LaQ_=%kYgOOI`>qai*Bw3W?E3&sgb6 zWKG@Z_P-f8YB_ORyhY4+H!re`7D$eIjfSmW#An)jHj{%=M?Ih4Z8M}R^#f7B={IO^ zHC6}=lmfL-&^Yz0%K9PD2I9sx>w@A1ryD%)fVvcitZX6BAN7GG2{d=mYRIbfO5_cQ zU&e+!H^xORW_;AcPrn^me!Yk4YkSOI^G$&HoJS0kVw*9sprin<+#q?Ul!Z9pXfr_J zl7$MfXhY_f^Ri>q*pAZYH3%Sq5)8y>)&)YwHj}!UD8Q1I8#I#Dc>)%h-EfnD%Hj~Jgm9QefDxE@t2In=;j`-H*WWB(w;Oy0StIb zffIKC5Adq5TwCJfX`3vs2Uir_`WF{GYtkIURq(dGnVlx2p-9>!v2XU)r4tGBzZ`^W68!kvLX@RPyPAY)-XwgO!Lxa8(~3sI;nUL#il{%=?b zz(-<9;1swX8LM~PTI3nMYI@L)`E3tNhHlAIT!4Uvu;k)Pui%zv8OXL#cGCA+# zNmxZ}5h~1PfF;tPC(C#hV){^K7cyh*(6WVzD?557Ts7(5j8l~F7hHzR$Vnt|dwI$= z!aLjv&SZsAb*D=LGJsKr(^@1fXe~izyfcls@iBz(oh5IO?lV^L4jsHRp#8JfC{Jrl zA`^x8=V$c6<2krKobdtCYwrIJM|c{I3oKCjV^b(b?O?d|VCe}gAxTEB24GKjt#Toj z82J(HSh5pj6t|+HL}B|#9FJVb0IDAg-t8HPqd+2@9u%)1WPvTrwUNMEXmx&-WUmam zC3EHsaksIkZ0~;HXT`jZHK_I=5wT(dzk+YETIkogK|VoeBW@t{0`{ELn8SigGE~z= zA<~eOBmp_}GU2_uXWb&s!5}S&vHx(0#|xih{FKGrx9P)QTg5(IxJLuv(Sz5Zt5Pm79a zl_g@)E)Y%TOyeG%r{-(ZvHn2wc|toKES#Q1R#4%RbMY(sly=!iA)5HZC1H67M-fI5xR*@K7(=~7R)~i# z)|dRSA4C!McQa+T+_A5fug|#Y82eCEHUT9>=uPZcM;>EFNx%eldDHsuhS7g_(R@w-BcZAO zvq3vniS>=_2_s68SJaToQ6UMal z(x``g!~{liXJMAlD$!9h59XDxC77%O=Awj83f6P^+(d7UKsY=bMnNh6{l(*REN`2& z=gJZleh5|Tv76P=#Z2{9u{e{k*WtZqL7_SC_L&9vI0_n{nEv&=>% zTIywCbf>uyIk2ZM&}PJiQ$3!X+i6D5xTwm|ORmOI`YrI*de_e}0pZn2TkY^m28yAF zUmqsl{dpuT+99SQP-uA{!=S^3Vs{q94_*!txWw&3{Bh_ezwmY zm&{f1ipA4d-;WXJESRN!sC^KJbddj@U=mCCnm^zU`xd-m9T=$6d9&JgTa%#8O6#4> z#M99oBF)LPJ;6fx5hzvQH_w33Sc2=9Mx0EW0r@dg3vOY(!P1`LeF`n)>#M&EVQ%~y ziDA#sn@9e|xD)9J6Ih`3kND$|JSJE>n*j5mVdwz`3qNb#9<%*YvH+v5=oW4-!w$1^ zA>pnzg!K$%QAB`jd-POKP{!(`j>*tm5g=S?E_P#nYsEjBx%k%w#isYED-d&I3sz-H zGUi(HDBkrc=~T#F>MWA?v>Zuw;xeGajOtz0MP z8Q_k&w`l)Z5r;&{oTVkyO2hm4P=I<1?>)gjZ)t6RFI)p&3roFEAX{mR zQ#I~h%wW|7(#6pBd1cWoQRwV^>?Vs>jw8dKl|z1e&yWl!q&5PN3;}RRAtgfFLQVTF zvyI%X-*B@N{eOcJjhIke82UJ{*xS$5$m&I{ucb zw7`zm;q)8JZ$VcgdMk%cKO4R&iocOk)gNM>9~m)H*yQ#cOaX*4^Q6L{vY@kdta<9B zW~Al7>G?vFDt>H*ZFya9(Bj6@F* zrf$9?!5v;ltBc>wc=Jxe{^sVdn>TPu#jkJkr< zupe&!uNR!0NhP~8}3>MGbN~JZUaW-AF^|HFtSZ+5aWR>Wn zYl2L>SR+>7XYHZf{n7#6tW}Z~@6d>Vi{o!8n{OjI4F7IW&O5wiNRWW={Hqfx^g8N* zb$kW&$4641kDA;nIvMGT-sy&Md-LJ==D=ytxj;R-qamw=4lXiO?tgDquy%f-=A-=s z!+t_7@MXy=pn_@xICMd~&J(8KAKHQFMNfqoLB9U{hbrU2-3{`x;^L~OHMTkvuqpi)>ALx%2t(D7G3R(kJ4}fM54_45sMvXI+HBkAA13_w zfZNT?6rp!BHL0YiGi=wUWEmtCcszNQ1me!QmN-*Ahjy2`{yW~8I3K(b3@>o0AA0Jr zXSEt#&0>wgXU4E0AukzL6C@${uh%TyMqJ)n&TXy@#dc8jqmfkHZ7!#IXd;Ch-9e;U zeKCI^JzMU&h$HUikdy!X?Byy})$Gi$Q?JupgXhw6X0*;Wlb+_k2FMcQ0F5UtA8pgV zs_+uO@1wfQ10nE+5}U*g*d;yu*Vn*h*e0+$Vp>KOr}u=QfFSt2PQ!QCMibcM)9VWK zBUV?}hK5cphx$i|>)&_%xu;M%Pa5Uj6M!eotch8#4#BR;B61?a3LQbq)(c?A=YtJ^Sxcqt-yqVe7 z&;BY#66me+67sgLo@?IUSm))jY#bOlDDVhozkfaFe#!!5Va3 zbM|a_b}*`0bo%C|g0E~1W}vr{9Q&`OW!#J0%so7N-Tc~itk^7UOdc7y>t|=5{pr^) zp$)&@J(sWFVnbwB%NtcOd`+88_KcZHyS^W>juPEyA^D%9eg&MI91zk3lSoQptUYFS zU{aqq&RF4%H`wO@R?7M9&>+Lz%Qi&yM|%=blEIO#S9c`}#Zt;$r2W0=P`lI5sV)&F zehZ_IChOsOh7~1o9QIR7yPG9)O`V#_rn@ceyt&vp^k!6Rd>WDR(2aumsyn^*UpJmT z{rHJir|RFqZ{IafRdfxEOmj-=(v< zMNy4dW1wNqn>cE%r;q?ESlc&>plYsxufOBKQ5kWEYP-kY+;k>V;)5n|T&(czb!_B@k{;$T*Xz(ZR;IJyeQ%!u&~`94&UES`c$uzhj18e!TzgE^EU>31tx9khdyrQOvWO;I~CSv4FhaO8|4F8ev?GBuolf{ zUXm1ZrhN$w?{7gWh^Hw(?pEL$8?&~1dqQ(iZ@0}d<|;k=0_C@Uv=tvQe>{FXj6P@G zWl6VE)sP7vtnm-n5Y-~?Un6%q3h5_)JW%qYsCW3Caf5&|7hZ#Gm?>3bc)fpjO8)Nn zDm@B^o-rG=g~Y2~N;U{tRm|dhBbvXczTi8%ylRjcq@r37i{qGV^0XFm%R@Hnq0h>u zBh}wwyV0F1*4Mv=AjFS9AOBA;K-keTMR*jqdgx2N^^%{EXPfmsrfxeOC?jlbgeATG z%HDr8ba`+YzvT!Kpb#w25!_rgwJ}Q$A8stsYwzmivQIj1_FC>q!CQ8lE5Vd}Kv0+d%xW{r=PeC z$2v&!Jj~w^6eljlaF$_)@WK_`Hj5dJ{+q(I78_Nrf6g2{ZrlzMk@Dvhnrl2bzYF&qP|MyaG={UZ| z%rmX->#sK#GL7IXdO++jp`W{)^@G?0<7KpR1%JG$-NtOi{UEO1HMkScoW!3l?fbb% ze*%Snw0ya@I~ztG$yEf;l8+B!ucb^Hlws%ot@{3<8j=10jsC@IDot1Gr<&Zu7tjez z%8!ev($XjY`~99ClKW($w2PZ41{0!hi@YXk_paEnZSvh3@(ip<&pvgy4gAD5hQ3Gr z&)Rp^iCkvexg|*4VH(ORH;c`8=oXjYs{QpWJU>MjT^8$4?0()Y-thL{x#)Cc-;#gC zd#)u|Ms}QsejCjr4*NW4*#^|&SYd83t9-8CjXcTP&NKb-KR0L7{V-UpJcAf|nS^!! zFG88pxA*zoZpDAc5dKd()vxwnz+ro@s`WYvaX1Rk5tuc^Y(nu?;!IGDHLPO2|JV92 zpB)|;I!FsIQe=83^jQ4ayr-2T2Fd`N4|4|dB;s$;6|oKGavH44pUnxwEIDA$8KWQ0 zY9(KVXG~a*VW!LQS#m!e;bm#%1#@-AaYgYjPInNREyGi=;lxgmGTZC*vu=M8&L8&@ zcTxk3HjD{JJ?TDaqfrV~F4V1kHd%4k64#jQMe@~yUd&Tk5(eTK{&82yAD>^^CZ@f} zsYx?CP1lej>0OG~il~Mg;)l+IMm-v6-TlP|YMdQE=V(_QyqVMfDGT*H8w}A)w`>>2 zVMD4~dhuq@BiP>AzCKy1anhgbqRX3#HpnhU#@pc3D1}~d&N5wsOP$93RyoN`7|9Q* z4!K;+=ePM}8X`6yoGT`O`Lj&j!;SGS!Ug}PX&yFxKq9c`cMpFh{rBB{(X=Wb5&3F% zB^p1dW4C`-N37?~EZHL8{?K?FHEEAQDH`y!JHYF)aJpO{7->ErSu?XDeo0doinkBt z=riidGJnyT^~HZ4YZbFKNot?mkQtfrqjq*0UJ08ld}Pu8SXlGfX^jAaxB$CAzaT2x z#wb=H#K#y^ zu~Xmh9dM4c+kL`tOCgq&p?%*z5b;1>VSTYAmWc}>A&HwlV^|E-7gWVef?bQaH>n8Rj1Q>hly+nn zfY;4D!?)t^QucV%%eo#RU*qj+s~p5VZlIp$QdV5(+;#c%cf;uOXIcu`Zbxjz^dR zk33z7!-qHj9Qi?*OI89Mxv@NbMdiB?37inO2j#a{G~FQgG4Bz3PKaT`vEwCAr-yq5 zQfyCDl`Xm+mb?5q{rxkCG|D%Kq<+MM2_70>oJuQ-Lu#|9h_eD_o%fkOobu&On8&Sf zZ3wx+>6-!~LwZf9&5pNe2-g}^fX;^4O^|-08&d+C-eZiCp{YMP1M8_o3%3|SmXSs=k9kKfAy|qtuCWdBAhesVMf!XVrr_uJecIfk| z285b*Bpjhvu!ZS)bkCVyvs-a4{BPc}f5+#QoNKO8AF2Sp28+{H^+;otg%4~zvJ4K% zbBW(-UB$Ls+#!{E$ILielv0qRyaUt9>ocY< z250{6^K6#VX_$p~&q&aZrdNs7nvOYV%h+#UJ`)lqjt3`%dXev-S7nY4!L`dzo!=8R zLOIFEba8ZXR!ps!M9LHk*md~%;~U#bL-xX9nAT0o0cwyttbBDMMY++F0bg@g!(nl5 zGGS5B6|ac*yuZe%lGEZYucpljH?U|alQ+U?rf5gCVvz~4vX+t_B=!P)kOs^n?DkSG zMZ!a^%IdFMpC`T}duvd|ouUNaC0IfuZDsaohnSVh)tm(^ZZC6^lur8Adhv}t0eDlW zA4OWtSYBi=yU;h|YPUi@?X6zk?5f3iO4 z-yPy)?zP_`h2M>Sj*R60eGvz9vk{@RQBx1%c-U5T=>5N#d-G^6+vt7tV^-!e7a1Cm ziVTq^&&|nry$(SKS1Bp-p z-uJD@^Ld`b~J7QK$mYqgCspa5*XOyc!=hHc=?=<`VCX-%uXq*kTc>j1VNM1($rpyQP z?SHlSMQ$kAok}#D6Yk@Ry^+YJos+0azO4Jx<5`#+9R;n?wQ2Tji>hV1AF`9h_Vqm#)Yax3`Axt@U?>tA~?XdgFc3|b68K0w4U@O`B3eB zw=BMIaRc{vG8^u!Cb_?KbAdh73{g6FPOR{U!RuH%uEM+IQHS2q2iYX^{tA&V`O+t# zwa0?aU8hbtcg8whG$7u1fjmXRF~7idh9We18<*7WwFg^@G?mY!LKs&Zq3 z&MCF@4luY{@%=f<$3a?)slV=aTr|?5>{+7#Nsv?+IUT9gZ=1chR(^Ik|6XKZyxzO^ zW`+9W^rI1PMiiMjjP8Y)Hmr!%(nP2*d%3#XTKE*j?Acyu9hH5%AbiL+^sW<+)#_mE zgj~1G{cf98-!$#~=B>ehR=qe#($yPk>Re7 zp=1kfjDLGhev*zOy&e;&{r=Uv;z*$G%XireVzut^@0hjLx&nW)#t!G#i*XLK|8_PC zKM_&MI^Cx`d8ANSOF=Qj&-H1Vb*Jkk&lnD+9S@30;`=PBWQ|lZPS5_@>fSJ=mlD3l zIz4zrlr!?iif)^l4|+%}KslIVu%uaVbk@=kcLTDMQmJwHop{ceF_-$GJC%!KqbUt80@uVu>T zxYTKE&;aV4f~Vgb+Fz;;cl9^Bu|Caf!aMEAE_OrcA%r75XLC z>1xI^JGO{3dC3HdFz?!`ro16u!Dw9;Cb4(ziHi0^@z}T%-sXmJrG{@w4^%&jYK?D6 zDct@~>&QpKvDh8#w42?hKhbOxV;M zO3Tf){shP{erKZdFI7JC^5RbC%Q7W{$AHl7SX%kMF@809;m8{*@gs9At7@a=vTL1` z-q4qQ1IZ#U&d*d86^9!vd_D2EODOTgZUg2!tg2S8Db{_I60aSZ_6^!z@0=%~;a^wb z^JP3Oe)x>DMb{KbURw4L_2}KBNmh@n<(qGn6z`OHqnnU(xmn9KGMv$AOn7GL&99tK zGJ!(71-9M^eQoyjpVx_FvAKy4&$|w`xkZb-bG%YITh z(@OE5cgzlbU6U^^B)fk%w}_cIG+~xS|zV6j=v4CCoE>QiGdY+`Q(*9t_aB$Br zAzq~djkikFgCBU5jy&)@TzmhvDug}a>Qq`2A{_=Phn;NnkivMR>9 zS8q<8_FXk>^t!A~_Oi43+QyagaLer{zDA$O_`Akbb^JjwqqXB(*DJYuJ&%Xd=?5II zZ_)lb$MZuj^xn-8Cf1`QhD7Pq*Kh6T%D4|7e6mKGOFF;AKb;|QMCF`Tga9|uMiG0iKixG;eMak_(YH-Lwo$ywTo$OCWsACe!^MbhxMBW%e!abOL;~-y zcG1L()E>)se-0}ckhxPb+h5hDnN>I&Y|2w_KJCI0`t9LwJ`*c0%1gt^w4qEYYV|Z> zzpaiXrE>=IGaor^{+K__t%c=5&jyKI<;8UCX*E^whgla@}yQqQ0;W+l#0@W1jcv`mErky1Vv%7{B*f?rqGwRO2ej zzIB}*xf^IIl_plZ^xNiXhW!~=pOe=7G`cZvsKB1WH;+G z`}8o6I^8j)orU7}er--Bcethd_k2!e-rO5L%x5yE5n06S@HN6m?x`M@wOM(mS(W1* zrdqD6or?5PW37+4$;Go-cdmKu9JP4;cryOB;;qv*6V^{F7ev1sUA<8{q-8!>LYm!v z>&?q2nfF=fWMa!y=nr-t-uNoL+8R!ksFtkKGE^+p%}FzpFRAe2OUw zMw@`>NTMy2j-7&^P zCdOTr&s<{sYHUxfS%W62`JXLnFJp+_tT-N4wS4f|@4j=U}spM|( z5^0F0pLIA)uarc;^PwR7aZx!Lj^W?VKIE78@C2R%LFjPHyP_hlguQ9b zD%)6CDs=k!^k_7K{XRW0pAl=T)VVbsxR0au%x@>=c`JWD>hVv^6rUcDHiAYb1Ya;4 z?jh%!*_faZU*AJ*ZB{o=+PEn*a^WoNM`a~rQXu1bzFqdRGK>~$B*|cz4+)!Hl^o1o z?~o(%bLx~k!+-ry#4ul5+mVbAd4`capA}dWt_CfyGu&Ku`@kfw^OLI9ZzG5FQCXXz zpke!5l8DV8p8!qYt3w`r8e4y@%jeC%pISCh>hmo7{9eAOanAQnJsE92d(qZq>UZ(h zS(lkYzwHzJ`7L{H@bAVtwVPcbtuGb^d8F0hOD`80d>E{}bkPhb9B{ju_{;<>H@j)(WmFY+Of6GyG44Bc5lU40Wn*r#-1%)YNZZhs4 zDEGe+wE1Bu{Gf!begA;m`9QvLPx8h~@}r|Ox39A87r1=={PH-lQ7d zKcC{@^RF$`kEPXF zWZaRVgOq~hW#3abSV<|)9ZCzj+|gE0B>Lgl@^5axe5u>%qnS6_#f7Dv41HETd>)0p z^?FyF8RY$qMdeQ~M;d1+?wUov*f>x3K+E~UohQQBV()Ef*U`FMsmoMPH7>_>{$ZXe zZ_;YI@82i??H?45kJgQCuYbfV@;k0G%gJZeeS=&#=~TmVf#Z}(`-G`1Aq^WkNME$$ z^T|QKYv*^hzs<}!95sK#mF!mdp}T0OUzh=42n~Im+B2n}?(O>Q0PV9A9bM`si`9LrNU<50uI;Egc+Je0l8ZSkuT_ zG(PFmjS6aDRVBvSC;Aj}ME+)eb!BPcUVJ=D1&iO@&$^U5`Ci@SUQ^O88~z6jXY#I-W$8wF za%}b4RG7)tAg*^gypLhBroq;sHHYJnL$iMu%}Bo)oCNmFDW3}7>wD##75(RSyUk2h zz4_m7m}1d0ckej-^GV-DDdHlks{hA~y|$M9w)^zK^Glz19x(8DwwZO~1s`8&wQc^t zOF2D5k?S-P&f)mmF|7(*v$V=AWTY#$zscl}vOb*+9oMJa4b1V#&wz2`fqK` z{wxkZI(F5%N#ogkO|tf>!oU56qMX=%2b|hR_S23Z9H%^;#2WBne^#RWRmsBo|NAzv zT>F1)69Y0*&x@Nw^_g-7`5eL~tQEKY?gdo#DBm4=CZHfvI@H0Y^ay;{&+^Qw`J)L$`AMH}q0PrJCx%gwE3(^x37oNBJnhd3q~ zADa4onR9%pNkZ%SSA}}Z%ZY9JzSpmkU+qw)e5~jQ)8=R_%Px)(xg#zD!$X1-<^KF~ zDLrp3Kc6;y&Hdc?1!;l&CHLMS@5e4lv$L=^(<5mEjaZKHh)-=(0xsj$B+~KUCCX!? z6q1B7Q}gzCf5QKNH z=p*OP(LWMXbNW_sjjrUydfHHE%f!>|lbkzrEJ}iPvkE=_D|FK@*3Z(XSpM;0e^LIq z^7Nq#Eff4HFJI}uHqtoIKyYTNKa8-wVBj9~=_T9daWDChWWyOuboc>`QjbJfFnUdR zXcio=iH`r!XF(iYZ0Yx$L?8l=>*jkI;@4=k|8KugYdl4Es*jVNI&ou!Q+KCgFpbx5 z{=ao}c_Hwm^=@t+DuZk9vW?QXxuxiok5>wqGu;U-kfk2!ZJ$-Cw3#jW#=kbBkQbt? zx?pnD=lc=S$8VVr$i1%HCm2%w;e*x`Kg?5|Wb8%z>HBu^@)u+%fc+!5=&9EVu5Z8X zIejZMB=R*cBa5A3B3GN5r_12&pYt4MYv#I#4waV8HE5{DL|cyxN8P_KAm{lnc`9D= z0_SMnIYuTuy$Cfm)n2x=l8XX!8kFn-5?Y?Qws(d(rN<>C9s8LFW!;=44-2H0oJ243 zi*+}i{ipLAMlbO*Q{s4zOiJZi%t`n#t)CfT*{1JVgZr}{nKM@RPT(urPi0i~SI7C! zhVKEwbJ=aHI2Sp$DH6i9nH0XMo51(4ulu{y8ErjPMjNpw479<4-xgGBllJ zusO&Bb$R-l`+5$Z?Y^*EHRh~1XB%~DvRZSW-I|uOfLHl2%g%>VH5I+BZ{z7O@ zHw9m6Ne%idm^nCTNPiX=i4Ivn8zL~mi5MOpwiM$`FD@xLa^}pLjxHL~kCue(FJ2S} z)bT3#+=PDA5NgW3XNQUM@uBJI2&g@#8DwZ?pLuh*e_()zTgxOWDk=~B&ls1&YV5#3L%sjQ8NRNV_AC1 zYFWBT>7MAW7Du^yR>Xru!J|jHA-Zwgz~H`nuF*3C8TWB!_oGR-1qB6CbMMKH#2j?) z&V7#_Yulh@bWcR0Ph|@)FR%SrR%WI(dLqWV^L9W|$w`8lCNMi&2wIGk$B!SE@tR5O zY)DR^r=}QfNl0516Qa0z^JXKtE2-4~pS121`DdR(2M->wC{}H{zem5oR^zqHfcexA zGm9)tRz@$Rb3(Ul-^(YpsG;@te`^7xjE{C_XmPY8ANw{Lz8oWL_!3x04rWd|z%i@X~%Qn!$KA}tIU~K*o z&CEg^RyNHC(BZWis=ifVgQo2o2temv7Y%?I2_+59hkO3$O<#t**3i_{ez}9ROMa+jFxcF&AW}GYqry&zKK7W&$2m2*gj|(Qd45C!>W&0UcG<+zJO~sC54Z8R8eLc zQj%^6{*-H8q$&O3`rHqVHE5COdhbj4(AuiwLnuR;-BYx?+-x=rQ33V*k&%&E$cozk zMf;-A4l6O;=NakgmgsgxQ{pXm?W|6#$63d&-8og;V3Zu6;_KK~xALKidGDr9HP&qYTjG&DIGCU7FGs;x~=+9oNQI4x)u{f-VBQf*8U_V)0%%?+>2{!K`n(lRlf zba$7OmzV!OHFX!u-FracSvOis{w&YhKwshMsi(?9Xb`y_W2vpFS&imz7B;q9%gf&A z@T1wI8S`>^Leu`sTdzZ@X=xdrkk%L)8VW)aEwT2bKs1JbhZfMEr6s+kbzXVzz(0Sk zl>4o0gH(+&dcAlKK76JIeH$FL8`$x+_4NW?GyQ+&=T)$MlCI}BHmdhm2JFHaQ+aXb z%_(f|*6UAHRn0BMbUiC@83+Yep=&h520PcZ^a?*D1D}@d>ST?DaO3lXE1C4tzl<%( zYDpJR)%2w@pfXptMELaS(~$3CfmE>yWZZZ}#^Tu_4fdY6%q#>Iw@2(aQv7d1$-J(< z-Wtu@Um#_NrE>b~aryFPNr?JFj`jq)>v?95$;xt}r>O>NMXr!M>+QiiY%jm&wlLMh z1W7yHd0#OIPwaw@RVbFpeC?V^_9-&Rw;YFNxv0r(lThXq2Nr7<;tLeaH?G=<;WR*{ z{U(~0GADScZ;)ZbHxL(JU-jtif%W+Wxel}h(LnfshNPV+!vaA94iZ+G2@+-c{`t^Z z6qJ$SL{sT;ZSC;hp7r&0LQoU;qi6i=6WZ1-*Oq4ue19}X6aDNYSMhmtY_=E_FZd`x zXDAFkr~E=fjZWY2T51aHK9H3D{`10TKV~zAlEz(prH@CBMc*FBK)S+vmK+)!aqGJ> zA3o$DsG>ngC50!fh1TiZYT=Vk@!SK>7PD*3c-$u&fid4SA@K*$zR8t1{W`i zLSpt7G?IsKa2p``V0_uY?f0Mpp-$bu0ukhs{ zy@U#IIJZ>uQ0wdJnwn2guD;7;7`QA~jvIrP-!7s>7bfQlHo=*4Zz_!ur< z$X|Ehl)aiRDrF04S9`gKnLRkevuHhhL^XUOjP*FWEKj}jyH?mc0%>z9ynkc1aze)O zY?-?_T`e7}P#`ql_{7AR3AshSjYRmyF!&^yHAS?<-b8mdt}{3|NJ~qrWNDdVHhI$9 zTc*r?A{cvC&hOaCOM~TR#Uu7G9~nJIlXSZwi6(x1bKNUsH2}ZErES?m$J&y2L9bE` zvXAN8Qef<1K;XNhYkrTQz4}7WizGbV&!4yf5#mOm+Y##@yq$+90#af}%VnUP&xVzX zp&EYo?i~!$!|M*(2hP7c^JsmqfRCZ8eWEC#Sd9j_z5h)6dwMv~^`?gIyw1-KmDkq^ zNtxZdcaum^1KZH{09WwZHBmBnQSnKil4&Yeu0&f3y3=*}HHOG8vmMUy2cXoc((xv^nC% ztjO_Cy3MOsuS_eiE7-R^iNNxclkl7&aOUVGr84=)K}iOAoLU^ibQ^qpL%`<0^W{*Z zG^mPu^e7A_hrkr29#ia4h8;h3eFOWS*i`cVt42q=p%_fhb(j)*YWG{kLPA1pa7oh= z7ao%9s2fD&zZ5#?-Tui-7aWMzTCGdx&z~1wug=D@V-UlW1uq z{WkW@Fe?>O-UUkmi<8FMNk`exqF4i`#N*R8J39-(N+y?Y?+);wzmFRL<2L?l=G`eM zD2VrAK;Rsx;fZn5W8Q)!0o9J~f=#S!fF=G8Plgwi0z@Kow(Rx7BH_m%NEl1Cf^J(L z*w;v4v*y)Fz!fMtGbw@TX^!1b3dH{`l05baG>6GZ=-Lzh1&aXCbnMtMbeYPw2FdWb zFl|7LTb&F-&r9u)K!upy@wnticy}m9BOhM6hNE_&@Ab3Ze}|wvkB-*}bmQ_tPU)|I;TT4A zw=Y_ABX^a}Pg%jgCnN(i;bJKOeXl9-Q$K~9~X za6{+=eF|5E0ZRh-?JXQBa%Mxrqn^J)u^$9Zzc^#^PnzMLCLRsm>pAaf44LWpd%GhA zzGS>B=iz6dx;q!uj^%Bv&Fl4!Ntzp3C0|}-u z_ZaL^_4LdHWHPkksy`RlX%W_bCX0jca0i42%RF*g6IT{ab+aGQ(Rk%4FDq+i!q&)c zx6+P2@sFeX)DIp!7_Z=4tTJ&L;HO|oAEO6a;>BxRZY4njITeA3!9R$DE<+{Q=$jY5 zBkk7eag+zgQpmT|O|mW|R7eg^)jr&DcVOwCs{kE9KyK!nP!z9*r0#7NK{a)W+F(A6 zlOo49e9*C%lmZQ;FOcqr+@f8{O$&%cF7%mG#pVt}r}}|$+A{i`XCWi!zW6NHK>>14 zrElMUt#|?L+Jeu?Fu5OiFNVK3UwKfA3#Iwu@BvmOn~)7TYUFW}>rdp4Bf5)4$pIU0 z7LJOG>o1m3o~*5_vw~kTcnd*Kll}GO7#~ouEwY(!@O}u>u3^Zh8@xrIa<*|!+`tqh z%J%p+7CJzLw7@+RVCMNjj}<7gYP>Jtqy19hTk?Dgd&xM%mJQQVFr4ImUnUcx;>+CB zBeo9!3n0;BblUFJ2n1$Sfkea|KJGO8ez^&V3iy?VaEUXVVXVRe75Bo!TRI-+EiW%y zRt1t7{DVn0E%$aUTa`R};V~iu=un>N^1#~Ivz-++KBOO)A`v%hNE}}yk0*Sz1(Nab z{=KWcs1Ol##O*SgnMW6yxhiSXK&Ca}Gb0^c4ffE*zX1>x?IpMEjA8JF zWRODF*dvo*VT1Hg(Tw^hm?-kpZ)MKFVtVNf1h$@w2$4lC?qXqi`aE42K~b$`VhaGu z>Ax(qZ`{WIU~vScrKJb_51lLLgadsK!;wzR&Zr@@%P;mG#(t&7gbO9WfQ%FoadDRY zCb>$mowgGan#~OE_4j!0>M5>JLRh_E$Aa@yy=29L*TK+j`VPGm$I1N&r62$t)rXgR zHG8nQ;Nvo0P3uST^#n5Ou)F3?Z519W zwB(4~i$p5VbY0(P1{oJKuX5GZ)$xmpYCAz4t8VB-OD2;>oTA37TFI*7eR@yiJEqXo z9=CgU>Jj#wXHkS^5-sdx1JsQ%#bWDs4<+86I}=BFHh}_eLl;@iY3##8CcshE8`KOf zAJ-vzC+@Rw0onj&ThGl5RuCTXJ0iRyQzn?Jz6((O`a3f~r<7@9`2zp%cgF$J!czdU$5E-dxDXwqZP*-%nZBp%OGf zFbvOfpKxP-)yKV)xHZhv4Nr>M-h> z@up6$h$TSjfQU@qJqZ(CJ&8#${likw!mk1Bw3V$0lzDsoM|s$?%e_Yi)EaTYrk#@fhYlSI@nUREk}Dao zJag?^L*%Zkl}>V!?uukX%*4INfzzyPf+N3HAO}KHqCW#0zYF^k-NCPI+5DhxLOfhB-*?DhL{a^~9VuP8@>1n^H86}_p#xw=30LS2 zuKoLe4ZJ6(eJ$r+QeL`80Zy=SUsBh8SdY|4nA~u+`^h!(?TLA +7B&l{maQ&=BqusK@*G||3f zaO%ov3m4RVDe&nAJW=~OHihTkUJ}+%rEHEna2J-9jM+g8!;hTZtj;6!)vvtn55V{x zMp)+B+-|}d;pXZ^+X0FQvhU^fbsru38AWI*uR+V-!0A0Gs6PbW?xHR^A-iL8JpARH zpVkCr=92n{@WMyVF-u9976N!W`lsS>HKNtl;7P#Q^k@0UHkK*ici3}Sg#+SXQm%}@ zKP_A6a%b+JJcK&n$}|@hAXIRzH1NT%Nod2`x5V>nY03DnN&@gcExVa=I8@mDb+(Gl zsVDi;9`9>vC=g&afTqH~)MrYskiogD0Cd}qLEK04x$~1=1dM8tya$R54GoFi8M69k zb~d`Grly9cY*2Eu#~`5D2J&)@8Bz%K4UEsdy87@$Cy!9kXv?HLfS!HfFSX`NLp)|T zoy0he{M%wY77II;5<)g-tYWFVC3pno%)wh6qN2H%NLEn^@-&Mqw2(ceZYW>ns~lyy}w{;G6x>Mq;A2 z0F&)5Y02e*RytR_eHd2iQ?|aK@%s4+A7kTHRlt2vCnD?D7@zx&@jm{IJsfp+*Zgs#*7BCNYh_|!6!{GK%6BZG(;1l(Aq;~tJxz~@bUahfb5 zkx;eK^ALNnH=moC;|V~PS>KuQwUzl&x3POFMfDQZFvYeLIy^_+#lF5ViU7^xC_aau zam9^OQd2j7gmTf*{{H^-e>f-B7@hH){3mptpK*r(pAzv`@;?kga|Ndt;uPVqCo?v> zVD&coj5W0l`9s{N``94QUnD9Jx{LiP0Hnf3!a4!0U3e z{2Vv2=o8Xuch~@%i@?Co{9%Qm6|J|pi1;z4C}4GBpK%Yoal0FV`K9zs>{bacw|KItI#;) zzF|U&zAgb06MCp!Hu@&P2>@?3cTW^hD2SnBO131U}CnMZ9KL7Q_ zS-IZf%J%kCZ{Pc!Ig^;{w}*rgfCIzICLp5Bxb?KP=|OATmsmH!S=sGa`O=A5K4#N1 z_z6*qV(rC6H7L-z$?!DaheI2|?f(bD*gL&H6YxFPiI{kJK(Y2ONS?pGVwkB=sPj-; z!S^pcVvaj1k1eREsG8WfB+Iyx<2-qllD7iXCZ1F7(9g_JN-dBk1tnddDiqOi{tbN+pn|X1`v$tm7c$I=g#x|#kslr8AV9R0NtCNjpyd&y$6xk z=698VS8A}Fd4nSmQ9OY_G~+LDvlw*P?;fj3Pv1>UjWMn8ks{6C_wNRhwL$b;FrS5F zz^Am6T06!}A0TxAVloXt2xuX}Fxd5H?lLsF;z!?Mo*4f>Nivhw+>ardK8TBm#RpLhK9LY6IaFFr+o7*cofapR0 z#TnTgn=i;@Z3%dH>HB>yOm7Mz z#%1UPsX`o-m?NomtqE}`r=p(>rWXXmjpHz|8ljgxdAj}!n01q||u8$0WuJ`v#@lxomNx2M`<3Jv<-%3kc z1@9~FK7MLq=@RxA2;gIY^mlNn6r~_?44t5{wy{A5D+t4IzT-*-Iw`NaLE!#qOFq9! zIf|E#BPP7yQ_;IY22oYYI#@;}(G zb&X>_!rIyzMEPii83eE+z?;(HsPE0V>IIaVH=#!N_Azx_fJRrQwv1V0{{} zPDV>ay3B8`Y2TM3XAZFU9q#7^f0o@|NYCa(>gD?lCdH_}V7~Z_YR+puKGp~Zh~a18 zoS49eO*liVvZ``p@lZIDJ{a?I67v^HO2yeGZ-Szvf`WpG>>nuLj4}iLXn_;$6~0~< zG4c+x*bF>$)SN)Q62}OWLj?HvNJw80iF@_fTyZw_N62DCiynES9xcGQgvDb5%1LNF zYWDnNl;BB5KTPRZMttB3?b2s{XJNZAnIUSQ9`Ew%Dsd^;xQ9Q5z7qQEj(2AtAGthC z_#+ zKL<4!GQ8Ab=(i&K%gU?h7m6!`5ElgS5HiYUURz&hVP*~l1^#8a5a2}S>W|RR(*E%; z#~$b@MjzlbnYSDo8zYqCG@bVm_F>14{T4fhbCda5q6?9zFXY+m&}`K%5r)k%$}?w! zTAN4ny3WeKe>vwG<5)16#75lo>dnII2iZi7UdrA`I)_I;9XmKY{yXG;PR@RC4tp$e zAAU;Y`trCrLBiqDu>*K#AzdK}7%tT~`7|d_;&O9c9hLEOBaO}?P2`6iUl{xt8L@HQ zXL=HO@vIfA2cbfRL?QS%!z2hDD)JIyg*XTMK2V(Y!D0~(1wwu1M@NT;gRN?A+f@tQ2^Fe{ zm(W#>IRRK>4f-@5T5|;FhAa)t<1TDiZwx@LuCBfU!ng2N2aenc2iWKiY~L{Q-kRq^7}Ux=g6xOo1Gys$BoO163%g z7jH|TJI^c%uMD0i5}av`r5KS*EcN=$D)`;4$&-4IF?D9EbZKMOWu0qeQQ&iKy%;!`F@NJLls%csSt`e(*d{ezrTXy8y_AQ z6l^a0Ki?luQOS$B{pI^R)(=-(OgviY&eE&-c-9%OU;C_a?Z}Oj>M@J|Q|^(qMN*QQ z&$8(2<}d0Whupa73`uqaZBv39Qxl_Lnp$h}3Br;Nr zkUlxm%I)5&s@+{0j^TFk479_kx@6?39(ox)dhSEkFAt9MjZ?;`AD}q)G`+iKZwDnd zHVwg<;RI2VPr22?0_$VOp|2*IW z3^HghxqO~f1uqr}@Gl6X&2`u$b)nQ}cH22cP0Bu6bv6=h@WoXl;XJk$DuRoQ~Y)s*lR|m0h@|gn|(z{AwL_sFn);* zei;U92-ZOvdCGU28@>chH)X}5f$C0%yP0jZw>lkyTN{chnF zaQt3%@9eVc=+4)x**vTCJ8mWp4w^FwYgs+o8od?J?IdPPlTx7I3Mldd1&bwJ4$1y| zD;OCWsX6%GMBjs5;bZK zLqq0F`?SEI+cqG^VF6Ysdh7N31@QnJcmU;FwUIuU>P^(RM4VKmJfpb8@s4+qYTLQJ zjrXPkeAzBoSez3imDSMKf7|Qj(qCJ;af6v-N6zA@0{YBn%)PG=sAH}bIf=kR2uz&h z1$-XADJx4wM7%siBVOqV>J|VGsO|g5Tj>#~;PCrbw|n=#Jz5R@S4VFLJXUPvGTph) zz2ZENRDwXy1c|IMb~)g}+Vn;XkC@$~m~_?J!M8!a|Bei844rbFCI$MIxY+!xuH%$( zd0j8q!VSyP8-=tKJhA#Tf<+{uRccu57{IX*iEG|t*XdCO_df+6ZI0^=b#+4khX#3W z*yODHO|%OGF>{NkXAHe}?{-KC&D>a9B=QH2COTP|0AL`-iySGc8i;WKkHT+VIN!)9 zU%pxPB!F?(c}iU~>ip_GB-%gfBB7LCCysXI97`hq6d`dbF=pjVzZ;)kLRh1r{noj- z{GhwXt_xHBkdwZsmi4aUyT!}EOq-Ui#JyiZIC=B&kK&>Wp9EBXb0F@+L>oRu#dAly z5rh%hQ__{0ep$>`uvqN_qj{>r$HUm4hK9xl!J2_Dcmjk9zea`t;Vdyxml&naoUD#wmINQo#$$4ftNGL2L0{UNlMRaiWK`0*cAHY^8>O8=8(hd~FpeFT({4;L^a!%w+f>2-;HmDu$fo5ws z-rW%V5h)N>;xOmF*0pyI$+Gc-HW zW1+^xbCeZzBhh{O`uYV)3LqpHfWpi6yp@*fGPy?KhCy9*sIszU+L{R@e+OAvO8_=g zjIPsscrdT*H{x+iBxwq0c4eS$2ct7cfXY2(U_em1GOvai!`{LIWl@0gZ_oc&aHBxok--#DV*o4NMU}c)*qZ%PGdkzWQaJ@pd zFIoq|W6ZhJD9gcM-lnL3Ysmi+RZpy;Z_CPtk?*Yo$y-ocuS}o=#IyWV!}yEGf%Z=! z*Y@MXLp{$K5JK%m&Zm2&7m876mWEjj_Cclj`G=55XJ%%${OkV>*#ktX7o_Eq&*A70 zgAI{bKR|aIxwtTnL-&9cMlf~!q3GFqOEF6V^N3jm8#Y+$5rkKdhK2^P=Y`C{WLgp| z2j9Vix=z0TVz>DYPOD98{Jq$b(g+(s!s>oSe5)>By)SPgc19-yB6~#biZ;?jRtt8@l zA}1uweCSjPN&4cKC_8dwnqtoWV0JP+&?BCOU_) z*6=uCLu!183L>&3&s`3mCftdy8-45B1{01$dY=7C-=meY7(q@{+5JUwECOQf4Wly1 z552N{Pj1#n42w@6J@7>e1x6DN7^=&NiSqp}x8m>b(Q0P@Twhn$IxhY;TGGtZp>7qdSSb-&4#*|AHb<_gwgD zBC5twnThe0u|V<;c<#bdInwaW275L({$0K+QH+BH79_3@!H*Jlm2pHJN@)P@V*60+ zKy$9#`{|^)Gu~+kf<=vK6sL0j7ZFcmeBypBD?qW+W%a|fo!^?id@+^x{VUozqw^zF z-j%E|I&sr@u$1wHfQ6&N?o`nm?`5LdGL3aeuVT*nC|sMP+~vQ(f)bD2JkGrZdx*Lk zLNZG%Q=cKLm8S2pgHe1ha9QZs6cMR7ugXJdZ9 ze*y%z&a#FG`Im{ZYaBV%kHu@d6#e3bm-bvuWTZ-aR8<;Qc*V%=Qiw{-EnxYA>etGo zK=;dkv4b{K;7mHmRY^q23*gc}(MsRcKJ(GIk42IaFX-EIjB`fYy<-ZyF__tN+$RG? z6dL&h{r#t~t0g1%p|ZeZPr}07!a__@Y-ORUna2D0dXi~Jl=_`6qtIM+que>ql2dz> z^1xW7z-5QtxkJV``tKfU-LPe~dN?I+=w`VIogYML$hmXp47h4R03{@)X_J9-i&K#* zFf=f*onFXvKwNg(C$Dp&9d$k-FOHZPi63sg)u!J3tqHZo+HVf&n{#UIEJ){%-U)2I zKPE^QQ-dElyhL_M$k_|bg9YVqVCj5@<07ln)v=EUs79J61xV>3+tLah+A{qEmCB|f z9^b>+ZyL3ice3rK_dq90Zc^7VtEVN8O^07{YjJNAMhM%u^{4hFAA26m3O+!0p(oEG z1XbPXZz@}2;_{|-zU3UYq_p(l(94tYm9Kv;%B7R=_#=;uaL#_t^@GF}uGl9wZtYzC z6c`^C)y*R_1#S_<=m^%~q=CUU$fb*W{xU@tP9||%v=ju zn{h?(t+vGvvIINi1QX@FT;%;lW++i(B1;qron24p-u$Rec-`W>jt8n{$L};GMGL+O zT;G0YPym2AR|t8t+;tF`AUd+%RH7Qg3IK&u%#s9B1}1#3-ji?;n)IAvO2)gI2Sjcl4mAof^`cIL>Ph=^9{9T*kqcGBl8(8k4C5=Kg0B_2v_ zppi=KTeL(TQ8x_o;zP#~A~ZqfzJ8{tS(2;MvL&vxwAB65!|NcLyT)datm!T`Vt;jg zeYL>z!i5Wc)T6tbla5I^$!FdT?tGjD4&$JOH|Xjv_eB(I_Yo%M1j>GFuZ=W^2~7|j zRIWvdZd~;%?^$ak_Hi6KSBrc?hy1&R)wX~Q3Y6CmQE(GzFfl!x==A zq*Luyw*NX*T=$g?Uu6`OFSAbgdhtw0a!_E4@MSfweL_O&K1qp*qF!NSC^`|(n26B7%QUjL0M^0KaPDPT9i|Y=CH>9BM zGG6-9qqNISsra1cxvy=o_J~z?fh))waK?b@dpLQiK(}CBA9l@aJLEG^Q($84UCFVz z$Ja#+favbh*@1zYvXNrj_dMEQbF=sD?>|D%4+hp$_6{uQl0SWTlii1@LoS>3xav^> zKB2Sv%T=2Crzk1OGBh6U)p;Js$1@?t%tyJc1A}+fhXQsf66m z8T&$6x3NLDcFiX367CwcxbGqyX;0r#F)SR&&c7U%lqg>J_>Z-7XC?#6hcr*rAz3)) z%ao4T31xk$K*yT-I2;xlnwr)dYb#vA<4DUshQkoqu8E34AXf^+h8cKKrsn3`cJ6Fx zdaw_)CshjgU=)wuMUG~y%paF_pZt6W3p5LaOC)W|Jf}4g?L_b1f-*&-WFT$Ji~GC9 zQH4N1!JkY_MF4vl8+b%oI*u6Qhsr3Jbv2x;E1sTeS)DA1<0>nUAzwIxD5AMe^Loa7 zVPT;S`a%|d^*%s}DGB8@M3DkmjjhB02jpF3jvl=q6{Un^H(b&vFmV4{ueNkIBynRg zE<^a)E=<;IMIP(b>({ldt*zq@6{uW5o5h0(SA4YrbsVuj@td(lJGx*#+FRO`BP%Ty zJz;GLZALlzH`SSXGkU9dTlb3E(mnsMXn13O)O$QffdBBW@^Mj7QKI7ou8h(WF`VCg z>yc|Sb{{oC9QBr8lYm1r^m&6%*MTiZ!cO|pvV)CH4ct0n}h?O1|VbM$8TaV!)~2uBuWZ244RxzQ3EOUW{kuGdDFQ>N4N0jP3w6la|Xw zM`wfN4!C)#wo4!HBF2B^+;b2yhLsW90@irta8OTgZvt{45^yFs78qUG)C5YN>(b+a zfgqr4p~y=YFT#?}yOroLQyv%EX&oQN1; zM?K5a(wbWP}yWU{Eg79=mHy z7je)EFev__#Dxoz+=Hk}f?Yg;#ZAt+gfW-7=PREe?02xR%)+wfo_!mK7M6Iwi*$5! znR>||@hAjf*O*u_5@EwRwM7_#^yY^jZVA-`14-Z(!~h*J3gkkEVt04x(_TFcpA&)t#N&i_DX9{x%g{l+-8&yxraVdKD9pur4KV+KN62s5GmRvr)wLQJ*qOt=vJp2L;LiaKJipVMoJ~oW~ zfF@{1?~#ZjLgovOK@l*#J9G@RzkS`v1ijg$l$^BUoqQ;?h800+vWdRu*B~aiIKXh}mB} z5A^Zz5wRI4GCzPqZ?3Szb{=FNs51IFb4N3yx$9OWA8qiTVV3u$TvF{v#-?gd2$Q|p z8KTyaa=$BEeT$2&?ZUW5+=J4m?*bzyx8)>6-hCh2ce~zuhk2)IPg&IYTO={$Scv{A z(GRGYqeP)=d3kxkKo(BPwWAO7^75MgY2GJ_@U%6Z$A*Wk=XO^v9A7Kk$-^^&LRyW6 zCOTx+&|i>vNafJg`A3DrLqoG?Vo$qSTUkZtcy6GHtC^_0ADNhNe341)0V*ZRk-g@Z zU(r^?T=Tq}DB0=p<8rI+>)mPhKdTqG=9g$11ko4lPJ8GfZ*c3%siGv6U#fP`s`FmR z-PYft9&#YcC3KgWRkm5-Uhs`aG1c>UoE_X$1Cg8f(zm95o< z{@3hm0axYz? zdm0TNaxc7HHxrB26f|y#KE(Sik@ZW_sMjan=PepM{ ztr~87E*Pi2PinzQEKoT4&av8CR%mQ%u05)8zul=w?dJs5`!lFbAj<5c3`CoonihWZ z4RvvF?D&8*d#V3=S-}hMi4LQj(~-j&npVGms9v=e5Z8Nh<=?7@%ei;jR}HpB4-NSp zy~4LWU^(dC#MZDa!KbdMianuGDM}v7bGGX!wlZMeevvv#`>>P74K?ZO9~hb|V`j%i zK4+iOS3RgnaaN+7;nJ1TU)2ulihgB=>uWxHlwHg$EIQ$+s$DSR>@y}6A-!e#rIq>I zsm_LQeezlE#VLu4!>Ufcz7B8v-Hlk~x^t~sgQ>v9iu(?$YM#zkTJ%}m`n(AXvkm7e zgK9XaL&50&)`;BWCWj+;M2VBOi5QtSNqcimwwr!?RJOWTZGypn;WXXSEn33JS5w)_BR#x6)WWkfHc< zyHv{4r+XL{4+uGk<&`DFdhprq73UAyzqvtIg(l0ZY@u0>pPp@ha_(IJ;_OgMw4eYd z$4&CR!Lxqs0#tJei%QByK^NM;y9k{y>wTa!!Q1N26_^ zxg&1hZhbtqA`|iT_0WsR$WN4~jx%q)O_@_iUhWEZ5$#cF{@>FVZvGwHxo~>_w;=NXX5E7B{f2#E<^^5#T{^a{Vo5}wC zm>uzRe8@+ex&6JjVwmxXdAI6aUmCe8nIBJno%iUlepj#>bwxO4fPF`AtJ>%6XI2;D zwbjafGtygvqvTS@^%Unm``U5ibv(b^ zc0}Xur$)VbgQ-t$W*(3B#7S^jciwqY9I^cVs=!Gp-#ZVi=~8=%o78INm-^;s#7=cx zn=Q6aaE5QLhfX({})YP8IV;IZ4Htlh=g=^cjrqtNJw`# z(hUkqmo(DdUDDFs-QC>{-*E4DfBDDraL&x0J!`ME_DsIY{e?Tv2q@~6BGeij1nNNg zQVvQx7hWs1>JG~>DHu0S>`M~h;?!TOJHTlgERnd~MXT8*9cK({ua7_;S8@{K1U;Za zZtYx+f4^i(e};%SUQN$80#R?j(}x0K$!-~|Cx-^zE}CWb#9dmc{#|!s*J5?%VFXX< zR94P6(LJGFanv0JDu6SFy93fvF_gst+r!**Onx;2heRY4e7dhvej2|9n>P<`0^NEk zBveIR?eO%=BDffghU6VD9NeEeJG(qp1iz@yC}D#6(-?x8aWybLy4Xo@6Hq%EBSr+5 z-x8KBO0DFqM6CYoCmS#>V!9>2jfCH9uALqSgNCrEI+kOetii=n1H~!s+HP-Ay3f0e z+q3mieiV?;meAVoXh~EMwh4y?B|YAUmt>ZW_ik8_N!yU!Z~)o&lLBasZ3(Ta;XSa9LdRx!SV0j6>Q8C9z`X7yr7( zI>UmHx9?Q1ZFDYF1)KA2@odif>pyJFBB9ViOmQHz#{>J7&9m&xCh9Vah)81mS+I@knQ+kVrq&;Vz89McU zJ-IScL7{^VO)LZiVaXif55s>x>mPzd69IlK3N@%W49dQ?Br`7)a^+#h4Xhx80?Vgn zX`7mo$^D@fRq%SmX0R>xmRiolS3HN#Jgs=lerRwXsSfE%0RfT)J;MRc>2>eOUeh<$ zp!hc$`TqIwvW?rZ>!+NMn^2H`^Y@;lxi~(% znpFpsezkQr*wfi?nL+oGKeBX56y*{(Vo=1h7@F2r~-DJ zW-S5yRm}9Lf3uTjz^8E0R0z_CU+{=tbJuC|%a{1CG@s=(YpKRK?v|USjNQ2ETwKCl z4vJ-=&aXn^soKFE?GRk9Pi{hNil2Vsff0mI;h5@k!3v@FXc6o)hkZ)(_GR|k;yMxR z<0A#D(@&qEzh864ZmHvuFig1ETk}W5b#f}08n+*HnQK8$N3=;=rIt~(0$N$d@kS%Spaqu*WIen0yxuk~>*ab&c+JBT|4z*9WsQ*ZBQV&LjSZef2n%gr!!gpkVc0HM6 zhFFq`W3gHUD=&Oc+B+DGX=}5c1lN+4r8{4PW2atCHyROpifk>7bjm~^h;zrOXSI#1r`0OVYy z+9LJEIdqq5uxek>R4m!cPP)ynJtSI_UP&)~^~Clswh>DCqshkYwj?25=Bopdo18cI zR$96QmG3CIh`u|2z+}m?QX>%b_*q*@e~O5$ge8Xoy^j4hv_Ifz0UMfToIO|8VnI>_T`u7DI5ktG12pz==(3@|ucowZ(sB(qF5oQYo`|V^;u}rU7 z5(HxK`8gLCw_=f(JJ>URs-^OnaKdy@3_8a23`H1;~a0l}- z_qZVs6tq>=cF}eD8$R}!XzYxH<7$I)NrITTOH9JZ!sJ(R6EArETvKqxq`JEC93wY% zaIx8_sfVmoZdOn-ZZ1FHn7M=PgnyH3oFR;}o+th6=B;6Nc7yXa0>n0rD*EQmMbc<@ zXbK?i&!Rp7IBrj?n^IJ3rQD=Q8sn>~_VSErHUoN3SLj$AH1n(0W6W4b`Yf?l7tur}UgZ}?`Hp0CM6b9FK8C8u3pNxoS` z?;j3R*}Ca<5aG@^oTg)m%v18E6t`KLELIrIii&KY+~2|H#c*-dmE4WQ-<>2ZK zj2cQB^0*g9;3wP;&=W>e43@6;orW_-{`;gWo*d6Gtjs|lN%PfwDNnBKHpV2$UC*oi zBpf%+Ia)frrw1iYeCi()roa4PC+Q+QSIsZURT-@47>6YZBdbU&XS;!x6~bHC(zuY) zj?nHLeXpIL@9`EYp}vC{XT3?bI~y>jZ~;*Lk;BgP`stpGoWj(-`NSXg{Dm?dtMtQr zMC0yA!3)sk-__gA?AQUVdbG+Y-P}g@e(ZHI4xYL-0USmZ)3UWv+c>r=&LY-;$!_v*0Yw~XBSok zZ6}r3i}~}bi;c2KWV4r-WUzf}FD=RPi2u$K(@59+$|Ps)#MZ=Vt-oKQ0W9}BzW3zU z$sD-=6W>3hLT7#{O=J!1y1UapojpIUzeEpXOyZ8gx0<0EjLs3Z*@RbGe{QLx)%Z~- z6S>`NK(H5s)=+Qt84`{|pXw)iN0m_I>k0ePy%BRT3UR}N8YZF4-n_`qH2$9=4Kymp zukX8YLwRc$|KRzbw0g;!su`<37pmz$+iEcRC}IT*ga1V?Tj-pSkS$e{2D z)8~zDFb5Z)i?5mA?OQ9J9+i5a%h7+yDPiK->&3r5U{6$%YL>>g)!A$=8+2ZHX@l5Y zd0vCM;=z|ug1X>O=3qXm9=)i%_B&gx+UO;`e@@VgHQ{u1%`%MsjR0&?Uo7Y<=+oNJ zR!v$W;NUpco7VGX{q+|Ob1$#GlB7IP+wYSIQSFb190_T6Ug$?g?!L1edng`eV;9hM z>4ag5)wTcC%{Ky}0x>tgczLfNn51$%4)PL84CQVkb2QmHnBRoa9Iw46+hv+q{ilWd z%cUmg58yR5T~A~|-rHFO$^iKa&qA8*%eP@@OzYeQNOFd)kTF+rtF(Z3!R ziKWr|rKIc5ZG=#8B+mDBTTv1o1suttsqwb);M7`6ZF1N+H1iS-vgCin-vFB}G#sp< zkyWTf98L2|F{TM0-&up(Z(ad`Ic~18JedT#NHl!x{&k(EzYaHa>zSEg!}wCA&Hbmw zD$uo9RdRl5Mfx>`8twGL-}P{2Ky0-I*mn4Q^%prnnkY~z#)z|;>bt_~my$Yq-9(1K zsWTTkpXkvm3v@ju0ku5B*P<`kKHel99dp(8qyh;HD44jRR+Wa$Gj;SfO-}tx>lYh^ z%FruK62g{|)5nLi_m0mV*)~PfrJ?x=m=KUYKH5CqINwLSAFx{T!3=vBif|ur+DP|1 zZ2twD)nlDC@z^S%RPmCd4q)2hIY z?ZTCIyW5``okptdwn+-x-GJ5MQ*^__+JF8-^*vzlBZ6uu_k?-H}O!wX?uL7(JbPIWf?o>{$hjf?_g%;ZY6Lktae zzxVWfw9!Uvyu;cMfeOC4ZO<4^geP8Gqd@I=XK^)cS3qAn{D1>JX^hLB%IlM|_8kI( z2lR*$X-K3@F2~Eu54iKia^ua{hSJljewmq!37IZBZ@XQk+&>lFUT$=HU`zOzmM4}k z-=}aoRq6KNH23Os|8%~2q+T6BI8&DE(c*zU;s`J&1u}N@{vn^|6&0v!^Q22PW%a6l zW|2!9FU){oZ3Ug0FZ>Q&=Fj_Wucnt(CSgfDae*%{)_2!xfLDq#VQMv-q`;6%7Poe) zIY;Y_sB}EmwB)oMn(7X%#xqr-WmgUXiEKF=q- z9P~ON?fQLA$?P96&d$TIosL&u8$dz6v$Jt9fD0UMAghozx@=EELa8@;*7u9R)tBlH zk1FTW4BkXUc(s`#o#YO$@@hvB=C_cb z`oP(}t*R+l_M9Hsua?tUT1}AZ>Y5IZ3+yf>8X^D_Pl`vH4zG7&d!SCf^Uph8R0e}R z@tG!L+#LSH$DM=uYP`ADR4uhKCX>A{7{_zJEg~^EZ}$}IvvIvtHeNnm0Uth9|1 z(yB7uUXB)O7OU2kJ01?i4ZR-FLhu!-Zinl(fb|_LpTF4=jCQ15A2FD(aJm2Q2i;O5 z`y|2mMy||ct)5_Ax$bZTyH$ZoOXGa?RL*P3-{kvhhsPeI7wt9zHCNY%Ff1WJF}z29 zznb)39@2S9iNU<+bWVt;~!>U1(02*69WYVmoCOSqtF2@$BT&RaaIft$_x z^l6K%RBfrfKbYcp0dj3Q4{4;VOjJy?!u4`z_hS#?ub))yP7jC*+}ss5xVS#gpCzR- z7g{Bdmt^9*GG@^*@P>2<2|vEx?>g4XeM0yH{v09}dkD93UWNU>l0agjqiw6VR$T?r zwHOX8s$Sjnj=U3Khb;L4zp>xj&kFnk(>$jFL}$nD*LzZRY&rMjofuP zeIDb@Uy~KoBvA=;V3nQ6L}NUwzv3W?HRF8gDu(r z^!E(`sJlB6)R$=smCw?)gNt;GEV2~dQ!TVzV*pmy>-N0&Cp4_X!D*Yt`4Eg80KM~W z7sh!pQ#`l(BH)OQL@qa`*4Z+9r%{3hr(?^SVSs$O(|FEHSNnd88yOt3*~$XwW+?pn zqJ4k6N~gC8wn}w28ytw#756{|vk}o$hCRE9GJN_~H~+}To9^3#uP=AUoF2%8Y5SEE z$dQS+_q(82mEW8xt>(ME1l@twnsq}3sXI>hR~84HRz3BD2}UN*SD_WXo~O(P{~)%r zwx1OQ6d6=?trp{F7wSxU52m}sC6rryydQk-)*b7&L8b=h0{tOIqo6uma6S|df4EL! zvBrAS7UoKEL5>(&ZB8N)3#D0f2Bc?ZDv$l^2!36uW*jk=f~=(e!QMC^)7HP{f2>w5 z?HHfeaBo#CR&_dq= za06XVjJFc>a9Va7oSjZ}x9wG3C0Q;3aE6$&T8N#unl<&nG}yw_+bXKp`J@YNv9GW2 zbgdTAemCCYd2g^Gy6rc!&=X*%R^nz-mD&xvv_A8|4V^j%wSU4UJkT|TDyP?b*z#&{ zsGIk10sZn{!lUObzfGXD+;i{;>hY~>KEla?`EYSPy4{&Z?mOE%DUH)=OAK-?Cm|#H z2}O)NYdBKD;4o;ViNX2#-BtRepb91+OufwvP+^A7pC2`<^&ttH? zZ7L)DSS~^tS*{w3rYsxt2ZK}M>XsYVj}8!`EdJAOcG|bD7GtxXkIpL;+6nfDW94ge z)EQv33T82R+p4hB>T9YDK}*Ga1k%dcVL1TpAqfn_l&d~g=t22~^A*I)u!u}NyVdbN zulzEmBci!V;HN`CvKn0PSORp6ervI@D1MIy(9!K3Cg-j4!#WmnU$95N|}O4qA_`K>0-+t=Yq+?L;d-`9RK7 zdr(M_{?SyS_z$k{zkdB<$=O&b)#~D#EUxt(#OM$a{$j=E^)jg-{=*HYexn;ZjfZmU zPR|zwn;21bh}c~29Y zU%`I;JvK~018G;$imhSf6B+z3dK)(_b&gs*qHR~Fg961pW!4}7LC=O6+rBI=E*{yi z)&D#rDx-TMln{58q{g_CCDN^tXVn~96?qO0MF1k+*)g_D0P$F1ZUpUsHrsQQlh#aHOHOmXml7>%u<;0N`tqM{xnfb_n>6wq1k6?H;CXR8t;D@ZBln2*yHd-5bFzH-?#{iJjF*VElo1z@E7(={e| zUDWh$Py9z&WK&V~#3~z2J9AaO=4KY89+7wNV$;ThDk>0@1Sa&ba;{N@rT-;iBvMe2 zRjeJB|A@`xw&*0-d3xbB^1LQt;Y;Zk2{?N$`Z@)UY~&808|3@zjr%=hy4Y;qrB*z9 zi5OIB;$r@IDJccBIZ{7j!x?|eiOpTLjA}eTT`0QD|p@(n`xd_~+^3xc-gmi~9Eu zF~(|g(z5nWcbID(L21XKnbQ`pyw)bUn4|7sDG6u{pVoFI+A!$N=c>q&v}!Wy>NyF3 zf%ZV%?=0)@w+pgCrBe(OXNhxAih8}Y!wqz~#c2+2H8>6n;Ekm?1>4`9Y7QR{3ucE# z4xcqU<}SD){Rz@K9^z$2kiJ?zB+G~GhlqO&8@_!XkAurg2zEPLl`Bdfnh>bPy7NQVRr~!bi=Ny4&hjRg z&ksy-M--k(nqiWujj2yV^h^-1i}m+T{~)rfPA#UTj+H%W2?aew-6Y{POJ~eiuY@e* zyKRr~@mY0Vx6X~W&s&F+qjA?F>2=DtP&9wXUTT(&90H}p#YS73T^ri%s%#5P)+(W00LG@1swv=8j1ms+hotX?JAG2cToPikz`Ue z;B?JNn}wEZ3_zxLWXx9E4Pva|axx5VayR~cgY*Mc0Q9%dCjm(_Ntq~lsUb*K9u!1<=+<8i6#@czga|djMv40O^yHVpWIM;A`zX%^0Ba*@mMO(C;dy+ zJ}#rE>hB;c1vImQQfn&BrX-CK<)x+;)G*wde!f=sA6d>rjts2Q`yvWk(=vFs}gzk zF^x)LN95rQbE~UeR(4h*m-(ma*|P3pd3=)~;T8%xhogCgQ9ztyr1GpQ<|1@9IT15Z z1ne92Ryp0C$o4jUXo$fmm<3=1b~rh?M#1*fxW8(sm0l~hx1}0OK4t~P3^tdkY&>SW zDll$&Tn=m3cA_tXvw^^&N^ku4r0?r6aGD3fe;{R}3KH~r3~#HmH35?8RKJKSo=_hn z;4BBe!pK``Y4yk@#~U2g19|}P&*?1G8qs7u@~H#KEqblixK-9fcU`((sy-54<~``8 zGq&UfPbXLdb*H~_eC%Ib$OJxqC1_G93>}ylpxd>l(!!>tR5K}%wx#t%xTjrI&|jvI zi-mp#vzmpaB+lwtN z#Wt^SBcZ{2oDof4kL-I~0d6JP;!jgb&UHvpH5Tgn{&x3Kt=0WsJ3XKP+*_~xM=_jM ziuePI%f-5E^gZ=v7+eJY;Ku&sd6Rn#Aks|CeKpteJa@|c6dyn6tM?BAT$G}%?e?^X z(k&f7lrY4Y^i~Z0xINjn1R~yl45E_!T4S-&>wsJ-QP;*Wt2o)QJVPZbg4LU@8eqmvK@_pUxYWD{cu(0`5kIi?)^p&Gg5HFdSQ!rKEtHSgzeHZb(!n;l6VylMcYioU} z00OZ6`Dtlohn$(ohtU5J(neI3o`Zznf0DH(rr4s(4-5*UztAX|_O4B_Biksi%Yt&_ zK09(+_tkmif`ky`^Bfc!Y;f8W{tGosu-I#RAS{s&8<&^YCz&-6kS=`gPwK{BQ4ogx zrg-JtKLZ#~`TT%AjO1bWA^$Iq zOp3eb96XW&k&t>7vjG^9COX>B9@C|RVcUb@3}b2aR8ivDnZ5^H*AngRM;;U+3Yrvu zfY60wGA&6u$g-$f>QTm#*ulY0Z~nmiz*yu`*wSVoB$On-=B0aXZ;vz%37$ z(12mYy7G8q=S&!zRExK}en1UWssX<&b>cZogZytwA}G);K)}}3KIToY&G4cSk26hKQvEaccVXSdgelFVQYdl5E%^> z%lzh&KXNCPhdRdEH;pF_z(^C1ALN5902>;Q#8Nl#ya1Xxwz5=1Zplk^;VderOZ4OM zQc^K^ijYEnYiD~fNg!WN-c;?N%g{`1R(sg<)6b3@u(L-TtqjlmzN~}D4hvvu9WTZt zZM)0*q?N!~m2&PW4I~}2TjUBxo!@K9j}2{h-mR|*t8_={6a$hW2!pqq`3dOvSMou> zT9i4o5Oz!_N`8%l9t?A`}@Ug`*pEipCMgq8N7&u&9-rf<|e8NL9gTX0blg)?epjvE) zgj{NL_ytHJ$Ad9qph1hCPvlC;O0EGoaQFD|j@klZ6`LnE&T$tNn_#5Z`+>=BQ#^(; zQh>J9)$1ll3PgB?XD96TMx{t30d@L39J2b^^(@{}s}8o7`}&p?0Sw%v?-bR{%adc; zh)ofv=k3ng&9SJs=vckjhmgMw1{QHFs+G4vC{D-VsKnh-V7uv_4aH;y8#idjOuXLD zFS)-rJ7Bl)Q~ph|7ajB7{Voa@lktKIoVspimQ6>&E%ivZ$jkFbJGEARv*&L^6B+@| zz{+s)hofhn8Y4I$b7g?0%&7vsbO4|;X3X8t@rDXT0%NrvLCoEN4=7+( zduhC|I&vh1@&L?54j5TIO<=So3@nXS}Ma`r-nM)ig~WBL0AXlk0hd z)BALpgxH&~mj|l_mt)Ht{bn#RZ%n}3OaiepJb=6&6wT9+y7MI%hbi&!ubhwOdTsvbeV;cTAO}XSUo%tFkY5`2fjnhM!`++z) z0XyC4i<_N`{Yhvz=udc2%(x;zl|1isM){TS0{7x0J_X#vRrH1sz3RM-ZUw!=Bw5pYEGp$ols<&SH8a z;|$q=hB1gL5N~8%y+$TBsU|SJpul&$KGMh{5bWumj+34)R<2eg1^os8 ztDR@67TYs^rI~!5Y%2pVOjlYO?m+0fl#dK(<{anU5wAE+YF64vKmP`&9mLEZKY%`} zl%viZ5=SM}eK2j$nfcB@+nO#xA$_NPxd~|T>)JW+xwI;8?1Kqa#?}Ao{NH203p_*r z9m^oP;?b!))$#y_6lv4gtnN@;7!RJ*2tZSBdS26bq(;24;yK=)c&Vw(d)Gg6BI4*a zb^>Zk?Z^FVMl)Lcp&}TP6!LzXXuO|cdF0E*B*c_ZX*A%A7#SI0%DNhj^UCXsYS;e~ z09xM~O*O)3j=d{DOH8TTxoka1eA2d_K#R>y5MTx0t}WpG=RaRxfSbPAJ9Z8)r>< zHH;jmeZtH~G;p9%f^M3sylPnHeD=gc!4Ow6B(V(d$r;_PCLtw}1Wvs({1^&u>i6lP znD0Nr6M@Xx^%FWJ6urH3FjO-f$3){^^%H^;C1bgEE{9hh>_iv5a5~c(O-yOTtS^@6g&)$a_3exwB>X)4svA(3Q ztP9#YPcSc@N&$8Y35Ak}Vu2UWcuCBAPEYJ>7Lfn`TpzNSU0*ua`B*Oo78k`fyz`C` zH2mhUBjP3KZil5dlIH|}jVlm)+v63x?}E01+p|4&{NTg%v)zcb{36wd_kF8eM0nrw z-(jbVtAwuZVfxwagJ~SO00>e_jkt6d8l|lU7EB-jn=E2TU?$K(m9trtQ|2eTGuYa0 zu@N>}9xrIbf2ntM8gdzO^#F?;``ryN^^~Q_-AAdGt1(tDhoRFelJrh&&R15~=SwxY zP<*wN(QCNSXh14S(a{N4V$aJTH$StTrkP|Jp{eCr9QC6nA0wAyxv#ddGD|S2NLzNK zi5tjqG`eWxIIZBwPI#`Xnm)aK)x6UVaK$YQ6PC-r$^^6=VPv+AeTel#sm>{(qF*ftCexj={cljj!vAtvKaYNkkK zoqI!-mHHg-_T$}ghf9J|9Ql*))i)r^R*2H$AOfS*A z&U>Fgsh>5CYxkwn!&w>}Z_B}*)FdEqwA`$L9l_-GbjOzf1FW~7bhU?hU50Ml0UZ~1 zz8Ma#Bs!fbjpIgMez?uI3&nVoB4&Ggb9f8=+|dhXq71LKP+VT%Aq3inyK2Ra@CF24 zwUZZ*Hx;b7*dTRIudg)mo$GCP0Ga+uy>j4^fN5u?18IkiyT%SfaOb za$}CohbbBsr^nyKAMcLrTOgYg61gi?L!!&$g52&E%ud6=39)Ve6;K3 zv0LxxKp76Wx3R=T7hrsTBKETf#!Df$?vfPF$m>uH>cKZA!gW&|I3x#Hu+jlJF2r8` zuN&qOZPWLI%@SIT{dfUgNkxTg*FrabzBK!|`Y!!s4AB-GO4!@WcgP&gX9@DomKvEf z{#)qp{#6)?xw*C_Iut|Ml|QpD$tb`e-`@vf{#JTxEV6aCvqgvYJ-6fcElLy(Tgt*I zF87%X>%f&*+iMI6Li)^_O3jH|1gk-ELnm_A8?gEVi3{r=Oo z(cH;=$i!O9uX)bcx)_aj>b6fD{*R9{$u%w3V`$EgEQk)_NRV~L}X8{ z!TNlJ%ZkhT`Q08k2g%B6t3Ra!4#3SMbc0KcE~%4&k*F7E#EOxmj$c1&fC1`ji7omk zR;XCcutJ|~kS-Mtmw5&liOsDX*PstKqmwUE3M5>-Mp(N36pH7^DEA8-LVY1`4GW(| z=xMNvE>o{5={Dh{`~IgRL&W=oMMe(qFG%-K@S_J8{L_c64CYwwiQs>-CMS z26<1Bb8g4l)z!E3eswMVVX-3sCA1N627uf8h;k=v+kTT$>v110P3_Ziv~l|IDWXt| zaMOI{)RTzj-j6}$x}5%p_~Y-wLVQ+j^2VMbK1di~p&Cfai{fI64Ebw`YV(R%uPx{E z_OS>Qn;PomVC8DvQjN`idK`=FB-MN~QLZexU{2FAvF)3XuiSgh$gci=CGV)8*>oqm zN6BdD{Wxq{Qes_@YbOd?OmOzKloq}aEA*~bo8W%P^A2PPw6uEjg1VD;^;SRZ>H$U- zah2{4MZ#=X*dnmDmK`Y6YzSTX^g7a;GkI{%z&FUDc8M^wY$F3)8jA7sM|g!xu6!oE z&B>e4!v%{84d;vXqS|uUMgDY--uo&`xOLqfEBz_M7|<%emcOehvU*EUP>yuN;u<4@ zmca8a2kB?d5A^xxt#T48)i%AOs>ZfpNBxw z)ji|fDA1H0M@FU@(b>GjE_GY|67-mvD%@-C-$PV5&;}B`^K%zg#6|_Y-Z+mV475 zwd-OiKKIa#Ke-^tY6Bk7Fb&kQv`;>gNU7lRCH>X+6_!7SBidT^S2>yMv^nnu!|_Q?v0PL3YJNT7$_6v#__I%ro~j$Q3lJGNQ1j+L$#V2 z7KCVLl1EQ#6=4A%nZE&;ukIi(`bOQ-0E)uL!f1@JrJFOMi ze?-{-No)9OSEoZLdkoV*&Gl=l6i{28 zZB<^PZ5{CB9O95ki5)YuiV-ou`+W)GYeFW!*bxK9katADdga)wFwrc+Tb*_bBt);J zdPczUQ5}lQCJ6&HzdxG=1Ikp5lSADibkeq`Xu#Sg)rP~+GqcFLAF1ZgJK_)aSHs4C zWFYGm^`ncq;zF0Bj@-4$A~KeO-gN&qX4rJ09!a3Yia;=Ct>)3f8YL93)DxL38b2;W z-P=~&_`cHwi-MT{i-BV-+JEW zJV+IHTrnyDrC~ZSmMOl7L9K}nJmf(9dm}UAe$bY_^~F{)^ulfk`(d0Q>F4bE zo1DKpOOv$Ukf02_i$MjW*0?!03Hu&ZpDumhYTA#jWizu5`^Q^XDq`v6x)&M#<1(H-H%_3lGmHcNl#f~2z+V{mV8 z7G<){3JI{>+X`ddwku$yfpmELqRSy%`69RwRD7Lco`JD|r9YPCTOP z?Ldz0?k9S!it75&iZ;MS%JDj7=uYN^dEe^%|31%hSti^4s~S$ejfb{a&lcab$j`T9 zkvV<&m|s;#Y)7X#949H0cUdXX@le8&_ws+rC6(FPX`z(HqUJ&n)>6yG~1k9akd$3&E@b-ubFradr%PmX`dkd3P?Kx8=7p6C>Dk znl-_EVy!lD0(;{?x)h&L%jWK|3#&B=F;-V>9t1JRnK2ruX? z=O@XEnnXT&js6I6s6qKKt1PflWGV#}QFMhl!qS2oY5+;~ z(19p#<`28>`v`6unH&sNFdG(*R^l;5MOAuNOjB!>>?B*x@1uUqEYvEDj&mYH<%f3ur75%k|(<>jS0PUY}%*RNi$+-Zr_bqw8o}4+hHzPs)Kd zW(c74LIeQ-R2kXy#k(&d)~%FOa(-1&-V3j1czPA>n|XDWyp4&!#4NF?&F!T}g>TEa zL)SH{hP4G92$2D!-$|us!TL*x6CPcJlCI1d3UX%f@m1uy4?JvB^%*}}VLl^G$FA7D zp*zW#*u=h^c7Gr{lvI@gbNZVx6I8CiIv(e>4w@|6!Ri{p;}%Y6^>*aDN$L!Yd)6h7 z^N1wg+tM|e6BnKn8S&=C17=_97fp#2J}doWO}r0UaELtg3v-kposw-lU=!%@1(a}> z+3Gahs+TNFqxZ-#OZ6qS{cZA28gHa@Ekm`xW-DXIHEYn@*!(4tCl$sysJ7g~E3i7Yfn(4^ zlW|W4Sc$Jp%=XuWH|Ore&m;5Lgjio!ol4IwWjDN&-r%H|%x~Em4`c~{R{!hG zaF4b~a~IZOOT=Qj9YrOE(E2j=a3q_8(#sy4-?Z9bRv_N$no1*XaMR#GqowoV8?R)2 ze6)8p!h7`a>>59sHhgR~y9Wr3G+;TM?)W83$QzHM(=^ebK={Y?K=fWZZVV{lla_Bj z&NrTQ6kO)$WWRptep%t_cHM)(8(S(n=(+>*EOo>^(5!&2v|z%FFU<~_Q{*r$ zh7Qfi3zJjTOGel&s!CI-u#ou)w~XNh?>jKlMns&-p7-E?D?JI1lTma!XBJ&6k~d8?nM`2bBy6I=DBH#JCTFP(+H=K^!UdS`qkR#bNs8>Y4c__ zO(X2n5`BN(tuFj~Na0g_=p1+|c#=8q?lN`3rmR*B^heq`To-7?5T~e!*fE*!KmYSM zoj0z&el#-ZH&y1~Z+G`OicAG(!;P$1bKee8M?_pPBbrngu=!tSzh`Hsd(a~K1P^_T zn?2t5M46_)_=i2dwIC5|1>ApRhUqw;6u3LQxwJpog)cA^aeX*n>C-aI=S!zML>P)W z`&V9G95xbc8eO=yYxl?k<`=W$3tabsOjpBteRI`mAFNs_Peqq~rli%7J9@DtZx*?0g&YO(QkDIL@)rlX{`9){5!RpftMGWN|4kbv`J- zzSY_`$E^7%jBO_@EQ@c6)KO9rh0A0|X;G-(=7syXy{NwTJ#M-=(g!}Gz%oVQ?Ss@{ zDPn?=^}K!$)2eAcbdZp`pXR53yKR1I+SuCY=pBqdU&Pd_IM_|^mscpaZS>`jmX$vX zqK1x4^sD1a_hSvDmf{Jm%YpFLc+ZjxC5?%!A^_>;ydS6)I3ihvLt|c#N)hvWi2sng zX=~Fm?pxBt4_imwtj${2cVoNfw{zFNvs$0&ijY=yJA=}mC1VEY%(1}h8;Bp~6N&Wr z;_n#7B657@X3aqloz~vp`;W1csKcMv;Gj@~hv7y0-H-pqR{DmAx;U9CW|-4Q(?<{V z7|eR$gM-#O$z{$iYU#PMRcIP)PPA=7(`8sJx)K_iVnY0kR@wKcD3A0>0{d^b6#8q^ z(1^{AwPKZ_gVJ}eRIT3{7nsw=TlV>HZI(!zG#<45NU&Z;96q)@!ixn{TBYdaeHk;D zuyJZS6f;IJi5X-p5EO2*f)U@RJVyvE`r1b;IGeeh;e`pud*nAwl-u{)g_`94%rn>8sR!~Xh(f{rmm zR)wHRXroBrsoR_sox?g!;QA3U|L|A=g~h?Lb{|JaBpd5~-LeYVmelIiG=wpwCxcpI zeJdElN`S1TxZORRJbXPUPu?I+V zwo@RY^Y$t(5l3+S%gus%fiXH`#Pe4e|Fk8(Zp8q?v9y2W`Y@Q+E78iXv2bDYZ2@tf zwwPIXx_Mr%N0a}Q5UY(1^5ckz(F1JAs#O9igLxag$rFOmaiZv-Q%k21k}xG0NSMvv zvRN5XV4!PY#r@l}%nxfclQ$3J8BErT%QY7OCD;7ei7e`LvZO@vLQ6F$OX0XGjxb7) zd*_A6q+<-5{2vIH&v!5A8Q&+Ig`}MxMBgam|xDU1?)A zb9Ul5YQU1TjP_MtzWMsN-syyT2`M=w%aJlj>xrX5!qtccyBI&4mOhJ)HK`fxQBwQ- zbA+ysQ}c~{R^IBWB|?SpwrqLe3YqnjHH!80auh7di&?&skCt|UDHBA@wuj_u>atSq9yNx@c$gSyX%ZYQiu9a=sK!rN$) zfl}(og$$1#j%!r8^$kBoNAL^wk%e|pM;@Z?64kg z1#u$Mu)=^23W-!oFuo_-Zgqa63IY1vj|?9yL=PX$zn`R{>1?TBThh=fE1R8Gy)nAA zDH1L_BnX*}kLG63Z$n7jFIjNKma3H*d1PBtzYD2t?yVa+Mkto&?=9I+)RhytccLO{ zBI(OBV>PW2mp!=QJHY+^BsA6xZ_*3{%>3?C7V+UE48-HpbII)i%!o6Qd7+h{p9LWgANuyp|H8sL?^j4OL5M71i-2th5u9G*JZ&tfe9RHVteDF~L)gW~C(?5We90%(|?1Otc#c&F8SnrlYp>)a8;@ zH+JG`O6C@~X^$8No2JuNAHgaQ7xRCLxs=mkGh=i zS$9U@fo%Gb-Y<#)9sNjfoC?~V+4iSnFj5RFRUj&k4Op<5b+0(f-or^q_-NJym9Kiw zQY;gH_x;9%+3-mWU-iZF%Z^$5zEqw9p^Zg?eF@&j@(^g z$<9r)zQ^OsoZ+jOhpVqVonG+QC6@~5=tjy7<&}RSb`!nsYI`;J@&r! z_w|~ch-kRf;2HKR&~=>ZUcfbCG9R$S&;I5jw!RgT9f(YzxO{%X5tXs7{DrH5t&r~B zkAFDXbty7JckG#^1r=4%dcyl_|AvwI{?Q}z{~YKq6gn)Hkyd{mWGs2v#^iB2=;}&h zO=7dc&=q+7NUjvE<5KzUBcj!ownNIZ2z6sY*zE1?e?$df&M|8cU`qq4+k8YfLdtC> zq^I2?^1_bhN{xGMyT=D3%jyM1=Kdxjy=1W^h3!d)4*epmQtIPvP3Zcpw~jjXgW$F; z!1r|==}$fTctTtjBdu6Wf|TNhR5U03_8n&V*nR-q9^0isB@*=~HYkd0lVmCR& zmIq4$_v>j7txnp@F&W0n^GHE1_cJ02tlQbR|MLRG1n2yOZuNS!Y4v>d4$$>xk1-uK zJlh-Z+q!@)AD>Zlhf`0(t*ztayY9|t;tL$$tQfzX5A7I#-zGq+Y26|N?|MEX_Qdi* zGo`8o{bRE|ayO>Dny2>maio6}r!=R66ZtO{^c^L|Sh%=%Su_X^To31yvD!h|k1geF zgKbp=mtjZ=@!$=C!DcxPtof6X04bt6>bV@5J z4bm;$-5@O>-QC@AhVPv7!$0nez2BHwv)1$6Ylcn8S9m$h8_~z4lBSFSm7PVx=7>)% zp%HTt7aMnQQC-gfTws)*?|xZ5>(z`lNWsj&Y3kNGZE4li@>x@R|0;b1_+~2l`&Tk2 zfQIjJZT-uzyk&9j_{S3CSOjw#mAi2_+w|_RH0?0!PMF*IyS~op>WTBYh#{_Tq!llV zh6nKTu&*zT#zd3$(8Csct8q{5sXSXzOg=qO|7C*vA#^^iU~r7=pkpQXL`Uv;Vkyxl zy{V_%#oH5+)bpC0^C`rUWB(6D6|yzyNsl0X@XKbs-8wef6rEal({~EoK>de_{FTBf zCB^S@%Y#qGhk6m&zZM-CZgy?u!I?_}#9pnG;#hCX&83wwKI|XW_wY71IUaPQIBf{r zWT|l4G&+Hd$aFNh`wx%PPq1Uud^iH2+-THG28TyY@7z`@ADd5hS-wELzRN$gv+IYB zCJnz~kW&AIjp_GgO@D8?LiuGjB7XeuLsDiu<1oX_)i?{++v>`!IkcgMtln{}zlXjy z(FtTs$~3#2W<+Rlb|oC#%3FlOpHlOF*XwDyo&Fuy5(;=*sTSwtuSkw& zAN907k=#4hHclCn*`8_Nde`(FyJ#Uw6<=KiDKvzEaV~!N2*<$V^d^?`QFQalZ37*1 z0#XzKT3zr=24{`~*eHEqN4r4gwr@!lc5E^($!=haDFo0qGn`ay^yJBIVv_bPYD>(T z;U$$T#$cn*VTrMR-0s#s*R|A{PIvKJ)7qQS=XWe@_V;j3 zk1<0FnbEUP1-Q9bZ%fe>;RCSAZO<0e?vzcCqY=H%ta$ZqGCfVC&h}V>*53J0Ti$!i z(Piqlm+W%f*p#$^G~{zZrro5A76SFk7ufc5LTMZ~natNxW9(inUYexAk%s?kP})a6 zOMV}z#-sUWuFS_fYG$ung9y5Hh*(*P7c_GBwQdy6HeVry)+bH@IApO{iW)2|YwhZg zm*y)qTYP~OVzAu9Y<>v-dsd)Z9!b9*kpeWiv7fE790H-}Ggt z7tl;4U}w_~^ySXxoFnygj+Bf#$w~y?*{Lh}Rf-07&0&GZXp9^+EMxQfx2eiMq*)v9 z1lHCrD&}T{YHt~fhqD|9nHPs=lbSQUVrjXSf@Ejz>zHx4xXOXV{`#+KYHF^gW|B!~HT7n>+nn8T$0(+@t`JEy))>)q&uaAX@y%Jguk?&R<0iqJR7Xb%{Cjrf znCPX?cd)ar)(U*yK&sYl(uDlujdOtFT$l=??{sDY~eNh=(JKj%TCmILOxohWYb)BR}s zz`xdzH1g*0qy#NO^(K$?6*o*Uqxzd4vOEV9oQ!d3Q+>#H2AFDk?>PIxqUQAFeMb7j z>WVMBe;{?1y=$4aX^wx*5k0uF@D`(&FNLuWnp=c^FMcdyvTaK`E~Chkb!8+VQm|Jm&}2C`C3Hx3E_j~r=O}#GT|wzHuBOLM$=j-KRD z;>zHonSe+Cjhd79)7b%6%0Q7*xw#3|!>ZbO^hw$EPg$m&`vp6*QDud-b*-DPbsVQC z$lHl<#Kz!csEf`B=JT;c#xh2w92zOX;kwZNg-d)FE!OK&a-%Wc<{hPiOtXia*?$5) zw*f0>$JZyrM@;6tL99&Xu92REgZN1rS1xJ11tZ(GWyPm^!-wzCZA$*N5b*`-y&EOi z{zpBg>?K&<$I=ulI_X+UX46j>5TcMjwsDgEd720{f3}e4u@l4ixjK8sfhrEoMFJfx zLm*$xUC?Dl<=A-E8l#ox?_ER5EM!qe`5EXR$HhcyGNmNizbrfkr(eM~Uc$Y{zSqpu zk9?W(zEj5S z6EO7K0(i-b`f6n*pz?}#XygR?gKLGxuj&elksRw%ZdN&?eFeuHofHYdOjF`yrgRxT zasKIyzjOkQv5_gVV0G9}u7un41_w?(|g%hYClTuy3I)nBzptOIgxIv+FxR|IrOx@ zEfG@<387;a7>FRrEaa4* z+@%9zfp{WVeLfdZv+gGJsS%C;5^qAu zcA95bP7}-z#+9_vdf7ciGC^a`JAu$>>+0~^xsCq0-(Eba&yR8IU7|AWfjQ*eeNjeT zk+_JsQy*qUKw54;zgTZ{-sr^eaBp>OyCf|y5t650{&~F7Oo2)^b98gA+CimAOHo?H zdw{QUtoUfIQ6b0MKlNRXo^4`(eeMQ2UbLDf20JzHzFq?6*>n?nkn)#tWXu zd;Q?W&U?19*+N=rZuyyK#$4NnYPDpJySbjWE58J?V?1;zpoew)c4!Pgl>PdUw29R2 z=(;C593|$nC=$)&mH1}NTkQakQBF#lUlZ<6ITYOr3GawI#LF8a`*Wl&WA-fhcH!en z0kxf6+owRVTo_F6fB+}YM%-1g@~K4kU3ybcK!e8XZ1tYiuN{iL8-slvvcFnnSa}RK zY$<>e*C6RyedvhGZeo1A^l35XL<4dMs4*Mh?#7SGaq!$k=HF7~_)iJ7+F7JtTn~Te z)Y~vgK$u+I=sOfXo%6XV*+=um%UozSbm|w#}M@J>+4v3o;9>=R|-KTDe8>`2YliVgmG>e+x90*v^-uJ(ze}b1nwjFI&d1ra0+uTPj}SiVdRSx%2iQqX7q*SBH9^!K-u>bF<87Hn$ej#S2%SGQM$gF+X! zwGG^q&v#haM)?~=6VKiQ%5@9{>>O_>!hTnBq4GTWT=TmrTSb@zH`QGJO2ufoyWLRh zZ}IX@{@~3EvP-gGP7j>yDiR3pz& z!-awp2@ACcw&GZ*i+Xo<1}Ndvzc%$}fCpsEppyRVTihh2qW-s_mL)kd*IG+@(QU>j zi;!wXFK1X>8z>6!$V~44h7x)xDPlXaIpC-$?H)&@X%9Rfl&9&|6MmGW?Y;aVs}p2L zKI&cVa`N?2EMwJ6@f#3*RUpVD>J&SS{ zc`O(6@bW53s9?^)64%4>mL)>*x&F2p!E-IukC88^CWsr{x+LU{Kd@~KM#G>+0G;(& zQ4>^xKN^#hy###)Ap~F%zbtnJLqjh-p9-F?M_4~@pe*}7dw^uDy7a+R8P#WxHhgjUQ|(0Dw0!N$NT%P)l3eU9K$Y`G zP7nLe0nVB(oKA)5(szF&MK?&6YP8~hX43im9o6~$*CX`)&ZX3EgY`gqkAbMRQW96p z;2F`Sq@$1MvxG#)7d_8kDSgc0TRQa{X_`jkw50;iplY*?S(aM@)T{h-3DdSVzwEsJ zm8Xj6N|6@%GS}B6Fxg%<+$2a;RLmAiE#H>p9Zlykljh{lxs=P;ONvU!k(&&&b{v{5 zJ^X;VDyAKu`2;2hP&sA#txl|C<1^%XB`>xsO}3<^!^2DO$$#a%R^%9_e^5i{{j-p! zsM@e*8MP&XB|d&Jr+L@*($=T)8SK1%7J~obJz~qn<#+0+IQy7Gi4|(W!fClIcE%r7rNe@G zuk$s@&KJZ2Y!iaGu*W#Kw|J&D!ETq=^|{-_f~Q<2b45|hw3Xpf-zh}<|NK7Smx@K> zy@p-K)?c0<*{Fa0$wrW9T;Bu=4N?HvI^;}0`*y+E3IKl?#W`^l$0-QeHAA(5yX{1M$%P~ z&)fLR6BM1Un1e5E^Zv>+99=;#k@PndU8ZpJ*v%fxzhYhYYx7nUb0%OQ9MbJV)rmB< zwMw#wA$m}wXw)7&G}^-#-DhymmM5Im6@Ckx`#f#b0YSBF54BOzPLxpX&2tI^DYB3y zN3-FfsR>TpURfzWV@-}c2D?opWXQXknl4el)xrv;Yb#V`++y_C*|Jui(a=}3RJP6s ziy>6S%1D+vcKx2PGQ>`YeMy~SLEbNte!8o)LF3K8ZgvK&2DBu~7$&$lrSmv5kHYt( z(=J0mlpa^V;40hCfJWsxvIR+5wa!iWFMj!#TPC10;mrP)2cgv;JQbi-g%2&XkJh?S z!l((J*{)r^`{Z=+MWBtJIVa=?V@#ag_a&newO=-L2R^E^Wz{mzp^MSQ>0s`8Ytq7& zxipE{gdKeq9d~bAX~BK5)Zv3Mjr0@v~@!K-WZk0)til5(r|l!yIsN7n(R@<+^Te2W{h-q zgDE#i*V0mH{%-78{%lzw*FKmfnf^m;GDM%J{hm)27Q_&LkT3Yl?g@j*S?VBfQ&ih- zFzaG+SSyycoyK1cQM&RpK3Z8Uyt~{wYW7pp7N=RC z&KYeG?y6Gww9*LMDxtfq*T_X!FiPrvyXi_eOJbhM{=mn?h#$*F!T}Y_Hu8d_ z!tyI28PdNxjXxvY>8Ce#dW&qeot2?HD(CSDz?+cu0G~F|EAec-LaCRNPc2M>nrX}#nrth)Y1; zi;+3O>f-LQXQ`+5V__x}OOELXt_(wYx&|DlXMd$O5U`_dX+{az%G92RF+-kZZE^v+ zmjH2!!dl}7CUpj67VwmIo*%15(bsGeIyy1FWn6tQOY%bexuo%$qW&N*EuOhiRiqpq z`F+>EwmEAbp>5;e1Tv}#EPzr~#9kpxouY~>_-=e6qH;b}4X z<^@k8b*tp7t-6`p`42!-r8jZ6NR$=2DkPi#Tzvc%Xn(233$0Zyda=fl&(`m%Bs7o? znw?00$Gk)m$EZ!QS8}tRw58&{+$qHUna2AGN}Tqa_ZEC=(*g~6;mkdi7hwnQxlgRT z7967BMIL@h#XGdVK~4{{c_3w~9I}f+R5{K%ho)Be?BPGuT^gj{#b(dS1J_1=Gj4b3 zb9=@+OjTf`AKF&>_U7ArUL8UMCmnTUtl-ajZ&PGq467a6HnQ$WrBE?ojNm@5*pk?# zI`F7N1Lu-#a1;BTjfXt%9rew|lJ{qN8Ph1)?5rK{7n7TdY6iRYpsh?a!822Q--~O} zf@G8*=QoZr96i5+HgavWHEoVhi#r3T;wJi-TY2n}4uY&SsL7~Skf|_wr3wZYn}2|r zsC{?Y|Mc5$6-~Jml0AWGW+YTN#?YE`cmlEUL!hA$;x!n?nSqsbJZ7b$6 zDLZtN#m=YmufP=r7sz;?f%-S*&tDZ8&V)WC4gtfj8;8uq^EB%qVTVS}@N)zBnC{}- zOVeHcGI=rF8iuK|{XMGY1D7`4?LLR4;m%6`Da^3L!FXP;e&FhgWKR5|H0sWLpVd2T=ZmbR0rwC;J@nSNjHO|7#n$9xYJ|7Z>wmt zT97zbTbAp-4?ltMJ~I@{f!LUXv2^VDBk&zj)n)qKoFfq$sSaXCjkQYC!&axCgA;SFGq>VHg>b>?5&3kaSg2d>UllKYg*K>9f(gfVyGRZ z__$-q&n%eVhqE@v>*naiP__GTy+!I2sN%D}Tbg9zc6xg=U>lWLZ^ZTQz929CRj?Bw z#1p8`uJ!V->-&FVc7=+REs^}&gCAP@r`5S8T) zIih(j?{D!JwMlZS6_K7zzVRX%?uUa=plQK2w2*VHF9}(-m_mvuPmq`_ng_Y?8CkR{I{ za$mpfPk(TD|F>IL`3syP8_{p2zA4voDz7fN+iRlbLXRjEHyai;@it24JLxB(HbMy7t|k4=KcpKp4M*9TrQ3~vLrkgjD$ z=i8GPjlS;sj19}t6!CC54yYmzHKf;UWMR*#gqK`5*w@k#f0Y1y971*DKy8Hodqd(Q5NSZFLpi_^_>1EbZlh zuQ}cUl#_c2qj4o^X9wEe$!@bB4s;uUv}5fUuihWr-d5oxtGv3*0$YDNnrQjUgZlc1 zn<2BHYW$_=7(O@v`?q|2{!hDrD#Lmu`|VS#xKMrjt6)svWY&W(fBhmavAk#+U*zhSSCntW^&(Sre zkTP8+Yz!Lg0a66;ij+?p=P!07$FB$Z>iP|_+%7LEyE4+V@d8S6O!>cfWPCMFQayt8 z&*CXeVtw9H8W?4JFp`vm$Q+fc57do!k3B+B_|m_j{LTA8`{FvTrpfY!6Z_0Lo{TF8@t(!>9;8e!QETzNqM~-_{>a% z%Dn7yT7MGrvy`rMUY?Ec5@KhX7a%r~={gSY)i}E2gvbB>JIY7Tgr*)%Nti)aPp-~k z$4Yr*xNdW%pO1ws@rj$TuY~v}7W1H2d%2StzSV=njKP1-doNU7xCi|vt%bypB5eU$ zQla}!W!Ky)5`!J}t)32G*4GJ~~M0 zX?T4RT(k@$hVTR)6oJTHMUy?4nmE4K2Zygx*UE?rSg2z{BL==#%Z$QK$8gk8DGaQ7 z5*C(ZUJX~InhjF-HI}C^+l0I;vo;1 zzK<8{Bd@U(m?zwDLD}|>BKqYLU=RmPg$@clqfiC5^DI8d+}n&b^O`?b$N+V%7Rk{*1OnNgIT*80e?x zXO*}{tjV9GKQxnhxO>bI*rAw5Fwy@ZO84ZnWJ(qd8=@Xp@>kRT89Kz5rRX#t5od=A zH1$Tk9ReWyf^B=|=?N=Zq>>!HVk^*ExGS6U>1J^K^!o~j~oYtv}7 zM=2IrhO^`1)Q<-B|5*UHS?}l$AE1AZ44|kvZ2Bt9Z4xk#$yd{$*OCry1}U^8m)Ae( zJB5W=eWK{hDJQpCKEsvMc62pfc&9$(h@FuqPO(z?VOspp)msG zN4;AUFV0|zr5IC+7C@ca|h8wsuiL%@f zcMg@C{k=2p(X!dOuM#Z(`aG}6>9>6muvj?mFK{t>rz|2~Fv)R%qFeN&f7#%sni1!8 zcXzA*o141*>QytXY(vY#XZvmYobv~I-9_Bz<4l6*RfiHtJxba$Y#7~fP6t;9Qf~gV z%T41%-y6bKSR~Qns=QY3BP~ZZwm09x!-{NEI2E?&Y7&$kIpc?HEhJj&5`V}=EdGZ- z?7PTsr64nrD!Qgud=3+(w}Ee7QW;{#&X42z$kGKCMu=}IKEyw!jyngL-zO-L=-PV6 z0{NH)7s*)d{>^9L1QJakr8hM!Klfe#YPjXCZJO_g#|r^jxkSqYHB`m}VrIt2!?tWk z`wKG1`K8EbV~kcJ&+1Y3pHX=iaxrta(MdbGTn8y5Qsd)c4U#&~m5gI@)E-mlsSbcS zZ6((180Ye-r2l+|4&s8CTzit9(@GUjzP&3YaJB)!XHkCu($a5wDDAx+No`fu__IOa zNv}*1Pu+x}9L~3%9M4CP+6G901>4uDrc1ymd4N z1n;S*Wp(?@-?ag1p>8)Kw>QnjGb|u4f^EIzfXaC3qCzsYX$X;+xZCdE^ITAN%_KM1 zl8|SIBRSTnkM_7(83S9;4Std$Jsv>wxxF>o7CM85ctc9MeHnW6J>MCQ4HwD$oQ=^Y z)K$w&blm6nLhhjt%W*jcQe;z;Q|K(*QZL{9kYIAs+xP6zf4oycHZxzmLfJqb4Bt;P zCTDkF>+|mMlL-;%5^JuA1{qF!0qGb?j8BbdSwTzJTCmllSNE*7-PU2=nce zV`Xv(tkoynA44ZjaM*k5%F3PI0~ z)3g}DuA(ni_B8@~%Q^Le%$@~iEzBD;GX^*kZ)_X{salbxvc>lH{k7fATAHu>oBK(c zokCLeGa|=IU`N9>UtzuNHIuwr#SeK8WPN4Y~ zK?%(1A*abdvvXOJYlq=Z!tZSfo7QLDa-XzMW5vdQTfN0|jcRnaLoxMC+^Zrim9cQ@jH;86Q=3ezPw;sc+T^z{HpSDSww$0*Dkj|~eNidRgZQqqwP?sh7vRh6O26U%W_xkL6N%!)ADKLbDIq(s8D~H8 z9SwbgURw`kUcMzZY-7%xbJ^gSEgmV8A-nJp(Fc{E`ug8)2`$htN6Vp+lRvF~&zB<2 zvv;+rN@WLGs!KGe7`rEiE2L&h;9~}kT zk%dK`YSegx8? zOQlRXB&*5P-H5pii3xN379=|N*N84{02h*&zw})0bt^2?RT?evM)&tA>3sIfkrwY~ z(tR&rg5aNh#HZ|UWgfrfVE_e{kEDepi6dx*Wu}xF5L6bNe|j!&Hht*CVF2))@0(4GxIJToId5GTb-)NzllReRNm4TV(|@?`yFz z)7jK9oZ%7eZo6<;RD?$@2KbEXB8M?o3E{PVnCbjS+`o;c!`diNu$#p`O)1p*R!qW# zom2Pg_%Z}%NrnAR)0pr!71%l!3AMxZv*V@x6-I=t~Zb>0ia-}mn zzk@t3OgUmFhmlqo)aqtQf>-*dWG0Q@GryE~c+dt{RigwU2Ul5VN4^7qtnfIIJ$zWt zAlJ|HMd!;cfSKD>)G>*e02tHcD2hd`x1Hev#wBZoEt5T|K~7?O`AY3bCS<6okbktZ z7T!tq9iCXABP6e<@Lw?+emf>|eMLx^u5XZg&X&QbLU}1wvheovNZQjCxy-_6Mfv-34mGSx>DWia_}4JO2_LYd4u&}VK~%H6B(uPH zyWA+iyifYOAKU6gW= zAGGn?zqna>kjpb@miXl#)@QR+V(i6ClJ!Jt>+Lw&kvUmogla=O)?}x&0%9(q!_Lm$(nmgz zK$+EEL|U7NYASFakp4^1AtAqP$c7shu=I33?yc*cI9}Mi0YJb-Njs%O@9gg1UbX(m z`^elCCVUU7xpt${68ulb@1Fog;nv2nw}AHTrUVZ`kV;Br&&QSgt9m z6-Q;q0HV*1y0^^wkezkB{f8Y9;@kBkfDKLwZW3TR29@0M2WQCBux4 zrqSguJ&*Y>YLKAnNP$q;^YTm!E?2t@9T}C|nQZC#f*(+LHqqj;jZk3a_@wd7qX}21 zu|<-!iO|A(LuG!8Nk+A#=0@Zy5;3t|qYW%vFp)pH9;yvhDKR{;2BVLSdcP%POaEPB zSIQ!-@jBiBt}URH7-yQGTh0oqmS4k+3L044#mHdIyYya%f?)SZe$Q?)kgj77NS%Dt zwq~0joOzM@8W&L1?LJ63%bZBziWTH9f8T)WZuL=rh3zz$xww@c^YxpBNg9++qj802 z7c%<_c0jvO$vM0=Y#6khT&iMU+{{zY+1Sn-Q+=BDww%+$MK~}xBY7DCuK)(^M^I^j zZk>xRx&){go!k|NfxrQHKe-QQU zJQW}&b{!X#Z?Ey@=YPFTNd|_d)p<3~-3UGeDClI`3vkv6P)+&9jX_s}Qnc?q8L0Ns zfKuxz@TgWjTu@fH3bwL4)M?KUNac#ljQc2TPLo-tF<~9f-Eq4&2S)>-e>`Km#QlbhGIM@V6#j(z9h=LSD=vCAF}BgMFE3y(xV6TiSbR-NrQ76?go$AI{W{9 z=6GR1KQg&cQmTKJGI&Ibyx({F#s?R)28c+)ie?#=X=}3@c$3G;^e^6ydP9V&5S)nz zA&kuA0BQ+}Y$J-B5O!Fn9WB$7n`smJ5WnL;7_|4xkST8Pb;qXR`mNHj{aEz#s_HV6 z#KG^I2wqJnWahWVkZ=ke6D1**(*O6~33)>6oQ&71%^lhH3A7Uvx&WgWTXSqCDxr|G z17!!eOq(~fFj0BHhNe4#kd7Tw%195FGC7b#XigaJUFd1Imo zE|$W|75Beshg!oBM&G{nx8BZ>6>r}q1E^Xq2bq{@f<3G1*c<5RbF%0NDdAvVG>3@) za5AO_)H6D_v0*xBhb5#OG#lCByh!~s&G+q~yglK-wiT;YZ!GMeMqP#OaCsEIA`jn1 zW)I5mc7nNOUOXGD#NM3wH0T1F5AXlcX4-o#aK;xefm`^b)^M1I#utBQg zq_EQ(0;cBgJrq37u;myA^Y3Y|kFeqV(@Jef+)9h>5fiw)eE#41r0Ru?Zf3>{n+l2$SSN0_|G{DE<4UVEy1M!5VmC zxRc|+S5%yL%m-6fQ!0H!Rqy%I^On(5z}(8jTIw+%AcbShUBj4yRWtP#1D@_j)z*z? zW)4VWR{yM-ewTQS+<6vZui|IJ$x1#0eO_&^1t$EkP<1i&?vl$!%uxj$5B2;3=g3j+BXwM8>eI``V%~Mv6rDjvkdAGdYl4!UpD5 zPbr)lo3&C0PnC5T$8@XlbzF_J$M59Foj#bQX+Oj0={~$7DWd(dlE=G$=YP#bW&cXs zjB3}M2WE*x|G~3z1rLRk#2B1j4$T@jD6b(tEjK`)*w&RN1=RU}Xhwi`T_swENy9}O(vkTb^ruET?$TqOgc;juv@8VKmA#{>hF3K@1>iEEF_a39P$ zAO;9koExtOn-q$vkg6%vQ3bx1=cRj_f93l$`*?Af z$U{z3%<|;qK&Svj+H2%0ohXv|r1kQyIWv8*F0}6lxINI_R9mOPp>&tuS#dHT0i$<+ zMHnob4gF!3ly;ze15w0kf@)C(sNiHbyX9a84>AV<&WUTz3-XQd?lc?E!@&!<6);8y z1g=qhye0m6=$Q~Zwfp1%X40~T;gz29!G3L#lnR-ghRRFDVHIcd&XuELhvC_k25AgP z9{04(vT6kY6GL}iJ)V&88WWwbIyy(D2)<2=y|2Mz_t5-#$qVxSA0;WwqaQ02a~Ovt z^~?Jvy5Zp5DySOerxg`{%7_~v0|`=P`Hh_C2z0=8h?P0!tGosX@xfa&0dNJWEI{7s z@qXbn^YO{_>)e1R=6VONbN;WHWSp<2!8K?XQ*;_6Ot(LOCjuk}2$0Uuo%l(N(3%s0 znU?`vM)-E$8RH9&eneEz4l?L)jnZ4NgX$P_^oGP_xQaKy0k|a~1J{}du&4F-Jm_pX z{AaUCv>@lB!vOjY0sL0N;+Vh&=pl6WL%goO5z*tUDy!r59_1cpZDR{bJzr+<8RU1M zM*t!4)AqBRn$Iy%iyrTzs61!7fi&^&33OMXSD{#w-uxp%kS7*RcUaC(Nt^6Ns`&XP zC^AK2pzr`M_fJYBY%GAYuTHi$GX;%n1xn75$eb^)KnEZpXvl*AY%nWUa3jR4)*g0o)0G|xjUs1gDG#BKNbd3caH2|2dxi9tO5paBU zpg>Cx=r#eZWq@fhUF3DPpxk2y<>haFx67LPhA$(>)Q$zieQ@55M@ZpWHse(B4uHfS z^P!(JsRT$?FifW$t6>0Wd4NxJAGM@e^*U}oAN-z{4 z;i3vCDBJX`Ob<23exPKEfsICZN3&?jK|7IS%rVt-eK7DJ(F6rxXL;K5Nm4I$tr(8L zl>sTW6GZOS$Nk>vj2z{p?`=*TxXrVZPZ>!^2p@P~W^dB&uaQzyzwK|2f`&YhagIJ; zv%Kn(H{Z%#Mt#FT$Cu%X&v$?qOcTv+ntlhfjH2uzSumzua`k(daj$LOp&=;?C=Sf| zW{PNrHg3(Be^i?3Mz#HfmBW1%q-uTHc7CLTJSMyl5f&`V1v??XmgYW- zo%;&tZCQ~1Fd%}x3G71yD)B4R?^Zzx?g`tibI2T|fPg$2eW`taVhaUNEEJKo7N=OK zqb1_lVP3_WoNd7YvQtlJKMp|e`jv4-CJHYV=mFVL)mw=+416dZvM zdpBsIaq|*Hx!JFE4_=;hZs%TAP59A_0%%`xQUK1X8lgk?FZlrOJBk{ zTF&qW*=(`3_2{lan2(Jq;p<-Xy-Mkc1IGnsA0E@U8r(`3AoVliMl*0sl{3;!TcamC z*NIdzQvDSR#0!|H08fPIa}>(EQx?wq#Q&hzis2#=tJ+R62$Fh$!;6V45`}~h^K8D` zh^cx=#zpklz*+1%RJ<8^?}ByceT5v3p)k$eM-lJfpQQ!rBe0lY0|335pqX6#3#-P- zfC1|dUq>N8nmDarsJ|uR3I6R+t;G)&wzzjL=O?dgJzof?C>{fqp|DKhf0p4eE5_DvY12nJ|Q0V=*$ELXC!LY}prS`MpTtXCrF zL`Zaf_1|mj=3q?F1qDJ^m$OR}3;_>1$ajqbD52O_F}+&odhLeT?6M&BzyuB0jR`!| zO%!P0>p*!FqAu$TYzC^pjMr9!r;TPck0}K(``-kXmrrp>#2VjT5{QofmU8b$?BHmr zPRMMQ*Ok5Qw4q>l`SZ&QU?%`B{#Jr*E1d6K=wKT+IFRi|T&dKP?iCo;c)$Z0DqAyP zI&L|z*zDhMvYgM)mEL_K5KhEc@05guLE&y!&Gx|J|%8Qa0x34u_5xsCVQ(< zJxP!zO>1zTxiHSvLM=MQM+h)Cz}pOx*LC|r;-5uZba<2Qdrz`|c`+R=GuQIxe36j> z50sC1H5q0qD4-?_M>{DavFv+tm$<2`{7tXI1dWK-4*;wQi|vnz&p^9oDt#*2kFNy| z{)bo{k@lAd;-^f_AdqS#e)Ezl@2J1A4;gtG88TD>3)Qv|zGeDs{mokm->R@|yJzX1 zcs{_*nqt@&J3CMt|5cG_Yfk|hw#GdeMWDN>c;+sSi-A;#X=c(D>7b|ZrHs`0FMCNU zbYo!ncg3mqR}=ccLr_$VH`^-E#OW9G=#)l7$#iEU7rKoApEHDW|727Iloab`yAZ%M zGlnZDuLwX}p#d{UQ~Ry{yH zF1J4;#Bj8#NEV^4ov%x`0c2nxF}Vp)IomzJ%Am8j@f+pQ6je{`Io7u1pC3DIKIe zKS^%j%@obBB;H{mcnVdmp1Z&TBDL%)?V_ZumLJFlug>ud;Tt#<;(MV7sa8m_2!p$wYReIQ+;TwU`e=KLgcedPteq2aNa`CWKYhoPSxR*%bW42KRVI&N!nd{_*0RTb_k&)JlIN1YUofMi z@kB_8$f;B>LhDH)sVF_5YOBq;?@b;rFZr=Nr8e2^7^xICE%h4TEZK0P1@Z*7Yg{s_ z5m7lfS!H1rp_bWAa-nAT)bJ_&UxPa;|7I{*e6;bp#V6 zu}DLE=wGxj`|e%#?GlC}WWGQ>@?O=?=a0L{96z5*p+{wS_ZK%|NhzVRo~xSZXQqh# z32RkLS3cO)VQ|6m7yiszBVYb^pDRV)X=c)U%@q*sU7ZU;W8B`B=v-VCU&gFveBCs_ z_j*$vG0;fu$j(4NWnseoD4%qqm6N=w!i?K82>&$6cV_p{^CP(++OUR+g^Jp{5ehe4mR94O`vq5E* zb8_-yWU1NFSUjJo(s*b@iz1IE|7C5N9|_jp^3D!z4K_N**vNRSQ{SUtOQrcWXa6~`*v+FGynWbet#d|d%pw6$##tOM;a`qJsJvWcV`+0@4#%Iqhr!D%FCuvy{i@>rJLKZ}7|< zQf6JNv@fgX_H_n8P^@U-lN7MD)#tyPdS_QhRi{oHF(OEr;Km8Qb0HmVux7V+8b+|S z)sjDticrg>hV#~XR?=^*b)M$z$egSFe-^;CH}%WW0YX? z_Au-Yg~@Mm>8c8$p|Szz!E&o&6_i}(zh)^hD%}DbJ$@$8Ynu3*<+xsIdvJApuQ-pT z$aZlQS1Ov|Z8q503^$4*0gtV--iFzFsYLZ>Yrv$Dx3Lc790V@>_he`~{Lfp`jz3g1 zxW{AZ9$4r8IX6pM$@-omaOZr<&K|GigR|AL46rum+bczV^a`$Q)qKkw0wtVYoiJO^P*>I zpS^ZqjL9WDoWbevMUQ0r?~-9VfrrS=_w9ck_gOBE94}7J;zQTbQ$}Rmya#ua>CK2N zd)3^x?Gw3+ExG*pRh7NX;_8e0oV|S`@9?*Hb>dmT=x{KdcnMF_XR>)t!*atiS(2W& zj8NTY6{rv<8ITz&8xA^oO#fY0GT0*N#?K}H#^vqq8TXsk&^Jz9Q|l);LJCezLMR(2W({qb0m$1xz)?P$p`QEvgqguKQ7%xW+w_n$A`9k$-~Tm$0|n=qxf` zMx7dE7ArdGH7mu^2fj53e~#6=wN>>>Y3G0kEGe?A z{?8HLxPK~3JvJxlY4fwF58qji@M`PEE2oUwm_)I#=_;bWDO}FZoGx1}YelZ-m1}5y zP%sfX8*0C;J20BA3{!uuwM=s=^W1h$JY1i6a0MBh#770Kakvmwk{#^H4^`{CjurJ25eSp$hfy>`YBWAYvCH7(?;sG}yNkS(pMIwQoX}(5>6_>W0&tC2hImkKvnrSM zQj0W4g*B^|Si@0EsruV6K{a=-KjE9pk1{0*^2W)#8_lJ7`#uW&E#F%4OI`cyPBiVN zx%p6t(;fq*keU&M7w0}2Q}u?mDEeoG$6^!8_hhs;)Vg3beLH}OR-XH}zEFq5@erM_ zRW09JBFhYSOfX-H+4Pm&TDg$i_LI!kW{cD!PYcJG(~i$isaD0f!VC8^l}uoFp_q^Zy*aSzZ@X!iw053-ZLF!XGE+wUT>8^+F?rxB7q`SMjySuyl zY`*WD^V3VgJNC@1S+nk0B&IAnKOB?h_J&2E)X+bdAM??Rj%Lwa?!OB;fTvXb#dO&C zPu6@8H>+n+f#8DPEA($<)(@G2a3np+1y7dh6Y{-%Y^@PIs;j$!Kqu~&J=sF>^g76H z>JPVXkPU+I#ltW9?C%2?TOy*@=&_V`ldUdf%A%8utR14o2X@|UpA-}rH|LC1oG80A zek1y#Q7-ezf3c;HM%ez$KAoww*d}px#Rcxol3yCFZ)_|MxyTNzA*W#DtgZtoE@Ai%k~QruQ(sWGieh1A7SB z)o)ewA@7!ku~}@>s^5!_Tb@^xk*Qa!-p9xp1^H{QZ^_~%F(&#-w+Ig{Z!qF~OGS3X z-<=o~jCaJ>$#N$qbX!(HxbjL@;x(9VO?pd@5*=ILp+WZ`O8()&=y{jK90~rW)lYIVW@2CFl}7C+QL=zE z;neNRc5HX0{mlf&>isSh>+<4zG;G6^z;KvYRQ=55{*Fp4cpu5 z6XT|$cwGWhHC}37Xi5~GFFF+6R#wNxohf{OGzmE38)WY72!9NzcZgSwtE*=%*8Wtm zZT(@Yt(fPmH93awfM;2h$xKy5n^5OSud2kFx}Quyr_iJMy-Ox%>v33WG_&bWBbK1p zuVV|>;*LVK;e#Qz<{-lhKW+E@X6 v7qR!d4l5ONPqBdZ$dRMN})DH=Pl*9;}~Dc6t&Q zWq8(&b!QZpE9eJtz82RzI#8_}iU|S8slX66BlH-Gi1iU?CvGrnjrnC@hFH4UGD4eB znxV#)uG?nvkUOySsO9Tj+E;e^GP`k77H3BoP$R#VB#5R8PDYp}J^V+pH&#<-dG;+< zQlW^)0AJ1Ea?vU2ex0@zuZ!!t@8^C<;?Gg-5zOUk^;pqb=fF}^W4MJg+@~4UZ;{?6 z>EC`~>X7$POU@nx9CBtf?~&*tys^+s|BtFrC)#4qyZmUZ6bYxn(~F*+?K#UtoQhRa z#AQaZL9P-F+!+~oMF;RVCG=9yxx^JR_4 zf|+i3bq{80v2|$(@96s4J(0CFdv&Dj+pnz;j)&N0PZd85=h4c{Nde6LT`?k}>V=b0 zUPexOjm-FROsO^E7z}ozP2yiODJszCNlehf5uAIj2fy_$e({*C@PpgsMBGWViIBq? z*KQBss}Ab*`Wq1fLl%>`N<0F&su5I37Lds|yqk{0i|6yaoP}$3_Od#R!uq{1Pi+-$ zIJPDhtsW^?3FP*}&KIHU!Q%hgale3iE_8ksH{ z^*k2k%X%^<^jdMxwJlN@H7ZG9aag%~fPW0u=N#8q9Sg4+T4;I(w zx8zUI->@9K5cn|`U8;vS=s%5Wi^N!U^WxUz9+$?|mTwzxm2Hk*Bq2Nzt(-+>WsE^i z);0-Es+f`W$i0EpwAJCp2TXXn?m=sr_ToRmQyd&)hcTS?HT!yFx+SG7X?Q?rjeI@z z$kAdQ8@UY{8|m5VDQ{C1(<(4hPBW=nVQphxKfYG5$Rqf(S__^H&A6q}PLzsz<^j>L z>kVIdpNNnNnUbib;I%D^9J0Jt(e~npi*kt-VlT^@!vYV}Ya{2T`PJgZ+4`|cHI>lA z`L37>{eoa-vv%)5CL?hw6dl=vHOf)0I;-u4n_j9c=A@7UN=c0*(JQH^q52(p(1_${ z9vlyK=|UK?unG^3R*$4BX81Y^4E> zdh(un?FA`$>o}@?LI}B+T4#ZjZE_f zO_ueYvsbx!5nVMa#~rN7ps6HA%Zk9;GsA@-&@uUQJH=nd!v!bo&DJY+EKkH4(blg{ zJra{+jW;VJ1wm#VFdmhxOIG@|Oe}Hc-tpceveqNYT+3Jc*uDJYJr#X)LL}BYf%!y7 zK*`JYY0jW^xC543TElt%x)X36WPOi52L$7dKdVKJkUZXYqjG5Cfl`897ST&VYD>W9 zpnd`(3*m~w&xo~<3)USp`^u7PB6>d%%W^-4TkO5VwzTUNlX~}oPJ?wvd~_eXOhYkaxORw}9Ezt(ek^cJdzdtUw3`Wwh1`;RS( zCW|~6`itS}kH?)c0Ut;e<*_*OIa^JqBvXc+-?HC5Hzj-trdkUwsBlYSQ8q;-J^7S+ z)XL4t9Ty}?p5Bzs{gsSq#1@7E7p<-PzLL>4J){f)Nn+@?Vo02d=KIL3_A03;s{|EO zV~vcusp{)nJ3>#l8)Csw`MFtT7v!Q$NI=QdaDiibsO$3%Bwe9p4DcTHy=6GCxiT#u zah!U7$fK=WJ>|V2=Sl^H!0Vk*47-N}!Lrd2WTyxdp)9%?;3Y*L1$)Ok_w34k60NsY zn7c8Mv)~G)u={=IQi>Co7PygT#4gO*!1-@ZoT~3#!agJAk^Z7R1HNS*$#8943H=Pc z8p+o-uBWxyT>~ismKXPF)5$y@NouwxBt4hC5tCfV_b2+e$y}v2k|bS4Wo+(=`CAmz zV71fmqJyk20G5ALVzYGVP!oiXnTEM>q@@}o0li;NFVh)T7@FJj=YTlrh#0(*tZYL( zwNgvVo+2q((9Tx>i7BALE0~d~hTKyuiVx;DVcxB$gv?`dr1Bk^v8c-WQa9@Q6h?9u z@D2aIG7B}jwh*+zM5B<13?>sO&2M{q;xB+<+1=zagn##gUOh|D5BV;%PgFJ_EMP5p zCzX_H8rJ#pNq=ilX5} zK*AwYY9~uzNZZjW&Z~PH%EDZk+m!Fu%Zddj_8rg}NlF}EX+0?&xu(*SYX7_>)64_&)cyxXUCQzY7WA|Ji>mH3~C-K;a2Uk8eD9-$o^=lUJJKsfr6%{d%(Kv4;Vk{$ECq4AG?j9`h6f$&jzclSct$%%jSj_s+-|v3n~60`#xpuDcwo12utU7+ zrU%1g1J&b_^d+oz9grmmrTmmy6zpfjVnS%E?nBo0=gpyNA-9Cpp~hZ-b+nFPr-@Dt zCxdO+eRlqV zBmWUejnIa@=TTpJgn!=5$6%E=Hv(pOQoKmwu*~^jTi*v@uK~<9KOlZcH=QZw;c?~& zm6CctsK943S=>&BwWw9Y;CKLAq4a?3c$xQ`IN}MG_-~xnWL|_Wwi45St-X?a@HLf+ zcOm4nv-2{UzfC1Nm?N%@B1i}&ln6c23K_Ew{5k9V;-j44@qyveBq4XgYTJl>xGwbf zJyHLljqEnBfLaGx2b$XNZ*i(j0!mu=rReB%vT~y$qdP&B=XBYGGvvbW3kYa@8f0#~ z>Z3&b%vt`aB<=Pm{!+0CEdRAC!Hx_YHYeW$IfAgNjB(zWE|Kd;q)y%}2LeNW7cmk* z{-D;mk*+mN|2MAxCOqNuK$#N#=+(f`oh=WY^nR#)45*bc#{<5I$%0&J$gK6qRF$ib z*T+}=)rwJ%vhD+cNxOEH4^r(-GZ_^~Z@(_w!GwQ{Bqx)zyI3Os7CFSZt~Y`w9re+r z9Hv6C3fov7al@a^@fSueIJ!`34>uz>XVP)B1)AdL`sqW$pBbZ#kg?HV;73VfkMWJw z+eIlu3g~wJi$#R_u;-ar>o3sBP1wO(#TlupyZpl=ZM^K}pVSZ^X#iJ!@*s3HoYgNw z(^J!xxNy{xRn-FZ_ex(-qQTO=PVN!@5{~tw2D_a*!wI;58mIkIiBdh?fR|*lqr)~d zbmr5BsoI}Rw>)^zzG7wm8d}L+0|mL9t#Mi5(QdCUsj^T`hTb1_+;9K!(p)uc2GE_a zU4hvo_VuTpokofADQ5RN_w##S!Vd(G&e$4~YX*n-hA(SO$W8pst-!|y zS=M=7!BkWAkCdkl{znWxs^amdqPEVZj}u4fsc zge2ozFD7z`F(N!yS9g0$^;5I21U{b4pRSQnQk-86CeSF?6q88Mv4WQD>w;OEBn=r9 z1a75FVXpe(pHyy`B340Pi1yVtuIH7KLlT4!}c|F9r^Eb8&`f9X2be{+26}*{h2G({Tm-+G~n>jq}xbSeD4|jz)hGCdf z>a-qH-Q${<(K2dY-%isuR>2C|8aLg)#3<36#&L-kIe)9n&0|PY{?1?RGwKfGJ>NWD zy!snKD5Xa8beE4qvQcGKUkEv_{Q*B|;cA{SXnG#R082Tp!T*QCBOsnY33MG(knmPGfE(EDZdHYb( ztvuWfUa3~6l9FmiN^tyLw1@~Y^HxNmlY4xS!-UgseAgIzg$hz~AulR5M_?-yklA3jf;DV^+%AY4*NCjBpcNb$R5)&MdKAtc z(xu#}V*49i5{ha4ST2y+wM8>-PvG071$2fVb=?N1&tK6{{UJl@IS-)^;Yj7{Vd9bS zAws6M-HZ_=G?^6?3hNm1Jnh)@!d7@^1^+HYL;^|8A|>O=NGU{Nbma1WWwuEd z3nB=>&L`AQ^pAd^-Oh+WNYJM`qk2`L{gSV>yki2Zi@BYg606KL)*a?;4!WBJcMaw-efs0cF2V} zeO6*Z(RcIict{m;6$x7$g`#56!*UjjcOgd;ik%%442eZmlBXBUuC2m zkr`lhG|*VPB{9_lLQYp-7ui8UZkR@d+!g*vZ* zvbB8*wCT&S7vO6N%E!KSK8H*m@@D+p3FNC++f!A_9LN-r>AJdM(AAB!Ib{#C>r6}? zS0iKHlRiQ)kV~g1J=WBDDc!Omll^#{@!{EI+io)!mg;Y`%P_BE(38=FNKUo`hu{RR z$!hYE-*m`T6;+*R>+AlA2(sgnfdgH#xlnNb?A#0v8(`RF0;zN}J%ad$a<(?#V`>{+ zV|M|XHX;VSrz>@5b*bFAOje>ia)a~c$&M6khSe}* zA2IS+b|V%R=Bi93J?<1;rm}xuLi6k(5>0+FY(eg@3&dDQcmtqCgdx;*9PSd3Z0=~t;Oe2DFR|}BwuIrVTz$I`H=Cs-*(hfp_38C|$RS;R4Zw4> zqXF$eSJp^tbc{Ojj?K*_S!r>d;6sX}!$O;i7aePiw$lytXrWpIQ$-O^1fW#AS!-?z zcNQZPdb=BjZV!1H4ez>lM2wIU0?H0k?>Rslq~sF1iHijW)$agJBoY~@S2EmI=2*nk zgzRBspWwV(LO9%jt#S7E814#567(um3x!q!92>eK+Oh>df*1(d5cS2j@eq>F2>h`d*Wp%4!)%I@P zsLL)c$!V#AUCfcTcL#U;XKO$xobo_&dW29MG?{z!TRKxj!@{i&m_S=v>0_X@rLqd)xie;pQNWO@ryFr|6-u@QCuxOy9JyDDz2^$pV9Z7pSZCfc z6inY-dOusRGxCb0p&71Y6i4N>jDA>Jo_#lv8b&rk0vbcRZ+b-^FjhUdFt2M%SD->O5KZ*mO^xb9;;fEGi ze0P>)WLV(?t7+!(@pwLSf=IHleCbrHin7L6f-q;KyPrrslx5tuND8`DJtZHa-|3M;?uSq(>~R$8{MkNFw( z(D~(eT3)C1YYQ`&weoaG^>_{ITzWeXX- ztgxVgY6hGvn8Yj>)f4CYaQ{j0SA6mKM$vahlYgC_#i5=hbV&5C2kBd+U})WIq`iw& z4w@hSAgd>ePP_2`v;b7)G};WG?d{s%>AAc-xyX|_w4|3oIsvcWm}r}4B1@H=RiOV$ z7A`bQW5fq;DCd57Uh)GZAOqX*F@{Nc8j&|h#T_(ZBzO- zy8mN}O`e~I$maZNQL142EB(t7Ky6e&k^iTn7~#C3)vSHU<8pSw7Y`WxjX!Oir_cxB zgt0l)TU;Dc$ z&Hmn=1YQTGa+;`!l;O+VRK4Xuj7j79N{L}htryo|-^P4ca@||VM>FOaSkx%KAa1{! zK$d7&xU*w9XwFdky!}Y|4PIs!{}*0V!@sX6)s>fk+~9Fy%Oo2-aJax9YzZ{i@{vDV z{_7B#*tj!b*n?PL5Cv zn|+jH*;%EV6(dk0fnhsW5u^z%dPuBZUg9>xc33oD9K%;V*2m8sRG)2Jn@8rH?$%bc zzr5k~^=FBGKwk@1Bzn)e4)rESa~`*0Vt6(rr@Pvq?(aj<&9wH(>NiK*+^X9OVTP=O z(OH#TYU~$t03hQv+O)7 z&6O|SttshiY1OV$rY+*K(Oj86g4&&ssjYlOz~SZ2{9*Dx;8-1G&9&{=7|bx6U9^Wosyrii{0o}cI|%iJa3`}G9#l@yU6sDqr;H;Zu-*liS)-J@*jhP}lTS1#}?|Cm6Jc zTb#Yafu(d_xN2+Z`Sp+Wzc{LA37;R_C{xln2k%=t)tOLULf ziIVhYn`G^jp{FFq%lhlPf_W>@tF4a@c3yPyTI zsAXe4w&gohu9Z$N`l?3kU$h6rq%>d3M5tKTxZNm8k3-LEiD_d_lUvZ5FYLeo9taB% zft;%J0;PcN2CW^t1S&DHUr6J+%1+;c@{uh!Ecq7!^WIgb2FLH--ymFxzDS#xn8u&Y z_1p<{L4M`SNu;uW^lEDzM#6;xT?Djjs&i!BK-|XapGKTCdGJO4#!f2Ojiux=NSZ0c zdpdj@(h|32*(uLfZO>*Frk}|M6g`|3yZBH^Z}-=ia{M^^o!2cz|#%X8u#=k2Mgxz;0E^pfV{5ubb?a#(E(X~h-)3B z;wkPcVN+w57qstNL`i24aJVYCd`gY}f))JQ8~au9#}ShNEK$F4A-6iHNU;y2#awkQV7Zo`$%`} zlS^|yX2~2sdVAB?DE%*WucxFn**|M_hN%q7T0?L;>pO z4WwosSKKIu#^;Y5w|iR)xjO zK5#rNIsIRq&8fj`PGk`ly0=C533DZzvbu{tR~RB;e=4K%lzm|R z$g)CXiS_wYyLZh>j#`bG2#I1mwQ+N|4uf4~EExuEE=_C61*ro50pP9=3|A~%_h^cr zBGgQrwAjI)CjB>5QjxV-#ahx2o>V?3(&Xj^2BQpJ8Q5KTAJ68YQfcOtD-ZoW4^{ZGH0+ zgMc`6Kwk4H)klLWWx2ik8!Gf@X#keKWe^qtD`Oh{al-j|Q zuA1k|u1%l!iE{4Y4EA;8RA{Xy+1P6S9yr=U?Shbd{n=_(`DyHt5P%@Bgj%F}^Jb27 z%J62rfrWm0Wc{4a>sl+DlfPaohGyW&ViJn{e8TWPI(A`Us8QHD1 zvHm@z*b5Bl8*YYJ`TYGA)&Hk`7Hb`wOOSSZPH3&SiRrO5UF^*T9MsOn7wB4tL`Z6~ zni_Ry_k)i&LQjn8iNew-2SwxX!kc#w;AU7N~ zD^PI6dNdSn+84i6q0fCW8l^%*#eU8C9%+#lSEs8N8g5%t|8>A2u(IdORXVa>BO^E7 zx4}Ae&zMgmItdGdfeSDSPWwuhz18wlZ+&V0YfboecA~hcHt62z4S)aFzgTUCkqK)q zGK1>ktXMaAq{{3KBP~UGe`^MT7Z)0{iuVls{)q8E-+BKE0F4Nv-JO*>K3g#N+8Wg3 z^F|m47x%@Win&s-jfJ(&ZN

#N%C|T75L?2(KbG_!6l+5-s|u++a3J1)0Ha*~S5g zX1mVj(5MfcJ^y)#$fEx5y_{WNXdj<%**iK>hXF@p_bm;#Wc|b28THJOaAN0&v!2J> zF05S{S?cjgsxZ0vDQG1MW@4eaqWvX~_c#3H_nqC#bsc>Ie*Qs$B%H)=K<40SYBHS7 zc<(_>d?!Y;cjZ{D(HMW?Tz!3ATidX4Y`6r=M@8b9Rm%aj&tl{)Cg123Xq_yjgnXI* z`>kTwxO_JPO+c+p5MY+j@Ua7un|P=GDdxIX=wUiU2% zmqkVaw&IP~8YCNdr19jVe(u$8d2BZ(6$(#M%d4{=#$!>YB~5Wt$7a9E&t$nI*r(@pSIuO4RCiri# zGr-3+|FPZx)$P#)bA847ndiFeP}O#8krTXoME4rLJ8xm35US}j&&RQYE9bl81`}X^ z;*9%g3K4lbDqH-lK)#^2E{E@q49vdX^PTJ-O861*e!dtNpDb1^k+Y3sccWAB1--ct zt@3E0%R@g~u9($*FRD5&pX%I;^&Hc@^`6Y8W$H+LTfkdbc;{tMuWfl98T8hFdg5-H znl^#Q^SV}Ep+NUws(_qXo#=~z(M&;4BL=m-%ch7-WF*wB-ZTwfQqpG*M;6UzS~eWS zen!Wp6k{wpbWXb~cTaBbAgR8)~0gO}4^@p^k*1P((iwOuO&F9hCrKJIMI9_ZXnu6@WwYVmi@ZbA; zEz~fZZ}mIxRFqY9O%F>YsKjYC2LVO9AM1+SNVUyDe2XLND=Kwz@r2h|UNEmPyfSKS zTpz7ARs`>yy+nNrY}Ht-w+#UfW?&~J-XuFy*$dZA7||bWT^@^2_ktO#a&waq(k|OUG91ss zD=fkRwc~enRBeJ2L zMs6w;931?57dErON~Uni){1v6$Fpj6Fl!JNwQ}Aa0dNqF)Wn=QSDjHjVS)AgnK{#3%@E;NjJM`w{et5?BOV#R3< zEfkun1pVc5QNRSjRrs=nHBF}$s9v(O!M>uSyHG7y?OD8kNywM9glc&~@lb6-O#Zdc=#EXAkZ@YZj`s5mz$>>38!<>awcZR1c^b%CmR+Vq!YS7zvi~(Ie{`+z8Z}VPnZoSd{VHM zW6tnZWL3)yTU&lly*^B!kYby^1!+!V{L(~xuYd%HI1 zNgO1lganh9i;+(w`C|ro*m#3M%z6w~o^^M^dO|R`ibYh^74JQ*a&>z`A6LNBs49EY zs>5>bR?-Ae8#mQl`9DALqI9-bF zj}D&uGxXOy*<1T}7v35zp}@?>w85rBlR=Z^^XPzMxbCxZ8FYj4HH-1g@OtfS{AX8X zw$uf7Gok?|8ywb*m(w*Lp&JPbw7BP|I9b1sXihuGAIi!MDwQ9NrZNE3VlgmFR^RuD zqMU0oL>r5Un4Ob<`YCeDog;QzZ5td2_0>MP3 zCbV?)mmC$w_p1YD%}tS@nH2+uQo8|6DMHR4&Ju_Ozz6(Si)-cXXnMHfbTG|85|_1q zrqeYF8g{^#LFYh^-*htfM7?;N7M2v&PpLq$piun$l|t+yZoBQ%Vl@-x3g4dY5bCSP zC%=#SUF|;ZcR6LXouC}24E?RMedej3lmiCj7M6BBC3=#|HpevMd+)Zy{?e)0-xQSC zyRHAcI0;uDaiVX2O+p!UB2EoKWNQ<}>@~o=#T{t%^QL)DZmi5M>!Y26c=4Z%CLHHU z@CsmK{j#CI6TsVaOXG8OhEOX)?Q$BRutL8rN~z7-BcHP36u>r&Ar)zH7{YOVSc5f! zfn}~y=UsMKd(SkTOGRKuoP$AN)O*1@e5*+4+B;OB z=K(7kW) zxh5Z9dI)#GAyMUWNd$4Usba5$_h>ZzGg}52PoVq28!I*0GY0Jpeou{&Uybjp&<6*! zS7z=D3VOGI%LCKZg!J9!5Iab&I(j;%(`eER_KO_qjyFp@8@fsqm+OLNE43Z~n@KKI zbqp`_r6v&4Ks)jkb8MhKyyQIBe&x9R^MapkW1T+TA^pp)bHLy*kP;D0O?`hPpP@b6 zP%kXOAbzpahB8}e%r|j*xWiy7e;m`-W!$LSc^%r}6iq)G^)acxnW_``3`h)NUTLH` zKG_iEs$H;K=J4>S&ibB(o6UrXm@W3Bx?=$OU-ryq;RhBz3g6CKdk})(FKmxa3*-^N z=2aPS#7 zt8I@L4=1mvz)>=BbZgB|{JLF5RM1tS{f9up^=1^vd<1UW*pF}D280H0woVr<)>`@C zyFCdWIbMB!=%?;y#CN>TN-QbK$Qdsc4C09>1Sk!CA$I96TbbR3o+mC#n(@ms2M4Dm zz_-;!D#BW-c;@^Uh$~WMHB$t#H3)5%$s07=BP(efXkvwZ;iM1Wz{$OIzWfc4d1#*w z2^WbcIICrD2MP%C2p(yTyUaRpFkT+gxf0)FbrBtT4`OLE!9&BOjsp@D*`BbS!LiK$ zL3oYH_=^tVX9lyr9&SrC*1=-g-BqD?S2D(?K!ggkv);lTZ1$`ts$0nxa|T4@hg1mx zjJvW?-`Ub_tlPS$&~}usei>E@N|WSSq3;Lpga%HTPZutR0FLrY#7}TXI8{dS$2&B^ zy`>D+`T5QjuDm6)yrHNUVaEd}%>y?N+ZG%B7{L@#>%lD?+AzryO)(p|l?H8bCrv#d z<8jpMe>`%!ERE*}q8iubvdmVV{i1_uM&og^XI|@96grV_XCAa8jmMG3!TeS@Y&%4$ zf`%kn0C-MdSBg!z>c+LVcbce8S{6`>y@Sj#>9%n6plgUHckknUuItl`WDUmkLrDUsySt6#-x`aE zijk~O({8QQp;6A>9+Wh47=(|*+aC_l$L(>7_XDnIII5<&s_egBS?L5jD^{dhyS|r* z-k<=#Ao`_diym+eh)r@PzJbElIn&X&vy=BS;)uNJQE z8ZA$;!I#!N|KvA7cd*kCJy)hk4-@?PO&a>e@_@N`ECWBcr{T`(Hz8%5*BAj1<$Ve_ zxHb^8nJk+9VE`8ejr7Mrc4n(ANuzo~w^px@+&Q7umg}O7LVWEoX?mmRbhM2J(B}3? z11v2uWULPr3ouJuZ~se)iChlj&Dm@e_VqcN_aodErG;2n%bDeXUmcYTSpmm|?D5_P z!nmcVvDL7Sf`Zisez2N$ROJ$%Y)i(td?674nG#`fS3^(Oa0n zudQ=!J<@t6m7rF&~k(bwDJx1|!;>Mu@lNy3ZRVhW-RQELI zOBxYf5|60PpFaV^E2Rz)P#|J*)4c!+8w|DQpDanuSa78$4#AaeP;YWh{;3o@*Wkdc zX}byUl)7Mh(5*qO@QMb3bc3con_#}o%ZFKCiz&f=yQs!srit4;lt5BU=94V2emoAu zxU*${G})Jv!sGaM(nFx#{djkma8iX}a^!oqf-E!p(qc~9Y?tAw@y=3_qTVJPvhjsW-G(JSn7GD?K&Q53|3~EE>BM}tMWfg zXv{;gJHX$3E1A(Y*4J16U0#+hq)D_vDXFzxP_m7S{z;A}0+tN|iE_|Y%&yA50vk=( zFzXx75rSZTc70Dx?A$BKjj}#Ml%#l0{pFLt{+g&c^b_{puLQ)fhN#rgDO~>JvAnsY zIfb2F8W{M;$y465HB*i|X!vGfrf37;JJlBFgifbG&I%^xH|M+6J%Ym2OLIo(V?T4v zGKKEAHb5$)?#fI^NN|Yeqv_TY{s6EG6_2WA_mv}Ws^nkaKAj9O4iy`|1cSisBFYpZ z@~;6kV01pBSUk9~xYQr&Kl3&HLYbK({=0S$Rk_AifZNghd%m4LNR7PJ_Y;Vc%pYQ# z;hpiB6@Cpr{ML>ImAU4cQ&xTQj_Kv*(UG_DivE{MN0zvy8}u2oE||3}MP#CeFQD zMGg7HXP_yCP|^gOx;^&=3I@$K=py_^MRl&SH6}B620n7R4cAR>c&f-;xsWM!r!CXBsybBVzO7zc&lx-Ia*R*r?#$bC>M} z9C#>O9Q$X>fKK@IbPY$KAMQ)GjU)nC4CW_OdEWC4&71DQ9F z0mg{#mx40s@?B_#c_<|WG5#?=oVq|-R zhKr!G5fyHE3n}Co^CYHoNHh+;t2-vlgz1ypv6-dmx01$?WuOJ9y&cHK44c~J^1s)n z#L7p0Wpu%pGM11FtFEst&pV%h1f#V{{p|hQcNhZc!}d$vA)ElJK*dR=<^cXc*9Z&^030ro9~ z%ep%}tqbZz1+YJ#yogAPR~STA0buXT`%t*<-J>r&adJb~<&!QgNus5(R^UM1)|^NP zln*g;&aVp}bmA3%9r3tW7DUzf^;})?YxeicUH_H1^>2MMeWhA@ahl#2M7TCp`L>7O z<^7xi_|j1I;YmeV`X$GN?#Hifkn-5gXQT{c0lMF|vh0R1Yj(of0x%CgCfK?mblV)G zO!*R9efQKkb+HozLpHHJOv|uyy?hxB7RooGtDR)T5yF)}vtS&^O4D`)*&>uI?+DjWH*t$O<#jpB3zOT*&&))El9 z(j!jM->ovzeFVLjs2JWC{L7Td2iq+l+^&zg3-d36-rll*aQgVB>&^PR_gx zgg3Ew^I5KF-@1v${rBZ5PdePe(Z8*E)0+%Og{d<@6F~e=akF9p z6FlXxmy!1{{i-NJW6w4AjJ2wCR#sN0H{Iiss(Endn6l7;W&>C@FU^Bb_b@Pn{#L*7 z#jV~!>;1+soHCm71Q!go+MGoGVf?(_&RJB9$~w}BnVr4x{K6|I7W4I95b5bpC&pLz zkJZzbv_%n{g3$8uh+ zuP==2*-g*=(*wfONsT*H4kDR(doGoskzsnmUtHJ4T2$~%p`c1q`C<-yJy8TlM@PTC zlu%EYsZ_yxEiE!k4uyzzUi@5Y2@^!4_!gcVGCC0V1`0XbK2Q*yntN}dMc6U+{elF1 z#cglDoka38nz#!sci7pg1w>p|a4w-YnEvjOK!z_+qPvcVK*&X{j=^iBXM|b5zlur^ zy!?tkLZWl5CcQM6kh2vx)Te#<{9)M$5$X9sG@BQ`6!bFZ8mCk~D65ArE#YN&JmD$` zDe5AGI&^UZ)Vx6ZraS`PSH_lNLF+Nc7kqP~2?ND+vw7M>IHB ziFmvJP+pd|w!NEQ!#}^EK6PAdu=^t~@j>`yEb~7tGvqQ6Z}7TGpH(|aP^AcY{PB&a z(d!V;PxEEd%{ASVlJIEo*h5*h=#TomVBagt%yV-ylRoT(5%%Pei|fR?I{OE-^|?I! z5j{&(s_5rwXgMkUZ*bSXHI}w;Y^Tw!aGA%+7vXOItHChPoB?Tw7gwU++`0*2k57CE=KOAGL-*6+eLa&tHK z=PJnS)s;*h?(}n#gcARdX}RWHA|bUr_{fRejZcoZ&+|H!?%u47K}LzJaT%bP6^lD# zGlk2#S5m7)R+5cpG?j{QuGO0hFJ)xq#|xAZj@V&hc3aqt!`gNG=vY2)Bakkbi zcN%z0d|1lTiEvbZkUjy{A`j%*NcYF8TL#6pMoq*&K`kX0T zF?_ah(xQFe>S6z~jT8#|ZuNX`!otSRFT08rOj6F6sNliv5TV1ro|9z(zxBKpegIDy zjb|AiU3XFbZ5n_4^J$)o>ob=FQ+4ql5Ad5$SIV?^@2akw{A$>dO%{B!ZtV-tuDZ6| zUIal%geS-NaL*L4O+`_je&)l=y*{Czs@j?|ZG}=rhHu}gF1!0rGd7lc4)bmz|`PUqUuW9mR#s}ps+^9z9v3P}*5&;|Qbz->MJ z_Kvw27M7X4xFc7JHtssnd$VWjY!uAgtdCY&T8%-i=qOAVIOAdZ1Z6?X@wsIKOgC&B}~`K(pM4Elt4lrF;bvWP4Of&VZs4OD{ax+VQBl;v@HYxp*XMOh^|xx7BUgzdqBPcr~^73M)S|(?6=tb3sxZLG4|4 z{~KrCk9xY{LiL+{^z^$Ag(+24~Fsy@6yPhWf+v$5w_K=Q}7 z>nN%lVjQ=NuFk>*RXUsIK6%_!S=H5E7@0Sgbtj0rdDr5XS!XE^WAorQrTR;u55z7v zO)~NI3;1Z+Ke|XxM&1kg!V|McN6B>fQ9eVOGa1Wq*0<;PP|v2`;t?aWwOpyGa5VHd zhwY)8(1oQ=wkD8U|6o|d(#ocJvI`rw^V5ap-#XqO_LEXRzPudGkx3`@cys%%iL=qY zFTA|TSPt%I(RTvAPu1LD`FZWEy3!jiH4;*@(h+MpRqY(x`PM3tRlC7gY}qQ}9cGY9 z&s`B`CSjSVguh=Wdzw%ul+#}H;C$fv+LI7ul@R& z+4@gOcX3RIio#3A1qFV4=_v7Mre(*%P<6%}W)Zyp_u1IO*Fx=QzTH1EtP3l$=$)0) zAeN*fC@$2J2~HO=wtE=>9d6m;$w*lIzR&q>ojZ4=INf^}cIz*N{}eIrlb7u-a6?J) z3W;j_uxM)T_~~NmEmUNqUiwSkvZBxJweNjfRjdM-l_kkkRPvM!-dpq8ka}`DD=4tf ze7{X&V&ZTNSMPgCamPzELQ%>1l@->6$KmX7p=PYuhrx%H-*zUZCpA|V?JSZlh9mA+ zemEA&DBHB&%aW2+kh_1_aS&3V4pzb}>Wn>NN64F^6AP2;Ed&@Y8&TN(8d@0RYK-{2Vk_S{U^y6A_`OQy9K>2*{kfmA36gTr;Y z;P{DlPnQwSs?eYLtdhyln2euojCAyNHMOAQ5Ko6E<4ee%5{0+AkyC_`#m1h*X`HkO z`*;ZUqGNnn-V^w4iPHX_136EkPlMmzj~aep$kqQl?eBMoR{_iWtVi*i!#`9UT|EB% zZg798RaNphr+s*m0`WnQMs|AlAD~=WLK`vPyf z@%mZ0`#bhKG}#0dc36nUEGr@Twm;;I3ncnwzXDW;dU5eyO-TUKmQ_{^WMRJ9W^SIp zy&9tIeV&z^QYzC zdXcX?xU_*WT^vGeIEbV}Z22t5{blW?mEfR-wkI)Zw*m71sjo-&bG;8)ck!WFlDkk* z%9A)t(e^CTTOa=*Y2iD#^~okPRjLkFqNT9o<8==ush*%_*$7Oju5KA@no#ET=r~6S zSQ@Cth4l*XGHpOy+TdYp1KJCepoM?mE2l?j3b|%!wnqik+pmmQYOk$m-6yM#3kf{& zx@Jw^JSDN(PUk-7_*g@>dZW}*(ENS=BTI_)+bI}`j=9ft!5P@JVz&unO{9DH4zTTA z6*T_u8w+NtxFzXgC&Q0d*EX^N=R!HRII0BWM9gj~Y-uR(2?H@5GxJRaW|g)w&!bOr zMbCNq_5t9cUGA&+YbO19VlF{Ry{)Tx;jbq7))vZM4Cy6hQ^e~L8_INyb-c?bsNA)rXVObP23dj$5o|Gw6K?3Vf%sX(&;{8Cc5i=t=x_M!ng8XM=TXa~p>OMWwKFYg zcx+;FC{250GrTDY*$`3NS1{2q$7=70)YUD$c=DqblXtK|*+&B(_olMCR&#mYX3!+2 zDua9*$tu<{EvI$*+ppz(;~_tr6xDt%O)VYX=fwR{HZ5-Z`j#3Y5iN08f`^C%=IQhu ziaSk{O{mcBgVej18Fho6{{=+uti{RC|NdMANMQ`x;2C3&z%jo|!o zL8cii%TVQhC9F&%7#RHH743q}j05L~@bTLejk!;69^4iAImX9y7EOV!s*DTd00kkd zqSQJWOJA|JV+`D|oAN_^e9icQzuiQ?>xlz-auUm0d?ICVcR-&1#UomGSd~yg0!!UB z$w#ejbua(pvY#v*K0FCbz+ha!UZ$l)L5$_sk;m40hAd76i19aSn_y_g3h4(@^-E0R zO2-XW%41i%-D&7C?9m-hLbf1<2$jY>k|KgPB4{|HSGT5|*r$+}6t*@*@McNgf3(Gf z`-O=6TP>CJS>QQ&oI0p|vGn1>8KWn=vPyDK8kc_~{D4RF+~G$37)|-4GKCKXkyX|y z0C4c8>t@1UX{v*hmDs}OdpR1G-WrTM_)&iLN30Gpo)#Q)vN26^lI7C( zp06s(h}A78&`xbf4?qp5$4{OzW#t$rG_3R@c09Z8JrHOC-KqA*n_ z&wKK#2^0qu7vGsT@du5hSeTj`C2s34KX{7hA02A$Fb)`~c&ewZQIHkao)d__C(_x` z(KuxBp!~RzR@jU9*JgvW2--C@cHm0+FZt-XmUI!!2JgF2w~3a2H{YY7v9z?D^^wKA z5^+ErDSb3KO5y96-LE+PoPkeC9wMeyBC*k%rdlaIAo7)&Q`_&BC=K)RKlB)(M^;BW zb7NkMn1P05d9e8KO)Xwt)A$-~raqRxuAL$J^+B>$aQ8z~Uy;4R-O8V=*B0>!xQq+( z!+HW}2q&VwT4grM#i%6T%LX(;uP20@`)?hR$pRy_13l*3EIF;iN1Bu^8D8OXRteM} zBjV!YlAX0mtb^)mzGr_giDVU}pbhl;K`~qwTwmuoyJ9%{vajAZ>GJ%?Y354fRsZ1g zS2X|Vg`&7)-b~s?=}dep)e--yxQZxk3kp@%}|EsnUchPiY&=od-cTCqJHK z#iAjK3FB|p>dCI;e2MxKNb0fZwotrmjEEVy;F@6|z`C~_vKv9fW~0QdmX#8PkgKXrN&+Sf&=6Y5T&5>jM9Z@pS#a?dPQSAj0vDjF5}+Y zbBbbkWV3>rOejk2V2@Id@IeUR@jW|~b6Ksj6lW)8D}IUt4KHrasha$ehd_M94e^$# zb9tpUP?As(hZK+A)%$O1lIY~dB8IZKfO3pn{dn+Vc58p7f8dYV^FPDT3iI-q5JmvO zWtC+c1L)#T*gmTS6um^l)jDeMCW+OKiFEyS6M=aDTS$#ZIUy=;*Qp5|j}p_lTT>v0 zPqO#DYsBKlC?!Hzd{8l@Pq{+7PcItfEy@nQI~S1@bo+!dY22gYt-!vFM31_NgGo)g z$lpDSJ}T2*bQMWc?4RDJQBhC-44T>)rRQVJ)z}SbH4%?NNslrvm{u7(DEga_&lVxc z{+5fLDtXrt$tA~ZKJP4Pn*OUUoXA{@sN^cvq@m5~F&o8LQn%`S+?Z)O`Kd zZAPYk|5yGmTkz>)_t*5M+~i2tFH$U=v)pI(N6?PLn56$kwhZd552*oOs@MAYbF*Qe zm-j1lnjuzA1mZ3GY1#hb+*5>Ku113+XLPVnwsa;)FJqNHB3Dxl4dP9lcookOrLvf~ zDk5swKAScz`nM$azMjweMsSw*cvtL+=*VI=_|Il4qvH?L`n&PvjD{bBn z3fyv3X+EzJp=e<0lau$Sv+ecLV__8z2Gul7huEe0^25O%7t0z5Pae*$$r;TuPA7qC zxwF(wJ_jNfxs#4i6vW@`vAD^jV0R)x6x?s0(3xX#QbNZYFRV0+_hB$f zRpYP5FliS(HCnr{5j(U@c{>4njPVx-uQy*bP$OmsGXr{>BNdhAYOF~xBJKo~z++my zl{T{u0_a@^VRVG1;!j6q|1Bgg9TrTv)t+0(N=gK!s<0DFq+aDV`ryiVD@YbquA!%~ z{&8^jf8=yxRkgn_S#|ABK;iMFJ0)bjU|U6$V~v z#5hlq3~X=gpvNGPi*1*FI!)-)e2A>7Wr(I6Hp4uj@~;8=P=4OCDT!gy!`7(6+bIB{ zb%%xr-zo&-R=qi5FHL()?`-yaC>WR94$FU1F1h=MT|hx~wf?BX#vuCd@o&F=ZB0~M z_ld>Q<98g2s=j&WMI#|Mje#ysclz8s+sqWh+eXjwPO|^!T#jS+mdB`GwcgZ-Pj=QQ z`_i1~Q3L&d9(Xp&KX0xRo4(k1}*vrWgYICA&!)A3$sVahfRR?QD&Ppk<=aa}PG z}`9drZ#vE0)CQjfq2F=s|4hUDt*(G0feZ{%6!N9we&3GBW(A|8UCzE zp7=Le)T{KAtjliaK#^?YztnV%AO9q+J2V~bQFpr`=7^c_>n z<7yTDFY%(#1oB{zJ}KhTz-8P^i+|_yn0`Qhu{XjeV|Xllrt-tAeMzJP{^RUK7T4Fc z0Ocx~7y!DNKmSwoGM^F$B~cozq)lN@()Jsu<(`)wd97Iwjm-s3%F-nxm2V^x${0JH z%#cnF@jT4UAre>C#f}fT;dhUtIwU)k6~0`Y=J9p~gC~x4*cNu}^8Fs~gp-;hLdm^< zv~jL@HRZTWgw9oAlXG+t{j9ZhqMj{q;AI<*r)RFji23HH+7l@U-l}>q;?L|HZzPAhrC(sVzv$b2kjj8& zgGQ%KkFW1wHJplExx74ltp{e^{ZrjIcgY^KL7G;(Y$YdmcBJ<2#Yv44a>_kp3NMjA3DH zGp79zp~xVP%?QhGukNFeHE|1_YUs?$`aj%lEFxl3naj4w-R>FRm*PeI_-6Y$Si9j* zKdKgmKXMcFz^{o+n0iB(Rucaca3YckeZ+%R8(;DMS(-u9;8EUIax&C@>J_c%Qx{kXqJq%@`xlFkK?9(#m(u;eBiP$t=fqN1JT{!4u`VWctp311oRKZ*BWhXN=o0vTNPt6 z{7PrW7t~X@=L7qRJ_fiSK3C;rG~fSl7gJ*IS=v)Z7)w`o*9sjQUY~(8^v@5K3j`Tp zm$E*e86dceOX*h`d7J<0g#Lx7kN&IC?@nuPqkL0?qmmf|lP{cVIB7`;A|pP;Cbtki zjMnTA96xNF`6{2)Y>zqBP}7o-FfN$AX4y9{nEvqJt|q(8(Bb&-W=9bX8H(o1B4for z1D0&oI5HK4HVCAI1h2f@LO~F?ZWjs=N`$Z@*U$^PtB7;i(uLn&IAWaGNmB2o%)a;& z*p9GQOcs;sR3((aEVzaC_bN$R z(9GG{+gph+;d>|mpMrRS2^N87umonTKm1NYm)tLCyl%fD*>_TMs|591|5-9_hM3bm zT3sx<^m!YycPk$DHsc`hiv#vxW!Au$!A#TI)Ep-@E@nfzQY@v11l3Ja!ziU$%K40? z+4GoiNAL^o*`~FWi;VLHvi_ePa(V{rVMbtkUBd5D)-H>-W^F2!6N~~;4a8?W+grk^ z_d0E|)hc^ICH&&=^Bc%&R;|kO0yia0Uz18AmytAlcl{3=0}~S+EiFnxK|%lMXmCXZ zxAmVwbRi)j&0yJj0OkK$mVbXt-a0?tZl0Xf4-g2UUf* ze)#U7)%T=}+*Qw0y#J8k5if5*S{ha1^Ac8PG+|LuY8*1o!071crUm#uDkkOBkUvFQ zY!{P-G3n`1C3-(h8vRgY6%^E61eV_Qt0vW`YZMrLVcRq?|2{D`AezxwT0i$1!C4-@`g&o$qyF14|;y8qRd zfsc=bM$AW2Ru&URy4l07J&LOQ>(}NO+NX=>4okMX^R4CIzngD$_w-0QIq@_#H#=Tk zxSN`pahFL+OPh>;vl{zqq2eB_OY5>VP6EUI^84*uw=~Fa7Zgi8Fp%gz+WN(owHbx4 z=Gbq~qv|Pkb@I|*a&l;hNZ~!ZzZ3ym*WdARlb$4Qa$fUWO-)VZZ??u!JDpVz4i5)v zT(>0*j}H%}w6)2vjvKCNMMcy9HoTe=baQjdH~Z~U^Jc5R+_+i7Pz8c7cwpMyee{a! z9C@QQqotYN=SNEfCPB-Ki)hTu%$mVZSgWN(MY;I-g1`$}<#Xd&ADbwG;w5|MSu(b& z&1aR2wz=kDo%1}!O(#2OZYPp6>fB^-5j{?aR&I%(`P9xA-Sjx|w}K#dlb-QIHUm7CileD|Z@tV>7L}hr zf07HmVYe~7;-PW*kdP1<7>E`kNv9c{h3{^r`uOoVLyYB(RVY(lW2W$F_8A@JEM*m+FTEwg!uRXB4*{;rXU>5+qcb>Z2t@o2Y&s^ z3%e(ffL^+>zrVa?g_)7pZC>(Lx&VQ_VQpjLr+cYlj;Iy(GjwdcL@QC$t<~8w##VNb zoayPSLS6!3+!d_HV9`o_f}P2+CKvGH#S7~izc8qvHbU2|5hSq(D+Jg<9UUDp$=YqL zt#gh3H+tTDR!&<~Zrh$|==0bf%vHcqN-29$7Y3C9f#~`DyTWbP1PZCq`fvdz9^M0o zT3ADMp2rT`(;~>bLqS0)|MDfy{U6*)N3H))_kE^U)3x{aML0P*(c^YyqNyuH`%)h} zV=J}MhuMK_f_9CPu#wMVk2b}m)$uU~)Nv`rbb@D%! zV;~F+4yG3tri3eOf^k-Om_aKbK+Xmc5vcuU_31Ez<>g#~K|#Oz`tTG!a3&TRirp6i zyN;`Elq}n#SMu|CC2g$ir-IxdN`FMg!n}jg1V80u#f{$+l}}ad?Z0hIQ>Ca8O<~a% z%9ycAa+sN$gDLM>?7cpoi6-vfez-2+{*@ueo(Y7N*RNk|5J%cN!l7CR2MMr4J=S@^7OkAHOvOzg_&_b{EtLQ>OXBS5rTOk|7sGHT0fC zkIQ|}G&!^?Gn4iqAD_;7TwENN^RlAtOufNBo0u=%*DcmVbIsayHe`ZF|8B!Spe#&Q zdyuf@DLuVj{$1fSCn1?&L?=Wmd5SE+xiAz@VI@xF<>loYHq>L&vyNY$AL~rGtPiWI zGKA53)0^7ZusLTkXm;ATCMP9fdV70EPzjNWcpUgaFZlND8$JXG$@$Ti;@__B z4-YErCis&(S7&^$Z)ZN!&XV%QzPrm=a=O2=@cZMV{*jTkeAVpPxjFxzE*o##7v`3_ zKkOVIw?nx~T5yE`wY|MP8XDR?R#t3bYP=gaaRWbmAfu$D{8UsFo|HsR`Pd0f=*^~) zPeyN=P%z9|rut`PskVjf?PwQx#%6*7*u~!7Tlk$6e!DJ)d0321P#x#s?>9GX!DzYI z>wW-t>Qga#FYI$cF8U8ngV~W>oH!yvhq)H4R3Q&yFvX-jtXYwYQ%e%!I=TR_Qx~nm3s`U(L~@O4L8& zl5*;YzzQ=S&R3OHQ3;l$`!!kZOh8DO^+rXbo;gpmu+g&#%}ph#ari@qh!a|d$;;in z-IumH-*5fZ(E+C|tnex0VvRI%2QV@+R(#Km=Wrn)Awj31p<()a!>OjIs;VlVt8h?3 zNvRbI>F(Z=f_cXK_oQtRcd~ze!p?+wO%rk@J^ecH-A>QV!-HocL(ErNQc}`AP|Ji8 z_vXh(_M9;xE01hO*q@8|nwl~&5Mq&X=xQw9j{ouF(MB!6C$=x97MEv-aNG#ONg?6l z;sSQfDWCl`rP%ca@7J`L7{6?pXwp+^HJ`op?rQ-bN)EOiBNW<1!1P3w40X4vV`EjT z+hdZGb&Oi{pdA6SsHmu@f@)L>XH3htL`FtdK=-bsYW3ZjMIj_4)ILA)5{0dYPfZ;K zt%NM!*YJxemaVOA7q4RVEox!%L%^X&RX&$zb0@nCJ#Qo>(NfdW67T31e6tzFwS%;4k?EKW1E)riYKCm%brbA^cEG&%u zdh~w8=g-XFZT~h+_M{2BtCfz0I4xnKRk_chzP)jS;LRbc-`!bX;6zYu$fZ2S#AEkuZtRJC;cX$`a#uE6PtuaFtW#i5o+~3)W*{EuZ zy!-Y0!u)&!fpYTU)`V8+LXMvE(dJ+EQV*ZC%>!lJ23;(Q4%g7!3x2&Kblyqw%`@GQ~o`0#qre_F5Bt#JL zF&bDD_8M?~tE{ZB{=<5UQs7w$)8qH8v%dl=9OfjF00{^ZC+~S!bT{|(+@iz{mgCCZ zX!;X$p!C$Zr>94IVsGS|LPJ^kc5|9n8b8$86j&^yr~8Y(y0K|#k*lkgmGw_bY(?AK z=ne)MLH!{&dC_2A_q=_Y8Xj(x9`(62%E@b(2=t0Zj#j6n^_vD(LKaSV^#BTyXhz@q z9_k_!Wsz3dyUI$J3NwsCb0ee1pT@Axda`&<(J?Tx-(NX_0e& zz_GKl%PW$fzWx(g`$%+re7x9hZHB~sMr-VN4ghk`Xi7?oc7;ih{z@PH6bAR>$JLVC z%#0rrw_V+0qwzNQpvt^n8^wdi+$HMhmg(^&G=l$AZ^+W*dX7UXYsbdM%Ad=kAu6;Z zPEOo}eJ;p-uP-0%djQCVi3|4gLsb3z`QEd5PtfClg@WIdXm0l-2$sve&O&G|BJN<_N%iR+?H^w2wzcL};io*n$@K z{P}a}?{8~rghopAf&qgeI+XN%PUdc+!4Xn+?!oL#OiWzd-2Uffy&}K-Q zqq_@}Rw^6WNGbTN8^^~}*1W(KCLkt8LbZGW9)8#yX5H`SU}Ab0hM)?WOjbEMI5<3W ze4V?nwH4`mbsDUrd9c6Ix3j+=P*zsfvygke`#|n($*QWh+8c9obH(#+08mbP2O$ZH z-ZC-=aLh}Zh)Cw=z`JH(V`gGxOWGZ7j7C@1+0TfQNU43(t+Y0tZwc-BuFc+7)^JtW z6w>t$?3vTOrQ)k*A0MBfk*y8+KiOR=__|3jIPW=SvmTz-Wai}NR*?G9tsD0R;q2gG zOUxKIvk)-n5F)W)NyW?dFHDtEl9IDKbIoR=WjylqOiC#&DX%@2x=74TtLY%qE)h*F zlC%{Oam#iBf*BQqI6TNY;Q|mK|IG~j8ZO8BxVuy`u&(BDQO~2|Fgn_x0@a%Dg-`DV zvfwi=NZRS>>YDU_dQ$8S5aPj*tbwB9EgIuEvyt$b#^=PJ zPq5w|p2I0}MXl!hbvnTa$V;nqKLe`bmY|*NXe%=#V*v}{pS8hUoDC+o<9|~c%95D0 z@{)WDk|n=0#ArTn8kktO4-E~?EiDB>Lrk>f25RsYwh|eV;8j*us+mwddPNDeuJzkH zU~CkCA+_eE)Q6>--`yU_mcfJ8iXr~$wDSlgaDcfZjzC}mS%{_!yQAJac5d)I#^vYd z4@wsTF~Vk~SoOtDu11}Q%LwWdxNuE7aaJQUvmjU|_wL<8i2u9Y*^|r*106;9z&bZ7 zzLYKCetJ57s3i8|Q9tgN{mtD9v@3Lh3Ao6XWo~MUCMG7fy0*rB9v2@!2Mej%d4-ON zDX-($!rYt=U@m~{wu7~y*toc?Z`y1Nt0xh6c(sWh9&b$q1K~z(cZWu6xU#rt1Z}w3 z=g+B#?-k|r^mIscv{p?oURzsRep(qCyvYa?Mo!&WvXC1<=7`b;pg3-m7R+k-7#+)WwMWh7Y^8yN01^aaN3NkJ%T>#?Aq2>=&z7{~b8P)RyUQ7`gf zJQ``hF9U^|Y}&fIO;FeG+_`gdamxFm!3Q4Wd6j50wO!@7Q0}~#({NJxk{s1dxO zKP>vv3opnMpMxfhLv@GD)NF1moUFQ?WB`l#XiIPBPqAV|%r+>1ITDrwS?Il~k8c2m z113`O!t-=5chY6Cx3^dO=j#F<3A7!%*TUB!Cs05te6M|S4b=bck@9r0O^reHk4Yu{ z77h;1GC5oZ64xg2m|+JRp3{IrH6JZ@72~czWz zkl_qbZxbqjt6f6hoR)xJ!t(po-X83Z$_Vs|k}_g;)`&#r*n8r6%k9mHl|Jq~8!gE5 zo}i;&hoGbp zL-|b?@yvqxkX2M{iM;#B;rO2cFmK;h6Ks zq@;4`^4xQa?(U8bOjxkyhfDmA9>J@R;+d4RM~l>Q6Bu#<)LKSh|>*i8V#@yW<;ie}&`C@74LkAsYG11U#D0i_j~oSI7B zx-byV`3=nqh9CV|Il8gq#pPwP+28OQ9fXtE3~Xa=@3Yrlr+et!+}t3jy-dV_S2xww z*7g@_7STm_^1AI9J-_?JJ$?#`RfW$h7@8#y!>#d3o$Vs^&r$l@ygWQj#X4WPtOglC zn4E{Q>bAdp8}Mt)`}Y_kA|gr2$-mm#Fm6*k6o;N?Y+=DXS`7m2GZ;ZGXJ=>F<6oHY z-UsF7F^zw>D~fUMjK2qu&EDVi2y%3CQtNPMXJ^+oyDv2`G}Qd*NdWe@+=SNNUgdu+ zCG2b|KdY+~&+4F{6jSd>0jj?LC0x-5=uoaM>-6BDTIpSED+~+_vorUh(NP%?IR~JU zsbvJPWVDUm)dYxhOSGY1%71UYHT)+EQ(yuft2$CSX2lBdQqeYfQ5WYPAxZb-VAP%e z9TU?MAsKCs10VsAkrM+$s~`8&i?#~ZTSWJ~EKL=STr4wt4dLkbdbWZ1fAbZC@Ii)@ z9DlR%PW}9tUVsaqFci%@`1aGo@yghPQ{I32H5k`$k|$!M(mFFL)fpF)w(Du90DQYz zC_HC{PNtkHj*$`V40-s;fovXd@+_hz4GNGy)ewXfw;9z+%$16#>+V7tkjHSezrPV8 zu>Dd`;%BgE&7RUP{O4zehX0VBiIykqtD*}(}zXC8YO%B>FHtgbb*Se^4ly;mr}l*Z0Z ztXHpI$to*9cafFE;M8J`jLB!hReK^kCU%c@W@h z8RPd445L76K==VyTOTPYnh#+u1)&MHaquZT=bBjCenH1}6@X1ox4yYQRaCr1!C$FC9O{v2n#$5LRpaWoHpqym&YlP6spTk1 zqNl4%K}ScIbiFrfL9|y_{^N%XP)C%-UKyPRpE?-9FI8`B+r2nqLv{s>4E&wYB)-Hi z?4F${kBDj=AF+l>*TMQCp8ql9^RoWmXc-MiQlNsX@`KO`6p`!NWo-~N`&fC_>&Q!h zN5SAXkVro@T@y0J2MH>9tIzep!rXFDhjOls6{*iLCY}rTa6*Z98ItUZ*v;uAe__aD*CkU2)-uWcL7cYkCq{>%vCPtq3$ z+)I5gsZN3WU*U7YPk%lMz;Jl;=DG1hNXVMcHu`HpX zcRSxBd1Y|*oQR#!l>W*%1Unn7>+U6!HWeHz4PoSFGuvD0CIjZeI|02@b*!3~mp3*c z0ZlZctlZh$!h-(s9}+jhSxp8)D2b%Q@_8ux?9^GfjHjCAfX+M zP*g0p9TGgC95eirnNLD-huMsfm>A7pywUb}bs&3qB`hLB^4T+dBy0kwj228F_utUP zpt$=L6|s37toj3%=yp*CDV1I(YIeRg+zmtxw#TJvx!C#!1_O1Tt_T07KAyJM3jpeE zg6l^?fQps$$etQ;4^p;Io;*Q{;V_*olak=lWCFigooNumxJCYK(FG1Y^anw^rM0!< zXnW!Z9$Z4=X}ZVZx-k$R9>eheLL~4@b~gX=wzRcL#BHl)g0BUDAqrH4PoT^d|Ln`c z43c2i`4af|jkEL9nR;(CYB<)r9FCq$Zf|REUjTVPzJ9MH*f=Mn)6_=oHW$Z>p%MfL@XfO4#N;l%u(!37wPr_&>DGmxbfkH5}G~81n9jPVtw+&`$+i=bTWsP zUMlbt(V;S#FiL-+6!9PieL`A7;%(0;5g{QyFwak)?%7WLBmv6tWPka0c;qq2@_@N8 z5T9Tgkkgozoz3mCu7O-)jk~D+2mr{KSXjTVF3&4Gk6!^8=oEG}GWyg*FbLWc8HGwP zE)_Pz0s#R*62BbA|N-5ODWK3yRo`T zoDu;9qeJ-U;&eYr#PfSk-$yWjKq{UG8E|KJ_ZL7^?W~p!m`&{;uc+o1%#MYX;VuD5 zJMPX)A?dm{D47)*diU_lMT7nQQ9MlXtLFYM3vjp|v^DYLB~Xcu&d&Qg)H>NafB*i4 zQ(ZC~;K)2wv2FN2x4lIyWKjXKguF&7p*IN&L|Q)o{{2(rxjH+v5r*>tkB*L5qry5& z^vXDwuWD}r2cS*JJ~Ir$~^vQW^>iA8eh8ANITx;Bj*9 zK8D4NL{{de&r(3v?cqrTzE0OymQ2!WqK=!rrZ?!MLrk7W-j~JW`zE?W) z+fU@E#C#~>tAeJzmLU3yR1VV9slB|t!$rzK*!g1CjgOCiZ{G!w9c+j4BjAF#u+>{Y zVNQyD7v(C!)U?d<%u2=QS4Pp50Et5AKo#kS?-D5&L{(_4!M|*@Xt3} zVIcBL!1IeH738qBkc9?-F*9#$=L0UTa&fxpikC7#M?V3#>mL|+0*ws5D*|i+B%Oj* z%=j73VF7`^^D^4&%^Q9u#U#I$7D>-il~3D=W)kwh;w9gyB+yy9@2nG9UTvp21OJ zP`qiut^oAV!@`0U_BD*p(Mw&2O_2j1CO^0%LIChrOYIprC|;0**u`KI|u? zB>)8jBUBR3^F{y#9Q*q>)42JalXuijJZj{kKp+5rM^KAU0D=J}P2%};QY5SyEi?Q& zy}wb`@Wsc6kB^Vr5nMhhL1I3e5ww`|mSqr2#=cn*fvGgRv7wMH-;qX{e!VQrz<`F# zAZSpMKtPoWD$a1u`DNF~7DRRQ1+z+ek9-Sg(n!LaB+C)qz2syJv`9}+?_hg|W_Nd2 zk&s~vZo2r)6al-L-@GU3*SLkHCD?j+$YF$tz%Q7z!aMlA$k74^ z!i=y`7#9~8TD^EUDaU_yjIX#j0_ODDr-Px~yF<(%4D9So zFlU3J8Uf@Wc@wbjRwNa+8e#&2mJ+1GMrg`Q^)KWWMU-|A4qBje>Ku-P5@R`9N(F2s z9OmyH&_?lpN=;D7wO!T+kxML1sDXn;HCy`jCg5{ujYd?TGc!?u0}2QUWdjXMdhE;u z>*mXsFGvp^4IRDn@Guo%uqN3V_W`|^TR9d<6 zB*--l4F{a4CUAgpyqyk2AggTI{|Uu;;be7y9@bFdU1rGi3@ZgC=z`vFQv*kvU7+5$ zfef&i*T5P;h7zup*uN1ebcE#@SJ0pI{PYvEcVwLPU=9|H471k#Tfxo0fC~0k+Gv^2fZl34BF-ic z1Qx8ucM{CXP6CwddT<2r`Zd^hBp#xG#=wjWy6*|x?y0!AI9yRmaPUo=*L-wzsE_QY z6V9DMjy3`h2A$AR2b>q}+$Uhl!6hnWcmkJ9uw7RF0k00)0D~OLVm=oIq-}1=x5*VO zT?aqY)2r#13;nXVt%Qq!?imynrJOuZ5GpAEyY_1dJe>;*itJnzMweZ?+^^F9`s&ij z(Dh_z&Z$ITyg{rcQQg!uXL6JU4_S8Vm-kQIE>0>2OAmn`ka}htSz31J{^bQ#tpCXO z(W^X;g3JleC%3Z$tBT7Ws3S}1oA;-9e=>wOB_u)?15{}U(cl1R4d`2eQ{L&}O(;4p zUCPRPWk1c0jem_pw@!4|hmgyDWo|BG(WWdlaw|!f&eXc!fP%)sQ9?H}ROR@x`ut09 zaPZgf2KxGoQ6-v1&z)%W{>rJCYW|R_gh$FA0)5S;BMsL{(*S_Ad4VJqfQse;Vxa4uk$f(1`BA(l=FbuZ zSkZXq>%~4E>|$^@wX>4;K2*WBgPUmvji=)n9?4bsx33_EeqT<^2lO*-ZEfOl-b+uq z%l#N%V=j;e@{yO-wB!UQ0wfI#$FV=ipsS?Qle7LEPG_LP-e=l>p{S$;j|8zZR%6{) z0o;Ie8$p55{4`owE5B!YyfecZdY-E$MJ&d6K5 zzp=R7C2`gnl6Cd(ULd|^7A$DpL{`ltQ~h++MPX@a>0&!6M)g7Z#4peP!36B?eJfIz zxwhZ#ZO$sZ67y@Y7)ywiQhhkAuNDfiO)}z1-+w7{g!3s@h94d}aPW02a!7GJ>Z$B^ zppPV0#hD~gm{gNQ`-M)dgZB5w>E)B@W!woW^4hoCqx%QK&YUahp5~v7tRzzJlY)8ReFqs&{v^B^M17G|ka8mK+X=}&zLkJy4x;PSJmXk*67 zEca4F$x{i1Kvk;6C{?}$G{lgwFw~fau?M`o>T1|;-w1ZVUO(ia*^;@21cqQ*S=~TX zX#v^;9MD4tOnRWp{FUP#$Y8xIVhB;{(N`|UcSMs#~L(>(1W%mJz%xJ?> z*E(qbS@43(L(>#2g4nC_Z?uUi=2R>5UA z&>i(lATi}ls9*t#G%ztqzW0}xmqBSn-C2-y$okG%V+ny5WB^EFqN_`OWzX#_CoQ^I zLAiceq5)u+yy!OI?6~uKTS!j?j_T;>U}9p%IP#-gjSh&p@8v8ytE38KuKd-|PcbA1 zaYg^0RA@*(oe7t6ZXVTzd>xS;#O$!s|G_yEtoOBb!DJ$v@~?GT!UpA*c5M^ds+YPMexbqFF*>TH zMqQ;_Lb}Cz&Z?lSOqv*CJCqk0@s*ZtkOpHx!&)ijA;FaUpGmh|2CyhA^6QL#q1J8Y zeXh=}(Jg6%+r>$EIz$S+4bVfun-jq53c}#bc%$>*iklCA zP~VtvUp>%Q;_1`ytpT)^^l&Per|o8wGd;d#??OUO(;7aBykA-REs*y`Yoou`du;wsslG*k^u~*6l7`$ ze3?4oBu>k&L+I*BOTWv9+-0zfhYDaBvKJ7v z3$6DeAkZ`|&XX|XG3~&=xY+MQ>^Zxrqzi|NdY{P(y237iRGJioH4yihm@vT2Z~%u8 zvN-+UtkgA%p5F$I1W5)UUJ(Yp8=NZ)xY7r&6`>Fpzo?@ChmDB8WOskRIgw3kc7FaX zzukBvI7LwW1zgsN!Es~$Nu&!VvD%a>2OfO1<-XMha)0fi$IOn@{cDy{$E-@O|SIlrcf2|YJDZjS>?H+T2CM%R2p zfL7YoPK-dBn1-=tz-<9^!)4TnfQ&2w_(pv$wX25>z2HO3hozH*Z7v(c(mQwVd%3$S!%Oa< z(w;1Tw4eR=k5hQ0!FdIl2GU-vM2f6HzqMA4C=qAJ+jxocK@hvcaczP5sj%pyhM2U> z@?R7rCx!o{tW?Q3_3=5VM@+4(Lcu(1oSHKDykWW0t#y#bT4vb5S(wA~diB{Ii>Hz~ zhKlN$JgO|j5SxwY7k#stq--{3JyIMB{Mcx^);(^+Lr+I1RE-;Z2p}pYJjbl8tjrh% zs0RU|;FGhndX3ycI5Z#FE>gpQ3MT_6(fVF{7elJ0rEeJW*pO{*gcag4uDWM70v~d6 ze*O|PM?v&VxU|5JAMcLC3W)l81IDr(LMLECl1`KXC;=WlbZXB7ZY?M;5;b!1Oz5O~ zS`T5kn>JuDk)djy-ghCg4Xo|g-g3{8HxCXED1dN!7@YA1i%gfph1DUNDskkAm9*^!+@1E zH#_SGAZPWPdk4}7a$1x{{IqK?dBzg>jR*mR;z{UAz6L8;$2Y+kdtz(L{%@us8rqhy z=aJ&7`Y>l87@Oh{{GMG{2ykBMMexGY4;VXfofpnA6}K-PUn|5HzPpfZUW-u@9z(xb!pf*aBlASplex z{nTPUUZLB;(7}wkl+E(g3Xlx57|ugMlmnv$Yj54_vu3Uul1|1A>E~F3?+St2%pbd5 zPAlK?^y_op>mxSe9n;afKpnYUe2>Ryg za06rjbI&fkyu1P*&_O;XPV@m?R#>1FYYrKNV2QhSkueLP{ycpltAAb}ZR*Tb*3{Hk z29$&`2?^=Fe&h{O66r?-vp6~De5BJ68&F~oxXU^<%p1s$z_VcVIG=xN! z1PIt>9jfL(T?8CNI4Hw|+~MQXT4SJSG48V-3^N6MOK2H4Sh*CyPQaBkf^eLR3~30{0E`%0Y#I2KogicR=DCecx;+!SctDqsn!$Ne3r@;?#3Z6T71XjM?MhS_muZG6kWEmPE1PSIY~hxVKPeWO5-I4RJ0T2{W3IcWgK8c zU#p^2;g#lQdFEyf#fq3mNYZLZ9Pn%uiBITbs4&0uhPMBI`3CW74rHVsCd_`zC?iAB z59UjicEl5#{&dHA|vkdaoXmZ+^(wH{-d_zbxW1m0mTTa+OA|zAs=C>q&w>7f+suH zBfoobr!A~LFxFx--)o53T1|g0fzxJ3;K?^zG|I1kSgV zlmdXZ_Umj(18UIj`#2T0A?!pidVS1PHdVpR93LOsl_=wXcVKEh79^G9~~IXPY|tPS!9u=qAK zgc*JsN#CldaAz_xu~9`4HPK>5oj6t0_Hu2t{~hR3%HiZB=$^0s(%F|SrDD&~^;lb* zuC8eE-6x%LT53XEkWNA#5dybA5x#7Rw}7q>HEoH)r=TdfGhU!dGXBYgPIGH(xY^mn z6Udg%K1e0beMo@c(wvZz0D(*ccK|$~#P@d9QoAzHYb#dK_UezP{*C8 zs|R-2!Je!wXyyqEhL|?NDG0Q4?y$>1!^6X?D~zaIft3;vz8eW#l&7aRoI#L)kT1bW z6(YPX>raab6F-Nt*A>2-lh0eN@dtQ#IN}ST0giabU5_7Y(PFzns>{rprmsg%wk^*< zV~zKoRbn8xVDOcKLBw^s?wG^r=@(DRpXCb)CqFD6eQHo1o~ZZn#Yz$hR=%S*J%Pw|YU~0m+)tmws%f-v3h@v2V+jwXv3b+|AZqH%M_4oEF%oeKMmiD|I z5<%MT_|JI2xRsgrSKWi7BTTq1mwDR5Y=MGp^WKU|2t0Erd#T1TT`NQ!QtPl_KHeH| z-TdL;p~ih|E>X1f@j_RT3huHh3KhnJ?jKY!H_!QSmeQ3VX#K+3n!OhBtAQ$>Rd#$+ z1ej0MEEdKu)_GTc(2r|wmOlMA7tPQa!M?p`{dj73u8v4U?y6S)4ynASt)!F`(FjJ z=e0e@)L-waMx&>f-R-e8rbdlq**~V`#o>M8picO;%9yh@HYQdOK3>9hQDxHnTwiiz zXr9HQ!UTUu*me=INgEdtc2_`%^5X5A>W+S*PkP16M`H8CXDumdHIW3Up!3qZ+}1d$J4{Dy+Q7J z_?i;}aj|G4t*2lo_gas8y@kj{n7<@-cei32Vv*ykmGaz)^8y?R=u3cC1_kPu8q+}X zo^n0?q6KZ<{2dzUv9?$&ck=^G2o}%hc4UW!3UI5sgRW?Rftw%0#dspSc+hU%u&AhD zyN}#WOa@ptKr9Iul!AdGWNbUTcW>Z*m}c7zUtcO&i#LhXROJKrOHdnBktL>mNNxE$ zh5I?sg%q!Wzv$Y(RD->a)jxotOTm$EK6_}2YVG>T3CP1f_VXA6jU zQcxxdj#n?DEOVF`o@vLjs4$DhT|n^9rXtLfTdUh1V1})M19ks))r5nWsS&D-x*h%< z$on3>!7T`O?3u24x4xva*5y_SWv+I*@V<+X-X38OkhR1P_u2?Pqq=X^HQVs~p|23? zcq8QTExbkG^#bXslG^_Ik|3))p5J||DL=n}pA6K2Cq1+XQw;eU7gx~qW3~7DFgfdB z4sY#&yGM-y`z{YrRh^^CKL!g#EI2~t*mb&sf!5!T&?gn^#m!`8K`n=7aXfQ-%kJy^ zxqK6`Ct1R3o~<9tU^Hn?^A!in)2!+IbV2EO;o;8#!7(3nGG~SUBM28jJ;~*pn(Mv? zfspAwR#woj?Nn0So$5`NG)o5&Z(cFIK`)Jrp`7u>>l2#GuK?fOQ$J-RZh4qY?ng{l zbTsid&xy$qiY6d%TB{QMVk{3U_%iQutHxTq*VFzPkSXV!I1kD}(%x?^Gh2>d;2xC3hWi#XU;~Jb3v*Xi=>XP|P^gF=n=1 ze0pN-!0-7_&MNdb|I=HhrcqF$9(32FDgDKo)J~p4^1UR~P1{|i7hHR#eHqr>%Kxs} zRUb)`_1s`jwrbGj2Lcqwk*fi&kYCFM=(@oJ;)6S{Z=m`mV%TJ((X!<)Q`zY2ztq$1 zH(~*+8e$jLfV}izX$e6J7e2n{vW{uh-?d8hmwEmDiNOvx`+e>3gVQ~`%?+;Kue-s% zjx!6(X^A!~u(~t&J*{a{OU}zP2W&$O2eM6;*>oCey*!mSwX#FKcN;uTH^)nLZPnPgmO8dd3W z|Bb2tGfq$lw!PE!KHg?pRSpkpAMC;{_u1h)x+em9$<3dY8XG*qO2UW| zkbp*T_d{!ItAxyC_P&Pr1|MxttxlUk&-WGpZ(Ck2E8FwfhzN|Bh}eVU^Rl<0_DpMA`3`txf@?wu)~qWUB%aiuoOl#Dz%&?%pI1P}{!Y^b+>xMwh}!&DIgvUWe#-pI() zS1YR7p9(eo=P|J)q?0QuFu;_&cWD1XR<)ek9)`xOu+gGUozkcDYnxR3Npaa9<1A2XznvZ7Fn{la?drM|LyKzKPbV;bE5R zjb8M>3h~n#n)(^5HQ&iFfm}Ji#cNev$AG?6Xmm7ms;HFMx}a`R#LQY6NW#$-zh>Bk zlW-F`2#=1cAI(Q6r)QQ=?O|}slTobM5Nx^i)zzbZt;erNpWPwVFOXV6OI$N0Ad1`~ zE&()}1!X;D7D0)opSO>XHXmtS?)1K$liGQtRVW}Nq?jIbRSk>*A!k0?H?o0^JzZ}> z`~!lDliMd5wqd|c7ur^tPPzNa?=|4jfoL<7~SZBpV@Xr3qotm-uzr> zXpjWKEX~D}Fk53o;zz@h6$4LZ#~xjk{;IYN$vT)?fGdsjefq3v`QaF0#vXBF zsh`3Xk%h^I;)?xdjr7XYnPP6;;Qij5q`BQ=+t|of8rt+>Ci*1j$Bzxqf72UwI=^(w zKYsg^qRx3v3?&4(Kg^oJ-X8w?#3cj88?B>P9Hpz^?K~YkZj0u~y-AxyiPL#a2k!5T z6^9kGK!%&WHn9U4MV(d} zOx(5ojbA?Mr%KY}@B74!llFjRcv05^z(D&9P)*zD1D*{+RjVkRsLlaQ<6jv;atFVDH{YIWpq6A~y}sUoiKO_0WNa;6Ak= zmIOz>(eamHZT|}(V(pl&-Vz3@Z)VH-QH#BK8}@bdyF4|u?6ddORD(0Kpo>Ebn%zBI zyp((|5*V}qVc8f@dnO$br^zR^6lefYwr=WEtlfr~Wuo$^?uUL&trKAewK%m^$6DD; zt=Ek|f^R^2f9y1)zbu{OIMXaKXWO5tS2~zQ_{0{#9e#_}3Oi?Y?e#g^-JRTlY&`k+=b;rZ zYl$+44_jMv%?uCLhEgAD4Yif>3aiGDUj<=kqZ_O1IirJ)NWJNnSN`qUA~eW8!>gv8eId;xEKIxvwyE8&RQCYD&vh_1;NUhRvMNuB4%s3cwHQVo~BeT*t zUuW!Nb@k^rAd6WBU7jnT!Bxha7&9td+J0GvPhsf*xLGfx@xm)o@AG#_{rhD-9ZE2L z;L6Ygm?$0(pYGh&){U#{3%i$&L`5N3EXvAvc6TjtPR|`=6&0I4nF$V0)b;FvWXOis zA}$`ERN2tx9%Qj3o=maIA_71ac$2e9$-n^l$*JHQ>{~U6U!os4?sxV~(>p_aU{{z$5d4NIU=sDD8_}?h0fWSY<%C$P>_> zUSZw*ZOFgg7!j1SIOuC1H-!%gp>D(15s@Sb)io^thye%b&Ku?~1DBBpRrU6sW?~E$6-5JDxF# zBKPZv#(E}cqh(}jUXOCTyfK-$2O<bUn1 zJyBvnlt~KhKt4`Zw!hsaDDY7EMB#1q%BdT`-$pOn!~ow?>+6yIHKfX{p09Q08wHik zU{b(P^zg5r4LzE%>IDx4f-gpk-hHvct*EHf*m5n?wFI3|&l{aHe=j_a*q&S3>*wd> z`(TifvGhP&o0w5Vee~OmB*=Mq)#CEd!}*dEPpVvA;jZtkSXSv|gn=8@B=KY+mdeBC)=|M0Zu&b9v(V{HkyD@B6rTt z8ZNcf?v*Na=!z5)kcWJN*KO)y4t0`Rs8Z@YoN=EVu{UUo1P{Ld z{>_hu3Hla4QAbe_WZks<#mxMWJ{f*7OLpN4a(=($h%Y)>-v5@QgEC2gueIab5f3tFamTFh^$xu0Wq#=Bb{zQ<(Xi{N$ z;@t_%Q~=`%kW1QfOo)PaTZQf8`rkQ^EeY3h^~;@|OM1>8<)h>wu~^UBc8vhnL_v|N ug_jo>uIR?c|Ljk8=J5~hZ33G08?0=hMUv#0MHB@5JXX + Project GitHub repository diff --git a/docs/installation.md b/docs/installation.md deleted file mode 100644 index ced083cd0..000000000 --- a/docs/installation.md +++ /dev/null @@ -1,98 +0,0 @@ -# Installation - -## Installing from packages - -You can install CRI Resource Manager from `deb` or `rpm` packages -for supported distros. - - - [download](https://github.com/intel/cri-resource-manager/releases/latest) - packages - - install them: - - for rpm packages: `sudo rpm -Uvh ` - - for deb packages: `sudo dpkg -i ` - -## Installing from sources - -Although not recommended, you can install CRI Resource Manager from sources: - - - get the sources: `git clone https://github.com/intel/cri-resource-manager` - - build and install: `cd cri-resource-manager; make build && sudo make install` - -You will need at least `git`, {{ '`golang '+ '{}'.format(golang_version) + '`' }} or newer, -`GNU make`, `bash`, `find`, `sed`, `head`, `date`, and `install` to be able to build and install -from sources. - -## Building packages for the distro of your host - -You can build packages for the `$distro` of your host by executing the -following command: - -``` -make packages -``` - -If the `$version` of your `$distro` is supported, this will leave the -resulting packages in `packages/$distro-$version`. Building packages -this way requires `docker`, but it does not require you to install -the full set of build dependencies of CRI Resource Manager to your host. - -If you want to build packages without docker, you can use either -`make rpm` or `make deb`, depending on which supported distro you are -running. Building this way requires all the build dependencies to be -installed on your host. - -You can check which `$distro`'s and `$version`'s are supported by running - -``` -ls dockerfiles/cross-build -``` - -If you see a `Dockerfile.$distro-$version` matching your host then your -distro is supported. - -## Building packages for another distro - -You can cross-build packages of the native `$type` for a particular -`$version` of a `$distro` by running the following command: - -``` -make cross-$type.$distro-$version -``` - -Similarly to `make packages`, this will build packages using a `Docker\*` -container. However, instead of building for your host, it will build them -for the specified distro. For instance `make cross-deb.ubuntu-18.04` will -build `deb` packages for `Ubuntu\* 18.04` and `make cross-rpm.centos-8` will -build `rpm` packages for `CentOS\* 8` - -## Post-install configuration - -The provided packages install `systemd` service files and a sample -configuration. The easiest way to get up and running is to rename the sample -configuration and start CRI Resource Manager using systemd. You can do this -using the following commands: - -``` -mv /etc/cri-resmgr/fallback.cfg.sample /etc/cri-resmgr/fallback.cfg -systemctl start cri-resource-manager -``` - -If you want, you can set CRI Resource Manager to automatically start -when your system boots with this command: - -``` -systemctl enable cri-resource-manager -``` - -The provided packages also install a file for managing the default options -passed to CRI Resource Manager upon startup. You can change these by editing -this file and then restarting CRI Resource Manager, like this: - -``` -# On Debian\*-based systems edit the defaults like this: -${EDITOR:-vi} /etc/default/cri-resource-manager -# On rpm-based systems edit the defaults like this: -${EDITOR:-vi} /etc/sysconfig/cri-resource-manager -# Restart the service. -systemctl restart cri-resource-manager -``` diff --git a/docs/introduction.md b/docs/introduction.md deleted file mode 100644 index 086f94344..000000000 --- a/docs/introduction.md +++ /dev/null @@ -1,20 +0,0 @@ -# Introduction - -CRI Resource Manager is a Container Runtime Interface Proxy. It sits between -clients and the actual Container Runtime implementation (containerd, cri-o) -relaying requests and responses back and forth. The main purpose of the proxy -is to apply hardware-aware resource allocation policies to the containers -running in the system. - -Policies are applied by either modifying a request before forwarding it or -by performing extra actions related to the request during its processing and -proxying. There are several policies available, each with a different set of -goals in mind and implementing different hardware allocation strategies. The -details of whether and how a CRI request is altered or if extra actions are -performed depend on which policy is active in CRI Resource Manager and how -that policy is configured. - -The current goal for the CRI Resource Manager is to prototype and experiment -with new Kubernetes\* container placement policies. The existing policies are -written with this in mind and the intended setup is for the Resource Manager -to only act as a proxy for the Kubernetes Node Agent, kubelet. diff --git a/docs/policy/blockio.md b/docs/policy/blockio.md deleted file mode 100644 index 563eb2b17..000000000 --- a/docs/policy/blockio.md +++ /dev/null @@ -1,15 +0,0 @@ -# Block IO - -## Overview - -Block IO controller provides means to control -- block device IO scheduling priority (weight) -- throttling IO bandwith -- throttling number of IO operations. - -CRI Resource Manager applies block IO contoller parameters to pods via -[cgroups block io contoller](https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/blkio-controller.html). - -## Configuration - -See [sample blockio configuration](/sample-configs/blockio.cfg). diff --git a/docs/policy/rdt.md b/docs/policy/rdt.md deleted file mode 100644 index acdbcec47..000000000 --- a/docs/policy/rdt.md +++ /dev/null @@ -1,163 +0,0 @@ -# RDT (Intel® Resource Director Technology) - -## Background - -Intel® RDT provides capabilities for cache and memory allocation and -monitoring. In Linux system the functionality is exposed to the user space via -the [resctrl](https://docs.kernel.org/x86/resctrl.html) -filesystem. Cache and memory allocation in RDT is handled by using resource -control groups. Resource allocation is specified on the group level and each -task (process/thread) is assigned to one group. In the context of CRI Resource -we use the term 'RDT class' instead of 'resource control group'. - -CRI Resource Manager supports all available RDT technologies, i.e. L2 and L3 -Cache Allocation (CAT) with Code and Data Prioritization (CDP) and Memory -Bandwidth Allocation (MBA) plus Cache Monitoring (CMT) and Memory Bandwidth -Monitoring (MBM). - - -## Overview - -RDT configuration in CRI-RM is class-based. Each container gets assigned to an -RDT class. In turn, all processes of the container will be assigned to the RDT -Classes of Service (CLOS) (under `/sys/fs/resctrl`) corresponding the RDT class. CRI-RM will configure -the CLOSes according to its configuration at startup or whenever the -configuration changes. - -CRI-RM maintains a direct mapping between Pod QoS classes and RDT classes. If -RDT is enabled CRI-RM tries to assign containers into an RDT class with a name -matching their Pod QoS class. This default behavior can be overridden with -pod annotations. - -## Class Assignment - -By default, containers get an RDT class with the same name as its Pod QoS class -(Guaranteed, Burstable or Besteffort). If the RDT class is missing the -container will be assigned to the system root class. - -The default behavior can be overridden with pod annotations: - -- `rdtclass.cri-resource-manager.intel.com/pod: ` specifies a - pod-level default that will be used for all containers of a pod -- `rdtclass.cri-resource-manager.intel.com/container.: ` - specifies container-specific assignment, taking preference over possible - pod-level annotation (above) - -With pod annotations it is possible to specify RDT classes other than -Guaranteed, Burstable or Besteffort. - -The default assignment could also be overridden by a policy but currently none -of the builtin policies do that. - -## Configuration - -### Operating Modes - -The RDT controller supports three operating modes, controlled by -`rdt.options.mode` configuration option. - -- Disabled: RDT controller is effectively disabled and containers will not be - assigned and no monitoring groups will be created. Upon activation of this - mode all CRI-RM specific control and monitoring groups from the resctrl - filesystem are removed. -- Discovery: RDT controller detects existing non-CRI-RM specific classes from - the resctrl filesystem and uses these. The configuration of the discovered - classes is considered read-only and it will not be altered. Upon activation - of this mode all CRI-RM specific control groups from the resctrl filesystem - are removed. -- Full: Full operating mode. The controller manages the configuration of the - resctrl filesystem according to the rdt class definitions in the CRI-RM - configuration. This is the default operating mode. - -### RDT Classes - -The RDT class configuration in CRI-RM is a two-level hierarchy consisting of -partitions and classes. It specifies a set of partitions each having a set of -classes. - -#### Partitions - -Partitions represent a logical grouping of the underlying classes, each -partition specifying a portion of the available resources (L2/L3/MB) which will -be shared by the classes under it. Partitions guarantee non-overlapping -exclusive cache allocation - i.e. no overlap on the cache ways between -partitions is allowed. However, by technology, MB allocations are not -exclusive. Thus, it is possible to assign all partitions 100% of memory -bandwidth, for example. - -#### Classes - -Classes represent the actual RDT classes containers are assigned to. In -contrast to partitions, cache allocation between classes under a specific -partition may overlap (and they usually do). - -The set of RDT classes can be freely specified, but, it should be ensured that -classes corresponding to the Pod QoS classes are specified. Also, the maximum -number of classes (CLOSes) supported by the underlying hardware must not be -exceeded. - -### Example - -Below is a config snippet that would allocate 60% of the L3 cache lines -exclusively to the Guarenteed class. The remaining 40% L3 is for Burstable and -Besteffort, Besteffort getting only 50% of this. Guaranteed class gets full -memory bandwidth whereas the other classes are throttled to 50%. - -```yaml -rdt: - # Common options - options: - # One of Full, Discovery or Disabled - mode: Full - # Set to true to disable creation of monitoring groups - monitoringDisabled: false - l3: - # Make this false if L3 CAT must be available - optional: true - mb: - # Make this false if MBA must be available - optional: true - - # Configuration of classes - partitions: - exclusive: - # Allocate 60% of all L3 cache to the "exclusive" partition - l3Allocation: "60%" - mbAllocation: ["100%"] - classes: - Guaranteed: - # Allocate all of the partitions cache lines to "Guaranteed" - l3Allocation: "100%" - shared: - # Allocate 40% L3 cache IDs to the "shared" partition - # These will NOT overlap with the cache lines allocated for "exclusive" partition - l3Allocation: "40%" - mbAllocation: ["50%"] - classes: - Burstable: - # Allow "Burstable" to use all cache lines of the "shared" partition - l3Allocation: "100%" - BestEffort: - # Allow "Besteffort" to use only half of the L3 cache # lines of the "shared" partition. - # These will overlap with those used by "Burstable" - l3Allocation: "50%" -``` - -The configuration also supports far more fine-grained control, e.g. per -cache-ID configuration (i.e. different sockets having different allocation) and -Code and Data Prioritization (CDP) allowing different cache allocation for code -and data paths. If the hardware details are known, raw bitmasks or bit numbers -("0x1f" or 0-4) can be used instead of percentages in order to be able to -configure cache allocations exactly as required. For detailed description of the RDT configuration format with examples see the -{{ '[goresctrl library documentation](https://github.com/intel/goresctrl/blob/{}/doc/rdt.md)'.format(goresctrl_version) }} - -See `rdt` in the [example ConfigMap spec](/sample-configs/nri-resmgr-configmap.example.yaml) -for another example configuration. - -### Dynamic Configuration - -RDT supports dynamic configuration i.e. the resctrl filesystem is reconfigured -whenever a configuration update e.g. via the [Node Agent](../node-agent.md) is -received. However, the configuration update is rejected if it is incompatible -with the set of currently running containers - e.g. the new config is missing a -class that a running container has been assigned to. diff --git a/docs/quick-start.md b/docs/quick-start.md deleted file mode 100644 index 4628a55ac..000000000 --- a/docs/quick-start.md +++ /dev/null @@ -1,93 +0,0 @@ -# Quick-start - -The following describes the minimum number of steps to get started with CRI -Resource Manager. - -## Pre-requisites - -- containerd container runtime installed and running -- kubelet installed on your nodes - -## Setup CRI-Resmgr - -First, install and setup cri-resource-manager. - -### Install package - -#### CentOS\*, Fedora\*, and SUSE\* - -``` -CRIRM_VERSION=`curl -s "https://api.github.com/repos/intel/cri-resource-manager/releases/latest" | \ - jq .tag_name | tr -d '"v'` -source /etc/os-release -[ "$ID" = "sles" -o "$ID" = "opensuse-leap" ] && export ID=suse -sudo rpm -Uvh https://github.com/intel/cri-resource-manager/releases/download/v${CRIRM_VERSION}/cri-resource-manager-${CRIRM_VERSION}-0.${ID}-${VERSION_ID}.x86_64.rpm -``` - -#### Ubuntu\* and Debian\* -``` -CRIRM_VERSION=`curl -s "https://api.github.com/repos/intel/cri-resource-manager/releases/latest" | \ - jq .tag_name | tr -d '"v'` -source /etc/os-release -pkg=cri-resource-manager_${CRIRM_VERSION}_${ID}-${VERSION_ID}_amd64.deb; curl -LO https://github.com/intel/cri-resource-manager/releases/download/v${CRIRM_VERSION}/${pkg}; sudo dpkg -i ${pkg}; rm ${pkg} -``` - - -### Setup and verify - -Create configuration and start cri-resource-manager -``` -sudo cp /etc/cri-resmgr/fallback.cfg.sample /etc/cri-resmgr/fallback.cfg -sudo systemctl enable cri-resource-manager && sudo systemctl start cri-resource-manager -``` - -See that cri-resource-manager is running -``` -systemctl status cri-resource-manager -``` - -## Kubelet setup - -Next, you need to configure kubelet to use cri-resource-manager as it's -container runtime endpoint. - -### Existing cluster - -When integrating into an existing cluster you need to change kubelet to use -cri-resmgr instead of the existing container runtime (expecting containerd -here). - -#### CentOS, Fedora, and SUSE -``` -sudo sed '/KUBELET_EXTRA_ARGS/ s!$! --container-runtime-endpoint=/var/run/cri-resmgr/cri-resmgr.sock!' -i /etc/sysconfig/kubelet -sudo systemctl restart kubelet -``` - -#### Ubuntu and Debian -``` -sudo sed '/KUBELET_EXTRA_ARGS/ s!$! --container-runtime-endpoint=/var/run/cri-resmgr/cri-resmgr.sock!' -i /etc/default/kubelet -sudo systemctl restart kubelet -``` - -### New Cluster - -When in the process of setting up a new cluster you simply point the kubelet -to use the cri-resmgr cri sockets on cluster node setup time. Here's an -example with kubeadm: -``` -kubeadm join --cri-socket /var/run/cri-resmgr/cri-resmgr.sock \ -... - -``` - -## What Next - -Congratulations, you now have cri-resource-manager running on your system and -policying container resource allocations. Next, you could see: -- [Installation](installation.md) for more installation options and - detailed installation instructions -- [Setup](setup.md) for details on setup and usage -- [Node Agent](node-agent.md) for setting up cri-resmgr-agent for dynamic - configuration and more -- [Support for Kata Containers\*](setup.md#kata-containers) for setting up - CRI-RM with Kata Containers diff --git a/docs/reference/agent-command-line-reference.md b/docs/reference/agent-command-line-reference.md deleted file mode 100644 index 48c8b23f7..000000000 --- a/docs/reference/agent-command-line-reference.md +++ /dev/null @@ -1,3 +0,0 @@ -# CRI-Resmgr-Agent Command-line Reference - -***WORK IN PROGRESS*** diff --git a/docs/reference/configuration-reference.md b/docs/reference/configuration-reference.md deleted file mode 100644 index 4029f66c7..000000000 --- a/docs/reference/configuration-reference.md +++ /dev/null @@ -1,73 +0,0 @@ -# Configuration Reference - -## Configuration file - -***WORK IN PROGRESS*** - -### `policy` - -**Active** specifies the active policy. -```yaml -policy: - Active: static -``` - -**AvailableResources** specifies the available hardware resources. - -**ReservedResources** specifies the hardware resources reserved for system and -kube tasks. - -Currently, only CPU resources are supported. CPUs may be specified as a cpuset -or as a numerical value, similar to Kubernetes resource quantities. Not all -policies use these configuration settings. See the policy-specific documentation -for details. - -```yaml -policy: - AvailableResources: - cpu: cpuset:0-63 - ReservedResources: - cpu: cpuset:0-3 - # Alternative ways to specify CPUs: - #cpu: 4 - #cpu: 4000m -``` - -### `policy.static` - -**RelaxedIsolation** controls whether isolated CPUs are preferred for Guarenteed -Pods. - -```yaml -policy: - static: - RelaxedIsolation: true -``` - -### `policy.static-plus` - -### `policytopology-aware` - -### `policy.static-pools` - -### `policy.eda` - -### `control` - -### `control.blockio` - -### `control.rdt` - -### `blockio` - -### `rdt` - -### `instrumentation` - -### `rdt` - -### `blockio` - -### `log` - -### `dump` diff --git a/docs/reference/index.rst b/docs/reference/index.rst deleted file mode 100644 index 93e93177b..000000000 --- a/docs/reference/index.rst +++ /dev/null @@ -1,8 +0,0 @@ -Reference -######### -.. toctree:: - :maxdepth: 1 - - resmgr-command-line-reference.md - agent-command-line-reference.md - configuration-reference.md diff --git a/docs/reference/resmgr-command-line-reference.md b/docs/reference/resmgr-command-line-reference.md deleted file mode 100644 index 25b269827..000000000 --- a/docs/reference/resmgr-command-line-reference.md +++ /dev/null @@ -1,3 +0,0 @@ -# CRI-Resmgr Command-line Reference - -***WORK IN PROGRESS*** diff --git a/docs/releases/conf.py b/docs/releases/conf.py index c19c9cf77..ee64ee7ad 100644 --- a/docs/releases/conf.py +++ b/docs/releases/conf.py @@ -16,8 +16,8 @@ # -- Project information ----------------------------------------------------- -project = 'CRI Resource Manager' -copyright = '2020, various' +project = 'NRI Plugins' +copyright = '2023, various' author = 'various' # Versions to show in the version menu diff --git a/docs/releases/index.md b/docs/releases/index.md index a870cdd72..edf183c77 100644 --- a/docs/releases/index.md +++ b/docs/releases/index.md @@ -1,6 +1,6 @@ # Releases -For up-to-date user documentation see the [documentation site](/cri-resource-manager) +For up-to-date user documentation see the [documentation site](/nri-plugins/resource-policy) ## Documentation for Released Versions

diff --git a/docs/README-resource-policy.md b/docs/resource-policy/README.md similarity index 100% rename from docs/README-resource-policy.md rename to docs/resource-policy/README.md diff --git a/docs/resource-policy/developers-guide/architecture.md b/docs/resource-policy/developers-guide/architecture.md new file mode 100644 index 000000000..130df98e5 --- /dev/null +++ b/docs/resource-policy/developers-guide/architecture.md @@ -0,0 +1,205 @@ +# Architecture + +## Overview + +NRI Resource Policy (later NRI-RP) plugin is an add-on for controlling +container resource allocation on Kubernetes nodes. + +NRI-RP plugs in to the NRI interface provided by container runtime implementation. +The NRI-RP may alter the container resource allocation depending on +configuration. + +NRI-RP keeps track of the states of all containers running on a Kubernetes +node. Whenever it receives a NRI request that results in changes to the +resource allocation of any container (container creation, deletion, or +resource assignment update request), NRI-RP runs the built-in policy +algorithm. This policy makes a decision about how the assignment of +resources should be updated. The policy can make changes to any +container in the system, not just the one associated with the received +NRI request. NRI-RP's internal state tracking cache provides an abstraction +for modifying containers and the policy uses this abstraction for recording its +decisions. + +Many aspects for NRI-RP are configurable. These include, for instance, +configuration of the resource assignment algorithm for the policy. + +Although NRI-RP can be configured using a static configuration file, +the preferred way to configure all NRI-RP instances in a cluster is to use +Kubernetes CRDs and ConfigMaps. + +

+ + +

+ +## Components + +### [Node Agent](/pkg/resmgr/agent/) + +The node agent is a component internal to NRI-RP itself. All interactions +by NRI-RP with the Kubernetes Control Plane go through the node agent with +the node agent performing any direct interactions on behalf of NRI-RP. + +The agent interface implements the following functionality: + - push updated external configuration data to NRI-RP + - updating resource capacity of the node + - getting, setting, or removing labels on the node + - getting, setting, or removing annotations on the node + - getting, setting, or removing taints on the node + +The config interface is defined and has its gRPC server running in +NRI-RP. The agent acts as a gRPC client for this interface. The low-level +cluster interface is defined and has its gRPC server running in the agent, +with the [convenience layer](/pkg/resmgr/agent) defined in NRI-RP. +NRI-RP acts as a gRPC client for the low-level plumbing interface. + +Additionally, the stock node agent that comes with NRI-RP implements schemes +for: + - configuration management for all NRI-RP instances + - management of dynamic adjustments to container resource assignments + + +### [Resource Manager](/pkg/resmgr/) + +NRI-RP implements an event processing pipeline. In addition to NRI events, +it processes a set of other events that are not directly related to or the +result of NRI requests. +These events are typically internally generated within NRI-RP. They can be +the result of changes in the state of some containers or the utilization +of a shared system resource, which potentially could warrant an attempt to +rebalance the distribution of resources among containers to bring the system +closer to an optimal state. Some events can also be generated by policies. + +The Resource Manager component of NRI-RP implements the basic control +flow of the processing pipeline. It passes control to all the +necessary sub-components of NRI-RP at the various phases of processing a +request or an event. Additionally, it serializes the processing of these, +making sure there is at most one request or event being processed at any +point in time. + +The high-level control flow of the request processing pipeline is as +follows: + +A. If the request does not need policying, let it bypass the processing +pipeline; hand it off for logging, then relay it to the server and the +corresponding response back to the client. + +B. If the request needs to be intercepted for policying, do the following: + 1. Lock the processing pipeline serialization lock. + 2. Look up/create cache objects (pod/container) for the request. + 3. If the request has no resource allocation consequences, do proxying + (step 6). + 4. Otherwise, invoke the policy layer for resource allocation: + - Pass it on to the configured active policy, which will + - Allocate resources for the container. + - Update the assignments for the container in the cache. + - Update any other containers affected by the allocation in the cache. + 5. Invoke the controller layer for post-policy processing, which will: + - Collect controllers with pending changes in their domain of control + - for each invoke the post-policy processing function corresponding to + the request. + - Clear pending markers for the controllers. + 6. Proxy the request: + - Relay the request to the server. + - Send update requests for any additional affected containers. + - Update the cache if/as necessary based on the response. + - Relay the response back to the client. + 7. Release the processing pipeline serialization lock. + +The high-level control flow of the event processing pipeline is one of the +following, based on the event type: + + - For policy-specific events: + 1. Engage the processing pipeline lock. + 2. Call policy event handler. + 3. Invoke the controller layer for post-policy processing (same as step 5 for requests). + 4. Release the pipeline lock. + - For metrics events: + 1. Perform collection/processing/correlation. + 2. Engage the processing pipeline lock. + 3. Update cache objects as/if necessary. + 4. Request rebalancing as/if necessary. + 5. Release pipeline lock. + - For rebalance events: + 1. Engage the processing pipeline lock. + 2. Invoke policy layer for rebalancing. + 3. Invoke the controller layer for post-policy processing (same as step 5 for requests). + 4. Release the pipeline lock. + + +### [Cache](/pkg/resmgr/cache/) + +The cache is a shared internal storage location within NRI-RP. It tracks the +runtime state of pods and containers known to NRI-RP, as well as the state +of NRI-RP itself, including the active configuration and the state of the +active policy. The cache is saved to permanent storage in the filesystem and +is used to restore the runtime state of NRI-RP across restarts. + +The cache provides functions for querying and updating the state of pods and +containers. This is the mechanism used by the active policy to make resource +assignment decisions. The policy simply updates the state of the affected +containers in the cache according to the decisions. + +The cache's ability to associate and track changes to containers with +resource domains is used to enforce policy decisions. The generic controller +layer first queries which containers have pending changes, then invokes each +controller for each container. The controllers use the querying functions +provided by the cache to decide if anything in their resource/control domain +needs to be changed and then act accordingly. + +Access to the cache needs to be serialized. However, this serialization is +not provided by the cache itself. Instead, it assumes callers to make sure +proper protection is in place against concurrent read-write access. The +request and event processing pipelines in the resource manager use a lock to +serialize request and event processing and consequently access to the cache. + +If a policy needs to do processing unsolicited by the resource manager, IOW +processing other than handling the internal policy backend API calls from the +resource manager, then it should inject a policy event into the resource +managers event loop. This causes a callback from the resource manager to +the policy's event handler with the injected event as an argument and with +the cache properly locked. + + +### [Generic Policy Layer](/pkg/resmgr/policy/policy.go) + +The generic policy layer defines the abstract interface the rest of NRI-RP +uses to interact with policy implementations and takes care of the details +of activating and dispatching calls through to the configured active policy. + + +### [Generic Resource Controller Layer](/pkg/resmgr/control/control.go) + +The generic resource controller layer defines the abstract interface the rest +of NRI-RP uses to interact with resource controller implementations and takes +care of the details of dispatching calls to the controller implementations +for post-policy enforcment of decisions. + + +### [Metrics Collector](/pkg/metrics/) + +The metrics collector gathers a set of runtime metrics about the containers +running on the node. NRI-RP can be configured to periodically evaluate this +collected data to determine how optimal the current assignment of container +resources is and to attempt a rebalancing/reallocation if it is deemed +both possible and necessary. + + +### [Policy Implementations](/cmd/) + +#### [Topology Aware](/cmd/topology-aware/) + +A topology-aware policy capable of handling multiple tiers/types of memory, +typically a DRAM/PMEM combination configured in 2-layer memory mode. + +#### [Balloons](/cmd/balloons/) + +A balloons policy allows user to define fine grained control how the +computer resources are distributed to workloads. + +#### [Template](/cmd/template/) + +The template policy can be used as a base for developing new policies. +It provides hooks that the policy developer can fill to define fine grained +control how the computer resources are distributed to workloads. +Do not edit the template policy directly but copy it to new name and edit that. diff --git a/docs/resource-policy/developers-guide/e2e-test.md b/docs/resource-policy/developers-guide/e2e-test.md new file mode 100644 index 000000000..06adb92f5 --- /dev/null +++ b/docs/resource-policy/developers-guide/e2e-test.md @@ -0,0 +1,118 @@ +# End-to-End tests + +## Prerequisites + +Install: +- `docker` +- `vagrant` + +## Usage + +Run policy tests: + +``` +cd test/e2e +[VAR=VALUE...] ./run_tests.sh policies.test-suite +``` + +Run tests only on certain policy, topology, or only selected test: + +``` +cd test/e2e +[VAR=VALUE...] ./run_tests.sh policies.test-suite[/POLICY[/TOPOLOGY[/testNN-*]]] +``` + +Get help on available `VAR=VALUE`'s with `./run.sh help`. +`run_tests.sh` calls `run.sh` in order to execute selected tests. +Therefore the same `VAR=VALUE` definitions apply both scripts. + +## Test phases + +In the *setup phase* `run.sh` creates a virtual machine unless it +already exists. When it is running, tests create a single-node cluster +and deploy `nri-resource-policy` DaemonSet on it. + +In the *test phase* `run.sh` runs a test script. *Test scripts* are +`bash` scripts that can use helper functions for running commands and +observing the status of the virtual machine and software running on it. + +In the *tear down phase* `run.sh` copies logs from the virtual machine +and finally stops or deletes the virtual machine, if that is wanted. + +## Test modes + +- `test` mode runs fast and reports `Test verdict: PASS` or + `FAIL`. The exit status is zero if and only if a test passed. + +Currently only the normal test mode is supported. + +## Running from scratch and quick rerun in existing virtual machine + +The test will use `vagrant`-managed virtual machine named in the +`vm_name` environment variable. The default name is constructed +from used topology, Linux distribution and runtime name. +If a virtual machine already exists, the test will be run on it. +Otherwise the test will create a virtual machine from scratch. +You can delete a virtual machine by going to the VM directory and +giving the command `make destroy`. + +## Custom topologies + +If you change NUMA node topology of an existing virtual machine, you +must delete the virtual machine first. Otherwise the `topology` variable +is ignored and the test will run in the existing NUMA +configuration. + +The `topology` variable is a JSON array of objects. Each object +defines one or more NUMA nodes. Keys in objects: +``` +"mem" mem (RAM) size on each NUMA node in this group. + The default is "0G". +"nvmem" nvmem (non-volatile RAM) size on each NUMA node + in this group. The default is "0G". +"cores" number of CPU cores on each NUMA node in this group. + The default is 0. +"threads" number of threads on each CPU core. + The default is 2. +"nodes" number of NUMA nodes on each die. + The default is 1. +"dies" number of dies on each package. + The default is 1. +"packages" number of packages. + The default is 1. +``` + + +Example: + +Run the test in a VM with two NUMA nodes. There are 4 CPUs (two cores, two +threads per core by default) and 4G RAM in each node +``` +e2e$ vm_name=my2x4 topology='[{"mem":"4G","cores":2,"nodes":2}]' ./run.sh +``` + +Run the test in a VM with 32 CPUs in total: there are two packages +(sockets) in the system, each containing two dies. Each die containing +two NUMA nodes, each node containing 2 CPU cores, each core containing +two threads. And with a NUMA node with 16G of non-volatile memory +(NVRAM) but no CPUs. + +``` +e2e$ vm_name=mynvram topology='[{"mem":"4G","cores":2,"nodes":2,"dies":2,"packages":2},{"nvmem":"16G"}]' ./run.sh +``` + +## Test output + +All test output is saved under the directory in the environment +variable `outdir` if the `run.sh` script is executed as is. The default +output directory in this case is `./output`. + +For the standard e2e-tests run by `run_tests.sh`, the output directory +is constructed from used Linux distribution, container runtime name and +the used machine topology. +For example `n4c16-generic-fedora37-containerd` output directory would +indicate four node and 16 CPU system, running with Fedora 37 and having +containerd as a container runtime. + +Executed commands with their output, exit status and timestamps are +saved under the `output/commands` directory. diff --git a/docs/resource-policy/developers-guide/figures/nri-resource-policy.png b/docs/resource-policy/developers-guide/figures/nri-resource-policy.png new file mode 100644 index 0000000000000000000000000000000000000000..fdb385c4e48e49f55af9e0c049483c251ab834ca GIT binary patch literal 71246 zcmeFZS5#D6*9C|ophQ8*Nr{q?oKb>gP(jH#iR7FqBqIU>l9NOw6**@RN^+8%Bo;YC zNhs)DeE-+uAN|lz-DC7a*BIQ(J)Ej@&f06wHRoKbZuo0eIXr9%Y&0}9JOz1~w`geS zdT3~O5%)2{kqiYHeekb)&Qb~*_rc5OzF8RfZ*mt|Ef;lr3m11|Cv!AQJ9}Gm4rfy* zb8|cA5B4tm=&cfHXiv}-WL|1`r0vYRC+V&EB5n{Y>a`#8#y^e|5^Z&4V?X%%Qp5PO z?XuK^ZUHh_c@Nj~@Hj)CE=l;|>FQzpRL=?-jDd;F^s}^JGx;x*r&-uPv!UFsD&BbzIwfe#Wv}BT(h zMTCW=-Ic@9iCXz9gb&@0RTQQA=sxuZ{V^B}-3b8r#>}G*65u zwGx7@QnV7{@eJleX+DE%^J8!l60)R7z3gi}H)e}-6q-u27&)Q;%mh*Q+klTzkq5ZH(`669}Z? z8&n|GS>1nsm$WJK9{w0<{;xBXrWEqw?IaB&O|&uD-y7MZ8@@d1G8OJGbBe+Gm$KP; z8u7pCK62^_PnvmX5B*&Wh0djhg~{8$z5Oh@+U4)Gbv((+Zc|3A=~=uP`4%}a=OXrx zsnT_-L~*!K%M&5ZHUTopQ4>goH*@-jMl9twdbN9{;ZRMQ zFPuEQffse2kC<|>YbUnxC^x_v0--cq{ZD9^)L)6}3CtQVXhf993yhRS+RjcdK=;~} zKrp5>NDO3TRKw>?$dZ*qTtrl)l|GZcZ!e@4Xry?Oet3{3GkGlxb6cyXAL$cn8W6pz zW~1?3^^^HP)*W-1{uoUZA9HH#!|?=W;PDT$e^(fs^lS|w0y8z~q*ad_z~>7-a|jRn zt*S!79rdzg}yf=eeE3^R|Zpx{Vg>U3FDvP8Ql3Z#+D=H#)Zm{%L}i@5tbP z4m(fYJQ(?#uaJjZL(4tw{Y=VP7YlN#ji1?QZQ1%W1QmYn%Z592bUX*=!8}grlP%r% z_)|HE!iAzzg`09{eWHT+4)964{5^W<6ArkQlLRin{#=eH@n=qTjgV6)Rm0Q@%XE+az#+ zD<(z->*N!sn(P#447rzrX{Hzb-PU1xj(c)2!f8GC$v81njrjpW@SOu}+}x**w=05e zxp*#?A^ot7oql#U-cihEjBzEvmfDUIKZE~E^qIi(k4edb(S65WBufv$e!;w5ewKM@ zP1bn2WaWbqKL>qo{LpNfnYB6IfGf#N%5HVYm&2n%p}nPZ?c@C5e_Qe9X`=i=wlC%8 z=#%%b)i!Z)BXsnf4ZigaeJ=ZG9lO}H(7t8MB38;)=DXf>-|))ifg}VPNlcp;7Nm?@ z%J$WEX2q%fk4BA02yN5vWa2r8V*W<!)B9qM1-R<}n(Ptu7T@|PA zN{&zCl;o>}=ASPR3SW$H-SZ?UKY8{uFsxdZ;fnDs`fN@O#^RzvO-lLv*AgDiJ89?;~=$TdqigF%HXg@GVuBkH)bJ+K-lcrE#y2} z4=uUkuN$SZ`Q&jV|G=Y@`zS!g^UrG4N1WMvle|eHoNbZ|@7r4?=DR=T- z>H*ep*?JqhAjfzCMDtX4DlNlL_I*}Cq3nJJBAz;duj+*62#Ay(mx&y$a4tIc)ZX8PjAldl}#vv4G0)cg1bY+_RMLX6Gq zuUnDz-@Ish|HD#X9D+7$_-y@VdO9L{6efh+%54LpgRN;ge1c!hDVl0T28a9>yXCw` z=j!Xe6s+96fu1re1 z?j9kGnGLThH;Srm+qQvJ=LB6bX_?P`j#MHdA|F0}%x-Q@m!W&flgyB=8rNfn5BadN z>YGH*L-sQi)Tb!jtObrqR|QKd{HhrSYRaKLmsEyDVn0QCraP1-4-zNv6E$XXyz06z zcsukUFTeSZSMN8s+M7C0y~S*E!* z6LU9d36*0t9i1Y78n62B{V>s{dIp>@8m7P$CqqYQGuvIWyVImNbbPe#SMWm#Q{)zt zp9Zr&&gbRC(&;42k6bcyIupMl{%s~EM(_&1vJP4JHvbDgw=-ClHGNW@sM&Y(2Rpn{ zJJwD~qQYV3Zl_-d(jFR340KwB3){@6TC8O7<%GB+S^Dbq;iq#@*z+$?7(ZGk_VBQ_ zBG3F>j(cD0X0~dsdp%T%orInYm+1aI2Yo@x7PMeaa=yoPGBT@mF8k!YrEfRNTlrlW zHmL-hk`!EnWdRtZ9Mk)^2eGEkaa>`P^{mhM1t4D0HG9EQJhtiM@Ye!V!u&-VZwSB%2cIM%9E zZi*NAyREe9c-`kMYrN`(yN*TaPy!XE@TK}2CkEABaNWD{9lxU?D-m~cE zNEQdXSEekVD;8@NEkA5DUc*pY5@$f#sYG0#|Dg6&*_t8Mt`&Z))7?5d>=g%6O`hFyE438Y#!>e9 zBqMkIkVYuW%3zmyF3-X5RB9P%CMZqKHqL$;IGCF{rW#sh?OZ0_L2e*rtdyHsZksAY7em_M z#6}Fl^&%e?E@lSAqYpQi@=qc^O%m69f!1rJD@1!|TEo!kUY2oq*s7#$bA~xB^*_vP zE(@|u=nlJwmmi74Wf67AL1ERutc4ReI?$YsRa&C!h_uVD;jZy{~pjLmUrx zxI>H`Ms~P6m6XBi$}Mg^$p~V;Cd(-q%VDr_*!)2^mEZ2EE`4=SgFQ+fT`Q?v=4p>T ziQdP@5>|J+zhx29xko@moBp#4eI%EM?_|u&G3wrWt zC++n?sPFuJLPByaC%COS5BcaO-=+%%b6obXkH!$CuTd^_MP`4OvV!X;<)Jv$c;q1E z0qbZxR}Ykt#v~oW=d}nLFjX=UJB6vzJq<)3z|S*|0|e?mR+iXDC-^cCIA6P(zl+Pz z=12K}c+=nVPgqo*&(O!X$;qu&mJert(yTwk4+V%nP4wrwqv&E)FLysVUqMa|E5!Ij zi)wlilj8j|^awB1?hN`zDt1o#3ez-{F{8sV*xEU zY%Kf+3L@2(gU4Po*`3)ZfEtoFRW!uqyM^|c-t|Fly=98VFDnoj05!dLFp#`IN6$MM zGboVT{g>PqmhHBh5*u&l+0qEXnCquxxXTTk;WF8#l56py;8a!1ZmNPE zXSOCh$i_kg_S1f`+xyg6p=-8H=%}Cyl4V9w*2vjuh_vK|oYy-+Gikd7ve-W!?L!1& zeO1Us;%G*`wr>!UbY?RpV9;Qe7H_R)W`4-a8|&=9+~BUY@9Vt(p1b)(e~@fM=9yOP zWX@WxoXiF3Yz;uu>8`KH>U#FRUd}JY2q^BYncy^cWso)Z9c)O9z?U6a_ee9`{6n;Y zI0iN5T(IOw){k1fl3r=@cVvola#i z9^R^_2Zx=X7dzv3=dnYhACEXtaVFOV3%cw6>0&()!{RlqG)%v%Az zEzck>F%{Fz*Av1E+ohl*!zSy`OkN!<>eFfz@42=J^>;N($~N{l*7|Z^z|n5)@|(=v zAgL^yhq#!5(=^bzvb+d^nCnhH6}`!UYnmQBy{MJdk{(8$hd)06(UtafPZ}H9MvNT{ z2nDE-9ZTG%p+K;EVXZCkeKi!KkN;F37x<;5O1nk)CF?F>6<&awW;t%(4l5&V)zc4@ zW>nGfw2Y`ibN20F0pIH2?A$Fm^k#@%uD>Y zfM|gs5sQnHDlsp6X?ZrVIBpVVJM*&1dA|M+Pe5QpuII2PT`M!CE=lF0R=7(F1Es^M zi$5l*uqL;4{yKg_#i!LG++%oc`DoiMk2{k7u)rJlXoIz?+{QW9`?@H(n|v8f9#4-)j3ciFPS(!s@Iu}m^d)etBwJ>*^QrhV zuJ**$uSAIgL};FR8}rCin*_uxnB&G>anDN+{ZyP?`hUQ{#gG}6IY)yZ`XID(+5q~2 zPf>yIchlizvPQ+DPEO$_3DTsHmtqh0?G$4bFJD3}OXFIpJD;R~iq}RhP2Zq)Y9$ zTyid6E+D3A?F|hD&0qH-+n5Ax3fz@2>24LS!gJ@X3aq=Inq*^~xnlJu*DA)`ha2j@ z1==xEac19n_#mZjF9tg>(?y&Zd-crblW{Pa-7dUitNNRa^mH33eyI07=$vaEruEd; z&d#c4>jkljipm#i(FD=Gy1>`Z{!9)~XneG`zHE39sI#{pGpB2}p8!bl5bTHvFrH0j#W4Z&UQGz#9K#H;^N<4 z@vW0IDHSr#>c+&Xm=vDI{cX89;<}NNmPXG+?pW4uWJh?-wK}f6 zLY)aV$jvqcSsDO$&`-=$O04)e&YF^v!i^jF+_c+aM3(fq``%mtjDhIEf+w6>z-H=& zy80tv#vC0vF{x$rcLd{*i@MoF!%vX=5L$oQtG`$~Q{{o0hQ9In`Al{Vn@ocu+w2B@ z=jIDu+Z^jdnM09+3%_Tot+g9mSX^CQg`%X*%^8o^2UeCNxH$hg+uPXW=I4iS=++ER zOoW(gYiMY2JFhE~aO%lxYiqkLGG}-M#ItEy+#oA6k+}Zal@^ENrGEVT)!Nk`iLED! zm;SZ~GQ=s+#oT|yq-?a%ctno2+~?fsY;PX$)Xo~)-oCzM5m#1H1COWg z-o3+!ru^cB{(cWZhaP#WEx#%}@n94dlvkqFB2#jF6s;|KnpkJiMKm>InTtw~;@8ewiogC%7y7`idhKA(9*% z9QOiW78VsfxOex@_;|V3>BkAEejjPe0mh){e$&qL8sF8o=KBlHViy}Zbmc}11)=nP2%TsX{kb$LGtWtx1y!DJc{N9!nT#y}i9;f_796!K4RReh_dsMslKYDxpq zR8&%8VPO&8;y_%_?dOa<8~MNo+(zJKko1rhXZW6JgN#&q_IMe9jmhfo7+FZa7JE0I z;M`X{-Qjn9Yu%Lg3{?0)JbTNhRK>=|+K8s6q)e3=cRp|C1bb-uX=v@7laj$y05mI9)4-Dv&At`s z=H~6|>+AMr5d(*06$!x$mePYDPxZVu^U}Qc>dknPO+WU%aI132`^t!Z+oee3nU_wq zo%M`(Dwp#{QBm2Si|%>XFR)280f9`}Zn%_;g(3fkQ>x;WVcu15g;WT@74dm;dl30D4IV0%st%ftH) zAR*4C4BowqM^3{`%4uvxW_&7NJZbwv&WkoxV>|nXR&a8CAk|SnvA0(d1j^8X_QrE! za&l~90`mnQ1xAC{CARntc!QUZQ zSr@|JbP>4>Z#LXL&>GxDWKY+m?+*0pTlZzw@+U=@)j|7W8I^t(7n?2r3NO}gOhDl< zA^j_d8LJ<}r{zV3g;5RA#Kq2uxw*7?x4&(7zO&WMxi9)+L?4HK6A%zsZm?U3MSl^! zki7>sW|X1ifgKG;93U8{fST@LfNNPVOj*Dop1o9+kLR`&RKws+$wFn{SXC1Oz^uB`x;v zZ{XE==FK?_zg=`1CXpf~Eri^cJWd{R08}*N2qs1j;_hw`->z=l{e|2Ixos#3H3e1P z@M1JktI6XzrGSmm_C$%zY)xcH2ES)E}|eOXC-LHxiJ3QH?vlIdwa<>xOlR2LSka2QTyGNqxjMTAeq0~ z`>ar+VAe%sU?o~ol`cl;-2icn!L4N@JMJr#W!OC2iV@gugVr~1u(7_sja4$|S`%V2 z#cBo!$Mk9XM5*CWQE7{ggJf&%Z^O&t#_sO!Xy3GukdT}+c>#X@JFD-MPT+=XB%>Qj zG4esiogsJ1EQd1G-4;f2JPw2#$gh# zc#_$*RJhVrE#aK$eixh5yS$cz_lyvG^V4@J=8;PTkiU{Q$CAf%o^Fk!a$@?l zxd8{Tb~?rajV;s6#IO@CRGy8pHDG1WfsSDQ+>29%S}Eu1$2C!P7h6S@j02e-%i%QQ zN{^UT@BQs0knG2K5iS$JoauA)llZ>xl0%YZrmsLLbHA%Tia9JF3bh+?m(E@6OjoYV z-N^oT7N7tM?LHPm)vvAX?c*rjauW>urbEoxT6@Wl)Bn_MmpX!hcGS_;^*kAoI}X`m zBzlnHxlWFv3lk-}ENpCj3vez`G;wbjijoQ1)1Yy+{G&@1v>ya61XLfzYXI?C3l@Vp zPJyB~Byq{!=(gJ{+U=^3%3DBa%GirGh@Z)>{&_os3mU`k=Fwv$Ve-bCf4~L;>yqrf z-<$|C-S0ScarGUiUYXGypq1zWje*?k-E#pWCASPUr!*3f*p)e)G*fJ zqTTGpkA+Xw#;1Z(0E~%xvD8vY)*z5RVE?bByDxyfg~!Lwza)eYelgvft7q3Ld(!y9 z$v&Ca5+7hA0Y5*#&3r?=@8ucbkf?J&9YmdD&zZ6h_`+%rbEer)hImzVwYfKL)^_!I zw_r>A)_4)1`*`5W-}CZsI}>>)a$d%C*V|pSFSwD-A29spE$JhpNW>=<$!%8YE_s$ z7|T~#0SuptFPf1qFcD?d{jW=@{zh$A0>6X67Q2uz`PN&bmX6sBz>4quJ;E42wcDGF z(p6HzDJd!OoySETljQ{;aZvz*{zhHBGm2VtV`JmVW9;X~9ru8|`dwu;hD}px+==98avV876hP9XNe)s=q{x##Y= z5-F(F;v>AfyL;6sd4+CnZq7Wn@aS+X^ZFa$iKvYOICY10X>)f1hwcY^duA$pUaL_C zXx%b4*hTLBa2tF3AO9m6=jN0}(wT_Dxxq7WHf+%4t7R^%Bt7yhapo5gu%N9hDZ%Tj zKqbX`e=@sX9rwN~am=+eDp}Ib=QK2= z0QvAnQxgWlK2>gt1w@dXfJ}c1e*{>La%Z?Id!NZ*nlPHiyLWdU-oJ+?pZB&{t2|)R z5Yh}g79BauxZf%s85!C1Z#e>>RlaIEFbQv~_*B`afmA_fc)B}}dG9whF+(66Td&r* z!n;hg61slA$+?di2)1;E=dlGU@UD~kupg4h&88LA)#@`87nh^;{ie($t)TD#)B#Xp zKp}(ys;5=&#OMwH)-m`M;U+bzlF%VhqEt=n@E&ygD0#>yL=AE=mXsg9-EgavfTC#v zWkoreCs-kl=}s9C+wV(sf^BE#e2xdwJlB(_kHH!^0S%xIuE0Aa)(QB1{ElykG1_Z& zb!l$0Rr{MWd-CTd_t2=RsZreV&*WsKSx>CZ{ko+PN)+~sy6-UnTD)CSyI#F0X(^Jv zj=~yHVEQv9X~+1&W$2j47akd>=<_~9(He=<0=2_6E{Jd=2atHf(gfuo2pL{mEZ6Jy z*G#k5Ip@H#P-7NzE6Lj0nz%vYif0LOa-|$b19YOp z`C6hg__6HNWhYtL{E=xf-{2~Cbew7u<4QlW^B00#Gr5<`-LW& zSyfqYwO_dkaiH{WmN$b<0ze%U^q(aqYgJ>aqFchsW2*pgmf!5x+NOdT3XnN+z#?z= zjY3o}fP_GEh7WRhwERaCX#oQW>^0FXKe|!DTWr3F(PDoEtb-Tr5l;Sq&^JLQ$H&cE zOQBFsk1xPldjB3pS^;hGo|AN1{T%>X!(@j!O0*ne0B^7cR--<$@aVbM$wtnCpvkZM z;KnMtUPyp^M;TmT+m4Kkyc9_Xl<G~W1ySP)6m9>;K z!$sFD_aBT2hpkNScPB+7UXJ5l$G?qNQJD^qV@H?z36d@C)T(f!FG z(aMpj!JSi55{X6Q;SbCpfH&HJ_y32&7-^HBNdkiaSgnf%*8hybJ`)5^na~=XIA$3o zod`GOoV+DPL`9>wlfb~0NV>$w(wN0d!pK)@74ghJN@p$|OMl#GWmfG?7QQP2u2E2@ zam)FDJ;_dqNP`qzqfJ#>4zY-q{?7~=NK7Df(3)_)-D^UND;X;Yba+hPnJ#@UtZbk#j?Ker)?`rEwPN3t^eq{Pxz%uCFkx;1x zkCjN!8!rq|z8GiKEYXn_N$0E^Dup1e{Qzg8;n(;qzlfSTA>6bCH8jjzn@Y&RAH|!! zV|E)j0nM4_Spv25H%;Y-5jwO5UxYr8DVgpq=vep%SI0x>4%g>!I7hd4_LZ^UfBXy@ z#9=cKIIPpxjf+Um(lQy)wi^;hP@#cU`n~PT_A67m+7uSm1W#A};kg#CIo0IJtDdiX zN637fm=w6APab}+u8s$&&PR!V2RzM?*fDOZfUOCTe4g6@;qo`%QR0pc*}pN8bAAPv z98y;k@2W8G(*os>n3xzvxjH)l7aRahgGyK$r~!W_CMp1$(|Bz>eHBU31%x)J!j?DJ zNRJE{sZx7RVYiwXY}zt&0O;KT04M*>haefdgtLwAT%gvRmO|3gMcpfW zFWpd16F^=NImv?R@>fw*Jp+P^{q)gd9U*v>|3;$ye$_dy03W-dp~2?TzWH=QA~Tbj zP8=oQ!cL?Ce3|wqJ^ustC#bj-l#~xJ1C=u+(t~kGd2DB@Xkc?-wNVEU3*OP<-e<#8 zQ}RMo>%gLer#TNU0gxYfKPsvXlo3i+0PFY@=&_iTPdOrFPA$B%ik@`4w;WT0l))3Q zo0A8?1IYd6*bis0N;Ix2WqLq$+WT(nHh~PanXU+?7Ii~`JkV3xRUZiH<)U%{0s?MT zX*(-$wmS<0-2(Sf+syxa%KY~cJTqK=k-OeirMkHb+eI(W&)+(Om=*AAVqMXj8; zK9W%-M?Kaism<)(HdC0qWQ<}S8aHkZ%s03u{KWEBKmWLjVD789sAHrXr4@<_gnN3n z_ud#7gVxmTTb)CU!4uv`JM<9SUzEeq#Wv)5je2DHRzTypRgl_5JvKO;(~$)PbjOv=oJ{5`G6{1xrW@hfRvhrZSU+bkVKeE zC(zb8*$1z?{r8^WS8Bz9?cWQDKjRu-p6#LoCC1*zN>=lykMTeKi<5%A%=dCRBN8@| zVJGosJPP{y`T}~|34o4)$!F4*$2Df(Z-?dl+G!;o-%f}5&QlR?n(NluVf@C?t+9P{ z|6WBqo1hH~m;=c|&4KuG))FOKrQG(fV#7|dFD|@NQd6I+@N$`*8#W?bSZsP;+)myj zrR+8;Y*SHfH5H;5gRja=(>1ob(FP?(+yI<52pjlvUt?1ICwTSJL03yM?MAP+ox*XQ z4n5KU1Ouy3zyWmJ|I_Av{p=eU)b_4@++g;7*pLUcSWez`?0s|(??1#2cF-psI=*P| zq;vYr7^eXI1UZrP!4`NlNlgR7?)Hvm8i5DGpA?ab9b z0t4wG4@0D$0@1$YAjIV|U8Cv za1f^Nl3!Dy9t!k>iNek7=R+SAhALsQBD=u+wqMTczek~u8=w)}4WQY%>`BvZ^z{Q@ z;Q{055O6?1M#$*v14c&;=I8O=fJTOQP4>vM73M)ZVhMN}RwV{r~0 zSCE>4le$(MXJ%)uY;5}dw(!hCDLpe1(-C>+hIGwCuKGZSq^G9?dS|0`6tVP}_3MbZ z!`k5DXf}-J>#cv)8cUhsPt(rg-pmPR9`fGizGVR=nGd(o4>4J8aEf= zYWQa^Gh!{YWbRzIe*A$m+oQtQA-FELyNHXL!v!>|*WL>rd)Gxx^kGmKJR41Q>U@vD z&aD>*i_@`(Lk$n%IJNtqu_NSr#PGX~xFaL(q{+s3%DSt1L-0Y(`(V(PwxI!X8ko?L zfJ<`w*`;eCP$_HIwUFXDU4*b6wm!N#sF|myr=GK*D!c-MlD1ktN){m{P`|HxvyL!1 zH$>_pzUP%OqNk%^>cqP~9tW=z%yI5?r2Kq>bfeVEa#sYXcfRxAR=~*b+QOAX{A|v6Gf@_}ElkvH@jP*9MdQV#r>wJ? zmH0TkWxyw$Wo-n|cC&n-#x{H818r6QelZYWpf3fC(0~@ZUglmrh598H_YcN)z~r1j zlEt*&<{{=6DaI9~Ywgv+slrpGPu51DZi&};X2=Oq?FCMpL;~G82Kpsn?g$H*k)WG> zE;A2iCMTuZ3x`8l=mKxS7*{BmbK~k@4YIG^Mlt2Yrg1?9VH8bv8EB#KBo*sBKOD*kwsTC|D{hU^cXO$QyY2z(-w2URoPo>d@9~{KAdTOq73m8>0`K zboPI7?%lUsQkbeT6nYX4V0r- zIU}7D&#gSjU8GQ4TXY7^ho-Hdd2lN3tus$IYENDAq1yBI0 z6RSjhXb|Ca*`$P}-9s%R;bv{f+mSDEv8hEiJ>bq&%^Q*|H#{M@R=J=C9QyVy3LiHQH9{2u)LM?zN(mcXW zD2xG$2FkrE$$KWLN+mmAM znEk|3jrsKIHd+2p?=IJ{(w6ugNz5mu+v6A2d%^S}qf|_Q*O33a4UyT49y1=_`5=Rw zHb$O<|6~*H6V{ZcJY^qVSDjdAz)t~-0Ok=zFN7A%N40ufgAqG$2onTx)43kP*Kl)Z zlK=wlJ=dO?;yt{hw$As)K zVJa)0s)qb;z*Ccp8l6r}#C+HZOgNDU^@z5$Vtz9R-~VKsL>7WUmJ||hrIi#CX}mi0 z>Ja@MqVyVZy?C)VD;okx8%xUGQg0`HoWfT(BD1;2drJ;$UgTnb;y^_YCf-u8isXNY zi+>$J1dZ7#A8;J|HOApPOo4`u{%EX>VDYY&1={w3CYavu(9C+V?rG5O&%~p};?Tnq zKWn|_gcxzj? zFsw}}DVaYEd5yxVOK?Q z(?R^~W!_Q<&uhF<_wqDFDEy&X&1mw+cE|Bl6wBfgmjMCXl;B8tb1y_X#Er)Q%Ys#^ zjkSv>`W{zbMMXQ#>x0-kz)pzjJ*5&^R{5n~;(;59!2}-nqS58!R}9X~r6rwoh9)5k z5veDSx+->PnhmfGc!r-jC=lpNW6fGc3;w(xa>Ax2ady|f`H&NC$emcaaJm+7Sw;16 z<;M+NA|+KP2{IylwK;jcntM%lGjE7|v};T4b3=O*P`)CUdEmLa+SF=+-g?nRkEZ8$ z+BNqtZ-~lu@$8HYf=IkctvGt?cV!PT{NpB$II(WJSSBLTcYJDCcixaKG4Yy&EPHJ+ zl(qBVpjb85PV=CGS6>>>cJ@7Zs-CM=eY2kjV$m*43eIvICFxjzr?!Q6iPR$&X};GN z1Xm8G50n@-zk&FxwGrGbW*!YgB&R0_gbHg7Ac;tCf-_g%TvEKD`5U%RE(RlH~dVz(COAmP12?CzS8sLPR zrGd+VuS9{CpLF7OLmjkem=PHZeH9`!bS$55%2%_W&FlHIG?m^-3b3!%i)gv2dS3$d z{0z|IK>i3^esl=j*!)Ch*yP^KWKpzx)1ZVseomoWg>9eedv@K~$$=P&Z>j|IbgIor z@2u9cyZ8p*BW3aTz~>)f zY0HVggxI5?i{X~6M_^6+>gdjR?B>-@m)YTjrs$TT3ykL!2|=#4*_&JpqQ9qt zSrp42?Dx%xJ6HsN;#AF_v2hvqgYQr3c+gm8x?4n_`B6=}o-cDu9!5aCzy6?wB=f=t z8Hn&`ClB|V8xz))Cd=%Hz&tD;V;-SurV~X3RIBaJW}G)w9Eb?Gu6F&EFL*E_j&L5| z^~ZK~hlSC;#q*74N1>WGziT)|H$Uuykr&0fn;eu{O9lI_$J*jjboG0mg~Fn`kDTFB(|rnAgJP42@1d6BN*h z$L{+etYNN)zG4zSkViw3$0CnZDf{}T)vbP7n;-_8#r_q+Hg~=__n6~UTy~2-y1Fu? zH3G-KCBz>T)bk!5pz;vnaT;B$T_4qYwIE2Q%}?k3g;rw=pYN!nvQ%B0KcHYtjrs8& zc65UIowB25gy&wtWD?}C9<}J}`6LMw#eWNKJRiUu>yJ{@;MJESp&7=TvuqFU*;ou_ zC{{6av@~OBpD$n)>o;fEU!9kL_o4d-CmOWn+9lFLpkK<5TBGzj$3#x*iP0+PkEtEuIG>Y8Ds$ykRm@0K`oD z@~LffTI07R7k@8rlTaTIwf6}1r|?GB!~53*`6)e?rYBL0OFLE$-FCX+qFn(8@83i3 zPZ5tFtsnxad~P&=DWO&QiEF`$I?=$-c)<~I1Iw||LJ(#-eB~WV0YiWmurr4N4M(f*UluT%`o-!8?`6LtK+%66R@?+i7JJ7h4KBhzsYKns=UPv9Ui>}O z)a`3n=x;MAFzI6hw6bXFPt0d73X7xmWlw>ftRqTLsHub*Oq$^vm{Oa-o9!gDc)mC3 zeL|70SlUt*B--lAYnd*}+_)Q0ns{(ER(d!$R_fRu;Cx?B3QY|8PibeNK9NP8`Ea+j zDgAYwwKr4T(xF_2CD=kV-W%F`E%5DWXYduPuC`c7_LY=vu9Yoot^seK8 z6|$C0+)d-G<-w20HNjS|wAw|z4AQ#y>|mbFzBIS0IB5TRUSA^`+PhG@6J64c)&JjF zfFjR-lWK><=xRsNH}KMMnNIc=JHi^<-CKGpWmvbVBVaqFIH0?ayaE4Hf;0x#^qWJ?yr?)!0Xc#4aK=vPy%^bhZ(e8w zgjv22Kla?%JQwOLkZe-l|MK%kcJ>p+SFc}WE9p#O2*A@UnM0%E{U92eY6#__!JVD{ zll~L_U-dBw>UZ?b@|Q)a2}QoW}3<;AN)Yu58gF36XZnXMhf zM9Fmj4RV!0%wx!uU1ZIyJF;{@qQw#UzGLa3;Z?Mn86*UFnr-6IhjZ#&ryiLhIVx9& zQCN;tq0xR@uT(`%-<)}SBdGq?+#spdu1^+8@TAdm7{X9qr@F&93-jM%T3-IeVv+v0k!v!)47tcCb-={i+ql*@ynvC^A$(b$OLvt+EGQ;DJzq_8Rg2B{X zEw^hh_9B+3Wtlc!3f(-*tejbM&d(<&(fk~4E2QIloMQc zt*{V!?|V-3BmaEm1EsvtW~jOA>cJcTfT!h!h095oORa|Pg@u1tsg~DfOub?QSF>M3nx>5_-Su)6(qu>N&(ADY)x*JJR`V12@Uo9*TO91xn#4> zmDJgxzWzp6Q{O=pnYS%6x!}Pld7im=Fzg%cyhV-^{)!$Wb6ay3SNcaqVrID^qpg+Q zfW*Ya#GMzeT#|^bl#KZC?pOPkr(3=JHq%v=Fa$DUt!4s$)GE%OeTywB&Z_rnTgpZH zWl5R5+po%}IKM;KTeCvcLdZTZ(S5SUJ=SS)AEl7g*wH66c|DN98#v^5NWalAh$V4F z6GdhB_nWySb_o*dL8P8$Gu*a6T`~fmso#^JBC2&f^9sbC z&|h6OeW+Tnr4n|~vhp0VM5QWe{oKBIq0NxypQzxRi|Z0{=t?ZAI?U$DU;bwba2Nk$ z!^zn)sFZU=e-&b}Z5?m+a_+{Aj^$GkE$%saxZhj;V23>EV*aSOgF>C_CQgW5Vi4!^ zIR=NwH_+`^KG6>mw47(q`_DH%ek`i!91h5OLVNiq(r15Ga>$K{N**CNDeQ((S9?yk z*}w8hna%5F$n)6pu%2tdXYTU3*417}Vc}8E&E@(7uDiRnGp);oYfZ@BHQ4D)a0I-< z;ZRR`%mjWWZZlIB`HpR}!f%%Z6-u_7^XW&})cY-a*Z}ssBW|?1QU@g?8V<#aVy=f) zw5$ce7a;cQh5N8KLZXrdypcDO@rtKDrAGcTbUpCalQ--A+rq1_sang+pbIbJk1T1Q z$$qN%7_4O-;L!vR_??okz>D|1*bIM?Y_);2$E7id;|&j!G8GKV&W{TXg~tZouKLmN zf32^*DRpK?opvmEt`8dbW^|e--@Wth{BxBRI-pX5ktwOSwbg`lpki*UnRsB!HCDYZ zBavvl(QhaeY7O-jHM~57lS^hL0Q3h>xEpj<(vTn9x9IpB)P^6Tw6D~wX@(9%xl;1S zw}*0sd3VZ~EPtAsn+v0HaM)rPs(%n#mp`{RDrSq%Cx3f~y6!_fwpRs=uE&oTFL{hH zB;p?QIhc=IE_gpf1fw~k|D{#AT7@y)+eho?4XH5>;(C16(BtaXjdSfZU++8gytdWc zd8l3}YQ>C_U3s92F;mXkDAN)1aLiKm&NH$Xcg}Xj z0hMjUR&CqA<`oeh+b~7WaOA$-3>bpAuB9}6EqA^&$ndejDA#KGdwo72jY*%>v{qto z(vj=9GwaMf%gCb%SkzXP0-B9pYxQ4&tG|i5@hP#M15tM)Wr+?M0E+G&{%gWmfa}cn z4K?R9#|geK9ol}z5@mQnHr`vlrxmXg!}T^Ri>$zALox3yQNypYxHkTff5t`ho>fzg zbTV&1K1B$x{W(vvio3b&NuPd2g66tX`1~%W#mvqKwFCUD*+#2zEos)E+DXL#A>t3u z^bSr~7sxgzT(=aNlg%L<^c^EdoAXBGOhZ4l;91um^v&+A!WJ8wjUJLKleV7vpk?^% z&{Ay)>~DSWrEhK6<@7sgHmtOkn}lPVuNR)HF!|u9CBuRgRyKCR4u_kgEtzuyNyTV= zH~tTv-ZHGJ@A>~mL}}?R5$Tq0r8|^EA5yv-JcM+EC?PFK3DVu2heo=)TT1G`_xQWbeK9o;7RM%)DQV@$hOwqdZeSiGwpuL8ri^GMtc&@)7-ukpTQ9ieJ?E-dvK76z}lc!IM zpnacd^bJ&+h z)+}^g+lz*T7obIx3-<47PC8A%*w*gF?y7p&^&XZIo9|xv951yPw`B?Z`J>@n*&NH7 zbg^_)cOTwpBzE-aXoGy(_xpm-<;gj_cg8oOp>7V0XmZj1W)b93*C;Yk2S^FU`E&S; zf{N))HMH?6268*aXK%9T585^o#%ITdfbBVuhiupjWq2mZF3x1f8q5oY4Br@ z^yp!v;TM@^hs^!;bD!J0Iqj2u`A3KGTY#(7Hbtc2V*JmvxT_NF)E0M<$DS!ssnG$U zzV|ie(RD>09$Luueq@=+9Oc+A?!2@*hNC-`&OUTAXAneuD%xfhdQhyk1E>%Rk83bA_s;-2U?2*FJpH4IDz2boisWfQYRZb`QcZ&#i{V{tA_* z&if|hU%!fmc;~;raeZZQ-EHo1da^ZBYsYN=TR$e(8ib4|)io_i5p14#1W5ua%dDZd zB?kAzDx%H)N@Ue#p5rfA#$S=Y;PmdsAJTRsg%622tBM`*Of{!r?p1%0zaYQZMm~KO zv3W9fRyb4Z!)!L2)%dD^W-Gm)Hql`E=WK2PQ^su~)@hAQ`exJw*-W)3QLM%HYxFG# z5UG}1Ht}JM?pAkC3&54lf$I{!>qOt5u1*2TCLA>6Bz{j}^E4RKR?D@GWv~M|nri_5 zss}^3`1#e#C}cblo$ebDj%Q}oz89l7R}_+S?(xz4n8r#Sh;1_L?Jo8>{2%N9l#LhYB)q?^_N} zJZ;y!fv+_D(#jJKpbgfyFQat@TU-LM#Y5j~${RT|Ao&YUtObyZOsDfza`1V$8Wbvo z;!*oq$2mb0hdw?{Sa2Ry0wWMd8EpvPMX|M|0QJpHNWI<^E%D#_s?8Uyaq@}$IJmXa zzbXmn6POyY3&H>8OxO{xYRcCFy=}DfjB}n{S%2f1OlSO zt4&6kC{Tm2#p6&qIR5#J5$BQ#zW(Qv&Mz9C3F#T+5<2?kj=^BOy zLa;a>f|;DA)=R3P4aCk0OxhWw4Gj?|FUqx-m(32^ z9HRw^&#VL$@0m@}A^ma-yH~sM2`2{o{#>pZt^EZsRBFjsZCXlxV2eNs&VP5QOeo1`Vh4o7kq z=uw$$xgL7h;W`TC3i$pBR&8$KHxab%=jZcc&Wzze2q!kvD<=c4sapDb>~PXL=}m|= z1L$#muMK(kn=3dS^?h<~)-O_Nb!v*E&M+a*_~QACld&#UeDF;JogKq+k|WL*1y=eW zV3&QF#prcg-wq4QZ|Er=VBkFm@;l}t6;pGaW$!ee%<8yE$nasXyX=q_Bm1~f@3xj=$W&jdmL3bb;I|RdGo5UWL;*>O z7s16pEEiwDhp>`2udmYtVy}7-zsXj{_^HYuYYWA+EutWn7UZfNDRlc)9gZ_udd_|F z{X?mO5%@A+Mrc8BY*D<2tx|Oc@BL|BnK~Uqc^b$R=K9Dy)OZN8B@lyk_}L>3sV=mwOOf0`y(0L7?wsU>FM{TuR&+_7<7BtNdu6-bxfzhE`2K zv)8jurlY`k_R`O~(+L_fv_3Mpz=U5(PLEehjy&h4)xy_$Mh2hOFp&O`60r7pZJHt6 zKvc7o{AfL^5RHv(nsF=vPS$|bTg*-~Eg0!=i%(L<+Ldcud>&_%tUB z=ean*jJB0BMC1AN4Ps))I9({14ULmX>vPvW7MpTIY2R<)TFc@8c6owZABa>O+goT? z^(3Ih$@9`v8|qw6{*^H$*ewVX)*;+bmgh%?l~D&x zx{9`yQQ-e5>&nTjicGAD=Q8n1=3}?niX&m{)&yKa{VghxomG~8N&gx+#8oZ%U+tPK zrW>Z}>T%y>={ObfXl%3go+sFv7V3p(86v5-6Y!o)N|r!V@5G!_!otRYQw@~Q)Kypoc=@0Oui)^k*upp8BR3Ag?(k zPUHZ6_6%Jw(fgdqow6u5OVRWbG~9X1&FQ`!X|yzfwJ9L*aizI-ffC*mbb<9zo%i=r zq~-VT!P=$$8})3Nq0uHOuV?W@sxukTz`kdi$p|=YVt_N!J)zchhhynh9~kNqmK^=L zKL0Ro8TQQK0Ke8!?@y`_x4wJ(;RLUepVnAT*#aH8!;WGtk}K`jwJ7b4&XMHW*rZ)q zafe|?bC~dPc-J5i)yjb9;z;N`!Q4jn>p*P8w|w$9PF*N*7hCMPyU9#Id}le%qP5|) zP%N+$>-2O^{#z*hCtGZ~DgGR}gBwQUT1<#5+<>_qOLvgsg|AO@_~r|T-^9h%<^|dd zQ%k2rf1l3zNzQgT>2*Ua)e|k%r3kt;e`!T42p<>=tpk_PVB6E>O5k8i&MfWR&_OY* z0VsZk+HT6||I$r!%Z>m~6}MKEKl~z)1Z_hvfP0 zSMmEC)=g{$&v+IwCMkb3a~2Gz6-MfWRD46HC~5xfXO%L|oPH8Yyw>h{+GV1BWJ2RE zbb9z*g^mJjfdQ%?a^ElQ8qOp&h(=2d6d3OLfi$|c`O%d{GM&3GSg-!}D<�GiCot z3C73^!=o=XpAsF*m1`~MP{QjNX*vvwPDq14TdY!=sC_AO*+V@FS=lXGrJWMYd51WK z@(5vZnfqcp=h`Hon_z3AODOarB$SrI{yiaD?g0m^ylrYxQ)%Qg`{H7Ica!BV6Stk0 zLY#X#nUPabbb+{c#9%QEp>y801=GHu@rMt&$Hjb7b*J+TGCDStJ_6lo!!BcEJEa!& zZI@y?5o_&J4SF@avr^Ed*p= z4?Y>e+sc|UVXOzdu$W-k93|COS3MUcqq%nx56yY;zRg*wbE4XCE^Azt?{*He`!6XR zL-M9x*FJO+7uMwPdlt0WW)#qpt6m?$bhKOO2L;aj0iQ512VLB2m4YC(hNH9F+mcO~ zw)2pNutsdOE%%PDeltyv{Mp#f>xP);mX_8(i@T-Onm9+_)TyITBfV|?667o8sPvsX z9pwK^k~ONwHm2Ro#|39~R$@sH$<%6HU3Q zsgB@VC?%A&l*RTt&FOYQ&q!^+`iecqErDoWrj*R@XRGT5I>!?%jgs}_;chnEGH~nk zm5}_?e(aNI?lLVF`#;KuiIJO(m}A@~NOG8`^Q;+S?r?*V>2k#ve3sm<`7?_Fo@-%T z26@9TelUIEr6zrUeJE3Kou`l`8Gu%dK3eME;-#Ujbxw)SIA7TqN##`;EUQXuTA$Cv zBEX2iu%50QXLIa7sT}`Q>3OxOX$tJ>h7HUB7xQ@4aSUj(8Gf4G_MbnK9)9rhQboME zi)8a!<>5_|X2)-Ej-uC~f6qf0Xi6XD#wixEKTF46${eGt)U(M|n8;SA0FGld%PQma z5-wfrDdF3pj7HS3IQWKnP~CbZ2P{Ts{=z~CzKLA-Pf6|mJXyY2pKv2qb8R5Q3i}V3 zWLxZLYLsf8TXi^QN`FwF;ZuHM9IDv+>h&*eL(j|V`$k@n$LTpz?3d&z!9_QURk`UY z;%wGQKfCYw1^!tt_cTyOk(0bw<>Qms4uX7hEW3{ji;8k{emxs6FSQ{XuS7wzv6*`} zk?KEAtqw6g9bj^^wcF+#h9{EcZwQO>$}N*V(VOb(YO92?CAeqJojivUVAi>*uT+m4oiQ%qalmMd%I%O-3ZTy=h!{$~WE_4TGqxbjeJT(R{f84EV+}1!-t)RH(-Y)9_ejaQTf!I^UtJ4MOSqhD;a#>D%D7c zx4v)-Xr;TNF}G|WYo_aw1e5*?^t`PIax!RlyFve z5Ndh92pQqE(vpv$Amh&(zeqz32@ma$JP|z0BVmDJ8;j?-t6d%|aNZx;Q+!WQ&_)rx zzd!?vo7ag*d}AeJ*XEt&#h*Da|KH~-K!fDDvq$EWeEm=E55I7@zNie;60X9Vs~$aH zJR(F@`>IE!Io!D}K!-$+^3h`MO&muam4>_6ELx>MDKQ!O#K3N{2;HQ;Y?Ak!}NiYs?mC*NUxX^IaXT*0BE4NbAY+B@W zu}&6Ip6*^&a0oe(3z!{5P-KY@$G#z-I?!A%DkaO(E^O8?d>=NlX(UAlF-=lPEpsTO zo+(W@xU!Np)-TbF21{KCGaUb z_G5X_kjKik-b-tjC@Ci-q9k|2dWp#wiw_M{hF=*Io1)and&q8z5E$Vb6kCA;*7{%S z<)gmk5$A{d=ZZrlSKfXbEbgESNw&S<(*izg3aZtetrNxGnD^#}vM7!BQj{vMuEXdb ze-vYt;94PfZuIzw>$ACF1E1<>iV!8zS#tfk^v&3KN0&i#hiF^JAGD#Cg0<9q>>Oy+ zpT^=4ilNHF6QRY{TGhdsWVO-ZxqBAZChi+VHN+nVTy~I(#j`D?9sf*D7@9NbLOak{ z$>~3*IRC7zN$KJ;S2FLYAJmejFZ+03rE`ca(GnZ1-q8IVRgdQFEa|)%NwbX>Fi#i$ zdE9I+f=<`p`+r%d{C3tb^^or`tWqCl%$?d+u?@UbXwQpY)ZG7yKZhwgv^hc(*if7f zg4lkP<}J3n8f_xkmv2ozr5pY&_fh!;TLnFd*IBOBrpkxwwg6k<2Hv(?%O^w0WQN97 z$(D#;EU}KXTyinK(#0u^;AR=Pu!h>j+YBi%t>_{9i!#Ad8GJR$%c=_#7noq`aXp@rc#n!E5sUr>ZZs*qT(5*&Ut zlrd)!A(UU-9a=~ z)!()giif_#XN?#eT?|{BPP*20t0r?XAYcO&9r|&HN%y_6u+jI-@=wAuJsv0MB=C@b-QnBfQPPgj&13#wF97kMKkA?z zMlOXe*EAF9Yj)ZT(71czF)tKzvw&^tx2~qbq$d?uw928^f!OG&ZLSDnyes%)?wg!r;PtVZ@YlK{ z;8&|KW>jSS0yuXyImh)9^6Yf^k~jpvu{d<$vfsMeaWWg4DpEuOiCR~B9bX0)|I13w zlvlRlFy!G&KwFXR&&MrAIubfs_-C#?@l#@VES(NvpGI|K^)YX>iFxA6j%K`dw|X?C z?W;8TpVp+onRqYuw3O+~w5Av`K$Cit{@=vDSWoEB81go$O;-lR%ezjzWvGp(i62CX zhCGlfm#VW|NrOr>O7d0wfyTDjlF)Y}_>*t!w*^U;`q(SE8>Wf{=iyljTgY|i0X*F9 z)63$nb=`7!O%JJb6Bb&$^XE47?xN#z5-Hyn8naxUDM^9c4N4$Qs#=4ea~==wi$GIM zH0tLsal^kV(y8H>bj0WW+OEIMEBIAw=TqoGEiF_SSC20rWG@+(koeB5kD^2(^BZ3E zwxdbi7m(XfQX;TDH~>YnSl&_B09CDyDr3;Kjfr*1Z0tl~GM&&>@XwiZTn=Av-sa`|CUg@#ke?J^u60uC?8wsWQ`ZEgLVDcD zk8Idg`%v<_02;{$i{xn2+3Y{u^~EOJg1MHNWYQVvPH3E@NtPAU4XWxn_tz1>8h^7i zH2)Hdfge3zSTYJi0HvyxDo7L(20&wSV&XxkP@eN}jCHPZf?O34vo{U3NT2q3dV}N% zL=vzT1tehYe;ej43P6L#V$gRWgm_lQ62X;sK>NGP!|vhPbaj+}Kp}(vyi?Oie6?P& z9--OFUxbJI2DAGzHYwL6d2KCfTy?e2lCzmKhhwD9TGcOmW5m?pu0+zcm)HF7I>_X= zAvN_EO5@xKQLwNNbi6nyl0cqK9PC%TH#0)(rx1EyK@s9I+sUCA`8mvpL?3Ppl^MUG zTzwTtEFy17Q65W2j+)7^T&tYRmH7=7%Eoq=VNUQURxfx>81s{?UUTOShD!$>_J}Iv zo0g3EB6iojd}3hns05;Btia(&D#zK@TTkXx>v}%v>1s?H<}XkZ@6q+=Hd~(h0*!Im zIiGCTxh7cQegfZI?0j^e&0*zw+Cgz8K5Q%UyU?|E**mO=7<^diijte$mv=lfC9s*c zE_MLpEvO&7t`FbC7A0R&H?d&UUbT z?HKiBGF82k+%_r2I)=u_4lZAKN`q-FoAQr6yU1^rLTGI0biAKW(F*s5sT0N=DTp*3 z)$kL$-9j=%W``~UlB`k{c+IYRs`oxUr6Fj1xZb5GVo5eqT{8Yz;A09$_l^DBu`^+< z#oruj@mlgVE*(A^4hqt#xTakPhCmp~C|}P-!lz@xwZHUEFrz|)Z)kzUnet7RfyGoN zM)Yd<(r@Ww72Pmt1_F!LM3yH1X#Cs*R{E89a9@uNUaiVQK=T8yz#*)r2No#MGE19j zz0Q2VrG?|_%0ONp@nfDTG51$(@#Dh(uAZWF@r;P^y!MbuV=6<5C1-UN(!I)ncr#J7LDBi}AoL{O-yAGv{Va0w09x56R!22l|>cbiFcEhAQBwy*f!XLh( zC1O7XQg5ZNw{=MOuk9=uS-KOxS|#Ir$t9tQDkhux?3%ST=eTAi;Iz(QHk;C8`i#X! zp=Xqwe2^BvJSiePWEy*T@Ah7!LTOTvieEY1%=K>~T@kP$C^5$a@ZdXdQ9F(rrP0d>Rt+;^;D^95K@z0FzIHh<}cr} zCUwwuo;W(H>D5?!DC9;ECXq4Ub26XRc4`?WcT{Ef_r6x*3RmEBIhq$l*_sRcM(1Go zK&?35Udf_3-q|~_Ge(X%1qq8I(=rPOy0pvLd0T~T(z@3U1W9Xx-eQ*6S8dE(!(TrW zHJmn=e4Oml;jY7h!jg$zKxJ8CNdkVqIBp$GwRrU|{;a#iP#?;?;t(kN8c5^^f*-Ay zsQQ*VNIZ0Hjb9`rRTiS~7_7((IS{7UZO@z)t+@>@oNhT%#DH9d_{tZ)%gF&RZT(9L zz7HZF@Pqniu?Nrl8b>C)7slp$I(w=83b%vr#q(ixb*kI%@t-|AGMsRYlF}iou%ddM zUMZWyGElq7Lxl86Bl{pImKRCB<>|iK>A1fDd#SroZc8>-UgnAnajuA% zno>j=_27T^N{#=cW%8s6Dy5p2({twfl{yqbv+aHXEeNEKCAlDzjM3kZdnZm@e&SzK zb)XpeNMXKb(e_<1@j{_aPk~Ken0TmP-(3)UrxrHDiGX4-(hyG1!$bB+sJ~w-j9w+F zbBF>~%7Qn}&DDX1Y11Dvw%i*RL~><^Z;8;Lb;!RA zR^DJxNKA3EqSJh#`^@>HHC}h)4F=5-yd*m+u#~n_ix$GhsiAGQv5wcsxLN;!oFlx}axI?Ou&w!R0`Y!vGQaM)=rrrWsv|P)gcak*U$M6!ZeI!Z{-Hl59K;7&<~nzfrlCW^#HgS zkL}EmtNAU_9>7`%ZxRwmQF|{h0_@bc>AeNR%3FIE$dr1S??c=EZP6lO$)$wmc`ZuF z+5u1sQW^mdaji!afK-e-argF*tAjd$6l7GL-DW2t%2rGNZ8@UI;q2dP=)>@QonBpA z;msOuwR9d}9}vKZ0+8p&tbTdsoCyMlg3H;p`xP9bF zLM~i>&`s!C$L}c!lptlUn2>SRLBp2Ad6$gJnWkAt z{yHoD=TS?*wd`7aMlFfTiShH})5KzHZ!tOiE<T4djd51(W(rc zfb=*>xul67B>AfCQ9lnrG?v!ZGytXpNL`OoK|pBHaqtBab8W!GdL+O!H31{dFDNi> z^M9u2(Dp1YF_CI&ODO$d0pO_sPKN2`i0W=z1_4lMzC40`dd{0c)l@ZyJ4B9e-O2Vf zT%QP2oU1Zfj9WHpJc%#f^mD z6g{wc5<`Vq6V_fnopudj$}RBVm}Od#;F;r@OB$UY))+Pi+XrO5a2w@ zfGq-Kt#Y5cPY3`_2n32|fIt#(;fy05+8k$91vl3LrJL8p`*apnJQMqKFod~kN1Gnq z2zYgqt7-!#bf77^APw8}VJN|-qFg+ljYLNa7>uOG<*vHswv)>CknH7C7&pasuBB5C zg*yO>w$9f%KN1L@yFM6v+M%_wvbs7=Y*7SoAp}4^y4~b!S?P_Xc?6{W$5pwsv9Vb{ zY&hyJXGvf;7y^XG3UvQ&V@^tsi{{K~oQ@g(oJ`D>MZoTCq?Uitk{HdP9}*!);B*e5;S zn^h(aN*GyxTrzxlrVV}u?bScBV)hrCQUFf%#1G5s$1s9(BPa{=Eqa*n+B^ZpQOENM z&8H53w?`W{@tHM#193MYi&pF0;zf1iU6}OGM@VH{eEcIS7MR_Q*F)Q4I<`0l0f`2^ zbOau%ew!+`5~OK2!31WIgqA24Q&@8_70KS=XbWJ(|J9xkiuO#klcp}48e@n_!OP8% zr!{oF1aQ(aw*wt;$(|6=ztsM1%RgFr02u~g8Fx;u{C_jfUsrC<0L7kT~atwOQr`n#;gfEqaV?)mcQmb4B`Upak*wPRPF<)II zP-|o<9>D6JA#_wVvkhVygGnL0gv(|)q| z-y0}3?K6MbiId#8SN}!PTS(lFZRPQL?SMKuIFu#?M7zL|o0!n}0xGx15o}55_0fhq z2GhFM0{J7p5yMKe^}kOUnrWJ=kjLut3$VzZPMsI%Mn@d12NyM(1wE63OAx=K)!jI4 zae?-Lvp?dnemP-MfiOyvFFror>-1a3dN7$Cg5g8~1VB37-p&c8GktIe@okBV)X&lV zOTe&sUMW`h9QHVrI1GtN9Ne7D-z>?NUsk}bqIxB0yr|xl#TAbk@TX=x_3rhGi^G!! zHb|9mYXi5eyGIn)q3Oolnu5pBx z0zEp;=GgE>i@bV%CQ$GF)^GaveQv4F8En6Q_pAW~0u5!% zQ~e(CC4i%TqSf@twS@Yprsa;+_o{;`zobNL6NWW;QU9PAh;3Y}Wo9{G@|g3aH6%{r zkThe+OtD2hs$D#q_kq;W#hDlC`YeBC(sYzv#$6=_9dF)8Fe=cv1$ZFGe?F*ec>4mN z90C9$M|Xr^nNz9IeS2h8c~^5zaz_DdEWN#j5%9CIGL%mq;Y*%r80@vnh!`C|0FOuP z{v>9`DC8a{3fz&+Vq?-HB}rd@achfg`vR!xFYGGRdjhe$j1$0KyE87A#3W(q&ntU| z6@-HK6RxKD$tgtj;D`ci9ISu}!wP=hI@4E@RF4xjUQ@phuzmldYNZM|f9J6#T*egh z0;DP+^S?a~5&L+1bpnhJ@VkKf1}L=zgZtA&5oI$U2w;J;83Tmm{HMJlKvpGyKxS&} zseqp_SxU|?o#3k%e>b0b{p(f#ShwbH07oU zGkvQ061$go1mwVkc*K*(KsbLi%sX-b1<+x@X+wujS=!qV4EPp;X$D`jD?FOEc7cOlj& zK@yTbV~fvhwc{LK1Bcztaat(bvzC;XK~JKB9W4o9@gVTPVLiL2#CVR16t!P{BbZ?i z^+lLdX8Lam_Sg`gpt&-#0F|TnATlA~SO0QY(X8k#v7%6^ z%Qn-~t~LsO0KxFrO%e$eFloVWNarlp7e@1p5jOwzkU;B0*Bxm&3|yG_16i(hYik8N zUk@;`{=2ei{V*n>Nu;>`w@7in{FWzjk2*!!qu#3}dRRXRh>kv?jrF^JH=pXrA{J_N5#&-829`zeS|jeKbZ&0yl8 zIKvDh+&|TO$=MvUBJiz~<+E9)O=OKOJ@t$&{`V-I`5)tD6UCv3nte`O*7om|w~YqizHma6T+I*!z29K zAxxC9zg1`zg*rIK7M}V-O=rw(hwa`v;n_gu9yF&N1oqlkxmCwisO*nNwRSjEy^G%ei9PA%g& zk2MtNRCp7*aU_b=X$XP5tMxW`mEK?rJW=Wx%an*sqsElB+L|fC@KHRW;70+PmHzSR zriniW559>EBW58NhGi=Ca~Xcz0d(ykQZw0jYX|WAcdM(bRwu?s!Pr@!qf(Yy%g6Kq zeqS9j=yUxRsBLZBNj-_?l7EEqEb5@ z%s0gcgj{BRL`-cW(Cr?M=Wk_)oP1nW10Se2$mTv@p)RpWOPh|gVqR&F_IcEMy7fQ5-(8!4zkxS=$$(XrvQq0g;3{u-9KtAu{VQ|X+pbY%^RAwO1KL%cA_uj+4tEVZ?ACwOqUobx0Pzelo!dEmm!8B0P5 zVVa$e$G#`O3j7O57f0SH4F(s1mR629RA^FoVy@N9uErs6AThdPp-VkJ;aBApBt+cK z&J#6Am7$FIF9%EtRJ|;N@=S$s4wt9&%bN?RYWVDtIqxl5lsblfAH2OlV7s8luDduA zh_uv+B-8u=6gfS82IdNbfvnK8V4UZGDwK(^q6$uNk>wyhW-?3yC$OffK4x}UQ1w=8 zNrDqJ7j`Khzmq7qlM2**qDkmgary8v8P$%(3@>ZIz z%%?JPc}hdVFvl`?De@2-i~jlL<7fep!a)u8Phv_Ws*e2Zx8lw`09G|loxb)Kaf}x& zPn0tI6Z8r(F&~F?E1);?^o?`rKcdf|t(Qzty0x>MWnXdGDRsb4ap(yPva=cwUlneQ zCs#=dscw>}vs3J)?B71B7olUeq4t}#i2PC zpr#r-Fv$Cq?y`EwU6F#_RHvgF#Gdwv$eBTOOMbx;=3qHET&umTi8?4+y+%4!(?BQX z?j}|OlSSB6ALmkmCXOC*+kAuzh*znLS;x_x9pQm+xqGjCoO!;q}3t z%u_K3S4f=`q2MGB_k^x5+&*{o?pi#OC#U(U#5BQe9GlZ&p`Nn%zAYY%dcN|R(p$kGkTBO$*Nj)D1&Qfyt7Yv9&T+Yu<{# zja(6>e8w*u5u|usuH)IH`dV;a*)Df!ne=`Uqz(?$%fl1_6Z*-HXyb@0RDA+VTVRmq zO;0KLKv!ZY{dA=fET+f(U|L2-hMuQtLTZ}XQMg`QeX6A)gc()G_&3uz*i&NAT7Ktz z939?Qm|7l#e92kWdMj%)IML-2M#O5s8wsO%o&^it^|>YZ6pd|?WSO8m{`gV(d(USd z*SP0hWo$@Yy~i=6gJ{0`>lh{_;PU0F6lmNl=KQH}Pu^$Kb$U=-_Kttr!j`_-Nxu-OKJ= zAF<2$M16Wn6^xZd5N|DWj_2UjqA}*MMTtk6fd!MeW3sV1R`S)%+R6Mgr-pA}B>_Vm zBh(KaeFx$O6Rpgl0B=^S+S9J7U@LbJ_O~Jiv)nQV5~qE9TZ(O>E}U+-kla2|Fh4TU zG*;!kXO~Q>n_pB&`Sots;%MF8*E9Isx@Kf_@m(cLdms9yLl*=N1ZoJqPY(CA%V7=1MxVh529_cCBs^lWX>@z1(RElB+ za-SOuJ1bh^H?{Y7nq20K1I9-Q*fhc1gI`)1J1roy=IqqnrHjGOFU%cxtL$x7S8LMw zrW+*9%_EQQS~7shr0$~I{f&_^1?!-#@c9*5^UXoVNlu9m6WL!vR)HikyL!@NL}TX< z%vehg{12Dk#Ex@HywM;Oy3hXgPc}$BXc@b&Kwq5qwhog zs4J4>gS=yS9Jp^K5Y1O5e;&m{WvGp&dcohs{J!*>g*xumo^}_{K z#(K_{W`+Ck6Y`!FO|gcE#}~Cgb%&hsFec-(AF>dou|YKHh3^>`>A?Nu# z&G?eXrK=|Sr8&NMTtcPxtlx*wQSnF1AL&ONd=ssi8B9jsUTv$BJola7^7ga-(kRZ_ z%1wshZJ-W-Z8q;F40E$CHhPgDIByPuT;Gt$5r#S>r@Ax8dua5Z^!2PVt2kdmsZYRAfE#-p;?dXUzG@%CC+k?;wQc1jSxu}SbZ;L`{0WBYb?>c$oon8h%h=fv?g(oRI+$|3<25-WvZ4 zg7^)<)h;r4KsC6#Xi?RMaQ+x(?$mmv#3g@ohR&JXH_F^e{MRq0F>iV8!DG|(ux>B5 zv1iexOhORYtpDU>UP}N8B)3A(o;p}{1fvJ1kWkEDw6tu57qT0z zW;@cC67|@H9SJ$r`pxe{pz}%%#cKoFIX`cUCnkRY+NrzGEx%+vt>)HKEU^StK{Tg!TIg=P|If}M>&+_3_~Nv+ubt8W17GbIA`dynPC z7R+lO4Gjo(OqYPplB}Su(?iC6cosutP1REl-!>aJyCpb~5|*+=$WVE`vCm(BRH8E3a`zYuE8BnNJ9|E@#a_C#nLF?K7my7=kg%L($*5lU<8F=_LbD#3DFnI z_g-5DS2659iNoHvg%Dgo~qR?_QUUZi&}DGw>z`m|Z#O-+=z|lz z=dfjeM4$HNx`fKdbf8Fx?v!Gf)b%Mr3_WU){|qfbw7X>xP#uz$*gi@JH$|GQHgvK~ zWASEd?l~~DuQX9O1sRL?F6`e25Uc-(-#iGT$+oQvU=5bZ6wo`W{fA3Z&kK%!N;c&9 za(C(8a>upka<82Vm{n5q%$zz4H$5^QwiBP49rsv0;dK1b9Y?<2>{~2CX+e1dH1Ucj ztxYjyK<_zF*)=dTUVGtvlx?Sn8Rqeo-D@-D_RQRV^+YD)CwQ^_1!$sw%l7znmO4v( z+=zD6lO6awF{x^kDdsM|gwkIv_Y`+|uxWaYZii zy}n81h6&mh9e5o^@R?s8^=AIOU2bSG2Fn#NRPLdMV;f-nnKzW?6a74|@fhipDTiV9 z9?0OuA}j;LqXv&1Wt-xz=9?X>%HMi^)Ux}1?~mV9@0PW}KmA1$=gqWEAZs6eck64s z{%O0p$Mdv|z%ypy@5*H<2wuZ0WpZpE7N7psuL@S>m*ge|$zFMF?Kq47KR@Kctwc70 zS&?Yq6%VxNfi%wzDk=G6~5ZBeQfLm#^-dbd`GKw*%YLLEs`}w)7 zxZCRf2LGJ);#>l4+M$ncuON%Aei_A%OUC8iMz?61a*QPH!d5yEl8`n->q*>T%hM+( zC;wvL8~zUO$^vq3BV_m6SYiIrR|TT)N@EI9$Y%QY+!Sc_?>y*CVR`VpgJTdr`Z8MdsOcDa4U4&S%KBDQn^+* ztZ6tMT5+=0U=M)iJ!ih2zvWhvO$~l`E-u`hh{enY8Qfn`+UV6_@=R1w!znPR1W-b- zHZy-$iZ4|gEoelN@FD61P*+)N*tO@L&mEtI_(qB~Us+?2ampTHK1UceZY$Uzb3C)v zT1%}bhckI+jIIUKP?rfI7Sq4^W8DDIve8f-fkdkyE%}wL;>p=eXq0%*~{hc&{z2@ zq^>L6l)O_O_0nsuE3*P=G#(|qgIpxBJj4)!iC&>kSWZ<%(88?VUfuWaOT4%TwaXFp`^pPZ>XuRe((nw>zB+SC{vo zvwE=MM69L0uun7ui=qRF)BhIy>^W8Doyp5TzIlH+F~M{E$5Z0dW_zq6Wo`R8e>Ftg z@|jP?a*~<7?`fUEwuJC-9Kq7>j>sgu6wH46OaYSGZe{vC(jAw|L&v|xP2+`@3C_+j^4g8w#K6RK?827C{WNAt>fl+;) zS`#_wq2jI-1ABFU)NehlhoviLv`gGDe=)~?;>Od}6xqFa^6E;jOUea@zrBu%YCUV6 zCtknx>u?ZM)%1U1(azU-vxDnLL=L2DU39t2%I-&tdUMS#*nJ=vEOl$N=oZ0REC@Ld zuD=XDIxd^*Kf07SVZ0iKWte>8>L}+?>S))zkCH$>Z<| zsh3m)A7R-=@VNKrC?waCfxWP`?M~*TZ?)u0#pTPx#+&CNE||llkz{st;$l9Qasr~) z!--cnaQhXan1zlUzI+8v2b@uoi3x*GAul$K?ve*TEn6MwNKm-0YKfwqMQ~bJ_&)jo zqJeZuC)n{i0t)^+e$Q7_RE=jOUZNTI^)kS1` zdw1>aZnh-Y6M2RHlRx$b;+KafwVT}_-h%l~uU(LhAUmEEn-MX!oF)r+>^k_UelC%Ww=>pR&+m}`wz2!%!#zoi-9(k{b ze=R?~bQDQ2d~49JDu{V-Ps5zXdVm9ibPUVDx2j%l*~-HS0Vy0Ays?#vm=?3;Hv%E! z(S^lLNSaWXT*b{a1@Gg7`9ULk?lSm`fDjx-9=P>z`rT*FmG9x@ zdTq_TsEUE^(1)#eX>$RGBK1!Yd>(qPseA4Y#<7BK??%{LsC1_7-%<%*tOronEV(YR zQv15^5fYWBYwF74s%Y1b{c#>{>jul-QVz4@3<1&OR5jiXt%&9M#9(E;fbbav=xdn< zi_he6PhwgcqudwuB4JdGm?@L?J&75tJqwo)*h%I&CgcAOJT|)cPEzP8-&*PXKgQlV zD(Yze0v#lzyPE+4rAxX81Q8UK?hquUySpS6kW@fGy1R!|>F$zl>3(Ot_rCT1`mN_$ zuBFWIjT4{T`)ppAYUj*&>JePDM0!yFN3yWhlML^_Bx1)SrSOvDDw|_lFdC9f)~NmU z)@Fr+-v_lQ$bku-t=XMG))2}fN53@pAV&Fucl|P)b!F!G`{azaY?2-i)-9Up%4MtA z#GmIST~K<@RhJhTPibF@U31GvQwB`l12_Majn?z8w661Bm*&a7xkq(faOoY@7KMe| z+4n`m_R@py@@&w0V=)k%eF|a^`+4;=J_};`7#jchtdXam8xr4P=mus$E!Jvx4*z6x zeakOHp^YKScpY9`L)JdaOvuW*pXcU78@#U;EWVN*_|jJ=mxHN7|e@8d{EzLH-oSM zflj3>>OL#P9B(_+2l=XPxvF+%U?jdmJxTGsG8jS-BiNjs6%bf!@&Rv5Zs+nf>eR1tuwzComHW0S9OCC6c-6jF zBI~S%^Yb}dtZxB2mXEg}Of_iyiOIk_zN6AfGQ`W_G$;#<7VzST1mlf4uw(9x^)AK8p)9rCFRY;cW^YnwWST`Nj!J#dcsU2q$Fd_r0 z=LBnM{4qv5zH@$ z*e=liM4V)_dlAQQotwjym6KD{?hVI#hy4tn{Z)1JsR)M5dxgbvXD-^C>4THjW?C*Z zY%wg?`E%KU#VpRAHaX%zgl8E+GjNiAM#&yc`6<e9!T#Kfe;@Qu^uyG*f}KjiwQT)X3E)rA#2J}d8U-NEs8 zq^0+_;=11R->>cj1Z;0FtqL&Zj!aJKmg}yrlxD|#vP$R`2}_!{9@d@Z(p9xMK1AK% zc0udv$)ebcOH1?1Xig#Rf1jUIhyApXBp9_z+19E~UH8y+n(|_9j1uSNhbCSBspuz> zV5#+UCM=y_pH}Z^$0xb+GU?*dK7~v!2$2C7s2bdQw{>r~MM73{<$>>vhQ^si?j&}= zl<3=BqkO%-PAy|Q@QrzvMTKH^y8nTlhk?h()?WWnJ*)h!+Z48^^ym*(8oQQbe0_41 zdpI~A!@b=LovVdC1@IFfKJ9xP&dSb;A*^n%8m`~c z+}s^S%?87>VRY!3Uuz}oFu>!*dZZLde; zc{VD(xLx0qu1>bL(z%50Rm~`lsox~BL`W0mMcX(oS*n!T!OX3GC1tSxVqhU$`~F#P zBry?0+us@r&_MilRYvJ*L&N{xPJ~AJ%%Ii-YlLsaZe!3Ed;0D)sj$rF)J)tCqvK0y zngXo+N3*!s+S=!~7}ja0RXm`Ht{`qh#ac;R%! z`yxd|y)>SDAlNb2x-8(7O&KNHh^e{i`$U2wk zIjz;jRUSPYprQl(r@GZV!Jys3f+rKj3sG2RFRci3&C(<>d@tsIai}aXXVt_p@$3ft z9((G0drW0iyLge!rmCwMVLQKiGK@nu@CD%=fu#^g)@}XWEu0{~+OC8jw{owHsu701_m;Aon0}6V&hp)*E5A;FM6m`Y8qQYCM#deLkKMRjvitHU=4*sQ zEc-j_tXXTxm&ks{Ra6m#WPaWy+j@g>m3DfYVpCmh>#b^Ds3s4b&%a-ja5RoA4Q5iT zyR0b$1LF(dEQj-0cYaMY5X-_fT!KcZCggsE`z~DHRPBpe{vJ}XRX*cDE4|3nO5x zKwF(jO&zfBn|6e#eO6PRh)42U_|hB;re{a}gV`hYEZq2a(^dY3^}+eGP=<2Pgh$BQ zzG8}8_jK%7i@r-*ZbcGa0#CuB?@zS8Uo$xmxv?qN)Yc=F!VijlhtmPhEQ*rw`1(k2 z-a~C_&-`@fW0HYq#rQRm^QW)nr1r4<0!%eE)vbZhNduy-^;g(W9&^G?THQ+eT$D#o z+?8;AKWrYElk$7Miw|RcjYz=f_7BLeKQj?<-QI?y*KGctu6ZY@U&ysg%YWSQ*n{hh zMnSQ&NxS#UrC}C2)3|Vto@m-Y8fuGYSi=RDpC`hx#DU#lF4vy1@n{rzA`yjh~dOS34Nw< z#*>dQ`EFqD;qo787EE>EDtmS`b6`$)MxGK7sBRp(4}vbN2+hTgWTx2x>9B<{m~$iG z%Q}|JLam8VkWz95MAOO&3y25_oIiCwA`a{I1975p^5~Y7y7%-#4afudt@|9IS?}q8 z(HPuJ<`*&h?8D>{9%i*-M%A8s4j%?STt9W$UuhkVX!eA4gE9c|DhMW`J9CDhi?xz6}0qlQTux&CKPKAFWalY(J^!#)e1Rc*@o&r-&rp z+hAweKlX)I#ue+{B!xwV`bRdv4pCZ`!^K{1Gk)mIZwEQOUE|J)&BhB_95pq@sVA0L z()cn9vh9am`0{4P`&ks&sWAC>3okjhop59mw;z7RKu_zjdY@dK+z5R}N<%K;fLzc|2@A6e}#&5ky?JUKte2b!f~ z5~PnTF7gPCwYvFz1;M}>X?%A48_xGB*rnPS(j)W{P$tzNIbwzgZSTRP@9o|f3prCz z9rqa-SU3D7r=_6s=vO!P!!dM!wnI~))$Wh7KpkpF^z|44DjSLtbh~No6$&1)VgOTk z>>~_P9`3ZHZ;{5Ityi)rV5Yh^f3jTOY_lIuXp>iCvokU>jwpY{Ekh?2T7$hECu!d( z3><$VtESc)kF89^popz!N{bn3hOhc*wWDW@Ga}E2oPj_t?N=g7S7FCqN#Nva@Z?6Y z!I7-$4akd9a zNKsix(KyM}z&RI1s`c7RE6h}k`n7^hHpZ)Mp--`_l#iTtFlrldo%coDn)N{x!|H=t zAnEj;A#PX^%qtA76O7*HT#HvtO}r|^#ndij{AyBq>3KeSoLC_Kl`Ct5M&P56WU+2r zIT3UbRucCcPBHOvp4q9UUU=WMVyf~-Ix>G9Sd~uiL5}Ic`ryr#WS|Njo~M6@uV;P$GTJunMZJ?(Ec{3qW?=Dbq_~+ipyWtp_XbHjgh;G<5=d zixgF51oE+q*LXyUt2qd0xGsTzbk%QUPyy@xP!mQF@zQ^ABM=Pp?q>!?!W&CFT8*VE z%21N{xIXoa8h+EnN07}cYOI1>-llnM-jyE`a|8BGUF zpitx$7P4xEQGT=%R@GOp{D24^5)k3+I@uZ(T}uWScE%=st_IhGg~vVFy>UzwcUMM1 z5_0}4=d!Bc;e9S{pTN`tyTDp5?|IQI7SAN3T6aboH_UBEK+y?g*hO!XfkINc&x;7^ zRs$SthLb}7h2pEOShc-tT29=@IhrQ95a_Rp9~oS#MN6?VmY>n|Nn+6S2;mZ*K8NQyc(t+H7&H;efxoAoe*{J@86w3aGuBQaEW;jPlF$fli1&0Mu;C!a3oI2H3FFH-o8F* zAWI7z9~w5fUnFM(I>6)`8TS~Onyow6$%Ia!4(3`5c*~mr{*YwZe5O5kcNodXt|LxbT2kUNY zlM9lv^VqAN1hTxyT8VM-@egWeKQ=Xq{aITx0)j|&rxQA|q#1KSe-$XoVymewJJb)g z`uc+DrIz%eF4QQMcX4@Y+j{GAvNx;I`ttBjzmyC>wBb}AnvfdjqdPlcKzTK*s0bS< zbhaO@_8e7a-eL#P)AR5UWXpe)v9;x#vlSc}9Yx%^aJ+!7wyX@lwB_mvXaWP%_WI2m z@T#i1x>0Fq)PMf`S*rNO36G-S)Ar_|l<3LIf;L_6Hv$D&Ic;r9Fl3lmSmh=?xImT@ zf+v20-{8DM>Tqx9_P`H3#>v4V9hmOkU%%i$%em~`FVZ=nxo9Vnu1q_+alD-HQlcHO zU?33CgRr^bQh;o;MOZRO`sJE)oH+rL!241stk>Mkj8Rv1_FBq4a8mU&OZUj`PA%1W2RF<=2BmxQwgbtdHxjoOU!?MsJc8&9H z08d|TK1d7LMxx1*z7pW+A)AioK$^Y`0G@S$GI%oYyNCtP8bH(V0;>rz@wjvnQFpi3 z*#@mXo0FxP3seHOb9Kyed=i&`h=9%|JqHJlldmi1*GE83c&YKA1)gN!6Am_; zAcn%SCOav}mVr8xQJWu9-QS;VryF*=Q#=SIXE26cKtGM!YJ&aN2j~I<9WOTeU%Vxa z`y!_A-fh*cZEUOpx(s3l%T4hO-(L_R-F6&5IrEbu;gec5X*soJX9|viO2$a zw8%DIYAupy;OS4wP$6Hwd?Av+M(}(dM!Dh8MZEGQVRzQ%R>k^&>Sx7!N%p815o_4gT)vy#Ddf2fB*Cu9i+y` zgO&3H%x%?=TToV+)OA#@tW}B+3JO9YCMFIFN~;0SAk&Kv|GG3+9Ad-%S`pR zxHKK$G_qHEdN`Sbd6`Zc8X7y-RnK0(ejRD^mNIQKO~m>6{VkAWvpP$zuC9jo0XQ#n z?IUL9kP~h~0@Yu{av)-jaKP3z^{{m{l=9Mfd9t&;eX>Y}R^A;@iyE`2X^s{N27DD< zLRL#lE02cg{pF>=#GyN_h*Q4ab>_gT>P}q_au=l{q0VA>80$~qU&gII9K5s&Xjal| z?zILC0e#yFqN1n1V3Z`VZ>a3xC0#La1A z@|0#FUiV_&5_Dh}pE!4hg*C)~i7*RFeWL^$j!8=BJMlQ%#h@=E)essVA4f>}0+DuX zIaSa&I33x>+29Z$Z7TlmuAlzx>sJT_SlRnBBjC(1f&0*#L4$0L7be|#u5JgzV0vA< zAo`SWB*S6geSpTv+YDrMA3zZE41}+lYd=g^pdPf|OC)mY6&UDI^O~YVHnC2gs;jE{ z1L4`A-C3ZsQ)LXh61KHegOc}R5?7nq zvGsN^n3IPWwk}LH#y|4Khd;e>3eTShEFScT9yAfX7P$pGNwdb9!mo`|OPbH@w;yYS zko#XIaC=I^0AR=ufjF(SDlq_n8BLWLrH>3O#Wr_0KLh&>@*wz00126Y+fWNv>kXl> zurN8dAq2v&!&6>~AWlO3fNt&**o+wNdOv^uJnW|W@D(@+R8&-I2L;$3v!enH0R_Hf zeea2>R=2X?d=OCgT>%t8H{gar`3yUzC;QwDhk_SnBg3=AClj1f@;g-!kIv_ULA^-R zzduzlTccF}6)`H{u>=lo$O7_+{V$GMrh>jq-cZ3wAFNSjUVdQA-6;N8r%5@;2D65urNXmJ+G?p8!*7DKs_1Z zpj)oC*#M=9(!#<5xB*sHR==_1{F z#L%#Ea0Jt%BVve)qg5XJl}=`o6F>+GJvnhgd;_r&!8$;A&DXEFLB0SOKGkoq%wD8E z#gUVf12Wop1%-uiv9XZUezZ`yKX49I23|*~4vvoYn?nqpU0p^Ohs(*rj?D2135e(- z`&rBim{}qF71&g8vgofzNxA{;fe%gQ8=Qq4{-A@f$gpxcHX|eYKVe9ml?{Pv-qEEd ze_&Wv>R0Er99+x9f&vigf8O_UyA_DDRnbhzl~z+@mB4w96Y5JK$Co)6`9a+qx3M2H zZxjQR1?-PFJ9~QCx18E+Yo%*`;>)QTaQgMWM-*pk^$mzCY}SL{a36&Hf{tbJ?Fw*BTOuIOiDSVMEJ;)K!a}LA) z`2zIv-^7nK~g*bv2+~4Q9>l^^J2Y5Qaaz8e|%X}Q`61a>(iZ3pfe94 z#VSq0C%Al}#vhnx1C#G`=WIH&HU=TGT z*v2B`gt@zeRxR7e$Os7eFflO^DGfMmfds_0aA0ag_naA_m@IRs44`%eYFW8tyIOxQ zy)>&WNx*U2hzV#nE^k}5bK0D0?;v$|ckk`*@6vOf4@N>pgFuMo+8@$+`Pt0Y81<(J z)B)X5Pz7gJP6-0WbklzayqoQ4T5(9sBlHLBgPAdZ{+L4AqG?1A&t^aTGnsXE3?Rm` z12Uu?wzbF*;8Z|ps%{8!jAT()P7q9-JZ%9<3M&^^Pni*%`@@3R?NbmierD5H0XDi5 zaQ}w$Uee{{=DKX2LZOz5brpvZ;SpwK&l%%*>~YDy=yThtX=pGC2#|o(R_^(8%=q~D z6aDPyCyyVugJ~`b<)9y8bY2c7dw_mY0^%dr8I%5WQ4KsDNbKj&-$TD4lJM=q(g_fm zB0N@^COa7DJeBm3+Jl*DEa0g&CyJ>`TJJnSV2f~!_czBpAbn(w2oSKEaC&|n9ySBt z5Ev8zks>26GbqlZF~3M2dermz9R(s>s}O(mNDj|SKtLe?6K*vfox%@`z`{ce50}~*kcz*79OnT9gp-R$-9!YcjmeMg2q{RebHgb& z3s&$jFfj1t%KKcT@xg>Q>3_(>iBwcj7?RbMZD-2{9~vEy?e<$uMH_yY^hbVph#=SQ z-hw<0^0lsx9GqS14O|sp?~9#S0tymjGF4=n^vZGSywT}LJve#w8TmB}3$M6e04DIa zqN1YlTXEW#NzEZJ*z&p^0fC&Tj{|`~+rpPu?HLtHob@Q+3r`B@f0{FqY? z3W1zth904FfZ@wmMHpwl!R$P%djx*{%a7;Ztlxn$BqA)c3^W`}8YJ^^aIm*O`eHpm zF1@V7<41*2#Zt$IVw1OfI@hzxx&a|yLAVEN2lrpz|d>NabKL0MJxWF=rrcppP z6c-gj4Qx}6u9xhh*D=oB-Fd4Chyu(jEMPDcDb?RJLg9eU6Pb?#c)-Z?Wqx+>B~=ZL zP>@48U(K+p7pj#~x&cbOinxm>Hk|}DaOy++I3HSXpMq5MboQ+p;;@LL(@BHXrS`zR zC*9I8ClL`V8&Cx13(wSr*>Jo6H3jTqT-un2TrC%fbQf$6umhJI>g_;MzCw3@@sMA6 z=Ti?TK7;tX3o#pjtZE2$5j!Ae4?%bx3SX82NmxNa0k_Mp zCW7UBHKU#`?0yYws|?Uj2h}9Nm>q8RJXaBQ@dVpxp!H{l2;(Way6~u#3{hH) z%h~0!RnXce{Wg)NwKHkmu2af|IsJ5Jg`&=QAq~B{w<(%NJbG7o*3flo*+H0qY(qvj z4GUb9T16DZ?WS4*tPy$De||RzP^rGvd;nqu&{NPzBRV>=2h9r5vM8Ijj?HP?aJR!q zsu|(OS>&9@ZWOoMy|{3@?E#I7WxLHcR2SaE!l0@L+`s9oh(R%gYyYpa4~)Dg{8#J( zBC$qJE^3;LMxa0lb~wV5v-6Sk$C|1?X5xkZ_Xm|+H#<9>+jX!p0kCKhzW?XOJCGT< zfUp}}oSa(y8BG4ap@q>pqCEQo@d?j!scTX=6YrDKN$Oy}B2Xho`2J#|F@;*cFm2VH z5}ZpNeDa!JG2#T`=q0=7i0C0p9pk}Q=}0HOuzXb77%D06A>%11FHU8UGL+E-@o4}= zn%i|+FYCRAmfo;wYDOc9zqmdzpXry#`=@{S`oL8X-y_{(v4EC-C6KGU2_W(p)(P+n zN!R_YMQp_s4&M&z)g-UWS4IH_Eq|?~P)_chh4&EQ30-8@1F84;EmNa%<%&mNRz;t$ zQ*%OP!84f!rzLCg=LZNnd}PQn+moz&hNp?+8-&(cSr}>jWsvDVHDVApX_GWPDG9eF z9i)%o1w5->Q6Eh_jjXN*s>DVF9A%mh7>bNa$q2eg>AiUwV5@*(S3rd;d4+V+C!mzPH6#+RLhn$Jr7R zAocdmhX-^doJ#+Cpc+sA910p!?255WJY~vNWucMAXo$E8)HYQMPnH!D+Z5A#3~;*! zFLhyYPQ3Tz4tV?itlEal=!BIs2jQ?EJ&z@31WS|P_F<1b#AV$lH-X!~SoelL5EraFdL8UnhbJTBMp#Y*gs~7w?z*wkg9)Dvq`l60D&X!a4g(@*!#B)r0UP-*XzcI4-_{ph{B4W4U ziT!4Q^RzeRlc8MoEzd-%LLDIk0tbYgs4jIlaXdwKowgxm^af2Q)3^iI~;2wO2 zDLBw;PVYShm7=M=r&HGIn#B`98(I;2Yu

OOsy5eH(N~I$m;ECWJKWW}!=sJ}@f0 zdk8^^^b@Il=)6GrRxJsh#|rYolmZ#G)cu#R;)Hkg?OEOaD+2LM(u8u&uD{G`J8Uc4 z_sigBg_*w|DW1Mto^F&YmwRgeS!Q4v%FEp1_@h67#Tz6%L~^}258jqVeCsmyXIDDx z)$eVQT6%r^1VEF2w#kjzUUlJmYku%vibp=KwRWMhR<~MO1jnT*me4&XZ#d*pEqeXp z_4ikZz8uqkE^1AxR95#Lg{=k8*#CJ5>BaWOXVz1HrK9WA69**2L#U-3{F`6<0>>~R zwF)`9u6n8(S2DroG-hH@?dE}62uFmo*<&m^T*UT}1luFYu;%ZB_%^{^!QtTjx@ju8O$WeAt{$ zzcV zw8p+KdzCCv>RI0A_^6G8wSD6w$*+cWQwW@InVme!=Oi_NZ1AF<%M2~zk!75xw#<%Y z2*z2r*J4kUns$xE=QSu??!pHnAr~JWX_kCh4?x6=^-eRC8NX2rzFEBDc)*W?uU2m1 zEW?kZgRO5qFwx%#fi$}A!#jVNK<6ke72)UV@FgaCAp=5>xRmZ-o)d41nqJuN*B~JS z>ltCsa4p;%$aeRD-^hCZgHAqdU6vF+K~c@&DF^`?fhPIIE{r_kk#CKWu2BXG_|@Fh~q<2)=X%0E&>d6lT8+n3K;ZeTyXp27Enb}bG9S{9@&o5!Y` zZ#;x(!-_dGKuwnONS!e_f_FN{7;4{U^{La=v+OWL912(ACQ}<;vK;f8K-A0nQFaQ=7Poil8Vfqlz_mQlMkm5i?b0-l97cs8I-qz zMkh4{gwH!_uXSBQbYx*;m%pi{Kvu|l1^kUc8>7EPhGEMk)?aWDP+%c` z%gRE?Xy{5Hbx;ait|5BRD#QH+BC7rec^RJpzXY5HH2e7Rdco_dbC?)M(KtCEFX^paQd_)%;M~Ph`XHbjV7*e;_FrUoWB%h4&jfwM zL9sEI5&xJ#K%_&t3CrVC663I}v$iz8>POUOB=s1eCF; z8Unib0QPxyz30%K#Or9Jx~9u5>>R3wB7cUAq-PGw)&QBIpa5K2_KWxzVzN`j7kfCyRBc2?-l_eDh9U zNZSrDSpQlW&uu%sn^k(HvEknZT^jNi155${c@8<|Os1|dcqd2Vb2>zKc)^Di`zZ|q zx%gYT*4r-}biJ{N1VO-wy{;D#2zu_-8%5T~Pvl}c_dy&;-30Labzn|UStgB!Ju~4u zryWmzO;xgy*}BpUG#g^B>w4%{?iH03wC~dhyPfnsJZcS%G1;i0j-rr+n$l?{%IHUq zRhd%%77y6dIR~|6XFpKX?dA2n2#X2gD*gkwlB<*wTXb8m}pa~Oz93seRUxj9OBn?Sz}KV%82Qwa;@6p z1n1M8M|)3|JLAbmQI4#KZcnq3$cAR(Kmcr$2;9MNu;kX}1Dl_o=-Ib>KMC>-0rGgJ zCVGYpVOF6COq+iQR{rqr9q4TO z?i&GtJ1PKps@NiYQ{_xoNq~(0-jBWKi*$j#J`}64{9R#4$WTF`(pa7L->2eR4 z2(ovHFaimK3nQh6=X7%RMvuEy$T8@-tt(zGVq0t03Ye0wL>GG=Ee-lSq(9US%R=2S z;Ku<=(`wR@ftT-#xR~+<*g{#9lGS0xFX}FJY@9{@ZK6nlMVk&XfMIT{ynb4LJJ9$6 z_FS6~Vz|Y!_%$mFvr;D+izIsDeQ$a}LF{bVg*kjdOxcQ31Xbynp$g~nZLO{IQ{by; zy)T5lQ&--+dZR~0Scis3E&4>c59|5-Er9{}eN|T)o-1*k#E^YFS$(CUw4L!~nn1gI9U8V=59#r4I`{}c+v zdTM?s>^Ix{WEln{E~sDF(Ch@gEU~7l=ftu#Hq$t@jr&yxl6J2o-)kGvYI>dsvmt}Q zg9C8)2Ybn+U*X_&B4fzBr&ql4y8-I}!M_6yV+6t(kYbF-ri>V_h0xDzVvSLbHzt_qmE}UwzU;)MbpuX(5l*FQY(=)}Mu%dR& zMoY&~y1+1Pvs~d92pEo-*Cb(AEPy77l`Rc0&step9?bxd_2F$#baawsW;$C5znI(e~*7R_722;1qJy|8}Oada3@FB?(vC+@}(9QnVRpX zFS<=$iW7e$t)9?8`KnED|5nCt|JI&ED_?p9X`8D2|3KoU6gK{!mGOT_ycWBBi~p0b z#}Eu-#xFVV+Ta^(5P;bIAIv@2818GVU&8nVa*Vhj6GpO1R-7c#>8GGkd9?}Ef&7}q`00g{NnwL zJCTrAEGyb&Q}>0~4z_M+RIi&*PHZnzz`N1F-xDBXCoYU~K>FBQ1UCAMtRwEU5CDh( zm?uQVeE#3h?D5DTZq2)EP^d|H$R#@?Gy=43VayD_l-WEVGpD>)ft54p4rBAh!HK1z zS(^Y@XiB*J9PT(LNznCxPfrZBP>e(=_SaF|5g4I&}%iBL%)Iavh00GJ?IV*{O6m( zy8AN?=v6^s`Hq(_-tsffb@4$XY!S~$V2exEb4#Ske(2s$RM)Zm9`%2B4Ec7bloHl^ zLEJ^R#f-0tg?LlwE;Xl*B2ip>FE82MqksOJH{6b>zrV!=hkznxx{x@f`91po?poMk z_V3-5c!td>5MB^q`4GczUGWjrl!&o@-)Wfvav<>@xO6&dy7~XG0571rT5cdWg7Qj4 ztJDAYIZNJ$#JpP$?=}1_0rJ8BT&m;DuAE(rfC4*G{$EB724zZEmpViS#?$sfj<3Tz zkx13a1mr^)d842@0m8flVrYb(M5g;fH;|IULl{{|Rv zijTy(kl5++754vJDBMn57eQr|H(84nf%1~;GeaYI9(BE&YH`Nfo^xiHEiAM=T@+A8 zhEPkmVRK1bYbRVMC4O23*jW07An~U9OIUGF7d&hP8uHq0pK%m8bw{-9spzWS`(y+CK&!R$v#3>+_58aov{9UGEi9s;DwR31bJ++)Z7Qfm3|9)q?R}nLmh)}g^ z^Zn9KO1`QDZ5f!;6_`EaSFar&RLBd84+Bnc-%Ar}6$RKZ^sz7!^21XsPaUO96DdO> zBliAz%y=dq(B8>%0aF4+j0<$SdTfh9zDl`5=DB*wU_tcf(l>u86{0y}OIihf_!G=@fc*Lh=Oc8Gx&}pnkq) zCj*U8|KdFom;A{O!L2!W7TP7J$v&=yw1L)~2{hXXq5&5cgnVY$F`q^oOBbvjNm&lCj=aG+x&jehykV@EJfM_i*-S}$nS*|;FB%?DP{QRUonBha z2It_22MeB~qquK8mO|o}DWc#(4Jrx4afEawH$C<@i&xM2^{T_8a_Wf)DskIEqG?&e z8lolf3(*mD19d^Io?j$$H{FkSg_b`$y~!s+i8SZ$W)OmzGWC;mahsG!(f_O737~Oe z78a>@HBG848QL2{_vuQ>qaq{?f}&_^VsAgS>KEO&+$}#Ax*B`2>*0jvA})e_?c>TR zadV`Z)2W37VH{a~b#qh1cg~a_Zs%D4n;RuG%=npErjzN({iRQl(ch)Z!s$Rl4$6m|mDueJ zSyLl!^HS>CkFwqa2cXv(IQb6&PwFsxk49+GX@Hli0yo| zPakoL`;*x(goUR!g$Fr2T%l%PNL&c$6Pje$j+DQPmpg(PoR{wCRIYsQ-=t>`zaq&yRNPhA2mTWfY;EstN^ zFfc+8!?io@3+;=dyLZX%nvx!lqCO| zYHhh4`>X|@Ro94AcM^v9wZDj36Qo;+sX@0*JN$-Pn;{O2Bk}6N*WDzLPDP2%UlKWu z+e4BqlofJv+!`1G_B?}frhOyMi6`CqgSgR+anPz3kc*Ivk6hXBOv$^o26Bj$BS`YK*(LvqnMVU z2}xy=BIdwnCk@LYC2WG=@-ZQjd`MfLL*l1LfLhRdWJPMtzVp$f`Y1WQf$m714pgt1 z!^^^;{K|y~mlb8Tk=VgIU}(OU%_Jw-golN()};M)>RCyURn^)F?fHk2&YXNGcLYDs z_*PJ`6=@Jx4svbC*G9&tccq32Ylyl=SeQuu$U#R%mVf?_;=sHCtkOxW%)y7PS#1Y+ zC?!jHs#UA8G7lg*o#8^S#%?;oeVdHA_tPdGUXu8)P?CZ&%qskrZnt~A={cnBDm0IN zfZ3>%Xfb&1{0m#?(sJY#+3ttPIH@fqod&tA5Fc1UaOH>(jOd z_!FBkw`8F<|59uqT5hI!BS%wpN~jJ>!$hXC_XNp5!S^($|S3n_QEcIa5?=p#5-l^kads#PG8fJm7I1R04J zPbDng47Jj!{B8@DjfX&PP$pQ)nt;X7g4?X@cu)bwwnmGh)6quas>|StQkn zzc)P4FH8HD!Jjoi-$2OFK*%_c&5IG)j}ci6e4+H1?RR4|FXj5W9#Nz_f^qeTxNBceYl?tA-bY2F)yJG(4V*IWwR1F*vYhtUhc9A zWf)*yN&m=VpDS`1dV1g(LJJmm*gy_u47TctO#CASeT)ir*&{amThjMg!A6l;l*nXT zB~)ZFWJyUY3W__C^pa;5oKNp9DQ(F!qg^XshRh|VYak`5b?&|4v!6B)bXIeeHO+m* zz#y?7B}V!sa$Doo&CDsp?++bk5IDiK?+&ui#PMq934O1M=4dF~dEhjbkoV-;B7#f~ z>jMge>2}lkLSQq?GD%Cc|+Dv5y@4i5uS_~ac%b*dz6Z~tD# zF^Taq6wAo|Z0P(nV=8<`&!8iz6)zhKN`%2f1;kfj*^o!PWaO8$uqjt0BqQ+b~4jT4TG+AsWDIp3L zChk6_FMYVvzI_Y~SQNa!gRs-EwL;jLjL_jso$N?aduKDYjk9|$2lLxh{PZ%86STd{6a1i$Vq8x%H54n8sZizNxbm6uC--_8u0|7;kD zoI)c)=|aWb2{Y7!(sn~?)?AnlJbcFo**soM%56=(VNG{KJ3GM_D@0d(DLZdRLs;8H zbES5!yW8{T-dngH>p12fFRY}0^Ez(uo70LGF|H5Q*)IB$CVqOVp{}oFyz3o=N%elQ z!d!=y_LB1_i)(uZjlcP4dW*-bR3*|Y-4DMRTzAW*zt^{ZA0pt~@Yj*cjQ$5kKJw&s zap~*<3MAPil;?cv-~q&g?w0z~e*eeJ;~(?M_xpKBT1URjX!jDMYmeP1U$0>k%LNx` zm)TH77q_X2)s>J{lMq%jqHz}dO+DD`8uW2rexi|Y-FVTv*cx$gGqQ8k@k0x{pSV!s zzP52-C2sbqVU9Gabv=ewcj|sq^;V4RP69iz8-xjRHb=gmdBIoro%++lUhG@svpLqE zc`ohL;(iNsci6Cko_iTp4BoR&`t{axiZ;ijwPYqaA*K9FP5Kq`cfOBzI>R3kR|O$rY*NDW%78CcHIV{jhKR`6bY_|2vsHOrGNtzPw0^a1Q@fzHCs zckK=6MqQ1c^I8vAu)3pJTT#~Rg>w9=_-a8(J?U?UDi)*0X=#A1`*zLS)n)0&s+`x_ zXY29P*3)Ve=h}Huv6wppPqC{Docq1t&D%imxC0b;q4=V9g$G z&i*AqZ#bvI%t+|iTe?_Z<2_;Kh*EFlaM6XxPL2aVCM>D*m$s2C8K>~Xp`ptfgCP4o z@8KjJKE`CNubGWXhavwMrpA zvA@;HBHCJ6KDaVcV%_xG%;qj}mv!=WS*KoaxeT>4dlu_?Ryuq-V9?sM(K5B+d!qO$ zS`1fFVCeF&^jZ5)4l?f6<3Xd0g^!m9-e}%*S7LvbHsU;&4~#z2`ps2S%;ViterjRM z4rR}r4*X5z8!|G?^3}G1AUt)U=46#)BX;qgykYUaX9%q%Qo<&hrh9Hu63Nk&?q}d& zd)?jLrsK5vJ>}Why z!#6Tf+lHF)Q0blEov*9Kl2pMQ5by?pKI6@ho9F6j#A)wEk2erQBui6Anw3pg;q!$H zAEk83qYL{}hRvqi>a(v-AN)7x(1qVCvhChJfzUf2WUCorLBt2B|Y>2*j(|CqALfwQ1fsNUjJv;-0a-0|Pd zPYU^hpbDrT_YOjHGiE2dDO@I+SMBZM*W5i7x$X0Y)eoKf{tqI zL%F``-*C-_w-*d7b{;SQ&8zXz;rWR>NYSe>psu~_&M7vzn9AnEU?~W8Aj`Ms7mJcL z80qq!_s5$md54EPu73Ti;X?b%#7_lYh9j_vs1gIR(s{r=d|uY48b zyq8Mp^RebuMM{7k3FqYy*E9Hrq$nl}A1*|dJUXEo#lvTFbn|-n9(A=r5E(tAbVJ6; zHb`XXLXMgPJz-#Xx*)cJ_)5)Hut|U3Bh`18h$U<1_p)~^L_wQy=B$x&(ExvJZjLGK zcfFEG?xA_}&{fqys6@oVGs)0s!RvM{CXws|tF4QHt7|NoB6~P;()hXp@kV>##ud^p zXYsm>`w2WPb_Z2Y6D0G z0a|=W7v7r;8-crq6wAI~w-RKb)ALnnOY)gdcUL@%XD6>t?rst?^)AYP3Pb#;f`}jr z3ul~v4DNU%N_}u9Hl;Tw7an@g(%^e*2Oh7d;aOu6ir$wTLaBoaYJ` zz={oQ{-aw+jS8r^50jkOVPwRpY{;L7_~Nr3v=i^m<46%^LG;%U z;EGx{O&Zp`PJA4C@T3Vb9XwkxJst4R{?Px0s%OZFup`x0Z{ zv$R?xh8au7maGY>5Q8k)k|`9~_s{kIKE8j#=a-LP>M_QB-PgJIobx=-bI-Y}*LPX; zwxm<**C`1TySJg-rSJAKZ4%6n1M)mKG_?(~?5B^;|9jgW`*q`WNe4TDwXQ{XKyq)n zKSQ^YnS#^C?6tt6xF&)9v?i1{^56%3nctTrzU~HZs?%T5mG^Di{wye7M)j~Lwz4O3 ze-E+T6>!tieJ?xztj85Pd#4Xewm7NS)ih>Daql*hK>Mj|cDiP2m$)4UXshdUpEx!% zJGI_ekLPsA=3?v!3pUpHO6Uf+yvojmY;c36{E=g4^*L;YH`?1Eo$#t4Z&_+@bKQY> z<%;VdU3z~qqR74Zo&eP2t8j{4x;gEPa6~(+VjIJLUK{<&k*v};gFZbPASehi%Jy10 z#PoPG8pWZT8C}p+%{qAcn|-e~R0Zj2q8l%@n8!!@@VLF6z0q^YR!S!s zfMfP|K0R?V){Lcp4gKG(ah@$H#6E2`9Zz#4mcnYK%CW2*SRZJVSiK3IJXWimUSFBs zH{vEQqFi|;1R2|U8rLX$gQ+m+$n8m|Q~$ch>Nn;lA|9<7o zeY>3EF>BV?FK>D+*r@yq3xS-1Q_=ve*9af1<6#6^RU^ztq=ohKzR2kF>OPYqg49jEG{JyT>t(^WV@tg?>{#{GMmN7hRzbYZe#B4MZS(c=5K!1wG-Hj^je#i4XR zzNDTw76jq{Z00*&+T1G;Jp8ddck?CrTq6rSi>w!ZWul`wS2>V&igyjrkVY2}Sm8?*Tf{4Udp>c`g) z&BIgW)nljWBI!E#=B4ha4=<0VDnizGuZZ*FVlPH^&s2BkU!;8hRV33eEB41rO%mTo zkxxm`R)wg3Q(5~)t@%gz*O8$Z(;Y!#%=^y~L49inG}-ZX6%l_HZ)64^U5mhcl+6pf zc@iTk${XIrR4ChX>2?QHZ&Sn@pVG|vO9M83xR%ts+;;w!Bz+Eb!Hr)ve1?xzHGJKA zDfxq!Lm`$OPcOiCnx#7k$IF~27mIJD_=LO6jJr?S(kK&YJQgUcGR*~A8m~`Zbsw%FDwjIcy`6?()8&&B;)#*E5m>BZuh6xvVm`=jB zm+>>pc+to&^(wL9g2)v7;F;pU4CKA|*>Z%_X8 zP=jIk4MVXb#2d}Hv*p&YS?Jx&&f{~WPn5-4{fz>V$ZEyizCT9~e(Z)(`4!U{2a@L_ zbapSb$9!5mrO0=b+)sC2$bHz6uN3{Y_I1Y0{&L^i$qisTrdM_9@s*ove3g^2Dgm?c z=)u%ZF4crjjVCZLr62z7r_(WFFMv+!xBUqRu5!=m)t_Ltr#`3Wbas)EAMFCKx?dZu zZlA4o?|C(Q^tfhO4}JSZ$0zd$s^1*}8TD*0J}JE@T)KLHnTh}Y@o`?z%?MTJUaJV| zZ?8|uOSNb9e(f12Y*9C1E(CSTeHc|whfnz#&5Rq?rM&+PjOns?)G{#ED{*f*jOSc? zWPAw|k60^_718w_ml{jg`@AZWXP+cI!!9ytQimU|n5b>>JXucbQi-I`dIp3dpW^X1 z=KiKCmYinJyfXW{xT(qkWmTfq#5EVlIOYW@Hl&A9$UE%3UQ9IYOP~D!S1`M2|#+7jR0V!8wQT>-*kd?6(+L%>pg=s15?7rc0OnkGf) z0sV_e zJ`{_(=3cxg?+K$}%pgE3bc0gbUsVfjjzfgJ!$r2d9$GJKmxvXN_S~ zVx!H(68(eJezCC_P{g4@WI!vxZ`YM9_clNB++)@eeIbTdcdoqpYT)nxDsO2&BtKrH zoxmA4Kl>2e%Ha?0N7EN#0R|X-qaK!F6 zhQ9X(;a{_c@ZX}h!ujG}kleS?%(!xgBG@}Vj6|Fy3NpB3bu+68mYLuxIa1w3M{&AT ziPK1N9@)q(&;mMA2Ew_~JEd9e`=KQtbA=45{7u=V_}w$tIZgFHwSw9Kol1jR6ZZ+@ zzCzuzM`s8bWLSc?78FDwpgo3|NSicoixa3EuDICE ziJ2H2a{vdQ^~Ej@dTtk;XYS0`O#gPe%MHTrydvPASWgeNqim?>m=HPJY(Rg`Xf6=Q zJQAwLiM>--P3mfkj8^VceX#of&jJL(ywMz4xv`Ux>{->JeDz=>ehm-7$9#)CR2q$5 z8Qv%>u=siDa&b;>zY`f{G&E;Oc%bf716E(oC2s9?J$Dqz2ND%(<2^@C*$b=WCIDe zWbDd)kL8em4>hO5v}c11;wU4C`++e4TUygL;2miK;Aprc+*|BO!O|G6 z`S0y1GawhQXYGfG47l`PMj$e*qBimiU3 zaQ)d`G|YU4qQmDnMyPwU6}tojW^JLOKUaku_aDezAsjBfnCc*XP zn>UXE6;x=~yttsqNHU*cP~uok)Pi(?m=U9XE#=R{W9ksiz1hsBC7vgdzaPlN42I%k znte`~SNrdhLY94smnkC2mA`?Hjx?sbUPQjGi?VugV`JhjDR@?7c=u94jCv&RQ}F#4 zaOz{tgJn|4kB0yh$$c7;CWly0y{RM(y~W(6TbZeep%XK&YhLTiGw?_ z9J9LF3)#!5?8zEAhCmug@um3qhzm2C>xW=Yl%+1>S&i-7eswfE6Izfc?>CjYJ9qeNTo`4s$z%A!&bj`Km`*@ z{kYYsnjIlocP#&kx%IoIW~&EtnJ|ckn}7HNk5lpGS$$eWQeldke25@|lYv(F*eift z(Q5z6Q1gMQ`(iM|Pm)L9-vdEt^^vB3_^FTfl>g#F!3~Nt{AKa^QZd5C&jG9As>@m7 z&A@4z5M9~RWoM|XV6TcvjwE9?Weoy>9e?r?WsZRI49%cI=KjuW{+5Qq<(PsvK%WZ@ zJURF}XwKU$2B`9zC)??xYE5*dr_Vn2W?3tm!CAJuFL=cE8{N>P|)wI`b&-m zaY9^2jht1lacZqm4cmdPRz5WA0v03MeMg6{Gs1sL5ASwIw(KnrN4mt9Z7UW2F)AoMbZ&@M9#QfdU@q=EU^X0jIs~cj7KFMYNie#otyd}hw)vxX?$VdJ) z6!MOs-B&-Q9}JLM2@YCPb5bXe96<-WtLpOHW=%rC=?{>@6XwE^P35xqdH15R)|r1H4Zms4Irjc6AAsx6^&)5FIrz! z`THFV2D>XO@|%0;f9M1hUMeP{@7?1l0|_jHlV_6i<^&y!8K|O$ZCn*XT|5V=N{v@I z-^L=?;f4V%w?2O0CWHKJK8R)nmfq!ZXDM&g2>nIK~5LaBMY~$a*)TD&~&Wfz= zQJ2ST?BfEh{Vi`crZ84ONZJq5cS|l6dPVX8e)=r>k?BqEdRlOOetq%D{>NT>#!wNO;jo&6=Ae+6bN8^Ln~mus;AeL>9wd>V*6?nH#p4w&MUqfp|d>HK2we5Fz3j zz5eS^?wmVNE4*Pct>w37HxLgMaf4{ZVsNX1ECoCYaUgSB6fQ- z!{`5I?C(TkT%Mn|d7c@udAqymCqrJ?YL>~P!(*#Y;m52|E7yOuQv++O1o-IWHa_4d z__=vRdG{{+Ngwe{e^nEDM`8Gvopf+Ao2K{EsIG~$X`=WY;x)z7r@l+&YW_VH|L_Pp zy`Z+*|5$%!yUi#9uQRIR5`Uv4yfIed#!91(ujQ9Oc%xS7OQdvv<=VqS_N8E6>v7DY zlFThuWe@s{y-SI7?KcL~cjqcLZs9a87Ry%#ZC!CHI3+*O+~Q20JbIFQ`R$>R%WDoxXONmYMSHYO6EVbVfMhnrCS{QXV#_z~G9*<6YQqS)1ih#;l ze;eJaPj#;5=(Kcera4_D>y{~W2c={cDGBX5ss%wDo14l)S=4tb*zWuiQc?Lj@Gne# zu>0}sBwhFV-?t?tms$Wm7GgQ)`ixrFl%F#1tpv?Uj}HYRRN4OArKgDrxtaI7t&04; zv?BhVdTkd~DF+6!oW)-tHSwiJw;syCln&3DOOIq4^SP1~C8%Tai)EO)Z=f^q1(v@@ z;9@2B>F-7h;v7ijURHXSlz`ICa`x9asubm!P5iemj?;J{-~E8+Q{>-4`{_M?K-;@* z&z~O_hN-AqHwGHf4rgy$LF_Ga-dT3PP5N>{*~F1J&jnQHbcrpCy6Gzan}>M`$o#L( z%-j(Rf33n{9!WxUTWzP0aT@f3Ejp~rBBr8jMU=Ql@LT~lvZ91S-0irG9_L2p4>?A{ zv_(4eNui-Q?q%Jhm> zpi*rHIJZ&$&9k@DqZ(=6IO;ot^fhH;hwllvD#trRIzDYlfQrF>yLNWmVwP}UR^;z5 zbA%QUPZjM|a=~du;V~Zf?apeui|?sKIGrzZgEN+~h-q;bm0?W-j1cUiU9($3|BbXY z>ggYecCN&J?GgJ=bY;J>*52g!k>4f%iS9XcUl8E~J~A4G_wYXXh#B4BZh zx6F%HLaJJXpIv==9`ZqNP%CS$dYC1mhAuvEFGq?QH(N}MkFNYIIf^1ZU8yG2XcKC* zq#Ho^0c1c`3Uw(a7;V%%Xzmnw{&~KXa~DZqiCZDaefANq;>u>mJ<~m`cCKEOm!zT?7aJF$@KgU&(gAm+^(C zy2>so&d|(~oV{L{HPu4hD^=w18&wuFsLeqWaky~u%-b0&lG^vHJRgN87OiAV%Jh{)M ztgK|#7^ZU$Yvp&oYhiHTPtt6Df%5%NG&tA6giO#vng7qU_g^A^xVq^gdfd)wp`C)*;u(1vP&kIp>xK) zN#tThcOOUZda69~u4VjxLN&P>N^bQf{1R8@pWCaOQ!BB8#jM=Hh?Q9JF zCfx!TI-9e-V{>pdIVRC2*;r)T6658V7;RHkbW??&mugW)PaU4;!HeJ9r>TD)lX(UM z>B3XNgJ-TQS5|!+LR75p=Vkw#f5*L3a{K3b24I{BLh_L?tKL&0U}VZ&uXMTw-nv^< zp|xaS%Awxp5O_J}HE$$GK8nucx+K`w(D)&hE{ za91Ggdis#E{GPFm$e4`QXZEl34$=F#2y8pvFju;z!41qnq<#11j1D|fKQ1m7t+UeL zZv&1Z4!1~J?%d9K&aBVKqXva^QukgR6}1*au(vKlW#N0(er>!jwlSOnIye9HWStHXov~E@wPZzwUONU28#bZ4 zbr;;vtowfFCkj6Cb(`Pw*U9mRuG}&pOWZwbd`WzI_oj)w#3ioLA~7TEoFt;z6-ia4 zH<&r^5sbsV*$5D=@|TC&>^~J8dK(BgZ~Z77OLLpqSDo-%nZlV=dQEi7*`kbUpkaPO z!Fs%!JOs2V23NJ|Lb6^_3*5lsy)Wd*u7ynedtG7jXo-sM7SoITXPsX}3VdJhtdDQ3UDOf~~*su~=T#Fre_eIQh-oa@8qXoCi!it$% zRBR63#O&8Isjjt#4E+k6$|q+|yMa<9Mp7r#k5-`j4*Qcbs`2~tN{rKm+gZT=PTtr$ z4QbM|ITwGUe278P{d6QieKKJW-swvEL>t&%LxW#NU~sT>IMplf~`L+tD5xgc?2j zLvu+NM_GcR+2Q-pNpXWeKBt8L6VP~_u5x#gQGdyDPx*)KIFrkddulJm46id5?NO+i z5hJ}%e9uQpgoRbtE~%7-;VBD4Xsy;JLgVmDy&VMV_wlX}SC|+SLw-3ac+1Q1x@cwS z6TP)f25oaCF}qwU2}HDmn6D>y+6uTewxg1%a7wOxEVUC1`|0P<>jgPs!v67LLq2cSUae0Aji7oy|9B}6zEa-|= z?IuD`VXhX`qj`G(IIq-%_>3SA^if`^g~YWlhxCYV#%`a&S4cR%LDuv)?JS zga;!(^&lH_H=kU6qYOzPN0vZ2wa5QC&Y>Ko*jg5x52rnu_dTg8tVT@OY8QH&trr$I zx;4+^CA2xD*vxgb2DYbLYI^2CW1&$MhTUkmg_jmv{X&dH*VMCIjJa(HyUUl9y%hpm zyBG)l_-g>}>W=yo{qmKN`g3FD#*3Fn*nH}(JFSw2^5HBJWRYu z*l>B#qf#-BWSE9*^2z5b{(;rs-ObmU%nbhV$6loGzm6D6f^&3(o(`rf#A80*{OZEr zFN7nWCvM&iI%%Gf8MtRgmVEmFDAPo{QS~{ili2PYMk{cT4ed(u+fp}RGl`#Yy<7)fc1K>v)kMx}Wg9MGvAI}kGQAOd7^+@x zpxW21Qz@7MTYOzqTrpK<>*#@Wcb!)xM1RN-Hp_Z*L|)V|?2f~x*v&Uus_51n8QUd? zfXZN4(^%7FCkufcAGH2)S(u*5*wMP+!%pR4=AWB{J(4ufsR;meI1R#Sy7$-d)dO&V&E;$IC$(^dSFNCGOzXb--d(&`AbwFbg#0n*tl~&hFyMzty*odRo=r-zG!K0)1>=V})^@Nw!^Q51DULdHu3=ym6pRF`r%Cu1B zzRU`i`f%WjORdkWR!Uk5;t|q>_|J+~z8oDid@PpBOy4sUpbjK&Xwj3oVjJaM_U)-M zs9dbU=9tiR72;RG1UM++0K*d-m)P*LcMt?@9kIMicOX65<7EO^Wt_jfyKJ`5xd)Fg ztUirk;8xt7|5(|mHNMTENp}`64)`^zrSb5*-zbSeXc_hS)tvP6DHX+e1&2)NmFwa{ zA`nKYsTS3ZmLIzl@>p8%7Y3U*!39xoXrP!zD&gOI8JYX#rULim_0&LU{N9ja4jI=V6*3RAA zd(5(ki^UcLXs@sW>(wj!t=Bn@Y*LadIa~FoL8ao~9W35X1s!op=g~O5OX*L%l9JB@ zQj%QUiVXH(CbXuS=Q4r6A~}GUyBqTw)atvjCF|<56w9NATSO4iTxJcU_SqpYd%1Ua zi2r=dXW$b_0_UaMYG@um9?_cE9Dnu;RhlEiyh>N5>oK5nmj*`RJ)~HuX&Y5dZ0m8Sr)S~{6N3#F==g0%g#)X{;3oFAYJ{cfZP2Pk#R>ebS4*GTRoqme={?J^kg& zBC-l0ym-gMWzIU#IA37kj@f6Hqy?rPTC63U*`&L$v|MWrDsE#a>`HZbzh~T?Ox%h{ zepIvF^+0-m`DU@-DjH#=_~8S~kE3LvOZe#dL5T3>|Cq_WX&}I(Ulzmte?e#@1 zuGB7bjp~kiKm9Vf@?3T*>8U!jrGn=alRaPqKYjT$KQXLDYDvq_mwKi8m9+Z%y7@yI z|5R2cP^p4covM>9_$>IiU+{Uq1K_YnM&9_Y8g^s}U7@w~D`jD4d~YIl_kgXGrF>zf zflW7YXXZ{U3&W^|s~s+fo)LJ%;u?0wo%QZq#_l1sP*;G}$xw=nNnG#u)y33C)(

OgOch3;%9*Muaww!U%96@JM@JzZeGy8oTXpNVq!)>%u)ks2ULSpbpww@8N-MI zI`<~fnd~HCwq$2EDAkX;U^Xb`V`2y_%;cO!L|>Kw25ppuh3C?en<;H|F&;hc)IcJx!@eSsEMhuFwL`VjSBL{yP;z6u=YCP0Y5ofZH}C1 z7`l&TeqyWe8GHUwC6*=i5ohQ7u9{-R+waqwxj9VG*TxL!UAoXmsi_`aNcauG%8 zRWo13R~ovG8;}km3;m8Rm1B#&-AFG?GAs0Xa&$5WTLBW*E_LLXH_$KYWT^je#YCPn z4ftlci3SD{T5I&)KQ*Sb#g232d5cZHGwV2RN~yuf*$4B%7Bc^t$`v9;f)cHtTLOA7 zJ$a~Wilugpjjp_^d^-*C#;I@kedkys;|Cr!UrGRK@pM*+_DXTgDG^Mn!S3-+RXT^Z z8s?D{&k+y^dz68Wmf8D>J~MG_B6Jq3q4B$olGMbNX3{o>- z7dr3rG~u}@#TB7;5G;lH5Q;<{ElzKnzii%ow9AcXRztP`A)@;J@>YGfy-cr{WyX_L z9A4|BJegu~?$HfcT~{Y39AEVpJ8gH&i@-st^Ow>n4#!E@ttiJ z^gvO$yH=GK_ZDCE_L_ID*JAU_x4wU-b>u8-8&Zd4#Lxq?4~#Hn?jU5#fhv?bTqx0I z4OnSd;A~*UOHfO-l<)B&AXLQCJ~sCVpg{P zFHi3ShyHuq9|LOxQbHnwjBOFYSwKeAsaE^wzi&-s%8)>v~Z_ zQRVQmv!z~yM!JJWdfTllqDfK9{pSrm)sbxYR?(>a@zB~i1W%oqmdE`31?$-}yro7Y z6Ah`p*Q^ylOGkmU*uYv#-$2x1CaI=`A@uo50PlWh8s9A5c70a%Vdonb@A<2x&3*!v zXn$8CTh{Nu+6J(k^#CsaiUqbinPbhNNW2v^LhL2|qCZd+$^0#Y?J|KCE)+p))5$2c zul=q>FG@=+`I_H9pJ$hC!%m!2((*T__z{sq@z?{8 z22jUZ^$n`m?(uBwE4V8nezyRN_3r6L2DzEdxaa*nM1dk>Bfp{{#37xkMz$`tGU4-7 zDF1*T5hY=nRz2`fOft4S*ot-ROwYHAPyc$5o5Ao{%{Jd{?2PfwV8QeEcure*g+&^Q zmR$g(bmR~WdhdD_%H_Zjucq*SBB5#up0v!t4)4`Ta)Xyl8v9}+>WR54*c|cSql7CMY&JBp z8xi({n;D-&lP2i|k&=6v@hm+$S;}%v ze`395(%n4hdGk}ZPtJ_!?hgzTZC-S-f*i*KUo@d-gafDzunYgWCA0HaHNl~l(lYnx zy5K;BlIgKqEQ+oE=(wRPU0(8HtrT{WHu}Js<8$@^hpfL}D`3^fyX`G3+u6TMsTsR# z0A-R$J*eY;hXt)Kt;coSR?+Sb(8tTKYn-R<0i;+vFRgkC0SMjn4LwrWdC_O)34&Hz}F(Z2@@LeVG$7a;J4d|WWZS2R$eDHGqZW1G1{hcF9 z5v#yS!)x>ge0b=^!DT;&ra7V(m}sLBLZQQt#`9wEXcL`!&{!BebSWzlh|`v62tzh> z)i}fS001ReO+T!Z57ILlz&Au%B8a3sRSmD9e^*WJoPf)nyh0QEq2EtD=Se&tT*ChRbMjXKTe2q+Byq5#`c5%A-T=t{dKdEpe>#N=hktsAbLydy$TSWNZ5*&Ijcjay2HeK$G%17HXBKLtbGf)*|%S0OY_)Ew=pb-yEmc*qTL%~d$3`60}o5GpKuQLo^XV}9)3e=rD*R9C&nJBxFXwE?2a=rZ^Elb8!s#4U-TI(nS3`%4KQI&Y_6T;I#gMz4eQ^$2 z_<6tMAijHD?YgNB@xzByF{_Qjo*H5ZP;Uo!ZS%fOHGZZi&1zXQxkO$VFC_ua+xgGx!794R3aB5$9R>cD}%!I83z@$rW)kVd7;>ht_6%ifwnmnWz(W79QbZN6&0g@j_?-W@){=Ql2UM zfv(V7v%WOC9(L1pKTjI0d-r{7O(%>OCXJO!YHCOGZyZrdu{B7G)Wb8Vk~*lGa6-4>|`Tqva<< z#a-p;D;?Ij>LDF+lB*Fr{GaN0-r4imHL_FVCVzAEb~JK=wl#@Cq&oCR|ky$TC(51T!J{qscFmNRt6Xu?Xa=G)NDH!^)7H@BG2TCyODbJV?BUva7s%c#FQ zL=Jhg8jrg(94j#p;1vsU!lnVqxY#vJbTZO@e@5ON@EBvA!E;gbG8@AdbW{o$m2nzQ0n)pXyPHd^O2o)GOW8?>_E>p%z z#-6Wx)p+-ugZodxLqy z@3i7g#3I$Y))CF`E+VkjW%w!ElG@GcQ0Bk3&3R`&ILp(();g%Tv?pzXz zR3oO1boF#%sa{i`fB28~e&Ph0M{_uXun2lxd4#+WqkcN_UU@?=%RQ<(47pDq5& z)`-8}Io-x~ARavLiNz9GR6Yu`0;zOPdrD#5<+(CUt-d)-plm?HCP|6Q{$$r9@UebZ z(!WOwIqff0+sd~@6s;46yv`tPGsofS-kp=Ud3d8XZ}X8}olQH@=*jGc~m1U0w9>r8!ld>~jcX2P9jr-i+Fbjk~5CUA}L z5F3(UhDd#cRP)7v4E?R-E{<_eaJI;LG}m1_uUHf@-Xo1pMq`aS<8JX}^kBxL&j!I! z_TImL&zC-?R}WaedZc)jJ0=G=Sp#g0?>l7JT}SW^AS#(es@W5b1(VF1oxaVwwPlOX zZ`HbOZHWxM5$MqbYN|7Oby@GV?~jfPY;;SmIHUzJ$;b7g&!rR^+~hWDdNgPoG?i`` zbEWk3nuDIwUP*d%ry{nw;_A;bIueh5(OVz4mA7Ce5~O;6G+SO&m5bfK*(T-MV@11& z7C%wAc&>dYL=w#8#y_RgXUKE^6>6vr#w;qGc{#7{I*IH7=O<-}e$5wc3`<#@dbA(f zvCM>Dp>5zgTbRc;^Pl%5mRx%Byk8;ARLPT%UV0dGK;2uiIk~fLjwp)!i8ebb-(p#+NrV%#$9OdJQEp zeJE$J+5jQKluT7E#@7oVA;cNoYPAOKHitDWkV&*ErKRSdupLmV0H(eE;MW<3=YHTx zv;3j#exNJ)n-NP$IUQ<#s}qBwUF7QplobJupo4Ueae-drl_)QQxa|hC^1r!-VK@is z`1`Nlj^uiG?B*Z%V2B#*fc-<4&o@6ix;ro~mW=rFG|tcALF0{7auBv)CTYIGn|45u zhUGkAO*4P%9%J6RKokwbG}d}?!!tAf$YuP|=O?-qzDXtniCtH9T8gnPC+auXEPuS| zY5CPhV8=}s5=`cx)#*&{X|=7^9q9j9_;=0X{8(UqM`xtyJCbbKB)DqN(#ktD5 z;(#Zqzl=Gp;--=w4=CYBs5$}T+oKJn!rsPE=|-SXTS&JFRXc-xb?#Q%?i7HI80*2J zHadu;aKJUS<*(F_0sDp;;egr_5Y?0GL{V2F@@>~)g%>(S)A*=%vG>1&BpyW>1e1vt z3uo~vYx$7&z*g0mu>)XvSGwSx1EAypi|~S2krpS#%)R#9!DUrzXB*6tjzB*~jVq-`;13s~loOacxlpwx8Tebf&Y*{WP7c7g^6-q}|LHM`vN&u`rov)Slo#q;Whd_F*GJJ2gdwTgqnI&QSx+z&;R^<9 zN*A6+mYhogMiI0oF|EQ2KnqTQbD8Ll?ZRszJyE&?(b35y7Rl{&nNwGgPa<%h%-$3S zpOqWz-2mso5)ytO`5<64fZ)#9k~5p9Gb#kCXa4)S1(fZ-|NP(l=rr;$Kmr1OWcp@9 z*bYAmLLg6QIU$e^ohI<% /etc/containerd/config.toml +``` + +Edit the `/etc/containerd/config.toml` file and set `plugins."io.containerd.nri.v1.nri"` +option `disable = true` to `disable = false` and restart containerd. + +If you are running cri-o, the NRI enabling can be done like this: + +```console +mkdir -p /etc/crio/crio.conf.d +cat > /etc/crio/crio.conf.d/10-enable-nri.conf <` option. +When using the agent, it is also possible to provide an initial fallback for +configuration using the `--fallback-config `. This file is +used before the very first configuration is successfully acquired from the +agent. + +See the [Node Agent][agent] about how to set up and configure the agent. + + +## Logging and debugging + +You can control logging with the klog command line options or by setting the +corresponding environment variables. You can get the name of the environment +variable for a command line option by prepending the `LOGGER_` prefix to the +capitalized option name without any leading dashes. For instance, setting the +environment variable `LOGGER_SKIP_HEADERS=true` has the same effect as using +the `-skip_headers` command line option. + +Additionally, the `LOGGER_DEBUG` environment variable controls debug logs. +These are globally disabled by default. You can turn on full debugging by +setting `LOGGER_DEBUG='*'`. + +When using environment variables, be careful which configuration you pass to +NRI Resource Policy using a file or ConfigMap. The environment is treated +as default configuration but a file or a ConfigMap has higher precedence. +If something is configured in both, the environment will only be in effect +until the configuration is applied. However, in such a case if you later +push an updated configuration to NRI Resource Policy with the overlapping +settings removed, the original ones from the environment will be in effect +again. + +For debug logs, the settings from the configuration are applied in addition +to any settings in the environment. That said, if you turn something on in +the environment but off in the configuration, it will be turned off +eventually. + + +[agent]: node-agent.md diff --git a/docs/security.md b/docs/security.md deleted file mode 100644 index 74e4a096f..000000000 --- a/docs/security.md +++ /dev/null @@ -1,4 +0,0 @@ -# Reporting a Potential Security Vulnerability - -Please visit [intel.com/security](https://intel.com/security) to report -security issues. diff --git a/docs/setup.md b/docs/setup.md deleted file mode 100644 index 3855d66e5..000000000 --- a/docs/setup.md +++ /dev/null @@ -1,210 +0,0 @@ -# Setup and Usage - -If you want to give CRI Resource Manager a try, here is the list of things -you need to do, assuming you already have a Kubernetes\* cluster up and -running, using either `containerd` or `cri-o` as the runtime. - - 0. [Install](installation.md) CRI Resource Manager. - 1. Set up kubelet to use CRI Resource Manager as the runtime. - 2. Set up CRI Resource Manager to use the runtime with a policy. - -For kubelet you do this by altering its command line options like this: - -``` - kubelet --container-runtime=remote \ - --container-runtime-endpoint=unix:///var/run/cri-resmgr/cri-resmgr.sock -``` - -For CRI Resource Manager, you need to provide a configuration file, and also -a socket path if you don't use `containerd` or you run it with a different -socket path. - -``` - # for containerd with default socket path - cri-resmgr --force-config --runtime-socket unix:///var/run/containerd/containerd.sock - # for cri-o - cri-resmgr --force-config --runtime-socket unix:///var/run/crio/crio.sock -``` - -The choice of policy to use along with any potential parameters specific to -that policy are taken from the configuration file. You can take a look at the -[sample configurations](/sample-configs) for some minimal/trivial examples. -For instance, you can use -[sample-configs/topology-aware-policy.cfg](/sample-configs/topology-aware-policy.cfg) -as `` to activate the topology aware policy with memory -tiering support. - -**NOTE**: Currently, the available policies are a work in progress. - -## Setting up kubelet to use CRI Resource Manager as the runtime - -To let CRI Resource Manager act as a proxy between kubelet and the CRI -runtime, you need to configure kubelet to connect to CRI Resource Manager -instead of the runtime. You do this by passing extra command line options to -kubelet as shown below: - -``` - kubelet --container-runtime=remote \ - --container-runtime-endpoint=unix:///var/run/cri-resmgr/cri-resmgr.sock -``` - -## Setting up CRI Resource Manager - -Setting up CRI Resource Manager involves pointing it to your runtime and -providing it with a configuration. Pointing to the runtime is done using -the `--runtime-socket ` and, optionally, the `--image-socket `. - -For providing a configuration there are two options: - - 1. use a local configuration YAML file - 2. use the [CRI Resource Manager Node Agent][agent] and a `ConfigMap` - -The former is easier to set up and it is also the preferred way to run CRI -Resource Manager for development, and in some cases testing. Setting up the -latter is a bit more involved but it allows you to - - - manage policy configuration for your cluster as a single source, and - - dynamically update that configuration - -### Using a local configuration from a file - -This is the easiest way to run CRI Resource Manager for development or -testing. You can do it with the following command: - -``` - cri-resmgr --force-config --runtime-socket -``` - -When started this way, CRI Resource Manager reads its configuration from the -given file. It does not fetch external configuration from the node agent and -also disables the config interface for receiving configuration updates. - -### Using CRI Resource Manager Agent and a ConfigMap - -This setup requires an extra component, the -[CRI Resource Manager Node Agent][agent], -to monitor and fetch configuration from the ConfigMap and pass it on to CRI -Resource Manager. By default, CRI Resource Manager automatically tries to -use the agent to acquire configuration, unless you override this by forcing -a static local configuration using the `--force-config ` option. -When using the agent, it is also possible to provide an initial fallback for -configuration using the `--fallback-config `. This file is -used before the very first configuration is successfully acquired from the -agent. - -Whenever a new configuration is acquired from the agent and successfully -taken into use, this configuration is stored in the cache and becomes -the default configuration to take into use the next time CRI Resource -Manager is restarted (unless that time the --force-config option is used). -While CRI Resource Manager is shut down, any cached configuration can be -cleared from the cache using the --reset-config command line option. - -See the [Node Agent][agent] about how to set up and configure the agent. - - -### Changing the active policy - -Currently, CRI Resource Manager disables changing the active policy using -the [agent][agent]. That is, once the active policy is recorded in the cache, -any configuration received through the agent that requests a different policy -is rejected. This limitation will be removed in a future version of -CRI Resource Manager. - -However, by default CRI Resource Manager allows you to change policies during -its startup phase. If you want to disable this, you can pass the command line -option `--disable-policy-switch` to CRI Resource Manager. - -If you run CRI Resource Manager with disabled policy switching, you can still -switch policies by clearing any policy-specific data stored in the cache while -CRI Resource Manager is shut down. You can do this by using the command line -option `--reset-policy`. The whole sequence of switching policies this way is - - - stop cri-resmgr (`systemctl stop cri-resource-manager`) - - reset policy data (`cri-resmgr --reset-policy`) - - change policy (`$EDITOR /etc/cri-resource-manager/fallback.cfg`) - - start cri-resmgr (`systemctl start cri-resource-manager`) - - -## Kata Containers - -[Kata Containers](https://katacontainers.io/) is an open source container -runtime, building lightweight virtual machines that seamlessly plug into the -containers ecosystem. - -In order to enable Kata Containers in a Kubernetes-CRI-RM stack, both -Kubernetes and the Container Runtime need to be aware of the new runtime -environment: - - * The Container Runtime can only be CRI-O or containerd, and needs to - have the runtimes enabled in their configuration files. - * Kubernetes must be made aware of the CRI-O/containerd runtimes via a - "RuntimeClass" - [resource](https://kubernetes.io/docs/concepts/containers/runtime-class/) - -After these prerequisites are satisfied, the configuration file for the -target Kata Container, must have the flag "SandboxCgroupOnly" set to true. -As of Kata 2.0 this is the only way Kata Containers can work with the -Kubernetes cgroup naming conventions. - - ```toml - ... - # If enabled, the runtime will add all the kata processes inside one dedicated cgroup. - # The container cgroups in the host are not created, just one single cgroup per sandbox. - # The runtime caller is free to restrict or collect cgroup stats of the overall Kata sandbox. - # The sandbox cgroup path is the parent cgroup of a container with the PodSandbox annotation. - # The sandbox cgroup is constrained if there is no container type annotation. - # See: https://godoc.org/github.com/kata-containers/runtime/virtcontainers#ContainerType - sandbox_cgroup_only=true - ... - ``` - -### Reference - -If you have a pre-existing Kubernetes cluster, for an easy deployement -follow this [document](https://github.com/kata-containers/packaging/blob/master/kata-deploy/README.md#kubernetes-quick-start). - - -Starting from scratch: - - * [Kata installation guide](https://github.com/kata-containers/kata-containers/tree/2.0-dev/docs/install#manual-installation) - * [Kata Containers + CRI-O](https://github.com/kata-containers/documentation/blob/master/how-to/run-kata-with-k8s.md) - * [Kata Containers + containerd](https://github.com/kata-containers/documentation/blob/master/how-to/containerd-kata.md) - * [Kubernetes Runtime Class](https://kubernetes.io/docs/concepts/containers/runtime-class/) - * [Cgroup and Kata containers](https://github.com/kata-containers/kata-containers/blob/stable-2.0.0/docs/design/host-cgroups.md) - - -## Running with Untested Runtimes - -CRI Resource Manager is tested with `containerd` and `CRI-O`. If any other runtime is -detected during startup, `cri-resmgr` will refuse to start. This default behavior can -be changed using the `--allow-untested-runtimes` command line option. - -## Logging and debugging - -You can control logging with the klog command line options or by setting the -corresponding environment variables. You can get the name of the environment -variable for a command line option by prepending the `LOGGER_` prefix to the -capitalized option name without any leading dashes. For instance, setting the -environment variable `LOGGER_SKIP_HEADERS=true` has the same effect as using -the `-skip_headers` command line option. - -Additionally, the `LOGGER_DEBUG` environment variable controls debug logs. -These are globally disabled by default. You can turn on full debugging by -setting `LOGGER_DEBUG='*'`. - -When using environment variables, be careful which configuration you pass to -CRI Resource Manager using a file or ConfigMap. The environment is treated -as default configuration but a file or a ConfigMap has higher precedence. -If something is configured in both, the environment will only be in effect -until the configuration is applied. However, in such a case if you later -push an updated configuration to CRI Resource Manager with the overlapping -settings removed, the original ones from the environment will be in effect -again. - -For debug logs, the settings from the configuration are applied in addition -to any settings in the environment. That said, if you turn something on in -the environment but off in the configuration, it will be turned off -eventually. - - -[agent]: node-agent.md