From 5a1179379fb2384b565537560778fd46e6cf3405 Mon Sep 17 00:00:00 2001 From: owais-rehman Date: Thu, 19 Dec 2024 13:24:19 +0500 Subject: [PATCH 01/18] Added docs for setting up TLS certificates --- .../images/certificate-details.png | Bin 0 -> 20858 bytes .../setup-tls-certificates/images/console.png | Bin 0 -> 54945 bytes .../setup-tls-certificates/tls-certs.md | 97 ++++++++++++++++++ 3 files changed, 97 insertions(+) create mode 100644 content/for-administrators/setup-tls-certificates/images/certificate-details.png create mode 100644 content/for-administrators/setup-tls-certificates/images/console.png create mode 100644 content/for-administrators/setup-tls-certificates/tls-certs.md diff --git a/content/for-administrators/setup-tls-certificates/images/certificate-details.png b/content/for-administrators/setup-tls-certificates/images/certificate-details.png new file mode 100644 index 0000000000000000000000000000000000000000..d996d0d6539898e8a91bd28d0715dfc689699e77 GIT binary patch literal 20858 zcmeFZg;!hK_b*D@Lph}dzCA5%@zdf2DPFv#LU9igq_|57!KGB7MT-Qt;zJy?qc z2^QSlB@luHxas$I&V7HveeaFCN5;s?+Iz{IYp%Jbe0IKRX(-W9Gg4DfP|zs9eWgP| zLD@$^aqZ@xH_0_M73g*H*B@X-WxYSiSHPdvU&+52JYO4n>blu_dRutdP}sS;x!4GR ztvqaOT*3Bko_jZ%<;f2T{C?=AhmD1&gPZH$dJZl&6ngfMzlEj#er03zx5!fwvA>@R zOOrohVt;F?|E;B}N1#^zNkQ>9h4QNxdOqpfGr{&CqUF_9QuBJ7aIM;`PRTEw2R0jF zU6MA5%GD}j?z!`~W0TCD2!t3r8I=q*Om*$pZ--VL_j&0yu)t<+!)Bhljzm9b7_hYA zHw;O8UFTglj#e#eb3xIM@>7ew{K!-~$rxZrv$w}4tzq4%oW2@%xO7Spd$LaQVViJ6 zV|_P}#D38!A@y&ORuTMfk@^4M9WR_64QnRV z-}#r^X_4S#yWnGF4MgsE+^VLO=ieLrNL16=CdjR4pa0*g|I6tA*U20SSiX}l_^Mb#lD z#6x(a@`XVesAalm#{LwwI57n47r0HiT20M;b7Zhyo2JPRH#!QxjJ^4#8e%_hZ_#?| z6&NK}R8a6noNiBRRZ-(5>Q~i)Flv(xuD|mWfIG5IyQyK~zr2s%cuXMGzE)4-5_Hkx znJj3^^;H+DY#sS-Nrxjh2mX+xj>B&n8Gv{@b6FTG0Ba(ZeMUgt+|YSnYb z@wEy@pT`B?n>}``2n1t>@uKnDa*Su6?~eVm@Y4#e!J3DM4*8luOA}(E1SgZ5rMa$e zzE{VHmxIX>^|_*%72AsV@!*HE>SM=~jJ)f&2}79}xXVR0^%|l&laI&S`niiz7<3|O za6jUj5miojV~ljdwX;dWJrwTY($>MI#sKO8I*~f&>p_@ zez?0d;s}J^oR!ax^)_B^Zn*F^<&=C?~e1Jvkda#jCx5*|kj`1esOy zpQgrdvPhQPR{kue0ZiNT-e=I7?RQv57uS!40yHxjwD48J zP)=V70^gy9zy6*}^L3}6;qqw%&&Bepb62)9KdpH6uq*2VaUv*L)-CuH|AvzmD{kEZ zp2&zA2x8~FdTDQW|ETas666kq(@v(?LtE$(bc@Dpf! z9s{ZQ=&!Ts*A{1s!8D2%0p8p|-R3Q~2oaFvp!W`q;?3-K@=Dm9_UDaKS2lj2O>8~> z5++kdax`8-e*=SxIeln~{pz+j`tFORGU)n-WNsx+A=_VH{xhmOv0>*&-PjWBGhFmF zJ@wdL6gnH0{zh{mj-N6Ii8n_EH};_H#W+;s0{!%?BIMG005N0Vg6y2_EU|HK6kxCV zN6%_4#~3A6Gz`PXTBreKIPUJzal~U^HU}-9zjOoa!u*0Vb%E^gHbMMUK=dqJ8Ooh;OD)N_>B4Zk1{2qK z)Ah@oY{^0rJHCOlAz^HMurieP2<9|K+dhg)*egpu3j*s>{j=3RG<58+W!k)cHAsN6 z_OARyGd@EnD~qnd5J{aIMy8GK?H|~|_f^|5!6vS_IlUoMA#b$quFk^Lmy4Pq@=$U7 zSvjaE`y9iOU)^_Unuk%lS=E3tP9F0NJ^6TG=ji89m9aVce`uQC`MrAboMsw&q4&zb zn?dz2Q(pg3oX;+|DYNcEuQi0DK{t%_ef{I;JQ_eqElcT z$NBR2o7lPDCf5*7UmCa}>uJ_ko_aZ0KN>Baz>53T?Mf-2oF5sg84yAD@}E)X1;I*O z*Q+Ev5m!>dHt9RqoA*I;IhpK~0*@**=o2P}a|WsfA+LUJJ_9B$>pJ_tVokCR9zvb~ zCMf-alAts3T6>+<%N_uHZf$_1(Qb?AEy^tpXvOB4Hnwf)lje$;U%ii&jF)m%MSiBS z^LV2eDkRWL&1&tTU~UygXl{GCNc4YObi08DX&U$kU;t_LtIo;;&RJ}ae46%HJk6%* zJ)JzMqML4L{)VEq!dwh9({TQ&q8tGp+;zG)jNX)&g|mdIV$g#*1;e*EYn15mILEVy z_cpUT!!3g<|Jj=uLChA)Nt$otlxenEfj-z|40ru~+GxHy(H~vXS(|p@m@JIr{?0X< z{@Hi$wvRD8aU7tDnuY}9Sgmynm|=1PN-6-CeIDI>^P%YGIP>uH?!xuM9ToX|x<2~( zTlInRh!KFPig`jMe@<5@CmVs~ANIOVvQYPN)&)2Qy6H7RlsSpCyxxPr(~9Cy`5wX2 za?qs!%jVo1Y#%>iBhNY8qatJF=&yikE4v0^W=gKf;JngBGs-4^-%CtS$#2mdX1wGo z`K_q?tw)H8Zvw&nJpyyos$UKzpKjL48GNET;rsp@H1fM!{_PUQ;L%5K-+u+*e_5$Kc2Pj>{3;)!t+8X%Qcryz>J1;*I-YA!| zkd#YZ;?d)woH)fE{M6l{9E+%rN43I%EQ|nq*%`!fAv<-+ahCw7+NHaKt7tvqLi%!} z=&WY?quIqjoOXX$B;1jlFZi#ELQ#V;Fc0KZmJU2S%BgX1c24l@^#9-Phdc4f|Mfrq zRRRAWa>YJ?u>Ekr^xu2AE|^|^h=naQVU|JXC%gLQnKi8Ezd~FKnvwZ&8e6;R}aH=!Ee52|G%O(vzUWulK?NxoPkGX?D55`#oylXXKKV3O9FA}NJ zd3g?xKZIhmtEMscu9Y4MT0{Mu-kuWFQ_VKZDZIZ{$!51uZw+COzchMu>TEts(GRlM z3#;}?EcI;p)DQFu&MGIHXeN@xlp!j#N?^5EKAF`uSoFPAxAjr`l5;#Z%M(Q|0|!Y6`jU#6Z)`+<3GAC9BESi@;4879F1|NFSPlVm}-2$}+H? z)(Ypei9-LSeL@hwm745Y~jeEYeO6MTu?zcUiT`^0cx7apCr)K z`3FVI#nLQUTir~ctt_f8cvH1-t?%@&nO-tWk=lLUK=_hmwWo7f;~Y$Tr}~=B+~kj_ zOFx{v9tzr8>lZD!uRrdg@v_0n5pQaS+HwzxV1HMTO)>&`i1XIVJzJY%9Stx2%Prde z$rS7ZCw&mBj*B{Sk!@l~O&P}a%=~3co?c?!Z7UUY{Y!x@rph7E)<~71zA3`ob=DX8vs5DS6#^F zUWYQ$)x#dQv%k#O0@Y!ZbWW!h-)@_Gnkw@(tg%md@?06K$b(ly&I zR353M)kL&Pi_0o-UrCsfU)hdZFPSCCU3e^a%te*68+iGNY!M;#0$q@fY-X^6E?PoB zLKdjA5U;ZL4X}*5gI*=L>5&M&E-Tyqq26Jk@*1!mD(IQf-ff4@km>7t3@zwiI_nd8 z9}|bC8XXN=hNxy3pRxN&aNjp=8mP93VzJj%Z9$wF7qSGhBXkJvIii#{W>J8nBGJYL zcACi(wWLt_Iume-f1l%T|1@ba_B&&MJ_K@E#xY?RI#PvH25bRb?0ZTc)9kpyO;oW= zA8pHa1Slwox#uEcMCWgOCfpNN4mR+PgbGbszCg2~)X$4C27wm@`!LJ%4jW_yZ~ZKy zTQhWoo`&~QTi;z?yr4wgqJ8cyLhGT9wQhWI#mmi!2Rhpi4H)KVeY9!=sAX-HkBe@4 z5qK}&o8==SMa||O=`PlNeuCiWjtd6sbg#v!I6Hpl?7j>zl=IhR6sTJ>|nv^2|k`@`f)+8#+Lt|ilz zCgZU<6^C+u!e7`tJ)dVqT?OAaRgLn^{sc4vK=dD>&>uVsq za(jXEXM`yOSd1p+ikGr6D{u=;?$SxWiyts8dL7l|qP@K-}F-mFaD zC?(_Z7jIe~|3SpS>ep1;4(Q}e&Oppie>zKb$8jZ3H8*l7SC}(Plc%~L*|xw6*}(!w zje5nm^fX{{aw=;Wy!-=To>cbaZ6mUzXfG3b4x!^&1ei^ri5%OC*v2j1#(u;i)h*6h zjJft%dvy&3#dJ+CdQ-3PpuxHlJ`))vdeyBgT8nex==nS+DBV-g*HyvFZp3x6T8GIo z=Zfs)%@pt=VveY$BN_MJy)J1OQ*t+*OajOxHd%CETcQp|Yf<>K;x2%_4#edE{63uWG zPvpNhEh)SxhfwpUZDvYB!HDYc634p0!)XryQ5T+tji|@0pv-I$D~q z_++Z1Z3C*28O-7{OzB(O7aBC^qs+U)VNJD-4HI}{5ETM*eOiW(Ff0=L>9v*oj>HSq zH;Ade0|zUvFyp9B&ZSvt`|!EQ)MI^-^0tCG*o}&v+$t`IXzXa;#;xJ0Z3&N4HGIJVhB{4)a#&N1A63*29)V7e{tB&=Y;h1iYY4o)ea9xmAsTbg@hr8dYssRwIlO^Qxa zt!XybOupL)YHG7@HJ?R|ZBh;5<9^?>ov1KlFCfv{$I5BME0Vo%LQqwcKzOaDd zKGJ2NVdYicE&WULbhX&!G<6xpsM%IgrMbhzzoGbMLpM%Oiz_~Uhq?&jT{$#t_hu-( zw!WGwFTyA)J$sFj)p>OD^GyYTbrUbcuww{3&|mLy4DwqpFM;Hf%Q(8Db=F28vXk}D zQY@$bW(q&0#OGx%<&}sPkOXra;j5;660+>#R=YRRe*RNrNB`R0U`7c)-yDB+Kncyr;X);^rux%HcrxaHaD zg6Jxs4V$Pdr8k6UG0{Uw1ZrWbVVh9*cby~zR^y0&<@8!hU49kVGSe-eroZZLyz$c^ zpR8Xl@;H#ua7j^_TkBCKzt{himC&8a%R>lIV?oi{uXiQmZBV2hyREk`Qi8GFUZ>FU zsgjoM<*?msX(HFM_XML{++g}Onyp4WP(1gN@YvTh4ikT8@T31+s&#(NX-dM`Y+n(v zuTrJtLtF!>Y5=$7eEw*1qNEfAtzX9jPIXM==@XF2gcT^Q{&&>jmBxy6 zb3p&ah9$~K4sii>bCCL3Ry!6(U&&$0593jOsFWaYl$h9wtC9@xebz4Btmw2F1Oorh zNmOwzCYCgvwiqrDzg-sjM)2)Q?oViFu&!d+maQf0sX=XiN=|q_rnUzf4Boso0$-I8 z@6QFQqgFX4_|nbaZ3E{+mJ;1w>U~S9$N9T!v2%0l@kb+qBb1I)5~Po9P|XoKKsn@N zWI&Nl=VsvJszzbHsk*1lHf);6ouU2Kytb0`(AjkzkW+->rJwI77pO)0hx0dRe(oCp za}%EGa&h1HI&qxDmt%AZ7l?pz4*CeF7s`-NrF^6ml303%txYPle zf9)SC#b+yi*$*GM{V(4U;0pC&Y2M-+0R(l+m9f#AG z;1Ig1HDhQ0+hkL+w`zp4)@8FT-1V4;5K%m&1RffU#0X}^O|eJRh6wTmSM%33;{Eu$ zS70RnS=2F|Zn%QS%7alnK&k8oE6+nbU+o1R*9Y1qJJjNN(LWvNg%b1P90lcxC_lx@7=j;&=2&>tdn)LZw%Vcz^(y8Dr<&zedWxQDb>>j-qw#E zOPV*&u%h^rtX*~uR-pq>$jC|}meYvUjdNT9q-FHtBX}BIyz0d{N(c#hi(xgXg?3X7dmgx1K0btUPWYY}ZzbR)u z2KrTBrwi}MtFJx+9KTSm?m-=!-X@A9aiBW6VcGk$cL}b>?`BzQ4qHpOi~Emir3+Q~ z(o?hqlk_*MSo4V-xJn0;45yOdK4Twta`@TTx5mq1e==7YTEj>VGrzhs4Xua!gPl1Ey~$}9QcC!qio?KW0P+;5{HzZ$>i zRkW8Ufc(nCn81;hGx)tYC4Go3vd5T3>z&KWLKVL+(+#};*Rg$yG)CRdRW9*Aj7JFC z8Y`PE^$GgKDWi!vk`pPZ4S_M}=t(W!J(U*yVN$~HYw0*Q1@8*YZc8)9T~;0vcE9u{ zi2IiLy+BVB;%xDl%;MBMV!(?pQZM|B>T<34`rhu+2T@8^!7re-q(p1;^hSu>WJtsF z{gm2|5FN4;m(wtek-6tN`LKM`m+QxfuQFmurPqzUkW1|BU`5(7Yge~3q|uu4{?v97 z2c^VoK69qvikC3BvS*J~E|~jP9OuPhPWp&XRbL(o_OnFO9L zFC%<0EnlNJY!6v5%38?$ln@($CBk zeBi8;^oH#mAW#g`5A<8g#m^SLQ}>XPHW72|Mu6+o#U3T$SX-!+l`4ewbTpJcuv)d- zR&#~1hTrrm6$cbdO4`B0Al`+>X+No5zw#VdnuKiH1{xX0W^&uhH;zCCC8eV*g`^FEiW%~yS^!(ui5*o-TimcKWBUpTfius=@~ z%uOdcyi`y#p_@|Fy(GDye)pd1(W4$4hPh*lpCchY+3L}0mxUx~Jv)O_3igl8KhyS? zf|knodZuH%`%~P#NrfRQGbXF#h8FjN-jA!LE#@l+T!1Fk_oglih=t1cj9m1O8*KLR zd9PQ~H|DgAcFpL;7FJ7@8+Bpd)@a{Ef<)klX9O*O!~QBe9%T z$Ujrphn0sfEpt4WlR96`<-S=85_RD^R^o#^7b)joaz_NN{fh-KTa_5y#`b(H@Go|} zSw5kBVIopK-O>Em@=4#dLU|CEmRv|OZ|cI1#+1>TXvpfjd;OY2r7x4)rz0z6^J;Hd)WZoQ7?WIGf9?8L*RI9Rf>c zDixT-Lu^Dm!qkIjO{C3ihOn4}k4zssnv2WXG{Ma&$w-fiJq9q>rFciA)V;?NL@+Ya ze<=OibDpk7gg#S{HX{h)SbtokqcKp;4R+#7W@rscrMd+?c~(eNDbQrNYC7 z_38trzUBvFq3WJazy2_&jncR4%lLDIzv;JnarF|t7cx8dqpmK1J*U2OL#Wq(=vE)H z4{du=1zh{s>Ox}rt3a}$CI8|`N)&I5xP>}?)KebmUpM!;#yf2RTW3!ZDO})#|GqKJ zDjcHEx>QmTxpMsIYDqgj0Q@UG&0L*JNqtZE+7hfHQh!bOa!skXvZ68AegNNWe~^VpzxOz8IWhadw^&7{`pLT|*yGgL)17f=it1wA z5gjDe-YS3Qu=rc@a_fNgbi+6|3AcO}SasDg|6BHsQw)?|sbp$xA2QM>6x8(F6|uG9Xn8?*23 zrY@Cu;0C52=>~M3{>Mjui1}*Ls5W_PuzjRzu}JDjhs?nDliSiUx13c{Uly+7_EFru z`UQtb{Tb$zKxMGmwo8q%jc zeBRS@oDrH z6fid5bA#&)U&;_L82sAawfBE?i<#uT)G;zcSoUUvsGvcEPv&Ao%d79ezq@9firhpco3gf7E8S}UZ`z5jcqpY&1$Rgqm$K2k z&lm4svKY-k@xh4bFjv;7gXIu&7eP(?f<~8I9Or($%J?0`{XmtFp}&_H#mGZ--*}GW zs@#E|Y;>O%dtlSk6&^pMpr9-LZHZ#C))D|lc*z>X`MW|AaVO=!@ltm=`7goKC2g_A zc&nd`X!{=HU4x_cJZUp!p69l-6fK;@i{yWS6(6W>Tm3&V^xOaE;5Rb|7Ht3ioHBwyV73k&q%8v zwS?S=%VWDb={!pcK7EKA8xwkc@ZaYRJ?>zyQ?%SzL|vVss$8ZdF6OQ-vYLqKJ%_DP zGy zlkk05ly=BQ)6kh%pVxB3&e2ijoVYg@P7gTRZP+tAASqlODhSoi5Sxf{8FK!|aICql zlRao>`pgU@w3qw1YI|FEbvwf)ZRfU8zE@Sz!U7j0qX~bC=jMe}hK|f54P4L$G_4P+ z(6RasWiEB5I>$(fs$vlAEX+}V%VnU0jn001Q4x?N?v<@BaP2oP1WGK6nmjn9jMit= zbu>`>p|qtB0s&CLxr->f5)jw9q^YCd`pr2|AvK27sLm8fm^=Y4fHKFnH)wc|2lQtT z(J~2jIizYl8-a(_^?OZ|N96AqEVH2OfMnN~8VR`9is_12GBPL zAj- zG&*dsX7g%xID&OerQNHUEhizQtpFXr`soL%@spFZWs|t;D^ZmRGV5g=3{ ziq9j)tX&NQ{jI12<% ze7M}yf{-blw@y;5-(1N!OifIfV9?$!%|9s-q-k0;*cqdYVq+Sy?{2yXX7X-WL2d@4 z)Ya!wOrIhx<#R`xB)(`up>l&IEog5X?KE3~2cr*HL9~_5I_$G_4b^g$Grd9&--TJ4 zV)I*AAP;iZ7Aqi?exa;lx?#*|?u5$+ne`z3VhlVCnn8&PlNlq~aVi;KyY1>$;`NG% znDbIlRn3AN`;~T*&PuXh7W&l5kLbd`hV%eniK77CL%$mQmOt+D*TrDCh7jbM>krDU zgSZN7-$s1xjEVQP2+xO-+6D{d%QSz`o9LpS7VQ^s8Ev&~`ueMV3v5NW(9Cd-`m9ii>Ekp0!=#TgD2lrK3Kpc{e9@4}Uz^Lt1?q z355ThC0>-MM71hUG|E~OisaotE(*nmH-<(FkVS_3!@GW@COZ!JIs;8lR%);=cv zJm~nK7z9%9n^D>MRutIY=rJxukQ*)`jV9Fh{}S6%LqV>GqcaRF+w;yos$+s84pXh* z#maRnrc3dA(%$Cz-tj8TB?iQ@yH%(ZQ>pBCV7>0wNmuf=zPL*HqIU%7={<|rp9s{* zEnLfB9<9sjgNL<;)GBiKw3P(&X3Ji1j_Kik_GxpPIUD$m(b8n5B+P8ralX(y9r=DU z`Vaa!M347Y&y!8Ih+fn81x0NSt5btU3f7mBZunnCurmf9Jh;D1U5yVr7h9)A5Fc#s z977L*byaKrJ$-6C;HUYE;bv7r5F__5zt{Va_h7d6FICe!^Q<0jG*}M-$crzZ62t9o z`%%2Paf9NW_V1vl`Pmi74V~ZG`r@Mbigi{itN1B8$Zi4cYz*#jSvIQ5%e&kcj^;HHI6&yc(Y~NLOgWYK)D^zG-(X9H84Q~ zlWr12U9*$wILJ;ezAH8OuzLM4wX@o$VRNNvwr{>S`E0JYs|L}`_p~#om=;i(Q~a&M z;FN`;7KsUK7=cupbraVpS1ZWC9yhkJ{X_5hDZSe%gQoYpu2HxL*99wr=@S&(deFt2 z_by@SIt|7nM{m)NY(hUdjf8`0pA~egS%OuAUBvhZbg6x z@)Z2w<-PKITh+?ihvbEp#i50)*97I#fMXJc^74&e-+PBpjgybURT8Nt_`K$rz4ISunA&+aYrWdo7o|Jou$lAg%nTtsgw%f5rel+Smf7U#t6R>|T~|hLCY+)OK7J;?N#>WnxtsTc?iwt}t8~)GikB}JDHc&@;u#jaTwCCK99kJN!yn;ap z86u!E6$T?cLm^RcLI<>nZNNp-BOy8we zlhW=|aIe338|#-|*SJZq@Wg=&QLW@if7O+!H`GGssDGHjMF_A3Gz^1MZZDJxuGre5 zs{B`jv;s4#N64@*Z2yBVtl(J?tAoxq^eBG~02UhII}SmTC(%#h6i_j(zcjN>Gg}Gw zNGwmhQpX1t{x>HO6y;cB8qPYHEPq)jlrvf@)ePCnDl0i zi4t&Aow=vpDnAUVk5(YFgn|CSpw#^2UIYEuW#BV#cYs~)&HgEs8sI841J9W z?zznmZT+>bvuYT#*b40r5D?gWW>V`BJl3sQ;%XdEwr@Jm5Ie!|88l9puI>COb66?c zsPn@D@guCY(4bHIJfQ zc#*XzvmXWsEEc#+_`Z4Jf=Phf2wpqfMP}?+?yZScR(Oy?4Q#_~Osq39F;4d0&i!+f zT9-kL_EdEB=j>w5$p(JjCNqU371A@kI^PQLrmskG^gT1q*?#*YLzP>aK$bp%B)4O0 zn5Un~%5z0DTcqO?g_2e_Bg}RrY{woab9S1rxMiiH{sou8iaQw$;$&seA8YE7ybA;) zEPLKSGsoVIbBBtVQ1iA%J#jaZ%FXo7UyjY;iue>RC9`U!<%Vnzu zxL1Q>)lC_#o;;qXZk>m|Ok|Prc$FsUHtH61$dvKy{o>G4*5yW)Ao7sy>VWNR0vl97 z_WtBZ`#&WOzIK!5bcd>e9-_ulu}na#Z~s}EV##bk;pR7cHn69F4wCu6?j=N zE91NpG>f#*RAfm@*IEg9L3z3ye8iVl?D$=il3u&~&8fhq%@TMz7Evmj&E>5; zk!8TeM367XONac4u@l`q)ou{Utc~j*c$5EA=6-mA-s}K!;a)Cgn+6e3`g$QFr3aPk zq_br8`ZRNMbpG3W^>jwydAK&jS;M}FPl$(Y;>UhGnoq3SY5!MIIXRfSaVQ93OSxD% zrJs4AbI|p@9K0KMn~`L%H!E=Kwd>(m)t0za27}!MWWnnGqJq2Wh+I*{=JiNIlOHBV#6-4)y{JBEYA`7dYRimUj?zo z0vfD|24wZX{R6dOQs?HcLc#CfeiH~xoep@Ld-{2tk8N#o69?irPB0N}vOO4e$FA zo$bEJH=QDzGnNkSSc>?%#Y>A_&N_{I?%np6FGY66wTCl!&5Wyjo?1==jQjT4;NDLi zLbHw^5ffjC`rFE7{yX#CFM`|vWJ%X3I2YS!i=Kql^>CZrX52b(6&1GIsAQOS zWWXNk6Am0=-n&Wb>0={>&DkV(5CZpt!2LQD9m!Xhdsh;14*~+N&gZf!Tz_cQT4pp~ zoi{i4-{m8W`1ze|A_7DmCk;Sc`>DD=6?P;-q?;YE8d#&9>8ZO*X0cD%%?*MCo9>D4 z+T0z!I&HiNlyfNP6TeTF^49cs5gVyLfm@G<8=T8Rfb( zJK)lRs{850%$M;rNORnC4esS$K663_2JAaNWSWai2G(?Ph}@Qwa)@re|8%#*3*6{; zE)=T1#h3N1$=kKR{u79QDcIrYrmCDp{g^RVq0Ee9gvBOz3I!+vdR_$ zvPYz8)k~CAcPNuA?>cEf224zzOgCSd)Z7|9RbPWSF)wf3jo&xqk``+aD%802oNY>P z<|S6JL)n_wB^RV)l&#^T7=!3Bd9MmP+Ub>oFm)$WeYDZ%_L)!8JGS6vqjl5T6R&YY zC+R*P0($Mgpa>gdg<`%Q$)y5tluer(7CkKcdu2OzRi}cds*k3d<{LfK(iRHgd+{t0 z&cmqjV2D&{}4=*JEcSF1$k(nZmIu1o&AC*o$G5Ls^S zA&25w#I${p809?FP>#THAd#=+BrpIx&0%12N<7^Gf8Sy|{LKMijm&9hewEtZJzR4{ z`zrTsX1CyRLqy!F4}mvO)U|$0aK9nb$}BWqopFu~7zu(dnRM5!P0NcAy${1)axHqL zjUG)`i`IJ2?z#I-dn&jxTt(z2B?=kFJmeuR?z(XI9jsk+I66z_wrda9jk;V{KnE1J zUu9q$YP_m%lRN`7qyAv*wZyL9poAt8UiEOx{K{`I zX2N9`ow+L5JUM(XwM!}{9vxmgL%qYOwN@}8Phk_q%%XphDDisj=$8keUasIQo*iRW zWsm}DqBn!~tY8YWkBdZR7;itrjf#r)w@xQT_kGVK0$G@A z4FufcuBMJODwLp7wg9|yz%KtX#DdfKf>ADYP~H2@wO!E|`Lm*&!S#>Wz=QUO;GoN~ z;EOT9=;;Dou+QO_-& zQ_d^ME)$c?C@1;#rM6r&CTJY_3jF+1pNvheblNvmiB&|^%hw)w)15D|zV?ph^K{qB zh|=dQ=QrYW!aI&JdKn$7A*T(}KO;#YwTo;QS3Bf)Fo)M>uMUz1Zm|8Bdr3|ES2Wcf zpO&wR>`cWr=Rfc4z0{R`7k-1utHtJCwPzc#QmNJs+dr|pP9uX1Tbki{2Bz(er;fLE z&*Po8l%>jNNJrj15^Ixv^GxwNb@z03$gQypB?X+A`jlqzBn(RxaA`jj;9+`7sx8^d z0POW3eu%!L?w#RANYPx0z)Ah_D#aY!4KE``5wnS3<2Hn&Nc9FG4+HV8r3%B}9#fY5 z67%WEOvOFfuzj(6)oV|B`>HjGd>0QmIsPh=tF0eH#}~9yX0R3J5{Qbs@)>B(kRAlo ztQah>e^+GMv2vF}dh%v>nO%_%o8@xcm0oOo-d^usvo7PCK2>w_ z2Wd`z?qN^|Hsa6iniU0SN{al%3;NF_CYiM1#=tr~sGeS#A#`lZ$hXrUZ7}-)^-*Sv z3LZB~Nk41hfN#?SpEqV|`Cz|J%0C+J&VZOlx$R>RAMp|S=5_MOkB#`zd^g^V9bK%F z4Ix9LpUyQs0^s!{Z~DO1ceDgId7h>eTcN*l^`C*ss~V#lNvR0MVSZrf zXBy{+-vQy%nYVfL5-zf8jwVMZ(u-N=Bp}U9W7a!L0S$SU2&GJ$VNxxwLMD6jm50QD zhY(^prBT}7pDkD;@Lg4vbNrl}!=_@#Lf)MW`@`E#D+k_A^J@2C z7tV){?;Fb3g*{QkE`2^2%%&lYVXE4T=d4FV-}OP&4#Dh{C8&`OoGCf1>3wx{5KN#d zE+`bTZ~Blw-}JT7;9j_Sy3=<#ybu5BRj{o@GiV1W=u{A3Hb@g!LIXJR)A0kV)ma*? zpb8WG6#h2YQDjE4`Wi>@k)~c)%`F<7K(ahw33#FkqfC5CA8}l*$#&ki+Qe!X-?fD2 z!yA>gR>|e21pi`O^Y|kZtZ>?`DJCK^v|r~bE#M%5^+h+6R)k{aXH>~3EIkX|w-)}k z@TsLZoN!*i1tg%MIK{0;Ww%UhEHR0?edW+x&@S+Kh`Mh+RzSqCzL4@pIp<8b{X1fI zxWA4{)9|~#ILI|hnQ%;cp9H`ErL*y=z%@!o+f}{hXL$on%8<;r8}mI7_8&XK>Va~| zjp>AfRhRg1mzw37v=Kd5lTUz*(*_fC>QnGuYb5s;E?aufT5R@dlA}J(Kdv3^-}IpQ z$+@(?EHt?GQhMbp+RkjvgiqC# zskr%)uS2`nqSku&9=h4%H3KI{H;W07(E^zX?XVoB4$n&!?G?A4ROwOV&>-t;O}R`V zeSqX`zLLW(ob~zAacy4kL&iUp5PZ{on5uqcsP1*merpPf|1|vmUx3y0S#JYRSynu= z$%52VP0@q+umz4#_HKgZtFpnvRK5gpu)lG)xv>iRG%*witPb zH*uhM{Mc6U2Ad`VoMf&WcAikXu`R&5D(eQ%y4+iB{z{R_g?&C?G8A$5wM@7QtLDVq zX8rwfdaVUdQtR{F5Jy*?I>KX`#)YJ*xDm_l3(L2y$EjH~Mj6z*r3vy)?!uo^_8we5 z!_+h=T{>B*WT-nHT*8@IYv&G#yW6n} zzq7BZG)1;kc>LN=l~Fo(IF9SaM#b$fnk;g8dKZ1U2|&Dwe#lNnzn6ZWL#<@-$Y`xj zm<%Ib%-KVZNaohO zs88a01~-^d6)a4spPYYdqDdx9DP+fsW{k*Fj>!2%b&G!UOb2>fIp6IRH_?j1Z~78n z-Pcn&7(V_`i3UCPe)CO1C^q!7ifUQaVAK|Wq@(^F-oWWSNpF~ly#$v~~FBxlj>Gkx>)e2_OP?+8^-e+f3z z=**6mEjQPYwpUe+$IMI@?4uO%6QcH}OwuC_xd%ywxcd3L3W=GJNokPasn;9a`H=J9 zevef%A&KE*1#2<4cJ=jLv?9-8uvI;9cve@}FumTINb9dq0yc)H8*;UzXq~6bc4tqfRmv6pl zZbn;(7slRW@NKAH)0{WnmG+XZMjL36X0EMx{eqJCVLzgIX|_QprzOj>sFm8RSsV<% zQTt}=AtSQCIH2wJ{*43YKl*lBVO(z#N@Z^B$_cjzEK%?M>2z{f?2%M~N&kir8b^kJ zDaiX3%y?} zlKp)B`x~LqGgflg+`whcZGd(7NwsHI+J9%tIj5+5MB+qWLmm8e9S2)FXY;2Xad2 z!&!786rHZ?WvTb`+)S4ktY8nC@edU{8cH~;uNU{>%iT^gve97C!K$Xw%j2dE>~_)Y zjCi~I6L&{{h>~^w3iKktaDl9fnqIUYKf5(a&iRbx8cG$%5-(EgjI@5(0&t{1W~!VF z4@_Uvc%chIG>5zh%0{=Vv&?=qj9VC@6|0td9X@#^H+1A1AecHUlZ8zb~^XTX1a$9c` z&>+=TxtVgVo4BjfNWbIH%z?1$vP_NP0jZAS9wf>W;1-^ z(x*d!@J=wLBlk?sXT`JIqRE-AhZDKO=Ox2SgCc2M*7(Cbkt8rCNLx#v&X-nNo+{m5 zBxs0(TR45QPTpm9GPhO1E}_9pXTuMeOJ&Ijrlj|CpmduZ`VqpetsngdF7WRkM-QcJ zxc_22d9C#m_cfGOHu>qswzQW-b>9^h#7L@FVpmf1sPUnfk}iH8q!l|i7L-ZnpD8(C znRWR_?M74N6H^PCtZqJU@xtDXm*kw^0>`a+Sk)vVS>k^cbLK%!C3zgrsK}}-j5>gT zz&KoTiy<&z0Hfl`p`4OH00XRmqMUMtpvd9@VFW`6Xd+HF$e96*uyOfrJ%Q-|yG`>+X85>+`;bS6?l|Bu0sUdmab;3iA#vM8h`J`A~f#R9XMOYzrA}ElH#ldG#;PViW(Sc zR=fL`1q6p>NsVcM(qhG~b1em&mAk?1bi$p^4Yd5Q>&6^%s0!Gw)vfqUWmt;WHo~(Q zo8T(JxpvHpp0_)O#J3rZ&_G&?Velh@dvO89ENws}Oa?x&3r>sfIah7TM%ssdm3?1O zw7?k(RKo;w%50=P=OpiG4pF&87UePOmR4XWjf(eQOc){v#xG}DGz@GK(A1@?%}+LHo3yw#ArE(!dtJ6jH%a6h~baDu#9r3-3 ztrvxvcAH%%rjp}g^LiTJ>k@*{IKI&{$T4kkpQyt!f`zk1keu(}PGHBA7;hy5f{ba2 z+o0=M%_?J(_OPDIxh~~O%F6n>>{e)Frif}jPMTxQ5z9=xKhQ#;2V@8&tsY!RAlFylk4~ zsG;4NOXVJ@v7@Pf8HiX3MGr}=wA)3kKQm<~Fi`<KM_gJ3*^KIKpQSqb1AvW$H~(-R_OJ%Vq*^*tXvo`%2pmP&0!-a-&6zGP5r@h;IDMcEqIe4 zBTO^TkBH5X3v}RB-D=cwJA8Z^!R0GijVcfL`(iDZ->5Xo*d@!rfeUqp#1DRiVfE&U z-mGQ^p}`A>+$00u1g3A&MsW6UhfYkEU3KC$Ikse+`B0?qb!Mg|dOMtNx(qp-X+=&< z1^^Cu+3LKRz|bvUoI1A^nR29*Zn+t+^EN~&$fG+lZ(j@%YlV=tpBw$LY)zqxg*)uN zE>WfX-SstI4lwekbzCl3{|}j~+=pu|0k-nW!AcccNM!YJl|K*#Yx31aHGFmID)$u6 zVwEY}<55p&b`LKm%(wWuXVV40f}mo(7>w@KZ^99eU)Q};l7-{pTxmv{7jA?e6t)Rn z+&m28FQ5*Ix{3X(?}RJ@%-p|WrC<5Xqy=z`#Cv zu`uXl)r5d)8GA47l)2hzGSfp{W9X+bo9S^&!y3a29-b zaHGsU;ELX~zih@J*i5=U3RKorNy&rGB-vH8(Qkaj&cr?OzUNfvo#5x)qKyx*SKxR> zN91B(V5h<-zCP3NF}94};MJHWn}eJ`iI#4B+@9x+eRWxBim}h2LlnkSgr?mD9q;8sP<)GI#-G7L zJv~ZqKtOLH{Cy0|^M_xWn5@80@Qecj6iztb%T)o)d>!e(f})1OBQiXqk8EsHf3UPR zZ(}Sd4Rg9w5;DDbb5O1PifPRgt4C9b;W$P2eLZ?2<#-=hQuW|S@yfpaLacd@Co_dS zTHVvk!#sWjYcNSq^OnAjP;%BP5Y}SVArVs3nt+x3}zYi~hox z=%>XEDh4Xa^MnlR1NdU-bn;81)7K=(1%85DSPl@3v9^&Vzp}EUZ0ZAX1G#R+Sn+sC zVYafLqW>68|6LLxe^|DWM`|dTPr2*klf1E}e4>m!Jecm5n%ZO#yFOK~=t0(Jv+R|7 z4W9f>VO8z`(01$(p*HRRW98w6#&K3R#w<@P`}6l(aXtiVhz{ibWW%jh?jz7t<%>gJ z=F)z0-1hAf@NLz7yZH~7=>NR(ze9$54V!X*eGg*c{PcbdGXKSWJ*RU4MceLKsqe=ULA2d`;?^}$jW%|o jkT;f{ZUOu+Cxt{$;!@fg@4Q5o$9dAl{bRMo z#Al_eX=7+^_Fl%&R2NFd!1g^o`}?oD+V2_Y7?|GE(Q|-54D|26i@pCYA~Sf*Lk$J> z9!luzXBmft{RKxAIo*fH6AUwZ1Fe{9*vQpz1*{l9I`ZA@SpOOgS9JP_cOE8!cVnbH09aTALZa<{FSsY(@DjNH$6S(3!8Y48?|c`VV^nk5`^4_C0Hl! zxeV4wh_~IUOzG)Ruu{QD86lrCu)8| zX+pJGT}V%F6A^DITapNy#Y7?1da_788R>GdBb?j|>gwJEsp-KjSlm?UdzCnzl-qUU za>ipr>dpUJUbAu^ z%m4e0Mi_s;&u~0jvL=Mn{ei2dre=M8ecodFm4?3Z1NOgP{nZE_aU+jJbj85V&W>6B zfA8l#n$6@}+uiY&*;(u#2?+^Ch5Y}1Z@LrtcK$a}=}9^M;aEq~__e0Qjo!#S*7@jv z?|Jt?CNqaI%2@Uw0tStYL%|^97A;h0gtMRZ42FS&GR*FHN$$SX|BBDt-;s%l3l+O; zC&w#oHG741xo5adcc%zAEGF5b*1rYx^hgnLSeS~c6j7!MRoBLIq!knuNAeZR7!pxa z-0pAYExYj0d5Zph7lL9^rbHZDgNe@4gArk2pS84B#n`6?G<0=kS0ob$jtsmXkIi5! zRqN~~=4tQPOBo+DIO5+*Q)cM>H=s+v2k6=Cj`!R>W3$-~y|&&R&oL_e{`G76=ID6E zM7r2s9#h>K#S%&MBc%aY`=41wuGy|4kmRCgw^HIz!-EgvX66QTM*+MsYKOJ|UC8u( z{t*0u{#eEU69O)W;_D$sy?%{}Tv^t#e2NSWu(cEso`XgVe=bR!cujP^r-;>rRFszf z(QNw#_S9mf6*j-1fKtUL@!$ZRNA91irvKR-OjOn}%xiD|`i@4$z;fww$$e$_3-xNRMHe9@)9`Yv*x>4jmCWw5^zh)$|!Mdl%8D-#LH|e{Ig(TIP@-8 z76Ee@PoJ-TdAJbEX-~6IXHWaqChlV59q;{_bj>X9`M5L}_$fDEYV@bbb#m```pUU# z6|jj#jWMpYr6-X#$o*0Cu(dSJcMn4Xj zg^u}~{p6UIeH8wv+rbZm3JVk61=)9euQH_WXv>fg&0(T%3uUT9_=B*Yg(fDdD(cF{ zPUOj3pRNnt-QDHZ{f^&V?}>*3ZaF71M}UU*_51fXhlhu(D(c^2 z4t0f+VG-V;-Lhm08BVzqiC$(?Z5^MT5fc(Z6A%zMT^&JLPR8?qZ`)xp{(+e zia8eXe#>OdCy_GdJD;@?-`q2YkmKf(oYY#8YXmxtt#x5!GPvF*-(x&_?6~-#n7OCMBc`o*gj%4`w_&Pc|be5~_yEI#wJ-p~$z9>YwCE>l2 zQVvT0+4B0whg+Ak5rGLgKEmY-iu}p@eh?k6pqr`{xkU`<>>|I58J2J7j_Rb)j8k-#{j{`qH zKbyVDAOiQhk@^Cb7j;@Geg%jx;z_4vObGdM=wF{X7&6Z_CVURTj(jyWUYlMkGdEu0 zZd-#oA0WWm6gW|RXNq1c1XCmx!E00 zbxKV0;zL4^RcmcDyMpmx4=+#Fy4c-yoKT^1ck@+joE|Reg^D}dX`9n_=l(Zb_+~y0LC--p4)o~sx>huXWhK9tr`r2+Yoe0NrlH8j@-Z=a%PHkhd(-4O?nV1 z$~@aPc6OQCUBOh!m4Po1vFXg_**I*rn^)R=%zLjXvE?SuLd%FjL0P^%YU-MriVh8Z z1Jdaj0wLn!s;?EHTy4BPgwdF*G@VfK`zsd&&q2B41kLSRB^fEH()?7pp|p4c+hJgpgV)PNwerOD*F;R^T{T5yi>T2hZVJQ^Szp5v zz`FX&1Q{W4P*Zo40R0>*_c^eE8sUvy*jqF=sxZD)o$7x$^n)_DI@< z^4~>6kQsbYxiHhrYjXIryFLpWGVYc+@arT{R*WJ&eWUo0|9{TdvJWl%^!%aVH_^tad-E zp4W!i8WUQ?7rUxkX;*YY{*wfAPu3*7?2FGf{be%DLF?ThiOE_r(R;-E%@S)5gm`r% z(i-{qs5k7I@6lSX%s$(wNDdEcvZP24Wg*)&E#9U>{g)HdD_qk!MIQKU_T^ov zGv~97L8SZYEA9Gdjg9QDgXoqY!!Zi+_USRfr(<`_l@SS1ym^mfajM#W*EQxax2LGZ zczVz)M7C3A5zf-Ne7(u=Zit@2PKs%>!+K_1oyCg^?Q*hfd+&B1)wy^;Po@6$dg~GnbJltF@(*iL z;nZBBAn9S*%cyz+k=&B)8ZWZ;6{Z^sEfLF)%IlEiZtT}QI+^|hQ@`gGy7 zoN**&t-eBKTr5)^9kBNHm*Gd(wsm#~6elF{v)fVlBiGAb$fMh@( zd(3zbDe1yri`7qBQGdLV_v?zA=PoCR8(|~jYWW&#Q*niG^mTig}&($ZO4sB`D&?7M}Jcj z69-UDwkHd4Lby&}f=aG^wAiretTv81-RS8AiO!c4X>KW|}e&G?9mjjfa-rYP_; zF8KPe?#MSFfYLfhH!?0xIGRRvdo%-~q@-knqw-t8yXu;n5zsI2U5-CLTsA$Pv?23a zEH^*9I9gIqZ^*D^r(THo@dFCXU*P^=Q$XST7F=QTn2?z0xSi^=J&}hY5Q0zg;e&_k z?L}Bvm}I)?3S{e%M!DReB`t(UIG)9{f2(A?&~&ac5R)F7jEt;MrKWWxP2hUJY{*~5 z+3N-3@#$&n%nTMMC+AyKR3UNk!tkSiP@qwCsdtI-RN)3le&)ydM%P>D4+f4mH^z+1 zOl~MBMQ1Awz$5Z;&KiM!SxBdLmo1P?LTnQejYM?ebzt@9MO^WB7qcL)1B(XZW^+pex*Nm3Z1#uX+1bzi+vZB+u6j z#lpcuzw58{JEAwaf}U-`e9~~ZiOwtRj`#!CzgC-g#!fvtYRY(vBzPoR!+X3lHd|w< zvh_oz?jrjSVJ(eYV{6z@53TgNF?pk0r(>5bAHEXwE%_l9(hj6SRtBh&(St@R8DU&V z=`cuXj@=^SvGd-S2GJS7Pj7Z^Is3LwC<@Ni={6T z?J#fA3X}*Uyc<4W+q3JmP9VD=kH0n%V#tZDVcKDXIy&*7s+(%gencQ*cX!)h3lA-s z^Gn*2P=bN%bo ziW(NA7CVHbOw;1)_0dATwTR9F`c7vjdJoPoI*|~FG&P}kk})mZ?C?GCE*Q2dHi*?< zh{u0f_UA=@Awat+Fxbq@7_Og;K=dH0c*_{2ChwT+<#ZAF`h>*#cJ69W%%?B*8{eSM zokAs3C_XW29Zy1c8ovpyDkg&t1?Bv~$w`8c3le7Si&Co`0&)FSKQ$hobO6| zYP}&fGASuIIaxjDb5?vj4w$$%Kj~ecZoJ0ls{Rxot>)yHCJ=IZvsYARIF>1OyE9!v zbkuN(PeVhqd7sIO_i(%P_!bwpKa5C#!lr?=v9S>f7P<$WQf_&5)w8OKl>nq{jw?tj z&nY$Mpt_^Rx=)GVf_nSYCC{Hf4-F5OTE|Ck+ypQ#vhE=zB?Y=G_NKRKsU0m4Kw6~G-5x-N zU<8xn`y(YUFRuXH_{T;x47H1cxvFXB*rr6kh6Zkcz^P7If_Gp&hlhvX9;rVZF?{^k z?V|c~D6(mR_u&MYR3a&`<-5i2%XFa#Ocs-vYfgI$i{<;vr7YztvrU#vRuTRFn3ix7 z5&r^_zp&7N$(+ov1lqn6hJeo{iqI8V)2 z2`2`1K`g#AeIcp`2YhKV=Tb+h*PBnqok_9asrTj{c!b@`lAQn0;7SEMC+p%`X4)Qm?;Fa%v8Hdu1(Xp)=Y~ zysvKPAStGI?^#myG&Xw@nt)U=x8h#1?%*Ubp*(S!<~o!~<=2P_O{n`heH2J*pSLM% zBI~d0Z<^E7*gXu;yd9{I5gwgHKLTQj$=cPCJH;q2xIp`6bf1w?3GrFmBM_I8yT0k8 z$e^i1*>FL^p0#$n*A{&!kJ%bt_FlqqJL~q-J!Ny(>i=L!ywc}1yhP7@~ug2&*{U!NPMO22FJKU_yhQN{uQn|p3A1Pfg z)sl}K^X7t0QyTm~WHfjp*Y!htRpB0LHMn-q`FQ znujCdaaas-Uk(FM&fp%$WGJ=y04SkufUA232B<3s?l9ocuC5UGI^W9+yr|(|=*e>q zyJuYmz5f~f3%AVVrx&Mu_UfIV$`p%t0MIj*$Ccx$Uk3*Vb6u}T003$Qa=cWl10EV0 zT6jMVlnfB%F;o5f^EHgf+-GkD3ME>wlarIW@bY4s$Ga1GdHH5=aBxuJ;o-e5{Q&n!0Db@r2wY$W zDmR^r0u^MW!dSjD5R1>ri38l=x5lpF;qTz%%#e`9c;k6UNf!FI`f|}3AWP&diDXhbx=`^%j+KK0)5b#ZC88X2pZ`S!g*ExN z_8C7h5P)`w<^8#_B!3k>#cZ2XcqfdYeYroQ4F=^9WJyWMj$a8?Uy79@6ZnJMV;u+| zBWc&4zYn;wZ}Vl>4cYQl!-UfQ0_{x8u{uv}j;PXh-(XR((6{+5e#UsrOKs4RwrTF% zqLZG?&wC*%tCvYcg7p0L^vsO({Hj5XqM}6+0{#I)C0$Yv)f=wa>1l;KOn7^j_rGGG z(_jxya3^8-T7A4tshMJQ{ z4ia*wX*4M=bw(I@&oh!CoTEsL(rVa8yVBdQNyPT_B(w)_QX?D*5>*UmH;kLFu?OQ_ z*sCsSSfsjNQfW<*YCbo)>DQQ{OcaW{B{pjipuco>esN~qY|)UMkLS#OxE&bqth;CR z4jqT1u2w@{&h{iUP$G5($RTrkflA$eRcFIY0NpuG!tGCm4jwhOR zEfY9J;{2;o-s=eLMSZ?xb^@E{c4`ilJz9|PVqU(%JqFfaC=V4VSs&ESy4_JaMH$8* zRrL>qt-3^83<%ujubhSIOuQDjkvb+h08_wXHm|V%pv=7PZG=0bIJVVaBnm=&y*HBb z?#TU-a>}x@vJ$W`-XJHV$cw4>vIpZ+)f$`v33!vnvLqlQ0tD#ORRFYldU-hlOnSW< zKr4J;ywvE5%j=c^V)tpJjj1x9s|*5D=*fcpQi;>Kk(&FxZR6vEbEWx`SqUJuUS90a zv;|@@ve_RdI68}pzNV+A$7Qql0pS0aFJGn`ob7*pIRzxaSg|IbT%n4h#w}pXpYjN# z0~n!8thdAix-O5Fl0mnIc1+tp4SC?Q+s6c9PQ=0z1(*>Ks*-7w?5dR}SfH_j23>5n zQ2TZ+&T~+L_rAP$cV|2Y^@rola;ZYC4LQh$cUf5rrMd{pl_r|tt9W~R7rWltA>nf= z7@luV{rQH#bGy&@-rRd5S2nNz*6nHq?&)W;P*ns}2tet#&CSJUXJ>2OI`0)!9iN|* zkdkIjvkb&BYd_pwJ2*RIU_LXxxzq-i1{h_m%3OWX{n7RA{@yP*n58NpD2N2yHCPou zA)TC^<(KcI{6(LyPcnf@xxc>;Z!!l;LdmU^G=v|HTBW+UyWBa`m3am%k+F`tY(_bq z-DtYdrer}Be^pdgQ4Bd~@{aung(ZM8xSMYb%4Hxcn}S^&OkfXrW>1PaK-@> zXQko=+vCtpi|URgeL}c3O`(~tdOnD@kk~Y7&CZ{#|D*PkPy{u0(6>ys0c#X(8q8g+ zQ_qchXam;vkWa}EY)fOfZ5veLnIvWRaMg$g-=k#rOM_I}L*;S!i!IwvD!r&4VVm)b zPGGuKczzdCJN78f-#i~pq7RRNTXDEtQD%?s4}ix@EA(hFEnf{W#63|3YP|Uek%{sjCmhW7)vx-JPB#L=6gSo8SKtd z=rdun1L5XL-3Z}*_*mKm;ObK^*^~fH(r~Vl8W4XP!zrH?0HL^D;Shw)yn1&H$tawN zT~ZzB<1s4F2mJsB4R7F8Xi}0mNSLIgqVjimBrOXb6f`W_Tc$DeZ$~Nk~Y34#cxEYBWOuP#S;x(SkU%5J2)8#2lXH^r8qE#OR;NQa5wjeyE3@AF@KYu+f%GYx9aAlVEUvZ~-%c%(9qZ1n5H$P+Ouft-h#z#{&R+pQ)+N{-|?o z3>6UNEar=i_q__Gb=aWcy@LMZAx{J*W>nhZx7f& zi?${cwPKBDO`sH!$jaJ+euWBNeb@LWy||3!c^z{S`>+rh&kCD#vPFhKn@)lX9(xj| zKrVgc3%{k0F2sEqX@3&K>g%@lB_tv97k z9;Kp=>+xbOORs|~9294(ux;Py!E$I?7O)xq=*g<5b;lC;Ba6DJ+nuJsWNc2a^Tk>j z+sx@;Urhp)8D1ZS-etRsT>XLY%`V-S&3zK?u1}C)?(K7L47>A`FGYs)ngS6CRD-I| zULRQ0vIck^Jvb)6#=|XnWDfGm3`=FPV`53Fe{j`9c}zlX;I+(@r^Vo~w@6p@QM(F? z`LUEu*Lm|x`86TJ$0LZv264{La9a=RkWZS>VwkP=ePl`|4;-t=N-;zZnf>!;{m43t z6=)E+ly;9j5oCbkCI;I;Qw)f~9VUa}l=-c?gUUIeW|ESTWr=>)Ut#8;>?<4MLC~N- z_NpHq0{dldZVu)%IW2WSS!5)cKR(>&E0jFR9r*5dmW_9(eT1f>#<;(M2I5JU>=F(L zkayHdGKG?f0GqLKaza|*2rNJyCAIwmr}kG-`EEx9R0Z)Qms26oWZ0}XUxV3DEhBji zkfu=c?vMA8i>yDgvdG*YZb8!*F$_D*tKX2i=Pqc$R03`N1uLJ z{oqW&$9eZ>67?#OYz2o%h&Mv`E*L(zpCvOqO0T`I$FFmTo_Jw-KQFQ`_!*ItW*P76 zM=bZk+gO*6e${9&G{$5y`EvpMfruv61vEdxsM0*{j($xqto;ykf}Vow*IH`AKWVPnJ#X|F~1b_tcr3$?Yrl~bk_@7!Xc(s@m}(L8TioXy@7M@ z&^Cl2(_+ zHjXuwEBSAo);dXPF+1vgl!-ACRS_H81IEt=zhyR6SeI9^ksJ=_WE+31)zjsJ*&x`p zQRS!TLJVe`f$nT*H{%T&~t^v2iY87j=lM<(bAGmZCd+=#>lkH?w6 zjynn-T_{I=2Pq~~KEqg92i%>1&jq`KepLgQrEjw;jV`gE(^_4h>e8sz>O5=#JWHu! zu1hDT?0j{s>FMd|Z~C7J+SBtXa{R{1qaw*Q03Wr6cwVMIgb!%4E-)JCt6}_M0&RCK zCo5@nuc%3{`Ny-@m~<)Am4F@Ny4^3^+z}EJZ84G++j1&<($_iyFxJ-Aq;vO6Jo0VV)x`yq(~b&gljNo5pqO@ubE+tcnwxB@hg1@Gg%E6k zN(kEYFXzJ=AMGyqB7ar(-kZ(z9My09=>dPKN_VnA*-ru!_Q|-kL}boA;Hvt;h>%yE zoBMi&SI>}l+^kg}509L`HW9Na^- zqMnjavA-h5g&I;5*D(#evmW@Q&Go7-$N|xY&{%}n8G;v%TNj(I5B*Ao0j6yf^FnWt z-202DjQ6QOt@>`1HB)^qnfU;`GY+Qv9n!MH6@GU%fF79M-Nci)sor z9uO#JhRNf$3wm_4e8!euEYFMuS5N(7xGpOd^H8o~@Vn(oYGx%Xb_fpZ*t-mO%XxKB zd*0=|4u!ibS+d7UTFg!E9R_pYcPGJdawM)d*k2V}t4GGjaQU{(1!?8}-gkNjap&Y~ z(}u)!;~wR&+MALqUbSM*U)w`#g5phrUd}2fPJ=i;d|}Uz=y=~aj(N^GF5_@{koNHJ z(-07!j->KSudV$=$BSWm+&??A4ih_?T9+KffrL-k@7N-!-h&auO z+-zLT_^X}$iZ<`sSZGRa;++i;Nve96%7ul5G$->FWu1aY!T71ItE-Dd*teUN?DofY zZ!&?$HEw=h1qAX}pdR#VZUP`ig|Dxx`wjeB?Qo){tNNv;++-&F35os2wA#D`TDiRN zupxGblH%v1gQ_L9%}PK3!K47=#@YT%+4uz*Zd=F3##Vp-L4Vb09KOA60Hy=}PoF-8 zr9hsjosVNOxgF&7JOaAFu+|Jjn(l7FB)1zwYX`GYz$QaDa%DTtF2Al=N4K9H)wO)T z;->oBqLP#IM1Z97`NXhW>-in%0csNfHZv(%**2+S<$1Km?{!`ayWzDIKP1UW->{7! z9JxDaO0x!>wY~ZZOHFFxYL%MuG2qHuXM3Z45zq4a0?Ti%1Y@lkA6L{jtND3?PwUAg zBf~kt;&Yng&RwI8(w9N5on+C@szVuQ*Si?r@fTL3LUSl>t1}~4 zw1oyS$sL=r^r9||p%2Ltq%4fF+bOAEw;m(!at&Ika1BLc+NLo^PjL49rgS9sad7C8 zgmjN4*#i?XWHrV$PyN}w*&7DEQKVzJ2?Nf~i%_n~S&zA(^jBjcE>K@-2rYUD9cX?W zyKd|iP1l;8vD4{Up4tFXf)O&w3mdp3aGEcVjS78t?9>|a5cFZMis{0QC!$2;&%kA0 zHElx4W3>O0$b&<0vcElFH%FN0{OyA`bpS~NzgUioaZY7Q*)i9RY^w9+VS8ui;_%r^ z)?7d$Y&KIdmhHR8s@2-$ba&@Jaox=@$OK)Fh;ej7&vdjJa+ zwaxtjk}Nex3+fvPSIBl+$SEMQ=7(zle~pNShp4OuoISA1K!4Ze>71Iv`0+%*&t4=s zAFcrILAO7K9u~T3e7v5O1GL^=X|temU?Ty6;Q=UpNlC{5-?_QDwbj)xHa0ekIIPV5 zz(e(9#{s^h=?V&MZS5Xl)3ajL-qe_aD2NNBt6V49~_jo~+n~JiJ|= zPuSVPis&M~TIS>qN}2(Iq>b|=*^t#ESyV{RJW9_xUf4H#hjoH+4PwKKPqRaVRXd^# zBi8qRNy?d{{`TyN7DX3m?mrcYT^S`@f6h?6QCpQ> zt21%S9JNdI&qP16yK9ek#<|B3s8Fmf+@agp2zTk&8_I^lQf|18@krFJ{;pc7E5WrA zwpOoIVTX&tDvjmtNU@9*KvB_}W1cs(Be0)0#b*zb;_M6KsUQl;;kRd2GcJ`54TVqI^Z%0m#u>_T3 zsrSxU){`1z4NBXq8ZhebQWYp4UO;Sv9kV3?KS~3A@Vd65 zhIYsr42{EU8`3?m*sth`+)C?Fl3BF~SCs5lhvo@JC(QavWZ_PxJT<{fkU3NHlUo9@ zYO8bX^F7JcEHl;ao}Xh=FDzO<1P5lu3+B}Y^3LLumaX9KvQ`&-x-Df(wDr(#O4^(* z%IfK@DJdBP^Gk+op4@*pKcB6mUP9E?$6vrPL9khs|u%jzC-g-H71XvuC$BZG&C8zrCcb zxUYAF{D{MO|Mv{yyRHv!2b6VT4UP969v)zx`EA~K&Ho`wutxVSt36ss1E$z!1K&%( z`Sw9o=jnH4fmQ0bKUAH#oZa&dvA^ZYRRnFjoKMK-xqO|aZMu^x7@OSOx<4ak*yH_L zbeIGTHOcN}XS)*tx*}TLVg!A7ztpSKVst;ys(CUh%BeKo!aS&-X)ZdX>3fVQ19gnB zsPRr+Df!Y~dH(wVLvV^j zQMCZW)9>HE32*U$?)YI7fD?rIr8{8S(c_6G0SbS|(h|WBU>dLlP+Q9Q2zU_+3kyG8 zPbLCi-Uomi^yaHA>rXmyFoPUFKmePHNv8otTYn7Q)6>%tOydHqpfPlsUt)*kV+smP ze}*)y1#|X}n*kN0{gvj3XOskRH;VNRmOqD-W2sahK_kXw)O*eM>-Eag<3m-) z8W$H=Z~5U-(EO5gmUszh_j&_y9l$6dBr3WN+^6s63YDvn0B2=)Fx&CxTL6X2|G3U` z8cHv|p;iu^#w8F|)dI5=;1HBmvl@5i7Z!Hb$0G%tk!ebgKnia;K2BY|UqvlNehlKU zrO_TMUY4npFH|F1LmM~5YR-3jvLcld-kU7e$AY^+;h+qk+l*)b2_og7=bJv!a zn}O8%>gCH6-M*;(rKV({_M$oC14RTl^`-$G445$;Fo6SK?r@E@{u5i_>3J$=q*iBV z8awq2lhsV+XCXTonGdt^B%Rf|AfV{lPB;2I>UWI!`1oD{6K9Jj?9*%n06=_JiLIrj z=GpehYXY8xE_~-ev3Qoqy?W=1{T1L9K0BC;rq}K)HXI`bIG+c&-Z*L0>J?T?3=IvR zY%Mz7Z+0gOp2&~E!9gI~%&)pWo=>SiF>`Id5E*?=H(q(=wE}Gzd@6<2J*VBi1{k_P zO#C93&a?mx3VKhQgM)(skR^coxB?5(qio*r4J47jsE^Cpwj`AGBT&Hwo&(CABS-gJ&#X+o#8o+M7*$e>|#LeW#J2IfKKRH4jEJm7?|M4kK8maaK)_89s z&nHs0g>I55u8i>WWKq+Du!#v3s2lnKeCI1y6$;`=3tj`090dH7fqD;_^@alK)N?qv zi1>KreMc!Nss4LlH|4Cq-i*g(w`#9{2es}huZxHE#QX!pFYIsL?dJ}FEb@Pz2$ht44_|b1kg4%16`oFn69<;bn)cLo!I|D z)w1#7#uyMtm^?0QZ9d4X=CtG*NI+Z!Hw#4f-yoEJI|b)P{r=q!gwp>|M=I_>O7sf~ zV)p3=w+)s&G%AWeOFYqFwwyfl61TIx9i%hu^78Tz@O3;=ARwmG)6<7bw7a11`DQZ3 z2hBm9c#X~E3;5z_WS%RiA3z)Qs5`9f=^k5I*Imo6~@N`NKB0oH6GPR zb?YYUtwH9ZrLFb#_95QKem_*QX>9#;^(y@G6pdj=P<#fHxRncM_oj*@0GI$=;x+8Q{}@!p49$ggHLxB7gw8{cqkS*7)M&VF^8g@*U06T~E$NL%mvi(>f>@18=A-HI5rW$=x)O-%s1&0GbKzkRe){Qp0Is->{ z7XU|BfVvVC5+XlYq>$Ka2GQiCD~oVDojc{07}fMWvFvlp0VaDPbfT&I8f zR0>AtB=-kLeCK_7IeyVK7bya80ODKOUf+9c+Lof&DFd6Wwtl4zEqv3fKH4S_ks60t z>P>D>%T=Z?vHAQmL-)eE-0=^6S8%lJvmToW{7y zw_C%-dPfpD`Fk+8PnR2_0@9g!dWe=(;Bs2XtE2XK0xmTR5#PG<&gkKDA|Cga^! z?otpSeY{0MX#tu3)U|z(31})!fvx%E{2W#T&^xSo?N*kc=^QV&{PY5_GJ?zPR9@RxZm>{m3s9sVm^(d#a9B@)SyR?t=wHR#3PI{0_V@3nlj__OR2nOY`}E2B>uYQQ!ZWqMs_<|2w-00{Q>%MC&}U zJ}P1Cg%z<-bl&#!=#b)zjn8ZqrJc2wlrN~+rM{8nk_Q*tO`)9z_fNzUAz}2O_7~PU3Jz&ROLjkr$BGzQxBBlbNQ0#iUWo7A zW;gX^{@=$}e0}fG$MX)MLBV@r%o@k)1vk=p*Ypmf+JeO^J&2(6ik-Dl^yYUW0{&KT zFV_|URswru%S<3+ zZHQssmD+g`Mgd-F9iWn9U+X8_i$s^I4K@1sj#8>C>K)+!9X+6zB|bh*+3Ub%@K z8o4TG{?MGin_LRvV7?||dU~3n;{5m+sGMm=2%tm#^~m8@N&{YVip|Qo)7I|!y*wN> zwZ53n$?BhYtHZreH*LL*Jl4!~+DmrH?(Z%mw9rw!q7)#^FZFt&JsyB)*^(v>S7)(sZ$wgGY zo36U(su0CF{6eX0Y=WnPd3H*HbpK4pM0b(V)zT=^9w}PVyo5RN^mgr~I!$bAOxJ>i zk#;~u1#C z^n(dutB6E0;NfKr5&IM;#7C0!tU$v=YC9#xFf_7DvS&1<{}biHtU z_I_*c#Ef3m@RSN4F?jrl_kFn)!tn$Jg>Y2Wt} zG?w0Q?CbU~5?eWa3H!W*oX^8Q(LB<&1?^|~kn9)VqMN1!dCqi7+TXhKA{^7SpJN^C zBCqq0W~{py(0S>lGfU()4(1C24I4SCKYsC8q4$TE7!ONvC|FR-p8w4jd%8N|zAe(r zDZr*EB3T>0)FU0Agc5hE6gOE|O3|1s89R1E>7aK}!`IPf=#OI<#%C=8BR`DhK5n8dj8LA=VGlbxmWBGONWD>uALK)#&9-PZ1J6c z)|N-~$Z#$)1O>{kymYGY@zy1qmJdhAb}bT!0FZLVW@x%?_Clhv(EAX);RDWv*vu4@wF0){?Co ziPKyLco^_$WL9e8$ciq1=S)t`@O>E5LjN8|(+4*}MtAePyQ*{T=Jh@;0Y*GL!jNQ4 zKuG^WP$>adHqn-oH|g)VI3<03vJYf`B|ssujSV!^uDyPFK7`MPbgH&CXclu}edQpH zqqLzm5~EiyLbT0AH+Sz2?*aa}n9^E5^(?#Q@WlCmf;#wjh`!AM?kb7?h2y^C(+H{m72 zi1nr8im5u;`JCOU6efwNnUm7|KIxSeRHL;K*@w?94Co>hRjhM7iCGi-`^5hZsb49m zP~U0S&XX7}5%XEojinGDzB2SOwdRUNxa=W~s{~r*QFa?kUi60Mdn64L1`ytKejIZ5 ze;Y;Gv#%**Xqi+xN-fMaKVPC~O-HWvISN|Xm^c2!Nm`ezSaoL16TP}SyL(2+|HwF8 z*)a#cO23<->H9^%D~^oa7TvVYnctXiv#*F+{F4(iKM}C*D5RdUWcHPo$rz<-+}lh$ z-e~`|kITYehF?Kdm#es}uMv@Kt>=D!sHo#WD2-G$`Ca3jc%P)-NzmUHu|QNkX;nUf zrOR?FNT5TWCwOYuQ#g3arE6BzH?Wj-C@v@TlTzw;>dOr3`26Lu+X$z4oeRi#i*2lM z%{E~mgZ*XLq%QfbMZPF=n}%~zX{AWg{ccf7j^n&$lmH*bZ~flVaZ*V8g0R!7iEJik z|EX-@XmY(T)Ky*YQNSU_n}ws|-tdE*?g6=Pw~0BzJlxP5l~cL-i5O~=9fZsOWU)Ut z$1|wtnD{TrzM=Yde=_UUwTFc2#ClL8es7_tcDtPy{8VOt=zHE#A1iO{I6V4i)u>A} zr1Rr+Oe*=1l8i!{^N?C-L4BKS2qxu2?@&o?6kbJM^|ngGT2s%~F0DmajFax2_21&Gk|Uw26KeLv4Cp*%WQQ1o{}W2Y!aVPrve zcEnQ;)80Bc4^7vui>%7(ygL1&NJ{##&efODC+VoRuYw}fXhJvoei~LB?(e<%Gdu$J zW_|tz>Bk+vPd|eh_8x{-(H5uDSu$93X@tUcL$XM-xY~Mu&l~phfS<-M*!E~N z%JM2TEvGR2R`O-cIucC=OU==n((!X9w7|EXDPHN35ZK(jcpExezNic=hTuV&Ns~wa z{oM!2)YE$!rIC;q-RoB0Yx1at)hxd^mNBBurLB<1MT(@f5-|60uzry=JMlj> z4nLXxtXm))rR!L@56^aqyTL+&_(IW;-S_1q~wGXT>QtFH+o)v3-pVw$j;M>%9s7}{rm*K?H#2t zMC)4|d?W)Sf0%Y=cj-cQ=(S=m7oL^eAPx_w;)p$39|z4Bl(n~!k_sawQ-f{9608!A zP6|rV*pjqBekY$N%&zE5NNd~d^0CiDE}x0#$N#bo62Fs zWbE%nywuJmw|M=f?^;peH5S`)7MQ;tC%UDgLT()Lt$(s6uW~2<&q!=#s;b=uec!Q0 zeT%H5xx?_EPeFNPr%X3Np6NWs(-^IVFnj&fDebc+pqktNeBqN_FR!$;c8LY2y5!91 zNvc5M3q)=KB+xMFxW2}h3$!(1;BJWj`g@yzfD!IvSIlNdbM!xtMjWF91_MX5C7l2l zAm^{S?7n^CxKU{ZA#QWRSo!eGOt@~Q!g${E%g0ueG!s!yvkC`}r0D_iO)}-Vj#}c7 zvhs_0f_}powf)vek+GGd+Ht@UL{UAPHOz3L`S{W9%W4ly1}Lw-{*XUx=}Pv4N~=r= z^*c39oR9o5w-f2g{!(Msp;jOEb>!N>mH)KK@`}0a@@Y>sZ;;TwS>Jnk5iN}c>>r)o%6EnV_4+vtm5gR_d21;JRQ<4FBLT{RT$J`e1{l*oN zHBEUzSKX!-f{+c9;9KKoqZmZN^!XzT2wNU?r|H0(+2>{Wt??Opg3oLBe?$TTMerNE z`7Jv^R@M^m*k?Lg>hL{aJNH}+c=GraYsl@#{?p^y&qFsyMsyX*B0%ASH3HbY{CsoL zHbvCSt3z);M+&XABO4qC6|0!jclRFR-Rt+6@;*2A;{_=X8SZKoK$Is)-hUvepQZ%R%USr%|=ExA=6^7i8-IR8-pGg zp5iFyduJPPTWMnPU{G!DM{@WK;P z!8K(gYrpa3!Cs<7Ja+23M9ixjiF>`@{wgzGxZAS2)?vIhWsw&PC1h3!{2DXQ*J8ng z0FyzFnEjri^F$4j)9K-w&#@!cS>50V!bi-v^Qrpq^8$9HS!RCu8gnR-h`X4wG|Yom zwak8ja;gzf^06-)@WB%lZd9Y0{J&70H1%eCI~ zZ;kfB*aeTcRYq~`seRPgUS~R=)WRTHv~R22GbXRJy%kl20d?_=G$i$P4%M`2f z$~pGo0ek`a6te7Aahnjfaa`Mqu9xw&mqyH(Zjh;_YCHe_ZWRkW zvB;&#X#d%Vb{LEMR`zUnQq?+j)3&{Vim8L#{)XV-UQ4fQJN%bYd@A-e_L&((*rSi<5$qGnVVprlz=(dMAPqll-V|`~c4J>{{g2m)+sXu!OPoq?4v+ zOp_aH3sWy?l2P8tVhtJ~(=yKRTn%SIAO0@=0%ZjgnY_s?7CsqbReb8H(fV*@mL)@$ zcgjg0ga#K12hf!XP3>{AF5PG|;zWnDBR% zrnqHzc|vOmn4I?J747i^qAizQ#*^w5!#IoutyQX-m5Iy*b4emXmG zJVQFOYHQPZ;4?WhqwCR_Q;K#G-TSgTu;LMJmA|#6CgwN!n_FME^Q3kI?dbOniu#&( zTn%^|YWcnR^W~;wO!?zPr77uP^%)N%ckp^*-0TNaU-hw&o{sQ}Zyh_bmp)^dp%042 za7MirYRl#|$243N{id!vcbP(p9+S^}OZMn7-FTUDyxh|oXTE{%cbPh)C-#moO(GD| z=oDtPm}Js|f^TVL(dv+`T>o}_!V>Snt>~BjDIvWDwAnzM1O`=O|^*)L2GKkwoG$K8+X|O`~{%#atoPxmLIBj(fF@3CyZxX)MI;i|HwUzO)OEe})18BIJ_V?TWE}?HK{^Q!+Iu$}FPZ6d1NiNElwS81QotdU9A(GVs3GY`cm< za+^G~lGku1oD_NPX{t*MURFx)ldGOXp!OEhNV1zJ^^{R7&9@F#=CIJ{tVE+qufj?e z@ZNVlg`1oUs3%CvBi_ZM59TLNG1Jp38)?C{Fc;IK%&Ha zfg#-WMk)sJqnNl?X;5EE23O0nQSCs!!xbi|2%W)br;zm4>@D+fOy-Dw(Pc^&kx7P% zbX`rejtPyE;baW@+)uY7?G|yn`Ci<62`jF3gX*J+LXiNd;mn^JeO#{0wK-7_slBTI)}((7Evy)DDlmjJs1ya_XPt7JCR(s*m^0oTGG zzYdBZP@cOWt8c}V^b!XCkyW{tqY+(V!whtgk_|cB+WKX0V6suQPvKA~l8O;&;vT7) zm+Ex(l3AOo(Ugu7jq7lVPH8#hjbcbJT`RpE_lo6qWZ`3S3!LNr-^_B`(}$|q!O5MO zAcMmA*fASrN}m1Vci!TU?NlT}F`iiv^XlU6^Q`C;Y5$5#5GEvLM+ZSk?VWsflX)49 z_D1K>+TFSN_hRO)cbkyQ1ZKV?d0hfY+Vu5;2O-76*|Hg$Z!f%Fpq|em-a3$9ImO#; z)vPMb#ZVM$_$`5h;l%g7YAjun3qgeC&@VGpp;qrT+eS&|uPFcm5uNRJn$K{lLYF{# zwP(Qx)xQ56RzM)jRP)9{0N`rLmbqo_f9uz*;lH7D7i8Iv@dr#2u3u{5X@-FpQ~&xO zaL{OHU;gJ934Hk7_jdrb`BfgUy!cn0Kp>rH07Uy$B1Z1~zsLS}k$3^YST>rtUorxI z#{Jjy&&p=X?o_a5fD{WhWaIm3~H8aP=s_!n7qn! zrTf^2I)%{*y-k-EHXTw21l_S;WKaCZE49{875*wbQqgu6zh-wDBOu&7iQt+axdG~d z9enao!nLxZ-ZN=$&suMViK6l~%XJ~y0uD-Vw4YM>i%m}%8DHI+o%m|KsefJ_!B25f z1>=eRn{x7$+yJ$1jMvA4lMH9U4(B}){s7+>V;cfS8#3=iY9+fJ)~vbqd=OIq>Y?^e zd=yQ;fkzJS#3X26=3tmSXTEGXX&Yw!(fdT(#49-ImDInjWxD7kzI)wRUf%0`u2E~J zbbQ||vgx*RR}#B#OMR8>1X@4SFK0ExG+d=mL*H*(YEc-?>l0Y;gOz}a*hrb1sMc@L z0W;j=(J)N4N7OY|EUBA5YA|sIJoU}dG{zV(U*AU__kajYP>o@x337Dtxh=M_sfove zSGa>`v;`sEP^+I=vpzcBVS1*ft-m9k*JH&Rr8LV)zbM z@uoGK;XiV!`|E#0rx@!!R!;JFuIi?N6C1zS_0{lA6098rO%}@^tMv8j%45$c2>{Pda0bvLb>qy#kJ>r-~Q5 zdXIvu%u~6V?_~<#3DHqSNAn%>`AOiR3cr{Bi!Yny<@>u2pc|Q`U%b1%iCPZjjB7x^ zrP6G;<-#p;r^?v9GBoGCe_H*0@(G3!r1!=`uk^(PjQ{LIQ31Wmq;Vdckn)y+0nWeM2%m=&*CtM7mB=x27Nl#?!BE@@VE^ z_P1t}ceO?>ac4dBTpEdQ^h;RDc2?%OS$Yk}(xMo8E={;;1d14~%T^|T%_;e(!-I|h z2K&jbyjWTqkfBrQMz{z#N<8g_IHqfUor5j6VyC`UP2RrhQV?Y~?0Kl{n;E*4qmO$r zc6Jjd{C>}kw_D-9ZumDT_eCGRL)n`^u9p|ByD)@mrl@O(rks{&mpsp>TAS5JP*(=* z(ntN>ShQxKE+n6k)dawi{JJLV%gLNK=*XKLhkm^NECRL)%^9X+pO=v>-l>lhNzl^U zS#vzfUHJoz@T^i1*3M$@NlPS+UbXApLw!rD)=-0S)*q?x*E@H>I8TJ$ShL2xvop1u zpAd!APu%T+o#XyN@j<1R0iCsMHy2q>F8YEsq~CQd5TRPNaH&arlNoZX!sln5#U31J zq~I`MlywxwwefELN8xg;02etH`}qmH*WogjM2xA>9a+}KH{JfA--EGNm@po|1 zco1GI5rto5y^9CyhWK?STY8&rBfgw#d4WuGBM2pAp1rT&0_eF4@aid(|< zo^v3wP)xo-YR+!^*5o(_&}M*o^SNQNLz?ZL=|f1W^`_(3$X~~HUt`T1AW&UMIz_t+ zay`$_<4O795)^O4wANL7B%mxA^?~` z*K*<8cf?%DjNTn2st2w1iap4vS*=04=F74BuZES<1z+q9i$Az?^B!x{#>o0~hSllS z$VrUXIPm(|V1^~|eEZn~!X}Hof2hp7yG!^G^L2RN%%sh`TBLjQ{BIFc2eH9or?e$O z)v|9wEd2&!LcHHl-77y_%^05~H{aK+Cy(Njvro=UgUM>kQ!U>rkI0SBYN}aGY%tD& zf#p_;+>>l1rhITmK#`wgq!@2W~FVpgvte3fFd|Fx2$e{NuX-=;Zzgp+!kUNFet zfv7hK#Ds{c@;0m)1b!U0s_K>yFp*EBWn?L5wlkgn!V@JVJCK=t1HP39hR3SBG40^B zH7cm2Gi~au`0>Jk;l{V*+WX+H8%LH7F3_Zb?2IA8c(@x7Y*l1U zZhB+tx@6fQW4)H^(+yT9{)^6r&WYR!duc0)(5JtIFC@8_1c3i06{=^+_cAWqN^m2# z-WTl{ut;%tY40?)85)#v7GAnR?>yp|pqiF=rc)`xA8DBT(WyHGc|85TM5d35nGyNE zVI$2+t3=3`>xnLE1dX?wFy!f4y5#WdEtbxL!@w<=Hm}pUtemJ&$@Fe*5I|i-u1-aL z6CZ0VRX?oNM%;i8Mg=ahF);!H+iQL=#JW?i#U6Tkd485%-OmpB0sdjT&GDe3TVKdN zO4dYfzPx?mhq-iUP%ctj7z=Ma-aq`xs*;AP|o!H)-GbpxT z&+`M$PB0j<_jdK@Z9ex+4Fi%6);@T*t*1;Br;Oa*ljer%$65H;8)nVRrdR4 zOu~9@8~>vA1i8PZ#(s>>h-Q&9692Ar*=Zc^PYwyr7cr4!|Cu%9V&KGhVOOPTYH9S= zPFtLMZdf^ya!}QCNi9y(hqnW9fWyI-;tRjEqerN{-H}(O=Ou!qQ;ix_^WaN=nDe0< z#R^`CNo>WU6TW6E(DT| z4z$j#iIj@B_K)0ILe>W1#OaArCgoo^QntZ?Wjl;2UA4gx1rQy5d!@c_0~J381Y@Y1 zt=?_sZeYZCtsnl~A7U4Ko*^RBXie(hF|d=pReGK@Y$s!41K+W>6OPd*&A#qN`1Nap zH^q!0Hiq4&z6>~HfBlz#rrLomw;cCOCwsR<79vQ9nT_3`W;pe((dc=Ta^zi#5fbZascq46PdxL? zcb(X^MP%_Gyib0|#P4HgT1rY9qOznf>@_I!4E(!S^VenZ49nlg&O0X83e+tlDOk=ivzIbk+~Zu@*vAsP2}V;Hzk`*zTG?>R7OAS z2jD-nQF?y|U_$wOGdvK`H!R`m%rFcoaT&T;{ac}H)#KCUo#~8Ru@bnC(IuIu4)%Oi zhOz8-jfJ8t%uCm>QQZ}RD@0&HcS&`?u1ho(+JUVNw@PgnQt-x&;|08#g5u5+T{F7f z{Z6MsdEzcKS(#;81CLd75NopNwC>a-UJHPvOoaHxcvxop@2r2sHh9VW-m))`|B9{P z3Fe&t+`;ID>SVyaPo&j*3V+^_4lj=^8Y%vi@=VzL9lGTdviu#ZI*W1G^)5p@X}wcJ zv`bG704HDLJmBDhkLj9MYuC?cHnTMKGw-lS>owcm5)Yb;4ygJ9sh@w@6Q^1n=&V5wN{;J^`6c= zjk-#msvG${SAX#?Bfr06^>CWG9XKstc0!3o0Nt~^$ZO~yPEHZUXKnkc7h2A~abHZ` zY$`HEcBY^@&a5)jRG{HarfgH_!i?mjYc}i)4N^uWSzoxHXpCu}Ums4E5ojnFi`80S zq=%2X0~@D$b5kUPh=9R0CGML8ayNg?usr89RKCtdPm~{GFi9>yrdGc{Ll7MOr zM(W7wcX*}!VU}>p=VG(Dw1CtzL!^H3rXizyH&4Pt`XR z**bG4DNJ(GDk{(%-{s|J`^&!xQHr zzy|+{&q~plau|#(%pD3{hv)iiN|xCu)$hLhhbz{l;P<= zA*2jeP24YI^8YWmD_#@O$E?P}5%jYVoOuTeFx&l=WByz+Pq7%I_ZL}iE?dd)Z_ys0 ziyP@s%dq}AQxy$m0(Xj-X`_LVRH)J%Knfxl`8f}PYR0_g|7o^o^)LXOql=2#WoWQRE^0{6snzOrf~!c%|=r?Y4+W6-|< z1mj`L3}HY_81ETCUE%uy1j@>3oz(+^wuKHI%n&BX{#fV(=2NW;Ydpf4d=Z2rxn{5UHRk0|9S^jj70YdM}51NN*09r;sx=p20 zK;+`+BP=Ll7YN@pN-Ea__|XgIIuaz6R4(RDM0*_oOV@=w;7d)1)~hDkZe_v+8-^Js z93t$?4=n)`+Hn@7+$NPvma*rDsR<>f>~9`Fw3tpXO}095t_oCx_3U>U9WlX~U2)3# zs8el==2DRgm$qDsl3j80$wXVH_Pgc%f}0Ak8MR&NvHMKo>Cl)WF|vxEjv z_^r&LZwt=CSmyt9gkxD2S(O_i*Im7tdFGH%?>iW&t5B+}9zHhJ96q|6PPiYdu$uD0WwMj!UPrluNN?3W%G)jW$i-rFc{ z*bFx42~V~>(H{BozP~$HQs;7{vY2zX!2;w~QOB2F_SN4aW=gK#)ma86o*=kAU9Nvn zmQff|4zS#TM-Nk%28X_|`Ia_bagg@o6_w z)~9x{^gEVLT-dK#9xtL+4|R=OJo^?92V8CL<=dnj+q8XLLjuk*ei(b%>m{StOjzC` zDB^N?NF18ttM8<`D_rBdrYlv;JkV){U+;9~C(hBPNO5LM!JXHdVn|;Z5k9c(mbzi-zG>eOZa$1skW3}IUoUU#tna7B;+cP zkz#2J1kADWgY#w;g=irhW~mQwUjQOp1pw9Dzw5#cu=to586^YSj9vD+!I&tW%(#Hu zep%~#yPiZIi+YB0p}Kik%wALCG#U;*^~Dn_Uu1gAiy@Lo2T=xwV@@Y@3hEF#UWxsL z)zM)U@#x50o;yP&4UqSF(fHgG@9LuK_~vbDhK8BK4pQa<{sP1J?(GF=;>I)cO8)Y8 zrDzSm^3mOa0lDi!8j0O>PMea(F9uxBMr&b8<5h3rmJ1zmGr39c%uHtCoTuQ0f$uQMYgGaW+|_=;B`y1B1(a^fNgrZ2p8$$`1v@j zftj|WUfB6@U=1X2{(h7HSL2s+@!VG!m}x1M97LU6zXg8G&ihonom2xWb~zC~Sl<5F zjQLy~C!4XmZ%2*?&hqX-TX%?#PoFbd&eFOMm4FRu)i(6+j;UO1AQ3(7DK~ss#|y^i z82JwND(x2(5aj{6R51f{X>Ao7-jc~YEfp@|0tT-sy3bT2ifPClWh${n>1Wls9~m28hh9*Y8>C9sMEP(=SH` zvb$=lrE zEl_*6cr_=#fV-3ca82wVz})>#X#`7oiJ)MNWqInmhPsv-0v&@OnESg z?JA7FS5=rc34L781=R{!eM@^bk$+k0r&%bjmIHNrt-;+WjypeL zR;Q?+UWCmKXc@bH5$z85Osy2I+@=IEEm06xi8I3`O~?6`nDy?H*FNgvea%@AjPR%? zpV`oFKG{$pQd*PMw;8yPzSz^a)B&On>0K{le<0~1!}Yane!$nj)jWg*W=F12bl9zK z-8h~nBw<4J*wPOrE^L8_9;y~U_t-hoAO=a>7szQjHP&cscZA;$+8Vfwbs}jXXH0RQ zT93s!$JSsX>$TD<0GLJ+cnC-9)A~YgKY%}=Vt-NY>k5=`@ zYb~l}#UJZ(2A3JS@Sa>^y$KR(r#lIMEA5Nh1g0xo_(n^4S{icb1|{?H6tan4I_zZ* z&H33lset8J3#A)uHl{5@3}293w)gQMhWp00UnNwCQhz^RvMBBgHcQXFE(-jqbkl5TDKEjVT?zz1R9fZz^e6^X4t?(gw}8oX8Q65Y0_LaN*Jt za;P@jYIJPx{&7=LA<42J?RvR+(k?QdDGavJM8U&u{{lc(O?Gm#EBgb@G)>%awQ4jN zr0IKAIZ^@pM)}Un(r#c5wdc@OR@z{3g&SZ$1OfKLK;V=dz&xr#u1$=}7W~uuJQz02 zD5#GwSwF^X1+%!F$v|6#9}4Sa=1q(54^(ezk67hc0sCAyqEK?OM1hv2@W$Lj=mZpt zlBr&RYU_SjO#+kdLYFHPUbd9p9BRVmr<248Su^1a$G8fld2TksBjy}gS()Tr|FN() zR9URiR1FLc?Auo{Ob!FTV)d(XI+MtxJza918r`NP|BY@~xi)v*`UF=ZDeiJ27*l73 zZ@zCjlbTif9yM?~YBIP=XA=_O-C;$X9L|OlP^k1p(<@(|l& z=NUC&E!I*O$(Ay+3HPDv`EJ!*&^J2?(*>{0-cdPnq=fFi9>#^|gDKCEJ1*|Yrnq1+ zPd&D&F#DD9n5Cl=C>`N736I2D?3XUz?Lyo5%ZbT8B4Ys;S-Do~eB>c0FmMbzeB}iv zx}ZJ=1%B&e7{HudFGfwkJ!sF1b_mk&i7C33+31k@prDmuHWL^8=_dWw*HG#6l_0m7 z1L17Xdi7c&Q=S6(Nhw~VE}ks~ZI6~X+m&G;g`nM6*AUSgi{TwYfDjjxbd3YDQSDPx zmsmP3bUK1!JA5q8pu~80dhqQ5w{w@ZKUcA<(eqZoIZ%}kKA>M5Z&7d>6jmF2+pZ#! zHNezoI@qFCNJD>2KH9S3ux#cJh4HkuNa8g89vf(j>x?1h2%AEv@Vx{Zn z3c>!YH;kJ|UZ*s@57?#aZV#$>s&hTM+9!BGe_gwLw7kf@{%p8%c&!BLQD)|J;Eac- zlnFjbw~nbVc+D?Vpa0{%B8*T*gM{;h;Divk)!6Ynx?K4zM_1&7G8aRYW62>&mz`5 z!M}`mAjU8I)UB*JQxaU$janIhnLbnmPGxzAAH4G@U-;l%=A7BO)s1|%meVH=$8@HS zmzT;3<9|xJIJv$JlHZLvHm+Hj-{3iW5Du5GzB=@3L)-nl@B0?Y&P+uG8*e3`4$lP$sS#lHnfq zj&iy^Ny_U8rZLr(TJ?1_55b0F63?VDyI zWR6NIV|{qV&o3#}O;dkeNNJ}Dd*iR4x+@c(w`2<)zN=#?ZTO;@bpp zMN1`)LB8^Yr{)K%BV+@sqp#A$w-yri9vXLfufDB8X23jZa+=3BIxT5}`OK8nt_~^8 zTpjv7$+&~ob-1#YRIF=VB~*eHEpdJpnI>)>ADUrggPlbOI|A3%mr))diL(X7DYKyQJx4h^i*dMT*&V zq4VzLJu?*dVJnFDh#i__tzyV<`TDKTvSR-&gmj?1(*+MlaJL+#l6&-CSkGM z4maZ#_ejZq^?CbsVW&-u*V(93!|maYZ$?g!?!yOXRcKZ=QjB5#a>7!&$4_Q^;yXzn zGrF_Dqk5=Tv_3)z;!JvCx*j59d24@Sfz9#l(70JUmFi79y{MR!`8983ZZWmZJboLf zCe^DsA#L@vwNyQcgMOS_QO?D#8VZM-$h}zDO!e}(B?s@Y`0D(_V**-f_(7J-OhUzR zrObSF7cc5;EHx*K%7AY^!_^JYE(Is(Wvv~b;ds_1e{JgJ@}j>^HyGXz zBX@C$V}dHLy(F}b&GH&>>aWY(V`+Jq1bLFLeuREaGx8z&i}!lm z*dFPT%P|t*It+iUuC3NPmK-gjR>bK%z12*GAYr(#x@U+FuP%2pNb8}}N@}{Kn7=H2 z)Fapa3)#7DpqCj$Rku`X->3kQ*M*u?MS!p*wf+4r^N-$dEZL6FF+*=R2aRTGf1TLzP*yj>A@E0h)fi=pIH&WSsISQ{YsDhj}(C%GfC(r zWs!AAS!YoV(~hlT{}7%=8QZWzNo5hJh@yljBocM_&lJK_jF9lEwHv}c+;-%VBDN>e zHfrk9iBhIc6vGA~Wj4%GZO1OAQ+|Rt#}r*|}fYKBAEd%kjVWrWQ8 z;An2~NNrcftICxH`FOKvqzED2{W+lFT|d5C9|~mg;_}PZQB&*4l;q{o>Vwkf_ZPhnmNhywCg#P-flh#IwNf#PYP*gxCT|7+O zbr^3lQV^ObI=gGY=}ZeRl#Gpe@MWzD%twuV>oA_m2Mmp zLzaVKp%2<3lq!*PA~((UzEPq@8zCW`-!yTyK&7iJap%aP^R~KV`m>4sB`z~puMAQ@ zPv1c37JS}vioJ_JK~&U^G!UVZYTJdT<+!AoY2#8*twt79BR4{QflVr^s|=cb(-NPb z`KJ3>(D^Zp-M8C(lAKI&$Y*`bs)>6K8@p*kFU_u)IKS~MwQT$el5R6M{L|93(b-H+ z*?FR^_Skc*=-%Uvr+ z#%f8N3sN-hK`dk}U(nvRis!iQgQLl?+l2XfBkM>VAb|(_`X(9&F$9hy3yX^;*2*Q7 zTxRb)_C^kEn#AnRjmWWnDa180H`?5C9QEG85WFy)6W-XMcC5w-ge*Oy9p2Iw#Ugla z%n9TfZ14KB8{~#oX=8(A5w+%{$>UuWqG~qP-qSTNvcvad`#ZCIZ0#TwIoR~w#40Hc zIdS7en3{Ycw@2iVYwCDT-bnZ==IxmG{);ssh_~S1;V)wCt9rQ=qGDO{?85^&bIt5c zd5?O{)B%DGRgKtG_s2$Plh9FtgHE5Hv-!2Yud+}#)j&U!%$W^MqYJ7eTqFT~pDbBh z$c+IHYo_g`HMDIPOOXd-_-}J-S)KVM=|%Oozw6(o`}Zt1kRdf zq$TfG7e!e)xqIItM|VAb2*>n*DSfvNvetzx4Ba8&ts6m|!BzHJ7KnMv=yDS~te05G zOZI{3dGjOr+zAJ<)XB2TF@-e%(MsCn+p_YHY}nNG*UtO%{8aGl^MfHHbTfY6kt3HN zZ=IIt!e^o0vFO|`Y@i2|STV#(td&Pk;+*ymC^tgZYs-pAr^U>21xYEF=ttoty{hW* z6vhbblY^jzci+v{yN^(|G5e_TavS4K{ipl-8#VOcZlW1=&ps9(_E|IT7QK62dZaD~ zIfivCL;Q*q>?@i@fBt2wh@>On_=UHyP7^%g(alw*D)-gXC;YklKIp(i3XvZ!SiBZ9 z{Bp8216lL1PJZL>Bo}scE5!8kx-+By&v3tpkb4DHA6U}MrfD1){TV=dYnP5+!jG!A zsVoj-UgY?uInxcEDBmbs5>4Pc!kUgYltm{8C}!Rm7?aMu5A5g>S`OhuZ{N}t$qyhr z((HG{t;Wt5lEk5!p+u&1dGX?tLKK0xmBU2*`Ue*+0Z}7AJXAW)MCvjZXS!K2*gIQ5 z#320Vx|m4)f1!`opyYv?YNlZ&+X}47SF?A8r~k-Xnz@zN2|FQly+IM8{);o(0=V$f?lTPH0g#T@L*II=J|fZ0>~Jy}zhD zj2ws^dkY&K=f}`w`HYdL-xu0u@Z*=w8@iMOX}m?xI26gI<(NPYk;|_Ymvz z)QYIVT=9%f($J2eziuw6J4-p?czQP-0F~FTTce%PbS;UA)L~bD{9CD80@*6tdntG|XkbbBUb+^>cV*bBMemMC zx>g(bVfsGa1?2>!H3FFB2U!TM81Kd)By;Z4{oK!Q(8To;svwV&_E?s}?F6yWrwD|z z#CpZ~W1|;9kW_sfwD06<^`cHkJwa0BP#c?5APH zA|j_oPL6Dw4Vd}6Mmltn(#K_Z06!BC;ypaNvCw$il0Q77;`avq9AXB4orO>Kkx8l!!~7rC^*SvhEECG%tAmz1ez2QcB9KqJqowzO3b4E-n?*3QOJ% z5l;1m?v$jeT`Nd$#c192a9t`w29RoH49N6jhc-`1PWIisuD8m07p7Yd4p4~nb358m zI38NKsl7%>^XL)fR~W0)CW=`bdB*GKC^{LvC#BA;nKw571hBt!ID97q@w5T?&{9%U zxigUgrh%eNadv$30xQS+>j)r!k7)})i0PGf3B(04H_u>ZW@PgebI(<}U_?->Xb^QOzzKtm&jv+L=-$(_#r>T0p^b-&`G zqOE+kijUA^~*=&mjZ$G_IXM(67Yqm-`ZA9eY$`6icvKCSnU7xW54k4;3&7dN1e0M(!VECIP>LZZ`lF zuZzKrw^3XHZa=?MXZX9crdXk6W1~^qlSwFuhx$U&ihk*L9KxR6Mg7zPP+OPYBsslc zp>uWM!+bgO(sv0BmbN1*nu)aQGbPKNb}^IbMf`1GYl#J>b3?XMSTnm??5OUQHZV;@ zOVX{l>hEzHz`Mb0?f|o_o?OsgT?Kd_M+#7_NcBy21 zTEf0Ve-2+BPfB)PRS31*@QCSa>hnU$*02@{Z=VTn6`?~VR&C|cic_+OIv_iWeC~_s z1mTeMP+25U|L4pP+NiF)?rXAZK(pk7uRRH19T~wV*NIyyFesaW^!~JEi&HuTW)v0Q zfy?h-v@cq&sLv;(v=p@~oo22QmvP)}x8x2M_{1yZ?{DPj_-f;TnE0lja9C4Jbs}Ne z!ev);53ZUCSsnTKF~kLf&?xq<%sv9Q2%f9vsxfyix2jA{A3w~$(L7A4W?pLbSQ-1^ zdVW4f_~5qDjU&Hc^Zd_(z6r25zW3EzJb-{AANIWobqf=gg-LwrOaz3=`8$`5#*2NG zvpn6FsiLo=4_h=Zn)tIQmVGxWhEKdNSQ|v0d?)N@Pl=HF{axiM9>IbcP91fls<#cB zGUSh=8_fD?)9j?e^=m9IzwgG<4&CxNH#}d$@vRZq(6+&ey?t!@%a`3_tXjZ#%M<5| z%vo3yH;-t{?)Ch3n7mQ_oF27CEE@Zq}5Ao03Vq6^(hW$<+<;X5oNhZbMEM%kBDs}XGI z4DaK(UKVOq&wx~odXG!wCphCa;o)P*DaXjG3q7TBRyz)Nui&MJG<4^tDLc|T`Ol)bdO(EkD zY4Dic!0aR=okU;A&@)4#VY%SkF`K%-_E;yQ+x*GMCVrq)2NbTqU*?=%!w3RR@SZ&ZKabv-=Ir3T)~s?HWSk`{TAU@7@-MX4}UZ&rM4AnP(^O`c4F9SJ?%J z5M$1(ZD+jnPr`JEQ-Z-pL;Api8*%AJoEix9HkU=lkG{_B>C^9m;7sDh3IqcAKTM~V z_NiR4{^E{2a;mi!NFg3Y)HpBIYbk&$3g8QIJ7+DzVh)NGhFP51Wd-o~;ccUzYs(p{ z6C&8TuJgUOj=CD%^82cy`O{-@xCWYUIGvNFY5})FVSt)!SO3p!2LAmtqXw)QJvWQ_ zC4XlW&e0fFIf7dUsypL}=Ilt#6-IgoF{`n7T_yw{%8OzR z#I$MieO#GL_c6HaA9yRp=Qm()`KLr=UTnrOF`7wa$KOY4>G4J0tZMv-h0EGT3#Vc0 z8gG3A8zeT8Hwb^0GwB>zR=J1P=T20RzwzhauH>9hVVS8nX<_+a-Mx2IQ`^@rtjB{W z3LX{k00Jr<3@93qE+8Nvoe&5FM0!GpfOM6E1*G@h2}ua3kkCQp&C>AQG*!)FuP*2?atZ;f&JV`g0z*}RK~_{EYZi;nDa0ZP+?ecJc; zgz46*^P9r`zc|J7%xCrPe+wL}JZ5y|5=KNQqjxqEw11zz4KW)uAVbMg~Uj8&34c6CjiOp zoCzErQu+OuKcV*ft3i}shRd`f882bC^(`r$LCgnE*KSdBE z?%iu@ZdL_aZW$TpEt&mL+JCmRv3^&)KSbqF_E=&58vjGX?B5x#&vgHtV0<6*?|j#c zo`0tsYcKpeY4(3=2Ywt&fyb?1u@s_+{(7jO7C?Oi@2aBO3$dFpEV%N*Vh)dzC`1<= z4qJ2RF@#QE*GVGHe-EM9Qn6 zp_2@?z5tN^?${*Evt2V=zZ+`&Cx$+C5nH_z#su&?zmEW+M^UuE_i7$Sa+CA<0%oNd zlB9bI+}ym5=wC@2tmB0`dWzMgjfZ1@UT}Y2XNpU*j+T}g6%RNiSum?&`}gk$U24jc zAi_;7S2p$*f|5!-(!45`EwCZWz4eDmY@P_S?41d@*G{3cZWPASR)PGynWj#IH3 z)Z`H~0xCX_p+ReyvG%hozgSClb`(idRI$Q$#F_VxBl@p>fzqjxn%o@f_S{K&277f}{aq5VBA_q7&h znScOtmDGD4+j$#KBnEu{y4HCezjYpV!_tRtvT4GtA&QJkv8%Y%eGfkgiAQ@v;?TYt zI0T)g!MEx7r7OKA5__b6efc!viF&12z*gan6wW^5YD%PzGD{)uj+{s8K&|QcIwW4(tSOW#SiUEmE&LM`GVDoGV<08S%(2)lgQdx0!Zf-D=T#s2r` zFP(F`ujBgOkE07P^S_I00yqsy1OS zQfYFuLt`K7rfXqpSo>Pdica;up+zE3Gc)?1fZI&0>_lgyI_l88C#U&hu>IwXG=lKl z#}%8Y0pDjyWVH))BuCS=YLU4?l-2{gcJJgQdRDCV*xSLXswv|kqsvEZnXlPTdW(IV z0nhsW1|c85f4pN8Y6$x1S3z3&?(G4u+VFY6r^~RsZ4kS1@M*1DZu0%|3(bZ`MBTze zC0{X(X2n-H8&IGoC6vrk%8QsyUWXbHm_bvuwwWGRsKr*u2=@wSscc&kUg4&pVFp0606bczJN+UbT^|VF1LA*v$ z4sf*&O%lP?IOc{Y4f2cMyx+iK6?X_obA5~@cc;9gR!{<3`fyEmnIjOK|0KsinFQ7E zGRnPY5an6N;9UjvA$vsX-W1S{#ky7(o(VJ&l4|vzc(K%FX3VwTLR#rw_DlbH6n>p~ zYIE^~wyOz2JxqL?JY{PDE{<^p5-L=!i;LgN;;A#=HcQ|2<^UmxKON_0anKNQ2;Xh04dEWJ zl3>lwmD|r3nWS$|{|9%SDR(cGao)&{e!vt8~lnCvfsC zxpJfwfD`!L*=qKS8V=sUZS4Cvi&Oh^Kq~ZDJ#^gLC@h#RV)hLwIJk67;X*s2KR-?Q zfC!Tkp6PBg)FQFoTl`q0BN>NdP6me`7LF>MmC)BMCTdLiKCRATuvuEO%lW8A%R~^? z@fv=~wqX}BfPOy+-qdbMELPKLIFP8;5ZcO{k`{5PzF|R+=;uF>ZE3yOWdbWo-_i;ycg8Qud?qE%(`o3a|hN{lC?8nks{ z-+H9VRcIy0y+W?KXn`?MBh4sX|FHt_S#l3hvbbFGA+Lx?;wGr~f=*)&9g~$>WyU0} zCqn7zUz-qn?xO`DisHKELT(11V|>4u^+=d0CeBp>I5?5Lo=B@Lr%XvEo@Si@4#Og< ziveU6!<#D0S6Ti+@E%Y_6H09)KCHiYdf`(8M~iomCndg$RVlu{ zkkTYo0X`z~@H04AYVzh714tjePu;o=KS_yJ`Bb9?04xG?D?P^5dE8#!-po&1fg03; zK!~+~^y$;}#f~w-ALRJXMMjTb9afC9^I(Cq7@pCX9Zoc-Eeog`hdz zvfgnDwzcRAIz-_-IIFMq`3%lK->aHVDz~-TsbuW$H-?5Ue@TMiN<_Vj!i+|GKB#EP zXg5j-rMRuTlXpgtgeTK5hhZnZRD;kduaVF3;tZ10kK>F7{qd&p8Ns9^tbtdv;fNM# zMQmYvlOJSsh%;~s@57W-_Ef>o?UYNksms?R{o?5(~6(D$s4zqFmXuoz6M~dTml9VU^i>c9((tI1LAtrQ36=Qs2zf^E&SxM0`(ylnw5)$!b|RNSes&B_BTmNK2~!0B`S_Uv#5zz@ zuT`80<(xiog(13D&y-#g*)ro7ESG>Bsy0ggEZ6&*7CB`*YB?nmY<3Vv5g*B~V>1yM z67&2v610Dl6lO%ymJolJaN4}txQ`vj`vD&Q)JhR>+rk!r2? zZ2p~ZBU2&b#-(|2PJ#%}GUbw$!uN7`y`>sb(qQU?@AS9tGYCR2(WIJQr*pI>H%zyp z)S{l;C|Qa~mULga>GoXY2~gFJK8Nf5V052v>CWv0OHr$#6jye+OL?6u_(4-Dn6s&+@kKOf?!bt1eqM5C!>l&l+V`N4 zL(HKoXS@Tm<>rKJZ*E|fJV1snC#*9h{I%0)Ti2N0*cEg}dUM^dn!HP^!Lpa+?`Ivv@f26Ov99jzRL(QxW#F*qny=g;n|gT5 zJd(Hi4-vnk>X$YBM(17@X>az<5BJ#o{Rdb=6jGg@9LLn<}d(PHD+F9vh@k_hMi%hK5hlA_=d!$;b zT@MxVOa4xr2!IUGNv5*SjXOU7pj?a1oh@7*Eq)rhd7grPRas%zE{=9f>9VxUnNXRj z2%Cdfv6qMPDb%>FQ4p?47cVAT8$>ZWm7>1^^9 z>S&Z+-;3&yD~wkH9>xu&ydk^ZG+@g<_eVrpNLOhH1E%AgCsM25#Gy+6<6^or2v;6u zq7miVXIogfkf%53CK^6*IczaTLBARyi?lOvi5+0fzj)3Q@ql8X88!Ws`hw|fM%y^O z(XZFtTu4zKt-AHf-C!g-xEDq0(9yD#?a%tLYas$3p)^%M3 z2h_-vhAaAHUBEaVd4iqmFDLnbok1s74_kgnF>p1NFPM(eG{UtG-3e#x!M(%^sSarx z@r+zsl8(*EQSVIR*eIwW*#wXIX6gR3A5Acp<5pe_~S#^q>i3*iQzDw)JIjkCh zS$4x-dgD9i%-v9Jf*PC$nH<~WV2wYCuienK5^Ftl~O=Cq~qB5kXCpJ z-^p22<|xzQ&J0Rf%jDRhfJq6a@bos*%zH?Bf_F~(X`)tdO1!nL79x$$n(WYdj z<)}v6Fc!1x+U#L;%()VMaG`IYP)FoZD`E3Lh@i7gOk_s4#;5Bb%Rwncx6RS~P^DI8 zd?$uhYH>VIuf$<76_evQ_9m%Qe8s}$PP+CA1b#O&z0x3jSB|9Gbng$&Je}x4feDf) zwV{F!?2Y3#BDgf@*MsMZw)Vi|v=~^dO%~{vt1-WbAVtF#`2gMccpduKB?f`1qoadB~zi)|n<7y_8wABL8Vl7UvSnN$EOQWFcA z-aOKBnQmbM0=LITpga&mJ`P?Didr499t+vC&)Ocn|0)vrt@PNt|26(QqW5QT<%!|b zi*)oze$~vCY`&ZiY{}izNwMNHg)qiB{e;Ypf|NnNt<~_^O-wJXD zarS;~pl=6tMG%V+iG(@CPp=cWh4W&I{ucpN$t$_4M@blmP3f@Qw63%#bP^=c-h5~w z6li5_J{S#?{=sng{!F<_1Lq`{(ItG6FgEr6e2uM-!ro;E9H3hd|6Q|kt^VKOGZ6W2 zAFfhhBDxh@OH<+&pQ*BszR_P2she7fd5=@eIIX!YuaoR4=)YyHm0O%= zKZ<$h529`ybq&>1OwiNm3ek#%k?3eu-fn`1<^TiV16%nL_kbxX8F#R}@xtJFT$&W)Ivs;wx6bRT0kO>pn)B5S(`-AlJ~R1dZOYVm8v zdB5AKMy$5!v#+sd2^^h^EseGuS&S(r)Nm4f;XINDcIy{>wh*pYkvS!XTO4J(%-4#IFS&MouRa|4sS3=xTI*3!tCkQ3Zz&ti z6_QYUcU3Znn;hwbQk7`$Xs!qd-%NOEJJs!}3C$_9H#qNt3>4Lr9VE zd{ZbQf{qc&k%%$xP~|%PaxUn$;uL&@yEW1lbg)*-dN4Wq0{%Uc@_l2r*#v#$ZB9BQ zb7q#IeQ;W>0w1=6@|!VMyOw^+B?(D6ImHI-A^w^d!a{0XzS>rFK7S#_B%_y|Ws_%C z=zR)x#!thkb|*}8c>$yPKHy;YpWVK1H)S|X6JtorY}dZI;Qckyf1#VC<)S`g#YW=| z!$BS5_X0B)CX5nNXEc>H02|#(h5&7?Nx(T6czXF>Cqf$Z37@ zArrkTWC7JK7tpo@jH`j6vpblaWA5WtA}zL8yF2yC$or_W1G3UOFzDPQxIO|RQzPRl z_DR~IFxTC<7B$KEn_gnQbtA?t-d)_?tNhD$-wJOiSJ+Ye%weqTxXB7*_@UElNt58- zcc4cmzakX?%>f6v9gsof-y54=oa&)n`Mf~hLGH$@I3_oO_X8i)09z)_YWd**Ap2$% z)+C@B_ZqXCGx>nt+cR$0FdW%ln?-OTGlmx4c@&uTC!U3C*fL7V#hB~v?$IF*ATpHy z^8kRYS(oVnA1j#<{_R9W>2}~A-7*YNl@c}W!@7EU$Gon}ku(C(iJ1vj3pn=yd|JE< zrOQ$q+I_-1MB^&=@(LO`!?^?Fn{h+3TP?9dqJN$@N(MMODJdyaU%y5WtXd9#oQFY~ zOQGL&>9b1{Q_T-F(y2hX{(BhL=@yI|ns&{8i`?c!aA?%b&CMOT`v(x(0<=@X4;Iex zPrH*-s;T!}bfY%bKbw_!lPVSmErDWy?)%%EO0XY{79N%#x`r{D_xTp$el5C~r{K^`?t;Fu;zDkPP7};{Oyb0Bm@@%jS zN-003^Ih^jz6Ll!Yo50aE{-Y9Z{h0U4^NtCX!nS(6Q+G#uKaeQ3{oE0mS`5B()8Up z_^5F!>+%V;cL@mz3Y7*h*dWRbotrBF27>{R2@fM>GS}T6XVj^?iSA#?!}ir%%8A_8YLJ<$>*OpgVIVfCV(f zZoZ*6moJM**h!vkFR?7~t>kf4tkqn;Cc9T7Q8t_B?*}bjMPaK^H67Y~S8LjKCTd zY12TY^64u@7(HE1oM6NO?cwbPfr4~>6q%@;kIH?rOB>YEVuGWhyG!i%LM->+)B}rt z|F&q$0C%&sdVsCQmzO)^unI1D=0r%gj*rZtEz-*-c|eRuR!vUWu!#LEb924oAwcRZ zc6)|p;Tf7=4o$x%7${VeYN)|F^If2+-4F@VZ(15Clqnt~dqVf-jzQ|S;na8fld_uH zXz|neu@Xaim8|G@@7JfLznU$~N0*Bjm}keg?C(1V4f7an3X?tMiu#@xN4Y^fcSif< zud{cjhs5~rHwGn_@ZDBA9qx@7JJ1QbTP3zZ_K;M*=oXhJH>L(A7wE|hsMW!;PCUEX zo+?$uGUkik-mZ(vIqkn?3&=IW0{W=;E^+MW9+W5q-MIhCqux;9`=0Zh19mJUA!lwX zF9_x}tiH^N6Pzy)YfCDOjjh0r<)82})##d0GT*h&+gMn~Lo}k6=XCwH>%}08`}xY! zdWuZ#je-au8TjEhy@yo8APx8p;~`n^>h$=x=uLr%SGW8;P#Mao)t0&LtOMHIS=#f^ zxua6g*>P~%4rim>Kniz*1YS9d8w1k0k*eLJsSZ-oph=|zsj1@r{-&ocFp_V66EYuj z8l0)Cj>Lc@V@fvvzI6S%Qo{AFk~f%pMgalbH{M*k>*Bg_P*Lb6;gz;m-m#@AtXa73 z62PgLcZv8rlF~(8ySnuP;jt%2nrFlWU3N3>BL?uVMCB|}2U{x#F1s4KKkS_GUTZ}< z>~+^Ds$quU^yglt@W2jr@Fo|tu_EE*h(S%YJ*T(++v8Ef)-yrG)kW|Y?i^x5?$H54 zN@#kD;Q%>}R=e{S!YSf2Uz$yK!2Re7+eS~5e|Rg;9i7PJI>xy1{EFIjzEda40)%-? z4VtjQojV#>eHDjYdTk$ZRht_n64L_oEM58>#Hfvg!I~bG_`D)=yBmnyeMdvb_(n|U zlZ4YHMQN4UA6)gQzSS7+`B?`k#uc(k^dPxeW_CdPbebLdw3PUwVU~Vz1*IudS#L+e4|{Msac#XgUQ~1bRsMPKlChSiXHC_+63g5s zh=#OK^Ctt>d!0_}@=FmZxRlXt^N4xxVow1G?M%xXdMcF3WuOFfj6%ya{}AzEtb!%swU&9j8ScdZGXyCh_}kI%6D|loAQ@` zKbtzWZck-%uvoVe93Q61O=IZxaS19kP$pJJ`A6#yhp9_tr_i(Pq`Iv%5i4NQc0Fx@ zDzP(t+M9e^3kjK#rt1~2O1oQX5Q|Ki0e;)>{lB@!zp`Nme_MxWWaliY@6P)sX_}_s zo5z^Tc%>8>8q#C49>Jxf^Rd))eh&Z#S?naJ^Qr3gjAyfMtI4s1#yYaP$t; zFc(m({zJBW9x-3_Y^C;^jR-VtQh@%BEw{UFjvq2tCvvd{$UE+ z5033K->r>Kp!HF0eBC67{Q1x9Z`I9F+!mn=-cxAB!L3D*@H>2AQW_>$)>U5I>0?Q} z3OzJ6Trwvlm(g}KN}UVrB9(n0_rNy51O*OgS!O=PKK0lKVt3S9wd~%YvY4-mV^|mv z(LPw<6IwI;U}+2=rPu{aJ|!j))S{}TrQxX6?TfjG?bF|-0Pr^n$4h1S(g8(q&{3TA zRGLHEtEK_tfeDITm9(>K?Fs+mToW?x;3j&+tavco`Q4D4GB zjWm)Bp!;#o^?kl-8k`l>UEivlCUzgxZN;drn0I@$?CP!OWTUqP+*bikhNlusl&CN} z`7r(JhAqnC5SF?ntn)4IPxzzitn?0c@{Gvmk~;!hYbvl3y+HM3!edmYMb0<%7%vVvH#m{%TeD}p$l3$2Zv5@MA_>Oa@ddAJn zlXf)A9$hHMI2xOgQG@Y5yP4i=ZsFZ|xpx?oqOL>Sqs{i9J!pT5aj{}(JFCRsszQB1 zcDpk|UFpM9BRPTINo#pUbGT=HcLdNIis z^FS1+J|tX92jK>A?HRrO4~l#@5=!?m%o;XW`lG%IIsZ*K|ok!52`-fu+Fq<{B8v{`L|{si|`t!xCr^D$yh z5`ucs%>R@Ed@NrA^jglyX?N-x9=KQmt4uZZ86{53w({hP-B?!OTC3;vCGoWT8?1NQO1u)hA=Wnq2*gB|oQFY3fF)84r&!iE*! zEutT{E)zO__+R7kf5{&({4W^;2LGm_JtO~{eD;6PWsRf9Jro{;YUJW`*=I$WPy*_+ zMN@MK<**cX`zh0AWq(Hx#H?MBSei$i@Gl+-$C+czG5l#}`;i}WVqyQ(QgS<-)TCqY z8ulc*n29<1`brDY8*fg7Dy%pD)!HqFM>dGE|CjTRc|b{0)_rq+QCR-j$@u z$~#8ho~7k6g1@jL#s`bA6ZaFPJap(xxRz!0){roA#0wuadTbm7Qc9GNT_;LOz_C)c zwx?(bE`(Th8i4~CaYDq}PVrHN!9E}QOaHrs^I*KSr`gIt;w1v?9J4TVJB=$?ql#A# z>?G5PP2Q(vhzdBRmsorFJbV!Ov4NLv^e!APGy~0ry8(p`%*&qWJz5~lWmxYyYCqoc zjJZ^%+)C>c?*;!ki$lYHAP0uu&6CYlt$gxSUyKsibJNJudzH`Lp(it_xL3|bJDF}^ z@K3AWDfYg*B9iLyLIcPrS8Rf0t@z@j+Mx@&CCIp1n5?)an_l&loOKwph*1IN`N-6! zUjB=U68$kP2L9Y0QxTnUw??~9qn|4cLV3l@%M+&bZw<-ZGoG~Jh}}w<-t{=RL?d?h zVHj_s$%v(>L>x?MC(2X6a?L)7FaEIS=fk$pdH~2|i;1eD<``DDxG^WlXN6MHwQ*2> zv!2)HiVvkjOL9KDF&BOjO6^^>A9=kcO1L2i5Agr2<0OX=%65p0qI+~PIR(GcVTB1r z!xMWs_L{HJCk3dE%sBOJq@{^YrO#hGI$0#-Y!uP3B7tKB8(@|e+oUnyL=;fX7KqHc z(YiR~-n-9=B%6+fB`)^6cr)bA%+Y42e787?KUB>z?&{`V}( zVOhdfOg>d<@qvdau^66L#ldGKR{Tc0Tpb}PqpUpzw`6~JAUN}PclW2-C`6N zX24UV;anI0LRW`78Y%%pxh`52Eo3qzl#i2tC+R1|W=I3Lx&eQh0@b{=0(PTwTR+Mq z^eQ3D_*QmmbBnS;(AFIxiTbOANHZqm#DMm$tv)rk(XJ=GhfUc4Wgh{5KLzFSms0DX zKLb(2tyM(i9noQ$jH(`kBJ@~GkXY~b$^@h54b34wv6@QoPt1*f>*iPm5pjp=l^gF}V#mw5r6xL!Lf9Ou>fz8~3%{o!hk9eaW^{sSzL6JW-ruL|jvkF=sRZ(3;WsA4n z{V0ZY^$M@qdGg*G1j7e#YC)GN@^q%9@auK^mL(>UTTK}=@@9zH233UVgjUMQeU5I~ zr&>`{(-4*QSyCi4Rg$^zOg-k{HBf)dPL;E{K^dV9f$ct_ly6(k=T3|NrmgPc@veO5 zu}4^;;%8FVc^bN6Txl?y3PHT$;n&1R zJf>=~9P2T&4gpfCozIo@?kIpsWUVq=*MXSG zFMsCG`!5&&~#rfN9w6^9oo7 zP}WDa9)j0l!JBa5)Q2S|aGIU+0VW@5USY*o%S+&oeT7rY=IXbc>{flR-^T|S=LXyq z7%zMv4lQSqvTYw7_AzAk-jB&R#Yq(I_70g`nBj%rL%S&%4>CuT-Ov`HIl^uR9BDTC z2Y0_;F|bur5s#e

ikn^%9nfS~Q&ZTdlw1c~$($-)9^~DyXvh`iF+xa~t0RAgNex zyVewzLDwCzQ^lIdfmhchb9NWj)spv_i7&(MFrjXk=v9`Gzs>{lS5p@(=VItndb4xm zIY~datbEC&$M@SF-N*;6+kBe*)@Ee}2Yv~I5RrRL8OoQ%1P{M9de`(8C%xk~(P`A= zM{E|0HeCykJDGIL=S}ac6@#AlmxJZ1jE&=~iw^yFVlmxSe!<~V1z#PNG2S9U98#Iv zWtW4^dT<|UCr^7x-+AO_@R!iSx3l$}L+DhbZ0}#SJtD(-eeG~3UzEaX>u>t#>03ee z!}x^Dub9@JQ1~q-PiUACZ##w64OUL8lUPR7WiO0PU-*4H@Y>SNBUjg)>$n^dhS7Us zR>>uYWzz^j>r~jr^iQbqJxCTHLuOxWPh87MvNO#;wQ2Ax=ZIWALekyyV&YP&7uSO`;2!2{fEfbD3n76N|F7=pd1iEJlDY6EJvW6Kbe8?aH%U3r|g_YwIQd5-b3%kT4pC=8L;aORT zc8ydm$7O7O<6rNCM=R8d51qn8JwM*gqM4lNzp%fn=w%}W|iLd%9s z1)j1sH_OHK!=K#``fJyASjb6m$^Lm?Nm1bybPcvuO0Fv-T==2U8&O;o>*fN^>kLh;pr>w_@!EZ=izlxxry7tKuJD80W~Wc5(hT*t@9wF1 zAJPP<#|8cN!7b;xd6XLsCM$5mu`E|eupktjS|v0jC?>I&=l1GC-aLqwuez@b$lkF* zkP>gE)+BK$DoM#u6RIW4)N~?QDu8S%z<0Hw zc#X}M{_Z1QE_1`7zYJEn0FI0v;2z_XS@AmwHY3MmEH6lWK>s!g)Zi6zlHg(Qe92SH zM7eD|WK&`=(x72^c-`{sj%BS>k!xVJT;dTp_>i@=)EQ3GXM`)tJ53-H zG%R|Y+D`LWPP3cUm?ZPv)M@&-1@`uYR$tcndc#xYU@zz-j4@y`qVcOHqHu+2qcprk zxab>*j?Cxw7W*V#t?4XdL|UZz{3Y!N9$_1O+RX#kJ>zY>)?syYti{y{@ZbRnx}$My zR=eb}GlZfR$N%FDEd)~MVbM?5Uzj2d$7S_Fs=Ne_YS_hPDDu8k1C- zW;k4~~rceLrlMevQ4{gbkAm?rO)Y)Zf z_z{pMjw5)}oX$s*oZ0#B#UjN+FAU~qe62yqjpg)O7}!!LYjWTHj813R6YK|cEgHkf zZ&~iFg=?hT(`j#Sr#sVhu#dL|)Y|py*S84mYac6QyM+4vg@qtzXG1ot!9v~x=-rtj z^`2}MHor1dpzd@bM}Qq~T^dUg6&}f+b4ARycR_wo@?E8*T$Q|e?G$@$1vFWV8}mT; z@3|h4u5Mw9=-dYTDdqIh>Yj%_8|^AI3Yx0ASpSqe&@uNNwD$%g`vMnnBw?}1+wZd3 z)3g{N0a0i{E;DJEV70izW`h(MFuVP*+X8Zofd~aVRF+GdygJzVy_mpty^c7jlxpKp^G9f1RW3cY* zOTky~HdSshf+%pyb~Yy5>bu8&QUy)pqe`>4F{@3}gEAiySSTewSN!AWhPNzSDk>_~ zdz8wZM&(de9-vBu!*JPZUW6MN3qf?}kq(5rCny155>cjSkHG4q1jx`eo?(|oa~?7V zqNFyO{TGfWVeBd$r=$)0qgG;m37JbQ|kA4j^Eu1=%r&ymG3FSh~wuy? zcU>m_-nUSE#ZYZGJVQz*=j&we8NtfUpR=c`?z(8bZ37L>*V}{+z8`1UngrWVE8~*Y<3y`y!aoeJS(MR^i4FywE)2(vsTHOsi zQVYKyPpp#G>!1yVRK6}HOvW3ZFTvptEod>3n#j(s6?Nue330uUiqpBuDzn6wBuTs; znzW!drqXbZO^qXtS!Z^Kf+%#L^PX&wxy|He^6Ex=Yxck;8F-daTX2|+2zXsDTTs`% z)0teJ$w~(EqqIzyJv`G^UE4H+>X+K~S^(3l*A_DNeBo-9iaB@c(`SFUW)(bgw9@WI zc0O=TtYGdK4`niDw(v8QmAp@i zT+jilCPU3GD0eI-lgESz24)(6Qur)7<1y3z-R~#<mPv*)IlEZYF*Rxm#NqTFe!~OLjoyj*ObOC$>?VK#)!AP7mM})B{$ba zgPU~Om%Se38!ZFaF@0z2Dwlpj=eI+b~RXecW zZ4DXeY0tkwO++1j_QI&K(I?*0&YPUaMzP?PaM_k&W`L=N$otaFX$v7+(+#oa{&n-p zPRV?(tV5_Ib^Z)#%x(5v7y4+Aj^3S&alkPWWpvSn`VlI1vp^)!fyY+{nmj;yL)%uG zEQZsIcdUp>$nViV{4K-2WVJ+(t>cn?DeVuN;hFBt%1RLyg2VbB?7Dh*5ZxuFUucjd zQEoSlo@D~wJqu$-JBY2NaYRX3s#rH#bMZ?Wepk}6ytjVzs^OoK?LDJj{)5sK8J-e) z{q#8MlzEJBdRWiQ7l|Z-G&Vu3R2l5;lJk<*T{jyhEGh^&``(9OH9ebDySBSs)mwD9 zN{3j@>t$+Y!+e_ZD;R@;gwAYvH5txqcH9f4q1_cB_$;_(BD5LS17doqmf0|$Ld>7 z>|C{t|LG?T{H40N%C9pQ_}~9~#Q%RWQ1E}*Wt(IiwDh>WbPQWB~R z-y4wV`rPDBHS&R=1Db`Cul&RppV6KHcokotd+f&B(+|YtO{#A3`AVn7?0Nr{I<2pk zbxH3g{HGK>i+We;4%8K*RdIJO0qPS_?zIEe24rPrw=!?o?S~=N_VFLZG^Kp}dir$W z>>=mdT6A<><9Z+DB1aRSD74TK7Z!}=WsrlInoeb=4{k9rN%(3T(UK{{yoqk7^BVgg zl}S$%z5a9Uxup>n-90sv_UxpazWv$*dNs?xZIr&r?)j9xVcK4iz_hpg8;!_N23*Ag zH7~AGPWDyM7~JZ?DgM^e4|Xz~5e`KTK?PRQbib_+Ycu_L1Nc`CIoICxhGc{DJ|2If Ns-*d#P~q{5{|BdR=??$^ literal 0 HcmV?d00001 diff --git a/content/for-administrators/setup-tls-certificates/tls-certs.md b/content/for-administrators/setup-tls-certificates/tls-certs.md new file mode 100644 index 00000000..b49e9396 --- /dev/null +++ b/content/for-administrators/setup-tls-certificates/tls-certs.md @@ -0,0 +1,97 @@ +# Configuring TLS certificates using Infra GitOps + +This document will explain a step by step approach of configuring TLS certificates for different tenants using Infra GitOps. + +1. First step is to navigate to correct path inside your infra gitops repository. For this example we are using following path: +`/tenant-operator-config/templates/` +Here `` correspond to the cluster where you want to deploy this. +1. In this directory we need to create 2 resources [`Template`](https://docs.stakater.com/mto/main/crds-api-reference/template.html) and [`TemplateGroupInstance`](https://docs.stakater.com/mto/main/crds-api-reference/template-group-instance.html). A detailed explanation about why each resource is needed and what are the contents of each resource is given below: + + ## Template + This resource is reponsible for keeping a record (template) or underlying resources (YAML files) that needs to be deployed to tenant namespaces. + Given below is an example of template with underlying resources that is required for setting up TLS certificate: + ```YAML + apiVersion: tenantoperator.stakater.com/v1alpha1 + kind: Template + metadata: + name: certificate-creds + resources: + manifests: + - apiVersion: external-secrets.io/v1beta1 + kind: ExternalSecret + metadata: + name: certificate-creds + spec: + secretStoreRef: + kind: ClusterSecretStore + name: shared-cluster-secret-store + refreshInterval: "1m0s" + target: + name: certificate-creds + creationPolicy: 'Owner' + template: + data: + api-token: "{{ .api-token | b64enc }}" + data: + - secretKey: api-token + remoteRef: + key: certificate-creds + property: api-token + - apiVersion: cert-manager.io/v1 + kind: Issuer + metadata: + name: letsencrypt-cloudflare + spec: + acme: + email: + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt-account-key + solvers: + - dns01: + cloudflare: + apiTokenSecretRef: + name: certificate-creds + key: api-token + - apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + name: tls-certificate + spec: + secretName: tls-secret + dnsNames: + - example.com + issuerRef: + name: letsencrypt-cloudflare + kind: Issuer + ``` + There are 3 resources `ExternalSecret`, `Issuer` and `Certificate` that are getting deployed from this template. Brief explanation about why we need these resources are needed is given below: + + `ExternalSecret`: This is needed to pull `api-token` key from secret provider which in this case is vault. This is an API-Token from DNS provider (which in present case is Cloudflare). This API-Token will be used by Certificate Authority to validate the authenticity of domains being registered. This secret will be referenced when creating issuer. + + `Issuer`: This is a cert-manager related resource and is responsible for setting up initial configuration against which TLS certificate will get generated. This issuer uses [`LetsEncrypt`](https://letsencrypt.org/) as certificate authority by setting one of its server's URL as value for `.spec.acme.server`. There is also a need for setting a value for `.spec.acme.email` which contains a valid email. This email will be a point of reference for `LetsEncrypt` to share any updates about certificate's lifecycle. This resource make a reference to secret in `.spec.acme.solvers.dns01.cloudflare.apiTokenSecretRef` that we created using `ExternalSecret`. In present case we are setting up for cloudflare so there is a reference to that in Issuer resource. + + `Certificate`: This is the actual resource that will create TLS certificate for a particular domain referenced in `.spec.dnsNames`. This resource makes a reference to `Issuer` that is created earlier in `.spec.issuerRef`. + + ## Template Group Instance + This YAML file deploys resources in cluster by making a reference to different templates similar to one that we discussed above. Apart from this we can also specify different namespaces where these resources should be deployed. Given below is an example in this regard: + ```YAML + apiVersion: tenantoperator.stakater.com/v1alpha1 + kind: TemplateGroupInstance + metadata: + name: certificate-creds + spec: + template: certificate-creds + selector: + matchExpressions: + - key: stakater.com/kind + operator: In + values: [ alpha, dev ] + sync: true + ``` + In `.spec.template`, we are specifying the name of the template that we created previously. In `.spec.selector` we need to specify namespaces where these resources needs to be deployed based on labels that are assigned to these namespaces. In present case, this will be deployed to all the namespaces which has `stakater.com/kind` as label key and `alpha` or `dev` as its value. +1. Commit, push and then merge to `main` branch. In few minutes ArgoCD will deploy these resources to relevant namespaces. +1. To verify whether resources are deployed correctly and working fine in cluster, you can go cluster console and select `Administrator` view and click `Home > Search`. Select a particular namespace and then search for `Certificate` in `Resources` dropdown as show below: +![OpenShift Console](images/console.png) +1. Select the certificate that is deployed in this namespace and scroll to bottom to `Condition` section. There you'll see a message that certificate is upto to date as shown below: +![Certificate Details](images/certificate-details.png) From 107cf54dd0bedc017325e6e461b29e133dba2570 Mon Sep 17 00:00:00 2001 From: owais-rehman Date: Thu, 19 Dec 2024 13:34:51 +0500 Subject: [PATCH 02/18] linting issues --- .../setup-tls-certificates/tls-certs.md | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/content/for-administrators/setup-tls-certificates/tls-certs.md b/content/for-administrators/setup-tls-certificates/tls-certs.md index b49e9396..1c4a372e 100644 --- a/content/for-administrators/setup-tls-certificates/tls-certs.md +++ b/content/for-administrators/setup-tls-certificates/tls-certs.md @@ -2,14 +2,16 @@ This document will explain a step by step approach of configuring TLS certificates for different tenants using Infra GitOps. -1. First step is to navigate to correct path inside your infra gitops repository. For this example we are using following path: +1. First step is to navigate to correct path inside your Infra GitOps repository. For this example we are using following path: `/tenant-operator-config/templates/` Here `` correspond to the cluster where you want to deploy this. 1. In this directory we need to create 2 resources [`Template`](https://docs.stakater.com/mto/main/crds-api-reference/template.html) and [`TemplateGroupInstance`](https://docs.stakater.com/mto/main/crds-api-reference/template-group-instance.html). A detailed explanation about why each resource is needed and what are the contents of each resource is given below: - ## Template + ### Template + This resource is reponsible for keeping a record (template) or underlying resources (YAML files) that needs to be deployed to tenant namespaces. Given below is an example of template with underlying resources that is required for setting up TLS certificate: + ```YAML apiVersion: tenantoperator.stakater.com/v1alpha1 kind: Template @@ -65,16 +67,19 @@ Here `` correspond to the cluster where you want to deploy this. name: letsencrypt-cloudflare kind: Issuer ``` + There are 3 resources `ExternalSecret`, `Issuer` and `Certificate` that are getting deployed from this template. Brief explanation about why we need these resources are needed is given below: - `ExternalSecret`: This is needed to pull `api-token` key from secret provider which in this case is vault. This is an API-Token from DNS provider (which in present case is Cloudflare). This API-Token will be used by Certificate Authority to validate the authenticity of domains being registered. This secret will be referenced when creating issuer. + `ExternalSecret`: This is needed to pull `api-token` key from secret provider which in this case is Vault. This is an API-Token from DNS provider (which in present case is Cloudflare). This API-Token will be used by Certificate Authority to validate the authenticity of domains being registered. This secret will be referenced when creating issuer. - `Issuer`: This is a cert-manager related resource and is responsible for setting up initial configuration against which TLS certificate will get generated. This issuer uses [`LetsEncrypt`](https://letsencrypt.org/) as certificate authority by setting one of its server's URL as value for `.spec.acme.server`. There is also a need for setting a value for `.spec.acme.email` which contains a valid email. This email will be a point of reference for `LetsEncrypt` to share any updates about certificate's lifecycle. This resource make a reference to secret in `.spec.acme.solvers.dns01.cloudflare.apiTokenSecretRef` that we created using `ExternalSecret`. In present case we are setting up for cloudflare so there is a reference to that in Issuer resource. + `Issuer`: This is a cert-manager related resource and is responsible for setting up initial configuration against which TLS certificate will get generated. This issuer uses [`LetsEncrypt`](https://letsencrypt.org/) as certificate authority by setting one of its server's URL as value for `.spec.acme.server`. There is also a need for setting a value for `.spec.acme.email` which contains a valid email. This email will be a point of reference for `LetsEncrypt` to share any updates about certificate's lifecycle. This resource make a reference to secret in `.spec.acme.solvers.dns01.cloudflare.apiTokenSecretRef` that we created using `ExternalSecret`. In present case we are setting up for Cloudflare so there is a reference to that in Issuer resource. `Certificate`: This is the actual resource that will create TLS certificate for a particular domain referenced in `.spec.dnsNames`. This resource makes a reference to `Issuer` that is created earlier in `.spec.issuerRef`. - ## Template Group Instance + ### Template Group Instance + This YAML file deploys resources in cluster by making a reference to different templates similar to one that we discussed above. Apart from this we can also specify different namespaces where these resources should be deployed. Given below is an example in this regard: + ```YAML apiVersion: tenantoperator.stakater.com/v1alpha1 kind: TemplateGroupInstance @@ -89,9 +94,10 @@ Here `` correspond to the cluster where you want to deploy this. values: [ alpha, dev ] sync: true ``` + In `.spec.template`, we are specifying the name of the template that we created previously. In `.spec.selector` we need to specify namespaces where these resources needs to be deployed based on labels that are assigned to these namespaces. In present case, this will be deployed to all the namespaces which has `stakater.com/kind` as label key and `alpha` or `dev` as its value. 1. Commit, push and then merge to `main` branch. In few minutes ArgoCD will deploy these resources to relevant namespaces. 1. To verify whether resources are deployed correctly and working fine in cluster, you can go cluster console and select `Administrator` view and click `Home > Search`. Select a particular namespace and then search for `Certificate` in `Resources` dropdown as show below: ![OpenShift Console](images/console.png) -1. Select the certificate that is deployed in this namespace and scroll to bottom to `Condition` section. There you'll see a message that certificate is upto to date as shown below: +1. Select the certificate that is deployed in this namespace and scroll to bottom to `Condition` section. There you'll see a message that certificate is up to date as shown below: ![Certificate Details](images/certificate-details.png) From d3f7b708fbf81eb212dfc47c86224958c4dd1a90 Mon Sep 17 00:00:00 2001 From: owais-rehman Date: Thu, 19 Dec 2024 13:43:10 +0500 Subject: [PATCH 03/18] some more lint resolution --- .../setup-tls-certificates/tls-certs.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/content/for-administrators/setup-tls-certificates/tls-certs.md b/content/for-administrators/setup-tls-certificates/tls-certs.md index 1c4a372e..5314a506 100644 --- a/content/for-administrators/setup-tls-certificates/tls-certs.md +++ b/content/for-administrators/setup-tls-certificates/tls-certs.md @@ -1,13 +1,13 @@ # Configuring TLS certificates using Infra GitOps -This document will explain a step by step approach of configuring TLS certificates for different tenants using Infra GitOps. +This document will explain a step-by-step approach of configuring TLS certificates for different tenants using Infra GitOps. 1. First step is to navigate to correct path inside your Infra GitOps repository. For this example we are using following path: `/tenant-operator-config/templates/` Here `` correspond to the cluster where you want to deploy this. 1. In this directory we need to create 2 resources [`Template`](https://docs.stakater.com/mto/main/crds-api-reference/template.html) and [`TemplateGroupInstance`](https://docs.stakater.com/mto/main/crds-api-reference/template-group-instance.html). A detailed explanation about why each resource is needed and what are the contents of each resource is given below: - ### Template +- ## Template This resource is reponsible for keeping a record (template) or underlying resources (YAML files) that needs to be deployed to tenant namespaces. Given below is an example of template with underlying resources that is required for setting up TLS certificate: @@ -72,11 +72,11 @@ Here `` correspond to the cluster where you want to deploy this. `ExternalSecret`: This is needed to pull `api-token` key from secret provider which in this case is Vault. This is an API-Token from DNS provider (which in present case is Cloudflare). This API-Token will be used by Certificate Authority to validate the authenticity of domains being registered. This secret will be referenced when creating issuer. - `Issuer`: This is a cert-manager related resource and is responsible for setting up initial configuration against which TLS certificate will get generated. This issuer uses [`LetsEncrypt`](https://letsencrypt.org/) as certificate authority by setting one of its server's URL as value for `.spec.acme.server`. There is also a need for setting a value for `.spec.acme.email` which contains a valid email. This email will be a point of reference for `LetsEncrypt` to share any updates about certificate's lifecycle. This resource make a reference to secret in `.spec.acme.solvers.dns01.cloudflare.apiTokenSecretRef` that we created using `ExternalSecret`. In present case we are setting up for Cloudflare so there is a reference to that in Issuer resource. + `Issuer`: This is a cert-manager related resource and is responsible for setting up initial configuration against which TLS certificate will get generated. This issuer uses [`LetsEncrypt`](https://letsencrypt.org/) as certificate authority by setting one of its server's URL as value for `.spec.acme.server`. There is also a need for setting a value for `.spec.acme.email` which contains a valid email. This email will be a point of reference for `LetsEncrypt` to share any updates about certificate's lifecycle. This resource make a reference to secret in `.spec.acme.solvers.dns01.cloudflare.apiTokenSecretRef` that we created using `ExternalSecret`. In present case we are setting up for Cloudflare, so there is a reference to that in Issuer resource. `Certificate`: This is the actual resource that will create TLS certificate for a particular domain referenced in `.spec.dnsNames`. This resource makes a reference to `Issuer` that is created earlier in `.spec.issuerRef`. - ### Template Group Instance +- ## Template Group Instance This YAML file deploys resources in cluster by making a reference to different templates similar to one that we discussed above. Apart from this we can also specify different namespaces where these resources should be deployed. Given below is an example in this regard: @@ -95,9 +95,9 @@ Here `` correspond to the cluster where you want to deploy this. sync: true ``` - In `.spec.template`, we are specifying the name of the template that we created previously. In `.spec.selector` we need to specify namespaces where these resources needs to be deployed based on labels that are assigned to these namespaces. In present case, this will be deployed to all the namespaces which has `stakater.com/kind` as label key and `alpha` or `dev` as its value. + In `.spec.template`, we are specifying the name of the template that we created previously. In `.spec.selector` we need to specify namespaces where these resources would be deployed based on labels that are assigned to these namespaces. In present case, this will be deployed to all the namespaces which has `stakater.com/kind` as label key and `alpha` or `dev` as its value. 1. Commit, push and then merge to `main` branch. In few minutes ArgoCD will deploy these resources to relevant namespaces. 1. To verify whether resources are deployed correctly and working fine in cluster, you can go cluster console and select `Administrator` view and click `Home > Search`. Select a particular namespace and then search for `Certificate` in `Resources` dropdown as show below: ![OpenShift Console](images/console.png) -1. Select the certificate that is deployed in this namespace and scroll to bottom to `Condition` section. There you'll see a message that certificate is up to date as shown below: +1. Select the certificate that is deployed in this namespace and scroll to bottom to `Condition` section. There you'll see a message that certificate is up-to-date as shown below: ![Certificate Details](images/certificate-details.png) From dcffe4b0b50fc7872c6931edd02d0562ac950ac1 Mon Sep 17 00:00:00 2001 From: owais-rehman Date: Thu, 19 Dec 2024 13:45:17 +0500 Subject: [PATCH 04/18] markdown lint resolution --- content/for-administrators/setup-tls-certificates/tls-certs.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/for-administrators/setup-tls-certificates/tls-certs.md b/content/for-administrators/setup-tls-certificates/tls-certs.md index 5314a506..c4428073 100644 --- a/content/for-administrators/setup-tls-certificates/tls-certs.md +++ b/content/for-administrators/setup-tls-certificates/tls-certs.md @@ -96,6 +96,7 @@ Here `` correspond to the cluster where you want to deploy this. ``` In `.spec.template`, we are specifying the name of the template that we created previously. In `.spec.selector` we need to specify namespaces where these resources would be deployed based on labels that are assigned to these namespaces. In present case, this will be deployed to all the namespaces which has `stakater.com/kind` as label key and `alpha` or `dev` as its value. + 1. Commit, push and then merge to `main` branch. In few minutes ArgoCD will deploy these resources to relevant namespaces. 1. To verify whether resources are deployed correctly and working fine in cluster, you can go cluster console and select `Administrator` view and click `Home > Search`. Select a particular namespace and then search for `Certificate` in `Resources` dropdown as show below: ![OpenShift Console](images/console.png) From fd6f67087c2304bc3a8545231e24531357596623 Mon Sep 17 00:00:00 2001 From: owais-rehman Date: Thu, 19 Dec 2024 16:40:11 +0500 Subject: [PATCH 05/18] made some changes --- .../images/certificate-details.png | Bin .../certificate-management/images/console.png | Bin 0 -> 48795 bytes .../certificate-management}/tls-certs.md | 4 ++-- .../setup-tls-certificates/images/console.png | Bin 54945 -> 0 bytes 4 files changed, 2 insertions(+), 2 deletions(-) rename content/for-administrators/{setup-tls-certificates => how-to-guides/certificate-management}/images/certificate-details.png (100%) create mode 100644 content/for-administrators/how-to-guides/certificate-management/images/console.png rename content/for-administrators/{setup-tls-certificates => how-to-guides/certificate-management}/tls-certs.md (98%) delete mode 100644 content/for-administrators/setup-tls-certificates/images/console.png diff --git a/content/for-administrators/setup-tls-certificates/images/certificate-details.png b/content/for-administrators/how-to-guides/certificate-management/images/certificate-details.png similarity index 100% rename from content/for-administrators/setup-tls-certificates/images/certificate-details.png rename to content/for-administrators/how-to-guides/certificate-management/images/certificate-details.png diff --git a/content/for-administrators/how-to-guides/certificate-management/images/console.png b/content/for-administrators/how-to-guides/certificate-management/images/console.png new file mode 100644 index 0000000000000000000000000000000000000000..d1320e4ce91463d887bff1cfce4be51c5ba4f3fa GIT binary patch literal 48795 zcmeFZ2T)U6+cu2HV?%^vp;!P#Q0cveCIU+6y%#A71PCRBE}#cNMT&&pkxpnzhfq`m zq$8n7S9+*YBcc5(mUEu-zTeD0&&>PHd^7K}C1z*uwbxqvUU#|fYpuPXX{g;hLwSjk zf`Z}T$>ZQinOrL z8w);&CqLS%2m9ph*JzW{_^{3^c)L=fzV zfzn6P{_YXECPA?|Lr}|Ogq)lPR8H=yGs+2$aDY)zcqaKqNGUenzS3l_os~}e#QhJ# zizxQ`;x3n3J>Os*Uo{4;?0x$X&i8&gJ;W3pe5z8`uE{ivX{ zXRc*?cJZx?%=nnkXx-7rcLNc6>Q{QuBPut~TZ&Y295*{FfAZ+l`*+|m{5PTOXhw75 z*R?I4=F*zfT~{is*YhLN5n^3b_#5L_Q-;dUbnU*k(8K6Xx=y-8@+j_oaBG?p?NW$6 zmU2-*YFS7$SHZ#LaY*gkK%cfH7*CH78{0E0N4M&R+Gt$@R~tB!^5`Z8lLs8H1L zhHdau{_g$=KIT#%&Y0u%+qcw5oOR2^A`geudl!-1-oH~JkJ1k!Rfmr9cs%@aQ%(e? zzmC5^dF=CkNIm3Ql<{=7u(F4tuUf)v5ROtTtGEW1 zs|af;7JXq=K2>Kqm@Pul8wJz$R@1Tawzm?uW|5Jml=Osv3Xm|g#Z^zFgQF|NQ;Ow# zy%4ZZKFrH<^?MPty%dW9&?7k~6zr-Hj}Q+Zw}L0aU4TWJ@~R}t8V=Etzx%Ta@Jout z7L9g>@bY?ic<^`#@;ISvc=^S}#d-Mzcm)KwK?!bGFGsY6C%2>Pb#fIy>X3)ITA>im zXoQpFRdSscmQHSHDHaxR{_3y(A)QrK|Ek{6^`{hoJa|1VoO$_q_;`^>-haKq6|LY7 zD*4%=|Kk;|I$q8&UM-lblN-tkrr-{9L|^~cDy*&ky589htgU!q4lpDr>Iz!r z|3{N#i~H*evIuMtNaycY0b&26BpLz#TUh_-8~M!l+xgdyfXn}?_aCKy-TU{#pp>dA zMBd5Djodw`yc7$$eTcP_6~Y?weV1R5UzndyOq?4o&M(X@#1DsaTfnU>xUFDyV#O~e zEGEP+Y%TsTRj8v7Kr1aA{gETL@dhxWz@SE%~fP z`GhQlVBf2`Q3MZKSLfC2)G#_ zSPQbAf(pJL2loPzL%}T2PADBGCkH8(zr5~Wr&WPDSzDkj+k&pb^SPHWozMR0|VaUr@H<+j`%;Q0>7{YA52(;pIc0ntO`N`qTH4+ zpjV=N0&p<_ahSEWwctN%cXfiJJuFZ#SsNfnASY400QIY z7vSa>|E~h${dvQ@WS{ZtjwN~jn@l9X7x)(^1FrjV3^*^~3wi%?hCgLSc02zUx1VG2 zf3XEn^?w@qx8(aDas5YJ|CR*)t-}A&uK$SZ-;%(;Rro*J^*<&q%D>Yom?J!@n5Q~_`s%q6 zVv-OA#Z?NZysVDr@Y0x%Nf+_3Wz8n;6JLCYg|V@LS}Oym>mH`GhyMIU;kl_wOToED zzw;tb#6v#u!82QTgdCnv$6ZPMa1B4J)6w^;do>(gh>pI4UaOjLEFKx$60em>CGOS~ z&5q!A_alCE?!Wy1qOO4TA{Ci|_^~~_($+TGY!Y(%*8vI&Wx1YHfBkwh`3IWJJ^a{S ziT$4ZYoCIGi(2;P-@l&!@40N+;$(`NjDP<<3|f4J*R<*i?+ILNw1hs7LP}i$O$#sV z;a_68|M4UwbwE_aqt|-Oq`F`e74c_VBxfvY4*nbOUxiYre@|8yH%_Ey`2DYAl5TO6 zfIIrR{r6!|uYRuYG(WoPQsX+ueEjbLRX>yRaVM(Adq10%Q2f|9xWPrcd#*hnw9P=) z#~+&{Ezp7?uSZN$-nrJTn4#fkr8eChSFb+w0LuGw^CTH$Rq`7LbX8SVwe;fDk|BuB z1mW6FkIpOW6FS9bt|JIWoSgYOsewJ$`HjkML;NzHZs;XA z(GW9KYLhSbgqkSjxH zJ@K{OnBA0%F?}sQFp*EunOVxQ(zI`RC_caT6i^;?UmRGDXWH7JFN~6Dh<;FWp>O)w z;10uN#5$1}%ep*Tt<9-lB!u*Eb&V`7EoDV~{romwdKGawc9V2i<>lp-=e|75VOmo* zIXQWOmNxqO$`9MNP7S>*nlQ#hN0`+DsTH^^dBNyb;F$zgTF4M$LKU|!0_go~l-fb>^ezgKQqEqQ; z3My+`TEC#q*{GPnfP}%e42l<*mbmEY>B}9*Af3`OGBT=3V*F#S`+IvGDa1^7DwJGI3 z-y;jmVjzawIOUU+wR;FghWY$WHJxY+Jh6i91P<5* ztssOs;M--rHmCi~6UnVKH0EWt5r~S9a z>K-;eb(gq02sC)-3z@2>@VxPjM9SVd+_4`hfO?p#sDxx@-m?Vu8b1~rS?(~j9#K(l z*N?q2G3O&U1T?46yul39mkB*DjOdlelzFaM1_lPQ^YExWdi3a$h=T!EgbQ(;lj5q) z)%gchU563MJB6#ZKDW)r>XBI^9+?eJ#)MU4J<`q_*My31MipigFE03q6D}RwFwTFo zF))Nmo;FN6P0tgRnwm-;o4ymtK)JN4Q8PjwD<(6YiTb8B=!oafpSv%8S~Dm*OzZY4 zo1T*clFJIUgu*!{UJgel{Z~E?yaoVi|HcYD}`jfU0?1sW8)E_k--8( zD|hn<7KIB;OhvPuiHpe|@Nk!GS+HhEO z=CX+7`EKSVd`@^~rt{$Nuo1Xz&2T0uCgYx+g3H2oQ6?rPLUw((3JqT0c|yb7rAgGU z^>l&u67V@*rQh$hy8!s!>>)Z}@WS>3abq{x_KUL28~os@=GD$$-d!1+Xp82|A=tOs zpt8}c+rXSMDIu#!&YMcSA%&*63cJA~q<0;xovt%kVsNv@Z=V$Jc$(tjrX;DjaEBJt}kw_j7jvH3(@nK zmPG4XsNw{9uQ1yS+W z@sQQ@4k^ziJS(qtfOdv1tvqMbRc$HB!xDVL@)pMTX7Ki0|%pJkq8;hPzo} zwRWS&YH4-Vi6O`Wy)rt~H+SUdaj?%&Utb?@mtoVL(i|^n(=l!XZdWs3kGs?g?UXt; zI;usEQi4>Ce0%%*g0;k`Ikrlenxf)Uf>u&UD zY?QBXB{xjBz~JLoB2kpbr0PCs%A~<>?BuCa{9P$h_B98i)vkEP%1vuHS10gNk=j9X znS(U0tFSh|tlAu(@XIoOwGl5~+~4+Qm!a3q*AsSM9Y=0goxOhd>qboat>7Pj-f0sw zjv&G`PB1D7h&YbMt<)!(NJ~p2NDz2OoKEzfPpD6&KXJ?>uWM^q&BM4NgRNUds0Y~4Jm!AhJD?aNt?zg+lm0IdFQGd^y zCY9)_x2Lpu{i z2N(MDRZ{~%Z|zpc>%5oC2d5_|)33<|eE>yuu{xR=cS8l12Ge8%rsw8zK*&1w`|tC6 zI~xQhQL<$B)>vifmMk%EE%EJcjeI2i9>($o56HN<0e< z4Gl03WgZ@$OH$rtzzZ-DxDekREZ5kx^Eb8Xia>i&eXdXXa)h>;59aH&l=z$Mv0qvv~G%7LgMG@^F< z_QUPvk(`L@_c)}b$IE>CvAV$Uqd}L+fdV+Eg+~Eh0P@f8%%u*dD?HaiHUMRz<1xAA z(+Dl`o( z={ddq+GGSohFKc&RkZ)khYf- z9VK?Rm+?Rt+JQ;zok`-_AQ_3StMjd)`LiLFJZvDUBK}l^W>Zwy4;B$pCaPU+piseY zT0u#(2jOo(5}{LO`|-+#IQ6MhAAxt*&C|-FvS9#@%|Jv%#Hjv(S4?VhykSa83JQ(Z zxqm+m#K}~`1{i-^k!cljMuo{t5VnVp7~FUgqn)FsN(*qo+N45%p|L(@6X;C7%TzNw zd>0H~f3bN3m7E$odv1!Di)GEVLx8tbt#IJH&NUk)3HPNJtYDgVt&x!|<`*x434**r zLbuSc^v0NPYXh%wDO|N?7ggh9gOtt_VS2I~_}aq4BKy=y;_*R4BmfycGZrVAQm5J2 zwcBj-g6`!hzT6w?U3tRncMA$XD#OmcX%E0H82wChza6&5iWT}E#oo68CsdVl+zGu+ z4vKN{Uj?pSy}dkAsXtNgOYSb$)=+=Hu9}(}S*?rA8&cqh00V>UEL*S8C=Uc@#GQKJ zv)e(T*RNm0k52liCI~?R`j!hLadjt4=ob|gEew_Bh#-fpw;6bOd7)6{O=&ycx=qY* zrBgBR0R-Td5H#7qf#>UoJ(?Koev)$)^u)z${C`Aykt5?^6qe&1#U?ioaw7FxG zmVg$w_Ib>MFb|I%QQdLH!rEi(dNZF9nCapoC6Dfp`@4Nl-`>>SP)*1r1GeD`0LiLx zxI}WA;ia3aA-gfxtq)S}j+J%-$ZaFwt;5!^wkUoiuXc9G&_?6CcS4r$Pd@hw&rwZ` zSvgnx<;$1smP>V{g?vKSLRl0!cP{+{Ep2fxoT>bi4+z-WLnScUD_06!=epvh;Eh3N zg2Te}fIIKcxED?}BH^`eon7R!_ss>WMC2`xN8Xf_Gy%zl-9SP7K#^%8!OtJWE=(_t zM^@%TG8kX@^g1JmnlZs{;<8h%Ma=<#w|*0gY~4xiP`v_!mtVg+gB)?#A&wKeva$jJ zUhn9MnjGOK@Jh}k497TdHl z0ADz;DP9E>&^LUd0-2b(X%kmuT*;$7ST|v_54^0P?}|Xe7HKM6Mu}zqJIgXUQ74SjVd}vYcGWavIuMdbc$D z<;yiFX=~7YW^OKa#Ra(R^^Fa|PDLLBvKL~F=G0$#IXqP9luC}pAO+!6mbC%-$>v74 z3{WxQ#s>6wm5Us+-#3edH2nCu8AgB>HERtd-XC&NaGF4fhX>tHmG)(A-7MZ>l1IfM zy2$EX>JxdivS58}O%uShnfduR_yn-La&VagW5cxn>-ZsM1NbKl zCT8Km1uxd`Zc_4}(P`iA+HKz?j;Bw2t&SfJWtuR|(Lh_>_zUQ^$#VZYZKCIilh4 zz!+nVM0Wbuk=+c%t3Sxr267%DphHyQmjNoOkW86#0ht?I2#?1A8s~P`i)Goly2W{$ zCuH^jpRJnxBu)kd8Qc5rK9-j0ckbNjOOri%G3X`0GSU&d$|;@IAdLI&Zw(Tq{8mP* zu^KP`94dJG4Ui=$W5}VA;96T(#|8xz)UUoSuG>!d0V2Y6 zWNmbGqFD1lE=_kRo-Ak+b~o%wo@~Hz!gJpG@BWf}3b^TN>MLR|rdGVRmxjnG{0+6F zT!1qYq~M^tH7-+kD-P`6fl%Dq*{KT5jvzfJ#CG}eyhb&EJn5 z%ZfjFmX0oFr5=QmEJ*XHw6dVvf{to3L>I*Kh=72AD_5?lG%$;iZ{e_>>!w!>$YkF{ zw)B>V$7RT!T|Ssy+1N(WM-?n@5z9}`bh#NvYu`0`D#k7B{S}0ZSMF-mRa^10GK5y|!#pIVMKVuviuD-Af!> zot(tvxnpA6_$o7l#Ou7bdX;(WGRe?xrY$-iVgph|fXPx81`6|mGgrod#E=cjVP0Qr z<~2i$7d(rPj7*i{2dLrWJb+K(FWADT4JqA^P^jzi1bzPaJghiNnfI_DzxXkG+c%R_PE5V4 zJI#yhsk{qaGC?Wr8C0Aej)dah3Bg~miCLAL6(5c#cSz~`*RSRCNFT+6DWcM166Dt0s!5Vt}6C!&d;92^d99-rBEs zvSViFM=G7d4r;sO1@8g#)BTbdKI=a2_w`5tK&60Iux54M zAP@cM8=flZRg#%>`RWe}ca#%knSh+q2TWjJp7u?Ey;5GBr}(M}+YRXgINN$Rqzoj_ zvvDwcDcqT!ra5e`T4)SupE#j9ve=iGQC+IXel5F{(l}N33!3Tl4w0L%Aj~=D=k}=H z@F2fABo7#eWBfL8aZp|EfS6%cePB))a5Ai^FV|h%6FIe&zl_>%iM8qc<;M#;Dm|DQ`GkrPg z%+TIgbHDgJAE)86JP@GRq43nocqV|%cD{Yf1=_JNUWY^Meu%g}v#@|ok@8sps!HhM zS?YNi0FncyZ*?WFUweIa1$jym;C4F`vOpO!>IEDl2BiKVO^mo+A3jTJ0BMw$r)RFh zb2<=Li#t;E$)qTwgotsAJ_eL}3Dh48+%)Cs)7k+34Ndud`*LFF(@2*%7}va14@edUkbVeurHncy86Vc3B`TXurTPx!Eexd8HWP%sLQ8#o zLjX(I;~)W`gYdZjq3`t@cKHNJ*OtJJv1~rGk-mOXF zz+wA>T# zp|A7t^)QGy#96>#FpxPn*^bqeyNE0uo!T_ApX!p5oy#ip3Y`$47YdW#v$QK!ison@ zH1|hx8J4`i5Cdi~8V$a6s!XNk4iJtf59tDC0NnFkXXmd+lN&$~0ppMX=paInEJ*sY zDcHQsOMvcXjkvGB#;9220KtKbDii>|Y&#oJS$zFmFfC_7mn$0Gfl9US$HIW%rqbehaI=(H^C@%oT8yo zuM9uj>GoG?A=7U!rLDp_Bqcn*-cOK@I~~sp_@2j)A2Y=Anu{Pezy+-F-$tbt zZx%%irDby$#Dklg$AOd9p#BIO0EiYVfP-Hex(=yxw_)uFAs(?QqIhrg3Mvqa_lT6JJ znDAI#PBP^{hR3W3fXISFLi#|8UUvWOpDLy|Sy|-)Lc)_Xo0~UpLVE!l;s#8KQOa8f z^tgLd%E#N=4%Cdv1jHr0y8GI-YuOuPV`H=o47S6SRxQ*Zw=s8gbVRwk#{kX}v2vaWab8dvd)!6eyborarS|XdLIC0h|A<-r5LU}P*M>?NLdjE2{b@scLBMe zo23-Z$|m*16_6B!@fLu=%0MI4RaLgY3(;&{R9>wwX&W5WC(oV$ju!p(vn=^a@;w0J zRtO9ta=g|M0C{gPsk7BBb7)KG&4T!n%E)2^Za@(ueelhSj4+pc7FJexK)3^$B0GSX z!>=p?K-L;dAl}RZl-FHAMtbiqSL$Y~Tm%yui=SRwk-N=u{kq_l-GY#zNCIkvvOt_6sot|am6fE~lzT$cjO42F!_WZfi zKwsWWHK7OZ82~&YNJ-0K?QRa(#ZZvA&(tH!oF>M<0gXJv$;nx|d*aL`Ye1}%@-CLz zxDbXxs?7kxyTIhsRA`YYE@rTR29cg16m5Gln}7)&Quw5L3l^c${4QPhv-Bd7#^XU7>U0B99Jv^K>YPlBEnjA&MLp0tS}r zFjO+!;NL(VGJqD~d7(g~^8nKWP+E-{;J^ZdfhO7v~ri|6e(*mwWs2{}HazM~u*{v5B6SD<|3g#f|>UUQp>c9Qy2T(%^ zFx4NC_V?WXZ8ez4d`DB&uL2;s68g`|4~qZ33gd49{g=fskx#BsJiOV>M|J#{6;KEk z6cltg+T8u$xn|~n&oUx$j`@O#9$k!1rEKF(KVElTob7|pH#(Q~lhyxTSM{P%vLdb2 z=#0&ddP2e3jOJXE9VNuJKR+yCpx7{L%xBwnBt~^X=Bq!An-p##)mEnQ|V}|u^#m;Ql`!?TJ|Yc^R3gaOIV-n%-`EtSH{>i5L2*&Xur>k(eCy|HC~n% zXpME;jLS9h(wkEDZ0C4#?}!BIVDnb)k{6qUvOeIPmnBq{X{Uw2s=PLcu!@JPh z_XlSe^sZ@G`H`lcQM;qx$C5s5J-o4qac6$kvA&~u#8l_{C!-T`MC&!vuKZr77_HYC zLxZCBiCQI+9ljj?S~r(?yWG`B+sZHa!Q@dU#@BKm zX}leE9$#pB0;Yd{ZXYVL>_Ie4hK~RuZga8trq;ymA`_Ier*fi*lO~v|*z%uhS(veG zDs$MOETl3@nOPhj($^cK=C<}nmBuV9MRgVEeGQY>wOuHxm}!fbs&`*C9CrSkGpB~5`q{e85?J9;2 zsNQJhqXOKTZ)8HYBR;=8h)XK1bS)?ZKY>LCqEHUQ`cw1{z4aelv!(Z4&^S6$#Q~9Y z{SHVq-nH~cpknn?bz35fTwvwiM#Dh|eI-e~K5VhH$ z0T1>r)Y_G^BG%uZvRfWd!k~F>+_fJl!guwULKx1zyok@S`+WGI9I-Kb0_XfP$j-bW zZM&PM??3{BhQ8(Wi|H;4veR`9*2|3RL)e%b($@H8?a0|FJsGf#ICMy^vM3bjH~uj9 zTvUgv5ZSIVzR8NoLUf?B0Xyx6l6RKHt?&Kw8_RuS_OFLt0RKp_NcIehG4r`x> z&-6D9Se3J~1PokhHQO zxh7F(T=e9Uf2|pRtQHq%QcmV@_;zno>W$oy#~Z!LGT*ZAU^eUT*_@g8Km6>Y|H-j4 zPCEM6B14ML>@i5$xqEVZeZz&(lyqFViK6FKuH~@$mO4kU&ySXKs+g-KvOtF$Y+_jv zZF7-K-)bs4jdP2(j`-HBXCjOz)gKN2fj0>qvsXUNav=3BwCIx5tL(B?{gr@$`O#$D zh(6cAySq~t#2TfRk2$v34k?=Zmawx|l}Wg1F-IHZH!<2P`>FQ(^@e3mi4Ux`dM@T=};u@@4GjUdkKB z@?&Egt*%c~)Oro%=%M0VSR!9Q)1vUBRRMUBtpBZ|91H3yYHP zE=^zd8T*U3e!1`z)DRu|;FV>(nOD|h!WMDDH@_=cvMay9>+6k#yJfT@I2&P=x$=1ouHY!)7Jhr^Vng8x` zR;J*WVgI#j5{YqX^6bldpBfJI(peWrX$Bk~Sf)owIMr-878j;qTV)LM`$M>us!(cA zkPJX6WD9AL`KyB-9 zolaS2D0@a*T4qbcT*bP>|cunDspT)%D*KJt>av5+hm9%n!x_X8OnW&_<);Sn|R7o9z|0 znvCKoovyA`Y|L|4?Edq5(}EF?mHDPSfjUheHCH`sbHtBqYz{qsmasD;R_j( z=haJQ*vg-QcKN=IT9C?d{quAWoVH)&ibC3a$=&#_)Wq+x~0H0;p;=$9Jg{hJHzdoKYca_r&BR=K1}@)rZSud zUqQ>W*?Oe6yoH)sX9KP(Z2hWuJbxzr1*3%OF1(ARl#(owH*&(XuR_%xx#N-# zQuKTetiE<+a}f%KP5&BjqTFM(Ud6n-;w5f@PCPF(zY#ArJ2~4)sro>>sL;O6s5fFJ zzua87-{UDxX+p5HRHIrHme^?HGpvg&tl-v?nGga7I#`rx`cy;{lhU1|rSKfK%z|is zW3-bJJG6Zs#=YpHS0=SCmv%>2dt5GILa;e-bLGtuJD87FyWU=h=vkU2T+{P^xu4@R zUMBQLb@0LzpA~Uv@4)hi_VO;=?;*Bszk;;6k_SSr66S{LfeB|oj7`nHo};kt{Pa1b zSkzltdQn7U(HBwyxEZzatk9hLfe-A$<(?nJj>TZ}VEG<|QS)QE!+BvwHBp1ly~{Yu zr0r-S;rL0jCLwRvw3vO*+nR$L*fMQpFArbsIX$)h$x{7DYL$?W)u*486pd>NN@Ls) zbTuH=ch1u-K`WQv*Cm#(W#S;=aoNvBl*^U}Jq=^AY2J>=er!$o1=sFV{QRWr9*pIe z#N_7&T0Yd=uf5Y?mLZ%d-TUDb=+}GCV|2xNu*7$6D{7j$xywcFZj|hH?*5_Uf3%C9 z{pDIH4A(#Xsdm^c9erq%nvL@x*W!c zjGNDu8h(X{4H_se+&=T%Zu>E#)@_>V7V0SV%AkcMyve{b{@~%)cT=f{vuGL^<1!{{ zuY;&D(r>ozFlHh>g~PrmM{~~tE`Ncyfp;JwrTZddxm^3+{)}XOtjUS6NPEkW3jZ3T z^8&UKqz}LO4%elfd$O&Cdug86efn9A=j=lfuCIgBBj$wCL2c&LDytajeUj=KMBQS3W)tZrhzDPe6@LF*$1Z>>7>o06L-k+v0j)o2{6$u%-CiDuJH=BjDEsx9RvY&QqW$;D0@+a^K8b5aP-Y9=7?l zah>^J`l!nPeA=y+V&t|UNPZW}&y7nd1@PhjI6|pB_-j53P)GkSKQ#0;&9Q}j8+~Q! z*WIX708P2tx@^E`AZ=LBnAke>^09-%I;X$v<>*(O#n@HhNaE*KqmrGtNk>7QU?Y~* zySlpXn(w-g(R0R}{pqA1w(!u%QBXV`5tj3nzLL%MWHmWCF71=d)CC_>9QES@eC@OP zHX;ePJ};$`x@pgWd(b`quxVv*0D0nqk8xW|%daPYQceP`ej~`kV;#33x|GN<-Jw4! zt5&|SIF_J>@~m^l^6`E_=gyvS%wF%860)LiulObR6e_UD%`=AWvEAsCDYwtvnX!TS zo`m+o9Q4*Z&E>fW)9jk#D=!aB;4P-tQPgk!s+`r!B0#%3kpI!ZV`>B*kb8ZGi#N6rldNi1BNd%m2%py1)*T52qDr4` zfyoLE&1`If8*_15qht&DH9X|4Bp^E3SNyx@TI_o^r9NHbGEuJkEKFAEMWz;GxfuF2 zB*y!bo>jS9L2RvzY0ms(G&TD|rZis9ws)7v6L~q`EkLTzV?a;gFn&!pc#tIjJT_c= zf0A8foEq~4Y0UjBQYS66d1nq^d&muSW8S&smp8BK8-+GXy3;U!z4)v$nk!(Dws`1X zR=0k>e*}(QT=3XQTRb-j-&hVgEK51af30r}u89lSV zp697xBd%W=*|~grxB;0@{hn1ZmfAMR=BR1ieg>UKg|dsEOY|*IUHX-vFrYObhFYQS zSq@RF+qw$Ol>GyBAC;=On}S00M;zUU8@iO;XB}s{-7XOuerID<+zEz!Xl+$vTQ|`~ ze|eDYGX^Qk8$K|fZx9sOxDaDXdt!(-iYG}d&59pd_jF8Hj%h31&9&Ret1g8kaLOmv zwuE)2^(Ky^3w6uXpvL*O1o7@o?$b%mD#|sL(W-07B#ceMPlI`Ly)i_M;=_@Yz7REN z@Ig)CB{YrJW}WieSxznqpA+I@QL&B2)F@{ZX2WM|=EYlANvj6%SV(tTCJgqxo-;N6 zx$sH@I~;lAz1RsvikRY%99G;6Ca1Riocsd1YH7HK|6eH$;7R z-V{&u@plEM#GJK&Cx~$~!q}I^GRF=aw3|(pKSLWsIk=Q@k=^Ejl9HIDy6?nlzSm** zcyfz^A-CU^!`}p{<$tTD2)Z2f2Zt%Ys)C7DEensRY$q#j7KJbC`)U^x0~g&gQ{}8g zA>X#0TUGDi`uN_LT}Z*@8h`BN$+oz6VgUyS6tsU3LnFF(x7OJt7rnZYEK=fElUy+y zEE6@W9EgoX%FOB?3rQ&6s8$<=s{v1R>-dUI4?7gG*4Teoe#!`w;JbY03=^fpm^Q!M z@qC+HkGF0^oI+w%fj5>g)+cou*cOGVVVY75>WC)$&VIP1W3l=~eS5j9-A3Z20k?g7 z;R^!%3YgLa|0?Zv^VUVY;jMY9D`h5&<4#4KN)dHt0gHjQcS=~rIX!zkj5Pb)F;U6s zRlJ898}u86-OOmxR-ebB4M%z|h38^}PRu@+VMycAxPp9mg|^bO)HE~o6ZuW^59I2V+71vYmfEiV z+w*)Ts};4we1%MQ2LsLuvoo29({qTXR8hn6H_z+jOSf7+YAZNRkDBny1yl2u>bG!g zTUMClr)JlBM8D9+Bps#Qnd~2w*gc-#)$d(B5T=7(uJ!Iv(^R^IB)sUN*y@ILN4VBDgDGasrMwM_XuqO^8no7jD4Pr17tC`%Uoa4`Q8d@rERcJd}#+P`T zt~i&WVw|eE3ZI&zLd_C}up0e_O5HJGh4>n4_H^0$e!`-#{Q_4Lw{cEppHMOhZ^%T; znfs?x+MSdzjSqy#*vfL#eQ%~}B}n|b_IOV<=1&Qtj@%qhH?JP60qqSMweM=nj{g}9 z-z47w4-{8%%%SQjskd~UZ6DWAd+SF=+T_i-?hEsZ8<%8puIw9Rp@TKkGG(auBP#VP zDpVG;auK4Q=Zq724?e`KTYlX9_BMElUv@EkX5yAHAulH?B_W-=eNt#fq<9f!D0RW0 zowzb^t+?!mY$%-dNBdvet9DNGH`g`T4GU)5BeS}g53#5kI}C5A6D_h8u?59fv>aw!_7z(0Sy0N%@9U>Q zTMv_6GASuOJ#S@J>wT!dYwqUj1|FzPg%~nkm(Va2UFf4c<7gtMiLV&-w2e#2E_=RV zd8tZWPhjrKHf4@(E!(R+~wy;t7bM%2iP;&qNp3qJslw{w|x9>B`@UH8!g)+W?K3&*C zE_l)mS@gocqc_HCaKdI>qO^>Sm)6aZA^pXZ4L`q{ob-K^f0x;Q5y?La)h@-8wKSTN z?EyU~v0MCo%g4U12=begdqT{6r|MAqUrFxhnI_1*&`zap#}jjQ7ku$><)S`P^_x=U z@ro$(m(`N0{*1+ixN|}kZb#iN??#{V-_d1naO@3ty_Z|s0QH{dFZZ9a+OJyC&srks zUT)Ym;8$&@b-TN>@0OPB8<|$viYr?k6ehW>;1=`-Lt}m$wHY6eeImN>GxBr=J*7L$rsOVb5PkH?x{WDA;}Z#A{5jha;TjPjBt5TNW#uE6@ZFWZi47 zei_s-DC}{dHp0&BRaiY-dp0LZ<}_nlOwpDgDPMK&)Uek5zyMv6gH$ow7oTF zq|4-|WT4b3)?gC$`+EV5J$&9~xXPXJ%UR4aOI~b|&)t!M&vczhP$vZ$E=&l>BU!Fr z5atei^$RrxNB9Wb%V{l4=h!hQs?c-HW{DYK%>5L;n>*WjCP8L*V%S9ot5ci|A(9k3 zQ?BI9o4J-SQEaj?ZVjF6H2`_V9|HkT7=gIIIkdIi**5 zO|EaXv9)cbS3z5gCpH6K98N1y6(rzil6J~`StGku{TgG9UEk>aow{w0y8S7BBP!=q zDjzG)M|`etIICsnz*KbcNpYEPwk7qU#)?^{;rHa~a1P0KwU-M0Tr1|IRJBOno!(Y; z@VaZ_u^Z7&3Qk@OYV5xL3B6%6;X9HSByF>sD|y7K3hq5&4`z(Xe#*b-21H70m9Arz zP<%Fa`>sKP7MM9v8h?#Bh>Gb5*K{^3?g=`a&zTh@**CGXFK^f$V-D6koMX9Q z^3jm&B+DRb8}%j;5;F71^%Wt7*NNJFvogj}g`;Vr(;IIo3rz3PDkdzRPJ8H5iS|^oT zwpV`{+huymc6Q`4Dt5OaSMz9qn{)F-zsoy4(+&-K?x*?-9lTr3myd4Y6TTRE#oRqQ zO5>xg-GA8sNdIy2*)L!8A15(C5R0e8X?8tYAVDz+9tmk*oI>@Nf;N@w=t{%0*k=sR z3L;}p>vem;5f3Ilv&{BvYBYN2*(zimEbQDJ*Qm56GP?IF7~eT(*zmDmmk#5Qr5yh&lP+g7mV(EnL0W9o@0BL zZ5Xru(V>VuvW;5K@&_0m3h#4z)LY>thaO!T1Ie#u9Z_uDOHe(lnE1gmu) z#n^zZbOSC9?{bA9x>jqxR@PRQ$UUrXRGUs;W`APQXv=*}VkGnlHY!HG=hUdWLSXW_ zYjeq8xK@ux1S9^)i<5AvLcI;%vw6jGD1I=jJW2mDj^=ui8Fj;IR6j0Pzg)2?r8ezT zqLg`4&;lg=WldPsTgE#r_Ni`rXZjJ-wOpog_ZEKw>xUAZw`r$0b}JV~JW{A>t9#Qs ztU5lPx^N<}QSHuO%axQ;EH9$rORD{v`?~4_9{9QEr-=((IYDpxGv(HXU0P<_%WPXx z?-+XJfTvi`LgS`^NipIDTcV56?Bf7Nct``C{C8*qN#4dm?w} z`mw=iCn=5ngoLOv=M>D!=UXKb_4|5@u6FrEV_s}_-e*W;w-wep{WV2X=#ayW>0foF zJ?2P}8#Jo0TTjIIeT{sSQ1O+&^AH~IeuXnj>1|- z-aDh~V8YmG9+%sPzoCo$C|{U@xQegjB@}0f^2zcBciISH;6b zhIGdw%#KE|o|=!sc{mULE$)R_w%>m6Fq5|?f1SjFQ?ZbyS0s89sXvjZcEbl^296sFSQf!Z9+C}7*|oAcbN&M zPjW}(+Bdg5&Xn|+9iiCyFVjlfVV7I^D%(8**I(OnpZi?iX^HU8X98cKYh2ZruPB6ty#;t?yNWLUjlr^t`NjsQ7AN6fDNAgPy!FnNuDH<-`r9L-Ub8W@7=q{X-}oS zZwGR{e*FRi)p4-mCWewcwfoTW-Ro)75;l)GLpgRRChzS@wi_+%*$CrM68!&T?md8- z>h^bG)K_^$kyoWiSLt0TB3(p!F9E5MUP9W?|rBcle$v()MT<4mltPT8&}F9J*h@lxOc{C zAV?(s1qk`~>5=I^0bH3|LTdM40#1QHzp--n_h&4Gpkg>laHfs;NoXU(KoO36r` zmCP9|=^87nd%5^1Vr;3NlrlMht~ftJ2GlqrwR>pVhQb@B3^k^BsCa|cA3nsIAJDN# z3~KSY-K5lHBN9&nRBjd+gH0b1-frh$AM=IIWV^|RQ|NjCK|e0p;~8~@*z51%H!VkP z7(cT;v7{G!SQel1`3CWfkazFjT|e7bFYbrro-Ec&25iD01Rw~=)v-5DHe!9GQf?GY z9FC->#JqOa7jchVMv6A7YquokL*yrPG87@g?06{xHZQ5+sPVhA5~rD+U?bHvMC$&v z`tfOsE~&Iy`_oaB=#g`p9O+Ww;kcQ*hJ&4y(+8T2v|I+`AGUrbi%Iy8VL}1kBKnaA z%=&J-MY2|5d1)$^d5qc)k5v%*l@+*(p1$`4hfn%iD-G!e1aoc_^_OvTL)7r9ob4Wg zgvS#f7vN+ri>J+(=Hb*<_xy;pt6$GZOW5TxAQ#gH`=%GVYG$q;XMe5qJr6}~d-dp% z)QAMX>w?O8JU#%uQ?q>Pz{8BOk>-;k6;vJm$^msCT#lL4v#8CasP}l|E$&Us$?O&W zaAR)E2>{WiAIUr1X&7F(QUD8`4*hst8y4d<9l&gJ@}3;)_ul>& zDB9$>-LFM&=Ra9UdasF6S@nHg=O}esLpWc75gaCR@_5AD3F4P8bslgx3G?@RA0nxy3FQ%}2f`p$rSk+F_^} z`Ml%d^Y*f5i!IdTpMtJMpn+WOa}G|?`}N}WBA|`{1<;7@G-CZn?i=I*lV(ROEX9}x z9>ava5I-;aAVXyka2V9?Z#M0+U$jsosKS?pf0>pTdc_OVVZss-^!$IFH_<+%huZ3z`WY^}Lo{m#ta@xuCU zPRIOyk{k40CnGAzYfi(jb^M>Zulg()YUxE7zK4gRqK|yZkqx)`Ix_8Qa_yg_y12MF z>|h&WQX2SW`Y>d+xJkL?UV3&tHML0K>CJ0b$oeH*a!uJDu!W*_tYD0ZoWX)x>vonK zr-$kVcH=+lNo;R-o4-M}_77P?+&`<(lNM{ItehV-L}I_D{6%fW5Q991@orq{uR7)3 z2enM%>%#sP@Z&_(@yEH9f4H(}!9M$5mRPthuQ75W3z>10ohxd`fl`u$p~cT4C^Qto zQQDK}7DfKHuEsZ_WcRX@wyu=tVr@{By`L}Pls8C7{hk{%=n>n;NL3HhyIU{J7ZqA* zQowR2aa*P1>sdQegu^HR{p7wP07h1|>*^mRb@uw>^}S*$k2@~?XKQco)_>Jhp&!e8 z57oU|?#KyFxlrKzyeb*V+dcw1@<++e*0_PXng@1B!G>z6vkA5MJwGI@k>arXC6}Ik zAFV_V*6znO9;L>iEp>>Io4U}+X4U1U;S?Os;xW})ylo78>P(F_*@fHdHe7Z=;^UF8 zzcM~UOEW$#4=?_fXrtuH@hyc6>Ft_wW^Jh+y4=T^JVW{KD7`>rpusPi-aI+m^Nlvt zNTDs%<51%UV|n`x#2wsAXoinIpC?H_?2=Q@THjkmb3rbLh>FZlbqr)6ok>$~R6SvS z)}9VtW4ve6%eOhY{O=5-T;Wl9}6`KWH+DKSTlhlyghz1~{YZYbY? zOvgEIhp*86g}Sf}kCCBbV`@yn;`z?I*W5?7kfncs~ zA*~+oJe%bol+c6EqU9Wm5lfW)3zmwbu7X_quT{smN);)L z)9QO`@Y<)Y-5wNp%+1PRKf!!uYM#u4jG4Vf9;2s9r<6*Z!#e235jC>YU7(O6#DpfV zQd(vqeKLqbqNd=v5%bQ*U(Gz@d2{dBEVw{&6c9nJ+C5c@DUZVx;huZNXyZ)Kro1Po zq;uk}^aPymTk;7Jtp}3VmVHCbLVEgZ1gd?$N6-{KRdmQk+o%+9Ru9(*NIOrWu^Uoq z9SbYDDflM5{p&0o?=55R`zDTlRp1Bpsmp8au+ft-XG`k#cByhyM%3RrZ=#)eLNE@_ zbqR!0@bY3fry(lx+v-jQ@}SJt^P3W^dZ-VH@6fn70AI1aZZT#qqf|Y5*5mv5MVWQN z@SImioE^OIleLKsIzKsuuwuVn)oxu&ym)FDOAytYZ8&&|weB3KndElyDSBfdHSlaC z6F1Zf|9;D9Zo9Cy#Zmi;(QKU9LiE05=?v z8J(Uh%B8I+^i@e?z3SL!4J?3mXov;8_u2Th6Hq=Wp~0+Mou~@QO+Cu6-*By4BBvl& zj;r;)VzPk*rBF!Qb{YwGm&6XD{i-cxd6Gp-}@Re$R z=YR~9{)U7gk8=#-9&>D7=lAH)H3lvWW1e%S6bm|S62sw;@MD)Yw_Pd{WZvYVx<(0y z7mV8dtl|TqaU9SLVL2u-2fc*=s-^iBck^M_FdzyDY|nUBYg_?@rkvvr(n$HAfGV&5 z{dX@Ao~4Y_?wKUCOXqAV|Fjy*?Xuk<2}{n47UJv>F~?Yu1sF>lrS2LVHDnh-#{}`< zjFl1VyawL^nF0@1o4u+xp}2T>RgaI+%JqyAi%$=aPzeE_D0V-L-spX1{8WK5Dzy)ph^Twc*Dy_+PYB>R!mmS1Z`uzAa93+AO%a8 z(m~x@?>*2Thld3u`?nb0ksCM7_iq)+Ke4q{N_t2*OEKB~%qbzF3Fb@7C+qa17^nyh zj|mqNgM1%b59N;PYgUbsRyAQj{nO#!9PkT%OYpVq>GO7lNV)2#N-Zq!?MerUj} z9}<6nRcZF$#^AtFx~hrK+!-Dltlwg>Icb3-_U-tB;)N7~ajSxaJIF0?KH_=o(8_q5 zyl6}wBc&f=i!Dd!;4rJ>ft6bD5K6SjI`2@`$m#`L)8~Kr$>k+(PmwHAa`a*IJ6P zwr+fL(r#)ed4+L6k1yP&;9jgO@xJ{a+2)CMtTr#b3YWF|Kn~3na)C0Kn_Ke4+1RzN zOi2TQYrC3@No3f@x>O6vJbErkjVR~ImHSb2fwez!-e+UxLK%EznTAKIM`tb?_jHiOD_(n`9bvhZvArGg)1@wBX^)X7G<#OGpaz|@Od;p* z-1-@*1)CF)G^(6I(0D$SBAuhUR*5<@s&8h`XMgqNjo|Cf>*-WoV?Z7=wik1J`0;3}@w(miYcWv!YMTxBPFzMn1KfAVe;+j|eZ{C}CA~VV9PyRQ zPE#$WPu8-d%BajjE;cM&4)A?sloPJ5q8yztkW&>4LM}Ax^rawzZd9&jTcHab4KtPJ zi*&~2dGAVU;m8`1Rt22=CU$0By!!_3c+CMd6n<6A*`RVPKLta|UsKh3@JUmSdbhU; zHb3KiD6UKeP4wB(8x(%%NNATt>=kO>W&OeRKu{qXv{T{EnfqyP8llgNcF0`HvR*B) zIpH&mn|Nq65z|RKi`lgSxif5g2ECqJU(}X8GkFq`QIpw7-JGCmE5%}0`9PswW~uAq z_P#gw=BB82!3)G_9PQXpscCu2P)&P{Ul@Ku8TjdaVyb^K&3~Z0xq^5}Fr^tQ*nnl|5-0Et zWUOeWP#Sy|doi!pM?!mCai>DTG#g8?dvK|XL0B$6(-H11ExjEeNZ3m@sPHYrjrn@X zIx6(+Nno9Eu1YUc;Y(`5!;KvPHbw{F-_F9P{q1YPV6NlrbBSgZ7f(K&$jg~NHOMYk zDBc787fR$V>`C!(ZHA#I#_Lkp6=LELAD4`rZ>-O|&5E=vy=*c3J#*lthx^ZE2HS-V zBn;}&4IRU+cShv$=jN4KZHgLtu2QU_jJXWxR~yhj=Y0f=DhLvdbjOYXFi=H!n7wtW zWjycIcl>k5B93nym$VU8cCi&_eQNQ(+mvF|=+{kCTDi$9)d9f0MI9*{+g~j+>~ApG zi@6q0x(xFaJv6S2lM`n2l1g*@`gL7N(ip^(azM^q&?m1dgS0zTA9GvsjaR-@bTjzv zn8X^(X1~@^rhbeP`1Ct*CD)+}2=h13Yld8PCM>dCYc+<9s}#`#TYXGqd%VCeu3_Iu-H6XUG;&3G3>ExOv9w_^Z1lq9VivzLL;_zT|(56D)S`~ zyR^9Yl{vye^IRX8Z~yOsHDN2rR_|x!dM<&;WJ^UaFq9$FyZLN{5)KV!@to8Lw|i}q zH=lCpGHDCMt?TPS!F2hWS7S1V4KqkX@9kixIMg%kp`sZa;~UQs*&XG z8M$AvWM~_D^Li&Pj|eO{lhtKx$PdX z&kts_(j^4d3S3*byi75k%ZJ0K>9(cPws-=ZDFN$Uujn4ZT?dzSLHoamA^26R_}B$3 z%)yS1LLx>_Gap z*+rEqj~Le6TFtb!d=jTy9fCGmT+lQK7O=8hP;ja1rcK`wc4B}aC>xGzC@D?6Ok6k| z6XsmsIbQ4Jw^rJ~F5R|qyj83;c|Qt~Z+1I-y{IxO)6bsp6(3okv2Vb@rzLj~i4|^BjB~J))l;z*|k7Tsv+La;tTO zTr)m?Ib4@vNM->j5<{WA%X4#X>OI01t^WWpbP53W1=AciC4c;{A7M1EkCb95)wGk) zwcKobHrlusq_x?Lxw6D(o-evHOsc{9zqaEN4U?`x({kDOXFM?;eP?G1y@Ne5Iu(AN z^`OR3T$;V8|Et;rK82c+Q+2vw=W2>Ief_u{Hn)?wxtWB-j1;AgG2||NJ$Y_wD$YK{ zeNEl?c7KX`T0$3AenZW3Nj(1?H9iq;KkHa@fmyXi{k z{cGArFoB%H>J04$JEI1X-_*L&>H@1DUy4&Hj-VJH0sAa8b3SlPYHvr4a@zP5S)ID1 zI|j~?Jy+S-cErj=e;pD1)yNcs!&a#l@>6y7zYTv|YssAga}GG3IX+J&eTXCw^PJ)pr{19*=o6+ z2AsA%Uv*VwW6_mHu6nmm-<~5{yV%?MvPwbk@Kl)(?}&$~>IX68jw7Eeze;Wai3RX^ zLK3$y`ju+52PKwE$r-v^K>ny!X?$D9?vcR!xjo&DI+G&Et<6p#1K z-iez)eixDtz307eRb8mtg=im5D0C016*4UHoI0qY?blS`MEF6>374{vDfLXDt(jsC&{kPDSDbb!-xPUnw|Y z*o)$3f5#?X=XoWA_eSR<{Hl?9Jc_v7tIb~Zw7PhKn>s)1R+FH;X5Nv<8dCb555n1U zd9VR`w9)aG$bNEuwCXsF78pwZ>?ij&jL_ZN>4Hqv1N2_FbKUzRC)%xNVkPoOVQ+Y$ znnS+)J8~U(>B?0f+r72NN4z$lzWJudd%eOmqzf9RLbd8o#C}#lbQ>GA2pM*Fmsnlf zJyZBM{Gc}&U{!lwV1q}4*pA#>iV-9-C-P?hmqu)C$b4W0N50W>uRv#u#aKhXwE)3~r z0ItutL!Q|MR{t8dz)em(GbA~kWLjD_Wey?t6ud*TAyS$$h zd$QS%-&l|*|RV4{;A4(7fO(%;kWnzph*@^0-(3W=}o1+;W-IW94^N5lFGX~V(t`s z6Lb-DLR#h-aF`^eCkQ^KE8&g7-c_cgs+sjw;%lTvgfCyAsGj!J$DLA)+SbfmtK|5{ zq(+z?UWMj_bRLYXi0!*u($vj?g;n}a4eq#1d>}Dh86VF_Q?=Ob&J6T7nQWsO^FIYb zQye)CD8IlwlD;uaz^e4Oln4WbrSXhoBFy)W%s`bs`;o^YdgW@;C zxb1`OC_!&?_vShVldMEGjebG`c=II=eE#7t>5EfSQyPOV4YXuLf%Hz!&V7Jk$^tVn zsXq}eXa12yB&-&|-&o-bI1D=nj^MmPR6Gmd6xXyL&!mc89Q0WS_W@tTFKXhuy)ye4 zYiq^THd{Ubodga*UTEDWav}wQH%mwC`Dq*-do5GDSOKgX&I`Zk(CdIzl4$J%fZKZW z+BQpL9A0oVyR;jh=4RQK2FoTlFb3SPi=a?nq9zNE;R z0Dl6aW+GR&8QuRf?|Irkl>kU6L_|dad!nLTuI4qFwlfnQ=ZxIDEV-wOIrT)Ifq>Bg z#YZx}L=|uVv>r&F46Z;R$*;i2_inOCzW^qY{gpwgLgzo_5fN1at`bDg+AwB4`m)_Bu!n(=53Be>(LvXOhrcrgngs(e z9ZH|ukZR*o2~>sLakxdr8AS>0;p0e#okeiPQX-Eb+{kD+_AADgs|pF=`xU;goytU$ zX5Be2VTu75r@%Y*UMg9vgN-uw9B_gWYIDLLbpr@nzTjIB2fCPw^h`TR~pU9I392?k`rWw)?H!1!W z|NZpR`O|-bu5^Xfi-s8h<`kvkZihKb#s(g@MRO7b66oW}WxPxk3B9!-;ViZx6tVi(5K2`eNol{z1WQnDA4fY>P&m+Aq#XdcJGo4Eg#sgZtS}%nIUwhw5MCLdP5$l+J%&~QtfJPGW*n7s zi-i~4va`Q5=%weSyFGlDlm>ZhI2{UjSTf}o^(it05V0sse~JaBX<*E{oy5~H60sYT zQcjE)C9&UPsLL9tZpip}vp1SRTYS63Hqpm{6{_=%;KzclSs(oFMfQL#@Xk98z`v0k zR+y10>=X6i$98r((mTCgs1K5UT1B^sx?ZWRk{mMX>sudu^hLf{6egpnOmXa$=HFIT z6{JZalRH@L_4zX5^-6R<%t9g~ADrNuA2qu_m)-=r?dX@YG*GsCwu#4^)fymPi<_K= z_`_sGib*~!<(I!++Wt-Y3z^d z5nfTaMM`loa_7HVH-T1lA%zHyU3lHZ%H1|_3&p4IOGa?5Q+D^wT|}@I*)RkQ>(jb~bKV8Ed?K9iMMKs`-ch-= zBgQ9h>JjD^LT%`Zh#EyhZE$K)PnAVoUyj|G71~EqjC#t&h!5r|=P{^*vxd(o3S>lL z;)E2W#$YJ(E3S;2BDIb>o>DvncSu=gmN zd8DI5YQX|^Kt)TPbBiOeyzc`X3+{Lb!NhCqtZpQO0f_nM_eT5L%Q-nmzg4=Jk}qD!L`S_IsB zy>B#ki^$*j6WC8g6#DDgwRBi`e>L*2FzZOGrSQwUpUd)Q+1wu3B9g~WDvm^j@?pjpUA;CDydhH=*bp9=mvVg8ElnHgaqbQg$m|X zYWgF0jK7G}Le2b0rE}P=coe!(XotJ%TN|jjTksjtK7-5{u%~V?U3`k{Epf5@V)7tX zNyP`0ZjxCTEQRhX&5U(l8Wf4&E-cK-N0C!H$z5mkhk;93mcw=Z@bM`PJ8$J0=i!bC z_JfWi#faUPpHl>#un00%_UX@VtnN|#47SCQJQMjm+HmQ*Y>00v+iB0yyZXp z?kDm~A}IO|qScSvBGATfRXIib{+-}#Ffh9b*J6m#ivdW;!1gd8Y+xC~R7Fs=+P&GI@b&HU~ z$}{DhSmgaVV7@@ldkyE>G8}*g=}WJi$(7sH8W|bLUc$V^KAidR1bt*YF(0b^5h_{* zMLkJAabRB(tnq>yU^uTfbq3zQTBSO?BzxUpxL;j$+=lpH{qH1pPn?X%sRu^jlR>;R z7BUWfX}hgepP&x!zw&dw#6B>y&Q)!x_4??a@xm3?4&@3It3&Omh&1v_85~OU^K4e( z1v)*ma(hovdOCr>!6d0fOh076(;!_iq4qRcM(se$)e`GanL{T&m>^R?|JI zmiDeTP0mp_lPH2|OZ96he;RdP<_f4R8!fXcSqKo+UeG(@#IbF%{2HX}O1g&}XHbW` z4-X;sK7#_*j0#|rzO3EJm*cPe%=x%c(`Q~=fM5wos9JQrWeKJ?Y^1%is)bO+H zkU<|JQJ5QjnD{b+09=?;%5^u@B>SV8Pd_hdM@Zd9eeEG`Q|2^~T!^&$}dD@IK$mHw1!L*)_IuwhFGkErTp9H9bo7^5z9=9G7B-(ShnaeJ%8 zYQ29S@^-LhlXk^;ls(xYD}!@#X7TS2>O{WpwrzRgb(D{ntl68za>$ z+Po+3S0bcIjtzYu; zMl`J8GR0|+4Yp&|OCN40Titb7*+`4<4v_U@ z@^$eM*WJ^^$Va3+dTeq%TRODJ+rXzkvf~(@fzT5YW_ROS%nf8~;$_^AdeH@jfa)hs zDd<1xJz-?LdQf9?(l|@eD5NkBsm0-D&3SV3)4zdsw4$)Ig$0Jb7t%4X(57^616S7# zGIQ#yf;aV^HPua`3gR31WLI@r+5K1CEcY1mS`pV^n<{-(;|_ z``}G>-(TG8Y7=~kY~IEsBChee>!0p7cPaHbbZ8?MtH6eyR&9+k16&J#3Ds2Lj$l{I zwN*k|c7h?8Bz?Si!N- z*CGNPCk3htegZ;Hu9|E+(TCy81J{$GyxY8+F4pK~Sa=uhLV`e<8*vy?EW3%y^dCp>$rjcN73qoL3dgO%S(a1Q< z?idCRru~N|Gvg9Q7RR&Y_WkQ!(Ow%zcsEGYpI9xNsHF4xhQA1nnFX1=r5o27Qf(Ja zWI-|u3sX^Z3HN`HR&_KhRs^s~X?6Ct^mf&JGLepZg!OT+m!SExvn|>uRY5M=?Nf?h zbiR|X-?yEy7fG~$>&usZ6U3-&g~)fQCC6Llv+;CXlcD|0Y%Qoc$ix{c6UbrqHt#aq z)qb4+UE$eHvVSf)i)T6bH5NmR*Xo0d$*M`a)Q^yjPv)jaPbI7RzJX%3z`xH|=gl zwm8>f$r0z#&r$^^&MoHUl5J{Tn|#H&H(5nQ=2m|O5ZD{RXB2~Yl9m6eZ*VO{tWlAg zXzB-zfVU1NGqqr)hR)aPW}44R%i_d50uEF%z8@ z+sMV@kp7Jlify~*hyONfQZpdepPqq8tTdcf_FN&W6$5ohf&&;NvglV6Rtk1&wjsWW zH)CA<$KYMm?t{he64UIN&Fj7S84eVsUKA)sdbYoGGgxl(A;$Lq>Yo}#T2ta<@-;eDYP;<+ittdI?N_F{F1v;?`e zAx00+_QEpJvsKE|&rZ4gw0J!YM=}wmn67je@p`@03RwHp$O{wq@b*IqlMY=6-FC)X zcKxsjnxVSSkpZ50c<&n|R1l}i4p1{C8Jd1ID z7hx{XKuP=n4Nm)zfIAP-RE>ZTS#Qnuto z2%6Zb=-VXlyYLSLZtNOG0ZYiJOJk4vI76Z5mbLn54SeTwiHiYkc5D0&xoHC3hKqJ= zg7F|yI(b=d(+_x~x@zx=P;0Pxz5 z?(`Bj`iS+npYC~qfn(oz7~N=2!Fq1nmte&=6QZ(9>1!ZE-B*-Ui$AZ8!ReKybQQ?< zU22b2U!n$8Hw#f)W^8o|K9&j1Of;Y^P>SHe0I2~TPEKya_TM$cU0ZWl?+`$&&q~av zL>F^!Zmf)%CEU5oIVoV-_q3kY{pcjxQ&^|A<%-bm9ph?yDJ9dkC{6vY+R?5Cn(52+OoYNu(Ha4^6 zc*;d>S7-(DMEhqw_uS~KQ9QHEK-%hzDI(*`ErS`5$e2aH4b7zw8zhG|aF4Z-+(AD> zjKjoV5(|EZtB;mWy3J3% z-;CVA|_Nx_VLlb`wlUQqIDa( zp@ANvgn}#8fD5Paa|oFTQaN*j-`JUn)!i1W0(ix}=m2F*cC+V}bea`@K2=C!ZLHN- zduKA7x7RGek6}b}s8eHR)+@`me^%2+*wG%mRVf*uI8e}Y_qR$J;(WHrccAc&)@0^n zLYm~%8*xPAX|wQinPY@#nuDR1N6c^H=_vNSArwsR~{_pZ)?fcalFbV|*^)8K{ z#HW^_naHW^9>`qU%jBbO;6HwInj50VSl1Womfc=z(32Y5Z*n)J{$oEV^r&1D5Us!L z-OeXv5-Xe%rboV}XEEqsPe-0*!iyx&a9^H{;O!b@ajG*}eE{`_l-#*dym8|H02xoN zt3XS27a2#E0MTt#Kz;BBJ70~l zi0fPxbahFFxUCf@%DeZ&gL*iAjlZ9|2J4%(aBR;V0uZuL-I)*f@$2hFzZ^?D=x2mY>$TW)Y+8I3 zAl4B>?}L{0#)IO5&^FsC1C~Q+pdmDcyqFbaz19)Z9K~om6eVFHUacWB5!G8sKRf6kRxCKueijzB#(|z>$MjF^0R8P9!gm zU%I%&-CDxUGp6At*L9Je^e6r$y3C~gU%FK-!xh<0k~86R;Oion$d6}`SII9C1#)ip z5QKvtUd%_Q>y=i$BmB=KQk7UY;iDyvcFCm8+N}oO#H~#B4gKx!eLhas<#-NTq?7HP ziK5~LW%$9fDn$$B%+RR%w}HDBktbi{abi?y60<;6LKDm}dym!C8IkT;@HQBPt{h`1D7Y zXT(?esux(efg9VR6-sx(Bp@^YLsWi-BfHy+Kn92)IFnAiabnvireagA@oXG_t3U7S zhEli$Gx~wHkl>1Km)PsWCKY^|rJ(hyj-_;wh_XHrN5$3kuq##E zknHr4$-rA-+b_q9nNiEa+pb;pt__q>rRZj?e0^|4-&C!+(BUjQ=*&%}Ot(7))zV0d z?)BnLDSM>ELFtL{5m%5A%hWnp(qN%9%GpVH+2t$sJWT4~xv6IlHW4yo`J|?!Me3O! z?GMOIM<(d?-XED5kca)o&7=#;yswr=I|meg+Xwuu%Z7?ai;5V=v6Wcv=Jn!?jMt^e|@@w{Ma9io(Q9*zoz&g%efpp+|ayt3ek&f!<5t-@)k0K?MEFBqVC9~_V zAyCb3$WfcXet^+8NcR4CD=*k~PN0CC-}Hl=>W#RtuSMncz+yk(?g|qER}l0eXRu4w z{rJ(sXZ3`GzmhF0(c?^ zQ+OLOq6h`hj<}$EcmO_ePEJlOfL3&QW^GMn3y>OAle&h_#AF>DiUEoQB`Sd1g8Jq) zfD7uINz;Po#d?sIi3Uus3%g_ZeY0S03JPvU}@lGEL?7aRv)8@2zassJP0Wx0Q2 z0|Iz-qUR>GKdI=y!kdx*72dq^U-sSqS6+*xX8|OZVSu%d1JM6eemugjYG3S^UwDE5 z#fF19k3o4Bz{`$f?X(h*y{IHkD+#bf{z-xVH`3Cdizgr@{r~l~mJQuHc64H*ov~9{ z*rt<9yqpJJ0fy4yPkRBCHOB$tFW-X=r#ML{x?#waLOmLTFW9+T@2TXll!zknKrV9|Z0GMT<7$v1@hx)3<8?9b zLsL)cYWaWb!UJ#MzDZlFQj-Ec2a8nH?e^UtdP85rp_v)m>^@26Y!YXm!|pIW49(15 zUP3E^15lrI^+^Ie%P)sC!hRJckQ~~*d2SFN@gQQ`OH`v6@&n%TE$wup(&UxiMqSq zWR~PMzf8=c%irWjL~K{_;5Q<8G>or|Q0eZtyDQ(YSOR0D1(yd+MI@@(nmV~F?a1}`gd?M&1;mpm+!(nGVQEXO7vvj7-B&uDE| z4Go-C0DLBxpLVivJrx{o!@JcaRj2exc8v zfhP-VdTFleczh3N?k9UPOWPD@!Khqy`H8~ydM=TPPs~(Qit@Ze#LJ;G?Myoq;zlIY zG+Bw0bR1+O}swU;&7a4!1FwrwFk4m3QGYPWnmcNKdcQaXB2Z#3~USCoI*~HlO#+EPiNplYKSOKPCBl#DD4^ zXX!JhH#Nl>)Ka^Y-SSTGS9HFTepy~8d#^pf$HO)L!M3+Lyu^nB0S_|zDp?(#nu%D+xVKwYGy zDyd-!rJ$gQ_wjS!U}x9R)Qkq`VwI_^t*t}Jh`zYHto?L8rOV8c_t~$T^Ouq>9$>2X z);T=<-`uLD&($2t%Y4a}Ccj}FDC~K+JM!sa=bK32iaStJm*FpzKjAb9pmxmOFlI!! zHKG>+kX7#`fD^dJ{{F>Ke_8KNxUhad!yj#ym;>C6<}rEmTzZg!1r*hqD=)xMxw}iy z61?b4-gm#PaERp0%}M<8-l_h5DPH~J^%61V$wX2S!=nlGbkkdQnv2YdUk5Sge>l+} z9G)4IaNZJPS+3n|vIOS_1B|AIG%mU~UtDZ>Uz#8100)%f5triaN!iuP=Uht=)8L#& z{e0tqZRiyui1y>wGy>l9{crWQ5fgBTe^Gq}P`-nPbTu{muA;+2Lv=JXG>-7N{&RlC z`cL5s^%Cawk@2KA*6DRxa)WC2NHrFH=pAB07ngpX-GoOcuF&+L+BIexX1CdUy9kqk zBx*}jXKq4kO+B}WUgm}}iS?jrlV!T|@|dY_2A?Z3@^_JW{b&mC@6Jv?_dR0m1xO}2 zAxN`cF9#7Sw*`O!m>2u40e+e7md=iA=A&x1UC6Ey&yiX7T1$PF2gdR3+eLbf?{86d zPnY9&0GBAD;Z<{XK5(r^bG#u{;%9jtkK?7Uy8gnJnE;J5=eY(2W`ADxzqBMy^^X7* zR#xapTZt}DvIs~={AvCzRC@DrJ|ZNEZPg*xY8%kor7!CyrtJwEO}9nWKFdb+NOg75SfeB?usO-bQ}Z9<`ln#+v=pW zCV8UzzTSF7M$GfvxVjOJd{izXUPaGm(8SPYHHJ z9odazO14R=kwjlc)5H%8o;MzNbuHVC4|ymmA|x;rzm)XzDu5j-Gv1Poty0r%z12C6gq{Lx=b% zu^OK?Py~*JC7RqrJ~MCVAL_=gp_%4Hwyp~;?WlLHP^0<4Tp2YLtHvxL7MTQ_-MvQe z-p)*%jV+FTMqQw-dU>$l4U^cY7uKMzHE!JkdC5dPf0B_09gAFj>91&$N|QYz zWmV`-xb2-EovU_Qqd3WPq$2WTi{|G~wIc}no8)t+Py4sdlqq$=n3EfFZz8_`o_YmUtmivmV zLYpVA+IEE30gMMKp{U5g1{Jt;eFymMX+2r{@U+0XQhOpAogSB%1HJBLCsGKfE3RM= zVRKU|wp-U%-m8f5tEXJS&s77$4n$8UZDo%dZPFEH=<$oRH;j;&UHN1k^lUak^lq)< zv61(3#2HVRd=a8yRANN=W25~Humy9K9xqn)e=2Jz2niP74-fybLl#_mI_1ea()^x-)grh&Uz(_8q@=Yb;so3t zjY~_8ucl`{snBWYkF;v_WjAtUOB6Hk3fgEtQ`WL%;w5Djq1jQg?ylz^^S0X$R21-^ zK+;Vnlpec>>`|ZYn$1EEein^CPp55Js`Zo_s`#<7{cBgtb&}HVRgBJSqej@`(y%$> zNb8P_JuGs|CXStK{Oh?)cjf z!QI2JLtYiD?8koj#4|c6$xL*s3@%M;HImyTY zlhNyrPOBb0bcwC0-&WfCThB0dR6$s4Ew(Z*)m#Z0PW3q--S3@etinCu(GuSVNuP4r-F z-0rxQ)|avv8lv8MvgmwTNJn@i;S6)e>hOVDp}VO!WQ#!?Efu?& zyY!tk7e*EmN?sS3!Ad;%e4z}}W)z+Ewn@3LK~p%zK@FXwXVx8 zvc24?mfvG~RLToV6V_GIn{6>TMCd&mZd(k&t|^8v(0LU*P~HHE zu{o?R$Vm;Y9{<&1N%8Zm5h=Ac!&WJHn2Kq>)JsT~l8#b1-+0aP+HO^p^(o%`ej}~| zaPlOK;9J^5Q6D%N`ik;f=#t6N_%~oFv!%-uoM~#OM@^8#V>9W2Dx{cFp<>DgJno`pgem17l2 z1oMus{ZQJjZ&dC;@>lO0tgSv%gg^)=EUqs zzi*bmMlq~`NK4K$<_H0#|Fxb@G_29{y#I+k`QOKRLS}%mzOjjY$I!IsE1On`A$pem z9}Bqm1}}bG_Hq$qoKyG}lx$qfYIn?B`9Cno-18sAN_n5G1}6N92Jc_78Xy@E>iIid z`}_0%3p8YkPz6a4J8cix)Qb6Ey?WLBuj%5iy-zLdssAHtKl6W14*hq5JJv;jlUw#s zgBBR*&{DnIG$>`UzCxJ$@p}pgjH7^^Vq{C;Ohs~8#NE@2@SYX0VLYSpvJW4MWY4dP z6lRv5@&|r!-slqL)62V2!pr@wjcAy=m1aBlw#h$hHN~I9bD7R);H<4BnT-ZozcASH zMDXueow2meyWee;f3n1L5&oZd8V-rGL{(1CSjp*R~c57p4+Uf*|+tXU&CY@fcbC?kK8 zB%qYLHtiPZ6XJ)!ruwjo?zm9TSL6Dg_JiaR6&d@Z;jN4_k@9iwDIT@<=j+9P~s??m%lY%KJaZYY4VSM z75Hblp*%Ad)K#RYkW0{c$uv;u2&kQv#j4}(j6h~!smdjivWHa+0S@fUoF$`o7|N4#<29o#+Ue6c=lLTXFPDLEBO1%a4~XdXCo< zg!dcIfuP3Qc7Ee`^sh-@+pXd25^;7&2YMaFC2aZH*SEw#e(Mq;viUDcqoTMxJH*bC z^kuImXynLAG-cRInGiU44mmYipTzrmn@utm#&)@&9vFiYg1Mhba$LbQp zcx-qOdbq}qiZ#*~dRfG5Ney-F$FMgTrVwVa3rd*w`AUSZRYv37ZH<%7gQ}28N2i?_ z?yF;Zan}ONpJeOEA@;Z&(}sih+skTL>Eb&pyTP0My!a_pbC0%l!{hQ8n@tL4OfD9j zu=S>@s!Am|ygV`~eq>ELAx0g)5UM-QK{(=r1iiMD)Q6VSNsD3-2pf|m_Wpsj+&EEF z0Fs6-*E$~_YIa8zT2U7h!>vAM5h)Y}2P9JDqX!$udj@f#Z>ym4UJ?oC;s}K#%cx@; znd@H1Tn0OSscvQa4f_}%@BL|&jjb(#8aEFK8$Ny1s=0ynVb#RcpnkwYkZ@G(-Ob&! zmf+O3p~vr8W;8$N9rvo+C}VNA$X8I z1^Mq!c63Wqo@HPem%48Xy6q2n$}Dh{9~>s7hCa+!3mLMc_^szMp7Zf`!sPjp7KMZ9 zqB|QJL44nv^1>bbp5(6|YR}^z%|#QTw)66Tt*(Ko0ZR0u&a@nJf1f+EyRjtAzYmqUDlq^`tNC-v4|)k? z=Vm4us(8j`((G(LKE#X!Mj&2k$6W*?^q94pbqW3{hUEKNg3YAlef`DOOPw$ujbO>` zp1sWnFu{mobR2wIzqu?n#X5BZoM{H=7ZC7IVvDJKkEV-^$|Ta5yy~ zYc1uw5NMWv@oOmrIl2)FM#mUVyist3DuVj^U6RIszq;w2Y_<`bGd%*-ZAZZu>{EW# z&V(!XQ|3Bl#Nvw{9P4p7IabcD=gaNiCMKn#@pU@k?eHgJK{e$~(L;IGTm!uD_28YVp z$*xF_hwrUanrPILYvu~Z*gIsbY!6<;uN_4eK{{(1wLOJC1qXUjXOoJ1;@ag_P*(8u zWi1oWyK&U}%65rdzoxjm7nA);F!^E&X~B2ty&q^lt;T(E@$&gR@Zm=8NHQGXU=mm9 z-ZbzBkUa3+5zUT$Nia7ZkF1xC$H8K5u0Hz&bYNjfKb}@|<5~W*Na5gPx~4n6ITt z7E3q52kjVy4ZTv#uv*Dtnq<~gMcqR6yWty3@@i83hb@z8w0BmOo1&xo$Kp#V{-Ysg zn@EllJDh~f!eYfC!+Px%Ik)`+=C5RNz@L*)wZNVm5I}Upu)WctKVs_K!mwx>>JGdj z2urgPm#)MfMRydMbo?6kFYhPy>RG61{!vlnXx~WoM3r0dm~A&Ezs(MAEK{;t5QU2v z%0?x0ct-0Hg#}k!6S@pXn{M@4Ms0vOM}>bTe8Y6p_n(RLq^^?16wMTeXH1TM9YhRz zxy~>=d)Htg5Jg4N#qxNvU1F(%Ud0V%7sXB+Q>&QdT@-O%YXY<$0 zK~dcjGN8!>KVfI@bUR z7hAUvk#A^!QDD0yyaq@Wt${E63zK2h1`^!Id8z-^GPX8WTO{f{#D<2wAdzMX}Dcr%7SY)p1k1(hleF@5(N z;XBdN*^e@2-c$XHHtb?2WME(gv!8x*{opms3HIP() z6s(T2=TJ+xLp@-(HIv%2XX zb&XOXDlH;TN3sT~Yl`)yXkqb)_rLo!E5qEvUzj2Qi=Gfu_@BX@I- zUE}e0DBifT!edYyFgClvi)}RNNaK?lE0ooeS+F+DLp%ibDDpyB90vQ)yN>51#IIf)?!5 z^;}j{w)IO-!rD`~{MLigCH(W?es-KTvVV6e9yVuSjCJM!EmVkT>e-p{=h(z(Pg$d{0pIviNkMT#9#s4BD%Hw z6>{Z!khu2;mKhL5m6iGg?5SGnN_qDFr0_%=d!^pEYBR`a6M2vqJ@kiEb8yv12M2k@ zcc|A%HYd0BN%>jjib8&b&XW+ZVVpAjeV>Nv%)@s7bdLdS0*n=g{?r_a_lr*k#UH}- zzq*+)5&wd^0i+DGw=wH>^!;0w8ZwyDLWG4F#K*@o|0;2OXx$CeB)Y4qDGGa;O*29| zmgS4z5|?cM($>T!7im}Fuq zC(c)03VZvQk;x0K7dsrFrz94qB;zzkzRFO?9M5X!3!m>Z0vO`3OrWX9lY3V6*rNRv zs&YZ{LflIbX;PXUnh5R4H7hgfN9br`X#qqa&t+vFn~~bhh@G9vfM}=2lT(V9mM*n} zD0Y{~=hnP24ZGe4eoRp~*TLn4R`y`|hKZ4r8F7`0?KdjQ0!C)C+j6_iGu%^nSUWe2 zlwcuDItD5$124TjZPC&2$kDmjjEQFk0#) z=1Zpn2oAjqjY`!HQa>mqs~?cNgR8*;WNH~ZCs;kx|8tlF7kn+l?cM2+{ps8_MbDfc z)(A}t!BxKVfN|pT>S{TFk=XqkLJHPqnG5nO@)oSzlzz)Z(L0>K5u|7;fJ*V7E{wr0 z5yrGY>{Si2kg*OynEDBP{8I>W$=AsznPH0IQVah#7 zRrG-0*0_#3SE0`mpftTq#n)Zx?&V49_b%a-9Vjbo^}VV0B()^b`3vWMmDbs72Yny^ ztt3Ui;cIwI)n>nM$x&AEpT+mO(bmWWI=+Buha>Bf) zRBuO%4w!gVn!EcZTt7%2ev|*i8L#M4d~URANh$xmWc(W%d9tmhVOel(ZC_`ecV`kj zsHNi%8+c#3cS=H@Idd%hF`6}b+yxKJxMK5s92}^gxNBzR%$0ue?I~I$*NuAF9m}mi zzn2H;3b}24@zL7cDq$~nny@W6i~ÖnYj?O_P9 zkq|5CX0uO$pWckQtUTnN6`|Zj6Qz?N)f5IWtOy?;ltyYTdUDdJ28R!Thz=v4lEWA+ ze6*U!f5ygQqQiEYh5Qu6o-DX!Wg1^El*?Em;BA)^(_jW^PBShOdwkNTZ5 zfl;~Gq(jC+#XxhPWzwQYMAu*5y#CR5m-3PEm?M&mcE;r=9bFXV0w9^#cNsKAH zON#6*2i)7Dq^Cm>)~xPuj8O>4#Wh^#?mx003o4~7e-iLf(I@e%g=V~={Z`44Zm_C? zO|bYo?|xp3$ig<1MR$9e+L*S;u;eVw)K;`K?5D@vw$659g=`65Nc~s1_Ceeclzm@E zLYS`*w-Ya-Jc{yqV49Y*Jkb$D_xC51 zzDy7gwAd3o%zo#e`{mg)&TYz?OxV@Jchy-4S2CtIpNf(avRKX6qFkjU=?k-FU%FYw zXh!rK;oAf+ye%FfF6}co_j=4FYt}GZei!t_z0-`!e&U{*E>0QMb~9XG{-~GV1q9s1 zRi;H;;-Q*triR2fI)lA(a^;D*v{CR)l+u&z16PCM;JvS?#mr2Z?1P^)c2}2NjfIWQ zMx8`xFgl|1KTcIdve3UHk_5`w{qA9P^5I;N+?o`ysr5w z*0yZ9kOjN_DJmigSQ2b}?}H?AkigKDMDD4M3Y7<@lZAm=(Zjf*s0*nNeB6>qW)5;< zwPi=#puwB+8jB-QC@RLJ^N09L!o$j+3m&@_$`Ti>@EJ53r^J z8Z?Im1ZmqU7wWxbA^z0*@(&q6x#y`8(ao=}U?L57dINw>t-^nzQFI894H$XrnG?FX znEfAG>oWx^|7}E$|9>Tw|5sXbfM8&%m4Lm=#*u3xxNJ#Os9odyv54_r<_%6RTcmQM zLQ*{{?rW8UaY#TU-|kzYtv21az;Jkq*9WXntDXb?cM9TS5=k;AVy0xf zgPBk{yG^gARVETQ_eABnsMBTlQ}~|%_40JKr!YB+``!BMj@Ov1H}x`6TDbIY%|CWr j%#|o!J?#_52FL1U(;P;(d_G` correspond to the cluster where you want to deploy this. matchExpressions: - key: stakater.com/kind operator: In - values: [ alpha, dev ] + values: [ sandbox, dev ] sync: true ``` - In `.spec.template`, we are specifying the name of the template that we created previously. In `.spec.selector` we need to specify namespaces where these resources would be deployed based on labels that are assigned to these namespaces. In present case, this will be deployed to all the namespaces which has `stakater.com/kind` as label key and `alpha` or `dev` as its value. + In `.spec.template`, we are specifying the name of the template that we created previously. In `.spec.selector` we need to specify namespaces where these resources would be deployed based on labels that are assigned to these namespaces. In present case, this will be deployed to all the namespaces which has `stakater.com/kind` as label key and `sandbox` or `dev` as its value. 1. Commit, push and then merge to `main` branch. In few minutes ArgoCD will deploy these resources to relevant namespaces. 1. To verify whether resources are deployed correctly and working fine in cluster, you can go cluster console and select `Administrator` view and click `Home > Search`. Select a particular namespace and then search for `Certificate` in `Resources` dropdown as show below: diff --git a/content/for-administrators/setup-tls-certificates/images/console.png b/content/for-administrators/setup-tls-certificates/images/console.png deleted file mode 100644 index ad3b87c86520028d1fe1b0fcc11dba3918e44fe1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 54945 zcmeFZWmJ`0-!F_Hq97mw(x9Ytcc~~H(%s$NC82anw{&-RcXxL;i_Uj)@4fG5KOf%j zXPj}?ki7=(wXSuoIsf&Gso!^T0YrFgcqk|+L?OYiQczHE98gftZeP9te^bsEiv*sY zTYnLfc?ljaFLivu?^rh96l|o;^=#}lt#qOE&CE@8sjaoGbalRMo z#Al_eX=7+^_Fl%&R2NFd!1g^o`}?oD+V2_Y7?|GE(Q|-54D|26i@pCYA~Sf*Lk$J> z9!luzXBmft{RKxAIo*fH6AUwZ1Fe{9*vQpz1*{l9I`ZA@SpOOgS9JP_cOE8!cVnbH09aTALZa<{FSsY(@DjNH$6S(3!8Y48?|c`VV^nk5`^4_C0Hl! zxeV4wh_~IUOzG)Ruu{QD86lrCu)8| zX+pJGT}V%F6A^DITapNy#Y7?1da_788R>GdBb?j|>gwJEsp-KjSlm?UdzCnzl-qUU za>ipr>dpUJUbAu^ z%m4e0Mi_s;&u~0jvL=Mn{ei2dre=M8ecodFm4?3Z1NOgP{nZE_aU+jJbj85V&W>6B zfA8l#n$6@}+uiY&*;(u#2?+^Ch5Y}1Z@LrtcK$a}=}9^M;aEq~__e0Qjo!#S*7@jv z?|Jt?CNqaI%2@Uw0tStYL%|^97A;h0gtMRZ42FS&GR*FHN$$SX|BBDt-;s%l3l+O; zC&w#oHG741xo5adcc%zAEGF5b*1rYx^hgnLSeS~c6j7!MRoBLIq!knuNAeZR7!pxa z-0pAYExYj0d5Zph7lL9^rbHZDgNe@4gArk2pS84B#n`6?G<0=kS0ob$jtsmXkIi5! zRqN~~=4tQPOBo+DIO5+*Q)cM>H=s+v2k6=Cj`!R>W3$-~y|&&R&oL_e{`G76=ID6E zM7r2s9#h>K#S%&MBc%aY`=41wuGy|4kmRCgw^HIz!-EgvX66QTM*+MsYKOJ|UC8u( z{t*0u{#eEU69O)W;_D$sy?%{}Tv^t#e2NSWu(cEso`XgVe=bR!cujP^r-;>rRFszf z(QNw#_S9mf6*j-1fKtUL@!$ZRNA91irvKR-OjOn}%xiD|`i@4$z;fww$$e$_3-xNRMHe9@)9`Yv*x>4jmCWw5^zh)$|!Mdl%8D-#LH|e{Ig(TIP@-8 z76Ee@PoJ-TdAJbEX-~6IXHWaqChlV59q;{_bj>X9`M5L}_$fDEYV@bbb#m```pUU# z6|jj#jWMpYr6-X#$o*0Cu(dSJcMn4Xj zg^u}~{p6UIeH8wv+rbZm3JVk61=)9euQH_WXv>fg&0(T%3uUT9_=B*Yg(fDdD(cF{ zPUOj3pRNnt-QDHZ{f^&V?}>*3ZaF71M}UU*_51fXhlhu(D(c^2 z4t0f+VG-V;-Lhm08BVzqiC$(?Z5^MT5fc(Z6A%zMT^&JLPR8?qZ`)xp{(+e zia8eXe#>OdCy_GdJD;@?-`q2YkmKf(oYY#8YXmxtt#x5!GPvF*-(x&_?6~-#n7OCMBc`o*gj%4`w_&Pc|be5~_yEI#wJ-p~$z9>YwCE>l2 zQVvT0+4B0whg+Ak5rGLgKEmY-iu}p@eh?k6pqr`{xkU`<>>|I58J2J7j_Rb)j8k-#{j{`qH zKbyVDAOiQhk@^Cb7j;@Geg%jx;z_4vObGdM=wF{X7&6Z_CVURTj(jyWUYlMkGdEu0 zZd-#oA0WWm6gW|RXNq1c1XCmx!E00 zbxKV0;zL4^RcmcDyMpmx4=+#Fy4c-yoKT^1ck@+joE|Reg^D}dX`9n_=l(Zb_+~y0LC--p4)o~sx>huXWhK9tr`r2+Yoe0NrlH8j@-Z=a%PHkhd(-4O?nV1 z$~@aPc6OQCUBOh!m4Po1vFXg_**I*rn^)R=%zLjXvE?SuLd%FjL0P^%YU-MriVh8Z z1Jdaj0wLn!s;?EHTy4BPgwdF*G@VfK`zsd&&q2B41kLSRB^fEH()?7pp|p4c+hJgpgV)PNwerOD*F;R^T{T5yi>T2hZVJQ^Szp5v zz`FX&1Q{W4P*Zo40R0>*_c^eE8sUvy*jqF=sxZD)o$7x$^n)_DI@< z^4~>6kQsbYxiHhrYjXIryFLpWGVYc+@arT{R*WJ&eWUo0|9{TdvJWl%^!%aVH_^tad-E zp4W!i8WUQ?7rUxkX;*YY{*wfAPu3*7?2FGf{be%DLF?ThiOE_r(R;-E%@S)5gm`r% z(i-{qs5k7I@6lSX%s$(wNDdEcvZP24Wg*)&E#9U>{g)HdD_qk!MIQKU_T^ov zGv~97L8SZYEA9Gdjg9QDgXoqY!!Zi+_USRfr(<`_l@SS1ym^mfajM#W*EQxax2LGZ zczVz)M7C3A5zf-Ne7(u=Zit@2PKs%>!+K_1oyCg^?Q*hfd+&B1)wy^;Po@6$dg~GnbJltF@(*iL z;nZBBAn9S*%cyz+k=&B)8ZWZ;6{Z^sEfLF)%IlEiZtT}QI+^|hQ@`gGy7 zoN**&t-eBKTr5)^9kBNHm*Gd(wsm#~6elF{v)fVlBiGAb$fMh@( zd(3zbDe1yri`7qBQGdLV_v?zA=PoCR8(|~jYWW&#Q*niG^mTig}&($ZO4sB`D&?7M}Jcj z69-UDwkHd4Lby&}f=aG^wAiretTv81-RS8AiO!c4X>KW|}e&G?9mjjfa-rYP_; zF8KPe?#MSFfYLfhH!?0xIGRRvdo%-~q@-knqw-t8yXu;n5zsI2U5-CLTsA$Pv?23a zEH^*9I9gIqZ^*D^r(THo@dFCXU*P^=Q$XST7F=QTn2?z0xSi^=J&}hY5Q0zg;e&_k z?L}Bvm}I)?3S{e%M!DReB`t(UIG)9{f2(A?&~&ac5R)F7jEt;MrKWWxP2hUJY{*~5 z+3N-3@#$&n%nTMMC+AyKR3UNk!tkSiP@qwCsdtI-RN)3le&)ydM%P>D4+f4mH^z+1 zOl~MBMQ1Awz$5Z;&KiM!SxBdLmo1P?LTnQejYM?ebzt@9MO^WB7qcL)1B(XZW^+pex*Nm3Z1#uX+1bzi+vZB+u6j z#lpcuzw58{JEAwaf}U-`e9~~ZiOwtRj`#!CzgC-g#!fvtYRY(vBzPoR!+X3lHd|w< zvh_oz?jrjSVJ(eYV{6z@53TgNF?pk0r(>5bAHEXwE%_l9(hj6SRtBh&(St@R8DU&V z=`cuXj@=^SvGd-S2GJS7Pj7Z^Is3LwC<@Ni={6T z?J#fA3X}*Uyc<4W+q3JmP9VD=kH0n%V#tZDVcKDXIy&*7s+(%gencQ*cX!)h3lA-s z^Gn*2P=bN%bo ziW(NA7CVHbOw;1)_0dATwTR9F`c7vjdJoPoI*|~FG&P}kk})mZ?C?GCE*Q2dHi*?< zh{u0f_UA=@Awat+Fxbq@7_Og;K=dH0c*_{2ChwT+<#ZAF`h>*#cJ69W%%?B*8{eSM zokAs3C_XW29Zy1c8ovpyDkg&t1?Bv~$w`8c3le7Si&Co`0&)FSKQ$hobO6| zYP}&fGASuIIaxjDb5?vj4w$$%Kj~ecZoJ0ls{Rxot>)yHCJ=IZvsYARIF>1OyE9!v zbkuN(PeVhqd7sIO_i(%P_!bwpKa5C#!lr?=v9S>f7P<$WQf_&5)w8OKl>nq{jw?tj z&nY$Mpt_^Rx=)GVf_nSYCC{Hf4-F5OTE|Ck+ypQ#vhE=zB?Y=G_NKRKsU0m4Kw6~G-5x-N zU<8xn`y(YUFRuXH_{T;x47H1cxvFXB*rr6kh6Zkcz^P7If_Gp&hlhvX9;rVZF?{^k z?V|c~D6(mR_u&MYR3a&`<-5i2%XFa#Ocs-vYfgI$i{<;vr7YztvrU#vRuTRFn3ix7 z5&r^_zp&7N$(+ov1lqn6hJeo{iqI8V)2 z2`2`1K`g#AeIcp`2YhKV=Tb+h*PBnqok_9asrTj{c!b@`lAQn0;7SEMC+p%`X4)Qm?;Fa%v8Hdu1(Xp)=Y~ zysvKPAStGI?^#myG&Xw@nt)U=x8h#1?%*Ubp*(S!<~o!~<=2P_O{n`heH2J*pSLM% zBI~d0Z<^E7*gXu;yd9{I5gwgHKLTQj$=cPCJH;q2xIp`6bf1w?3GrFmBM_I8yT0k8 z$e^i1*>FL^p0#$n*A{&!kJ%bt_FlqqJL~q-J!Ny(>i=L!ywc}1yhP7@~ug2&*{U!NPMO22FJKU_yhQN{uQn|p3A1Pfg z)sl}K^X7t0QyTm~WHfjp*Y!htRpB0LHMn-q`FQ znujCdaaas-Uk(FM&fp%$WGJ=y04SkufUA232B<3s?l9ocuC5UGI^W9+yr|(|=*e>q zyJuYmz5f~f3%AVVrx&Mu_UfIV$`p%t0MIj*$Ccx$Uk3*Vb6u}T003$Qa=cWl10EV0 zT6jMVlnfB%F;o5f^EHgf+-GkD3ME>wlarIW@bY4s$Ga1GdHH5=aBxuJ;o-e5{Q&n!0Db@r2wY$W zDmR^r0u^MW!dSjD5R1>ri38l=x5lpF;qTz%%#e`9c;k6UNf!FI`f|}3AWP&diDXhbx=`^%j+KK0)5b#ZC88X2pZ`S!g*ExN z_8C7h5P)`w<^8#_B!3k>#cZ2XcqfdYeYroQ4F=^9WJyWMj$a8?Uy79@6ZnJMV;u+| zBWc&4zYn;wZ}Vl>4cYQl!-UfQ0_{x8u{uv}j;PXh-(XR((6{+5e#UsrOKs4RwrTF% zqLZG?&wC*%tCvYcg7p0L^vsO({Hj5XqM}6+0{#I)C0$Yv)f=wa>1l;KOn7^j_rGGG z(_jxya3^8-T7A4tshMJQ{ z4ia*wX*4M=bw(I@&oh!CoTEsL(rVa8yVBdQNyPT_B(w)_QX?D*5>*UmH;kLFu?OQ_ z*sCsSSfsjNQfW<*YCbo)>DQQ{OcaW{B{pjipuco>esN~qY|)UMkLS#OxE&bqth;CR z4jqT1u2w@{&h{iUP$G5($RTrkflA$eRcFIY0NpuG!tGCm4jwhOR zEfY9J;{2;o-s=eLMSZ?xb^@E{c4`ilJz9|PVqU(%JqFfaC=V4VSs&ESy4_JaMH$8* zRrL>qt-3^83<%ujubhSIOuQDjkvb+h08_wXHm|V%pv=7PZG=0bIJVVaBnm=&y*HBb z?#TU-a>}x@vJ$W`-XJHV$cw4>vIpZ+)f$`v33!vnvLqlQ0tD#ORRFYldU-hlOnSW< zKr4J;ywvE5%j=c^V)tpJjj1x9s|*5D=*fcpQi;>Kk(&FxZR6vEbEWx`SqUJuUS90a zv;|@@ve_RdI68}pzNV+A$7Qql0pS0aFJGn`ob7*pIRzxaSg|IbT%n4h#w}pXpYjN# z0~n!8thdAix-O5Fl0mnIc1+tp4SC?Q+s6c9PQ=0z1(*>Ks*-7w?5dR}SfH_j23>5n zQ2TZ+&T~+L_rAP$cV|2Y^@rola;ZYC4LQh$cUf5rrMd{pl_r|tt9W~R7rWltA>nf= z7@luV{rQH#bGy&@-rRd5S2nNz*6nHq?&)W;P*ns}2tet#&CSJUXJ>2OI`0)!9iN|* zkdkIjvkb&BYd_pwJ2*RIU_LXxxzq-i1{h_m%3OWX{n7RA{@yP*n58NpD2N2yHCPou zA)TC^<(KcI{6(LyPcnf@xxc>;Z!!l;LdmU^G=v|HTBW+UyWBa`m3am%k+F`tY(_bq z-DtYdrer}Be^pdgQ4Bd~@{aung(ZM8xSMYb%4Hxcn}S^&OkfXrW>1PaK-@> zXQko=+vCtpi|URgeL}c3O`(~tdOnD@kk~Y7&CZ{#|D*PkPy{u0(6>ys0c#X(8q8g+ zQ_qchXam;vkWa}EY)fOfZ5veLnIvWRaMg$g-=k#rOM_I}L*;S!i!IwvD!r&4VVm)b zPGGuKczzdCJN78f-#i~pq7RRNTXDEtQD%?s4}ix@EA(hFEnf{W#63|3YP|Uek%{sjCmhW7)vx-JPB#L=6gSo8SKtd z=rdun1L5XL-3Z}*_*mKm;ObK^*^~fH(r~Vl8W4XP!zrH?0HL^D;Shw)yn1&H$tawN zT~ZzB<1s4F2mJsB4R7F8Xi}0mNSLIgqVjimBrOXb6f`W_Tc$DeZ$~Nk~Y34#cxEYBWOuP#S;x(SkU%5J2)8#2lXH^r8qE#OR;NQa5wjeyE3@AF@KYu+f%GYx9aAlVEUvZ~-%c%(9qZ1n5H$P+Ouft-h#z#{&R+pQ)+N{-|?o z3>6UNEar=i_q__Gb=aWcy@LMZAx{J*W>nhZx7f& zi?${cwPKBDO`sH!$jaJ+euWBNeb@LWy||3!c^z{S`>+rh&kCD#vPFhKn@)lX9(xj| zKrVgc3%{k0F2sEqX@3&K>g%@lB_tv97k z9;Kp=>+xbOORs|~9294(ux;Py!E$I?7O)xq=*g<5b;lC;Ba6DJ+nuJsWNc2a^Tk>j z+sx@;Urhp)8D1ZS-etRsT>XLY%`V-S&3zK?u1}C)?(K7L47>A`FGYs)ngS6CRD-I| zULRQ0vIck^Jvb)6#=|XnWDfGm3`=FPV`53Fe{j`9c}zlX;I+(@r^Vo~w@6p@QM(F? z`LUEu*Lm|x`86TJ$0LZv264{La9a=RkWZS>VwkP=ePl`|4;-t=N-;zZnf>!;{m43t z6=)E+ly;9j5oCbkCI;I;Qw)f~9VUa}l=-c?gUUIeW|ESTWr=>)Ut#8;>?<4MLC~N- z_NpHq0{dldZVu)%IW2WSS!5)cKR(>&E0jFR9r*5dmW_9(eT1f>#<;(M2I5JU>=F(L zkayHdGKG?f0GqLKaza|*2rNJyCAIwmr}kG-`EEx9R0Z)Qms26oWZ0}XUxV3DEhBji zkfu=c?vMA8i>yDgvdG*YZb8!*F$_D*tKX2i=Pqc$R03`N1uLJ z{oqW&$9eZ>67?#OYz2o%h&Mv`E*L(zpCvOqO0T`I$FFmTo_Jw-KQFQ`_!*ItW*P76 zM=bZk+gO*6e${9&G{$5y`EvpMfruv61vEdxsM0*{j($xqto;ykf}Vow*IH`AKWVPnJ#X|F~1b_tcr3$?Yrl~bk_@7!Xc(s@m}(L8TioXy@7M@ z&^Cl2(_+ zHjXuwEBSAo);dXPF+1vgl!-ACRS_H81IEt=zhyR6SeI9^ksJ=_WE+31)zjsJ*&x`p zQRS!TLJVe`f$nT*H{%T&~t^v2iY87j=lM<(bAGmZCd+=#>lkH?w6 zjynn-T_{I=2Pq~~KEqg92i%>1&jq`KepLgQrEjw;jV`gE(^_4h>e8sz>O5=#JWHu! zu1hDT?0j{s>FMd|Z~C7J+SBtXa{R{1qaw*Q03Wr6cwVMIgb!%4E-)JCt6}_M0&RCK zCo5@nuc%3{`Ny-@m~<)Am4F@Ny4^3^+z}EJZ84G++j1&<($_iyFxJ-Aq;vO6Jo0VV)x`yq(~b&gljNo5pqO@ubE+tcnwxB@hg1@Gg%E6k zN(kEYFXzJ=AMGyqB7ar(-kZ(z9My09=>dPKN_VnA*-ru!_Q|-kL}boA;Hvt;h>%yE zoBMi&SI>}l+^kg}509L`HW9Na^- zqMnjavA-h5g&I;5*D(#evmW@Q&Go7-$N|xY&{%}n8G;v%TNj(I5B*Ao0j6yf^FnWt z-202DjQ6QOt@>`1HB)^qnfU;`GY+Qv9n!MH6@GU%fF79M-Nci)sor z9uO#JhRNf$3wm_4e8!euEYFMuS5N(7xGpOd^H8o~@Vn(oYGx%Xb_fpZ*t-mO%XxKB zd*0=|4u!ibS+d7UTFg!E9R_pYcPGJdawM)d*k2V}t4GGjaQU{(1!?8}-gkNjap&Y~ z(}u)!;~wR&+MALqUbSM*U)w`#g5phrUd}2fPJ=i;d|}Uz=y=~aj(N^GF5_@{koNHJ z(-07!j->KSudV$=$BSWm+&??A4ih_?T9+KffrL-k@7N-!-h&auO z+-zLT_^X}$iZ<`sSZGRa;++i;Nve96%7ul5G$->FWu1aY!T71ItE-Dd*teUN?DofY zZ!&?$HEw=h1qAX}pdR#VZUP`ig|Dxx`wjeB?Qo){tNNv;++-&F35os2wA#D`TDiRN zupxGblH%v1gQ_L9%}PK3!K47=#@YT%+4uz*Zd=F3##Vp-L4Vb09KOA60Hy=}PoF-8 zr9hsjosVNOxgF&7JOaAFu+|Jjn(l7FB)1zwYX`GYz$QaDa%DTtF2Al=N4K9H)wO)T z;->oBqLP#IM1Z97`NXhW>-in%0csNfHZv(%**2+S<$1Km?{!`ayWzDIKP1UW->{7! z9JxDaO0x!>wY~ZZOHFFxYL%MuG2qHuXM3Z45zq4a0?Ti%1Y@lkA6L{jtND3?PwUAg zBf~kt;&Yng&RwI8(w9N5on+C@szVuQ*Si?r@fTL3LUSl>t1}~4 zw1oyS$sL=r^r9||p%2Ltq%4fF+bOAEw;m(!at&Ika1BLc+NLo^PjL49rgS9sad7C8 zgmjN4*#i?XWHrV$PyN}w*&7DEQKVzJ2?Nf~i%_n~S&zA(^jBjcE>K@-2rYUD9cX?W zyKd|iP1l;8vD4{Up4tFXf)O&w3mdp3aGEcVjS78t?9>|a5cFZMis{0QC!$2;&%kA0 zHElx4W3>O0$b&<0vcElFH%FN0{OyA`bpS~NzgUioaZY7Q*)i9RY^w9+VS8ui;_%r^ z)?7d$Y&KIdmhHR8s@2-$ba&@Jaox=@$OK)Fh;ej7&vdjJa+ zwaxtjk}Nex3+fvPSIBl+$SEMQ=7(zle~pNShp4OuoISA1K!4Ze>71Iv`0+%*&t4=s zAFcrILAO7K9u~T3e7v5O1GL^=X|temU?Ty6;Q=UpNlC{5-?_QDwbj)xHa0ekIIPV5 zz(e(9#{s^h=?V&MZS5Xl)3ajL-qe_aD2NNBt6V49~_jo~+n~JiJ|= zPuSVPis&M~TIS>qN}2(Iq>b|=*^t#ESyV{RJW9_xUf4H#hjoH+4PwKKPqRaVRXd^# zBi8qRNy?d{{`TyN7DX3m?mrcYT^S`@f6h?6QCpQ> zt21%S9JNdI&qP16yK9ek#<|B3s8Fmf+@agp2zTk&8_I^lQf|18@krFJ{;pc7E5WrA zwpOoIVTX&tDvjmtNU@9*KvB_}W1cs(Be0)0#b*zb;_M6KsUQl;;kRd2GcJ`54TVqI^Z%0m#u>_T3 zsrSxU){`1z4NBXq8ZhebQWYp4UO;Sv9kV3?KS~3A@Vd65 zhIYsr42{EU8`3?m*sth`+)C?Fl3BF~SCs5lhvo@JC(QavWZ_PxJT<{fkU3NHlUo9@ zYO8bX^F7JcEHl;ao}Xh=FDzO<1P5lu3+B}Y^3LLumaX9KvQ`&-x-Df(wDr(#O4^(* z%IfK@DJdBP^Gk+op4@*pKcB6mUP9E?$6vrPL9khs|u%jzC-g-H71XvuC$BZG&C8zrCcb zxUYAF{D{MO|Mv{yyRHv!2b6VT4UP969v)zx`EA~K&Ho`wutxVSt36ss1E$z!1K&%( z`Sw9o=jnH4fmQ0bKUAH#oZa&dvA^ZYRRnFjoKMK-xqO|aZMu^x7@OSOx<4ak*yH_L zbeIGTHOcN}XS)*tx*}TLVg!A7ztpSKVst;ys(CUh%BeKo!aS&-X)ZdX>3fVQ19gnB zsPRr+Df!Y~dH(wVLvV^j zQMCZW)9>HE32*U$?)YI7fD?rIr8{8S(c_6G0SbS|(h|WBU>dLlP+Q9Q2zU_+3kyG8 zPbLCi-Uomi^yaHA>rXmyFoPUFKmePHNv8otTYn7Q)6>%tOydHqpfPlsUt)*kV+smP ze}*)y1#|X}n*kN0{gvj3XOskRH;VNRmOqD-W2sahK_kXw)O*eM>-Eag<3m-) z8W$H=Z~5U-(EO5gmUszh_j&_y9l$6dBr3WN+^6s63YDvn0B2=)Fx&CxTL6X2|G3U` z8cHv|p;iu^#w8F|)dI5=;1HBmvl@5i7Z!Hb$0G%tk!ebgKnia;K2BY|UqvlNehlKU zrO_TMUY4npFH|F1LmM~5YR-3jvLcld-kU7e$AY^+;h+qk+l*)b2_og7=bJv!a zn}O8%>gCH6-M*;(rKV({_M$oC14RTl^`-$G445$;Fo6SK?r@E@{u5i_>3J$=q*iBV z8awq2lhsV+XCXTonGdt^B%Rf|AfV{lPB;2I>UWI!`1oD{6K9Jj?9*%n06=_JiLIrj z=GpehYXY8xE_~-ev3Qoqy?W=1{T1L9K0BC;rq}K)HXI`bIG+c&-Z*L0>J?T?3=IvR zY%Mz7Z+0gOp2&~E!9gI~%&)pWo=>SiF>`Id5E*?=H(q(=wE}Gzd@6<2J*VBi1{k_P zO#C93&a?mx3VKhQgM)(skR^coxB?5(qio*r4J47jsE^Cpwj`AGBT&Hwo&(CABS-gJ&#X+o#8o+M7*$e>|#LeW#J2IfKKRH4jEJm7?|M4kK8maaK)_89s z&nHs0g>I55u8i>WWKq+Du!#v3s2lnKeCI1y6$;`=3tj`090dH7fqD;_^@alK)N?qv zi1>KreMc!Nss4LlH|4Cq-i*g(w`#9{2es}huZxHE#QX!pFYIsL?dJ}FEb@Pz2$ht44_|b1kg4%16`oFn69<;bn)cLo!I|D z)w1#7#uyMtm^?0QZ9d4X=CtG*NI+Z!Hw#4f-yoEJI|b)P{r=q!gwp>|M=I_>O7sf~ zV)p3=w+)s&G%AWeOFYqFwwyfl61TIx9i%hu^78Tz@O3;=ARwmG)6<7bw7a11`DQZ3 z2hBm9c#X~E3;5z_WS%RiA3z)Qs5`9f=^k5I*Imo6~@N`NKB0oH6GPR zb?YYUtwH9ZrLFb#_95QKem_*QX>9#;^(y@G6pdj=P<#fHxRncM_oj*@0GI$=;x+8Q{}@!p49$ggHLxB7gw8{cqkS*7)M&VF^8g@*U06T~E$NL%mvi(>f>@18=A-HI5rW$=x)O-%s1&0GbKzkRe){Qp0Is->{ z7XU|BfVvVC5+XlYq>$Ka2GQiCD~oVDojc{07}fMWvFvlp0VaDPbfT&I8f zR0>AtB=-kLeCK_7IeyVK7bya80ODKOUf+9c+Lof&DFd6Wwtl4zEqv3fKH4S_ks60t z>P>D>%T=Z?vHAQmL-)eE-0=^6S8%lJvmToW{7y zw_C%-dPfpD`Fk+8PnR2_0@9g!dWe=(;Bs2XtE2XK0xmTR5#PG<&gkKDA|Cga^! z?otpSeY{0MX#tu3)U|z(31})!fvx%E{2W#T&^xSo?N*kc=^QV&{PY5_GJ?zPR9@RxZm>{m3s9sVm^(d#a9B@)SyR?t=wHR#3PI{0_V@3nlj__OR2nOY`}E2B>uYQQ!ZWqMs_<|2w-00{Q>%MC&}U zJ}P1Cg%z<-bl&#!=#b)zjn8ZqrJc2wlrN~+rM{8nk_Q*tO`)9z_fNzUAz}2O_7~PU3Jz&ROLjkr$BGzQxBBlbNQ0#iUWo7A zW;gX^{@=$}e0}fG$MX)MLBV@r%o@k)1vk=p*Ypmf+JeO^J&2(6ik-Dl^yYUW0{&KT zFV_|URswru%S<3+ zZHQssmD+g`Mgd-F9iWn9U+X8_i$s^I4K@1sj#8>C>K)+!9X+6zB|bh*+3Ub%@K z8o4TG{?MGin_LRvV7?||dU~3n;{5m+sGMm=2%tm#^~m8@N&{YVip|Qo)7I|!y*wN> zwZ53n$?BhYtHZreH*LL*Jl4!~+DmrH?(Z%mw9rw!q7)#^FZFt&JsyB)*^(v>S7)(sZ$wgGY zo36U(su0CF{6eX0Y=WnPd3H*HbpK4pM0b(V)zT=^9w}PVyo5RN^mgr~I!$bAOxJ>i zk#;~u1#C z^n(dutB6E0;NfKr5&IM;#7C0!tU$v=YC9#xFf_7DvS&1<{}biHtU z_I_*c#Ef3m@RSN4F?jrl_kFn)!tn$Jg>Y2Wt} zG?w0Q?CbU~5?eWa3H!W*oX^8Q(LB<&1?^|~kn9)VqMN1!dCqi7+TXhKA{^7SpJN^C zBCqq0W~{py(0S>lGfU()4(1C24I4SCKYsC8q4$TE7!ONvC|FR-p8w4jd%8N|zAe(r zDZr*EB3T>0)FU0Agc5hE6gOE|O3|1s89R1E>7aK}!`IPf=#OI<#%C=8BR`DhK5n8dj8LA=VGlbxmWBGONWD>uALK)#&9-PZ1J6c z)|N-~$Z#$)1O>{kymYGY@zy1qmJdhAb}bT!0FZLVW@x%?_Clhv(EAX);RDWv*vu4@wF0){?Co ziPKyLco^_$WL9e8$ciq1=S)t`@O>E5LjN8|(+4*}MtAePyQ*{T=Jh@;0Y*GL!jNQ4 zKuG^WP$>adHqn-oH|g)VI3<03vJYf`B|ssujSV!^uDyPFK7`MPbgH&CXclu}edQpH zqqLzm5~EiyLbT0AH+Sz2?*aa}n9^E5^(?#Q@WlCmf;#wjh`!AM?kb7?h2y^C(+H{m72 zi1nr8im5u;`JCOU6efwNnUm7|KIxSeRHL;K*@w?94Co>hRjhM7iCGi-`^5hZsb49m zP~U0S&XX7}5%XEojinGDzB2SOwdRUNxa=W~s{~r*QFa?kUi60Mdn64L1`ytKejIZ5 ze;Y;Gv#%**Xqi+xN-fMaKVPC~O-HWvISN|Xm^c2!Nm`ezSaoL16TP}SyL(2+|HwF8 z*)a#cO23<->H9^%D~^oa7TvVYnctXiv#*F+{F4(iKM}C*D5RdUWcHPo$rz<-+}lh$ z-e~`|kITYehF?Kdm#es}uMv@Kt>=D!sHo#WD2-G$`Ca3jc%P)-NzmUHu|QNkX;nUf zrOR?FNT5TWCwOYuQ#g3arE6BzH?Wj-C@v@TlTzw;>dOr3`26Lu+X$z4oeRi#i*2lM z%{E~mgZ*XLq%QfbMZPF=n}%~zX{AWg{ccf7j^n&$lmH*bZ~flVaZ*V8g0R!7iEJik z|EX-@XmY(T)Ky*YQNSU_n}ws|-tdE*?g6=Pw~0BzJlxP5l~cL-i5O~=9fZsOWU)Ut z$1|wtnD{TrzM=Yde=_UUwTFc2#ClL8es7_tcDtPy{8VOt=zHE#A1iO{I6V4i)u>A} zr1Rr+Oe*=1l8i!{^N?C-L4BKS2qxu2?@&o?6kbJM^|ngGT2s%~F0DmajFax2_21&Gk|Uw26KeLv4Cp*%WQQ1o{}W2Y!aVPrve zcEnQ;)80Bc4^7vui>%7(ygL1&NJ{##&efODC+VoRuYw}fXhJvoei~LB?(e<%Gdu$J zW_|tz>Bk+vPd|eh_8x{-(H5uDSu$93X@tUcL$XM-xY~Mu&l~phfS<-M*!E~N z%JM2TEvGR2R`O-cIucC=OU==n((!X9w7|EXDPHN35ZK(jcpExezNic=hTuV&Ns~wa z{oM!2)YE$!rIC;q-RoB0Yx1at)hxd^mNBBurLB<1MT(@f5-|60uzry=JMlj> z4nLXxtXm))rR!L@56^aqyTL+&_(IW;-S_1q~wGXT>QtFH+o)v3-pVw$j;M>%9s7}{rm*K?H#2t zMC)4|d?W)Sf0%Y=cj-cQ=(S=m7oL^eAPx_w;)p$39|z4Bl(n~!k_sawQ-f{9608!A zP6|rV*pjqBekY$N%&zE5NNd~d^0CiDE}x0#$N#bo62Fs zWbE%nywuJmw|M=f?^;peH5S`)7MQ;tC%UDgLT()Lt$(s6uW~2<&q!=#s;b=uec!Q0 zeT%H5xx?_EPeFNPr%X3Np6NWs(-^IVFnj&fDebc+pqktNeBqN_FR!$;c8LY2y5!91 zNvc5M3q)=KB+xMFxW2}h3$!(1;BJWj`g@yzfD!IvSIlNdbM!xtMjWF91_MX5C7l2l zAm^{S?7n^CxKU{ZA#QWRSo!eGOt@~Q!g${E%g0ueG!s!yvkC`}r0D_iO)}-Vj#}c7 zvhs_0f_}powf)vek+GGd+Ht@UL{UAPHOz3L`S{W9%W4ly1}Lw-{*XUx=}Pv4N~=r= z^*c39oR9o5w-f2g{!(Msp;jOEb>!N>mH)KK@`}0a@@Y>sZ;;TwS>Jnk5iN}c>>r)o%6EnV_4+vtm5gR_d21;JRQ<4FBLT{RT$J`e1{l*oN zHBEUzSKX!-f{+c9;9KKoqZmZN^!XzT2wNU?r|H0(+2>{Wt??Opg3oLBe?$TTMerNE z`7Jv^R@M^m*k?Lg>hL{aJNH}+c=GraYsl@#{?p^y&qFsyMsyX*B0%ASH3HbY{CsoL zHbvCSt3z);M+&XABO4qC6|0!jclRFR-Rt+6@;*2A;{_=X8SZKoK$Is)-hUvepQZ%R%USr%|=ExA=6^7i8-IR8-pGg zp5iFyduJPPTWMnPU{G!DM{@WK;P z!8K(gYrpa3!Cs<7Ja+23M9ixjiF>`@{wgzGxZAS2)?vIhWsw&PC1h3!{2DXQ*J8ng z0FyzFnEjri^F$4j)9K-w&#@!cS>50V!bi-v^Qrpq^8$9HS!RCu8gnR-h`X4wG|Yom zwak8ja;gzf^06-)@WB%lZd9Y0{J&70H1%eCI~ zZ;kfB*aeTcRYq~`seRPgUS~R=)WRTHv~R22GbXRJy%kl20d?_=G$i$P4%M`2f z$~pGo0ek`a6te7Aahnjfaa`Mqu9xw&mqyH(Zjh;_YCHe_ZWRkW zvB;&#X#d%Vb{LEMR`zUnQq?+j)3&{Vim8L#{)XV-UQ4fQJN%bYd@A-e_L&((*rSi<5$qGnVVprlz=(dMAPqll-V|`~c4J>{{g2m)+sXu!OPoq?4v+ zOp_aH3sWy?l2P8tVhtJ~(=yKRTn%SIAO0@=0%ZjgnY_s?7CsqbReb8H(fV*@mL)@$ zcgjg0ga#K12hf!XP3>{AF5PG|;zWnDBR% zrnqHzc|vOmn4I?J747i^qAizQ#*^w5!#IoutyQX-m5Iy*b4emXmG zJVQFOYHQPZ;4?WhqwCR_Q;K#G-TSgTu;LMJmA|#6CgwN!n_FME^Q3kI?dbOniu#&( zTn%^|YWcnR^W~;wO!?zPr77uP^%)N%ckp^*-0TNaU-hw&o{sQ}Zyh_bmp)^dp%042 za7MirYRl#|$243N{id!vcbP(p9+S^}OZMn7-FTUDyxh|oXTE{%cbPh)C-#moO(GD| z=oDtPm}Js|f^TVL(dv+`T>o}_!V>Snt>~BjDIvWDwAnzM1O`=O|^*)L2GKkwoG$K8+X|O`~{%#atoPxmLIBj(fF@3CyZxX)MI;i|HwUzO)OEe})18BIJ_V?TWE}?HK{^Q!+Iu$}FPZ6d1NiNElwS81QotdU9A(GVs3GY`cm< za+^G~lGku1oD_NPX{t*MURFx)ldGOXp!OEhNV1zJ^^{R7&9@F#=CIJ{tVE+qufj?e z@ZNVlg`1oUs3%CvBi_ZM59TLNG1Jp38)?C{Fc;IK%&Ha zfg#-WMk)sJqnNl?X;5EE23O0nQSCs!!xbi|2%W)br;zm4>@D+fOy-Dw(Pc^&kx7P% zbX`rejtPyE;baW@+)uY7?G|yn`Ci<62`jF3gX*J+LXiNd;mn^JeO#{0wK-7_slBTI)}((7Evy)DDlmjJs1ya_XPt7JCR(s*m^0oTGG zzYdBZP@cOWt8c}V^b!XCkyW{tqY+(V!whtgk_|cB+WKX0V6suQPvKA~l8O;&;vT7) zm+Ex(l3AOo(Ugu7jq7lVPH8#hjbcbJT`RpE_lo6qWZ`3S3!LNr-^_B`(}$|q!O5MO zAcMmA*fASrN}m1Vci!TU?NlT}F`iiv^XlU6^Q`C;Y5$5#5GEvLM+ZSk?VWsflX)49 z_D1K>+TFSN_hRO)cbkyQ1ZKV?d0hfY+Vu5;2O-76*|Hg$Z!f%Fpq|em-a3$9ImO#; z)vPMb#ZVM$_$`5h;l%g7YAjun3qgeC&@VGpp;qrT+eS&|uPFcm5uNRJn$K{lLYF{# zwP(Qx)xQ56RzM)jRP)9{0N`rLmbqo_f9uz*;lH7D7i8Iv@dr#2u3u{5X@-FpQ~&xO zaL{OHU;gJ934Hk7_jdrb`BfgUy!cn0Kp>rH07Uy$B1Z1~zsLS}k$3^YST>rtUorxI z#{Jjy&&p=X?o_a5fD{WhWaIm3~H8aP=s_!n7qn! zrTf^2I)%{*y-k-EHXTw21l_S;WKaCZE49{875*wbQqgu6zh-wDBOu&7iQt+axdG~d z9enao!nLxZ-ZN=$&suMViK6l~%XJ~y0uD-Vw4YM>i%m}%8DHI+o%m|KsefJ_!B25f z1>=eRn{x7$+yJ$1jMvA4lMH9U4(B}){s7+>V;cfS8#3=iY9+fJ)~vbqd=OIq>Y?^e zd=yQ;fkzJS#3X26=3tmSXTEGXX&Yw!(fdT(#49-ImDInjWxD7kzI)wRUf%0`u2E~J zbbQ||vgx*RR}#B#OMR8>1X@4SFK0ExG+d=mL*H*(YEc-?>l0Y;gOz}a*hrb1sMc@L z0W;j=(J)N4N7OY|EUBA5YA|sIJoU}dG{zV(U*AU__kajYP>o@x337Dtxh=M_sfove zSGa>`v;`sEP^+I=vpzcBVS1*ft-m9k*JH&Rr8LV)zbM z@uoGK;XiV!`|E#0rx@!!R!;JFuIi?N6C1zS_0{lA6098rO%}@^tMv8j%45$c2>{Pda0bvLb>qy#kJ>r-~Q5 zdXIvu%u~6V?_~<#3DHqSNAn%>`AOiR3cr{Bi!Yny<@>u2pc|Q`U%b1%iCPZjjB7x^ zrP6G;<-#p;r^?v9GBoGCe_H*0@(G3!r1!=`uk^(PjQ{LIQ31Wmq;Vdckn)y+0nWeM2%m=&*CtM7mB=x27Nl#?!BE@@VE^ z_P1t}ceO?>ac4dBTpEdQ^h;RDc2?%OS$Yk}(xMo8E={;;1d14~%T^|T%_;e(!-I|h z2K&jbyjWTqkfBrQMz{z#N<8g_IHqfUor5j6VyC`UP2RrhQV?Y~?0Kl{n;E*4qmO$r zc6Jjd{C>}kw_D-9ZumDT_eCGRL)n`^u9p|ByD)@mrl@O(rks{&mpsp>TAS5JP*(=* z(ntN>ShQxKE+n6k)dawi{JJLV%gLNK=*XKLhkm^NECRL)%^9X+pO=v>-l>lhNzl^U zS#vzfUHJoz@T^i1*3M$@NlPS+UbXApLw!rD)=-0S)*q?x*E@H>I8TJ$ShL2xvop1u zpAd!APu%T+o#XyN@j<1R0iCsMHy2q>F8YEsq~CQd5TRPNaH&arlNoZX!sln5#U31J zq~I`MlywxwwefELN8xg;02etH`}qmH*WogjM2xA>9a+}KH{JfA--EGNm@po|1 zco1GI5rto5y^9CyhWK?STY8&rBfgw#d4WuGBM2pAp1rT&0_eF4@aid(|< zo^v3wP)xo-YR+!^*5o(_&}M*o^SNQNLz?ZL=|f1W^`_(3$X~~HUt`T1AW&UMIz_t+ zay`$_<4O795)^O4wANL7B%mxA^?~` z*K*<8cf?%DjNTn2st2w1iap4vS*=04=F74BuZES<1z+q9i$Az?^B!x{#>o0~hSllS z$VrUXIPm(|V1^~|eEZn~!X}Hof2hp7yG!^G^L2RN%%sh`TBLjQ{BIFc2eH9or?e$O z)v|9wEd2&!LcHHl-77y_%^05~H{aK+Cy(Njvro=UgUM>kQ!U>rkI0SBYN}aGY%tD& zf#p_;+>>l1rhITmK#`wgq!@2W~FVpgvte3fFd|Fx2$e{NuX-=;Zzgp+!kUNFet zfv7hK#Ds{c@;0m)1b!U0s_K>yFp*EBWn?L5wlkgn!V@JVJCK=t1HP39hR3SBG40^B zH7cm2Gi~au`0>Jk;l{V*+WX+H8%LH7F3_Zb?2IA8c(@x7Y*l1U zZhB+tx@6fQW4)H^(+yT9{)^6r&WYR!duc0)(5JtIFC@8_1c3i06{=^+_cAWqN^m2# z-WTl{ut;%tY40?)85)#v7GAnR?>yp|pqiF=rc)`xA8DBT(WyHGc|85TM5d35nGyNE zVI$2+t3=3`>xnLE1dX?wFy!f4y5#WdEtbxL!@w<=Hm}pUtemJ&$@Fe*5I|i-u1-aL z6CZ0VRX?oNM%;i8Mg=ahF);!H+iQL=#JW?i#U6Tkd485%-OmpB0sdjT&GDe3TVKdN zO4dYfzPx?mhq-iUP%ctj7z=Ma-aq`xs*;AP|o!H)-GbpxT z&+`M$PB0j<_jdK@Z9ex+4Fi%6);@T*t*1;Br;Oa*ljer%$65H;8)nVRrdR4 zOu~9@8~>vA1i8PZ#(s>>h-Q&9692Ar*=Zc^PYwyr7cr4!|Cu%9V&KGhVOOPTYH9S= zPFtLMZdf^ya!}QCNi9y(hqnW9fWyI-;tRjEqerN{-H}(O=Ou!qQ;ix_^WaN=nDe0< z#R^`CNo>WU6TW6E(DT| z4z$j#iIj@B_K)0ILe>W1#OaArCgoo^QntZ?Wjl;2UA4gx1rQy5d!@c_0~J381Y@Y1 zt=?_sZeYZCtsnl~A7U4Ko*^RBXie(hF|d=pReGK@Y$s!41K+W>6OPd*&A#qN`1Nap zH^q!0Hiq4&z6>~HfBlz#rrLomw;cCOCwsR<79vQ9nT_3`W;pe((dc=Ta^zi#5fbZascq46PdxL? zcb(X^MP%_Gyib0|#P4HgT1rY9qOznf>@_I!4E(!S^VenZ49nlg&O0X83e+tlDOk=ivzIbk+~Zu@*vAsP2}V;Hzk`*zTG?>R7OAS z2jD-nQF?y|U_$wOGdvK`H!R`m%rFcoaT&T;{ac}H)#KCUo#~8Ru@bnC(IuIu4)%Oi zhOz8-jfJ8t%uCm>QQZ}RD@0&HcS&`?u1ho(+JUVNw@PgnQt-x&;|08#g5u5+T{F7f z{Z6MsdEzcKS(#;81CLd75NopNwC>a-UJHPvOoaHxcvxop@2r2sHh9VW-m))`|B9{P z3Fe&t+`;ID>SVyaPo&j*3V+^_4lj=^8Y%vi@=VzL9lGTdviu#ZI*W1G^)5p@X}wcJ zv`bG704HDLJmBDhkLj9MYuC?cHnTMKGw-lS>owcm5)Yb;4ygJ9sh@w@6Q^1n=&V5wN{;J^`6c= zjk-#msvG${SAX#?Bfr06^>CWG9XKstc0!3o0Nt~^$ZO~yPEHZUXKnkc7h2A~abHZ` zY$`HEcBY^@&a5)jRG{HarfgH_!i?mjYc}i)4N^uWSzoxHXpCu}Ums4E5ojnFi`80S zq=%2X0~@D$b5kUPh=9R0CGML8ayNg?usr89RKCtdPm~{GFi9>yrdGc{Ll7MOr zM(W7wcX*}!VU}>p=VG(Dw1CtzL!^H3rXizyH&4Pt`XR z**bG4DNJ(GDk{(%-{s|J`^&!xQHr zzy|+{&q~plau|#(%pD3{hv)iiN|xCu)$hLhhbz{l;P<= zA*2jeP24YI^8YWmD_#@O$E?P}5%jYVoOuTeFx&l=WByz+Pq7%I_ZL}iE?dd)Z_ys0 ziyP@s%dq}AQxy$m0(Xj-X`_LVRH)J%Knfxl`8f}PYR0_g|7o^o^)LXOql=2#WoWQRE^0{6snzOrf~!c%|=r?Y4+W6-|< z1mj`L3}HY_81ETCUE%uy1j@>3oz(+^wuKHI%n&BX{#fV(=2NW;Ydpf4d=Z2rxn{5UHRk0|9S^jj70YdM}51NN*09r;sx=p20 zK;+`+BP=Ll7YN@pN-Ea__|XgIIuaz6R4(RDM0*_oOV@=w;7d)1)~hDkZe_v+8-^Js z93t$?4=n)`+Hn@7+$NPvma*rDsR<>f>~9`Fw3tpXO}095t_oCx_3U>U9WlX~U2)3# zs8el==2DRgm$qDsl3j80$wXVH_Pgc%f}0Ak8MR&NvHMKo>Cl)WF|vxEjv z_^r&LZwt=CSmyt9gkxD2S(O_i*Im7tdFGH%?>iW&t5B+}9zHhJ96q|6PPiYdu$uD0WwMj!UPrluNN?3W%G)jW$i-rFc{ z*bFx42~V~>(H{BozP~$HQs;7{vY2zX!2;w~QOB2F_SN4aW=gK#)ma86o*=kAU9Nvn zmQff|4zS#TM-Nk%28X_|`Ia_bagg@o6_w z)~9x{^gEVLT-dK#9xtL+4|R=OJo^?92V8CL<=dnj+q8XLLjuk*ei(b%>m{StOjzC` zDB^N?NF18ttM8<`D_rBdrYlv;JkV){U+;9~C(hBPNO5LM!JXHdVn|;Z5k9c(mbzi-zG>eOZa$1skW3}IUoUU#tna7B;+cP zkz#2J1kADWgY#w;g=irhW~mQwUjQOp1pw9Dzw5#cu=to586^YSj9vD+!I&tW%(#Hu zep%~#yPiZIi+YB0p}Kik%wALCG#U;*^~Dn_Uu1gAiy@Lo2T=xwV@@Y@3hEF#UWxsL z)zM)U@#x50o;yP&4UqSF(fHgG@9LuK_~vbDhK8BK4pQa<{sP1J?(GF=;>I)cO8)Y8 zrDzSm^3mOa0lDi!8j0O>PMea(F9uxBMr&b8<5h3rmJ1zmGr39c%uHtCoTuQ0f$uQMYgGaW+|_=;B`y1B1(a^fNgrZ2p8$$`1v@j zftj|WUfB6@U=1X2{(h7HSL2s+@!VG!m}x1M97LU6zXg8G&ihonom2xWb~zC~Sl<5F zjQLy~C!4XmZ%2*?&hqX-TX%?#PoFbd&eFOMm4FRu)i(6+j;UO1AQ3(7DK~ss#|y^i z82JwND(x2(5aj{6R51f{X>Ao7-jc~YEfp@|0tT-sy3bT2ifPClWh${n>1Wls9~m28hh9*Y8>C9sMEP(=SH` zvb$=lrE zEl_*6cr_=#fV-3ca82wVz})>#X#`7oiJ)MNWqInmhPsv-0v&@OnESg z?JA7FS5=rc34L781=R{!eM@^bk$+k0r&%bjmIHNrt-;+WjypeL zR;Q?+UWCmKXc@bH5$z85Osy2I+@=IEEm06xi8I3`O~?6`nDy?H*FNgvea%@AjPR%? zpV`oFKG{$pQd*PMw;8yPzSz^a)B&On>0K{le<0~1!}Yane!$nj)jWg*W=F12bl9zK z-8h~nBw<4J*wPOrE^L8_9;y~U_t-hoAO=a>7szQjHP&cscZA;$+8Vfwbs}jXXH0RQ zT93s!$JSsX>$TD<0GLJ+cnC-9)A~YgKY%}=Vt-NY>k5=`@ zYb~l}#UJZ(2A3JS@Sa>^y$KR(r#lIMEA5Nh1g0xo_(n^4S{icb1|{?H6tan4I_zZ* z&H33lset8J3#A)uHl{5@3}293w)gQMhWp00UnNwCQhz^RvMBBgHcQXFE(-jqbkl5TDKEjVT?zz1R9fZz^e6^X4t?(gw}8oX8Q65Y0_LaN*Jt za;P@jYIJPx{&7=LA<42J?RvR+(k?QdDGavJM8U&u{{lc(O?Gm#EBgb@G)>%awQ4jN zr0IKAIZ^@pM)}Un(r#c5wdc@OR@z{3g&SZ$1OfKLK;V=dz&xr#u1$=}7W~uuJQz02 zD5#GwSwF^X1+%!F$v|6#9}4Sa=1q(54^(ezk67hc0sCAyqEK?OM1hv2@W$Lj=mZpt zlBr&RYU_SjO#+kdLYFHPUbd9p9BRVmr<248Su^1a$G8fld2TksBjy}gS()Tr|FN() zR9URiR1FLc?Auo{Ob!FTV)d(XI+MtxJza918r`NP|BY@~xi)v*`UF=ZDeiJ27*l73 zZ@zCjlbTif9yM?~YBIP=XA=_O-C;$X9L|OlP^k1p(<@(|l& z=NUC&E!I*O$(Ay+3HPDv`EJ!*&^J2?(*>{0-cdPnq=fFi9>#^|gDKCEJ1*|Yrnq1+ zPd&D&F#DD9n5Cl=C>`N736I2D?3XUz?Lyo5%ZbT8B4Ys;S-Do~eB>c0FmMbzeB}iv zx}ZJ=1%B&e7{HudFGfwkJ!sF1b_mk&i7C33+31k@prDmuHWL^8=_dWw*HG#6l_0m7 z1L17Xdi7c&Q=S6(Nhw~VE}ks~ZI6~X+m&G;g`nM6*AUSgi{TwYfDjjxbd3YDQSDPx zmsmP3bUK1!JA5q8pu~80dhqQ5w{w@ZKUcA<(eqZoIZ%}kKA>M5Z&7d>6jmF2+pZ#! zHNezoI@qFCNJD>2KH9S3ux#cJh4HkuNa8g89vf(j>x?1h2%AEv@Vx{Zn z3c>!YH;kJ|UZ*s@57?#aZV#$>s&hTM+9!BGe_gwLw7kf@{%p8%c&!BLQD)|J;Eac- zlnFjbw~nbVc+D?Vpa0{%B8*T*gM{;h;Divk)!6Ynx?K4zM_1&7G8aRYW62>&mz`5 z!M}`mAjU8I)UB*JQxaU$janIhnLbnmPGxzAAH4G@U-;l%=A7BO)s1|%meVH=$8@HS zmzT;3<9|xJIJv$JlHZLvHm+Hj-{3iW5Du5GzB=@3L)-nl@B0?Y&P+uG8*e3`4$lP$sS#lHnfq zj&iy^Ny_U8rZLr(TJ?1_55b0F63?VDyI zWR6NIV|{qV&o3#}O;dkeNNJ}Dd*iR4x+@c(w`2<)zN=#?ZTO;@bpp zMN1`)LB8^Yr{)K%BV+@sqp#A$w-yri9vXLfufDB8X23jZa+=3BIxT5}`OK8nt_~^8 zTpjv7$+&~ob-1#YRIF=VB~*eHEpdJpnI>)>ADUrggPlbOI|A3%mr))diL(X7DYKyQJx4h^i*dMT*&V zq4VzLJu?*dVJnFDh#i__tzyV<`TDKTvSR-&gmj?1(*+MlaJL+#l6&-CSkGM z4maZ#_ejZq^?CbsVW&-u*V(93!|maYZ$?g!?!yOXRcKZ=QjB5#a>7!&$4_Q^;yXzn zGrF_Dqk5=Tv_3)z;!JvCx*j59d24@Sfz9#l(70JUmFi79y{MR!`8983ZZWmZJboLf zCe^DsA#L@vwNyQcgMOS_QO?D#8VZM-$h}zDO!e}(B?s@Y`0D(_V**-f_(7J-OhUzR zrObSF7cc5;EHx*K%7AY^!_^JYE(Is(Wvv~b;ds_1e{JgJ@}j>^HyGXz zBX@C$V}dHLy(F}b&GH&>>aWY(V`+Jq1bLFLeuREaGx8z&i}!lm z*dFPT%P|t*It+iUuC3NPmK-gjR>bK%z12*GAYr(#x@U+FuP%2pNb8}}N@}{Kn7=H2 z)Fapa3)#7DpqCj$Rku`X->3kQ*M*u?MS!p*wf+4r^N-$dEZL6FF+*=R2aRTGf1TLzP*yj>A@E0h)fi=pIH&WSsISQ{YsDhj}(C%GfC(r zWs!AAS!YoV(~hlT{}7%=8QZWzNo5hJh@yljBocM_&lJK_jF9lEwHv}c+;-%VBDN>e zHfrk9iBhIc6vGA~Wj4%GZO1OAQ+|Rt#}r*|}fYKBAEd%kjVWrWQ8 z;An2~NNrcftICxH`FOKvqzED2{W+lFT|d5C9|~mg;_}PZQB&*4l;q{o>Vwkf_ZPhnmNhywCg#P-flh#IwNf#PYP*gxCT|7+O zbr^3lQV^ObI=gGY=}ZeRl#Gpe@MWzD%twuV>oA_m2Mmp zLzaVKp%2<3lq!*PA~((UzEPq@8zCW`-!yTyK&7iJap%aP^R~KV`m>4sB`z~puMAQ@ zPv1c37JS}vioJ_JK~&U^G!UVZYTJdT<+!AoY2#8*twt79BR4{QflVr^s|=cb(-NPb z`KJ3>(D^Zp-M8C(lAKI&$Y*`bs)>6K8@p*kFU_u)IKS~MwQT$el5R6M{L|93(b-H+ z*?FR^_Skc*=-%Uvr+ z#%f8N3sN-hK`dk}U(nvRis!iQgQLl?+l2XfBkM>VAb|(_`X(9&F$9hy3yX^;*2*Q7 zTxRb)_C^kEn#AnRjmWWnDa180H`?5C9QEG85WFy)6W-XMcC5w-ge*Oy9p2Iw#Ugla z%n9TfZ14KB8{~#oX=8(A5w+%{$>UuWqG~qP-qSTNvcvad`#ZCIZ0#TwIoR~w#40Hc zIdS7en3{Ycw@2iVYwCDT-bnZ==IxmG{);ssh_~S1;V)wCt9rQ=qGDO{?85^&bIt5c zd5?O{)B%DGRgKtG_s2$Plh9FtgHE5Hv-!2Yud+}#)j&U!%$W^MqYJ7eTqFT~pDbBh z$c+IHYo_g`HMDIPOOXd-_-}J-S)KVM=|%Oozw6(o`}Zt1kRdf zq$TfG7e!e)xqIItM|VAb2*>n*DSfvNvetzx4Ba8&ts6m|!BzHJ7KnMv=yDS~te05G zOZI{3dGjOr+zAJ<)XB2TF@-e%(MsCn+p_YHY}nNG*UtO%{8aGl^MfHHbTfY6kt3HN zZ=IIt!e^o0vFO|`Y@i2|STV#(td&Pk;+*ymC^tgZYs-pAr^U>21xYEF=ttoty{hW* z6vhbblY^jzci+v{yN^(|G5e_TavS4K{ipl-8#VOcZlW1=&ps9(_E|IT7QK62dZaD~ zIfivCL;Q*q>?@i@fBt2wh@>On_=UHyP7^%g(alw*D)-gXC;YklKIp(i3XvZ!SiBZ9 z{Bp8216lL1PJZL>Bo}scE5!8kx-+By&v3tpkb4DHA6U}MrfD1){TV=dYnP5+!jG!A zsVoj-UgY?uInxcEDBmbs5>4Pc!kUgYltm{8C}!Rm7?aMu5A5g>S`OhuZ{N}t$qyhr z((HG{t;Wt5lEk5!p+u&1dGX?tLKK0xmBU2*`Ue*+0Z}7AJXAW)MCvjZXS!K2*gIQ5 z#320Vx|m4)f1!`opyYv?YNlZ&+X}47SF?A8r~k-Xnz@zN2|FQly+IM8{);o(0=V$f?lTPH0g#T@L*II=J|fZ0>~Jy}zhD zj2ws^dkY&K=f}`w`HYdL-xu0u@Z*=w8@iMOX}m?xI26gI<(NPYk;|_Ymvz z)QYIVT=9%f($J2eziuw6J4-p?czQP-0F~FTTce%PbS;UA)L~bD{9CD80@*6tdntG|XkbbBUb+^>cV*bBMemMC zx>g(bVfsGa1?2>!H3FFB2U!TM81Kd)By;Z4{oK!Q(8To;svwV&_E?s}?F6yWrwD|z z#CpZ~W1|;9kW_sfwD06<^`cHkJwa0BP#c?5APH zA|j_oPL6Dw4Vd}6Mmltn(#K_Z06!BC;ypaNvCw$il0Q77;`avq9AXB4orO>Kkx8l!!~7rC^*SvhEECG%tAmz1ez2QcB9KqJqowzO3b4E-n?*3QOJ% z5l;1m?v$jeT`Nd$#c192a9t`w29RoH49N6jhc-`1PWIisuD8m07p7Yd4p4~nb358m zI38NKsl7%>^XL)fR~W0)CW=`bdB*GKC^{LvC#BA;nKw571hBt!ID97q@w5T?&{9%U zxigUgrh%eNadv$30xQS+>j)r!k7)})i0PGf3B(04H_u>ZW@PgebI(<}U_?->Xb^QOzzKtm&jv+L=-$(_#r>T0p^b-&`G zqOE+kijUA^~*=&mjZ$G_IXM(67Yqm-`ZA9eY$`6icvKCSnU7xW54k4;3&7dN1e0M(!VECIP>LZZ`lF zuZzKrw^3XHZa=?MXZX9crdXk6W1~^qlSwFuhx$U&ihk*L9KxR6Mg7zPP+OPYBsslc zp>uWM!+bgO(sv0BmbN1*nu)aQGbPKNb}^IbMf`1GYl#J>b3?XMSTnm??5OUQHZV;@ zOVX{l>hEzHz`Mb0?f|o_o?OsgT?Kd_M+#7_NcBy21 zTEf0Ve-2+BPfB)PRS31*@QCSa>hnU$*02@{Z=VTn6`?~VR&C|cic_+OIv_iWeC~_s z1mTeMP+25U|L4pP+NiF)?rXAZK(pk7uRRH19T~wV*NIyyFesaW^!~JEi&HuTW)v0Q zfy?h-v@cq&sLv;(v=p@~oo22QmvP)}x8x2M_{1yZ?{DPj_-f;TnE0lja9C4Jbs}Ne z!ev);53ZUCSsnTKF~kLf&?xq<%sv9Q2%f9vsxfyix2jA{A3w~$(L7A4W?pLbSQ-1^ zdVW4f_~5qDjU&Hc^Zd_(z6r25zW3EzJb-{AANIWobqf=gg-LwrOaz3=`8$`5#*2NG zvpn6FsiLo=4_h=Zn)tIQmVGxWhEKdNSQ|v0d?)N@Pl=HF{axiM9>IbcP91fls<#cB zGUSh=8_fD?)9j?e^=m9IzwgG<4&CxNH#}d$@vRZq(6+&ey?t!@%a`3_tXjZ#%M<5| z%vo3yH;-t{?)Ch3n7mQ_oF27CEE@Zq}5Ao03Vq6^(hW$<+<;X5oNhZbMEM%kBDs}XGI z4DaK(UKVOq&wx~odXG!wCphCa;o)P*DaXjG3q7TBRyz)Nui&MJG<4^tDLc|T`Ol)bdO(EkD zY4Dic!0aR=okU;A&@)4#VY%SkF`K%-_E;yQ+x*GMCVrq)2NbTqU*?=%!w3RR@SZ&ZKabv-=Ir3T)~s?HWSk`{TAU@7@-MX4}UZ&rM4AnP(^O`c4F9SJ?%J z5M$1(ZD+jnPr`JEQ-Z-pL;Api8*%AJoEix9HkU=lkG{_B>C^9m;7sDh3IqcAKTM~V z_NiR4{^E{2a;mi!NFg3Y)HpBIYbk&$3g8QIJ7+DzVh)NGhFP51Wd-o~;ccUzYs(p{ z6C&8TuJgUOj=CD%^82cy`O{-@xCWYUIGvNFY5})FVSt)!SO3p!2LAmtqXw)QJvWQ_ zC4XlW&e0fFIf7dUsypL}=Ilt#6-IgoF{`n7T_yw{%8OzR z#I$MieO#GL_c6HaA9yRp=Qm()`KLr=UTnrOF`7wa$KOY4>G4J0tZMv-h0EGT3#Vc0 z8gG3A8zeT8Hwb^0GwB>zR=J1P=T20RzwzhauH>9hVVS8nX<_+a-Mx2IQ`^@rtjB{W z3LX{k00Jr<3@93qE+8Nvoe&5FM0!GpfOM6E1*G@h2}ua3kkCQp&C>AQG*!)FuP*2?atZ;f&JV`g0z*}RK~_{EYZi;nDa0ZP+?ecJc; zgz46*^P9r`zc|J7%xCrPe+wL}JZ5y|5=KNQqjxqEw11zz4KW)uAVbMg~Uj8&34c6CjiOp zoCzErQu+OuKcV*ft3i}shRd`f882bC^(`r$LCgnE*KSdBE z?%iu@ZdL_aZW$TpEt&mL+JCmRv3^&)KSbqF_E=&58vjGX?B5x#&vgHtV0<6*?|j#c zo`0tsYcKpeY4(3=2Ywt&fyb?1u@s_+{(7jO7C?Oi@2aBO3$dFpEV%N*Vh)dzC`1<= z4qJ2RF@#QE*GVGHe-EM9Qn6 zp_2@?z5tN^?${*Evt2V=zZ+`&Cx$+C5nH_z#su&?zmEW+M^UuE_i7$Sa+CA<0%oNd zlB9bI+}ym5=wC@2tmB0`dWzMgjfZ1@UT}Y2XNpU*j+T}g6%RNiSum?&`}gk$U24jc zAi_;7S2p$*f|5!-(!45`EwCZWz4eDmY@P_S?41d@*G{3cZWPASR)PGynWj#IH3 z)Z`H~0xCX_p+ReyvG%hozgSClb`(idRI$Q$#F_VxBl@p>fzqjxn%o@f_S{K&277f}{aq5VBA_q7&h znScOtmDGD4+j$#KBnEu{y4HCezjYpV!_tRtvT4GtA&QJkv8%Y%eGfkgiAQ@v;?TYt zI0T)g!MEx7r7OKA5__b6efc!viF&12z*gan6wW^5YD%PzGD{)uj+{s8K&|QcIwW4(tSOW#SiUEmE&LM`GVDoGV<08S%(2)lgQdx0!Zf-D=T#s2r` zFP(F`ujBgOkE07P^S_I00yqsy1OS zQfYFuLt`K7rfXqpSo>Pdica;up+zE3Gc)?1fZI&0>_lgyI_l88C#U&hu>IwXG=lKl z#}%8Y0pDjyWVH))BuCS=YLU4?l-2{gcJJgQdRDCV*xSLXswv|kqsvEZnXlPTdW(IV z0nhsW1|c85f4pN8Y6$x1S3z3&?(G4u+VFY6r^~RsZ4kS1@M*1DZu0%|3(bZ`MBTze zC0{X(X2n-H8&IGoC6vrk%8QsyUWXbHm_bvuwwWGRsKr*u2=@wSscc&kUg4&pVFp0606bczJN+UbT^|VF1LA*v$ z4sf*&O%lP?IOc{Y4f2cMyx+iK6?X_obA5~@cc;9gR!{<3`fyEmnIjOK|0KsinFQ7E zGRnPY5an6N;9UjvA$vsX-W1S{#ky7(o(VJ&l4|vzc(K%FX3VwTLR#rw_DlbH6n>p~ zYIE^~wyOz2JxqL?JY{PDE{<^p5-L=!i;LgN;;A#=HcQ|2<^UmxKON_0anKNQ2;Xh04dEWJ zl3>lwmD|r3nWS$|{|9%SDR(cGao)&{e!vt8~lnCvfsC zxpJfwfD`!L*=qKS8V=sUZS4Cvi&Oh^Kq~ZDJ#^gLC@h#RV)hLwIJk67;X*s2KR-?Q zfC!Tkp6PBg)FQFoTl`q0BN>NdP6me`7LF>MmC)BMCTdLiKCRATuvuEO%lW8A%R~^? z@fv=~wqX}BfPOy+-qdbMELPKLIFP8;5ZcO{k`{5PzF|R+=;uF>ZE3yOWdbWo-_i;ycg8Qud?qE%(`o3a|hN{lC?8nks{ z-+H9VRcIy0y+W?KXn`?MBh4sX|FHt_S#l3hvbbFGA+Lx?;wGr~f=*)&9g~$>WyU0} zCqn7zUz-qn?xO`DisHKELT(11V|>4u^+=d0CeBp>I5?5Lo=B@Lr%XvEo@Si@4#Og< ziveU6!<#D0S6Ti+@E%Y_6H09)KCHiYdf`(8M~iomCndg$RVlu{ zkkTYo0X`z~@H04AYVzh714tjePu;o=KS_yJ`Bb9?04xG?D?P^5dE8#!-po&1fg03; zK!~+~^y$;}#f~w-ALRJXMMjTb9afC9^I(Cq7@pCX9Zoc-Eeog`hdz zvfgnDwzcRAIz-_-IIFMq`3%lK->aHVDz~-TsbuW$H-?5Ue@TMiN<_Vj!i+|GKB#EP zXg5j-rMRuTlXpgtgeTK5hhZnZRD;kduaVF3;tZ10kK>F7{qd&p8Ns9^tbtdv;fNM# zMQmYvlOJSsh%;~s@57W-_Ef>o?UYNksms?R{o?5(~6(D$s4zqFmXuoz6M~dTml9VU^i>c9((tI1LAtrQ36=Qs2zf^E&SxM0`(ylnw5)$!b|RNSes&B_BTmNK2~!0B`S_Uv#5zz@ zuT`80<(xiog(13D&y-#g*)ro7ESG>Bsy0ggEZ6&*7CB`*YB?nmY<3Vv5g*B~V>1yM z67&2v610Dl6lO%ymJolJaN4}txQ`vj`vD&Q)JhR>+rk!r2? zZ2p~ZBU2&b#-(|2PJ#%}GUbw$!uN7`y`>sb(qQU?@AS9tGYCR2(WIJQr*pI>H%zyp z)S{l;C|Qa~mULga>GoXY2~gFJK8Nf5V052v>CWv0OHr$#6jye+OL?6u_(4-Dn6s&+@kKOf?!bt1eqM5C!>l&l+V`N4 zL(HKoXS@Tm<>rKJZ*E|fJV1snC#*9h{I%0)Ti2N0*cEg}dUM^dn!HP^!Lpa+?`Ivv@f26Ov99jzRL(QxW#F*qny=g;n|gT5 zJd(Hi4-vnk>X$YBM(17@X>az<5BJ#o{Rdb=6jGg@9LLn<}d(PHD+F9vh@k_hMi%hK5hlA_=d!$;b zT@MxVOa4xr2!IUGNv5*SjXOU7pj?a1oh@7*Eq)rhd7grPRas%zE{=9f>9VxUnNXRj z2%Cdfv6qMPDb%>FQ4p?47cVAT8$>ZWm7>1^^9 z>S&Z+-;3&yD~wkH9>xu&ydk^ZG+@g<_eVrpNLOhH1E%AgCsM25#Gy+6<6^or2v;6u zq7miVXIogfkf%53CK^6*IczaTLBARyi?lOvi5+0fzj)3Q@ql8X88!Ws`hw|fM%y^O z(XZFtTu4zKt-AHf-C!g-xEDq0(9yD#?a%tLYas$3p)^%M3 z2h_-vhAaAHUBEaVd4iqmFDLnbok1s74_kgnF>p1NFPM(eG{UtG-3e#x!M(%^sSarx z@r+zsl8(*EQSVIR*eIwW*#wXIX6gR3A5Acp<5pe_~S#^q>i3*iQzDw)JIjkCh zS$4x-dgD9i%-v9Jf*PC$nH<~WV2wYCuienK5^Ftl~O=Cq~qB5kXCpJ z-^p22<|xzQ&J0Rf%jDRhfJq6a@bos*%zH?Bf_F~(X`)tdO1!nL79x$$n(WYdj z<)}v6Fc!1x+U#L;%()VMaG`IYP)FoZD`E3Lh@i7gOk_s4#;5Bb%Rwncx6RS~P^DI8 zd?$uhYH>VIuf$<76_evQ_9m%Qe8s}$PP+CA1b#O&z0x3jSB|9Gbng$&Je}x4feDf) zwV{F!?2Y3#BDgf@*MsMZw)Vi|v=~^dO%~{vt1-WbAVtF#`2gMccpduKB?f`1qoadB~zi)|n<7y_8wABL8Vl7UvSnN$EOQWFcA z-aOKBnQmbM0=LITpga&mJ`P?Didr499t+vC&)Ocn|0)vrt@PNt|26(QqW5QT<%!|b zi*)oze$~vCY`&ZiY{}izNwMNHg)qiB{e;Ypf|NnNt<~_^O-wJXD zarS;~pl=6tMG%V+iG(@CPp=cWh4W&I{ucpN$t$_4M@blmP3f@Qw63%#bP^=c-h5~w z6li5_J{S#?{=sng{!F<_1Lq`{(ItG6FgEr6e2uM-!ro;E9H3hd|6Q|kt^VKOGZ6W2 zAFfhhBDxh@OH<+&pQ*BszR_P2she7fd5=@eIIX!YuaoR4=)YyHm0O%= zKZ<$h529`ybq&>1OwiNm3ek#%k?3eu-fn`1<^TiV16%nL_kbxX8F#R}@xtJFT$&W)Ivs;wx6bRT0kO>pn)B5S(`-AlJ~R1dZOYVm8v zdB5AKMy$5!v#+sd2^^h^EseGuS&S(r)Nm4f;XINDcIy{>wh*pYkvS!XTO4J(%-4#IFS&MouRa|4sS3=xTI*3!tCkQ3Zz&ti z6_QYUcU3Znn;hwbQk7`$Xs!qd-%NOEJJs!}3C$_9H#qNt3>4Lr9VE zd{ZbQf{qc&k%%$xP~|%PaxUn$;uL&@yEW1lbg)*-dN4Wq0{%Uc@_l2r*#v#$ZB9BQ zb7q#IeQ;W>0w1=6@|!VMyOw^+B?(D6ImHI-A^w^d!a{0XzS>rFK7S#_B%_y|Ws_%C z=zR)x#!thkb|*}8c>$yPKHy;YpWVK1H)S|X6JtorY}dZI;Qckyf1#VC<)S`g#YW=| z!$BS5_X0B)CX5nNXEc>H02|#(h5&7?Nx(T6czXF>Cqf$Z37@ zArrkTWC7JK7tpo@jH`j6vpblaWA5WtA}zL8yF2yC$or_W1G3UOFzDPQxIO|RQzPRl z_DR~IFxTC<7B$KEn_gnQbtA?t-d)_?tNhD$-wJOiSJ+Ye%weqTxXB7*_@UElNt58- zcc4cmzakX?%>f6v9gsof-y54=oa&)n`Mf~hLGH$@I3_oO_X8i)09z)_YWd**Ap2$% z)+C@B_ZqXCGx>nt+cR$0FdW%ln?-OTGlmx4c@&uTC!U3C*fL7V#hB~v?$IF*ATpHy z^8kRYS(oVnA1j#<{_R9W>2}~A-7*YNl@c}W!@7EU$Gon}ku(C(iJ1vj3pn=yd|JE< zrOQ$q+I_-1MB^&=@(LO`!?^?Fn{h+3TP?9dqJN$@N(MMODJdyaU%y5WtXd9#oQFY~ zOQGL&>9b1{Q_T-F(y2hX{(BhL=@yI|ns&{8i`?c!aA?%b&CMOT`v(x(0<=@X4;Iex zPrH*-s;T!}bfY%bKbw_!lPVSmErDWy?)%%EO0XY{79N%#x`r{D_xTp$el5C~r{K^`?t;Fu;zDkPP7};{Oyb0Bm@@%jS zN-003^Ih^jz6Ll!Yo50aE{-Y9Z{h0U4^NtCX!nS(6Q+G#uKaeQ3{oE0mS`5B()8Up z_^5F!>+%V;cL@mz3Y7*h*dWRbotrBF27>{R2@fM>GS}T6XVj^?iSA#?!}ir%%8A_8YLJ<$>*OpgVIVfCV(f zZoZ*6moJM**h!vkFR?7~t>kf4tkqn;Cc9T7Q8t_B?*}bjMPaK^H67Y~S8LjKCTd zY12TY^64u@7(HE1oM6NO?cwbPfr4~>6q%@;kIH?rOB>YEVuGWhyG!i%LM->+)B}rt z|F&q$0C%&sdVsCQmzO)^unI1D=0r%gj*rZtEz-*-c|eRuR!vUWu!#LEb924oAwcRZ zc6)|p;Tf7=4o$x%7${VeYN)|F^If2+-4F@VZ(15Clqnt~dqVf-jzQ|S;na8fld_uH zXz|neu@Xaim8|G@@7JfLznU$~N0*Bjm}keg?C(1V4f7an3X?tMiu#@xN4Y^fcSif< zud{cjhs5~rHwGn_@ZDBA9qx@7JJ1QbTP3zZ_K;M*=oXhJH>L(A7wE|hsMW!;PCUEX zo+?$uGUkik-mZ(vIqkn?3&=IW0{W=;E^+MW9+W5q-MIhCqux;9`=0Zh19mJUA!lwX zF9_x}tiH^N6Pzy)YfCDOjjh0r<)82})##d0GT*h&+gMn~Lo}k6=XCwH>%}08`}xY! zdWuZ#je-au8TjEhy@yo8APx8p;~`n^>h$=x=uLr%SGW8;P#Mao)t0&LtOMHIS=#f^ zxua6g*>P~%4rim>Kniz*1YS9d8w1k0k*eLJsSZ-oph=|zsj1@r{-&ocFp_V66EYuj z8l0)Cj>Lc@V@fvvzI6S%Qo{AFk~f%pMgalbH{M*k>*Bg_P*Lb6;gz;m-m#@AtXa73 z62PgLcZv8rlF~(8ySnuP;jt%2nrFlWU3N3>BL?uVMCB|}2U{x#F1s4KKkS_GUTZ}< z>~+^Ds$quU^yglt@W2jr@Fo|tu_EE*h(S%YJ*T(++v8Ef)-yrG)kW|Y?i^x5?$H54 zN@#kD;Q%>}R=e{S!YSf2Uz$yK!2Re7+eS~5e|Rg;9i7PJI>xy1{EFIjzEda40)%-? z4VtjQojV#>eHDjYdTk$ZRht_n64L_oEM58>#Hfvg!I~bG_`D)=yBmnyeMdvb_(n|U zlZ4YHMQN4UA6)gQzSS7+`B?`k#uc(k^dPxeW_CdPbebLdw3PUwVU~Vz1*IudS#L+e4|{Msac#XgUQ~1bRsMPKlChSiXHC_+63g5s zh=#OK^Ctt>d!0_}@=FmZxRlXt^N4xxVow1G?M%xXdMcF3WuOFfj6%ya{}AzEtb!%swU&9j8ScdZGXyCh_}kI%6D|loAQ@` zKbtzWZck-%uvoVe93Q61O=IZxaS19kP$pJJ`A6#yhp9_tr_i(Pq`Iv%5i4NQc0Fx@ zDzP(t+M9e^3kjK#rt1~2O1oQX5Q|Ki0e;)>{lB@!zp`Nme_MxWWaliY@6P)sX_}_s zo5z^Tc%>8>8q#C49>Jxf^Rd))eh&Z#S?naJ^Qr3gjAyfMtI4s1#yYaP$t; zFc(m({zJBW9x-3_Y^C;^jR-VtQh@%BEw{UFjvq2tCvvd{$UE+ z5033K->r>Kp!HF0eBC67{Q1x9Z`I9F+!mn=-cxAB!L3D*@H>2AQW_>$)>U5I>0?Q} z3OzJ6Trwvlm(g}KN}UVrB9(n0_rNy51O*OgS!O=PKK0lKVt3S9wd~%YvY4-mV^|mv z(LPw<6IwI;U}+2=rPu{aJ|!j))S{}TrQxX6?TfjG?bF|-0Pr^n$4h1S(g8(q&{3TA zRGLHEtEK_tfeDITm9(>K?Fs+mToW?x;3j&+tavco`Q4D4GB zjWm)Bp!;#o^?kl-8k`l>UEivlCUzgxZN;drn0I@$?CP!OWTUqP+*bikhNlusl&CN} z`7r(JhAqnC5SF?ntn)4IPxzzitn?0c@{Gvmk~;!hYbvl3y+HM3!edmYMb0<%7%vVvH#m{%TeD}p$l3$2Zv5@MA_>Oa@ddAJn zlXf)A9$hHMI2xOgQG@Y5yP4i=ZsFZ|xpx?oqOL>Sqs{i9J!pT5aj{}(JFCRsszQB1 zcDpk|UFpM9BRPTINo#pUbGT=HcLdNIis z^FS1+J|tX92jK>A?HRrO4~l#@5=!?m%o;XW`lG%IIsZ*K|ok!52`-fu+Fq<{B8v{`L|{si|`t!xCr^D$yh z5`ucs%>R@Ed@NrA^jglyX?N-x9=KQmt4uZZ86{53w({hP-B?!OTC3;vCGoWT8?1NQO1u)hA=Wnq2*gB|oQFY3fF)84r&!iE*! zEutT{E)zO__+R7kf5{&({4W^;2LGm_JtO~{eD;6PWsRf9Jro{;YUJW`*=I$WPy*_+ zMN@MK<**cX`zh0AWq(Hx#H?MBSei$i@Gl+-$C+czG5l#}`;i}WVqyQ(QgS<-)TCqY z8ulc*n29<1`brDY8*fg7Dy%pD)!HqFM>dGE|CjTRc|b{0)_rq+QCR-j$@u z$~#8ho~7k6g1@jL#s`bA6ZaFPJap(xxRz!0){roA#0wuadTbm7Qc9GNT_;LOz_C)c zwx?(bE`(Th8i4~CaYDq}PVrHN!9E}QOaHrs^I*KSr`gIt;w1v?9J4TVJB=$?ql#A# z>?G5PP2Q(vhzdBRmsorFJbV!Ov4NLv^e!APGy~0ry8(p`%*&qWJz5~lWmxYyYCqoc zjJZ^%+)C>c?*;!ki$lYHAP0uu&6CYlt$gxSUyKsibJNJudzH`Lp(it_xL3|bJDF}^ z@K3AWDfYg*B9iLyLIcPrS8Rf0t@z@j+Mx@&CCIp1n5?)an_l&loOKwph*1IN`N-6! zUjB=U68$kP2L9Y0QxTnUw??~9qn|4cLV3l@%M+&bZw<-ZGoG~Jh}}w<-t{=RL?d?h zVHj_s$%v(>L>x?MC(2X6a?L)7FaEIS=fk$pdH~2|i;1eD<``DDxG^WlXN6MHwQ*2> zv!2)HiVvkjOL9KDF&BOjO6^^>A9=kcO1L2i5Agr2<0OX=%65p0qI+~PIR(GcVTB1r z!xMWs_L{HJCk3dE%sBOJq@{^YrO#hGI$0#-Y!uP3B7tKB8(@|e+oUnyL=;fX7KqHc z(YiR~-n-9=B%6+fB`)^6cr)bA%+Y42e787?KUB>z?&{`V}( zVOhdfOg>d<@qvdau^66L#ldGKR{Tc0Tpb}PqpUpzw`6~JAUN}PclW2-C`6N zX24UV;anI0LRW`78Y%%pxh`52Eo3qzl#i2tC+R1|W=I3Lx&eQh0@b{=0(PTwTR+Mq z^eQ3D_*QmmbBnS;(AFIxiTbOANHZqm#DMm$tv)rk(XJ=GhfUc4Wgh{5KLzFSms0DX zKLb(2tyM(i9noQ$jH(`kBJ@~GkXY~b$^@h54b34wv6@QoPt1*f>*iPm5pjp=l^gF}V#mw5r6xL!Lf9Ou>fz8~3%{o!hk9eaW^{sSzL6JW-ruL|jvkF=sRZ(3;WsA4n z{V0ZY^$M@qdGg*G1j7e#YC)GN@^q%9@auK^mL(>UTTK}=@@9zH233UVgjUMQeU5I~ zr&>`{(-4*QSyCi4Rg$^zOg-k{HBf)dPL;E{K^dV9f$ct_ly6(k=T3|NrmgPc@veO5 zu}4^;;%8FVc^bN6Txl?y3PHT$;n&1R zJf>=~9P2T&4gpfCozIo@?kIpsWUVq=*MXSG zFMsCG`!5&&~#rfN9w6^9oo7 zP}WDa9)j0l!JBa5)Q2S|aGIU+0VW@5USY*o%S+&oeT7rY=IXbc>{flR-^T|S=LXyq z7%zMv4lQSqvTYw7_AzAk-jB&R#Yq(I_70g`nBj%rL%S&%4>CuT-Ov`HIl^uR9BDTC z2Y0_;F|bur5s#e

ikn^%9nfS~Q&ZTdlw1c~$($-)9^~DyXvh`iF+xa~t0RAgNex zyVewzLDwCzQ^lIdfmhchb9NWj)spv_i7&(MFrjXk=v9`Gzs>{lS5p@(=VItndb4xm zIY~datbEC&$M@SF-N*;6+kBe*)@Ee}2Yv~I5RrRL8OoQ%1P{M9de`(8C%xk~(P`A= zM{E|0HeCykJDGIL=S}ac6@#AlmxJZ1jE&=~iw^yFVlmxSe!<~V1z#PNG2S9U98#Iv zWtW4^dT<|UCr^7x-+AO_@R!iSx3l$}L+DhbZ0}#SJtD(-eeG~3UzEaX>u>t#>03ee z!}x^Dub9@JQ1~q-PiUACZ##w64OUL8lUPR7WiO0PU-*4H@Y>SNBUjg)>$n^dhS7Us zR>>uYWzz^j>r~jr^iQbqJxCTHLuOxWPh87MvNO#;wQ2Ax=ZIWALekyyV&YP&7uSO`;2!2{fEfbD3n76N|F7=pd1iEJlDY6EJvW6Kbe8?aH%U3r|g_YwIQd5-b3%kT4pC=8L;aORT zc8ydm$7O7O<6rNCM=R8d51qn8JwM*gqM4lNzp%fn=w%}W|iLd%9s z1)j1sH_OHK!=K#``fJyASjb6m$^Lm?Nm1bybPcvuO0Fv-T==2U8&O;o>*fN^>kLh;pr>w_@!EZ=izlxxry7tKuJD80W~Wc5(hT*t@9wF1 zAJPP<#|8cN!7b;xd6XLsCM$5mu`E|eupktjS|v0jC?>I&=l1GC-aLqwuez@b$lkF* zkP>gE)+BK$DoM#u6RIW4)N~?QDu8S%z<0Hw zc#X}M{_Z1QE_1`7zYJEn0FI0v;2z_XS@AmwHY3MmEH6lWK>s!g)Zi6zlHg(Qe92SH zM7eD|WK&`=(x72^c-`{sj%BS>k!xVJT;dTp_>i@=)EQ3GXM`)tJ53-H zG%R|Y+D`LWPP3cUm?ZPv)M@&-1@`uYR$tcndc#xYU@zz-j4@y`qVcOHqHu+2qcprk zxab>*j?Cxw7W*V#t?4XdL|UZz{3Y!N9$_1O+RX#kJ>zY>)?syYti{y{@ZbRnx}$My zR=eb}GlZfR$N%FDEd)~MVbM?5Uzj2d$7S_Fs=Ne_YS_hPDDu8k1C- zW;k4~~rceLrlMevQ4{gbkAm?rO)Y)Zf z_z{pMjw5)}oX$s*oZ0#B#UjN+FAU~qe62yqjpg)O7}!!LYjWTHj813R6YK|cEgHkf zZ&~iFg=?hT(`j#Sr#sVhu#dL|)Y|py*S84mYac6QyM+4vg@qtzXG1ot!9v~x=-rtj z^`2}MHor1dpzd@bM}Qq~T^dUg6&}f+b4ARycR_wo@?E8*T$Q|e?G$@$1vFWV8}mT; z@3|h4u5Mw9=-dYTDdqIh>Yj%_8|^AI3Yx0ASpSqe&@uNNwD$%g`vMnnBw?}1+wZd3 z)3g{N0a0i{E;DJEV70izW`h(MFuVP*+X8Zofd~aVRF+GdygJzVy_mpty^c7jlxpKp^G9f1RW3cY* zOTky~HdSshf+%pyb~Yy5>bu8&QUy)pqe`>4F{@3}gEAiySSTewSN!AWhPNzSDk>_~ zdz8wZM&(de9-vBu!*JPZUW6MN3qf?}kq(5rCny155>cjSkHG4q1jx`eo?(|oa~?7V zqNFyO{TGfWVeBd$r=$)0qgG;m37JbQ|kA4j^Eu1=%r&ymG3FSh~wuy? zcU>m_-nUSE#ZYZGJVQz*=j&we8NtfUpR=c`?z(8bZ37L>*V}{+z8`1UngrWVE8~*Y<3y`y!aoeJS(MR^i4FywE)2(vsTHOsi zQVYKyPpp#G>!1yVRK6}HOvW3ZFTvptEod>3n#j(s6?Nue330uUiqpBuDzn6wBuTs; znzW!drqXbZO^qXtS!Z^Kf+%#L^PX&wxy|He^6Ex=Yxck;8F-daTX2|+2zXsDTTs`% z)0teJ$w~(EqqIzyJv`G^UE4H+>X+K~S^(3l*A_DNeBo-9iaB@c(`SFUW)(bgw9@WI zc0O=TtYGdK4`niDw(v8QmAp@i zT+jilCPU3GD0eI-lgESz24)(6Qur)7<1y3z-R~#<mPv*)IlEZYF*Rxm#NqTFe!~OLjoyj*ObOC$>?VK#)!AP7mM})B{$ba zgPU~Om%Se38!ZFaF@0z2Dwlpj=eI+b~RXecW zZ4DXeY0tkwO++1j_QI&K(I?*0&YPUaMzP?PaM_k&W`L=N$otaFX$v7+(+#oa{&n-p zPRV?(tV5_Ib^Z)#%x(5v7y4+Aj^3S&alkPWWpvSn`VlI1vp^)!fyY+{nmj;yL)%uG zEQZsIcdUp>$nViV{4K-2WVJ+(t>cn?DeVuN;hFBt%1RLyg2VbB?7Dh*5ZxuFUucjd zQEoSlo@D~wJqu$-JBY2NaYRX3s#rH#bMZ?Wepk}6ytjVzs^OoK?LDJj{)5sK8J-e) z{q#8MlzEJBdRWiQ7l|Z-G&Vu3R2l5;lJk<*T{jyhEGh^&``(9OH9ebDySBSs)mwD9 zN{3j@>t$+Y!+e_ZD;R@;gwAYvH5txqcH9f4q1_cB_$;_(BD5LS17doqmf0|$Ld>7 z>|C{t|LG?T{H40N%C9pQ_}~9~#Q%RWQ1E}*Wt(IiwDh>WbPQWB~R z-y4wV`rPDBHS&R=1Db`Cul&RppV6KHcokotd+f&B(+|YtO{#A3`AVn7?0Nr{I<2pk zbxH3g{HGK>i+We;4%8K*RdIJO0qPS_?zIEe24rPrw=!?o?S~=N_VFLZG^Kp}dir$W z>>=mdT6A<><9Z+DB1aRSD74TK7Z!}=WsrlInoeb=4{k9rN%(3T(UK{{yoqk7^BVgg zl}S$%z5a9Uxup>n-90sv_UxpazWv$*dNs?xZIr&r?)j9xVcK4iz_hpg8;!_N23*Ag zH7~AGPWDyM7~JZ?DgM^e4|Xz~5e`KTK?PRQbib_+Ycu_L1Nc`CIoICxhGc{DJ|2If Ns-*d#P~q{5{|BdR=??$^ From 1d215a56e3884c52883d8621cd52f48e18ff5d7d Mon Sep 17 00:00:00 2001 From: owais-rehman Date: Thu, 19 Dec 2024 16:46:54 +0500 Subject: [PATCH 06/18] updated theme_override --- theme_override/mkdocs.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/theme_override/mkdocs.yml b/theme_override/mkdocs.yml index 0052b87e..bcf88839 100644 --- a/theme_override/mkdocs.yml +++ b/theme_override/mkdocs.yml @@ -54,6 +54,10 @@ nav: - For Administrators: - for-administrators/overview.md - for-administrators/user-stories.md + - How-to guides: + - for-administrators/how-to-guides/certificate-management/tls-certs.md + - Explanation: + - for-administrators/explanation/number-of-clusters.md - Plan your environment: - for-administrators/plan-your-environment/sizing.md - Secure your cluster: @@ -75,8 +79,6 @@ nav: - for-administrators/cluster-lifecycle/hibernate-your-cluster.md - Help: - for-administrators/help/faq.md - - Explanation: - - for-administrators/explanation/number-of-clusters.md - For DevOps Engineers: - for-devops-engineers/overview.md - Explanation: From eb611413901e7e69937347f9c66b88d6e6ca4050 Mon Sep 17 00:00:00 2001 From: owais-rehman Date: Tue, 24 Dec 2024 16:48:41 +0500 Subject: [PATCH 07/18] Updated docs accordingly --- .../certificate-management/tls-certs.md | 60 +++++++++++++------ 1 file changed, 43 insertions(+), 17 deletions(-) diff --git a/content/for-administrators/how-to-guides/certificate-management/tls-certs.md b/content/for-administrators/how-to-guides/certificate-management/tls-certs.md index f976a7dd..666d15bb 100644 --- a/content/for-administrators/how-to-guides/certificate-management/tls-certs.md +++ b/content/for-administrators/how-to-guides/certificate-management/tls-certs.md @@ -9,7 +9,7 @@ Here `` correspond to the cluster where you want to deploy this. - ## Template - This resource is reponsible for keeping a record (template) or underlying resources (YAML files) that needs to be deployed to tenant namespaces. + This resource is reponsible for keeping a record (template) or underlying reexternal-dns.alpha.kubernetes.io/hostnamesources (YAML files) that needs to be deployed to tenant namespaces. Given below is an example of template with underlying resources that is required for setting up TLS certificate: ```YAML @@ -55,27 +55,14 @@ Here `` correspond to the cluster where you want to deploy this. apiTokenSecretRef: name: certificate-creds key: api-token - - apiVersion: cert-manager.io/v1 - kind: Certificate - metadata: - name: tls-certificate - spec: - secretName: tls-secret - dnsNames: - - example.com - issuerRef: - name: letsencrypt-cloudflare - kind: Issuer ``` - There are 3 resources `ExternalSecret`, `Issuer` and `Certificate` that are getting deployed from this template. Brief explanation about why we need these resources are needed is given below: + There are 2 resources `ExternalSecret`and `Issuer` that are getting deployed from this template. Brief explanation about why we need these resources are needed is given below: `ExternalSecret`: This is needed to pull `api-token` key from secret provider which in this case is Vault. This is an API-Token from DNS provider (which in present case is Cloudflare). This API-Token will be used by Certificate Authority to validate the authenticity of domains being registered. This secret will be referenced when creating issuer. `Issuer`: This is a cert-manager related resource and is responsible for setting up initial configuration against which TLS certificate will get generated. This issuer uses [`LetsEncrypt`](https://letsencrypt.org/) as certificate authority by setting one of its server's URL as value for `.spec.acme.server`. There is also a need for setting a value for `.spec.acme.email` which contains a valid email. This email will be a point of reference for `LetsEncrypt` to share any updates about certificate's lifecycle. This resource make a reference to secret in `.spec.acme.solvers.dns01.cloudflare.apiTokenSecretRef` that we created using `ExternalSecret`. In present case we are setting up for Cloudflare, so there is a reference to that in Issuer resource. - `Certificate`: This is the actual resource that will create TLS certificate for a particular domain referenced in `.spec.dnsNames`. This resource makes a reference to `Issuer` that is created earlier in `.spec.issuerRef`. - - ## Template Group Instance This YAML file deploys resources in cluster by making a reference to different templates similar to one that we discussed above. Apart from this we can also specify different namespaces where these resources should be deployed. Given below is an example in this regard: @@ -97,8 +84,47 @@ Here `` correspond to the cluster where you want to deploy this. In `.spec.template`, we are specifying the name of the template that we created previously. In `.spec.selector` we need to specify namespaces where these resources would be deployed based on labels that are assigned to these namespaces. In present case, this will be deployed to all the namespaces which has `stakater.com/kind` as label key and `sandbox` or `dev` as its value. -1. Commit, push and then merge to `main` branch. In few minutes ArgoCD will deploy these resources to relevant namespaces. -1. To verify whether resources are deployed correctly and working fine in cluster, you can go cluster console and select `Administrator` view and click `Home > Search`. Select a particular namespace and then search for `Certificate` in `Resources` dropdown as show below: +Commit, push and then merge to `main` branch. In few minutes ArgoCD will deploy these resources to relevant namespaces. + +# Deploying Ingress +By this point initial configuration is setup. As a next step, we need to deploy an [`Ingress`](https://kubernetes.io/docs/concepts/services-networking/ingress/#the-ingress-resource) network resource which will be responsible for exposing your application to internet over a specific domain. It is assumed at this point that you've already setup Leader Helm Chart for your application. We need to add following snippet to `values.yaml` for this chart. Leader chart will use these values to deploy ingress resource in your current namespace. + +```YAML +application: + applicationName: + ingress: + enabled: true + annotations: + cert-manager.io/issuer: "letsencrypt-cloudflare" # Reference your Issuer or ClusterIssuer + cert-manager.io/acme-challenge-type: http01 # Use HTTP-01 challenge + external-dns.alpha.kubernetes.io/hostname: + hosts: + - host: + paths: + - path: / + pathType: Prefix + serviceName: + servicePort: "http" + tls: + - secretName: + hosts: + - +``` + + In snippet above there are few details of importance. As a prerequisite, it is highly recommended to go through [`Kubernetes Ingress Resource`](https://kubernetes.io/docs/concepts/services-networking/ingress/#the-ingress-resource) to avoid any misconfiguration. + `application.ingress.annotations` contains few annotations that are crucial for instructing `cert-manager` to generate certificate and `external-dns` to register DNS name for this ingress. + + `cert-manager.io/issuer`: tells `cert-manager` to use specified issuer for generating TLS certificate. Its value should refer to the `Issuer` that you created earlier. + + `cert-manager.io/acme-challenge-type`: is an annotation specific to `cert-manager` that creates a challenge for `cert-manager` to resolve. More information about challenge can be found [`here`.](https://cert-manager.io/docs/configuration/acme/#solving-challenges) + + `external-dns.alpha.kubernetes.io/hostname`: value of this annotation is used to register DNS record with DNS provider that we configured in `Issuer`. + +1. To verify whether resources are deployed correctly and working fine in cluster, you can go to `Networking > Ingresses` tab to see whether ingress is available. +1. Furthermore, you can go cluster console and select `Administrator` view and click `Home > Search`. Select a particular namespace and then search for `Certificate` in `Resources` dropdown as show below: ![OpenShift Console](images/console.png) 1. Select the certificate that is deployed in this namespace and scroll to bottom to `Condition` section. There you'll see a message that certificate is up-to-date as shown below: ![Certificate Details](images/certificate-details.png) + +!!! note + If certificate is showing a different status wait for couple of minutes. Its highly probable that `cert-manager` takes few minutes to generate certificate for this domain. \ No newline at end of file From 3ee6de6a968c69934c1f3447e229432c071d725d Mon Sep 17 00:00:00 2001 From: owais-rehman Date: Tue, 24 Dec 2024 16:51:45 +0500 Subject: [PATCH 08/18] markdown lint --- .../how-to-guides/certificate-management/tls-certs.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/content/for-administrators/how-to-guides/certificate-management/tls-certs.md b/content/for-administrators/how-to-guides/certificate-management/tls-certs.md index 666d15bb..95628728 100644 --- a/content/for-administrators/how-to-guides/certificate-management/tls-certs.md +++ b/content/for-administrators/how-to-guides/certificate-management/tls-certs.md @@ -86,7 +86,8 @@ Here `` correspond to the cluster where you want to deploy this. Commit, push and then merge to `main` branch. In few minutes ArgoCD will deploy these resources to relevant namespaces. -# Deploying Ingress +## Deploying Ingress + By this point initial configuration is setup. As a next step, we need to deploy an [`Ingress`](https://kubernetes.io/docs/concepts/services-networking/ingress/#the-ingress-resource) network resource which will be responsible for exposing your application to internet over a specific domain. It is assumed at this point that you've already setup Leader Helm Chart for your application. We need to add following snippet to `values.yaml` for this chart. Leader chart will use these values to deploy ingress resource in your current namespace. ```YAML @@ -116,7 +117,7 @@ application: `cert-manager.io/issuer`: tells `cert-manager` to use specified issuer for generating TLS certificate. Its value should refer to the `Issuer` that you created earlier. - `cert-manager.io/acme-challenge-type`: is an annotation specific to `cert-manager` that creates a challenge for `cert-manager` to resolve. More information about challenge can be found [`here`.](https://cert-manager.io/docs/configuration/acme/#solving-challenges) + `cert-manager.io/acme-challenge-type`: is an annotation specific to `cert-manager` that creates a challenge for `cert-manager` to resolve. More information about challenge can be found [`here`.](https://cert-manager.io/docs/configuration/acme/#solving-challenges) `external-dns.alpha.kubernetes.io/hostname`: value of this annotation is used to register DNS record with DNS provider that we configured in `Issuer`. @@ -127,4 +128,4 @@ application: ![Certificate Details](images/certificate-details.png) !!! note - If certificate is showing a different status wait for couple of minutes. Its highly probable that `cert-manager` takes few minutes to generate certificate for this domain. \ No newline at end of file + If certificate is showing a different status wait for couple of minutes. Its highly probable that `cert-manager` takes few minutes to generate certificate for this domain. From 32a0ec8cdc846334c20ac374227b5b7fba3ef598 Mon Sep 17 00:00:00 2001 From: owais-rehman Date: Tue, 24 Dec 2024 16:56:26 +0500 Subject: [PATCH 09/18] minor corrections --- .../certificate-management/tls-certs.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/content/for-administrators/how-to-guides/certificate-management/tls-certs.md b/content/for-administrators/how-to-guides/certificate-management/tls-certs.md index 95628728..15ba5bbc 100644 --- a/content/for-administrators/how-to-guides/certificate-management/tls-certs.md +++ b/content/for-administrators/how-to-guides/certificate-management/tls-certs.md @@ -59,7 +59,7 @@ Here `` correspond to the cluster where you want to deploy this. There are 2 resources `ExternalSecret`and `Issuer` that are getting deployed from this template. Brief explanation about why we need these resources are needed is given below: - `ExternalSecret`: This is needed to pull `api-token` key from secret provider which in this case is Vault. This is an API-Token from DNS provider (which in present case is Cloudflare). This API-Token will be used by Certificate Authority to validate the authenticity of domains being registered. This secret will be referenced when creating issuer. + `ExternalSecret`: This is needed to pull `api-token` key from secret provider which in this case is Vault. This is an API-Token from DNS provider (which in present case is Cloudflare). This API-Token will be used by Certificate Authority to validate the authenticity of DNS name being registered. This secret will be referenced when creating issuer. `Issuer`: This is a cert-manager related resource and is responsible for setting up initial configuration against which TLS certificate will get generated. This issuer uses [`LetsEncrypt`](https://letsencrypt.org/) as certificate authority by setting one of its server's URL as value for `.spec.acme.server`. There is also a need for setting a value for `.spec.acme.email` which contains a valid email. This email will be a point of reference for `LetsEncrypt` to share any updates about certificate's lifecycle. This resource make a reference to secret in `.spec.acme.solvers.dns01.cloudflare.apiTokenSecretRef` that we created using `ExternalSecret`. In present case we are setting up for Cloudflare, so there is a reference to that in Issuer resource. @@ -88,7 +88,7 @@ Commit, push and then merge to `main` branch. In few minutes ArgoCD will deploy ## Deploying Ingress -By this point initial configuration is setup. As a next step, we need to deploy an [`Ingress`](https://kubernetes.io/docs/concepts/services-networking/ingress/#the-ingress-resource) network resource which will be responsible for exposing your application to internet over a specific domain. It is assumed at this point that you've already setup Leader Helm Chart for your application. We need to add following snippet to `values.yaml` for this chart. Leader chart will use these values to deploy ingress resource in your current namespace. +By this point initial configuration is setup. As a next step, we need to deploy an [`Ingress`](https://kubernetes.io/docs/concepts/services-networking/ingress/#the-ingress-resource) network resource which will be responsible for exposing your application to internet over a specific DNS name. It is assumed at this point that you've already setup Leader Helm Chart for your application. We need to add following snippet to `values.yaml` for this chart. Leader chart will use these values to deploy ingress resource in your current namespace. ```YAML application: @@ -98,9 +98,9 @@ application: annotations: cert-manager.io/issuer: "letsencrypt-cloudflare" # Reference your Issuer or ClusterIssuer cert-manager.io/acme-challenge-type: http01 # Use HTTP-01 challenge - external-dns.alpha.kubernetes.io/hostname: + external-dns.alpha.kubernetes.io/hostname: hosts: - - host: + - host: paths: - path: / pathType: Prefix @@ -109,7 +109,7 @@ application: tls: - secretName: hosts: - - + - ``` In snippet above there are few details of importance. As a prerequisite, it is highly recommended to go through [`Kubernetes Ingress Resource`](https://kubernetes.io/docs/concepts/services-networking/ingress/#the-ingress-resource) to avoid any misconfiguration. @@ -128,4 +128,4 @@ application: ![Certificate Details](images/certificate-details.png) !!! note - If certificate is showing a different status wait for couple of minutes. Its highly probable that `cert-manager` takes few minutes to generate certificate for this domain. + If certificate is showing a different status wait for a couple of minutes. Its highly probable that `cert-manager` takes few minutes to generate certificate for this ingress. From 1e16bcfa11c29d8af950da13ca2ebd8a8a6f0658 Mon Sep 17 00:00:00 2001 From: owais-rehman Date: Tue, 24 Dec 2024 18:21:22 +0500 Subject: [PATCH 10/18] Updated docs --- .../certificate-management/tls-certs.md | 258 ++++++++++-------- 1 file changed, 146 insertions(+), 112 deletions(-) diff --git a/content/for-administrators/how-to-guides/certificate-management/tls-certs.md b/content/for-administrators/how-to-guides/certificate-management/tls-certs.md index 15ba5bbc..9e86712c 100644 --- a/content/for-administrators/how-to-guides/certificate-management/tls-certs.md +++ b/content/for-administrators/how-to-guides/certificate-management/tls-certs.md @@ -1,131 +1,165 @@ -# Configuring TLS certificates using Infra GitOps - -This document will explain a step-by-step approach of configuring TLS certificates for different tenants using Infra GitOps. - -1. First step is to navigate to correct path inside your Infra GitOps repository. For this example we are using following path: -`/tenant-operator-config/templates/` -Here `` correspond to the cluster where you want to deploy this. -1. In this directory we need to create 2 resources [`Template`](https://docs.stakater.com/mto/main/crds-api-reference/template.html) and [`TemplateGroupInstance`](https://docs.stakater.com/mto/main/crds-api-reference/template-group-instance.html). A detailed explanation about why each resource is needed and what are the contents of each resource is given below: - -- ## Template - - This resource is reponsible for keeping a record (template) or underlying reexternal-dns.alpha.kubernetes.io/hostnamesources (YAML files) that needs to be deployed to tenant namespaces. - Given below is an example of template with underlying resources that is required for setting up TLS certificate: - - ```YAML - apiVersion: tenantoperator.stakater.com/v1alpha1 - kind: Template - metadata: - name: certificate-creds - resources: - manifests: - - apiVersion: external-secrets.io/v1beta1 - kind: ExternalSecret - metadata: - name: certificate-creds - spec: - secretStoreRef: - kind: ClusterSecretStore - name: shared-cluster-secret-store - refreshInterval: "1m0s" - target: - name: certificate-creds - creationPolicy: 'Owner' - template: - data: - api-token: "{{ .api-token | b64enc }}" - data: - - secretKey: api-token - remoteRef: - key: certificate-creds - property: api-token - - apiVersion: cert-manager.io/v1 - kind: Issuer - metadata: - name: letsencrypt-cloudflare - spec: - acme: - email: - server: https://acme-v02.api.letsencrypt.org/directory - privateKeySecretRef: - name: letsencrypt-account-key - solvers: - - dns01: - cloudflare: - apiTokenSecretRef: - name: certificate-creds - key: api-token - ``` - - There are 2 resources `ExternalSecret`and `Issuer` that are getting deployed from this template. Brief explanation about why we need these resources are needed is given below: - - `ExternalSecret`: This is needed to pull `api-token` key from secret provider which in this case is Vault. This is an API-Token from DNS provider (which in present case is Cloudflare). This API-Token will be used by Certificate Authority to validate the authenticity of DNS name being registered. This secret will be referenced when creating issuer. - - `Issuer`: This is a cert-manager related resource and is responsible for setting up initial configuration against which TLS certificate will get generated. This issuer uses [`LetsEncrypt`](https://letsencrypt.org/) as certificate authority by setting one of its server's URL as value for `.spec.acme.server`. There is also a need for setting a value for `.spec.acme.email` which contains a valid email. This email will be a point of reference for `LetsEncrypt` to share any updates about certificate's lifecycle. This resource make a reference to secret in `.spec.acme.solvers.dns01.cloudflare.apiTokenSecretRef` that we created using `ExternalSecret`. In present case we are setting up for Cloudflare, so there is a reference to that in Issuer resource. - -- ## Template Group Instance - - This YAML file deploys resources in cluster by making a reference to different templates similar to one that we discussed above. Apart from this we can also specify different namespaces where these resources should be deployed. Given below is an example in this regard: - - ```YAML - apiVersion: tenantoperator.stakater.com/v1alpha1 - kind: TemplateGroupInstance - metadata: - name: certificate-creds - spec: - template: certificate-creds - selector: - matchExpressions: - - key: stakater.com/kind - operator: In - values: [ sandbox, dev ] - sync: true - ``` - - In `.spec.template`, we are specifying the name of the template that we created previously. In `.spec.selector` we need to specify namespaces where these resources would be deployed based on labels that are assigned to these namespaces. In present case, this will be deployed to all the namespaces which has `stakater.com/kind` as label key and `sandbox` or `dev` as its value. - -Commit, push and then merge to `main` branch. In few minutes ArgoCD will deploy these resources to relevant namespaces. - -## Deploying Ingress - -By this point initial configuration is setup. As a next step, we need to deploy an [`Ingress`](https://kubernetes.io/docs/concepts/services-networking/ingress/#the-ingress-resource) network resource which will be responsible for exposing your application to internet over a specific DNS name. It is assumed at this point that you've already setup Leader Helm Chart for your application. We need to add following snippet to `values.yaml` for this chart. Leader chart will use these values to deploy ingress resource in your current namespace. - -```YAML +# Configuring TLS Certificates Using Infra GitOps + +This document provides a step-by-step guide to configure TLS certificates for different tenants using Infra GitOps. + +## Step 1: Navigate to the Target Path + +Navigate to the appropriate path in your Infra GitOps repository. For this example, the path is: + +```plaintext +/tenant-operator-config/templates/ +``` + +Here, `` corresponds to the cluster where the deployment will occur. + +## Step 2: Create Required Resources + +In this directory, create the following resources: + +- [`Template`](https://docs.stakater.com/mto/main/crds-api-reference/template.html) +- [`TemplateGroupInstance`](https://docs.stakater.com/mto/main/crds-api-reference/template-group-instance.html) + +### Template + +The `Template` resource defines the underlying YAML files to be deployed to tenant namespaces. Below is an example template for setting up a TLS certificate: + +```yaml +apiVersion: tenantoperator.stakater.com/v1alpha1 +kind: Template +metadata: + name: certificate-creds +resources: + manifests: + - apiVersion: external-secrets.io/v1beta1 + kind: ExternalSecret + metadata: + name: certificate-creds + spec: + secretStoreRef: + kind: ClusterSecretStore + name: shared-cluster-secret-store + refreshInterval: "1m0s" + target: + name: certificate-creds + creationPolicy: 'Owner' + template: + data: + api-token: "{{ .api-token | b64enc }}" + data: + - secretKey: api-token + remoteRef: + key: certificate-creds + property: api-token + - apiVersion: cert-manager.io/v1 + kind: Issuer + metadata: + name: letsencrypt-cloudflare + spec: + acme: + email: + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt-account-key + solvers: + - dns01: + cloudflare: + apiTokenSecretRef: + name: certificate-creds + key: api-token +``` + +#### Explanation of Resources + +1. **`ExternalSecret`**: + - Retrieves the `api-token` from the secret provider (Vault). + - The `api-token` authenticates the DNS provider (e.g., Cloudflare) for certificate validation. + +1. **`Issuer`**: + - Configures Cert-Manager to generate TLS certificates using [Let’s Encrypt](https://letsencrypt.org/). + - Requires: + - `.spec.acme.email`: Email address for certificate lifecycle updates. + - `.spec.acme.solvers.dns01.cloudflare.apiTokenSecretRef`: Reference to the `ExternalSecret` created earlier. + +### TemplateGroupInstance + +The `TemplateGroupInstance` deploys resources by referencing the created templates and specifying target namespaces. Example: + +```yaml +apiVersion: tenantoperator.stakater.com/v1alpha1 +kind: TemplateGroupInstance +metadata: + name: certificate-creds +spec: + template: certificate-creds + selector: + matchExpressions: + - key: stakater.com/kind + operator: In + values: [sandbox, dev] + sync: true +``` + +#### Key Fields + +- **`.spec.template`**: References the `Template` resource. +- **`.spec.selector`**: Specifies namespaces to deploy resources based on label expressions. + - In this example, resources are deployed to tenant namespaces with the label `stakater.com/kind` having values `sandbox` or `dev`. + +Commit, push, and merge these changes to the `main` branch. ArgoCD will deploy the resources to the specified namespaces within a few minutes. + +## Step 3: Deploy Ingress + +With the initial configuration in place, deploy an [`Ingress`](https://kubernetes.io/docs/concepts/services-networking/ingress/#the-ingress-resource) resource to expose your application to the internet over a specific hostname name. + +### Update `values.yaml` + +Update the `values.yaml` file of your application’s Helm chart with the following snippet: + +```yaml application: applicationName: ingress: enabled: true annotations: - cert-manager.io/issuer: "letsencrypt-cloudflare" # Reference your Issuer or ClusterIssuer - cert-manager.io/acme-challenge-type: http01 # Use HTTP-01 challenge - external-dns.alpha.kubernetes.io/hostname: + cert-manager.io/issuer: "letsencrypt-cloudflare" # Reference the Issuer or ClusterIssuer + cert-manager.io/acme-challenge-type: http01 # Use HTTP-01 challenge + external-dns.alpha.kubernetes.io/hostname: hosts: - - host: + - host: paths: - path: / pathType: Prefix - serviceName: + serviceName: servicePort: "http" tls: - - secretName: - hosts: - - + - secretName: + hosts: + - ``` - In snippet above there are few details of importance. As a prerequisite, it is highly recommended to go through [`Kubernetes Ingress Resource`](https://kubernetes.io/docs/concepts/services-networking/ingress/#the-ingress-resource) to avoid any misconfiguration. - `application.ingress.annotations` contains few annotations that are crucial for instructing `cert-manager` to generate certificate and `external-dns` to register DNS name for this ingress. - - `cert-manager.io/issuer`: tells `cert-manager` to use specified issuer for generating TLS certificate. Its value should refer to the `Issuer` that you created earlier. +#### Important Details - `cert-manager.io/acme-challenge-type`: is an annotation specific to `cert-manager` that creates a challenge for `cert-manager` to resolve. More information about challenge can be found [`here`.](https://cert-manager.io/docs/configuration/acme/#solving-challenges) +- **Annotations**: + - `cert-manager.io/issuer`: Specifies the Issuer to generate TLS certificates. + - `cert-manager.io/acme-challenge-type`: Configures Cert-Manager to solve the ACME challenge. [Learn more](https://cert-manager.io/docs/configuration/acme/#solving-challenges). + - `external-dns.alpha.kubernetes.io/hostname`: Registers the DNS record with the configured provider. - `external-dns.alpha.kubernetes.io/hostname`: value of this annotation is used to register DNS record with DNS provider that we configured in `Issuer`. +- **TLS Configuration**: + - `secretName`: Name of the secret where the TLS certificate will be stored. + +### Verify Deployment + +1. Check the `Networking > Ingresses` tab in the cluster console to ensure the ingress resource is available. +1. In the cluster console, switch to `Administrator` view and navigate to `Home > Search`. +1. Select the namespace and search for `Certificate` in the `Resources` dropdown. +1. Inspect the deployed certificate. In the `Condition` section, confirm that the certificate is up-to-date. -1. To verify whether resources are deployed correctly and working fine in cluster, you can go to `Networking > Ingresses` tab to see whether ingress is available. -1. Furthermore, you can go cluster console and select `Administrator` view and click `Home > Search`. Select a particular namespace and then search for `Certificate` in `Resources` dropdown as show below: ![OpenShift Console](images/console.png) -1. Select the certificate that is deployed in this namespace and scroll to bottom to `Condition` section. There you'll see a message that certificate is up-to-date as shown below: + ![Certificate Details](images/certificate-details.png) -!!! note - If certificate is showing a different status wait for a couple of minutes. Its highly probable that `cert-manager` takes few minutes to generate certificate for this ingress. +> **Note** +> If the certificate status is not updated, wait a few minutes as Cert-Manager may take time to generate the certificate. + +By following these steps, you can effectively configure TLS certificates using Infra GitOps. + From 9ae30c98d1b5dbcc50cf8dbc996212a9627e823a Mon Sep 17 00:00:00 2001 From: owais-rehman Date: Tue, 24 Dec 2024 18:23:43 +0500 Subject: [PATCH 11/18] markdown lint --- .../how-to-guides/certificate-management/tls-certs.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/content/for-administrators/how-to-guides/certificate-management/tls-certs.md b/content/for-administrators/how-to-guides/certificate-management/tls-certs.md index 9e86712c..058626d8 100644 --- a/content/for-administrators/how-to-guides/certificate-management/tls-certs.md +++ b/content/for-administrators/how-to-guides/certificate-management/tls-certs.md @@ -103,7 +103,7 @@ spec: - **`.spec.template`**: References the `Template` resource. - **`.spec.selector`**: Specifies namespaces to deploy resources based on label expressions. - - In this example, resources are deployed to tenant namespaces with the label `stakater.com/kind` having values `sandbox` or `dev`. + - In this example, resources are deployed to tenant namespaces with the label `stakater.com/kind` having values `sandbox` or `dev`. Commit, push, and merge these changes to the `main` branch. ArgoCD will deploy the resources to the specified namespaces within a few minutes. @@ -140,12 +140,12 @@ application: #### Important Details - **Annotations**: - - `cert-manager.io/issuer`: Specifies the Issuer to generate TLS certificates. - - `cert-manager.io/acme-challenge-type`: Configures Cert-Manager to solve the ACME challenge. [Learn more](https://cert-manager.io/docs/configuration/acme/#solving-challenges). - - `external-dns.alpha.kubernetes.io/hostname`: Registers the DNS record with the configured provider. + - `cert-manager.io/issuer`: Specifies the Issuer to generate TLS certificates. + - `cert-manager.io/acme-challenge-type`: Configures Cert-Manager to solve the ACME challenge. [Learn more](https://cert-manager.io/docs/configuration/acme/#solving-challenges). + - `external-dns.alpha.kubernetes.io/hostname`: Registers the DNS record with the configured provider. - **TLS Configuration**: - - `secretName`: Name of the secret where the TLS certificate will be stored. + - `secretName`: Name of the secret where the TLS certificate will be stored. ### Verify Deployment @@ -162,4 +162,3 @@ application: > If the certificate status is not updated, wait a few minutes as Cert-Manager may take time to generate the certificate. By following these steps, you can effectively configure TLS certificates using Infra GitOps. - From 820c0beb6b27728a74f1a848703e79b6f1e15a04 Mon Sep 17 00:00:00 2001 From: owais-rehman Date: Tue, 24 Dec 2024 18:26:27 +0500 Subject: [PATCH 12/18] minor change --- .../how-to-guides/certificate-management/tls-certs.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/content/for-administrators/how-to-guides/certificate-management/tls-certs.md b/content/for-administrators/how-to-guides/certificate-management/tls-certs.md index 058626d8..9e271acb 100644 --- a/content/for-administrators/how-to-guides/certificate-management/tls-certs.md +++ b/content/for-administrators/how-to-guides/certificate-management/tls-certs.md @@ -158,7 +158,5 @@ application: ![Certificate Details](images/certificate-details.png) -> **Note** -> If the certificate status is not updated, wait a few minutes as Cert-Manager may take time to generate the certificate. - -By following these steps, you can effectively configure TLS certificates using Infra GitOps. +!!! note + If the certificate status is not updated, wait a few minutes as Cert-Manager may take time to generate the certificate. From 133b16fc197ff3627fe1e9e507c3b43b2cee5de1 Mon Sep 17 00:00:00 2001 From: owais-rehman Date: Mon, 30 Dec 2024 17:30:15 +0500 Subject: [PATCH 13/18] updated docs according to new implementation --- .../certificate-management/tls-certs.md | 80 +++++++------------ .../expose-applications-to-internet.md | 52 ++++++++++++ 2 files changed, 83 insertions(+), 49 deletions(-) create mode 100644 content/for-developers/how-to-guides/expose-applications-to-internet/expose-applications-to-internet.md diff --git a/content/for-administrators/how-to-guides/certificate-management/tls-certs.md b/content/for-administrators/how-to-guides/certificate-management/tls-certs.md index 9e271acb..8257c85d 100644 --- a/content/for-administrators/how-to-guides/certificate-management/tls-certs.md +++ b/content/for-administrators/how-to-guides/certificate-management/tls-certs.md @@ -1,18 +1,24 @@ -# Configuring TLS Certificates Using Infra GitOps +# Configuring TLS Certificates and External DNS -This document provides a step-by-step guide to configure TLS certificates for different tenants using Infra GitOps. +This document provides a step-by-step guide to configure TLS certificates and External DNS for different tenants. -## Step 1: Navigate to the Target Path +## Step 1: Setup DNS creds in Vault + +Go to `common-shared-secret` path in Vault and create a secret `external-dns-creds`. This secret mainly have credentials for authenticating with DNS provider (in present case `Cloudflare`) and should contain following fields: + +- `api-token (required)`: API token generated from DNS provider being used. In case of Cloudflare, it should have `DNS:Edit` and `Zone:Read` access. +- `domain-filter (optional)`: This field should contain base domain that becomes base for registering further subdomains. For example: `example.com`. +- `zone-id-filter (optional)`: In case of Cloudflare, if you want to give more restrictive access of only few zones to this token, then this field should contain these zone ids. + +## Step 2: Navigate to the Target Path Navigate to the appropriate path in your Infra GitOps repository. For this example, the path is: ```plaintext -/tenant-operator-config/templates/ +/tenant-operator-config/templates/ ``` -Here, `` corresponds to the cluster where the deployment will occur. - -## Step 2: Create Required Resources +## Step 3: Create Required Resources In this directory, create the following resources: @@ -61,11 +67,22 @@ resources: privateKeySecretRef: name: letsencrypt-account-key solvers: - - dns01: + - http01: cloudflare: apiTokenSecretRef: name: certificate-creds key: api-token + - apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + name: tls-certificate + spec: + secretName: tls-certificate-secret + dnsNames: + - + issuerRef: + name: + kind: Issuer ``` #### Explanation of Resources @@ -80,6 +97,12 @@ resources: - `.spec.acme.email`: Email address for certificate lifecycle updates. - `.spec.acme.solvers.dns01.cloudflare.apiTokenSecretRef`: Reference to the `ExternalSecret` created earlier. +1. **`Certificate`**: + - Instruct Cert-Manager to generate TLS certificates for specific DNS entries. + - Requires: + - `.spec.dnsNames`: DNS name for which this certificate will be valid. It can also contain wildcard names like `*.example.com` or specific names like `api.example.com`. + - `.spec.issuerRef.name`: Name of the issuer that this certificate will reference. We have created this issuer in previous steps. + ### TemplateGroupInstance The `TemplateGroupInstance` deploys resources by referencing the created templates and specifying target namespaces. Example: @@ -107,49 +130,8 @@ spec: Commit, push, and merge these changes to the `main` branch. ArgoCD will deploy the resources to the specified namespaces within a few minutes. -## Step 3: Deploy Ingress - -With the initial configuration in place, deploy an [`Ingress`](https://kubernetes.io/docs/concepts/services-networking/ingress/#the-ingress-resource) resource to expose your application to the internet over a specific hostname name. - -### Update `values.yaml` - -Update the `values.yaml` file of your application’s Helm chart with the following snippet: - -```yaml -application: - applicationName: - ingress: - enabled: true - annotations: - cert-manager.io/issuer: "letsencrypt-cloudflare" # Reference the Issuer or ClusterIssuer - cert-manager.io/acme-challenge-type: http01 # Use HTTP-01 challenge - external-dns.alpha.kubernetes.io/hostname: - hosts: - - host: - paths: - - path: / - pathType: Prefix - serviceName: - servicePort: "http" - tls: - - secretName: - hosts: - - -``` - -#### Important Details - -- **Annotations**: - - `cert-manager.io/issuer`: Specifies the Issuer to generate TLS certificates. - - `cert-manager.io/acme-challenge-type`: Configures Cert-Manager to solve the ACME challenge. [Learn more](https://cert-manager.io/docs/configuration/acme/#solving-challenges). - - `external-dns.alpha.kubernetes.io/hostname`: Registers the DNS record with the configured provider. - -- **TLS Configuration**: - - `secretName`: Name of the secret where the TLS certificate will be stored. - ### Verify Deployment -1. Check the `Networking > Ingresses` tab in the cluster console to ensure the ingress resource is available. 1. In the cluster console, switch to `Administrator` view and navigate to `Home > Search`. 1. Select the namespace and search for `Certificate` in the `Resources` dropdown. 1. Inspect the deployed certificate. In the `Condition` section, confirm that the certificate is up-to-date. diff --git a/content/for-developers/how-to-guides/expose-applications-to-internet/expose-applications-to-internet.md b/content/for-developers/how-to-guides/expose-applications-to-internet/expose-applications-to-internet.md new file mode 100644 index 00000000..7ef114ff --- /dev/null +++ b/content/for-developers/how-to-guides/expose-applications-to-internet/expose-applications-to-internet.md @@ -0,0 +1,52 @@ +# Exposing Your Application to Internet + +This guide provides a step-by-step process to configure an OpenShift `Route` resource to expose your application to the internet. + +## Prerequisites + +Before proceeding, ensure the following prerequisites are met: +- **TLS Certificates**: Verify with your cluster administrator that TLS certificates are properly configured. +- **External DNS**: Confirm that External DNS is set up and operational for managing DNS records. + +## Step 1: Deploy the Route + +A [`Route`](https://docs.openshift.com/container-platform/4.17/networking/routes/route-configuration.html) resource is used to expose your application to the internet using a specific DNS name. Follow the steps below to configure the Route. + +### Update `values.yaml` + +Update the `values.yaml` file in your application’s Helm chart with the following configuration: + +```yaml +application: + applicationName: + route: + enabled: true + annotations: + cert-utils-operator.redhat-cop.io/certs-from-secret: + external-dns.alpha.kubernetes.io/hostname: + cert-utils-operator.redhat-cop.io/inject-CA: "false" + host: + path: +``` + +#### Important Details + +- **Annotations**: + - `cert-utils-operator.redhat-cop.io/certs-from-secret`: Specifies the name of the secret that stores the TLS certificate created by the Certificate resource. + - `external-dns.alpha.kubernetes.io/hostname`: Registers the DNS record with the configured provider (e.g., Cloudflare). + - `cert-utils-operator.redhat-cop.io/inject-CA`: Indicates whether to inject the Certificate Authority (CA) into the Route. Set to "false" if not required. + +- **Additional Configuration**: + - `route.host`: Specifies the host name that you want to use for this route. This value must match the `external-dns.alpha.kubernetes.io/hostname` annotation. + - `route.path`: Specifies the URL path where your application will be exposed (e.g., `/api`). + +### Verify Deployment + +After updating the values.yaml file and applying the Helm chart, verify the deployment: + +1. Navigate to the OpenShift cluster console. +1. Go to Networking > Routes and locate the Route resource for your application. +1. Confirm that: + - The Route resource is listed. + - Its status is Accepted. + - The DNS name and TLS configuration are correct. From fbe5991beb74fcae8e79243dd490c477886fb8bb Mon Sep 17 00:00:00 2001 From: owais-rehman Date: Mon, 30 Dec 2024 17:33:03 +0500 Subject: [PATCH 14/18] lint corrections --- .../expose-applications-to-internet.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/for-developers/how-to-guides/expose-applications-to-internet/expose-applications-to-internet.md b/content/for-developers/how-to-guides/expose-applications-to-internet/expose-applications-to-internet.md index 7ef114ff..1be8d83f 100644 --- a/content/for-developers/how-to-guides/expose-applications-to-internet/expose-applications-to-internet.md +++ b/content/for-developers/how-to-guides/expose-applications-to-internet/expose-applications-to-internet.md @@ -5,6 +5,7 @@ This guide provides a step-by-step process to configure an OpenShift `Route` res ## Prerequisites Before proceeding, ensure the following prerequisites are met: + - **TLS Certificates**: Verify with your cluster administrator that TLS certificates are properly configured. - **External DNS**: Confirm that External DNS is set up and operational for managing DNS records. @@ -42,7 +43,7 @@ application: ### Verify Deployment -After updating the values.yaml file and applying the Helm chart, verify the deployment: +After updating the `values.yaml` file and applying the Helm chart, verify the deployment: 1. Navigate to the OpenShift cluster console. 1. Go to Networking > Routes and locate the Route resource for your application. From 50d7c65bf7e9559c060c16524fe756b5ad2d73bc Mon Sep 17 00:00:00 2001 From: owais-rehman Date: Mon, 30 Dec 2024 17:44:18 +0500 Subject: [PATCH 15/18] theme override and minor change in title --- .../expose-applications-to-internet.md | 2 +- theme_override/mkdocs.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/content/for-developers/how-to-guides/expose-applications-to-internet/expose-applications-to-internet.md b/content/for-developers/how-to-guides/expose-applications-to-internet/expose-applications-to-internet.md index 1be8d83f..01373855 100644 --- a/content/for-developers/how-to-guides/expose-applications-to-internet/expose-applications-to-internet.md +++ b/content/for-developers/how-to-guides/expose-applications-to-internet/expose-applications-to-internet.md @@ -1,4 +1,4 @@ -# Exposing Your Application to Internet +# Exposing Your Application to Internet over HTTPS and custom Hostname This guide provides a step-by-step process to configure an OpenShift `Route` resource to expose your application to the internet. diff --git a/theme_override/mkdocs.yml b/theme_override/mkdocs.yml index bcf88839..ab724619 100644 --- a/theme_override/mkdocs.yml +++ b/theme_override/mkdocs.yml @@ -168,6 +168,7 @@ nav: - for-developers/how-to-guides/deploy-app-with-argocd-and-helm/deploy-app-with-argocd-and-helm.md - for-developers/how-to-guides/expose-spring-boot-metrics/expose-spring-boot-metrics.md - for-developers/how-to-guides/package-and-push-your-chart/package-and-push-your-chart.md + - for-developers/how-to-guides/expose-applications-to-internet/expose-applications-to-internet.md - For CISOs & DPOs: - for-cisos-dpos/overview.md - General Frameworks: From 3de4f9da9fbe4d297c6617ba0edd884d218a09b9 Mon Sep 17 00:00:00 2001 From: owais-rehman Date: Mon, 30 Dec 2024 17:45:16 +0500 Subject: [PATCH 16/18] lint correction --- .../expose-applications-to-internet.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/for-developers/how-to-guides/expose-applications-to-internet/expose-applications-to-internet.md b/content/for-developers/how-to-guides/expose-applications-to-internet/expose-applications-to-internet.md index 01373855..6e101e29 100644 --- a/content/for-developers/how-to-guides/expose-applications-to-internet/expose-applications-to-internet.md +++ b/content/for-developers/how-to-guides/expose-applications-to-internet/expose-applications-to-internet.md @@ -1,4 +1,4 @@ -# Exposing Your Application to Internet over HTTPS and custom Hostname +# Exposing Your Application to Internet over HTTPS and custom hostname This guide provides a step-by-step process to configure an OpenShift `Route` resource to expose your application to the internet. From 3ddda68881ea317e00cc703d06b3010ee424eb6b Mon Sep 17 00:00:00 2001 From: owais-rehman Date: Mon, 30 Dec 2024 19:19:02 +0500 Subject: [PATCH 17/18] made changes according to comments --- .../certificate-management/images/console.png | Bin 48795 -> 49140 bytes .../images/issuer-status.png | Bin 0 -> 25669 bytes .../certificate-management/tls-certs.md | 38 ++++--------- .../expose-applications-to-internet.md | 51 ++++++++++++++++-- .../images/certificate-details.png | Bin .../images/console.png | Bin 0 -> 48795 bytes 6 files changed, 59 insertions(+), 30 deletions(-) create mode 100644 content/for-administrators/how-to-guides/certificate-management/images/issuer-status.png rename content/{for-administrators/how-to-guides/certificate-management => for-developers/how-to-guides/expose-applications-to-internet}/images/certificate-details.png (100%) create mode 100644 content/for-developers/how-to-guides/expose-applications-to-internet/images/console.png diff --git a/content/for-administrators/how-to-guides/certificate-management/images/console.png b/content/for-administrators/how-to-guides/certificate-management/images/console.png index d1320e4ce91463d887bff1cfce4be51c5ba4f3fa..bea746d2f63308869182512cdba811787fb0c773 100644 GIT binary patch literal 49140 zcmeFZ1yodD8#g+jVgUvqf|N)~cb6bAbazM$-3*#!snKS$Bv-h)~_&vX8kMHDU#4v8*--19O7*KH$1qkH2AOwQ4 zcLNPvN%7?O2X8$vHK-93`V?{ld;l#`u0l}2nc#JB`ultjTtG#+0=WXN`-0bfaE@$) zeBq;9`}rOK&L90g4+ZB`zuTaKb0!p22nKkM1utfBjt$-8Ym~%)MuhCi$enZy^x|VG zEG!2V7ACQ=voli)(s)V!<^dBC!Qt#gZSw?=povnX zkwX)Tba^M7`LU6Gw*Dc_*N4vqp528R;n^cXUu_;$iFxNcF~!e&ZFKjhFVLY~6`A2= zk&1ElaW?8_=iI~+Q-i9!>wZTmRYkJ>WEdxCiW67+fwNI#N6O;6Cyn}rK4F+f8HDXVFwRvl$aUMn_1!&bV;(jQBzgCoR_N7@YiyzNFF!oY<)(hnSCX)` zeW%*&voNe?B%wcd6eVDPS6(8wlbv-GGsUaV!Dw{N;w2d&##8lkX4yNcT zqh#P}Zop+oD!_k>*O?o1Ua@=Oa}EY9wrJ z2P0vnXQgMPd+u!N$V|$Ai-gzC(1=?>MD%wT;1eII2^?<2&A{N~8Pv6=B&PPfLz9;!J zK1&;E>A&4u+5eUTkOzaao(%&NJtKpqCBwhoVGn=q2s-&ap#SL|_DU``Fa`yfy|sg# z0qnUW%nJVGU%N0g_vps780D$~C`5@~RM??8&c*woVI=UqV9 z|JD+2YV?n={%vf?Z+=eaUk3ti|J(1swf-~rpN&B)X=!c|YXb-5@Sq}mq{!!U8(JHf z8gliAhV2t{Dbc}3ljC8Dq>}+&gMocg|c1C?BeO5zeeJ*zWf9VQpWe?Z0GJqkw z0-e*Ff__+8+4K#$7+L7_*w{JfSoQS`={Q+gS?M@HM|z+`7JX)xf9XQj&J<{+p2fe8 z3fYw*=*qx=Lyt+{h=Y!q-H-)zWuQ;T#b#(o$HKLK+Mbnx>!mp&ndML=O%Fo&I&hN`Kri4I>*jz*vL#|({ z@V9q+Ya_Umo*hic7|0RG3aIDL07XLebD^mJeJoBUFytx#fzdHB)3GrA5g7Y#fie7^ zFay$O{FyN?!~aDlygwWKi<1HO{kjI67x0A)f1TlPnSt^C?>v65#sAJnkdXZMA^(wl z|0}Nlit9g;z<<>EzuNU*as5XU_>UU@SG)cn6W6VO(kYk~KtWC*S*m%ZjR1)jn!co% z$j_7uax7f!1_c$zIvgtf{Q43)5#~)a+qO=S(UU-+B0@^e zqiYi`TA_n8&D)y+Z&NEi*)?Hw(%H6?cQQk5+iO2Jwn^RW)ODSZ+@!P83pX;PpI0uS z_im!PMPy7f--#m&6AS7|poHt)o~gQ?*Ve(OHn$B%P~x9{5JU5paiYUgVH zF*BpDKtWGWkE9QN9o|Xb#Bu+8fItdxF^AZ7Dr{cHBe{ZKhuoYRhG2JsfNb}lD}aZv zi$wkBHtz`%$hE&;zTmha_|M(nF;M0Heg$##`AJj!y6}JQZP%+lv!|q_jLUl@_fq+M zkxMkdM@Li6Rg#gUtfhihIWJeuFzBfGXk5xMCCiJ+#1C!-)z4G>73$}Od)}kLXK0Z| z6d};e%*>}MIp5=I@%&RUZm{EHocP(Bay|U;R3$*@>tD%Jao-TM4Csx#{LIA0rVMVQ z2+92X*vvJoEn-IWZ>vOcedh$e@y4-FreV3dgNOKy>?Ov zFpXE#HkNX6D`=IRlGE3vkMqn~@xu^^q=A6}-VdnKo3@85;foYd0b)KnsB4Mu`&fza zg0gVEm&{) z_(Y?UxpAd#mNL+M89~0Yv!l}Bi;=rQ)Am#)D`nJSMJ*o7+h{*JA%T~VXF{QU#w2GQpvIS zq?pmej$i*0-1y@=LB=^&x<4O`wy~j6W%v%C-68{=svP1xAIwr#egA-N&!XHa+!D;a z&v$>d)a%moe7kwGMxBiA_63FRJRcuVTYqu#$>|nuNOzBr;>=TU%z5Mco4qf$8^WVIVJbXqq}#57hMmA z7)G=&YZunn>11VPD=RCPy9F)>dXvR0XKH?qn(D3DV3zqnhJ2Pru7>YAtUWwT_VU8@ zWI26*IX!`Y>v2Z?rB{wskbl6y$0uTBt!9i?d5`XH>3pmHvEn`Wyu7?5yNmcn zoi=t=&Q|V!d+&)-6+DW!T(jnxcBz+X4!=%;8u95sheLJl?#@mbzJ-LBY*dXM>@E3? z&YYLk)ipIW?+4r(G=A{R_Ak47EZx24c~1R?)(8A+3(}-bh`K<91Nc(ux%gB0B#(KKt^@b&dGL&8hkpU0In= zS#m^4P$7@U4US>X= z53AlhJGMup*q2|HmE}`yZ*R+EaFlDc58Bwb??*(?WeMba%T5hTc4lXU8f=f3k5v@G z+S{tFr+BQItF3jz=rmcwON$;HbsfR095*N9U_FAsO`PfM4rVH*(~kM;|F}&OGFGgH z`sT|^`T{<$iBNiSu#D`f7?(2CYCH>>)|-ZOJzv?)2B@HYXUDtqo16K@@h+lc<<{k= zZoH0bY7-TM1+<} zDJ>*Scb@wD_oYf^`=lGkw>xd^DcNi>YuCE6ExsB~-d`7cg1v37jB)P%%50%*;+t~2 z9^67`w95UsNLn|)^fSj(W`$~}&2Tcl?M5uKbCE~TzBK7aI5>Ejjg2CfQ)SZmDUZ~C zOqA!BS&Ufh4&Nr>q4?;PRB+dOG-Ik;{7ytLyQh)T4&Aa!5u8Q6DvHc<(xC6_=FWlg z7ZcW}Y;0^(<}ahk;wqiV*B=e~Nw#DfzI#?Fvs+RwBqX$RcsLBCv&Ijx94Sg2pO^qX zmo|(_{+X~Zy1Wk>1~4uM*+AW%yTw%b0xst#4(DgP-888kO^u{Puw%q4r1qo(Jglk4h$6basFTV@_z!Gj}q8>ivd z?=JfeEH&Be2Buh=!srygF<-NivIrO~Ljs+s5krWX<@9RxdgJ!&$)?w(dGYP+1b%CU z)o*BFwg`Wm5Pv-KY{b5)=Be0anmqoA>5jwvV>NRTlK$Te)w6_x;FJ-eaw7i zAXB3Xo;fo+Yq@fkrId*{U~6l`{;53PNy}^k^|WJ2q)%|}Zp9CJAWFv46HZ(YORFg6 ztP(t*FO0^;#obm~Je>0KN}POBx;oIhHCnTf&K6b9VdK<&*W1Xd{Q(Tqy)&BKGAm6w zMnh-wa+wl2!th}_jgpel@Z9UbS-Wk%Bt+4umLUwIR~$9!W>}*Pi6!dd)n}pGJ7c5p zvYdCoHrdPERbPSjZ7$MhMs9B~;Kq3Fr5|tV)Vi8}FVJ({tUa{LG1rk~I?rfq3!`ao zXb|q^JB$q^7RV#yaWpyHn5eRwm#7;x9j_>?a$L{K)2`M?dr!9%S{S9AAty9BIXPOO z=R;~O>rm_jIz1RQcb)yf5sGL&4r~vn%ce|lSFju{=~a~FOAVovHQSu5#T$BC;%K>C zzIa%bGuU2}mg?u{$IHu0n|}orl{vI^l}f=rj@au=K8C}(ZgsOZSu7~aWp}}BvZit< zS2H5NDlae3Y&b7&WjH^7p)+O`NO1Uz&vl0%pHT=oZAiw4iPc8 zu@Rq|S9)O%be_oT%+|%#b*1qg)@Z4Dgy+dJWm8kr{Hjh>RaKV9=|Pradf+_gP}^Xx zrt10Wq3Z0n4@jheMJZzfT!DJtL~pM=L;YD1vY*O|3MyV+t@^Va$xq|5NT1=oo~6_} zA3q?}ivVUyYf*i{V;nf|P--@~uU2KlDqx8MA>x&KY5qhaf35g(> zLYqxIa1n@vgajRredXt(qDITf9m8u;LHisXXXocE1MLLPX?NB-UXB&nd!mWNVtO~%VA9EV&Bv!qv1U5;`R2u`3|#zj89+@n1ud7`>Jr6kem zWN+EM7nFt}-q%H7s>5yy=@~q>XBDGmmgX*&I;50*yDhQ|44dd<*~4myt#b&lT6HaqOMDaUXnxbClHT1`|PyH-?I&bw%6?wZIb zV$$4Va6Wy59>j4SE>|BIl&Ra?yq7OTSiDw`weXqB<1Q6+cd=VFQz3P4+`fChGIwjs z#$l;P$e=k;`TS&mer+uWbV-d|3-jTj@+r^k?b+tV@4nU5)vtVfl#@hmy12Mx0(6z7 zUYzFc?v71BkOPd>Y;`DiWwQ2^Q2X$Ep#csdVVvGdVAFftRbV^#e6H}k{rZy?8l+gj z5-SJ_dh_z}&Hwn3h@67c=A{4o_lf}VjOR)PDL(9I=D4oAFpP+9=*-KLjWj%B$Y@9gaDDFJ*jkgdu9 z-Xt3Q?vw{uu;0FMBiP5shg^xZo?T$4FJgIBvMAt$?fUpcl|x8zaj`~;$)`et<`v+b zK?v*K;%^Vk&(8-+w?AfGzdUt$QI3ZGFxavZ8bYxQ)>|QjLVE7U4-#Tx;`NDY)xN2h zmg}RX4rfQU+BMGdAl7}%&dzo{+_0?7Gwn}<-2`R{j)QFA6Ax2lcBW0H0fBGyUoTy;h{&6oOom)wGZ70|A%9 zl;^2so@G;GBNfPdfVy%!ZzaM`f#)wV?WZ_Dnhio4JOA01@N*Fn6X01@#%^L_4#o4i zv3j04YgfTri}=XML>@nW?Em&{4+z)$y<)_s-SK?jVbALF$C{hPQYFHWxQWH0-eEQT z)vH&m?ngF2m1KAv*9tW1-3~Wgms2CiQs2B@7JDDh>!Ls@8$VFxu!{ZgVaAUiFX9Be zCXFT+i;X&w9sucHt?OD{K1@wF_(>wd>9sXX7W*q~4WJ52N=oso9kE=Bv&})}+@0&d z3GBB#38JE)5GD55`v^cylCI}*s$AE^;NakWij(8x<#vYpk~JPMVN4=kvTov@m4i=AHDyQ!W@px(Gc@LnXtqQ<;PdVMGb3;hXVC z6`B*O*sNv);=svvI@N;7XUQjva=RaGUD+i%o(&SPD9Zhc&=g+<;0%Us;iKi*TTgWr z8HT&XamNLIF#;0O(#l}0;bIaJ{#h!yS?rdh8M^hJz}89tzD@;@0;us>kWObiRZmA& zRj9IZM3K{e)%80>wA8ChvQTb^mC$F;o(+^)YGx~X7&e8rjE(EaV_PiD{ z)v0l@r_-)dVq#))$t!o=H_HaejlGp@=gwZgEN)vRE`yF1fY2di(oxLh!bee)BgMvp zIqEFXzVS-?!72yy?0FENK7km$_|Q|L4?G7O5QS zSdLYs|At<-4#4FYP4PznO2_dynJsq3g?CE`jiEw#Bh{|#@wd^v<#pPK1(Zg5g69c! z!-3PJi&$V_;4#0Br`SvG2WkD()h5}E+mAr)tJH3r7r+rbZFl2(uth)&n8 zU2E;`mi0K<>&;SD$5oAEx75g6?}+Eq%&*z;N7}{b&!62tpjr-Qg=v&oWLDZQt^jRQ zKiC{Am#ubOSD32vKn85uX)Eb|yM<4S%F-<@fxcI(O2ZGXa!V}S@eZ7Xc>Ft0)uokHix+?2Z!(qh8NF>QnpL6VT z4tzWbl@GIoJ{sEwlp<84|}Stu-upG04{y3QXe`gQ7NZtrQYg%pM-sc3fbU8 z?K#az)H7UgxSjikuH0%uK|uk52nhj>jIR9&HT7~GTH?a8b#hYD+~#J2Wo4>lMBCJq zuFv&5UA9%jH7DnXQ{>Q%YiGV~7675+1E_{%lD4+Ccn585ZF@hzyn=&|p9OqQ79a&j z!lk982DYXfimxUH@tznL33=(di?eS-1RX7yk@O^EcKx&?M^n82pz3Yh$>CL2St!lCHR}?97D}lSIOJqx zOW!^`0&YK?fRK>ob)1TInU4eX;4h;?21xKs0B8C znPF{nm21I|g~^~Gas!CdQCbrc5(4~3u8g!RNFhkiuNiO8G)42e6oCgskVDw=y{cv~ zhpKICsA?EYzkKj@1Flc@P7JI{8-zK{a;sW~VRNE$y!-c)xa=3^G(1O&U}k+O??%h5^DW29 zCVC6Ar*s}o10``92z2pi0LjFBWuS|8d(G>FAl{v~Nc`cv^#dJcDZlx$?=r$UFoD^hKKSYE{%LS3nHU_4f9*82+kNZWVVQ3k&$ppl3Wm079<5 z!PSuiTxSUY$Xe~HAm_utXO#mM0Fs-oUlOxPc>Tt*d#C+kVcs=ooyT*=*_V0f07rRR zz;`vy=}fuK-38j0;B}D+4MDv%`9k8g(dmBs=>e(X?t(OOPUGX_O2tNWfYF2^fM{^A zc4NSs0|?I5M*+OzKc)KOme!*m3ubZyZDYyB{$b$~1M+=gx=J09Ir^f)M4HEneKJvG z6B6MB1lmeDBG02PB#5`7h5PSk%|+$V96FO^xWLCjWXb{#dQro3w8RwT{?TZ6h+-`v zC*KW%=1oU?0Uk^{4-S^TF*iN^G2IcFg+dhoT8Pg(Zo<_CN*uPs%V(yh7Ri5kW)Buj zT{@bz7o6%9zRyiO$P#;q02;|x-eV*XH^N#=M#}&Zjblmr@1Bp8#1;o>_IWB?S z4i-cTSeKK!c)w$h;IU}p<*DHX;z;5~2Sud%eO5W+@YB88Z93H!_Smufo1VKC$T5$* zm?5Mf=bf3IaSkz@1^ieQd|4qrqJg@NC9@Sl(Uinx}uR@Q+OS&RrlV$?%z^D>% zZ>nA>Sh&B^pT&aDpLFt6)zx{NW`WtA0FbtW4N%73az8l~nZSb}n;Y)380SPgZR8lu zVNEX}AOPI;vLCT$fd&PG;!gCiC$H;X2FNu-(#;uVy-ooSy-=B-CKLA*iqC2i3>#bS zPX}bF2G}oY3W)2~y)#%B!q5%&-m4ADk z)izkymwR?Ds{J*ro(wwQ9$uAf&MNB_lRzSeFzSxa1sLCa>&F)mVim&AHOnk|lb*i^ z#CWne%^}DKqQhu@$>Vm96GI!Dg(S3M&@z0-Hgmb@)jon z(^+acrh>@HTa1bW$=C9F`P2~boU9;cZ?8%KAzn3zh!0?JD!>w4^m4W3-Nj#(mA zt$7y!(>FTEgdNFS0ALCS!HtWDhlY`{hk`$7C{M35nhl@Vxd3qJtOnoEv-gouI^Db? z&7c=vlLSOF$p+dlv;QE&hY_`drCzm zE*U{T2;kU23KVO9xxe{-6593at01xJ=&!^z+)F3Zu6C4`45#gtWT;I6P<(Z_TOfiA zFnm%dC@4r;7}PqDF%S>|EzE>g*($lLCOss_M@LJolnF}C&dzm#0IutR5SanUDx{PF zsq_TwrCpz_)#R{V;6>%+=GGu0A_Ao^g+l$N67ymDQi~CVFdEge(am((gdvV8_hirW z6ZNkrXRjOI=z$a#nabOp>*?uf)Vh`eKbM2V-lPh&p;|Q9*Zp6<;fS9IST^YCafuLop5xIIov zkSxi@M0GYu7EcyptcyaK{32M4I(opwK&8z{{ZtO|fL1LLWTeZ$H@6*de*E|`+!1)7 zWLf@W5hQQ|Ss*QpLMAqH@gp3tr1*?4yi?AuCn}7xRzzKqgWkGvqsJeI2AR+UqQtZ> z1?nFd7@nM*jMT4|7ID7)0Yw$DhJ^*teIFp0XmoXTLEP^yss-!D4Gc8U0oV*+>?nze z6VQ`Q>~F|=IpdjRcV_?>*2c!;|mhsI5)qI`YiV9Ao z!hwLJ)Z~vtx7iRJd>2W5fFcBlKtuo|f*IL4IU!*pGrFR(1a{v##cJ-=Bf132Qm2`lK z#R1w?1#zI5ZWj1S;6GQvEJ8vbl!=Opu0-g1g4{8C2Of(QI+E?=cdr0wha7sclATYx zZZTQI)xEd|m{D(U2(&1mry~e7lspe4%37FcIrQT$~MMRUwvL+}R0g?!W$}k=G?dL%BQV0-bq(GG6 z9^2)#`Qc5T!|vyNEo{PNzByO3eD7p6KO2CzmG6bg2b)v*fTofLx%ChLA|Q)T1o;IZ zjdT=pHA(^JkOUM*14$bJK#h$beSk;6WtT#J*5xi+4PPb&o|o_9X!fakQA*wE1`qHw zRNaS^wbu3LD!}Mf0b8@blpK_W)HV20a3B$1R!d6@!70Chhhu%)AB&ZfL&L?5plyxd z3KpKu(k##8zc@13U+NV`?13ug5&(h)YY80I@xGXZ$Wnz_?^(G6Tar(#1in(C*62k{ zdCJi)MOapkLP$9K@Y+Z*ITWn7!ahh>*WoJzP~<>BlFmA>8=vKF`L@l4Y*j*E;$o7v zT(~t*pEFwPRt_Un(Ci1)4KM?35HN~f zr~Oe-h?D=l#6$T7Y8Aj^XJZm_tECN`0qT+xDgm;o%&G3>a$V_@RbQw)lPSPqVP=&Q zO%fAI?;ixIkB(H@r=J{dGC+|TDxm%|L72@1?BZzUX`<)FV`an+w&4OSl+q%IYmas* zW6W(DnJ1G?Y%l#ROCX2fy@yP*2L_ZZ$1CJPhJ{RP=@j+Yt;W>=*cbw`B7*`m=@U!v zOb!lK%3jB2@D$;3WR(XoXdhG*%$9mSog6PF%+JlGfO5<-h;c}#rQz zYQTzLdGq<}^73*(NFz-L>5GA`j)do`6(;%KA*P2SMI@~w3&P7Ds4Pm7{faxgv0P+qb0S-!#JNx^Cpk9DvIbl>Rc5~vn zT9pc*=$PLBJ`uPTB=ki_J7CDj3d3gorOt4^Zns<)hyqBi>;pdA9-xp$*KYKHnQP?H zq%;2AQ$lNM0lZZ0wsk}S=#OGCR?1eP1KJ{q3V}oXS;hy*kH}+B{v1$q8ugyFMqRO)b8~aN<^4r4NhHnyCaqFwH;)X@bXpa1 zAeNVAU);jL2qOdji;9+ZEpTjmZ;zIFcw=TJ3Dka8!IG;2D$xPnJl z6aRbzfvlmSQ2q0%`u`WV>A`Jm68|a^1oHiw0f=?p;TwzQILYr6l8U03W{C!+@L6``G&|wB z%a+1sRzIz+bEPwYV=y?MBb2&XQ@92F*PsmNUm&O@AsUqu7_MlLTk7XkrMI+()jH(m z>xojq7R+BqOXC-k))%aOU|;5+!=HDSPqY7bFUX6x@Pq~av-@=%>9> zJp(jSfM{~SH~l{w4PU&uq7B-}u|7mMH7}2mQZO^SMflrb)qYx}+|?9m7xQ2!f|@N1 z^Y=K4etz>}7Jd1_&s~c*emy4mioqx&DmS?O^8-9|w5VCxufL-ciIXTE8Qv1IT?~xm z&tP}_sck@y7Ll!n_eUsy_u(X3_3I4zuXpYL^5)kkbP%@Qd;i?(UsnPd5ET380@X>5 z)Jx40Umulx9chG8uEyZ07qd*~fS10vZ@JS<+#h9uK*q0&LP3#7y1doV*C(7oRpyG0 zr@T)0p*&#tir0vFO%fk??7!iU;S-*s)y$D0=rD9lEZaR zVE;r;-~%3?f=6vacR_cl9gNL#R0MEk!=U0#1~r?g3X5%zVA$Huf^TH7e{*h%wO5Iu zCxl_mauUYQDGfno=3|wrAcKT)vGYnruVN)5S{7|rvo1qZHMWUmxgPYTa+N*GB&RVp z7uV*0`*#c#JOpH8w*=kxS3XTtA1>hmg5LZf66RKJT)h(1Z_Dj;kn>b2BQZVREIFJm z+FX6huJghokV4i~w%c(XxrM?^eQO7G?{y5fgIPw(R?yxw@j2_^o4^$Xms*wh%5Flt z^Xt-hKT=&JE{!^gY83p7q;!n|hcE+$SNfP1 zy?x56#i8b``tb{nJgL;Pj@cW*5re58vkCH>X}H}hjXE__m+WL$2lcKD6j#Q?5{6*g z+tfbrtP+fooxr3c)MB$aP{63<66O=jQ+P$z>}YM?>9#R?l+emO)S=2xh@WMIM?J0d znw>s2*=0;07RXBnn{ro9Sd$!E8Au88Jw1>=6`Pow3r=~>(p=)z>`HfTRGXB~(H}{k z(2~8gj+RxMYbj7e2j%8HRL0OIICYA_x=c2Z4H}>UeYd45<8#~i>Syug#`EzkM=dxg zHKo1+gABdvCNfs1o;dO-h#HDeOpq{-*u`!#j(-Vwa zohePI%Ed+Ybi?rV*Jlq*r@t9Ul=L-kVov0oB>QF>E2^6M)w|Xm`n>gA_u2fR3S*8U zgQEF-+2O5?j8wCnD2wa*gED@gEZQ9Jz+$3Mou0Q`?zMSGfbEjh&_1^i3iJLnIz)=o zWPC=RHn${VW@fgO93FE(%$b;xpywfXAxvGVGD5S8H2Uk=4s@U3^cPT?yF?8{1EY{Q@PnVm_S@+gI7A z4t{frY_qr!B@T>CYxLh(VcNPJn7S0^BFE?r)gB30$=!a%AGty^+>p&`-A15o16S@8 z!(VRgdcs!O@w}FG{p|&ZX~0*Bs#fze@zP_1!i&-)Zv>h4IUm2aFu79wrTCx#Acg~C zKE0=g`b#3(O4jlgVVY_?x1hD==hFn?|HeZZnjJ6T5mA=Xlq@7uf zSLodoNG-7$AOOt4R`IiPs}M5DA0O*1Jh`0KQrH8%{wO} ztjP2};Ia;tN9{G7;^W`V;@n;8+0VxAv#ME;*$Cfo#cJO15|XxBDc?}|{+CnVNIg}=ZUa}~!JK9YaN!(lvG`-|%ZDo^}a8%M7 zAX=BLA2RvCkH0#m!BJM9|1qS0e>+S0)}!rr{GNI>zGr)fZ&jcQP*rj(f()l&%B{>Y z79d&kFSxhod5#7x+8Y}ipKgWV!T+We!Qg)d7%`Ih20}{vQnw$Gt2oF$3fHoAa#yD2 zwP@N~TbDNo2EIu1RkJJh$!eCYBa#UStp(sBF=fqd$L}^)6gD`xU6iPv5#@4Z;5V|?!e`f% z;Vre!wHp%y;`eUFhg1e(m3nuH?RzNQp9;a|@__d=2q3!7DJzWqFo-IL$Vw@#--1k^kGgCFOsmzA4LN}+7lCDVNx z+xvD|o3}ZXqnt3wH-DJ`SwA)Py1>*(Pv#zW3Jqy+&b>)!o$8&e4=xY7A9Iot$FIEvh&uH$f$;u=A7a*LvUFLNJSlkF=x)%7c*+HEkx0)sSZpF^4Q*q*AG-AycpDliqAZ2eeOg&vhq-7M>OTiyqR(uk zQ?o3~cGmZ)YF>^;sjC*OEmR)V*>~`~xwD=-$qv@s&7vmGRn+niJFi1onQBsGQ>DA$ zv7k|Ty?L~6pus-<+%jiOLzc~)jDv$?(EK2_s)kXpo1wI*%*d0IeIPg}J>#k4B=C8SvwD*{5`Zv-8zxw!=hT6k*iGctcz><=KvY)>< zGTV1@F6DVxPo-ej$-S!>@54}Rl3B-XG#n_5Ng!P(-V*>Mz1A6gmd zQnuBkG@q?|q9Vq6q4MO}xtOC;(8+tYQ*lJ#w{Ma`97?nP3VTsWZnIc{>%GwiZdUbn zO3C+jS<7VwN_DY6v0alAB#d!XO4oQd%Gs;C>lov<8<})xtv4*od@oN^M+4f|J2jJP zgfaMC-Jd_g)T!0i?C5Rs{U=GqQbGaO8*p_!Q{N`sS?NoNxbZi+5qu!3$sGmuxVBvi zplH+>W{L*k<=38i7OkDS_TKkk_V6|8IFs6xjZY$W+~_0rid89Yj?Ow~Au=0i(f;^R zp8Kf%6EAUhrM6QkHCA>3omf%a37cLs=DMt1h}f`^T_|>~)qBkBD4p|qEA^ofc-A_F z@%2abvoa2Y8CDDXiXov##zREnh!j7`In$X@^rC=ZhXLU`?PjM?yHJC)D6o2|p}+5!fofA;(nQz6+F+T zYxE|0>J8t_^UUpYN8AOsIb!EVw{AL^sjI@^PR6daV=FE}!#OB8*u@65LmS*Vks@Ns zrr)9b3>DN?{iv2KK^Ic~s%MpCT978`bkoqn;)TPnFy@sB%L zwNK0ZYakW>pt^&mlVUfe1dUN){R1MBi@(X0pb9&ocb;~+komA>i=)?3P&FvjJqLsv zl+O)5JpDv$XV7zzBGCWlWKsi{Olow7B@ZdL=X6Z44RaIp%@Gf7)5~Mb=H1ExldUc{thFG0q|JL3MsK?#<<(Xsfl{yl5uld64hQC7J0{n7YCQ(jj*87qsU6c6uN>yunc}y(9eHO*f1{@#qoea-aj72`pA{@K*;em+}XO@zpaFrgy<_a)@vo%4SV)Aau?9X9>K(!fV-wVwqd*P@_^So*8+ z8_d}#CIk6m%Xknf!~NBvq`zuW(fs(l_RTI094M`3biUUbnXn;ai?!ybsBwH*V9D z9r|h6F{=je)Qc>1$8-+hy)(qQ=oouyb(cZFfrYT!M5J-YczNiMyicO$_3tMwi?cw& z$OsWjR)^za_bj>1)=-{8xjCn`D=!O$8pDkf-Ynm&*=j5fI5xRfiR1q~cJk#$gm$a+ur_q; zWbC$I+tj_7lCVxu+VH(zNN>RAIOiJN*k zX|B!6{vK#wuOS2slu8dL?Hv8~O`ae7x9XvfEd^ktGkGtz66>_=ga|&YieafBBsWfQ z+?fuae5+>NepKZIqed;|#$S(~5t4BaYbkWTB z!1t;J9+bOHCg<=r1W=|nM(?Vowaq`ETm&W(y`B@w`qOt3atnX7VSKh^YUW@gNI2*n&KWJm zvq>uC?nfJ>Mde}n#BXP_G~Iewuih|gtX$-H%zL$^o0RUDCLD(SH7!5#$ci-PZCZCi z^Y%^;`@k4p@B>6xU2K@S{RsYjnF*}2`g@Kuc<{N{}e?%sa1j{AdocSKoDfDlR9-mhHJyq#w2(%`0!F*&G{Q?4A1Ig;bbR-m|n? z82Q++Y=29T)x*o_cD}U7t0rF<%acOoVrr3 zq}7z0B<{PcTHjPseqTUzUbz>#gKJK~IP)>99VIxXCDMz$z}1?Mg9UM{f39P8a(vau zL-B$%<=%%FUl*`H^5+oyglv!zuyTNMH6H2`RdrSIgXK09(qL6T7a+Yr@ag_0Q~zvnLNL7uU1QN5!xr!@NRA zOXhg$+OKv|O%?x*H-y+ATKC;kjx2n2j7JkGV8Cn;|K_bD2g}ZzX}G{Ol2;oXP5t^` zi^(DcXHS@ThRxmQZQ?6;1P|{wK=++${nro4k}nBlEu7~S?)83n`_@XtA{%p$uVZ#p zdH7kKX1E=zX7IDcv(Vp5ChRzl@$%74>P~rWF_s0B@U1Q}A-?=CkJlV_| zyS`XS7Pp+BBnFcwcu89w&y+=IL*M&c6vsZ)H%M;xx(HO??8?OUR8exi`_dA}Ts6zw zVv}b1;YKRS?}s)&0gKg~E5LVfW1`vt){=i+74H?hW#8-O%RMn}r>bB--^*{zjd))jB``JO zThNfHyVc9HH;!k`!j^pYJj9uZcrt9M76&sZ*}C56##^xc`sXr=NtNCfyppcn*wZY! zlR$m5BOy-k>(R$ETXD+hHFi~##N8YBjp|#kOla8e`#d@B_Pg036Zy4babs?$A60Hu ziN0>%v`17ok$Fe24rI>oF zXHqAGd%)s{P^6E_H7kg)epuOfOV#kU7S3ty#TyqvTo=V}+Z)!<9(+UJZM=hJQ)+J8 ziYMtatx+xe%M!v}+lB7wrjPb*ZYsXL2VJTzm)+YX-_K{+Ywk^0KWaLi-S}jXs>BpB zS3>B)|HyV(y86|S|5us%S3G%vJT(SWxp{>?qD*=Nop9dN8F|0nivG@kSkAzYUXPl- zk72U(g#A))GQyHsN6a3nbys!O^HigY7uWTKIolHOA?5_Fr(5kJu^qMy z^OkIS0C&bN=BP57T@yDC@H#rXxo%$LcLs+Fh%WEfo;uH#II}?xB(%WfF|SW^n4PU@ z>OCl`_7`FsQ$ttB#SS;>>u0nKMoFDd@*zqux&7{(nP4h`?iFHJ*S&>$aTm*C9J3=a z?0#?W5h_;lH?P~WgKPXiZwIz)PQTsE^Ch+3X;@dX^iaPhJ6RL`sEkKZ6IR7ZYX1lMbU@7}*rpJ$ zFduZcdETSEBpS%{1L{p5%GQ5BJ{&TX*ie$moBL6B+F)fI%JGrd17LkVy<{`Q*u~7! zjH|=@{Fl~cShdNE!c)==H&$KRy}bQW%k&{{9qHba(LYu|Z=LJ)dsy2#8|24&8^MlA zWexI>^h*ud(|!qL$mt8LwJ63^4uAjDg)Tv2qE;`jh`R0Qs+Y8w<#+pCPS$Ep;`KL} zzBV+g#M>X|fv8O1#)WD&vkM&$MrPTZTybJGM-q;QD9p9p)c7uu{q+{q9ZnP7bIQon z?;U56mH1gB<_>XMJsDGUK6qd!*itFwx9*%j1b}-x5x7`HA8Z}lQ-s?#N`JM5hcew|zfkNSiSH;9D_Qmp%5~fr)M7(H zXwCFDpNgJd2*h&hig?lEqHM)8R4QuSB^>N{Kcqa&h5T;C`8csoD|(8y=baOG6&KkJ z6RJQU>LFn_J+Axeu{tmG9z-Ovo3lFp5N=v4y3oZ_@8v)H4MM#xV;HrMC*Ha7b+(7( zY8S*U6XA_o2(ubOrJYVLC!5OlKB?;!Ku9YDWVhi#6gzCc_lj;Y{7a0Pp{9~nc7>BR zprRrV{oJ}TfBezb6|KiKZN2B*0|29Tw(}tn?1W65C|_?jLbK@P3V)xnFI_tM46C2< zL^2ZPvm$BU^5$_`SXKUzb>Db6+kq|ll-6u;2!t=OGg$XW2%=Xj)QCaI%x9+Pu3fM! zKgCI(2zdR}*m%^#SrFLz`Q77wd#sv$0Kemn=Bt;ltgqcfUi!Zh(7mg>jECfW8)}fg zB5YDHwAwAc-?q^r2+kx!q@@SY>b;N>c>Lj@jW4B}t9*TUv_nFs&q0>a0j`S#$}^p0s;*Lo9p@u z9vt{*78yMwv12fvdA8GKw{b#b1s5TD zJe*h3en{ogejQDd$L_shK$n9URW$^sDZ27MjqoR1w{{3wJEFzS3 z?92b}p1t~DnEJ2g0!f&j{V}@|5nuSZpkb3g&;KXR^yjC1wGK4S@#oR}Sth7+_~+*r zbDaPGW%0j#9Vv$gVEZeZncR|S7|PFCJKROk&B)rC1qDk+$ZOL3es_l_O&J}E{x7-w zZ%6F^)=TecxW-y>40;CqcDtszu^MB36F-dbCW_z=npN9^4!JOQ zqi2T2MBH$lU_>6wBCGS_SnGvKGLG?YPax^3AABm2ody!pzMB( ze7PioFgxGlZWv;?b&YLxDY&R}u}94}a%$$=obWU1ZSwTJ>F#V35gDlt09IzE+9KQ8 zdpx)8SC`|yph6r!uZOqQkkut-IdAP4i5sA@Ye`}*86RcXpq;m$*qxG|h5=+I8GRcI zxMv&ZS@zZ=a#O;&alb!@TQPD{`+n9A znB1@Y`Zh39zMGdh1dCF5(LI-imolaVyGvJJPl?~Y%vX?YrRT`rz7k!@m)EDvs8ncn5Y6iG?GZs(}P~ z#&I!lRkv2Cs5~e}G-;A=Q*J$tEYj=yk=?gwc)dvMrp`hk;hT>a4p?+odu5Z4$3AFd zSxC%cM-@nd^`znHTEsW`NI8aI_*=cq{ZqZ+lk3+H=IU08nC66@RLV^s#pBf*dB54} zuctY|w~UR(Wc6%0GK634(1?c?y4M##!@6d8Jt8pA)U@XP(Utqxyh=UPlIxZ`FV