From 5a51a00b57fe5f82dfeca0b000c7acbef22d00a7 Mon Sep 17 00:00:00 2001 From: Kristal Dale Date: Mon, 11 Mar 2019 16:30:26 -0700 Subject: [PATCH] Add versioning to installation and developer guides For both installation and developer guides: - Move 2018_10 into versioned sub folder - Add latest version (copy of 2018_10) to latest folder (to be updated for next release) - Update intro to each versioned guide - Update relative links (version specific) for each version - Update all references to version, to use standard format of stx.Year.Mo - Cleaned up headings to use sentence casing per OpenStack guidelines - Cleaned up capitalization: standardize capitalization for terms, only capitalize official names/terms, casing consistent with command line examples Change-Id: Id5fd0a78a1d81fdf8c63d132f2d4c50f9ed2f2bf Signed-off-by: Kristal Dale --- doc/source/developer_guide/2018_10/index.rst | 839 +++++++++ doc/source/developer_guide/index.rst | 846 +-------- doc/source/developer_guide/latest/index.rst | 839 +++++++++ doc/source/index.rst | 10 +- .../{ => 2018_10}/controller_storage.rst | 327 ++-- .../{ => 2018_10}/dedicated_storage.rst | 271 ++- .../2018_10/deployment_terminology.rst | 119 ++ .../{ => 2018_10}/duplex.rst | 339 ++-- ...-deployment-options-controller-storage.png | Bin ...x-deployment-options-dedicated-storage.png | Bin ...ngx-deployment-options-duplex-extended.png | Bin .../starlingx-deployment-options-duplex.png | Bin .../starlingx-deployment-options-simplex.png | Bin .../installation_guide/2018_10/index.rst | 288 ++++ .../2018_10/installation_libvirt_qemu.rst | 204 +++ .../{ => 2018_10}/simplex.rst | 173 +- .../deployment_terminology.rst | 119 -- doc/source/installation_guide/index.rst | 315 +--- .../latest/controller_storage.rst | 974 +++++++++++ .../latest/dedicated_storage.rst | 918 ++++++++++ .../latest/deployment_terminology.rst | 119 ++ .../installation_guide/latest/duplex.rst | 1520 +++++++++++++++++ ...-deployment-options-controller-storage.png | Bin 0 -> 102760 bytes ...x-deployment-options-dedicated-storage.png | Bin 0 -> 109174 bytes ...ngx-deployment-options-duplex-extended.png | Bin 0 -> 106659 bytes .../starlingx-deployment-options-duplex.png | Bin 0 -> 91370 bytes .../starlingx-deployment-options-simplex.png | Bin 0 -> 81291 bytes .../installation_guide/latest/index.rst | 288 ++++ .../installation_libvirt_qemu.rst | 57 +- .../installation_guide/latest/simplex.rst | 729 ++++++++ 30 files changed, 7461 insertions(+), 1833 deletions(-) create mode 100644 doc/source/developer_guide/2018_10/index.rst create mode 100644 doc/source/developer_guide/latest/index.rst rename doc/source/installation_guide/{ => 2018_10}/controller_storage.rst (80%) rename doc/source/installation_guide/{ => 2018_10}/dedicated_storage.rst (81%) create mode 100644 doc/source/installation_guide/2018_10/deployment_terminology.rst rename doc/source/installation_guide/{ => 2018_10}/duplex.rst (87%) rename doc/source/installation_guide/{ => 2018_10}/figures/starlingx-deployment-options-controller-storage.png (100%) rename doc/source/installation_guide/{ => 2018_10}/figures/starlingx-deployment-options-dedicated-storage.png (100%) rename doc/source/installation_guide/{ => 2018_10}/figures/starlingx-deployment-options-duplex-extended.png (100%) rename doc/source/installation_guide/{ => 2018_10}/figures/starlingx-deployment-options-duplex.png (100%) rename doc/source/installation_guide/{ => 2018_10}/figures/starlingx-deployment-options-simplex.png (100%) create mode 100644 doc/source/installation_guide/2018_10/index.rst create mode 100644 doc/source/installation_guide/2018_10/installation_libvirt_qemu.rst rename doc/source/installation_guide/{ => 2018_10}/simplex.rst (86%) delete mode 100644 doc/source/installation_guide/deployment_terminology.rst create mode 100644 doc/source/installation_guide/latest/controller_storage.rst create mode 100644 doc/source/installation_guide/latest/dedicated_storage.rst create mode 100644 doc/source/installation_guide/latest/deployment_terminology.rst create mode 100644 doc/source/installation_guide/latest/duplex.rst create mode 100644 doc/source/installation_guide/latest/figures/starlingx-deployment-options-controller-storage.png create mode 100644 doc/source/installation_guide/latest/figures/starlingx-deployment-options-dedicated-storage.png create mode 100644 doc/source/installation_guide/latest/figures/starlingx-deployment-options-duplex-extended.png create mode 100644 doc/source/installation_guide/latest/figures/starlingx-deployment-options-duplex.png create mode 100644 doc/source/installation_guide/latest/figures/starlingx-deployment-options-simplex.png create mode 100644 doc/source/installation_guide/latest/index.rst rename doc/source/installation_guide/{ => latest}/installation_libvirt_qemu.rst (72%) create mode 100644 doc/source/installation_guide/latest/simplex.rst diff --git a/doc/source/developer_guide/2018_10/index.rst b/doc/source/developer_guide/2018_10/index.rst new file mode 100644 index 000000000..16628792a --- /dev/null +++ b/doc/source/developer_guide/2018_10/index.rst @@ -0,0 +1,839 @@ +=========================== +Developer guide stx.2018.10 +=========================== + +This section contains the steps for building a StarlingX ISO from +the stx.2018.10 branch. + +If a developer guide is needed for a previous release, review the +:doc:`developer guides for all previous releases `. + +------------ +Requirements +------------ + +The recommended minimum requirements include: + +********************* +Hardware requirements +********************* + +A workstation computer with: + +- Processor: x86_64 is the only supported architecture +- Memory: At least 32GB RAM +- Hard Disk: 500GB HDD +- Network: Network adapter with active Internet connection + +********************* +Software requirements +********************* + +A workstation computer with: + +- Operating System: Ubuntu 16.04 LTS 64-bit +- Docker +- Android Repo Tool +- Proxy settings configured (if required) + + - See + http://lists.starlingx.io/pipermail/starlingx-discuss/2018-July/000136.html + for more details + +- Public SSH key + +----------------------------- +Development environment setup +----------------------------- + +This section describes how to set up a StarlingX development system on a +workstation computer. After completing these steps, you can +build a StarlingX ISO image on the following Linux distribution: + +- Ubuntu 16.04 LTS 64-bit + +**************************** +Update your operating system +**************************** + +Before proceeding with the build, ensure your Ubuntu distribution is up to date. +You first need to update the local database list of available packages: + +.. code:: sh + + $ sudo apt-get update + +****************************************** +Installation requirements and dependencies +****************************************** + +^^^^ +User +^^^^ + +1. Make sure you are a non-root user with sudo enabled when you build the + StarlingX ISO. You also need to either use your existing user or create a + separate **: + + .. code:: sh + + $ sudo useradd -m -d /home/ + +2. Your ** should have sudo privileges: + + .. code:: sh + + $ sudo sh -c "echo ' ALL=(ALL:ALL) ALL' >> /etc/sudoers" + $ sudo su -c + +^^^ +Git +^^^ + +3. Install the required packages on the Ubuntu host system: + + .. code:: sh + + $ sudo apt-get install make git curl + +4. Make sure to set up your identity using the following two commands. + Be sure to provide your actual name and email address: + + .. code:: sh + + $ git config --global user.name "Name LastName" + $ git config --global user.email "Email Address" + +^^^^^^^^^ +Docker CE +^^^^^^^^^ + +5. Install the required Docker CE packages in the Ubuntu host system. See + `Get Docker CE for + Ubuntu `__ + for more information. + +6. Log out and log in to add your ** to the Docker group: + + .. code:: sh + + $ sudo usermod -aG docker + +^^^^^^^^^^^^^^^^^ +Android Repo Tool +^^^^^^^^^^^^^^^^^ + +7. Install the required Android Repo Tool in the Ubuntu host system. Follow + the steps in the `Installing + Repo `__ + section. + +********************** +Install public SSH key +********************** + +#. Follow these instructions on GitHub to `Generate a Public SSH + Key `__. + Then upload your public key to your GitHub and Gerrit account + profiles: + + - `Upload to + Github `__ + - `Upload to + Gerrit `__ + +**************************** +Create a workspace directory +**************************** + +#. Create a *starlingx* workspace directory on your system. + Best practices dictate creating the workspace directory + in your $HOME directory: + + .. code:: sh + + $ mkdir -p $HOME/starlingx/ + +************************* +Install stx-tools project +************************* + +#. Under your $HOME directory, clone the project: + + .. code:: sh + + $ cd $HOME + $ git clone https://git.starlingx.io/stx-tools + +#. Navigate to the *<$HOME/stx-tools>* project + directory: + + .. code:: sh + + $ cd $HOME/stx-tools/ + +----------------------------- +Prepare the base Docker image +----------------------------- + +StarlingX base Docker image handles all steps related to StarlingX ISO +creation. This section describes how to customize the base Docker image +building process. + +******************** +Configuration values +******************** + +You can customize values for the StarlingX base Docker image using a +text-based configuration file named ``localrc``: + +- ``HOST_PREFIX`` points to the directory that hosts the 'designer' + subdirectory for source code, the 'loadbuild' subdirectory for + the build environment, generated RPMs, and the ISO image. +- ``HOST_MIRROR_DIR`` points to the directory that hosts the CentOS mirror + repository. + +^^^^^^^^^^^^^^^^^^^^^^^^^^ +localrc configuration file +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Create your ``localrc`` configuration file. For example: + + .. code:: sh + + # tbuilder localrc + MYUNAME= + PROJECT=starlingx + HOST_PREFIX=$HOME/starlingx/workspace + HOST_MIRROR_DIR=$HOME/starlingx/mirror + +*************************** +Build the base Docker image +*************************** + +Once the ``localrc`` configuration file has been customized, it is time +to build the base Docker image. + +#. If necessary, you might have to set http/https proxy in your + Dockerfile before building the docker image: + + .. code:: sh + + ENV http_proxy " http://your.actual_http_proxy.com:your_port " + ENV https_proxy " https://your.actual_https_proxy.com:your_port " + ENV ftp_proxy " http://your.actual_ftp_proxy.com:your_port " + RUN echo " proxy=http://your-proxy.com:port " >> /etc/yum.conf + +#. The ``tb.sh`` script automates the Base Docker image build: + + .. code:: sh + + ./tb.sh create + +---------------------------------- +Build the CentOS mirror repository +---------------------------------- + +The creation of the StarlingX ISO relies on a repository of RPM Binaries, +RPM Sources, and Tar Compressed files. This section describes how to build +this CentOS mirror repository. + +******************************* +Run repository Docker container +******************************* + +| Run the following commands under a terminal identified as "**One**": + +#. Navigate to the *$HOME/stx-tools/centos-mirror-tool* project + directory: + + .. code:: sh + + $ cd $HOME/stx-tools/centos-mirror-tools/ + +#. Launch the Docker container using the previously created base Docker image + *:*. As /localdisk is defined as the workdir of the + container, you should use the same folder name to define the volume. + The container starts to run and populate 'logs' and 'output' folders in + this directory. The container runs from the same directory in which the + scripts are stored. + + .. code:: sh + + $ docker run -it --volume $(pwd):/localdisk local/$USER-stx-builder:7.4 bash + +***************** +Download packages +***************** + +#. Inside the Docker container, enter the following commands to download + the required packages to populate the CentOS mirror repository: + + :: + + # cd localdisk && bash download_mirror.sh + +#. Monitor the download of packages until it is complete. When the download + is complete, the following message appears: + + :: + + totally 17 files are downloaded! + step #3: done successfully + IMPORTANT: The following 3 files are just bootstrap versions. Based on them, the workable images + for StarlingX could be generated by running "update-pxe-network-installer" command after "build-iso" + - out/stx-r1/CentOS/pike/Binary/LiveOS/squashfs.img + - out/stx-r1/CentOS/pike/Binary/images/pxeboot/initrd.img + - out/stx-r1/CentOS/pike/Binary/images/pxeboot/vmlinuz + +*************** +Verify packages +*************** + +#. Verify no missing or failed packages exist: + + :: + + # cat logs/*_missing_*.log + # cat logs/*_failmove_*.log + +#. In case missing or failed packages do exist, which is usually caused by + network instability (or timeout), you need to download the packages + manually. + Doing so assures you get all RPMs listed in + *rpms_3rdparties.lst*/*rpms_centos.lst*/*rpms_centos3rdparties.lst*. + +****************** +Packages structure +****************** + +The following is a general overview of the packages structure resulting +from downloading the packages: + +:: + + /home//stx-tools/centos-mirror-tools/output + └── stx-r1 + └── CentOS + └── pike + ├── Binary + │   ├── EFI + │   ├── images + │   ├── isolinux + │   ├── LiveOS + │   ├── noarch + │   └── x86_64 + ├── downloads + │   ├── integrity + │   └── puppet + └── Source + +******************************* +Create CentOS mirror repository +******************************* + +Outside your Repository Docker container, in another terminal identified +as "**Two**", run the following commands: + +#. From terminal identified as "**Two**", create a *mirror/CentOS* + directory under your *starlingx* workspace directory: + + .. code:: sh + + $ mkdir -p $HOME/starlingx/mirror/CentOS/ + +#. Copy the built CentOS Mirror Repository built under + *$HOME/stx-tools/centos-mirror-tool* to the *$HOME/starlingx/mirror/* + workspace directory: + + .. code:: sh + + $ cp -r $HOME/stx-tools/centos-mirror-tools/output/stx-r1/ $HOME/starlingx/mirror/CentOS/ + + +------------------------- +Create StarlingX packages +------------------------- + +***************************** +Run building Docker container +***************************** + +#. From the terminal identified as "**Two**", create the workspace folder: + + .. code:: sh + + $ mkdir -p $HOME/starlingx/workspace + +#. Navigate to the *$HOME/stx-tools* project directory: + + .. code:: sh + + $ cd $HOME/stx-tools + +#. Verify environment variables: + + .. code:: sh + + $ bash tb.sh env + +#. Run the building Docker container: + + .. code:: sh + + $ bash tb.sh run + +#. Execute the buiding Docker container: + + .. code:: sh + + $ bash tb.sh exec + +********************************* +Download source code repositories +********************************* + +#. From the terminal identified as "**Two**", which is now inside the + Building Docker container, start the internal environment: + + .. code:: sh + + $ eval $(ssh-agent) + $ ssh-add + +#. Use the repo tool to create a local clone of the stx-manifest + Git repository based on the "r/2018.10" branch: + + .. code:: sh + + $ cd $MY_REPO_ROOT_DIR + $ repo init -u https://git.starlingx.io/stx-manifest -m default.xml -b r/2018.10 + + **NOTE:** To use the "repo" command to clone the stx-manifest repository and + check out the "master" branch, omit the "-b r/2018.10" option. + Following is an example: + + .. code:: sh + + $ repo init -u https://git.starlingx.io/stx-manifest -m default.xml + +#. Synchronize the repository: + + .. code:: sh + + $ repo sync -j`nproc` + +#. Create a tarballs repository: + + .. code:: sh + + $ ln -s /import/mirrors/CentOS/stx-r1/CentOS/pike/downloads/ $MY_REPO/stx/ + + Alternatively, you can run the "populate_downloads.sh" script to copy + the tarballs instead of using a symlink: + + .. code:: sh + + $ populate_downloads.sh /import/mirrors/CentOS/stx-r1/CentOS/pike/ + + Outside the container + +#. From another terminal identified as "**Three**", create mirror binaries: + + .. code:: sh + + $ mkdir -p $HOME/starlingx/mirror/CentOS/stx-installer + $ cp $HOME/starlingx/mirror/CentOS/stx-r1/CentOS/pike/Binary/images/pxeboot/initrd.img $HOME/starlingx/mirror/CentOS/stx-installer/initrd.img + $ cp $HOME/starlingx/mirror/CentOS/stx-r1/CentOS/pike/Binary/images/pxeboot/vmlinuz $HOME/starlingx/mirror/CentOS/stx-installer/vmlinuz + $ cp $HOME/starlingx/mirror/CentOS/stx-r1/CentOS/pike/Binary/LiveOS/squashfs.img $HOME/starlingx/mirror/CentOS/stx-installer/squashfs.img + +************** +Build packages +************** + +#. Go back to the terminal identified as "**Two**", which is the Building Docker container. + +#. **Temporal!** Build-Pkgs Errors. Be prepared to have some missing / + corrupted rpm and tarball packages generated during + `Build the CentOS Mirror Repository`_, which will cause the next step + to fail. If that step does fail, manually download those missing / + corrupted packages. + +#. Update the symbolic links: + + .. code:: sh + + $ generate-cgcs-centos-repo.sh /import/mirrors/CentOS/stx-r1/CentOS/pike/ + +#. Build the packages: + + .. code:: sh + + $ build-pkgs + +#. **Optional!** Generate-Cgcs-Tis-Repo: + + While this step is optional, it improves performance on subsequent + builds. The cgcs-tis-repo has the dependency information that + sequences the build order. To generate or update the information, you + need to execute the following command after building modified or new + packages. + + .. code:: sh + + $ generate-cgcs-tis-repo + +------------------- +Build StarlingX ISO +------------------- + +#. Build the image: + + .. code:: sh + + $ build-iso + +--------------- +Build installer +--------------- + +To get your StarlingX ISO ready to use, you must create the initialization +files used to boot the ISO, additional controllers, and compute nodes. + +**NOTE:** You only need this procedure during your first build and +every time you upgrade the kernel. + +After running "build-iso", run: + +.. code:: sh + + $ build-pkgs --installer + +This builds *rpm* and *anaconda* packages. Then run: + +.. code:: sh + + $ update-pxe-network-installer + +The *update-pxe-network-installer* covers the steps detailed in +*$MY_REPO/stx/stx-metal/installer/initrd/README*. This script +creates three files on +*/localdisk/loadbuild/pxe-network-installer/output*. + +:: + + new-initrd.img + new-squashfs.img + new-vmlinuz + +Rename the files as follows: + +:: + + initrd.img + squashfs.img + vmlinuz + +Two ways exist for using these files: + +#. Store the files in the */import/mirror/CentOS/stx-installer/* folder + for future use. +#. Store the files in an arbitrary location and modify the + *$MY_REPO/stx/stx-metal/installer/pxe-network-installer/centos/build_srpm.data* + file to point to these files. + +Recreate the *pxe-network-installer* package and rebuild the image: + +.. code:: sh + + $ build-pkgs --clean pxe-network-installer + $ build-pkgs pxe-network-installer + $ build-iso + +Your ISO image should be able to boot. + +**************** +Additional notes +**************** + +- In order to get the first boot working, this complete procedure needs + to be done. However, once the init files are created, these can be + stored in a shared location where different developers can make use + of them. Updating these files is not a frequent task and should be + done whenever the kernel is upgraded. +- StarlingX is in active development. Consequently, it is possible that in the + future the **0.2** version will change to a more generic solution. + +--------------- +Build avoidance +--------------- + +******* +Purpose +******* + +Greatly reduce build times after using "repo" to syncronized a local +repository with an upstream source (i.e. "repo sync"). +Build avoidance works well for designers working +within a regional office. Starting from a new workspace, "build-pkgs" +typically requires three or more hours to complete. Build avoidance +reduces this step to approximately 20 minutes. + +*********** +Limitations +*********** + +- Little or no benefit for designers who refresh a pre-existing + workspace at least daily (e.g. download_mirror.sh, repo sync, + generate-cgcs-centos-repo.sh, build-pkgs, build-iso). In these cases, + an incremental build (i.e. reuse of same workspace without a "build-pkgs + --clean") is often just as efficient. +- Not likely to be useful to solo designers, or teleworkers that wish + to compile on using their home computers. Build avoidance downloads build + artifacts from a reference build, and WAN speeds are generally too + slow. + +***************** +Method (in brief) +***************** + +#. Reference Builds + + - A server in the regional office performs regular (e.g. daily) + automated builds using existing methods. These builds are called + "reference builds". + - The builds are timestamped and preserved for some time (i.e. a + number of weeks). + - A build CONTEXT, which is a file produced by "build-pkgs" + at location *$MY_WORKSPACE/CONTEXT*, is captured. It is a bash script that can + cd to each and every Git and checkout the SHA that contributed to + the build. + - For each package built, a file captures the md5sums of all the + source code inputs required to build that package. These files are + also produced by "build-pkgs" at location + *$MY_WORKSPACE//rpmbuild/SOURCES//srpm_reference.md5*. + - All these build products are accessible locally (e.g. a regional + office) using "rsync". + + **NOTE:** Other protocols can be added later. + +#. Designers + + - Request a build avoidance build. Recommended after you have + done synchronized the repository (i.e. "repo sync"). + + :: + + repo sync + generate-cgcs-centos-repo.sh + populate_downloads.sh + build-pkgs --build-avoidance + + - Use combinations of additional arguments, environment variables, and a + configuration file unique to the regional office to specify an URL + to the reference builds. + + - Using a configuration file to specify the location of your reference build: + + :: + + mkdir -p $MY_REPO/local-build-data + + cat <<- EOF > $MY_REPO/local-build-data/build_avoidance_source + # Optional, these are already the default values. + BUILD_AVOIDANCE_DATE_FORMAT="%Y%m%d" + BUILD_AVOIDANCE_TIME_FORMAT="%H%M%S" + BUILD_AVOIDANCE_DATE_TIME_DELIM="T" + BUILD_AVOIDANCE_DATE_TIME_POSTFIX="Z" + BUILD_AVOIDANCE_DATE_UTC=1 + BUILD_AVOIDANCE_FILE_TRANSFER="rsync" + + # Required, unique values for each regional office + BUILD_AVOIDANCE_USR="jenkins" + BUILD_AVOIDANCE_HOST="stx-builder.mycompany.com" + BUILD_AVOIDANCE_DIR="/localdisk/loadbuild/jenkins/StarlingX_Reference_Build" + EOF + + - Using command-line arguments to specify the location of your reference + build: + + :: + + build-pkgs --build-avoidance --build-avoidance-dir /localdisk/loadbuild/jenkins/StarlingX_Reference_Build --build-avoidance-host stx-builder.mycompany.com --build-avoidance-user jenkins + + - Prior to your build attempt, you need to accept the host key. + Doing so prevents "rsync" failures on a "yes/no" prompt. + You only have to do this once. + + :: + + grep -q $BUILD_AVOIDANCE_HOST $HOME/.ssh/known_hosts + if [ $? != 0 ]; then + ssh-keyscan $BUILD_AVOIDANCE_HOST >> $HOME/.ssh/known_hosts + fi + + + - "build-pkgs" does the following: + + - From newest to oldest, scans the CONTEXTs of the various + reference builds. Selects the first (i.e. most recent) context that + satisfies the following requirement: every Git the SHA + specifies in the CONTEXT is present. + - The selected context might be slightly out of date, but not by + more than a day. This assumes daily reference builds are run. + - If the context has not been previously downloaded, then + download it now. This means you need to download select portions of the + reference build workspace into the designer's workspace. This + includes all the SRPMS, RPMS, MD5SUMS, and miscellaneous supporting + files. Downloading these files usually takes about 10 minutes + over an office LAN. + - The designer could have additional commits or uncommitted changes + not present in the reference builds. Affected packages are + identified by the differing md5sum's. In these cases, the packages + are re-built. Re-builds usually take five or more minutes, + depending on the packages that have changed. + + - What if no valid reference build is found? Then build-pkgs will fall + back to a regular build. + +**************** +Reference builds +**************** + +- The regional office implements an automated build that pulls the + latest StarlingX software and builds it on a regular basis (e.g. + daily builds). Jenkins, cron, or similar tools can trigger these builds. +- Each build is saved to a unique directory, and preserved for a time + that is reflective of how long a designer might be expected to work + on a private branch without syncronizing with the master branch. + This takes about two weeks. + +- The *MY_WORKSPACE* directory for the build shall have a common root + directory, and a leaf directory that is a sortable time stamp. The + suggested format is *YYYYMMDDThhmmss*. + + .. code:: sh + + $ sudo apt-get update + BUILD_AVOIDANCE_DIR="/localdisk/loadbuild/jenkins/StarlingX_Reference_Build" + BUILD_TIMESTAMP=$(date -u '+%Y%m%dT%H%M%SZ') + MY_WORKSPACE=${BUILD_AVOIDANCE_DIR}/${BUILD_TIMESTAMP} + +- Designers can access all build products over the internal network of + the regional office. The current prototype employs "rsync". Other + protocols that can efficiently share, copy, or transfer large directories + of content can be added as needed. + +^^^^^^^^^^^^^^ +Advanced usage +^^^^^^^^^^^^^^ + +Can the reference build itself use build avoidance? Yes it can. +Can it reference itself? Yes it can. +In both these cases, caution is advised. To protect against any possible +'divergence from reality', you should limit how many steps you remove +a build avoidance build from a full build. + +Suppose we want to implement a self-referencing daily build in an +environment where a full build already occurs every Saturday. +To protect ourselves from a +build failure on Saturday we also want a limit of seven days since +the last full build. Your build script might look like this ... + +:: + + ... + BUILD_AVOIDANCE_DIR="/localdisk/loadbuild/jenkins/StarlingX_Reference_Build" + BUILD_AVOIDANCE_HOST="stx-builder.mycompany.com" + FULL_BUILD_DAY="Saturday" + MAX_AGE_DAYS=7 + + LAST_FULL_BUILD_LINK="$BUILD_AVOIDANCE_DIR/latest_full_build" + LAST_FULL_BUILD_DAY="" + NOW_DAY=$(date -u "+%A") + BUILD_TIMESTAMP=$(date -u '+%Y%m%dT%H%M%SZ') + MY_WORKSPACE=${BUILD_AVOIDANCE_DIR}/${BUILD_TIMESTAMP} + + # update software + repo init -u ${BUILD_REPO_URL} -b ${BUILD_BRANCH} + repo sync --force-sync + $MY_REPO_ROOT_DIR/stx-tools/toCOPY/generate-cgcs-centos-repo.sh + $MY_REPO_ROOT_DIR/stx-tools/toCOPY/populate_downloads.sh + + # User can optionally define BUILD_METHOD equal to one of 'FULL', 'AVOIDANCE', or 'AUTO' + # Sanitize BUILD_METHOD + if [ "$BUILD_METHOD" != "FULL" ] && [ "$BUILD_METHOD" != "AVOIDANCE" ]; then + BUILD_METHOD="AUTO" + fi + + # First build test + if [ "$BUILD_METHOD" != "FULL" ] && [ ! -L $LAST_FULL_BUILD_LINK ]; then + echo "latest_full_build symlink missing, forcing full build" + BUILD_METHOD="FULL" + fi + + # Build day test + if [ "$BUILD_METHOD" == "AUTO" ] && [ "$NOW_DAY" == "$FULL_BUILD_DAY" ]; then + echo "Today is $FULL_BUILD_DAY, forcing full build" + BUILD_METHOD="FULL" + fi + + # Build age test + if [ "$BUILD_METHOD" != "FULL" ]; then + LAST_FULL_BUILD_DATE=$(basename $(readlink $LAST_FULL_BUILD_LINK) | cut -d '_' -f 1) + LAST_FULL_BUILD_DAY=$(date -d $LAST_FULL_BUILD_DATE "+%A") + AGE_SECS=$(( $(date "+%s") - $(date -d $LAST_FULL_BUILD_DATE "+%s") )) + AGE_DAYS=$(( $AGE_SECS/60/60/24 )) + if [ $AGE_DAYS -ge $MAX_AGE_DAYS ]; then + echo "Haven't had a full build in $AGE_DAYS days, forcing full build" + BUILD_METHOD="FULL" + fi + BUILD_METHOD="AVOIDANCE" + fi + + #Build it + if [ "$BUILD_METHOD" == "FULL" ]; then + build-pkgs --no-build-avoidance + else + build-pkgs --build-avoidance --build-avoidance-dir $BUILD_AVOIDANCE_DIR --build-avoidance-host $BUILD_AVOIDANCE_HOST --build-avoidance-user $USER + fi + if [ $? -ne 0 ]; then + echo "Build failed in build-pkgs" + exit 1 + fi + + build-iso + if [ $? -ne 0 ]; then + echo "Build failed in build-iso" + exit 1 + fi + + if [ "$BUILD_METHOD" == "FULL" ]; then + # A successful full build. Set last full build symlink. + if [ -L $LAST_FULL_BUILD_LINK ]; then + rm -rf $LAST_FULL_BUILD_LINK + fi + ln -sf $MY_WORKSPACE $LAST_FULL_BUILD_LINK + fi + ... + +A final note.... + +To use the full build day as your avoidance build reference point, +modify the "build-pkgs" commands above to use "--build-avoidance-day ", +as shown in the following two examples: + +:: + + build-pkgs --build-avoidance --build-avoidance-dir $BUILD_AVOIDANCE_DIR --build-avoidance-host $BUILD_AVOIDANCE_HOST --build-avoidance-user $USER --build-avoidance-day $FULL_BUILD_DAY + + # Here is another example with a bit more shuffling of the above script. + + build-pkgs --build-avoidance --build-avoidance-dir $BUILD_AVOIDANCE_DIR --build-avoidance-host $BUILD_AVOIDANCE_HOST --build-avoidance-user $USER --build-avoidance-day $LAST_FULL_BUILD_DAY + +The advantage is that our build is never more than one step removed +from a full build. This assumes the full build was successful. + +The disadvantage is that by the end of the week, the reference build is getting +rather old. During active weeks, build times could approach build times for +full builds. diff --git a/doc/source/developer_guide/index.rst b/doc/source/developer_guide/index.rst index 250a1f1ad..22eefd12c 100644 --- a/doc/source/developer_guide/index.rst +++ b/doc/source/developer_guide/index.rst @@ -1,838 +1,16 @@ -.. _developer-guide: +================ +Developer guides +================ -=============== -Developer Guide -=============== +Developer guides for StarlingX are release specific. To build a +StarlingX ISO from the latest release, use the +:doc:`/developer_guide/2018_10/index`. -This section contains the steps for building a StarlingX ISO from -the "r/2018.10" branch. +To build an ISO from a previous release of StarlingX, use the +developer guide for your specific release: ------------- -Requirements ------------- +.. toctree:: + :maxdepth: 1 -The recommended minimum requirements include: - -********************* -Hardware Requirements -********************* - -A workstation computer with: - -- Processor: x86_64 is the only supported architecture -- Memory: At least 32GB RAM -- Hard Disk: 500GB HDD -- Network: Network adapter with active Internet connection - -********************* -Software Requirements -********************* - -A workstation computer with: - -- Operating System: Ubuntu 16.04 LTS 64-bit -- Docker -- Android Repo Tool -- Proxy Settings Configured (If Required) - - - See - http://lists.starlingx.io/pipermail/starlingx-discuss/2018-July/000136.html - for more details - -- Public SSH Key - ------------------------------ -Development Environment Setup ------------------------------ - -This section describes how to set up a StarlingX development system on a -workstation computer. After completing these steps, you can -build a StarlingX ISO image on the following Linux distribution: - -- Ubuntu 16.04 LTS 64-bit - -**************************** -Update Your Operating System -**************************** - -Before proceeding with the build, ensure your Ubuntu distribution is up to date. -You first need to update the local database list of available packages: - -.. code:: sh - - $ sudo apt-get update - -****************************************** -Installation Requirements and Dependencies -****************************************** - -^^^^ -User -^^^^ - -1. Make sure you are a non-root user with sudo enabled when you build the - StarlingX ISO. You also need to either use your existing user or create a - separate **: - - .. code:: sh - - $ sudo useradd -m -d /home/ - -2. Your ** should have sudo privileges: - - .. code:: sh - - $ sudo sh -c "echo ' ALL=(ALL:ALL) ALL' >> /etc/sudoers" - $ sudo su -c - -^^^ -Git -^^^ - -3. Install the required packages on the Ubuntu host system: - - .. code:: sh - - $ sudo apt-get install make git curl - -4. Make sure to set up your identity using the following two commands. - Be sure to provide your actual name and email address: - - .. code:: sh - - $ git config --global user.name "Name LastName" - $ git config --global user.email "Email Address" - -^^^^^^^^^ -Docker CE -^^^^^^^^^ - -5. Install the required Docker CE packages in the Ubuntu host system. See - `Get Docker CE for - Ubuntu `__ - for more information. - -6. Log out and log in to add your ** to the Docker group: - - .. code:: sh - - $ sudo usermod -aG docker - -^^^^^^^^^^^^^^^^^ -Android Repo Tool -^^^^^^^^^^^^^^^^^ - -7. Install the required Android Repo Tool in the Ubuntu host system. Follow - the steps in the `Installing - Repo `__ - section. - -********************** -Install Public SSH Key -********************** - -#. Follow these instructions on GitHub to `Generate a Public SSH - Key `__. - Then upload your public key to your GitHub and Gerrit account - profiles: - - - `Upload to - Github `__ - - `Upload to - Gerrit `__ - -**************************** -Create a Workspace Directory -**************************** - -#. Create a *starlingx* workspace directory on your system. - Best practices dictate creating the workspace directory - in your $HOME directory: - - .. code:: sh - - $ mkdir -p $HOME/starlingx/ - -************************* -Install stx-tools Project -************************* - -#. Under your $HOME directory, clone the project: - - .. code:: sh - - $ cd $HOME - $ git clone https://git.starlingx.io/stx-tools - -#. Navigate to the *<$HOME/stx-tools>* project - directory: - - .. code:: sh - - $ cd $HOME/stx-tools/ - ------------------------------ -Prepare the Base Docker Image ------------------------------ - -StarlingX base docker image handles all steps related to StarlingX ISO -creation. This section describes how to customize the base Docker image -building process. - -******************** -Configuration Values -******************** - -You can customize values for the StarlingX base Docker image using a -text-based configuration file named ``localrc``: - -- ``HOST_PREFIX`` points to the directory that hosts the 'designer' - subdirectory for source code, the 'loadbuild' subdirectory for - the build environment, generated RPMs, and the ISO image. -- ``HOST_MIRROR_DIR`` points to the directory that hosts the CentOS mirror - repository. - -^^^^^^^^^^^^^^^^^^^^^^^^^^ -localrc configuration file -^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Create your ``localrc`` configuration file. Following is an example: - - .. code:: sh - - # tbuilder localrc - MYUNAME= - PROJECT=starlingx - HOST_PREFIX=$HOME/starlingx/workspace - HOST_MIRROR_DIR=$HOME/starlingx/mirror - -*************************** -Build the base Docker image -*************************** - -Once the ``localrc`` configuration file has been customized, it is time -to build the base Docker image. - -#. If necessary, you might have to set http/https proxy in your - Dockerfile before building the docker image: - - .. code:: sh - - ENV http_proxy " http://your.actual_http_proxy.com:your_port " - ENV https_proxy " https://your.actual_https_proxy.com:your_port " - ENV ftp_proxy " http://your.actual_ftp_proxy.com:your_port " - RUN echo " proxy=http://your-proxy.com:port " >> /etc/yum.conf - -#. The ``tb.sh`` script automates the Base Docker image build: - - .. code:: sh - - ./tb.sh create - ----------------------------------- -Build the CentOS Mirror Repository ----------------------------------- - -The creation of the StarlingX ISO relies on a repository of RPM Binaries, -RPM Sources, and Tar Compressed files. This section describes how to build -this CentOS mirror repository. - -******************************* -Run Repository Docker Container -******************************* - -| Run the following commands under a terminal identified as "**One**": - -#. Navigate to the *$HOME/stx-tools/centos-mirror-tool* project - directory: - - .. code:: sh - - $ cd $HOME/stx-tools/centos-mirror-tools/ - -#. Launch the Docker container using the previously created base Docker image - *:*. As /localdisk is defined as the workdir of the - container, you should use the same folder name to define the volume. - The container starts to run and populate 'logs' and 'output' folders in - this directory. The container runs from the same directory in which the - scripts are stored. - - .. code:: sh - - $ docker run -it --volume $(pwd):/localdisk local/$USER-stx-builder:7.4 bash - -***************** -Download Packages -***************** - -#. Inside the Docker container, enter the following commands to download - the required packages to populate the CentOS mirror repository: - - :: - - # cd localdisk && bash download_mirror.sh - -#. Monitor the download of packages until it is complete. When the download - is complete, the following message appears: - - :: - - totally 17 files are downloaded! - step #3: done successfully - IMPORTANT: The following 3 files are just bootstrap versions. Based on them, the workable images - for StarlingX could be generated by running "update-pxe-network-installer" command after "build-iso" - - out/stx-r1/CentOS/pike/Binary/LiveOS/squashfs.img - - out/stx-r1/CentOS/pike/Binary/images/pxeboot/initrd.img - - out/stx-r1/CentOS/pike/Binary/images/pxeboot/vmlinuz - -*************** -Verify Packages -*************** - -#. Verify no missing or failed packages exist: - - :: - - # cat logs/*_missing_*.log - # cat logs/*_failmove_*.log - -#. In case missing or failed packages do exist, which is usually caused by - network instability (or timeout), you need to download the packages - manually. - Doing so assures you get all RPMs listed in - *rpms_3rdparties.lst*/*rpms_centos.lst*/*rpms_centos3rdparties.lst*. - -****************** -Packages Structure -****************** - -The following is a general overview of the packages structure resulting -from downloading the packages: - -:: - - /home//stx-tools/centos-mirror-tools/output - └── stx-r1 - └── CentOS - └── pike - ├── Binary - │   ├── EFI - │   ├── images - │   ├── isolinux - │   ├── LiveOS - │   ├── noarch - │   └── x86_64 - ├── downloads - │   ├── integrity - │   └── puppet - └── Source - -******************************* -Create CentOS Mirror Repository -******************************* - -Outside your Repository Docker container, in another terminal identified -as "**Two**", run the following commands: - -#. From terminal identified as "**Two**", create a *mirror/CentOS* - directory under your *starlingx* workspace directory: - - .. code:: sh - - $ mkdir -p $HOME/starlingx/mirror/CentOS/ - -#. Copy the built CentOS Mirror Repository built under - *$HOME/stx-tools/centos-mirror-tool* to the *$HOME/starlingx/mirror/* - workspace directory: - - .. code:: sh - - $ cp -r $HOME/stx-tools/centos-mirror-tools/output/stx-r1/ $HOME/starlingx/mirror/CentOS/ - - -------------------------- -Create StarlingX Packages -------------------------- - -***************************** -Run Building Docker Container -***************************** - -#. From the terminal identified as "**Two**", create the workspace folder: - - .. code:: sh - - $ mkdir -p $HOME/starlingx/workspace - -#. Navigate to the *$HOME/stx-tools* project directory: - - .. code:: sh - - $ cd $HOME/stx-tools - -#. Verify environment variables: - - .. code:: sh - - $ bash tb.sh env - -#. Run the building Docker container: - - .. code:: sh - - $ bash tb.sh run - -#. Execute the buiding Docker container: - - .. code:: sh - - $ bash tb.sh exec - -********************************* -Download Source Code Repositories -********************************* - -#. From the terminal identified as "**Two**", which is now inside the - Building Docker container, start the internal environment: - - .. code:: sh - - $ eval $(ssh-agent) - $ ssh-add - -#. Use the repo tool to create a local clone of the stx-manifest - Git repository based on the "r/2018.10" branch: - - .. code:: sh - - $ cd $MY_REPO_ROOT_DIR - $ repo init -u https://git.starlingx.io/stx-manifest -m default.xml -b r/2018.10 - - **NOTE:** To use the "repo" command to clone the stx-manifest repository and - check out the "master" branch, omit the "-b r/2018.10" option. - Following is an example: - - .. code:: sh - - $ repo init -u https://git.starlingx.io/stx-manifest -m default.xml - -#. Synchronize the repository: - - .. code:: sh - - $ repo sync -j`nproc` - -#. Create a tarballs repository: - - .. code:: sh - - $ ln -s /import/mirrors/CentOS/stx-r1/CentOS/pike/downloads/ $MY_REPO/stx/ - - Alternatively, you can run the "populate_downloads.sh" script to copy - the tarballs instead of using a symlink: - - .. code:: sh - - $ populate_downloads.sh /import/mirrors/CentOS/stx-r1/CentOS/pike/ - - Outside the container - -#. From another terminal identified as "**Three**", create mirror binaries: - - .. code:: sh - - $ mkdir -p $HOME/starlingx/mirror/CentOS/stx-installer - $ cp $HOME/starlingx/mirror/CentOS/stx-r1/CentOS/pike/Binary/images/pxeboot/initrd.img $HOME/starlingx/mirror/CentOS/stx-installer/initrd.img - $ cp $HOME/starlingx/mirror/CentOS/stx-r1/CentOS/pike/Binary/images/pxeboot/vmlinuz $HOME/starlingx/mirror/CentOS/stx-installer/vmlinuz - $ cp $HOME/starlingx/mirror/CentOS/stx-r1/CentOS/pike/Binary/LiveOS/squashfs.img $HOME/starlingx/mirror/CentOS/stx-installer/squashfs.img - -************** -Build Packages -************** - -#. Go back to the terminal identified as "**Two**", which is the Building Docker container. - -#. **Temporal!** Build-Pkgs Errors. Be prepared to have some missing / - corrupted rpm and tarball packages generated during - `Build the CentOS Mirror Repository`_, which will cause the next step - to fail. If that step does fail, manually download those missing / - corrupted packages. - -#. Update the symbolic links: - - .. code:: sh - - $ generate-cgcs-centos-repo.sh /import/mirrors/CentOS/stx-r1/CentOS/pike/ - -#. Build the packages: - - .. code:: sh - - $ build-pkgs - -#. **Optional!** Generate-Cgcs-Tis-Repo: - - While this step is optional, it improves performance on subsequent - builds. The cgcs-tis-repo has the dependency information that - sequences the build order. To generate or update the information, you - need to execute the following command after building modified or new - packages. - - .. code:: sh - - $ generate-cgcs-tis-repo - -------------------- -Build StarlingX ISO -------------------- - -#. Build the image: - - .. code:: sh - - $ build-iso - ---------------- -Build Installer ---------------- - -To get your StarlingX ISO ready to use, you must create the initialization -files used to boot the ISO, additional controllers, and compute nodes. - -**NOTE:** You only need this procedure during your first build and -every time you upgrade the kernel. - -After running "build-iso", run: - -.. code:: sh - - $ build-pkgs --installer - -This builds *rpm* and *anaconda* packages. Then run: - -.. code:: sh - - $ update-pxe-network-installer - -The *update-pxe-network-installer* covers the steps detailed in -*$MY_REPO/stx/stx-metal/installer/initrd/README*. This script -creates three files on -*/localdisk/loadbuild/pxe-network-installer/output*. - -:: - - new-initrd.img - new-squashfs.img - new-vmlinuz - -Rename the files as follows: - -:: - - initrd.img - squashfs.img - vmlinuz - -Two ways exist for using these files: - -#. Store the files in the */import/mirror/CentOS/stx-installer/* folder - for future use. -#. Store the files in an arbitrary location and modify the - *$MY_REPO/stx/stx-metal/installer/pxe-network-installer/centos/build_srpm.data* - file to point to these files. - -Recreate the *pxe-network-installer* package and rebuild the image: - -.. code:: sh - - $ build-pkgs --clean pxe-network-installer - $ build-pkgs pxe-network-installer - $ build-iso - -Your ISO image should be able to boot. - -**************** -Additional Notes -**************** - -- In order to get the first boot working, this complete procedure needs - to be done. However, once the init files are created, these can be - stored in a shared location where different developers can make use - of them. Updating these files is not a frequent task and should be - done whenever the kernel is upgraded. -- StarlingX is in active development. Consequently, it is possible that in the - future the **0.2** version will change to a more generic solution. - ---------------- -Build Avoidance ---------------- - -******* -Purpose -******* - -Greatly reduce build times after using "repo" to syncronized a local -repository with an upstream source (i.e. "repo sync"). -Build avoidance works well for designers working -within a regional office. Starting from a new workspace, "build-pkgs" -typically requires three or more hours to complete. Build avoidance -reduces this step to approximately 20 minutes. - -*********** -Limitations -*********** - -- Little or no benefit for designers who refresh a pre-existing - workspace at least daily (e.g. download_mirror.sh, repo sync, - generate-cgcs-centos-repo.sh, build-pkgs, build-iso). In these cases, - an incremental build (i.e. reuse of same workspace without a "build-pkgs - --clean") is often just as efficient. -- Not likely to be useful to solo designers, or teleworkers that wish - to compile on using their home computers. Build avoidance downloads build - artifacts from a reference build, and WAN speeds are generally too - slow. - -***************** -Method (in brief) -***************** - -#. Reference Builds - - - A server in the regional office performs regular (e.g. daily) - automated builds using existing methods. These builds are called - "reference builds". - - The builds are timestamped and preserved for some time (i.e. a - number of weeks). - - A build CONTEXT, which is a file produced by "build-pkgs" - at location *$MY_WORKSPACE/CONTEXT*, is captured. It is a bash script that can - cd to each and every Git and checkout the SHA that contributed to - the build. - - For each package built, a file captures the md5sums of all the - source code inputs required to build that package. These files are - also produced by "build-pkgs" at location - *$MY_WORKSPACE//rpmbuild/SOURCES//srpm_reference.md5*. - - All these build products are accessible locally (e.g. a regional - office) using "rsync". - - **NOTE:** Other protocols can be added later. - -#. Designers - - - Request a build avoidance build. Recommended after you have - done synchronized the repository (i.e. "repo sync"). - - :: - - repo sync - generate-cgcs-centos-repo.sh - populate_downloads.sh - build-pkgs --build-avoidance - - - Use combinations of additional arguments, environment variables, and a - configuration file unique to the regional office to specify an URL - to the reference builds. - - - Using a configuration file to specify the location of your reference build: - - :: - - mkdir -p $MY_REPO/local-build-data - - cat <<- EOF > $MY_REPO/local-build-data/build_avoidance_source - # Optional, these are already the default values. - BUILD_AVOIDANCE_DATE_FORMAT="%Y%m%d" - BUILD_AVOIDANCE_TIME_FORMAT="%H%M%S" - BUILD_AVOIDANCE_DATE_TIME_DELIM="T" - BUILD_AVOIDANCE_DATE_TIME_POSTFIX="Z" - BUILD_AVOIDANCE_DATE_UTC=1 - BUILD_AVOIDANCE_FILE_TRANSFER="rsync" - - # Required, unique values for each regional office - BUILD_AVOIDANCE_USR="jenkins" - BUILD_AVOIDANCE_HOST="stx-builder.mycompany.com" - BUILD_AVOIDANCE_DIR="/localdisk/loadbuild/jenkins/StarlingX_Reference_Build" - EOF - - - Using command-line arguments to specify the location of your reference - build: - - :: - - build-pkgs --build-avoidance --build-avoidance-dir /localdisk/loadbuild/jenkins/StarlingX_Reference_Build --build-avoidance-host stx-builder.mycompany.com --build-avoidance-user jenkins - - - Prior to your build attempt, you need to accept the host key. - Doing so prevents "rsync" failures on a "yes/no" prompt. - You only have to do this once. - - :: - - grep -q $BUILD_AVOIDANCE_HOST $HOME/.ssh/known_hosts - if [ $? != 0 ]; then - ssh-keyscan $BUILD_AVOIDANCE_HOST >> $HOME/.ssh/known_hosts - fi - - - - "build-pkgs" does the following: - - - From newest to oldest, scans the CONTEXTs of the various - reference builds. Selects the first (i.e. most recent) context that - satisfies the following requirement: every Git the SHA - specifies in the CONTEXT is present. - - The selected context might be slightly out of date, but not by - more than a day. This assumes daily reference builds are run. - - If the context has not been previously downloaded, then - download it now. This means you need to download select portions of the - reference build workspace into the designer's workspace. This - includes all the SRPMS, RPMS, MD5SUMS, and miscellaneous supporting - files. Downloading these files usually takes about 10 minutes - over an office LAN. - - The designer could have additional commits or uncommitted changes - not present in the reference builds. Affected packages are - identified by the differing md5sum's. In these cases, the packages - are re-built. Re-builds usually take five or more minutes, - depending on the packages that have changed. - - - What if no valid reference build is found? Then build-pkgs will fall - back to a regular build. - -**************** -Reference Builds -**************** - -- The regional office implements an automated build that pulls the - latest StarlingX software and builds it on a regular basis (e.g. - daily builds). Jenkins, cron, or similar tools can trigger these builds. -- Each build is saved to a unique directory, and preserved for a time - that is reflective of how long a designer might be expected to work - on a private branch without syncronizing with the master branch. - This takes about two weeks. - -- The *MY_WORKSPACE* directory for the build shall have a common root - directory, and a leaf directory that is a sortable time stamp. The - suggested format is *YYYYMMDDThhmmss*. - - .. code:: sh - - $ sudo apt-get update - BUILD_AVOIDANCE_DIR="/localdisk/loadbuild/jenkins/StarlingX_Reference_Build" - BUILD_TIMESTAMP=$(date -u '+%Y%m%dT%H%M%SZ') - MY_WORKSPACE=${BUILD_AVOIDANCE_DIR}/${BUILD_TIMESTAMP} - -- Designers can access all build products over the internal network of - the regional office. The current prototype employs "rsync". Other - protocols that can efficiently share, copy, or transfer large directories - of content can be added as needed. - -^^^^^^^^^^^^^^ -Advanced Usage -^^^^^^^^^^^^^^ - -Can the reference build itself use build avoidance? Yes it can. -Can it reference itself? Yes it can. -In both these cases, caution is advised. To protect against any possible -'divergence from reality', you should limit how many steps you remove -a build avoidance build from a full build. - -Suppose we want to implement a self-referencing daily build in an -environment where a full build already occurs every Saturday. -To protect ourselves from a -build failure on Saturday we also want a limit of seven days since -the last full build. Your build script might look like this ... - -:: - - ... - BUILD_AVOIDANCE_DIR="/localdisk/loadbuild/jenkins/StarlingX_Reference_Build" - BUILD_AVOIDANCE_HOST="stx-builder.mycompany.com" - FULL_BUILD_DAY="Saturday" - MAX_AGE_DAYS=7 - - LAST_FULL_BUILD_LINK="$BUILD_AVOIDANCE_DIR/latest_full_build" - LAST_FULL_BUILD_DAY="" - NOW_DAY=$(date -u "+%A") - BUILD_TIMESTAMP=$(date -u '+%Y%m%dT%H%M%SZ') - MY_WORKSPACE=${BUILD_AVOIDANCE_DIR}/${BUILD_TIMESTAMP} - - # update software - repo init -u ${BUILD_REPO_URL} -b ${BUILD_BRANCH} - repo sync --force-sync - $MY_REPO_ROOT_DIR/stx-tools/toCOPY/generate-cgcs-centos-repo.sh - $MY_REPO_ROOT_DIR/stx-tools/toCOPY/populate_downloads.sh - - # User can optionally define BUILD_METHOD equal to one of 'FULL', 'AVOIDANCE', or 'AUTO' - # Sanitize BUILD_METHOD - if [ "$BUILD_METHOD" != "FULL" ] && [ "$BUILD_METHOD" != "AVOIDANCE" ]; then - BUILD_METHOD="AUTO" - fi - - # First build test - if [ "$BUILD_METHOD" != "FULL" ] && [ ! -L $LAST_FULL_BUILD_LINK ]; then - echo "latest_full_build symlink missing, forcing full build" - BUILD_METHOD="FULL" - fi - - # Build day test - if [ "$BUILD_METHOD" == "AUTO" ] && [ "$NOW_DAY" == "$FULL_BUILD_DAY" ]; then - echo "Today is $FULL_BUILD_DAY, forcing full build" - BUILD_METHOD="FULL" - fi - - # Build age test - if [ "$BUILD_METHOD" != "FULL" ]; then - LAST_FULL_BUILD_DATE=$(basename $(readlink $LAST_FULL_BUILD_LINK) | cut -d '_' -f 1) - LAST_FULL_BUILD_DAY=$(date -d $LAST_FULL_BUILD_DATE "+%A") - AGE_SECS=$(( $(date "+%s") - $(date -d $LAST_FULL_BUILD_DATE "+%s") )) - AGE_DAYS=$(( $AGE_SECS/60/60/24 )) - if [ $AGE_DAYS -ge $MAX_AGE_DAYS ]; then - echo "Haven't had a full build in $AGE_DAYS days, forcing full build" - BUILD_METHOD="FULL" - fi - BUILD_METHOD="AVOIDANCE" - fi - - #Build it - if [ "$BUILD_METHOD" == "FULL" ]; then - build-pkgs --no-build-avoidance - else - build-pkgs --build-avoidance --build-avoidance-dir $BUILD_AVOIDANCE_DIR --build-avoidance-host $BUILD_AVOIDANCE_HOST --build-avoidance-user $USER - fi - if [ $? -ne 0 ]; then - echo "Build failed in build-pkgs" - exit 1 - fi - - build-iso - if [ $? -ne 0 ]; then - echo "Build failed in build-iso" - exit 1 - fi - - if [ "$BUILD_METHOD" == "FULL" ]; then - # A successful full build. Set last full build symlink. - if [ -L $LAST_FULL_BUILD_LINK ]; then - rm -rf $LAST_FULL_BUILD_LINK - fi - ln -sf $MY_WORKSPACE $LAST_FULL_BUILD_LINK - fi - ... - -A final note.... - -To use the full build day as your avoidance build reference point, -modify the "build-pkgs" commands above to use "--build-avoidance-day ", -as shown in the following two examples: - -:: - - build-pkgs --build-avoidance --build-avoidance-dir $BUILD_AVOIDANCE_DIR --build-avoidance-host $BUILD_AVOIDANCE_HOST --build-avoidance-user $USER --build-avoidance-day $FULL_BUILD_DAY - - # Here is another example with a bit more shuffling of the above script. - - build-pkgs --build-avoidance --build-avoidance-dir $BUILD_AVOIDANCE_DIR --build-avoidance-host $BUILD_AVOIDANCE_HOST --build-avoidance-user $USER --build-avoidance-day $LAST_FULL_BUILD_DAY - -The advantage is that our build is never more than one step removed -from a full build. This assumes the full build was successful. - -The disadvantage is that by the end of the week, the reference build is getting -rather old. During active weeks, build times could approach build times for -full builds. + /developer_guide/latest/index + /developer_guide/2018_10/index diff --git a/doc/source/developer_guide/latest/index.rst b/doc/source/developer_guide/latest/index.rst new file mode 100644 index 000000000..4c4f458e9 --- /dev/null +++ b/doc/source/developer_guide/latest/index.rst @@ -0,0 +1,839 @@ +=========================== +Developer guide stx.2019.05 +=========================== + +This section contains the steps for building a StarlingX ISO from +the stx.2019.05 branch. + +If a developer guide is needed for a previous release, review the +:doc:`developer guides for all previous releases `. + +------------ +Requirements +------------ + +The recommended minimum requirements include: + +********************* +Hardware requirements +********************* + +A workstation computer with: + +- Processor: x86_64 is the only supported architecture +- Memory: At least 32GB RAM +- Hard Disk: 500GB HDD +- Network: Network adapter with active Internet connection + +********************* +Software requirements +********************* + +A workstation computer with: + +- Operating System: Ubuntu 16.04 LTS 64-bit +- Docker +- Android Repo Tool +- Proxy settings configured (if required) + + - See + http://lists.starlingx.io/pipermail/starlingx-discuss/2018-July/000136.html + for more details + +- Public SSH key + +----------------------------- +Development environment setup +----------------------------- + +This section describes how to set up a StarlingX development system on a +workstation computer. After completing these steps, you can +build a StarlingX ISO image on the following Linux distribution: + +- Ubuntu 16.04 LTS 64-bit + +**************************** +Update your operating system +**************************** + +Before proceeding with the build, ensure your Ubuntu distribution is up to date. +You first need to update the local database list of available packages: + +.. code:: sh + + $ sudo apt-get update + +****************************************** +Installation requirements and dependencies +****************************************** + +^^^^ +User +^^^^ + +1. Make sure you are a non-root user with sudo enabled when you build the + StarlingX ISO. You also need to either use your existing user or create a + separate **: + + .. code:: sh + + $ sudo useradd -m -d /home/ + +2. Your ** should have sudo privileges: + + .. code:: sh + + $ sudo sh -c "echo ' ALL=(ALL:ALL) ALL' >> /etc/sudoers" + $ sudo su -c + +^^^ +Git +^^^ + +3. Install the required packages on the Ubuntu host system: + + .. code:: sh + + $ sudo apt-get install make git curl + +4. Make sure to set up your identity using the following two commands. + Be sure to provide your actual name and email address: + + .. code:: sh + + $ git config --global user.name "Name LastName" + $ git config --global user.email "Email Address" + +^^^^^^^^^ +Docker CE +^^^^^^^^^ + +5. Install the required Docker CE packages in the Ubuntu host system. See + `Get Docker CE for + Ubuntu `__ + for more information. + +6. Log out and log in to add your ** to the Docker group: + + .. code:: sh + + $ sudo usermod -aG docker + +^^^^^^^^^^^^^^^^^ +Android Repo Tool +^^^^^^^^^^^^^^^^^ + +7. Install the required Android Repo Tool in the Ubuntu host system. Follow + the steps in the `Installing + Repo `__ + section. + +********************** +Install public SSH key +********************** + +#. Follow these instructions on GitHub to `Generate a Public SSH + Key `__. + Then upload your public key to your GitHub and Gerrit account + profiles: + + - `Upload to + Github `__ + - `Upload to + Gerrit `__ + +**************************** +Create a workspace directory +**************************** + +#. Create a *starlingx* workspace directory on your system. + Best practices dictate creating the workspace directory + in your $HOME directory: + + .. code:: sh + + $ mkdir -p $HOME/starlingx/ + +************************* +Install stx-tools project +************************* + +#. Under your $HOME directory, clone the project: + + .. code:: sh + + $ cd $HOME + $ git clone https://git.starlingx.io/stx-tools + +#. Navigate to the *<$HOME/stx-tools>* project + directory: + + .. code:: sh + + $ cd $HOME/stx-tools/ + +----------------------------- +Prepare the base Docker image +----------------------------- + +StarlingX base Docker image handles all steps related to StarlingX ISO +creation. This section describes how to customize the base Docker image +building process. + +******************** +Configuration values +******************** + +You can customize values for the StarlingX base Docker image using a +text-based configuration file named ``localrc``: + +- ``HOST_PREFIX`` points to the directory that hosts the 'designer' + subdirectory for source code, the 'loadbuild' subdirectory for + the build environment, generated RPMs, and the ISO image. +- ``HOST_MIRROR_DIR`` points to the directory that hosts the CentOS mirror + repository. + +^^^^^^^^^^^^^^^^^^^^^^^^^^ +localrc configuration file +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Create your ``localrc`` configuration file. For example: + + .. code:: sh + + # tbuilder localrc + MYUNAME= + PROJECT=starlingx + HOST_PREFIX=$HOME/starlingx/workspace + HOST_MIRROR_DIR=$HOME/starlingx/mirror + +*************************** +Build the base Docker image +*************************** + +Once the ``localrc`` configuration file has been customized, it is time +to build the base Docker image. + +#. If necessary, you might have to set http/https proxy in your + Dockerfile before building the docker image: + + .. code:: sh + + ENV http_proxy " http://your.actual_http_proxy.com:your_port " + ENV https_proxy " https://your.actual_https_proxy.com:your_port " + ENV ftp_proxy " http://your.actual_ftp_proxy.com:your_port " + RUN echo " proxy=http://your-proxy.com:port " >> /etc/yum.conf + +#. The ``tb.sh`` script automates the Base Docker image build: + + .. code:: sh + + ./tb.sh create + +---------------------------------- +Build the CentOS mirror repository +---------------------------------- + +The creation of the StarlingX ISO relies on a repository of RPM Binaries, +RPM Sources, and Tar Compressed files. This section describes how to build +this CentOS mirror repository. + +******************************* +Run repository Docker container +******************************* + +| Run the following commands under a terminal identified as "**One**": + +#. Navigate to the *$HOME/stx-tools/centos-mirror-tool* project + directory: + + .. code:: sh + + $ cd $HOME/stx-tools/centos-mirror-tools/ + +#. Launch the Docker container using the previously created base Docker image + *:*. As /localdisk is defined as the workdir of the + container, you should use the same folder name to define the volume. + The container starts to run and populate 'logs' and 'output' folders in + this directory. The container runs from the same directory in which the + scripts are stored. + + .. code:: sh + + $ docker run -it --volume $(pwd):/localdisk local/$USER-stx-builder:7.4 bash + +***************** +Download packages +***************** + +#. Inside the Docker container, enter the following commands to download + the required packages to populate the CentOS mirror repository: + + :: + + # cd localdisk && bash download_mirror.sh + +#. Monitor the download of packages until it is complete. When the download + is complete, the following message appears: + + :: + + totally 17 files are downloaded! + step #3: done successfully + IMPORTANT: The following 3 files are just bootstrap versions. Based on them, the workable images + for StarlingX could be generated by running "update-pxe-network-installer" command after "build-iso" + - out/stx-r1/CentOS/pike/Binary/LiveOS/squashfs.img + - out/stx-r1/CentOS/pike/Binary/images/pxeboot/initrd.img + - out/stx-r1/CentOS/pike/Binary/images/pxeboot/vmlinuz + +*************** +Verify packages +*************** + +#. Verify no missing or failed packages exist: + + :: + + # cat logs/*_missing_*.log + # cat logs/*_failmove_*.log + +#. In case missing or failed packages do exist, which is usually caused by + network instability (or timeout), you need to download the packages + manually. + Doing so assures you get all RPMs listed in + *rpms_3rdparties.lst*/*rpms_centos.lst*/*rpms_centos3rdparties.lst*. + +****************** +Packages structure +****************** + +The following is a general overview of the packages structure resulting +from downloading the packages: + +:: + + /home//stx-tools/centos-mirror-tools/output + └── stx-r1 + └── CentOS + └── pike + ├── Binary + │   ├── EFI + │   ├── images + │   ├── isolinux + │   ├── LiveOS + │   ├── noarch + │   └── x86_64 + ├── downloads + │   ├── integrity + │   └── puppet + └── Source + +******************************* +Create CentOS mirror repository +******************************* + +Outside your Repository Docker container, in another terminal identified +as "**Two**", run the following commands: + +#. From terminal identified as "**Two**", create a *mirror/CentOS* + directory under your *starlingx* workspace directory: + + .. code:: sh + + $ mkdir -p $HOME/starlingx/mirror/CentOS/ + +#. Copy the built CentOS Mirror Repository built under + *$HOME/stx-tools/centos-mirror-tool* to the *$HOME/starlingx/mirror/* + workspace directory: + + .. code:: sh + + $ cp -r $HOME/stx-tools/centos-mirror-tools/output/stx-r1/ $HOME/starlingx/mirror/CentOS/ + + +------------------------- +Create StarlingX packages +------------------------- + +***************************** +Run building Docker container +***************************** + +#. From the terminal identified as "**Two**", create the workspace folder: + + .. code:: sh + + $ mkdir -p $HOME/starlingx/workspace + +#. Navigate to the *$HOME/stx-tools* project directory: + + .. code:: sh + + $ cd $HOME/stx-tools + +#. Verify environment variables: + + .. code:: sh + + $ bash tb.sh env + +#. Run the building Docker container: + + .. code:: sh + + $ bash tb.sh run + +#. Execute the buiding Docker container: + + .. code:: sh + + $ bash tb.sh exec + +********************************* +Download source code repositories +********************************* + +#. From the terminal identified as "**Two**", which is now inside the + Building Docker container, start the internal environment: + + .. code:: sh + + $ eval $(ssh-agent) + $ ssh-add + +#. Use the repo tool to create a local clone of the stx-manifest + Git repository based on the "r/2018.10" branch: + + .. code:: sh + + $ cd $MY_REPO_ROOT_DIR + $ repo init -u https://git.starlingx.io/stx-manifest -m default.xml -b r/2018.10 + + **NOTE:** To use the "repo" command to clone the stx-manifest repository and + check out the "master" branch, omit the "-b r/2018.10" option. + Following is an example: + + .. code:: sh + + $ repo init -u https://git.starlingx.io/stx-manifest -m default.xml + +#. Synchronize the repository: + + .. code:: sh + + $ repo sync -j`nproc` + +#. Create a tarballs repository: + + .. code:: sh + + $ ln -s /import/mirrors/CentOS/stx-r1/CentOS/pike/downloads/ $MY_REPO/stx/ + + Alternatively, you can run the "populate_downloads.sh" script to copy + the tarballs instead of using a symlink: + + .. code:: sh + + $ populate_downloads.sh /import/mirrors/CentOS/stx-r1/CentOS/pike/ + + Outside the container + +#. From another terminal identified as "**Three**", create mirror binaries: + + .. code:: sh + + $ mkdir -p $HOME/starlingx/mirror/CentOS/stx-installer + $ cp $HOME/starlingx/mirror/CentOS/stx-r1/CentOS/pike/Binary/images/pxeboot/initrd.img $HOME/starlingx/mirror/CentOS/stx-installer/initrd.img + $ cp $HOME/starlingx/mirror/CentOS/stx-r1/CentOS/pike/Binary/images/pxeboot/vmlinuz $HOME/starlingx/mirror/CentOS/stx-installer/vmlinuz + $ cp $HOME/starlingx/mirror/CentOS/stx-r1/CentOS/pike/Binary/LiveOS/squashfs.img $HOME/starlingx/mirror/CentOS/stx-installer/squashfs.img + +************** +Build packages +************** + +#. Go back to the terminal identified as "**Two**", which is the Building Docker container. + +#. **Temporal!** Build-Pkgs Errors. Be prepared to have some missing / + corrupted rpm and tarball packages generated during + `Build the CentOS Mirror Repository`_, which will cause the next step + to fail. If that step does fail, manually download those missing / + corrupted packages. + +#. Update the symbolic links: + + .. code:: sh + + $ generate-cgcs-centos-repo.sh /import/mirrors/CentOS/stx-r1/CentOS/pike/ + +#. Build the packages: + + .. code:: sh + + $ build-pkgs + +#. **Optional!** Generate-Cgcs-Tis-Repo: + + While this step is optional, it improves performance on subsequent + builds. The cgcs-tis-repo has the dependency information that + sequences the build order. To generate or update the information, you + need to execute the following command after building modified or new + packages. + + .. code:: sh + + $ generate-cgcs-tis-repo + +------------------- +Build StarlingX ISO +------------------- + +#. Build the image: + + .. code:: sh + + $ build-iso + +--------------- +Build installer +--------------- + +To get your StarlingX ISO ready to use, you must create the initialization +files used to boot the ISO, additional controllers, and compute nodes. + +**NOTE:** You only need this procedure during your first build and +every time you upgrade the kernel. + +After running "build-iso", run: + +.. code:: sh + + $ build-pkgs --installer + +This builds *rpm* and *anaconda* packages. Then run: + +.. code:: sh + + $ update-pxe-network-installer + +The *update-pxe-network-installer* covers the steps detailed in +*$MY_REPO/stx/stx-metal/installer/initrd/README*. This script +creates three files on +*/localdisk/loadbuild/pxe-network-installer/output*. + +:: + + new-initrd.img + new-squashfs.img + new-vmlinuz + +Rename the files as follows: + +:: + + initrd.img + squashfs.img + vmlinuz + +Two ways exist for using these files: + +#. Store the files in the */import/mirror/CentOS/stx-installer/* folder + for future use. +#. Store the files in an arbitrary location and modify the + *$MY_REPO/stx/stx-metal/installer/pxe-network-installer/centos/build_srpm.data* + file to point to these files. + +Recreate the *pxe-network-installer* package and rebuild the image: + +.. code:: sh + + $ build-pkgs --clean pxe-network-installer + $ build-pkgs pxe-network-installer + $ build-iso + +Your ISO image should be able to boot. + +**************** +Additional notes +**************** + +- In order to get the first boot working, this complete procedure needs + to be done. However, once the init files are created, these can be + stored in a shared location where different developers can make use + of them. Updating these files is not a frequent task and should be + done whenever the kernel is upgraded. +- StarlingX is in active development. Consequently, it is possible that in the + future the **0.2** version will change to a more generic solution. + +--------------- +Build avoidance +--------------- + +******* +Purpose +******* + +Greatly reduce build times after using "repo" to syncronized a local +repository with an upstream source (i.e. "repo sync"). +Build avoidance works well for designers working +within a regional office. Starting from a new workspace, "build-pkgs" +typically requires three or more hours to complete. Build avoidance +reduces this step to approximately 20 minutes. + +*********** +Limitations +*********** + +- Little or no benefit for designers who refresh a pre-existing + workspace at least daily (e.g. download_mirror.sh, repo sync, + generate-cgcs-centos-repo.sh, build-pkgs, build-iso). In these cases, + an incremental build (i.e. reuse of same workspace without a "build-pkgs + --clean") is often just as efficient. +- Not likely to be useful to solo designers, or teleworkers that wish + to compile on using their home computers. Build avoidance downloads build + artifacts from a reference build, and WAN speeds are generally too + slow. + +***************** +Method (in brief) +***************** + +#. Reference Builds + + - A server in the regional office performs regular (e.g. daily) + automated builds using existing methods. These builds are called + "reference builds". + - The builds are timestamped and preserved for some time (i.e. a + number of weeks). + - A build CONTEXT, which is a file produced by "build-pkgs" + at location *$MY_WORKSPACE/CONTEXT*, is captured. It is a bash script that can + cd to each and every Git and checkout the SHA that contributed to + the build. + - For each package built, a file captures the md5sums of all the + source code inputs required to build that package. These files are + also produced by "build-pkgs" at location + *$MY_WORKSPACE//rpmbuild/SOURCES//srpm_reference.md5*. + - All these build products are accessible locally (e.g. a regional + office) using "rsync". + + **NOTE:** Other protocols can be added later. + +#. Designers + + - Request a build avoidance build. Recommended after you have + done synchronized the repository (i.e. "repo sync"). + + :: + + repo sync + generate-cgcs-centos-repo.sh + populate_downloads.sh + build-pkgs --build-avoidance + + - Use combinations of additional arguments, environment variables, and a + configuration file unique to the regional office to specify an URL + to the reference builds. + + - Using a configuration file to specify the location of your reference build: + + :: + + mkdir -p $MY_REPO/local-build-data + + cat <<- EOF > $MY_REPO/local-build-data/build_avoidance_source + # Optional, these are already the default values. + BUILD_AVOIDANCE_DATE_FORMAT="%Y%m%d" + BUILD_AVOIDANCE_TIME_FORMAT="%H%M%S" + BUILD_AVOIDANCE_DATE_TIME_DELIM="T" + BUILD_AVOIDANCE_DATE_TIME_POSTFIX="Z" + BUILD_AVOIDANCE_DATE_UTC=1 + BUILD_AVOIDANCE_FILE_TRANSFER="rsync" + + # Required, unique values for each regional office + BUILD_AVOIDANCE_USR="jenkins" + BUILD_AVOIDANCE_HOST="stx-builder.mycompany.com" + BUILD_AVOIDANCE_DIR="/localdisk/loadbuild/jenkins/StarlingX_Reference_Build" + EOF + + - Using command-line arguments to specify the location of your reference + build: + + :: + + build-pkgs --build-avoidance --build-avoidance-dir /localdisk/loadbuild/jenkins/StarlingX_Reference_Build --build-avoidance-host stx-builder.mycompany.com --build-avoidance-user jenkins + + - Prior to your build attempt, you need to accept the host key. + Doing so prevents "rsync" failures on a "yes/no" prompt. + You only have to do this once. + + :: + + grep -q $BUILD_AVOIDANCE_HOST $HOME/.ssh/known_hosts + if [ $? != 0 ]; then + ssh-keyscan $BUILD_AVOIDANCE_HOST >> $HOME/.ssh/known_hosts + fi + + + - "build-pkgs" does the following: + + - From newest to oldest, scans the CONTEXTs of the various + reference builds. Selects the first (i.e. most recent) context that + satisfies the following requirement: every Git the SHA + specifies in the CONTEXT is present. + - The selected context might be slightly out of date, but not by + more than a day. This assumes daily reference builds are run. + - If the context has not been previously downloaded, then + download it now. This means you need to download select portions of the + reference build workspace into the designer's workspace. This + includes all the SRPMS, RPMS, MD5SUMS, and miscellaneous supporting + files. Downloading these files usually takes about 10 minutes + over an office LAN. + - The designer could have additional commits or uncommitted changes + not present in the reference builds. Affected packages are + identified by the differing md5sum's. In these cases, the packages + are re-built. Re-builds usually take five or more minutes, + depending on the packages that have changed. + + - What if no valid reference build is found? Then build-pkgs will fall + back to a regular build. + +**************** +Reference builds +**************** + +- The regional office implements an automated build that pulls the + latest StarlingX software and builds it on a regular basis (e.g. + daily builds). Jenkins, cron, or similar tools can trigger these builds. +- Each build is saved to a unique directory, and preserved for a time + that is reflective of how long a designer might be expected to work + on a private branch without syncronizing with the master branch. + This takes about two weeks. + +- The *MY_WORKSPACE* directory for the build shall have a common root + directory, and a leaf directory that is a sortable time stamp. The + suggested format is *YYYYMMDDThhmmss*. + + .. code:: sh + + $ sudo apt-get update + BUILD_AVOIDANCE_DIR="/localdisk/loadbuild/jenkins/StarlingX_Reference_Build" + BUILD_TIMESTAMP=$(date -u '+%Y%m%dT%H%M%SZ') + MY_WORKSPACE=${BUILD_AVOIDANCE_DIR}/${BUILD_TIMESTAMP} + +- Designers can access all build products over the internal network of + the regional office. The current prototype employs "rsync". Other + protocols that can efficiently share, copy, or transfer large directories + of content can be added as needed. + +^^^^^^^^^^^^^^ +Advanced usage +^^^^^^^^^^^^^^ + +Can the reference build itself use build avoidance? Yes it can. +Can it reference itself? Yes it can. +In both these cases, caution is advised. To protect against any possible +'divergence from reality', you should limit how many steps you remove +a build avoidance build from a full build. + +Suppose we want to implement a self-referencing daily build in an +environment where a full build already occurs every Saturday. +To protect ourselves from a +build failure on Saturday we also want a limit of seven days since +the last full build. Your build script might look like this ... + +:: + + ... + BUILD_AVOIDANCE_DIR="/localdisk/loadbuild/jenkins/StarlingX_Reference_Build" + BUILD_AVOIDANCE_HOST="stx-builder.mycompany.com" + FULL_BUILD_DAY="Saturday" + MAX_AGE_DAYS=7 + + LAST_FULL_BUILD_LINK="$BUILD_AVOIDANCE_DIR/latest_full_build" + LAST_FULL_BUILD_DAY="" + NOW_DAY=$(date -u "+%A") + BUILD_TIMESTAMP=$(date -u '+%Y%m%dT%H%M%SZ') + MY_WORKSPACE=${BUILD_AVOIDANCE_DIR}/${BUILD_TIMESTAMP} + + # update software + repo init -u ${BUILD_REPO_URL} -b ${BUILD_BRANCH} + repo sync --force-sync + $MY_REPO_ROOT_DIR/stx-tools/toCOPY/generate-cgcs-centos-repo.sh + $MY_REPO_ROOT_DIR/stx-tools/toCOPY/populate_downloads.sh + + # User can optionally define BUILD_METHOD equal to one of 'FULL', 'AVOIDANCE', or 'AUTO' + # Sanitize BUILD_METHOD + if [ "$BUILD_METHOD" != "FULL" ] && [ "$BUILD_METHOD" != "AVOIDANCE" ]; then + BUILD_METHOD="AUTO" + fi + + # First build test + if [ "$BUILD_METHOD" != "FULL" ] && [ ! -L $LAST_FULL_BUILD_LINK ]; then + echo "latest_full_build symlink missing, forcing full build" + BUILD_METHOD="FULL" + fi + + # Build day test + if [ "$BUILD_METHOD" == "AUTO" ] && [ "$NOW_DAY" == "$FULL_BUILD_DAY" ]; then + echo "Today is $FULL_BUILD_DAY, forcing full build" + BUILD_METHOD="FULL" + fi + + # Build age test + if [ "$BUILD_METHOD" != "FULL" ]; then + LAST_FULL_BUILD_DATE=$(basename $(readlink $LAST_FULL_BUILD_LINK) | cut -d '_' -f 1) + LAST_FULL_BUILD_DAY=$(date -d $LAST_FULL_BUILD_DATE "+%A") + AGE_SECS=$(( $(date "+%s") - $(date -d $LAST_FULL_BUILD_DATE "+%s") )) + AGE_DAYS=$(( $AGE_SECS/60/60/24 )) + if [ $AGE_DAYS -ge $MAX_AGE_DAYS ]; then + echo "Haven't had a full build in $AGE_DAYS days, forcing full build" + BUILD_METHOD="FULL" + fi + BUILD_METHOD="AVOIDANCE" + fi + + #Build it + if [ "$BUILD_METHOD" == "FULL" ]; then + build-pkgs --no-build-avoidance + else + build-pkgs --build-avoidance --build-avoidance-dir $BUILD_AVOIDANCE_DIR --build-avoidance-host $BUILD_AVOIDANCE_HOST --build-avoidance-user $USER + fi + if [ $? -ne 0 ]; then + echo "Build failed in build-pkgs" + exit 1 + fi + + build-iso + if [ $? -ne 0 ]; then + echo "Build failed in build-iso" + exit 1 + fi + + if [ "$BUILD_METHOD" == "FULL" ]; then + # A successful full build. Set last full build symlink. + if [ -L $LAST_FULL_BUILD_LINK ]; then + rm -rf $LAST_FULL_BUILD_LINK + fi + ln -sf $MY_WORKSPACE $LAST_FULL_BUILD_LINK + fi + ... + +A final note.... + +To use the full build day as your avoidance build reference point, +modify the "build-pkgs" commands above to use "--build-avoidance-day ", +as shown in the following two examples: + +:: + + build-pkgs --build-avoidance --build-avoidance-dir $BUILD_AVOIDANCE_DIR --build-avoidance-host $BUILD_AVOIDANCE_HOST --build-avoidance-user $USER --build-avoidance-day $FULL_BUILD_DAY + + # Here is another example with a bit more shuffling of the above script. + + build-pkgs --build-avoidance --build-avoidance-dir $BUILD_AVOIDANCE_DIR --build-avoidance-host $BUILD_AVOIDANCE_HOST --build-avoidance-user $USER --build-avoidance-day $LAST_FULL_BUILD_DAY + +The advantage is that our build is never more than one step removed +from a full build. This assumes the full build was successful. + +The disadvantage is that by the end of the week, the reference build is getting +rather old. During active weeks, build times could approach build times for +full builds. diff --git a/doc/source/index.rst b/doc/source/index.rst index 93d2445cc..2ff5cdb34 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -2,16 +2,10 @@ StarlingX Documentation ======================= -Welcome to the StarlingX documentation. This is the documentation -for release stx.2018.10. - -Additional information about this release is available in the +Welcome to the StarlingX documentation. This is the documentation for release +stx.2018.10. Additional information about this release is available in the :ref:`release-notes`. -.. Add the additional version info here e.g. - The following documentation versions are available: - StarlingX stx.2019.09 | StarlingX stx.2019.04 - For more information about the project, consult the `Project Specifications `__. diff --git a/doc/source/installation_guide/controller_storage.rst b/doc/source/installation_guide/2018_10/controller_storage.rst similarity index 80% rename from doc/source/installation_guide/controller_storage.rst rename to doc/source/installation_guide/2018_10/controller_storage.rst index 191705488..263e8f27a 100644 --- a/doc/source/installation_guide/controller_storage.rst +++ b/doc/source/installation_guide/2018_10/controller_storage.rst @@ -1,8 +1,6 @@ -.. _controller-storage: - -=================================== -Controller Storage Deployment Guide -=================================== +=============================================== +Controller storage deployment guide stx.2018.10 +=============================================== .. contents:: :local: @@ -15,94 +13,94 @@ For approved instructions, see the `StarlingX Cloud with Controller Storage wiki page `__. ---------------------- -Deployment Description +Deployment description ---------------------- -The Controller Storage deployment option provides a 2x Node High Availability -Controller / Storage Cluster with: +The Controller Storage deployment option provides a 2x node high availability +controller / storage cluster with: -- A pool of up to seven Compute Nodes (pool size limit due to the capacity of - the Storage Function). -- A growth path for Storage to the full Standard solution with an independent - CEPH Storage Cluster. -- High Availability Services runnning across the Controller Nodes in either - Active/Active or Active/Standby mode. -- Storage Function running on top of LVM on single second disk, DRBD-sync'd - between the Controller Nodes. +- A pool of up to seven compute nodes (pool size limit due to the capacity of + the storage function). +- A growth path for storage to the full standard solution with an independent + CEPH storage cluster. +- High availability services runnning across the controller nodes in either + active/active or active/standby mode. +- Storage function running on top of LVM on single second disk, DRBD-sync'd + between the controller nodes. .. figure:: figures/starlingx-deployment-options-controller-storage.png :scale: 50% - :alt: Controller Storage Deployment Configuration + :alt: Controller Storage deployment configuration - *Controller Storage Deployment Configuration* + *Controller Storage deployment configuration* -A Controller Storage deployment provides protection against overall Controller -Node and Compute Node failure: +A Controller Storage deployment provides protection against overall controller +node and compute node failure: -- On overall Controller Node failure, all Controller High Availability Services - go Active on the remaining healthy Controller Node. -- On overall Compute Node failure, Virtual Machines on failed Compute Node are - recovered on the remaining healthy Compute Nodes. +- On overall controller node failure, all controller high availability services + go active on the remaining healthy controller node. +- On overall compute node failure, virtual machines on failed compute node are + recovered on the remaining healthy compute nodes. ------------------------------------ -Preparing Controller Storage Servers +Preparing controller storage servers ------------------------------------ ********** -Bare Metal +Bare metal ********** -Required Servers: +Required servers: - Controllers: 2 - Computes: 2 - 100 ^^^^^^^^^^^^^^^^^^^^^ -Hardware Requirements +Hardware requirements ^^^^^^^^^^^^^^^^^^^^^ The recommended minimum requirements for the physical servers where Controller Storage will be deployed, include: -- Minimum Processor: +- Minimum processor: - - Dual-CPU Intel® Xeon® E5 26xx Family (SandyBridge) 8 cores/socket + - Dual-CPU Intel® Xeon® E5 26xx family (SandyBridge) 8 cores/socket - Memory: - - 64 GB Controller - - 32 GB Compute + - 64 GB controller + - 32 GB compute - BIOS: - - Hyper-Threading Tech: Enabled - - Virtualization Technology: Enabled - - VT for Directed I/O: Enabled - - CPU Power and Performance Policy: Performance - - CPU C State Control: Disabled - - Plug & Play BMC Detection: Disabled + - Hyper-Threading technology: Enabled + - Virtualization technology: Enabled + - VT for directed I/O: Enabled + - CPU power and performance policy: Performance + - CPU C state control: Disabled + - Plug & play BMC detection: Disabled -- Primary Disk: +- Primary disk: - - 500 GB SDD or NVMe Controller - - 120 GB (min. 10K RPM) Compute + - 500 GB SDD or NVMe controller + - 120 GB (min. 10K RPM) compute -- Additional Disks: +- Additional disks: - - 1 or more 500 GB disks (min. 10K RPM) Compute + - 1 or more 500 GB disks (min. 10K RPM) compute -- Network Ports\* +- Network ports\* - - Management: 10GE Controller, Compute - - OAM: 10GE Controller - - Data: n x 10GE Compute + - Management: 10GE controller, compute + - OAM: 10GE controller + - Data: n x 10GE compute ******************* -Virtual Environment +Virtual environment ******************* Run the libvirt qemu setup scripts. Setting up virtualized OAM and -Management networks: +management networks: :: @@ -123,7 +121,7 @@ are: - controllerstorage-compute-1 ^^^^^^^^^^^^^^^^^^^^^^^^^ -Power Up a Virtual Server +Power up a virtual server ^^^^^^^^^^^^^^^^^^^^^^^^^ To power up a virtual server, run the following command: @@ -139,7 +137,7 @@ e.g. $ sudo virsh start controllerstorage-controller-0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Access Virtual Server Consoles +Access virtual server consoles ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The XML for virtual servers in stx-tools repo, deployment/libvirt, @@ -151,9 +149,9 @@ domain (the server) and selecting "Open". Access the textual console with the command "virsh console $DOMAIN", where DOMAIN is the name of the server shown in virsh. -When booting the Controller-0 for the first time, both the serial and +When booting the controller-0 for the first time, both the serial and graphical consoles will present the initial configuration menu for the -cluster. One can select serial or graphical console for Controller-0. +cluster. One can select serial or graphical console for controller-0. For the other nodes however only serial is used, regardless of which option is selected. @@ -164,35 +162,35 @@ sequence which follows the boot device selection. One has a few seconds to do this. -------------------------------- -Installing the Controller-0 Host +Installing the controller-0 host -------------------------------- -Installing Controller-0 involves initializing a host with software and +Installing controller-0 involves initializing a host with software and then applying a bootstrap configuration from the command line. The -configured bootstrapped host becomes Controller-0. +configured bootstrapped host becomes controller-0. Procedure: -#. Power on the server that will be Controller-0 with the StarlingX ISO +#. Power on the server that will be controller-0 with the StarlingX ISO on a USB in a bootable USB slot. #. Configure the controller using the config_controller script. ************************* -Initializing Controller-0 +Initializing controller-0 ************************* -This section describes how to initialize StarlingX in host Controller-0. +This section describes how to initialize StarlingX in host controller-0. Except where noted, all the commands must be executed from a console of the host. -Power on the host to be configured as Controller-0, with the StarlingX +Power on the host to be configured as controller-0, with the StarlingX ISO on a USB in a bootable USB slot. Wait for the console to show the StarlingX ISO booting options: - **Standard Controller Configuration** - When the installer is loaded and the installer welcome screen - appears in the Controller-0 host, select the type of installation + appears in the controller-0 host, select the type of installation "Standard Controller Configuration". - **Graphical Console** @@ -202,13 +200,13 @@ StarlingX ISO booting options: - **Standard Security Boot Profile** - - Select "Standard Security Boot Profile" as the Security Profile. + - Select "Standard Security Boot Profile" as the security profile. Monitor the initialization. When it is complete, a reboot is initiated -on the Controller-0 host, briefly displays a GNU GRUB screen, and then +on the controller-0 host, briefly displays a GNU GRUB screen, and then boots automatically into the StarlingX image. -Log into Controller-0 as user wrsroot, with password wrsroot. The +Log into controller-0 as user wrsroot, with password wrsroot. The first time you log in as wrsroot, you are required to change your password. Enter the current password (wrsroot): @@ -229,28 +227,27 @@ Enter the new password again to confirm it: Retype new password: -Controller-0 is initialized with StarlingX, and is ready for -configuration. +controller-0 is initialized with StarlingX, and is ready for configuration. ************************ -Configuring Controller-0 +Configuring controller-0 ************************ -This section describes how to perform the Controller-0 configuration +This section describes how to perform the controller-0 configuration interactively just to bootstrap system with minimum critical data. Except where noted, all the commands must be executed from the console -of the active controller (here assumed to be Controller-0). +of the active controller (here assumed to be controller-0). When run interactively, the config_controller script presents a series of prompts for initial configuration of StarlingX: -- For the Virtual Environment, you can accept all the default values +- For the virtual environment, you can accept all the default values immediately after ‘system date and time’. -- For a Physical Deployment, answer the bootstrap configuration +- For a physical deployment, answer the bootstrap configuration questions with answers applicable to your particular physical setup. The script is used to configure the first controller in the StarlingX -cluster as Controller-0. The prompts are grouped by configuration +cluster as controller-0. The prompts are grouped by configuration area. To start the script interactively, use the following command with no parameters: @@ -283,21 +280,21 @@ Accept all the default values immediately after ‘system date and time’. Please complete any out of service commissioning steps with system commands and unlock controller to proceed. After config_controller bootstrap configuration, REST API, CLI and -Horizon interfaces are enabled on the Controller-0 OAM IP Address. The +Horizon interfaces are enabled on the controller-0 OAM IP address. The remaining installation instructions will use the CLI. ------------------------------------ -Provisioning Controller-0 and System +Provisioning controller-0 and system ------------------------------------ -On Controller-0, acquire Keystone administrative privileges: +On controller-0, acquire Keystone administrative privileges: :: controller-0:~$ source /etc/nova/openrc ********************************************* -Configuring Provider Networks at Installation +Configuring provider networks at installation ********************************************* You must set up provider networks at installation so that you can attach @@ -311,11 +308,11 @@ Set up one provider network of the vlan type, named providernet-a: [wrsroot@controller-0 ~(keystone_admin)]$ neutron providernet-range-create --name providernet-a-range1 --range 100-400 providernet-a ************************************* -Configuring Cinder on Controller Disk +Configuring Cinder on controller disk ************************************* Review the available disk space and capacity and obtain the uuid of the -physical disk +physical disk: :: @@ -328,7 +325,7 @@ physical disk | 89694799-0dd8-4532-8636-c0d8aabfe215 | /dev/sdb | 2064 | HDD | 200.0 | 199.997 | |... +--------------------------------------+-----------+---------+---------+-------+------------+--------------+... -Create the 'cinder-volumes' local volume group +Create the 'cinder-volumes' local volume group: :: @@ -353,7 +350,7 @@ Create the 'cinder-volumes' local volume group | parameters | {u'lvm_type': u'thin'} | +-----------------+--------------------------------------+ -Create a disk partition to add to the volume group +Create a disk partition to add to the volume group: :: @@ -377,7 +374,7 @@ Create a disk partition to add to the volume group | updated_at | None | +-------------+--------------------------------------------------+ -Wait for the new partition to be created (i.e. status=Ready) +Wait for the new partition to be created (i.e. status=Ready): :: @@ -391,7 +388,7 @@ Wait for the new partition to be created (i.e. status=Ready) | |...| |...| | | | +--------------------------------------+...+------------+...+---------------------+----------+--------+ -Add the partition to the volume group +Add the partition to the volume group: :: @@ -416,14 +413,14 @@ Add the partition to the volume group | updated_at | None | +--------------------------+--------------------------------------------------+ -Enable LVM Backend. +Enable LVM backend: :: [wrsroot@controller-0 ~(keystone_admin)]$ system storage-backend-add lvm -s cinder --confirmed Wait for the storage backend to leave "configuring" state. Confirm LVM -Backend storage is configured: +backend storage is configured: :: @@ -436,11 +433,11 @@ Backend storage is configured: +--------------------------------------+------------+---------+------------+------+----------+... ********************** -Unlocking Controller-0 +Unlocking controller-0 ********************** -You must unlock Controller-0 so that you can use it to install the -remaining hosts. On Controller-0, acquire Keystone administrative +You must unlock controller-0 so that you can use it to install the +remaining hosts. On controller-0, acquire Keystone administrative privileges. Use the system host-unlock command: :: @@ -449,13 +446,13 @@ privileges. Use the system host-unlock command: The host is rebooted. During the reboot, the command line is unavailable, and any ssh connections are dropped. To monitor the -progress of the reboot, use the Controller-0 console. +progress of the reboot, use the controller-0 console. **************************************** -Verifying the Controller-0 Configuration +Verifying the controller-0 configuration **************************************** -On Controller-0, acquire Keystone administrative privileges: +On controller-0, acquire Keystone administrative privileges: :: @@ -475,7 +472,7 @@ Verify that the StarlingX controller services are running: ... +-----+-------------------------------+--------------+----------------+ -Verify that Controller-0 is unlocked, enabled, and available: +Verify that controller-0 is unlocked, enabled, and available: :: @@ -487,7 +484,7 @@ Verify that Controller-0 is unlocked, enabled, and available: +----+--------------+-------------+----------------+-------------+--------------+ --------------------------------------- -Installing Controller-1 / Compute Hosts +Installing controller-1 / compute hosts --------------------------------------- After initializing and configuring an active controller, you can add and @@ -495,7 +492,7 @@ configure a backup controller and additional compute hosts. For each host do the following: ***************** -Initializing Host +Initializing host ***************** Power on Host. In host console you will see: @@ -508,16 +505,16 @@ Power on Host. In host console you will see: controller node in order to proceed. *************************************** -Updating Host Host Name and Personality +Updating host hostname and personality *************************************** -On Controller-0, acquire Keystone administrative privileges: +On controller-0, acquire Keystone administrative privileges: :: controller-0:~$ source /etc/nova/openrc -Wait for Controller-0 to discover new host, list the host until new +Wait for controller-0 to discover new host, list the host until new UNKNOWN host shows up in table: :: @@ -542,22 +539,22 @@ Or for compute-0: [wrsroot@controller-0 ~(keystone_admin)]$ system host-update 3 personality=compute hostname=compute-0 -See also: 'system help host-update' +See also: 'system help host-update'. -Unless it is known that the host's configuration can support the -installation of more than one node, it is recommended that the -installation and configuration of each node be serialized. For example, -if the entire cluster has its virtual disks hosted on the host's root -disk which happens to be a single rotational type hard disk, then the -host cannot (reliably) support parallel node installation. +Unless it is known that the host's configuration can support the installation of +more than one node, it is recommended that the installation and configuration of +each node be serialized. For example, if the entire cluster has its virtual +disks hosted on the host's root disk which happens to be a single rotational +type hard disk, then the host cannot (reliably) support parallel node +installation. *************** -Monitoring Host +Monitoring host *************** -On Controller-0, you can monitor the installation progress by running -the system host-show command for the host periodically. Progress is -shown in the install_state field. +On controller-0, you can monitor the installation progress by running the system +host-show command for the host periodically. Progress is shown in the +install_state field: :: @@ -566,16 +563,16 @@ shown in the install_state field. | install_state | booting | | install_state_info | None | -Wait while the host is configured and rebooted. Up to 20 minutes may be -required for a reboot, depending on hardware. When the reboot is -complete, the host is reported as Locked, Disabled, and Online. +Wait while the host is configured and rebooted. Up to 20 minutes may be required +for a reboot, depending on hardware. When the reboot is complete, the host is +reported as locked, disabled, and online. ************* -Listing Hosts +Listing hosts ************* -Once all Nodes have been installed, configured and rebooted, on -Controller-0 list the hosts: +Once all nodes have been installed, configured and rebooted, on controller-0 +list the hosts: :: @@ -590,10 +587,10 @@ Controller-0 list the hosts: +----+--------------+-------------+----------------+-------------+--------------+ ------------------------- -Provisioning Controller-1 +Provisioning controller-1 ------------------------- -On Controller-0, list hosts +On controller-0, list hosts: :: @@ -607,28 +604,28 @@ On Controller-0, list hosts +----+--------------+-------------+----------------+-------------+--------------+ *********************************************** -Provisioning Network Interfaces on Controller-1 +Provisioning network interfaces on controller-1 *********************************************** -In order to list out hardware port names, types, pci-addresses that have +In order to list out hardware port names, types, PCI addresses that have been discovered: :: [wrsroot@controller-0 ~(keystone_admin)]$ system host-port-list controller-1 -Provision the oam interface for Controller-1: +Provision the OAM interface for controller-1: :: [wrsroot@controller-0 ~(keystone_admin)]$ system host-if-modify -n -c platform --networks oam controller-1 ************************************ -Provisioning Storage on Controller-1 +Provisioning storage on controller-1 ************************************ Review the available disk space and capacity and obtain the uuid of the -physical disk +physical disk: :: @@ -641,7 +638,7 @@ physical disk | 70b83394-968e-4f0d-8a99-7985cd282a21 | /dev/sdb | 2064 | HDD | 200.0 | 199.997 | +--------------------------------------+-----------+---------+---------+-------+------------+ -Assign Cinder storage to the physical disk +Assign Cinder storage to the physical disk: :: @@ -667,7 +664,7 @@ Assign Cinder storage to the physical disk +-----------------+--------------------------------------+ Create a disk partition to add to the volume group based on uuid of the -physical disk +physical disk: :: @@ -691,7 +688,7 @@ physical disk | updated_at | None | +-------------+--------------------------------------------------+ -Wait for the new partition to be created (i.e. status=Ready) +Wait for the new partition to be created (i.e. status=Ready): :: @@ -705,7 +702,7 @@ Wait for the new partition to be created (i.e. status=Ready) | |...| | ... | | | +--------------------------------------+...+------------+...+--------+----------------------+ -Add the partition to the volume group +Add the partition to the volume group: :: @@ -731,25 +728,24 @@ Add the partition to the volume group +--------------------------+--------------------------------------------------+ ********************** -Unlocking Controller-1 +Unlocking controller-1 ********************** -Unlock Controller-1 +Unlock controller-1: :: [wrsroot@controller-0 ~(keystone_admin)]$ system host-unlock controller-1 -Wait while the Controller-1 is rebooted. Up to 10 minutes may be -required for a reboot, depending on hardware. +Wait while the controller-1 is rebooted. Up to 10 minutes may be required for a +reboot, depending on hardware. -**REMARK:** Controller-1 will remain in 'degraded' state until -data-syncing is complete. The duration is dependant on the -virtualization host's configuration - i.e., the number and configuration -of physical disks used to host the nodes' virtual disks. Also, the -management network is expected to have link capacity of 10000 (1000 is -not supported due to excessive data-sync time). Use 'fm alarm-list' to -confirm status. +**REMARK:** controller-1 will remain in 'degraded' state until data-syncing is +complete. The duration is dependant on the virtualization host's configuration - +i.e., the number and configuration of physical disks used to host the nodes' +virtual disks. Also, the management network is expected to have link capacity of +10000 (1000 is not supported due to excessive data-sync time). Use +'fm alarm-list' to confirm status. :: @@ -762,26 +758,26 @@ confirm status. ... --------------------------- -Provisioning a Compute Host +Provisioning a compute host --------------------------- You must configure the network interfaces and the storage disks on a -host before you can unlock it. For each Compute Host do the following: +host before you can unlock it. For each compute host do the following: -On Controller-0, acquire Keystone administrative privileges: +On controller-0, acquire Keystone administrative privileges: :: controller-0:~$ source /etc/nova/openrc ************************************************* -Provisioning Network Interfaces on a Compute Host +Provisioning network interfaces on a compute host ************************************************* -On Controller-0, in order to list out hardware port names, types, +On controller-0, in order to list out hardware port names, types, pci-addresses that have been discovered: -- **Only in Virtual Environment**: Ensure that the interface used is +- **Only in virtual environment**: Ensure that the interface used is one of those attached to host bridge with model type "virtio" (i.e., eth1000 and eth1001). The model type "e1000" emulated devices will not work for provider networks: @@ -790,21 +786,21 @@ pci-addresses that have been discovered: [wrsroot@controller-0 ~(keystone_admin)]$ system host-port-list compute-0 -Provision the data interface for Compute: +Provision the data interface for compute: :: [wrsroot@controller-0 ~(keystone_admin)]$ system host-if-modify -p providernet-a -c data compute-0 eth1000 *************************** -VSwitch Virtual Environment +VSwitch virtual environment *************************** -**Only in Virtual Environment**. If the compute has more than 4 cpus, -the system will auto-configure the vswitch to use 2 cores. However some -virtual environments do not properly support multi-queue required in a -multi-cpu environment. Therefore run the following command to reduce the -vswitch cores to 1: +**Only in virtual environment**. If the compute has more than 4 cpus, the system +will auto-configure the vswitch to use 2 cores. However some virtual +environments do not properly support multi-queue required in a multi-CPU +environment. Therefore run the following command to reduce the vswitch cores to +1: :: @@ -820,7 +816,7 @@ vswitch cores to 1: +--------------------------------------+-------+-----------+-------+--------+... ************************************** -Provisioning Storage on a Compute Host +Provisioning storage on a compute host ************************************** Review the available disk space and capacity and obtain the uuid(s) of @@ -915,31 +911,30 @@ nova-local: +-----------------+-------------------------------------------------------------------+ ************************ -Unlocking a Compute Host +Unlocking a compute host ************************ -On Controller-0, use the system host-unlock command to unlock the -Compute node: +On controller-0, use the system host-unlock command to unlock the compute node: :: [wrsroot@controller-0 ~(keystone_admin)]$ system host-unlock compute-0 -Wait while the Compute node is rebooted. Up to 10 minutes may be +Wait while the compute node is rebooted. Up to 10 minutes may be required for a reboot, depending on hardware. The host is rebooted, and -its Availability State is reported as In-Test, followed by +its availability state is reported as in-test, followed by unlocked/enabled. ------------------- -System Health Check +System health check ------------------- *********************** -Listing StarlingX Nodes +Listing StarlingX nodes *********************** -On Controller-0, after a few minutes, all nodes shall be reported as -Unlocked, Enabled, and Available: +On controller-0, after a few minutes, all nodes shall be reported as +unlocked, enabled, and available: :: @@ -954,18 +949,20 @@ Unlocked, Enabled, and Available: +----+--------------+-------------+----------------+-------------+--------------+ ***************** -System Alarm List +System alarm-list ***************** -When all nodes are Unlocked, Enabled and Available: check 'fm alarm-list' for issues. +When all nodes are unlocked, enabled and available: check 'fm alarm-list' for +issues. -Your StarlingX deployment is now up and running with 2x HA Controllers with Cinder -Storage, 2x Computes and all OpenStack services up and running. You can now proceed -with standard OpenStack APIs, CLIs and/or Horizon to load Glance Images, configure -Nova Flavors, configure Neutron networks and launch Nova Virtual Machines. +Your StarlingX deployment is now up and running with 2x HA controllers with +Cinder storage, 2x computes, and all OpenStack services up and running. You can +now proceed with standard OpenStack APIs, CLIs and/or Horizon to load Glance +images, configure Nova Flavors, configure Neutron networks and launch Nova +virtual machines. ---------------------- -Deployment Terminology +Deployment terminology ---------------------- .. include:: deployment_terminology.rst diff --git a/doc/source/installation_guide/dedicated_storage.rst b/doc/source/installation_guide/2018_10/dedicated_storage.rst similarity index 81% rename from doc/source/installation_guide/dedicated_storage.rst rename to doc/source/installation_guide/2018_10/dedicated_storage.rst index c716dc455..73c2827e7 100644 --- a/doc/source/installation_guide/dedicated_storage.rst +++ b/doc/source/installation_guide/2018_10/dedicated_storage.rst @@ -1,8 +1,6 @@ -.. _dedicated-storage: - -================================== -Dedicated Storage Deployment Guide -================================== +============================================== +Dedicated storage deployment guide stx.2018.10 +============================================== .. contents:: :local: @@ -15,11 +13,11 @@ For approved instructions, see the `StarlingX Cloud with Dedicated Storage wiki page `__. ---------------------- -Deployment Description +Deployment description ---------------------- Cloud with Dedicated Storage is the standard StarlingX deployment option with -independent Controller, Compute, and Storage Nodes. +independent controller, compute, and storage nodes. This deployment option provides the maximum capacity for a single region deployment, with a supported growth path to a multi-region deployment option by @@ -27,31 +25,31 @@ adding a secondary region. .. figure:: figures/starlingx-deployment-options-dedicated-storage.png :scale: 50% - :alt: Dedicated Storage Deployment Configuration + :alt: Dedicated Storage deployment configuration - *Dedicated Storage Deployment Configuration* + *Dedicated Storage deployment configuration* Cloud with Dedicated Storage includes: -- 2x Node HA Controller Cluster with HA Services running across the Controller - Nodes in either Active/Active or Active/Standby mode. -- Pool of up to 100 Compute Nodes for hosting virtual machines and virtual +- 2x node HA controller cluster with HA services running across the controller + nodes in either active/active or active/standby mode. +- Pool of up to 100 compute nodes for hosting virtual machines and virtual networks. -- 2-9x Node HA CEPH Storage Cluster for hosting virtual volumes, images, and +- 2-9x node HA CEPH storage cluster for hosting virtual volumes, images, and object storage that supports a replication factor of 2 or 3. - Storage Nodes are deployed in replication groups of 2 or 3. Replication + Storage nodes are deployed in replication groups of 2 or 3. Replication of objects is done strictly within the replication group. - Supports up to 4 groups of 2x Storage Nodes, or up to 3 groups of 3x Storage - Nodes. + Supports up to 4 groups of 2x storage nodes, or up to 3 groups of 3x storage + nodes. ----------------------------------- -Preparing Dedicated Storage Servers +Preparing dedicated storage servers ----------------------------------- ********** -Bare Metal +Bare metal ********** Required Servers: @@ -65,51 +63,51 @@ Required Servers: - Computes: 2 - 100 ^^^^^^^^^^^^^^^^^^^^^ -Hardware Requirements +Hardware requirements ^^^^^^^^^^^^^^^^^^^^^ The recommended minimum requirements for the physical servers where Dedicated Storage will be deployed, include: -- Minimum Processor: +- Minimum processor: - - Dual-CPU Intel® Xeon® E5 26xx Family (SandyBridge) 8 cores/socket + - Dual-CPU Intel® Xeon® E5 26xx family (SandyBridge) 8 cores/socket - Memory: - - 64 GB Controller, Storage - - 32 GB Compute + - 64 GB controller, storage + - 32 GB compute - BIOS: - - Hyper-Threading Tech: Enabled - - Virtualization Technology: Enabled - - VT for Directed I/O: Enabled - - CPU Power and Performance Policy: Performance - - CPU C State Control: Disabled - - Plug & Play BMC Detection: Disabled + - Hyper-Threading technology: Enabled + - Virtualization technology: Enabled + - VT for directed I/O: Enabled + - CPU power and performance policy: Performance + - CPU C state control: Disabled + - Plug & play BMC detection: Disabled -- Primary Disk: +- Primary disk: - - 500 GB SDD or NVMe Controller - - 120 GB (min. 10K RPM) Compute, Storage + - 500 GB SDD or NVMe controller + - 120 GB (min. 10K RPM) compute and storage -- Additional Disks: +- Additional disks: - - 1 or more 500 GB disks (min. 10K RPM) Storage, Compute + - 1 or more 500 GB disks (min. 10K RPM) storage, compute -- Network Ports\* +- Network ports\* - - Management: 10GE Controller, Storage, Compute - - OAM: 10GE Controller - - Data: n x 10GE Compute + - Management: 10GE controller, storage, compute + - OAM: 10GE controller + - Data: n x 10GE compute ******************* -Virtual Environment +Virtual environment ******************* Run the libvirt qemu setup scripts. Setting up virtualized OAM and -Management networks: +management networks: :: @@ -132,7 +130,7 @@ are: - dedicatedstorage-storage-1 ^^^^^^^^^^^^^^^^^^^^^^^^^ -Power Up a Virtual Server +Power up a virtual server ^^^^^^^^^^^^^^^^^^^^^^^^^ To power up a virtual server, run the following command: @@ -148,7 +146,7 @@ e.g. $ sudo virsh start dedicatedstorage-controller-0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Access Virtual Server Consoles +Access virtual server consoles ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The XML for virtual servers in stx-tools repo, deployment/libvirt, @@ -173,12 +171,12 @@ sequence which follows the boot device selection. One has a few seconds to do this. -------------------------------- -Installing the Controller-0 Host +Installing the controller-0 host -------------------------------- Installing controller-0 involves initializing a host with software and then applying a bootstrap configuration from the command line. The -configured bootstrapped host becomes Controller-0. +configured bootstrapped host becomes controller-0. Procedure: @@ -187,21 +185,21 @@ Procedure: #. Configure the controller using the config_controller script. ************************* -Initializing Controller-0 +Initializing controller-0 ************************* -This section describes how to initialize StarlingX in host Controller-0. +This section describes how to initialize StarlingX in host controller-0. Except where noted, all the commands must be executed from a console of the host. -Power on the host to be configured as Controller-0, with the StarlingX +Power on the host to be configured as controller-0, with the StarlingX ISO on a USB in a bootable USB slot. Wait for the console to show the StarlingX ISO booting options: - **Standard Controller Configuration** - When the installer is loaded and the installer welcome screen - appears in the Controller-0 host, select the type of installation + appears in the controller-0 host, select the type of installation "Standard Controller Configuration". - **Graphical Console** @@ -211,13 +209,13 @@ StarlingX ISO booting options: - **Standard Security Boot Profile** - - Select "Standard Security Boot Profile" as the Security Profile. + - Select "Standard Security Boot Profile" as the security profile. Monitor the initialization. When it is complete, a reboot is initiated -on the Controller-0 host, briefly displays a GNU GRUB screen, and then +on the controller-0 host, briefly displays a GNU GRUB screen, and then boots automatically into the StarlingX image. -Log into Controller-0 as user wrsroot, with password wrsroot. The +Log into controller-0 as user wrsroot, with password wrsroot. The first time you log in as wrsroot, you are required to change your password. Enter the current password (wrsroot): @@ -238,14 +236,13 @@ Enter the new password again to confirm it: Retype new password: -Controller-0 is initialized with StarlingX, and is ready for -configuration. +controller-0 is initialized with StarlingX, and is ready for configuration. ************************ -Configuring Controller-0 +Configuring controller-0 ************************ -This section describes how to perform the Controller-0 configuration +This section describes how to perform the controller-0 configuration interactively just to bootstrap system with minimum critical data. Except where noted, all the commands must be executed from the console of the active controller (here assumed to be controller-0). @@ -253,9 +250,9 @@ of the active controller (here assumed to be controller-0). When run interactively, the config_controller script presents a series of prompts for initial configuration of StarlingX: -- For the Virtual Environment, you can accept all the default values +- For the virtual environment, you can accept all the default values immediately after ‘system date and time’. -- For a Physical Deployment, answer the bootstrap configuration +- For a physical deployment, answer the bootstrap configuration questions with answers applicable to your particular physical setup. The script is used to configure the first controller in the StarlingX @@ -271,7 +268,7 @@ with no parameters: Enter ! at any prompt to abort... ... -Accept all the default values immediately after ‘system date and time’ +Accept all the default values immediately after ‘system date and time’: :: @@ -292,21 +289,21 @@ Accept all the default values immediately after ‘system date and time’ Please complete any out of service commissioning steps with system commands and unlock controller to proceed. After config_controller bootstrap configuration, REST API, CLI and -Horizon interfaces are enabled on the controller-0 OAM IP Address. The +Horizon interfaces are enabled on the controller-0 OAM IP address. The remaining installation instructions will use the CLI. ------------------------------------ -Provisioning Controller-0 and System +Provisioning controller-0 and system ------------------------------------ -On Controller-0, acquire Keystone administrative privileges: +On controller-0, acquire Keystone administrative privileges: :: controller-0:~$ source /etc/nova/openrc ********************************************* -Configuring Provider Networks at Installation +Configuring provider networks at installation ********************************************* You must set up provider networks at installation so that you can attach @@ -320,7 +317,7 @@ Set up one provider network of the vlan type, named providernet-a: [wrsroot@controller-0 ~(keystone_admin)]$ neutron providernet-range-create --name providernet-a-range1 --range 100-400 providernet-a ********************************************* -Adding a Ceph Storage Backend at Installation +Adding a Ceph storage backend at installation ********************************************* Add CEPH Storage backend: @@ -353,7 +350,7 @@ Add CEPH Storage backend: | 55f49f86-3e01-4d03-a014-42e1b55ba487 | file-store | file | configured | None | glance |... +--------------------------------------+------------+---------+-------------+--------------------+----------+... -Confirm CEPH storage is configured +Confirm CEPH storage is configured: :: @@ -370,25 +367,25 @@ Confirm CEPH storage is configured +--------------------------------------+------------+---------+------------+-------------------+-----------+... ********************** -Unlocking Controller-0 +Unlocking controller-0 ********************** -You must unlock controller-0 so that you can use it to install the -remaining hosts. Use the system host-unlock command: +You must unlock controller-0 so that you can use it to install the remaining +hosts. Use the system host-unlock command: :: [wrsroot@controller-0 ~(keystone_admin)]$ system host-unlock controller-0 -The host is rebooted. During the reboot, the command line is -unavailable, and any ssh connections are dropped. To monitor the -progress of the reboot, use the controller-0 console. +The host is rebooted. During the reboot, the command line is unavailable, and +any ssh connections are dropped. To monitor the progress of the reboot, use the +controller-0 console. **************************************** -Verifying the Controller-0 Configuration +Verifying the controller-0 configuration **************************************** -On Controller-0, acquire Keystone administrative privileges: +On controller-0, acquire Keystone administrative privileges: :: @@ -420,10 +417,10 @@ Verify that controller-0 is unlocked, enabled, and available: +----+--------------+-------------+----------------+-------------+--------------+ ******************************* -Provisioning Filesystem Storage +Provisioning filesystem storage ******************************* -List the controller filesystems with status and current sizes +List the controller file systems with status and current sizes: :: @@ -449,7 +446,7 @@ Modify filesystem sizes [wrsroot@controller-0 ~(keystone_admin)]$ system controllerfs-modify backup=42 database=12 img-conversions=12 ------------------------------------------------------- -Installing Controller-1 / Storage Hosts / Compute Hosts +Installing controller-1 / storage hosts / compute hosts ------------------------------------------------------- After initializing and configuring an active controller, you can add and @@ -457,7 +454,7 @@ configure a backup controller and additional compute or storage hosts. For each host do the following: ***************** -Initializing Host +Initializing host ***************** Power on Host. In host console you will see: @@ -470,16 +467,16 @@ Power on Host. In host console you will see: controller node in order to proceed. ********************************** -Updating Host Name and Personality +Updating host name and personality ********************************** -On Controller-0, acquire Keystone administrative privileges: +On controller-0, acquire Keystone administrative privileges: :: controller-0:~$ source /etc/nova/openrc -Wait for Controller-0 to discover new host, list the host until new +Wait for controller-0 to discover new host, list the host until new UNKNOWN host shows up in table: :: @@ -498,19 +495,19 @@ Use the system host-add to update host personality attribute: [wrsroot@controller-0 ~(keystone_admin)]$ system host-add -n -p -m -**REMARK:** use the Mac Address for the specific network interface you -are going to be connected. e.g. OAM network interface for "Controller-1" -node, Management network interface for "Computes" and "Storage" nodes. +**REMARK:** use the Mac address for the specific network interface you +are going to be connected. e.g. OAM network interface for controller-1 +node, management network interface for compute and storage nodes. -Check the **NIC** MAC Address from "Virtual Manager GUI" under *"Show +Check the **NIC** MAC address from "Virtual Manager GUI" under *"Show virtual hardware details -*\ **i**\ *" Main Banner --> NIC: --> specific -"Bridge name:" under MAC Address text field.* +"Bridge name:" under MAC address text field.* *************** -Monitoring Host +Monitoring host *************** -On Controller-0, you can monitor the installation progress by running +On controller-0, you can monitor the installation progress by running the system host-show command for the host periodically. Progress is shown in the install_state field. @@ -524,14 +521,14 @@ shown in the install_state field. Wait while the host is configured and rebooted. Up to 20 minutes may be required for a reboot, depending on hardware. When the reboot is -complete, the host is reported as Locked, Disabled, and Online. +complete, the host is reported as locked, disabled, and online. ************* -Listing Hosts +Listing hosts ************* -Once all Nodes have been installed, configured and rebooted, on -Controller-0 list the hosts: +Once all nodes have been installed, configured and rebooted, on +controller-0 list the hosts: :: @@ -548,10 +545,10 @@ Controller-0 list the hosts: +----+--------------+-------------+----------------+-------------+--------------+ ------------------------- -Provisioning Controller-1 +Provisioning controller-1 ------------------------- -On Controller-0, list hosts +On controller-0, list hosts: :: @@ -565,36 +562,36 @@ On Controller-0, list hosts +----+--------------+-------------+----------------+-------------+--------------+ *********************************************** -Provisioning Network Interfaces on Controller-1 +Provisioning network interfaces on controller-1 *********************************************** -In order to list out hardware port names, types, pci-addresses that have +In order to list out hardware port names, types, PCI addresses that have been discovered: :: [wrsroot@controller-0 ~(keystone_admin)]$ system host-port-list controller-1 -Provision the oam interface for Controller-1: +Provision the OAM interface for controller-1: :: [wrsroot@controller-0 ~(keystone_admin)]$ system host-if-modify -n -c platform --networks oam controller-1 ********************** -Unlocking Controller-1 +Unlocking controller-1 ********************** -Unlock Controller-1 +Unlock controller-1: :: [wrsroot@controller-0 ~(keystone_admin)]$ system host-unlock controller-1 -Wait while the Controller-1 is rebooted. Up to 10 minutes may be +Wait while the controller-1 is rebooted. Up to 10 minutes may be required for a reboot, depending on hardware. -**REMARK:** Controller-1 will remain in 'degraded' state until +**REMARK:** controller-1 will remain in degraded state until data-syncing is complete. The duration is dependant on the virtualization host's configuration - i.e., the number and configuration of physical disks used to host the nodes' virtual disks. Also, the @@ -613,14 +610,14 @@ confirm status. ... ------------------------- -Provisioning Storage Host +Provisioning storage host ------------------------- ************************************** -Provisioning Storage on a Storage Host +Provisioning storage on a storage host ************************************** -Available physical disks in Storage-N +Available physical disks in storage-N: :: @@ -640,7 +637,7 @@ Available physical disks in Storage-N | | | | | | | |... +--------------------------------------+-----------+---------+---------+-------+------------+--------------+... -Available storage tiers in Storage-N +Available storage tiers in storage-N: :: @@ -651,9 +648,9 @@ Available storage tiers in Storage-N | 4398d910-75e4-4e99-a57f-fc147fb87bdb | storage | in-use | 5131a848-25ea-4cd8-bbce-0d65c84183df | +--------------------------------------+---------+--------+--------------------------------------+ -Create a storage function (i.e. OSD) in Storage-N. At least two unlocked and -enabled hosts with monitors are required. Candidates are: Controller-0, -Controller-1, and Storage-0. +Create a storage function (i.e. OSD) in storage-N. At least two unlocked and +enabled hosts with monitors are required. Candidates are: controller-0, +controller-1, and storage-0. :: @@ -676,7 +673,7 @@ Controller-1, and Storage-0. | updated_at | 2018-08-16T00:40:07.626762+00:00 | +------------------+--------------------------------------------------+ -Create remaining available storage function (an OSD) in Storage-N +Create remaining available storage function (an OSD) in storage-N based in the number of available physical disks. List the OSDs: @@ -690,7 +687,7 @@ List the OSDs: | 34989bad-67fc-49ea-9e9c-38ca4be95fad | osd | 0 | {} | c7cc08e6-ff18-4229-a79d-a04187de7b8d | +--------------------------------------+----------+-------+--------------+--------------------------------------+ -Unlock Storage-N +Unlock storage-N: :: @@ -700,26 +697,26 @@ Unlock Storage-N remaining storage nodes. --------------------------- -Provisioning a Compute Host +Provisioning a compute host --------------------------- You must configure the network interfaces and the storage disks on a -host before you can unlock it. For each Compute Host do the following: +host before you can unlock it. For each compute host do the following: -On Controller-0, acquire Keystone administrative privileges: +On controller-0, acquire Keystone administrative privileges: :: controller-0:~$ source /etc/nova/openrc ************************************************* -Provisioning Network Interfaces on a Compute Host +Provisioning network interfaces on a compute host ************************************************* -On Controller-0, in order to list out hardware port names, types, +On controller-0, in order to list out hardware port names, types, pci-addresses that have been discovered: -- **Only in Virtual Environment**: Ensure that the interface used is +- **Only in virtual environment**: Ensure that the interface used is one of those attached to host bridge with model type "virtio" (i.e., eth1000 and eth1001). The model type "e1000" emulated devices will not work for provider networks. @@ -728,20 +725,20 @@ pci-addresses that have been discovered: [wrsroot@controller-0 ~(keystone_admin)]$ system host-port-list compute-0 -Provision the data interface for Compute: +Provision the data interface for compute: :: [wrsroot@controller-0 ~(keystone_admin)]$ system host-if-modify -p providernet-a -c data compute-0 eth1000 *************************** -VSwitch Virtual Environment +VSwitch virtual environment *************************** -**Only in Virtual Environment**. If the compute has more than 4 cpus, +**Only in virtual environment**. If the compute has more than 4 CPUs, the system will auto-configure the vswitch to use 2 cores. However some virtual environments do not properly support multi-queue required in a -multi-cpu environment. Therefore run the following command to reduce the +multi-CPU environment. Therefore run the following command to reduce the vswitch cores to 1: :: @@ -758,7 +755,7 @@ vswitch cores to 1: +--------------------------------------+-------+-----------+-------+--------+... ************************************** -Provisioning Storage on a Compute Host +Provisioning storage on a compute host ************************************** Review the available disk space and capacity and obtain the uuid(s) of @@ -834,30 +831,30 @@ volumes: [wrsroot@controller-0 ~(keystone_admin)]$ system host-lvg-modify -b remote compute-0 nova-local ************************ -Unlocking a Compute Host +Unlocking a compute host ************************ -On Controller-0, use the system host-unlock command to unlock the -Compute-N: +On controller-0, use the system host-unlock command to unlock the +compute-N: :: [wrsroot@controller-0 ~(keystone_admin)]$ system host-unlock compute-0 -Wait while the Compute-N is rebooted. Up to 10 minutes may be required +Wait while the compute-N is rebooted. Up to 10 minutes may be required for a reboot, depending on hardware. The host is rebooted, and its -Availability State is reported as In-Test, followed by unlocked/enabled. +availability state is reported as in-test, followed by unlocked/enabled. ------------------- -System Health Check +System health check ------------------- *********************** -Listing StarlingX Nodes +Listing StarlingX nodes *********************** -On Controller-0, after a few minutes, all nodes shall be reported as -Unlocked, Enabled, and Available: +On controller-0, after a few minutes, all nodes shall be reported as +unlocked, enabled, and available: :: @@ -874,7 +871,7 @@ Unlocked, Enabled, and Available: +----+--------------+-------------+----------------+-------------+--------------+ ****************************** -Checking StarlingX CEPH Health +Checking StarlingX CEPH health ****************************** :: @@ -892,18 +889,20 @@ Checking StarlingX CEPH Health controller-0:~$ ***************** -System Alarm List +System alarm list ***************** -When all nodes are Unlocked, Enabled and Available: check 'fm alarm-list' for issues. +When all nodes are unlocked, enabled and available: check 'fm alarm-list' for +issues. -Your StarlingX deployment is now up and running with 2x HA Controllers with Cinder -Storage, 1x Compute, 3x Storages and all OpenStack services up and running. You can -now proceed with standard OpenStack APIs, CLIs and/or Horizon to load Glance Images, -configure Nova Flavors, configure Neutron networks and launch Nova Virtual Machines. +Your StarlingX deployment is now up and running with 2x HA controllers with +Cinder storage, 1x compute, 3x storages and all OpenStack services up and +running. You can now proceed with standard OpenStack APIs, CLIs and/or Horizon +to load Glance images, configure Nova Flavors, configure Neutron networks and +launch Nova virtual machines. ---------------------- -Deployment Terminology +Deployment terminology ---------------------- .. include:: deployment_terminology.rst diff --git a/doc/source/installation_guide/2018_10/deployment_terminology.rst b/doc/source/installation_guide/2018_10/deployment_terminology.rst new file mode 100644 index 000000000..a88b4695f --- /dev/null +++ b/doc/source/installation_guide/2018_10/deployment_terminology.rst @@ -0,0 +1,119 @@ +.. _incl-simplex-deployment-terminology: + +**All-in-one controller node** + A single physical node that provides a controller function, compute + function, and storage function. + +.. _incl-simplex-deployment-terminology-end: + + +.. _incl-standard-controller-deployment-terminology: + +**Controller node / function** + A node that runs cloud control function for managing cloud resources. + + - Runs cloud control functions for managing cloud resources. + - Runs all OpenStack control functions (e.g. managing images, virtual + volumes, virtual network, and virtual machines). + - Can be part of a two-node HA control node cluster for running control + functions either active/active or active/standby. + +**Compute ( & network ) node / function** + A node that hosts applications in virtual machines using compute resources + such as CPU, memory, and disk. + + - Runs virtual switch for realizing virtual networks. + - Provides L3 routing and NET services. + +.. _incl-standard-controller-deployment-terminology-end: + + +.. _incl-dedicated-storage-deployment-terminology: + +**Storage node / function** + A node that contains a set of disks (e.g. SATA, SAS, SSD, and/or NVMe). + + - Runs CEPH distributed storage software. + - Part of an HA multi-node CEPH storage cluster supporting a replication + factor of two or three, journal caching, and class tiering. + - Provides HA persistent storage for images, virtual volumes + (i.e. block storage), and object storage. + +.. _incl-dedicated-storage-deployment-terminology-end: + +.. _incl-common-deployment-terminology: + +**OAM network** + The network on which all external StarlingX platform APIs are exposed, + (i.e. REST APIs, Horizon web server, SSH, and SNMP), typically 1GE. + + Only controller type nodes are required to be connected to the OAM + network. + +**Management network** + A private network (i.e. not connected externally), tipically 10GE, + used for the following: + + - Internal OpenStack / StarlingX monitoring and control. + - VM I/O access to a storage cluster. + + All nodes are required to be connected to the management network. + +**Data network(s)** + Networks on which the OpenStack / Neutron provider networks are realized + and become the VM tenant networks. + + Only compute type and all-in-one type nodes are required to be connected + to the data network(s); these node types require one or more interface(s) + on the data network(s). + +**IPMI network** + An optional network on which IPMI interfaces of all nodes are connected. + The network must be reachable using L3/IP from the controller's OAM + interfaces. + + You can optionally connect all node types to the IPMI network. + +**PXEBoot network** + An optional network for controllers to boot/install other nodes over the + network. + + By default, controllers use the management network for boot/install of other + nodes in the openstack cloud. If this optional network is used, all node + types are required to be connected to the PXEBoot network. + + A PXEBoot network is required for a variety of special case situations: + + - Cases where the management network must be IPv6: + + - IPv6 does not support PXEBoot. Therefore, IPv4 PXEBoot network must be + configured. + + - Cases where the management network must be VLAN tagged: + + - Most server's BIOS do not support PXEBooting over tagged networks. + Therefore, you must configure an untagged PXEBoot network. + + - Cases where a management network must be shared across regions but + individual regions' controllers want to only network boot/install nodes + of their own region: + + - You must configure separate, per-region PXEBoot networks. + +**Infra network** + A deprecated optional network that was historically used for access to the + storage cluster. + + If this optional network is used, all node types are required to be + connected to the INFRA network, + +**Node interfaces** + All nodes' network interfaces can, in general, optionally be either: + + - Untagged single port. + - Untagged two-port LAG and optionally split between redudant L2 switches + running vPC (Virtual Port-Channel), also known as multichassis + EtherChannel (MEC). + - VLAN on either single-port ETH interface or two-port LAG interface. + +.. _incl-common-deployment-terminology-end: diff --git a/doc/source/installation_guide/duplex.rst b/doc/source/installation_guide/2018_10/duplex.rst similarity index 87% rename from doc/source/installation_guide/duplex.rst rename to doc/source/installation_guide/2018_10/duplex.rst index d56ec40e4..0eb427cb1 100644 --- a/doc/source/installation_guide/duplex.rst +++ b/doc/source/installation_guide/2018_10/duplex.rst @@ -1,29 +1,27 @@ -.. _duplex: - -================================== -All-In-One Duplex Deployment Guide -================================== +============================================== +All-In-One Duplex deployment guide stx.2018.10 +============================================== .. contents:: :local: :depth: 1 -**NOTE:** The instructions to setup a StarlingX All-in-One Duplex +**NOTE:** The instructions to setup a StarlingX All-in-One Duplex (AIO-DX) with containerized openstack services in this guide are under development. For approved instructions, see the `All in One Duplex Configuration wiki page `__. ---------------------- -Deployment Description +Deployment description ---------------------- ***************** All-In-One Duplex ***************** -The All-In-One Duplex deployment option provides all three Cloud Functions -(Controller, Compute, and Storage) on two physical servers. With cloud +The All-In-One Duplex (AIO-DX) deployment option provides all three cloud +functions (controller, compute, and storage) on two physical servers. With cloud technologies, multiple diverse application types can be deployed and consolidated onto a protected pair of physical servers. For example: @@ -35,100 +33,100 @@ consolidated onto a protected pair of physical servers. For example: .. figure:: figures/starlingx-deployment-options-duplex.png :scale: 50% - :alt: All-In-One Duplex Deployment Configuration + :alt: All-In-One Duplex deployment configuration - *All-In-One Duplex Deployment Configuration* + *All-In-One Duplex deployment configuration* This two node cluster enables: -- High Availability Services running on the Controller Function across the - two physical servers in either Active/Active or Active/Standby mode. -- Storage Function running on top of LVM on single second disk, DRBD-sync'd +- High availability services running on the controller function across the + two physical servers in either active/active or active/standby mode. +- Storage function running on top of LVM on single second disk, DRBD-sync'd between the servers. -- Virtual Machines being scheduled on both Compute Functions. +- Virtual machines being scheduled on both compute functions. A All-In-One Duplex deployment provides protection against overall server hardware fault. Should an overall server hardware fault occur: -- All Controller High Availability Services go Active on remaining +- All controller high availability services go active on remaining healthy server. -- All Virtual Machines are recovered on remaining healthy server. +- All virtual machines are recovered on remaining healthy server. The All-In-One Duplex deployment solution is required for a variety of special case situations, for example: -- Small amount of Cloud Processing/Storage. +- Small amount of cloud processing/storage. - Protection against overall server hardware fault. ************************** -All-In-One Duplex Extended +All-In-One Duplex extended ************************** The All-In-One Duplex Extended deployment option extends the capacity of the -All-In-One Duplex Deployment by adding up to four Compute Nodes to the +All-In-One Duplex deployment by adding up to four compute nodes to the deployment. The extended deployment option provides a capacity growth path for someone starting with an All-In-One Duplex deployment. With this option, virtual machines can be scheduled on either of the -All-In-One Controller Nodes and/or the Compute Nodes. +all-in-one controller nodes and/or the compute nodes. .. figure:: figures/starlingx-deployment-options-duplex-extended.png :scale: 50% :alt: All-In-One Duplex Extended Deployment Configuration - *All-In-One Duplex Extended Deployment Configuration* + *All-In-One Duplex Extended deployment configuration* -This configuration is limited to four Compute Nodes as the Controller Function -on the All-In-One Controllers has only a portion of the processing power of the +This configuration is limited to four compute nodes as the controller function +on the all-in-one controllers has only a portion of the processing power of the overall server. ----------------------------------- -Preparing All-In-One Duplex Servers +Preparing All-In-One Duplex servers ----------------------------------- ********** -Bare Metal +Bare metal ********** Required Servers: -- Combined Servers (Controller + Compute): 2 +- Combined servers (controller + compute): 2 ^^^^^^^^^^^^^^^^^^^^^ -Hardware Requirements +Hardware requirements ^^^^^^^^^^^^^^^^^^^^^ The recommended minimum requirements for the physical servers where All-In-One Duplex will be deployed, include: -- Minimum Processor: +- Minimum processor: - - Typical Hardware Form Factor: + - Typical hardware form factor: - - Dual-CPU Intel® Xeon® E5 26xx Family (SandyBridge) 8 cores/socket - - Low Cost / Low Power Hardware Form Factor + - Dual-CPU Intel® Xeon® E5 26xx family (SandyBridge) 8 cores/socket + - Low cost / low power hardware form factor - - Single-CPU Intel Xeon D-15xx Family, 8 cores + - Single-CPU Intel Xeon D-15xx family, 8 cores - Memory: 64 GB - BIOS: - - Hyper-Threading Tech: Enabled - - Virtualization Technology: Enabled - - VT for Directed I/O: Enabled - - CPU Power and Performance Policy: Performance - - CPU C State Control: Disabled - - Plug & Play BMC Detection: Disabled + - Hyper-Threading technology: Enabled + - Virtualization technology: Enabled + - VT for directed I/O: Enabled + - CPU power and performance policy: Performance + - CPU C state control: Disabled + - Plug & play BMC detection: Disabled -- Primary Disk: +- Primary disk: - 500 GB SDD or NVMe -- Additional Disks: +- Additional disks: - Zero or more 500 GB disks (min. 10K RPM) -- Network Ports: +- Network ports: **NOTE:** The All-In-One Duplex configuration requires one or more data ports. @@ -137,11 +135,11 @@ All-In-One Duplex will be deployed, include: - Data: n x 10GE ******************* -Virtual Environment +Virtual environment ******************* -Run the libvirt qemu setup scripts. Setting up virtualized OAM and -Management networks: +Run the libvirt QEMU setup scripts. Setting up virtualized OAM and +management networks: :: @@ -160,7 +158,7 @@ are: - duplex-controller-1 ^^^^^^^^^^^^^^^^^^^^^^^^^ -Power Up a Virtual Server +Power up a virtual server ^^^^^^^^^^^^^^^^^^^^^^^^^ To power up a virtual server, run the following command: @@ -176,7 +174,7 @@ e.g. $ sudo virsh start duplex-controller-0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Access Virtual Server Consoles +Access virtual server consoles ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The XML for virtual servers in stx-tools repo, deployment/libvirt, @@ -201,12 +199,12 @@ sequence which follows the boot device selection. One has a few seconds to do this. -------------------------------- -Installing the Controller-0 Host +Installing the controller-0 host -------------------------------- Installing controller-0 involves initializing a host with software and then applying a bootstrap configuration from the command line. The -configured bootstrapped host becomes Controller-0. +configured bootstrapped host becomes controller-0. Procedure: @@ -215,21 +213,21 @@ Procedure: #. Configure the controller using the config_controller script. ************************* -Initializing Controller-0 +Initializing controller-0 ************************* -This section describes how to initialize StarlingX in host Controller-0. +This section describes how to initialize StarlingX in host controller-0. Except where noted, all the commands must be executed from a console of the host. -Power on the host to be configured as Controller-0, with the StarlingX +Power on the host to be configured as controller-0, with the StarlingX ISO on a USB in a bootable USB slot. Wait for the console to show the StarlingX ISO booting options: - **All-in-one Controller Configuration** - When the installer is loaded and the installer welcome screen - appears in the Controller-0 host, select the type of installation + appears in the controller-0 host, select the type of installation "All-in-one Controller Configuration". - **Graphical Console** @@ -239,13 +237,13 @@ StarlingX ISO booting options: - **Standard Security Boot Profile** - - Select "Standard Security Boot Profile" as the Security Profile. + - Select "Standard Security Boot Profile" as the security profile. Monitor the initialization. When it is complete, a reboot is initiated -on the Controller-0 host, briefly displays a GNU GRUB screen, and then +on the controller-0 host, briefly displays a GNU GRUB screen, and then boots automatically into the StarlingX image. -Log into Controller-0 as user wrsroot, with password wrsroot. The +Log into controller-0 as user wrsroot, with password wrsroot. The first time you log in as wrsroot, you are required to change your password. Enter the current password (wrsroot): @@ -266,14 +264,14 @@ Enter the new password again to confirm it: Retype new password: -Controller-0 is initialized with StarlingX, and is ready for +controller-0 is initialized with StarlingX, and is ready for configuration. ************************ -Configuring Controller-0 +Configuring controller-0 ************************ -This section describes how to perform the Controller-0 configuration +This section describes how to perform the controller-0 configuration interactively just to bootstrap system with minimum critical data. Except where noted, all the commands must be executed from the console of the active controller (here assumed to be controller-0). @@ -281,9 +279,9 @@ of the active controller (here assumed to be controller-0). When run interactively, the config_controller script presents a series of prompts for initial configuration of StarlingX: -- For the Virtual Environment, you can accept all the default values +- For the virtual environment, you can accept all the default values immediately after ‘system date and time’. -- For a Physical Deployment, answer the bootstrap configuration +- For a physical deployment, answer the bootstrap configuration questions with answers applicable to your particular physical setup. The script is used to configure the first controller in the StarlingX @@ -299,7 +297,7 @@ with no parameters: Enter ! at any prompt to abort... ... -Select [y] for System Date and Time: +Select [y] for System date and time: :: @@ -320,7 +318,7 @@ For System mode choose "duplex": 3) simplex - single node non-redundant configuration System mode [duplex-direct]: 2 -After System Date / Time and System mode: +After System date and time and System mode: :: @@ -340,21 +338,21 @@ After System Date / Time and System mode: Please complete any out of service commissioning steps with system commands and unlock controller to proceed. After config_controller bootstrap configuration, REST API, CLI and -Horizon interfaces are enabled on the controller-0 OAM IP Address. The +Horizon interfaces are enabled on the controller-0 OAM IP address. The remaining installation instructions will use the CLI. ---------------------------------- -Provisioning the Controller-0 Host +Provisioning the controller-0 host ---------------------------------- -On Controller-0, acquire Keystone administrative privileges: +On controller-0, acquire Keystone administrative privileges: :: controller-0:~$ source /etc/nova/openrc ********************************************* -Configuring Provider Networks at Installation +Configuring provider networks at installation ********************************************* Set up one provider network of the vlan type, named providernet-a: @@ -365,10 +363,10 @@ Set up one provider network of the vlan type, named providernet-a: [wrsroot@controller-0 ~(keystone_admin)]$ neutron providernet-range-create --name providernet-a-range1 --range 100-400 providernet-a ***************************************** -Providing Data Interfaces on Controller-0 +Providing data interfaces on controller-0 ***************************************** -List all interfaces +List all interfaces: :: @@ -383,7 +381,7 @@ List all interfaces | f59b9469-7702-4b46-bad5-683b95f0a1cb | enp0s8 | platform |...| None | [u'enp0s8'] | [] | [] | MTU=1500 |.. +--------------------------------------+---------+----------+...+------+--------------+------+---------+------------+.. -Configure the data interfaces +Configure the data interfaces: :: @@ -415,11 +413,11 @@ Configure the data interfaces +------------------+--------------------------------------+ ************************************* -Configuring Cinder on Controller Disk +Configuring Cinder on controller disk ************************************* Review the available disk space and capacity and obtain the uuid of the -physical disk +physical disk: :: @@ -439,7 +437,7 @@ physical disk | | | | | | |... +--------------------------------------+-----------+---------+---------+---------+------------+... -Create the 'cinder-volumes' local volume group +Create the 'cinder-volumes' local volume group: :: @@ -462,7 +460,7 @@ Create the 'cinder-volumes' local volume group | parameters | {u'lvm_type': u'thin'} | +-----------------+--------------------------------------+ -Create a disk partition to add to the volume group +Create a disk partition to add to the volume group: :: @@ -486,7 +484,7 @@ Create a disk partition to add to the volume group | updated_at | None | +-------------+--------------------------------------------------+ -Wait for the new partition to be created (i.e. status=Ready) +Wait for the new partition to be created (i.e. status=Ready): :: @@ -500,7 +498,7 @@ Wait for the new partition to be created (i.e. status=Ready) | |...| |...| | | | +--------------------------------------+...+------------+...+---------------------+----------+--------+ -Add the partition to the volume group +Add the partition to the volume group: :: @@ -526,10 +524,10 @@ Add the partition to the volume group +--------------------------+--------------------------------------------------+ ********************************************* -Adding an LVM Storage Backend at Installation +Adding an LVM storage backend at installation ********************************************* -Ensure requirements are met to add LVM storage +Ensure requirements are met to add LVM storage: :: @@ -543,7 +541,7 @@ Ensure requirements are met to add LVM storage storage. Set the 'confirmed' field to execute this operation for the lvm backend. -Add the LVM storage backend +Add the LVM storage backend: :: @@ -559,8 +557,7 @@ Add the LVM storage backend | e2697426-2d79-4a83-beb7-2eafa9ceaee5 | lvm-store | lvm | configuring |...| cinder | {} | +--------------------------------------+------------+---------+-------------+...+----------+--------------+ -Wait for the LVM storage backend to be configured (i.e. -state=Configured) +Wait for the LVM storage backend to be configured (i.e. state=configured): :: @@ -573,11 +570,11 @@ state=Configured) +--------------------------------------+------------+---------+------------+------+----------+--------------+ *********************************************** -Configuring VM Local Storage on Controller Disk +Configuring VM local storage on controller disk *********************************************** Review the available disk space and capacity and obtain the uuid of the -physical disk +physical disk: :: @@ -597,7 +594,7 @@ physical disk | | | | | | |... +--------------------------------------+-----------+---------+---------+---------+------------+... -Create the 'noval-local' volume group +Create the 'noval-local' volume group: :: @@ -622,7 +619,7 @@ Create the 'noval-local' volume group | parameters | {u'concurrent_disk_operations': 2, u'instance_backing': u'image'} | +-----------------+-------------------------------------------------------------------+ -Create a disk partition to add to the volume group +Create a disk partition to add to the volume group: :: @@ -646,7 +643,7 @@ Create a disk partition to add to the volume group | updated_at | None | +-------------+--------------------------------------------------+ -Wait for the new partition to be created (i.e. status=Ready) +Wait for the new partition to be created (i.e. status=Ready): :: @@ -660,7 +657,7 @@ Wait for the new partition to be created (i.e. status=Ready) | |...| |...| | | | +--------------------------------------+...+------------+...+---------------------+----------+--------+ -Add the partition to the volume group +Add the partition to the volume group: :: @@ -686,11 +683,11 @@ Add the partition to the volume group +--------------------------+--------------------------------------------------+ ********************** -Unlocking Controller-0 +Unlocking controller-0 ********************** You must unlock controller-0 so that you can use it to install -Controller-1. Use the system host-unlock command: +controller-1. Use the system host-unlock command: :: @@ -701,10 +698,10 @@ unavailable, and any ssh connections are dropped. To monitor the progress of the reboot, use the controller-0 console. **************************************** -Verifying the Controller-0 Configuration +Verifying the controller-0 configuration **************************************** -On Controller-0, acquire Keystone administrative privileges: +On controller-0, acquire Keystone administrative privileges: :: @@ -724,7 +721,7 @@ Verify that the controller-0 services are running: ... +-----+-------------------------------+--------------+----------------+ -Verify that controller-0 has controller and compute subfunctions +Verify that controller-0 has controller and compute subfunctions: :: @@ -743,17 +740,17 @@ Verify that controller-0 is unlocked, enabled, and available: +----+--------------+-------------+----------------+-------------+--------------+ -------------------------------- -Installing the Controller-1 Host +Installing the controller-1 host -------------------------------- After initializing and configuring controller-0, you can add and configure a backup controller controller-1. ****************************** -Initializing Controller-1 Host +Initializing controller-1 host ****************************** -Power on Controller-1. In Controller-1 console you will see: +Power on controller-1. In controller-1 console you will see: :: @@ -763,16 +760,16 @@ Power on Controller-1. In Controller-1 console you will see: controller node in order to proceed. **************************************************** -Updating Controller-1 Host Host Name and Personality +Updating controller-1 host hostname and personality **************************************************** -On Controller-0, acquire Keystone administrative privileges: +On controller-0, acquire Keystone administrative privileges: :: controller-0:~$ source /etc/nova/openrc -Wait for Controller-0 to discover new host, list the host until new +Wait for controller-0 to discover new host, list the host until new UNKNOWN host shows up in table: :: @@ -785,7 +782,7 @@ UNKNOWN host shows up in table: | 2 | None | None | locked | disabled | offline | +----+--------------+-------------+----------------+-------------+--------------+ -Use the system host-update to update Contoller-1 host personality +Use the system host-update to update contoller-1 host personality attribute: :: @@ -835,10 +832,10 @@ attribute: +---------------------+--------------------------------------+ **************************** -Monitoring Controller-1 Host +Monitoring controller-1 host **************************** -On Controller-0, you can monitor the installation progress by running +On controller-0, you can monitor the installation progress by running the system host-show command for the host periodically. Progress is shown in the install_state field. @@ -849,16 +846,16 @@ shown in the install_state field. | install_state | booting | | install_state_info | None | -Wait while the Controller-1 is configured and rebooted. Up to 20 minutes +Wait while the controller-1 is configured and rebooted. Up to 20 minutes may be required for a reboot, depending on hardware. When the reboot is -complete, the Controller-1 is reported as Locked, Disabled, and Online. +complete, the controller-1 is reported as locked, disabled, and online. ************************* -Listing Controller-1 Host +Listing controller-1 host ************************* -Once Controller-1 has been installed, configured and rebooted, on -Controller-0 list the hosts: +Once controller-1 has been installed, configured and rebooted, on +controller-0 list the hosts: :: @@ -871,10 +868,10 @@ Controller-0 list the hosts: +----+--------------+-------------+----------------+-------------+--------------+ ---------------------------------- -Provisioning the Controller-1 Host +Provisioning the controller-1 host ---------------------------------- -On Controller-0, list hosts +On controller-0, list hosts: :: @@ -887,17 +884,17 @@ On Controller-0, list hosts +----+--------------+-------------+----------------+-------------+--------------+ *********************************************** -Provisioning Network Interfaces on Controller-1 +Provisioning network interfaces on controller-1 *********************************************** -In order to list out hardware port names, types, pci-addresses that have +In order to list out hardware port names, types, PCI addresses that have been discovered: :: [wrsroot@controller-0 ~(keystone_admin)]$ system host-port-list controller-1 -Provision the Controller-1 oam interface +Provision the controller-1 OAM interface :: @@ -929,10 +926,10 @@ Provision the Controller-1 oam interface +------------------+--------------------------------------+ ***************************************** -Providing Data Interfaces on Controller-1 +Providing data interfaces on controller-1 ***************************************** -List all interfaces +List all interfaces: :: @@ -948,7 +945,7 @@ List all interfaces | e78ad9a9-e74d-4c6c-9de8-0e41aad8d7b7 | eth1000 | None |...| None | [u'eth1000'] | [] | [] | MTU=1500 |.. +--------------------------------------+---------+---------+...+------+--------------+------+------+------------+.. -Configure the data interfaces +Configure the data interfaces: :: @@ -980,11 +977,11 @@ Configure the data interfaces +------------------+--------------------------------------+ ************************************ -Provisioning Storage on Controller-1 +Provisioning storage on controller-1 ************************************ Review the available disk space and capacity and obtain the uuid of the -physical disk +physical disk: :: @@ -997,7 +994,7 @@ physical disk | 623bbfc0-2b38-432a-acf4-a28db6066cce | /dev/sdc | 2080 | HDD | 16240 | 16237 |... +--------------------------------------+-------------+------------+-------------+----------+---------------+... -Assign Cinder storage to the physical disk +Assign Cinder storage to the physical disk: :: @@ -1023,7 +1020,7 @@ Assign Cinder storage to the physical disk +-----------------+--------------------------------------+ Create a disk partition to add to the volume group based on uuid of the -physical disk +physical disk: :: @@ -1047,7 +1044,7 @@ physical disk | updated_at | None | +-------------+--------------------------------------------------+ -Wait for the new partition to be created (i.e. status=Ready) +Wait for the new partition to be created (i.e. status=Ready): :: @@ -1058,7 +1055,7 @@ Wait for the new partition to be created (i.e. status=Ready) | 7a41aab0-6695-4d16-9003-73238adda75b |...| /dev/sdb1 |...| None | 16237 | Creating (on unlock) | +--------------------------------------+...+-------------+...+-----------+----------+----------------------+ -Add the partition to the volume group +Add the partition to the volume group: :: @@ -1083,14 +1080,12 @@ Add the partition to the volume group | updated_at | None | +--------------------------+--------------------------------------------------+ -.. _configuring-vm-local-storage-on-controller-disk-1: - *********************************************** -Configuring VM Local Storage on Controller Disk +Configuring VM local storage on controller disk *********************************************** Review the available disk space and capacity and obtain the uuid of the -physical disk +physical disk: :: @@ -1103,7 +1098,7 @@ physical disk | 623bbfc0-2b38-432a-acf4-a28db6066cce | /dev/sdc | 2080 | HDD | 16240 | 16237 |... +--------------------------------------+-------------+------------+-------------+----------+---------------+... -Create the 'cinder-volumes' local volume group +Create the 'cinder-volumes' local volume group: :: @@ -1128,7 +1123,7 @@ Create the 'cinder-volumes' local volume group | parameters | {u'concurrent_disk_operations': 2, u'instance_backing': u'image'} | +-----------------+-------------------------------------------------------------------+ -Create a disk partition to add to the volume group +Create a disk partition to add to the volume group: :: @@ -1152,7 +1147,7 @@ Create a disk partition to add to the volume group | updated_at | None | +-------------+--------------------------------------------------+ -Wait for the new partition to be created (i.e. status=Ready) +Wait for the new partition to be created (i.e. status=Ready): :: @@ -1164,7 +1159,7 @@ Wait for the new partition to be created (i.e. status=Ready) | f7bc6095-9375-49fe-83c7-12601c202376 |...| /dev/sdc1 |...| None | 16237 | Creating (on unlock) | +--------------------------------------+...+-------------+...+-----------+----------+----------------------+ -Add the partition to the volume group +Add the partition to the volume group: :: @@ -1190,19 +1185,19 @@ Add the partition to the volume group +--------------------------+--------------------------------------------------+ ********************** -Unlocking Controller-1 +Unlocking controller-1 ********************** -Unlock Controller-1 +Unlock controller-1: :: [wrsroot@controller-0 ~(keystone_admin)]$ system host-unlock controller-1 -Wait while the Controller-1 is rebooted. Up to 10 minutes may be +Wait while the controller-1 is rebooted. Up to 10 minutes may be required for a reboot, depending on hardware. -REMARK: Controller-1 will remain in 'degraded' state until data-syncing +REMARK: controller-1 will remain in degraded state until data-syncing is complete. The duration is dependant on the virtualization host's configuration - i.e., the number and configuration of physical disks used to host the nodes' virtual disks. Also, the management network is @@ -1220,20 +1215,20 @@ excessive data-sync time). Use 'fm alarm-list' to confirm status. +----+--------------+-------------+----------------+-------------+--------------+ ----------------------------------- -Extending the Compute Node Capacity +Extending the compute node capacity ----------------------------------- -You can add up to four Compute Nodes to the All-in-One Duplex deployment. +You can add up to four compute nodes to the All-in-One Duplex deployment. ************************** -Compute Hosts Installation +Compute hosts installation ************************** After initializing and configuring the two controllers, you can add up to four additional compute hosts. To add a host, do the following: ^^^^^^^^^^^^^^^^^ -Initializing Host +Initializing host ^^^^^^^^^^^^^^^^^ Power on the host. The following appears in the host console: @@ -1246,16 +1241,16 @@ Power on the host. The following appears in the host console: controller node in order to proceed. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Updating the Host Name and Personality +Updating the hostname and personality ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -On Controller-0, acquire Keystone administrative privileges: +On controller-0, acquire Keystone administrative privileges: :: controller-0:~$ source /etc/nova/openrc -Wait for the Controller-0 to both discover the new host and to list that host +Wait for the controller-0 to both discover the new host and to list that host as UNKNOWN in the table: :: @@ -1275,7 +1270,7 @@ Use the system host-update command to update the host personality attribute: [wrsroot@controller-0 ~(keystone_admin)]$ system host-update 3 personality=compute hostname=compute-0 -See also: 'system help host-update' +See also: 'system help host-update'. Unless it is known that the host's configuration can support the installation of more than one node, it is recommended that the @@ -1285,10 +1280,10 @@ root disk and that disk happens to be a single rotational type hard disk, then the host cannot reliably support parallel node installation. ^^^^^^^^^^^^^^^ -Monitoring Host +Monitoring host ^^^^^^^^^^^^^^^ -On Controller-0, you can monitor the installation progress by periodically +On controller-0, you can monitor the installation progress by periodically running the system host-show command for the host. Progress is shown in the install_state field. @@ -1301,11 +1296,11 @@ shown in the install_state field. Wait while the host is installed, configured, and rebooted. Depending on hardware, it could take up to 20 minutes for this process to complete. -When the reboot is complete, the host is reported as Locked, Disabled, -and Online. +When the reboot is complete, the host is reported as locked, disabled, +and online. ^^^^^^^^^^^^^ -Listing Hosts +Listing hosts ^^^^^^^^^^^^^ You can use the system host-list command to list the hosts once the node @@ -1323,26 +1318,26 @@ has been installed, configured, and rebooted: +----+--------------+-------------+----------------+-------------+--------------+ ***************************** -Provisioning the Compute Host +Provisioning the compute host ***************************** You must configure the network interfaces and the storage disks on a -host before you can unlock it. For each Compute Host, do the following: +host before you can unlock it. For each compute host, do the following: -On Controller-0, acquire Keystone administrative privileges: +On controller-0, acquire Keystone administrative privileges: :: controller-0:~$ source /etc/nova/openrc ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Provisioning Network Interfaces on a Compute Host +Provisioning network interfaces on a compute host ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ In order to identify hardware port names, types, and discovered -pci-addresses on Controller-0, list the host ports: +pci-addresses on controller-0, list the host ports: -- **Only in Virtual Environment**: Ensure that the interface used is +- **Only in virtual environment**: Ensure that the interface used is one of those attached to the host bridge with model type "virtio" (i.e. eth1000 and eth1001). The model type "e1000" emulated devices will not work for provider networks: @@ -1359,17 +1354,17 @@ pci-addresses on Controller-0, list the host ports: | c1694675-643d-4ba7-b821-cd147450112e | eth1001 | ethernet | 0000:02:04.0 |... +--------------------------------------+---------+----------+--------------+... -Use the following command to provision the data interface for Compute: +Use the following command to provision the data interface for compute: :: [wrsroot@controller-0 ~(keystone_admin)]$ system host-if-modify -p providernet-a -c data compute-0 eth1000 ^^^^^^^^^^^^^^^^^^^^^^^^^^^ -VSwitch Virtual Environment +VSwitch virtual environment ^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**Only in Virtual Environment**. If the compute node has more than four CPUs, +**Only in virtual environment**. If the compute node has more than four CPUs, the system auto-configures the vswitch to use two cores. However, some virtual environments do not properly support multi-queue, which is required in a multi-CPU environment. Therefore, run the following command to reduce the @@ -1388,7 +1383,7 @@ vswitch cores to one: +--------------------------------------+-------+-----------+-------+--------+... ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Provisioning Storage on a Compute Host +Provisioning storage on a compute host ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Review the available disk space and capacity and then obtain the uuid(s) of @@ -1458,31 +1453,31 @@ group based on the uuid of the physical disk: +--------------------------+--------------------------------------------+ ^^^^^^^^^^^^^^^^^^^^^^^^ -Unlocking a Compute Host +Unlocking a compute host ^^^^^^^^^^^^^^^^^^^^^^^^ -On Controller-0, use the system host-unlock command to unlock the -Compute node: +On controller-0, use the system host-unlock command to unlock the +compute node: :: [wrsroot@controller-0 ~(keystone_admin)]$ system host-unlock compute-0 -Wait while the Compute node is rebooted and re-configured. Depending on +Wait while the compute node is rebooted and re-configured. Depending on hardware, it can take up to 10 minutes for the reboot to complete. Once -the reboot is complete, the nodes Availability State reports as "In-Test" +the reboot is complete, the nodes availability state reports as "in-test" and is followed by unlocked/enabled. ------------------- -System Health Check +System health check ------------------- *********************** -Listing StarlingX Nodes +Listing StarlingX nodes *********************** -On Controller-0, after a few minutes, all nodes are reported as -Unlocked, Enabled, and Available: +On controller-0, after a few minutes, all nodes are reported as +unlocked, enabled, and available: :: @@ -1496,18 +1491,20 @@ Unlocked, Enabled, and Available: +----+--------------+-------------+----------------+-------------+--------------+ ***************** -System Alarm List +System alarm list ***************** -When all nodes are Unlocked, Enabled and Available: check 'fm alarm-list' for issues. +When all nodes are unlocked, enabled, and available: check 'fm alarm-list' for +issues. -Your StarlingX deployment is now up and running with 2x HA Controllers with Cinder -Storage and all OpenStack services up and running. You can now proceed with standard -OpenStack APIs, CLIs and/or Horizon to load Glance Images, configure Nova Flavors, -configure Neutron networks and launch Nova Virtual Machines. +Your StarlingX deployment is now up and running with 2x HA controllers with +Cinder storage and all OpenStack services up and running. You can now proceed +with standard OpenStack APIs, CLIs and/or Horizon to load Glance images, +configure Nova Flavors, configure Neutron networks and launch Nova virtual +machines. ---------------------- -Deployment Terminology +Deployment terminology ---------------------- .. include:: deployment_terminology.rst diff --git a/doc/source/installation_guide/figures/starlingx-deployment-options-controller-storage.png b/doc/source/installation_guide/2018_10/figures/starlingx-deployment-options-controller-storage.png similarity index 100% rename from doc/source/installation_guide/figures/starlingx-deployment-options-controller-storage.png rename to doc/source/installation_guide/2018_10/figures/starlingx-deployment-options-controller-storage.png diff --git a/doc/source/installation_guide/figures/starlingx-deployment-options-dedicated-storage.png b/doc/source/installation_guide/2018_10/figures/starlingx-deployment-options-dedicated-storage.png similarity index 100% rename from doc/source/installation_guide/figures/starlingx-deployment-options-dedicated-storage.png rename to doc/source/installation_guide/2018_10/figures/starlingx-deployment-options-dedicated-storage.png diff --git a/doc/source/installation_guide/figures/starlingx-deployment-options-duplex-extended.png b/doc/source/installation_guide/2018_10/figures/starlingx-deployment-options-duplex-extended.png similarity index 100% rename from doc/source/installation_guide/figures/starlingx-deployment-options-duplex-extended.png rename to doc/source/installation_guide/2018_10/figures/starlingx-deployment-options-duplex-extended.png diff --git a/doc/source/installation_guide/figures/starlingx-deployment-options-duplex.png b/doc/source/installation_guide/2018_10/figures/starlingx-deployment-options-duplex.png similarity index 100% rename from doc/source/installation_guide/figures/starlingx-deployment-options-duplex.png rename to doc/source/installation_guide/2018_10/figures/starlingx-deployment-options-duplex.png diff --git a/doc/source/installation_guide/figures/starlingx-deployment-options-simplex.png b/doc/source/installation_guide/2018_10/figures/starlingx-deployment-options-simplex.png similarity index 100% rename from doc/source/installation_guide/figures/starlingx-deployment-options-simplex.png rename to doc/source/installation_guide/2018_10/figures/starlingx-deployment-options-simplex.png diff --git a/doc/source/installation_guide/2018_10/index.rst b/doc/source/installation_guide/2018_10/index.rst new file mode 100644 index 000000000..57ee6d119 --- /dev/null +++ b/doc/source/installation_guide/2018_10/index.rst @@ -0,0 +1,288 @@ +============================== +Installation guide stx.2018.10 +============================== + +This is the installation guide for release stx.2018.10. If an installation +guide is needed for a previous release, review the +:doc:`installation guides for previous releases `. + +------------ +Introduction +------------ + +StarlingX may be installed in: + +- **Bare metal**: Real deployments of StarlingX are only supported on + physical servers. +- **Virtual environment**: It should only be used for evaluation or + development purposes. + +StarlingX installed in virtual environments has two options: + +- :doc:`Libvirt/QEMU ` +- VirtualBox + +------------ +Requirements +------------ + +Different use cases require different configurations. + +********** +Bare metal +********** + +The minimum requirements for the physical servers where StarlingX might +be deployed, include: + +- **Controller hosts** + + - Minimum processor is: + + - Dual-CPU Intel® Xeon® E5 26xx family (SandyBridge) 8 + cores/socket + + - Minimum memory: 64 GB + - Hard drives: + + - Primary hard drive, minimum 500 GB for OS and system databases. + - Secondary hard drive, minimum 500 GB for persistent VM storage. + + - 2 physical Ethernet interfaces: OAM and MGMT network. + - USB boot support. + - PXE boot support. + +- **Storage hosts** + + - Minimum processor is: + + - Dual-CPU Intel® Xeon® E5 26xx family (SandyBridge) 8 + cores/socket. + + - Minimum memory: 64 GB. + - Hard drives: + + - Primary hard drive, minimum 500 GB for OS. + - 1 or more additional hard drives for CEPH OSD storage, and + - Optionally 1 or more SSD or NVMe drives for CEPH journals. + + - 1 physical Ethernet interface: MGMT network + - PXE boot support. + +- **Compute hosts** + + - Minimum processor is: + + - Dual-CPU Intel® Xeon® E5 26xx family (SandyBridge) 8 + cores/socket. + + - Minimum memory: 32 GB. + - Hard drives: + + - Primary hard drive, minimum 500 GB for OS. + - 1 or more additional hard drives for ephemeral VM storage. + + - 2 or more physical Ethernet interfaces: MGMT network and 1 or more + provider networks. + - PXE boot support. + +- **All-In-One Simplex or Duplex, controller + compute hosts** + + - Minimum processor is: + + - Typical hardware form factor: + + - Dual-CPU Intel® Xeon® E5 26xx family (SandyBridge) 8 cores/socket + - Low cost / low power hardware form factor + + - Single-CPU Intel Xeon D-15xx family, 8 cores + + - Minimum memory: 64 GB. + - Hard drives: + + - Primary hard drive, minimum 500 GB SDD or NVMe. + - 0 or more 500 GB disks (min. 10K RPM). + + - Network ports: + + **NOTE:** Duplex and Simplex configurations require one or more data + ports. + The Duplex configuration requires a management port. + + - Management: 10GE (Duplex only) + - OAM: 10GE + - Data: n x 10GE + +The recommended minimum requirements for the physical servers are +described later in each StarlingX deployment guide. + +^^^^^^^^^^^^^^^^^^^^^^^^ +NVMe drive as boot drive +^^^^^^^^^^^^^^^^^^^^^^^^ + +To use a Non-Volatile Memory Express (NVMe) drive as the boot drive for any of +your nodes, you must configure your host and adjust kernel parameters during +installation: + +- Configure the host to be in UEFI mode. +- Edit the kernel boot parameter. After you are presented with the StarlingX + ISO boot options and after you have selected the preferred installation option + (e.g. Standard Configuration / All-in-One Controller Configuration), press the + TAB key to edit the kernel boot parameters. Modify the **boot_device** and + **rootfs_device** from the default **sda** so that it is the correct device + name for the NVMe drive (e.g. "nvme0n1"). + + :: + + vmlinuz rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot + inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=nvme0n1 + rootfs_device=nvme0n1 biosdevname=0 usbcore.autosuspend=-1 inst.gpt + security_profile=standard user_namespace.enable=1 initrd=initrd.img + + +******************* +Virtual environment +******************* + +The recommended minimum requirements for the workstation, hosting the +virtual machine(s) where StarlingX will be deployed, include: + +^^^^^^^^^^^^^^^^^^^^^ +Hardware requirements +^^^^^^^^^^^^^^^^^^^^^ + +A workstation computer with: + +- Processor: x86_64 only supported architecture with BIOS enabled + hardware virtualization extensions +- Cores: 8 (4 with careful monitoring of cpu load) +- Memory: At least 32GB RAM +- Hard Disk: 500GB HDD +- Network: Two network adapters with active Internet connection + +^^^^^^^^^^^^^^^^^^^^^ +Software requirements +^^^^^^^^^^^^^^^^^^^^^ + +A workstation computer with: + +- Operating System: Freshly installed Ubuntu 16.04 LTS 64-bit +- Proxy settings configured (if applies) +- Git +- KVM/VirtManager +- Libvirt library +- QEMU full-system emulation binaries +- stx-tools project +- StarlingX ISO image + +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Deployment environment setup +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This section describes how to set up the workstation computer which will +host the virtual machine(s) where StarlingX will be deployed. + +'''''''''''''''''''''''''''''' +Updating your operating system +'''''''''''''''''''''''''''''' + +Before proceeding with the build, ensure your OS is up to date. You’ll +first need to update the local database list of available packages: + +:: + + $ sudo apt-get update + +''''''''''''''''''''''''' +Install stx-tools project +''''''''''''''''''''''''' + +Clone the stx-tools project. Usually you’ll want to clone it under your +user’s home directory. + +:: + + $ cd $HOME + $ git clone https://git.starlingx.io/stx-tools + + +'''''''''''''''''''''''''''''''''''''''' +Installing requirements and dependencies +'''''''''''''''''''''''''''''''''''''''' + +Navigate to the stx-tools installation libvirt directory: + +:: + + $ cd $HOME/stx-tools/deployment/libvirt/ + + +Install the required packages: + +:: + + $ bash install_packages.sh + + +'''''''''''''''''' +Disabling firewall +'''''''''''''''''' + +Unload firewall and disable firewall on boot: + +:: + + $ sudo ufw disable + Firewall stopped and disabled on system startup + $ sudo ufw status + Status: inactive + + +------------------------------- +Getting the StarlingX ISO image +------------------------------- + +Follow the instructions from the :doc:`/developer_guide/2018_10/index` to build a +StarlingX ISO image. + +********** +Bare metal +********** + +A bootable USB flash drive containing StarlingX ISO image. + + +******************* +Virtual environment +******************* + +Copy the StarlingX ISO Image to the stx-tools deployment libvirt project +directory: + +:: + + $ cp $HOME/stx-tools/deployment/libvirt/ + + +------------------ +Deployment options +------------------ + +- Standard controller + + - :doc:`StarlingX Cloud with Dedicated Storage ` + - :doc:`StarlingX Cloud with Controller Storage ` + +- All-in-one + + - :doc:`StarlingX Cloud Duplex ` + - :doc:`StarlingX Cloud Simplex ` + +.. toctree:: + :hidden: + + installation_libvirt_qemu + controller_storage + dedicated_storage + duplex + simplex diff --git a/doc/source/installation_guide/2018_10/installation_libvirt_qemu.rst b/doc/source/installation_guide/2018_10/installation_libvirt_qemu.rst new file mode 100644 index 000000000..5caf027b7 --- /dev/null +++ b/doc/source/installation_guide/2018_10/installation_libvirt_qemu.rst @@ -0,0 +1,204 @@ +===================================== +Installation libvirt qemu stx.2018.10 +===================================== + +Installation for StarlingX stx.2018.10 using Libvirt/QEMU virtualization. + +--------------------- +Hardware requirements +--------------------- + +A workstation computer with: + +- Processor: x86_64 only supported architecture with BIOS enabled + hardware virtualization extensions +- Memory: At least 32GB RAM +- Hard disk: 500GB HDD +- Network: One network adapter with active Internet connection + +--------------------- +Software requirements +--------------------- + +A workstation computer with: + +- Operating system: This process is known to work on Ubuntu 16.04 and + is likely to work on other Linux OS's with some appropriate adjustments. +- Proxy settings configured (if applies) +- Git +- KVM/VirtManager +- Libvirt library +- QEMU full-system emulation binaries +- stx-tools project +- StarlingX ISO image + +---------------------------- +Deployment environment setup +---------------------------- + +************* +Configuration +************* + +These scripts are configured using environment variables that all have +built-in defaults. On shared systems you probably do not want to use the +defaults. The simplest way to handle this is to keep an rc file that can +be sourced into an interactive shell that configures everything. Here's +an example called stxcloud.rc: + +:: + + export CONTROLLER=stxcloud + export COMPUTE=stxnode + export STORAGE=stxstorage + export BRIDGE_INTERFACE=stxbr + export INTERNAL_NETWORK=172.30.20.0/24 + export INTERNAL_IP=172.30.20.1/24 + export EXTERNAL_NETWORK=192.168.20.0/24 + export EXTERNAL_IP=192.168.20.1/24 + + +This rc file shows the defaults baked into the scripts: + +:: + + export CONTROLLER=controller + export COMPUTE=compute + export STORAGE=storage + export BRIDGE_INTERFACE=stxbr + export INTERNAL_NETWORK=10.10.10.0/24 + export INTERNAL_IP=10.10.10.1/24 + export EXTERNAL_NETWORK=192.168.204.0/24 + export EXTERNAL_IP=192.168.204.1/24 + + +************************* +Install stx-tools project +************************* + +Clone the stx-tools project into a working directory. + +:: + + git clone git://git.openstack.org/openstack/stx-tools.git + + +It is convenient to set up a shortcut to the deployment script +directory: + +:: + + SCRIPTS=$(pwd)/stx-tools/deployment/libvirt + + +If you created a configuration, load it from stxcloud.rc: + +:: + + source stxcloud.rc + + +**************************************** +Installing requirements and dependencies +**************************************** + +Install the required packages and configure QEMU. This only needs to be +done once per host. (NOTE: this script only knows about Ubuntu at this +time): + +:: + + $SCRIPTS/install_packages.sh + + +****************** +Disabling firewall +****************** + +Unload firewall and disable firewall on boot: + +:: + + sudo ufw disable + sudo ufw status + + +****************** +Configure networks +****************** + +Configure the network bridges using setup_network.sh before doing +anything else. It will create 4 bridges named stxbr1, stxbr2, stxbr3 and +stxbr4. Set the BRIDGE_INTERFACE environment variable if you need to +change stxbr to something unique. + +:: + + $SCRIPTS/setup_network.sh + + +The destroy_network.sh script does the reverse, and should not be used +lightly. It should also only be used after all of the VMs created below +have been destroyed. + +There is also a script cleanup_network.sh that will remove networking +configuration from libvirt. + +********************* +Configure controllers +********************* + +One script exists for building different StarlingX cloud configurations: +setup_configuration.sh. + +The script uses the cloud configuration with the -c option: + +- simplex +- duplex +- controllerstorage +- dedicatedstorage + +You need an ISO file for the installation, the script takes a file name +with the -i option: + +:: + + $SCRIPTS/setup_configuration.sh -c -i + + +And the setup will begin. The scripts create one or more VMs and start +the boot of the first controller, named oddly enough \``controller-0``. +If you have Xwindows available you will get virt-manager running. If +not, Ctrl-C out of that attempt if it doesn't return to a shell prompt. +Then connect to the serial console: + +:: + + virsh console controller-0 + + +Continue the usual StarlingX installation from this point forward. + +Tear down the VMs using destroy_configuration.sh. + +:: + + $SCRIPTS/destroy_configuration.sh -c + + +-------- +Continue +-------- + +Pick up the installation in one of the existing guides at the initializing +controller-0 step. + +- Standard controller + + - :doc:`StarlingX Cloud with Dedicated Storage Virtual Environment ` + - :doc:`StarlingX Cloud with Controller Storage Virtual Environment ` + +- All-in-one + + - :doc:`StarlingX Cloud Duplex Virtual Environment ` + - :doc:`StarlingX Cloud Simplex Virtual Environment ` diff --git a/doc/source/installation_guide/simplex.rst b/doc/source/installation_guide/2018_10/simplex.rst similarity index 86% rename from doc/source/installation_guide/simplex.rst rename to doc/source/installation_guide/2018_10/simplex.rst index 0ddaa3bd8..c639cba32 100644 --- a/doc/source/installation_guide/simplex.rst +++ b/doc/source/installation_guide/2018_10/simplex.rst @@ -1,8 +1,6 @@ -.. _simplex: - -=================================== -All-In-One Simplex Deployment Guide -=================================== +=============================================== +All-In-One Simplex deployment guide stx.2018.10 +=============================================== .. contents:: :local: @@ -15,14 +13,14 @@ For approved instructions, see the `One Node Configuration wiki page `__. ---------------------- -Deployment Description +Deployment description ---------------------- -The All-In-One Simplex deployment option provides all three Cloud Functions -(Controller, Compute, and Storage) on a single physical server. With these Cloud -Functions, multiple application types can be deployed and consolidated onto a -single physical server. For example, with a All-In-One Simplex deployment you -can: +The All-In-One Simplex (AIO-SX) deployment option provides all three cloud +gunctions (controller, compute, and storage) on a single physical server. With +these cloud functions, multiple application types can be deployed and +consolidated onto a single physical server. For example, with a AIO-SX +deployment you can: - Consolidate legacy applications that must run standalone on a server by using multiple virtual machines on a single physical server. @@ -30,14 +28,14 @@ can: different distributions of operating systems by using multiple virtual machines on a single physical server. -Only a small amount of Cloud Processing / Storage power is required with an +Only a small amount of cloud processing / storage power is required with an All-In-One Simplex deployment. .. figure:: figures/starlingx-deployment-options-simplex.png :scale: 50% - :alt: All-In-One Simplex Deployment Configuration + :alt: All-In-One Simplex deployment configuration - *All-In-One Simplex Deployment Configuration* + *All-In-One Simplex deployment configuration* An All-In-One Simplex deployment provides no protection against an overall server hardware fault. Protection against overall server hardware fault is @@ -46,52 +44,52 @@ could be enabled if, for example, an HW RAID or 2x Port LAG is used in the deployment. -------------------------------------- -Preparing an All-In-One Simplex Server +Preparing an All-In-One Simplex server -------------------------------------- ********** -Bare Metal +Bare metal ********** Required Server: -- Combined Server (Controller + Compute): 1 +- Combined server (controller + compute): 1 ^^^^^^^^^^^^^^^^^^^^^ -Hardware Requirements +Hardware requirements ^^^^^^^^^^^^^^^^^^^^^ The recommended minimum requirements for the physical servers where All-In-One Simplex will be deployed are: -- Minimum Processor: +- Minimum processor: - - Typical Hardware Form Factor: + - Typical hardware form factor: - - Dual-CPU Intel® Xeon® E5 26xx Family (SandyBridge) 8 cores/socket - - Low Cost / Low Power Hardware Form Factor + - Dual-CPU Intel® Xeon® E5 26xx family (SandyBridge) 8 cores/socket + - Low cost / low power hardware form factor - - Single-CPU Intel Xeon D-15xx Family, 8 cores + - Single-CPU Intel Xeon D-15xx family, 8 cores - Memory: 64 GB - BIOS: - - Hyper-Threading Tech: Enabled - - Virtualization Technology: Enabled - - VT for Directed I/O: Enabled - - CPU Power and Performance Policy: Performance - - CPU C State Control: Disabled - - Plug & Play BMC Detection: Disabled + - Hyper-Threading technology: Enabled + - Virtualization technology: Enabled + - VT for directed I/O: Enabled + - CPU power and performance policy: Performance + - CPU C state control: Disabled + - Plug & play BMC detection: Disabled -- Primary Disk: +- Primary disk: - 500 GB SDD or NVMe -- Additional Disks: +- Additional disks: - Zero or more 500 GB disks (min. 10K RPM) -- Network Ports +- Network ports **NOTE:** All-In-One Simplex configuration requires one or more data ports. This configuration does not require a management port. @@ -100,11 +98,11 @@ All-In-One Simplex will be deployed are: - Data: n x 10GE ******************* -Virtual Environment +Virtual environment ******************* Run the libvirt qemu setup scripts. Setting up virtualized OAM and -Management networks: +management networks: :: @@ -121,7 +119,7 @@ The default XML server definition created by the previous script is: - simplex-controller-0 ^^^^^^^^^^^^^^^^^^^^^^^^^ -Power Up a Virtual Server +Power up a virtual server ^^^^^^^^^^^^^^^^^^^^^^^^^ To power up the virtual server, run the following command: @@ -137,7 +135,7 @@ e.g. $ sudo virsh start simplex-controller-0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Access a Virtual Server Console +Access a virtual server console ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The XML for virtual servers in stx-tools repo, deployment/libvirt, @@ -162,12 +160,12 @@ sequence which follows the boot device selection. One has a few seconds to do this. ------------------------------ -Installing the Controller Host +Installing the controller host ------------------------------ Installing controller-0 involves initializing a host with software and then applying a bootstrap configuration from the command line. The -configured bootstrapped host becomes Controller-0. +configured bootstrapped host becomes controller-0. Procedure: @@ -176,21 +174,21 @@ Procedure: #. Configure the controller using the config_controller script. ************************* -Initializing Controller-0 +Initializing controller-0 ************************* -This section describes how to initialize StarlingX in host Controller-0. +This section describes how to initialize StarlingX in host controller-0. Except where noted, all the commands must be executed from a console of the host. -Power on the host to be configured as Controller-0, with the StarlingX +Power on the host to be configured as controller-0, with the StarlingX ISO on a USB in a bootable USB slot. Wait for the console to show the StarlingX ISO booting options: - **All-in-one Controller Configuration** - When the installer is loaded and the installer welcome screen - appears in the Controller-0 host, select the type of installation + appears in the controller-0 host, select the type of installation "All-in-one Controller Configuration". - **Graphical Console** @@ -203,10 +201,10 @@ StarlingX ISO booting options: - Select "Standard Security Boot Profile" as the Security Profile. Monitor the initialization. When it is complete, a reboot is initiated -on the Controller-0 host, briefly displays a GNU GRUB screen, and then +on the controller-0 host, briefly displays a GNU GRUB screen, and then boots automatically into the StarlingX image. -Log into Controller-0 as user wrsroot, with password wrsroot. The +Log into controller-0 as user wrsroot, with password wrsroot. The first time you log in as wrsroot, you are required to change your password. Enter the current password (wrsroot): @@ -228,14 +226,13 @@ Enter the new password again to confirm it: Retype new password: -Controller-0 is initialized with StarlingX, and is ready for -configuration. +controller-0 is initialized with StarlingX, and is ready for configuration. ************************ -Configuring Controller-0 +Configuring controller-0 ************************ -This section describes how to perform the Controller-0 configuration +This section describes how to perform the controller-0 configuration interactively just to bootstrap system with minimum critical data. Except where noted, all the commands must be executed from the console of the active controller (here assumed to be controller-0). @@ -243,9 +240,9 @@ of the active controller (here assumed to be controller-0). When run interactively, the config_controller script presents a series of prompts for initial configuration of StarlingX: -- For the Virtual Environment, you can accept all the default values +- For the virtual environment, you can accept all the default values immediately after ‘system date and time’. -- For a Physical Deployment, answer the bootstrap configuration +- For a physical deployment, answer the bootstrap configuration questions with answers applicable to your particular physical setup. The script is used to configure the first controller in the StarlingX @@ -261,7 +258,7 @@ with no parameters: Enter ! at any prompt to abort... ... -Select [y] for System Date and Time: +Select [y] for System date and time: :: @@ -281,7 +278,7 @@ For System mode choose "simplex": 3) simplex - single node non-redundant configuration System mode [duplex-direct]: 3 -After System Date / Time and System mode: +After System date and time and System mode: :: @@ -302,21 +299,21 @@ After System Date / Time and System mode: commands and unlock controller to proceed. After config_controller bootstrap configuration, REST API, CLI and -Horizon interfaces are enabled on the controller-0 OAM IP Address. The +Horizon interfaces are enabled on the controller-0 OAM IP address. The remaining installation instructions will use the CLI. -------------------------------- -Provisioning the Controller Host +Provisioning the controller host -------------------------------- -On Controller-0, acquire Keystone administrative privileges: +On controller-0, acquire Keystone administrative privileges: :: controller-0:~$ source /etc/nova/openrc ********************************************* -Configuring Provider Networks at Installation +Configuring provider networks at installation ********************************************* Set up one provider network of the vlan type, named providernet-a: @@ -327,10 +324,10 @@ Set up one provider network of the vlan type, named providernet-a: [wrsroot@controller-0 ~(keystone_admin)]$ neutron providernet-range-create --name providernet-a-range1 --range 100-400 providernet-a ***************************************** -Providing Data Interfaces on Controller-0 +Providing data interfaces on controller-0 ***************************************** -List all interfaces +List all interfaces: :: @@ -345,7 +342,7 @@ List all interfaces | f59b9469-7702-4b46-bad5-683b95f0a1cb | enp0s8 | platform |...| None | [u'enp0s8'] | [] | [] | MTU=1500 |.. +--------------------------------------+---------+----------+...+------+--------------+------+---------+------------+.. -Configure the data interfaces +Configure the data interfaces: :: @@ -377,11 +374,11 @@ Configure the data interfaces +------------------+--------------------------------------+ ************************************* -Configuring Cinder on Controller Disk +Configuring Cinder on controller disk ************************************* Review the available disk space and capacity and obtain the uuid of the -physical disk +physical disk: :: @@ -401,7 +398,7 @@ physical disk | | | | | | |... +--------------------------------------+-----------+---------+---------+---------+------------+... -Create the 'cinder-volumes' local volume group +Create the 'cinder-volumes' local volume group: :: @@ -424,7 +421,7 @@ Create the 'cinder-volumes' local volume group | parameters | {u'lvm_type': u'thin'} | +-----------------+--------------------------------------+ -Create a disk partition to add to the volume group +Create a disk partition to add to the volume group: :: @@ -448,7 +445,7 @@ Create a disk partition to add to the volume group | updated_at | None | +-------------+--------------------------------------------------+ -Wait for the new partition to be created (i.e. status=Ready) +Wait for the new partition to be created (i.e. status=Ready): :: @@ -462,7 +459,7 @@ Wait for the new partition to be created (i.e. status=Ready) | |...| |...| | | | +--------------------------------------+...+------------+...+---------------------+----------+--------+ -Add the partition to the volume group +Add the partition to the volume group: :: @@ -488,10 +485,10 @@ Add the partition to the volume group +--------------------------+--------------------------------------------------+ ********************************************* -Adding an LVM Storage Backend at Installation +Adding an LVM storage backend at installation ********************************************* -Ensure requirements are met to add LVM storage +Ensure requirements are met to add LVM storage: :: @@ -505,7 +502,7 @@ Ensure requirements are met to add LVM storage storage. Set the 'confirmed' field to execute this operation for the lvm backend. -Add the LVM storage backend +Add the LVM storage backend: :: @@ -521,8 +518,7 @@ Add the LVM storage backend | e2697426-2d79-4a83-beb7-2eafa9ceaee5 | lvm-store | lvm | configuring |...| cinder | {} | +--------------------------------------+------------+---------+-------------+...+----------+--------------+ -Wait for the LVM storage backend to be configured (i.e. -state=Configured) +Wait for the LVM storage backend to be configured (i.e. state=configured): :: @@ -535,11 +531,11 @@ state=Configured) +--------------------------------------+------------+---------+------------+------+----------+--------------+ *********************************************** -Configuring VM Local Storage on Controller Disk +Configuring VM local storage on controller disk *********************************************** Review the available disk space and capacity and obtain the uuid of the -physical disk +physical disk: :: @@ -559,7 +555,7 @@ physical disk | | | | | | |... +--------------------------------------+-----------+---------+---------+---------+------------+... -Create the 'nova-local' volume group +Create the 'nova-local' volume group: :: @@ -584,7 +580,7 @@ Create the 'nova-local' volume group | parameters | {u'concurrent_disk_operations': 2, u'instance_backing': u'image'} | +-----------------+-------------------------------------------------------------------+ -Create a disk partition to add to the volume group +Create a disk partition to add to the volume group: :: @@ -608,7 +604,7 @@ Create a disk partition to add to the volume group | updated_at | None | +-------------+--------------------------------------------------+ -Wait for the new partition to be created (i.e. status=Ready) +Wait for the new partition to be created (i.e. status=Ready): :: @@ -622,7 +618,7 @@ Wait for the new partition to be created (i.e. status=Ready) | |...| |...| | | | +--------------------------------------+...+------------+...+---------------------+----------+--------+ -Add the partition to the volume group +Add the partition to the volume group: :: @@ -648,11 +644,11 @@ Add the partition to the volume group +--------------------------+--------------------------------------------------+ ********************** -Unlocking Controller-0 +Unlocking controller-0 ********************** You must unlock controller-0 so that you can use it to install -Controller-1. Use the system host-unlock command: +controller-1. Use the system host-unlock command: :: @@ -663,10 +659,10 @@ unavailable, and any ssh connections are dropped. To monitor the progress of the reboot, use the controller-0 console. **************************************** -Verifying the Controller-0 Configuration +Verifying the controller-0 configuration **************************************** -On Controller-0, acquire Keystone administrative privileges: +On controller-0, acquire Keystone administrative privileges: :: @@ -686,7 +682,7 @@ Verify that the controller-0 services are running: ... +-----+-------------------------------+--------------+----------------+ -Verify that controller-0 has controller and compute subfunctions +Verify that controller-0 has controller and compute subfunctions: :: @@ -705,18 +701,19 @@ Verify that controller-0 is unlocked, enabled, and available: +----+--------------+-------------+----------------+-------------+--------------+ ***************** -System Alarm List +System alarm list ***************** -When all nodes are Unlocked, Enabled and Available: check 'fm alarm-list' for issues. +When all nodes are unlocked, enabled, and available: check 'fm alarm-list' for +issues. -Your StarlingX deployment is now up and running with 1 Controller with Cinder Storage -and all OpenStack services up and running. You can now proceed with standard OpenStack -APIs, CLIs and/or Horizon to load Glance Images, configure Nova Flavors, configure -Neutron networks and launch Nova Virtual Machines. +Your StarlingX deployment is now up and running with one controller with Cinder +storage and all OpenStack services up and running. You can now proceed with +standard OpenStack APIs, CLIs and/or Horizon to load Glance images, configure +Nova Flavors, configure Neutron networks and launch Nova virtual machines. ---------------------- -Deployment Terminology +Deployment terminology ---------------------- .. include:: deployment_terminology.rst diff --git a/doc/source/installation_guide/deployment_terminology.rst b/doc/source/installation_guide/deployment_terminology.rst deleted file mode 100644 index 90a628eac..000000000 --- a/doc/source/installation_guide/deployment_terminology.rst +++ /dev/null @@ -1,119 +0,0 @@ -.. _incl-simplex-deployment-terminology: - -**All-In-One Controller Node** - A single physical node that provides a Controller Function, Compute - Function, and Storage Function. - -.. _incl-simplex-deployment-terminology-end: - - -.. _incl-standard-controller-deployment-terminology: - -**Controller Node / Function** - A node that runs Cloud Control Function for managing Cloud Resources. - - - Runs Cloud Control Functions for managing Cloud Resources. - - Runs all OpenStack Control Functions (e.g. managing Images, Virtual - Volumes, Virtual Network, and Virtual Machines). - - Can be part of a two-node HA Control Node Cluster for running Control - Functions either Active/Active or Active/Standby. - -**Compute ( & Network ) Node / Function** - A node that hosts applications in Virtual Machines using Compute Resources - such as CPU, Memory, and Disk. - - - Runs Virtual Switch for realizing virtual networks. - - Provides L3 Routing and NET Services. - -.. _incl-standard-controller-deployment-terminology-end: - - -.. _incl-dedicated-storage-deployment-terminology: - -**Storage Node / Function** - A node that contains a set of Disks (e.g. SATA, SAS, SSD, and/or NVMe). - - - Runs CEPH Distributed Storage Software. - - Part of an HA multi-node CEPH Storage Cluster supporting a replication - factor of two or three, Journal Caching, and Class Tiering. - - Provides HA Persistent Storage for Images, Virtual Volumes - (i.e. Block Storage), and Object Storage. - -.. _incl-dedicated-storage-deployment-terminology-end: - -.. _incl-common-deployment-terminology: - -**OAM Network** - The network on which all external StarlingX Platform APIs are exposed, - (i.e. REST APIs, Horizon Web Server, SSH, and SNMP), typically 1GE. - - Only Controller type nodes are required to be connected to the OAM - Network. - -**Management Network** - A private network (i.e. not connected externally), tipically 10GE, - used for the following: - - - Internal OpenStack / StarlingX monitoring and control. - - VM I/O access to a storage cluster. - - All nodes are required to be connected to the Management Network. - -**Data Network(s)** - Networks on which the OpenStack / Neutron Provider Networks are realized - and become the VM Tenant Networks. - - Only Compute type and All-in-One type nodes are required to be connected - to the Data Network(s); these node types require one or more interface(s) - on the Data Network(s). - -**IPMI Network** - An optional network on which IPMI interfaces of all nodes are connected. - The network must be reachable using L3/IP from the Controller's OAM - Interfaces. - - You can optionally connect all node types to the IPMI Network. - -**PXEBoot Network** - An optional network for Controllers to boot/install other nodes over the - network. - - By default, Controllers use the Management Network for boot/install of other - nodes in the openstack cloud. If this optional network is used, all node - types are required to be connected to the PXEBoot Network. - - A PXEBoot network is required for a variety of special case situations: - - - Cases where the Management Network must be IPv6: - - - IPv6 does not support PXEBoot. Therefore, IPv4 PXEBoot network must be - configured. - - - Cases where the Management Network must be VLAN tagged: - - - Most Server's BIOS do not support PXEBooting over tagged networks. - Therefore, you must configure an untagged PXEBoot network. - - - Cases where a Management Network must be shared across regions but - individual regions' Controllers want to only network boot/install nodes - of their own region: - - - You must configure separate, per-region PXEBoot Networks. - -**Infra Network** - A deprecated optional network that was historically used for access to the - Storage cluster. - - If this optional network is used, all node types are required to be - connected to the INFRA Network, - -**Node Interfaces** - All Nodes' Network Interfaces can, in general, optionally be either: - - - Untagged single port. - - Untagged two-port LAG and optionally split between redudant L2 Switches - running vPC (Virtual Port-Channel), also known as multichassis - EtherChannel (MEC). - - VLAN on either single-port ETH interface or two-port LAG interface. - -.. _incl-common-deployment-terminology-end: diff --git a/doc/source/installation_guide/index.rst b/doc/source/installation_guide/index.rst index 5e19d0454..d8a1a0ad1 100644 --- a/doc/source/installation_guide/index.rst +++ b/doc/source/installation_guide/index.rst @@ -1,287 +1,38 @@ -================== -Installation Guide -================== +=================== +Installation guides +=================== ------ -Intro ------ - -StarlingX may be installed in: - -- **Bare Metal**: Real deployments of StarlingX are only supported on - physical servers. -- **Virtual Environment**: It should only be used for evaluation or - development purposes. - - -StarlingX installed in virtual environments has two options: - -- :ref:`Libvirt/QEMU ` -- VirtualBox - ------------- -Requirements ------------- - -Different use cases require different configurations. - -********** -Bare Metal -********** - -The minimum requirements for the physical servers where StarlingX might -be deployed, include: - -- **Controller Hosts** - - - Minimum Processor is: - - - Dual-CPU Intel® Xeon® E5 26xx Family (SandyBridge) 8 - cores/socket - - - Minimum Memory: 64 GB - - Hard Drives: - - - Primary Hard Drive, minimum 500 GB for OS and system databases. - - Secondary Hard Drive, minimum 500 GB for persistent VM storage. - - - 2 physical Ethernet interfaces: OAM and MGMT Network. - - USB boot support. - - PXE boot support. - -- **Storage Hosts** - - - Minimum Processor is: - - - Dual-CPU Intel® Xeon® E5 26xx Family (SandyBridge) 8 - cores/socket. - - - Minimum Memory: 64 GB. - - Hard Drives: - - - Primary Hard Drive, minimum 500 GB for OS. - - 1 or more additional Hard Drives for CEPH OSD storage, and - - Optionally 1 or more SSD or NVMe Drives for CEPH Journals. - - - 1 physical Ethernet interface: MGMT Network - - PXE boot support. - -- **Compute Hosts** - - - Minimum Processor is: - - - Dual-CPU Intel® Xeon® E5 26xx Family (SandyBridge) 8 - cores/socket. - - - Minimum Memory: 32 GB. - - Hard Drives: - - - Primary Hard Drive, minimum 500 GB for OS. - - 1 or more additional Hard Drives for ephemeral VM Storage. - - - 2 or more physical Ethernet interfaces: MGMT Network and 1 or more - Provider Networks. - - PXE boot support. - -- **All-In-One Simplex or Duplex, Controller + Compute Hosts** - - - Minimum Processor is: - - - Typical Hardware Form Factor: - - - Dual-CPU Intel® Xeon® E5 26xx Family (SandyBridge) 8 cores/socket - - Low Cost / Low Power Hardware Form Factor - - - Single-CPU Intel Xeon D-15xx Family, 8 cores - - - Minimum Memory: 64 GB. - - Hard Drives: - - - Primary Hard Drive, minimum 500 GB SDD or NVMe. - - 0 or more 500 GB disks (min. 10K RPM). - - - Network Ports: - - **NOTE:** Duplex and Simplex configurations require one or more data - ports. - The Duplex configuration requires a management port. - - - Management: 10GE (Duplex only) - - OAM: 10GE - - Data: n x 10GE - -The recommended minimum requirements for the physical servers are -described later in each StarlingX Deployment Options guide. - -^^^^^^^^^^^^^^^^^^^^^^^^ -NVMe Drive as Boot Drive -^^^^^^^^^^^^^^^^^^^^^^^^ - -To use a Non-Volatile Memory Express (NVMe) drive as the boot drive for any of -your nodes, you must configure your host and adjust kernel parameters during -installation: - -- Configure the host to be in UEFI mode. -- Edit the kernel boot parameter. After you are presented with the StarlingX - ISO boot options and after you have selected the preferred installation option - (e.g. Standard Configuration / All-in-One Controller Configuration), press the - TAB key to edit the Kernel boot parameters. Modify the **boot_device** and - **rootfs_device** from the default **sda** so that it is the correct device - name for the NVMe drive (e.g. "nvme0n1"). - - :: - - vmlinuz rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot - inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=nvme0n1 - rootfs_device=nvme0n1 biosdevname=0 usbcore.autosuspend=-1 inst.gpt - security_profile=standard user_namespace.enable=1 initrd=initrd.img - - -******************* -Virtual Environment -******************* - -The recommended minimum requirements for the workstation, hosting the -Virtual Machine(s) where StarlingX will be deployed, include: - -^^^^^^^^^^^^^^^^^^^^^ -Hardware Requirements -^^^^^^^^^^^^^^^^^^^^^ - -A workstation computer with: - -- Processor: x86_64 only supported architecture with BIOS enabled - hardware virtualization extensions -- Cores: 8 (4 with careful monitoring of cpu load) -- Memory: At least 32GB RAM -- Hard Disk: 500GB HDD -- Network: Two network adapters with active Internet connection - -^^^^^^^^^^^^^^^^^^^^^ -Software Requirements -^^^^^^^^^^^^^^^^^^^^^ - -A workstation computer with: - -- Operating System: Freshly installed Ubuntu 16.04 LTS 64-bit -- Proxy settings configured (if applies) -- Git -- KVM/VirtManager -- Libvirt Library -- QEMU Full System Emulation Binaries -- stx-tools project -- StarlingX ISO Image - -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Deployment Environment Setup -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -This section describes how to set up the workstation computer which will -host the Virtual Machine(s) where StarlingX will be deployed. - -'''''''''''''''''''''''''''''' -Updating Your Operating System -'''''''''''''''''''''''''''''' - -Before proceeding with the build, ensure your OS is up to date. You’ll -first need to update the local database list of available packages: - -:: - - $ sudo apt-get update - -''''''''''''''''''''''''' -Install stx-tools project -''''''''''''''''''''''''' - -Clone the stx-tools project. Usually you’ll want to clone it under your -user’s home directory. - -:: - - $ cd $HOME - $ git clone https://git.starlingx.io/stx-tools - - -'''''''''''''''''''''''''''''''''''''''' -Installing Requirements and Dependencies -'''''''''''''''''''''''''''''''''''''''' - -Navigate to the stx-tools installation libvirt directory: - -:: - - $ cd $HOME/stx-tools/deployment/libvirt/ - - -Install the required packages: - -:: - - $ bash install_packages.sh - - -'''''''''''''''''' -Disabling Firewall -'''''''''''''''''' - -Unload firewall and disable firewall on boot: - -:: - - $ sudo ufw disable - Firewall stopped and disabled on system startup - $ sudo ufw status - Status: inactive - - -------------------------------- -Getting the StarlingX ISO Image -------------------------------- - -Follow the instructions from the :ref:`developer-guide` to build a -StarlingX ISO image. - - -********** -Bare Metal -********** - -A bootable USB flash drive containing StarlingX ISO image. - - -******************* -Virtual Environment -******************* - -Copy the StarlingX ISO Image to the stx-tools deployment libvirt project -directory: - -:: - - $ cp $HOME/stx-tools/deployment/libvirt/ - - ------------------- -Deployment Options ------------------- - -- Standard Controller - - - :ref:`StarlingX Cloud with Dedicated Storage ` - - :ref:`StarlingX Cloud with Controller Storage ` - -- All-in-one - - - :ref:`StarlingX Cloud Duplex ` - - :ref:`StarlingX Cloud Simplex ` +Installation steps for StarlingX are release specific. To install the +latest release of StarlingX, use the :doc:`/installation_guide/2018_10/index`. +To install a previous release of StarlingX, use the installation guide +for your specific release: .. toctree:: - :hidden: + :maxdepth: 1 - installation_libvirt_qemu - controller_storage - dedicated_storage - duplex - simplex + /installation_guide/latest/index + /installation_guide/2018_10/index + +.. How to add a new release (installer and developer guides): + 1. Archive previous release + 1. Rename old 'latest' folder to the release name e.g. Year_Month + 2. Update links in old 'latest' to use new path e.g. + :doc:`Libvirt/QEMU ` + becomes + :doc:`Libvirt/QEMU ` + 2. Add new release + 1. Add a new 'latest' dir and add the new version - likely this will be a copy of the previous version, with updates applied + 2. Make sure the new files have the correct version in the page title and intro sentence e.g. '2018.10.rc1 Installation Guide' + 3. Make sure all files in new 'latest' link to the correct versions of supporting docs (do this via doc link, so that it goes to top of page e.g. :doc:`/installation_guide/latest/index`) + 4. Make sure the new release index is labeled with the correct version name e.g + .. _index-2019-05: + 3. Add the archived version to the toctree on this page + 4. If adding a new version *before* it is available (e.g. to begin work on new docs), + make sure page text still directs user to the *actual* current release, not the + future-not-yet-released version. + 5. When the release is *actually* available, make sure to update these pages: + - index + - installation guide + - developer guide + - release notes diff --git a/doc/source/installation_guide/latest/controller_storage.rst b/doc/source/installation_guide/latest/controller_storage.rst new file mode 100644 index 000000000..1e8dc4912 --- /dev/null +++ b/doc/source/installation_guide/latest/controller_storage.rst @@ -0,0 +1,974 @@ +=============================================== +Controller storage deployment guide stx.2019.05 +=============================================== + +.. contents:: + :local: + :depth: 1 + +**NOTE:** The instructions to setup a StarlingX Cloud with Controller +Storage with containerized openstack services in this guide +are under development. +For approved instructions, see the +`StarlingX Cloud with Controller Storage wiki page `__. + +---------------------- +Deployment description +---------------------- + +The Controller Storage deployment option provides a 2x node high availability +controller / storage cluster with: + +- A pool of up to seven compute nodes (pool size limit due to the capacity of + the storage function). +- A growth path for storage to the full standard solution with an independent + CEPH storage cluster. +- High availability services runnning across the controller nodes in either + active/active or active/standby mode. +- Storage function running on top of LVM on single second disk, DRBD-sync'd + between the controller nodes. + +.. figure:: figures/starlingx-deployment-options-controller-storage.png + :scale: 50% + :alt: Controller Storage deployment configuration + + *Controller Storage deployment configuration* + +A Controller Storage deployment provides protection against overall controller +node and compute node failure: + +- On overall controller node failure, all controller high availability services + go active on the remaining healthy controller node. +- On overall compute node failure, virtual machines on failed compute node are + recovered on the remaining healthy compute nodes. + +------------------------------------ +Preparing controller storage servers +------------------------------------ + +********** +Bare metal +********** + +Required servers: + +- Controllers: 2 +- Computes: 2 - 100 + +^^^^^^^^^^^^^^^^^^^^^ +Hardware requirements +^^^^^^^^^^^^^^^^^^^^^ + +The recommended minimum requirements for the physical servers where +Controller Storage will be deployed, include: + +- Minimum processor: + + - Dual-CPU Intel® Xeon® E5 26xx family (SandyBridge) 8 cores/socket + +- Memory: + + - 64 GB controller + - 32 GB compute + +- BIOS: + + - Hyper-Threading technology: Enabled + - Virtualization technology: Enabled + - VT for directed I/O: Enabled + - CPU power and performance policy: Performance + - CPU C state control: Disabled + - Plug & play BMC detection: Disabled + +- Primary disk: + + - 500 GB SDD or NVMe controller + - 120 GB (min. 10K RPM) compute + +- Additional disks: + + - 1 or more 500 GB disks (min. 10K RPM) compute + +- Network ports\* + + - Management: 10GE controller, compute + - OAM: 10GE controller + - Data: n x 10GE compute + +******************* +Virtual environment +******************* + +Run the libvirt qemu setup scripts. Setting up virtualized OAM and +management networks: + +:: + + $ bash setup_network.sh + +Building XML for definition of virtual servers: + +:: + + $ bash setup_configuration.sh -c controllerstorage -i + +The default XML server definitions that are created by the previous script +are: + +- controllerstorage-controller-0 +- controllerstorage-controller-1 +- controllerstorage-compute-0 +- controllerstorage-compute-1 + +^^^^^^^^^^^^^^^^^^^^^^^^^ +Power up a virtual server +^^^^^^^^^^^^^^^^^^^^^^^^^ + +To power up a virtual server, run the following command: + +:: + + $ sudo virsh start + +e.g. + +:: + + $ sudo virsh start controllerstorage-controller-0 + +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Access virtual server consoles +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The XML for virtual servers in stx-tools repo, deployment/libvirt, +provides both graphical and text consoles. + +Access the graphical console in virt-manager by right-click on the +domain (the server) and selecting "Open". + +Access the textual console with the command "virsh console $DOMAIN", +where DOMAIN is the name of the server shown in virsh. + +When booting the controller-0 for the first time, both the serial and +graphical consoles will present the initial configuration menu for the +cluster. One can select serial or graphical console for controller-0. +For the other nodes however only serial is used, regardless of which +option is selected. + +Open the graphic console on all servers before powering them on to +observe the boot device selection and PXI boot progress. Run "virsh +console $DOMAIN" command promptly after power on to see the initial boot +sequence which follows the boot device selection. One has a few seconds +to do this. + +-------------------------------- +Installing the controller-0 host +-------------------------------- + +Installing controller-0 involves initializing a host with software and +then applying a bootstrap configuration from the command line. The +configured bootstrapped host becomes controller-0. + +Procedure: + +#. Power on the server that will be controller-0 with the StarlingX ISO + on a USB in a bootable USB slot. +#. Configure the controller using the config_controller script. + +************************* +Initializing controller-0 +************************* + +This section describes how to initialize StarlingX in host controller-0. +Except where noted, all the commands must be executed from a console of +the host. + +Power on the host to be configured as controller-0, with the StarlingX +ISO on a USB in a bootable USB slot. Wait for the console to show the +StarlingX ISO booting options: + +- **Standard Controller Configuration** + + - When the installer is loaded and the installer welcome screen + appears in the controller-0 host, select the type of installation + "Standard Controller Configuration". + +- **Graphical Console** + + - Select the "Graphical Console" as the console to use during + installation. + +- **Standard Security Boot Profile** + + - Select "Standard Security Boot Profile" as the security profile. + +Monitor the initialization. When it is complete, a reboot is initiated +on the controller-0 host, briefly displays a GNU GRUB screen, and then +boots automatically into the StarlingX image. + +Log into controller-0 as user wrsroot, with password wrsroot. The +first time you log in as wrsroot, you are required to change your +password. Enter the current password (wrsroot): + +:: + + Changing password for wrsroot. + (current) UNIX Password: + +Enter a new password for the wrsroot account: + +:: + + New password: + +Enter the new password again to confirm it: + +:: + + Retype new password: + +controller-0 is initialized with StarlingX, and is ready for configuration. + +************************ +Configuring controller-0 +************************ + +This section describes how to perform the controller-0 configuration +interactively just to bootstrap system with minimum critical data. +Except where noted, all the commands must be executed from the console +of the active controller (here assumed to be controller-0). + +When run interactively, the config_controller script presents a series +of prompts for initial configuration of StarlingX: + +- For the virtual environment, you can accept all the default values + immediately after ‘system date and time’. +- For a physical deployment, answer the bootstrap configuration + questions with answers applicable to your particular physical setup. + +The script is used to configure the first controller in the StarlingX +cluster as controller-0. The prompts are grouped by configuration +area. To start the script interactively, use the following command +with no parameters: + +:: + + controller-0:~$ sudo config_controller + System Configuration + ================ + Enter ! at any prompt to abort... + ... + +Accept all the default values immediately after ‘system date and time’. + +:: + + ... + Applying configuration (this will take several minutes): + + 01/08: Creating bootstrap configuration ... DONE + 02/08: Applying bootstrap manifest ... DONE + 03/08: Persisting local configuration ... DONE + 04/08: Populating initial system inventory ... DONE + 05:08: Creating system configuration ... DONE + 06:08: Applying controller manifest ... DONE + 07:08: Finalize controller configuration ... DONE + 08:08: Waiting for service activation ... DONE + + Configuration was applied + + Please complete any out of service commissioning steps with system commands and unlock controller to proceed. + +After config_controller bootstrap configuration, REST API, CLI and +Horizon interfaces are enabled on the controller-0 OAM IP address. The +remaining installation instructions will use the CLI. + +------------------------------------ +Provisioning controller-0 and system +------------------------------------ + +On controller-0, acquire Keystone administrative privileges: + +:: + + controller-0:~$ source /etc/nova/openrc + +********************************************* +Configuring provider networks at installation +********************************************* + +You must set up provider networks at installation so that you can attach +data interfaces and unlock the compute nodes. + +Set up one provider network of the vlan type, named providernet-a: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ neutron providernet-create providernet-a --type=vlan + [wrsroot@controller-0 ~(keystone_admin)]$ neutron providernet-range-create --name providernet-a-range1 --range 100-400 providernet-a + +************************************* +Configuring Cinder on controller disk +************************************* + +Review the available disk space and capacity and obtain the uuid of the +physical disk: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-list controller-0 + +--------------------------------------+-----------+---------+---------+-------+------------+--------------+... + | uuid | device_no | device_ | device_ | size_ | available_ | rpm |... + | | de | num | type | gib | gib | |... + +--------------------------------------+-----------+---------+---------+-------+------------+--------------+... + | 004f4c09-2f61-46c5-8def-99b2bdeed83c | /dev/sda | 2048 | HDD | 200.0 | 0.0 | |... + | 89694799-0dd8-4532-8636-c0d8aabfe215 | /dev/sdb | 2064 | HDD | 200.0 | 199.997 | |... + +--------------------------------------+-----------+---------+---------+-------+------------+--------------+... + +Create the 'cinder-volumes' local volume group: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-lvg-add controller-0 cinder-volumes + +-----------------+--------------------------------------+ + | Property | Value | + +-----------------+--------------------------------------+ + | lvm_vg_name | cinder-volumes | + | vg_state | adding | + | uuid | ece4c755-241c-4363-958e-85e9e3d12917 | + | ihost_uuid | 150284e2-fb60-4169-ae75-7f444b8ca9bf | + | lvm_vg_access | None | + | lvm_max_lv | 0 | + | lvm_cur_lv | 0 | + | lvm_max_pv | 0 | + | lvm_cur_pv | 0 | + | lvm_vg_size_gib | 0.00 | + | lvm_vg_total_pe | 0 | + | lvm_vg_free_pe | 0 | + | created_at | 2018-08-22T03:59:30.685718+00:00 | + | updated_at | None | + | parameters | {u'lvm_type': u'thin'} | + +-----------------+--------------------------------------+ + +Create a disk partition to add to the volume group: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-partition-add controller-0 89694799-0dd8-4532-8636-c0d8aabfe215 199 -t lvm_phys_vol + +-------------+--------------------------------------------------+ + | Property | Value | + +-------------+--------------------------------------------------+ + | device_path | /dev/disk/by-path/pci-0000:00:03.0-ata-2.0-part1 | + | device_node | /dev/sdb1 | + | type_guid | ba5eba11-0000-1111-2222-000000000001 | + | type_name | None | + | start_mib | None | + | end_mib | None | + | size_mib | 203776 | + | uuid | 9ba2d76a-6ae2-4bfa-ad48-57b62d102e80 | + | ihost_uuid | 150284e2-fb60-4169-ae75-7f444b8ca9bf | + | idisk_uuid | 89694799-0dd8-4532-8636-c0d8aabfe215 | + | ipv_uuid | None | + | status | Creating | + | created_at | 2018-08-22T04:03:40.761221+00:00 | + | updated_at | None | + +-------------+--------------------------------------------------+ + +Wait for the new partition to be created (i.e. status=Ready): + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-partition-list controller-0 --disk 89694799-0dd8-4532-8636-c0d8aabfe215 + +--------------------------------------+...+------------+...+---------------------+----------+--------+ + | uuid |...| device_nod |...| type_name | size_mib | status | + | |...| e |...| | | | + +--------------------------------------+...+------------+...+---------------------+----------+--------+ + | 9ba2d76a-6ae2-4bfa-ad48-57b62d102e80 |...| /dev/sdb1 |...| LVM Physical Volume | 199.0 | Ready | + | |...| |...| | | | + | |...| |...| | | | + +--------------------------------------+...+------------+...+---------------------+----------+--------+ + +Add the partition to the volume group: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-pv-add controller-0 cinder-volumes 9ba2d76a-6ae2-4bfa-ad48-57b62d102e80 + +--------------------------+--------------------------------------------------+ + | Property | Value | + +--------------------------+--------------------------------------------------+ + | uuid | 060dc47e-bc17-40f4-8f09-5326ef0e86a5 | + | pv_state | adding | + | pv_type | partition | + | disk_or_part_uuid | 9ba2d76a-6ae2-4bfa-ad48-57b62d102e80 | + | disk_or_part_device_node | /dev/sdb1 | + | disk_or_part_device_path | /dev/disk/by-path/pci-0000:00:03.0-ata-2.0-part1 | + | lvm_pv_name | /dev/sdb1 | + | lvm_vg_name | cinder-volumes | + | lvm_pv_uuid | None | + | lvm_pv_size_gib | 0.0 | + | lvm_pe_total | 0 | + | lvm_pe_alloced | 0 | + | ihost_uuid | 150284e2-fb60-4169-ae75-7f444b8ca9bf | + | created_at | 2018-08-22T04:06:54.008632+00:00 | + | updated_at | None | + +--------------------------+--------------------------------------------------+ + +Enable LVM backend: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system storage-backend-add lvm -s cinder --confirmed + +Wait for the storage backend to leave "configuring" state. Confirm LVM +backend storage is configured: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system storage-backend-list + +--------------------------------------+------------+---------+------------+------+----------+... + | uuid | name | backend | state | task | services |... + +--------------------------------------+------------+---------+------------+------+----------+... + | 1daf3e5b-4122-459f-9dba-d2e92896e718 | file-store | file | configured | None | glance |... + | a4607355-be7e-4c5c-bf87-c71a0e2ad380 | lvm-store | lvm | configured | None | cinder |... + +--------------------------------------+------------+---------+------------+------+----------+... + +********************** +Unlocking controller-0 +********************** + +You must unlock controller-0 so that you can use it to install the +remaining hosts. On controller-0, acquire Keystone administrative +privileges. Use the system host-unlock command: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-unlock controller-0 + +The host is rebooted. During the reboot, the command line is +unavailable, and any ssh connections are dropped. To monitor the +progress of the reboot, use the controller-0 console. + +**************************************** +Verifying the controller-0 configuration +**************************************** + +On controller-0, acquire Keystone administrative privileges: + +:: + + controller-0:~$ source /etc/nova/openrc + +Verify that the StarlingX controller services are running: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system service-list + +-----+-------------------------------+--------------+----------------+ + | id | service_name | hostname | state | + +-----+-------------------------------+--------------+----------------+ + ... + | 1 | oam-ip | controller-0 | enabled-active | + | 2 | management-ip | controller-0 | enabled-active | + ... + +-----+-------------------------------+--------------+----------------+ + +Verify that controller-0 is unlocked, enabled, and available: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-list + +----+--------------+-------------+----------------+-------------+--------------+ + | id | hostname | personality | administrative | operational | availability | + +----+--------------+-------------+----------------+-------------+--------------+ + | 1 | controller-0 | controller | unlocked | enabled | available | + +----+--------------+-------------+----------------+-------------+--------------+ + +--------------------------------------- +Installing controller-1 / compute hosts +--------------------------------------- + +After initializing and configuring an active controller, you can add and +configure a backup controller and additional compute hosts. For each +host do the following: + +***************** +Initializing host +***************** + +Power on Host. In host console you will see: + +:: + + Waiting for this node to be configured. + + Please configure the personality for this node from the + controller node in order to proceed. + +*************************************** +Updating host hostname and personality +*************************************** + +On controller-0, acquire Keystone administrative privileges: + +:: + + controller-0:~$ source /etc/nova/openrc + +Wait for controller-0 to discover new host, list the host until new +UNKNOWN host shows up in table: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-list + +----+--------------+-------------+----------------+-------------+--------------+ + | id | hostname | personality | administrative | operational | availability | + +----+--------------+-------------+----------------+-------------+--------------+ + | 1 | controller-0 | controller | unlocked | enabled | available | + | 2 | None | None | locked | disabled | offline | + +----+--------------+-------------+----------------+-------------+--------------+ + +Use the system host-update to update host personality attribute: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-update 2 personality=controller hostname=controller-1 + +Or for compute-0: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-update 3 personality=compute hostname=compute-0 + +See also: 'system help host-update'. + +Unless it is known that the host's configuration can support the installation of +more than one node, it is recommended that the installation and configuration of +each node be serialized. For example, if the entire cluster has its virtual +disks hosted on the host's root disk which happens to be a single rotational +type hard disk, then the host cannot (reliably) support parallel node +installation. + +*************** +Monitoring host +*************** + +On controller-0, you can monitor the installation progress by running the system +host-show command for the host periodically. Progress is shown in the +install_state field: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-show | grep install + | install_output | text | + | install_state | booting | + | install_state_info | None | + +Wait while the host is configured and rebooted. Up to 20 minutes may be required +for a reboot, depending on hardware. When the reboot is complete, the host is +reported as locked, disabled, and online. + +************* +Listing hosts +************* + +Once all nodes have been installed, configured and rebooted, on controller-0 +list the hosts: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-list + +----+--------------+-------------+----------------+-------------+--------------+ + | id | hostname | personality | administrative | operational | availability | + +----+--------------+-------------+----------------+-------------+--------------+ + | 1 | controller-0 | controller | unlocked | enabled | available | + | 2 | controller-1 | controller | locked | disabled | online | + | 3 | compute-0 | compute | locked | disabled | online | + | 4 | compute-1 | compute | locked | disabled | online | + +----+--------------+-------------+----------------+-------------+--------------+ + +------------------------- +Provisioning controller-1 +------------------------- + +On controller-0, list hosts: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-list + +----+--------------+-------------+----------------+-------------+--------------+ + | id | hostname | personality | administrative | operational | availability | + +----+--------------+-------------+----------------+-------------+--------------+ + ... + | 2 | controller-1 | controller | locked | disabled | online | + ... + +----+--------------+-------------+----------------+-------------+--------------+ + +*********************************************** +Provisioning network interfaces on controller-1 +*********************************************** + +In order to list out hardware port names, types, PCI addresses that have +been discovered: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-port-list controller-1 + +Provision the OAM interface for controller-1: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-if-modify -n -c platform --networks oam controller-1 + +************************************ +Provisioning storage on controller-1 +************************************ + +Review the available disk space and capacity and obtain the uuid of the +physical disk: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-list controller-1 + +--------------------------------------+-----------+---------+---------+-------+------------+ + | uuid | device_no | device_ | device_ | size_ | available_ | + | | de | num | type | gib | gib | + +--------------------------------------+-----------+---------+---------+-------+------------+ + | f7ce53db-7843-457e-8422-3c8f9970b4f2 | /dev/sda | 2048 | HDD | 200.0 | 0.0 | + | 70b83394-968e-4f0d-8a99-7985cd282a21 | /dev/sdb | 2064 | HDD | 200.0 | 199.997 | + +--------------------------------------+-----------+---------+---------+-------+------------+ + +Assign Cinder storage to the physical disk: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-lvg-add controller-1 cinder-volumes + +-----------------+--------------------------------------+ + | Property | Value | + +-----------------+--------------------------------------+ + | lvm_vg_name | cinder-volumes | + | vg_state | adding | + | uuid | 22d8b94a-200a-4fd5-b1f5-7015ddf10d0b | + | ihost_uuid | 06827025-eacb-45e6-bb88-1a649f7404ec | + | lvm_vg_access | None | + | lvm_max_lv | 0 | + | lvm_cur_lv | 0 | + | lvm_max_pv | 0 | + | lvm_cur_pv | 0 | + | lvm_vg_size_gib | 0.00 | + | lvm_vg_total_pe | 0 | + | lvm_vg_free_pe | 0 | + | created_at | 2018-08-22T05:33:44.608913+00:00 | + | updated_at | None | + | parameters | {u'lvm_type': u'thin'} | + +-----------------+--------------------------------------+ + +Create a disk partition to add to the volume group based on uuid of the +physical disk: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-partition-add controller-1 70b83394-968e-4f0d-8a99-7985cd282a21 199 -t lvm_phys_vol + +-------------+--------------------------------------------------+ + | Property | Value | + +-------------+--------------------------------------------------+ + | device_path | /dev/disk/by-path/pci-0000:00:03.0-ata-2.0-part1 | + | device_node | /dev/sdb1 | + | type_guid | ba5eba11-0000-1111-2222-000000000001 | + | type_name | None | + | start_mib | None | + | end_mib | None | + | size_mib | 203776 | + | uuid | 16a1c5cb-620c-47a3-be4b-022eafd122ee | + | ihost_uuid | 06827025-eacb-45e6-bb88-1a649f7404ec | + | idisk_uuid | 70b83394-968e-4f0d-8a99-7985cd282a21 | + | ipv_uuid | None | + | status | Creating (on unlock) | + | created_at | 2018-08-22T05:36:42.123770+00:00 | + | updated_at | None | + +-------------+--------------------------------------------------+ + +Wait for the new partition to be created (i.e. status=Ready): + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-partition-list controller-1 --disk 70b83394-968e-4f0d-8a99-7985cd282a21 + +--------------------------------------+...+------------+...+-------+--------+----------------------+ + | uuid |...| device_nod | ... | size_g | status | + | |...| e | ... | ib | | + +--------------------------------------+...+------------+ ... +--------+----------------------+ + | 16a1c5cb-620c-47a3-be4b-022eafd122ee |...| /dev/sdb1 | ... | 199.0 | Creating (on unlock) | + | |...| | ... | | | + | |...| | ... | | | + +--------------------------------------+...+------------+...+--------+----------------------+ + +Add the partition to the volume group: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-pv-add controller-1 cinder-volumes 16a1c5cb-620c-47a3-be4b-022eafd122ee + +--------------------------+--------------------------------------------------+ + | Property | Value | + +--------------------------+--------------------------------------------------+ + | uuid | 01d79ed2-717f-428e-b9bc-23894203b35b | + | pv_state | adding | + | pv_type | partition | + | disk_or_part_uuid | 16a1c5cb-620c-47a3-be4b-022eafd122ee | + | disk_or_part_device_node | /dev/sdb1 | + | disk_or_part_device_path | /dev/disk/by-path/pci-0000:00:03.0-ata-2.0-part1 | + | lvm_pv_name | /dev/sdb1 | + | lvm_vg_name | cinder-volumes | + | lvm_pv_uuid | None | + | lvm_pv_size_gib | 0.0 | + | lvm_pe_total | 0 | + | lvm_pe_alloced | 0 | + | ihost_uuid | 06827025-eacb-45e6-bb88-1a649f7404ec | + | created_at | 2018-08-22T05:44:34.715289+00:00 | + | updated_at | None | + +--------------------------+--------------------------------------------------+ + +********************** +Unlocking controller-1 +********************** + +Unlock controller-1: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-unlock controller-1 + +Wait while the controller-1 is rebooted. Up to 10 minutes may be required for a +reboot, depending on hardware. + +**REMARK:** controller-1 will remain in 'degraded' state until data-syncing is +complete. The duration is dependant on the virtualization host's configuration - +i.e., the number and configuration of physical disks used to host the nodes' +virtual disks. Also, the management network is expected to have link capacity of +10000 (1000 is not supported due to excessive data-sync time). Use +'fm alarm-list' to confirm status. + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-list + +----+--------------+-------------+----------------+-------------+--------------+ + | id | hostname | personality | administrative | operational | availability | + +----+--------------+-------------+----------------+-------------+--------------+ + | 1 | controller-0 | controller | unlocked | enabled | available | + | 2 | controller-1 | controller | unlocked | enabled | available | + ... + +--------------------------- +Provisioning a compute host +--------------------------- + +You must configure the network interfaces and the storage disks on a +host before you can unlock it. For each compute host do the following: + +On controller-0, acquire Keystone administrative privileges: + +:: + + controller-0:~$ source /etc/nova/openrc + +************************************************* +Provisioning network interfaces on a compute host +************************************************* + +On controller-0, in order to list out hardware port names, types, +pci-addresses that have been discovered: + +- **Only in virtual environment**: Ensure that the interface used is + one of those attached to host bridge with model type "virtio" (i.e., + eth1000 and eth1001). The model type "e1000" emulated devices will + not work for provider networks: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-port-list compute-0 + +Provision the data interface for compute: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-if-modify -p providernet-a -c data compute-0 eth1000 + +*************************** +VSwitch virtual environment +*************************** + +**Only in virtual environment**. If the compute has more than 4 cpus, the system +will auto-configure the vswitch to use 2 cores. However some virtual +environments do not properly support multi-queue required in a multi-CPU +environment. Therefore run the following command to reduce the vswitch cores to +1: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-cpu-modify compute-0 -f vswitch -p0 1 + +--------------------------------------+-------+-----------+-------+--------+... + | uuid | log_c | processor | phy_c | thread |... + | | ore | | ore | |... + +--------------------------------------+-------+-----------+-------+--------+... + | a3b5620c-28b1-4fe0-9e97-82950d8582c2 | 0 | 0 | 0 | 0 |... + | f2e91c2b-bfc5-4f2a-9434-bceb7e5722c3 | 1 | 0 | 1 | 0 |... + | 18a98743-fdc4-4c0c-990f-3c1cb2df8cb3 | 2 | 0 | 2 | 0 |... + | 690d25d2-4f99-4ba1-a9ba-0484eec21cc7 | 3 | 0 | 3 | 0 |... + +--------------------------------------+-------+-----------+-------+--------+... + +************************************** +Provisioning storage on a compute host +************************************** + +Review the available disk space and capacity and obtain the uuid(s) of +the physical disk(s) to be used for nova local: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-list compute-0 + +--------------------------------------+-----------+---------+---------+-------+------------+... + | uuid | device_no | device_ | device_ | size_ | available_ |... + | | de | num | type | gib | gib |... + +--------------------------------------+-----------+---------+---------+-------+------------+... + | 8a9d2c09-d3a7-4781-bd06-f7abf603713a | /dev/sda | 2048 | HDD | 200.0 | 172.164 |... + | 5ad61bd1-795a-4a76-96ce-39433ef55ca5 | /dev/sdb | 2064 | HDD | 200.0 | 199.997 |... + +--------------------------------------+-----------+---------+---------+-------+------------+... + +Create the 'nova-local' local volume group: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-lvg-add compute-0 nova-local + +-----------------+-------------------------------------------------------------------+ + | Property | Value | + +-----------------+-------------------------------------------------------------------+ + | lvm_vg_name | nova-local | + | vg_state | adding | + | uuid | 18898640-c8b7-4bbd-a323-4bf3e35fee4d | + | ihost_uuid | da1cbe93-cec5-4f64-b211-b277e4860ab3 | + | lvm_vg_access | None | + | lvm_max_lv | 0 | + | lvm_cur_lv | 0 | + | lvm_max_pv | 0 | + | lvm_cur_pv | 0 | + | lvm_vg_size_gib | 0.00 | + | lvm_vg_total_pe | 0 | + | lvm_vg_free_pe | 0 | + | created_at | 2018-08-22T08:00:51.945160+00:00 | + | updated_at | None | + | parameters | {u'concurrent_disk_operations': 2, u'instance_backing': u'image'} | + +-----------------+-------------------------------------------------------------------+ + +Create a disk partition to add to the volume group based on uuid of the +physical disk: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-pv-add compute-0 nova-local 5ad61bd1-795a-4a76-96ce-39433ef55ca5 + +--------------------------+--------------------------------------------+ + | Property | Value | + +--------------------------+--------------------------------------------+ + | uuid | 4c81745b-286a-4850-ba10-305e19cee78c | + | pv_state | adding | + | pv_type | disk | + | disk_or_part_uuid | 5ad61bd1-795a-4a76-96ce-39433ef55ca5 | + | disk_or_part_device_node | /dev/sdb | + | disk_or_part_device_path | /dev/disk/by-path/pci-0000:00:03.0-ata-2.0 | + | lvm_pv_name | /dev/sdb | + | lvm_vg_name | nova-local | + | lvm_pv_uuid | None | + | lvm_pv_size_gib | 0.0 | + | lvm_pe_total | 0 | + | lvm_pe_alloced | 0 | + | ihost_uuid | da1cbe93-cec5-4f64-b211-b277e4860ab3 | + | created_at | 2018-08-22T08:07:14.205690+00:00 | + | updated_at | None | + +--------------------------+--------------------------------------------+ + +Specify the local storage space as local copy-on-write image volumes in +nova-local: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-lvg-modify -b image -s 10240 compute-0 nova-local + +-----------------+-------------------------------------------------------------------+ + | Property | Value | + +-----------------+-------------------------------------------------------------------+ + | lvm_vg_name | nova-local | + | vg_state | adding | + | uuid | 18898640-c8b7-4bbd-a323-4bf3e35fee4d | + | ihost_uuid | da1cbe93-cec5-4f64-b211-b277e4860ab3 | + | lvm_vg_access | None | + | lvm_max_lv | 0 | + | lvm_cur_lv | 0 | + | lvm_max_pv | 0 | + | lvm_cur_pv | 0 | + | lvm_vg_size_gib | 0.00 | + | lvm_vg_total_pe | 0 | + | lvm_vg_free_pe | 0 | + | created_at | 2018-08-22T08:00:51.945160+00:00 | + | updated_at | None | + | parameters | {u'concurrent_disk_operations': 2, u'instance_backing': u'image'} | + +-----------------+-------------------------------------------------------------------+ + +************************ +Unlocking a compute host +************************ + +On controller-0, use the system host-unlock command to unlock the compute node: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-unlock compute-0 + +Wait while the compute node is rebooted. Up to 10 minutes may be +required for a reboot, depending on hardware. The host is rebooted, and +its availability state is reported as in-test, followed by +unlocked/enabled. + +------------------- +System health check +------------------- + +*********************** +Listing StarlingX nodes +*********************** + +On controller-0, after a few minutes, all nodes shall be reported as +unlocked, enabled, and available: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-list + +----+--------------+-------------+----------------+-------------+--------------+ + | id | hostname | personality | administrative | operational | availability | + +----+--------------+-------------+----------------+-------------+--------------+ + | 1 | controller-0 | controller | unlocked | enabled | available | + | 2 | controller-1 | controller | unlocked | enabled | available | + | 3 | compute-0 | compute | unlocked | enabled | available | + | 4 | compute-1 | compute | unlocked | enabled | available | + +----+--------------+-------------+----------------+-------------+--------------+ + +***************** +System alarm-list +***************** + +When all nodes are unlocked, enabled and available: check 'fm alarm-list' for +issues. + +Your StarlingX deployment is now up and running with 2x HA controllers with +Cinder storage, 2x computes, and all OpenStack services up and running. You can +now proceed with standard OpenStack APIs, CLIs and/or Horizon to load Glance +images, configure Nova Flavors, configure Neutron networks and launch Nova +virtual machines. + +---------------------- +Deployment terminology +---------------------- + +.. include:: deployment_terminology.rst + :start-after: incl-standard-controller-deployment-terminology: + :end-before: incl-standard-controller-deployment-terminology-end: + +.. include:: deployment_terminology.rst + :start-after: incl-common-deployment-terminology: + :end-before: incl-common-deployment-terminology-end: diff --git a/doc/source/installation_guide/latest/dedicated_storage.rst b/doc/source/installation_guide/latest/dedicated_storage.rst new file mode 100644 index 000000000..42efea424 --- /dev/null +++ b/doc/source/installation_guide/latest/dedicated_storage.rst @@ -0,0 +1,918 @@ +============================================== +Dedicated storage deployment guide stx.2019.05 +============================================== + +.. contents:: + :local: + :depth: 1 + +**NOTE:** The instructions to setup a StarlingX Cloud with Dedicated +Storage with containerized openstack services in this guide +are under development. +For approved instructions, see the +`StarlingX Cloud with Dedicated Storage wiki page `__. + +---------------------- +Deployment description +---------------------- + +Cloud with Dedicated Storage is the standard StarlingX deployment option with +independent controller, compute, and storage nodes. + +This deployment option provides the maximum capacity for a single region +deployment, with a supported growth path to a multi-region deployment option by +adding a secondary region. + +.. figure:: figures/starlingx-deployment-options-dedicated-storage.png + :scale: 50% + :alt: Dedicated Storage deployment configuration + + *Dedicated Storage deployment configuration* + +Cloud with Dedicated Storage includes: + +- 2x node HA controller cluster with HA services running across the controller + nodes in either active/active or active/standby mode. +- Pool of up to 100 compute nodes for hosting virtual machines and virtual + networks. +- 2-9x node HA CEPH storage cluster for hosting virtual volumes, images, and + object storage that supports a replication factor of 2 or 3. + + Storage nodes are deployed in replication groups of 2 or 3. Replication + of objects is done strictly within the replication group. + + Supports up to 4 groups of 2x storage nodes, or up to 3 groups of 3x storage + nodes. + +----------------------------------- +Preparing dedicated storage servers +----------------------------------- + +********** +Bare metal +********** + +Required Servers: + +- Controllers: 2 +- Storage + + - Replication factor of 2: 2 - 8 + - Replication factor of 3: 3 - 9 + +- Computes: 2 - 100 + +^^^^^^^^^^^^^^^^^^^^^ +Hardware requirements +^^^^^^^^^^^^^^^^^^^^^ + +The recommended minimum requirements for the physical servers where +Dedicated Storage will be deployed, include: + +- Minimum processor: + + - Dual-CPU Intel® Xeon® E5 26xx family (SandyBridge) 8 cores/socket + +- Memory: + + - 64 GB controller, storage + - 32 GB compute + +- BIOS: + + - Hyper-Threading technology: Enabled + - Virtualization technology: Enabled + - VT for directed I/O: Enabled + - CPU power and performance policy: Performance + - CPU C state control: Disabled + - Plug & play BMC detection: Disabled + +- Primary disk: + + - 500 GB SDD or NVMe controller + - 120 GB (min. 10K RPM) compute and storage + +- Additional disks: + + - 1 or more 500 GB disks (min. 10K RPM) storage, compute + +- Network ports\* + + - Management: 10GE controller, storage, compute + - OAM: 10GE controller + - Data: n x 10GE compute + +******************* +Virtual environment +******************* + +Run the libvirt qemu setup scripts. Setting up virtualized OAM and +management networks: + +:: + + $ bash setup_network.sh + +Building XML for definition of virtual servers: + +:: + + $ bash setup_configuration.sh -c dedicatedstorage -i + +The default XML server definitions that are created by the previous script +are: + +- dedicatedstorage-controller-0 +- dedicatedstorage-controller-1 +- dedicatedstorage-compute-0 +- dedicatedstorage-compute-1 +- dedicatedstorage-storage-0 +- dedicatedstorage-storage-1 + +^^^^^^^^^^^^^^^^^^^^^^^^^ +Power up a virtual server +^^^^^^^^^^^^^^^^^^^^^^^^^ + +To power up a virtual server, run the following command: + +:: + + $ sudo virsh start + +e.g. + +:: + + $ sudo virsh start dedicatedstorage-controller-0 + +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Access virtual server consoles +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The XML for virtual servers in stx-tools repo, deployment/libvirt, +provides both graphical and text consoles. + +Access the graphical console in virt-manager by right-click on the +domain (the server) and selecting "Open". + +Access the textual console with the command "virsh console $DOMAIN", +where DOMAIN is the name of the server shown in virsh. + +When booting the controller-0 for the first time, both the serial and +graphical consoles will present the initial configuration menu for the +cluster. One can select serial or graphical console for controller-0. +For the other nodes however only serial is used, regardless of which +option is selected. + +Open the graphic console on all servers before powering them on to +observe the boot device selection and PXI boot progress. Run "virsh +console $DOMAIN" command promptly after power on to see the initial boot +sequence which follows the boot device selection. One has a few seconds +to do this. + +-------------------------------- +Installing the controller-0 host +-------------------------------- + +Installing controller-0 involves initializing a host with software and +then applying a bootstrap configuration from the command line. The +configured bootstrapped host becomes controller-0. + +Procedure: + +#. Power on the server that will be controller-0 with the StarlingX ISO + on a USB in a bootable USB slot. +#. Configure the controller using the config_controller script. + +************************* +Initializing controller-0 +************************* + +This section describes how to initialize StarlingX in host controller-0. +Except where noted, all the commands must be executed from a console of +the host. + +Power on the host to be configured as controller-0, with the StarlingX +ISO on a USB in a bootable USB slot. Wait for the console to show the +StarlingX ISO booting options: + +- **Standard Controller Configuration** + + - When the installer is loaded and the installer welcome screen + appears in the controller-0 host, select the type of installation + "Standard Controller Configuration". + +- **Graphical Console** + + - Select the "Graphical Console" as the console to use during + installation. + +- **Standard Security Boot Profile** + + - Select "Standard Security Boot Profile" as the security profile. + +Monitor the initialization. When it is complete, a reboot is initiated +on the controller-0 host, briefly displays a GNU GRUB screen, and then +boots automatically into the StarlingX image. + +Log into controller-0 as user wrsroot, with password wrsroot. The +first time you log in as wrsroot, you are required to change your +password. Enter the current password (wrsroot): + +:: + + Changing password for wrsroot. + (current) UNIX Password: + +Enter a new password for the wrsroot account: + +:: + + New password: + +Enter the new password again to confirm it: + +:: + + Retype new password: + +controller-0 is initialized with StarlingX, and is ready for configuration. + +************************ +Configuring controller-0 +************************ + +This section describes how to perform the controller-0 configuration +interactively just to bootstrap system with minimum critical data. +Except where noted, all the commands must be executed from the console +of the active controller (here assumed to be controller-0). + +When run interactively, the config_controller script presents a series +of prompts for initial configuration of StarlingX: + +- For the virtual environment, you can accept all the default values + immediately after ‘system date and time’. +- For a physical deployment, answer the bootstrap configuration + questions with answers applicable to your particular physical setup. + +The script is used to configure the first controller in the StarlingX +cluster as controller-0. The prompts are grouped by configuration +area. To start the script interactively, use the following command +with no parameters: + +:: + + controller-0:~$ sudo config_controller + System Configuration + ================ + Enter ! at any prompt to abort... + ... + +Accept all the default values immediately after ‘system date and time’: + +:: + + ... + Applying configuration (this will take several minutes): + + 01/08: Creating bootstrap configuration ... DONE + 02/08: Applying bootstrap manifest ... DONE + 03/08: Persisting local configuration ... DONE + 04/08: Populating initial system inventory ... DONE + 05:08: Creating system configuration ... DONE + 06:08: Applying controller manifest ... DONE + 07:08: Finalize controller configuration ... DONE + 08:08: Waiting for service activation ... DONE + + Configuration was applied + + Please complete any out of service commissioning steps with system commands and unlock controller to proceed. + +After config_controller bootstrap configuration, REST API, CLI and +Horizon interfaces are enabled on the controller-0 OAM IP address. The +remaining installation instructions will use the CLI. + +------------------------------------ +Provisioning controller-0 and system +------------------------------------ + +On controller-0, acquire Keystone administrative privileges: + +:: + + controller-0:~$ source /etc/nova/openrc + +********************************************* +Configuring provider networks at installation +********************************************* + +You must set up provider networks at installation so that you can attach +data interfaces and unlock the compute nodes. + +Set up one provider network of the vlan type, named providernet-a: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ neutron providernet-create providernet-a --type=vlan + [wrsroot@controller-0 ~(keystone_admin)]$ neutron providernet-range-create --name providernet-a-range1 --range 100-400 providernet-a + +********************************************* +Adding a Ceph storage backend at installation +********************************************* + +Add CEPH Storage backend: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system storage-backend-add ceph -s cinder,glance,swift,nova + + WARNING : THIS OPERATION IS NOT REVERSIBLE AND CANNOT BE CANCELLED. + + By confirming this operation, Ceph backend will be created. + A minimum of 2 storage nodes are required to complete the configuration. + Please set the 'confirmed' field to execute this operation for the ceph backend. + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system storage-backend-add ceph -s cinder,glance,swift,nova --confirmed + + System configuration has changed. + Please follow the administrator guide to complete configuring the system. + + +--------------------------------------+------------+---------+-------------+--------------------+----------+... + | uuid | name | backend | state | task | services |... + +--------------------------------------+------------+---------+-------------+--------------------+----------+... + | 48ddb10a-206c-42da-bb3f-f7160a356724 | ceph-store | ceph | configuring | applying-manifests | cinder, |... + | | | | | | glance, |... + | | | | | | swift |... + | | | | | | nova |... + | | | | | | |... + | 55f49f86-3e01-4d03-a014-42e1b55ba487 | file-store | file | configured | None | glance |... + +--------------------------------------+------------+---------+-------------+--------------------+----------+... + +Confirm CEPH storage is configured: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system storage-backend-list + +--------------------------------------+------------+---------+------------+-------------------+-----------+... + | uuid | name | backend | state | task | services |... + +--------------------------------------+------------+---------+------------+-------------------+-----------+... + | 48ddb10a-206c-42da-bb3f-f7160a356724 | ceph-store | ceph | configured | provision-storage | cinder, |... + | | | | | | glance, |... + | | | | | | swift |... + | | | | | | nova |... + | | | | | | |... + | 55f49f86-3e01-4d03-a014-42e1b55ba487 | file-store | file | configured | None | glance |... + +--------------------------------------+------------+---------+------------+-------------------+-----------+... + +********************** +Unlocking controller-0 +********************** + +You must unlock controller-0 so that you can use it to install the remaining +hosts. Use the system host-unlock command: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-unlock controller-0 + +The host is rebooted. During the reboot, the command line is unavailable, and +any ssh connections are dropped. To monitor the progress of the reboot, use the +controller-0 console. + +**************************************** +Verifying the controller-0 configuration +**************************************** + +On controller-0, acquire Keystone administrative privileges: + +:: + + controller-0:~$ source /etc/nova/openrc + +Verify that the StarlingX controller services are running: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system service-list + +-----+-------------------------------+--------------+----------------+ + | id | service_name | hostname | state | + +-----+-------------------------------+--------------+----------------+ + ... + | 1 | oam-ip | controller-0 | enabled-active | + | 2 | management-ip | controller-0 | enabled-active | + ... + +-----+-------------------------------+--------------+----------------+ + +Verify that controller-0 is unlocked, enabled, and available: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-list + +----+--------------+-------------+----------------+-------------+--------------+ + | id | hostname | personality | administrative | operational | availability | + +----+--------------+-------------+----------------+-------------+--------------+ + | 1 | controller-0 | controller | unlocked | enabled | available | + +----+--------------+-------------+----------------+-------------+--------------+ + +******************************* +Provisioning filesystem storage +******************************* + +List the controller file systems with status and current sizes: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system controllerfs-list + +--------------------------------------+-----------------+------+--------------------+------------+-------+ + | UUID | FS Name | Size | Logical Volume | Replicated | State | + | | | in | | | | + | | | GiB | | | | + +--------------------------------------+-----------------+------+--------------------+------------+-------+ + | 4e31c4ea-6970-4fc6-80ba-431fdcdae15f | backup | 5 | backup-lv | False | None | + | 6c689cd7-2bef-4755-a2fb-ddd9504692f3 | database | 5 | pgsql-lv | True | None | + | 44c7d520-9dbe-41be-ac6a-5d02e3833fd5 | extension | 1 | extension-lv | True | None | + | 809a5ed3-22c0-4385-9d1e-dd250f634a37 | glance | 8 | cgcs-lv | True | None | + | 9c94ef09-c474-425c-a8ba-264e82d9467e | gnocchi | 5 | gnocchi-lv | False | None | + | 895222b3-3ce5-486a-be79-9fe21b94c075 | img-conversions | 8 | img-conversions-lv | False | None | + | 5811713f-def2-420b-9edf-6680446cd379 | scratch | 8 | scratch-lv | False | None | + +--------------------------------------+-----------------+------+--------------------+------------+-------+ + +Modify filesystem sizes + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system controllerfs-modify backup=42 database=12 img-conversions=12 + +------------------------------------------------------- +Installing controller-1 / storage hosts / compute hosts +------------------------------------------------------- + +After initializing and configuring an active controller, you can add and +configure a backup controller and additional compute or storage hosts. +For each host do the following: + +***************** +Initializing host +***************** + +Power on Host. In host console you will see: + +:: + + Waiting for this node to be configured. + + Please configure the personality for this node from the + controller node in order to proceed. + +********************************** +Updating host name and personality +********************************** + +On controller-0, acquire Keystone administrative privileges: + +:: + + controller-0:~$ source /etc/nova/openrc + +Wait for controller-0 to discover new host, list the host until new +UNKNOWN host shows up in table: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-list + +----+--------------+-------------+----------------+-------------+--------------+ + | id | hostname | personality | administrative | operational | availability | + +----+--------------+-------------+----------------+-------------+--------------+ + | 1 | controller-0 | controller | unlocked | enabled | available | + | 2 | None | None | locked | disabled | offline | + +----+--------------+-------------+----------------+-------------+--------------+ + +Use the system host-add to update host personality attribute: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-add -n -p -m + +**REMARK:** use the Mac address for the specific network interface you +are going to be connected. e.g. OAM network interface for controller-1 +node, management network interface for compute and storage nodes. + +Check the **NIC** MAC address from "Virtual Manager GUI" under *"Show +virtual hardware details -*\ **i**\ *" Main Banner --> NIC: --> specific +"Bridge name:" under MAC address text field.* + +*************** +Monitoring host +*************** + +On controller-0, you can monitor the installation progress by running +the system host-show command for the host periodically. Progress is +shown in the install_state field. + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-show | grep install + | install_output | text | + | install_state | booting | + | install_state_info | None | + + +Wait while the host is configured and rebooted. Up to 20 minutes may be +required for a reboot, depending on hardware. When the reboot is +complete, the host is reported as locked, disabled, and online. + +************* +Listing hosts +************* + +Once all nodes have been installed, configured and rebooted, on +controller-0 list the hosts: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-list + +----+--------------+-------------+----------------+-------------+--------------+ + | id | hostname | personality | administrative | operational | availability | + +----+--------------+-------------+----------------+-------------+--------------+ + | 1 | controller-0 | controller | unlocked | enabled | available | + | 2 | controller-1 | controller | locked | disabled | online | + | 3 | compute-0 | compute | locked | disabled | online | + | 4 | compute-1 | compute | locked | disabled | online | + | 5 | storage-0 | storage | locked | disabled | online | + | 6 | storage-1 | storage | locked | disabled | online | + +----+--------------+-------------+----------------+-------------+--------------+ + +------------------------- +Provisioning controller-1 +------------------------- + +On controller-0, list hosts: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-list + +----+--------------+-------------+----------------+-------------+--------------+ + | id | hostname | personality | administrative | operational | availability | + +----+--------------+-------------+----------------+-------------+--------------+ + ... + | 2 | controller-1 | controller | locked | disabled | online | + ... + +----+--------------+-------------+----------------+-------------+--------------+ + +*********************************************** +Provisioning network interfaces on controller-1 +*********************************************** + +In order to list out hardware port names, types, PCI addresses that have +been discovered: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-port-list controller-1 + +Provision the OAM interface for controller-1: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-if-modify -n -c platform --networks oam controller-1 + +********************** +Unlocking controller-1 +********************** + +Unlock controller-1: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-unlock controller-1 + +Wait while the controller-1 is rebooted. Up to 10 minutes may be +required for a reboot, depending on hardware. + +**REMARK:** controller-1 will remain in degraded state until +data-syncing is complete. The duration is dependant on the +virtualization host's configuration - i.e., the number and configuration +of physical disks used to host the nodes' virtual disks. Also, the +management network is expected to have link capacity of 10000 (1000 is +not supported due to excessive data-sync time). Use 'fm alarm-list' to +confirm status. + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-list + +----+--------------+-------------+----------------+-------------+--------------+ + | id | hostname | personality | administrative | operational | availability | + +----+--------------+-------------+----------------+-------------+--------------+ + | 1 | controller-0 | controller | unlocked | enabled | available | + | 2 | controller-1 | controller | unlocked | enabled | available | + ... + +------------------------- +Provisioning storage host +------------------------- + +************************************** +Provisioning storage on a storage host +************************************** + +Available physical disks in storage-N: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-list storage-0 + +--------------------------------------+-----------+---------+---------+-------+------------+--------------+... + | uuid | device_no | device_ | device_ | size_ | available_ | rpm |... + | | de | num | type | gib | gib | |... + +--------------------------------------+-----------+---------+---------+-------+------------+--------------+... + | a2bbfe1f-cf91-4d39-a2e8-a9785448aa56 | /dev/sda | 2048 | HDD | 292. | 0.0 | Undetermined |... + | | | | | 968 | | |... + | | | | | | | |... + | c7cc08e6-ff18-4229-a79d-a04187de7b8d | /dev/sdb | 2064 | HDD | 100.0 | 99.997 | Undetermined |... + | | | | | | | |... + | | | | | | | |... + | 1ece5d1b-5dcf-4e3c-9d10-ea83a19dd661 | /dev/sdc | 2080 | HDD | 4.0 | 3.997 |... + | | | | | | | |... + | | | | | | | |... + +--------------------------------------+-----------+---------+---------+-------+------------+--------------+... + +Available storage tiers in storage-N: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system storage-tier-list ceph_cluster + +--------------------------------------+---------+--------+--------------------------------------+ + | uuid | name | status | backend_using | + +--------------------------------------+---------+--------+--------------------------------------+ + | 4398d910-75e4-4e99-a57f-fc147fb87bdb | storage | in-use | 5131a848-25ea-4cd8-bbce-0d65c84183df | + +--------------------------------------+---------+--------+--------------------------------------+ + +Create a storage function (i.e. OSD) in storage-N. At least two unlocked and +enabled hosts with monitors are required. Candidates are: controller-0, +controller-1, and storage-0. + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-stor-add storage-0 c7cc08e6-ff18-4229-a79d-a04187de7b8d + +------------------+--------------------------------------------------+ + | Property | Value | + +------------------+--------------------------------------------------+ + | osdid | 0 | + | function | osd | + | journal_location | 34989bad-67fc-49ea-9e9c-38ca4be95fad | + | journal_size_gib | 1024 | + | journal_path | /dev/disk/by-path/pci-0000:00:0d.0-ata-2.0-part2 | + | journal_node | /dev/sdb2 | + | uuid | 34989bad-67fc-49ea-9e9c-38ca4be95fad | + | ihost_uuid | 4a5ed4fc-1d2b-4607-acf9-e50a3759c994 | + | idisk_uuid | c7cc08e6-ff18-4229-a79d-a04187de7b8d | + | tier_uuid | 4398d910-75e4-4e99-a57f-fc147fb87bdb | + | tier_name | storage | + | created_at | 2018-08-16T00:39:44.409448+00:00 | + | updated_at | 2018-08-16T00:40:07.626762+00:00 | + +------------------+--------------------------------------------------+ + +Create remaining available storage function (an OSD) in storage-N +based in the number of available physical disks. + +List the OSDs: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-stor-list storage-0 + +--------------------------------------+----------+-------+--------------+--------------------------------------+ + | uuid | function | osdid | capabilities | idisk_uuid | + +--------------------------------------+----------+-------+--------------+--------------------------------------+ + | 34989bad-67fc-49ea-9e9c-38ca4be95fad | osd | 0 | {} | c7cc08e6-ff18-4229-a79d-a04187de7b8d | + +--------------------------------------+----------+-------+--------------+--------------------------------------+ + +Unlock storage-N: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-unlock storage-0 + +**REMARK:** Before you continue, repeat Provisioning Storage steps on +remaining storage nodes. + +--------------------------- +Provisioning a compute host +--------------------------- + +You must configure the network interfaces and the storage disks on a +host before you can unlock it. For each compute host do the following: + +On controller-0, acquire Keystone administrative privileges: + +:: + + controller-0:~$ source /etc/nova/openrc + +************************************************* +Provisioning network interfaces on a compute host +************************************************* + +On controller-0, in order to list out hardware port names, types, +pci-addresses that have been discovered: + +- **Only in virtual environment**: Ensure that the interface used is + one of those attached to host bridge with model type "virtio" (i.e., + eth1000 and eth1001). The model type "e1000" emulated devices will + not work for provider networks. + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-port-list compute-0 + +Provision the data interface for compute: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-if-modify -p providernet-a -c data compute-0 eth1000 + +*************************** +VSwitch virtual environment +*************************** + +**Only in virtual environment**. If the compute has more than 4 CPUs, +the system will auto-configure the vswitch to use 2 cores. However some +virtual environments do not properly support multi-queue required in a +multi-CPU environment. Therefore run the following command to reduce the +vswitch cores to 1: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-cpu-modify compute-0 -f vswitch -p0 1 + +--------------------------------------+-------+-----------+-------+--------+... + | uuid | log_c | processor | phy_c | thread |... + | | ore | | ore | |... + +--------------------------------------+-------+-----------+-------+--------+... + | a3b5620c-28b1-4fe0-9e97-82950d8582c2 | 0 | 0 | 0 | 0 |... + | f2e91c2b-bfc5-4f2a-9434-bceb7e5722c3 | 1 | 0 | 1 | 0 |... + | 18a98743-fdc4-4c0c-990f-3c1cb2df8cb3 | 2 | 0 | 2 | 0 |... + | 690d25d2-4f99-4ba1-a9ba-0484eec21cc7 | 3 | 0 | 3 | 0 |... + +--------------------------------------+-------+-----------+-------+--------+... + +************************************** +Provisioning storage on a compute host +************************************** + +Review the available disk space and capacity and obtain the uuid(s) of +the physical disk(s) to be used for nova local: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-list compute-0 + +--------------------------------------+-----------+---------+---------+-------+------------+... + | uuid | device_no | device_ | device_ | size_ | available_ |... + | | de | num | type | gib | gib |... + +--------------------------------------+-----------+---------+---------+-------+------------+ + | 14e52a55-f6a7-40ad-a0b1-11c2c3b6e7e9 | /dev/sda | 2048 | HDD | 292. | 265.132 |... + | a639914b-23a9-4071-9f25-a5f1960846cc | /dev/sdb | 2064 | HDD | 100.0 | 99.997 |... + +--------------------------------------+-----------+---------+---------+-------+------------+... + +Create the 'nova-local' local volume group: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-lvg-add compute-0 nova-local + +-----------------+-------------------------------------------------------------------+ + | Property | Value | + +-----------------+-------------------------------------------------------------------+ + | lvm_vg_name | nova-local | + | vg_state | adding | + | uuid | 37f4c178-f0fe-422d-b66e-24ae057da674 | + | ihost_uuid | f56921a6-8784-45ac-bd72-c0372cd95964 | + | lvm_vg_access | None | + | lvm_max_lv | 0 | + | lvm_cur_lv | 0 | + | lvm_max_pv | 0 | + | lvm_cur_pv | 0 | + | lvm_vg_size_gib | 0.00 | + | lvm_vg_total_pe | 0 | + | lvm_vg_free_pe | 0 | + | created_at | 2018-08-16T00:57:46.340454+00:00 | + | updated_at | None | + | parameters | {u'concurrent_disk_operations': 2, u'instance_backing': u'image'} | + +-----------------+-------------------------------------------------------------------+ + +Create a disk partition to add to the volume group based on uuid of the +physical disk: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-pv-add compute-0 nova-local a639914b-23a9-4071-9f25-a5f1960846cc + +--------------------------+--------------------------------------------+ + | Property | Value | + +--------------------------+--------------------------------------------+ + | uuid | 56fdb63a-1078-4394-b1ce-9a0b3bff46dc | + | pv_state | adding | + | pv_type | disk | + | disk_or_part_uuid | a639914b-23a9-4071-9f25-a5f1960846cc | + | disk_or_part_device_node | /dev/sdb | + | disk_or_part_device_path | /dev/disk/by-path/pci-0000:00:0d.0-ata-2.0 | + | lvm_pv_name | /dev/sdb | + | lvm_vg_name | nova-local | + | lvm_pv_uuid | None | + | lvm_pv_size_gib | 0.0 | + | lvm_pe_total | 0 | + | lvm_pe_alloced | 0 | + | ihost_uuid | f56921a6-8784-45ac-bd72-c0372cd95964 | + | created_at | 2018-08-16T01:05:59.013257+00:00 | + | updated_at | None | + +--------------------------+--------------------------------------------+ + +Remote RAW Ceph storage backed will be used to back nova local ephemeral +volumes: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-lvg-modify -b remote compute-0 nova-local + +************************ +Unlocking a compute host +************************ + +On controller-0, use the system host-unlock command to unlock the +compute-N: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-unlock compute-0 + +Wait while the compute-N is rebooted. Up to 10 minutes may be required +for a reboot, depending on hardware. The host is rebooted, and its +availability state is reported as in-test, followed by unlocked/enabled. + +------------------- +System health check +------------------- + +*********************** +Listing StarlingX nodes +*********************** + +On controller-0, after a few minutes, all nodes shall be reported as +unlocked, enabled, and available: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-list + +----+--------------+-------------+----------------+-------------+--------------+ + | id | hostname | personality | administrative | operational | availability | + +----+--------------+-------------+----------------+-------------+--------------+ + | 1 | controller-0 | controller | unlocked | enabled | available | + | 2 | controller-1 | controller | unlocked | enabled | available | + | 3 | compute-0 | compute | unlocked | enabled | available | + | 4 | compute-1 | compute | unlocked | enabled | available | + | 5 | storage-0 | storage | unlocked | enabled | available | + | 6 | storage-1 | storage | unlocked | enabled | available | + +----+--------------+-------------+----------------+-------------+--------------+ + +****************************** +Checking StarlingX CEPH health +****************************** + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ ceph -s + cluster e14ebfd6-5030-4592-91c3-7e6146b3c910 + health HEALTH_OK + monmap e1: 3 mons at {controller-0=192.168.204.3:6789/0,controller-1=192.168.204.4:6789/0,storage-0=192.168.204.204:6789/0} + election epoch 22, quorum 0,1,2 controller-0,controller-1,storage-0 + osdmap e84: 2 osds: 2 up, 2 in + flags sortbitwise,require_jewel_osds + pgmap v168: 1600 pgs, 5 pools, 0 bytes data, 0 objects + 87444 kB used, 197 GB / 197 GB avail + 1600 active+clean + controller-0:~$ + +***************** +System alarm list +***************** + +When all nodes are unlocked, enabled and available: check 'fm alarm-list' for +issues. + +Your StarlingX deployment is now up and running with 2x HA controllers with +Cinder storage, 1x compute, 3x storages and all OpenStack services up and +running. You can now proceed with standard OpenStack APIs, CLIs and/or Horizon +to load Glance images, configure Nova Flavors, configure Neutron networks and +launch Nova virtual machines. + +---------------------- +Deployment terminology +---------------------- + +.. include:: deployment_terminology.rst + :start-after: incl-standard-controller-deployment-terminology: + :end-before: incl-standard-controller-deployment-terminology-end: + +.. include:: deployment_terminology.rst + :start-after: incl-dedicated-storage-deployment-terminology: + :end-before: incl-dedicated-storage-deployment-terminology-end: + +.. include:: deployment_terminology.rst + :start-after: incl-common-deployment-terminology: + :end-before: incl-common-deployment-terminology-end: diff --git a/doc/source/installation_guide/latest/deployment_terminology.rst b/doc/source/installation_guide/latest/deployment_terminology.rst new file mode 100644 index 000000000..a88b4695f --- /dev/null +++ b/doc/source/installation_guide/latest/deployment_terminology.rst @@ -0,0 +1,119 @@ +.. _incl-simplex-deployment-terminology: + +**All-in-one controller node** + A single physical node that provides a controller function, compute + function, and storage function. + +.. _incl-simplex-deployment-terminology-end: + + +.. _incl-standard-controller-deployment-terminology: + +**Controller node / function** + A node that runs cloud control function for managing cloud resources. + + - Runs cloud control functions for managing cloud resources. + - Runs all OpenStack control functions (e.g. managing images, virtual + volumes, virtual network, and virtual machines). + - Can be part of a two-node HA control node cluster for running control + functions either active/active or active/standby. + +**Compute ( & network ) node / function** + A node that hosts applications in virtual machines using compute resources + such as CPU, memory, and disk. + + - Runs virtual switch for realizing virtual networks. + - Provides L3 routing and NET services. + +.. _incl-standard-controller-deployment-terminology-end: + + +.. _incl-dedicated-storage-deployment-terminology: + +**Storage node / function** + A node that contains a set of disks (e.g. SATA, SAS, SSD, and/or NVMe). + + - Runs CEPH distributed storage software. + - Part of an HA multi-node CEPH storage cluster supporting a replication + factor of two or three, journal caching, and class tiering. + - Provides HA persistent storage for images, virtual volumes + (i.e. block storage), and object storage. + +.. _incl-dedicated-storage-deployment-terminology-end: + +.. _incl-common-deployment-terminology: + +**OAM network** + The network on which all external StarlingX platform APIs are exposed, + (i.e. REST APIs, Horizon web server, SSH, and SNMP), typically 1GE. + + Only controller type nodes are required to be connected to the OAM + network. + +**Management network** + A private network (i.e. not connected externally), tipically 10GE, + used for the following: + + - Internal OpenStack / StarlingX monitoring and control. + - VM I/O access to a storage cluster. + + All nodes are required to be connected to the management network. + +**Data network(s)** + Networks on which the OpenStack / Neutron provider networks are realized + and become the VM tenant networks. + + Only compute type and all-in-one type nodes are required to be connected + to the data network(s); these node types require one or more interface(s) + on the data network(s). + +**IPMI network** + An optional network on which IPMI interfaces of all nodes are connected. + The network must be reachable using L3/IP from the controller's OAM + interfaces. + + You can optionally connect all node types to the IPMI network. + +**PXEBoot network** + An optional network for controllers to boot/install other nodes over the + network. + + By default, controllers use the management network for boot/install of other + nodes in the openstack cloud. If this optional network is used, all node + types are required to be connected to the PXEBoot network. + + A PXEBoot network is required for a variety of special case situations: + + - Cases where the management network must be IPv6: + + - IPv6 does not support PXEBoot. Therefore, IPv4 PXEBoot network must be + configured. + + - Cases where the management network must be VLAN tagged: + + - Most server's BIOS do not support PXEBooting over tagged networks. + Therefore, you must configure an untagged PXEBoot network. + + - Cases where a management network must be shared across regions but + individual regions' controllers want to only network boot/install nodes + of their own region: + + - You must configure separate, per-region PXEBoot networks. + +**Infra network** + A deprecated optional network that was historically used for access to the + storage cluster. + + If this optional network is used, all node types are required to be + connected to the INFRA network, + +**Node interfaces** + All nodes' network interfaces can, in general, optionally be either: + + - Untagged single port. + - Untagged two-port LAG and optionally split between redudant L2 switches + running vPC (Virtual Port-Channel), also known as multichassis + EtherChannel (MEC). + - VLAN on either single-port ETH interface or two-port LAG interface. + +.. _incl-common-deployment-terminology-end: diff --git a/doc/source/installation_guide/latest/duplex.rst b/doc/source/installation_guide/latest/duplex.rst new file mode 100644 index 000000000..552aff31d --- /dev/null +++ b/doc/source/installation_guide/latest/duplex.rst @@ -0,0 +1,1520 @@ +============================================== +All-In-One Duplex deployment guide stx.2019.05 +============================================== + +.. contents:: + :local: + :depth: 1 + +**NOTE:** The instructions to setup a StarlingX All-in-One Duplex +(AIO-DX) with containerized openstack services in this guide +are under development. +For approved instructions, see the +`All in One Duplex Configuration wiki page `__. + +---------------------- +Deployment description +---------------------- + +***************** +All-In-One Duplex +***************** + +The All-In-One Duplex (AIO-DX) deployment option provides all three cloud +functions (controller, compute, and storage) on two physical servers. With cloud +technologies, multiple diverse application types can be deployed and +consolidated onto a protected pair of physical servers. For example: + +- Consolidate legacy applications that must run standalone on a server by + using multiple virtual machines. +- Consolidate legacy applications that run on different operating systems + or different distributions of operating systems by using multiple virtual + machines. + +.. figure:: figures/starlingx-deployment-options-duplex.png + :scale: 50% + :alt: All-In-One Duplex deployment configuration + + *All-In-One Duplex deployment configuration* + +This two node cluster enables: + +- High availability services running on the controller function across the + two physical servers in either active/active or active/standby mode. +- Storage function running on top of LVM on single second disk, DRBD-sync'd + between the servers. +- Virtual machines being scheduled on both compute functions. + +A All-In-One Duplex deployment provides protection against overall server +hardware fault. Should an overall server hardware fault occur: + +- All controller high availability services go active on remaining + healthy server. +- All virtual machines are recovered on remaining healthy server. + +The All-In-One Duplex deployment solution is required for a variety of special +case situations, for example: + +- Small amount of cloud processing/storage. +- Protection against overall server hardware fault. + +************************** +All-In-One Duplex extended +************************** + +The All-In-One Duplex Extended deployment option extends the capacity of the +All-In-One Duplex deployment by adding up to four compute nodes to the +deployment. The extended deployment option provides a capacity growth path for +someone starting with an All-In-One Duplex deployment. + +With this option, virtual machines can be scheduled on either of the +all-in-one controller nodes and/or the compute nodes. + +.. figure:: figures/starlingx-deployment-options-duplex-extended.png + :scale: 50% + :alt: All-In-One Duplex Extended Deployment Configuration + + *All-In-One Duplex Extended deployment configuration* + +This configuration is limited to four compute nodes as the controller function +on the all-in-one controllers has only a portion of the processing power of the +overall server. + +----------------------------------- +Preparing All-In-One Duplex servers +----------------------------------- + +********** +Bare metal +********** + +Required Servers: + +- Combined servers (controller + compute): 2 + +^^^^^^^^^^^^^^^^^^^^^ +Hardware requirements +^^^^^^^^^^^^^^^^^^^^^ + +The recommended minimum requirements for the physical servers where +All-In-One Duplex will be deployed, include: + +- Minimum processor: + + - Typical hardware form factor: + + - Dual-CPU Intel® Xeon® E5 26xx family (SandyBridge) 8 cores/socket + - Low cost / low power hardware form factor + + - Single-CPU Intel Xeon D-15xx family, 8 cores + +- Memory: 64 GB +- BIOS: + + - Hyper-Threading technology: Enabled + - Virtualization technology: Enabled + - VT for directed I/O: Enabled + - CPU power and performance policy: Performance + - CPU C state control: Disabled + - Plug & play BMC detection: Disabled + +- Primary disk: + + - 500 GB SDD or NVMe + +- Additional disks: + + - Zero or more 500 GB disks (min. 10K RPM) + +- Network ports: + + **NOTE:** The All-In-One Duplex configuration requires one or more data ports. + + - Management: 10GE + - OAM: 10GE + - Data: n x 10GE + +******************* +Virtual environment +******************* + +Run the libvirt QEMU setup scripts. Setting up virtualized OAM and +management networks: + +:: + + $ bash setup_network.sh + +Building XML for definition of virtual servers: + +:: + + $ bash setup_configuration.sh -c duplex -i + +The default XML server definitions that are created by the previous script +are: + +- duplex-controller-0 +- duplex-controller-1 + +^^^^^^^^^^^^^^^^^^^^^^^^^ +Power up a virtual server +^^^^^^^^^^^^^^^^^^^^^^^^^ + +To power up a virtual server, run the following command: + +:: + + $ sudo virsh start + +e.g. + +:: + + $ sudo virsh start duplex-controller-0 + +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Access virtual server consoles +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The XML for virtual servers in stx-tools repo, deployment/libvirt, +provides both graphical and text consoles. + +Access the graphical console in virt-manager by right-click on the +domain (the server) and selecting "Open". + +Access the textual console with the command "virsh console $DOMAIN", +where DOMAIN is the name of the server shown in virsh. + +When booting the controller-0 for the first time, both the serial and +graphical consoles will present the initial configuration menu for the +cluster. One can select serial or graphical console for controller-0. +For the other nodes however only serial is used, regardless of which +option is selected. + +Open the graphic console on all servers before powering them on to +observe the boot device selection and PXI boot progress. Run "virsh +console $DOMAIN" command promptly after power on to see the initial boot +sequence which follows the boot device selection. One has a few seconds +to do this. + +-------------------------------- +Installing the controller-0 host +-------------------------------- + +Installing controller-0 involves initializing a host with software and +then applying a bootstrap configuration from the command line. The +configured bootstrapped host becomes controller-0. + +Procedure: + +#. Power on the server that will be controller-0 with the StarlingX ISO + on a USB in a bootable USB slot. +#. Configure the controller using the config_controller script. + +************************* +Initializing controller-0 +************************* + +This section describes how to initialize StarlingX in host controller-0. +Except where noted, all the commands must be executed from a console of +the host. + +Power on the host to be configured as controller-0, with the StarlingX +ISO on a USB in a bootable USB slot. Wait for the console to show the +StarlingX ISO booting options: + +- **All-in-one Controller Configuration** + + - When the installer is loaded and the installer welcome screen + appears in the controller-0 host, select the type of installation + "All-in-one Controller Configuration". + +- **Graphical Console** + + - Select the "Graphical Console" as the console to use during + installation. + +- **Standard Security Boot Profile** + + - Select "Standard Security Boot Profile" as the security profile. + +Monitor the initialization. When it is complete, a reboot is initiated +on the controller-0 host, briefly displays a GNU GRUB screen, and then +boots automatically into the StarlingX image. + +Log into controller-0 as user wrsroot, with password wrsroot. The +first time you log in as wrsroot, you are required to change your +password. Enter the current password (wrsroot): + +:: + + Changing password for wrsroot. + (current) UNIX Password: + +Enter a new password for the wrsroot account: + +:: + + New password: + +Enter the new password again to confirm it: + +:: + + Retype new password: + +controller-0 is initialized with StarlingX, and is ready for +configuration. + +************************ +Configuring controller-0 +************************ + +This section describes how to perform the controller-0 configuration +interactively just to bootstrap system with minimum critical data. +Except where noted, all the commands must be executed from the console +of the active controller (here assumed to be controller-0). + +When run interactively, the config_controller script presents a series +of prompts for initial configuration of StarlingX: + +- For the virtual environment, you can accept all the default values + immediately after ‘system date and time’. +- For a physical deployment, answer the bootstrap configuration + questions with answers applicable to your particular physical setup. + +The script is used to configure the first controller in the StarlingX +cluster as controller-0. The prompts are grouped by configuration +area. To start the script interactively, use the following command +with no parameters: + +:: + + controller-0:~$ sudo config_controller + System Configuration + ================ + Enter ! at any prompt to abort... + ... + +Select [y] for System date and time: + +:: + + System date and time: + ----------------------------- + + Is the current date and time correct? [y/N]: y + +For System mode choose "duplex": + +:: + + System mode. Available options are: + + 1) duplex-direct: two node-redundant configuration. Management and + infrastructure networks are directly connected to peer ports + 2) duplex - two node redundant configuration + 3) simplex - single node non-redundant configuration + System mode [duplex-direct]: 2 + +After System date and time and System mode: + +:: + + Applying configuration (this will take several minutes): + + 01/08: Creating bootstrap configuration ... DONE + 02/08: Applying bootstrap manifest ... DONE + 03/08: Persisting local configuration ... DONE + 04/08: Populating initial system inventory ... DONE + 05:08: Creating system configuration ... DONE + 06:08: Applying controller manifest ... DONE + 07:08: Finalize controller configuration ... DONE + 08:08: Waiting for service activation ... DONE + + Configuration was applied + + Please complete any out of service commissioning steps with system commands and unlock controller to proceed. + +After config_controller bootstrap configuration, REST API, CLI and +Horizon interfaces are enabled on the controller-0 OAM IP address. The +remaining installation instructions will use the CLI. + +---------------------------------- +Provisioning the controller-0 host +---------------------------------- + +On controller-0, acquire Keystone administrative privileges: + +:: + + controller-0:~$ source /etc/nova/openrc + +********************************************* +Configuring provider networks at installation +********************************************* + +Set up one provider network of the vlan type, named providernet-a: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ neutron providernet-create providernet-a --type=vlan + [wrsroot@controller-0 ~(keystone_admin)]$ neutron providernet-range-create --name providernet-a-range1 --range 100-400 providernet-a + +***************************************** +Providing data interfaces on controller-0 +***************************************** + +List all interfaces: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-if-list -a controller-0 + +--------------------------------------+---------+----------+...+------+--------------+------+---------+------------+.. + | uuid | name | class |...| vlan | ports | uses | used by | attributes |.. + | | | |...| id | | i/f | i/f | |.. + +--------------------------------------+---------+----------+...+------+--------------+------+---------+------------+.. + | 49fd8938-e76f-49f1-879e-83c431a9f1af | enp0s3 | platform |...| None | [u'enp0s3'] | [] | [] | MTU=1500 |.. + | 8957bb2c-fec3-4e5d-b4ed-78071f9f781c | eth1000 | None |...| None | [u'eth1000'] | [] | [] | MTU=1500 |.. + | bf6f4cad-1022-4dd7-962b-4d7c47d16d54 | eth1001 | None |...| None | [u'eth1001'] | [] | [] | MTU=1500 |.. + | f59b9469-7702-4b46-bad5-683b95f0a1cb | enp0s8 | platform |...| None | [u'enp0s8'] | [] | [] | MTU=1500 |.. + +--------------------------------------+---------+----------+...+------+--------------+------+---------+------------+.. + +Configure the data interfaces: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-if-modify -c data controller-0 eth1000 -p providernet-a + +------------------+--------------------------------------+ + | Property | Value | + +------------------+--------------------------------------+ + | ifname | eth1000 | + | iftype | ethernet | + | ports | [u'eth1000'] | + | providernetworks | providernet-a | + | imac | 08:00:27:c4:ad:3e | + | imtu | 1500 | + | ifclass | data | + | aemode | None | + | schedpolicy | None | + | txhashpolicy | None | + | uuid | 8957bb2c-fec3-4e5d-b4ed-78071f9f781c | + | ihost_uuid | 9c332b27-6f22-433b-bf51-396371ac4608 | + | vlan_id | None | + | uses | [] | + | used_by | [] | + | created_at | 2018-08-28T12:50:51.820151+00:00 | + | updated_at | 2018-08-28T14:46:18.333109+00:00 | + | sriov_numvfs | 0 | + | ipv4_mode | disabled | + | ipv6_mode | disabled | + | accelerated | [True] | + +------------------+--------------------------------------+ + +************************************* +Configuring Cinder on controller disk +************************************* + +Review the available disk space and capacity and obtain the uuid of the +physical disk: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-list controller-0 + +--------------------------------------+-----------+---------+---------+---------+------------+... + | uuid | device_no | device_ | device_ | size_mi | available_ |... + | | de | num | type | b | mib |... + +--------------------------------------+-----------+---------+---------+---------+------------+... + | 6b42c9dc-f7c0-42f1-a410-6576f5f069f1 | /dev/sda | 2048 | HDD | 600000 | 434072 |... + | | | | | | |... + | | | | | | |... + | 534352d8-fec2-4ca5-bda7-0e0abe5a8e17 | /dev/sdb | 2064 | HDD | 16240 | 16237 |... + | | | | | | |... + | | | | | | |... + | 146195b2-f3d7-42f9-935d-057a53736929 | /dev/sdc | 2080 | HDD | 16240 | 16237 |... + | | | | | | |... + | | | | | | |... + +--------------------------------------+-----------+---------+---------+---------+------------+... + +Create the 'cinder-volumes' local volume group: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-lvg-add controller-0 cinder-volumes + +-----------------+--------------------------------------+ + | lvm_vg_name | cinder-volumes | + | vg_state | adding | + | uuid | 61cb5cd2-171e-4ef7-8228-915d3560cdc3 | + | ihost_uuid | 9c332b27-6f22-433b-bf51-396371ac4608 | + | lvm_vg_access | None | + | lvm_max_lv | 0 | + | lvm_cur_lv | 0 | + | lvm_max_pv | 0 | + | lvm_cur_pv | 0 | + | lvm_vg_size | 0.00 | + | lvm_vg_total_pe | 0 | + | lvm_vg_free_pe | 0 | + | created_at | 2018-08-28T13:45:20.218905+00:00 | + | updated_at | None | + | parameters | {u'lvm_type': u'thin'} | + +-----------------+--------------------------------------+ + +Create a disk partition to add to the volume group: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-partition-add controller-0 534352d8-fec2-4ca5-bda7-0e0abe5a8e17 16237 -t lvm_phys_vol + +-------------+--------------------------------------------------+ + | Property | Value | + +-------------+--------------------------------------------------+ + | device_path | /dev/disk/by-path/pci-0000:00:0d.0-ata-2.0-part1 | + | device_node | /dev/sdb1 | + | type_guid | ba5eba11-0000-1111-2222-000000000001 | + | type_name | None | + | start_mib | None | + | end_mib | None | + | size_mib | 16237 | + | uuid | 0494615f-bd79-4490-84b9-dcebbe5f377a | + | ihost_uuid | 9c332b27-6f22-433b-bf51-396371ac4608 | + | idisk_uuid | 534352d8-fec2-4ca5-bda7-0e0abe5a8e17 | + | ipv_uuid | None | + | status | Creating | + | created_at | 2018-08-28T13:45:48.512226+00:00 | + | updated_at | None | + +-------------+--------------------------------------------------+ + +Wait for the new partition to be created (i.e. status=Ready): + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-partition-list controller-0 --disk 534352d8-fec2-4ca5-bda7-0e0abe5a8e17 + +--------------------------------------+...+------------+...+---------------------+----------+--------+ + | uuid |...| device_nod |...| type_name | size_mib | status | + | |...| e |...| | | | + +--------------------------------------+...+------------+...+---------------------+----------+--------+ + | 0494615f-bd79-4490-84b9-dcebbe5f377a |...| /dev/sdb1 |...| LVM Physical Volume | 16237 | Ready | + | |...| |...| | | | + | |...| |...| | | | + +--------------------------------------+...+------------+...+---------------------+----------+--------+ + +Add the partition to the volume group: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-pv-add controller-0 cinder-volumes 0494615f-bd79-4490-84b9-dcebbe5f377a + +--------------------------+--------------------------------------------------+ + | Property | Value | + +--------------------------+--------------------------------------------------+ + | uuid | 9a0ad568-0ace-4d57-9e03-e7a63f609cf2 | + | pv_state | adding | + | pv_type | partition | + | disk_or_part_uuid | 0494615f-bd79-4490-84b9-dcebbe5f377a | + | disk_or_part_device_node | /dev/sdb1 | + | disk_or_part_device_path | /dev/disk/by-path/pci-0000:00:0d.0-ata-2.0-part1 | + | lvm_pv_name | /dev/sdb1 | + | lvm_vg_name | cinder-volumes | + | lvm_pv_uuid | None | + | lvm_pv_size | 0 | + | lvm_pe_total | 0 | + | lvm_pe_alloced | 0 | + | ihost_uuid | 9c332b27-6f22-433b-bf51-396371ac4608 | + | created_at | 2018-08-28T13:47:39.450763+00:00 | + | updated_at | None | + +--------------------------+--------------------------------------------------+ + +********************************************* +Adding an LVM storage backend at installation +********************************************* + +Ensure requirements are met to add LVM storage: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system storage-backend-add lvm -s cinder + + WARNING : THIS OPERATION IS NOT REVERSIBLE AND CANNOT BE CANCELLED. + + By confirming this operation, the LVM backend will be created. + + Please refer to the system admin guide for minimum spec for LVM + storage. Set the 'confirmed' field to execute this operation + for the lvm backend. + +Add the LVM storage backend: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system storage-backend-add lvm -s cinder --confirmed + + System configuration has changed. + Please follow the administrator guide to complete configuring the system. + + +--------------------------------------+------------+---------+-------------+...+----------+--------------+ + | uuid | name | backend | state |...| services | capabilities | + +--------------------------------------+------------+---------+-------------+...+----------+--------------+ + | 6d750a68-115a-4c26-adf4-58d6e358a00d | file-store | file | configured |...| glance | {} | + | e2697426-2d79-4a83-beb7-2eafa9ceaee5 | lvm-store | lvm | configuring |...| cinder | {} | + +--------------------------------------+------------+---------+-------------+...+----------+--------------+ + +Wait for the LVM storage backend to be configured (i.e. state=configured): + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system storage-backend-list + +--------------------------------------+------------+---------+------------+------+----------+--------------+ + | uuid | name | backend | state | task | services | capabilities | + +--------------------------------------+------------+---------+------------+------+----------+--------------+ + | 6d750a68-115a-4c26-adf4-58d6e358a00d | file-store | file | configured | None | glance | {} | + | e2697426-2d79-4a83-beb7-2eafa9ceaee5 | lvm-store | lvm | configured | None | cinder | {} | + +--------------------------------------+------------+---------+------------+------+----------+--------------+ + +*********************************************** +Configuring VM local storage on controller disk +*********************************************** + +Review the available disk space and capacity and obtain the uuid of the +physical disk: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-list controller-0 + +--------------------------------------+-----------+---------+---------+---------+------------+... + | uuid | device_no | device_ | device_ | size_mi | available_ |... + | | de | num | type | b | mib |... + +--------------------------------------+-----------+---------+---------+---------+------------+... + | 6b42c9dc-f7c0-42f1-a410-6576f5f069f1 | /dev/sda | 2048 | HDD | 600000 | 434072 |... + | | | | | | |... + | | | | | | |... + | 534352d8-fec2-4ca5-bda7-0e0abe5a8e17 | /dev/sdb | 2064 | HDD | 16240 | 0 |... + | | | | | | |... + | | | | | | |... + | 146195b2-f3d7-42f9-935d-057a53736929 | /dev/sdc | 2080 | HDD | 16240 | 16237 |... + | | | | | | |... + | | | | | | |... + +--------------------------------------+-----------+---------+---------+---------+------------+... + +Create the 'noval-local' volume group: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-lvg-add controller-0 nova-local + +-----------------+-------------------------------------------------------------------+ + | Property | Value | + +-----------------+-------------------------------------------------------------------+ + | lvm_vg_name | nova-local | + | vg_state | adding | + | uuid | 517d313e-8aa0-4b4d-92e6-774b9085f336 | + | ihost_uuid | 9c332b27-6f22-433b-bf51-396371ac4608 | + | lvm_vg_access | None | + | lvm_max_lv | 0 | + | lvm_cur_lv | 0 | + | lvm_max_pv | 0 | + | lvm_cur_pv | 0 | + | lvm_vg_size | 0.00 | + | lvm_vg_total_pe | 0 | + | lvm_vg_free_pe | 0 | + | created_at | 2018-08-28T14:02:58.486716+00:00 | + | updated_at | None | + | parameters | {u'concurrent_disk_operations': 2, u'instance_backing': u'image'} | + +-----------------+-------------------------------------------------------------------+ + +Create a disk partition to add to the volume group: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-partition-add controller-0 146195b2-f3d7-42f9-935d-057a53736929 16237 -t lvm_phys_vol + +-------------+--------------------------------------------------+ + | Property | Value | + +-------------+--------------------------------------------------+ + | device_path | /dev/disk/by-path/pci-0000:00:0d.0-ata-3.0-part1 | + | device_node | /dev/sdc1 | + | type_guid | ba5eba11-0000-1111-2222-000000000001 | + | type_name | None | + | start_mib | None | + | end_mib | None | + | size_mib | 16237 | + | uuid | 009ce3b1-ed07-46e9-9560-9d2371676748 | + | ihost_uuid | 9c332b27-6f22-433b-bf51-396371ac4608 | + | idisk_uuid | 146195b2-f3d7-42f9-935d-057a53736929 | + | ipv_uuid | None | + | status | Creating | + | created_at | 2018-08-28T14:04:29.714030+00:00 | + | updated_at | None | + +-------------+--------------------------------------------------+ + +Wait for the new partition to be created (i.e. status=Ready): + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-partition-list controller-0 --disk 146195b2-f3d7-42f9-935d-057a53736929 + +--------------------------------------+...+------------+...+---------------------+----------+--------+ + | uuid |...| device_nod |...| type_name | size_mib | status | + | |...| e |...| | | | + +--------------------------------------+...+------------+...+---------------------+----------+--------+ + | 009ce3b1-ed07-46e9-9560-9d2371676748 |...| /dev/sdc1 |...| LVM Physical Volume | 16237 | Ready | + | |...| |...| | | | + | |...| |...| | | | + +--------------------------------------+...+------------+...+---------------------+----------+--------+ + +Add the partition to the volume group: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-pv-add controller-0 nova-local 009ce3b1-ed07-46e9-9560-9d2371676748 + +--------------------------+--------------------------------------------------+ + | Property | Value | + +--------------------------+--------------------------------------------------+ + | uuid | 830c9dc8-c71a-4cb2-83be-c4d955ef4f6b | + | pv_state | adding | + | pv_type | partition | + | disk_or_part_uuid | 009ce3b1-ed07-46e9-9560-9d2371676748 | + | disk_or_part_device_node | /dev/sdc1 | + | disk_or_part_device_path | /dev/disk/by-path/pci-0000:00:0d.0-ata-3.0-part1 | + | lvm_pv_name | /dev/sdc1 | + | lvm_vg_name | nova-local | + | lvm_pv_uuid | None | + | lvm_pv_size | 0 | + | lvm_pe_total | 0 | + | lvm_pe_alloced | 0 | + | ihost_uuid | 9c332b27-6f22-433b-bf51-396371ac4608 | + | created_at | 2018-08-28T14:06:05.705546+00:00 | + | updated_at | None | + +--------------------------+--------------------------------------------------+ + +********************** +Unlocking controller-0 +********************** + +You must unlock controller-0 so that you can use it to install +controller-1. Use the system host-unlock command: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-unlock controller-0 + +The host is rebooted. During the reboot, the command line is +unavailable, and any ssh connections are dropped. To monitor the +progress of the reboot, use the controller-0 console. + +**************************************** +Verifying the controller-0 configuration +**************************************** + +On controller-0, acquire Keystone administrative privileges: + +:: + + controller-0:~$ source /etc/nova/openrc + +Verify that the controller-0 services are running: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system service-list + +-----+-------------------------------+--------------+----------------+ + | id | service_name | hostname | state | + +-----+-------------------------------+--------------+----------------+ + ... + | 1 | oam-ip | controller-0 | enabled-active | + | 2 | management-ip | controller-0 | enabled-active | + ... + +-----+-------------------------------+--------------+----------------+ + +Verify that controller-0 has controller and compute subfunctions: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-show 1 | grep subfunctions + | subfunctions | controller,compute | + +Verify that controller-0 is unlocked, enabled, and available: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-list + +----+--------------+-------------+----------------+-------------+--------------+ + | id | hostname | personality | administrative | operational | availability | + +----+--------------+-------------+----------------+-------------+--------------+ + | 1 | controller-0 | controller | unlocked | enabled | available | + +----+--------------+-------------+----------------+-------------+--------------+ + +-------------------------------- +Installing the controller-1 host +-------------------------------- + +After initializing and configuring controller-0, you can add and +configure a backup controller controller-1. + +****************************** +Initializing controller-1 host +****************************** + +Power on controller-1. In controller-1 console you will see: + +:: + + Waiting for this node to be configured. + + Please configure the personality for this node from the + controller node in order to proceed. + +**************************************************** +Updating controller-1 host hostname and personality +**************************************************** + +On controller-0, acquire Keystone administrative privileges: + +:: + + controller-0:~$ source /etc/nova/openrc + +Wait for controller-0 to discover new host, list the host until new +UNKNOWN host shows up in table: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-list + +----+--------------+-------------+----------------+-------------+--------------+ + | id | hostname | personality | administrative | operational | availability | + +----+--------------+-------------+----------------+-------------+--------------+ + | 1 | controller-0 | controller | unlocked | enabled | available | + | 2 | None | None | locked | disabled | offline | + +----+--------------+-------------+----------------+-------------+--------------+ + +Use the system host-update to update contoller-1 host personality +attribute: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-update 2 personality=controller hostname=controller-1 + +---------------------+--------------------------------------+ + | Property | Value | + +---------------------+--------------------------------------+ + | action | none | + | administrative | locked | + | availability | offline | + | bm_ip | None | + | bm_type | None | + | bm_username | None | + | boot_device | sda | + | capabilities | {} | + | config_applied | None | + | config_status | None | + | config_target | None | + | console | ttyS0,115200 | + | created_at | 2018-08-28T15:09:13.812906+00:00 | + | hostname | controller-1 | + | id | 2 | + | install_output | text | + | install_state | None | + | install_state_info | None | + | invprovision | None | + | location | {} | + | mgmt_ip | 192.168.204.4 | + | mgmt_mac | 08:00:27:3d:e2:66 | + | operational | disabled | + | personality | controller | + | reserved | False | + | rootfs_device | sda | + | serialid | None | + | software_load | 18.03 | + | subfunction_avail | not-installed | + | subfunction_oper | disabled | + | subfunctions | controller,compute | + | task | None | + | tboot | false | + | ttys_dcd | None | + | updated_at | None | + | uptime | 0 | + | uuid | be0f35f7-31d9-4145-bf6a-0c2556cf398c | + | vim_progress_status | None | + +---------------------+--------------------------------------+ + +**************************** +Monitoring controller-1 host +**************************** + +On controller-0, you can monitor the installation progress by running +the system host-show command for the host periodically. Progress is +shown in the install_state field. + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-show controller-1 | grep install + | install_output | text | + | install_state | booting | + | install_state_info | None | + +Wait while the controller-1 is configured and rebooted. Up to 20 minutes +may be required for a reboot, depending on hardware. When the reboot is +complete, the controller-1 is reported as locked, disabled, and online. + +************************* +Listing controller-1 host +************************* + +Once controller-1 has been installed, configured and rebooted, on +controller-0 list the hosts: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-list + +----+--------------+-------------+----------------+-------------+--------------+ + | id | hostname | personality | administrative | operational | availability | + +----+--------------+-------------+----------------+-------------+--------------+ + | 1 | controller-0 | controller | unlocked | enabled | available | + | 2 | controller-1 | controller | locked | disabled | online | + +----+--------------+-------------+----------------+-------------+--------------+ + +---------------------------------- +Provisioning the controller-1 host +---------------------------------- + +On controller-0, list hosts: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-list + +----+--------------+-------------+----------------+-------------+--------------+ + | id | hostname | personality | administrative | operational | availability | + +----+--------------+-------------+----------------+-------------+--------------+ + ... + | 2 | controller-1 | controller | locked | disabled | online | + +----+--------------+-------------+----------------+-------------+--------------+ + +*********************************************** +Provisioning network interfaces on controller-1 +*********************************************** + +In order to list out hardware port names, types, PCI addresses that have +been discovered: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-port-list controller-1 + +Provision the controller-1 OAM interface + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-if-modify -n ens6 -c platform --networks oam controller-1 ens6 + +------------------+--------------------------------------+ + | Property | Value | + +------------------+--------------------------------------+ + | ifname | ens6 | + | iftype | ethernet | + | ports | [u'ens6'] | + | providernetworks | None | + | imac | 08:00:27:ba:3c:38 | + | imtu | 1500 | + | ifclass | oam | + | aemode | None | + | schedpolicy | None | + | txhashpolicy | None | + | uuid | 160bfede-0950-42ba-acef-d0eb31e7fc49 | + | ihost_uuid | be0f35f7-31d9-4145-bf6a-0c2556cf398c | + | vlan_id | None | + | uses | [] | + | used_by | [] | + | created_at | 2018-08-28T15:59:10.701772+00:00 | + | updated_at | 2018-08-29T05:44:38.585642+00:00 | + | sriov_numvfs | 0 | + | ipv4_mode | static | + | ipv6_mode | disabled | + | accelerated | [False] | + +------------------+--------------------------------------+ + +***************************************** +Providing data interfaces on controller-1 +***************************************** + +List all interfaces: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-if-list -a controller-1 + +--------------------------------------+---------+---------+...+------+--------------+------+------+------------+.. + | uuid | name | network |...| vlan | ports | uses | used | attributes |.. + | | | type |...| id | | i/f | by | |.. + | | | |...| | | | i/f | |.. + +--------------------------------------+---------+---------+...+------+--------------+------+------+------------+.. + | 160bfede-0950-42ba-acef-d0eb31e7fc49 | ens6 | oam |...| None | [u'enp0s3'] | [] | [] | MTU=1500 |.. + | 37b3abcd-bcbe-44d5-b2fb-759c34efec89 | eth1001 | None |...| None | [u'eth1001'] | [] | [] | MTU=1500 |.. + | 81d66feb-b23c-4533-bd4b-129f9b75ecd6 | mgmt0 | mgmt |...| None | [u'enp0s8'] | [] | [] | MTU=1500 |.. + | e78ad9a9-e74d-4c6c-9de8-0e41aad8d7b7 | eth1000 | None |...| None | [u'eth1000'] | [] | [] | MTU=1500 |.. + +--------------------------------------+---------+---------+...+------+--------------+------+------+------------+.. + +Configure the data interfaces: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-if-modify -p providernet-a -c data controller-1 eth1000 + +------------------+--------------------------------------+ + | Property | Value | + +------------------+--------------------------------------+ + | ifname | eth1000 | + | networktype | data | + | iftype | ethernet | + | ports | [u'eth1000'] | + | providernetworks | providernet-a | + | imac | 08:00:27:39:61:6e | + | imtu | 1500 | + | aemode | None | + | schedpolicy | None | + | txhashpolicy | None | + | uuid | e78ad9a9-e74d-4c6c-9de8-0e41aad8d7b7 | + | ihost_uuid | be0f35f7-31d9-4145-bf6a-0c2556cf398c | + | vlan_id | None | + | uses | [] | + | used_by | [] | + | created_at | 2018-08-28T15:59:17.667899+00:00 | + | updated_at | 2018-08-29T06:04:55.116653+00:00 | + | sriov_numvfs | 0 | + | ipv4_mode | disabled | + | ipv6_mode | disabled | + | accelerated | [True] | + +------------------+--------------------------------------+ + +************************************ +Provisioning storage on controller-1 +************************************ + +Review the available disk space and capacity and obtain the uuid of the +physical disk: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-list controller-1 + +--------------------------------------+-------------+------------+-------------+----------+---------------+... + | uuid | device_node | device_num | device_type | size_mib | available_mib |... + +--------------------------------------+-------------+------------+-------------+----------+---------------+... + | 2dcc3d33-ba43-4b5a-b0b0-2b5a2e5737b7 | /dev/sda | 2048 | HDD | 600000 | 434072 |... + | f53437c6-77e3-4185-9453-67eaa8b461b1 | /dev/sdb | 2064 | HDD | 16240 | 16237 |... + | 623bbfc0-2b38-432a-acf4-a28db6066cce | /dev/sdc | 2080 | HDD | 16240 | 16237 |... + +--------------------------------------+-------------+------------+-------------+----------+---------------+... + +Assign Cinder storage to the physical disk: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-lvg-add controller-1 cinder-volumes + +-----------------+--------------------------------------+ + | Property | Value | + +-----------------+--------------------------------------+ + | lvm_vg_name | cinder-volumes | + | vg_state | adding | + | uuid | 3ccadc5c-e4f7-4b04-8403-af5d2ecef96d | + | ihost_uuid | be0f35f7-31d9-4145-bf6a-0c2556cf398c | + | lvm_vg_access | None | + | lvm_max_lv | 0 | + | lvm_cur_lv | 0 | + | lvm_max_pv | 0 | + | lvm_cur_pv | 0 | + | lvm_vg_size | 0.00 | + | lvm_vg_total_pe | 0 | + | lvm_vg_free_pe | 0 | + | created_at | 2018-08-29T05:51:13.965883+00:00 | + | updated_at | None | + | parameters | {u'lvm_type': u'thin'} | + +-----------------+--------------------------------------+ + +Create a disk partition to add to the volume group based on uuid of the +physical disk: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-partition-add controller-1 f53437c6-77e3-4185-9453-67eaa8b461b1 16237 -t lvm_phys_vol + +-------------+--------------------------------------------------+ + | Property | Value | + +-------------+--------------------------------------------------+ + | device_path | /dev/disk/by-path/pci-0000:00:0d.0-ata-2.0-part1 | + | device_node | /dev/sdb1 | + | type_guid | ba5eba11-0000-1111-2222-000000000001 | + | type_name | None | + | start_mib | None | + | end_mib | None | + | size_mib | 16237 | + | uuid | 7a41aab0-6695-4d16-9003-73238adda75b | + | ihost_uuid | be0f35f7-31d9-4145-bf6a-0c2556cf398c | + | idisk_uuid | f53437c6-77e3-4185-9453-67eaa8b461b1 | + | ipv_uuid | None | + | status | Creating (on unlock) | + | created_at | 2018-08-29T05:54:23.326612+00:00 | + | updated_at | None | + +-------------+--------------------------------------------------+ + +Wait for the new partition to be created (i.e. status=Ready): + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-partition-list controller-1 --disk f53437c6-77e3-4185-9453-67eaa8b461b1 + +--------------------------------------+...+-------------+...+-----------+----------+----------------------+ + | uuid |...| device_node |...| type_name | size_mib | status | + +--------------------------------------+...+-------------+...+-----------+----------+----------------------+ + | 7a41aab0-6695-4d16-9003-73238adda75b |...| /dev/sdb1 |...| None | 16237 | Creating (on unlock) | + +--------------------------------------+...+-------------+...+-----------+----------+----------------------+ + +Add the partition to the volume group: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-pv-add controller-1 cinder-volumes 7a41aab0-6695-4d16-9003-73238adda75b + +--------------------------+--------------------------------------------------+ + | Property | Value | + +--------------------------+--------------------------------------------------+ + | uuid | 11628316-56ab-41b2-b2be-a5d72667a5e9 | + | pv_state | adding | + | pv_type | partition | + | disk_or_part_uuid | 7a41aab0-6695-4d16-9003-73238adda75b | + | disk_or_part_device_node | /dev/sdb1 | + | disk_or_part_device_path | /dev/disk/by-path/pci-0000:00:0d.0-ata-2.0-part1 | + | lvm_pv_name | /dev/sdb1 | + | lvm_vg_name | cinder-volumes | + | lvm_pv_uuid | None | + | lvm_pv_size | 0 | + | lvm_pe_total | 0 | + | lvm_pe_alloced | 0 | + | ihost_uuid | be0f35f7-31d9-4145-bf6a-0c2556cf398c | + | created_at | 2018-08-29T06:25:54.550430+00:00 | + | updated_at | None | + +--------------------------+--------------------------------------------------+ + +*********************************************** +Configuring VM local storage on controller disk +*********************************************** + +Review the available disk space and capacity and obtain the uuid of the +physical disk: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-list controller-1 + +--------------------------------------+-------------+------------+-------------+----------+---------------+... + | uuid | device_node | device_num | device_type | size_mib | available_mib |... + +--------------------------------------+-------------+------------+-------------+----------+---------------+... + | 2dcc3d33-ba43-4b5a-b0b0-2b5a2e5737b7 | /dev/sda | 2048 | HDD | 600000 | 434072 |... + | f53437c6-77e3-4185-9453-67eaa8b461b1 | /dev/sdb | 2064 | HDD | 16240 | 16237 |... + | 623bbfc0-2b38-432a-acf4-a28db6066cce | /dev/sdc | 2080 | HDD | 16240 | 16237 |... + +--------------------------------------+-------------+------------+-------------+----------+---------------+... + +Create the 'cinder-volumes' local volume group: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-lvg-add controller-1 nova-local + +-----------------+-------------------------------------------------------------------+ + | Property | Value | + +-----------------+-------------------------------------------------------------------+ + | lvm_vg_name | nova-local | + | vg_state | adding | + | uuid | d205f839-0930-4e77-9f10-97089150f812 | + | ihost_uuid | be0f35f7-31d9-4145-bf6a-0c2556cf398c | + | lvm_vg_access | None | + | lvm_max_lv | 0 | + | lvm_cur_lv | 0 | + | lvm_max_pv | 0 | + | lvm_cur_pv | 0 | + | lvm_vg_size | 0.00 | + | lvm_vg_total_pe | 0 | + | lvm_vg_free_pe | 0 | + | created_at | 2018-08-29T06:28:28.226907+00:00 | + | updated_at | None | + | parameters | {u'concurrent_disk_operations': 2, u'instance_backing': u'image'} | + +-----------------+-------------------------------------------------------------------+ + +Create a disk partition to add to the volume group: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-partition-add controller-1 623bbfc0-2b38-432a-acf4-a28db6066cce 16237 -t lvm_phys_vol + +-------------+--------------------------------------------------+ + | Property | Value | + +-------------+--------------------------------------------------+ + | device_path | /dev/disk/by-path/pci-0000:00:0d.0-ata-3.0-part1 | + | device_node | /dev/sdc1 | + | type_guid | ba5eba11-0000-1111-2222-000000000001 | + | type_name | None | + | start_mib | None | + | end_mib | None | + | size_mib | 16237 | + | uuid | f7bc6095-9375-49fe-83c7-12601c202376 | + | ihost_uuid | be0f35f7-31d9-4145-bf6a-0c2556cf398c | + | idisk_uuid | 623bbfc0-2b38-432a-acf4-a28db6066cce | + | ipv_uuid | None | + | status | Creating (on unlock) | + | created_at | 2018-08-29T06:30:33.176428+00:00 | + | updated_at | None | + +-------------+--------------------------------------------------+ + +Wait for the new partition to be created (i.e. status=Ready): + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-partition-list controller-1 + +--------------------------------------+...+-------------+...+-----------+----------+----------------------+ + | uuid |...| device_node |...| type_name | size_mib | status | + +--------------------------------------+...+-------------+...+-----------+----------+----------------------+ + | 7a41aab0-6695-4d16-9003-73238adda75b |...| /dev/sdb1 |...| None | 16237 | Creating (on unlock) | + | f7bc6095-9375-49fe-83c7-12601c202376 |...| /dev/sdc1 |...| None | 16237 | Creating (on unlock) | + +--------------------------------------+...+-------------+...+-----------+----------+----------------------+ + +Add the partition to the volume group: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-pv-add controller-1 nova-local f7bc6095-9375-49fe-83c7-12601c202376 + +--------------------------+--------------------------------------------------+ + | Property | Value | + +--------------------------+--------------------------------------------------+ + | uuid | 94003d64-4e1b-483a-8a6c-0fc4b1e0e272 | + | pv_state | adding | + | pv_type | partition | + | disk_or_part_uuid | f7bc6095-9375-49fe-83c7-12601c202376 | + | disk_or_part_device_node | /dev/sdc1 | + | disk_or_part_device_path | /dev/disk/by-path/pci-0000:00:0d.0-ata-3.0-part1 | + | lvm_pv_name | /dev/sdc1 | + | lvm_vg_name | nova-local | + | lvm_pv_uuid | None | + | lvm_pv_size | 0 | + | lvm_pe_total | 0 | + | lvm_pe_alloced | 0 | + | ihost_uuid | be0f35f7-31d9-4145-bf6a-0c2556cf398c | + | created_at | 2018-08-29T06:33:08.625604+00:00 | + | updated_at | None | + +--------------------------+--------------------------------------------------+ + +********************** +Unlocking controller-1 +********************** + +Unlock controller-1: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-unlock controller-1 + +Wait while the controller-1 is rebooted. Up to 10 minutes may be +required for a reboot, depending on hardware. + +REMARK: controller-1 will remain in degraded state until data-syncing +is complete. The duration is dependant on the virtualization host's +configuration - i.e., the number and configuration of physical disks +used to host the nodes' virtual disks. Also, the management network is +expected to have link capacity of 10000 (1000 is not supported due to +excessive data-sync time). Use 'fm alarm-list' to confirm status. + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-list + +----+--------------+-------------+----------------+-------------+--------------+ + | id | hostname | personality | administrative | operational | availability | + +----+--------------+-------------+----------------+-------------+--------------+ + | 1 | controller-0 | controller | unlocked | enabled | available | + | 2 | controller-1 | controller | unlocked | enabled | available | + +----+--------------+-------------+----------------+-------------+--------------+ + +----------------------------------- +Extending the compute node capacity +----------------------------------- + +You can add up to four compute nodes to the All-in-One Duplex deployment. + +************************** +Compute hosts installation +************************** + +After initializing and configuring the two controllers, you can add up +to four additional compute hosts. To add a host, do the following: + +^^^^^^^^^^^^^^^^^ +Initializing host +^^^^^^^^^^^^^^^^^ + +Power on the host. The following appears in the host console: + +:: + + Waiting for this node to be configured. + + Please configure the personality for this node from the + controller node in order to proceed. + +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Updating the hostname and personality +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +On controller-0, acquire Keystone administrative privileges: + +:: + + controller-0:~$ source /etc/nova/openrc + +Wait for the controller-0 to both discover the new host and to list that host +as UNKNOWN in the table: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-list + +----+--------------+-------------+----------------+-------------+--------------+ + | id | hostname | personality | administrative | operational | availability | + +----+--------------+-------------+----------------+-------------+--------------+ + | 1 | controller-0 | controller | unlocked | enabled | online | + | 2 | controller-1 | controller | unlocked | enabled | online | + | 3 | None | None | locked | disabled | offline | + +----+--------------+-------------+----------------+-------------+--------------+ + +Use the system host-update command to update the host personality attribute: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-update 3 personality=compute hostname=compute-0 + +See also: 'system help host-update'. + +Unless it is known that the host's configuration can support the +installation of more than one node, it is recommended that the +installation and configuration of each node be serialized. For example, +if the virtual disks for the entire cluster are hosted on the host's +root disk and that disk happens to be a single rotational type hard disk, +then the host cannot reliably support parallel node installation. + +^^^^^^^^^^^^^^^ +Monitoring host +^^^^^^^^^^^^^^^ + +On controller-0, you can monitor the installation progress by periodically +running the system host-show command for the host. Progress is +shown in the install_state field. + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-show | grep install + | install_output | text | + | install_state | booting | + | install_state_info | None | + +Wait while the host is installed, configured, and rebooted. Depending on +hardware, it could take up to 20 minutes for this process to complete. +When the reboot is complete, the host is reported as locked, disabled, +and online. + +^^^^^^^^^^^^^ +Listing hosts +^^^^^^^^^^^^^ + +You can use the system host-list command to list the hosts once the node +has been installed, configured, and rebooted: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-list + +----+--------------+-------------+----------------+-------------+--------------+ + | id | hostname | personality | administrative | operational | availability | + +----+--------------+-------------+----------------+-------------+--------------+ + | 1 | controller-0 | controller | unlocked | enabled | online | + | 2 | controller-1 | controller | unlocked | enabled | online | + | 3 | compute-0 | compute | locked | disabled | online | + +----+--------------+-------------+----------------+-------------+--------------+ + +***************************** +Provisioning the compute host +***************************** + +You must configure the network interfaces and the storage disks on a +host before you can unlock it. For each compute host, do the following: + +On controller-0, acquire Keystone administrative privileges: + +:: + + controller-0:~$ source /etc/nova/openrc + +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Provisioning network interfaces on a compute host +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +In order to identify hardware port names, types, and discovered +pci-addresses on controller-0, list the host ports: + +- **Only in virtual environment**: Ensure that the interface used is + one of those attached to the host bridge with model type "virtio" (i.e. + eth1000 and eth1001). The model type "e1000" emulated devices will + not work for provider networks: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-port-list compute-0 + +--------------------------------------+---------+----------+--------------+... + | uuid | name | type | pci address |... + +--------------------------------------+---------+----------+--------------+... + | de9ec830-cf33-4a06-8985-cd3262f6ecd3 | enp2s1 | ethernet | 0000:02:01.0 |... + | 9def88fb-d871-4542-83e2-d4b6e35169a1 | enp2s2 | ethernet | 0000:02:02.0 |... + | b2e38da9-840f-446c-b466-ceb6479266f6 | eth1000 | ethernet | 0000:02:03.0 |... + | c1694675-643d-4ba7-b821-cd147450112e | eth1001 | ethernet | 0000:02:04.0 |... + +--------------------------------------+---------+----------+--------------+... + +Use the following command to provision the data interface for compute: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-if-modify -p providernet-a -c data compute-0 eth1000 + +^^^^^^^^^^^^^^^^^^^^^^^^^^^ +VSwitch virtual environment +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +**Only in virtual environment**. If the compute node has more than four CPUs, +the system auto-configures the vswitch to use two cores. However, some virtual +environments do not properly support multi-queue, which is required in a +multi-CPU environment. Therefore, run the following command to reduce the +vswitch cores to one: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-cpu-modify compute-0 -f vswitch -p0 1 + +--------------------------------------+-------+-----------+-------+--------+... + | uuid | log_c | processor | phy_c | thread |... + +--------------------------------------+-------+-----------+-------+--------+... + | 9d53c015-8dd5-4cd8-9abb-6f231fa773c2 | 0 | 0 | 0 | 0 |... + | 8620eaa7-19af-4ef7-a5aa-690ed57f01c7 | 1 | 0 | 1 | 0 |... + | f26598a5-8029-4d20-999e-2ec5d532d62e | 2 | 0 | 2 | 0 |... + | f7b3ce4a-10da-485d-873c-4e6988f7e9cf | 3 | 0 | 3 | 0 |... + +--------------------------------------+-------+-----------+-------+--------+... + +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Provisioning storage on a compute host +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Review the available disk space and capacity and then obtain the uuid(s) of +the physical disk(s) to be used for nova local: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-list compute-0 + +--------------------------------------+-----------+---------+---------+-------+------------+... + | uuid | device_no | device_ | device_ | size_ | available |... + | | de | num | type | gib | gib |... + +--------------------------------------+-----------+---------+---------+-------+------------+... + | 0ae45272-c9f4-4824-8405-f6c8946fda1e | /dev/sda | 2048 | HDD | 200.0 | 120.976 |... + | d751abfe-de57-4b23-b166-1d3d5b4d5ca6 | /dev/sdb | 2064 | HDD | 200.0 | 199.997 |... + +--------------------------------------+-----------+---------+---------+-------+------------+... + +Use the following command to create the 'nova-local' local volume group: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-lvg-add compute-0 nova-local + +-----------------------+-------------------------------------------------------------------+ + | Property | Value | + +-----------------------+-------------------------------------------------------------------+ + | lvm_vg_name | nova-local | + | vg_state | adding | + | uuid | 78e84a57-c40e-438c-97a4-49ebec6394d1 | + | ihost_uuid | 6f2de9b6-c55c-47b0-b40e-aff47f1e1bda | + | lvm_vg_access | None | + | lvm_max_lv | 0 | + | lvm_cur_lv | 0 | + | lvm_max_pv | 0 | + | lvm_cur_pv | 0 | + | lvm_vg_size_gib | 0.0 | + | lvm_vg_avail_size_gib | 0.0 | + | lvm_vg_total_pe | 0 | + | lvm_vg_free_pe | 0 | + | created_at | 2019-01-15T12:31:45.796538+00:00 | + | updated_at | None | + | parameters | {u'concurrent_disk_operations': 2, u'instance_backing': u'image'} | + +-----------------------+-------------------------------------------------------------------+ + +Use the following command to create a disk partition to add to the volume +group based on the uuid of the physical disk: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-pv-add compute-0 nova-local d751abfe-de57-4b23-b166-1d3d5b4d5ca6 + +--------------------------+--------------------------------------------+ + | Property | Value | + +--------------------------+--------------------------------------------+ + | uuid | bba20f20-81fc-40a2-bf1e-a2fae849625b | + | pv_state | adding | + | pv_type | disk | + | disk_or_part_uuid | d751abfe-de57-4b23-b166-1d3d5b4d5ca6 | + | disk_or_part_device_node | /dev/sdb | + | disk_or_part_device_path | /dev/disk/by-path/pci-0000:00:1f.2-ata-2.0 | + | lvm_pv_name | /dev/sdb | + | lvm_vg_name | nova-local | + | lvm_pv_uuid | None | + | lvm_pv_size_gib | 0.0 | + | lvm_pe_total | 0 | + | lvm_pe_alloced | 0 | + | ihost_uuid | 6f2de9b6-c55c-47b0-b40e-aff47f1e1bda | + | created_at | 2019-01-15T12:32:40.535160+00:00 | + | updated_at | None | + +--------------------------+--------------------------------------------+ + +^^^^^^^^^^^^^^^^^^^^^^^^ +Unlocking a compute host +^^^^^^^^^^^^^^^^^^^^^^^^ + +On controller-0, use the system host-unlock command to unlock the +compute node: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-unlock compute-0 + +Wait while the compute node is rebooted and re-configured. Depending on +hardware, it can take up to 10 minutes for the reboot to complete. Once +the reboot is complete, the nodes availability state reports as "in-test" +and is followed by unlocked/enabled. + +------------------- +System health check +------------------- + +*********************** +Listing StarlingX nodes +*********************** + +On controller-0, after a few minutes, all nodes are reported as +unlocked, enabled, and available: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-list + +----+--------------+-------------+----------------+-------------+--------------+ + | id | hostname | personality | administrative | operational | availability | + +----+--------------+-------------+----------------+-------------+--------------+ + | 1 | controller-0 | controller | unlocked | enabled | available | + | 2 | controller-1 | controller | unlocked | enabled | available | + | 3 | compute-0 | compute | unlocked | enabled | available | + +----+--------------+-------------+----------------+-------------+--------------+ + +***************** +System alarm list +***************** + +When all nodes are unlocked, enabled, and available: check 'fm alarm-list' for +issues. + +Your StarlingX deployment is now up and running with 2x HA controllers with +Cinder storage and all OpenStack services up and running. You can now proceed +with standard OpenStack APIs, CLIs and/or Horizon to load Glance images, +configure Nova Flavors, configure Neutron networks and launch Nova virtual +machines. + +---------------------- +Deployment terminology +---------------------- + +.. include:: deployment_terminology.rst + :start-after: incl-simplex-deployment-terminology: + :end-before: incl-simplex-deployment-terminology-end: + +.. include:: deployment_terminology.rst + :start-after: incl-standard-controller-deployment-terminology: + :end-before: incl-standard-controller-deployment-terminology-end: + +.. include:: deployment_terminology.rst + :start-after: incl-common-deployment-terminology: + :end-before: incl-common-deployment-terminology-end: diff --git a/doc/source/installation_guide/latest/figures/starlingx-deployment-options-controller-storage.png b/doc/source/installation_guide/latest/figures/starlingx-deployment-options-controller-storage.png new file mode 100644 index 0000000000000000000000000000000000000000..c1d028acf02fcd8875993f847cb1c2aafadd7562 GIT binary patch literal 102760 zcmeFY_dA<^^gnKfnn9}e2t{kfs#PNutJLVUYOB3z?ODW@QneK=+N!N+?U~wpkJbt` zf><%Xx7YhKe)|3gpZmI8t|V7-KcDBE=Q)q_IFCD8Pe+}af`x*BfPh+41M!%E07One zK>UOp1ia(VnrZ?3BlLW%{(zu#fNcYKL1GJk1ScS=^Ijo{YdE;I_TcG`SQ1>$7`K; z*=J3qi{2jZvfnG%V0?2HjU2Cxc%c9H(ux9wBLB~Yrq73S{ofBO-`auy&u2)a5H}0S z|NRiEh5UbC{m&f#&rJV2D*k^%LcII@q+7{FaW|CK=@T)Hj5$x^%5715j-&FZN6-AX zYhD~yc{VPyV+{-kMT7QYFN9I{Z9xNriIWX$QsY)n{^=+BJw24E{Q}2OZKjpsx)qNq zE+>#kv|rx;j@QZo1pFXQV!+@|>P`c0K#+9Ye}2=nzwBbB%=@wLUnUivA6H?NA_mi< zY0%!j+NQ(r|77|QN)yRMuFjci!_Kb$vtw#2^uGE&blg{Wj+c*S zU7Ob~-dYAn!Ls(P#5L;0B!tHmZ;h)pobO;SUA)iKo>jL8#Scaw4rzetrkSXTP~HS8 zA%7C{GMf*Lo1alz^3mM@!D%&HB%>_XUJ?B6pT`Cr|2x&bd!$L?c90-u#{jGk<cfC$x z8=rZ_SwYphSV=3&2&@-hC}f(q&YUHftH}2vlU>6hX37)tULm13r?ZzlVoE@xG7;2S zmM36EZYC@}<>M@;1HO*oU|cDJR| z!aN@6OL(~QT515=MX~k*)~%FvsYkMPz?lBr@_~N#AlkpIoMRM5@;sa%f}mR4V4Aj_ z=<$NOa!ND*f_h8Gy;5lsN4DdU6Rs)SYy@z1MffB!@#N+}{h)~>-@KCYyM0OnQf%yo zki+)3-dp`rrvpx;#GZN6%L1J|2@QRj?}w$is_xlL=`_-5tl?@Pu(7&n>rXifb9b)6 z=&W~EGVA^WVry)FO#Wp3kyjaj>qz%Gp((pY`($kbZ{R{UE#d+=t=Zh>|IAVFXdtZV zhPjgJx%>jb27AlKXMdfwAXz*uX1!1Emq@^sb9m|QTT=89JF%)>87L94Q0(|t#=qFGqT%Q|LpJ%^Yl&=dm3{d?wNs$I_}*M z{R;s}bPavgYT-ym5#FQ-4C{fB}RsI_#_I+9ovQ2p(VdaLeAH^Y1& z%PR;O(d1QsL~s(~GtwqBJu)&|0vz(Ta?{D=1 zFEA1ZopnnQ`Y6PV>-!A&9~hIHa!w6a3`XzatYjYMrLuARIWgQypbuB4(&W#pR8UMF z#2or2MtpvWzFE(hQc$MlzTgv>1P9D|Y^UcOzQ|E(Xo79%LZTahlE0}&vKCHp$V+44&PRMJHET-Z5FB_{M;(T_p2B20IFDetgw2?sLQ)&GZERxz(OMK zOVTB)rFqK)o5;6)wzh0ZwaH~YaMYU5ETBR1QTnJKnOJWjxK+L4H;QJt^0?x&> zMxgXBR@{M$Ut0QT&U5go0d2vnVPg8QQ`krHgY9^3C^Q+|m^!J&nC@~;%|F2Md}UQC z#$Sv*Nh4mctf6w+B8olZ(Y2X?ad-mhZ@ES$#(7@zi-JGOA8XcUd7vZS`(a87 z|MFWNd9X$7HmplKTfn+8rBM@}vk&kX+$`r=mVMxUT7|Go7v#**GpGPYB6E3^m7FXyeYGRR_54&g_zFWc2)F`;xenH*)*B4MM!NACY9Rm zM?>U44T|h;C4cN+@pxYTQtZX*f%14#jlxT7qimvdbcVro zj0|L4F>h>!a~D4&nY*4X&d@!bWs*iy!J8c=+|0dAeMeJ}q6W2Jtb*9~Q&4 zL+>c7qbe0F5fiAxT04H{mipiI;}HWQ(8{^pUp?flC;clGYxT$yG8Pg~iinwY&F;hp z3xdH?-zUz#H^`21smhlSZ;IO)h$tEO(#pJRDkZ^)`Gss7Tc z#5Cx8vApg?5r5n*RA~qur`XNrvdf?tboDS-8joeh2a6kqyhFpIoZnZw zp?;rLMXT4n?-ko}M&DN;D44v3rS%LsS+rHw*~?%+<_AT9eU$BGA&+zYX35>$BslIUU#f{DE0!#(6}gkj&le76g zZ(QbLgYQr{NA>dJ@zw zo|&_snuGUl1rJY~{`+|tdxJE7-8-+92l_Z_QRbayAz@5D)}eqvfV_&W0?u2+_nAIh zX91UUEct8ar=y&xjBY;9Zy24GS}P9)yUtCZGwLPq&O;WZK|d_2q%1c0JYMCIYJZAc zG<@Vo_ZzScAw*E~Yj3Rd4alu6Uyg@^iR1-TJ)GZ+=av}lt;3bXD;L0es``RT{GR$- zZOB+wn2{G4W%G7%{ajJ4-7hHW2KZQ@vbMJ5Jq#?M?WWUN{j>%riiiT>6EZj3JAngq3~5^m1UeMeMuf>(j}VeFJv zcAJoDWR%kRUsflES@e&XKB5@1tl)3yAhDOJoglgmDDUgEe8@@E;hzM1GYwFII&(7? zx~Zvc)d5l4J5%Uu$xj*{M|}hG`Rxw-^UJ+ACISaI*50j~76iNUv7kr7*@9~L&c=MZ zUN)mo{&rw(W_pfy?DV^JE&FLiuRhSbQPEJ)t-h|@KAK21q>rcwJf4>(m8!|h$oiH+ z3au>OWz`<(_I8?b^D=FRxkfndY4wj!D@u06evSDT|Aacfd!;5LFuEdXQj*o zt%}?PH-9;}EMq3RA7u#UA-;x5h(hYfK<$@r-ILxx`a5x6b3D?ME4R{hCCQCQY~Rb` zm!U{a^ZcOYMhXNYDN$B~I*9_;iK%?PGGc<^9Y594%mp!w1V&kBDw|?_{c~%i|CGcO zxY!RJj%EMI%GKI2A^T`qNQ7Inobknklrhj)>NO6yRzMLxNd8e2Qac$&>d;uW{$7<{ zwE?I#P-vw9xVg)2$|y?Ch>h zL6fT1!YQNac`(u~yZ@MjUZMiK4IksKE^SqW(-yfAYNG%SW6?5hRTh0+4Mi!1A=gX;IzGwDigBgjgl>(nfQGGKRGeLsobN5SuE{4i z$;K}+==~Nnq00|QghKNbw33C1IE}#fUHG)!yZ<PNod4l6*6LV%KsRSI2~C9e&3T}bV zRxM*t)Yd4E9wL>s^u}Clh$E2-rz!$QiQ9OqVFWa-iHBx4uRBCk&AT^U7O!awcOWPr ztuTde*Dfl)3|JQyf)Z&T3(#c1q)^Bu z^zWOKcgPjDWZqI*ZNTTfH%7@+Mfubi?U`b(H>I76?nXTcjn$3>wIVxAmURFl-9BJR z&?gxX6R8YdU4 zvlZL;6HejtHv9*HuUuc^tQ?2M>YwY*hg4{{m3W{9`S5ZIF+?;g z?SLTU_Umbz4{NEl4K_wE4p^J_So?p>y37V#;&QQ~HQY>`ZyJ`_M?G>+I`~fq2X0+g zotf0@2KmBP4Kw3d=4^_~n3Ozj#0I`Ny0Ij~@p{TaONxc}i094WhYflj^13^ZnMm>& zbY$}C*D@SWwPG}0AT#sCFkk-LT8Wa_Hiq-Ol~Z!@bfWfjFa})=oYV(%K3*JA0xts( z#|0yzExz82{N(^1((=bP9xvE&j#anQ$V*Dkxv5-b&#Q);2a-#;Cj-C}&4ymJBSN`^ za--i|-4^xLyt?jR0Td*<&UR`HunTwi7GGsLXW$0p%kXm;#Yy0tr~%daX8w9Ngb0U# zoEX;n1Etlzw5DMy-nXTg$W-0Ny)G6+s5*Jg*9gw`k;hyk-K&4`9d@w>Yl_G9gCl7q zEF`11*W?>|U+z4X0(oQy?El`77l2kpvBr%ub0NZ74=cw8c{G)YJ zg6vw_(=-U`2oG>YjgNP2X+{M0)%A0+cNQn@W9_$>BpRbDu6>~)ueVsY?d+Oq>GIF} znl$<5`(}OYiS8rWumZg5KRYl)Py5dU74A@bVvT>jZ=3lRYE4c2Ha>4i^yUZ0&uOFm zMN40SQ+U8bDx9Z7{}ib6rxfi1BLf+aDa;>!Jiojlb~q>lf|s<*M5=Ff`{*{6Ipi{L zK9R7=|L!9^5p~skb%8D7_=3OJRh$U#xEx%Ru)FHE^$hT3!~T_+63O|t{Q=(XGv%kr zz9tjL9e*HRO3Ew6?%qK+kSHL|7ht=eb2(fUJd&?;OcM=Ngw}tYf6PQ}A(zs&6^kM% ziCWA3ZS+w!iU7l{92}f%v({h%+F-a7dq5YM*)JIdDhKyC4|3e8!h8~r1oFEv<$*v> zGVxQao_SqrlZ$X~oWLnbKkEteyOiC-PX_xM_r*WvNb_U?^>ODvIldW_LqJULvvhm-)ncCW*ySE0g>k0%864W}Qlg z&$$aZ_BlwQTGn8_fRALBL3DqixMFn$2b-A?c+ytK+^e~j*QsMM+sUxvY>Ux#Wm5wh zJ~8s1wg64j1CDX7H0#`yO^!_?7p;;(9r^8)%QXdihr$Og;4#1Xj?GoMvU~LTM}8%< z#j{FVY%zhF{>vG{z2s;6w3mNqM=oc)Mjw46>@NPf+eUfzJ;sYQ$Q3`oD)*cb=b`Tw zw-IzgZT5*n(ZUqjC-2Nm!o9R=A2-B&lR9j#n3=>*cyhKO+mMyye8POfgIJ51mYRqz z{bm}Gmz;n+HHvljmnzMGxYzmToDZVmmXdoiqcrSZLvV?BGsIfxz|~Ch3Bt7rOd91L zo9j+IQgigxP_RAb*Rr0YZOW3{_j09Zc=?Q^=3b7)CVh!b?%0IFgz%L~PQitA(_TDl zI$?#bL*eg_-Yh?^qMX&MjnB^EXU)7y1K;K;;gJkyVhFCslrn1X8{{2p{HhWUYW1NKCr=YcZ65QkZ1?qWnRm#{f;WNks~GFW z5sO}8c(SlM=>p-y!j>}@1wF{sXjgcs!R)tSbZYDyt{l)_ZQI~&yd}m3dJANN*2HLb z=4C~3j62?m#Ei`_f8I8N2bzSNkD30fc@P+1vz0va^8@LXfmzJ{G7tWln6}CEb_sd6@RhKWG^j;l!6_c_StOEqfcCAQd9o6P= zIBZ*NzW&vK-_sm)n|YgD_@v063$7#@#d@^T$|?#IR-K@E9q69bM5@|0&@bkB7p$h6z2%0f@TYCT3^0 z#;3g1Y>;>&w7^jIKKB=6xcSs&nb;RN*zLZK>}tvyDlx#?fnRc`$pp0i2u!NiM?fJc z8)p&|5=F;c6JjOhD@tU@OMc+ULs}Q4$L2L71d#W_;RFxElN{Uqo-ne{@VN#*@5J6S z><3Qu*SzzKsu^__5=V7lV|)>gu!x|4w>ya3l?F{#Mph`jU`C1dfoRS3@{}^l#4ntw zc$uFo@3c;_5JL_*oa3OXz?$H#-{96B-Y1i~<+i$-F8DQ$t@nG`g|0;H0y=JW|G zXqF+9QH}iC1d8&~lw8uJ`>P&&)BMQ^ZwwkazN3Pq>Gp);+1+Ph_FIyfw4J#^ZH<=fCwk|klqiL zb)-_7Uxb^x4|9Q0`WDs9-t48UV);#Deyl{{T)Ka2%gz-% zFtW6skDCgNxCi?Vsuq4cRVIccWjBktDUNGi;|BZtBgbQK`fjB+r^#;SEqhBkR5TpP zh9kXS;RB4re6mdsw~7LSJDQe3&FAD3imvqG1d-dp#p#60EF|B)&pMQevO;wCd82tf zYwSbv|FoGz74&(g#hx)E`vkQaQjQzAKfeAHf?gUagon82)J9C4%_Q-k7r*uX1XJb? zZ(bgdFkytuL>~T48@dzf{fUh4O1IZXn3_nDVRbOiy^y76QF=!)zkCp@T|yS|N%Kdu zAc%0510$F?d#a6fp?z59EK%4L%U*2375eW)0~8GM!xKmRY>ndGy2 zW}~Oy=p-mj*E8whtnC1%nz;&@W++?j_B09SGP~NBka1nA$#AdKPI_BGJ9P{B$0AFX zPF8JC(Qom+S_@1Tlh?-@z)60veAa^9k>SZkSS#kOGc7t+GlmoF|Ijmpq*b@*gi5=9 zI4nigCK460vyXj4$@q;e9_vp8&$ZnZ<5o4_Pdg8+UmsVB|MJ8U1kW*!m{KoTGr*sz zDRiCZAZ*LvmMq9|zwFfR;H0Smj}FSSH&PFmLzl&Sf_?`p${kh>RngQO>(vGAc;;quBtChYf0CU^-`)|#{9G@Q?nbdm)cQu^iI`CO7*~kJ z8Rz?JyApWtNrmR)clHsYD8+%WYiUIeYA2s@ew8#%bFO2 z_Ocu0`eTHujp%t`XIj3pR}8pmcUIwHNt{~xL)(-?&Z6>%+%{=qdNFC%S#>^A4j@7| zA^vO!f#5-h?zClzfujPWIrbF5dUoN11GVlo-lRcS`>%m9jo2Ugq+ptQM`}5-c)wC; zP~r>07R*^V7R&?hS!P+npP$JM`1W1)eNfFHhE{601yU7c7!uU!SD-5^hCpy$D2XIa z#>rmcBiH5SadU71Yu{s^LbAXG`TMp8p)3LmADn3%X?qTlDC%LW#v{XqAIA&+u6iX2 zZGn)#{F-l>_LRZFi)RaOKELdc6Eks2!QH07hR2+Qn}*jgk$`!W_b=KsVvT5PHK~Y- z13{bZm&`@kB2^Qn;Nj6YF014DH)R=wQtwG`q6}NHP6t0fBdhEh!w}Xo&MYJyj=shR z4@7@crWQb~!!@bHDqqNTDb30h3-mj-2ZgH}Ug=YQgS;g>gxFr#6>a@aMEiH8@7pqk z1Gl;vsE(ftz*}^uEhfVYK$d4@jZHwCcWgYJw0}bT*vZzn%k9Y zt5WS0$0a;0)z0l|=WE#3wBl^tJSGcp%GoRMs&CtCuu?2ih~@lJz2R?-b}B039ywHl z)kdQji55a`j;&?7no1EroHmB9k%p}Z4ComQ)zNQo0N~4nvuDZbdy$uEIotF5B0vn0 zy9WGW#IU@r80tcASb*T$X_cHW&V?X5^b*JooZp%-t<^iI8PL2^6Y9N}+8w`a{G<1( z#xv_U^^BTY&K8H0lIF6@4Q$(cb>WaJ-Q!y#%LRSOD}7^K=ys)$PzgLKk)vF_0LY)b zNflc!JOb+VNY1`cS;3BkBbVn{U73r1ygDT93u=cqC+vgTjD`6lhN|vOVCIoyu zQ7k4`>^V(*Z15SJBPxMzAvee!(X+GqS!)3z)CTH&)7Hm8NQFK!u*nD;=(mK~6fc1( zeTD0ZNS8#zI1uLd9Zv7b-4_puPXDWdtnH*7Aim!=ZDjwGrT`x3Dz_D++rg5 zU_y;n8CbxQdpr<9`ttPeRcG}5tZ9v|^r^x;9P;!_t8B#lv#g|$<5WZf{?P>%jmNlE z&~|}`bz5=7>bcrGyCHX$ajuYnmjcza;!*n-dZkw%mv6DpJoxbH)x=Z`Q~LG_<@N1gDxj=)DWY=`dv+C>N&_)w9vv#yx;A zM&1Nsy@Gi{(C;zzzkaF$$dn_H8RF!q?G20Bt6d68t{gz{`oTN*5+7DSx-V8zdsZ9= z?2PvgosMDm$Xe0{DbQPBNmkO-CBV9$?UtSbIg z<}B>TKHbe?w%UH2dql8_J;F)C6`g=y;muRX8l|O z{;f|!(ry+ok-z|o3NKz0_*AD%(hkzX)pKDiakop1{Gn&@4_cX9`!+thK{_F3NDfoEf>6);`E=D#9}w*o5%nKAVEhOmryjGA1WewcN`U%_KKb}5-a^{G zpZR*Z^x@`NM|na&#Bb{S7TB(G-GBXX-*nY3H9H$H;K?H<8vtn@&M4kJ9yEF;=$GgS zPAOFNRm7BaKV>-QTf!I`clH>vuI?4JJTT(y++clr6 zAG7*Dfw`czeRyci7ET}#Q+5x4^G42`@1^Zbzd0!2x~0f_uyA{t)o!6H_P$(EC7#^N zqSs|_J=pp0D8Ju)IgtD^$MJKzM4Uc#n8k4cn9k6;jcv_uM@}UpKx$ zA-&=$Me4X-E}rza3COH}41b&x)Gsx8@BzHR0oVz4AVJjU9;p?BERp7o`JYtz^^V@Z zt*SwnprfkX!$rWiLj~ekyrwHlm@S>5$t!!Xo-+G;O{y?=f9ns@gD=bOL_YuJ+Af*i z!Npa`d~LM=XU+#GIR!~x6=%x?ZJ+JwD<9-vL3=q#_i*Jw?Flt zAG!++TFtOj2co}3B0dSaeUHtGa z6%4d--F`M3TL-mdiMoO{E24;cianEJ(dRI&aDwW*qnS78@-%c<~pr|m)+7u2lGc|N7WmKb$ynsdH##6 zRVD@Fo<uotCf#F8#9iHVB4ypqW*3A0To4cc=FfGqwb_7B zI)jIn`NBrY(TE93Kc7XncIt~O1c*U3%82%@MWu9VpWylByFc$eHJ@m3Z)Dme8qhIk zs{&+7{=NW+uyM5ej=|cKFL@ao>9tD5yT3BvdW_zV($nlDvyaZ)!`ExNZX^St;X-B^ zxPRq%RxFv`J$+<=1rlJW100?C>l`-**U z_2u#z07KoiA}C^c2Ty61`h2qEKEPe7g4F-opu4O&K{-&L#zEs5;%FqSF6zCOZYy_~ zZuZKr7O8ZsFh&t$;G08D zzxe&!UzdCGK@baZ(R(RA)2y$fpJq z1GlV3Z5_dJ>gjgwL0B?5A6P`nnIZ;F6;+RpFV9tss|?_D!w->EfguJZW8Ay z0&C+A7R9LjuBIju2*w%GE;EQ;FP8iJmSO7;KcyBw6%q1nxTuubz73D4Q2{{Z{HWjW5j-nfAXiHL zwN=^MBmV7XEUwKjPR-yu7e|C$m7r57uN=nzTa>)hZXm5YJJQtrTl_r+)JFLN2tIA) zS3?x!%)%h~6&_N@NFAOp;jSSxh@rmg_QL|KEUQ2}*)#sfPj<)uxz%?N;aDLH1@(;j z>JJ#b#gHPcPvcx|yBg<8Z@gdozslp_pa!yZwX6a>KG`wFDutDzpegE5sQH%I?Z-O! zK&B}D0V}Q_qLg(yQoPRX$GMw|_0p5HLGnGBpD|1Fzh(RC(f*RupWZGupR@f0Ml~Z1 zyAh%#YfH;9h6JTQ|9!pWj~1fI79;1%jY9qT+S~X}>-D_%Wc7Rjq!qVxTHYZfdRJZd zYMj3QTwyS9$1|#wR_Oq;b3A30SV4L686E<Z=f%jD(Xa)7d8;-XrfJ z5@LC({Yl#1@DCLLOWd59Auo0V4ChL28ih9ma!d*=XRve>uKwI_g4b&qzO~Jsg*^vC z@MD&PfTSJg_>Wu~m2kC`UE{|Iiht{9SbdW?U!<~2z2dAEZnqrWPm5B+_Zfv|JF|O< zj15e~L0a{R-4-c08MM0TTQz2O-Vu-q*@@{}cfFir?k4Gmfx|H-Puah6zYp&!sb6;s zUZyGdW24WST(KHOR78I$b;0Nl+0c%1^HM=XML-sj4nfRp!I!v;+b+Dh^mir= zZL_7uB$0uJfilDx?&1l^*i-03bm=9f-|OmH@4|4Lnq98C=6SFZkTs|Ue&_Jm2WJhh|V zKk_xP8f&{-P_(}a-qh|>CXDrYcUW?>#MhOz+6GLO;b1qU7&ddnbHup`r|Ay*lQuqM zD%{QbbX~n&jbnGZ=9p^J=ea-a=KU>`o-a42mQ6l750C~)_j*$9oynqwdIn!e(iG%$ z!|U%a*6P=qeR4i&+Lv!VwoS7KPqI>nyR=KabF^E~yhBxBlrxeFy8#PTWsDeLCQ(kx zAd8@4|5vFGbHHA{nts#3xxUh+ zX3(gg3r+b?YL)Z~4kGOBa9q9oef-jy-2q5kI@S6a;EKh1S+C0`fm2NP?L{T+m&u~i zj^u0W^&hT$oYqF{t@XL4zh?J_cl5U~U8oNypg`g8 z>P>{gId((HB>i{lF%QdN*2*H4ase;)v5?Mp_TjD4eGnm4Hf4`oCF$a{WHafh)Jg(H z?G?&zovhdM8!;V=_uFWz9DPZrx9xR+rIlrS2!X6Y*x08fVF#&L_y#XA@fU^avXNkH z>+fT_U_Dqm7HQFT81u1-d1K_G?030kc5Gd;iJ@3K`xPn{c3yEx8TERR-OR@lVAXIE-0k6~Ns2r6{mjm(fnbT!rMEL=W z9|Jiy^>%Ut=6jA2#(3M6-qGiAOm)|Mpc*7)6LQuVpi3g%o`7jcBbE(N$1Q{fB;K+w z_8@^?YyY2kJf&phLp2uKpk#pA*f-2x-I9DYz(>YE)9X`hQ_mw-b?pO_GE>N-@%A>% zcPKLhbSH?LTx&Sa>rV#MxqTjo6Rh(}Zk@JDg>AM9)Wc^%gkW3>ZfLUO(&0>Qybw-c zGwduCPM|g)gjj&-2t9Q%L*gu$Y%Bt6F52p!fFTj6Yux6;%Ly|TfLtF1 z?kw|OjWGX(DCr;7=0B4ZeFcvhr^Df-y8?x@XC;+j_Qqu`95i(quRkOF<-32t^XY-| zqh*C~Km3@fne$c3nZyt8qU_fXgK@kCukKQ1CXg>324pWufVSKB>pHGV9G!deeM5O+ zx_UEPQqscY;)XAX=(H1zl3-sN3@e1_yV*Ro5ASoRrV$xCRj59ka`8ycEHNQ|0Le3m z?AQUGaWMWVB2LQMySR3*);^CkA@@LAV07m<}E|ACqY;YW`(=rH`MHdU>{*$(T78;^ z$%x{%nQRb7zH>O-8PwIST2sz2YWwyLYI1x=G6Qew# zW?nVo+N7LhD%~^T!C6Hz3AgN7r+5f28i-~CC-S1^X1c4KD|p4tT|ktD{0(ZdkU2y* z)}j+T&SVXy^5bym+{l7Qtb6#*L?7`_N6yHtMVvL%DHdPo_q{hF3{HX*R0Qv1d=mzJ zmRT3;^o>_9nI~TB?JS?y&xnPeD?rk%7W=DYlT;pbobvdQl-%CP;H$_XdCyy0Ltr5+ zceYh^mdh)Cl@)x6AIJHm)rqziX1e^`52V#U>2@nH7yoyhn{Ni;+qa~>!Lj%(<<{-t zx>5P++lv25&R)@0@MY_vF+IcZmHdtZaaJVuOEMJ;KJ-qDMu}lOV{!DCFjdCT&oJ`3 z7L3Y^+WFVB|BZuiv&|Q?nt0ON9i4m>pa$uf8+FP0CTUR|!QnBB1u!%@)5N!+tOt^v zn+DARcps6OTx-_n64C}_33OBrN;$UE<0-)d<IjbaafdTDEx)PG~_jt4xPUiic1|%8g4*xcE%Z!Ry z?hy8lM+t;X@bwZ|Iw{u{o=mH`1|Gm;Mt#y+Vx4+@s~YYVLhJiip=2CWS%CWB%Nxt> zd+r{EIX z>v18MSy{vOjOXnd8-SqjS)4F-&F1L#6Q+PrSSdbhn#2((Bo`bL5mKnZnIYA8P^zJh zw+l=iFk<<(w9WN+$b*0nY;D5V;v^iXaZ-$Q|I8nD`n2Gq0{Z)gjKun@5#)s~CZGMy zTt$XeUuJ`Tg%CxyGk2RA%$Vc|{?=chgcO*o5{54j2TP5|4A(sH zE-?$B$u$;?skH&GkOoZf`0db&lXu}w4Ej@kKMEP4`hBe0kjh!BKVdJ-L+(R6O3{f~ z+591}!be!(|4K7xStYFf2Ub=u84cB!xRFK%30IH?)zR!53;rjj!X}ZeWovD$ERCrw z!%aDljk%=-iaaUAoQD8)QEDNy-!n!PbxfC{nl}o9YYTQnyh?on(ascL(tT_$y2w!2 z3ajFd>8~05cJu3U)xPCLo$B5@fI98iEa~O&-_myuu6c09_1xbqji4bllQb!l2=CD< zu=#Yhy9VRoP}Ys1or%IxN$bQCSTd@yE3nE$1}H*hOv*AjqlH-NHCu{9uURs|MRv70 zFZ{9Lwf5|%mOUhiC&3eUW)qsA97kWM!v0FxmuDR;tM~*Y_8`R1G@Vj3Bh3_z8m<)Z zn&A5Lpr167axj11$A>{w|4g&WR`8@~4xwZ2Dh) zPh-v-KPhmS1d*<6zj2fo{}l7!&z^37TEyg|EGx{m(=nB?PdlTM98$4 zI=*4vsP)JBT*HZJ)AJpErfQu@Q~&LrJ;7QVU{JYK)ir$#ur5qKGsiq1Z;@k^7e@aA z60XIcWMZ~CzORDg5sZ{-H#&}^u-_EEU3=n_mY!?0FYecz{`-7ss8S(ru6!f(0TbcM z;0j?Jl|k9?aTVm4Mc$lpNWj4Z*&eQ7SA3KClw1Y7O=kF! zKWyvJf`@U9-S0phCLT`^ceFv>R`YgH`5??ZBgF^|bDk!KGv1^pYf{2_c)DM^0QDp9 z2i=pG$tof@~5U!K=BcP zH`0SP{(URcX~g03?~fAfwHt(Q52{Odz2q^Oi%kM}DK zNyv>1-uQ`DlP-qVCA_VZ9Vx-Uy-HsjB4k|gG$`KhlV0Z6M;BTZaxN#=-8cHQDbDTV ziEgRZLZX3g^$dB4UK+tzst@OEtq>29+PE(!8-pe^)ByH?a5WPNfsQx>MKsWC6UnW{ zWiGzbN_Wg;{k(n2}TxZ8YhVx=#$bht1zb;ZA ztA9{r#~E=Iz6}N77>%7!F<0_CbyiYWPYX7$dCR7=dF)YQ1KM&#Havug`j!fU2$QMtWulT}Q$OR9jcOHE?Xhk8hkW z)2Z_DmU^5ItqOO{C6cW^)%fd?7XbXL6(1n1pI_$@=pAS;p~_wS!l*otpA{HF$4kxf zT+_T0AnI8}eSd3xRXV{z)oIcB?Z+rA`{M5!ZPNeIB@co(#Rrw@`SwJQW&0>k1qyfX z9HtcAxB1+{`E@nQ;fLH>nw2Ezlc(1J*B{G1)wG-#MsCDU>UIfr_Sez+@;ejasqQV(A?F93k80zA z-&*ulBQ+-)ItxP)-fuqJ`Sl`r?iQRs%PmZ;$O{ycVA-U6UFq-^vw`-Nb?}1*A1%BlX$hb zE#}wQ>!MDFQVrAJ>9d2EXw4b-9*&*I4g&(M%jv8*f^lQo=I66se6!E;DW0D>aQNyRSG2`I;&Nh zc3F9)fmoyS7|DLK;Cnk~m9L}bzHa{qrkdadU(Dz8*)O^_(;Fr57L#s$Nv~5P)Xsjw zn+Bf1!SvCFqk?7)sPbN+dS%?ulPLel4(x04sy~lh{gQbo0X?)mzEd=4_cffbJJ+RwxgM&;^}bWJ=<*W=bon#NFxU6m|II&ZWt7U%M9gcr*ErCbf{3I435d~7wPJzOoS1ug zP}G0j*GbN=bSqu%t+i2#YAcwS9sit^0=P6STnE2mh40Lh+!?1|+dujNEmqp4`1~3G zi2@6L%zX8Az}r`9Mw+h-}d-@Yh&q5<%zvqAiX|K1n_Wy}ByS*olH$^E z^G&}Wxr}T9lH&0YbGn0T8v=*`qQ@kAx?Yfszty~4&vDX1cJKOGbr#hXa$+DryadLA z|2@fl7;#pRAotZ5-)oi=6AwA9opJcK#ysewCQg!bb&io14cySmR5+R{mTl@B>1@d~G_mswyO8BIqWNX$H-zePMF*8*khV(|wp{-@D#>KJMwVCu6L;aU6{z0`hu z0_?-{)YP>Jzcx-_vC!F%6a_4P$rz1>G0~h4MJZO-10m47pP3Wu&kVaw*Njh#$^Ze1 z_rW3Aw$J5fK% z#bi!^hiA{7BHm$@qk~Z$ttZs_4L~F)H(bt4Hr^B5O7>BV*o zTb?4`)c3v|5y;n=@IZA`Q1MVBi6v=(voryV03U<@1Q9|ubI;~5gyvjUH%`=?!fR6LJlF_M^rgD&YNvFNj-ET9S8 zaK!@-O+D@kq)hv!ZDk!&fK{EbwFhXzwcIpfcZ;IBKjl2A&Ty>AqD4$_?7cyr z=$SVF3woJ~L<=NA#+r2N>lk4TtSTXhgue@W{$>oloyc$)tp*8@YYPb#_R`y;HUfa2 zwUIdIe1*U0OVI0C@5uw>*DEOXLVuE>&8t3%0gZ@rYm&FzLudXpiD$v>Y%;b;c+zJ7 zdcSLv{{2a58avkZ5EKY#`n`UBSX4R+;skUliw8`eVVRs(P6lboA`)l_S82oI#STUR zR9O7~v2^Y6O#T1g-Npi;bDh_B;Ci{_~$b&N=Vb`}KO>UVz)+em4lFTzSO{f98GUnH->kUbXJTlPU#nB9=XOcuoHs8%;H-#Kpl_Oga=@u!xhvr4E-)@La3c!KLOc);(KvUCf3 zv90{CA5G2#F6B5@&>$hk9;<9!dEqXJq78k15`s^B-Fg3BKko6W4blAo6O{tKh_=*utN;Upu62pzSqB70HC*eD^1ydxD-0;Eshi#kFc-f&TUDDZk?&;R z0cz7#2un$Ob%)({oyS;8RKs3Q=!7g%%SuFeZjw+sxv!dbqvd8p&Aj?$lUqUW>gSV} z|8@%c0@q~1vbS~E^{+;&dBb;DmuZzyTm}E1d{)THg1^FXb}UCk+(mdVtT!zhT*h@C z4uW&x_kYMf_>+X+t^0Ip3rlgm0_PvC>5-TcN3BS$wr~Qs^M$~^Q@PJa!Irsdf^g}K zOabZFMhT;d5!+(?2~b79s<0WQZll^gTYk}rkN;Y*bPjMH`soiC2%Cbv)v|8ei(wnq zd2e`Y_pe@e+d^XlXqiQ?t^QGnaZqOMxwEmZ>b7m|hI4?MJOGs$mkIxB{`lQjA&9i} zYmy6d$K@qxn8;&4=LXJj856;Y@c{?zoQ5jf6F6%!(}Tn4fxzMyLvQe+T>ICL7n)le zj53e{x44Y3?7jfPsIk|7{%=ENQGi9@x_{64D%AJab}Fu$)_&BbTnz(ipY{F?T`?>p zaaIn64#P<)O5H9IQ9#_(p9xal^fGe_oGjZHv^fp zS#;S$B{RJYb3#ozr>Ico)*-O`OB{gySC>1dcHJj(TNY1wzbeYI(pKF0I&8+CeY@>z zU~{Y3nI0x#TC>(>P#hEsOO2LIjZW4AmvOr-j;3RM#$CmP3AG{}!qWAHTS zOj{z`=1k`uHl$J0>rdiSI!B-pqOG{)9~TBL@EMoj_9{|iFLd3s)Vmnrb=+4i9B4`3 zKxjg)}-#nE|RYd3*K8E&YQVKh$q z_n{?Veq(Buu{-$m#)G^E*#pEbDlsycGz2tLJY`XJS0z5gj)D`!1I(}Q+T->eNUcm- z>p?R-Lg9A2RvWSKj3Crl9Q{X8Xl>Eo>fIp#u)1@$?x(w(83^9(=saSEh_ilqNL(p# zGBSWt3%Ggw0<$Mg^CU$g!~IIjL}Bgr8)h%Qog{|zkRv18K<~w$sf@>Go-PO@x45V& z)RAuXnekWa)e@Ib$yCUyn`srV8BgLHl~ifhY^#mNmq>fr5x|;#`Fx`7{E2>I+{NdK zy^A*DOyG+Crc3)ZY&9`0+BCN1ZOFnd{j1fDSR0F2`!Fl>Gz0J&lTTjcONttagVuAs= zh@#x>lW;BtXLn&gL6)a9K-xGvD>EKDdVEXgi!XK@^$1h%XgJVi*i++%WGU4*mbZTD z>EPvvL`eK>siT>dPrdGX!$oq@M}zGXrFR=`29a`liqGo zmjWahy?V*TB2==!*A?y$h=FWRt%teur*ofp$V&iBjj|`rkQ{&Yx4T7K{>FX3TG4;~ zxd2-F{m(mKhdHyikNk@qfbo98Vr)>bG>|bQ$`Q}Ub6a!$(0sG39W9m#F~EhXu)-hh_G)J>S;xEm4GOl5 ztsG3@(XRS*^NkqgTAQpZ2d9>;m<-QPH1(S*S=>w3$k&O7&=k3)NNYigGUe7J*> zjNg*yDfK;i&klW{-izGJLkkj=`sF@rl%4j|!zMW2OK1s*MRNP`H&=*{4%Av) zeyRlT++sxPb5~|O&z3K9*LP45n00UIpOId?XS*Wk&protQux`!Pzn5O+oga^Ki>27 zd~ap$cMhoRZo|KDFgQ!h>q%3TU1q@|<;+~q@F>TJIK0$!_WpLiigmQI(ToxI$?O-RD|9x1G^}oQx-iT*l4ZFeD>zCML47!MDDW8oR7lm* z=0#gIPw_FgRhUl(5+xab6W(&A6*z{@#VIU~gvG*quVfTwWmiXfRtd$B70!Qe(OFY$ z&5};xoKUYk`RpB>&wO&VUE|G!WS`!If8?d+i6;X`$eQVa+3xdaJfv3Tg6Ji|%=1d) zyeFR|FS-eQ>jJUO&o;p%3Eqi>`sD|;->(cN$roYyqTpNsu~GA(Q1GZe7wekQDE+WC z{QR^>5Bz9zNiDc>YUT;mhIXIP+Iey_BLJ%ba2ILzyq*&mqQm9I+lwa?-SuUb024Oj-LLx}2FE~Y zX1eo2FaJu;R}26nlh0=~#}}4R@lfFJjXKpa_Rd%_D^f0V6hP)PpSoQOFbzP~iLu9C z(CA55%oQ-8|5dYlJPNgSm6YACdk=T9cYY&jN=KR*wK}xmCQjd#_?X}g-tc(mcVVtT5AT-)A zYM{X+$`X9Bt${>(WW_2REz>^ZiKE{Fgq7j){MQPDf>=32hLna>VqBiY=w3~k0F8m3 zU5h-yxdpvq0kZ(RH0D8?!{D4C$i3ODYl&jT$-V9|zb*-W@uoj`oz`8OFHsG!a^5@o zTvG3t*dug_zxf{iSAOJAs>OF1^+VB@Xd|NuLadPAxY>S51(qza#qNDO2yxZNO7PK; z8Si!p9gPIrxXz%N2lhix#8{;mv&9F_QV80q!_k;^>dmR5RV%)K5G39{wEbjU^=A*^lJ0Er7g(d9v_VCmK;G zHnzwQ+3RWky$+PZuVje;#I}ldgy~REgtWq9R*D--MkSymR?3%24|({NM-!&1QiaGlNB#*@ko{Saz$DEXd&E1&1>Y$ zvPb%E3uUR-@bzztbr8?Cs#vkgj6c>)BE3DM9e@vDB&8mqC@no&W!({?6?`P^~S+qc9 z$G2%m;GBx%qD#1=?rQCl2cweZLf^a!{86gx0Ul8=9|suE;r8PVAAsLrIhrX=Zw;PA zb!byO=HzE=}%L&-C-tz5e#=en}SM`s0{nc=rEsomgm$IL@S&18+t1MA@EV5! z6ZV44@2PCO?i>+9<`YA;HhiBvLoHvqRkS}(7PHtoUa$a#*FMaXuVFSI@)Co%-{GKW zr@(u&Vd@e72N)X+(yp)r$)?!C( zdyMK`EYoqG*~|K#8Jec`XEnmgNRxLbw7uoboPCqmM^=rq6}^^T(vzX~ti7;Nc>9-D|7M}^!Y3bPJXIBD^LcGt@a}(|_uZQ2GgQ<~1N~gl$}n2i$(?0VLxi82<2~ ze$cMh{WUdyp^5^SVOcJhF&e=Iisb1^57~L0rI>*PnfO5~46PM4*O{j@O*m47#F1@K z*7;%>0=4}ZG->=sj3|>Rf9KZqQb)7i#4AO?cyKSkjTBkUbF`i z@x}wi9=WE#f$$MR#Mz7X$-+BG0IGV9I_n> zT67Fb{=9nG_w$&Q!lZFH9(V8yS6;fWgJnPe{i0A0-N4A=h9mAO1+8I!28(cneyfVvi;x? zmZ~s30f2J&svwRVJ-|WBCPc_Tq3i&Gl{7dH_=_f`>$OkipCWjCukpqUIcZW95c)E5 z#DCJ@N4c%xh&kI#_e*P#lZVdKc^+&LfnAdB$_wEEE4rQ=cv_rNobC2J6qBiH?!*J; zIYvu%MFQf z3ZUnPVio>kRG*YrV2|BiGEKbK)W@cstH`{*l-QZMJ4@Cr3VL4|;_?`cJ8xeIZmVRA)=K zqH}0Eqdu4E%Ezb5X#-_l-J;e1_0VQ_-UXLOT&S${B32ud07gaoawRDj zP0d{;HMDpfgKt<-Z@^#m=0ZGDzTil*JZ18Cz@;m&DHnfg8nlM>NVkfXmM->u;A6=)82!kEWm6X;&E|9jioa|t zB$D?VU%M9ntWZJPO~S@T`bsasTRAMcsv_LPDb?H%a#xf4!p)O|4d(DCs_EROJ(^cQ zG79N3Js%&v;Z}Umc3j3DTxg-7rux48wrsU70p>reiFg&10t5q{KZ;W{sY;btDHQ42 z7gHSOM3vsLOgFU6e;Lsmnn(>zr!Q1H-`{^>rXLV%u-YY(AMDl8)rhAK zEdyd;9|`&#cjeMuqDnUei3yutuv4KySu@1gE=HV-YF+jBZ2$-?O+|EpL65@Y;Fg7x zFA4hNaKs?kUJ1b)L*2VKLAC9UlSbm@MhL9J zI&~?x&dgST<$7iH=nBu!a*bEzU5^AnXtKc*JyU z`<}H)bw$KSm{d0%Oqh4pQK%Rw6S)B8ImC=!ZS^Re zt}N%W}7XXjD&3}QjX7ubVqjYz1(2hn%;->w=WqVU7r|PFy9T6D$tjv%3CT`X_-cjx z@@AzYHGMeLibOy&2!n?+nQst2uD(cbQA+UQZO%BaDVjJ3W z4ggFQ+=JTmY3o^hddL)m;L5_WUjKKkSfR{`xAej77J9?Wr3mqU#@6s4>yU`{d!G!T z9=59z7Yd|_9uBOOy0*V1AFleiyr3Sl2l+Q8oiYX7W&ANbC1%G(!(s|2F-B9;ETvu! zZ#8&^?PV(_dUVs^un@UK>1*;@N+L>(Ss*yX-a6#L{r*7mj}yUS=3hXDt41;Y@B5Fq zVA)Qy!P(Bnv>p|K#Q?uV`i|u=f!VWtV2BWe_QQmPpv%$j798(knJk$-kUY@Wi`qO7 ztT#^@@MTkW*^q4ECT-^Vkn$Cy4yT*~LD@F|w7f8(CL5gBO?gV~H3h;DXwzM4rip86 zuWkl@qbnk1VD4`etYqA?6yRmLkGyYm=~2A|?VK%LtiS&#|5jZzbnobvTjZJ2IgG+| z55gpC;HLh{{#l4iK_E;k`{Ei#|piw(j6uMKU*dACKTi?GOL3zBfOH5YJ`1~aof zGKOuMT4y#My3Du|Y4NVY!seInEKY#8+Mhvum!t_JrO z!o{IUMq70C=8Y102A7sI)1QGZTIgQu+-`C591^8E=TY8@_v5$9jiGXE4Lz|E$oa z_yjAT9fd2>U?dSth^*F+1)j?W3Osnzh8eG!5O^WI&P(N_GpyHB-V)6xcD1am1n=* z)rz0iUX_RF@n8fo5Vs7_3ZdG#LmSn3Yt(kuxWX;o{?rp8!PaMniF|tFeUb`>GN>(* zF2ULP8^Pb1uEJbSro54}WFyEAV2s`Go9t5s=Yv zD(|xn*(@cHecnE-Cu(#)^L0+B%U43kTc$Sk25Q=IG2FX>@&4W*O*36w1pfg*3DnX1 zmFQ;yEm#R&QhX+{$v3vCDtJA_V9jnhViCR^K~hW?-8p7fnbIp=W;7y9cK6zJXZyUv z_$`+w-5^bcE`7P@X@_h>B!4vtsU0pgJ1)o7pZ@GG;1R^_Dl!D;54BLyh-Nc@(52nR zMeJG`L7J7fUDJyTVfn6FF+psak-dsz)w*b&wpAlxqu&)4|TLxJR%V1v;H)uhs>2(Dy2L?0fC}eVw_TTea>OvmAha#orxlA82T@ z%&#rxDpw5fJTLbKPss8obUS!!^4UqC-&WpTv->)lDweE?@lNPClN?ed_jFYAs&2aO zeB$k4J&L7XT%TlVaqBZ_!M@sU6r)~#J~BWwfQ7dQ(t#+$o=CJEuf#pNuF9pLTt?Y7 zk&^IN?&g1t0M#cLhMxP~w1;E59HZasVCj{VLGmr`&v6_43}{1w&_7o*4;ox6bPCGt?;8u{Z@N#Z!Fp*bFCKw@ z@LlQ7RWdzr9*``R4`FB?46Cv~oiQgX2=2_Ix7jQ?9^AeZ+0MkWrV7*-`|`@3n~Nac zQ?8hs6^Xlz+9X}Kq>98HG}RltvJhceLOxO+h!%7~dGGfJEM8WmOg@^*UR$pr6v;rL?y41eD=WX|4gy(ZZ zs*4#w)$OHjH>q5fxzR@piC`X3tYs?Zb#5+)C%!DJSJduNTZ(9Q`ro-kNc^D`L^S$;HWKBe&H`+NrTu|xF@3*^i3+ULnNj2{CXZnrZ5tx=*_Wc{SDP0? zuMq1iBn+>qz|u9Mr}Z}dG5il8Pq~wI(U`{B=FqJa=j`~;V@K}9!fND;E*aZ|wd*4} zj9s-7KzCQ8_W;((V8-c9ol5RCSx&j{($e>22G}YzU);QxW4Dl!uDk%{PW+j(qz=B# z-IE?+%`l1tHy>~x-OoBbTm@w*aZa_iHJAuPm4*}`K~0oqjnn5it{_29AAk33Yl~(|-3N6462U7)ualOPo5^F#GLlsDu>=(EB5R?*twqlp zzP106047lF^0-5!yoGInrh8b4rQ5S<^y#w@+ihcrrbH#yE+;@)T zq=L2_qB>FB_^j`4E!sR9A~fwhrZNap2Ds7y5iQ#b4mZZr(Ge#UJaz z6-V41D$CeSZsh?1x*nkFy9Q4EvPiBB7Sj$Bf9CNUzB9V_8aM3VX2g>*B#^MoofKCA znP|Msp)J=j=Dm^o9s$s;5h0I-9SE%M97*c2QN?M_Ck4@ao#Svjeaw!O`J$YgZgBq8 zbj5yN;&6nyin;z?aqP2CJ3n%PlS)dAM@91v%L|$8KH+@o*$lc>?|(F&M@9;6Dc7*- zDB8W{|1B!fyb*5kq!bdDKUwRjSbJV*!OlF*N*i&a{+QVh2r*?f1d;gm2 zb41xAd#_UGGcE1{O(f(wSn`3GLea4Ea9Y$J?gB!NrJHd{xkWQg0LHK`j6fge07$R*8({oP=K0lDPXvB#y=t(hTuG%-2D z>-u;X-7nz16*K)OL+X#O89JNz9*7aeKKZCBL*HJ;JJ1AR0Zoo%hU%ZFOngBPmfeyc z5_+|Wl9`psK8kqr!^1#Sj!mXfD?Lb6>?vhSLqBEMm5FCEDAr{o*U&%YBOdwQl-#1A zTiYGpmxrWT1^0+Y1ZjKqZuQcx1hiP-dqRz@`cVK*g6mVelo|sgzTVJLcS`N56p~*wNf%Mf_*UjJD{l8;1l4S{i1S0&;@$EOxVbJoQBX(KUY~X36W$KU)1=u>*o&hy$8RaW z0!K#^H1+j1yXjr~kROV#?AHxG<$BqG^nU~5wBtrq{@U=&b8s{hID);mq%*m@f&h)l z$8M_sp%#B9od7k%cQVPP@(HCLB0V|t2ZyQKYWy~!g{aol^K<^FgIEo`HOw+9ocf&J zfcLMMep8n$$iH6gW%dx2Sa72v}4o-Ej=BNq`>;Y&*PRy*tXuocJ` zhU=_Zkz=yZ%%TYy?{b#7FkN|hQi;?I_IVmA*>H*z6>tfum|>vmDOC6o%3p*=G8*0p zu9>>w!leA1?`KnX_@hfgU5Mc+*FgWMYAlD)DAOt-huf*rF#I#F20SlQ0$O*eCMR+PpjifBn539u1 zo#R^b={}aDvS9nO^Y-8O-;5KVM?bt?=bDLkfB^FTTjyPe?1JWl?K%x#{!(bAs_XS3 zSmpr%3x2$IFUVmAkS^Us9J?@0JEH*&=w6AlgRI}aXvzHiY}-ew?)G(g?d5`?`6TbJ z))jd?=UmJG&Z;n~=o?BzMJoih70bFP31zvVzoa-g%RHFX5JZi{+6g_g9RXS)^v~({ zxi>Nl;ClRMt#?b2~={r+5DImNhKkRw8uPht6sdo{NbE3Th8XS2%ZAUaK2&OLgyJfiV}Hx_iHI zfQ9nJ`C~Yvfh{we*WiN57c`9KkD%J6jbx&QqQ%?Y>V{fL?IgtI#d%ii<~!t9Nd$oDiqxqRH&lOIku57YJNBE;z0-w zTGXMXN2jK$8Yr3$KdgB9J8-2&vU%S-r5+j^y_33B)_f;xba3&koV}la0{271xRjzpz~vVsHL+Dci7lWk^FF<;g)8WMAuzFZCWe*CQjOXKvKjB?6e%M zYUFWkV3=K(&G*4AOKXW#Q1UL6RS~*@KE{;c&rB*=W|Krc(W;93zu1`sHvlO zw&G|9lri9?pT)47I~6Yxz>ED zpSE|2v0VV55;TQ65#w96O+;(PqP1OuYV!DWrBv-NX2B=v?G}7wdEkk)ql5>*Ayi@F zB6@ql0auVu-YiBm?=ls27-fqQi{Y7+(PL{Ji9!`Q5rAS5%Xc!hF!V%&=>G`Kz__b0 zS->%47VFCTyW%y;smbRCU+(iem;YLfSP(&|On5EWXbK*8(NN64%su7-iUH;j)-?0O zazCP<%D8pyL8)nmMHtcD#7G4uqo5;L80^gZ2*iNC7b6Ph_?+7S%W)HBekxs#)`h3e z!5PkgURQ(jybV$7X$e8NU5S*e?@K7m2LwfKP^3`rvM(|iJ8s!lt8@9e&#D=f9{hOMRGyzGem#Nh+K33`tBQTbTdEpKs3>mVDzW= zXG|Yj;;bY7*eh*FPo9)}x8O*|lK^W*9rZB6k&i8Telg&_m>lbxiTs;Gx&HSEOFR;2 zX|=1g0e!&EJt)iTBzlJJw^9F;)oN&Ad!30gR%w?zRMMU`lhS;jGBb`SKPP&!-EL?? zM5gXnCDa{p8Q4&=6WqYO zpwhNl(o}q^=>@KzZfSCBYZP|XRbhH8>+`Xz4=Z3Q3+-k)e0USFdwiwPCAAz_4d&$Il3bniG4&ll^9a;Ob4?mMzB+Hj~DjNFG z$|6~{vkeXd$(k<)R=Az$;xFIh8}j!(e@6O!fgiv^b|4lCOU)J41v|uH=?1$$J;uLj zElLG_D*@{dKtMS)1~t0P-}6uj`FNzV-Lh=S4JMwb-njAk-e-jWwPL~8D0gKF>)ifD z!YczN$)KuE-4e=$1%J%R=P2JEUaHu^vNM56>sc4m@|W?bL|_!{`Djv7%%rl#(-qev!XbVIx<&oQq;Ff`PYq(d`O+pOyU-dKQK_Dm2yq$giN^qqP)4(jTfl#P|o-!n8K< zVZ<3-Aob%KReW0=@cRH6t1B$zftB~Rh8PjX7`uljxvhav;Y=5MDGC1q9|1u^1?4(z z%_Q>J{;u#`aD6!Wva({7gYT?oqW9T)V~&_<_&T->W5p_M>>tX^Yo6OhU_u9w#*W5h zcnO7<)j-b?TKjh-L05KXw;0?a4Bj;z5k&{)v`evuDa4ox3!|Dc>PH$m?PFPTS@Kuo zzeePzNWIJ&T3~*_9o#SH=4r;7BQLyhAv?6U^|}}XOy&2lVf=SYO>U{f1v=iO&tk7( z0_-i$Vz4b)7XZ<+#1zmKO_Z}~>V4+EES0TvH1UHp9POQwuRHFhxSi1CcX{+gcOax% zF(!~0ZM1BtTqNV=_UGhwrmk1Xpbf(SbJ){WzP!?aWARzsATUXyZstyaaJMS?Mwvr23Ax!QM!^)fq4y{?0kcbJFR?6Zy}fg6^= zmk6hkEG9#_-}-0wbiDCByW>LX2g&~J`W3M`05V&D2OO06?gS^~o#2KyMsL?V&X<=} zaYTpMlm=n-pz5}ZR9xVdru9E}eJ_uC3=R=C7Y3>R2WZ&0T`{l>31H^~hnp-bM-uti zd?Xv@mwO7tZ~VrRlwhd&3GIIPBmqb@QH05j=$-H=5p{Y3$&p# zQxI%SL^EkwSJU$y-4fvxg*BtRpdjG2AZVta%L~p<{G&oR>VHXZm+Vi>0q0rzqN(Y zaNG^Bt>E9^&TTEwW&yg#2Ep50T0&Hi-i+eyEV1vqN}(5SXvAnm-LUxjkoSnA%`9Z8nSyShjkt%WV222+4@9rW;?T- z^Ss&$7C9bSY&Ftb?SzEGO>*!jgk**Hg!Wpt3IgqjQZcqaFi{ZpD3)|KPU9$^m9K_y zM~)azLrn!u6F0sQ1~+OR(JtSE#sJ8uk)|ALXDD|XY(yLkESHQ5({z)7FLAaGLVVmG zPwCG5v^^U?&s9K8(@;!i0FeYYl1B@KUr)`)S9j4ZvpUsOAjL@s_Cin@m}4u<(swKI zci*Y{PbW0|7-_S6Y5d9KTUgs(OHwB}f6=gubf}wq2IOd|rD+!jM`GD+Ukt|qLsv^v z@P>!Q*hUd`;Be{3(pN$@P7IT$pVOg1<eh%i<~WTxEvyR27z|>5GGLctUTLw4>6|&>2{_YHbrnH+|s?Dw7cB)=^Ur zWR>A6N<7J|lqYSl#3szDCw0h7XEB`K&2qJ>2~(i5t*@UO__w@q^BMBC?&?Kri&ifn zT$Zxm8vg%p$_=X=@9I8kc67aE>VaalEVwdPz%(T0gPpH&GfP^LRAP^MxhHiBEskEL zc8=IfNKQ?8S+8k5D_n$6=C(z&&J}7L@Deo*I`#*@qx_#<4EAZ zNyUr`M*NLkRq+`!UOw6!(Q`T31Jd5_y!$?F_w6#U(xIq4tBNUgf$|_WO8&e{ zOq&l83HBF&TWAcW__t+uWRw=a;Q6kH(8jVM;+8dWZQpXmwrF^(-od9qm*}CUiO!4JY z;@V5yFXhtmsRb%S(f(=xu#%RyYH5b=A-`Yu-E9RPgeEX+^KjfBV74UQW?gOrJbp#- zV*xU7)cxmenDoe zn@v~(qgb*HpJ*BJEPrLG;@d^qN`R3zSCfa!M1|(jb#c;M8akaYR|Ve&7cEgWZop;x zMgAXsNY}{IJjFZkf`0Jdnmo#x&=UhalP(fR(~M7~DP9(vS5AHf<$88`23(j6z1X&L z6ZOL0(yGCzT)`4=sNb1gLCwD4=~g7Mp|ZB54@eDJq%7IoBemta$rn7^^&wwa-1l*U zyF;Oy7wf3Y`5Nd)n6T$s+j*}N744XFf{fw@z^XX|EK2)iUUm$N#)VbY=v$(@K!2VI zMSK5!X&rGoP2BYx%WT;{KL|pLuL3Gljo`+L;pTS^Z5_$KQo%1atSgSq$A8(HNxQ)0 z3UzYHq}1T{bj}cO^zH1UMA0-Y$ug~8TK%wigWQ*P3;YDF(Fi{=Ox^3JU?=K}s+;`_ zY#05h3*Xf&h7zQS3*xR?k%5|Z!|O|77~+Np(lmTK3%Bm_5O`)tV0QqITcmT$XVZ&T zE1nmsLx6Dx4+XR^u$X4m5#!h*>voqC5Xjhj?~XMwl+x(Ces)X*v#R&LUAOdL4vyj$ z8bQ2@DpEd-XLwec_`90Cp4j&Gn?**CN70(zkjs>7o=_K|i~pP-;E?$n`R%7RIPe!7Cs++`->jZJ9m;NOaF*?OuFyIr#2UF0sCN9LolY35;d=o*E5j zzajxZlB;;ut=#a~om*dVG8j$iw1M0ES5SNQ8D7s3fh)wZevd~eK=8a#H}&qHLlZ{^#E|l`MZ*VQJL&ewnKv|U=yBDbD>R6jJ+S28BU9Dps)b0J~_BN_KM;Ft0l{} zZCx5s`OwWY*h1UP*H*1*A@2bZD1vUh&jG^kY)e!@6##oQ&~|=guHt@riBpi)lWw&;Q$ZE4WHEUA2FjQC# zX;;A3eJJ}&7NX~{y6QUWkqi|8_ zuuME+`b{$aJh`nTVZex60y}AKN^^#p89H)>s4rFdR)?c+UU|Bqmrme$1L#O`J)fUc z!yOgNK=nMLtXjqoS62@=qNZ5?WBRP$95Q{$qtI<7sApR?((PEzR?Ra5|1!7aU;em{ zYRSd9=N==#dR>a=?XiUAIxGjU)vbd5Yg^I!qQTOAE$AuX9Y#Uf0FIYD*$M6KZ-rHiDg4Z@hu7#1U2;!cLEcU!^eBprV-x7`B$BIaf zM_bt=YQbN61B*xn-xi9T9^Z3Jv$xVZwPBwc^I`UHyvq)wYB89&zI07&Df|U);Xji8 zwl0z*V`@jDMlBYNx`S!>-Ux-bkmtMjKSm)HhWiQlJ)Ziq)orR40yIh zv`c^P5Kuqyp#FC}!})N5Tc#LWY2d;!v_l{d`*j~kmBm799xWO8Y>c=t_4 zOGB>jKXhAzRnE75(C5K;(;>3tpTDO+5Df<@?3OC5oB3;I=d-V(d8r3YForZQ?X}|5 z!CWTCpHH3NoDL3?jnUphAEWJJ%wRn(dlgbhv(L z@b|E4Xabz^{>)Sde-R?6V=k$Q$O({$U%jci>5l5eg}wBA%25onJXoO1f62+UG0#15 zbbc`c*xwZ~7W$WjV>Y!q0w?hbu*Bm_{O^&`wKaewa_0>)v(=hddjSTCD7b?GLt2rR z5a=C8R74yP*vM_#MzhPDm2IL^Ku?X|WyTj5VP|L#-#dgN2M^KK^XOeK^bfkfN^j#J zkr_#9JZR7im5`B%F=5ltkCl+oXr&H1rbai(+wks%`RI}X`BAiL`wfnLA+ijc4r*n@ zULMUbej&>7jy{Wa3QO;bItUB3=15sT63_1eUI%zM^+OE!3D0({B)$0G?>D)XS<+MY zrJbJmGI}M$INh*{3g#7H3_#qxLV&vUCzh{b%*L>tZ8$%Bb z`22la-;#5(Qygd`J%(2Hfp}e|4T6_XYXoTmz@b;CX``6PZ?lIRKwp;`!2$)1ukxHn zfL0oeteH86H6ShxUV-D<$@|8pJV0^)^yFVAW0raE!K3l~3aJ)8p|m2HlHP^=c8SAH zOXHvzkTA~=P}4lpLt~>>q#s!gWtEXR@^2`~_c>AT zt@>Nb@(X=*@$WvmikRwkD&<%v%eh@uNm`(^P@4b$&?(3G8+sKeSoGYPYr?*r6pf3l zFeyJLOa+bq9LX2AkHXK6>WF7v`kOo22Pu{LLQqMzWiP|Bd!HzwZ=L2cqVwl4bESLs z)&a~gnVx#W^&`v4FJMgH_mz#|70*pEGl35BYs&@;iH_Y=HVs}c8lbENjp>2n7b7xh z{QWe|V?kVH2?iQ2as(NT6y3AKzvcnoE|c-n?m}`YA^e$27-(kkPd))`(cG!l0%a2!ak~4vQ@k(@erW$a2YNNq>3l* z6*3)*hUZZZ&)6Y@#^qYo?!4sx#Pkd^(dr__75yr$O;iAs9S;Y5d3PBLuU#&W^SJTS zfzQnGPf(Wv+jctOAJCf#OB?+~zJ+cl;bwJ#m=Y_B#2mf!uK}-RQs-sNDkNT0ezn1+ zpSIoedMP3Zo&ppyHqZ2@gotVD^yySKogVIPe<@<8pDS;v0U#=zeo^Rz1*O{j1bmF+ zT5XZq+r2XOR(2#Kua}?g^E7l$ zMb8KunOIU93YIj|K_9;swfgrkWk;q{YSJjxsvdA{WX9KyH8LLrH{MVcxEenU!=^lT zg_x=c$C$)pMY=vbkT3GP@L3UxGb#=NMmG)4tszrI;73V!_WDL%cDk6U@!(nNVf4ja zf2RYB>3XapZpGXL-yS)Ta?qLF>G{SW8Ij=t_&BMK=eT-hE^LW^VQJvB?>kJ&zO2PT zg;um32Cv)#|J9v(ICfFKJd=GOx^);IRw=DcB6|o_r!V{kN_A-iuw%#GD$XcstBoPU z4G_sWTC-dLh1j&@>?aD4^Mi*P%uR|-|MfDM^K{g9a0#Y{?Z3}EzQ;h-&toDUTH53So=^bC4Ej<4*l5hSL@JY z@rGEovgL@>;x7&`4b(r^CMh)XivI1#?dR(7Kw!0a!gYL43!(n+wfj1uS3ZjPEcs*+ z5#>IN=@|h3yH%YEeAz>;yzs9vO&IZv(WBhreuiJEaId=Qfd1t}m<;U;Y=%uu2a1dy zSxyS5tVg8P2HG z-+9T--mU8ArEofFq;Bf|`1B@*afe-m#dPFqq=d|o6(5tfBJLDjf$sm~?ybY3?7sd{ znxR1{=`cV<8U(4Kl@39W1`!4aM7m1>X#}NPN)QZMx}{TaNNJ>`V~Dc{pKmT!v5u%kMkJ|D(aw8bXEH%t(qh|@oX;UNwVK4@%KWW9v~M7n72v(P5o_C`hgVAdSN zn3(SSW^9f-F(`ggwJBYhquV}dRf{9v6#pF3<1%h-G+Kp9NVUFQBoqwhk(`hRHxTlM zO)-*VRB4^f?X6J}VyNn4Pv-Wjh#4IQlFgdoy>K4-_i;{^gH`J&2nXJX8u`ti4d4OTse=bEP6y1M)`c5K7)s7Pkcp%|HJTt`Tbh&h*+(U!jxPn>S6Cx3+HWAI zLlwq>CgS2JD73YpPMqM$(9mou@pm_y4?Ggo7`EuJHy4LgO(gJ7XK`;;i!zxUbFGT`gpo)Coh4(RsHi+#NX38G}l-N<&TJteZdEl4< zn5AM)_a2DMaEig{iY<&wXv3wFhNt62jGI zJ^L<4bX1YB;`s-dQMxj+lA;<+&3z*GOf-xKxlMtGYOc=@F*n&qWmx^1_{X-#>=XB@ zkmI%ZgglrKLg`~PGBcm4XVc=)%UfcgaSi~ECQ5)Ci1j!^ESu{slPDJ~PY5E!d|8c- zl8FUlXJ3(NFG`V1x!$xZGN_h0AjRfgGo@7`!;MFmh$e}OuF%1}SX<3;%{Z_x19HGDE7p@E*_XS+?9BP4(oSrN<-t zp!0=}ppMt!KvzytIZHfbF&Jb^D2^3PFqo8Z5#fC;QG6c9%SNhu6vkR;tisgnb!_ON z=ud9>So!4DZHsPe7cpi_E(9=MQyd9AcbEd4t-421-V+LO5gM&xokMA0_f3pFwN6C?O&}Q zl_8OdInCG6L&Wox6WjB%>)nY!*E+j>4_og@0>1tLq{JhS3%VZ`QrxqvY*9twtP`J3 zZwR4MQ(&YaC61p82Ai8KcbD2X<$eM^JkpAdL8KcxrMH;^yJ?}S-z~R_v-U@!ly?6T z7bTK&*>o&zrYVYYwBKt0zR)%7Pn({;?J+wQ~wH zO?{hq?;x3>Ne;r}3ENPq>=Bjg&012_7@-9g#k`r7R>%huNL}v`gumdY>P5O1e(7}= zX# zDtL?n!NvF@aXcUaZ%@>a^^xm&E-$tj)dlXZ5+`DNgg%`XL%-j!T)Rb%&T`v6aQ7u^ zx%r8=Tc$DTQTO_h3O+U7?F*cBhuo_78Q6GDeVLMa(pwb{gf9}gMk-A8RK3|IclG2_ zxWaTw27NXJlT(pa7&LI8Gjf^ zED4~Uf>jonI11U*E4v%fz;jN`DdywQd=aa-$|^fS12P~ zmFzvZ*dD+#AmprQm#8o5GBI6|ym(7;TW~ssFqGT{4E2unlX2VSHt6Fp+z2i%_@TJC z$j8{%cq4$8dWRCt}PSdISjqDFs0JPIUv+@u<;JT26x} zxm$IXBoxD?%i3^&&U0J6>uX@`Yk=w^op8K6Dl~U}J3D8KO!Ir>aPL4$6!9`P(%gDAiIJproeXpnzSx34z_nUEY}i%E zd&G1$#Y52_f0~Jq5RaDu{z`Njl!*Wj%2O=^p}rs+=@z~1-_$Fy=O;Vg ze$-KW)bRq<_j5WqzV_0siS*$)rk7CDvAEY&x3m~87GgclrRr=pk|UK#3}T95pl9xc zWHYhU-A}j}(3LVuaIzHD2*I0BjUY!T3W;?G#Gbn-_g%GD!KWuuyY#7Kl<|prgqs$P zSY0U!5@&rK+<$|gE_u+*(m~H46b0<48R3QBN4}~GZY$?Yiag<0zXKTHrMyR-4x&mO z=ePDy^Ny^vww4X|Dqq}RTJ;)94-~|ucQFPvMhMq=J!ZZ^s?HM&C$?B=_Nk%1zbaQj;aoq8Kv+ zFeX7gOZ~Ze7CH2KJHT(-pVyzITyAA>e^_~e+?S`(DpOt_D=1x5Aym@NzwRyQ;~l?o z)xS9b!cbJT*-n0u7Y2aC9L~Q3y)t5&i^9dWT>B4*ZwGX~hmWbEYt9DH+AOZKpB>E7 zRn%SCKs9z7*`i~2HLgoI8HDG4-vYQH9*hsRy6dW>Le`Pyy5R`ugH%jr-#;8c)p=BHXK^X- zJu$vI-fHtsRwR4ERz*hUb1=}0{M#{Uf!OHGnUIM|f=CECd&+qxxwN?K?WN;OlIFM5 z^&%B~?&1XBkBq|&+7Mb7(+HO2Cc*D$t(bPjXyO2|3%?RM<`c=(DQ=q^a=`3#h(@ET za8c--tUDJ?Vz9PUO=)gC1~tzBnHG73xOtlMx^M#pKoFMOLY*e$$qPAj1)gi4NhmF` z8QUY)Y1a;<)U0RfS_I{locki_AY=3hP^|bi@JF-~SeEWrS4D)IIN-Y<%`m2}WnN)n z>Bj*k_It0HpCKid?kA>2>;QI1ryPVyj!*_%;Z1SNJPLx4cc9r_y3rYf8$gCNUvCWh ziXo&DLqa$;{p(^4LFjInJe{$%+ex>e(^2x5?R^X{a*cZKIW(Hhr-}l!(gAl10r}iB z9bLdEV2|cVCK70X?6S>13a%pIW9r!h1s$77wkuUdro@qr&6ArO+*!mXpdM20@zLlV zoi`4UkSY>;w1Fuwf6toOdno_8u;fJ9XyM0fq|BpQVVlrS2Tj0taG(&AebJsRxj-f$ zgm@U4LJ)N03rqp+l6Gn&&xtUaY67r>{ADDAHW#>Y%JDW(&_yqnoWT)n z&<;K5HsZ$vsVBv?@_@vjK_Ki9JeWTVkVomlvD~rzcyuoMj<>q?kU_G2-kxJ3#y__u z8MSN40rW&Q6co6Ux6F_VWlzg#8RcRHnGk-DUEmQl1RkIuxa7E7xkT+deP(z-7U0Atk&x*0f%N= zi-KLKFRDsqiKmF?#R}e)q_>YhEFJGn)_$3L%B7@<4^Z>g1W=qLNQ2ccym;sF@y>8g zUC5Ffi&`d=x9h1LRydYd91d1sx}Fc{-QP@^aCh~_N+Toxtc4R8N?u29%#W5yA1A+s za%|CA8gKDnQ)Bz^)X~LUQzb=Ra%MAa)M1h+L0N>d-9Vf3c-106NT`2vwvlTnj^e}w zp@ND-ZibH6tZ~$y!Dn|m*L(3GX=F6(z9FRKdka)1fcy10jM+>Om?PUf!F`neg-hY= zb(PVWynabNo{h8a>Oaz#FERLjR2xgFfv_kRM92J0P;KgSv z=EHi?AS$LLzW1dkyY@(RN)D~{kt)VbjM~LZ&vAp(A;gM97)=nu8GAfE9_)-^h?t@2 z4ff>==qyDW3^uPF0YtG-APQ>Y+$m@!dglrvMuh0bGgT!qh4KpsA+? zWQPnjwnG(yX&pep3brHL2HLB*9@h?S*6=P!7t7}qa$_w*c&Sy4VV3vIF zwhh^a>6+|RkG#>8YJo(TQy&M<)8o99- z1vXKDz}P`pp&*@p!xKQ}k0(8DXSW&z*MIa5z0j@{_q8t%L72aktrf`NW{Ge7QCoAajBuGN+}WX* zQqA}=S+Px@+;C+)Fr4)q3ys?`xvFm?r4-1$#v>ozn(GTjfxK~T0e#&vf!v5w&?GW8 zDFwE>1Zb$($mNDU6XCU;sTG=ItQx6c+-elyd2SF?#NAoqIz3nq-)&L-TkolS%;Tdus z113OsS5DA-8HHVC1iTi2?H8Hl&z!s6kk+fhtq?)x=GTk)q%OiZ0z;zl2HDdSm!q%= zGXNvz7YdQYdJ?L}#CEL<4dhu;Tagesu8#n_dOGC#?d-axoYa>AF${K1QC7uha%h@( zt3U;J5g2~=+a5y&URk?%P9Tc`erXoOOkcRyGv9h&5<7J_Z4#odUL3mv^tuOE&%xr6 z?1a2~C^5L~Ng^@9i6nVXxBC1Z?_N-KMiqiNs0#m3 zlS>DvzAN?!^KtN@&jdsmx_agEP_I-B8*RsKfOL$S%dl0t)vbu_Ve?QnBHAN?>E$K0 zi{C#MGSZzRJjZm7^qi>S@lH_=({_tGeyWP^*GmAVZ$1{4o=6RN4oVK}y87f9$LT!2 zL)mXMk-Kb!7>!k}+~-ov#04;(#r$)m_1R~dMgb*@n;dMV1AW0&!TM{cra1fEFAszs z>~6kC0rz&vuDcs;eNy#c0UfHuRP-%v$K3dB>zm!iv))HN*4F?>J>UcPvc9Jc1lJW- zQ-DLhH-j$03K6POjr#B}y!skJP+}8fyH#bx?q)>UK8r zC_(RnHm*HZcO>`hsNaj?{~1FiwAzq9$UfZ^IM8M zqpS>$Iv;K%AxpRGe^(FqPFwlF?qlZ2K!v$hsa!>0@#eV5Z?MvhoCnn!R;xXT@zW}9z;wP;P0g8+Ra?;L~|>2F*+NQ0^r0GgneGo zmj{9(Sj}$KbbCc?FB_4gWB@SS;@)B4q)TJay@;M2(X2n^`dB>s{iOv~XY&}eAW< z@L2_3%L1rS2&@AyIt|vDE#kF?VL!ZRol|NQ6%?c}+{;87k4A)Xrp4n0N-zYUmuQX_ zDWE1OSds=Q`JiqO!LKtx51sZCB5zd(bRYcqqNM+sKPzLQ{KhBjY&l?z!x9bn%y~fd zvu}OK)~=I#?*v0q0R8DegxU-kSEav|xqPU2_Szt&*gw73I1>7uQOM(C?T{$JhYqau>3Vk$Zq>DgA=R&xKePKMp6W4HSBf1P3Y zpZ5BH?+gLWQ1pt@)#NZ{)xBAA91ISlG62W74GYi=^=m8mA03)Mp+5yPy5lE(CQDHzyuqN3V|tZ8cqERbSOS(_ zL$v89NRt&Q%IS}GK0t6-<8G<|oEqz$_b6}X^ij&ojdP>-ZvU0Qu13;gkvm#vSSE7G zudfl*9)Iv6SS5Y>RhI@U^WktYp`T^6qn_60vG6CSx9hH47Psy-i6}2u1+Q{m`U@eC za%v+u&4-d8@0PCmEsIiP1?9yAq(iymN@%d`u9u3vplEfVS(SQd%l=ne-o+BfhPjjy=Bb-ciBTe|VVZt*Df_&Eup*tb@ulOTJL_w%AW) ztdm?|0HtWFwTDxf$2}gJO;2CEbIYO+@zXuVH&^vI`Yisy4TQXq?)^g~@=S@hu_>97 z%0Q`x@axGR;!>Efi+)hD!jkz~X+iqi5{px*k~(@i2v&s25iSk&6^8aA#Pm-W2Y$s9_*&-g?i*m?~uH+3>b)_(2>rN^|t3htUfQS+%tu4+&yk z3gcdJJX2a-n@DtS{Cv;ui%q*P{>ok|+$^>t4V5xn>3X)%%Km+U5avwXSPG8$zXA;*)(w293=iwcGV1>Yn#Co`<3nWJhGoLLE%dpZPvl%Uu)7H3(8Cs<4b*kWc1iEA<|AJJ>wn&*|`jNrp~9Rwr9N-*JPIDHe2lYA z-J5HA*B$nRrsViNqQ=kTLet^XPrL)sVd~8h%1s3E@yCnBw?bwG||H`F_ za{6%+E~?wcB#Untu)mUuebG(H;Kv?=V(+@tXjd61er%-9T1;MN{A|{{0MPEl@itBn zZcU(nc}v1=z>H8blueQpN6Pi|$;eB~2c#v(yzMpZvCn$ilwU%zkA@7n>d{PStpobf z9Q{X55W<4&V5Z(*v&1a+clEZAzWeFI!6l7u_9R!|wr-V7uj(P_Ti9f6m3;5wXqtj0 zh!kpjFv=9`-XkfEA8v?z*3+It61?Ezz5SkRZzvaglbc#Cl=Q-VBO<-a**8s(t%WXx z?iL7}_ZgS)w&1!kc;+_fasW0UH#R${f+SG|2JT=nZo2}l zQvw(RioN=Lj66t6wEfvJZ!V;Urf)uNCumsl15k1~t>Q&5iliqJ!S%gBgR${FfA!s= zwELS29qL4+I1NnxK07Ay2zUP*CvykUjp7$}g`-JF@BG1{;d*Q+S5K*(IgaLULN)L9 z5Om(>TB(AF=0>LOZOaLRx%L4iXA7ZGZ|Z&#T_%uAb+ZLs)>(@(Z>HM+Gi$hJfqX@( zDWeQoRVneoVg$5$aci}0*e=FX;9)$p}`YW%3q7N9oBmW#?SnPNBxTavA;37dK$gf6HfQd*o?&_s>&@X z&ZiR|y5vu%N{VlWnqaTe*nOB%!%I!1%Ex`S%FaHivzyJerwaGXq!ObkCE1)f60i%k zx5t$GqLa@V&6qhhWo!^wO`?4hR}Ef^W4D5Hfg2bf=|32s9}&VTcQ914J}zT3&2UMW z+{LX8kIs8_07kXh z;CTJ_UJS5XE{12J17$>ck5r=Av6(r><$C@$g5iqaJ9EE9F#TfX>sYc=rEbX9Mc>Wr z4tNw*q5WSGP3BeNBUZCDSrFq6OO3f3x2m4zo+=?@nwKO0a$kQNx`e2{`JNf00Xu2R z4d2NwW%zw0);6ulam1DtlOSP*a`cr*P$AWs^P=kkd&-y`oZE;CtfGHq_iVCng1#n9C; zDG-JH2nKO3VBPdOZ2I9c4Ww(om10r5DWpb~2fuR8${$hj^xwe|Ab)A?bonp*fHk5r$o~~i^K!tjIWA(9*kd|IA)HvE1ap(`{hne$oxytb z_|GI)$0QA2l_o2^B7!YY{vlBQknxj6{~uXO9rk2R#&4l&+o9%9PE-8*c+bD07+vrG zkL-@g-#8?Kam+{xl@t*92~+w&aq1hz-y3=3q2lKywVxcsnV6h$xFu=H{TC?7S@Y;4 zIn=QMPwxCq2!e0_`%h3$nNtFq{gyca)K|wN$|x<+xSe+pjYi@Kme{anA86xfT_21peP2!1vWzj%U z09vaYUqbC8Tl&ra*#-Sar)3D{mV}tw<R|0)w za4|%Bbw3^TkcBMVK<(ZjLJp9T#X#!cNih_|zC@9YMVAiNN`iWbp98k+hsgLWh?=sx zbnf4JodujlQ174VCk4YnM^PyL@~`X=+(e-ym{<9i788$&Vkz^4U*Qc6 za7_T#+{T~x3nKdpq}@?MX{Et&_aB*A0bIPG*mdC5FYsL?$Z?-Z->qMv47fZ-3A|GD zuN<_X@aa-D7HIDT@BbY8D^H-5!T;=uANrT_R}LK1*?>d&koF6Q^8b(wm`6e%bww2Z zNbdHFlOWqj@?rjbH75hFfpVfKKGWQPR>I66Y&BnUg%72>3{}0Q zw~_*rM?~klafL`G%-829YD@Dq>^ZwNyLGxpW5wn==VSb@!wPG@eLUuK2WIMTzi}pW z)(h3P|D)_%y#Dfs{RcXv7G^hX0KU4MG{+wpsmMUvEY1 zK|PZ@dDpEvlu2yGk5ag{dybYgIV>~(TBAyx5%KcOEavqBN{tua-Wwi2cP{L(^wWdV z{*7Wiqa`nckp5}3#qgCRL(Y_|C4>mqt>}S0V<3HqzcHw1bdBmuU)T;Qy-}jae+L%d z)D@Z|{5(y&SMIM3>kl0lN<5H17@T#RGn07aMETfO4*8EC*DAc%HUB9tZePgH(Xv%O@i6_Rl~&uD2N z)~n<+%qsAoh?R7H?_-)C>7Cohw~M?!-9%2tIsKgF|9w-^(PhuzWLm=XI_B_2%0Zpk zKR-(1v1flKEiV%}g~Y0Ud^MtCtNz$l>E=IC?(0LZQOwua>RE#Uu;_o>l^!!V=XZ!# z|G+?mIogmrx8VhX|0IHqc@$DFG-&gI!TGtQJ%T+|%NlI?e|L$h`%US;DQI)j5~*Ab zm|4lKpRn~w@QmAUT*>smvEDPS_6tYa#^gUGHd$GKx(jW4tjY1@YL=jO;@@*hB#3V= z7OtW33I0uhcIKj*-vDg=t&pu4w`BN1 zo~r)li<5+*dj63us|R-`KQjE9xH;+wgQv5`%IhF5>$KNZGw}?ar(~^Upmo-vKDi}4 z@Sh1yA1W_&LFEnU>&pBj#PSDH?9(alLZpe~)pYxa+TvOnz7I=LKT|j$s!};X$o{4P zfr9$6ob(>A73*UGSbvZ&f)`@O6xXaJ4cGX4lLGQRq5x8hg$Ao58?_F#vBuS^e+FnfSv^+b`hY;1 zsBvwLF{SAozAe2=B2F?VdwdR&OVPPCEdrmlki%OgNf5bmm&@PBQ{th4$;e^&)zAPY zqe*Cc#GTb0tJgo(*!9~7{W-OLN#&E+XV&b)Ty~&P;^eLmOykX<=r>#2YHtx+VQ=9G z;Z)g|VF+h4fH-5gyPu<=WI{W))hDg%)1ptk>!sv-w4+x9pc{kkvp?4)&mlUQe`;wM zGG|Gm={vVScJu*;y@vWvEBD?9@07YMA(sUpF5=!q(-n^yKd1;F2yW423SxYA=DZB` zx)w0*%@niVqb?U;ocD9PGysZ(kg``vMc1weYMr;tqSQ?qUZ6WppU;sv(LD{NiYJl) zg+mECwTDAp0BWshe%Nbu*y1(9`M$;+4qAkD^YwAg^ZrpiL(sp(u=?Zkdg8fv+OoUU!Rl;N+$0E*X zj>*(aFv#a;0$@p6+#^vtV^4z#V{dXzQT1egKVeKf7`*dAZS^MaGd6Ktf4BC)O{quZ zd0W$aFxjQ5M?DYbiso?Y-|n=zx07&mk|ge4o(wlx?iBg%rnVbSk_{)Fm6Pov{Up%+ z-k;y5-g|6r^yh5mw`)9Dmv6M$4QnXSigm2pwY|Mi+vdhc!ipFGePMiN9m8S(^#)r`vNbwzMPHrkiPg)8 zMn*8?R;O^B7C>29wFk&SI?^79e;=8zv^`Ec z4I|ZMggrgf&D*VxlbKPuqIs2zID!{cQ%?1S%=xEqz2Fjh=()8+gIa}X!4yNU;fY6H zRT!dlE~aQM^Ex#J^jkvcBWLW(P8lu$a`!-`^Qw63M< z_@iN0*~a|EXKsEIC!T{x@CLv7slF4QSzcei1fju-e*6XZjawOGb*(PKk- z?epeYFLfh6b}*|5TwIm{@jqPiW>3zg;O_djen_Udrwg)GxX=T=yedhfi6-Hxmac=X ztW8?za4Bbw2j}V0P-svoe<3@Wl3R~|N$$@T*=%oS(MvjxEGPKHVM4@iEj!CVrUh|Y zX7TJq^PQ;SlhTn!avArff^WMOnvBLq zOBh|XHPiP`^EmEv7Rjwt8V!zO&W~qYsWmRydO-7YQ_C&fgIL*zJuZl;v?KRzE6$6@ z%!R`i_KRhTPJK+jzr}DcOd=T&S%=r?@d(#`<-%S(D$%`wMNK)k%)Bd0-hOazEztv( zY=R6sJ~vnjAF0gnh-rQ6=|AoA*2bEBBtqo;Ym({!Xp zBP5&4^N{w~Hnhzl_s4?v_+L=@<0`XDZ#b*H6XiNb;wB*{W2nYOFz))*`!1QNQ6Z5( z8jO{3q{gFI8lEio#rA+#&H90WKa-HQaj!zy5p_Kqs|XIeP`Kp>?W3GyA2^$l5y{Ui z?*((xhu+P0$CqBU2+MotCQx%^d1ax3uhTG)mIWCcz==mG*=zv|)nl%m5OnCSMST0h@-~0uA~Q*yzii z8AjvlF&!Jajh_XK69e9C-Dp?#qbX2@JJh@7{hX1_MHfu2XrDLB8Z0UX)_AX$hh+ei zx1u2D{K_7VqJ9$LEqDL>1U5|w0B5D~#r5r-|`yGOW))G`58z&xv=&8`6 z)4P|ci{UF}{l<9|2f8}pvNc4cNS8rJ2Ki#$o7oQ)@5wd2`Ui%-fC^BDn(ngiaKJ$X zdN@f9E>8Gx)kX)qZHH2B`=^zL>Jk2o@O?~ip}4m1odtNbZ^PL@uJFgh@SzlbNM+{V z6C`;aKI~O+(Cb)B(=d4%XfSofU=V^Tf;?s?`k-Km{k@VaM1E_3uNT^+zHfJgTb`^2 zPJTNr17P{?Y$K_MB_YV3(h!__^TFq)AW%IQfB6URjcKpm@=v?@_owlmbZi0hqo8xe zzAI}ymc0H>_dE%ghc=f>?K|TlD7Vr7{C&oxY95Rh=eS?=N?#ur;-s4PoCy`B4iwTq zt|t=bcm?H7($gr2LEHr?(;o~l`dZA2)It95O)4eE+NHOj4pi5%XN3~5j#9Ut_av8Y zikM=dv*Klc!mUA8yy)r3`imFe&I|i{jc#tzri^j2Dbc{)MzD>#Y|RU!X+x3qkIVb{ zThiNzd_9`bOhuT%jXoDYi$Zv&mFYX6dg^U+E6ExcvjFVY zyVoHs?rBhN1CthR4W_y{S71@HR#9=*EJ)JDIJSQ!R-9dO&7Se*L9XHn?r0g?wII8x%Py>1UvLE`?0hA;hT z5+wd+d937{@8WqX$B5?Rm!n`rB`<0ZivGr)#f_6my++HIpI|=^0#(iC{6-g2LlVFM>OZc{EreqT&tU?0<1G^7O-=(D(O4 zj^n43FS5tg^wh1WC@6JeYcn=^E3a#6UTZ%|x4?N^MTPZ3MoLCm7~(=2l_-f0U9+X2 zm}8QMN|HwexT$GrkzZ3MBDKrtehHkb%~b9wK)dtt!>xh0+*_DdvIjQ5>MttwxvEhr;&X+@|z%iA1Oca z@I~r{o$!P-VW+a3zAY>v2{=yN#bG)%#QenQlgN|ePZY&31k2~Hewc2_C~oGwhmM98 z2f8$R@$3xzZW*W=3s{mCgpab>@L7E|F#1^iX+Ww3zk3O;?(?z|3$YfEA0jeFr%_8EoyMXw}iDNggtBDUP*pG`2P+k_8< zZu0#q&0HER}wJ_jJ())O3b5vV+I?taZUg*%neM`Y=Q z^8;Y}zLkefmp)(fG;}6D4%!XXN!OR1V6(_sC}z}d((c!seuceJtR`L%luTKbUlyhj zs=_E?*%|EuU)l>CrwogPHP&D993MKM-2r4$pTE&nzGr*R__@Blq*bE3?RlxgfoysS zuQFxY?xPk@!4K2Hd$;e6y{AA!^Kq5(M@#-baj!_XhPYmv_H&Fp`HJiKGgeuu8!1m{ z*ABIXQ(%^)g!6*Iqqp_2iYRmCZ|Qk3%nb@yLG_JDkTr^jNkgM@>~c8~jN1uUHW06S zbe!+G$w;|zK84~9X#(J6H+khleMkEwi!r1S9`~(6;k4qe>M}g$t;AON4#IQ+PQtN^ z*l3!*^D*g8Qsvs_bfVCkqcxjEjtP$cW_T%me`A68K}UibuO8=>tv)8|PPkI(i|pnZ zXb#fuR!Fm>?DjVD`cmB4`7rDVr~+E07Oj;!=;lX>w*oT7#izRyjJ=`J*3s~E5z?b=;n`8tt`lv-BCAM=U(y% z=M&1Q`nowG7I^wF@i$q_HcfN)J}*UiQ+~Cq=0zr+{)XZ2)Tq`l)5zCM-0d~=R`|tI z3X0UmG_a}uX})15>XWlCjItG(4Tc`NwSKx`A6+9SKrrTs!2dxpypY9 zs=cut{|SVt}gIn(W4wK|rIM_kHB1E!_;O@}G? z-Oz|4@yp8m)G|4_w`{HRp=nRDiTrM%NKRDADOPDVlGJqfPH2&!+vPqcg-IdDt%6tf zxj4ZeRTF>H<(_kuwqN#yn4idmk1Tjr3$*P2;pq4V=|*6U30>YXToltgj&4}>PC6^q z9*G(2%ID4$d;t71r_6Bjx*_)W8|zgk%CvY^=#^_5SJ`shpX(4z06le=N7Pf?**%v- zKSGn+772LY7HG`@=(pWLRc}F!>d6~L&PjyslZ#@{yA>0A45-f3L;RB*xO2H@#Ca(N z^Af7-PR;JWH*`;)BFmbr@-W2V=uyd5n|%i;}mOGK$be}j+sJFw1i51)#|XeXAQKBeJRgFrXynb z)z(48=Fv>mgk6U48}YK1R|~!61Ea6y1(dFynPFbM2aG#pNQNsQ@-A1sheesgiz(h3L>RL6(Sor_m8@Ks$$mQ@3nrb%in}9(08+MZdG!>MIh5**n$igj7_V+0aPf zgpu;P>2ElZeE`rsR4Bv?J1{+T?{kf%f1>sM=MG*Q3lj63yT>XJ=JsdST&r(*susmORF4Q@uZ zkIE$!TU|Fwx*I>Z^i)cecA_Y>9*hcuOd@P-^cZdnEdWA zAHp;F`dKmMKD}inLQJK^4hH^fX=0WUiAMJk4*d0b%h$P1+!Cc%7ko(HyIctT@6FyD zU8JMG^!)8tWW1((#ag8z;8#{FYkw(bWZ?qv;jw0^+-DxY4>z+JW5%J1xVq&ut7y~52PNRL>~0q_-}q4LC8JG!%NeIWW^6+KU*%xsTX8)Q(xD6LwU$7NUmvitF5J1<$v zG7e_O8JPrJDL!JIDjmf1%QwKE>pWjt+NWE2*;hq~JcluO zQ2|qcz|gz#=4G$G>2246w3JcOi%+&6L{&7D`0bV-+<80&oR8s(9%10x&pi4sWou$h zYYz=W6Tljz&P@rne4fK}JN3%{Xc;_IgIK+NSTIs8Rf$&v=ag?BidvzF^88T$(NW7Z z=7OQME$deDf2jMj)79X|N_o3cSHp@!?x|X~Bpxl=rMBbBiaOe7J@Q;9ros;nhsRas zZ-#VI6jBtob`?Fx1o1#+w`Vsv`ad!86FVA=XwfXSJC1Z@gZ8w3O@TP|roVP7$y3*5 z3Iggt$`ATXotXAT&Cf7=Tl6*~cEY%{MaBqw==QS>PAf zRSb<(w3jSB=nZ+<`T}QXEWmg;L#i0Re{aIx=pdoSZf14Y>w0B&U74-!m$y~GE$Fyk zZBb@lTAr%u$soWc?l>1V$Lsgfz`4sWt<_35V>nWfX&X`8=@6QMv|d@-?5C?(mu(J9 ztu1k0&$3%QIjkuc4#w%oohee}*N`#mwXZ}va{l64Gi~*Z41HWaa_mkV$-8<(4T+xU z@)MR;A2mCPq6qWx97Rgz+w1E3jE+5y0vLWTGi9Qo{SBoyAq^ELL#KDjBSweR6d3bI z2Qq4Ew9&=aim=ABTU)l|ze*Tbj4|xtty$uTi8tMy;o-UL$>kZE!T~32vd0!Wsa*7; zk**Z=6w6KTdwPvmr(C<2L8$gNF^DdfMD~QQ00#e~*0Xo$GZ7&C{7|H_)Ff?v*=gMN zITd?0lv})vInEx3B2}K#nB!_tt64tLQ%kyBwiGXk-OwV+xt%I?pJB5BJIgPQvIl9c z*=9klt=5CQGo=cl>JiGdjPei#y~ttSe4?mrJ07{!4I?2hp>Px7IigtGKFeO0R;%gR zm|tV?iMIju7bC8M>=0^6W?E|6Cc^j|84Vxsd)H1H&o!UG()HDS$HujXnR?k>WU!C7 zkz`?FuX3*A56!W=g{IUZ(1Mz%FL9Q(T0I@(ePJo`sz^Bus}F>!OwYq5JPYkIhLZ)^ zWKLBVSoePE$jof?JzJ?lh9|#=ZysVA542u(tE^@8w$wO8BK-`;1o8F4-j zETzSwNljp0vL;^Io8C}Aiv9MU#UHd(=GN@0H?jv*cKwoWN-okZJBZjgkvcjHfAJOv zrJ_YO(ujeB0u)VBW`-**6?>r^5o9%)F=rIdYNMtQO4@u_DOGzeVrX;5yX_0iH^47GIPFjJ5viPGkpGTSL z&0?rXSMQBM8R|WrnICd9Qj*IYnG$@3(`#6^`4QY@m;!Iw;YKDuq~Fx*@HnW2s=vYW z5$(x_zGIPW^KPX0gaAu_lRDngV>8`^+DeNjhKaoG>Nq@3eJ&OTBbFS0wKTa}?-^&~ z@pUjLV6u5lPx?dqA6=O%O=MU(;~ui>Hyhu~^UP$NN%Y8&rN18S@zu4DqXVyGH@*dw z1w;BCD%gfJI6EG=O_bN#D2A-Sh|4po&W#0l^V1iPed|M`aTiT}6)`-_JZ@%W7MvaU z%B&CmE;gejfx$OQT%{+zrnJ&>#Z75|RrqnopCyX7_EzGsun?rbmevn>(o{tH&xO1#bw88lY)royGc;`lAc1KhRu znSM2eJdyKXV^?bcx97xCaTHF>KR5hf{CxN~HCV3D*W#iFp-QIAS<@1M;WxE>JW;kC zF!Z+jmXYRHmBLzWba4>AZ|w@x&?4BgGxteRd>uxZhekGLtUK)P zfc!nmj~oxfr^>)k+DX8L;Rgka42`yZ|BJ;s6t9KtY%?th*u0L=>2sr|h+Y1?#hifV zZ&~1`l+<4sZhiaJQ&)=WffmUZUR*;0g4yFty;WH~x;bkP_-!)C)Wu3nL;!T*f3c3p z*BzlMkm2%Ck%&3}gCeg!s+(k1QsqAPvK^VoYWlq^*IqmZkcgVq<>~J{1ZYA|;o0D&!VT43VWhr}U5g}#Y zDQnrHWSgm^ETLhnV=2-?OqMofU&ay=!r0nS$vT*_HdpyVc zJn!-R(?6N(doAa6E}!#rp4S>H*UmfFQt4vh-E(NaO9!r7WG!7!xw!9ITE2DDIB|dO zKSG9tNU=NQtV<)!!khc3vjmH-2+h`>%qPj)bc$alYccciK>~ooA1(IH;XfQ6x60M^ z3>TRF4npsom3sNqgtM3O+3-_-Rux8UM9-R_04a$}IdsrUV}qvTp$EOY0wl8#RYgyr zE^0{hbvT4vp6!RgFl%lXKvw1T=A|`6p>fra19S79M-07r856!_IY2}V6|9jm9*q{Clv>3?^dvF`5CJBR?0N&} zm9@N+NjlGqco})2=Oe;o@ZH|U$(sFTU*KvGX@#*;^Mn)SSlU#YDR51^zWkaIUPhs^ z#kpQplVWV-uFeQet(OKgM6-9-8R@cZS>Ga^*F~kickR2CP91Lzel)G-O}X~Mlu?XB zH$+(C1=8J$PgT-9{QYikvc`6YJwz|<(9yk_ntRW^A&lk-PVLQQ)>JwxO$v#QbT*l^ z`(;kGafZ5XOCkPQbot@jqk8nR^kmSL`eEM`N~+J8a+jtz5bcs@-z`tAP0#vto?iC1 zSa6?&E9A_UlE}@sG!dQ1=%P~9*SlSSsVY96U{DP;JYO^YGLt>nw3a^`@c|Y334qE^ zBNPRY^IOt%r89x6BPUA8x=)_WmCSc^;PCmbZ<_6?Fb4G0ueyRcs3S(}0ivf{|~xyeIy;NiN^?-I1@MawFs8k6iiO<`C>a1Lp6 z)kKjMa26;H_eSIw)@(gA``WW_B;XWx%+E4@k0*UM#WKg`YtST3Cz04Qe~S4(Q#* z6(6EriX%Tv3muY#04Io9b81^-DmM|srdckH!o$=4kdRS_>b= zGR}1Nl-%sIP^d8p4D_KQ!vKKP>dLwC(aV;WRg@k?5Gm$SsSWJdH`K%4s=Gqeu&ikz z?NeM&BSF}z+&Y9*> zzG9OENjq8gU|6kkM6>Y6?>1aXlV|6#_qIF&$0pQ)i=LAFL_2J9s^C!7X?fN)mLJlz zA8QZ(W*Y`~-Bl))mQ&tnzuSABV%nMl5?@P$B^@rX4Skx3*3qhv1o4}J)p5-_AsYCW z($+4_TCvMH$A#J$_1q4n)@q%%6O=i&LzO|(L)D=oEa3nJQymhRkkgQ)c-QNn*2|Ed zYyPNzA2F=*HXlPf^TkMRTHdXmw43I`&MxYMhh^WG&gYi!UB0yE)H;9SY^5>t?{;r- zdrZO^J>Au%3`JF_E-kCgK;ec6sy{GE$nL$hv()~ejthrgPt1c7T1dym8}6@{<)=8|16gLd_2{OR}^+HW$=Vfwiv4M^vQaM9L1@pBQk|xRGv`H4V2sdNJDn|R@Z>+qEHK07QDs2k-;R|zC zec`EeDVY%YGZF_TZ^`kE#7Xm76c;4dIlfbh7EbUuat*r;B-Fm9UvpiOK;OM_^hnBR zI4$$hbA0>hgcOP*&-T2bf9_f?n;s%dj-@+5Pk!GosNY3qUucU@{NwfnP4;nMmYytya-h^VU5i5zz4u*E#}O7Btl|FEmSMaXbUlbJ)N(q`&Q+6sc#`%iDi99W&Kj6U^aHFGJAG7pvBPX#Bg~P1dA4eC4k`*bKUf zu5`nGvt|Dq{A5mDebLE!?T$<5?*5WJVwcefIq|3}pgz8arfU~4aUP$wBS_MQ0ZNHg zxwO8XQOmqJ$)eH?T3l~gLrbw$`C`T^z2z>$YAkG99qXdrRA;%?(t8l zO8}gJy$F6a^P~*RU9P_5Q~q90?{?v!X&onUK?%4k6lx~L^$PwUro({!KnX>@K@8C{Wg+YaUyJV>|o zkRe0l_T%sWu}7;=Eh1@ZU%~_Uk4flrF3StMjA7mIC|YD1JWv=z|Br3qgGaejW_Mj0 zgWeAsYp*nZ{ZmpNgw$TN{DTi!ciK&YR5=yb8{MTFa$*Xud8!1a_j216HXf;e2t$#k zE-PW%0CCdzwXJyA&)L6s`h1MmF2@UNTIh0K?THljd4IOA z6L4l+7}3BVeYsSFFq%8~+epJj2_$@{X*1Trrdmn-d=^ph%kcJk(#=!z&!xI5RmPjQ zvn}QTa;c{mcv9JGRTRe~bhu0--#@nZ9z5-aq!F=${?eW!@PmZU&hX~MpVQMXTbEHg z(i|pyJnt=HQs}*SD5X1&i57N_TN8`;u3oxv(;u*3KI0W!J z37_7OG79U4by55hueSfXHT7kd;L7_C2_cGm^tNAm@Zm-A?dfFz?W>@}){;%0)-H6~^xd#BQm_Jgm zM3dxYLJuC%eJsD2FZ$9A2>`bK8q}7Z_eiA+fB7Tb1OP<6SYlPK58woe(sIVYC3CaP zv`D=m0)TGTWRSc6aYrVsmsOf%cem)1ZSKG9q)g`SBn;~~$ipu)G>NK;v|PvEjj;i{ zg?8op7Ou?RVw!b?+)?m+<#KPXHl2sj(?FPEJp18fB_iqdviJF;sNzbNMb)OX%=CixhoAWwk7DFl;4dyL^=*$iw+EmF zUJEmw0I?hRtL=PeYTC!uV{wn>%9VVW{=AOpr;6@<;bBrX9)*=IowLI=(6Pns;qEr6 zy&VJHGqcw9*fi{rYoa*-Q@@4IGr6>oVh4|_E9Z#~Wk0h)#)jcq?WuHemp)6(iy@HO z?{SCC@yYkPlJ<}9u?o?MxC<_V-*9^3C|a8;=1X8)!SAYP#fvsQ$Jc8Lx%!riP*Q%1^l3W3C%~H2JDv)1 zXBI5+=8_75c9#8>l!SS|rYdvtV%tr5Zp6a7HPh0L-FVNDE%EmPP3XJ1UKc-rli*(o z_xfz@pZWF*s*!+i-#$ymFGYQ)+>i9m%~4l3R(3?nKkCFP8vuI3zzBli97ZyvCH}rD za*Ksy8Nf0`v&qY|KD_#i<{o;{!a%c;v+KzcY?DgC8i1LCp=roGj!rN01q+cA99$QV zZudq8HMkC~4XDU$=@(4ozG>|HeBi+C^c1hTnRYoAnFO)Q#-bCwgU;55AsQYDay$6B z7G#YmGcYJgp{2sX|2hKdKt~sKSpT4=IRTHs0>Y`xqaSqP53-k37QrXqnHX@e1UcH^ z7FcL|?6fTH)q*bj-DsDnUr0}lo8d(l9s!7&LR3`!tk?i+zo&>UcLmnIc_fXsk4gH< z+9xb&){JgG;72~d`35u8@(4F!&|NZ)&8WNXcP|B&UgX~pO3dkM#mqYJ=jrcl9CZGh-Yp zXA~mrV${Y(y-7ZsiVK>WhC$r;z|G>z8&3ZctN(DBn)yK;*{^Oui|i_Rkp|}yW|&h8 zC`J@VSSst87U7vW)jk4WsuswSiC+S|=AX&@AATV7oBIAr=8wP#H~&cGFUbYBh~0vG zADcA+;*k zu*X~&)}keNx3*snIW&jPnUo(Hbpe6YE@Zk@DeL zLqzbP0|y-Wi-9wmVquVF1>9F#7};-b%h;zaV=NvU?j|<_^F%j^N93ZxPPFgl7sMkLRu1CwEFL?To z*G-X^vFAr-DJ`#^cIGo~vi_q48>wZF-aUFy#8|_n)%7~F29Hkb9&b+zC84*?Jxp<@ zarOzHMp-*^cHb%Q%GomTV}XDZB;QOvvHkjF;W-+s?O)#*^oasV0~_zBr)=*DyMiml z4wTU`9SK2fs0hokeXqYRF%ELvrwyxoxX1t4{>G+9G#1G3r0kzgQF1tE&eo(<78_GY ziETigfwUVhNC`E81%`z+oiv#!m2{lA>&&q>$fbQKr`#nLEA0fh@h<7Ef;+h^V$X?m zxm5=gxb~oNOYj?(-3mt#DqP*x&A)F zg=87_DY%BH7FBvakG0Ws#!$-L|LFwZyr5abXR@0_csri+CMMYXSNeWi-$Dmk!j%t{ z2gMCsScQhsd&+zLQ`{K#Z2LKoX>oL7$lTIzq?tCX#2llNO>?M2GRGPDYw44@>!hpTDd68$aLa zV5W~ib|~%QVVpQbK`|4Imyt%wk36OKg_K_sK@&NVJkfVv=qC}@|7HT|WX^*$4*+~s zrzUWGs}Q+3lEXyWQs1~(q@4j?tT8T_*h^%kET2G0xoUcW(^`ToW9{xcC5xcYLw;Cp zhbmL7!|X(y5ipG+s#Jyi|1b;L_+W=<>^9&KsabHkC_8OTLp)U$JGj0xJm4)}o5{tS zHx(?~@o85N#Kl1mO`$H6?z>89B>Mz8`jKH-G{{~wtJwC}e&y-@U;+Lqk@(6Ih#9Rm zX~2^Sz7==XNL(g2e4|CXEX&npdONrFE-tQA&w`#J;aps4SRVm0%;nO6Vo(AA>2l&_3>$=~hrq`+HmMI6O!f-vVPeJ4i~VU*Mff_> zW5@cZ^4-p>X!VHzW|)SflSVw5Mp7`WhK00%t>SRGriR|_6~-BS_j_F5)@@_7T|&{6 z<^aG|pq0p}KxR6+mumn!#>z%FDGr3#oqw@gQ`?I#~r%_T(MD?;EI0GL;#!A1W!tJTIM%kkdH1!9tqCz}L3e8{9b>b+Ct2`|d?jD9xj#75cXwIX z!c`;aA91wIF961I7h;GuGBX%CI&U|JwmsL9ZhD3W|Iwt3XEHAoUVUs97Cudu8DPC{ zz*7qQ%C!C-E5!OHr7}l$x>efl+PJStaVC_sr;iF~*M(1j;^)NjZ$>F{wC=pf%N}!! z`^l^R|7oe#w)B`QhBz&e$4O24ed94)BY9!00ZJC z09-U>k>(H($zAPa0?z zei`1yvJKSD?zZSR|GhSYx6p!sJSq!d1}qoT7}IKMPZtzNjM474{l&^$XO6>GD#o&4 z%Q;rw^6+H{Yf+cQQYj29<^(Sd^aDwD)-hU?Fv7N0H%3!;!(l5Bfv;+Eq1yn;Apd-~ z(Suzj-HzCR?|>B;GKMA-WWe8$3LjI37UognTWD#C*Mq@=R1ib8%o9JP8D0d^QM-QS zsX8~RPdk+pMZSSoUkB&Z-5~0;@w(ski+S=K4Hq5xRfVM+o%+inga9rd=gwr5&emP} z1vdM^dpE$+aPM(6lH*bIZ6e&Aw27vU6oGtLJFPufV5`eH9LGoue(ofgnasf>PrJiW zj2Mn4OCTr{2Sz-Au`auc56)QOpc){`2@cEqF@|1@sx)2;&glav-guC;yFZK+l5*x* zQQWFe7*bz*0M6N=cGR zP8vMBAmgDC7S5n>@LU}@y9Ev*UdHhF44aE)1O|E6fBFlpvdFHHVy_-umUsJTTMMq9 z5`ILv>No^`+>lOoZS1adDi0T`jihCOYh8<%^GC;3&*pmCPb{%vyU)3~fmhN}wNWQp zn@%9rm7n(Zwy(4R*r+Nv9PpW)5g?zOjAni+(N~@7y*{n`vhknl2g(Zl?|1vw^$a|M z6m}_EcQ<9JA$d7ztPl4sn)P|*XEdAfMSEJD^#D`Y#p;ZbPRpX~G~CxQvYV2Et8D^U zFr`%i9uxrW=GP9fZ=1mG;N6`fJ*?QXh`zPbwzyX6vJlpTqf09&W|sjqpv&P>&#K)e z?=d$sKk|oqUc=30BJy%Ja1`!M+kU#J+kzF5ODTahKrE)*y;(CEEXuqr_v(B8;xLOENYZ3m*uUGWR zXaPZ?XbiOBX|}^izrf>Vo$kV{x7TLYW%MCM7`IEjbiUhuS#Pd%bL#X=K3_Fo-NXBz zF4vbh$T(EsWnk_Ge>PtP-jZICOXSr+m9)O?Wab52V!@L4G5>3;1OC0Bfp*t;7@ykz zyIO$5f4}@}P=QK(m9Wz`W7u3tEE>x-HpBfrW$PlX4TQ|&#}_Yy zfVIwL1}-b+nxl}5t14GDwBpR?et7f+^2`B0YtE{idhBHFqNlahX$y}hTmv`zS%+KT z&F(q6s~pBA{G-(%&?|6cK*a7i!RScslB^jiUS~f>ojC>7vvZvzDFvg_hR6>uC020G zoV)#y9IZm2-+{iJGoQm%=BGa0mzz=!YJW<4R=Olq4#1dwN;722k~{>p z2p@ea%L4Bk`4l??K`)Fz76~m(Vhbo_c-=5icHJ{Kle)4a!n6R`0`~2p#1_GvpwqlU&s*1a~k$l0>TrpbL$DN@Y5HLc$;hS zA2sndUzN3z=lP3T&35MS|1b^UB8}HBGdGAjy3ALNHknrrYWls$n@Y+Ze*AYjDuFtQ z$$!kJo_24G7tHRO^X3~9tt+^B{}j!$pan%C_S?bPy@d3iAVk%pE!4;k#D@=2G5LbeeGZ$s(9XYp|-^H!iqCg1An|1G@``k zwdC6XcG<2oQ!6-Ku06Vg%bh52y$GUs&@@mpY+rqig8-O!7WBN{L$?j&=v7?Gp97xm znUw}x1cUXJPE7Y2t09@6f^_SiIvE2R(W5eo$3Di6=9x))9QjeJkZ}9eUF0v&f(eiv z_9Vr$UjJk8j;_t6zFg1=oxTBh(`~~=dX6C{xb1+k|E8lzv>2I2vK!ao*c#3+pnATq zl0s42-B9|+sL#1u>Bbv3bf@qPC`6^`*v6uExKr-Jzxsy2j^#`)6Lf=FEI;`7cRM2z zZw#)q2LgJ7^0wzVhS6(4=u$d=SmdjmHJhpVZe|ZYO3U_p9k>eO!i!C+)s$BbS5{i_ zY7|#|&=T+;(f%zqrt~vr7QG6svjaVNQU#vq?l!4eWDk;{_NI- zeAfy>z*JC=F$Iech7|H*lp>6#CZduC%DO~|#k&a#_u*R{aZ`EIXWL}rV#sAs;L%P8 zVpzVOJo#Bu)lKH7Vg&O8fJkz>T>2mgig}1tAo?b&Z5cnm($#vOmio-yPt8|X`y>~t z2Y+d#FmllN)8lD>K9J4#$edRB#GilS*H3+&qf$ptM~Cr}cQPr2rR{NonJp{Yyr z;i-{I*>3~q$HzzA_TxIP#2ofSp65y~rc|(Y85AFfO5FL}YH1s)#MzgCzgcuukYac{ z)vVJTx$`PR`O;BS8^D=%Ont^h0_Bn_w*}2g*7np1=yP;?r0GMgJB6E7Mjn&PT73`Q zHg!3jmT&11!#%EDl8$r}pR>Gz_Pu-N$Ccden>kMs+^nO!k$>TtcW1;ltwF_k^~LKQ zNPd<)QPl5|8ApQ#dJ1~i2H5Be{hcm!!_F4uqfZsh*>H|edq7TRWCN?%B~%GY8{QJo zqtH6Ek>c-XgGL2R6)C6gIgr(OXlmLd9_iGIy(P!8jo_0VaZyjn+p~u1v?+NG-KD3r zi&%VE`KzP?jW})NKZyEFRaMwVBTx8RU5#V3h&B5?C?GSHsjK?Bil~3E8x1?M{?u7f?c^uhN zgjy8U5ARC7-?~$x8>Ky1bX6_0U+uwLLH$J39J+Rk$DDt=>Zj*ve2h+a7<<(A5C~U0 zyX(~j>O|E?9T~reKNs@cnRYTwKIIyS{SGUBCHm4h9EN3Bm8`4cmyE=ohhd&ab4T=y zw+}07fovG96_aCBHl8)4HfJs07UTCoMruD^=Ms;F_P2cRV35$mD4yaiYDbUD!m+)8=He&&`u| zg46pQw%xj|rW-#pnW1m&A@e#bErZtX>WlmL)Az_f9{nG`XWxqy-Yk>1*P-I|Ls~J+ zrJYz#y~NZ=gw6Iv#i8>s+&A@iFoZ6obX#QfDtSrT-p&1a?;acuqwSqie&G2U!byF$ zCR^b1&js8j&t~($);(vX5D30;GAwC+T{6*)nnoy|BVQE(Ff5y2aKU2vOJTe3tj}xy z@!Ef3Pt!Olj;|}v*dMXk3O}+;J4-08rh^#XM?#s#Md2tOMbO7|9KY%j1 zw`0HN3|nIn4X@KmwT9DDDwjg0FA2ftHd}}qu}wdpPBWI8$ua9lD{08q-0Oh!Y0$oJ zrAs|FL<8Y0dv}Hm8cuHPzOy>ws6J9-vy8mKb;~Bjv8vRa@lx_tmH-t08lYd$wArBh z>LTCm;MsoGfFDrgFC=yv<0Lkt+xgf|kP_T=mn?H&uCqtCW)XeL*GeM~QNg>xQM1xY zH1TMNMt9VDzW_qZI%1j5-4e1I?$&;X2Vu3*a$80c4p9ybl@bH-I|GS0*F^jOdI-^3 z+(}ckR84`EzHyXDd$3=p3I}C|?1iOkUVK)>$CyGQkX6z7wF!+^!ibIswu5M=&E$Oj z=C;kItp!f}e*T_s2rWEE;_W0v1U!nbVYX}5dzUnQ1-zP@JEanhL+FbCW=rBndWRyz z8a=UFOz06HZ_^NbvS!**j-}{!Kxai}Yrtx*P7H>s&|<^l`bG);EF#&jQ=!2xw6YwVl>F2{(AwnGJR@|c!pwf=DL6Mtx)=~4aJ8GceLLN zX?mtzxY@WWm#8j5H3X_^lg%FGN}6Y1gr@)r|LAxo|-oyH(z;#KwXI zYh=E2{{uN*i{?)~0cW;+z4n=Tnn|Qpc~?_EJc&5;)c<^_+7H-j3FOFE;)#J7QC2(# z@N3d4&G{IKYH55wxSS_AEMAzp_t&PMP%G6+{2>?crAB~8-~sh?aX0m0phPHy@-`>V`?{Ehki&r78ap`b3|fPyRWpCn*pH}Q0vWio?lU_5uZ_B+scGy^ddm-)iswO>!qI?j zV33R}APM+4nm-OO^)}2`G;te)lAYlqEq+BX%9+r=9ECd%Jv@h_(K*<%F1;}$s|^JM zu|Co9mlyPmw(cg-AWjEVuS))0y$W`E>@RovL%%pSAV&f8HmCu~<+t3n zYhFpyl*p%m97=v~ou4{TNFOf!-HOxeyH$3BouWJTZC1}N{hJ^Qe)rxk(0P#V3G27h zzGL!lTsTRO$u!yrk3aotWLP)-8w=NJ@0tK^BORSM?J&?w)PN9XdZ)7gGFw_3u5%$L zt{?@Qm#_2Te-m>V+%EH_MT&F}PJC7e561_jh&`)-L%#FhM2!EZ?legHY1*9B`ZwVq z`b|R&P;PW5n7&zo|FE^oK6&VxufWAhKmuW(JdNo>cY*73rW@Fj%m1$r5j`;P4a%n_EdIkCWdPlB1`kM$^n`)VQ-6O|t@?QxS^NLf593z--yc?p zes%GGQh-*V=js35od1=Z6PxEADxt-)^%4j8XLg`JWIfU475yDqUPcWzK`#QEBgYeW zCLfxXGO#F9S6cJ=4=;TH_=1KScws~0?er&}uCFYnJz^FYENJEtesexGhBhP^S1%A0 zo__#ltT`Caov@@?Ba+~8^E|qInhGO`QFM2G8T7^iDD{82nw=pD6oH!5arJ}tyRhB1 z153l(m#24$BN_@mIh&+OS9F1yex#J4f@Z_hbGn7%zx;vLCpLBlVIk0Cf*U9TfiJV6 zd$Ol&Dmr)vs30SMwac0zbPn|F3~jJ4I+*TFG=O1_;|6s!)xWCSZ^L}nC;wXyQ#1go zh&(1XsZVUG_w5;lV9V`GD=EE*@H&Q17uWkI`3x!dy_@fIXr&}q3D(3UE`0d3G*@Ei z-3`;7?Ik_}#YmD(s48Z<6B|BaMVlFT88h);v>Dx<9RT5a_yQDi1iB`~J_f*6^`vq& z27CazPy_A86==vr=tz9JGBW?sBXQn_bjvTsfn(SgAJAhj1CZ_TtJOLeKOe_$_pvD5 z>dw)nDJZqr+gWvd2PA->Lwg={$rtc?o9un4QXlk$eCBt%MVO9m&$cCACaaGx#i2SO zbhpGmTV1*nw?JCq=|)iXH3xi`&S>s4M`PQocP09}lREqgP^FOySL;@}$g;$qBpu*o zoB|R=$Gssafuvxk{qJP8K6!VevXSZ{#@L~~O^ zOzW+py*ZQlb=VNrLYQB2k5`vVc%3r3KWCZ|dCK*muHdjJBSpnA$`XmKCPcBK1Kw(% z_bjiy4cVm$+S-J$W=!~-rbP~6oNvt}SYH;*xvW2TJi@vU<6?wXX$T$MUi%Rm@LRg#VQmnkk#4~Z>Ax)P=Z^5>kS%UtSBC7p_bQh zlS!EJgD}(3ni0I27&)Wn91oXv4iiyy;TT(2d+DiMu$CE3n6{~^*W1Y&YU>5pgTSt`%{j8IMss+_$EvYmn~ zN2V0i%#Z`UT7BJ_W*xE#XYUw5QHK`B%p51G=O9=GI8~E97!Gk*_xbgkFS_NkAN1>4 zXNkW##&$PL^l~oX-)!8(0JtbGBK+K2L zSBYXq(bWfaweC}HN8cm|p225UA<4X{WobiMOAoduS~pi+B{WIk<%U_SSah17&o^u>NSnMHSUp$BMhGAm zzfib|_NAvws-Fu&tlA7Z{ro{w8(7<%lnc9?CoF&{u5%$yq;!FYqK=^QHuHr-ORo4` zolj#r!gU!xpC>AaQ%pTCW@;iN(@QR{wZmxT-^;(jeb#KE61{EWVcGdfb%L~hHwwM5 z+0Ck1P`hVdwAU?+cT<*+|ZNPOh~XS>Ky}G!`Na?mrk++39mtCuDGcmC?}tIQlu8P;`Ms zdg$VeWrp41#9cRgcc~sZ`*xC^uGt<>m1Ru=r5Y=3wgf+l>7A$wDk22^EH9M-#d=%p zPPPx&?i~{F$RjEO#ZR&)oZpERWt;Fa+3b)wRY%E2WLeZKo~j^>3ds^YUQobEUj~J= z9Q->~cV?9vU-xddi-*5C>iFC)b{nGGyDd#OqI7nxAGOxS^Z}AYsNB;6*MkPh>>-!2 zN>86Oybf2HNbu;(F(Ae0;I9{~qTB0s8O-~H=n6)wjq6P6jRc~-5K39UT0Zk(4z9u# z$v{X-3vHxrcyoYERcU}p>o!;a{JehNY|0@hH51l!FHlPMoMfxk`8(u0X+$;YUQMKD ztF*GIkHsnC=-^JGyixGICi5weWT1E*;%ZtLK>KrMa*(Q|?1)M_{u*|?%Hn3PZp%!{ zR*QHkpnpQCj)qRaJgYBpI~t3{PSOJV9eQo%oXQce=q#!tvzYiF~7Sv$WMqs_4L?O zzr}kkZg4+WV)$F2KivG>^yikM9fZ?#)%32b-ZI-IU|ccOP04PZf8lX(Qfte!+G@I_ z@MDzQ>n}(wyHtO$;dy(lRU1q=Coz{VwyCPIqQY2X9L=`2aVd?mR`2#s6s;BWTSA*< zy$EP!cr*{WseCqQ?tYG<=OLBHMBgh7+DcbWw%SFb=U@1&R_$n6w7cus%22{e1oK7A zt{1OTc2zT*P&6sj!j-jRR@YF99w>ZDwz?rS?ZHkwdpAtZAhb7hweJ2XfF5Lne=I$}`L?TH?Dff-ik%r-SQaO!#0&oa|;y_O8 zGe@fzky=F1PM&FGvm3h32VG&xju?AbrUy0tDiW|n3kuSH-Nt$g+@fXtJ)iu%3>M;G zp_psF9GjL(b*~gU*RMQ{l&)!b-v>HUd>MXyLhV6zx$)ehW}+b-9opd|ZLYxcU1_dl zxR{vx$f(oPV&Vi%U!_f#M%s%xZtys6YSRs7>!}?Wp{hD=YW2d1(w0XYm+%{VI59E} zH~wVKdC9Y{NSMDqM?A9}d)I)iDoa07e}uTHNqM*+k|hc;LhTJXShnuKCHNjsyEbfN()__ycFlNty5W?kLE3bi z!K-qA)ELZMXYAG!u8N=TP*n@d3}bC+Ic{>&oT<$zN?yXe)-ER$8(VIy#LcCdI-EPy z;jDjem4Oxf=JAZ$TaoWnL1yAB- zgNKy7GLX4D!#XCYMOT#`h)NRG#Qcx3&9d?Z>>Zm3nXc%VSzQUyt~X+<+*oon z{LRU?Hff>#+4>RSAj~8Z#8WpqUBU{Jd_pv|?oZC_mScAe z+3w^uD-KU|##kYZ+497EMx+ZKh>}MFPXbvQA*K#E%{pE@26di=9n`$9q~DkCjCit27sK>7nqCwf~EWD4yHqZG&DRksIOUWo^;gI%f!?M@jCU{$z0J7?=8>9|_!Zk<`GmfG@c#~jKk`eo{TF-lgid{F0*QdK|Jf{mM%4lSgVR-? zGllg9P`JGN0=!{E@!s5hi$w2m>OvEB&(dNawQ^?cth%)gyhXcaH|qY8`yP#oHTJh{ zkNGd)g`}qY&f83Q45?Jk5WHK3pWOPr5AgM4dn$yMK3=ik-``>FCZR?tYvQu7^*joD zwc~ay`-Ng>(7SK^v2{VcWI1P3Q14`zDy6&dZ2+YwT-LcG*0-ZD;pmx?vucHJJ+Zd+ z!&Op#E#YC{e@hf*`a{C)A{8?fW7vP+s^Hwmdtv44H03Ju>ME3Um z53}1N!1ZxJDyXcK+N$Er_U-OOuIExmA!)(YHD0N!3A?AD|_!wy+l) z+$1BFiKVzpn~X$_)Cg&~*pli>g{d~P`ul;Mjx}3QiIDrgwOeZLo=vd4Up4EjT~Zk^ zx!4A8#z(47zx`C!c0pk{DdhFeOT0|fkL#%>a_o^RpI+jgTR<$k{U;j+qSnf=4Ti6% zCN7krYA+ZO3LP;SxFU>^IAsJJcY=iu(;RrYF8>@0|5B|yH%$O-?)%`b*+)^Y?{5@s zR2qGN>-K2e-3a6Yr!r7688+FZUj0V7cOr5hkIi|_iAL|L!ozdLu9!vg9S=G6V}^_p zluHfu>eFw7BqJ4YS8>e;*4e7HYUm1NW_`S7?4L3Neqojn%+fQo@>b{d!0H5QcB#+4 z`c$Nb7%#S%xPDe8)#oW2#3W&#p5aCL>e+^xi8>)@#bT`4YZ3ZJwfV91Gf#Yna%C9F zo}@m9wV>uL&G+`FJa37iUZx3}-F3-kTs2W_PMkIYQ|&b+Ra3dR z)#@{vr1qrnl?C=qZj=Au{u=APxsFHDNuz7V3hD$02m$cyM7(?uw8nS5JwJSdl+f1Z zL+?0;7x{G8X6l=`tUG9zl&AQS=w0a?UNO`|g1kcXn#r*@Dw7u6`IRJEtRt24d@%QV z%^_VHRHt)T8xKR@N=75qHpAb$2w!dBU}J7cuT_G9Lt?=6Zm%9s>?7%q*%p=AD(Ofg zp|mb@ALJR0V#TD`2zuEye%E$t7He{VM%f-o=QzycR*{IZOxt)MKJU3Low)B?L>lYL zI#js%Jm-6j5v-&xlBBBU+VgK=MKwxFSF|m6_$YlrK@(EcPf`PA3sfS(SSn$@d*~Jq zf5(PZPHRC&qIMmPyAF)o`@%(7S_d_Xr9m@5y3q4NHz}9HxHS>3sFlc*-^@0(qMmptv%k) z_fZ336E!?M%UTP-k-0Nhz~x`3Hq(!jaPvLnJC{IqxKOm=VGTu&%11HVpETzNz*rs4 zVnq(!b>w(RCYE0hxw)Bolx(r;K*YsEz0@UKO1Pxe>-k;_IZl}bjFEb!%F)*MSA-yt z91UHSZXbNaK+Wwa^_6E9kD8p!IZk~8)T$5d3PR3mgu-oyDd3)2iV-QS)cTshMZUg6 zd`uII9}x8vW8PJcphMI;Q74u(_TZ7IRZeu7*OHiP*C~&gEOh2CT1}+wQq58r98L{i zANVn(X0_Zo(GIsNWQxwkI5sENVO}QiW@F?|h4+^>g^A}^JSrW{EB7nBVDmNW{(F~U zcu)M9A#v!e0c<$=3U~R~qeBHl2?*}hf<7mFlcDhmy4q8sBRMyyk!hx&s-fs5RFFN1 znll5f1g)_^!ztoRdTre`=iWX{wrNyfc&^UbJa1zF)Ckmv5?mEYSloR=?GoHyfGh@|ag@JK5DXQvX5#}|n zLNLGUbvO@&cU7tkOVMF0KM+WG#6>%#>SLb~vqYyXxfgawvMjAap}WBUNN+_KqDeOR7cZxX*PKWyy=bj96JW z8?{0v(N#~_pfk^K_EHE-U(So*Z9kkZC+TRj1q{M78_=EuISQ$m@ytiq`a)$l!CyS3 z8Sj45$gC+cXI)X6VuydxIK_231;ROy9Y z(jo+EC%lw@Zr-~3C`4T|B8>gE%@MgZt(hm2>_=WQ+gA6N;v>a7@@%amEqEMs0$0|D z@J5=U?%v*9jh4HZ zvQyLV^;TJfHh-TQafs=;?$QGJLoY*DK8!|FkrT)sZz)Kpa_$Y**%tn*s&ib6P(;`0 zvnr&|3z1vl6YZ7LB2JqZ2B1s!6SeYH1vZdQ{;SNI;GZE(6oZoA`vPRZIp6Ki)E6=8 zHxZQ4#~~eg5=&%hhPlwCA=&){&R5_(s(%=E}(-vJJ z+l74URP}2S&bGD9S>a1W(o){cc;C|aCtu8Ejf2>&Z(YmB!$1zMT)}P9Su|gEZ_@50 zHXf)SA-%pOK+>;o{x$5r@8I2E6Xl3K3gn!)S zDsH?hjrnN~ba4ciNS(cd8!K!S3n#a%ZN^Seuja9T1Vdp59Q~PPSpuie20ixqAR=U` zGHTf*CbjcHt(FYyV{i%l@*1u=vsb)lcN1Nzqs|D~hX{vJX(wa5q#hu-m@}MtahJ;b zH8s+8{I(E(pEBu(ClAcJ`6?wt%=$xaL(pV5@QNRGbV(^%gPkqji!hb1p6SzxNjNrE zOQ$wJ)7B^okIVG^Z`_Ts|R@_k4T5?YPeOh z%j0)v!Y^xV4_IeAsew{HvPlao-aN(lT7)S&l__OQQmsZON9N$8dP#AQSA%sUdJMKP z8YsC|$IDAgTbe|d{mAJqH&TP}nVOZA?5>5npaosn8|k`O6u!lG(X){{*`(~2uIIL~ zfq`qfSa(rsu~kZfXS{unPjiT1(L&G;iLsn!s(AG$@d4R2@W3FhkDlAL%ElU~Rc9xw zc}Dsu6{v-3Nsfh_>bacydi{G0ghxWt53k%rN&D5!4(0RjIAJ6Nx0DhxSfVD^OLlF$ z4Gr|&(vx9Ncvhpt6&<(BnP$`HtEuzu=O{hiP&aOAw%?z?(~<7;&)L1ya$45Op^e@; zrHs0d11-nKCBHtzy+xbnov-oaRDMt;#q4&*s2ri1f0B)$8q%kTLGh%*^LDFd>zt`K7H9&I9ZPKvrkjXeK zC(^Gi^;Y;yRMA5!P2tUe$Y=^z))e6C`#PBd^@qLVEZzI5mvW0wQ_A<%p|C4JKt5o9C+{< z1d@_8HxOr*IA`v*Q<{yq{=hN=>*wtM>k3op(mCGMTr8d=h8CLI}VgVElVnYO%bz$a-{7@3X+LQWT?P%a{ZM3s6TA)vd70eXcT zPcj`igb~1jF)oWL>p!Q-QR!UHWZRzrC){%6Mvn#l>>_EGmCkTYp}zZGNO+? zkCSx{0}@s(wodWG4IBu>h8uQfG%O}(&=?x@7ao@}oUw%qBvnp#=FsAchuYn>A0M`H zX?aA3=@N?%W>0Q}Q3ULb@lJzT{X>w%=zH*{1vm*2|LoD+QgfsvkyP(^P`S&z4xf@r z*GhS>VA+6pT;I}1ausB@kDan|C2ex4tC`6`SU06ynC&42dWTD!BmH37{v~$r_8bwo zU7w_5Y-^-MNRt>my`eC!DK&*sGOt)#nn)gpZB2yy$kKJ5y1^Dz2ph%{w9?|g^|qEFpQC^XO?esc@sij z3V*+_NfIgA3^7A5U6|jIJ^0jEt)ISz1av$1>guJbf!c6);D;^8qe~kyQrWW&nHQlb zu{i)qEaHNwB&w|nLEl(x351CiZvh|?7S!$ChkH=iXyrB!6?=RBEZKx|z01O#-$>bPiHAsm>@i ziiC1rXXDv^wC0NX!utUojn2)R+c>V8^Q|&KzoB`ZDomKFd7^csHs4jhB~lP|zH&>A zOnOjrI*sMYaN=?H(5x4tC_NOZ*N9rZ#j^>oXM57V`d$zGp$~s|Gh7MWAHnJ9nnIVL+4Kwq-$N7A}|H1cpy~;21dY=2apZmVA>v~`B z_jS=%T=@@!?|+_b^hrK4!~m&sR$(8#^!S&XxMM*Rj4Pf?SS1sAZdjdelY(D>SDlY? zMRMLcqc?}2J(QiOek2}$*s$kH)$oOsrpAz0yc-@uxtOW9#_&RMW}nED_>Ly6?Tnmb zM@W#PUu&6a$?I}54@!w4(u62w7rbn7_<<@w-?j3zDS2%21tI?w)$HivB~M5hNDGG7Ko++S$(&+j6za=j(T z8+JR)cuJofN<-7;l(NTRiir4dqkM7!>qY!Is+iv_(jk{ zPDlLyJ{TRcK{7|6|CmQaqO3)sGj@M7;9UTUQI&c|89v%w!T`EX<_f%^3-nl3WRWWt+$cn>@324zU}GEr?jVopx@- zj(QtZxSt*W9qHKiZHN%T2=}{rQ!wfF?KhieZ=1Eh77{THo-!*|HO~$vc1uyO& z4(hDbZ00aE#z(tT!w=dQ+4O{*VMV8vSze{{68{upcDIs9J4*yhe`EONq?-OdL0fMqEyM^n=Z5<)VC8)6&Rn*mXOB&~9>> zuAC@S3D;Zi*mrA6oR+U2y&=n(l#7P?k;+X5ecxQ~_H9z?Z!jCXvdZc0FzTGS^^bXU z;6^jzpm`BHudL|k+nD9tl*|!VAGykUuCFFKO=gp2e|SBP98^2_VMk-s5~3k07_(D( z89A3d={K@&0`dGyiI=?lIB&ROjmYAw>8Y6_dLi}`!qeGOl-JLaoMN$DJrg4 z8(?;(@s=!uVFN))uCzs01q74!-X|UfVOB-NejmWCSDdlR0Jy^TsQO)67se@GN@)zZ!+PVzGp*9c zlsTGjz^ElG3nq5hhdKPKK477H(}5`?9gES>wpgEAoQg1oM2XV7cdK3LeHV2sBbQ$m zUecjfnr8`Pyu&>Qb^yA*8SII=t!%aSalK=RQ-^)WzKpO+Gg-s1??1tE- zmzp)7lO%2154Wsj)R&yjVOZ(PAJhcZwzm&?J^iDc<0NvJ`r_#>8<_Pum+KP6BdqNU zqU+Kw)MYz?!Kk&MWDnhy+gPiD&CGcd^YB|6Fa#Nfl@i-XyqD|SBopnvQkz_O&{`;W z1X%rN%IVZOMKfJ0`8@+7WT0D*m#!7IV&4KImq=exIvf7$F97}r{_=(xmJ~hYc$j8( zvh>2UoU4hVZ zy=7}aGvdRfJjvzTm;nOKj>ttEZ_)nkd|p@K*6Reiq|4YbCK)&|}-vGsNEE zA+SO1g9zHzV$xq+%&Q~}G_F&LDU+uQ4{UD4$V#SW62OvOIZ#onKFM>`nK}9B&5MZl zHyuVp_rCyS?|r9OKNCMGcr~`UebpCR_i@cZ>+mO!Vs^=a(MyR}mFx6g)ZvW{0)j?Z zjE_@xQD%k9O7QQQt1o8GdznW#?4yf+h?@vA1vpX~ix(p)BZUe&2j2%@;qdEWgAqw~ z9h+I$WY@#_c_=up3+@@GW-yWzzxtPdVP~mcI8(x|-->|8HsATN>rC5iB*p6k;@o#m z!vzD-b(U6FoCUDq=KbajobYAIYV@ByQkx^b35ioCGBXLrBRiF8BksuUOtMm!68{ol zX5U|BMDhV!{i@k=68RJYBL|W^r(tjh1lXukyj-!1Cpi(nI{ftIW}yEo=;%cPsbVwq<*`k0ZD>b>xp0qAtNL*bKe=k`+Pq!sT)&V~`P`iA45 zZmWsbJ{r#FNUmcD{QQZXRcLuCQOgw}2;$ zlOKcxHte=VTb4#pdK48?zx4MPS)ZhO^?VGEj!ZgayeI@h#oLZr_F0;n_$X&w(DW`x zTBo5?3ls}-ugU+L%Et6Qv_~{F)0C;!9-bra{Ll_L^jzxLv?a3_*dr%-VQ_gS=j(cS z_KJ|(C0BUqRqs$MoSuX9hRfnGCSs;O#SW=4eAgSZv=D^p%sjy20NS=b>F}$M%V9wJf4LLGrS?byIAV@C~54ya=Ld*gTCA@ z@qSP1;dWmU#bM>|f|r_RQ!mA4%S%A9EXH*?s(#DEP&wE0QYq3>Xg55~+khBA+UB?Z zFcS1`gzyW1zdIcuTak?%wZt8aTA9h14;GzVdj;c&{2j-V%belK8A*KK2fkDF1WJ1+ zI10i~bc1G{B`>UigwH3eRpDl4pt@}DN48k>dyQR;pC%(Kmtb%SiEcwbY~LPVTp8YU zD(Q@>C5&3KxKf6*lNhFB5ucNMokzQ&Z7miwq++B=#mX)#hz26@HCc_I+Cpr4;8zED z>d5t>c>#`Rg^Yv^VBi#1P)m_EsVhcl;YQCV-YR+Dm{iZoH@=t-z6r8@)*nqOpHCSv zS2PQsno8Ol&~9!aMy)&gflL;6W@;=za1;)Pp7oZn@#QDGB4_s3=~Rp&D#p4kow>tI zrqqfR3pN);od0`pm%h^RVmCM3~U=3MvUU8PZ}Maf(~ z>h*_88`{)}R5N)p*mV7|sK`Y*cYRmbnY@o-(G0kWaV&{N@FD2C2v-JPPwFp6^0%Z7 z4RJi4xS?q~uEA$2x6)#a8u-9<^pcQK%YM0Kiz+#6Wm-c1yzzEb1(dYm2}qal&j12+ zK1&SNpZhSV^ReZ(_PUI@ytOY|7e?cjUMiEQd=ar8UGdJ$vUII%XFQ$%rb7*$^c0-O zuuSB?&)J@E>_)7$dhG8t7^6y4W0lYfF=pFAy;E~8S_=Tlir&vgw63>S(dpj{so&?p z;W4|pP~B%Pe7bNtZ_p{iH_YL@GW)0=4&$J|++d;@@x8B??bB8v{cv-8`Nn~Md}Q#Q zVDCcxeu(Iaq8@K-b^x{g&ZxySUduPu2=8Y}yXpzp#~KSDWo;Bj zW#X?^Z29qIo+{wlHp*)uC1D!apr^zJ*LCLII|73Z^=gc*i_#_AcgXn4$1dAdc3G*% zSK~2XxHU7m;u!hqMQHpp6}G<-s!@~?>{zb&76p&#I6_<(2{#Khsh9#f!{G{(k2Cj= zei;1ylrj&zG$w}yfTMPOOPv_n3g#7Fe29arj0!UiyCI>h+#qQ)q7T#doQ0<~lhvgh z-Y#E36Hx^WD+;c!@i~yHh_Th*=+&mFSN+TiiCQ{B$B2CSZuG;gK}C?AY@2TvaIqJI z7P09o9UJcM%mVr5qlgroe6#O6Q3eQyOmhrvA3(G7gWy6t3VHq{lzQ!#-WVI>)S)#x9h9~RPsk_lt4)&BV3LE&7QEada- zjxy({NMcU5S!!*L0K=Ki4+Lz4EU2&YiP^2S&};zWXBya%bC^#7?DXH5v||kWefubj z<{AXDB337~>0yI%0}QWQI<{pXhGt`>$HgKqr;SaQn}+FZ|6_i(aN=-cAzimat9?lP z@RN9E|MR1hJ(`L~wC|0%QpYwkuk(a`z1~}L4u0x>{-m)RE`!ZqcwOB(+c&Xk(1zS_+if!?sWyeaZq0-GAU~iOBrkq zz|AVC@GG}+hpn0;@!g()+ZEJ7UG>j~aTDK3MosAM#qwNIJw7U!xD;ciTq?O=l$=-b znAU68@xF~%pTh*IUyn*8wsgnjFm0fc_GO2AFv6;eD>Liib{kF2?X^c4MAeRs)J15r z>nFnW*`*Edf<5W-`^o!^jnDn`g799M#ULOSd4&RxlPU%OHN*Sl zoB8GrmsFDn5o{=)rl9=$%?L~8?Y?n8hfN4z;Y*JU!fwaG*CjHJtVi6IV)ey037&x6%wMZ2{B zjThi=c#O-M+QGYL+BG%%q?J9kb<5ICI)ZtoWcJW^{9yf!7GK-|t+t!}XvC^0Yahsb))Q*nvU;)3Dp9z8PNRXFIl4uW6K1oKWYb;l6CO&0QaoR3#j1*8tH{k{h*^*Tq zZ!k4h0Kf%{`}pPmmJI|R8}qM>kwLbba)R75kwO0JHOdt|+1_+KvZoHyD5sFU9!qmOj^}ju;?>@W&I^ zk#w{ZAZYY~PS=%BM+J`v9!B6G%HUymYEErCjVO7=(wgKmzO6eS}Np zzUu#H8XcNaogL-Ho(n!^wbcJaZOHS8XSmE@nWo zodQiZV!4EqcwEEW_oMjfC>jygCv{v0y-%mu%~_q%w{(;ETZIi2Xh!?+bXgu-!~=2E zhJPuA?hS@Gy@anEVJB5E<=-Ic(iU`+Kr5K`huo12j89lZBk<1ZWMdy*$s*_u15#%= zVfSXx!F@3HLy!RToeLHuBWf*zr()T~CUTv@y0|$>-JNrt4jR;Mr-K*Lv-Z&3=sMHq zFviHykJlxv9#UTSXq9U<@*?qmz-l~@L?e0u*{9X%n{5aH4i_H+7FGx=FHV_NZ1cr4 zKE$>i!lrFo-e1OCwG?nT_CQ1S#8~nHj@P)PJf;|A8U+&#;{d0mNRs~ULQFDfzRUJC zyMtUd?~2)J1WUpD_~9J=0P!EA4AViQtn~RPifojtW(ffPISYH+X4WFBy%Ib6(H8g_ z9i`gmIP8mdoxEi6EGtVI@-GybH4^L|4MM|!uqbK~yLLqzq`eNd;OR`u1*!W*Dp^w+ zrZH)Xf@0FU%cR)M0eU^3PTxzl5iq`^yGd$%Cbvq*}vRm$TBH>ojN^8b!v?> zke&4)4R$U9GSIyMkbBt{YcxQFlC&u`9@;*og}EFgWI?!h{lVJDY{JXhj%N1MMl&s= z1re2JFZY~Co_5sKk2!;%E)hM-Tf@mE;-*%>oYmws1z59;&goHvZ$hJ}rsTaI-3~@( z`5kudZ`0z0*jLpbo)N>yk>Rt@Nf&!Ap<|w@D#cDX-6SgI1)68Q!t#T}tFnp-(ZRRc zOJnXSPcS(U(kTdNp`Jdqz25yV-77&<{deUadRW9FLzh;2mR3y%m8em=j7TLlmJu5* zlAZ$A03dmlFao!}2T2@K;X3`*X*oka;{|loMBC>POO{DqJT_^a5el2TT~?O7rw)nH z@}#2X{MSP72sN)2;Mrn1y1WzY2%YZf+B^1%%nyJN^%S-CRnonnnN=HPVKikkY9`_% zsLwh_pyJ$P0zs-gijxf|lT z0Vngx%bm{GhC=rPr~pWm-EF~#9oR(L)$6t!#c&)1!1c~49|J~*?w{tvZCHGT7k71A zYr|i;?pzU3$$)XpCMibJwy<`7EpPW2`Pz8~d1~{B8)OXe{Z-Xh6;#m&dh;f?2Fck;T5c$~wz zMVBAu*cElQEU~h+rh|R*>W#QN7Wyu_&44)BvsNaKeL!8Um|~~4%@f3T^9{l5MSxw% z1&+tF@wBz);d#Z(QKQQZs?nprGxs#TM-4YzpKBl3IF4>LIOnAsJ)w=?=vk|Cv@rek zx~7M;QN^Ob0c_QoR7jLW@rlbfE-K7?aZR@=UO*b+{fDCg{Fg1K!ap@8ZE@a3I9Rqf z+wxO~U4z|L(L*7!5JbVjq(oP1fwCTx|y1JC>uaM3?w9N_^ z0)6H>cH7spK(k%=i0PtN1|#h-&yc}>7dZ+pwPhN!|2?9C9OVskA$p-@&@XqPEfXbZ z2j2W1HvMTtCO-3Q)U(yB+2D=nH`cMOfJxL9p&Vt7#4csG{re{iqG`hkJ$?(UsZ_Su zV$ALQCS5y*s;*sY4(C4rExhYHDnD0 zOl*j{Kg33q=zaaI)2A1X0nFo_qe+HC>jD2 zIG4N>%W*IXu^yIUeU&a~5#9`Qa?|U(xA0&pc>Z`!7pm@-(UAU{`T(P!;~I= zooXmfFr9{a&_VON;p!%`ZFzA?H|plhVNcKsp&GStC7iomA!@MyubIKeLoIpwy7ay8 z>60C)= zfX;e-p8mQjbxzyd`O9fQkB2o%Q)lavlYUtKvb*Ah5H^I{Cg&y7d~rS_KBGS4+#_*9 z>^T>mVRv23%)u&-t#n-Cu77?VK{iUi9*w?~##nFyw6WO(@6#2$sA6iiDs0ZG;b-a6 zCqhJj+zJ3z-p3a4w9%-)0QrpUe|o0;L7Wg1H~?zhz4pCtdj45Mu)!G$n}c}F&GPyW z0OrVI#%~x8MlEL9on3$2quIM6BN9Anxp;~hg`lqVm49QzPxGvbkM)mSc%&2sMW>)< z<&FW75+Bp{Gom#4pwyv4*!t_uE?}~k9g0KtITNM)wmh;EM@Ju#+KCvEc zp(2g!`n=`o@_rUokFg%C&&bNqoH4o|OXXzm$K1+Km;SnJ&_P<5C%mmE@#$3R2cc3Z zvwwr>R{=En2$SZIpFa>iDyJH*b(IPoo4hME%kC#qO?8qPEA(kYR)sOLNwg`lwoo^< zjVA(AruzXNtpJE^@@qgzx>=6#DgHXQtufb7xrU@v)H(iGu9*Dp5Ue>S_%Vs?6Z5T4 z8rrw?xR`unR{CcbRktpC^Ho&TeQrwv9JyY*UTrFdj8%Mvjm)ot;h8PSjXOKyXJ^b! zA=*Y;6tF!@9)JOfC*H>kaPDNTn$e1BpCFsX`mL1Q0h{J0FvNM^FSQy_wO zW%tgnyH2~W(Vq(=>h=m=Atl4L(p_AC$%viX(a8N~()juus?1^fCZUX?wQ)#Vsh*{G zvhX;$6zq(rZP*enS0} zLAF41Mkg5$Gmb>iqQTl_pD9deQC+Ib)t{M1reop$xS>Qzd?wP}^ZX zziroZc6Vf#y}d)P;(+ir!4??hMAzRlBx{FOj~OUT(bXk5ggBOzTb9zX^UN1l`WuUAq4KH~Bs1nwGuPZxIpWBmmG_Zr3ssw5-rh`%O}H6q#+Gft{3|lpgn01##V?*E8!0d}|Ph$a(k$P_C{D2blmoo85fX z%m)*XvJQ)i1w_J@BibCWP+c);Vvnb$W^Eamw^pyd@JmR{zEZ`WI(KuPWzv_i`9e-P zG@6j~xkRquFRced_69H21KiT<%Lc30z4j^XPVx=id8N=%d%v02Z2j~i{7;T{FQ$;p z;!sM^I8J!MC8)@IXi%4`o_2cGxv)x3#qK1Dvfs7E6Ryh{fznvJLJ}$0O;$nF-P(Qg za6#Ll`ImJtZDf6{|1L!^-&T4lZ3)a(=PPT)l>GPAh`FUSuw#c?KMY^LLvG}b#j&{$ z2#6H0pb!z0H>wP1%3QyEL?VpQqQeyK zaKNMuJFx>H$Ncmyh z@yQ_;$hYPT*x#9s1JZpV*x|cS{Bj^n2GlivqG7t!mD=ubGj*ft$2mf?`TBad`dVJ; z+{pU`Y-+QElh_|(FPAdXBk#9LeXi&`9_O+mjWQWLXd`H&rY(!BD3kZXNI}@$dBWn7 z3gp}3SH!St&~o>-*Mhc&XTg(*)i1ODYwe9WgBQU3NCLGNI4Cte zLQil#VJ$Q2%$+5dcLcf1OukE&dsTf$o0!+UWrn|$Xm!fVpJoc67(1r`=tf;=d-V}x zR+#;nc=Y4%hH9Rxlk8CGyLY#m50uq)YgJZMV;iEc7_){^=Bn+V} z0Uv#mrZyy#xCYn?^Wfi#_BBw3BgMf<{DH;!Ad8LB84r70BgJV$D1n~~=F6+}=8WC1 zl#TA)`EBSGm7US?iIt^?)9NM|<8qE=Je+=lPhaIrrh z&FTCIziph{D{eWoZMLSjK4O$DmQ%AQA|Ks)^JER^Pzg%lpJ}!!44qc5JeZYE;D7iG zH@GlrWiHQXo}AtHJVhfr&c&y#933Xu-QEPJL3OL)`*BMF6NA`utZ2|RM^{NbVmO+*-C&3 zV&O3@>B0ADg!!!;ciOF%Q0%9>3ju>RcCUF#R8ASB+|85xRn%h`YXfRT-1}3$rF{3V z+6QLcQT=!AKZQ7LaMB?kce! zcudtthP!pDC(4|u^OC2BQEl~P(z2xGR$>=-rkB%}KBf->&mEW1Q2yv$Fd2(Rrw#3r z_t%#R`D{!^t96O|FxcgS{tadl`>R9*9LuMOL?<@xT;_S|H5}c8rq*h^v z(URVLYcqi(1k;o6EhU0kLD7#QxjWWYkzWlyw+9!GU?UI7R*J{kk>oe26Ehtl? zu$yhWl8nz~aZ0zladNk!W@!t2FBPJPt@ByPzxTn>Ke=GHVkJ;Jbs^ukc_t*8Fp5?Z zEi^Md-IxK@S-f^xt_rd2uN)<|ea;z9EurQP|rkPKc*fC>LIXNij1ynt-dW!oz3WW zH41X_-nRZheS)^uVxcr>e?f~pH7spP!nnsZio4x^zRB`rD>&Bv5IT06b)TUeiwaUp zX4Bu+#&r+c3@?gBk#X(o3SJbkEOY=Dr43cCFR|gYMqq|)86$$MSGZ*Vg_%mu=kPeB zH)W8&aV04v2n|LIn_QGn|I3Z_vVCN^%@4eXabaakLQL}V-}NOQ#E=+E0?={aoB^}g zbeJsXdqJA=4y*Xl(#*FZ#~M*7EBl}#83ne~sh{wh8Ds%JWswaC#PbHLD%C6y^KqCV z^l69H2wEH3#408w0AIH5jyP05n}tW~-6dPw!oRSdsh_lsuuy9B7`{a1xM4i5LFS5d zPPRVlHXQYPS@7PV4-~Uioxq=Er%AuDO;E47vr-y=H@k_0_!20U)|;1oKX~#QYaqdL z01O7J;a$gG^w^} zvNyUSD4F}OB-eqGKWvSik3)*o`MUt+jAz&Rj%~d5s(#^GWuB0=AwU0mb)QIsR%M!0 z+QY>5H#0$`CVa}!m<3G2583oaf|D3Q0+sV=DQhuAWypv8DVE z&Fhk?lmjUpmPwtV1Dk%-<8^#KcSR0hN|!$@(gre3#SoBicpv)?=tKCB`5_Jg3DGe~vaLmJSM9(u-^h->_5W(Q}eCGna^;xnyPFLOBtzju@65YTytqC1^O z_mlate}UZKqH6)k>$!E!8Z9zVi3*hLc>r2hju!=9s`2~Ak? zJpZ6tG5fP=z54lxPLJhrhgoS&Pe_SzGL3XfnS@hXP-!O@j2$>?@~><#^f$NhR;e2= zu5;fGhUXY7^Qr(>>`?vnGbzrB<-6YGSaU$6!=n^+tuN+1GN=cHg3Y)p*ITkp>BGko ztys$hG{=(+`vw~O@(WzNGAo{+Ldov}p9whRYq(ilm3}GgPs6+8V{XGlohm{b$<$vq z`|Tvp*_Yk{UZ!&LJIHkz_t7P5WyVpkZ@;Q1(w8)k3E>EVQoR-#dXbg9@Kue?AFmw! zNc}fyAT<$;J3hoNnFA<47L>P^*Y)!CoZIZh{dV8l4J!m6zW>Rq`rp$@iEIXW!%$6c zZnR&ipVcQ@O>KqG`%?t{U*B>s$gkO*JnU_W*v9|4vttME6_?jEJ18NJ>Ux>h`=~Rd zrzaKL-qm<4O)3HQNB0_frS6DX!7AWn5z;sP?0jG+6FbOshr(lQA(V0D5t?JC0PmkX}T;?|18@o6@BW+%VO z-mKs&v#pk3qyeKfzoG9N?{ihU5HU8Bvj(ejAcsxqlg}S$sLYl^* z8U7gR&g@5T3V6`N*Z3Wj-ZrWvw0QDqX)k&K{JIrLw(qyU^ zF2bVxc9HnS05O`9#*HuS2?QYfb>!QY`9%=TuX6VAexm|fWaM(k1^Cb34FiOWj<%~K zifpxC|684xbsKuxIB?#_O5<0R1w(c;O6PTzXGV+_-u^ys1ie+_bWGgnmB6c zEk?9ZQf2}=f@k$Y$Gzq~k3svauAM*4#R|0>15gFH?3HlGhR%stE8hO_!1OjOAox|{ zvV1z=9VR=6d@s}Td0M^BYtZz~3z={0lDo}lZy!Y|PiA8(H^SJDvW_TbGjxCt#fU6F zbOfva0mR!rwkO4|hB(NPfQI&DnDx=LA}XNx%fh`@uTgpPT+ZGypoD>b(En-h?PvrN z?3UF-mXIp9F77u~Z(DMVg`DlKhIEWBv=k|xUw{T%uD(8GWOR0)=ZOj(`)Z`bJ5OYR z+O7J1%mB1hl&5r;Oe$Y6diyVh_c>C0wlDSVX49=Mw01dh{lzVp7gib;yp?aX?hBrE zM~tD}Xh%W*mENJ)F=+COllr3q4QI-#OV|D(uBm;}aD+&R`x&dA&S;wf4bvVcaZa z3_n_SxQwEC?+Yz&0{KMH`+5HGAQ3JQppnLuvB03I=%&uWvL z=zBYVVa_+1yVusy*JfO%K~$vgxzMwLp&!fVpT79{|IVqyZ&e|c8V}aMdcQjjdS>;d zvbqBvSRYqBVDf*Ct^iHv%B7>v*?jc)(BK(p{?hNT)*OY)qvRc7kge!m#7RbtK#h@ z0Q}K={d0%?o9R-k=YG;2RV9m^K^T|evxmgt8$F`PhX6zGY_q(6hao{W|L8y!resHx zvU{IgKn`|k4M*rUZ4Y;~?vHpnsy7Kpz0?rWo*^lkZIuu`3*f@9i*?Vh8o`(XdOJ@zH?2 z%cOHLI2XbpH~8oR`@0}og#RtXtg*fbWDqL#K3p%bW=>riz86Xb-uZ=VKVPnV4zEX& z(;c0gC8%!pKb=sJi*NR`|!sB zzcl}~iXvv}QrZQOR7-T^a-kP+Va#yx+M|3wh>*Xn7-SxKn%Yg&xwl)!-QwAlk`d|^ z^rW@wWB6;Y?ev3XOU_e3jsX>~Ju{7#EZ%-G&hKFEMdeL3rs6mu#B#OMdiY~QXzd)x zmjU-W15C6c(Q^{1wJ5VVaAj?M+OlLMw-mu+_W_iWc(@T-oy<|c5xP}Wvs2;vw?A1m z<>0nmiD=Vw#Kq#>_Yric^!%B>Lx%yc@fqfH#J(KkEL?Avm;`mA^4~6XTEax#?IfSV zuZ(p+;chphcg}$A(!3Y<*nR`$)qpgo9A=OkOuT0I2SWWePHKM6;O_iI1PzQts?;k$ z`{*wv1u6ytAJVt`88nJ}AZ%JWm`37&@xO3!oOC140Se3ap3zyx-YofD_1Qb`gA;NF zj>sKwn{26b*!Cww6Vr-Ag06TsP=7>=J$M)(&HG6n!j02eHM?y=HfOY1<0DD6I zH2hjzK6xjRt6Ry>yrwDrzM!(Kj%`nNd3a8lw~@ADZ5@;u9&1KjnEm3Fkne+!dL>C| z`#5;d5$E9$pDp-T${Q;oCcX9sA}U}0o@fqD6uDjPxQ_Pp53gNsbbBr)9AU9y%)GlR z1!~BiCj2xH`ot=5i5`6;Xv9?2*K!p3PPY*FTGy-}J(5!~FxJEs=y-iOU)c1H~b^2*auJj>i?>o@8eel-(za!GSgGvjh$T@Ngzo-rZ@)x6OZ#3Qx zWgKwzv6+gH0FV)N9K!Q3-#x^Lp1TjGQb8OoJO7KUctDO9RI~N4`8g zcY6izzoB_Iv!#96S(CtlPcrZtjy4Zgxlv}uhVIx!(QiOy-9;z?z$hJa#MF(qzLrT7K*8!+lk&?JP~Zz~bayrS-#Ws;sQ=ML7u5|&27sNp8y&&y35r-=;>^!6?vI<` zoqBhdh3gojKyr#`{?$^47;Csg26!D)XDP|zm0K;JrO&HB7^++tPF_Zj=6_Bd*#I}R z%wOu2LtO$fSh(5l@tYu8FCqZn#kJ!_O7tmg!EHvtk^Pf51UdsSZQ#zl2IU#c+ahf4 z6Y+B+oIXw|FGcFYhRZz7qg2yNx>xmeFO69dT0|aoGVN#^gWossJKNoAJUiyxAazlI z%=!S-qI!3OvdGUBuU3{(Y}Oq84^+({_J38KkDpIIJ9gb#0LSpMT7M=8dme+FE7phH zd^6B53|xngUmYj!Ck{Q7_`j8zzt#kiaj@)Q5bK^_7PMR#Iwu5y14{87Ge#oSQAuR5Q> z1sLu3WbC9oLa3ekzeTNEFZ|D-UScDuT!td<)Z-)|F{hv-3&4kUpnbW4xQ`WgQaXJ! zVT@VG012kM$;=2e3{xyRH7to?hE#)U(U1!g3it9=&J3Tl57ItyboZ8%T$c&bsWb#8iPgsUGQ+ow zLQH?uu2=i}=-c1dDQ+ii@8*YG!p%k3vu`tM8_l|=06!FsjKCO0|ku z=1GN?BGi7-qf(ah`xiNGjI{weo}yw=C~co0Am9wgoi#NwBk3JKKVs_i!x|BUopasT zeG|e50xe!fVP!MHki^}0K_le?&&BxCUPw5b@I`~=+!`|DA#?SgcG!aY@Styae-^_% z?08^s{5H8%z#ug^GW?U(Kn5uI+YJTZEyjjIZw_T|KEa~Tr+2X4>D($P9wj04JnKT= zlLbS2;U#U7>YdAp)W_viLERfJTGVW6#kd@}b+Wfu7-0h2^Vp3O|WQE~tS2lze^mJ@{qWt8Ol-X?=eM!@^WP z_p6CPVz&4IFV{j3Gx*ac?JR~M!Y|-)@7qZ0rM|0eX}bMHaWaeqBc#0douWFkgGMck zUxUly1>+&$;<&|o^jA-x1Ng4sk~Rh}#JE^x0Pz7_MG}m`gNv_J;^=S8lm9O_>200q Zfb^vJsD8<18DTug1ZrkjXK?4q{{hl7Az@1E=UnHy_TJY%V)S&>9uPASdyeE34ZVJc2q42)_ z!CiD@^~b@v`J@3;H1xOn-FCOh`&mF^?%qv$FYe@c+JcB8uPs@27}zk_?Lf{SaIu_(Jpl z_!Qmp|1SQ26ZU@zk|8#Q^M2io(~g@f#_e!?(iwH3(1Wg!Eq9^A>D))EvlO5`S0)*UFHc+yU%{x^i&;?nH z!#T<7yf$735?H+_9WQL8xtQ3H%j;9PK6o;(nv`~Py?4XXzXqAw~8gDedhXOAvAZZ0NIr=N|H_K92ZoG2eD!R$lEQpnTU(#Q$2 z?#EqaFP&$*EZ0#We~`aG`j>AAPcMYC<+tou?wS3}{Sa$Mp~%q|exFJO27}qpv0oRb zJ?RuxmGl-UR?W}8WQ#3+p~w$SRy=`W0gBT`ouSN}ala?S?Ap0480yqgSpy%UV__K2xG~<-un+5NMlLn+WOi zmd!tf2!yLA@Acd;i5stIMiB3~MjPb{ia)i{d&euBk-u9{p0rUYDNN;Zk;}I!o^YzD zWaOG@hk8Vi6({d)4h*tm zRX%Srwr5>3(YM`{-t)TWV133bK2`L!o- zn3!|OGs1F)Jh5lf@~IX!49Q8VIqo_S!8IacT(Bv+2rA+~^=#1>>ifd9|FmGjtp3_~ zjf(5gCQx1u~mPz*qZZ$Sf!n!po%2?1MUNNttZk0!m9_o{AySxlGGjD_+N>M z7Qx(u#~IjKj*eycPKJ=DC7U%7yn4!=H~#JjhnL6+#=@}$F(#dbpCw^q7XNPq{*&x| z+)gHUG6H@0LK8iNB#R!Ien>Z2%N{897OatHJY>eDOm!HL(3(nmQBA{*@*<}K{r#vR z(r05xK6G@i>kx}Nx;O5hwDSNLoEzla@b39n-P?d(Q<7DWN9taIMLF$+vY+(3bTmgqvk($#{A@W{#?7ZjLuXgX(V#a(n$v{`e!jh#Bca;*-fS z(pvlgo%NL9D7PiJyxj=y2;m4(yXZR8x_9CI#8&mTk5VP&LN+F^T^+P6wL6*?UmPev-r%3l4J^ zCVvUC-@v8m%Y7c4kt{%gPZ4oxawL`f{I+NjI3zj8#uvtFh;L+DAQWEQRq2G-+x)wu z+07v#UZ5t$&^N?ZyeVb#d(_>!ZRmVKHJw~PD-jb!kqx(Zi`gN-{^Aw=LUn!@D~2V* zr1s#y=hJce0XNo{4rk@ws79ma*OI_r^rCo4!7|&jRISem`*H zuWgmvS0YFAF_hhS-Apf0M5rfV?O1VcxutVY-`wrZ5=*72#a?SK0u3&Juv79RzkUP{ zhrP|YB#3_b&1f`}?>^EDhXGf4UVhZ|Ve+EsuL{gXC38^3Z&M~mEfBk|g@zW8OYE-^ ztK!v+2evGIDFxkx^P{s7GvR4fPsYrONr?S|-PcKj6H!>y&w7k3tmFgT1MOfP#^7r@ z(oZ(j2kp$}G)WEch#RS})z;<9mCH3Vr4jW-#p~*i0bhphW^w3ylxoxV*2nLpOtXSa zsemZ3B_I7@um|(N4UOl?=B2n#{`@0h5T5RRM62*CMWpkUi0`Bm!71lgZKS zz7*=Bn)W>cfqvQj!f;h6HmWdolqzsWbL)| zGKIslDN#@IkJlAjNy3TL!U0SL=!|&$QASj(j zjEe?wuie$m)h^EhC(vk`58YoP`!BBJEN-Q(R@q&>E`)~a-c|*4rEsCWJE@}v*yG*Be#_?txD?tau9(;r@~ zd-7pHhyhLXbP$QC5<$V1s}9=)X~(xq!9EX;=5Ny?pmbU>u1$i_@-xqeK{%Cl)2uOU zn37l8N(|krecHrCe`iWw(ApJX-ugb>Z@2w3)^@rm!(3u2YIqn`1Pgr=40V;Y%M|g_dG*jUM)rsSI%p`R@xvTz z7AM=WnIr}j6&=W12Qts0YR@_wMiM!GH!CyC{AjdO6-L7tYD`Z=-;usB^_3QBs%Bu@ zn5ccm_d8A4MfynEYLR z&JKoeHcV#tw>@srckEkb#a)gb{6J~dy+=8$Q3My-1v0w(RskL~4Nge`&=eSqoA3Zv z1A2hV%!wdtNgP_A8$3y)*5BW3OnHPAFiP`7oPsy+Q$A!p9zV{yHxYpyzf)a=jX)sy zrGLO(Ix?Hx11B;ckp(Z~r-lZtHBxObOT9y&>+&JcNZ~HF%^3l09EwKub&WahmH49! z8za5=QhMsfmdT3orH;$Nj;#5`vlGoUZQcUd9)&g+2q}Hpi~KIq^OPzhm2vkmC}S7# z0L=af^l@wJaKx{@cGhRwaw4EJfFj#iHHJUG9@S_QIYNW+kMGW5RCi# z!$VdigR1J~$Q<-BY>GrX1`>e>i3vV`qd4B1gc8#=_)bP!2pM2SXa4-{=u8l;@Umu+ z9Hqi8puhvyf8Ko=ry?uh4P@Fb5ASxt$x@a-HnOM;gAg=;v}C?vN2lEHh_C7WE1ue z@0zgH_`lFB$CpHxSCi9P#S_KhOO(s8i|~;fZpbNYZFio|At}K%Iq$yO{FoV1&BBbrUv5|ojBc5jJNm=T#I+$8vn1Nr`fy7W)shmt~!xhBn%i1yH+YW363Y! z$NMe%QctI^c!d`nqLgeT3Ir}~nD8nYl#OE_hTI8gj4s~=F;w${k?WO$0@ifJ?9`uZ&!<5z49FZ!HjM_0d z`Reor-}Fi?P?6;-G!G*3)0VQWhDSC8!E4_mCh4*Ql7tiP-99#wk*%*c5ADSFn2sjC z^3@a`a#q=(z==+$Hxh)MiVT3!+*MWo`rMd`^6EMc?e$#sx$Jrj^_`NK54ZPL&raJE z+Z$DWkf%q>_@C&Z z?lVGHf_E|dly2+@U`YC2=4^S$D(b!#b4KRHE|1<8^Q?Qh~$2Wfo&H8EOuZ2 z_DYbcK)_u#N2raNAt+r(j4SZ@#crc6t!$u590JFn2}I!O_DWg;*%S47!Pca?A9?$9 z=s886&e92XI}hYG5Ud~cUdDspD0jm+qaz!d)+q+o8IN3_UoMFU%E zCioC^yQ|m22MiWpytzIt*+I$e1z=X>z%}>QnQ1LX%>ZTxvlp=dcsWGSiJZpBvY z?lr~)a(=UI)}*s=)+?a{@4vakDzM4}SRtO7_VyweH<>gZs zr!H2VHmxOQrzcV7&&=h7!j-{z=UvtXi@@zqiCN_727mnfWQzCXCM08SzW{CTzs|v$ zzIv!kCg<&+gwVpzpy1<-3aj?ts8eFMPqp-Qb`L$uED2HRI5zK?eEDs+VHm4$bG~B4 z7%}U0F~215c6yK$7VN+0UA8y zD=EVxWXHTaNX4E3Sa9}g|6MWCo0fmS%2H$53k~^HF=Y@%kG}x)2`aSHn;@0>J!%nl zb=>VVA_OE?WxBM?mo@#WQ7}O@ZNw05+PmOW>&sPIvc3O;19==l`nlssrsKWspAV#eN*f5AS%zMC7`~K*e|$zDYp~9K+eEv@=kCI=RlZQhs$zAw)6% z6q*z;G#=zwg#KV`B^CVlj;*1_OZZ;UQjkqNk#I&MFJ>~%9H;@8ms`dqn_(k&nW*k#$&Aehk1OO}|1C+?y0e+`z>Ynh zpuHs6dfH5jo~~+JY36p%fv+BitN~h+Pi*t&X}Miz-LlP}`4c)a0vq>6%-CwKUub&2 z#k)f*5lgGp|Cl|WU*resXew?{@Ed=dqqEo#^n>`;)J?BqnAA9)+&Vki=SqDL;dR3m z{jpj3)pzeF=Ye$4igC$e*zayh?k7xr{yL%ME>-jw2BHxK75@Au(KliHZ&-_R8qb5` z#{}F^2bkOm-^;c7^WbJ?%!;_b^@6dCpj+-i=~c4ykSTq)%C@#8Nra2^A(|t5@2S1k z*~mHvgDpX~X2PAR2%Xwj<;K9i@ZxPtCCeqgv2)vppX>(ceD*p zszXe_T7QNhlZ<#(6hn3@8g&}KrBOh^_6z!C8`bf?19q8=H1&2y@g-u_?ury~>CCTnOWsnq(r zO`680o;#ij&{H50Sq;~wQU){~w4ndxL7;C@F^eDE;E(NeQlh%Y)L64w3co|0Kkf`K zeGpW|ZM!UVlJ8ah`^6(@1X$PwwIHfLYd-#AeXL=@EedrD7Z$_Nn21ofx61D8DJqwj zKC8z^r^fCbd+is3^?mmuXO<4rHu|`%5i$yb8wW|J;fI)bC1pmNUcIknZL0H55JqJs z4Aia&rHNlqJ0i`;9EMbRizJI5UG+r~5c<>6iX=>v6;>MK)6t zw|}jhTluB)z%UmZ6;BTF1q{2+Kcjyt|@nZi78jU-{V`IYhgHSm`fZB?D9!F zg{(oJV5<>BLa5VA!Le=LO0^%#hdY$EbtuP7w?|XugzUvWUO=4GJFIXJ5wrZQ8xpdx zm|;0bs|jlNkKQ3N8hX~J)c?N7XxW;`Z8tun;NGFF?^gBBbE_3yd~oo$aryHZE{^IEvpgDm|Eit^30A187r0%4Ya3a_R+u8$e%$vw4PRJG^j6Qr*T7uD*_gRUCZ ztdqk=1}ogy3uD&kz-ONcr7Rt)T+$_)rYwQ#y4_gI|LQH+^WIVC+sF1-Tk|Q8gG+cO zV*u_cJEuidT)6(PjpERk+d)%UB=~uz|UZ86^ zZ{mF~QPQ12lS$(GP(e=G1y_eQ+ix+TdrHMIRbMWZoS9JgU$di5;NN_7fk6fZ6Te=fGUuqIOa14W#opVT~@s5qQSB@kEmV#`hvzXUqeq$_BQoh8;OGJo=jN^p6=J$)m z)Aj_4#L~`a94yE=qJ$uRTHHWw*cdf_gsl!KM;#b#yRIRCHr1&VV6P?US8;<8 zOp_5O>u7L`{QT>n`Pf<0%gw}NKuK+BeOLF(@*>Y*It5>PFC^@`C=pqV`UUhikRQ6l z>EN#eiK-u$V>03_GJ;?0XzxHBD5Qw8iw;9p9vyd!u&Sk61#a)BgU9c}Sv6j*#GPYZ zdb$E^ngivR_?wz2c1v z%i5!A>J@k%gI?d7NMZBspI?=Lx7}um@swq0mTH|B3(i@GSQpJ9L7;^?POUnrKfTfd z61|&Z=0RET;E*cxVqodW%d7-|1#V~ef%R!l={8RLePAaS<{5Q8#2f7$KIS(RQ^;9K$m36oV>Pu89 zIA5t~Th!DdqVu`TcYF*)5r3n{pj`V4y|4Y0q7?HR#U`;}GPtpCdZP&KjsZf8PpdQK zR2Yo#gS|!n9xs8sHqC8}oVu8MM@z3qbfFH7SS1SU%a&;2xBdIzqT5MH?cND8r}(nN z$kD@Db3cQ(gDgQ5h{{&aB#ZxvlSfU{}6Fmx|Ci6&}C#3=o~c zmi;BVYU{*l3x$=?_fbpKCo&THkLF+2euAV8_pAJKaOWTrDce>=oH%m`eX&Dl zg`CVXQWaIT|NG?#KyA~O?}u;Rb$foH?m6;>c!gabkakHCOD*BTaV=$|_;OfQq zy+4v1EiilO{89QP*E$9Ryu$`PQ-q1Ler|!+qTq!khX*U6*7n>~(0j?2oxPycE7r!e zCtB(&>9X8mR)VTRTwANU+G20+@W_L5ua;@H z`@k}B{P!|^+soo`Nq3}MAG2aHG<@?^HrH-!!vdY8MknfkjUb15EN(VoJyC7Vk{y5y zyfTLt58rvR)M4QIAp1f8CeJ&*H6>g)R7E@m2mTP@#KH>Xi)TYw~}zU;N1={<-0*kK@GZg2^|z&ce#_{A4NF zSLu|KP*ROq6ZwK*9^hNlJT<^mWezh8%>l~7yG&MbDb3X=45BFE?fb_L zT+^v%p-*3wrjxm~Y-YGd2_Up`f-9(E+25PA8o{Qb$bsHMkN*Gr^Er*Oc(;tBI@z=-A z@I1X~`K%okCD)fU!7Mku{ae@oCfrMl=IA72hqG83k`;>qbC{rnId)qI+2fgHb zdo)wJv@CeBRG;<))KZ})d!Z(?fgpq}ijH_|7QPVW$}@WL=dk7cq)^^2RCi8Q4RzrW z6b!H~mWCR3U=oY{b2psoEkfTVFCR`RG^IK^ZQQ)zQwAH>l5xIf5@O55@MYQjDbPw`g9R>W`{Kd+#lTmS_@0)C&yM zOZl7bZlI$#RPmxTa?2dsH=gIA8e01f;cG_%^BXsFQX}xewWzs~*~{QzZL&FR+I~Q7 zSpD>l7mKSp0xg@&Na;OFft(ceD~8EycI9M(MJnEj!7JwM-)n!Q8DaPYACYo8(?a%B z^xPqK0*mAVRqsb^Z~dx$YC&kiWEw?li9X?_*W0^FHcj|k#s0)30ivjwTHsr;Z_3Dpd*0wixN}?bTYRk^l5|@J<}~hx z(HazFHGCfQY2eRGIx?-V&Vt}Nc=(ICq$ssp&O;xnJ@*!H#Ks{D8Ze*BAh_r4dJ7(+ zMTcv8f5PUmwAouqpOA*~i7h7s0+`vkpz;t_$w!uSJ}jx&gxh__cu9lu@L|oyfzf0) zi*niWmebw?rTcclK9#5pBhVXYp>&#pH0YNzPH^pT>EaUKGxI99t*1Y#s-GGZ>`+xX zcs98$wfw#T2z0;@+K8^wdk=S`x#l*2NoxV zy#VcUZmG*QKgViXq~?;iVNGX!&)axeS+ORgM)F<+A2=QzhQQXmH(h0t2H{bdZb?Ph zCKB*k9R%^!Yz<{YK%Lc!?+{ut)##P%Ki(x@Kp^S8)}ts4dAh94wUETKXvC0UNG8SK zhfLI&evn_&CZ8dl!B>`$xUcn)fd3iq?0jxPU(uGW=6A^n$&L9RiTYAL&*oo5KN?sw z7gg(pa%n1m@x3oed*}vmew_yTC+8{Vzx_1Mt$K%D2amZ1u&GPYo{2uYvX%4{mTJBT z#1I3D++qje2DA6M9igJpG^N;0KNpO4&c_GUvX#%nIS;k1SY2*SMIlSwXpykV`r@m>3* z3FZi)X`#>bx@&0^@4_nU&$|oZM5`9jbcBo#F(KC&)+&KjO9nZ&LftuDh4)@}ULRfv zk9fy#1X$$op`BAy>~n~eGhFKt<%z(m7hq!|DS%a17vXsAYX1A*0yOyI;=t@F(Nm{i;4aYx)Bx*0}Xe`AiYOv~;^hvM?3*1Q)_3GI)fK^S|D3k-wCbfvf`WKVI z;+l3{OBTrU0x>RLSS6Qb>_2fMTg~_js}`!QZ~w*RqU!F!u|1Ok9xqBr0)R~>yL2Do zf~$<`LHB_AxN({%R&*N3(Lbl|_40_~F1c@M>yt2JCI)Mnbg3_l1AH6O{ zRY6Gp*4z345Tq|9?QaS>a8JENUc~^9^ULcw=tJ#<$uA8U;E$IhHm%bQ06tQaUB^0H zTMeGLT+kT=MV)0cr+R9~c$TJ9)b)j??zWty0Na+<(p$f!{U9?^%5zll?kCx+4A)9} zcXsd^kaGyST{udaop`?>fR47;K)nml?*7aG`ZOYi&Dy*bN%v>L6S#6}M=X_p8NknJ zk+TlT#RMwzmA9+ehz)4QISSNXs#}m|a_t9Dt!;)rus=?x6G8L6Yin8fYr>TfT(>*; z92_pE$^n;MUwJ!>-3*vE?r6`Si^U!u51wjdp0BOx<@D7}o?O2J1YLCN_j*AumdZ$n z%FsFIl3B$k_F9`GDd8qt<-e%`(}gw)FNV|GL2sh?Xhg>2>?LyhH7V`}xR5H1cg{Q8 zzzS9zt&u@d$_LcuCOOiL7QFfh<b zy>s~L5$3ec)&8fPKki^y7SU6EE^ zK>I9oRcbM2y|+}p>D>02XiaN7Vhk2p4cG|CVPp1#Ge<;in!{(0k+Ke3=8(k&w&f5dBm*Dw=)0rrD)Yg z=6NY{i#Ij%0V>=r1?yvaW}P^$&R4=Tc*>m6?S+N*mBr&`^=i!VhPi4U{9MaYwumM# z^bE*xOf9F)fT$mB!1%Ps^;YT;NBUOR{nuPYS$d9a6>rM|H2CG|IM$>$?72k~1fJl#bDQy?g7` zTj40Acj~xj?;dtBUvl+p?%JyrkRqNa8o0f<5$nQsRkxhB?a6s^L=wanx$6f$!)`(} zJO$o4Q^JiImeF>t8m64P6eQ$*8%IZl4QU-OJ6t$>jp)8nx>=HZhvY4N-*%bbRg%Z-j1r-{Dt9I`<=dUJ0`hG z*A8fK&bg~M0Qw|~{S&-?Mw?l^597{~_{1*qOSEA5gNMvW^Y_yNF~R|sZyTpJOdn;E z@?}$z%q~TDmNeQ)EZ(0ldi{YXe!!Y$p1E%<1;zIDrjFC1z***=?QSjG#T;ttb=%`l zgnWn{ku;lADdA1w`*!tn%fTO4@S1>5fRLq@nsYR>@0MYf{MFxy)ExNx%!Q(JpieFu zT%<$Qp*&_+n$UXXsr6bu2tw$WcVSE>=E1!Opsk_6g|(O< z#emhb!h*Cibxqz$%E(pou^U5)9st9ZNH_%N5(B=kZB#Rh4}g~{cM7l@ywR6O?xJ5L z)sBvMj8ieZ63`a;=qvsXTIf$ho%0a7XhAHLd_GmhuEaCBedPk_)bGL(eBjTd@ zOvj59E_le4Knz(q6;g->P>ziFf9ikpS(9zUo3hFlmorT;9^6Cov3wOb?oZj%cESIg z78ie>`eR7`6()DKzGLQK`1pk72rG+~!q7J>5YVO(2K}z?n<-Xw*34^wJ+uPk$-`op zPNrh#%^)?oW8_wk>Z%EeNz1S0H)QUW-~P1Nl!0sUm*B)kRPdb3bsh;|>xPsOs!|bg z&U?AN;FFG34=Znk=+lJgo8!K>s&&v87fXb6)_)SHT)wW!GvoVn=T^_x?-dtEXb*;L z1h_RnF+Fq2y%2_92y^9S^+JC5#=Gq0>S(%gIGqVV)Moda6B%rfVU;iE#T`9@gbHmZ z4n@g)0*1}>b5G}d1%HgpJ~Akg?Ohw)kR?3?apwyb=E44j@8B%O3G)pc$)irA`kHeX z>;$A~#kQV%)Gt_Ur&<1uHN26GnCQmEw3=A@HswRZe-ICI#xy zF<*Y~bLE$aG_bmqzm+p`tlzi=T#<$Dzu|ktHIu7MDrLVOv~8A=MsKJ-(?|_3sG{f9e(tAOA%94 z^F28Z^?J8S^;H4~GHb*24O*;vv6$f9CAKQ&EN7w_u_w9YL;T}>Z6Wn$sV9Yv43UL1 z#$Bbzo-+-JTPUq)VqCvXl+(6?g{Z?_@(Zn@$7AvS$yepn{Q>T*0A;GvUIUgQ@8lZP zmvqGzy(YPzJ~?M4*yk!rJ6Z~&Y4zQeDwO^En?zdb#=73KciZv&ENR8}7QYH(2N3^L zBL~f3pcGlmHO{#TIBBk{TxNK^&mT^Cp6OpMD}P>HwyV4wP#loz?)yFpCz&NS;QM2CTSKs9!q*Ocz5Hb}lBd0sNHv!95iX?ZYl13Y!NwTE z4Z02W{C6N~HzIq%2E|)jeWu*$0{rtSqX-eXDN8%wxnC^au-Ti>k^=~S6{g3E>>X7V z;VIS<{z498At`9uk8u)*C(V|2S+;_E97zE!FMg;edTtM1SRp7cw@v04Pc6PUoBUo4ewUj^(7cuOecwsvlI%wd9LOHWe65%~e)q#Q zW%4IoP$4-9Bhe3f=J^aRNeOfE=*II-ve0)Y6-N7{h2h~LQWJTqQeGU_*!sb@E`}Ee zbeKWfo6V+P^`yf9w?5gEd|-;(KVV`S4yVzLB^7k^w}?S7A&d7Ek{EQJb+1%4Bxk}_ zeSM#KI7sDCF6WcYGU#&Q@MEJEk*UCA)0p4Pg0(19r|f5PNqy8y`NMz^Sq^p-OxB9! z;|FX~QW}xqk5f0*+6by)*$*j8FhuwG$;V;Cb>}#Y++bNZX^wR~&~?p0@diSCNves`@lXsWO6DG8iV z%ld93wRynLnL9p&YlMX99L-kj$3>wBO$>+vW*YRrF7YT=*=h8psB(Pl@{zrmufURt(0|RUHfmD~nyD1@ zN`#?RDY@XoqzZ@84x{*oO+sp!kTG9{AH=ItZasTmL31%D#)m8}7ipP<0g4?JSAtPG z!(xC4$CjuYs&IP1P!)EyBjHjeD_=NAI$)QzWPCBi7DgJmE9pD&Qhoj1+v*!c4q2JT z->KvoT|85YUuJqW4B3G8)NM?W9xB+n-}Ng%RDNFl0$N?Lk^Fm2*qz4Ma>8 z$|)p_G(5Ca31Fv6knvHqUakM{jL0Fm>-a%ra3vF=ilCG^VaN) z(W^bB%yVIvzuzT$Jcu`|!_H4Ut?N3HPrqj6cggS5E1F+;D$EO(T>7Ze-#xf~^8WQ2 z$kl1x?E|-Js-1q&-iD`8Odq^rJu97)ijsqub9C86o8&hMt_zd7{EZ0RwlY5hzX;!` zOua8l>Kx!a%p8_jYMs4R;@XuDAh?Ut}4L| ze6A++AObuTBSOAy0J!<4HC0c4jM%}*xI^Jb+v#V5QnFUJR*d2Yf!lVl^__a*0V8;U z0=iF(YV~X)-?@+3uY8kkf}8dmjp=g(Fq500#oFJ7bv3R%>i!=(6LYnm%|4*H zd$r-G6zd!hJ{nZuSn(zHUH9zlx6~^ITNlIJ8NRYYm4I?ahxM_M;^38F(ZuIgpgAzP zZuXfinT$_amI6#%T|y>x*)yO;Z~vNN_Zf9-8yr zx?@Ck-`(A0HrqB?tJ7Iiv|`=CzGF-=aEMGxb_S5elZn<%sh)DQ54#G@j}!zXv#Ckj z>tA#|ckB;7$gflkQK4;0Cy4M5FvqcL2WHKR!tU(t_9+nD1Ide;K9(TEdFv627k16q z$b;{8&5F3qAfyMa_iV`=wDM=FL6EFf$1a_YD1SSx;vnacV&JQN`on*SaPKynQHpeN zFT02_&~36xZI_AX&%iD@{bz8q)`UkeAwkqN?B4RWVq)26!fXRQDCPAttv;0cy_ZUl)y^J1}5P&@YX?fMVItV_uLhm`%_aZrlG-+ zFj4M8XSv2o;cqKxoXbHAB4^S3WwnYpjwwmA`o|#=r!3FjacP~u+;IEi&&Ues)lU2{xwqd6Z%YE>rfnx{8BCLE zwR6n1wc922?sTgOAm!iwyq*Bcu{Zz}W+TSP53W`&T*yTJTL+%fMwIluqXnstN-|)D z;_k)LjjWb2r9-1u;lD$_gMkg4RnYYs4pqb7=%Xw$!BxsCT#rwjm`CH~=--g4ZT zQvaV0zlzyn7kF6(MvX2<8iiQR`G9U6UYPmCZ}XQ1lzm?~6QA))2(Yn!(oZZ#=bFn4 z(bem=Ce;i#tg*xg2LC|EJ4Yi)KsXgDqiPp_16RztT-gGHgbB3;_Dx)8CzKqild0Pk zCTbqH-P#7#m-OZl&ZvHNC%25Jht^&?E-pVFp3J#cQS~(nNN1C9a1Y(h>Gn)BT$FXT zQRjau@YG(4W*{YRt5d~OUsWSzv@qxV-))=dbuYc;`Oe z==5UeWcvQsD~~ImEGEt9)-9+<>(P<@_~_5F=b^7E?>%{r&E304gp7z3;VLi|rL_d5 zdz|GQg;?*Rc~#Axzg)+qcU2XpUML#A=RE)^xqoVC-|*bZv|Tqi>A$;dGE1+betZh4 z5>kxLO;duPwyuR4go(ReqSY?_K=ar_<}PoOA0VL>Z$a-APMq7F_4(=U%AaS$~{*e^(j> z6<70?S3WhehYdLS_w5nyFVPD6IJ@b<_~-WS4YQ60vm_{e3XwsW6Yh{g2^%F4y?_b- zb1vl2FPqr;(|>KE`*%?2Yhh^Di^uEe`h};*B^*hzHK#~n@DaKzox&nb#UA>+>ETjP zU_Pvh5)X=3+rVB%0Jq@TN;q7l?Py}K*NS7}Vy`7#Qfv1M<}nr>&iK!zDyCdM*z#aK z1JzM(o}PJ+w^;4r@j8z}K)>O=$wOsvQ)Yl{XMn(VUx9g3z_B>nMmn!3+qc_nxlXfJ zq)}$Nw>bZj6L|u+6`?Y;pR%bVAfj7Rp%6=W^xqD20-sEpq_F}>(RmXJ=6jw`)6xzc zHO&ybmQDp9k@e`{$+aKFhkp0ZOC{o9YYIF4=~s1!sy2^OS5_bXZ1WD@*;$CAi3~@E zY{!3SWAXWJ7h2afASZ+Qw%t4&No%zQjIQi?z82ADJoavQ1kg572%bJ4u~Yql7h_7* zNfs4{mVHeG>KH?SvIzBo3N5295j5-|-s2A|0bg(s&)t)?Zu7vI2Ez2q_xV#v!OZ ziBp-U>M+>)ozUYl>jxe&XfY+77C=T8>Z#?ow;VkB;T-musvN3YRNnnYYfW;ag6)DYJC0b5vgyQUO@%Mo#4j6sSN->DPWeDh0LB}1qexMq>R2!dOU zBRHN$o-UM@nzMJ3;O<@M*l~4Ic89$-k3_KPJ7FD+n78-V(cb?me(Au1%>O%n24L6b zOZe!;842{)q|@+o|NSUQHhuMXOie;4Xm;@FYf89HSw(|O4qy`IpWsZh!?iW zbm~?OImBNLRaLa``{~oI`vg{;5D75u#g9;9@ko-*DjMW$q|LA3T!`LOM2hn?kV;-G za{@=0e7aC^du08ru6n}5faT7+M9l0V1XdHp0Ah zToo2Vu_Js-0Jl8?GW%vfVtb{jw1|A(=zAK%(d^NjM{lP4N@v1uuI^Ty&KbsU_?_MU z+k<^(1pl3^3oT{_<`t#&T<^DI@g@p3^6wN3`s@ha*4{@9(U5p(;*g+i)lo@Agb$*< zV}@9Q{mw}ZUS-t>$Y_vu+*;k2Vi4Z1VMQk)13mTO`A2EwoJsdTB`sZK%m}I)y|qz1 z1Wtq0&~N-=nnM zKecctyNP1={BzF$Jk2=9xa9w)$>W95=p$}Ij)#eICuwz$))XFuvI1Ft$(vF6Enywh zfd9^b?1UqX+!$~^p85 zvsIGp%#cwzdpn%1I$OzU<0Gr=y>}=w&#H7*xbEQzc}|=&*x)3xe8bn#ggSV z7&XNYg}@BOTo41#1UXSK!65KI2OWismnlW!uLn*iZqyx@{Def~n>}l;_X4`%XB;Du z^HD`^i8O2K2|;m^qB){!-)#&G`c_l4Nv^y+K`U{W#T6)FdhyF|x}6C_o47m+)7rH= zz;ab*pb@Odu^#m)-*7uW7;ik25$I_gsiC|7CUF*ggJ)_HL9x$~Ecm7Lx>rXtH? z8opmNlyCVUWaH^=>>~+B(A`anHAI_iPr9^SNq+*a2+Xc=s}JLQpJ6@D&peba7?&_W zs*tkoNXpXFN9-g@IV+tU$G0x2e>q_PZuWsCS3^EKk zT}@HB@w-Ovi<6=ksOU32VE2)BHT57D$B8!*;rMuf}Iq~m^)I~HMOx=yj zmQrDDG|8FmxDG=LGX ! zs2wT^ICPe65&CUKbuPve(;0p#=|9uom)6URJ>xWlA{alaSYxUh9WmVZ;Ep5j_{n=x zqAtarnV3j@n_fvyrfa{ zR7E`q(5PgG{kpsSxzl-xsygEPn=0jgff&cbq1$cpe;<3crdmcHc2kXAjEv;O_m*RcRd7J@MK{6Op;FxT!pP_UB1^ z#_7k=%qAMNlT0rHr;lqdv(~{apw?sm1ZNROA%&zvA09mN}>C?`cFCiruL_>P)rNDXk|e_HNVO z%;V_fr{HgGf(aRV?5=#dMHGBH3HgS#HT?E1zBFEXZGe{t0-2I^zW6sct#m3ye*4$! zO27X8GOjf`X(aFzKDF7Wx47iui|r~l&f2)}T9EZKX3EDtSi|eM8sh-d8hzXw9oOKh zlE!#S&05=TjqOy5_9n+ z3^Xgq@Y>aQFG3=n$`e$k{Wl-==s;CsP9_jJe00in_W`U9DuU6HQDL`2WZC^BTeEWC zumSQ9#X=4N*SM1JtQ6WVq?Oesqd+6dhVQJ-Zx)u%k9P2_@OsF9Qw7b=xq_ir=1L!>Y_R3?4xB7j)n%e zSZD}jl4rE8^zZx7(I`OQTE^9Y4YOp2A!tUZj{dz+1GK_f8=GBxO`3LX{_^6<3(u}* zqy`J50=KDDCmmg|?JUZrA@=U#8rRN~)eBPDMP4-DpXkOfVpK)`Qn7AMa^Y*c+>Y69 zZpRb~@$pi9)PCwUKgfS`mHo~Qa1uwmJ1JT1{!bFSpLP$LGxQeUeJ$ai3Zc^X@4~Cc zh9&9N71#@av(XpZ@&4Fd?&E<-LfxYKJx|88f0Nf9f8e&*<%GktPjR-GiJ~W(Mn-b~ z;zZLgsd8<6CL3}h09zNeLQVDZmLYeA?w!S)rG%hX=E2+s#msAY&gao3=K!2==ddo$(wa~0q-WMOnNDk&PNf2F zg??jDEq!e6t7x0Mk)J_zcP6a!cMFt5ZW-x>vJ>6_jRfGTr=|9*7fO7J5*ploigFJu zS3DyDC6RA5Pyu4wMZxG&0$>eXjJzN&2e$qDTCFT}aoRuqodTem?;iqYNBn4G``PZQ zLKPJQF{o{n64WXgyD^>a0!KiaMCG`0c9MPtm9Z6Rp-5mW{f{YYlqGeqhOLgz1q zwbi3(%fQlow3lMc-sPB@&{o+D`g5`eG|=h%;CYo)ksLI4i7+NM$+i1mAo?mc7ASbz z6wQAbEX_!eSRUPrNnO6qFpJX%wXj#{oeB(l$)F--gWJl^etV7nopUZz*K>UI^`;MQ zSnRoDF5EO`$IRIjDYRgG18l_a)w9i$saZ=~cKN5e<}sOJ)iQ!>?P(nJa<{C|e6{y1 zRWd7KGBo%;kq@SdHulq|yY`j*1mg3CE z30ENW6uEl+%PWI~C2i1f+0iSB$`@Uvs5Q>g?0~v#0TZePezJ&;UZOaggE}0(%%9 zjM%G2U+EmV;T%Q-iwFNhDD)T>zsvlWQ;&;S2DD?*Hn^BUGpAf8daP2HVu$dG15Y0{ z4GF-yBX`38U7W>SI3F&wpDm1<2L$Jd1}NxJ?9ZDAhEH$mvW8n-J!(I$ul``M+~e2d z+(SnP_u_v%ATnA|RaT0oGsp@Zp~q@T-v!~+F){d)XxRTyPVK)Z!+Y#j6r+Km4k8T~e@q8| z81(A%GULNdr~7JrN_D>uk!STbMblH<+f8w;goq5ym9Jc$v*yf8a*~sNa6V`mEl)E? zol9;)7>wza?-Xao=DXyV=ehi)`SLqg%Z!66T*cbH%8N6GAjDpro9)7&and~QUkYr* z|CL|9Cx)`&)}}V+8_wrqJi_GOES%X+t@^-))mr1_bB4H$SLKpAke>6Wt?tH5FFS4$ z|GcjvS)`3{InEVN`S>T9=)Q<8O{)l3v9VfF9}9fr=Qa3AXZ)wCk(7&tJXbCuaSV=j zoA>k?!s^?&YB8l2f~9mxMMal_N|T$i{Qlg!>;JVlbjoBfluiMnA|^SXvctaXZdxM* z`blm_v3|(+KDCF!Rn5cq{^T-cefK-O*bR8{CBM7n&+ocG%tt8&$g|MZq|q-xRG^rv zy-Q?`Gfo|>fYU~>{sn*m*WZyTi*b~yhQH=j!p9CZug6sR0u>lu2TX^iBatJ?JjqBs z)LIZ&5s5mHp01^ZfG_?Itkeqe8ksHrjXxgW<(-Tl?0UID+KBlCpz^Q$=bt&|6z7~| z_~-?djA!n=XVE6@DMFI1C9G!xIgxjLXlL^IsPFXzhGOU{57t{8tPjgI(P`d7`YGe_ zV} zW5)R4F|qhy%G>daC1qbi7>4L>(M!r+^hgxqBe!n&sP35>Sz8@#wXBgKE8^^fR6Swn zj%=Nh-MN=^Li&&CqfPjI8FMGo>7nr}pN=&P673Cc8+dXud4~Ib?8P^H2eP7ecD?{~ z+^xAvx}dZEiItPsWq!u4|CVO3C{Y%Np3}SkQpOC?k>z_AExPAAlLd>yDs-l<;E8vo zrT>bvFqdACV&JA$Ge3Yf(snGjh*ji#x%^Cb0a4d;1{P{;9`&~=a;%bS$xC@Q_nY*H z=S>{Ns1or5P}NM?nY-#aVhY$$)*B<2Vw*;f19>#E44W>NPu|ffeZ1FM?VYJ{fXe6G<@E^I50ebJ3T-4R#AWB`dIGmd1V5Bo_m+qFmWv;^F+-* zEr;pFqK7c;%6Hzk0x|XS?8EBe&IX&z=BZa60&K(07|C1L7?zNo7$Iah*L6zj57aIo zso8Y8SROqhV6RpZW1=pnwxY&Tw;er1eiPoV@?waSq!5Qw9eyZPI(=YFyDekDT4C>z z8GC~xUfu*Hh+r!5e63U_yUV^f<(C!v^sKy!8BUX`FZ~~at;^14{YbKl4z*IE0~=Gy zy%dhM0`uNfUE{|gtu?M*(F_g~+HeAw7vLnXR&crkZp9U&Aoh;itr+M0hJVhJQh{Curtw8`>&fGRYuO-4;4~Ol^g~7tc z?j}RUB{%EZXc_M-*sN$@9BQW+1?rzh=L$Ww1-z3}k30-eIdr66bO&2`HxE=842TX( zCYf+f5BjwxQ<*|2Dpt`7W8O}D>1nLNO&bSor+m%Jzi1Z@78Nf0XP@jBgFQOvTGVeC?OknN(Uc5W~u>qb@{6P5jG8NBM;%@l=i>>$4hS<5S z4@y6TT<`2{DdGePKtx1O9sQz#(hocLO2=@;XdFyAt$2Am;7esJNFi46`cdQ^d0{$( zlupURioRt~K1;$lTdIzXnlU{kM1%)*@vXFBEPB_^b}!u|XvW%TNiNqddxT9V#Buxn z(YNtv3(tKx`pbHE4LqV( z{-u5!P-;AGz3nIa@dCD`(u-{oUKD3yY^aLmx3zByNIEh^(A#optEs3tD@ne(_8zJm zt&5MqKDr;Ocp=++kwfKiaR~NfnHVmGgkq?gO{@xO!L;bNE~|bF3!yGAOH`N^(lw}n zM%{ZttC^|dlG`Y1DiL+z!?(UJdvPFZn^U}a`Op;#ed(q%LvB;6+7X0ASSMcAFeaFl ziS^t|K)VAajIY$UYYRmCzMR(zIPa)keUiY=fJ2gwCzJ&yN-tWrDyF9lb(0n>#S5R}pBz{`n>l~R!~&ZnE& zd=wp#2`EMC6iZ5996d0@*C6aDMF=`Hh_&#iTW?>$4&nMg_G%DV)3U>KMw0y z@oU}(kLu`3_SjiXLM74+n_q6RcOAX1*WPur1H|Skx9>f=8M0IP9Q(_ESG|1J5>#|L zIuPUj8H0m8qHcc#D#LK3VY+-?c!^zU9+Cv)#m(nmxaM0DZh=5~;EE?}x!iW4HlK$yT0Ue*Yq3qL(|c z900>wO&)aHSs?rkOASl+dvx1|j|?%Ch~9ks<(G9JHQ2&zvP%maQJLOF3=# z`Q9RHF>E&u3pm~TkZf4J=j=C>dh^}=zP*5ZQgJnIe%6cDP2pdAoc5!>D^x0&0!!&; ziY2$OgOaDe+RuO4VZ@)ccMJTf=|tWxq(^io>JEQ0#<9Pz%0EbR4d}G12a5vnBJNY6 z=14x|jUa7!|CqF|=0J=b^gEgkw5k93tn@??&&)iE5@Y_eP6!0l;M1@d6<_Nf&%Z#< zR0uxBUj6s3{olKze~!yANzBx1lFati12K5_Gy&ZJgQ_aO|J5PMjJ0-G=E=i@CUDL{+m6BB>hk?&JTH%~}!%G#PrPwt%|!?B=ZNWAx^X+LHnd)tWmY-~Xa z(m_UpLGrMVJf_ZH0$vZMc3nxPF_d;oid@?LuaOu$WOUv;z-SPJ3K3SUuDInz4@dWH z>Aq0Vx|T=)l|jpVcIyIcrPp|&57`9nNCwEqS9vSELBqv@m zn5qQouZm46Ba^|4LjE{C^=a{(L$<>ZAws`v!u(NAR#*?Mz*iu-#q9mphX(+6gC7V^ zZFGL98?qSGuf!TYkudeRe(Skg`0IYH<60j@U3BPxIqKC5iq7TGh?*bdmM?#K4DbG_ zmnJacF7JyD&~3zO&!?N{W0$C;?~mHvss6!*jRRDZ?NWab+QM5}J*v;A>T5{bz`pzk zucee!#jALz%4%!vxp3o7@vVpp-(v&E!5Qz(QpkTOa@JFT^0f9$wD&(Q6L}MBp8SIg z)3oF1OM{~LbZWU6OA++*r$-*ItS)l0B1LIhEW@YrYyykPe9qbFG^gvE+Xx;MM`ZBw z-g%R`u*3NWnkx2kxJzODw1bPf)zLGNOB=G91!33Y6et+d2Pc0qv_4{cJw>Y-0sh7g zmB`fkw{0iwZmithq9l6jI%PB?1HjKPxxnovL}HhtKel5Q>;2LSS$e;lNMfO{*7Y&m zDxW7a-tHT5Kb`)E^Mt=vRMJZas1v-!t}5F}em@ZW*BjLP;H|*LM~HITc#&$MGE8=@ z<#maQe-~XhH8kJ@k8=wgJ+ykZ-**4JQ_|f*mKkpYaan+k~P z5C{7N0X^UKj9V+s7kjK16Qp(RbN9N@>9W!^((lX3fNG<;N&B{s!QPF6bbky>8VS`z z+)0=#x8+4LEf;)$0`zn=wc}buQO+Fe{qb);Rf>A0zhr5RagWSm>RM#m14j?Ew1!u= z%J?{nB|=LVgzrhd(Uo82YccOnA| zoSh6jDr*9)5fn*H78T!>jLgg2W@sRNY4NHM<Wj-9~T`^o`=6}kgbIO z-FEtbVm%y(AZQcsu$7583_2dIr-cWoiFwdV{zxj}ZW$Zjn=b zI0KNDI3N*hmTnUyb_xOFjU+!LVFHoOi6|#eQHx3UK$+1r@U1MVDNmh5<2DmXdeg%b zgCJp!m{PMF_pk^ca;z=K>7-yh(i32z$Gx4@y;Hh0Df}1^^wKF;sjPa6Kbm!lF9gMq z1iXC~T=|eLX{NSr&86}%{52C=O^mT5&}oRwAK^T}r^p0lSPMAXJh(F?>^iZF2zf1W zD$f2=fNEy{72wAGMFFjqlWAH?4C<`c9APwa9KnJGa=5!HbOeX0@`t|O7r`TKcU4_Z z^ZU^lWo>LvY`wd721MNJvz6Q3CFi@27MCGt1~(P;a{Kp%{`M1v5N*Qp4glt)jlsk$ zi@Fje>pR`QHGt}1;BA+`K!{p<^LQ)%$KnxI#e8deG%)&bGu1NOhS%R5Ry4_u2cvcg zB`+>(5vU9Ud%S7>Y%LCFPzP)!>l0LNYj~--8kC;^%|g|(<{x)n32amN`3kY?Gb@+@ z_SI%L;;Z;U>AlC_#CQg8Fd6mMq5k?LjK^B<=e&E0bROCYdvK~sxcgbt4j1Y3Wwqhm zDDjk^fCw84__8}oB9vVqhX`&zWtgDw)58|#gSJku{=;w21T%5-zbBY&6(-h3zWB4V&mf6?xox87kw2s&-`ZR6Z}akt9{nCK1yoi^(eDpaeuyr ztCeBPZO#SnTO)!-0!WX#tV3i_hrQ<( zdddT=@CY5l_w9RB)+D21vsyYOEVZ9rKBEn=R_8H3@-vA$*~@S=df;yyYh*bA2z|vw zw|fgs$67N3T8c-9uVYC4p-b*pXWH~D2ZF!_@$7LgI*BpghL0_g!u{IgqY%7)5PFap zcBU|{3N^;&(~4zPM5pXp03zGY#bLFj&Z+d|#~SOou#E9o zzIo1xSc23raeg_^LIbuD^}f3k$=&}-!@~E>V6m4luC&nm*3jS?VDBk;v1bxHP+VRw z^j|%f2_%_{{{E4L->=qshaZ5$(R{Z*JKQNksdaJt(KFejj9T42%pqX$k^Rw+N-s%1 zM9D9UQ|Jk5aDd$&$c4xE#JSd>1y_|@ZOO>|V?)2%A z36@8T`+#O-WsZ4mSPbgQc9^ogU%G5@QD;8fz?WKj_(GRt=@c8(89#vICS_4{N}|$} z;Rf=;!03Wa4n%UCBmmyV^}DH8%5etkzj$Z5PO-6xyv~%$3b@Vw4L`=2O97^%h5TQ? zYqv^Essi0!U8*qLMjbD1X{r3^S8T=UBLn(^R*7A7T+xlE!}&KCJrik?`|<$f+5_$K zFgwHs=fxL109?7aNaWIU?Dhv-lt$adIk76ob-(0#h*r-hN9p(DUWEs3x*r>LmsC!F z!)}C?;p%X?{Q3tsGvoSt{-HuL#@7Iv^oeL9YJg!fA0tPK?Nv0IT*#rp_-RM_$xzm8 z|A5Or-DYkq9%_#8^FNVF-rO|d>$@B$p6l0Q^2t#_#FFt}i)l&M@1)JZbI*{J8;c?|t!Oyv@xh9s z6V*oN4o|}P;qT6^!f^HbttF=|^n&=ujbHq0<{br#gD-yk37^|E1aM7WI3lo$nQ}U= zNtPKeAPU9^G0AT7L$a||8^GL%mQOnOcI~hKXKaAL0Ti4O7=#eA{xW;DvX8sOuMc*O zt@hf2p96wL>qe#~;W9xN?dz?;oqP2}wt(e@E;=hG`&S8-b&Um71VB~!@(b9^fS1nQQP`H)cQWsdk*%JQD>Chz`)gHkE|-+VoVz0J)}@%i{eoK< z4TbT)2Mf63n5bolY_D-Q zEA^MW!GK$TO470CL{H>nbm@NjYClUCh3jO88s;Xy*gN{r7*N{$wWuD5{HYyZ9ej}kB{n5qX#uf}n zg}QDi_-rc*=Yi7+g}=){3?v10(mmEPQg6r@BA)V9_xe4I#6M{#R!$!O)+XjTMbuQY zUZlj#yA&?jXuyry-LurhOB8TnxF|CibojNv*q0jydFd>#0cF8Z>`9-YdM*Krg%9iFDSjP3i{J zeo?**H6~Vcde6fLnF6ZHL%|q$wPcTfE*E9wak}BLs%67s@Gxjw!OblvgIQRo?Cuq@^87AJ6PMRRTtrSlY4|x+(8RU^tW# zTul-%n%pJnsP*Yx-4V<8masBCE!u8mf=0sHVJbk|F|mdBPy3`5$NdG9tt_JJX&S;< zx327RnK3|vzb@zlx>Oc~(pysOr~#*!_>q zRRgymv2ns2a9EsmKHRQIW^s!wnR>kG55%y7FS9cTJM_k#0V;Gl-(Z7~G2rgBpLY9I z@y|O6TNCUV>z%b(8r2}^++ZrWvc_?#zuB_r)9uX&k?+!nTES)rieNLid$zW`07#%4 z{I|3ne*XD4D>12{<2zR|H{V8-KBt?*>adwv8LbG$c~e(5W47|FnW)#P zlU~qqtSjqB(q|Xc<;OlN&x=)Lg@^2i!%`%t@6;R{0=l`0@bDcuMa+d6Og%o)_2TTr z%)iP-F@DO`g_pwTBb~)_%9+jvS4466Pd{4vVKZAxNscSWK9iJo;ThI|G&*N6Rs``P zec8mEp;EjelHyVLh`V|Zpj~lVt3UnpE&zzLl`Y^Anf-6rJi`%YS^+ZbGU2fO1^9(p z+3qUb=PHS_0GN8klB>3-i4?US%1q2DmF@Z)nrl)zhul>0B&uoGVF~SK0-2561nMG} ztC0%diCMs4o1!AtV8(;X*z;A{GC!oFRL$X?M3K0mmXtRSb~dsGby*I{(5nfUUSuT6 zJ0gLYlC`n05u*>tAvwwb-*J(pQ#A4rfCFA3yM=GBwnWa>l|IF~x&0GwcvsSn(nyv{ zn|~Ii`ER>oYHbEgm6OuD>li5*1E7g{!8Kuc0x@d==Nl>EblSy@Wk2{d2OLXTD1qSk zvXz`B|E9I&%rSELPs|08HF)kemYp?7P`ZS5eKTsSw1}(U(_EM7Dz?6>++<@%7g`g z`5!#CLynbec!k|I?#(kfn6Wb508HXp{B)-uF3v|@j5Z5jH?C#Y8vOEu)u(Z14*K|6 zKySA?`akS;7=%iuGp;KKHpIeFrfcj_wo~|nNvag73b09hj;-J@lG9KY%RY$)K9ZK4 zlq6{HZht6!{jVk)-(ZGAh!8R^n3L+!9lRU60ly_aO5F$+#cA77Q>ueT0a;+%_ei5_ zXRlmaESW58OLLf7;00y*FH^JtszM!&Kut1!GIT`0>5T3>o^<*&C>e0Tg&oiYj2_c= z*5J#i1yIu+P~igjGNK(cG%9(0N9yQKh|L++sSqlKraPfXp zx6QtRyP7@5J(Qt>#Iw;!SD10owyIY1U`b`*(dn>SAE>SP321|`q~!yE`r9qIs2L48 zKGj**CRhY@GF6F^p@GLS@OW}=M>U};#OW+}1UmDLi7fHgDYxfJqK<81!D$_e?dCfA zIz^YasNYt`WnX?uO_WYH&k`G9MN^KXfG)8*r(dvRX^6MPIgk-SH<*i-TvI+-@k}ep z6tH!dD^iZ9UyHfZ6F}9vr73l1B`CKoGdo#{wo6?1FKN%B>}^2hZdnVtzd@CUkQRo=54)dCq_yUHq)_HR4YL5T7V!8y^)j;x3r?{rdPdgX{XMLY(XOiTJYP1b&He z0%R`2_Swn)bJE7Q8-FmF)-9F@3_x9J6YI3iO6Da|b${T#A*bqra9mWvx@n5)@wKrZ zr@#>;#bk;=T?X#(!0Pf(n7_w7IVL$imK{93w7{bVqobs!9tSK8Wt7sC7Rmbkhx+#y0A*=y*CCyp z85F__hYDx3<9idqyzG454}}&c^wVPtkZxsP4#!3-1pmISq?zw4=u6dsodQ~i+;Hqf zi1$Z|&%(Rg zeM=xwB1Tf+ANya+fVkqN)yZd zk1P+U^q0c9D@FlwI|pCx$v=`o0_|>l#bj{yf05`OrdBA4=j*Mmh#JdK(!Vb5HY?3O zoIfrKVRXv)r;>Mb(d(`|thY)cOed zMHK#P8q9g+>8B4upd!x+1t=6+&(@9Qg*_r`-$70#@Fh20-z9z99iId#{p_Z=v~o~o z4pTxqQ>`a+3i%E7dDZ)^I?CTSVd2QwO_M%;QvS8Uh>58cVZL8WxmB4a@9=V`7=^fI zh4rF_?NdbEUfh?()yXs~w@01X-Nb}CnfQyq%Ki&|yRD5nCrNrEoEu5+Sr)hoa zlL1a7l;!2A))0#BX{~mxM(aVrEGj7v$}JU=J0Wwi!dm#_@ed`LfP00MuBKKxp7$<) zEDPQK-;^HTyA_Ehar?S=n_<>hV}1PuPDD1gFq$FC$igbQ{5?cHc6}?&D z6%hJh@Q!^fuYP=_ct)=3$zsN#R{jRiNcMjh!bP$+0ht8)KvknS6hFy;%V7;)p~~Bz zdW_~Vw_NIiKHAY!nL35nK%7-hoYcVLW4i}TXuvJk>IS)Y-XtdQOK#?}wW zUE!)95%|_331EhxS+#zfI60Nc+jInWq*LG(5?`uBs;nBEl1x1uGpo3wJSAtGA=1EJ z4E%aP<)MC+=4^63$>q<{w1ruPIJjYW?}vj-*xg4V1`YSk4m@@{~f#L{E~^E>}4GI9qx${W3JE zys*3!UG#Ox*F>+u7&zWvV}vyxuj0Trzm!%bXN4L&}9Cx&;QQH46l zUCF%z3zI%*v!%_NEO^k|lGSgICMK?DS*i(jm4|&Dl&JD)Spz?HbC8(*RelC|jK+Mz zrPWhmPvrzYgLl}}oTr3i*72r?T1(m`c;K{&@w=-(0tP1_I14!#J6Z}kLBp&9-dUQ* z#=VczSf!dYE=U<5U0e6H3@HV#J94#D?^30qS(1S~P9eJhKF|5?l zqJq@eqcpcDlu=--Woxu8T&N1=oQ7@fC?fw4VUet4PA^iW6f zJWEHhz2tJ`3vxh=$%B4MZ;afC*l;vkxx9nh49J4t-AI&d^y&t2fVn`Uaxy5MVir@W zuZ z+RY)|>qGena!X)a1;qwJPC9i&Bp^aBjI?P&gDbuViH$?NUYuw{t?lb7l<@j8NM{Gu zmm`4mds%&exFk0~zw^E?$a|Rh=V8i?R~CNKR_1L+e~dDdI=fI$)C+$6ayl_>Bu^`- zip-i60OE0P|D;QXb=jFl&gKw@gf?k=v!8ztn^PA@&3OS+?8+r$TU#$~Yzf$Mi-z&Hl zKQ2$_&uDCoVgGb-9@k{vF}&5@4?vimhwVWQpf4 zA2hfqEj7myy9!<7Zsg&GKq34XZi z{&{W}02em_qZwi9SAI2LV?p6Fw;KeSbek>zt+m=~ADbW<=u@(4w2jL7?C0(2v)>Z7 zdv3-x4OB>a=oQJOxy);{v{|qW&SjB(t(zMSS#$ znJr0vD861-P7H!~|LN3rILV?W6ay2Oy@rQwrMG0wZSY490)`!SNz2GJ&T0HNvf~eE zUx00lo6NV@!K9^J@|-oY{N1(?AcYY-ty1AgilOYX3DgDD8iI1D1*J-V!i^Szn4Q(0 z8m9mu6;)45LF&fOIWOD&AHA_GKT23h2x~6;+ALYuQ|46qChd!RS16082; zTIEd7IBu9Pe9{V9@cb#Su66?o6 z72Dnn>yS+PK)WCp#l9sBka&)8_20?^83Xs5;PpHlFTi3!1PQI2(z?Tt(mZr_gOAtY z*@~<{vE)D_5KEXL(n&{;XpXr!iLqSf#0I*_(83KgfH5>?ngkx}J%Dk$z8kYZ_vaq4 z(esHgy@ZpoeRG0?AyTV<*QS0KpqZ@kr2FB^{jA67>s^Wt=-HL%V9nq*#m^qw#Wi0QbjmaI1sYD@evz`^kWhT(LI7<*`4+)c=Guan>of;0;oS9)HsVFwxJdm%FrWJiCjfRELWA_UHK&*@JGh zeQ~}1AiJOW3R0*)wY}n?tra^%puG-sU_a$4X942m7i+L7*6>A@ks zn6BoYR9V9!Am?5`s1Wqt$~AO`npd6!#hd!y8HsUVGR0|e5yxv! zH~@`=65WN&{B(Pq515bhcJecUfiH@bC2xXw24m?vP`T2++CGeq48>+ZE_hkPwk@-01O}(mTIq;b`4oe$Fok&Mcg4{d zGda_8-qbJ#3uoeYP%*sY4sA)0Gcran@}-8b*roeNR3Y!Nu}58en+ambatYHTV~BA^ ztYR)xyfLM1I7RIWPixw?kAWpHr9(rmz6>3&yJyUHhxVz`Mpj_W*+b`N4FZdqMEcE& z%beByZMmYb6X^;u`+*G6Sl5Z8Z4hwGzf~!!eb4Xb{PpI0TfW;&Dv1|vD|gQhY5~HX)0#^aWSoi?Ql$uQT$df8h&5RB%0b%* zqk&k!^Zq_4c2d{q1JKPYYyuj`$GmrRu6NbH>jSbd3p1rQd(;5Dz1m34?%)d}EpisF zCd9iL_O&HTBP)j$_c&nz#tYeq>i)%bA`-0CL%9mejavkDZ?XdNjUv7u+i)qodz{bg zp9;-PF@YY4C8Nwn;FaEWz6WJnQQZqc7b(E&v;!<9*_}8uC_9lj%6sS#CjE^BB>3si-Q+*BWIn;o3taT?~7WN3o$*v6)_;CL+vueU_o1g2R z>q%fGJ&kk=+5`D+IG_9}Gj#pJ%mPAKzU&e%+Fl^BYWap>fJIP%pUsir?Kga0gj zWQ*i1b~BZ;i5E0xkGxJ(qMx+S7UwN(D&S^7-Fe`eB3PJAi*Fp)lA;s4boK>EjoPd} z|5;r~?yE=3SSW|@o~;Tgw`&*QeM*E`Lgd8kaZ1}fA=5=mp@Zmw2#rcn_lZ7zLDCAS zm{SfO%$`aM!Mu{-(9As`YNKf5wx%w+fk-7|xN2J&KkCv`_s;AGh*W`6!pQ%iUwNnK z({3S_theN-j1l=G#N2y~AZ(YTBzAy(J4y&^P|7-aSn^V_nc7w=Cm~xRo6#V%W7)A; z#9BctIEOPa&dPQ)5=A_0uWTx_W&^V#=8gcr5VU|D;Ita^eEMF~tNXz?Jjh*+tqRP4 z+FkGvqZmva1`7PW_X5mN1=VL5j{9Dp8d_w}oCk?=qGLdS-;Cfi1-{|e$5DkR^CBM_ zjRJbU3jon*B}EGW8$ReQT;=|O70$cYvS{U|O*UM}@|e`OWYwz){+mcqzAPAO^}YI( z1PRoSd|b<77_F`LBN!fmHUPw;W73r5vR{2{d@-5`aHpGrQ_UyqLKk6ScEITr zPsb*XNHejDcl73$r!WA?obl6;OFtxq@7rJJW$6|JUU(N!57{PH-8`5PSe$IBKvE8G zk^URWLyPgAHdir+iUDh+BRZen`!hhpTcRQ3l2W`K+-h-^<%u!$Dp*OEgG2XfoRnq| z9fYS=7r36Qn-BV@cH@lgAl6N5Y1gLwm!Kitxl9v&$s*ID@0J0xSc=h2po9S?_l+>9 zUosTYfNO5ignn(8VmTbraC#Aa^2Pb*NbeH~t!pD3$LYmy zJrM?cpDxHO_27fG8~ulely~u>9choAQ^E{a=AB6AX{*^2fN;UzX&)x8Qly@mf zb1j=nJ~@h;V!bN^31c52gz^v9s$1k!S3p!r9U=xO-=RW`^}BB;+c}nKkh#2 zX^Kf66p4CTBp4X8X+RpgFgx)I(!9z{&+zxfRJOf5B>8PdZil`7SlH{GyfTspkg*(z zB>+CY8B+i4_Cl<07wWVcK#yi7Qztoa0ze=Y+`%l%di!V|7}8QYr}5J|%hb>0VYI7q zXxvV+y=qaWH!38TouM8O^|d-K8C5k55W)1;o8ADV^e-0Y3HnQjw2HhAtPVc{f7A~s zSorGm7}w)-z~l)S>X%h5j07Ip4N37>>pBg46~+7+PCbl!48eCZy=0zc^3V-B(Bk^y zDWf}f<^OAPJx>k zjmi#M=Ms40+49Ai2M2k?rPP*awE@Dfw>Gok3+hl94FOILG2Q%ij#5;eE_7kJ6e zz5f5Q$s%7iWUrh}N0L+!kQ0Ixd5d_IPdNpEqLfqYx>9K!N16#8`Ab)+Uy~=_9c~+G zt21wmCJY`ZX9dFMSt=4@YnUt!sS~19x62a>BLIBEY}eo}vV5q_|Lf|L9Re#r47^_vkBv*7;)d(c#g(jc_OfD}5&l!U7j4k~NPNhPxu&W$c~ zp?IKvJ4j=|OG_TL{v4g4%Wt_FEp;r>C-iy*77T^l2GEH-rqsADdvDtSogRONAKPiV z7P_^>YtHAv|1@}b_5r1$L;)Ly9rU?5%O?S>n+b?fyCW)BER7_w57dt)^z&ZSa)dD- zy!lVT0mJ5M5IRZ(OJ(Nh1{{@N)|BL-L`L6Q@)Yfz266y5(j!@bOWu8atIKbHX|V2P ziTAa@qR6bB_(LKfX89s+>s1UurL+LwE{co7#iAiH-xG-+%2;aRk)9CIMS2WFL|{Ce;gtgBmnH8)X1XXCNt`Ic;T z@7_Hoddird3yiX~T#8iZj5&I#yg!Tl&<-eeDC#u72>N>Sw!e!n&h6@}#T7d1rZMx_ zzg%!L|8~=y8wO04t_5JNkyuM+(56m+-6x-f9CoUD^Eo@)ma(b-WACk_s@}H0VL_0R z6bWgNQaVLoBi$WJ3y737NQZPIvXvB&1_@DGLK-M)f3j<^P_9+QMxK$`anc^Cn_+aHo}ekb(#48#G) z;jOxo06i%#2?1KocT)@OP)6Yu+3r{V$^NQ1@g%oFmUuGDYp}C=pTAfHI9*cKyJ^mx zbnWo=aqurZ-X_$UvO}++hT`z6Bfvo|+)-Wh^7LL<5}ksLHJB+da%4NLf`0!+z6#l( z>#36SPw95*8kQnRC6v0HbmqN0hm#FiW+^h}QV*ILv&mHe>k|>I4>I7sI%yih(ZCk2 z&#h)$<-0ozt6@yQN6F^IWePmv;)ooNcv!i>YCC#7ntGyr!=}>#2k@eBGCW}11eXrwS0l6*J-}%xM2eB83wfCK(fp@E zFre0QqvZ&{0K+v$aFRIzf5IhPcOo4D6dp?|wQ>D$B)4Ysnm??&uI33iPCyfyL6Tq7 zis*p1a~p2Ih|BC{+O9K?1!u6qZh_3rW<+jObgYQmq>rkf!;B&x;&5_F|H}O(5P3OZ zDh#Mh?ethp9Y(nv-z91Br6$3~_E+mdN9MbVimbc1`ABsI9rG}0y6$A%HdO(OD0glX z(R4hx78qE7p(Kr(6*5nKN+9HY@V-;cSBG14);7eb76H5Hu8gv0I$kBi2H}^%qvbH= zv_sZJb|p$M5ylAmVN<&|+^r6-;}XUr@WjCU;D+P_#4Z2h5m^1S=eo!#-Srb@E@@m> zDb|NKsAu85-izGbW<@pctF{MHZ6IDP*FRU@yAKK_pUs&9w|qJ7nhQ#4O85K#KtsZX z*BX}5qzX7_0YYLtKDr5V1~Q$0Ui5OLatuX$KS829;2bOmSB*6k@fxf+)ViJL87-aLmpE+()Pq)%(Z9!6Kvk~`Z35^+dC^tSR8;%K4)h#lwROSKioIq* zLKuU&TOB%b%TRFSWYg!2&^H=Wi8N631%7Q3y24>66NWqcIzSm?zGFIwT5I~ib>kcb zjtP<2f$5zz6^9^MekFAiF;@9=K-$tVF@U5|N4gum!z=}QWuYRi))8naFo39L{n_{7 zO_XrWI0h7-!&Fs*`?%#<1J@`@9z0AeJ0`JKe3q&gW|0Ucql@?)av z6E;GVI`0z(ui3;!^bD4Yu@Ym&?9e!H@6Yv#<5+;^jZ+(o08hn3?_%D!c_<0nH(30VTdGc*Zwwj!pCh92ixnE^*5F;}h;SGcJLF)ciU4DDm1~zJ+2ydL21FzD0!|F%U2!7@sW%1Bx@~RP$PpoboW?dpswLH9qpF*)V8tbA z{K>m=anRMgs#Rf`@_yk}H>p1?^w2>&23E39Z5!rHx1`L5L(*0HmQpLL|PdBISdVJeZn=9c!9@2jGQp9#hO|(V+vP_%Ds$(+{JsB!< zx%P>B(Nsj$*=876srtJcF6^i|RW#4E8)T5KK6Cg|g106uG)LMi)4-NNhb||MlJQ1I zMUMK055~=v1p*&-cwcb8oe5FHxL3tw|1v5OwTT>)6h~i@DJb7rr|b{r@F}|<&n1C~ z*+)S_|))n6j5dnL{zs?_ali!a+M*)$3)0sj$)j?p(6_ z9Ci+rBcdc)u3DA(oV2d$tMOOn37y!COCD!)7?+qiphRHKo-t_+h%!fpkt7mT88w_e zX546k~;v<39vCq4#ZN}ecwV?BHOJ< zR6m78?fK0$)NxyyXiT-i8){rZjy{FBtT36@biW8O6T{*WQX3T3XdVLDuEWJ~km(}N zE+6wKu1(Yj9$^syN7vCAuf)7vZ(T9UzHSFeclHab<&GJR4gPBjGlB^9r{3^A7XSL953k z@j<6<;K&fRVt6uS$chRs`5c{XIK&O^1Ye3vE4`{O;{9xPQ{LR>P5Rn{6Jkp|$G7Gpoz*P(I8x`n?nY>L1lRdXTcLPOPeRK=p z{gUQA=+=-{a3fsfOa{1|7Q6da20Mva)+<9kU*CWV0R?c>;3ie(iWLmN&T7c`j18m= zliPhlvhct>nZG+v5mEYJEe79OC1gpMb-~MDkGc2o#T7T|j5`~khgx%|4nDO6S^3H- z%zpRE z^fI;+EEi>Y5RB0T&kDXOUQU{>Sj;p<6^dFLkFJCvgJ{O&$MyKyq?Xo6>wY2I@M8e3 zW2@uuN6Y*AW&8DZv#B3PBRR}o9Jfi`(IV<>tUn!8q@f>?1dDW|6p!s(?}6 z0{s+0ol1RXbeD1L^b}T~x(!lBWPnPH>OKsm-fVh6y-A0AYX@@Itz^bgVZ3u%`eaUo zFDLb>&X^7BPF?$oWtHKni+@ctJb2wMNtMI%N(7#flY~NVOEqnc?cIrWKJvg`rmIr= z@1jr_(UyV`F*F#Q>WGGP3+V>Ztwj_hH_CXnNI8-aN?ri)t*4_B@i6&K#}`L>zkU_U zcqzMTQ4XDnsCy3NFOe)2Q3?<^LYNAq6!?!NbV4>(->T!1yUVN#%G`-phkk3X;U8}M z6jF71v=%IV4v#Cb_!80JXiVFCukbr(5B>U4~_4C6{V9!T0-PzsB197yBTibet3LP^B|u53x1^D zD_AL*I>gWJ_F2CF29<*PaXdINNzGeB3j@o{0L#P>7F(7T!vp#U!}jCyQ^(v#$-+<0 zUU_lF2SYBQD32(f0Q#!If;4_n)Z)0?<1>`@pzHFN?WaYRscE}m%3imy8(N%bs;H?W zCD*{=b9n;)E&}@L0|JPIk~`vx5kxftQ(6Y${{gyey?w)(2Cwb$ZjOi|T^lDI3GZ`- zP@|Oli(XD@CSNQSt`dDn0R=mWDcH)lTvrF3Y|F43+<_2$aM{Bnep zbSYw_su>bvEWjx`onIhVGPXZ-aMEIxC7-$*qJ2X!k$?+^ z2jv{XN1|(BdS*WNT)qb#rDmeA)KD2?@Kb?K2a`644I2VTr&rmQv?Qj> zVB4p-guFpm!iy+t==eriBt4zBt{7BDpvPDl2%taEMpr&Jazy_95$N5wo$8JdU{_Fn z#0s7_1vY$I*Xaq~PR4cafn$pM9a~Gf89tWk8)X3>7?~4}fqiL+SmK!EIHaHem*EXS z&jP=)XXCa08w4y5Pd}udJaI+5J)2AsLmORfGr_7@(b0k6A%SP>L@G)w6~%<~j|9Iy zIh8S@_{9e1^)Ff=>58`&wV(`XUB?SgDv2K@z9nh_&IA^`6<*!1KN{)=P?oQVis~@6rCbE)K7u2PFAG2P3J&f z4r3mVfNLlg?o%ZA(WG1cRL9hli=5dj!duPP;)qzL0jNt7;)W@Y{xz#d@1CZCy=8gB zOoMf~)(kQDi10h-bv2aW_)DqeQ&A6JKD?IU=gXskB^T$Xp2F?Q)*GG1kNhRE!xxH= zPl6xe{!jyLC*1%85A6JK;hRhgre`R<`TwJf*}UX9H#akq=i>iyRi%p z8VOY{Qk7YRK+)ctlHQPDWRs$jz#(#*Uhp4}sQ{Py5_Tl(h<%zu9>`9$t#Q*L)A@Nq zQ46$*e*nzF#eQ?w2=x8eoU2^aD+yEybAi#bYlNR%)6eSiV=?fVHu97(Z^H=$( zS@;pHYXnRt5)zvv?)%Lu`up5|YLs&VEL~3lo;Xi1mA5OV!r4mdX&x{y2K}HBURg%i z^g-WIr$6kx?n4_c+x`4rxJ3Llr~NVNP58tTA4n|+IzWAY~Q2I(I;AXJTExFi;z){yR!iKN#g^^w0IG-I@FcGgafW{ z5ZN^%d^jzt&#v5?V9W*!l(6%Lx-R4mI$sHt*wj`9l8{TWGrZs?3&Tk_p(s-WTW{p0 z_;NRF1$6g%1cnAmt%>(;231xXl=`LWHI!y>;4GL3hOYBQMm?;~_Q$!KJL=dgoCNTa z*;t=EU49dsot6Lt&8OfmTpqDNbT_I)&07b!4!0e+?gmOuN#n#Xd8d-j+uVQbHvOV~ zE6B}&&7n?cGb3`@wbiL+-Z5hAp@c+40OKazG&svcEgYrFCVfm}b@xrlV`>4)3_1i_ z`r?YRk2}HZKJzm~@$&}-us>ati3IO|96R7;o*uM`C|$Y4fb@*H;ieC%nmn}|DEVa7 zA1l8jq3wI3E=0WZY>KV4+dLRuYKNEBIG)X?>dXq@gIQ3Wg1ewqZUDY{0@SRFEfDwN z387qE#^5By{2X-)aewhfod*K)V+oig@HcoBqqO~@(($8sm=VGAO{1HhoSpFY$piSy zhBMO*Se9s19CVsrWj;I}*Xe17_1zRsWXccEM#53weum+l`FK3Pb_$=_Tb_Bk3)f!hM|Q}C%r5+Gh% zv8dbtV8$<{Bp*UJ6bE_)Hz$O^ye?%}EdcTbu!#@Pbui=}*u?inQ^5&#^mOD`j2{WU z?p#*U>V$85viBY?+euAHdqntwq#_v?*h<{@6zeZ^xf)N>McH5gBm9lP-rxui0$NCi z-%k}EaRj78_q=Aah27h}`b?baNTq{r)CDM@+dXx$OkZBcZD+;@KfX^Opp5UX6)Xaj zqEv;;MA8{%iV)Om;{?eBPrPkOo)h>IKnVf}-WiY_MiGi(N6}rjp3XF3;<0NJZy6D1%VMZ7Zf9 z16AQQVR{=)RHt@ec+C=z8TR&j1T=5A$27PTc@3OaB~FEsv)#>$fg343pI)HoYdRVrHm*yC7L(RU$v07Vou zqmF!>8q)LJYGIxMAYju88y;YI`in(W)7>USMTOq~^5t0o!fhQTG#f(b#3cdqy^JFx z?v(HEk4}<-b>p$&dG<934;3EjR+8 zBhT!rbuDPDRAfM@wIadnvN{h%LY&?_mZ4s`as~Bu0|~aMQmYP5oSuX1svVeIZpM%? z3knyq1FS|I^KR3fz(}h_Rlqks<~UzMOc#Mty};T4w0Fm*>}K-NrrjH57P$t@hb`RxVqxre7d@2id2RGqR)eMA|S%uKle2S8L%$MLG*=0+>WYIf$4M1Rm%8)_Rb7Z<16h(c<*xXJ; zfNB6Gb|*%V>xN&HEyAJ(AwE3;E-2hUfk#ivAgnC7MkR?*QFqI>>s9FB6ivp3hhD;c zK5BE)0`Iw{+_{Li&*xt6jwwhPvzG)v=%-M`h@t#)K7$B9MppfHBAvEy*<2VPFcZXC zw89|9KYw#NY6j#B7+$h3tl8pU-*;QApJJ zLjHL*kK#VU4@`pZtl%Tg8NpuyPg%Oaiy?KvA~2aiq8bF*{dCsZ&AcL~Q+8PAPsEgE z{l_;myP*fsYxTkt7oUD)o%et2Vql(U@>h`Ze&s~ee{dou*xR*U^j`k29M1TU)&4)v zVX&o$KQ0SPNynRSbDrwO0HJUKnL(yB5EaDVqyE9LMHwyS^-5Z>3oF3O$V8VW5X7Cq zG@Dq@pO6@S^`C3uQ=dJVKAHH7t@}S^F+e`S-)__7G^|OKT$BAY(B^Q1iU$UtaqbR> zz+=CC7!LYSbgI1r?JTA`t=K2uvlY>Ik0uXhd*`#2T=&L0s-fTom9kASRIm;f+#NZ6 z=)Z_1a=h>(<>l6U_S2i|ol&W$TR&1xLt(mdf8^s6pO!6uUyXCUc~l0*>pG}%fYHDL zL1^nPyl6+%?CBY7Eo%UqoWtAPk+}(X{#C%nNtNuYpowlc?E(c?dTR;3M&6F+k&rC%> zE||9dqYwAY+yV~4T8`zTkAHQ`<^z!^St7xDK`S(5X1tVJz22)E4yASogFz zf#Pthx8-CD!s%z(jDBfQ>btlA>-EjoPj|fLdB=x`+M}uSobJV>y-hz5GJp zy8ZaNn6^Y4Pso{DH18{J`t3#!MWGb#4rs`T<=VGYs_5efs9WB5*aQf-=G=IPqD;IC zI=mi>e615o5y-fTkwO+-#wzn#nL_ItoWqiH&9&D$bxn>LM)z-u3UKsYyw|qB5g|0W zKM>6Eb~A!(zUf(Kf~tS*32&aj;lBJuN~!eoDYPJaQgtwF*-h8fh+-RN@PZgV$`*y~ zv$HfLb-CH(&}tDLM`bp1=6ZE#%H_K<jQe z+>*29jqEKp<;>l|Os_^1LWfEP!*uXp@9)sM9J;%yiUiMkPfYWns!fg8^N`M-9=nQt zm)Gu!?xoJA&#&EdWihzTzEKfL(jE;)%g)2%GKBrcwz_&>md_DLsf?Quw zs$V~zIsF+lG-$Z4gS@)>7}d5H(t{5K=?i~SQPv}|MEUl86H#~egzF)4pDLymel zwian6=Va|d=vMO4lZtT8WHr-sER9c{c4IBy;Z}NOeL2Q_DmWO6xRdT3f75LX z0$E##h#j*hbuRGpOw#*q_T3}$Yf+(o$QQCI^EmiNr8dIN`Za;!K!;SZp9K(^R9ePz z^MQx&zjmDwhGoD`nHE^gTPXN0Ux)a0rPvUO72Zm$siZb%}S5#jr_u5i*9rhh|)#=uO#k#_1V*NZgHLF7-q zpROXPRKlKeO?dCJ`+_w7U5RL~@*F&+FO`M4RIm}u*0&Zeg!-84hg(J>V+M>Hb6YR* zdW+Yk6#@zA$c+atJw|D6$3QXCfvy=fdxSn6%cY28Yr8egU_i(JbWFj2fs(z!>6`Gd zLVmfIzw23<<8aa@emu zeWWSQT+cWgGjV5~<^LF##Y~F$3{z7NokxP&taFJ3gkC1_njgu;nbLc%wjQ;7>c(Y2 zF$zNrUXbAfupa??y)n$qPJHX~b!j1k8-$`Y5V~uw1)k*Fs#r#RgXrr1up8$jAas;7!4B<6X3qRc)za%`Pea=q0XW^Z$GgZ7LTZ04E5o7d)`RJtqg2M7i)gM!{0uz*yb=J8zrAVl4 zmNxxQdZLXE-4Ayx=Y#M%urIe`qYY}g_D0{YizZ(pF>NqeFq>F-5IM$hMlOIOQ1wQQ z&Ngmo(fY&Lp}j2`QsY*L^){?b=PyV~4`;%xxbEGFkCnybwA8X!b4S5mV46sB%Z+zE z%2)%xR*K~g#jS77JIHQHt|IgcI~}T*7q;@&Z6k>8WkiWWEZ;Cd<|b60v9(!NS#N`} z>zZFjRD1mwdXO{(i$p!2T4(nH-$V0nzUNod70xUglPLC7cN0z?)=`G+K^U=v?4&KR zcvkZ+g}CVcfDKva^)K?Sk)CH`Gkc>WB&5D~f(Tp3uTqS$O&fl8D5iKU9@pqW-s?%V zGpF6Z@W6RAXztTojg2>p@w9XynP}3JI4U$7N5gS@>{$W*o^SRcCrm%Jq7sY296V#$ zb~@Oc&evKcrsrF>_5LVPAZ56-XSGRTbCJk=kcb#tx!a$0+iHmIrw`9~pJyKl!p4&k z5NV!f^s5n}Wz_7imVO$0(e9wFg{Zi0SZRnyykH{U*a)wAkn&UI4(VcK3F;mrU^%V5 zVayszA#yVJP54Bes7w5h^!{C(-2PqtHXm~qG!eq-Zd#kSj`qi_>tFwEfe3WF7=Fv* zxZs0figL_Z*~;f(kfrhDgd{w6nFIsL3(&di5i$K!PIJZ1?%D;(FU( z^s$Sp%s5s}E^j3kk<_$50l8s6-Nn0<3%_PU)hv%P5y=c!(!X**g)p6%tD*PSC+_XY ztb5VMKyqK}{wv`-|1lS{r6ku)G|or#3XdNG`F)NWo33?JoK{7UzfVZbBUL67*K&#IH`d4`F_+BcDBn02g7FA1vhe*t<7+iwZOGU8a`5&{YM{0ld!Sn1pMppIq3mW{~*JS3Dd9}(n z`_alAvHmU9W{~`UpO~uU@%vXVX>t(9rTFhC4yDL$fC*OW_umW`eeHFi!M8G37 zSie3Zi%0|kxcsjb7=#Qwdc$WqehZ=92=#5R0cS10=onCwK$bx%YuzlU+5qEuw>CdQ zLoe(Fkd5boW4YFEf78O9^9s>#>hoTOtjzkQnw(-P!iGPZ0@b&bnCR1yI5g3W^BP5g zNSPSXs=v-hna9CnOTkBJ!)%F!WnQ9Qs#au(`nJsZ*XBiv&i1KkE@XBuN9(4fmx>kf z=kF@;V->2wG0E8Ua`s$yOKUoW5ncHs39_n)C%6O$AtHllWlz6k=B{I{hU<(Y?14n} zA66=Z~JaO}b`1+1Gf*8fHvAVRn z+_Ff-YcoOG`D+ymVIlsWTu|(QoqXE(mw^2J>-!(eO>ET)VpkwqhP25n|2IUO_A3~`YXM;d!b;2hx56rQUTI+vEtCmEi1UllH~WWgAh~7X43gG{Du#n& zQs*f&LIYENvBE01U!)_Rc=R;a%R3j>ay?yEb)0yRxU3veDGPA|r-PXQgdRxNBZ9%O zOvDqk2^5y8R0v|s)du%b_aqCg&riK35h_M{UhYgl`6uLN12IArbRo9@SqLZf_peV# zWPXMa^Whgd|3D4Yxo;voQ@f7ZKUt+^5DG%uwB`SaJS%|0GlH2`vj2qHd87mgrGLbl zcm40>l$%!^8DW45=>HiLWvCH0qAc?tD0?rW0*_$!tAE67MK;edYUW>TU)Dc)|G8Os zL2xbv+J^sxkrC(et>E`h_7fD%0r9bE|AdkYO}m-5W)(9FC~%rt>hxSgKyC+Y^=@af!%A`bFY6ncZ2`wD0|Ph zD57m|M?7CrJBvs=Y5K@_(M;s<@JCWV)nB~e{Deg9{0xdKY)7fG zKGmr@^>uEIPA}C-Gcq zxDs`?G?~jv{y+2J&OtQQT^YG^$3B*O-SDLv*<0nm*!yuq`{Q3cfklRvr>2~B0p#zL zCnEcQ$Aci8-8>#%I1guulKy^Mfrus_?!kT$QOlP5S%a;su{!t^e-ehD`>S^I|Np_C zXDR=fJzYqKo=v|OshvWK)BWbfHN!)jy%O2AAH;QqhaF}`*4_>$y+LN?1Lr=|b7no& zmeM)cKfhO-eNXo9+!0UN?At^`)d^h7Xk|63`rX@2!f*XmOP17oiy$t-gN%P}iqGTN zm@k82#g^VL)jd4bI=TtEf?aAiVl4)nt#CYTZwTQ3AfXesv@R(7XI7)T*a1)>7Js$j z%yUzE$Re>v@Z0-uMBUBVDSstzh=5~tWJ(Yba6Br>yKXpid@E=F;O6dVw6}GowBij? z)$uDvQYf+Ut$BZ?!PeO*FhpBZc5^y2;`fB%I^1&U`>yCsv=2{0$M~%B{*glKvvbnp zuAxe(-Z`^KYN3#BLWNn@HuqrRyRRjrs9TuHl*zH<>=yB=P(8lNEt!cw3dFv!S zq_%?n1D*W8TGe?dkO8d2)98&IaYZ3`Y$u`GtZGSI*Y;=vng%<`E&qyZfV&_i zhG9Jzw(BOE%I9!7D`0;-n;vtx6FLJ9&F+(w)$0dV;m^azvyVUI3)j8+t1XGhZXVmo zQufI}_`*apk=@M4or<`&eD!-sLlOpg7K7814rfkN4yO*3j*xJc8)ciVI$@1o0`H$S z^0YWXi`g%kejyV#8QkHd-EOn0-E>r^Ezjamrb*#DNFuIxV=2!Nj<{Mr=e#qLe|_lu zKiA7gjFS?p@Cyc^GpEO#A@B~9F37?>I1M3rP4KS%EhocvukoNe!JA{(r=*GlIX{s| zA`C|^-cByYYY9S#3IV_r<3j|53X-91Q!CFcRo)D;gzp?pm_WWBe`ge-O4*`~MPTZ= zIRXqd9xx+RIBEJIaymZOa{A@VTl^H2`nNwVNp8JIPbJQ>3c7qt+V~+QI2{PI%Pmt+ zWc=j)a$NN}E{9A<+s;W~xfffs{GsbRHFa93IwZ(pzzq8BxsOyCY*I5`1_^F3&T!vb z=;M>=pOL*t0m$wJWNRBDia%27>7ZHKI+go}CKgT4j;9WO%-$98^v8G#VgO!GPNG53 zoD3fipirxl^kQvvUT<{#;5*Vm)u|Y&3Xh3KCo#Pek*LPxLzS_g;5D>c}8=-9;0&k8<5Y9l9r) z=QfNqUQhG-jCQS?C*nE!P#xKA)v1ql*0sTS7)+AxVSTEeJsv|Y%zjJRVg{dj6fw#_ zr^eo%E+V&%xy=rZc7Iak)iZ5)=#I3$0E^QpWR8h`kt>{X+o!M`pSts}h!Rt9|B5xG zQ!B-M!6e;Zm_$`nzme08h>vfOGnJvcw_c92s)H3$;nd^Pu8DV($3rcr!(Wk22DEGcXDZc?s*)ZWNq_VZnEZhvQX(aF5`~rC?So< ztvi3IWN4}!hyBEC#JJ4`pPkG-Ug}oPGf0K%pd`eG7EoMB-51=CkkbfDm9#yPnDB?Z18ys->$EWpJ$GQKMnNlX^ux-LpW$2J=VFaYlMG>nd~F=9?Z+Pac(t?sBu6a>^IH-bPD--}8seTWF^Xc--6dAm>fE%P(vl#zu~HS0|QAgr%MT<9eP z4?S$?%Gcc^#NEdAr8;+iy5vUYBW4hN)+%t%6^(s{BqmRAr9Fo&y9*XW|O_QlM1T?E?-u=q@r~A;B?|;5&pAn z*o4%RBz6OV)eq>AIvSpZL;vZuxY*z2I*)ny#1>xbh|;*VzbilN&jYE{fCY$%lP4qUu_@;o`W z#ymQisX7gP1a>mmBdr2ZZtFK0^Zvv#CZL4~gbG`Y+`LG2F6G!0Ao|`AMWzP=yLtsD z2e-4HT2CG4M_;XHrnQm=wG%IO!L|`Ox8j5M%LccG@2B0NY}xZXK?>VkaFp{};2y!L znCjDrhca&^UY`E=Wv)u9wm$jzRLzYHoYXGNMOQb84p|>*Mfhs>*nK-d?R+g__2xhQ zSBzU)r|oOC@O*XLBWFEo+PA+{v$T4+`32t`H5EgvjYmX8 zBW$XQ22aXu>aBMb^3ytV9?8w)64?ZT_?ruJG*Oa-ONY9YNuFcrs%?>T1cOuKxn7co z=C4%SuCy#Q)D^bgT)ykaFzo`F{<%|)ar>l7AXl~)Q{e^DL0a0k=i&moM<_(R`t7jt zI76B7p^3a+D+ALYyOJ0VN~C!PWW~EUYa7{V+)0=)c^q@s&8T|)5KLvouV*P*dfb%T z=uxLnm5nm!Ub}s|tx8emwdydjZJjpUWWSvV&kZWtX1k(va_MA#e9ghe|TaMmd2~J~q8rSk;Y-gv<3iUha&-&!0ASsdb z-NRdmL*0^&<|`lCwT$6bChjW>@TQX4!z_$@9s)waz0a)Oy4l)X^%hbEtv_sTxmOuA zndlE+)5iKq$k%nZIkC(tMs0QE?raP3)p}0a_ct!Apt0%qz0wg)pC2#P>W6!hQn`*> zLkh4jr2p8!O4X@1e2JF{61|#LKe6*n%%$*?2(!9h%vCqe`T%PyI9Z1@)*!k#U2biK zr+&~S@r;S6ksD>jNShXekm!tw_}qrmK`GUOxSu%N$FC7l!D^Wd^PZLP98w$hAE+X^ zbi1skd}8;Ivl=dv zl*=<*`{E+xdJqZj{DL0reo$7q?N0@UCDs8}jvWu9Ay{c8exa-Nnm)G_L6m68_miNR z>(@78)6>31^j3m`u~w@;-{{99lVa$Y3Mi6Zyrn|Zrym+m_0vr(TYIi%X%gDL`UUzt zaGrIFH`itG0&^nP-H}?K1ErUhka(R&#lsrz%(f59| zV=Hnr{G)!sNH@h_)^2QsjdW_99jrEEUmTG4;J+p>VR346x~yt|zIXkR0=e4|YB!bP zahGVLoxf}vGpGKb_cBPQ zQw4A%!JmDc-pT!TYQzpH8367Jk$yQxeQ=21eC+;a`-Qy(FW`&$fB-6Z$dgLz%I7oP~ zXj3TO%u9?{SUNn1#^buAOE=pijWyHXd}KM{L5AO^7)mA)$7~0G+1dC~GP`kI7kQUr z1czp}^3uCIH|Za$G>3-T-Oee>la~{k^>2$Bz7#C@g%13$^(+Aa7w<-GWXN20Gj@6> zVdY7O>9-DA^>6#ENJmjt!Fcw1mmUBb`pBYc4xJYqX&9Y%bn$OsxzBy zHbp#3uiTjkrNnPTHNO`3{CS@JrnLk)KfMi}e)gyJ`)pYEi4rg?Y%%&=^aKM!=8!+l zK8N~FrJ0FWHk`T%!^_`FdnjSah9256x=WA~rzz@*iDkFeR^Z!DKr2O^5|Aqlt6223 zAKjX$qrW$8zm7*6g>@-hTn*X%vTUf)oYHQ{9kzQ(l>q??ksh{SRm}GO%Uq~7^$yyV z@7pyhz2trC=Ei8in=cUsXQJFQmXYiFua|GNtA{RZMa%d<`>l!<_Q9GN+y7we(nbQ7 z6iW9zL)@sDIjJ@zq5=C#L*-@K2PyI~n>{P92?GZ9F|g6lsLxG}hupD|o1m^%cs5?F zM^wbZb=_u~AZ@eqDLU9q-xeBXq*^KNn>;i1J40whsb~8X8TaGp zcWi6WGk=Nrce!lZqYinp3`y1y<7@qvZ+Gw?;}kk7f-|I*#5`p6xGKU&e8nbaS!q zWVG3=QTj!-K5n`Oc=^!HT2_y+F%oWmJRZm(GPc)iy!VTe!Vby(Y<eYuqBf%u@uYy(+rSEAkT`18JZ^)AFSPsWR&0*9>)SKm?o&?iqk6!YY4qFey| zT&1Wvon=GO>R^W%yq~@)?Jf^}^7hS?_;?G6(8p2wa~gMaRenKmo%MD0fxxnHY0F=1 zkdvVs>{Lp^bCJ@F5cE`k%osL?{BDg2-#^%k1Y}A;TF;30at4dl&g4!Cek=&SF@>LO ztvsdbBs$m3t6{M=lMf&VIu*{CtKUY@rk#|maLbF-;-Ftw@^hlkjaEinri6>-6^T!Z zhg$u#by@1fdzUZPJ!*F#xDE$BmA5!c+9NRjC4XL&a2DCnV~rOyX`{;dN{3wQ#t8)#j_7Pp(|lS{UKIKJch7TI=`Jj3Gd7YH!k4bJji7nr$eg zn>!1x8=V`LWxg;t-DbAOVPJo0uNa;dR7B}SjQ&m@%}RP-K-+r{pcvjZnb3)k*{d%~1xq>a$y-@MO#2^;RZ~0i_-t@5j8p_-#fwc$} z``k2^H)K48^whQCqV){%ROgn;`OPv?5LGw!HFb_8l;NJ7^sQ#L;nDWxb zLtkS>mrBup!^X}49#)TEj>B_saqLeY;#EFz z#xAbAR~DUis;f^$U&rS%xF@T&8@O9>ba^Z8RcY^P#ff-rDa)=dvZC|b8%HWzTVe^~ zR1A1Way{=-EtB_PnRQ=F^C3ttdke3TsZ366n_^x#i^vyPH-3zK53#W6EIo@P>)3nw z$sFqi!444fydg<#&yvMHRB)Mka=-d{a%pWYoI%=o#=XBTpV)FsGFcpsyA~8Kd!pf% zpPRB3XxdS&$)1w*3ibNV!R+*#@U`l^j~|9zZp>|0E|hHXyUm`7lU>+pzDjtJN0_k7 z-Ql`kuw%B~duURHt-HUoHQbd7&g&w1(bV}T*_CJCa`$D`U_0bnoH;9Sl*A*V*x3xz zyIS|W=qpks;l=|udL>e`dkN2!|Fy90l#$};ek50?L+UjPj0$(lwT6+K^ovcem(}x; zRu07Ei8ZU4`di)%20l^P^OMJj%wBhXc7xqz`Z$DLtEqa++X+dRRXUkkm7>(ZlQRda zOeN@G{MhI@1QNA>y*$ona?p8zZ-6a!EAV~a>2<8ax28w?D)$!bh?_nPy69XEE77HV zJBOm@sfKy(RK{oD??9eRFNK7NcE5_h{yRmy5|?!Zsm{i2_CnEK&(MJL>o9KUuE5?| zADd?J9l5C$TX^ir&OQn<2>)^_R!?6*b;O5MOG%}yb&X(*;k&em{)-lR`cfMOax>PX zY<9jv`(&r96-rOYgDZ=Z{Ldquw2|dQyc<7?KU&9{q*yE^&ot3-#jy?9FzdQHP8 zIxmwkG~j_fl~Dr)(^>=(#E5l~^q*7(NO08sz#ul= z^4-Y{e|OOMpe-z}h4@u$2R<8)r1L1x<(UD!%nrU)t=flAbchU@`1PTk+0HqIo25$E z=Duo=7)tOztO?ryC|WI{j42PmJz?RDc5zI-0@I{r?=85{vIg8+S^`Rj%W-p%cFH zdsk_z-RgzDCz@E-r)gG$dt#tp7vVj{awY#HymBJe#y`^?H6JcJM4U8S*-O+`+@n3R zsdf=3Td`H09I;aPmOZl;-mS)Q9fc_PS+Z&=#x$a&51s-mNA zS~ZxDN8D1f#rd{#7OQbJ(9~`Ws}gLNu)*Z}12V`__VZVYTq-Azzm)F19zJ;B{JXUv zAkkFkX;9f(-(&60SlKKDg!I%t6)+l9QwaW51dI9!b;@fD-|!F^c5yU3-IJ5miZLn)0IYRmy1kwD{L?W=4PDAUqc`48Z&tMOH?js z&S90iv1`q7-3Q~HquE(Zata;EoZnIw+i2GmyM;t^T6;0#&yMowkCBd;Chie`ai+en zFB2SI{GCAf*gYCfX*zutQkj^q7?1j^4C=oL2oN-6&xaqg4jky7YVw#DH+WzdeY9T4 zJRRXWauZ#b=f;`!R-hO9 zTV=U#sm(-%?=7Z4L+m@>wi3JU7!~%|nhvzXn83lB=WyqOeij^6H)_+oX9FzeajS zhP`^@{LbVpULSqKb_zxy+o8~Mj%`;1%n+)EyJ@;x-HM~l)t5F)O?UNIao;0{l z5A;N>$N{Ny-v${X*{t{djgML4GiY_Z8MIw#=439%uZ!G|%$Y%E26?&F(#1n8qM5*4 z(rs}eT&{-UIP=Q7)3VK5$@F~HaaIre&z`F4qd5!(I#nKYm^#d5`!FjBxteS(PwN>T zk9y%&q+&^s*L|2FxN?ys+@7eq8@TZyF8oH<$i3Pl?5)B`DIxiWM5>(rBhhlb@y7Bc}^<{`hRsNcz zzJFUN>LewT0b`xi$mSN;s1#x&NMJsC1oY)APv6^DEqP^2bb#QZwJn(epCBGaN@R@) zEtDzUBU7mCCl{@WFICOFARt(^XFSqqoo>%H$koEeJ?;lR=jIANx?j!fRe=<=Gu(*Xh3%v0yoEu6Fiz&3meJ?Q^z!%R>KCcIZ4TFG(*`0qgvfMCyr@8QN(}~3%^vo*sLNQQ>)W+-KCVKKL>rylzPH!NMPfV6BQq^E zncrrmL)2@WKp3l{MSm%uID25&g=no#Q-e3^&D~ozuc1X;MLR4s6l`@|XdufDX^Hzjj*DRT`TT$x)>V%vYTTCEv9Qp!?SN$fnW5_ZO) zUOmOK_qs)PldM*HwlY)b>Fc)aUVvG;@k3u5!e4-Z=?!s`cazIN$t|!TIaZsv#egwgWNVmw1)-pg43r>JFDhm zX_6{GyFP?fxEdHg4l&qZOUXuvoMg5xWybsbt6Tgbv+HFnQ{|Qy%Ts72UJ`@jI`@}O zT11J+dzqbKsoR=G=iH$(Ma-cY7uuS{bU6kcq%Oo>(DGl3EXKnYJ z$JdbAr-l>W+YHU|vSQs@+-k9*$j=ZwE!cZ4*}|}acW1Rub13MaZs!Wm3I7{sr|ymY zZ{@}Nu zdMapu3Rk*&QVyT(CLtB$`C`fkCF9tB%wnrnI zdNunm+!B8P*`)RgtL~14J`bxsMYA83yyHDkZp}ddD5Ro;KqZ3kEnn2gJTQRM7Y6VX zs1;7zr#ecIyZp-&1q$Bpl(bK+C3o_I+OZay+9ahNk*vx$kLUM(8(vROWfV`CtxNVE zDS26nzSe?)dP2ELw|vArc7J(1znH-M);O(KiQ5oFzecl1<8yTRFA^#hiq@T|qL%J% z#W=a0$2vRLEGB$jxkBhY>)-2rleeI?8nW573pRy44{!xltk%a;GPT*JIyv3CcQm8P z0^H9FI{K!1OS)or^*l{+K>hE#;D%#V$Xw5F0eF$!l4TXs#)sg;Jnd_V*l)D4V;^&v z?~A8Jj^ez%1u}7Aw`JZBH)+Od^wnQl3izo+pO>Hhp#*S<%#Gs8DO5UV+6Y`%A!sV} z-@*9BA9%!e!e6y~4phj7=xDyX@6h<(P)TT)vVz~k(CA#?i| za_!Y<;{pOI&pxJfcxqOxdjWAaV;qE*{q;P zFd{)qA4t70&Uu?+(|H;A08lUd*iqS25r7B`$n7vNMqMVB$no1=|0@*x)-&XwI$?&p zvyYu)eaq&sd41tYD9Plo><30@jotV+;|t5&kcM{uwrmL~AzQ{0y6bnA86@FWGca=s z{x|X=eqP>O{@nC10h(#2DV1|I;{m;DpLV9H{$5I%Ko07guCH~B;#FI# zCvnrRf+F(&h}Gi7hqW;B_gR1v6(N;PgDlYh6 z?0t7Umi_zpB_fqwW=1k16j|A%L{?_@C{eb$kjyA#-pI~~%aM%{`|b66J?q!=lq<)99a}Up zt^|rs&uEzDc@&(C8f#*j4eF3NirSD5YX--_t}&()c$)ww4c>>_tkb4mrAr>O)+px$_z45Zf+_T^mN<^HX|~ z4Uu1Gv#=yqK#`@Nh^J#-eEI|vTi9hE18cip0@kACVDr4@BE0)U8FDHQ=^Tuu>ui5~ zHit*JQQ|k(EW2HV^{d8;uHq&Dj&33dw_q;o7DC~~r+S@Ajdj}jgZ=#Hnln~jJ9W8T zJboxAyWEykVr*par4uKeh31m@jhCE5*AMiFB|j&%X}*M=XvM?jos_+rSUIyEl%l?} z*KEU-?z;MtlkQYlV@%_Z@Qv6Ou4X5Nu*DhK6G42}V$;N#A!U z2}eec=h0ZQ7mA#|Ah2}f_2awmWzL<&LG%1z&m~TDU>6+42E1kAEGM>vFm%V)0iSy; z{$Qex@X%IRl=|UB$0orJcT^pj5{G@K2?b43HhiMCumSrewGXno7&rD2ZVS3|?{cv& ze8thQs|%|WB-JJBJQ0|LLM%JYtF0pdxq|}Z(KOnRd`qyKWNJ#^@Aa-2+H}%nFLk8mk!R? z-wMH!A*4tCGR|y;UjYtG{ek%E>(djy#3YFC;`*_$V4FOx@NAdJ21kwCxRt$}e)=T~ zce)7%8nHiM7~J%pO6JsiPEpV1WRoRb8i{O&XB6xk4WwW_m~oOerB~(<1v6GgGlha2 z4tg4*ONuzfd z%Llwk#w}w=hmf?i^Kw0(=5%DtCGJB^ZyXMZZ4BuA)Qyl8M1PYv4}x8vnE@~JZ&=px zHWW}s<3^!tW=`lxVGm*iW@F-N65!}d>Y;?(aL<`8mXz%B=n3Mq$z$2xX6)Bh?UFK+ zy`EFpH2w8XtK)%Y2r1o`*OfC+oI!${^!CXd<6fz?7?9D-pet~8nI zz`xr`N*zWh>+AT*Em{ZnYMBHaCf4vWWDl+yIYReZu1ITGSftvA64&-lT0LfFROFo! z0jh{hwn3hpZ!R;NuXmV;M6-KAZ~fziV_3n2z>#is^xC`$SFG+zsG@Vuq9TzK8JQAf zv;CwnY@w$#R)`PM%gvfgEeKX|>7JAjhi{>o-XJPpUXO;mDTQix8zoVi()F?gK`mw4 zgdkso9BLcv)talJq-|lRlpowACVJJFBaEH>!uDp*218s{VzSq0$7Sajjy1Q;6&Q^U@Z2#)ntV!;-zAV+1=3e(VTH((Evk zljG$)zZ-OsE+WR7=HGk!=;G}C&ZN!&Zz@L&L3fb-RNgmoan8|3%(a)w#w2c5+$ZSd z)Jewg{-C@^_NiV|ViMc-Dki+Ep!lsw;i{2Pc^I#2-{(EyOGHA%#w9jX`kK`Q{tfUu zrmOoN;JjNpqfvXY1Q^7c9COQpTEZfk*)F&cFBUf4UNk~&8$v3R`-^muom|S&xs-w1 zWc`=KJ$-yKU4@O#?Sl|Wsbwhc%G_h0$kMvn;VKuIrPBBF3QLK2tP@4e_~3awRb_yU=xK!2jdeMi z1j*;*oJXQ{igh%K(p}pKUp1~ova)fXzgZTX?A5phKIoecj6`2=c@S6>e_C4CGX6;; zRZ{paL)($2(>bqev-sZS0F*sQ45E@36E0Eds|et5S8q+9)-^$URD6qafNA~(V)2aS za=^=eI@%{kLl1zK1ko%I3P6qR2|Ao!-b)f={Itg)Lt!|hA~kg332G=$0sE62F;1AH zPeeU?6p4+A6?>+?srJzhg`xXGcRSizQZ|Om`RkL-cd|M&f64DY`Htju`tiSZCEo`2 zL(R+>X4vY!@k*1vgb)9Mf}EK~T`fPYMkUKamF?*zC!OH1i~eLpeP&ATKA9s%N~Mmo zO|ZYQsvg8u=Y6a%Z`*kGIVm*n!WiBVdDdUJmRz$GIhy~@y<5hnE7=Rgc9NXoKt6>Y z6x^%3B{|v4Kfd>Z0|!;(MSKdxtA`f7Lg(Sr-JFRF**R{g|^UQbc@MbAG z8+YESs`B07J-Ck0E_3XSWzp3v={x(IlS#=ffl7e;1`Vsiz8kEPb?PcaZdEfn{j@GT z)!)Sd=(1NVX^5Q0bmpUXCt#VTM`>X!d`1~u`HTjOgG|r8b?FvQDdpe~W@kIBCdN!$ z_`tORdx||L#x_By&i2Co9NG}n z>_jilOsWsXI>m^D+Fj{LY~j1l?H0XBi6bYk7E1IAE)ZMTYZ=#tlBE}|r;AUnn>Awy zufxgCmpf-siH=E9!rAjT*S+dsw92_6G#Ym`L2^bg?}9gO;g}WX06H8G+sa)$t!7$6 zRYl4q5N{>ZOskDExR66pUJV~V;6$*2<_E!aGG*f<`ZC;sWV_%ak(Mm`P&XNpgolS(oH9j87zwp{ z^L?pE(LZ{gE=}uw>dP8-jC5(pDJRQltdY_QzQz98p50W?f!RVxm-Rf?mZ>7NREktYka&P_{0`l@5Pjn-|6V;UrAV#gI%2 zkjO!oY0{MJU#wdf#-Eqg6~$7KRH94ReNHZUsO!8nJ6+L??Yx(dAk&=KaAL>Y-<(m$ z{o`X6<{qJUMBn<01=(EF`l{O@Bk_2j5}{3}k=XZ^nVG8!efKr>iDS!m11mYt+3oU9 z>qAn++v(XZ=q>p7VFqk=mcd)mkRPi}7ART1;YN;h@=sNM=rUfD91e+<&^6jTx07ca zO=9=SNBJ*J&x1epY6Vp$V_wbZJl~LW0CWLOHwy^RW=edAu9WEvWi}3+tVELxt!PXc zR0Per-u?JDf82i8-~MsT(!#?6esXWIC4b`_Jp;M;{kC^-Ap0C4a1!&P8Hv|qX6d?} zj58ZmQb4jV*WxSJV=rre$Inmq0J5|8Mo1WC;I{$1I6#=F`S3s&EvU~J4njp$a2RX^ z7x_9E*8G*mG>^EfSyJ-sjO_zac~)89LBXAEfuPIXB{R8)c4hZU0=5BqpH8*q2x}pb z?k?d6JjfBtEwP#@R=jo%sI1~`X$kQE^V1o%9%ZwwI=0aJM)qAe<-3grf}}?ik}A8F z{m0DCxtn}t@QTjoZ@tS`fWi2tiSgrUaee8GDn(9A2G=FFQ%NnV1t=N&@fV zT;%`C!<8`svk&X~f zcL;2`Eb|YXl6aHQp&~K*WKd<^P?yiZhUL-#=VhwS{|XYim^%+bd0E$#=sOxqCf~B> z=0!p*7b@9u&j)W2KE}e#_CdWR$;=O^NVO1peA?Iy2D&n*cX7~s z$vWA3ApqnvQq;reiN9^CI5TxOJn$YOwwWLVd|vQgP)pEcAS|@s@|#`+acfpcV)DPR z^?wW*-|^`5O~tmuMyGIe%RGT{5JEQ+`~FKq!85}Gx?9u#;6h#zJFl3FtBi&liB;N6 z?UR|RTkZGTwB^=a|6vSxAeJdP>9#VhT{hd-EM|hN5qY~Ynk_uVwW0YmD>U?BFp=)}hYK;+HmxSF_N63wls*1U@wv*N!#W0&N@)1HOI)K0P^#_@Wf z-l;bkb}3oRxm79Pgz&8W@o&n?A-Nb({0m(}UawiN2z?O(+!6j_Hr;KevU2a!Lr9k0 z)J$dSN+xzZytb8N%W$)#jsxIwLa1+m4|c@URm>#b`_gq3*u%IL#IGnknTL@e(%<*) zWLL#PEYYuO?e>%ur$U0nw#5z7w8{^~&9YE9+O)Edg6OnkfNHUQ7U%fs>=gydubEbo zcq>xgpb{AIBnrp238PQp+gb_B-e#U7+E75v+d68hM^MmjE;24iM1?yf}L z*ZMJ##7}-Ab5gJ!$LFn+N3NA%-1Eo%wcKdOaPn)^ZpnW;;J~0LSa(fAG~u!o{HDmIhgJ=eu`nBay!5&=BF_vs zgK$4x8oi?SY|&8xd)2m6?@0<9LO;k>*0)3-K9tVFrPBADjlY4jWz&$o`*H!^xz~TI z<#1Cu)SI}a2&r0MpU&#_C9=IgG>A0+-T*G|Y8vO-ueWPF;FK2MW~08DtOK( zmcQX7%HZ<2#&ejui^LxDoZSc7kTY28_yaQHCa*P|y$-v)3Oxd{k{XF>X!ud=N* zBS`bqxyTThDM@98E-WWpWQUY2)daVnK~;OY^7Lz$brMZ2mm>~zKO8eE1bp`}RSv%VvbQx7_}*KImnJq1B|baJw^v-!gmt$j6%gYC8tFNeQx0P40Tuacg2JTuLJ zQ2h3_y15GvkLZ8cpZxfeg}+YRR{X0tthlM(pSU9W0?l(pPGs&<&Y>)&iL*RJ5W7eoy#^nW}qDKnF9Z&ydr>1LGz0%KlbNzW1L z%klH`lA$4_)X7Bh1udm(^|HRQCn-kN-ke#vuoia1?5j=fN+XtmE~=s zM2N6%gLX(8YnNAL>AnH{QO-omhp4l$*|z%9Jq$h& zl8YjJ>GKAAQjf;HMDE&$@dy3OlOv(r!armS`6lp9nQLPm#o3(NDHz0Rrdg}L=Ym52 zr}(fiAH1Q==2+@TA`U=`^Oq8+#2Th0m9~H=AcU>35_Ryt!AfMxDuz48-?sVsW~xin z)I}_**4GF;P#p(YONVO}K`=iYo&a^fLMM;;`gk9RufQBjQhIR>B^12f*Z*t|uO-H@ z$}Dp&VJP;r;mob_9SnPXmR9d|*h&LD%-Q;SBV9=*nKe_3{HF<-kLubPtEe!hl)i{! zWJ{#NRlr`t_y+?oU)?IjI8U)21&Yj9^{Kk1N{&7yFG2I@`mC>(!uRhupMdugDlN6L zuNd3s^n9>Pd|B&$U-vIUM8KNk`C}zI__6OHqzv+J8?7Da;SlV7QW2_H%mJHC*$Qr6t{X7j&{>A5Xx4x#8|2G9Q*O*`DSWTloqpT^10{KNyJ`korp!j zSpXS}HOCdl2FRk2qj_>qaWYo?n=783WHv@2BTT+Hg69!$9Kd&W4r(0q32o=()SyCo zgl%cGtcazd>eK?X07_H8r~tdU80I^B9Yh{Nxz^9xbxkj9V>j*WB2`%I7PYqD z9RK!aAY>8+t=VBP{_`yE6S3_r&={1w|IH1**iAu$pL_3n8$SuzI4I-b3;F(dFE%Ec z`_n2E{<@-uGi!0zu@fTx@Ft3mBLYJh*-s~w=3EWMVK*@B62eEcl=Q&iF@^NB;;v#c zdTT}cx*Mf)GsF$5hf07gjW7{*G5J)q1eoj^N zXhMq8Tw6vZ z>j(sPSP^ZC3+%T{qKl3MMA>qg`|#oTuFalNMg?5@X* z-v=UpdEd+kfarPy*6h2IabB@(7T(s%A(BmZb;%&w1_%`X!(UuVry_{1NzfvY6Don< zj^-wbEaXx=zV!#v`r>4pd}B#TpqVcj=TGlIW3c`|{zIoGCLZ2sPInKXw4#kw+G0A0 zS($lHO1T|3j%o7$GARlaF~XZoX$bB*nK%aMN$8oEUu_*9ORVpj;r_R4(ADe+xt?bS;>w*-_sC z{g!88B~GA(NA^ahI-P*WMy8!6$_k{93%I(?N0zFq!i#Gec~lvX|Hr?K0F!5`(0Jf+ z)AMyB#fs6QiSO@p6H8P5*DBlbyVp4$KPU2ZcNkN30omgYg?yW$&^9i%uS|HZ>^(@C`nuOIIb z_1n^_C*``_2DQEZfBVpqc97_S{>lU?wy=SV;gi*w{>n>*_D%q`1pbGS1B_H}bs+W| zY19#FKJI?Q_D+l{A&OKx1zzf&T=&Ztbum^UhQD*eMY-8@Xb~NRSlRok7Wx8S+3|Ff zOs}uz9e*7HL|@Dsn#WFmmdd*O1gk;;<9mPtPihwk|HDIgfeGE$;$I`+N^CPAqP|4H z&F45HCd%ec1?jcSP0x(X%Y#{s)OD+wP7=69*J@Oroooo{+^^mNH2=L;`_=YZo`7KW zo$bAE3*8mz9*32vMRK^4IJ5gC8wp8&9NUYyi)Xi#aF6{%lBGo_F9Uw`NAMA~kBgra z3};Jk?7$b-xd6dudU*?9j9G1R`Af6OFc#&CGpde?URM+Z&&kdHGV_8V@rQ0-;laYG z2*8AVfd>K*Z+OqyNd-o>M;5m?U-l#m%U_pNP##k*>!9{RDgHb;8iDERS)#A`QEV8Z zjlbl_vry0AFD0eDhP&FMNaYmAzogxFafd=lh4toU{~^{s1tan!^j|ZD%PSMmkocM@ zAQxqfk2_F(;3yU*SHauz$w-kszw*@XQ*cbILMR@B-?|We?%b#05Z{t#x2wj`vOT zl_?^#wN<2=5tYG<+5rDfU@uK!LNj@eWl!37zuHnU`HLhHl> z(AbS22Gzl=yT!|VGny^nG{Vf5cSwC6&{*?nEZrm5RTvjnhZoR?SF^|e1(9J0EJM(h}+lnN@_gZYT*j_0r(xGWM(+YzvkBz>mnknL@0c&n4P zcmmdp@?FPp8Or3Kpd^<&6DAi0;Jt+}3!9UlA52<1My{>djM8CFKg7k&ecna&9bARc z{(>&6(ma-?)!*6ZGpnhMV!neiz0MH_fev<)aNWXTT$>`IWg4LGfqLgjN_!=!K`YAo zbyj3Xi*K4L!eW%?6mSauvU7kgSX=IOF&Cpdgk*3i=h*MGPvGeB%#++1KvE}BoYoyw zywA+7eTdqONUfR5zd6%mShD*XpS!Y&eK_x$L+ z-u{(Ysoi@<)*GBYq39MwpBKmYoGJy1+OR2|3b#4258bIJ_H9v{TltD&Q=l|_@QXlc zHv<7^Lq~WGOR4pOLH}kgQeoXZD~l+7^O;km+zu{N;*Ehpb6{Sw6$Y2U?odEreDM&q zu$!?sHrS}VE|!E#_01@caoM5PX$g4eV_Dx)X-|tJD^R>E zkcka$mG||u7D|Ph-dIl~7i&6HeDQlH)Av2)w#~O>Wky+dB1Op#r%}PEW5Ii%ln9Ey zaN_EKZUchm9^N1toE&=?!*C0(6?-m{h3&Q42QcBPAi~SJuPNeMNG%nzjJoRTSd3f< zX>-l}&+{DH%pm~m?}JO`-^83dJ0O>~a8u+uIgsaXHcqx+&OvCa#{6|~Vmrm#{7|}( zYVp~F-6_W}??*~vH19=9rAPeSH`EeL-V&8-;?<{e(|wBjP%Ht*?kL!QIaOYcxBW=~ znDWv@aKzmt0aH3n5_82GZ5;yl;kF}Bfj&Uw??WFUmdo`yK$vv#lh{6kq_`1NZtmd-dL~%%h9wq8$ zfz7&lJiOX$9kZNx=bDNDRVm1C3!Hg`L@1blw+g$Eoj=mZxS1LzCBX&nYsj6 zDu1eHDQk)xPZVX*O~;sh8!$R=jb~{454kYHI<|?pP25=~-BfKlX?u4~o-sSbX|XK3 z9@ga!lv%jF_hhl($#J|`X}#7vD!bBJz}m$^cOz(bkT6z?T^H7v5Ga5%Fow5!tJjh} z#!Ftbn_$+*a9ZOOfSa6ni=(wq~FK1l7s{={X*k4JO+u8;B2| zY4Q&~6e*C$%{eHjUV~P=ogQmnU8)F{%3Y7%dZm5HheWAy#g(CHex~hO>k;XC2arvn zF4ccyXP4to0dCGx*r((kUBL#8O#FWLp$DPcxQ+{(85>&i(bd9)3U23&i9C#D2{}hC z#9G)XZ;W?m(^c@$r_Z1C6(k|qN9VvO{|L7nTLHTR-hkZ)_R-jFzD9lp(G+;sa!NiI zpM=RBq&V`bH z(kt@$VseJJei{7s;9xWLdqU5b7|(ntf*DJI-*bH~OII{bc2%qflV>C5ysL)(J}+pH$UxpivZXoewi8ME`LIZ*tH3_D}D z$wQ&am1uLnIlKqw?RMd%zdHU^m^25QfNt#cIhK)5Qon>@Su^p?i3v*8bSjt!)DT1u zIEcJ^3^qWtF*rzcYa)CJWC;>=j(|B+s%KVma?h$C%KB~&$G7D>k~b$udgZSJgu)%J z%gDwp`i*g=5xV0*O;Ly=8b30)>gR*5TxzGMbWt(9Z@WcBZ+bw4Y*8h}gQ7ga*(TEi zc;m&1@602}?uky`3R^2@{4g>pOn0HudTzZJ=z9HH`WElM7N$+mfszrVix^69%`lZK zR1j2D|5OrcB8RS-DjlXUYZVo_Bq@%5e@0|P4^a_9Pkn+&4KLG_>e(a^^{FB)!;__B zM~LACe5j3pv}^&8ECri4c#8Z`LO1h?O6;~~Nj*m0C31n@2de#_iRDk7Rw|gFXUukq zIas~JH*{IDUy;IKAAoj#7WZXvYr;CHR%2EUw;#?+1T!3Dtc=DrXdyi|_1lssv34!% z_1C?H75iIXV#@IBYnQY|xRm!W?*o?`2o3R4-d8vAiO1(|W^maa3mv`4-Q||n7S*WB z*N!nwx87^IWRUVhR>$6C-68tM|m z(ld1hhpx~jD`_FLLP=G)gUE>BX@QfAKU(bx35bi|v|521;+HlL2QMSIX!(uNqDDEe zV1}-c-epe#b22Ge+pEadnIlqC5B;=A8N&+L9d*4kIr(7Oc>Il?1JuDt_gf;}39o>Z z&@j8k1rZQy!f;DPMGAYSOGaenw8@_4VQ{t!h?{^2%|mW5aFy+8wC)NA`pOc;xN+>S z7z1~+l?TzSD-Gh0Z)I7o0Bu4`58D4VE3U@Dt(MJZy=oU#B6J=Gi=+oK7vV7fJ=m+! zrxH!&OT0CX8G*KdqeQWqvD8VHQiemDXWa+5ukXTK4Ge1J^MG`Exxe)^g042khSV5EB3#j~`UP~(}AWM(Cna-FI_}D(+1VrZd72X=5Afn*PH(vzdVA7Jv4{?%|+GNRwS~#|QmAEHHH6 z>}W!;z`Dd9=-uwL@64_{B8bF!&=@5^cK*Zt>y`l$=jk={j-~(?nWiZ|3^oJ8djj(x zxn)p=*20Scjs89U+8+!Fc_1o%o&Y%s-eqpr-$xoeGkj2~4+`mk7RSS%``umh1)$9P zSvZGSwjt)?<2y9024DTeBYGeH}AhJ^8OBdv(xc^W<;}q)PObLaX9gf3Fy6ez5`zV zjvXx%$l|*XJr$<>#tOKunC!q2J6-u_rnGi98K>HAkamA7DN*k%V+iTVf$jI`r?nG| z|AsM0RRO(XuC5~(3Jtrw+LofA|jmeq*-X-fMH8^?_`Pf+H$r z&QTfi2xrth3Zk?sR_>wtD^~+h6%j5O9Ek3ejE=VDF0O>Nt5udrsvq5WE3t3Ig323X zNDJ?MB#5O>nkt^;ML-(U?3MC?58Zw*M+C`fL2pzuUMK; zJw8Drh4oU`Tl_$+U&s9i@Ul1yVLeF2v!ysAul;!n)?M*lQ^TJ2hz%jNed0xWfIa^0 zV{gIN$`O&RrQH4RRwwNADzY!jJMVw_(Ci2|)-SV`aKwWJqwbGVb*G_`VJjdX+W&2V z_H6*8pKk*cI>hsxW!8=%z<}ZJLpn0}UW@kf&^F0S&G)_b98D)VPQ)%tlBQ!y@{3Fk z-uiIW2*7>3)FIWpY1`>aaoEWF{-OJ-*Ot?gi*p2 zWlz*{!>v_?n`?A&tOLcq@b0mBaq0vs>c|dzEYTc^oU3b&hQi~i+JspYMC0Dm9WH47 z6(TbO>T^hQ%s}aUVhtw6dZMxM2AH$%VksxLp7KEi5zGa|e@w_%VxKC!w&8J=6sO(s zE)u;^&D(NsPaU`1;h&=_T3V>(ZQ+BMWae*secua?)ari zULts}^w26;ySowJONe)195*c!2+2%dS3j9=x}ggpk}CntG|!bq<2ndT4%$9Y*RL18@>iW#F#$(Nn9s&AW*Od4 zGBmR{Gr;`xm-f?VyvPc5pQ^!(VeCS^Lr{mitXV_d1tph?37^A+ou}zstfr|*v3};r z?;jpLJUH5W_i2&u3^kFIxqDCVuA_7ZkS&7g#6)ssUY>8wG2?gy%Z<%^C3LEYctH{d zu=!J{i;Ippr-PL%Crw!65XD4Jsq^b(=@WfQd{iX3r%YU;rVq{ z|11bTISS2kXF1U9Me@Hg7jZWbILd{tSp~z~o{epUUYeo1F%odNa%uJIRMV?oEb03mUyYIyRKo3&&5w%QG}P7 zndSbeY=b#RXk@wWSuzzK&%hN2dGkX_DV@hL`w2;qInlWpF@uAZm%(I^%3zoBmkxKt zc4gTFHMmcllPhcth*^Imh#3f|2eXMq(1K@683Jz8zY(2f|1?^0-OIeLvln^g)g_S; zI#&D?KDzR3nj3)up?fhf``$5i^j!3FnutuHYEknj>~_g@!6@RY$^9jz^((fX7)*6# zxDt=zfwwQ2qAv3dCh(}mlaW3@n4`HCuSQ0gk*VJ%hB9?9Gr({}JJS38$_bzeqk27? z^OU&XW{s_>AgH+wCXF6+tCZ9rZ~Ehn#NaNC`B&BFcw9j!wo8aedxr+RO}-kzb56Z^jnmRn;`5GMfUrG=V{Z9H>kD2X)6u!dw6 zsg)gYQCQ24hTQ}`c&r5OcxWf}=JvuDS^^ivni-s`+d2D!jvP*9Kv2a8-gkk;K7mD{AdDfr*WE5O^MooRi>phxt>HL`LexE= zY1&C{^$AXg)){*d3dFr-Ktiba7&i+WGjM&|)VjkQ&9p!4ABkDRjM?%4!VP7ThpDa8 z>qV`VOxLMJ3>n5oMuWA1r7o%x2rs*_7sr5$>xKW!#c_BCxvqi5R(7(#HY^jJEyME6 z^qf?5iP0Oo%AoDmNc6m8;%3H}WY_$$ewwb)?kFr?%_k;Nzzp0JIni6_(l+2M;@-;}Ntcs~ zE`?uilW;4Se@hVAIQE1`fehhDJ2>B_rjfqZ&=gxbt+64a;Oj2iFhq!-mIA+_i%`@f zWxvRIo#v#ZVUg`b{!epH0=~lqpzXhZ{^^NtquutDDnzdOfoJP}N>IsVys8UxG1n`A z@k(&Pn;$vyOT%-^gmTA=gYZ&;g48`{ZkHY_v)A)fN&BqKc=pp0Ls>M+LFk8+B`#(U zls9B$@i~$6?L3W$PSUP;6m>_t7)!mQ26`j?`N7eYI?1^;6@l8bW4MKV98;NU0OWL; z{3MJMZoH@m17+m@;_Ml?cUTi8O%PeQ)o71VA>NV+E4*aMQFodWqK2_Y=j75}U<_Rk za%R%lL}-%}J=Vm>p3exifvbx2h-KKmagBaXt<017G5ma+wgUetmUbWqMbgV!{N+iY@ye-)^t}{b0!U7FHQTh8aM(BF)=tTuj0Go>l8oKBZWT5gxY0 ze!j)*c-ts-T!NIw?)G#XcieU~mh)OR@~Oq0lw>b8s!Um0isKVXC-)b|3;so7EMggD z${jaH63Hy4!kux;;L*7RUi@D~CV;I*;IQAnThtAWP*N+}LxF$JC2WOc~E`r ztyzAkLj$4Ge9oSMW1B?xAIjJVHwo`Q1U&9-65l_Khl)$9-C!XA=j20;5AMezyo?6E zDf5tAP0-{P)b63EZ`UfmL*smAv(@m^$TjSO>HT*BmT{91|5-+aRM_CFE0kGSnf||@ z7=LYbXTh#RP@xZ*5nMF+eF*mtHwkW$?2p|dxWRvsUVnXq{}NOD`s)5AHve-DyE+&| zcMZ>w#P-&&^5(y|H)tNa2s;;yhk+3%<5^!1_4+^Ia?m$_4DpPBJQD0KdzX#0tm%yaG<~Zmd*h`Sx-f!pd-4wFPdZ_=ryadWe`&%1>NqmO)ZGSHfS@t)-7h# z-W}Y>+uDBcp?Zf+@lw&t?fHW5*_Yo9uJ(6ujb-Hr*fYKAz}GTPEla~55B@a!{eH~0 z_q`%tzN%$igk9`&S_5HWd>2RXPk4)o&BP;tgF#(Og2Ik|+xwPUy?$!fzhC-4;ovn# zfz8H@r#w8>rpCUkHl1>W1^t1akHUuLdh74j_G@h}w*X5Sk3u}8eF6oy4Agj=cFA1G z>1%Wn$Cmf|1Anj6R5z9hCShO$0S~18b7=VKbLG6;n*@7C`TLc#OGCZvF4*ku&8TFV z3eB>8rifGfMfbYZ3!@E{02$Hp7~hpNB_&7YU7@h~(a6@R}_9N5UdO<>=p2+cx%!Qxf74#23uhZBDni?@^r%EH_$2OyWvo(O}c%|4Un zvt=?^!O%vj-$Yjbd#wMxt32vnVFc}|J0M>E_JT}+lO62D zWuPc4eCE=>1XfTR+Ip@-6xn41TZ+=H{}>q$1b!OWK%K{#-=?mF_^ds>sNR!M1$E0h zHGA%GF>e0*zzW27?e5?c$9|yRf$#`e+?j#GU4wc^O_eCF8zh_mxW#4VV2^RZ4{Lh? z05tfg{sVvtCa5lEd~-0YPT2^dLWz?AHJonT(td*-oMt2-a(Zva6D(M`uXzO1<3Zyi zMu(s{1bbOhtV&3`tt3_1m2d`B6tvrs3HVdIxTawFl)Wesxus*)wE)4L0Ts=sBZaw5+~pu|RN2oKsVXxwuEI-)i@a=@YCJKU!sIx9&}TGs{ktE1hMm213o`lbavWC8V>=Pz z#Rt|i_@hxwsw70X<_s6bTLgg?{*BX90Tf>WqXiMP6`8eyNLKDG*zrIBDwjm`mU6%3 z&2F>5z?T?G6t*|<1H=FOmz%;!x1X>|X@+yo#*aqS6Z%m`HjP#SK|M_{xT$cwIQfdZl#!@O4`fim?&^nprR$}OIgFT~-5y3cGunu)>8prhNC^jB-V_F|TemNGtP^guMCO)XTXj|D zIMii&u_{pc?&vN3JpW4^>ZzqsjN0OlQ#TTe3EVOdb-9%*&bcw8EU&m6y%}#~nR-ZQ zdzJ)>AfO>H^qI|t<;sIrxDf%^wu3GaY*MT9tYO^mD9|g!y5H>DiGorWf7}Q(){RtL z<4n&{queJ#k^1cf#OA^L7X8UIKJCS!ffTMegtHlhm;^g@O(l}>V}bDQOnC*9HhZoo z1!hsRbY@**fkvx9uSn3o@Ynjn;8f`X3altw-LTW>7q_BK&%ZPMac$fO{XPVC_^;Fr zBY9mV)5ZSAI(+ZZTY5vS%L+gu$8}oq+@2jK0R`4ynr^S54g3=?%l_(XpTIN7Q%WP3 zF#>IT?sV3gv})Oeh1YsdoXC`%b+oAzO4Fx(LD>B<71!`|XYGKcymODE&V5k}3V%E& z_4r&}6Th*Hezc%kC>}!ZQln=h^?u}ZiSDu}M-E|bDu=3wO_pV?>s*1HPvW|1 zfwBvIdf?&2M`*PTO~yl+%j+bV6^Ru>_}iAni`vIo=w3h{FladM=56w(T{MhUF}H50 zb-(u~eGR=LeV>ALP1`ke{_Y>uTwH*ThUncCQ06) zI9WlC`!1&P!PFH_uZiSinm&mgepd_R6*junWbqSSypc~=I8(UTNUFShS7b)!aus7Q z`vhq*uWn>+;H_mLPmAb49aOmXzj(aD3`hnOc+o;>ornCMSG0~nzFXSk03Tyq-`l<;Y-&{rbMq)XJVVU=B zMbOg~1$HV@vcO02+(tANK{0!#W=bBzr({X`jKIFA##1`76G z@9(0hT!YY5q{Pd*yGNhvGb^%qZJ6jbEDCaCgfRZevW+ys6r*&A1#?_!3eHUXt~%@r!5Y{ip?!V?ME&vRVNZ8SX#j9M=?U=I%# zjUq6aUUO16(aTEa&iFu`MHH-)50L?=H+b!gc+=U=z>FYS)Vn+UQPh zt~jg;x7z$*hCMkSD>$Sc9?5n)7cz4F;2x9sFhSpDvcBt+MeG=%Ja*HgE9?Vb9i!#_ zF+Er$n0ELX42c5g9ysAh-@>v75#noLPA#t?CDB})U=fNLxYlcUUA|3--QZ&1Wf7Z0 z`k6HE3Dl5&W8ztpB^Yz=P-7AzF}yCW&@>&^FvL|I8Qm)~l;aVH=fU-ly)>?_Kbf-p zq*ZB+mK1KJA$>Gd40~CpyI!6qwL~PbZ}Ye+L;GZ_ua)23iB;Ai;|FTGpWgZf0m^Z! z!2`H_=uR?txA}u>JW|*N)Wq$Te33M6*kW|L1lYw2o~iILuR2*}lMW##J?sVyq8E)d z_^FHWB=d*E7CHigqHN?q$CLnUzZ5QYGo~0W&tA}{G`N-u!g02r!n>BoCd6EE+=JIi zt_XT9#PsPfy1MxW7y6hw`Y6xm#tWgQy%u6`WyzH*3Z6X|`Al|dCUNJjJ8P=LP8|G| z@xwi9+I0l);7G+L6T`c`YqZmAT7hUHjYc<%#v;&m%nQpf9gXZwVR=kOq+N#0C^0=z z*BCooENIkSidMXL=1{Ffw+ShD$Z3AdvDRgyczB)XDE0dsKZVGbC$3ia52C2Z#PH;T zeQX{tcE}I%O&ojiDUAh-Wz7J4(v2#DyPPN!m>TIF_No1H*s{+xJ1^MIkUgK%uxfsITQb$gkWXgacvDf zF4TgGD(YzYado7GZo?qmFs=Qig%yI}i%6*OP-QXcBhIE$URTp{#K z2jSwFWi_DM&q1^jhN=FT?BO`rfuGaPOs+P+7_Ne;zPTDOJBsMKQ~W?ppEIb6o1P3e zvB*kf5AD3BfX~z@6&VpvW1$wy1%#rYRa-G(7X5su*K?{3`pbO$w(_G_&W~)Qd$>|X z6agbj3>>Ub6Lobwe#fqqr_MKNbUaByH@uW*)Ip|A=A@D+f! zpVe^Rq4ku9S5F8!lZlMrDvcErVIx#L`wvGY)?6g$(!dKx*SyZPgy#x0WRXRj!Ok&C z&}-DtLwSJ}fKF%Lr9LN*=(MDX5U9)wEmmIxqW7VU4z_ZA&hypnCt2v613^Z6X!Sr@ zpJ3h_t#Dd5PPT4Ljw0qnt;FbpAh+t8Tf;`PV4M??pcD`5#Q@1zn_#XcW|R{ULiXJ7 z|3sDEz{7P(cRn%&UYL_>U2pVk$Lj%MG~rC#>}ypE6%@4R4m9NN{e4{&bx+o_#^{sE zHN!GFpg%GUKx9$lKCkV^R8MTaq}PV#d^eT(T*)Qj~0U)JRiLH%tCeO<-n`;6>F0hjP5UPyf;n~s`vF3>b+G;U2u&S?G<#x7mJzn>GU<{ zOQ?k~)j5AM_J?eP#F2%Ht8Ukp#TRIIWV4hqDJ=IVj-!qG;0sHTN&&Rieu|B`!3(0} zg?nZybdS-XyTs_;w=-lGwR>uIS_>P#8^iFt2Ui{_%g`dY z$XyzX9@vd+P1weN%mxn6^>c@3NBB|=JSFMM(8_TwfzufN=~8gXkLOlZ>KVO)75RdkT zvMr!s53*1*JXEXAAb!nynVPIdc=xbugT z@oarduN=ZsHwm#!WQTgdk zy`RA<3ia$r;8A_Mw-@Tq>raQEB9nr+0{f;_@qLa2iR8;)E+08_oSjf~wiWfH#l;FU zZYo|T_^BEjY|kJ)D5ql4QQPWFDxp#rlgRQxb?^wGZ1M;z;E6hD` zq+UHIqDQ5CrFV);Q3O+mI@NMh5#ygKUh&Q}-sL$?-N`tNKPvb%AsgAgF=Wnh{qP$+s3wJJ&E86xw873co;Gl2&D!l(uc*T`w zC%GGDWvYs&9*Km9(8(OKm5y3ewnI&=Pfk6TuE%GMRW1h$WbSoam1V`|N!~WT_`960 zp~(dvDa85G!Mil~3R=XHBmSHJ9V&a&@&V{Hmzs^}%q< z`z5WeO8xm8s)|dEsG;L-H*IIn2lfdiNfjImd$tI8Pi5!1Oao5qDV(*&-@g8)4=-c< zh+IE;4snJO3J$oVxPxxWW5QBJ9+lIEf=}?$yE)r-T}?fhb86;=T|@0|3f`X%Y6~vcG5rS6n)leXMf& ze$IjZwMhq=A`h{jP^3Q)_wM)6N%U)GnCF_6`SNE+mWWp-5C%8Ln0n8CEac2Nb~vGP zpHsqIM-=gqX6d>S(@3hsI%&ScBq1bld|!bIOhEV22Z4&KG1jivqtd{s{hIAY!j)1h zf#Edk&*x8T9b8V&*K=E&8=5&@lBFvCyMdwlxeYi-1mdbwM?swWco9p+QQ?(huvQU?!osx z&-EmEHp|*&%wD``6~(#IagtL}e64W$aAzakEsIkH=q~dd&dQ~i*5v&g>kBePcYA*O zz7jxKs#Mhl-~Fv`i<>Vro~l^jTA!@O_Dc#B%J@Iky=PRDUDq`lMJWo>LAprqC{?Od z1?jyA%{ABF;s>L;ypSZ`TB0GZc39`Z7}P zqXj$Rrjj?NBwMRz1e~sRiHw`+f`-h|DqVT?ZrqP#^kNappLN{HLA9J67?7G#@3_$Y>M$a}-ZbUO z!SEhC+*7~@Ie`Kc`$DWg;+Em zEW+pCB>25Rb;zPSOv%YGn{DTaVJ7rfCf;Q7wmr!<-R2D|0UrJ~^zQDJ@y3eeU-hof z8#GhYYaU*p{wBw~qxW}D&8Y|GTUq<{um2CO_kTkNUvdUFAkqT!myY!)5OcKXNFe>w z1m}?1GKV#o?5dB}{!NRW;N2?|0s*L)URcVP!Jp9)vgkiu*-{&pU5vgP+EVkR37j@& zD-9F^-rt`@yY)Y?X#x~MGAS}t(L23}lZ%vtwKnd@PI}u(`t$FRJBVMah5?0sjNwTv zhGqfYsqZ88ljP4v32#X!%u`l*DY+j1iFmh&RA^9+%oF7hCH4`Nz z5mxyi%YLL1F&mR4;i=+tp6n#co+K~kv{|#Dza^j_qsV1ZT zGi7Qdwv#UBV=gICQHE`&$VHhoGBQwd7aD32*v0jMqH0#>R-g6Y=3B5UyQ~P#0v46H zww=wmG+k3Hk3ah@dzwE#aj+iqWOn!M=g`jS**cMXx!FErp?c5mwq_NF)BP4+kVzYR8ULz0NkHk({fKZp3z;ZnfJ3A)Lxx%6=lcH{;g7zV-|uI5NcG8eOU zVIdc_fdA@~-t#Vk%k@I`$19CA*O(UT9eZi0F+0QI&p>!1I~ zK1t2y0`~S1HJyfRi(f!!mL#dQGAE68DQL!AE0SmSuhl}qID#Qe$dy->r z_RF@Z5r$q14ImE0J1CE6L-)4vy1W^M!;eu+7}Wd~Vy}m&;~v>ozdN6kXqX>-0>`zj z8JQ9e#ES#>8I3uS#n`06@d+ZB&WD)zF!2e6**Y~WjE5g1uy|YN1hQW79hf}Mz_$o{ za0c)!s^7EnyquM7A2Bu_OTeb${-g{b-aN0-d`5lxSKpYsKFA!D%%1^w$LaHt_rG0I zgASJm-J5Uw7^3z8h814{!w%raJ4%~Om_aHpepDo=Z=X}RDi^p7#>r|pH;o>+kgwUN zCE45on4`cpuZz9xwmOU#RHFOa&O--j1$l&HBj$X&&7AD+Z6<|*kAoEj@Z-Tfj(xw# zSIUaQJa<{|z+)qmN%X6lcYh4`A{@(T$bGs)o#_fq#m_gNGwNo%Y$xc#B2DdUmd5|} z7>%RP+AzMZyWct9AtZ*~X!i*tVgwp(O`mveLjz)M4QNy1)Qc0a-YU+b$VpMH+u)aP z5s^MKUDPh=M3&Bd?u*|%l>*z=fAApoO3Ny_k@q*B5Vwsv6~R9mBaUXf<}Nnp-dZ(* zx%Wsr)aqYl*Z&}A+x>p|?e&Rf=^qp_N*_5f9%Ou;@tAfhba%Dg9eyJ4*)`$3ow`-< zwCd~NOU!nuPeT2XM)ClNp%A{%Er3_YyfT?j0S@k3dq$;)nLcOAfI!MXR(FNZN3{Ks z?CH>}rC?l40+3Yf8YnedX^W8l(R(&O@jQXg1K{O~s4JVxVFG@Z-jOn8S4irWY0%rTVQ9PRLXzLE&CEA*$A(Q zs)JKHS?>m`KIS~px~OFBY?}SN#7RSH+W+2bdiuwGyE&hg1F++`F&2k*Mab;uYO`9> z)W>LFR+j&db*P|#Gl-NBB~o3hD{>axk|XvR9CI+FuUkXZ9|g_QZAr6~ZQm=IUayo8 zoAt_%i^DB7r!Nb^d}=(eIt%<`Uvl)?H}LVykExcb0$--2oNGb!K+E2;*e|)wD`|ko zjIKl>lGmUB<#jzJErZ zy%W02Jnl-yEGpG}dK9pI6#X1Tc;w`1DR&N}@T6@`LohzpVbiUphX;ufQU&4w;f*bom&`(Pt-d;nG`maADA^lIGdxW15wnMaqY9c zrM`Sy`SJP~g@3x{j)?PMt%mgYY7ow?_p7GSurZ?6rE=VIGxK0%{k56K5x@M#wM1MR z^Ya(ZokAq@#<-2rwg>0A0^{}Tz5Jupex-}9_H_zqnT#&)*&2U?@ooNF>KY@Ji-$7W zvi$J2(~4ay!nA<%b?96rA#zfh-}QGZIKa7V@s%jsyESaI)?%(^Fyt+hptJ3A6!@|c zV>jMd5b?x=laX0ewe(u+0iO@2ikrodIc8k0xffAC4E zj}|{L+jG{tD~cn_C;lTKyS=h>m?J0?&Da_IbQ*Sk=5(z=BwG ze!NumhT!*JQD@$M>E(>wcFh{@(kPm~yiEB8T(@h8;SBYNBNfVAio{Y3qt;yv7aV9N^ zn>#|X8u`Uric&(rfnS5Bm+@E44fj0c@9!Yu)nccE!`~yty|uTV$Ed2U99=RG3yeqg z^Wy=V<3C)8L$8Gd%&uD;aR&e@s>N$bC`()Bsi_cI0i&Kj@C8(wUg(A1m>Dcv#m~6+ zz6Va699f$l|z!;(=Ctp@wJqwx4)MC=R4KfDKnTIz@}*~jUhVhDe7&$?!& zwQBP>P~!cK_dR@kV4#egWZbG5DncF>Ouen|yrLp``-baP>6Ih~l#OEJz%Xz3crfZ` z?2giPndgv>FmPh_+e+2gN^d~e{L_4Cm@KTO3}X>O@PY$a#9RjSrK)KsNbV0|W9Ne{mV zCrU+<-$KqU6ewi)MFv)t`afY~bH6*j%^l+Ga*#*eQruhtCnJww^sz-@DH00pm89cm z0;1URUkI;;U&5-rPOgt>WL;|)mE)wE&asa=Yb zbV_flTfb5fF=aukr;5WBy)Bd-Eyw_)ZR8)fO2vwqg zk6E2cpPuPFXk*g(DDZH$mPL8*8Nq+6*Sz3O_9ZZZ$ z6pgH{MlpRrz1cw6E~cexBG%$%4NkX3Zx5lxRawD6)O|K0OCv;^5d-ul>nE8@3Fd59&K%115e?-XCXBJI`E$oU{1F zTOIrLzU^W#I1Z285#8W4Jw4C*WDD*1bt3TFF?L2}sFE)81&YGu3$==o_XG+?+8{{Z5=o zks@CFgj4N#hI?c(u?8EhTdr6St$uup?t`T$-klJI-AXnMC z@-Ws}zqpRsEI&eKwP1bkB~hi5@Wt1kH-e-tz2@gCeV%Gb~bX*5?pbSo)Xu};b z=h`YKb&1Zk1`^7Ypa}``XD=Sh!=oYvd7cTM$q`)ZoAvs7(?Sb9#B{FxfalMKTR+#V z+vaDhq?~&VBp8_w+cSCbdlyG-ZF+4yC3z9S4s|``2>3DvQRr5I7pid7iQ(zn*Iq7@ z;57D(i4nX#?|9}RV7|UZ*;3d8ArACHjRTUs3mZ|x zT_-Ig7&clnX=4e`#u3sTGG*D%$v`eLZ%+>0Ft%(wS2^m4H)Br(8P5OuFjD~OGU81J zxkJfpm%EO7*;L$UOtmIi%+&o(_{v*6taqc`8Q-Jdzq58zp!s9-=J42G1#rHc^XR~i zPpy=ORA(U1m0ZOR5ksiCS;L}YVJZpj==e{(zEG`sIfVPL!{Qw9|CMEbgRMDjJvzy= zk2~jW0uOC^lV=k^vaFBiQ^4I58CKD5zlqw zLLj%<8_U9*DznFmY(92r>~)E;JuLMPy@SXJ(Fcm?eJZxAV^vUShR<3_S6Kcu3zF@& z>fB+SlkB55heL(Oyep|B+pSA!^Elgqfe(tSQmL`jjB9rp)SO+WK!a6c5`6$7mw*nB zZP@yc^@`~peM7>jZwO?2fB+2pF#jrB5U?*S>^}?uj7H{8D8^I zi-a+tivqbpkgX?k#(dnmql>VhJ^$6{2lpD>{$u0Sa(X7~{~HHj%;T@~9ZaWM;1J3@ zrF)XUgK&QMtW1AZ{r$`TXePh75?7r#P2X%jCWaqZZpMG!YR1VWjo-Q+cCDQIPrA1L zf~lasz9gfy%8IcZYI(rlK$mu)Hu1E`fYUHz^iD1w1iS>9)+8g=H(UE}C!7&}JwB26 zv~}{z@4<~%SSLe8RL$h}^PZKCd=1&YT2x}tM4IDmHu~;>_#_g!ndnt4hwi$P8*z!X zqdBB5P+csHsK{p^gCr1eO8)@gUHdE=f z=brka(?(lC9}!cD{d%c@0@PH&@nD3E-q!X`2eCjh*(D<}2*7OpG3X;~HY>mQFy?rA z3i(%FN|$-DDm&Ewu>AwE#WNo$%dQe2 zT8)vvhjhS5q!1P#5|kQbt5Zt4KrJmql*yQ&LXQ+4l-0DJBvI5}$1XOoJ~)1K>!=X) z*-r3tS&|X&ZvHs}&9fm|@le)5SPw^mRF97~imnYs*F}8soA_;a)V1YpbpJLymogb@(`mY^a27MQRg0A&DuKiJ_80uV8P|%)glVvQm zrk%jOPMJjbRs4kHZCBfq&1LMdWT;OG{^fdYZGchc2dS!MO3lF2k(dvgZGqlr>}<~g zSh{#lfm|fFzSoK4-w5?BO@jO0^^3k$=xB%@}O3rg)SPSI;HgOad`!7eAnjDe_6W5sa8 za+c|>dI$DS50yymU1nD1I+=n~hHXydQ%$YFwu1^6KBkP8 z2&{fzO|kgi2p@d^i}g$v=g-iWHO%v@idw{1Ktycg7hCW zDymFH?L@y{@+HaH=ohJegXLr?NgRK;@;_z{GadOh@MxU~K*u@ZJ{ZrG}K$ zEg%b62$C;jFBEm<^VF2hyscapn`ZU<;}d=Af}QR5WiNU#6H_Z(mLy5IjpoVD9TZvM zWK|x!r%)jtd5~YaE-!!AplWqO)ko?#<_y#Ayh_2ugRaO1247ZRW?i1Rd@P{-;(3R| zsdtO>^!}%W6oROMfWsOqGPxRdizYT1Y)-hhpfliX(-6Hmcj1KUd0$guF;T!O#}@>N9%k9KRaUzcq^>gLY4V6NLCEg+fK{c zOlG$@S^40+6M>lX-pz&1Ai#=$^63w8&UasOu+WuSx|hHeaA*_gv0;R41LR>~v)68N zb~Eg3?P7uT8y@0#2w2@_t7I}V)v1*av{o}oYulKMZO}fMvkl#`BS2!(DZSdvE&Cz7 zUZcqtzTWAWKoFN0KqsKATmK>lowT;;P%x~YkcO=r}LXDD})Av%3) zlA1}VSlMiPMR0gCp#hfpfTh&BwaEiyCTX=02p< z#pdGun1qZjp|gxv9HuejcZKXZA`ZRZr^`v&OZ~Hq2kmix(*Dd2n5*9wz9P zW(}F}$RCj^Z*|vi%n|UA1E0z+VQ_`S`Ze=y?wUq>&cKbH0LS%D&lUbz7F|~)lxi2tnBPepW82bW$@a0-2H%) zlvGb%UWiqA;m>8N?`GT1&F2JBI|%2I+JWS3GqaZ$CyS1eJHPPH_3p~6+}Px4^-p?2 zbxn33xO1k7>P;+^nr&P~1fC&!L%#`}4+~JX9mlj8q0s{vKX1toU_@mW%Za2Pn(t$G*?ovUa_kqax{Ih0zDnx{W^}#SH&n0OV>7wz{&6j0>)~hKQO&~cqt1|%aVfi4%GBZ z)ks-CRt-JpVa_!b<^pfV{wKXqexN%Mpv*o#?&*y%b%>sNjmK!j&g$M<1PZle{{y{h zWY20|$^P3ch=NiLhx{{nPmJ3}1fCvVU z+fDkz9T&$5F$?jMl^JV=tYGtDEuDu#EYB1GMS5d?PGSD(`T!sI8&VghLmD!A=GB~Q z-M*DAb!vGa1-s2@<6tYB=Bj;x9*l@i2-weG6k>HxXJ=!*IDle4?+az0sCoOA<|oKB zdL7neo3pcxu5g2v$pNO8-ztRg-$xcy1iBdkICKn%cD7C9PgdiZY289DpZ?MNd!JlE zo>UMDJYVc!4dp&B!OW5hI5b7Ybr4+glJMv#z*BWF2)3rSJx`3pSBVmoyvs^nTEhzG zoY>mdCcB%(#eDE_O(h)GahgU%+EzJtKp&Ux(%RtoR76r90o9pF$n! z40%9_o$i$w{Qp^EJaK2T}xmJI6i1IL~82 z<%yuP^zTy_%%Mw+^x;Il*Ea=59htJb&hYeW|Mu*+xT?VO^~K{^t`8YHvkV1kp^2wD zTa6%?`E>u=O=Sj4l3!j6ano${*lbFQ5F<9DJHKgYri~Tu{1{JpS-%DN4;$5H&)&Jy zl5u!_qN?(>g%^q~?3Y^2wXyG{?*5&gl(>une7pO)=cTtwzgJSHq7 z;__}{+u(F5!vI9=@`?cVGYPHD^hZmD2L=Z~p7W8uDQ!P&8c%vfZqX^d9_EepBjxzU z8s6ahP7Dvz3x(iBCC3P^mYoMX}5Nr>8D*ZDy5=yKR zX~cH70BnMP|1Q`v1qQ4p6+0VaMk6dai9h>d|3ggR1$w#HRD_EFg-y}$VZn4h`n)LJ znLE1>wfnB69H1m?6)BAO01wlA{_T}NbKq;|ZQ5|equyGJj2tcY)Nne;9Rc@V8EK9c zn}8)7P(gSp4B(JG`M$UpMsMF6c=9f=!Ax^GhkmGB2C1~1Z#?w#8#evhb(x8CQ2UDm zNZU)TQfeoZQl1{xH;S7US8_C~2_h~yG&+)CyXH9XHyWE^o(EYO2B*(N=ANt4ry$1{ zP>M;%-5vl4?b)3F5#KhknZJuz%IElxaX%h#g**9G3YQs<*YEk=di(mqCK|bYKD+(q zF_`W_4cbhPo(DDJ4vV}eBWPszSy5mz`31XWRv&djh2Hqj;hlN-~U1rTdU^mA}E>0UegrYF)yQQ5e z(($Lkl-9T}UTYaj+}w)IU}55{;b{D`E07>5t+T4VbVB#pBqM3XxwwKrz?=i`ANLIyXR4o7cA1 zA!TZ1mf|(gcP(vr*E_dWQf@eIZ6|Q>i=MU^ucxC-Mt0U)1 zAlvPE8yU`25^Fg)H$g54Bz$A|nMn!1N9G)sEQDt3n_rb*qf%!AN%9!YfO+yR8(_?i zmjQB_=YgL57)!+>!R`==i689iSzc9si###U6Qt|JPgnB6d6iiAQ#V_wg1QO`x*#Jy zyf}2hczA0w5kt5^Z7ca7sZuxVpCrj-C`jd~+M9$x^g@22L#Q#EWu`ujxIS;$_G>+$ z7O_>mx`Ofe6GlBXiEkNXIv#H_yN|hn!F+V41AFps(}Nh^VLnuT6#p#@G*}mi-n+%;;d{>?d5mn znA#J)-m@><9(XZWcmIW`)i>w5zN0qGdG$Rcq%Db@7H#-QCn`vXjX*i-DjP3Q9dfSz z<|QX(LHHKK;P98>*Az1%2V)~O{pQIR%kfiyL2%}=kz4U5Z3H7tI)`2o13iM6^>Og- zExE~Gp98Y+3%#M8Sk>k(UH+-)3W%$B<_iVM)xtL*nYmd(x zzz%GnYkKG7CATIdtT`4Oa=qhvt|(N?)!c3u&xuc^LkgHVSa%oDFsRzv9!4^wwat>kw$J;$F+ z%3a3zqGDQeb&~W$riY35fE63-zSeph=B!PC@pGZjS$&UmrC&WFi5dbKbZO6-6UHe+ zwhIv(@w8D*XLlo#cM3ZrY6uf^u zb%5Owg+B^hzj>|EIePuJHDZ)>p2tQ zxn}`8i&`k9$vKq{VCo6=S-VN=#L8CN2ZRrXZ*#Z&MK_nZ(FyWDXD}kIlqqgQN47tC zvyVPz7agTvc=VJ!Ndjy6VSp{K>hh+9$PObJA#Kq3XE`m;?Qai;5^o^YVS1SdY@0pS@iF@Et7MdvHqkk$3I2-2V0L?xiy1)*7}uP~wC!-s^1aAp52G)uyg^yg1e><<;+{RUK+gV^v&YLQEms~`NeYoG~qHJAsb z%wRUA3horg%-Ic|6iA3q2z${I3mYI$kzWT@a9UtJH>MjFY=ic&!l08g5H$!+JXkM} zu;=XvDE$;iPQ`DH+?1cuBQ|HTOC32UPM;SjL*a*f@wx5ZY0sHoQo-ZyL$7s6C2w;+nXJkmy7R@+}O%6<2zZUr@!%J>(LD>zQTg* z%l^Y>d>7eWsD@o2Ixr;$(|uQYT!i`4;E`)<87-isO01PYRq zzsbEXIxnT#IU%>Wu}a-bv7d&-YQcRJ3h;2AdMpsgie!oN@_qHZhau5_(uXC8!(DX7 zopi+}R^llwMlOV3GR5bghPia&aUk8^yw}6iQZO&YDRng~?IGw%ST{7seC)V2-6-qN zBMnE;)`;_?Lh2Xl^%j`c?kr$ZD}~nZzuz_=Xn6kf{>xwc7~+Fe>p;svsd#@hW=Q1C z{FpmEvZrP4YVvGZ{F*2VQz!8S>bc>4QPtjp=s;2XCq#RtAGeI`duQ(lxT!?#O!2y6 zBkkKa8mUG%NZGjD4O3t8v59m%`&Of}1SmR3Hop$d$rfYDGX=TK2e9xIDXqK8A?Hjd zE020j`Bz=oXy&hl=tXD{#Uv5wAWU=~sja1ws0wpl$(=S1V+|esiC=NHDBxeB_F~0o zyk)y_9)Nfr{^sAouM9eQEKt$&q2wBzk{z^0S{+4rMh=4u*ud3$y|_OA1_aWPWA_C{ zwRT93TULgX_1a5NQj4LsVm^Kmm;d?v>j9Ng@x}xmijV7&M=HgEpB*iw zTfp}CMb%?}>IfE#8S}R$_R!F?c`Y(BnG5T7l{b45lE1}vXG{*?p>*b zBW&cYqNWHIeMM-Aa-&$GNdy5o8u^|NvB28nvQXJo{`!q3N2O1Li64_=1!qH?x{ zaW+vH;~G6{|8T_=U`Ek_8OnWkBTMLhSKgXk$B@U*?FYQyw}90<&EM|E#K19z+DEBs zD8`CuPc@MXlmqNuECOi#TXwR;#<;C!GCsR{H{an3WY-R#h zf4L3tWuM&nTxtDa#S)ozJ@-Wi=_7h=8HgUj+Na+wOIJo}#e2ZlBDKJ)*K}6L+7R}H zv#(KW8OZv=`|jfG+;f&4*_b98)Sz9d*z!#Ks`Urgf+41}Go?i$i0((3+}KWYu$RAK zzwvXjwjzJ^;S_{K&Wz#&`yo~Ucd{5^cSLGix-JYGcFjir<#-3}FV?9roq+n4@0c71 zHca4x;$nK(bm+K#YoeK3PZm4w*R^|VGCW+f`RcAW>KiqE+8U0=q_Wj7=hH(WcK4P7 zfzS?G0AeKJeqNKk7NQ>8LM8n#yoOtGzo&0mO1bY7M!!t|fC=HTmUmciW8Y5{ z;ERWKQE=(tee}5jWmJq=i_hnm zq|PD)YqN%vZhSueYtdPzrwt$HK4F+z>WbFRZ!#7pHBHf zGdpWFJS+{*gh!r*yY?cq$XQ4C&vqN8A7hAtI_RSJM>J31TCy0l+eOo9YHQ-!kuVIN zH$-y-@>JAVyUunkA5KZ&pF0^Hr;QTkUP>!|XsW-WzKw7u&vn+7FJ0OY(AhUR&2u){ zuWKuuo){Qzo8A}UIz>p7MtAD(2l$t)!KKX^B44|52A>DVq;tG~EAHCgXDGHlwU7Iyr|*AcnBN;qM#` z5Q?^z(UN9~K6Ha6$2itaLbg z*j)9rk+xyrG<9GXwfFh9cStk4dUj0-H<_5#K*`o}*+#?EUb!!{qo?&H zwaD9Gn}4d~XV0`P2W@kW&n--H__%+W)ZA%=Vm$pxC!(vhNsY?y&`_$!M8gl=3X7kn zMPF!;LLVOvbWIG1_&lsi4wT;bJaTtPLN@BcLZ8_;aU6=vMfRbT(G)qLYt`m5P_yM< zn73@5t#RM?E`zv?0#_kT>58T3GJ-G{IqTpqQ|_#n6BD$861hE97Ys zJPtmX(l?c@Jk;v+%lq$}N2eD>hlLj?yD93jxSzZ3Q(ru^&vlpWrx-uSoxUNFIZfsN zW-ZD0NcZY<8}*yhFDV(!KEJs&+`Kci!y);UM92`_HL8T(tab4;vS;c+=VwPQ-b9Fet~UYf%Ba@pwmIDo8crAMvf<~kszVFh z)3bPXs*&dvEB;r4_=g`nGI7z``(jV_w)ju(`3mQ}O|e#OPUZQG+j9Q_<2y#4pjUP3 zWhFUIkEh`k1f)tZm8N(QLbl)o3mes#RMswetQH}2sw@3Q6c^teS@>n zM9%Po9kV^=J@3Vx?C>`XkRZ#FZy%oPxNq!wgK9%D7gSYsdqs4#L9tr?TteD4gUHz3 zS>Nr&>%;plC6LMI~3>IbgZ+o|U_V!j-C?7?aLH&$DE3o7&BW?#b%we`DM~ zFdROrDSb?j>RRE<=blO^%M}~T z`Yg&2$fw$`x&Ads1~|*3_F9(s@~K-e z$(e|)n<4pJuS=GRf61bE6hviZvl*nk1g8-$&^pjtFCX2v8%h)a+I#Y80u2QKxpYY{ z){teUR9pu4v{|mBDJLzA{}_x4KHjd`xM20C7Y**HoQl7A8*m6DiHDR*6~<4m|E%RS ziKyHkqh0~>?rP7rXvUHDcKHhC5d$+mZb9mEwbC1tFpEI*k}W8;IZ3X!ovyyp{N16s z!G)pqk-q_;*_KCT*@ep#(@1z?DOYD&bCvRRB-6~oBSpeJnu9dQZT)OSb@sa!7f29l z@IeAnY4{DTsBTzZ%)QOqS{!xO;mA9Vaa#OeItzwQBAjqe19Aq+Xq^uy1=8%f`nG18 z_KId+Cw5avn*}tvTBr zmI!olZc&`5zxBb%SlG|T^FJLCdyQH4u^bv1x5d+fb=6~@yyHKp!%^0O=Rb>d`j8px zB3@oz{+Didvc{&Sp`pQVIR_{I1{y|7EJ~CN6*QF;m^mu&*gGH9hvjugNh4ISu@pFE zRHpHUnFzk@X?yfnZRzeuZTUX^KrNg&7hx~^UcI#IB<-z>;PC)l2f_T-dc4y7#0fT3 zJ@Zb4-ktf?=wn+RoBoXN>lr>Johw_u0xItRtH2d!^#rE>W3nkY- zepZO`5RTsNp1uyE2$Zn^{#l<-aQzYHtQQlp9()CpoU8jIHsmFNs9L|D-Xq` zb?7ave|l_1G_F8PZu-XW(wl|r#Dr;bWApoAht;){6t-lhhF>4$Yv(P$++P`LRleF6 z`aQnr>v*iNxxDUGmV9RAp>W+4Ae5*?;2^&~#`|aVA?^{%xW&g6OCbV9p7+wSq?||! zwB1ixyC3Oo2s{z?xpTvTDRDD;Y;zMkSTua?uhvFOUgnpOn{G_q zQnqss8Vnv^BV7AZc-`-x3ksUoLTYZH16-}lGiZ@9_{QK+?p!?xeyA2+jQ(Aol zi+y5qKeN1-QvF&8_(~Vj$?Zn37rDuISm6E7cni{&UN0HTGv*hbRvJ1bHGvz~SkX&*@Rna8mA{AsMU*Dz zNk!L8+`zJMbaLX86)(|tJ=~also+4XepV137JgEK`sgy(s;qvKi4K;#axwblqY=46 zL%{jzQVo_X28)wn%xh4Mvh*GOgIBCo`HC>Am^D7UTlC*Awc}gxqpqL6BEVU{K8s2MD(M!WgQT)i}*vVxqiGBI3%V<_C!~AMAeM5KAS>M&xbGwFUM%rDbG@ zd$3fUC^9jlTiP6$TXrM&!Os#UkyT4x+}gPXA+R& z!sJSN#LS_3%jlE6$=%&ot$n2)B@#=#z_F$xT3crwtU1fd%39dFf!nKRu@g$W`a=UU zOfTVH?3t9v?&L?I1ZB)4C%tbr`a5!#nn`^TdwVrHk-Nei&8?cpd(eKD*Y;_xlVTM7 z7R?jmdV_U~ZDLe>6f?r2jg|vh(k*9W`>F=eoIel0?F_~8mvY$qoH~qGF2amUn^E=03G*lcYIAjW)d~W#z&$pl%t!rH4 z5jE`;g=(}i-^unDVOo3|CopLaI)HatJiFRAns=JF7Hb<`bWK9t?UUVd4tZ2c3MDNu zYpjS#JfrlKWa>y%X69cJCkrECy|JwUv3nZXGBcj?yS`(N;$_EYWOFgv&k+3D>A8wZY4k7+c$o^FCqNBUYRIX zXlNOfz~mU`SqCfMRsv}&=7oefdoAJ2q z2^2?hFL;WeLc=|u{I^_k!1rO2+5MYJ5+)s2b4>MYhh>}NZPih9m@4Tp9NWU4t8uBck25yRQc4EAKkH}W_ z=~@Xh>Q4kyxFo-P(LFmMg^sCnm4n$9-!qN&vK#Ro%7(%xZ7wKXofE(FgK>Wj0xD&9 z$n+y!aXU#p1)b@Vx<8G&uh3w#jnz$;TZ~fgr2)%oTIb7jP6YXKJRxKL$<9Hz(ctW` z@#ehAC&MnY^biZ(H09+Y^Pik!-=7Q&*)Y@cF}6^_^0$eH&gAe{o&6NPKFg=#Eu}Pi zE@v6NKKW4hs;-N-_k&+3()(p9>9mJzNRGyN$59s1HRbCA`>2xwU8BMh$$^h!Z?6=+ zF4B*d>5$QP<9IZk1Q2&EUp)6zk^aV~o@WWEt9g)|_b$RKSBa-1PWQw&q50>|6mhhJ z7Z%htD|H@)^~!3B%L$<*@{tu~ziVo1Mg7RK0m9bVYp#{$*764a-z2n2zM; zLx0ohsm%3lph^D1)$L-EybFv&_kJi2@I<#xm<~OCPZ7sYG$<%LL0UXN(ygfLYH z>nX3E()7c9Qr1(b#l81{*5P}2(Zdc<90F0d<~(0g0jkeu)I{eFMhi%pl~&9SQ7k-yw? zc`E^EH~nGUKV31@XRUB`d7N8c{_4Kz-jO=#S@rwMgxI!G$+i%!{gr*DiNhjtZ2E369ndeCsmV-+mf2s%e$e8ji0VQ)JM-Rb`;pU zf3MH);>~Y=oQ_g@FPc|&o`001f}5(D`fPZt_|0!93x?L=wLYdb&IdJYJ0&h1Ub|Dw zlaViwA^afdJ84|~UOqYR5E_$j3qPH>J4BT(@qIpliJlst`Nh6vqt;U&U=}z^j6OCt zrd5gMD#7wXD4D@%774A^zOoC^>f?akb}YN{p>2^VLTO~C@VZWR>1WsD;5a)SQNC>D zdrH$mg^u>$Y}4srd0ZRAJ$WLG=nIaiN2K!jc4D-XIi&cIB0ONE39%q!koqpeM_U6D zd3@%YRDj%D^YX~dl{UxwcW4ff$d0A2cuc=`Ct~uJX(&VT^+cYeg@zHQm(=|BH!h{> zNFZ~wc)T0$@Q%^MX*z<2PO&SyC=RM*`}*bc6MB{oc5%JD?uvwpudKd zhYue7n5Sm0Qq`|1P+_+uO1FzvW>u_uKBLHTy);SV3B}?uYT=JfB6tWI{aTG;d%n`9 zm3eKdFxkG_rkp`Bm)OizYV!I-50eC)vv5Ek$niDPDnqu2`uDQSXt6gkPn3)7bdV zjtU)^z^vi4huDfx!N+_%^MIk+B7oA;9XPv88Jch-Ia3Ue_G#2m43LmkRaPn zMNRFy-1-*a)g6yeHQ&5}rdKDsi>=DRWFq8aHn((4{)N+U2*x1-A1fCMdp8St>DppTGGW=XU3-Me?d)WfP7GdsyIpOvgDx`lgbihe(B*xexZ zS!VM-y+2jn(EN~twiv=?Zq^SZnnvP5x8!I}jn)Hw)>{FJAxfLri96VbTU8def4J<~ z_+Du_z@zXOi#7)UAqT+)XdNPG(3tmK>;Z3MDZi5k=aVN-OlcW!ut?yiqOlecuntMU zA|ef;R@4F(8xD^5&2gDSYw1i`4VTS4F07Vq8pQ$Pdio1IKcvV6xpPw55PmMdU}edQ zpZeD5Qwi@scHb()@cY!<&U6J-!N$^(*{?s8Xd3KJWNJ*!r)x&adnN17b$KcXA55R1K zK)zfXbmz4j(j9{H*}We9P<&!JB*CJ6?`@)r+GMR?faMaW(#XO+Bq{jj3$UWVFMfV> z_m8hWR{B<^gXFa%D;l(aySF?L@qb&yR?nY5-_r$S8DtE+2KdS4t2X%Z5ikF?1<~7o z{tX!fVc@@i=TKg@_wwUI9_(QJ^9nM+_UeCL6*-sBarwyvti6B#|Nqk)BwAsJ?Tieq Ux z_ufKpLF#kk_nr6mH#{>>W`Id%!hO!3J-gRldu_Ouh7#qi`?v7$@F-Q3VK4FUNT~7f z2vx{PfKMbMidTR?_|7ktp5vADF>U~Fh^*w)5(^6_&+bs$|4@yL{~Y_{)A)a*WMJ?M z9{>d7xpPJbbezo0veYH_%+qj|b_-3lF-~Z|`SPEtE3sF)Uo7}McV58P% zGYi*X<&`xxTxJ_;U;Ohgn&oQG#1RIAYyba!q~as2>}chg|KB&PuKiNDx3{ZjSA~CW zT>dV-_^nz<#htK)y!7vsm@RjEtDNGJ>gacvz9Dol5GL)iJw9{vMMOPzw{RoIy}{fI z!|1i1YukxjdH{u1wk`*D(aAeT@P7D3md~YV4;m??+~kd0wO3Qx<*K&I@Rh|iUtf+T zMKg0=@3UOfAwT!xm;IrJQK|oon?#HJ{F_@B5ot_*aE9y@L#Xv)vDu{ zbCHtIOfj~_T-9ifU}V>FiX#JL zcP3*acNKzGgi1ZtZ46h|S80*=>Zfg1uDV2l*LLT&?KSD;ETS3)Q;h6Mt-M=a-4#eAl1CWRLKnf@UbV?)^S)}L zmgCiU)>6U5tJ(?n+DK4-w8?``>y*p;5hiX-N6|~xT&WvK?6VlI&Lr~&?TS!anLfg` zvh4r~l^|u-!S44NzvFxFMPY+a;D>F~)CdQVAAe`&Qg&wY8`LzKg;M5SwhpW=s+$l+ z*OJ1@n?=vw5XP=ZlcOFM$bpY-1HHdr808=SM?4%qV(A3|p8Pk5+aLGa)+*P#gXKa^ zL%}mHIfz@Le(yHlu>+PqBxJZfMWirKu0Z{III+A#iJaj{3@Oy(4NEB*vakN$DTj%p z*=~nZMjnlX4>SJ!I?Ox(feq*0Sa)g{n<%&^zD9K&bSPZX+~$k#{~$iVpgva__q7_1N&e)?3i`#$B|dloVo=@m6#mJ(#6+N)G)vB*U=1IX9L|b&obhy z{P2dXrZT2(?DiC2B)nD8q`@RZIMW~o{m?vd*OX^uE_~NitvuF{GL&(xG4)O>*d+bN zn>mTSK@54!2T(8G*gp)eDWAW3eyY8O2{4-$k?uk4{BN>FSC+A0+dnb$mXdu+UsM5yf`(h;90zFt-6nZdr8h za2>{8`Cy0kZBbslqWXfrle+Wep6>=TM;`RA+K}~l6tzj~~bIq&-utCzsSlL)ge6FA9EB?%_LpGqF%Q_wh4GOmfPj-MWj zF>)azV?k1l<+nS_ThXEUgxZx-qupnJeFp7KZSMIf>=0uLx4+alG{|)E);R7--lv!L65pb}o8Eu~H_g4&TnP1v>6GlVd?$_MZ#aqb zOeXKB1q+_i_K8v^HAZD1bsI=QyP~#38}+C7)Cc*3EY|M?+6Q1nG@K0RZWGvLi1?89 zv7d;!xx4kryF3lwG~05XoWDqbSaT-*n*B+rii5bR@5zj5zP{v{HZMa5u@tYpVTHXqM?c9~x)pR(J@l(E2om?L=_>4k9^Ri`$xy z^NzWG{?>h)2yA#u8CuSE#vF^ewzY`oLz0nKH-HV&t=(?dmCq#+zU1wn(f}9cg&G zB`Kc|@s8N^u0r+w3x|>(%eCJ~v2m~ljP7m%=@7Rh$a8PRz?EREhi>43+<*%_Sqc%L z{Ze8kgEpSDC{DHoADK_x7~w(&gXvLcY?3vEc|0|DABM{H2}r)G9Gm+bY2{wcqTQPM zOA#FWD-%@wa%47FDg^VRqj_3@#S|B+I#dvcgKf_Llf zeAl0I(+OHKJAWc}-d{<+{=mXA#pz`=8_4{YM3v$isL1->aAcb|8s>hV{;AdImvxEg zrROfFrk@IOR)exKm@_I=1ROfXzDN!AlCDs`kCY{{Iwpq?F4Xooi)BTh?#%YU;3!_t zGT5Hh0^87*wut>RaYo@L%>epNzTd4}uCu&d<6o?kiJqs&tTmW4o7wdeQiSUz!fQsP6^{&^_zzcTHU#mXh$gWXzBSZoZJZ{TL@z(z{s4_Y(xe z$K}O|x^Hv7L__-9Y}#?@o%Du+)$D}nK_U2=%4yrC>=n^=&G=F_geB@F-*wl?*r79_ zYut$+_j{MC!d<}zL~6`DtVD=BQfBI?I+1I|$%3)B&YufRBizPGsx9=tJ)^FyTVteJ zD1_{2yS7|C5qS65dl^SdE>!Xk47Rz)O^I;w)G*@$ab&f1keSYf_`bviS-t#2rcwIb z%o~Mt4%>WB4Re*vh*e3TLcwc#-t7$4PmYvS?+9!?EV&yNjWP(xe8H~@gX^-Yun6Dn zf1RBT<#z-YMaJjS`_Sr12DShso9-D0bF5x(q-z`rJtk}G{<>yzM7MN~5;dtuD8D8@ zN%R%KYxF5rT~va>jZ9eP8_ZY+Q26I2)2d24jXat!*$DnfzOZo~vHPe?>ix{FPnm8+ zmt)C@7WH<%{zu@GjVb{1zYFuwIGHYX#n>8Ex__0JvDuzr=zpo>ULy-Yu$JZ4jGRut zDEujk(Iu0Q=xAr5STzA`R6c=RFi);iBlcbC#pROB)l%a2j6;&Y7~43wQAq6yiCo@` zLJz{NbIHgYb);m=QdY_+e<4Op6W8Mos(&_q|B0LRPR0gdImA<=XoM|^T+Va*bV* z@>9@{`Lu}Kk_zlIm{pqcOH&z%kVGWXg)%F9uzX43nU}U_(t+CY1SGI&41)(^BWsotRtVT12k#W7J_x?%y;{hH5S3l=FBV8W5Rn#TPTGn#>Q~Nnv=sZ7& z4O&E|!9xBj=sM5KuTzU(G-8l8dab@ok4B!IkLRUiv(kf~WFLy(w-+Ii%CuX8S^gK9 zcjECR&FPP!@r06AgJlbawhFE$z3K{vX9Lg~^l~djEB!C@;W-nP*_T^pd+?R)w?&*ZFu1`2eUyBcubob~L^evT?AD7U;*xF1^MqT! zJia98gTUa8TjTabd*ut3t!pyZf2%m8``?P!I(+I@n7>jqGu5$5gq+1&?6-cubH{*Ejrj+KhL@BiSftN# zzT!5FCUE{^R|9KHhhtn82;D_P-q0~WI1Wa6qJ5E8+`5DY6#+P94wyn908)`%#cZi8 zXf~8ifdp!F(O3Lp!2V$gVH;A=`kRSsW7HpY7`O5>GNt93sTq^k+%8us65Ii6;&ycDWHm+=^q86yiN~?q&9!EQ_vFxL!s(5uT2Ez zmqXC-wqd=*>f@;e<=Vv#!4fmud(2a}sD{;Dw$(?Kc!3@0K;Bs=i|q3+v- z)Ft1+-3}A~$6cf{i!Zck{X&KWIYW`X%n79CznmU`$#S@IkuD57!U%s8eH!ovCxyzL#_R%R z{?vyzr^xU9i$#g**;9T7HRdR}DEplO4(L$GY=^e*e99_xCO9|Z^J2gz%u6o(-;zc_ zyuB5J4n`szG+?)r(N=L;^)dp8D8C3IPA zSSkHTf$KaH>O@iOU&-a zm?ggg^FX)F4onEmx}aRfV3aAZ8aXb!$oO*8qWBPqAy&bfFnD5l@c-`Dg(;co*1_Bb zW{$Ce9cph1e6METiSPrDGnigs`tiwxRrV}ciBY={TvD?b(fSoA9mZQ_Z=MIg;x*uR z6GPt%zu6cB-~3*B?Hv@tqzk%puYR}5dw2KxYB!Qf`gDHw?^?FwgP^X64}a2Ue_ZU) zH!0uz17O8cyPo}K$t(al5bO@ie*)N(^>dc2=`cE9lYSwFKq z8biJ)$?P_6npp@9U-Fm_B&C`~8GsW>)duc#2M>^QWen7BRrHX&i0CQ=(N^+x6#jDy zJ1M?T>$?|yyGKobF^*KTcTv@VLj|P}xq^GLo;Ds0Rpqolw2)iURc9WkKMx?J8efIL zC+&aEc)d3AT$xWVitG;l&PEeG1$-nN9{fg+4OvXbar^JK%(jgt17Pc$mmx8elK=LY z-}mw5Sf6Ef@3jnPja`B4zrFLXz&3;lr0mE5Rx}L{4fw)p%E1?Fm|Q-yDJvRITnIj8 z6e8>_N|9t`_0B$@wzALu)=+c07)hFKq@ZKd#{aW%+g>6;7Fe;NnNNHA%$B9iP|j#K zSN2=KU?{(T%2q}U0b2(3PO|!T?ON6Y(>WcA*VQO%`G4m!iJyHo2;7{s#%Oz^^O-1d z#7^znNz-BGE=3a?^bg=$MAK0<@VVEqsRE_V3Jo;&8_x#+c7_8Pm^EzNPN|+Zi#8Prq6`_i+POL7osN$`M%PByERK5 z5JCKn)#sHzs1wZ1Ea(TwQye34?PEp-^#iJ;O39m z9Vke~&Rg+&WGy+wvLLIJEtEEm!xJ>ctHRF_WA5`+T5m$!+`A$~{m0$x_LIHq8%Am< zp=!3XfR0{~@%l^x9phh|e%OOOrNWvtdpwhPitgJl*p6rH(23$#@#3=TQ2oLlBl>F} zqQDt4r}mBwbQk{*Cs9ff2f+ndXRup3lpIVR{zaKck(gl0)J*Hf?)koDjo9DDG-R57 z2MMqIC1^*;ewfn8!TH70B~6r}L2XA6W|4JJD{+%NZ(vpkSah5lio~3C2IBb&j7xFn z7?b9toBg#k@ts_jn>lZOL@-C~e~RwGBH~H4P5Er@${p$}N?^O@q33uDL+ftCY)AFCsWn%UPK%_e0nX{$SbK%>?ets++i|}5cB|A9bFhK0hcMHJ zF1AMO+ck0QmY>~@@5uz$ais{2U(HEf*QpD)XF#yLW4o#OodlRQCrOO>X2Ah{Akwo^ zd-oJU&y}ND`geUpg8=IFjrzQgqdV9m_Jpjg(`&qWDMq5Cfo0NKMg%B-_Of&-hRKsH z%NmU|i<@VgR}cFAPAbPH^E&n~&Fi zvTxmAP0{w`{l4&_gWl@X(z79j0*;);@U^G7{ODCsi^{yGnk(zvf?sc?*RYghk%{qV z0RkM+<4B;k`uXP~TAjVbo1lH1?~sGWBln*@6a@xryXLXOQxP>k9YX8An|4}1UXbqf z`wi#$OGXL7qRU^LJa7gk!qF7kc(R1emi!I67dvH_~TZl*Kvse8&%63Q|ar+0<&&PWz z3%2O*C6Fed9#9Wh?)-F>IMiU?D`rFWz|;8YIjMn~CyqBq{&}T5xCy`iiH}oK?knE? z1~2+Mx?Kqr7A^yFq?i#uumOqQ)QLEr=uMRWdP%t^-tPaZ*YLR^)A#=Pk5 zGtC6aaqIQ}PWuY%$%UQOD(qwJi^h7qe_U_AZuUxt$uTDI7YcpM$q8u`F&E z>BDQDdA0Z8f(S-=$fHy~{*tZ#c#24Hb?yyIOe+%;6tIwAEwLPdq4iy(gKh_S`{`M) ztr&pa@bP%I@J3BHf6aBUGU_Je#!Q5b1Aro-Qf;gp$s@xTW#qf7h{9t|9A5SONG&%a z_bxYJeONZgbQ(->Bo7O%j3335ITOF#tscC!@?)tYe&TIN)_6Mkr!n|;)E_rGyKF&E zUWeTi9%OcTs(HMP5>{{oJL4!I)xqs7kELC9}PKzMVHVE-)v@@R5t#YKI!uA5Vlxm=6s!uT)N` zwGTxQ?lSOkdr0xjQ%>;z;iMM6bprV0crRZ!!ESluzR{L32kqxuf%YtJy>wEZcmQPZ zu0~Ki2aQeX}p7+EZ^g2iX6Ae zp6?qj;Mk#&==|;)#)cO+KTm z1!Sj8ZDDEXT#9z(Ao3S(UQ3xp$UZUbVcIxPIcxMMQ36P^YQXxS|Y@SnS|LpA1-Oz5_f^_VC_yB zb0B87{1sjK^vVlY(Dxr>jY*to^`&Ef1~xIi9SQGA1s z_&92UFsk+k72`h=B?BxE;=Iv%e<+lHsLxzA5G>hOXdjrQEktha_G2NblH-y$7wb(8 zX#x?eQP306Vc6)e_k;5f0F#uhzp%lBqv*bzeirmwyCQ9G!7SP&*W1mF=#YZW-(!j*zq4t@TT z7Z*s#CPxLfs+8VMXqQ~~BrDYrC>gq~IjL)6!@kp|xd5kB|NlEB{--+Mz+($d;KWmP zd)EpR$mt`=^R)iMRVPIN8EnooKxudyg=E|1IH(}ZrX$|sqjIa!1RY0ambI1vlDCcI ziH4*r@5in8;6+NoCNA^OQv&O)p;?Jg@+^ zKN`M?8{k0S8<|T#f`E_K#Av7F;%w3`jT4vg&zZ*_mrh+sfgAGPmGH&92I@~J|I_2L z1v2A6_)&p(Z^J_EFSoJo7$yMr+OM1Xen8n9ytfTt@%^NdAexehXtW+~b)@04%JN*T zYuW!V*=TagwzP57A!NG77HAah)j1@a99hYnPaIsWBpWx48XZcwz6=cT@(IJmO6=5B z*%vg6Y)Wjsup_)L;;HpB9P(uYpj(-JyzYux93$xIoE)olxgcrT7WQiCk`T9xK$w<~ zUUt7q0_pLI$XKf@ZMKC<;?uz34!(JPR*FcK4wGfZcHDZ^m>Nw~ygASB&#k-oT&#Z7 zlI~pJ;%HFqAp!7Nqan+>Q2*@yvoLm6@7ZhevxA3HM*~mS0@>k1rum8k`Xa4E-#kF8IPGt+Qn7o?#!*}M>#(k?qsKVh|$1fvzx8MsFW_1dD|j< z!@D-ojVNzCTyk~xtIAM~z|&2{T-}aqsiF9FCZdBr_yLSVe{)%`7ZHFMt_oKq7Zjna zSE~ou=y`@_qCBD7Mue^F;vUA4E0qD-?;Z^d-w-@BaSkPsvO-gFzF|2hODxx?2VU`b zcLVpuP5D$AleJq<3gEIBd*m(rw&05HAOCz&`_M-tO)@}S1=U>`T+|2dyBots(k_Tg zKJ}#mb;T2*T_!A&Dc^unWscu66FphwBQHeuh6*Q;PCwqP))G*DLn`1Y^%RJ^9&WMb zkMj_rYxGvs#q?ntBiRie-GKr(cxev(zKfucQD1<>c=Be3u5m1VxV0A%RMq;UJJ{0EO`Nza7ELhfBfLp3 z*>@7l;POCUvN%j^N=X893om3&pqux39wbRJfQMDG&kMVvlxd#Dg)XEtyAJbhTFdgL zdSjq@ctQPY%j)p0{W8n&-EX;PDHbO6V?9=Wn1USXDP-vORDtTknFPm^3hbjhiR5yJ z;}m(GnPn{F{ZMERN&j`3NJDbCUC$6F^{)Viue~}jICGot`%WfzHCkfzi5@vRVv2RL zX^;!=w+9toK%$tx8lX_Klq$xWtQNFt#(CB8CtMrRQpALR8RbYjEEhIz;2X-{a4OO5EFRpGF;Xe|L= zX2Hkg!iB|=aIfz?Dthvt*^?|-($}I7r|goiD{V7&g<~1+yJ1GhY%?=*d}GMh(zkm? zMfzOr7G+_2DDgm9C2nwS#D8kc!@8s=A$L#;#A`|3BW^$qEsX!?VdJK5>3yG9@Ftj6 z0A4b(m=l1L74r^sFh;J^tnySKE(&rF%oYO;W*Ht?Y2Y|$T^=YKJrm%m1(!)-;6Q7u zD_WJgMGy$8Jya5krVJlNR~e4azLNSkKFJF@S>mKl>xtfMpS$=zeBae~WQ;;3hZFOj zD}x{*6!AqG|`2=v%*xTH%G3nB{1HeEPTwTRY~x9R#8ypYrW|h z;xKK&$C?Y-#Z7~&7tZ?mzoq^{j_89?3S68$^%EF}Bud!=qcgu?9Z z>q+rOt?pyuAqgDRY2kTW5T_@@J$spFX^csDg<)xC_345*iR+#Jf zXEEg|tA%k=riiSKb>KyPMnSok`p1m%j+bDrj1Eok7ZjW$cfPMqYK4C2PL^M z5f`hwrtzj^>3}`o$WgHX)uS3mOzrE)u6W?wxx(-%!3Hi)B7+D@PR*?RyZ;bkk zMnav4c$$?`fl557By9&hkRl`{6fsMc1{V1HK*Gm_C?0y1$iyx@_TU_yThJdBjI}?M z9IIwa`(kD5%!GL#cjl##{;iGvi%NnFVAAK~$_6hD@*{aH4p@H+W**AIk^-IP*ZGox z%0tqdB?2x;OD65Cpce@Ms(=L^df@8wsUMgO`ORw4uaJLCFFw+}GbBx^=7kBt@<14y0#AB>dCl$9kCEq)HV z>2_SiTe3>sR*kK^1deJ|>dvqHZbEB4>zq2A=cS)pR9bf!hI?uiu#DuIa-3C<$W-BD zvQ2Eo?3ktZgm6b(5?fYf0>90H2@Q~Qx65ZRZkY@!Fumx1<>yt0KqSX6IZ`H_i=&>W z^>$?;$~gVs%lIq#ral@kgC0REM&@B3N+%uaw}(RHUX^-{6nOzCuAgL%&VXV)+yDpp z?;cfX6_V%Kp&B#jEmQK%d7dmgXe`(3qUr1fHQRVnIXwf^1>OTd`*I6XZs#N2EyPQn zz)5YQ4-HTa-tx6(ZdT?I^nZ;GJ^4oa2wn13TX1Y{T63~kCOc%+Rm~86LM`TlLKfee z#{ODcFd9D^(UdyYk$9=XWdJO+EyMt0Ljuwg%LVXX)TKLE9 z%AgitvQTU-uj|I~tF*rdm*gE>0Ii%&UBC%n;#%*gF;kp@9_u(qe%3o7FrKSAeP#%|N*X{in_>`zijQg??4pCA#NX za|2^CARKhVGXI8DgaKs(EOaBe`C?_Zs?>M;;1aNI`YA@X!e$l;t}AJ7oeK@e`JVtIyWbiGtSr@q1*~XS8n_JzSPZr$%O~NDU5zZkN+1{qdH(&Wwh5 z5+%$s%#@XX)3;+8QcAK%tjC?iUC$f(tY@jy1-)x%)mV}(=Y1=i`hgN*fHCOXM1r)0 z;zIpLMdC35Q4+?b_0|k2bJ6T$@eUPc*-Tk8CX6RJfAbez)_sb`139Z#FFPEh%4h6;`{b-kg(?GunP(bK4GF z^1WuZdd}}0b(a+Fa`ksj;;5`x@I|I%z-jKG)j>-<1sR6Bls?bUahjMN91*~_JAYP0p` zH|VWP%Q6>s2|;U;l`vw&lrpm*?cIjeMnpmI;rQKji^^`otvWB`wBIq{{)kog4oZTG zx0j9Doh3#N)7Ux|QIJ)+_Fbhq02L z%AMi<)3O`rEiopHgK`(wQ2k{Z8Pk7tAzVxKm#SGQ424pe7lVvJaPv&=(|pI>og+Z^ z#biy!z#vK56K^4EFL;e)Kxi{Sc=D##bI;gkfBsL=yj&g73i|$}Qk%7ws!r)HTCw$j z?4`LV%`{6@%=oIl+azGFbD${!U=UH5sHJ*X$lMdDem%_i(qyEODWoMekT0fBVz)sq z654}5CQZdC_laR=Dnim)SPi7!B9Q{6cFfpA48e)R-3c{Rb>jP&#Yv1ULoD)N=K$- zy@8Nc_O2=UgOb6svu{FuVucBmOMYS7c2`f$QvOQ=k~2+5Z4CZY6aBR7Db$9+?|K@y z-&pIvw`Hv{Z4^1jF~&Ovo#V@8Rrk0W85{UVYb9h~EDzty)`?VA++G0IUPUJN_H z+eEPNHR#ofI43mXX6v_bqWA~md(yvciU|9(*~(A}ul?8dWBo6>wp+5-M zZal{!dyHPao|ACuN9}hX$CTY6ih)W%r}_@?LRsh2&jV%VpSEQ(!$WmH@A25^eFsEC zx;(>ci58tz6Jgsu52t>3_Q@|53*2t1EJc@m+)86g^08rFQh}_AQ*A~>4~Xh2KqdiA**IOeMLcN>29FTMfR7)c z9XeYG3OrH?S^}#vA7?5n@3F?X+6lU7Gv!O~)GUoQWw%xoUtjL}Uk`T^RbhRZ>laSIU2HZWxuWkmrm&JRUMUWh_&7u(A`vaz9#u zu(8$o-O(3Y(T^U*FV|e6cp>!IDS#X@+6RgmsIl0JBs;%zUYS}L3|iBIr?L*JZaBC} z(eeOIK^B7`+M^>IlIQPD=PMa;WIG5^pB^7akO2o^cs$XKV{ve^vpD`f!`e>`*4nEK z+~#$s3iCW^h-QFwf-8vEN(y5lc%LqWa`VJ9lh0uwv9QQXtWDTl05tt83ocPx{?*VX^FjBnC1O2WRPT$BNW{N&D2$z-%1qNo{b+^$>+7FWJZ z?f3aYR9+b%ROTmrzT@6p|82Qdq-j68%D!i`3dpBa)mA|B2^~+$Lz^uWtLeK{Vc*px z@;==Wf14V@#%IZVKoCq+xQc5V zSm~3k3Lql^_mr%dnwjwzl8~=!=koRr7Pa%QQ@Pj3J2qdQ7-H2!1xFQxL+4a4)1h(v zw#rx0su1CiOaV*A%_2MlujWL?lP#TmKJDETt`PZWbCrR_%L4l>gkT}R*~`hBl1`j} zQbG~G@lSgAXGEKuBT@B-lXoH6q7)_ls|Rlx@~p372J-#ryFaOv5?9*}JMkPJM{t_P zVM*8YY`Gt5N|LT-G6P89%E2nylHB#;~B)pRFWJTQGQs zf$3gJ=BkjeMo^xLu;eSwtwlu1#Hyd#ulzASI5`J^2NgbgQ}>f{qbfK!yT$yhCc}CN z*FJeaJMr_?Tou#o%&%S*OwqY#(B!Jg;aH2hN& zeJ4qR?Yz+uikC{IXO?E{NlTZANqeAMQ(QFBS8%ci#0x;-Oc%8526j^su4r+Rj#(V(4=~u)f4I`;+SQyO12a$BMVe<9Y*9^fWSf zdfNCp854{;myjW?8WP(&8MQ_4w%^<00zmlONv#{+Xogv>ok$97$H7?r?6Ft#K11_h zJs@Og!r(Y{Gd&90cQd>_4bwQgIEF|>CsDHUhMD;tRGmqSxVP6$zoaQV-Z^qjWy6HNRNbYioc1U~PY!}j?)mcsZ-Obh&Y*y;VuCWFBCP$4o#T|H zcY>V=c2#0araMGb^DRSz$aa-V{dg>*Ir>(Ww$r=Ob3Tm+hKCJfW4rlfSF2S4r_CF$ zqCYno4RWY?GmXv3kr-JR%)9pq1kN#@7~50FE6>yO_ch8^)9vt0FV!lIu2E=PwEWGl z6FU^CR=wc?Ol)tCM1y(QX~}w43uK@oo&Fy}`mrK$hlrW}fywxJ9C3+lDDk)SoHNjo01U6dS)`+RA0Vw%@RI@KZ;WV+pX z&Qp)tJdV1x*Lfw9fX^74GL`F4lxhcA(}$nWO75sH9=`eWR^Tus#~9)WA!0022()jF zi!$%|>v*5i9@%ZBkVNd|Z8?T`b-q=p=?L(RTY%8T&9*uBlnLWKZQwVBaw*Wonc2(h zG2aL{c$mk7PB+K@tIGUcW-=Zextve}Wi*Z#ayiW<$d@KXYIwUyE?$(Wt=je)lCt>R zj3NO?%2NHXBZgydoZ{r*`nJ(t&}^zzmVuX$rAWT%n~Czx@5<0BlcFiLfuKJ9G)#WWHY!~5eA$|BJF!3h6^Yt%ZpP2eYU5^^ry;(tOy z>j7+Lh@4b5nQjp$c#?1~O+yIHS*^(EFV4Ju)9s8cxBf5$H@K@O?g^qdbKp%lGFo0W z#__|I^Axrp)eP2LqLDe$=QP7oIFXlh1${x|<-X<2qv^!GQ>x6vt-jUlUKi9anAIwb z#vhu#;v!26k3Z9IvpV)fv0xS zkVQ$T9yDs)cVbyKczok!73=e)qfD9`cuP)-34z8ehxPLef?>#8e0K(^B(}6dMZWt+ zSfCE+eixQibO%EUk?8}HVNxkVV6`mH)7c9RjysCL>=r2V`?K3-opqbCSNZsdK%0~l zlwJAce5c-V@=8%9z|`)jQ5m#nkf|IXZmRX{UR0&}1Yh55QMYvLF||Z!Bt=5aM+9Fi z2eTAZG_07#RMcSvrUva%%#_WUoUa>e+?jL?Q_a-%lfKdXbZri)LFd^u_`&|Ka}q!! z?Jm{q+5;J%#6x2Hd0{$qpnlu4Up<_mJQbhc=zUC7V|JolTScqeOmNC&g_04)(gu_g zVhupqI3?mg*pyAr^jj0sw!ejG12$?F{N%*WcB8&RGVT{&!F zZ(!QNK!!{Drt8=m&?smvt4<=0k(!DLEZ3!mkD`~=iti0NdwtDxQ>FZ9(AAv;PZhg7 z`ZKml|Jgk$k>sDXZ}GlVAZq&-|FzO^jCC~7S948zQHnx<5q)lH)+7*f7XdE3l|uUD zFfiHROrk=y7=FN7(Htc+M!YG@YxZ(I@>!F|-iGdgp;u|+$s5Bj^wu$WhoVx0VZ=3I z#O3U9{x^c|^nky`0Ig{rUuDeoa@;cXi2UKR$o@^Z(u@OLuYJi+s$LNpTV^guwR*C# z-`~lsyB3)&$ww@J)tppTJRJ(N8S9| z8-62U?BbSdc+jz7yrNM|)CRudW5Oy@0s<@-l$oMnOarMv;hLc6la%YUz~y*QJ(h9xu1Sqol(=@31InJq>Euy{nhRK zsiJ!7i~1iomkEY-sWF=&XZ4s};=JncOY3T}ts2riX%^j$vUM$TQ0Q--D1phZ_sDTH zqk-#Etpkr!19@#HoaK`4X58|ViR2%wy$LwVQ=lp2LghYNvb~4Kg|Ux@+50x`lR5uu zvrg*th8jBZ1ZA2%rWka?#j0myn_RLPYKT(rsi&+{Q2OiFg;Z$+@|pX~4(|0+-|JIp zk0b%9%@Ch&>2sL@8#bTi^wU+J7CBH{4@Do+~56(^jQ+KAWR^ z_D$bNWoQ4ZX6-N#>|R)P?k zf2H;%{z-fdT-SMN<=v{KuJM_i&DL{3BL^rDYYvM_U|o4*b#kAyHTYe?ii{&F5SZ!s#{&L&-@^O+XcK0BdhQ-o4(e0& ze_B`Hd|!wTh-(sU|&V!36R1z-oT~e4iB7hpOZS4894>$ zOQVtVKKCX8(L-oax9S6GGUgA?%b^dUGprN>QDvqeA1l#koCbYfCUH*FreREU6|aGj zh>Bj=%WRHJdB^{G@2|K{qNPqI0_!*bGE_Jo>^~n41}Iy=9!g;DWz|iwu9J!afB%s`U5gn+20v@ro=e_LS>G(ka z9r&+1Bgh4<)SBtRztLvqo9}q zGP&>bB_sV7TdCuXy4XM{#qin1pWgmgJ$Yyy3}Lg>2aJ zKYg*l;~{(CDz#8&FbIik-HZhXyDPwT!%aBMVV2Za7JphvS+?3LDu(8D+C|GyFjn$) z0bsNhn8&*--VR$dNffVkRp6jVQ5xYU1cVE<%lN!-auGYu=XX&fAG3N*bDo^FbuRs8 z8_Rz@Z_=)%$d)zN;J6YEL@M12oc}d$J`u?SJv2G@qbGg#=*xkG6~%Ect3Ib`gD8H23)t(FS4l$c$R5iLcpU*VL`fiyw0&JdhBamGTNzkzBfSW<=|03w7?i#x37B0NjwaP#!?grg{ zy8g~>!XjAUA#|xMzMD|=Xh4390K^G`>Cyg{`x|}J6<3Q6wipDiv7M&vhU5i_Q_G_J zyGYZRf~Q`uoyXaDq9s(G!L)HHASJ$B3uBe zWDYK_`MiGiY5msFlrL_k$2fG)=M>H2mk0ro9cZdl((;81vRZ#Q8dOSd zGm-4Ho!O6Z-@2J;|L?5pHxb~%Ze)x8i?rDf`9_;CyT$2idw^I`?DP;KtcJST=x0GBTZjbm4~c_rr$hj0LgrhlL|0cdi8)A7pS2VQi_TfvKo|Qg7BF%9;~;egW~~k9#s3WoAPrSXeyXb*d=yU1GiM zNIR)aWoA5DRJ{X&V&kgSCiDFCNU?WIL8y-p8|Eo50JF?+&O z69V1`3K(4-&@4X#X6osVuCv;)t#itZ8A4D`Eo{|#RcWJYgNQQsfN(bv_njEA)pdUN z`8iy6?2Tf%$Cl=vTASJsIw!N3A5B9to(KRs|J4i%EX>cZ)X zN8$RMy6sF(mUSo~uIr5=bRBG{^R7Nie%jR#0w!+^ zRoj+#w?LI>AiG)kWGSiVmO6&37Vp_vVr>EilaTPl^D&iT3;sa$Bg*20o0+N^-*U!% zQ*5n~%?Sdo z)pbk5z#}w3ssTN9&%nZBM=}d0SU>X5Q>mtuSzk~B$=sMf%_HueUzuJYs?zr-)T*f! z%xs6XD}1t7Bql7c$?f>W3i#q!vHypP6V#W5dg#lIv~JQ3%4(Oifeo%2bF#H$Oua!~ z6^w>k!q@<-?B-jY#0RlK{j^BBT0{gpM`|f$G-uGVss@vX&a6+nXKeF@t_yh<#Q|6K zn`gi&nJ0BV-sLu^682VC*F$98>|&FJ#ztV``PkXNz<7=2=RYIG+keM5H=~VN>~#bi zh)?80*x<)<>5-qrg;~M#Uxal$NV{sHU;F$Y^FZhic`@^g%m0L5d)?}fP16rZSf;_f zW+)jaNF%`*Tlj~n4=rr$fAWDV6Cq0-S|kpxHrl5mBl(GDPl?G2L(^g=mijRzdk9

ww^S4p zxvASiCzGsnQZz;44)|=~@nYl2zF^{`M#3C6a;u76H!DI+k5A)h#8BTtEA?XA^;!lR zw$J^i`uC^}Aw&HtQ|qN&{^BuDQVLXDbk#y#|5WR~bu{kuM13`YWM5y(Db0WOMv`~j zSlweL*`u5JVL77BHy^L3!PrmHWl}Mwpw;t$qj@vw%VC~7VvYJ{*dFosmkYiZe4$9HX=QUYiMY9* zfZXn9-&8jCfb>;;E`v64zH2olj%tj=k##Yfp3B4h>l;YP+XUCgf4?g|kG&$#1YiH! z3opoh@ok2RJy=A0>T2YwXzCTPOsGLNj5F&`hrbMguWGbY^4)>nCmWCkHXodMjTcCr zI07|F?TfHo^w}Kx=qci#d)RQ~Vt@Lsq8t83pD7wG^E~MEt z%3(+LQ~Y`E8ja9x*-N0MlaIeA=>Az8fB$PL7b&9gX+6y~DEh~w?h*Bb#vgy1w2FWl zN)__)lhqRcz=1BkjlM@HLje%_!D2Oz>oa6g`8k(t}*iBtL zVG=d98(I?j2dNE}p0!no9w}H8gwWgaTUtf=|Kz2!MLVylPDu_wC+}&Ij6#%%iyt4} zg#41eUV?}rI*915iw zQhGB+MPJVUEq1>Cj)R}JBJ~hk`~$O{Clq0?$x?rn(d2tm(Xb=;#0xWsv42Z5I)0ru zy30>qN8cknl5|jvo5!``Uc_~X@b4wg+Z65R%nK#7)PeW9EVX_uXdbU_(dmT8oV4^s z;5=m`yhkO^u!T=I-}|(t@@(G!xbI>N*uGRMv+00bd+P@*Fjny~kyZ!n`&(xK)+f*e z+Wk0cY8^ouCjTK!IG;`YKhB0bs_?_Vee0*d6Fvn6hn1R@YrX?OyJ-hLB+|9OhApNINO zSU1wT-P?o$Vs&A_sFgfJnEcYFh+lQnrqZnW;u*ET8C?}>&y1uyfYZpi7(d#O3f!n_{VsVM=lHe@ve7xd|`ZZpMNpHKNFs za*1DG%cn3dD3xl?CWxeY2-LE3M>Ws3&sLmCo>)No3c~__+_ODVo*RiK$pd#8Z|)01 z7+}mzCcK$B>pn6eaAWJbNGS$D5BNM^#(z{f?|(Mw|8Wlcnh`{rUu1ciW+Cjk62`KmWUJ>_z_^d8&JSLA;BBw%REGX@tOTPa8=e6 z7)deW`AJLv%h$OMo-#IG+UyQ~X8czdqVwjOD<*b;wCHN)LEV$o#U7fnEO~cRUjX4$ zi)#Za*B5eXX;`FJhM8kEZuHQHoVtQ>Ea%dVNmj6g;pyN zDHuvv(2Ne>d6A_pIMPN5mCad@QDiK6>kLaiLxoK>_bMg_n`a=py{1}L6~mqZ@yYAj zB(B3PT5K(+yR_DZYxT$Ku!g%_%d-ey;t0zK z8FUY2{YTCiHWE%i*=p`mn!9il8g|}3Y#B`~<`QEv;v^5TaRwLxB$ARmK?oTnm5`W7 zx(B#}s6sL?e#mQe_Tw7n?-(8Fi5&;1t6Pp6aKoDM!(4(rm3O_LW2}d>+G9th;!bpH zA!0vB0KUvA)dk!Z%c5EdO@}@=dlbKzIGPxkXmzp-{M2g@+M;<~Q2T~tw=>BInx(=5 z!WQqwi68O<5t$>3DR^whrug*tk{NMa>&(W)mbjasWsUWs@5|h+8NzCVp6Pih%J|hyA?w7m?A=5g2snuOG)Cn%i1vJ z&1LH7BjX$T1Q_cy3(Y2L$Pc}rt?H|Hr$1rG|1Mql0z5L`IU=I$(p)7TUaNjESRF4} z1)=j%#r>TJ<_E`$S@wcD9ZwgxGPOI%uJ&&!!vYS18lDAI#dxK!X_TW79e8l<1tS`a zqGeyN=-dHbGxF3dP~V$+_E7@dId8QS8A~bpki7Fb6I!AQvB^sv!{fsx4AaXezCsZ* zj)B2i19)KR@{&RW8m7z;^LPi^y8+a+vRq=ef%>}<`Ma~PbO=Cf5y88cn(l(IISQQr zkQg$;&-na)aW~Ui%#9a+PON8>(fNr#gkARqqpb}>GrW}deV%)?QoU+KQ@y}usiPXjbzX8sa49+B72-{K$-NT?&_J0jmk1ZF*6ZnHCmk3VF8m4IuiowPLAaqHli}SO zM!IPB!JRxwBY~hrz=}vgAstMZ?IcOUG}H!jgMFUz--0YAM?1{gSyo8b#iF8PcA}_9A>r?{s67K z6w;wTi089?nt{RW76^JfidXMlVjx+lo@_HY<2(2H!sUpvs&UVU`&u|bCwo1{EDIHU z;k!&>M!b7VOB?~|$-`5)@m*}^nmfvvMGnT*CQzI$=n_ISAR10y5Bq$nu;19!vYa&7 zmeDV___x8iU~PKXz{Zv?ZqtKGi3&Gq`II>Eq%*hiqLcmw_H24RN``vu(&;?|mv1cp z_Tld;oVeSYyDf$D>u$!qG2K`PYUEzGX?F>?br)^7k}>z?kO)jc5kE8)8Uq7CSr1c5 zUpwws;FvX@x;4myG4Q{yd&3VINhTnkV6t8yh-QUbayQKABj9%!>Exi=B~IwYu0D^&Z*2hqqe7uW~nXP82l= z53nYA_lmwt@H|$t`@}J9TSTw!ziB#PCf(Jbt`|JNA0BAW^HOx$<7EHD$uTo6`|1^LioAPCwYqnar2ZL+au;`_Fr z|DAY)6(=5&A)f!&Q};;PaJDMJ%@Z(mGDj$DGw6AxF1{5_XtfSG+s`X@f}9H)i&{+D z^ytt6BhLlxyU0Y3kcTeOaWR1AUXr63^EN`r{^Vo-*s?GDk;QnUUvK<_b5rklvz2;j zAxti^HCMPpxz5?r?1ojSQlV2;ro~jlvOt1D0jC=kI4AaO8(c(l8nF$3sSSOZFt9(D zhnsE3VhR@R+SYfgiEa5?!d0BjPp35@YPPy@S_bshs`s_bFa>pkI$7PhpBG= z_!}R9`Y5qKmVLp}L-|-q-|`DflN;zmC;)2FR(S|b`m_r03QZiuqha8yp|4!DbLFIp z_fp+dAfGGx7&J^KA?Ki}v}IX)Y8ZbxetJVUhFA@Sr4*rz0N&FjL~g}L1?RnFx3@?$ zmHi(gHC1NoYJAXdyxgJN;iu!pS6)zG0?;10u59sHg^oUNBo;kGAogXD^W#!tU)=ca zVqjhkeh#oe;!Bvh{w?~QV%WK_YxhuLieZ7|47vA==O?0PU4`r0_d%iV>vU^3Gn*3M zSiaIR1?W(A9E|c;1|LTubo`&jE0oXVlc)ZXcd4t$C#iCK8;v*WRATT!a1_s9@j8na zG#nBfQSZvww_EOwIN^C<%uX4n+n9loYR%QF_r;i&5Hn&rdwmFEpJ;v>RuAd&I!*^E z@#D#S$l41OI7pu+dQG+?B%Bq(K^#_ptlde4%1gg~)MO0jh{wB*L*%co(2=!rVjHe3augqOvIZsq$Wg8-h2~XVh4CK z6gZj-?Y)=U+EAq+2z3IT`-7W(&TGNFZA0=7o$w1#|HGY{HWNY%cPd+BoS+6h)CEU#YTOmBw7DF*FNoxDAf#NWO4avh1nR)+ zp=-s6$gk*oIO@hAVTo>qvdG@l?7?&)j^Igln41L5_k4mL(z`_duor00z6qtVDTVm0 zUF|s%pNmh|`1`DGs`xagf^)Voj;g~ANo!8fit~?R-Q6FzkZm)$8wPgl%GCKK`rtm(cb| zkf`ej6j=$QliDMzjfSj!90%+$HNv^B3?lJQI)^)lgI&;Q&uRV`99YNJpT5+FLsM?x z-f)`L68=CVp5ASTW)*-$tTOZpMEtfAb+wdYIz0O0emuOgr;ci*C=qR6l#kh5yweZ{dH!oG}tNa-UMRNkbCojiy zEuR>cksA6>nBD!%tM)cz zjW%-bmzHu~4pn`PrvO0(2Y3N~vS}dp#Szw%!)Jy1G}nBx7EWo=WSK(mU`9S#@6Eb-2fBXO7efI&sL+lG1U zsHrU9Ps7(Y>0TyN_iz1-^1YbhsvSR>+80gzHH|h4nhCaubN%Jq9TuMFBx&|DXi(0G zTLj|zPd-i*di zu$wjvY^yKx&W7pT<^B_-U^4Lt%OQnV0E))c4&J{@Q*7jCgrtcASnkG+%)B{R4ql^E?u58~?OzVZj$ z!vamdU)A83fu&~y_%(nn+S#HicgVh^nbr`Nep}sui?*{jxm~eSDQQ8W$}g|!`J7E{ zSpKFq;g-~F?mNSy%=r&>tXq%S`>FITwT6UV-TQE8^1L-|E_qu?n!U$sx(pQXRr$x} zUIrPTAsYP4A4K3q3&wP3OT`QdLBP{wJQS}0I`$8Uy_8dexa$s9?j}DwO+iUaX^_sp z7+m*@(2Dsw2Nh0S%-mIEn9N=mWHT?N&T4VtgPof$W;kZO&RKG=LGU`Xgd&KRo0G;a zBry|blZs0x^4v8L`;7uuQhCndLCGdy{LsxPCPYI28Ua*y6FWf9l&ft&S z4J!2FcV8yL^S!jJ)Gl4Mi^%N$?&w6{bGAwVG&7Qek#1)@%cCyF^_oGW4qsim_R~s! z)Ay4q9J;ly8Zg>!??MLaytmwwne+Jw2AoRQx;)%w8xURp9;u#YTDCteD@)WVUx`o3 zV(i6`3!lz-i>mPIje>1pOs{U^92%u{ydcz1;zGx=i++Ef^YfqmzN%R3P*dUKOqgk< z*Id^r4}DppFhS?Pow5=#G*ZS#j$XK0iqpbA-kzXFI87x*ucB}76{hKTQnlg)$o1;D z;Ecr-=*))68Jg(;!iLWfif=$qz!!1<8mF8@7r)Pz{4D6twAe1Dts3mI^Er*^DaL&2 zSi}3T9BD5eyjY{|#=gA)B}<6GyB1;1+7?2gw5|d2@!p9I zwc_me5;cS*p-e|0@kyOg@8g~_}}!6)C$P`ct(f1+#E zcI`*oCK+>wb6=gNL%^P#NpI_L^7W}E&sQ)%MAFx{zn~+_6XZyGAcC?rUZ`VohQt(=mRQ#pVnbX7Z8<$OJX@=LgBiP>>-MudNQm&tNRr>x7-@D>;o8;I1 zQD!ju&8bAw*xMA3NGPRL8#qWgX56t6-310!EzfF!$=stkpks*CGhf75Zs>GIb<+~a zz^D5KAI(diQD#E1_Q>^O-OpsT&JN{2u(xq$bLF}E(Uay4H3e?3;S|H$R0A#JOSWr^ z7qq%ICJQ%#f>afCbjQ=pCtm72sumU_h0560*o)&xM)#?+-+dNn_NvdsudwcWGwG|B z+D3iilXKbh3Q<&|@x1Q0?y(j)FnOhSQ>8l}9$%ci^x)ICMP`5dnGEYkldUhE+z*$k z#8btnqqFP|03Gg2i_y6*{@B1PJgi9i5Wi*D_N=Iqi`2Bm`xaGl!RG!MMjD$|IgAnj$y8p_1;6pu&x=_@h!zoYK|CZSlvL9fCA&1|_h$6GdC3+Klm^gCBH)wX}D z)u3c^>c?X5n@70s|B7%&HW}*%_|-fAqvv8$Dat-x*gyuHXBYus!odri<6#p;>85^w zLzRK(Chm@TXq%*KEwpN#D794c>vjE)0HrD23h5jHh4Wn@TvysL^_^5xdg$77qI&U zqOQvR+i1)iPQlAL=XUu^wM||5>xhK0Ce?HZ2@FZxf-DP%o~&$he{rU(q8_6`_#M zgyNRc4Su+n_vTfwc@Ire0zELo7LC>srYX*LQ6E^)OW!ASu2rA4$zSzb!tI?r2B3b{ z-dw1Scf$$L^kl}FYZX1%EkfuPv5oXqT(To_X?W@SBk-QxH99f2Cd0cv1u0CjEh9f^ z*f*{MAX_T_t8y(Chx{JGK$=m}$5q0>UoJF4AKQ@joA-{A&v$bxj=nK8)x&_Gbb#?Ts7d~3fdy$$RxBU zUJ!YiyoETcoi~5@DBG=I?7P;?`?MeS^i^p9m3r-9kQ5@Lkx(_SSKy!8a%XPy)|Qw| zb(--!YC^{UPuQkSk@Zin4UNx3QU6kKrVc)6c0m&z2bn20I#~_wVtluFZqiVL`ybCm z_A^GAwUI;J49lk(YE?n}GO4}!z zd>W*Oy*@wC{fPT+fDSfRfao$xAZ)>!Z>-4^8xpksxwcZ8N6+<&RsT{+nlI8u39=A+ z7;oi>SP4JLej6tz4S8I?fIjQ>CmLd(MXo(FHBu&7pQH^Zp!(Q!TiSYL9$G~vz#M+E z8NPUcs=dKql2;V|=;gnQ&Ka9@HPoafj6%Vc$a~vc6SaHSfG&&l0rz)Jy#gk(nVq*4QX#D;L zlR6)e-uY5^mz)TkIJkVrXEO2pt&#A*T~XlJD_{*I_)zuhUYdW)y*g$N(Q?FT1>!c? z7Q8bP45pR8&hIiZdTE)WJ4u>*M)-vt_-H`3hCnx~&9laR&?1|x_|dm%^45Rm5yJ`$tYAHy248@qBF@ciwjtgj#@ z)Pug~yrsK2k2nA0Pqm2AK#}tvoRjMQnr^}i|7(eNZA2$n#Ix#G)PJZz$UwlhagX^o zqLhAOG5#M?f&#(;OTld3W>8b{w&d21{}!5f;30SysldzcuxNa6zTl*-|zcY9TxOjHSX~#pG&p%J=_6?I9z>D+N8x)MH|3U zpP6PL`wsb}z?R_JN)?8(np-)chP4QAKO5a$KYL`pi*B{Ce%z@2<iRhQQ1I-A^<$EsmqTxi4|?hAtOC5)n0BnzdAMAtV@ZoMUcgJ#gu%7^j@IbrU) zBz|%MFNw)9CKAK*oST_+Z%b@?R<$6+wm2L1L|r%GWms?@H1c~cRu1@07=s8K(IP*9sVqu-&A$$#ccbyruiYBd%cn}{P3f1q$VkGC!5_}} zDtBCOl;ope=XbS?S^g0h=y4=KQU68()4vB*zAqyEuTM4-+Rl+^_2zf;4rbJAK%LjP zvsARrQ3*nKHxw=8X#`e_NgKt<4EO|N8vWU=d4cd-vUX(VENQ{O-T!^4drY$bBG&Z; zHe26es{Mk~Pn8NYZgl&_|ya$D7AKdtu+Z_;yBcj?T7H3`?r^ z-}%Lk2t%sXW(|V{&tORCP?G-jDb;kVGvh~8glh=n(M|S(rjGA2;^r0bw)i|rNL6woR zxk5ZTOADnbSENdrX%1nuyEeOP(}w9fPtBKNM_(7QxLf@3sU1s72QiVRU)3siW8EK8 zg)UflBU0%Wr=HC}_d*3#2ds>f;7i5)YQ-ZqDmB%FyimDi;tef@- zbW`o|ky)OCvXtN(M*L~~m5)nB05!9b>+l+^(cb4aJ!-E_dLAUb;BdY{=s;KrUhV%kg$ik?UN6 zKvV0n(W}y!=uJAQ?;G&v&Yf*?pvxLtCh2f3-Oqge(N=EjqVZC~-o*D75miJ{dmSZl?a!oxf$h%)lDt0$EVAQ%1&@=3;#`e+0>ZU^`@VjYY80XW`M zqa*^};0#L<;Q+Ssr(&6YTAEe-qkoqeK}|_4w}D@8ZOlCt9gps-QO8H>+%2}NIrHCGD8MpJIM^{j2BnEIzn_BTLJQ?Ln} zO6*1ih|6>pDf)xa9_pGCtiOxf^#77(i$XIRY;8S>-Xtu050 z0TGmZb$e@u%`sXvg>Sda532;DEKI~S?2Ld7no-0E=&F(IcI-Ya=Ah15zcv2xH zPS@;Vk7{#oA>Lm9?dt$Qi|jY~t@ba=`T@KC5|tVWFht69?JXpXBqa!*RL1F4dK26S z#s>-)!}Ft*!?WI5K)&txpWVVz4B%oW59zQXA=)K*A@t3NvAxX<(t5^NlVOqv4deNl zDh>woi7ii>2napU5s>e8lfkt5+Qr?}2MwbgNiH}FV%;xYMw5wyCtIbxSn?*lS7GBv zbb?fI?J*($HBB)#9UvEAGr8O9Y-L6W0$Te+&%W81WP;UtZ7VQ1xwqp<5n2f#U3>)C z!az8-iV=DF2p6BUm^STv9DDFr9q03E1dF*HcJO-scbEaXLIXhAgtA8N#!gMfqJXUy zV@d#zl{fUshewd;A}M0|TJPn?5x+y~!MaY&Xwc02 zid-qs&zq8Weu1^(vVJUk_VGqMk>i)dt`NKqnb8zcW;UlQe*L9xEq4KRXp7}`z|{A@ z<%bX<*fQpGA77X+ zHYcz31E_CE%$j8!+;1ZOVzGJ&s@M}?I4G_|P)42n8mO~;vg*d*sOn^OjZM?p3XQ;E zKSv4>EX1#+Up8S*mn*CVf>txV%N@yeRVJXAnS|p;fC-aZqM{Sy1}b_yq;%fB;Y2f@ zi!s5?g(X)q{+{z8tV5#bN4K#DUZ{%sfgT%eR*?vd5k3;Y1{d7$>?WSW&3jk4rH&7* zTzU5Ox@2GZRUD&5FhCubi^&k%7*SRaga$}UaIN@5Ga5UfZX*sB_Ks@hS5ohIBvw(=w_Zy-ZihOZxPEl#_we!SMj>m)8yxmt$YqAV9Nii1 zkv0N6>%=yJJ;3kTjLQS8Y~^$IMwL8l6$cz$#YoPQ!f$7*r<$i(8HZPP2&G_y!yehl z`X?+v4HPZ_;lu0WMGiB?N7DRr`0R+%;TJ;3ZT@r=K=jTuuXbZEA8=hgYa^kRkIw)Z zKSEdaMIdkdNdzE}nwzf4i>daayKr57!tA=|t`&BW4lT%^TOzwf_^pTX>T^ zh)$0ou%-)#x&4FKHUf)8pG1tZ%=R=k1Dw!Y7I)hs1=%i2ZmGit*oXO+kFp!=P^mrf z7r3F^7QOIxkW+*e!w}2Rm05zYF~*HBG3vBEv9ILqZ@`Q6 z(`jRcoepLwWVly7tXh4j+G*)YfZsA?T1TO3N^fKy(ZLiE2Ec?MV&g|&P>?jEQ zjPjh_%B~GgK1k{Ju0P=kO?czZaKoLDM;=AUiRV!tT?z81x zqwJ&ryQ~vPWD--ZnXT#Zq9iunU&W8*wb@3}0>@0(X z_0%k%cY=O6d{yDgwI+c4sjnYtGPoV<2GyjA$?`~i!#S~eepX^g`6>4l)kJHcqZtk3 zW#moJC3DM?YZBl%g*h#ii|fHXAWt=Z!1fTY8v^f9}5Li)EFO3lZTO;ceD3>BGvqgx!<*KXwPa%3PYR`0zkx zvr?di6H9tm#uq7|H~FaL8VShe`?>9x(7FuD%@gItAjZ4^eNeMpJPV@ulm1IoOT4=H4)2Cyv;mXpL8Bn6}j=}M#)z^ok=?s zMU9AewFZ0uuXMsfJGDMx2`;MJ0_T03&d*1Q)&S zrCqhtnW?s0PMEGtc-f=Z-PG=T9Mgc`sqlKq>z^_Ig5~eBXJ78~S4L885u2ksu^5%T zXF2FEt6R*67f3AOnpN7ng#0NM=j^wguh3KE??c#2_;BLNvq7)F7Sm{zVF_aM>5<{Z zzBRo?Tp)8D?=bJscG)Ru{_M0b|3NY(E*twj9XMXp^3~U&sr0EGU!>EST5aI44E6mV z)u}()qT__7uhNXx;Zj_uEukrItdTQQv-78u)uAsBdwfC*KV16q#6`uhRyb9oihW(^ z6A&kP;hG^)Uv6X!4Kn}869w?^NL#0$f(BBBCONXpBTC4xwtHPF)bpJr4&N;X@!A~E z^(O(Vm6|S8>25^@9fYK(S)dA~ z6bGJ|@LTewSy0-`7uQfd;GY5c zDeNc7cAO&e;I4OpP^==lHcj95QaUu*mIF?AUygUU^+AhuYIx{VeO7_gemHLzPy2LN z)LT1d4zJPc2}Np$AFi#Rla<)ci;6`5=$iJqhdBR%&{~)dP%cC1UaoqjCG+()t>8u+>(*-jSe(x<%-NTX1&#|5! z^2hW@2kn*kR_9P!oXvcsDCwz*AdnLRi+nza6}T%lv+^Zdl*R4QGTT$~Z8&208>yIz zJcDk-vygPdi=Oq z7RQ13s@$4|kz&9^6Ju%-5zfBj$Wu}9$P{So*(pg@Qo{qmJ?#8n+^43!lacnm>t~uo zbt%T(?bF(_ZzaGqk#GSk6t3B=KW@bn>L9{*>Rf!NG9D9Y^JUGNXmGdMpxCSWW(KG5W){k2eLtNrWp zi+f@JtibmtW8ZMMTI>4Ka-D~6tQ;*MNHsiZv>zifruN7SM+v8NZgQuJXaI`OA5c?Fmvo&5!dh!zbQYhK@B5@XVb_csZAdCIKWp3TwI5%AP32yMPwH@tVLbH^$~Mpbm$YnwkFW^sKF8f>x?3Szf^c7ARt$G?{cq@6d3-1Rqb%Z8bT-lVph-;Xfoo+4lzN<);h_a z7a%PP97m%3shqH15Z`gHW9zj-ieX03OlZ)D*dj4Xx@8JU7sOh+1U{T?-g4ZrPQ4HQ z9zfG6qz#QY{P!lo;*3PFLTle8Aa+&5SSzA2guOO6?AnDKVPHECpu}we-jZihj7R}s zEF4=VMfqI^z#6UQQqt+rhlxX~c!tA!8Ou7`tfScl3vz8BJ%+{D1@Q%@xQur6?Vu&W z>-@hv#S^s=@1#wD{Q`*BOA%G)joIL4qm)@S@+uxkZQVrPu@xG5pZqhK!U6z0bO#vV zfGD`B=ple~=;^qrc2SB?B^Mxo7xn^G`wF=mD-swm>EQL^7)pl&di1%l!H3^poGk37 z<=o75U)Bm}CCFKY({;r8$*94KBH_n$IduC__l+&IV*me|mhyrDL?B)3=yX-~ zx^$@})sc@g+$L1<4&`MK5`!LQgsCu&y0y2=?pkNwg6z#-p!Z$9YqH4?Vgn)cp7%>n zkLdbi@s}Qu(43mR6XhfF&6&za#! zfk=V=SoyUM29#_#3iz7VV$$7g>EP^FH3ixn@ZOEX7s!-Qh-_gEe!Kgt@OvOdW8=vf zcR%(R5Udd>*mL}^y|dGTB__=WQ;q{oJ%q(s#hZu=1CN+9Rod6|3Va~9U_Pc5^>a@z z&l*=K0^3x89YA8N9p9ftC`Vsx-x6*}(dy?2ZD;2u0m9vJn#eWKDG1}z(;);6Gi zan6-WiMb>A*Rto~JIP+e1T83*4YN-X60o>PEUwABVzTyZruGQPU)_0eLM=2=czpS8l$eCuSGnyXRYh^(FFC)KlCh(Sa`c zd}1!|x}Zz1-u59@aTB%5`-JuI3&2@+&RpOlFk3>gpi>vr*64deIXdh6)$3l(XuskPn_2hiWhMEJD|s+ z@%b5$rMh2OZzs--zs?GYzgkNCthC!zvL?&L2!rthr-^@dYT{G2o6J){dc*X+^iAq7 z%{?-v*3q8!^zlwAOc;sKVi#@eru69Hro!M(M$Z`e$!PYF@3V6?P<(oXB;_P3s}x`A zt$|VTa;TI6pdex9f@2oMM0J-iMA;a0tk`L zhm9;-#_W;2D`TXpw@#d;YHjU;1^x z9_bAG3vE-X*32O95h4$i5uZQ@lqA^F<0U)c_{U53Mzfg2EkTGXKB7P*e55QxwF)1e zcvRO$nJMz}-UJG`r*Po7`9)b7=myPFr>vqf^%m13a(31G!!L9N#_c6`MumH!qu%1^ zyqm)$p@TStDJVu8-dOlj&5m0l<#7Bg&ZL$;ZO`)k+eQdF4ju z4LzmxWI3A@d6RD+ecPN;VLViIC0g}f?8)~Sv`q!VfTX>i#O`3PX;BKLC`&1cqDYOH zDV1Cq>eJ?;;gB3>OvXfO9lUAdLtR+F&hCMxr+g8<#I{$OhK2A-E)&`r$)wmeVQRQp zP^q93N2Ve7QN;O}G3V1I?tzoHV+#~YkI4lfX)X9G44kKDpkx9g@*lrwSLe%xR;`cd zvC1SRc)Rf7ZGPQw&yohfn$5t=J_Y05P1^}yQ_E|Q*e+Idwt2Zr@lxPZ3K9mfnCZt( z_S}T@Vy@tC-l=g++Tkllhw_pB^v?kEcF7`oU~HdG44DW5}}1`wt!v;un6o;A5h3a zwLAe5;BPZ^dWRA~CqVfA#?WKDvZ94c+&d3I#5{`y!bd@jG@Nvvk0WehBi9+-+mv7- ze97dKfo~FbL<6Iu)A7a2=Q&87#QxW4TH42trnlY#ywj!Mk9rtd4R_Gsmnt#7yN(>={IpT>s-Xffb3;>dIWw!ED|Hyp{F#f{=E@r=Q>n&8azz3YmVBR~J+gGyQf9_ed zwz3J2avWb=mtPou`xdyFi{@+c4t>mqmn}%p;i4wjWb>d@(ynX+-7POjjnTF-?x0(CbvQTe>`4S7Obvo# zEathWV#wyj^XTf9$7W2@ef)M*K{z8}b_p2S4Y+<^%IHn7H3V)_d#S20kop@x{DN47 zHJa~n)a52g)+HqRhM+|5OD23}vt~Jxmrju!L9~vbRo0$R4!$C3QKF_*)8-!kM=GhN zgx1rpEK{CHI1E}3*X2=Yx((kmxv7+v`*?1a*Vgs|=onu^$#{dcxWdkUbS*@an!* zRDY)X3A)BFV1Y^dr~>IXY3s;TH3PvTiD*?udm)Q22+it8dtU-yeZ>W}GWgL#S~b9r zC<_D3f3^WMCAxxH@}lUihcnz3FgaJ4Jg6xPOYzxI97JmgZj!`iomJr#eoShAm~RLQ z4h1P$RcnVB#s|^^;q{k7fctDvm^yCvr#eKJOsqJa$ z>Rlo9q(zENV=3NueArB2{MAby7I+t#~Ky6M1}$nDO)O3_<* zk)f@$%(Ib!BGTf zVmnB^OL)<1xOX${uwi|FhJSv>!^1GjA5HsAaqk>N7C%I#D9M)k8zSn?w3vH^m)QEV zcm2i&Qc1<%Nmyfk3-@Vhb_rBpOE zE(i(@&2oZ@<#_lOsT`otsR~tJZHgxw@t|>xi9dQEBs5kp)f3kVYP6EO}2!xviG#^3cC~ zkc_~)^x9)90Y*tFhmwj5ae{jSpp%!n3egGZ36sZoZsGayzSr^mMb?5(972T4;-@50#EtaQi&HrZH()>rbv5a`^WJuJ??E%MuBvBXmI|^^kZz zZfSMzwEAM)B1wD@o;LUf>-?zfn^Bd6(Uw{yG9;c%*|%s zK)iwJWC%OpTTwBmCQwnK+7pI^EiwDp3m;@Qrv*J{1%r8>H!HtHhqhF`F2A6ZfeEx% zN|us?xX|Tt^yjymgo?MhUFBfj?RVO|(;Z(3yg)=ZHyp}-vfOVY9>+t(~^fm|%W14LDCb;PQP9Z!Iia;t-*NJW* zvw0<#^GYERroGh^pN%FzW0u2Evz!YNPetLMMe7@r7?n6J_dGs^DI~<~d8j^7>pz|X zjj?lj-aTmq9d7j9RRg%m=a8qpN8n5>iG0Iw_Lp<2Mn@T3`AmL$A(D!6;@X$KAb7+s zQB93y39zH4oMQk3q1EpffETm)t{Lktd@s=J&UO0bR&=E^kf}>m_BRcPA9(tqQk_4r zW=x>X^7s#sc7-b7x9x>AD-=fUxi#ZRXmr`csoEx4h^1*^az_!%(rI3hf=7ZTe;Hts zwOBgB8wqPX&BDtlbIx*u)joBH8Cg`NanrX5eb8u)YP!?z(&{6%ed_@sE*t(^&;a2w zkSb|>A5cp#*~oF)-IqS(T(b*C<3|dhqmq1YN~s=n_lv8Nhek-rpd%%HyBrzWw6XoZ z$|T;I_KHo3_hD=fl-O>*Xqjbl`51Eq^K@1^m@==0>L@oX`ZZD((&yS+8UmN$au;Fd z$s_V45Z`_mImRYLZ6m6EKJ8FqH;}Of)pKCGz_sUL!SZYEWqH9G&Bb?pJZ6U3oR%$c zH!oNqZ_tUiP4ONIfE*Mf}~K89u}1V;CoZO5(KQjUAuXAtzOuPQGO&8AKDI zlA9l1#Bn5@rF5_pUfc87^DTsYV|PQsD`D{jUt4E%Hel~#r{hrwZlk(%fHBs#CuPG(I@S&JzyIoixwL96cO@**YUyz=> z=q%wPjUqijRoAGDpd&Z8l1|(o4Ffg-(7s+%c-8~&FF^*#iP2bPG~Z#YZFSHpYD&fM zVDRE0NZ=n*(TJn-Bwb>eJ14X=d|QQoyW3#5q}*(g$!jbnaF-C$d=AnF`Bd6fl#hfr zdf~aC>f2VSz`%MlSB%X)5zrQZ^JC4R5h>Qk@htwvLOA;f>VB6fooz;^vPOFeaWuYa zryEYyGB`ui^B&H=O5iT(E`Hdkcq`JVNzkk}pc33nXGHrR(QRl}2Er7g1A{SpUGYUh znU>sH35LWW#kFZf)C;5c*3r1`?Kzl0>k@+)c(KU^l*fkNonxi-Hb6+EYDM#0%h$3~~s5y)%9@U-1JfnG4s$a781k43% zohJ=mFgY46#(yw#J(_8SOZ+CQb|zn(f&2;$AzHmJH$Bg3Nh@N_6H!az_o8#```PaA zqk5h5Dqu95iV%NcpYE%h8!6AnBv@xz_abczs%Qk^3bEva3jq>Lv^QxJg^AXYifGe_FF5>15+Wu%k00UdcEj9` zKylnn(VgLv&m2b$>x;aw!eelCF?%E}T9=vQ?;!Qz%m_9Q2l19c5zH~vtt~kxF$X(` z^tFW#_S7(?4N zY^4G&RQFoi)DimGU*sp~R3(iC6K@{#(7qD@h;&^4%Akr$#1#mocrBcidydJhYK3A; zFp|4^vx^-^LHYDxbY9Y&?6sS5V!C5Na<7k~!!@hVx6qzKlT`Vn6E8>iE*In9{c5nx z$dg^wHs69c*BGI^25R#x7-iQ65YI`wUJ`2eq&IUMHW+(OR(TrYt9S3uy7M&ir?!wb za3CE)QRVjA7z!{2>jbG$RbH2)EG*vq&~Ho9Ok)e(~sqx+5RARjYrYwR_$-!Y)0xL85#?B_nCK*(XHqb_YZ9w zs51ujR#HQh&vZ22f6{r^q8Mz0GEzfm{*419uyH{SL~$@gD7bCjy2af{6~lMk|0Q5N z9iR|(FhW@Z_L_@YEL){Q4H!uS)n<8y`RD_8#Plr02>H5PD49d$v>Fu#z44+Nf%^hl zk@ycNcJd(Q;FlyMK_h?AN96I1xQ@^-!Mm<)*OmKXz}-~}BDKM|)8G1Z3xfplN`C!0 zGA!>v3F8T?=Os^?=NRr)idgF+Tl*TTTPejy4e~Q+C$?;jh05gpS2+S$-;bIkts@t3 z+n$n|lbnPTngCSWZDI(5%GK+l#8LG>LILcLPz-Gz0pbBNW&0Q1TwErgk;DVWwy_ta z9yDu>fl+rtKeW0~noE6>XIvf70czN{CA59QD0GyLx%0uTygsHj6Gno)ZX~0u!NK6G zUC`9Nh!>q){_B*w7X;o+&I})PW1XIaeTP>B3OM78;QK^5@DkV==(-c ze^ZXA7=$BRS-S2!pBz^AfW|q1{#IDpJ*LLb?0$&6W{MNdrd$0 z$jD9<*rfcnuReK~x8;efnrz$1YIt<}r62B-Za)siAOS(D(!tM_EP?8b)y>$B;^U zR`@AJjx*Y6H(aLeT{h$vPtVqgkUqYFpHTW~Pu!)e0`+=I&EGp}GWLnY~~V&4z_PT8V0Yc>AVsh86|5hXC^$hXEdc1gTxC zc^F5#j6#~)t|1vuC2EpMg)*7b7Z&KHjj`ncJDU{R3+B{+!Ti(!%Q|R)es~G1WOlFf zNzy%sO6ap>5DDVJzjjQieO`<7hMBM@&9MP+c0)hza@TQQq94)=6<%H6$QE#EyZ&~- z4V7VZ!-8kx1Z2mHjme_m1wccQX0C&_uc#pRVm8a`2=wOz?S{%qJbS37Zkw-8c$Q>H z{aY@>n3Sa87bY?xw4rSfLO)jZZ(MM%9d^U3&~;S#ay{yD1#X?;Z7{B#6Z->C z!v&-Z80P5ltWh!A`=(Wy8V(Ozm(tmyhSz(fUPK!wl?M`E8h1w(6v|N8%q^w$=vQ^= zj#omI{ZKQ{K3c7#`Xl4(s>or$NI-XJELCd7tmM3xQxsTVcrGtm$q-$Hgd1IcfP3*U zi|=w2R?w&+ym8LUKT44a{r#Qv5_G@fIM!)?c(Fu7U<%|*yW|u|3!T!wh@F+>dH3pV zanSx)x8B?| zay;xhY?y%MdPs-_d_fFQYo7sh-J-jAX3vj9p>{7;E3`2U-dzt$ffo~>bag{eEr{Yq zz1jSZ5U|FN#(^+IS(bQy-H8v8d-7hCO)XIJsVMT{InWPp(Q`ir_fv@@qO+mbA@;yF zT>NYieGQT`EK5|(AnI3V7PlQT3>(w$>gPo;t0<&{D=NTB#E8tM~d{*uo0>c>nD3j zeRpCR(WwSrpLkE7xWZi&tPtBn>Tr#HVG#BwmZAkrJq&MuNx>h)B57eU?=mHhHgnJBHj@mEP zgQP8Z;?pVD58UnmsnD4^9f;JHpB_K$1SVSErT4wj37RT_naY{w|}up(yGKFsaX1gbn6fn|IeXXc zdk~POX9xe>&==^{QBoISugH&n3`LEr$?1$s^QN;T@)`(%fJ1%+Kf~oB4L~ywJEbct zsBWnem~&;ott+4we(ZrZ{9kPXXr+?FkPJly*#gp zt647V!y&p#SNiWgyLji*=^Y0>FCnlYoi34z$wOC0&g_|f{8OGYB`;}3k9Icd#X6J-C_egVA#vOHMAiFn6~Kf!)hnEJMOqoRoth%c z7^z)ok|Mr5-q>HKddHdU7Z0R`_ra!=sf^uTZ~Jc8Cej|*Fz|`Wr&pn*9TyvaEO*l! zT(9W^kfp=_^R~X*Hh}`_<_~;$B}=9SqI+VfbOHSb`BkZdRD(J}Kme5MRL^Mz_k^?GC|=;0!LMt>6U3bF~Dvd3Ba>1fd!myV@~bLXZaG>lG$MJ&zgWv z%qToS+tYV#F`u(zI9(3-=l8|D7W<9`yT+WUjIw#VQbiAzU0{sb3}`CNi5z%}qjLJj zppUVCdL=K1>-tOfM*cf8-w&|DwAq$1fkm`H5oC=%1don8|F2!z|BvqS^IW|;oFW{Y zAnIf4`KNV8)_SZ9d$bJv>v$vnwAcUk;{}vPeLCtoeW8j1>dyD0KnB_<28LY;^O*Q-ac$GX067_$t(O2+<@m4uG(N5AVJI&XYIqf$6)Los380aLVX< zK@o0Vdv9sBolm|-K$4KnT-Y!hnu!J|j+fA${VwG`m!uw4Vb`8=X?8@Q%%d$slIpP1 zeYiblbf{!V!Lw>nVA?h5Ri3KhWWu}W~VA$BUF z2)ktZR(o^0=H$^xgS~)}g!+Uc^$iMJrYOa;15>;#W;d?*?AZ!3{h1YcA1)aQH9PoL zs%=O#e-_CeaK`Z2xdFW=SAX-y=1iUakcxI)-plged^ZOJLX?&O#qJ8AB<80k$9v8?e3p$c0f{SU$! zlUbfMN5N!K1?L-AGk-6}n+qY~%imem)LAuJ3=N~GSPW(xBC=kmJ-l4ESX)3og&mfY z!|lrb=D_7<4Gm)|JQB!xhM9;KV-?HoI_@#=qAgXV!eQS*Jn^|5 z-tzd)=StAYAdxY(_p|{Y$+We3Zi4jLg;nb2N3AD%x9Hox+6N;{Bm;L^BdB*QNn0>B zA9I)_U09y2w}CC2e3;+i*0I4^9qBe5y>*mmPAtWkF&1E4L^zRM88=#2IZ#dkD?X4i z6`2tneert@gA##`JTL{ki4u1saqdPLmc??iD>Fu`lefq{?2%4CtBJ`V^P+@l&qH-7 zF_W~f(p0p4t@Hd~7FaPS28?WHqoY@UMg2N$<3RD((mB`s2yKT1y|=SdVsH7=F5)x^ zY>pQx6S!#6`xL2u)H zT^10Ib>hb=Obhh9?xW#FB$p7y=M9N-AzGS^KC`#%@orS_67*%_iK1BY+~c!Lwh4^Q zjP$w}8k7FO4yS6zT#ahD0J9-2+ppfKU&OZ+w31-JsNXgyeCJoICNQ+dT4E%)s*vjI z?d0IGvynp=LW}lGfUFS%Ss`kd_(@yPgc}}8t(O!V_d;OH-cKD8!HiTM4kD;z}4*T^x($1T8lJnstBlztLqDs^3h+E$>F0b{-A zC|F9UdD}(bOAxX(+8JRCok}m@cz&Zf+k|+yyJ*U#UQ>o8e5dH!k~Qw};BJvEsa#&5 z11){bg~s_m5C~-hHw)`6iu?gD&t+qF&0?D_Q?IytUFJ}!<DAXs@y_*g9%>l;&5IZ%HWNoe>UM-JMIcm>ge6I4T|(3&hy8>A54mDpS;rBj|S zB<`+_g^im$*3R;({ViRd;RmpN4vOCFPI;xX7szgIRg(OWo1M7b?`TvhQ89+UT|}3D z0D&pk?`h_|gMNHnF{wGc{BgIQIz$o!iaH+zv!+_zD_eyX2g+sKbOoY=v0mKZ_PygC zMrp8+W`|hWVi*M#d-f}78$(7T`TXm?2gL=({Su>6W#hy0u!x<|(i8fUw{!4oKd}BN zmAhAz{3zx?)Tz(eKoGNb+neQ1_tV$e6~}gJR4#TUan1^wg$`p43Qc6iR4tz_!8i8# zS`nqIL3G{^6d8{2686j&eQU^l`r?yh6LFuXOUdhBJMTao>W~+3?RI05HpvaM4@F}D5nk%3^rncE7)OU83$=#Y z(NTO)g=lb%twBVpuoxj=6mlJprj41Z6mvAu22mSPdf|)E0sOLdo}jJkHWc*x17cq2 za5)Mv=U!MRE%y0W`CUDaW8S5{W$Tdm>bHO3kd|iNr0$=6 z(`0wMj;48B<9g6NoW%WmIF@=92I|=XJFUn(t}z>w*6m!@9PSQ?A8rpC-QjsqyNq=M zs5u1hk~P|}s>HA?L5eZ@CPZ@VEkxKr;R*T(RI<02yj<0TIsyF{0!c9`=Y2 z0eK45?$fj_5~Oe*y(~)gSN}oRefNQD(C|VOD@Glt*D$^bzov>yF|AYWL# zcwxmp_kcEsaDw`*Qu@PT>D9ZxKS8oskW!WlCqMOoOYU-C<@G5IW0sx@dcACfP(QX@ z4-ZmR`O}gk!DQYkfarkF_}TwXpBY3PKa9z^#pBQmUffc?n(^XR+V)F!FP?SQiU1pm z$lt^PnJm|vUVi@*>lddH1FB^JD%dlE@M7La{S^FOz7rL%qhPN+zxna>ov z>ibWX!@zL2Ul2J{8H3|;#A*CF6iGIH`gY~3{K}^>$DH5yaPfCbGerfKrV_t|bCXOC zw2>cUS6(w*h~kW%B#Oc{9mT#YS8{ZN-ZoPI-fttn|JgqU^z@sQbe%E6)6?d~!RWN< z3>Ut5VUd3P==^gjXWL|LMyNU%NIhQu3=rshoD3MpWm~SDAU0C_|CC(n6^_s4|0rJ@eH~_TPx7d7QM=H(aLXSLIy;y{{kr%IR8)iQxJZyY)ARwsC48+ z3!hgsS8@Ir1qxR?*8&x>N*-e7(~o=7M+tNkT>BO7=_vZzJSnmFrukw?&fh#jP*+$B z{**j$#qAdXe%A2h8yEIlKcEI?0B~z6qe|`g>SKq(Y@~b3yePW|TC<dW&W4vg_5ymIMJoYCLtM7>ZC8K~>1I8!e7NdPspcJbn`yQ5U( zV=r+^DTt!NM17$Ho1?9jOcCgqkSh^0ohL#)B%WlvBDtbtLLMxfULU~79sZ!S5b*GG zbGZu6Vg3>mZ`2n?`Vw4I1j{hCUaewm;L73YL$>IlSB9_XL4hW{k*@L^tvis{@#$HO zyfc13>dOs)ajYEsPtZOj>D-J=ltewm(!dnzJ3;@D0yQ+%5f5c3P~nLM916mdJhp%M zdXyqfXm}X$oj)1liN|X+MmxgMQC}j#Y>vpuBowvi^{7j>0#WPf39-4SanIBi1%gI# zo??lo+~{-TpO73(3s{R5jj5XCR(HLB`!A zqXX?f5v<#hOhhQOpHSi@%2)WOkBH0@_=juvMO_n>|I*QEnGZWxR5?cw}ZTKE8GC$L_*U zwA$*{uC6EOtx6TH?pLCGt&|#)z~E-@y5A0wJQ?T0)-6KZ9Hb^`Ko}}N z;y+izR<1nZifnPCae>Zb>mILkzBT-@AM_J-Z50?pB*sNh!dBh|*%+FtW75X`PxqHF z+r{oV2t^)eW%+1l)Fg{P6{|iZG*{X^JT>)y_U3+UbUL>CXAiE5CdOlHyUb~Gm#vz#uI{LKZ2EE$dGf6Or_9Ss#v(CKWmSZFM*W_ZJ@w&(3A&#jG4Nx*-<_5O z|5=x*w#}|NKOpDORzA8FQ8QcYXQ(Rr*Gd6|vF5<720`o}z51Bqt=+(^=35!VTu$%= zYO%c!WwJjf)DQip4$~EvBg`SAcekwTCm4UaryuKdQ{EC<@WXrM|FPhhno5IJS6IjV zr_A2j;hV1f&US?PKNb0ys5440Z$Wd^O6Ey^?8RRN(Vp6$y$xoDbJ1)W71{|ur_ztD zma6;}Mr~!=T!Eh}xangW@v@&v5IDSZMaHOO&wyE-AklO#;x9~c16++ z?$&JqnxJ+{FFvhM{%1SPFTj0|Gd{mHtk8EdXw>~gk#z+Td3^|O_w1i-{I33pX;Pnx z(=9*7W~kx*#;s@TB_wsZTJ%`%^51TJYRmg)dUIqchZ*TkO;2|IaQ>;+YeIF$-3=1_ z*o7Y3j*P$1Zbo-Dr(YB{Jp76A0_yFT2On$)Hj0d;8ocA{h?Qm}@O8yE9R3Rh51`NW zhP)r3Tqqs?%Oit3quz;hfS$p3a9`8V-7}B23QvZ(d&HW&rfeItn3OKNZI9EvF$r!5w+sY^33J@KwNbK)U~z%TzGjPSYx#`DTc; z$^j17+IN(S7l@1FCwgxKoayU|xRI0{4SkXP6dp7IJ2wksaJJ29My^1c4>YLO?PVzR zxa$e)hU60$EM<@_0ke1&Y_3hkH0Al+)^6>@NSa)hB>1SMv{s-EmS5T*7ZB4rWd;o^wt^ zfu(=OIe{}%`ej}cDThb>8DSon-dldFo1Jv2R$o=pp zS1J0meb@SWZkvRJ_Kba3Zre>-t)WBwk@{cPzko)?w#i@fC$Ls|o}ex8d#Cw&oOjVwSr(MCOTN*)gPgCF!3Sy9tNVJH3@& z+26K}K2xjtV?-Q;b-SS4;DfrG!;&g{d6&rgK;hNV#txlQTwM%L8PrtTsx0_N1WCh3He4lF=O8~-p(~B(5u(TCA5q`YOLA=>mTb}l!QUraUZtpxvtEikR&`h!|>q+z7Kwlk! z3u;$Jt=?1HDy_NeXMJ{JLJ_@N5K5sC!;HzS-=J0w(wgOejPrxYaKadlOnNIapzNf? zcs@@mGN1AE<@OKAZ3WgT>SySXb?-!~>Tx^$<}B1kn%x?7y{_=V?5)Qn0s}mD zXAYQSHu8_ps}Y<_=d#{JJL7Ku29ZEs(U%fGXR-4%i*Di_!j-gmrK(*>t5W>tj?!PU z-0Af#%C{VP^2P0h$?5IOr4ottiar8QI#fF7Oj<=}!Is`T!o%=OtajET>_khe-`sXA zq_>VT16CcfGxzn5CavbVrFJBU7-I8TGHIMRWzv|l-j@HhWG2j}R0{K+zHQB|RF<+q zvBDofkQ2;|5s{jXbT0&P+624VCm2cm221Y2@Yl(jaK;-$q_f-@Ks403uYu7!J#i@1_d~P zJ{x+^t$n;-Or({A|#7C z@YTt-NY5JSY2%crQh(HOG9tizKXC5l5pB^OuL@%ETaD|Tg+!m2c_{$qX`Qfg@HS&f zYNN=M#^;N%&$fuS*b0*I>XH%2BsGAYQ#jMnUT+b8wqrC&T8F3kctrc+xImc0=Or`R zhZe&XsUnLQEo@>-4p_5VzWBEjwNiUHc%+ccb#E*GLa8-_E73GA5xXLP(>G4r$lFQqXPZ6pZpQlGsmP3z3KNiLQq!mxr(|z{ z;eQ%3Ab@=lE8FfKo5#USf9_=yfM4)%c4eHrg~2+4WjrM=d#5&hSzCrE&Hg{sq>Uf1-^6bj`&0V7!NY6=L$Oz*aA{Y zO5|MYDB}HhPSC^os^B4iv5c@r(0JU&P1XsH3{@1v8gIA|YA-XBQcbx`UY?JRvi1o&u`C2GewMTrTczM}@^+7SrIJ^QYmwMu47)SC$D?lTD<8t-7DMh;V4$HD zDO*w-StUAbz5MX4((bC|?(@0kgDQeKiM02R@8avw-G!O!YRYM*NN8WXmAldJ=tZ12 zw4D3Qi|JZwyY0}oY&3l;g^7-Skp<@(4~=HYwn$G=iL(levzB^~y_oEvh?+$S+rry? z1utR?tNU%85_kP^$patKs+Km`UgB$CJK%%7nV!q)Lo5ACj-w3w?2xcc5|7gzBT@aJ zauBETzM1CdJ1-il%-F#}<@(Q|msEbqNekwJd3G;&#Vl6TL9eC&DK#R!iXsNY!$WN{ z{2qn($~8tD^(U&bAL6qv!sWw!mUf2n>=PFDFD%UosU^Ua4AIRyzY|jc5Yvsm$Im!R zy+H!m1OwTKj_*&-~Zw zTeMtue$|E9k(63@>_ptv?ml`h<9wIY`PnjGje5UH#%PAzw$g0>P6|XnLB^?u+KB+& z?8>svH7$Pqtl~5LxP!|%RyDTJ9oqx}hd1UE(5HC6A+ZwdQZBsK^v=)7OzUP%oy`p! zmg@iVoZ9mP`nOg38W^7&hwALdLJ!N__TYXo%Q=D9Nach4of?x}h3zm1@qo6=b6*t* z{*lrdJ0|guH}94yg)GFJ{cQCm>vV~blT4nz2a`F^ax#}wm2TO}SEVoOCpK0rLj`Q- zgnG&<;TMf!@6SptCb-$f97i{>=)j(K77eoKuIL<0$L4YbQ-lnXRN9XJ zy!toGo#%b~Gk(LSv!z`yJTlb0PIqkz?%K0)9SWtD+cNU_jO}2!coz`SKT_qcVgY+m z)~nidlLCX$OpQtBM2lj(k@nnLPW?}i^oRjx50>ZqU*F)|(f&mo@#toMMkFKdL38Pv zET2@_%ZvSTTQa}A%Ie;o0+lX(L$yD@>-O4#^+eviosFdel~?7|izay%9*K?;vXhiq zN~0MO4xD^vUNemfX&lVGh5AQsY2Nvt8a$~?^ZCh3xyL4&2Q#txKzQ>m#^aE_Df2lW$Q@r^iWRce|$v8I7H-lP$JJQ2RSJla;K@Qp1;|W4m-nt<|Te@v4xi1>xvk zm81xLl3!*1l1$ssPlO%qlh40Q4SivQ9?f>?E{8_3t`ZT9VPwX!++}qw$p9XFP-;mX z)Rx1O-u^8q^EIfo2W+?~!Xz#hX}Mo~Q^ZRup*_jmBkTEG*})ij47Kd+&BEL@0-oHz z$1Pb~R~GK$3jf0GaIHqBwQSPQ+p7pA1PO7}WJ=V54fO&~&Y*pp`aM;+10cTOJJ)2( z-XR%xs{Ay!Lp^??%ROonE>D(r$6m{M>pcm>%&=dpR>LJzPr6@xZ_)2wK?$oJhqB@4 z5@IwoZ*7?^wDF~$%uZn zLw}*$Xx%1erJn7ta*fySZLU^^a_V!$<1Eh#yavDd{lX^}87iUMUxo{(%t~1ciVA>8eIxe`@WKa#CxdH;5l62>MnzR7X_DRi`ZLrZomISy(Bbxo2n3;JfXyXx{CQ<#q;df?e<_*qrXI^j2`b*IUW15IL>Fbp# zO26M_?kfT!ks6_sVfD+fMkG$!(?HLvKRm^fnuDlP`rp4>y#S>)O@jGHj(jW-rPOra z^X-e6qN{Ou=J6Z<0WA;nlq%8xrivD;W1qcDhxL5NQSY)D7nbgr?r*eelgKbXk@I2y zIr&QOSpnLApXFlJ{Mx=6E?wW$zW+=(v_TM3d57lrza@Qxa!|y4N(e134=BAr)b75B zOQfyNDR3>C{Ln`^i4hKUVf^(doezEBrC=qvn!{2HB{;t9E9}4VVe#991r7B+pQKI- z9t}tsl&Pn+y?q|rPmXtMxFpGAy$*=#Ygn1-In{JOxt&TS^DT8il(gZ zu?+6>?9QsUEhK;Bi(xDcV*@veGGWRAz;}jI24Mku-<8L&n~Qr^yH-~_W>(v>vi0V? z3_aYXML_{hzWT>UIafcK&6FIbx&8Khb-qyRK;F${Rg|%BqX&|EYDak4=aUZbkYX(U zkwLo>uVa6I+@|XDTpGp=Ymel5A#2yeYUa@2^)-*yf3V|-9_hXpQJ?D47pDtd?zsE? zlwt`zMUv3{Bj*+vmxmtxj^n&nTVC1pWXiRz4 z`!zQ6Kq_a}a4;ofW~~;^nIyOnnDEdn)=_LLOJc8lcORU7*9K05{dV|3_#f8Eb<;Pm zg`_-1mRPR2rbqbVC%?JoZSaQ6@i?n9XKQoc_z_7|xlbk2*oD8;tKEr(_e;_G56_K@ zCUHY5E!+P<&!@dTx^@S$9{FhbF)V_brL?;u{nY15pL8P{%3W2{^#dlv_PPzn?_8;o zbo&;z3*ptD8xiX_j@lN5&PIfnj?Po-j_H3Bn?@&MJ>7(f8MPyZ8KLnF+{fcifeiBS z%d5W^<0e|M!(dE-qv8e~f1TS>f!w!lOAm7c7kamDZm)+$S;yR|BlUcQ?1Y(R4<>P< zwtK@?cx@L9p<8&8S+B3}c>lz!)~XwOuF}4~es3>h^i>b;Q#ayT=#<2@riX7vz2@dN zPg0Q?^OyQ<9pfzZ%WjUCWp=x5*jd<=i-jpIM^70DKY%$XRIanUcODfTaSbz93)SNb zuS!|{GcYU78LevxaM{me1D z8Vi1I_irVo@DXX5>PU-bPZ!8ILhXxk_Ywurw;h~Z7fU8S8=N`X=1Ju)NOhU`toSMo z+WI7?d-xt5JN|gb#2*NK|@9L_9)NXhPxW- zg+oV!_Mab$(NW!l(BwabB(BjAoSEdT7i%@MS}KTWSAIpTG|!^X(xY-;*Y-hK=X0(` zmt1E5PYMyR3c9kOUr!TUo9G^@JpSrAPaLt|6ZRo#3ND4Lq4nqR%KUN``KwWX|49g2 zi2#EtmbEAEX88Sfej@7iV~fy&XR`tqNyvyJv~PsZRAqPMJt(a`O1E^SyEc(Ex?H?X zdf;{UVY2P=x(hAwzqj!Hu-uOwc$Cq z`Qm){O08?MaO5_({76+>J0x|^k6O}}yc&9qH}@lPIq`OTPhm7Bh%Ewo>wAIWi3|9x z?BAR1czZK4FSV}MwFp+8^>MZ6MvPVh_Jv^wisvD!<*r3j_GJpG+;6WOBwReRWlbj@ z#{OO%zySpht*QCK7}iMK%(f@Rg1$ZM!#rA|V8CFbRm+WXbTVs!&z877K;5IY8*z=ebbk*^wW45hY9IUU+zg({cZmV*yQR7>Z5 z$SEI>r?=y+)fDt#hAEsRX>S?Thb3gGR~E%1WcpmT~S1asB8$OFM^NOnxTE`i52NXWKh(w`l7*)E1` z^-$yj5lCDNM zm|dWeB#*#b(-6{p6j6`sn4mHGCTQj>_hZ8+R}-VCsafmm3S7@e zq*T9yLS-Wg%f?0N^jY|s`4DT))#fj&Q!9LrtM;{@Oq1hu^;eGy0~7ft&6b7jvn!*q zl?+j2pjxuj8EjWNB?2NlGGC@F_zQ@VQ!NYX&kf4dd44jBzS5ia+OWQ!S}<1oTDF3* z`xQV21`iJ6$uyr^*CrH9(nJJ{D{m+khP3BQDMXNUCzx|CrSdFD6p-=y=ke+e>-5tI zHYyVWXoE}yA;RJxYC-;6Kh-A8rzy!Kr1#95Sr?eqcRx9q&ZJn$O-s98BW ze3qXnk%ze#3Y;1A^&sazpHr!O!Qhz_P(6Swj)}orkB`v@`qTpP2A!;Y442PW5{)1& z>r<7Iy@r;{8pze1I0NcPnjt0sRzQCxgw-+hxq3zO{Ox_)K>E{7lu4ADr|60nllU&TskKeyWT(L?&uGJbJCuF^XK6;U+OkZJD`Ro z2;fe(hwNB$a-_zg{M)iw6fqR9(8S~HoBcf|OT9#!8&?D{Nb3Z=n){>6&ZT0;ygh!4 z)nPYE_WH#-xc;8#lqvQ2>#c=JZ5e$(4nCsIZZ-!w+cPL5{5jeuXF)V*USLxTg_i?srhfo@W$Y_2(R`QuWr1H3ES{ z_*ow1_x`QZ>zIOjJUUVH$}S|HD}UOIa>U;N{5tI+$zMIFb8}wY!a%=G|JCi|Omwx+*QaFOZrjsutdT0G7Wu!KNhf1ppgDfsba zdVBoDj~A-)$#DP-c=`U_WK196C<5&`tczeEfL^2B{RhyKiLs^wM~gvDkg~WovUXqJqvu(SgdIN z>d!Pbb&YY@k}^~c+M*ERBdU1x%XJ2@`&}q59h-YkkZ{aR!_}ouvFgFC!bg+|?89@S z9>0;^KeK5`U1zy#a+}o1PEvK81NHE4o)!+ghq*~I`rMgp=g>Z5ZTBNpcE<8=16{uYf{DGR>3Jz|DB&jyq79=_8 zCCC)lHWEHfOD%2qu(oyy&#?YD;oFIc-r|=hj`~i*HHon_l_Bl96!v%XMr~)Vi(CtS zcu3Q@ebCl-E{q9WxA@-?WTFbZEqHtfwsRalA>V!W?lJHwtLnt`;Sx0V;(vCF;?dc< z`Zf>GEEf+c5OTC@14tVvg2$Gc19aEi)8+h>G#{tm?dUHtsDqN-o9ulj5q_3|%{ToS z_O;qIN<3*q2))lII@_C;lVu;5IxjgPGchzTi~Ft>LKULk_h?>r{{Pr}^LVJ&|8HDL zijcBpOs!tWZX zqfVz&=f1yxd>_C2pY!;f^Wp7UUi<6$d|h1;wc;)rxdrzm%lgrxyH_W znOt2R(My0?p>A$X6VjD5#cL2;`V}KFE$i8z6{R`sN6dC0a_fh(sM{nTfpiV3%-`wB z9`}}X>z|fO+!*b(C2WZ|<@>m=w+ZRz2^Xj3!wB#DeC;9I+;sAIaE3na3*nTqOIZWL zZI`0F9BgoEhBnJ1%P#Mfn}f+UXhpGG!$You`-bK4GW<#m!o^H$uC+liBm&ixiAC7A@q}0gYSHj?Rd??c>i;u$OGW5MEYYI(-D4w z&Pim1$wbpUZ<|wiCS{tuh?jz3TW*gm!WPH~)HveUGY6CStTdyx;@0~!T|f}=P{ zK0$b6Gy4rJY1(|G0y~Zh95=lqnlAD+ihUWzO%H)^uv3;=_xkEH``W=Kf;w`c^8v{m z1lTeetvOR|J3;K|&L(sDz8rDGG{&GCPlhdbY=m|@W>06fRFBLMoiu0AuE%GN=xH@( zr4`{sT?pCZNAyWs)51>KOw`06WtxM;R_mSA)JU!QN{AiwvFSb&JrKYsuu%&i*4zxR z=Afb)*wbN-{4Q#(B-kEe7_G*$U}((hW^U#^?VcpOt73f+1MN7vLce@C-F;7}sIM@$ zpJte39s40K0fm}QlyAy5hg)Sd?ALfvI(xXc5z%Vz)Nz$h^yHSvrMWjckBK?oSeghm zJvs>LZj#(Ht{3Qx|8lT!I2bK>cIXd7=me|VwuxGd@s@}d?zW*Yajc)`{6`$wwzxYt z(gcyF+kr40RxChIjvSFSj=zlzkqoaa*qqT)6lFUO=41NF@uPZ)PB!=<_}Rp6qzus) zEC2e*YFh<_fd|{!JnHAmfN8rTj{Wnt6J9z09KZjEBpmSBh1D13dLhDtab7~`$V|_9 zCImZc7h8SS2Lmy=XRkA#6Z%8v&s3{jj_OrvzpF1Phk2rXQ@5`|$2}>xS?=MDhMc3C zVW&Za?1Tp1>E9nkKeQG?D{_t=kWNwnJqHa8Y2jqUQg^U1YV{e z`^>M}Sn0tj-L#wxjoB=un)o3JC2=6-*|Z`O`2sE)DxRgST}0T zj%+(ufu&xvmQ1F})nNx!1)JRb^zDs^i>Syas^!C5uYJf3U#M`mY~AD*y57VfJ9hrfp3XLQ>)abPtVNDn?!wdec8hp^bG6Xv`_C&V z*R@>cg9DPDIbAP1s-yP^7uNd}OFBgy=(swvh|P{PvMF(C>q+V&)^V!!p+Lo)vRSuW%2EJWT&$87;UMl=6ZkB-9 za_pe+AKE{;V z1|QrLiHiqMT|KO=^^$j+I8yYt>_Gxl*v^EVf;H3L@Z4n`Kzh$qG?NKGSY3iQuw#3E zNF<-cbJL~HPKk8bW@sF{*Hv#gDcI$*ItJ{Q0qoN7gL79!DJBV~?-UcayId9wT~Bn> zzL`Pf`m^np<^+$mp>or<@GRv1ZJ31+v^%-+0v4$1U1BmlHoKsX07>(s7OAt!&25k# zMc>@qEo2V~VS1y5r63@UskwCNsc8?XpiX8fGY{m`(B44V5gFQAPKd z#|@Ss4KrXyU85;m9XP|C+SDSEM;8*BG|oLhTfZ~?T#2G447NRwgl#Hu3&k-tPPl3% znLP+QH|+I}1xS8CL^h_WXtQow0g+&g6Xo+vYPoEnkWt33B*{L5ZLyRY^pYRkWw+2{j{)?$z7&DdJqikgi2?|Xghs9uM0uPEFf)hjWc)r487 zm=smPnIv%)MU~N@e!Qat+jT8ne3f(=r`qK61NKTvIl;Pf8?|$&f|t~VUvsT+GLMu49lkF-IE)@a7z?+} zw4L61H!QApiyx~_5^bvgtTV@32Gm~_lD+|4czD&`e! z+zwPMJenug3(l ziF*|tfP8fZ7J)q!Cay1#SCSohq^Qw3>HF}t&VV+fYq!T6j}AjCzFue3)K7mpj1sW& z&iZsl+?$?;hcao~WC(_`!u(XD${XtLqWtrc_Z360S*;1YpwpRN1GdZ4ngC}cCt_Z; zP*{;7y>n!^x&{(idaFutTiF5c>dcnJ)^_>U1Z<}NZR9yQawPI3&nA;LpX)6Z=tFtU z@#z~+`0_ME59Hn8_l#3p^xE=G0?Nh9m#Z1F8`De2%7@h4XPi2)Ii@IesQ~BJbtxU* zdV5ycr$ce#K2Ox{i4%q|_#i4ww1#zAzI+y8%qGwH=?Op3aLOgPTK(y2yF5DBVsTR! zTPSI~&+B!y<_jBv%?L>r@&iS0vb)?LVpW!pN>1`}A9SM`cCz6}b20QN;dyY3_q0ux zI-yWn!AnWZDlPB95^p$+^&8__i>fj2cd#G9WL^(t(e}0IKHe;% z)-vskJe@4svo@Mv@rAa^^C!#UZy~C|(cj${bFq=l^xG>|NN)UkEXH<|h&1*DmtKE& z3K4aLz;n0Ar=O5J3`fi!is$sk!zs?WZ!4bM{U(G2ayGF!yS7!{JoRt-t2QLndgjLb zivukP1Dw3-IwneCK5jZ~pU8K#rQ32n1+#Fftg!0$E^Q9S&K4!N_oH~;cMQ2BsRKmo?Dt^9%N zG>z(DsHb*BPjJ;?(eYBYmmy#8ejK6o`Mi*t+SIO3k5l# z+ju#p?f^wvvrYbSRAqm1j1cM_@@1&s0lMjTUrnE%-KoL)<}l1{(HKwzJit#q;GdN&pXmH0K862e;LA8)PrPnRlm%+J>IQ?AlW6dM5r zz^dnG|4&3jNR)bT*KvYj?Kg1a5a z@IzyzZLR&sg54uh-y}Tydexvu{Mo?tZtq#36Fhs8zjRC`%S`9kw@owZfuEM{^&IS| zA7?q%2{GPw`2BgG*0y?(!(`4a;gz@)y5Id}>_InhB@{Y!q^(+F>+y$YsdbQQ`!47j zd<(ER=KB)q7ttd@cH&`05Qms3$IwtAftt6|Sx$cbK9GJ`qD;@$VaE$9@Beu_90pby)8j z76hOV@t1a=WuF>N(H9=C81u_A+wg-kd*#>POS?(XYO4NRjiPUT8R1*-!9BgafEn5( z>7CB}UMhr3QRN%g`|UjcmvIN3!4;oI8!{-Atr*$6^r1~O=NrJ)!-mVSOn56(h{&$9 zCvD4Hs?RJn21IKJZjSB0jy_wz%0HqTV*P{gB zeR;7$RZJSkO^+s@fQNr|V4$JCqWUadPc`@Hc$Wl%ALt^zMIM{r|G|e1>-yN=GUu=m=Ssc6}6lujzaP zB)SVdyT^^68j0VX-DR%NQ94wIRhmJ!iM@5EZF7^|mL@c-fSMb z;l_?xwBXQuOOG`&wzI{i&%1XrI5IBs2iX%s?n3SKC@C$<fk_^~Ib3_4j7+Ok-EL#(fyILj@7H4xE{H2i>V-MV;~n*u5`{;P+Cu ztBdn|^|YY-yb=bam4!s>-5Li%Vv*yl-+m0T&^vtlTTC5@TvD3c7p+SH5`*n?FSHfK zHsE<~cdL9tZ!MneRyC>FkhR`F9e%Jc9~vvoeAc#^b|4Jrk09q4{rNXVmSNYSbP;_P z_?4fFoETcJ0JyE2w&10JZ$skb9EKBN*eQI;i zih>xL#eOdsjvQt5PwMmo!w>>H&)#{k?9kip5*hUN+pljFLa9^RRExkWjj8Y60Xj<` z)g3zJad(`il|znzZrJz577IBlUh`Pr#OZ|q<>!Y%NKJ)&58vra`4+gsmCeh&88j{$ z1-ZLGQ_a7I6va<&QFskOC)CJ zvIwIHOvM7pLt2g_zzEvI-d0{rwi>g{jT?*0YD&yj8#Vt!lGDqE_ku=bM(N1hB6LAB zjnp}amgJ6vSS`lYE-j}XDS1c;FZM=s?{+?Fi4;GH+b^D^L2iC&GWazFT(uH+^3EaW z;`;&8R5W$|E$-EfXKYkW=FnK|MfqHxkE!mWiWmQkf1&Et{0;ikieN6{y6bah`?`dE zO21|@rcG)w3zP|0oJ8~+r*yuB(! zNj!AsYTv4xLu-xyf>=GZAvL)IUvB)=spc=m`WkR?keXdi#&f!1SdkN??op9HL`B;3 z3e{Yt_!GxVuE2Z|@nwsJ%wjkwJ=k=u)AE+w8Ez5-yj$j#O#Z>QfxWvU7+=zIcO)<^3y3C z$vKdtXuH;_LR`^K{zAgdY=Vi3g4+ROECsELmDl9qgoUr$vxv_>WKbROd+XWx49*lV z5wzewpM@aVFUsr3B%=Xqr=cOURX%?xG#jCI?S1-_3)pw(FuT0i?qlt%MXmGN5Lfs` ztHs4+^|?ckEFGj=H~x014Yw?cyCng}Ml4??%GOL5>(-5Qw*%1GHQw_{#ftZ|uBbG; zWb*!7RljfIz3Z%_AyZI0eJymK^&d@I+s}8LLhGu&`HNV{4l6 zTT{%_(d_!EvbXXDk5f3F7U6Q}mZd>acZI9Obme=lk{Lj12mfV)4kD?(X%8m^!giW{ zEp8X2R>k={(sPxOOhIg)Z^llG@qI@>EGhdMQ99&lf#?B!BaiV1@Yb?d56n^EIUJk# z@js(dt1|Xy_{!!1T9nzy;2Hk4mg%RvKBaIVI&srcsV$)V9;AU7y$77$066!Yb7v}v zTaSyoL{}jnD;B&>j;QptLHpy8zSWo?u#XCoT3mBK+RUb`(HYU3qEtWmL!A*4b(vQ7 z;~rkNIoy=1YBPO0FOpXlO;<=gaVjHd&j7MyuUIIK{q;WfWb7fcl9TavW}~+Hhwy-* zl=PXwL%iQ9gt$3VTw)}X)}b?9HF^wyJHABzKhpvYQ{xZbbRTC1sZa^AN`TSMrHWdP z+nGx7QTV+*Zk=FU0}PkbG~ydWct|>?h4(i-(mZj00(82+))UTHuQ*2Wo*v=HA{V|5 z2QAtJLks;_yf*vszprQ4S_oypW)$4BjxRgde3WHx$qJL|+yj0$>_xf?KxwQkPzLFQ-8w_hKubN#C5#R8wtEL^D=ISv+IfIg(9ttCl~WM zZs+ZnZ7G7MldBF z62ot*UG~X54^Z2nMO13h!gI;mrWyc?`r75V23;xVRC;)3(G)%Z4#nKLf_yl2*6cC0 ztldPa1>XC z(0t%sJM*((UXl9Kr=|W1#~BDKNza9MgX-%{qrZz=ZoO_gox~_}ex86JWmeD1x5CiP z@*u)X6^(f%B4SK>R_jt~dCil(0qZ`2%Nbu1IbXDCVmwR7$Ro8~-e8?glO`p%^`FQ_ zk}Re{KeUow-u3Keulo=uaQYsV(G^C8Z`$p7zTA zPKlf0Co|v%E$mvLA_Gk9&fL{b+Zq$w%GVt9?z{BRqU|U{S-grQ9cK9630JP{kUgQ* ztQ>9fb1(S%xOlRTPp5;^`wWd!(OK?DvoR9>-8S5+CdYZ)@_E`o<<_;IsyVU&((?mZ_*(=_%np$P1W``2gL|$P*Rvm3 zc(t_x`UTm(M%n&$+BrE-xtphY=&3H4A@^!jdBqjSz8&jjAgkS+pSguYn}&M)9ZLc9 zH-6|)t5&p-oN?PDy(nuFocvBjdOHe-)xkYQ@gV(Do1~^Exae}PfzY%U|Fp6(a&))b z{DluN@2(X#F_3R5zAO2@{6Xkp1GVY%yMU1smt?sY*RQBf`{^1!p z-a-7hOVKCueV2lkhGxrV&^9nlMx`fGsf#@%s)fC2lh^bIJT<62MQN_3v~l0eDx(RM z&;vwN-!^=~HLtNfam|#8C6&tft}K*NPmKmBZLMj&4DVo}p^1_J+sY|}rYo#KXZokC zaG?<<#LY46Qd_+evf$SncgG%SAFQ)mdeLydb@7d;dl@d4c(`QnGILmV-y8lwujFb) z%0HjuEyoLQDsdReouaG?Ei)7_u|WA1Ac*bA_9EdMg3^p|Zit zp|3;~`{0c>0~7N_xIk<#QXD+;T#GLo$o8e;XZs29wsz7&J!9pQuV-gn*4Yvs0qS)8 zGACX_A?*?*tLX$O6ILjG#HKgQ`q6==^fe{chgH1=ug*!HvwxX+ zNXIYYs`$o(*YL2OfU+m^2> z5U&BX22Fd0(gW;dEHt~Xu!N%>OY*8E^H8|;H5=o4HApG8c?%kK4( zaa6;6)WT^^Z=?46-7fSuN%R(O&X{QOd9nQ6f9zs+WMLn3<`K3 z3@T@iPfav#*LyEk*}BS|U=6Hhy8f^qT6lR#`WDCk5Zej+&q@_MdNoMm{zTB#Vtd<~ zp>9yP1UzebYNGauI))=`Vr4u?%nb3|(b#OJAjuCs>X==z0X)@_yDqRjo)Lq4Bcu#9 z^(iOv)zt!S1P5)S6!|5;?cCRSRIFFuGIg8%9fS;vBz+8jLq0cd&RoCUzm<@uE970J z_7fr9(qSU-={|yG_u1Ri?-&)8e6N8kKfu4ze55k&qd4xk0=`e5bL5FL@?vC}Jq&{# z$9=iYuBMS?>uhlC^3L2EJrc7ohO6LPn{cW0^Ka_;6kQbBQkg6_HV4U9{=j(O%INx# zo;BvTQ?Mvm!#z+oL;?(Vc|(=58=1AQ5Utl?SZBNH!hu^6!|bhUU40sd?hEwGa8W6<>e1!+!* zIpxoYtaTaHEPsf(ab*K3jJOaM+Dj6XL>(QvoVX2b+jlYY_`GimJjyn1Zw1L7kLgDw zL9ad>k~gSR%#Lq#$N_XCFnB`J#dT9<_fQX7GZQ zq=3$?pT(uVffwOfC%cXf4T?531dV@Y7<*mB1gijjekzR1w@6p*dL|e?!Z73FmG+kT z+IBk1>o8^1W?1tL;Q#;(OfZ>N?vc&hpIQ3Mk@y(TZ`Q<88_X9AjCfhABy}t#)PO>K#lbvKns==pNyOwQ+d~;I`~I{<9TQJ4s`H z0-zI=T0Olv%M7UP<9?vF2MS!aUh^5dk?y&(B37WNH2n|NWM>OQS{1*YFIDCLkowRQ z+;(5>+L-gU>!CA-_c(2EUVe+oy|(pJBeq+BFrA21_Nwx-?y#@j=Er!QVHvG2N#iw_ z5!Jg-Avqe7#-FQ6vfxv_Y1U(X;HM`zT8^Fke1cWu9?yo^K^SmP7Wfz|SFVaD{zmQ2 z31$T4fKT|UF6d)V9`z<}#B_BRn>IAsQFp*b{AL&mh$?)yf z1a+u@yQ)2k#uHgHp?fbc>6T#UUFAC}xu$G4khIK@a|K&2|4;=IZ5|$bSwmq3JuU#I zkoT>psvk2@zeLcsrHJH*%}Tf4h{5^A49s+m_d9h>QWtf0@=p8Bozwb1`!2OSyU?q# z>5UxtVps#fYrmtG5>ja_nAS^ezXg!n${z#y9y%L>$g|OnEqaA{MSQ`obX(Aa@P!1o zCKy&F^ino~aSlK^Btct=8Ssl_5R}d~v8W3?YG)@i;8Auz6N?Ip0!RkIQaHlzLeqo5 z*cP+#xrSj5&C2jyp9xk!@mJ103;dvgy1J3pbs#UO_|LxvmhtNgr3HB`lt&G8V1E*P zWk4tVz)w(bj@yc$OpU4u(xKq6e&aYl-vTR`s`3+;*ibzIeu65o&ga8v`9NeG(Jj0S zOr-heuxd-VU!M>d^Z@Kc+iPxmInV{-Lm8d`b4-3BJlvET4KNe~Xl`by6tfqggULa% zu7f1?XEt;k5ea&Bz)7n)oZ}t7G+5`=qt05;vSwnzh2LMNzoOUD(2Jwk+Hv3eJ->0B z{1@v_f+MYSV`BxSh@zBVUpTcSsyTg{0g~mM|8ZsD!0gJvfq5hVEsDz(1IV%8r#9&9 ze8$h>gzrurFaxY-?((RklwY{9F^P$sDl$iaZqRKKxr0>e;y#q=$ptuOec~Xf0nzsb z3yI#bn|C2Y#sV76VUc#eh{~Jkj<^&d!QlYQIA=c0;MGpuCY?rMbag|jxI{AuyREF3 z?<8rUY4L7q*(%{yFM$n>Wxs0p;x@{Bh+F; zRpJJfCd15if-Y@VtLz?;k;WNU>1;~J3>7F|BrAY2yMn|b2$Na+qr{IOBfB@CIIoTi z*cU_7xMIam0!N~qv~kkBF1%J8ozf5mrU}SM9Se^7_1mF})ly4j?Q;m%Kw|C_ukQYb znfCA=RM+|IxmOqli35}2^R9KktJTBtGJGL%HfHx&(C%`<6@kTBaXWBo_BYY)zVK0t zoi3%eO~ukDF$?uv<$22ZIlS!NfoJh{k4&~7C#2-o#Txydjd-&{buok(mRhI{31h-S zF(P_Z-TK;+>kHMq)apIGZEQg2a)y1fXtXoX=(+CL_u!41{GlYC3HmsQh{xkWYPDhzVqjXz^ zB)!Y_=Xi0{DEcXDRvYs7{xG9}cOw4a3$c#DI^WuLX?tyQhd;=Rq~qA9!5=r=jC_aeKHmY>akiQ&?a;9i=^G@YccaX%NE=KZ_rhpHJ;wT-YB!czG!x zEI8Qt=6tsb!P8ECcq%7a{A*wV%=W}5Bc(Gk5y9Ks&gX_uv=|96!whS>G4z!{Ui&=V z>78Qaym$@CnkbH$pl;{L#zHGjH=Pjj5>hLA@9ZC%@jOkgU0ZSJ{cf{**Gt11Vow^{ zSAXU-V8ef=JIm1nx|Y{l20Z2XVwadbQCcjQ&ApQ>*80xsiN3`kdw@o|$D^ql%Frib zje3)y!#LOx{s;S97HhOEr`qJm)Jz4`&nBMZZHKG}o!_2{@L6X~=gN-iO_H-d@>&xm zX+aRq_;WhMjoxw`HhB$~oQsL6Jj6wE0ukMz=72+B2DV6j#>|N0YJV#5EW4YMdJ^f0 zoMIz2H(77gUM81R1$3@C%Hoy~iMdC3Wy`^Ao>wA?q-De5c-L6vJ~Rv3%{L*f>>Utz z;*je*g^KWt_=jluJ>sC_hv(Ue7ggbTOI++%L?5V*j@-@u%tq!fVkST05CZ0k-P__dtR4(OV;>m!+6(I=y6fOC9h+ zNOGMZ-9PXb!vKW>;DDZ)=$b@&ZjG+D z9*F@O4>aXcbJd%QznUH}LQK43ps-D>^#mPug_U?9`cqcsrBf8$N5b6gV@xWu5-rP6 zl33sVp#uGXTp@9UIvt8SCdwYni@HbZb9z=S@ak~K)9Hep#Vvag0sA|S2b3ou8&t82 z9S1c_ymdYC;?KYwS?9>=5!+3ZM+*Z@4&uhh?p@DXVI7U33tIAV<3^}0_y+cdAitZE zM08FwZF3g#q=0A&%4hlkPRr3aexkIdUS1=nT|1$K*%hdB~X`0eEV zL`J=4+8g6-pJl0b*|kljeqDj6X4GQXqQG=+FGY3}@^s#hlP{unI4!F8!SxEtGmBiy z4Hwf+il~RUmdcAY;Mk*!{G^9H4^}IR-3wb7HO4eFzTuRB3%lR~1FEPJM1qbU;V-o+rg%R8q1UHg|tU!J+%9vhy}X_e3?R zt!s|~l-(cQI5F%g&>l1(WErkNao4O`pajU>l19VwGN^ z;pyuUtuwJP0cSE=GHVj|O>$XAdg*Uid~|&yP`@v!6OHOXs6Innkm&3EYq|%k%mHev z`STf>?M^Y-%Z}W)N9;V9-PGoAl^2-x0dZnRTp@u$mte9t9FCbt4>Px&=YkbR9^3EA zksThYHGMD)oWqx_v-KIf&n?~x=zeqNZ$)X9J3;O8gIzi~np#JDncgw3NWFCnRE5yT zeSP6ZtmyHj4swUQ!Eu=NnNw~4n1p?c%;@U_Igy5W^A&C}sYg@?5t`~>?A@iob%_=0 zBV%Y~#Oa#q*w?M88hoJ%Q1L$K3#8(gq0}CAECVj~{-_@q03|9JZgxj;2>KlXVw7)RfoM z`B#DKRD=-VZ^{7@N@(_jP`xWWh4quJ{d3DA92%_h3h(ZRzVBEt_FQy=@Z)_+$2~2x z)10Q?QqzYHScl|YI}t!w_1XcnP3K6jV&>3Qej~rzW$;JjNA!?S52yvP)wG&M*ZQ)? zpO<;!uME5my|ku9_JsyQg}K;N!c6}Foo1)o zwjt;A(TZK^Yg&D)d=@IoPTLHUa@zu`h5@!axwA!NLs8V->=1mk>!C`^6BjA^CEm^J z@ZvA4;5*SeA;WEMQnOx)#!)!loF)TI>Geb=$PQiI?R)r&8Zs8l8k5J%1v`#*9>yFp z+n|0M(rtXTgyT(7=H%9%gmSZB9@Uu*?TLgk6$6dPH-qmxVl!dq5|h&V z3aXanzdChZf4tTC>9^TD68!k}0L1iF>o?`E@pM1ZdRxOf^S*Tbum%zJBITakoi^Tq z>_n4K7b%7u)QYBMN!g9`z;fn}g$^)(V-fqLhF{fh<1@G8_=NJCwWsyaTpRF`z`z9i z|M-zdAE0?}>;c;9Wcyj5;GerZzq1N3ciZ0T0Cg)X1B3tDR;UcKu9a2P_%!1*O1MD4 zSr0f!prP>VRtiI{W-$U>(_$ECna>U1rg~0uYRiN=p9dqaEcUBfM5UFy&IE_@g&Re+ zUty~qtj|v!m^=PzEI?kY3N)bBQXhI~KNr#PQ>n?V%6&+$tT4Due)!Ky5<(viS2y^i0TGDepPU?)f;jg}?eR_{h}b-}Gnn zd^N*hwDW1kf~&=+ytYk#<|+Zp8%0lT7ygDIJ<30=O?$ccLc8p@u$tczf!Nha0M|?a znn=!=)sGhllJ)0q)-Sscj(1;Z`wyRMQ&~lxdJ!OeztH%5XJf%OcI^Y0<(Ga#IqtBp zZ5rs|*V}maD)>?z>3ga){YJzS6C`0fJ<~r&+h;~q`+DlY`BDGcAUBn`DBkJoZY&~c zDBq1^t1og=BLT+%bi z)GhydQdI(sIRN3b*q0>wr%vN}kNke>H@c|p&h)Q?_5a)NuUNOtYrm3CZ@H7S50q?Z zl>I*UfI$TIA2z)raiJW)lw+TTq_R)vp zhNJ&M*EEpu50@xP4qjpa+W#MnLo}FIe(AscBJcnE#m~g9mE8FolN$|ap8xMuS6FZV zLx&Umg1vf^;MJ|i!9U)|gSRbw%J$Ij^p<3~6fsVz$-~ND8VH@H+S6MZ7XqWUQGX2l z?4MvR%%ykfa2l^N>R{^Tprjf<(l7^jF-*3E>gINcQ0Vusel_Y7ct(heIgwsj10;OF zD}}d--7B<)+ER_}VdHU@Q>z~p{0N4j9OR|`X%JUMh`th~)>?vJEUIX)u5dRP>_Za_ zhPkw|f}|B%52yO#7Y3C|nw!6D0X)a|*aQ5OTqgXI-0Eu9T~fO+agw1ERBjKx`Vt9H z*CWYd(75UsY3^x)@?;%1;JG$@arzq5G{XQ|I#RLf!e}`D1eG3h!k~Jc>=*y;%umDD zCa=u5>aA!V@2aHip*sgEoLoa+TzNBXx=Etht@$12SHcvFCqd`sjiWH!I-UN=HJOHRnut_1MDWRlk zOni-(SMyoFiE4@|h3>t=1YCbI4)w^9Tze5Slo0?SL`V9ch5Idb=UKT|m-|Cl-msfl zm%u2@CVFe)A((S+`)8u z1&Dk}$jw0z%Mj+yvH#>4we1SktOnASKc;EmI*l0$CsvHmG9h zC2%+q^s8?YN=(wT=xygg7vbKIPbx>krOlMiYSHh>=6yGjcRBkG;!+u)f$4yAaF__! zoKEMbR?HhFaU!j4;DxnTX%^&sCsUTyX_LwyUb40wCe!Ux&!ANw)R_}NmBv}fZSvRm z#-%#w`qcqeF%S`&OVCf{3|_`K`MI|;C43;(dhuhKnvdadgFT|mRTen&gdFH{LxI+G zZB{JkKD{>_4tI{E8>@cHzfVk=1jbC_pQ_;WL)s`P5E} z{==ZfXx4m-T*HkL$HMf`^3B%0;x?-(pX$~6yixBP+>(XY+O=8}${h9_lUlB#WU{f*&+Q#_cU5?r; zVQVp8GXg`UNN&SoQa?j3dLp|qEUk#n;;yRYr@IYz^PbHlHli2K>F7FO7p=GFk`lp~Rtz8p}-+o;og4PDLLnoIbNo=U`L#bt~F%hbMTb_AZkP5r&-Zn*l~H+y3kEVFoL#(x0(t2^{fP|YIolI>h%yAC-eb^ce;HSz5Uib zTV#_#CaB`YrJ4>&EkYJt`LDMz9v2U*EzHO9Ph@`cZMb7H!Ooo+xyVAJbq9v|je_M$%s<{|x)UIz%)l zrN(Y+iFU111{H0&yLav^4ib8kF$sbbv4W2gjjp zXI*!srg=QHadM0#{0hge)2+#v?6R&LDV*%;nIt!v;POtYQ&eoXSx%ob?)9EUFh_&+ zHQucMKDsfbES1O`Y!Rt70@+S*LziTAHy$?fO|73$U(VIdKv&*SJ*+DdqX7ob*Cw@W zrJHj#+LgF9v1RUPN{chwFpPbq!S*)CBEkDk#34kov2T(WOPW?BJvi&6r4kbwEASqy z+-mgvozui{nw9B>y>Ka&4#l__Wgv%1`Ev!CxuFFjqw0p{T4CvK3`K5XCET@fcXt(s z<{S2yVAgwEn=W4TGwBg;NJ0jJr%YMna~!mEEnCVodH+z@TTrEY6Gg1ilN&57+kwfY z5kR>mdAVwkYF+N|BMrgxzdgHBGwj(JAQ$NFXFf^eq-=+anZhN{dT`CUJ&?o=GHC@P zq~l-|e49a7^%i>_U#8(@v|Zttd=BBp%*A+<9F(DCjdQ2T5F>a;@f{F|vY+`>n3|RM zaHg^6pfVDVR#44!7J8{>0TN`oXw#+uQ5TFVW%RW@ls;XMHRy z!kf@w#sELG54~&Z`vvQ8KSTrNpUGJjR(uoW!Y$L1M7?W8}}^CV^{{)DF> z-r>0YXlb$>(Wn3Dka&@{`}RoIa3)90G%w91$FiE*n>6QtzVPmmjIhksH0kZx<4cCd zCdOqtJj@x$O_pYCdX?QLGECbDIKI?9kXVj*yraoD?>eFba>(N#SaD;DB7rk5hEBSvZ=7ILNAA+%a{zrcU&53;k#v_ zuq;23qay2hw^v`84Z;Y1ii`h2D3&AU~B)~06Z?K0&KceE|vCL15*^iHZMMy^XQ%?mlD&DcYfc?5tr zoOo}H4-7HSL^fs%gLRjg^EMTUKCGJ2$*F(aexPwTIIG50n~~(4Oq@_Dc%>`159TK@ zOewhXC?=vDqG(haF=<_>7$6^SpA6aJ5|oFQ0ZhG9GU|(?lK8!eJh~Kmn$tU^mT#{+ zz3V52*+rzQL8eFu`P{;LS@@oa$SDo1ikcC-SrOgavg?C)378l6M5yt*!pGRg*MoI*C~GM+o$2k>EdKlW+VNDIbm+}chE@~s z;;EoywY!vIYs7LMU8feEClqC9SZ4XYWUqp00IcM?7R7zO;bB8xSxsnM3diL=$RdvP zrz`qt@_;+G9iMAyZq}7RmM_*0)Q3RI^jv5&#K(`?q&ygr%MIUA&;G&WLnNtaI!Qat zNF12UNkQH4%Lj?l#EAkTWeYIYE)=tkmn`*{+ex5b-d+-L8nnkF?L&e7^Qc6pdZp5dA9$@>*E-*~<8iYDp?}92z-93Q!_WJc2;Fd-ir3Mq0^m0=&2A{n+IwekWTc4T5sPu`Qr5PBR6T_LB^TVLs2{rAAP?IIJ-P zWGTwMKhFv4&O4W^PZ@nkyxIi5&Bg!oC=L7wP1*mdM3lN>=g2QP`f9zL=0FSpx!h}L z4!;8ZQg>|wS$fydk$qi*by_mE^8c)QU%%K!eKAy;#p|eP(vOw&>rbxK2ma-6uT%&= zmkPfNc0TtC{(pTj|91{2fAXook_Xx7$UplE>XmhY^2hFg4?zNK-guZ9bYTp|*|#){ z3Uf!0tm*?lH3qVQg2S?<|AmgNR zrt;&^NHA9JRvw$*c%@V6!gv)YkMw!r>8tzXGhRX>1N}=$$f~$Dx3tNdPHf=+b%%ba zqvzBRKzKnx`GL(naG^VlC2;O(eSGbwf&Pcx5YeS+rR4|bjZatp%kuWPxL=X*f5%wA z&`YVgU$Go&_9)Y5X*$hLe)5L?0iKPn4DyRaeTme?Q76v8+KHNaM%xcp`s*bEpp&5V zQ|9wVg`Pcx*WUyBTrh-9LW$hk->SP@X!zlNe0A}8*+=j9NbI*IXL7Q)`1MYQ4k=P9 z>wEnsY^3?y4GfOFdo=w@6j?Jr(l2WFQM=MRh?~n?@5f2O7d3iQQz=vsU`AA~Ma`fAV9obRb9_30?GwRtosRkAVW1xKN+D)hIR7^GO2#wV7L=Y@Hp&sgi}#jDFICL4H~6m~lAJ^)gemHyd36z2{| zNilgPq!%I4g|Z*t$2L{3OP#uvcgt`xpmuRqG>I;xwx7LTX^Ei3(I^n;|Axi~o78KZ ze6h=={*F_!VKRL1PQAqo3nzA`G{nU_GPNI@9ed|HQ5^2@CaV|ON+dbF9_6S57SVCK z^+IHK*(ZmHkB$8%CB7!mVZjhcud0flX#TqoZIJzhWwqIo(}!AQg|r`M!JjQ z5LkHK_(GL#tQ==s?*RU#-$mcg63zvN4B0M@m~l4p`<zn54i7xC)t{T_jQ-9D9pajl0O^8EZ{Yo+hkIK>!p!9G&QKe zsJ@?PV^*MpJ}r38F+9kbyIqR8cj+O@?Y8%$#WAa?2=7}=*B-o*tKtn|hLO8)k8*tm zMC~k6PpT}to;S0FJHi7tGCN7?{EJMAP<0#blZlvpllK~ivuVn$W3-!lGIdZzZg(`& z$WW1+uA|}dDQTv5Wv)Hkn>q$nB&o}}4>xe(eS~N~c>U3I%0!RIx$vtGUQD{UZwjXj zNCd*+!a3fx3;6o@8gkB5@+K~hf03>0;dxi+4KXZVw++G&VlVS zd6{Rr#-{5?ZjNcPZwV@c8n|(vAf%&*>IPNW-M|zw{%5^__bxk>?D^sm$!4N!#Lgyg zHrJ7q%-G21eI9;);3@O5;vVo~Mw7T`4OlLl(x-PU8t1}${>8q0s9C^Ia15md1_09~ zpY9PJ0R|FE=>4Y!?*Q z7w`68$aaa6X2CRE&iq5AOFn-bnm%}mdy6Y%w1N;(FR|1w!4c{6Oei!fQm)Wv!mrQj z(a;mduxV+$y5V+}aC$JlQf~v_6V3mxwl@!lx((lll~55XOAi^eAZv>~YZ5A3_Pvtq z#?BaHlB5WgqU>9C#=ei?5sDbQtYe9>YiwhNG4DN|-*LRh@gBeT`+NU+??0ZWKg@Q2 z?)zHK^SrJLE_g9u!mI6Dg01C*|G0aWg<8q~9$x;Bp#}}EwH1A_+?c(#*IM}Z*dLdAWM>@C&l~`o3|gIG>QU|AcKS)| zgJ7cjNz0BTk9ue6%RfH+&(RR$5;*vG%Dm>PZWs@k=~RWi_Ea&Yr(+ zbZ{Vd%#bDrzhf!C7us8pBq{2*U$KXavGKaEaHJI6HCs}r85g&;r#dY28DEdK!bam( zr-O^zSm7*xtV+H7pI(iwd;gl4*~lbv{%QZ;L*}&LfEN9RWkJVRf*JLZ5?*0` zib?TW`RNtI-)3cY;qVmCy>O}EC$LNNv}-xn-V9LKnS%2)13zO)fW?Q`1Re9BNkwMj{)WZB}3Y=ovZWmRv_7BLV5qU`P7A8GOd& zsdZorg9E)_bmA$?oZUCQq;s}gi6b0Lkif?ZwkhH~B(MK5&TLK(1_w`!c^|%7rUl#M zm!Y?%l1CEYr|%l7MjnVx6zcpPP^Anwc-i9CF~H8+91QAHjA5ht2jBHMh>dvVDEP!2 z#6i$*gfa}Jn2xFiw(?FHNM@CIv3Ju084SraMj?X!fm}k zXS{dMPt|$;AAVDwPH6`Shp-U70&UGhr;FcH=^_tN(500ttr&74roPU=j#7=h+x<#) zzd}{amJn(7sp|nR6YVZA5dz0r)!@oXe+1dC5g+eGfbZswqO%F;4Q1j&g7M%9-KU9P zI=~ z@(%XzJm><4-uoM&YJGr59^##bOSS)JFL&XUl}Ft-rMn*znWTdHq9Q@CoE0^of4f+G zS}RLUwS#(Dk-Nq2pv~@61fz=!KftT;ih=lxo!Q?h1{w6y%!$*9P{l1IA;=xHp zqBLGrh+-C8K<=(6akqv+d*Q`s$RJF9ikFnB8ocd=W5 ztL=ZbRipbvB$YV3m=!C@M#$PaxpQ5gAV~M{SFQAYA*CrG()~8OkZ}#T_mUK%v>h<(_b@Wz zyu|&Id)TwY3Fpp=G>Y5)fpt}F-B%8GWCJdYnU00CoBo+@$2#?ou&TxSsq{;fLOaUx zCcCntv3}K)=}g9dpG5GPy46hjCo%6?_C(no%+7*xz}|)9$SV?L+*T@4JY*>$BtLL7 zF3lR!zBq|bvy)|+`bPnu>`lL9fekYCqID+R0@WH!L~yzyC;i8ZCp6R|gh4NczUy!D zywZi#Nfn6<;2>Gv(+!iJhn(C92~ZG{uoBjva!9ZNQ`jb}_VzkdRT6c?U+!la(&PyL z58mBjG|#}=rXy!IgB8CN`J4@;sB+Y``|-EOJiM^Sl;tLT?&Yg=aPXP>583#1%lLa3 z8~AViHqIV-0-fB5Dl*+x^2D-fMtJ&T#oCnFoUa^TWCpvk2C^Lyxfi?RP|R$47^^5P z`6+*of)1HwDIf1|S6`Lz+@={8#{tGZ4gSsdvsEaVF6<3ICuL_VE_Ltw=Chy9WvaT# zCrHGQ4Ps=gtcN)7Npd_UbL-6Ft8UT$mE_Z)=*`K34Y8;Z)yk$CywTYH6tn4S@ZzbA^KE~$WE9XG@==aI$Zn;l|7CBGTtyHhd zEy=Z-YWnM2&-7IO|X!5OoW85*{KX{^`i+Aep>*9rHoE51fS(*5nedXF( z+*0FQ;`x$m8KgILhH)&-E?KY_MN735vi-sa^>8D~483g9_ER{`I@M=7Wh2N4OfDqrcFE6e4|FM?-F6pC*=R;I7nJ?YBGzgV zcrgUtwiYS4MctFEWaJdAElE$|+X1~U{F*T@I~l`@+_u8(ShZ0PanuG7ctQ*hex@Dh z5NbP=OZN5=LKGO5uk}Kt<(Jvq$WkVq4f{pH}modVc|&Sl7uMqpJpO^9{rYrMo{ zuW0eByN&C&#)P8gb2lzK+v~I;YamNss?Kn9eRY_zL*WCHrTsQSbv1*~5p+WfraXv{ zdc4V`t8`3LZ$LjDQDyNtq`frYT&a>1M8MUK+@H`1f&qF%&6ojwRkYjbJlJ*jej$yz zce@N!&vGhumsXsUvjr&(b6=H5uLc{PVMY^lBcubm5*D3 zT4N#h3XjZuzsmY)_9tik`_U?4=b3Uxtlb~E_@s|q9G5+$qAQ#8FfE^aLq6{qJh350 zfh4UmOZHgolXd%%*eeUORk{t-oAy z?L*T&4x(kE&=T(DQYtGU{J5<>4LcTaJ<9C2&M*GGP1ewhm^ZvEz{>aM5l9USM%t)5 zsKjGqSu@S_Y~ql^zY*Ny9u4lJ@&=b@1leHPFcAS6UdhJ4|89aNtQ{{-@6@NU+GTh7 z0aW0mZ{6;3gBu{&7un2>4qe7N`v|z7%T_hZau9QYEYh2)y0R!14Lq>j{J80P-$kHt zQBz9Pqkbu;@7>eXe$~!?ny%|uuT2ok9~S~9NdA=tLQEXg6cZ{9milw{Vul7QwW1yc zG(t5s>50L~BTv)|!ZpyWl@W!k)NCIk=XZt^$qN_$EXmy%7>Q?ndv5EF*NH+&TV?|J z&B#L>{Kg_e2oeR|rl%Ch3iK~%j9HsatoS^d^-<)36BIgAS(;}-S=O*|HjWCziV;2y(8BUr9Xmp?hQr|A&ef&1z+Lh92jeTKoqacn@?t)uIg9ea2bdh7Rnwuq@u~ z*r@ya?<_hgB<4H>s-hLzV|KkQ^+bta?Wgy)z#Y_=B7X z--VU)4~A#Xr|o^8rTxe0-VOaFeiLV!9$WlQa8?C&aBa9DPkJp!CCVUuS)VM?St+1c zsBx)QLm(S_^=i{MlQX476I(XOG!r}CA*eL5N=vU%a?UIBeG6P-dZ{X7tiq`4$j>*YLL2fZ?$IUu05tcW9-~bY@OV1i%q)k}<x=zsyh4{)bYu5TPeoj22F< zbXKBbba`78`=l47C^pX6f84K_L`C>T_`k^v?*=kY2%dx@~>U+X!2i2Hmtcy50mQ$;AzV{KH3+w#;Mxz5W;Ma!%9(w7V$(I*R7} z+Z~g=?!js^x^-V>pJG?gr?$`k+;I*QpkR0yTuxdC{k+FA4wtm8vU4m|5=8L8~q)cpxO7Zf=@9w|m$N{fuO z_R@rnzfoB<-sX=gL0NN!=XVq3R9#6y7ZI-bEPjfUfblX9%d&S~X`r6u(F~~Q zZzv63UURjxO1_~eZeVjc{Z|7HJ&)_djwK23&?!2$&=BIiMJ<&_T(~OXR_ELl)8xOe zNn)=0||vY@}F;2v(P!N7Z6t50BDS;I zI#hSdX3z6e1M8j?y?(RchC=U(j%eVjO|s@o8rFHbmtC9`pX4uGrCfdtX}ceA(dXN` zr<5+z*Yn4TqJq5~LmAL%qM&a-aMdr}XEYn7O0-346s2=B1-7!)% zp`|sVfII>Ie8&o7lI-1i&0$VpSHAWyK;Jr44+&Ol5HLV$55pRrv9GcMynRQ>f|~T% z&ettDiv}7lFY+?ZCTI>`$U987&2h4z`NK#WJYP#*E{uvr9?Z>evMT*;E{7d~5NvP| z=T=}<8uoT;Fv^KTPjoO8Yxm>XxPy(Y*b~HVgxR0i^Flc@8oU=|N76mJ-~QHB)Ez&M zHp!YSq1D>_dVQEW;@{LXktMaAU4Yyl(bU{umQ|M-@)7=Ku~GeRP!^94d2j6et#*sa zs6?q-8K-DL{H-+7LsCx8Lg+60?*iCko)ew$Sv&yrFyW}yJrMvgt6T@JG=T#Ij2Od% z#n?lqua(mqo3}Arw;c$|JWQg~E7nXXBxNOvmWa@>8avRYCz|n&xKRT2080%f2qQOz z=XKu6*aDa`P>_?VuSEDh3wQ$GI@>;$H`%%`Yb7Zbecmd765>cB59W3*;sYAz_}aG8 zs0XuOvBA#?@05w+Y*yJhKWQA=yXSs{r>GZ|0=aW9!Wc8nf&SSq` z`s?c9Tn9ZL;-Y2|`q73o=&d4aE#zv4G6@`d$=0*=QBc?b2Jhwv-X=EMEjv z-9LtDxWH^XFH{_t>?@xkhhEZkcw!Cb0@?NjnNyh-rKD#a8wlt>oDP@B)CK?#Z=U$o zuv-4W;y0>E$25w%tXEje9~~w#A?9+QhRr#I&7=a{>v#Dj#ZP@w)J>@bVPln*qKZz3 zrR?_lv|Vrc#q=;)satv>$tp2X9$9Esm7SmZTxo~fxm`~BXJjmPM;+6=vGgg@7IP!D zG)OJ_xxfE*F&yzG8-DUTQ&RiPLe8}zA+@nOvQkw&tT zzUEgZ^*Ux^95iRWmNUm!3^d1X&-tY7TN6gHA=Pf@oTSb~Yr-LU8buDSkfC==VN-iq z^bkC2FO#O9&B{jzy%HwV)Q+vlsz)-An8x;&KLOX=TI$a|jK zG0mJo0^Dv9g4lqQU>nGKxu+wXY7W^{7p6)OuLF#nmzVK_6Hg;GGph6a^}@61Q1VLf z3DK#JBy-Ev*t8AA2AmrSEWqb3!C4#L-Rupv-wl2xa!{Kxwx3G6<`~*SsDg zQ@+4?^8#FTw&)gCoQA5&%AHB%VR9Il&WwtTnxY4@$cB# zCRU^DR<d3rbvJuix4Z2Jw0o;_9Q(gboZu#uU*Qtd4%$#5hL7YtXx{< zdz1zTWf^to0{fEYB$=0o0mw}}7+tn^e@t3CYm0sHuexv(A^Jbo5Dz?kI}jaH(?F^! zPGdgZnvi}Z=ZabTq|Kj&C`mSx?Do(^F|rvnRgq)BCv_{i9QK!nyjkM_E9)m6=PJBm zj5m#7c5&fwVmm%*2JNg@Jwv00!TR-aS-*_&c?p`;Tn|@$Nel#k-M*~|ogPDSS5QHc@Ysho$Gi>Oe1%esq ztI|-#9BcBIv*^)f6~$v^kpK0#euVR!D1Z+k{_$^Es}|!um7GkQ{B-?-Vh$BpADd*q zVT(2e8qh!tO=Rj5*G^(gunltd8g)qE1Z19`#evy*0g2zasvwl0`W{*OHX1(W4FfpN z?!~}4UYz+VhI;5=XoI%_y(HhXx3p~_k)v0Kc*khOfLlnBwDZ;-Qkd#q*zBJ;eMzi? zLCrxS3b@GKG1o5eycmJuq&|{mS1EP2kqKD?BFYyahKakm(yK|`LLOp^A!hbZ<)r?5 zN-Q7rN{ghJ3%{nfs}DB%*18Wh_JRhp7v6#7vRFK@F!XOs4F-J>4=#-F&%7t>hI4B0 zi%x7WX|DW;Ws8wvouw)&^%r!_kUw+$`{sl` zT_T8~?7K9$DByDVkJj$Z+a1o&CIGN6(rz!@PK3?gH*J3+cY^tj@U!8WkJ4Og8Gk!l z*`zj5$}9!3SzCg6UY?Ylkp$f^UT9<4UIHrko11K2Uxv_I&9>ROy@JWKWP8@tZr_sd6$nz4bjtm^$3O)Sc$%yx+q6=fwhf?h-~v=K(ozx#&1lQq zbc|P!=cM8#CbBw>CTrbUJYa&xqS++toqXm55}6X*BO{5TsZfw@*hicU+T*7fdhN|b zBs9q9TL9+NxN#(v(K*wZoq@8A7x@c43@{q>)ZXCldUx-xG}EBd-n2u)=k6FHPyozN zv029KJ{F-;_Bx_yB=)=lt8d^X8P>xcJ8IQ0ZeZd!OCLr+K+-&cSE+G>EOvu7Y<$O^ zL2Eq`oIEYk0@0|$_Gj?K4j!#h)&nr*3%Qp)^A=u*fVt2DZIF`yuClf81rr2Zcou(C z6-Po@q1ksDcOU)+2(LsnKzKLL+!YoYt~uCoM@*{lFoIGX^qI^>yU7(b21@avDrg@D zhlnUH5wgF#&+U#i2%xQ1SCrUBYyxaZ_wvwZe18iTH}IUY+_)U8R6Y^+1P2f~{f`HW zfU??T*F3_Wnk<%snXrNFw>sz0Lo~VSyP)$N}4YQxO-s`(>{K1a7lerC>U+M~*2X zBpNUEADg+T!Ec%RKoGIzMw2vw^*)IvmU2LBe6f$Y7F%uT&Lu+LTz!3px6|?;verC% zm{+&Vh}+PGBPqqYx+lQIIF8^DdO&*Hmb5p|^OFtg@GTLt6g%qjO_>WEGG{J152OQ9 z{q~6ZD#GAUDFen%y;nd*0W@77YN^lnQ5(*?`1dZrSE;r%ZbY1y=?M5+h}e~v|JzJ2 zm!_c}9cJS{`t3K6#zaQ*%6Uu`PSa|~I(qg&4M?}?2%l&3v8++B&CNxV2;yWLu;@3) zU_J`nUBBwNSk$O0P~K=2L%q%geWg8;CzkK zB&?J^W0pd%PBs-s-A86wOeK~Kto7e}saVn2a$L>UH%~F8V}W*WD~`pRm%*sp1f*XnC4%zfK$IZfOg_ zRFfw>cwAFzW7`#+Sse-W{kG*~-T-A(m}c+BL!TWuh6tAiTIl9_XI?ECHOiT6OpEc~ z5!_ui`0v(88u@HRkr=(|BIH!3xcmm96`R{(^KC8M0yMF)b)xT*Igxobox2qNq$Zl@ zRGGMD_}@Sl#DMMOPbWq&J9AwjJh?{_ zLB2ksz>OyuP>+&qhS@$m6G1D*Z8aFmT6te)=39vVRsmX~vS-YG8kRK0QdJWw+wV8~ zr(wO`b$i??M@Ung2{hwCQ&+aS5sW!r8lXIqEWb-?(okET@=$ zxvRK7wr3{aVKGX>vc%S;-!!#OcGl{II|KjwP%ZY6K6@xz2T~U#& z=fL?8sJdR!VcODXE?MS4gb$0`WlnSOB`(IL9XtccKyc39tltPHEj_fR3A1pGx!^Tp zVQRepF83^daYq61NF+@XB)<*B6=>E};CYhRjIv3`=~&DxKT&|cTicA?s5Hn0;m^G{ zSVP3~ocJ=>doD}PH5g3>8RWZ``1`?Sj|x!+y>5pch28|(7}BTc5GX*FUQ_&$9GN>c zStU?1qHROf<95_SOE#XR8+2U&uDgGQYnIfE#xYu94p1WVj`bI{Yt@N|gxy80~XI{$kHTq)dCe7aJWt^M* z*J2+K#^y~+`Rpj6myz3J(?%^#?;=TAFPnIn9WBQ8D) zp*O;n0J#XiMI((=fHKitD5*@B&sXEdeJ|m9kWdC=uYp$RIjaZu*NjF;rb<pfoggCQq#Ng55 zT73Y9zDP^@tgn1JHe|QLfnbY2(~BkVX6ijG>dGuj&&0^Ge)eSx>xT1)WUX8-aZY#0 zcg|ofNMumFSJlLq|2nijUGY>ot1buppNWwDHHQH;`=L`G{C;0e8J`A}lSJ&PqV`a| zn1f`zQf}aOPIM0~wwu?<9C`-S_EsGDF%GqXS$oUB$;N+**6Y$2-v_K;JRNtsTsQXH z>)ON#XD?Y+VQJ9By8XItpX|bo^;`J{ymMZfeJ(B1?OD{qJ`^UY-|rn-bNTy0E-^oe z8t6s|+3}eGGoW|+9XxE8LppTlyc0vHga+uAwO^MG-UM#EjNgVONA3)AUwhuC)Qg~L z$-G(ouocy)!acsWT}hH?XBk4Tv=w`2~8{_5AnyO%_0lM92h8iHVt23~1E@x5sKfZFEDC}D+ z)a=q>7_A3AhwC~F1vlU72R|kGBrT|OT+N+~N>@w(!@(wUq8a2IhxXg*ot3xcK9=}+ zVOn!YW(8Yk+bmOz<+RNR_fveePqb6?eVzG@qG34eJ5KCc?cCB{qi?>tq}ek14FUs=kbJz`8;Dsp^jA{WC?(anar23;(Ug*S!kU`=v^(zXMvB)*R*?*@gS zW>d!rdtjSCP6;E{rO{v{5Do;6l1a~}Kr9^}e#kXAb-_hwQAC1J^C?rAE8c5^C6P%? zsOd(o$7m(*eAgXbn=vPo4|ZqHbIzj<{|I+!oLQo}FlI;7Y4X|z(Hj`4^$EVNY{_0s z2IN4VVS1~)W`$Z`Dr5bcE=WQ~J$vnK4rjWewy>(0BQ_k(awL4yy6APcuCL(ui>VjB zm!5G7PXXC-e8j{1aw5m*x-#;wD@NDP-!-hW{KDegr(hgaXtG{r9eU$4mxwTB&Cu+E zdzRwv1y?_tr%Kr1g_qt_!eu0Nc~PW>)@&xnAcqykselDSGf_hY(Mzlj)m|el(ig`QA8bV&GLr$ zA&PJ>3vAZo&(8X+YcO_v6dC|n4Zdf<6nilt|FXWahQVuA4yt=CY@N}voK%xRGj+R& zGeKQBjqm|%0&-DfKI84|iHg_&$KE*d>42y~t#ui=l24e+!XKLkddRZ6wN9i05N*+reM9 zt^Fnt{R$6}+=xTlZ|gFn9X^#Fqxs7Rxd}tvPlEXQ3PcuS+QD8m4;xFplX5eoHt{Kf zUAot?d_SNN@FvCgc#{;;4gw**PFWiv#0Cc=kTN5nG*#)52$t_pTYpL=Rnx^_Td$x*e2KSf1l^ElWv)?ulX9Ly>nyPRt%w}m9%iJ)-P>4*aus@ z(`VWP3u9G(ij6X*l@2 zJKKbBlB4p9#r)b(a__akIUYD2;Y0AUm3I~;I?7!NiX89%LPPhvx<7Ua`Y4QZv zJJ3IvPLot)b8$&CLdvrGGP+mE+-nRdt53LlwiD{C!4Oc)UKB2$|MpI`UoxQzdd z)Ui}XyzGfh*Wk+E1EdEMb6`dtsXH$TD1l7_ZNRV#caASBy2~&7D?a;}iRR;=Yj%m8 zb)FPN7G!=&;ChuMvKX0MvdCjC==Vsyx_+X%?XbF={;TgplA@o_S1!B4wxvMvN#T-0 zmGw%WM*$YRaglX#i$t$}9brzIB)Dt-?pTk*Kz+O7PIS1UaosC8y7X; zo3>q7bfdlIaDNYdf57$Iice*C?L@tPP*dAZeJra9M{HaS8=ZHy)Wc=OfTq?t1LaoD z4IjGeZ>Q|HYu?BF$@ICn2)(Rn*FOyZSx&1%vIcUTd1f{K0v8b{{a1l!2Q_t>CQV5+ z(d%YY-(v$)il;Um-Qd@1Iv$42%D~0b5$=)X5>I(&rS-Dq$lVP0Fv0H^a<28tP6|h& zf>tZF#hh=*qHSE1eQvHPM(DInIJYTQAwpz|U5gyY9ZY1Das5vz*?9ji+i))-uni;f zcA(H_XBYlCXWt(YQ$pNPSt2czr0ps&&_$(7DK4W6PuyH7K3uF|X)aw- z){KCgbsO20lr(8A-b5cJ?Cj`m(G@$fF(Cdf(Hlx}A~Q!L3Prp3@0jS;#O}C(y8jvvg3{nb z+t1LQfG2rLR$u)mv%3+qb=*sHL{VLa!wVxpX<6l|M?uNJMp3;u-4C4sFpe^(bV}c5 zdrEeNCO5QF&Y5~JKv?n=HsrOKZ`G!c$|UC=nhvZOqWXNXFQx1C?2>K6N3M0#Z(mAe zCLA}~7R=)w2ufset{m47E)^x0#&#Gi``>;>Yn#A+cg7$MMt+{8_dShkvk91eP5?gm z$RQ<{E2K=!9_uC)&Ze>6z6459wif11HsZJ#O^V*_FK&*Y*Zq<@-cO;HR4fxNg!Na$ z-b)&J3C|1(9v^_^i@h*S_{^nLI8x{EP*h(3HZ}8}fpx;6O0GL3dk&@YI#tfgX8aO# zpuQ&)CSX{E{GkE4DH{>x1TjuKk2tWsYO@aF8<~1v-4T4=V07WqPE+ba=y&@%95bEx zWlFbUv0UB{ewnv#z~e?##%5~;8~8pQ4xEr{oH>)!@vZE*6Bo*vle)vx?<(43F`Zfe zEclcqaR8TB_-f(U!g9Qo$LK*uyetm~ntd*;w0q{`aNIIeN#>o1dMdd(LC+~U=Gw=Q z3udjU=jdLP7{42E{J6h*zXB8_y<0ESGzv9o!-$BOW{o#I4dGz1VU?eLQU2ZnAan6-PIhZeA36!{lKV9nIa4GVeh8@K!tZAa}ZwGN2NI5=4|-TiPn_@{yK~?mCK`5=+u5nHcGs3uP~DPhIq5 zasZVORzqU5h+t(MqW7EU8kXa9@g{?ixgE}EWtn3Wu2-WIPX_TVhgiOjuUZCZF?&DT zZz6_DX`|^@j}YcE(4mNH+^r%S(Sqk%Tjt=Oa6bn%)i_C)ew(vP^=~NKyOdQ^O;yB} z3gxv=L4LES=&D)5Xr)qq%;nuTZ=mW89sPb%u%8dAMQ!gHs-BJ>nswkMFI39<0&j>! zZh3P?FVV`x3T?u(Ks$w#B@KE)oXO+AFioVCo~WkU^tl{UU0}z(VlxO%AvqR3pdi1@ z+Qy8M^wf}M5EqM_Ls06d55CZ^ATgBuFG~V(QO-(I2$b%{XfIC5kUM{!#I6-$u>I}l z9*a|)e6Gfz!0g5NV8e5DeK>vsPw#GMD$3#a=CLpR%#Yq`2-pC;ah}8pB%`^Uu_4=8QEN50 zreH6c%(qf1gxim0PWKPsI(HY?hPMs0M4y2Y59~F$%E9;ASsie|pA80Df6uW=GQA2M z4#+X242cFlx0eOI2API#PwXOOyhN6M!_~W7x8~2JM^_5IUw<379)8PR;~~~U8M6~^ zKS>2*1Z#^CqiDi=4OWW)-$fl6ZkkT68x>~q`&MWH|H2(8qqF@qt@hE*6BJijdrgNj z#Y;U!yvS$A<*2hq@ZZ;OERy?2;`YdTV9<{oS;Mf)!xF@!@AG1&ucp8xOq=-pO=fXn zM|PjPF&0KES(DVL;x7^!n(a?C9XqL=W^{kN-9&~a*n`<2>g3}&qmLn;{N_Bse;xr< zkPazED<#TYN0Pf=Ed0R!h$fy0D!Ut|7IEReoq-EiURd7wYb)U!Q|zBA8~FI|uFC#L z0$k_svwqY1eeprEEP0s!QBCGaL4;$pvY@SLT(~LOVUp{AW zCz4h8(=bOw{CPe3j6nQtoW=01h%o~I=;_fC)!Bl=5>Xm@9d9E`yz>^&nNmPE<$*em zR>*sBL3jfML13vh8M6<`{hF)Y8nTSdeE!l!xiDm6ugO@y9?UEFcK>`t-u(fyK1^ce zsrT#uq<^0})(NV^oLyfRav=K1K=#V_&Dygfhed-(io_K}{5q0nZE|LK22?g~nld0G4`Esn$dR+Q-avY0 z)K?<2eoEyUtx81})3>Cd0p0xXJ+N|%Ajy&u7<#!*Bi`A7 z&c-bRF_x!36S=ADg=-I(`F-%run*?o1G=6V_5D-=Nr%Y(ACEYBXYXJq<19Jv6nTpj zSw!>V-Ru9o=LN2mA7GHYq-O}$4M+MJ|Wf}f=3?84I{nJt~x(GDstpdx6E>~*F z?1IlE0M;+=Q9JXxuTYc?G#-7sd)MHyI{uFQYH920d1T^Z*xfS>GN-p&ZszB+_pLqU zu5`M-C=Vx3Xa4-}Yxc4Yy)<_1Gra7({ic44ckxe?BKf<@{;IvJ+N<{xeF>F5MRuSw zF6xLg8*@cTsNNkkkYBHzTV;Maw&Pw9ND%G<#n(5J|SyF1beyP5gKD%3dF<2#i0by zUhoSuVlfY%!DK( z4A|-L3ik4Sbe7@l2`_JNUoS6T4(o&S7jM^(3Z_3+Z#k`*5c$vXw+5wQRvj#?d^df4 z7vE=SFh;Nv_Ur$oY>Ls+ zNcgm{@Hc-9oWLGF<{Y%vT!;Knx@S}LRpHZAvbI%ESrPNCEk9Q7cuBJbO`pEa3P)^D z>W9Lv*<)fET-?hg;hzTDxY0ih=A(@2I*fgGtaP1(Mvu6~GXM%(zP4dQ<-pb4Xqp%>vCt zhK)*Mis%g_1e(1onUCe8-(UARyJI2iczRnU%6702)ui|}_XmEO?Bf!1`S$JY1&u4+ z>+6#Zxo|i<4)3-gc`LSVT^v%%850|e<>u?3nVBIyZSCpNBc8(iD&H|g8^-Pf83q>j zt0S6QBMH8bOFMw5ZgkwJk%W$dLeG|%2B z<7v7Vx^ZnUQB7o*^3N-QEEI4{bcJra|NJS`X^&A^sT#7Nb0-y9r*Ri1)kmSx0;Scg z_v@JRC@gO3YL;$waDlA|Hi*)fMy_Z0xL;DwQ@waClpe1+ph}hAZoNi&dOi+Sn{-kC z10>T*{Jsu!reS4Wk~fX(G%F7q{mW)R)fYdDQq7JoV=WBER+)FIx$&lC_n!3J(7RYv z`TWmX9yVg933ly|E9zl?wLRY1qVc!VKONg4BXdFLN$xOlA_Qrovb6(gkQ)L-zt^F~ zt*U_I+1A^paa5BHpQ7xx&k{Yi9L@1;*_Idn9^Oo8qaW7eVlKxnv_`N&SKa8{1N_qc z8+v;oIf%(EvG#Gk`RRQB=_H?XW1-&VHR9KGxg^I&;;sL&jJsav0C}-yy#LMdLwdD# zozul6DiO3pNNECRDi;*3_B@`wh2HEGn?zX+EsQ?(H6=aljTxxPn8ME7oE$XSle5?$ zq>eGS6-;F#*MBb|Ni(Iv`pvSUk!|8_#We=}^vNG$SrxGUFI7=;V3Vs@SHRY=Lc_gFJ^pBq?imgif z>oFO+mHc&qAODrscKGwD5a%ja?qg%O=^st5!!`2*4&*xvTZzG^~YnVu^J06 zb zYmF-4l5*|t?$%2g^jFK;2IsNGxueBuxe!d>8y%i{A5f~IYdm=5HdJaA_D>9}SD#;2 zem(wtZEYMbX##5^rbb1HVwWCv4iX>XD%?NP<+yU6@D{v>eqB9R+t{>g8vvgdJ!qW5 zXT}A)+rUz8vj@#->3np-QL85>C%1^X)x!FzEJ6pmWTvV;+N=O)2>@{nrZ2|VJ;CpXAMenU!nMf^8I>;0D`-OU6=!s3^~BuU1FzAh1_ajGmAJdX5cQbwqUr

>=o|`&`BDzwT^BO?e4^j^VzepavlGe{GH&Y{;3yx3*QSJU4&StXoeEskaZ+ zoeOWIP$(@CxhCc!^rm(~Mq?u}&dfb)E7->I6Ws;MpQ>!<##_zSeoE?8>@Ori^)@CO zMpB$GZcI!}VZ>LkWt(VR*VKXAX|P+L6{Sf%DYqx(&gvxAkkeHPciC50q}M#6lO!W9 z?FwCwx43Ol{?2MAnoU04X`HE zTsT&k6~JT#uR;!ur-htlPIUMC?P+4gXtK5+L1fUe46gq9Y95%=vCar`YisLI*hz)t zZ^WESIvveMw~3#tIv?0&Dbj@-3gI`YhVkk@tL|28Xk&UZ{8MwhZ@wgb$|t?v z>B09YACJDBY7btdltNfKg0h6Zr}Hu1YMtW;C#BgN*vG6t(N~yHlcqn)aYdc}c*Wh( z4s=9$yeYL)a(|sqGK~vSwdn^3N>bassoc*h?@qVSM=^iAvefUu`;qYHS*PjMxwpTnoufERdRi8B6Ym%P20y2Y>0mdpS|V8@ zN6FewK@E8kwq!3<=58oyuO0ECHweXObD~+!DG>=i?QLECT5) zx6BGVx!NL%C&8Js$J`>F=5cdzU!(qldM5p)`;VjCCEz4P$s) ztrZJ7!zDD<&df0|Hafb*dV%&To&M*>0n8H^BsF+SVEpvZ!OQStzg4){UWBhqJ}HxQ zD4UN}J(Q<_@^K;hTx-KVUgM+hRasEQePVc6{aOQmWm>4jNjmPbK)UM@mh7<2KR-$7 zV)Ugv?<}6Zr+tD%CO`7P>pBTHb?Uu$pH&0hdpeJoZS*e~3hArH!(Z=ScgLG)f4t&6 zP_U*)v!VlV;(AIfqHw$h8i3KWBnHJ2xBt$xw!A_v>yr8T`O^>|PnaunvC-LP#>K_8 zG?yu7%}!5G2Ty-J<_t|2rF~+B`0;1Ki4C4?Y;3~ZJ=R+PnSF?Ah|-tfwa+?ZJaTrQ z8p7pJw*%IFkt1{7H_SH5jONQG;0Go`d!g zD01VpWPlp@h3@z2POHu}So?k~v$KIwR!1u;&R(V~T@#1UdAir#$+LNv=lyvs(D2gQ z`g&98^$!z*g2f>+qtff38ASKQE}$Rm^JD{iU$o?#Q^&(QSc8 z-Q1bvH@;Vd_8g}#l>zAhZQndgF2Z3N;;sU+}jbh15xx2p(uY`NZ!ooWOIGOm&g zYy>DidDQdK#SRIA($BO%y8t^pAOTxI0S;5@;kjMb1pR8ekEXf*-SIT+sGj>lBX;;L z9o=~6EXc0Jb*csb(bvmyGr5`i!!4;=+i?EkyQ%E_%1E0^J{x#56y-er@8~RO$VdRY zOV|9GH;v!Ru!1!MnpBnN_0^5fuWo$`Jx)>RvD)a|w}`HpTk`Yv_TJ5-r+YkU0Te&9 z#YlT8ZPA10Nn0aJqV(gD8XRV z`^tCS`?-I?{prqHmNl01zI&gu>$9H|uBD+wh);u$hK5F{q72hPL&FB6p<$}xVgr8( z@pK>oexbYQD9NE!jnM4?UqIHfa9K38&#@1#&9H#)c#g^jE@)_^uJ=FaORpI{(9rIR zRA91t9>#yN@V*Ktcs87{D;BKMkVWTzMD)N6d8;^j9=!>AH5Gtg+dK%#|3iX>js-HX zRH9JOqi~N?P!M>ts3lOvi;rE93WMb%=I<7f!`>Cu?Yp9q3!?m!=e|axZkt1=r#inT zpWR43bGR{n1o`iyBSR(&`|lHB13~=vQ3k_7;Qv0H`Qc3et%N8Dfd5+vD@3pb{kIZ9 zJ`N-KZ)H3r9ryoQsRR4}F9r7M|M~U~iL_t*;Q18m`^RF>=I-X)MCsd~S~cX?UdeZ# z<}G3+BNj&7Zc$r2`&+Z^x5(T0K7qWS5#wnt&a?J&@Ak&Hf#AVZ2B&LEL&r{? zCeuvUG{)Pbupf4okxv`+AAchhn#SOx#E+gu4IHh#=9paz2#2eSqBJ(fL; zu=xYCh|8w-?BaN_R1*_A@kaPlfiU^i$f}^X|L*qi?rfIh-qvcVV6UX- z2f!Efy;P-*mD=@{F7!^_V6}yu4Gf zn1#1>!*d%U`7QFPIw(YDN3`6Mbn5%eQAg*6hmli8p8#!f(djl7Oih;Gp=2 z7?T0mkS^HWcI<8G+!(cjM93I)Rn{!MOUk7y04Miq>Ada74fV4`6@lYzD~m3Td(U}I zKfeqz!PDx&4Ql8d#f>`gA(7RXN+Or>M|<_pT-PIvua>&D`)OGdeDl)Z6=*Cwc_jGw(N@EYClBHrMZs}TxH zPSn=D5+s-1m$;zau(3`XN9^$oB-9o~rSRK-JzJA-Bx0xc=;gv?2_JcGub7^gjkR`Z z>dPm^D-6q|?RMeY&_Jb(s8vBx9t_c2t~n|Sg@ZsqQYWE#2-pyR}o*Po2Ry%ocHs76q0G<}{&c8~Y8}GJI&Y)RfM9xKYz(F{+Bg2)CF7lN_O5V;&hqHU6BJayA060} z#I6We>U}cO@7y{e>Mmj8xHK=t<7Bep`DmzP!b{$a+>!pTde1G2i~m)(4OJC-RR)wA z`)0H0FpTrZ4SZ4w)*QqZG$epJT9KH&&CSLfw_qZV_VUV7-~0WcLwupnyR(LI5=xjH ztVj?&bt(UJ16n#haBd^8u^fIlUb;&4f`-O5^SoK~J0|)SE1(1)S3Qoc#d;YuU&$q7 zsSF;Gz14I)o}O16UouG~(d*O*zDhmh-|xKsI$ykJs{?wW)_VGa1x=GSO+%E53C==b z^QzYc>uT2~2o<=M=~28+Cv-C++G~hu_`s0t`nAXAO4_?P=6IZ>64Vgq6E!M=MPdt( zZ$eXtZ?N5yAqY5L0f^nNL$@X6)*|tn^+YvQK}BoKrkVB9fA|SMT+2pav-Naxb$m7> z=)N7_X6DGD#SnSZ`4CM5ja7ogQ$CaSxqzG=s<6r<56`#Arl9s!YyP~P$SwcR~ zSb?Juz+uVcN$3^~5oXTs6{6|!$%PNQe@B?LChYzg_N29>fk8z_&fmBe$M2Ay<5f+| zZfYAz_&dT~ZjO9+7*ci2tbR+k<@YH@8KeV=64vIbIcf{U~11tx5!v{8!k zmBWsmJ{O*+VrG)?h2MdprsBjI_Kc)+ic66n!ZHo)nH<#x-dmX1ZgF z;}QCuN%DBpI3#$Lk^`cn0-F8x3j#)2a_KvFd@KVxSCayrWB5v%I+c4)dls7eC~M z@KpmsN03IJ7n@2E6P+fO@b=bD1}*8BnI_UiX?F_mW43-=Wp>N<>T+2usx8r$i0yjk zxjo7#;2C!>*AJGU;rd@TJe&Ke&D%_!e6BIM_A(jO@Hm6l4>0UAg|q2JV(Uk3-BU(9 z5gKf~^QmW|dn?x#BvXXNHirw~B5wgBvg=VK*(}y9@hsyxDG+iGR!|n{qh+;Jj?u7| zyhN!;Z|ZZ-Lum+~=Dnmcm=)O(Y>OU`N2mR23XY3q^@(dHwYs5w-dSUas8L>t%}Q{; z(`K(S=Ido>K^uWTkavjUW*$>>uq=uKsQ3jJZ=#m~6nIHy14UzJLt zHLBMx#iZwb1gQ&U`yNCZz45V_zOPzSM4}pX=5kCfbN+4l=JIfaxG8YVmD?k?M7XM=>s+nRZ0TFLE0%^vRcJq$cD{Cv~A`BW<_#j0uo zmq5>fMKMd{(}iDarfp=8Ut%si&`HMn~Dx6jC5Rng3iV5c%>il=LaSlgUI}HO^)e8ed4Q*HUUEPVx2+niNB^_IS4PP zK6LyY<~O1x>OW+U609-;QY2TD#JX&X*T?r5ovUW^RLt|j<5K-nXzWWVNhCztGV9i!ry)l&s;{mC!dYjv9zQa8~Kq)3N|2z?iIilZrV6@Jlg6ki?(K1gKZ+-y0~&oCAY8C0zIczo$+rQJ5+|`bK`N_M0TfwvU0V{-$Pyqa#+UrOu zX3lFY8>iCaXp`AaFw?q$dK05F_~YlJ693DRokL89qks?l`&E0=IV7iuCE9cu2*j#% z&0~diLkkp|LJOA}OWm-c?Z&Jit|Fz^l{yL}*86tQY}d^FRU^NypJ}`&DpwgKudW7U zaHD{)TJ_)-RS~JeLa2^Vrp${O*?LAZ6)X`Il*-?4yvE0E z#z)e!k{&^>U$n;qD@liz+el~3tHNN-*hp*FBab!O<N5Is@@#)s<@Bv zOi4cz1c*S-sTdabgk2e;JW|tpmkvM_IpG#Rx6=1O4F^z)TwZj@y zY^~mpSS;!oy9QHv# z5(_BMqPSws+k=j6yWqjq{x^GSuch3$vy4*sPr*n&B>%EOrNAPjmd^&F4rUl?ir@77 z(A0Sx*S>8UH#H2xd2I-$(MTB9@(l8`8Jj#E&K+EUY*^!>_i{aGRUAY=h;z<*%Jh9!^bNkG5!=aBn^hYNtoG>eKpxpK2VwcYgqa0p-2`u>89LL zngHeDWK*oQi#P^ih&>&b3_C1Y6k}B}JbtC?I=zVuwuwa}>p6<=rE~P{y=4%hf>pxQ z?0d>4e}_Pa){5UojnjQooAwZK2YW0hc9OJdv?3|iVe=RKu zIUvJ$aofXwmm&TK=48O{R5OZ?#@)-!h$wkUHyZr4j*)-u_ryc0Xtk|HuZ7flrTS?4 z@F%sGHjpTE*&oVoa;Bdn$=D-Z32AuZb25#)HX)SpW~M=w1pO_&Nj-u0oqZpTM^BGd zUmZFV0k$Gf>O&bzw=ozMX6OqimM&^H2vz(+2QG*W5wVif?hiH~8p4bUx|YS2pTJ@M zCpBOE8UJB`JVA_xXhWXDa|(C}xbxx0<_}yDCIa${g)tl!9Ez5QP^Le4SWoRS7mmXy z#w@ZcbKfWxN+R`gCBhhi_U%Sf!EzoD8jXyu2R=xy2>Hbp1yW?2Ba?$U+pw&+7JoHK z#em;0vUJ^!BI67N_XN4HA=DY+A&L z^s~Uj|E)AUCK9*AV}_R^)QN$0KVN6qPY^~J_d*~ts{Axh7irZU*e2|i?J2q{d{gh0 z1E(>#?na8x*X}>%lN11l2CSHZu;?B?f{3dB>AneceFT|+D?cM|&7;aIEc@4;^7*cM z(xtsOv=p;}5Xi1e30s9Drt;36q7jEW}@_!K|mRSs{-gIL(R$%I9-H`#y1a*LL1oolp^Ze_Rz9uA6yqjRiv(TO^yD zT8zjl!j%Own~qQpzXt$zr2gjONS5BkAY21m3IfSE{$~*p(4Nb_N#U2%|DR=$r1*q- zgfdwn&u=NG@>jneZ^*Up6lYxK0Kv;b3G?5{PKQl>uOD>qzgjq72FI)9g^!WGlUYOz zxp6~+5#B%EecOLd|9;NQ*7ZAb)@1ok4@LnNr@0pqQ6Z)NN&Q=9y&{CqKmhzw=AA{B zI@lJoEb6PtpPDYBY3aKYX`o|V37meEVz}A|ipR1FCKOU`_nx2$zhB?Cdz4rr@#xDS zvDC%NtvG~_6L<IS4EVU7Mi+!Ds@8Ji?6U{=ZR-gwryg3S! z{?q;hk|0NxhsA5K%S9B{y!)vLAY6ivRi?>6c<}vpcXOEI+`fVC1UN7Ik?1F!ILdJt6ZERSMACjI zl{(z%$HNz=(nj)8^9U=3n==< zR5#=)DE#p8Z0teW-VQj{qx&Uc3LCxWdOW8GCnRAD07oW1a>{5-K`|glqlbyhd-V$V zt#id>JpYVZ9eb75y=l-$CnLk-7sac$+CB$FSw6@8JJg*OXpn-uaIJs)Kv5?LY6UzPb!G8G#aYnqT_@jXrZM7FIMx+H~`eCnw`W#)C zU`)@zo#tL7jf7ILxWGdayjmh$ z5VYItEotf2cYt1qNHe8}Q-gdnx;zVurW{EIH{MQf>2PKr7utyQwGerkX@OTVF5y{02?6$d4)YQMd_O^31OmXMr_A1Hy& zaDJ(|Y!sul!`ot0-#!hxt?-^0D`rA6Uv(`1Peg{jrmR}Hh$bkXw!!4VX+QB{WQVu; z8K>kL7B>+mgm{~^RU_VCiLCFvdCZdLySXDq5&t8sc_%lR=+l8muXxq;LCJ9I!nMPs@b7T8t27m-S3M$lzqz3>rGV7vH8Z%{!Q;=YVdq4!J-lruOcSm`XE&&^(b?!IjS&}9w(69&;o zYs|u6)mHb_lS?Tc;r#ql&p)pg))-w06%1{vkYvR;AAOhlCpgJ#Pw zquTll9JEVAV8r$-@%I>vBz_uWEg%LD8KWRUtL5;QV1&<=h%GyXC)ix?7|Iz#B(f6l z%)T8lgqdYSc;raliXjhr6iOJ^Q&_fkHbR{ui@svUQCR{dbpOrX%|-wI!~>$`aDeLy7)!;B+%D63Z&r{TCd+q;-kEt z55i2>MSDrE^1`7K|4#0jYzKMlEsW3N5!VFw{lO0^AUOsth$cKjs9`M*c2^7)*HBUZc9~!k2N%UbEcY@XYz6Gd;cOw+≺ zOUSuqwYL+UG@Ik=U$!tBEURyC`dmZzH_K3OPMvS+J-ty_55b0FSE%zE&)uX&{uGmK zLEWg-xAyn(C@ZZ|rjXCEyrYsXUzEwehu$`?Cs56B) z`WMj2*QqCj2Pp1~Bvo5{Q3vhj`A7p*k`gclD#kmv-DNr$MK)(_?QUO)t6mey2O>8^ zzYo8AUpFQ6(=3cWV)S>Dj}(}*uBH-wDCnz!2&pNQbivp1`GRM;RBXDalE(GbP=i8PM}`U6IOs54*YF{s1U_)?JBYJ` zzU^*cxJp8`{}+t)1WQpev&4Eu)cK3@C;@QK{TV5K@P@ud`%5~H!P{=bon7Q8jnB92N89Dbqx^ak5uFcD7 zTn&9s8)I{jnz<{68{tdEh9;>Z}=pkXry=;JO3-lPP^nYIrKW)ORh%ZPZCTV=iN7-*Dp$`^UrlD)aT zo}hW)FAod)U`q(aU?u=fuyJ{f_DamP7_Oum4|BaBPD}}!Bk8=E@H*Mw4DEJCzs6Nf z!T1Xg+`XXtLRgy8FbVs^Ke*LP+P!r;Qj&RmjHtEHF@HQTai+)%Hq}DO_d}^>VEXTt zldoFrNKE?~3q44TxB(o*s;_m9?a-Wi^94!TGi8;;^Od~ueFP@pWgpovHoe-o>nF}b zB{%|hYhppfxbKhL=URG^xm|^3{vzzIhNg@={rz{7eAatx7z;3zw@vE(@r6ER3A&r& z|I7%=P!zpY;024EeKq!!>|Z96m6#b6RP>w%#zOH8>pR`xQT)`2-~--rLL~lGRt7`H z+uD8|Rr8#Fg&8a6mzdWV78e58-|K09)+sW8dSyh{qWEX>naVvV=J?=^iVqVUNU3&+&b$#xZ%57kiYtw*T z7C))_nt!)L;~_FQSj2f`Z1Uorz?AfpN(()*ys~R_c@C+;(XATbfA5g?j=#FCAGs8% z9px%gYf&Jud!V8;qDp@yz5Y%Q2g&l`6b#W^Gk8!TmNAhBP?lntr4Tcey4_A7CL9gb ztR?9PeM6GX_6^qNM;^CYU*^ubzukcJ&bVO|x=_uCli?lZMV&kIikZ^bzEoqA zyM6mGKWbjeVq@9PJElxCUtT{!S@g5v;q)cSfwb3vQB)qqt@JB%rKO%TrR8>AjP8`a z>c?V5b>yKgg?-hB7K!i5W$xIxT$L9lzHa`6 zkaA6_S)9(u=~S*~u;MOOIOyQv{ch@~;|O~GO4bH)?}3oL)fAh(Ca{fc7pgT@ah_U~ z_8-mWe++8#fdgDb-@Gii79Y&A7#W53#;Wcg zS|%E;dbGVgb@ozWs&^1;=j3=rxEt~D(v$G7->os8M-;E ziZOT890xLy_6ICrLTHY0z&aJl#kY1=j9{=6fW2R^Z_GE-(vjQ-fL5(h#X}?Ka6{2 zvA8l4=L8AHHY9L1j6{qs`-Ti2>1{gQ9D!&l#G1q9brFxRt^ZRyUFkb`#9Bp8`9?PJ zG5Awn%aH2W`_U90$yoyYgSyz#ojL4ix{>x^PwnPxIbI#+(iAuuaxY{p_l66?=b&|` z$LyJou}oev1lg19n2TGO^<3l)CXWIw_3zn z$zFzAvct0In_>m&xXcGuMQBc(S{gCyZ1eY8*!}A3sCkN&%1e9fDuR1rM#@rylZIR5 zqAJS$f^vP3Sge;fT>{n-+QhW$m?^QhF_ucHR%(DMoZ}b`8pfgm$ z+#u$&-;zi>5_#;uL$mb_=`0VQee2h{$%eI8qAs%h$Hdm#zRH3S1U7&%o4oT%DUXfjazCSHlUUpCEux|sy5yPgT;OES6 zH008z%@{|3Pg619r&vcDTAva2b{KrCtP+TYZ6r|+d~wIlrHB5Ls7MWmyym~UcXVI& zkuTd{tM%$%N@@w&Q@PU5R@2^ZuR!U8{Hp8_Tb^3np)cVi^71#bk$n|p#q5&Qsy(vY zO3(W%NIJu0J0ajS2W(^&!!vkmejc2p?Y=TuNGw5`zME|O^79Vpp1sn@;@+uMWSn*9 z8lTwPT0lsY%W#HqiUbEzo+N4euJ=NFJB6CsR=@pG3O7>^X;ztVwcprEdT-?SRKUm@ z={D<6i5v~%d@z#~J0ybygHclXW@5{NM!iV8&=WIpSr|q9*JXHq+d~7;<~$71QxQ!8 zj0DYfS_y?0Yi#I3Mx?I(+zP{<=Ro&T)Qp%RCxeA>kk>xpn~X-h?F;-eogl#Uu5Q^Fh z%xM5AK|w&~z_mpD;V`D_N+8bjSrdQXJ6a&_f+z_|5nS9rjrLV@jMlqp-1XjGf$$xg z*A}fK(>Q#~V-1;_921})R2>6ixmUHP-s6Jn6CLUgvh*}Uj>b9u1(xIhE+OM*tcI#C z;KyBk8AfGA^U37uI>+BQU7-2hkU;c-O}?MTF3ag&dzje-*-Z7?<(DA!CtQ$7b*jF_ zas|r~c*yooGgEnhtHOZ47FcfUyx}q;TGC$M_qM}rkTuS*kp>SEsqzc9(x`D%6TOWE zCrNN4NY@uCxi5VY3^%z9pitQ=;`@{` z`t>nZPZ;1!J&HG8Bhs<;6jR|ScaFhKub(rcE=xkNf>YN@hXN@v)^_7@5f+zpfeJie z1jPfREwki~bd3j`-~6K31*pL#NQj+JbDyN)+6a2HL?o8d;>|QcA{BnYm>fmm^Pt~q zQRWZ=Z!UX`UHdbCQ8H!|rJa)`ODZyS+)SR78IHROJw>ESQSY;|usfjexN+AKjyrZq zo()D_A??@8LRDRar_P-cnV$K!?|FXPn|=A~h#K~a%xvtM3IaK~-?Y(TDki=yHaP*W zlA9V92p`_6S-B;{y4RuiGJt>ey^W*AL&${Pqj{L{kY#P+(v+Y{Kolx6voE@=1a=S^ z-)`&y?}Dwvl!4NBa#7_IQp9!;tx>bYl;rB_Cyd&0CMl@TGqW$|dzIa&^Rwxb&EO$s z9BH@}u{TxKvrP#w%ki%(K@TQwqQxHY{|>+;QXbv;m(20v4|r$UFuK$Wz+yvV>frdK z&@h#MaT3_l(!G5Le{Z)*xG=K)DIe_^KmVbuYBe3r9E7jEqBvY8?#t7HRNSt!KUJC+ z-*k4Ok~5Ud(}ArVE2d7I;qY(QQ{&Vb5Ap;R3y!-3VP2(D0^?-<0#n+sko=kjBKT8CHC@eIFEB}`!k+346hH{hhnka^3bS7~)9rMc-nRVhv3oWmU_&gr9+yW`x_oos zUM{})n`r0Co`H+I{rY%!Q@Gs|*|H^BJ>7uYo#Q&8GTpH7E`uijAJ(2j@H+J-|F=`D z_ae*wiv=W4Z&8YII*n*i-a#Gi)`wcJK6!@P-5wlb35gK5qFLv6?~h4dz3~tTUyKw| zww(DbrB5uxgz;oCXWxpA@7oln_;qrLie%}};-@m=+@n0P>GRh}WFw*0mYd)k)w+c0 zoY_aa=Urk*hC|Twf(~&W2iM%Yve#a*bC-u^RLS3B^8B8%h<7OC z`6XOad}TlRwlTj&Q*L4nUu{gfJHR`eZ%b5>eHCK&q^dDmXx?T8H-zoJRW4>t{_vVv z9fV+%NE-Yaz2g~5JCp5w(ByhTTe#n_Q1uLoO4QXbxE!f;@ZH<(mA-Yl19CwHkwR=H z+cA=uY<(2KJKBV8$pW4I<|nh08!E%0bjUE?s#pbK^3~rTaawgOEJW`y^0SWkrhpE- z&OEPCRoKnY)#*op4kkYFv3Dc>bth$$ z`&F|dc=&~xcw(}OD#Zy7ns-Beo_h9}WjEr|eI6UrfctJKw{|ea&f91U8)t7s>6K|z zN~uYXCsRbTgBER-l(R*uU0^&Z%DqWwSA7AO)7Epf$z0I*65bUllFNBGGZZq zTL2(ApPE-Ao?PZs1>(Ei&ud=3ZVGT_@QKwX9K;%C(T8JxWV*|>@0RMV1>9$lK9cSG zpHy54s=oox{h`0z)imoB>`tBb6?k}Qz88fm(i(aE{%|80F@$4yCD8{~Z@T(**fw)0 z+3m~ZmGD&f4IJo!R5Ngq*|URKC^b%9tyg5|PCPWAK-+od&k_rE_(2-q0UaMR9V88Q z-Z;-4a`k=%>i7wo59tG?eq2#DHjhsNM)$15ZOG-@3>Q=y_6l&1Pkvc)IYn>IYE}tt zaR}4T`-R<9+;Ky0bTn?xp#(sgn`>`Ee4IX`%tqMme{dz??Q)lUP^x*99l6Xp3!Q~5 zkL$;YP5Gk)>w%c_yxM2uN#y8iSHxQkfU4Sf^@`Mhj$!~7Ai={*Sfg<8%g}n($Q|DM zi%lyVX9Y*HWg~ElinnI5%lI}crDgpQ=6P5TTIbDd+u0X+925X3yzx2;-?xEOw1vk_ zT5=rSITK%>$eog|$yQHw*py=uOVl*qUhZAlJxpV~$Raa^TpVX^NtAeP%QLBXgRo*o|vE5L&0eEJnphs^WQB*G@WrdFOuySUOR{- z%L2$|L$@$j_1Vj1~(T8zL5S;962W{lk~P(Mql z1OQm6YcclISEva4KB+rHzfS_R0JkU-qV)D}skUryV2vofSeI^=6pLL=;Z@;^l{?(Ee;*_f+o zXrDD2WLGlxr-CO+|MxjGbiPnD+Zbd%OB2GB<(^OYW6fDQ?9SdL_Pb$5etXtUl(FkceI~vrMsi#CMPwCG*$G#-$;(zb`($U;RQ7XJQOOb#3 zmM`&m?;)Z5!k$Pe&*)+0{@+M-8o%l(vTHwV>IY8k<9hmUzbZKs4~z4CDAV)ONK1s0 zLL(F?K70@W2ZX*|aGp^Mj9by;Yhx$1EW=>ORkTa$5eVUTIw}<@%b_yA?nNvhXTT z4nOe5<)pOuC?_QFG|rE$6yTT|can)vovsK)*0h7sm}OqR(IY7DA`<5^QiGge5L*`6 zHL0kZ_Hf8yct`2mc&!Zn;M@L9?Cfjp>l3QMAULiSbS@kvpk_#|U&~d24+{THR z(Bj%>$&dOEY3bA?m8Fy=c(`Vl`esM>NV`BLqA@MQlZwHLssw|D>Y&otWEr>>`Pi%0 zcT``%SFLpQNovaq66`{qNCT5>I|~xzGMMJ9i9pwC&MxqVCb9StP#r@FT<9^|$D4mn z3JfS)3a-#>w8>=Y@KHDU*#?{M3R1i9Nt0l%`pk+GQ~_L;NnEh#b{{8xIR zN*ayurN2+l`Eh?S=PZ?q_MNeATCdd9Ap3ITrMtNiO6YjQ;6;?geff~A$ToG(Ina8W zWrId2mQ!cWw0=Z8>`i|xo?T)#KCa(%kA*ShsuD(MTOQh_u>*BT{i>Tp#RZ{#Z9khl z7QM?~EoCT3p?ZWwmNrPb&!=fZVYgG$kNpXHd*g(1fZ_Efi@wCCa5Ps|8rQoOhR&PZ z;kr(s)5{&!9gQ?0-4NWlngU>~Qk+e|D027zvSibS+CG?$<>^L35ne~WP0qjP%Sfw*Zx!<`A&%|0#g|^1zS+WB4>g$IGl2gP{>W|aXQeCe{-ZG95XX+lb)}Nnv z^C2bZ6WIi}I%_T$x1?s5<>OJWe*>>}dL~Rp(i)6MI_h1dg)i4w#DE}94_XI1GS*jm z)rfihoF$CWk2zncXw(3vOs|kg0$@8!${MwHPBsQgjI*68c>MlGPA*@|7FtRWsQQBb zdbVkPjxOe_$Vs`#@qJpPl>X2|YlzXD?dR3Imt!PWCbku(A&E4k1p|1=R@oxQeJqi) zPPArpZySET-pM<74X_O-B$;5j5mp`-;sEnt(l_4Kf$Q#`u{Uk+;JvU5+*UXjTc&;9 zgdQKcEP8&dVw-51(8szGC>|wHKk-^{-*H~&I{Re#MLjX5@zzzpUka0{ffz+{iM#Es zcrpDChiY4+N5@EEETy0CxPs?{w1YnPO9uKz)-plGD`mK3_k2ux_kCZPEJLq`8&E{O zv1KG%;da62imgHhJo~+0mwOOjWF3t*d&gf}zPf4Inmw$kxw-rjaM6CNE{M4HQs{#2 zx@G#~PzNM=1}=-bVYG|R`+Itm$OnoQ4!6oYr#RqUTx(L=+#=xJ4LIqy*_t@%QQi4d zH+pbb+2=EfN5&jRt9;WFdO+~CI4Hm1&+DHu zeZTXo*i;u6z-fee5dP3 zWGS6EJJ&RY22py-Ai`w)$~lM)^UZWs)K%ZUy609rXPi%W)%)#PB{hJs)}Ak@6&q_~ z*O(9p0<8srjmiagb6F=yBe^iLc)_KhW3$><_FtYM*V(0;nm3+0q$Mu9$}Pr0N;}+H zRssg8(GdpQqI2X-4)O^G&{FqXXy+S@#n1kzhWDZ9s+ze;$nLzg-V+FuzX)RjTx{i4+&hxZ=AIj*w(fX2|S?S;9vmu6h zEYIg9M(K^ZDwK-ej>*|7l;8o%$s{nFgSqip{d!b1 zJrQUHfRwfudv5Sv^otUdwwXIc zEw2#R>#FcMRz8PyMT`RCd%*1J&3me*x;|vxy~teLZv27P-DYfm4)I+n%6{N+@IpT4kS|>L59}e1{9A0@!?sIoY78H6aU1cvx6sdYpgHF_ zSkosP$Jzv1_|KJ0GkqibKb#!GyI=tv30k%{X6XcEJ|^5_j8{D^v~(|Se~HXoE#KXi z9n-zfIkw;0dPh!{XKQqVVKv$|Ii_D0k+u&FCtFZBEnEWVP!WWowtXsTmf51nDczJ! z=KRKF7UFxSwgfY|D1dsX1vN_=t7I#J&m^<15$AD!A``dC-99#n51qh@)KJZrJJcT8 z8z(Vbq=5J#wCaA%+;KP|-~=TTfVp*}IV*FxL+`%mWSi#IA&N0#=s?3Lrl-u@Gz;i|9bFE~lt*=kUtjHW! zkcsB@Vg=i6N?WPYrHlKX0r!f1ZjmiXn?%+&@w~?Y|M}M7taL_lIGU$So9)e?S6sTJ zR?pZ69w%lH#Ki`c#y;B z38QmX{tOum-Y+7TbUS81+E46;Xm?m6J5T~}kWIqw&ZqJ!)z<5i4oS|iQVBK3YgB1W z^Iy^pt@+K|QRg{!9mo$M5*GF2aneo^w(q$v{KR85X3INRyqp(=-M*~dAsXdbDdUTO z`C=V^9n-GLzA4g){YQtaz?Lvk!bvw!r5#enBf!XZ^E^=c!~XIet1L$phPj$g?AqQy zUr>V>z!RhkWO~s5Jso%4E;XYN!6kG(f@+NwKSsn8P=P%$BSeXnqZ{To(Zy~r)~>uC z^O?j^CM}b-v;5m6Smaqav5>UPO)eQ~D%H$$kgQ<)~)m2$&T%w-mn~@W?kQ5Mk=2@y#(}Svv`-i>s@Xe*l2GO6icJG>B2+<^x60Bz3QVZKob=w&yjxS z-Fma{P+iq}Hh-H&X`oIq0b@e+!9UU#0I#&k9jCGjVv?|JOO0xpV!>Q?F9pF}1qlX#Lj3cZ`(dFQ7NTmy*KbKOem zh@r>#L4@UD{JV}LxZnBdF~XQ$Ak#)!knnfm-ygm~OAPlk&ClAhs`By2PI36>FH-jyao@0y(&AH9lCz)GZX=r&9CwVW8?qQpBoC#4ti=(!0DG9OHuhmA_56E07vK2VG_F3~ zJ;hO~SJ~QNE<7oXGdttUNN(S%yyM4E>UK{>N>lQ&$Y3ybOZz=Hju!1C*CIw#kzbDj zn`Tj4ntvz*EN{GgPh+jMfu0*nq#E{kbpE^0Rw=0ZMt#uWL?tkbq2<^QOWH5*!D*Atwq+7f>-8K==2E= zKxcfL_Hak&fgR*XehX0bDopy??9K>mpaiUFBcKTD^%ezdM5tY&9VuOd&Lvk6o z>&7u1`DFlHpK>xPEqyc6|JnEr)lh;>w}^IvE7UbmB0!kR!&FNetAf*ajS~ zIW;|1KgUCP?wxMm^J!MtG8(b@-)|!dmn;A@<=BaJQ?wOpa(6j9&Et<6+`ZhZuD-o$ zzx#GM9_y!fGwXlz;!gLUT9h^kGm|cD$4S*(QhR07WSkM)P3s?bfy>M9?}ozr?$b6J z@9)PGz?-@H%10cofR4c6%c#^9IW6HyE>QcoYRs|f1bfQflg2Gc6eY9w0Mae&OD}_W z;ka@gpU&^b_8WU7z^P`t$#wwf%9as6zbz<6*`e3$w@(%^k_}=z-DKsHn$oRa z0Jrz$e#^28^(@0%~E&5Reo;M_=zZBxN>@YT{sMKeeLi)|(8m%bZMOv-L= zmhW2c>A;yoxc4d<7$|$n8-~BPsaKhOv^Wg!Uj1o(Nf4s(>^z8GNt!F$wzaLE6bzfC` z{CM&S$hf@J_}@;u-7j*o-|~3>9Gu{*2;OL%e^b7T#p5CSa`fQap>Zp~z1AdFmcIHq zIw56h{x1YrGFwZ1X4TnNTu7KwkO&)bv2O630myF2*~B*I`~v~;Z4f?5F$)Mch3 zUm*4|Ph{V9?GK7qh0FZtKXeMrXONx5eq*6A%4*x=u{#v)j0`ilpAyb&03w@uLHueU zHzlzbm;9mMJbHo zyid=3?{*0tJmir*!fl_$u8+DVrCK-oSjr1x#XgB`ZWokW#EP=*Y%kd>HwXsB@N>+;uL zBDOTes%#i4GNBJV{McfYaA=hNMpj5<0kjc3HC~d{O-;1#%o>mroOUC>E)ee4)5CRu zpl4*{z5nHg1spGQw4!w>xv^^8q2;WO$#6#Xk^$+f!bQnK`Q3EI>@(qz)e&H6k2mxs zR{}66Y|s^P-rjtte17jb<+ClDg0`)oJ6_Bf$+J0u!+y@z4QdR3uS1U!iM6QRA^y>d z5udAt^2YPi821(nm1{H9@C3-hKX z1keYUp`GHFuR9IW%p8IK^(kILyeA1swM*-R);*&g!9jB3=Gl5e$|aR8CXnmnuL_JyP0}#pI*0(=U=3z0X&2 z_CbFzQtwAk_H_n4pmO1bwI z9+aCR21##)F(P-&DokP`rn+|pUsJH9f968=+Z*i`ml-)kT`Qj^_vUBL8@w4C~g z9P9jp(%5q7rGQ})rkP=7C9MZ!oefSrQV(AOX z|LI-zM#M1jKyW*An2oSUMz>=It}N&6Ql<%%8_X!EsrqWE!o8>rBRC7Tqo1EOC2Y6k zRq)ij;F!>Ho6zgAbsoI|DWFRK04h1H%w5q{?+HqAl`Z;yRo_A-d7PlH!h8yJ-k#J*Ji`5hO8*em>4M0C%>_#t=mjgAJpKcql)NnmhN6~BzH@idy+090 zUde$l`dT!+`lsi z)SBp|F%n^t0Oiup4p#fBiGW|6rr(L*F}oe>Zx%Ngc<1$+>7z!g!#r5ojtX(^l21_I zEiLNZ4c$47@#i-74X&UV9UZYqv8(iA0g}_7t9*;Q1lzDvYXGO!a>HUw_ZMBWndqZ7 zM(!*o&GK_7`_FqTlBzz?)aCkTDe7~9MlF5Mx!SZr4|fNA>ms{*+wX$)jxxe>)47=b z{*Du}C#>koR2Kk%mCgSIOr3A~dovaK)LVM=opj-{(D#&W>i8l5P6S1cQ&@?U!~|+b z-w=OpaR-6uk4`sLk;H`s64MJZ^o-x;yNWe!gpLIdYP6_On|6qgCfHw;U6j>b38lQx zBwYMx0l)S;x*Yf!7)sZkx_cFHVuc$6JEj=Zh9d{uqWeKQA+gCt7mW{#b$Q$zkFYv- z=uKjnR;p|ogVJK`zEzHL zwnbcR(0A{#mvMqQmUOy9La=TJBhJxDb|Ncmvx^_`%_0Xl2wX9en*$#P4)YUI-*^I^ z^h*pcE70r{(v#wDupK@}-s9gwr@x6OoYQ~K*H;1(YKd$6`@#O_5%BDYY+r95fxp^` zMy+a21u+%sqXiddCl(8G;WMWzL9Rv9$qIumI--z2!Mcj#9Ko*etL8XSZ%}u zy{Z&ry`g{G(9P4+`40up?KNl`W0lN}*ogjNeWCoQt6=_$G6>Ic7naz3QC$ zN>RqI6$V11gbpFV-Uo9(1;+dr#c8+!6#uJ&SZ2ujU_(RhQ~RikU15X0UoS0bh>g$+ zGHdSb7RWegyt?F`&Js5%M=gmBGi3OiyDHYAl+W8!ZlT!pDS0!GyPN^FhlC5}jJdz^ zXx+JWvM-q~Ary6J;Z1gLRCKNZ4e%_#z-_8cUn?mx%xC~?l>l@_C-~Y}Y1`r(16Dl_ z^j~QS$MsA;@6W;}r6&i2;mwDw%<8EiNwCEyKxt6Gz7VXU75G->tD-VNhB>Y~&sEp6 z21GH6EDA7%UqCFyh{LJ=?y-mflU9hIN&4+zK&~=g6V=q-Ty{8Jba>{pwNpq{OL~~a zWor{Oe|8ux)~c)R`*BXVpq2Z`W+U`!>IINx+3bK(?`&yzNL#2^9+y7Wx+@w@S)rBT z(}Sz42BCnW%W{~`5g!a^?~SKBaS=M2AOWpV2tIWD%gp66E~KdW3eakqRcoX9v!*_K zBcbpfHgHEby`EyzD~kGRJp6J*P{jV(k@>Wg5LaF=D8+)PqH~YABlN`_D@yXk*%*5a z_n{+IhT?`jBlfiOY|vLN=4-U?V1?;?D1ic9P@5Rx^flkm0?|!%Nq+Iz-R}SXh-A_a z(u0I8tIirumPB`cQ5!}o}KlrkNe-l_(y7#GHV9jR#ie6surzu8=>Ry3kXH;xn z3}oK2shg$UizYGjslnMZ3uSzV%FYIE>K7vCw8rNmLoW;cSk>D8CKD!Wg6!#d1~x{Y zp|x~nni`SeGbKu^Yxec!N~^RBnd?6ChHlv3dA!Q+{rOj%W5uJdgTzOl9F-ptU#@2yW zwUg4)l~(@9^ZF^gz8S`=wF7TAa(N!>?*Y1qXK~^m%DQ-BdR@D87n*he*3Lpu(PYJz zAj|WF%11JtI<4Sjggkv1=n%G`58jgH`2`j_ex;Oerg9%Kg#|=o(Pr)zk1AV+gzB|bW zOGjElZ_27e%#TO>3v)@^m4mXeaN&5^_WJ^5A^6c~OP)U|4F5rn_3?(eJMfgTp+%d4 zZdm+7A?)1Wt~xzf@2*4{wp3vB+g^RQnkJ?VqpI{K$a?~i_R19vrPmhKVXPzc7K4ws zBG7WqE$8iIErB`^lwo0ir_AqKNy4YsCG)zj=ZAG}#P-RwGzGc{*?=o|=wzPDVJMAs z?28IumJ6@Bwua1nbV0JE*@!^1=r}qM+yC4cV_`?@x%e>X4dmMtSxuRN5&Uv29rU1P zr|HM;h3~=7^vof;Me#*vJuWJ@yiSRLYF&sD`paCEflqM5DMMQ~EBs zv39ne;2V(F&~6^CmEXJz!LYwoQuroce)1r?vsmlOU5G5f@~-ay33_d(AVP12+WwG18zz9BfYf`7prK4wl(dWkE&i9CPcBT7p@&%OgBo1-!5wowc3y;g$VxmnNpduT9xoqXwft`Lb0_%{h)^g3>pl_v+lGX zYpEve*s^2&ru|M5x=C#t=|}z;(Q`P%$u#CyZvsEPe(L@z(Da^^%B{t=Be8F`^j^Az z+rRW(SzrEy3UI9UUqH$|y^E}iV17zu3*$h3&SkdqID4@%TQe0QICuA=DIZbbtqI7e z6kc2*+{TPYt?!X+D&`<<;BBqK5Tap={MjsiPA7QG1L%^L2Am7IpUxcR2jfCs1OEws z;cn-i7l!XGORDnS{~h;+r|RuSbCvkn#j7dfG^dqEX{+BI5Iq}j?C^xNo##vVufA>g z&2+)ur_LM~Keb&pg;v+ed=Tj^EGS35SN5fL@GlhHrheyi6+@gvaW^5#vQb$fMjHjT zjVa5{&lch^f1So?;3KX-`j{+4-4e2)Sy`-xp5Zu(2G^1fA6BBAw_WknSs+i)zOh1X zJHmpE+>@@IsQ!5wqhx?tm%UEM4GBZ@`Sx^eVaR+6h;@{shLnz^{kMc<^qAD8Vt z7JdV%4VIxmU{2-fa`223hXxmm$V3_$m z%i`(ZD-8b&^SUKxf}$S|?EMZFynomF(!H>Uz4FPpoN^Wqc1Zu`rch9tp_QiDx3A|g z3OvjnrEMM+Z+P5%@60N%Nb)eBv<&-aXj+3Ka`4Y;{^KG^ihb)B?>hU=CnQCaDU#h1 zG3@y)Lh;C8LqAF-?X+riCylatjU#E@V)?)BxUD7aKv-2;an~7w{>~t@3i0O)IK*hJ z5GP9l{K~nsDZV6K|3dffbu-kk{q{4iMD_L0_2t8EQ}w9ILhRfr6)<*^{z6vbJOFV; zJJNz7{2((tdp!-@u=;QCZmbxCa24eWWf-Xcy*=Nk&gz|V%g@uCL%dg7@s>}D;kcn- zf$Cf)(RbKHgChH4in`dDs^aa)#+;mOD-ZKu2X0z2H{Tij!q^#>{U=9836H>?KW z)Wq{YJu31o3Gp7jqqk=)1;VEuRLzv0c4h#w$Ym5`N%J|~{3POmXJxH6;MY+OtKm#! z91viq*otS!mxF30efqC2EqOQmH8Yxu7W@q3-I)D578Bl91Q}Wf!EtH^t-^u4dbP^06wH8$f7A>C& z(gfGX0hcQZn_oOgZCRQTsBKu5k87vdXv2;>7mqC~$I`S6Y=MW6Z5BGjq{lixLSHttmQUV*Hh;lZ1!eu-1mk#ybVDoi*h%(%VJgfm>$Zj}iK+YXM zV|1x8@YMB`{X1})!~q&MhFJ&yH1k4~;S(-2+3QGs7dD!;^CeV(U^pXKUM^fUXDQmNi(_Gqri1pHtpP%xCW>VQ%Exy&Mv-cdF% z@jT4@kIWxTb1vw-c)`Tv2Fh~7Eas5O6gR- zJkoGj3!6qn^^Sg{O-?e`TWD{XrNG17$*DV4rcdX>j|m6geG2euBd-dJG-BHt2uGpS z-1v6z+^Lz})nw|5d1@{b@az37Jh>?+203={+xq5-jm~)hEpL1FV2Bz#tgrt5lXTDZ-I6@|ND!yufyr zs!LFhcq1J7*&$hhtVs4J3<$a+MhE?;H{Ti>P z(cR%6drIe&o(e~NF8|7*z}i#7+YDAz*^BfOF0k9)#wgG-$+~Bnn#vm zwE_3sLCmaVi;3mPShz-F!91mN8G5D!WkE04WBZ5 z2s&>Mv&2*NS>6wV)Q&Hc^|TZu9xTQ^ZXKfax?JYM2HG>Ocyr5}^Sd&PLNhZ;%idJW8pVt@nSxzAQs=UXnm84qd

lL~0r+uVGsx<3@ja z=C9>MrVg0Yns(lJIkObr{B=)xWAr!B_zG9qPK1*@En&cuTWHG~QeyE-aR&?LT>Hbn zAf_ony#3O0^8tKV5jl}^SO0@)jXYr69d}D#5jHXN`1R&>ee!ER*Z#lf$AwsS|5R`*~!jmUzX1Hfa`uL=YSXsUoOfI(?xtS-bq^tpo9aoY4- z>XEK~*a4yeBR+ZfZ3nz)>qhwgA1dGwlOR{R%h}JAjE}$VYGvSyWXBtFq)u!-uf?{p z=!rmMQtY32GV*LwkO){|SMXN&#aU=pC2&5kE{I)aRdb_fiGnrV3Ft^K*e%_4Gy;k( zHJA5j;Uz#%(*O!V90ykT%`i=msbLnpSGbkvu6+DRXX}foMq_-yneFlP^X_jfAcWwH z6xa2U9s@-DluejW3YCR79q&G9Kix?vfH5wUJ21HxOesPAEgl z>Cr)vWvJxLO=MVdZjFym$gfh(UdirBsY-cfn0jWusA5V)vqz^}XF2{D_!=Gk;JzTb zI}SV;13TTfbpZ}uQtK^nWjN>HKeJ{tpD>cnlB9EoW3_*Y_qtT=hxyCoElW(kBx%K# ze3;{JBX=^=us%M1Y_hyW*f3dhTbMh-*QWoR4K5t~$z4-*`A$3E$h-S3Cwm?WA|+-y zVjbs(*AwOr5R3Gb=hhw$qzfNS#6@ei&|p6+Iv9|BOZP@c8dqZzR#G>;FYsb7d+=_G zoF$`+7U0@}^b%5zKrNBwb&gp~fPT$%{f|=B=<5X2#5%tC$ABq`gBHx@w5AraQ)FJP zQ!X6E*oSEy3Y^!96MUf7iXE|ycUsDVo5X6xGl{cDr~-*sx4LxDd2!k=et&sg@x6nn z0gT#-4-F&Vj$M~|Z9j6GJ@TR8%Ia`7^MCDJ2J~^wkhzPDJb-g_-p9SZ}O(k)3XO^k_?Ro?gRDj*P=}ERXKDe#2Wf`PBkPm^!H~-U8+i?p4ysl zYkFoG??pCn+WPkNMwrqVEb*2qF!@W@>I=;Yz7I|^?$uas9+UvBZ{1pGL)p}CU;scD-?v2Xq8JUaZJe$LVG$~5M<#* z=;SIYF-U9>FDpF#Q=jalGx=iP^Iqmouz01>WYRelQ>N>S-wnwscN&&eu<8Z+vBUdFg9^MaE>7;fOm&+-dMy-Pl<=yi@dEi6_53SfKe77valAmX)wDzj#2l|lk6~KH zaQd@DC5qmQPkh}z7KNtcmG`2dLB7b0TJFWj1Y8shqf2)IpTi;2HdVDepr;nd;finr zYw;0Z}r|# zOw>1tsIETAOOp=j0J=TJ)TDo+hi6)4A3&|Zyo0;lf9cSw0Q{~A4c zuSBG^#*CJXD(w=NvkJ(s-OJLV;S#ck2$DT%D&tdpqmos1$_L8GcGG%G=1fJwI#s~h zCQf3lX(ky4d7v)o-yHX|EglqgHyr3P3iNpL@T96$e=IoWB^1RhDMRw@zc7G`1$CKJ zmsmEWGQ}to{dy-Iq^gL`ql=Z@A9YnzW?2RB=<~${8_V5^^87aq2r0u-{`rD$W)?;fP+lTtfLrqrKbSrla-k_ULJFP^?1M)~4k zRHhT!-t6nJY(MC^+r}PRdFX3~^=;zn-{1q6r7^xlv-&MAwIZDOV58 z2{Z?>GN$?GAhnKRq7eSvw{^`v6DxI=@%!mIs|&qV+Cw?7sYShVN9hjRGqTm6J$LSP z?*q0x!ZS~nuTMPRdbn!EFRQ3je1k+kC|JwLd6b6CK0NU+Jjz3{>6DHD2o%CvIc+a4 z&NymXt?0#tYLBPP`zx69Nj-|y%LSL-1V1azG(Jt$jefx_DQ2-GT*xeU7Hr8hG@qUZ zR(J-ZX8^HS@Bdw+HT4y{ut!bv0wbBR#q?YyB?Qmx6nF$M5UgD= zL5|2zk=qd+RfL@&y^SUgWg`;vGv(PVPTDN|IsRqm)&dh~gE|(varh^gcoOK_$i zr!Zp{9(hA6H7bH-9J(sJ!nV7e*`mgH!N~2Wn=GJq`@rafN1|IdZ;4s$nwnw8f{WvhhV=!m{d>PN(9<**o(KYs#U~W3M)r4u#I)|TyMPX- zC_x(~gmLiEWEMk6?dr*tM0|_zFR`t|c_C^b836Z+|2I;ng7+FSy+4j!mt-482i3@a zlI3rIEB+r*iVfs-wP(?$pipcIu9mBN|R*Kuy!coh-} z`2Hms536nBYJh)#4MPp%fH>8vf@s>kw%WKlDDn$#>9ie(=KQQUA&oi@QTLtk2$tmr zOQspQl{HGLd_C(Tjrdh_v9tIa4FGq5nKbqQkAskv{|`OO}zC3q8Tdf88}yy;4quH~l7F z#+6e}cg?7EpG`U*3Vi|Sut;Y9RD2zW^^?)_yXGdO%Xg4-8E0cD1er^HVZ#%`tx;9& z@vPYA<#jA}oXcIq%t#Jso>=#@C2i%C-GD+xNO@i7rQXp7^wB(zXMK}U5gekfr049e(O_Ie!Td$5=( zZuetSx=RO|*8tDD5!46BR6OXvO7z=A0=Ls>)9<3_XKhId5!uOA#_T6knni-B71K~^ zefUwmVJSIy-M{cQrp0DfzM6ycbnx`=;4}D%LB6TXO;S@y@DX&a=UVM67!!TDhDV|$ zNpe&P3O$N7e8%jzR>HKJ+UoklXJN{9Neg}|`y_QO&g;SVVZ9=+P1+Pai9bLZ^)c`6 zJjZBK1iH=*L5)4=c_gaMYeIINS!P&vwf+N`G#vdU;^zvLCn=14^G2LUTWP*9{n z>eC2%`V%-Kv@HSxS%{=R`-DdD8OQ2?mHl)zk)QMtAkN69vE2pX&zcd@p`sY#?CwmT z_>b2<6tmL>Gs}AryfsIqaBCe`{0adWob}>gA?-Qq5OkekX;wLFF-2zxx;$w^Zm39q z7Z-CKl4GM^xCpmKI!gZD{T>K}y#CEN{OFb(#2gMTqih%XnN5AsXulhk5~jeo9CRb; zDA34w)G86(%8x(~o_YaHc2)h>$woLe<8;NVq9Esmn}CzV0`kPX^7Lj%^FT0xJPJ@N z{n0cb%J9!+GE5BQPjB9m`Xa^ARnzQ7?7shO(wuVD-ip9Uby#z_9s;W49>xqhzL+~+ zG3o~HuGA=Lel11%uCX7jVW1TzmRy{_LVDnnO@9|cZck&Lwb)T~4J)pYS`7vG0Zr#o^F~`xBsgv3Nsxne5 z2^D5DpLJHanRBhxG0E|A?*?14A3Pt;;J3Jlb+0;Bdof^@{+WA8Oe>MM!o^~>(W2TI ziILS)C(E^{>YcZx`NA9k55QS~^3C%lkJ(hjZCEZ&h;FqKfFRg%1XJ5-M)IFgtMLVW z^EWk(f)`mSd`GFO0-+TIIv0c}Znpo_)hG*tyd9E~ zApQqC7JkgpmV9?*x!4`r_A-<*E&fI|n+fx67IM|`{KAvDk!NW`w-pm(0Q15-Jb*f+ zgQRvHT?!i&^+EJ}pj$|!C?w3^L5);d@*@kfoL}z>5?QQ0dIDoKt_45>QJALKrddQG zmu|=a;eco?ZCG;lvp(nNJ9QIlz)Ysj3-oW4Pd1Z&iM}oPH2i0u{q<>@4lI>wvJt#w zjmT$TyK}QY=3_^276=oHq_$9o`0r>PPL8Y0t`Y9=*oTwS3ty}6WDklsiTIw)B92Od zTV?wV({=%0=qHD2&*;b_z%W<+%RdEE&AmtRB<`adHVwrKfc%nC-5~P~IbL+KYHe*v zf!^qw#QR0u!en>AkCXr)NDmo&xm9rM>HKG+6dZ*)?e8E<~!ux1^qjjd_<(h4lFNW8&Bd&vuuG>SQ1G@5nNU?G;=rLfPka z?sk$tiJx&kL2#wtA*(Qa1~rEjk0w4E{hKhHnkQdCRgTNb=Ve49M}Yf185q9!e6eKw z#i)zUYi*Olvu~*dj=V~7q;HEXee}lA0{UbQTx*!%3piBeF8A-WYGRZlSu{z)SZ4g* z&QNr=CIb1U*2g*~G8G#$v%C;;C;4&6K(zVm!WM8W8h*OIaayCYYvNq6hxTR+9Serv@MVWVlJstX2tprfwxg-@BAQNxehUrz{3zBiLKslE44uyF zy!|X=?>{K^X3E1S_%;r|A^f5xYcgx9^dtyy$5>;40c)+`LA-t`-7XWQ$(?sAR=8E$ zr~g{3`W7A5XOtGrU`#e3gdO%BO^J`Wm2$Mx?E_F)_L6kB?oiZzDHQrb* z3~#JY4hO8nZ`8**^+1c7IZXn1+?f(O+N!3CQ1|u$j{e&^(+$&mla%1E>kc%5If)5W zY$`fr`j+!+OW5&&C&@g@V|2KVe&0Te#R)MwZenNBh}2_yPqiqgtUi}4hb#(ijNy)E z+(&;h3kGU7+E-mU*eg``J@x;*=K!%T3qd;GiH zq<6g?Zrf12Ot99tTuXxvrp1hZ`-A$7!{t&M>wNK3;xbqsl8XK*7u)9#c%m|X#ru^o z-><^v#%O6r#0y?28+6y&43Q4Bi;AU#)Zr*$>^22O;J7>H}jAwL` zOp+n;z&=xd4u<`Z8TC_1p|suV3+tB55l zX@reFBnEwa|ED3cE_ftIB$FKbJEA>6a}?vGhDb~#s!JC;mukl2uk=2a>+Qn=wg4aj z{>tM7XZI_usvfXS;kPD(nC%NYZ%w3Kh;UusB151(7LaY&_VV`6RdA=rs05+onG^7I zk(!Ksw5=4_D;YOukKoyx1(Z@vO>DP8bUc>7fGL18O_{*3{U9Rs+_(j|v>WfqLhf5$y51_9lkJer0lo z)i`)p`{s1s_{iw1ek!nYthmYCo@py*fNpoQ>~9syfKRs}_NNfjRrqO0XFO|SF}m{0Joy$W_cSC9ud;LpF%kbe#W3=BZCX)=W%_?O zC)(hbZBQx59HV2$A4&OCJkt|RF)8+z3T-j0V=+344^iiY-3$RX%J4^hvFn-aUPu6M zuZ|h8TVlBcJH{U?Q?)kC@CdnQzY}K|)Yj%M)5GwWe=z(f3{qSu4FlHK z6?`($JjwGPH1S}Aym%{!O)$u;%UdDqS9`&9Oc?0=Pgl^<4w`@V)XuZum7Y*k|_MYpH!1G(Rpp$B~q zHPRdZW^bop6thA7e41vriS#D`BNF_;G=|p7_k6zN&FmMO?!0l4w03LS)<%vCPrlrh zmMQGdef-Vg_?zXElBTm)6Zaf}$Q9+S7|tJXj+2L4a_on(8p!Xnb^zQ_muySMrO(8> zD7V;jIZVBBXkfZpw&vKgxv^S2vsM}=P{4O;VdmejFBBR;E*5xLS#VlcQHIYM4JlW& zG^*O_AY>d)E;9q1OiyvbTf~sIQ`+~KtiaTQRO1rpA>sVE#d+l$hb@%11CJoRO$VD_ ztu{KitXEbE%Y_d4e%n1B)}Tn%C>RV|`E+iuM37ub>P96SL^ArR?}TnUrcc5-i+3^j z4C3u)wi94|_{rN<7oppPeO(!&wr$Z5h%?Hs{|j7s<;@TM%=$P@v-PPa3&x9O&oLy` zozKdtVGjKNX22YYy}@tZh7Zp_o-;hua@ zoshC|?^T0U}auMIQYm)^?WwxXt-D%Brzcm!rg z3qETbauDNT!@z72sa%*VhGnVDF37j7F@0H#iT4mI9eGTpVvb?a;ef%%l>>Sl_!sy# zfc<;WsEs+wsMHO@pWh-aR^qm6QZcbis-1?NOlxY71`T3z@9w6?aJL;55Uo^(2Aq zkkT;C{shhG&j17^!r*lDufCRs?3Lo*b^t!FEWPElnG_31>7C*bLwbYh zT&c5RTsYacBEOB(cPUyuzXr=k1WgPBQg?skpX@x+0x9Z;W-RORonBTJx7m6&6aCT~(a^v(> zVE_r|+ISavQ36cAl4No3{`a!IS&cGTXAv!G7Gcbq1Bg_T z2AYnAGke$~!?!Jh_q(sLE5vA}w$w=VM=NN#n>C3IeLD#MxBjIff?cm2U^s@9IkXtG zbQ-}F)u{GS@u{7`wP|WY?Km4l21PlAPLAS9JojKjymg@IN)Vlj{Z6JJx%90I7_l|IQH`!DdV$nnhF$i}96Nb6Mz%B??pBwO!@u`^(pC1t7<=9W{d~TqP%UG! z-^OLKc;~U|5jjLo0KW!tO644Fp%69**5?`|7-m|4lwR#-wP z@w}ez)J_4go~$=$!M~qFPu@2#fVYUDRW*3r`2UVFO3n#cXDB&nn#G@kenYU%x z4X$aQkZJo@PRx9RX|Ymkz&+>9o1v5QQYP&8nI4IyFW{z~q97o4vnbE-#ZLfKHCkhn z{S!H=3um4^{83K~VJ?+#7kTNfrWLG*G%rMu@;HD#n38@o>D|>Y(c5Lx#m#IbMM=dq zoqx^r0L#i+0h$-Go(_sXc;Y8dpB|e4?8n=m<0|b^gNz7iN70S;Ih=002BaFrlixN6 z%mgpz913iO+iU0(@^hJ9-l#Fj7sM&ndZ;eMYIJGyUe!mwZobQ>%d0o=UkfVgMH>DA zd`0;CNo=b)5a@3vId<`^M_BaN(>)q&`u;950D{-sLSs^5LG*Ax#u2I11T>3SX%Y2c zxwZt&uuXm1w>N8y;qoWo`qOf($%+nmW#QhNZGn5B0p7t>Yn&ITaWSIiu}E{sq>2|_wYCi7Zx z{Wj=soqa5I!(C%1o0OjEP(a)oGA?Khx?gYjw~Mo2Gsd;ig=2JF;Bb5}Owpt?F;Y{N zo`L?IL*msUcQwpmJ-`Tat=zGmyJllICiCs1aCf6;ZF70p%Nf@Id%3^CWG^^_R|X%; zDsE3hrS?(HeqTHzkx~7xI_#nvLHW|mJTm}7dqGo7VBg>2<56l<^43T=$%+cMh6=rZqxj;^gx6MuUoqW`%)Mp^ctc0ddbra3n$1zIUVvd zfScb+uqD-f+5ZOwb>ul1Rn4-DL@Y~@M3<_3 zrsm{I7g;<-2l>Wu5o0{8f28$z|Na}dTk-#N?EjhV+JBhc4Mff93=Y%$GOM@@$*y&@ zBWzWUMod-9Lv}~{@`KeW6id47V7WrroZI${T5XuOAex>!tG4@65{)H9yz2|iE>feW zC&zioaku+1fe!CGl>Ye{vhzJXvQ^PJIJ!fP709-m${~j?$*gnyXfxu&)pu-2*Va@*q>1_Actcq)q?VA5=3i~@mUx_Jm~Onjwt=Om>dV5pAs ziR4=<5ME6VIlC2Zc(CkwX?8ZV%q_Tf{zMJ&ZEwN`%SQA<^Zu4i3Br;r@V$~1r8DI~ zHACBTjUxlN#^o`2a90&4`YGy?U07koxrru4aV-hZA#J!_O>@-%ZwS!o^@SD&%d?^) zTgndDokxMP7?9Hx4iP5+;*>6nb&`E9) znEt7json#n$5=!s))m#XWxWjR|F1LbROQs+R;)@BHH;W>m>2qOMWbaF@L$SWqRV(( zI~+Ht=u_FVP?U-RkIv?kMfG3o`{Qg8VyL3sFnb$z%hB=pWTrYLU_Y!u%6IB&p(SfI z4Wx7^{)fQ132ORSdW2uUS{7Q>XJ|1VJIs2l-tbWNJn5fH*^-4?S6X}05oi!O^@VmZ zh7IYY>IGJ!hBUQh@Zlz}9&vrWep90@CvdJmI1R?-I0?2`NiyV(h9HX6ic)hK4%~P9 z#l_{2E3Ka({X?iUI^EvMkbx_bSvvR55S3Gd@p1p^&8|G*vC~vxJsShLAdJ8DEOt)% zQG;<##FZ!`YaVWpbjcD%cNlL03knLmg`Hxrq{npQaYJ0OE^-@$5YAcsBf` z$}G%Ja;_ujt4>kB{cbV$waNPg9C7EdcIqrCHd@ggZm;fqzvy za)v;m(ztEFo%!f?mzpL3ME$e6z`Ooos&C6uwOu9WQVv6b zUhDZ8vg~pK)k5wVhB7)_em19pk}o((p=OC$g#iJo&jwb%;K}N^05HM0I`*#tmfM%U6b4Ztt<`H)$ftdAN+1#;G+xo{()h|}%eY}ip*YsbS$@7w>wh4p%9;Br{ilX%F`nVcgrO2GPv zBs%HA5WAYbnLjE0E4%7z{QZprK}w*GCVn<_&rs{%@hLyk)oC3~Q3m0Y!fa;AmDymE zp~558KbMUP-TVADsK9P4htQYeVos-jxLdML&H6eI@! z&c@S{G(7?YN}vYscJ{k8)RQjm11{@dGVkR0RjU$bLONh$s}*kyFsCF`Y zq;_hC3pA4ywJ=-7)gD(#$qt}IVd>K8DlGmHg2(ZV$&2j}R?dPttz7R$4;&D#fM1<* zV#TZ)ni+MnEc1RSB!@TEhrst&kABVu3ZOtEv!|Xl>2rR-p*2W8Pn(1+Lz ztnKXpXQ;;+v7)7@TWsIJ3sV(eFZu=m+aA0B6el43>9reKu#U*Qu)|eJG%PZ<(c*0~ z@WW{i$qS`5(s4#vFww?IH>VG;*H?Q3s#OILd`vxRDLfmoe?)zc06I;t3_YX{I)RR! z{t3h=wG;V*4JF(U){}s`I(L9dI3OZJ6MA46{6w=6g8!>CCmCgqTP!Ra$H4Z5&37M% z&Bc%N&wJYMcGkJrZGG*4aK##M7V|xZ(o>x>5~B);v+c|AgOx(SN2x6vW~TY8o&{|JBWqCS(O&EVHH|9K4RfBTR$#10f2fV4M{s(%kot=%l^_gg~UJ`kDWSZ-M&%q;XMDf zAMEolSKBO=+9Jsa9Qo7a{d7xqzdY>mCAo81XTZ4mng2?j7`Hi=<#6fI4@%hT2MF?& zqiBIJ7tiHDBp$3krjpJh0GlUo`h&6Qy7YVj?y?~6ndBhaiywewWlrY?!c zG*HdBguPv@6^eD8$9DiV*9!&7Yi)6!vA= zA#+d(=h@_c7_QVONV50T!^!{g0~oVx18W_f-XVs(f)|O(j!}!Q{803ILW}VFhX>SU z9Kjp%_(AJ?+>T?9a<{b-z29?ev=;J)$@C@}82u|8&e3?DB_N7(J6+*Ik|qo{P7@&+ z-vfO9AnEd#e=o$WJEwpt3xP=a6{V$xNdneh9=ak&6Qe~(ifXMNQPzBjY~_bvWJnK} z&J;aTM?osZwSxq5p9aJPD9#-_A$;xk`@+z_da0pP3 zi5(?5OH8?aws(_M$2qGc^ zDxDJ2f^^={VuGS(1O9;J3%rEhwTXmy>C8Ah*sam!ZO4p0=qOx3QTY^d1Sf ze2LXh2vV=J>4#!p-%jQ{t~&Vsc?X?*^iGoqzYRZ<)Mw0FRkifVm?JvFo&eibIS|)J zg4r`>c_R4`*t@)}UidH$e;iFlN|p&Et9veYdESy!`McM*DVh73o*nJ9LJ71K$RRDk zK2Vtt&a2VZ;S{*|o=GMCM|^sUN}d5SP7rwoiAmbd*=Ue-P>PEm&n!_t{+21CDQRN) zRR#Ojc;Ie|p$PNRfa3uzh8Fr<-3Myg!+p1RDOIJTha%%rCg~8EcQ8 z@pU(}F@026@E8n{>dzKgALx67nYt72xFRLZ6e+nJu?DK{)8)VI?KoYDIlzv>eIDyE z$27uv!2BIt&*Zz@EV6ENsN1QRNRfQsj2I?SV6;Wj?ZDCqhp5d-<)fNY-@i$sC&zXY zAK*Xx(6+M$f9|X}%?rHciy4YUr3uPSjjJCz*^xoH`hGX z0%4uU^?&0Hs_!-hYSP#e~w}|oVY}la5cw5zb`_HrMTw|RdNqb0S zg+R}*r#!AjCv`dz#u9OekZva*7$?&>c*HW;F(QXq)^9ITAFqj08d+a>Y$g4}|*j13b0FKn?MC|`(AT7cXj+w4OFE~+4|X0#`K;Dxdmo*vZs_Lt zX1r#P8WjjkZ1g%d{t*(utl&CY0rk+|c~Nk6eEXw_)`Y*|D~L^Vf$9xl&`E%H1qH(6 zF6(`hnnj>D_ZTzp=s~3eoKeZx9CYe*+54b9S46 ziazc$h1jyK&l3f@CD$}Ws#1Is(>uVwPZT22Jb!<$@6h90(Z_g37J z+<1hz$K!)&bnx<&Nem9Ct1w$4R3)9a8m6Z?3{u2)dIO;*Awif~KJ#lB+4m{IOutD- zbW*$*96~z#W;;CalCnGBDaD&U&;;@DJ@<+SP*k{H*hYK*sRU_@W#{1*($<_ ztH}Keh)yW8h++z=5B7C!Mj%>H(l4takM)PIyN*;aVv{dq)FJH3saqFu&w0ThrBLS8 zXb)oejpwa#DUdX};~p!Z>$pveHRw2%cE!e-&G4h@TQFt1N0R1>r?J#6GnykicQ%VQ z7a^nlhSSeqsuqd|v&_chsjwlc#&zyfGxyh5>WWxC_*T>D4>EC5K{b<9z`)T?@=wGIV$KdlM!IFaWX&mEhgbmR(+aJuBjkg~xZ3k*LRQO+&528zl<4&^yO$~V5 z%7Uf&3&M#IOmG%`()n&Y@!@%P&_aZv(MX5a+3s)oYKDz#||cO zY~MSz-t5^@bS1YW-%fVu^5*ZMnXdQhx>2n{d;t^1$}Y&sq8Lnxd#Z;n{AR2s(IS~x z!a5ECD-#q`n5gx@%a{n4&Wk)qia88<>KY#ERkE#o91R@b^Qt_=ADUHoG^0xeizS7$ zxI0V+e^v)E++2{Kw>Rg;Adgqww!_4y%(Wo_5+`#HL8h1r;y`yP7qsM&Uv)PMUt+^n zTLj%I^S1Ojt7>ypXK-!(AHH>Npm+3DX#2jo&Tx$0RCTR=7<)1$c&3f~aLv_30$vAGV z4=2gzPCR+g6lsjXok4Is8AV3zd+(M2BXE8;EkxNetO2RGupD4aAgND$$%L^BP7O-| zbq}nkpf$$KynguAbg_aFx8*<(pLc_skUQJ^?P)mgOj5g15Dux~82jh0Ygz7{GfAqF z)X%o`LST?KOAo!eSr1-P-Y&kAfI=BlYQ0;Hegr zjFbjREczs*Q@CDOXH;tfht(?uzvZM)bB4ZhfXvES_e4x=C)Yv79n(B`I7xtq0`$EX zhB$^P-3;4tDW?S3s(p45jBzf~sKKF|Ozui{ptTlDFad(j3m)`bbUVenr^uM4D>vLQ zE=YDlH)c@_iOeM08gdzfEUouxV(LKMfNO%&MW$;2xe|nJH|w?@MtIcH5XC@ah+{}x z{FVi7o!v-U{!A4lczL}|AP1X7DLxaEmg`L>#SuFI(mQoF=5=btV_Q^9)eV|!G~88t zC7`@IgPo7J<}HGPw@&iz^DG^Fm>qmF8Qja^ot3sO9v^~3_5}Ff*y^O$fle<#Ho4XO zY*uab>w@f?&fgMTa<&Wr0}Q&~Ef{mzpJXzUoZ$=2W(1iMufk7)Oi*`iNf0B*$J(~n zK-UhPxqA&X4O=&fsV^Pps5+*6RQk21=pu zC>%9d$P|%v%mn9(!=e7+_>TEjhYCCBmlCIi#fnX7Dd)&V4V`l3CjtzE8OFn_Cz*p` z2x2^WRq`Dl(Ds3rYigMq4EgfBsz5^mnXgbc#c1*H`gP8|N{m`+g{)UR)*jdJ(;zA& z{fM&+QQ2Grpi`_ zx+^g+FJEXPzYor2etEiO1>C*ypJAHW7OS3oRm1jFb9AM))P@CnSE`?rws7kZKja0r zf@9x(Xv63J(SJj8547rXQWNpR%7S%fnVqD4AmO_-LwmG`GqZU=`W=F`fz zqQ35#Y_s;q(nI@(Xbx$J6Ygm7m@GAB)uTZl9LqI}Akv`Y*2JLIIueeUq4N@wNQZ|h z)dvLjPhC5OZ<0OWu8tWz_qiTh0C{)4T||AypSWjg2EiBx#ea#?@WPR0#MrQU5$}vY z2kkvVRd0~ukvkS#!-EHzKRNDR3Zn3z^WQDSImJJ`*S73oTTD@nl0&A`&U3cus~XR9 zXraT){BWc>tv5$(Y6W!=kW5;+I-{Q6GhKW8VcukF5u_1uA=A2UwPSbE&$CdCmw-Yi z`(^3f<9?bTS%L>pZLX>Ag4t>ZIS3 z7TyPg4Dyiy={o1_HNUSBgIt(b=RP9 zZ2JVuL+^pbvYR<0?=hhuC2<}BYJ7WF#YOg&5R?T(*@g-t#HOB+-l{%lSP8Ss`3{v9 z8lgn;d>T3tPGOGZG3EXNDT%6jKem4c1<`{xSF6@oFs?-etQ3X5=7Sc86N2<`MvrEy zdMFYY%#qFb6pp+sI+8Ku^}Z4-mErV5TBZjcAHFw76|h!N;xc`HvJ>>_l9^f zX$e|rx(9P}!@2gUhvxjKnk$v;z-qL1TdtPoe&%FN{$-MOnwN){Kg8+O6)?8%k|HZ? z-dFk~u>%hwK3rBic~w02g5Cj2@{Id?88GEf(}?Hu2rJ#;&bWRN11C}Jm$+`G^h+eY z$&Wq(y&;x(`jq%=%H2@OO~o|A*b`rAJDMNiS1`M>kRWrG~m!`5!T_PTjF@!0N{y zO}=iSG(tXD(pu!J^nggQr0KRFay48}25jV%me|Tl2l6?D>WN|~B_YVJ(xzAP;4B_#dg}JDPHmh#4ey#qQXu4PgTw^SG8}2b-+twk z*tzMC=9CTj1y0vCz!)p`Sm;y(kfA%NX3QyazT$Dac9wm{>Y6-$mMZ}@mSGn`GJHp7 zjbVPreSY$+=t&zTO`U=96TQ;&*78gmHb=`xhc-Foe3XMmY`4vk1a^A7Bqr#@M>)X$ zZOX7mx|%sBN~#63(%GI=K+3J+sJP#F-xS1b{6j>&ENE9V(Jxb1WLctI#= zdEuV?@FE~f@wDgf<+`6Cmi`^GaT!z|YexI0T5cgRM@6kXt)zQFt-F1*y zcpXoeQF(coWWyG;26ZDMA0_xfHxo2G#qUTgis?Hth&7x4$ zhVVMw>rJ154-Wkp!R9|9$x7LbXfrxw=a6|YVYKIohX?XRW{CvW zJdlv{x|#VSF>(nzEB0jx`fT60J-6(wO6ek2~-a{grnA}}9u$@9t&D)(v z`<fQeRLee@B>-sXrKS?ox<93I&IazHo^ zgyI_yD{arXstdI_?l?+b&c-z_-kSVL$^Z-NDHa1w2-9qEfTN6zmnJbpat!3Y=&&c+ zYtgyN?6P>l-YwTSzX7ofotyWHiPP3HiQsQ?}`U}p1UD-4NU0T+z|pVLfM z&<+pob4{_i=WCK4@sc(O8atcpYx@ZldpyGD479j{96d9GyS!cvn%IeCP^G(>pMq%7 zRIgDLD9#aLn?bYLdF~qi*d8Oe@KaljH#!oZW@a;1*GR^}MYtbQR59z;K?3%t-AO&j zCC|rGj(_0V29{BLKdJ!fb%L+^R-3KN1a7ZKZPiir(ROI*aq(y_=&&aFIeK;kb2k|0Z%7NJL#YUjUZ;yh_h`^ zJD;BQP~xrQg{Co6p25lT){{;=0a}e=vYXzE8v7Xcjq=?J>(mo+sR6C6N$RBX%y^oi+FnmthLRPb8OMo)r^J3L~ESyP&>1#-BDprXHwY}FxR zS?Gwh2gX;71KVaE^gw8eklyk#D{I=~rI*^;>C`!G1iFHsQj^?>?DJj){bJSAPVt_A z%2r`AcwPfPOb6V6f_}oUHsTfZkY=_Vw9u?vji!TQ9ck@5Gv=~EjQjHDE2iJvUvKT` z6jVKY-R)zvvlbokwGiWO#Pxnx_w@MfGxj*fmsP`5&m_|y^?eQ6p5*xmdTm(~YF$VK zlXpMcf;0qq(&w2V0}4BM{4TbVwhUZ(_7P8{8lG{-4sZ2Z1LX-(ycu{ z+2&LrWS)DztV4!E;83k9a0B}q+n$Azw@z1dZ?PnTSZ3D?tas(}Q*0peNj<@5>?JgY zQ7n8ev3b_(N7Mr1TOY2#sCVYk>`P7*EaKd9?a|?}$=5@<8r@BJ51m)ip=@~?svqVA zqyTmFb5D<{$Hr_LO#I)-?2^K9+Rk7=lSYXQ9x&O!L0BG_4VRUW7pj}2NnnC8CH2`( z-n!C_>j5GcX2$eE=TbUAOD2IFxYLFxoQ=u8i@qldKgeC{B>%i|LG`9`rt}%ups+RZ z51lP13rD2mdf`mn$waeQl4EDA_Pq;ZJ|bpM2-Bhgjk@t8XzL))Ah1X7->q`1o!yO& zDhIBC6jh@*(%7Vcpi6@`YaQ%liW{d9B&zs57syv0e3OHPFKO_Thvl8f z4&mJeohPsRSFVFr@do^>N_&roZbxUpT+%t(wCP-To?VQZ(KbE>Ipk-@i{LFer5f-U zG!6&7x3XU)JfGhIv>~2x!D)1%zfHXqo#dQexp$k#S&tt!dk$Dru3WSyAW`QVc=OEVN`4Pe3;*W!}uofRGlobFQ zty5nCKx>Wt-bbReBx7k-YN<64$L=Ocr#EY?A5oJO%DC8Q_5}1?*TUYv=Opb?zougguclZ+?eGY~jp_Sp&pT;#S zRun|8mG9O$n7(G6sI2bwE6AWhRujqs{LNXHScCPLMU z5_k49FAU17fa6@DNzElNchHC2HlS5~NGVIc_vZP!wJLqct8;(h8lZsnSiMZG@oUpX zo-Hq~WPt0~cft^>Pgj^c9UHC2a$mg&n6OoH@YS=SUrP~bqF7)sBj+k7{YYXN-f#~Q zLs_LGVlar-&Ab#9I*^gH)BT=N=(`GoHYYFBZQ2F@hg17e{>8U$a>3_bZ_^JT43iuN z$3<--QPo_xTu~!Ln_^|KXLcgZUEiF!T7{{fR*^pZJ4w+-2V=NM;1=(1%!@!X;8koe z+bBUCyoK2sI2Nq0)NP!rW6Rd~f$O)bl6+~uZ+D73>^bEstWzr(lF#A9+8SN_&w zhjS;o`u&ayvjpC!{ntb;rimF7`=SeHkdm_~53#b|tBk9TuF|yJ@FXJuml+D*~Q|zpw7lMjq9pLA(qS>1mW|XumWMW8BXp#OAGn^Hv1tv2VA4J0; z7aoJkUsXRkE|z^V z_t?kPqXM>w`$WQtR_#(H7WTqJgPONk%T9aR84k2^s|LHcKTI}@) z?Ifh7h%;Ej@DU1qseeRJ>*Yz*ZRvu>qQ3Kg5t<h7N2j%P${( zdGgi0RG-$5FPxqbb^ApG51bH>&TMh&_GqcTTXoU>5JwHM=;rcXGmADjIKh8M(DalH z`EbeM=o2}xI<_Y&T_Rc?ja&1ci%=P!(-XcX{g;6rFktT)PjPYc?s>Gv{P^bdLeO&b zCM(|VPL{`$&`4wjAIv9PbGd@4Rr9`gb0|B_)$0f@?bEl1kc?k!SeQPC1+I5gj>O>Y zJbEIzJT)EmS4oN$-~JPWDH9J8q13<$!pG}F)lcbf7=!7qhi<&{PDHSUNt-ix114%+ zxzbLU=&}f+(UBa?L66&mFD_Bh4vRXFPSZXFr0G3Qc055yJ`fu)_>w278_=Br(!ahXw9_q-yP9CjR$YlTwaa!N;)kpg+ zbZw{iEIID%?jCOk0BYo(_@=}PL(`36HO^Tn(p3NtxkRXgU4m_1B!YYzzDLP+g@y@{ zcV`&nIEvuyR=}==)glc)ZX8&9@lRCQsSRFtNghBg04Lc5m^ObhOt9hxoK8nT(kcg; zJbD@4$JTX|CF+y+$}t3!`H#u1@g^N@c3qadT`uoP34b4FX0aGAW$NC;RxDf;c>r2X zGR*}mBb>(+T3=|!Q0&b53E#eUBQv|r%hr1@hR|`Ivn3T-lPEkFYMv+>Rrwc%fwfiY z$fO61WX)~|93PMxhO1y}Hw5RQcBox5e#M5zLzmjQ1I>ZU{<>Q!rf8b9a%To-*UNn3 zDTi)1w@-~*4~K3uOfuu`(~uzUB_B*3?4l7gEEQrJEFsa>1lBD%ma$KgH~LZ3EzzAC zpOD6mHJwuEb;Z5_2f-Kaktc3IzUj{Y#h?pkgMYOiuPv?hX>OsYFGAFtFb~q>-n&Ys zrI7NLbFgzOO+hk;$a!)PwH#VGhG?vezPwo_;@bP@mI0(C-lW zCf^RXt@^iI#rjsc>+L14Vu&$oSfFzK7m4kJS7%t7JH^*zr00HSbgsF!mA|Mn%m`oqGOCfEVUmS>TJ!H!hbBqnNebL?iDsr1L&+4Q)3{%t zf&<=Q`f4mW77|htr-8E%K(!L_y@9hS24tH9ABy@~c|@3HX+*^!os%U!hcjuUgf9^B zYi2h$T<>XL_l`1gH9>01@9c7x4?codC}~kF+~YSMyv{XH+Ex|L2WoxlsE`IC9m)a=`q`#Of)aXhPRH2 zIK)eyZqhMwzfTca*8XU6UD)$s|LLaCTTBZxa$T8uAVpi`1V>te=;kiRQ-;l0*R}#! zOYB-RDnMNG5!XA8#?^tpV|Esn1uvLP7Hd@|D9gB+7ZQbue-(U>_U0|ICbVKK zbXWbBplpzAjQq3o&unD((0?WRgWAImW$enNGq{$)gs6!x)HAZo!QClJ(dZZdE6&X? zjB~+QD7))&>LCU2guMUOod9oC@c=i;_kRggn#7Zrc8ByAY?JqQ^sVA~4#)MajtY)$ z-FK)Hao4N9rgP;hm*eJZIQs)xq4&MuXf-1=+Xsi&OgiL zhS^9wab?a7>YMJE!({5Nf+-PTdF0L7Ew4UpB5j%nr ziJbr8ZvOu3NUhxSK_thXDCe;^MdY$RTJ5KX^3mjwth$&Hsipin3hR70&F3!=Flks0mF*6`5ou4nbhwJD z9G_l-?Mdp@j$H=Zq-q|xl?YG&OA_M8Q3|hkuc@Zzv17S&!d)qd7-kE zV1UY&u^JkNN%t??QrW&mk3r6U%DQ}Vf98vID(jrkj8+$2(9|S&7kxR5cxyEtO(G1Ek zS$+fM+acimI7S7+es)(YRek{?D4>kik|FtI&-p@(0%n=^onz@i&Lw#slgV$viHG%}HM*88_7T5WVrTG;&UFA}`u{5+Qv-f^)WGf-TofSM zj1H6g6&`^H-sJi)`9C{L4SMBqZNN2=EpO`Oq!-E=j*)hq2^+OJMya1`pKs3=U_8!@ zhn67LfE|POTV!c815+3}tg)Mf{o~b3*mx3l=H0&tpK(+3U#n+egF|3=oDVjJf<4Nf z_fmJS%sFE}tyS@ZrOl$cj^k2*ikt=&tT|lOv46Y}jg6*&06gf2%fh-gceG=^d{!O) zGBA>Hv%8eT`h-KU7Hx{9<}mdSx`)B$e!K~IJF5pd%a&2cA4i>G{W4$k0=^)(@`&sY zvH|sbATElHk^r(R49b+VyqRSc*@A-#>?!+=F8vjw{{;~VR~q&k^K=>fGQFv#+`kb% zOV9u87q8XgMr7I3O8IQkE-YX_*wo+Op7>wb{52@xt-o{R$1oH062wc;g0XR|$_n{J|MWWaYn(L(7;JyK#*Hju*ICZ2h?I1v2Q;zYd#H zS020ZJ|X4X9$0Ms#@onrl^=o@D;xeRKxszR9ynwKbfJ`gxo;Xkh7rHsH{r1~_~pLA z^gEGX@7olNO8X~JB2|4hq>EjTwDqq31JIGGkaK~kUlXi1xLhzR`Uj}6F?%lIUo!`( zG9ljc51GF{dF+jS@nGaHsh|F(5r~Q{;5F9`HaBBp}eb_&+ch~PB^JW&UUvq&B z{AK(<&{Eews!>v)MwNaomGDtM_y0>k@xJ4>IiU=H>HH7-9-IkOxc1+5{6ucs75^Fc zk8K{P?5X_!$NyJ@?mwVJPoa(Z`Ke8!3Thue8PR0#P|25ut0zneLJ^$wG(;|As=*#$!L7jbuN4QeO- zTXX2$ZMBb{o&Nn72Ea|g{$kAqvwu;D>?(Vs!{JK->G9gNAHf8Wf(i$gHWng=ASqG% z=q+mR*UH?*o8vQybG!dqM((#|_`f_j;K@xCzFa|Ld@bjM(^u9pt%E5)>4hVf-|b^_ zqTkjdeJ8cvcgy%%_9bH0dKmF<9t5^>#6PIMd;B1bts#b?_UP#cj~p$7zJx^{H$ho_B z;`i9@4}6yX&ZKnh;F~Xfu8r$X9M$E_ErzY^!>HdecK!74i&~3_RnkaYvkLSOuD9Ag zEYIh@RMK<93~sX3-kIgL8t4b5_N+~camk888 zSF(^ZS+J<;&KLV0b}Tn^;sL}|n#+&70*YOd)wo!bcJIY_A$`t4Z5KVJcE7%A|5 ztZSZJbtmRr4Pm`>kr4H{vInUv#@E2ikulO>)~wBd+S?8pMSC4a{eC*v$$o=9Sh7sC zghue%f->CXcIl{T$lUVAL^%J>j&ZuIWvtR%hPp&e?fIX-CkT_DlncFF_WREoo4qF% z(|C9;!CMqqdBtCrww=R#2_EYk|4}jr+}?StCj>l#v{f>C23^uPwJQ*xIld%x2|H9( z&DkkAx+WqQ^(P0)F-k!GKWSjSV zghZL9Dx^h1y=8+`4{3C$ltJ@9#cu^IZ^mJJDG&;8Iz+$X;_%18nrr3tD5Mg7=GW>0abOAjM2U%uQ@s1M|Ik3el zA}C52)!MsAz8&h??A)rLAvu0(;n{MU?xUWjkB^7ldX*5(Qk_Cs*MZ-^aX>n~r(!HA zLNgzSDf%4jg-D(zl#f7otl4=ZG>%+iCaqcXLsPPY?B0m6M?A-d9l&#p5xe(Sq{^(` zeEq;6ug}?knBhxEdR;kH5E3nC3$I&dEYt>b39a{c+IMO!XB$^4EF?9Uo z27}7}lQB@pEDLB z(*v7NMsiTJXu3x`w!a59iifdfadlq^7hE3%f*xs#6GsUK`4YG1>>3pz^5;||LJgd! zdp1E(=r?p799)IV?3PW<_9IhxC{Gx-XV^3P1nZ_d++Qt`?}os zLy*i{CJi&%+?*b{dtp-l{UvD-68!O8rw4Te7axK)NuU=c)f)5RDI@Vmchkro0+vm~ z?)KwJUNU9wt6Gd2_eo08%h8d`cE?{SYmx{y&9y0*D{(PM3$sc4zIsU^@|E3j&^O#Y4+Os(f;%xKR2OR~s=>JbWg+9@#R8lIV0 zndJjmHPS01LTd!aE`lLoK+cxk67*IwcD0n8<{*K|2`7s z7DPjmahvUb#2o<2{P{tR+x55sV=-&MN&RuGFH1?|u0KlyH-@&!UtZPvL}K|n1FKgK zujdGUdT1G|p}MJpBjz==)7S=d^N#p<_QFl0n#@|vFz$DdE3j~1i?J@>y`OD+OgKvl zi*}o?J7R5D!rX;}h8dT6TMFW*TYLkOylq3$f`2+$rI?Wv$^@os?C#6o4&&HCyTW4> zQB*g3Cm&9s@x7}Y>*AUDmtm2ow%racS2XzG^n9I4MztVi>ff?82!_0_sRnGDhK#xx zF{p#L=^$W1$0qAGD)>U6rIkD)0|@RP5qOYAiX~xH&?a^edk9w<^X|9Qs)tFeO{|NE z(62E&^llN0qa}M55UYSi_3I?Y4d>QVINwUDYPj|QVjWBAd}xXn=d_PT6VA7uw5xh= zQL*4_b&e-m>Ha&VKl16Z-o{dr5^OQ!m1~`qJRLbk&hZ9Q7E$&BVzFmyy;G(Bz%m9} zS5r*pICf~_H6I}bD1p$`cdZmrw>udVW0caq=_fX3f{g7iZ!zDXo@tr8wxlG_^5px51R%bD;oL z)2a|;EE;!*P4r{W=BwK*%q?spDawMu6EVI&9SeO7G8RYD{SLtoVgKqpUjI~nr*}W3 zi#QBjy%XPuamD)tNl+O_LQR;GT+NfL7sE&Nul#o!aG& z>Y3ip$p&w&`JN=7@cw#P`pD$yW-kJ6@;3mO<=4sRE_>hPB3N)t3`GvEe2acf)rPLN z{Gmm&weA}HB!5JBbC~6sSGJ~>4Za+iSu5Ud?W%+{-Bc=S_{g*L1gv@ zB&=273V7g1rjZS&a}EQmFmsxZA@k`E7FW)8_=z#UtdJ#3F%!(jidJxk?^@h|b6XvY zYOZvUZ?`yD>roXS@vp*2;zU9rhLZkhiwlz#wnmelio z&B55=4O^rI=UgF^EUlc&jPG$^1#>T| zr9I2j^Og>dzE}tbG@hmK)4!!rVdw^f7o6RqyNbLbdx&d$%K}%^+~30=iq}5aCdl8~ z*XEtYd{S^&MqubJemk>QY6@a@x1kfYj6Ct->H2bOWs=8a80z^ z)Yu!^TNLQKu^~Z#1D=hS0UrH@5$CP+(hMz#Sug5uJv{Xk0U|Hbf-rws_{(x6!G>)I zE|~OFYlD3sN5<8HB}M3xtJx>y*&FP7m(nsl+hw~*eN7xO1EK0c0hp*VVc6mK0`wHY z@-nw0Z&eZ|x-t%W1C&dYydJmHdg9s(r|M}E%grlRKCHn#UK0z%bv@_R8u$kbA)?aK z@VFDHA3dYEhc`PS*wwP~NUb(!gzsB*AMEcC+S41bIbCv6n-f0R+#JSK zDUI~TVD$IDzesyjoo5%g?K9N95sq&k3F9J|H2VmJx~j;ubquVB zQ;|r>^;H2{F2KHD@Y*x?kWw#4mw#^ker<3o z)P&$6Rg-JPdmDxFqVMS=eFF#gc@hKo6yb=G(isn_c`G61MJGx1afz;txwmPV%9NvO z?PRr*u8cy+xR@+|siof#b<2j~b@~utfzjJ*y6M*iP3z4$NN-}ca}7&e(KnE(w=CgW z*B>msv9Q)GGPt_3`N4ghOQUG)QaMXSzDoRwGH$BP1JQlWO-qweqgQ)7tSdr{lT9*n!Envhch>5BW$iifP^XiPJT{SR zcRffcgwA5NYaA&@@3RSXq!N1J{m(Y9uxnknHAEu^zb^?`-OSI5FLg9V6lLj(M<~TZ zy&1pWFT$(f*^d4|g0@7AvS0Z4*qH%tpwo}!p!XZ?G`GAuiY)wY#pWdyO2M5gs3_Qr z7y-95s+#zSKOFDNb>_TMW)BOtGO?<)*Rcb+bOzNxe`Ai71DEcC1)SX%Mq-l z&K6aU)>xt-@7fFFpw%4ocl2~Svd;VrumW0AW0G02sJO<^{ZoR=P@4D--|<@3vi4?` zQ7pylWd2eEx4U=u<%;keHEpF)(gLu)*}~RJ$&i5j`1^3gWcR@PyDX%`b(|{n>Uk1> zLI?`2*wrIn))y`(K;5S?cr+I1>y~=^=&ck7HI+&{HB~JUx9HYGHHZ+qeRYUixz}zA z8o3g^6EiFBe80wjyj4`S0FBi6I=0>Vy=Z^(Vs!%iWpbpDZ|aB$_axU{W{zXjrx-2< zo0?_mrDS@>5zQ4Vyw_i9mJT6%CikHyQyzuS?O>{MhKg#@)t(8?9d7#cas0KEk(gAr zr&RR^pM3m2Bf~5h`Wd=)7x|?(Ey{e2gqw{F`;diAT~^wHdsjjWF#I>`rP+lzFvAMv zR(C(@^~q=)e^#b?kiMx|BTc4+q7SJUE#5<+`2HJH6VV62X1!@%Wh6Zpo+%8xD*9Go zPQUF{1ENulmV2rvMqHLFR&eyvZfYNU3}R z@bS4UIfDCE)c(&lufIKQp!3Mtb;+h6)lodxL>C1C|9>Cd^n&_;DqfQLF3zk}KeVeD z`Ek67$1Z(jZ#obo(aSgZI4?Gn!zDH>hbtB50=y9 zWu2UZS$6BA#%GN&lNK;w{urw&Z>Jx zkHFjPPi!i0zh)+MvaEW2>g6S!zF?*Z>=|nDug~>IGH?8ar)^jSGd!7rENM@l@x*SN zGj^v7X<_*D2`N~$RlB>n^-O)vALZm4&i%v-M?Jk(FeJtB+u|<+x~hUovOH6car;Ah z_XIrud^P5c{e2T{MD&8w==~V>>zM&vwOP8#=2C*NxM*8yA#%#&A87Dwe&nO56r%DK zy9}TZWOzJoTqBcTxjZRs>qb%VjQHh@z0qH2)JSZt%3yWxq_B zX(*%=f-yeXJ)L-ynTkq<_^kGyWlqMp-Pyk1zI@i~PxPr^l~-$~rkiJES)b=p<{8CD zHxuN|A_&_({kLmPo)KA;(o7k+=WV?#A@&Xvem>Fa&MB17Avgxv=Dt6nsUIum*3UmH zP1ls}vzXnIIsnoNiz8@k+|LN=rW1ynjCl_{x-@q`Y!4Io15bYgEol#VVFXVv(jp2h z^UQ8FAh0C2qn5iWBDOlW6fw6MAXyuWneTa9m^ghx} z+VR$q_DPMRpn+*abk! za8#D4^@qnrcrFDBb-8-RrDs0S!M+8KS9UyG*v%@q_N9E`v;E4}=Z%_`g3fE{t*6+~0(g#4E zvQ#fEG`+MwO|=vZ{$adTj?S_kcA%zDTUy{Lk0tyTxH)V-EV#N=!gqH@rh7Zh*1mO) z$VecY_T}nk@2sWPpNQ*Xwq@bwH&^yVmmwe*X-_Qh#A>UUzRU_J#H{XJE||ch1UC zMrmsb-FrdbPOO#rXqKWr(7_KYvWJ)}J4DF2-1ZNPb_0^iZEpG3Y!)a)tk=BQS_pEI z_}P*PiNn|I9utA}8F$?lCtfe4CzeC`&@;Y!XLlmK>?V4u&|e&^yEswvjhyVUnuteqe~*g_9uUnD z7+$6PqkQYWP!iRV$kDTaY>l%`k@u|GMEQ&^N!fjSRN2l8^0CIz!s6^)al+h|aFZ_9 zZ?5~oa;=+LVTM=xcebGgS zE>(yt4>p*F8cXbtk@Bl zAuVIj7!3$9*0FW&nhv78XfZ+|oped1+&b8!H0*xPeHIIsyD{77d;7N^xm%GdR&uN8 z!C#)9vs)IjHtLw28XBMd3$}fM>+(?EP!o<=OduBFzNx8t287xV_T~|HKQgP1?OGwmO&fi)8`4iHqoRmDXs}3b!js@-`8tfg$*aO3O$B1 zvvBh9%II*qH>7GFBvDsfn=SYCsqJ_+Ik&m-_K~vz`o!v8X5>@n4@kL3R;m{7=JN1@ zM;X=k4>l@R6%MUb`)Od()CR8zJuULw*!*gf8GEJ6Q!N%NJMHiI2%e35y7Hx@6W!_l zC(Y}tmYMghN-Z*v(32BTZ?7l(qR4X=^2~Hr*!`;#0|VDrqD%Es(pG}+FGL@$ z1`{cjXLR=BRRNS#T31SbxU@c^eurpVkL2#D?Y$va``B7_LAMXHm8G$Kr;5xw-u`UK zofJCNN3P-N_QvXQoCRGv3eqmFd+h7(W0i2Ni!Qjf>g;~kPIe+Yje#n_wMf4dqTXFB zd6z-A$bjjASCLmHfxoQ%0;-u;d@?m{+cth9te0zvFjepcR<<5HJg*_|BbVIc;iI8pz`8JuD z3xD(s@OzQ)mp2BC9z8Dmde`sihwD9U_Lt9=42n@TpXlC803PX2$5AH;M0dW6y(OA@ zHro7r)~u?)OUbX0Pt^*`3nxOWIh~h=(3cA+S$^Wt;PiDyi;C17{x&;SV6Sz!%~p1B z^PZ8eTE8>&siZdCy1e7l&_^qV7q9m!@f#Yr&Z64(u8;A!kIx_EZWWDn&Z7S4R4A~{ z?GtL6xOHWP^KuEoy39qsJh&3Ww(Gs4?n4_jTSVE%`o|5Xg?o{CtW2`k|S-aAZBu+Rfc zS*B*C6p*T5bV=r6KhfLW8#T?HQo4ZP?v=mmT-3iw_D`QU-!6saj#!@Ig@sD~ zD2>WK3150o291c>ns@_@<*1J{@u1rf)WZ8$cq+x}vfG>Wc^P(hTsA!)*Hs(E2}+#+ zupxc{n_z$0L>E=5>PINSSz`tug{qy=wTmx=lH=6#mFCM416>c*EFu0E&_d^TH&6Q3Zj8>3d=NSm&q$D^z_mf-KdahwfqX0R&IQLoag22w7gQXO0bsg#uCU z)4@$%F~2|3fOjFlt}j3O_V~>;<0l5A6{~B`;-EzjlTN|F8?mj?4aLI*%zo-ZZikNg z&ZEO8|A)Qzj%spS*GCmp5L8q|5Tu9-3IZy<29SVAGm2CpBE8F^NeK~@rGN-nKtPH? z1f_(Iv_w%rK}rCL0Ra^uK|)O^AtbpoxYpi#Ej|0(anHSH-18g9KlUDjmE@aqes6i+ z=Y8g!f8#7t2H+>%&*?E2d28F#)P&s>FP&A|wWabygT=Ol0+-*|MVslKGI4gLr4sD^ zDTCW<YB zM+&3IM7Ymc^Xt*RWI?91zF&?1OLUBtQr+VrNu6zW_UB1>>f+@g`QB7%Njg>gLzt98 zVP)Kv1+ssTSn%Hvzj>c94=C7|X|}|h(DNt3*}UHqTZ{2^r?bp%h~l-YDTQN4|B?w-p z%E4hG=bnR=(Ewt2W0sNVUy<)YhD45tiItq~nC(ES#m9aRnJ8G>zZ=J6xVbg3ak;?oJ<9d$4%B$K7 zH;@zhWlm3#LIkP-uh>*&Q?kW?z_{>Y316^%LyKVcbWN0|*RdyKbKAFTa}Ar)m$ z5?VXPBm11*hN~enCvdGj4|e8WfDY zA1Lprx`A6YnQ#f5%^9s*oclp?l$^w<8p^LC%B z5*_aLh?rcIxt$sGXfMQ3U;uIbfZ2!ck{qcR|4Vz6x%aS|VAmy@FgZkfD6q!ce=!QH za*9~v*zdyyd#0zf(knv8^GphELxD9NlS#D_5V)Vn^WL>%aOHB9KotU~BXfyP(lJaL zM^j>neq%k0Qcb0!Qu;7w-F>ZrQw4Fk<@=O*)`C6T{f4F}B{DzFa7-ZUxNZ8g*67gJ z&Y>3j(thwNB{Iw-ODJWAoJO-_OOQZ*$>(YO$5|_q)!Kq4#$$%Jdzfb!b0pi5$jfR{ z+ST5wb(@%~!qZ+_>1I55|JK)>(ACw&)yN_qvm5Du#T}=;cnZ~f`dg!ofER;z`g}z{ z%9eSVIr(f>D# z!JVG`4eBMO^eo^rK#(dgXvtl2$?@^|7hLN%PgLZ`qE;@4!X7u-e<38PH+A{LYfaGB z;fSu+SN$f(1RRL9%G@j=@Y8=bOqCci;HEvJ5pvJ@ z#_IButV6Pv{gK-4y}=Bice(nPL?z^@D%T)A1iFXmaXrV`ub;#nL3vYAa3=$PGb zivw@UaQjA4Pk(Bin{eUh;uTlKA-Qt}P%??hTrGStYVn02*pfG;op`}{j;KT`D0Ey5 zG!aLWHChx@4-aCr3)pe9ply~&vr37=q+R$s-#)U=U2Cb!d_#v!o6{B{QQvW0B>)ku zJJ9#Sl+Q^|lL~DdLX;wF=?U>8xVy$+QV5tVe@ZDB_u3<2F+0$ zKaWG)2d+8{`o2%RMWRAtTQA}H>@3k=>$dkAoTUyvKg{h$^0U7gVq)mzK@%Q#QI9%FD=ko`CStEI^<&|07+rxUjzv-nsN2e!*n>^=iRc&3rZg z?VCrB1N0ydE5E<<#xF$UNGuZ*@rKk#&~J zt=5u%Vl1mV&`u$+E4Un@uCzss$JV@h^CypFyd;y=xIWSI0gh}{5X^a@*1*QSQ*Yx< ztu1d@|MfX`dM5n&MD-)_smGsJrUL|u?JJzgwSOXdlH-RybvIy^2^0#ilQ;JW=~Y$nlHE33saQRN{96mHB%=yBgHW z!v)aa?mykLU=&=|c4)Y7K&lzbSbWs@nbCBZ?|1w?CL8;99G;A*S&T5}LHmaTF1%UR zcW0vgKl|5-`GNawzSwp~J3b4zRLS3eweWi4y&#LfC^x45JCz%qK~U(`{Oza!+4XnD zZYJlIllOBoly=_sKUBEygb(Jld3#@~R7`xQjE{)G$c5yY#akf)uMmp5IR!(Mq3`2M zGGuyN8Ao0G80OuV+PtBUA-%rer=n`py50yqiOco13)B@~tQI~T(v)4`FGgAo`UE?F zINq;d;^t_!PLi;s+52CNA*D(wg{RAF)3)%tE^>$`zNAlEUr!`_)42tDuToEnKY#MZ z4WceL6n>sgU}0=?FE=^(L4R{dQxWvB2g3DMp{YwOW%pM~%9NfT+XX zS+ACoCerY}fD|5a3@ev_M63n&PF=?5ciwjVZS@u2)XR`WBh5$nZtFDo)%#NdnuA7e zbkg;6lvnYz>nf7ru1WW{tcx6AyKI4?;%)+1C=H|9*}cAiCvL(zCgr#F;4y`8%buE6 z!+L`h<5^w?4ApLuBxue3(*jcqWf38GiV6MGG|C+nf4ZitPlCZUEpU4Auj1AeC}u=eSu zg9buW?$88*w}@BRV^(Swyx(!|r?7=If!- zcMNU;Svvk-BZ6VYS8P|}aZwHNm>N(%+Je@-sg#DKL(6x)G({PiWI<@shv_9VZ^@6o zzke_wK?!Od&A%Bc?fMayW+N7q$!YJWz65rnb588@9p+b+E5`Pf8Y2ms%&E zFhEp@7kHZxPxo9+kIOZ@=`b)IU>Y{hBT2wxEg8z%!3~@z3ChJDm}o zE4g-t*KK>`ITvpO50&OJ+K&~k@`TMt^uz=z0AWU;K7NW6DqF}GZoUbbo)lMFNt{Sn zX}bNI3jP3kaoA5{9S}@!hx)EnV_WAV^@zTc4zOL0p4UA-{R?YYj92(1qwod|I@QFx zBMyLRXx#XiK8u`%W|`bqN<+#{vW;g}rAW8-1k{X2 zHimw0D_>EZ1Wv739aa9(HHwV$*^c!|#x{bEOwwcgQ;(&aVsLg-0%`7bmQ+Jm2GEc^V+JW7b$jopw2xA z)YH=T-m(jV8eXw@qGAeE)r9z4GDHj9(10s@<$(=AFg;V#DYRp7z0nNXI-l8%3D=(o70vSxxy4IhbS@LXFT;K@id+r= z7x)EC-o3vmrBC_Ao7CM5uz>UrX~(Y~1K^Ma5GmX+{YCoW6aWA$=ZB7BGCqFp%wNC= zmkh}JkRR}@Pe9XfrG}1o8H+3lnlA6JZ<0?VDOX6DqQ?~CmF*3j zdz=kxz3qSX7TCu4d)v&+Ck{s-9x<_eRP(jLW+MiF@biab#|Q6RPUN0%@po`<2}bne zWoCvJy);(n-^1Z6c%n@2(6m6_R1iEO(tF2>@8DvH2!CgM4K0yt$vW0JEZ!>QPcLsq|d}40h9bc*XUuX}vad88=p7#*vT+i_{xQJsw~4%*MGH zqN*%nfCpfrC21651;J64%(mh1%tepiMrs$LvS57jKLOD~_6U4HW6lZ39>I_$EON<+ zT=aRwB!HbXoMkmbbuB-sUe8v1xkAqba?tI3qd-YP8&B`0F6@tpYt6^MRK1QGQkD}z z2UxmST~GM6r?PtqY*oe+vm1Izx0dIJ_Q(z8>4(E$>tccV3b$*+c)?jS1+z`s@L_Z4 z8r7g91Zj^l?xouY+0T!a;q}-kVo$^!pj1%JnCxkliplW(j~u`2q2kBibc3ZeVjNng z0g5bAq2n&SCo3t;#3jc7x?I<0~$2^rj0Jqli1j)cH{N97f9 z4C+Onn&=ud-BZNN$L7oMNA{zl>~%si3*(Mw{cZ}hFKnq2j#7A8$~fx>TYmjNcq-P` zA0l<^k&3p=ExtV65)O>=(a6^?g*P%!wzQrdSKmecv{~2)7Wjt!k`Auk`#9*^s50Lo6W<9R{Mv?^>X+D=_@VpT+;X4uD$#0B zqQi3f%IJ0rePHm8Ah;xsv79Ci3=eCjj|^kb)2N$9?mWgts{;T)5`_`9C~kHRhWzdfBm zS9z_Qbl9`+kDc0Su=EQ({!5_s)m3yh@uy-pm*a;{fU~#4 zP_s0`%jWFiycE>o^tazgE@KuDa0_Mi^E1B~DoU#PL6ZFRCk|IjwPC-kd#{^iJfoCe z>mJP*21RPTn^E#Gg>wB^1l5{0Wtsnr#{v~rrFea5Aa79KzO7u53nos{50o@BoFwe- z9?|ByUNVawPYGAoTTpXb=F7T3+qQ}Smzg_Q9zq}R8ODq5+-q;F*f)LS{bi!1go43r zAX5Lk)2(0HlwG$rJu;;Ak#_~sVLZ2N}YH>v|%i8PePY5iU z2S|ysH5D^C0FmO-Wo)2lDabMk0WHT$xzVu58s_txH=wrq8T*_3RpFG6S(oOj^o1O-rn zUK%GX#nCgy<06mYsh{l@;I$+C|L$qIao0}%?+^SJ*FbHl&AP`x_wm1bS1$>CfDhdm zi;`^W-GqCw=l1Wv4iZ4pRri16y??nE`lzRFbF1zDaF6&uz^VPNlKuWOr#|8ZwnI`5 zWZ7SO1pRk04%8x3k=`N1y+ZE)>y`gSulz5Ewik4kHqa*hdzag9?O4X1pf#4#Q*=N@ELGDKsEMnWASE5;(6Y7sz(b9+K&mHQSkJ;#pL9$&mZNx7Z#7_J8kD z04hnKu*p6BM?UYhg1x%EQ~xdR<8|qDE?jBXwRnIrQvSpk>~C$@00#V*ul?vaZs7jg z(|&ZKT56v2%a?89dn%d?Wr(!~OB+Yhb`K z;2Y3Cfy|FT>w+uH!W5`R<1)HzP(`W@S*N$gDRHR$-mqe za?Q0P)fL>;cAi)?LRb>AM~f(V_Iz$1WY66S zPCfcBFH-2@paH3RL$Q7lR=nj5Nqhdeb(0JdLhZoveRy|qor-0rT6$^!b1^_q(j6dyUFq(5&FpYJOrFEmEL=GTKft9DVedpQQQ~g z;=kDGaW%M)Wwd3Etc=p$a#X$_+^U$`f=3xZFEp5MhRKE)#%1gju1!QA8FZtrk)PDV zipz?+^N4mK@WV0#tIgF4j|y;8Bwnm%)%4q-w*KkGIkZ!dh-m21D|2|FBj{0^3S9c z_Du7BhmKvqec+)m>sBvcf$3S3J%W*NNGeLd!U0aT`{->$e7NSjwv>mjvBpt$Mqnqa zEpigHQ;{r^N=O~j|H+#7H=y}ji+GdtTFhds3a^NO*q?u$)TXM@{*ki0ojanWeP#-7 zF{;}$C8RvT9`U97KUq?jph%*?{yxbHfpdryoq8mijKS#2)SDV7lshWa#u;qBqS=1& zsBBO21HSA5PLU=X|7xB?qralqd2#3xd#CB3O8a`oFqEyZd2F*pD ze+jusT2!*?S?=86ZAfZz$|+c`p122Dg~MfsN3a7A=SDkF_;yNdd5(JvWL;Dv1TJ|0 zYeKr7z;oB?qInXj_G^{Dyuq>pisNZ~qs*h#X18#7Lu2vF!46-8SQqWm*5a6Afgl0d zLc1?&2+YxjEOE3pE9!EKi#Eo=%JNh7R6;h<^!7873KQ^C4;hr>QM5yl^KaxS=)@*5 z#v6adaP33^Dx$ALzK`CaDs@{~xi|e#h~{YWtrenkyQ8dgt#KZn9Yi-6g1fE%l67Bw zM#Vgl!=YC4>ZVWoAZ=~+&O==VED&FG&VVs~61;gHS_?aIF^wh#g%xjbv{G9_4G}1_ z(n~KeB)_zL@+t~{S*q1CNCX*%1^0}H2_Y<|n+lfiDr=F;*Sww4Mv%A}@x<3|!Yj5L zRpjj@-;PWz)!T3$^4&{1iENN$(jHde+dum5NqpyqJ2EV`4oC*?{4FbAx&qy7EZaO( zeBI;d!K3w9fs2SB5dp;uLLZjmXS{2dTZX{^1k(B@qT?F}G4XZ6_uwCk%wY#Tw*>FL|*v7-4|GT}ZA zXoVdGs3Dt;);P7k<`RR=bA@L`%Jb?NSEo-faFb2(t#>P?5a*H|WsqZRA~ z1%?y$2#jerU`W+v#Ph_5@qS|pv({9dGm}j&qnr^C88EcjAr!vYlo}o$(j?4f^?5l_ zIU+K#PdLDH%&ho8Zwb!1+d9cLJgg+%&pFMz;kuG7dxW{$*|C!Fb;7lVXD*S zSDR~Q?5U9#lm@2PU{lbRtKGn}<$Nv%-}&Jz(Am6Okc^SL7?m11?OK%WajVaGU&IOR zaBb~~JA*Y%?!EYT^0l*imc`47*@f>UnA$|~yfplCk_zVCxez3K)E?lvU|pzASld=7 z{x4u_$kZo}zm9r9tIVLKi^Rk{ES9WM`1V~xlV|9zPK|@3rCJ(EMP)D4x%z7zPl3#! z9Sr}Kw=(Me;GINUu($VO!$@UJ6^c0JuIQo3q^-`cwo#quQS>mC8jZGfhk`jZ-a^dw z5_gpk+4bTLySq#KmM@M*upGWgYE2JJ_qoLoZOlL+_GE_Hw_WxncLBGY6iyN#cNg&p!;>vpuw zTSs7nY?S<$0;2D+K03Zt=EbU;VS79d3iW0i(T3xczt8ZvLx^Pv?D|WEz`hRL`1*$~ zx&1xCU8=8YOcLH?ccwMxzO8umr`vK#mNhrFt$+Gq*x&QbLwRN1wLuyzs7ZM}#c$A6 zWY=QRmR{||@V(=v->(YxHo|D`?= zRup81%S3#QldfnJM{3c>6_Du+B9iGI(k2?}lI9R%8?riC;7-g6b*#DarI~C$x@uKJ zj~S~-%UXU+PQrrf;@+Qpz>kr#OWjoZv_CRab(T&Yli#(te~(`*x4uA4SP*bc)9PNhkgo58FhY%_@1L z=B|sojIOk*E=aN--xSM0ELG-ostoy5HU{KQyp)E}-uZwjzt?G+DkX?TkW;3s@s0!? zI{Dr-b~K6*4US?Hz4|$t@QO?HzG&52p70j>EEYL(^<%_rQ>FIuCq?>ucb$9F6&>;f zaCQ29Rf&F^v*(?dYczsy?Qp90+)GZH50~=E;~9Sz$UjC07=TN~q(YW^4nn127DKO? zDs7P0TqWgIS|C^Z2s?)SbA0Q@Q^Q_gx+xm+He?jB+_>vFTj71{;GOs2mh%_nC-=Hj$Js z)e=RYPE(cXH(gmqvX&dmuk^!=T=8;t_qA6(U#H#X7Us!2{735jr@ytvWN_K(cue-@ z6B@%P3xtj0td%xO;VtZtU&FZB_18PJmFVE+?BuM-g?C{GKZASF+q=|>kH~A3u8uAU zYmLk?9>ZI~tI&A78!G5N7|uxy{g5}i zj9j=xulBsTy}8rz?AVu~QD(?e0(?ypKEpjN_!A{_(4SD@O6XJ_eWY-pYB*%bRh;(L zsKO%hD?e?)z-#}0V3343>FkGDz^rMvV*wW*U5V7$A(!ByDA8~F0+??_4ukAYKqDDbU6pzwKe@om(+!NJ zp-O&pwF5w!ytV}pIKi0v$*BSw0kmn-TpVQ;*r+&A~>y-Wfdl z(_1p^J(#3*SHZrD(xvGx;@=oBqP6mgsFS83{vC@Y>aa2!1D%!t<6gOB;W4}rrG z!2fK&(HNJkv=h_ox!*>(1k$W$dyy#?KK}SC#)TMml2jb5uGY~CUbLGvF&I1%5-i_bg~Lx zaddK*!9$y751J9s01>zbbYD<=O(>Dm-tbH+3=e-1Iiw-|+E_a4Va|P8@~Iu~+|4f{ z8H)sT)M62N8OuTtZSy97_9quD%6mn^cp5z0x3W`(@HEpegF!dfbmiKAMK@$^zKv+I znP$5gV|#qEVqAPW#7pRjcuCyn%&nfBuiPX|ZQBd`bmtWLsMW%pUcVKFT^Sd!W(Pt- zJQ!D4pWaw{=tMfL!W8(UP1MY$&POkR+b-}M=Fxs0$stnYMj4WS#XBiN8-zK(*2pDO zGxhBaF(-5+ev58_`f=RO9;1f$s{G{NLJ4oC9VjnVcSUmQfkQ%6clGY$_S#*D%av-& z@GebnTB=5Ojx1xAUEAJgWg-|;@a|H(GKoy=no4}eRxjPcfZRYS56^?0XVfO2+^c{l z>~*!!p}7z*=$`+{Hg$_UjdR4Ab2kZkAei}9;S32iLw=dlApX$a#Z~V~=9#rxu`Xvx z;!Vq>V*EFKtK#-9(Prlu3+sVOeyndr@h<*Af?Ujw{S@;cl9X z|JBzb6~FMM_7u=f1DMVtWEETr=;RUrZ2(wAqSV>W@d;ZH!@tH)_(C>QLV9?0^iKxu(ha4-_suTqFk-=I;qu+RNbN>c(r}&EQk`a<>#J~LpYiX2epAA`i z4SAor6-lo}W{O6wd?7rrc1+JXYumB^D23SFUHh!uGqpwVj=GfQT<-OS-x#?P6H$oorWr3YdMy7 zLsC?ciuqxe;Ic)`ML3ZdcvjK*)dTB^#7*ML0##<6$vw0^?2O>EL?+O#2A}g(viO5R z{b$~<>Saf)#+TT|0efNx$FrkzEecU5a?~%iAY_+{uA$vtJ{qqW=FM+~qXAmu*O)N93B65F* zT<-WyC5o=N@@psHf*p>mRlJ3l&5I##l-wk+T?l0u z10Olvxkvek4kf+YB|%VOrtyqN{Ll7rSedtG#H+}st!uZT%#uBD+AT*`?Tn_UT;BLc zj)_R~EKTBAdzA&4v>cYYCbj1jg}ogDgmunWVit-!lz1-R&}5`*;@Tk%M}CcMEv zVrWPToMY&EV~v<`G&g-aWui0FV>d8YZwXVM21=dzlVYjnPj!LdBn2$fTBlEMJEz<| z>K8twT0~#w$bCquzpzb^1z8omsgRp%pSTVua%TC^L;&0|2+HihELBJD z2LlWV=}$45kah#BS5m=7OY4xStLXRiKeaXggiIw1q`agF6TxS3WyI_VH~32P2|^w5 z(LKS15~tkmY43!t3v+1JDw=jz4=5cWj6O)G6&$fhb{41GL~*z%ix;OKe-@ofDo<_e zLR^`9#pTW#L#`z?#$DPT17VIqy0A-0`AP9^;>Ar%gM<@p?>j9XYT>j%SYbU>aOn5k zAIT6IwV6NRDM|7kc2wNm-`}&_0zfW!&6nRr+(4*`2;0-HI3vhH3b`=vPCLMrTXYcrwF1MGkuFiwP1GVrE8V7td!4ScyCKW-xB5cDNh z;k^oXs*K&ocOPb^iUj2!-S;l7lS(S>s|l)bm1}sirK8wPwNqymmo(wbE)q1*l5YC{ zT;b&U<&lWjERkN4#Qv;WpJbAj(-c5@HiyGS+kYdtrp2Ngx;go@dT6Ci{RX46O5sTc zvso477h`w6&;vj1Zc-UWF=k2hotrld#!GS7>3P#f0T!jb-ykrRq_yxia#Bq0%RQAH zsKS&hZx7sb0SV^2!2$RX!5iIFQHy0v^T$RdC@`@rEec)C1qIg0q00$!3*(8UFV+?s z1Fpo40}LUWFB*rDkM>< zwA=CSvyntiX=do*JkjY|gV~Kus;K4LcQI{y^>ERS_(i)Ns;f~c z^YJ5GIQl7EZx@b!CT`@W(w>c$v0xd#OcvyHh297m@~!p3GL|~bH71`l=AyxdGmqb| z`Ad8xM>|h+buzmbMDs#Rs;xo*92_@c6|SJWRY!d)*PgUvNVCq;CQ)sgBPpUM-OWc% z_rO^3T}HY5nngC~KtL{AP@;reuzPjnkU18Hj%q-(B`eI&!|^XN^6 zOY*W$W*%!a5C8aB)0(6AAl-l-pu(gUPNyIFO^3NMcCR(LD?5&dfqUhym=bgm)}EmU zRUf~9UaCoI?4e$im_QRYZ}!xEQiNS7N($QlsAtLvotWXep%q*zQ57?=h=(ZWFsTKV z2k)p!W~%x-Mw!Q$$k!dp5lEKumpYbor@a;px|3uwh;&^OATGpjIYm@SlOJsjBW7oI zoA%(WHN^F)H?6k+4vEAiRMa+(%MmuxXLDvhA4%)Z$zj)6G>BJ5b+U>iwK^3VK4m|e z!I)(+u$9YAvj_rxl*RPPOH^rJuPH$lq=-9IR(Rl&IHI@p6$+XlHJ&k^=IM4lLj;uG zku~g;ENyG0=rsSeg}ufU*2C3xi+kw-gQ>0BTC;J?QO!i1NprV7tk9&}7V&pnY6>@q zH5Ke(!1p$ZryaBH4a3*;Rd(xW&R^`kd>`q{4#{)MqDnAaO>y!p?ug!txGc z<3WNm4~d zecslVYk3_aQO53Q$`85RGpkT-nluXw9TDbOT|o&p9f_c1jy{@x@p=bsYgX_ZEQbEg)cDoWJC#E$L@D&raed;?)vCLI+{ZwhD$KI6* zJ=?yQcUAcIU^`{ejVIwVo@~~j4V86Tn+Y&gUlC%sjJ?=M#h zJ9^hK=~B%e0r;vJ*v#?{7JW2a{<=%@;<)<)_e8}?GwN_g^)AtOj++HOGM3xK!!)w= zpF8@q9<|^3Xl0YZVJ4WRc`(Z%wd?7vD3#ySsmsQz4Tof?eJ-yH=eGNs^go(|96Up< z?6+8B#Y9b97qxlWE!5)!&hX+<9gPf(VsglJE+~@k7Ud3#tfsNK&(L77_IjPFM<96An6FD48Z8yq% zFM8qM5;ZDu8nSH0F?wt+rvO(2I%(9K);ZqW>}EV?o0hxMY|kBZ0x9&p7{I<=vhf-; zWLM<6PhVPH6MpB(FX15NWMdR(+kOXds2xX|_Ix>!-R}0{h^xuDXIFPNiBH+dACi;! zPSjO&gv`fTd?S|j3YEMibPJC&-WByiWj=QdS>@U9J@2e z_56W~WF&vHD&YZ%SZPn5tx{eg&mK_}xt0!eCMCI-88bOFQyme#$_-U}QsS4I-emBk z#!XS{=&L95E45PG1U(3OzBL3X2w(FSfa`TKFEJOUK1lRzO+kaAh`zeeJ^kh_Kk;}E zZQJTY+nvf=+Ao`NdhfTPaxH>tu-&h5zI83c>-PT09zDP=`DcsAz5xI4T00W%O%#A; ztwF4H*m9Hftsytu9~{k?(L8@N6QgtcY~k}ekmtREhBvD%^{bR(kP1gb`mKa7Swd%* zJ=9C7+{EW@q>tVC+IIw$RvdWWP%9tj2+-{b-lw{v2G({TW%_5!xo*lukcl?sIsPq7 zx8*_8e%5e(lUwPa&fZS_OD_OfCm{dga|}5UFi@hw{V*CNStgkn%j&Rtl%@-dhO7-{ zY964r_?TxOJ@;~nJ?69&d)yOoK ziQ1y8FwZuHTd0XwZ0U&Bs$I8H$I;1K^+}N{uh;9pqGY+slAeyad-Kw8gHE> zk6U~8M!rfbh_?&-0Th8B#W zl|ogsxs2mGo^N`3lMRhFhi4_}O6%y%Hc}Q`Z%JirF5P!29i0?X*D#{WvxfH)Dm+m} z8uYG=?O>I8JdKW@%dpK&-{Q5$BkrI>Dw3VpeLrmL*|wom=VK(Lv(g&7`hh0?EDca@ zVTw+G)p&vNzlJSi{lDuyxbPjtpF zSY$+(ji=hX&4%L}7AV@eq2Y4V)wKpKOwyAFW@^G%dl;thW5(0b!&lY5jCsVF-?6!0 zvDl5Ue33A6Plr*gr*r#>;@0~lcf)RVgs9rrtsY_wpYNf3Mw*-(j%QSPL8(Xt`l#m3 zhZYK4&!0J^%pA0_xx3vLD9cK6n;C3QU@QruqlvD(coud_qFcbaaju+F=O$=#P?xCm z!ViZc4*`PO@dp0=?}1(F(wd9+&o3CpqTp+*V{@;ztG-XVG#oTgyq0vg%QrVaj@kk5 zjODk`IzcZ$t`?91_Z=3s+pR;KffIK{Uu}^EW#HU(0?tT0tNYSQS19J5oMWRJBs6+F za|vd$D_F<;;;82yQXt(Utsn?&NV-R%F?Ij@AdFVfR}VjPDy_+kE%NbOnzgnW&r( zGGp#1k7(>}ZynFvsq`6?XV+eNj1rimep9!7u-%vDi8trtx{_L7nF_Iw``awg!l$$H zxiKy`j~Q&f$y>-&iA!U9%u#VoGtPumsd^GBp@Pj-vjKBOCm`B=u5VX)yG|=1mqU?h zP4kKV@2zZIACMKS9M#v0|E6z;72Y{gQG%}QlAldZC;}|H?Z#%_y)KzP74M#S1`ZgM zp{refpJ{l#L-U)n^}UxFTf@dKg;i}z5kBDM^U-y$GIwt`!!^Dpn9`~0ZjvV7=?55p zaw=G-TGfapa${WCqLsbtY!tp>of&3#BQ(%n4J&z%``oVOY&|;;;l-t_!OBO?i%GA= z{d0#=hS2^eWs`k6P1!r;6Q4S>`)oox7!WigQuJFMXG9|v$wC!g&6(kUV%%NwO_79Y z&V?nufneO+2G#m(KkVXLx+Q{nH^@}Y*?X({RZ5^o7*oe(Lh>-(dvw<_G(%nD_iR5Nh8%=h~O zb|nG(c7(-TCQ54#T>YTdQ*p|R<5AS=BmwN@c?ePP=CO&ad|67#ksa(RsU67}4rmh% zqte(8O0LXd_|yRU*nP;S!58x=B|{p!Hm;zF{{FtwmIHIVV6nAmbu2^P=&reD|JW+z zVX^y;OF~Mn1Xd|*49AkM7>)2sW^+D5V$;jAW{(K7%lnSuqD`a3n+v|XK48=!v|ALy zOvjuefi!ZA!Cc06i$%`8T1&g1x=#ZXatj>bs3TJ^;h>Do14<9ojxOM_*+wn<5-`j` zJSH`#Fbp(vx_Q?o6*{W6=K58~uMOyyabQprZ=$)x9;ymEu6-4>Af!S~_A@@f85g3y zj`PaDkQhxhk1D2n4!j1Ho@%+7rf~)G(UJN@w*#L7=+lHyEPYrjqwcX=N0;X8qi%zq zcMp`K66ts>Gnn{5R7^A$4Uvj!y~c>{Q$yjO9`jUu8QRsixazqH%o6-F)yC(!LF~0# z@LtFI)F1XKjQRwNXlHAy$f{JaYk}qp*N%nO=qQ?p@qsJ}n~uegrq?}cqS@R@uS)`m z1%bk($jzR$0~uUPuoh(2vaTX`^^o?ONTuKzf98aL1s`(d zbr|O_Z*sx0EIvvN3dRU7+6SfD-!GJ4%B zBz)VBZNBor!(-jE!=&ICqu6;xbBH#aM_+ntmpkA}rt%Xx6O{Q%9bX)Wz$%3~G#21Q z*|WPwqta<8usM>=<|pd#b+p|X`qroPvEL%n z#oUM8A;X+*8l#be$R&N+VE2`XWi7LG=1tCQj*?yQ zrb)_~xDeHP&YhBZ<2?b0z2aN`+c$|jJZ-bOcX^RD%gU^HlY%@(w-bjm7t)ACub!=U zt3`(}Ne)kwOsa0F+C4pn!C!*a%kJO{hZxoLw_iz3HV=bAy6{J=N;n-wd zBu(7=WZ?_!bj{ENkX%HzsPaVyWpl{M2CaG){Agvd1H^eTS;ndbi)vAsgj^frU$&^7 z&D^W1&^--0jS5arw!~x{TP=j6>`;^Eb5<=!3_kwWAx9xbED_v89p4E^(=4T}JGdVx zZ&S+CUH+ipKAdCtM}zNo<3;Jr&fKT3K$mT)%rC#NG(Yh8aeF5=F1;WYPI|l+$t~jn zkDPBI2&BO=D9>EC=%mcxOP!p<=F%q|y-TVW(l;-47(yduzj?P_OJ&g5T_;u9ASD*N ziJ>aMrgpzc>(2~oT@gjjAWo564LTBa%uPrOhO{}$UCb_!;w44}(6eF>8e+wgqx6~^@xTa2H=rdsf4n$W{ zKA<*lc$Z={W;4DE4&|)9%Q4kTP4d5dgf+*z zI4ebUcd0$|qHM8Qa%gId)l5`VQDt;Ox%xy*K zJ^AT**kcWl#5CA_9>*1{gI|h3OFXI{ld4c()2CJj4xQY`odGL*Cza`fMofEy>oCaP za`sj1j(b)_mpaXdQ*$<2=XpTx)0mp^H2(N_I>^Wvb^6i*J^Sj{INCWwHaoqrr4

nIoB$7=YJM48$t2?E?DSxpm3kQ(cT}gD$gKTQLe+c8X`BI z=mj#9EMtub>2{a!;JFudAd&&NcW{ubm<^{MxWXmbG34@IfsYV6p?gBw%j&gmCnwk} zpIR7}`+GFP@)bNblK$cC=qfc5OGlmz3XD6i358N-w z3K=}=F9FUQLo$iTF6PWEQ+^#sMr!_;&&$GIGU%&%#O|;J;u$-Wjup}xH@uv{%`0fG zw6i$w3S*)07Fu%kjBJUL>tt^ADBwBDUhn8A(0K;zkXz=f_e69OIJl;47E-Ivdeb%z z8+$c6TI0EWtM~50FIQeK;)!NSY|ugT;r2CB6kbTG{d9MjO{A*ttnx__=4La-=|nEb ziXP@-AG_7ZRwsn<>tPRpdG(%V9~Q^t{c%3r1|cY))|_tCmFX$R<@&~n0s(c)z*EY= z?LYV!Hm}hrl&=kLl3;lQIY}3}?Uqh&4(qi17@X!%0h(s&EGUX!XsQq?+JqjmAA6a> ztwMhp&zd~8NnlADG3+V4lFl7(e&>^1hIahhvW&8wC}AqxzNk7D4w+-x}Mf<_EMi zhtwQ3b%*A+8QcT9w=%eORGeR`az>)uq8(-+hIJqWOQkCGRzSVPfc;?K=1~rKY-th1 z%*Fb!*%J$9F~1CwnkU{l;1D`Yc9;#f25otkN!76*FJHG$3lNxLh}n`WD8Qa+$7#-Ye#(D&+8>o49GG98((#%E4p7!eFZGz)lp(>4}LYjXliLVbhN7o zh`p{kMKEc^%7UDzdJ6mGDudvfdlowC=nExv6B%LC&xbZvuo-WP>usC%2#^>qwb}^6 zfJmZJnrEaPz(>UtutP<8?XVM0eFq@jtzB4vqQ9GUWo@3;YY2Mn+c^+^ihOJ114?tS zF|Zf=l`7vca8;X^MB%QU64*|t$-ZaC3+v$H9T4^?I6Qg!3NWfH)pcnSGHQ7^lt_$G z`#SfU!msSTw^G0)-(X1vCR3U?k{T74*vAXEOX{uVdmiCO=w8Az{vrYe3 zZ(sfobr<$OQixF5qAaQG`;sCC8B6voSqd!}dxa5V6shb*WQ1u($i5RdBX?2BGWI1@ z$c!an49)tSsqg*6_xS^!&kxMJUZ3rpIp?~rb6xNE`#4_EbF;tR39_k1X|bKrsbbts z%CLR6q7R5iRtLY*-ZvumOLIREEo)xczEw+|Dw#fz;J&(5bPsJB7h{#jP8?@w#KZ#V z(?VZ73(Ny1o$k_G5HQ!t7Tl2zX(_#f=^0)rn-q!aM;ZOfUBn53Ijgs#`*st6XU2aA zXF1e&HL*kB9CXI`Tr(jAZA)s4b_DiIy8LQE2Zw#rY}87v-0h~9kG=3r{{o?+pz{CB~Ozdp=jc40f0<8%&ZTp@XujK{F=1)8 zLFYLS`n8okevE>UU7QD|z>-PUKcN-bFr%fb1~zAkY2*#E)z-+uK91`EN?id5;o=(f zuSB^{0%yI_n5biea&kDAkkC)+HVgd*z3sVl$nKs8FB`Idj}S8`+ekv2cjR16b&jmR zluJdV7yk728M33pY;*`YvygTY_@3C)>RZ6|^vMnK)wVXe z0bvONn-6?v7cy2^0kiM%)w->IfnE{f_8v$>4gfl>1%>o7_wVe}13``6TSnS)NU=_m z^92zBd@L04mYE37|@-29Dn^C^K1+XqTdtVKuKbf|qy3K8 zKkI@>bnWuHk8WueO9p2)02n|!9(ZGmEa>)YTkoSPbHBfU3dv@sMfoJamFp-DZC~Wt zhM9Zrt~#$;fmDzix2kTBadTJTN||Uj>U6#Lo40ip3-(jQ0Pu;ZeeN)>jOxEWoI?87YdCr8vyV)vOLeADfN-4Heuc5}8fN?=-a83VHR9D$ zKJ3-9m8Q2T6CW#2m=|xJ>-dgMu5vhU+_wiHxyPCsVzgCB$!_W8T}g-=l2uyeptyhkWc0Kqz-Zj+?gK$@Zp?Rq!Vds>k)s+z%A2DVZyjKR z1o=ELrq@sL(Df~nBfa0-cpkCBPM5sz4Sq0*>8Yc_(y{j!eDZ>_k+Z-TCuP$670f*? zr)?-x6pr&G)T^C((B7BKCt-l|7VSc&C=yq$!rb%kPRtE-NQ&iU^K5?dh<-J`lbsdA zEDw|>Fi%~P6e@wuSzak&mjSwzgGSnbl`I0F@YgEeUw?-2}`@{&sGd8JvX3VNr zK+!Er=RjcbJw%z-bZ55wkeN1b!+BaElmG=R*&5B zVrA`Fv0Na?_4Tqcp@BcYyotnq|C7@ZWrIvrl`UFF$*-1k!Of&s*3sgxFNYOkzJtsG zBDbl;xJ@4zBk^0oMDn?kEmYAy+h`R(wh^2PaeiW+x|A~;3!t$169s9Mrj24iki0^B zTu5Je+QA?n6J+WSGeuz)kr?I@riV~6=uW0LFAevSD?Y4wMlrN0x^j9L5?mEJk07^`OTz(7lofZUqhN@9f^{C)4UN)GX z7X^m?5r=v8uwlN4@PfntKpcB1y&>=Q*M51%CBV6QvSENC8QHBrl$aGaef1%?Rj+!xU4evbGXNCnL^sac2X`i~?PPV3}o`^}o^hhjF74SRQ zvYpZcn_IJM^z7Jy)qvD-F+SkI=dCpLv;^Mv%Tj?z^z8*Ppab2VW!;XS@>qV6T0cks z8S%S64+T;9Szc4Un9$L1?vfIdR(v$%bBYo{xtw4#G8Vqg zy~fMPz};By1tbpd=q$Bn){yVP{lV{^U8|4}wx{m<4M#7LHrq*;&tV>!@YU0&nJukW z)8liC4Mzg1AFDP@A(Fct$&?)Z^wJ}%$qns--Si#TdP9mnr*YXTfFz~2o0t)!Vf%;; z6IJW!`mvMLm($VOhi7_liHvCb#T}=lSef!W>B2#P=Zi$TvRInfQz@&B*n6O()N+>} zAig3f%%Ew!$q@&)-d@{g{1Pe{o8K=}c=8RO+a@8`x8P$QyC=ZV)t?Rh0npH4b{+3B zxT*e-7c7GEkS#z68_fo`{OaP_YJA*y4DSkX--Y#t_#o|MLs_#iC3bC20D;2M5;EP& z2*ZVpu-H1(KrFdF(&5`vOO=mpId0Mx^^KQ^G^07W79j$>D`m-0pC@Jn_5qag}BA3T;JJn1z4-Cc%i77MEU5d z_H(lOKmUMUy^V9h)hoas>+->nc8)<>vT-#Z0HQ{gj(S*&+; z=Hr6s<{fv^tk{At@Frfz;HLK(okn1Ly|T>l8TW_|B7;iKSv`8g@aB)Ms}IGqb;QVd`g&BFN3=I}wLPL~d@~*8 zgw7mcMdkq6FY$a1LEfBZExv!RjTQ~A0)Xb=Z8KZ_ZAUVzY$G8GQR9nJ?u>A7UR6@8 zF>NM-j*;vwIN#iLt=c+)_>YXe(MWed&g548{YvqT%36_jA9{xjLnF1sorY)=3QxWa z3JnirW1Q`A<3Z2#$1&q2m++yMb0UbNRNbf`>*jUKqE!Q8ovBl-=PN>c(DaM`=mx@V z)mH1~oxCd{13fkw!K@mGVKy_wR}lwy#oD|729TlKs9bd7eZ;vSdX=0TgTO+NZT;v1 z%Rjv_UJfB@coln}%iwQ;hO8$j2!Kt6Y^77&mYiD{l$EVhPlMaH$7oHhHhLMY`PmmQ zYEi*%*eSA#7-8joS#_8K)dTLg)D#e=?=J}mIkpM;46l*hNb8M{rDn!ns9q$wQKSRi zikf6tQl{Jcc~CXabkUf0DPXKBi7y*Gh{h-XR>(#yqoP`O^v12Fq7 zqh==q=I?=}okr7mji0?I*&udBbH=4YpJEQFD@c(qeo5zkGy?<%o$WVfNmFpO(}}U% zjov%8(iIZZA_4D3yy+@{yQO(0lGj_D||dOX1^+uzmfG zq%*L)-^QUL*MYF~-F6$scFnkr?5Q!PEPg&*@f`mqrB@0zk934^|Y? z*NK)~ZmiGbT45SHkftu+2CSprq_^)VIoXx*FF<^-|&-Q-K#iN z0-aO>?Lz>x;bUAfWqL_S$c>J0+BJ}#K-&Bh);*m02QepS0i&KElDzlY#!4s}4- z#LJagPQ4v$Eo7L9%W54`J0Ss*VvnK09pBId&LM^rxh`c$%7XbzLE#Po4iTrn5|E^- zyV4{VwLZT9Rj{0-+mt*(`r0OI`swZ5F>-zB1T$1rD#ov2F&#pD*j0d=jWp7XQ4*@q zP9zv87%s1u8?Yv|LII^4=1OYK5}Kjo7l}t!xq@NHEr%KIf%p!_1qyxDc_elB`>m|9 zq*b7Yy}RQcHDd+316K^jLMpOaozbV2a}bk{n$*l<$vm&Y|+!_+}YC+Rgj7KEABXXUGskh+KGBsW%{ z3Aw@cF~ah^r!&Kjoj%`{mXs!8Ilk7uGn<+8-1$rM{p)V;Rv)Aljq$C|G3j%*ftT>l zSy`Tf;)Cw$4W&|-!}7xv&+TkdR?KfQTL}=3%5v1Q^N8|c{lsqUcuC>fXA^<9P30>? zOnIL&U=g!NmY1mhB+c)>1G}P}!;$Gx^uN>MiYGaS9dh6yW2v^)TvwpW`MzD)uOd1x z;S{2uv)pLntjbxh!`4_Pbk*08${B?#GxAxdg8*@;0w9eeGuME6O9YD{@WVPWKVtSQ z3&V&2bgG4V%k3i(b1@N&P@SKO`5;%0g_m4_K2K6k4Fj3PA4{IQ?_>?01hsrioCHws zY-R=vE6a!6Z(`4hkIiKPaRrcG^uy)~@VmCfhnvEC)m; zVEOD*+xigo#hJg>Ny>5k5qW)h;_&e4JfrEAMJYbCNQe4Y-ygfKXX&TANd==+cTR~F z28-0^G47DM(aFw#?2Oyfi`Iz%DPToAmh!LFzOvZTXR-3T9B)|(WyyasZFJ@H02`3; zZw2&*!iSw9xf<`swEd{(%-is5KCzz*=hDRO`n$A9QvEg$@ zwS1E@pjY}MKAy^1*#6vfS{NkM53}kuO<}~LRTlTHEf~+A;tjCoAC7Y3mDuS|?ZyXf zHd%NE(EUFyUUf8kG2Ke?t2DEBFlsEg<$0+?f%x%_5bpA`bmc3H4o(};)DVu{+&xKs z!gj1hR*laY8$8=MC}R0rXQs;RDTZCS5I&5NOauwmT>+_pN$E;h_vgQakT^U#>WNK% z#hxZrjq*E{x`T4ckqhHns!1NnrJdD;?O*Q^lHv&~p17;sIuNDPik%oCSj8c<)eddX z4Op0Alg$DRWVgd-o%#T3kKKN$WjZBZ?oU-A*`kk~4&n*c(Fq^6+9!mr^r~#NYmH@~ zMHenV?NIZ`)=l1}zw77uik+0ehXR_IvWyTzo}r`XChVcup#}W;0TYK{j80VZUBY=u z)b4{4s078E|IaPs@GnoSJ5@N>cZ%T5)ZMD|lnEvFn$ilt6l2$za`rK)DTpweiDK=; zAUiEZSGt-dv-Z7X^I7%hJRY~B>682a+ysJ!aX#_qi1Rlr+t&^lh8Wkde|y zNn75J)B4l9rsy|{F7l7?%HOsc zwhO$6Gv$neSZI^_Mf*J`VQY`OKovfC9Q6 z)Tz%c8DyTBCxz^pVSaSXQ_9^@Ug78yZqn5z< zKO48l=qAIqvsploNzLF(Arr z4RRrBgoh_7-$YN=`wsNy9Y|uhxMq5>lJd+)#3FsXWJ@gO^_`|GlHoHkCyal0>vX8U zKK}CNCj3u32lqOc4+icTRbNG0kJ@2SkJ9@?{W#&vu`d#yXD~3WrF0*&nDsszK{Qkg@r?SrGRhQkRz%X7K3 zc({mAw_?J59+eMB6(?%oa!NdqI2*jcG7Aj$oYThy>4s%QyG4x)evX69KjLAs2kM|7 zgy$aBjErWKO6!(M#n=RW3h>xM(as8bgJ=YGyD*lKyDZBh_$$+VN_Gl0gAt$8LW( z{!Nu_(-J-k)>Fn)#5i1!ZpiL-=?x{|GE{bP@Jx05j;^)i;0`|eY!uVAVL+rk;^8yk+#;`eI&5gN3yRZx ztRa>Sl9pVrRop0-wa@E8?_J~F!{`tMVbs{gVZ)W1Dj-J)Uow!I7uVZp3OTcz8Em^l z6DDey>l!^{a=I+p|6-~sR_ODfABjC@L?ovPHeO399%6@dXI7R}`P@^^zeq+_R7KAp zoqOI+8LjST*-49ic8egha_bJRxH#vPSsRSHm%$|6GAHShGOvn1gMKzyk9aSs2DZ;* zqTULuT{>)>DEZen(r4;VC1%-s_>`)!zze#fkHt7YYe-qMxKZjvNpmD0Pi24~Gj3UO zm>@Z3l=)N8??ON;dq#g^4djTj!U1B0F{!N!Gk2bH<>j0Mh3?gNfqtDA0+-FRM~4a$ zBHFaMTPrK8eBu}?aOa;aLn~=0KrfsQXvj)pBG2>z+oMHfj>##EO)>ktMZ?Hye!(QD z6{+0@8{dlANrSB~66n4!2W`#k=kwTNi{q}<@5=&VM$6WvgW*7`&l%7FK}~@Vi9a~h zUDU^Ey+vm3t*-4B%VhZdbe4J%9QG~)c{kY;^Kr@2lQL8UT^9DSf@qpqiV>IWcunXp zmVH~sPbq}$iKWJD0pz95G!Tv}p?#qe)FF_6uj7V=+`D1*m$uv5#|3KKZaKfdvqLaM)k zABZN^yEu_FE5E0tzVH6LX#uhOtiuszm`LZ_X7&(w0!Yz1Nok+P*Q3SnVyIJ3CQwff z(wXK!2XZ2k?XF74?)S$yTZ5fBB(tas`kuJ~1R^Ri7!y)&`oW9Vpl?DhxP*WtqunUsMkHn0|XZ^@CA%`rtY{ld_v@?RP!H)e188u3y`$R@5s=S^kD733)3+pd>2$E;owj};KO!z+Q+(*Ow8obf75IVjtFTir>LSv z4vAY!#_&@7TDuVL=5Hqk$Ie;*HA z;~*FbMeFd$rw!(>;rlZi&_sukiWQTvUo44GokCZzONIau%eS`t6#hfzOaAdN8- zvooWlykBdt_1?}%0F#iliN!*l5eeh(MLb_H4-H#HW1u%do4AgLpVY^hxVGk3%$B%^ zVhgpt9a9QQO508M=|s5)X=vl1HbS~pEY+Jh4Pm!HVThk39FHnJ*SwvS${N! zb3x?lQ8Kv9>)cZ#_Ru*BqNWQjII+O0gn_l6>pyokiZ~wFPL;}iI%Ib25M$o(zl$^Q zkNPA4BZWt1nZqsk!!nN+SKJ1O_d5qoG*zY!YhO{p(Kc6EIv>n?Lx+U%&`bZlrMbgA z|AB^64+JX{zwX@gI{=Xbmq93AsZT)89QnOam43p9nS~GhuUQviEXJdSH3X_@h<_W> zaR?3RR0E~$xZ||~A=JcpDDm`C^WT%P!tNZ4?*wc=gPNVr2CjM$PC;`I;{r? z?{)*ZK8T_Bf2P%K>V+N43d{3yKM)m2(1JRLT?l2Bi)86-pg>UHtI`&D@x;@`6JYeu zPFT2ZLv!d%Z=?^?`phF|IR8iZcGka;8#v+(k{H%#ygKgyIz+|N1)ne#?n~yU6&G^$KaPB+^F2O%LO=a7s!tz4OSDy-N z#U!DGg!5%jC=?tXdY7f_uw=XU*em#(GuaIA8l?ch3@-4pDq6~svuw^BrG^CrlLWG} zmQ`6R{asx$ieOF)w#Xqq-dxDEMa+hSv*93`2LJvXQotep_c?*pQGbuPgMaS(=gYyr z?fCQA`2X!o2)-Bsc*5V4ArLMw+WtF^|6koa!<&f|{KaQ1icsBPJ=_9jV^U@8b^m_= D4YCr- literal 0 HcmV?d00001 diff --git a/doc/source/installation_guide/latest/figures/starlingx-deployment-options-simplex.png b/doc/source/installation_guide/latest/figures/starlingx-deployment-options-simplex.png new file mode 100644 index 0000000000000000000000000000000000000000..317b7cf49a8ec9e84e223792e5cd819aac9c2342 GIT binary patch literal 81291 zcmeFY7<3FuiF9`i-SHDeq#F?dX&6!%q@}w{k&uuYLXd``K|nx> zp^+SLh_ms1&-MNX=hNBOH6Ld7wP&yAS@EoOuX{!6YO9bE(-MO~AW}6|xIPF(2nK-& zv>=4QFVArIfG;3CcYPHFP~`~yCh!GpC$A+B0@cLbxv;ned?$LN`rI7^qI`Sv!CSOt z@&`$+%*OGBZXxTsu+4ifGDz7-W zG7(0+T{c#7uW_rMbA<-&t$ZRuE;zSGbIQMjK_gCUe-=_uB)As*zZw;QD}Vwpl1oj@ zv2BORRVGkfrmH^@qU~6}cG1LyJKw3PT`wM(djI<7(+N(uL;MM4GTcuX7G3iHweb1t zqVLp^q|?D{uS|n4n*Qym{2dJP=n)LorKl)p-8Z_;!o{OkQ`ieP?eAx;dZr{R;IkHjwibUkR0 z{n$4Ta+d!odrBq$)l>7b8@10*b380nm^~ z{JajHhl~64?(~5?WZ3!jzIn=uP^ZIU-hlF!;)6d-*9T0Sv-YJmIwlzT?^j~v=h7cC zrH_)rIYsr57db>L4x>kdm*279gnZC`i;2@uU@)gqD3k`um4_k;D)V2JUiUj$&3B_5 zRC?58!rs|X1|jdF&-AGrE(r2xJu%__Sfj!$lPxRgSFW>u6X)aH)x;te3Dx2cJ=_H{ z$+`Y7;fBaF|GUz!%dGW&6j+*wyf5EyzgjPU5DkQ&X!5ORlUhhS>6PlwIL}5{B1)5R@*{W*#g9U>mDUnmJLDj(dZ}q0c;s)Z7FhJ zPyRQx5gnJE33hxV&kZdT39NyH_(Xn-+NU{k!(l%{FRP6Qsf1$!qsYd?SajeFULnst6Y8b60_;f2Ko5;;Uni!b0-V08N) zC-Ja-w4a;Hgm0qyCIr@75mxSS)!vRuE?)yIv zh2NGX8PK57!ZQg2C}1_Jx~F%Qm$x6SPQv!h6)r#d z@^kGpt_rVbs83C=0TYIXulU9lT17{vcx%6@Iu!^R$h+*69=`0t+FW&*6D!iNmhCS7 zqPdUep-6C0Qj`lPyXQ)*&vouB%~SS9Pri^jM%_qO@$iskaf~kPq|P~_hv=I)X)ogO z#VgkRmkOaa`gimcCbGAq>6o1c|&ICc|UQ z5wuj%e#CF*@kJ$B7Dfy+d2r-38^@kz`IjQ#^|9caVvS-D)Ut?njOW%-Sw^k zh7NIi>p`<1D#KJnnnRbQ;yg!aLyqRo@shEETW5?y!nS$Lw9_MI*{Dlg&VSgx?UJx_g&UUdb^CAp*W(N8AF|;+gK8;x;Xwj45YwW7EL}^ z$IsR8gKrJ>Uhjq!k0TXAmjz?kDAM6VVC(0)fAl&tO7MA!w_EYvC&+*29Rd*_IMCdS zPt2rg*==}1Io_3)eo72UKI6+Oo1LFmfWuQ1kJU{->lzvxgd3o@9&H`cSeh1LDau_> zri?`AU$;2dj!0}*c#ykZ_gw@(f9CnO;B$vy1P0aTsMwN;`?AAFlM$Ld54ZjRs4O@y zzL0P5r%U&S1C;~CWqOdS3NGw38jPRjTZlKAmOFE_DzTYpg^K1qE4UzcUp)E?!X#mo}A?Wk@IS*__LD8Iqc}Q7DoH)33=2E}LaKFJ# zptu2fQcb?2G0*pcxU4mTE~fQ)d35gvDApw-{VPkv1>)PomBo7$3BSG}zR9^&>-z!eq_SEl0P#KOJ)xddg{&;A>G`znGC7(KWKj0SZmXl~Que}We|Z%%=t2;GlY*`Ml*!K-RFZ0@55 z=6v_Y-jqg|9dG@{SrAq)2?^K{#U@)B80N^>ejlQspm{J!ZXd5No9B*y5{giHc(`NZ z6CDE0tqm!=5ETe4x8e1v)c#I{9wba`^7&%&m*mm}l# zSubxAN-u@dhn-jfZvD(25)JX4R?(i)4=NqI8)Hwax$-9Lhb{Fj2%d1_vd-12&iGP< z%yGWp{GFGg2nqQPr0G3c2^h?SW5r(T!!$d5vDo*V6;w;_5o#Yj2T9(rKKw-<*!aUH z_2qa#X8l~c;tihJ=q}}lU=9&BKox=iH`&dYb=Eg8}433<%Mce>rCcqF#*}<5#gHM+iCCZ z7fTrf`UCKR9wdiBr2M#+O5XmTpU-l`gONdi5P1})GFc9*qkI`XrW=qNB(YAwmcauC zs@}eu_t6C1_RJx8e=1xre2EXz-&zB6iF-)IQ>HOzl zwL)XsR6;qBz&@Is;J7}M5dd zyn2$ijN!@=;T-~b3B!u~=&r%84}`di&>woV1nP*I5DzUF;XhcBAIuB5w8SV+$*yL$z)*-OgD!0M;ovx-7d*G` zxPXO^S*Z1BQcj9QgWru2Vg-^{ur^`NIG`))RiG1g51KKwtmr`YHU1KZr>pN@W#D!A zr4fuBnf*(vC(TDyxM0yCtycDotvV{wbL$y@VH2U@a=FV{9}Hv}ebewohGvF@nFXHc z=J)$ajdleu)w2@9t%dVz!tzZAujBB7#5;}#@_+m*BslY~;mxuV>r?BT%hD3H_E4mz z2rYhq+(^B@VGw>n-`mi1l}C>d6Blh-EiACYhnhjg`&_;+$LtH*SpNON6Wzd=vC4X1 zp6r*@H9EGW9zqHI@`~m})CEk5pZ_qs8wU05=$3#ccBm386bQ;~@!?%%M$Lj0z?I+- zN>Pa#xA!iO<^gR0&!L)d32v-gcmm^HXeJAJ>l7}5> zrQt_YS4V^(S9MkT`~(kL`G(VOp6NTxx6&#)c*IAPWhG}VWDj}E@}H{E-sS;2?1&T% zUZ-46@6c7Ipcv|ul7_}4{VQB`fE*5pbj7RLE`5vgT-p>gJhb>P8y0=HkE`=VtC5g+ zk!WHFn$Q3lIV4&{9+f{NqIvTKT=_P`u|g?pg;u6WkRyxOgN}1$b(v`h)MN9_mL%T_p8g*dG59Ncf8y5qb9za#j(`TbiHYy z2tRIN_lUpIFfuyAPHKgw+!Qe?f7@e;A|aV?CR~n0+_IoU?G}Y)FN4>sJhE@o#{0esXkuzY zt>Hg?Jz9|KinHmivhKu<(q@1mGVjQLJDI@_YLDnv^UXwJzj7eTw>(btVfv+~$*@ zT&iMfsi<%eY`Zq+q~e{GZCLk|k=f77x1{_TuoRzFRwi-L65#Z*kMw`HUDb}5g7mGN zt;FfH%Tv(EYC>YqnE(s}V?$HrzxFth$V|D2_yyOqh=1xJxji>|1Cl5NWH$RO?y*UB z-+Ev&y5PMM^V0>{$1D~hhv^KN7vo(0hSd)_iL((ePb~`EU>LeQ1|T3$y+=h)V#R(VAHv`F{W%{`ZL4Gclc*>J zzl0u~XCL}8c*K|RG;9`i{quk>ynq!`Y_riv_re+Hw)6EVPp|HN_S~#FNbK~3&D*Byr{P!m3_E?? z-8JTO4DzriL2?fd(c%{oD4Z4BxwI=NKnVSB2L~|*vJh6>XVI*^M9976y|rTs3*g~O z?K~`g)@Gu}ykBfaXn7iCcJceTnMsjZS%GA3zFjJ{Cg*Tr-Bx}#D|so(YDKKk?5yH` zz0>UW1=ZR)L~&V(*LSR7|NDvg(umkf^xnABhR0qcV*kl=0xSb2X0fAQU8SnyZsYlS zW{VSLLJ*^r)V?<(%Q)6IWj*1}#f8YZOefrmWx00GLNPn!IAn()P!{(C?I}x-$wD?ycs#4Xwq~Yht-B#jV0R+#a)*W_ub-T*Hna(pNO;@TNgQhw`io!wb$hn(w_{-i!uMvA*k{@6&6% zb7&!D$yi+#lVN2mL-$;&^QDGxpBvkRxf zFnqn7q5N9d8sreqv81fzs8nSEM4MRhAhY?Ztb4JXIyQ3Or#^xVBrj(2AtOjh@1pwC9cIkD2G z^-?LbxvA|JYnv{M1|_zz)o{7bMq2)+dq?`L434?IZ6|&gsJ(o#)Cw0}cN@lECW}Wo zSWS#mD5*%Is68$x<#yC(-lJyo$~&n{R3~B&2viQIiIGE5IR1G$xX_P(V5&@b*{< zJ($X3S@(z8A?$Q1@VaK&49=EZUWqq48oB680U-%}pUrQvq3$Vb5l3x8 zb(m@e;Z8o~Xq#{{3rWsOoNMcCTbo~#o(`OTZuj}oRj+t?`a@^j) z{;+*SW7vin6?sH0|Gn^O=Z5Hx7I!Tny7>-oD_?SUaU+x>`4oEfIXbF>u}cIDK}@V{ z$rZBjQ9Fl&IH5iW-Uxr`6#+0c#Rz{l!X830BJ{HtCU6NSZn^lO6;?h!SXRoOn#p?(Vp~Y4=kYFF;o@ zZ^?8+*rKgReMHT9Nh4VH^Z~_Huk4lU+_XO7w>-?lz&MX5_v$Z)wL*%K`>XQ52Eme- zl~#-Smfw5|KYa69;k}+n%zxUn!9F5`+u55_DoHh!_JnBqYI^3RuP}PB3+yKWM~OKv zU*)+rI0ma9#?Eo4e5OJq(H!!}e?>}JQvg_G&4RY>xkQf*M3-z0m(Ri{26Tc1)V;M0 z2oL;u24BxjjYWEi|7BPQZ4VCz&o8Wtl)wIRc{*=2|I24qhT@#Tz=%NZERIQr9FO*K zqR_7&>KjIyX75cy-ew|6>upk;Al#3Zu}+YR)vU?x;b|bMY>B#31Lut%JuAKzF-umm;#53##aN% z5LceVQ_3Pgq7&hKzou{yZc?LTe+C*T;e+~@B^Zq76n|3*{R?TshU5cc1)3hHF6i3K5D$SC7mR^@Ma@Y31JW@nV~ z|6ItC2$81rSqpM2g47k`?YbNd-jj5(nO!$_?^%3FVyVuWlt0Jzdc+EWp8_x*lKVkU zCj__gX!4e&%!rh|#)N5};+SL6X1+u7P?+3k1OD_}qtiK)IscFBv z*tkTIN_a00ZtYJp0nOX{P!%QMUOxt=}RIB)}pt(uSC9`>_)wX+B;Y5J1}CE!^Q#%GvM`#oI$cAyXAL&ZF=yo+)Q z5em~ad*RadbHU`9dNg@(6WhnHks}Amre&}Gy;EM7;P3K#sQE^8(Co??(y94>jL>q45Puf}wbf5a#fQ0%cr z&X>%*&q19F+cbi&IgDoa7dmF`3uEq&U(K;Sc-{q{0Rl@e)MhA1@4qzm7?aT+67iL2 z!TXV&GcUbf)&i+9kJN%UHRer@W60Y!Q}FstO|W@M_qx%-B4EwStq_zT)z*bmVepvz zCbPP}CH8mzd6Nj_WD43md-o%B0ezM@R{ z5n;!Q2IcT}@sui)GF;k!>UG~{#5SsIje5;FlzOB>(_Pr+ph$6ovOh!f)>+728=KGf zZ=hx@U3=(zd#!jv@VZGnI&{qmrn^|!9*sJkdmK5m)&R}@5i#cl{b+XZ-l%9M6se8; z*+ewkKUwgH~Sj2;9d5vkYL(`l~z;ewCo`_=A5!! zhxT0fSNoI7_N%{pwD2As8Bs!oZZS6EdkJHFnu}g*Xj_vfTSsluDsX=$?VUL^1=XEkEi z#+^^Y44VL>d-+Oe*3jMGU;>@tazavN9h$%Sil#t#7dHXkN#R+Tt#2O&)$Z;~G#>QK ztg?3IZ{9*2brV#2+-d%IEr23hC5SO71R(bY9nSa)g4J>1fW=muh6Gri8OdTbAiK^5 z0rPg%l!_qBFcpL;wVK{`X9K+=$Z_60P)s(o!Y<{x18>BJnsTuv;0K@IU)OWox|`rC zFHVPYq;M|zJQIgJwoMBMoz(lkJQm>XzcqjW&zd)d%l+7HILr&HE{+N}Ow2M}x0R<%9e2y3N1JNz-Rsgo`=0efP)+Xqx}5=Pqfz za;E5gZu+Ts?)G`#81f=(DsL}`*UV|=m~!ifO2O`|Z_LJUdnkooOD@b3EU%lBDKdZy zTgkiPh6y<9Ua16h*`@cd$2rrIg@3@=~QDKdci!o|%QCD6IAK^yw{06hf4f z`*!%b6@xH}oFdb{3K)DF-kL^hU=?8WmyFpLRH%N=1!Y;>QdPWh24z~6a1HeevyQl; z`9l&b>$kj$d7fJ0aT>|D&JR(QuF;3Fa{d;3VU)3n4W@0}V}n^pG8&5FS%xI(t5jON z2ZTP1!Yhw&AHh=As0X)uPM*vRUf26&?WbU3>|5-PaKfVW&tx%S+rw8=4KwI~3cwC( zRbLa2imO}aq^l}2GclOQDFINTef435v0b*ueKyXmdjJs8(!6w+hIedKr4H~t>u2F| zTGgM4LN6g(!cQ$BZ!}TeM{d>xmVTKVKLKU17Qy^6gLO3b@o)yTkS^7w=|N}^fJzLc zI!mhPiN0UX;+>Mr%{e`9JEr`N69x~g`JOcJ20r#VZf-yHBeW_lqW9=0oFWnQynAAIa!q`_rjb)+=+DAMm1L@>m(je|Hs`wNxW zf}sR|vtJp&OX8BL@sZ__0pYP45ed+t&3yN7S|BX`-4!!@|K;+y@%8*Qf+SerKV4b$ z5B*lgRpa`aBo>ej@0$Xn{R{u526w|)sSP955q8AGxk`ifaL_6)qzXzxYxUw)WKtBmhuK`*ANP zEK!>}?U=7D9poeSTaE1TZ!uM!oCP*9SWSxOJ8|+c6U$mQ z^Q@9Z4snX$yftb}n+C)%PQ|>Pwb*4op1=HH^LQY33DmnAmS{L`uPrJ2Ae?%-nZxBA z2&YEyunKJ?Oa1%(A_nX_N8O0jq+S90mWC{yybHv+AN8uq%-%`{&FDUo@CKrl0HYwBbiPoZr%^+XsT?5ixI0S3z+T!fE3K3}TmAxorP7wVKI@KvK`?URYX&~7 zR?PwO=Y)XSL(ZOMzr-g*ic&h zwf#Jy&_kz`)X;O>n#kc>nffNOfdG@(Wy3wMbWC&WjQUZ@gG*X`)OsRdZnob@07i!@ zBHif51c`Ub=y(8P5;Lu~Fe`H$x&JZ&V1Sy0O`LMf#$v{D)*_?OGlpU@Q>qNyk81#5 za4lt_299I5hqn^2l<1|Z?80%~XAYC6KDvrQZe$ZJ4gO7)t)+nov-Mu%%BqIA1Z{y3 zH&0zcVK8C7Eu>oJw8f;#oiwtq!u1BU#n9Q@@9DV0?dQ&I&X@%Tco8L>o5M))!rheL zxyApAgTX$Lk}Br>2Y`y&Q(%r20IxMV`eb(b5$BxHAH4LUq>@s)SE*&u^T=hkNC&K2X2Q-AL#MII#9dsrRuj2l>H#L5KU@Curna?ds0vb^Q>&tQ9ZDT`C_^U5%&~7}a9fSHF|e_;(Zzd2*JV|_vWzQ{5Nn-= zw_Vxtdix@<8z@0sFxKflz%iPqqGhODh|l)Lcr+B3^5XU875lh0lBAxI5cO^GsX)2z z)p*`xcX`&V(LOr6I3tS9TnB!zIzmql7Ky(5es^{;zGno0;2#$-QkrBB(sHDCSEAXXp|mmcG*+X?~Y$X~O=)REQtX zILdd}4iTj|Rw^Pa^C(VQI)vlX5A3VW67QxsEkEIN- znaNf;C84`Md|{Ws_i0bE{Hs1M^Ozr;rx|E?>J2!UeT&jD<&e`GGO^yViN>crZ={c$ zj{%E$OA~5{q!9lf2K5)xB;WM0{7F~=3%mQ} zoh~1i@X^+YuM4;ZtF?gX`xgy|OVZyypJ>qBpHyo6`WrEC9!lyPOJW}dl*f~G?E>za zbu6HRmEyc-4&S{qe*LQLW%T2g>ht{v`=|2x4{(-p`(t9gTCI)>nJ&w4YT3{n)`C(^ zy7RxcDR$fy&CB;m=b_6|vfIzm>hse;mHWlw`z8POx}4Bmhq@^)GL7#PD)bg;>U3hL zJk)o9F%G;YxIf{iS0iWbmbaL7{glE)S?$N2_FRm7(a*uc&uwPJc^XrSq5AeNRJIWo zkfe2jDxWGQx6W+e@9NLXS>#YWvMBB+~gWL7T1rU%rW@qwv+h1Qedpd=d^oCWH?6oU5KIlBw2nl5^5tB#C zJo;2Oy&HFcf8!vKoV? z0RcjpEavl5zYC&xwkq|kC6*UU^}_kwmT-$+0N)`5 zBX@jg>?o9uj1Hd?0S_>aX%L;(*FA&-sZ?ie*#qRzq@txy!wj1}Sr;@&;3pY+pm^Cw ze8VfnvN#+xsefCkF1zsX8MVWx=LmreFWR|k?AE#4r8eKo(>-*RSEgFGbjFgb&#`-q z8$tfkes%8JK1`o}EvY?1egh*zxOG}=?zF{BBXV)&vo~?NelGt*Py2Pw?RK?2i#?^b zLN(?`NrC6mbwJBW^dI8yd>|jHceQkN`nBZ+W%}!qZ_psAI9PJ|^F0p}peSl7TG>-M z9{GN3N?KzAkIlKz5MDUkZ~c9*YNJW^?hfR{#eaqF_Wd0V#UOj9?ru*ZaE}XQwJx3D zqTO&Mz!t-UK6SagXi;hEm5E@S$m(bV10RfcdNkKM{c0x7H{LIP4BL!HmfsgnBUrC$tpU)AHm(-(Fwk}0Mh6Necp z$F;*5c_TFqKkwB0H4N)=q7Rsl-I;)@=sgmle2pX_$RW7k`NqMqkAomY{YQ=_CD#4F zxqra?hlm3@Y7(1m9P>+$Nwx6O@0IjGL5O9;zh|zj62~7~hlyEY$zk3Ratqs%76Q7B zJt8UUbV+y6|9}jvQ#JQ|`^Dj4sxzco_BNxpIofKo7upE)^TszK7p!N2K3C=q5c2cU zbbP7U005YbY&cMMH&qZFI$H+p7`zHC+okH35SwX@UGeTyWc(1@2z&DJ+( zn+uy_z6q4akBbB(xXfbBbIS#ppXudV%R1o;FEJ2y34rJHZ`WtDmNCe7o?FSl|)HoOtp2%V4G9j97B8;?o?#@1-sR@euWI6Mcg^s%_8MD zurg!=Yv(AS2LS5|UwXU-ZqGGklb3Q4g4ojKBuFV9X{%X4r{*}jh&Ayv%@Q1JKa$|( z>1P<>(+~>{_Q`Vkj+v2u?F{~Bl# zH&wgTJ3q03tm6AVaSLuAhMK3JRY=L6H+|Yw-1S49MtUTbC}w%FxsS9zfCVC69v&%j zW%xI_Dz3%k`1n}FKt?}Nh(uPmv)D3wPIEy*dv5yGdyf(vf_whkHGO@DZQt@O6O4hC zXpYv!r<&v-tyik#hx6B;_k9B>o^~jugfFRIWh&6q2vhr_G&=;!ZjYv+mz=0v4l#ti z`oxQ2Dpwc!zTlA(y7aTLbm` zlyy||%U9f~n8gjHb4eJXbE-u=i7#)p8A?BY75kVU61vda;Zi5`dJeGnXo5YxoI6RJ z!d>yWR0$5kmzn)+69lx-nHHgI0H^qw|8{y?R9ohJb&oMplik1$0xquZ3(X~dn0)zs zv!?pPv9L3Ye^O?<-anq#eL_pLIN(#{Fw3~Xb5r%|D!tfe$m<`TKhiequg;?P*QlPj zn_7h_o}(Jv8G(c^*MDhXzq|R+d3CV1l9~eOmy2>oQ*&TBNBqvS%Z84da}q5HSO3rr z`w<*U=9J|3>K!!pO7A7mD%KBlx_vVp6VS@?oO77Md5BE%a06l&|=g7+e9lXONXGw@5uY->>Io)+@(*Md30rG z=ER9)yG0w|6Kb7?`mKB`S^YHm{p}Lv&-&F1Z`>@>*=}0mTLB9?=J>CgH%rQcJ#Pqv zzi6Pr8{Gmzt0U6bg=3S4#k7Oh{ka!v?l+?tJ{<&%)zetQm<7$g&?Ry7p~ZK%FxCVM zxfO9ue#`n8yRBc7#b?r(_Np=_!qyRN;$>y<*)z%eDWx-ZSCS=+-(9MlUkV?dd?m_$ zC7QzW_tpeK;s-l?+i$cUR1ioU)s+5N38TRBe%OzoqmHT(dWD; zz21vGs$Wds0Hw_s8d-bTjKS{bRbL*OGM}}-GB|T*-ZO6Y%;G|Q{F>wTz zWky0Ralog~+D-^&IM~qaKCwtQeqpuX+JSfbZJaXTW`C396QU^iYwo@|zaDl$xV!hz z*cB~C)JJH(&{T+PL-;0r)uT!{Isy8byHnH8-!Il^UZ90(fe;Ji6%8l7IPMn1V<$+r z#LAhKY!@?f4F4Rlwq1!b(tlwKRSeokoqgxkuCi(`xfRyg7csE!OPPmpJ=V@s2;tX# ziXTn`o4`k_E7wo%S%u_CCN=q}Gb1#}`tJj3OHd14+)M+VU(iSMOi@!a)_vaOm=HM^ z>^v_O96OzNF>|)kG#0C=))X{whJ+;!Dq6*xhD(heEd~`)WlS;#XsmU*u!i}@KI-$E z<-I3-(8Q+Md-dIO_O%w6DTO8e&gqWI@sNuknD7S=x6QZJf0A_1`-aRNsc0j)_*yhCrxGK?|^Ek9s&`=>~h%V>{Ff*asYff763EL*qJS!^@u*5X-}$N>d{}iGnR{Xa|gLm zF`Myh*yTE68c$8NcaLTf^Ws_7X&c;JBrAOD8%-U;);Mr-=Tt_8s`Xr-7M}90g%w8Z zv$I{k0^5{9yBmqqU#eRLiTq|xoI>Audtq^xk6{CPJs6qEYQK_*kE8%?_}IMgo(p*^ zAM2muV9P~{$2cUV>piMD5APgg>Hdj;pO|o05goNIX)vQx2UQ-(X?c?+WClbWo`R0;aBhonS zVvBm>=M7z8$0+rqw`RorL!?ou@U`PNZ{YvriY#wEJdvR>qmP{b}nx@XBa6q1_a|N2OdXOB`d z%m06i9#n?cf@|+P8}$P*_zJ=|`fKF0^S8Iiqnj*fhO$$|29ks+YPedUx5!m1rQ)l5 zEHg+N?T-=;ZdiED(~z2*j3Jsk-2{sHXN`!p8UWh~nw@6GAU+@?{Z*uMK`5!l+lM(M zalVsfGh%f(b!_NE5m>-UG-f)0$LSM}3>e5}H7$`|kOE*!r-S1p~y%f-1EtfHj6ji#tx|vB)(yYBM)m`WSwpBT zg39BK!qZrTj;&Ti@R2KVvTZG;u!&nf@N?+{Ny>ko=CJ{$+7yTYOd{JE=BxuQoKsv? zDI(98W!hZSsrFwSlm%b=>~6}c@&)rT@GIFymJ5LUG=@S+^mO3sq14~RROgtvY@=ZX zAE=V+A<6`QWD3b0-(89+gc_72^MTK_ZpPIB`u$l^u^~#%e~z#HmjC0V>%ym z5FxRzA(!B7>z|pgn;j@|UzZR#N8H4QEHGc`B`mt=ZG|0(8X_~WfiOc3J62c#DzCg@ zL)o+X;5==vCv33FlcWy#0?^53`+^NEB(TmPDr8(4t~2_#gHiFXse@5V$C86F9srw1 zeu15OjFC_Qc>#7_HJ%@*Hl_F7$X8^-g9)f<7PE9H>cQ6u!c`AjO0i1E4SAIC;xgy7 zhxa&hsE)tQ`e3p@-MT0W1Ku(B3){CJyR@pV@Aq$QngWv^{S!Jb694iZ-Cf6*q2Tlx z0BU8^YUT}<$+?Ig?-e9#>?kC@$s8zm7~7=YZbp`EFbmA{EqqzBNTMd7dsQvJCCslS z4y8eG2<-By2lbG*E77WCnEYGCApED1UZCgi)kK{J23Gg)lUiIu(HJRjj~%!zQ z^NaP(lei6?ePZ9MqpQl6J>w@sr7W@H>(nt?=`>|hD(6GGj>?DLfxr|6FjUfM;xQ)k zx&A16GcuH1rm<-`)dL2w_%NY{fJpwq&H*uGfj$9H^pCPa9Te26UJIX(gN zfPF}UBx?N%`p<0GsK0CX5N|b4`Z+mETOEdu0d%Y@fNML2`T{%Zout9Pu=hDTgkJqG zAJ#S*O5NY|?D0_P6Ed-75W87&dU&}0>VKqGAS<-MiyOBsxhK&aM#HC(J+=Ob4=*is zats7>N|R6osXq9onAWeLWbK*X>uT7{7T~sw=z41>z&mRHUPyr=X{mJ|Li0~3Li@yj z1IJ}(0f#rAv+XpW@^M`QL|L_67lZWo6~l(K_^VuG38Qbpu-d_MOl~d$v-+^=-r>Yu zL)EMz)pZKr-+UOAqhr4Wzg2ss|198%F8dP$^R{*2 zs`7@D=!07hK|HAA@%8zoD^Kh|q-wk7XBH6u4~~3JW`P&+5m`&8&ad4wZTC^w%BP?b z7MVZ6` z2S4`_Uz@f*e#*eMVNt{Uy^Ql&Z+}M)Zka-$HTn|bWT8`iISPsmL;sNg9|mNzP3r1cmFJhN91 zkBU---W9Hn*9`$-R;iwg19=mG(Zm`MU6w z@Lwo8msZzW0FdEH+VtUjfX5lmam0VeXyRc9s1cy!X6y&-`wibzTI;`~c(p^W0mUW3 zuWo+ed^8?qdR(v$%u_q~YW=w)liV5IX-10!|#Z%k9|-zp!3iHgd@vdk9C-!k6`q* zcVyDtFU88TzEQGn)I_m>js>C@x{-vdk8j#8N5i5z?RMRr#UaRFA{P*^ldb z<)W6zNqNC;`gcA9^bCh2U7?Y~ys;jEni+8Ph1jkdA2_IAf}h~G zd~Dh>A1q-rbcv_kqPxvuaKiiahn?uZ2(Jn+VzLKMB6NKIaGN)Z5Q0cW!(CK-%{mh z@#0#kt|6U$dUU#7)>xL$dirqsP4BBxyA}6y-xP8cXHGLjIMNC5(Z{pAe@8k5kVM+T z4nJyDx^I8}>WMYJQMK=wExvA*|70QK8a*B> z$yPnfg#oY1r`n&~0;aYAx;P#^YQPuR$jWp27$4c^O(YmZAxkn}@gEx-Ka@O#0)<+J$RpVW%ucG zgE|{%z5pw$aCra(BgB!~h059f`|JHZ;%hsb-`7C>RS%^OAEJ}{BN2zC+z)W^9sZJb ztN-D~tB7OxE9?^&@jRfr7Vv@pPl+gs)A?xNag}CI2XEl{;2uCv0Is|oHB{7JSRy{= zM1C$a4dnmylO1iS3i4{wu23*m`bvo{HU0mg>b%3*Z2zzy1TjiNTbmFKy2RcRD=4Mt z^K_|E6xCK0MU2EKQPgbhP^0SUpw%j^O^q0_N?WsL?2*_c@9p;paiT`Bet9N@}ZaA`+nCPLJ$MU}YY1%9%5F8vq``=Dn+>ZPHXEmqF-j;&~}i?k^L= zms|j-!N7HS0W-zJcW*YmgyXuTbKs1@%}PxTQ#JU|w6udL4q(7}%NZ zcy+?E2b?&1RWjUT1T*5^DCLOxXFR$g$$SHo>qFZ zX>;)d){d!DC0?vE$t`&OC2R(3wFtDYlUF{0uv5Pls-On->Cu`ms$W~GY10-Kd9-OR zSKP;2bfM{_lfa!h@xUfQQt#+m*p3%tf_Z?CThxn;qM>4m?L`e9x@06SfZvw{&ph#_ zqIV(H3Ldmi)y+tJRyn7dpzpYnUnpjX_USVbI`c7)o<=-6_KSD!$F;vx8i>X~jed}5 zIrHa5)u6D8N>-2QZxAmdwmylUI#p+}#*X{*(W+8TnfuMIlgE~CqLudHlcw@)R~3Sv zM7jg6v{uSEnz!}liiQR`kd{4>gZqUjKm(hnMYvW2(;J|0Y@1Wu1*?yMz~U(;Y|1Md zgBw$0leq*K%Lc{|!KkxN?~_@ciePdA#)G;!(YuXvqrQ~Ojmq!x`dGTO9<@t*TX;sH zI5Vav&nO0UG|7X=al#^)M$!ceggonvCn0@Y5rL#r@m-NpP z^5;1gw8-4uRT0llzL3Kyx*W!~QzyUvdm!;#2E|5{c=AiyU*Ol&8K9m6FgE8J*!V4* z^IZ%l*mwjSOQ|(uQL>a`2434sgCr8}z}P_N1O= zgs*mY;ec0g)*Jx_2CATjsS4>PJ0nn%e%J05W7HQYwaj= z`&mGy`FfL@*4P_TXC3YjqzAMI9k6@|o2ngZqxJ*%2imO;Q}#!?UnXYnaTvm<#A=b^ z?C?+DfTO65=9h^%6r0Lcc{87v!}h0iH42_V%Rb&hJyXUJ+G_&?Vae3Qc8X&cVY&8@ zX_DsxUU#?)nP~;`Gf*PatC)w}1!6@^7NuHUk`N(ne=aGu;k_>>!X|a-L<^@;ynE1V zHFSyXNH?u?VR8Di;Gb_DUM$MTKPm46`dbD-3L6FQFY7d_=2n=_>?d0C_?=ujb0|nv z@mqAgVGHiQw1!`Dmr=erM}~rMy+0*eBC-0G53+*qb^3+pOL~@3^^`84WSr)60~}QI zID;gw`CbLpGGM>ngtUUqfXW%)0DcqK9H*8OZ$mz?7qYe|?tdGu{qXxf;5ZGhezxdxC)BjekZ zrGia!xkvLyH0{oi@(SM04Ivi-j8mN7XfbHcXLQhp1Q2=Z0d=%oyBJQ@yh&yr z)HA&pz{mIMV{`vpS&j1Sv- z9n<2g#z-MjTl4usgfM&gfR#?Md8EjR-Dr*FKjM$ur4_oZAiLm#L&LMAp0K2EoEws_ z@>C5y`NBU?rC6E4K#M{^G^X+c09l#b#mF^5oW9@B`;6)0B(SV=;@3HODArQ|zIVH# zkwZ+@=tbz=hb$2=Het5;Cqs?;EgmfK(798Az%ih@J?#t%qA3?oS{G4}k(rKo{N{Y& zpNLO9A2YV0cT^h9Ldi;|ONpl~#d=hH08+5n*ZLrB$$*}n5|rydWImiM$qY%{p7L^_ zW!=+z_|hdydp8z{Kn6sEo?c&Zt{MFmcCaGUV#SR)i%`~rA2K)7>+e4VboRM}31%4W zy?5x_J>b068$vIXx?GBQ6S(|&`g!Sa6DfE#GwPnLIZF3MJ#)8azIa$MY$MJN$Mw>{ zUTdFPnA#BOVf0jf&8J7*l*Q=Wf;73d(#1WmI$aLd!#*$g7hSfi#GA(LvJ&uF)Sw4Q zIfewjOlf_)ts|*AzWMTNkrr!Uw0A|fy230UCCnB)+oY$r1R!gI)|Q6aBj~-E)NDa3 zO=-2jpw}zodl#Dr7W|n*U+dJ~$8d#OqmSsoS6(;X&+DW!b0l}Vi?CCxD8drY-H_yT zK*0@FWa*4=JdY#23OcL@9>6S9{mtZV15U||e$LP;yVE9DF6Iv3;2&|31s$}@lFLF@ zyarSkZY8k(@tWQ6wVFDF_qGL{8}T~=S07d1wZAoF z5R7v$VOCDZ3DtAVI7_VLQAn$div6p9wcdEO&@10X2B7MT~JnR^tCg8sN9>h(J^$$Oz36)L*n8^RpPOV;lCI~a(bmf zWIIxd0}w#ivGNQy`!2ZAz^RXVA)Uc#xqM5Ml_*{HgK@5{)L4_Ha5NV%G$cCw z*hagUz)GB#FBOytWo`65{VEE^$8#4`k`q^ze~><}%mEfW<8r@d79irT)$ji-6?f6e zLA1a`7wEl9Ki?*{>Qa1q#^iC1b6D+JWD^>(1H6FNidOo5Po=~uKD_vy-me-F5h}Me z0GJG!G1gRscX=zT%??^An9r^lLpP{G5MfgA@LLVXA z=A9uqefXUAxaNXKw#{9^<9x^2LMZ8mRJgFjk_5KA2iit+!W&`MG(5h(Fbuiy*rzTp zKmNlCA~|pV1xFU=QsIY_OC^OY!x7I@zAU-DlNg*ZHg4^yG|S zkhIfy{)S#pw1%Ee9iZU9<~o^q7510yFB3o$Z3I?e8$pQ8T=^>85Pn1g2rUI0;dNzZMQd?N%~9Dhlu#_b4A)cxiX%17jqvGAC6*^w-64kbSVkR*Zms`en`&Abv*bpM`0{e{u_}MK85)& zf7oC2$UR_a4~9Iwn#GaX_1v|EwPA zp%xVI)pKb_bY(X`$i%Czsj5;jCsfE<@PtLH9)kZ@qD{hTYM+gTg_)j*qDKsGBUj2h{qQ#!K`*N+g?Km+`1{yGczxbcK<@VcV6*Lr}n+u z#>l7Ds^CdLTX~~jbWN1lU47kx#Uk-r5P?Jeg*G_ir;O-2UB>vT^b0ma-4{YFptHGU z_@kxl(4F6MTkRNG!y?m}l7LyyT(8IsqcEy2ziO=>O_C(N4wc@AmnWT#SnAw|20(M5 z%D?#gd7K53IJJ?Vi&-)I1qN6?c$4Xm%u6>%y@+RsvP9)tW3g3(I-#b^B7K5Sr{&Sj zGtbD*WzOH|r(bPqmNsL$<<2S}IjIjUiP_X|>rmKK2;&F0{K+h2LbEo-iR2^QlOBHE z`ddD*YcP0fHwxXuej70XHN{)tKLs|RcuE6YuuNQ0ibeT?on+C=&iodXE&$cr@SONH z;r@j5;cOs@JkZhNig*3eD%2L2=A`*JMWJFk6Own2WQ@4L{#k0%_IgL1T zJB1v#&KaGRQi70uuknzt0;`-IV(fb1I&xFnZrrvmP2o1GU5SNi{AlBcP|1ce70%tR67<+85CT|`91zaXe>0CeTjbvE*1rMX&| zD3&G&m0Je}(W-uv%E`*VAPix+2MzhRE|ipv4hVx|B%V;SVBmx0RNR|K4%FEF7iA%5 zwk93P!kC==6roe|e`-&|n%!?m+THur>=v5=diLN^B0~P>wp&UB&6@uTEK?#d><)dS z>jItz{Ej<;Yl(&JS&gW_cG{GgKfb#BNJtoPG8hA}#;-RzA?=RLKB*%c8odOq$CdO> z@S~oh26^QQwxy+!PR1X*^6Qpv#-PFz zZpsMlH$smj>T_~zD>-`pr4*)sBTa`&eGhM2co*Ij$*apsw&xHLHhu)At zu>>+?GUn?|ur#=zwb4N%D*Du*j`%6KOlmvOgMhkZN642+0~XTu4ZQoFzHg7a_>%ky zs4WltQ*TnDZc`C!KIh+8G2$tf1Xb3_&jUkr2D-wF)lVi9G*;hNC}^Y5l2a*3iUX6Z zTB4HnT9RPPViQJbm=<_9v{nRG^4k=5MyA*JS@F$8e*0#X5z6)52fqk0_|=wi#Q9z0h?qGI2h-)*dsY!3k8WvZ$G;x>%3PrJ)VpW-5BKy z*BALV#zdgN@)bro{A_TC`8iPS9&=NXsjP>9y<2!nk&jeYft$?xk_vaKDWRv|>r7x7 zLM~HEi9wc&eH5InXuj}?-XIAZQP3BsOko8~wQ(7aSFm3wd6Q4Dc>B=a3QmvGl5p$F z0|HGNI{?F;1>|p0wUnUN7Wb2F$4VvHgqKkGT=$a}qiWi=+I%meF>Ef=3%hO-Bmr|% zPyXO&5hT&*4md&c`i-)afBLS>>;Khtfv#uK5_~AS9L+gAX8-bIA3dhbE<`~VXM*%f zco%QVC~NxlHziF6q%r3p+GjULrT)1IZ_a3ee?hHW(GdpZ1m&G*P;Y1Xh4j_(0#y!= z{9Y&0kE=*w7N4AEb#}9_v{>sf<$vTeg@u(klvr4Zq$t&OAxlC)?YXVfUEKtBM804M zDUSD8+dy7CFA(%C88~d#quCe2Ar3KS#%0)O?oWBkinSI>7cTy4+9h9(l8etIRCCP9y9PNNyqCQEU|Edjd6>z$*&-uU3f-}P`t zzzIS>xJv%u;A7mydlzM!n}A9lM!f2g=PuY5zip1%C-~{bk2VwX zNADVg5GS`6@8>;`A*Vh`+&5GP$=82(+cL}?Q^>Xp8Vk)$A9eC9uY0?q$rxcQXi>v>tRtx@9{;DPC$yJd>TVu%nQT)|XlcH)-H}})YHzF#z zX>CpgFA5(+x}4@X;JFVSE(*84<6N+FRUa6ZG5i_N_K@6rUDY-0MiJ;h>381$42 z%Fz(P)q51Y0rbFXUaSke?B`IyhxB;OiwNzh9JxPmcr?Kb&5BR2Ir!qf@Ho;PRhljQ zBL>#s0g6HxU&G3ye9->kW?OdW-U=1mva)+^w{byxG$}d6Oi*@VtidXWtNo!qWl$)-6$)gCAWa{A3zI zE;E<9HJyUAmmZ-{*qWZoR~nD^ns6920oozH6sKWK+ojgVxN zFMB{-C#O;#=Wi!TJ?WKyZIF^E3g5+RMeNC9j6S?ihZxL4zlL0a1_5>oMb-!0_*AzU zShL9=;f_#&@t>#mE10Rf6QO8_m^Vqx3qPI`ZC&4FvE)L+rCZpMnseXjnwAQZ`iFl9 z^M}b-$FG&W`^j+qos*2m>NTRQf z8|z)vRA5<0BmyNu)oplUeXMb&SX|u8-JLl4zRoledN0D>d(`cGGRvKU+G< z!QCw&?PpNtBBa66~7HV6-oMVxx}(n_SNVdVCHXEt)~6;4qa+os3~Uxz|+A2 zu-(?e?+A95j##Ql^S*3UYiBRCA(hwLZfBv zi>;RKp?Cnodj^_nxD!p}fgLc-1g$`mmg!*0vB z{>b#|JH5jg3DuVidsnmAz-tKZ)Ks4oEVQ>U?vjiQ`c&g5=^xDhdAtif#-D3Uz26xm zhPMjIaMTLHgr0ohjz^IulpESA{YW2mQ-iGJ>_7%pVtc;23{w!Ywp%jyQ-Zsm-VtR9Ou3I^qBml# z?Nx8)pFUQzY^!@}*oj@>3DaLCmiJXyGQNZCq>*Z`mt9j_kc?v8OA&a$0LpD=$IFPY z-stU&*5V{rDLRw})xn zW9^;GftQ17u2{Ll-25cng1W!F71>?58PMs)cK@2CYrwlZpE~mk4 zFQ<=oM`EA4eP3$-!Crtw%`_SQ9!MgylqsE;-0zKfElHZmz>3Svf@>Ac&BK33Q3<;Z z0lOCuntY_Ql1Kz@ttEqZ9hBle9RTQ@O9#w5^%t;sq|S1AbINbBZ*c#c_T9 zSW9vx^z!WApy2+^dV|+01f!fZ=bb%NN>$4ER|oTixzfqY539dJogp*K0LS@GtVmuu z@C(1KvgUOcllI%ER%!jlOKmO$O+HwmuvxgF#aWhpnB+xhG_H+vaSLO?7U*u3T3;Sc zrmKDlc7BNv+C)$x0uf=0k>8UzziUEoGnwA86H8;VOfKZVCC#s11r7$RDU-#`Lf`=f7OM%l{)LT9NREUTW&8YI|12!F{foS+~o z_Mld6Q(nxukLP}=lg?g1`k&K!t#4#M-LF5P`!ZpzBCLg>4umhh4I&c#xNbf8;$JaO z3YPtt!+oC!0w;vwHv8V5dAv11Et$ktIR`Oh{wpHI+%}LF5|!E95~yx3e_7re3r#KH zl#k%VUe5H&%7?`|VQzAOg>CuZP!qUzxx{vQAFFrp(yeSjnF;t?bB8Z&e&D+Jp}N}f zvcD~>(~e!}y3p*KHjjhU8$%i`Om0?w54i|$vj^3f?nPZO^X`Chnah1%4P6_#U-$d2 z!UZd3d{AouX@}lkGOD@Qj z4!cPj9^2_ZNE;ZduO%-+di)(8wzU(gNIAZBF+K*?c<@K`K?T~PmT9fGHAvTr28C-u z5&N2sX@7;S?M=H_o@e_RexVuucVf}Z!o-1jv-{18g~;=N?ZpRayYG9oI8)(^!C#1^ z!NCeOZdbL~&knj3Rm|Pmoo|kw!^y9o&kC!xR=j<}6l>K5|6$pZCH=PIJug!c5A;`J z{EA-T4>#Jb@g&=Do=|OJycykE{PMXUv+Q)F6rcT|tSCUJ_Wh>$3#C(U-pw5XryHv^ zrGAhPYj{je^U0oS2&P%mE<9SRdB-DdAUJWD4lRCVT~`0T^3T~VLXpM<&=vJU-~Gtk zsa?i#M@A+89HV5sK>DJe341)mq2fW0jrcWTmJPIl+rf?Ohgo3hxsw1qO5_iHv)90h z&KP?7v7z>q-ffW^7`L$E>Rfj%XnfAHjcc8>24hKwVu9uE%g%P!ms@0=dunoR1T3koa8L=Gf9(M=ArnLwrY?UciT;~5}!nLgbGFNefZ_L zv>^p6z)M#5PMkxr$o!II?UU1K^cuRHxLd0;E8{B$pQELlXL?b7-@Kx(3WWw0DhoHJrwKy%l{_`9JO|CXFa)Mk5G`=Sx`V2Cxs_yl)=S^g5Abs)KGiS8T+`aejgEI`) zQfnHGXVb7SLCAnpiO*A!hVl^Ho&M%LZbgG>DH}plcIZ(ddcQEO;4c6-24_K19Kv>h zH)JZvdYUw-CyXo#sA3+iwe*q96JELZmP|*#FwgVHC9g z?c)^%qbecjYT?+w-vc%qPUb%_A@@TWD_h=O!M&BQYcKCh&2^XW)DydOL|I)TxE{3jb{INN7J``*AMU;}<=j zVNNa}s9ISCc1m0u@|o;_y?OKHQNdKi^$3F|Gfv)=%0V#gw7rxmJJF2L8}F1d$FF%r zr{`D|gk5W)Fk6?t6r7`%w2xcR>Y!ueQ!ph~!ffD6#Hg_o2);kCl!tjUzvi^b%8j=yY%+^>T9scw?TUq)|lJgOm+5Bn!|3Bkhrp;H;+YFVb4XiC8I(TNgvDROm5Hj2D6O zX&ASBOhy^k*^hK9*~AU?T=IDZ$a7$_$J1n%zDY`CD|#w~-jf&|s=7+U>fdc%a%Aqa z`%1Sw(>1gwu1KGCf+WpnN~%NHiKmv&DG(X2X%70OuGM3JVt}?<5TY&+sS(#d!_WFT z$RP;rxMYDEECJJXr@pQ;&sAz@d?y68|`10|NoXi>FH@Z?Cw<#?R@pCt!TL^8+ z)YJO0>(GN(=z-VTEUS-P;1hhj0|VGn1^##jw)*N8GZu{Lho)3hS9hj5pq~!%>`Lx|#kmRpVQsv3BcyI9ICm=zz*Ddd^@pAHMU!f?FrYb=rr>B68dEOZ zYxKgIt{Y%PMdnJ>zH}V!PNcMhz&>+En0M~KYjlgx8!Z;DZP!ie5vzE;tNa;jnOOEvPJ5?byOplM}~>oXwubDQ4`9 zeac?y37Q@^7vu|ARl};F?yw3*YMm5UaC#@Zd;5J0ia4qBk*}*CN{T)FJxPt66>JKV z+zWa=Z5JltHC%cj@bp{+K7Q_X>Xnr`rT8FjTaXLc?jr4bVH-0+WBk{V+cTmW8d%s& zprK7)t;magOqV@jULs&riAw;oqcGcCTJoVoZq##mpnTq2qzIh9qwg6GJt_0XY`$zQ zWL`%DPt(As;?||h5t1_nhSd(0ZQqo@Pz&mNL4|PWV>7#`M?fu~F7;z%FF*|im-x%E z^VZ5 zOA|{zkV1f@NleGB|E{U=2R5*sj_s#EbLV5VohyI%@`v#ClQl676S3B_%mC2_>BAD> z30exy9X{W@L~zQVR*ht#eIw4)T4j z!+?N4CSOc0xyQfsjf7p$A$aTH&z`7ifjhd<-(@UkqU!Y=-SI}RO3of*bBPj6Z1WR- z6WW$hd9KS6!44t;^b2N6X@_<-^h&l9#x2K|MQ0e;!*5zK$qyggVuM#KlqWcQt z-;pOU#*h;=$d!f_zy!S7(Id83+)K!}#!2ylaiar-Mq$iVv!$ghK4%VDqkNi{R!U|n zJP!ev8KO8EOLj%nAAGO(;tLuXNy(^(%S0t5#d1}%^qwwCb<%@K6D8=nvX@~9`MFn| zGE<@vIar`NkNuA3)DvM=T^*x!(^1L^!b$1FnDvnp4zw<$|A^;Wh`TSY#DMG=e~;J8 zc1d@|)7p!)nO35j7`*I~no%=;d~hg`UL7DLj53x56K>#Q$5$Q(+>$pXZ!RcG?KWI} znf!rMi8+wR@FQ>Kak2tZD15n17qp?_Fg#8{Gw-`g08SX0>uRuL0#Wk>P{_&S*k=-);cW<*yH{^cRW-1^pXA)Ms4M@ZO5ghZcWg zO$@%p0ZmZKw)<8Qbm` z?j#wF$yzF=jq+|tC2Qc0Vpz)IhXU0>BV42r_u6?q^TDx6X?}CPE(LdLP#nu;EyF{D zlA4ZAHf)UabJK@-UKY}Hm!sX>)8}hH9EU6vaY*c(4p6Nz8=(ZP-P>8xMeLn#VOC-$ z>o!L{oS?wKJ)pjNPiIBG4|<5$Lz6W#hD^8Uvk zr{j2^>Smy{gnl44zwK$t*sh*G^~Gf>kTxy1pZjR+`dI!L=H7Rk%g|0-vo5>|1D6kO zGKQnh+&j>WgX!%e%8^U#g~me)^|uDa-=Y3?}Xub0vv^oLO5OZEcIHcBg*y1tq#cKcnO`YS#ZL3vtUz z+c-`aC?^4(i^gXzla_BE1b}bpm13SD(5Z!7%0BdKrktGhyv>Ki z2UlL+ui0qrSpNa30&-b)H|QzpHL_gZ8#T*vz$^K#U&B0*cTrs?C`D8yJhYc2l-O{wG;-9cKHtH~i;zyOaNMHw{bhNw#(>1$3f z8DgvA)xcW$Zyfp) zuX3JO^FsNQ)|7yCS7YaGMn#LIJw1935!U$Z{Wx4V;*+K^JuLFEoY2%r#HaV$N0s?j zS4K>mwlj(C_ko!Xui%3{79=AipK)5rS7|*RC1a1Piq9TSqZ0=s>uEwZ5e}JjUe~Bb zk=$0zrAf6Zj@lCzebTHOPsMwVk%NIsSQ|xaXEaS4^fz+L31xh#pg3aOtSDvjPcmBD zIFh<&edZ!K>g3q4(uOP&Q`0l?eI1Bu9kepwxTH_4ufS}qMnz8?I`gMSWc4OSD-@O$7cyb&M%u8+Z+omVr}nH`TXLS!JCe zu7G8ApZy?nne&#ur>U6cK6&Q;{+f1)L&o#l*ghxuA7l3`U$pR6t zz?`|^4$`<@w$pz(1S4w(g~1kFC;p$|8&{sTgLGyV03&M57$S{D4jW^YIfF7X=h#`Y z-Noe;sS<1bK8n z?Ry5Wwax+v;V->HFQaGDwp3V*_+v9=$2+nZw83qTY0~4=!`XO3{$cCnoMxvllqs0O zks)8ieg`b=Pe8GvZoCn5y5ADQvKJKZ-{Lj&1qehI*}%lv=EIk6JK$w357=p>P3?2v zX_LOIN{i4UKAGE4&q(>V=4@*19{SBF-su1XElUyg|2|`YC^3x~-H?WQ+X^z=GRV!} zIU~c@^mx3N0%VLfL!&^JQLd-`(#>BR$U(WGPYYtsEO0+|K4Z*^6vOVie`aA7@CBg` z^Y%at=Yh+qlZiG zvA`@X&CA7WZ^N#%uaLuZ-;NxVr}s8!Rmvq0yR?fwOPd1BhIlG2RfX#U)~##WRt2~I4(e3H@ww{2_t;z>6 zn~TRu$fb_UEDokE!5hF86~$&&hC#)E+@_B~r!K-u<;aI1fXhoFH;MvdCcQ+}Ou6;2 zoJkBK%_2*WJg(dHPOjkmoZ3PBLirC1hZN+!yACW}!HhetE@VYD(L@^oK-T?fxYwgE z-QXhNRQ_3nIa}Q_nW^9dIAhA)m%zUM}Lh55q(A~#MS`M^y(rQtx ziz{eN`d^pc&39NLC76mJyKu~e_l93dyl!>x+i~bTR@JbWkju2@3n8Dc>%=vIiNhaj zA-3$vNC;vwd*bl!erH|sQ1n(g#WJGvkc0lG%m*kWQEQXJhg8sdbV?pSJ?ZCZEa~=8 zc;m%&`E;E!1+>!diGd6Aso}jhOu=_GSdZ8w*9lK)Nu2Y9oy>;3K9Dd={7f_5`67t- zF)w=$|7$M9xm7&#poB*DpYe_7$BI14@dGt<;jQPxxY*zttW(};e{0E`x>f0KOq~eJ z>xOlKp!8sZcQ{>aVn*rIZb~y3MS^maC>s-OvWdxs23Xk zJrcFjE@=&7R_zXSd+&XnKO+jp5X_jR`ZKw642zM0aH!$#ItivOL z>z+}3k4aEGsK4<_m>y91Z^lGiT?5*pJSC)C=Q%JJ%w}mn6hovl>q3M!w1paI^)TYN zC93O*@R=*Oyuk>V8GjVlIuLt4*UgV1!+H5}?+^_DFSZ$#-&MK+D4>cWlnmKH9UvxV zlJ-@4e@D>fUzbt20l5COzZ~iWbkV$``B1-FiSW0nsGC#D?~1^v5^GaKn?1%7cPwvO z^7L<&OAe)f2%f)bS0{Lwmrk*H2>f5h=ZCE`CEe7^N_A%D^xBO6Lz_b4(Qm{|{xkY; zsvZGuH}lqn(Cz1fB8eS1uMrjALOoRa-U+__5nxnC@(ZAFpRLy=HhM!fi;bu-GgSOl zG8H4kE6c(>qzylVZqt}=JD*Hg=yB4hIfW3Myz)G#*6ha1)?o4lph_RgU(iN9BXuiP zLm0;996Me}+^&WuF{KK^&@fg*@QW$sUk;X6I+)@-O`Lk#O5jRhlFOH#b2|~oYk~mM zDa>@z56A(eNmnJPQt=Y|z$v^Db@n$|C9`8Tk3la{oGFlN;)OUfjst;<|4{Z}=_0X& zax2A0#?@UR>r-~Jgu7HSDNwJ>Ds_rco*0XzK2swRcU2%rK?vm;bP-WbLo0ayLi%!^ zcjJIwdlKoVk^P|ZhBDhP?ESK9sI>+F82)-U6qrVQbHr%|lfhD?$z_xFIkKqzRS6o& z5e*7D`mN8wMnerwW>AAD9{SHyCHI`kU)kqER*rO2!t;I@W{xYAnIq_xK!AVtuRA&u zv|E^~EJl-LgBM4T=bkq3RxS6dDFp8_`zR40h~w`$+kOWPw|C*`p;^Y{>j! z-+?28@(mA2m*&+556iv=Qc*|=-Kiu+IAJm^Vv;^!_bd+zPLWSCskv5{$HOpw$O>oe zQ#siO7hw^yFUQJLReL;Y1P>F-p-2pbU3DE6(EhOon5cE;RrF`5>LM)aI$mG_y;b^D zG8T5|77e~wF*mrMb zE5fmCvWQ9FJc~ls{s{nmL@LTCc?PRb+^RJKo@)3Y7B`v0ffbEwRYzKp0aqzz_mo&S?2F? zPkZsndu+{-eIda4?p>qntB@{)<^G}nVSPETTj0*oNjwZkp26JHjRnYpKCPsrm1u#DEc-E1La98}|7Znkp=S z!#h&!M7UNIhiC!Ii%RMXwf`I}cu%+;K@|G}yMhDy8r(-9GV~PLe=tNA*W2U;i!!{ez7t0j#<-U)nx&yi$+8@c=NuTDgD%M{a5CUyuVErWF(<1EXkoaqqr7?^4vfa>y0)d=`h$HH z;I$YL*y7&|oy@6Sc2o4K9KZK=PAM_WPxQ+pz=ZOn{6{1La7n${l&%cB8_$$-ZTs+| z#P}W_K%Tu;f!W{h+`!O)+NIle--JjNx@8tBa3tTV8%N6$ihU}xXQxn3=Kz~Y+_egd zCRi!r<_w&Q08Ke3#dfadXvN#w4cU2U;hxR2v;tO$5*8usCWW{D z^IF#`mw@$k#q~myOi(piIRC!y<@f28CYf))IC|&~V6dZ3QK04@Mo`GBy!vWt-uS_K zRtJk+8S^1ZfI!N()FeLoxI+q72XZ4umtxkx;t#%dH%o4p&m9*LWTSyGUvt)s-Nfwg z3KX|RBmAU|7upxh>%{L%y}fmk2GNJ z+6tyVYwu&r*_8siQt0&{Gr{ycOp#xNFl|MdN4z@-VzsC`z4Q^9IwAE?O4s}mRJjHd+HU_Nc&u( zcOesQ?-d_B#O&zVbZ#wKbH`8n#}8WIzn4{8_douzGwnMhHJte=&&8>TwUx&+vFa-| z3Erlr1okcuFj)K?Z#LGo0SY*Z1F7xM0t1EpGB;MgA7EUU zU=e4-mHZv1BV*Q4J)ovp;(vsq0{j1HY&j(~gMrVSJSOgnV64)-eZNfaL&C$a!am;5 zV0Gq2Jq9%rlfm()F(>nJPbsvNO+N|f<+b}mmHKQ>l?>f7KWi&vxem(vI3>~+v2o@+_XI7nq#h0T< zxu)W{v+0j`;AFVxM0+)baWoBFX31Y;^ysg;9f7)xZb8y|l%L+zzRzvw*j~@^1>@@Y z{H$Nv2>;?BXXWp^*?teEwSR0`_9@V+U%ulvBJ4CB{#{FH+|kC1yl>p9dgk>L0J+s< zYNgz^)Ngs`_8<76vt($+pl&N`_?$R0}(vGGbCHdv7BK@N~>EcfLbTLU!dyfp-=||ChY%uy@L>&KR_Y z%Y3|Oi-AIPh@ucU@n4{{|6gHYzTc-{rOjq6q+;DXE?m0G~dt>Ne@St~HFL zRJwkGlnU3R#;Vm>E-5kUQyUVgL@Qiu z=Y_MWG-Xo#AiE@htd+P`GveDPzxh0jDwYQhA;riX*FLQsx>W`R=U-PaJHYQ(*L9CA9&3p+otpTh~2V{365ubyNlit7bq!vi~rOMX=<IJ2G?2924y1$;e37CWA;|8DTxDl8P&Jy4PNSXoBVg$AFMlHjZg z%V4n=VtkUad=lT$cdmOv>abBt^?&lCYxn)^r4D%$TWIp#by#Acu|V&Xs|0%{71uv68wMt~u|aFQT#M`g62imq&@*qzV7|&t)fdB;tQQ;q<=ET#MS5 z$m5Bi^vGyJ{0o3~aX0^r@qk}LrKL}zUlO_Z|DkbQQoPU z*Bhvd4oowxdw-}_djfX4ZvSVQ`f+CBB`-@95AtN#k8=*myy59JGiMZLlZnLhC$Oqh zS`j!;5VWS}>9}seeWKHzywoKXf`UYnEAAAJC{mdM(Ilno?t)|y zX!45H3{v0C|FF2`ZcrCDFa4%SZhf0^W6@up|HIvzheO@{|Kno}Mp;IbHESg$`@YTC zg_7kiMb;3qi>zZeLMU0Y6hbK?WLFf~h7#Gc4%v-uvi;7e`~9iA?(grqKG)~^{C?N> zb>04G?(=$`bDrCIKA-2D$5WKE?gZSzUEo%`y~#(QM6~C}(7uAEw38xusv;`-)1rc} zdyJfh3P7wlgJ-OnR?R=JS2avWkf&>PIVwy_MDNMY+_pYO#zV#TR2as-mZzSxbFtu_ zEw_qw(8y&KM@~eCQ&BY$24_MW}i3sthlir!juP zv*xKZ2*1&iESceSsAHm;A5TV{CCADxR>vO#n_^xXe^G%mut5Zp-IV zXD!f(>kW3pZe<^~V1UeoZ~E5`!=tu{Nc-=Z>g!|X1Z@S(2GgPZ z!sz_E4-+%zV%$7x_!noQ4r}wpT@Lq=m!z)+KCGY!!^)TB`;lXG?nj#(yh0WtKox4=qRXMf{4>4S?{%9G? z9*LPiuiK!@I$zOp1)v}(_f2s13qSSTv&P;#h512|8li6dLpdgd_mk8-J*(q-B zV8s-1y}8aTcEv;+(ID?bqq0~6S#SVO1UvVfY4B+jMnesS17JBBYpWtqjPW)Oy&mjm zAqIKp+(w7U4`iYYphOWOmeiO7PwGf(%0x(ljX1u)5MJMe?=YVWOR8l<6iHv2qp*;b zzrxtI)geK*$EXH#Z~ZC)OyqgvK|Z7xEnTdL>|(oVLKYoA{^dD|vrUGgurY7vbm{Q; zF73>=>^Cv8qAH&!Qo)1W=IswhZsGB zB7xVqQL*O5gJLoDeKxt(jTIP#lG5!qxLGZv(HC~xMt=5kzNe|!HX*gn`h!wqIPvWM zjvu%V7<)qang+7Q>-uzf-i3p(^v$hMEV`Dkdiavq)?RRBDFqd=AlQWl=sCYs?IC%2b<8}kzQ z9!LN@t54$`MdJPN?pT<~lht7)NWI(zVN&s#^1=53A!|7JX8Q zXOCFk;!RnL1C9s{ej-AGORPJ{Bp;&)KZw!CC~m86n~A8qB6);_`o9pcXn%0vXe-;e z6I8nQohHL(H!zU`GF|m1x1`~0qmTMLhEB)A>)RGr_S3KpaBRLO`qCFu#P;}(e~?#QGi3T5H))-b^+&gKFK2M7zo|5#uUf}zzqqp3 z%Ds#SErx9*YSI_h_0N|xlX#i+gS()G8w>IG(aVhJ7d`7OD=FWg_vlLs#Xs_noUpD> z1h??7k(&)W&u>P~ye`GKD@ILaDMN7QKsX8l(nG-BLZfZvsLU~2I!x6ASzmyfHv#`7G(t}O@ zF8VxjJW7o3m^EZ32;qZJ|BQCKdmBSVp|WTSwt?{X_I5_5fV*bm%^uE&T6EgwWvaRF z9kMr2C%y+Rg&hx6NZ9%+-dhl{S;rcuccK>DqtG@j3nmGu&=TDK05cP-N8eOXc7AsO z<*Pp31iv*fFq|-z`x^ck>|cFo7FMepZ-7j|62l z;Ry|Vuqd<$p(p5B@`p5XkdCST$PDr^}=xkt43?R1|)=`4KgK{S-Y$&crg6YS@rbk+e~LJyj56 z53Y(4R|LxI@a9HE9$8B2MKs#3jVC088L_p{@{WQ#Xnu)|?D%nPi zH_hDwRBch01W;;bB9DNX$4-IFte*%b`C58$tlz_JrW`tiS$t8(;%t0Z5(CGa`LO8+ zLZt1B(J!+W}FI4guIvBYQBbzHgXLP*Rg5OEphwkEa+nWK*FS zXafV&!!T5Ek!pW{&63!-EXODuy~7hD#l3bx1qB~fXaraBP{z$6aHPe2F=nYaf5^qum?qgC|xihyh*1yoRR=<2SF0s!q6`b*9Q4XLXbLX$W zZf4=XzR@O%)y|?$q8M%LASgU`tEH7)?R0-Gd|X3t^?8SgFS5-i=;o9)#7bgH{xPIC zc~y-`TsUPhRM6KvMT%J;O0V&K4bUU50kF|fa>+5xLo5O&_rj&x0z!v3(=vIF&%lV7 zVB*C6la`UlFLzl@Gcmm&n6ii?!d8i_(oJ73<1cAlNy)qaX&HSR zu~Y>d9_RSC=0{YP{1x82rEs#0E3`QFbX`rL%*txBK1RWpd9s|j@3kD#*ys7_DfyY8 zq}D(gN^+W;`+&B!-wlKF}FB)zC@aCD!H|b_wug_MHzp9@sJ`C5CMpA1pTxN z=K33BSQ6|G6)0>+lSJH&-&8wAdNTI|Jn($-TQ{P=;N<<7=a}UtH@B!dWRl(rrX-4{ zOFt|AvOf#*jZ5u-Pzwp3J-AkEktdp6ep*@~|n(@gKxE21NGz8+I!7pe>>PFeMDW387%Y6s1!y!mc3 zBY@3RQGRZ*a{8m0PFOv!!V9%ItQrIXKTwers}4U1djt)vkBvN7Q537rM-}268wp>o zykrLJB&Bn~8G%T;MLH@8C8z`A*}dx@)J^V$oGZFU9&1hVI)w7}d%rf7yT0M^n!pruCqnk+@xtiFC(j}dQ?ZrmZ3bB{)xZ1>Sdw3xI(Pbfc@8^0-{QM{7sDzh8L zd_ffUsM_RYd7|ww4voi5YRon@c0{#s%3omG?AEI7=flomoWBH8NK`G>`mnS&4U%BJ zI@~^-473MP^#b!g{5D-OKL{00aqbByui37u>%2iwDxvbgQb|`65-OtU!pTV44*=Jj zM;hRno})xa(9l&>Ho1k~**gba0?b=zbQISA($R^PsiUidU|9>t3q3vZPFtiXXSO&>Smplhlxp| zqBI+ND?(_AZkzcq%A2$8R*M~#FK{!cA9%fE=9{FyCnuT$GM;Dml2ww%FSl&&d)feg zjs+?r9xD(SCUx&5H=^^)9WfGcZmOS2iS!;x!kAKO5#Uptpp-W&H_b~*%8E^nLLS6H zjg6(!LVxkKZ5tJc`~fi6w-w{b&@y-{iYNyIHzEf9)_M?F=kLxMm;{D$2aJUZ|92< zobi057z5cOEZD0A9Q(?{=1vwWVa|2t<4$TVeUOqh{G}@V03Dn%34)=FvgUk?TIJ8a z#AN}k*%pQ-VPYqfIXA%t7%e`Eq>#JDAF^3C0qWjXd?XVH$UyN|B5OqAyY}&P*`(w1 z!9_aDwRK6dW)I%aXiaYpQ3H3yg0l+4VMMU*aJP%3Z|uCms~pd^T}t}}*m z_0%;a9Rt`=jan2Uj1jA|SI;{*Y2BmS1-St?JlOUVSQ9w5Cq#cvgf0hz(dHEw4M?JJ ztXb=ccLIT=$i0=DiXn^fPb(Cc1eqYobe-1ZDidn;nNxn-99B}3l5Q}SzN2ni7d%El zcsnDwXnB!{-plulgSf=-kd_Tur;3dtt)y-5?XN2;k4eB9ZZ{nf{^k66fA1+_y8yX& zNieY$y02a_>FCB!mrRFzDY@$CS3A`iFm+Kv8t9TQC5T;uqsUR2S<9gtq;!G9AyF_) zJc{dBr`91Jh)ZA>6wU-3lkk*#=Vkb!4{)j?-n?(i}^t+tin8_$+c|@vDW}G^D!UO5BoTt;Z15A zn5PV8s0LZY*8o&y$()5OU+WIY2Uv}D_)$I0I>y?i(Dx@Zs~Pu|D)|U74WM8_Av(=< zox7H&6TltS;{=sp)aVlw6M}m@Q|g_;FV2ir!S{Mid>pPw){xO1u(s zpkQ94(NmsX>n`wYFP%= zYAP75JfkMSww32D0hb%+8$Tf2M9V`ES~9JiOvtCQ8Tu}SAH%`|+89rZcz=xp zDT))i0cx^i$Qly5)wAL%oCg|b7d=hzNJRjBw@r^>f>R_>=WKG^BQ22!cZHol;gBQ7 zuFG%V!=%=__4TlC0LCkSG&yQh{lcxu)24mk);rBiO$yX&AP|3S(I<@QelO4*U7pJg%ej@I9J1BIKNVO9wYqd?R z2)7WoUl{M^xn+6i zfX2~)fB>!lMdzW7+C(+h0_M=AocN9}AG8E)J3x{YfZ^!q$RCJN_?9=d)IjS*1MXqO z+c438DJ}GKz=ugzb45_*K5*64j1I^L(Dfzi04sUwXp~Q*JJrpWVJv#|V7ra1mDnQ% zZvUu8ME|DM4^eSU@8mog}mw3vNB~ zKu z$-PXS+W|4Y6Flvzj90sj-A6;)iRrRccIl8AagD;gjhc;`gHzD4Jy6lIi_IGVi5^DK z!xljp+YYXr-_;{oPSl0mz=2wRn)%cSE)Az+U~*buauc3rR2SGq4$)?%v43kT#RK$Q zksLTk4q8b(LIxq_33OYR(}#D>`*~K>mynCpC(|}*w7sRDwS3|sr8(qLdZI&)E z-FnHiMraS>M!u9N4ND40x@jg<4Xz-cy zf8Z?F5-8swltar+rnqXLvaLSoYyzQ+BV=2XBZ|f1R$|1InC9ZkSBGub*!h751SRj7D8|8${_M&12a&@;sEFY(Y$pE-ZW1@>spB zj=XpdtWoF|*njEzexnK;tdk@bY7|*wu2JttsU0LdwRlRjIt&&RfdEKqK;*{jlkDTe2oo%7O+_6r06+;|{DdLRh{4x{Is zxJWO;W`|4IFQq{jH~jz7l|xwl+TOfI2yhxykNznoGfk zX7}h4GZ2=K9W`4eQ$>s0kG7t56)pCnhpX35BNuliy?4JAX9%!a)-@ez-TU}gx%&t+ zP3~3C+0NdI{zk&YqHD!;c%9wC(rD_%mv;iT*4a5~@(KMq=#PFj9+<5ns^7-bPZjud zcVl4axXQ)El<7~W+5HIZJamS_Y=(Pwx5p~DIt!iIT4~*o!it7CA(bT;5h`WQo$q0a)-3?4AY3-ynuN>E(AkFDo2^vt&+A<`5?t%{+={p(lVTwoh$7GJ~iql z{e!;|5;#sD;18dg(j_t|EvL=bt)hoK8H1NJhu0B(lqPtSs&Y{a3vu-(X;O=_^_%4g$`Tw3QZE+WBqF)xtr{*#nG3!kQ843Mmll2 z@@RwyU920zO6zsm5%^0*WLUjx&j9U<4ykqHMklSK3>m#Do5rip$ucHq=RwKSj8At? zOA7TrzsjZ~P`u$LU{9{(|GZ^#+<2mO0vtyTdEY4FFfpZi#%`AS7Ba!U>iI`C|G9td zKL;}qiSTb_@AWENukMvV)0HYSOgZrlzmu_7+S2S9h}5fB|a|h9Qys@L`9(&WFk%m_o zH}=+vCf)SJ{T8Dkxl=*;xi*|%4>)=aFA3gB zCX-6|UEYh<7-Q^!aNPyM#gOF_7x|8)W>)!?1HC_2ZEqo0(TBBl?j9p{AIx0o@HVK> zhrE1ZSl!);hjGGf%r{{xF2=BVgQtv78X|{?$XlsXb zSQv=-$I5C<<&Ex^ZvF* zPJ*r^vJ~brJ(v8CEaJA3V=kPe4tZew1^adpRJ&AqfQ>ob=m1-}b=6vG+^@#I8n2s3I`#CFAPsLa^E?uFx>ie9hhaZb7I50Xxd8Mge%_MV7FRC-g^ z9Pj$*%NIx`%))hqMDjyr26!}_pqL5{B`ge;|QaMB`D2SP^WG)EO`^=mo!J!@((Ys=*@I+-YP?*Vn4 zt$q(zlA4h`zq&FGHpz@hoXq;^kR>K+gpy|xbIuahhv4ck(L}#0b4ih3xk#tNrMs-% zIB$^*$3dEHO@*i)X=Q3IFX>*^Atk)P{mBc^X5n&QJLIi3CTm5zI$gmYc(Tpgi$hov z%b0O+3}N9)P$&R&!8nv1^%3B1deKv+Pv1$wRcksx8?t05*~Hw`A`KtgZd3?0N1RYY z%rdXRN!F=d6eRyb%-K)iUJZ^&NKqJjKBpYGy@;=LI0`}y_-_l`z8y^LOr@9ai7+CzF0P|?t6z4VIe<-LJZg-z3R5*;BGvO-|QQgi=Sm?xP2 zZB#%lXs=qV0uC<_-zd}HfquYfaRg(@_nWW~*TuAvs)DMJ=C6m8E(tzlL^vu(ozQ$O ztui7pn!c#6cEEO$iVZfzUeWyn0cX5+sNswSy}jf9iG(Q1Eb2HsF1s=A$QD_}#@rIxDkGa_2c zTta8&5DC!`dsBWsj_Is88KZGENb2f=4J&8!0pNYgk*^oOYFZ6gBf0pY14|xhZn*p z3D=<}IQgy1I@P9cY$`I@A8l&(4yYlyJ81kcwCfeq9l~72<>zi4^iAL}t=KhQ zDs)Jle}~(_3>OIA$-wyWM`M5xm3E6%EMcWvA}j^fX(x)XbC&)w-~g4oFJKQ6Z1#S*JaG3k54UoDx0#sY8Bh`3&3 zX;%Fz_s5Us)AJ>3kcsniN9!7$%C?wa)$ruPsdlx|8AG*cGL!oB|F2SjwL zadyXVqzl@q-AyNY-q|#2ko;ipb0&j=ZASrwya_#x&guUpkNV%7_sn*L)JzqlXCjD) zX3qV|hrccgyJe~Z%7p!|#9J)TR-2kgw9KdF37x$gPb_BzcSj7G{7v@=-S2iswpH;R zi$gM{E>kz_ZYa2n7e1DFzPVhOviE9IlKwCtW!{;sVAJigEr$F4`Tq?6ihS+HqRg4X zga?+xIli6!bnU2B_j+*NnJNRh=?^m!A(A_T?yPSL2`ksBNAXUZR^g5dG* zx6PT}y@GyJ+z&_n!$HXTdUwRvG?yfwtBB2x+6CPI1-DIILWyxGh+i#;q0TU&rd5Vo zgF0~Xf<1;6+~^K7k2+0^f53C(duR&2{^xhaU?=VoXU7wh5{v3in3vq2wSWMjt5Bvc z*eF-v{I`W?X(P6NdhgHPso9&yoh?c!`@H?c=n4IU^WJjnE2&TEThDtB&b~=~g5_-x z@}|I^-jA0FV9g>%(s-?N8k`{N^V;5)%o29D$J#wAn{ypYN%g-fuFWg2upK-j<{ne) z;U2a?klZfzk-SZu82o$K+$JdQ5&=TI_m9>KPVCP|c>%5x&3|tJe7&##-Xbupep`<|5e|-R^V?zVevR^l>be_`gP%@B_Lrpm8s+~t zhWp>^%6PLuPy*2Q?4M`&n%A-VaTg*<$8PKph{5lv&R;%9q$sBO0QtG5 z>vNI*yBPim!vhI9Cj{ug#@XfW^iRKr;b#8%5nA9U?IWc&;y=gsoromUf9VQ@z2}gg zC{N1dzy7@iFWP%?;gHDF|1)8y!}~XY@Pq$W3>U{TJnU)q2R^R2pCbT+6CaH5&-23) zTTt=P5)%sG2JerA4qofo==s(CE51NIn7oL#70mw?F*UJ2d}_}}9Cjn3`yDhZ6H^YL zM9KG*4-f|XSM)mJ%V-a z>&IL|G2JW+jd^(vk>5pzI5c9OiEPiMl@?swB4nTFpwD_#cIJn$0m&w2sK6glsM47Z zmpTBZ{CKiJN(7`ui2T6+>6`mn_kdST)xqco2fX@AHDLa6z^7o?#vRWEI zZI2Q(uum=Uk2p=`xB>2v{As=7Q}qZ zJ}v(IZYCE|ZM-ZDy316Fgx`OnfbRhkKSYW9|90-L3;nld)s)Q?{!GuqfXDa#JTJxn z;g{^f>MJ=0o^R#1o%%D^mD&-U*UJ87oM1bItK{6dKXE?)f+#6G*}?9QybmR2sBh^1 zk*TMMDO&5)KTrQ5$QFwX{F$)_zy@J#-{U{B)*vsLB&1E^&r^IO!*~OvP1`vB<$rrK z)>Q-JhWztf$o^HA41k^ki})wu|8Kn%3Zjf}ds{BRwyFO4v&0riM}qmkxA<>${QrxW zK2P74X92X%`ZI%nq#pC`|<>==aK(n7{HE(Y@O%j{~KBH??LP{T^ruI@~It`WRpvOZy%%ILUMW_{0R zzE^H+!$UYKA5&M;q%c!ExjU&aT;6R)L5TRkFdtW8n`_xUl4g+}j4BtDZ3O91xRW14WnD^3Ky@sUlTQin1 zH~hDQGd$4$alFP=f!`GrR`2|IvLg4QDrlBl&)}TBABur4wV}lB?$oaHus}~wZ0-m= zxt$dz9J4$%KQgdm^zYrD8x>rqa8E7rbYsfr-Tm?RvHs=X`s|u` zk(-|u{<`tOe{HMpW#b4at?kaXcXLOlQvHJ%vTm|x%E+|V{L`J8ohHA>RaQT^5cf&_ z`wUn5th2J7D&@V9Lgdmt8ub~ed{NnE*Tl~Xt#a^C!{6iBEAWBcyx5Rr9{>03n_mG3 zGaopKH}-NYtF$zzy-j*mE?CZ^3}}H&uqFvc!Qes`=Y8>SXQY_A?xH;=b4H##w@g}& z7WAvD693N#h%{CLLEQHcO?=pIbMh~eZbMly*hRr<0!O#r6?3Ku+YmKB-=+mWb5E_m zo#LmFz>5V-_f?F>%u5cCA!A z5*5AvL(l#eqymBO(w)#m-_w_MDu6~5aTA|DD2|93@D5%q>tojP=jcC?ct&+RrzaGX zhDKL}LALbYxJ*F_LNN{ih#w~>$z{j6RFYA;Nb6m_qf(13#p1tslM`+-{l`gdqS)|})xs2~7p=%CA^Y}|ODck7+@^qQZ_^fq3vjn~y& zE}^|QIL~-N-SNCL6@OxGv0`J4U$f7Pa8$Ze_|3N)5r!V0o8EbX8cAk#u7*flkQE_{ z?jXsQt|%F~^sqnA7q(snZ16m+6ffHLw~1k<0C{i^iMp?yQ?ke{#f`cg^UJltDD;Y_ z;7qNo@!unxP?9aQuX*cc&JrlS#}Bi)PVd`F2hV}09USj0W3OfGZk#su71$8v9x+u} z8RS1{`MK%h?cExM)^?1xUdXuEq&3m z?Gj@qQ#<6Q+({&BH{v=yAwrkUi0|9RwEnaRIF9 zzxUr@44E}9@&X7?WSdAEoc;OBn-2i)1P__odysFiHunKR_3GmjzBH#@yQ&znw<3&h zEbtyaClG-5&fl<)b1K;`;8>R4^DneyfBWM8fc+Lfhf6FrwDWY3$bCIxw-W<)vQ1u8 zmD`%XP+KK76}ml%h6ZyoPL%I`c)`PZI5vx`NY3sJuE-+C!liIkzO?!6s6>|>y6y-; zAu(f(M`6RKElaA*)yDyBtX`oZNPLqY&cWbk*r0z~i^wi;Y@JIIvI0=|X96`?UtYNm z=Z{HQk}jCO#P1mSpdV*7G3K0lJ-yB}(l?_OU^r!L$xjh~UUj=Mx!$kP+FQ!D;=qr) z1-5HMuY++Jq>Q+b19E&Iai3e} zOZ^fG?Q^)j>zb+<2n4o?!3UdDkyTm(eh!yd{vPZ&@vhsQK?cmK;?r}$G|u2?rUkgf zi3EVYkOpXC<*EV_vf=d~nl3sP&X@S#$r_p7xJ416*m2H3Dv7kzD(vvjpSpP8ug?Es z3WZrdNaQIqw)0&u3S;_<JEL=Z-|t>5lr_Jd22vHW>QA-;WV)ipBx5qR96%Sx?hj)9i8(V=rASZNjDa}gUK_%6bWX?Fxzl4lwsTQ$5Y3CJ zWq9og9HJo`7;fbs9qy~{6M#oGK-5t+0lD(Yr|L_0s+YIhql1l|9k&#quEYA(46oeG zefgGUM@;7NndkD@RX91;fw<1DU3L^f8R=|q_oFHXIh$lP_-~Fl$4ua?k_H?P{=Is+ z5ECWD)r8mu`I|HHUr0?vp%9Y9W_=urPbx9UeSV986MyK>5C$nKoKsH6`6B{-f&C%Q zLM1(g!Vt|yPuSe*+a>nke7@D8MCV5EP6zU|`kAOxKT|I1=oE>WV<5Oh@VztjzSJsm zs8gZIS1msdM3}v8M3^nSDEe+S#a1TK;6EE2)(eBYmd3talaPAXzpictM?6R!)PB+> zQEb8RcOplG2JC>(2?YvS$f9|Pi>WTXg8E?$cETG=cD>QLaiKcV&*-Hehc46dtM#K6 zNnwyjQnSsWcI#XUrq59dQIVt`v?1-_Jn8k!-E>uZ8uf8ovZoBLfNBMS9r95@uaCeAKgHR96&rG*eS2ptik{f1TaP((g zBf5)3iT>?(;Ntwqx7q#SbM#HbNvB*(GEkz^7OTdK=SJN)G$AKz)H zkn}Ahe2gs1Kd|g&cElHFgPiua7yEA5ew!C}J(VFYsGTvy(*(x@BQ9ooIX8+wz2}M0ez6s+k~g;%98T))e`4>;2NdQCtx~&e#~B zkof^+z;N4owFT>bw}QWO5l@>jgp8QiW*HQWGr4YXkIH`E9{)D%IUx>+g^$sbOqNzc z2j@#>sG85*#@dEKsE+0C*j!fO^?i3ZgW3LK1j;$yBHRa%=9SMNNt0ZLKbW~0)c=E-MS8E3JF7@f0c~~J`FaE zDpn_$7Rbm^Q8Z@PUgvGT7TonT&xqQ!xI!IRSGTu&wtBb4rp{<*kct0dD}wVlUGI$n zUUvN*-w(ftr^*tL_A7`4x^HJWLUbWXkZkh)U9Bbo?GxHjr>s>>h9SP0Y-n41IpXh&@nW}V>u4wD30^_GXtdk!hY!$gw zBZow`F0niFv*}lK`1%1i{@tUs7dmWOwQ|d4X&s9Kx*7bH>t4|-)nO#`TU2umnQkTM;>Ghp2-4J)+l>jwnM$nc`$nD(c1y<+;*99s+atN@LU7 z=l%)m+1PSA3rQtUN5hF(^JGJviu1c1?tYW-h)E`BfoO>T?h5j;x^IWelo})>aqFt6 zhTUsdCT7C7TUSLTPYC~P@U$7Cpqu-`-2vmFw3w*R%XdH%wPD8qXan{v#$?Q;4(bkj zBMl0=D)|d+^Heu&aoxgSwq*eO`ZM^QW}mu5Zm(VDkyf8~B}m0uCxWNc!nSBF#|e_w z$wi7~6LyD;rm~frsuMU~X_+yk0>kF-e{;zwFH z9`>**ge;e>O*Vmky8%y}&FkYAGG~uzuZ*C$DT!>KBpxY<|c*#A6EanUJD?@yzi~y?8ZL z$V+{Cg(l`4uA;$o937VjZp^O`PFKy)gwLa#)pFp?^Xq9vOqX&j*D%Qo-vDPAv2YTT z-bV?Q*QH;>VLjlU$`A8c%tW**ZLCCdEO=-rS=|i(l;-GD>DWab_7CTQD{Is3eVa#4 zP}1r`>gS;&H|+B#dD{^fD>WUR1Cf(cbb9HKPd~3&dH>0$t`i^vO^)7nciyZ=iFzImCcQ?zB zP?CI$Jb+saH>pO;mUe1>byO~Ade*b~AgqObJb59vt(Su!AO2~ogyXNAKKUoQBZY6H z5E|EYX;R(gRp(zlqlOjB6MQP5foG^K-`!UYB>|s4qQ+To(2@d8R>;%lH8{mXd5C7t z?d?E|6{ON*w%<0}wNS)^;#={m1k-GOCn!W5u zn)n(1?)Ii8#Cb2$q^u7UU_jIABHiwKp0&GfSdTbkNBjHMH*L4oS(b7rIiwv2XYf87 ztF{3f>a6^iI4`j5#eKY4{&b{X=YGvMp7!krxngUgYdT%>I-aK&XxXX|z7$4SJ0WZc0|c-()7_V0Z@SpFO zh6d9^=DhoKTV;-S9vgD_dL-);ONQN=y=Sig&!mV+Ci?<)_(+vUy(R+AZ}Mz8Kfb@3`0oDHH##FX z3MGcijp`mBC5z1uN^m~YkJNeSU(2n zshQvYUo6GeY`^kg$<$_j$wWzg#3%jjA3D9H1}~`jHdvv2V&E>GKLKU7Y!|JQ(>?XK z(iK#mv0X?E4JU(s%mH)Fn(gKhu-lz{mQlc-TQ&~`V>hIRl3X-k*}Tk?Y2+zwk1Oj+ ze;c~h^yx{}RK4qSaZZF`^_6k`PqV>`H8&s5Z5JFZ{OP^!P~ZagIqsy`W%<3huM2HG z`aNK|1*YH{M-*}wzcjDa8mCsjE>v2hbbrCR2+SUBlB@QLY@tS5=E)x%HGJ{ z=Q@WT^wikXr%g@{l&~WgllA!ag0Jp=ZT`Aka)n4~BA1?M1tX)^Cyi;%wB(i=e4PI4 z6Bljea!GcA7l#Ii9~b)1eET|McVC=jcRt0b92e;{vNW__Y*IaLBq4qE+@AL#4d3l* z!O}$CiDLC<(ibLtD+-z&rpak494gutB-GAlI4qi&l$(^`X4(@K{N@Mqordl_PzYC_ zS2z{eqEwDHxc}u?F?B^p|BUrB;?VYmpd5SH$-bAo*^uErfk&+Ej#RV7}& zBbdu)mvz{6_t6b|X`Q~uY(4Ti&!4iw;%C90I`WBY< zK4~;J;N2b$XKLW!f8IXYUPADtd736^^@DN_&iG8ub4v@OR@e=HdSL8W7Nng#WnKHS zQkGOZ28P01cU@WCk|$s3S+TkegJv+4JL^(Kn?K}(ylLONxh|yLmi>Tm{vEGL=~URk zzTvka5+4oz=8wVI@3!y#n}(tM5RtoI9x^W0adW-SLzy*1U+PE;sttEUqe=ER?v)hX0jvCAEWS?r^@wb$_A9id0m2M#Fad(8+QdM|jOBv%(KIZoBWR7dPF}iNl z^vMlN_taUdl+1ps$C}NZH4c6Yge9@quJ*Dl4WT&A6=_+)BIPXjXTd+7oEBB-yl2)ckT4i`!&DB%q zn;4ey!!-M0c)SCvWUv1-UDF#gY+I@u+i&v*^xs4}a$YEVCQGJQcf^&IQLpd$AjObb zu1BTq)23m(xSJ7Ck&BAKx)&r3`4Q4Un9bh|dE&EC$_PwONxgHN8E5!S z(!i4s>#uh7do9FHa)AL@Zj2Q3d0wov^GV3nt;x|R&(U@|)2I zV2=ufokyw5CDamwfpx0&nABlyD7j#JSMcqlH#?eNVrv##SEW_UFC$NZ>+uBL=p6%T zCxJS)i`^ZG1A1yC6Dw}D#%fBpflIL8Z)M`AXRaw%IE%zbTk=}0JV?U_69(_(Fpa*r zyB6A7tKdl_JLF;lSc@*P?1h_DI4;B*MIVH{J6di4gBn@4*O(YN1fBQEsiQ>cxidxl(2st^3v< zDP6Wxy>}KbmQxNp8RpuWz6o7$$>|!Z+ctKR_PaAH@rjVQIC)ym$E>4T{*g} z#@N&yn=ul(z)t9Ue8^SB)5z60Whc&I{!YyeOJi1d8&P z8B=8$B~*zmW{qrOhnH2) z52RV-vU02J6|eZzC7S?(JSanZ<+~bgtZezrd#clBca6xKO6$KTN_+7aBYUUzx+lKa~?5R3%8EygHk{ozuDmvnh zU7TDDf#tgzpE7^#N)Nx0rhRm^jiN5UpY5*!wdj;}4Tme2uW$KC?iAG&?oZ_&Dj+}Z zLgvV3;inYpa7U5SPFJt7d^&+J`+DtmrZz>qE+j|fuM0?jv&ZE!^d$bh#J#j_yez@unPSmL*_HFqyVNnVRAl6!Fv{ zI$qk0fsoUuW?|PfGjpCy8f%#ua5}%agw2p8Ga5gb=vO0cx40pxgZ`r1Zn;QEnR@N% zuUh*4Nw-)}@WSfKx=U)46MK`F9C3i!vin~m=}wt5xj#QU-uxX9%v2O|DhCEv7_FTmF;grssNhz6mS4#J>P2q721y#gmL-Buj@s{^VA(QWF7r5s zvaQB#L@^kifs$BXK0~EJq@s{9urXKHcd`ADp~pUIWY=ES+Z}=nwc44Zh|7Jz=plH~ zlVSmsrva*m+R$gM0{D{8Zx~6!Paa2@9qE1(K#WKr4d5StRd4l2O0pg<0<(Fla4K{5 z@TF?Md-JFN+3xK;aPm{dJ`;88v9$pTkoWS%pGkYal%%qKO`9=3z)b7(EbYFl{NhrE zsONzslb;A z5(tDufoLG%(|^r}D6zkAN+{^pfkMf!&OD--Y~f0l;d2N6PF>s^ZqNdD`; z=KtGgiyrmdka}6ML6Kf}ZEe9`FuiIbhxga9nyKbQnA#UR**+t>>RKk=SKdXL%O8^z^&3Eg&4h+AKCoRVb8vh>U#ogh>LwfA=_;{a z9{=mi0}gwRQfD}%`w(2(L6p^VB6{8SAjLn(Rq(`?=AXZ5NB`bVJI5COTe}*U(Rx>M z(tps?S~DnczNawRsiTlMPs@b#e~c@CeG>R*#5gR4s1NNdcuMjpL_py7m-2lqBzG z?d$Hx-7YUZNYR_J;)&e2JilzZyKvJj*TnlD41KK0OkFheO*~b6OjL=pX;SR;KQyM^ zfJu^tb8WCSCRKK_h3;2uAH$$-tX7)TprKI^Z9^aw7{vPS&GfuLikouoH2E8U_tcsx~m@jYcfT^ zQwtyTie>HC7L+Cs5gyQ3e}c3f-A_K=9OvYI(pMsJ96ZR$bw7Q%#nIuUu!)5@2(A*h>!^{oKZ0r3FzD?d+vQ;e7ziw>1@Q>5pW7%!oAs9+DD=aa8lb$2?k89k1 zUyHAau^-7JrF9BtT{$Wqul_CF-28BoT7yG?i~jkT zw51B=RcBfV%npev<%sS0t>k`12DxT-&^Aqf_s`eQ#ZlA!gonvj$&EWyRPe~{Uyi>F zS+_mcE~fC0NG@wF_$Xz?4PADl0Czd=w!P~9mc57G4A&em!MhKw z|BO%M$&w6G{))NU2$~-M07?S!9%h{c08ymr2XTVTqml1__R7a{L@$YN+nyX-b&${h3)_pHcKG)}6KVoh8nPvwz!=!Cv!Q!H zu=eu@fI#H(x^v>b64 z&R+hH9^whtb!i6xG7Hx~$U>tO!#_QY#YPcXWL*FVEi!)kO5n+)T+p21qwc4E z`u+b25C8wd3f>uL-Ue1N;ip%!tzQDzrPrnPD|sDc8I)jIij8phPiqB|(v#ncsgRTY zKXCj1%L=|_Q*D8}{dqmgtG?5EO~wX_i76mxELeXeo7O^bt#v_w(DnZ<5Bh(3)BkeY zws9Bt{&UyI@0Vw){daBx2%38S%ZUd!1Ufm8v;WCL{Ey$#|L2GQ|KPSoj;*w96lu@> z$99i-$m_fR_pHDs)Ex$hXM=vSn*WEM1yupDe2eJI^Xu*Pli~(;hmXQ7j1*lPq@*@K z{R~ufSX6`S|7BhNV}ty^WUK$VOHX_o(4gp+vi=w!e!Wp7)Q}4gZ2s`m7ViWg+b-+M z^{2!X7|!=U*@T@CVDSHwUwWT0DsTWUvtXUew0^_WBfb_B>5miu1gmkW@ZUL|&`v0F zSQ*i!0@v}={{eyW?)5HH99-g8>(?;``1_x>09ca8>phhyI9?amd8wBsAgo<~|8|0% zJ+uCxih!Ww_4)_@&mW?yIgGe_vwGl94;B)gavuXgJv&Q`I z|91cR5*sW$|5y~$n9`4cAeEn9@x8rTl)3i*9U%O)EdMjM>OX&(|NOj!2$oL#J2?3H z^^cX^iO}BO@=d+;r^E8U;?({RFU6h`NNO*T5DPH4_1D(j4z)Tiud6#68OS6vP{<6#3d?_0DyO@P%=QC>Q+0 z?U|jS4V9cPkBoZ2h*204Su>qaIcvOfQP!x@XPq5u)Hxc#L-Uy!{}BP7jhEzJt)IEv zA>lTE*Q+2S#K$~ZYX!5?Q=mhPq-ds5=c>Ic!N6B-HPpi6wB&}RybdEZbXX+=OhKFj zqozBKu}S5F{^LX~0W@e)=k%S=R&HH&Q)kqCGJ%+tcEsGA>de}V(x(Ps{V$xAC+}lYbajEwn4fcVsViw8diZvS zIG7-ue(QsH$8A}(?PQg%zk#dS!*m81;p$s{EaqbyjK8Q8bWVNVRB*7nHGrfI3WO{-1J!Xtjo$Y^6jOEO1FdTd1m}Uuf-h4r zk${#FnqXIB4sG5ey*X%he_?3d^#+>^i7f$xM>21j)t+1cTHq@o`Wnl2dsE`w$394? z`8DvD%XPtgRVgY`Ql)gAUue&@QmxJn13Hag#DpEC+`*7hc){%F9>cSK1_m8J=CGJg z_o!!u+AqtBwDVLHMRsgi`WU@K^vRYDBb=w9ewP^GRDHA)BmAoDj`YaIqqLA4soDMV zs5^mQOgCYDcTRZYXx|^JA^Y{!leSxxu5*Q&lh8FQ5E}xM_|uxf5KqMR`47?!Z!%sT z=@y=>(i*a266D2lhZGdD8(os@vg9`>fii^#11hV`zrg@`SA~<{ zwV?VIYMfBo^@FkRipA!jkI|^@b|0eon`1ceyE^%-7gqVKcu6ASo`%<*HAJx zY_QF(PqjU5Is{M$F05+NNBhLZEET>WX7GSp$k5_)3pz$6Hj7%sZawF@t8ry{mej^6 zK(7>dacOve6vZ2rUkXY5bujpJh7KeblDgB@;H{+CNG;M;f98O3;E3N<B{@AA5tcuF zRB~l58}r~n92l}od8tdN=7kLpVG)`}RN`&g?;itA8_h&wT)d8NRmu^muxJEAKz#<_ zKKi5RR20%^>koecjeuRQH0D+!)aQ?&7msw9Zra}i4Lhg({vpLu35z7xurw+WdwKIU z{SCOmPy%o0mixztl7Z|kDnFeu8`fXM6(LB6F3lUvk*6uesO(Gk3WN6*#9+K4cTYxr zlYkAV>a2DpH@q`Me7N^S=}wEeT$jNZpY1QVI<`qyDq`T{&@(Z|NA6%;G2*E{z3Re; zXb0WRQ;&pcJti3@S+Zgi27?ccS3epLt87+67vKc)f*eLxZF~~y-EuLNz zW_|Kt;`7He$aj)QR9X}t9)0*cVIkJvk3FRpyV6xHm)8~`XgZthH_#L&j z`m{dvu_u}o^O)84A(6uSBIKj@cRV@hcV~o|+3ync^-LgphxPjUY2ouGfvP@Z*dP#@ znx#dz+GEEWu$^SgUBEoJ!vNYJ9lE33h{ z?ndKwh^@8}+WS{DJ8y1yjuiUwJ?pKly<$Y8cWRa^ zhV?E)_#05Ld4(7Wy%&x2Wbm|@U?jZY4r-T4Xi+AeF?i2daU1ZK`lIt|IU<&O)X{^1 z1n*zIiHbaeZa11w6u{3a{DfAAON1#da^qo5-&yjIwxutf0|8)#XD^;Kr}rq?a# zyz|}oL|nMy%RD44!)b-vpotMfG@w$x6S(b_UfQd_!2t6>X0}w+YtGj=lvZfD>3YmQ z|3h%UYrlz*axO{D7Wf zgjO7Sb)57Gz4KtAyL*DVLelKeHP6!Mt3YC-L$HbwR7#3kRtl(SK9xkM?N7oKKG{+w z;4wz)SlCCn#~X>8glGHl#-!;Oidi(fUckfi=QfIP^b3gRVnlbPSimt+ZX*WYe~G)9 z36!LDA*Io@HCxY?^IKmhD5k$~M#4KGIgY&`D5|6aJyjr&WEVL1wiy?@vO^?jL(HmM zDx1Rvp;iECo}o*rjWH>NM46F%ATeGy=v!WotY4*jPM)F^smP^kZ_v2##g!4>e?bIL zNZwWt;cOwuB4O&P8|LjP6>s1$J6!CAiPg8yie%VtVD8^zCYKIFq6?^))Ws zfeD36)%=xND&2Hoz0J5nhQu&*A!%jObg+gRnlfiR2?C9w#BvAmO7u{IG;xc8aA!z(x^+Ugl(0{d-B|R7Z8veiA#w5}RjHrUP`3liBgnoDa99zk zg#eT;NUK2gHDoQ2$S|9F!fwDz3fml822lbm90&m5DOXXGS1ClmimMvm&ls4i8h=X5 zTuqUA4XB^nvm8D|Yw<~=JB8AtSf$$1qCv&`kKSt9OVgRGsBD~vMkdhe3vCSrOve;(pBEcRjPs{%7 z+PR9hBKC#Uzp>ogF5`ywoqc?m&$XmxQ`*9_)}_zb=F3H_le@NwID-O8(F%||>qixa z0o5K-9Z-w%haz=gV!;(pGGy0!m<$#Ru#e=1R*hu|6T_j8_NPLjo_@WJ42Q!L*QfQU zDh(sXLW@;)MKU5rYxUd(Jd&M4#CU-Q8ogWFX57$sS5N0?xl3OZ_%Wq%gH&Dc5N3yv z-)g-xoR5j>)T23^F9azQzEo6bl1=vz|8=DHHc7)$!S{HHV`V<4mcXrrM(87uRo@;~ zN9;ruv9eEWeADA2*>+pI=vl>pOz)3$ie=^N5NBNO?usL~30gm{xP=nA^pWM1=M{n< zEl-bQiOI(<4p!$A46&_ld~)-*-+ip)Dl1($t8TUOO}%Dr{rR-p&l$Hpx!ef*a*L0P zO|t&OH)L0GoO~{Dho0UjzR05$^;WriJM0Ie_0xurn3o(6Gs<85QO1+^xy;3s1@($N za{3a_%^B7eZ;1Z3cEF@iMp=;PEPR{Mk1;RW5SF%&57IcNT0Dv{(=CKbE4 z$C{*a`G7Zu)n++UKij9>EFbE^%|4bRzLIUm@9Z&0FP%mAtd0t}=(J6SQ>GnInyb4O zU_psv;P*d|bn32J7gTGX+3(fQf+_S6aBRu&6`aF!UK7(?kC?j0<8wE zQ2!6M!Nx+N5(Bv0_s$Vz1r>jw1QPD}71$o%-l$RgkA)W__9RTx(iu9Cy5^sfpvFgnFam-X;jQ>%<5Z&#a{cx=|w&T~#MR+%{x^2BiKgx+ia{UB3>> zo{UG}C^M@-0>9?bbhOnvc&l|F$mm|>GXyARJ2}KxTC+3rN1@7=$kl~rU44-9(>8Sg zA5HLqG?1|p+=iLUNNb{< z&(Pp)=q|(coksUuMJJlms^6yfq7A1BFM3j0BAU2g$@4W1$8SygppW%1`49s|HW?3(2!DX$ariwAZ*(d{50<~J^;?RF(gnf3%=+c-EZdw0EqZMS zpU)saMB^7mdG)aBIR}xLx<4swKl6Nta0sQa@l3Q^^Z$@$SvxuBRx$liBU0G8T)*HJ zA$t__mwPp9L|GeYOGh%_UXg&m*0dhC$joiJzy)1rw1uim_5n+2F=28y4$jzTE+&SQ z7WiFG!4ZROvi>ay{xMqk)AqluMHRC2VFh*aQs3(X z*y79M5C2d*3qN%{gFf<s1swz+fV{U{hc6^B;tSeY5k`!=eNtaQScNp2Ww z9T9kE4$5UN3kUGT4_OM?nMKe2IjY0g?W?AycR$>i(y8>`d?dc>oqTUQ>|C%cNPy9$ zJ47R=%;kNKp{cAJt*_>$S+CKn&14B3(fe`{uC5$Sv_&>Q`r3AMEl@q_8WsWPFK(4i*n7 zVQ2!E>|be@t)&sjcd>EPk6u_D8A4|!{o?Bx`*<-^>Dq=G4MR6K*;enR#f+dXDsyqK z0rkA#;~ydervSCH7gATFfK(fId)fKNQ^hogkrOgmq;N?T!@e|4sJ0* zBvz#{{o*#;fht1*qe%_t_#~ybH^VH~IVbstN9_-55{WTKG^FY?NYF=9vK~JXPNM+%JSWCq>E+|%jO7fupobSxXrB*N^ zB`kv)$Wm^1OGc9Y$zpYd3CdA>TYCc3tL_P+=uVbVSwYj z`FxcX?hAZfUdD`f!@?+hF4-v=GdbV6K+Z?A8Crtw31bEjfUeYOIDbRbL}q4i+*nZv z^z~_(>6P%f>48Jt`EN0XOikr6aoam)%vl0|mL}Ut^G9=a_6z{^*3{63@%?ujn;|UW4m&Ub~Z^}ay+EbbjC^XLl=jWH;=4g~6*cvtzD z2W?S~bnYc=QxxKT6MVo5b?IJ|!}vSc;|xmE?~h0?hCW2+_zXvWBU|n)W4)Z~`<*i9 z_H>5v4O3+39gxOl-!pvXzA{mr(k~ZrU_&GBXyy4Hqkgq_O{LYnr4QzUUd(3;_Gc%; zi7yX3c{L353)lh(Guqe;ZhTzztXB*{#5@p(B)tc8CvxJ^Utwd|KCOeS-qdFgrQZsJ* z#v3(Wc^0Q7FBoV}wT)aIrzMl`@2e(e0>vCWUNPd+VS{QQD@~>MdhEf!_NFJ(Wx1AG z3ck#{1r`^u8uWYjr?>1WsyJ&$sOjb}9V;LA3^M6^IBg{GA@=5#&^O<6VA&~?dL?(= zhl2(h&qZ=|)_#MUKa{|FK(Rl0uaOvg^lkH5VNnvEO620qI58BCc<`S6!)1@Ec>#M3vtTo#Hz zjoXC!&~H7`*TUD5X{n@PC_>_WmDg_GAL=42miP>0cjf+&$TdPkt5j5El3{K2j7bMr zH4Rtr4R$w1M|9v?3gt*PXjTchRtWGVLa3D0WCbKMqzxg-Mx4*KI*@=Gsf`rDs3)1Y zCuf8r>7k=s9Y|=43C?Q--7VudxjvB_%cIM!SaF(Qq>l}KRcep7gtW2mD}QT ziWGlLDiy;U#2|`Ef0y@SRzG9jNiOdY%RP$0ZW#H|q^lDbHFrI&c6d^iHaYR`&@QFq zl#l3fT~rPSx`rXyqkjHo(blwthx`-G`?}ZCU;nG{`Q#ZLe%o#GsC{+1ZRGcz9eK%a zLswAf{@Rh=y0MLFH!~NWcx%~`g8M^SvqTR78;PgTdwZ|4Mi@GS8piBP^%q$Mt5Z_6 zw&jq~)pmiT%A>6k^oG8Jr{@}WC-v9g&j9TF#m{VhkJi&F2FhFMGU;d`cmFGAE5qR1 z?21}mBK_S5v-^lN&`ZKhz^vw0ugnyaq|>b@13`#}@1Q>s8aOEQ(swmk$Q@-m29U{8 zEho!K1}J(M(ti6S6*Xl}@`@5XC?EY|`&atIDDe%Jnnp=k9#D>9evdT5!lk)hDYRBx z(kC$WX|Fy)9xuYt@rN$8?dJVtAgIescHF(0?q&;mnLsbi(sQd+2zNtxo<4IofgCzo zzyCn|g9nwoLApGD{!t)%Zt?TTLfG{w`e)ckNyUCF*UM#DmPn`a4!*>AzAvcbo13?Mxd0?FY3h=IgK zI*n#aLY{rsVppC;QP{TT4Rz|lvOgx-Pywdnqde;kE1>Is`9_iRu9~6fr}{vlmn4+! zVk20z=*3O1I&y9;ehF0byN~d(pQ&Ok_pVgRcbk4SM5qL@uRR8Fx>u zvIYE6D(qHQiJBzW`j^B)bZe?mO6QRa%TJV)VocyI$?93odMf=Hjo;)z(&n!dYsao> z9p$V=3A7Tjp^6Sx6HDk>k3Z^C&8*&3iR7BE` zK6-BB<-fXkw+qqf9i9b@FOs%P|B(8*928V3C5|Fm3u;VF@EYale7YW`!ygG{P1?Y^ z5E=%9mj(P!0Kuc2w+-)F<#3ZnB^8WtZ&f)HM@aCyJH!sEe_A9oYiKZga5#(97-iFJ{QKco0?z`T1 z?cA*XYr{%!Ic|1Su3pqkVS$b}P|U-N3BgxGi#27kM1}QSch8dnKtE*2Z<9DHvzT`j zW606Oc7o!>2c0`DZY*{+F={A!EQ}c8R=aurZ-p#o;Kw6IUtOve3;>vA%ZwnfBbcDo zj!qw~=07r+I6!j}#SGjT;d>@qUW80y7J8*<__KWUid#;|Ei#HrBi(8gX|e*aO;5`{4&-?P z7e61-Wf;-kfs{lfW`|JFy=Z2qet9*BCsUyG)T@_F`u6*4;ZcC#sL7R}zuk?RDpPAJkSqtOf@c%bv?!11BA8LlCt( zjj!7T6AvXjCX-R&rzK=pE-u-roK36jZ+8^M_9Wenj)i1=!EaUTIt3 zuJvT?_Wb4hoKSkSf``d;m}k-KQXLdW=Qmx@CHLsO-MOW1HiO~E&L{3NrFK3L%G)7! z7-+S6 zUEbHIVxjKrzT2nuUBAc+7Uc0Be=}A)8CnD$i9lYZ`18H=AAH%*xYHc+&TRMbPKPst zFPM-sT3l%-&*dysw)WZy^M&Cpa1Rs*$>gy((lHf>g!0| zY1}Z>*8bSTV$;Ea_(bUa-W)$as$vgI9)abzd9{I-6=eay3HzRIZBfrQs2*jj2{hz4 zAKa|uVUoYi(mrzd)j{|R0^~5IkJ z$P$U_3f)IsK{nmd-@w9Bx-lybwehzeo-v$tB>H@ew%)mfM|1HV82&Uy2hG$)ce`za z4xeAKhELXgkrcgq#{nf{=0;I^$&vX^4a>2TN(!h5Z+3a}wkzJ&JQ5VgNPgj&TtP2P z8`53WuTz3*hUd(U6h&$--;M6dW$@inSxjTyD_}|zr_J-lt!%B;opNhwkI*iP4C0=(_5O=T<`i`PK%-SpUdzSws{ca3Ts$4*?6F3KcyhMHlZTgIAIwGc(zK zu&t22c6Scyy?hm`-#P*cvB(Hi%27o_U0gco(sZ!cQsRs+L*#mc-jV3`JP`e8U?Cp7 z=^F^253T9W7?OUVGLlxmP>o}ZC`F2pf-J~=3xZR>jCRz7|u_js0p0<4Cb%Hat39VPh zt-JyiD5wRSTYF5zMH)CA{kyE*dK_$Vjk;|`hJ9ioXdV!}KV_nskP&qNb0_r6Ki zs!Fe*7A7uYgk1>nI+gWgOG}T50Ib)D3!1l#*fS5n_qUQ-8XE45dUhr(LBXRD!pFVX z;J~xMm|9M~K=4hT?@<}NYcUj9&EYmTRz-D$v{3Y9NZWC|7Dxfv6uyX%LYKEb#P)FO zjRFw?E>s)t-B0-Om~gXTi-s!;c!xI=mNm(zK#_`))?c{EXg-FC<*`UtG4pv9hZ`YF zL4hjCsk(LiW!jP{oX<|-oL;=zjAxq#aLv03h9Z0Sg&wS64CynER z69Y2+sJYx*dYM=EcBB%koEHtQNpdig4K?5t9sgTM2zRYvJa^Meq6uf~i^C|Roq)E* z_644AR(hf*zQ zx+5;vIw_>Se{luF#t%if<9*7>Bp-$Nhqpd3_)&Jn0224yF4^X|S=4f}(&;K(HSSac z0~B}Cj1jcA_1KukTx#1T3MbHkem2@UK{G;$9S`%LY2$frB{$*b#^Pz)S* zY9>F+hzY2k{_~8?%4ChD@oWmg&O#>TlB9Vh5KSMf~9h=xNdEw5u1jZ)d| zWr!2or*v%X_a1omfK}Ui^RIx^Y^~#gFqZrVE6)Qlja6cie1C|ZR}}FrnG#^6Px*0M zP`)ToD{y^k;@)-LLP24>P;_<+HM1+uD(?U+Ja~}Qurz;ZGO)+2Sc_}#N#rf<4m7kP zKT&&cYUCS?ugB3%2(3?B^kAJBqp^5#QL%h2K2sFn%?}PD$c8@xM;y*CT{_h3j5G#0 z{E&2oR{zeexeJ+Ux8Wb~Nn$*g1S1bq*&XfLtG>Mtg#xjkMLqzs!<9VFsHCvQj6kWhOWGU3*x?$WsvWdCU7;}{b?o*B{}|5+bi&UCygr`FbMH!@_Br4-jozg|Of z8A0I5pvu}7>{*(7F^-nES@aU8-KnyNcq|448BRcJyoQtM3PAgtR>h=EDzW^zde};I zbtk-gbWl%m$Klu;=U&ENlydAj8TBE1`)0rKMbQi6MzE~rjzQSN-ozteEH{_W7J?T_ z?@jW*g952hx6Xv76dFZzd+1oF`zYy+LhNefH>=>YBJJQjbnJ%}?G~M=*m3&cw6##Y z9;Qf%Spgq8`2BeDRx8n8x**ADC(e| zMM5#0YHs=%C}dudK}x`VLS+9UAEx9sd7|%|DtCAE_8olLb7Oy~t9bQJmr&Ua zc}qmOB?&H86MY5!^rf@dp`qrR{l8~2CIgxbM;1eA;T9Vcg&LR6t0^-`Im#CpUBk9a zeT<}~XWw6Nw!I>>8WHZH{iLMsB%nE ztm_WZtbS16INL;q0q;Viu1~&kXiz$&@?**6+O0ugx?)T-$2eirhmwa^D(&@DznRGh zz)ThW=ilU&X}X>q}jwz5$VT_*tR3 zN}>^B^BOA?1cjMhC9bu&3^$M%u6!LnF6#awDIaEZNA>iG?MiI*?btSCLODz?itvkG z;pbB`HLV<<{shW*DA3?H#G7Pk$w=4Y(Sin*yMeA*B5l^a_ zEGXpjF3P-dyn~NuSQND2JS{WJZnL9&vg1nkum!MI69r6iKxFCHeH<92YHsz7ON>d# z7o|8b71D2-soX0dyl8eHgba8*Vp02yEFOO{8a-k-QX{CO^8x{}0TFOY$h~GV@B(~> z7>@DJ%VQ+-Z}#nfy?n7UFnA?o`UKJnEcZ*T*R_hmJA@`ALgj`@L-+8<-kYRO!T&Bu zS$v=tnN3a*1Y&r8q&i}ceoC8h(rBfwAh&fIfYD(A1k`dd43Q=P(~=q#Ja?I-Y*8}a zDKybW(*<@BWNUFKpjyAzJN@e#RrJ|exk11jDM#FkUL)RSM$iWhc+`nG$`^Af zg!!X2@CUy++7a(y|A$KMdCWt%LGzQ0d!AC?FH-mRP8GXe)l*4M&JU~39B!yMa;NY- zKG2t*fMQk*zd&hLMi7?D3tZ4_*0L?;0k3V+(|@j_p2sbTAOuMp(nr*IT*B}}2R8Zz zac@qd!a)qxr~mECd|H(NU2P~)UDx%7KEfsoY>jqKqGUr2s|~Tu&L^hdI&~Y{ve6{} zvbY-haSp+P_SUrw?JJ)HCe*RtYSKAI(+gK5L|Z)`SC0w{;eO?)yu7$me6vQHB}XNx zwdF3tbJqhCcUgOupH&fdKy8ThSLCx+>91P!op*D;@;_Ut!V5T`N8$6KY23odl-7h( zv3!So_UGg*hd!Zm37{9+I@>`c+5r%=-t|Y)d=Y=d&(_SFOY1N|29SnN54xl;GdBNG z%73l41Ut>lGg4D_R5>a62uf3FL1)Nne+v1@HfifiU+%vM{3c zX0$_tD78v0YT+?W%M3o@O(%hCT^q)z38s0<1FCxm#2$qX9K3(iKt7b7;GQ zqKL++u~`4e>y;?pO2{tr1_O~d2$}vlmnTD$D!F@y{aK%K5Bt(;EOXxWsl)|j-X>l0 z>xjBUVpSl>vmGAQV7MAvws_KLTIWLB7wskh-{ezJRnp++?(-sKzqYV z6HibpXnx?p%4Ep&y3lnynS!JJ#`FbsaMbMeZP`Y1e6<&g0-2o51gnKT`-2Bv!MTkX zc+Gtik!iitfv)cX;LrRnH5Gjiw()4^Z!wKJhXY~3kKRqNx57V5x4_*L?i{+|l+8d3 zxQHA9lqgn0v~oc6gz3lHrY^xLgy{?ZJ_T1#aV8Q-V`GW-HgM`WFggRHh6Wzjw5G_O6C+xk1+ZQoWh?J40>?QN+iB5~Oz7P)K+`URK za_uxzt?k>F(Q|_aqnpV*yXYI<_pdcVG2i+5%cOgvR_N2dr0M}~Zp1ZJ-%GtX{HV2D zL3)8Rs52N2?U&jezV}lVsV1J3I2+ZKkl91u^R=IVm|U#szr5|3pnNFG*?NW0^W>DR zo&o9V-O{08wFx7oUc%Fh#H74CPoCCd{u)AHmhKcA;&2ny;zH`8dymEwtp@i-^ofh& zOyR5YL0?SMI)am0rK>Am-I3`Tr<9QUJUe1Qa?9!)edA#sNUx^qfaFC#_4>#vMMvr6 zJb*a9jIA*anU7(^bxViT;BIvb-YgbT1Of5#DxvtLfE+Onhj>h^CGmY4$_Es;fT;rz zm_(tZ`DfO82|aYr?pQkCq^;VlZRJ~#0tM6+I`v*7kc8+(2k8UHC) zVAW9t`0?AES_QsO!u^ulhEtoTUVp6hDM(qmbF4X;WWRfp8c9sZq#K1hrde@gCJW(V zu^Sv8RYkEK+a|1Tq%exEr2Ia`0NErdYYem!$Oc`DZ;I*@YdLqfL^po=Zr2w;e{ar#I9b{hR z9EutL$RM{q{gOnzS~IyXAkBg-mC%E9X7l4#%WIO2>8SK2bm896O!{>_(lu5m>@V>0 z5oLa~>p=%dmuqPWa{iM)(vN_Qe|8!v->B7U6CXw{xoojofVo&)*C}lMy#Hn7?$#&A z95od%v6luHPL&@biNrKEx246S#dZm zq~7{_T58@j8L_!9HAVv7)1MlXfGY@b&5>F7WM+QvmEXtTQ_IFX?PZFp>Bw>I8p%HT zbPaC8$Z-y#dRY6Wbn$Th1EU78n*sXL;f_(`a{gqo)!gQg6VrlAn$rf8Km4eV-IiV* z;u4ywm`LzWRu~3&BkZ^|_oc`+$-%G_<(I84Pd`q~JX=`t@dn<vrPonSHX#z272qt=>4U$NLR(V^lW5GFDq`G$4yrGuU=twR&$)+*~|CN8w+E>h9o z!M?2JRi>URLGM%%+(~8`+eUNq#|t~lyuyn4C3?A+dgv9IUVCaA>vM(GTjrgJ+=-8H z{wpAol}hCG)El=(C2tI4a&kkW5>i{70|d=4v~F?_BS^X9+@_3%;m!wcS70<;QnLrW zwjvs7B)vO_PP#USc>Ex}z<_0W{F6YtNt@Odf|$Opg`0pps}3FAM^K4|Yas8Nu%1#)J{uXH|CggcTeT_U2tLox z+$TH6gsowZec+>M2xFu6_V&!duHgS1G%gF-3zp<@y+HAsjb0g7;Nqw7h0Ny%Pu#YD z>U?uNWEcUGIR(oNs7HVjG-u=zYmy~+c?}%qAT>7dRT=tASDd+fVlR@k>70f`F(!$# zMLd`g?hL2>D?>N;HY|Kc9@u=hv&pY&G&OT8?!c=@0G<(!s;ww(yfdkn@eq}19%hrI zE##BbaAWYT9<|N82a#bCeJB`&Umb*t!5{BAWV%dtAP(67ia5VKdfFcDb}*0V=IFSD zuf3305C$d1`zGC7y68m+9EMiBL!9q=;JkUSO@k3PCM@F@53Rznb1ube~Qt% zBobYNs*3NYbcLQPb*%JCK%EKOKl*&;sfCiT86Gc8D(Z?*A(rpx%XsBoH(`6$~P4X+^f*;l*1umHnF}3KvDRBsMno zS#4NdWfDjIOb4_UD;`CL+D??+zR-QHvH_hkuBx^|x@e)ASfAwEpEM4N$;p0Q@hX6% zZ!o8OQ2MuslT>hUKxMfDhEyg6&A;EIcJn0??)TJ({`3?u2G67e1m03KI`4VLFB($t z(OfZ_5_YzQHNkgmpDeLZuv67-UN*KbxuUQ=A-~kAU4U%~%+)W-)8FClE0^Q?crB=k z)kh5rB%>#v5e@Rxy5zI%yl$TJJlnD;_a zb2ssbW0AFS5Y+fL`|DaimfXT0XSE==M>;Zx0BnSroi$g^vsxuSYGOF;9Njj$mO0$U zfICP;5)2OAn7UHN01TE717Tv#lE-8$AxOGAZ^>}SwPe(}l#Bzsr$cNmDhZz6rgYC` z#4MyG`oWYAr&iIcCdYHPY{2A+wC2!|-#R(+%$LpYqUx9S0E~0=c$qc#WurT9WtmC5 zhX@vpv5~j>&2}DHi6(;xFkz|%vO5s&p}if*1(zjW7#Q7T}mSh{=fdy|9{81X?WWXn_=*_l@`3{VtlJ#P-86LXR)W2*N}X z^U?Y2X`}N1cbabd{bQI$f96CXa*OMT%T`Bd6yUYJht!qq-`!|#zddV2snWVxnJ{ig zg<-Tksbpku8i)4~Uw8J<}l7) zrayM7G)m&;kWMnLguJGWpxYeDUZ}zfJgTsL>0;_iVQEGjjO;X6ed_TZ7=XJ2>T2)#-R{`-e|d~1lB96NdGFT)Q6{yMO^K(%Xnx9eaLRW4Ir#c z&y=sWmcKJKr99X4fj-2Y^nAZrr8g?vWO^eR;H>`i@c!B>Y1GH1_qSm!xK%|oZP>9u za&d1_Nq5bVsEFTh5^np#r?PuD&6yRcsJM)5UP+Rss;H))R`Hi{RDotQMh`y!gzR=< zsNP81Z|=+cEw86EDdX)`K=|mm@ih^Un{F20jd8e=jfVI@Woq#otwF0C;rZ%el@=H8 z^Di_vxr*E?F01iD7DEqsP0}-lyyRDrbxT)NDJtXs1}s1R(oEkF)Y)~c9E{s>#Dkj)JU6PL0~5;~A{nE~C_hxuAOO>^^=Lr~3y ztAsVODqM1=1B0~ICpYAHz=yX#uO}ZHLK_M}0DQCBlRk)F5fxGSv+mi!$=0;bVbqNN zha1Bh`!hE?UjnS9P}x1Xi%s@2{I&cCReG1{{)=J)WD|m+X8DpCLV6TPi9&JH3V7@^)XHe(ZI2Le{_THhr(2tEfoH zA3OFWe%)ADQdHmb-n6jJF-a)f`eLHx^9)_=C1)_#*veC!H#^RR=OS`&494`eNr z_k2HQFPss%_?gDks3*c@#MS=-WxfE=Ux>BMMBRyRO*kg};gZeeo^ma!RlJ?@>kSp5>^+_bGdlQUiy+XcqqFj*l*Qx1oi-;u=wHEr*vg|3CtjQ} zdm!>g1DHgIP-^4SZ>^z&?O$PB)l+4FI97|Zea3h{8DJTwsHxtwa=^0i^K!m!eW4!h zUH1^xFFbkrI!I@QNcU&U2`Hm;=MV#LJd8|Ef+|e0?f0Y-Ykh~2NbWLlPIvf{H89>6 z4~ONe?5kGx;?h2XWTfYc5~vVriwkRPy3=4AWGq;Tlt}Pw9Ybmgmbz_6bF(qjE9{8z z*Jr|{ojuF>wE%==CTARtvP7F!!U{{v+iyHa{hoiCF!k#3kkR#(rzB_q)$AtFB^Jpv z_HR5S1OkK&MYcDWyNhD)zf7`>4uE<$IBTV(k9Mrc*HLydm-TEpV?D0&zsZlaKGL&S z7Z!R`dS2)amtKqSe$6sA7Yvp2oJfsY`wx>|8L-+y>yb&-%e6_2)=BQ~g_AOf5%TA9 zz*lO$nL!VAzktenfrHM{BZ!Fylh80fzw&rmbK3*3amm&A#lPFre$)idYVj^(En5~K zBgVhyVC0Y_b?vd_HcQVtUe$HT=v!c?5Q`oG=lu6IwzfuOW$lQ5&`Rx!H0q%CMjDMg zpSD=JY$VmM9C0L6wg_uEj^z%9Ifx&`8FKd7b7Ab_zI4VFxi)MwtT2*VY#5SU3{lrR z(EZlI>;YTPv$(D=YL~fk#feTetxMmh_rBn)+UE^2c%Jqkw6YP2Zg&m?P~>rvld#Xg z<=q+dhnvV73-BR^fAAg59n%ZB9y+tzf{a)5+k3Y>d9Gf;9eQqf((3x5kG;Zs@-+l^ zWCWh!&u?R{2M&YIR6M00a52(qN0!Udv^4FZKJ#K~TAx$PQf7kksCW&g`;i@%>v00> z649pS-7Ci^q<6ydd}3FhloUplJ6Ik^C)IQ8Q$8GFM0m#s zK{31tcthU=se5E?c@3!>9Q72b6s#1+*@>ria<9&iKz&p`&u$Co=J=e@e}BmLOkv%& zN$hXs_F+*<@2?vj+@PM;n#oV;HZG^-O&h~i7qwW-hWM`)Yh9ul9zK{rX{VI3Ty9tu z4C*P-;S4(!Yq_;iDYvnCIpMuaSByUP@cVhK+nlh?HiZT+eB%h0QdyQ4LW2SG&G3i4 zry9QpiXYgjEdgL8?yozzIF~fq@L4wKsN!Dt&}!Ac#f;MIkefpI$OAMP=DFD1;Q_3VJWaIb6G$H#jib zfLt!PFw<{FP3my^O%T5V!BOEo}bmAm;El`Cw+)T zZ|Yx*GDEz5$^HF9v&hm4e54zrQt^DJGb_IHT+9&lY+mA}qV}B8QhQs&U_P(V`Knvk zzDMWJ6-+W>(}+FUVWdOZbLskafxO`r2Cw%)SZQ;OfSTiEfhfM{`wwdWxuGAb7c);H z8G>Xq^Vy8^A>GUf~tmRu2_>O#H)Cjf}0j#Ndf3N04d~3;RL1r{tq^Zd; zz%u@H;F$3#Sdt9|lo9oMnUP-3l{$tRG!bRByz%rjLf!sXcXO7f=vgMTtFwqZIY~dK z#~$}7=#>tZ7o7alfz^t*O&wgCQDICR2?qlC5xiAM804^>`VFx%5nD3m5@&*z5IQjv zt>>sPKqn#Y1FX?5zo;ldA=q={Bvgjs^>;KQ$GS5umIw_IZJTAJbaQV&*y8#6Rb7Kn ztUa0I^J;=(mh;th`dv?CU*k72cDmpIA(WD^dpW4<6rusK6L(4AL(BNevqjUtWFtL! zsTB3hK+4pmfQ%ew5<3&baQY7qj!Ma41q$NB}%?7_voE&XLJ%BB$Dt^sMrTC_Mg7>0c{J(XH5YN;Wpj8F{vdyD z_;VVGX)km8;*b*e+0hfUeLh^N2Mq#scDU_O!#1GpZMPSOJk6hbP5?%XiYl1O0oJYd z>V91x?(hzqtWLypebjXsjhqu~eK>#kW7bG((TE5yC`o1xf__k3`LGrP8*9w8E9md_ zaC)gN<5WdKEKpLM8uEWI)FlB~jO=>wD}tX4ZmtY=4jEXYfWMt5OE<-V%s} ztVBz^a!?C3Pgz0$l|*N2TY%OCq9YCMJE-%g8%LSyKgP9cs#P3F!j-L!- zm*{K4jFsGtq8R&&JN?lRHKH7#k$09r;}vpLo|%-l2@ev8Wg3-E)L z0JF7-w7>5;^|z9JzGrdJS-LxP_6e{sxc2-+w^vOCdijw_PZf`Kim$2=#@I&GLnAO;?md6u?`;If_A~-H< z0ZC$2uLF9}9nV!`6NF2K+v|H5#Yyxm=#|E}SR--c8F;i2JE@v_w8!D*M2OY%*2LBR zk6yJmiaAn41Y5>wOPz58^?~#?q2$ZUc~5tQM?V}YREY0kd@Rgi1}VEK9piF^&GF)~ zrr05`We^-%_U)M_qz!WF=U)4-*j@JUnihlxORbXqcKx#gd<#j&3o?FM&V{xSDYB;Q zO&Kh?u3Tp(h6J!E>_+1x*9(;X*l~H}MSx%1>1_->siPl`C%qYNlzQLoq3G-3F?EM8 zy%1KnoG0`%P%m4Ei7mHgFbJ_$Q<=XJon%98nF@ z-5=o&pMPnl(;$AG!zWem53)3vYrG41yd64y+9 zM-g(s$(r+Sp6QJK(o=v*(N*{h%e87Sz%4#7T(uR-jr?8@+yv~&O?sexfSy2_YRUr~ z1STd-b`Tgcn07*NR{?3~x+{O7&F;n<2dV&)0@MGI&4g+m99_bPW$*-?IOqb5I|b>Z z25BJI0Xc0=?zZ0Kl4`U99Qb%(o&bs{EBDu&U8pB_D1Z$)m<1rAco^dBqy(K}^7Hmw zRE*!|c9DU;6!Xi~mEfGYUttGMYWGiS+lQLrkOhDMl9z&5R5=i4iQFkLuajZqQuE}- zkWA-H&1(WL z;udXqbJ=O9-_QS2#<(hLJ3zUd^2ok>3rACE@`UDZ>xCl^8?_7g`h(c0^|>Ok}vk3-5fhSq*Ecv-)XjUFp!5lLO=F_B@l&J=vqX z-zVB`SB}hM;cu#W2XsKWyYdhm!B?v~uPZEQWt&ZWtBLZuF>PX9gY~RGNY&d(2%quy LK6!%UiOc^tnK;Wy literal 0 HcmV?d00001 diff --git a/doc/source/installation_guide/latest/index.rst b/doc/source/installation_guide/latest/index.rst new file mode 100644 index 000000000..58d3fd0cd --- /dev/null +++ b/doc/source/installation_guide/latest/index.rst @@ -0,0 +1,288 @@ +============================== +Installation guide stx.2019.05 +============================== + +This is the installation guide for release stx.2019.05. If an installation +guide is needed for a previous release, review the +:doc:`installation guides for previous releases `. + +------------ +Introduction +------------ + +StarlingX may be installed in: + +- **Bare metal**: Real deployments of StarlingX are only supported on + physical servers. +- **Virtual environment**: It should only be used for evaluation or + development purposes. + +StarlingX installed in virtual environments has two options: + +- :doc:`Libvirt/QEMU ` +- VirtualBox + +------------ +Requirements +------------ + +Different use cases require different configurations. + +********** +Bare metal +********** + +The minimum requirements for the physical servers where StarlingX might +be deployed, include: + +- **Controller hosts** + + - Minimum processor is: + + - Dual-CPU Intel® Xeon® E5 26xx family (SandyBridge) 8 + cores/socket + + - Minimum memory: 64 GB + - Hard drives: + + - Primary hard drive, minimum 500 GB for OS and system databases. + - Secondary hard drive, minimum 500 GB for persistent VM storage. + + - 2 physical Ethernet interfaces: OAM and MGMT network. + - USB boot support. + - PXE boot support. + +- **Storage hosts** + + - Minimum processor is: + + - Dual-CPU Intel® Xeon® E5 26xx family (SandyBridge) 8 + cores/socket. + + - Minimum memory: 64 GB. + - Hard drives: + + - Primary hard drive, minimum 500 GB for OS. + - 1 or more additional hard drives for CEPH OSD storage, and + - Optionally 1 or more SSD or NVMe drives for CEPH journals. + + - 1 physical Ethernet interface: MGMT network + - PXE boot support. + +- **Compute hosts** + + - Minimum processor is: + + - Dual-CPU Intel® Xeon® E5 26xx family (SandyBridge) 8 + cores/socket. + + - Minimum memory: 32 GB. + - Hard drives: + + - Primary hard drive, minimum 500 GB for OS. + - 1 or more additional hard drives for ephemeral VM storage. + + - 2 or more physical Ethernet interfaces: MGMT network and 1 or more + provider networks. + - PXE boot support. + +- **All-In-One Simplex or Duplex, controller + compute hosts** + + - Minimum processor is: + + - Typical hardware form factor: + + - Dual-CPU Intel® Xeon® E5 26xx family (SandyBridge) 8 cores/socket + - Low cost / low power hardware form factor + + - Single-CPU Intel Xeon D-15xx family, 8 cores + + - Minimum memory: 64 GB. + - Hard drives: + + - Primary hard drive, minimum 500 GB SDD or NVMe. + - 0 or more 500 GB disks (min. 10K RPM). + + - Network ports: + + **NOTE:** Duplex and Simplex configurations require one or more data + ports. + The Duplex configuration requires a management port. + + - Management: 10GE (Duplex only) + - OAM: 10GE + - Data: n x 10GE + +The recommended minimum requirements for the physical servers are +described later in each StarlingX deployment guide. + +^^^^^^^^^^^^^^^^^^^^^^^^ +NVMe drive as boot drive +^^^^^^^^^^^^^^^^^^^^^^^^ + +To use a Non-Volatile Memory Express (NVMe) drive as the boot drive for any of +your nodes, you must configure your host and adjust kernel parameters during +installation: + +- Configure the host to be in UEFI mode. +- Edit the kernel boot parameter. After you are presented with the StarlingX + ISO boot options and after you have selected the preferred installation option + (e.g. Standard Configuration / All-in-One Controller Configuration), press the + TAB key to edit the kernel boot parameters. Modify the **boot_device** and + **rootfs_device** from the default **sda** so that it is the correct device + name for the NVMe drive (e.g. "nvme0n1"). + + :: + + vmlinuz rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot + inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=nvme0n1 + rootfs_device=nvme0n1 biosdevname=0 usbcore.autosuspend=-1 inst.gpt + security_profile=standard user_namespace.enable=1 initrd=initrd.img + + +******************* +Virtual environment +******************* + +The recommended minimum requirements for the workstation, hosting the +virtual machine(s) where StarlingX will be deployed, include: + +^^^^^^^^^^^^^^^^^^^^^ +Hardware requirements +^^^^^^^^^^^^^^^^^^^^^ + +A workstation computer with: + +- Processor: x86_64 only supported architecture with BIOS enabled + hardware virtualization extensions +- Cores: 8 (4 with careful monitoring of cpu load) +- Memory: At least 32GB RAM +- Hard Disk: 500GB HDD +- Network: Two network adapters with active Internet connection + +^^^^^^^^^^^^^^^^^^^^^ +Software requirements +^^^^^^^^^^^^^^^^^^^^^ + +A workstation computer with: + +- Operating System: Freshly installed Ubuntu 16.04 LTS 64-bit +- Proxy settings configured (if applies) +- Git +- KVM/VirtManager +- Libvirt library +- QEMU full-system emulation binaries +- stx-tools project +- StarlingX ISO image + +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Deployment environment setup +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This section describes how to set up the workstation computer which will +host the virtual machine(s) where StarlingX will be deployed. + +'''''''''''''''''''''''''''''' +Updating your operating system +'''''''''''''''''''''''''''''' + +Before proceeding with the build, ensure your OS is up to date. You’ll +first need to update the local database list of available packages: + +:: + + $ sudo apt-get update + +''''''''''''''''''''''''' +Install stx-tools project +''''''''''''''''''''''''' + +Clone the stx-tools project. Usually you’ll want to clone it under your +user’s home directory. + +:: + + $ cd $HOME + $ git clone https://git.starlingx.io/stx-tools + + +'''''''''''''''''''''''''''''''''''''''' +Installing requirements and dependencies +'''''''''''''''''''''''''''''''''''''''' + +Navigate to the stx-tools installation libvirt directory: + +:: + + $ cd $HOME/stx-tools/deployment/libvirt/ + + +Install the required packages: + +:: + + $ bash install_packages.sh + + +'''''''''''''''''' +Disabling firewall +'''''''''''''''''' + +Unload firewall and disable firewall on boot: + +:: + + $ sudo ufw disable + Firewall stopped and disabled on system startup + $ sudo ufw status + Status: inactive + + +------------------------------- +Getting the StarlingX ISO image +------------------------------- + +Follow the instructions from the :doc:`/developer_guide/2018_10/index` to build a +StarlingX ISO image. + +********** +Bare metal +********** + +A bootable USB flash drive containing StarlingX ISO image. + + +******************* +Virtual environment +******************* + +Copy the StarlingX ISO Image to the stx-tools deployment libvirt project +directory: + +:: + + $ cp $HOME/stx-tools/deployment/libvirt/ + + +------------------ +Deployment options +------------------ + +- Standard controller + + - :doc:`StarlingX Cloud with Dedicated Storage ` + - :doc:`StarlingX Cloud with Controller Storage ` + +- All-in-one + + - :doc:`StarlingX Cloud Duplex ` + - :doc:`StarlingX Cloud Simplex ` + +.. toctree:: + :hidden: + + installation_libvirt_qemu + controller_storage + dedicated_storage + duplex + simplex diff --git a/doc/source/installation_guide/installation_libvirt_qemu.rst b/doc/source/installation_guide/latest/installation_libvirt_qemu.rst similarity index 72% rename from doc/source/installation_guide/installation_libvirt_qemu.rst rename to doc/source/installation_guide/latest/installation_libvirt_qemu.rst index 9b4553462..84e02c3b9 100644 --- a/doc/source/installation_guide/installation_libvirt_qemu.rst +++ b/doc/source/installation_guide/latest/installation_libvirt_qemu.rst @@ -1,13 +1,11 @@ -.. _Installation-libvirt-qemu: +===================================== +Installation libvirt qemu stx.2019.05 +===================================== -========================= -Installation libvirt qemu -========================= - -Installation for StarlingX using Libvirt/QEMU virtualization. +Installation for StarlingX stx.2019.05 using Libvirt/QEMU virtualization. --------------------- -Hardware Requirements +Hardware requirements --------------------- A workstation computer with: @@ -15,28 +13,27 @@ A workstation computer with: - Processor: x86_64 only supported architecture with BIOS enabled hardware virtualization extensions - Memory: At least 32GB RAM -- Hard Disk: 500GB HDD +- Hard disk: 500GB HDD - Network: One network adapter with active Internet connection --------------------- -Software Requirements +Software requirements --------------------- A workstation computer with: -- Operating System: This process is known to work on Ubuntu 16.04 and - is likely to work on other Linux OS's with some appropriate - adjustments. +- Operating system: This process is known to work on Ubuntu 16.04 and + is likely to work on other Linux OS's with some appropriate adjustments. - Proxy settings configured (if applies) - Git - KVM/VirtManager -- Libvirt Library -- QEMU Full System Emulation Binaries +- Libvirt library +- QEMU full-system emulation binaries - stx-tools project -- StarlingX ISO Image +- StarlingX ISO image ---------------------------- -Deployment Environment Setup +Deployment environment setup ---------------------------- ************* @@ -76,7 +73,7 @@ This rc file shows the defaults baked into the scripts: ************************* -Install stx-tools Project +Install stx-tools project ************************* Clone the stx-tools project into a working directory. @@ -102,7 +99,7 @@ If you created a configuration, load it from stxcloud.rc: **************************************** -Installing Requirements and Dependencies +Installing requirements and dependencies **************************************** Install the required packages and configure QEMU. This only needs to be @@ -115,7 +112,7 @@ time): ****************** -Disabling Firewall +Disabling firewall ****************** Unload firewall and disable firewall on boot: @@ -127,7 +124,7 @@ Unload firewall and disable firewall on boot: ****************** -Configure Networks +Configure networks ****************** Configure the network bridges using setup_network.sh before doing @@ -148,11 +145,11 @@ There is also a script cleanup_network.sh that will remove networking configuration from libvirt. ********************* -Configure Controllers +Configure controllers ********************* -One script exists for building different StarlingX cloud -configurations: setup_configuration.sh. +One script exists for building different StarlingX cloud configurations: +setup_configuration.sh. The script uses the cloud configuration with the -c option: @@ -193,15 +190,15 @@ Tear down the VMs using destroy_configuration.sh. Continue -------- -Pick up the installation in one of the existing guides at the -'Initializing Controller-0 step. +Pick up the installation in one of the existing guides at the initializing +controller-0 step. -- Standard Controller +- Standard controller - - :ref:`StarlingX Cloud with Dedicated Storage Virtual Environment ` - - :ref:`StarlingX Cloud with Controller Storage Virtual Environment ` + - :doc:`StarlingX Cloud with Dedicated Storage Virtual Environment ` + - :doc:`StarlingX Cloud with Controller Storage Virtual Environment ` - All-in-one - - :ref:`StarlingX Cloud Duplex Virtual Environment ` - - :ref:`StarlingX Cloud Simplex Virtual Environment ` + - :doc:`StarlingX Cloud Duplex Virtual Environment ` + - :doc:`StarlingX Cloud Simplex Virtual Environment ` diff --git a/doc/source/installation_guide/latest/simplex.rst b/doc/source/installation_guide/latest/simplex.rst new file mode 100644 index 000000000..d3ea0c826 --- /dev/null +++ b/doc/source/installation_guide/latest/simplex.rst @@ -0,0 +1,729 @@ +=============================================== +All-In-One Simplex deployment guide stx.2019.05 +=============================================== + +.. contents:: + :local: + :depth: 1 + +**NOTE:** The instructions to setup a StarlingX One Node Configuration +(AIO-SX) system with containerized openstack services in this guide +are under development. +For approved instructions, see the +`One Node Configuration wiki page `__. + +---------------------- +Deployment description +---------------------- + +The All-In-One Simplex (AIO-SX) deployment option provides all three cloud +gunctions (controller, compute, and storage) on a single physical server. With +these cloud functions, multiple application types can be deployed and +consolidated onto a single physical server. For example, with a AIO-SX +deployment you can: + +- Consolidate legacy applications that must run standalone on a server by using + multiple virtual machines on a single physical server. +- Consolidate legacy applications that run on different operating systems or + different distributions of operating systems by using multiple virtual + machines on a single physical server. + +Only a small amount of cloud processing / storage power is required with an +All-In-One Simplex deployment. + +.. figure:: figures/starlingx-deployment-options-simplex.png + :scale: 50% + :alt: All-In-One Simplex deployment configuration + + *All-In-One Simplex deployment configuration* + +An All-In-One Simplex deployment provides no protection against an overall +server hardware fault. Protection against overall server hardware fault is +either not required, or done at a higher level. Hardware component protection +could be enabled if, for example, an HW RAID or 2x Port LAG is used in the +deployment. + +-------------------------------------- +Preparing an All-In-One Simplex server +-------------------------------------- + +********** +Bare metal +********** + +Required Server: + +- Combined server (controller + compute): 1 + +^^^^^^^^^^^^^^^^^^^^^ +Hardware requirements +^^^^^^^^^^^^^^^^^^^^^ + +The recommended minimum requirements for the physical servers where +All-In-One Simplex will be deployed are: + +- Minimum processor: + + - Typical hardware form factor: + + - Dual-CPU Intel® Xeon® E5 26xx family (SandyBridge) 8 cores/socket + - Low cost / low power hardware form factor + + - Single-CPU Intel Xeon D-15xx family, 8 cores + +- Memory: 64 GB +- BIOS: + + - Hyper-Threading technology: Enabled + - Virtualization technology: Enabled + - VT for directed I/O: Enabled + - CPU power and performance policy: Performance + - CPU C state control: Disabled + - Plug & play BMC detection: Disabled + +- Primary disk: + + - 500 GB SDD or NVMe + +- Additional disks: + + - Zero or more 500 GB disks (min. 10K RPM) + +- Network ports + + **NOTE:** All-In-One Simplex configuration requires one or more data ports. + This configuration does not require a management port. + + - OAM: 10GE + - Data: n x 10GE + +******************* +Virtual environment +******************* + +Run the libvirt qemu setup scripts. Setting up virtualized OAM and +management networks: + +:: + + $ bash setup_network.sh + +Building XML for definition of virtual servers: + +:: + + $ bash setup_configuration.sh -c simplex -i + +The default XML server definition created by the previous script is: + +- simplex-controller-0 + +^^^^^^^^^^^^^^^^^^^^^^^^^ +Power up a virtual server +^^^^^^^^^^^^^^^^^^^^^^^^^ + +To power up the virtual server, run the following command: + +:: + + $ sudo virsh start + +e.g. + +:: + + $ sudo virsh start simplex-controller-0 + +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Access a virtual server console +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The XML for virtual servers in stx-tools repo, deployment/libvirt, +provides both graphical and text consoles. + +Access the graphical console in virt-manager by right-click on the +domain (the server) and selecting "Open". + +Access the textual console with the command "virsh console $DOMAIN", +where DOMAIN is the name of the server shown in virsh. + +When booting the controller-0 for the first time, both the serial and +graphical consoles will present the initial configuration menu for the +cluster. One can select serial or graphical console for controller-0. +For the other nodes however only serial is used, regardless of which +option is selected. + +Open the graphic console on all servers before powering them on to +observe the boot device selection and PXI boot progress. Run "virsh +console $DOMAIN" command promptly after power on to see the initial boot +sequence which follows the boot device selection. One has a few seconds +to do this. + +------------------------------ +Installing the controller host +------------------------------ + +Installing controller-0 involves initializing a host with software and +then applying a bootstrap configuration from the command line. The +configured bootstrapped host becomes controller-0. + +Procedure: + +#. Power on the server that will be controller-0 with the StarlingX ISO + on a USB in a bootable USB slot. +#. Configure the controller using the config_controller script. + +************************* +Initializing controller-0 +************************* + +This section describes how to initialize StarlingX in host controller-0. +Except where noted, all the commands must be executed from a console of +the host. + +Power on the host to be configured as controller-0, with the StarlingX +ISO on a USB in a bootable USB slot. Wait for the console to show the +StarlingX ISO booting options: + +- **All-in-one Controller Configuration** + + - When the installer is loaded and the installer welcome screen + appears in the controller-0 host, select the type of installation + "All-in-one Controller Configuration". + +- **Graphical Console** + + - Select the "Graphical Console" as the console to use during + installation. + +- **Standard Security Boot Profile** + + - Select "Standard Security Boot Profile" as the Security Profile. + +Monitor the initialization. When it is complete, a reboot is initiated +on the controller-0 host, briefly displays a GNU GRUB screen, and then +boots automatically into the StarlingX image. + +Log into controller-0 as user wrsroot, with password wrsroot. The +first time you log in as wrsroot, you are required to change your +password. Enter the current password (wrsroot): + +:: + + Changing password for wrsroot. + (current) UNIX Password: + + +Enter a new password for the wrsroot account: + +:: + + New password: + +Enter the new password again to confirm it: + +:: + + Retype new password: + +controller-0 is initialized with StarlingX, and is ready for configuration. + +************************ +Configuring controller-0 +************************ + +This section describes how to perform the controller-0 configuration +interactively just to bootstrap system with minimum critical data. +Except where noted, all the commands must be executed from the console +of the active controller (here assumed to be controller-0). + +When run interactively, the config_controller script presents a series +of prompts for initial configuration of StarlingX: + +- For the virtual environment, you can accept all the default values + immediately after ‘system date and time’. +- For a physical deployment, answer the bootstrap configuration + questions with answers applicable to your particular physical setup. + +The script is used to configure the first controller in the StarlingX +cluster as controller-0. The prompts are grouped by configuration +area. To start the script interactively, use the following command +with no parameters: + +:: + + controller-0:~$ sudo config_controller + System Configuration + ================ + Enter ! at any prompt to abort... + ... + +Select [y] for System date and time: + +:: + + System date and time: + ----------------------------- + + Is the current date and time correct? [y/N]: y + +For System mode choose "simplex": + +:: + + ... + 1) duplex-direct: two node-redundant configuration. Management and + infrastructure networks are directly connected to peer ports + 2) duplex - two node redundant configuration + 3) simplex - single node non-redundant configuration + System mode [duplex-direct]: 3 + +After System date and time and System mode: + +:: + + Applying configuration (this will take several minutes): + + 01/08: Creating bootstrap configuration ... DONE + 02/08: Applying bootstrap manifest ... DONE + 03/08: Persisting local configuration ... DONE + 04/08: Populating initial system inventory ... DONE + 05:08: Creating system configuration ... DONE + 06:08: Applying controller manifest ... DONE + 07:08: Finalize controller configuration ... DONE + 08:08: Waiting for service activation ... DONE + + Configuration was applied + + Please complete any out of service commissioning steps with system + commands and unlock controller to proceed. + +After config_controller bootstrap configuration, REST API, CLI and +Horizon interfaces are enabled on the controller-0 OAM IP address. The +remaining installation instructions will use the CLI. + +-------------------------------- +Provisioning the controller host +-------------------------------- + +On controller-0, acquire Keystone administrative privileges: + +:: + + controller-0:~$ source /etc/nova/openrc + +********************************************* +Configuring provider networks at installation +********************************************* + +Set up one provider network of the vlan type, named providernet-a: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ neutron providernet-create providernet-a --type=vlan + [wrsroot@controller-0 ~(keystone_admin)]$ neutron providernet-range-create --name providernet-a-range1 --range 100-400 providernet-a + +***************************************** +Providing data interfaces on controller-0 +***************************************** + +List all interfaces: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-if-list -a controller-0 + +--------------------------------------+---------+----------+...+------+--------------+------+---------+------------+.. + | uuid | name | class |...| vlan | ports | uses | used by | attributes |.. + | | | |...| id | | i/f | i/f | |.. + +--------------------------------------+----------+---------+...+------+--------------+------+---------+------------+.. + | 49fd8938-e76f-49f1-879e-83c431a9f1af | enp0s3 | platform |...| None | [u'enp0s3'] | [] | [] | MTU=1500 |.. + | 8957bb2c-fec3-4e5d-b4ed-78071f9f781c | eth1000 | None |...| None | [u'eth1000'] | [] | [] | MTU=1500 |.. + | bf6f4cad-1022-4dd7-962b-4d7c47d16d54 | eth1001 | None |...| None | [u'eth1001'] | [] | [] | MTU=1500 |.. + | f59b9469-7702-4b46-bad5-683b95f0a1cb | enp0s8 | platform |...| None | [u'enp0s8'] | [] | [] | MTU=1500 |.. + +--------------------------------------+---------+----------+...+------+--------------+------+---------+------------+.. + +Configure the data interfaces: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-if-modify -c data controller-0 eth1000 -p providernet-a + +------------------+--------------------------------------+ + | Property | Value | + +------------------+--------------------------------------+ + | ifname | eth1000 | + | iftype | ethernet | + | ports | [u'eth1000'] | + | providernetworks | providernet-a | + | imac | 08:00:27:c4:ad:3e | + | imtu | 1500 | + | ifclass | data | + | aemode | None | + | schedpolicy | None | + | txhashpolicy | None | + | uuid | 8957bb2c-fec3-4e5d-b4ed-78071f9f781c | + | ihost_uuid | 9c332b27-6f22-433b-bf51-396371ac4608 | + | vlan_id | None | + | uses | [] | + | used_by | [] | + | created_at | 2018-08-28T12:50:51.820151+00:00 | + | updated_at | 2018-08-28T14:46:18.333109+00:00 | + | sriov_numvfs | 0 | + | ipv4_mode | disabled | + | ipv6_mode | disabled | + | accelerated | [True] | + +------------------+--------------------------------------+ + +************************************* +Configuring Cinder on controller disk +************************************* + +Review the available disk space and capacity and obtain the uuid of the +physical disk: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-list controller-0 + +--------------------------------------+-----------+---------+---------+---------+------------+... + | uuid | device_no | device_ | device_ | size_mi | available_ |... + | | de | num | type | b | mib |... + +--------------------------------------+-----------+---------+---------+---------+------------+... + | 6b42c9dc-f7c0-42f1-a410-6576f5f069f1 | /dev/sda | 2048 | HDD | 600000 | 434072 |... + | | | | | | |... + | | | | | | |... + | 534352d8-fec2-4ca5-bda7-0e0abe5a8e17 | /dev/sdb | 2064 | HDD | 16240 | 16237 |... + | | | | | | |... + | | | | | | |... + | 146195b2-f3d7-42f9-935d-057a53736929 | /dev/sdc | 2080 | HDD | 16240 | 16237 |... + | | | | | | |... + | | | | | | |... + +--------------------------------------+-----------+---------+---------+---------+------------+... + +Create the 'cinder-volumes' local volume group: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-lvg-add controller-0 cinder-volumes + +-----------------+--------------------------------------+ + | lvm_vg_name | cinder-volumes | + | vg_state | adding | + | uuid | 61cb5cd2-171e-4ef7-8228-915d3560cdc3 | + | ihost_uuid | 9c332b27-6f22-433b-bf51-396371ac4608 | + | lvm_vg_access | None | + | lvm_max_lv | 0 | + | lvm_cur_lv | 0 | + | lvm_max_pv | 0 | + | lvm_cur_pv | 0 | + | lvm_vg_size | 0.00 | + | lvm_vg_total_pe | 0 | + | lvm_vg_free_pe | 0 | + | created_at | 2018-08-28T13:45:20.218905+00:00 | + | updated_at | None | + | parameters | {u'lvm_type': u'thin'} | + +-----------------+--------------------------------------+ + +Create a disk partition to add to the volume group: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-partition-add controller-0 534352d8-fec2-4ca5-bda7-0e0abe5a8e17 16237 -t lvm_phys_vol + +-------------+--------------------------------------------------+ + | Property | Value | + +-------------+--------------------------------------------------+ + | device_path | /dev/disk/by-path/pci-0000:00:0d.0-ata-2.0-part1 | + | device_node | /dev/sdb1 | + | type_guid | ba5eba11-0000-1111-2222-000000000001 | + | type_name | None | + | start_mib | None | + | end_mib | None | + | size_mib | 16237 | + | uuid | 0494615f-bd79-4490-84b9-dcebbe5f377a | + | ihost_uuid | 9c332b27-6f22-433b-bf51-396371ac4608 | + | idisk_uuid | 534352d8-fec2-4ca5-bda7-0e0abe5a8e17 | + | ipv_uuid | None | + | status | Creating | + | created_at | 2018-08-28T13:45:48.512226+00:00 | + | updated_at | None | + +-------------+--------------------------------------------------+ + +Wait for the new partition to be created (i.e. status=Ready): + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-partition-list controller-0 --disk 534352d8-fec2-4ca5-bda7-0e0abe5a8e17 + +--------------------------------------+...+------------+...+---------------------+----------+--------+ + | uuid |...| device_nod |...| type_name | size_mib | status | + | |...| e |...| | | | + +--------------------------------------+...+------------+...+---------------------+----------+--------+ + | 0494615f-bd79-4490-84b9-dcebbe5f377a |...| /dev/sdb1 |...| LVM Physical Volume | 16237 | Ready | + | |...| |...| | | | + | |...| |...| | | | + +--------------------------------------+...+------------+...+---------------------+----------+--------+ + +Add the partition to the volume group: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-pv-add controller-0 cinder-volumes 0494615f-bd79-4490-84b9-dcebbe5f377a + +--------------------------+--------------------------------------------------+ + | Property | Value | + +--------------------------+--------------------------------------------------+ + | uuid | 9a0ad568-0ace-4d57-9e03-e7a63f609cf2 | + | pv_state | adding | + | pv_type | partition | + | disk_or_part_uuid | 0494615f-bd79-4490-84b9-dcebbe5f377a | + | disk_or_part_device_node | /dev/sdb1 | + | disk_or_part_device_path | /dev/disk/by-path/pci-0000:00:0d.0-ata-2.0-part1 | + | lvm_pv_name | /dev/sdb1 | + | lvm_vg_name | cinder-volumes | + | lvm_pv_uuid | None | + | lvm_pv_size | 0 | + | lvm_pe_total | 0 | + | lvm_pe_alloced | 0 | + | ihost_uuid | 9c332b27-6f22-433b-bf51-396371ac4608 | + | created_at | 2018-08-28T13:47:39.450763+00:00 | + | updated_at | None | + +--------------------------+--------------------------------------------------+ + +********************************************* +Adding an LVM storage backend at installation +********************************************* + +Ensure requirements are met to add LVM storage: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system storage-backend-add lvm -s cinder + + WARNING : THIS OPERATION IS NOT REVERSIBLE AND CANNOT BE CANCELLED. + + By confirming this operation, the LVM backend will be created. + + Please refer to the system admin guide for minimum spec for LVM + storage. Set the 'confirmed' field to execute this operation + for the lvm backend. + +Add the LVM storage backend: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system storage-backend-add lvm -s cinder --confirmed + + System configuration has changed. + Please follow the administrator guide to complete configuring the system. + + +--------------------------------------+------------+---------+-------------+...+----------+--------------+ + | uuid | name | backend | state |...| services | capabilities | + +--------------------------------------+------------+---------+-------------+...+----------+--------------+ + | 6d750a68-115a-4c26-adf4-58d6e358a00d | file-store | file | configured |...| glance | {} | + | e2697426-2d79-4a83-beb7-2eafa9ceaee5 | lvm-store | lvm | configuring |...| cinder | {} | + +--------------------------------------+------------+---------+-------------+...+----------+--------------+ + +Wait for the LVM storage backend to be configured (i.e. state=configured): + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system storage-backend-list + +--------------------------------------+------------+---------+------------+------+----------+--------------+ + | uuid | name | backend | state | task | services | capabilities | + +--------------------------------------+------------+---------+------------+------+----------+--------------+ + | 6d750a68-115a-4c26-adf4-58d6e358a00d | file-store | file | configured | None | glance | {} | + | e2697426-2d79-4a83-beb7-2eafa9ceaee5 | lvm-store | lvm | configured | None | cinder | {} | + +--------------------------------------+------------+---------+------------+------+----------+--------------+ + +*********************************************** +Configuring VM local storage on controller disk +*********************************************** + +Review the available disk space and capacity and obtain the uuid of the +physical disk: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-list controller-0 + +--------------------------------------+-----------+---------+---------+---------+------------+... + | uuid | device_no | device_ | device_ | size_mi | available_ |... + | | de | num | type | b | mib |... + +--------------------------------------+-----------+---------+---------+---------+------------+... + | 6b42c9dc-f7c0-42f1-a410-6576f5f069f1 | /dev/sda | 2048 | HDD | 600000 | 434072 |... + | | | | | | |... + | | | | | | |... + | 534352d8-fec2-4ca5-bda7-0e0abe5a8e17 | /dev/sdb | 2064 | HDD | 16240 | 0 |... + | | | | | | |... + | | | | | | |... + | 146195b2-f3d7-42f9-935d-057a53736929 | /dev/sdc | 2080 | HDD | 16240 | 16237 |... + | | | | | | |... + | | | | | | |... + +--------------------------------------+-----------+---------+---------+---------+------------+... + +Create the 'nova-local' volume group: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-lvg-add controller-0 nova-local + +-----------------+-------------------------------------------------------------------+ + | Property | Value | + +-----------------+-------------------------------------------------------------------+ + | lvm_vg_name | nova-local | + | vg_state | adding | + | uuid | 517d313e-8aa0-4b4d-92e6-774b9085f336 | + | ihost_uuid | 9c332b27-6f22-433b-bf51-396371ac4608 | + | lvm_vg_access | None | + | lvm_max_lv | 0 | + | lvm_cur_lv | 0 | + | lvm_max_pv | 0 | + | lvm_cur_pv | 0 | + | lvm_vg_size | 0.00 | + | lvm_vg_total_pe | 0 | + | lvm_vg_free_pe | 0 | + | created_at | 2018-08-28T14:02:58.486716+00:00 | + | updated_at | None | + | parameters | {u'concurrent_disk_operations': 2, u'instance_backing': u'image'} | + +-----------------+-------------------------------------------------------------------+ + +Create a disk partition to add to the volume group: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-partition-add controller-0 146195b2-f3d7-42f9-935d-057a53736929 16237 -t lvm_phys_vol + +-------------+--------------------------------------------------+ + | Property | Value | + +-------------+--------------------------------------------------+ + | device_path | /dev/disk/by-path/pci-0000:00:0d.0-ata-3.0-part1 | + | device_node | /dev/sdc1 | + | type_guid | ba5eba11-0000-1111-2222-000000000001 | + | type_name | None | + | start_mib | None | + | end_mib | None | + | size_mib | 16237 | + | uuid | 009ce3b1-ed07-46e9-9560-9d2371676748 | + | ihost_uuid | 9c332b27-6f22-433b-bf51-396371ac4608 | + | idisk_uuid | 146195b2-f3d7-42f9-935d-057a53736929 | + | ipv_uuid | None | + | status | Creating | + | created_at | 2018-08-28T14:04:29.714030+00:00 | + | updated_at | None | + +-------------+--------------------------------------------------+ + +Wait for the new partition to be created (i.e. status=Ready): + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-disk-partition-list controller-0 --disk 146195b2-f3d7-42f9-935d-057a53736929 + +--------------------------------------+...+------------+...+---------------------+----------+--------+ + | uuid |...| device_nod |...| type_name | size_mib | status | + | |...| e |...| | | | + +--------------------------------------+...+------------+...+---------------------+----------+--------+ + | 009ce3b1-ed07-46e9-9560-9d2371676748 |...| /dev/sdc1 |...| LVM Physical Volume | 16237 | Ready | + | |...| |...| | | | + | |...| |...| | | | + +--------------------------------------+...+------------+...+---------------------+----------+--------+ + +Add the partition to the volume group: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-pv-add controller-0 nova-local 009ce3b1-ed07-46e9-9560-9d2371676748 + +--------------------------+--------------------------------------------------+ + | Property | Value | + +--------------------------+--------------------------------------------------+ + | uuid | 830c9dc8-c71a-4cb2-83be-c4d955ef4f6b | + | pv_state | adding | + | pv_type | partition | + | disk_or_part_uuid | 009ce3b1-ed07-46e9-9560-9d2371676748 | + | disk_or_part_device_node | /dev/sdc1 | + | disk_or_part_device_path | /dev/disk/by-path/pci-0000:00:0d.0-ata-3.0-part1 | + | lvm_pv_name | /dev/sdc1 | + | lvm_vg_name | nova-local | + | lvm_pv_uuid | None | + | lvm_pv_size | 0 | + | lvm_pe_total | 0 | + | lvm_pe_alloced | 0 | + | ihost_uuid | 9c332b27-6f22-433b-bf51-396371ac4608 | + | created_at | 2018-08-28T14:06:05.705546+00:00 | + | updated_at | None | + +--------------------------+--------------------------------------------------+ + +********************** +Unlocking controller-0 +********************** + +You must unlock controller-0 so that you can use it to install +controller-1. Use the system host-unlock command: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-unlock controller-0 + +The host is rebooted. During the reboot, the command line is +unavailable, and any ssh connections are dropped. To monitor the +progress of the reboot, use the controller-0 console. + +**************************************** +Verifying the controller-0 configuration +**************************************** + +On controller-0, acquire Keystone administrative privileges: + +:: + + controller-0:~$ source /etc/nova/openrc + +Verify that the controller-0 services are running: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system service-list + +-----+-------------------------------+--------------+----------------+ + | id | service_name | hostname | state | + +-----+-------------------------------+--------------+----------------+ + ... + | 1 | oam-ip | controller-0 | enabled-active | + | 2 | management-ip | controller-0 | enabled-active | + ... + +-----+-------------------------------+--------------+----------------+ + +Verify that controller-0 has controller and compute subfunctions: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-show 1 | grep subfunctions + | subfunctions | controller,compute | + +Verify that controller-0 is unlocked, enabled, and available: + +:: + + [wrsroot@controller-0 ~(keystone_admin)]$ system host-list + +----+--------------+-------------+----------------+-------------+--------------+ + | id | hostname | personality | administrative | operational | availability | + +----+--------------+-------------+----------------+-------------+--------------+ + | 1 | controller-0 | controller | unlocked | enabled | available | + +----+--------------+-------------+----------------+-------------+--------------+ + +***************** +System alarm list +***************** + +When all nodes are unlocked, enabled, and available: check 'fm alarm-list' for +issues. + +Your StarlingX deployment is now up and running with one controller with Cinder +storage and all OpenStack services up and running. You can now proceed with +standard OpenStack APIs, CLIs and/or Horizon to load Glance images, configure +Nova Flavors, configure Neutron networks and launch Nova virtual machines. + +---------------------- +Deployment terminology +---------------------- + +.. include:: deployment_terminology.rst + :start-after: incl-simplex-deployment-terminology: + :end-before: incl-simplex-deployment-terminology-end: + +.. include:: deployment_terminology.rst + :start-after: incl-standard-controller-deployment-terminology: + :end-before: incl-standard-controller-deployment-terminology-end: + +.. include:: deployment_terminology.rst + :start-after: incl-common-deployment-terminology: + :end-before: incl-common-deployment-terminology-end: