From 525ca59798546d9f50da37187eee7d4eff92ba2d Mon Sep 17 00:00:00 2001 From: TechCarmat Date: Tue, 2 Nov 2021 12:59:39 +0100 Subject: [PATCH 01/23] Update release.yaml Related to #90 --- .github/workflows/release.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 59cc93f..ef835e3 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -3,7 +3,7 @@ name: Release Helm charts on: push: branches: - - master + - main jobs: sync-branch: @@ -16,7 +16,7 @@ jobs: uses: devmasx/merge-branch@v1.3.1 with: type: now - from_branch: master + from_branch: main target_branch: gh-pages github_token: ${{ secrets.CR_TOKEN }} From 7d4a86896e3588d4fddb6fc29c8c53f1b19a9c1d Mon Sep 17 00:00:00 2001 From: TechCarmat Date: Thu, 25 Nov 2021 14:51:51 +0100 Subject: [PATCH 02/23] Removing keycloak --- scaleout/stackn/README.md | 36 - scaleout/stackn/charts/keycloak-10.1.0.tgz | Bin 60680 -> 0 bytes scaleout/stackn/examples/README.md | 102 - scaleout/stackn/examples/certificate.yaml | 11 - scaleout/stackn/examples/dev-cloud.yaml | 169 -- scaleout/stackn/examples/dev.yaml | 167 -- scaleout/stackn/examples/issuer.yaml | 6 - scaleout/stackn/examples/local.yaml | 234 -- scaleout/stackn/requirements.yaml | 4 - scaleout/stackn/revamp-values.yaml | 707 ++++++ scaleout/stackn/templates/_helper.tpl | 97 +- scaleout/stackn/templates/basic-secrets.yaml | 1 - .../templates/celery-beat-deployment.yaml | 4 +- scaleout/stackn/templates/celery-flower.yaml | 4 +- .../templates/celery-worker-deployment.yaml | 4 +- scaleout/stackn/templates/realm_secret.yaml | 2248 ----------------- .../stackn/templates/studio-deployment.yaml | 4 +- .../stackn/templates/studio-post-install.yaml | 2 +- .../templates/studio-settings-configmap.yaml | 137 +- scaleout/stackn/values.yaml | 540 ---- 20 files changed, 757 insertions(+), 3720 deletions(-) delete mode 100644 scaleout/stackn/charts/keycloak-10.1.0.tgz delete mode 100644 scaleout/stackn/examples/README.md delete mode 100644 scaleout/stackn/examples/certificate.yaml delete mode 100644 scaleout/stackn/examples/dev-cloud.yaml delete mode 100644 scaleout/stackn/examples/dev.yaml delete mode 100644 scaleout/stackn/examples/issuer.yaml delete mode 100644 scaleout/stackn/examples/local.yaml create mode 100644 scaleout/stackn/revamp-values.yaml delete mode 100644 scaleout/stackn/templates/realm_secret.yaml delete mode 100644 scaleout/stackn/values.yaml diff --git a/scaleout/stackn/README.md b/scaleout/stackn/README.md index dec8192..a072fa8 100644 --- a/scaleout/stackn/README.md +++ b/scaleout/stackn/README.md @@ -13,7 +13,6 @@ Current chart version is 0.1.0 |------------|------|---------| | https://charts.bitnami.com/bitnami | postgresql | 10.4.2 | | https://charts.bitnami.com/bitnami | postgresql-ha | 7.3.0 | -| https://codecentric.github.io/helm-charts | keycloak | 10.1.0 | | https://grafana.github.io/helm-charts | grafana | 6.8.4 | | https://grafana.github.io/helm-charts | loki-stack | 2.3.1 | | https://prometheus-community.github.io/helm-charts | prometheus | 13.8.0 | @@ -43,9 +42,6 @@ kubectl create secret tls prod-ingress --cert fullchain.pem --key privkey.pem | Key | Type | Default | Description | |-----|------|---------|-------------| | global.existingSecret | string | `""` | | -| global.keycloak.adminPassword | string | `""` | | -| global.keycloak.adminUser | string | `""` | | -| global.keycloak.clientSecret | string | `"a-client-secret"` | Overwrite this value for production | | global.storageClass | string | `"microk8s-hostpath"` | | | global.studio.superUser | string | `""` | | | global.studio.superuserEmail | string | `""` | | @@ -76,7 +72,6 @@ kubectl create secret tls prod-ingress --cert fullchain.pem --key privkey.pem | docker-registry.persistence.storageClass | string | `"microk8s-hostpath"` | | | domain | string | `"studio."` | | | existingSecret | string | `""` | | -| fedn.enabled | bool | `false` | | | fixtures | string | `""` | | | grafana."grafana.ini".server.domain | string | `"grafana."` | | | grafana."grafana.ini".server.root_url | string | `"%(protocol)s://%(domain)s/"` | | @@ -99,40 +94,9 @@ kubectl create secret tls prod-ingress --cert fullchain.pem --key privkey.pem | ingress.image.repository | string | `"scaleoutsystems/ingress:develop"` | | | ingress.tls[0].hosts[0] | string | `"studio."` | | | ingress.tls[0].secretName | string | `"prod-ingress"` | | -| keycloak.args[0] | string | `"-Dkeycloak.profile.feature.token_exchange=enabled"` | | -| keycloak.extraEnv | string | `""` | | -| keycloak.extraVolumeMounts | string | `"- name: realm-secret\n mountPath: \"/realm/\"\n readOnly: true\n"` | | -| keycloak.extraVolumes | string | `"- name: realm-secret\n secret:\n secretName: realm-secret\n"` | | -| keycloak.ingress.enabled | bool | `true` | | -| keycloak.ingress.rules[0].host | string | `"keycloak."` | | -| keycloak.ingress.rules[0].paths[0] | string | `"/"` | | -| keycloak.ingress.tls[0].hosts[0] | string | `"keycloak."` | | -| keycloak.ingress.tls[0].secretName | string | `"prod-ingress"` | | -| keycloak.postgresql.enabled | bool | `true` | | -| keycloak.postgresql.persistence.accessModes[0] | string | `"ReadWriteMany"` | | -| keycloak.postgresql.persistence.enabled | bool | `true` | | -| keycloak.postgresql.persistence.size | string | `"10Gi"` | | -| keycloak.postgresql.persistence.storageClass | string | `"microk8s-hostpath"` | | -| keycloak.postgresql.postgresqlDatabase | string | `"keycloak"` | | -| keycloak.postgresql.postgresqlPassword | string | `""` | | -| keycloak.postgresql.postgresqlUsername | string | `"keycloak"` | | -| keycloak.rbac.create | bool | `true` | | -| keycloak.rbac.rules[0].apiGroups[0] | string | `""` | | -| keycloak.rbac.rules[0].resources[0] | string | `"pods"` | | -| keycloak.rbac.rules[0].verbs[0] | string | `"get"` | | -| keycloak.rbac.rules[0].verbs[1] | string | `"list"` | | -| keycloak.replicas | int | `1` | | | labs.ingress.secretName | string | `"prod-ingress"` | | | loki-stack.enabled | bool | `false` | | | namespace | string | `"default"` | | -| oidc.client_id | string | `"studio"` | | -| oidc.client_secret | string | `""` | | -| oidc.enabled | bool | `true` | | -| oidc.host | string | `"https://keycloak."` | | -| oidc.id_token_expiry_seconds | int | `180` | | -| oidc.realm | string | `"STACKn"` | | -| oidc.sign_algo | string | `"RS256"` | | -| oidc.verify_ssl | bool | `true` | | | postgresql-ha.enabled | bool | `false` | | | postgresql.enabled | bool | `true` | | | postgresql.existingSecret | string | `""` | | diff --git a/scaleout/stackn/charts/keycloak-10.1.0.tgz b/scaleout/stackn/charts/keycloak-10.1.0.tgz deleted file mode 100644 index 057d4606c5c1090d91bb774760eb5d16c0ce056b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 60680 zcmV)sK$yQDiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POwgdfP^pIE?paTtzkI8A%=iB(->9kNZE0Bq!?Fl75n%OrA`B zVi72k6#*y&RglD%JvZ_H`d;08CGS(G78Djz)M6*yEj-<^2vnWgPo4c-kXaZre9_&T z;#>qXoWy^6?5Ef3^=ul{ep|DyM&{&sJ3^Tp2gPXFbfdi~9pFJJx%^&Y(^ zElqd$=wV&Pa;RSdoVW z9Y!P-RLl@gBeWZagmd&Br+7jVk_z;e<>)<&NS>nIEQ@J~B?u0s&q#hrL&Ci&OUM9C zg~<4z+r7HF3e1KKSU%}`G?cB*{hkvJec@f2;0fVf^YuJt6L!A+s(0P*y$Z5);$4v0 z70V+&@O;EM^L#|3#Pbo$NJ=9VvNR>3kRNdpdp^1#`H197<}x5f}WwCh|=Xvcy9u#d28X$FhQ$vIO%W!Z}S?D*j_a#k3f;R8|E|IZwSb z!}Ij8WlzlHC`b}UH)IhBNh)$0cBdpx{7@cl-d_0E5#!vCSa?D5F^!!`Y%f2eBE<>q zDwti76VgpE7bLfzGRDOuC;YeAyR^Hh7xaUk_j~X6r>FW@{C|n#g77bL0W8MGBuwYk0Zg#W+Bvx1HRwc|LRA$CdfoJItRDM8~xzWS}eF&$G90b26pOZmsKE;&G* zj_1t>0+re-e2^cDWJGer#waInL2x7(3Uh)5L2FaYQOXb*k4Y#H9V1)_#zP#_bb?5V zM=^=kJyUal`kn`uz`#RD!T(j#{eCUkC-^g2`8zL z^LAL4=OoOD;AqTpX!C?cY6ebo3W2z$EfAlwB91D(rKw=LgCxDAIZJ_5xx_h@`-yL$1dDJgCqfQ|&r*S} z!>8IDLz0T;yc90gW7yOOg*gUD3c* ztwJJ5+uoDEQqC|^pV?*BB~G+ z!fDEcCPmH3sSeIVZlM9X`CNw);}MA$R9D|^&6YC@hY9BdVIgohC6SzrR#>ek+RH~c z95{16#xa+p&Wl(dGTHFyH@kc474-G{kKY`epBx^23m=h>a7Mq)S&?zI?&j2W%r8q` zSH5Q~;^y}y$w$?%6C&K7G39`_&PZ6~RLu5RD#*34b0=Ad9FRtU4lYSPla#okvr%58 zsa)a`u_*jQ(<#ZRKw?UH9dLj?$hQfdOoiN@If=<7PKDgcDPpjjLzZMLC8^+MXS&Eh zAq#}d<+eTI3W1n@ov?_bHM6S|!l#78qDqhn;{s(lOQ>uKk!ze}G123ud|e**THob7 zjybG|q?dcWMH6Rl5ZgPCH^Jpay30Rul52qa%@Ipa851SiayBXJ&|X|f{)(e3Dy9gd80Qm$LWwx^PEUzKA>>++G*Tx+Ff^f;1RbVhno^$O z6eUdVPAV}aLpd4Y7^fleMA@}(WzSBaV`r*U1N5S2C^ni3lFPOHz8H}_CGsW?Rp(H| zB#Z3npZoA@V7>-13$eV!>I9Xcn5xWo92x;9O8RpDbK;`CWr>w`VIs zP+1YR;||hGd#@O}>idJA_TC-uet-V%_}g~}KODT%C=i&c0op(K=Hs`O3O^pc+kgA+ zr=`p9?e2YdaDM#b(ZT82`QGuzqYu>@oz2et^1B~De0P3!aCUZhd^ETAT_*!2ILk9G>NrNi>DR7;~;z1oLiBzB)2jx2AdUSZ-i3 z^UNReq{@RD?WTh6nwOrsvVJRQPNMxHr|INOUaf`X7!D^Xv#$@XNmzhD%d=-xUfE|P zCZS-tc`Y9x2;Zp--Fc1B&5e&}8pcILP{&H8xCWtWbWngkp_HbPoXCC;eg0ereQ=%S zgmWM@D)4=DL1qJlvn;rx|gzu*vXdUtEnPU zr+_O(uo&oXPyeB4dcks`WXh7fPN|?c-X}4h*$ZzA_NKfiSt0D( z9oZGhtI@fA$<5bgI+GI|CtS-;m+o0h$NCO)s6_J;3lhnIOI|9b2^HKciFw19m{Nv* z53^!`Iy=2yVmN?=Bp@N_^n07z@2PsN;N78;q+%sORb)u15?~|cMT$mbEGd$b*UH}DQN=!(R^*B?`SiD@j!54q3f zOPcPwuVk0oSbBj485i*x5pplV-<*gRhm=vIEp1oli1?B4?HM20bYun4bfb z7I9pGbJo@(*G+D3Z_O#ZOsjlOvj(X;Ld%vuxPnOu;`Qs-y=6cw)3XwGOBbE3=60(M zvsEyYCmHt&27()8N>VL1bhle&Z)~6$D^Q42khSJC6v*7FIGqrVa2&HMka(_uzCvk^ zjR3C-N_7&XRypCIAV{r92PuRJfYu}?{jH#vI3}rBSDZdgN32Mr_V%5&Ydcx#=TD)u z9r~FfV@qaAy(Ct}TO}AH7V>V$(vZkY(Htf}CE|+Z7c`xicik0`#`uZ6bqh{%p5ahV zKUWP}_RJivdPnsA-K?Q7tHNJ2ok%)-U}VKZkr!mRfpCfr)hD^JN?Ekl50!$^Dvp62 zDR4d^f<$OEgO$^Opd(Q1#3jd8Y(p-++J+wyT9I@jXYr-R4m-U~MDm>FdhhAc`00eE z*8@|xVBxUS+w=jJZ=e{8#m@=PSjrWHwt@h9pi9;G0kvkM zVmv0f&*|UgRl51=!mFP-GiFW7*YG%!q&WwPO(|urPNfn^LyvsTzLYa5IZFLf{y9La zH#aCaB{9LA1V=a_==0~&;zP?&<)o}ySSMIa%Z43@lGJv1DIay!Hh6bdBia!XhJ*B# z-pZ}j*1G=8tp-gIPZGSIZbO(VA}Nh$XiX9QfTY$vWIpQEzjaSn0Lr16E39R&&)KXM z5T>6N%8I-?$3-mB3MXRW?zx&$L1M~3 z7H*8j)_~1Xu1*(Zi$@C6X+>LY%V;#Hm1zbkDOHthtx}n4tw2Pwn9bVIQ~lJ{+HO01 zP-UNtX-edUpfwxhTFYn69ii4|8C(zY9Fm5lYc*_6F&}5Nd)W{AuevLG@TzkeA-R9q zcPvLxkZa1E%=u(dW-oeon9nky8h1bqU}T<`O~NS&F9-q>`6)E+VL^6_ z>Foc!lUHY6+AeuYiKqa|Pc`GsTICbW`4!7cERd2bxwrEQ98+pOoPDD|ZSRQrJRd;1 z=*mN=ap^VhF-lk%R&CEic3tOc+?L{?ySTsvOGgS302#i zh7H7!+$pf2`ra~51#Qyjx29$Z z;at**YL!VIl2k~FjE&LG^|g||s7{y$z))Fep`67r$puYbAO{M`Bcb3gf|(!X`*m-~13A7z-! z4rv`dmt-yaE9&caV~GKGlB!n4mgnS>RoZU}Gl;7gL@ z32{DF6j5eFX!2cKSF05S4FpUwDl+t2LBor9hDL=@!b$ZdVpl1`NN$)|ncHS0FA-x< zZV36mL>^h33N#`imQw`wi0a-ec%ghjByhbnLNV)`%4}AyA{`@^YU^;uiTXgfl?V`R z$OxSWQ$}#D(DsI<86)gt*}D;$;!A4mgkVtn?8+J+ae+s6>VBkY#I9;4AHbVynVl;H zR;zNN44=)TjpzE#tE_4`DS>)|aM5Hs2^>_-2E&{!xV|eQ5U|4pX@lA70PKWC3q%~H zD`Ho@^s||mvUJPOrZ^QW`IY;e#3ZFf;{g-5T!BedHu8IWblvT#`~UH9N)jCW%31noZ7lZx+wAXb*8RV?cX~Td z{(oQNx$zL{JX5RQ8K912Q3ld%$VhAb|zp)AWrzmia>cgF6vGeAGX z$>_j2m#pe9P#_|p)s<9xXMk?pGUjJHXn5ZMuiqM6XG=;Lcw)qWzgPfSE?Ff(33r;4 z?=23hymz{yENh$wWGyTN$y53H|E?)ls!!l&^~uF!>(4s2(&vrVZZB@LwYD7Ivei8I zUk#*F_b6(cf1KyIoYW2#B&ki@oRykC)d+PY0aSapp!a3}8zb@bXxiH97{h|Lak*`n z`M~*P!5mbIR-7A_g|EF9mTaQwT-a7|#8^ylTB}-hh*`FO#!&yR<=^Hkxl^60htQp> zf*H@UGgvomyi-fsymHw(b%*F>>p4ELOAf1nE1%_LEX%HR9o*WrXm_~-zW|6^qY6(k z;mkv38dNI|)D-f(s+H4Gud7(g`?LxYt9ccx7!$Q)%|&yyc*gWsxoukB zFT|p?VVHKXn6@>sa7YUWwp2%4q~7-Xb36KXR>3jOs;>o3XUF3Ti6EcGB$^)5RFDbD zt6i+k)ZEH#!*e_TOZ(+Lf9HL@4fI8pebL7yc13evv}{^fePeU=RrjA)>rtobI@(Se zReRvpbv#z?R&~x*vrJ9LwPztE*QjZA_zx!l>vx!bed|qD>k?8_w3ePc?g3GT1&dEe zE8N>*Ly0ge9&}2YjUv=h<_?d1`fj~KjNQi5WZea+R5o!<&~)ooUJ^T1-RSOk+?x(L zcLwmTNn(zai@7V2%8ue~XSM6=?R=34I;%)${&W?8* zv{Bcz*Qya_ZnZX?zeG=+*f)3VC@aL`MOo_No6qkoKI0W+(a!ZO;(O{4TG@w10+>qe zR?g`T{g*7q{abI6&i6)-yuk-Ab=Dq$Tl7Kwqim!$kxC7QBY|iGG0)%V-T+Q{dMvT!`@V_DF_CJ6q|HYfZMCZ*{y_|GysRX@uIOw&Vg zb^1>|SX?{EiNjOHq56aHc1XeH};GaKxo*n8H=7^?T z;8=cAL0?lRq(g+1lXXs1>}V`h7;F~D?24un^zroF8eboHH#aJ140=|i1t-x4dM2qd zGjfOF0T%gaN zZ*EXfHloYH+~_~m-!Uh$1@ar}SPtLzShFYrMDDqD-mI6Fi34Q-2A;jq&elHk83 z0#U(LB$tn;?-bnXd}|XgKJYx{%7TuL_Yclbj!!?ldA4>@j7TVAG$8`{e(9xGk7}Xb ze*SEIG-L-GQ7nzcQ3qzyhd5QfZ_xLf)tj4+UG{)yBn%*6lA3%qsR4vC_#cos{7*+O zOInWEuAu#+^ZE1YdSz^fC$*8u`h2Mw-94eBSDw{Sz)P|7Ts_2BL5SZ#^2aaDjTBq>KjW zP@n|QkiZuNVKgRJ)^pJK6I4RY9iC|CEE~x%P?Y0OI?UJ=7NOd4YJOznqnV8|zk2We zZdkEHO8j)*cHkT`|GdC0Jt;1#ysyn{1 z<;oEaWPe+5hdw|Z@4krRUvbiSIcxPpYvVgU+KDYAMtXZHi3kSoYk$o0E1X02f~8jK zKT8=87p#x%e;IY&kS;@vAHvfI?v2pb&zbsbMf@=&EPye3!fJL z|9nc~jO08J+2f>wyM_PX>AkG`f9-6&eDTEpe~stnru!US(qsTZ|Hd>X5{te`XEbw$WA4MuCT^+Ca(4Q#du7wQOEBzdB*PZ65E>=>Iv*{mO;k@??<9w%kqMu%^nN_hmd2%xHAjw z=xm~l$@wwi#Zehv9MRMUz*PZ2C|A*`pqjV2$Er86bf-QJo&Q7WP`6? zTd(#-(_3EqW{MrYr|zC&W^V3xGwYkZ`LizXZ~gZ(*a?F-%P(u$N9}OSHIVwPrutcV zdB@IWIZeeFb^eX}|HeBtSgO%wAU0$a^R}K!`Ui03LDAX&5Y~H0hnZESKy9*US)o|D zruDJ7)2#m1d3(_(*fsK=?)*mwbW*)nb88?pM1I z))sO!>+^u6?iiiJZ@_l+9}Nbh6~N*He*4{0#%R*U#3mt8LehnoWNCcdg3zCtuO@JT zM7T5*sH28dj;#cPI(iqBh!1u4)CpWumDPH=cF*g&$#VO(_N&pKTlSdQSNlh2`Ubvr zOYNuJ-A+reyE^+oFpp;m_+=P47^C9L+d6_%B8prEx4~JKvn;2u3v9}CSZyQyUN9zI zWcTDySFE0rJ)A*c5+F zZ|&*c;+8aT+j2;zSx3)#L1r818N|SGm7~q+khP#V`uy2VB_*=h)PGiQPnD?A7Jm>V z+H(G<8Gh)AuRgb&|Nhq2R@46DN&fRyp4$0$j0;`U1oter#5mN4drnlp`yKU%9dT1- z@$q&?tAm?5bxW3efF#cir+%$=(1D*^pVz!T^E@MvtsCa!1H}A0C1V|`-JRMj<6Rw3 zO-*Svc;VfquM+CeA$;9YJ7shwHyq-;N@W>cNryv3B|2n3;UsRatph7IrmPyh?-nSg za2?E(=HYHn3;s6@&7<7`x5@usZoRC_|F<`{pYZ?Jc!0b!8sDZ_n9HX=tJ|#Ask~OS z)WZ7$ep2|&B#OH46(PF@+FaW?H{lT!sfCMPcrSbz^k4h&#jZ6w2Ved!t8WQmniFwz zmK%i{iMGnZU?|AlT+F`Q3bLm`*~#*IWoFF_*bzY)DyIDErtEUS&I8vj6Rae$a=Jd> zqS6ewY!vJvTgC%Qdpq_2>Af z2!|IWjq2H~olK3|MgX#n*6Vl<87V+Yed5M_Rw7mhYZ$ zs_}JN_rveK9lovvyXF4RSQOa+kRu2H`7kQrR{j5rn*MLI*V}&5|9_RIcK^2o|7?hP z)fHyUg!ILK(yaJ<=>4pw?TcNbEqbZ8Nh|AZ{sFcA<M~DOrMAn$SBVg=aNQ&#hv>TZMoR zrtFsy04_#cb8Lj>blYW29<%cXTTXITWR@Sf%c>w$k(i+xYoO#~HU8j_YYg=-__W~v ze1yYCH2}NS{;OBV|JyIN`%n1)Ydjja<1{J_Ipz9mAC1a8EA3W@{glO|auGlwT!<;l zb&^d-KJ+^fgBCHh&}`0tYNT3S6}E6x%-({RECfc41XH+M>oZD^B*p{6t zecSS#l`9+kH43+2E6z*CRb`_@5QxG01-V+=l;O z?7XPkfAxD$_FrG+0sAjlaaS&`UbwbjYE#U!{8C?8Mp8bdV^Kqng}4XV-!Sk}ZTu_S z0H_)GdKLhxJsr8tLsj**`}Nrz)Qn1HwJt7y>n~QBtCFBA?WoqC3Z_0)?wH#ymwAfV zD?%qz0ZE&^Qc14*BjQR3KF7#`rVw3}97GfHp$y+^@>Q2Zk{}iqHuLNR0j}3~J~ejK zm*tUK@W0NE@zv~q``g=f{qN3pfAb0de~rgMH}dSL$N&cGR4jt^wwUkRrDCMtPr&2L z^H6r6j{9|T@_#wWj~V!v5&#LX>~Zy2#~J>ukc*;QHc_}5Yay2y)tu>CG{T!L5}yhj z721AZLo0uM;q}~{i)S?p_%9-wYQ_I>-IgBp54{L()Bn9}*#ErjzkHJae3j?sQQdnD zrFK6XV6)*KPDD2Yq=YQVSV~e!W141+_*-GYGH@V5q4|4&j#x^(iZz6hkUN%scQAoy zp>_d6&6=UAz`VP*a(hY9$fENv#DiV`;ko7fZ*TSM@!wx;?L5(cU*-7{$5`#^hGx;6 ziGN`hzCIOSl9#_756X3_;=mRRW(YvbIpZ`!Ys&>(ZUk)#s>!tUY**g3cA~9XWBDGl zZ*EG%W-r~ZbG?;s1$#Sl(GtMCmi$YVt-WlW!q$olPHAhFvDW6)r{+A|g?swa*Q>if zSg!WS;>-f;%WtISR;uR^P@OOl*yj$VS*76y(6oAV=Zh~hVSMq7@!xOC_&w&VrOq8E z%}=aR=rYqc&xEu-k4><3Bz4gfBlzr{ojk1FP`jwzsl22X4E2e-p216?f;Ve!U8LRc__wo=!tiz&&Zc#A?oQ* z=h)KJdQ`9V6r$%3{LIJy+N}4>&Ht zTGbTn01?=!x=)=|%T)9~y!Bhn&b)4ncZ;ogwY>+ZB2|FL%7v6Vv4p*bwb~p8cR7po zKhmxBk7T#rvN$#%dv%dq-^n}3C?3g;=vmW^XgTQ|WJt^yO-tcO$(v>s{;doPQQFuj zI~GCmORU@#1M{o=&chsMUHBt2q|?Pxtsg$J2KIm$}X##|CKe{omi&+TL#H zf1ct$f1Rf-{Ae@u=!2~{oq)@RUJ%4R2|pCU)+5kH{jQN zqMS4+W;3tN`Cf^na%%wtZoS%pmhQJ^Vo|a4VhSW8Vi0| zQme3i#HY0vepq|)sqz~k$XL4iBc_6;6G*6YqL$|D|GZO)lS7t3s{3db1i`9Tt6!vo z#&&lG9rW-2j?xhMe@Ffm+PvdYs@@H@kkNB#j_WTdVzpktw8w;GX!9?%PZ3MWU+TS9 zqjpAm{5|@A|DXT=s#7c{9IOTS9oEm*nY(gxkV1t>TX?>74{XrJ1DJ3OXGBRhwXoJ{=>o1{_$z;Si(&<_yhk+KmVJD9zU*%%OJUFY{Dlrwvr1@oI^A5#icxq~^ih z-rl+w+@`(HoEBcce!YCp+gGCzmJZFgxmj{CS}^-1NeSmCIUA8WVs}2ZTq*ZM?~NWv znvc%uLiO9D^vmELp-UDQ33<hsIU6*x}g*#Jql^ZrQf2WOHV5xulG_P7*n1%AWq zp=3#0%qW`ss=eh#yG`Sn`^4HKkL zO!B(m&UyK`gUWKsU{l4I^J+Bz#;1D7`v!E!hyL3fhvbCh6!tAkqw3CBSh57Duy<|9 zb#2BR96cXDhb9AN^+H(QJfRKcYc}*fi^u@=c6N3uU#TETYjEIOlq==qD`K`{8Bu-8 zKo6}2<{;>$aJIT29)PfaZynno`DxMr3c`h>V~{_;X#C%;t?j!1-^&+UPx(K;%2N}e zz+%sd^Z95=d}SjKRj)P_Yf};@0iSlKj9mW61<_5|fk`iTQR#Mo~^LwVI$(B(UE=LdVizG&9w{nJp~Oi%b>^ z3Ti6+NJjhc?MF<-GIdQwa-ES-kmy`qaTI2)tX|}COh-Y6b52Z!B9Gy>l3RmxeQgyo z`qOlRPNp~&Ecx3R(#-|I>N=EEztNj=N&;JWO;e=jF`Jyr`{K=NS0q_?A_+oWIA)X8 zb=Bwyb8=qfF?xemA!SatyR7%AEH_3eL9cpMC-%DE*m_O0+u~PtbEB`3)yiBPXC#$V z@xAFrZ3==35o@bAz0X}-h-nu`2~E4J!Iw2t(5qG^oOj53wG-v70tKT2| zwD<0K_j?eet^T6g*HWZ;MU6OY^_ME>bDCy_KyRv>XifEY18w!z15l-`wd|E3%LylG zNY2^#oWvmGIFDI~1&P+yzL^Dw`x~fZTI#H?uUESI<(oDw*`{MQq3QXk5Q3#&vf+!+ zho+!mcYhqDg5+|8m{}<|NOeU5PSWW7g3S1u`7j5P8Dt5mI>8Pk^Pvi9FQ(yzgalni zYIaI!?wkdoEW4)b-!^?QPDT;dJAZ&y-94XRE=bV(IjRgWlc`g z$p*?vj0L?UAQE=o<23SCP)a5$%e^vLrVD$IA3;#7QrjxGxkNL?j({2f9gu{y> zLt`2f?mZ9qRpvbpM)<;e9*9K#&2l>Np8v16f_}g`Wd%ov`v=?$vYh=&Lg588BDkxH z=j>N6xa1*=NcSHB5!v&9{NvHV>Dd=)T>T*z7&||9qVXXIaiJHKppKBApa8 zEaHO0PcdZ)<`K?m!cyVoi5`mzF3Be`CFtkxNSu`AwJc)YkXCxS^1wS3NaAD4)f6Gg0L{>tU{T~G zvTJ1~MCJAI-og~;1kqF}7$kwk(z3XmYbrPjai&82Qo=V7Cj{R99I>#FYXueOPe-L# zFcnF>t`_bjCpr18pqvWA(LNEF#$3)k(Gx$#de_LBI7Si4NE(qel=PmOq0$$koTmvD z(_#c69!6B8IH6sD$GajY#E6#7r_$7RT{Rnc-^`3@#0IqDI9#ZXLAP_l(a8^ntd%_~ z(um~oOfDZy$2sOAFG9HlXf44rG$JUXT={JUddtCjnDqv40MGlt?9LT-E`Z#XKXaAf z2>4$#G&4OMJp2HBOzFJ-6sg;zvQ@bxF`LQdZS6o=uhE)P2N%jhNUi#q#WA~r*5xdr zm~z3@9GJrLb%t}C5J7T|*cd+B9joR_?prY>G`EfxI%>S#uvLpu7_Cp7HqdUc_osbAs+SpYdw!%t`!G37JHv>9l* z<_=7OColrtZC+gs1y}pW%Z0t+z`Qi?=E^M6BVOc=u6_(Wx$45+@fc{Om zfE*i23Fxq_Ym!sQ%SIjaNCNu#7hT=4Ig~Zu<1CZAb40`yAt^dMQTLH71~EgBm|}TU z<5(Vcn*IvvL4-MiGe<&%(+z9=FI=>jIH$5XzG1m;=pvt`0$s{~2?F@ANvH^NGzQQv;+(5(Q z^ev`wk(1#DGz0QJfUnCa=&hmaWU;f1gz^BF(~WC^>zqke)uP($)L_dkVvnvo+Zuc6 zVn~NhlxMi$BtVDCHJ%fN(e$~NhbJ${2Eqymu=(-vWCwR6 zrOn2%s}QlLq&5qm(D3GSJ6xrYse#nteeMoz$-@k15a$G8A#gY)k(|)>mh6dhl2^8` z{pmNmd!?B_fCn#Acjd=8=45EWL7GSjZLi>hB^pElCyfMX62KIE|M8oH^OM7)Z*_n4 zsj4Z9pi?!qiJ3r2M(2Q10(5Xm@>!`!LV1yx4xd84Dkj5I!}NJ0&P#9O&AF z%9aqh#z__vJ#Na^VXt(?98yISMHppr>~?P?5qLYyhwNX5lc@Q6P*DZIrZ)% zCwaBC7SGq(o~J1l&Lp@S00?)Gn1*Vfh$%_x7edtup$44Oh=e$w10SQvxZY(syPj~ptl_|zcKEaq5xYtQlY@gRA{nC?=M#cLdHD4et<3&%8Lvv~SEWtE2*c{?x$)zaSJj>2SP!g3@gP4WbTy9#; z*(9P2tt1JD8N~8x61(n1+ZDt4gwF>Dj=GDNth(zC(#zU*Yb744OXFTOt{>ptAtgA= zNTe(dvCb7HuXAfmT4}3c{%^{I=fRF=oa+^Ef}Y(+Qfwor|) z(o)C0>fMSJw>^ac)C-AEMh%hZM*AB*rt15;}veUT>o#R5&^Na_6(93SCb=*{xIa=1%UxVifKYcb+)U{A#ic2H%R;6A$5JC5gAKtRiZ;# zjH4n`L$xB9Fs7YB=jO&o!CT2`1m6;YI>wo=QVji1HPczAa=~eb3cYjO+g+>g-CL(| zmsRnB>%BK0pt2RX3taGUZ2<_1$I7i(u@z)FBG;1nO(*DYKu&N~rGDV{DbEXF*S{&E z2@z&_Bl{kW;6r^)Tf&z?H`~Z-M|d~~O6$3=)7A69l*DsI1OpW-G;}L_QzyAZSY$k~ouCz=y;=(&? zc4d2etF2~RZ_Xaroof0H1Nlc9M{nbqE9+RYlg*qO3t-;8%MD~`j*{EGHpE)Ri!Sz? zli^3guO|tT@N`3_iOwEG8#_GdwDz|(H&6>`olnSVpmOYKI>`yQxtT#gFxDcO4TMv4 zs0zsWYcTFr5SDv4htE_s|H=Z;L4rmkW>+oMfA0MPzRVKLcaoVk$fE{hcyoh-Qzh3A zv_osDL(zP15CZ+&+K41(6saNqnA^i_4+EotpJIEf~rd!Ee7RUqgIzF)}TuCZW(Gx6#!chkujB= zsU{Q1wU$bVT=J)t5(k-kza!HkWe(sh%&PaMTrDK6kWx)ko zwan^ome5YAs`?2HyOpxFMNy^ZAr@7o6|Ja>El5SxsqATx5;Xc%YU6Ak{`MJ>7=UtQ z+#(u)97RD1il!jCBnQ!iI1;f^`EjTVAQDZ88@<4+p2k1WOn~;VPX3=ax-GfhP z*blZg=YXjyE)N^J$^}qcbeMDFY%Y>&m!NB6Z9onuIlZJYnUDh>Vr34}8NdP6GHyqt zzHt{xcuP!4C7M|v{kXNus$6Gq(+RVpGwAetNoS*zkc8zk`SZnl+WEZEF|cnbSjxld zVgG99*RlMNd&@CCaZYtz9l9VWostz;OA`6Is;;kT*js^}XxEDxF!S0@W=gKWr({{U zCOlsau8rEasH4@CEc5P%T9%bkB4*b=X9*EgQgEMTB*(JQ{41o^s7={XGpOK1ZZ=KF zmWe$OP0`hqhEsKI${W{J5jOhR!m~75b|t^f9+XX+fYNmhsA;rCj$zumMb>gRV0Tc? zE&}xna&**ynz_tzikxuOr)6|d@&+Ey(Px1UtxTmJA z?Ilk2{edrY%I^>TaZY_3zzd~9Ew@xf>D^2lBI_T(pK3xhvx3ogET?~$6lQ$FqFr5)RB?qn zZ!YX*#<>i9J8~CzLetZlg=a!jniPp+=?NAyV2R^Ytx=>~ZNTw$1313E2k?Hc4Z1xw z3bH-`VMD>RXoBQ|-gL|~NirUscn3huZ*aC}>RouDO?2y^W5TWwN;Y z{_|)1+AtxV&uzPAM5g$XD!ea;UT4M-UD;Ho= z&Da5`Hkd8>>(aTat6uurYv0dQK&M~1Zvsy>+tmEGY|Q1pZBv#_zU((EH_e5cR>Jck zwlLmv0yivSi|5YG91FF!NC=A{1IT-tsCk|;Xq+K}!)a+h@0g1YeV-G7F39W+?7g2i z?4Q335zZ&z!XfFdq3c;N4A5Ipo`c}_{yqrEPs;+TE5@Y#O<%bT?8YF?6!enBGkH7y zwEO-Y7*A_$wYAxl<533x!9TtO1s61gAPzmIXKF! zppRVkQVSc0B8!LUZIOnh?}&Og*6)-IoTCEd;u+=~aRK45%*M!Bf`-l_43U;o>eB{B z)3O3dC*Vtd2!0EedlD6Y6$NPEdC%LeLGAmtcL(WZNMi>kGj zd{eWO^1PCCkq1d{15Lz$GoC{V>V3hLBip5RWH0X$=d7`@CVxl7#2u5nQ_reepK@!d z=~Qt8vBWI$42vn@7G8CiW3z%h@Q%flv-R5$&v0ZVNu+f+P~xWF!|7H;t@o z*}xn6`@iB#9Hc}9Sx&|zKRmhIJ`*^+cq5TH^7p~@CP-K$3E)713$lv|fAj2b-yENv zoxeZc|M>3U?ELJfvkwRF&riPp_6%vT_(}xETn69`J?|%0z>>OtMx4lAaWx=yzW%oR z!|wU<$%nIHtBq#hy~h^>@ggT^CLx+-axN$nhEh3F>f^g= z%ApHp9u`?rZV46=DaA8{Bb?YC+VK)F5x51|#buiQ>6typ!2 zXJX<<0|dN)H|GFV(;qdH9<`-9(xsAFdpVo3NSEvEY;SFLy!m;DEWBt`b`!#2>8`5T za-v@;IIGJ9ii$?7p2y2<3(-gcQ5Vm?lb};)DN=AvaI3I#VTOLRFl2dAzJ$r#55%up(@JWS7R8~_pCfTlmq5h zyZ6BxHSlZ}COHxtcvg-A?0FSp0I$b?xh>nsb9Mgq@Li>t$+g;zMk)YXSBHjc$z8QX zWgDu^YtWC?nKCuJdW^O@NGMRt;^G2d1XsZtcy6q^qiT#pTi)JkHhwfNF}e!%DmU6v zs6MnHQlyRfwWXt+T%hfff{Pl-c}a1*i;AN2D`5ncD{JKytj@4f(kxu9bY(q<~(x#&!e(fFvY4eN<$_EY7^v#u^c zCAU&^_WseCve5v1K!d-LlMxvVXf4EzZK5Kb@bP9)CFAJAUV$+$iONY45hmCkLk= z4i741>}r(q^WO@R&)zJ`>Z2!9U3aTaJA1o(-yNK*U|#2Y#~+WXD6WFvDrI*+e)#VE z?BML|@c3v>O>>Y}9ADR#H8=&qi3tY)?4%R7L=6aoU4z3SD0vY2*+OomXn&o+^7^nq z-2N=%udG{>`Em!C;RGPPLB>g9GsmW?Y=)aJK5cHZX-7~>6nr@ zszfBMMF=*pp`f~WOsL>eHTyO9>v!ymK)CXXpCsrY>S-VBQiZIfB}*cge1swDutI<~dm3oQOx#qQQH99dD6E}MnZ2r>q|Qef zvmstDNj|E4n-Jmrk|S}>@@}a+@x1+ln0pGmZeg%?)_~pDH-VBdFoe;VT!CW)M{DAW znb|Qio0=qX#4gFY6$5}l7>PjIkh7R0oUaJ+o#vilXccbI@dIEf-&{{W2X?#KC@H56CFuok68ezn) zQpMjIlqS0$lc?l#KR8R{&T>Ou=E~k_tkh^m+$yFyA*jgI`Wx*d8zVtdbwm`$vUlcbIQH-ZLWP?4{ z-;gPlhYp>}Q^AQ6t9ss#vOjsf^vIOXb!i=pKy6MF5eS>{6x@>Q%23|!%6!99VG3{* z84rmooI?Z!b15!doc0^>m}r z1{*FL)EF(m$%~Y$!Ku!u6@XwnETiu9gT&n2aXG}4$YOPg6W0qHq|+G%g_xX}ilDkK zqOK~5s{0XI_03Y~lu{7$Kbc9U)y&(VUw(7r_q+OR4>beo`-o3fS_CJKzK{IS{`tvX z{v@0-)Y)U%Olt@rFHM=*HO!EIYFD!R9Cg)_qB+6gD`T`!DuLnEF}g)&QPy|smYHkI zEG6JBZnxS3aYYHzY`Fot`CJ}(t@kMp{3*e4;(5CWVhEVq0Y{M%(Uy`2!-%sS*(`Zh zlc*~H$|V~wuT4$qq#(kG^|VtRJf~DpI|^YVTGK+m7B71X6YvH}Llc>-$zC|JiNp6N z$EP2Lf%lf?T%aprW2tC+a4YuKcf1+Q-_DMY)L?X%B+(O!*woY0VMOXs$=5G^Ujp-G z?KkitkW(|%mxa>@JCug5u8#0qSKDp$76DbI=xrOb0k@J`8NPNq^95;*%c-^+6_KBU zR?bqZwM4lrup*%`23GqNaJOp?AW5FFBo>ShjjVq~Mm6`~>h3MW1!##;OpHthEHB;k zPXF_ts*W7qUu~8rtLvBhrJ}I~9|uKV?1L0omSCyE-R=&SS6qT;YJ*?|p>`Chq2*#J z35CJqrE&^bd}mH z`dMBkC7S?onSu#`20;e@Emquu5lwgXh#XmluM8H}^)+U0Ky5F24HPmqF{1*{`-X&A z5(Ld4Qxpm+vk7zU*0lPfVR->8mMrM78T!Ombr@Pp2pHE;oT{-$)C#N^H0{^})tAaM z;jd&9Iyk?)WqlKyVt9+w%mJt5`qPt zEucuJ?j$6t?4Td?U$$T6s?s_CEj};7)-HC_KmNv1M484+Qi58#Ap2QOz`U;pH2VDc zjR>>B&i2-(Ls8i6ehvuTY7|WUu5%z13cHPPuya&RQPZZjFhy;lC8@Vwe9J7@8Qyg3;u`D4XpB3Vbq_K4ZQxQ(f z9A}V_)SkGqQPh!>&@lwNH>8KE7O)lJCvmxD8md zH!A%p`K`S**;4oB29cN(mEW|jn3MQ)-5tXssP+ECVheVq4FKQhjbVl}Wn9>I@<;pl zObIzoWp1N~S(~2V3g=~4oy_93pLvn`<Eflj=svz;$k zRWr}G%x+f!WVskX8*m#nqLdBLR;govp-ITe{~h9q*U6vLF*y zM!=Q};H9)x3zVGO9}S)E4NJk3rBp_S5~{^u+o)SrZYbG)Jp>)ZE!CP#HxzG`KnlDg zCXARz>zyIYudrd>G2$`i)1Xep8{$?mg|hY~#c1!{AsWYcQngTatv+02^`=CBt{lra z)mWcDZT+T%{U#=n{_1(=1*o^KGsa7w4^8q{!aoD6nj)4*N{FKMV8GLEG{VQWaG_@( zc0U}ReK_1Z8(JYBC%4=DwE%E$DI9C#YX}!tcYdQ|y@)M-R?g*8^$}H<$Rj#Fx6606285%09WLaDXskfISP0<*KYSA*L zl3B$wugF``bUM1LFg{!%FO$*9L?YDvo1upP@B5`)n?D^z(Kp4zA#m2pxeu z%60QGo8*#Snkbs%t;BR{ul^_MOGdWmdCx1%Uy(&XNePDfn?WzwRvWwkK*W(ZazYZ> zX}K|#K`f3@D7VlQTSY3qAZgHO+nO8wCwi^=@S&McCMO}Gmmp9~@UJYFM}ow340#zO z?kM;M3YpxuK);Q0f-f9}YTzAbG?i;8hr>lN9&2elO(#ymf|OmM5xy|FI!rHCdDW~D z%nEXnuuBrv&DG`ZVL5Ru)uAI)fEALWzT`2`*S-ta>4;;D645ab*CL*&BVExjvXlgJ z*?!P6Js5<+04d?ZGVf*3n816Ez9Ae!le=CgHEgvZAxYZSXr(3ajO1gMC-RmkY(Vr8 zyY`-=gSo-PO(35}93SPMFKXT-l3i7oU*I9+_!^~bjxCmfQ#$v^F*?yB6gX)7{m9{<}{P=xR9)5U_LAD))4Vfso@pvxmTJ> zm;)$5Sr42&N5-#$*SA>Of5XHS4Yia_8;ogrn&KugWU2v?r3r!WXd%wDy}edmfNcd> zzNjP|id=_NV{*fRA&j*icDfkNQk>}h?;}DX$%n+@Dy*NP4_U4Z5|!A~cQ`!bBMED6 z**C+Mn*(lL0WQc)8Scs@2kWbx$lrR9%dE%uWHtm-yCupRPYPK_(&s6;+9;FC+3t>k zPOf&jFs=-?%aF2zWrg+*1^(WyAW1LFF@bJv;4RZb<1rz77X+J+R1y|rfr^w9 zv7yalwK~>hp|XolBGYl#ZeqUM37Do@Bxf8)R?tD4iQd3c$fo0v@UvX0MVaBN6L}y&oFMVwF&850oq*|W7p^WHg z8WJ@nw;HM<)FKA0$rk5I7wxW>7%FR(F*b`d#G*Cv;zH4An{X7NHtFbB8$(lCy6k{j z$J2L2CeBW--A2uPj3uj9a7pl+8^zjvXtg$2j%HZWh)({+l2)#AM%DKoSP> z1S+!$%1wq}r5S(=--t(W^lQO|5{QM>lWpxtEe%k5dnPz7aE!Ph8KmB|oKZP}^40<) zM?H@N&+7+hSGA|6qGr6$QA$F>InHN>qv6$@HtQ0^iQ?@f6~j_L#5@FX0g6aW+)%^r zdMg>n1(Ds=2a1~sSKW&2n&=1@<br0mfNY6NQ3C)@A_ya_tz~ z3#XLA&(EJ99e+3&Jb#X=xDVWT>_ML!@KmN!}NY1VD@&o>nlai~n<~;BoC;z*(tPN>*y6HPt z@8iJ#)2;dcd;OiQom&3??f&*t{{OG?+`*h_y4j|WUF`b~MxyQR@9j?0w?eVjNdE%y zVB8QE&KxKrx1ozgD4F?!aN(Dq2IvFf!nIpnB7DZ2P#JRl2C5&HZ&GV9KuelaJA;@T zo}gZ4c{9Iy&G|NdO9c^ez^!^U1J=5Es+{(wgV^tVxR-cb{BMTnPw}H(1h?S-t)0!6 zHT?gg_j2nA|9_3gC@lwQQ|@t{h*WN6z$8G~4V=H##(<)`RRq+)Jhd09rr*Mfo60n; z0_gNNx3+gWZPuMr62~myQzOuE=y7EHoK~Md^0Vr~MvwX|2m3oYY9(4vW;NF9&kuzC z82x_q`Sz+=tJP{tGzFA|92?~C${^^B80RL`A>jVoEP|GYZS;`?7d z8pt1$7F@zk@L!#9e4^}@qU`h{H8o$A0{^&_pL#6)=V+XH5VP>&@!GhB{_AaR_v-xr z_V$Y>`tNHzR-Q!(A9&`xl}7?pXeNIAz=nZVAw>fnM%0Zq>LH`27-*Z7h)(1gL41lg zcU}y(wg`DmUW6FGCOiGtFSfRNFZ<)@Wgn9$dL5CMuX`^>ukq{X<#_aB^EDa0>TgG{ z$1gWWqgT<3SHuI0C@kbz>umNmdw%bwzq$RP_j0h^8|>@^FJHaf+4_&(=AhT>{No(N z-|1;T|6f)9*W2uGHO~Le%ct}IHJr3 z?D^LUJnJA4gfV@jHf}rrFSqOGf2X&-`E>rj#`7>YSLH|P0Tb<7Pu47e!EF4@MAff- zG)gge4VHOpZ>;~odVm@(3Pv+NBB)5|Zv_d^hbd7mZ14@s=1fqqn4}XiMQmJiVL%_i z*t^~7z(g@MZU7uqaT*j3Lk3Z*;#uH1?ye%oDaT4Z*Y3(Hhv>V8(aMqa*-g#l|MR+@ z)3-FGd`imj53Q41dbGBBvo2i!QvR!g#Fu!v3*pWmgA}+;|JQ%9U6=oEzkE9XU*)N3 zk>qBdz?E(z@Ye!-;w-a2`~Bcm(DNdqE)RIOXA=RGcIM#IrmTVdoTwZhICgaBr2(?` zXj(fy-T&tO*}4rJMv`obIR&p&axF;8sT1y)rAXl_VmqC_JybChBVtE7%l|x9C zKRn+K-t&?AX5(tI)bov3kC$L-!;g4AA_=DPpmbB@|K;@9GcodYiU_AXiEpUwf=-Zf$YAL~-G;5NUQZ`H*D0N(aDOYxiZUUl4(lM^ApuHjo)88@<*<@j72kOl!nNTirbvM|6ipm;T4#-nb23nbrv62?yi=-b&`VEc`v0omsgweCLAYctZAK%((=6=KKZ+n$7lDlkzpecnAqRF*m*+ zkrBnI-|zYPi@t}DB=2?l5?qg9sXp%;rv$;!>MnRgts*)$p;9pO@IWkSOAK`7NYvo`ET@-P5Z^3z z*Nk=r#(P%khgKGDTr(V@y`qV69#Br)%BGef4q4hnjuB1AEKjgWaS^kLnrL(=kSOw$ zqi=T4zJrr_wEO-LMPyV=Aea~cofd4hI%$Bbxq7URp^Kb74H{?Q+8#&3nYVu#w?CVZo|a`rmCdn4Q!fS1x(_l zl<oBNDT#<}s=#`>lg8Vbj$+75onNmT{6+L99Bs5UjIN4`&VdMba*Up>TSoVyGy< z?uc||gGe6tgr*Rtisb(e2~jq5v?FZ|!v|zlAV2D$4)VvFLj_)S z2m-k1p2jodF(&!>o=ym%|PR-k&H!+#nuQ)`ANW9^J$_i4uWu+u&7$X+?h2n0~1G1qeawHaWPad zcC15v5pXn*ikRdZhy;@WbtDCN(Fq!K+}u+Kh6+^TK3@w2oP%i6H2Jn2Md+=R4TDVt zIFdm^gvR-K@bNb@Vb#%iT=f}>d(f57pGOji^9Q#NGzEz^|(krW0RR@@0 zDV!K3rD-mszV()v6zi#{(x-Rjq}a97@4Sp>Zep5}T-wvQx^fdM`m8clvdF1P)d7;f zvy(=e8x75oa<$H|GDVW5&b5tLX^I4I9h)y6<4baC4Osgnt;%OOPy8z!2UC&6 zE8l+H^MBlZ=f6An;ozO@cG$ z+oe)LOc~dVdg)8(&WS5)RJ;24!@&TlAoM!=(_gFe>mk{|SqY?^_@07sS^_os=a7>E zM@5{HSkhc5Fbp?KsPy1l$BR9J9pmcgJGFw72DhfsaS)^MiAnASgxH3 zC@?g4l>IhbZ=9&RNIScun2k)HUFE$MB+-hA7~^B#h<<&b8(HdutC*h`DO!_^RLTVT z^SZa<@CL?X%mhpr)Wopg{30_r>!WdNy`z$(P(({WfPG$97XcwH>eJqjWorzF?|&AU23sK&mub-JWC@n}T2X!lV2 z#n#sGoAy^A%wm*b4~Hmf8O9P_KsI-u_!riGWQuh{lU%JiDEYn|6Y6Ex z&mm+Pih2S^-;UX0L`SmDkaPlued4FNaYTp73E>?%!69rzHt2cUkb)?W$^(Neh0-D+ z1{AJNVmTq9v{F?idBOoM)HnCh_+m1|UDKsir}dD}KvFVsV{)bD5?@-pmhezC{$+@> zRD!NMaD}3?z~DgtPx4quct2r~$y2|ELhvS6U^+`J4rT&Gr0t(}y4x=ybl&F9b2Rl| z=q)lh1cKfifT|Wu@1>rUCVk7J~atfjDJEnU~sqM0E8fxL>Yv6(2ana*_3nJZ*r{Axde^qD;fCZ z#U_qQp5V+2Q1~RjvI4bLgd^WcN-A_HtTc!*A-)a-16okUmBt)<1nyWG>Ddy+h(eZP z%VINP`ahdbY^#)o9X9Gfq#2+|=fhjo-znjg`EL9!)%Vf?oax@w&L;gKlv-i`0nKKRv4}I6O63TgI$Y3-Vo504o3-{1g;9?^mFPi#3C1kv!;H6aok*Q*l}X+mAucbiXCiyZ}zaS}Aw ztro(bf&SE{4Gm{*oOd@szs>Utsm5&*+%7s$V}#2b5Ebn$Vb}KM+VY_!wA%b^4gwlz(;>*bo0hpms}AX( zl60Nwuu86Q5NtlNvFbafnGxeKC_5&rP%a-^AI5M7@y_(Edk1ZAb@l%%*~8otV=j?C zf9UIp0AG?dv97qC`bX^=ES5TonV}XIA~BhwDVZ{^nO>TN$y~PD6mnV#?(5qb6ZdO| zK=yR5po|bNU{8Ub&|uRimz!cT)v;P%K0h94T@_qx$O-5VKAO&`5HTrD!(ev(fDSq4 zvo!e~)DWA`w_hf?!J$D1ZMC;kX|Gi#;!31IUUqraHnnpyUJ-avX@;twBnRqn)?N~ zDoCd{S={*>l+-FC?PCCUSm@QOS16q?C33ItO6FdFWSjLno*{r;!>>Yt{(xnON~ z+GSPRZ5xt5xqPwLm2N;~)0UD{wSIj~rqNW_A!xGhCX9msf{5q4f*W2$h1TOhBwugB zSdu@;F3L1UF7G0=HjZ}GEbac*-$=}ukv?4@^!C?-4fP5AhrWQ7*!u)lCOOCC68hLp ztpK!zwO@jMwcPdsOsD3?-9i58hrPs}z?u;xEe^?uabk(s#wZ@LIP@)fnY0FQqg>9p zH;`Z(uxT3w*+ycd01~XW8C1xzF+HsTnM>gi@h~~mSo4H*^=r-`Spo}H1HW_?iXt^mfaLZc z0B6ayNg8g{URcLNlcTl`VB~BM+Z`p<>3!^&`NSAxbkG^W{%@R0@-BppOwhkb5B>O- zmPi+hJaxdmzT{Yv@hoTcpUtij`rtzY8=A<3>ReJxPqV^+jlPYcxcNi_)e#yhN<=FQ zW-pOE&lni!yob-$s>&I_vEGO?#;`5DJNK;ZiBC2V9*q=(ooyh=0-}Xrp>vBxoH9=3 z%u|@RSrUW^KCV`SpktWg1%4-%!kWAA4_0pm=#q0#Q=GScfW>1Bh@I*B^OeoOM#+VuX( zdmB~yh!@knsUWx*6X~yx>WisgaXE zV;@zb1EsxKYEKfl&mM&W1X)5s%m4o&PA)p6&k~fKLV7-Z@zSW~sA|R!rwkU@(=2A^hn9UliM`4hx0ZD)bZ$*sA(`yokYD46Ly5?zNwA7r?5 z^;{-Q6fmB~bT!PAGq48ZaOLl3${u`<)M~UIJ-R{%efdOYJ*c;Vk`%${Ff<`76tlI> z{qYsHpi0oJ?jYrq+T=)UBDGAHBsNl{ljc0qX^vKD1a3R(B%O40C!0^4%J61AmleK5 z=T@D}C(2$BZkOkBM`(m;5OZ=q;Y3VW;P=o=Q0D*D#Q_za(a(!rF z52}h(QwkkgGdi7U8?NYK?Izdm&?MoKjwpnLX`#$dYs;yR?9k+1`WdVqj0B@<{cL_# zmj9K^@^yYCv+`=YRXu?^*IZ@!C7Vxb8U(Yl+3z1E9CA3bLWR*@PZ4$p49z#TjaOZD zlyuB|p{>I7nD%y)AtmEcZ(IvToEhF3xwOWBM^s4gFbL8{vYaK!PW@SJk%WW(PQNSn z??|N+BltO2*=6_DrD6EzCPlAGi@yEitG3B4oxK%J;Baz=mw=C)3+2o~$@-80EAFAG zZY4eAz%A{ik`|tA8COJ;(EMDp1;r%H2Dq2cGk+EbHXf6?I=Jx#fUef)2B6Z|(_@@4 zv00KI{fV|JwNtI#5MTyd?#!rhEskgh&F!}Ju{;OiKuJuHT*-{pWa!^OkscWKaU}Ip zlT4dWfq_fns(Fk*5hN60D^Z4pLUK%vz@zib8oAV1WjZ!!mVi>XPgTBWf2lnl2SkzK zFY%Z-t{g{roECzOo%c{QzHnSME&@FMV%mS*{_-XDmTs4LH=7u|W*N4>qD}Pd<<=JZ zC)##98Yxj>d+NRl5;?{>1`2XXIOr6VL`k*VPV&95I+J>tphd3ViAj>tU<`T5A8SAM z;Y`(6c=%4!@z<|yReHi=z9!bYIr!u06syCU)0hj+q7CbLHD})?{jZZm5DDK*Jh8X( z@gKHdzAU&j=b|V)IyM&^oA-fHy7oWD(%meJde(NuSxiJof@G#H>`XmTO@`x6NUrP> z>s(UY!PYHJi3eJ70UaKvyP*O*8ejN{7lwX?5Cov_p?3e^=wR<0`CT7_HU{nX0qq-T zZ?}Jde*5L%L^a@Hi32w7POwNCyGVSI){^QQ=;_|OlaqtJ^QY_RJXhHPs)ttQvaD!#U#pju$Wg?S9tpN;^2Qy z-<_QwoL%f6_IKYL9bD`m{Ji`A==|dN;QUNy1OPNyKN~BVWm<)Es<8klah+ZPizzx! z*ZG^52qAf|=@r1VNAhXdOx z;(yJL{|1)8xchIx!X^8d6aVx1%jY}U_-{Mv{~qJN-No~zg;4uDJ;&`HYMToQHQOCC z^Xee4|9sNkP{q|TSe4ZgJ@vbYtJ9UFM6`S83y^HP=--=sb6U~qNT3z{p2`3|?1CG2 zEC^3Oju@Y|omKaBBj1(vB3P)aq|*G3QmebN9vqbD;zhK;d$plw-c&=GgS2QrshY|Z zc3{uE*EyA;i-7tLS~W=U?wE${9@;MZf)n}lFovr6TRur%#aqN%;N(mt;?M3lD;$rXg{fZE=RaL+uVw%H4tL*Qp zMU&_Qnk<_#>UNe=s$1A664OA;XIDntsagU<#sY%F3YKNm{!Yi0>?*~>hQlk}FeFtV z&`^?bo~0!qXfuhVjYiyZLVcfv#q|qfQQL^&Ibx2moT&bs3EQ-|TVTEm=Jz+*YL=P1 zDxBo!6ymd`_B7c>@{D;Uu?OevFIKI1#|TRqO6A={1ESB4sHOh*^_HV$*U0}?7a}%K z-kl%xyYjPKu8(^8e|zi2%YyvB{pvCP^PN23e{Z5YqapZ9fRV@5ga#x{je)2@LtBsI>I3uu^?bqs+0W_tya`V8dp?KXsB;P zjIC8qCwXnAr0?bv&T6BJuV1_3((9TQyE?Fdc7WIf4+zI5r}gDa2hkDge$Xdkhr3(9 zD4R9A;pGP>*k2qlV~CT5i-gd*g%O8-0%vvjD6|$biPp%UC1vedErq|mz7AcSGc-2d zq=}>Vh;gSN;&EtZN3%V2`mTTe_Uxd4vAchKc#`DzeEr?pr+7#_89>gWrd%C6z7MN)@^m#^EWZ_}A6Oja8?t8UFMrHrMQWf1Fn$(5JM zSnRDEUeeJCw?*R{RgEb~0ILDhWQ#f-GYP2EL6P_~K%EZ6Luq)+*?A8bt!5OejE{0m zvKZFO&}eM|06WlSZ2@;EQG*>t@xoh~6dh=|PeYI7Y+9+X8sUP0sWv2CW(uvhBDS`R z>8b-G#Z0Upy<6nDRpmm}_K&d?)+*Yxkcrw+SjD23>@$g3RNF>YXeW5IrUnpQ;Oo~6 z!#jDme{gYlnqza|XVGvCXPFn3WGX&x{m~T?%UE==?{g)Cz&rEfYkR!_!s)xS^BfS% zbT1;}0qH@1)-wESJ8{WuIP>dPdY~h;mgFyX$=hluQ5UTv^!2O5nA+u>$q<6O;=eQK zN1YC!;=2SF4``KZ8iVf{LUSWn)Dl|~%yf!pNa9ZfVKgFFXiCFa5>Xx`Ry((QxsYHZgBi~_;jDx8_wad zmMGNVIwQufF!!5LhPd=L8&b!7jP@EJ{Xg!6Ahvg2b+@`(-R%c7$<0NW+|jNCNtZaF zK9)p7qiS|?C&9IpimYu{N<<*-c2oN=BMq%(ze_wu*GMvxz~mZnGA5sYrlF789sc|8 z{tw?>o6O$!ocP=B*~#I_+r+;fGH&=p5>FBztvLwHgJ8&~2*KB{>xr3U>Q_NQH6bKt z;W(HfPL!OYqv1)0@Fk-*2ro||5r~Eeqlhy<)=@(p%ad;F2O5r8Vn5+CFPqLdb-&)6 zu&a(_n-JL!!gh2_FCEoO$0?ba&imH*WS>U*zl#Y8BEm&iM$4pvtJnWMd-ZZBm;Zlf zd+XJ+NB!SjJYT+SevdBcv6wuUla2wqmiT} z@C6uhgCnPAG;kVQ8|r{`MtcbXza!$U*JCE#UG0FJ{U@LJDJfG~pb^H@-eiA#2gB;U zZaygvoXO^*Tgk{4DXf{d3j-K&8p;uB|3h^Cp|-e8Yr5Y>$fWx3za#bNNDU=KwEVPw zmn0!`YOl?oh4uMVJ4b_FG2CZ&|w0#BxSt%(b=?M-gWcr$7uzwq)(R ztkpz1!^#{cnbkfe?POSkAk$02_t-R2RMh_G>+SCI&ejI{&+YE3&Q=?B_i%(EF)}5h zs|e7v(tS&%1x&TqHc6COC^j#*heYD-cINz%>*@bnxPvqrWcSmLV19aOyQoB}S%Lc2 zDTyj;(qAGh5Tx=jYekm={aQU{pwt}^*KO?vf?4nIl&qTHlj<=AT!nYCzWLUWC9;!f3q z_;IR2delYf4JysWOdh}`cNZ?_>?N*TSvzc_v4;@!jfU)2m^)m19}s0qFECW=Oq-+w zs~dLWqqyjbaJ1wLt%#)Fd|sX@TD@M1EjBsm838_(+I5oN#IDttuturjZY>^*QMQ{3 z`V}=768)>&n0pwgs`_|5csw55`|+Usq;0LS8=kmL@wp2!QIWNis0!(XWExp$ZRTrM zuE?Z&oy@+f@5hDtxG?W;VZP1V%xa6&dZnFfwc1F`$R<@qrNe5YH5moX8~JX%Qsl^$ zEJtImzd5Z}wo!KZ@7QImFTfmm45Pr-vRFIC*cgOqqKA5gDwNTqSbBCEBDEAdFpTDe zmksrr=6%z5Ikh9r+B#EnHS}RoRh~|8A)L912j}6g zG)dun)Rk9jfH_<7Hc(htV!Dqhj-2IXQ;*c=m8=y_R10;uWgM+_f2IKu-M0Z7qPEVs zn4{|UdU>fdOJ{q%NTKERkLG;v)V;nfilBo7sOYd?Ki_j$(C0Ns+H3hnNCy3ok$0*)+2NYj8>g1_H~}K zLpVz$5}g?$SXR!z&U0d&weM9R2ibTP5;-(``k6Ia^y4dP&B@vLNz-x*4|}xU4P7L z^k>YZHT`b;L-pZxMMbAmZ3A9#wv|DWBr)?Y8|4_R?M0woR&^x)eYAo ztEz<}#+JidJ@yvG;ez9J(OHS&I`!PZ_DDjfxuldfc4IU)KLYMT(RZFK_v`n8tBrp@OjU(OZn_43+9!Eh0CXeUqW9PPhTu$d|Je{OfT zpD$#goKPid<0!Ib&^vWD>j;8=%Ww2M~C~n=ZEi3dcTKo zuV$-U!;CkerVnOhCgGA2r%sb`qYgS8AvH_gmJUWJNY1jQVjiroSAW)NfY!CIX$oL38U6-x$^qy4 z7mJYxsUX11ZOG&V4Q%lNz&UX043Np$CBVdoPE9BP6DZ3h)Ik`*PottA z?eCuID#r}6q>Y$ra$cewleI%9%K>;GQ_hX);b8wvYbGPVc-z+$bK z>_|lBjxZZwg%7c3J``pzt+Roga)8AOh-qPHG(?R1gzHS?eF*7r#rUV1$*4R^v95FVlRJ+*)>%Eb$ns-6{>Hie;Ci z<@2LH>gZ&O>Q6W3j$lcCkPmsi*CIp>`$Yv&yQ+%}RTnjFNqC_gjXO(~yARh3 zFNw;=HqLEi=XO~RGd238#8rZl(4wSWP$DHNr0ZlCu2Qk6;$rh3qKW5Lex#pFdbUQR z1*KE{fZcR&ix1k#40n6u-rHSdl6SMy+#IGFt>9wdo*gv=_3Wth0vG^DQ_J0SC?zeG zEwa1z|8ErkAu(j=&hT{c2oQ7fKkRH3;=gV`d$si#|KTnkCsf{pup7yR>~m%P1LE}6D2l}&eF5%OoQ>Z#bcqk2N?<-i%Ojz*W&8a5&Y;9kwjc6W_A z47x@Jgq6X@eS7bv2T1o)<>;Fyj|JJ~w+B?f*He$OyMS)8mIO3F%*6j`ut|4Uv-3V~P>Vl}_WIeRZ~njQMwNS131QPa%B-jy2hf15~rNj=~k z{=fC=`STqAf422}`;q_O#Zz+8Wv$TjcDnX`CUN{qS+?WIV_30 zFvDzWC!?H`*3JJy>t9@Y%iI9WmH)Q$>wo*@%NLL9|1O@~^2o3Ks@2`s0f&|s$4o~n zS>o>EZM@>q{VemuD3`cg@bNZrs_8ix_jBiTA^m}Q&5ognEw>g~Hr+^#R z9c6)Jd_B~LbbPI>J4^MN`5Xn*qcTabBrJScub3n)Qwn}j%5U6sqJh}n$##|5t&1HAOif&_u~6_8twl@bK_O&f3{z| z%+$~gPM#(7|0y+`DQc)t6;4@5 zCF3+4cRj`l1CF?vC=gFGjV!+{6fWv2pbVXSr!7bNE{%J$s=cNOVA%Jm+8=PBW$3iF zbG=xnPyBmrYE99i7>xma?C|~09O}@N@m+fGfOd5GC_rl#r|alD2iPC~cGtEmdm8b7 zb!uDA^#h)H{C|7W*OTvdxBo-uB6O>7*jN5pw zzD;)dzwT+w|A#d6l`wY;_y0RPFZ1{RuO9V3ck?vm|8Mm4KW+o7-3C}d&d5j&)!Awn zMws0rYNn(mVu`8@_ea@w3|)y(XBQB^gs*0&(}pBS$-3i zug$jJMflH{Bu1YlTDTORLN-?u8tc!JvPmAuWIXNl^}O43$Nt%|8F}*8JB1v4PG-?= zso{RXdMoX0ZXb=Bo|8R3->Xw*J_O|{R2vP{uAjJQA$oe-|I;&p)J3FuP_8&XXUp=n>J9(D4|1;EZY^Y(m`@epsk#f;- z-pR9UIadH#fBm;m-4)*xHXT9vJz*1Pg31;uVENnKEGG6cB=o`gGr25`%KQMDUMXTGFJsV9MhLWyqQ~*W=Bx<1Q{=jg$eja*SEq2wPJ!J z<{#D5b(s-Vc|#?>w7Eslr~{B;4E2-(baNyvOsbndxJo%k(b^pVAN-c+0UzP6?;rY`{X_g{7`ohSxM~a4ueq0nVOg$yxn0&~LUt>d9mc z(p{kPt(h{5fK#T*bD?p+pRD%scP^Ap7EetTnP&`sJASLiUoB$YCm(l z^?)N*?`ak3MKfDm(u`uP+W#j*-E}ESb@A-whJ6Y$tFeL0mU2wvN^~S?CC6cLzV9Tm z*-f+VksY)-q~WHRH(ZqPkn& z@_h1e+uNuEkA&M>O=CG=n-*MKY0`pl#Hd;?MSP$E$f^@H?tj zM_=CRu$*6<6s69`t_X1?CQP<7uLCCJ4J{4b$>pY)Ocw;HWG5);C_<2N zR_CtxzA`JV{(di{)tICf2fm!*ZimvAfUcUYzSL~Bbc4<(JZ{qR?ayST^jkF(H5FVx z(|WO@ZrbMU_qw%X#kdPG5fw>O3T&)u zR7Kw8jH;A-HG`mrbJ@N*zUsJ{u4>>&*j#Btjx|oh_Ue{%{a~9NvCED`MuijQ57lL5 z^9q<70TXe`U?JJ;y=nQvr|dy?UiCu%Ug3Z>-}|pr(T3(9W*Qz{TwPP)q>`$eO0ajg zN0dcX5@A;Z!}F8fPZ8#fNuC?~e~I_7Bg>`)xPi%7IP`v(=M zNN#!>Hub(=h1CXzpRqBW)vDjh;W?;|1+g}{Kht0?iDf`N-R<{(dv~^f@$=zP)$ptK z7GsXTImg_!NG4^1ZX+nm0Q@-D9D*D5+Y-i5w?dDlO$VRDOXan+s7WjU3$-^@AN4Oz&klY*IJ@W{oP9VryVyHC z{pH|nX<#ExMuhhvDf}LdCh9!ZT%J_m>>Zq)*AV9%jResFQY=R|VRG^66p`SW9pg z&`S~$Ax=3PR_J>&MY7P6g(3S7x;8LGT7L*~}3@Ures$j1^7F`WMjVuNl_L58C7 z1r?lNe}+2mt7M+?Ljb6k{h|8sx}u^3guaWa%^zR8sE`nWdRf&~hB>IhpU7-Z*<^*M zl-EX`3EJLy)!piDb+^rJVspxI2)W|EW(8=!5f;^)-6AI2?(N))Fj?djCiB`p3Gl4U zY9+g3OG@V(j4BOavQ0(h<}dn@+Jt<5E7^kiW<>0HM2PbVCt|_^zowyl(R@=QOoNz{ zCQapwF0N2h)J*5_$!wXsW0W1#A?4h&RQ=%sxu-$M1#y14C`sn9b0eC}wY4l!=9;+y zRpwf{5n1NiT7oX??xvPGSIs*pG`jh)=c*-Sw)?+p`a9m@)eLJT8GVz_rMY|?&{8fX zZ_UJ&U8J#aWC31aLMujI%wRu1S9=jV*_`Rg_hLHr)Mno``B?yU%VKQF1JfLmzs1|p zG=g#uNgk7BxJP;i`oUq0WwlC8l8ZH~@7;<<<#{*+^@)e=W$lu_9=WEf96ib`>vNI9 zOYl{*DKy&(_=o<(52%Fip<4&DfVx3v*0vnQk8B(kqSr(o2FLFeuRQAyJTiO6R zH$urAS*}8kTNWMpEkxuC&)aiEm3LRB^EmRcBz?)TB;%PzWFZq^wvdwuFjb_HKT-RP z=m=l!x{8TPjk6%2;rKli>7g(Vf)=XX2rDPxGEGErZk>#+%YNRq4i%@V;F;!jRPbcf zPtHd(ZOEju{zPUQ=sVbcolMqgK`4>rvexD57){}Y>*Q z|ErJx`{L!x7kU5xovp|GA9wTIiD!RhzHdmOdRx&TvuP%DSHW^QHvZNg{$}V8$i;vA zp$js16I;M!5dK>P7f4_&6~GLMWr7S8CExNMN=2uN*5^hZSiHZ#c?1H3n+72W$_^oA zwVO{;5saEJ1U20|fe4oGdTuC!8UV7v2$q21F&aTbaPBc0!F(_spL|0YkMRf|;}JZ@ zBY2EQ@EDKaF&@F3mLKC0Gy|!@b@O99g2#9ScQlj#yW$c2?M<2f9!6r{YCwXTLs7QM zGD^>y#%s-9ZZ?*s0~*Y)Ux45-qQPTCgWS5k<%kBW4>oWoVH5HjSpt^g3;u9d$=!1X ze{pznc)tJUV)yKAwfA3b2a82Gm;>@}IM}DWDbT;|9#vwq25i&GjR2?6Qjz3KXI_EZ z-#a@zJ?}&4g+^ZU)jcc%Vd7W57?gD$x+PFn_0o_C9$+Mn0vE5yq*jg5rm;Kp2KgAg z<1u)L^QL| z9UmW_*HC#?tolOV4fkxdS!WHCmKLkmwv;MclJ*?c z%6e0Gr#c*^F=CGPcTeY^c8hUWGRbqBt+q^+`2Z@&On{iVdl)n=AOK9$merxVS-a|x zy})T+!@c**L4&VE26Wm#*gf0(wtE{?QTsqU-N&?g6+iDt_E)NosoO-nZxJ(gejB`w1ZJUex|7B{<^ZKh8 z$!(dYR<&PhqT0+rRh9bA9_~@^wG*xEFhq>|gd@pJ@G(0NXvSg`65^{*A|f6g%@9UO zGi&9RYVghRF&zhNh=XqC0GThp-d&(e57cWJ z%hqCc1chUD4WyWlMGt*!cZ~L~`)5q}tfM$WdjqwNS}xNw#H(!oF@Lxx!Z@``(T$+Iga;wzrMro;8 z&4RS}Y|go8TIiB#*@-QI;W6%i^^#g`-2b9ddS0aavKmc7-DkRYRd9K&abp2xu5hx{ zk}}OKv6vo64uvu|yOMjW(r=%skTe`aEdNsIv$tAFUHKu+0nh^oDkJ(=_5m}dUY=y^ z6w!AjmkyxxT77~Dx9NHKTdVBb9iUN+&$k}=|6M$VJDbvgK-#Rr#8h{fWA8Qc7!HW=Qi06mtki`w zvSw1Ep;j9%mb6`MGbmS_Nqd6>6d)_C(I{m(`nFrXp81sPd=!|Z$~OoENmqb$=@v< z5FM4S-lkw>pek#q!unvIh@_5*?s9kGRfp+{rMpJ{%+_nW1={8Son4=q&T{Ql;!MFX zx3jqmz5tE;wUMY=ivP;~8c)WYaVAW|8Dz>xpuQv5I_S+6%JjIH+`A&d7ooy3NH|u~ zg5^J%p%jaKsY(*Hv_y@P9816{?>G};Q~7U6(GQ+^^52UWdHHW^=h>tDcPGyxlASgB zzAe!%*ZxXnyIk9MDBRWbd>7JPuKSgXce(cOQNDW=?H)zDN73$YBHDdhlAXz(dEc9T z$x|c$btfd4(s9T*xmh1`X z8nwRv|65Pc2h1sp1v=b65Up;+*}sV=TV3iCys67^_V0(dzUMtP>;LRvcmMdHJN0kc zNA3FG+1Yyj@>zcUZ#~<7T>p3RJV7RocK^SRTCI=ik3ZHXQbwY;xp{SUb6=xGmd`Q-9S-5R8N8s^ifX0h%RC&++!*y@leUw ziHW=+a>)tV)O&J?^?YZ7*ITV8Ptf_%|JgtLKdshaFz{F?SU_6eA+;$&M+o~qGPRNI zQ+Locuid_FRT>J3g8)ru3T-feA_%HW0O2r{ocXb*u-j?@_k}LdkTEGF$B{r7l}=m9 z@Xfy+W6qlPw~l-g1#AY>#X{BOukn!ZkVqnQlfBK&Psyt;W$RW%M6po2gq#rc@fQ+I zQwY>}yJE6#cMwApyxVHMF?iGXLLLs$kf2!D?Et#RQ6$pVKAAT#qIEQ4+yz=uj6-s4 zgcK}jPq$A)3$5rP2a6Ld(2$T2Ng|~7X})6olZN5s?cvG)puE@hkRU6|ifPQdb0P)S6q)j=uR(RO!x z=Z98D4`fIEK#K6yuV>w@&X7p_OnpE7fFjN=sX9&*Zg*!jW(7kW`h*8FHAOTWaV#W{ zJsERi=nJUPP9UJGbIXgfM%pNO?1YBUrjebA5SsIQ=;bokF_UJ@?#wd0&5EeR7e5Mq+gMoU}2||Nfjt-+$jjM^s3pMs0>H%o-U0N>o>Rb-xd38UED-#P-vsPXZzd ze0H(z5PvD+O|`T}5y_lP*(DLkPPB_!HjP+FLMhNNmgw}u-cy0F5X_@k+C`cYhn}(k zsyZ~%g`qeDC~v2Zh}4?#WMCVKEKXTtnT=V25CzP^}(Kn zus~NN2)gLhP$@wkjwMKaLo!lgvCm-IrCGWOooK9%SP-x)=nxMBA{>%RC~_EN=*zGP zhsaZO$_b%7q3KJlFKV@}QSnJ2Dfw1b{zlI}(f0gm(X9BXg>~OxqON}Hy0h4`X!-km zZVKyl>lzJA+zp6uaz@5fNIn}>&&OLRj`l%bK!>Up;-=b7W_tC{H5!C8s2s}t`VMw# zqmm5L9-VcY#y??~gmdZ>fd(a&*H<;(1xI(=*s%$A%CTbuCsbf3srN2Z7crPGm5c>)@8Kck8rcy#vc>2m4bRCJ3mYprnaAr=VNH zj?q$|GA{FNXRrg3zKauk-KIX=*Lrecy%p>@R*HGzxkhK{M_@eVwBs5&M)yQLtHe$c z*Gw}5QQm5PM^E;0!+jJNR`NN*A;O&F``qNO(ct4B1GMHdBEW46`@Rm}hN3tK49K9i z)<+@Yqlo#!PNIt)*RiG=-wAe1apbA;TGKF7M^-OAXe*X|pU+BYM+ds&^W;F=qr-O| zvM8vrqjg+e%9g=V20IZGRI)kvDZvg%JP+}?MuVabW&t!g*pYbLq+$tnB);DTRQX(^ z!I$&hw-BE1>k`D{U?&YBxhU-bhl_Od$p`gZqru_mgvnD*1PKem$^80R?9}d7w#U8+ zGkI8K{txW2TzT0|%fSxhdY_Np6gzZ;bbffPD?(zz;=o5kf&{5mo7~xRjRug`e%W0M zu%o!@J0r)hFt8Zipyc)}8J2mp*H9E|qMc3|RF!4Zy#Fa>c)z~SK51V7>{)I$G8l2LQ`ee8mj%u+} zDjzn-&ixCC3OjJixa88R#ZIYw*c?0eFC<>0!ESJcXSD)cUHx+GR0cU8plbxd&JXwD zSgx38jy-A#y!7xRU_PrMD6H^{hl1w5e?yHFK?p{{HL;4at~> zp|${lr8Z)Gs+;>L{^)IPPMDA%dy2UJ*c@U({P5#{eZ*37I*cXxMjk^3ZKZzkJGGYX{+6GWoY7tE#A422tHiqL!9Hee7jp+yRX>lNxofM=_UoZN7CQ|X zMtS`_b|83=8Gq@~;u@Wp1L#Oc8WMJmJ-BOhg`MpiYfdxRnT6hjvyjDNk4>kv#Hv!A zvz%h!B|{~eGM{wOZV<35;+xC39vZN4u%Wt`GD$9Q6a_Qq_Z6p-sNVteaA5B9*l4sO z9nbX*8!KQZjHmr{M*DriX1m=i4ZMQT__ z!%Lq1SE6-yp;EJJ{yxEF8jWik>=!vj;poss?*$pf0qpeHzr>+O{LI!Sh?F!O-`Ntp zMuX|>!hv%^Q~`FHs+3KSOWL}3%@G93POva)GKr0}{fW#nM&OA*YbRx@R}<<@5Vf9t zj@(t|f1r;xRH_O-9gPS#zNATEwWv$7)!2?;H6%t9Wd`cm`VJ+`YpZ-G1kU0#s3g(y zmcR}Oq)X?ZMi2`@+SIt#*I-m2qW;3kwUM>_SeZ6%C32;MUGrDLlfdn<#-~909jm!7 zr3$J|xm+Tkp~0<(1xY_xO4A)!x0m$=@pg?aI1YU_McZ585r{otE#eNE zGC#P7`K*}lDD3Rh+S5$|JIJRTjacA6ytCUi8kB^?7@#$wHgLT;V1e8OCrKv9^;9;{ zX^9)&ZtR9L1XU0TFDYjsgm1XSoN6cP8H>>s7_tWR6VY~@!o*q7n>zFFX7e)sD9hJ( zvGW0Qv3J~9a>7Vwk3+{eax;lN9L%kFWgS9_w_QH2=JA=8rBlKgd|*C~rx3f~p***O zo!@X!&3rQ0QO8g?ZGgg&<4|A|^@82EeH~gob}|VotNh^3;!x5lvFj=g=5T{?+|ILN z?6~PhD{03TszKA5zERXiim5u2FmH_9e_`YH^uO-QcKLc1GIuY@G;%$Z4X>dMAHMgn)yyGbG5e*ka_^mywUs+3W z<=pZra^dXaU5dpnGrE;yXTIgL$)gOY$)QENdl|K}AfccT+?IwT#-}Eft;Sp-h+*X% zF}^f%SArcknL-1rc_%KMiO~;H-j{~q_MU4rNJ5k^ednABp)$Y6d^DDa`&^^Ji|5aF zmL{GIc5GDjIra)Aw3B3lcv#O$SC*4TqK@ylnHF-_V5X&|!CCQhjRs%74$xW!W14%$ z%U~y)z@c)_%4K1pqXa3yeyBhLH&wztZs{wfovMTqIse;T<8A>P6y^kBW1|2UG~&`z z2y*eWih(XSIups~X0+o?h#v=pm*2tXdpvPGP(J-AP*NSOF*&i;2S#6UuW_tYoHJwesSA3~1vVdY!+DvfuNLvYZ-20s7_L)vC z6W#dq!``xR+|ILl>=*-OJy9`ck8&Z>@uD=2Fbax7!0<5dh zoR-}MR%^f1SI`%$qI&q6^WX<44VK=8Hm;w?j);eKxPen>JWKZ=Mf=}nO|k{qOr3J#gHoZU~!|R z!83yW-#C@zUFeYoFV%~*L;so==g6gFVh6mv5cbWrCx&zaCX5>=0uE~et#K0igfD!~x#_bK?3jF> zA@fP!B*CkV8KIbs&V~oH6EQVvLC4x0Wz9*mpj*DTv(_rHgGVEEI+znO^&0J(at|Lv ztHh3E0pW9()-^g$$~|=ati<-q(oRFZbBrO65YDn6>?cm#LSjiqaUjS&V`-JNqX}WY ze#c8GiJe9YjKwt=_q%7UO5SOvz_^hH;~u#3s`jjA3XB_QFz%j+ZU;N{H#UoFFz%5n zuL?WO6d2#02E$;dnJ>vA8jQYbczNJ%{H%~GH}sZhs=>H#%%I!BPQ3!7xd!6_pl2o6 zk%Uia2x9MBjy-ZpIAwmHcr5e_YzVy9)Q5z{goOB-=a_Z~8mne>j<@@KRuoUx7}_*x z=Nj#uzTZ41Q^seBi4Nl0225-QbV?tLYw_GUbK`t{?M0H! zoixYR-B@$mTCi!6&kw@LH218=6Cj73k$B5lT;Vo*jo_o3Y%0w&^}wEMG}zwST0UrM zDR!K^TV*}wGjTmwa?u4bKutuv%)%|v?)gBchY#*$63 zq#mRz)loaNpGgjeOx!&|mULuVNgV4^$f|oRi3ys;(}Q_d6Cs{nl8^{-%Gq$Pm(4Z$ z4dQmqSgd1rVU($F%ur1$O9Qr&XC+)YB=U;!PdXLieC(K&b>h}qegwDqtR~}e20P&8 zdGJ{h9^w+Jyhi&hd@4c0p`0Kuph`{#O(8I9lV}Pws`vcd2JL)~0_stz*o%m;M?~fh z@EYy99_gTLwFPuI6P}gz$6weL zVk1c)f?`BC1KhAJ-*iyzQVZl7!P;%4=W z*co9O#GIT@I1v*Tj<@ev+L!qEg@ zg18iW9w9#QSMDErjb7fYei1tWtPqP~$5fh+9#e1>2U!#uw5|5JM%y>5uQeFhr%lDd zYZJxQkp{E%ACNe>k{vyVo%&5Hw`V1FAL6F9626nePW`6!&Fxt^?9^{s-`t*+!%qFC z_08>BIqcMLTHoBBB?Hko(RzADKR@axholFZaD63bbcLOWlM&&4Na?&sqe+DYhT%Ip z2$42T(YYg4y{7_D=0SC&TO^@6eR7HJG#P-N4TUTNIFv=kkN^H z9~M&vInfyPg_qmz4aT|LvzpsJgPosgK<4CWf%~j0;T3F~Bsd8?14V*#N8M(A+6ppC4-)(Fq*qIW^sn>8< zzeatDxkOme$yDuLu|VXr+Rz`|ecwuUbc>xv_D$bxjNCbvJGRHZ#FBcBwGQLxgoWDN zYeKLes3W^+^j_~JR^y+Qqn+9qJQ=G>oD0QcT1r>i{hAP7qrn%40dy(b6duPB>7lj~ z6WbfPuL|lOYX7wTnw#Rpo!A(*i&1+dnMECOC=E|a>B>Xaemwt`F#zG z2URyWS+1;@va_7BEr@$&%B$tdIqckwE9Vh)A8dK0TseoGDz2O|bLX`fz*!O>M4Q?Yu_f2J$Av`(!fx>%{FLBA@Xz3KmmltR_r|K@XkcG3jzL zrb6;6xBW~qk^_5WI8;@Ut-3rst9`D~z-Qhk!n>3$eGJWGCt^bFTIKku!_Grf5niJ~ zKKgXWo&g)VJruDc@wonwUX2}zA3~bYBkSpJ&T6_GI~9g#-<$x(V9TH)yBKM}2!vf0*9iD>t(aRIRNm#y{Ox-i8}ur`575M;*}-b37%AA?OHEiiHe19YG}e zL}styD(B-y^5-7|g!woIWs_uRFd@Md(NIVn1cNU6nQ?pHv(ah|1_Q-`SU_6eA-5!& z&N`d~1Pg+GZy}`nOYgo;u@F~``>(Z1F)}|l(h~bv;vp8~^>o(p&EL=zLdDdR3XoRo zd_oW&vP;Dlr&Gww3);#FaW&KfTWyep)3DvcfU^({x{iu6m?0|7U6?=^C2)m!N_;eM zKpk{jt=#|u5hyku%r+24|Jpr10=r^;rz>EZC=qF{Q-{mjX%qJD*V-VXtBGpDVA@Wp zH^E#kH9wt^>AO3_)1VT&|3u$^e@>(Czwe=cu^51|?itpI;iJ>eA8XE!^;YZ26SU{v zG{Q18(C8OFk(dTT6@7v}8peq}^wHsT8cWbXN<4P1H+|-bt^v2}vFT#f!y7+eU+SvU@6h!aIWBs7Wa)F^2N1Vlq^>+8o5EW*{$ zcG3BS3PeHyGR=&|+$hUoNhPXvZ-T>dKAH_3rMJcskHHKCb`Bq1Q8~#(chlDot=1cj z0Br(b=MT)3IPy3J zxY1=CgoNWE4X9Mq41OtHJ&&g;lDxw7PZ+0vsg439JgjC%En+GR;577t*oT!i(8Sb9 zaSn7f(5p$?0?Z6mj;LDsY?@g^j8hUyJ)uz*Ofc?gggF%~v~ejp8OH(U76jdIH@60; z(2yvCCfK*Avkfg3X}yL-|K_GS;iJgHGb< zkZ{#A#19mfAr%xmjv(TGx7P43XucZ=AnNKQvN{jD7=^kpc z(Wss8v8-6wE)LL+OtVoS{0UaFvIABF9Eb6=pVml+x|M^gs@!&hl4|RJx9^-!K{~gE z59z#~GiQ|qGgv2v;9!w#BxG-y@u1VO_!*#4fX6yNvabXJ^*v0`7&5iEXsDT#vqh%- zs*835!HRv9yhA1@g~a}PSM>>r2sgKs z^e^b!_Jldfb>uXsd1|&vFvwN|^XVn^V>PvAyHj|jE!qA2R$5Y#mg8B-F6@BX?t746_h$QW33Wh}- z63w6m(Jdrh!HshQj==+Pa&oEOVC1RYUF~8DjR~p%4{CDE&=6F8PI$(qdylunt~|I__f_x~MOqKzWX)L{b%STOZM zEmjbi7-Ha^3w4E7I9v8846;(dx@vKwO%#nUCPS=$DXtai!-8xe(j9lvm$sN-PW(5qTC$?uL+uw^TgPwOU%Rc=VVJ}LH;51f zF|f85DfD_eiPZLmI-r|5Kqw4qX;`h!N!hFlGZj=IpM?YsXR0lk3^G$AX*EOlCrlE{ zN2y^28E!1EH2b- z-qcCaxNdf_tnd?Si6UXl!s9g3%$-())iOPrDW> zDQMDDT?!hpKs7SZWNu(4q2#lO(NK024F0g|546NZW>&cJSSaGDHNHxwWIn6TjWa{d zs;|EOkmJRQ6Whu1bGEmmS-SALP24z({RN2)Rc<739uTj z#5h%7D7nw7`9#S%Dl-xrl_MR7(Kniymaqr~xTY$3bI=u&!G`+h&tL$Y7yj&y{~DOZ zrIqvwYbFAWp6&CaeyeqU)K3D!7@D$I@mAUf3LPfAJVCzcv0ijnB|Dmd)8+D^s8C)Y*zvT$jy;kdc^fTo`ZdeZ}eIkYN zz*^M9NQ1ZlGwQWK5AJAp)z44yka#k%EtyuvBqW@A8C-N^AUfuIr=vE!j%xRHcT<(> zdc5?t8dUBzR%IO+7jTFBc#^ucG13eqQfC#VQ0(~!aq_WVp6&re@db;xPL-sk9GdWRxD@hX0edKdQJV|`Z zJ5AD|L@)-$L3Mf|9*3}+41)soy3RxC&dwT~U2y2OW36`?M*$m;6;Sr*x}I(sK2svV zCB>Qtr#X={|8)1hKAlFv%qXCYbd%T%W6xt6>qZWC0%xS96wB|z-Odb8gVqx`qUR2W zTEo%O|MXf2S(wz{9k{RRLGK+9ygKRy&@=pWKc#O^6E~0^+6}JoOu#odaQEO(+pv0- zw3tGE3h@rMcb+{j2imGFTcC}3fKbD#R|II>8ng(Y_hJ?$cZ49)8I^D$Muj@ne@qp{ z70!C=dV5Z4hd#)hXbm>npSFK|wQe&TsFsBiHnj?YrmMwK1DbY}XyUOT(4XO?(@#bA zDk$d#3G)CafIwQz7+n|2jG`11SDeK}gd|ARP8YWN6MYiygygDYpzd5!+`%18|aFlDW2)8mF#vdIng>~ z5~-tS=uy>_S{|h~2|si)&kyCLuJeWrrPY5xNY8_|K>DGy-Rrt`OZ&(aN*YYNoKvIb z zMe@yzF(JLg0!2>L;s96#8j^rrnPs9RJaZvN^i?{SmXy2b7j~s2pA979p{cwLykrL! zp}iV087kDD4rZ`GS0o6sst=G#%G$GSeG1uCeh+re#~VthQAd2ewE<_*H-n(_wP!^A zDp`}ssii{rS9o&tXC)>~7%!L$d2C8-RSIS;J{^sy7YDM7c0+_yRh01t&_<>9 z?#)${Xkj3~cPOgUlWgZzmuQOoy3$2lfzs&;&o&CsS%osb#58~d1`R=nWsESA1pr$i zIwf3CA<6A&F@hFRNTcGz9@2?qd@5j?qI4#@$x#jmoM7Kb9RN5D5p{2gN0XLm4jeeK*(TK=cC8`^3(C$S=MstkFR!KjL5eC%73;+ zhU7>8C%pZV{Ivb*g}?P;^a}ew?Y!LbetNd~Q}^YjPlgnSou4*2V{#-m13Gl5UQC`G zz1aS-bM)fH%XO>fOqjIRr7)q9v4J9O-~~}$qz);naPViK4**j*AZP>dtnDTm(U6LX zIYeg@M8TD`Ih~uFLDsw)Y+@5CPFN87h;2z=@j*O>lK_?qhJXNp<*YR8#lA6;6RtGX_E-jlo1T0iCF}Byux=Rf$(!z4_=uPNbzMz_auO%wieE z5_Hq9FNRq!deQA08y1f!(NJCy5~AYnV=u!(AAQ^h_JiIj1X3JS+IUwvqnaf8+c(-R<{(dv~_)ygEENJl}tFv3vHmUwr%9?$Q3? z8Q}c%?f&lhZWryEYcNixCgyQD=wSS%O}Ra*xT~7fu9=m}Ne87)*ijpW!h~75hN=_& zG4NS6FFX#D%*H_8c}1+ge9}h5CJC~ubJmiDN#?IF|3ZE9wP&S`K^N`9g~pJCWJIN| zL`B|qR;21C1&xsm)1VPUqLww1$Z^Rr*IR%c(Iy^NhV zNa;1}{ZR9TpEd3US3wPDnU5fg$M%dNz^**R*ItW9CwBDF>2aVqpRe7%HA>mkvfl*+p-#(5CepRShV)P;tMZrUa+9 zX2qR6H)Aa=oq)a2AB`B_1d!IR%$Z0z14l$%ARrdDSy4GK-rAO>YtV?69X)# zSWZk4tA9rCqcO)mX|)dJQ-MOF_8P2+lO?7E+MvW-kS4d><~GVYFJOoQ&vayRj(Y0ff$^Bg#?4nPeUdwCW+IY^|xn=cbX}i|MOb{7I8)%9@spCD@tV+9w+7l5cBgj!|xmP&WHs|P7cUytJ z>-&k+0iyQN{_bgZPqXD=sJ|%cF$+f^i~`0!#Zls}Wo)m9Se?Dqb|?iJ!!ELhqe!f8 zB)oR*a@!nCKGD!eYx~K8eBD@7>(e+E&{G++*a%%xas^61bFZnEecLRUwmF1a(`X~-D0U8A zhaI5LE;_(GpoH7u!s-UxJwrbAft9#10}L8H#x<`s2KtKI3L1I@4V8?nhz!=m6iZK& zu(<_23{lA;UM=-at@PQ9;vm@Eezo)Cw&pT8q6VFVL_?&`OQZPzviI%HZR5zk`!_!Y zR+@ACSd)_c%;;>kj$?Z=u5l8V?MZfTcFKlCNaC0xxO~{rCb^&e7P=cCNKp?v8Bb=f zSi2L8#Ipf38jbE>hq!bRK{RFeyzstK=R`G*t-H<*tc^Sp#d6|tum+lyMD!6RGZASX zqSIAWHxB5!1w!4J|0)f+ST7&P+T#k=Rb}?>dwbpibQ?ZVwylynFbrYeE=4M#mcl!@ zA|!Jq?PNs~ddUDCa-A1!QGe{Tw^#?2$(?OA>vXBx-k!%!aj%4NQ#}Xo^BS$NeRl-b zLcl3{`M~{}HI)(kF%&YzkG}#f_Hbp^(qeOye8{x+(xOJEWBX~@AKIIng=ZJ| zkr{_L-yGebxurM9HwQ($U6~&D!g(q zvvzxI`%g;ktL(*L#mWgX}A^$%|td;a`yY;zO6*eXi}Hd?m1>6nCXmEgz8 z?vCuIgNRw;$fi0ctMhT{c~%X^nz&Mh_L%lcsjChlV8O074_{zt9n+vWg`_z)T4=pa|I%ghtcG>*4A|Us7<=FOh5c}Nb$Hfgh0{BE3^-AAG6bCo8$ri@kh+01F52bb-3NBCH)0O({4S;nz-i}8%Y}$tkoKqA}A>-C@ zFif<)B{T`dB9P=lpLSA9#=&qrn&I%M@OaXOF&TN?l`Lc4L*;ZOGMD#)!n>a*iHNe6 zImvjVY#cU!K7V;}czpW$rTg~u&^>>7{PU~x!?Uvu0WmAi)T_<<9A2_8DII^w?8O2t z@Rg{cm6y8HTWl=vaEnU>Tx7wSJhCZ4CMCPL{a)GX0TMk5&DAVzm}SnUCmr-gkKs+H z?Hzb+H`#xtb-MbKYG7JtpdQL$(8ppT=?m{yJhAh1L?zTXyJN$RVy$G#KBY{&(S#rm zYr1ydQm@UmyRnikUw_?LJPDm>JU|X5(<5Ws3=i9pyupat6K$QwsD+I)R~7OXm}JqLe%FtJUe^y?)v1_`PDy6+0Q2g zmkU<`rFN4_2j-v_Q+pwgZf!k=z9qGBAwZRl77=$Ml(A|>VIR0-Ee#_x0eOS0q+io& zk;1uE&D={70(;zIe4yBMMjA31io}k8Rduk9rJs7vDcw@x$(%)O9zkYLha`E=`=mbFDZ}4Pb zFm2Xv-kcp5ENnxs-9kHPiNXjXGj#$gsfIF1iX*aSqI&4}>o->?mtOXPLfw=as-4fZ z+Nn2TNghRj`%!zBsTfFl*Vi};r*!wcjtWU2@P^r$jC=Jo>P;eItst5Mgfk2I##Qp2 zz82KA#nNZ%`jBGL13FrCjNRCMQ492DW7f^B_#pbs4Kk*N5%w)z{~LAe4CQbLVuih# zt34bfTr`V{0&0c=b<&`TjbhUkggaCTQpuTVeg>8 zXc)mpq1e@eh$cXZirS^5AZvdl#=N+o29Blgh)TB}gCI#Wn|A`&v}AE0rMG~T=5FSB zllh5^iiUiuakI29F;`HkE;j2@)`!+Lp ztyIh~QB+pEElz^FAQVFZ-bM9oROFl2oEf>~JxNbiUNzJH^q=(Hib+3|{MM+F3yn)Z zXsIWqHPp%H8B#3OpO>e~vzR_p?`cFq=G&yp~pxu8AD_FGt z+dI3J^}o|;w^!@`DIQ~ir}q5{YUA(Sw$=07KXcYUf&yKf93HsYw|Z&&31 z&Ov8;wf>*vIg;^&X>8$S>Q0(ReoH1bNQD|SIzt2~LV+0bc(v94p`L~7pRn(~gbgfO z{|CEM^8fb1?rQx%#j_;r;+JAA_RDOh9&yogt^m=k45AoBzao}Lh0&mW5%+xqoG9j; zM}9xp#8;pOj|K)t`29>HCx)x+aZa1fQil;LV=*&cxc+B@0xr!H7Onr?_I73c?`|J- zR_p&Mo`2LYP%_*qWBkdafcQfmpiv=tA~X!8&-?<*7cVV(QfB%}R)=(Wz^ZuUatJJA zJeLEejK2zd#B!9H6wMKX@PD)x+4r@7>4MGy9pd{_6waJfe>I>wkA|_h7Gj|KHhJt^X%^ znoaf+L9fVV9Wfd#ua0JuorCe<7I??bMK!Nx-Xh<-sx#bH1$J8-VjKLeFc%O`54{B} z+^gZ-#&+?|g%}2DMn3ZfA{Bv?RfhX1F`yGd|W|Li-pgk2#TKsH-psyiF?HUUPMQ9%u zq--tZnMkv>EhfTLAWoZPYo~+PGCNO1Dxz!+i!)@XhgHf`k+{P=@I?zl^0b<9BHTE~ z_=xxpN>Wq6g3q<9!kXR`ptmM2QN(zX@QFIpR;PkT)F5a99f4uYqa1;A!9>oVf;#dl z{hEsxWfqScOTP&82!6nX8yqLW9nXZT2fL+v+l2m_iK|}Bo4C3=Xf~VVLJb<&If9WS z8goi;VZ`7bc0>YnSV2Ow(+ohRQugBT@<&*iuMc0HGGFv^M4b*IKwrdmapSwbeEF;B7pM#eBQONXaj0t$zLbzpj99z@0* zTH98ugd1w5HJR;3(5=*{%3QKGEUfC600lY}yu^k9w?QbI&1tljt`67**0*5YNLm?k z{43#$pwE0J*@eb*=@M#;s(!lg>HA|1T1_Hj9oMPnJH<30w$lSpH2A%M)qHhk^EKHG zEx|I&u@Ji-$8H|aaDIE1V|qNrb`~)n7v>08h4l#=Pmp8b0PhMLt1xRl>^n$9Y-Od!VDT4E8 z7*{Ju54M(y1UF7{wN-N)Rz2C#q4SQ3j9tx2!Hi@C3kFp()5A!c-V#LV%cw76INqx) zEkzVFcJ$7P(^&NyHw;@^I-+Rs;I^SS!DWe5D#-=v3ejol{PNsMdc0p#S}A1l^t{Mn z3aCWaIr3BO7D8|JPqiqk!JCbwIxBQDlhGEFgTWR-4qWp%4kzXpULk{vlI-)aMj)T% z)c(D<-%9c*3&ui6D!At%dbYp(`N(~Dc;=p+ygfNn&7Khf8fyDNd$<*N**B$r-Vmgp zk1k|eMI2d^0YQwG3mZ*y`pwlzSIOrEPTb$hIC~;?En79WPen6KQm| zZne+gaJ3HmaUP2Vep-%E!2nXg(IQBH>%Nlhgqw{7V0^lIEJ~eqrU#>2c&SzTXIB01 z*Id|Fr-AaOhQdrd6u~M1+*D%y3T54{{-Qp;0^VPOGl2kRVEIxFzOQPUh1lve)rjjx z{t$#U{M^FHc&aHskD?k5e~O|SP31Req-w(ySY?;hsnGzrQZ?aFpT?8~?)#+msD;f{ z$xET|VDz(upG0@?qquJQ;msR-!B9@1?|7)DN_DQ5qxM^!A?aXtcBw@pD_!ZqT^wz1)g4>F}43g!fWl-4fu7_xfYOQ zvz`)U@>(Xyqim4i-0Ny7K6XWJRo}?fmb-v&BI{Se0+S=Y_V}B2~$8xCP zdCMCm=d0<PTp97%Hl?LC=jg^#fMUF68&9s)+iNV`OGjPyiSFN6^Utkb5Vg{g zej)lJ$r{J92=nJPO1n&DKQVH0316lXWV=d1dI9C6ZK0R2l0_ zE6nbKI@!A7pd5WVOo-vyNYfjY_Ng(4cq%-UaF1g(h{U^dpAIocJdIQR_tcp!lJf z+VN}sBZ&Oc52G`IXrqEB{n0hgvcyyeZw7%{%lch^B$QMNKe8~j4-ci&2`a71y`;BY z)C-);RPjMOc{YhvkJUe2tt&V^2Srz3|LU^WG7^RWd%HW^PWhf0lpfL-=Q7Dix2EO8 zGs*oIJmgWIpu=A4baoTcC9hn~B%#cyTLcBt?^;b&qO01Y8eH79>K1mX_2=YS!J~;C zin9orlag|M%qOr+Nw4Oy6V*p<{2=rdp{MJziU3Q7;@-AO5t|5V`507N8L4&i6^Wut z29d|@Q3DFaui8);Bu-v$o`Xx+}YpT-Plrv;i57D9RX@7lKF7NfTos^{4T&f#VI*V z(-ONWZjq+LZef6rTuI{qCY6ojfxhWNps2CDquT|zC@6;4EbgkFyfDcq>bQXmEOu~k zz>4uwA}1@wx}o(#Xka?7O%M%bB78-S>Cojxr-GE-U=S+ZGN=?U#LA7V)8b5r^dlQ6 zhDK1$COaKy4fj^bUx#Nfq_$ z>y}^FhLU2ankWy$Ef&eCs^EH;1u5!rQju-3{zyvWccvGmsZ}H%W9!3sTa6L~B7`u1 zJnxO#z?esTDEu1otK|k!73sR&BL4Z? zBV$aUZ3s+>7>2G0s)U|;J()+oo?aAz1FnE3TZ2?sa+(%$+6&NXlQfkDPk||zlmZXVXQ>!nu z+F?i1sYIhPoFS8@ErIIzovlzz3(Eu<33mP#kx})viQa)t%hJ4u?P@fj85P6BhO4AH z+{a!?UziZ_7lQlmk{}arBG|~%;NPOlp1lleqzg4Y5p41@OL!)R)hLQ;H-mr^icewO z_EcjETc4&CjLV7Xiq|JHggb95v_-3ljdD|LRUlHQ+{~_#JTD|z=lqP2nPgIBb>J0l z#3f5u2Y2VLHazh~fnU32gV$p8lQ;=v5@eIUqI}_03R)JaRzn&LVTd0nbd?0|78U~+ z-AdeSH6cnU!MA?hl67BQ9{DbhvcT1EzHU7kggb*;ETXzSk#UzI3Vcz8swO=+Zkz}) zj_EqohQ1{^T6d9tS`7j4q*>SY0vY5?C7eqR$f(BPW)=;mDOc4|t=~)6e4GVAcQ@juNONSWy+Ts#9Oe^{B@Pj&M?Ao$Z}nV1LwRxNAY;jn!6tzkx&2!37SMZis0tZ2oGo{klrnEOG??pS|<1#htdU>~RU*<*VB z`_eU<*{Q|f%hO3uekk6PL1UM_U-RYK7F#oU*M8Cbs#4(s#)s?b>o8HftQ8OaLLLgt z?aNrG30Wgd#4{@l5g<{IgNg*Y(7wAb$8iou&ZL+ElSlIl{cErel&euQ(`DOx`>z6c z(~ooYvpq(80^cvG|1gLHofzX#PJ~|sY*TejBesG-UWyw{19yVq&b2Y2I(?MmSDS)8 z_9hA^>=a{Sn{d{M37H9P*%!(CX`KY=hRuP8${tG}15SgLorh-8bcn|2uLvJgj$2Jp z^02g0=<33lO^0vCGfc65l9KHVXj0T^*RU2DQ7hCbd8-`#C=8*vIJ4srA>s>VTp;9DA(or*OO??Wkl9EL4IcjpwN z@c0EOlwRZ+Ua|#ak#4bjLDt=nMu(L}Fm?(Ig1sOjV?#`1!E?~YbH7KOfVLDTO|fc` zp&1zWQ$S3Sic(>==i(e1Y3z3hF47ZbghJ5P3*WOi^ht?3&mK#|M1kV8{T9qKkzkya zzzw`#N_+AlR;y8a*I)*heY_QuF67%HJbxu0oJL!OxY}j!b#cFZhAn7j)AUik;FM?q zgo;5F55wS2L?TToU=sHO_!TFzCzd+CFKdylD{@UGE>_ZNTAAU^hNBaotKW4hFoJ(M z79pS5cXN!z<@>shdZ%Ws%roWgUIxg* zwY~;QDol3?B^*K4v`}0^h1#l3<)kZYSi9z08j2K277T(u&p_I;e`?c86kDOlqvA6d zA&>;4a{WL*XQuy2OsaW)5|jFDhqGz|?JC_Y`8AtQVW|V7(z?7nGaRxv(Lx0&lgEtP z9fsnUwp3SDxk_%9eu_p~*r%gI(nEQuCA!W`o7FiPX zQ^k&CqRz+7rbF*)RoI1aLUNyVv0Qh1Tt4qOD3-?rLgTxDyhIvTY}=)(Q` z&a(qdP`#rx?RX`lfY^J@%3;>^Zt2LS{W*XWci9+AK^aATgFDkZB`oZ;$t#dyyRVQd zC>}xk-w_%}o|_(AY+xb0E_`? zkBsWq!wGGXxzW(>jtDWR1g2l}G}C=eS(1lJP>8W(+~;v-0&Rma6PTMAugO<-T<*S% z(k$Tt$vaS#7E8%S(vC7j6R7aORO!3=m)hcaDAY9kF&_%cvEqymi$t)mCtVf~uPw)k z>yQsWQu)stA3qk3%Z(aG;|BBC=g%&!!p3LTVmtfoHv1cRb(o3b>I?N^}@W2{qP zD(*xA+6g642Ixa$zE7=AlMiFq#Axhidx5CQxLhBqf^4>({S9JIe=ke#y4V8K% z^JG2U@G9-k$78O}YF1%(a~@hSjw>B~AL$CMd+ZvvX`G_lRVaqe{{EDAaRty|OA~Yj)tw*Yr;X$y3mPHO>xS zoSZc(A4_bfVauGly^T@@s(07DNhZ=+)x13X`Q^#{YAzLtD%B_wK)L$DXO@czcyZ8% zLsC^8e`q#YD#U}Qt99k<7CtPs+DKONBB57WL3sZ1`sDBDZ!WG*F0PMHFArawom?NE z{BZd5+12%{ldFrKIar$e~zs`$<8{<&N$67HhsGOM%wm!gLi#}XI}gle1rPt7Kr(e zLx5X^|G0lp#eeT?@2>D)pXA|j@K)nH-gO)v$8ReLuJ-nI$j;Dull>^dF@re)+y!t) zH0FqjQ{EHVy%3QWW*I?5GAo`s`CsEz2dJca6BcBt2nU`sl4D`+W$y3qOW=}D&{s{; zjMo0-%lioJghDx#sd3O6^W@fxqoH#vCJ^|#>$n=}(xuqYj$6PlxonU}a24RVx)YAZ zeuC>vmx(bC!mf24`oC6797cO0LAyC6a7}Y(& z3jcAhy~2NdlBd};M@^cQ2-OBr-3im9H(^Jot)pX>Ng1YOP9oKAC{oWMx$rHDa#)B9 zbLT%{fBa8>mR|pwDW-0p%J4IE116WDV<5;D%5=H*h-w&ZrfF>485=W>01}RfG ze0jIe;B-5kt%g>=_k>?PrROpHpFAO!;QaV3;Q!k@Q}W-=?(T~JKgshr{;#;3f!~G; z?vEb{>bqcMG)>^223rSs0oFitZ7H(`^WNf_BIeo1%cPf$1g2&U1n6$C?>5-y&ofzN zxdzQ?zDq2;Zq|LyJX5EqKiP@(rAuvc{jtc9@nI#Edh>~8k}!TP{_GK4`DeV4EWh>2 zSml(4O?Tn>j2y02Y#pmL%zD5Y|CP4>EA9SQ+NhLW?LTyH;r>SBPbloCFlMG%WU&F} zMswzcbyriF9qM-&q}l8V(%G8*ZF}Q^)2Gys`oXIkIO~Q?C7H&A$AL)zad}?OLUaD{ zBV1-W#gJM9VQ6>fV^OH;MO>|)CY}BMIYW${^4saGvl|)=%6S*k zsG9nLbXmz7k9i)m|KsKVSKI$PolZ6W-_GvN_G0J3H-F{P!n$9>D)kKEwpif*1{C#RAi0wmQq^F>a9rpfJ#O6uF6( z=j})*>Qt5FQJ?Maz@NeR5^%3r!<|+#VIv9K7B3eKk{ex~F`hEOgYHd=rsE#Ar~|a2 zOdqRUb*3tH1pn4rwohO}$oqmd{?cHL>&D|d#SP&whRnZm9tMLz_)1nsgl*@Yz|tXo zrs_~FPgzg&x!Q+PITp;?$$>>I5m3M=Yd>u7>W%&DgC2%Q`BOv4nJr27L7chjo?%q4A{M( zXd&WGBs{G4J5?KseZQ+}BjPic9jozmO(+&iXvl`}XX_mW<}21ABGiR*QuO*5@y_@&+ZZ7X_<}@K#Kg zT7$P@@ez3ob%66xgwSr^ZCAhnq~s(|iu=0R=tEUuYr zg^IuYQDuI`<5=HL8I8Xx^f?P6UwoLC=Q~sT?8~OXEyycT?E{q|!eSoSuzQkCIJ-`Vh&z)G#c zz0${;%U`$t>V7Jl_V${t@%j8rbNOj7s1#P>^6TPXaE>n}*|3^pv*c-H+Izq{R8`Tso0^C12o`4Fm# zFd-_CEC!E%_F<%$I0=+hYzXkWek*v3(UL2N{8_uebQKj2uDW-cDxRj~_6GB`|9**u zXK|>%=tHD!DpO{aMV58S^ND5hAAB5c)aRbITKV0^|1s;D}NJL5f>X9Sm?Ac!{0_;B9BH#3IPU-97_^Un(@vw3U0wlrI2;*rnR z4QFcTqkMx|2AvyhJ(3w)uUc<@Vu=`v4?hHv&l+y>&wu)V`R-FX;@f-s-Npv+o_B{A zuTNjUG!Wvd_skcW=x4%b>mNVb^{~&MyXuWf^ZE0JL6|8J=>ky1rCB1QVK`xlP~F6^ zUYTV4P6qxowLwY3l^pKp82-?5-}f9)c^Hj{FZ*f9ce3zSY>ni-o5>c0=mI+(muhiU zEv}W)wz&H?nAht0;%908?~Oz_4u+9T#6#;?B>(Mg?^pdlclUNz{QoJQCOhX@CK5!R z#qq^>7`;3QeZ_5J-oM4r7Zf%o&0~NEX6ZonP0o&+*a+3E2~>UeP?e--`A@d97)7N$$&ua0+@_N6ace;|&y^!hgeaUWjC{Pn+m zu)AON|7q`cR_p&so~DK-(5pcMJRq!}bI9HU)I;fY5s6FN<07z)jDvpKq5xmlG=G{Z z&Bnt~A{+!U{h#BD|8bm~o0|zAhYn&8il`q5x_BxfDgdTX0hG}3+Ec)4y5&@hEfr~m zhnt%lsIkY>k@Fo>?PsRq3B|oJsi0jI7>(N?^1DUQPiHJL?(>Xy4Iso!YuqxfouhM& zCmJj1M-hgSy^~4kH?R@SCOeHXBMCZ=g|9(~qw3U7L^n6EhJd~qj2 z8AHS}Bo)b^Fde2Qz=qx>DA-iuInImHc$O*vmjC{zyeD`Zr$uSE^ah4wqvB5tVm%fQ zKjpweApv=q@ZUAU2z*5{jCjg=YLaCl&EUqHWinPpyw}aNjN;An*)sutY@gRh6bc;!=n`RA91WWreM({rqJd34-pzb-&<|cT8ZEiZwC)Fr$9P~w` z$RQFo`}xF<3+$OW>1Jd;`4HoQ>@+_KDqiHw0d!)pOs}GffS>E7Viu6II_VaILuRH{=H0P-##^*%}wyQU9r^4vtp_CV=o)qQGV9C`NXCjycLH9bN#~8e^%z3 zN4fXkY_U`b_Wo37`(?ceX%Z>34P!N!W=Y=9@}!1+Ek8G^)Ue!*r)g40jm7Tnwbb~E z?(DNS#D`MD+1x~@!4(rJKPx6;KlZYzIP=!dMYC*XI}6Vt{kOmOPEo^hzy115e(ZHqGSi!}pVh6KlBwZb((BFlkw%7EBsnj>{<7Y*(tfE}0_)}~ z4zWe6l~aCJE60B9l~Xlss#`p2bc=;Zrad>tHo1(R*T1e?8UPfa`dLW?JNgzYLWii z7uRM`V;W-=*4whw(AmqCef!jKHaE$lZN)|^&x(!MkG*heOb@5F;ZJOlrQ|%)vm2ue zyLlqr*n=KC^`Y8qwQkDKYTejR>C|U=a?e&k8|UWgtsc3~&Lh2+U4K)20a}q|-{xP| zE8fAiYqO3Tw_-Bq7OT$Hd)bNjCDbUpdVfKe=dKi|*<_co=m$Jx0j%bvDbXRN;M6+`k3o1xA2#Fjk+2NTkAgqU$tkV|+GiBYfhtXktvy+Cgs4j_BEB*mY_VnS(W%rMxN@ zkdB$Qh)z1*H>PK{yR1zFh`i?5PN0jX;LDLrGYETFG%#atWtfjeS;4o(P6v95HQdG) zn|48MG{^?Y4^jwK$oz>SXdi9f)cGWchNTua+=kCLYG!lW%n}@nu-#jT7nlWOk*Wgjc?3&x zsB$B+ZGxJ+Sf**v3xjNe^-`evAW5g-UA%%LHCf?SNR)#2uItvD)Dle|Z%w4^J1$v&~({;r7n>=XM}E;H~MEp^(D!=lHY=aEOLi0-<^ zxzxl}J-obp_vYf*Da0sHw*HXFao4e>D#4l-=dPt@lf9N`8QUN6Xed(0dEGkv1G#ssp4GE@ VR?p1m{{;X5|No5=kHi3e1prw60aO40 diff --git a/scaleout/stackn/examples/README.md b/scaleout/stackn/examples/README.md deleted file mode 100644 index a453430..0000000 --- a/scaleout/stackn/examples/README.md +++ /dev/null @@ -1,102 +0,0 @@ -# Local Deployment - -## Mac - - Install Helm: - ``` - brew install helm - ``` - - Install kubectl: - ``` - brew install kubectl - ``` - - Install multipass: - ``` - brew cask install multipass - ``` - - - Install microk8s: - ``` - brew install ubuntu/microk8s/microk8s - ``` - - Start microk8s: - ``` - microk8s install --cpu 4 --mem 8 --disk 30 - ``` - This starts microk8s with 4 CPUs, 8Gb of RAM, and 30GB of disk space. - - Enable add-ons: - ``` - microk8s enable dns storage rbac ingress - ``` - - Clone the Scaleout charts repo and check out the develop branch: - ``` - git clone https://github.com/scaleoutsystems/charts.git - cd charts - git checkout develop - cd .. - ``` - - Create a folder where you can keep configuration files for your deployment: - ``` - mkdir stackn-local - cd stackn-local - ``` - Then copy ``local.yaml`` from ``charts/scaleout/stackn/examples/``: - ``` - cp ../charts/scaleout/stackn/examples/local.yaml . - ``` - - You will need to make some edits to this file, but first get your kubeconfig for access to the cluster: - ``` - microk8s kubectl config view --raw > config - ``` - - Get the IP address of the VM running microk8s: - ``` - multipass list - ``` - - Edit ``config``: Change the line - ``` - server: https://127.0.0.1:16443 - to - server: https://your-ip:16443 - ``` - - Check that everything is working as expected by running for instance: - ``` - kubectl --kubeconfig config get pod - helm --kubeconfig config list - ``` - - If you want to make this cluster the default cluster: - ``` - cp config ~/.kube/config - ``` - Now you don't have to specify kubeconfig with ``kubectl`` and ``helm``. If you're managing multiple clusters, you can use the ``kubectx`` tool to be able to conveniently switch between different contexts. - - Now edit ``local.yaml``: - - Replace ``cluster_config`` with your config file. - - Search for 127.0.0.1 and replace with your cluster's IP. - - The last step before we can deploy STACKn is to create a self-signed wildcard certificate: - ``` - cp ../charts/scaleout/stackn/examples/issuer.yaml . - cp ../charts/scaleout/stackn/examples/certificate.yaml . - ``` - In ``certificate.yaml``, replace 127.0.0.1 with your IP. Install ``cert-manager``: - ``` - kubectl --kubeconfig config create namespace cert-manager - kubectl --kubeconfig config apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.13.1/cert-manager.yaml - ``` - Before installing the certificate, make sure that all the pods are up and running: - ``` - kubectl --kubeconfig config get po -n cert-manager - ``` - Now: - ``` - kubectl --kubeconfig config apply -f issuer.yaml - kubectl --kubeconfig config apply -f certificate.yaml - ``` - And finally, deploy STACKn: - ``` - helm --kubeconfig config install stackn ../charts/scaleout/stackn -f local.yaml - ``` - Note that you will need to take extra steps for your browser to accept the self-signed certificate. On Mac: - ``` - kubectl --kubeconfig config get secret prod-ingress -o jsonpath='{.data.ca\.crt}' | base64 -d > ca.crt - ``` - Then ``open ca.crt``, and add it to ``System`` in your key-chain. Right-click the entry, select ``Get Info``, expand ``Trust`` and set ``When using this certificate`` to ``Always Trust``. - - Once all the pods have started (check with ``kubectl --kubeconfig config get po``), you can browse to ``Studio`` at ``studio.your-ip.nip.io``. It could take up to 10 minutes to start all the pods. \ No newline at end of file diff --git a/scaleout/stackn/examples/certificate.yaml b/scaleout/stackn/examples/certificate.yaml deleted file mode 100644 index e09da0a..0000000 --- a/scaleout/stackn/examples/certificate.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: cert-manager.io/v1alpha2 -kind: Certificate -metadata: - name: prod-ingress -spec: - secretName: prod-ingress - dnsNames: - - "*.127.0.0.1.nip.io" - - "*.studio.127.0.0.1.nip.io" - issuerRef: - name: selfsigned-issuer \ No newline at end of file diff --git a/scaleout/stackn/examples/dev-cloud.yaml b/scaleout/stackn/examples/dev-cloud.yaml deleted file mode 100644 index 5aeb3f3..0000000 --- a/scaleout/stackn/examples/dev-cloud.yaml +++ /dev/null @@ -1,169 +0,0 @@ -# Default values for alliance-chart. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -### DEPLOY SECRETS WITH private helm chart 'secrets' from platform/secrets -## Name: imagePullSecret -## Description: Secret to pull images from our private repository. -imagePullSecrets: - - name: regcred - -## to create a regcred -## kubectl create secret docker-registry regcred --docker-server= --docker-username= --docker-password= - -# REQUIREMENT: set a storage class with ability to serve ReadWriteMany -# Name: storageClassName -# Description: Set a storage class for the resources that are reused for multi-mount-points in cluster. To reduce wasteful copying we allow to use the same dataset volume to be mounted multiple times. -# Default: hostpath (works with docker-for-desktop) -storageClassName: microk8s-hostpath -namespace: default - -studio: - servicename: studio - image: #tell which image to deploy for studio - repository: scaleoutsystems/studio:master # point to the latest beta image - pullPolicy: Always # used to ensure that each time we redeploy always pull the latest image - -# Enable ingress if you want your to access the studio solution from a kubernetes host/localhost. -domain: 3.231.229.94.nip.io -ingress: - enabled: true - image: #tell which image to deploy for studio - repository: scaleoutsystems/ingress:master - pullPolicy: Always - annotations: {} - hosts: - - host: 3.231.229.94.nip.io - - # setup TLS if you have a platform certificate or use 'tls-acme' if you have certbot deployed and want to generate a certificate. - #tls: - #- secretName: platform-tls-secret - # hosts: - # - platform.local - - -service: - type: ClusterIP #override if you want to use NodePort instead to access cluster services - -#override if you want to try out a HA (HIGH AVAILABILITY) setup. -replicaCount: 1 - -# override if certain resource requirements should apply -resources: {} - -# override if certain nodes should be used for the deployed resources. -nodeSelector: {} - -# override if declaring that some criteria is tolerated for resource co-existing. -tolerations: [] - -affinity: {} - - - -# Postgres default credentials for backend DB. Override for security! -postgres: - db: - name: postgres - user: postgres - password: postgres - - -# default credentials for rabbitmq. override in production! -rabbit: - username: admin - password: LJqEG9RE4FdZbVWoJzZIOQEI - -chartcontroller: - image: - repository: scaleoutsystems/chart-controller:master - pullPolicy: Always - - - -cluster_config: |- - apiVersion: v1 - clusters: - - cluster: - certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURBVENDQWVtZ0F3SUJBZ0lKQU1JUVFZRVdOeWhKTUEwR0NTcUdTSWIzRFFFQkN3VUFNQmN4RlRBVEJnTlYKQkFNTURERXdMakUxTWk0eE9ETXVNVEFlRncweU1EQTBNVGN4TVRRME1EaGFGdzB5TURBMU1UY3hNVFEwTURoYQpNQmN4RlRBVEJnTlZCQU1NRERFd0xqRTFNaTR4T0RNdU1UQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQCkFEQ0NBUW9DZ2dFQkFMUVE5eG5wOXEzYUtSam5UTVR1WFpHZjVBRDFYcHpZcCtGcUZZRm9Od2llMVBYOC9saUUKbWVDS0dnWnZRbjZ3bkZ6ajh0TDFrMk5YSUxNNXU1SFdlS3ViWDk3SHU3UUM5VGNoVElTcUQzbzd1WVcxQmF3eAovdThQVTd2RHVYTWJTVjRIcDdSRHFSY01Pa0thTVFwVC94RkFNSkZXNUx4aHh3RDB2UFVRN09vdUdnT3kzcDRaClEvdUxGcXptblNkUzdSR2dQd0FjV2tkOThWdk9NNlB3Znh6RWtWOFlhaGtxVExoelpVc3RweTNGT1hSUms1U04KZzRJc29URThCazdGVGZReXFiaXV1SkxMWTJKSmdNN2gyMThnZzBPaVZBYzc4Y2xMeTk3Z3Zic2htclhEb2tteApOSVJNOVRUMUd3SGtSc0JJRVQ5WUd5NWw2MGNyRHlWK0poRUNBd0VBQWFOUU1FNHdIUVlEVlIwT0JCWUVGSDdlClZYMHRNRzY4SmFsR0JVSm5DelNvUExBNk1COEdBMVVkSXdRWU1CYUFGSDdlVlgwdE1HNjhKYWxHQlVKbkN6U28KUExBNk1Bd0dBMVVkRXdRRk1BTUJBZjh3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUtrQitsaHdhUFNINjFuYgovTlRuejZMVVNZNC9hWUs1dExGTXFVMWdjNEdBTXd6OFFYQXFyWWRsb016UHJ2L3QvZEZvanhrdGVyNlBlcVZJCm14SUxwU2VueE5Fa0Q2bVhrU3JZSmVFbFBqQTBoSDZNY3RwUzM3T3BHL0xrNExlV3RCTDlsZEk5cDY5U0M5b0UKWUgvZEJxc0xmT2FYaFg2ZFlrZGxyZDBhVE5abFZKMVRIditsVitjbUN0TWkrWUxIcHYwRnF5ZldMdzZxdkRwUQo4UUZ1cWc4NnhkTEVISzRVSnRSUzRjeTVPejI1aUYvUmRBdTFtRGIrald3TXUvTUxQM3NpdTRSVjEzMmR0a0l5Cld1T1ZadzNTZzlRcjNVcVZLdUhuTlZuU0RwL0hHS1RUSWFNMCtSOU5LSmFKRkJ3d3A4MFFRbjBSY2VQVmYrNUwKa1pRRC9ZZz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - server: https://3.231.229.94:16443 - name: microk8s-cluster - contexts: - - context: - cluster: microk8s-cluster - user: admin - name: microk8s - current-context: microk8s - kind: Config - preferences: {} - users: - - name: admin - user: - username: admin - password: bjdRL1I3bU5RYzRnTjlWT0JaaCtlU3djVjN4V2RSS0RaTktIRXVxdVRjTT0K - -docker-registry: - namespace: default - service: - type: ClusterIP - enabled: true - ingress: - enabled: true - annotations: - nginx.ingress.kubernetes.io/proxy-body-size: "5500m" - hosts: - - registry.3.231.229.94.nip.io - tls: - - secretName: ingress-secret - hosts: - - registry.3.231.229.94.nip.io - - persistence: - enabled: true - accessMode: ReadWriteOnce - size: 10Gi - -argo: - installCRD: false - enabled: true - ui: - ingress: - enabled: true - annotations: - nginx.ingress.kubernetes.io/proxy-body-size: 1000m - hosts: - - workflow.3.231.229.94.nip.io - tls: - - secretName: ingress-secret - hosts: - - workflow.3.231.229.94.nip.io - -argo-events: - enabled: true - installCRD: false - namespace: argo-events - singleNamespace: false - - -openfaas: - functionNamespace: stack-fn - exposeServices: true - async: true - rbac: false - psp: false - securityContext: true - basic_auth: false - operator: - create: true - ingress: - enabled: true - hosts: - - host: serve.3.231.229.94.nip.io - serviceName: gateway - servicePort: 8080 - path: / - #annotations: {} - tls: - - secretName: ingress-secret - hosts: - - serve.3.231.229.94.nip.io diff --git a/scaleout/stackn/examples/dev.yaml b/scaleout/stackn/examples/dev.yaml deleted file mode 100644 index feb863f..0000000 --- a/scaleout/stackn/examples/dev.yaml +++ /dev/null @@ -1,167 +0,0 @@ -# Default values for alliance-chart. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -### DEPLOY SECRETS WITH private helm chart 'secrets' from platform/secrets -## Name: imagePullSecret -## Description: Secret to pull images from our private repository. -imagePullSecrets: - - name: regcred - -## to create a regcred -## kubectl create secret docker-registry regcred --docker-server= --docker-username= --docker-password= - -# REQUIREMENT: set a storage class with ability to serve ReadWriteMany -# Name: storageClassName -# Description: Set a storage class for the resources that are reused for multi-mount-points in cluster. To reduce wasteful copying we allow to use the same dataset volume to be mounted multiple times. -# Default: hostpath (works with docker-for-desktop) -storageClassName: microk8s-hostpath -namespace: default - -studio: - servicename: studio - image: #tell which image to deploy for studio - repository: registry.demo.scaleout.se/studio:latest # point to the latest beta image - pullPolicy: Always # used to ensure that each time we redeploy always pull the latest image - -# Enable ingress if you want your to access the studio solution from a kubernetes host/localhost. -domain: 84.217.112.68.nip.io -ingress: - enabled: true - image: #tell which image to deploy for studio - repository: registry.demo.scaleout.se/ingress:latest - pullPolicy: Always - annotations: {} - hosts: - - host: 84.217.112.68.nip.io - - # setup TLS if you have a platform certificate or use 'tls-acme' if you have certbot deployed and want to generate a certificate. - #tls: - #- secretName: platform-tls-secret - # hosts: - # - platform.local - - -service: - type: ClusterIP #override if you want to use NodePort instead to access cluster services - -#override if you want to try out a HA (HIGH AVAILABILITY) setup. -replicaCount: 1 - -# override if certain resource requirements should apply -resources: {} - -# override if certain nodes should be used for the deployed resources. -nodeSelector: {} - -# override if declaring that some criteria is tolerated for resource co-existing. -tolerations: [] - -affinity: {} - - - -# Postgres default credentials for backend DB. Override for security! -postgres: - db: - name: postgres - user: postgres - password: postgres - - -# default credentials for rabbitmq. override in production! -rabbit: - username: admin - password: LJqEG9RE4FdZbVWoJzZIOQEI - -chartcontroller: - image: - repository: scaleoutsystems/chart-controller:master - pullPolicy: Always - - - -cluster_config: |- - apiVersion: v1 - kind: Config - clusters: - - cluster: - certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURDVENDQWZHZ0F3SUJBZ0lVVkMzY2dpQ3hidEFIY05Fd3RDd0Z5c2ZOSk5Fd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZERVNNQkFHQTFVRUF3d0pNVEkzTGpBdU1DNHhNQjRYRFRFNU1USXdNVEV3TkRNek1Wb1hEVFEzTURReApPREV3TkRNek1Wb3dGREVTTUJBR0ExVUVBd3dKTVRJM0xqQXVNQzR4TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGCkFBT0NBUThBTUlJQkNnS0NBUUVBNXBRdHd3aVlDR2FBYkpMVTdPV0xpSjVRTEhLeEdDRE84Q3JZd3F6U1FBQVQKbWZKWXQzaXl0OGVYMDY2U2FmUEsvSHhGY1VlcVVrVDBHSUFVSTdZV0tZRk5vOU5HMXlOUDVTb0hRQkdZVDlwZQpoc3dTNlNjOEIxMGpiZkNRTmVDbmd4a3N1b1Z2aUZqVlAzY1VCLzJsM0Y3T2RPcDhzMHBiUmVYM3JDeW9xUW9PCnk5QjZhaFNxR0dqT2thQ2FUcDRoalJrOElBVnB5MFdBd2J2SDNKLzRvUTU0WVBzZ01DWHdjelVGczBzOTdEZlUKOUNGcVByeTREQ1Iwc3A3T1huVHcyY09yUFJmL1NIUXJmejVLK2xCTEdoMjBYb3cvV3p4ejRueXZYRnhFbDMxegpycURrbUU3ZkMyRXNFZWpkaHpyT3NENXF3Uk10eXlDb1ZYdk9iSUl6U1FJREFRQUJvMU13VVRBZEJnTlZIUTRFCkZnUVVCc1BFOGljNEdWRFRXT2dPeGlTcjlUbiszd0l3SHdZRFZSMGpCQmd3Rm9BVUJzUEU4aWM0R1ZEVFdPZ08KeGlTcjlUbiszd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBQnNyawpNUnNjczZuYW9wL29iM21XYVIwK090YW02SHgzTGN1eU1KN0lMSUk2RlRKbVo0dlA0YXNqWGRXWVNaQVZUeEM1CnEwMXZHK2w4eHpZaFJIcGhCcFZNWms5WWtxQnJ4YUw5VG9Zd0VMMitmalZqOWpnQTNTZTZDNnhEOXUyWHR1QXgKaFdaM1lrOUhNNms4azR4OWpVVTl0c1hVbzRmaWI5RFZ0TFdaY1I4dXlScW1ZclQyeHAzRkVmdnZoTytIakt6TwowdVRIckxwem5ocmZjcU5TREZwaURRY0lURlRpY2w2QU05cWhPZHFpNW9rUnRSVVAxZnZyM0E2cnNRQWV3c3JVCkdmd2tRSjVxUzFOeVMvTEVQaHJMazVCMVQzWWk0SGYrdkpSZFVZaEEzUTdRZ1M5ODcvSmlRbWlsUG84eXZIWG0KTnkrTG5RS0NKeVRJNmsrdk9BPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - server: https://192.168.1.5:16443 - name: microk8s-cluster - users: - - name: microk8s-admin - user: - password: TGMxTXIyS2VnSnJiS2crb2JvQ0wvTnpYK3F5RkFzcUNSL0ZMeEJwUDB2WT0K - username: admin - contexts: - - context: - cluster: microk8s-cluster - user: microk8s-admin - name: microk8s - - current-context: "microk8s" - - -docker-registry: - enabled: true - ingress: - enabled: true - annotations: - nginx.ingress.kubernetes.io/proxy-body-size: "5500m" - hosts: - - registry.84.217.112.68.nip.io - tls: - - secretName: ingress-secret - hosts: - - registry.84.217.112.68.nip.io - - persistence: - enabled: true - accessMode: ReadWriteOnce - size: 10Gi - -argo: - installCRD: false - enabled: true - ui: - ingress: - enabled: true - annotations: - nginx.ingress.kubernetes.io/proxy-body-size: 1000m - hosts: - - workflow.84.217.112.68.nip.io - tls: - - secretName: ingress-secret - hosts: - - workflow.84.217.112.68.nip.io - -argo-events: - enabled: true - installCRD: false - namespace: argo-events - singleNamespace: false - - -openfaas: - functionNamespace: stack-fn - exposeServices: true - async: true - rbac: false - psp: false - securityContext: true - basic_auth: false - operator: - create: true - ingress: - enabled: true - hosts: - - host: serve.84.217.112.68.nip.io - serviceName: gateway - servicePort: 8080 - path: / - #annotations: {} - tls: - - secretName: ingress-secret - hosts: - - serve.84.217.112.68.nip.io diff --git a/scaleout/stackn/examples/issuer.yaml b/scaleout/stackn/examples/issuer.yaml deleted file mode 100644 index df5c888..0000000 --- a/scaleout/stackn/examples/issuer.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: cert-manager.io/v1alpha2 -kind: Issuer -metadata: - name: selfsigned-issuer -spec: - selfSigned: {} \ No newline at end of file diff --git a/scaleout/stackn/examples/local.yaml b/scaleout/stackn/examples/local.yaml deleted file mode 100644 index 9f0bca5..0000000 --- a/scaleout/stackn/examples/local.yaml +++ /dev/null @@ -1,234 +0,0 @@ -# Default values for alliance-chart. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -### DEPLOY SECRETS WITH private helm chart 'secrets' from platform/secrets -## Name: imagePullSecret -## Description: Secret to pull images from our private repository. -imagePullSecrets: - - name: regcred - -## to create a regcred -## kubectl create secret docker-registry regcred --docker-server= --docker-username= --docker-password= - -# REQUIREMENT: set a storage class with ability to serve ReadWriteMany -# Name: storageClassName -# Description: Set a storage class for the resources that are reused for multi-mount-points in cluster. To reduce wasteful copying we allow to use the same dataset volume to be mounted multiple times. -# Default: microk8s-hostpath (works with docker-for-desktop) -storageClassName: microk8s-hostpath -namespace: default - -studio: - servicename: studio - image: #tell which image to deploy for studio - repository: scaleoutsystems/studio:develop # point to the latest beta image - pullPolicy: Always # used to ensure that each time we redeploy always pull the latest image - storage: - StorageClassName: microk8s-hostpath - size: 2Gi - -# Enable ingress if you want your to access the studio solution from a kubernetes host/localhost. -domain: studio.127.0.0.1.nip.io -ingress: - enabled: true - image: #tell which image to deploy for studio - repository: scaleoutsystems/ingress:master - pullPolicy: Always - annotations: {} - hosts: - - host: studio.127.0.0.1.nip.io - - # setup TLS if you have a platform certificate or use 'tls-acme' if you have certbot deployed and want to generate a certificate. - tls: - - secretName: prod-ingress - hosts: - - studio.127.0.0.1.nip.io - - -service: - type: ClusterIP #override if you want to use NodePort instead to access cluster services - -#override if you want to try out a HA (HIGH AVAILABILITY) setup. -replicaCount: 1 - -# override if certain resource requirements should apply -resources: {} - -# override if certain nodes should be used for the deployed resources. -nodeSelector: {} - -# override if declaring that some criteria is tolerated for resource co-existing. -tolerations: [] - -affinity: {} - - - -# Postgres default credentials for backend DB. Override for security! -postgres: - enabled: false - db: - name: postgres - user: postgres - password: postgres - - -# default credentials for rabbitmq. override in production! -rabbit: - username: admin - password: LJqEG9RE4FdZbVWoJzZIOQEI - -chartcontroller: - enabled: false - image: - repository: scaleoutsystems/chart-controller:develop - pullPolicy: Always - branch: develop - - - -cluster_config: |- - apiVersion: v1 - clusters: - - cluster: - certificate-authority-data: cert-auth-data= - server: https://127.0.0.1:16443 - name: local - contexts: - - context: - cluster: local - user: admin - name: local - current-context: local - kind: Config - preferences: {} - users: - - name: admin - user: - token: your-token - -docker-registry: - enabled: true - ingress: - enabled: true - annotations: - nginx.ingress.kubernetes.io/proxy-body-size: "5500m" - hosts: - - registry.127.0.0.1.nip.io - tls: - - secretName: prod-ingress - hosts: - - registry.127.0.0.1.nip.io - - persistence: - enabled: true - accessMode: ReadWriteOnce - size: 2Gi - storageClass: microk8s-hostpath - -argo: - enabled: false - -argo-events: - enabled: false - - -openfaas: - enabled: false - - -keycloak: - ingress: - enabled: true - annotations: - nginx.ingress.kubernetes.io/proxy-buffer-size: "128k" - rules: - - host: "keycloak.127.0.0.1.nip.io" - paths: - - / - tls: - - secretName: prod-ingress - hosts: - - keycloak.127.0.0.1.nip.io - persistence: - deployPostgres: true - dbVendor: postgres - pullPolicy: Always - - extraVolumes: | - - name: realm-secret - secret: - secretName: realm-secret - - extraVolumeMounts: | - - name: realm-secret - mountPath: "/realm/" - readOnly: true - - extraEnv: | - - name: KEYCLOAK_IMPORT - value: /realm/realm.json - - name: KEYCLOAK_USER - value: keycloak_admin - - name: KEYCLOAK_PASSWORD - value: aFGMSDLKmfdskHJASd - - name: PROXY_ADDRESS_FORWARDING - value: "true" - - postgresql: - postgresqlUsername: keycloak - postgresqlPassword: usOcCo+lh\TuIO:(p:Om9' - postgresqlDatabase: keycloak - persistence: - enabled: true - storageClass: microk8s-hostpath - size: 2Gi - - args: - - "-Dkeycloak.profile.feature.token_exchange=enabled" - -oidc: - enabled: true - realm: STACKn - client_id: studio - client_secret: Q#cdsIA(2MDAKLS00caradsf, search and replace +# - cluster_config , kubernetes cluster + +#NOTES +# - For local development/testing consider setting "oidc.verify_ssl" to false + +#Set global values to overide default +global: + studio: + superUser: "" + superuserPassword: "" + superuserEmail: "" + existingSecret: "" + storageClass: &storage_class microk8s-hostpath + +### A Postgres database for STACKn ### +# Here we use https://charts.bitnami.com/bitnami postgresql chart + +# Postgres deploy with a single-pod database: +postgresql: + enabled: true + postgresqlUsername: stackn + postgresqlPassword: "" + postgresqlDatabase: stackn + existingSecret: "" + fullnameOverride: stackn-studio-postgres + service: + port: 5432 + persistence: + enabled: true + size: 20Gi + storageClass: *storage_class + accessModes: + - ReadWriteMany + +# Will be added in future realease, for now keep "enabled:false" +postgresql-ha: + enabled: false + +### DEPLOY SECRETS WITH private helm chart 'secrets' from platform/secrets +## Name: imagePullSecret +## Description: Secret to pull images from our private repository. +imagePullSecrets: + - name: regcred + +## to create a regcred +## kubectl create secret docker-registry regcred --docker-server= --docker-username= --docker-password= + +#Set stoargeClass +storageClassName: *storage_class +namespace: default +existingSecret: "" + +studio: + servicename: studio + replicas: 1 + debug: true + static: + replicas: 1 + image: ghcr.io/morganekmefjord/stackn/ingress:master #This image can be built from Dockerfile.nginx inside stackn/components/studio (https://github.com/scaleoutsystems/stackn) + resources: + limits: + cpu: 1 + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + image: #tell which image to deploy for studio + repository: ghcr.io/morganekmefjord/stackn/studio:revamp_auth #This image can be built from Dockerfile inside stackn/components/studio (https://github.com/scaleoutsystems/stackn) + pullPolicy: Always # used to ensure that each time we redeploy always pull the latest image + resources: + limits: + cpu: 1000m + memory: 4Gi + requests: + cpu: 400m + memory: 2Gi + storage: + StorageClassName: *storage_class + size: 2Gi + media: + storage: + storageClassName: *storage_class + size: 5Gi + accessModes: ReadWriteMany + superUser: admin + superuserPassword: "" + superuserEmail: admin@test.com + +celeryWorkers: + replicas: 2 + resources: + requests: + cpu: 100m + memory: 1Gi + limits: + cpu: 1000m + memory: 8Gi + +# Enable ingress if you want your to access the studio solution from a kubernetes host/localhost. +domain: studio.10.0.145.40.nip.io +ingress: + enabled: true + image: #tell which image to deploy for studio + repository: ghcr.io/morganekmefjord/stackn/ingress:master #This image can be built from Dockerfile.nginx inside stackn/components/studio (https://github.com/scaleoutsystems/stackn) + pullPolicy: Always + annotations: {} + hosts: + - host: studio.10.0.145.40.nip.io + + # setup TLS if you have a platform certificate or use 'tls-acme' if you have certbot deployed and want to generate a certificate. + tls: + - secretName: prod-ingress + hosts: + - studio.10.0.145.40.nip.io + +service: + type: ClusterIP #override if you want to use NodePort instead to access cluster services + +# default credentials for rabbitmq. override in production! +rabbit: + username: admin + password: "" + +chartcontroller: + enabled: false + image: + repository: scaleoutsystems/chart-controller:master + pullPolicy: Always + branch: master + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 200m + memory: 512Mi + #addSecret -- if true create chart-controller-secret from cluster_config, if false it must be added manually + addSecret: true + + +### Cluster config ### +# kubectl config view --raw +cluster_config: |- + apiVersion: v1 + clusters: + - cluster: + certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREekNDQWZlZ0F3SUJBZ0lVU2FuRGtzSzFOVEVhMWVHOWFYREhVbmFpM3hFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0Z6RVZNQk1HQTFVRUF3d01NVEF1TVRVeUxqRTRNeTR4TUI0WERUSXhNRGt5TWpFeU5UazFOMW9YRFRNeApNRGt5TURFeU5UazFOMW93RnpFVk1CTUdBMVVFQXd3TU1UQXVNVFV5TGpFNE15NHhNSUlCSWpBTkJna3Foa2lHCjl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFyTnA4SWh0cTRRWHRPTklJcWxlTnlZbjdXTVZvMWxkR3ZzSmcKYnRlV29Zb1E1MFlEMitMdHRZWFM4WG5mYytHMEpLN3FTM3lyNWMvcEhpNTh5SGZ4QU5Vd3lsNEgwT01Lb2cwVwpKempXcTNQNWRVTGpMWDBZTy93ZzcrRmVBcGJ5SHUzcWVsTGJQNHJUUnBUU0xva2o2ZVJtS25MRUZVQ1YwZG55CjVTY0JtZ3pEbzdGVHM1ZzVTSUdpQ1NDa1ZTMmlvZE4xUWlTOTlnQi8yMVBSdXl3WXZLbVlSZENVRDVFMUVlL3AKZjVPQVh2ZTJkVEg2TytOUTQrS21UQnh1TC9Wd1pJR3NnQ3pTQURBNFFiQ1poa0FBdGd6R2RqaU1RRDBLbUh2WApqanVZMlNWVkcrS2Naa2puT2xNc0pZQk5aSjRmc3FQcXZxK055WHJ3V280aERGbkZZUUlEQVFBQm8xTXdVVEFkCkJnTlZIUTRFRmdRVW9lTjNSWlRiMk16Q0Z0Rkh5QU9jRjZtQWEwRXdId1lEVlIwakJCZ3dGb0FVb2VOM1JaVGIKMk16Q0Z0Rkh5QU9jRjZtQWEwRXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQwpBUUVBYm9LMWlTWmhzREdweEU3Y2dGazdLbmdRNDRuNGh3UXJENG9tNkdtZjBvalFyQ1JPaGRSaXBCb0oxZWdyCkJiRCtmcVNyTTFNdjd5QXIwMkVPQS85d2lrNkRrenl2RERGR1lyNVJHOUIwc2FFcmN4cVZjQzR3OVAvM3lKZFUKczZWVWlBUWhuNkJHYjJ0RW5rU0R0VVI4b0Y4Uyt6eStCY0VDOVl2SWNkbWZCS3hsMTg3dG0wRmpvVmhCNjBKbQoxNlhtMHhZbjhOekJWVmYvUlNIQ2ZzUW1Oa1dVdUUxQXFadU0vaXVKeitHRlpHczVJellONUxYR3JEREYxczJRClV3eERHL21QTFhDMVhjakxYVHNPcTc0QjRWOXNnQm1MTkdEMjdYdjhueFBGeEl2amEwb21xM0R4MW9qSmcxU1QKakIrVko0Qm1uSVQ0emlaTCtTMTR1WVpkeWc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + server: https://10.0.145.40:16443 + name: microk8s-cluster + contexts: + - context: + cluster: microk8s-cluster + user: admin + name: microk8s + current-context: microk8s + kind: Config + preferences: {} + users: + - name: admin + user: + token: RDdLMnk3dUcrTDAxY2NMM3N3UEk5VTMyREZOTTcrNlFxZkF3bWFUODZpdz0K + +# Django fixtures for defining: +# - app categories +# - object types (to categorize “objects”, often model objects). We might for instance want a few different +# categories such as “models”, “tensorflow models”, and “FEDn Compute Packages”). An object is a pointer to a file stored in S3. +# - Periodic Celery tasks. These are controlled from the Django database. By default, we have three tasks: One that syncs MLflow +# models to STACKn objects, one that checks app statuses, and one that checks resource usage. +fixtures: |- + [ + { + "model": "projects.projecttemplate", + "pk": 1, + "fields": { + "name": "STACKn Default", + "slug": "default", + "description": "Default project template.", + "template": { + "flavors": { + "Medium": { + "cpu": { + "requirement": "100m", + "limit": "1000m" + }, + "mem": { + "requirement": "1Gi", + "limit": "8Gi" + }, + "gpu": { + "requirement": "0", + "limit": "0" + }, + "ephmem": { + "requirement": "50Mi", + "limit": "100Mi" + } + } + }, + "environments": { + "Jupyter Notebook": { + "repository": "scaleoutsystems", + "image": "jupyter-stackn:v0.1.5", + "app": "lab" + }, + "Default Serving": { + "repository": "scaleoutsystems", + "image": "default-python:latest", + "app": "fastapi-serve" + }, + "MLflow Serving": { + "repository": "scaleoutsystems", + "image": "mlflow-serve:latest", + "app": "mlflow-serve" + }, + "Ubuntu": { + "repository": "scaleoutsystems", + "image": "wetty-ubuntu:v0.1.2", + "app": "ubuntu-terminal" + }, + "Dask": { + "repository": "daskdev", + "image": "dask", + "app": "dask-cluster" + }, + "FEDn Reducer": { + "repository": "scaleoutsystems", + "image": "fedn-reducer:master", + "app": "reducer" + }, + "FEDn Combiner": { + "repository": "scaleoutsystems", + "image": "fedn-combiner:master", + "app": "combiner" + } + }, + "apps": { + "minio-vol": { + "slug": "volume", + "volume.size": "5Gi", + "permission": "project" + }, + "reg-vol": { + "slug": "volume", + "volume.size": "5Gi", + "permission": "project" + }, + "project-vol": { + "slug": "volume", + "volume.size": "5Gi", + "permission": "project" + }, + "project-minio": { + "slug": "minio", + "app:volume": ["minio-vol"], + "credentials.access_key": "accesskey2", + "credentials.secret_key": "secretkey193", + "permission": "project" + }, + "project-registry": { + "slug": "docker_registry", + "app:volume": ["reg-vol"], + "credentials.username": "username123", + "credentials.password": "pass999111222", + "permission": "project" + } + }, + "settings": { + "project-S3": "project-minio" + } + } + } + }, + { + "model": "projects.projecttemplate", + "pk": 2, + "fields": { + "name": "FEDn MNIST", + "slug": "fedn-mnist", + "description": "FEDn MNIST project template.", + "template": { + "flavors": { + "CPU": { + "cpu": { + "requirement": "100m", + "limit": "4000m" + }, + "mem": { + "requirement": "1Gi", + "limit": "16Gi" + }, + "gpu": { + "requirement": "0", + "limit": "0" + }, + "ephmem": { + "requirement": "50Mi", + "limit": "100Mi" + } + } + }, + "environments": { + "Jupyter STACKn": { + "repository": "scaleoutsystems", + "image": "jupyter-stackn:v0.1.5", + "app": "lab" + }, + "Ubuntu": { + "repository": "scaleoutsystems", + "image": "wetty-ubuntu:v0.1.2", + "app": "ubuntu-terminal" + }, + "Dask": { + "repository": "daskdev", + "image": "dask", + "app": "dask-cluster" + }, + "FEDn Reducer": { + "repository": "scaleoutsystems", + "image": "fedn-reducer:master", + "app": "reducer" + }, + "FEDn Combiner": { + "repository": "scaleoutsystems", + "image": "fedn-combiner:master", + "app": "combiner" + }, + "MNIST Client": { + "repository": "scaleoutsystems", + "image": "mnist-client:v0.6.0", + "app": "fedn-client" + } + }, + "apps": { + "minio-vol": { + "slug": "volume", + "volume.size": "20Gi", + "permission": "private" + }, + "reg-vol": { + "slug": "volume", + "volume.size": "20Gi", + "permission": "private" + }, + "project-vol": { + "slug": "volume", + "volume.size": "20Gi", + "permission": "private" + }, + "mongodb-vol": { + "slug": "volume", + "volume.size": "5Gi", + "permission": "private" + }, + "combiner-vol": { + "slug": "volume", + "volume.size": "5Gi", + "permission": "private" + }, + "S3 store": { + "slug": "minio", + "app:volume": ["minio-vol"], + "credentials.access_key": "accesskey2", + "credentials.secret_key": "secretkey193" + }, + "FEDn MongoDB": { + "slug": "mongodb", + "app:volume": ["mongodb-vol"], + "credentials.username": "admin", + "credentials.password": "password" + }, + "FEDn MongoExpress": { + "slug": "mongo-express", + "app:mongodb": ["FEDn MongoDB"] + }, + "Docker Registry": { + "slug": "docker_registry", + "app:volume": ["reg-vol"], + "credentials.username": "username123", + "credentials.password": "pass999111222" + }, + "Reducer": { + "slug": "reducer", + "S3": "S3 store", + "environment": "FEDn Reducer", + "app:mongodb": ["FEDn MongoDB"], + "app:docker_registry": ["Docker Registry"], + "reducer.pullPolicy": "IfNotPresent" + }, + "Combiner": { + "slug": "combiner", + "app:volume": ["combiner-vol"], + "app:reducer": ["Reducer"], + "environment": "FEDn Combiner", + "combiner.pullPolicy": "IfNotPresent" + } + }, + "settings": { + "project-S3": "S3 store" + } + } + } + }, + { + "model": "apps.appcategories", + "pk": "compute", + "fields": { + "name": "Compute" + } + }, + { + "model": "apps.appcategories", + "pk": "fedn", + "fields": { + "name": "FEDn" + } + }, + { + "model": "apps.appcategories", + "pk": "develop", + "fields": { + "name": "Develop" + } + }, + { + "model": "apps.appcategories", + "pk": "serve", + "fields": { + "name": "Serve" + } + }, + { + "model": "apps.appcategories", + "pk": "store", + "fields": { + "name": "Store" + } + }, + { + "model": "apps.apps", + "pk": 1, + "fields": { + "name": "Jupyter Lab", + "slug": "lab", + "category": "compute", + "table_field": { + "url": "https://{{ release }}.{{ global.domain }}" + }, + "description": "", + "priority": "500", + "settings": { + "apps": { + "Persistent Volume": "many" + }, + "flavor": "one", + "environment": { + "name": "from", + "title": "Image", + "quantity": "one", + "type": "match" + }, + "permissions": { + "public": { + "value": "false", + "option": "false" + }, + "project": { + "value": "true", + "option": "true" + }, + "private": { + "value": "false", + "option": "true" + } + }, + "export-cli": "True" + }, + "chart": "apps/lab/chart", + "logo": "apps/lab/logo.png", + "updated_on": "2021-03-10T19:45:03.927Z", + "created_on": "2021-02-19T21:34:37.815Z" + } + }, + { + "model": "apps.apps", + "pk": 2, + "fields": { + "name": "Persistent Volume", + "slug": "volume", + "category": "store", + "table_field": {}, + "description": "", + "priority": "600", + "settings": { + "volume": { + "size": { + "type": "string", + "default": "1Gi", + "title": "Size" + }, + "storageClass": { + "type": "string", + "default": "", + "title": "StorageClass" + }, + "accessModes": { + "type": "string", + "default": "ReadWriteMany", + "title": "AccessModes" + } + }, + "permissions": { + "public": { + "value": "false", + "option": "false" + }, + "project": { + "value": "true", + "option": "true" + }, + "private": { + "value": "false", + "option": "true" + } + } + }, + "chart": "apps/volume/chart", + "logo": "apps/volume/logo.png", + "updated_on": "2021-03-10T19:45:03.927Z", + "created_on": "2021-02-19T21:34:37.815Z" + } + }, + { + "model": "django_celery_beat.intervalschedule", + "pk": 1, + "fields": { + "every": 3, + "period": "seconds" + } + }, + { + "model": "django_celery_beat.intervalschedule", + "pk": 2, + "fields": { + "every": 15, + "period": "seconds" + } + }, + { + "model": "django_celery_beat.periodictask", + "pk": 1, + "fields": { + "name": "celery.backend_cleanup", + "task": "celery.backend_cleanup", + "interval": 1, + "crontab": null, + "solar": null, + "clocked": null, + "args": "[]", + "kwargs": "{}", + "queue": null, + "exchange": null, + "routing_key": null, + "headers": "{}", + "priority": null, + "expires": null, + "expire_seconds": 43200, + "one_off": false, + "start_time": null, + "enabled": true, + "last_run_at": null, + "total_run_count": 0, + "date_changed": "2021-02-26T13:49:34.038Z", + "description": "" + } + }, + { + "model": "django_celery_beat.periodictask", + "pk": 2, + "fields": { + "name": "check_resource_usage", + "task": "apps.tasks.get_resource_usage", + "interval": 2, + "crontab": null, + "solar": null, + "clocked": null, + "args": "[]", + "kwargs": "{}", + "queue": null, + "exchange": null, + "routing_key": null, + "headers": "{}", + "priority": null, + "expires": null, + "expire_seconds": null, + "one_off": false, + "start_time": null, + "enabled": true, + "last_run_at": "2021-02-26T14:03:34.731Z", + "total_run_count": 45, + "date_changed": "2021-02-26T14:03:40.178Z", + "description": "" + } + }, + { + "model": "django_celery_beat.periodictask", + "pk": 3, + "fields": { + "name": "check_app_status", + "task": "apps.tasks.check_status", + "interval": 1, + "crontab": null, + "solar": null, + "clocked": null, + "args": "[]", + "kwargs": "{}", + "queue": null, + "exchange": null, + "routing_key": null, + "headers": "{}", + "priority": null, + "expires": null, + "expire_seconds": null, + "one_off": false, + "start_time": null, + "enabled": true, + "last_run_at": "2021-02-26T14:03:37.169Z", + "total_run_count": 174, + "date_changed": "2021-02-26T14:03:40.168Z", + "description": "" + } + }, + { + "model": "models.objecttype", + "pk": 1, + "fields": { + "name": "Model", + "slug": "model", + "apps": [] + } + }, + { + "model": "models.objecttype", + "pk": 2, + "fields": { + "name": "FEDn Client", + "slug": "fedn-client", + "apps": [] + } + }, + { + "model": "models.objecttype", + "pk": 3, + "fields": { + "name": "MLFlow Model", + "slug": "mlflow-model", + "apps": [] + } + } + ] + +docker-registry: + enabled: false + ingress: + enabled: true + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: "5500m" + hosts: + - registry.10.0.145.40.nip.io + tls: + - secretName: prod-ingress + hosts: + - registry.10.0.145.40.nip.io + + persistence: + enabled: true + accessMode: ReadWriteOnce + size: 2Gi + storageClass: *storage_class + +reloader: + enabled: true + namespace: default + reloader: + watchGlobally: false + +labs: + ingress: + secretName: prod-ingress + +prometheus: + enabled: false + +loki-stack: + enabled: false + +grafana: + enabled: false + diff --git a/scaleout/stackn/templates/_helper.tpl b/scaleout/stackn/templates/_helper.tpl index 653b090..926d296 100644 --- a/scaleout/stackn/templates/_helper.tpl +++ b/scaleout/stackn/templates/_helper.tpl @@ -29,62 +29,6 @@ Get the password secret. {{- end -}} {{- end -}} -{{/* -Return postgres host -*/}} -{{- define "stackn.postgres.host" -}} -{{- if .Values.postgresql.enabled }} - {{- include "postgresql.fullname" .Subcharts.postgresql -}} -{{- else -}} - {* HOLDER FOR HA MODE IN FUTURE RELEASE *} -{{- end -}} -{{- end -}} - -{{/* -Return postgres DB name -*/}} -{{- define "stackn.postgres.name" -}} -{{- if .Values.postgresql.enabled }} - {{- include "postgresql.database" .Subcharts.postgresql -}} -{{- else -}} - {* HOLDER FOR HA MODE IN FUTURE RELEASE *} -{{- end -}} -{{- end -}} - -{{/* -Return postgres port -*/}} -{{- define "stackn.postgres.port" -}} -{{- if .Values.postgresql.enabled }} - {{- include "postgresql.port" .Subcharts.postgresql -}} -{{- else -}} - {* HOLDER FOR HA MODE IN FUTURE RELEASE *} -{{- end -}} -{{- end -}} - -{{/* -Return postgres user -*/}} -{{- define "stackn.postgres.user" -}} -{{- if .Values.postgresql.enabled }} - {{- include "postgresql.username" .Subcharts.postgresql -}} -{{- else -}} - {* HOLDER FOR HA MODE IN FUTURE RELEASE *} -{{- end -}} -{{- end -}} - -{{/* -Return postgres secret -*/}} -{{- define "stackn.postgres.secretName" -}} -{{- if .Values.postgresql.enabled }} - {{- include "postgresql.secretName" .Subcharts.postgresql -}} -{{- else -}} - {* HOLDER FOR HA MODE IN FUTURE RELEASE *} -{{- end -}} -{{- end -}} - - {{/* Return STACKn studio superuser */}} @@ -124,6 +68,19 @@ Return STACKn studio superuser email {{- end -}} {{- end -}} + +{{/* +Get the password secret. +*/}} +{{- define "stackn.studio.postgresql.secretName" -}} +{{- if .Values.postgresql.existingSecret -}} + {{- printf "%s" (tpl .Values.existingSecret $) -}} +{{- else -}} + {{- printf "%s" .Values.postgresql.fullnameOverride -}} +{{- end -}} +{{- end -}} + + {{/* Return STACKn rabbit password */}} @@ -146,39 +103,13 @@ Return STACKn rabbit username {{- end -}} {{- end -}} - -{{/* -Return STACKn keycloak admin user -*/}} -{{- define "stackn.keycloak.admin.user" -}} -{{- if .Values.global.keycloak.adminUser }} - {{- .Values.global.keycloak.adminUser -}} -{{- else -}} - keycloak -{{- end -}} -{{- end -}} - -{{/* -Return STACKn keycloak admin password -*/}} -{{- define "stackn.keycloak.admin.password" -}} -{{- if .Values.global.keycloak.adminPassword }} - {{- .Values.global.keycloak.adminPassword -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - {{/* Return STACKn oidc client secret */}} {{- define "stackn.oidc.clientsecret" -}} -{{- if .Values.global.keycloak.clientsecret }} - {{- .Values.global.keycloak.clientsecret }} -{{- else if .Values.oidc.client_secret }} +{{- if .Values.oidc.client_secret }} {{- .Values.oidc.client_secret -}} {{- else -}} a-client-secret {{- end -}} {{- end -}} - diff --git a/scaleout/stackn/templates/basic-secrets.yaml b/scaleout/stackn/templates/basic-secrets.yaml index 3312880..a6da9c5 100644 --- a/scaleout/stackn/templates/basic-secrets.yaml +++ b/scaleout/stackn/templates/basic-secrets.yaml @@ -10,5 +10,4 @@ type: Opaque data: studio-superuser-password: {{ include "stackn.studio.superuser.password" . | b64enc | quote }} rabbit-password: {{ include "stackn.rabbit.password" . | b64enc | quote }} - keycloak-admin-password: {{ include "stackn.keycloak.admin.password" . | b64enc | quote }} {{- end -}} \ No newline at end of file diff --git a/scaleout/stackn/templates/celery-beat-deployment.yaml b/scaleout/stackn/templates/celery-beat-deployment.yaml index 9dee88d..1cb08e8 100644 --- a/scaleout/stackn/templates/celery-beat-deployment.yaml +++ b/scaleout/stackn/templates/celery-beat-deployment.yaml @@ -29,7 +29,7 @@ spec: initContainers: - name: wait-for-db image: postgres - command: ['sh', '-c', 'until pg_isready --host={{ include "stackn.postgres.host" . }}.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local --port={{ include "stackn.postgres.port" . }}; do echo waiting for database; sleep 2; done;'] + command: ['sh', '-c', 'until pg_isready --host={{ .Values.postgresql.fullnameOverride }}.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local --port={{ .Values.postgresql.service.port }}; do echo waiting for database; sleep 2; done;'] resources: limits: cpu: 100m @@ -47,7 +47,7 @@ spec: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: {{ include "stackn.postgres.secretName" . }} + name: {{ include "stackn.studio.postgresql.secretName" . }} key: postgresql-password - name: RABBITMQ_DEFAULT_PASS valueFrom: diff --git a/scaleout/stackn/templates/celery-flower.yaml b/scaleout/stackn/templates/celery-flower.yaml index f0a6107..e059594 100644 --- a/scaleout/stackn/templates/celery-flower.yaml +++ b/scaleout/stackn/templates/celery-flower.yaml @@ -29,7 +29,7 @@ spec: initContainers: - name: wait-for-db image: postgres - command: ['sh', '-c', 'until pg_isready --host={{ include "stackn.postgres.host" . }}.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local --port={{ include "stackn.postgres.port" . }}; do echo waiting for database; sleep 2; done;'] + command: ['sh', '-c', 'until pg_isready --host={{ .Values.postgresql.fullnameOverride }}.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local --port={{ .Values.postgresql.service.port }}; do echo waiting for database; sleep 2; done;'] resources: limits: cpu: 100m @@ -47,7 +47,7 @@ spec: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: {{ include "stackn.postgres.secretName" . }} + name: {{ include "stackn.studio.postgresql.secretName" . }} key: postgresql-password - name: RABBITMQ_DEFAULT_PASS valueFrom: diff --git a/scaleout/stackn/templates/celery-worker-deployment.yaml b/scaleout/stackn/templates/celery-worker-deployment.yaml index 243d3c5..f3d4b0f 100644 --- a/scaleout/stackn/templates/celery-worker-deployment.yaml +++ b/scaleout/stackn/templates/celery-worker-deployment.yaml @@ -27,7 +27,7 @@ spec: initContainers: - name: wait-for-db image: postgres - command: ['sh', '-c', 'until pg_isready --host={{ include "stackn.postgres.host" . }}.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local --port={{ include "stackn.postgres.port" . }}; do echo waiting for database; sleep 2; done;'] + command: ['sh', '-c', 'until pg_isready --host={{ .Values.postgresql.fullnameOverride }}.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local --port={{ .Values.postgresql.service.port }}; do echo waiting for database; sleep 2; done;'] resources: limits: cpu: 100m @@ -45,7 +45,7 @@ spec: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: {{ include "stackn.postgres.secretName" . }} + name: {{ include "stackn.studio.postgresql.secretName" . }} key: postgresql-password - name: RABBITMQ_DEFAULT_PASS valueFrom: diff --git a/scaleout/stackn/templates/realm_secret.yaml b/scaleout/stackn/templates/realm_secret.yaml deleted file mode 100644 index fd57801..0000000 --- a/scaleout/stackn/templates/realm_secret.yaml +++ /dev/null @@ -1,2248 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: realm-secret - namespace: {{ .Values.namespace }} -type: Opaque -stringData: - realm.json: |- - { - "id": "STACKn", - "realm": "STACKn", - "notBefore": 0, - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": {{ .Values.oidc.id_token_expiry_seconds | default "180" }}, - "ssoSessionIdleTimeout": 604800, - "ssoSessionMaxLifespan": 7776000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": true, - "registrationEmailAsUsername": true, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": true, - "editUsernameAllowed": false, - "bruteForceProtected": false, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 30, - "roles": { - "realm": [ - { - "id": "19fdefe4-5cc1-48bf-bbfb-ab2dea47adfd", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "STACKn", - "attributes": {} - }, - { - "id": "2a17bbf6-81ed-4c6f-a8f2-9c7394ff50dd", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "STACKn", - "attributes": {} - } - ], - "client": { - "studio": [], - "realm-management": [ - { - "id": "d016ac60-4208-4142-8037-29534e198bec", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "57c1fccc-b234-4ee5-85df-4c38826f8fc6", - "attributes": {} - }, - { - "id": "bad8a2de-12fe-4476-988f-987ce18e9403", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "57c1fccc-b234-4ee5-85df-4c38826f8fc6", - "attributes": {} - }, - { - "id": "8c389edb-b5c3-4112-9d2a-19cd6ea9da06", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "57c1fccc-b234-4ee5-85df-4c38826f8fc6", - "attributes": {} - }, - { - "id": "b05f64b0-584d-4149-820f-583d314e2f5f", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "57c1fccc-b234-4ee5-85df-4c38826f8fc6", - "attributes": {} - }, - { - "id": "d1a4756b-0884-4917-a34f-0854ae9fe095", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "57c1fccc-b234-4ee5-85df-4c38826f8fc6", - "attributes": {} - }, - { - "id": "8f50c36f-8040-4d90-82d2-7d7d9189c2a2", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "57c1fccc-b234-4ee5-85df-4c38826f8fc6", - "attributes": {} - }, - { - "id": "c096d532-c9bf-4292-9458-a6e4df726b82", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-users", - "query-groups" - ] - } - }, - "clientRole": true, - "containerId": "57c1fccc-b234-4ee5-85df-4c38826f8fc6", - "attributes": {} - }, - { - "id": "23e70fbb-7259-495d-b23e-a9df11087f8a", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "57c1fccc-b234-4ee5-85df-4c38826f8fc6", - "attributes": {} - }, - { - "id": "836c26cf-6310-4f26-93e4-c72f331ff07a", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "57c1fccc-b234-4ee5-85df-4c38826f8fc6", - "attributes": {} - }, - { - "id": "121bab4e-0ee9-4556-983d-c3d3a2a64192", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "57c1fccc-b234-4ee5-85df-4c38826f8fc6", - "attributes": {} - }, - { - "id": "0104a477-7d10-47f7-b990-7b9eec4d15a4", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "57c1fccc-b234-4ee5-85df-4c38826f8fc6", - "attributes": {} - }, - { - "id": "e634ffbd-cace-440d-8bc4-4c157a617320", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "57c1fccc-b234-4ee5-85df-4c38826f8fc6", - "attributes": {} - }, - { - "id": "cbc1b1e4-3114-4f16-b99b-3e9a9ab8cf0b", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "57c1fccc-b234-4ee5-85df-4c38826f8fc6", - "attributes": {} - }, - { - "id": "44a702cd-03ff-4dba-b941-138f665b9cd5", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "57c1fccc-b234-4ee5-85df-4c38826f8fc6", - "attributes": {} - }, - { - "id": "25825a78-9e64-48b1-a1d8-d028f3ebbf5d", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "57c1fccc-b234-4ee5-85df-4c38826f8fc6", - "attributes": {} - }, - { - "id": "831646d0-e9ac-48a3-a268-0f48bf6ea2a8", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "57c1fccc-b234-4ee5-85df-4c38826f8fc6", - "attributes": {} - }, - { - "id": "c97f4326-3036-4a94-a762-b82e3837e5a5", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "view-clients", - "view-events", - "query-users", - "query-realms", - "manage-users", - "view-realm", - "view-users", - "manage-clients", - "view-authorization", - "manage-realm", - "manage-identity-providers", - "manage-authorization", - "query-groups", - "manage-events", - "impersonation", - "query-clients", - "create-client", - "view-identity-providers" - ] - } - }, - "clientRole": true, - "containerId": "57c1fccc-b234-4ee5-85df-4c38826f8fc6", - "attributes": {} - }, - { - "id": "e279eafd-262e-4949-81da-2402a36103dc", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "57c1fccc-b234-4ee5-85df-4c38826f8fc6", - "attributes": {} - }, - { - "id": "9d04240d-968e-4d7e-a8af-804cfbcbcfe1", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "57c1fccc-b234-4ee5-85df-4c38826f8fc6", - "attributes": {} - } - ], - "studio-api": [], - "security-admin-console": [], - "admin-cli": [], - "account-console": [], - "broker": [ - { - "id": "d3666659-fb38-439f-9dd7-0877fac6f4cb", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "c1efa49c-305c-4f24-b0fe-c6bdb8287a3b", - "attributes": {} - } - ], - "account": [ - { - "id": "0039caa2-0e16-40b9-b799-696a1fa4333a", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "f3638d9c-b8eb-4a8e-8464-77cd27427652", - "attributes": {} - }, - { - "id": "82b82eba-2a9f-4e7a-9aea-9ce992aac745", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "f3638d9c-b8eb-4a8e-8464-77cd27427652", - "attributes": {} - }, - { - "id": "57667851-3a06-49bc-aa9b-6bd0ee3ea00f", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "f3638d9c-b8eb-4a8e-8464-77cd27427652", - "attributes": {} - }, - { - "id": "95c69c39-45d0-4015-b49f-92232b7f42f4", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "f3638d9c-b8eb-4a8e-8464-77cd27427652", - "attributes": {} - }, - { - "id": "40e66740-734a-4e03-ad4d-be115fa62adc", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "f3638d9c-b8eb-4a8e-8464-77cd27427652", - "attributes": {} - }, - { - "id": "e0b6ef9d-c692-4646-8367-73395c465e76", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "f3638d9c-b8eb-4a8e-8464-77cd27427652", - "attributes": {} - } - ] - } - }, - "groups": [], - "defaultRoles": [ - "uma_authorization", - "offline_access" - ], - "requiredCredentials": [ - "password" - ], - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" - ], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "users": [ - { - "id": "0cbe5ca1-55bd-4d24-85b7-1d887ba355d5", - "createdTimestamp": 1593173029255, - "username": "service-account-studio", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "studio", - "disableableCredentialTypes": [], - "requiredActions": [], - "clientRoles": { - "realm-management": [ - "manage-events", - "query-users", - "impersonation", - "query-realms", - "query-clients", - "manage-users", - "manage-clients", - "realm-admin", - "manage-realm", - "query-groups", - "manage-identity-providers", - "manage-authorization" - ] - }, - "notBefore": 0, - "groups": [] - } - ], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clientScopeMappings": { - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account" - ] - } - ] - }, - "clients": [ - { - "id": "f3638d9c-b8eb-4a8e-8464-77cd27427652", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/STACKn/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "defaultRoles": [ - "view-profile", - "manage-account" - ], - "redirectUris": [ - "/realms/STACKn/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "role_list", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "9b731cd2-443f-4432-a5f2-15c812f6593d", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/STACKn/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "/realms/STACKn/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "54b68c0e-c7a1-4994-8456-9e5367e59335", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": [ - "web-origins", - "role_list", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "fe695565-572a-4d0d-96e2-5f0a1e980ec8", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "role_list", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "c1efa49c-305c-4f24-b0fe-c6bdb8287a3b", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "role_list", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "57c1fccc-b234-4ee5-85df-4c38826f8fc6", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "72b3caae-9b76-40a4-8b85-407f6d1a8bef", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "baf790f1-ae4c-45e9-9711-a653c0a65c19", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "6682fc3b-0b18-4dba-82dc-350251c19894", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "role_list", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "8a5643fa-0471-4c0b-9056-1a93ca33c8bc", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/STACKn/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "/admin/STACKn/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "92cf9264-2097-4645-b784-e6c97e117aba", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "role_list", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "87f8442d-bf8c-41cb-bbf3-806b3dda6eb2", - "clientId": "studio", - "rootUrl": "https://{{ (index .Values.ingress.hosts 0).host }}", - "adminUrl": "https://{{ (index .Values.ingress.hosts 0).host }}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": {{ include "stackn.oidc.clientsecret" . | quote }}, - "redirectUris": [ - "http://{{ (index .Values.ingress.hosts 0).host }}/*" - ], - "webOrigins": [ - "https://{{ (index .Values.ingress.hosts 0).host }}" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "exclude.session.state.from.auth.response": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "368cd25c-0974-4fed-9616-d488a6f9cc41", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "1126a769-2983-412b-a08a-f4127263ca24", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "7da3cb25-05ef-4c47-9632-7b5bd0942b7a", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "role_list", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "7e194d64-b4e2-4446-9e18-b633f41a523c", - "clientId": "studio-api", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "studio-api-scope", - "role_list", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - } - ], - "clientScopes": [ - { - "id": "e126edcb-9dfe-4069-9d0a-44d00f706bf5", - "name": "studio-api-scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "c36a8217-4df1-49e6-98b9-ca986498d882", - "name": "studio-api-mapper", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "studio-api", - "id.token.claim": "false", - "access.token.claim": "true" - } - } - ] - }, - { - "id": "30ae9131-97eb-451c-8847-20c96c21a0ad", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "834abdd0-95c3-4f2f-ae34-270d5b0a0c93", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "3ef1b47b-3430-422f-9c9e-c65f9fa0d2f1", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "a51e0ebf-22f2-4995-ae91-99ad8d47ede9", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "5b8d7637-e2f4-493f-98c0-655aa8edc4fa", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - }, - { - "id": "e0220894-a958-4562-b7d8-f42c7834eb88", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - } - ] - }, - { - "id": "c6976c4b-cd99-42d9-9bcf-6cc1948b537e", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "5e990ca3-42a6-4338-b897-b72021abe2bb", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "a8fe1a84-6f84-4493-9fbf-a59f8a300284", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "5b89dc04-387d-4eba-bde1-29dc7b8f10e5", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "3b2a1839-c306-46a9-b0a0-a3f4804a4497", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "e67e94ae-482c-4629-b022-958fad0183c2", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "d13cf50d-6e37-4b7c-8edc-6d9ebaa82f93", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "140e240c-ab38-4369-ace8-de4bc547d741", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "369aa64b-0d6d-48d7-925d-d047c778de1e", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "84b08449-1da0-4c9e-b850-2689b77b2fd3", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "d1a54756-e21e-47e5-9992-b2028f259494", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "id": "64d241a6-8c94-4002-a1f4-66e57a915951", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "75d59c2f-82b4-409c-9463-091e0f9c0c72", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "id": "bd468c2c-241d-4b90-8a67-1b86aa4997b7", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "8a048c46-b86e-445c-b16e-99bf01d69a38", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "d86efc50-a148-43dd-82f4-dc2fdfc584b5", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" - } - }, - { - "id": "838a39ad-074c-44f0-86bd-21a9b6f888d2", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "a87de0f9-4253-4fd8-809a-8cf4e0cc9238", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "370086f5-5bb2-4d9c-8a46-8db16b59c106", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - }, - { - "id": "edb1bd05-9c7d-4511-989e-67d595134a96", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - } - ] - }, - { - "id": "6053c89c-ada5-4c95-8d3b-1f93683cb39d", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "f2d42e26-81e2-45fb-9a2b-8db7403226f8", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "a3be4e77-64a2-433d-8ebd-9a1787c95e55", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - }, - { - "id": "1ce31867-78ef-4d30-852e-e7bfafe6b9a1", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "userinfo.token.claim": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "d23f1e89-88b6-4398-8f02-79064ba78cb6", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "5f48f3ba-e750-4728-a8b1-f95661dde965", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "id": "a8a3ed7b-d05b-441c-b460-f047859dcd05", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - } - ] - }, - { - "id": "609ffd90-f73a-40ea-a261-d79bc2410bb4", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "c8cda67e-a51c-477a-b8bf-0fabfd4c3d59", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - } - ], - "defaultDefaultClientScopes": [ - "web-origins", - "roles", - "profile", - "role_list", - "email" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": {}, - "eventsEnabled": false, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "b2116962-f71e-421a-ad07-02719799eec5", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "25cdf52f-4f2a-48a5-9d0a-e19d0d925d3b", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "0bb32f63-aa12-482c-a606-491db7ab9cba", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "7d0ea8ba-8364-4b6c-ac89-9fb62fb321ae", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "f9eb42a1-54bc-411c-a8f1-eb1798c67a86", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-usermodel-attribute-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-property-mapper", - "saml-user-attribute-mapper", - "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-role-list-mapper", - "saml-user-property-mapper" - ] - } - }, - { - "id": "12ce5470-34b2-4bb1-97b4-c110b13d0b39", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "605ce67d-2c2b-4bc0-a6c0-a3cbc15f2786", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "125d435b-0be3-4a7c-afa9-601e36b4970f", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-address-mapper", - "saml-user-attribute-mapper", - "saml-user-property-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-property-mapper", - "saml-role-list-mapper" - ] - } - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "9f61ebdb-b49e-4264-bab0-6bfa5ec2bb37", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - }, - { - "id": "c834d318-92dc-4df9-8c85-1a2676912b77", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "50b8a034-ed15-46b4-ba3c-4ea6670ce77c", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - } - ] - }, - "internationalizationEnabled": false, - "supportedLocales": [], - "authenticationFlows": [ - { - "id": "7ebd78b2-fa7b-4cdc-8ce7-38a84bc473ed", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "e6b2861a-8692-4a23-89e7-605a3812f3c6", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "3bd33877-49fe-409d-b282-c6a191d8a311", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "d1d89b5b-ae0e-4553-8bf5-18819732b755", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-otp", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "391e74eb-0dbc-4f2c-ba75-f855952c2136", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "5da4bf85-7acf-41a9-894a-618843420fd2", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "ea70805b-71b7-403e-9aa1-99dcd3dddf43", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-otp", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "70e00a1e-a2ef-4f83-82b2-0951db6aaad9", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "d179ca02-eb96-43b4-bb51-c9b0050b2a24", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "44a5e13c-9c5c-4969-a84e-e2393dd0bfcc", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "identity-provider-redirector", - "requirement": "ALTERNATIVE", - "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "e5bc5342-ee51-4ff8-8475-d29080dfbc69", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-jwt", - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-secret-jwt", - "requirement": "ALTERNATIVE", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-x509", - "requirement": "ALTERNATIVE", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "914d75b8-9bfe-4470-a76e-9306ee9e8c87", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-password", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "CONDITIONAL", - "priority": 30, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "28ca3417-23bd-4ffe-a29b-bc9fe530750b", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "a0387dbf-3d54-4ed6-9efb-6451c3d4243b", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "41b7da48-9027-4850-8ce1-c8e7ed3c8f8d", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "cd11e5ca-b544-410b-ba40-0fcba8ca2f7e", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "149b1535-7593-4458-a140-3e714c94b7e9", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "requirement": "REQUIRED", - "priority": 10, - "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "06b38394-042b-496e-897f-04cd08559f48", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-profile-action", - "requirement": "REQUIRED", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-password-action", - "requirement": "REQUIRED", - "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-recaptcha-action", - "requirement": "DISABLED", - "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "ab77cbb2-c879-44a3-a94e-2d8c1d6b3660", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-credential-email", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-password", - "requirement": "REQUIRED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "CONDITIONAL", - "priority": 40, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "09061931-28e9-4b99-83f7-46513142c0e1", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "5b9429eb-294f-4fc7-80e4-07df4be169f3", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "6f2e12a0-006e-4f2a-bbc4-20c290f57732", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "terms_and_conditions", - "name": "Terms and Conditions", - "providerId": "terms_and_conditions", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "clientOfflineSessionMaxLifespan": "0", - "clientSessionIdleTimeout": "0", - "clientSessionMaxLifespan": "0", - "clientOfflineSessionIdleTimeout": "0" - }, - "keycloakVersion": "11.0.0", - "userManagedAccessAllowed": false - } \ No newline at end of file diff --git a/scaleout/stackn/templates/studio-deployment.yaml b/scaleout/stackn/templates/studio-deployment.yaml index 1f38ff6..1c1ad29 100644 --- a/scaleout/stackn/templates/studio-deployment.yaml +++ b/scaleout/stackn/templates/studio-deployment.yaml @@ -23,7 +23,7 @@ spec: initContainers: - name: wait-for-db image: postgres - command: ['sh', '-c', 'until pg_isready --host={{ include "stackn.postgres.host" . }}.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local --port={{ include "stackn.postgres.port" . }}; do echo waiting for database; sleep 2; done;'] + command: ['sh', '-c', 'until pg_isready --host={{ .Values.postgresql.fullnameOverride }}.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local --port={{ .Values.postgresql.service.port }}; do echo waiting for database; sleep 2; done;'] resources: limits: cpu: 100m @@ -45,7 +45,7 @@ spec: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: {{ include "stackn.postgres.secretName" . }} + name: {{ include "stackn.studio.postgresql.secretName" . }} key: postgresql-password - name: RABBITMQ_DEFAULT_PASS valueFrom: diff --git a/scaleout/stackn/templates/studio-post-install.yaml b/scaleout/stackn/templates/studio-post-install.yaml index adcecc9..ce81c46 100644 --- a/scaleout/stackn/templates/studio-post-install.yaml +++ b/scaleout/stackn/templates/studio-post-install.yaml @@ -43,7 +43,7 @@ spec: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: {{ include "stackn.postgres.secretName" . }} + name: {{ include "stackn.studio.postgresql.secretName" . }} key: postgresql-password image: {{ .Values.studio.image.repository }} imagePullPolicy: Always diff --git a/scaleout/stackn/templates/studio-settings-configmap.yaml b/scaleout/stackn/templates/studio-settings-configmap.yaml index 991f203..c207ed4 100644 --- a/scaleout/stackn/templates/studio-settings-configmap.yaml +++ b/scaleout/stackn/templates/studio-settings-configmap.yaml @@ -17,68 +17,11 @@ data: """ import os - import logging - VERSION_BACKEND = 'studio.version.Version' - LOGGING_LEVEL = logging.DEBUG - PROJECT_ROLES = ['guest', 'member', 'admin'] - {{ if .Values.ingress.v1beta1 }} - INGRESS_V1BETA1 = True - {{ else }} - INGRESS_V1BETA1 = False - {{ end }} - - # Permissions - - # Project settings - PROJECT_SETTINGS_PERM = { - 'view': ['member', 'admin'], - 'view_credentials': ['member', 'admin'], - 'env_settings': ['member', 'admin'], - 'collab_settings': ['member', 'admin'], - 'add_member': ['admin'], - 'publish_github': ['member', 'admin'], - 'danger_zone': ['admin'] - } - - MONITOR_PERM = { - 'view': ['admin'] - } - - {{ if .Values.oidc.enabled }} - KC_REALM = {{ .Values.oidc.realm | quote }} - KC_URL = "{{ .Values.oidc.host }}" - KC_ADMIN_URL = "{{ .Values.oidc.host }}/auth" - OIDC_RP_CLIENT_ID = {{ .Values.oidc.client_id | quote }} - OIDC_RP_CLIENT_SECRET = {{ include "stackn.oidc.clientsecret" . | quote }} - OIDC_OP_REALM_AUTH = "{{ .Values.oidc.host }}/auth/realms" - OIDC_OP_AUTHORIZATION_ENDPOINT = "{{ .Values.oidc.host }}/auth/realms/{{ .Values.oidc.realm }}/protocol/openid-connect/auth" - OIDC_OP_TOKEN_ENDPOINT = "{{ .Values.oidc.host }}/auth/realms/{{ .Values.oidc.realm }}/protocol/openid-connect/token" - OIDC_OP_USER_ENDPOINT = "{{ .Values.oidc.host }}/auth/realms/{{ .Values.oidc.realm }}/protocol/openid-connect/userinfo" - OIDC_OP_LOGOUT_ENDPOINT = "{{ .Values.oidc.host }}/auth/realms/{{ .Values.oidc.realm }}/protocol/openid-connect/logout" - OIDC_OP_LOGOUT_URL_METHOD = 'studio.OIDClogout.keycloak_logout' - OIDC_STORE_ACCESS_TOKEN = True - OIDC_STORE_ID_TOKEN = True - {{ if eq .Values.oidc.verify_ssl false }} - print("WARNING: Skipping SSL verification.") - OIDC_VERIFY_SSL = False - {{ else }} - OIDC_VERIFY_SSL = True - {{ end }} - OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS = {{ .Values.oidc.id_token_expiry_seconds | default "180" }} - LOGIN_URL = "/projects" - LOGIN_REDIRECT_URL = "/projects" - LOGOUT_REDIRECT_URL = "/" - OIDC_RP_SIGN_ALGO = {{ .Values.oidc.sign_algo | quote }} - OIDC_OP_JWKS_ENDPOINT = "{{ .Values.oidc.host }}/auth/realms/{{ .Values.oidc.realm }}/protocol/openid-connect/certs" - {{ end }} AUTHENTICATION_BACKENDS = [ 'django.contrib.auth.backends.ModelBackend', - {{ if .Values.oidc.enabled }} - 'studio.OIDCbackend.OIDCbackend' - {{ end }} ] # Build paths inside the project like this: os.path.join(BASE_DIR, ...) @@ -110,44 +53,38 @@ data: # Application definition INSTALLED_APPS = [ - {{ if .Values.fedn.enabled }} - 'alliance_admin', - {{ end }} - 'django.contrib.auth', 'django.contrib.admin', + 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'django_filters', - 'oauth2_provider', 'corsheaders', 'rest_framework', 'rest_framework.authtoken', - 'ingress', 'api', + 'monitor', 'projects', 'models', - 'monitor', - 'reports', - 'files', - 'datasets', - 'workflows', 'deployments', - 'bootstrap_modal_forms', - 'studio_admin', 'apps', 'portal', + 'tagulous', 'django_celery_beat', - 'django_plotly_dash.apps.DjangoPlotlyDashConfig', - 'channels', + 'oauth2_provider', ] - X_FRAME_OPTIONS = 'SAMEORIGIN' + OAUTH2_PROVIDER = { + # this is the list of available scopes + 'SCOPES': {'read': 'Read scope', 'write': 'Write scope', 'groups': 'Access to your groups'} + } REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': [ - 'studio.KCRFbackend.KeycloakAuthentication', + 'rest_framework.authentication.TokenAuthentication', + #'rest_framework.permissions.IsAuthenticated', + 'oauth2_provider.contrib.rest_framework.OAuth2Authentication', ], } @@ -157,18 +94,14 @@ data: 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', - {{ if .Values.oidc.enabled }} - 'mozilla_django_oidc.middleware.SessionRefresh', - {{ end }} 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'corsheaders.middleware.CorsMiddleware', - 'django_plotly_dash.middleware.BaseMiddleware' ] + STATICFILES_FINDERS = ( 'django.contrib.staticfiles.finders.FileSystemFinder', 'django.contrib.staticfiles.finders.AppDirectoriesFinder', - # other finders.. 'compressor.finders.CompressorFinder', ) @@ -198,13 +131,6 @@ data: WSGI_APPLICATION = 'studio.wsgi.application' ASGI_APPLICATION = 'studio.asgi.application' - - # Lab settings - LABS = { - 'ingress': { - 'secretName': '{{ .Values.labs.ingress.secretName }}' - } - } # Database @@ -213,11 +139,11 @@ data: DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql', - 'NAME': '{{ include "stackn.postgres.name" . }}', - 'USER': '{{ include "stackn.postgres.user" . }}', + 'NAME': '{{ .Values.postgresql.postgresqlDatabase }}', + 'USER': '{{ .Values.postgresql.postgresqlUsername }}', 'PASSWORD': os.environ.get('POSTGRES_PASSWORD'), - 'HOST': '{{ include "stackn.postgres.host" . }}', - 'PORT': {{ include "stackn.postgres.port" . }}, + 'HOST': '{{ .Values.postgresql.fullnameOverride }}', + 'PORT': '{{ .Values.postgresql.service.port }}', } } @@ -266,16 +192,17 @@ data: import socket # TODO remove after refactor - API_HOSTNAME = 'localhost' - API_PORT = 8080 + #API_HOSTNAME = 'localhost' + #API_PORT = 8080 + + #GIT_REPOS_ROOT = os.path.join(REPO_DIR, 'repos') + #GIT_REPOS_URL = '/repos/' - GIT_REPOS_ROOT = os.path.join(REPO_DIR, 'repos') - GIT_REPOS_URL = '/repos/' + #LOKI_SVC = 'http://{{ .Release.Name }}-loki:3100' + #PROMETHEUS_SVC = 'http://{{ .Release.Name }}-prometheus-server' + #CHART_CONTROLLER_URL = 'http://{{ .Release.Name }}-chart-controller' - LOKI_SVC = 'http://{{ .Release.Name }}-loki:3100' - PROMETHEUS_SVC = 'http://{{ .Release.Name }}-prometheus-server' REGISTRY_SVC = '{{ .Release.Name }}-docker-registry' - CHART_CONTROLLER_URL = 'http://{{ .Release.Name }}-chart-controller' STUDIO_URL = 'http://{{ .Release.Name }}-studio:8080' try: @@ -304,21 +231,11 @@ data: CELERY_TIMEZONE = "UTC" CELERY_ENABLE_UTC = True - EXTERNAL_KUBECONF = False - STORAGECLASS = {{ .Values.storageClassName | default "aws-efs" | quote }} - + EXTERNAL_KUBECONF = True NAMESPACE = {{ .Values.namespace | default "default" | quote }} - + STORAGECLASS = {{ .Values.storageClassName | default "aws-efs" | quote }} + try: from .settings_local import * except ImportError as e: pass - - import os - - try: - apps = [os.environ.get("APPS").split(" ")] - for app in apps: - INSTALLED_APPS += [app] - except Exception as e: - pass diff --git a/scaleout/stackn/values.yaml b/scaleout/stackn/values.yaml deleted file mode 100644 index 6963da1..0000000 --- a/scaleout/stackn/values.yaml +++ /dev/null @@ -1,540 +0,0 @@ -# This is a YAML-formatted file. -# Declare variables to be passed into STACKn templates. - -# REQUIREMENT: -# - set a storage class with ability to serve ReadWriteMany -# Name: storageClassName, and/or set anchor &śtorage_class -# Description: Set a storage class for the resources that are reused for multi-mount-points in cluster. To reduce wasteful copying we allow to use the same dataset volume to be mounted multiple times. -# Default: microk8s-hostpath, use nfs-client for docker-for-desktop -# - replace , search and replace -# - cluster_config , kubernetes cluster - -#NOTES -# - For local development/testing consider setting "oidc.verify_ssl" to false - -#Set global values to overide default -global: - studio: - superUser: "" - superuserPassword: "" - superuserEmail: "" - keycloak: - adminUser: "" - adminPassword: "" - clientSecret: a-client-secret #Override in production - existingSecret: "" - storageClass: &storage_class microk8s-hostpath - - -### A Postgres database for STACKn ### -# Here we use https://charts.bitnami.com/bitnami postgresql chart - - -# Postgres deploy with a single-pod database: -postgresql: - enabled: true - postgresqlUsername: stackn - postgresqlPassword: "" - postgresqlDatabase: stackn - existingSecret: "" - fullnameOverride: stackn-studio-postgres - persistence: - enabled: true - size: 20Gi - storageClass: *storage_class - accessModes: - - ReadWriteMany - -# Will be added in future realease, for now keep "enabled:false" -postgresql-ha: - enabled: false - -### DEPLOY SECRETS WITH private helm chart 'secrets' from platform/secrets -## Name: imagePullSecret -## Description: Secret to pull images from our private repository. -imagePullSecrets: - - name: regcred - -## to create a regcred -## kubectl create secret docker-registry regcred --docker-server= --docker-username= --docker-password= - -#Set stoargeClass -storageClassName: *storage_class -namespace: default -existingSecret: "" - -studio: - servicename: studio - replicas: 1 - debug: true - static: - replicas: 1 - image: scaleoutsystems/ingress:develop #This image can be built from Dockerfile.nginx inside stackn/components/studio (https://github.com/scaleoutsystems/stackn) - resources: - limits: - cpu: 1 - memory: 512Mi - requests: - cpu: 100m - memory: 256Mi - image: #tell which image to deploy for studio - repository: scaleoutsystems/studio:develop #This image can be built from Dockerfile inside stackn/components/studio (https://github.com/scaleoutsystems/stackn) - pullPolicy: Always # used to ensure that each time we redeploy always pull the latest image - resources: - limits: - cpu: 1000m - memory: 4Gi - requests: - cpu: 400m - memory: 2Gi - storage: - StorageClassName: *storage_class - size: 2Gi - media: - storage: - storageClassName: *storage_class - size: 5Gi - accessModes: ReadWriteMany - superUser: admin - superuserPassword: "" - superuserEmail: admin@test.com - -celeryWorkers: - replicas: 2 - resources: - requests: - cpu: 100m - memory: 1Gi - limits: - cpu: 1000m - memory: 8Gi - -# Enable ingress if you want your to access the studio solution from a kubernetes host/localhost. -domain: studio. -ingress: - enabled: true - image: #tell which image to deploy for studio - repository: scaleoutsystems/ingress:develop #This image can be built from Dockerfile.nginx inside stackn/components/studio (https://github.com/scaleoutsystems/stackn) - pullPolicy: Always - annotations: {} - hosts: - - host: studio. - - # setup TLS if you have a platform certificate or use 'tls-acme' if you have certbot deployed and want to generate a certificate. - tls: - - secretName: prod-ingress - hosts: - - studio. - -service: - type: ClusterIP #override if you want to use NodePort instead to access cluster services - - -# default credentials for rabbitmq. override in production! -rabbit: - username: admin - password: "" - -chartcontroller: - enabled: false - image: - repository: scaleoutsystems/chart-controller:master - pullPolicy: Always - branch: master - resources: - limits: - cpu: 200m - memory: 512Mi - requests: - cpu: 200m - memory: 512Mi - #addSecret -- if true create chart-controller-secret from cluster_config, if false it must be added manually - addSecret: true - - - -### Cluster config ### -# kubectl config view --raw -cluster_config: |- - apiVersion: v1 - clusters: - - cluster: - certificate-authority-data: - server: - name: - contexts: - - context: - cluster: - user: admin - name: - current-context: - kind: Config - preferences: {} - users: - - name: admin - user: - token: - -# Django fixtures for defining: -# - app categories -# - object types (to categorize “objects”, often model objects). We might for instance want a few different -# categories such as “models”, “tensorflow models”, and “FEDn Compute Packages”). An object is a pointer to a file stored in S3. -# - Periodic Celery tasks. These are controlled from the Django database. By default, we have three tasks: One that syncs MLflow -# models to STACKn objects, one that checks app statuses, and one that checks resource usage. -fixtures: |- - [{ - "model": "apps.appcategories", - "pk": "compute", - "fields": { - "name": "Compute" - } - }, - { - "model": "apps.appcategories", - "pk": "fedn", - "fields": { - "name": "FEDn" - } - }, - { - "model": "apps.appcategories", - "pk": "develop", - "fields": { - "name": "Develop" - } - }, - { - "model": "apps.appcategories", - "pk": "serve", - "fields": { - "name": "Serve" - } - }, - { - "model": "apps.appcategories", - "pk": "store", - "fields": { - "name": "Store" - } - }, - { - "model": "django_celery_beat.intervalschedule", - "pk": 1, - "fields": { - "every": 3, - "period": "seconds" - } - }, - { - "model": "django_celery_beat.intervalschedule", - "pk": 2, - "fields": { - "every": 15, - "period": "seconds" - } - }, - { - "model": "django_celery_beat.periodictask", - "pk": 1, - "fields": { - "name": "celery.backend_cleanup", - "task": "celery.backend_cleanup", - "interval": null, - "crontab": 1, - "solar": null, - "clocked": null, - "args": "[]", - "kwargs": "{}", - "queue": null, - "exchange": null, - "routing_key": null, - "headers": "{}", - "priority": null, - "expires": null, - "expire_seconds": 43200, - "one_off": false, - "start_time": null, - "enabled": true, - "last_run_at": null, - "total_run_count": 0, - "date_changed": "2021-02-26T13:49:34.038Z", - "description": "" - } - }, - { - "model": "django_celery_beat.periodictask", - "pk": 2, - "fields": { - "name": "check_resource_usage", - "task": "apps.tasks.get_resource_usage", - "interval": 2, - "crontab": null, - "solar": null, - "clocked": null, - "args": "[]", - "kwargs": "{}", - "queue": null, - "exchange": null, - "routing_key": null, - "headers": "{}", - "priority": null, - "expires": null, - "expire_seconds": null, - "one_off": false, - "start_time": null, - "enabled": true, - "last_run_at": "2021-02-26T14:03:34.731Z", - "total_run_count": 45, - "date_changed": "2021-02-26T14:03:40.178Z", - "description": "" - } - }, - { - "model": "django_celery_beat.periodictask", - "pk": 3, - "fields": { - "name": "check_app_status", - "task": "apps.tasks.check_status", - "interval": 1, - "crontab": null, - "solar": null, - "clocked": null, - "args": "[]", - "kwargs": "{}", - "queue": null, - "exchange": null, - "routing_key": null, - "headers": "{}", - "priority": null, - "expires": null, - "expire_seconds": null, - "one_off": false, - "start_time": null, - "enabled": true, - "last_run_at": "2021-02-26T14:03:37.169Z", - "total_run_count": 174, - "date_changed": "2021-02-26T14:03:40.168Z", - "description": "" - } - }, - { - "model": "models.objecttype", - "pk": 1, - "fields": { - "name": "Model", - "slug": "model", - "apps": [] - } - }, - { - "model": "models.objecttype", - "pk": 2, - "fields": { - "name": "FEDn Client", - "slug": "fedn-client", - "apps": [] - } - }, - { - "model": "models.objecttype", - "pk": 3, - "fields": { - "name": "MLFlow Model", - "slug": "mlflow-model", - "apps": [] - } - } - ] - -docker-registry: - enabled: false - ingress: - enabled: true - annotations: - nginx.ingress.kubernetes.io/proxy-body-size: "5500m" - hosts: - - registry. - tls: - - secretName: prod-ingress - hosts: - - registry. - - persistence: - enabled: true - accessMode: ReadWriteOnce - size: 2Gi - storageClass: *storage_class - -argo: - installCRD: false - enabled: false - ui: - ingress: - enabled: true - annotations: - nginx.ingress.kubernetes.io/proxy-body-size: 1000m - hosts: - - workflow. - tls: - - secretName: prod-ingress - hosts: - - workflow. - -argo-events: - enabled: false - installCRD: false - namespace: argo-events - singleNamespace: false - - -openfaas: - enabled: false - functionNamespace: stack-fn - exposeServices: false - async: true - rbac: false - psp: false - securityContext: true - basic_auth: false - operator: - create: true - ingress: - enabled: false - hosts: - - host: serve. - serviceName: gateway - servicePort: 8080 - path: / - tls: - - secretName: prod-ingress - hosts: - - serve. - -keycloak: - replicas: 1 - ingress: - enabled: true - annotations: - nginx.ingress.kubernetes.io/proxy-buffer-size: "128k" - rules: - - host: "keycloak." - paths: - - / - tls: - - secretName: prod-ingress - hosts: - - keycloak. - - extraVolumes: | - - name: realm-secret - secret: - secretName: realm-secret - - extraVolumeMounts: | - - name: realm-secret - mountPath: "/realm/" - readOnly: true - - extraEnv: | - - name: KEYCLOAK_IMPORT - value: /realm/realm.json - - name: KEYCLOAK_USER - value: '{{ include "stackn.keycloak.admin.user" .}}' - - name: KEYCLOAK_PASSWORD - valueFrom: - secretKeyRef: - name: '{{ include "stackn.secretName" . }}' - key: keycloak-admin-password - - name: PROXY_ADDRESS_FORWARDING - value: "true" - - rbac: - create: true - rules: - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - postgresql: - enabled: true - postgresqlUsername: keycloak - postgresqlPassword: "" - postgresqlDatabase: keycloak - persistence: - enabled: true - size: 10Gi - storageClass: *storage_class - accessModes: - - ReadWriteMany - - args: - - "-Dkeycloak.profile.feature.token_exchange=enabled" - -oidc: - enabled: true - realm: STACKn - client_id: studio - client_secret: "" - host: https://keycloak. - sign_algo: RS256 - id_token_expiry_seconds: 180 - verify_ssl: true #setting this to false should only be used for local development, will require flag --insecure for stackn cli - -prometheus: - enabled: false - server: - ingress: - enabled: true - hosts: - - prometheus. - tls: - - secretName: prod-ingress - hosts: - - prometheus. - persistentVolume: - storageClass: *storage_class - size: 2Gi - -loki-stack: - enabled: false - -grafana: - enabled: false - grafana.ini: - server: - domain: grafana. - root_url: "%(protocol)s://%(domain)s/" - serve_from_sub_path: true - ingress: - enabled: true - hosts: - - "grafana." - path: "/" - - tls: - - secretName: prod-ingress - hosts: - - grafana. - - persistence: - enabled: true - type: pvc - size: 2Gi - storageClassName: *storage_class - -reloader: - enabled: true - namespace: default - reloader: - watchGlobally: false - -fedn: - enabled: false - -labs: - ingress: - secretName: prod-ingress From ad74165901ef5eaf6b57842bbc9587037eb3649f Mon Sep 17 00:00:00 2001 From: carmat88 Date: Tue, 7 Dec 2021 13:59:47 +0100 Subject: [PATCH 03/23] Allowing easier deployment of stackn --- scaleout/stackn/.values-utility-script.sh.swp | Bin 0 -> 12288 bytes scaleout/stackn/revamp-values.yaml | 707 ------------------ scaleout/stackn/templates/_helper.tpl | 24 +- scaleout/stackn/templates/basic-secrets.yaml | 2 + .../templates/celery-beat-deployment.yaml | 30 +- scaleout/stackn/templates/celery-flower.yaml | 84 --- .../templates/celery-worker-deployment.yaml | 28 +- .../templates/chart-controller-secret.yaml | 6 +- .../stackn/templates/fixtures-configmap.yaml | 8 - .../templates/studio-admin-rolebinding.yaml | 14 + .../stackn/templates/studio-deployment.yaml | 37 +- .../stackn/templates/studio-post-install.yaml | 94 --- scaleout/stackn/templates/studio-service.yaml | 4 +- .../templates/studio-settings-configmap.yaml | 19 +- scaleout/stackn/values-utility-script.sh | 33 + scaleout/stackn/values.yaml | 150 ++++ 16 files changed, 299 insertions(+), 941 deletions(-) create mode 100644 scaleout/stackn/.values-utility-script.sh.swp delete mode 100644 scaleout/stackn/revamp-values.yaml delete mode 100644 scaleout/stackn/templates/celery-flower.yaml delete mode 100644 scaleout/stackn/templates/fixtures-configmap.yaml create mode 100644 scaleout/stackn/templates/studio-admin-rolebinding.yaml delete mode 100644 scaleout/stackn/templates/studio-post-install.yaml create mode 100644 scaleout/stackn/values-utility-script.sh create mode 100644 scaleout/stackn/values.yaml diff --git a/scaleout/stackn/.values-utility-script.sh.swp b/scaleout/stackn/.values-utility-script.sh.swp new file mode 100644 index 0000000000000000000000000000000000000000..62cb7ef26763acd62277cde9ddfca59941120078 GIT binary patch literal 12288 zcmeI2L5~zw5XT?fR8S)xIn?$}vb)K4H;aaBfF;?;vaCcf2qs1idDC4p{W9IJJMX=o zae~SLu3WtO1x)lqaPaQUlV>0XZhipk_3IH_T-Yn7X7kVNOxM(_`u(d9ld0jU&-Xro z&16H+<6R*h{P>f6W3VnJza15sG?jGz!pk4SQf8B)F7f4I;`@*=wV5ojZe5xc(m4C< zwRMz8r&C$BXyewYQn`6-Gou=p*y0uG`7#q=0tXRj-6-BXe)EIV8>f88aNfC(@GCcp$3hDQ^h4_W^ zGpQoIPdY*R^|%oCNh8t{>G3fk9+4iB?vQp#mq>rmS@%eHNi$M+_G`$FOJ)L0fC(@G zCcp%k025#Wha`YmQA2dG)))z4F^5<|WYhEWx;61+)5ck?M{0Z_9b{!|9hzI=jdUDA zk~*xKQaZF@gVqN-Q6$srP?g3dSvP76E zS9GCrSWoE#2I+X1N~7e^@BRL}%B{g_r7}}fBT1+mzJ;N*c;-X;#~FxoSoun?tWk-( zsL}Xj6byYD=s(mQ9mCaYH+Ig#3_)7kR!DV72a5whS&${wlh3Ig+8`zjIY^!NNm_&S z6-NZ%Ul3l%T4PW<`0U2^M^`lDbtQ?zOqC@J@hl9g`7PBXnxyLJ1#?0;wN;Th&xZzU zs(Ea1Dyt?ATg<_UaQb%Bpw5*ZLrCt=%xNb&m&PVZ67@v}(|lOS@7q$jZ`%|1tI=K3 z&Y13F`+a_{#NOx5KK#ZRnK`1f_bJHSptXJg_NS!XP~VoOp&QZcke8|fL+jcIV|27C z-u;n}ayEhZQk3HqB3QY4eQRsuwryx-dv$PnU9LwEt(|KOB?9^7#@F9, search and replace -# - cluster_config , kubernetes cluster - -#NOTES -# - For local development/testing consider setting "oidc.verify_ssl" to false - -#Set global values to overide default -global: - studio: - superUser: "" - superuserPassword: "" - superuserEmail: "" - existingSecret: "" - storageClass: &storage_class microk8s-hostpath - -### A Postgres database for STACKn ### -# Here we use https://charts.bitnami.com/bitnami postgresql chart - -# Postgres deploy with a single-pod database: -postgresql: - enabled: true - postgresqlUsername: stackn - postgresqlPassword: "" - postgresqlDatabase: stackn - existingSecret: "" - fullnameOverride: stackn-studio-postgres - service: - port: 5432 - persistence: - enabled: true - size: 20Gi - storageClass: *storage_class - accessModes: - - ReadWriteMany - -# Will be added in future realease, for now keep "enabled:false" -postgresql-ha: - enabled: false - -### DEPLOY SECRETS WITH private helm chart 'secrets' from platform/secrets -## Name: imagePullSecret -## Description: Secret to pull images from our private repository. -imagePullSecrets: - - name: regcred - -## to create a regcred -## kubectl create secret docker-registry regcred --docker-server= --docker-username= --docker-password= - -#Set stoargeClass -storageClassName: *storage_class -namespace: default -existingSecret: "" - -studio: - servicename: studio - replicas: 1 - debug: true - static: - replicas: 1 - image: ghcr.io/morganekmefjord/stackn/ingress:master #This image can be built from Dockerfile.nginx inside stackn/components/studio (https://github.com/scaleoutsystems/stackn) - resources: - limits: - cpu: 1 - memory: 512Mi - requests: - cpu: 100m - memory: 256Mi - image: #tell which image to deploy for studio - repository: ghcr.io/morganekmefjord/stackn/studio:revamp_auth #This image can be built from Dockerfile inside stackn/components/studio (https://github.com/scaleoutsystems/stackn) - pullPolicy: Always # used to ensure that each time we redeploy always pull the latest image - resources: - limits: - cpu: 1000m - memory: 4Gi - requests: - cpu: 400m - memory: 2Gi - storage: - StorageClassName: *storage_class - size: 2Gi - media: - storage: - storageClassName: *storage_class - size: 5Gi - accessModes: ReadWriteMany - superUser: admin - superuserPassword: "" - superuserEmail: admin@test.com - -celeryWorkers: - replicas: 2 - resources: - requests: - cpu: 100m - memory: 1Gi - limits: - cpu: 1000m - memory: 8Gi - -# Enable ingress if you want your to access the studio solution from a kubernetes host/localhost. -domain: studio.10.0.145.40.nip.io -ingress: - enabled: true - image: #tell which image to deploy for studio - repository: ghcr.io/morganekmefjord/stackn/ingress:master #This image can be built from Dockerfile.nginx inside stackn/components/studio (https://github.com/scaleoutsystems/stackn) - pullPolicy: Always - annotations: {} - hosts: - - host: studio.10.0.145.40.nip.io - - # setup TLS if you have a platform certificate or use 'tls-acme' if you have certbot deployed and want to generate a certificate. - tls: - - secretName: prod-ingress - hosts: - - studio.10.0.145.40.nip.io - -service: - type: ClusterIP #override if you want to use NodePort instead to access cluster services - -# default credentials for rabbitmq. override in production! -rabbit: - username: admin - password: "" - -chartcontroller: - enabled: false - image: - repository: scaleoutsystems/chart-controller:master - pullPolicy: Always - branch: master - resources: - limits: - cpu: 200m - memory: 512Mi - requests: - cpu: 200m - memory: 512Mi - #addSecret -- if true create chart-controller-secret from cluster_config, if false it must be added manually - addSecret: true - - -### Cluster config ### -# kubectl config view --raw -cluster_config: |- - apiVersion: v1 - clusters: - - cluster: - certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREekNDQWZlZ0F3SUJBZ0lVU2FuRGtzSzFOVEVhMWVHOWFYREhVbmFpM3hFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0Z6RVZNQk1HQTFVRUF3d01NVEF1TVRVeUxqRTRNeTR4TUI0WERUSXhNRGt5TWpFeU5UazFOMW9YRFRNeApNRGt5TURFeU5UazFOMW93RnpFVk1CTUdBMVVFQXd3TU1UQXVNVFV5TGpFNE15NHhNSUlCSWpBTkJna3Foa2lHCjl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFyTnA4SWh0cTRRWHRPTklJcWxlTnlZbjdXTVZvMWxkR3ZzSmcKYnRlV29Zb1E1MFlEMitMdHRZWFM4WG5mYytHMEpLN3FTM3lyNWMvcEhpNTh5SGZ4QU5Vd3lsNEgwT01Lb2cwVwpKempXcTNQNWRVTGpMWDBZTy93ZzcrRmVBcGJ5SHUzcWVsTGJQNHJUUnBUU0xva2o2ZVJtS25MRUZVQ1YwZG55CjVTY0JtZ3pEbzdGVHM1ZzVTSUdpQ1NDa1ZTMmlvZE4xUWlTOTlnQi8yMVBSdXl3WXZLbVlSZENVRDVFMUVlL3AKZjVPQVh2ZTJkVEg2TytOUTQrS21UQnh1TC9Wd1pJR3NnQ3pTQURBNFFiQ1poa0FBdGd6R2RqaU1RRDBLbUh2WApqanVZMlNWVkcrS2Naa2puT2xNc0pZQk5aSjRmc3FQcXZxK055WHJ3V280aERGbkZZUUlEQVFBQm8xTXdVVEFkCkJnTlZIUTRFRmdRVW9lTjNSWlRiMk16Q0Z0Rkh5QU9jRjZtQWEwRXdId1lEVlIwakJCZ3dGb0FVb2VOM1JaVGIKMk16Q0Z0Rkh5QU9jRjZtQWEwRXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQwpBUUVBYm9LMWlTWmhzREdweEU3Y2dGazdLbmdRNDRuNGh3UXJENG9tNkdtZjBvalFyQ1JPaGRSaXBCb0oxZWdyCkJiRCtmcVNyTTFNdjd5QXIwMkVPQS85d2lrNkRrenl2RERGR1lyNVJHOUIwc2FFcmN4cVZjQzR3OVAvM3lKZFUKczZWVWlBUWhuNkJHYjJ0RW5rU0R0VVI4b0Y4Uyt6eStCY0VDOVl2SWNkbWZCS3hsMTg3dG0wRmpvVmhCNjBKbQoxNlhtMHhZbjhOekJWVmYvUlNIQ2ZzUW1Oa1dVdUUxQXFadU0vaXVKeitHRlpHczVJellONUxYR3JEREYxczJRClV3eERHL21QTFhDMVhjakxYVHNPcTc0QjRWOXNnQm1MTkdEMjdYdjhueFBGeEl2amEwb21xM0R4MW9qSmcxU1QKakIrVko0Qm1uSVQ0emlaTCtTMTR1WVpkeWc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - server: https://10.0.145.40:16443 - name: microk8s-cluster - contexts: - - context: - cluster: microk8s-cluster - user: admin - name: microk8s - current-context: microk8s - kind: Config - preferences: {} - users: - - name: admin - user: - token: RDdLMnk3dUcrTDAxY2NMM3N3UEk5VTMyREZOTTcrNlFxZkF3bWFUODZpdz0K - -# Django fixtures for defining: -# - app categories -# - object types (to categorize “objects”, often model objects). We might for instance want a few different -# categories such as “models”, “tensorflow models”, and “FEDn Compute Packages”). An object is a pointer to a file stored in S3. -# - Periodic Celery tasks. These are controlled from the Django database. By default, we have three tasks: One that syncs MLflow -# models to STACKn objects, one that checks app statuses, and one that checks resource usage. -fixtures: |- - [ - { - "model": "projects.projecttemplate", - "pk": 1, - "fields": { - "name": "STACKn Default", - "slug": "default", - "description": "Default project template.", - "template": { - "flavors": { - "Medium": { - "cpu": { - "requirement": "100m", - "limit": "1000m" - }, - "mem": { - "requirement": "1Gi", - "limit": "8Gi" - }, - "gpu": { - "requirement": "0", - "limit": "0" - }, - "ephmem": { - "requirement": "50Mi", - "limit": "100Mi" - } - } - }, - "environments": { - "Jupyter Notebook": { - "repository": "scaleoutsystems", - "image": "jupyter-stackn:v0.1.5", - "app": "lab" - }, - "Default Serving": { - "repository": "scaleoutsystems", - "image": "default-python:latest", - "app": "fastapi-serve" - }, - "MLflow Serving": { - "repository": "scaleoutsystems", - "image": "mlflow-serve:latest", - "app": "mlflow-serve" - }, - "Ubuntu": { - "repository": "scaleoutsystems", - "image": "wetty-ubuntu:v0.1.2", - "app": "ubuntu-terminal" - }, - "Dask": { - "repository": "daskdev", - "image": "dask", - "app": "dask-cluster" - }, - "FEDn Reducer": { - "repository": "scaleoutsystems", - "image": "fedn-reducer:master", - "app": "reducer" - }, - "FEDn Combiner": { - "repository": "scaleoutsystems", - "image": "fedn-combiner:master", - "app": "combiner" - } - }, - "apps": { - "minio-vol": { - "slug": "volume", - "volume.size": "5Gi", - "permission": "project" - }, - "reg-vol": { - "slug": "volume", - "volume.size": "5Gi", - "permission": "project" - }, - "project-vol": { - "slug": "volume", - "volume.size": "5Gi", - "permission": "project" - }, - "project-minio": { - "slug": "minio", - "app:volume": ["minio-vol"], - "credentials.access_key": "accesskey2", - "credentials.secret_key": "secretkey193", - "permission": "project" - }, - "project-registry": { - "slug": "docker_registry", - "app:volume": ["reg-vol"], - "credentials.username": "username123", - "credentials.password": "pass999111222", - "permission": "project" - } - }, - "settings": { - "project-S3": "project-minio" - } - } - } - }, - { - "model": "projects.projecttemplate", - "pk": 2, - "fields": { - "name": "FEDn MNIST", - "slug": "fedn-mnist", - "description": "FEDn MNIST project template.", - "template": { - "flavors": { - "CPU": { - "cpu": { - "requirement": "100m", - "limit": "4000m" - }, - "mem": { - "requirement": "1Gi", - "limit": "16Gi" - }, - "gpu": { - "requirement": "0", - "limit": "0" - }, - "ephmem": { - "requirement": "50Mi", - "limit": "100Mi" - } - } - }, - "environments": { - "Jupyter STACKn": { - "repository": "scaleoutsystems", - "image": "jupyter-stackn:v0.1.5", - "app": "lab" - }, - "Ubuntu": { - "repository": "scaleoutsystems", - "image": "wetty-ubuntu:v0.1.2", - "app": "ubuntu-terminal" - }, - "Dask": { - "repository": "daskdev", - "image": "dask", - "app": "dask-cluster" - }, - "FEDn Reducer": { - "repository": "scaleoutsystems", - "image": "fedn-reducer:master", - "app": "reducer" - }, - "FEDn Combiner": { - "repository": "scaleoutsystems", - "image": "fedn-combiner:master", - "app": "combiner" - }, - "MNIST Client": { - "repository": "scaleoutsystems", - "image": "mnist-client:v0.6.0", - "app": "fedn-client" - } - }, - "apps": { - "minio-vol": { - "slug": "volume", - "volume.size": "20Gi", - "permission": "private" - }, - "reg-vol": { - "slug": "volume", - "volume.size": "20Gi", - "permission": "private" - }, - "project-vol": { - "slug": "volume", - "volume.size": "20Gi", - "permission": "private" - }, - "mongodb-vol": { - "slug": "volume", - "volume.size": "5Gi", - "permission": "private" - }, - "combiner-vol": { - "slug": "volume", - "volume.size": "5Gi", - "permission": "private" - }, - "S3 store": { - "slug": "minio", - "app:volume": ["minio-vol"], - "credentials.access_key": "accesskey2", - "credentials.secret_key": "secretkey193" - }, - "FEDn MongoDB": { - "slug": "mongodb", - "app:volume": ["mongodb-vol"], - "credentials.username": "admin", - "credentials.password": "password" - }, - "FEDn MongoExpress": { - "slug": "mongo-express", - "app:mongodb": ["FEDn MongoDB"] - }, - "Docker Registry": { - "slug": "docker_registry", - "app:volume": ["reg-vol"], - "credentials.username": "username123", - "credentials.password": "pass999111222" - }, - "Reducer": { - "slug": "reducer", - "S3": "S3 store", - "environment": "FEDn Reducer", - "app:mongodb": ["FEDn MongoDB"], - "app:docker_registry": ["Docker Registry"], - "reducer.pullPolicy": "IfNotPresent" - }, - "Combiner": { - "slug": "combiner", - "app:volume": ["combiner-vol"], - "app:reducer": ["Reducer"], - "environment": "FEDn Combiner", - "combiner.pullPolicy": "IfNotPresent" - } - }, - "settings": { - "project-S3": "S3 store" - } - } - } - }, - { - "model": "apps.appcategories", - "pk": "compute", - "fields": { - "name": "Compute" - } - }, - { - "model": "apps.appcategories", - "pk": "fedn", - "fields": { - "name": "FEDn" - } - }, - { - "model": "apps.appcategories", - "pk": "develop", - "fields": { - "name": "Develop" - } - }, - { - "model": "apps.appcategories", - "pk": "serve", - "fields": { - "name": "Serve" - } - }, - { - "model": "apps.appcategories", - "pk": "store", - "fields": { - "name": "Store" - } - }, - { - "model": "apps.apps", - "pk": 1, - "fields": { - "name": "Jupyter Lab", - "slug": "lab", - "category": "compute", - "table_field": { - "url": "https://{{ release }}.{{ global.domain }}" - }, - "description": "", - "priority": "500", - "settings": { - "apps": { - "Persistent Volume": "many" - }, - "flavor": "one", - "environment": { - "name": "from", - "title": "Image", - "quantity": "one", - "type": "match" - }, - "permissions": { - "public": { - "value": "false", - "option": "false" - }, - "project": { - "value": "true", - "option": "true" - }, - "private": { - "value": "false", - "option": "true" - } - }, - "export-cli": "True" - }, - "chart": "apps/lab/chart", - "logo": "apps/lab/logo.png", - "updated_on": "2021-03-10T19:45:03.927Z", - "created_on": "2021-02-19T21:34:37.815Z" - } - }, - { - "model": "apps.apps", - "pk": 2, - "fields": { - "name": "Persistent Volume", - "slug": "volume", - "category": "store", - "table_field": {}, - "description": "", - "priority": "600", - "settings": { - "volume": { - "size": { - "type": "string", - "default": "1Gi", - "title": "Size" - }, - "storageClass": { - "type": "string", - "default": "", - "title": "StorageClass" - }, - "accessModes": { - "type": "string", - "default": "ReadWriteMany", - "title": "AccessModes" - } - }, - "permissions": { - "public": { - "value": "false", - "option": "false" - }, - "project": { - "value": "true", - "option": "true" - }, - "private": { - "value": "false", - "option": "true" - } - } - }, - "chart": "apps/volume/chart", - "logo": "apps/volume/logo.png", - "updated_on": "2021-03-10T19:45:03.927Z", - "created_on": "2021-02-19T21:34:37.815Z" - } - }, - { - "model": "django_celery_beat.intervalschedule", - "pk": 1, - "fields": { - "every": 3, - "period": "seconds" - } - }, - { - "model": "django_celery_beat.intervalschedule", - "pk": 2, - "fields": { - "every": 15, - "period": "seconds" - } - }, - { - "model": "django_celery_beat.periodictask", - "pk": 1, - "fields": { - "name": "celery.backend_cleanup", - "task": "celery.backend_cleanup", - "interval": 1, - "crontab": null, - "solar": null, - "clocked": null, - "args": "[]", - "kwargs": "{}", - "queue": null, - "exchange": null, - "routing_key": null, - "headers": "{}", - "priority": null, - "expires": null, - "expire_seconds": 43200, - "one_off": false, - "start_time": null, - "enabled": true, - "last_run_at": null, - "total_run_count": 0, - "date_changed": "2021-02-26T13:49:34.038Z", - "description": "" - } - }, - { - "model": "django_celery_beat.periodictask", - "pk": 2, - "fields": { - "name": "check_resource_usage", - "task": "apps.tasks.get_resource_usage", - "interval": 2, - "crontab": null, - "solar": null, - "clocked": null, - "args": "[]", - "kwargs": "{}", - "queue": null, - "exchange": null, - "routing_key": null, - "headers": "{}", - "priority": null, - "expires": null, - "expire_seconds": null, - "one_off": false, - "start_time": null, - "enabled": true, - "last_run_at": "2021-02-26T14:03:34.731Z", - "total_run_count": 45, - "date_changed": "2021-02-26T14:03:40.178Z", - "description": "" - } - }, - { - "model": "django_celery_beat.periodictask", - "pk": 3, - "fields": { - "name": "check_app_status", - "task": "apps.tasks.check_status", - "interval": 1, - "crontab": null, - "solar": null, - "clocked": null, - "args": "[]", - "kwargs": "{}", - "queue": null, - "exchange": null, - "routing_key": null, - "headers": "{}", - "priority": null, - "expires": null, - "expire_seconds": null, - "one_off": false, - "start_time": null, - "enabled": true, - "last_run_at": "2021-02-26T14:03:37.169Z", - "total_run_count": 174, - "date_changed": "2021-02-26T14:03:40.168Z", - "description": "" - } - }, - { - "model": "models.objecttype", - "pk": 1, - "fields": { - "name": "Model", - "slug": "model", - "apps": [] - } - }, - { - "model": "models.objecttype", - "pk": 2, - "fields": { - "name": "FEDn Client", - "slug": "fedn-client", - "apps": [] - } - }, - { - "model": "models.objecttype", - "pk": 3, - "fields": { - "name": "MLFlow Model", - "slug": "mlflow-model", - "apps": [] - } - } - ] - -docker-registry: - enabled: false - ingress: - enabled: true - annotations: - nginx.ingress.kubernetes.io/proxy-body-size: "5500m" - hosts: - - registry.10.0.145.40.nip.io - tls: - - secretName: prod-ingress - hosts: - - registry.10.0.145.40.nip.io - - persistence: - enabled: true - accessMode: ReadWriteOnce - size: 2Gi - storageClass: *storage_class - -reloader: - enabled: true - namespace: default - reloader: - watchGlobally: false - -labs: - ingress: - secretName: prod-ingress - -prometheus: - enabled: false - -loki-stack: - enabled: false - -grafana: - enabled: false - diff --git a/scaleout/stackn/templates/_helper.tpl b/scaleout/stackn/templates/_helper.tpl index 926d296..679b13a 100644 --- a/scaleout/stackn/templates/_helper.tpl +++ b/scaleout/stackn/templates/_helper.tpl @@ -17,7 +17,7 @@ Return true if we should use an existingSecret. {{- end -}} {{/* -Get the password secret. +Get the STACKn password secret. */}} {{- define "stackn.secretName" -}} {{- if .Values.global.existingSecret }} @@ -70,17 +70,29 @@ Return STACKn studio superuser email {{/* -Get the password secret. +Return STACKn studio postgres password */}} -{{- define "stackn.studio.postgresql.secretName" -}} -{{- if .Values.postgresql.existingSecret -}} - {{- printf "%s" (tpl .Values.existingSecret $) -}} +{{- define "stackn.studio.postgres.password" -}} +{{- if .Values.postgresql.postgresqlPassword -}} + {{- .Values.postgresql.postgresqlPassword -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + +{{/* +Return STACKn studio postgresql-postgres password +*/}} +{{- define "stackn.studio.postgresql-postgres.password" -}} +{{- if .Values.postgresql.postgresqlPostgresPassword -}} + {{- .Values.postgresql.postgresqlPostgresPassword -}} {{- else -}} - {{- printf "%s" .Values.postgresql.fullnameOverride -}} + {{- randAlphaNum 10 -}} {{- end -}} {{- end -}} + {{/* Return STACKn rabbit password */}} diff --git a/scaleout/stackn/templates/basic-secrets.yaml b/scaleout/stackn/templates/basic-secrets.yaml index a6da9c5..c307c15 100644 --- a/scaleout/stackn/templates/basic-secrets.yaml +++ b/scaleout/stackn/templates/basic-secrets.yaml @@ -10,4 +10,6 @@ type: Opaque data: studio-superuser-password: {{ include "stackn.studio.superuser.password" . | b64enc | quote }} rabbit-password: {{ include "stackn.rabbit.password" . | b64enc | quote }} + postgresql-password: {{ include "stackn.studio.postgres.password" . | b64enc | quote }} + postgresql-postgres-password: {{ include "stackn.studio.postgresql-postgres.password" . | b64enc | quote }} {{- end -}} \ No newline at end of file diff --git a/scaleout/stackn/templates/celery-beat-deployment.yaml b/scaleout/stackn/templates/celery-beat-deployment.yaml index 1cb08e8..49b1322 100644 --- a/scaleout/stackn/templates/celery-beat-deployment.yaml +++ b/scaleout/stackn/templates/celery-beat-deployment.yaml @@ -29,25 +29,43 @@ spec: initContainers: - name: wait-for-db image: postgres - command: ['sh', '-c', 'until pg_isready --host={{ .Values.postgresql.fullnameOverride }}.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local --port={{ .Values.postgresql.service.port }}; do echo waiting for database; sleep 2; done;'] + command: ['sh', '-c', 'until pg_isready --host={{ .Values.postgresql.fullnameOverride }}.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local --port={{ .Values.postgresql.service.port }}; do echo waiting for database; sleep 5; done;'] resources: limits: - cpu: 100m - memory: 512Mi + cpu: "100m" + memory: "512Mi" requests: - cpu: 100m - memory: 512Mi + cpu: "100m" + memory: "512Mi" + - name: wait-for-studio + image: busybox + command: ['sh', '-c', "until nslookup {{ .Release.Name }}-{{ .Values.studio.servicename }}.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for {{ .Release.Name }}-{{ .Values.studio.servicename }} service; sleep 30; done"] + resources: + limits: + cpu: "100m" + memory: "512Mi" + requests: + cpu: "100m" + memory: "512Mi" containers: - args: - sh - ./scripts/run_beat.sh env: + - name: BASE_PATH + value: "/app" + - name: KUBECONFIG + value: "/app/chartcontroller/kubeconfig/config" - name: GET_HOSTS_FROM value: dns + - name: POSTGRES_DB + value: {{ .Values.postgresql.postgresqlDatabase }} + - name: POSTGRES_USER + value: {{ .Values.postgresql.postgresqlUsername }} - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: {{ include "stackn.studio.postgresql.secretName" . }} + name: {{ include "stackn.secretName" . }} key: postgresql-password - name: RABBITMQ_DEFAULT_PASS valueFrom: diff --git a/scaleout/stackn/templates/celery-flower.yaml b/scaleout/stackn/templates/celery-flower.yaml deleted file mode 100644 index e059594..0000000 --- a/scaleout/stackn/templates/celery-flower.yaml +++ /dev/null @@ -1,84 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - kompose.cmd: kompose convert - kompose.version: 1.20.0 () - creationTimestamp: null - labels: - io.kompose.service: {{ .Release.Name }}-celery-flower - name: {{ .Release.Name }}-celery-flower - name: {{ .Release.Name }}-celery-flower -spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - name: {{ .Release.Name }}-celery-flower - template: - metadata: - annotations: - kompose.cmd: kompose convert - kompose.version: 1.20.0 () - creationTimestamp: null - labels: - io.kompose.service: {{ .Release.Name }}-celery-flower - name: {{ .Release.Name }}-celery-flower - spec: - initContainers: - - name: wait-for-db - image: postgres - command: ['sh', '-c', 'until pg_isready --host={{ .Values.postgresql.fullnameOverride }}.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local --port={{ .Values.postgresql.service.port }}; do echo waiting for database; sleep 2; done;'] - resources: - limits: - cpu: 100m - memory: 512Mi - requests: - cpu: 100m - memory: 512Mi - containers: - - args: - - sh - - ./scripts/run_flower.sh - env: - - name: GET_HOSTS_FROM - value: dns - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "stackn.studio.postgresql.secretName" . }} - key: postgresql-password - - name: RABBITMQ_DEFAULT_PASS - valueFrom: - secretKeyRef: - name: {{ include "stackn.secretName" . }} - key: rabbit-password - image: {{ .Values.studio.image.repository }} - imagePullPolicy: Always - name: {{ .Release.Name }}-celery-flower - resources: - limits: - cpu: "500m" - memory: "4Gi" - requests: - cpu: "100m" - memory: "512Mi" - volumeMounts: - - mountPath: /app/studio/settings.py - subPath: settings.py - name: {{ .Release.Name}}-settings-configmap - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - restartPolicy: Always - volumes: - - name: {{ .Release.Name}}-settings-configmap - configMap: - name: {{ .Release.Name}}-settings-configmap - items: - - key: settings.py - path: settings.py - -status: {} diff --git a/scaleout/stackn/templates/celery-worker-deployment.yaml b/scaleout/stackn/templates/celery-worker-deployment.yaml index f3d4b0f..21a7052 100644 --- a/scaleout/stackn/templates/celery-worker-deployment.yaml +++ b/scaleout/stackn/templates/celery-worker-deployment.yaml @@ -27,31 +27,45 @@ spec: initContainers: - name: wait-for-db image: postgres - command: ['sh', '-c', 'until pg_isready --host={{ .Values.postgresql.fullnameOverride }}.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local --port={{ .Values.postgresql.service.port }}; do echo waiting for database; sleep 2; done;'] + command: ['sh', '-c', 'until pg_isready --host={{ .Values.postgresql.fullnameOverride }}.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local --port={{ .Values.postgresql.service.port }}; do echo waiting for database; sleep 5; done;'] resources: limits: - cpu: 100m - memory: 512Mi + cpu: "100m" + memory: "512Mi" requests: - cpu: 100m - memory: 512Mi + cpu: "100m" + memory: "512Mi" + - name: wait-for-studio + image: busybox + command: ['sh', '-c', "until nslookup {{ .Release.Name }}-{{ .Values.studio.servicename }}.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for {{ .Release.Name }}-{{ .Values.studio.servicename }} service; sleep 5; done"] + resources: + limits: + cpu: "100m" + memory: "512Mi" + requests: + cpu: "100m" + memory: "512Mi" containers: - args: - sh - ./scripts/run_worker.sh env: + - name: BASE_PATH + value: "/app" - name: GET_HOSTS_FROM value: dns - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: {{ include "stackn.studio.postgresql.secretName" . }} + name: {{ include "stackn.secretName" . }} key: postgresql-password - name: RABBITMQ_DEFAULT_PASS valueFrom: secretKeyRef: name: {{ include "stackn.secretName" . }} key: rabbit-password + - name: KUBECONFIG + value: "/app/chartcontroller/kubeconfig/config" image: {{ .Values.studio.image.repository }} imagePullPolicy: Always name: {{ .Release.Name }}-celery-worker @@ -64,7 +78,7 @@ spec: memory: {{ .Values.celeryWorkers.resources.requests.memory }} volumeMounts: - name: config - mountPath: "/app/chartcontroller/config/" + mountPath: "/app/chartcontroller/kubeconfig/" readOnly: true - mountPath: /app/studio/settings.py subPath: settings.py diff --git a/scaleout/stackn/templates/chart-controller-secret.yaml b/scaleout/stackn/templates/chart-controller-secret.yaml index 3d42dbc..e739306 100644 --- a/scaleout/stackn/templates/chart-controller-secret.yaml +++ b/scaleout/stackn/templates/chart-controller-secret.yaml @@ -1,11 +1,9 @@ {{- if .Values.chartcontroller.addSecret }} - apiVersion: v1 kind: Secret metadata: name: {{ .Release.Name }}-chart-controller-secret type: Opaque -stringData: - config: {{ toYaml .Values.cluster_config | indent 2 }} - +data: + config: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIGNlcnRpZmljYXRlLWF1dGhvcml0eS1kYXRhOiBMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VSRWVrTkRRV1psWjBGM1NVSkJaMGxWUTIxSGJESlRkMEkwZURZMWNGZDViWEEwTkVseGNXaEZWbVpqZDBSUldVcExiMXBKYUhaalRrRlJSVXdLUWxGQmQwWjZSVlpOUWsxSFFURlZSVUYzZDAxTlZFRjFUVlJWZVV4cVJUUk5lVFI0VFVJMFdFUlVTWGhOVkVWNVRXcEJORTE2U1hkT2JHOVlSRlJOZUFwTlZFVjVUVVJCTkUxNlNYZE9iRzkzUm5wRlZrMUNUVWRCTVZWRlFYZDNUVTFVUVhWTlZGVjVUR3BGTkUxNU5IaE5TVWxDU1dwQlRrSm5hM0ZvYTJsSENqbDNNRUpCVVVWR1FVRlBRMEZST0VGTlNVbENRMmRMUTBGUlJVRnhRVzVYUm1FNWVHSldVSEJVUm5Gb1RtSkZRa05IT1RoUFpHSlhaWEJ3TTBkREsxQUtUa2hRYnpGUWVsaG5NMFZrYWpkbVkwTlFSRzFRUlZsd2FVc3ZZVWh6VW1oUFkxQXpaME12UVc4eVIyeFNOR0oyVTB0bFlrWjRTbEZyYTNCNGNFazJVQXBtVG1reWRrOVlaa1V6T1ZsRGNqbE9ibmN4ZW1WcFdqTTBkMmROUm1sMFpVSnRiMlV3WkRKMlVtdHFVekZhTVRsdk5VeG1lRVJ0YzIxbVJYWk5ZbWR0Q25jNUswSkVPRW8xVm1VcllXNW1lVUVyYjFrdlZFMUJWbGhUTXprck1FMURhVzFuVDJaUFNpdGliMnc0WlRSRFlsWkxWRUZFT1dwcVNGVkRRamR5T0VrS1JGTllkMmhNTWpscWFIb3ZPREZ5VDA5aU9YRmFOV1pqYVVwRE1EVmFRemRtYzJJM01XaHBhR3hrVkhZMlVVMTFURk5MWWpWblVWTllNMkYxT1ZwUmJncDRSR00yV0Uxc1JtWXhVRU5vTDFjMFpIRjNaalJFYVZjMGN6bDRiR2h5YVhRM09IQnRhR3BLYUhCMU5FUnBhRFpJZDBsRVFWRkJRbTh4VFhkVlZFRmtDa0puVGxaSVVUUkZSbWRSVlVSalJsbzRaMkpwYjJ0eE1rdGxaRFp3VTNsS1drOTRhVTl0WjNkSWQxbEVWbEl3YWtKQ1ozZEdiMEZWUkdOR1dqaG5ZbWtLYjJ0eE1rdGxaRFp3VTNsS1drOTRhVTl0WjNkRWQxbEVWbEl3VkVGUlNDOUNRVlYzUVhkRlFpOTZRVTVDWjJ0eGFHdHBSemwzTUVKQlVYTkdRVUZQUXdwQlVVVkJibTVPT1Vzck5rTmtSMjVTVlZneVlUazFjMVpTWkZreVVpOXlaMVl4ZUhCa1pXWTFNVFlyVkVOTk5tWkRiVVZHYVZSV1dHOUhjME0zZGtoM0NucFZWazVTYTNaUVNYVmpWUzlFZVZCaWIycHhSVkpYYjJsclduUlVZMDFwVlZOaWVUZGFSM294YjA1WVoycHBTUzlsTkRsQ04yWmlVMDVtUTI5dlJ6a0tjazU1TURKUlFYbHRUWHByTmpOQ1YxSk1ZbEpJZVRkeE4yWnNXRlJRVVhaWGJteHBZMk5tVWpCdmVFVlZUMGRLZVhwbVNEWXZSeXRVZGtSaVRHMHdid3BHVEN0NVVIWnNPREIxYzBWcU1taEZaM2ROVDB3M09VOTJSbkIxYUdOMGRHNXFjM0UxWTBsdFZFRldZVlY2T0doS1JqRXJObkJVWlRSbkt6ZHBVSGxHQ25GRWJHOHdhWEZQTVdNNWJFdGlVVFZVVHl0SU5EVkdORVZUVWpONE5WUmlkbVUxUmpCWFUwZEthakJ0U0d3MUwwaEJhM1JtYVRoWFNtSmxSSEJKWm5JS1FpdFZNVTFrUmxkdlpVazRNMkZ1TkZjNGNuTXdRMHg1UVVFOVBRb3RMUzB0TFVWT1JDQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENnPT0KICAgIHNlcnZlcjogaHR0cHM6Ly8xOTIuMTY4LjAuMzI6MTY0NDMKICBuYW1lOiBtaWNyb2s4cy1jbHVzdGVyCmNvbnRleHRzOgotIGNvbnRleHQ6CiAgICBjbHVzdGVyOiBtaWNyb2s4cy1jbHVzdGVyCiAgICB1c2VyOiBhZG1pbgogIG5hbWU6IG1pY3JvazhzCmN1cnJlbnQtY29udGV4dDogbWljcm9rOHMKa2luZDogQ29uZmlnCnByZWZlcmVuY2VzOiB7fQp1c2VyczoKLSBuYW1lOiBhZG1pbgogIHVzZXI6CiAgICB0b2tlbjogYzBoMFRsVnlNRzVYUjFBcmMxVnFaek0xZWtkR1IzbE5jWGRXU0hFd1YwdHJUV1ZNVlZsa1VtVndPRDBLCg== {{- end }} diff --git a/scaleout/stackn/templates/fixtures-configmap.yaml b/scaleout/stackn/templates/fixtures-configmap.yaml deleted file mode 100644 index facf355..0000000 --- a/scaleout/stackn/templates/fixtures-configmap.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.fixtures }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-fixtures-configmap -data: - fixtures.json: {{ .Values.fixtures | quote }} -{{- end }} \ No newline at end of file diff --git a/scaleout/stackn/templates/studio-admin-rolebinding.yaml b/scaleout/stackn/templates/studio-admin-rolebinding.yaml new file mode 100644 index 0000000..016c005 --- /dev/null +++ b/scaleout/stackn/templates/studio-admin-rolebinding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: stackn-admin + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: admin +subjects: +- kind: ServiceAccount + name: default + namespace: default + diff --git a/scaleout/stackn/templates/studio-deployment.yaml b/scaleout/stackn/templates/studio-deployment.yaml index 1c1ad29..b6a7d7f 100644 --- a/scaleout/stackn/templates/studio-deployment.yaml +++ b/scaleout/stackn/templates/studio-deployment.yaml @@ -26,11 +26,11 @@ spec: command: ['sh', '-c', 'until pg_isready --host={{ .Values.postgresql.fullnameOverride }}.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local --port={{ .Values.postgresql.service.port }}; do echo waiting for database; sleep 2; done;'] resources: limits: - cpu: 100m - memory: 512Mi + cpu: "100m" + memory: "512Mi" requests: - cpu: 100m - memory: 512Mi + cpu: "100m" + memory: "512Mi" containers: - args: - sh @@ -40,32 +40,39 @@ spec: - name: DEBUG value: "true" {{ end }} + - name: DJANGO_SUPERUSER + value: {{ include "stackn.studio.superuser" . }} + - name: DJANGO_SUPERUSER_EMAIL + value: {{ include "stackn.studio.superuser.email" . }} + - name: DJANGO_SUPERUSER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "stackn.secretName" . }} + key: studio-superuser-password - name: GET_HOSTS_FROM value: dns - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: {{ include "stackn.studio.postgresql.secretName" . }} + name: {{ include "stackn.secretName" . }} key: postgresql-password - name: RABBITMQ_DEFAULT_PASS valueFrom: secretKeyRef: name: {{ include "stackn.secretName" . }} key: rabbit-password - + - name: KUBECONFIG + value: "/app/chartcontroller/kubeconfig/config" image: {{ .Values.studio.image.repository }} imagePullPolicy: Always name: {{ .Release.Name }}-studio volumeMounts: - - name: config - mountPath: "/app/chartcontroller/config/" + - name: kubeconfig + mountPath: "/app/chartcontroller/kubeconfig/" readOnly: true - mountPath: /app/studio/settings.py subPath: settings.py name: {{ .Release.Name}}-settings-configmap - - mountPath: /app/projects/fixtures/fixtures.json - subPath: fixtures.json - name: {{ .Release.Name }}-fixtures-configmap - name: mediavol mountPath: /media resources: @@ -82,7 +89,7 @@ spec: {{- end }} restartPolicy: Always volumes: - - name: config + - name: kubeconfig secret: secretName: {{ .Release.Name }}-chart-controller-secret - name: {{ .Release.Name}}-settings-configmap @@ -91,12 +98,6 @@ spec: items: - key: settings.py path: settings.py - - name: {{ .Release.Name }}-fixtures-configmap - configMap: - name: {{ .Release.Name }}-fixtures-configmap - items: - - key: fixtures.json - path: fixtures.json - name: mediavol persistentVolumeClaim: claimName: {{ .Release.Name }}-studio-media diff --git a/scaleout/stackn/templates/studio-post-install.yaml b/scaleout/stackn/templates/studio-post-install.yaml deleted file mode 100644 index ce81c46..0000000 --- a/scaleout/stackn/templates/studio-post-install.yaml +++ /dev/null @@ -1,94 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-post-install - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - annotations: - # This is what defines this resource as a hook. Without this line, the - # job is considered part of the release. - "helm.sh/hook": post-install - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - metadata: - name: {{ .Release.Name }}-post-install - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - spec: - restartPolicy: Never - containers: - - name: post-install-job - image: {{ .Values.studio.image.repository }} - command: ["/bin/sh"] - args: ["-c", "python3 manage.py createsuperuser --email {{ include "stackn.studio.superuser.email" . }} --username {{ include "stackn.studio.superuser" . }} --noinput && python3 manage.py loaddata fixtures.json"] - env: - {{ if .Values.studio.debug }} - - name: DEBUG - value: "true" - {{ end }} - - name: GET_HOSTS_FROM - value: dns - - name: DJANGO_SUPERUSER_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "stackn.secretName" . }} - key: studio-superuser-password - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "stackn.studio.postgresql.secretName" . }} - key: postgresql-password - image: {{ .Values.studio.image.repository }} - imagePullPolicy: Always - volumeMounts: - - name: config - mountPath: "/app/chartcontroller/config/" - readOnly: true - - mountPath: /app/studio/settings.py - subPath: settings.py - name: {{ .Release.Name}}-settings-configmap - - mountPath: /app/projects/fixtures/fixtures.json - subPath: fixtures.json - name: {{ .Release.Name }}-fixtures-configmap - - name: mediavol - mountPath: /media - resources: - limits: - cpu: {{ .Values.studio.resources.limits.cpu }} - memory: {{ .Values.studio.resources.limits.memory }} - requests: - cpu: {{ .Values.studio.resources.requests.cpu }} - memory: {{ .Values.studio.resources.requests.memory }} - - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - restartPolicy: OnFailure - volumes: - - name: config - secret: - secretName: {{ .Release.Name }}-chart-controller-secret - - name: {{ .Release.Name}}-settings-configmap - configMap: - name: {{ .Release.Name}}-settings-configmap - items: - - key: settings.py - path: settings.py - - name: {{ .Release.Name }}-fixtures-configmap - configMap: - name: {{ .Release.Name }}-fixtures-configmap - items: - - key: fixtures.json - path: fixtures.json - - name: mediavol - persistentVolumeClaim: - claimName: {{ .Release.Name }}-studio-media - diff --git a/scaleout/stackn/templates/studio-service.yaml b/scaleout/stackn/templates/studio-service.yaml index 26cc27c..39c2e8b 100644 --- a/scaleout/stackn/templates/studio-service.yaml +++ b/scaleout/stackn/templates/studio-service.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: Service metadata: - name: {{ .Release.Name }}-studio + name: {{ .Release.Name }}-{{ .Values.studio.servicename }} spec: ports: - name: "8080" port: 8080 targetPort: 8080 selector: - name: {{ .Release.Name }}-studio + name: {{ .Release.Name }}-{{ .Values.studio.servicename }} status: loadBalancer: {} diff --git a/scaleout/stackn/templates/studio-settings-configmap.yaml b/scaleout/stackn/templates/studio-settings-configmap.yaml index c207ed4..7c0e526 100644 --- a/scaleout/stackn/templates/studio-settings-configmap.yaml +++ b/scaleout/stackn/templates/studio-settings-configmap.yaml @@ -64,12 +64,13 @@ data: 'rest_framework', 'rest_framework.authtoken', 'api', + 'apps', + 'deployments', 'monitor', - 'projects', 'models', - 'deployments', - 'apps', + 'projects', 'portal', + 'register', 'tagulous', 'django_celery_beat', 'oauth2_provider', @@ -99,14 +100,22 @@ data: 'corsheaders.middleware.CorsMiddleware', ] + ROOT_URLCONF = 'studio.urls' + + # Tagulous serialization settings + SERIALIZATION_MODULES = { + 'xml': 'tagulous.serializers.xml_serializer', + 'json': 'tagulous.serializers.json', + 'python': 'tagulous.serializers.python', + 'yaml': 'tagulous.serializers.pyyaml', + } + STATICFILES_FINDERS = ( 'django.contrib.staticfiles.finders.FileSystemFinder', 'django.contrib.staticfiles.finders.AppDirectoriesFinder', 'compressor.finders.CompressorFinder', ) - ROOT_URLCONF = 'studio.urls' - TEMPLATE_LOADERS = ( 'django.template.loaders.filesystem.Loader', 'django.template.loaders.app_directories.Loader', diff --git a/scaleout/stackn/values-utility-script.sh b/scaleout/stackn/values-utility-script.sh new file mode 100644 index 0000000..abebaf1 --- /dev/null +++ b/scaleout/stackn/values-utility-script.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +# v0.1.0 +# Script can be improved by for example taking into account that this works only first time +# Later times strings such as and will already be overwritten + +set -e + +echo "Running the utility script for setting up variables within the values.yaml file..." +# Extract currently assigned IP address (which is connected to Internet!) + +echo "Extracting IP address..." +my_ip=$(ip route get 8.8.8.8 | awk -F"src " 'NR==1{split($2,a," ");print a[1]}') +echo "Your current IP address is: $my_ip" + +# Extract used network interface - Just for sysadmin purposes +#my_interface=$(ip route get 8.8.8.8 | awk -F"dev " 'NR==1{split($2,a," ");print a[1]}') + +# Replace field with extracted IP adress in values.yaml file +echo "Replacing $my_ip inside the values.yaml file..." +echo "Appending nip.io wildcardars..." +sed -i "s//$my_ip.nip.io/g" ./my-revamp-values.yaml +echo "Your current STACKn domain will be: $my_ip.nip.io" + + +# Generate k8s cluster config file - NOTE: we assume that microk8s is already installed and configured +cluster_config=$(microk8s.config | base64 | tr -d '\n') + +# Replace field in the chart-controller-secret.yaml file with the above create variable +sed -i "s//$cluster_config/g" ./templates/chart-controller-secret.yaml + +echo "Done" + diff --git a/scaleout/stackn/values.yaml b/scaleout/stackn/values.yaml new file mode 100644 index 0000000..b19f4df --- /dev/null +++ b/scaleout/stackn/values.yaml @@ -0,0 +1,150 @@ +# This is a YAML-formatted file. +# Declare variables to be passed into STACKn templates. + +# REQUIREMENT: +# - set a storage class with ability to serve ReadWriteMany +# Name: storageClassName, and/or set anchor &śtorage_class +# Description: Set a storage class for the resources that are reused for multi-mount-points in cluster. To reduce wasteful copying we allow to use the same dataset volume to be mounted multiple times. +# Default: microk8s-hostpath, use nfs-client for docker-for-desktop + +#Set global values to overide default +global: + studio: + superUser: "" + superuserPassword: "" + superuserEmail: "" + existingSecret: + storageClass: &storage_class microk8s-hostpath + +#Set stoargeClass +storageClassName: *storage_class +namespace: default +existingSecret: "" + +studio: + servicename: studio + replicas: 1 + debug: true + static: + replicas: 1 + image: ghcr.io/morganekmefjord/stackn/ingress:master #This image can be built from Dockerfile.nginx inside stackn/components/studio (https://github.com/scaleoutsystems/stackn) + resources: + limits: + cpu: 1 + memory: "512Mi" + requests: + cpu: "100m" + memory: "256Mi" + image: #tell which image to deploy for studio + repository: scaleoutsystems/carmat-dev:revamp #This image can be built from Dockerfile inside stackn/components/studio (https://github.com/scaleoutsystems/stackn) + pullPolicy: Always # used to ensure that each time we redeploy always pull the latest image + resources: + limits: + cpu: "1000m" + memory: "4Gi" + requests: + cpu: "400m" + memory: "2Gi" + storage: + StorageClassName: *storage_class + size: "2Gi" + media: + storage: + storageClassName: *storage_class + size: "5Gi" + accessModes: ReadWriteMany + superUser: admin + superuserPassword: "" + superuserEmail: admin@test.com + +# Enable ingress if you want your to access the studio solution from a kubernetes host/localhost. +domain: studio. +ingress: + enabled: true + image: #tell which image to deploy for studio + repository: ghcr.io/morganekmefjord/stackn/ingress:master #This image can be built from Dockerfile.nginx inside stackn/components/studio (https://github.com/scaleoutsystems/stackn) + pullPolicy: Always + annotations: {} + hosts: + - host: studio. + # setup TLS if you have a platform certificate or use 'tls-acme' if you have certbot deployed and want to generate a certificate. + tls: + - secretName: prod-ingress + hosts: + - studio. + +### A Postgres database for STACKn ### +# Here we use https://charts.bitnami.com/bitnami postgresql chart + +# Postgres deploy with a single-pod database: +postgresql: + enabled: true + postgresqlUsername: stackn + postgresqlPassword: stackn + postgresqlPostgresPassword: stackn #NOTE! To be changed in production! + postgresqlDatabase: stackn + existingSecret: stackn + fullnameOverride: stackn-studio-postgres + service: + port: 5432 + persistence: + enabled: true + size: "20Gi" + storageClass: *storage_class + accessModes: + - ReadWriteMany + +# Will be added in future realease, for now keep "enabled:false" +postgresql-ha: + enabled: false + +### DEPLOY SECRETS WITH private helm chart 'secrets' from platform/secrets +## Name: imagePullSecret +## Description: Secret to pull images from our private repository. +imagePullSecrets: + - name: regcred + +## to create a regcred +## kubectl create secret docker-registry regcred --docker-server= --docker-username= --docker-password= + +celeryWorkers: + replicas: 2 + resources: + requests: + cpu: "100m" + memory: "1Gi" + limits: + cpu: "1000m" + memory: "8Gi" + +# default credentials for rabbitmq. override in production! +rabbit: + username: admin + password: "" + +reloader: + enabled: true + namespace: default + reloader: + watchGlobally: false + +labs: + ingress: + secretName: prod-ingress + +chartcontroller: + enabled: false + #addSecret -- if true create chart-controller-secret from cluster_config, if false it must be added manually + addSecret: true + +docker-registry: + enabled: false + +prometheus: + enabled: false + +loki-stack: + enabled: false + +grafana: + enabled: false From ecd869fba93aa08c48d01d8f00e302530624d1b7 Mon Sep 17 00:00:00 2001 From: carmat88 Date: Tue, 7 Dec 2021 18:50:59 +0100 Subject: [PATCH 04/23] Adding crispy form in studio settings --- scaleout/stackn/templates/studio-settings-configmap.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scaleout/stackn/templates/studio-settings-configmap.yaml b/scaleout/stackn/templates/studio-settings-configmap.yaml index 7c0e526..b777e1a 100644 --- a/scaleout/stackn/templates/studio-settings-configmap.yaml +++ b/scaleout/stackn/templates/studio-settings-configmap.yaml @@ -65,6 +65,7 @@ data: 'rest_framework.authtoken', 'api', 'apps', + "crispy_forms", 'deployments', 'monitor', 'models', @@ -141,6 +142,8 @@ data: WSGI_APPLICATION = 'studio.wsgi.application' ASGI_APPLICATION = 'studio.asgi.application' + # Django Crispy Forms + django-crispy-forms # Database # https://docs.djangoproject.com/en/2.2/ref/settings/#databases From 156ce3e0fb19aa3c90de9dab87d85f3473af20a6 Mon Sep 17 00:00:00 2001 From: TechCarmat Date: Fri, 10 Dec 2021 12:40:45 +0100 Subject: [PATCH 05/23] Delete .values-utility-script.sh.swp --- scaleout/stackn/.values-utility-script.sh.swp | Bin 12288 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 scaleout/stackn/.values-utility-script.sh.swp diff --git a/scaleout/stackn/.values-utility-script.sh.swp b/scaleout/stackn/.values-utility-script.sh.swp deleted file mode 100644 index 62cb7ef26763acd62277cde9ddfca59941120078..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12288 zcmeI2L5~zw5XT?fR8S)xIn?$}vb)K4H;aaBfF;?;vaCcf2qs1idDC4p{W9IJJMX=o zae~SLu3WtO1x)lqaPaQUlV>0XZhipk_3IH_T-Yn7X7kVNOxM(_`u(d9ld0jU&-Xro z&16H+<6R*h{P>f6W3VnJza15sG?jGz!pk4SQf8B)F7f4I;`@*=wV5ojZe5xc(m4C< zwRMz8r&C$BXyewYQn`6-Gou=p*y0uG`7#q=0tXRj-6-BXe)EIV8>f88aNfC(@GCcp$3hDQ^h4_W^ zGpQoIPdY*R^|%oCNh8t{>G3fk9+4iB?vQp#mq>rmS@%eHNi$M+_G`$FOJ)L0fC(@G zCcp%k025#Wha`YmQA2dG)))z4F^5<|WYhEWx;61+)5ck?M{0Z_9b{!|9hzI=jdUDA zk~*xKQaZF@gVqN-Q6$srP?g3dSvP76E zS9GCrSWoE#2I+X1N~7e^@BRL}%B{g_r7}}fBT1+mzJ;N*c;-X;#~FxoSoun?tWk-( zsL}Xj6byYD=s(mQ9mCaYH+Ig#3_)7kR!DV72a5whS&${wlh3Ig+8`zjIY^!NNm_&S z6-NZ%Ul3l%T4PW<`0U2^M^`lDbtQ?zOqC@J@hl9g`7PBXnxyLJ1#?0;wN;Th&xZzU zs(Ea1Dyt?ATg<_UaQb%Bpw5*ZLrCt=%xNb&m&PVZ67@v}(|lOS@7q$jZ`%|1tI=K3 z&Y13F`+a_{#NOx5KK#ZRnK`1f_bJHSptXJg_NS!XP~VoOp&QZcke8|fL+jcIV|27C z-u;n}ayEhZQk3HqB3QY4eQRsuwryx-dv$PnU9LwEt(|KOB?9^7#@F9 Date: Fri, 10 Dec 2021 15:40:29 +0100 Subject: [PATCH 06/23] Formatting and updating studio configmap --- .../templates/studio-settings-configmap.yaml | 123 ++++++++++-------- 1 file changed, 67 insertions(+), 56 deletions(-) diff --git a/scaleout/stackn/templates/studio-settings-configmap.yaml b/scaleout/stackn/templates/studio-settings-configmap.yaml index b777e1a..c64fedf 100644 --- a/scaleout/stackn/templates/studio-settings-configmap.yaml +++ b/scaleout/stackn/templates/studio-settings-configmap.yaml @@ -18,9 +18,9 @@ data: import os - - AUTHENTICATION_BACKENDS = [ + 'social_core.backends.github.GithubOAuth2', + 'social_core.backends.google.GoogleOAuth2', 'django.contrib.auth.backends.ModelBackend', ] @@ -28,6 +28,9 @@ data: BASE_DIR = os.path.dirname(os.path.abspath(__file__)) REPO_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) + # Crispy Forms + CRISPY_TEMPLATE_PACK="bootstrap4" + DOMAIN = {{ .Values.domain | quote }} STUDIO_HOST = "https://{{ .Values.domain }}" # Quick-start development settings - unsuitable for production @@ -52,44 +55,49 @@ data: # Application definition - INSTALLED_APPS = [ + # Application definition + DEFAULT_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', - 'django_filters', + ] + + THIRD_PARTY_APPS = [ + # add apps which you install using pip + "crispy_forms", 'corsheaders', + 'django_celery_beat', + 'django_filters', + 'oauth2_provider', 'rest_framework', 'rest_framework.authtoken', + 'social_django', + 'tagulous', + ] + + LOCAL_APPS =[ + # add local apps which you create using startapp 'api', 'apps', - "crispy_forms", + 'common', 'deployments', 'monitor', 'models', 'projects', 'portal', - 'register', - 'tagulous', - 'django_celery_beat', - 'oauth2_provider', ] + # # Application definition + INSTALLED_APPS = DEFAULT_APPS + THIRD_PARTY_APPS + LOCAL_APPS + OAUTH2_PROVIDER = { # this is the list of available scopes 'SCOPES': {'read': 'Read scope', 'write': 'Write scope', 'groups': 'Access to your groups'} } - REST_FRAMEWORK = { - 'DEFAULT_AUTHENTICATION_CLASSES': [ - 'rest_framework.authentication.TokenAuthentication', - #'rest_framework.permissions.IsAuthenticated', - 'oauth2_provider.contrib.rest_framework.OAuth2Authentication', - ], - } - MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', @@ -99,10 +107,31 @@ data: 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'corsheaders.middleware.CorsMiddleware', + 'social_django.middleware.SocialAuthExceptionMiddleware', # Add ] + REST_FRAMEWORK = { + 'DEFAULT_AUTHENTICATION_CLASSES': [ + 'rest_framework.authentication.TokenAuthentication', + #'rest_framework.permissions.IsAuthenticated', + 'oauth2_provider.contrib.rest_framework.OAuth2Authentication', + ], + } + + # Main Url conf for loading all the routing path in Studio ROOT_URLCONF = 'studio.urls' + # IMPORTANT: Must be encrypted as secrets in K8S + # Github + SOCIAL_AUTH_GITHUB_KEY = 'to-be-fetched-from-k8s-secrets' + SOCIAL_AUTH_GITHUB_SECRET = 'to-be-fetched-from-k8s-secrets' + SOCIAL_AUTH_GITHUB_SCOPE = ['user:email'] # Ask for the user's email + + # Google + SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = 'to-be-fetched-from-k8s-secrets' + SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = 'to-be-fetched-from-k8s-secrets' + SOCIAL_AUTH_GOOGLE_OAUTH2_SCOPE = ['user:email'] # Ask for the user's email + # Tagulous serialization settings SERIALIZATION_MODULES = { 'xml': 'tagulous.serializers.xml_serializer', @@ -114,6 +143,7 @@ data: STATICFILES_FINDERS = ( 'django.contrib.staticfiles.finders.FileSystemFinder', 'django.contrib.staticfiles.finders.AppDirectoriesFinder', + # other finders 'compressor.finders.CompressorFinder', ) @@ -126,7 +156,7 @@ data: TEMPLATES = [ { 'BACKEND': 'django.template.backends.django.DjangoTemplates', - 'DIRS': [os.path.join(REPO_DIR, 'templates')], + 'DIRS': [os.path.join(REPO_DIR, 'templates'), os.path.join(REPO_DIR, 'common/templates')], 'APP_DIRS': True, 'OPTIONS': { 'context_processors': [ @@ -134,16 +164,18 @@ data: 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', + 'social_django.context_processors.backends', # Add + 'social_django.context_processors.login_redirect', # Add ], + 'libraries': { + 'custom_tags': 'models.templatetags.custom_tags', + } }, }, ] WSGI_APPLICATION = 'studio.wsgi.application' ASGI_APPLICATION = 'studio.asgi.application' - - # Django Crispy Forms - django-crispy-forms # Database # https://docs.djangoproject.com/en/2.2/ref/settings/#databases @@ -179,53 +211,31 @@ data: # Internationalization # https://docs.djangoproject.com/en/2.2/topics/i18n/ - LANGUAGE_CODE = 'en-us' - TIME_ZONE = 'UTC' - USE_I18N = True - USE_L10N = True - USE_TZ = True # Static files (CSS, JavaScript, Images) # https://docs.djangoproject.com/en/2.2/howto/static-files/ - STATICFILES_DIRS = [os.path.join(BASE_DIR, 'static'), ] - STATIC_URL = '/static/' STATIC_ROOT = os.path.join(REPO_DIR, 'static/') - + # Media Files for Studio apps MEDIA_URL = '/media/' MEDIA_ROOT = '/media/' - import socket - - # TODO remove after refactor - #API_HOSTNAME = 'localhost' - #API_PORT = 8080 - - #GIT_REPOS_ROOT = os.path.join(REPO_DIR, 'repos') - #GIT_REPOS_URL = '/repos/' - - #LOKI_SVC = 'http://{{ .Release.Name }}-loki:3100' - #PROMETHEUS_SVC = 'http://{{ .Release.Name }}-prometheus-server' - #CHART_CONTROLLER_URL = 'http://{{ .Release.Name }}-chart-controller' - - REGISTRY_SVC = '{{ .Release.Name }}-docker-registry' - STUDIO_URL = 'http://{{ .Release.Name }}-studio:8080' - - try: - from .settings_local import * - except ImportError as e: - pass + # Related to user registration and authetication workflow + LOGIN_REDIRECT_URL = '/' + LOGIN_URL = 'login' + LOGOUT_URL = 'logout' + # Specific to Studio stack: + # Redis settings REDIS_PORT = 6379 REDIS_DB = 0 REDIS_HOST = os.environ.get('REDIS_PORT_6379_TCP_ADDR', '{{ .Release.Name }}-redis') - CHANNEL_LAYERS = { 'default': { 'BACKEND': 'channels_redis.core.RedisChannelLayer', @@ -234,7 +244,7 @@ data: }, }, } - + # Celery settings CELERY_BROKER_URL = 'amqp://{{ include "stackn.rabbit.username" . }}:{}@{{ .Release.Name }}-rabbit:5672//'.format(os.environ.get("RABBITMQ_DEFAULT_PASS")) CELERY_RESULT_BACKEND = 'redis://%s:%d/%d' % (REDIS_HOST, REDIS_PORT, REDIS_DB) CELERY_TASK_SERIALIZER = 'json' @@ -243,11 +253,12 @@ data: CELERY_TIMEZONE = "UTC" CELERY_ENABLE_UTC = True + # Other Helm/k8s deployment settings + #CHART_CONTROLLER_URL = 'http://{{ .Release.Name }}-chart-controller' EXTERNAL_KUBECONF = True NAMESPACE = {{ .Values.namespace | default "default" | quote }} + #PROMETHEUS_SVC = 'http://{{ .Release.Name }}-prometheus-server' + REGISTRY_SVC = '{{ .Release.Name }}-docker-registry' STORAGECLASS = {{ .Values.storageClassName | default "aws-efs" | quote }} - - try: - from .settings_local import * - except ImportError as e: - pass + STUDIO_URL = 'http://{{ .Release.Name }}-studio:8080' + \ No newline at end of file From b29449406e9bcddd9d094899a9d0e34624716c2f Mon Sep 17 00:00:00 2001 From: TechCarmat Date: Thu, 17 Feb 2022 11:23:13 +0100 Subject: [PATCH 07/23] Update chart-controller-secret.yaml --- scaleout/stackn/templates/chart-controller-secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scaleout/stackn/templates/chart-controller-secret.yaml b/scaleout/stackn/templates/chart-controller-secret.yaml index e739306..34fc848 100644 --- a/scaleout/stackn/templates/chart-controller-secret.yaml +++ b/scaleout/stackn/templates/chart-controller-secret.yaml @@ -5,5 +5,5 @@ metadata: name: {{ .Release.Name }}-chart-controller-secret type: Opaque data: - config: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIGNlcnRpZmljYXRlLWF1dGhvcml0eS1kYXRhOiBMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VSRWVrTkRRV1psWjBGM1NVSkJaMGxWUTIxSGJESlRkMEkwZURZMWNGZDViWEEwTkVseGNXaEZWbVpqZDBSUldVcExiMXBKYUhaalRrRlJSVXdLUWxGQmQwWjZSVlpOUWsxSFFURlZSVUYzZDAxTlZFRjFUVlJWZVV4cVJUUk5lVFI0VFVJMFdFUlVTWGhOVkVWNVRXcEJORTE2U1hkT2JHOVlSRlJOZUFwTlZFVjVUVVJCTkUxNlNYZE9iRzkzUm5wRlZrMUNUVWRCTVZWRlFYZDNUVTFVUVhWTlZGVjVUR3BGTkUxNU5IaE5TVWxDU1dwQlRrSm5hM0ZvYTJsSENqbDNNRUpCVVVWR1FVRlBRMEZST0VGTlNVbENRMmRMUTBGUlJVRnhRVzVYUm1FNWVHSldVSEJVUm5Gb1RtSkZRa05IT1RoUFpHSlhaWEJ3TTBkREsxQUtUa2hRYnpGUWVsaG5NMFZrYWpkbVkwTlFSRzFRUlZsd2FVc3ZZVWh6VW1oUFkxQXpaME12UVc4eVIyeFNOR0oyVTB0bFlrWjRTbEZyYTNCNGNFazJVQXBtVG1reWRrOVlaa1V6T1ZsRGNqbE9ibmN4ZW1WcFdqTTBkMmROUm1sMFpVSnRiMlV3WkRKMlVtdHFVekZhTVRsdk5VeG1lRVJ0YzIxbVJYWk5ZbWR0Q25jNUswSkVPRW8xVm1VcllXNW1lVUVyYjFrdlZFMUJWbGhUTXprck1FMURhVzFuVDJaUFNpdGliMnc0WlRSRFlsWkxWRUZFT1dwcVNGVkRRamR5T0VrS1JGTllkMmhNTWpscWFIb3ZPREZ5VDA5aU9YRmFOV1pqYVVwRE1EVmFRemRtYzJJM01XaHBhR3hrVkhZMlVVMTFURk5MWWpWblVWTllNMkYxT1ZwUmJncDRSR00yV0Uxc1JtWXhVRU5vTDFjMFpIRjNaalJFYVZjMGN6bDRiR2h5YVhRM09IQnRhR3BLYUhCMU5FUnBhRFpJZDBsRVFWRkJRbTh4VFhkVlZFRmtDa0puVGxaSVVUUkZSbWRSVlVSalJsbzRaMkpwYjJ0eE1rdGxaRFp3VTNsS1drOTRhVTl0WjNkSWQxbEVWbEl3YWtKQ1ozZEdiMEZWUkdOR1dqaG5ZbWtLYjJ0eE1rdGxaRFp3VTNsS1drOTRhVTl0WjNkRWQxbEVWbEl3VkVGUlNDOUNRVlYzUVhkRlFpOTZRVTVDWjJ0eGFHdHBSemwzTUVKQlVYTkdRVUZQUXdwQlVVVkJibTVPT1Vzck5rTmtSMjVTVlZneVlUazFjMVpTWkZreVVpOXlaMVl4ZUhCa1pXWTFNVFlyVkVOTk5tWkRiVVZHYVZSV1dHOUhjME0zZGtoM0NucFZWazVTYTNaUVNYVmpWUzlFZVZCaWIycHhSVkpYYjJsclduUlVZMDFwVlZOaWVUZGFSM294YjA1WVoycHBTUzlsTkRsQ04yWmlVMDVtUTI5dlJ6a0tjazU1TURKUlFYbHRUWHByTmpOQ1YxSk1ZbEpJZVRkeE4yWnNXRlJRVVhaWGJteHBZMk5tVWpCdmVFVlZUMGRLZVhwbVNEWXZSeXRVZGtSaVRHMHdid3BHVEN0NVVIWnNPREIxYzBWcU1taEZaM2ROVDB3M09VOTJSbkIxYUdOMGRHNXFjM0UxWTBsdFZFRldZVlY2T0doS1JqRXJObkJVWlRSbkt6ZHBVSGxHQ25GRWJHOHdhWEZQTVdNNWJFdGlVVFZVVHl0SU5EVkdORVZUVWpONE5WUmlkbVUxUmpCWFUwZEthakJ0U0d3MUwwaEJhM1JtYVRoWFNtSmxSSEJKWm5JS1FpdFZNVTFrUmxkdlpVazRNMkZ1TkZjNGNuTXdRMHg1UVVFOVBRb3RMUzB0TFVWT1JDQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENnPT0KICAgIHNlcnZlcjogaHR0cHM6Ly8xOTIuMTY4LjAuMzI6MTY0NDMKICBuYW1lOiBtaWNyb2s4cy1jbHVzdGVyCmNvbnRleHRzOgotIGNvbnRleHQ6CiAgICBjbHVzdGVyOiBtaWNyb2s4cy1jbHVzdGVyCiAgICB1c2VyOiBhZG1pbgogIG5hbWU6IG1pY3JvazhzCmN1cnJlbnQtY29udGV4dDogbWljcm9rOHMKa2luZDogQ29uZmlnCnByZWZlcmVuY2VzOiB7fQp1c2VyczoKLSBuYW1lOiBhZG1pbgogIHVzZXI6CiAgICB0b2tlbjogYzBoMFRsVnlNRzVYUjFBcmMxVnFaek0xZWtkR1IzbE5jWGRXU0hFd1YwdHJUV1ZNVlZsa1VtVndPRDBLCg== + config: {{- end }} From 701487926d9dbd63599fd0363bf60935208efdfc Mon Sep 17 00:00:00 2001 From: Fredrik Wrede Date: Tue, 7 Jun 2022 17:42:39 +0200 Subject: [PATCH 08/23] update values --- scaleout/stackn/values.yaml | 25 +++++++------------------ 1 file changed, 7 insertions(+), 18 deletions(-) diff --git a/scaleout/stackn/values.yaml b/scaleout/stackn/values.yaml index b19f4df..4157d65 100644 --- a/scaleout/stackn/values.yaml +++ b/scaleout/stackn/values.yaml @@ -10,9 +10,9 @@ #Set global values to overide default global: studio: - superUser: "" + superUser: "" ##these are currently not handled by stackn: default: admin superuserPassword: "" - superuserEmail: "" + superuserEmail: "" ##these are currently not handled by stackn: default: admin@test.com existingSecret: storageClass: &storage_class microk8s-hostpath @@ -27,7 +27,7 @@ studio: debug: true static: replicas: 1 - image: ghcr.io/morganekmefjord/stackn/ingress:master #This image can be built from Dockerfile.nginx inside stackn/components/studio (https://github.com/scaleoutsystems/stackn) + image: ghcr.io/scaleoutsystems/stackn/ingress:develop resources: limits: cpu: 1 @@ -36,7 +36,7 @@ studio: cpu: "100m" memory: "256Mi" image: #tell which image to deploy for studio - repository: scaleoutsystems/carmat-dev:revamp #This image can be built from Dockerfile inside stackn/components/studio (https://github.com/scaleoutsystems/stackn) + repository: ghcr.io/scaleoutsystems/stackn/studio:develop #This image can be built from Dockerfile inside stackn/components/studio (https://github.com/scaleoutsystems/stackn) pullPolicy: Always # used to ensure that each time we redeploy always pull the latest image resources: limits: @@ -59,11 +59,10 @@ studio: # Enable ingress if you want your to access the studio solution from a kubernetes host/localhost. domain: studio. +auth_domain: studio. +session_cookie_domain: . ingress: enabled: true - image: #tell which image to deploy for studio - repository: ghcr.io/morganekmefjord/stackn/ingress:master #This image can be built from Dockerfile.nginx inside stackn/components/studio (https://github.com/scaleoutsystems/stackn) - pullPolicy: Always annotations: {} hosts: - host: studio. @@ -89,7 +88,7 @@ postgresql: port: 5432 persistence: enabled: true - size: "20Gi" + size: "10Gi" storageClass: *storage_class accessModes: - ReadWriteMany @@ -122,16 +121,6 @@ rabbit: username: admin password: "" -reloader: - enabled: true - namespace: default - reloader: - watchGlobally: false - -labs: - ingress: - secretName: prod-ingress - chartcontroller: enabled: false #addSecret -- if true create chart-controller-secret from cluster_config, if false it must be added manually From a20de387ecef1cd83047fd09029581575b0c9401 Mon Sep 17 00:00:00 2001 From: Fredrik Wrede Date: Fri, 10 Jun 2022 13:28:03 +0200 Subject: [PATCH 09/23] update charts --- .../templates/celery-beat-deployment.yaml | 2 +- .../templates/celery-worker-deployment.yaml | 6 +- scaleout/stackn/templates/nginx-conf.yaml | 52 ++++++-- .../stackn/templates/studio-deployment.yaml | 8 +- .../templates/studio-settings-configmap.yaml | 114 +++++++++++------- scaleout/stackn/values-utility-script.sh | 2 +- scaleout/stackn/values.yaml | 20 +-- 7 files changed, 136 insertions(+), 68 deletions(-) mode change 100644 => 100755 scaleout/stackn/values-utility-script.sh diff --git a/scaleout/stackn/templates/celery-beat-deployment.yaml b/scaleout/stackn/templates/celery-beat-deployment.yaml index 49b1322..5f3aed5 100644 --- a/scaleout/stackn/templates/celery-beat-deployment.yaml +++ b/scaleout/stackn/templates/celery-beat-deployment.yaml @@ -55,7 +55,7 @@ spec: - name: BASE_PATH value: "/app" - name: KUBECONFIG - value: "/app/chartcontroller/kubeconfig/config" + value: {{ .Values.studio.kubeconfig_file | quote }} - name: GET_HOSTS_FROM value: dns - name: POSTGRES_DB diff --git a/scaleout/stackn/templates/celery-worker-deployment.yaml b/scaleout/stackn/templates/celery-worker-deployment.yaml index 21a7052..a0494a3 100644 --- a/scaleout/stackn/templates/celery-worker-deployment.yaml +++ b/scaleout/stackn/templates/celery-worker-deployment.yaml @@ -65,7 +65,7 @@ spec: name: {{ include "stackn.secretName" . }} key: rabbit-password - name: KUBECONFIG - value: "/app/chartcontroller/kubeconfig/config" + value: {{ .Values.studio.kubeconfig_file | quote }} image: {{ .Values.studio.image.repository }} imagePullPolicy: Always name: {{ .Release.Name }}-celery-worker @@ -78,13 +78,13 @@ spec: memory: {{ .Values.celeryWorkers.resources.requests.memory }} volumeMounts: - name: config - mountPath: "/app/chartcontroller/kubeconfig/" + mountPath: {{ .Values.studio.kubeconfig_dir | quote }} readOnly: true - mountPath: /app/studio/settings.py subPath: settings.py name: {{ .Release.Name}}-settings-configmap - name: mediavol - mountPath: /media + mountPath: {{ .Values.studio.media.mount_path }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/scaleout/stackn/templates/nginx-conf.yaml b/scaleout/stackn/templates/nginx-conf.yaml index 332a82e..dee66d5 100644 --- a/scaleout/stackn/templates/nginx-conf.yaml +++ b/scaleout/stackn/templates/nginx-conf.yaml @@ -6,17 +6,51 @@ metadata: data: # Configuration values can be set as key-value properties nginx.conf: |- - worker_processes 4; - events { worker_connections 512; } + user nginx; + worker_processes 1; + + error_log /var/log/nginx/error.log warn; + pid /var/run/nginx.pid; + + events { + worker_connections 1024; + } + http { - include /etc/nginx/mime.types; + include /etc/nginx/mime.types; + default_type application/octet-stream; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + access_log /var/log/nginx/access.log main; + sendfile on; + #tcp_nopush on; + keepalive_timeout 65; + + #gzip on; + + upstream django { + server {{ .Release.Name }}-{{ .Values.studio.servicename }}:8080; + } + + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + server { - listen 8081; + listen 80 default_server; + listen [::]:80 default_server; + + server_name _; + client_max_body_size 0; + location / { + proxy_pass http://django; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; - client_max_body_size 0; - large_client_header_buffers 4 128k; - location / { - } + } } - } \ No newline at end of file + } diff --git a/scaleout/stackn/templates/studio-deployment.yaml b/scaleout/stackn/templates/studio-deployment.yaml index b6a7d7f..0ecf899 100644 --- a/scaleout/stackn/templates/studio-deployment.yaml +++ b/scaleout/stackn/templates/studio-deployment.yaml @@ -40,6 +40,8 @@ spec: - name: DEBUG value: "true" {{ end }} + - name: INIT + value: {{ .Values.studio.init | quote }} - name: DJANGO_SUPERUSER value: {{ include "stackn.studio.superuser" . }} - name: DJANGO_SUPERUSER_EMAIL @@ -62,19 +64,19 @@ spec: name: {{ include "stackn.secretName" . }} key: rabbit-password - name: KUBECONFIG - value: "/app/chartcontroller/kubeconfig/config" + value: {{ .Values.studio.kubeconfig_file | quote }} image: {{ .Values.studio.image.repository }} imagePullPolicy: Always name: {{ .Release.Name }}-studio volumeMounts: - name: kubeconfig - mountPath: "/app/chartcontroller/kubeconfig/" + mountPath: {{ .Values.studio.kubeconfig_dir | quote }} readOnly: true - mountPath: /app/studio/settings.py subPath: settings.py name: {{ .Release.Name}}-settings-configmap - name: mediavol - mountPath: /media + mountPath: {{ .Values.studio.media.mount_path }} resources: limits: cpu: {{ .Values.studio.resources.limits.cpu }} diff --git a/scaleout/stackn/templates/studio-settings-configmap.yaml b/scaleout/stackn/templates/studio-settings-configmap.yaml index c64fedf..9502161 100644 --- a/scaleout/stackn/templates/studio-settings-configmap.yaml +++ b/scaleout/stackn/templates/studio-settings-configmap.yaml @@ -17,22 +17,21 @@ data: """ import os + import sys AUTHENTICATION_BACKENDS = [ - 'social_core.backends.github.GithubOAuth2', - 'social_core.backends.google.GoogleOAuth2', - 'django.contrib.auth.backends.ModelBackend', + 'social_core.backends.github.GithubOAuth2', + 'social_core.backends.google.GoogleOAuth2', + 'django.contrib.auth.backends.ModelBackend', + 'guardian.backends.ObjectPermissionBackend', ] # Build paths inside the project like this: os.path.join(BASE_DIR, ...) - BASE_DIR = os.path.dirname(os.path.abspath(__file__)) - REPO_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) + BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) # Crispy Forms CRISPY_TEMPLATE_PACK="bootstrap4" - DOMAIN = {{ .Values.domain | quote }} - STUDIO_HOST = "https://{{ .Values.domain }}" # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/2.2/howto/deployment/checklist/ @@ -66,28 +65,30 @@ data: ] THIRD_PARTY_APPS = [ - # add apps which you install using pip - "crispy_forms", - 'corsheaders', - 'django_celery_beat', - 'django_filters', - 'oauth2_provider', - 'rest_framework', - 'rest_framework.authtoken', - 'social_django', - 'tagulous', + # add apps which you install using pip + "crispy_forms", + 'corsheaders', + 'django_celery_beat', + 'django_extensions', # for executing runscript among others + 'django_filters', + 'oauth2_provider', + 'rest_framework', + 'rest_framework.authtoken', + 'social_django', + 'tagulous', + 'guardian', ] - LOCAL_APPS =[ - # add local apps which you create using startapp - 'api', - 'apps', - 'common', - 'deployments', - 'monitor', - 'models', - 'projects', - 'portal', + LOCAL_APPS = [ + # add local apps which you create using startapp + 'api', + 'apps', + 'common', + 'deployments', + 'monitor', + 'models', + 'projects', + 'portal', ] # # Application definition @@ -118,6 +119,10 @@ data: ], } + # Django guardian 403 templates + GUARDIAN_RENDER_403 = True + GUARDIAN_TEMPLATE_403 = '403.html' + # Main Url conf for loading all the routing path in Studio ROOT_URLCONF = 'studio.urls' @@ -156,7 +161,7 @@ data: TEMPLATES = [ { 'BACKEND': 'django.template.backends.django.DjangoTemplates', - 'DIRS': [os.path.join(REPO_DIR, 'templates'), os.path.join(REPO_DIR, 'common/templates')], + 'DIRS': [os.path.join(BASE_DIR, 'templates'), os.path.join(BASE_DIR, 'common/templates')], 'APP_DIRS': True, 'OPTIONS': { 'context_processors': [ @@ -219,31 +224,32 @@ data: # Static files (CSS, JavaScript, Images) # https://docs.djangoproject.com/en/2.2/howto/static-files/ - STATICFILES_DIRS = [os.path.join(BASE_DIR, 'static'), ] + #STATICFILES_DIRS = [os.path.join(BASE_DIR, 'static'), ] STATIC_URL = '/static/' - STATIC_ROOT = os.path.join(REPO_DIR, 'static/') + STATIC_ROOT = os.path.join(BASE_DIR, 'static/') # Media Files for Studio apps - MEDIA_URL = '/media/' - MEDIA_ROOT = '/media/' + MEDIA_URL = {{ .Values.studio.media.mount_path | quote }} + MEDIA_ROOT = {{ .Values.studio.media.mount_path | quote }} # Related to user registration and authetication workflow LOGIN_REDIRECT_URL = '/' LOGIN_URL = 'login' LOGOUT_URL = 'logout' + INACTIVE_USERS = False # Specific to Studio stack: # Redis settings REDIS_PORT = 6379 REDIS_DB = 0 REDIS_HOST = os.environ.get('REDIS_PORT_6379_TCP_ADDR', '{{ .Release.Name }}-redis') - CHANNEL_LAYERS = { - 'default': { - 'BACKEND': 'channels_redis.core.RedisChannelLayer', - 'CONFIG': { - 'hosts': [(REDIS_HOST, REDIS_PORT),], - }, - }, - } + #CHANNEL_LAYERS = { + # 'default': { + # 'BACKEND': 'channels_redis.core.RedisChannelLayer', + # 'CONFIG': { + # 'hosts': [(REDIS_HOST, REDIS_PORT),], + # }, + # }, + #} # Celery settings CELERY_BROKER_URL = 'amqp://{{ include "stackn.rabbit.username" . }}:{}@{{ .Release.Name }}-rabbit:5672//'.format(os.environ.get("RABBITMQ_DEFAULT_PASS")) CELERY_RESULT_BACKEND = 'redis://%s:%d/%d' % (REDIS_HOST, REDIS_PORT, REDIS_DB) @@ -252,13 +258,35 @@ data: CELERY_ACCEPT_CONTENT = ['json'] CELERY_TIMEZONE = "UTC" CELERY_ENABLE_UTC = True + # For Model Objects creation (check models/models.py, pre_save_model() ) + VERSION_BACKEND = 'studio.version.Version' # Other Helm/k8s deployment settings - #CHART_CONTROLLER_URL = 'http://{{ .Release.Name }}-chart-controller' + CHART_CONTROLLER_URL = 'http://{{ .Release.Name }}-chart-controller' #Not used + CHART_FOLDER = "/app/charts/apps" EXTERNAL_KUBECONF = True + KUBECONFIG = {{ .Values.studio.kubeconfig_file | quote }} NAMESPACE = {{ .Values.namespace | default "default" | quote }} #PROMETHEUS_SVC = 'http://{{ .Release.Name }}-prometheus-server' REGISTRY_SVC = '{{ .Release.Name }}-docker-registry' - STORAGECLASS = {{ .Values.storageClassName | default "aws-efs" | quote }} - STUDIO_URL = 'http://{{ .Release.Name }}-studio:8080' + STORAGECLASS = {{ .Values.storageClassName | default "microk8s-hostpath" | quote }} + + # Local dependecies Models + PROJECTS_MODEL = 'projects.Project' + APPINSTANCE_MODEL = 'apps.AppInstance' + APPS_MODEL = 'apps.Apps' + APPCATEGORIES_MODEL = 'apps.AppCategories' + MODELS_MODEL = 'models.Model' + + # App statuses + APPS_STATUS_SUCCESS = ['Running', 'Succeeded', 'Success'] + APPS_STATUS_WARNING = ['Pending', 'Installed', + 'Waiting', 'Installing', 'Created'] + + DOMAIN = {{ .Values.domain | quote }} + AUTH_DOMAIN = {{ .Values.auth_domain | quote }} + AUTH_PROTOCOL = 'http' + STUDIO_URL = 'http://{{ .Values.domain }}:8080' + # To enable sticky sessions for k8s ingress + SESSION_COOKIE_DOMAIN = {{ .Values.session_cookie_domain | quote }} \ No newline at end of file diff --git a/scaleout/stackn/values-utility-script.sh b/scaleout/stackn/values-utility-script.sh old mode 100644 new mode 100755 index abebaf1..f0cc445 --- a/scaleout/stackn/values-utility-script.sh +++ b/scaleout/stackn/values-utility-script.sh @@ -19,7 +19,7 @@ echo "Your current IP address is: $my_ip" # Replace field with extracted IP adress in values.yaml file echo "Replacing $my_ip inside the values.yaml file..." echo "Appending nip.io wildcardars..." -sed -i "s//$my_ip.nip.io/g" ./my-revamp-values.yaml +sed -i "s//$my_ip.nip.io/g" ./values.yaml echo "Your current STACKn domain will be: $my_ip.nip.io" diff --git a/scaleout/stackn/values.yaml b/scaleout/stackn/values.yaml index 4157d65..5362833 100644 --- a/scaleout/stackn/values.yaml +++ b/scaleout/stackn/values.yaml @@ -25,6 +25,9 @@ studio: servicename: studio replicas: 1 debug: true + init: true + kubeconfig_file: /app/chartcontroller/kubeconfig/config + kubeconfig_dir: /app/chartcontroller/kubeconfig/ static: replicas: 1 image: ghcr.io/scaleoutsystems/stackn/ingress:develop @@ -53,24 +56,25 @@ studio: storageClassName: *storage_class size: "5Gi" accessModes: ReadWriteMany + mount_path: /app/media/ superUser: admin superuserPassword: "" superuserEmail: admin@test.com # Enable ingress if you want your to access the studio solution from a kubernetes host/localhost. -domain: studio. -auth_domain: studio. -session_cookie_domain: . +domain: studio.127.0.0.1.nip.io +auth_domain: stackn-studio.default.svc.cluster.local +session_cookie_domain: .127.0.0.1.nip.io ingress: enabled: true annotations: {} hosts: - - host: studio. + - host: studio.127.0.0.1.nip.io # setup TLS if you have a platform certificate or use 'tls-acme' if you have certbot deployed and want to generate a certificate. tls: - secretName: prod-ingress hosts: - - studio. + - studio.127.0.0.1.nip.io ### A Postgres database for STACKn ### # Here we use https://charts.bitnami.com/bitnami postgresql chart @@ -79,10 +83,10 @@ ingress: postgresql: enabled: true postgresqlUsername: stackn - postgresqlPassword: stackn - postgresqlPostgresPassword: stackn #NOTE! To be changed in production! + postgresqlPassword: "" + postgresqlPostgresPassword: "" postgresqlDatabase: stackn - existingSecret: stackn + existingSecret: fullnameOverride: stackn-studio-postgres service: port: 5432 From 0e6d5bb7aa59cdeb5b47c0880d572bc1edc31d0a Mon Sep 17 00:00:00 2001 From: Fredrik Wrede Date: Fri, 10 Jun 2022 13:29:42 +0200 Subject: [PATCH 10/23] k8s config info --- scaleout/stackn/templates/chart-controller-secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scaleout/stackn/templates/chart-controller-secret.yaml b/scaleout/stackn/templates/chart-controller-secret.yaml index 34fc848..600e397 100644 --- a/scaleout/stackn/templates/chart-controller-secret.yaml +++ b/scaleout/stackn/templates/chart-controller-secret.yaml @@ -5,5 +5,5 @@ metadata: name: {{ .Release.Name }}-chart-controller-secret type: Opaque data: - config: + config: #See values-utility-script.sh {{- end }} From 2fcab5f9b1ef6082332e0102e28eda74485ccc56 Mon Sep 17 00:00:00 2001 From: Fredrik Wrede Date: Fri, 1 Jul 2022 17:42:59 +0200 Subject: [PATCH 11/23] update README.md --- scaleout/stackn/README.md | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/scaleout/stackn/README.md b/scaleout/stackn/README.md index a072fa8..6d40ca0 100644 --- a/scaleout/stackn/README.md +++ b/scaleout/stackn/README.md @@ -41,11 +41,11 @@ kubectl create secret tls prod-ingress --cert fullchain.pem --key privkey.pem | Key | Type | Default | Description | |-----|------|---------|-------------| -| global.existingSecret | string | `""` | | -| global.storageClass | string | `"microk8s-hostpath"` | | -| global.studio.superUser | string | `""` | | -| global.studio.superuserEmail | string | `""` | | -| global.studio.superuserPassword | string | `""` | | +| global.existingSecret | string | `""` | Use existing secret. See basic-secrets.yaml. | +| global.storageClass | string | `"microk8s-hostpath"` | K8s storageClass for PVC. | +| global.studio.superUser | string | `admin` | Django superUser. Obs will always be `admin` until fixed. | +| global.studio.superuserEmail | string | `'admin@test.com'` | Django superUser email. Obs will always be `admin@test.com` until fixed. | +| global.studio.superuserPassword | string | `""` | Django superUser password. If left empty, will generate. | ## Values @@ -70,7 +70,9 @@ kubectl create secret tls prod-ingress --cert fullchain.pem --key privkey.pem | docker-registry.persistence.enabled | bool | `true` | | | docker-registry.persistence.size | string | `"2Gi"` | | | docker-registry.persistence.storageClass | string | `"microk8s-hostpath"` | | -| domain | string | `"studio."` | | +| domain | string | `studio.` | | +| auth_domain | string | `"stackn-studio.default.svc.cluster.local"` | | +| session_cookie_domain | string | `.` | | | existingSecret | string | `""` | | | fixtures | string | `""` | | | grafana."grafana.ini".server.domain | string | `"grafana."` | | @@ -123,8 +125,11 @@ kubectl create secret tls prod-ingress --cert fullchain.pem --key privkey.pem | service.type | string | `"ClusterIP"` | | | storageClassName | string | `"microk8s-hostpath"` | | | studio.debug | bool | `true` | | +| studio.init | bool | `true` | | +| studio.kubeconfig_file | string | `/app/chartcontroller/kubeconfig/config` | | +| studio.kubeconfig_dir | string | `/app/chartcontroller/kubeconfig/` | | | studio.image.pullPolicy | string | `"Always"` | | -| studio.image.repository | string | `"scaleoutsystems/studio:develop"` | | +| studio.image.repository | string | `"ghcr.io/scaleoutsystems/stackn/studio:develop"` | | | studio.media.storage.accessModes | string | `"ReadWriteMany"` | | | studio.media.storage.size | string | `"5Gi"` | | | studio.media.storage.storageClassName | string | `"microk8s-hostpath"` | | @@ -134,7 +139,7 @@ kubectl create secret tls prod-ingress --cert fullchain.pem --key privkey.pem | studio.resources.requests.cpu | string | `"400m"` | | | studio.resources.requests.memory | string | `"2Gi"` | | | studio.servicename | string | `"studio"` | | -| studio.static.image | string | `"scaleoutsystems/ingress:develop"` | | +| studio.static.image | string | `"ghcr.io/scaleoutsystems/stackn/ingress:develop"` | | | studio.static.replicas | int | `1` | | | studio.static.resources.limits.cpu | int | `1` | | | studio.static.resources.limits.memory | string | `"512Mi"` | | @@ -152,4 +157,3 @@ kubectl create secret tls prod-ingress --cert fullchain.pem --key privkey.pem | ---- | ------ | --- | | Morgan Ekmefjord | morgan@scaleoutsystems.com | | | Fredrik Wrede | fredrik@scaleoutsystems.com | | -| Matteo Carone | matteo@scaleoutsystems.com | | From 252d5ff86291c2d565d75c9659c11fa3fb878e19 Mon Sep 17 00:00:00 2001 From: Fredrik Wrede Date: Mon, 4 Jul 2022 12:43:50 +0200 Subject: [PATCH 12/23] update stackn README.md --- scaleout/stackn/README.md | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/scaleout/stackn/README.md b/scaleout/stackn/README.md index a072fa8..edb5b93 100644 --- a/scaleout/stackn/README.md +++ b/scaleout/stackn/README.md @@ -9,27 +9,32 @@ Current chart version is 0.1.0 ## Chart Requirements -| Repository | Name | Version | -|------------|------|---------| -| https://charts.bitnami.com/bitnami | postgresql | 10.4.2 | -| https://charts.bitnami.com/bitnami | postgresql-ha | 7.3.0 | -| https://grafana.github.io/helm-charts | grafana | 6.8.4 | -| https://grafana.github.io/helm-charts | loki-stack | 2.3.1 | -| https://prometheus-community.github.io/helm-charts | prometheus | 13.8.0 | -| https://stakater.github.io/stakater-charts | reloader | v0.0.86 | +| Repository | Name | Version | Optional | +|------------|------|---------|----------| +| https://charts.bitnami.com/bitnami | postgresql | 10.4.2 | No +| https://charts.bitnami.com/bitnami | postgresql-ha | 7.3.0 | Yes +| https://grafana.github.io/helm-charts | grafana | 6.8.4 | Yes +| https://grafana.github.io/helm-charts | loki-stack | 2.3.1 | Yes +| https://prometheus-community.github.io/helm-charts | prometheus | 13.8.0 | Yes +| https://stakater.github.io/stakater-charts | reloader | v0.0.86 | No ## Configuration -You will need to change some of the default values: +By default STACKn has been configured with a dns wildcard domain for localhost. To change this replace all occurences of studio.127.0.0.1.nip.io in values.yaml. Futher, the k8s StorageClass is by default microk8s-hostpath. Change this value in accordance to your k8s cluster. -`` should be replaced with your actual domain name everywhere. +STACKn requires access to manipulate and create recourses in the k8s cluster. Thus, it need the cluster config provided in ./templates/chart-controller-secret.yaml. For example if you are using +microk8s: -`cluster_config` should be updated with the config file for your cluster. You need to have admin access to the namespace in which STACKn is to be deployed. +```bash +# Generate k8s cluster config file - NOTE: we assume that microk8s is already installed and configured +cluster_config=$(microk8s.config | base64 | tr -d '\n') -You might have to update `storageClassName`, `storageClass`, and `namespace`, depending on your cluster setup. +# Replace field in the chart-controller-secret.yaml file with the above create variable +sed -i "s//$cluster_config/g" ./templates/chart-controller-secret.yaml +``` + +All resources will by default be created in the Namescape "default". -## Deploy locally without SSL certificates -For local testing/development set `oidc.verify = false`, this will enable insecure options in STACKn without certificates. ## Deploy an SSL certificate For production you need a domain name with a wildcard SSL certificate. If your domain is your-domain.com, you will need a certificate for *.your-domain.com and *.studio.your-domain.com. Assuming that your certificate is fullchain.pem and your private key privkey.pem, you can create a secret `prod-ingress` containing the certificate with the command: From be5a07faa315e1f82187ed3528b426c609dbda09 Mon Sep 17 00:00:00 2001 From: Fredrik Wrede Date: Tue, 5 Jul 2022 09:35:19 +0200 Subject: [PATCH 13/23] update README.md --- scaleout/stackn/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/scaleout/stackn/README.md b/scaleout/stackn/README.md index edb5b93..27860c4 100644 --- a/scaleout/stackn/README.md +++ b/scaleout/stackn/README.md @@ -140,6 +140,7 @@ kubectl create secret tls prod-ingress --cert fullchain.pem --key privkey.pem | studio.resources.requests.memory | string | `"2Gi"` | | | studio.servicename | string | `"studio"` | | | studio.static.image | string | `"scaleoutsystems/ingress:develop"` | | +| studio.static.pullPolicy | string | `IfNotPresent` | | | studio.static.replicas | int | `1` | | | studio.static.resources.limits.cpu | int | `1` | | | studio.static.resources.limits.memory | string | `"512Mi"` | | From 7eec57a3d41092598b99171fc2bf5d78d5da5837 Mon Sep 17 00:00:00 2001 From: Fredrik Wrede Date: Wed, 6 Jul 2022 14:09:30 +0200 Subject: [PATCH 14/23] update subcharts --- scaleout/stackn/charts/postgresql-10.4.2.tgz | Bin 48566 -> 0 bytes scaleout/stackn/charts/postgresql-11.6.14.tgz | Bin 0 -> 56788 bytes scaleout/stackn/charts/postgresql-ha-7.3.0.tgz | Bin 47150 -> 0 bytes scaleout/stackn/charts/postgresql-ha-9.2.0.tgz | Bin 0 -> 60888 bytes 4 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 scaleout/stackn/charts/postgresql-10.4.2.tgz create mode 100644 scaleout/stackn/charts/postgresql-11.6.14.tgz delete mode 100644 scaleout/stackn/charts/postgresql-ha-7.3.0.tgz create mode 100644 scaleout/stackn/charts/postgresql-ha-9.2.0.tgz diff --git a/scaleout/stackn/charts/postgresql-10.4.2.tgz b/scaleout/stackn/charts/postgresql-10.4.2.tgz deleted file mode 100644 index 1067fe424a37c0f1987c806491a9f8f92c15f77f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 48566 zcmV)PK()UgiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{dmA^BC^|p$uc$+3j-{+fJ^ae>Zg!6>DUQBKGFOzHos-R# zz;2MlxY_6cXvvJ_`?uc@uWs~@ z8JY%vS#R3e+1Yvh@}>HBXJ;q>@9xVNdwx`^(Oq+sb$Di6j(;R3JfU$a^gS4+%V`Y}SKAB+w9X+(Hrgh#4m|?7{V33q?`# zb9cA9yW8Dq`8dL%k3)}O-fMLrL{r=Yk4~pFYymJFQBH&cI}sw{z3pvJG8^v>i3rh@ zbUixVHh;GOu9F73pSz!1KIR@Hkx*HROJPJA^fl`a{_A85PzZGR5A2B!!-47!3cxpA zfGG;m7*BC1fX}$V(-y$S`}4!Mr-MznAz~uy<7qTOoN%Ba;LiewoD4}o#0*gA%SL`>qL+a1%>ZNV_!o+2(VOFpHOuSGoBISa-m3*sCL zzRd;lK5?hYHkpo{pB+`8v$wbNdGE!`ZWNANpYZI4GG7ge(^UGS)k$d7>VW>na1;>zVm5 zsUZIY>U~;s8w=$B&Wjf>3iAK;P9y&xBHg3te%XD|^2r!;(E~m~d#_&i{GB&DcxU(J z4u0hieT;Wsyc(e&Mx&iqdw<*g;fFoXAML%sdoSO-_VBA$J8yn?^IEdPF8Ui94t?Km zjd6$>64>uSdv9lNx3lxAv$J=x`$O;5-+DW5x<9=B;l=A$uV4J|f7|~e6ZnqFng7=) zh%vth1#tfSfA!|&n^*by|N2#<|2;^0_6*(ybcg~tRO=;>DH>yl5JOWeFypOf&!8V* z#PJq{RA3MjBtT3EhZ_@tAPIwC1LA`f(5pu*a~F9cpPPQsGVczXxBw zww?iGLG)lcvwxqVDNai`AbTnopyL$&1<&-?q!t&Hp)o!P5a$x?!1>*hy*2uhqu81b z8lfu7Fg!{nu~dDunxmv}nPRyu(3o$_J}Xc?CDU!!OkF~AlD0SU()ou?p49!OB_f!maB>3yWP6Tu9)?P3UsF*E}@D)2(rP(%NMY0L!- z)fOaHFg%9k`UNCZ952^f9wE7t$o7kucT6DuiEk&frxQ`Xlc?d_vM0K8orsZZByh)$ z_O|WqGu7XOb7jUn&b8f9BOzFf<)F=I3^z0md5l=`r|t7>~zNNEoW9E?9)s*B*>ez_FSq1HoijLFLRB zM3FTSLt1s|D!O(@aS+JAK;UU4c?&j_(6ZYZ)fmG{ys4qslr!a-`t!Yk*vqvkVb*R> zgR|KgkP_-~NQASCawVDkd`*LRiu;&N3Fm5yF1NqoSPM&f6JjP=Q2vOdh~UChfhmnc z5m6GVVLOk*eg1)C)*JD6jK+~{z6iVpfI}%|eM@a4>g1Oyxlt}T>?Vv)a1f|cN_@0; zciQUL0(r4^iLp+ZVc0S&H#B~>r4?kx>QdwWOv|zFh4&_%t-)M#C^5y3BI81}4}2kO~E1hy!|4oJ!pV zAby?T5RyFEw&5)`pjJtNHi`vpOFbvkMMxThPWTXC3mVBqUs5 z)-mU4&P1HXfgn+UJ4riQU3-=`EN7Blh5FPlPMqXIJ5OP(8`-2g~I1U@^MRP$vj$g0gGkVc7RPxoX}W(=?xJ&>f^f8^WqQ(^~1G zE5)JIBIro7BE!g^0sc(5kP^W_00XrvwKMfW&psuWe8MGAu0)`mV^SmY@>TV^LTIR_ zv_AYPGMZVIYtY4`p@$>Ew_%pgl$##-=4i1QoDe3NT`s{Il2&ow;WgWXgu z=Cjb7FdEXBD_KnhOsS81K*KGdqtO;HJf#9(q9_Vx$*&tmgce=_^-xfv{g)h4D0LDx7#68AnqbN2g-qn_Lhc7K#{6PvMCHsyBah}4211(WOQrG55KJH3MZWle(4LL)sv~|$}#h4`B4?3Wf z=!NO*(#bOuB-x`Y@t$xFY{VSvNq*~K*ZcC}fUSX~ zNBf7TN8PFaOi%1^+(8|C#nVv=E)6>)!no+LID`$kZ40Tu|7)}L%sC4&z2kj59rAsa zpkPDk4snE;`YAO>65uiBQcI6bhh=~7xvyM{zmAyT4x?0b>{w(vtK?2$JkkrMd>50s z|4lK@j7rsLB)q3JMrWarinuInv$Sg7OTQ>kr)n*50P4?xI3O6200RlRz{r;~UN)v$ z39kvGp}JMQMvO?=+Il9(-QxKZ2}*=Jp!Cx5ff#=tQSCi-;|HhaRK;wL?a2`l z{tyrw^Lrw?JMhPWH zr*GR|6=Ry661m1wy_wNiuIv!SLjKL1E_5Xp5Ql2#JHbk_@NGHAuqP-hYM50Tkf*N& zwz-f>ZB7|dicp?<2X6lh9F;RtJeCwHA=%`*KRi z%&wm!$SNH5OzqS=W|iR`K|4d-2`KWh-x)DF?WhJjR7^1IhzSbSO62PUHwTc!C{M~G zLo7+sp5687{SKIcv1TLBxl{_Kh|Sc-Lmzky_35RurWqz5NC*lWTU9aMMRLoeIs_i0 zoZAu^6;A5W5u?}YL^e}uLdFw&f27QL6y(3tSOX5RzJW^iY!Hoq9-<7tBq!eHphNE? z^loc}k&w02@rlypOYt*XkFJvZnk4&tAW86cR=x!UOS+#a7rjhQpE6Mt0Rd4rWwDsx zP}p`W1%ui|huV-T8edL^sA~q>p1bzIr%F@Ro2q=Nh0{JQK6lEO(7Ok>9d%=->526C z%WXUtDt|(`NU~KSm6Izlouvj~GpoF`cI z?&YF*{aGPvG-npN*m{-)onX*gfKZjFNkN*0oO8t28h5QWVM8t^l3&xa zWDXpMoJfMZH*1?Y{Ny0qQ1%H>K-D#xgAhcaI18y*=|C6jL7R?7PW1p^V||pOshD&{|2!q( zDdrrFG4BCpjG9Z73w!Mgz%$woDJ&(O8jP!#YKu$uypVph7P0&S++Uoubb! zBV?+&Tx2&Bwx*gSROAP?2#D+PFQ(1%YLM<^iIm;(s~X4fdl z*1zzgUy?G%rbu~xKfv?q`T;JjXU})5Djw+5a(x$%gtq3Eyg=hzwdC`K{;DgT<0-w) zXfcWzxt7dorJ_>FOs?EI9Ls%@q-TVLT=tY$+DMNr^+BJkZgz|g@Xg$ijweH;QTT}j z`hvgZToi+!=$avL?9tHYhE05>qiXS^ZVBal8Z+c!Wru>W2up zvH{B}*7nMz&_(mXtT27bEDA537&+N}u=auO6Iffu^bO>g9{QR@SIW z9lBE=OV!`p@YqRzLXrO#1t|0|Q>*fsE$8CFYuXnjoMI~TPKbr%8WN6e-u5#Iu_N)3 z2&aZc7Q>#wzHfG9D4YTE<;tvh-Fb6jE}^GrrZggRwbO+o*+(_^)B%Mxr|Bj~^v<&t zIcBMmQl26%5#$_F@=anvLpgcYNE8cMZL~W>gFs51z(MP{pC~5ChZI@;!eK%GYuq?{ z9_GB`Tw0XeJbM9+{f^l+v(AVxe1n2u`x(PrFye`h0W+dZ^~rY0UTcetCMOuSwM9 zznG{)>)%Xcg!35xzEPs88r4*59<$^`cU#rq+b?%tZz@zRKnLY&plKoZPXqGB>sK!~ zwhjv;EC_I*whx$bm|%2G^t#eY>?(Tc47*B=EsSv2 zloBk)>Mvz`1_(lY17aGDtU-wU#?%t1fvNM8ba<1woxitF%@5Nyu9Tezym|8m((#hJ zZMC^b%n;0cQClP$>GhQZ8HZG=hhzj-MO&4mQ-s5nTD7hcWmh(;?MAAQlr5!4LSqV_npkJ!!frornV(%Z;F8Ui6%sIiMk{NhWJ+tqykIkLZIGWmgX59C^4-eVE9-mEe|NL~!<08>QSDB;0O96^Hi1c|#e0>8ZUbcd(|JFb;w(2x*}yWtRnn>+1}T#TIxIO1ZX+NMNO{ zV%7!N7)N_@VD^6#gw}j`3kWgUyNK8tv%^W;9ji)As zG{n&VsA!fL5?GZW!Hma4jo0(%Ej=?ccK_{;+{@~f^_2S9m{E4%93%f%Mg)Ezs-;y< z=pOv=j#Q~T90#gfYP9TjMD_^@Prqoj_rNLVX~xUeH?kdc#S=8d0Z;OjHAD}lGpS4{ zE!tGFnsOZZNZ^5xJEid~_b^v))kbk3WutnGA-G!Tx%;Jf+gEQ3Bjq8Zfijun1{}v? z`0+>UapE?d@$#%pdv z26g*WN>Sa;ZZT`mZPoVqx8Kc(Tk7TISCsNP2R&HRWOb@N@|mN9;+QXDX>A&BQ0W$C z=~m`bfwQ;F<)|)FWR+xPwra6jj){1#EZ&n1x2dD$er~MzTFK_T!%(w9FFBHOF24^l z3z1&#X<$yy*NafaI7(eys4){s!wHIMR>EeQRA&7yuILfk^n|Enx#FixAuD{Z(8@C99!51w>G*iGv%BK7 z4h8K#^|OC!1x*c}S*7_hYTB|utF^U8U0Xt3lcc?iuBO`hb%NDZT6)z{Ie59Nhh+87 z9--$C(N(jV9x<$MM=QFNG^pO{SyyqkV+{WhW1jlE(AOtD*n9Q*l$bm(ie<*mG-uSD zG;D$BS9@eiawnGy1*S)*QLNt98~nDlE}J;EgAAfYH1kMGmUnN{1=W_a>b@fi=nVTQ zG4y-c>6C_fxz#e)*@kb8Ow!|OUx)%7!I@hu1>A-AQg$DQV}>~g!Q_hM0pXyHEzDcZ zklqyU_{{4du*dZV_LTZKP~C~5VAj>I@y!*GsK6D;!pO5IFK?o3204Gk8OJ-6Jl+CbftD^S)di_xhveb8jmU^eo|f{(ed@7^UE zo2ik5)C-S3YpVihUOWRb0{mIBJ5g>Hlq(2s*IbFby3Gv7&c)f6uZCoXE`6#jjF14t zaN<|O9pL9Y^)r#)fv76_iox8bGa@h}NM9e(5F4`4-$@V{5O<7;{-YU_@EoQ)`B(iL4PxkX3G{^i`~<9V+Ls z#{7P!?9perHA)=2=n5V9qSSm@Zwsh0G?hx)ak!Og;uhTRU(*G*5l14fPiH>e;`ndy#QZ9$itNX!5Ifqk5mjgX$nv2vLr}78xSSDPmtDIOq%+)!` z5Ik4u9J}nARyxnp#ne(3t|x<{)u1pF*sia#kXbQH-vOzzj=E)Cl8p^MXMMz~ohe0*RR*BjO>U zbaVHoeP^r>rxnP9^s{;tV$@w(>nHQGvivW2map>*o|RYIuWCsdSQv9RzhnhZUrwn} z*&Yl|l4WK%vznQ)Cz%3rJ8YE9n%)~^QysbaqCVHp6?LBu_LD9p{gFBD(^{12-Z{Ru zuT)P67s>@jkOIj{<|!78cwCBe%7iu%H+dCr(DI73WAa*N(wf~ixAZ0^Vrrj>VFHdh(k! zftRw>xby;zx3wsT-5sMv7~#-QdT<_V1!ah>F;A-8u4s~@tJSi}seFa(QHCksPAT27 ztN$}C#_UjQR~eb-Dp96$%TwE-_4C9T+l5lIr0)5TmCm~HUQZmtLMRN2>L&lOUHmIrLyeFf>6(TcteEeCZHISSUl;ZFB& zS?8#)UKczC<~)q*qnpNGpyMy_P{~dA#ejKVW2VP^Nq56&jCqKIWS}nXKs}Qn!*M6X zH+HIZt_kWO>qkjy3;MuIHF%mXjuP!?eCa3NLUb0uA2F89(H<^CM*PoBhBmnacuRB3J0d|>q&e=$+Z^83}_h)BE2N%yb;UZVrLFAH?Kb>lu zaC9;_f*m+IJCqp6ub0D_z#M)$e}7s51k}v}Q{EO8?jaSDbvB;c3BU7v3z8qZ@`okv z^UZcbi)of#&H<;BBU8-PA!_?%|LxI9JNGdogxanqYVmDn8c6$C)y%v75ATlVH#2aI zuM@J65ER_D)yC$yVNsq=a-IZA1ckD@EDsnmk8vG))K2Q>rSwo6GM-jUmOW?gzq>s8 z@BaJqi=*?)!{fpJ+moZq!=s<}Kb%}#o*rGCA0G@XnXEq;si?JEIjHHiPN_@6HHes^ zyFZxY#<4^l$-Dbo15R@f7^)5yHjSb<=YVAXxrpg^;WVJQ0iUx4FW-chZ^NrL;uTwQ zfa1}>W5G?%ST$YMv8$&13{BP1vOXbqPLEamld7jza0 zZ^`0v<1fqVh+8@@Vsbwz2d~=|1chVBs~B_4(vKs` zrfo;2eBH`7W!*|F)l^bxaYN~~WmyXjNp$fdSyaB%Su#1*SmrP-zTuLfGKC%7Gx-dM zK4z+kfcOqsHA*V)l!Wab?3R5&pWA9FE&28#BtpV{N7~89uPygqOTXkqsSfp$UMD_Z z&y(s&AxDpsMd#exmX7Yip-O633|9{6d9c(seWzQaYZ)jF6P}qWBxq;-LRwO@!E~DqsmQ&C#J%_IK5!Ne({h zOq(+9cBWE#h;oPpA^~44u8cBQH3f#01{j4EBFkKKI1N{dtCS8~?gUJY@C!*{hVKw%KRoSUEysqMJ*4x@{@9#Ap|uB;RGBS!Lv^Xp$dM z71trP6w3n1i{-V%Em^d>*z?l|CRi#?D(_lquza>hE&2bi_rAq&BSo2=4&Od|e{nSE ziqB#_ZOqsIcXwVE_5YnWFB|>;A=3BXo9J#ZRByJGZP3kx1UTIj1K}{lCWf0fD*OKX zR?Bshs9zv!6CLcsH9^{>DsyMxT!+e!=C;7NMM%9b9iHivQ*GNLx923(S3kxKQ5hjZ z?fZ!CmoLe6SvN6ZkstWA*R}pewXaG240~I>!*-0hT3^0&fQ+E~QSXr*32*&Hz}K%! zVWm!vmPgIlaAh&Wp=#b@8Bzfo_z&37!S}M1w+{T;(A`Wwv^POPxS%jLUUU-Yek019 zg23X?41ktx(0@O;cz1p@xZFQHJwCha?+*sQzCS|++s^M@E|7?M7x_Mu>W0cQKfbm% z3n=v8pI_vVSfzO$VNWriYR|rp_}Wf9z|I ze`f{&Ivquf?-FV}qM5F_OnuL=n(M=FF1sb+gr;Z)0)4`OV1#dAO2SxRUhXFGxNnWh zZD8SUvJd-J*|r-O^&-}@y9duRYxcEQlZS3^@YnLo9gt}pgGX}K?7 z};wL?#lm|5p939ldv|2ugc&lkt~nb*l#?3-cL*_ z7sy%57P51l5oI@s`So~%UwhlN`C~Cndo{@ZzaNApcK6>-A6Rc^_7|2POgMV z*C-%95?Es+Yjz67%~;+b7LstxyG%Q{x_hOWvB*@o;0havV*%&~fp2)`sIV&+Ja;K1j~Y+XG7 z)*ctt9&KZ&-E^DdOBH`F!rtb5%2>Z#sT8yw`%X33`>{T`lA1{vdZ+eA#7HPc(Ecm$ z{8g?Tu414Y+f2ab1J);?7o36GV!5_bgxaRR?RsM?*VH0R7vM51Qe>BNEMlh5v-EvX z!Q-eJ_PHZy&XaTlg{8{4Ej5MA!lZtkQ!4Tca(f)mAqvuL{aYPMEQ!6nfU4OGQ+!Rm z$w0evuhK5ShTYEP;;rlJ!%mc5n(A7cb30vh{=A;Zf<^s|+@fx86HO}1z2&37fGC@*QN{J?=0;LU!?w)3(@`SfG#=fOdc_F2 z>Ge-%wfY&ESGpr9t&(rEZVPT*hC+Woh$iSPp2F@z0ulU;LW9Pdds&Y=Q_s?OL1;eud?rR zjyCSfa{eLVU3)|r zWlAs6Rr_WziOxN*+sRX`WhaDlY_`;dNa`&X<(Z<@)1?Tpl34HZCIR|PYyQ^Gy_By- zq->COmq6~`XG26meIVu-tBhc|lASv3Er4DLqsGx+{oNXiRX=VLk2`X^?!-G7)EJzY zZ$8=}i6T5%$VtIL9j}|4Xbt$U$%y5|jHFeyfbO>t=@>im17P;KJXltmn zV2|QHOg_*xG@>22wR~5)8m0~n9rbNIGaB@4(dGHC(7L@%3&vfxG$xU?| zIurNOz1B_lm-M=P9b~-|mE@S*BcNhwo|m@yf;Y7<`;nf2|wL*$tch0#mvY=KiwQLzGJQs^29fifR69bjRgtXyv> z`!r`T=7m#;l+pWkMEy?Uj>qIZlY>MV`ICfWokuXQf7_0th|!1!)(0tdflt3z*WOM94OYMJ?)6?z@P48|2yukn0-iy8b z`~TN_Z+05{--k%f3(7}vc%6HxS$>4A*1%Mo>B04G>k|q6UV3ubnqq-`Bv7vf#`k6Y zrlggy=hywqnfg{!Mv6dqkF8*{9rDG>$N*0w>p zID!pGo;t+1J*NTZVFPTIBWMnqGXA=&UJ$i3Y3%`OEw)iYsb1OczB#{#TQG?3!NPn0 zERTKFLE18qd*;wrKXCi*6P|5Zr_qk7v?6IO@X5$Z?mOm*yQbXs>cN>;BWdPk zp=b85Z!J%sS}I-tbC z_anzDAh&>*8VqdS>+)T0YS66X3)XRE7O`;njkKLB`V*O~LC$3tjVU$njA|^>-KV

%CV6{co@F|M(!OhW@7`B6V;m*i5-*?P%jNr4)SO zlP&&7AphST|M}HX4>J~MIjykVQtzIRbzCFAMjI^E2IuL4bJ;)-ztRqeBt&d>nCO*8 zjf;?&Y{7Rr7E!9lefgsN59;sm^{YbeJKH=K=EE%vU%$km=h%H!=vRvs+B*FFbty%+ zlht%H+-=|p`gb%96c^0_^YH6qsrU1XQr5*zW*2KS4xue>_!pbd065h8L}OeP&y{BOHIyfGO9u`w2Xm7OckaezG&T6_*uPLc2?I@)z9 zUji^1;2s#SSC4S1EtUUS3)4HV0E_H@UcTAO>;HQ%oAciXNjXtj>OEbus}}niXXu%g zp-QE%wm?=I{_5*TvpJY6@gwRF92o}Sh^k)Y;|HWg@-rX~IPJMofJ2=ivx=O`c^ z5y=>Gi(%RgnUbMTJ5b!|)droMLGA8ko5`sttCDRM*4llUMI~K48Ag7q6u-sFtIMDf zqf;y|PZowae=3n6p!fsCtWFJr|-N0TqOTrzAW7TyxeQve>_N9 z;r=J(j&sQ!6-R|r8WKSn3CCTJGE9{$+)fS<`xzj2Sr!V{uN8QPuGB2Z)|_&;uC=BP zV#xQ2TpLiJ_2RU)b7?$pnRrTznqIEzl17RjgZ|i&?41Soh?+aTOE(k>jxHYsuwm)C z3Ew%${_rR+gG-LS9@zT)#UF)!z)0lZ!ea-Lf2)4zpF&nBP zF~_-@3awNLUSeGT)#UACOO^6}NJ3vKZx3+)|Ki1){Qdvy7mfb^AgQkWf2-M{Sq2{A zGC%`-jz^Lx&U(E9aqTM6(+;SthbQepU;Eo>@mM*dRzuK%j4{Z*=g~M6Eqh;~+D^hx zE%g5hn|W9E24L5XpHSC|xmif+rBeB?PX+n9wg8Ld|C{{#-`&?cJB|JCgQPEWT;OJ1 z$akxsXXql0WM8*r*JfMqBlJg%6SH6EHhcsBQR&K`r7>0Qhqj6(p7Dy&v43`KXp8(! zPazaXCQxtLyNrTyR@&IYHfn)h5QH$_s#9h$2IYa2YIW33rAoJ-nM|o)U)mNn^Ek^Q zS!Am#FUD<-FQ^Lnuhw5=*57+R|KEADmzV!<>bQ8zST>z2(42q$w^ZFV-xJpDLHRvloreUK5Grtak~fQqB@7OI^{h9!ER4!5 z{Oi-5gaWf`*Ra&))Zv|C?SheIJv6k<;su#v8jG}YCc6$o6>!SeoDv)2;#q(Bnv{J+ zu}%Zz=6q*;seJtxNZ?T%a4b3uBj0R_Ry`1!zy814dG&Iy=>M(J{~sjP+fU0<-$_n5 zH=J;8uMDC0BX|@An0wfPl9ucyw~Nkao70(NWLkEk;4o&D$?3op8I&GKwQJk+%RaQz z_5BX3JBp%iHp+rWrx6X+a{*=CUNDEr5HLtq`%*s=d0&_-zJ~mUJDmC5M`f7Sw2WHD zfYvONXUn}}onYh#m~&;`sWHwh!tR7}yLG=SWXbah+a1%CGcz*xHFfvUG6k8ZA4^Y= zAKV8Yizi9RqmcQG6H)(U{?sY6_?io^1~GXN)$luO|Tyan4LKnUsBU^ zvb89ys?jbgb(!ID!wXK)8295K(1-Yjn~Ka-SSZ{nIvSCXh?zqZlT&*?P%2i+8_779 zD`lrIIZuubJ_#Gi(VUB6#mZUyMYw|s8y z8s|o)v6}OvZbt+SFw4t4Cv%P6aGSb&F9c>&5-M=-81ir*Gos!j(a?9hGOt)>Ew2f1 z5nk53?m%}i|6EaO1(^bxz;sGP6$of2QCx2A^0N}j%1{1X%-rv1>o)ROh^G^mJ;ON4 zXX$ZB#DNZvi5bt{!&SybQeF=e!%6%6$-~)LeF@H!seTw$I2=vCc#|phlS`A$P50Qy zMKHJcKMHKi;!7Qdnf8?HF}P`U%#LlSQDNiMhJea_|F7T%?2 zO@2#wq41pA)WLti1_(M(4zpon4q5Y(DtW61o14%^v7qf@E8c|Ogm6WC=)_k&_3t~l z1uqsV*e$)3ojsockfS3@^QYR?VW$IlOuE2DW{Cz0D`nB~dC_ zlS>+kKn3&Gf#SZe4EU|Tf5U~L25&8o{Jdr1-dJu0G^+*eYb|I?b*6k!`8tsAe@GYa zQWiD>?WC2`olB`=RT%10MC#*Ex7|F2HRMydFcjS1EUB7VtvaVl%ap8My%iJ@9uMbM zHQ)0UD_AwZS1d@!s$LaEp3|#Rp;!-tIReqP&CpH9jaEAck3@Qw0&;9KYr>l+9Oid+ zspFZlt#7vCs+T$oo2k0vS#;n~yKfOAR87?Yah^R4FMP_~y3~VGz{V?V&nsS=FTNdt z#hc-pTVMC2zp&Fy5BnWzR@~Lr*ymQ%Tv9d`t{f{C-O|~+cwwo6H~$>07Unp-&TrB6 z=)XO_INLuxzC1j7`{7+~+N+6UhM9$k&5Rc~Xe-w)?cC`3co>h%k0{di`tJu9@6L|~ z|8;Wt@%_n%)1%A7KJ(|y&?>VDPQX5Ni$FL-=WWRo)e zy%v^b2>z6D`)HHK?H4>VPbKqdzDE&V`>agH+w=*~dW)W&ti+QCCm#kEN9ULO{r=_I z{%OUaRM;G#DET|P^i?!=y06;$`TgKxj*we!6|8P%q0p&(i=;)){ONF)CsGAqtIn>FLH&cG3RWcNE*L<)qXJ%Mq6|*GR zUlFtY3KG;mmhf1xEVAb(D`I`oDjPa@ ze|C0sAT_({8B=KMAayjpWOIkdgOyr5B-~rvXpS9{+9xE$eTGNmb4@f)j?a#iSULXh z`ZzkREVmb`Li>VD@t-uTOWTX%)1&|U{%i@JNg7xKzR`GJ{(C~lHPG$9+y8KQd?C@U ziLC?vZX3;P>z4=n7yGMVaexF0s*x#a_2A_A= zKXA;J@7jmK(Yaix?$WjLw%63L3orTw;|K-h8uR1AlfcT3T^#f;e>pnp@1GohJQ`dc zpIscCf80M=qFd!H-%Gdr#rvj`E*;L%dFr&drmm=WLsJ}z!pq3Yo(wMbFOE*7IF*au z`wz=-TcNr87?A@ShjluV8N_{bJA6Bc)WqOkfCgS2Kyr`45lS3)F)95c39H)eSavVa;d7sf?#qDgS zNETcCIenOtB3EL(2$cqmV2l_Gne!~fd?e5iacn(J6#+`jAR1p1&M@+4(D_hxK3INa zu53*Fq5SY;MMVb*ZJAau3UUty=I&5|^FU@+HI>F#uQjcs9l&T$yI!g^~BWWN&?<(S2T;Cf9@GetAZEA@sC>~1OCk3b zS_MEpaiPo;ig$X}Qr1@0ld2Ui)a67Z3q*Xj%)`m}4s>w2;4i)BbdfyJDC7czy6C-D>U_$9xx<9YLAuk7%E4N7N}XrG%;my0OsZUKcbQf5O!!v09a?nVQOiKg z-VUvxIDdPSyr*dFIHy~b!A4hwYU;iV=n&c?`L}wE(Dk>!?<#Zu&5}*T(Ptr9**~CR zN*wHD9@tP^HF(L^>*)Aha|W)=-jIePi|`TyTG4aYJFM<|X{qt$WQeM%lX*yyejool zMCG5n%*%@w#b~UZDd;d(V%Kd@QS6cpEntK(%l#Ix48Z ziW47uh;hg}G`N#(YXWtyL2H4Cndo{Y^qjM3)LSt0N|0Tc(wp}cZs$w*;0aCl`SdHy z^d#6}mVomO8@$33uRGE2z7~q57KxPz;i9k#K^BR{8V33`*q`A)V#2Tw?S1pfo}-a) z3>PN@aA5=CX^oo+4pj-lA+Z|HA4S-j+BeFA5vb^fjhfkmFLel4OP8zA**Y;1Yc==O;L8ieFZ|tY2B(a77YUtw%gxr{+4w ztDF~QP>CZS2|N%C2|P9qXS5@CM={M7(*8{hKzl}t|A6*6);{>#^C~73WHbm!IR2oD z^dO9bparFit9ukzrn1)^Jl*nj8Y}j~`Vh3fH}j6Bpg6)`@?MwRh6>)lbjrCnO982P ztnl3@Jllfr)S?f)AB*SZssw!fss_cBnEi%vm$d-xaX^PC zNI&Y|ihrx-a0bJY(D-~U&U8v!spSIci{o1V%M*-cw#fhI{m1`$^YX=u7y0-vZ<_co z50f6$`)1{Z3L{g*W|cuhM#XC7UnQq`Nd-i!y(v}_6cE_$+D1%9DJ(B&I^;*LQR!EsMMK@0F7l{-+E zHRkx(G{qj?8EA%e=lcO&4#%~*0<{>{^8z}jbg2W-Ipy!>`_lz{pKd=(+qt{1ObhmY zoqd+I()juO*Yoqa7*W^FrD2-J$7kc?v+?oS`1o`#2^$}uiyCNrd^SEl)71F*Yg03Ywl`a6)f=OEE!>A|&*bcJRj-~k02FZeCvoWc zZT7Q;YsO+>0kFxDycaKZPUn|5GM+fQCJs^yhL|!aDLps7$p8M7Gho9!ZH|I zGxsI2oaeQ!1k0*cYBIqibU$0ZK<@K_K%xJ3R@VVtEmXZ@bYxu@H5%KtJ4VN@m>t`; z*>Tcg#kOtRM#r|3j%_D5&-;z|Bk!g9)^$KHE9ntg2!Y(=kv}vX)92jw0S0M!sS3RVJir zH&u?F7PjxVkTmucEKzE*o}Vr4Y6}er?8zZ~_x}7m{{Z$K^u5i`??-S?HPaE`W3N}2 zg-P`#_4P&`8BGq_0wPNSF#;*d?+7DX@@ASx%#kKut`=wO@u$p@B@NvtM#09p@M4Z=KD|68*6SEkL}ep~t?p1(Cv3 z;;|Q&8|}vvELcQ-_joC7)&=J2YOVI>O@LREuLjC*YHsa^&`hIyP3?36FdA-o!dva9nj3o=c zs0TdDZyQbac-D$KhC33*g@}+l!OmTsJtV3y)K+raWsUNiUE%(fUh8{SswfX|m~8PY z{G5J#|Dp*BEE}jm#{QtWOZ6RXm0EOFhfg!vtzytp0yWqal;R#N*7&(M83k<|&c&~L z{co#ZXKP5O_>gSG36o#*cpufOE2svfWkTfHb9%?L?CKm9{@&Mx?3e&3m==QzV+FRi z()R~9iga)#CC5F8pCuhM0AfP?#Y^L1(xbAhfZv66{n`6v^6^$exm-RITKTks@kdB- zvAwOuThKUCQie#f{CU!pv^3=0?&r|w!OjQpF0kMwrkzY&m^t7v$mzz|6A4X`()Yar znR(=Vq{r!}F1ug3G496^72n%UjgDe%|4ka`ky{hXnS$Z$s2)iNFGa-(_g;OEmis~QpwJ=O*2;R_bBS9w>r^Q5Tq z3}O1+yu=p`;mO;M3srlrsUTe-0p$)ru3R2fkm`p~7x;;zeBs5lj{Hp_CpzlqUXgy% zkyHn#B@4{FnEs)q=jQUn1L=LmKgLsyS?_RqC9DcFio8TMWtX zmX`d>%nf^g(;)v^LYad987!#IRyvE4 z&~=jRqKLUJi8XjYrc%oOA(X^%j&cHg&A`i3E5pNA| zZBa+E<`KncLYWEgiTY7aUe!U!W?mtSa!CpEq#Nka;p6?v+}h)6aX=N9IRH-e`P7sW zw4^Hna{Y4C06+&1~R<^K0-nn#48C33;F_3^n-^p3IO#W69*N&`AOpKBtFC~{%N!QgnPJQ zaWQQm>aa6_0(}n^vLaFk7OlI&Ndfb353LVnyb5Z-$rfV;TFw$?K;thSu6xix?5w;7 z>F^20K$95+k_$u+MP7mc$bVKRg|ol$a#lYQ9Egm&KTd(mHBVZx;tA*Z zBVFE%-E@fPufcRtbR{Bksv-2 zoYWY90zk-4ou$B~l&E~W2nt}^)e0$Pkg|v{c(qo5sHSk~m7}v%^srQ4#YO?R_vo|b z8NJI~L8L^A#RgN^td-Gx=GwhsI_ajx0VNqlKL>Nqe^RvM?j+Pt2yPAbQbqR-qj)(% zV7A)9({j^tYq>`A9|1h0lD+n6QSgoPkj3DyH%gD3MTJa5?@}hqyB}5BK7Xlc4Xk~o z44r*NaN0lKo_$S?t53dup_DneX}gr#H=bVEkm#Fho`1j)iGdyxP3e4T`K@e<-t#8K zCxpe@XXzMYH^400i$TIn2dbxev{GTb*em`KmS;qG(1xjhxV1e1Ok2C=Hb)*gS+_$F z2GYXZ{T#)Z*iWoXe2A08S`e-{N%3YiUl^hNCvu@CtWCZxc`MZHsQ+3aYRS-UeHmMr zP5Xw}q#kInYNHR;gkWacOZ)rLl$xRD)8{2ViNtPN;aEM)AMstHS#OxX|qvNK{!lr;~Zv~vA!&N&P6CI7FT|Ce1R0^9L&PNSh7$pRpE*> z0oTvyZ(yocOgChdwpA&nt0oc0*2~|-Nlg@^dg5oT^r50v_|@gxlraCLcX8QedEWz+ z9JlyA${PEobb5%~A1OEiIuAdSiF+vBhYki1#cKevURT`q>VfbTWJy``w;7@ItbQZk2F>ncl3vc8}ZVFFkFNzAn6W z(-kY8y?xa@AOOh3EhcuKuR~kfQU9Z!EL_84W}6vDjs>#!HiKBdrehwF^f>Rn+f`Y;WVxSf64cIG?nkchAN!vU4~KmkWmnz3&=(dtX7Vzj z3Hc8!Lj&#=pD}_hD&Kj*|Kpo#Z$96zFHQ`U<=rvBvc=H{VWIH?>UoY#B*Dncq+fDL zH4wAh_;{kg$R5(|Djv{HukSvwM5Xf}qM6@|8P{>6Ey7!zzd6k@cl1GsZ7hU+TSDcQ zf0(l70UX-jTHl?$e_z~u_D$8*)qHqPcsomOB+HVENF>|P%G_=E%hw&0>$YoZKS;5u zVGMW@RFt2wnPX*X5u!!uTOKO7UTT={QY7w&qxyTL!)KU)B3ph z1d<5OFqHK0H@m`Q0rehDqdcX=g9W;HVw>cz5J#@)Xu&-&XgmNcLvtrQ5++sX0LnfJ z#G!BpXKUVh!tn0-=FO_#fFrfkU`yie?~!{0cyXafk==^lZ;^7}0(%YS`rJ5n@aKyQ zrjI)tWHRv&#=P|mUG{FDkR(tpDzH1Xiv3jGUOP9pt8Fd9%{c7M%}coo@Q)Z2W>49F z#ki~;XxeAN8kdLxX#~h<(KvenL)oFY9212a)6vQKvS$I5^favOx+-4>^5gkqU45!! z4eDL>mUR&J`hS}nYq(h>H&8{xqtVZm2AncZ%3>s_kswU;F8xdp~1&gvrx+6dUbarFx0KeaCW=ITnkF4od2kTfaYXmhRwzlcwkBgflQ za4@A>_;SC_1mDZ_gn;EGS3aB(!743Big8g@&qPWbNE;D#3UDW@70kCr=7H7qn|P9o z?!(2@KG{K z{yrQM;x3%Qc4IR3g zoTDqsLFo1h{x~m?^G&~pm}k(zM1)G-AqVTg^j zZ}w~D@es{4PYN08gA)B&9-F$9US4k-ihgsq331tL zHz%|&Jm_Y>Aoaeu5UH>X3I+sg?NPA8Yd?#RXHitEzcmW}*ao8!SN~czgE7xqCNn@# zYkX-l+L?jU30G20C&?rIo_bCTN3w(T(wO6i4mWzEUE$cyR(~84o1`$=Tq@o$mREjG zwN)re5eYiE0|m-+P}x&5>k5t{R5nXrcbdV42@`Yq$2~ZZ4h#794nA@&owlhLHG$k< z^{T?K&Y9?AMX@wz$pEhr=W|Fvxz+EOZ0~X*7owVuK2#F7uR`k9f z<>qOe-dH&M*Ivn%;vGQkh`fN{lFIW3st|4dxay2?;7W~+0~sTs1Ptz$ z#BK#?lQdZq_7_DN39U~eo%YQ!=v-|0d$GO!>wlO8y1@(JPd|^AHHTl64I+>n{1WR* z8~&><{;Q=rJ5#I1TsoBzO+yJK&;@!6&h&+S2 ztmlMf)Z9qMjwK@DDVB@{i)xg1hOCKGsGCkn}@t7UV+_oJky%4e|`*D_gR2{Zb*iW@K6SK=d%h$Z(0Vym&7_HaG<7 zRQ)tWls}$RgH}?Kcza*i{*r|yz=(iF3U;lUDI7`o{_rA$H@liyi)WcihRfu9Q)4(@ zG36#GmhJ~}CG7Rcupgf1&hAhyg}8%OYyqbYIh6cWje3u5k+(=gV_J>Ncbbax4s+-- z)`mIp8k={QGLuOi%GL*m8TYpHTGbo6k6|wX88v9w#rtZe*rf~NI3qTUrCJ==vvhgD+bEc59?PsRY_xQk0Yb|g9;Nl@gHax7f`|97 z=-H<4b8bpimuAA9uqgO6)7;*)5k+}53Zb!>-Yj^AW?;;e!3S0+944RijirN@ds2lH z=Dt|5tg2XjwA+oPP3xdI&(yR)lRy=?Q$0k(+&mud`N5@{To`EjFX7PwoU@O@j_iG6 zAmd?;um)I)-ysC`j3ej4brKT&>{jK5BSl_bIFL(DK*MYnafO;bW0JOc%LP6KAsCR= ze;FN47RuLD3o#23e1pNdhr7&^a`4b_t{hsVykx}Kj%4F59T?|LI9Hnx{mc@%(24qv zHH!P5B&wkIy3pS7w@%*q_0D8Iy-1!EMMpEjG;cTko?<@Tm3R~YG`VE{?eEh|g&@v$ zouM5`m14JBPGRzeY2(l)FjvmG_bupv#pb$qQ16ntB4=KeY0(SF`>q8RkG}hIfvZ9~ zxXa=osz$z84~8Or@)a;|Py;JKUxJ!=W$gm`&L+_x&g>A=U1~;yBs9Ca#{vHt8=;+i-Mi;jHt_Fz>ly{(gtDh{9Ja zcF-oLPcF7UK8oV{L!>fNIH6m2?i?I{c(lD6;2`1Z>_6UCd5`=5BMB+ovVGv&QAFD@ zAewP(++BFY2&2gd7u0A-blCO|P^o_KDx70awp%St*H6>Ddgo?UqTs3F5@zR5o8ZX{ zDfok(C5mw$+RmZ>dUDy%zMX*`)g+iQCVu-f0%n77O6;NaR5WxAK4OD(w_u#JG31p% zWUa;ersF=#^nc8Oh=JcNMHv59kM?qrbK;c*W$M`Pi=~h=FOz)US@fsH9&Z8_dIK}F(Zopz-lXahNiW0s8^9ejuKjLMWoJp_XYRguiwBP-gPkwh zqo&I?q{k!dajS@MF6t8J10w$a;v@Gr+dL=)`IuL?g9y$)*(m-PHvD$Gjjn|z&OM)R zl0)AisTS7u0BHvT`bqEb7a#lgH|SD)ngu&Z3@S-=W~=sW_Jlv|FiHo}-xqX3$sq~Z z4GEPxWowX%;jdD61(1?nGKD%i!ebwnMS66nZ#2;TCL@I+q%=0oOusj<>^gTADt?y7 zV_flARl@B?H3@GMoG)d@^AfiFE`n62H8gtw#1xClyp_mwD>7SnaSfzB4r}we!dJn` z0Y{F&-;T;`-CH(9$Xg;>@NWi3K0{=eH0H$chM>gk^w)pqv{oc~FbUlwMUC=uQna}! ztc+t;5RU%>*bdqs$3odov_xG|M7b|tPF06Wq>kCbcj;&hXGcgmq<1^`*m7Y&5ayH zfJUVOrxjCMzRk-32+j?Y!U*6jLaB-99=;b+NKUvGgoL(pJ{0?!57FNs!$9D>?24S9 zU_a}rrs^-_yA!JdM5LwU=!~x`u-|y&J8UF6VNLTb6yh6-*x%(rb-ZCiYY^$*(OOis znrV)yX?Zaz_Z5wlLCq+GN8o(lf!YoNJRAtfdJ>#qRYOFmH)~Ed#Bru6`2kpIu+#no z@o+<^f^Kzs7!N7+OX8alD24cxk?UH@oqa>&%wLKV#&6aUF0_|vB)0c1UuEcxv>vt}S42HJU>BD=i5_WSlA?0PNG$X$cyTWts0UqhM&a`Job`l zd3sf`r7~TCX#gM5lrd4!+n`9!&vV%F3nW4)>D2PwLaMm$Rb{i=+9V6%4Q6acqnf{S zOsGc15vm=h)aiu|Vc?gn=e^}c1orJWUr+N;kpnONxT-!Rm~5STbn=~9yk7iYhagY) zQ4)Qz6Oqr%no#qiY3@(*VI4O5d$w;J{&5{$sr*Xc?!&azSpls-nf*aS>3rAi`4Mp6 z=dTog#ASt>O2%UqeNCCh;N2bw-4zT(WG40Az3k$4{)Dn*INzWB_CR@at@OQ}lTg4h z66_A^3km@7CV+Ga@i9oPIP*fn|4$B%IKtQb{q+`Hadn_RJV}tFp)sGaPK+ZSHHcRn z{$|SukSJr4skXq6OckZr_G2lz>6R~a*S#vtg+1+r&&SP#+@dFX0bE9W%<>xYNbY!b zHdhs5r#>E^mwYuu%tcQ3ZRCF;Z2aP-vpxi>t-4jUw44#F#!vb7HxOK(PC;3Ofod%*e&uwzU0G2`5Q!db-;~Uxr!(X_8i{nJ6Pl%fwFBoL4E(FJ zS5Lc5xs{t23zb*n=Mqawy)Ktq^{;&6y)fcgl9&W~6=np^GSiAPJ%b7rIx)g$80KE4 zI-2g}9yv5qoD(JmQ+aZAWAeoh2@L#eQCxDB8JTJ}<`5ei8;%-G``k`AlIacH__j^u z)aqx%KhyDws49McC3HnaXcI*p#m!ffs&bu?XQnJUpsXl(3L8niN|j39dYU!2{Hlwe zB9hZA&n%XIn*c6C`61Y9YJXD)dqrT=x8~DLkJ;MbONoh`D*7OnIYC3tNDSDI!va0+5 zn?sJI9&Cb(^82mjB^F7f-ByH|2j+Lb_*Xkwbdhw<>Dl>R3g02p_=G0(;kTYfzhOT{L|fo$BS z$`ob!lG*n8*Gh}rM6c?bO*b}y@h)XNQR#40m&n^k?5EXQN%Nf0tW7#&Ofx>11MbM^ zh|!rX7?tC_iK4d+PfKKSfv~c+SF1+l*aizgebxAsolSD+(c$=_^-ykAezPJudbk) zT+eWRpAe=r&jYYXQ*30RX;bmsIdq`}1NqmA9@5Fhypy_4Yc9mV8WX$r1_Da!;0M=ad7?J)!TPD?J%atRG3Z!`Rq&huFZ9GX|mX}o`tSIp}hJLU?YAqZ zD!&<1DN&2p48Y%ZKz&~KB&On9k$iT@dAOxTj%w(`Vw!Xc>`FE-H;{ak=5JpJbS7A8 z8fT5@CoG$dOtw4eX*_)qUscYoLOf*qa#TGiOlc-6uzcLn2t#uqciYUBPN7rWOx+u4 zV=C!`J#ZWD{I41)(n+~H@*BE8`rC1}{6;8NMUD>5=keR~4NLVK?qT}FOvvfWVg?)n zyybQtU@uY(LVG8p;I40@bPC{!% zm!@F6`N_<|%KL6L*4f(^y=f^IM%ZMy+Hjo6Lg?uUi>>dI#a$93F)FYI*IcUF+6c^qeb18Ay6*}5+%hqyfgGplGWw3^WaPi_fZd&*U#l*Dq z^nx;a`=s}M(0N~W#6*z_1;ccx`+%l!_Sokb56>arSD$R zlZq_#An((vJ*(Ji1QgrgPg!*zzO}x7`Slo+6@LKpsx?W64^*_jW;;!&&GeXg$?+!7 z_9i_}%}L_9%)E!XiL^DxCcA}mQWF5XN3q$bvBLvnjfI}c(L_6sUJ)MEV_Ats?k`&RFa9AW?Z8$fq*z0U(+o;ZCBx7OupB5QOX8p z>KH(ZNxg91h<0)~00`|olVk1Tt|0Y?&t*>ibtx5!V#P`Mv6q}G^Dk*wp`G*1q4(SS zdsLi1#Hp-}1Nso`L2M+-@0TsnmTkUrv~PN&mlo%#jNVQr!sis^B4eQ5rF&5K%Uh>iix^%z5&`O}q>O=hA;{$p+U zxxZD3blb!?2P|PP&70k_kL2W&a-!TB>k7Nkl9pKOTgSvuVVp5m{&z)N73gtXuVa}+kxrZ zZhBodz87i*@_!w!@qk>nbo=;60_1BFnGh<4tqJgLa*(Ipj(8iwzjTs{QaW-0_L`zU z_Sxg_*?FMvSc0h=hYuOj!dQ)pNaul5?HOS!^ppe@+v*2Gi5)0e46i2KLL2wq+=r&D zw|%;h(F!rSqOl;bYJ=ppANMeDrPr%CjN4x5*bQn2_=!cGm(@Z!_lkbI%=d3AB=TCI zvw!(sYJP}R+@g%@vM}LE^^Xi)Q!F171ksrY1U9V(^{fS0D*=lk3S$x!$l~k^M9E0L zt!HJ&b@OAkZs9N5*Cxf;j*Y#wu=|MSO@jH5i|8?ZSO_oZVb6%p|B0FZ;N~Tu+YZ!_ znnLcRS9M{`oxTt~BBQJ_IfB+mrsct&DUoxTqByJ|-8GF*FoQuA!KWJ+N7hXOs#Z7E zP!pk=tJew2RWF@fl;k3-|5dn|IwSXfw)LSlrGIR0x%)l(=cWI}l6Np3rtPAkR2~`@ z8vTI-2{wfd&pV*HnX~d&*Kj?UCksfhUHTHpI`9~G4=TRX;`yVX5Yf!MHn_jA2k3l zrt*7vi5Y{5Ic`2s|JIdpt7|o|yh`$=`tIw+0ML+=xmr})?(#*CA_9p8x_I5aywOqH z!F={85L{i>g3Ds8!uM2z&Lxzq6`u;fqDPhGAi_?GmSrsUqX4gEatFU^tX+uEa~`P} z$Bx~2=nmfMFs(Uska1?ySRGJEw6-)x6$JNUWhMU@VZkKmk^=$0WEA*ai(ln24<{== zE)ff=#;Qb`n$(-?W>cN8q9iG1ah$`wNI~gUpDXsuYc_I- zJ((6$eg_~EU=(+J-x8I-YnSSO>-vw5 zh)KBuPWG5BIREd5NfYr$0G!2A^u?0CzQdSkQjK^{Its92CFFZ-;!4Qku`>Fe1Lpd* zyh<|KdM%!hmGHL<3I1o;n356x_n$*HbU@W+KtNGb+D7DmZ`32Mz5~Hw2n%=eL#P!; zU#}q2(x>C3>KnxrL6lSo!$e%O9`#FJ5YvAF`{vy!y2;{+ju^G(C<3TI_9P7HiNw!}2AfrN=I*JS?je_!Y z&T!Tn0Dm1Md%VX_E1eFgC*f?*sjAsW^g_7k;Tv1JiWH2)XN zD$p&5xMfbj?~H5$8rHp1I;33$EgB^%XwY!wVFo#JeI!piO1x!Vm4yvnY9H3g`n&32 z%6zd5CG6RGo_9`zwHJP4pwDYJa+ss78AVR-hzwsZklqM($LSKRa6>pxoCj7o+lqr0 z^=+or3EYwZ%%W1ilOCc(4f2%Pmm!t?wv0(bX~aH##tOfc|m4n#5{)x++Jtbw6=JQ1bD?!xm@P^g4wJ8^cR@kS~ zS{n?8hE|q34>1%3PfNkY-tbeAygJ7h1)m2`*goH9*r3`9o68cHR`eh_V6u2~RK6-@ zMxogv$l+%`Dx{Fki9>vy0?C?$d!%Kk7wHXNRG>onXgS=j3B2L`RbY!fNp=^~G|3K( zLVnA(#|8pVEc*iQb&x&*2~(WR|{@-PP{1eUVBpR2&i2M z$NVYEum!CQ2pKkLFeRAWM{-GTkWI(Drc{AcT_xmo(z2Z7j!#{G~;ON+x>oc-nbu z8ibfwG)tA@#D;jL56!W;fiV3?5?EHCRD(wtJL3BkkuW3tcuHlpxJpPKp2Wzzns6U6 zcmjtmK`(=uoRy!*Q)*b#I7^G~<&;_QXfqZBk{}B8IKd_|!Z1~XyGzs;gMTq8ueAkV z*;t_I3B|ts8xsc51kF87@?sPPC1qMYG(^6@f3Bc1Qw4)&*)_qI{8TSGD}#k{kqH#N zXzs%x2swvC5hKONN1w73)QLCXJDj(~E}=~=rb^n!+v|HpI&F2-fmDG!AEPb2DS=!Q zM}_}Ov#;cSOoBo0x})x1oZGDws>p9{783HOt~rNcQ##LD^d1#m^eGkzQppf5S`&Iy zVPaI{BOtCOxG{|ATg#JQJC?_OD(jCvP%?P4)gn|>oK6(~W?^3V zl@ZZ?dNruj5+vR=@td9bTHr$uMh%9v%}me^Lv#{^Sn#1~h*yQ7tesdds+Yk7ZaW@J z7V@AWf4TNhPN3kt`Q2|hXS0y>pXa|p8;jSlORE>On%qGT22&!}6A&(J6^i2G*BbZY z!H{RWbktpao=au4`#$M}jX;|-{_TXzL1-j1(dX}w2x{h1x0w2362J}!h1e{OjM){-un-Ox1TLN@y^<4`K>6C-Vl)R+G#Eb%~U?$Wz8%PQV1bG0M6VML^pH+)dVDUMv~GB$d;j6 z;-?YJ-fz={7NaSeNI(;scyfB6RoHbnwa7~uRCPvQnDj+6HMF6=M4(3bBh*s29$CC5>jU+ z%TiRJ_?eEaMx$jaQA%9eOiZc_Pm&jmr94UQ?j{Ty@XmDns1-cK_OF7fiz6x>XaBH+ z<2%PPCNz@CLU`3oLeB6xk~tIvLe=#43crPr*Iu#XWgJ6~1#i?FnlwQn+(})W14hxlz?j#p|J=+mLzLoE|OZ{}7pF+16$ly4EV+_OaJqy!F<5X-HSuHLpC?(pWHI453()j#0q; ztvXO`>sJyKQ~F2QWY$doR#e^5f#%B?SN<`By}|YnZ*_8haZ%-VJL`j8m2tE%O;-Km z23d9zL#{&kGmk5VU!9sY#hxsovpzhut?<`4@fpqH*naY#-Uwl${>syF*K%4@`p*SN~={8xfJaW z%CH>`Txm$C&Q#EX-_4eU3*-cCA1lDI$bwizC^+g0a(k0basz2B9OcTex}Q6)h@`G* zJKTgryMr3tk>3ew)NuFo{Vl%#%BXru%-{F ztPRfdzGsHmKCM$|LEGn&H=4Hxwr}@gAW}aaAL=!t%Nzgm{O?L%X|D+bfna*ctgKD* zMFaf(e2dn{9B3H68PMP`N~l;YI5sykN6$rY;p|Zj&9Uo6a{`|UvYI6bi_IAXURy#) zlHhz-gRcM5wT;>qfpYV_L3!K8+|{~KgxF@{AC=Ga2oL5nJ_JI~w@Kf-B#`I8fWUs{ zlj9l13N|?vLe%L|=6kcrOhu{K8l4=uWJ=>5K;*lAo(EU9@b|+J{D>Kt%tw;39(J;B zVHrD+72gd(U70iGY!}Ds>q1F~UFy#Rfn)fRgej3u=A!cSM_QBg?Pa&GM_WW_Ci1;C%fSe6%SdN2 ze{aNbza!lArMgqCCYMH1k2x(!bJTrl{#%&hYa1vdZb9q6!{}Tmj=}WKCI9j&+Sk0c`s>W3d?_m zu0XLFOxB5lANyIMxgfb%K z0;Ez`CweQ)Y{Gb$vd`t(Shr3{{PT(R+tty*a-kcyOMKC!kqJd%%!g_2eye!3tZNG_ zyW|J^lU*rjlyI(IR#Y=z?a5c@>e2la(cK+YgXOU{lI!Bz8RkK_SoH7&`Gc9Sd=}_r z{#%w5m+Hq;9>_17;6NE7w7;Pio8i`djNx?zYaWGYWy=cVseJvKA$9> z?Vv#|t-w5=sUU|9B7*hoe26$#B-Qb!{oNZZp63H^coL%7P}-L>DfRRN;odO`ev|Fz8Ucr@#NtE!G>5RhmMF#igGvpv21|Dp0DNW3H?nB7ypNV_ zTGe6?_~lSgEb$uXGYpbFK!a660pl~+Od0$96Za40pP~R#ia!QorW~A<)QziHT(=#Q z@}zaG80$-A5!cCza?Rj-z|@3f(A**+-T9gnZS>?uPZPlc#Hgbd1H+ zQv!n#!Yl6At5X3c0&OUb1=D`=p~<^Dnw8RyK-DqxE7_1mLChGgo1Aab?9MF3c8;HrMW+orNF`^R;| z^ES?jFN;7s49$|Go+y{$D=M~j6!+h_8T%(8G)U(2=STC5bVK+F?5GJ7Iu{{BF6oVv zr9eTeNXmJIB`1P(lO75&@|DFBC=c26CY|`mp%LCK-o`OD zjHp`0>phJi=Ki%e!H6%{+oE(EmfhA|BeQ_?D$cuB(YjC?mDaXB7-lkAm7ZFeo@l#> zw|ciY=ujvoI87X_5&KmhCGg4}`oITi=nJRGHT!QLda9B$#Wl$5u&Jy0fzPdLswp?SWj%$CAwDw{_XsA_*HUFGh zNzY?;thH6QifZs509vxud6@l1j?Ic@m3-1>B+793dx9FAorIx#?zdzsP8R)cxplAE zzZJp~iC6Y?3eEfeukr(!S)j?v^uS_ivtj_}-d`H{Y`DTy2hoGUW2Gg<>4!cAnWcxm zT3MZ=Ais|@{p=6I%WT-t&oiR|5dnoFhSGVV0sw2uP3s7n<{wgad|qrh_N7_4z8Uj4 zc_W(em$9JSz*5YH+#(nM3wB;DcnKkRiTLJoCVagDN0OZ-s`JjnDlw`zaWhU_wJ@FCRO1-9-abCGxrUW0`|}qr{0A+>w|< z&ZT=e2J(vWJsCqCrdo|WNIB~BchkPMzwW-^+!F$n-e6u!=Nk`4!~%obrS(os1F*nF z-st;mx0K2gIC>lJbx%UF*Qam(?1PxOlI6f*p#C^E9KzK&T`lP zKe`tlc(PyIISpHP_ZPRgF<@@M$YQ%~Wt8ViXG|RVTW9dNyZpTk%f}UGS>ls+wIb%= z8}W3s{B|Y*kxpi(UrJL$jYT8v;pryX39MAn10}fI3h8qw?0p$pi2UoIUpdi<@-XJb z*wddb^CyS+vlP0r>J+aqbY?LycEcWn(s{Ls*4gK0fbi9d#+9qN8~jD1+nV<4pGY^Q zyid4DS8oXH#3eKZDZ2$ZT&)I5isUehI^SPNQgnysZhPa11B?TGhs$mhMa#zKo(6S_xEA2#Oj>ib z%37V6Cc{k2dI{KPi#~zYHAjx()orwM(_s*?&)2UOEFetXs@C-?A#Z9(21u$MJC|%w zv28-?+6;&ge@V59kS`v38Cje&(HDoWTXi=SD}anF$doUZP#|z9C9mcP@B8`^RZMF(58Th2)0Gf=r>*l9tm1+mZcuxlNIoa^z03F^*2GL^V>$!szN z*$%|Mq-3laro$~W=9=0^;O+3_Pn#PdR-VvdHLQA2=NT8AbN{V4WN4H@En;-Jq+p|$ z4nIdVVsw`L$h4$r@d7E@C-Y2CBRN+boE6PefePs}Mf7#A1A*&C!ifh!axlF zqx6K_2p|R?_4pepKJTV_tt|)ggo+f-(uL-Jcp;pfB`)&Y9>i7-0)7M{D2?#>OZTTq z3yWYRdFuQ&A8T3Z7W}G#_A<$uEsALAjodGmyQ51EhZ^?#baVtWV-ek|Drq!;ur9;; z?*>wRvR`S$zt{$opN$xQB?nPxM0$RQ@IoO5?)IPT*lmZG zA403{yYSbh^M)=i^0mQ-8yu>^N6%-P&@P++MdI}4sMGS5PD~E{#lruk(b?0^Ta*8y zr7OG*?EbActv^tVL@V4oezu@vY|1P-DIH7)|C{r%{^+QQsRjr*JR#2&tIb-MU!>!;kPC-v_chwi zUVt1bS~hR9nt1uQf+55gn?5`VYU_QEMlv&FA~{L0hhvsqY5Z;v*QyC@ui=l4ipbq= zEr=xFqavNkoN}L&eU8w%Ik=r8R=iKth}cRg1^G?gM+PSu8hEainSKVo77}2N=^;XX zogz8>8HQ|kDj?m>aF`)?T`6&51eBTbxjh0F9lG~K&YdfIlkJ$nP4jNk3T7MErlkZ) zM=S#T&;_w%1Wva=ZQNbSpRl>v*sE?0W25^J--l~~iM?hVOROYH(l45_gK;Oc-J)*{q*kTa(fAUg1NZ* z8qko3?72O4**X+(DyY*?m~^5g38 z8^%nnpV?rfEh!4je#oxi8H+KN;|M7>V|Q%*mG>|2UmMe+cg&(RwyRfOr|or&H*pKS zcSeEG68fpW=ABjJg`)B9;O(*YSo^E`^ZfMS@c6H1#~)74Pu{=#>(8f02N%ajRepVL z`Rn<`!Nt$#2>tc&p9g0b`ELiOr|84+nd;9uA%C^(5B=4~S^Voxd#BxMziPFgq0a8! z?)Q7opLs7|?LK?e-g)%`eb;Wc+vw+u!@t_dHGg$zk6DVpb~@fGbxtypVQGXj)nYk2 zJ~;X}LdZ@-{c?VBaCV{oKKSvtQA6(#LY-|5{+W?b5OP8uzkDI=-ds4W#;5}!mg+Pr znQr}iz=<4H?qeF>m>o5aIcIzi{e1f4*}>5<`r+W@&GFHmy?cnU^oOWfIjyFqNS8_r zKR2i8oX9=*ADY|NwTCG0a31!+V7RBwO^*fviT1J!M3y_NkR?*-okp>Bp3pwEPW?}} z&{G>D?5Q@9J??@xgn2QP*1rk!t1RJi5Gj){=xv?--$|E=5|9d;( zv(NW#_4$6bv)6v*wRhUPub#hp^=!uZ{@&|&JN9&&CHsW{`Msp+LuhL#zoFnWL*ASw z`KWKzJKbt$d;KuTQs;X^maG~Ur4MV>(NFDcC7uaJL>ok9-Cb3++A#|@;QXcQ+XI&e zHa2fca?Mlk7n>^^50nmrNyCBPWtq-^+!LE;k zN`VI8gs`s2(Z*ILh>SbNuMKGZ`cdl7xnV*9X=hF>pcC+9Fm~6UsFK4NM?Ze}$9BFFaX}*Nae^-i*JhH;MdPWt1ZRCTrsN8I#*L(>SXR@ZLepsfPJBsw z%wg!L1tuO39b+C+!gHo`W3dispu^oc=_SlE`i$#4coSi2hy@Zf@`*MeDP#ljdITI4 zIEsEvcM_rLS0Gw;?!4T2)hU~?t%I?1q&N{Q;l4uVl3hL)+v83btiDM^vO|Mo`V<^< zIf38=Tjmx8!h=Os`=Eo2U6gNOddVoZvB8L_#^M*=bMIwIC)vt*l!qZ)P!tuO)G`3C z%*-43G?%mq`s7AUf>x&)&$Ayp?Jd;N?-4pX3iE8QJKl2-oyg4ir)Ce4)GHnqxX+J3 zb_c4_OZv{AEx*wMZ4mw#5GM4;-_!MYUa6z$_1N4@BQI*T#95I}2Sk5@1BD3ghxX>C zm&W6RixFupw`srAVh1P|rXY;pQ z#AcMWI&|WTxsJA(vxQUn4b!HWd>EO0hY*89_cl_}qH%9ljMb@iE?FGsVa<25xmn&! z>qGG0)V9vXfX&SYLLWQ7p&t$|4&Lmc?6SawlY@(6%j!bI9d%SS)AH!};^0Izy|7PO zGRHo}Y_ljq;6z*z$WL({Eg%^CR&l(Xk*?G6c8xX9@&+FSZ^uGvF1)f=HtD4`3j^0e zMy$5t5F8w3q5ACmYH7ko<{nsU_a^hQW-9H~?s5A1V>>n1c|$o0*R)mPJI9M%WkPI?O|1;PZKg!fS3vl+Q7kx3-a zGzY$LJxGlNlKDW_`Bgg+5-i@qgzPqUJ8kc!*KY9_uk7mp`$@ql4A;p;84B5e`nsEl z1;qPZJ9T0)G(A*AXw`tHF50;;NhP=Ru3ZbbVifiP=a%|8eZZMU;K@Iv>N;de2Wayk z@4k7&Uc3|+c>vWx!@-!EyEJQ;pra89D3&CgD6#nM>HD*bgLfBuC=Esj2d3l(koN1C zwj)QwQf<>1OU_P|Rxf?rhTh8|;aAk2G(d#`F)A6bZ|zH~$UxOCO_i5Eghd#|a-!59 z@I@ffL+8dNva-d&n>X)&`E>mD^y1&y{oq8~z;J4%&#+Hx&VYkfTJ426x^$iL?0Y*m zm@zzx&~IzUBxJFIB6o+d>zs~Ma)K46`Pkpq%`fveQOJ8vLLib`jvFd?N`=JrW;GXv z@L)>eB$zq8#)*0Ir1ffHUV9{BR08g~F-kUIB z-W0!pEhB?>1yEcmS+- z&yUYOoE#p1dUx>lxT`gUG}8Tg_x+orjE-&C1MHabGLcx{zmzngoUejp#uHLoZR|Ma z-|yaE9G`pgv)n2JYNIGyKg!;u=Gr88r$6?sCGx~v+^lOCTUg(XltZQQfy>5RPGV~~ zni9gjE@pd6$$9pbnH?==0a~}pinAUt(QIOY>%y3cU zXQ4S>?U69=1r_r)`4M0|2we?2sH7w7^{5rkRDOg77W6-gB$|Cv5T_wnjK_`IqD;4S zBrFq<-p)4Fav^pj(N~=L1&6!I+SUDg_3D=8VGt|e(W4W`Dr7!(??tyv?96QGvaN7M zn;e62KM7a+Ha_9`J;R)0uFID7916f4c6;rj9SDHqZuoj^1lnH-kV zo3WIsp?`l31)RkhB)K*IA8tK!66dd(2*T0N=f`K|8t}3OaTb!Sf(;g7mjCJNlZ$r; zZ%^PUWs1R1bKMNMT4lK4=5$O$G9VDXt{O(QeAB?GX~nLL2<5a@nD&?ddd0EF`1WPb zLHcT3`#;}yjCQ--e(~%X{I}h17ysMt?7sL*=UMyNvz?vJv*){iX?I>c+ui*OYAgac($`T|MyYW&>Nz~J)6Bk8!p@z zf>@%%6D8g1A?E9IsgYqbjBIZ&EHTlMKu{ z|1Y1F$#vb>c6taRG^i^0~Zd^t%oqUm!Hv8wm$Nn!k%o z(MP^r_O7=!NipkF`FHgJHEv${R8x#+nWi)iu*u0VCpH^efPyS#rM}weF_y+?u_=oeI2AWM4%Bho zYhg%aU>|#KIAPwrZ@mNGwz&Ggc0tz`;q5F+$gRhiasE5)=P!%)|IYK3{qJ51&RhO{ zEXjcJ$sRh1`W&Z0Xd3xAKMfqm=|4N(GjF${uPaS-$^-O<_BiGfH*`>+asA3f2lR)y zYufeA2B$TL8QB2p2suuA#)(qD1+w9VbZ8~7F=QjMH_Z)sW;nYB^%dl{3pd0`z^)=C z0*LL94VXx2&It2MFOCL{OELkMtG!0cOsvr|E=i46>Xg)Ip?(s9A4;QT=h_%yYTcYw zb27p-+^h3_MkaZXaZGIJf0-f8Q;DaekM-HM*|K zl1nZ9U*Z+eO#9F7^V0oqdnNzfOIce(1v1-y}!3TvemKNz)mMd!U@JsFaw_HnXf64;AdNRHNHJEY!pTBH(iu&Kq&g%T%OZoC; zdlQZ6Xb&RxDy2^G|NW6#7Jo?g(B}5nuZ@PP);J@OiUK3S`r6yu#^%-0&2@h0#+NVl zjV5YpWbzygg1jl7>Y<6&1L{lEyd;w*YX0#4eG@e`+i9ZpkP3;KuMf_e>i_>wb7KRw zzJ6^0IA6ZBY&`WDBd8`Z1lZ#wI0D7=+#ix4328Jq(b)p@&&Qy?Dp3crKk7y#^2wgb zT?Vgtk3YwpnCz=*PO}!eB$GY#k=Q?ueY8W7}} zn60^<)HrI0;;*V1i30nx^}p#f?1xr)10k$^%?8f3f2xDK-9J5oYGV1&{M+aHxnB@I zN>gt>f<2tFYq!|2bg$IuZlb0>9e1*GdeiirXdjV3kf#QJoT|WPQz)P1L{qxxGx);9Az0gEY=3aZJTRW8} zX~$@9KTFHgL|*pc<^(cZ3w6ZoF@O+a_UvV60}kFB^-b)-lCKw62pS5{sR(ewI&7e8 z6j7b3uG7vR9)o5PlW1MLE@ji+C{{%=r;+TVW;w)L+Gr2`O*GxLD-GvRTa@KJ$`KQF z$PMt`nTe$NE)DB=js8fOBv~ht#Vlll$xn&~<>4AKk>v@VpSUj%Rdb|%d8nGv_eD^3 zabD1>M#<$N{!vzSwOW|>~xI4PA!B$D2ITjey!y2@>uAfqwihinvMPEhmj9k27O z)ozwKYCQ^g8)=8Y6;U&d_awH*ogR_6)6B1Gp}vWC)m+*_xiK2&Td90h$NO6e{pLJXyodb-=*`PpFP$DRkweB!1e=AHa9Z=_E#=|a(Yy=j^I(DX zyFKdRm}Y3d(9+ekoPX5>l01P!1!05*2~6&nEF$=>xBH#fIDi~K5cQ7umo>Gouy)CC z5>+LUq*>g>U2oTG>qp>usYiA5!A3sRF|v%ugU*r|1fVVA5H-Ji{n|uXHYCr+ZBk%C z5b1Pm@DJr=Kt8{Pz?)9EM5T51>tR4&zoH)TaUzKB8N$YxV5yfxd$HKMG(vyh^>$6v zOrf(QH6f5-U#Znf~F21E=mb}qsufdoX#aX` z^2~COnmaIXtyf(llhhdMd5y-;0uRWZwg8V!j7}CoUV?TT?d_LrWLYI)F4#OZa7aAp zGPNDTx1Ydd7-Ko~BujI1w%bkA)VY?@Ki=UHX`&|N6@VtXYOCFDX6(BJVdt(O>?{Cb zCxx&CiaEC?R)d#ChATnhPAj#mR_sW52{!UK07~9CvwlNq;1_riBD6KWI2vjp!)98@ zw)D^&1pwvN4ac3=QW~(hOl~Bm?JEIZYYLr*OwM646sAyj@<)4V3O_(;<{`3T3G;6xIkD9+m zHq_2JIzBslf3^oP(%?MWmp-{fW^NAQQXU?g7p_@9=)RFxb3ZnJjZm??OLGd4F^Le? zQM8Dgh;~ay`E)Y2jqpSvKtxDjb32lW{q>T>5WgwSnk8)pc0a^)B$fj94+)3oKW_Ta zVstnsDDv$xL2s{RlW%GCYe8z~R=O{yzKzy+gDL*4(8yd(<*Jnt@*48b-0l6us@!dv zNB)C1J9j7l?L6-k?|<66&sOr^y_5yyKgaN*V+HHST*%xEm&6Z)Ht?S&T1Q&ifPbDb zCY!0r*2+I}NOWz~)VDWQq^RS@`4Lh%jgtWtl24S(q&T3Lj_KJ?Ze{xttg^cOm^F}i zP^hJTanxnkZe4wmW$vbQ4;CVOwO^jXeoc$oTPNpl+AnnGT9o>z`8TosH?ap^2Dxg* zb%ANu+oqr=+s%}Q^H}u^avi~oK6C;IkS@fkh&=Mt5=Cm z`F}NXL+eT9nwc;0Jpn@dI-0I^wQ;)Hfc+>g%U%J}+`uqO%e=61y)<*4HpSbKM=s{f z#sAHf+D!$3nf(7{$^P^F`6~Xyy_7}#KTHM^9T!+3J_HHS3LF)s^cFY_T?dha(~~qw zfNT0GlW>D>W|Y)UVWM#xONjYu{$;+MGA^@k=3hno#HnMAaQaLQ5gu?C#FQTHB#kw( zz)jz7Yc)>Vdix}j9y+z@;LtkbC`v{>!qed8rWs_OvQaK1$B_ta`mQXd{sfOgCwOye z?!d+#f*6N5`H>_8QZjWMsfBax92X{ufck7NIMSf`WQ@baB$TV=WW~)%G?Fzv0Txd0tIXKSqS~pxjFdbfO?#E7 z4!07PE+#S2=~;F5EVz;)!5pXEUSFM>UYeT!&cefTGY5OtEADS!Eqs4ly1<3#c++oc z_2N8&i?Vt6zwv~=EB(LI=@jF?w0C!(ulWCclm+yEhnEY9qX6?j`__xvQ))2BR@Wz@ zI=w#7rQ)#!r*`;%Lk?`HX`RlYz6pFcZR(T$Yg*`f##h%L;Rp{%(CSU{EzXThP)R2B zn*kdrk447y(t})}!aPTCpBLzCIAcFwW7gW{-Y494c^6%(2T0IXWuY<;{nu!6WAZ;! z|7$-h#sA$|#s9sZvH<-*{v4+X(~W|ZCS;IfD$KR+t}Oo~GB*Nqzd$%hy3oLw^-n)8wm(nxjej=QIOvp{o`;&i$~R`kuXywa2-( zkt%3xUOC4EtS^d8#8M|h8XC|siL6+W2*@IhjH?=OKF1l|4H(QK;-Lc_bQm5~Nz;gF zgP!$`TmL;V=~kS@-+(4P>|b7C9%Kf18d5p&0D|vm)MvK~jJRg!uSbSeEp3SF#h0z5 zjw1&1he*-1kFJPLFDS^Ea2yubRA8N}FnyzV*Y@l@j+Quo$xv97O!8LiR7j~FfgzyP0CC>R@kQ z$9l>g+=_FPkLpo6Ir$bFIq!vXk7~rXIF7BOkmDMmVA)4B3drYat)8Sn*ZWA!JZ`p& z*{3aa;$|FiA~_{vo#2)B5e_-Q!Ng<-4dyzPnai}csyf%ZIfwU_rmuxlh?>S@Irxx| z0aEm#?^O8J?=&}1GbGVK4x6achCO6z58*-wH347EFuA{{ULc#pU&2__%AxF2y^~MV z_nqhp!ma1iPzwaPWdm>8St#^eaTs(2J9nW_3w-MTt~>ijzPBP-vYx)tKvSX$vb2SW zH`r5RnD`@1SGeh+UzENdQ~%Nge^0YP*lfZ2dn~=e1B06Z z;y4P}C|x++jowbwLa!MM36Anz{W2svX#+zz2#}bJdQ98r=jb{`hblp*upip~0i+rH z=LM!g7QO`c4N*<|)M?Tq%*{#;I_ znTYw~1z2JytYLot_h(lw343bP>NTt!pr)?lGJB1BFP@RecVkk0apI>qo{)BJi~wg+ z*11j$84~Zim|N#W_{7E(J9Umk@r_pXE?bsmb|rnD1ja^@A`T zV$|8#(Eogwj0mSb>TIC(B#z6quFZ?BPr1NdE^b48;Zs_oe02@TfP6mFR{{rN_=ZZ* zgPXtp`irv~sQJH|=vuJ{Avt4&vSiJZHsd%%=;LuFjS`Mm=6FW7=4`1z1+u&ms>?^j(KlWYUV~|&5yW0z0p(? zDNxXIE9>4${s1#@uF6KitYkT>TSq%R|JwYu={`epx&5rRTD+)+tadgl694eZJoI12 zq0upJ#sOx~|MrXa%ToTwomKv~dnpUi|0p0_AZ(0+@a`vdbFuj1O_8xPMB>m_#t`7= zYF40)1x1Owjti8BC{XZ{{eGMoE;7m|ipkFS>XKZcRw`JvG^#9z<54TTDH}BjZMFv0%%k+rp5u0 z=G;$Lwr$WO^DDGz*&pYm3pE2fv7NZR^RI>(#=Bt0(f9-AHY_{&95XJ_moHfdU%&1@ zS-(tr#Frr~jx`6g(g^)?$K^LqwTuRhS`7UzSfq&Ke)9`hYCTm$zqk7O^=lJdqaGII z#WU1u1;l3o*{Cp}yiRBsAQFwy7<28YsV|wa_5_`|e}%Qsn`bvj}k)f2-Yo_hA02AIJ7UYLgQ?LYa6>n(e=URPrsX=9>? zHtOE4XLiNfUTSV>Nv9~so9u|9cKr=8O&Fp46Qt8&->8Di=bJUEr8#58su@(>%p%53O=GQuBLtWJA&OYkGPUPHx%z9n!tMPfnRN1a2zU02Vq$K* zqR)q!z8XLK#>tp)L4Hy{?(HMgufP z=Fp*sA%CvQw=MI?|5untG#cDk1(<37ZI|r7FIV|L@24yv|No-V0O1}>qzU-SSr|fO zNIaM(_NN$R>R;f&l<;3?jLB(qzOpyhW{RT#t*4fWrgb`OA}65Nh6x>1jNWyvZ)ks@ zQGl8){_C&7cTcXx5br#HvDeg5g?>3Wdw25g$31kG%^n3r5?_)4tt*k-2^{wI>z?{W z)%p5$V+$E!BT8dm>VO{lB0HQQPSi9>6zEr2c+6-}UTqV1Jci)s5P_0JW6D{i-KN1g zvpxc4mR{Zlp-jNGBXJb8%qT52O3SI)aBLSV=J6*fbI^as*JS&XkA=Wd!0`giV3z&o zQW zCw=;Pu5K>L#M6xmJy}ma*T*l@iZcJ@!kGD3gCJIbIicwD57DRWe0A`j{6m0}L!BsE zr515UEX}6Y6R`p}o3jAR3|!@J)oz8gDJ?6oaFm3S#-(uhw%-cRMb{Ou@Z4%v`sRb= zGYu)`6Vy*4EhZV0HH0#!gQ2vxG{y@LdZyB@nI|F5ms?Mbz5!L333kqM=4Bwd2^I?; zxLKe2=oFvOSaWv4(O_Dab9c0?jW;JZo62H)Z;4m+rq90_wx2n6!Lpu$p0^&m;C>B+pGM)_fu{n|G!l@aP)fV(!a&62P6C2iPlQ~@cQj`QokMJ zZe;$7C0$73x9v@LIFZ8}3;l(@szrXx{UMbEa{bK%kW;!aq@F8Y?S?%m#u`_l`b#xQq|C+ zJGDD~9Us~yE=>p3n^P8{=FHS%Uq$^nkT7d?2g_6i)ASYlucFA$!{C;t%P*1F&ja@j zlzH22MSnL@W$!ffv!~*+%LlwTRms=|Ew%Z4;zPsdfku#Q)+3rwzzr*8}o5F3* znahzDIaoFAmTZ_&=XZgf&7|l@xvLrYGj`Oal2tqA{{Fz9xGrq}VbOps)&A3I@0Ra> z+pG7V_fu|U|4}$_^m_elWBDc^gI*8E1eDFS-U_6FzNH-~8|aQqLFJ`g%oJqWFU1s; z@2kcXG~Ixc@1n+lGt-<@m{h$v>7ki|j92G_FuptrW?3t=r*IK{meGQ z+0^dNlnb!jy)~}Dt{#*%P7pbVF)pJzv&?X&<{U_`>$e1vtu$8X5^Zk=kd@VKURh#! zRyUBWdP`9l=Yabr)&SG(k)Ni4AMH?_Le^m1FPo9Xs}Tixci&D06VcWIkhsuEK> zgIVSo=Q!QKJaea}&}sU{BQcsyo5F2~-`$%+zqPUD0hUGWe_8$cO@K4(f1T$qUli?s zFLqb)f9|E+#Qt}xap3%azgfEd&q1#TV*<=zsy6{d)z=_G}6Q@^JZRPQhE` zp0T(jGUkJ}Ry8WujA~K4#D%IyyaP(&3ad9GC3$i85o2-Xe3nPu+=X6{(iMB1(bbaa zojY25bCOr7ygp)dsh!gdl&L|9xNyu}e3(}6K^mkNwf}Mw&_x5m&3OO&V&~az!T!7R zeD(hKeoEse2H-P=1nU=Xm+$|n(d)sOegT|%t1o=MoxxX+a5uKz(qhhMmDSDWGsxDu zXXZM&BopDqP`A(#M4ZE%{)Yq~2p2U5yj*8a6K|~BG<6WvdK0!(@+Y65^+JNQ!aSN) z4jmgaTa_D-KPsnY4Tp8s_FLtlET*rnc10_@aRyYlrpbktDm5_9UL?2b+{=@L@@GK~ z5}i_XvHdhCJR8PDkkf_0oNdd84O^x`Kgm|%HZF^~6|J|Srt?$q+o6r*mp9ru{%!?~ zn&P78)~vT~=gDmCzzh53xuZXR)AcMvlqRCn_;EGiU(Ebe-N!9;Gu`QfG&*UnrUS)W zRZP!*?v)0cjA4#Sz(Bo5KS5#=3%@S#S zCegZ)3(!CIQRmsl+&fVzTHFHvEBkZbFE|w}QO~oe^#$ar4bAVGHS(1jz{LE&A@3+c zJ6*)kx$CNicTa4Z5A-1`$$#RqsQ&M=zIm+xv*Q20*lid6zh3S>U+Mq%QEsCC8+};S z0ZqS0%F4bL-l0C6`a>4=+il1zT$BgXbRY0jvrgGheI1Pa)M~el3|%u?XSt(w($VIT z2kXQ@o$#b`ZK|eFPJU9@1{6DzfSqNvmE&S)652>+#T0-#8knwVaH77%w%C<+Q0q zbNQEW*h@FMR%tTXv8E)^pDuuo91JVVRT&U@m~c*_%&OQdB}2tgkW!9ZKE2XN3#CPL z+84pd6dZJs>C(QgqEUPA*XY;CIxGH7{2EoLK{e?dy^R__u)KLdcMnP3N@Oif(1L>i zJ#Dp=Sfq5Z{U@rrp#lmD90i_I(K6J?cHjBUE?{XT9){9WEB|{#5{~E~Vw~J|j2ZHO z`}t1c{YU4;?(S6yfi9z=fjZIHn#f?p`hc6qOo*c!E&HuZxhCX0USt8KM(XnWFF=xLM zUp71%5WKDHarS$|8w;NWWcv}BENajH+3~^A+hcDO+%3t0G`yibuB4Vjg$<3y0s8n)5{~je|F&*3izz1Ii6LYd+mNGhFpdv6OJYS*G>)N=4XBTLL|zd^a10>2o!4lrt)YuI|KsSa(dc%&O0sSQBqmWn zBA*f?y(`|jXZiy^Z|tmlsO^3BK3k_8lZDiNypw#x#U)M)5Nz z*`NsczxXUBpcn?U-zOln3*u*xuAzf|pGH(t1?RN_N^x--kVq{6;m9r5=!giPQ_vF8 z+~pb_e~xvw#giyb(=x#>-(~rT{o^#*PM8qu9O$CfOvxSWfxr|ov0aMq<%o^ zlUdV=R)1;LYF(qQ>wNvg`}a*_X35elzdkr?s{j8#&5bUa2FVcfAP0&1;l3e>Szwl= zv?ehNEFjzJ??}=rz*0zjHi}t9BALRI8Hl=hJgI|3FG*=l?hX<-OouqeJsQq=oJt#U zqti8isXB+VkJ@dI(4wVk0C%H(XN^5Y-wiA8=BH}*UC~8}xgzln4Yn7~>zYgYAyt&o zzDc6}G}*1wKcWIG4}!=IPhp7H)yxdp6yUW`W?a$BM2~I(N*u?W#hii_H?39Rs@|eI zz5tX$VoCZ*C`ca6d7*UM-yM`Rg2yoVg)Hv)6ew-`#TIf=D0vV2B@h>Y^6d4&A>u@^ zg!^O>U>AbY=Rp;ab3=J}c65V`D7+%@i|!KC8m)DC=%kOj*$s_G@vdci`sRb0(d3Y`D}*Bi z0D@)&zYC?O!7>|cJXA4(I0-}T8!oz)6F6f2CE*$e(HR*~ zA^8LuxBho{L_}c%DazN*p|e&0ZD%8!VLsMEH`7B-w2(9PL@bFR-QV$8TA6yzmULPk z4G+so4*89g+{6AQiNLt5rzfc_mYxJb_?Y^{ z`id~tOn*CN;1klrylGCb>gA&yEg&%`CbUn)B=rmCKCR+;lx_DyHrU>2cfQ|lzufM; z+Qu<$Iju#DMy*b(^J3ef1(QhP&#AS{SBF<0sW-Ss!u#Yg_s9+0oeyE2))zX+N!qRo zZ7U$%pn6u*rF=6K+&Svyy$yw}6V;)@w0*l3A9cDeB_{{gL2Mt#_bQNdTj) zGtM^{fNd~R*M&*NVUn42=GwDbWHFq6`Z2#H=X``5bHOs5bls9QK0?mAU~v&&`%L8z zb;^m0$J#hpP2U^KflE;!DF0viF(=7kC)7(JK zkVFGHY@$vZHHG9X8f3u-6#X~DYLwi|lX1^_F-2 zonmgRwu6w`|+>%7E2P|Z{I4R>W z4W1GOgll|Me~I)Z47^!Tgb~w7Wd2mHK{}~HMeX^W=LqR@j`SG`5<`}R0n#Ao$J%z7 ztyID2bMi+*A{kC>V?U>Wbf0t;2UVJh!P=iCoo#Tq+nc4OA^IHGKX-_7OY7Rjy^04F zn!~?NXc!<8jVWi*NWYWd6dbicSl4$kSc?yf$Z{#lRz0m+gyEN`QFxl6&e18Skwi4o z zY3&Wmw;uli6_>EgczNmi{><@~_%4wyCzs6?1Hg-J^WwN`xY?F@MXPlD^kraPw?B!H zj|JG>CYf8smgAMJy&wkJRoReTS+?o0QV*RgW#)q$LEyLbHT$Y|tfP?4*uVU9_HNbw z*(&uhAkc|K-0&8R#1Jb1Ry%b-qBQXJNZ(5@vVY47qR^dhsUBpRwSR?|^upY1z-tH> zo$6eBV25m~xO^PXn{R7bIx}##vQsxD+*LO_JLXZkNDq)UpMkE_BidU?_XCUVAH*g6yGY`HT)h4Jw)*ew_OZNwI-cUU-8v_l+x?uqIrh)TLf|Oi zIJbw3?%$#9Wl0pYyniX2-*^vGIPPm7XYoIiN%WTdPv@}x@0<+&$6Yc(lXv_ZGeHf- z{W3vN>wm#KqS0WsPCtkKek&DwrcyeG0(d(o90#kf%&K^tg&~aw7kHo~0JB&K_gEs$ zOI%X}Njv}|pE{*>7k5%^tgWH*nD`Wjh{6gAe@I4HIPTD@tL()yH(pbF4TR(*CVQ$w z8Vwo<1=)7(SywAt-HB+VoolH;A@i{$K?5Q38IR(S?4bZ!d6YF8&g1PFL!G5H0g*HJ zU$kY3`fYEQ?cEvfBZ1Ng%b{V+~-dIC=>INe7IDZW}SB%*KGLeX9u9FSltLr1@g3@yrL9Jt> zA@nWxVTgs8g@Qj0nb1MKG5{s|z`|ri>~%SUp0?0Q-=bKv)!ahvFz+CqL9=Ndi3e0D zI0XtOYC(M+fk05E=vNNnW~POmW#8?hz^?Pa}$@Q|0401iCK`5r7vqc@f>1(;|(CfN}oP{kc zz#4)T0HD|4a>5xl#o4?QQHHhGe4z6$nhjO4=OQw3~ z`YJePLQr_{IMKs`q%b6ui{ff1l5KZ)4P{|}&04|ltyZf##)(;#n+G^S#@$;pA{@u_ zH`QDCKE{6}Bn_03?Z%fc&K10o@2^qs#WNE5Y1YuMUmLke2XUCq*z-IS%8o?iy)=KW z4LWmraDM*F`?I4)CQFX(UEyBC6*2WvLdJuB{>zl*ave3(V1#u}g0;y%o|x!_Zn-3r zsUu!G(GTYx(B4_5*)zU=h4pK!xuG#(SqmpBfB0veCX}<=ngjOk{l)RQCqHXC<+Dhz zklZE+al3uLVTjwE8w4VrGZOL4%oMi{Nep{)(pMCz&$zERCll!vfyqq_uRRsbf>)h{ zXi|nl!llS0Kjzjr81+&oSc?Io<3(S-(tr#Frs7wsB#>WkJN)C+VAq3>#33q2C3I6nOj1 zFP@@#o`Z*9n~K0;L0&vVtyVyM7Lbib)k1V`v=AM4Av()hh|V1>M5lToY_P1K?L%eb z%g0d1YkTcRJg4QyIW|dz0=+@Z~u2}*h6%M1p(GDRX7k6G&9p9OB}6D$+1x(Wgv)JacuSIbk-i#nA?00ys+ zbSN_eM5Q2MU#VD_2S&O#Se{OCz8ZC5c zU75|#LNAAn?xp7oZ;tZfNf)gf0s_m>o1h+(L)~ZxrnhU?-swo~tPbx6)6e(0Q|?no z+(Il0CmSC6_)o&g^w4-VB%VS698)tX?TfSlI& zB~Uezs_%1MBY%n7+&Em%_5+e@m{7djJ%>x^!2?zP%g(#q)hyVy5q~3yy%11ai24W^ zRwh^_378~qfsuggRks~<6`d6Ze%MNn*QTqUk0J;VvX-6l=9%v&-JAX~6&+1q*3X4Q z90BilDeHA*k>V5^@HV=z$OcKFv^{kD={5k8`#fP~Hd;SZ9oI0{EaY(Ho@?9GgfkR2 z-imwwW$5oogbre!rrtx>Io@YvvoM9alMqdd{{2ch+rCvfKSR2 zearV!yqrS{#Z(hm-VnNRCQ) yx!m0Eo=ko*=aa@_0fus5e`cyo3VK=pCz;t}9OD>&aC`><0RR7=nARBpumu3)gUBNQ diff --git a/scaleout/stackn/charts/postgresql-11.6.14.tgz b/scaleout/stackn/charts/postgresql-11.6.14.tgz new file mode 100644 index 0000000000000000000000000000000000000000..4fe5253dd12c74d7e34e3d30a50e2cf79fe1a8d7 GIT binary patch literal 56788 zcmV)6K*+xziwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ(b{jXcD4O4T3S2sKEX{F~lq|~`uAO}kL&=U-^uaC4$=PRS zmJD`-B%)@c1E3`{j^E%u(tW4<3U}eF8|W`KKP20Uxb~jN-Hob3p-?CkstPe-d`c1f zE$j?tkn;8d&ckoE`|EbQ-J`=p`QL80oB!|rtCxr0>>nN+bzi@J`Evj0o9_P0!~O0z zpu1%{N`DFCkbcwM7+1b?U&#+f5#f+y60zP606yesO6Z~ojv?gS`CQGg;JBi7sTKm_Ng2YfQ0lV}G3iekbrmr!S%$E?@s_(IlL zdyIJm=eX^Yc}M@f1HfGhzx|>8VJAS$r#R;F(NM|j=)cauuKt_t0n7l50Etlq7)hv) z02%*^eC|;c%Fe+M1iC}uHX`?et_h)lq7cI|4l!Q<7zOepfFq8k6!S$J^arQMo=@g+ zh+)KE0L%eP;+Rm*M0M^=!F94@_Iz^O8u#6Lm0uWQ;qadM( zwRdJjFv;*^iuo)V+kDV0>TrrsXAT)hG<}s#+8yi*t{5;jKOtj?vkv3XzhzdF4xUe~ ze|qu*@8F>O;o#+AJC3G1w`g%sXduVZLY4hv$4j}n;{o-KqBz99WcH2+{4fy|@5~{N zIK&a6mSp^pj&wr920YmD0GdM__JEH9iv9l;ASU3>A>}w~Pv{QNkewGh>Y3F8B^#2G z8l?KaUO@a?L_LQCrrG`deLH*6CUn}_$;5WQebnAR-1*#dyUDMh|3l*6ZW+fC{oj3A z)c-GEzkJgFkMVmz-MxP#)&@L9jQ0SW!Gl*vJrwv|^bdr(uU@|l_Q&Y;>+a!q<6!do z=+!?CU!wqhH%5oAj>g{|q49TU|L7?AF4%v00QV<{KK$;xS36S_AqqJPdZ2aCJvi{X zM_%{vy4&r&{73KLb^E*Ty04C2z5d6m|I_*^=HKW3S@Zu6h6!R1U;x(6|NYn9qn8Ky z`G554@M-=(#_!oP@V^-H#j*|FhGYyw5JL**h$G5&o;?G@5J84sfQWDe_zZHuXPAL| z9EO10Axd!|o+GQ-3xFd(OadHDfvsO&0G~t?JWYfx#0f~4YB^PSrTpzYd$yzgEzD6t zorJ5uY2!JZqAN7TjMIf7_*gE~K)wT1zm%=c9?|W2>BFomV<0y0w!Ne zCCLDkMkk~cDr5k)r)~9D9-i(C03Mhx3^6~Ug?fDf=g1+~ZVCSR?=p&oMG2>95JHwx zJF=e%>vkxVG21zN$fIzG;dMeZY+4XsYB+Ate)F9vjiu(^g7XwiWX!3Q)u`3|Wy9 z7xMePb~Az$!k^HBwWa77zW;<4DRsAK0dTYpB5Sa{-)n=*C|n4b0l1%`2)u8^#P?!f z$`D_@!$OuGt-m>BpP{?f-tp0TU5;~WotOU+-zim^DOZC`>s;|Os>pg27r!zS+Ir-Y zV7{@^2>=pDnv9~WHyxAbG4;y(Viq>C>J)4=5Z($ytKHCKSeG)6iM4m;@A^p*vN8p z7=R_Th*yp25NPtSa;UWL=a>j$ZH5ih3!vTzNY1A{)3O~BABGl0^np`&jN*_iKwsEf zYGvXSYCj(n{Rq?t_n6Nd_Us~IS&BWQG}+RwNS0ZkrKx3gL-OGaj#0=!KL|jm{^SI} zFq9Y+Mic;wv};Lr%4*mHA3qgf_A{TW1Z??Wn?koh7!)TF9ES)57)~R?IQGGu1PEwZ zVH|QaNkWFWfRcT6P6Fhb+U~nHl5m46_`8DKn36Hln}V_UhN(6%3Y3XN=5z74`9KR> zfTGkM)o6NP0z-!C2r|G1`oElH!YhdJiE%lWbzY;>K$NEN01FX{>ySb^WuPzqXDxK1 zxxs~_363ydxZ22G!m1RLcAVPZs!dO(iU38E%vCc>#%<-slx~_b4|0dYDeG7=Dj~Mh zEl&Ygy1^R%$V2g=PU7C)2FK1gHnfjRM$=Bw-+gT~9gLs3(1DW;3dX z29unpt;Ej{1P{!Kix;3VhLN|w@6kggwT29s?I0B^)azq3fk~+Ji*JrABS#Dy*E@fq?cA>1=Iuty?qf+^!3O^PaR z3z(%$2-MIsM)qgHDQ8U%@s8O;WZFmVKIC#~PC(x=L_wc1JdFTMHxE)Gs+=%waLH$g z-eZPd0E*^>BLICLv1}P1hoUpa(Sez4=dRZ_0X->xMN-%F61BnUG?K@rcv9|3P^O;P z9lkdJQlXLiv6zxO9H1bbI^}z?9KDU5N(O9h|CaCmYL27Tx?S7b+Fq{YUP={&y9dpI zv^I+G93GO1HptWWjwqG1>&b^V=~q>Fs%0vVY$d*0jq4?lJBja4k$*Mdln&XB@zg5o7)`$#luQFo3bm zwFx*o?hgg`w2j|Z-?Ya#3U1;i^yGSFz|iTH+|Grfu5} zz%7#YK+d`~DBLMJx{6M&!pg8y>hE&iR(ZV2)I#a{VOqVxA!6X1BoTKUlhO|{kuPz? zID&y-UBU#zU<6Qfhbf8XDB|D_QY>bTwb(e&EpyEfLH!x#$ma<~HnW}QyYCr?Q2;{{ zq4$7LN9Vnlt`YnD9>_iysIDySYOG-u`}6FXt7t7Ca`bGx0*i&#HFK;NZMKN~86^=( znAr7WE)8DmsoXPTE?p9B&<{g$j{?0F>w)(q68ceDIX5tl!-e(ldx|*{|CVm2_eyP& z$>e<{IZ-knWwSeD?O;z#IMd#o))Q z%Ztl*BX4kdetvqL&b0gx^gxSDCPKxQv!e&Pl?)U^p#PS7!*~X*=W=V-2JaY}B%!iT zf;$-b(jS(6rFRYK7A6O|2j+_#>zU(=)7!RTjdMEvNII64|IKdJbB|5ItHYNEYUdPS zo)P!#*;;#tXHbB_(bS&Z;!!&!(;o@r(!@F=Q{abKD2thX#>yHDNE9h&lX5%iHX)gM zSO!nh%m*nJ^N>uXjw*w7jG12zjwGC|0x+IReu<6xJfAa#P+(&ZAW8{U7&5kKNLJU(QG&D>3k!>8h%_E^ zZfV&-hvte;k57hICxia=$+7x8p&>Zcs#xg#JLLm{V3LTX=>>?@VSzAGp6eF)xmlg_ z$Qhz{h=S80fI&dTo|#aou*_CRkt4rq=Nrp|E}=by;*<+Uly4(8H zDx+-7Jd+zrNsTn5CWOw-^f|r|9|^;|(4}PJ0)_EfF!PKT+r{IH6?rcj1(C!40$dyg ztHZ@n&;V|_DOm%2d|xRws#oBO5N?=;rsm852}>!R(30J_AoPlU(O8;`N>Ic@@n0c7 zWewu{;_kSrZJry7tQ*KVU6B{6WuJ43#|cNZJl9wzI21;}I(Xj5rZw}`AqHfBaRTO$ z`!fKiVi(JE!tRVtIaGyO?~c_VswaBOBj-y%)Luxu|DTfS(DAJnK>IT^N5-uyx6ACk zfhY!RRK`cHwiZmyVaz~)Vv2moQSkr$zyD8xbv$H7jaG8b`UZ?p>SN|aZ|1@E*$AM> zr;AwkV@I^>m7VA*-IfNMQL{yl?ZrUpA^i_EW6VFK@LT_g?@b$bc%7$ec+4ZoR{aki z>P=(K(W6-jlyZJ|b*83lB>AgkL#RSELjPp{?sYoC2K#4Ebno9CMgRLYIGv=fqZjD` zFX1yp739pdo_B+23;${r3tz~VCrKBEz09+~xkLJ_`7z}17(3f?nFSMI3MM2Bq;0cP z_`V0q4iiPoQY<53G6h45LIQ&`Jf@Ih#DID%BtSd|VftcM9?*IW2|yf)S4>((JIi49 zKr5a~^GEh~#Gzbn)6T^t*kyatdLs!3A)aG%_%8MnvpJZfIiU-=ZvU_V#yC^fx!fJ5 zdw>A!N-q^*43EQw9?@*mpto9VPoV+tI{~`uu-RPB<@ZO2=kMzd7xaceab=P6xq}%? z5bGT7AJw(asI>poZC@U}IuzVwv$+ZlbvNJXdQ5?J{>o~Zqw-bTw8;!|ym$q#@pHq0#5^C?T7 zGdplC#txvIAHLP!%?zq!ArS6+Xc6OsJ|~ zW=IOW70a!3{Bx#|$?t$_iXtB|K%r_egK7ZPR^fSe7+geCA~Av>yC*rXIxO)&&LDSv z)n%M0!Yp`^4eB>IMAAeUWNqZ`HnPrY?GGy<{e%{!z;4l^6rlBeCCouT1KF=8(Os9U zsVf&D%S4fK+8K?`^nfuiUI2=IOOWC+pP@N`Hvd*|O#P#Mq?W8X;xiI3vudS1&U#bc zVH&2r6@Qp3cQ4wiLCdx2c*Hm4ca z?t>JPcr~1Gw~JD$tz7TX@=26iva-AdzQYD-^nM%Z{~~i zh;+VSa<{PmkAwF9(Rb}`yW2T91oPlks?kcwsbH~DTI%aLj7v3IDh$d4RW=Akc3)gx zpY*`{QnA!7@9KdroXzD=+){#Ty2fSHmMcIf`svb6fL-N|P>Dlw&JdcKX3nR3CGxeJ z(=`mqy=Q#49w*)ydBVg*fj6OK?#Y82PuhB(Sjc3^il)T^B&f<5Rnq;Xa&Y3bT3;Rv z_6CAcO6bz@FA$n_?KHwX7%$ZT+Xx_1;bAhsOd|ClohEa!TBX@l@_9bH$@E>lRiU1C z0HNxEik`ATW^w*>%1Ywlb8xc``~pK^LT531I`ASii<5EFSX6KdBL>xy6q2cpJ`Z>~ zDXO3X1IJhb6f#04rlb0$fncZ%oNo;TwN}w20+0h4xCF+8aMM`Z(aMrmP11h@FkjpV zoHy!Co6UOQkL<1Z@Bh^qz=*IIa5QbVoRk2K2z>n1hz;2U%1xz) zom5lkx|kOEz8v5C5@J)#jR#NLy!t;)=mopN)DWu{wrpXBB8EA>Lw01~UP<447=e32 zZvhNRG_CBMJWO7~=rRuEl2|IcFPB>*l(|WghHi;n;|JtR58n)xOLiIv&|vBs|7itY zJL0Yx-ePc;(YOd`tH-26JZFX+>vUj@OsIJjjMEolSyV0vok^iUXQCxfOimwx?YNg{of=}pd+Lf=QKFB#PUgFQ(?rdoxR-XPY{%m2~v`k zl~zWfi6JUoI5j)cJ+`$$)u^g@D;=i}H|09(@KYZ15MGO0|NBQ_C|=JHkbh(`0V?1FbQnEz1_mTIbWN%Q`YRFUIR- zD}}Y$OnWJM$MWv5VwZBn49*+zwJL;AKi?ib6&{dm525mJ(v&jG9M}F&^T}?a!Z_qv zh&qDTCXY%5*vqHoR1J%?&1w+J_l>bByUn1=6tGS$i?h~XuiFJO|Hc||-=LV;jqVzO6Poe8Pvw&CxB!mnA{>@7=l1N1WZ4bkrH;>2GCQV*7b-2v{y+?t?$uWIj<8@V2M*;Pw} z&G#PIS5IB$^}s9nG~fRoI8tU{t^+-=U)t?d+)D-4eY>8-<}j=#vToxh@Rthh>L444 z?dm`q3hwHF8;WiTU>SjLKV3<9Up>0)Y6V>?x%RvDPM=kp+?(sy{R$b~f3=d3DqHEyS@{RrLFGJ@XKGo&29>j}EHV;h zM^;5}+A~vy`pVVe8h1{!uY%kKxCHyio`)K@GdEYkYy+#r8{!G_7k-F-B;=NrIsXa@ zKyI4UK`+XA%ExFzC=xqWI1yV`O?$T1+sHDSO0b!_1LmMl*|hSMyrC^?3@QmM%gHSWTyXlV0o+LnWvu(y;XF;M?|dYrO3CRRFVzFC#|prHxP+ucuhi+U=4 zKK7;GFJWS)HX5tA-H zr*U;m$1Nf&y%^$~3x&z9A0cVi6j=2m%wQIytH7?6wW5LV*@S2$WidTAEvLglfe!I( zD>R%A2X**$Rh@Gf12VB|>;!4-xm8c47F(E=+$r@P*=2XEzw>>v#3^+Y<;v|;D510E zeUU<1*NGHN9U_~2jV)h9Xf>4idO}rrC#rOftkA(LxCWs93dHg=H}g6j4gFD?(pk*f zV`ReBancOZ;C(Z_n$2l{hJr-a8$oyK?6L!8i3B;9BNCv_GaPYwv>bSb9uG!=2P2Nt zCpMd${#S>}2!?XpkXtscKOxHsjOYPDWu?_Au;fMPA^IWyw?MFXn4`AhWU%;Un=fKi zHp*o^0^;K>4s&|2DB#u{XqJ$Dix!nsOC2U75z|D8MkE{TC#oc_{QFiG4Rps19Uu?> z?nQ8poFn|((gK4uozPX6>ieNTGF@rN{<6O4k;uXlJfOO=Uwm|6cgzf7)%k{z64Sl9 z)d?t>o~N~v8cz^s$5@;iOD47sv#wkhUeqhX7y6XBYAg$dAmlj?=FjDDq)W1HQ@LCT zz#|kQpA!l$QX!~a?^ouiwZWD8gh_;gskTNjWK`11NtmX*UR!@Z!r%)loy&pFh)9XI z=&BT1PGS<0>0%U91cL#I7^ecJ=!tp*)GJ`W6FrlwU)l@6)K^f&9V|$a9lOIhiKfQ0 zL)-z!9C}NXqG33Vk$m{L`tQ zy4?PX5DHX^x`u+lQ~;4>QCFN=MN#TJvxxJ^#1)e|x+{B|!~x`J#3|%xx+qv3#*VUg zO-z3*t%D{&DUp@>-pQxSpzDu;f{}AaTCwu$^3o>}7dV7qSa>_n6hcq;4rfseZf|;) zVRU78OnDycCzTpnh6JcArE`@?R8p8w#SMg51^mDu!20f~JG)^Mho7A{mB(Bkv!cFS zhrC+Ka=Ba<0g2T^S7OYPUF0c? ztiox%&%GL2#VA#s%wM&Kc!2ZF@!&I*s!mF4kY@0#Gpd1Uu z+tvA}i%%LFo;?FDmI4<8;-w+B1s0AIwiuHS+4C%R=XpS$zW~qEw$J}A|m+LI4cle`$UzLTpsULy9oY`N6SR`u(VhN)F>Zo{T4;G7PZKy6w{ z-Hi{oYN8ja)tEqEVIixF?PL&ZOc-*5fc+UEOxI~2BYuxi1peb?x7+P{FArWHz5dT7 zqzg;9P-`beo3nKdtmb?E5*Mz1)_Ep)EcZ5f)}%C*v8QtXX?o8()X8bX8?to$4Og@3z(dbvp-# zRWjzZRV(EZX%mZ^P~azWdCVzu6A#`@3uMq5pk|0MOrq3hHB$d}omkdVsN21eDJ5eB zT0-NsgwAXYqzs-8)46pzu^!4B#2E4unXjU!P#T?(T|Yoo=BznClG|w#Y*%62VagL2 zdN^j%eWG6oLHdA^lkAb>kE7um@>B&UiwTpO(K(qby=#qg9dM!=DF^oEJ`_m*6!SuOY&janOap#lOu4e79am~ecZwUEJMvcT!mz&d-H;lB)uTTJBmX9Xgvz0;c`MVJu zQB84{)^}+@G)u-Q$t)SGxkyyfphZ0=3KihQ0M(@)aRdT%XXlEjxFcar4S$x>ZahYL zgGz_FjTQZkcUpEVR5< zS+iE_1-PGKe`c;!VIWwDG4WNFmY9TUZ)V^nk){IdT7hYMLbqyEQ4)qPKtu}Y*eh36L7Oz6!?_5Ax&Y43)BSv&P2s_rMi`!7mhZbQ$?glz}WVV++ld zT8fsV7cG0>ySKPWKWj{SxuClmt(pDqbiDjZyg$O;0?+UA3J9VA=J#>;4V?0me+{%k2JudHXw z)AA~*+E#8}1F|Zz^BmG1Geyrq`~~FcWi0&KGxZ$KuAQz|#*e0Gww1M4gJOf!y&9++ zGO;Y>n;BJ=RR|k3XB)>Z7fBsBAr}t~7 z`>iI|50Uj(jbQ!MziOD9$1!ZL0&O)M;s^f|H%-4%4j6vNuyS0ov_-mhjs zIIf_j&aRqNyu8wCoN!p%rRtQ!JiayZ4wqrB%RDTguS}?OSozmYKrD_|T^3@FX-|2G zC9d}`I1|ws>;~zG^&NZcgv4dk=du!W#D7_NiOc#@OinEA&X=2>=&o+daujn0)KivX zNtR+kWSXQZZphdTlNBA38)hs%j3}&~vzY6`Q{v+KiHokOu~znCy=k~Kf6;Z&ezi%A zu1v0)$>`c}UrjEf)9ED%jae6)r8L&TuFPvJNAhRRY%IpGJXm^TiEDDD1ji~;x0dDT z%%Y}wj;{XMB-ybP{a+&8(c$5yIgjOR{PMFNi{iaW>SL`e*Cjt%DsYYTM|U=CH3za3 z^jDM!SxW!cpAA{stuG)YvXrisU9u}@MwX&|N{?K^pucR6#*u$J|I`XU}#byN#O)>AcD>MJ7}!g=HKV`AF$1cylDIQML@O(zNPZup3k9w?T>V z8`Xl2;2g0S`q{DFKgsx4LPR6mfIS zXhzuc3}CwfjWRm1hPqfr?ypVPFr`bL?X}G?Y4nxR?YT{Ufs@u;kYx10Jf+!jRumdq z6T`+}@u4YfyGd%Bokqe?VBjhVk#(cAd?=sgZ7+9N>@Uqdo=S^fM&aTOCG)(%>K1?| zp$;ye!`qr7$8yP5x*m)66H4Yl<|lLPCn2POP&~y^ds8}Vr2nEqgrkrp+Xw5_}47k52wWKvb~LaS~`b@Bw(Mdd&;T1amRELg!m%sm|i0sMOhlv z?sUSLIAzF;%~7HZ+{s#}5Zr02dzik_e^l#)5<~^P;G$5&m&Z`l47#1kT(;&ctHNwC z-@)w3DeF7}>A^%bPt31iP~_gHT|?=Si1^vm6m5$d$+FFkjWwAJO~^9dA3~Yc(EFeo zE!VY2RBAOn-o9qrLN`}dZZ#d;OvB|nV=K98q)(bIhk5XYYr4uUi6vtJiWUPBMQSU= zuE~k^^Be7k^2#khk=S35gind|D5wJg@qpn#-Q2I;>n{NM;G8bLDtG?>lj2Vas2R@m{kW0NR3(Cl?vSy0dMvfuV zc0ncca$5q+J*(vl<;5$1I+zzNEm)j5yXhLCsu!u{0+kmhXUDAF1VcpUSh{>!e%pMS z3uwq*_rz=ELb2NSz+eWWsS+P@FUzPz0hr1JHSK(iGe3oDzsvTNA2KF5;^JSNfah6? zluk^04oIXT^Mtw+yZ0h`M;;5Wi%Y)UJ2fx-nL5o{r2`Fi|3zA)@3&3S6f;g2IZo^E zz1SKW*#MXZ4WY+`Vd?p84&O9sgn`3pW6eg-4xEE(n*g-%)xRQ4*g6BLHQkEi%bMtaNWv!^ZS} zo-i)YIbf7XDC#geFsF}>zo*eLTzyuk=#P#Qiz&W?GTT~lu46EqWFcqDc*y8?^z3|b zrJMeQ7V3iw==yx^rfJYqZp0rmg}f+`g*@`*@|Y5A)7St(+P@W0m^Lfsaa%4c8`blQ zOk;JXCXJFAxsQx0mTuw+2?IpMx*w28o@y;m=~Yn0FbZ2ifEuHa+?Q~tDXdENu908t zE=W9=Xf6 z`>w6jP8xP2{v|p`CZ;R>@}5|^@CroP@|?pZbecRojdYPbF(^4ShC}AGPskBNT*{QD z6*GC>`~pA)2s1E65u#FkCh0+*Sp7((_V?{c5{B|)C*fiT=)lihjCzi4Sx!Uz<RXAd*WFQXA}q zA@I|84D^SmX)aPt2hzj)>h9aeaRp-?mK@NzXsXhiMTceY8K5LohncyS)UPORO z6G5{YnAB`U^zsN}EG_GN1ho+|rLZk^Zhe#HRmgweAv(@~F*O932O(xDixnwi!Od6d zP_|4H#gm5fD7#K37o{~N^fPN17r_KNT1 zVuNCed}9h(QBZgL?Sp+Fol|o6oJ8;r;!tlnkupJ zWd2-H*6;z)I-!%nW0YshO3kjtK+Ek_oNCi4+!GDAZljV1m~KxRf-K#exIo1&qY<=~ zw<9hdYZKB4UDXbx2-R5LX+er@?=DP0k!Oj5-eIU%#;0AzW9%|=0-%;DGt-Y{=#ZUU zqL(rKdC9(Giuo)Vw|z42+*6Vu7NIa5>l-uH&jiS5>P6_@)3Cfd3_a*6UU?I&J#fIG zDAn%q^v3wlERFwLf`o{*Mki+{gKH4911R%vKz}3$?*$n2M1Rru3l4*Me zSqkk&j06tR6z!(XUx4R>%ZrPX!S(Y!aGh&xQF6oZ?^d%taB?;}0bOu%aV#hhZ*Rs6 zp`G7cU7l9}0WwmV%58Icw$L28j6-%emD9tqaQ}-dwa43(+K}wz$7>!A*WTb zUHQm+tJ9^(uJC=bYFY1L#li&`LMw~Dh1W~*R%No4mJBxuSi`qBC;xkRd3Akqb#r_= z>i=+da&vt0rvL8j`sV!P`s#ErN;zx_iVO2~Nk#GcjyqMNAEhGKGlsa#DagN(@$=Ag z_oxMp*05^V#=UNeH`{TK+%hw(q6Ouf|7HYSkm!mKz8xAgux37jCWXj=1J~YkH7shr ztRG)vd2=(cYgaa}XG#NH+bVBf4t;~l=H&o4Dr#O1a^rgD1CA7c4IYw@Iz? zQh=M5DK7>3St^w8KVpS)cVGXg#mQaNk6oAC#r}9D$qUxEs$F2xCzdD!^I3N4sY?&I zcC}S|!0htDKlZ-3#1XbEUw=8&ub}f8soGy>nC=-&ZE2oS{ zy%?p=-bQsj@{&`BebZ_c+ewNxnTMV%(?jkf562!<8UJ=S>xy3FdzQ~GAE-)G+6R|U z0-ur>PTqG+0>J=Ek|^*f8RIm?@n>Bi(qxw#J~ictHOCB3I(8qMWPRuRY9BtP5s-x< zADKMqyAiwqGhgUN*>59)C<Jy3x>tv$i5zWNTI3(lF9Lky;$HY(ODB`*@YK+_S;8~gE8X}u_ zOHpd$xBvN zCqpR>6oB!t6sy zUZ|R~>Tv0WD!?I|iP;>W7|FsKpl#GYp`bkwQ=|Tjw_0I6Q=27YD@&rKHc0~qVyAOe z3$OcCe&L0A7UfKswU^c$+PbARN5MlbtvRYz($hIIx2mUebgB5S970zDB$RV_ivW{O z92qaGizrKGr7>hOIx(SC7~)n5Kw}N2dcKh00z)KB$sdy`(phK%`5BzrX)EYMOnV@n z-q7rmn-ESvYWUv^OEji9;uFyN8#B=gEwGCtKTHAyTBV_rEzsT*w&^F(0WXibUGSe^ z-^M!;%ftTMeiW7^)i892s5J0>iaGXSXumHQ+-W=KDBbFtl-iFU!BXnMr%z6mAO=D> zoeIl!ybu5cU%pi;G-LG?>w|I$(W1Xkz!id6Zu!c^y^z zUslqd!}hO?L|ekq?RL9IhlldN-EKGc-~I0EmoLBBKRh_(zM z-7Vp-{UwY;`b~FZT=~v@CBKh50JOeUW8Uh4mRJjWosJlNPfG%!(~kP{S?h)PoG)S| zzExXo^(>}hf#evmRu6oXqTGVipJ9%Co=}uNwc0aIaWs|f)pN{4`NEn~4vh5638C|r zIzCCCS(-t>C|*$_>otWWLh7OtYqGvq>(Zwen(l(bj#_zXqdOnt|It|z*L zZSuKV%QYWl41x3BB5F)Xh+u}srA(jQ{HtZ=`M+8~*0C4MCv_X;87MC}kSX_!-4mKt z2CM+qR=E)On4uSdqB-HnB#N6gc^ne|RtIIv81^C&7L(G)pRzAf)I&{F6i zBV+2U!=Gcz3W9*bC?IpN-}S`C3;Oc%hcKSOD48RQeV_;eI8A0)t>0-#+FJe1=93O| zOu^Ol&<=^qwbLfM2_y{?Y7#E?88^p6`1dr8B%@%pZi`Wn3-@-qy>w7Zx-8nP-(8(I zErG~#0yD^fo$Eykbw+E4XzBde>b%IYK=uC%niZA~f43z`v2D1<;vyMjYFo@= zpmt@ioaZwf1SraN0DzWU!c-s366OGu!!DOBcgeLr`Lv9E+ta7(^76qX=QHql$NsM| zE3CqNO{|M5(}3aM*A((X4a1QD)rf5rMS-+IS}eptek9eib1e9}U-kxmXvrAJl6UVS z%mv)HxV40T>G9-Bw%L`*1iMO`SDB1i3})dhc|9vGZCx>3Iil-e$#?2v=EC!O0jL|- z!$J4(yNVBtNSx!A^TDUwg!JR&GxB0Ee77Y=bgMov zjF{*6u!7RDRB)4NQzqTkRLa!(G2#%1Y`MD9UdfHNFBale?SrgRQxyd`;%J)JXekA< z7IF&WOJ8CN3G$mPH0z996;JXbDhm^2SK`zf28F6OZmAeka67AVBP@uke1)53tBY}f zJ~G2Hb&@VVX(WOUdubr@ZjW}v|9@)cK(zdS=2(SwE-tT6Ms5CqZ^y^9#Q%42_g1r zq94cBM>~K2I~b}{qOmOZFXNByXE@Z=&_o-685kpB)dwgJ$pQu7?|SgmLVjlOQ`d`}Aq&It3&)*<*yF3=ob$))35P@zs79>Vz0DgLg=`PzC4%89it! zNQl2vnB)%8dx|+nk*t2!+u5t zJZwl6$KXH2ECH8q!1a$OV0d}_pTP4#hr~P$tWe7qvo4kBpor6jT$S2v20CLLb;gj* zc6Lr9Kxm-+D#l3Db0H0qHCbC4uI>a51rWy$SmQESlKy!_3$*LMMEt7O(Qqwy%9ZFFo zwW0j`Tjjx%X_>w6O9@I{tda=RSD|-yBf`Nhn#X)$1KQgIyAg6gr|?>P8H*A=YZuQk zBx%<~Y6UrCZQoG_2hb$azumPJjVj{M zY*JSWtEn=eMb#tVS4JXXoPXc?C@)n=FYWUT{hwOk4={!d9UTHM*sJN|$Bz#0K7Fd| z?C0)gRqq_lP}fzHZeR`VSJV5CAAu}ZN*9)6JpQm< z)Q9OQ3{CP{)Lj(})5LcTgCq0}cfj-L9C#k*3*ce#FCgq58dHSmsLWkDlKrEZtkh^qBV9+=3|!KcT-iitPl)S$}1r%#_iK#(d( zEHCP5)lU{_R+N-rw#=%MnZ$bO`mc#%pmm`yN^KPgcW%BlW24pD#pUtI&FL_w%v8Di zX4A>lQJAAS`)BvxZN?!_SR0y4BE>WPk58?=0tv&*tLq#Q>!4>b@>SA;z-R7`{nSdc zWLBGuicV|(x5^ZNJ=ee03E;`%uTA9B+rAqrQ6mVV%ie_0dq{(3(!lQg&T10TnCrdfgCPzeM@l*b5YKE-bB63aq!Es$tW8N6;%IserL|Nmx&!WdE3=5e?M9QFSHm;0}~uX6tXqi*-;$^ZWtzmFd~e+PGX-jnr) zCpbhx>3%;KZ1HEP2mansQ?&E^T^FVf(%8-~ z2ymK2(&Gs^IC?4F_6&@X4-ryJK}Fp>`n(>s=V9 zd+i-by_ohYxoC;*_cH%iV_%NC!UXz$pn7@Eia=-Dqzn- zwtOS+SvofV_lBdHU5%u9!M?D8EqAdRE?5I4KHTCcm9f{Zxbfz{jxP!o)b-TJml#;e zN__~P<4iM&XLo+vAS`9fEVS8DZ!gs|XA|C(2->5t$(En>SykcaUxQs&h$l2Mm%+w} z7Opv$6REaO+SR5yP|zRhu5|N}J|&d@x*~+oDMCI)^d$paeFhV!(ewA^%DI<<$jcjl_SNDVKy5_1vv&s=&E~!>I z>t+3n?N9CAihs%zYFB#8M}G-Z_SWZ0x`e{=aQa$iWQTK>ZQ@eUwmz3mBGdd1Hxt&Cbm*x4ivn33&Fn=>Ot(VQ7+6NecVs^V9rTq?q;6tp7s$Zt; zBdq2OF<08_`B-Yfw!kir!xbTYyI0S!+~-~s%uVoA0%~B^H6Izv>`#yVz%5!Vvm^=$ z7C)hdGhBqO$mcrV*jt39lAz@0C$wM{bQ*B$3dnKsVFn|1^3u#(*87;Tfd1<}t#x8$v< z^yfi%t5CQOJz9Jl&53mbbe2n(3foypyqZ`P#v-PPWI8m_Ov;C5)r>Qj!qrVu^^KZH z&J2}3-R3lPrCw6sxUbfR-zni)Z{6DGM~&=Tw~(S$Q>T&bU)g%;o+y88SqrzyETYIiu`@^46w2(5HJL_g zLdKVx>)HJt1Jxp9+3E>f9{9sByHrH1cs|WYnf4e@Z!iDDLLX6H1&fDlfYK;R#=={)Sn{p%)0pT*9g*wJ?10MH&N|3lYT|B! zK3bVhoAa)o6@s%5$d1-WD{^xac4RS}PDrmw8Oa3<*mqG&CjJw66E_Fd4nv&Bop!43 zQ2_o8{`f;TDf!&}bXm+3na4Op0EQtjfu8_Jvf>oO(KJM0ju?Ye^g`+sUwk-$IILe; z@`0-9WY)l#n9A}fy7Uckw`V>EWhW7&q&}b0GnfpSzHZKm?I?N*27k@ z@8ZK>364PPUs22Y)Jr3OC)u}NF23ep(a-&}cPAt8bN}r0xPN_mdC~hKak6(q|FKIKXqTtPRzDj7gSF@xFI~CDAwX9|Y_R{XZ0M>VMZTxSN0AChmmSLh} z!e`*U`TV`4^S#yPJ%BvBOorpR&NI;!AYw}HaDV^=NrZn(5V(g6T`60aKoRDLYI3fs z@K1;UX$rO9-{0F#C_< zwW>CGEH*nEXGcfJ(AO^tqnEXL0j%#N7b_^ng|4Lud~(M-lKDdSgx=N+M%}eX>Pr4j zOoHr^WBu%z7$idR?>L&OXBe^O!6Y#hTW?)O9Z?m!T(70mm9xa`7wa%gIC+aAMCF#h z#3Zj;u>^kB5g>dUe8IG*rW9RE(19na0mQnT77R^WVNTK>_H z#J{m7=Y@4#zD0}XoX(#bZkgG)Hh9NjQO@X}H0|p#`zN$`Tz(Jws|a@gAw}DVOC-BF zJMwHD^i!^` }khFrQjt7MT+!vZC1cB=%^3JxG4h(1LDiiBCqws1Un9kP-WLVLX_ z%80Y1g{~Pn9M6VPimh%K=TBdIXNpFR4G*!cB@vK7Q zuxgFta=XrzxIz9;Y5teIg5DDwmi7Y9H%!wNflIN8LUoWjK=2j4M9S5Jg(@($jS33XoC8f$z_mE6<-#`;Ang0ieuXFSN zp!@38{?q(_j9-Z{phtfwM?Z5pSSLieFQj~2B_U$%07Z*IdThY1$;k&9pcOV~tM9)S ze@le{W2`Gk_R5ME`7nlK9Ab_OP_vfWM}CW=pa(AOk9OvW!vJ#F+fjFvNhJ1Jv?Q(R zg;+bzMQ2r|2zIPH$4b&T)w{N;4@`wgP%QUY2ryJ__5Fc0Iie*R8ZKL18B@ZEPr@E}cRXzR>Gfc! zQE+0zPlbMzzZ}#Nj1_umseu*6xl}}&A*wI2>U8GMWyh4R|N2z9lg1)!whdUe{&$bM zIs5!YXo50CPzJ2|cl!D|=R=evEq#->3IOV`)6L%fgrzoG_K!$U(a;Vew8H*y*BU}a7lFV1bnZK%DVFLN&wtHc9V;{)4B8< zv1}_s^#VqSiCsff=xv8ro=5?NDgfC%&2HAEGas%Kk4tsK)Gwh8p|Mk7^5*BV;v0~~ z+oV^raQ6JLlmY|gYF!I!DbgEAU)~!Zx1ANYJ+i4u(t!hOo$enX6oj~apji%d4y{0# z1Qxyl552!WY=Jk2^PjfScXYGBBIY!n*Kr|D?|Vo6R$IrPwl)TybGJSO1l{0H2;6LM zD)l3N2M67|{CcF$OEX`Ei_b&d5^vd?ujv^e417TM)My~@31Nqz+kcwR$IYWUuBzv* z$n?FRr}Ne=J9*mB0B@v*<((qB-zLX?pT zno}=8dSd7a*0bdX7=O>!JJQ{+IBq8~9=~#S^%iz10JX!Zmq&2G=`053=iP?fFIN4L zoIIrv;M6-!vvB^E5d=Ghy(l$J`I%_XjNsaHmcJTjUj)_xF5j*P{Hkn0zyE@0L?nZw zW#Do!Q}z;Y_{Ey!tKOpf#Jli%TqRdir)ObsGFiFBO>A@n8XFHT zh&itlPhL-o&!YSJxGwL7G1Ael*%FNga~4-Ec@jw} zGp2(YAEj+SO=KQ1CHGjA)?QtG%#mj=isS>M>^o!+zd7s9;8Kt`2R>nTAGZEJ4=L<4 zE?;yyvKpwVd>M6|1NAv;k$hz^p28`V)-rOzAAQy6>M>p|w@2npdX*c)%*@yjCD&Du z9*-6AIvFGG2Q@dA0>pUAfK^@h@y}PlA!gpz*Ktg~G%9O@GD(TfyHEGu6@js1A7?<9 zH!tvS!uD{ZMO3u|ujvov!PN~ZA68M%b3VUfwwA^Tm;Ox#8#V`GU|g^KKj?Kt3)+Bo z1?Koxvu^08LnvX!Vl4Th+`r1+?N0qBUGjS%4(xmA4(y98idSqLM2@*V7?bDs*F-jG z^LAV5ChBO0rChhVii4rsYhmYn>zf-|?i^}{(fI>ix|au(4F1CY463?;9fYHhkAEJG zGuP;$0)@oB7-WwKs9M)hTJ&+Az`CpfmLk?b5FA`lLGa2j8R1F+8YL?zBm;ul-&-tttx1!hQKC0Op7_d{udI))_b z+w>~KzdG^EOm%s+%EoYMT9ASKn99Dh`DYX^I5X}IJ ztB1<%Xw#eePm!NsuehBNG?eJ~gT#Rm`X{oajaehz4jCB;Anb*HuWab#BzZQD$M!Tf z&AIzh+U5oSsV#<^`A==JIC{KcpeHKili9MDh73TgCvsS(De-v;e&OZV76Dx&^(Z&M=$CNRYW#Y*1hN>n((R zW{eTdL9*{RBa~5;NgA4?@dtuPy+Y)^g+;-!n0_8sYenaB+`I*0HFnZX!Qd8q;x)7LqvsG^kH%gM6 z{1x_TGkqpPlM|6sbaR%nW5ZcVr;}V3G`GI-OC0A9{!c;L0rJ|_4^!9*joJ|vQ3vV{ z5Qi5Ii)7N2#s@iqlxe=nGL4GTz`A-N-f=$qVeJqqlC^Z^mty#v#n0oyv*@hUz2^GKN~fB0$t+|GE0I)dQw zaH?7zQIHqPW@JkvZS1UnDd9CT9`Q113ohr#HN_aPi89}`6s_gm+v-GE6*xjQTae~b zI0c|{{%S-K>Q%0Rl*g(?lc3&_?)0l5L4qX8#eM4NBdDZ|87d}Q5;=DbZ;I9kI>;$^Cs zS9ct52df5jLuG<&I@M=l$sN3lt1U$__@m|>jvCeEOulS>chUE zNdA3YD&^svk(uS#mcSUuO~~U2(RL-$>;!6WYq0bAZ*YRNw5Ly2WKks4{?^;l=++AB zLKPm|C~@xy`=_9-sW$#JR3m54m7gPF?!$n$6*k2w#Nv`^qbtNR3(@*sQO&^(zLdnE6%!$ldY^-=H-JGJ0E#>)&lKsHZF91c|vmpLV-R$4FSi8jJ8 zZtih4sO+9&zklxIsd#_lPVv`+m2&kpuerx!3W$uD2r=3 zbYGdg{q%Hyy81XcdU4`u^Jp&wGXXy@oO_ZU_4>QfeZ^GFbP4=VPwhN!nv7MjX-@VH zPFRb=CX<3L%lo0x!vDZ$$=2&jzfBk(`|H!Ng*9DHWUgxoj(uxz>!Cj>H>pWoxs;;U zg-J~^*tnuYSFi|MJIvQ`j3ff@`9ip#4(`sL_eT#G1s!aO%Uk8+Q`&DM;T#B+dn1Wf ztjTEV64Q9agaNNKD&C^ubnG-;`ltru72yZ6E`fWl-;E=aM$E&pMn11i4jADbsj(eL zHB3a-pTU}#kl?jjkW`-Jd;CgBBC3@Xzt^~R!oTE`V_4_9 zqE>BLjL;}@*sVBi>1+NUUBQa)#NbimPs(_xe^V#jOi)4w`UZMkc$@Hy)6ApaRF&cwU`-b~9c zLd$Bb>*=IJApv#yXav{@RSLn&7P_-iDY!X0(VsfN3MtpjuFAu1k>)Z;7L{_V_^e6` z)QsoDj;~t>r_B~VsNk>X=)l_|Hw}AYwH!QDol+G#9ygZ_B1XKu`0y_zQ!1_?MOlP= zNMnYXFsVPNL7)-It0Ju;j%f)#7OhSP%diOdNZ*Zi7@2MEuFe{(EZIHCEaf_CzpUit zF~tT?4$h9D@|k8?#IJEnF<`Y}G}&70BjMHO1YT|n{Hj!(-r3Z;X4I_#zuC@(OGY_| zlw7M9ea?$EMQ-s4&LIr*`uT1>`}wy$z1Nd;KCu;PNb3PBXJN7J^y?bv)=BSkqfe#hO65&xaHP1ildg<%E;1RKAF_fq2xX&Nl4>5 zn}o9AukASEPgoD&BtDCdfAUQHQ5u>9;*0 zc4XX*^HBYMuEgSt|8H@CA3Rx)o?=`ICnGaUPj5RT`+K%!M@W1&Q^`{W5gDW3I^t)N z4eg*;vZ6@}Jyk121^H&{KSkS4DfqOU0Wvv-GfxL*;Z@M#Y2aYtr*2Y2!^+J|Zu~}A z@u+4ur(-ZT{MKQBb~{|~;HA+mG}2)8vG7xtfN~vzAei_(j4fY4!2O=^`_Z3$m41OT znanEa_OyN*ZCA)ti|`u3$V0nyBK_kkN{}V;UGIxT2{Z+=$YfHcY?HiA5^YD> zipFSDtbluS1tYHEhVhD}P7~U8E)0uCK5V99Qz;xlk7C=6G?w6LU$qog7EitFI&MDf z6tq&XsPPS|*NJz%e9(#L*B*NwG{0IEr7T&_MHf6eY%ASdltyAJU9yNSQIdof7e@P0 z-3yNlqWT&v+5yuC@~6}Y!?>dBrwyOnbnaTa0Wtz?st5zo<&9> zl2xIeFElAnLNyup(j4MJz2`*2lzhvclvD2q=q+p*t5=e)F7`w`kJX=R%6f5Nid7fV z!pf$8g=34#H_u(OQ`fAtn$_#vNvlet2#+%(1)6p$>(E#%=e0h3G%LH5hc4*f@0gAH z?SoV9(o*=~1cejsu!~qa?c7s|3mrBx9WKeN^;R#!-98MnSQT+=C}W?Wh01sK3+et? z3vmA=AWv`k5=z>JRVTgtH+VH@ZfKs?3fk(?);jO7*l^#Mc&IDG2Y`BJN_Y7hG%+kD zqqr<|e6I3HKk{kfw>D__#)$fEEC=;VKW64!0_vLKx!q-ZyOSf0Na}SwA1m!){I;Hp zbj(0>icyH!h0*Q67EaQnp)kooQAGXR28|E)N5O<+{8ydn6CP>{{fkL(`fIFB71y$_ z8a1A?MzfePr=*Gb;v|Sq2^)p!dgPq)`EAPdlB*8KY4pLP-j_eqXAj%Ud!@aiLZsU> zP=>mvKiFBmGv#hbVxtgmAQzOA=41Apb-`E1&+uy#8OkVHxVqDIq~96UhKGbJm97q# zCK(KnDLh3_7D7r}C5dP})=Qo3y!vCU3Fe*MkeS`JK)zp#7J8$U5^J9vzc@6Q7cQp| z-}7g)`6Riv*XyFZ-K9M&i%*hdob>%oe;qq!eiR0R=ZnS$2SR6e2_cV%~myly%f#v$J{-?lU()?PGQVp~jE7 z;TZ-ym$<|IJat*eEX3M2Yke~Mvw1U+m_M?QZ;J8Xv6w)kozYdpozEp%BFj|;-K~k{ zE!Pd3^|||~n;9+$(eWM1Rdq_Gm$=*LI1QxplHa%Ikj3$di3Ej7#?Ws(D5w_?=nQ1; zPZYK(zbnHHR@BiVZM@}e3+Y$e)R6Z3vmz>;Xq%*um9xSUQ)aY)ob#PBrEQ%fE{Wx~ z{F=C(lZt8SnXJ`pIy`GrnuIw;!P9gE{9M?KgjfM2GUhK$+CE7Pc?eC$ybgeBGvy3z|0L8{TGXj#J3P%EVQAdGGNd}{KtRH;5{l?Jo_1$w=QR77-{U$?l zqcB{pKg%BQ>Mw$kr)5`<2)})Ot!IH&$9FSW(H4t}9H85O2-w>h)&YymYB~N-8xyWx zEw0+G6F=A1ZtmckR|8mI5R9P>Ul~@PDo>nAtkiSLuG$zvV!aSJL1vy&ejSsK=%%1c zsH#N^Se}hlQBibG_^j*ouZ2JaOU}JC(0M-WdIHW7&?Z4O)IRu;lGEYw=jxytF* z73n;9-aovfebW2DbFFpen-un6dD{LnL?$f)LtN_r|5l&@w*&Gu|4)~v$g>@A@!REj zIhFK@Iz;kW)Xq}ndE6C8^zG~vC5tJ6zIt-Cu}6RCk;;s?UK#(JPr%oHzb;`o=M}=W7GF^5S>_9E&M3JvLp`2xrfEI>TlF~J`I#KCr>rwX zEV6La2*24jo+S@uFQk#>v_SLe+4s-B!cU?%ce+wTBI^|@yxzE|!?s8Gj$cxnbQvg+ zb`XZhhOb;yzSGFQf{KPPd%y9GIopXp;Cc;bk-);R=htUV4gHm|eOcf}1+dA8C{elV zjJEfg(KSTjhhQXCjdTY_j;TQ+VqhZB7~}tLb>VIyo_vOhut>fcSR{e>9}Kof+Lh9;ah5QRhaoa$1epi#28u4srz?_PjFgk2!G|Xj8REBSAq7Hi^CqGvL@bI@ znp;%Q&Ijt69E}AdAaBKb2o%y#v?P#Hht(|{LUv#~a2gr1pPorBPuP_j>=!$UTAv<& zv6ROE786K+Ujs4{1%FVIFAErJf!qivysb$L&VwngV3YCm&NV&k|N+2Hn`>E~d z8}Mw$Zd)Jt936#-nDsw+)Ah5NUtQ4>*k;+?S*Gb)W(aRpXiBFA5_F}WNs`uRXYGHk zh$`EoX;nK83;K7%nRtdLp_8hl$h{$~XD73w#xA92KY-)Q2+! zhg*QPpdmP0bouakTsdz{m~Wpp-vxU!0_Z48t=3Yk{wGegabZ1x@h z=zb5DZ2jCm?@!(={@nicu@n+IQm`*073@4=WlMQX-j|_-FTXCB8!|#5LA7a&NI)#> zlBPb3Z1PtwURbqmS#K`(B$u!{i4Q)oqKq!L*Dg!KGBhbO6f|b2n%t`o&r2wYk>sPne&DePo1ohj0^Bk0T%M1gcx?p2*qc113 z9{*`k;GlIjX~~lAdSFQ5d6{FgkOY3wKX6#N(jSLwYk8M9$xn(tk+Q$#ZVA2{4j=`H zZ9lh15C6ICxZ{SrZ}2OlES?I&QDHG%s+i1wug97xKR!-Tz@jOhe`vN&;n`D{dKE_TjNKdS!#4hVGH)FPCY=K(1ALP%frvW~N!!F(-3y~}?L%1|G4GNkj#!+1Wip-hADhVu4O|<j6)Dl5nYvEEo@R(Gd?i^7aYlfDZRbjB?u z)@oikM*9=qEK@A)C6#ygL;?pRpN0k8S#+PzrIBUBAW!+fa|_RM{;}GjE(z;w`VLFF zX%(_IX%Qt!O2by=S;OU1J^JPFlO8d1+J-9)B>dsK<~iBWlnS*g8N}A%H=?kR$IewM zL#!-jxRuQed*!H8Na^GmwqvrEGkT1eMblV)Lg_n?+{tt%=NQ&Ig~?Tmwk}KODU9JM zT8q_$+3lPtbb%RP81%Q(_vKB%M=1H>TkASdtv^7bORPH}pv!aYKhPcbSV)I?s?pHu zgi;Tciq|2AV_K?$d4?+jd(!!{ULr!H4T~?_3h7$h<1uP0Ogv=-^LB~unTbIwwUZ;LM3!tvJ0WBq(3KEW_XVRRSh`re z%XSf-aKD@)k3+~cyo8SJ(fnz5Dx@)fs$ko*H+s%2^)o;!FB|HMrKLH`3v|(*8}2Ul zJJn0|1~|J&kcw_Lf`gnJp^ef8?arv~g2sf&;Ua09ZKwdZO}Ew-R)B4u@M0e#(?GyA zQPAh!@JfxGoLU)k%zXd@{Vw{G)=S$1jy1MEZNhC zf{)CGsE*941E^5NqYEKR)GFh4Gg~-6C{BJ}`(No|q1E3d?@;VV*e{on?T6 zxiC-H*b*c_qu$}jfzwEcrGADssL|lNp~>i@ zulRIpM+cNDM2>nGaeJbky74glOHA&+PZ>O>ObW}11lpa)`$81e0amblVxOSDrV;sw z>4#Y!Bhvz}{jXdg-tfGhgypivd_L9P;+#H4wLpNe9 zG3{KOm*3nUx=s2yU%h#5i6pVCFZ9uw!*a6FJgEIph9jz@P&q0%x!vhP`qFa?N26V8 z89;UnBHZn#-!mGbiZ9=5gYZnJuB(Fxd2#87DaUP&G5gBqK;-w#4PtQDMFo7v`~dw3 z1ZM(a_%Gvcyfk&D$y7Paba-B4{Gz=_ksP|=(t?df$d_Oc{Q@$T>dvV;nTA4qI=6m&JMi-9?i`$SHxHl{JrP< z5p-m`Nuw?0z8K}6mq@kHyfOGq`Dgzxl;3jioAO)!zm$LFoAQg{mIt!#WQ&NfXI?il zrETGUr(D-?9p0a~PGC;U_Dr$*kotqpqqwt_E<2{$xwtSZXPqUwae~n^m9xPXmz`Oq z2H%i>*y|Ol;(tT_U<`=-|3ZE;txi8wvW~7^ZF^T1yJjifn#8o3kvMxEkk33El0+ri zBH77(^##|#!EGLeB#XyC=nG~K)h1~Av#S_LpZZAK{rGXmb``E4*U2p;;rKQke*s?A zU9VFgmd+W6Z|H{Hkudu!LR2Dy=$u);k%$fsA?y=l@pEO3#U9+~9hYbZVSg~{nwi1+ zF1Bgk4+V{NJCb{v;x705FG%j|NZkYo|zJGl7alJf#)+cilo~gRZmT@Z+Xy>3Vy>Ul>ee~kp z#sBviSpWPCu-_QV18MWg>K1j)&=cdF_gtZbJ$~ts^(C(`O#ea7bIj{5F<+Ugd}8iQ z&f(^A^S-{VB7OFKpL=EwAi=BbbeU)nEK@5~DOD@;aD3Rkar?4kSjbGXU#Asl^iYL+ zK?;7ydUqt5{IiEF>nY`qW{9yi#MY2K0vlRjFUQ1WBBgftJJx}JiKH8S^tGm#FBz>1 zips$ld*G;xW4N%WG(aPixL7L$ZwMU5jX!#VsLtmiI~(|Rb#c@GJWM6IIKNV@3UE@g zjQwH{L4g0fOVGflJO)>XoPKWI!D}*8@+PfkW2N=U-1jQOOWs)8aQOMBanhc-FgEk+ zOzhVsAv2&>Kc?$`^lX4IO>&3nCsAb~7;~Wm=MS92*|okOMqZr`YdZE*`Nk>Y$Xy`a z)HF^>oss5QvGw`$@%sUv;rp((LLKg|TFnhVL#m~_y)=cgn^%H-O)@q4h0>FG7`Ork zxwnEGa6~8lfK?8aa1Fz~rBmee12u)E+}y9PAA2Vk{a>f2!OicsXFpYoa0-y!xD|kz z&;DgN7n6b!kNfTS;cNE1g-KaL8h9p^y#c(F@!It&S-Iiy_wH~Tv+JMN3Q>aSmKwD6 zY@}}`M77?9B!!zE)n^O~W4GR^Sv((XY zAkmDQXv;~?C9NG|)D&YH*BBI?{f{H&{tu@Ip&!vI-DhxtH?Yaj?=rt77?MIVeLn|5 z)~i!}pD6jVgY}IB__X0y>f>! zPnWZPYr1EeO6C>dm_G-WZTdF<@$m}+%m&10KVAcp*g@yt0woR-;!!?VP$%N|n3cBBrP}6@r}&0W&nOSmA3^mxH(I`M~EZYv?R#Xf3dgTkMqgz{quM3hx!*>&=U( z-zKU~@w-hAXY|*uA<)mT?oHX zAKhC@ntXfa1OWvsS~@w=?Q8#QbvD=dCf@Zum`EY2n{Qo+&xXZ`5^b6)C4MI%K4y0( z5RvDof$(4J^-5IUIe?j|^mN>7@(;ARIh0jX=MoQb8yP`IDnL@mfNm9ce9Uv5hu=;0 z$d^4|>yU)l!s*NQsy#F0B(M`qi-`XU#@hM#GLj~!CdJHv@vpAKp9LEucE|c-kI811 zTP{J6*pzW{!9y#p`L)X0lwGgNFV3+`{&qhd+wUnee4%c|IgN2uSh6&z=7aN6NR<9@ z3Pyj6{DVr(rB)0QCv2FgLdLjcUy4HCJHF1?V%ekzhGTMuzlxdeZW`RS zE=Su|X~+3q1-;K|TCZ})VG!Q8k=g#kZPX$EvPQOpWpdaocbS}2lpSVRFR@T|SnpbK zkEK~E`(WSUa6jHnFUXC5v~tHJJZcHNT1K=?=mZ}nwYuI3C-wTP7j_gBH^yRA8?BnU z|4=v}1_@Bt*^W$#0jh0=K^z z1R*at8xCmZt*U-fX{a&NY3W>}TY|iXKic4^oZ;h=W#|efR~!L@@$^u+iT+Y2xNq_2q6Zv+2jsU#tu>8bA+EP3=@T^1i%-fvt!6D>cUQJQ z1>9>^DJ<%P-v3=7f*+BT&g*$+Bk|-6sm*xcQX(Q;u+b=hy3XG|R<1qpsj%=en(i{Y zZj8J@$@#Jm#72UVj3bc;v`@@LP*9VSD`ktzdGe-_M9kSNIjnoU)jO`TAg&?@XPx() zXy{i<3$0jDgXjgq6w`yKsbnJrs1iMb)1s3uW>Grh^@*A;i)v~p5nKT-e7Jp{?^k=3 z6R(vMe;owEzVh;=4@HbG1E8o;0=vIdhy!X~sqhmYg%(9#WHU! zndQ3%pEhsbo|($Vp{wLd4A|dRrQH?`G#bT==Iyg{SGw~D_|M*pIvjVRn5?J6#}nP8 zbuC*KY_B;QYja*3gd7nq;`Jp2hmIRK>QSA@nHVHKB{_ARi1f)%&%bbOaUCHKfc#Lm zXR}27&>P9hZT1U=>-pLA1xRzEYkMhI;#iXegLuqJ(9e9LI&{*QEp60XR|B*62(IqO z47kWd)wH@;UMe=dVsn6`RBGmEklHEUBLvwx>>cff_E&@&oTn`IV} zacrTU{ZJ+n&e?f-lK1XWp{N}X`q%mW(Vx!fxftN%8qo^;UsqX>^$ei1?q6Q2wmZWd;jIOoQ8G$sQ%&?|KZd2p1u!1yj{l+8b2)f?H4G?0f*K#WYL z4+KGa#O6EK=JuNkU4KSE5NiY-Hj^@A*I0Lv^OOc7#}1!ijxGCHB}6+DQ%?ux3(HAy zqI2IRY!&D&BVA{zBVQ0PxOH@tGA7Nc=Gc%rJNZe4K}uqLzsS|z&L@y?_g(QVOAZO|@2Rbu1QSN{lFW`hsDT?atxh6K!4BQg4)h?I`xS-(Tj)Ms% z3DYKaN<-Z%QrD;#>Ro0IO`yv=Ic;(x2E}DT>?}``xh&S$ z5x16ybVLz&86(>!5^cT#yiR%EO!_Y7 zE!Sk~X1oBl>$WSt13MF@yMaDWdKb~&*FZi>Zbhzvpj;axx@zqFqn)*cD?Qt`#?`M0 z;+Xq+jsTXZr3@3z?Gm3pyBh*T`vbHsfbIGj!;g?Px3{4h89{%5s$1`^nfNDM^48cC zZTexdVPY(jXFjIb^lgcS6#?&M1MD%pmqgbv1%Z*d{n z!isX4R?{Hgq6~u=Z`mn-Nqw&csErj9%x}JxX$lv{4{oBcF@r0(aD_fq*x0WIaaDab zn8`e*;A3#*9ObVg%gRnE=fHi@@uvQ^$O)yZ0PSVa1@G)>A9Vqf&z3AQea+t(?8>NZ zjvMydoUqredYes`@UuqC-q^!c(5hwAKJ?_Wyzig+L7%Rs$0oZU&u4>6^RL$iGWHBe zwb!p1hL!85`PUTiAe({^hUb7Vx zNJ)`}PK1*U#K&BmLh(8@y@5Kxx;3GPy8&_Mkf8wj+)A)V5${XOlLYzs^aql4BSWMvD*$sY?xL7G`p!{;oMRSz|EyN0^VG_Oe_Ho<4TIY%CX;QQq?XfJ{n3W~LJvs~c?2@ouBi zO<*uPoEf{pKU`*0;I{XpMY|br)2sEd0k|z`-VXFBUfq>Oa8m(qD+iUyN-+(Nl330B zaADdKOKU{sG0OOor6O;6lOX8xAjSC-@wCpw&e`}J=(?^apF`E zUZ6efcE7EuAlt!z1@8US{<5|1_KX8QD}PzQNR~WES%qGU>9K8U7KN^liE_Un<0{EJXrhRXBWtnX`U|YHzKaS*D&Btj2pwIdL6OhI zJkRP#1vPZ#7g7^EUC&npoNfPLg0)1lijr=15TT@WjTf9ddu@L<*L7~arEObsPnbei7tj9}E9w2E`bS}{|iyoBb)_kYeOu*^&biieCHgRP8< z`qc|@3fVs9KY4u6B$5s>=~ZfYP+A?EZC&{X0zynt-{P9oGaPKy}q%P!Yt8bIa$5a zHfCptbBvOw70TXoYzk6wB?HJoMZiPC*j3+<`tHMNBE%UYfBc(JjUB=<`3w}$p( zZn>;a``(GqR$!niZxlAw_;*_M)%T`~DwrFZ~Ai6g=vt`kDQyswbJQEh%;ZpkTqBjS1P(%xVe!3vd_n zTznskpKp0y1Xe%8fBN&7gbEJ_OXeL9W_*fxuHKso-xO61uM$No|K>RdUYG%ICS$n} zk_067-?m>po)5>3KY}x>0Ro%AE!o#;AP4q$$N#?HsAa|L?gua{r+25@qto)vZ}>$;N6Z8=&?j-c zQct*86gCcIFyob6swK{<^ZB|eaZJGm8IOk=*u@#ky0yO1(b{Tn+kj0}{p^8-5B)pr zHF1S4E;jN2;RpiJO2$P+nZum0Ed?3RS2$EA)g`cqTxDJi?433{QX;UtORf8Ya!z2> z6WT(?PCOKZCmhu%dtXtxC#35wcb;3Vo>$C`J&$D3A;rGXj)gGf_&j!K<>9idOqm-GF^Y3Qxn^d z{ITFg4p&RoE(op|&w%T+A*#<6r&ggk>j1_E&R2AauAs#`k0VI|*d3~u-?Qu=_P?OQ z9?@Y$Xa0snD$H!7q z>vjWe-O>wwJe7;wV~Y&PDn(I&$p_yQio8fDS$w>};XQ07^TS^yMxpRCI`r%`NFIkwZII*Y@Z){Nw#42#}DTm>LhgP3aTfGBltLCR_? ze3rFB*DQ}qPYY$#FtKHIY|!2Og>F(m-zc(}b)?es8)IjjQqvM-)mo!|;yp0#Yb?hL ziGD6l*{4xv`*>fg=l=Xf01IXb5g6lZQ&%meP}8u`+!+S~3A?NcTXJgT(Fqgy=i6azho=&4wroRt(ufa=66-3SKDKzvOcuaX=!eXKdTox&7 zbn_2p$gOgqjHs++YQ1yI3YR3$0}!)*1O^!j4$d+9N6@kNikh7<2SbN&?`S@&_6t~u zys|c2?pqQe%)xr;i_6J>=~9NKeTpsiO_dO$?X9k4)jj*x{OUXO#`ZW_sG$-OR3I;@ zp@fm`@!guMm`V^?$ex}-+UeiDk*{_Q?@4RaYW*23{*p1&lM-FLL0Z$Av%bZEORqPh zkLxpJybJZf6bV2g|KKJ2MN6Ko-<0vQUop65^{m7A+c%-1Fc37((01|6q>S@9PY&Ox zuHKO1NBTyy_ZB6euCkamh|-s_AIwVDd~)}B4f!BXKNNr*&RIf+_32p5V1`!ADV#6P zTXvDA1>jJ*l*M>FZUxbh8)c{?0yU-R$;@EqPML#o(8}d-k>@T3MLDT!yZ@V+!Fi$^ zJOHJ@y#7y=AU$RdSAR6do{5Ge%jF%XH5cRYyfn*MHP3roIz;HlB3sLGzU}liL1{MO zJ6?=p`-VB+{8T}=OP$l< z-f2p5Zo~r_2L{O$-w$;;0`ny1AM*V=cy)q{3Q`McE^5Rg1N_)F;MZO)xq`LdyYWpE#X=DEX)^uZ_Qw#;lKI>z|RhJE+W(XkYrhVROx>a7(b zJ^FW8i$!k`+iz_&^)?^kbFz@7o)6|h^gGa`3)6GwnU${EPy z$`H`cpOzuhJ*8-7;0=>dPIJAB7~*@NLo6*7k&uXBqWqd|eLYttV2_#}FZ>aC{@AV- zW06xjWm?+QK}N7eTJG!QU>MRku^NNjzZtUFVMyer8l&vqf+)h*E zSDW$-ehMMQcv8GSx%__WkT)jfQ$2BA|3=4kcuY)-?Mg8m?!<7KMp*c;F-MM;nOOnZ z+M|yvC$nbrNkejCuv>=2M6k|Sdh2^_z~E!;nkJEjd4^)=STFq9ZR?+%49pL$i!P)V zYS14VzoYBsDvqhq*hDDGi{&XytnwGh?waYEPwG5>WRx}In2-}rvt(#0N$j!cp~viiYEKb;PnzU)rq1N8C1PT+u>9VqC*SS{xZe_~+^}K<+im@6 z%8@aMFs|9$p8{hHZTy6tCU*&FB6Qy zNu>J1$NzCZQu-5^!#g*PACpo8QTLQ%Q})&EN<##;86C#T0jfE62DXOfA4L{eZ-zp7 zu5yS_7`!zKyUV2(gJ9PfJ3yW)7hTb>L__sd6%OY${%EUWGh28dJ?X3^kxH?J^Y;W> zZw!Q>=tV#b7K2O*_n-j~?tScMbVN~AhQf6V({>O{>zQ$LXYWMg@>ZBtrM zNMVw63~{5Tla!QT&nV?ng<`deQQ5^Oh4-O*xjz1V?o{OWf(ukO%ktzhQI$w0!wyc# zN6P%;KKWo9lPv!<3JMrxLbWJw96hjQLD|&8adFV+lntXhU6V_YO%>??mvT(fs8n>nbZ^j!KCpC9bkbM&b~NNnFL`FYZZEGMx(@7bt5 z5t#2Y-Mcb0Cz?XN*M_l{-v@f+Md;e-Pc}UKXXrThKg07T9W{P)9ac|8F%^@=j-R$# zsG}J|_$>}SV$N=*Kkag;i;0YPVPa3x958$Tc34i(Y+&$X=E!rZU z`n`mNsjBV$BhGB_7Uew2u8ct{=Me*~Syar!W?}j|lgBvusu=XnVPV1q3pV^hDU2i> z1Qkz?xoeL2@!_^x^Y`_s+Zdsh7h!CDf8G3(t;hOo=VSqlN&)GUeuNsf@sP4*C>E*9 zNt;2WU~NC!W+lTRoUynbX-e-XgQ}4!-`<^$^1g%qDZx>nEwTaWRrS=sX7;c=naKtB z+7yhoGbYmKw80pcQ`( za?n51sa^-s1!$#w&FIx%Oa#=9QbF6o8K@>&q=RVIn2gpmXwlD$K8jkE>Hmu4vQWd| zwCVBYp-G7-LX+-w4sG?;wAk+xczRI3vozNCh%bv1BlBCew&d4i9C;ju!ma;8b-D|- z<`GZ-MASG-)G`w?%9QvEj;VPDo%QddgFUYBwEQRYJ^>p!LIV+9(VE>_qu9UD3OOQ1 z=I_)Y-S9_@Hq}$se}t-CPSu=lQk1hRNA<264o_h%zA|RZoc2tLmqK*U{G&kFmF}Kq zzsSm>$t=y)(r(q1tWqHH=eXx4JT)0icaq& z+?aEir2ewKl?jkV$Ep9LMh@%7d3qo7cC4DJx~5X(eLU^qV9?}<8c+Rb2^9ptgsi6? zg`K^|Hnpp(ZZ4JI-A*TWJQv4GisPIMAC(Q`xcog3qnARS%$>mbH8;h9v);S{;ph`r zW+_~FI3WCzp4^m>tIV9t8f^Q>(7mNXakr$rj8?K{QE4x|!RsX(~*4 zDLZ<~9Gl4d#2_O?M=Oj97dV_EA&S|Q-jVZ{Hn9-Rq^mf$LSS(NS5d9AQds`n7z(c& zQMRHRh^B#}a1bayXTT$rsAn#V<0Fc@&7r-GGwSri-h4DqeC5@`7pR+@ln|SnVw$U* z04k75bpy~R(9g&qLw)spLXR%eH8;k_u=cnZftbpL{=~LJtZ(oe{wEP7+}&k3VyHOTbvOH4^8DX!cx47vBogBtz1Eu zGqWUYiQHyI9Af-e8cd4r)`@RkZ($*N7p`b5R8Lt#u86neEhCb$6OwpdYYLG@a(M<` zfh+y{MHW5Y{FXv^!XFx=@e?%h^%jJ64Cal=L9{qgT+X>37GvrwI@Tgkba8Ag8^iB_ zolro(kR$2!UG7KY#Di0U`LDSB*^oCyEVJmc&wX(Tgao z@TO8RcI?P88aO3KXpE;)nM~Pw+;}p4V*?oxFhaq2HQ>04Fx7XNug;>v!yJ-w*1pQ} zSwG}a%|e|_$?rmi@y{{QDkw5tX5GKUYdPQH4=h|(ICJl7n)mV2H65m>z|=5BzLN88OKzyR2BRORfXb|>8rTyTQ(@M z>TtX*4(WYUcsv8H29`qeJGa(~YHRq+q^g(_(q)}?XJXv%&&YW6J&>;M-rGH=lA|_! z#M_r)579tbjSuG1 z5tJdIHA?}v5dAnBpN&M2ohLB-#r=Ga6xYs7@+@_aBI0L>eLH;w%Fo^d<7QSbtLEVIlk-J12|w}+ZV-06bH zWB*W|?TK}j_s}kdHXc4LLrEfcO1IDNJgee)1+}wyGzCcU;-K{x;)7j1iBoat`)BjT zUvQD&{JCy1+&$iZ(e;7;bo49clDsTYr6&YXSUu5E8^b8FkSv9)d6wr#sxTU*<<+pV^^d;j};-Y;)H9CJ;QnM~%I zBv;M@rzV_5mL1M4D8IO35k+*z0Q|vX7SiL)Dh-nPuoeTDos$%6GrM~#WrS<1CHmh{ z^Ke~RS0O^jwB@Sj<+#j*p?Yu5G5q@#_gV4Vc@K#%QX9pv66cZgwMp-YqI6x~sux-N2qRF-e+^BJ zhN83lDvHyN>Ran4vl86K#_BkC?jS=V4e}+Yz@L4-D}ao+>Ev<@2IrCdCh}FrWRGv~=VU#3fyt4G&x(YCH->I`Q~hW^&Y3}-I28rcp*F$@Yqu&5#vODdmy5!LSgQIL zjbDa5%pFMF6v(;jwqVY`nn$imXk*et)#$c*#}4SJE~c7S_LbIAZb74vxN>>*l+AKj zxQ;W=1SaN@A`;^x1s_HKl9_0>y$WG+YLv+%*7|NPWn$Q)MtqY5!m(t0$>jP{Q$s=M zgJ`$t2ZJVo*#ni>iJ}wB%X3g-bR)N2x*j7zDT3&vrT68g*>i?=PJwsiLR~|C2aS)` zuksh-`+WGHTr~Mdf4TlSIWxg%;kTF1oc+dejR{rd<~2$pCo<%8w7eQoPYSXo@)B|kvE3iXwD_lYONpW2Yh#9-1UD9KGA%dt31t}? zTqE>cS(4G_JRtY7R6>&YFK0=lqk|-y{3MIG5etzLYO@O5sA;g+SEh7B1TES(}Z}P<9DA4 zD~Q@J@Nog|y5AC@f+oK`DmNO)M8NVY$DSnSwcI#lh8)|y@sqg*l5=I_DSpiT@nNIA zMP7|QCd3Q1Li%{hGpZjrhz%o&8xsUC%wTZbPeVLCFw!B}(H>mC9GTXEiFj+q)Pr@~ z$C_Bs$?JP2;EP)#p_*<|`ydWim3sb9I)_@@n4!vENxrQ4L`dEaS%pb?@^_e=}*HEXsyD~PF3dqn^sov@4;9H0| zqM(t`N2OcQUWJOL^fsjB&HY_>maSkX_=)cuA&UQIX8ip}5Dw19R)G+0x9?N)7z~mg|*X_n+Q4s z=?vuPN4%Un`}z?VYH()Hd?tEmoEJGF@~)x_La?;t zDiu2(gF~){SPC_3{sxzEeB4*)a?64IzQ}`NYCLG#x*R-goGMfbj}| zxRa-D8h}M+$4T36_5h9%1SGKZ=UWy?FC1pVyo9Vz!@AM9q0|xo#1O z&G3hARy<=<4M)+L*%6^x(IM-E{2O!>EOn(;v0JgnMlZrcvKF@XYpC?W+f!nH{tm`E z?Rr;95dF^n(Zg<}&fU|HFU(Au$xBzKwPgf(B{(rfl6f{%j#^ zk|gHRf4Kf1?)-;`#1RwChxoM;E7tzHDhU&0@a{_A7~}arg!lPx?DyX|Fj25Y@Y{ur z8Ob-R^dEY{ggs6K3!~Dy4`7ChTP936labN;1sFmknT1MfL6SZnpq`R6TgHZ}SL(*G zpgDivh!E@}iWl1g8l1%SINr}90@4Ixdl96h*+KMX3O}L)^iAEPJF;Mr6}HwMOUnQe z-|1f%e`)_Xo6v0k`g?_9)!DMgT`2NvhQ6~^(o|a+GhIGf97Wr}GVH`;2{B3G0n@p* z^)C$kO+y7Qv^F(y^C2^QoG_Miq-%U@V*k6LTW#12#s$88QQ$;0IO8^K(rG4qT4XK# zr3my~1TUlkwJqrsa__u>^$z#@khPOl!bF}Zb1i;SdhK)O5%ckDQW>O)R#ft$fi?eW zB!btf4ja9we}tjBQTWUEC1w&y9Elcw;F_?qk^B@C5@jc?fm@h2_}mRh4TlRc1=Kvp z-!{KuR+Dtp>-2UyBurc$vb#pSD@4{(TMnx3(;s0Uc zf0+G^@DZ+#?(dioZs&dLL?(I>GGc@#juD+0Ui7Ghm(kg)yyBy+V^PWAWlvo$l~uiU_0Uu#AiPOb4;C;5z2nv4$)dekf&!k!4)B zy(`v8v(Y9$*GH>oxQf5I>42L7(rFX(&?c*xu!Oq^wJFTx$1NF7ZDo!_$vt47H$f}0 zCL}y%#9{%Rnw|Fj4q9RqM>5OhH%XYQr|oO1a9L7!{&g~0FktzdY{W^WC0Xu+(q|`L ztG_z7>g96TiQySr?G|c>-q=m zVdH+;177@c4^#V*SbBw;*rv5Qm#yCSSCXV{S{Z+HJr;MsfxC7~^;r;lp}E;qJ0ROm zsNML0(PRdT^5AyLohG$T>$itqi|jy)@dhL0Ms(QLubFfdU2Q9|bgth}L4fwtw7@Lfe8u230upliFm=0rExMt}^$BZ>!Qz2J^ zV2eii6vot~435TXLO8kZFYKY3hV|!>n*q~Q?`Hqw)%gF=+P_^6#%3vvXUGV32U>k( z!I!sPgug?FLglV^_~zv!#sCqQ=4MnYbS|TxE&_A+DgNZ*GKz z!Z9R6Zf-zQyW70UMjDFYJ`T15);soR%4QEYz~nxlx-OGD!86-)PJ%nvS(k%BZuIOI%+xJ0EhPP@ zs6tDYcx{W3r+9p!TkeN{0f3{ZNam%q!W{8zdix#1!j8WxqBcq~EVQT8>U{SXft8f7yNM6orkveWb zm&GjT$qOT^1AHY*gz~OdmoE;x$}Zl(eV}}Q?Xv7;#uRs7XVq-6U(MxNHnp5p zyN{mwv+ud~T!WAQVnlVntsW>yoZ{scSS=8^$t_Q8=k_2~llzkm=3^Rk<9_Q(QpX** zDzfSNbPZVdT`_D9FJ*&NLLt@W|0~o!CErs@f{pZ+jHD!cJqIBEeU0-pV!IR- zFf+nA0u|}pc2o=f(^hduDzzIST}YW1q$}=b{^F2#5GA+WCVgVJ_?fXaxn0=l)_&5` zw1q4l(f4$5i`dC2Ghyp@T}y>6Q&GpNy;PK5GMo;kSBHHpS<~X(#kro(eWY$Hi$B6qPYM{Md`xT)!>Nw4pDDwl#z{DJufIU+|XT zTn#@7R{e8IL0wkA^bdyY>dg`@AmwI9BcfsK1h10NO>HU8|rZ<@CL+608WPB;Y^nT8zFu%=-sY3M2i;)2Nt@_UuPHCN<$iG@IjxP zEBqpxAD$LNm>IYK+BHDH>D1EKa$ z#vF7&11FI>@<(0w-py>qDUIUr#`5+?{@G;->(v0bZq1yNT!|B0nb%Ii!4o4TevLa) zY2EV@Uuji^*TUf~*AVvYh^$b%jdJS$lT3DWcI`l|Ygj3&B>`s$+DmDxU52G_Md_aAEP1(d%>NdFKVt~dW z#_2h5c~7*z%A}P71=Xb&6f44Y zh;)oD_>YB$uR`2(oj`BWpLDI35f5U0rTnkKa1ik<#h5;$_o7&*jO5IOsOce<3#Aq< zy0w7DB714Fao&NJ#CH7;?WGoS+vWno(s;T~tkJx-R(J+G1^7hwjS@KG2JZw~A#Y7D zok0JrzpWrvc@C>~sNsQu-Z0fG1b=$k_O3S4YE9@WWVPr7qm45{f{4-dlQwK3TORz$ z0B3g@Fpo}PuM5dVQ?RfV-kdPQvdDgOT%<(8rgl%>85tR(^pw3!iMojL7U1@thaLG~ zGRP6=+|p!N`NkynILHPzg2C&buq#tV;mcCJ`8uzj6ZO*Bc!nt2-f|vRIr^lwzDRa= zfy({^vfpY9rl*&k(FH>93J$(VfkQ>+jIjWEQ&u!vVz>ZFx#G+$&dlU25Bhfs0|exA z48H>SkNLSXh~29LC0pX8f9MoZXu@2zVr3_~LL=cM^9kg+-seL%y2sugyzK7@P^zeQ z;E?3xGN)oKf6;M+RuuwJue{R`o>e{KYO>`Opt{J!PQrubrDuOy4~K?33z3C}(8N)X zXqK;8^Jr0{5ELz^Af3L{H29D56)*g&X_)UsB8NiOM3lb%Q%cz*7^5U+PtRl(Y8C1` zDvz?rczT@O3}G;p-NTi>W#7nrUXvHyVp^Lfvac}AO2`vmJAz^g-ozZ3$OtkHVJPbB z@LUq+2>wF>e4q(C^ssVxJ9a|@GM8~(h6X#I5mu(6gd$_D zDa(O%A;+2sX%yTw17cCYw-!jYVXTQGmQ#F|secYF46 z9`r6Sot<-?(WWa?81>yF{1(c&{xWeHvWH5xqf{39y;#1YO~`{^DFCG~^K5X3GZK@S zD}Lm7`d*}sS-xLazFI&ko;VO|Dxl|yOth{6z zh2%j?xC}hLri_*frX(=_Tdb7d3e;+N&C3UwSxYa+S#3&ZoDVS&80sZe83L=;uPG}g zq7GCCt)XzZvLhBAMab{Dp87eukkN`pCF`Gm_t(~rM+ekoi1sU0igEI)+!Oceocu?cHDEEwsaINx}a)0P%r ztg)6jDGgi5Mu}Nl7?_ypcr+vdgk)YvWuXcK&9ir_Ob4rX#sUup?JXBBuC(KVyrP0- zO{X?*d9l>Q%@oR|*%ViUTq-Vg)+6IwpZG<j$Px*(GumqsQ43A_B z2X~1#inGGS%E~rU(FU+R*NE09E6%_<{>m~{7wVlEm|R?_1V{pclN!=njCCXFQ#6`_ zv=AQ&d}**{9{Emn_pGk zw>Cs+ByiqB6x)AwL*guHoja7GwLq1RPNmDT z+Xuw>v@yA`1^?Fc3akXFL$=xaH2Ts?@v|1$%D!ILxzRW3&$hbUNw;$=Y_K=#Ujb8g zliWz4NwnN?W7ZpIt~irI5+;V=^{v11X+XW0G1!-sT?$hF7Lb;eLov4y4&NSY3=ky* z;2-kr_Zr-B$xux)R}x1K$|4t?DDu$f#*>n)|3S96O?-is02?ad1lndE|1dyG_YqUBvMv4 zM=y@_b2Qu{(&D6mJefB6j~cRG4%56 zJzOwJTYih~XN}FC%WNaF^qwl?akyVx<+IlSv_^#l*{I0WSudehDXeWf8KQ_12+V~1IziJa{KV#MP;bTNjjYW#%Tp84z zG}*7)28|44^UrCKm`(!dA1AN;5!(TJWU_qv`bEjW+xa!MPSO_ta7GbeSy=X=W!qQ) zjd4>3vMwZ(KV+gv6g{UHgbPKcM%Sv!LE0I86A~4CRl)!vkKBM|WEvRHymCovU4^rx z>$0R~%JOQyreQ$$cVL87QRXn~Nv#Z$PFO8zBPknR(G-@VRcmP;<+plRIo{L>_Ja}! z2c?tJmy!zZ+ZEa%1WiF?awvO;@LfMU^ksSQ(ou(@W~eD6xxc zx;>nG zQ|#vs=31>0}I{s_ENzR(GjPmHg#-D0qW@1J>5N>Gp)w z+I}g9vJuR?Kj^OB*{Sw_o84&32+T!itrqT&L>-*;SBekEuXY9L%1;VTI%xsRHN`@x z3q&5-AmL85y_K_ta=ceO`)-h*qJ|g&Mgm=IkC>eLx1fOgI-Fj2edcT zMDC>0yLZ-@Lm?e|+kj6NGXjqPTn)4g2duv+V@v?%4}NB?XsiJzfWswup^St}+ArA>YI!j(rTz>RB4yw04#Dc#9vJsnAwzWg>5gie^)W z8ougv(vo93eq0HmVhV0jb@6eqZwY<_^seuvDrYN}nR)cqAn_@HRCxEh(H_gck~*K5 zmN2z0(Z~i!RiMIEg8c0C@>wjQKw8lrp%w(;iW?}R=>3cL3m1%Oj&u)yzQo9qtS&?a zCw!ktq-qLyy+x`Cm?hhe6zg`@P$}aSXyF=U|7YPlj(d;JL== zYUSJp-?zJ^`y}AQ_)*uvV`(J!%{_&cQqq{UR5apj^mt>k=Eebvs=?r$=7Ac(4L3Pjqw@^d2-yif z0mzhImfwWQmZ!(|lLn5KynuX@5~_trC(oRe*-vQva3bP}DE_-L{TnlX?p0zd9uL|w z4{JcAl!Fxc%U|@of}yqVbQ{j1lYpzcDnW>)KKB0SSN|(sYQQS+sj7kEvB5gxk78KX zUflAjy%}52!(uETB3pq#3UCrbzzTFEjplx+YJ6-|78l}D-<-c|Xye|BWcAwteZx|t z;PhS1Qt`B7Z(kf{Y^hs$59i98`vLXGfD&l}VxJrb)(l{|&KpoYCsS-85H-%k11 zr)PA4iBj@9YRWKG4%{UQJ{G=PhETybmlcnqMJJJyu0_6x|HVOULL?D}^k=xVUhKtq zkY^Ue2Uob%-P%#oRX}5mf0Mb^b_MYWtrC$|DDl!#+WdaHtO=$g3teIU;@ekGG#fuF z`04BK+MWdP`j_`Oe)0A8)^InAlvfbHM`(!e|N0Af9r5_Lq5rnvJ34Ol@LXVF-GHd;en{VpDu&evu5r!eA{1;xb{8`B1Ii@Jf|Do>*-$yyA3K z_>Z$3*`yBGt1IRk0EMmG%QRB{)J7E(HJNLc>~X+Fk>79QAIXuimCJFJ)Ou#B-#y}+ z2CCyGhC;%{7~JChV0Tp;m0{baSEA?}u}soq?s1ezxCtnAq{04CWg%0t@fiV z)r9Dck#-d*BC9gjflYaeK;)9ITEZ_vNnOkg2^z7QriNUV`UDZaR-JO>0#{_8w7_+- zJIJDedq4GU*L12Py_|k*_~1&a?N_cfV$u^zwVRH)F{_T6RI>@l7tCrV2CnS-UlLrT zLe4=Boko=?SJY`n`H(e)*7=Y*hEcMT@@<5ySw-4l}Vk4 zG7tL=8lsqD_cVkYD>b{uAW>(3Xf`vANLVosJ$8Z!`lRL;E%<2V{S>6drCL^hlw~x~ z!Go!5XxQ>COttWnB087ly%`Vlj~~Z}4qOVpwc##BKc6)XmC5@Vdnc4q<4pI;wl-cM zo@35@lpL;5sYpsegQUfG*xYDJ*}2N{1_iUQ9B>yL`wCqrwC~(ZSUyxa&bBO6}V{P+w&s79S2w@d>jF-K?(nw>Jk5qYvF3XXiVwmcSce;s2g1`*r?U z-&m3|)Fa2k;!7iogfsVhwu9~!WfA;1^fKGnl{c23bNJg=r-YT~5+iBz58l9kIoN9* zs_?oDu^fZ5aGZ)BgeErM+v|z!zq{2{jfeg%UBmu=<1bTrJ9Q2H{tw1JuSB|A-CNzf zKp|b(K}QAY(2-9fT@S*V$Zawjg~+g8LJ@&<)9HV<$OLDhw#ehl6FvN{y-UMRxnG?( zc6Z*oy~HtyeGxAUumsN27T!mT5a_n)eb-xSen_4%Kx7{glTr5+vvxLy09mab%d(tqUbxW;li0j#^(*(v@E=zJsx z-j(tBgu@x%Z?KjYymsmw4nCX?7J0GO%zCm|2%rYTD6Rkn52MFcSsSwi;o6VH=i9i8JgZmcujnM8VKP|YXiUS&RcKK{VlzZ&R14|z5jW)XBy_&^KOHh z#0XSY%7Nb1<)a0O{7);V6^gz2)vLT@j_9EW^pSckk?0Iy&tLEG3lqpGfrWkMlye8f zc{-ZU^O828&lH!2N!mou{Q(n3>PI;Eho>T>#Xst&irLAYZ%vX4O1<%GiQbwDNm4|QaYw`a(MrDfDt z)P?3CZx3QU8P>MVkIDwkDH-a@s0ycIGO;f)!XA4L6Wr+o8{Vn|Zh~Z`MBj#N!>*_5 z?{Xgd;|}vHF&IJ0U-QA}?R-KOc(}jw7E77pO@}smVlmr;%(vG zDFW}s?0NVo^qYpILWR9+8*Sc1UKTK2ez&&Q@ax7c z*-r2i-|8e`@i3-v&d4`pjk>wUkXHAuw|D%VT4r_~A=e@MR?y~3>oRGGvs5JE7YW24 z1uKedS|a<=yx&e|gu5L3D9`#jiJRk{!)vu!e@%(eh&+X1ITByXb;~%Z;c~fkOiapC z%uUyNQBI_1j9$<_(`!$QaO49@N9_DXDCJC%$v5vzrgY;v^=}?)$85K{`&ZWeLI~6v zx=!jk9rQG8d-reqwrR1pf@SNTMd%Q;4NM6#v~nO<8%xvMvu`C==E)d@mmFV)PH1pv zlk+PqwjbXbX5RM3op5U`QQ?Ii-vWGm&Q_)l-+(JqI~9*Wzf{Ospu)DwTEMc{WtDCX zH>Jwq#5R#x4n9HIN9Dt;2e#%z$yS7JQ_<=`71Y(n+m?OeZV>#LqPET4i!pTN&4&K6 zdFn~*{H3Mw5SbH}3*3Ul`hvhXY7J>4ZV_7_uHSIjoumuAv&$o<+oh%fW}`_(k*RwDIMW5`Zk>E?U#ScseIBFox^jX z>Zq(fPI_4}<4u~DqtMV~f69m~=*V?4+`3dFTo#xlPosyYqnp~S$;I#Z%C&_nDj-|c zVX4&=@ZU`ZF=gykpQH>r?(%ygv?3kWAf+C z3aabNzFw+cj_&L3V19(Inf=`@gz;8mFL~wlNuxS<^(;apKtE>D% z+B&G>$i)z$EnK9BTZiE9!aB}4gG=6Zp?*>1^-KmKoxuarfDuK{l!~DYU^alo(h!jk?Y#kxN6U4sH^~)Ah zU;cMllP=Q+J9IUWt&2Q6{RGtM_U~u^_wxGOunPlO3=-7MDGbCT*gT<1X zbZ7!VKG>YL&f3!e1hRM^4gMLenRjb~ryl{m>;BqLz)kPY$IHntAEL560QSgd*d#gF zbs?m@F;PU;S@OFEV_a|!{7>Wuh*S_fH2t}&XMZeDxtFK56LuskkUs-SxJEYcH@%EI zRiZJTphGtpLul0IJK36!REpwpCTtktH#)s zia~j#fN60a*2ZR8Q!AVLPP?h*9zLU0!8ZQ{apLwj`}p8*XDH%>qhHEu_DmjHyyP!- z1${xkd#&yG#J%^6bBGOa^YHNcc$7ab40y9`I9;P#BDEye?G2Hxv4B181Kx!V@zj65 zngBbTlLzRXIXfwnV2_5Pa*ib`_?(Z3;(g0># zaNtD=dubcuzsFdXEUy`DfTTiXecb!|%WgG>Tep*csG4HSq&;ytaM$Lz%*6X8MR%k8 zvZ^-!^q(}I6d&WVN8)%XT=KVG+hGsL=Ce83`K0^Od}EyS9CHS2j4J{{(qS$5!_{@2B?B=FRpOg1GAYCH zTW|_B@h2Os=#Gq5%ZxX8_n7uG*iw146T_ap!*alu_S|otyOPE5Q5Pj{nexYOV;K;| z8LOl< zIL}ko&NpjhcNxm9fHN37n`PdNAITc4xxgsF?3+(JMcw885q#^VG8WcSR4huLZi!JAT|Y*X+T7|778I? zaTUm$(37lrW`oQ+q3jCsw|6KGu>;aysfX>&Q`NFFw~NNmtoyS2r#n=~%wA?b)ms(w zc~+$==9W<|R>;AZvSj7=>}}W;HoYIYk_m$gQX_?JVskRjudG7tT{IKo&2UZCo$;gC zZgtbmFn-EiNnIu;t!MMvg$tCX1kZna>1ncfkXJ@J-Dly^wRHX3GZNj)DlQ>nE)feU z4olBS&tClQo^x~VX^C3@z&njC;J&f0d8KtMdUtB{+9VMU6!q*v>1j;#UDfidvCwB8fBY>v+E2qBhmK?W6ba z7zV9Lhwf3Q*Jx7ZD7aK;lMOnSL1fMcl|iCTdoadAhj{&wD7!5&YDa=|ZTD1lQP%K! z??ta`f6Bb66BaSena6J`!}t>=yLCfbRB_hW01K)u1O*;+@l@f_OYgkys3$##lb6`7 zU^i{fo~Kjbz?pdzm2fyNv~%7$xGd-?G&aQ*KdJDH5{hkdc4;Kd+<5!6m-XkLA@9zT zGE_r!@eX;`$(%WrV5DvPQ*_N|fP_a~J1D8C`>Km~b<>zO_YLu`Z@vxA%C3sFGW*~m z)lbpR`j62lX4Lyiv+$iSp(w}Jz`+)DS1#|xm!tK) z6uFhXynNSbg$OyI-y7oE(a?RGR&`8S3Kc(HNPvE05A$NV>kC}l;H?Mv#(BBq_=p6o zUEJ`fEB<|K%Ha5G*fKeE7*G$ecpa@N{@nBW3+ygf6#gRei?#DVoxqV=?6G@>0@oZv zXr?`-VQYo7GG0+sf6SZN4X9aepOEZk+AnbR&X1LNBD+NX!_y1(cfeFXEOHQ}Jb1&K z-=s)?M*b92A0Fa@4`Mo8rSA#fx60K58x`PS6Ztz#?B_aFC2&sQGT@vk9z%i3J~i|J z0g$zy7+=YgIl@Bx{lTH=@~C85!GUv5>MDfim^rEZqY(GLerQS`-1uz6Aw9F@qK-}f zi{)XhclTl9J@`UFh04d`*2;W8*bAD|8?q;;-D_5TbWwQmZxkT&@1MeZh$gk7m7Z?N z2`17b)cI^f0S&Y@~hCEPu=U?@l{Px)9HUcDbWpD)x?fi|$K~y$YUB-68N~Xrua~BSLQkoT)HxxK{nsAUFT%jJ8qZp zDe|`8?NH0gdvse)hr^3XCh~53QV!se1#Y+w>YiH%#ybnzmOCi!j=rl`_K}5&jZiM7 zxj@?X!niRG(u;!OF4>@Mm_V9_t&;pxu^aYchNFp|S)CvSyTIOv>r*aVg!A{~wcH!4 z6@FLp^U78D;$iz?47`MTB<>EZAW36ICjLhiCvk1>rJS$*`8>f~LlOMD!LvDQ*$VBXgE^@31`MYyxx5c?Io3 zjgJ9oI^~>n&*FpEQzgwlzonafN5I*Q9==7h*C`{df3upga05Z>sYX4hc>9}r(lCZ5 zmD?4*Jcmisg!s(-P%J+27n{P&QWu2vy;{#zqo89cy!eDfT9)fnb8CFn8TXuH*p7Bf zLFUud;eNyN>KJoQupZ&$ioX#B9e-3A{ENFlO-z)d%-^p@E)%GtVwd1vkM zepN}7Y)Mb$*V+roW*Qy7FPSJfdiJ$*E@X}s5M{DJJl;IVPEk;i6!x7Jl4-s%%^eTMAy1{?Q8F0? zb)7kVw zm4pxn@ZH5TW25F*xfL#VA{;P%0fK`3g(u#Z{VfOYH zH;)^Z!Xp-UX_tS{Uyo{`u(AvHrj>5o6}21}t+?27kGW(Y9TiWO&qvGLaK^;4B z+k_GP=RX7{pF!^~9$3RuNt0)^L>v_R%-s{EU2;*H9i1lCe?R|&KF;y9HhswTN9?Pz znEka3?OY{Ef%XffE}i91Z=R=!GwzKd&_7Tbzs>e%cD|;z6uMaalSJBIai2fjA3ulc zXNKmosHwvb6$RI;+fB$ubKkdgCs@xb(h!lgX5Xc2s7L+SlGreIGbairu6<_9WvaV> zc#08uK`z|c8f`e0*{>Vgs(ow*6@}xzQ%Men+jXHuj4iNxAvKLSZo>WOmN8!L*VyV< zS?RZo^l~`wzJ;uYKbt98YN{Ff@yhbrl5<8ihoteNrXHXvj$u_}q8_UEdjjKn@7*wZ z@15F6Z2b4nLx!E{=hwaBK5@l_&Cl&!PtdjbB`>+OUz)0GUVpq}!n>KIkGne|^?LF= z!o$W@DLDh|jh7&wH}%Ec8vOej?K3K7|I&{sRGo6w$ZTG;{8BZ-{lJRt16PJj>0+9X zE))U@4J+pSH*Usi#v5A5 z-Xwb&_6%NldGGpqwEIbs`)=t&P)FgUSMO$XSm}GdR;OFZY!pp1<37gFc`l(GG2yyi~kF+YKMD*Wkv~w3r52$NmWUk2n#P&Zp`y1z0C` zWrq|i*q(64n!Gm`$+2~_b??_Fyb|*x`tAT}-GTZ|n$28Xw;3;s(K&aetIFSVsv7j| zA)g#x9SqGqyaHjnKD2eWK=PySILGHN7ayOFOrY7-%Iy+huQ&Df!EhS~@+_MbrRS|G zbuZk_SDnPiGdcV$SoQ%9y&(h^7PDM z8qtHBOUW1=TH?xy#_1C78+v_^v-&E$xmkBax7$<6_}+W}^9~n$y#Y%@orY;ONzLe~ z6|0wLS={H`AuoM9_;eCbw_8^nm~eB0%~WvwUDQzcD+mXpSQoXam6L7G(9g!Lq5%OX z{3b<$sT;&0)A}4kkF1=yU-r>`H7%4ZE$}1aB?eEeoYp6E%XFq&L7o~IQgPtzb_I>0 zSvvE+mfpY83tZo%9Szv^dVBghGLVUQZXkMGk{X|i$mmEeYT}vOT59WDs>uM!PMc;w z$&_lj%}IFXIB$Bx+(fueU^o$(8MuJ`z;(HLR7GTs^%(pw7`MZUZ*n}-$?9*{C6a)j zH(+#A{U>=J!Y}9AgF&Y)yPWYAv0uyvKt9fq>s-i7wkn z@O7UUIE=F<+oEsAJhKpam&97;)fMZFL2%n1K<^Kxxp2x%vM~={DfZx_mGb!?mXINA z$Dn9YI1S{YFHn}Ev_2aYcb&kjdl2})epNJDc+jKkTB9u6^2O~P^!OV3aqOjt>4Z8B zN|6V1)9%_^vT=st)9t(8YW!|(Yq;4my`xe2OWGpfWox+%frSQLSX}3rGxhm1Yd>Dg z%XFIRo)v;mf-mPM_)mK5dhA8(@azjIiU5L&0^w0{`P!XZ?#^;CpTiU>75i6?@Ferpb)Z#u^ctb*!*|uUPQ1%v3#F zp?HNiQHigd{UHMVw4`}@fZ$X-PoCsdFuWEEb+W$B{OESC`v1vBy0njLLPqSS0CW?U2>aBNWrg4&WTNZz@A@#C=kEN|U zw$kc-u2k^;!q(U3W4blzHd`20!GuYbT?@TrcA>3aFL(sDUQMRoF)zyesg2_QXEM^? zc4Y=L%d1Pdi0X>v{2k5QqU0JN@@u+B7q1dC)@Jk|=CGS6Qb^ZV6w0Ia>ZK$Lg&_4O zP^I#CgDQHghS4C2!qrBflrFPF5V>(0N#jf7W-n8JU^)X7<%pQ^WU2+A@mr}&AS#V9 z3K112If1P-b1oMeY_l9u`Nz2@Y29Sp!%$4W!~us#)%pYp;^8H0WL&4w8G@|=RPiv2 zxaNMXVsCr2!*y+M_kPs;ve{L9y0~YHGpkzH!mdn*b#Vt(_)P^Qrk?6AesOwZM3;gV zZrVxBqf33WhrX*G-2_khI|Y|pdq|BCDK|)TtbcKj~SLdraJ$F_OiohsCEUeyb7-T^v8z>%W>-lXomTe zcJa@7s9VTb?)I(dFRbsq*XEPv_%UM8T}+lkRaYnRQ21Ln;GBEE4_l{jr)b>h*mi3j zJ5Q8;Pw}{TlrqBCly6;3vJ8I1!bzu_veZ#=_qQbPrtsrW*qZw1nF^G$~FVq zI}G|fm79S*-rhhbCNq+cgu|fWyDv_vBcN6v>IC!pFbi1c`l@a)+qy?9WT$A|1hHEF zu00gVl0OYpk*^^;RFOHWLSGCn>#Sah3TTyg$)YGL41sY}gcimY^y%5hPwG7MkJ%Di znZ>=+m+!6slgeXs3W79-%b7*{XC>YoSH?_EMVT&G`a#dKTf}-Ogr(ZkkzE1cEt&TF zjLqG#*)ObnI2BwqfzF`mD_h5Kyqo_QlpAa0gR;p9B3qc`GO;wz7-wp>V0vADAc!2K zA*GjSfir+S+1}bJ8_To3f$}w6%CWHp+>6)*Ot+8Q_GXaiK=(y$Z#BK#)%Iq(ec-mY z))tyN4SJOpnkAoeYH^rnrg0Y30%n?(nnat9B#)OgcejgLlC9n@`ngRr_fk6B{~+Ff zw}+tf{J&n6^8fDaZauyKyqB_&{cm>ue@~Wg_{(LI`21!+Kysy?UogUo%zVYk>}KSH z)=M$*xjilD@s$H+VSg{TmnUzpCvUIv2_IJUzkyNfbNhPbBQd` z&Xx1Js3++22;H`D64Zfn~*csY79fw6Wqx<(`8!UJ$}va zRY`mMtH=x;bH;GaN)6sc)uUA!R=oUX^BJuv2p#_S;(8WvNZ1LD(wq&e=00!;0Q zCRvbyvuV#OGg~5vXEPk-Vsc-R*?^4(_FL1wR+}^*B8!{6{}x)EftN-GYP*FMgm~?y z(u_e~oh}?=YH})7)^f&i*i&-~WXPY}%7o~4jSYFKe>Pjw{2jELC1QSm&PJyvsy5AU z2L>$;GT&jg`lM_FnXeUT>cCQMLt4+H({P@y9iwZ* zo3E^~qofjcBteZ@xk6*ea*qeCF-4|P1|9|$LwYiNO$?x+k`bh6t z@`^)IN}OG7<*sDeyHUllRFZ7ho;MYOGffiF5SRcM%FH_V+pqAN!SGFqlI$zb2bm@@ zK%*Z(ccZ&89sl?3*ZUtI=810O0KU*na6jq4mcKq5->(5@vD?@Dd^eA;9pQeQy)(#M z&n;_TThAlAFyOA%$u&-7oSU{&9hoa9h@ih?`VNI$;G(N_7Q7OV?K=&77t&%Mw$d7= zn7~dI{AR91nwm#rUJ%9Z%C}};z~AOh&ASE{x!V`&)$7E8O*@O{M}f@-38qwr&c}^V zRk{#YBPndUHhOAMzLj`fsNv@HbS%6Y#zNxxMqqvx-u&R^!U{uoi6pFHd$9+#oV$kK z5AF26y2~zzKbzvVC9!j1%f-I!`Vzcw;Em(t!qLBc$Mq^VlwDw#?bY))h0UB#^ZU4? zWoA45EL~1^$Fp}ydPB_4er-$}kBr+m@6pEEnijHn+h0s(`%Xx+<)}XyVsb6ZQy7D9 z1Hb9o&&F@8PViZ*_Om-U#*yXZ`(sy}0a5t9<39zvipPB3r)< zW^gJ}Yk%LV$qPp7Y;{J*=VES6h|6F*+{2V>N?mHTOu$1~cYD#lvw)=!JHXyCZ+j_0sF9wwv{#!qoRKBok!pdCO!|lW}*Hc4>23j0pkMiI>rk9 zfB)Nqsr!FB&kw)reAWLS;%UM;QF^74nzt>z^|r&HSI{igt9VY5YcfC?M@_gIQVFui zb1swwIm9e8F)uJ8Dj8BX*aLwXQFQFK&FXu?(x?dx2R2H2$GRq5G%EbZZVYEEn*e9# zO$`#{C?KN@<0yW4`OBr=~Bco@ryvd_yagSU_&tf&oqi6pcHQ^l*lot|CU%rx2oD2RdCMt?) zillAZ3I1yok7dGBY=1#siG}ii@#^^HPp{%pdiODw%m4Gv!QnSk^8f9(2Vdp?L7pbO zpo)z{XqO6BsX-PW5#EQjrsC$g=0P7~SAY|~#H zKQ(omUE}{A2wvoRNwGWz86VIDdZ=ztFE|bm`(7MH%_dyE{@croDC%~*TC(A`-&Xsxuo%mz?(MR2INfj59Bk+K`LEM;e!bffQSr2AL>=8MPo`41) z%7G_P2(mMG3^?-23(PymAy0 zZiX}&LPD5UfsFg#Bsz>S<2f+AarA&fE7q19X6V1`HwhRKMg}P2D0)#NXKetp;(z$D z=po5-S@m}9zA@ymER$lM@ySRlhgw;+-JAdNJ{ZnCvHep9NmfXOLdJHRGQV0h42guE z<}rm*+Zg7sCf8kj@L+0a1Ve=q&P!avMZpvuVI9O=@HD2py$d@pemuX}jp3z%67>K4 zDG(_X9~pz@>h&cgC=~6}gea7In(qf1nPx_uY1Y*L)$^V3LIBCjFfk_w=K_r{K~jY> zidrGKow)PYKSwP)-^2JI-v6_GM;p1Q5u#ZFq0h67-{^r9>1AlnkL?kOX9Y4QG&8?B z%g>3j;}H}8lJFdjWth@_AC1;7F{wap!g0S(8C6sR`bk5jw{e;x(-=Sj;qwVzqD%xe zW+JTpe1caWb4)aLPg!25)h|S!TFakRzi;ccPthmnI*}(OreelZZM*Wm>cS_uKvf6^ z1oRi6e{)EkSOb{OL)RzhhVj*ZKRatUM~n1+$Ht4}i-!LDKaJfkECppqL|OwyfAP?u zNdXPz{!7Pz~M(l!PNshtFPj`c$C_Vn)bbRG5e3aN`{U&uyJ037 z)oY~BKcao`;ReA7K&5d)NL0JA=99Q<_cd^g0Sn3Y}<#*N`5IlV+NrU~A5T{=EL^*!7p-G@23BY*zD1^t~f zMKU<&DI6Dy%YHk@9r!TGO_kjcuXzdfh;OyLZKHThILf8j1oMK8uTdAV`W;>V-Xy)N9|Vf*YD; zfJ_!9!DMd!%z%!OSwH*@ns02E#%o}m8Zn&qp<5k*S{CnmRni_TQa73!3Vs8GfdSAs z9?bVr@!X1`g&2r2<>Sg$nI2#|gvI|51hAA}b#|d{+Bj)E9g)FmQ|6(31Gj!w$;d;w z6mI>5oJ$Q&>_2lgNxiS2Wu1PJWnfwwcjhbw9PgMW7o4j`Y4rH$D>Xzr7BqZz_>=A) zNJRK>>R3d@6VfdeX)n1IX4 zctb`gVJF30U_un8M|y*T`VazHisHN)2q=>ZNxC~V^-@?C&c3s^__u@I3ODsCC*64y zpMmQ3)AyBPs?0Z8`i+1j(2YvwUF_b*1FsGgcYI>Wk0 zl51pXcMb{QA1-zah!;%9^5EVAWLhxo!IR$hxfSE%^V3pO-i+*CYNa(+d{iChjqj8@?Z}&1jXdmo%{@ULEuHE@do8+_=ye(Ul zwK}cN^LDVTPnaSf%VUKECCo#rw=d3#8eUCu>;@A&7nCXK(_)-~k-LUIrmc)$z;p|; zG{@xl%%5dQb%Z|2h?II~?=C_roocvM8Sy*#iW61z0|3t#`GGC+a~gbuZ2d`(}YWb zYmThrlyO2xW!NJUzbJSBxg59lk#Ke3o*{H zSGD(l-f8*{r7JBm$1S!E?wdj1HBQQdoDzL5cjOv3IH0=|`pVMC#(aHD94(t+fWGPo zz$*3KIp`}>p11&kN>Ci5352J8AelgtP9QNmM;eEAd@W0^{KX+3yY-yU@sx4b-p!oqcFXB{&;Y)wcBd?}n*;u9$ca?E8CQ-!;0PZF}s^Mr*(D zG7)Va_Zf=HZtWP+7l0s;3mlvH{4yoZqt>I(z8}L%^v#dN`jQ^M4=XOn0Jj%|`8b>I z_98bQXVQgLgp)ikM)B{+Yf3>wTiQaP`F{duPuv|Vtl zVmRn3w>5URrOSQBTHBV?t^Fr6?>b>QA!F_cocidNCxFRi{6-bKznE zE86_V`Yuo=EtkpCAcwrjQm`P{szZL5z0#=Y3;eA>rm~5DIjI>P-6vhWYieu6aqU}0 zS9^=@_q1qhjJ}3@;T~CTYh8!DHz#e_?&>cJnx%kjOa*5nn++_e$wn{=x($gSR%O^Q z9L%!pyaEE7Z1S_ym`Xq{-Q~t~7dD4PmKh;lC$R+)Hs*yDii@9}`_>H7@?X}ESf{5k zmHKW~R8_47eZfbibEpfv_bVpK5risfi|G?J+-MrtwQ4N(f14;@bEokmPV^*RQyHcV zNa#}`RWJn&vB^RruA)HdrpkqD>+C_JEE_dE1IAg)w+^QIYgEj+Po}HsWouQsirHQ2 z>U7<1w&#w1wOwDP4Hn^XTWBEUt70rwWAITL{P@(F&}Mtuz-Tn~=-0D$pkM+fJ#l z?s};DET2{Mo2nNj-O;DX`3>1=QG~6b&`-LTmoKJ@)!&}1v)Y-1vsFpmlDe(kN_NUf z3NJv`WoB%p9@^M>4UcibQRO0pByi@+MNN2N5l~132Zghm{0X2%(><+6tLRrNizQ2+ z@`m&?*FtZLdUNS#N?biM^)w8h5$)#P9^2iRcESC@TOr^q?Scz0AD4i^-8BzF#TE3M zx)9=)vKL(caVPrC(#;lge_WCUrKBH5=GLHFLZl=t6{JSHP3d;xd)d;uIZMA1&PS$U z3CBaxan+v3*?`|&XVJa9e6a<|gJnc?z&`fYXQ6o5&Cj@E-V?zn8?5%jtl@LHlUrn^ zBVi4r{Z4j$$kjIvE3x2NM%mzs4D`fV3jlkxzv2&4XI2HZO@v$hgS? ziU9B<8RZ!sL2BNLDUYI{tkjC3F3OgMk*mz9uxD3(s?7$JeT*VS2CKTY{U|aByXnN8 z=W(Z%VviEm>g>0~^TR00i!8IL*sD4<$nH;o*zV8E7t1Rkj6?hBadtx{@+r`M1&7Aj zQKi2$fVTby?}q`tOnHUa5@X0{XH z{R(`aq_tCBfL+UHilZpSUJ;69V!>NQtNkcIply zS5K@7!Fh2dS?+$6m3Z=(irDrLoHoZH5;Pv8$eoFsRWpv`*j3*~Ha?2HCh6;Bo*!RczCXKo8C6Q=*dP2JMWOC#QEBdB>(_r-g03*q zwydAND9Ur;b%jq{LG|#t#>vtVuY-c^>kjA-pv(LI{`kY-FKUL>{0&;CB&sg_tE35P zPIxC^Z_ch>UB>F8U8fSxB+u|J_onRcKkUsZ`<+|dowDZTDJ$>GyYnq7hBl{ty(0Cw zNc7IhWqICXw>w)wL$6t;QU;=3%1DMn$r{;Qkyw|nVTz2xXyPtIFcsvdNcDZAu{VXy z?;8!n^G~Omu34gfdVnWh)PK=kOqH!)TzWq$-`Tohyb^Jv4c_;Sf5&>wivvFVqoEf#BJue*&`Nisc_`@I3I&}I1)c4npmPr> z=uD%)*Yths3%QhGL5YsAOdqCB&=$T5pnt5G8ua-$h%&*-qwLk$>o|&@J$r9r9v$E}C=jSCtc>n5lxZaV z_p@hF)Pi##f9}4P79G9_v7N8Uu&b*iUD)wSUK$O(3G}!c+LsQ@^bS4lgN`(1Z53)W z{d%7Vvwhmaz`$8H*^S}D4=8YX1#e%uTeASkshgAyCfhZ3Z$g;nsT4-sV5zcpts_Wd zw;Pr#vr&6d3*KrhSUt#97w*o$G(L=LVD-sw?WSwpGQhPQm#=_E4|r8)CYx}OTl?2* z+s_PQ&3^yPTm(>6jOM~cr)K$(^ia{n2$WHAhkV2b$WT-MhD>U%R$o^-s8Ow1>_jta zio#`On+i`=X(uBjv}7a8T&K>};527nscEXM4blrzAx!>=WdvVx+sVzI>CcAWvZo6A zdf_5$0#wQZ<@!Tf9oq-j|XfXMpWDMzV?_Y0PnM#3hVjujZyENq;7 zUDm>>S((vb%Vluak>Pd{fqfKynfk!{eQKPJrdi69LR&V5YRhG3eDKTo@Rt!CSQ59J z<;PYbv6T>sa@R?T`-u%K@%$VVhw-6imbVi7MFtsV*V6KWA6buBD_*Y(#RVmqYzve; z8)HiYcVPY=wsJ02s{+K*xgGSk&P?VsH)TF-3vB5*nDJWUgO=j%<6+zEX0K_2Ok0vC zJfGOxasM;n`Q&eU_d4*>5=E|E3I$8u-LA(uNrvcq*aKhF@F3oY9o?YeeroLgEzUbOfWYRpYTzhQEN8)&BApNNB?vk@SY+@$TgIHcXO?PD61uCd>pmg zH#aviF;K=_4BDA(CEKr0PhP#beAPP8+xAh#qmoL#`l*_)TASEpxhF5&F&aQx<<@Z;&5mwSNJI`Tf|rk(^BKu2afkE2Uh z9L5h`dhd-ZmL`x9HYmsdVZg^|4+(MDc zVQyr3R8em|NM&qo0POvHf7>{cFbdD#{uEdxJF)vQW!Z6(9`9z~S8b~k{o1#+l+4W2 z)5nHLNWz#R*Z^op6Z?Gj^TUki2d$6Q@C?D zg_O7FaOVH1!Kc&dbl&do%YQqaPWIp3*RNmyX?MS~zrXjov;X$ZpE|p*-@V=c6X-OF zM9~v54(XpdYqyo{+;{T8ARruaOagYW0e}lRnh-ia07sC+5oBlshWIn043pph-0W?@ zFpPih?zVS#+no&$g(&b);9|rMHXIPZ89D$inaxPB0RTlIVVFy>Q_e$nu(RU|PGjv6 z<^i1Hwo7I^`tJ<@ZsG>oU)ofdQN#x&go@Md55hw*U-0a6SnM@weI=Qz8&II8HF1Mk5AQ$?hg(3~{!@ICQU>Rci;&CN>aRz}egDeA#=w-wuPx z#xY1N zH)aqA9O3{`*(RDn?2BrI39Q2?EPi;#~=4xZ@l*!?d`vN z>!LSrI`4jb_xAPcx1C-17dRSup0_bU0iuv2?*O#+I(xfL=Z(|Z8}4-u_TC-r|Jd%l zdAGm6yZ81l|F`u#|LZ*I`F{ib2(hLWz|#4@+v)6g_A~Q;e{b)3{y)m|;syBNlM(d6 zkz8#7p1}zMA*67IIHGLh#S3umBgoJ;2na`jPay|PSBwbndsie3k~&P;{^a|2nS#`H-DeP8A?i6Kvg{e9INmzXs*7- zwd_^}*g*;l04!C>0E`%-S|CS^lbQIfKZTGnp$wW&=C}TAls@x0Rsz*$r7(Vq!K>dE zc=h5uZbbdgG@@P}#Z9T-nWoSe%s37viW;Khz0@07%=chuIz7UH7v3JIf71=tf~9m| z0}XmJ93&l;KdpYs-$^&+&t)4GjH;Dhdru;{M0}%YoGhL~*HwD0TsZT#4?7%A*p6V# z0{}Rj#Je`fLn90WXSd_fcbyFYUc3N<5V?3f2QcCB zbK+xn-Udf#3?rX2F;oBN4=AfHUJ1? zG!KB?lxpcrZXBWS&jB;t3jm}P&H))ON{CIS|CmLLgAoEV7(}wVOOa4L01l+E5*)=s z=%TGmmsozEIAqssCl-88NIWOrOYMkGsD3#i#W#>6$Bgxk>F5jD)mZ9?7iCgMkEt32 zP9r47Yfd6?OCsL`KE6ic3quH?FPuVvgE65qwN)ko@W~{mv4=*{;2j zFi{E&xeXANO2&keC=}x$UWZ~=#JEspRDCcbQNTlj11{Kq0q6=d!B|b$6#4OlXzg}d zf0P-ZF#EUX{d{fXoRS&hQxq|PzJ!EwqaCj%RuNlt`h=2#La-h?W{Ra;W1J&t@|`~^6gg@QrArrfd`v$iBAMRId1 ziMpkBgW}IK4e=n;rhr+yJq6CZPJ{d<9w%_9Oz_}{2+Tw!ZIo9p4vdYy?GqRJvi3Rg zzyQ%3>>|*0U9p%fO!TEWA$iXfXa_3LQXJ@ax;4QBC=gq6&kT+nbTR&dy9KBF6hUtu zZ=isN05sIL;1KyiS`*}^A9$DvpiGVpj5rZo;byC<8G%XAmb@tUc9JfKay)=_swD;u zdeX`OeIHPy&mh1ii$;#JWdcYM2#8$v8TJrG-c}p*1V(b+K?Y!IP}Q(^t+O-m_1;Fn zha==aWZTEGfw);~B}kcWHf*DU9H8SYW`fWI4mlb}{s8ez+i}Z!I{H?-wcvq}c&q|w zNW9}L+|y__LR7GlKChB(cqsJA+|<)w4kbf^Jzeut=!v<`IE5Td=Gn7Crg3A4*At&E z30xF%wsTA9wNIcYUvWx&A5nRbXW;F;h-BN2ZW|{{h59hiI1T3^Isg|$E-DINjr@`9 z;7n+WA@RVJFb<%PA=990A*yE!a{|N#(m0sxK+khfz$r$|;Y7}S#9c=;z?@smr}9rn zw-rl%@v^Jl9e`hd(^z&r539vZVrfmcB}pm-=?zA=I~q-e2^swpxt#4-aCaxxsJJ06KZQc7+Sy%vwP&|#x}JzLL#WJBA(k$n#%dO;^|c2+El(DP zyo!@g2~YV?v=`>(cJ}K6TW?EKgjH&hWz;Fo2mw3^2t^*aouU9>{)z#^>l+|uC3}I6 z2a7dAH*4o5X9Gh%a#JE#ydKE6gj$FUiI1pO_8xEmg_6wWVDY%Y7`5b;%~!wt$iM)( zkzA4vNx;z;Ub%{w>*!2_ldsSh9%EoW=w{Tkh&6Pv36pQe>;olHcmQ@gon4LQp@IHr z$i_tm^{}Q<&}E+(qG`P4(H1zyHz+`ifsm3>tW&CUFZ1nOe6n~(SG_>c!$o!Dj|G(n z98w;Ic~$kNg^Dqug%U5OruI>b=>a@t?GPJgu_<7PZzV*Nbq*GQK{{beK@t@V7$1+3 zJ9mBbk&tUOfrJL1z!93g+J_;Knh{`x#)Kk3D1c+Je`TuI?Rc+{0&N=X8XJh-GAIiG z3U0s+q*`bDnNWbfz**>{0|QN#>jgKTAysosS|NX!-FjNkMam$zzDIWv|SZ+V_8a+HYh%Fl~m6CILAo>(h1M11j%KDq#LwWH|AO+{M zDr`v^8;G(iXFQG6q3T^RYLDqO65}n zD#fX41pqgU4#3`<&Mba2Lo;cL-h1=*1go_}GsRLBi}~#p1HN8VwgELu#I|-Uu~vj- zx59~aL1-;<{}~I=ofmQYjs;xGSbKphSU$z%#Lz!NKAaDbO9GD_fY%-QEkqO(FMhkL z-f}!cB;xVwH}WluTrq;fDMf5beD44#ReKDvA5mnze=8?UYW-XWw>J-r8nf5uG-Ae< z`3*4J?O3J^4>KBtYMqU|3F7I+H{Q*9qj(3T4pA^-LWk#5p&1l_VpC~|A0czJU~iAq zE1MEC9CVEbmO=jon87cf0%*U_n>CicU|A-ORV;SQi5=GEVS{nVk-uVJrW_lDE(nzJ zV_BM|XO5_yb>GpS7C=eYp9J7$#LQmk%Gy5}gs%W*Qr5>GuksFKmT_+18Tn*nE)`t# zx<@Cy_RM>sEZxDxfsP@BBiAbuIAcs1cZA5_WJp?((SK|y3Tm*iYm@G0Zj%m!9$*U%UX6-4T`9>)PWj7d7aD6-qe|N%( zfS7=YJ@?Kv(MpJp1EE-`%}NOQ)B<2?pF=)9i0$SR3O%Gt2ptgxOw3z-QWiV*#U^c8 zUNzP;rPKHvn$ck(oLo*vur0`?j|CYA=mycbrU-@2TmStyj2*NY$f0Y~%(`l6=ZQ$-$@TRb5tG6x0A$eJo; zrs`4ZW2W|5s4X;VM=J=X<-?#95OUP!&A@EixXb zfcSz}q{6RAoa&r!?CUT+`v15 zU+^rN0ZusdL3-3Bz#05vGfSqL&2MHKWjH-8arDas*0I=W)PZLlGi-3)NQjRDV8g?6 zaE(w1h2G8p)-yRaBf8-)@z;2o7u5B9lwZ&DQ9&K$D3Di4ouS672;@j@?v#v*htPa5 zvMZLZaw}(xc)0~sD|%{&sLWUnLqhlp+J%sFM9s?<$55<7;@eh0EN~tmN)aeFcCD`cY9I9%IlXNbrX$pz6dN3vX7t*elsy1< zju}zLrk6x+qS*Ua4gswJr`Y9Uz54~t52whz7Tg_>7I1D}nOYG;mzJt>$$Y}u`&YYh zfp)u{);%%^HfJFE8V4a=~dk4zIoW9s+Nr@a0wVjnB3GmF> z^CH^u0-VMwIcTw_gWQgK$jh4n13be%l5Z5xwLT1`J9i6}$&;_j6b+-Ac@48J?;+Om#TSZZKgF`)$G< zLbvlqKm`ZUeKd~bp7OMTRQg)$B4W@-NS={E4y5%Aj0n-k+`}mXP{2&w$O~t(s8=|+DP#-!AjTAAPgd(S zE4^gI@|W5%WS|2=YvB=}&I;M1F1BUdY4zn&WpzosAjJldsjJauxeO5<6FSp}@>$b| zF{UY-fmw3|@HY4qFXWVji1InW0U*><3%c5Kf&kshR(E3aruOcXSSWx76(jXb<1N+F zrL5|;K)eXX4h&)oYfj9BOgI#~89_ycX4oY@2|%)g6RME37u&mQV;p*6-D744;Fb8h zv-@B2pS@Qb%fOc|;fxU%>y4x8c)T6gu+&(<5xGIS{kY@-cqRVs?EaVhCvN{c@wyfJ z+W>NWgZ%lnJfszjA5wB-F5m~o{oWY%_0~7`vbSzpv=gzX3(Jcqx`qUIjphur;^9-a z_f|~K7NAJzmkOhH4hyB-9gL||F4Ssz0LCeTa+X;8B;bnuRAM=za(|UrTI16q1vl3R zJsHzRT-sN3W6y=9Ii&)eF0}yi+3o4s?djR=>EFohY5A)#yU+JDVm!+3X=oMi4|Yex z>eV0feunDc^WBVpzq=VRYk%{58EUVVcPAtHQgk0fm3YXz7;Dg}xqBGR57zS?jHh-7 zLl5$^JNC0X_QShlXL#+|6}ygC@tX&5#eUNmX3w7359o;jb(rYr9x=4%Po>8 zGBUJCV#UvZH~?k<4=M6cAh^f!0#kBCdVFJvC5cT0dGR7;3+YIa#=1u)@(5U;)!TOd z&GQfEXJ^Nkz0>Yb$Gywrvk#YtXQ!vV!(spIbg-hcxI{eXRD7ezb233w%JsDGrtK=- zKL^^CArJG9XM^Es_oVkAXlGnT6O@&6a2&H^W?UB#bf@6xC$#}I#{~X75ApNf#pUVQ zQSWjv><)V;z0=`?bm1IPp@PSLb7}JbtUTKF35G9v7H~S(E^-EIf$nktw0C)a(fhgo zw}$ad1CqYydKZGYn%OFX)(#4GrhMk_&?pd6)KQ=upG+n=n8c3gy5pALs5NkTuB^?{ zywD#uInxMYt64~e=(t8E(Sy_PYu96;9=Otdrw#fX7pmB1TQ zGBdqxgA*OW3j!G&4c{Q?>NycwqZ#khPbZiC)Bf=C@MHh@=%RPpJZA>cOnMhivF}k7 z99YzuX|L9VN-lJ#>fAo=Cl1tHa|HlHtGELv-M?LmKbpsT2EUxkW7bl97iDfazLL%o z>jxFYvhkB#*JRNVF{uQiELrS0qB9&oF8C$ksB|ar7+|q)nL!*V-``BXj{86NE{FYx zkkJy8V?0JfJVOf65<f zYu)sS7!n`i_o>x5*?BePd??qRC*^!tZ{=JK&{J_Q&H8N>4r{TiRx)xq_oxzuyuhJv z9hWVo4$A47wFCg^*(07t%4D?mEU5xo=ua)ZRVK?rn^in)N>YitO z6jd^f{P3(7h*OMikgBIrZK%CV&fR(Ads~tJ0)U8O(V)7duQGUef%z-Em47jxkn2by z##|E0g4|~p=y%aA@hf0V>{evpbk>(AV3Be|q=fM8fcdVML}*VAOwzqyjL%*`if?`} zWF4sJECuP%^Uo(K|K=wtyPcc^k=?x?D^F5NDrSNO=Y@?=&nF!P{>jdw+6R?6J$*j4 ze4c9$e`;CAc+W?e&(WkF`V7-@!&H7biwqf`ex-tyD_D%V6iVMSLGM;h0Rim* zwEnXD<2$n@)%zoL`9KPVS5)76u`yB6Ig)cY?fia10?Y}`rE2=Hbq-*X7(;r0BjlOm z)a1(nm?@BnoEbykA3^sz_ViD%GLkn6e8iX*VK|10<3KFC9V2rUjpEoY;)6ld&SY{s zh5Qv$+g6<%L&-mINGLiRfL|@*^aIAB@5_H_q->7AZLVmxh`~BU)BFYZJ!&F?q#8C} zUg{b{lTGHlb9NIPeu+j1JPIOa3b0g26lUDpHk8dJsd)f|*maT@@$g4B$gFzOUL z41MX4$)wFMKEswg5;I`270M+P5tfH`Dp=SNaU-#cYKO)Uw`bl9s<2T?mTBm-%&~zP zK+?}Ln_a>pfUb^%N$gA~A)H8cuzpu@FcEuXX*+qUeVy5TN_s5TZj-mmMcIph$(NLB ztXCo-c9Z-)Di)ZRfa5^jLXhkHp%3wF!`LD`G{%86MSMPtGXa@6GciO>U48q(7|BN@ z3Os$St1A;4be6;vdFFa1cykq>YHq^(ZM zLv{NRxI&S%u9V%R$iJA%q`hcikSJ)w_#&xvzEp6STp6&*Wv5qFZvOvmzxtoJhRzMu za$0$nTCHtxJH_ra$wcGLh465dm55;y#1}UEV-N)z1F)&?b4U@trLHo{hJwiVw?RM_ z8k6J$SocMG2fI^3m^LWIi%;Axq88E8>110@DMh`ec(Fko%2(oz);1h@GwrVwb9815=Q*Gh zt1|qrSH*_tJ+l@=_`BkSMF?wAoH3$AvoO;i)OdEKH0{sDCFT=NhekxAQ_klz#f5h5L&b z!^d z1zJa^46}?Zu1_M*(WY+dj4?&G(D!#?BS(W76Dlz`h?{I+`5hQYOfR5V=hcyx z19m%Y^?#k6z5Vo%m|SQ5bA9a5B;k$tbmkP#rm$B!rr} z@nImRM9O#?_bj$U17vNMep(1}q zI0yE(9P??iUhC>J;vqlQrQ6`IVr|w+gsifylrZTH8wb{N38lz2PHJk9^-UnT?oZ(j z0vZ>+;wD$xX(|>lX4>r_R&Yq5(GY6wwp~`8khx+~rXwR#GLwU*SXP1A%wh{Xd2pt^ z2MFa`v34O(?0cHMjT4H{XXWK->+bO!&iv#atVIy9|0~U)C+n;508-Qc)4%bP@?zLA zRAM`)XT#p0&A;#l+URsTowxh@^50IUll}MIyZz3ecK18``+KiD`)}X;sk8fL|J~a^ zfldQ$S3VKrkp8K&c3aubeJ9V?uMT*bPB;1PT)gq_nx6 zVjm?_Pl%Bbk~<1H#gGSn_+ewij%=s2Y9)+>W<8}On#Ar%HyA3>^!00ui4oHB{r$ah z|4O2Y9-R(U@DnM3gfPGX5Nd!~?hlj+C@J6a8Yj11}37BX#EDjnZ(E9onY!(qE{$=h&v_N|c z+=1UC!UaJ9jRH+tWl00)XM^E~i{9Y!ygL~D_3Yy4{mV_E8Mxe+&Ffe*j+0nxi>O^T zTJf(W@30y>;1KXnMgp-5e&71q_8_;5#}V4^Ti{N*EWF(Zj^iPhcxY=)B3-1yhgXv7 zqIZ7s;o?aVO8H*aAd>O&sr4+%o z)&jS{WF;HYEvY@%7n=QXCA2?!-7+LmnDtJShqPq(b7v$3JEXnOoM zHk7mCK)SuBcMX`Coxy^Bufi>?Hs*2cH+lM&ny<BUv|4JpdzxLjmO#F>dZ zra=Jo1-X&-lV1=3>>ws^>|)q5Mx)jOJ4r*${e4Pe%DY_s^NggF3tY|FpO$%;qZ#|P z^IMy7$RpN{{jJ42{o}s1wSdC;*~Kt}#463R5V>;N$o7mC>%L{So2=%9l=xYasg)<1 z%p8BIi700A%eXh+`>aJiLut;kt$(H5rJS7mT-p*iyhZ?mF}eja97G(ke1oSlV2KH4 z?%lRy(fU_uCzi$q$yRbUAAnb>)&0h;$uhTfnZV}KLGR*o|1f8+)NZ%#Qs9_PqYzX= zR#6yCkl+IkeF0`-*(Sp_4kq%ZX=h6gWLx}44`%D$Ot;$XoOHEfUHap(cx>3Oke-GC z1SK4^?Wn~C?8e=x$qB`jKPVZLKPxv9J(#LQMLasvj1F8ksl(;+C22vwK0_2f8M<7yxq^(f8M@+_xjoX^BB+9 zuRA}08$3IZmgX_`kq{j3XM!y56diycb`+!T{IKzJSwy`0r z2v$``4Wh8#9pE$yT=4d_{1eXx(Rhr% zfR>ZAD@CgL@ltl?;C+1Z-aeGJWO-O0Yx;Sp*+N-CNlDYnE~E-Cjkg806tKdq7I?8M zEcv?*Kggw_k{9#>vML{#_2)a~0fT;{a5QdQ`frz#_Z@}83!k4>lwW1w0#wg-I1OJP(N$<6HJHR7|1+Tbi3}C(u7y-9PUU`tNZL`qV`5V=>3rDUU zKAB**z0vg<*%rlJD8NJv0SFilCcd;TjF1b(J0JdQZk%^@-~_RAh5=A%@Dh?)i?`-o zN1G&bzgonM3)U$dC*MxhGBua1mReAYVATSmxvUUqU4RR#uMMaUkXp;Pojl!6*AgFg z)}IOInH=M}+T4ROL^jL$l8jMWy_7-Z$qt=^O$r0A>xWZ#8qL6NXDe@z7MjtaDwc<-yNN>zpzVw}7pUP!mhoT1c#-dwN!8OLfDmz80Fe3Ovta za~`uu9s6`9CS~3sKsz3b$KGkB8qUt;65MM-DisxZ6kBPEmjSArnnjgYnNm6<{_+;u ztP}q8ta{{mKvM&-q*1P<^0GGDDo`t0ZVSM!V!zD+wZ>Fg-T3?{(_=#Q{I8n!s?@W#`Hd%gu6kB?vKQ-i zORtOTsfqQ$uD&j=phD^+9cV63stnbOS=Lr|Sv{2XmFvUfpXH=uapyAu9;dIS6;|I` z<0NQ}hN{nfRs@~`yows-TDjsB|Fr8fhJCyCS+YKzd12}&4wEgg$wR+Bw3j)$jAqeF z?pzL)<#DJ4UwKhQUQ#cc@9T89f!^kKb=`iJE=ncm*?)}AHoS~3;pyMd^0}nhex+qI zuWI8Nm=uGiTnmfR!go&YfYe1?yKGO5^b)${Fys4t1Nxh zom;VIYfAr|J}tM*ea{_RR@G1CuT#HfFkC|4KTIdM%U#T@ML&}dFD_k2VaV2fxwSZ; zX;@CG%2FD`D%6zO^*ogmb4{}LG$=vdYO11C>7|I8sak`krpBWXHzzaWGW1l+Rvi}2 z$>&&$lKJ%-WX<%fUxh8x$tG7~$9_7QU==@Ra}O@VklDI5NU5qgx`PdJ;s+f8EzY^9 z7|>8s%l81z(5kd7*#Z>N#9CFp=G;u;p?{+QP%%wud@o79&Gi(>1K-kFr&_52SYpnu z&UNZWR2`1XNxr$nqF&Bt?t+Td?(L#fTW8d)KH0HL*WTJxA4l3?GY62?rw2QnUAFns{YmppE;rLwuycqO zpRF8^I^!~X&gIM-c@V0M8&!46nyua5s)h|62x0}ZMrF5F>eG5V|Ha-cWzhIeyHrO& z!7!vGq!@DXH~x&MOm06W6r@6tRtc<3+|n3QN?&4Vc7y04nT3!d(E6YEyX}3avkm@x zxBbrPv_Sh1hH!*^%rRo^U!oDxP}(0bH>e4CtvC%o+qu~tAr5z2DI0dCrT=H?29m5G z?du<98j2g!L=joR;S{;oqIE74Wr&ukilYWNoG>AHnsTROIud7%S`}0DT`ASO5od3DXP43^4{LNF_COMZqz|e&t%4 z4S;9bf2rXyaPVH{tH}QX!%$$FyepcK>2_ogR`!uFE`uYcb~25?PYHlVp`K4Zj$rek zqi{l@hm@;m&rIOrc5X4Bl89R`TZ@Ay3jUMe0JQ!Qw5+0z6@)o1Ybt|S!u})p+&%u( z8-UN<J|gJ(h%ucE>{LUu z_WV;_qPAVhG$J}+@Xx^PblP&1a=KE1Te2KYIN0=2kZxy7(p-=#h2nusN@fk1Tysmt zbMx!hOb71ow*dO$BIL0+$%P(QnM~R`1D8qGRT$ty5-{u`s*~$Mz@{qb5LGd{RIoI$ zT$^aC?e+Oori;`u3cw5o9^{11)ovz9PNb6l$(Kp&@g;e5A$psT?P>K%!`&n_cV8A! zyp_LUgA5gX!GY%m#oxl)t*ty3km2aWp!5UT4ZXdy?a(^SkwjXImn@-oPun^fL`=Vy z=|F2+f^Efkx3iE2x&c`XaWmeeoev1yxpDrVI96wP#^gqL6{Hg;Gi|ILQz1^4%0 zG5w-5g>j63$6<&Ado*Nh_`L5C#qTAW2Rl2n`K9>lk|BD7Xe+O{=uZ6^!Ytr*_EZ^>F!THJDC{NqpE%;AchJDiIDBAMJ&h5%`3 zs_3P;)_f`OdJF}Kp}?=}tDFKkTn_#W!pY@y1m(d@R@SZ4X(iP(v&KmUB}h&dL2RmF zEW%&%;nw;iI+Pl_$&w2L5C!=62$|%yI=!h>V8pD}_hjN-$dV&jqzUCL&=(4ULlOmC zEz-GzO6_9#%wd(zZy#(YSuZtmX#dY<>t?>RpMrq_RB?-FGIOD_t_z$)=8I1 zi3wWbJsx9M2vY%4>YkV-CFHCg9uEKxjKE(w%i=z33#5KF0PbSK?2wQrsi0-?9Z{6+ z{3lxsGh5y5YcyY_>%X9RRqub%kk_KXFKGU-L^$lOHvHW*1JuK;pp%E)xQ|)fzje&| z=clRXReX{TwU_@+?4}(o;15#h%nrDj!={0#wZZ-Q70}^Z)hk?(_VAj3@WV zRGT91?>CYY!2@u!yK#*J??8KGZOjmd9^~*~14t|8K}ljHed?i(=Y5kzJ?A`1eQV3q zwNUJp+TacZIPk0cQf(&dGVWTBm0cu?@!r%qy`aZb@I2e&A@a&ZN^1CCmV(P-liv#dx|MlKR z%Kxxt#^(g(F(tD!;0$@pW0NWM0iu@SwjV=+W+nEzD}?Id!604&-p(e<;gp7%(>c^ z8(koC`ERRm!>BGIp1?4Fv0v+QU_*L9`QoA?Ts-Rwjp+-92P{rH0C&zZ^eek}mFC@) zB{GB6zxzs4CI7AS&Xvu9mGXZ-lmB^d@Adw({C||klK;6PK6^;M5Mi03G=OXiN!n?r@Uji){Qi{N#|L9s{(iI<*v z4M~OsZh>(4G25UeAWD#3n2VAOE6m3VVDeOj;rb7|ta6HBV=5uQV^_xa;j=|SN*k>pQlbAULHpC z#daW^V&pl&zP z80I0xgknBF^dV#BqOG1c*-v>3d`bP97%=2U5`yZH?R223WeO--k{MnwR%Hr;R_w@s zXEdXgNX67OXis4Y>T7*8xluFlL;+>{TZ9mb{8 zMjrDBg2KQ{pK3c`XM}?tHqE?s+%K6ocbTJhHv~I;7V66pKY-$k6ANeblH}-jun9OB zaEgNo*eved0@Kqd=(0}?QLwcIS}@|Il?`PCfIB6(0dOwB750D=T^-1OKY%;nMjSXE zXn_`R#(P)GA)a2@7aGg4q8XMO6!zl&{$R0Qw$o$wfs!Z$_xDR894sUb7x>PI2i|r% zWt^IGUns+*4?mLC;;ga}(285hm2JCwi=A2=|iO#Cqlfj?8H^Fh{9XP zO)hP*%t+5f)pN+F2i9!O1*C?%F03LJTy8l_%j8Vy^`l8zpjXfVUVv`&1^XD%Ik#la^*T3GJ3u~2FCb@tfCZdU!E(@z{mdkQi%u;*j@~fm(uX1TzQQ4{| zp(+-Fa?Pujlqk6EtJeE`C7>C{0o6d!wrzFPA)T;vIq{~MoxA|uJjOmABX{ol=p!N5 z8QkM(mGv1!A<_6@>73!+CAxC9`%0u^dYkfNUXGqtKy9+A4<>~L!T|+t0tg_ zM$sgH?!^=(wEEV0`FVO?SI$42pPe0F##j0eKMjUwCzqcFy^BF!&wfsMp_)f|bNqtl z7ihfrweF!!!G-F*n zdbxcS7^@4LFVQx5iNz8Z1swZ@>+}8n*RP_W(#i8y-urvU6ltf6g;Q>JGan7l z>VfQ^9$g-t)`TkKg4Kun_#B@N=Uv9@scVy!13qFtA=gn@IY5`kXJ@~BDrUxfs3okI zGw1RUl;Ooou^Swoo!8_a1#Eq!xX&)o?=mz>8D_)d!R1Boe-C>X!+Q8xaF;_e)$HkD zaM?fY4?kR-eL5dp_CK7SUGxf-vPCQc#`*!~6H20x^(O(LNQG8f4X3OkB``Vdo)iyR z^&q&vC-hZtSytb26%Q}?)gde}d$v9n&(nv&5zCeZr{`Y>>D zP`I})LgT~b;o0eF?{L^ZJ1rKu)p+=1a+ur^T^@^%XMq7wr9%RrfG=cgIemN(^uR!^v z`?pK+M_o(})Fv==MR!l&7kiSGV=L(@ajrANYc#ifH(p9GJ{}{E)wx1mGsk$0hPZgr zCT775yiN2wXmwhd*ITvda@_y9cRB2r2%Jn~YYm>fWZw6DbS#6PS0H%Y@0|`W`$s}F z^-ucM`glPzjqqK}0P!$YU>`GE4H{QBwo)H*EXb+5jpbKzD>^8&JJHLZmsOU;zT{H1 zwPUrMqb=3dB8JE7EZMem%TlXTfmcipo?=remZjds<)C-*SrD#&{;_OxR}bxwqA{Wa z8EgFzhtrY`Uk*lMk6SW$wOt`{RK=Xue(C+aiN^B$F3JWd6OOb7Rk~}V*)5<-$!x7H zh-8GtUU2gnE}ro;aGI6^U-K-j_%v;Ct5V&mJi+6d7y!AOo1nnGupH{jRL@Tq=ja{S z$`}^spj*H)6a56({seX?8~cfm+t0J{X=139aN-jG01OXpn_Zg~t&xQ|hS-lNS^{FWMu9t7Q8@Nv z8(0}bHR7_7(`56`5EMZVS4@_4nYCui2xjJidhH-L=dB&*|7(%O@*afjcON*P)-v@P z>I8(FG(6R?%pshBCAKuc@#-OASG15wh7CB=T)#a&3xUJCz;Quq&^zuO4#92<{LhYu zZgzsm_g4`y84hSd#$-UQDP%Ix)|WCFfK7;*49GR*%tZ=X>11q9(qtNKUequSDUZSu zL1UMA!i#dMBTdYg6u>oSOA6Ndb0r0?iJ6iDxaK?=Sg=Yssku3lYVaWzV@4wCB9@)< z`gPf5=%j9Ae(Mivsxdz7vUFw&S9q`6R+_a;PGatQqk)nSr5_JZ3O#IebRT)qNQ;`1 z?s&w#M$|z8r}L2DfIF(4wzo`I%1|xZ0~TVd<6o_YbWYuxs4snhUUmK}1lmYpoH-j` zj=c&F*c-xW!Ch`Gh*qHEVGp?(^Irp~$6!|qC!tn2YjJCQVXIoyVk2RCfvxGOoo+W{ye%G@HP^eG z?v*cfRh=xiPWRKz*Y4$VOW{(>pn8$+4U4@{mhF>5X8C^AS|{tRM>RUMp0^g}XtogO z+o|WiC7!Ux>g`nfU@w3wUM6cZRvqFO;=Kmpt9_r!h+eu38zL1Hs!f`TEBGbXUTe@L z$#>YzN!2+#9snD5LGD9VnfuTHC>9yzDuT2b9$|U_zLw1H%EiCgi?u1hOI@q|*5Uis zek$TWs%0V;{i}t8uZsWs`dudz|MB(i-gEw!M|r*$#(z&ML3zP}Gn!Bn@!!+@_8bKG z4;z-zFhN6M5fVmy4)(s(Qz8FDZ}i~#Uw7ZW+sowtdi(C(bNt^&dGa+aG3+iyQ2C(Q zGF>Hv+qu~tAr6gvKPTQ1W;6VyZdfI{=a?J{~zTk5aV*xpXKMeLEG@SpUTqE%1=HqW4#g{O@mev-#iOzJ2?={y)Z( z=l_*V3^Vj%ZWJ!ocA;k0>I}y{FWUcZi#EAIlwuD(jJQv6bt!V+w`{NT)R6yELay05 zF2GgiKl`t<`QKl^>%4iE|BvykDXCMu@hqVKZ3J{kk;6C%+iV((=NJDW^Df4rYZ&6d zAplW|zF=;@3UP?W5c~GKfJ6a9d_#c(M>4w(Qy~=PJM;y);PwCfc{lmB|381;GZl^r z^uRG5QAn}AanjC@Z{g#SPbMa&MR6f(#i%T+w~TCR&`I*FjiW$C9hF}&yA06nWk~T1 z()lGt(3@{=fv@ph7>amAgG)JP?|0+ZZbT^x_&lx|5D&d?z1&nSUrrEDecEajSDg~Z zMOEZZ33!+wF+8piKbh{ZG+!_`!B$! zC`exmlYKcww?M-J9^%O5$lC@!f;Tvrh)U*crQL3)!(65YtP_7iK0`U}{1sv@AdU$I z5Cm4MoPZGmvFl-~oiWbv2Y6{WD?i?E=!qduQBKZ|J{|Yox6DM9l3I_TB7N)S*Hlid z`xbcr-Xy+Spp?S?C&;EiCBDK8kU(LW>S}Jmu@xFr&fMLcSWNQ6UgpCXrzZHhnv;Y7 zJqCZ)cAApBg$47~TANUC6HnUY^`*K6cNs8tc}rm!B5JTWrznI}CQDQq6vaT!U;rm# zR4Fk{FE>r|XJ*X_`2q|$2`%&`P7?}UG>&{Agl{|BLBSGfW=Kz@_e)MBHR|V@l_kOf zLY`piTZnlMyUQ{oG$s_~O|zEG@N|B8JHX&*=aAoxRu3`u}4*<@TSlJAehH9{C>N^Ty(jwXs<1 zK41~!KHmu}d}_%58R8VX%vsqNxJv%NeV3L0dwctxXZimaPew-Qv9`lhH0L3l$>Qzk z#-2rXBC^Y!cg^TD>b#o=^pE4boA%v}{pa#M6%&R8v76#wc7J@Ay?ws_{WwpFBgP}&0ne-s&#S`ssmK@I1y3{9GWWr&YSwiu zTH#)Jb?ql{H++rNp@#fl`wn=O|8M6_*8jKj=H0XZ&!aq5_rK#`4@`Y?bYxG|ZEV}N zZQIGjHafO#JDJ$FZB1-Dnb^+6dHH?cTW`HTZ}sV3x9V0`o!V#beZ3$*w4T3-P5rO+ z95#o#oj#sk5oGniS2^wd3^;71bt}!TkJcL4pYqOh&Z~&hz18?xqqv3nt&g{AyU`FE zi3O}ddJ|f5Z??X@1zT49EiW8Pp}Yi)Cuu>{-uqVV^)0Ua>vs8Wz6p*zxh`^z(j+h* zPQc#+Ym8Q=_f=5xOYH8oBcakdo8HHMH`((q=N_sUdLYcc>ONoL!|i5 z`{zLJXn0TBg$5DS!2c^P3jASIGb>l4Fx>lm@*5kPiP9z1EMMfS&#x)1=ewb8^}iM4 z{_w@$%onKfhFvfl;78?vK6e=uEWPMT^Zyamh zpCKiL^2wah|Ipf`J35SE{{ul7`X9jzG|sVn4t1;MyS2D}I*EikHQc?p^Au$)8cTyFKy^{A){69(X_Sh z@W#0?$0QR9o-2CjeBx`1T^|Mi6SxY9`mo~)b$tDE``-3b|K9X%de8no`9+{()}+S3 z&!~qri2TevDn-N0OiK3Dj8eMHqi1@XlLw^3Yv+%CRXQQKZ7}DcUQfbjZE#^_-~?Zh zx9E6h8eBLx%3vyPC;IkI90^h*ELH%?jpG2rojJ8!*@&dM5|qFo7(+V!hiq4@FL(u9 zxz?*=suhX^K}9-}@%N-+V+gu1i?hd7PCt;s931%8uoHhc+MB?AUId143K0w;AE(Pr6Vl}k5oqFv#WmET$jp4K}t&G*5{hlNnSdtR0 z33R9w^5rA+@ddf?-?t}q=TT3CV^iRl3ymnVdtf<|y)(nwd`;1ip8pGp@s5{0H9imi zV&8HTy|9m^>t{ko)^h4VSMNaHI-sy3xn@lXmZt*;J4q`nuQH4b9W{m8+x_c@rc( z|4X-`u=_Iqjai&n@t@lJy*wy1;;Zz3u`y{xH8*>)rYMzjhQ75T);JK%k<-bwm%rc6 zARCxsvOP5-U@21g-MUvlH$G$IRLWG~tK#o@S~1{}Y8HBpROQ*nBKXXM9IHFamE#BXB2Cxg_lY#Q1fwzk#M zkXqES z@Ou$cL&ZkErl0d*Xuy>Vh`th zH`lOs$hU-uEYeurSyMn~Zne_;cDY+eW<{Q)Y#AbYcIum?v17iaxHpd^2p?EnVkR5J zKbqZ3x--38tdGne&3+!}f3-I&4~Swi4&S6~Q`pkG82%D14>lmM5>#Q)QH4fR@5_G$ z$2p;fyF>2grlBRk8i6d^kVqWR;{VZ>D|zL(HGFH0>%Djd()<91e?2?M@=_JEC^V~$ zX0($F2;$;t&U#^R>Bsp!;OM$k*=g~F5hRrun4*o%13e@KYX)51RLpcWOh7(v?vC!( z!zbe{KpP4%nACc)fh7ozZGQxhD1S;Alv|WbHu?B?`LFO1-Yv?4Q#1L=g!6;io5*zp z&JkB^KcHCKIzN+QLxEjlKwT8(v3>||AOD}gB$cTRM>o#Z%Edgw;?#hwoEKr}OZw(J zH>dWGtE0~JGfB3~NZ+WbauMnYVP{_4o9KMT(Ys+w^D|y6QU~89LYFm(3l#Tb^xcH; z-fjCXFTQ^6qavfCSFrFuQTtHOqc<$@4=_l|2UKG@Wmmd_(bL;!8 z(0kqh0hS{a&GQ8970kOv7(5ir$ZrJEP2{Z0(hq3dFgCw zf4yw62fkEN%P1*i!=$J>$kziu6yHU%~05p#uqp(~VR$wIJpu zw9Z|vKKM}*WcH;!dlkFi$0!vTnij=|a=zU8?GjHl_thXKN4G2bNE)T@Q0F%DC zAV2@_C+k}7kFOnM1E%&q`yW6WyW{3&laaG&X~U`sS3`X!v$U*4gjVR{sFa+)bwZ0VYpo1p>{zlIO}ZoN z+V`5i&usNe> zk~=fB+ex-{?wKaa^hcJZ#?sXdAoqob&C-@380o}?9e=Xz$^gVpuDh~&@R?QFmF8Vk z_$LAm*R=D(F#!^qGukW?LBYo{Lv&y1`@rKIL7{dI@5vFLfQfvUl> zqR>`nH}mlc1{q%CCMQj~5lo>;lHi`jter!h0d^eRf3$||;I=nNrE^T4gE{x{NBkcu zug;!NWebybR0R8c;6aV6K2!iJ_z$ggBgd_*2Nn;r8KUQ4XCLXZRlkIX>IO~t8|u|T z07*MT!-JliUw|9EX$ylSDzXi2Ni~&@uh!+T1gP}Fl(=!s71`u}wf}VlQ#LhpOFzsT zvH2vWrWTkjaoDX}l0V~@YY>_o&N$BVQ$>%|kMi5V7mw zp(5ah&B??d04gLTpsm2zj)_5ddd5_10wFA^K2d0-&N(~>9`Ev5uW0ow}k z74NZ=;wcklp}>mS zu-I&H*$DaF26{4_O`&u{YgFWw zU2x1YZYCp-3Tvt3psb3{e_*z@{qm}pOxuc-^9`n--66W}7G?d1Y1D(4?c2$9spr>u zimAOn{mZxdgrIxfzo+dX@A7*zU67Q(>&A#8q1u_d_WIYbw$teKy64YESNc!9ag6UM zc!VZUkJwEG?`aM*S_bYungxtb`=I9XfO*Vo#e-F2m32gs8&Qxb7k^EuhIqY=J8)=O zrKMp?(yhkUOkhlnGxc?DWli}QRM%QG1F`XsTca_k`ChGco3E+9)k1_8kh7kh)r^l8 zPy@1`_Kt&Aa=}W&Ek6q@yT$cHXgdQbyV>bP=qeN{z4hNp`egNbD0+3f4ZO#kONpv~ zBCUxi-ec1*S!~TY(ZY3T4VtlG>_{!oWr*|fXfLU6%02P%Jq8Ogm{sd;d`P&%R>Hyo zjtacQ1Ux`F?)E#T;~&HFd9G8rYHT$Kd5Ly{P5#um=JGmHX^nB}Pn|ppVvM0uSNe?h zR=N{Y<@&|EBY%6$rfZ)tk+sYG$rt)^59{VDmO0lZSx$M}uDv*}pFErL{xnpM8eEJh zOn*Luv&IFF|A?IE>Z-6s?RC?tN<>zgOxkyh1@vmkrCIJ+_HXAPZEsn&2S$Ky-pH7V zx|=tbbCQ6$;+Xh>3~o3V`e_g5F@ zU_J=Jq4gvXf%~RiZRj-}YvhJEW1S8`o3%EpNOYn>lar5Yy^vk?iw#@0V_?Z=zZ-{o z8<%|Il^p%hCMDF8@zH+mbK$ZoANp07{r;}F{A$2^)A%3E+q1drKlA;B6_3v_!=&oB z_E6KDKNG3JAnu|i;;6@!iak|)Jf1`1dhbJTbrw3ma-enBV_K;#rQDV7K9`i{dhGoy zJ^THP_R9L7Lk|4C=JJPsQ`Y!*UsvC|-G9bwe;z=xMQ4!VP4`sUANSm%K$xQHZ}tsA zL{9aGppCC$F%7v!;OePTPP7B$6K_BpzRIf&xYBJVQ%do6i7caAc82;lJ%B;jes#S} zD}}X*mX|WeHA9p>Q!sFahCq35p_zfyky~ zpkzRO3>&%ro7qkTjlnrN(8r4avZmfFV-%9jeYAocY*V~>yo;ybb{=SsJ*P0l!((uf zhy!5K((I8$p}>+*a(AXMd+@`(6RJFrbWUYJjlr?-kS@Xjc7fp{c~d_b&L)K=Z2BN> zu@?kCq9;f>4TK+mUP#D`Lf`kM`Nzp`Dj+=sB2Z#-gJVOva(O;t38lRj;k;n#d(lV= zas5M*1TkW;Lx_3mpq*BrKVWQ7J|N&~zF6%M=6f;&KXf6IsPwG~nES~s>H9|$r3$T|(|_nJ#ob0U~hs5c)TdwZL158$xTZ&#Ow21i%d zqoe?2LfdXMuw39M5fTW*Q#;_`?7vN|ezr~d6;c0bE`!&%3S>$^xSKOX<}1Yt2_0m* zrQ!;5$@-$Sk|uAYlg9ApGxq`8RG@tnLs?6GJv}Y(fTTvNH32u^;%hYL!}|!508pR- zMn_zs(M3RTAIUEILkQ|^)f_W5fjHi0tEYz>PxtBfqve|5=UlF5QtAK-S@qs}YMavTnS(1m>znv_QvL!t7i_QYtw zWA5L{rtyQ5nGR(PxWp^CekArV5~hidYpjw-3;Zz|h>gsTOWlv{9SB@K6aTl**kghy zj70?L1Xw&N6GgA0omuz@0n$slBgMrqCBt7=EDcc8Y}P5OkWeY)UAcD99$%0l>P%2f z2*Z>B@!Y+8T0K()i!XE{)#nQcQHLWgxI0>==Y22_WOS@^;)D$|Z<7OtGr019TY;p- zbn_w#{_*jrfrVFA%beHQW_d@}d@UB!1Y5RSfrNf9M79osA4=}oz5jmNpbGVMw& zC&>VSh)QnH=I;=6Ki@Xd*B+sa@3Up-{#jiPjs0_#)GX{JMGP4>(dq0IXR~!k%b=Z< zAg0Ky1u72Juaw@=1whrV0dEa0B2O=E(A?)!8N30lVozh|q<9|tw$$Cc z;>f>P{Ixd%a+5yd^C-&7ny=dmIERD>aPqTMPk{1iWiYCNJ?nGffC(c2;MM_lEaJ@{ z>_mtwgpmNjk6U2yh?Q1&{;V*tGU~hxle15i;172p^i)ZgT)v6m-n=!?vD3Vg&XQrxyU+8v!lnF$LP+62pgn}O5H;Ijjel;e)HqL2X%h<&V~ z4F_6(t7_xh(}Qkfb1Ar{U1})yZ3-hRcQFTqR2CO!yp-T+xF@yv&cJhJa&DXRif3)} z+8wm+r3=S#T_u%qmMi=qI~OA8+rY91HT}qE@RQ13&_*byvrZx2kPpXHX0XEETQ{oQ zd~(X56(;}f(ua6LdNqn&Vi)D~4jfbOQ@QPc;}HDk>M6B1I{*cY<;W6@*QJcq$r9U4 z8DH*<7jm@jBE)4F!C7$#oe1^`GN}=J&MijEw*E){_>zC|(EG0<=|qiLO9HAaHwgM! z=j=qy9@|A+X3Uw`sOAHgdo{$4u16+ZRHyh0-YYFh@m`kqc27?ii^PfSso|@5Bz>Rkdc-6J4@eHEBqM+cCUj-_tUV!lR z#8=g-qT4IY?vS2`(A%YK8(ZYWKR)0H<0Ow$IP#c#K2!O`RI0v;_1(IM0B zZ+PJUbv@JEVEoffkiP|NBO82OIK>eZj16W`5MrriaxG!p^x=S2swQ83vP{*re)de* z8qpoxI>iS2J3hYor5A&B`D0Xh^q8|&uqyuN#o-KFyYPujHdDP@VanX@+$hSxEkc21 z$tt{1N;S1*XD-`(Q5^IeC~tsmVN3;51Hc0B{> zDU$yujH}uF$0CMHd~db=)P5s0xjmr@7D@59_M4@LS7~D&TBm9{-zrhc8O@^6SYI&t zBZ4lzLZUZ(H59hfa;4;$xI&YP51N+UL37_O_40ocYoX8sw`8%2onH5n?SZ3fF;hSEW}%=5M6Je50pnmk$Hr}5lDCJP#ii8B+Sedfavs6 zGm_zxsm?uS0}*`xu#T5XsztyKRFBR4Q=dd9VK)w{m&y6XPjH>PFq5$ui6e6VZYj+Hl_mujIX;9!P@q7Y`DZ;=oS- z5khp1|3)wg)@)H(=t~`}n>)&X=B9!gLqz#bF)8J5y1P#k6)jdV|W4<`SlW$d- z5v8?oGd4meO~2b$>o-F79?)!Ih9mJdFmWLR3|F?)JR|gASGTsnwMCXu;;211V30I*s+(M{XrYwW}9np*3YD(CIX?NjsG zaJ|ShFJr>;vr31Wf8^$dnQ2pKSq*I0#@|YW)^TcF6@SiC6`Nd=VxtfUD=Pe@Yzw#7 zRE$1QfLTD#p2eb-6iY;4ImNYfL;tf(SE)xnIk`x*6O1&ibcuIwnVaiY&XL5Dw|s>* zkJe(!7K5DBP}tW)koC@1Qx^K4!`?Fw3pm>l*_fBRzjBEjldS0k_Go??!)fM@#D89T z2@)~xpM?eWrIfNi608bZ`t3pvA9TKgBt;y2;LHOdOx2Q& zTkBk(iE(4=in=7@xf2(ZcJymf5J0_zkQSSkfCQpuP3&u`Yp82eyvJ7s-af@;L?M^$ zL!QZqnflYBM5T&;j*?qQTUeW~$#ID5HDDu_S53n#AFfPh42LbzJ{asJ-9d36_P`}7 z!W7!p@=BQQF>F>f{z2qj%}7QHBDe2Hm_=WYEqln-0NQ>jsWlo}tg1Q$`AlsVX`DbM zUJ@fdFcHX6oFq<}G!i6H=c%YXKKbt+ojX{YY{ZJp?P-kXl!!N~L^a5d^4O|mz)M|a zDihKL&#^}u10iakoe|hpOc39UyA$WhQo(Rlr098yU30n8u45}nEJ5^|ozPLQvBMT3 zGZ|J_@LzIejW)^YXK{Kqc;iUG?}%d2CO|W-=84Q?RAA}QqvRiDoCj!?(MWSA&=+2OWFx$&M_iDxqi`vLKeZLdH4`-O4SBIUHjO)qrQBzdf&J%MeVNRvgBW z0w<&te_C+Zap{3|^Vrn8)^V=8tKXjS;JhDGVuwR~M@{ss!JNUlqb9eo_z*m_vdCRT z-jri*1@L|Fo&iWv#qnMVKgE^bxLcJTZW8~HBe-rL~I*EZ{Sz_IrE=1Z6b?E(L1+?@G4OVn%Ik%vp|*U@>l>n;gwlYoLx!j z{?yG*DE)_!9I2I)JgX0=nH;Ssc;f32N+1$NEa`%ySWI`Fqt*cPmu5k+1tR3NpPR-0 zEpN#qbJJIAG9r|fK}?71BvDuo`KwmyAC6UXx97o-Oq1i_l$a4>;TB9OyD8LUSau@S zrErSQK=Z2c?S^jDbZsgGF}cr9xCy86=&VgIh3UHmUdx;yA}nYjt4;6V9kF5cnlaZ zGd=dKy;V7_1sOmw-(8a{ErDNJlZS}S^Nm_NHmLub9l?w)Qq$CY?y~b`V#P|J?1D|c z0Y;4XFw$s>uPnd&TtX;L(sBx(XkPp^WE@!|Dq75J-b)=9#PLbr1A7j`QE!SVcDdit zGKJP=9ioFBP>Z$bG3dI)3ro)EZ1I)A$X$=A8br$5N(_UmXMyalXE%V)3%bF=Rs+^S zBZA&$LP`{Uc~1{c(IcPF&V_2K&c!&q)xdWK%iZ{h0Blt=eSZp70?(>i zf4g`N)RQS@lyK@kK-L}~If%3fWDZLXO{z|EiyCTle-y5&ohvpc3 z&T+3kg#K>8EYr}*h?a-zq={Fe7ac@iI)Z`weZC2(Ip`r>izQh?n?y!dLJ}gRmrx1d z)rSf4DU)rA3_xVOBcAb2EDj%j6J$HNom_SGXML?9D`y6={b@91nESFtAtaf@koJlY z{lb*;@pu?x{{rXWJo@@}Z(N~^z`r!R@BA!o=l9e_Ey3wcTqhEET`G0?Nb=7HV8eb7_@-AIa;AHVw ziziXix(r(=YrvULo0lEf7Gm}eaCNxIHV%Hs6H}pVpGAsmkcf(mtdSK``sO$p+UAue48x(Zsx;ztjJP*gq)lAi|{gb$4nJ(EvffxtWF zqYPHVuvMoI*b1w@E1Rva?mIafJWpY;+e<-e?~>dJn{Kv^$bfOmcIKIEU`K0}kH~$W z)82E4GCvXRw~FLjB6k_GHGTGvdFnqDfWXHfYXCJn4Strz`rsVLbK;FEXB-p^q)lKO z=nhPPJ+sVpr`(kg+kU;k3=>4nKgo!sFN4<9^`;qTuK>aOF_I-nN(I(!s#}1KdewP@(Tec=cPI;R@y`Nihzn%eMPz&8^2DXZpphgu3Ws z0K3+|n}6t?NyYC7KM$<5gIH1a7=Q?GMGKahX`OK##z&i8#Lt#cg9eB$UL7V*lWE9^ z)-+HjJWNIJq@+*MM-BIpYtRDQ$bQTm&KwpjU27J?EkjoND3XA8I#YC5ZM%N;4Hpu7Lez9;rR3 zd1zxdt;XkC5yIes$Ln7g;=7PVh9erIy;WvC`_*ZdsxCSoLD>XaxfaYJgJI!ObcYC!>V8}5@M z&I%!p)a(t_?{pO9l9AFxNMphNZyo_&|1;W zY-B8#6KYO}E7#o2{!cUt zK=eXw+&HxIUT}qD;-TC-TY0|ZzhY|wwX1*LDG(*9-4*h%Y9S`Oar2N+?wAQInh&iL4mzx^t;^L6T$~ zO)Sp`Kc378I)T2x2HKn;J^jvCoXOt#=D|FLGAQ6!0)NytKjkAxC>MU??s;%jTUwn^ z%ANm{v2n;&xrxU)aRH%w8J=IOZ4C3~e~y*1?yG}sfM*GC^>2gB#UWT6Y@l=VRExLv zGdWbCp%OFzlC$9yrb1ziz|J%gwF(=)UN4$znwnNKlq)#NlRgE^J!YN~Vq?S-5$m1s z$7O=z`usdS8UbUD_gF4?O!RSpPNb&&ux2_)o+2In1L9P*dORpLZ}=IwFUxS3HjATk zF^u6`E1)^P=aWyGs&;;0fXO)KSs-je|uS_ z|Mm9}(V?LIW}0(BBTN2tOo}!RN&rNIvO#ap^_W3pH3EPyvM^Nt9DmLOg&%}Ia$(Xe z@EIr;MID9>9oF&JL4h)>sUKg%w5#N|vYDBXNBv^#vzQ}5?fl#)2qT1e#>mC&6fB>!H8NnoLal>?lj zCBbqh@lIu^o{aJzPo)6htS;#&49GpTwR0HJwE|BKe@vQDGc|>^a)@l-W6=1+a zGN;}&=t|G*S##8uJbM1L!p>uQSH=GX5;${u3hA(o4Hu!l)8(^MIiC!tdjO>k(d_VN z1*kje&xTiXHOxXR^*GP!hoW|YZUpIH#w%P3%waql8w^K&`sK~5wPT#5wV`ibON8X=j+z8_12AbE&bu0txT9CMhq9&YbSBa?up!~ zYlNA$1)cLK%*g)Pbxz~AA+u7&Mv>gn<~J*th)IFZlDpxBm?i0-4ho5yjRi7*ccE{X|)$YmC}C@v&L8r?0#8kJ%selpeO25B#otH|<% zKSXe$G5y+7Xh_S?&a@>`i_g+s%~8)b6m}SMWWk0ReAH&c?KH_Wb;d$FvkmV(_)K&f z>c~wkz<`$rOK=zTd^MUK_qiG%fMOm2rEW6aJcjvYafKW7rZR=3F7=QRpYPjCeNcK> zJ@>dU>wDx;6dtBilGd6V-$U-hh}Fe>hn7er_p2n z-34PVGglJ>GPCsGqV#!`3%rrqYD}#lEI?k7E*kWzxA(tOfRT@M*{aMrKOw+XkuDyQ zwnZq*wk5lwE1H|eLa);uHo3zLz0m?4z?!E?K&XxZstx>rQDFIxSNC??P<&IpfZs^ju|x}{5gbp0fE?sDcEYGN;y}g?Sxi;sFMIF0>UDkf@a`gH zrmF~d6g46HcCH|`1mL>P>HceshByb2{oI+9rEnaJC3I6LoS#{t5D52{3*vJwK?Wm{ zU@`uE988?+FkJh{~kYM!b65$^OV1f@?x?wP+};7 z`bk2pX@?)N00lb|>SMyEoIm2{?^_llAt+nB-c@`L#nR?^-|82(NRKH0e6;`O0}2jdo*%qx=-8r5O`)2y!}&JN!|j zGOV6H3)^JdZ6wB&A{&p%p0|_~_7AT=L-9VL)s1N~SAoT}Hasimr|IdSEOM(Yh33RHSZHNJ(Fc+jG-T@kS0j6f8(ZhBMU zRiiAfQBIqR95~1Ht{$rYwm=#N_yDjK;}n@{+OzZTuJ{?a^W5nBQyD9!iU zm_}3O0YU=;PjyD?&3E3}L&7M2FUCu2;LgSb-}!{n5l&3o<76`8Gf5poOyD6yj?X+z zhE1DBQ@(jdRXPryMG)Y&H)Q^NQl}?!WC%A-(M+^W94$Gs)rgyL6GC>0ieJLKY17iV zZAXPdZoKjq^};?5*hr)^S7pAJos@%>bom>G^*Bu`J*jj$GA2vY#Mh zYiDXfRWHr;!HdjfIWoEfwi4ndb?)GbQVccZa`jOiY&`k*04clg@*vGrlmk) z29Uytv0k(rL!=`BKis;}LHGK{OWthXic)6DVVNvOXP$|iDfi$`Wf74-_BQU_5_ki~ z?<3ORf^#apG7tx~ngs@|(bT+?KH52i3bG#BzK~=kz`TdVJS;nlk^^3|VgzTgs2Wk0 z6_VtS-|HDW;KW>qw?|>oZhLB#*fFqwY>rih2kzDYF@BUVIz^l@WUe_UuheAV@R}YS zW^K(;UH@RmT;JStfQY=9GCHBEM@pywKJ)a6%}o&d2M5qu3i@>MrgWitWp67^q8f{5Dz^FrABJ1 zf#{vb0+1MuhsXkBpMpBs%|OU5X|jly8eftUj8ECo?JP84kPZzEbm5PZ(M840sm9V~ zCDRQ`O{Iu+BPKeqZ(M@ath7M^`RqG;ixErXkLH4guf!BBA?s5oyX=S{e-!B>11iNd!k2NcE^=7sDsg1_Ou&_C*Gx4kk;m6d#?z<04_vFMo53|ByH(Ia2MC-G8KLa}@QZAcu|K+1vD9+J@*drj)8Ku;v$y+E4uhQSQ1Pap?XpP<#HLUyZ9vpFYlX8IxytgNs7mR1EMD*noY0Rr?m6!?Q)X zv$w}H0b%)`2@xaQf>kA1$^+N_8;SyEZUN}Ac_pam=JleH2z}KJP_?3cq=b6L5vaW@ zo00mHfNW+xRc}I%H^cVPP^IVlf9yEGbVFw?7S$jgv?@1|L62scN>Ym>qN-oDS#Py@ zu>l{lG2b`eUxI*+y%|KMQYF+rD+b^GjbTk%0%m{5tP-xy{7^xG_1Tm=*Q#0eCuhtX zTJlVwJ+LJYE9%&FRpz)YdHOsmCH%zPt8zO9@sar{Phb`TiN4rWhBfslztj`q7zJ=e zmnzqYhgPIq*^X$s6XOKfk!elNGS$T!B$pDsIllt z5S^(zT3bc<=7SuZD|{|ub6L%G&3b=apsu9L7=#75Cu}LBHR?u-)JtQX;l~jFCdtDw z0N20ASUHb1(QeO~8N&ZvBjjb7BD{$e_JV7Z(1haP)iHbV+5HFC^ZAE5qQ1kYUKR-4e!U5$dDrRWaeI)gF2My zzTtI`eO&K6Dk4=Tkp)}P8DKO6iRr(d_qVs;#x;ZN`O^lu)of1}XrH5%CP4W;^8@I8 zRS^;?p=}VK0(}WCRh(znJ^~<6) zn)qVXhW!BlRV3?i-cP;<>w4+c*aN3INQMZTaOMHqu*`$++~Okl4|3pl1zt$wvqe+u z!tBzLs|t%X4`HJzt4YT>QoSFvnl29$WbH>y6eZ-<`i1qX>plk}ZWjBJ`a|pbO1I&n zTd(fJsNlFx;J{U2td9W&$vXp)-!Z_Bhb2jB|5zr%IPx!%^pHZbYZ)U{^l1r4|D9$L z7+OM_$sPefL~H>Y3iJ|Dw}N>RJPdeM!klSvP+X$-Q?Q_S!|Q8$*Zm(ygehp0U8`s6 zpv|<%^mC>yhVR03ZCjIsvrYG6C0nb`a}JOtVyK*)r&W6gu&(f)-=IJV-4b16%FEN_ zP_lXz5|y9y0?ZxnO;R}q#l}_xzea{O`e#d%8MKMtrq*&XVS_~ z-dnCW;9-07P?0<1`&lCT$xv;`zrdTv6F4r(C=pJ_OuZn)TPCJ9Ghi&EAUv$77*O4L ze%)CDqa|>L9UVy%-eU)c{kloU*$^;o_*7)X=&3aWZp5rWl`e`>RtCrO*Uzs7WH&W~@x_RG6&numQ;K0@Xb zJ^sgBkz@&snJ-FEgXUxx|E)fBXo_4339y{-3-<{`f;-Z$do(wUX#RB+wpku)a4U)T zF>ulol*!WI=&lJ`3*w*66E*k|j|d{zQ5tLuq7^r)cYeA_4G zNj3&N7S6B)Yuy%QWZ3q%rpED(ZA;ucPzMwNIU{v%r51f;_~VY<5*Y>CB*b)@=yy!f z)bDPsUsOda%0>5muWV>3`AX|H=E5325l!U-(+(JR5)gH5a7&Ejv(Kvom5vfCu#YCg zW@%!&IKW=UoT$0}%jeG)F`eYe?EMZ%Gxz0-EH+ zLl(=3*Hc(?;^i5fd(9GA&q+kBv^RVzW1U+~o;Nn)m z)3VdB5yL;Vh9N`(H2A*~d`so^CMuMISZ6MLPRDoa&pRM-rm$j<_0D<0M4?A?(HL*a zs?r3)f5~u<4-lFt%is8i|4@^&lfRgD2>A#qGvB98s&-_ah)lOh0+xy!GbHgk@Ap>@=#Y*Hk+Offd5zm zCS=uS=c`$pJ-C)B_14z8s&PzL*nY7SA40txnv> zRdv3t{tw&}OBO9Z8zk6q;VtkM0lMUqGK?D@mrnG=4sJ5eKbr%5BA6}*B-Ah*)^{lo zo5 z9myFLr?{$Hak?*s#?L2_tZs{PmJfZub@~BSpS56~pOEbJOuj zC&{+u;jFWsZklK%7}4#LLA*K?efErKN89yRZ>V_y-?&ScWu;>CbkMRkIWsmri_Fe| zFue~)e+7l8r|!K(}@?%{gq34x)T7N7xwPznX(E_@^cAc%oO z%}09nsBS>hgiXc)Y}30e)-e!DC=>b_$WD|bUWHIC&u18%*)Y?Xg;O>@#1rgyBl+JS zv)^!AH$Ywx`34%ez^`$X$SiVUkS-H{a&Dh?`ZG&mO~(AQbzHL5 zhM+3Q-0t8~y+yGhdje#c8Ui>SBR-rL)V`1CWJj_Y2i zddWpF>GeE=+;WmA60t^9d`iP_)|G&{%}60Q%@&)hE1E~{?PAG&m#dMV7%A8P4JK2{ zURuF$*1B(Mby>EV&f0aZaCy}he1|8yTb%6X_42&OuM#RE%+C1vxxd}7ma30b5c+WW zy51kZFLvYWXa1~MI=g2paFRPMNpCY~as_e5Q%5xRI;;(!+}*Js6ioiR7s zR1(v9O_s7&0n9`3Te>y7mYGY|CSs5BKv#FsSeXT-NQiAkdzgetl&9cVZn+|O`Av0p zT2nVpE|Z;)A#!#wBQgrQ#)+CQE@)52dw z2B#Z2bS$=Jzp+mkAzv_#M6Qwzy;u7ThPlmE+on3g9rDAPbfVa`^-Z#_&92QXDGkc5 z4A%kj+Zrb@2NqQWcr8_L*?}hFLCfiScM}hoCD90%FI?ECu$E)o`Q4Byy7i960FAI; zO-p0ionkZP1Xsg%T$wjavS`IhCO343o+vOGFlSQ*PI*9G;I}aWF@y}Rh=lbaDr?$q zG`wX>leGa3HJV%hrgR!{lJ)M-w=eRSz1|)z>gk$L`%E3qEFB_lZJuF;UI-QQTD9?= z{ytVbTgYa2+^!V6ohNV_4>~<Cayy#SkA`C!JlvD~4ve&tTskkRA ztukTk|IFr*zY|>nHOEW;C#p78$)N^#s~|}?S9|WY;k~OAX9*pn6`YT}X59)|(IhkZ z@fU$}8B#@hj9K*tiwKR=A?>lui6$YG48=&88Joc`DSE5AhXnU(ljDgpD1BrOM#LQR zTfXZpm9smH$ZX#!-3z71=lFGTv#9r!kYqQW<9F;iMdlpMq>?9^^l6ArYRH}~K4k7C zM<%=WTsXC^bJ5Gy`&1QMM}jFcyd#kA^wVT&usEMazKX(jyMDZ-;Tbj4RmliiP#y^kY4u#(hT_Gf3TSO+2;ZrD?4KbgDLY@S<# z7G$z#kmVHDzqlNu*Z!5bmp9j08qAj8$a+L|&77KCyosNSj^nD*Bff?-#jE=-O(FZ$Cwd@-4 znfsN437R5X3+J8sbT4$odeTIlXZ;87Le!a;^{n>JQV0s9}vEcQKPojY?5wM>DE z8dT`US`ee}BD2?`uRk#tTaSU>!LrMep%u924Q2&1B}Qm`<1TzFGos!JwOaPBj72hV zKXp6X-2hkRG587lq)Ti++!n#7Ut61mnw8xb5c3WE$K|NfP80w zlZZ=V2pj0Yio@0SYn`|;$PZ*8&!40vn=omOAbV^`CtS#~A*H9V^-Rg@1HWME23LY{=-8QIJCHPiG_$rV+QJ;K&^6uU1k6n^V*5{uvI*GF*+(boj zg#M73KiyBK$M*3YHBI1R1F!Su^T(e~kGs$XqY=0)+A*?^*=gHZ@Vegq_qwikZt=R_ zc~JMtgSoCB7FhqwT-V$9@_L+<^oG6_n|(XXaiEjCsoC4k#wf|=26eeAP=}20cmj=k zr8vp84H-ggZ;~A}klfid_lN6qH+a5j!03|( zK}x02qBrh)e|ExFhy12Q0)GscQ26mT^RI};V7B4d9?#P2rLP{(gN6OrV2}jYrEk9T zp;4_p!{lTm=PlsnOJ|yue9@9&;8k4lhr&F|;ii8$^h{x9jO)AVCw)n?N2%hm-r6uD ze$O;Hvz!)eiU$+0shJgN&Kn6jD?BOLcl3sriCKNoG_@UillkuOKNg%ypZ;EH{gO>s zEK(-tFDiei*l7LbvD|hk;$+CTLf!F9A67EP_V)Jni)YW^|F^fd%m2T)%v&|i95 zkL8X^<^1E}@8oes(UmKWde;3C3*U%@Ya!92 z7|nox{F{+CeltrWWX;7nv=#T^xAItDdVA-V()mY2GPDcd%8j0GHpZOuzq9?keE+|A z{%r5@{NF|K5*HZ^4yk4XA*cJ~xFEZM)K2e067ec%zLR$@~GnGU$(V#UHBR10ydag%Di-%_B zt_xoziNs|R3mU1dSPX>9wDlt@FM>1~v@X~bd;#`b9lNkrhYVSqGTG{6-dU|qW<%ZT zxV5%Ml)Jbara2o?9`Ad>IR2+MlNPZ-fUTt0!hhKzGf}oP9}u?A{?^vzHjz1Jb$GBcTv{XNQn-vtr1K`khuo* zrsU{&>*%FT8(|ngaAQ%5si0*;pS?H8;%E`Nb3Iav`(I|A|IDp;>tpWj80d6aYB1;g zKmTTXrzHRFyx4g>|94XU{B!Fmnefp*Jir?H4+6Z83|PV;+b2)AK7VetOtsc2(_@(s zN|fkp;=8Akh#`K6gtY$r(>-^PHeyoXp^s^%0@FjAtV1lP_63`^N&CBZ@7kn|cTStE z$6RUB{`T;+ZT|be+8Z0B^Z9cNrt{~Y9UO7)2&PF2miv-LFCnVlSvX|TIOfUV7$b+` z&#ykQ5Tc_SHn>Bu5lcemayUTR=2xFm$!xITENDrGT(Idr`SVW#VV6ID_Cm^t)X337 z8iv~Y8JD?Vh&^LgB_XPMV8!u5Pi7o5MEO_Kj3tr#`I7O$Q16qSmiy4DZs3s0sA&Ti z+CS65?d~6rV4AplXz}ecJ-Ce9=S+^W6dDg;4`=M!4K^&>D|5Qrq>ZQJR(1|I4cEl` zg#At+XM`Kmt{lEDMkNBTLl!Gm>=p53nO?C)p;rs<8L$VE=ehE4mAv;C-;Y#8CHfbN zQ7RIa=xi@SG)`)huNH>A*R5O1S6Rno{~(Ld(QcC<|8RW*nZv>yF?S3gTc107Uiuqz z@Gy<6X38xu1LZ$0?p2L@$gtQON1utkaovg_C~oXNhMEopR{S3 z2E}L>S)+aOSJn1mR~gQuwkVK8QlkPfF^AkvJ~*`z$=|w~vLcV~C! zQU1G&at-+pg3?ksVA{7ZAO7$BkK@uMbgeA>uybUdQ8)ub`h$j z`e3v+@hjaBP=4IJ#USOkxJyvkrGE(^@x`i94%BXPoKC+zJj!j77d%z6N5duP%{Mm& z9S%6wLm_SGv86ybtNH3cd35@6Q2>TAS^|DIM?ISI9PO6^T|>*op{Bqp$z}Kk_X7+n zlSdHP3--PaT3LQ(XX#Z}`;wwbh8J{eoM@gqG3*6r%xATKWuU)Z>|Mg_8`;#bA9q*yYu&7H=cg@e?R~F^z-Mh z+GM=|9&$yrIMZO#XB8KwA3&d3*!HF6na8qRSy2AR5V6;I`~Ay&`G0TcS>^qAd;8g= z{C^i^G5H^^kn^Dw|!%%Oi^322V+BYyrZv$Sw7#IiZ1+CUkiVoO5YJkDU z7WjczW`ON&vVTy~k>!`Jw#_%|{&-7A ztWDYw{12L7)z0>IJHNgwGu*kY8SX4G!<}q~m8sZ6YaLI6JY;cYCjPQAy=u*lR6(#& zd;u{0#;LO#as#5@zCvw$c{I`?_L}Js*D@fl%>+c>t8G{SFL9UzerD5LY#4|aQIBhK z3HjReP>M@;0h@8{EJ-KJzV45AV$)z)WqIR`I}fC}uC@#+Wsv1J!4r7Zs6xTlMAIay zXV~VY+`n+P@^ufA);LIz4@Nx(|+#a2{PcI~$2!N{ow}htaNt zns)hh+s%U>SbnweWBZqcluMrbicMHTD8>e5zQ^t+5ph(=sW75bg8(+I0EVZSx?e9? z3PC$7;rdA!Q$A8Fnf7;M2`LEtP^dN$S>}#Rb#pAnrGlYvt>ugFAo_J6x_Kwt7hB)% zjJn1W|5|EfpQZ}cst9>S`jp4F`#$klZnrGR|DlKb?eKrQ&v(l2Kil8zJ@S8dQkLNV zJjDy9O1JTe?8|V4{jfL#|JNq#n7FYG|2&1*MNVbw_#ZuFSevx*^~SLjO}BAzgp5y< zY`~S4Q^PZv8!*Vm4BRKbvJ1^uTRn^0mo?CIP^x8q@x*0cZ(aY8W#6W-2R9@4v|nAq zK|_niS10dp-Y<3LYn1w={a3a1SG5mT28C*6xWKZTbyLuj>t;s7MYMVrxn4pnEOHD8 zk*yh1LlUrJn1OWZIF7NZDxqG+-Zo<2&Svws-HjYKi!Y6fAZlS&9;@j6Zcq!RXCPC? z7$1+Um7$LqCtf$5%u=K>!U3Tvq<|~@8q}gw@n5aN&^GExr#h+hjwZtUWZgHl@w(Z7 z{V0QFzckarz%WY3dRX~ZngvUn^6SV0XLA<4|Lv>VwHSc8_y0E){m;(x$M_F-QkJp* z_}(U8fM|FI@mXR>G6--ykBkTT#%;=E&p_nx*=EfWS|Nl8|*F zZFsPaEbAXO3&?Sv|6fa*s4NCwo{s`t?(WRh_zpW;=7a3F{menPrb9wf)0fW(nxl5CNE^4ZT^YmKb=FRx zV9Dfl#uMGp6JX)&zN!~nl~p^z$4D*5tnHo>&EYo8()l!Hm_x-NX_nh#fz$4uuTE?) zZM=Wy;bFCzhdt{x@3((j`u(=@fC~X8X1~-Ta2~)z*@E}KHHN+w`G03;XSX8%@4k4v z|L>wKA^&@KxzaR=sEp9IUNxRli#D!0o`|Zwdq(5R#}bU%;lGv~xWqD;@UXcFe79|? zNDF<-`1<-In$Q7@I=yMJg$)%`@3w_L12)ht5s5Xu3{=X(Kv{PL-@O3T{%R5y zYs`af!9U@q;9V9}_mH4HmZi#q^dB+hdgOnu{I~t=Stb70H;?+?J1I-h|5u+<7uG$o z0#X(yw^?BDX-ubL3J-08nmBEmAB>P(5iQ3_NM7v0pL}#S?)Uj8((Y85E1cvJgbuSI zgJ7Cw&d#C=gU>@mi#)_H5Yl-Iuop^I>Dl?KY8MxRe>*|s3PM8DkdgM+ZPNbOzW$j;G}JF^zejvxv|%wP|&JX4pH_*JcbebCsF5LAD|9CI=ANq=$w_j`@gdm;RG0 zvTi~3^6i|Kf$=cpq!vvFA-JQXlL6xqZAUU)Pz;1iZO zwqmT9v@X@z&F2}TV>&#%QAEN5au~AR5!c-Mab$pMWkY-`z8sPmM-0|4l6Y#a#Y;wpbYhkQ6L>fLne&_gkhr7i_u^*@1`wH=sHgao~c19Ygz(wA>A8xnR?J zli;_W%xNk)iUCdMA8^>s3`*>&P_3@N9E)cTWl1p7pgs)5#P`>b%sKo zX@r@}0pUr+KFw`@b}CIWPA847)v?@lzoCb`6To2^iut1Fy@LVEeyKPIt!(qYYqcOu=4>$I$%@( z5A5up#oo$f$yxd)1EfSXWNDMIV6bo4Fh3VnJ0L$Bc|Yah1?h9Cbe^-%8U@(%8DVEQ zRooNOAw1C@y)<*iFLtFiDm{ycq)8-38Q`!R+)mOV-wF{kniRYGdC0(OTMI&?h^XnP zCs04XK-U>M)G<1x{XqQ(kY=!-SCmJ23~OX=oGwI-dscro&qslD7Iso-K57{;_$ouW z{R7f&JA(0*n@{QIeEH?*OxXul)pcxl&a1z(O#-{qS!Ii(E+5&CNS4dAW2||sf&tS% zvgvnHj0`6G(FawV1SNF$4sFh&H4O`GW)2KB%+No2Oa+jp+BM7^-I5H$UB*IOj8oE{ z7;@!!ldopPY_fZsb;kQyfBsE{mx%omKnlt{tYLBg59U{{FneaydKlIY&`{SinY|*t z7tdG{`Z1~g^x~&@mXHoMmVvYB7JMUy9ElHn%xy9v{K~}?JMoT0*+;8>m)(_RcO`Sr z0`RrnG}_*bY7oOW1T9Ym94)TpWma8Pr@A-qYh0Aj^{aj&9yhcqSF`51)Se-nfrk#3 z=9jkrOv`L7>#?|GlB^rLei)}iN_I9j@SktTBPMxBb~ecRI8CdyuB^w_$3oyPAGe{t z3OTP(zNQ9jz&@SglfYpdzvdd`;Px-S{Om!4wEt(DTw&@&NuDp-dCubjmuDf7*C-r0 zH5~W*F{?d%^+A#<3papzJ04Z0H>1mX3!?&an))c)WGW8MX>g%alG?1t-YsrVq~lP5 zomPwRr&x0ySNg?R!WFX!Znd4ex||*Z2;8r-sQzCINeAp!?7w$*UXDVKRLDJXyqxCsx;U@GqRwEYp>k2jetbc z_M(1fjjMSi@%OJRNdI*jTQTDrH^3bFzx`snod0p>`Oahhw>v3I(fT7+_T0}Fwq4L8`zy5RxE~j!3k?H%v7MxQ^RJ&XjCU?xC6o75 zy0Gl*Q!1n;fBuSL+w!9t(90z;Wt;P8Okm;kf+PRm)1yq$9|0N+gCj9<=`i zO>JOmpug4U&!5}miu9;rFP@Q3Ct{(9*hY;4<=ZijBf^pinNW#_n)t{}(Gqm-{*_>X zo98xUH0@;1LGyQ{)Rm{CgfCzSk;WV}63YAmk)aINYnSb{02SU5RqVS;Q_uufT-eKF z6yoMI^_F|BH`Q1ts7wsVMw9P)u2*dArQvl}=NE8aijliAaR=w_+{~wp?7A3~HZ+ zHVQ9#9y*i^MuLWix+d+qJ#^%L@Sl(6%a#TC|4S+po(!%h0?gI_Zddfbdyn})@1`ul z|No3QKxj{lwGH?xMI1w9NIICs_Gjp0>z~uXjPPHlLg-m^zP2}CXG)WZtY?~uwlg|x z6EC3Gh7BE5j^1^JFSOtBBqHsO{N#wfVknTQzvERn1LO&m#zCC{X{XRL(S5G3Q zS*Te=)(uPU1rGcCdEfkE>U{pZu}Lhmkz}ziF`x%NWXDq?nOP=FBJ{$d6Tzb@v~Aq+ z6oQ{a1WJ}nxD*MRO@nb}a|Fsfy}S!TIR@R1rb*PXqjbzD9j|7~(_K7X9{)wkV)WlL zH`)3aQl)4TNxJA|Fi-#U&GSkuTN;GdBxFiwtK2o6R~?e5j6{ zEspD~zv?VggUm2BAIUk*P?fh8(ttG}FHzpx$MrVek&6P?lRitP?=`Ya-h=J3;#N`U z&zj~f)DhM#^$_)bQcRvm*5{uV>gIw?18h|4$yxIGHh#HOl-nBVP5JzW8Ri zeiqmTUkBK{BW__cU|&!s8sgSqVO^)nzA4u-?>dDY83 zjrFiubSU*>D6whKAU2!|p&LX8>3wP!My=_`&}V06;Po-KKhJGHUwoO}{*qIQfM+ zY*g)+S1p7(NLPWpQZck_PVFxr<3szzrR|}5dj=31&P+4*)zn`A3G-IB0H(S*&4$>& ziy*(q1-CL;eua1aBJ;k6Fz>pp>F+v%{DR%ASd4dzSYqF=DZ)4Pazg>$b$idncb}Xt zbH)lh+bs(3w|LwNOSs87^KYbO4pu|E6)R@U`CVdXb1wQp?rJ{$IXmi8$+{i$f4}E0 zuGi83h-4sEr~ld6-mAXa z9s4&>h+zZ&4BceZte^R6IG5VpTXJbGx37&WU03%?8>g6FKpB@)oq1|FTXO-V$NC+` zbSH}yxXE7#EoLb+iGt+lQ@nvx`__-><86Yv|>sS~uJ6 zJ=eM|tea_KkZ)5rvr-|ZaRu|#Gv0B!hI-~!RiU%wjR&GMo3(_S5Wm}3g??#e%RMaD z(EsI47E}Sw(f{o{|K>$W|MzTn_c8v@os{e7|4tAA&i>=|%JqL9ZrvLdU_Pg26`*&F zZlneD#=0FXU_F4BQUrQk+|UiArl(p>U?$vV^?g}*ey@geaKEZtLpNs(&uC(Xj;VgM zS~IHP3mQ+=gRWVPP_5o9Lf0VwikwWUvna04g2>ycrO?dZrW_rLT8f$>${R8R*vlFZ z&BVTicHnjmiDs|tJ}Eb@$KOXRAb#XOj#etwfHnESJZ3F>bcw%Sm?x+%#ZoD;Sub{}`mw54ppsBUBym37AL`;Dc zICERs=sUh*qqyr|Ouse%id;_PF~2|WCPP3q=CoJ>LCb^8e;272`CN>m_41y2bE(%? zZ4{R?Lo93@W7&>ZtQPZ@xFp70PdPTDqZ{hS{LOk8DzXaCx8xQy@Qt^qr&%rkzwnA~ zg?i*wf65-U=Ti{ihpR_(2Hq0?jHMNpu^6oGuQXzc} z{jX#ZUn&sX9RJ@JyU+H@_MbbC{=auqTGvqkpBfBUKYz1&`%lEJd!zb==`?G7;q%QD zzBt0|=z1%_TudvA%@$M0HkxM^I=Ns|6{JwN)Dc9Sqmuu@qW4Uy1_fTBGp|W7!8UCS zg4(RY)`tI-Q?g!4kXBkpyUw6vV{WTz1NM9E(wyS3N!xy-Je1}1)%B)mRWr_rD_=Fa z6sR%<<9s0bRTlFy_ZTSywxyJyc5N6^$SB9bTamGyhSN%Wt>Ly)!w|#*v8+p*`PlfvhX5L z@d@yT`9qISl!K^3p3Mpi2qg|Hg!PK@3E?|kIXyNhf{wflK%EK}R$P zmVfGOZ(AO^VYHpqj<%DHwg^Ai#0Fx*lUmr+EuotHq_hnr^*8~y%6cuw`Oqe`(ZaDQ zFzaMsyW)w*z64V`iVJbha%rzYp_20)jS7|ealORdTZ;!+v-zLqjgQsr+U#T^s%iZY z&1Mk`F#Y*GhPh&bOg&bRrk2g+U%}xZ+vrB2$!5ozkwkws1D0W#OExw0w9j8t<67F~ z5Os5pWFf(r&nkO=J|3F8Jv1dbq|$pS^LX6q;m{5 z8tlM|>H+K?lDbvMT9%-NMiF_^=@_=i$YKXynd+7bm|4&y3XF)Bqei~_-fs?o6-e9< zp=TEV9}HPM;)6s;cB3)o@c-M-cT4^sJ1@R@{+R#cPRbfNq1sR?Nal*0ZLXb!^u|1n z3>8mlctHnD1+6u5KIDq1aheLL6;VSL$6yjeMpTDGo(wjLWHHrzVz15ocbY`4HIlFa z8d0yK-ohHIlK*ETAn%fRN<;!J&6G&WB#C*#f>!YI?Bkia{J|8+kM2V3Sp?w@LsY~>yGXm~MBLH1Ftr-8amTTg=?y=XlR^eAmT z{r_5PAMi&^LY^wr_ZH?M+G zbi*-bpa19Pw3pBS&d%fczmu{?zQw#??lipSJ!!a>BZCU9)*<=u1B*w+pMPC;L}pwAJc%yN0uFMJ#1W#FCIR%e|Ysb>H>}_q^4!?vw4{Q}D?d<=A9w`&mjfJBXhY z&Hil$gAsdF4O?FkGkuZ`JSF4Q@TplXm={g?dpGW6r**-TXrCAfo)6y8v^8Ry8t&Ol z87EvLGC_Lipg)ddG?j!WZP#ivMb?P4e_(Me$j?H?Q5z?*wnmN6wSY(?Ba%un z;Sp1WI+#19o>^DQq#~C?9u7%J6TSc0Iw#fR~)qbn(GW)67ODOfyAJ@}zpF<3#fjD^4+$A_}_+{Ph_Lnbf?`L#mnDG z?8TVR7oSfYCeR7xF?_RvpFPPIMZo?g6e$D2Fyj3_1EyWEFrVofIqdg&!ZkPZyfTwA zw>XbjVgSG-@yiu?$y6vgNQq?Oaz$Q!N-^8wagvVp{06P7&g?Sp`>L8+jyZYg;u-o@V*m!_&6;@BeCV zbjhrl45^F?GciBh^-NL`S&&pl6XH$cI)*|xB|_CVtOMm7!q{xG9xYpc;hVdTQSI4 zk8Wv}G)<*QB?m2TR;zTY2FvdF60=mAYStgeiWR51=q&yAw>L|kfHO=HkmVhpF-zBe zIY2HuOWC7gWr|D8^7PxoBO;j+V;Qn#CcD%uLmAaga^YDXoxZ#VAeY8VtG_S|lRs5A zONCYm9Cg*eu>x;3$k{|OtzR*#Dz`IH z{~$2HvtXPKB#l^Z9FFfLhBhB-a>?VEutbf)1ise7f50a!K}F#ugI};q5NlBC3dnJv zbn_P)MDeb>_VDF{+tKt;ic3Nh0uuzu2!2;aPJ?5JGbR*-jUeZ!$^(?&*xd*3g+2Re zXM+?OFnb!0M|3cs;kqm7<=SQ58M!N==i0@`Tn>AJ|JThx>D?>lR$+)b{c#)JC`kfhwm$=yt}SIr9)bWH=USJMY%7x|>8XMm`+7X1}hlK^-ZC-pK4fm6l@&M;4Hp z1*GFRM%!@JtzE!N5neEfI7m*}fGaJh#G3WLr6ZEuaSc10&EIx6@)Z_iEp&4^ zj<&t|eykH3^7rwXV3xqn%w^&AOCBhPe z`KWs}7mL7ia(Hr_@nYFYP)tsE$egW+5bf-@69G0MJu2Jw1e;zyxX~h(N@hd*BtrAB zr0zozFW_RU7mLBx?)J{#x3<68+WFfSO?k&_tvWpE>~wZsYfe zap!RBX6@XK=)%0c!#4@@-)=rRbHN&5CZ0i0=14GBjC9>KVrsmbFe!P&x^s80_yA(+ zA4!Jv!6{PA$0_-JOk)G@$cU0KjjGJJ*kCYii;-9t7L~^1T&1(no;4ziz3FEk^Bdlr z5AeoZvdku3H@q4j;LW;Z@evNq(Hr`MX zLZodU#H07c_b3NsH}+1u`rB@MgS2Co4D_%~cD6}dX(^IH9(=&ie>+U!?;MFY3AW!P z*cOCUta~`JR=22M5t&(T9rnSFs%}AN>3ro3H_awst&|xEJJ34tVf%p01z-K+)I%!n z9@awA0bAXZ^q0AGSND+pWp2IIJ%4AIn;Je%X(LvaRq=KAn1fpp>vfNrEFULz8fU>%l88yfNAs7;JYm3R!4O8u6P4Rj`3mWA11h5B zckxEZ+&MBg5~7A;97hDFfX>=(n9WSU=u7tdm?b)%y2fEa0O@|!H8-e{Of1&^r1^Y> z!|lE-tqjo@c>cLXlv`QXKJL{xRNxK&?U=_AVabF`k&Mt!LUJ(F0%jfGVkoi?%kXj; z%GSA7Epy>lmr-)fFz4t*@YZ*qYb{RjisaeEpu6%b2bxK#+ z0Ydc|$VxqiMtf#HppN6(J{&6|66;7m6=MXzSTSN}VWlSbsD)s{bw_Y-thjz z9Jc>WvcZ49%}dbc9sk0YAkN}$FF_FNf2K0w$zZ-rzkvLHBN2P9P`ZEscrzm$534UN zR01jDm?wjCIxrl71s0(_G1k@-*VZ7K4uHsKMycK9jZ|A}Yve3tA*V6n06`TF*@!C7 z9NKi1dpt{PHMQR&L{C$;Z#v}3phZZOZ`ZyvwQ|+Hh(>5!%N2=5NHvREgs@L^l*VkI zM9?bWqSf-8x91FXn$-kE&dq=Qo~@JjRx;qpr&deT!MtvV{Ejd;6Ee1Nys2rk{u$U5h*5$}mHKR`AT z@mx5$@V!`{cn_3;4+I0pR!iY4_fbrhnumhl4~4>@Uikzyc`xGeh`Hx-0zGY#XDno|6ogu@VD=ItCdncoY(J(jU?C0H!>>plm(%f zh0YFjaMRZc+ktRhBOYK&09Ydc0hsg}JWhDSW;k0kBFfPg!dJ{$r61|d*&aDlGJmn7 zsqOuOP2bQo7o<^vN?`rD?4}WQ!1n;UN;9{tzV3LEYvYHc5z|BWI?4g zWSP%Hjt!(E$Ztv{W_kzhKLbPa0uK*Aw+(@#ioJM7I-Q7xB4Qh@Iza4P3lKX#Aa+&* zh@D#i#7;dRT(GR4oTIX}WdPsK+GP+1n($+q>JF*7twcg*_yf zR1pwJj7-$$30FfF-gv=x;*$ z@dYs9g)+;w>`bPt3WqcqFoi*)Fj|-Sp2xznCl15~EeweeG8LJ9e;&B0&!`?t(^V8< zP$yjK9`aMri#e5+0S2p(Y$&?|!nI;?--uXLMwZLSK=$h0>!8(o`t)ZonX?nWWRekX zBbG56Ww;E4|MB!`tJNVV&Xn2ytPmV7x)-h&e2$9jNtdi!0s>&@O-WDaAvW5DQG)jl!e77E z0Hs{=Mct2qZr2a7fkt1g4*AJI0eK=Dx2s#3(_}9wOsh|S-&(V^J21J9#qv3`F$10# zkqK?rQ7% zntjZtk*@-sBa3IvUmBhnGi^0%-bG;8`$V!nla5S%5dA&}JtI_$L^w854(!_OvoqQK zINAF+;se~`t+njW&RDTdNEK5X_LSI9$pAOctw9Si*)z!UlVbgGOk$o~D8vOfvKg@u z6;hA2ketS9OEM+m3G0~2?ZSWeI;l{)lTQTqdCTi>k(Ja`2TxuR+`Tqj|0RR6y>n*?lE(HL4PU?OD diff --git a/scaleout/stackn/charts/postgresql-ha-9.2.0.tgz b/scaleout/stackn/charts/postgresql-ha-9.2.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..26b02f842594a06e4cb505a141a69dbc00b5af89 GIT binary patch literal 60888 zcmV)EK)}BriwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POwycH20zC=SoxehM79&%~b3lrM>s-a3<6$1N*~SNo!EJKg(y zvwJxZ2}zhx1RH?tc+z?I-@=UqNbsVIous!pYdRJQR22$^LIEgLrG)VbMeO%Dn8Mxu z6jI*3hqL%EYkcUxS97%HK?`p;7k#&gCI1&qXVQ3Bv3 zjOP(zfKQQKkfJokp={{}05h1t38FgyCV-?U2^g8v5CKj|490}20yvr2^#DvFForlL zw}=9gSl|Wg6eX;?F(sn?rl}Lmr}L5BMBVybP7&IjK~XFFqeVE6m|6>wm!hFAiUhetd~WKcfAYFQXr${pSa8fBYhZKmK^QF+mBUkfW#vItP0P z2f^OUVDH8C-a+r+pm+GZ`{Uk!>>s{*{`|-Pf9Fp+V%Ph)PASV|N}NLpjX$~)Rv6K0mJhju_nk};mlDT)9mV9r$ii6TV` zsX*MHQ;HI9tc^G;Q9*1^y}3ja%s9Q@Q9pPVg{ff3qVSt2ck`^fp%rT6SnM7=w!wPt9~Kze1^8z zb{Ujq{>&Mo0=aEJXYaO5pEB^lQ|CiH=oB(0%ugG1_O1f7`Q8B9n5Z`B>|F(D^SuGI zGL7GR*rL8Pa>oVG3fs`bDUGd(VX9b5wyDC$9_DFmO+0h~G+;xYFylCxs1X3p1<%MB znAb-1^{AK9TNV^nMT!gEM@k&Qv^&B{l-_~UdJRATX7{Gz&*)x#7JVfP7|?c2@Xy~ifHM_ngt@Q@=pbXY{tPna zWG~F{$zHg+pzwNFtnQAk?6u23{aOf+B1?&FeQDJbs=Ol=Sv99K>ws<8W<*~u9&97Q zl7f%(5z_ld;KCROKhH;qCWs?u)(@iRt)dc14nz={Rled>NDL`+6f%eUYH- zqCHcy8lOKhWJSQSO%+rVo>5_j1$c7T@7oQL{cCwjaleuT*q*- z7Hk{t9JaX$C>rP6JJb27tF}tz){bv$dY8iq+jTf$8DVlV?PiOa3StXur3P4L7pe)G zDOV4V!%00L4kz^x(s>*YNsPk=ibOe(%7V=R&8qM!MIj#F1HED0yezDR9HG&ClEK7d zpkBme!T_6+c^ru`rw5p05cRYHVk|B#6_^;qB-+XcsH4Ck>@fzOWOJ9y8Yi8f^21TX{7gu-L|*$zN4Lx3rR``O9( zobVw<3?=-T!R3hh$4q^9G1-ks$aaN27fj|jLc0HW{^^R3pvUJaMxfMe1fwy*7C8r2~yYQZeevh>~oE7-Fn%FoX(Nx z?t3x^cT!Yi{1J&S3?V&9;$%$dOdZe(dxcD#{*lt|n>Vb1qHUbhqNyYJd&MC~<9U3A zc)@VU%m$4s&JCFgJSmAz+o1v}iC6=^3|bvZeN5LU^Mr%*`D}!!5IgSkX3wFUfcq?qo=XrUo4pwJ4!L#{HRG%OYexDOMpMkq6O2lkGBXSW3L4xi;O7RTR z`>r9|rl<#=R}nr>BgoMer;ww`eV5;-+1>>EJqAqkN(^?U3jtBcGoyLNKuD4hrJU{F z5&AJEFp{r0C2@?XJXST(cQ+L!fyRR6@Za17s5{Zqr%S3?bqZp7;F3ti@m?0uU#R^q zTcm;+{B$*^6Vw9-hyUAt`##BbIP-5Cz=O92Ynj8@m>&|#nYBsdSPq0*=8#=M;j?TB zaQNc+K^3woVf-k@kRb++Gm}TiFc6;rRNqwfHXX+hy~QD7L4vsGM4U`^VH5=@;S?hl za3U2O;$a{Vus}@C^3Ooy+BNO6Xwy2VvI*x3nLV9K@--3V3AMC^MIsxmhS#8dd}4}4%`%s&7^ z!G|fN(T4@Oz``kt=F*rzw^-WqyO1$FNu<0cBtpBJIN{P$AqosV0ZgI*CLCvPY$iEP z&$q@Z`j+DcUfF2=oD3`Rpa%q%iZqKI0(wz)9)f=H-x8tXWr0d#AC-HyT-cd2s~RIG zjP-VIW_qc)Nbef9CHf<}FVQS5DY`wShR0RB4= z)^x{igDSgN6BKVMTA@FhhO}qBuO+${Y@1s(WWW6Cz;2f5zUtX7lM~Z8&%7d5p+b^mdVsK8l;|*4x0CpPH-j3XWs_n{bOA6~wk`^xJ&t#Wm8#cO5-2^3I zU!fRR3uCy5{$J~i9ugSCMPkXdg8yf{(iu|7bYc_{hTAu=(gyo z6IM=A5|hdORZ0PwE(%QcNi3 z_wvZ=T%C1Cz`O;abc$H4X>MMXXN1u4(>aKokifM5275c<0cc4>Ak1VS(7tbjSD4;)#RR?e{eci`)3+g5A5&l?JFAlhErdS@mZAy_Gjfv z9kDQEI!}(+dxj{G|7m7=25C7|=Ono#gv%YuCJgLZsV9I9WN``*j4qP+UQ~XQ3C|j7 z$v3sE?H-Rrs=cX_SnAgyOqKILM$9S=KtxH}1OM!t53X-6kACg^mVfj&&4Rp9Pmyno zWU`Ts65zDiE?R-UcBjOgHD+h>kvguhs?tIGKQO&N!K=69BedJaeow z&FO^I;gsK7Bb3LDHP~W2M&W%Jqj!XSWZ=~PsdnNyfcYMgGu;Eo0ppPJd8+4N>HfqJ z=Qx=#aEl?h99&(4qv1)tDYXHBOGup+D-Q++$?Y$YGJU45xg*%1jtx+9iz!i7-z}tA z$c{E`-Vh22z>&Ja}{T{`C6hY;b*f(!a_? zTCTBrpd)0glO1GRq}6fVF4sR3BX*1@XE0TRyQv8UME$cm1H>+=-LdpP%iwZcjH>Y| zM^pv|68f$F<(`L>kH+n)joee^&d6NY`ZgXgQ}0}C+4$*#b3$kGtZmN3non@ygN^z_ z*F%s(R7aIqB=&O$fPp@~!rXQXXkvj2qz)a!5ei|3NdH^}mw}LDv2Wg4GmG)P0Tlf{ zM@)NC$9RT$%Uxn?2^*4GI+w?e+M!3A8^0njXX*@;BB3Tx5=q}4p@htlxmJd`Gm!TE zh!MO+$}wFk7qM~*F_~-f!YRQa%1j4AO;_DDgfSxkCm}`h>>`}PBvk)W&ctj2NMer; zrsO5YoX6Q=lqO~euz5HY1f1an3odlQi8|ek2)KiZ(-y1RJW=iClDaX8V{(TR?V}Lm zM3jNizvfI9m>sB8n>M~u` zvEW+zAsI&NmxhInW>yX^6B-3j{y>oh+7DBnC1zIuD~_fWRn`s}2-A5F931Y=tamds zlYR^bhcC~ty-%jAtGUKTkb^YTFO4Gukj-emQT9x5_!cFIG38LT@+vRLCe+={3{9Y% zwW^H)MZ!>&Dq8i<$952eHp4JJMlrlMOWhOo4n*RmSRlx^LI##VkUFbrwN_mfCdV^G z=G*|iRzFvTs&|&IrxdX%i6ihvy#PFWvm|6T4}~tsAz!H%jgY0$WxcGjvpv1o1JC!= z0kOM1u&>^_EbM_p`L;-C4=9_x$eJE_SvydKF^|9UNXcmM4i)!nOBjm{mZeZM4wt2% zwiqx=!EHHYmV(`K(0E{PfWq5_hRxwu8#Q{N_7%sBrocO5>~F2=FE&~h2H!YR7KYej zlq?LhY;c0ug3(E)R9UXdX=vcejKpx6`9hSGl%o zHz$l3xSJwAMO3Vc^fy?6V~PFyXw;qI=qIXF5# z8+2#UrW7@tOad4fW(IQih9tolQ^o^2Prw#K^5PZxU)%ZFmfP4m#>^Qq#opi;8GrB( z!gl%~ooA#&v&AlbIYMskj71fkFpgj(#}j0#zdW0mmhjjZ>xj!PaEc0JFL~KXn!djo zn=8N{QeEeRP2h*@uC}0y{jDedmx;6a*pWLq0t)6X5_9Jyho}TJzo~nPexGBSdnK{o zW3a#X|JwmXDA+s9G9Q<1kJzY2$goJt?o*K$+_U|_U<*`qEy3pQl+R-81gIw7k^?x# zqxAP6od}RQj1BAZtl@ogN12jC$fuyM&OlP}_uUjxr$>yp595LnE=n6pt>mT?3L~U? zWblcjMBa6MuU?xw^(gybu7MSGnHNlx=kDa)2wu}U<419<&kW|&bwzvk(~-Ve!8ky- zh{|2=Y)8!j(SVNKC*h?P9_tn?%XbiSFi$v+v*t@jH(eV4 zTitMhaco0mV1&kmA|+rWOe+AOE-Q*vm_U%iAy&mL_Gjsl!r?<%0oSXQ!+V4wQ2AsG#Oh1mx)Ec@cqwJ? z80K>&xtM_nF-)tCSKS9w97pFQLaaYU;m2arLh)Jp7%~uw0?V|^!lC$sqBESRi%S~M z%(c+T*mOUN92&He7$JG;o!$Hv#(`M*p`1O!w$hwyOWiSMp;sh@{2A2J;nz$j0zu|G zny~qJj6*DJ5SwO5#kz~D#+10WQ4SlCU9j{9jwptWD3mtixTi;I_Q4%(Y8_oMSbE@~ z{LzSpy4mHG*j%C33YU$$MmE&irm>Use)Q%h82s08aCtU3zdkzcNuR-VazoJ_PO>eF zBpTgkaX#xT)XAl)*9--0iTQ?NVH3f4+cr8i5NDb>nn##tZW6Bd)*>eSCKP~-aBl!0 zf7je1kl(v8nY<&6%em?(ia;1kah>XS%$yht?JsO1=fo_pYi)JbBkN}hk=giSG6}GZ z&r0)%4>fo#F!oBg9(OJ&KJ;YHS$hIpSS@KtC$hIs$wVS|kqJb~lox1q(cF4;ZqjCO z>Mtx5vGyT{0*xRb)PL*MgDT@kqO0{lhm6OK=oCxOaB_wigA>Gn{=>2$I00-b)L<6m zLK~(T_7apHK$H^NqMJ`~f`$~0@h5O?qQ5W|LB*`EB_%i!^Q0(O=-V7X8}`OzA{5WR zNrFK3hmA-~7L3DL$_jW)=~};M!KP?PQA}WTiboVuj2O6*uLb$yJ&3apThgg4U`Rj` z^Gl2w&yy~(sErd1=~ zB`Xor=u3Cf!mn(j=pD1U2|SgpkZEcLk4V7C4Do4ZAg5 z1?IwRitPYsf6Yw#EDSLa=5+*!+Qq4HDqVUTR!36V^t5)pFoRrZT{-b|K@a>9m~Llm zdPC%4414`7AfR)_DGs@?0)IyL(xw;FY(hF9xP4}7%^A9}_K9v-OgMY}Y(Fc|?RMRz zPl15yLE-MsR2^=tA}|GHPeM}`ny^Y-Vi}6|21XG@j3EYIgJ*xsdOanSi#LZao*(!` zA#5uIawD@}DGAENhjTtf2{(I{>ywXMu|LU1SvJajV+)83Z6U)?#xbxSy>$)%*z3yw z?e57#&FHXHGcQ_S(<5L$+FGib{#iKyY{7BgRZa5#mjZo$aXsi+`{P;ExcaGZr&{k7 zE;pCk;1WrgaZk7^XW9r3P*vir9N@f{i z;8+FefK&x&liz?!L8LjG1?Y21>LNna)NvGm9LN)KFv>32T~B2oNEt&T+s0A5zaP46 z`e8@>^LzY3Hdg-Go&3AyNq*b3LYvyV3jZ4gFc?$BrU6bEhe@c_b$$)dVNJF=nBCuq z4>zjGT{i83Kde*U&HuGK!pSb1TJKOeC7^RmK(-|4W|yK|BsES;PQkL^wd#RNv2%cX zNn1dQJQu0jQ6~di=p)U1!B}iKp)JTQ`k!2%UU|l$ScJ!{W>1*Mtmup>AaM%EV;llD zPo>c&>>iXvfi|t&eV=TH%j4@;i8Q5XjOZ1jw}|#}Iu(oCUvrNzlNN%>0?(LgpDYJd zRV1(KP^fB5p|YtIfzRA1j%8F$yVruk5K)fD!hA%m5CR@19k$n+2}06 zt>1Jsw7kJFlDqc(9DuYkl0w);yKpJm_Mr!!iNE*u|Bw7f?-*IGz@E)>MN^)Er4>zr3y?7qV);6+ZQmGX z0FKCQ$%M`d_rNpp_ul^hk^kh>S|$9{ez(z6OM{?jC7D^qiqBx!sVAPqX1AykhWh%x zJ$hiI<<$|@e9fiNNOh-iNkkvfJp-K#opQ15WC%NeBB56~zD02!!?@I-s*dxgxq)sP zot2!)6&^))EDnj#qt&fVvRcxx_9RL0b>m z`smrKMa}H5j!tOx2*Gyr5c*yM z?HJYeP(gNn8XR2?E^m(BU%$&XkaRE|I~r7dD4jBq4-!VFjOO7&=vcTOB79B>{DXwf z@z7EgIY%!oA0ujxR{swWF~`N=q+<|vNm7%N!8-o7GA8U-%#Ghk%yv!hcMxY(%f$B^ zV^lSuU3}40@4I~$u|*3Fd7)l$-L-1MgB)&kvV#>kxN4#UV=&Yt zIaq)HE}r1v@nffF60=m?baNEf24HoJbjA5UNlbLJU$x$N=nYV7VxcSMRs`j21J;Rq zUVye(obx7ZH8IYY!uu4{ygH`2hoeuieE+nue9a!z8shjCK|RIrEynOIjI6I2zt@~E zEEl`iS9@)7dwsxHiP`Iew_3bjAH>yT_4=Ux3FGu0Rt|=*7o*pxu4Uu%dh4$*Hm?`_ zN^yC;5Lb-J>xH?7c)VV?-&8E#!v`K1Un>l+KJHj51h1#=y29^zK(7#b*8^>(u)7|3 zD~H_m!2HvO+g&(dtln3s3l>`yA~yFxHa@O}4WBAZ4;UrZLh?;Vh%GpDI*I2&_J=(4 zmyr?D7=}m&A{z=yNB7eIlqBBEtBdF7&kx>rH%<0`)8ax_{7O%v%H;P(AXZ6yuaL}e za*1G+>A!d64$NSZt3K!+xQ>+Jac`oCeZ>ywM~o3p|7yNly( zFDo73X9~9QAoU?up5V`B(cv?t+OGcd6#O0RzsUSneIR>)g%r*LHif~#;Y;r_#SPJQ zN+$AdcKN1P*2=-TOpSJW@%E;FaehANi^g90Ld&+eY%7WITvy+yj{4HAG$re&Dp zTO@;LO%Uy7;&T4}?B?YBzU(L_;YVF2AxThCPF+B!Xqn-{&X z4+sSlX=&0OfRm7v?lallBe5og0~iWx&!BejDzu#|Lh1bu;Djg(DuWP9i>b5YT=SL9 zR;~ox5kM_S)f8a{W<)O5pdRg8$$X}6yN5=ogRCoVEI`{nr@z(2#v>2HQuo@L@Y7IO z2G=sm#iwGNTqxEbPP1{MCI%IRRu8{yOq?D4*NymN{X;<$TB+m&IcIJ}!HPDO&5!yv z$>A+q_MkS2rvJmy3j5f$kL8S49YfoTrODVUa5P zygCw+Pj)haP?d#7k((OQb~E?+#R@XY{3r#058k#^-)VZNph#+!Ds^D-^g~!*d2Ax< z_HHR+k|-(TCAE{NKWk(pPfxXpinM4KG|A_3k&`@iTSZM;nEHncsiY-zk+@3Q1@-Y_ zD&+{_oRhbi+V89L6Nch(!0;qNk!pw)dZ-KfYP}TS1Cqq|hAsw%gR{!uMGl%qqQ1o- zPdRm8H^7ri$J&BBxnS23*r^sl|0sulR7X5G8H)wYEsjvM1BMg1o|Ov6+P9ViW%ugp zG+VNd?v4AEJ}a4twL^}^8@OhHZ9B$dvsdRZA#YbXxRtzpT?lPee3vsUj$m3;2kQQ| z8gHedZd8d<&`~3fYWN5xqH*h}7Dae-idBjCm#1KaCODCIxOIpO88G65DELqITW@#w z?`FgNAHBZ|>i+RTz&jocF9-dj>%p;tDI-o8V^eu7s*GM>Jm+(Yc0d{<70?EOXIYgf zd1m(Ei&U!5ickst_`FmECs9@eCs9R_^v)`h9ZMApvY3#M^VCA9UK9(mkff%+5Tv1) zvq*}H#dypv(eFZVR9UIWWU?d~aYk-}I_jcOKVj@7!F)o=JZ0*xj0!p;>)i0_j?*U2(-$_^;M(*&D zs~0eI$Is|}*#CJ(zB;9GnA3xzF5+c7v z3*f{cx+C;s9xkGAj$Xh)=P_a?%b=uKy;1QSiZ-PDX2slxDV8@FTo3agGo6&HspT(g zmB~FAqa+3V^Eb)sD;2-wNX6PIbA7cSVEKC;CneB9eRf6f zF$cHXkM1|qqvjTc%uGrWp$iKQ5WRVX={P2Lz`iG2-J1nWa{9W~0nyC)Qvr$6w|W=& zWGr{KWzdc!GEulNlLm)al&d30W-Y|?L_Z;!%}64VvhH{u$FguSPDkRq^Vxx4~%dQsbch*dhveXFuum0TFh9VQpgnVfFi0p%$5GsGzlSt;UYzNI;&as`a$44_ZKv=BzVZ7^-j z6pUgh(0UM7h)~T&4W?*w)x$C3QJPU#4?Sw=DaIac(Jp^X(jve-C}}&8-e9FJP#LYX z4YXnuQx}XK#>|sB4LD>VkdL0H=CmDzM~F$2#5X?(cQ??O>-rJ_S2{3U>Mx zf}KA4O=UA4m%Xaotl?W=s<~%dufj@~-`d}8F5mkUb7vinr@Neg;=7ziI@fWTvkdF$ zHfP~BXMs}%?{P7H?6IheSw?JwGr0iJ1OKuAFSfjcn`tz( zoe~&<%&9o1aE;v{2pee(&O+BAc)=E4$wl}jOeUyN#{6y7%lO4MLZQ^d0Zg-;BA$rW zVNB*xpdEc^Fvb+!!8qRCq=?DP;eiG-Ce-1MIW4xtB;Qr2XuPwBy013Q_quz#2QR94 z?bNomQ7gEPKFLtv@wIZ@Yj>1kSZ*q3j(^#~hGF_@JeS+sfx#k~85nNL&3H*jGLgw> zl|NOWIzGUu<6`J*Wu|?-Q;>bO{7)4z{x@(`IB;&qC*L8o_UJQp1XEZ@q4Yu#CU?hE zKtSz*j!@K{nrYKabLI1LU9R5g_>Ph}VhM_~Bb*!4piLM>g53$a3pA|Y7Q+CVyP>&T zyF*Im$dOKNOgbOSxkKK6>4DDG;B?Tx22nSH>PGX?l|0kf0sW(^0r>UZ;9NimA%`)U zbf=JI&~8$SZ*hz!Xe+C}1D@$iCC|3Ob)m9F$qmE*wyJG|!Rgfi?191gv7kVFy&2te z#K4=&i?a$KK*pM-GF_3RJs}+61Z+JsZV!9Uc0l%HU;HrqeYS1+$IJ>WQ?4%3SHgZJ zo;iaPAup##KMhVh#jg=kzQ@Yr-u2l0ixlOtIdaQd zLv1jyb*XGMjmJ7P#*RMnWB~e*8BZKT`<6Uq(LQkud?@%$e9&I`3iftupY#f9v*Xw7 zpf^8}1$R>%PHmd8Jmt}jss_Ou7{?k$?XP(4jZN+rlpvWEFUw26q|DlLP55&k0cTQD*OM%^3ot>?~|YuttV=F$Cw0du9r4`)nP9QY>ek^V$4E zTj~{wX7@q&KA7q5*A38%ZXYR5{SrNeuWgB{@L8*IR?{_|TL>kGwHBClm~soLexp45 ztt%vq6vvA3b(U9HZxKb2=>zaCa@OHEEK#MO`~ZAQn> z^AUP@VvK>u93^PF%`B$#3O!JO&`u60l9D4+x)sFF`qTx#h>2KeNK~1irq+ZF2}OkM zdRV+Wipj`uAe?6sLqoxxJRRHL%RffUghW=v|Xf-mVwg1Hs)-@R<3GT06C+C9*p zieewLP3r9K&SK|i@r{&`&} z%QCkPXUaOLU%{<%f6wdkxPS2D`rInp;&9w59m{TLtSt9Xc_ZI0ORW-muPnFBv|-qf zA)c`|x2~)qnHzY4PNOU@AzJuci_ZE`wB;hmq5ZvNv6aIa*}(L@T-ge6l+QOan7|2& zJPj7oFNLssn{U|$#qGH`^>kB$={gLg z#ahM*g%c!m{d(AVr9Ojxo^{w}rCnPk+Wouz>K|DRZTED7j;~Uuv!gdLBh2KcGKlVl zkrt|;2SQn7itl6$=82{NY^hw+YC{kZY7iy!INkvXDIt^m1z5L5X8jANgk;xC%~X=% zMYNmy?c}g(nJU*oL&&GH*HZC^fL#zOSxR&v-vQ+$`4Jw=2p-%%2vjCsMo@;Q2RuQ0 zD#=sFqGu#R44h&n@0qH1U?yLZu^O<7;OvMoucq`|04@=XWQ?ziEDDfM#_+#Ul}?f; zLm7kdzflkT_!d`_Zf$f{K`f^9Zn&cBP-=F-vaPTzfv6qRq>On>j{c_cxoxB_-}_RL zkpu?4>yRIS!8GlG*?j=hG(YLE(lKQ!S zlL_Rp+t=g9B2$zH0<`haU^eYa{Z$OvvS*aV5Ko7ga_gkO=na)660HdL@4sZ6Lr#)z*x?%>*R$2?D~piw*q`VN%fp?JduvF z=zH=&MOYLjw40n2OfxZan%{Ei`DorpCh%9C)6wRp$Kj~NM31vknVq?3oso^)Wlry} zYS9tuKg`|YfK0!esKwtD!APBa+GBK0Vq?sU;GWEBK<<(Nr-6>OxM80fdL8<7OjXyJ zugnL(tCb1yi6X_|%5ZFox zok`O^k8daBdeh1;6N&+kF*4H$vuG82jyiuppD6xGfV!f z&zerHMBbHPohq3bcdqn?9=5J=me}816V3TlTyi@wTbz)%z~tOBFg}>aBzeY-vx|{% zb+je3D>%Uy^Z^xzCQOjT%nkE~aA)yq7CaZykPcONr@D>@0 z&DzEIwFo=TUNbQr;5J)9l0=iC;tg44RYW}*alae~UuGwgDocUcDpCs~8E8+3q9v4X z=huu%(y(x>C-1rU2EQK74wrA-W3{Q+xpgM4<h&jI*BE97G`gE;BE23=(icAfX4_}~5phAKMfNNz34sqt=# zW3AW)2B9fONbVxaY=9^NfBTz4gvS}^2*XK27{}omiSix$FJCsUGeA=)AfY4&gcFcg zl(TzRZi%Z~tZHIbHPlvaq|V}WJmwbkg}=Xe)$4|SeRU0 zcdcL|w!bb`ljIzk8?0)TBEuo+<4G0G%O=gHOuTGK702N3VoZUHH{kl+01PjV{{eyk zj3AqCY@8&3&`5dv=+hFD_#->gHkUJX`12hdDpnNQB`ME#!cBPeF^MBYyMkWrvf56*5zt<571&7kv5BtrD&-yA8$1A4*Dd!{mkxx%LEzoh``1noa16F`;*m zM)Jz>uF99tE*oxE{|XTuw|_A7U+QGEvj0{+EFl0rUx-TB-V_PSL(Firo`0e{GN%P(JmAlhD$J(qIi zwPw=gV0iZS@|$9j(jB$zG0CAgQ9~=cA4TWI@o45))oRl?QO+jV8);Y3XtFK@0iA&$ z;QSs0So}g#iM@Vyj&2cs)^bWvE?updrQ8P%qXLxNzU~a)<~>!C?~VjJmP2~WC@=56 z$u`&$t4n_wXZ^k{I1s4qh}WIPSoT_8z?4=7N`$cm{(Hl$@`At^DnS5Jp-h8mOPvUU zw5@gy-nZhkHCn)zFWPhz4BA4ol;5`)b;sr^An0yyOUzL#%vL>(S#c^eVAtK38yhMQ z%9Tu==I+H|X7zn=^QoABisRNm{@66?@U zz>F;W;I)erwfniZEqhXTsP4~>`2Y4|BAqvPfqClBC-RxkOM^Bw0wLW-%sQl%RIuA{ zx20sX>xEv+&ibqJ1koM7fAFfi*WK&x|IaZ?^xq|G#Sirs#yEl;DZXe0QBz*-a9k33 z&*K_SObxYlXch&(D4>`m14;>Hp!ZsBECm|)4<>`l&}2I*6*0_gHpJarIr_LY5`=A= z#{9strHw$e;7X`Wbym>OFQ8f*aX+K`jt#wQIMV?gMM}q^sWZkXj+`oiRVClJtK;Bn z0Mk@-x#wFQ=_QbAk=nLt)G6K6z{2uzy^Sjn9=OAxjZ~>*W9ySB39m_-WTAR?E4pAb z!%16C%fb&OMJ~x6Mpx^C*QG_uZB~SJ_3pOxR!n2mmAW+B>`KI-xYcDE%-8@?TM znYW&G=jnvP2xSA46)@cv$nMm%$k|vIh}V7oQ+57#GevQVDC_bxUKL0E`QPEI{k`J( z-^=H(om6@rXL&?gCMkj1MsWm1Y0J_eot%>o-lWxYQDr}HEP zFQ3al@$70o9^+4-6XbZM{hFz)M5|nLKf*o@&9+&5q}dj*g5sV#H8sI0yfEDs)LOub zvR2@esP^wR@*wqiqbz7^eOWm$#{PFI1BU#y_P-bCqxSvj@zJoU=i>;bOZU5~{GIl? zCVriL?gP2*9=}9iyX|4UuF-K5b7HV@!-viU7wzTOge_j$|?ba4S zg3cr+BWURb^&4!rZ<;zvU7%SyoB6t$WPw{pbJ}E9Ytzh%P#0@xaRuaWsqs!OxHUA{ zfwzW+9?P&G;6#EmfggaCB$_p~uoSnXv6W8QEvu>Gr`&a^9Hm}aZxRPD@3yO$*MfJJ zbjSWD>YV9~G<@v#p)=BQd$V+IKT5s4=xwvX>p_1DQ+d{HtxUrZXeqjCELW?}6zFmf# zHS5p@(mDiszldeoRIigCtm*D-PH^K=Yi z0Celb*DTBXXC2>8rT*Hn4#}&WNf%qWXI`P4=xAr{?StIqCEE=yf3)|8Gf3VY$c&W7 zwrw56#c@_cdrL^Q!`R2MrG{S}pvGZSRe2dZQ#q3?u_aWzhVj^9Kpp%G?gG?QUUZYF z3DlBXMHOI|*)Z~eT0v44Uzl7Lyqms`q%65#R8x6&CVIp8Ic9RCaG7Y%2Vy*%DQ)MYAfs26WhXCakV+JJ=o>7;u7W~eS5`C!6gwj@5U_&+yT7IBpOl_ zp@d@?Gc7;0>x^ob>TgIaO#OTT)B#&OjoU-}!84QT9%}5I#YkD4hDPv>p77Z!uS(ok zY493a>u>6+?X1fKe7Foc@a80wvg4=0J%^JR{Yo9Tikt{h|)B|2}rci8O zW|k;jllTU@-Z!*XlAl`Uw?@4H&ZV`#aZX)E^EWqc$(F6C{5)-1Ov``I4O`UE(}9>( z{7Cg{2Ga$sy}k{>-e~sEo1t4gE8S+kEY|&DyWF8JtiY+V(1f`RH_<1Kk_bg>VCz7G z66|f}DsoCM#MDC77CbdI9)-DjrdgJs%GPKjqH5$WE}s5+YZOg))Gs5JIKey`nb>7Z ziQ|a`ait(M%OiG+FC>t~x-D3#ssy@$Ym`KD_9hTu7~_8{0W_Sv%CiM7%gY)IxQZv% ztnztIm7C04ltW4kr(x&*GU;#h2P>x0m=v~8+Whqg7oWtX-3{@oIb+Qw!r z)uz?fedX3Hw4D7;n^ZMEL0?AR#WEi_MKZ`KRZ(gHhZAP<0IOS1pkbtzgWOcjcz2K{ zGM_!oO4nR@Tn>tT^J*yw?iIGBKvdoI@+-?enWZ?EX`_Gv3vj{-fPmp-5+g7}jKK*~ z$zelLa13$Ws6&h4iVXfAG(1nJA^VF7ZIZpK5=9q}jJU_%5yqtpoMXVP1->KsYlS+T zyc@ywgVy0wly{8Wm0)tcT7~Bh^C_8g>t(0hd7|LI2u?ufzmtwtG_WFWW@Sxfkg1mc zPJTH$eLuJYzZ{*O93NeuT%7m*I}r*etMrGIvKHz@$9U0+PGufSYw7&%2n6pWjDw-+A*_Lgexo3mj&XTPCs^~ z!lRk!M%GftBq(dWoHj^A0}TBIn0tF&*-M_LG|-k?P!kTeVwAXewk6L6s~i%0;N0yn zIoZ_o=ho-Xg$8{2vMm$VponG34s^fDB+b^zm&~!OVm|gs!f=GBPOJ(6o2u*0RK)~P z!5Ij()77smr!v8?z6S8MI?Hq$91Ltf#vs zONWsGK1DMfaQg=^Mez*CTnuqsislHud;#TbzQGh`p`wF;Ar9=mm0^W_-{%y+mSpyJ zcW3uE;;$Qq=q;ihUvbsi*PSSQt&wqknsT7^sN ztaVy=_tQ~fk6MmJPQ`zb%&{%6ZLVqP>8ZZe_^WUoN(G2(LEllV0#bV<9sCuflbh)X z%Kh!4?p&qON=s^S&9Z??kerl3Y^iRnqF+kl_Ub))EmssKPdiM&Ji))uk;w|8Q)Nqo zNQ`XlYK)9gv|vwGSyrA2|56dqC-a1>N#EP4)Gp>14y&{uKiHb^O4R#4NqMi}l-MD= z*k!4VW=@jU9CekKCU|M(Rl%v(`_<+AJd*O(AZ}NPTfvF}6rz8NDM@B1;oufhEaR|8 zNSNgeWXD=&EH&@&*6nB7O<>4ueZCP(HBs75U$FIeP!6Pg^XBAqupucaA)lJ0F(IOS5zcja%=(D(%2_5amd!PuPjJr3Ta+Lwoy4r&PQwHzgOJV~ zBxq&3qIzf(;4sky1qB^JB_6A!O`?I)vc@bgA$834=@r0(fY)!ZQ;(fu-=B16S~&3^f46HwZ%_xH`ux~(hq&(G-o@w%vgwA`>c`nm%rgcaka zJqV9alj(u}QPu(N8JoG0if%3+s8qU@HZfflyN-RQo2&BN=SFFmpk~_}{YLq%LX9?L_WU6w-&(aP@9wR^sh{fRwO~D#9h1*4-rb8OV))$4Ra4xb! z7@o=)CRGlFGAOxedP3s`-C`=y0z{chLo zgla`_O#;=**LrzjY5>0mL0aD4&jr0?^RLayc5t+_w6iKTrrbI$>=GLsD|@XrZJ8Tw z?AkUA`P%X8pPtnoM<%WO59kx8Fo-eZ-FrA&Ed@k<{)fH2{g;P@{1318p6@;7e|U^X zsv4Or%_s}m^T#q1x-epcAlUF^e{A%}bloj2t?{HZzNM#X{KpYY1GQRWt7?FT@xOm? z_`Ep&pC9Z$jsM4ZKKp$4@|8PG@h^zVlM!&czwr?#QBOODZ_E&f5#+G90i;(!uO`Es z_CiuC{LBTRSDlJED(wuMfHd(9VsuT}6%7ixs3DB?;jwiIpk^^A~1ozYRlQ^tb35u~eqj=(Y4_uNglK{|VqHvjLo!QAf)d`d90Mg4LXfZTQ^XV%0T@WZ z+yFpHXwTRA%M4acT_CgbYq0r?9yok%or0y5a1xTZ2i_kK+ZMg<4>bx-Z1~xz$QTYj zd!%TAR$6LhLD~1pQ#(Y?=4bto2!i0Nt2%jFxVV~oQdCchN-HWAiSJ2C{YjP7(~9d) z`m|gB;bfHsV8ikbt zst=psD2~Y;z{!Zr6B(e&qP{~qP3zPsYy4)tA5Da0V% zUiK_-r5L5(#AM%YZTw^utoc0AlEWVOBUpLa?3MhwRq}VF=qsKk{cqhDUfLb7QUAXv zp8p*@KYY^vkMdah->c$_m&{8kNUah}ISj6HIsHlZ|IgF?Uav!wrjt2#dRaodSwXM2 zA;{wUHUi2De&=qB4f;Ql_W))nS>+l?z5YMkfBx!u(f)sN@TC7AiFg@}UT2NQC5_&!(4S_THE%!a@J-%np%?@U0QPmyVEuwQ zPb0|D6{nD+$-O32|56+-xMBM1)p4r|^$aJM2uAl;C?rXwJGk)D$60SZ2cMa+G^Z_{ zBc5ed!H>YYhuu~kRI7xPMDEC2lV-@_Rw#!biwG?RQA2ELEJ`*kF&-O;uNaaQEhx}$ zMrMhZ?$jbJ!V4S8!i=b*9FE60!TjFpLj7hf zG-u#j5*#z+p(K+|Ar7_V=_*)WXOCD$omdZeg-b&lQp8m94?So*pkwTf3exxY>~SLn zmE$#2XF*(#wCbHIT#oX4^9bZ~mC0){jLRq^tG z7mwg6Od{7AAppB0ob0k`;cXCpD!lol;2{yFV3*HQ9X;o7pgR0v$+bc<9sLfr04GS)4PyYKB`~ku_2SEfn zpaX*O!H30Yca6OgGSAMck-O?veEHJzOdsWTkJ(#F<|+8{WkH&g$Vc*wMBwG#UY*2x zLZudD^-=n>Sp~Pj13DQZuRh*CC^xO#-CkN2BBL$pVy`LSXF}nz;y6~yiNd?Uj@MY| z@|mbQgnZhw2Co;8zBSPjR+TI+Ho3VaFc1qH@ z95lXQEy1jrQXBLd*lfFuv|)9{nHe6V@IH*uJ3>Ad znw))GOS=o0R^>qHB}#7nR>w~#*XKuPCpX7~pWeSMmV1BE?H#@yUR<2sWNAD4@2{>e&Tigc4KA;I&41%~ zq?<>1oc)aMFVVRCwe7)jMN*D#+1?k=M|9uI9ZD8yoJmdcJv1=$Unz-%XCYK*_fJRt zp9km1H|H0}18-X;#VV@g4`>JcfQ3CXPdJV%&AcyPK7SSk)iTd#zPDr@SU6=-yEN}YlO-f*dFfV4~JsP__~4M z1a)kbh7pSi`8ZD-d++A-;^OD`)spImS|gX90qG-|~MOW7%b(N8djNr;ol!ZPaCt|$KZ(-WUY$Lo#ex-QX*&*ZQ z+nfHy`T3wPy0Ut{YG!6kCRQY(MSJw^&AW@M>sp1=ii9jt{KEK$gG;$)zqz_Tx*nVj z&Z|v`R+J18Jtq;m;*cYGuCtJE#bk1d6Evh~j6XFrLQsEtaz3~jUJl-z{8xKfvQeyL zqZ$9N`Apa`{V9$kijoGh&)=U(tLdiy?&S3Na?reZs6ew0(kYTD(IZ=g>&d?yTn#RN z85}ncpJzU=cptiF%hNxDpN53Q4K$w}{nw57qb;Wm)OBz;6y0?OKegwulnY678x7S0 z-QvyoL4t|#7;&r)9(`y|@fcm>YNeC!B^Tgrq2EDguTyxv-HI=#CvOHf*C#a!vw&=+ z&XZ9}PNEo{;u)@7gc$-)PX_1LHz&tJwVs@vG%v;~(5yx7G6BfCse$@T*jn(o8QD^8 z@Ekih*Y4|MO*Ax6nD(NTZx*$b#iH~^;o7w@dralF=EwEvDkg{RXt&VpTH&GRq4WCm zN=~bT%NwcgFK_xM!*_Kn`*vif6pazR5|aS!<8)fH+V@b@A6#D7bY5$BEYCW@gYDws^0bX$E+TVAI& zH_E4YLKED^yRuCx+|TQwF3t5k`LIi*T7EB0p&zW5%0l=oU^^Vyq15ch@tLZabef#1 zGW@0Jtq$+j<*;yz62#b$l2JuPr^s@?3tK*iB?oTqrL^6CK%h_g&AGe>Jf6?0@0@9p zg%qdR#^df3!I)3wxnS3EkgoG0l84o&PBYfcxfUqb=wp~L4NeFBYp~w||JaSt?QSxU<3$G3rQ7*ym$)`a*FT;Z zhm_CLn$cvJSmRi-!G6CQ_R4O>n%UNjaP6LTm77{*PD8|sLa$%f1vbd*uI-M&gRX7O zeFIs#AVv*04eVv@N^5kSU>=RGl#JGX?4MOStLQji@|Ktu_nPKJB>aeIfD%scQ-Tv7 zC_LS0k*3sQmZ53El0GcZcEY^K5lM0Ed_whM~dRYN%CUiRdF1>CYnl~XDbm` z4{aeKYTFC7tj$_mb7tAPjfrS*4s}@kSLd@zgU|1p*9>G9INa)R9HDULSbRQ zWDTTeV3!IFqh>g3a$Ebv)-ZiJ* zw{o$maG_~Xy>MH@GM|k_+oXtDyj`v4$#(Nmiw3Rc+k`oql|t(W?VO#&leU<>gJyT; z5~%8FvbA8fVSXjuD=@yc#VwbQU+QbnQGtZ9g!P;*6jdA{(t`f^CSNnLKH9OFFO zmAB1})Af3}RNNYogFP;!@ z!5HFy%Bk+@@jMOl|FS8coTq91_x$Cn!u80XX-Y3mblz-E?(S;atGH&bS$krA&qi@%o7tf3O|K+QfPx}8c zo(eTCd;Lj|e^otR=`o;sXN^R90WU_ZJ)M;2AfrZLaTZ!-1J4JvK1PxFirNZ>xIw+{xo0 zAllikDR@pIG$fRF^vML$$@i}*9FKA6365*(drP`{(MPsS-P)G!Vxidjd?meMFJUq< zN3>O6ye-QX5kmhb&|&bR>JVR~r3DR|jW zFFA$64kgxItDt<3%RmsN{7FvI;&m&#ivOAwhjfCtx~EmT&*i&&Wpk@`gjoZpZJ%z} zib|pZ+6~#ZZl0U(UJm#w7rY3x^L+~u@Zq%Xc+}7OmU^I2lChfpp3gED0Za1(klt&s z#n9{)(LR}_kRs6e`+oP}Fxcyq(+@dke_|l#r+(Ypa;L@8|1O?v@xjuHvqmL&ySMuz z#NmE^glIzbD+|fLO3mF&D-$Js6YJD(c>Vc3?IW7iQcCeHj?n}~Js^Xp3ku_y+@Yv% ziK?-g`tL4&J>Mw!y9eM|=9vA=yio@s+0RtSDB~#M%Jr}xLp;mA8b`^zI3@o=AxDvT zGbN0lBYsEd$DBy<@?_X|Ukp!<^A}lO9z`Xc$EXLMU5d9y$^A1qC!gYE{;B%=JWXR6 zsSCz3NfL94p3NDT#TD69nfe>XLv)6d9@x+PK4l zFA3pqaE#bJ<7j4B@pL%3#;1DzH}7|sbNaNNruqNnelh?5{{G&<)BOJ!PholHxkI6@ z4fOr@e4M;T^##(&yAgE2Y!|#rD}b%Xv(y2(SR$pbZ6nk#lH5i3lRdG12UG9WBHyr( zP}B!0!aeXuu!i0FdZg_eRo9%b+>pZ8wKpbwfM%4HjBd;1W;%io(+&^L_Ko@4#!QR( zAARD27txZpKbrl24qp`fe+~{_?HxYN|Bvzb?tkQ>ZMt4acjaVl7h2C;U68n^N&9Ki zUS!fHw}?_KQy)Hnx_8DzEpcC4x3_s(=>I7pAK5Bb02}oGi^G@u#ruD+_Mh&5Jj%18 zrgmiGNkKm;=vE3kr6^#Wq+K@6)br;5l4T|(vw zLwrMl0>?5hCR1^$LnwaI^+x$gscBN1%K76%9}|iMV_jAJWo{gc=-jhn*`n6 zq!iB}y}zLdM)zCW;B&T9OA(*bwE(@oKuPtexKD$NQ7Q@e%Ml!-%Jp9K5ciZ zt4;~yqACif1pMHI4E_M{?jv~iSt=v&!~U0N+ntRJBu>Tzbjno)WbnUUgC8yj!?U+K z9me_K`qzugpKs2O&IUPEcntpePtZifT?m4^Z4jW}!2$T~H}KcLidq$zI|6m58aMdu zxBmn96eVu73fY!(bO$sn5Fsv46Lvt1;4MxjqLT3=>2|wrxN@h%_Oee%9V-;^{0cD_ z5XXc92oeh`Ct!p?c4^7MGsXq^06*Ah<;O1@dhDfya&UHW{Qh+Cx?^;KoJw>LD%N*? z`0QlO{n7!iUz^mpB~B^oe}ZfZR90Nf07(>uPE)-F$5x1UsT}q_kvQdtgTjX~Ry5}W z?M6lRxJekhxuY;m5jBHuNRd2IMaiwokT1AAg9)4nmQ!K|vlw-dQg{yn4jhU5JNUaj zqUI^%6v3GqQi>3F5Pi0*|8wuRFC9b76(^}hwxnf3VTi`_7zm}?EjCQ_lifqXzd`2* zSHOS!4gB$k>OJ?v>jfoWb<juDoxZSWPI7WV(jF+dvkfA$Xw_Wz5$C;yMf zdFuCn>SBOYlzQYiAWsX6r-j9u;(=6&{hvA}NDKWxL!9D}1xw!rYuf*L{_3!}|9^1! zbpHP+PhphnzP5wYEq+7H(&HN5lLG%1?vI(y)dTsAB$yN0HLl$2a4T;@v5=2>{hcy{ zYOQz5d_eyP+$k$`TlsET@#==RLfs`Pe}(+cN9)^CML>(+nyMKR?XKoDRQmk6h;1>( zHQ&9egjRo@%OynTx~U`OWVpTEd;zN-Lc8lv8b;OqrXmV;&q=@aUvhFG zI&5n-CMvEqwc&F+M&~z`^q1|%OHPd-8gDxJ$zSfq)1zD^%4hBG-eh0v)588=IR;>p z|L^`@G5+7HmrwEk9_OiXrTbQ60NN{trv=0R&>f$uSb(nlE)oy0sb*Ub)Ft8qHrMt~ zn6e8WFE-%Q9Qx;bTFn0|#{g`c{|}4zfA(JPJ;i@|l;?9p{J-qigT?@Sn$n-9bbl;B z`+i!Z^k|PM=7a*&Yv|t>%_y6d$~LF$d_4M3H%j3$1bRaimNq&{iGb>(BIXF2f+B)q zTA-GIFJ-N#n2X>0(`x>gdpyAu!6-&-aYLZV|KnwG{eN)q{N+>p-$!{?I^8o8@qHcd zJx$jSaF~>B{ko?n=OjT75va_)M#>>h5Umc^wNTKqN8XP9%HzMi{(rdj--}m8{l6!s zgeU#~2+#WB|30nZ9?Op-4}9tk1Y8xE(=Gl7c#7xyZA_QneiYBAh?L*lyuGfc{ro@E zzFdo&0S)v2;r?DR{^P;H-m9ni|1lnq|9{a3w86Kp!c|m@3r;58kWfUV_S`L+7#hfW zEsc=C7_ksFQJ&Q*$F(dQC)-cf$x2?P@iNpd;$s?@s9)H_w5<{G*k;6%EH7DSE7IKp z%_0q{IKr>M@-H%y@~HrsUv+M6{+f?;lD?el^;dDeE>P_xb8oMtP!gpCC%Gk?R=ZC& z5R4O!=qIcAj*@hx7 zj3wz&uP>1t8#tL*5KEs{+^uX)L4~0IxN>8uubK3r8%URLT4upql{KAMOEeI9Py;r)()&FP@ zAnSB$eaoIQ(1n&d-}EB#dp!4~D2;IlS=G6u{@y3^gc~=W=nN)sB17<-t8GI_VH~4a zu14gvf4;Vp_IVmXj;=U`98K=MS-UKP-O^=3ToKDCPm`v`kQi@>ICkf*e;)FZx zsVK6>)>RRax3#-^TT_Y&#r(b>L&l_oMD7?-{8V}Ct^}jxWU&B6ES#cf9wX{fRQ5Hr1$b{etjhr_Ia{qoLfK%D4Ahz zEV?p4(9sY(;19F^}^sJ zl=JtTRm80)bIw)QIT`ltQy9$q#@n`q9nWJ{?#5N1Hk6HE^0BKzovN*c- zr^?qi6yhjze=}u~W_w2tq~Sb{J%MB@U`VUh7e&TAqWfSH^{iK-O)`45j`WZI5mDt$!x&(h3u!97YJH|y9oct9sZUFJaj2&l=QTK$ax5 zgjXk*3v5)B8E90rjAtbN?+H3&iK?Cdq#{I7Md|+8_I5tUWhqocWJuUGK1P^=AayjM#k)*Kz?UyFS7)n&f|acb#w7gs|FQSy{cYn&qbNLo z>r>z;-KXu0MK4);#?NHVtJq4SUwhF=N_ysG`n4bulF+6IHUQdDw{t)H{b3`)O(Jc1 zQQz=9XW9`7psG+P6biKz3b!AXaC<5siS6Q{_lgR@X5gIQz^l>>wB|x^g?t9~L2C}b z#D9zB){+Wg(_sM&*^KaJ>Sv!Y{?`eK0;%!-Hv<6xUm%?_(4vpF$3BLvw=~pzw-hm% zERUtz#XlF`oGj~R?fXtf@`3c;P@NC!-23a8|2%`Y!8w`5C;@8qxUJDd;^6rvYIc zyQjoM#o#Zwna304E?ggdAmlQ$^5b`Fvxa3xE3+_HQjinqQX(OwXuwH$n2{6cOLC=? zJca6s;qqOpKvR`@DVwZ16J-Fp6TveB={{>yyKLR4-qsIx!60=&UIX=oO0ZVaOC4i9 zbeCPN8QN_3cOkc3OG_5@;RJ*vjO3BOykJ+-<9DgFDv8s`;TwR1LOGlFEh*{moi;D3 zzN)%jm2~z&JE05`KNZpMo!wMY!|CJ!$7Bw1aQG&1*|C35w?n~IvDTC-AC-}Gk|DH_ zkp^P!bY-dL1o})UA|*PJ+RbTr3=_DRkCm*@%{9BC$EtPC~X_ zBLz~Ak}K>XPq$lJR;V0KMXps088F^qznuJfrZ18|+JnK*=l$c0ciodt@w_z4EJHeP zpIrjb{26C^YUU6qGRLlluL!hvl+5$`g@WoQwCJNrk@gXLimtYrDn2;Vws>+dFWbJ=8L;tFQq6b#ifX{{G^_`9N&DB}`R(riGD*x#N@R2f}zz zcmuz5%%k(Ov(C}5dww>!)v!k-2voILR&(Uz?%=M2A7kdO9)F1+n(62S2dGEU1b?Xr z{7Lt$bJ6Q}-gW#~>rikF{Pb!f9Ll_k>I< zAkll@{&?IS3S{czV2yO=HEaQLanv5R?+DNlZI5tp^30L5jQ{MLvOETv@vQ z;-14Vws2Yv{Av5&w-tw(vDUR1glaPFqibBwe!4L1$3f?!_rBlxxqDWq3X}nEkFYMN z&7TQHPVgM_DhtSL%*ixdoODmS!#XIH4Zkk*ys^+X>mw(WT(P^~3Ay6I*M%B)!=Dfe zp^vW+>*m72OHmsh^)7zubb9TR?x)V+qI)*%^gp#v>L6A;^!*^_t=94jkUB2Y_NyQy zhP)SK3M^SwusJ&acvg$?3I<&lJ~BFTjsl*G^e@F`Fl-Myr(&-Y+RORJTBzj4TbtmU z&c?8h=Hv>!!#+=4>6N0=d;j5W`=Z}DJ^$1ZN6KNRUu)|r81&AHOy{iq_M~$$JSm4H zw*4&-Yl3D#id~s4N5f$XT$A1*N%)be#JIBb`U`cvmW>l(Dk!LF8WeBK{koP9ifyTsD7>|QjN zqqfvUtP-qOFb`|h>7gLY4%_dZw)_8)!#~Klr(&$*i!uX4v9V}^k?)llisU=xM`7Yg zrNi}7J+=3~-#+eKbpAc;oDI6?XLnqkQ8=a0Lu$@DUpNXFCPCFHkfL|k|2P<4v`@;_ zm1>}b(+^`fq!Ht7zbX@)ify=aEL6gG<(Cu9*p#SB4oJ_i=CXdpBoBJ+qkEodnL%JF zh1>n%S*L$-c7D9%5J+J#Mc_NM1HQxH@C}Fpj{VZhy{}*Y_@nTq?(5f>8lu`07Rd;e1fOsI6-jiK*hCiS8f2!W)`e$q@kkW?N`P8X(Mp3KpgiKG+6{@<# z^=a=mimDn;z9W!owIP9GEhP8A`HEH0@sK25MM!Ma>SOfB|b9U6ZI6pZyyZjyXMFrnG6u9Wz_j(l1MVs29MsE@`?0aX# zL+ogV+{;zAJF_=^=$;%a$&I4+2jrdNV5t$T2v@Z~b&lm# zNo`x$YEbSA>Eyz5g{`ar>Eyok4!Xz^NY-W!Tm-IG_{Gt^f^FgK!H>?Kv*+w*11+mD zB51jwIp~~pj)q{r`9p?@mc~oHWVzU1ta-86U4L6Do4-^B_I$3HiK-2H*F{omtGPuK zcVYXrg>Ns7u8!^E$pvo-do2Gz-q_Xars!~!&r2d(WEP^Gk)*&FSL0YyOcXm`$g201 zurLj(qhpz+rF~KSkK^s$88sYW?u`d7#UU4mz*V1=A*WVZOXfvk>eD4ydBnX$w1omr z7qUQ0OAS&FqgAk$9YRYXZmHwx?Eo)mdn>2Z3U?b8Clwm&E9K}hw;OkZxPl{*y?WP{ zRcI-=>rPOS?sZ1UC9A;X#qsLmVbNH9Q})RUBg-dCw%@0{D>cqtj9z~f7qVHBhc8{C z2~#ISy397+ebuK>kyQMZ|NAcj@7+*^rt-e z4`oVTI_f>l|HB)Ri$;FRGyf2l(Iq3^w^=k)rsS-cufxkEeoJOd8rZ*|K-k&B>T>(g+n=Nf?c7BTxU9^P6YVLrhHX^53LDo@i z{&I_zzS`nrU*};DxtTN0nv7O)*SD%Zrv!v08!B1h?gNih_qW0&mCLNm>{eNPtP~yb zAucUgm!0&@s7I%nvwZ`A%lC8zSL^z171pbRdOImVDq~&$F00l(mii%$6pO8E6;bQv0lEu*OO&f> zid6-qZf|0&%b<6;NUe5>dUxLJreVCxrK8*E>TUiiA=yx`D6JE=aaQAjK#EW&vlCdh)4$aMn8q4Q)^WEEmw2tv{%%}Xt5q%OK3DG)-5T_9yF_$@*#dy;3IP;*OM1Q5f&7X|_@ znKG8E9BLIEU)yA{6-7gfXR5X0=%LBsxV{WU)L>ZS76JpBQ=g2XpS)E6E;xNyv-OuX zKB@g{*X(O-ml7YzQ|cPV*xTFNd;RjI{O{i0UiQBS`v?1f*?)QP>c>|ve|)+3;xBvq zuU^0Y@h@O+4P&o-BE}*8%if*G$|AQRPi8sNF?6lUmX|p24nd#zr~yO#NiZ%6(%PQp ze;0;ujD1z@SoV@M(8`Z3(F-)G(z2M6{o_0xg`=xR@i)z^z*EKli)Dy<=P(Wf4=M-Z zWbwT;vLHhz)izz+zoLKwg%T>&VOhPJ6g08uE(9%CK>s!y-!f23O6V8CYe7pRUu`ab z$kGBVY+pg_3)KM}z5!bd&94wWBJ&VZ1e*WYcMe{)_L}+PsVR25jK(Nowe4*!tSv1t zJyI-)S(vKg+5#}dvPhM*=OL4ahiOZlWi|iY42fsli$daK7bEl86{2JLNyJd5rO@c& zeY91F|Ci0UTyB!G*6Z8OuGLxDv>xO@x~I+Q+jH;Fvi*OI0}lt&JF5XJ_W%9Y2M3w` z|Hp%aZ~Om)JXQDqw~80OsR7^AfOV(=#7Ek}%Th6K!4GD`J_L%{B0eJ&|1JS?F8{_H zOd2d2|B767er@UT2B`w;4PYDh)?KkZ&9hD)`3N%PoSB~=bptJv{~8~t@ww9$uuA^_ zxSx~%Kfc=gCjTGe$w-Y18|$4w=+m~~zuIpUE~7%xzIqjXlkAlwyLB0onI_x*SVR7o z`Tg7Vpb3iUZe+|$s>Ae=%)<0mxiS+kLFPI^@L_x}enjL#dJA2z`-Fn|B zlmFZ|SDWm<_5XtxKfccC|N95u2j8pp@P1= zMrERrj~NGB#`)#B^F0&)7pK3qhsa}-26#K^=T5yOq>kxAxt_2Ao(9M}LX=yd1=zQc z5|buoxP0rEeh-CPzU2huQoh9X$Ix{9n-1_NI^FR_hz`MJG)6Q)9En4i*iRaUPh25a zRP@YuE_5Ut-hlDzmnd-4Qz~5t;!i1G^{ot1GvEG%7KNXFGgewpdjEH3$e-hBKqy+{ z7%TSwy;u9MGW-9_gS{8u_Wy@?o`D|ZVy~8EtJTyi&z^CFeGdmy5JLA7P7!k&&%kho z8DLQ;1LpvnA>Rj6pNzpAa(9M<=?rJz^9`D@GxZ!XNvi*{9grr!x{fh zcjf<@A7;~C@jvFD>?+tzIvPXwG77;2`-nB3JM21aJa@+Mvhm#E^RV&!|7kn}pCH8~ zVxW86VGSpwchz^4{JM$aB)$Ioo%Zo*$C-O;9b@VGfAMmE|Hth8|BDwd zUVmHv5Apotf3;dI0K>4QQxhnD82sx5d}xDK>z|Frv&@fL9(Z890B==rO`{_Rxt3u1Y)0D zAqq%P00nazjnC&-LVZTpfK1W|{jxRVJY!K{cV4j9f5pooRYl>(8+9f3It1nkHIIFJ+}lL?}tFVQc#4pdJ(-GNKy zAq+5LQksH@iFV?nIq(Q#((@0`Lw^BaumEr}!9G?rB2=h6gfdw%%*n(WrJlyKXJB~p zKgaz>V>BAMBw)lxjqiX^4Fuf@fSw0*R249!b7zop=IEb=`e*{LOj8^%4t*cY7cG5u z0r}9Z)(nbK8v=-Kz$x(}Ss+j|*yj((pC|J*#e5cx?YIp3D@$MXo zZg!8(&xZZ(+mFNU*?VX1ZHw*%s^CasAy_}fvW}*Q{6=9qgA9xj3V?^MkWWIvK#(C% ztccHfLRW#1Q-lnJ`5p|3#}U_yTd*$^#BgUYm?EiBOe08Pz!3s7Je>ikoG`GD`2w)W zodL)W8;urdg8*Fv4~0Hi2o~J|`m_sX@Cqr+pywe^bgDiBpL_EB*y?r@Y}Ap`2@v0% zBM-xCe2I6(N#%_pvjhU-p;(AHjTY#m(1)&| z=qOM6kz&$a&Dw>fdSwIHvZPfl{8D#|sIhK#@g) z;b%yk^JTVwN_?#}+P_MiFauFAL(u25h0|zg(WqF50T%{fjD#T5YT#$F#$Xt-1hh;2 zi{qiI-EB$EgiR!3YTJ3wJa?|*HyR0l7d z1848AS`JAWBIZJ%C%bMm^sm|N>_b~gJGC|>P7oM*C(SIQL;#KsA6v$L3~(WKLjof6 zYS%+P;%dfi;H_yW#6vf0wZe!_kp+_)z3q8eEFtLoiyeR`U}Ssg8jmTJ9cm=_h#@Z4 z;OG*eaI^y!Bm!(kB408q`gl^X3imnb0l~`{PP)jFI{XwX#IQxq)~18a|4c% z3KbCx|301@AgwRprf~yWD<4qhqdPrj1PRbcxhAX3U41mgjMK#^1HY#2vCQ445`h7# zzg-W7M$P63^P;{t^G$u-+9RNrvtPkT27=8XF1CaIwKk^}CqwMDz zpn>&`+9KjW5}+bUw%GQ%D3p!_lUb8S@#mKCGB3fF*oG(;;(k=rxDI4105ZX5g#ekC zWdOyE*9ef=lM4ZgH|!FC;>K$Ph^8uejnV+Amn&y3)5i+vDgo4sC$0#fRWqkPt2%#` z06LB*t_Yx2GneV(ZUC8JCnb>tKyrT}6JXvL3B-v!#$}XGLl;&CZDxS&LV$b^hRzrV zUU)sq!GChx?g8<#c&hBSYm-B=(=2Vw=M^XnOds=>ZK)P2B6{vR@8hQ02NJI3{ZB)*7hU-Da}nAY%6MR_ph%3OJ}ow zS)#q&zs^=Xiked^P-2wE;au~OeIB|}U#^i-YBtl98i_??h99LqA8=_A<3!9j$5O*L z%nk~@$r8WOt!pgKK@iJWW^G7IPGQ?CfHECs0keS;-&6-^O_Y*X-x;W?0u{Hf1^trB^y$^AuHL1&#go<>aX?K{OKq`e+|uR%NRhN*ii0Hf5Jld$13FjGk03{$GOnZv zdILs(d@TdYy1gD{fU=#s)(%-2P_}X2eBx+85j*FGxidlCQ~pSaK;DWGKjn`3#9 z&xnM!JP*kYnNtXea-z1(Z_>D7FRU$8Opx*o$ef-slqyaHCDf>n{1YS}fI0CH*b*}r zQZhyi$b~-^-!K)D4g*huX);!s5A-7OP>@p;WU0( zWw@$8eHADL=~S`0n7%2ySBOf0QaiP!%Stxsn^Qqeo6EAXA7XcZxF@eiq~2Dt2-VRD zHv3tQk6IgcIvAO4o)#LdN@k;kgV%4;dXPtm3TXm!Fv+7|My`-B%t-};tt6M}>Avt= z^K-NGZl#!998N1RmhOHjxj3BOGk$A+Zop{&rSsC+Yk6plVbI#&Z_yXA&Rj^Yr1ZmG zxl8l}LRCd#Bc2;D>Q2rG?@`21z_TXeQgY?(+a=u(LgeDf0_YMt>$iG8=#$qnQf~{% z<)Lv@aXBXB!V@6d0iR5nxmy||liX^ZINjruS6@?aGvxAf2e*~opJWeoLXRA9$k8P7 z2Z(15Mz=ZvKirc)tfk&&$Q2SVf7D&x{VH;Ska%okXjYG0b`|nU6uSXu(R_@kICtvC z){)Zz9~qL)VV(y9`Jn?oz$+X~!HeX3teni|IKcC0F1=6?2fsyxMsww+5K=NH(qsvx z--&ivaMnsHh0o|kIpSGzMWF{d8gL3Znl2o^2uoIR(tR(fvBNY^F~kAWeE`wN+OfK~ z=LU@WL^>mUl%&X9FK5VAT5hO}Xz9B}Lf2@jew611j9$HbaZrM8mRvK!c-zO2p^DN= z9I<2TKuA0wdH_&$v0h9bs{^11P7QeLkmPE8w`bxiq^mBNo5SkSib_O4DkE?v)~!^mEOSO6pykL$7+=RY0yww9Jf?Czm{S zf=jdz+PRDot4^!Of9^~!HO-aOREu1yRZOuO?De=$J-sV|zH;}5x&^v|^jF8z;FdRB zkMY#o83lg~bV}o@N9>rT*q?x6^~lAEk7#A3OLjj@n*2G)Rbw%75)z+G7lV)@=pB)O zaSCxzZiE)(QcZwr1FS}pd{VneNXFDx(4~YiupkkQV+Y}!1XCFm6H(Oiq(?;7QkHcH zd0cXZ6cbrP+J}stS#H+l-S>zGOfw*}hp!)rhkNSnjLe-OFY*zsLMqk0HUL6j=9l3J z#C_}l*9pn>!Zor7ssBB?XAlHP+t>C5hM%z;p<7kHGHnp@^~iSr>Qd zDyjmxcd-;2{Tazs!}uKgu2%0p4iGTek&|U-{A#x%CKL#D!x}LhOm&qt<)?GIaK`(2 zYFZ?WS8es~myk;qoZTQ=)h3sZC&*p6KKek&Wwon~6T6AfOBvz-CiflbI-QW4BHdc& zmvLbXagKv216LS=erGTQ?OykRPm2bhIu;4(Uf&6>K0#WI%ZzKjRi{t6=%e5YQ=*R5 zSCC?%ZEV14vL1KY4?kH?sa{}KLf39M=o6sy5eH& zND}Fa))_aiJ4IJK%5#gw_{pmFzuMkqlS|dW&k`-(Djje}=v;>VB^hEysVRDFGfz$5 z)By9NSh=huyA-)ZLpyk9Q@N}jxlE1u8aF|TT)N@LQ>-4j;>bnE$8)@TErJ`9piT!o zs%G(ddqWP^$y3)i)sV{+I9<6jDsst>k!KNZGbvV&Tt2=+0b;C2$r!CLr0VXqy(`u7 zeo%Rcr=CS3O)eq7G4zj-4;Ll&`Ww(y9|2E%1(>$n3*Op93f_Rxi@jTNSGek8LtdQ8 zk2ao8`jO_rTat_8IU*5XMz0$%R3H6G=yd}|ud4gir^%%+l!r5l*o^o^LhJ^-Qy&3t zzS?Ml-GI^S+mee#vb6Yeat+i+e;#s`8R`oa3FzTETVuR4rd!?*E)Ve3+Zi+DTD>(c z+Zi{Jg7suqhFq(+#=@O(6X~R%dOKr=T&uUn;+=7G>2)XWTD>)v?TnjBuzEXVhFq(+ z#;2aeV9KJa*;r{1+}id+?rj7xXMO{8Ew*_9$!g(G9}&bWzm z(oemeF-5KlN5+z!adYW)2kxqHWGvkoHXjwCerIRMj$C>jZX&U22N!!| zUFf#rO`{22$B2RJ8R9cU0VhCLONTP1!^4b5Dmmde@}}r1JCWB6UH8V$90zSx%Ew<# zv>R}$Q?aO=EnpXfh`K1?a4J)N%P=ZFgWQDwQzWyWn%Isf7V%$C)Jt-~FCPO~kzhCA z6n?2jt~p$QF#>bwArK`4tRLmOJoP+qvIQzCbYE1#Vsjsh97U$~EO%wfXH@9EsJ_PL zKJ~aOTil~U_eIq|HutIP4p&sGVQKe8+@&0x@2yP0JwA0K&eWg1s*AFiT*jTmk^@4n zDQEFfA|SD<__$15Jn&On)Ei2@!xi)h9ks!Uxo_e`c@WxE)XXKFy(id5vL+gWp4>Pg zQ=C}f&$@0>RC(%=E3V-qh&HJ}umW<$H2`&49N&~z8HI7D7Qsfz_HqR&dwwYXpIp6V zP$a>&E{Zd_JA=EsySq0G?(XjH?(XjH4ud-k4uiW7?(ll=^KRS|_fJJuWp-9ZS4UT_ z^~o|E5WR20(I6e+(*g%{xt6V0Tfh*~h+s%*@IP0asg4!j zeM-)n0f>E4_lR}%h^bs?KCl*(5urG%F`ISL)e|2R!E!wrk0y88KdipE11#2;E@D_i z;}$}cN=y)5=uwAP$)zpPPeJ7{mO2j95VXgS;2y}uKt<&uxG+f$O@A(4B+_c%)q-`> zrJb8w{kGk82A81N^jg?dQP#huQWL9_7l7L`Gv}-GL#H8GHG_G6aK^jlAznmt39TA` z!xJUVmkVUX4Xizw-Hg9+7ka+jdPU^oC3K7D;oUuP`>yeR@`HAH`@H``w8(dP8~W+6 zbb|<5Sm3;I*6$CNSioseLR2SQM+zX(-XW@MShjXLOWJhvwDnblX>%~JBhCjAP7`$H zcYwI|ElIRXDp*rwtXT)#|V$DB>_e_mRZCg zhR+md7&Mv!?a~PSA36%L_<*R6@-uTMaQCA$tYp6-x!Pe>hMM}5AxBSXeY_(XV%vkb zGZdHa#OSJS$+w$U z1(x=vSXHh;pyMnkA3sXAgo6$UaWtEcCEcX&q(#x1qD~{lisaff2-*tM*=wQy@)l7~ zFH$*_NtR5ISf2t`95zqOe54k9q(jwo`YDX~X{y!@N@)VC^O)JGHV?5e4BXI-o2Z1@ zGj}d+@Qe&n8^J52Z+&lpe8!q4?LstUDk1Fi^x+x0r_CW?6U$7Y>ZMQCq2U)0h@*X& zrZykVmqZ#>HMMmnr5+9ia=k~`UBmRc3bt#;2xP+6KDeW*DUnU5Q}e)-raE#VagJjH zohhVaMo8|w&|e|EC_UteM`UmI?FWQ7Q259;Kz7)`v{};iq6?8#GMlHzVgzl;0o-)* z|f)^wQ@CpLluJF?PH~CI|)b5512yaw-?yP)YR2kPHcL@lCpY-xCBXlYt3!@6X-4Q$v z6;_JeMfHGv$(h&bGX!&)Dve^5T+4=QLOrp1!Q<%?=Tu%)#0Oaf_9TLI5*ML&+K%&> zSta|hxVn^c7ww@KA2&!|tKDbdD!cBT8dSUlAK-C_Cbp zpNCbFAaGGViaK{gLhT|9mMwnb{(kvn6!xT1Ud20Ff0z3D<0dkI;rcJL-)cL zC@6PAOj(dU33Z;oo5vn1XzkxA@+ZV7z>?_OAr)}5p3Ad<5m|pQbdU*T`9JZg)0J9G z-XANP6b2RPd`zKRUs^q1t$yX}=7fp2r6!S0{vr*N$=Tu)V3?Z7kM{5nV%%+jQq_!w zB^G7=B*uGy5?ZEE!M?bhCCArfd6Ej}TSirZ$*74eVO}zp)HmWZWWE!TH6otBOfLb( zO)W3XU7~*6&!E^`#GSVMVcuOkKxtqezk8Sxl&a&jX-g2jzwVQI!OG@AuHvd|0ZkPW zhm;{raBOJ!3*TygFGFWb%d{q7JBDfdiP;2jqDW=xC|s4`@duAkXnDjIw0BEYxaF61 zy_O!)g_?y)DWLn$bTnpuAisT44>xqjekVCtH2GRK8Wl$hKo)IG@B{+%5Wt(UK<5u&)Q&E6>oS7s$=oDdiQqzIj-5oT_#{LocF-(ThNj ztCz}6*gXFHS=2ru-bq^kJhspllq=={is0n(hj5zi;)XjxxEHXupee`;(9Mu0a-KJY zg}7=6=*`!;MfX87*!r=^(gK^_xMZ0NGZ^E1#@94Ub1?WxocqSj1~9I!5dr}PHEpe@ zZ;&mpR#kKH@DuOg`J}kxASR39>fKo}XkP0*iqFyrlQIunMb7wA+g^%=(O%V74imPz z>PfJVr5v|H0SV>sS6#diWkv1MWKSVuV(}rvl#3%o=;41zQJEBo^_sr70t)TG)bI@0 zlQ=9oiExHgOGlX=FAqvLMtCjIM=wAO&Zk-23a{WeRAa5 zFy>uWO%P6d`ZVs6yfD=!PeFAP8#teIoX#6wW~Gkb(to3Qq6VQ$N?kRCu0{&%^(T4qpTJYY~wlt5WNnc#63L5EK z5tFtKpM>(D6_R6v0H4FVCU~+=fw_H4$L)ntm5YVR>z|WJS4pNDrx$vDI5ILp2-%;Mvwn06 zsG!hOm-|3Lu89Tq?3j-96GHa_Bs{Y2EGmh3j3+YfJnKDDf|^vE%;vS}dD5k4fzyIH z|Mvur{N!NT#P>lxde&&-mFi_#(!TYSE;%PYz~H|ZStee&PHU5Lrk&EN(aZDJv})3x zBZgFz)CnR~P60~X=`#N_S=oGbffJ_e>{#XmERQ*CFD#9D9nS;q|S z)lJkk%>?y)_CZ0djHP-7FyF4QNFMAa98nPshFC5Y+UCh4A!RI?IIUv(LAip}{>$;{ z_}|nRh`Jb)v}g}%FSkxaX0|9&AQg^5?rCjTUyKNn6WcDj6I(52yPbf#f*;GA*{LYj z#J&-K;9n0=Fc$RKC5|u>7x6J_%&?3zHyAD<^|wt;tMpY zO3)u(19gJA;ZZ{&%XHmG&nvo_*sB;CZ?f0=Kz#Rj2ck`WLXL2|i`Zj0Pg3>ZmO3Y| zTTi|8j?ra%gG-=(kSD43)hnNKL~k3Xb=Hz-sd;*X?sdbGUkfWIdY?Ji=uEq;mAa%S zy?WOgJp^I0uoMime)!GHo?P;Y`$(w&jF5A%vY;czYK-$io1Sw^ygBLt#}AK;h$ zJxI?3cuYnNq4${CgDZp8tHpd??30$60*d2mD@P3D+-=L=JG_E|ou@giJ9#b)3bQ-< z___JHu5n>o_sxS{Q$}j@T2|;9%?q+l0VAd>HVl_fAP;;rY>Qwqf;mWG=2wfex(l^V zp(17cVsjDU`#t+p3u>p8MUO%E`|!s!$@nhjyDzm)nk<8FUqwGA^#02#{M(5Qzd1B( zd1CVmYs;!xqZK6K?EYt=Gj=)VKgcG~ayU&es!aO8!T&{-C4AJPiAcjeDv-;kbY!Mt z)~^bdbS!76JV|ltiaKWTeuaN05XW$mGynN1O5>6&duSQCaqi|yA&9I(f*2OTT`&b| z2J%LSsOm^6b936GX81&v)Zmdia)Q9sY=o_5tnJ0Kdx8Tya1)XAGoWugxE}E0af$Y< z;*XY40JzJgA&^-hi<}7rO>l-hj+)D%fiB|y_!FH>1t87L==FS45~COh-RDaWLWY)E zsz@sLVmKJ_-1vG9eK~llZkpUc6U|?#uu+TB^TX1K+g=F2o@f-iYtuFcJShBwKyU=4 zY86mcuTUJBEed?iYlT@Z{ev*5i@)hIlEK|fzV4nKY0$P+tfAxX&Wl%1gVPGk!@?Sa zn4dNU<$;H;lOaDB9UZh!ToW?JSM17d-V=ZRbs4+0czsvf0PCgBULvFV%kZhhW|~p_ zCyv?C5C>q@_|k}>mMwN!0iF`V%f1lF^zj6?jI5B&x>bwKcEnbLUH4g4n!4G67s;>8 zBUJhy6xkuN2sy}V5ki1h+^7XqJ(DLz|wp%$%CCL7l~WC_aVf^@`~QpB;@+v zyZA6$$OjH?EFVbGUEf1HjdF5o9p}8R3{c<@-!LIAeTGG`w(LHs9UisNry*)14 z`Ct^v8|45K+@9r=UQ*9ZaO^uu`ml1)J2hBmT7-7+xFydqeGt?axL`r>-r2JaR5uMV zdsWp|jkOg{?pCjn*7nNEdFz7q$jT|}0{5jlE`QG5icc|$26X;Zd0jL5s&v`UIO;`K z%URkI&VFOedpT$J=04~l@@~VP$I2Q7ues_#W0^c{(liPn%W=UpBolSVXlS|F^iN`O?lWvWwlUN^=8J;#gd)^ zF~5^xVxG_?azk!NKd8<_@~lbtNkL{Sz$G3>)tZLm#27g3P8YijaC`cL0zTRWdaNo_ zlu+q$D@DGrLTdC=w2p;*^>-rbZ+Ecc?rkc}_7j!f^Q}U+5j2`#iKxe|Q)+yL8|c&) z=w~2D=bYC9P;EEAT^ijZ^4ZEIca9+acYKY$U*vK!ddugV^M15+< zH3Tjd9K3h?O-Z3PmP};AJ?WxVatfYkTW!+;J!W3%oaPs~8VnZDU^OHsfsG6WAE#a@ z&VG!HHRq&3lTL|B#_O7rMI5%2Acq^A1S7c?D*E3L4Dz$7GNYxc!5gm~av2s-{qI9! zcs;Ppkz9#!td<60hp3Q7?g^Iq*vR>o(AoI@6ZRttrlkfPTsV@8u7*W(tLIC`*SmlxcFaRRVCM{p4uVjO>Y{h%Dy2g zzuXY$uE4ig9AcxCboJn>Nvh&iFfX8Do^n3<&370g9yx>MK&z%Mi~wSf$}%RYOQS6I z(aQAoiH{+ZMi>L?83>a-GsRs!dMju&i2x97Qy3j`(3PkhjrcBbK!ss9#Ig=aX%M{3 z)Pnaw3p+V=YLpW2MSTKubU+n(! zhbIDulK_V^0M{oA9G(PRAFWvGUui`uT@`}NbL&O#99_n~GSKwDu{s&E_I7RX} ztywEc{|u&7ZIaY^N|Sz~6*vv;|4fr|>MH{9bXNSisS@hct5_joe_a`Se)k91)UpS) zNmXVqtp^se*7D>xt%>Mj)g(CmYM2_};89_3=<3CIu7(2OWan!~h;tmxc#iPm#KlQ4#FB0K(PVHBC1C!CtZvJ2`M>2`m& z5J@214YI9TdbeQK^#)G*SX71JfU0&V7yVz8r0ct{JPB0(Cspuenvs=!CErKjBd=ek z30=)ss{Kz}c9%wcEnjI1*gm)8C?^}pnQw}Q=UaG&z%ht_0f$?6gODRv1gj7SrU`ikud?RBU-xgsOZH=*%_nHZP38&r=~rc~_h~ zHAjKRonpwHq^MNNQ2x0Q9c^$1%aApUFcR*;V1^ila~|IWMXN|kjVtt~?o+h53x2hr zPo!;^1Q-_7noZ=!9?LSV##Ev#o3*Y@-3TQYfri90s2I_m^zYKd2~3{@> z7jAK*SJ{4?v)~r1V?Te!yc2BofmfkVXbugsjSOVIHuX8Vh(VZv0BWv#SIWO8MhmL^ zuFFwo3$xzOZ;|`>t5{Kyy^=H=A_W^Bd0_sc=pgVbii=V&#DFo9y%5vvZR>@;q{fg_ zWVU9-PN=e1xHe#gtF2%#9gAQLA^~WU^e3=SbJ~eCEiT}8v|HCJI;s?hT?BA^Q0ZY(MVG74N(Kok{y6JPc^DDfM7d0q*8vdVA6vc zd7dV8(X~lv{A{@tzIPNo+T)`Qph7&a1Q$bHFoxVX{cc->fBmxHMmF8!SPpD3wgsZ~ z{?ae9ILM}fOu!4p29v?6>R`&~MNZwjDR;I-5D`a)Pyi}J5oDWrN%Hn)av?e-kdE97 z|4!T%)CiK*k4^3)MsSgdCxRk));KV%W#sc`EDCLk0}ZK{_h>Wv3r(Pv+u;=K+pi|? z1W^Ou4k%m~!O#1S4i;`|BmQg?l4i4;P()a;ud?6#<{ zyIx^n$P-%F1bO3^9)CF&WvOY^+JG48%xK7$*%LJ$36-y~LZo?}n*viZHTV)76PEpO zKe@5x4}0n2xfy|=yy+Nkf{qGmQ+L0We>YUV+F9A`BTV~4+KQP$r}j5+NlHhSDQ&JP zq9)mVb}-6?5HpKZz6x08+>gO@)nJ{xvZjR7L)|0h8G+RpC*61Vt%;{^v+yo`AtB-| zaliB>!ro`1l>`^H`7MF6awcINjQ&KhnA&M9YV$<;sc2*9nAw({-#?IHCES9}OEK?a zSfya+8;l$owi3x_t_Md*Ro!TzPc@g5n5l(S1*k8i%c(GZ)a_1kWoeXJ9nR&E+{2rh zLNzh`BZJ~fx(C+oVg{1gnvK%-Cf-5VF0Pd3m92eQx zSqh#SDIiZ-%(H{yOeShICu=1(eO7MiiceX}qk`h(6zEc0G;=v1S_)}0oyKg=aTFuz z3eYE))dEX63rKIY0A;2MC9Dvl2DC&j4D4GaUr`0`5kPW$Lfn#i_nnv3`VuSIoZWv} z2lW-lR5!o5$yH2Cmn=gsKEw9dSD|d$ppxicU!4&>bo?1P_)GZV2>=Ilw7I% zhXsi{B@H9se95`Z%(}G1`;3HaAt@j&FzT_ZiwVdz*3cx=AOnt`bs*n=>w+$S&up|# z@%(|h<^@s3ng_YH7GZRisf(KUdjRk^Ywu(A;V9@dX}1(Aoxiq_ZXLeG$4}mcw$p)` zHUg3WG!rlEq>ou8FG-@JKmU zYuQtxV3Ek2sHKyr0McOrP>Bc4pleB1Gu2p|7*tl^Ri7)-EPSJ9_^#H*>M0=gdlR=7 z#fI=PO%ke3&&7y~D(dZ8@Qx0VnD!+NUp;8wuTwvScw$Se5hxAVM89;@p+fouod$SC zK;OVl3gg{yV;3wAlLAl(+55ns(hd47ln+VAkzedZ2TCR6Qn<#*j(yS0PXUC-@prX2 z=%nnpLpWd#a&^cK6Fxu|k(9D)A(}gh8H-T_1y8AqA5JEcghKJHqJx{jC4P`I;O+-2 z5u>pyB7Z(zLOXcFhr1BjJUpEGftU}r90t-L(}U~T6k$dqaR<65)h_m%4RnJPzJjJs zUuvW;rNYnNV#-7CyAwq04c}(98@F;0g<&-srV+9$5Tw@#TIHV<;rgb11_ss7k+#*f zUOh@ZjE)#f#TBJIU>P?c;vHa1qbN_FaL__4o+B};N+fu{Wj)wrCO>mS6s_X|rk4y~$Q^e@NypL8T z0%5KV>dU*+Y|y>HXF|6Ihomct2!xEZ83iX0w(_;;OI_z79;;JByd_)c;L3rmP%AW5 zZJKL3uY^mMIH)BFXoAh+4r+pEH_}=UettjSvZ8q1F8%czp^ijQ2tBSbzH?XEQr&5Z&o5;FeS_q&A$BwYNFxim1kxq3S&rmT ze;Jue)<=q0J;PI+YfUEYuDEKG>>2J}p=OYao{rE(=6Ns*TXV(PBEVbB^&)YaZmI>G#_-nB(i$8nNtz?3z3gjuvE+5a`?nU6nG64Fkn4^c=?;`;{{rbCf$bQ2iOacw2~`Ci1|Z zG>C`?vNn%TBTY>&5I%r5to#;s_R?U;mcV`Iz$OS$ZlQ2W@|C%_1E3!g<)%|WDnO?B zN!};NB}XASwJ(NE>ji6Nowi81Vp7O~OaJe~)27e+>qAM?`O(fK4nd>@52KOXmuF$DVGgNR8u%p_XW4tZ1Cr z&>Ca90WpTq?G}<;n#(cBWY9Q^S+G+Bc^~Je4ezcXSya7A!GcG~i%Y8Qh>z9insNt* z)yhFAcMzPHw6%4+J2swfbb}&Y6K!Im?k z>|WCJ+LK=_wqj>$g0vp9Dn9+sdfZqJS(Baz4@?%P>~_EZt%u!W8ikV#OUBT5;KBlazFQu3ZR&#{1q@3B?x4>HTy6NHaqm{n!i8 z`95gW`4m3`>Ob5K7&VA5LUjwNyX4ZBFhL@-lwRR{@-Uwx&sUB7jiI}aB{GO``y#jU zHEGvtH2yj=a?VmjpP_L!?uE+Q^S)m{Cuq1G@w#0U*6074W2vPM zMQ+y81SFqT8|KQURp=F`tx$e|4l=UO%6pe^ zf7|&v=PP=;)RX4?Qg#Mqe^``KKP8Azzr%Lqe$2@)Y@bEuMM}L*k}ms3m7l{Y&kXks zSS;vI8}?f?S@`vBfbt^0DC&&uAz!+lTgd1G{bE9+E>suRT-NPc0&_G|(53;qy#B)d zyiwj3BAS;aF+%ePTa1gR1r`hxzr&C0VpNJ34cxhL2o_~T2b*RNl!J6NP&0SZt`Mdq zlv#YwN5-^Ox4{~(Z<=v2dL5hMJIeZA#yHXi#6>=Q3RzO|%^E}+h6@>Nrkza^*0SujbgpJvFI+j{=s&7^;iviH z@rk)o(is<$JZ=nM?jN}NfRfD(l8vD!ms-OcW!@jvZi$iNuzkwOZ5$0v)7;PJEZ5f{(knBwPGJ3WQ(0GV(b-X6Z zDV+s#@sp&ec@E!^b0!+n6%%p_+DJ7P>aO2pEHBK(Kc<8-U$SH&iC|r|k=1i>m)H_r z8dZ~z$>82A7EY^v;45w`>WG@=uT=GnJgnFpQd2CbvzxHL!%cuY8WiTpCG?67LrAk~ zy;@1-E**^-v8a}%wgnXhaBi9QoWb;MW2j;Abm1(_SD}-TkIjct&VCYb#=GU`pyB`ECfCRya+my-m2SzVJj+h&dv|uY2m6nV$ zP8t1M3|4+%dd zZlSF(!=LCom)u9qQW6;(7V7#3jqS3Vfr*&Q*Y5i|m!ocnU6=RyhemX^_s9!1*on$}f)d>-b9H*A?6JGa(S|&Pv?u>tHzloAg6%fs}P){3$ zMf+mD$kD-J{Hwh-djMl@VhFjbQy8qoS!3~UvZ%qkkyUmeO4koanUL{59A`tJ4ibW@ zOT3xdBo^T}oq70SP*NegxMeC-*F2VmbQNO^jsm85<9C-)avi#ysEN1IVjZX%-&kyr z$Un;xvj#o<0#t%w?nOA>e&ay}`j(po2Uj7$3i5{G%YeslZtFve?zNK-mG`B_ECRgc zkY~msHds=lC#=ubhXQ3$QaBUE^-!YDxx-=8$LG!0(Pbq;krXM`VtuXy+$OaU>t=k; zaa)?~WtEk!jNHDFr^_ie^0XfT%P_y5T=Vo)4!XmlbMZrNW7BjWRHzcX@Zwj4)NZfF z`CEOKV}C^3tMXmQNEGk9yP!)ZF%{FSxq;S_Fb|{kZVu74F>e~$oDIn-6Y0?83ARzR zCoirOVIWe}$0Ve$t<-L!`s!1P4~bZyoO?;+RhNQ`IL!>^aJgVWo$FY{8}sO+rb|?q z6q+`=@XUoR(HAJ9JYY&YC=U9jG4xn72%#T&4ZjD1R_I!?+hY%9`nsUbuSrra4hwvI zyzhLw8C*uviM5h_Vs5$(@Zx)TD*oW2K$!zEthj&u(^c7&OOq6Aco!NR`4F(?D!p5j z&>W);ZUV0utS;4~F2vXJJ{_|X6u24$I!1pVt&|E^_xmz9w3DqwDuJ9m$!P&L66>J3 z_{$WjFb)wc0ph}B=8Si2&hZP4C4ckRs%&DB7M>5Y(dH_~u^bb5)AczR_b+?%>`|hE_0M`(S-Z3|`2t@f5FPx>@(>m;7a*4@KUnyp&S zvru^5iI?tyUgwPRz0+L)yYI#w3aj_Y;NQLH_e**chvmSI&$YW(`OP~}lw_QhjYJF{ z^E6h(e2^ijV=pVy7NH8HZ}NXpPI+Ez{ilD5 z4z1sRv~mQA(P8s)qJ8ZRd&VjD^_6aH8dFty{y=O>vq&DTB(pT)ov400;%EdNA|tk#f<%WBP73eq{g_T=50p?oMTX8- zuI!S~%)WFpSIx%EeO?)9Xq8g^==j;0&*sDlYVduuH}yFb>}w9JwLQ0;3;yqTM$j0N z3l{VMUAXf~B_$!^^&c#ETyx74044L5xQ$OH4%PUZD ztG)TJ;Wu>`Y<;3s(+xrx2G~tjt|DaQGn`MM-rsq7Xe;9&Cw>=w2+gcA=7N`_C@|_= z6IzKzSdhUO4#aJ#heLeG+w$2?Tv~EaqFo7twCQm(wz2oz3CtzK+f}NdMyNSA@|v}> zXYaVKHunCt>80Y3&dhAUu*&^VsR(b(cHZ1D&6msMaO+$Z@xaVXP>>RDdKTE@e_OGWvWIdekA9k(~ElN*M&+->RS z3jU5}2^(<#Z=Oa>!us5F5g+&#>!O6dNx(n`E9~{`NN3w&l2cE@+8H_LYF7$K5p^~P z{cU9-Yaxndr_4f*jx;m*r(5v=;C3jZ`dK4llI{wvR5>GoKkf1hj@ao?Iia#frjC&; zA`N061CTF|>~21B8*RBg$_9-qAwE0M__DM;!i$UQ$v7K|YFwwYV2{!lBmnCnbJJoQ zrNY}RGI7XX{=lR`gfTn$9miN(>zTUw`{W)ZCy~~*Zp*(B9Qf3q+*0Uw&xxL-deh3( ze@!`s7Bt>&0`LD&`;E} zL4i1j`4EqnC5%csi#E-^MlM?L`F}M}>(zkvOQ=lkvOvwk&dQ+dee?Mh4)LLj=?hu{ zP4PqNF!PVq70U4NKMA3%Wu)NH-F=7{i0CDkY(KiCC0q=HW>bgq$i@#UYC&3VG0fWK z>fq>VEG%cf<+gA0+x*&y!ZbJ>qfIZsxrUKFMzXoXE`&}m^7Nf@>Ds-c!vs2G3T~_? z*^|O)vu+gjZG8e82I2U(FY%{_77US9o_p1}wkG)S_=bmP`9DB_wkzr5sAy#otF2 zZETFmZYEp0TphI)6&vedB5W`7J<|9x45qb`Lw3x`k|IP&aH&bED07ca&ldE$~ z5ZWOQ-`kQOd_0pUQpFDVPyYM0yV*ayhV8krAu8R2zXU$h|C$evGVl~7WoPQ{q_Ql0Tul>l`4;76keI4V={$k;oI{(EsHEAC2 z+MARj5kibSQQL`8Ly$S)*&LuQj#i7cB;gc?dfJ)KSBU(zoLo&yOD z>}*L@UMAi8Gb}KP5(vGZljEQ2E$T!gDLo!;aU9?t#0A<3CDI^`_sgqe-_KPBK6TaB z-`?Io#Y0)eCA1=L1*aIN=XZ!1sUKZ%EyjIC7+rl*V=`>gvE#wL7uoW zQAGO@B}SUWt~*7>9hGLw&~5rIzEwF>B6tR7kJZ1h!@cFk$FVPFUw+=QMX0>txU95$ zvf{kORy#{QHb1xrBchka`^Nj^gc6GsS%qy-U+s+p?O#(d{77ERYTC}l^bg&un@T!) z7CLR7l&DoK!uPGjOE6(YDIr#g4;DS!cZ~Ln-fw%`)%WKP-5dL*z9#0)N3+C7#b(`` z%IsCUghsrLK&-cGroBM*Bt_vHH=YAk`0NkN<`kC*$avQR=63Yn;SFTg;cdh<4QBp# zXrpf?UjnXrHJGmfZ3z_bM8DMbMHt&c0%vme}ww8yg< z3AEKwOAct1Q4i+EIxi#6b}NT{y%91I+D9UQDc3qpGZnflDZziH6XLarCgzp2O>g^8j~_=hag>aCbFd_2jN?n(ZO#w z>5dmdhX!{CgO1vT`5n)+Zc*Nlx_R!U?4JdUoS{i|D#z@P)yGfYY$YUMSR2~H<@ZS% zzC7)0>K9{UEGe9N!d-BZ6ecJ?sUjhWkd<&%L%v{zwiE6E1@*n~g&`_l*l*{wZQg(Q z&vOuX=sgMVnE#oY**L2T>S5bUH}d&-ApC%IkZJ80p#jH7EaMGGgy|1MXWuumq6WjM zXh^k{r)FXTnRxCZ*YC@5=?1migA_MA7uP*>{kjg4 z(+_^t{2h?rWj@9WVu+&=(ig%~-98U<@~3{l5*}Fwfq-%rs9nP-e z!);04Fb@C?Oqk?MW3Zg`bNgcP;+%w?a9LR-Ws`+#V(hIAG=%KB8rpf|b)W?T2{s=m zQX1A!*}@K2a<@jEJOt>;MT4Q)-SMha2z9NABq-r%8XgN z$$^lZYYbEuW}P(}`&I%9P48mYPHkH7d{Bx+cdIjPbWABe8a1Cco5RdAKiYd}Z`ej* zU;Ep?-&`et{yFX6@?V1E_m?>15rgJ)0W>xS7fq5|TgAq@AtE`}rY3~O`x#%CI6xy= zS^TV&m?kKrgZ1XHPkYiVwY3Y*giXmy448$ zOV~$34HzZ#$Ckylpiyw5dqSDXAoa2cqR*VG^NhrlpZ9V1+lG*DJz*P616t+Gv|stD ze%yT9+Sv!MtkxsI%o6&yEJe^tBFl@Mq01z?)3HV){>8Z?A%tG6lQF6ByY>;TlQU*m z+Qn3gRoW#{wGmG1zp7|%Qcho91WUJY{PFby&XsNf+UM8$$13qZtO^X+*2iX%d!|%> zSp#v?H)qLBc~$;M$6@4Ms1Hn(xF&mXXLOI_6YG$2R=*!lc*o+jf{CnBy-krdZ1F|G z@41rfK^8_&#pjDuUQ8G<;SsY3Sy*^%>9S@wh-g@InZK^&=hdo@^vsmx^M1o9g1jM& zb6K;Njq3E(Qn2G!iypG3Tmx=pbM*kxYV}#$vKEZu1*s<{oXHy{Z$2TzQ{$rP)1s&a z0b|a@&CPkRWdL^U?19&kl>1A(1+DE&&O!IolL@fFf=^v|2reJAu^P_o0cpMAo#TLp zEUBC}VS@S1=;M%cBjxN+$|;JhWjnyQbQoVsa(8Mj+?%&(LRXqqhS)Ftv_9_ zEUOUw_h4Ghv@wb;?>qGmYQz@^HbZQlvl3CqV$py6)*C5v2<8*dH94=>sPt|F?ljc{ zd)YzK6Cw|}s17P?XKtbURGbZT^;jZUrH5q+=2=z>`l}&atop~^$7EyznGAlY`yBGf zs&<9P0&RWE85_$4=Ij)k+e5XZZ+JG<9?P}%GoLeNBa?8~*Hg6yjayEY06mLL;``{D zW7O)Vfi$|x*4nagW%ea0>v^`CUI*W(u+|cdGaMwJuWFAkcSCF}s~TI-Uw&UZJAxjM zEY4qoYyP)yo3G!*dD=POrUdj-ss=T3CNOfUsUUd|H!r_UBgtp9ZmH& zeAfsWUaL%fDOQ^w?VE*pBsp>f$!mWuM&lH;n0qT;E(cR>`W@LB%e{8#+w7q9OX7y*GXWjl5{_Pc3Mdun?w()m#HDVk*g;A>Cf(EDdfoH%J5Cm8swS;lym`kDYU3F zKA#Ca?3m|T>?)axtCD%c!966QHBhOME#G&8nKE9bwaH3u3@278P1<~9m2Btn!eqLS zjU<87tK`GX+3{aC6SURgFV(R5*z#|V*lixW{X3q!B#vE})E}`{NWJclJ8ki(D8k{rn2heQzSnRsvuk{HG=)z&H1tSL$0h7>q?H^Dpsyt zp?L)D**6A}v!RxyJK7OZRoG(TP*%x}95){mZ-WhNQ5`a6R=}?!(2hk27oya1LmR>* z-ijEwjjhXjhhQgv9$J(Vj}5v!p9}dl1$A^nnVRUXcf7eU4Oo)3!wM{R_NpN-?Q%u-dhYc&Jf(#DzlqUzy_y(>s0nEPgebW~ zIgj#~hn^Aa^Ro>iBhEB#N`h-J$^GYHqp2NVMEyoG)8lq{KERm9StUJxO-zokZvoiloWBAQvPSRSa> zIc{QtemGCLNQj+r05VrxV8M|mSYM%bvEPnaQ~7A1T=qJ)0%X*#?D((yeZ78vKc=7P z_xr6vXj9(>;0;U!OtI8&*fG8(UN*;U5^SnJnfuUe_yc-lv|s!_O<$$1U-FtKlv2Jai(1@rar5^aGGd> zsjL#|oaE)9+qO(YdXuP5swB+*Mi6?EKL0MFMF*+)GfTpY?E{UxBMZpL9tt%8(KV4b z70}GkXLLojsPn*a@QpaJp*QG{u7J;JX}&x!Vs>&KSIhxWCG<)a=?qY8I z7rzPiD+|9h)zcFu`9NtNQ=iBtD+#mA5B;+YWHIXPC;gvHwdkBR4IT&u7BL!yRJXSA zQj2Uj72=UEEH@fjka?2VKyy9h#(J6rIW!631mjgjMiIDj%=%FKe@SX>=BZwe7x<#7 zAwiKGz@|y=$xBD8)PrBx^G&#z;dxUOyz*~;=KYkB>{v3_?2>AknvrOtT%1V?1IT%0 zb;g-yvFn=Ck7}llLI1fxu<@iS84tzx46h3FjbfyN&-yilM z@TSyPOZ5uGq-EdBQV6xGw=H)JG=knWj#oC*>ByN$h?}i z6eS}olt-}vNhv-v$@fL-llqsPLcZB){B`OkhD?QC1q%qR3Q`K6soN4dB%l4oTZt9( z8}qI%pgec{QQLS8Ce!9?mcGSOnNX)Jy`^aj7rVrTX5c`n8)|9zUI7%#gX3$OdvLe0 zVZB%J1cmuRwA$L*zw7*)C(oE1ya4b`c!l-ZUrdc5(Vqd%Kve_DosDvgjswIZx?R{ad!5momlt=Al38Yr=U7 z&+;*ohlIbg8;m6}b#^9qrK>cv`?D3B^3&^?Zl54Q5C#Rj4Q4r&61r?Qqtgc~=j>0Y zF$7mAitJRknZ{50J-#K=ZwU0tZZs?Z3OZU$P<%%=adM55N}-&qlb%120VCGVKP=by z0F+W{Hz4%%3RYN}9d*M&hKm?CkHDfy==o%O1JXuVhI~z@R~LQ-0MVOxiG8(;^2{;geqb*rm!osdm#ABIptiD;g8wg zbe{LC_DB5LcAOHR&fs6tBoaVx%pdDSh%Vye=YF z?@newr9KzB9WTqqA5o5mxMOzJ@}&O10Cp>h)aU~(t5}+po>y-#0mIV>1&;UtPh<^k zRcTyor@FYUMvVQrbAcvVSucAuA*tjAUWr(@U5(`3t#m<$b~o*dEBgLPbuG35#CT@w zSv}QwObDV3<2LG}hML9T1JhzNZNk2(sWLd`;{P9wO8Woaj|V?K>Hqif^zi>%x;*1B3Lp(s`Zuc;2bye5b0q`HDcPxxQxsw{ z3EH#vB6DY5&b%z2Vkxu&Y zSd4s+>5O?h1705cvxT2;(T3Yx3jJNt+ZR<&^7C7NI?8`VDXWS9R{zi8!4F0GfA|#t zcRx=L`TzQJY;FvSw1XtQf}!4FV9S_c)Y#Q_3egxVJQ;P62H ziRYKeWP(2fcUacx6_6(sL2mAakYEa!P1Lix*GN{h%x;g6g0yV{dP6B6dJg|2bZ2`a z>TlzS_#$r`fj$E6_bzaMbyuGhOc6Ip!f*+GPhf~ASQsX8tZ!`mh*a;gJr`pL$XObK zE-$jQcJj<>RA!4T+HP)^#|&(1RGq%N6m6v^EJpsobIvB|O`WonG|1kI8$_}Uh-RK3Ty7y-T)S< zFxQ(Jw-2#3Tga_MXx$M1Ez)AWDXpk6o1R6Orbd()M!TZ3b~-LkwN!0B=t?(+dWwxZ zADlM8WHXC3XamPIwps(*r0B^H)s=OsN*-CjSG~P6D^>QoZk9SuFB-F{S5s z4xj2j-^>im`}w{yOY*iz+2BIJkS78khlW%_5+ z0dJwJA$XnpVK>b^c^|8+P<2KspfMK+T1UVpiqN{;PF{}yrg(uOV^$;#QC)&B)i$hz zQFYV0+8RlOJRr9Lb)tZ|5&Y_O(B#H!|CTVW506vi59B8`x1M?ug70xOA$PkMWy{Q8 zjV!TRS`a&nC&Q$=M?lV>MB!5GF1HBG;6hAefhY`%IAubz+tqP4eV(1C(UJ<&F7|V$ z*6AKvfuLO1FN^z&R&~nX^|Tg;IwiVD_u2j~BdJO!&)M0U`aZICECaJwy>XY7zuKlY zpcw|t^s7~YqTIPb%T8iPR+zkl)KL{GZ;*^*cArGc{fL$uw5(1Ed}sNbL?a_H|<9QqjTDOI71N$G8=IlP^45;+*^!`LM=vk7C51U>uu70W0!S!15B{C_tZ^zIv7d zT^~Hz%5J8Mc5X|PI0*$5af;Cb$$O6R1i+9Y7%YJ=mGz(#S7s@b>Qu!F@5&{-8nZdi zg}~Jri@}F{&DdfN?WiKJcHbQUH$>5t&s;FtlWR!C8p=3=ycM7OyD@-FGk=Lf%ZjAqlC1dSBZ_7~z!%~v6b0x304rD5-E_I@AMAf&<=`3kEP@bCw z@s7mypcpvahe}kc1l0D~1i%Us7Gselvac(Z8@Zu9gWcy$f0iD~8GH zw@6}7uXR;pLB`TVVDS6~EgOg7ra+3KY`JFg7UgCgHukVyqw`@yvs29(3vO@us4J_uCf!DhIm$#jC zV|U+5?`Re%e^mfT656N<}H|qY1|$ z^QMTuLCe2VG8aL@>F_c8wSCV|o*axaR^9rKiYn4Z z$Eql~aFr?8pWHvOPc8@uQZ=r$cuO~P_5M@jn(3)go73%e6mZRYTFF$|>}uLtsjOeX z`0xdaeEV(zd)`)_VIg@6MQ|LVAcxqLp{c5foVfVWsLX{G89$^0X#a zSo}*))0u3Ce%EP%}Usg&QEZhX-oOFT)-bIC*T3SYd{pldOh!cducr(Z}IrPJ5y+{?Wj zmMgauy}7z5KFPlGVJR*^@y8M-XwT*t4$3VFzgMwSx?BRABmGt<@{p8wp z7Hqwu?OUbDR6|xfo2Sj>@jV^oe^%mQg&m+p{_h>`mEu2s*njaP|L^1JCI6!U(bSu$ zoVBTI)(}fmAZ10N5Rk7FQn3{%r$pDd$np>c30^wCTVxKBO!DzKG;i#pGF7*S*`I8C zi`0ek4>%78)n7lNx*{Ff1}SFHcMcX;rW|8Xx*5B^ul{5Vqe@@3{NCtxb< zd1GDcGrf8Vpy)^+Q%(`reBW%=o1(}1SNYA*{Mb=0)C`()~la zygkuECH;T>`qc$rz!)-g_yP=Nk-MUk=2e2j0HA0A7LcmrGZkI}Ros2+$`!Dnmdz~1 zd^t=Hg4@@k(3Rx|m2YGSR2*XI^a#(dOwt;e3dSFnY5X*mNzRTKPYT`0@w)IXZnVZd0tzhfQH6Glgp%Us}y?CnB zaptuWv(d*`)(U!V7I&k0PaiqC*2i+=;qS-4$s3jn#|vpQy_)GrrFb2ypJBy8O{~K1 zDOzBpBJokgG1cJ^WCEW5i9OeTN`NC^ZYqA(d?J&T08bEj3AW8aQU*+(LaY}r&1Y5a zxYQxL5bKwnJ*rP+kD$Rft4@0j4y{w)TucTaRJYU~QOQCw+$RJPiH5p$7m}+#q%6ek z+@R$sPlqyEr!OVu#w$j9>FLV@`1Bn`3q%=uBYr%33G_d8t2~w2O^b`X+JUK8dGIvI z9a&oBPzV+C%4cVd9(>Jo;Bjc4PtRj`I_m$okVZI~u4V$X`hWLI{@;WBr~AL}<>{gS ze^fL8;Fu&_U-&{v7|JXxIBin;-;3Atn2oOg; zM*-LtD!ElS{Oi{v@r!8l_3K~`G5EG^pO8L5(t44LjYN2yzI&#NYyokr7OO= z#7bqPm3CO?95RJp(_k(W#Gkhqx`lw`vrBY4750%$)|6PMNXLGd82A+G)cwJR8d^23 zi88B-O!v~j^lT)PGzVGsEujLf9ynE2-;tVc?H<_`xt0xDNPVfWXtEx3m!-6-Tz@(Q zuv15>ZJ~!?{4+!JoT3T-+^L%zwDie$O__h+W^b_VC8q!@r~I5OuGz_ zH4fs^eR-zeiV#XWCb2Rkv7rJ(@)?I1(xsIkpnTf0Dg&O*xN*4=TFCfo6mG4oVk(C; zh^q$>8?9jH9Bf_&qD3*qP~faj#aqQ3JLB&zL?SeG*}0>2ExhL3Y%2ZM-blCVMen{C zrk@V0V7m(ISHw)L0rxqdqmXFsw?QSz>l8$>`An& zd6CPimNWn6Da`ZfS;hXFLyBQA?(Pa~vHyNN+%MLDJa}>NWdGgEvx@!qlOTZ8S8KQa z3}HPQ+s{n2*7B3t&v&!>%ov-o`6^J_%i=TN>+WE}XDb_hg}$myK1lr;=E&y>tvpmK z0%SEW_LT5hz3Eu!M{Km>gBr8(f)HL~I#TPEn;W&FAF=(KFcYhfME~6SeY^SE{QU)r zL+ncushdu@MY-2UY7!S$sn#scHLN#{HH{3#60g}h&Owl$jRevrlvNUOO9WSCA?E`l z?Hkr|Fbv88?(23!7)+OuyjC|vG2Y&uzPdojmOie<3vL4vYM82?`YPIYAj0gc4WOwC zre=)&yEt;X?0{?Y<*ZQ|=mPf&&K%QiMSrU}ayoXiW;c$RM2~e}(S=jj%N-p!rrSsE zzOlt=A0EpobsKcvY>?e@Q@9JC**j7n#;W;l&5k+2zdcqqQ?tLxRn5R}Sy5X`R;`%* z`@_27R`LIkXiC=S{~7JQI5;Tze_lN0f85KnlK)2#!0D_1plJG+^*ezybv+&@kUiUa zPmlupj=ms!s0}%U%INLq5YpeT#UYgMtHvSJ?8eD=QRBvGbt)AmRqs@KY!0DQ$l(~W z;`f36`Mw-Vm&oLKlwC>cU29Lr37@^rXvOL$rHdLjl>GU1J(>0Km)KCW*rFToekmV> z4Z@>zi)m5!Z{QYFAJ|NGmr>Jx+MRKNvIU-1OK62k%XAe!C2E9oS&6@3;+BvkjX)K0X!A-MKmuQno^6f6o-Tk6w$u{p7eQ4Lr zy*#V<|76Mk9*LlB@n1ib?*Ba){rHssc`wgO{=enr|9QK9$6xLyiHCRl$w_WB@=K1e zAva$Unf;u6^6Ry@`0SomjQGj{vvRzb-OE$7*Hg4t*}|6`{cqsZdgxfMoaB5|UZn?) z^il-)6zBCYzNXeaZ+)Job#46ZFt1`^$xgp*ACsIy=ha@-zf{@BUA;@P(?{-G>g>d* zSKT)0!q^OZ-Pv=Y`05*v=c-ntzq!@y?jlU3;p2|uTJ>4M|C4>v(FxQN|1~-+`F~#Q zKjr`3&$EjE=UfrMCY(SPZ9N)KPzF=IJIG?AJNbmHu{Prvszz`x?~v8S9m~K}^i=60 zO0CPZy={KA_bQ~l`ITjkj+QYjTd5(ssCu+Y$BLKVY#z{?Qf^j>*?Kd-+`Qhdt>BF{ zm6$0*k$10X3|R}=iwf;k%vLY&N2nO0xE>A2?(0x!B+gDNuvzy)^UNNTqhU4mIY2%R zPAb)eXEj z(omZ%tRTc|HWo-2E?9=H3-I6F!zVb3L~Q7bp-3|X&v(0N81ksevopVI@;b_pVN&wTC=>f zM~hb%d6l;9H%uCC! zKaaDD1NcHvz-H2a6>&Wp->(Fx-t8-2-_7HzM%awAw}i}YZdvtNH;-&>z+JAB8?l1IGzH!xENcBE!E;LNK1lw8go4gXKFb}sXh+@$C zRrv$-d*#%OYp~AUUaMDki32M-i>sr+%0YqwX14RO7phVhVmp%Trk&A~gYsvFjuSrX zzn+?e+hI%?I`0MMqwwZiHy36Yx=SQs4%_t})O79welxVz`|>V3EB>rNZ4I$=cFTI- zc3uS64%|CV&K~{ScU-r*p_G7a+N-NKg?`Sb>OSshnW;`6rOQd}cloL%egjcMCHywbq;%O+-Q+O?6i|vNRNL3Fl!h+c7itYWyjg zT2bpysUDYsDT)w<90j}G(=7EZ@NMI(W_oTKm;iEEJw$!nLkGP++p5%!(O&8u%Nb1V z)WdKzEtv}$4SVTA*V;w;j{J)2rMs!ODV3Qk=Nq}beNMG=af??Jw6f%UIkekm+OYNK z6Vu!;(-cgNQtx1xpPp$dFTl0tXE~C^3}b15OuRl!ndhCN&vMm^+B1%;ORiKZwV9aZ zqjFu_@8r3e@iQ<qkoz+nO?LoAA>??Wx6SN# z7zNH2h|p9;NpCCHgpNi9|6|~R_ffb6B$8hWkU)$m2yuiw$2-0J^-^qd&K5Y4)CoSE zT!H{o=6F-gcjbQ-_>MRJ7u}WrH9yRzyW&6QpKKBBW*v>8f0M-0_F>L<9=na5@4PX* zalZ5TJa)eOf6f;804XL3181kNnd8Nj{Dyq)csM|CSGA+$H^*Brp9E<48}dpt@&Co^ zI*s;b{NhMUnqUqbL5qmuCyS!aRa=Y`Ebq9#f&UoCs2IoMZ6I-%&Wv z|NPJG8Rs!O+T9g9gvVyP0rA-`Co%TfZm636s)=b!v>8bM_mq+(79vFv7zoJ}`(TXt zEfNAp1ERk39A|3_T)q9v>4oE5UtbH&+6hpMq5wrcMp}Cpd+U+zPww;Dm3jn5-e>Q# ziMk;Sb3&I#zyPiX(PMf(neXbq#b9#8F=R9684%!ubl@dOVxgy|tt4D9#vjbMi;;7K zqu>Y#3m#8@g0VA49187OfUE$nFqy;)=1r0?RI!lqMB98dUnxsMNKDBB2Z#Y^aBiG>VqP(#4BXDJKLb9DgbF0x|1!~GfkG04 z2;J)S0Etkn6*ZLBe_%EVFozMGBI-HLtK4$t29Of}mp926!8m4FZ#ViExg3gQ0u+a2 zITy;IP*zp<@}Fb^BxRnc{&58SFku`~=BaH;zExdpDZzyqfeN+AAaPJv*;$y^#VS8p$Yk0{3z z>_d*&j-dOgK&G4#i3Dkie~S4oNkRdP(=aj32j>(?UjoA%F~=F&;Eue}e}3-_)qD@U zeQ)o3^^GuckwAzb2?Qo249Tq+h{JJ+rpl*TV$plB3V*%(F0hQRsaeyL$0YriQd;zD3`4met5p;gOfY+a6-y}A^95XMmWL^(yodzCb|n*j4ZeU2#1k3;2*eLSywgZsDgzi- zq3a8{w&Sb+`u@GE9WBiG9o<*Q7q0m4|8)n~pb?ZAq(Kf8@xy(C5|h9nrG%B31O}2_ z@pr^=6=W$WKAFcPLJ>~^%A7>kc~YqbMIohxmCb=78R`VaaE!x_ELFiQEAd$Or-~cf z8Sd_^w2lGn)%GnsdqU9bJ^i{kUA_83LUKrjw70~uIbPmY8>Sy(AtO!x5uN}OZeWc7 zFq2LQhWNk}bmCpBeGO>B0JU)XltjOgv6rbJ*Hv)BIHn|~Sh{r6rgFbkX z@*=2R;k0_#Ae@XtjwVUSP!Z6saN0d=4o)1&B%M2~yXm1HGW)_w$I!0;vIm?OuZ~Xu zMT{iWM}5HU$wxson4RG~xj0<`nSJ4mNr?Sr6{ua|6gwI66N>p#ceV*QBgAhBy*V#~ z+Z9gTLq8aM!wF-2iRc3RXjQp%e12wn*xL^GWgwk|bWP9O(ckq2bT-L)WRjAjL65307+PK!VuBW#x z)UDSZ`rF18w{<<60n}y%B;P1e__a|b)xjdxqwyIfw*W>!0w^61@^{8btk_UN44^dS zz06iA4p0nXF)yqDmh`950OU;@&5dVsIBhp&?#nl@^3%p6_vKPp`LQV%%QaE|tJEaL zzJe6#Op-7JvZZuqmRCU2j%;#42zOJX$3$Q88B${b*JOu3yWRl|A@IwY`Rt$DTe1x$ zgb&gPYQ||I>mYidVghjzhAP2=T~|)vl=wG@DjEbAXo?x9OQ3Ty-oZIyU^_rDMLy&x zI1(Ea$PYnL6d-z@4Fqt+ID)~TF!hvKYG*&%seiXW$Z(Uda&lcY@e)+4Pv2CE$ui$q z>NjTVpJbJUP_{`wZ^uJy+4m=H*7o#s%{;{B{>>;9*^^^PZCH05a;aaAQ6%$oQh@1X)PGt1l7*baYV=?3} z1~elU#n=(y*e@K6C=Zy2$?iBL)7|~O(SPpl{kS{&^Dd0>(E6GUaWotaM~AzXSYJjQ zeol`Se8fN%QjL9a4*BeA8KY}!g69-RoSC#3ZD7Q@p^0fr;}=k{241Q#IUf1bgjBuI zCn01^?CjTdNX3PQYenvV6Qufx@}Jak=mq*cL5yd5RSBu79U#6M>Qhtzqlj>wwg^?9cpB+;=0s7Q%pq=$?F_%#pQr3^{aB-x8P8(YutJ303sR*n@D`3yxG8I)Zs-+` zG}gOowH;Q35-TQ)EXaGTtm6pN0H_ao;h@>=qalzHUTTemxKMuqPNd>YB5)MC|(c=9AQHq0nS8X(r4`RuCDNiU;3XeGp6U~<3_XLJw;Q|2TSi;umM(qZH z{BI0>lsj)Y4nuOQ^F>vVZ`w}R$Rujg0cs$WemJl}v2ai~cK`#a?Ws+caTtbD1V3jM ztlc1xOItd-RA0%V;xJ*W>5@&Hsjbgu-n=7EeuGw5&!<_i+)gZ5R=$L0o=C1A@% z%ls~-$@e{OG?4w)`3 zQsEX`2lbWEcY~JcK~9Q3ojY=adK}Q*34Lj4WNE%WB#xS9XrV7V0#Hi*bp`s;lqW&~ zMVw-^Kr#>>PXG)lg258_a_0y<+m6p=$qjW0%{+#Ht3yD85BcybgJd)I$Swc2?+$<) zqG-xzE*R|rmvKs>X;y7Z$bUUd?(d93kn#CxN}NHhL7)2G1Fh(*j>P(w93MAGBZ~QLx`j7^e1;NoYat_%5Ti?0%_86 znk)_2j3i+I6bP#7kQrttH7X_){hpwRhfDLZpEEkHpIwVxQ&=OKYJcXq-CMNT)1tKz zdI$Hy21#yhUE8!*kv6P$^;ZcF1Aw9hrX-rHY+#CIHiA^pRY(L>Dnrk3Fh#Oe1qAwR z^5tn15|C4OxisCW${}HCMu^c#R6&H^w9ulsnAz!HIE_N;yHZhkCJQE% z%v0ykH6Y{Pkk9pkV9r!AeaL6Mrg4+2#-je!NBOFp#v8O0lX#1noif0{1XISXDF}#V z782AI1p+-)LUmhh4@zZOs^KAsNHjF9?P-*i>Kn8i8j~zsr4Z%WUxYr|HFr? zJ>tFnzMmCRA0A$FcAd;Tl}K4j9@w#=d%cdXPy6^uB|Vj^bb)@+;BR_cLEVa$B6>ty|Nd&|_0k@FmY zmi5aQZMv>nKhvbX(iu48fa<*k0ycv}fmN}U@`7X;a+y{I>a%|9DHV3z4ONfwX4L*tM+h-MB3&+ONfL#Cgdw1z&{mT<0aR$(kUVNzzg$@?mim-?uAjUXdR?nm zxqh<5)dR1dfZ-9XUDfTe*S*)yx<7a=3s_z|tE$PvE}(UH&AqH*%lZ{AgjkXHtm{AS zw0`AvQ^njLcFC+#()Yu29oEfJn*X_jgvL?A%UcVI12VTPzj{922wmpwT zQ*w8mMf7s|Y7LwRnif$5`_NmTg5rKRKk1732x)|)X}ce$gU{toZjn|;LIX!w_JJLFUiU z95O4DOmvmiVxl^y<;VemFJp8hI>gb`0U*eh>&PU+nC4ckRh5^783>8Y0dfF9pW!?X z(GdvbR~{ygW0jR^8R{Z!DG52toU(h?<)?O|DULon4u{jWZdE@VPVH_+-ssR94FfdB zFdB~bhV<~japEKlRVsE{rxMwdC4j2?^Yp{?3JB@YetsO@!X?Te(VRd3xCr_^(<0EnqD_uvfy_0&40SB3(~x z3s~pH8E5JHQCjh2E)`MjfpyyK*+>w0bR2yqE|0t0X!CC~!c-mN3_uP(kT98}{K5GS zIGY&SbBFE@u!ngkOR%}FE^8HFCg5ZsSPF#ts%RR+L~Ac5YJCr#F{Db41iz%sIx757?ZX&0w9!DA*C z(4Opkse8Xc%b#Ez<4B5)TwnV4w63A*Q)>Y?XsP3TD}u4bOB~e!q2O1CZ;i-SB?ePa zw}1`o767SMDH@p@r{17tib{b?Ibi`= zVRczXjg{4FG6J1Sp>`-3$K5|wOZYy9zb7cI?U=2`AAeZ!6k75B0>+0gP~@AN>1Ba% zd(uH1W;6CYPgmbY(c;K4nxv_dd47C(`SJb5sgo(03v=*$?V@*8$A|bb8<4*RK+P&X!%xU!t|ZQF-QX<0g=E z!fOV5_x|ejrN=)jIpvdxkr3VG-juz)`@K13Z?wYQDIG6QX}vG+&bO$@wK3NUZ?ozvVweJsb0G7P63-Q zU02fl^Fq^(CF+X~N3uVseTpCCd z9AP#?L6)yQ#e9~GWu;v~yt*Lr7UPg7Y)B?UK0`xY=zOpP_zW{JhrbbO*J)CzR7^}* zt1wv}>kLLy#8fR?Ra98K&r0@cE|Vq#CqgU`8k00BBP%aEL69d@bQJ`u^sJidfzqL5 zFM<=b(ksJy(xLPW0OkyZ6Jb_CnkHBol)Zlc)^nWizWXR+9yQ>%h$4V>VP&K*Ln$KR ze|`6z;|#&Mi9gprGldRQgjmg2X4vIbl54PSlDq^O#!E0Je5O9ym(x2ixVJhIE32wd z%jxI)+%Na33IhWYh0B2le)&71sJVi-soX6{0LEBPN(GY*q}}VoNYGRO=0svCvv!pu zNMQHcE?1_a_M9R3SztlwLAtu|bqS`$ftLeo0)OA#(yfOQxS^)<7HGtPS9xMm2?w#V ze~q^NokXnM@4u550b~`U3Dwc5VLXFl#IY|KN~*XsGAC0MA+hqeaG7(pn!3_fjcP$+ zCxTD|M0HlStnieTc9KkjQ!-M-b*5bnT5~p)nhI@Ike-zaA@fHRA()cens0Vwe=7Vo zdd|T_2rd{c0cI>gtox8kN7r1W>6G~>f)taqq-k0Y0J8ko0YOX*Zv>X%Mi?!{I%Z&G zvruvJd0w-prg%nx&6?oOBSY^b6ipB{V(J$%nPBO3l+6O-C&IFktJcgri~V002fxno zR4wuDR{G~KVQA<>hS)%JiGCGL)#8~sZ~_(wf>?fLXp)2=#L*2?v|vUSBj$?N^Mn(M zVaRqVVkBIkp#W}Q{`X)Q6UK)bAZnd=t^T^qq@uYj^PyUxp_qdlZ@AbWa-#n{*p<84 zTkNAqSdu3sUaH%1|HCKo@-Jfd+Be+dIJ#W`k|@x3yB^2TpCQx34lp$h_q{!^EgHD` zl{@&0Bj{xgmy+}n8FPf0;%M~QN3rC1pUmSBE3?^b7P<@1`G@X+j5(A{E}%5Kn{EXl zS6YI=$Id>No>iF{Pa>x02 zcJ=r7KVN~5#}^mJ@2<{XUxN1+;N<!K5AA~TPCUAJ0RR6!@N)D3f(8HrhPFij literal 0 HcmV?d00001 From e05dd4a3b5b7cf0365d08c38a17cdf35ab954b5c Mon Sep 17 00:00:00 2001 From: Fredrik Wrede Date: Wed, 6 Jul 2022 14:10:26 +0200 Subject: [PATCH 15/23] update version --- scaleout/stackn/Chart.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/scaleout/stackn/Chart.yaml b/scaleout/stackn/Chart.yaml index 91ed1ef..fbdb0ca 100644 --- a/scaleout/stackn/Chart.yaml +++ b/scaleout/stackn/Chart.yaml @@ -1,12 +1,10 @@ apiVersion: v1 -appVersion: "0.4.0" +appVersion: "0.6.0" description: A Helm chart for deploying STACKn by Scaleout name: stackn -version: 0.1.0 +version: 0.2.0 maintainers: - email: morgan@scaleoutsystems.com name: Morgan Ekmefjord - email: fredrik@scaleoutsystems.com name: Fredrik Wrede - - email: matteo@scaleoutsystems.com - name: Matteo Carone From 2d659d24b8ba0d92e8adfc90c51db57d0febaf90 Mon Sep 17 00:00:00 2001 From: Fredrik Wrede Date: Wed, 6 Jul 2022 14:11:18 +0200 Subject: [PATCH 16/23] bump postgres chart version --- scaleout/stackn/requirements.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scaleout/stackn/requirements.yaml b/scaleout/stackn/requirements.yaml index 2de0b9f..dc10c82 100644 --- a/scaleout/stackn/requirements.yaml +++ b/scaleout/stackn/requirements.yaml @@ -36,11 +36,11 @@ dependencies: condition: reloader.enabled - name: postgresql-ha - version: 7.3.0 + version: 9.2.0 repository: https://charts.bitnami.com/bitnami condition: postgresql-ha.enabled - name: postgresql - version: 10.4.2 + version: 11.6.14 repository: https://charts.bitnami.com/bitnami condition: postgresql.enabled From 0504cbeef2f267486dfe98014d42ac5eb246cec5 Mon Sep 17 00:00:00 2001 From: Fredrik Wrede Date: Wed, 6 Jul 2022 14:13:22 +0200 Subject: [PATCH 17/23] update charts --- scaleout/stackn/templates/_helper.tpl | 61 +++++++++++++------ scaleout/stackn/templates/basic-secrets.yaml | 2 - .../templates/celery-beat-deployment.yaml | 12 ++-- .../templates/celery-worker-deployment.yaml | 8 +-- .../templates/chart-controller-secret.yaml | 2 +- scaleout/stackn/templates/media-vol.yaml | 2 +- .../stackn/templates/nginx-deployment.yaml | 2 +- .../stackn/templates/studio-deployment.yaml | 8 +-- .../templates/studio-settings-configmap.yaml | 14 ++--- scaleout/stackn/values.yaml | 57 ++++++++++------- 10 files changed, 101 insertions(+), 67 deletions(-) diff --git a/scaleout/stackn/templates/_helper.tpl b/scaleout/stackn/templates/_helper.tpl index 679b13a..0377563 100644 --- a/scaleout/stackn/templates/_helper.tpl +++ b/scaleout/stackn/templates/_helper.tpl @@ -11,7 +11,7 @@ Return true if a secret object should be created Return true if we should use an existingSecret. */}} {{- define "stackn.useExistingSecret" -}} -{{- if or .Values.global.existingSecret .Values.existingSecret -}} +{{- if or .Values.global.studio.existingSecret .Values.existingSecret -}} {{- true -}} {{- end -}} {{- end -}} @@ -20,8 +20,8 @@ Return true if we should use an existingSecret. Get the STACKn password secret. */}} {{- define "stackn.secretName" -}} -{{- if .Values.global.existingSecret }} - {{- printf "%s" (tpl .Values.global.existingSecret $) -}} +{{- if .Values.global.studio.existingSecret }} + {{- printf "%s" (tpl .Values.global.studio.existingSecret $) -}} {{- else if .Values.existingSecret -}} {{- printf "%s" (tpl .Values.existingSecret $) -}} {{- else -}} @@ -73,8 +73,8 @@ Return STACKn studio superuser email Return STACKn studio postgres password */}} {{- define "stackn.studio.postgres.password" -}} -{{- if .Values.postgresql.postgresqlPassword -}} - {{- .Values.postgresql.postgresqlPassword -}} +{{- if .Values.postgresql.global.postgresql.auth.password -}} + {{- .Values.postgresql.global.postgresql.auth.password -}} {{- else -}} {{- randAlphaNum 10 -}} {{- end -}} @@ -84,13 +84,49 @@ Return STACKn studio postgres password Return STACKn studio postgresql-postgres password */}} {{- define "stackn.studio.postgresql-postgres.password" -}} -{{- if .Values.postgresql.postgresqlPostgresPassword -}} - {{- .Values.postgresql.postgresqlPostgresPassword -}} +{{- if .Values.postgresql.global.postgresql.auth.postgresPassword -}} + {{- .Values.postgresql.global.postgresql.auth.postgresPassword -}} {{- else -}} {{- randAlphaNum 10 -}} {{- end -}} {{- end -}} +{{/* +Return postgres secret +*/}} +{{- define "stackn.postgres.secretName" -}} +{{- if .Values.postgresql.enabled }} + {{- include "postgresql.secretName" .Subcharts.postgresql -}} +{{- else -}} + {* HOLDER FOR HA MODE IN FUTURE RELEASE *} +{{- end -}} +{{- end -}} + +{{/* +Return STACKn studio storageClass +*/}} +{{- define "stackn.studio.storageclass" -}} +{{- if .Values.global.studio.storageClass }} + {{- .Values.global.studio.storageClass -}} +{{- else if .Values.studio.storage.storageClass -}} + {{- .Values.studio.storage.storageClass -}} +{{- else -}} + {{- .Values.global.postgresql.storageClass -}} +{{- end -}} +{{- end -}} + +{{/* +Return STACKn studio media storageClass +*/}} +{{- define "stackn.studio.media.storageclass" -}} +{{- if .Values.global.studio.storageClass }} + {{- .Values.global.studio.storageClass -}} +{{- else if .Values.studio.media.storage.storageClass -}} + {{- .Values.studio.media.storage.storageClass -}} +{{- else -}} + {{- .Values.global.postgresql.storageClass -}} +{{- end -}} +{{- end -}} {{/* @@ -114,14 +150,3 @@ Return STACKn rabbit username admin {{- end -}} {{- end -}} - -{{/* -Return STACKn oidc client secret -*/}} -{{- define "stackn.oidc.clientsecret" -}} -{{- if .Values.oidc.client_secret }} - {{- .Values.oidc.client_secret -}} -{{- else -}} - a-client-secret -{{- end -}} -{{- end -}} diff --git a/scaleout/stackn/templates/basic-secrets.yaml b/scaleout/stackn/templates/basic-secrets.yaml index c307c15..a6da9c5 100644 --- a/scaleout/stackn/templates/basic-secrets.yaml +++ b/scaleout/stackn/templates/basic-secrets.yaml @@ -10,6 +10,4 @@ type: Opaque data: studio-superuser-password: {{ include "stackn.studio.superuser.password" . | b64enc | quote }} rabbit-password: {{ include "stackn.rabbit.password" . | b64enc | quote }} - postgresql-password: {{ include "stackn.studio.postgres.password" . | b64enc | quote }} - postgresql-postgres-password: {{ include "stackn.studio.postgresql-postgres.password" . | b64enc | quote }} {{- end -}} \ No newline at end of file diff --git a/scaleout/stackn/templates/celery-beat-deployment.yaml b/scaleout/stackn/templates/celery-beat-deployment.yaml index 5f3aed5..aabce71 100644 --- a/scaleout/stackn/templates/celery-beat-deployment.yaml +++ b/scaleout/stackn/templates/celery-beat-deployment.yaml @@ -29,7 +29,7 @@ spec: initContainers: - name: wait-for-db image: postgres - command: ['sh', '-c', 'until pg_isready --host={{ .Values.postgresql.fullnameOverride }}.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local --port={{ .Values.postgresql.service.port }}; do echo waiting for database; sleep 5; done;'] + command: ['sh', '-c', 'until pg_isready --host={{ .Values.postgresql.fullnameOverride }}.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local --port={{ .Values.postgresql.primary.service.ports.postgresql }}; do echo waiting for database; sleep 5; done;'] resources: limits: cpu: "100m" @@ -59,21 +59,21 @@ spec: - name: GET_HOSTS_FROM value: dns - name: POSTGRES_DB - value: {{ .Values.postgresql.postgresqlDatabase }} + value: {{ .Values.postgresql.global.postgresql.auth.database }} - name: POSTGRES_USER - value: {{ .Values.postgresql.postgresqlUsername }} + value: {{ .Values.postgresql.global.postgresql.auth.database }} - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: {{ include "stackn.secretName" . }} - key: postgresql-password + name: {{ include "stackn.postgres.secretName" . }} + key: password - name: RABBITMQ_DEFAULT_PASS valueFrom: secretKeyRef: name: {{ include "stackn.secretName" . }} key: rabbit-password image: {{ .Values.studio.image.repository }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.studio.image.pullPolicy }} name: {{ .Release.Name }}-celery-beat resources: limits: diff --git a/scaleout/stackn/templates/celery-worker-deployment.yaml b/scaleout/stackn/templates/celery-worker-deployment.yaml index a0494a3..a55914a 100644 --- a/scaleout/stackn/templates/celery-worker-deployment.yaml +++ b/scaleout/stackn/templates/celery-worker-deployment.yaml @@ -27,7 +27,7 @@ spec: initContainers: - name: wait-for-db image: postgres - command: ['sh', '-c', 'until pg_isready --host={{ .Values.postgresql.fullnameOverride }}.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local --port={{ .Values.postgresql.service.port }}; do echo waiting for database; sleep 5; done;'] + command: ['sh', '-c', 'until pg_isready --host={{ .Values.postgresql.fullnameOverride }}.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local --port={{ .Values.postgresql.primary.service.ports.postgresql }}; do echo waiting for database; sleep 5; done;'] resources: limits: cpu: "100m" @@ -57,8 +57,8 @@ spec: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: {{ include "stackn.secretName" . }} - key: postgresql-password + name: {{ include "stackn.postgres.secretName" . }} + key: password - name: RABBITMQ_DEFAULT_PASS valueFrom: secretKeyRef: @@ -67,7 +67,7 @@ spec: - name: KUBECONFIG value: {{ .Values.studio.kubeconfig_file | quote }} image: {{ .Values.studio.image.repository }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.studio.image.pullPolicy }} name: {{ .Release.Name }}-celery-worker resources: limits: diff --git a/scaleout/stackn/templates/chart-controller-secret.yaml b/scaleout/stackn/templates/chart-controller-secret.yaml index 600e397..988d332 100644 --- a/scaleout/stackn/templates/chart-controller-secret.yaml +++ b/scaleout/stackn/templates/chart-controller-secret.yaml @@ -5,5 +5,5 @@ metadata: name: {{ .Release.Name }}-chart-controller-secret type: Opaque data: - config: #See values-utility-script.sh + config: {{ .Values.kubeconfig }} {{- end }} diff --git a/scaleout/stackn/templates/media-vol.yaml b/scaleout/stackn/templates/media-vol.yaml index d479fc2..579c60b 100644 --- a/scaleout/stackn/templates/media-vol.yaml +++ b/scaleout/stackn/templates/media-vol.yaml @@ -7,7 +7,7 @@ metadata: spec: accessModes: - {{ .Values.studio.media.storage.accessModes | default "ReadWriteMany"}} - storageClassName: {{ .Values.studio.media.storage.storageClassName | default "hostpath" }} + storageClassName: {{ include "stackn.studio.media.storageclass" . }} resources: requests: storage: {{ .Values.studio.media.storage.size | default "5Gi" }} diff --git a/scaleout/stackn/templates/nginx-deployment.yaml b/scaleout/stackn/templates/nginx-deployment.yaml index 94321dc..108a116 100644 --- a/scaleout/stackn/templates/nginx-deployment.yaml +++ b/scaleout/stackn/templates/nginx-deployment.yaml @@ -35,7 +35,7 @@ spec: containers: - name: static image: {{ .Values.studio.static.image }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.studio.static.pullPolicy }} volumeMounts: - name: rp-conf mountPath: /etc/nginx/nginx.conf diff --git a/scaleout/stackn/templates/studio-deployment.yaml b/scaleout/stackn/templates/studio-deployment.yaml index 0ecf899..3995632 100644 --- a/scaleout/stackn/templates/studio-deployment.yaml +++ b/scaleout/stackn/templates/studio-deployment.yaml @@ -23,7 +23,7 @@ spec: initContainers: - name: wait-for-db image: postgres - command: ['sh', '-c', 'until pg_isready --host={{ .Values.postgresql.fullnameOverride }}.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local --port={{ .Values.postgresql.service.port }}; do echo waiting for database; sleep 2; done;'] + command: ['sh', '-c', 'until pg_isready --host={{ .Values.postgresql.fullnameOverride }}.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local --port={{ .Values.postgresql.primary.service.ports.postgresql }}; do echo waiting for database; sleep 2; done;'] resources: limits: cpu: "100m" @@ -56,8 +56,8 @@ spec: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: {{ include "stackn.secretName" . }} - key: postgresql-password + name: {{ include "stackn.postgres.secretName" . }} + key: password - name: RABBITMQ_DEFAULT_PASS valueFrom: secretKeyRef: @@ -66,7 +66,7 @@ spec: - name: KUBECONFIG value: {{ .Values.studio.kubeconfig_file | quote }} image: {{ .Values.studio.image.repository }} - imagePullPolicy: Always + imagePullPolicy: {{ .Values.studio.image.pullPolicy }} name: {{ .Release.Name }}-studio volumeMounts: - name: kubeconfig diff --git a/scaleout/stackn/templates/studio-settings-configmap.yaml b/scaleout/stackn/templates/studio-settings-configmap.yaml index 9502161..0f26d86 100644 --- a/scaleout/stackn/templates/studio-settings-configmap.yaml +++ b/scaleout/stackn/templates/studio-settings-configmap.yaml @@ -188,11 +188,11 @@ data: DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql', - 'NAME': '{{ .Values.postgresql.postgresqlDatabase }}', - 'USER': '{{ .Values.postgresql.postgresqlUsername }}', + 'NAME': '{{ .Values.postgresql.global.postgresql.auth.database }}', + 'USER': '{{ .Values.postgresql.global.postgresql.auth.username }}', 'PASSWORD': os.environ.get('POSTGRES_PASSWORD'), 'HOST': '{{ .Values.postgresql.fullnameOverride }}', - 'PORT': '{{ .Values.postgresql.service.port }}', + 'PORT': '{{ .Values.postgresql.primary.service.ports.postgresql }}', } } @@ -269,7 +269,7 @@ data: NAMESPACE = {{ .Values.namespace | default "default" | quote }} #PROMETHEUS_SVC = 'http://{{ .Release.Name }}-prometheus-server' REGISTRY_SVC = '{{ .Release.Name }}-docker-registry' - STORAGECLASS = {{ .Values.storageClassName | default "microk8s-hostpath" | quote }} + STORAGECLASS = {{ include "stackn.studio.storageclass" . | quote }} # Local dependecies Models PROJECTS_MODEL = 'projects.Project' @@ -282,11 +282,11 @@ data: APPS_STATUS_SUCCESS = ['Running', 'Succeeded', 'Success'] APPS_STATUS_WARNING = ['Pending', 'Installed', 'Waiting', 'Installing', 'Created'] - + DOMAIN = {{ .Values.domain | quote }} - AUTH_DOMAIN = {{ .Values.auth_domain | quote }} + AUTH_DOMAIN = '{{ .Release.Name }}-studio.default.svc.cluster.local' AUTH_PROTOCOL = 'http' - STUDIO_URL = 'http://{{ .Values.domain }}:8080' + STUDIO_URL = 'http://{{ .Release.Name }}-studio:8080' # To enable sticky sessions for k8s ingress SESSION_COOKIE_DOMAIN = {{ .Values.session_cookie_domain | quote }} \ No newline at end of file diff --git a/scaleout/stackn/values.yaml b/scaleout/stackn/values.yaml index 5362833..6d4e60f 100644 --- a/scaleout/stackn/values.yaml +++ b/scaleout/stackn/values.yaml @@ -13,11 +13,18 @@ global: superUser: "" ##these are currently not handled by stackn: default: admin superuserPassword: "" superuserEmail: "" ##these are currently not handled by stackn: default: admin@test.com - existingSecret: - storageClass: &storage_class microk8s-hostpath + existingSecret: "" + storageClass: "" + postgresql: + auth: + username: stackn + password: "" + postgresPassword: "" + database: stackn + existingSecret: "" + storageClass: + -#Set stoargeClass -storageClassName: *storage_class namespace: default existingSecret: "" @@ -31,6 +38,7 @@ studio: static: replicas: 1 image: ghcr.io/scaleoutsystems/stackn/ingress:develop + pullPolicy: IfNotPresent resources: limits: cpu: 1 @@ -40,7 +48,7 @@ studio: memory: "256Mi" image: #tell which image to deploy for studio repository: ghcr.io/scaleoutsystems/stackn/studio:develop #This image can be built from Dockerfile inside stackn/components/studio (https://github.com/scaleoutsystems/stackn) - pullPolicy: Always # used to ensure that each time we redeploy always pull the latest image + pullPolicy: IfNotPresent # used to ensure that each time we redeploy always pull the latest image resources: limits: cpu: "1000m" @@ -49,11 +57,10 @@ studio: cpu: "400m" memory: "2Gi" storage: - StorageClassName: *storage_class - size: "2Gi" + storageClass: "" media: storage: - storageClassName: *storage_class + storageClass: "" size: "5Gi" accessModes: ReadWriteMany mount_path: /app/media/ @@ -61,9 +68,11 @@ studio: superuserPassword: "" superuserEmail: admin@test.com +#kubernetes config +kubeconfig: "" + # Enable ingress if you want your to access the studio solution from a kubernetes host/localhost. -domain: studio.127.0.0.1.nip.io -auth_domain: stackn-studio.default.svc.cluster.local +domain: studio.127.0.0.1.nip.io session_cookie_domain: .127.0.0.1.nip.io ingress: enabled: true @@ -82,20 +91,16 @@ ingress: # Postgres deploy with a single-pod database: postgresql: enabled: true - postgresqlUsername: stackn - postgresqlPassword: "" - postgresqlPostgresPassword: "" - postgresqlDatabase: stackn - existingSecret: fullnameOverride: stackn-studio-postgres - service: - port: 5432 - persistence: - enabled: true - size: "10Gi" - storageClass: *storage_class - accessModes: - - ReadWriteMany + primary: + service: + ports: + postgresql: 5432 + persistence: + enabled: true + size: "10Gi" + accessModes: + - ReadWriteMany # Will be added in future realease, for now keep "enabled:false" postgresql-ha: @@ -141,3 +146,9 @@ loki-stack: grafana: enabled: false + +reloader: + enabled: true + namespace: default + reloader: + watchGlobally: false From a914811fc2f7b7833c1ec321870477ca5cdcfae7 Mon Sep 17 00:00:00 2001 From: Fredrik Wrede Date: Wed, 6 Jul 2022 14:41:46 +0200 Subject: [PATCH 18/23] update README.md --- scaleout/stackn/README.md | 41 ++++++++++++++++++++++++++------------- 1 file changed, 28 insertions(+), 13 deletions(-) diff --git a/scaleout/stackn/README.md b/scaleout/stackn/README.md index a5acda3..72ab098 100644 --- a/scaleout/stackn/README.md +++ b/scaleout/stackn/README.md @@ -5,14 +5,14 @@ STACKn A Helm chart for deploying STACKn by Scaleout -Current chart version is 0.1.0 +Current chart version is 0.2.0 ## Chart Requirements | Repository | Name | Version | Optional | |------------|------|---------|----------| -| https://charts.bitnami.com/bitnami | postgresql | 10.4.2 | No -| https://charts.bitnami.com/bitnami | postgresql-ha | 7.3.0 | Yes +| https://charts.bitnami.com/bitnami | postgresql | 11.6.14 | No +| https://charts.bitnami.com/bitnami | postgresql-ha | 9.2.0 | Yes | https://grafana.github.io/helm-charts | grafana | 6.8.4 | Yes | https://grafana.github.io/helm-charts | loki-stack | 2.3.1 | Yes | https://prometheus-community.github.io/helm-charts | prometheus | 13.8.0 | Yes @@ -20,20 +20,24 @@ Current chart version is 0.1.0 ## Configuration -By default STACKn has been configured with a dns wildcard domain for localhost. To change this replace all occurences of studio.127.0.0.1.nip.io in values.yaml. Futher, the k8s StorageClass is by default microk8s-hostpath. Change this value in accordance to your k8s cluster. +By default STACKn has been configured with a dns wildcard domain for localhost. To change this replace all occurences of studio.127.0.0.1.nip.io in values.yaml. -STACKn requires access to manipulate and create recourses in the k8s cluster. Thus, it need the cluster config provided in ./templates/chart-controller-secret.yaml. For example if you are using -microk8s: +STACKn requires access to manipulate and create recourses in the k8s cluster. Thus, it needs the cluster config as a secret in ./templates/chart-controller-secret.yaml. + +By default no StorageClassName is set and needs to provided in the values.yaml or by using `--set` argument. + +### Quick deployment ```bash -# Generate k8s cluster config file - NOTE: we assume that microk8s is already installed and configured -cluster_config=$(microk8s.config | base64 | tr -d '\n') +# Generate k8s cluster config file - NOTE: we assume a k8s cluster is already installed and configured +cluster_config=$(cat ~/.kube/config | base64 | tr -d '\n') -# Replace field in the chart-controller-secret.yaml file with the above create variable -sed -i "s//$cluster_config/g" ./templates/chart-controller-secret.yaml +# Deploy STACKn from this repository +helm install --set kubeconfig=$cluster_config --set global.postgresql.storageClass= stackn . ``` All resources will by default be created in the Namescape "default". +STACKn studio will be avaliable at http://studio.127.0.0.1.nip.io ## Deploy an SSL certificate @@ -43,17 +47,28 @@ kubectl create secret tls prod-ingress --cert fullchain.pem --key privkey.pem ``` ## Global values +Minimal requirement: `global.postgresql.storageClass` | Key | Type | Default | Description | |-----|------|---------|-------------| -| global.existingSecret | string | `""` | Use existing secret. See basic-secrets.yaml. | -| global.storageClass | string | `"microk8s-hostpath"` | K8s storageClass for PVC. | +| global.studio.existingSecret | string | `""` | Use existing secret. See basic-secrets.yaml. | +| global.studio.storageClass | string | `""` | StorageClassName for PVC. Overrides `studio.storage.storageClass`. If `studio.storage.storageClass` is unset (default) will inherent from `global.postgresql.storageClass` | | global.studio.superUser | string | `admin` | Django superUser. Obs will always be `admin` until fixed. | | global.studio.superuserEmail | string | `'admin@test.com'` | Django superUser email. Obs will always be `admin@test.com` until fixed. | | global.studio.superuserPassword | string | `""` | Django superUser password. If left empty, will generate. | +| global.postgresql.auth.username | string | `stackn` | Postgres user will be created | +| global.postgresql.auth.password | string | `""` | Postgres password for user above. If empty, will be generated and stored in secret `stackn-studio-postgres` | +| global.postgresql.auth.database | string | `stackn` | Postgres database will be created | +| global.postgresql.auth.postgresPassword | string | `""` | Postgres password for postgres user If empty, will be generated and stored in secret `stackn-studio-postgres` | +| global.postgresql.auth.existingSecret | string | `""` | will not create secret `stackn-studio-postgres`. Instead use existing secret for postgres| +| global.postgresql.storageClass | string | `""` | StorageClassName for PVC | + + ## Values +Minimal requirement: `kubeconfig` + | Key | Type | Default | Description | |-----|------|---------|-------------| | celeryWorkers.replicas | int | `2` | | @@ -65,7 +80,7 @@ kubectl create secret tls prod-ingress --cert fullchain.pem --key privkey.pem | chartcontroller.enabled | bool | `false` | | | chartcontroller.image.pullPolicy | string | `"Always"` | | | chartcontroller.image.repository | string | `"registry./chart-controller:develop"` | | -| cluster_config | string | `""` | Config file for your cluster. Should allow admin access for your namespace. | +| kubeconfig | string | `""` | Encoded (base64) kubernetes config | | docker-registry.enabled | bool | `false` | | | docker-registry.ingress.enabled | bool | `true` | | | docker-registry.ingress.hosts[0] | string | `"registry."` | | From 524c764a6c9aa2c5c25e43baee00f64c29dc7cbe Mon Sep 17 00:00:00 2001 From: Fredrik Wrede Date: Wed, 6 Jul 2022 17:21:02 +0200 Subject: [PATCH 19/23] remove loki-stack --- scaleout/stackn/charts/loki-stack-2.3.1.tgz | Bin 98382 -> 0 bytes scaleout/stackn/requirements.yaml | 5 ----- scaleout/stackn/values.yaml | 3 --- 3 files changed, 8 deletions(-) delete mode 100644 scaleout/stackn/charts/loki-stack-2.3.1.tgz diff --git a/scaleout/stackn/charts/loki-stack-2.3.1.tgz b/scaleout/stackn/charts/loki-stack-2.3.1.tgz deleted file mode 100644 index 264d6200a4987beb07d9865e236a41c6ade9ef74..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 98382 zcmaf)RZtyI6y|Yv3-0dj65QP{1b26bi(8Q3?(TXaxLXMB4#6R~>)rf!t9EN2wsz)a z9;T+dx@-EJ^PS&E_8kES;=c>b0KsG`r@?M6r_8J5E5KvMrNeHa$zu!96yR0W(cx9r zb+9vavhdYXcNUSebZ~_D+v5-1XlthL1oyn-tZMiZTSuiH=xXGpvC{BTkfd-8Soh@_ zFqGjERt8@LX|``%I5|4>1G~1IKKiz%>ZX9_bz;EYrl#HwP{*V5*7obV&eM+CQ~sWf zQpAr;u)))G;1c}P7kU1QJ}g%H$=8$GFT28QzMXrJrr4v950+6SZ*E1wHe|9S#w6Z zkw%R0G3FHN6tz{YaD_YuyyR<@L9;o`+FcIJywrI8RO|iSR(ve@XW&Dz5#L$lmPxEF zEyonXmk)9&i&)!r+3JqmmK}L!uz;0AZZe0pG^x^?6_OF$Z zTXLrO?v3!)cCkuz9hzxkenIxtr*o>TxFT%*ZHgX6>U**UOf#orK&p0xP>1RX9H z8O0#~Dt8+SBR;*RRXxH9woS#OPTBkM>(>~j3M?X&~Gg3prF)&i$gBZI-VnE~N$%yjjctm^_phBplfOe}(` zC8_a~3b`Xv2%|mO6oc|^#Xm`AqN)E_C{XKE-V@2%42J(LaTe|I2m2i#Y&~w|P5wG& zNWTepQLn>+dJMjV6@WNJAW4fBdF&yVCKx8|Q)wSPH)}gfS$-!Tn|jz< ziOd#IBs@Q0w!N%VpvXO7NI;B30WEIwNcLm>$-Xn72eX3hzEaX@ddVm-lY*#8zc1ey zIzAYSY)rLO_4zt7WmkG=U*pIWww(pRw;g`^HEb*m!cN;B*RD(;bKK0$>tMwYl4_+% zjsIF9Ms}U{nZE`Rdl4aKvBMI_>PwhuXMPzXV8?L|HckNNd>AL&=9|e&9dEr2<%P)w zr9Lf;QN92jTUf!)!aJLOn_x0Z5|wB?&k(p-7-Vj0YDvTiO6@njwDo{iyAga)M_*S5T;DkwrPL-mRY8f@lBrnzp1 zyTPSX81Ao6R8K1Bx|a>n6fBNaJ`{i;gYCoI5=_mgM(4p8`7kp?2!+YPy8oWydH+LP z4HLmVR70>#<4#tf2ug%t8iJ%@horKZn}{kY#fJyUOEx+s)x`ALYFM<0qvEbo>X=&@ zSBxdxvI5Bm`oeQnd!!n_oGMD~ZH{6oy`#BbLr+zDZJv)k^mFo%ZaHj$Lb4s}!d~h0 z7uvGIWjy3>fvE!oP%rLYd$G2?@{>QdM%URD5~81b4PLxDM3ryE3(s(|VwsQJ{P{6H zQd>Q7QliU8yLx01GTpEC&yolLU7bNKBcHR?DbxBgduK?hwc8|mn_|;fQ2paAET9<; zx0t+m;oLEhFEOq;3NEzIE3&7$i2Ob7dV^dXQK6bQeu^_)3Da4|tm;!sLp|K+9G9G1 zmt3wgl!0hL&lHNbHN4k%kZNI~t47D8XLd8Tw;6&t)=v?cK+3(U%N-Hlv1WY=2+ev^ z#`g}eO9cz7zl$yoARqK?FK@m$+q(yTsDJuLYnih?T3Bg;l2j38SfW_j!q)5N7^ad% z=M|RP`OyQ)N_%-Tus^#HOF`FONTAVKz?=oW|c7H%-{Pv-H}+yc6xjtd>7F6 zrtqK+oqX#owNwE5dFcfF2{9Ofpe$f6tcv4uyY-W5LH;bW%J)*&nphn+wl^eH)D5*% zE>;$LguFEKrdrpaf;--Krcn)}uR1cRD=l9Vkvm*@VhPkeEsO|QRDYUggD+3#j0|Xw zEu_SPR)H-jfZqiLrXPH_K>6@Rg-o>%g3-q23jV$=r^b`_KJ`AZ@p)aHv*;~2O0FO# z1$yf}4Ie~O8Y+Z^?T@+o`J_VOV=dQ$HZeVm@m(H*Y`Yt5`E)S!d8z1MbUj5kF1We| z_Iz5Jw%mE&_U{Awtj&AMNaHDb(ql{Ey`*S+i-p{2hNr+pz{Voy7w>=@4H;9orB%tf zaK>9-Oo2~WPRuyErx3A1{4-OqqMcv+z#$T$I+S^?9&xNc$Qfb|QxJLrY^kr7(w4w6 zSVxx(QVMcTUSGno(v!X#EA<0Et1!XI zer(CU+=B|_B*Vn0TWBvZ#!ngI3fD|y@Vf@*XcN5GFSA@q`3fmH;VI*wJ8E?;(n}<) z7G}&?d>kjNR!TuKG-FRn|8MgjiB9c17hXC#Ov+UuJ?}>`q5P7j(Jwz8NI<VT2#@@g!o@;)Q0IS8$RxR+yDCh|Vq>+uO?LWMVakqSU z^Y8v;r$+VT8eG`(1Rq8JP5?5p%Qso z6^GEsLBRD=lMs{0+FgI`vbz5sV@iShKGr@s_4qN>{5f}4qT2ZTb)4*iYjNIQBTc0G zcRj(%&BwIe$MypocayQ-Lho2>>U&1Z0jpoI^zpx=^db9w<-$pL8!RgK?^k=&(@1)E zN#{U3UyXLFLzJ&b%JiU(%WHcj=ZPo|c3(D@KkJHDV{*f)DM}kvJ**TNsQ24jozt~Pm@cvQX=VT$b$O-#QowRF*$tW%Ykt)X78BpkT|Aegdsa%@@n zd+qPixzh18Z_{zJaI_&poHJ=F&fZAzb+>*qE@69{fd6F_gL};^Z6@wy~oOM0P0}+3^Jo^>H*JR3`Ul zhx^Qk>-1FSt8%m0br4jDf)#F|pMg9QS1lfqdT>0ra`be>3>3^r#Vhc1@X4-Nt#eGg zdCe#vuV)Z6so%*7HP=FbJkR3X?w!H~q2t1&2$b0vn{$W!Zz9pt;aI{#Knk7xI`Bu{ z#fr0cv8~%qAoD!fvz^!O9Ozi{_U`&2CS^Ai|J4U#87P+G5!)X`jwHc&-aTXz)Z5Z@G#2b=In^pB*om))Z@a zi17LzBiE|x7U|W3i5xm$g3+SXm@I^cxY_MS9AIwu}E*F zYT$a6g&?lixU&51KM~(YAjf;j+z&5g=cZrao$iH=@Xdq?yIU_O7^G(nw^+Cha_m?h zn$`Bve{58$U?*QV-5L!WRKth?R9Gzg`$jHow`g)2Xaeg*z86Hpwd$FiEfqeU0G}pD`6;%>d%A8OLec99&N9*ytmW=(E07p9q zEM1J_F#(oGb_JIfLMR;J*Dmsa6F6~~@!3o{c9nsNRIBl|My6(+HN3W5ni&i>&T--< zZp&i@LiW@hHgz8WiafKXjqZ<3?9&v~*Rj5B;41o#W8ap*>P8Ugu7@=1TOWmFA96Z_ z{+{JI_9mY!gq{s#mqQUU_i(6#Vg{TM7>eIBKQO)mK0^Pa|FJokt+R<>1pseU;aW z3}4BydP6L{qHqjhC9Z#89!TieeJBepX~>76t=jt0$!6PR#=WHSm|;*sCZr@r@; zXTDN}1^U}qej<<~3zqcoU*{VAxG9W66zvAthN%{Fy{1h6% z7nkzoJZEU?O9>CBQm6e+;L3*Fa)C2-iP6)`D?5HloC~x3ylfrl62SKNaq#kW575we zQ{2}^+H>OAySjQ3)cyhnk+xS_E@;1lMSCEa|A2Fdwgf)=dT+-6rNlgUKu5$PHUX^a zZ@_1r2%hv=KrB~V0N&gy+bS8rGQ%sX($hdpZA*2Hhq5x9@qf0fWg;3Bjr|v3FZy zJ!J7VO0Kb9+%Z&Y1-21O(XRI;xFYswg}>m9tsJ#1)~ban*Rjqj8;VN+xVvXnYZWOg z+hR--RYrf|whL(~jIRbK29W~cc}^b{RX0V-?3ckk|AuS)ENJjNe-bmuNxbSKqm3}d zZ=LhXZgz)!64cmf*mba4e0(*-nL`O-Xw5WHAx?sEq>l9oZLEA&M>-;5;pxz~yD#xb z`%;#TUN%CSdh|iZawu{N*pXMxPpQAjXVm)4vf#d~Un5 zdfRn*S{j&s{H!TZ4GIFf_{=u6;@MsKeq1egZcV0<+mz%bCYwt&bN$jUpAI-daj&K( zZG`FX5d5<0UE9Es)%-VDF0}<_8zf{7@#gSNm%LuV(4`*mjbcq72%DFzAO1OlbWN;* z00mr{&ft}nBMrpK`l}kv!V&ysVrX{k~5zSlMEF&^e*JQ_=zYv|+L=0oM-J;Yf zjXNB!wsz;JpSGh_c4sWNw2%qpbmHaZEsGL7JcMT&ZBkMGG*GAhIg=@ccu1{d#x1Dp zejtUQtaqHN0OgHulAla5iaofr)3KfqA(b0f^&_Ahc`uWTB3L0lE$gc)PL4Qv-4OOW zv$&E9f~?m=gG>lO!LArru55tNqL1n}_eL{2zD|-etWan0kLF;YJ}h;Fif1@Dx`|{-pNs50iLbCkT8{}r`X%&)&pA0AEFsZfVb+oLg9o4X#9r1Ur<*>6E zb}yh&>SyIqL2KcUpEK)!1c^M&}Q`>pjb4ZC; zH+mK06r35f`|}9VGf(JJ+L-3jY`W9bMv2bfQ{-yjqeW+*{~iQ87VUKxI9oX0Z-hfM zg`{AxFnmX3nukG5P8ejEzRo0PjJRVB-q*XyvyN^_4c@{TlxWN}lgApDlFX*zCXx-Q z&&N+$cKo(*Tg+<+$5=d871)N2zhP)1D4^ITvS5@};e$Q0fS`I)z&v!kivubVyr7~S zoc9>Wk{U?(`X^Kqkur>$j0Wp9L0#$uKC}byQxl0VN3Ym+;uUtzi<)23BYR(uGChsB zzc&MlihJ5^a6uoZHDo3LBUrPxp?NF4x+AhUUji#!IvmYfAl@~5T1_UEKlnwd3Ee1| z3$0#nHs#VT4V2ld_Io~c7>gIsfbQaktoC!lvR)N7fk?b#sb<+&$hFF$f@o{1DX3 zJyuc?2Il6zt7Dj2HuJN+RxX`;RjkAKD3k*}{ypx57Gsc_E-KF88ZV55@%ojqNZN5H z>YdsRE7ei5WiCqm__}z~4eRL3?J%NC6|S`s;iSbPc|Dg*UVWHoR|5$Cs%63Sbxgf( zr5smMMS3U}kz?jn?jvkQy5Ns(-_D(eaoTBaFGiBS_U_pj0jb`;eHbA=y~0xZn9S(3 zgq}O(FOW~|D5?ZGf@p>fjMAFv=S4V zG2B9c(483j8X8w_u!1|R<4ykX5)%8Wtb>;xRD3R6c2eOKtiwmBVQP^L*seeT=VZ&b6BPevPfuIO^8LaWXldHPq z`@p*r^8KLi*kG#@Tv4}O^05+Dx=v`bNVhEVc|(yvWjKzwf3Ny+dwLH`Y%${}N!jF1 zRW@N&P-c-tRmHTzAiTqS|Ai6C!HsPeAT#Rl!V0%r*3~Y^#x}$`_BsvntoNpJ3HhYY zr2d|V7yHG&>m>Tr3J)bU}Ps++{?11=@LUY7M6Jx($TErkoi}jhKQ3U4K zE&c%g-7P=gvCDTJgu|Nv+V`x#U4b69NB3WWKkmPtgW;8VpT^)MB%^`oUi}(SPh|*G z?$cd&ijx-gSsh<-hW_cdAq=+o)!Z(~?CJMMued_8pUywh_rV2AVCyGe?``mL$;a_f z>1$JqS$kQ!HGZVG$5Q|-H1Aa=7!SoT(P%Gu-$7}XPar+T`h>__d8k%HBz*smr zDcXs!sH%AbHOEYmB}G&)S@EuME(UqWChla58uamcRoBoUR`3LVqX&z~RkJzg9vAN~ z|7>~dIwS-eFgt0_8mw1XJfZ}aXsd1yF7Go>N{Z{vojHH&E>hoL+Yn5{ejF5VSuS@L zhS?^LP)uy{(nLuEQPdyf)C1&nTZ8d`*yDlR>!CA-td=;dJd%2;t?XA>S_D-e>OP{Y zpm_(E6=oUn^GczUuK&b9an1?4^ljODD_P6K3pCJDi{g&p6oQQ?FM!1aivcNyNhr~7FVE+`1I~ZPie!Gbr3FiOTD^q{r9!~OVa#vmi)g6wlJ*) zL0yry5zUO3Iux7v7SB$7MpQ5;`CGMt>zeO3m1aEu5Y_v@sPkCc{yiEAbz+<&uzRGn zoPg6zRiF;{8_9{A%HBukY$W? z2Yg{ND5J(+u3n|b2r4xk->J-fudOkRfS-A=^6W`%Co3D!)n{RrhWxp5oe@#LCl-BO z*QXVK`*dsJjoY5bC)yH)Jd|;EDG6!(ntjBgC`abm-udln!*QA;9@<6bQSVRk7J<7v z8KL9Dk@|P%lmu2bAw@{{v}~H%d*}AYmF4G8k(G=Jp28V+)l;>Nj*L+XMU_tyRd@(0yw}n>sd4e$d=@!F|mCO_gdnGVU$4yh8 z-O{^anFiw(shLeqb58zSAYb}~uXzwrkcN5%$>rfbDfIt_YeSKZF&->Y~{m+>3L@d0F;_lv7%z@!Q=W<=&#IeJ*b5{Mw|1G z0HIyL!&Oqy5($q*ksUGZTW2|?{IpnO)e60s4r97X2aiYHk5)!8Z$_~tCEeWfG-LY) z&!ag2gBoS)N}a;bC0UNUDJ@0At%NUh4!wwXH`VLYh#g{<{#V8Y{82unKv)8T{4n1v zxs9pJxA=~LkM3zwBE`F>4wbF9G5=GHZFa^iJ;!8EMU1DT>uhbvf*Sk1Gd-)LG(*%T z!t2OK<+tQt|ctgEJ?kQyQH@q#<(L??0~BQ_D8ZKG-^8L>0mMt+PD z7w5~83GPrU%@~=7ujb2+TAfRnMl@+g4}*(UCL&Xfx>b)yt-g!y4}>x+^f|0B)f#^C z@=XGy{n~?jJYn4uP7XGGw-2$)>nC~sIB+U6pf^QBxpXzm7Op{SF!mmoOv)_?B@JN0 zUoq%>8tg;LHa#=*;a#*JN?R(~ybe7#eRm@L&>?%`O`?3j?MUd`GAxuBW<~Kt7+}Z( zPM>@NP^{wECu64LNYzN#q!=zRFK|z88UuPhmnzCGfz@ntP63Fm*PrdW?O-DV|2Xh9 z`zi0E*ri{k6{Xvk{rqxzN%!?WCNi^EK1Ni*{`g3ujJ~0%MUhQNx)wtk0c;}n{KNXRB zjp&sAEK@cp4}XwSdSOA9_xefo-@E?b;XOZIje)%#`cL5Q4$#X97%Z;Qb)UT_3xuM| zDo{Mm*CLP85X>KUFa8ASGO*&I`cUpkN9qk=aydzaQLQ}Nt4Z2iyx+{Z;=l}ueTtyW z4eULBQYh##>&N9rd3!v6;{FmpiSQ@ChAN}>{i%_RVj3MBifl_ISj7Hr)c*YX(Um6I zdgu3qLGsz{AB^T@L~_{+d_uYC72@Aq3yOdA9{fPRawv$pnv3dL*@zOFmB0u;vDtAC z4|*@Xc#}5P-tqp1QnOEI^p)xP5mEy2R5jwm0Ep?Mq&7;e9*=jXi_o`w&SZ@2@m~6E z4oN(QtR4Jxlk$iFZbDM^PYAL)M#7G$d{#=qK0ntI`drYTE||pr7g#4s5hqbvyq=Ft zaIE z&{8`FV^pXdto&&s&2N3EOZ4in`KLsX0g;PhNnjkJhiK6a3=PUV(kVvlZnzTmcY-D- zT92uN>MWOGADe8%qAYgPEEHv?BHIzHm)DxfFa zfTl<3>f+5D$Lr@I;GYfwr3^L~Ig{Ditr9!k>H90a0}BZg$d$Q}|MOP_t(MR_57xh~ z7S@86ROgP{64B!ce~Cn2yg8!NC$qLJQtyRSUsgM7ief!ue~gb9zLw+$=D9(~8pZ8b z9=l+UEq%)n+lhL%i!$iF079g}83fs)Z_?$(JvnW|VzZK-O3Vn4-158k#50RO%IN5dN%VD_E1J-SN?Gk_aM95uGx^dJyW2G$q8KIn(yUY#GB@}it98M3!Inu{np2VUyOEy)>ik^kcc};K*Yc8aWjFTU7F@@INMG>wMBcWvt(F;A>XqBUx zT1Y;Dx}G26MhiECB2cVV?aD=jq~#L4HZ0pJSQAi>8=P_(j7H#}>k zDN!vL*8^W}c!EU?SQjIA3>`No9i=EK`KFWTfZ+vUnnpG)Z={yIF@8zOVtgem6Gt^s z%3KQ$^>78NT^1O;a7MEU4aXAARj;Y#Zx1b2nWoaTD51!$Q3Cl`^8D3h$oHKd3&!AQ zZCcnSBf}M3B-TNu1)hT5`Bt3aF9WcIdL>5##LL9WmC~LTlMJ`-f(x*O0iCtz=Jh`a zTblf`nEXS2Ga=$PbF7845m72O>txZo zVM9a;+O)1Gx|_RkGq2yaM*oGkjW1h}uT)Ha^R4wXWM3-8DLi3b^-Zz@ncD`GPS%pH zYsX@faW5M$dYX~bW}v#}I2MrNTfeT3HXHccJ>09T$;lHA)a=^vJm}bSarTE`T$qIa zc+#7w#Tl2gk%c>Mt(}JJYX}Fjd@au1q1>C-zo|d*n18-T+LIf3{eIw*S{rmzmxe>- zwSqog@!K6k)rXnM8)HVOQjD20uNN>T`ibX|;PN@iIDMPj!!kZS>ZpIJf$ozd;wcvi zuu z4fy0RXql{uLN%{n8~5j&*em^meN(BU5pUR+{H`z$OZYs%lRfs0q{UZOv;J6D8x?+k zyHVLxjS&AV{{_>jf1+2guro{NVXwcofGZ%MgKeVy;ymVsYqY4L_m<7+$MF6P%B`fY68`87;>&l=9}_xf+gpxK9(Qdao0O<~n4D*(T;z0*UV3E-1i z-`9le+Q5YoXU`~9{>bQWA=OW3NJsSUjVRn2SSY&WOm;Tj=TJoayDavWZl!sfP60KR zR0^K?u!cIt-dIzSJK1@Lf25IA))u{#aEVIE?2xs%-HA6%6pCq(Z-%Z?E z+E{15p8u_9DIMLU4l9BaP^t-hNF(3pOB;m4ojAKIJv?LwQvf}GFFpLtcoTe(oNPF* z7Q!%otUVq2C1K1!)isxC@7xSm9&wg=Jh`T*1nj02O~Nt@`1lo8dg!~F>yA*t#b4`7 zB32D!C?G1BFe`L~$AarJgqD(+1J$a8Oo2Pok`yeH`rUtI^!B{Nj$?Ph>(1!#7tk|j z>Gtj~{&g-|V>MT!!^^mKV=JnEme98#tC4;l+ZT?v8SR)(&;VHd0l-MD9`_vnC z)huXf1k)}wH6eVc8O?TTe0p}LiTovOcZT z?IajZMAxHR#la&~Ptd;=_hx2BSxl!j0o?ttS{gZ?w<14D4TV+qwC4=*OR@{4kyAp- zqNlj!ins0QS`_wk%7RNAkwU$d2-E*C*C)_w53#$zYKhmU@xMngkeg^uG-;zIL$*kiMp z$CT5E&fqh?NZj?0hVZ(a zd@U!(Oq+z%)Atn)T~N39*^n))z5p>y{5>X3DN-t=&~8SdrWaGQSRiv1lj1t_K5QTe z1RYJRoGdE%Fp6O1jw(qk<;PGHGf0dddF%y+e_I7mvpe&U^h3X|6_gJQ4;evGqKZ+S zRCl_%fQq8w7gseoYNF>Oskjff(kUUwM}b2p{Qj1$w~vHl4|9yNnkUcTogv%@NP63R{zmsy71mC`8uG%&i;0n^^fb6w&n?-`!J6_p&kq zJ;BmQq)>-CRCEyqbiG8;3UzlmW=bLD7R#848@qdO^ycMO&V+rLBmXSl)ZyOwDg{9|5bN zMZ~l0F`8gL%|adsl5acjNU%wHZ40R3M$6Q3H*aGr5>b8eoIAu z|B2_@02rDr`Qh9+bP$6zY;e|4v2XLtOWmg6rNlWuGhG)ILcFm5Oo-=34>3;M=$fNR znT}f86hYtUqrs~u(D9V^9NdOx`VW8GejSww{CFbW2a74$ZFpzOsMGWR3J(ijI_-TeI0hqX6~HV ze%W+nc5>>uV!Et32bD!5lC zRH%sH%Xx;QH^z2%Eb}#vi=1UhwkRD{r-6ts2HoScNq=mjt&-!Wc+mI{ghT~-e=bYv zWL4LdAW8KHIM=mSbMy4AhShxSLJy3%kOHl$f7nn|sptXS*Us(b`1Zg{Yk=NF>GyvP zo_{KISJTaZnxuws0~tB>J~6A&{Z>L(;Qf1;CbkfR6w_tB6%9iFrcz+XFYWGn*mjjc z9$jzcZNn1)E0P}!i*#FY`=vKhT}E^rJp_` zTK+%=S#6mR9R!`?2DG=LfUPAqCkXxy-hr*Q!2aIm`*Yy^u+ldX@X*csv^AKWTjp;* z##1H6v#{;j1MrJ=Bk~M*tK*@sZ7J|SK6m}(V_-me`m^_gy8Ai*Y3GS=9)g{sH`cum zcpUU_Xfrt7lDa3wz1;!~+6pnlDbRK<6s$Z&>Ai<~{a#`D0(PAF1h<91x2yjX`bbX4bzmEno1He6Xo$o8>jw0J&VL8qsuP-lH zb96$-oegBEHwfO_4rIiaz5igcZQw)8qYla>0)2U+o&BA2*N@L)+pGuYiyo&M7(gv} zt-1j`wO#UgEI$8n2FxY7Ex|frOLl7gbgqH{l!Dh*1B{Hp=jVxU;IL9&K^J>3TN<^y z@7CDp^i)k!$*|f}GuSiAqc?LmXV$Y{^f?24SdzG+oz!q6BI29pRuY*jh8ZM2Baf&O zbOUrmew>#%eRcC5N_r9fTrQ{P`vY#*f?`PpxAC4ok{Qg9J&2(v2Pnq^*m!gv*X|h@ zi70dF*Hj)~-*XWbwzGZJ z7fEPLcxtTPIrrLEhGmoV{?yH94FLwkN=)6quCn zL!mR#@lQA$&O)j(TTl2N|G^jYAJOax`!SyHI@5oG^j6%g4@1iRdXl4hwcWQZpuV{~ z|HePUnUBHxjzke2DX4z^vQ~KQMW$ARxT#Y(HAv`??Vw4z@Oq@l)zxX}O7Hf!+Gv@x zx|!KJd4!pVQ&|no=zdPUCdRZqL79PKe%u|;qZr0}w5qgJP#m?||AV=v#15HBFv7?{ zU8P)nR|s^M7K(~1p$!=vDtLvLzOc}Q(8ko7%rwQ-s8LNzG5mc5JNOmo%xCUad) zflR4>m?7(7YuI?JD{oKJ_J4TZF-W`; zBc?#zM-8Rh#IA zin1;|nyCA8!2GMlwXhAF?zu7Yn!8Yi{Izp4YJ? zF)o4zO{et_(j<_6wXCde#qgY7m|XXdn-m3H4RFjJkPKs+ed*HGxVqx6$jfc9rDN;Q z(<0*4>Zu!?(a_TX!ZxL74R}G;d9G;bCR^~QbTz!$lr3oxU8ujz*o=Vhf zZf()sA=ZPkl26e`PEhlzFAZ{>fofT~N^1l!5x;XGE?^;+2qfG>al-~8EXrnj_;%@w z6Z`Lap%&haUhaj6dL7af+hEP80)oEB56G;=;IifxBx6rCZaUv>abLlp<{k$=Bu+L$ zMqQAFuq9bDHxa0W@{&xE;Od$61~>C^Vc0O=D>~3qsv+P7E-qgt^hbtpq z^k1j`_BgO({DogRip@V6jjHO=+TH_fYys9vvD>~Ytb5_)4GhphL8wLF53*a#=>#v! z!QP^srslpEOL57I(=)p}-YmDvA8(i*ZvY?qK03e`8=vj)CmUjW(Q`87Q@tzsF4;23 zJ9)aI*&Wel%T0xZ`7vw?=GPH+fj~R8zx?+p2*}3!YP)0d#VTl2cLbw2dVJpk?@u`q zgjWE9B_0{JBE0wNBSiKXHeJwqI0D#OoTBGcU1aI^#C8Kv&+&i*pW4SUqeavk?zMF_ zrGA0YQ!26bL_$fTo*B>ry=9O9+f9elyhgkMYdJq% z$;<)2Y)TNK@y^tqM_U8(hlCaUu7|c>Hbst4O}$I3wj>EI3d<~Q6Tp0Y9S(Yulr`OioAqD8=yJE($FA`YYI5o7{4BY zKr7Z;k_)8O>^=b?d*G^D`C_$Jxdjq((aJ?{StEbHe$flzF>F9KZz^i_Zf~FlZ7x)~COdb1355nKc9O4E+Fptx&L2)O*(a+HM8OqK2so&LNaq*7val zrv&`1uV5ox;p!Ez#OeB7K@7Fx|M5VypPDCqT9*WU8l2ZZ`6V9rMalJH)rV6eC>RS8 zXq&af9|+`9>?3NVVGa91Mk-HaONEzRN#37gSHrL@b!22{cOf1J)!hBV0ecexJRvmA zAvy;18Z4FN%J-T*cTy(9uD-T)EOFvKr%KPi2v^3TjQvzdIaxYBRpUrZsPFvS!P|NU z1ubB}xkxYA|Hu8Q<}rg{$yuW^HL>?0GacK~1pL_lWq|O+sIsGGC5fYDKa}uS$us!n zM-XMn;In!hu`C%M63>>3kuqXqPx4v15N5_*Os3AnOhly*1+?ckKJBMmeJIKtM@eh) zbIl(@DBk5OHi){_cqo#gn*A~S69Wd3w=PoDWseYMFxO^nEAr|;cY~eI>+4nsV~tO_ zpjW-jz~%Uvf(O-dStwcdkL6If^F~$P@OvzJ){e3f6cT~jWpkY_PF*}bq=zbcgIBo7 zIbg^8Uq2VYxDy>l135%{nx|2Sqg*SuaKKLNwZU99sQj%5vFF=^cLZ7wV&pgjtsMd@ z6@DrvsQ$3jXiSz`@HMzo0%;`fG8KeSeH#YVZRYUFq`Cu$zpLf-q zv;mkoO~VEi12@2@DO7EAlX93fx*%l9ss*LGsPvZ-&_AgSYqTh;?zhbsg(3Z)+Odq; z-W3B%Ynh|59)Km+DXNXJ>$J+cFWKgZx_A&MO9p^((`?19ys6fEPpPsTFsVa%u1lj` zT3lI$mP|xxRdkRwx4&e>d;G5nCYsg^Wgv9vqxP~Sttw|kb$FknerIvJ|B2QNy;m_a=s%@i<0m82v6*PxnewJ`* zVs0v#L4uK=}U1cOAB(kv$K zjFHz1!E>q4cFpqm{wDQP@%^7;V!iXM5QCxx45iOnX?8%NJGP~|?1|adAMV1qcUWUQ z7{0R@(aQO_?o_iLGiyK%$)-^kF)HwZ$SnJMQn@53-PjraXY9`Ssfg7A1MDzc(>b6`yz=d>RFNa+fre8m{j8k%=C1l@c&-Kkggy($p%AySsb*Hlj z5T0>nq*^uMs5q?gd8fkOeM~Eo30vPJ@f6+4$L=v~^*^1VUAIQ@U6MX_)~!B1WSv`{ zoc)j$^g&j!iO2tyc=t0KoM4+)JnNti>GUYl-+Qk zcV|j=hA#Xta8JYJSQE#}_Lis8BUfa4wQ|?P`gyuzHN#|DQht_y$lcl9eO3d2%=pCS ztMKYx>L-PfQ=MY&U*~w;$P3+t&A)(dI7%LeVTJ@#=(L8PPZ%E)GB3 z!#AAta{ZAJ#mms_TL!S94u1TjIF$N`zS=iq6c8;Kn(B(awGF z$7cMM7{umK+a5n66j`D97?&&FVpw;Q^EIRP&rs2ZV!#D=mdKk7y!%yOEw5pbB)zSY zoRTj(bD|8B*au17=6d{`50!3%BR8Ds55~$ioj>Ek`3*trOT8bu&llY9yaKIOf9Beq z&k$zGr>W+GFRzcG19?7gk$}A-XSHh9^1mr&`p|AyRt<7Xkg3;5=`^N4jUm0$2&S-- zKjR*=VLX6nynu2_-jpS`6gJ_DotGWj|IVAAV8VJ?3pGrOie1u-! zB}u=nZ9}D;E3`4H1_976f}F@KrL*Bcb;AksqOp~)K{f$-UR;~Z94}s+1E5TjGXEwG zHp`05oZT-gNQ3U-B~_Wj6~&o^o(4M^>;=K*vO8V@VMc+2K+`=xfWcxrgssb$jcv z$Vg6&X755xzF7^r<&O;J_w1ic1=Y@`)z&$qygo_a7QSkKXfp7(8wL2(P<6PC+%IP% zEl-cU3fvJRZ4RG#FMUq~3ZAN~mj0GB-@U}GG-TtGbZ&rloM4jC^xaz-=dYcs&~41h z_(@l`!efri!>8_RJalw2CEqN0@GpS)1xbDvMFxc65m*w+EoBiXl9y2 zwe87E_c!#Bw^Tk?5a6+f)BDLto9ofbID_CH%sB#&T`&EiBu`fNw`TLgp$*DZ^QR$?Q;@L@~TVcS~iQ%;l8N+P++e{Xt%4EB)PcS`>g>DWh3 zb7tvVblXn1Z>vaE8O;m$0tKiHumP{sY=Axax)LAz(39)i!3OKURj*)7Bp>;f@U{cL z>vb>j5}-;70w~C6CKjcl)AnN{8d=mbX6ff>;cxW*i~`w{>bLP zt|;^Eg8BH~d2Kns4R1ibbJ15|P^QP#`wk#l%n4f80XiS@k#lr@S?R6qaV`JiB`y8f zyGaOW@d-R_r3UjYkf|W3Xt)hQkR!il8Vfil<0>EhcSa!o5yK* z*`J+5u}s$1^ZE~00iG-IATnpf-dm50PcmgW!Lt3ho1Dn^hSG>z@cOdhd%?E( zdjY(>V{23ywJ@}7m|y+eOSpxN-YibB*CD^?h&g3(VLZ9iPkJ{s!2fn%St+#KaE+uk zm0H8-6=o#1P}`Km#et$u=>+JgUX!TTpRadxsqRG;tucD3SICQUU82XaVdu`nQlKaJ z5!X*}b5!&rg91H+v3^No#8>_8?<0ICC;Xfcx^9@tj1xK|d(+Id%xf;9NKpMw9IzAn z|1)3VZ@^$GBV7Iu0B=B$zvyzD{T@VTB8JEpUwT%TPuH&hTgLmZr|Z}M+WJ8>>HDMjh- z9kC2ybX2}vK7L}HwpSv7tXfT}31kn^ntmqfR2LWh4#aVf#AMYnC^W?x9upoxkdvQ? zMEfLXXg3?NAQ%h=G0Ox?NdRH*x%z~Y#CjW;3q)wb^ik%=i}&j4_fr7`=|4Fj1Rc3= zb0F%VDe4FObD|1$Rw4F^ai)(F78hV62X}ubFoa!=cRT!7dSbpuyCXDX1xi@9BGCk& z5j0Sk8Q6&;2?95p>FgO|91RX>niB4RrkQGi`>w4Gx}SlOoksTuzf9k2I{L}b#;cSSNlDax@X?&Jq==>H#H!3HDg>#M+C7uY zScHWL&xw$|$U>44`K<1CI)vw4ReFJTb#eH4Q5muoN9O&#l^siIt;>j98Qu-rl9I(`yGol*i@MNi<{e|W2JRnNq&P+7KIL8a%i z%INoAN?wp>IcHOeY3g#d4Y)xu6*@RUEwo^{DAfQP_)cZH>(~jF7iHwUj83SzpbZ15 z_wfB6wqFIo4>QYOo}qzfpfo`0EJ9#~s{us%bfTe$y7r`^_B&s2$r2aZ4?JGekuL6P zmpi0o-iAw>ZA;B3J|!r|9Q@w{Kz5(DX6SW~_&OFcXDQKP*Gh;YwB(V zlo&Vvl^wZ!>0KvEQ==?gE>F9?Xpc7n*%je$Dr}mwi~yd5U@--%a9fN`BjLcpCcwgzl#v!<-NN^EenXdVCe`$$M zE`p0D=41z{NChVeC&JCY=F+-wbT613%mq*$%we($q}uhXKms@WOb}`y*L&UW;JPAp zAhj4W@PHKB)7a+%^8yXj4!#_aN(`!_8Guwxpdl7CR$JNx!cE&?95{{@CENx2izSLU zAgypVSOlbVH21JTdPYctYW*6g1oD&&xGc#c^aOTfD$o?uES>3yHz1JnGlI;m$m${> z2W#E6#WY!SA~z`OD@;1yayICWW#X{4ib+Ltu>|Vofm~U+4#X;u&U2l&x~ZnUb4-K^+ zN2>-99aO`aB#WlF4rF(2qdP!Pdfi{>4-Hj)Agz-*Z@OzVsX)_y=$<5GSd5?1Y{Z_O zW1c-DoHM?93#N2|2C9K&X|i;kH?Z{;O{#3918Xa^!8yudl#^I3^e4XymUT|a>;$BZ z8z52vsVXlEWZg;U;KIZn_hhs^mgum%#du8AkrCybgj&a!7@w;V0&Up)(TK(rr|4<{ zsG?KS0+2eCKp5bxz-ebh)sf0m47STZL+}3iHdDAH2H%fHH%FlHlX@KniE*W>B}x~+ z7>HL& z6Q6pBB$VN8uyJa-$AWF^%p8?g~DXBg1)9-Bf(lgv> zT~>BQAIK*Er2}+y`MDIN`Z#<|kvclx;@sO~-r_t5 z#k4~x%(Z3PX3^f|>~~|~O#AyBc!PXRz*~+w9o({$(aAkjF}U1FUqgFx$*sb2B|9obLEN_OKd^Y1ATi;sDSQf~6FN*%Ty8McS zb+TyW#_}e{-Lu{X$co3t26zF;x{J7~hN4RRr-W9lc|6j}t*M*#s>B>AP;L?BzayN2-+B z3XhNcD#v$P=F2V|=a_SDx=Wkcs-hxUUR=0GAh(;i&~-riR`RRl@ z(YS#0N8Sp2pQ~AC{P+nof32cw6He}^-4-?jxx|Sk2z+AeH-(R(Oxr5OEQ?7lZQw6+ zr`A!kBtx7fVcAe8sPg;Uw5tg{%vlnuwmNN~Qqy8k%8vKawrvf@fip=%n-e%vU#=q| z8OLMNF||6uk)2Dg0b_R*vuQ^^mhoNzgtq(_vlyMX|Fq(j4jg}5pI?4jWdHqqbK}we z^9!ZgyH1?v?&tGpE$RhHdCA<@sxE@TEL<{{0%!W8Abh5BaF(DmDhiy^KcNJjLZEv} zwCRJn?}>s5vv1XX>#K~&fX1pD`-S6kW42ca!qqN8G6^fm5~=;K-rPEQF-&RPq0@0E zWn*?CInG3mImzV7Mz{Mh%Cm8xR3+)h*DW+*3{fV=Qpk(sT zvHGpLc8}QXr?N0li};k1f5u9-F`&(S2P150aF)4}K{? zMscn*OTTn})(1hh^L(368F$&vQq^;K3YxNgmXdvNXorrD1BBYB8VpM?qlZOj{(DG-><8`I>qylgBBvt4Q~W2(@VR~h%UMc7%(FgH|KM}c zr+C`$_tw@oHn*O?_^#XS_Enh<#nTW9t1iL`;Uow+0egDUM?ElSIv@lM6tjwDipa-2 z#WYjLf`kfQ07D)Y$(YDUL)VNWW$FEtx#nqqgG2XDK7+tuiXk16KJFNxz@6zGYC~eM>D_- z=Xi$LXfB9Hq-)tY9oA-4>*_tzRijpStkBe34wv4lV@c?a!W}h~5FiS34vLqMlQ9*N z&pOaP@U^@ea-_4%jW(XI*$m?lPv?yMpFyCv0vqeb#0)8S z0uy_Ia4A9;5yv3K5BEW2?4%qa(vB%2ilHu`TA(Av6^V#qE>RmjVTN*6P2n=2!xbG` zU)2V;2Kb$6E@!VPzXJB0vooq>HkysYj43Dx7Yl~qSL&3NVC`?i;TK`FHy8CrGPRiq zMB%~%(%7oqf$3;PUXaK z9asOAbuCs_Mh9RBPD)^AIkA?^&RS1f<55}N0GfH0I*5hif+ocJgwf31{3y3m2TfqN zwHL5;dEUs(KBuVL&)(?0=%GWv8W`)Dmr*%qA7{w20L>(8PAfE_q~+}DuJzm+2!o)i zW$SBRy*o1I2Ds+F1ijjSji_+EUWq6Gj8)`06%Mp>Gp&zdzFFtOZ3z!wC49=y(?f1LKT{gHSaP^4Tyga z{MZ3UD;e4;nZ+r?rvY#)*Rt$5;8FzoP$9ig^+y2 z(>x{SNg@#Lj+#lR1(cL?lABj^+C0cA>Z|Yjv~_PG$f!uQ+W;k6D8kgM){Phqu_&L! zfMf-IT(D2yUM2VKL4NC6RZh`sb8PVdw0vy?9Gimc6f9rnutM z@5&3;hWnyrM0t;uXDlJ1*0+O3za3N}d)Zy?&en>B1I7+6mLBQ@6 zgqvIwwA+CTR|dENQr^v|d{xHbv*2nyiaKW;m?MXi@fG8$ZfK%hR8xX8*q$ML3|tX| zjul=4kWAXA_j+GcV_0c9D9|BnLC6o$rlI%Mg0-*qhG4xwlt zyueAQf%(`FX^29QJrlxT>iy1U$0;S53~BPRmZR63%hk0)#>X%J@qYiOlXu&1cfPkD zK~owgY>H|2@~LZxu~SOw4T1k9^MdE4kzTqH{I9R%30tnnwe4hB@YI&;tv!d5y*>ye z?J^Xf<^LYi!gDe-`KTV84?0p){;P?g=09HsQHEx4s`oEEp$r%}W=x+hm6)%eNq7c7 zu#Hvc)bs*`)-J)+mr8qJqE#+34} zCi0wc0Z%_-VqOsM*&J!_YG0+8PQ}ecP1mjr-CbL|9eCZ9f@gjfH*d`5w$6(RYD6cs zHG_ElmL+AhpnZaq-#C@zeHN<*1pSjJmi!Zi*5)_!5zTN)|8y}p!`hCWpT%muNX=w5 zNcPCt(((uSNQI=?7;w~Ak_MHpChRx~d`Kn793Jn?ORV~E3$0gx^_iSvF}9*p?^F+v z!$Qo4OiMai-_VQJdr?ov7%h*F3pG4dAb8yx1kOHsU)JUKm!`p(P4fbjFlL)~TA1p_ z4`PDd`i;y`?&c<=x}QU4DF7^2Ny)|Ar71h(>WGr4jRB`Z%VLTc^fJVmqb;-A(Gx)k z8j_TquLhvc)2bNwQ=M|vfA`FLvpy1%vuteNpQ*l$TCv`&+LXc3gsKlT6Y1tbTsDQZ zQp(J!D)S4OnXW@aX0|Kui`RQw+vb)Ji#6erk0dS>^DHSJ4QFm&bTkP96d{RX$s_CQ z;0$z;Bs&9V8QPhQ8I?d!Dq_VDXMbX<{RgNc-Y{k34$XcivEAZCNHfWlI3Yr4xU*`Y zhIb8ApcXH(NK9G?3uIr=(9FWRBG79v`Ww+yFPI;N4YTG4AXBk-0I;uzFR+Mw3BrqB~(eRwF;V{nKEt|Uy+So=~cscqk=e7AuTRRKb-8o-g$Spd-$)D!}q`JygT`E_svcpb{CytFzRR?3834 zcsoDszJI3<>xL@KAT}dZWQy@A4xn(j^UHyI_hFAtdMmN|blA^S-K~0EPZi-c;SsRC z4%TjzR2x%#N{|3=Ld>m@8)ML$J(woUvmmf)ZPiT+EG>TIY}#t%kBU_ju7ungr^HFp zd`?(`y}LF$W0I-mL6VODxDx!UEW35|iS*<0S(~5#N)#s##3S_^4O1MZUoY#?%HArhE$;X^( z-JG*?c(Jw7?beEEg|SA@^+bE-*@|C5w3Q-;_I~w@&*x|lN?6s%{On9K*{OVN#C!GB zZxuMP`lYWgvGMbvpE(JTOU`j7J&%r9fCwqz5-%_XJ#Z5`<}{v!!(up0iPm4|I3ua~ zZr4GaviQ_|@qH?Jw<}m;Gy8QV4m@kL=A4X=>rbsKH`VQGLxK0xD$unq>R6N(b=Gk$}Q2F^kE4<@PLg@jK<+uLH#7*E@ zCVg;+cH)iws&#AZD%?@=&g<72Y8ZKapm_1XZSJr)rF7^FRmuvTe^?j*Ti@&TZ@%tX z@JcpdzBs@aa06GaMh7cq0#>}~+V!V$#M0#dXYb#;;>NMXVR-(oPoXiHA@mQ|gtflKFI5nd^x$4AP1(9^ZAn{O z`-+nxT3yXA5-Efc`$7cf+vjLElK8I_H=#Ml!g|P@;y63LD^R3_(@nFPQbcAkO@QS) zdVh8>L}$VhAZsiO8VkIKkltpJ98|`A=?-DWNG;90(Nl~QjsJB3LrW$iDTuhlH{INf zXM$6;Lln0~XV}%nGG2mHv?01RSb=9JyT6|Q{q+5jvd@Abp|-kwE{6uhy<*WWZ#`p) zH1SV8QwuzaaLU)thJKS^u{q3l*}0TEiNt5n8{0tCClN=yvEj|Iq$y^p32C7*cjPg= zv$c4e?r3MrY!{)?&X#n&P~v_eHy8Iu5zGc8j-gzq@4Ps-47wnhv@HV=USyTj7a5qC zb8}fWV~r^aqr|3yLZi`*1rmlR=vfVShIJ5(lL(DyI_+lri-Q0<6^WjqUfpnZ3RX>6 z2jmwEC|3ot^fJt??+hAE)6`KQFMe;d*f&nd%u8Gc1R~O^AB8SR6Ka3i0XNytg~~Q#q>{F zS(7%A=s2gT zeDNmqnn@Zf%+i!8jL>oc+rWfL6-p>g&-tkMZ!1Zse&+fkwEaEKB1%KH-ijEQ(%6&8 z)l<3xyrgv08p;lf`d4vOb5xu&GKtRTasCtYY0Rf;&TujW(AW80X-Jcasyt7p=lO}r zZ0tfhAyJP4#43%pY8vi_?P>zYeJ=0Xio3{H^oFh$RmSjlhe$DV>Fg zaDsE?g(MKVZ$97rt2$nacH}GN$u_;`5@-uRVqC>Tt?LOYu~^2MCtbH+l|tYljGZaPmxhF%$Sf)HcjIlCnB z`4vvc_@?l6M55q4hn`OP>26Be7FV4o2y@tm1|F%7&!bdr)XZ_s9#bDPXg?FI{gFFoSQYuEwYeS|iaqVP+uZH0940$OEvBy%q z*|s4%EKM$<7vGCkQ*Bq4(g_w};X!Ae1v4*S?AA?LnTV&J-R77W`LNnh=aO8LNkW3& zzdPt|^#4{c+G%naDjCk^EoY0iu$di9zb|ZOi^j8}#&)T~c3&FX@NIY& zvR}kTJk7!l!fAL(V#K#E>{E5}@?~~8A7RcBfa;f(ThgbT*g_v7^7|aWCLtCU<$Avd zITsfT2}kI3PtBNaly@hV8LUg&dNl4xUV_ogOD^Ts7EC#>t#uyfy0mOuEJHzERjUOJ0SIYP$ys?eVj8j=akjtL1qBl8 zU4X){m-tgy7nv|dOo$6JqHQ?{%ew~h#@};ju1U#XgG5prY4%4LO6E}{%<9Ft$hW;} z>o8qqLa-B4Ce(*~8B1&9-M4RrlMjH)kL)naIuw`}ACEE*69WzU0-n$00ZSvqDbp7s zX)z_D(B&ppHIZF$l#bRkqFGlfjSmmDjw~+Kd;%G2TXZtv>x6**!#K<`JF1Qr^a+`* zs+Fzv4Bf_Z$siH3HCvm8uu!!MW<-TybxMLnRoav!%DD3~!j>nyb!imdpb?&WSA@=0 zQ@MI3(E#2Yti|E#3&|VRT{*v9b*$kJhbsLpulIp`PK@INLgOz%E!OG7JWE7{Xff+qDen3Faq>0h+Qk5KjCjvVgb(9AwvS;nZ%a zkN&E?G%ZWcjE|AyPgja99u^{wmblnLJOMXfzpl~Ln`G>+^opq|&Zb`8cRX**Zm*TG z$|Z~U-SFDGVbWKi(x5iyH_gkQ931T*oE#p#Io~~bb2>z>E6)&j63^FN_nJfjy>=P- zH-0tPc-jB-V*6#O>bv**2Sepf894-^QiirgUU1dT~})R_^Qw zTq*gLujJn@j&8$s+0vpiZ-u)*ShFHzx)rbT>+x!fx+?L=h=N6wG@8{Z7iZ!wWH`wV zIz>*Y(7Z?nq`7tQb~c>ZIbfm*O$iDO$Q{MGbD#>B7{{GVkyRoI2t_#MS5Ube<*1d1 z8#*$-iaangk|Gj~=sXHgnt0-`RS~|Nbb?pbMFj!902O z^Jml*?(1Fc5rppURzZH2C7&AID4uB8;hRUrcY=h!LUiZ48DI7Jb0(N~v@%V7c2F1H z-PsF`=V8bT$}%nm#eeLj(^t;tE@!^GdC#Cb2i+o}`Q~RF_Gy68|3%oJ(oSbXgwlVL zw+fUR6&;`Big<#s8pu$owc!2Touav!(q;eXR1j)2IER@(QXs0uAiHg_Wl1ai`7N1}Lu)P^4X~8@0`0%Jxagqr!7i?Q zMtGmT@kR#pk*~(t?+$2&q?eNjyTEYjd$A*bt@>Vk9^v#HMCEc$Ui}{&uc{KgIZJwM zM5111)(eyT*T1SFY^n<@*QsnE`yzd#5KME_RBB4=WZ&S6%$EvW65c17n-a(rJYeCF zpLlHAg;Bq*2nn;U-4k$vKAgOL&er%t z{zN!rSeASvqr|AK@!ius}t%TNmL8FG$j0FfA+(p~~l ziK`&RpI~ntz284LKYo95_UhSlld3FCP70&~B8Grd_s9Nk-ADp;=jeD8ZMNoG8Pvn$ z0-zAL_}<`>6wd%smU`)&6Ju!)$lu8ycaDO`pHel`&m>gCXBv}ws&n&V#u}=h8=*%! zOwr7{5lL@7G{)CxMxuEtGuet9ghuqD!(-(>p#lPSr3?t6e@dsSYmqLFFCZ8t=TD8b zwwgOtuKXpCdfjGLS97y^dT{c~;htq;mx5r?Lv8i5n(@%UrrO+m@=1KRx|ZAA&oYpQ zRY#UW-p)EWj5ZR7ta_uDndZv&i;#}p3ul}>M*+p;Z zghZJshi0>YmtZN5(LjgnQdvresDfAPKGwDC_rHz)_QuZB{qHfJ&!2lgper&PLejl42{EVp zuVx%A{uB?<4?Un*y&pOUpJGLZOraDkn{G#zbEQ#kk!-u!SJ3WuMS20C(27j)l3M6} zi_&Bs`DkYo{v@;0`FKn|A;--c^r2Ik&L(ioFn!E>s4NHvuwQlEdta8+g zM)cV$V)DT|lIC;^!j}sSKn1jwsLfajg%RTps6J|psxp-YTA`ft5bDP>0Dt(Z{j3^r zYD|b$@`tvDHTQO50ON#2=@>bGVeVg;Q)o@}yU04L`a8G&jERMW2*NjoPpXmt>s=$1 zU^NpArJTy)nAjG7OHUYdtNqoT|KlL%+*y7<7594~-a|F;d2i68s&$$#CR0!8o8jlr zdT~9M=2TWzdabIxNbrF9wNYqU1)?t9gshF&7eJfwpJA5X69=#ano!}mDetKkCmfas z!Aq{8%FQ7XAq%^=j2y}srEpc0F+Kw1z5xXEPefn2yy065qvWrZ}8+*;KG@a3?4&3`s(y0I2+3 zWm$SFo7IvcGDb8}bY)lPg~>!tD#IeLP`;4qS%u1SGp71Od2%|*PpRv7eMtc2I>wrZ)SZmW5~k1SMXp{0>iyFc_o z$v6I=y=;V@ULm9Hggo4mDjF=@XN7(38_3i1HJ?`Z|Ck2L-u?g7c>mvgvEA>N^uOEN zPxt@Fc&ubArh%PJHN*OGI#NvNVhW%OWgU|$ms#VXUBYU+LzqWR#+T+)kfM)*R+4u> z|LM)b%38OGL;;Rcv{6!*<$5z?&-268uuHP^VwP^(L&;W&m$4Wy83?ylDfjRkj^`S| zu=-|L3u}A{qsXoqm!()umB|8h6iZlwWv_7nNj`qI6?T53ZUcNS46OdTCiEF990V`q z`n;5@{gw;!kZ(sYB5dj@y@<+}V=^n28bxH=BAJ+dEB#1uTvR-B9X& zLEw!3q9E6u>E+YVRA$zwTCm#@lnn`#l>qwa!0b8e$Z=2jzc~e1uCcCer7%isIWS7# z16@Z>(M#R=O`4NxJN5FG&yQCZ&9?uJ8nc<&SPfVQHWLA>wdT}_ELDc8L_v(*A%m7_ zZJrs&%%mXpDt66Pp*w?Gf;t%LWmP&SIjO0k{~y36T$}l^{+@amUs77U}c_Y3?d@8 z*kR=n)owG0M46e*JiEj<>*$$qbsxT}YZXUV*}hS$n$In7L(c_L@hjyw(Q<+7Y1;3? zj>x{cs-TT>4^B$0Rj2ne8ZEYUa&Y?o!^z%3 zskISJHF2m|N>+d6^8Wg8bof6X4j}9^1ln$chN`Abh>TgS1kpri!Dp%rs15_Z=tPxU zUKGx}Yk3K>(|;TupP#)wJ^$t4zvn<5IP?G%K2;N?E|uhLfs#?MmRQ z32FKMxF{Jl^JhL0(eIOpW~<=ANT_b|Ka7B8sC-!RS=a6p@sz|}yXzFwW?LN;Y!&mIyU}wV2EQN_v~mZ=g>6}`+l+?tbXDdLZfp<8a(x6Nq7U0cwgA1N3^^M7>B6oKjZ(z|~Q@9j;2Ho8$U!4r^|6!+; zDXDm1F2APXr*ld(`6_;J^*PmQ3zV%fO7z~aUNj^vrNgE{-O`}LXi%vvr9^4p<>HDG zt5~*x7nSp_AhNBHn-xm)IZ&r<2{?1A9!6GaL>;sUD06{uZ5z%Eyjk975J>smK0-Z&X?5UyMf1TIuzegxFbIDX znc4y3j$0PAQz}v|zApS}G5D}WFwdj)`6a$#_2q97qe;3O##65mTiqqG)Gg{->Xud( z9jpXRTe4Oq*yH})$edJGP!0iY}zXah`zpo2@G+H9^7+d9L8iR02Wei1cUX=LAm&>4MsVGjDX zbe^Syyp9!Vr@A%ssC|?CQoCUs$kg`_Igmon5U8Taa98;D9~HXNva(|;4gGDk%o=e* zQ|i-jh|czot2;G9i`Dc8uI|+>8$zJZWjA#kU3K5QK0iI!`*3o2_RsU({db2)=O0cF zPReMum&@O@MJ`dK9}%1AANb}3kIna}JX&z6@8)BP8_TM}|H{A*e=hNjrEwXP++3_# z0(7T_iI}z=sVs$J^l6l$^P0Rh0j6wW8v1St9(zWH-f*H(XV5{H&21y8!|7W z4PA#vr)Rrw-<}`8{qW}S=(HY9zT%o|G1U}Pq>KSGu}%vq7i0m*Pk?nLygNI7*lkza zvwcRPie)bqc2N=R2Vb_!f?lx}+pWTqv`qUNRq`)yUY}o#emOWf|8P>0nrES- znpRuE7pYYMvy!~b@R7=$Qa#aZ-5BKtgXxh zT;`3tf@QsCl3>}s7W)qR78auwP-R#g-c1||fSy%ZKJpUMNm;bJCd*p5D^q!CX2UjA zM&^ce<#sIW#f&V*VMTj(VW$lUGY|H%U^ML)99`Lf3CR_XFk{CF9bubzKUcsa+UNW% zscj)&!rDZQdZ9|KP||fN328wK&8G)Ft5-GW+KFg@wd3X8UB~>L18{*hz44etBn75l z{k?2kDGjj*`Uhh)ezt5;Tpxkew@6AfGoY4Pdj?<;sdd%GrMmmB{)CE#yA56eCPl20 z99ras4YI=J5XH%oThXFTDbg^&yns|51oq%x|2vwRMUbyHYDH+2s;@1ySNM67LHBO=mhYXn$PN zC6&dEO`dDd@$c5}5Qfi*uY9Ml8B86Hu8;~Ti^wD|A%sNoWp_an1~UQuLU%2V{Ckg( zrCy51^N`_GjC2J>G@X)Y(#g-TZTwgYWgt#>jXtBTxlomyx75#KV%uhs?ea9=mH96W zKdV;ikk*b1)za8SvEN|YTP0zw?WTp?R6&!Ghx!9BPsWO*sn`n2@=3je^s>B=@uIj} zx^Y7PCDLfsLZOQdfv6~^BCCCiq9QkDpY&ET*-9`LpfGuI(h3lpRJ96}w#zNgh6=Fj zOd?A~YdOL1HQ;06X%qiJhNDhsh(Xb_Xdeyn9|v38h4>E}gRRY{_z#crSh$m9t>{f=5@uK2hwpF^vEO6{*o5PHM)XZ=^w-&1otN^$aget@K z$vng&dP2hg8ZHJxOCG>QUQECxo(<7Q$N3GdAjjdzgA8ygnQwy8?(rd-@Phf|DIc9I zH<+`I9C3Cs@GQQ<$q0%}aLT`dfiM3fBrJ7)E9h)- z+a*JE>jFMZG!B%IM;KZPgel3#YP}(;Ze2=8R32)YOb&x4D^y)sYJES=T5Wp(ZH zrg|5Nu3Og5C7H=3wk`&Nt!pKpNLx2oOljS+wS2X#Ig!TI&RPtRiK|5DPw#`Aw`V^BQ*2mQ^b``@EH3moZ-*dH!>VBUve5b)KRWXc}^ z%fBdzkhAXCO6E8Q!#8n=ZfmTjI4qx3b4Kj%h-l-zkC|82Z$&cz9OBu!_}?#H2(D== zdYm>R;2+W59eSmI@uGIqE|poV-tEa^oX~6+R&t%nh9yuW%)cs((YDr1lY^q-CYMU1 z+6Af^$WnzOh!xN+23D2VQyU~!)%>!6G9)V6g97qC`C?l6GbB+Rk*J5GDdLCq)X{Il$?K&99lOnIEh#do(pz>YTHzq=(O=RtsnBUa$${3 zo8Rdq!s%gP@jRU;q2YMy&yx_j>~f6$|Kjq%Z!i(|Q#U0uOy?=u>FZB3?-RVv-sL_vmH7b~GwMRODoJ)=5)wHfKR$?4vPqOmd+v{^O#cp_HvGR~Yse?qUGzTC zr2pC8F6MvS8VsKJ|3`Uh4R-m?9+MD@BM&4L=w9I%9{RRnvEeP4!Y*(TdA8t1J^=p1`eOWm5is9`Lc16tUic!knruH4n7hllV@ zF|4HE1kjf;TfYiXw{9mp$M_eES3%xl(FSf_(f?d7*X|pvc^Uo!tr_fdV;qdEM_`Ex zXb{I&RYlizOP8>3`fzJS|8?rUqSxiv$6A}|9O;0@TNc|8Zw5jwJ}j& zD^htcj#*EW`hC5Uz6;4x(RD%OezRJT%5Rk#s4rq*5MzG`mR4}h%4;~(OVPNxy8KL7 zN|T$nWJc0L@p1uCm1&PFxNm!@KYeRpv;wE){D2lamXtpytS>84A7S)KtWYyPQHT4pJM-#&1X^opGyj; zd@Q?Xa+uwpJcc2tgi{dMJ8RIthJ_mtAdSWfHdr#N z$>*i83buFzO9fL{Bv`|m0L1Eam21c18nw1&N3U>aXpKlwz7}P6kCF;ES_?2Pj;zW=4o#0{iz6TC82%{d zzL2l~y+|9HhjG7~nLW}-0oTRc<)Tha2J`y*ZBs@RXS|fBT*6_`ecVK9>NA)x17RVz zxu}uLaNZ8G>a6F>KxIvCF6z~1MQ`2AV(?U?GeTy12b~QmYtNDssZEpRJV`m2tH)qw zPO>$XOTke-iF2f^9u-EG4g(E!8>&qjjY8r2JRVkvoWd~jk%GP~pryXesX=Wrfmjwt zKC4pW?3A*9pkl_5cB|9cPBE8A4{`u_e`26_&$yuSHa!#unFf36X+n7)mnf9ylBsE5pEJCY|PAecPE#->yOHPUx zdm|E(l;FaQBNQYw9-@z{UKpNIL8UOA|amO1Lk|7C)|R-8X{L##qvI(GzB}A z8EO=rLZT5hRMgY&I6SJnv zV)#TkkmewYFPHDr46i6>u|CM+J^CtyUletkgD}?hXarjFvXoS*bW7$u5RTFz5^|1wS4eh+(u9*dAB___ zQ%*!$AQRKz^f4qOMoX1fDpPo%2wBsuE~`}8Vdh972*lY)Xt{zkNX1!i(b2+MoxxU_p(`u^>y%edy=}6qdeNfI zqW{^$QkH{ng|Og9qboR1R#N&zR0>4pK+OdXu+VL%n2z)0RTxtgubleNR?v>ru~|R`g$7)s~F@((M1!9~9$1 z_qR89p6LH$JjMMlr&^JI6cX;LuqZH98xkA{ z=%5Qj$X{NR*~%JU&7kmmh7O{;dweL5GuHjtW5}^x9!EI!22Szxt1Jn7R%#c`3iwls zBN1f4EGa$X#Yw8fBG!{M!~NHGfKn)~Jqq(>YRqXW8m~X@P&<`aRa^NmD=Hn1sQ;{} z?y8DdAWqW?@KbdINkeNEEwfw=a%4E~N-Rw&OI1V{i|#g8O2zO1GmfGS0i?*&mma>+ z1lVMp+i1DDHa`?{%~_R$ZWhBXx6=!^t&!(n;=EcKfoc&b#!Do@WBecJGUF%1I3k~u_I8qI?VUd$1^>Hfd5 zvsJwR4_-X^e?Q7omZI(Jss0J3y2#H60j%a_1OsziuJ@nj;cev#EcoosNVI$9k&tuP z0)F#NG3k0^^=d~gIUHgZAJ|2|RkZ(9E|2?YSRa}4Tke$%`#zn;+Ni$kh4Iwu zUd~52iExVHwhvlG92_TfOhRDz*$}M;)W5_@Pe#^WZQq=%VKg^H_U0;P>I1{OalD(% zG9y1Pjy?W6>zPkit8parC?zwT@3~cb_JLU2vk0bRW#$=V)}77vp9%hbP7)mKCp6wG z*_f`NeVNCU;Z&I8>;qocLF!KDDcaxNJAePn!O6+t{sE#1+WYzauSfDK`1<{?M+YbB z$LYb@;lBLwkHfcb<)5bqXK(cT(}S}Q=8xmO-DCOd=-}-9r^BOt$hd#FcVN6e+5J^j z`RD2R-p?oR-=E1B@BVT0UbVOTVgK;#{MVDivxBUM*P@4<*`kY9br#W8^+p*e>K8hH zq<$m9E9jpAy^gNEB-lMZ%qrQEK=Q9s%2H`$kpMPu1V&aU9|qj#4j_8Oo}Pj+w|)Q}w;dgjfLkM`b@+o&Q(< z(z5?QwTb_@QHcLIc(Jpy@pS$_#`CE0A0R|nl{WdxqXx)W6j6L7SjJ=})E(zSNaPP*U8fj&j%pL`1d(xnOT&~ z?p>L(oRNPQ+*68|U$d}itl;%md|Ta@wYp7^`u!z1YeWB+PW&sMru*NZU%dbI`x{U3 ze;(zr-6~}6N4G$!>#{hS_d!S~_&w0=FA=oob1DCB@k;%?lxs6fsacT}_yKbVXGw$C zENO#l!~nS@!0>!r%~adqx@Tnkl?95DBZ5Uqne5;9=*)r?sArd1$iDUmbPuufE-fEFFFC=?+xfb`)Nb}3xRhR?xTVJ_qVr8 z`5y<{Px8Mzb5AWFfbuD-`mP1v@eZ5z6*Kv zHu&*sT1&>LasY3s7yRUfUgYD%F@d!712t^tgq}2`F$GQjowZ$CwK{J!TfI{d*q`uA z11ooIeziG%HMZE8;ai_+jo7QU30EcYrxYiV7aktVp%^dfpf~H)xUbcFcQ4@2eQytL zyU(^vdk5@P<+?qh0eEFOk~^x{e32}+W+q-zFF7n#6>@&wr4ah(6a#l=Ls?K;%s2E0Q*1$zx=Q0|GzQlKi&Ty<*^?RQX`-= zK@9<5l&-;K7avd^Q-J9Kn6JlHihP@*KX?|{|1%nqlqL_p|2GC(#r*FZgRLk3pGSG@ z`~RJsY9j(vG2EhD4J4X$eVSm(x;~xtiljj{wDe7~9z4C@Y}>P4og7uTj|p%StYI!V z9k6j$4!cmkqMw4rE{=kj5*gH-!=2*f$_wl8pvts^p81Iv<1;eDbgudE+{?PYthEb~ zBBnG_oTd@Bz4ks}ULABGgbEO1BQ8SyP!kNOC(%UDmho!Xa{A0x>gN!lf6);PTqdD7 z!6Eh-?iz_^8hvWLIIcO9azPst(R_7h6#*onS7DYXTM|~@W(#^_eFrDs)AOgc=YN*A z^Gn!&ZEkND?Y{?GTTk&H9_4vd|DU@2ulcNkr?TYfccQcV5;kNDr1$?qF&D~ljTXtj z`;>tHDFJ`m1pJyQ`y&}5lo9+zQ}BP~Z1>6y9Zmu@8hIfpZhk?=rC(jCQ`7&j$|uj_ zba-!%K7>kci8j~7*6xXScj%jEgxm0cDIY!jTc9c}`)HE?zIaiJ|2^1wlK(u)Q@9KB zNq(JpGki^x%fayt&-MY}oe{)cfbH@Mu8GB(mbrZf$Hn`Tso1voQVt1}sFMh~L9Ki|zj}68~XiyCnY`Yz&_G zzejoQCI3IB!TlJx2MyouOmR5tvT1Kh>7_G7;=r1NqHu|wuOxqEg0dXtsl~LqDeloI z#h-Lq$=u7KC5>@?E7mx*mHF3Z-UN5!c^C>Ew$!V_>*MV0(4KJ2UODgmm4l&0eA|cy z+6GZlZ{y8P@8ir*4l=x)9elwwx8s+VJUY=5Z?V(dp4R?Tx&Y^+qIuKb&>s zxDe1#o-RTk=lmus3+eMazL9d7(r5h5G1&TwiiS>JV5<05g>~10`kY|9SVs%G^Ogz= zkhBEz10_|6JHl5u`G&cO>hr(L$tjscG{N`mqly3D-Ymrb8|-XuJ;ncflxGDUdufW3 zh@q4sG2Q5TiX$|dlQ1CB1jU|z=}j=}c2>~YlrYdSfk!Hv;xI&$kdB1SA&DmIU@V`K zD-0(2#(OUcIx8r`6CjG{d7R)e`Gf;ONB_LmMSPng8bM7C5{hwxLK5L_r@Mc8ewxw* zcUI6Ioy};3e%U)k0ZCY=J0WQg{uSVNx}$$5J@{9>m`-~9AN7-6MZK({k>_8|V>Biq zW}P3p>^koJ&>eY~ogcdCEbjd9|8`c;FJ40EoT0=01J>zYF`ovw)0MiePL~AO>xuFS z{Z|Jvhn#+ETiyCp@Bfp7-Tik5-C1z&K5F;>p#P$z{~v5`z1V)*|Bvykpf_T^(a$)X zp*_9^I-MWTVZ>4|3`OwbYdk{Qn3IzPksAelly!f5F3n@q(MXd?Z>`f=SwU}bicWA$ z(P1>EozBI@g-;_!L)_uV3rhGWF9?vV2?kli zIX}f1ebnCsRJ<{DF$k#7;0OG3&I|R{(3mEQSwR8y=b$_XS?)OuL85|>n$SQAw?lWjB;fKeTYaEOmp?A7vK=5 z7(N?K1~?As4IiQf5?LiHE_ytJ_|*bI37*j_%#a%QKXei(UL>Xwj#7p^#;8xcR8jW~ zLx5!HhM9=!igCr0#DfLqMMzoHBFXpi^T|UIzD6_eUo=5i;yT*t?8+CS1NoZ&;unm(hD+wGVq(Aj_zG?CV*RXzZQeqs z^G`ZQQ}0R)I|z{Lj%nh<&l@^V5KPz{5SGo3Cy*+A2kF>AJhUYS5eRGx>%F0BvTFA!IqP$4Owdix(xpmt=i#kx8lWt>FPf2v%;qzcrS~kt6_Icm$g1JWWfQ%q zg3J2^aLpqtWcP$CBZ{YK;-z?UQ_&P($Eqk|vTR-J=;AYS(wi7NL*$%Lpx7Va$a2tK z9lQWnNUm^%89Pqs2-lWIZ)H&gWf8+^3cjaxaPi~u4NjdQ`ivaTt#cqv^VN0aa7N!5 zqRoE4kM58|B9am>+{dAJbBcW$1a zzxh%TJ18L(x=@}ARiND>5EIccI+j%s)PduKF*1ozOao>DcAp(2L%(URZ)A2iM?*KMMLUM}ONMY>xx)<;%bM-ru(WhW{44*uZ#ayt%pY z!hbm)yxiLIHa9nSf^qP-?Tx|a)_C(J-WcNx6U10c_8O;@7nSzE4MVy(93Rp2IKd1@ zHJhtkGY^*(HCJx|11_0Ur2($bwKTaNE;DvmZ7a7X(=2O2NVjUZbTq%kz{|nK30-@* zAl}+FaK#El!Vrc4V}XY2W&i&8Qjr{L)|Vn>oSOx}Xas*N$cp7v+lvC1pGO@qu96uz zj6^Uz6GZ@DMfnSU$}EAg99$}TTn)Y~>r2(L!*w6hZwZQNZ|hcB1E5?+#Ol@`Wkk8$-?XQ1MI0BtzGPWFn}^4CxE^92^N}(w&E4|uy&y<%j-5y; zgu_H5Sr+}6NkrW?{NQwA(`Y_dXxf)BMV#~f4c`= zH6mhGt$Q_Xs;GfL%T;g*fK0fGksxd6#BLA}!BJ=sgn?*ebbtD#;QH3+s)CE(^BVXZjW6HFaf$<>s;Ysj zcMoBVf(zDd{UyEx7q0_$DHU*ibU?W0;!oZz4mpkVz0i4x&A^Gsv6oJ(AkKh=qJTlz zt#N{590mMOe1(%67=zTSOIc$VePDPz4~3pleIn5Wee}hOkz!RLJl_5F6z#tKNq5Mv z*9i?noMaOIOU?1Pj7*rJHt?>Q>xCm%j?DFS?cQWg0^E}ydfDdbt;qh@x(`KM(%PMp z!{^!C(>%H=%HInv?XJ>%|J*zN(0hkx{HCsI>5vG$kjzMq8sBphn+84&oA`(ZTGGwW ztC$9o6#-#Psrf*j6=f~yH8(a&j#|EUA*LE#b!@U76@BKcA1t$Z&+BP`6KaDYf; zVcV8mV}i-`r#P60IH|p%moDj-FB#HR(Q}$kal!$PP$2X`OI-&HxGXWss@B&BhLJ9w zO7ky1hb*NDMuC@lx$^g7+KMsHYMAe{n;7tAR6)-#;w%3G(F9!>vC=Nq0515n_)~(5 zk$>00bxQu7hfCwk4?Qv~mA@GD-;f8HM>CXMu|YA9rds&;mp$M&L<^RAyqBh`CRor# z9XFlk6YK@QCM3o0BOkXW7-hKXE-VII=`UHl zs7jI0J?W|m*O)|JNd9dn`&Dpdm5SvrJ|ZV$J2|TvU-@pF&=dpr=pZ`^%j;`CIxee(x zKX;}iMqY}*9CjX~TQIlhwtI^T~Y*GGeHw58giVe;S49Y6X--}M*=&D`aTXX>O0UTYCgo;bX zm6s49NQ*tjFfi0g8GTQ=oAZ6y4~YL6i}Zb z8ljH|yf-O~w#g#+p#V0A2_EBw6Z_r-NBnk(15;$-#iVyN=nh`=R&aE6tS?H&+;`EQxUp!FB$5jTYEjj5d#aoRx8Vk0>STt zjhq~9tF@M0&jd`uC#70vW60Fi1yRI%Q@z4njp_3Dm-YW*_{uB;mt-Fv9IibTE3yW( zI=HkiP65JuTxW%DM24%X!&n_$D%{nBfF;?%a6TbTq9p;>u_!9{Sx7y;(Y%mG6Co{C z=G?0Mz2=c0aIFM|x7wOClZzOY(Q~yQrwN@;rYMcWwdH8N6ceUoOlk!<)o|&`*7El{ zezcMNu?%=zEk3v5OIAiITrzubxS9}li}rO)+Hb22#R-{t$xW^B{+@7|L8u$q8!(c6yT5ykym>msQA+$u zeZoD(UX~EpRdn@iD!n2&3u1_KcC){kLg+QM??zDul0t!ss=g^KsSlAK&X^IEm@ zF%4Rp7(EPJZ(E^Ez|~S0{vdE2H(A!neoV=IrqsyH?3C_B!?mC#ZVoP~pQw}JsD6|N z#wNG1jpO2yT$4#cg5Kpz=E{!RtmHCWH5S7~xbkuvD_s5VpgY)JSd?RdtHxru2v?KE z@IC2Q4zA-GE8!wsO=iOPl;kM58a3P*T)Jp|>-RMKlW>XC`$I&2pX1jg#BiCu$iszG z;m2iL&*;O^;s1O%fP@xDyYCK8try@{2YL>!jCrbHFf#Kea4M4)iPt2+h+!}Bry!*; zcrb8C3j)>?KANm&`2Ecgi8QS#!deB_>7HV%FRXBZtb(7_bgb2&ij~gIW17sD;B+eC z(%DTSli1!OG0B?S$&uF*SSV}THp+X!MUx59(|L;y0|gFECSF7sU~QfA``1(A3wKRp zBH5JA!ypsuwDnGFglkO0Y?!y`Eu9eG3z2xuSBL;dA#DQDR|{!;+(ONBG$6(xZ{5&tgNo46?9pa9)MOm!n%V9xr12nR9-fbloN2^vB*@RE$s zC=Un-H95o|4wvEd8{x`nx^IzMzjaOxM(gN;bM{|iKZ=FKUMFk|W`ut)?qkzG!3|hU&4~$)s_$*|<;Dn5=c1&;}f-E_i3&V{|5~DN( zpK3Bzw_4ua<(w0#m>?fw7c8pes6sd}?G^?V7=JB<7?TN_d9k!wEYnZr&27?AN!reJ z>1IQ&3K(;=)PV7|CZ>v&2Y3}sG!(SVr(pw0m@xRjtamj&h#(4;A@#UJNd z;(2PKLEtXI5UBxsLECjzH7LO@>3pgB{5u>&8Z0s>%-iZZ_Y5B38C2h-*W@6~}ENLxAn!#nI3{8X~gQpc`P{mtms%$`7*V|&t zEd%)vwcv6n(|Um_32VFcmZ=vWWVK~b*-xQ{)s{iiVy&sdOQOwA*A`l78Mx*;drp=1 zl&$?y7TqlUG7|ICcW1}^^b2s55-()k)|aFVt~tZWKXAQKxq#~u-ze5X!vzr7f#VJH zp$MS(uNHu1aK#>D*E9+0U|R|<)v$m|{c3s1i_If6ywpS*aJ87oYJ3R@ z+Ds&rbepErfUCtsE(ceBA_ZJc(`kBhs<7tO+L_xzO!Fp9!)*=j>mM6jf~~dRlJ*44 zt2{YnjQ+~j?@Qfq^gl|B{syx1L06y zdoSe8;DQhGq7vRS%q&~A7G5}`Qq0mv031#d;jA_C{F<4!tO3q>aBxq4+TE)WZ{Kqb z09^X`tM!}}a4|@S0??ggiG=jEN(v>_y-o(b&{f25BYBMQU^2z35c@9ju_<=RK+Uq& zG=o~sS%{tkLzSD2b>4H7qJ)CY8BS(|F`xtbgH%G5}u{j`s1GL|K?V!G7aU*q`&+8{OyyoEbSAmh;OQ>k7X`TReaJ z@$u^v3pXuA!9)Ok29E8QufiRab;qjkMM)jpEtD65#=UxH>n4zD6~GlB zrQXCQ557egSA*`LyF}!dDqPw1t(AZoD%Wnl{F0hhJ7_gg(=4FXMoYV|T^YTOLh1$k zrc%>pv0h~cE_P^UL<~|x)v9X>FS8w64|5ef>{LrrDt=)#{TArxdi{^vrSVo%n>RWi@8!BuCNaZjU+ zD!586Ha58G3^VR&l%bi#_g6ScNKg~DP?eCZptdl}BsvASIKG}=n8`7O^rM~QGZB4eA+HD-E=8DC{7e`>4BwI&sgm+#fu3m?pc7$CAS}8lN-#gL zbLB4v_lThggj;w_;X3kV7=-h=gKBOf>zP#cuN5&BD`04*auzV_EI)6Huq_rXwi3)j z3|Tkd%SAPq_Ip4Dm`$djjbK8)y*jtIDlqMKp%q}ZjU`(NW)q8238p=otR2kkj=rQVf@;@+sp=sgB5N-M=IZJalU^M#w*;mc&#}f0yb;W4n#MJt zHh@{ypx1#pXF?b@qUkhKV?e?XjdMGgFZ(ZREmCchUgIBeo3q(1fL!ev(TGis%mu-$ z<2-Irq?wHZkkW_|G0AvbVjQ;yvxy_IfEnTRnkJWmUUwn%fsAK&k+B{gIx>qvI96T~ zk!VEcQGn9K8;^-EE><++eB2akA-554i?tF!wuAFPg4qI2I#2U}rnCvnC3&Pe?*(BG zsY6c4I1`q`C=O_As?>_WLyDRM5o;33(1yaygx|P29k41@T5cInaD#49h~z8b2dpJ9g8tQ(F@sZA8K$venIs4BVAGJ=4*sQwf0T85IHGo1LGYmQQYhX3wm*V5k1V<}EdAPb{bJLjj}(}SI@ z+|Dsv?tSHHBZHOD2Y6Z z2uD5*a3H4qIqpun=nYO1lCE`jA-h_vvw%%KhDI1i`DiZlB!tc9dyMZ`M8@cb&b5u4 zhekVF5>p~348p(9y^v`Oej!OxP2ng_ZZhx!>{DSBz(ABkI7=ubI86C_1L!G50b!Tj z&f!={K1D-BV29xp3GrvvIZ!b8YU@Of4%*H-ghFZ784!1YFO7swN50rSJ{0D%QVK8p zL;#J@Gz~*~4HjSi6wkaN`Y*N4Zs~>D;N%9q`*3>37bWK^ zJzp^Cf7y5~XW#6FV^nXAb);eC@5L5@h9wmF`3Xoe=mjL%$hJ;LtrD@22&+XI@Axkp zuOY3Y#+Tff0#&?=zihnbo$&vuZZzUxhbp(wygOq@EHrHFk6PbJVcN6Kw{I~bEB_|0 zG+AIJmEtj`f%Koqii5w8%(>{RpgJY1*ql+aL~@D~#<^DE>=$9dt#v%%hRzSv04x&# zjB3x9F4*FU)ofHqr<8Aj3?hDpUne9@anup#itxMuHV{Hk=BypMXixYfsm)htN-|zJ zfCj`>OnBLKOgGa+dg9?g8d?Y4PG=V-*r&4@jsoExM3~|lXk_#RIfiv>>l`H>N^mgu zm1o~<9;SrzaygF>j;l_-B|c~KBoX=!PG;hS#yAOY(2OJrj3cx8?shtgM=UyX7_5vJ zlV8LUKSWo9&LxS0Vdietnc>vqCmcV!1j{Id-kOoiHWHGN2jnqV@;e$LXW(>HW0x;k z;nW_YTepMI$8NX#n?B3(J4O2l)Nd7wQ-|Iw5k%Kpey4 zsXRgD0>Oc8|8y$%4{F>$MF$c42I`0nq(C)x4{EV{IBy^=gu3VhlNPWHBffG(U+W#g z%%z?RWM_IE$k@?pPYDlV zz>Ud3G>iTPv_R;@#K{6&#|Zl#-^pf|>O7OZqBsGMU0BixlE5mPWpTDCt6+%jm%#z) za`{NTm~Y>NcxkpO^qo7UXy!#A^5;{S+sq0i<%{739^`TWp++fVazK67HPa@8%`$=9 zl7vP*?a@o3NpD5ojohpkSNcit`Ceu#H76YDO^k==eeC@{#~qgP z%ksYLAuHPDkV!(qS$&BhV7XK_U;f2}ebAAGRc;@1&P`9okv;`7cV}L9#5pv$3c%O> zth(a()ph$#;>A;vW;ZsPO!)1h9t21OjgwTKJ)B%&uuheguBRSfS~_c~Bs6)@%0R84 z{}O0iR~dtYA9GSk1Fh&pmgv+B$J(H=TKNnXT0%%n>!d|XMuh1uKlnb~aQ<6dOwjXF zaf6`=`YEB;Eb~YGaJW|LR5Uddtz>-?&e+mqf=JMnj>^(dIHh8$(15d}!2T<5qfTKa z3nTcEGnd7S->}z%yWy0wbojFWvR|&HW=~U*b>8!w=?>NV(sUYiIXx=Yi^ou$d0Gw2SS?0XtAm>(sW%)kDX zkAHU$Cuy#LF&6+89r5d#B3$_~;K)yIVqlp?WzZ1fzn4HwL#DcNy4|jm`w$WwrL`ab zfp7BPt}+5&m^Dv?v|uvf1`bG?qqs&e3k5VU!xxN_Qd${Q?OIsJo?3iB|6t5%(Vz6I zvZewU8Nk7xdQpVK`|_xr5|64={2T72kHn#RAx_eYVHP;nj^tQT#<7CO;LM&%cDR*|7M5=;=GlI+Bu(% z@Cu*LFk{|C(<}kPDaPpHR3)cGr!rL&Sj+1uCpv+X%3>)99QORFY{s(efWMO#1AQp`EEGr}Hq?QCBkL^!4BhR&7n6)sBMY$MdDDh>6Nn9qFld6j<-EL4Wb zi6$iaB+g*?v#Sc^t0kCId+drF$V1e7HfXFfXV^{f1b-SLhXdzyw1!j@hyUO6?hk84 z1?%NYrWLCJzUtKJh%*IniBsR~_xq|Nv?9o{$UP{|5M8po5ID;d-WYL()d^$B>qta8 z9XQb?teh}2y$s;TN4U!B=*>%0%UtBy-U>*|RjX@~1c3LmA*%-u6-%7@d=%Sp=uOb` zmNDwr;J^SM*8H(}m_v&}u?sWzk>3Kkkn(`|=am2YEnCCrm0H9;@QCMxzj}6l&d2*1 za=pqfd%Wg(uAQE)bC)$Bp(< zTmZ)vJ=O_R^r(mEzhLrzERH_=0HZmK{BRy=;m>Ks*AsuN=vB(R;n?Bc#p3gb6d@kH_y0c)- zI0H=kpz=weEl&z#%vmyZIzQcHQWKkLTfoHC5Te9*NSaG2uOMOl4;D{wOJmvyC}+84 zvxZWh*_}TSw3(o5p9)blTUumQ58$tOLzR9u5AS*DMEzu({4+JgW0`~Bko`-AQN zp9Y&RUTke`ZtrYw{Hedu-|BDu3H2X-xaDWgFRFj)-@C8k;J%Y*1--?>u7WTji5D>~ zQi^cI=84R)uy=@(dBo6YPQrj8Z{qO{oeS5HKSoHD=Vib4IG-N-Q@j5;qm$`@-G4C} zEkg?$_W#D#i$P)kZ|rQoc-sGu@#KvqXE*wuA?{nV8`rzWcC*P9w5uZEjOK6`Ax8Aj zHnx@L=Ol{fDRYMC<8SNvFDiZs|7Lv2w*X~1yX*{+qpWb(iv@%QW#wni$?^hkstROQ zmd;Lhv%Br&3fvjL@`K2kjuzl{Lc-G0*vg|r$l)|MJp?1qB4`LXndFYc=eqhv>bj+o zAmj+H(Ggsu<@=NbHD8HOqdgkZg!h$9M&9%OI@%Zv*3riH_BtA@*}7EtHPUyWzoOj` zCn>X)SM#Ztl2a&im;3#j@#`*!f29_%jK>kCqs|aT^DxYRNxXP^MroLm*cqaJ?jx~Q z2}yKmS;Vmy;n4D4nE(Bf+3x-=|2e%0B?6MmyuEMgO)TxnTzVv$R4=n?ETsgdr%;bG z@*IYUUb{Qf!ZbN4mEWA&W@EzdG3CY+JWep1o-6-x7?ZQjoO&q#O(Vcd0Vm3edVfBf z-87g{9|rzE|A*3FFWcHtSDFxiZNmLP&m!mlve$qn{(on?c>WJ|c6Of5|HpXlasDgo z`vD)X)+Hzl{6YQpDQC(PwnFl)mZ1upA!sXa7KDTsK~^^tO062hShZV#2>s;{t*+)Q zUHAn^t2zQN#fOqYor)m#e6VU)rMo*syPoHHO>#&6`%0|olY^uEgOkIf zH|M)2Z%&8Eb>$v$C-HpUb+1Vj&})~Gf8$q!jhFpTFScJ6D!zNae=t;fYcO!i!Iy*Z zry=@jG#ZUM2<5ywMM2XA)!2rH$ESX)eJzcedYk(3Tu``~d@;i_n%szY?}$)J$t)SU zI@{$c+q}Zpp76p`z5kp1xZ3y8wEz44jpF{_+Io`zJ<9X>?rTHv^nA^yy#GTwVX4Qa zy*>VWX`#RIH0}Sb7ccVrf3UOpV&iH5KgLtgS$lD;f4=Cx><&5sW`06q!Q;LkkBLvb z5FLabONkF!aH%;R(*(VhYo{}%oDsKZNU^Bc;}u=8;yT3VZL7lkOIH@_`n1QtW~;Ir zN0ZLXBhqk>4LdHvGmnHrWHkBTS$(Zarp-;xTaQmLapf=*D!`0lTQ)oFzRr^%9(| z7*VFzSwU>>Pm#y;HtXKZLNHSb>169)8(rZVnG(!8E1eZ|L{q6~gs}Ql!~iAHB-g;Y zh@b;urG}{Ah5s&;1CR&NzQ9^o*t`Ut6=CsunJFpbgpM#n5U#kR+7=F#L-hHsvx0Ix z4$&=th0rCw8H&I7ZG)va;BSPAQ&!3k%dClB$%2*0jY*6{65)FEs!}~L^!VY2AFjP5 z`r(HkRCY3kJT&!^Ksfm8aqwAD_CIi&TUQ9ih@@yt5|(OQ9LqjR*x;?`L4n!^eO4I3 zpRk|(LORa*s~?dwk3qnkeN;kU{&lmj-rtEoTjqAlXaZP+05Kdfl9DTF!=6%f`BDMHI`aQT)Hpc0a!hQfC2{a}_w?*=@AP2zWbfzm zu;s;pA%ZRm?#Xz)(U0iR-LzA}p<8nRIsTNS{|IpuqUMcjdj0c~g%2zq3z+ z33C5;#s(9o)5%GY^3ouX1v!I$eW1DoOd+fXU|9EoM12bH6bZ}ANkk;Eoni}RTNvXlqN7KgEyqpNk*OzGC?rp%e)lw znQV&aEPfY8pN<2#&!;G{H6E$r2wXUaQp!)RNQftf%n_k61H!I-80H}!qLX>F%XTB- zG@9@qrjMef48w0pH2+jrVjjmK=H%83p+{CzSWJ!KSZtcMnzU5EiTQPcr8r7|$)>f_ z(XV}+6S*opdBs(1#1Uf>fh(HA!AAzKkTBTTCrPQE+MRWkO*`C-LCF;}Eti$(NF+7^07>0bN~3tGd?eZ?c!eh@@YSH%}~;{@|*17`sB55fv#p?< zp|9e6fE5--eb-c2`vx>xO%Z3B=CO)u$-Ef`-l?-9BD4qxJ`q91LkXS`8lh{+b%*p? zaVRY2vo9L<{Dd+l3$uc$c+=%;jTLYcdx;l@ILwMee81EK zw>FQnmKwYKejx6BBT7@2CSDw?e11|D#7~cR;JL^tu|D&UWiL*r!!dMBIp6fRoqnH> zU=NfQNLce{xu3Ko2S^65!lZdjMkz+vOPQtylAwszxBLA;rz4cZr)lD)cycpDCo~L6 zG!cpUi*r2lKB0M(MSxJaQlb818lZr%WDYwVjpo4wcyDtGMEol{MuXB$=4;qs{jXs| zi){%Wq3P6%(4e!zYlDwjETb}xa1N|so^Yr@wuU3H)t`BvK4c|8JYXE-GKe%kpwwv$ zTCt9K_KG(hR<7fFu{RU3)}GE7ekf&79I0O%l(?<9Qg~bW)tmhzLCShQB?=38BFd4K|>?V~`_s zR?vQ4u)tS2_;3hO#T%SnNUsT`J<| zNgZpzFMH}*A4nJqQRm>I%8|X&SyA;+NUm^%8G{jZR`S1vts9h=vEPs!mR^~Bf{3ob zNwkdOiG2ZSXQfa^T(D$2ss|}WP?s-t2J8Eh%kSu+`srrgd_%F{^I&(f_5}+mSQha& z>|_49gTM`(c;P+{y&G-gu?cH9h8fQrexxE9hJLxt*S<%>d4kWT31(9o21B&T+1EMn z|ZsQ=CMQQ&gUh(DDWxG!6!Xikb)0Ccv_VjZZ{gC*PDsYs zzwtvXZz?M&PVi|eXil~O#os0y==4S;>anS_jvUwL|6+ei(a$&xY3A`1QF(`_lSUVQvV@Z95f6{~D>y^tUd*47azDoMY~0$? zZ)9-hAv)VTRxgD+@o}NBY7rKDu0aUC)3!k<{I$jD-`!KA|B+_JnDvg{pBQhzFfi^_l@GdvrK9Q-qk=5e=!&@(|8$G zaKru|>}-|%KVNJ=*?&LE^Z9e{2XsYdLkO8YCL!kM|En2Ci$BFf^h59NuER@p4nD;y z(1aO?5SC51Bg?r`aAE9nvBTZ$Gu#`x!n}wR3)KBZC>%_l4c+qVT;!vjP56_{PUqt> z`Gg!dYYayL{4D@f$9>>r)-vT)ssvAd~%)t8g&2W_8rvSGh`H9z8qxb?i-RSNODL)ju*$QcQqK{)Z3^) ze7|t3M!$WT7&>J z?f(}W+r|CAwJ~_w|BvzT&0U}Yd95E`vF7dK z0MdVYv#@5Myky2PY@lVBgjV}Mq2Xd2fBtEb|88s)`TzdL&eQq-C{JPkCnL{)z%38W zdGmBi6Y_6RGj}gvf}w!EM4ZqN+xL9d@AtczlX-|`z+5jTc>`hyt&1ZD_K~8+Qf8v! z$xCp)DCpW$aXFXx_a@@#IBF2Qk7`t_MnQU+udxXE)y)X*1c~$?BV(9zh96bx`Shr# zHT@qE$ZECBG0;T+HwQ)fKiGNV{~qW0Cg}f9Vr~6#j{!D^98B^gP=Vo1N12YDfCB={ zE;R-PZ^BcVg6kSho!HvRNVqosC=Xp&f0)N04Ker+B4nKU&A_WOvt}hdog4RhTG4;u z#`LA)e-Addit@kyPX9^&_b5++{wv4M}hjS>;)vNU2mET;iK`^i2473}2yVT5|xS$tpleP#EyPMfqw1UD8nK zZa_OBs!Lr2EP$!Ul!b=!A$C-kovi;`?FZm=vvP16$zg+&M)wU)MQ^ugw6ldHKM(8Y z&&G*l8CzvFJwW5nT)Gr%k*~eUzTu}O{fG7LPO%q+m@OI;riuRdi}9Z}Hnz8);y*pg z!>MwPA1%`8Wz{%pt$cU7oT5ft)8Vp6R(>;-wt32=)Iz>;rWm3l8sU=WXEB^eZ;XQD zMCLVNaQ4b8(lV~h{ZV}^49+NUiz1tl`HA8F{+~tY|FRc=M)`j!{%8Ni6a9ajr^NpY z!YTRnFL5$_cLzct$!7T&P}{>ORyY&XK_FOFgFvgQ{DaLV;5$H$JdUc-63a8B;*k8> zJK#V2S%m(3LN>VYG0;T+2OCBEkB!aEC;jiEJYQD+Z^(FZ!fx~ESX}7cBsIiS@b?3Fh#Dt;Fg3o*C=u+sf1Unr;X&>dv47P~4lJ(RNq+LU59 zbA9JD>TTAzg?lhTFfWmr`Bc>nG`m*4tWeWenUh*Zmo>IyVS-X4*eI$%!9r^&%&oy? zR$=3&UwGp$wE34I0Ii9DWhyO_66!EI}g9vpuriqUk1c!tme=-Im(w>88 z>OqSAXo3R~Q^0Jd)&o_~HN5es*uP}+8NjPb#$rc$AmiJw~2$+q~b{?ZyJCgnYFysD_2fa^Pj*g3Dle=j;pW2{)|&0hQWlzBg4w)>8@*XVD=$JX^~IQsQAAVpyw#<9tsa8K z4aqEsEFFnPkhiRq8TrkA3hpe@hZ$KeE0&8l*KpQW^g_mnCOPbyv0!B=*tMDhjE+;j z4-7!{$Eqb$3I&{%v_uIuIjri6kAZS=Nl~x)y=+|s>d-Pi!QPh|c zd&#V&LP&g*Tg|f(BK*8L2-gtZMme&CG^dfrvUryfxa{|0j7>EUs$fzjbPN;q=n(&T z$d(CdcOJueJWmyx4_RotQyQ+y|{*SC+DKm(LXDiiS z1_Vn=0t1SCssbwp3Uym@Ilj?qehpO69^19L1z*dmm|Byt=nM-ccMY%jjkEaf%$ww( zC?|O-*2q5QDi(r4TMW0%0#%?FqcxYCDa5|6Xh+*?<)=eiZ58J2xXy^HdZlSoE^`yM zG3lyX(m9_*+xX?js-f%L(D|XiJw5;X?k~IN?~l(;b3{j`!!qZ&n0`mcIw&IGAiAnB z)5|^=z$_RGn=Oi5S%tAc`Yc-qvUGLxdVprC6=UdaWs*fqE+{TTl{s9r)+g{%uK-wK z42zuMO{aJc99~3*#mN;>$YJx*vE{RTEsuPAnaW|*jBT;VUd8cNatMtxAhReML4qoW zYbjuAVwW40jgM%>Ni>d3Cop`#u~oAc*=nrjFJzetzPRLZU~*k5n!H&&3o&m!bX1Kd zI$;}Ao{O-JXc1mP>;G!>zuhSgX9Vte_tP;p*#GqV#rO|{o$Z~c_-~K$q?o0w*XhPL z{I7H0^QXA?WWwX*jnxX$9VMNjOTS!koS&HCleZblk*iB`2L?6`~PTf_w~CyZxY4AJ2*^g|pu9}V!=kmpyLbUuCjOB-B9Mg(>+3Oc9BYZ$Tipj z3FDEIFnR&0(=c}-UuHT+F-4b{F&snuceEQNV{BDt1Wr+{Zb44NEJ-L!o#VH=hz{#p zUgw0MkE$dIP$73C|Mc+_#J7j^eE~^v81W6yah$*Wo9m+Elii~e6i`2;6?jeEt4l?F8+;-akPnzw95Q(A5;O9&8e2 zqcG+*VAL1g`;>))ER_TIt)CleqW2D7-|IAg;KbzTRNqeCzv|}&WG-&l#jeXH$PH8E zUZ5xI$z`z7mkK@e(eIRv2#y1W1Kd#^blp*yjEv-kG>8*dT_j0uc?{OM?K z_wV}$Z%*acWA$x7hLjPtjTf zJ?COlXO|GG!p|5ZaT-l!B4M%k@d%5#L2v%Pht}UvI*N#6EzrGq6vkx3gMq93H!3@> z=(^ccw4b7YLf%lptEP~?)J`9(lXi^>j%0fO z0rBaCI3q?#jPOu=B-kIz1sD6kA!Ta;N3`fxvzWO+JI7!jj`}j49 zNJ`Go$D(U3@bssmvx09=#ID6L@Wczk!r|29T1Nlp*LR|?3F6_uh?vT=vWfppCTFJ5 zq^R=h@I&VvB*I5$=FH(t=3rK-xe?F86e24Nyc96#JVn0|G{zTNR1nJ{Ujs4|?ge2} zl*KMh!dQqPkfwM*vlNXbc{h@dqZtKE4Y^7vCmg}P6CENcBJoAYXbg1u0<%zbOG+DH zAJtBBVm`uvIMg@|O7oqEUQ?4xd4kUgM`4O4nLkDZ^N=t#_4Wv~(4q5c>iwz&nMoLj z6C5eAi3^kz^UD^uCFFrJ8D?QfVLB#EEI*uw{g+v0owK4j{0!z)IzdR-6e`wZMJ3BM zM>Jg0J%U$zvP?d4rBs?wW0HB12XD60(qZ! z87;6loCytN0;w=YGWyNsIE-|r-y9!(2-~L8H4#)C1HoSoOjbJ$qJeM)j*HJ+UL@Up>os5^07m&^DqpP|1on z6u&9RdXDoM9b$$jL{PT!^BKJ++-IRorv2SMpH1fJIpv(sZu2wi+jsOVI?T_`XLQ!! zWOjx=1H1nyzMDk)V%=(QHFQp=DF{iWG?LtC5tE{Xdvd)T7j#Zj_t#XVp3lNEw&wN^oN(h$>^eF^E z0t5iT<%g+w1E>^4g~kN6285@G42P7ZEf2j11|>;~DJV~`f(J#G7}wd{aspY(O`ux% zGg3bBAixO1ECuiZK?&wu=NTmEqs_Zu%@_tI&?kjyJ$RfXBo6Y*y8Zr{%#jzSI+0#M z{CFr-0kS@Rnu{uptm2X8*=%Idq0q@fX+5%hplY#rmL}1eu{J&2c<=OlMrWp#43zmR>!MKa8(denSy{@uY(I;)dF%zhN8JTk}#pdZ4~P`tuo`!ST&J zeC5chD>(~U-_i3Koyp@z>j*7(MKK3o5?L~&LJhX8Z75`ikFp?~eI-d0N)Z7^QI5}q z2K-Bm_fF4ebas8S=r%NN$5q{MH;U*b2U?WML(SYrxo{xhq2mUFEsl{o-O~cckg^Gu zrk}6kSrS>+#h|kSloEjtNfdA+DCm0VBUr!%cD~8yGpe)9*OUWfmCk)EDAkpPU1fL(bgs?Oen!w|)(B)QE<&e`r5w8$UuLcnd(>hd`4&Pe^0J@Bjo<~g!igafi7nwOJ7B?kX663 z^v#kvYs*|fSzy+_ zvy>ujhY=_t>({~(`Uvx?Pjbw8`!~x5)w9$#wByEsblPUab6OkSUa^d$R@RhytAAha1krK1<12#qezf0$*HN zR(QDYN#|K^WmV%v>eC&IquFLH?Yd_IUz?P|bg^_yCg2E!8IB?nnf;rN z$rLtl5OSYhXs^_#lKG=Rc-{3*dvfHqj z>Nr2$sT%)O>^2No(MVG%@QXfq31O2^#vu}zW|{I1vut38@+!n0nv1jb=$?$ym!ZHh7B# zs!~YKqDGkQ$i5zW!~<9838>pN;2V!K+`BzX>4uhTc^OIrH#9YDK4|0Zn|hX7S%ny> zMN8>{P26z=8$Ts^z}0Vc=M|o%2s|$x7g|uPl|?WQqiHTW$Xe3Cg1P0ZP8ry_JoGbV zU;@)O3ZSU?^h~~%8C}mzs@5~@B5_W@ZAZ0mPNs0rMj3{*GZ=||s(ir)n3Lz*9{Rw= z%7&%RQ_2YP2}^~Ric@vPL5jPoL!KFCopp95vWgBgjmVPT_6ApQc?ewY<>iXI$YgZx9QZmhbUd>X4P!ito3S;J+%LzQvy9XqFT{>b7A~kyZtzcelFZ0~j(ov`%jJ zD1*GOXDMXWNA^53X65?t0$>=6twZC0OZo9~Ok$L>sq$*(DNVisg;9tOoAaG$6teQj z)Ma~Cab;NrzY8{~o~3A3@#bLlz@l=quuin{8q7Jsye@H=RxU_NS3&z$WPaNfEHw!Y zyvnr&>&hd5mKUrQQ8kw&11Ms^pa5bbs|Eb?oj(1vk?J5xn04L_83Niow` z<1h-sA!v@Nf#`$QzQoE}lxD$Av7dMUulTo(7QF25IIqF3Cwf~dqi%w8f?0k=8LplT z%n^ri+>w$~O0AF=0$eHVh2!iNPNQ>MHgp2K^Cjl&zNn^$G>Zci#*Vp9-J#N6QafTD zhrod#8H~tC0YaWru{%lyQ5dHb!gtu6hSTSi8llwr=x02olbV1Yq8a%X1h7jur;aE+ zw{Gc1;W_C$&e_?SvwQT$1QR?}Lv?;WdjAeB;0V-za$T-_;~afBK!Y$gg;c-=Gf?xM zW@(b8?l~TwW9W;sD;ISvZ$HcZPt4?ovA$T8Qk2k8?iP8;SYiVTN*pjEZ>tM!T1+z| zn8QU}YZ8FE^c|TU1R!JeX1srs$s;;lS-3d7E6UnSfl7h$gVxftsq=1PP-);Sk88HcUg`#F~)7 zHawqBIyyGQm_!p-g>V`~bkLb#!Sy;dfSh7vh+BcRAvhJ>+zw z4w>kqi}TVh<~hjvQRSk@;#)ptguq0aS=BH~g3UcZ6mXo6qO1iC0`>5*Q@PKu@a|I_ zr6bo{r>%tsS1-Vd=l>n%GRdMy0(R9k0asrW=(MF+=3=NLc)Oc%!sQZ^<}2r8-lDc> z-HOi0x*bP5Ro@3Kl%NDmBM9G_G5|@iAX3g}L9Gg#tSWB0u#QTObPLQW%i;nZvF11! z7``LW0yCI<;YlYvr^&DCUigIgzhMpTfTY+}0qUHhkJ7!hrW27mGV;mY3BP(p;tNAi z3kT1)>bmH&hT$Rt2J5I(#CxIA+I`$Lhm@|2q|$M$Gp5@NMsi`-r;{WD z%AtT+-EhhVm-`X}oQkda4#?7=;1#(_J8e!X{WoD@9p@=}U8-$48-gXfP`{7PAXK5+dMdc>i8P8j&Og+( z2nhemvKW07dlQ9mN=EAF3zC?8`uIsllLT<$rGV8`{65SJdS?iT9np>wRZ0lDCkf~w z=6{*}UmWG)ZOqyKy%(FM`2U-mJH1u@pGSEzP9Q<9Iaq^SQRFJ*DVGkx@FEL?KI(P5 zUHCOJzZ|i!MIHFJ(}}2$BM1-rx}o&rUIfEGrW**1~i!FNh{Y{ z0!|C{QL9$S$X|3@YgR3F90(PGY8AeUexBkWV1#ohqGG8+e+wmL{=8*dm!pJw;Av3! zDAW$Z;A_u*KftL!KIP%RpuyhePW59zB0Lpece-niBcyPFsTudD?Mu@QlRBXR5g2&B zy)9D&(#x2zJjI)wYeuuAj~JyX{1#28(}eWlFLO*P75#sV=YI9S!b-UZEzot9--TxjLf?>b`2U?}1LCKVb`X2=WL>`*krX8tK5`?S z7~-Wpate2(9$dX#e*Z781Yo_5jAZ6PgCbU>V-NRy+Jytd-wNQ~9ClwaBWr_!MasF{YP@lQc_^j75rulwD#5-bnw<2(w^? zaS%dQYX_mTvoi-Fy)Q*YS6Ad0esTG`(pd%lD8*PmV-d21-py{ebL!)?qu?v(_pH$t zdITg`A#Qm^v$(e_D&K=@&&9UOI`rLj=Z1zJTBZJ`p5^KP@>YO3^nY`EyOjTPbL&N~ zyQ2S(@xUFZCRH-PDX!IcgYh zI1K9R*l(55-f}MV2p`<0Vr&P>mQb)SENxR!(>l|l0%3H5J{sbPlexB%`FrdEN2V+# zh+GjLT|-Vo90%y-Ur|f;s|6AWyTFlnxz$BC=%&V8f{KFCHMpL0QRQQ;CCOe*txu3K z{|Z{wV`#~SzBG}3z-M{>Z;4L}wlUBCv;Crc{ z`@g%h%K!a1&;8ne!7h4dtM9jO_Wjbcy7;r`{=cp7&z}}K|Jf{`|8%#uR{Z}_o;G@a ze7ubBkA1xvVhL9hLw|K1K=xgb=358)el0Iu`*=VLsMuL0yXPa%|DyZ=99_m??{x5I!$)9=hU-x5TQEP#?D}n^JzM93mdhYxzvj6o3%i9`(=GuRsSLDB)=PUcq zqdfO(|IsVuK3)InEI{9_JKm!|OYQ$#8iD5Nf7{!Y{lC4^{~qUQqhqsY@4@v?nqN-d z9y{w+*uL910ZLnuUV1B+z+1Wmme9DI(Mkp8YVZ*>WZ|AnWU93p^ygk&1m`#NM{*Ec zivHiy2snrSZ*5l2|2JQ3ukL?5%CqwS`)cf(CXUUQF>cOl{t>^M(l;b36trO)~>ISw-;Y{dvAA-PxfCO@9iGF`sMV)@!rwF?z=s7qdd_P%=sl{ zL1T@>-Q(lm-XFb&8sDwEq3GK3H$7XkroHuPae$mho|Vqw6lduef_C+1VOrEMer~Q+ z-}71e$Ml`Fij=&i7Mdm>3oJr6Zi{!Dz|^>4eLXhxZ~0kD{=4NNz#RE+bE_KvVXM2c z|2@j{Mf^VvU7SPAEhhZrx}N(1QGG5l|1nslK2~ts>P6vkF!I zKG=i;B^HYSG;gWol3H!)(t1F3-oNUL#K?`~*cqz?#$6;=ZB36|F-;)2LY;%TdiMRg_Co*=-?^s|sQ)Xd(5Ic;uXC17bS< zzdf(l^}24?ncz?dYwtTQA`=`&Ld!Z26Gne0e)?Y{N=Fd^^^1!(9Zhn?K+(Irz9U~l z|5ft>WR2z7?zMBFJGJR;dEKv%JT>h9ySV#Qp4t1qx6|F+D)0XnTdV#5D3A30aS&o8 zp^M!V1!aU66?1Ia(!a*CG^q$@PMX=jBpaCj)PFUjot&HfMh}{x;?@%!i-_a zX;e;(;K^F*m&xUA@~Y{i-eC-G<6;l;1p7qQV`TV1nH2!O_#X^d^{)>vgn%=d9;uRl zC(~mi$~jILj~L;+pi9Z?ZU|YKU;5};N{?++?6#`!L5%r6ibr95Ra-EPxQl(rtu53k zA(Kkw#E~WwsgJ>)c9kaYffd^b!Rc6NGC~qhBmGxfRJBFZ0suD!xvOm?eT@)kv92wr z-A21QeSu&Q2@R0U4KNXlW`Q}phqO2P55Rg`^kFwnL*1{wBZk1pKeLdL;5B6KJC>P% z!g#blim7?McSU?i@g(cG2ohN6L<#aG*!ytmkN2(;F_kdg=8G%kRh%T|6+$#23=05g zKek@0%MsQaSMneEBBcq9=t!)sO@7>@{Ojne!%&f@daFo?)$0@u3wXlr798AQ}Shtq~W+I+s*+upW5G9tFUso0Yh zC-~|#WjN+T!bA}k65dDBfDwg5;!piZH;)ig15ujC1>``^Um%$jxsSqlLMD_=%@>tn zU7-4Oh+(myo})gu+vv4PlL&buC0e+hh2KMa-pE6*Xv{Ochueh?we$A~rDbBOemoU(4j!+)=Rb@c1lh$V zxX_}S08LDXLQh4T-OaAs>$;oUPGPnOG)jYk%g14o5T?G#6gQ`;$S{lupYoJUbX90m z$lN{K&XBJqja_(sn!i@dcXJzhPS}NBoq+cUPmvyVy zPs0mxDw_;K22^d@M{p1<1;gT4U0EYH=8VayApBBUXs!k&3$@ZTfpcJL@$U?JYqqRq)U%P5`QK(4o4Hp2ns@ejzDzK6EMb%1P$|( z|J10d#|BUq!4f5j0bm6@i=`G(dVV^<{<)z&T@F&!AR?zSKZ}|HM#O#)dsO--@+v{J z3l+fmbdt!84W(52lEr4x)OBWJri~5=3DiXFMueq;`qZjeC`8-br$ z$Ppx)#fXRCaHa%@XDT(jm@`4Kg=n%+3q|pu&9aCvH5YFlxRj{23>M^i@0i1$)RoC}ct^n5muZ_hN%g=H=BRZd z)QV^D31q*%DC?R`z$m#;?x1);F9_;&--I9#jxk4EV9Bg%>4Ydn*EWd2Bthl$(XtMd z9FR!5ZGv-T(-D2eJRCy7@?vSkqhDB0i;RyGJkZRrIN#v{mBB$vY>4UmNEBs5Sh=;;(6cP;50)Rerl zLiaWnH_^PHHHoeN6+g>O)v|Y0%Mn1|nZ%r0kAKes!borg8xlwctUrX&p`A?)W(hJN z2ONb%F+oC`Di`TH4jW)!bXcwxBaJ0I*()9}ntW#uLMfEg%R$yQsn3)aDCJB^QT-$X zkD&?tk`%R%Hg}%C6UvrQ4GAxl?Ul>+Hh*{*!by;w@Jx(i$lplkj$XIh6~Z3N;@#SJ z2Q)sSG&SggmmfG`x}2lPnE)$!)+?FdcK^^pNYIEwfgeZXNeO_}B_HK0PY5DxMAE}5 zW_5GBzOTImOA{&yU9|BAGuS{N4 zK&{{_ahTc(xMhBD90W2yxIi*+(S!z`(>BM3lc_7<<%T-gXzG&UAmh^kz3NM$Pi{zg zdfi7K*Z6qt8Cr9F@qglvDH@X~qHCYj@o2S+mTa_qM;W;wj1xCu^lEB%62~JF4KQPb z;U70U1I$C;#aTLb3sw37xqxa|NK;C*b5RSlx>o+%b+d%0jNr-3iaV;<;)SBnjNA(^ zJ0$fxg(l%kN0f=dxG$>;YGHLij!raX#7%=7NhW%|A9_9WF<~^NK8^b5*O#k>{}ni2-xoH01a~lj37#NdzrL>zANnaWnu602QP;gnYiB zxF|!z(i-S*f@({{Wk>=k>EPx6Yr#QZKrTAo)7H($-sIE92KuXXc2{7ALbceOe0^t> ztLNdKhV$Q4C0OO1gZC$U$6k7s-oA}_{vTT}O7Z`CFE+cY{11=v{7RT0xv8{n=raOA z(v-Ob4W>d7iN&Akm~f)yEzn5y4N2F{mHq2$T?)ZT%4dvjB|Myc{DUtc4A=^SX3 zH_W0)UQzKxB?0YM>5ZVOcyN#N=0@MOR5DR-^94Ac_WI3LIyebCLQR&L=U1d|{{BBz z5dge2xveY6y!(I8cgp_X-R_H(|Hq>|*Vmn==pvl-L7UZAPF_v~TKqBTqojpCIa=C*2Fdo}_oGDEa<^Fct;`eMTwE zVjn%p8y>2_4F(q75+w zjt0cX87GL-2|<51mIgW4VMwBYBg}|29BC0gF4W%V^LNRN+DWqc+UP%$C8jh z^z|KeH5=ZAxn_`YX?exadDYu`yyiqwqaz#|RO*igow`h8fraoL@f^|<=zIU=;!|q% z)1W~@DKLw?uZ6cucQ9dLoDNaz-?{tmyj6lG+g)anHT_*!eAcXrjiOxt#Einss%0We z0sm>5T`1CO9E*)=`L}X?M4#cHU$EQOpIfMP+PeKtDsOYeNfDODz=oa|Erth8E3{b5 zQ%4H!jr57SzBbEhy-_yUXaWYEE-#4^*p~XEwGfbb^PbK)8uE00WuyPXF-Js4p%14l z#c@4@m7}{UVF>*WqHVN<{Z3 zcTQ*?ivQ1*|D^R}f)f|45w~#(o~Qr4*skP%-|4R6KRn8#cFHJ4>k)~~#wyvYHc(ek zL)Uek(uINZFb?`i-Vc0-6K6tFtiwh~`_}a}(yOUf!*g|8uJo%w`MGhwQJ2imupD(Z zTh~zDi1Gu3U_sS#ir<=oN@%M#uM3O`3sW%l+a-<_i@dpUGzyj+JnXJM`t0VH!qo`H zJf-v>5CpA$j?iZmhjAbn#&er>-Q3KY|GE2LJ0#!XD!{z^zni`C{_ply_kSPfDM<-> zwzVIKVa8(F9w>&~Y_BoJ`GtQ-St?4`nqn*_&B^3~uvc`F2<58v*Oxu7x9xU?oQo4Y z2%|6!3HSb<-|+F?gsGNz1t6Ow<$gZi`44bPe9;?_6!(gp+pa>cQWArkcCjq%9Yx^w zC0^>uTaFwc58na#lJo|Aamp*hIue#8anVPmNUAKNw4DQ1s1;grzbvQfcG5_}PbHQ_ zF^1z2X)dX+J(%zqRvmdUSrwB-#n{nj^v{f@B>!Ud4^@u-M3ww^Wk7|x>L_Pc&kLQ> zS2jc&;;(AgbW9?3>IxS)%ulNo_+pP$0GF;bFy_J+ga+6@Cvng(yhK{zJ7`$tHAUr7 zpeU-hzg4n;n|hpmXfA=h6Q8Jr^H~R-d{V`izv0wYfAkoWK8Rpq<)pD+A7x z|El>vH#aw5toHw7Jf;252H5xVYZ_(AuW9S+81i?K`yNoDyZhcZ5*-UK!ibCt_m858 zULNWXd)&v7@=MhvlryrHx7K`ZE??7c$RtUpuR~^Dt9#WjsBy?yIZ;se2p7 z*;Sz&l-Z4^@I6bC2<{x==#6F8E`yW<06T_3*CdSd%jy$+)kn{FcD8n`t2OrkiV+;V zkE5v=(9ikpUvm{lM~7fEvCWbi@b25U-=-8gm;N&vkvj^2^XPxKeE!#avGt<2qW_Qa z)X{(Cj!~lh@JR)!{1*_oiuQj*Bl2}geUHc@=5tbI5q1$yLPZ26CHlCQpFymB0&-*S zDyjlyF)SpqH&$gD@W5mJQ6M z|JD5eFE&^D|D!zjPXB+BYvm8i2E=|*5o|S?pMg6EA&Ye`j47T$bRl3Svi@JC*pKFJAOk=YNm#)VlM@fR^7V3BNz*JpeB~@WDs zZ{y6Xm&x}*2@phKWg(8!J~Bho#$aCu-|3?R8WRWE2iFT6TT6|-7-zwD3Mhp+LZz4s zHIVbqH5Q3HibVa%lJ(sjC~cR$+KOjdi%r|Anto#`rFYR2}nF2U9ON5=lDV*}H~Hc7AJI6&*;$3Cpae~S>C zw9(lX7rts6{ZgD*<6;IwzJ;}YF*)hsZSsrmf0f4aA@=`fx03(Ax3lv9eVnI$|EtKc zO&36{oTffyghJ-DPMItyAYYv~;Qi?b&4??<)2$aN=2gn&j9PVKP8Vig)STa$0=b)W zhx1;1o#$N-soaOGTIMXOT66J6dcv4%CG}Ld&8gI`k(aBY zYEzxkrPSFC76LTuDy68+%}v+VUftLHUZ45=U*!(tw?71)&HsD7=iN&DhZiqa=f98g z*lZmq3Aea-o;2$0pTFxm1ne_=j?tLM)2PYLxqd z_~$&Es8C(dIUS;99m12LC*Fw~oA(pukM59V_8r$4i&RbL1kWCfq;)9e^zEqK6WUWHkdK8tCY0QFGELsn) z9A9OEN5r#|+FA{llJnMtQJD`U4{TqIHKOp=9B0L^8L|z^ih5bNQLb`sw5-XK-ODo? zqnn$4<#UQh=;o$XhIDAv2&_WrgsDVMJsq4w;TXdllJDTSo)u zWcmy}fs{1%34uwwhD!J8MN8M$P!HYQycB=R%EiG|@Qo^YI&7$Q#&J6_MY$I;)LD(i zyih4$puNo!fZG1$D?nw~C^lJ66rxgbRcotUW6jlDkQ}j9Dqu2t*@Pj_M&_ySI$}dW9P^v$uPE zQMbV>{T1b!d)m0EORcF4(OxM%bkpwmKf8Nx_Kr?>-|QWnoc{9u_@vZNpngS$(A+|+ zslRmu&|v_CMa6Su+E>sV~PK`DTidC)w(CpN2 z_N>e*X_@)#+tcW_^tG9`>but_CqJ4&NX^yl;{Lg9sME%6(#ZF8UMjowQi!_Qig`0< zpS7xWiRLA(;Knqq<(1Y^LS;%S+_^L*b@8YRus4 zIc%+fDN}M;eXZ+ft+rRQCG9TN+ai9b)3!=^Qx^lD*QwwAHM}lQpJ}aFm4UfYvI_rI zWAHDhjBT!7&Mn)d4HYVB5^Je;3sC1;5RIBxT?oW4Y5!}m|9WE*O~O%38M%8K^Y8zZ z<3H`ZSe^eq&eKMRI86zQAwPkfadbH*F&boH6ol~zCD=d5BLZmxA$2>?5}9<6k4Y4v zQA7vQ>=?$QXNZvqr{M*Gh@;kf90yJt#bhKiOsyx348toDNZZoCZFoosu877^Q*=oX zX%vMq@f`2<@#%3&8FAX^6`f3IjDCG}jDnDH#~X!d2mUX+?|6fMu@3xSzZj1?;(z)l zzlb|IpaJ&JvqUDkcb z$Hl8oTa^{kuXwTHK}&B)ijGJ^(SAInj&pW)=F^zdh&ZAUV&W4H0;E!VR#JVA!gQPs zypTe}u3W=bU3sV=;5yFfF(K%q`PR^9=&ktQsVLOhfV|Wy=Up-JsCVkX7+#YkqAG1E zjiV_HV}SWs_9IJ13ZFLMrHZgfQ}j zt}+ZEPZj`BDYjzOEA1TNp`R&JnPs(cLM5C=kop+mEFF_L)yV~^Op~g5;W^HJoR3B& z)kZ@aMf6hiB+t$*W+97ZkAQ2)jtFez4FUG2coI1Rv;F+w>ewF>ZMlMDDafoY{_h~j zPqU4t}uy4rxL5d#7{L%&50-96hyuv;TIE}>p0=QkYkJHX!}drMKBlVXly$N7h~!KO50h+f8d9$=Zm z7*_0A$x3l1HsP6E;&3W(=1Cz7lEUdNmnT?}P@oA3RV;p7&3i3gtL)Qa#me37oXF(K zgrlcVW12pFs`shbaWJGa$a#Dwwpv1CK}0Ucp+AWBxK^a~>akxJH7 zCSimT4`EZOtjCgeOel~rvHv+r1+&2@qVybLNek$382TZO(8oe*<(z;omiT$Y`_kO@ z>wBv5U&82wq+^otjy!U^WAxwo_rJG$CIA24^B1f5pO5pD{Q7Z{n4g>8X3y(70pUIi z6B*I+&@2uVa)d2UU?h(kfbgW@1QG^@gd@S|2AC7i8B@c3`yFeU3BKcmzMaUO;Y%gi z3HB_A2Z>YI-PY=~Ammcu1Ph6$gE=RKwR{@U5q15+&dy-4<8N(0_mX(zOmLVVI=hHW za2WN`D8w<#1|j{gk$556HGWU#TVDKMI3DwmjB85kPkG@<$S9BSg*V2*zs4cCsHyee zX*ilPtAz=TX-dvFw`vNjZ+YPub3!Knl`L2!Y>TeoV+;Y^A>sVB&f`uA~LtAZV|Lw)RtZnOILKtV{W(6{!mWZvjRe- zjuF!o4G1!(9H?PWw_FkcM`%76sSD#rG$Qg&uk}KO|J#t|UC}aV^i*~Lx#*JUoV6ID z-hsqmRTT=65c*}IAa^6?=>5Ule@MWf$V~9L&~yqTqU;>Gu#|-4z|rNHqJY96!EU9x zx*JTw7@~ReXK0Y6=n@N6sQ@dbh$e&y1x#8jLaEl}9eM^>BRCMMkTSMhh5_-Ub-_YQ z0gJ~HAs8_l5y%jmQc)i1^F;W7T*S}ABr(5X4TxVZ^q8k&_5upBSK*Q_VAP7+sWT6o z=ERJQ3Df=DQ_aebs@)AeE#Skr^#BI+GLieeAQH^13xq*emcDzAJSEiLdQvDUN*M^Q zoR9kGqAR6Ruo+mcdi%oznjSL3Nu1VopyJP|yHMi>+G;5XySZN7FdEE8U=QSG*Jw9A zxfjb|_KOaiDFtuO5J%y^q!OOcpa7~^p^rX(a`X-$=)=)lB#%*qrYse8NHK2u=i^vx zZh34=0#EGVVHW8<=3_3KU2`wVz#~^FVKI)}j74kOhggXDJjzD0SuU26Qp+#Yp$Obo z5~KTY^j4Ho(qTcn z^BYrzQJM7FAVo`{DMbhGPtb_OlDpXEJ?%fCS50lZ)^0el()446Ts_HQSdXP6SY1cYxH@OrGd-OnRG{!)<(@v2LwW~kN~!1ktnp==$+Uf za5fEtKPOYzNMT%psbCBlo#fr@sQ8%0PKFVwu4->OiJWrAH7SsZ1znQI^tlWmc0lx| zRh8hMvJkG|)q=4kLmNa@(v*8`=Gj9$3gfGWqG`lk?2DnVi9xN+=~Yg`dlOT(fL?43_9;^dF#gzz(j>s^#qZaomoQ(K1 z_DPcRPGJT*nDcNHy9o{47+hEsUTwEvdl8+JX&<%D$u#HeQdy#`k6L>|JO2!N1&2xhJ;x!4(Q$$@w1ey_q^wD%D&OE5vQWERdANj0Lih5 zxmgTFLUVLSSr`y7GrH2NPhiO?J+|w1F3%l`#*~+}E^1t}3&koa+&D>v3Z^EJEjo#U z90(pI^R#sW1D2b<)+CJU*Rc{LQzCtc@dXYe@u`n`w%#8j9D(Sa61@}&dxnTN@=%MX zl%2P{#k!wje$G2s=-{EykX@xan>9(?NfxDH5)s$5l#i&LHxHXzbh7NvJBQO+r>kPR z5k`jw0Fn?8xb0eClm!J8b>*L2%bB&LS|xx1PU{*{s>?)d=mOu;0t)3I-x>43;jf4? z6ij1034O`hct~TS`;)KmxeGkUo2!nFI|W&x>Lcu;BZ7n9SeTOcvA^6%rK9wMa>+7) z4Qjw?TN@}8E+BPRQ8o0+>%}WhUq0)~4D}2h{`$%=Ce4owgBp+_Wkj968~JTOvp7(! z*zy$DQtZN`13e2dN>f|5kvrB>!9?w);PUWa1r{oP_tEB?a49Iq(%Bk;1*HyiRk!WG z*suO-)ls&>mfNbU)@nV|?g$|l)5WWsAdE*Aye!sc#C6NwupzdOYAVj6=oyM>r8)4G zN1+*!5O~sO$RAV6fdyOk3u_B{2(6EjO+;g~``fV?1&#yE0+fq62)+6H-ZSwT{ReuV zkoY*o{`rPI6YWBG`T`+K&55?9ik(|GC32yvQld~F{iX8mueU>F1<6hzP~Vxp$6 z*8Vxp22wJmYzj*70@z8Z+&3DAHi`|USqloSak=4g;2{SyGSL3QuCc5fj&*mXcE0pi zO)B7`LljQJw7e1DikG%A(z@9p673&c2HWg#RAPDLMG^8$!3(*wBNquTv<|a$Z?G%`T-A4s)k zB06|DO2)YCO&LY>k_3m04wZF?_tDzZwdJ5F(r7{HqqTtg=Y;8RIYf=z9OQtc3qfRA zoQ4yUgS3zQtYAQ5g{uHGujJ`1A%WgTBUs7|rDGhU9$M#wpaF^K<%V99cGXj{LGK$uzRh`>LCGzB^K95Yd5l z0yCFb6gY|ecZ81*31NjfC|R?9=+>PfYU{MQ(Fg~vz`V=Gm$`bE*!EdUTytNtlW!1{ z`_mX_WgEG9%1^RB>UDDiyd3oVs@m224-^|KNd&de=Z;6ffxlr$QnYK&I6qO7LZ$l1p+5VxJ z6h^oZkP4^2MVp}-lptB!u2b9T*~?WMmOE{8MjR$(%RRi`KQyP*)e!vZ9I!D+zP2!y zH={&M9^`$i+wFE$NiOuRU1McanRv93)g(6n_ahbLl3Pbk{#XXshbuMjk59OC&G>Ni z)|oM{zlW1a7)&{hJLZhbWkd|jX}2Bo?g(DV%<+09^s6?d)Es8zaIC{;+fPT|^qFsZ zngP(VkH9~6tO08z3qaED90ru-(ouBkn1wP~T03}bEB}t!9vN?VQoU#LP z0S!fK(9+JhMyoBt0oxlNVI~~Yjmzn$yF-m$qlqiK}nL}?4pxi zrKdiPq|=EhrQ7YJ&IM+jC>+!fx*EZu*b1WwmT`IdNc8rEn$bJX9LXpjh7W#KMiQwV ziFF;YM)GNbQ0oR<>o8TEm6gZTLLO5UCjWRYQ!@Z4U0 zr4j$7#E<^N=mASl=slRKH@h`f=bi3+TXmhWy1THkx_RQu*6O_fmdUz1)7-3e<-(b> z%%0OnEkUPRHA_o0Art~m#3n+3u*k~NR#{ic_hCHJ?>cP_*wv-V)^M- z5;(!tw=sb|#xy=sd;7!D+cl2XTOFm;wlx6hMTeL>-2T*v{s+y_ zyAQ`F2uGa4G+L9Qu4U4g@I0`Zat2K)*lR?$bdU`apuyBydwDzdB~EK09jKrW6GDfo ze**2AUlcl`+Cb~pn5^I)IEs*K4|2mp2ZX2#6{7Rd)0B!ig!!Xc+PD~?=T--_Upy=< zmKzg{K|t;@L5;(J_?X%0G3IZ{g-rw{;Z)iOHW$8dnpFC5D`g6fCW*>I^frvoITHKZ z$ElEB$D##>!gxs8MBe?t1A%N!N)aE^EDEF<>38BAyF(bKR4~CcUVEF7KQqBPrE|bE zPVtpk2d_aBMUm)=+JV3A9v$o-yy?qOZ6S#QxTq4V(4c~xh}En7VBsFKyuR`GAGjR6 zSSuGjuearOy&}D|M_wSEt1GXyS6&ONw%tbW@N}RY<$#dd*QGRj%J0S2T!F1@pxWh9 zqHJ$uyEqBaFv4&VG-Wj67Ow)o19hK+$?(6woSYn@ z-NSvgV9nMVX0b09nvmRi=8q9JClUdP2rzsrgj9YJPI-L;A5{CuGx~L1e{DgsZG5V| zlm`PZrfx+2bGS8H9M(^-k@#Xf$&uSwb5;YFIC6#V#H5RYY((~uBl`oDe#e(AOo@wy z+>RnTLhHZnzTK$rK?$_xfmn!56ydsyu{5sXPx%)A`PkfKwN9_(3p>)5y3aa_=m1CN zNc9(biH4xW#c4E^UU5PZLMdh=l5%UpY>df5r+G%y-o%C&(RhTiI1M8~k0n5*DZ={T zh-P*0Qk~_r*X7MURDleMmEu9G945qJxohoqL;Nz(Yb<9U6?(8}F)IFQGcutmIfZG@ zHEQt=F4rgx zvJ8t|Y6Uv;&2e#4`~}NkJhN`qUHnoG$h=I z4W!W+o}s#YZXcte8P*pM)G(uKw~5x!4DRtlHdxGZUcd&68tFd#LBlmPPuv%d*`SEP z0x=uv=Utx{z?kkHt3d#&KvloAyc>mZIZfRJQDO5*oI=>!luD`%eMDi*1wkzsD!6i! zQE;@l2ZIQcK5F$gUwB=w>-AcWJz_v)-?7Ks($TbiI%&;19aWRMIu>2%ShTtuR?#F@ z(IlD#gGUP~QEmFWjw`YFaF+`!u`t|4VoNCD_p6C2vGCw-6IxQf6*9Ua?rjQL>(^bV2ea& zsBg6rm!T=1Ls^-T;+1t@$hPjST)$VY-`}I__bRxf<{M& zuaF>pLME|#1gJzf6LTGMpMv#F`FG)%a`&GZVWElmAi(5l-)eNqN?&^2AGuZ6EFu*XiVw{&lAXpb57 z#4|fqA z{7(F|e70gpn)1*PU0x?4_`%t{i)zy@nZ)TcWn-8AaTofcH{WQoR<+eVB_;QZzG~B= z*}FiULt+r`=ARU!t=O#B7W7rG5of=#kSgrRKS+ph1RVf+P?KtEV+$mMyZ0M4h_c|lTYJVY;bT=GLZ(AcqQIS7idvV>(Cb= zxzv!9qm)pyrNCy%I7br5OeCm=)Xk1sRv^T}l(0z{%Y(WR!#+U?@G5hZk$-<9K9@Mz zR<{N`mmK>$f^Ong>vv5{R6ml6Usk&L%@* z$!F0p=QA7z?BTAw1{U%fD3JHB-Wtzs)cA?o7-Hf$U&oml;V2POYk2W59UzB%v1V@|!}qlRI_r z8h^B+>~xFEzc8I)JUWFN&K*6$<_%1-oYuBPi4}=OPTamqY|hPn6R26degaVQvaji7 zY<(A8Ct-b*CFtc#)Gd4&Ql^lfzf%Hg;hmW63&P-BEm2l_^Qj~W+qDA1eHJG2&}8lU z8aEH` zrZi)4wVyvji415A5@KbF^}O3!<`MBJ3m#tJQPC_(hOR~? z;zXs3CWJw4r_{Yh6&|5PYhAJWPs@?b4Xu?yRH_78R8-L&?3dzoM135MDNp-9c7Nmxsd@$+oF-%(ZeJvr$zw_jzBI?GY7lUP#w1QT zS`R(qL1+?5j%AeVjofAw=LZk@Nj$;+So_!o;c!Tp;O96?$0SZeUyen!Y&vORS_4tG zVm<59Zh*Nxc2$JNNXIn42(dX+7x2!Y$OI>6h!OZ3PU^u>?Byswwh;pO$cH_V(hsBu#u?DPGj&pRN!hu&HyOsGh*-F=%y?Xf zuMsdWNfZe*{j%Fo*sIxfYk7BFoP-M7YmV7g`S(*E)Ne)UMQ^aZZXn^t(_km1ZMnP3$4ak%LldK?PKuc{!c%$3zSUfZELiDo@@DJ!3#H zBMhbVoT#WYYGKO75tLj+AgGX^W;jwC+k%>}gZfRLA2u4|P;jIX`_=+iq)0k6VqW|| za@0Za`%9X`1$!%tISOM7q7|nP0+$t=wg!%~lujT}Ram%F!m?Oj9JauM8=Rtq=zTgS z>@wu!nUqWvP!?M3I~Q{_8wfmw%Tu?|sD zGW4h&h<#sZJRKiy;nejX;L0MHI1E*`nBPhnr*YE3{*n`r!eTl1 zv;;bdun+gl`nH#%j-|;j{Qma#*0QWg^sCBL)Hq6AMU}294fiy`>3CLuJ2(kD7d>!_ z;+-eGPQvKbREH&Z7UD&&kAsVlQ?_DCE2gw!N-L)H$6`u~))e-!gSGOhTz3>fe9M}d(#t#W z6rI&&4?63k_hKiiX7iJXF;4XbIXDm!g!D|%nX_3Sh17A@2luiuG3NOmpn?<;m5K=tn{t*3hXDnqXxgb$pACnYWjkyh0A=az2hhZwWZysjZ~xPuH`f2w@BdHm=Z(Mp z=eqc(nJ+x)^`C6s1AEnDZs4#>SYvOCm^xUuTzSpr+@-s*WDgP=G)V-v>w+b$*7Ed- zURD|Vf67!hn9Dd1DxDYHCPa~Fisf8PMihY~XZ;arSFUeHK5zvdRzkubMo579wj_m0 z))eEtSj~X4)#cxkh;b^0x{@mjFSjic+h*`-QbL5Ny6}AjMmJfgKcRr>uWu~XO z$2nStxGH=;9%+S(fXflpO27vMX^SCxNRdm+EANaBgfwHM5H0BZ6k-2-K(8R>F|)ll zzhWs1@TKJ|84qv?@oElRw^e?d=*px>gM0-inBhrbF-&NXi3RjgaFEl@tE*4n>FQg6 zr5kepX(m?yB%aE*cQv98)LNd?GrP%IozoWqzG61>h^%BbyI6z-$$QplIoguYU@l#$ zxL)6@byxKJc1qhrDnUy3R`Huu0&J6oSUF2u(RJ653G0jL2DhcPV!Yq9I1j?~{m9W8)Gd0Dj4`i2L_8#L z$@VkE?P(D(a8C93R=7vzbB|+t zTQR$0k51!IZ4iC<$X zk)Nu!ncHeAt-H*5WCQIRX64sZ-)rb`yKzwztQGBsja#x+G(#&}80rC9_J!gQ>q$ks zj@rzcmHv;t-i}y~yJ9^^k6N>oBEr(s5{lsC1q}lfWDrF!Rly24cyd~yN1V16#KIW; z(%H58ArE%*GdLX)Oy8IuWb$-T9tq34@9@u&>`Y+=)^<}b&NAKu|C5<|!%Y4s__Gf5 zRlsfFJ5Ef}OUlmkK$CgMcZl00@I{B{z%G_Yw(~0Cxm7T)Hu{+|--;P4fS4aa4#63U zatHcLAEM(pe=0o@Jr7+FYdiiJv$PQ3Ay2}6@cv})*h{a{a{Wb~ZnxWgzP%0qcDvou zzrCHEt?fVcwqCs0-rm}IzO(tK?q+v;d+SfAdz;3VeKMY6_NVTh+bR$48+op;T@(&c zDT%vUbjZEAaZYLzH~2UPh5}L9l>Py-_Vslcn7#^W1>A$MD{;w6|N7t<7P5?gq5SZ{ z?Oplv_nqr&lNcVgEH0;7(y8iO$U`?bp6H65u3m1Jn;VZ`_@2Ha0KqC80lA6>9p&3b z$Iqg3G)wb@&JxfwNp~c6J{-MW=Nkw!BKqti1`f>)&}E9~n;S=k$rIfcKSf0n2j%D{RfiCcp3(#O393^9V|}n#kk5qhI%5)y(C>tuNJdVcyrS z^>o{@MfEloGan{5Yn4gQyWC%tHa4sZ6P2`u7T%wS?_ZxD?7rJ8p$m*Ti_KPqS~y8w zHsLKt)-!Xt>}7SJK-h0?T8%qNC{B>rMU<3#M|XIkeu~k$L&`2O3(yliYy=UA%9K?8 z>D2SSrjVRvI^4eRM?pjg{kD5_uz&ETp9c<<(RKCJr+@pme}gRwE_e~;M6yYUH3&%+ zgzQ*=nCrJ=f{yc4Hz7CKY)IgtS&t3zK1ba+IriKXA`@B@QW8!IaSs;}Q3`M$K~O2Q zcW>fK0qXKXO95-MMVH!^ZYjX*mYThH*`;=JzfuWi#=`jSsg&HjB)&T#dG@S)H!^bbj6RNt+}!@dNyzi*=n?|*Lc8~i z%g1&vzo2;BYmmKcPWrQs^B=}T$|mZdHm(U#{tR7&JWTseeYE__S?kyMEO`EVIwp}& z6TCEumTqJA`R`_L>-me)`EPG)YiD)-`xwvlb>}I%2q%5Gtvn1PB8bP!i9m}#CVlj@ z1N)=%)Y-dAa2%L~wc48!mW}7Aa;{47Q$roxya2dgdas}+8BUI~;V`^HEjI@ycC9M~;LcO$6(q!xU6P#?J=QU%unM9#nC2aqjw7?X4+Zlk z6Bfql5ViiDyZ_Ex#bL<5e^m{B*6uW@_2(99owja2q%4+s;q64Txg?*5^_x8qI+@Ve zgJfrUR$eXu->hDSeY*~-TlV13|Rc1(LXbqk_Gx$Gp6~S zEa<=sps`T?QP9}jVlx^GbshtawrsQj7VYAXg2cuKn{ikX_Z}F9>gaX>?5UEEg1EZ2 znsH_yl;0n^at?wG;}v?&6#X;9k>n{jNq|{;&TmBWCn%o^E+uF$H}PIMoe(=TzO?Lw zBno7t6iC7=&3_R1WL>dZWd#DyF?6=sVp1&{Pv5ipM|*R%+*v| zvTS_7+;EMLntgF zP9_(Gy`qyutlZXLdftz2w}re{IKhK33e%8qPpoxS*?SYFx+ewXp%%GHNi06_&P8uP zQrs&cyV~6U-k~|1B%+~t2wohgm`rHQ$vl*rVk?Z!!Kk__m`LA|*}|fIU2s9n{`F+jrcdd%t_QuL^PR7tD3lEFDu8{tJ$2?WIy2)ab{mOsVDVy(sYS(2WNQoAknN9z_K?|Fi3)$sNcWJ6hKf(jbxk`vTmY?v`YRsHwQ z6Vwdyo+rpwS#CW)7LbLe#};~*oSg=5q~^(~@vFJx+%!VG=c&>6$ZtC#S@Vq^$JS)C&l#QdKQGKAkZ~TE0<_5bN>#?(2%ydttPy!%+U@46c^35lvRP_JxkNJ>5pRkoa~;BF z`+s$Nz3sC9*Y@)l&sY9mkMXEIi{oJSU0eMT#9>8AYb#`&C^yw38WFS})3mYR-c`uc zFdm7L8?Y~PO`zlsRM8XQu=_lWgFdp_bF}Yh-$BY(s;?-pJKwb@G6(6OQ5?nriBq&K z9cg8ps#{#Nb66G;-mlmqXIw}OZ0#9 z#pdRU{y)aEDE(g-CDzF#NvHJ%W%$f@IMFBAf{<-2P~~SvC&!QjeWR)aT=X|G<+-H}*NVRbAh-N=!wzl#^&1Rt=<@ zszvg=GR%D0=Qi|TI!i3h1Lnkk-QL+M)BmmKn=e-M|1qA0>3^dL$Wxq>VHO>eRF|G( z%bD+YW9b2}O$m$gU(fL3&Oz>4F+hO+R8nE&6l)1kCC*_HwQrXp@r3xI*PKMePbrfl zux^*=gcA!5s&p$QAK7y`GDaW(IB%BiRf$({a%3~Oh9$^wN=8#zQvd2ZbEel+ldfnL zb_MGr93t}1+4bdp`_>VWda>ZLj7Cuyk3J*;PF3jb>+2fT1ewWI7`KF**<(&d6_`wuzHxdWClhL`Y(XBG?3JN1fz+_Pg*R0T6si zvYcdytd(VvK%oEvg#xPZt5_LNzV^I!PT6Q>^XjS2k1`!fKYHxr*iY6k0!WD7>4jGn z9d9FJ>HL|}PB}#SHF7u?yZstGI3=iuzhYOIOZjE*sSw1(PjJlC>*~A-T(CA7bzG!D zAR-Xd)fQ!04MHfqnP>q?+HF$!ka!i|=v|=otk^l4+ zg^ecNa!!mFfIFs(12Z!jd(vVCR``NNCJ{g}5%#p&VXTL3qKx+YBG&!f574s#N@fH8 zU{Ln0#Gcs?(A&bO;uJ}OWA;5^vMhxtEI|IPs0g9_+ek`8E$H2#IPnSU3)rJ)4<7Me zKAfDMJw0;tZ_{>+JdYQ|R((D|o|TLR>qw}QD^p0&ukT*lYP&^KSB4eor*Tl)hgKR2 zC(2U>c4dD2Oxj%FIGJ$t#{7MZpy!8(kc${kkzRJ0B+=hcVh&Uu7^hqYqPhQxGd$=I zDE+lbz{Ut)0(=;}L;+l1q8Sc7G66?JJ#G?@b!LC9*eYw5k1S`tXpF{s58to>`-b_- zm|e;zKA$6fp3!JxHqIwNnQm4xVj|VjDPMJ}CRxuQNYZIra-xVq>~l3}GY`ka&f9n& zR)}TG%4M{jW-1jON~37LoLwUq9g4q%!J222zv}0eF~Rw#T*2ra3NZ9aF~cnl-Ew7D z-&bL=(x|ez--2{fr;8SU(O3hG$&r0yKJ`@v-*}Vn^v%90(9q8i>Y32z0`}0Q zIBv+fQJ>bX78;4-E~5oA(sPFHTF|FN-H&N6>dzDmLR)c_-~h$u248tt%Z*B4D^B2i zPPG6{8IZHbvimBVG=k?AMkal_W>zbGu4W5ES$|lqUEu3i3ousc;!#c` zGq7xM_*be5=QbOe24O7wr=PZs}oKTjG`EW8y4L0z_SlKHd$Z#@ucBiP3Cur|0jCwul&SR zA+s0dW44ZnomBun+lF?(c!a1KGQT4`<|g*PC4ydn2RSwYwbq^*in{sdj?8+k+bjS-xmB-q`vPhH zC~extR>r=pWD9fSOafX@z*`*Bx z+E3bK{g?49nmPd0t^cQIN9OuJ9CiMmdr4cZ|F!@s+^Laof!_+yBRgWz10kAat~PiA zz@Wjzdzo>`7Goh}f^9!9V6r5o<+EnyS(~F&*nms~ZiJyJmFA=itlXQZ1&YWZj&L&R zXYNzyocD%Wmu%@)ik6MY-gK)LHb?EVzRuJv&WGmJnwuPVqdIM&F^SuRwWlhDm_xFA zAEa?WyM#o6pS<=-0(t|*Q=|`Q3D&B)ACrXV&lD$i5TEURBRUr*BEph7lQeBreUYD= z4-4IyAH{G(=HT;Z5F^RL7w|jwL&mJJMW4diM-+OdHB^x<{3EL3rf8|kWrLPG*Bi}^ ze%%~OVmJXv_D=Ex4EpYxKN zM*F%0OkZ_0=`MfVYuZHqN8Ys61;85lKRi1lx zO5Qv4;l=q&{lWRg3#I?k@HzRFAR*@Clr9|)-_fVf!}UY94!rim^i%o!G>QVWLSX^} z6(dSyeUp-eW#@gz4vDfQV{6w0L>)wr>h`k!3b)*DTKXyxR$m5HR1S_Nvx_kY10&Sr>^H`r@% z8K~Gxd0~ro)A-W~A5V4}R4M!j{lVgpv?n59uhd84LTb-Iw6bJre%(iByH|pC)v7DF znkE3&XvcCk3y<6KYNKmhxHSMQsalChen==<+p2^7KlOU5fcfuR@O~p{ll8wb@UKX< z_Mfw{x&DvOy7hlAX`B83qcUI&0|S!nd=A?}0V~%0(z|zTu_2Ym3{@DDyF(0qu%p%W zL0(p1n^Wlr3NXSCejps-2cS8QaJSLhaoSY=Hv;|@sZRbMpA_-mk2?9km$XOuFXA`s zL8k8%F!=68`+iV_A2i#zJ=hJ3Z~;Ep{=s*MA8c7ha(tQX0EBbsuKS*@J5QU)f9X%V zBmeKC<0Ag!*;!}*+e@mvc)8;%U1Hd5cZ&*+*oG`qLO znN+TEmEO&=m27xwCCf@wrt=FiaFhp)2aZalwBH+jYz)1hVF1Hf-Vyq<`ratg*n){m zwiA2DEN?}2)VI3-_=B16#kH3ws%sM4K2E9(>zO^@>Vlu;B1gMBeV`Txgx3&a&mb?K z)N^N+Z9B?;gj+1E{yD?gA zH2;(4cYps!J^ugc(OJ>|`=s;#-b=c3{0|sKWROdMyu=1TAk{lZP!9-RMr>b@{&g_+ zId_2yb>5;?fr)p1Y^b64=J{dX$J`umHsYHP8=*exqDK51MU4pX3IK73)-;npbf3AxM^$nO@8(By)webnA<)TcFMn!<%`2cyh-gO%)+?ap z(|M=YK`Umm>WF2qP`hpUF~W6pcZlq%q5YrgOnvl;?(|VS@E}^@ke~*>KmViN{y((f ze;*%r@&EUdjG0Wo^DFV0TcdmC!=fyfKg&>Q`_~v~8p^-8bTuHerPsJt!^X}?8kPHx z;;*q&XCANmaw!XZf2qag*PqpXHG@PYDn<(%xmHIb8+i?%1>5+}Oyjjf?5RZ=HhHVO zlu(wr)C6tnkXsss)%vT#)$3wuyKwcjwAzKM*Sm0It931zJGEMCwKqC$)JoJGFIw`p zJWjMwXnA}X!DQ)1F`muIv%wORgz7mndp5ErSuV0B<$ABimI4P?W~4GKa;1GF9n%?@ zoOTPrDo;Qo>s@i&7p->^UBGH}Z(-Ogu}oSG{^e&M=0mGZPF{;hVt-~DrZ)Usz_h$= z_MNJFqfo_9qv6n2w&>*`Fb20^tnw&ZqqCEv>%v6SPps{eQ9ZEMPpnna`s}n)E@mk? z3Adej73YjZoxFP^SQGPBKEyep7)Nly6p^x;^BgJz<>i{s&L+M0LfT2bjqdvnj34zf zOM@ZJMs!Q67w0c^iVVYa6Kb1SA4&2Ks zxCq9h<+aP-%JO;E?Zj-gjHqIPmXPnQntgNjD&$x-e|4s-+`eSx@ZRG8=;wbe0pM%y z|BX*a1^n0XX@~!_mt?vBV?6_uFTY>>_o}0|-5&W>;lG^_1jPs+S~U82CNF|3O+o{0bL*drr~OX4-YM1t}GJ=b7kV_!^4yytz-t~S`Ot} zZMW=PExwzyvHWiV09z;j$KwM2>)A=?|FM^}8~MN8PH+=A*Y8$@=WwdZ;9n!59_nJ16|1AN)Ho*Tn8J=|Ve;=u>{5L_Yw9I#m|Fs*JySox( zt?|FK=6vJ$U&j1z7XYqi{vVBwO#k1bafko6pR|epZ*%--t5Zr_{O4LCd-3FL(z3>` zmb=1#z6ph^#+{Rl# zm58A=>0$O7oojw$QT8et_qkb+z55=MUD{vTPX0GD0@cd@GgJPbj>et*-%Gk@`M+tT zzPnxq?kXgoQspMw^lc*YsjKc5J=3idKUCU4{`2efJM;e<4UbO?{$D5K&i=EPWGcEA z+20ucA%j^c#ec|hlph(Z95ls$0M@%#^^~>^`*7E*(5?_5OlTwDZ+(X_m)8*DoE`z21MOFstN&Nu-G61gtbJQ01*7mme3bP zO|Z6kTLNFyk!pu~q4na%uorby?iBSxt-KNFg<7Bn^P-rwCFDhsKx4#-P}nh$ zdqebeHJ(D?-=H?YW_BC_>k3GVu+8h3r9C&Qt6{&#xT#edyPYH9z` zb|qpQsON-~+=G~7>9Z{y-E?T!`dKa|9w^OKcP?NtLp)G@r%HA=HaDw`1*SVPgn_c+ zSsU}5ePu7K;vcxrFV4lGCvpD{3Fw8~SIrL>!WJ{Q8BI|FM?Ld8RB2AST1Z7zEs(nx zXgP(r;-{_WocCr&t+JtQopbAGCEu)o^8FKnfhX{zPU-6PFqxn?{kf#~)mXgq$Cf=jkt8~72N z95-11LzF}~*dhMIxQPFBGVbu7_L5qz|6-vsoZy;T2=&q>M#8shrWSX8cPi$0xIATO zOW3>I6qmh?#Y{*s=_WW=Lf-a^Oz>o3rJ5lT7^Re#{P?M_9|rf;)3P5)kbb9W1Nk3$ z(>AyN>hJ%a75zWx>rVdfAyr#bU-~3YBdW>&oO%nCl)*VL7v^=g70JN*%j0*n0N5iAe|7$O43;*Bm z3;wf0p6v82q6+-e5DaaxKbsf-rl3Eqc7qL3KQ}QQn&6rmO5^!U{Xqwhd3W%b3~=?w zHKlx)X_NK89r{Q8`ad3;_-{wU4*zpMX%ic=a`YPFWD{F$DWb@QZLQE&`8Eu1W6Wq4 zZr2u!?)x@u)Wig??jl=AU>kZ$wWE#^q4%>rHg97Zhtk{I5}H?c1gj3m+lJ|0$<^96 z{lN7oaYK%FDrd6rxFx4HvWA?JL>}?rWJOk-QybLS)ssZZ${9;@YMLclbYhNtXF9e0!=)e~-{AO4eqHl%QAHF<%BY zLnqnc{eZ;@zP6GUMPS|UA0p1)E=_MM@Jk={dNxj(W`{jQ^j}nvd|DgN^f>K(>F=9A zK%p05KTL?~vX=i4&TUG8nGD5R=p6cXfs*X+z$f{STdL-jwln`Uz5HRpNx!r=GA;)s zfk|4%etTX+9KI9P{rc{;%CYR(UK!;QMRa5Nzr*-Hqf^uVb22>ZlR%=y<^Vq9)IPoApyQ>JDdtc|^%W zQ;DuK0bgWCqd)jVm7n!0$nM)M0z8EQJ7i!S7+-|H24Ca}1jj79Oy_g|6X^ZFVJ~mb zsdDISBNd|+PSC$%Kgn+D@kdv;^jRqjYB`0E>Vx-kLhlgtjQV2)y_)J-sb;n7jAZ=} z0~9Bur@W$C(xVV3ax(Bwe0Zq;cA2Xj$slbOVt1ho5W0o@2OA{xuYbycqT?$mpjNT~ z9cV7we+u0`+l#7{T77%9AA}=>a%c2L5UlFG@=`J+aPRZiUhM!V9ryi`LBj5{Ue00| zAud)j`&$&$=H!#N{J8CN9@tnT#RkO+hH#OK$wMQL7>8=sd^E79ez=%e+r-|!Lrlu) zjjGL-ef2hNHoFdKQp8~DgOBMH#UV-%xgy>bUtF{sX?;Mo*9nNQ zmpx4aBC@JEXYgw7)2xFV7!Tq!9B@x#GRP}&eQa1W1~cf+;v}OpMKDJ3Rf0dFa3gxG zWJa#^lgkmsajSlP_gcLg9l>OI73Ch#EsI-jcgK9_6nnT2`02uxSdzhqt1G%vUnyTE zTO5B=x;sV-q;jWXKCsOCU2iz!p5-4Aidt13VUNGQf>C5=paKDq&-z_+GQ+C~hbT-e z{HUL2SGDE_gR8uSS3ah{rX^p6W2jY(939>u&s4;dN&lvl^)GY+N-( z={5^A2k16R?hBh+RJ$cCx1Gu^5xFadZ50@I&R7E+ZZmTm2=0=4H^!l^AW(4Sw+vVt zpnf%^zP+FY?s`j@am`jx_06^f7q6gFgDcJ-*igL!?n zodz6KVn$am(*Q!c9s!!uuLXcE8zuS8VR2V@n~r@U-*bkGy_+AdHlN~5AQY#&(LS2V zxPY#v47!@;%TcLIyMktuziLN-@@S``uv)l@yfuPM%hgh7X=O_VRM~FkMsEQMZ>rX? z@J5{k^>fY^f1$`lj1m-5P0cpZ#g#fYA>K64=_dXPJ+mp&R#H~xIDI~}-MJsw=<&C< zaaiCjg2~cCp$>pSr+AB|v`&HpVhaWbp6Ltav0>tnHlt)*>~y~(PmHuioZe{2F;&6iLc%e7B%@X_U|@whaQ)cqG{3s%$$JG-kIN3L2#?M}kIci-Dlg*~K`}2v!e+ zN+mWMR`;*4wvBwU&AM3<@}!JTd9;)Abx$HM)oRS&whCO=%nf!1mSchMx(j$Hnjhjj zmz-q%Q6S)ID$^h`$5>tQ2raRZs$6MBG$bv8iuIVLymW0$B&&(h zB5!N7of4Bwqu_GegqA9;s647v^CCOzyrQ=oP0Vfdr61Ry9?6^xO6j$~@(W6R_QE#I z>x$di1K_i5$?IFr8!h2Dii>IqK#DD6KG$syi<|1P)w<16l+y=ZzQdI7E6i9sJ*VF3 z8FigN$|Xpv<~3BTH&&|mz;>B3Ts>I0_ovPkf0hX;H~)PPLuU7#+4;-;c&VNL-x5JD zK!o&38w}Vw{I~I00srmfbkzC(?IShz|J%U#uQ^bhg{T~AtpVej(ki`=vKz;~7A>p- zk84n_q9Ggj7WO6iEu0J$WVp9DMD1a~s#;ApgaaE^?ayr$E#6(cFt;m``9&PfHesI8 z+^7Yk;ZMWSMokE@XVfL1v}4<(W7+ZN#>i&CYjsYg)@xav+OfmbZvAf^`j@4;_5ZXG z|94EYckBNi(x&VG-3R|I^L#Il`u8~`AvJxon>2f>25*@8x88B2k#+zu+isrfrBmCo5l?OmXw%w>woLezbw_^e+`G` z{=d8bx3AQC{kKN|{uTlN?@B)JX4Tq7*x!bC?u>}PW$|{0CAcT|Jp{XSkExyfZyoxV zr5gD^JUcS?f1|VG?)-Nzsq_NpJ%;}MHU)V_z~72q+i9%d3RY{v{FbJc^S^EAUzY05 ze~!;g{MYet)Zzc_C4Jrq|5ZNwK0^Q6<;kw_8>#~S=7OPZtlvf@?A0Z(pLX$o_L3T(|Fpn=YUv4F zUCG`e376Hkp`qk%;|JHPCHu8y)I<#~?USYfgG;ZuHH#J8r1-AF1UF>0VT9l^YMTcK zZbNYgae+&_qb?-yw`wu@u~NJBzh&STk?QO}!6l5Jai*=`6j}4L|8UxL{@^5cN{3(>~kfD zs|Q_)u-D(@u2aPjE^;H_%aw@}5R_ep-};J6`DZ1F(B=2J2A*L&te%dA^4h1=ekALt z1glz5V@T=d!OeZEF8X~1p8v-*<%CVuE--G4XyrH!T(!jSC zmMFsB8x|LDg~CLl(N|xUw-gcjbQc_`z*rX?XzSoWqAr3~Hz6BTkvlr- z4|~RC<$t78B*e1&H$M@70uAIzM7y=F1VVj#?S~)9A@i=N&&LANUM8_0E)GHOe}#VV zU%kV;%3=X6=*Q;*Af2s%baMoDpsKvHyC6ypu*JF{N?j18E{IYWM5zm+R1SXI#ZVHd zi=m{`>tZNr>dP)-DBW8SBm3aH+W=1a!!Cr9tfvd1WTV)HQ0hV`bs>~CST?&5N?i!0 zE`(AORi`F|(%l45Y9B#q`w&W945bzfbTO1TnJ$Ks(WowllGVUj=-Ewmhc0YQ7q+Ic z0@8)80Yz)zU5BM=cxziTvEAgj1n=d+n{>I?{RHyXZWnv4;7Y^OE&&ZVB(TbtZip3L zBckFRq6X*{8#mSEL;b$GU}>XU>#h3TL@Ce;Z-G^yH9$u!Q2O5p>$W5Gf(o&qTH%e# zYq$H~Z$v!1|G^$zIX6n}{6B9ZxO@Dc(dk(c|FgsY*-zTk|MLdLi9dtE^EAO^27`)A zqflfi#5))Z&(MDgS{K;M$=!>Oc+p4kCW2cyNAgQt>lF$U(`{-qP{lOzV1k7CnbF}-=yGk7!t50UxPVE5;*fv@ z1OBbS?GlAxn)(3)P>kU0BU~WjItSqW(kBcO62}PvWQl?RECM{`F57;%cmiS+z{I~n z>;yu24nxm503lkiEdzMO&5Otbw|=q&|MSoV?8q92tR!U#L?{M7Vg{{VyLZ7X$jA{7G)YK~882XCKoD%>4in z=dnv}Bj>R@g&&>AZnBD;$N$GU0RM!sk5dB9U%ny^-P!(*W{Kna9)bg&FUG$+&M*IZ z`|920x2fsbQ|0`B_v-n}H?Q24w_P1I_kTvGCjR5-bbL1M=Kns@0l3J%x8r=sfBg1n znIsXJ3;IROGiei2pnmhrXPoe;>3CD;%h36D8hfCLSn3QDG2~06gND{+{Hn~an0xwg@01j!P ze`HtPd7;T*pxu5ylz1H=B@*!V!{1S`%Il!(xJ#CYQkH`iyQ>nrj&ndq0E*EcsZaa_ z5y$C+yhbo`kN(0X^v@`P;Q7Tl5uW%SEBiN;fOjau;5?jT$GN_~7Or9rtrNub74$ri zx3WLOt5wR35ydXZUs8F#OsBL@D5XA^P6kzyFjW0)sIfe*XzhT%Rf=%Mk}~NySC%J*Rgw(DH?MxPc9haVj-)d->GT-_LR)f5U&sk1=I?>_`w&b~ zfNyClm7WuI*LI%B*P#Diq6ks7nyTQA^Yc1W!jpVX32KBPJkzo;ctWQQ;`%rr1rs`u zKky;I=1ZULwfaJaP@ zOrKf^>J)G;XoZ2G>_040w?%_NY)NCC{H8pWeW27Hz+Zz7W1e{xI~y~}5;8sxB5Kp* zfFtl)X5v8xjT6MEWbCu?e$#)E|BO^te@W}xSIFEa>1+L7xbV!3LH1f?tCX>$KkO8v z$fdXSk&1BB7#zdHq>=6UnuJBlzurTj01ly9QV6T81@%tTd5}PsmzQnZ;Iugs{CIA~ zq)2)G!O(eQVF?Exs}XmeYmhLwm+&czatsmqP!<`>r2G%MNj=!9#$rBPgaz+gNBpM3 zuZZceJow0|I>wDZDA;-E(8(OL5!@yL^^5ig(WaLA7~}cWmXZzXhv$Z&S@8(vK12?Y65Zn{;_pdh_tr-R~S7(oIPIQ+eZ zi68MvijcJ2O^@NN@s1#dWu{xsX;-&ol&}V`fQjPda^4+FCf6aRQDkgN8`z(-P!}Qk zteA&JDGTS+azoFq{!D{KSNjpa#9E}$L(^2#6eLT+#Qk)Pzy}NA#R3KTwD>w4d-L&E z{6GXLc0$-_0(=jUl5!)I$~4hS?QT$9*WfRs9LS=5vODgh=NM4MYHw#4)yl@vwz(Lm zdftE|wA%g67&`qK);dkYPSK7Nc>QK%i=i)FZ+TagNCM`)?$YKYmp-{3Ig&Av8i%SA ztMC_~q&0o9$U(uJ`Pl##2^fn`p6o$0Sag;UhIlp}T5P`~Q73RyVoF;&ygRY@sk_0s zvoUntml4Y~Bz=U{za!?}1PjPTUKKFjKbkd${vkNYaod|=y{kc-K+8AfC)X=a=3{q*=R=(vNbgWwW<19hwR)^ZNAWv@TT+rD4c=2lV7qaotJ3$Q!ZbHwm(l zkk$8EFk@D|q*)@3c$w^zXNeJIz}bcIeBxQP%WGbZ7G`SR_SCDV)D+PB+G(!!yM>b@r^sK{*5{qbTgO0K#P6!k=1|5)MF#yPcdbOF= z@R{K!^xO?*+~O%^npurXf;J((4DS8A$+pcZFb;hlRH4BOEf4ODM3JnLyEtr!SCOxb zu$q>%>e?L9oehH15Qi17aJTPqFd947C}TvV>ga(6|K_T2dNFHHSSYZBH-wXKdbK$_ zYnTSN!Y}XX=f*>SOMh1!XhugYrT>uj3sFDTf(2&DFZzb4GbOq6qR0huFv*;hMuyyg zn~>K9oDTCCX2dBB4I{*s@?w-dfNgx%l8od2`1}HAxU_>UVhZ)#T$Wnb1CIP&US~7v zA6;YgSZHIFC{@5$)x};<0H$79M3LXba&jU5^0^&2qLy7D=nss-fR=a8wePxbK+tIX z_WS()DEdwBaKkj#PZ{Y7j^+4w6TI&h(tK11!!>wLyBW^hB{!^qF~5rd-=xlURt0&R zDQUY@M={cpJB=&_m{H^XtikwUb=k6#dh?itVKhIM=bU8Q3ISghtXVPANSf#GyXhpt zY-?UnjwlBu&fSgQef`rAbvzbh579r%4tq)}g919#{u253YOLZB)bn%Wb4#HLB_sY( zi{su6)Ctix3%L1uEZ)zWeT|rk;|&4XPVl?BTb0NCb;=g$U?c*4_P(5IBq=<)k;}?| zM1H`ecM~LZ{>!0Jmpwo#isgcy7a2J>F!H+Pab8dPV}-3%w2>0Qzk%&Qs)n=|;QtCS z^_fN?iYIeb{`7@f-4CeP2!VO4Cy6in67M`l-SkmrbvsWi=HZu}W5~~i4hv=otfGF| zglG>q%y;7`S9I^vK^sdbkVmsxXZUJu zB7}_;r1w=n)*M=Y4{~UE-K=?8+s7c7WiUc_sGzbCKrm0ED zB!ltECcJ&iOWDKlx1PuH=#)Bz-AkvuzA7@|?FZT*MgqsAjCpmk&Nd7o!+OQ*Jws#e zdQvhSEo?&V*~HM(4cr?k;Q=C#@x9bfLkU!GLN%L+*Bz|N3f?jGqXZFSg>Dg3LgVzw zwxyB^5A(Mmm^b=h1O8eo;dw|o0cfzn2u0dr#EPUk#|9X@qK8w;J?HD@7im;=*g zqr3bK4!G+i>hyuxIHKYS^O%k90L;RHW zhKi?}q9JP`ubXMIvFS6Y?hoO#z-`ta!0&V%8LWp`l36OmaRA;-NYnB%Ox|`6!V9NQe%VYvuB!@YaR)B>|&i6O#hvv=(UR{A3%r!n|p1= zb?@$nRvgLMsP^LrG2(3WZLVag{zqze5%`U2mMQ&H^B%Nkwx6~hTqgxT?4HQT$kq3R zUZYQpY{4VB!WFQxxB{8XBR>LyLi>C8_`a2=JrebY@g5Ik9^=g}_c4i@n$LxQZp!t& zXqsZLNKcq@u6llM*}-E{xQjO<9rOG8LTO?H^_{MJj{#X z-QSWJo;$-0jI8%EMKxjRw}2A@7TFvni!|@5X;k^YUf}IsBs`)9xz1vgyFV=0%!C3^ zqy0U)@W*V-&QA;qQ)TRp>yLNf*sp|AOth+(3wYNI&ex{;h3fq<%cDMF^37qY(yu~ z-$We;G-;uPDVvZt)Tg&qg-g)P2a~VSFGMpYANX8~+YASes)P`KyzXB0Ym%ogt=$eG z&{?26tik6#T9z;X+{7ZOSZt{dQ#V62-E)`Gc^B?0YBlN##D9uFT{YO`NJRj};$IKR zDmKOYR8pIKTW>jUiK~iyZ>Tar_CqkpMMg3m@-9G_J4ae-ni9#G!8NMfnIz&aBh1S@ z&M*~BN=eYK1xDSwj%gYe+HOug;071TlBPfxrf>?ZQ}$m^kJk|a0T1e6s%iZFI#7aJ zukiSwzt>7Bl=GSJ)dyREsE;Q27H*WEQg$vzc6{@%UZM_KSxGE7$=Ub~nm&%WoYl|< zX6X|)YtB1p$OJk1&CTr~7e^?fem*NGvY^0wq{*w|-$cR;^sIs+)NUR`bU>I(a2y{k zL<2TDk|L<=Uk*P|l+s<-yH=did5El>ECRww%U(2$6J%HlbS~4C8}cE; zPz3+Ne&}MC!dXaYefW0)n~eCupu+w@Hd<#VkcP_}lR-hIHp% zw5eo1tU!8aq$<#%G$P$)fu6o$>y-%9g+h*0iGT53r-5uQf2o}(xORn0x4d*~}$^KWO7k2)^P< zU%`b*Y0SDC57vq{TJ z4&xqDvWA4K$E?GNCE3G2CMEZa#|SfuUlT$9c>b+21b$U~G~Yq_8a&OHUKH9g-xI5X zYq3XKHZd%wn!MqfK5}ZA1Ern8?nlMxWLF)pn9_vD3JWTcSF8Wv628lB;p2Q~@M@Cl zc#f!(fAL)7q)|Avs6$7(f^1FHl9jaBL}HSsZrh;t%SO-@_m-TF+ake#G~Lxf@Ho|NG}` zI-d%Eg_H;IyEu-AF1X<0x>E zaeG-4xMv%EQ2+qo7nz!DgDv(Q<2AuicrhLS_>v@CiT!>+B z$AQI>tYLtM_W}a$@$B!(8hyV{K4tu_BL{7QL8#Y{tmr_Ryf@CbBoMl0ldK(UK5P<< zy%a|Kd)FgEs1z6<8V^?=A~j@ob%G9_;>xbzQ(brHd-Py1EMJd~67cwJCirKyTnvXU zOKyKomLQ#-1xSei!q!G&Zuy^+z)DKEGOTkdm2}!N$?v4Xh-LVPupr;r%{LOlnLCK> z&8TDFYbVY#Bh0s?Ut?^f%#gO4=r=uHES1(3|F>YtC9OvtQiqYDl)iFip4Xt-?%vK0 zx~?OaF5zl%_Jmz=6T$A}L(#|0yzsgK98zw4=W{9<)bS_vr!^;3@2Tl0rbYN@j~4(b zjN}|}{|e)APZ7>{pMyeWk+?9S8~spC;ahrWj|YpdMU!t&f`$_UjW797otkV-cF* zE1rVdjvwgUBUjy|yTg?hNL`M3E#|aXuta~dq=#$)et!Xe=lqCWUbh%a{;Wona9z^A zk}rnfeCsJf$=i4`cN2r*kIWSo57vqUziD>(zHUv%l=}B&u6hGcoqFB-i|Lwrm z$86&LSq@V`U7A&gm5QCDP3KcD;HTJ_f-7=Hz&<)(sCQU;>+q@~z_>Y!oI|xErZmma zqjSwY8kz97mS^jDv`I}e#=*^3N#q)fs?q$Kd%}b%XrgVp3JmM2s>%$qrAAkqm;qA> zGTr2|V5-IaI2=jtl9xf46235UMSEPvZaSvn&VEWk(e$SW+qvQ(>Yu~ymOVD|gfL`E zm$2AkHraKTG@W{zUbTSNY7-**y>RYTKw0f398y`-yHob!aj-~H^ip?Qb(CkmO)-R>u*J}26Y3Y z9On!J|2(A4*-8g&3Gs9|;m^EAPE$?jJRA3}3^Drt5jzK`=%>#T{TyI9ik1zb`xo&( zJNeh_{LMjAC$K%$t@RiH)=|R`wef<30v#C^50Oq&^@0+Ia8^dt@1V^t)9yGkbUGQB zn9*;c*0I)|m=eGQbQthPwzhq(4PB<`MAS3=57A`12Ie9v@x9L)Bw&@LLZ@>gj-Mea zb4uI0ntz=7^Sd| zURGcnn8=CHy`iIS#|i*Fnm)c#pV@|dnjZv*V#*I;H24Fnm=Ud+v7$ZLKByvqM*~@L zk9%qOVg~DIAr&ZLg`g!te*E8=h*gBKaiu9VFK{}aBN{XHP>}{zlQf#T_+nvL`zpaq z7Ti6_poIdn-ZVbT|2(^=$)#RVAV&!<6Y_DN@j)gT#d8|u!ZJK-6%`ItB7%I(>kG_s zs+H5W?W^eJTu-Ytg(7(&;8M>Tf>S2lWT%TEW8adLci>blxsu&>H}ni{LI*NGDy1v1 zd%MiWcHugx2mig;#%R$UQ14uYh*mQT^ct0Ysmj(_>+3Ea4&P&YDiilksh=o=kicU- zys}$eC+8)ch6D&RKUNJ~2Wm=qqYRX8b>~%NY?S7a>YVZ^OQ?6i;ZWETg3(#gaRDu2 zDoQ@-I-(zYaCbMP4S#U8PH~g#+62~?75@9TRW-3uV4x!9KEe#BX?&(h0UN_;{@irtAs-Id^@SmV2hr_dL1!$RbYBlUaDC$>xfU;_bZDZm*IHyrzwTH7ydI(nqy3)TbOlFN()&vHNUQ-<)68 zrxCKv4a(ull=;^fajX2?qr>z`=s&#}eUS#BdjhgC45*#{5E9Q16>wJKr`t`s+8CXx5&YpmiH_N5_#wF2|``UZO!;_QP9&F6nnMS+l&g;In_rHif-C zFsjR%5W%kc6X2yj1mOABHQuF%6LrvSDt4ere($>#0wwB=ERWiy*k^?R)5*c0~WfVldxed6&&O z9lZaA{TA};KJ_(ZV`qE~vlKKVFv3wap{vkwYww0|1R*6QZ#f_>;O||%!0aHWZ>}U6 z3?V`&c4IO{L>p#Xl8KImw3FJlsdO_~JpTv}D7@_0G(rZwa8{s7OS@jb5`oK;cz@oe zZLu5ommE%&HFf>(a@&Nw;|C}-CFH;q>z_#Am}1$n$b{*?@MGGP`Xsw%msL4`Fgm_2#KNbfcC$A z32dD9LUhj+;wQT-jG8-vgR}j?ZH`nGa;1RR+x%VS(!f(y)i^n%AjdPnDCn-g(|1sKK#a zDnUx8AXfut-}Syd?w(I9uDLC-ru!x5whM=^y!pC4Ul;lP$*#V?SOO|gEwd*Z^mw$h z)HDknEYq@w=tSj7?<=b%D3atiGUxJ#=y(LzvLC;)^{sf~F-L~=s4@NwH?O~pG5i@N_RXd5ScTj6Ym0BpPBGOsBHzYR z{VCAd!)NI~whvy2q!ull>g=_L^D|_$@)zv-8Z3QuDjlW*0U~0@VL(KQuQc`gHQS}^ z*DsnT{BhtyVep4A|Jk1KC1o-lu;!zH5{YE5nV3nB=qOvlluav~TR^Kdv1>Hj?2w50 zeaa&31T8fN3i8psz>K|xI4g2GGvk&1#0-bXA?Yc>C4q_4G=C>O8E8t(;EIV?S^V5Ur_2lnx$^$iVSE<-u<~z z3Ns73xHmJ?<JfcKd6g~qt!6N^+b8%q+9)}J#h6V|$4dFH6 zdGo)Vi-PVug76$y5YZ+hGDv}F6OLzL()ft)g`uLvqH{ z6Hb^fe$xz-Hy#-83i1VON?Zz&)$1og(6L==GU@D(+z&d7y}#Wn^`n0G19)iYXxQCp zr!BSlK}?AI4!nK2C>sQ9%LS`oEEH$jLw#@O{;qZmDH2n#JOOb8Kdnz5`sozs2cqU< z;~g>&yRSXm%XQYAzIuHhKMpgst|n|%r5-+90{97KESt0J|R*bDkLnIVS$z%`p_43l7!EV@c5e*r9LA{G+(pc zy#5jx6IjNW+L_()X}vQV;M_EhB8HC&x1`NetbkprwYP*2B*6PFTdezngocfIv88+7vn?$0jYk83e&R*P>Xv)F4i zuGc$M{kYhK^#zV?<+)T_WDNTr7j_qn8?TnyH1(=w`Yn4GpMh5}=7I!MoJ5cGezv(?N!w)6K!KDnGB_UzQW-23Y%8 zVOa6^Xn#~?(h}lkw-|rYEi;ZbpK2R2z9Q7TUYK9K2l`&NnrpjEmwKAkV5mp=H9+C&~QF^dJT|j9U zIhp9A&;M(1 zm%Me>tW1l)4Cz_=3ExORmC;t#c}qNyPS7*gjgl7Ncn=86*<>_$LE@r=%A)mMX$KuV$&|X z;w0D`M=}-u#eAmtQAf(Z;piE0cW;8)n3DCh^A!3H z&N{7AB>6)=Wbmbw$xRnVlVFV)+hki@bGx58tp|MZd`m^O$6RtS zdKtC1<7_W9Dg*eI83J|`OZGMO*1=&7Ql0eC%A67{E|Shgd$nA;C3+o4n<Ok<1enKFSdY0q^3Sv$=pt_EaM#4< zq$ zCrMuIA*94X(5bHd9Mti$L``G2hI44w^xk)t*HW_fiRCgnLaFZh|MwY0LkS&pwUIfqxidl-F;rDBv>~wKi157pqmJH6b!adQPGFooY}@Qgz7dzRe3!fC`?T~ zFOaS^-ZZDabI~vL-5_N-z{2@*T%fI+kI%QmeoaY8aA3eAVTpCT12SZlqohEn7pl4NWhIlqOcRt8+`+gUdC=myp+shXRr#wkSP*;g(eK3y* zCu5S9H>}$!E`nK{Iz{FmMYEt-^Q9mC5%Uiegw?_m5n%q0>H!ws=*1SsF^_moVF4oM z#1sh|s5pJalQfO}H{O1r4s2D39+{Yz`j}MlkK}9TL|B*rh;e!@nqfJmIz#5*ZGQOw5!) zo?5grCnKic9>V-@ew1B6M)_=k-lmr{$!i)i)R3ge(HnOj<0*UGo65!ZTy}IGNHHa*rrBU694h?bpm0kgMOi!kE)}tr`J)L z{)`!oY?g>Tp>&S+30o#mOO(+1?Yl@+dCTkB7@7`kanw5QAa4?X1L79t3IbP?jXoMx z`kOT7&Nyq=PLjfh@|e!|0HdpEa&Loe_6+`Y4>P?V#Kpag39aU3TzC>6$6QJKpH3P> zBedwJh{4m)VC(KT$2-P8US)5JPI#0P4rn{SY0+I-yBt`n(6L9gT6{L|HyP&s^{s;v zlV6+1kaGs-UmPFT8uB9*?;bDYF2Q}0#LmB)$BdytZ$V_u+Z6>E1{lpxwPOvN{u-t`z z%^2DQ88+eg^%oWgIfA~PDDv@bfwtn?m~!yq-G3qGWZQtz@649+=i$yY5|t~ zJV7J4TR;bkxkxPs|NF0_tUy#&m^#nE7XaHP=!}JPG=i*>2;Lj)4QyHsdXidESecPv zfRBsE8ID`Iaw!IGh`OZmZLrB3jRiHuR4tLL&h$RVZCK!6inub%C)C+vEpP4{-I>=0 z^6mSz5}I}i8VFYXY!uXVtpKlKek(A=Z^$zqd7!VX1Q9S1RRxD33Yi#)x&Pv{mMU@p zixZ3)e9=OjK}sI>C{h+ z$*+}=RaDlDRhhOoymr6k#4ci}Yj zhqbNg8^SZa^c|X-5Y7Z1kIFxmFlLaA@SXF=XJ^)DTJ7;xLwd&`F{b+ya=ArX>^C@w zezN?yMMR(?m|NwjtXG^T@4umjHu3hVjn!z6&bxuy=vygGuCK+6%2b)+m3C7Mn4bKx z8=GXdhsI}b*}`6A<0ngTg{+eZ!hCQy#LoMX&vK^obHekKEa~($jGVK5e*7ejQ#vl< z9-e99WlPI0vAC58zGh^mvtiw)Ho49+=DL+FH&i=MBQZR4PoDg@0lxq4+DQcbtDTbw zZ9_Gly;u+ajLG0_2a}1P*drI8%pG&3zE`*YTO*}*Kj-F(9OK&INo>V1M}HQDF_m%Q zybV7tkJ*@S!sgzlbtmOvKw$oIE*z8@G)9DVUff;?_znFJNg95k^RydC<*euz_9Oqj z*}m6dbOV$Hjn}2pVbrc4MtFTUg;mQiaictIy*34@w#>c&UV404+n3O@04w3KlpD4izrsbPp&}@~2En$%a748e>F3|kT-^E3kM7=j zW7e=SyEZzE*|OM28mVWF(VYjpRO&(r;GRBn{6#%?emrCrDKfJIe>DKr$XAA<6C$jN z^WvIYv8pnp?U@ZARm?tAvLbB4RsYQS5xx_m1@l3^VCfZtJAnYrVNC6D_td1+S4f+h z&%AB$w@Y1HwRnHdedd@?w^%toDzM3H_JiVH-P8t`0)*`dvh~nE^VfI)D_W6Xx_kMQ zT1LJ~E;L2yL*T8j_tHlrou7q%fBDHgESo`dX*F()iLm@p-ZOC#khsWFdH=Bm*UB7V z3$Fay;5Hx~!6f~%j42j&Y*Jyjh;6azQ+%n?`7@sKHf)nLPtNh0S#YlN%wDK)ik8_E zitNM@^7*a)e7)h1E|CXT-Hp}ijgNXcEkOz@f7bvgY*%O-6c?n)et$N>8-{B_fOEq>i+=H zBJL@h#SeVxB*AK6?1S*GpH2LgR_@so!16mT@_h18wf;?gaYe-tuOA*OVb&;S@U{Qt zj@;(ZnFQhYdm%`$!fz#xDl{BmPMW0XoM@Yq3W91EtSIe(X$&bfgyPbz#y=(F8viPW z7JBgM4FaD#2NizciHm0O8-Wq%<$<2+ufsWu(70z~assi@GC?U%q_05+y1_EyZ_qDXSmncq3lv^^Utb7Xll3{Ob^)rxwZjX(@h>f zGQGUOwAj|MhCZs2Bky4p6T{T3tUwehKH6}Mo?MSAGy=fcU1IbkSyd@iFy~si5N+%tMajq2B>xIQvwO{g&rA*?XK|k1L z#g+HL*I}KAGyxu++sZX2Tq3L&%S5|4Dh5+z2vt?4of%j`Ly$%8x8>1H;5Zy=ko_7! z{XL|p3EAC^*EO!OrDj$5xb_mt$iF{i9PjVkhRpBOGj|BlC(UFibyfv&@@DE4`PEuqwH95>e*rG1jzaRKqBDdfZ$ zo6Fm(Q9X#mKXZ+Mvpw(YhHoF&ua3F7Lb!;%4pVktu&uh>7iJxcg+B%V>k+d!hzx%& z)#`WQ@%j=u*UdzH7#!PpC%t=k3BQ3Sm!a`prPdif@vpa9 z%>aUZuVpb6E@#YL6j-X#=6aBOpUbx zzyPM$58;MRAJ07?D_-2xyJ6w2j^}sTip(Q0@H^6&jxHTny38AtW(8|rAl4n?IEH|h zk1JJ#{*A##;HVl8Z57(Mu7lS+oX3U`Kb?baEm;1QQ zLqob0FPj@U_sD+rOm{?wI0akFE~$Oc0*^i{IxCKT7vB{Mt8G`ocD@F{A0=^yzn<3Y zlvXC?y-cLm<<2H~oFmdmz-b6qKtd}}VOA&yrs+Vnu0}K+)&$pd*b3Ajv8V!{Yq6ip}a*RcOS zJ?ou8=OaA7f$17uL7%LGP_jdENxPF=SVInL!8wBw?XHBa~~*MG896K zDfRM5jh1|ggC%ERXsb2&EUHv(;UBP+HI+hxv%^=)0ii5nfz>9$7>=ABEqib@^e=D8 zrfL0S#2YbCDzYiV0UF&Ttu~vRu6S5NV#B7c08^2M)##IjHkopv+)=|mVp>JG&6RL# z!V0C@5G7a8H;AU9;Op|naamHu!RS4@aIGLid(x%3cZS$ThT%fzUo-P`^nJj~7DT*3zzj8SrBeN(qtje~Q2t$T;mD$#~QE^cK zn7HZVilQNn)p-R6jp%<_ntv>^{pq(o*Izv=6Rj0Blyal^nO+brQEc{OHK0vsep9E&o#JGj$bDB5J=T0O!i%fhOP$0&yM5!i0CfL zo&-dp{9^>iLsCLNA&6R9z$=jgC8P@@Sc7qr{_~c-0wh%+DOJiJccTfAEFa>(RWm%3#}B7o`E3LGtd@nG}91W!=x@83+jeL z<*R*Yn8Q5%>;&?C@7UOJK1=rXvd*ci@IT$eHqooSJ(sThI{XKo6LrS{4kmWpkY#^> zQv3V)w7^kI!mnckRW;v7{Yc=H$tO50pfXDFdQs$Fmyva0^$M5c{>Ku%?arSmv9jbh zg1Q^Ss;7ziglZ3g+J={8Rjz2iF9t#gdU`f6|J(fhh%>s{zna?TyCWKv^S#mXR`vY^ zd@mJ3sNx< z;Wy?zaI^B5dArL+Ypccm-_(Da7T8U{aHADz_-Fb-U+`u7 z_%V!~h-T{d^$ZPXour)t2|Abp(|Uq)ps`r922t1^zv&hDZRX6VIiI_~K;G-SpBt?? zFAr?-`TxXbw~1s-9{$LsfFsYsy!U@~7NkQ(e1m|fRS*FIIW3w4n+o6IjGF||%mcEe zxBSs}$d_F*$xxn|*R0-R0n3Ty9|)nHTzi+-nLfE^R2D~5HBe%0}k(KL~!2CvSKr+=pR|AYxv$0 z7x>k?bWT>wcZ^{!q`8%Q>d;EC(bN|JXpks+7Gr?*Hu-yKm27}EQ!48S|93W0?aPEi z%9qE2l z;`Of#Q|D~f!&LG|=g)O=A#{ifF{aA&C&lM|`s=xEqm!Dobq! zn=RdJ_!DooH9@dtiO?onK0B|OIq=^o0{6zjT?`mp@cPppO-XRiw#N5b*Lq}9WO@>y z83*9`+LYTFhjrP}$>G5CAarMHyc2J?D#gAzb0Ae=;(Yy-$qx2sTq*k8zL}3A>_rJI zH>{9ASI3@tjkqgL0EKzH_ihMS=%(1)SAL<6Bb6O+d`6#558I)@zd8*ztlSn%o1Sje zCs@+}=$SP_iqKR1qxQD>G7sDB?M_Gd=DTk@SM~#uN(9pO(gLjac~XT22LD?35%noe zJ(PXv_<``!tt2{SIu!gSiwSh~_4mr&r0x78xHzhXz4 UPar4=2oQ*OuGa*@00;7a09`X4NdN!< diff --git a/scaleout/stackn/requirements.yaml b/scaleout/stackn/requirements.yaml index dc10c82..526a90b 100644 --- a/scaleout/stackn/requirements.yaml +++ b/scaleout/stackn/requirements.yaml @@ -19,11 +19,6 @@ dependencies: version: 13.8.0 repository: https://prometheus-community.github.io/helm-charts condition: prometheus.enabled - - - name: loki-stack - version: 2.3.1 - repository: https://grafana.github.io/helm-charts - condition: loki-stack.enabled - name: grafana version: 6.8.4 diff --git a/scaleout/stackn/values.yaml b/scaleout/stackn/values.yaml index 6d4e60f..65fb274 100644 --- a/scaleout/stackn/values.yaml +++ b/scaleout/stackn/values.yaml @@ -141,9 +141,6 @@ docker-registry: prometheus: enabled: false -loki-stack: - enabled: false - grafana: enabled: false From 311270bb4fd843a67164d28ed530d864c34a5855 Mon Sep 17 00:00:00 2001 From: Fredrik Wrede Date: Wed, 6 Jul 2022 17:27:28 +0200 Subject: [PATCH 20/23] update README.md --- scaleout/stackn/README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/scaleout/stackn/README.md b/scaleout/stackn/README.md index 72ab098..3f6fbda 100644 --- a/scaleout/stackn/README.md +++ b/scaleout/stackn/README.md @@ -14,7 +14,6 @@ Current chart version is 0.2.0 | https://charts.bitnami.com/bitnami | postgresql | 11.6.14 | No | https://charts.bitnami.com/bitnami | postgresql-ha | 9.2.0 | Yes | https://grafana.github.io/helm-charts | grafana | 6.8.4 | Yes -| https://grafana.github.io/helm-charts | loki-stack | 2.3.1 | Yes | https://prometheus-community.github.io/helm-charts | prometheus | 13.8.0 | Yes | https://stakater.github.io/stakater-charts | reloader | v0.0.86 | No From facba766c8bd67c32581bcacd066850572832e96 Mon Sep 17 00:00:00 2001 From: Fredrik Wrede Date: Wed, 6 Jul 2022 17:42:53 +0200 Subject: [PATCH 21/23] update README.md --- scaleout/stackn/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scaleout/stackn/README.md b/scaleout/stackn/README.md index 3f6fbda..851838a 100644 --- a/scaleout/stackn/README.md +++ b/scaleout/stackn/README.md @@ -1,5 +1,7 @@ STACKn ====== +[](https://github.com/scaleoutsystems/charts/actions/workflows/release.yaml) +[](https://github.com/scaleoutsystems/charts/actions/workflows/code-checks.yaml) ## Description @@ -115,8 +117,6 @@ Minimal requirement: `kubeconfig` | ingress.image.repository | string | `"scaleoutsystems/ingress:develop"` | | | ingress.tls[0].hosts[0] | string | `"studio."` | | | ingress.tls[0].secretName | string | `"prod-ingress"` | | -| labs.ingress.secretName | string | `"prod-ingress"` | | -| loki-stack.enabled | bool | `false` | | | namespace | string | `"default"` | | | postgresql-ha.enabled | bool | `false` | | | postgresql.enabled | bool | `true` | | From 1536f9d9dd855093e052dcfc2a05d16ce41ab6a8 Mon Sep 17 00:00:00 2001 From: Fredrik Wrede Date: Wed, 6 Jul 2022 17:49:02 +0200 Subject: [PATCH 22/23] update gotmpl for readme --- scaleout/stackn/README.md.gotmpl | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/scaleout/stackn/README.md.gotmpl b/scaleout/stackn/README.md.gotmpl index 3816999..2487a56 100644 --- a/scaleout/stackn/README.md.gotmpl +++ b/scaleout/stackn/README.md.gotmpl @@ -13,14 +13,24 @@ Current chart version is {{ template "chart.version" . }} ## Configuration -You will need to change some of the default values: +By default STACKn has been configured with a dns wildcard domain for localhost. To change this replace all occurences of studio.127.0.0.1.nip.io in values.yaml. -`` should be replaced with your actual domain name everywhere. +STACKn requires access to manipulate and create recourses in the k8s cluster. Thus, it needs the cluster config as a secret in ./templates/chart-controller-secret.yaml. -`cluster_config` should be updated with the config file for your cluster. You need to have admin access to the namespace in which STACKn is to be deployed. +By default no StorageClassName is set and needs to provided in the values.yaml or by using `--set` argument. -You might have to update `storageClassName`, `storageClass`, and `namespace`, depending on your cluster setup. +### Quick deployment +```bash +# Generate k8s cluster config file - NOTE: we assume a k8s cluster is already installed and configured +cluster_config=$(cat ~/.kube/config | base64 | tr -d '\n') + +# Deploy STACKn from this repository +helm install --set kubeconfig=$cluster_config --set global.postgresql.storageClass= stackn . +``` + +All resources will by default be created in the Namescape "default". +STACKn studio will be avaliable at http://studio.127.0.0.1.nip.io ## Deploy locally without SSL certificates For local testing/development set `oidc.verify = false`, this will enable insecure options in STACKn without certificates. ## Deploy an SSL certificate From 7294e9f89c8f22d3b2ff1e72b2ff7e754186b907 Mon Sep 17 00:00:00 2001 From: Fredrik Wrede Date: Wed, 6 Jul 2022 17:55:55 +0200 Subject: [PATCH 23/23] update gh workflows --- .github/workflows/code-checks.yaml | 31 ++++++++++++++++++++++++++++++ .github/workflows/release.yaml | 17 +++------------- 2 files changed, 34 insertions(+), 14 deletions(-) create mode 100644 .github/workflows/code-checks.yaml diff --git a/.github/workflows/code-checks.yaml b/.github/workflows/code-checks.yaml new file mode 100644 index 0000000..80e1b71 --- /dev/null +++ b/.github/workflows/code-checks.yaml @@ -0,0 +1,31 @@ +name: Code-check charts + +on: + push: + branches: + - main + - develop + pull_request: + branches: + - main + - develop + release: + types: [published] + +jobs: + check-code: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v2 + + - name: Install Helm + id: install_helm + run: | + curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 + chmod 700 get_helm.sh + ./get_helm.sh + + - name: Lint helm chart + run: | + cd scaleout/stackn + helm lint --debug . \ No newline at end of file diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index ef835e3..cda0d40 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -7,7 +7,7 @@ on: jobs: sync-branch: - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 steps: - name: Checkout uses: actions/checkout@v2 @@ -21,7 +21,7 @@ jobs: github_token: ${{ secrets.CR_TOKEN }} chart-releaser: - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 needs: sync-branch steps: - name: Checkout @@ -44,23 +44,12 @@ jobs: - name: Add chart dependencies run: | helm repo add stable https://charts.helm.sh/stable - - - name: Remove existing index.yaml - run: | - FILE=scaleout/stackn/index.yaml - if [ -f "$FILE" ]; then - rm scaleout/stackn/index.yaml - fi - - - name: Remove existing helm package - run: | - rm -v scaleout/stackn/stackn-* || true - name: Update index.yaml and helm package run: | cd scaleout/stackn helm package . - helm repo index . --url https://scaleoutsystems.github.io/charts/scaleout/stackn + helm repo index . --url https://scaleoutsystems.github.io/charts/scaleout/stackn --merge index.yaml - name: Commit index.yaml and helm package to gh-pages run: |