From 5ef3f3e43a04e7874c20dc4c7e2b915e868b6c4f Mon Sep 17 00:00:00 2001 From: Houssem Dellai Date: Fri, 1 Mar 2024 11:52:28 +0100 Subject: [PATCH] 85 log analytics private ingestion works --- .../dce-prometheus.tf | 14 -- .../dcr-prometheus.tf | 35 --- .../grafana.tf | 48 ---- .../prometheus.tf | 224 ------------------ .../resource_group.tf | 9 - .../variables.tf | 29 --- .../terraform_modules/manifest.json | 0 .../Readme.md | 0 .../aks.tf | 8 +- .../ampls.tf | 6 +- 87_log_analytics_ampls/bastion.tf | 25 ++ 87_log_analytics_ampls/commands.ps1 | 58 +++++ .../commands.sh | 0 .../container-azm-ms-agentconfig.yaml | 0 87_log_analytics_ampls/counter-pod.yaml | 9 + .../dce-log_analytics.tf | 4 +- .../dcr-log_analytics.tf | 4 +- 87_log_analytics_ampls/diagnostic_setting.tf | 42 ++++ .../85_prometheus_grafana__architecture.png | Bin .../log_analytics.tf | 6 +- 87_log_analytics_ampls/output.tf | 7 + .../pe-ampls.tf | 6 +- .../providers.tf | 11 +- 87_log_analytics_ampls/rg.tf | 10 + 87_log_analytics_ampls/variables.tf | 3 + .../vnet.tf | 11 +- 87_log_analytics_ampls/windows-vm.tf | 40 ++++ .../terraform_modules/manifest.json | 1 + 88_prometheus_grafana_ampls/Readme.md | 42 ++++ 88_prometheus_grafana_ampls/aks.tf | 43 ++++ 88_prometheus_grafana_ampls/aks_identity.tf | 26 ++ .../ama-metrics-settings-configmap.yaml | 0 88_prometheus_grafana_ampls/ampls.tf | 33 +++ 88_prometheus_grafana_ampls/bastion.tf | 25 ++ .../commands.ps1 | 0 88_prometheus_grafana_ampls/commands.sh | 7 + .../container-azm-ms-agentconfig.yaml | 211 +++++++++++++++++ .../dce-log_analytics.tf | 14 ++ 88_prometheus_grafana_ampls/dce-prometheus.tf | 14 ++ .../dcr-log_analytics.tf | 59 +++++ 88_prometheus_grafana_ampls/dcr-prometheus.tf | 35 +++ .../deploy-svc-ingress.yaml | 0 .../diagnostic_setting.tf | 2 +- 88_prometheus_grafana_ampls/grafana.tf | 48 ++++ .../85_prometheus_grafana__architecture.png | Bin 0 -> 190684 bytes .../import_grafafana_dashboard.tf | 0 88_prometheus_grafana_ampls/log_analytics.tf | 22 ++ 88_prometheus_grafana_ampls/logger-pod.yaml | 9 + .../nginx.tf | 0 .../output.tf | 0 88_prometheus_grafana_ampls/pe-ampls.tf | 42 ++++ 88_prometheus_grafana_ampls/prometheus.tf | 224 ++++++++++++++++++ 88_prometheus_grafana_ampls/providers.tf | 25 ++ 88_prometheus_grafana_ampls/rg.tf | 10 + 88_prometheus_grafana_ampls/variables.tf | 3 + 88_prometheus_grafana_ampls/vnet.tf | 29 +++ .../windows-vm.tf | 35 ++- 57 files changed, 1169 insertions(+), 399 deletions(-) delete mode 100644 85_prometheus_grafana_private_endpoint/dce-prometheus.tf delete mode 100644 85_prometheus_grafana_private_endpoint/dcr-prometheus.tf delete mode 100644 85_prometheus_grafana_private_endpoint/grafana.tf delete mode 100644 85_prometheus_grafana_private_endpoint/prometheus.tf delete mode 100644 85_prometheus_grafana_private_endpoint/resource_group.tf delete mode 100644 85_prometheus_grafana_private_endpoint/variables.tf rename {85_prometheus_grafana_private_endpoint => 87_log_analytics_ampls}/.infracost/terraform_modules/manifest.json (100%) rename {85_prometheus_grafana_private_endpoint => 87_log_analytics_ampls}/Readme.md (100%) rename {85_prometheus_grafana_private_endpoint => 87_log_analytics_ampls}/aks.tf (81%) rename {85_prometheus_grafana_private_endpoint => 87_log_analytics_ampls}/ampls.tf (87%) create mode 100644 87_log_analytics_ampls/bastion.tf create mode 100644 87_log_analytics_ampls/commands.ps1 rename {85_prometheus_grafana_private_endpoint => 87_log_analytics_ampls}/commands.sh (100%) rename {85_prometheus_grafana_private_endpoint => 87_log_analytics_ampls}/container-azm-ms-agentconfig.yaml (100%) create mode 100644 87_log_analytics_ampls/counter-pod.yaml rename {85_prometheus_grafana_private_endpoint => 87_log_analytics_ampls}/dce-log_analytics.tf (81%) rename {85_prometheus_grafana_private_endpoint => 87_log_analytics_ampls}/dcr-log_analytics.tf (91%) create mode 100644 87_log_analytics_ampls/diagnostic_setting.tf rename {85_prometheus_grafana_private_endpoint => 87_log_analytics_ampls}/images/85_prometheus_grafana__architecture.png (100%) rename {85_prometheus_grafana_private_endpoint => 87_log_analytics_ampls}/log_analytics.tf (84%) create mode 100644 87_log_analytics_ampls/output.tf rename {85_prometheus_grafana_private_endpoint => 87_log_analytics_ampls}/pe-ampls.tf (86%) rename {85_prometheus_grafana_private_endpoint => 87_log_analytics_ampls}/providers.tf (74%) create mode 100644 87_log_analytics_ampls/rg.tf create mode 100644 87_log_analytics_ampls/variables.tf rename {85_prometheus_grafana_private_endpoint => 87_log_analytics_ampls}/vnet.tf (62%) create mode 100644 87_log_analytics_ampls/windows-vm.tf create mode 100644 88_prometheus_grafana_ampls/.infracost/terraform_modules/manifest.json create mode 100644 88_prometheus_grafana_ampls/Readme.md create mode 100644 88_prometheus_grafana_ampls/aks.tf create mode 100644 88_prometheus_grafana_ampls/aks_identity.tf rename {85_prometheus_grafana_private_endpoint => 88_prometheus_grafana_ampls}/ama-metrics-settings-configmap.yaml (100%) create mode 100644 88_prometheus_grafana_ampls/ampls.tf create mode 100644 88_prometheus_grafana_ampls/bastion.tf rename {85_prometheus_grafana_private_endpoint => 88_prometheus_grafana_ampls}/commands.ps1 (100%) create mode 100644 88_prometheus_grafana_ampls/commands.sh create mode 100644 88_prometheus_grafana_ampls/container-azm-ms-agentconfig.yaml create mode 100644 88_prometheus_grafana_ampls/dce-log_analytics.tf create mode 100644 88_prometheus_grafana_ampls/dce-prometheus.tf create mode 100644 88_prometheus_grafana_ampls/dcr-log_analytics.tf create mode 100644 88_prometheus_grafana_ampls/dcr-prometheus.tf rename {85_prometheus_grafana_private_endpoint => 88_prometheus_grafana_ampls}/deploy-svc-ingress.yaml (100%) rename {85_prometheus_grafana_private_endpoint => 88_prometheus_grafana_ampls}/diagnostic_setting.tf (94%) create mode 100644 88_prometheus_grafana_ampls/grafana.tf create mode 100644 88_prometheus_grafana_ampls/images/85_prometheus_grafana__architecture.png rename {85_prometheus_grafana_private_endpoint => 88_prometheus_grafana_ampls}/import_grafafana_dashboard.tf (100%) create mode 100644 88_prometheus_grafana_ampls/log_analytics.tf create mode 100644 88_prometheus_grafana_ampls/logger-pod.yaml rename {85_prometheus_grafana_private_endpoint => 88_prometheus_grafana_ampls}/nginx.tf (100%) rename {85_prometheus_grafana_private_endpoint => 88_prometheus_grafana_ampls}/output.tf (100%) create mode 100644 88_prometheus_grafana_ampls/pe-ampls.tf create mode 100644 88_prometheus_grafana_ampls/prometheus.tf create mode 100644 88_prometheus_grafana_ampls/providers.tf create mode 100644 88_prometheus_grafana_ampls/rg.tf create mode 100644 88_prometheus_grafana_ampls/variables.tf create mode 100644 88_prometheus_grafana_ampls/vnet.tf rename {85_prometheus_grafana_private_endpoint => 88_prometheus_grafana_ampls}/windows-vm.tf (58%) diff --git a/85_prometheus_grafana_private_endpoint/dce-prometheus.tf b/85_prometheus_grafana_private_endpoint/dce-prometheus.tf deleted file mode 100644 index 25da49c..0000000 --- a/85_prometheus_grafana_private_endpoint/dce-prometheus.tf +++ /dev/null @@ -1,14 +0,0 @@ -# resource "azurerm_monitor_data_collection_endpoint" "dce-prometheus" { -# name = "dce-prometheus" -# resource_group_name = azurerm_resource_group.rg_monitoring.name -# location = azurerm_resource_group.rg_monitoring.location -# kind = "Linux" -# public_network_access_enabled = false # true # false -# } - -# # associate to a Data Collection Endpoint -# resource "azurerm_monitor_data_collection_rule_association" "dcra-dce-prometheus-aks" { -# name = "configurationAccessEndpoint" # "dcra-dce-prometheus-aks" # # name is required when data_collection_rule_id is specified. And when data_collection_endpoint_id is specified, the name is populated with configurationAccessEndpoint -# target_resource_id = azurerm_kubernetes_cluster.aks.id -# data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.dce-prometheus.id -# } diff --git a/85_prometheus_grafana_private_endpoint/dcr-prometheus.tf b/85_prometheus_grafana_private_endpoint/dcr-prometheus.tf deleted file mode 100644 index 337bb46..0000000 --- a/85_prometheus_grafana_private_endpoint/dcr-prometheus.tf +++ /dev/null @@ -1,35 +0,0 @@ -# resource "azurerm_monitor_data_collection_rule" "dcr-prometheus" { -# name = "dcr-prometheus" -# resource_group_name = azurerm_resource_group.rg_monitoring.name -# location = azurerm_resource_group.rg_monitoring.location -# data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.dce-prometheus.id -# kind = "Linux" -# description = "DCR for Azure Monitor Metrics Profile (Managed Prometheus)" - -# data_sources { -# prometheus_forwarder { -# name = "PrometheusDataSource" -# streams = ["Microsoft-PrometheusMetrics"] -# } -# } - -# destinations { -# monitor_account { -# monitor_account_id = azurerm_monitor_workspace.prometheus.id -# name = azurerm_monitor_workspace.prometheus.name -# } -# } - -# data_flow { -# streams = ["Microsoft-PrometheusMetrics"] -# destinations = [azurerm_monitor_workspace.prometheus.name] -# } -# } - -# # associate to a Data Collection Rule -# resource "azurerm_monitor_data_collection_rule_association" "dcra-dcr-prometheus-aks" { -# name = "dcra-dcr-prometheus-aks" -# target_resource_id = azurerm_kubernetes_cluster.aks.id -# data_collection_rule_id = azurerm_monitor_data_collection_rule.dcr-prometheus.id -# description = "Association of data collection rule. Deleting this association will break the data collection for this AKS Cluster." -# } diff --git a/85_prometheus_grafana_private_endpoint/grafana.tf b/85_prometheus_grafana_private_endpoint/grafana.tf deleted file mode 100644 index c56d199..0000000 --- a/85_prometheus_grafana_private_endpoint/grafana.tf +++ /dev/null @@ -1,48 +0,0 @@ -# resource "azurerm_dashboard_grafana" "grafana" { -# name = var.grafana_name -# resource_group_name = azurerm_resource_group.rg_monitoring.name -# location = azurerm_resource_group.rg_monitoring.location -# api_key_enabled = true -# deterministic_outbound_ip_enabled = true -# public_network_access_enabled = true -# sku = "Standard" -# zone_redundancy_enabled = false -# grafana_major_version = "10" # 9 - -# azure_monitor_workspace_integrations { -# resource_id = azurerm_monitor_workspace.prometheus.id -# } - -# identity { -# type = "SystemAssigned" # "UserAssigned" # -# # identity_ids = [azurerm_user_assigned_identity.identity-grafana.id] -# } -# } - -# data "azurerm_client_config" "current" {} - -# resource "azurerm_role_assignment" "role_grafana_admin" { -# scope = azurerm_dashboard_grafana.grafana.id -# role_definition_name = "Grafana Admin" -# principal_id = data.azurerm_client_config.current.object_id -# } - -# resource "azurerm_role_assignment" "role_monitoring_data_reader" { -# scope = azurerm_monitor_workspace.prometheus.id -# role_definition_name = "Monitoring Data Reader" -# principal_id = azurerm_dashboard_grafana.grafana.identity.0.principal_id # azurerm_user_assigned_identity.identity-grafana.principal_id # -# } - -# data "azurerm_subscription" "current" {} - -# resource "azurerm_role_assignment" "role_monitoring_reader" { -# scope = data.azurerm_subscription.current.id -# role_definition_name = "Monitoring Reader" -# principal_id = azurerm_dashboard_grafana.grafana.identity.0.principal_id # azurerm_user_assigned_identity.identity-grafana.principal_id # -# } - -# # resource "azurerm_user_assigned_identity" "identity-grafana" { -# # name = "identity-grafana" -# # resource_group_name = azurerm_resource_group.rg_monitoring.name -# # location = azurerm_resource_group.rg_monitoring.location -# # } diff --git a/85_prometheus_grafana_private_endpoint/prometheus.tf b/85_prometheus_grafana_private_endpoint/prometheus.tf deleted file mode 100644 index 483723d..0000000 --- a/85_prometheus_grafana_private_endpoint/prometheus.tf +++ /dev/null @@ -1,224 +0,0 @@ -# resource "azurerm_monitor_workspace" "prometheus" { -# name = var.prometheus_name -# resource_group_name = azurerm_resource_group.rg_monitoring.name -# location = azurerm_resource_group.rg_monitoring.location -# public_network_access_enabled = false # false # true -# } - -# resource "azurerm_role_assignment" "role_monitoring_data_reader_me" { -# scope = azurerm_monitor_workspace.prometheus.id -# role_definition_name = "Monitoring Data Reader" -# principal_id = data.azurerm_client_config.current.object_id -# } - -# resource "azurerm_monitor_alert_prometheus_rule_group" "alert-prometheus-nodes" { -# name = "NodeRecordingRulesRuleGroup" -# resource_group_name = azurerm_resource_group.rg_monitoring.name -# location = azurerm_resource_group.rg_monitoring.location -# cluster_name = azurerm_kubernetes_cluster.aks.name -# rule_group_enabled = true -# interval = "PT1M" -# scopes = [azurerm_monitor_workspace.prometheus.id] - -# rule { -# record = "instance:node_num_cpu:sum" -# expression = "count without (cpu, mode) (node_cpu_seconds_total{job=\"node\",mode=\"idle\"})" -# enabled = true -# } - -# rule { -# record = "instance:node_cpu_utilisation:rate5m" -# expression = "1 - avg without (cpu) (sum without (mode) (rate(node_cpu_seconds_total{job=\"node\", mode=~\"idle|iowait|steal\"}[5m])))" -# enabled = true -# } - -# rule { -# record = "instance:node_load1_per_cpu:ratio" -# expression = "(node_load1{job=\"node\"}/ instance:node_num_cpu:sum{job=\"node\"})" -# enabled = true -# } - -# rule { -# record = "instance:node_memory_utilisation:ratio" -# expression = "1 - ((node_memory_MemAvailable_bytes{job=\"node\"} or (node_memory_Buffers_bytes{job=\"node\"} + node_memory_Cached_bytes{job=\"node\"} + node_memory_MemFree_bytes{job=\"node\"} + node_memory_Slab_bytes{job=\"node\"})) / node_memory_MemTotal_bytes{job=\"node\"})" -# enabled = true -# } - -# rule { -# record = "instance:node_vmstat_pgmajfault:rate5m" -# expression = "rate(node_vmstat_pgmajfault{job=\"node\"}[5m])" -# enabled = true -# } - -# rule { -# record = "instance_device:node_disk_io_time_seconds:rate5m" -# expression = "rate(node_disk_io_time_seconds_total{job=\"node\", device!=\"\"}[5m])" -# enabled = true -# } - -# rule { -# record = "instance_device:node_disk_io_time_weighted_seconds:rate5m" -# expression = "rate(node_disk_io_time_weighted_seconds_total{job=\"node\", device!=\"\"}[5m])" -# enabled = true -# } - -# rule { -# record = "instance:node_network_receive_bytes_excluding_lo:rate5m" -# expression = "sum without (device) (rate(node_network_receive_bytes_total{job=\"node\", device!=\"lo\"}[5m]))" -# enabled = true -# } - -# rule { -# record = "instance:node_network_transmit_bytes_excluding_lo:rate5m" -# expression = "sum without (device) (rate(node_network_transmit_bytes_total{job=\"node\", device!=\"lo\"}[5m]))" -# enabled = true -# } - -# rule { -# record = "instance:node_network_receive_drop_excluding_lo:rate5m" -# expression = "sum without (device) (rate(node_network_receive_drop_total{job=\"node\", device!=\"lo\"}[5m]))" -# enabled = true -# } - -# rule { -# record = "instance:node_network_transmit_drop_excluding_lo:rate5m" -# expression = "sum without (device) (rate(node_network_transmit_drop_total{job=\"node\", device!=\"lo\"}[5m]))" -# enabled = true -# } -# } - -# resource "azurerm_monitor_alert_prometheus_rule_group" "alert-prometheus-k8s" { -# name = "KubernetesRecordingRulesRuleGroup" -# resource_group_name = azurerm_resource_group.rg_monitoring.name -# location = azurerm_resource_group.rg_monitoring.location -# cluster_name = azurerm_kubernetes_cluster.aks.name -# rule_group_enabled = true -# interval = "PT1M" -# scopes = [azurerm_monitor_workspace.prometheus.id] - -# rule { -# record = "node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate" -# expression = "sum by (cluster, namespace, pod, container) (irate(container_cpu_usage_seconds_total{job=\"cadvisor\", image!=\"\"}[5m])) * on (cluster, namespace, pod) group_left(node) topk by (cluster, namespace, pod) (1, max by(cluster, namespace, pod, node) (kube_pod_info{node!=\"\"}))" -# enabled = true -# } - -# rule { -# record = "node_namespace_pod_container:container_memory_working_set_bytes" -# expression = "container_memory_working_set_bytes{job=\"cadvisor\", image!=\"\"}* on (namespace, pod) group_left(node) topk by(namespace, pod) (1, max by(namespace, pod, node) (kube_pod_info{node!=\"\"}))" -# enabled = true -# } - -# rule { -# record = "node_namespace_pod_container:container_memory_rss" -# expression = "container_memory_rss{job=\"cadvisor\", image!=\"\"}* on (namespace, pod) group_left(node) topk by(namespace, pod) (1, max by(namespace, pod, node) (kube_pod_info{node!=\"\"}))" -# enabled = true -# } - -# rule { -# record = "node_namespace_pod_container:container_memory_cache" -# expression = "container_memory_cache{job=\"cadvisor\", image!=\"\"}* on (namespace, pod) group_left(node) topk by(namespace, pod) (1, max by(namespace, pod, node) (kube_pod_info{node!=\"\"}))" -# enabled = true -# } - -# rule { -# record = "node_namespace_pod_container:container_memory_swap" -# expression = "container_memory_swap{job=\"cadvisor\", image!=\"\"}* on (namespace, pod) group_left(node) topk by(namespace, pod) (1, max by(namespace, pod, node) (kube_pod_info{node!=\"\"}))" -# enabled = true -# } - -# rule { -# record = "cluster:namespace:pod_memory:active:kube_pod_container_resource_requests" -# expression = "kube_pod_container_resource_requests{resource=\"memory\",job=\"kube-state-metrics\"} * on(namespace, pod, cluster)group_left() max by (namespace, pod, cluster) ((kube_pod_status_phase{phase=~\"Pending|Running\"} == 1))" -# enabled = true -# } - -# rule { -# record = "namespace_memory:kube_pod_container_resource_requests:sum" -# expression = "sum by (namespace, cluster) (sum by (namespace, pod, cluster) (max by (namespace, pod, container, cluster) (kube_pod_container_resource_requests{resource=\"memory\",job=\"kube-state-metrics\"}) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) (kube_pod_status_phase{phase=~\"Pending|Running\"} == 1)))" -# enabled = true -# } - -# rule { -# record = "cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests" -# expression = "kube_pod_container_resource_requests{resource=\"cpu\",job=\"kube-state-metrics\"} * on (namespace, pod, cluster)group_left() max by (namespace, pod, cluster) ((kube_pod_status_phase{phase=~\"Pending|Running\"} == 1))" -# enabled = true -# } - -# rule { -# record = "namespace_cpu:kube_pod_container_resource_requests:sum" -# expression = "sum by (namespace, cluster) (sum by(namespace, pod, cluster) (max by(namespace, pod, container, cluster) (kube_pod_container_resource_requests{resource=\"cpu\",job=\"kube-state-metrics\"}) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) (kube_pod_status_phase{phase=~\"Pending|Running\"} == 1)))" -# enabled = true -# } - -# rule { -# record = "cluster:namespace:pod_memory:active:kube_pod_container_resource_limits" -# expression = "kube_pod_container_resource_limits{resource=\"memory\",job=\"kube-state-metrics\"} * on (namespace, pod, cluster)group_left() max by (namespace, pod, cluster) ((kube_pod_status_phase{phase=~\"Pending|Running\"} == 1))" -# enabled = true -# } - -# rule { -# record = "namespace_memory:kube_pod_container_resource_limits:sum" -# expression = "sum by (namespace, cluster) (sum by (namespace, pod, cluster) (max by (namespace, pod, container, cluster) (kube_pod_container_resource_limits{resource=\"memory\",job=\"kube-state-metrics\"}) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) (kube_pod_status_phase{phase=~\"Pending|Running\"} == 1)))" -# enabled = true -# } - -# rule { -# record = "cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits" -# expression = "kube_pod_container_resource_limits{resource=\"cpu\",job=\"kube-state-metrics\"} * on (namespace, pod, cluster)group_left() max by (namespace, pod, cluster) ( (kube_pod_status_phase{phase=~\"Pending|Running\"} == 1) )" -# enabled = true -# } - -# rule { -# record = "namespace_cpu:kube_pod_container_resource_limits:sum" -# expression = "sum by (namespace, cluster) (sum by (namespace, pod, cluster) (max by(namespace, pod, container, cluster) (kube_pod_container_resource_limits{resource=\"cpu\",job=\"kube-state-metrics\"}) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) (kube_pod_status_phase{phase=~\"Pending|Running\"} == 1)))" -# enabled = true -# } - -# rule { -# record = "namespace_workload_pod:kube_pod_owner:relabel" -# expression = "max by (cluster, namespace, workload, pod) (label_replace(label_replace(kube_pod_owner{job=\"kube-state-metrics\", owner_kind=\"ReplicaSet\"}, \"replicaset\", \"$1\", \"owner_name\", \"(.*)\") * on(replicaset, namespace) group_left(owner_name) topk by(replicaset, namespace) (1, max by (replicaset, namespace, owner_name) (kube_replicaset_owner{job=\"kube-state-metrics\"})), \"workload\", \"$1\", \"owner_name\", \"(.*)\"))" -# labels = { -# "workload_type" = "deployment" -# } -# enabled = true -# } - -# rule { -# record = "namespace_workload_pod:kube_pod_owner:relabel" -# expression = "max by (cluster, namespace, workload, pod) (label_replace(kube_pod_owner{job=\"kube-state-metrics\", owner_kind=\"DaemonSet\"}, \"workload\", \"$1\", \"owner_name\", \"(.*)\"))" -# labels = { -# "workload_type" = "daemonset" -# } -# enabled = true -# } - -# rule { -# record = "namespace_workload_pod:kube_pod_owner:relabel" -# expression = "max by (cluster, namespace, workload, pod) (label_replace(kube_pod_owner{job=\"kube-state-metrics\", owner_kind=\"StatefulSet\"}, \"workload\", \"$1\", \"owner_name\", \"(.*)\"))" -# labels = { -# "workload_type" = "statefulset" -# } -# enabled = true -# } - -# rule { -# record = "namespace_workload_pod:kube_pod_owner:relabel" -# expression = "max by (cluster, namespace, workload, pod) (label_replace(kube_pod_owner{job=\"kube-state-metrics\", owner_kind=\"Job\"}, \"workload\", \"$1\", \"owner_name\", \"(.*)\"))" -# labels = { -# "workload_type" = "job" -# } -# enabled = true -# } - -# rule { -# record = ":node_memory_MemAvailable_bytes:sum" -# expression = "sum(node_memory_MemAvailable_bytes{job=\"node\"} or (node_memory_Buffers_bytes{job=\"node\"} + node_memory_Cached_bytes{job=\"node\"} + node_memory_MemFree_bytes{job=\"node\"} + node_memory_Slab_bytes{job=\"node\"})) by (cluster)" -# enabled = true -# } - -# rule { -# record = "cluster:node_cpu:ratio_rate5m" -# expression = "sum(rate(node_cpu_seconds_total{job=\"node\",mode!=\"idle\",mode!=\"iowait\",mode!=\"steal\"}[5m])) by (cluster) /count(sum(node_cpu_seconds_total{job=\"node\"}) by (cluster, instance, cpu)) by (cluster)" -# enabled = true -# } -# } diff --git a/85_prometheus_grafana_private_endpoint/resource_group.tf b/85_prometheus_grafana_private_endpoint/resource_group.tf deleted file mode 100644 index 276e5b7..0000000 --- a/85_prometheus_grafana_private_endpoint/resource_group.tf +++ /dev/null @@ -1,9 +0,0 @@ -resource "azurerm_resource_group" "rg_aks_cluster" { - name = var.rg_aks_cluster - location = var.resources_location -} - -resource "azurerm_resource_group" "rg_monitoring" { - name = var.rg_monitoring - location = var.resources_location -} \ No newline at end of file diff --git a/85_prometheus_grafana_private_endpoint/variables.tf b/85_prometheus_grafana_private_endpoint/variables.tf deleted file mode 100644 index f4d0003..0000000 --- a/85_prometheus_grafana_private_endpoint/variables.tf +++ /dev/null @@ -1,29 +0,0 @@ -variable "resources_location" { - type = string - default = "swedencentral" -} - -variable "rg_aks_cluster" { - type = string - default = "rg-aks-cluster" -} - -variable "rg_monitoring" { - type = string - default = "rg-monitoring" -} - -variable "aks_name" { - type = string - default = "aks-cluster" -} - -variable "grafana_name" { - type = string - default = "azure-grafana-17" -} - -variable "prometheus_name" { - type = string - default = "azure-prometheus" -} diff --git a/85_prometheus_grafana_private_endpoint/.infracost/terraform_modules/manifest.json b/87_log_analytics_ampls/.infracost/terraform_modules/manifest.json similarity index 100% rename from 85_prometheus_grafana_private_endpoint/.infracost/terraform_modules/manifest.json rename to 87_log_analytics_ampls/.infracost/terraform_modules/manifest.json diff --git a/85_prometheus_grafana_private_endpoint/Readme.md b/87_log_analytics_ampls/Readme.md similarity index 100% rename from 85_prometheus_grafana_private_endpoint/Readme.md rename to 87_log_analytics_ampls/Readme.md diff --git a/85_prometheus_grafana_private_endpoint/aks.tf b/87_log_analytics_ampls/aks.tf similarity index 81% rename from 85_prometheus_grafana_private_endpoint/aks.tf rename to 87_log_analytics_ampls/aks.tf index bbb3abf..fb23477 100644 --- a/85_prometheus_grafana_private_endpoint/aks.tf +++ b/87_log_analytics_ampls/aks.tf @@ -1,7 +1,7 @@ resource "azurerm_kubernetes_cluster" "aks" { - name = var.aks_name - location = azurerm_resource_group.rg_aks_cluster.location - resource_group_name = azurerm_resource_group.rg_aks_cluster.name + name = "aks-cluster" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name dns_prefix = "aks" kubernetes_version = "1.28.5" # "1.29.0" @@ -13,7 +13,7 @@ resource "azurerm_kubernetes_cluster" "aks" { default_node_pool { name = "systempool" - node_count = "3" + node_count = 3 vm_size = "standard_b2als_v2" vnet_subnet_id = azurerm_subnet.snet-aks.id } diff --git a/85_prometheus_grafana_private_endpoint/ampls.tf b/87_log_analytics_ampls/ampls.tf similarity index 87% rename from 85_prometheus_grafana_private_endpoint/ampls.tf rename to 87_log_analytics_ampls/ampls.tf index 4bc8a64..f63dc33 100644 --- a/85_prometheus_grafana_private_endpoint/ampls.tf +++ b/87_log_analytics_ampls/ampls.tf @@ -1,18 +1,18 @@ resource "azurerm_monitor_private_link_scope" "ampls" { name = "ampls-monitoring" - resource_group_name = azurerm_resource_group.rg_monitoring.name + resource_group_name = azurerm_resource_group.rg.name } resource "azurerm_monitor_private_link_scoped_service" "ampls-log-analytics" { name = "ampls-log-analytics" - resource_group_name = azurerm_resource_group.rg_monitoring.name + resource_group_name = azurerm_resource_group.rg.name scope_name = azurerm_monitor_private_link_scope.ampls.name linked_resource_id = azurerm_log_analytics_workspace.workspace.id } resource "azurerm_monitor_private_link_scoped_service" "ampls-dce-log-analytics" { name = "ampls-dce-log-analytics" - resource_group_name = azurerm_resource_group.rg_monitoring.name + resource_group_name = azurerm_resource_group.rg.name scope_name = azurerm_monitor_private_link_scope.ampls.name linked_resource_id = azurerm_monitor_data_collection_endpoint.dce-log-analytics.id } diff --git a/87_log_analytics_ampls/bastion.tf b/87_log_analytics_ampls/bastion.tf new file mode 100644 index 0000000..8f05360 --- /dev/null +++ b/87_log_analytics_ampls/bastion.tf @@ -0,0 +1,25 @@ +resource "azurerm_public_ip" "pip-bastion" { + name = "pip-bastion" + resource_group_name = azurerm_resource_group.rg-jumpbox.name + location = azurerm_resource_group.rg-jumpbox.location + allocation_method = "Static" + sku = "Standard" +} + +resource "azurerm_bastion_host" "bastion" { + name = "bastion" + resource_group_name = azurerm_resource_group.rg-jumpbox.name + location = azurerm_resource_group.rg-jumpbox.location + sku = "Standard" # "Standard" # "Basic", "Developer" + copy_paste_enabled = true + file_copy_enabled = false + shareable_link_enabled = false + tunneling_enabled = false + ip_connect_enabled = false + + ip_configuration { + name = "configuration" + subnet_id = azurerm_subnet.snet-bastion.id + public_ip_address_id = azurerm_public_ip.pip-bastion.id + } +} \ No newline at end of file diff --git a/87_log_analytics_ampls/commands.ps1 b/87_log_analytics_ampls/commands.ps1 new file mode 100644 index 0000000..721ba96 --- /dev/null +++ b/87_log_analytics_ampls/commands.ps1 @@ -0,0 +1,58 @@ +# https://github.com/Azure/prometheus-collector/blob/main/AddonTerraformTemplate/main.tf + +terraform init + +terraform plan -out tfplan + +terraform apply tfplan + +terraform destroy + +$grafana_name=(terraform output grafana_name) +$grafana_rg_name=(terraform output grafana_rg_name) + +$aks_name=(terraform output aks_name) +$aks_rg_name=(terraform output aks_rg_name) + +az grafana dashboard import ` + --name $grafana_name ` + --resource-group $grafana_rg_name ` + --definition "https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/grafana/dashboards/nginx.json" + + +az grafana dashboard import ` + --name $grafana_name ` + --resource-group $grafana_rg_name ` + --definition "https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/grafana/dashboards/request-handling-performance.json" + + + +az aks get-credentials --resource-group $aks_rg_name --name $aks_name --overwrite-existing + +helm install nginx-ingress oci://ghcr.io/nginxinc/charts/nginx-ingress --namespace ingress --create-namespace + +kubectl apply -f deploy-svc-ingress.yaml + +kubectl apply -f container-azm-ms-agentconfig.yaml + +kubectl apply -f ama-metrics-settings-configmap.yaml + +# Kubernetes / API server +az grafana dashboard import --name $grafana_name --resource-group $grafana_rg_name --definition 20331 + +# Kubernetes / ETCD +az grafana dashboard import --name $grafana_name --resource-group $grafana_rg_name --definition 20330 + +# Dashboard for IP consumption +# https://github.com/Azure/azure-container-networking/tree/master/cns/doc/examples/metrics +kubectl -n kube-system get nnc +# NAME ALLOCATED IPS NC MODE NC VERSION +# aks-systempool-96223890-vmss000000 256 static 0 +# aks-systempool-96223890-vmss000001 256 static 0 +# aks-systempool-96223890-vmss000002 256 static 0 + +# https://github.com/grafana/helm-charts/tree/main/charts/grafana +helm repo add grafana https://grafana.github.io/helm-charts +helm repo update + +helm install grafana grafana/grafana --namespace monitoring --create-namespace --set persistence.enabled=true --set persistence.size=10Gi --set adminPassword=admin --set service.type=LoadBalancer \ No newline at end of file diff --git a/85_prometheus_grafana_private_endpoint/commands.sh b/87_log_analytics_ampls/commands.sh similarity index 100% rename from 85_prometheus_grafana_private_endpoint/commands.sh rename to 87_log_analytics_ampls/commands.sh diff --git a/85_prometheus_grafana_private_endpoint/container-azm-ms-agentconfig.yaml b/87_log_analytics_ampls/container-azm-ms-agentconfig.yaml similarity index 100% rename from 85_prometheus_grafana_private_endpoint/container-azm-ms-agentconfig.yaml rename to 87_log_analytics_ampls/container-azm-ms-agentconfig.yaml diff --git a/87_log_analytics_ampls/counter-pod.yaml b/87_log_analytics_ampls/counter-pod.yaml new file mode 100644 index 0000000..b56a76a --- /dev/null +++ b/87_log_analytics_ampls/counter-pod.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Pod +metadata: + name: counter +spec: + containers: + - name: count + image: busybox + args: [/bin/sh, -c, 'i=0; while true; do echo "This is demo log $i: $(date)"; i=$((i+1)); sleep 10; done'] \ No newline at end of file diff --git a/85_prometheus_grafana_private_endpoint/dce-log_analytics.tf b/87_log_analytics_ampls/dce-log_analytics.tf similarity index 81% rename from 85_prometheus_grafana_private_endpoint/dce-log_analytics.tf rename to 87_log_analytics_ampls/dce-log_analytics.tf index 7aacd7e..99fc49e 100644 --- a/85_prometheus_grafana_private_endpoint/dce-log_analytics.tf +++ b/87_log_analytics_ampls/dce-log_analytics.tf @@ -1,7 +1,7 @@ resource "azurerm_monitor_data_collection_endpoint" "dce-log-analytics" { name = "dce-log-analytics" - resource_group_name = azurerm_resource_group.rg_monitoring.name - location = azurerm_resource_group.rg_monitoring.location + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location public_network_access_enabled = false } diff --git a/85_prometheus_grafana_private_endpoint/dcr-log_analytics.tf b/87_log_analytics_ampls/dcr-log_analytics.tf similarity index 91% rename from 85_prometheus_grafana_private_endpoint/dcr-log_analytics.tf rename to 87_log_analytics_ampls/dcr-log_analytics.tf index 13c0e39..9127c2a 100644 --- a/85_prometheus_grafana_private_endpoint/dcr-log_analytics.tf +++ b/87_log_analytics_ampls/dcr-log_analytics.tf @@ -1,7 +1,7 @@ resource "azurerm_monitor_data_collection_rule" "dcr-log-analytics" { name = "dcr-log-analytics" - resource_group_name = azurerm_resource_group.rg_monitoring.name - location = azurerm_resource_group.rg_monitoring.location + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.dce-log-analytics.id destinations { diff --git a/87_log_analytics_ampls/diagnostic_setting.tf b/87_log_analytics_ampls/diagnostic_setting.tf new file mode 100644 index 0000000..b662bae --- /dev/null +++ b/87_log_analytics_ampls/diagnostic_setting.tf @@ -0,0 +1,42 @@ +locals { + resources = [ + { + type = "aks" + id = azurerm_kubernetes_cluster.aks.id + } + ] +} + +data "azurerm_monitor_diagnostic_categories" "resources" { + for_each = { for resource in local.resources : resource.type => resource } + + resource_id = each.value.id +} + +resource "azurerm_monitor_diagnostic_setting" "rule" { + for_each = { for resource in local.resources : resource.type => resource } + + name = "diagnostic-setting" + target_resource_id = each.value.id + log_analytics_workspace_id = azurerm_log_analytics_workspace.workspace.id + log_analytics_destination_type = "Dedicated" # "AzureDiagnostics" + + dynamic "enabled_log" { + iterator = entry + for_each = data.azurerm_monitor_diagnostic_categories.resources[each.key].log_category_types + + content { + category = entry.value + } + } + + dynamic "metric" { + iterator = entry + for_each = data.azurerm_monitor_diagnostic_categories.resources[each.key].metrics + + content { + category = entry.value + enabled = true + } + } +} diff --git a/85_prometheus_grafana_private_endpoint/images/85_prometheus_grafana__architecture.png b/87_log_analytics_ampls/images/85_prometheus_grafana__architecture.png similarity index 100% rename from 85_prometheus_grafana_private_endpoint/images/85_prometheus_grafana__architecture.png rename to 87_log_analytics_ampls/images/85_prometheus_grafana__architecture.png diff --git a/85_prometheus_grafana_private_endpoint/log_analytics.tf b/87_log_analytics_ampls/log_analytics.tf similarity index 84% rename from 85_prometheus_grafana_private_endpoint/log_analytics.tf rename to 87_log_analytics_ampls/log_analytics.tf index 450a3d5..86ff15b 100644 --- a/85_prometheus_grafana_private_endpoint/log_analytics.tf +++ b/87_log_analytics_ampls/log_analytics.tf @@ -1,11 +1,11 @@ resource "azurerm_log_analytics_workspace" "workspace" { name = "log-analytics-workspace" - resource_group_name = azurerm_resource_group.rg_monitoring.name - location = var.resources_location + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location sku = "PerGB2018" # PerGB2018, Free, PerNode, Premium, Standard, Standalone, Unlimited, CapacityReservation retention_in_days = 30 # possible values are either 7 (Free Tier only) or range between 30 and 730 internet_ingestion_enabled = false - internet_query_enabled = true + internet_query_enabled = false } # resource "azurerm_log_analytics_solution" "solution" { diff --git a/87_log_analytics_ampls/output.tf b/87_log_analytics_ampls/output.tf new file mode 100644 index 0000000..63d4ec9 --- /dev/null +++ b/87_log_analytics_ampls/output.tf @@ -0,0 +1,7 @@ +output "aks_name" { + value = azurerm_kubernetes_cluster.aks.name +} + +output "aks_rg_name" { + value = azurerm_kubernetes_cluster.aks.resource_group_name +} \ No newline at end of file diff --git a/85_prometheus_grafana_private_endpoint/pe-ampls.tf b/87_log_analytics_ampls/pe-ampls.tf similarity index 86% rename from 85_prometheus_grafana_private_endpoint/pe-ampls.tf rename to 87_log_analytics_ampls/pe-ampls.tf index d44bd07..47355dc 100644 --- a/85_prometheus_grafana_private_endpoint/pe-ampls.tf +++ b/87_log_analytics_ampls/pe-ampls.tf @@ -10,8 +10,8 @@ locals { resource "azurerm_private_endpoint" "pe-ampls" { name = "pe-ampls" - resource_group_name = azurerm_virtual_network.vnet.resource_group_name - location = azurerm_virtual_network.vnet.location + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location subnet_id = azurerm_subnet.snet-pe.id private_service_connection { @@ -30,7 +30,7 @@ resource "azurerm_private_endpoint" "pe-ampls" { resource "azurerm_private_dns_zone" "zones" { for_each = toset(local.dns_zones_ampls) name = each.value - resource_group_name = azurerm_resource_group.rg_monitoring.name + resource_group_name = azurerm_resource_group.rg.name } resource "azurerm_private_dns_zone_virtual_network_link" "link" { diff --git a/85_prometheus_grafana_private_endpoint/providers.tf b/87_log_analytics_ampls/providers.tf similarity index 74% rename from 85_prometheus_grafana_private_endpoint/providers.tf rename to 87_log_analytics_ampls/providers.tf index 5f23363..b57fead 100644 --- a/85_prometheus_grafana_private_endpoint/providers.tf +++ b/87_log_analytics_ampls/providers.tf @@ -13,11 +13,6 @@ terraform { source = "hashicorp/azuread" version = "= 2.47.0" } - - # azapi = { - # source = "Azure/azapi" - # version = "1.12.1" - # } } } @@ -27,8 +22,4 @@ provider "azurerm" { # Configure the Azure Active Directory Provider provider "azuread" { # default takes current user/identity tenant -} - -# provider "azapi" { -# # Configuration options -# } +} \ No newline at end of file diff --git a/87_log_analytics_ampls/rg.tf b/87_log_analytics_ampls/rg.tf new file mode 100644 index 0000000..a5465f3 --- /dev/null +++ b/87_log_analytics_ampls/rg.tf @@ -0,0 +1,10 @@ +resource "azurerm_resource_group" "rg" { + name = "rg-aks-monitoring-${var.prefix}" + location = "swedencentral" +} + +resource "azurerm_resource_group" "rg-jumpbox" { + name = "rg-jumpbox-${var.prefix}" + location = "swedencentral" +} + diff --git a/87_log_analytics_ampls/variables.tf b/87_log_analytics_ampls/variables.tf new file mode 100644 index 0000000..7358604 --- /dev/null +++ b/87_log_analytics_ampls/variables.tf @@ -0,0 +1,3 @@ +variable "prefix" { + default = 900 +} \ No newline at end of file diff --git a/85_prometheus_grafana_private_endpoint/vnet.tf b/87_log_analytics_ampls/vnet.tf similarity index 62% rename from 85_prometheus_grafana_private_endpoint/vnet.tf rename to 87_log_analytics_ampls/vnet.tf index b59b497..2a42a9e 100644 --- a/85_prometheus_grafana_private_endpoint/vnet.tf +++ b/87_log_analytics_ampls/vnet.tf @@ -1,7 +1,7 @@ resource "azurerm_virtual_network" "vnet" { name = "vnet-aks" - resource_group_name = azurerm_resource_group.rg_aks_cluster.name - location = azurerm_resource_group.rg_aks_cluster.location + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location address_space = ["10.10.0.0/16"] } @@ -17,4 +17,11 @@ resource "azurerm_subnet" "snet-pe" { virtual_network_name = azurerm_virtual_network.vnet.name resource_group_name = azurerm_virtual_network.vnet.resource_group_name address_prefixes = ["10.10.1.0/24"] +} + +resource "azurerm_subnet" "snet-bastion" { + name = "AzureBastionSubnet" + virtual_network_name = azurerm_virtual_network.vnet.name + resource_group_name = azurerm_virtual_network.vnet.resource_group_name + address_prefixes = ["10.10.2.0/24"] } \ No newline at end of file diff --git a/87_log_analytics_ampls/windows-vm.tf b/87_log_analytics_ampls/windows-vm.tf new file mode 100644 index 0000000..30deb2f --- /dev/null +++ b/87_log_analytics_ampls/windows-vm.tf @@ -0,0 +1,40 @@ +resource "azurerm_network_interface" "nic-vm" { + name = "nic-vm-windows" + resource_group_name = azurerm_resource_group.rg-jumpbox.name + location = azurerm_resource_group.rg-jumpbox.location + + ip_configuration { + name = "internal" + subnet_id = azurerm_subnet.snet-aks.id + private_ip_address_allocation = "Dynamic" + } +} + +resource "azurerm_windows_virtual_machine" "vm" { + name = "vm-jumpbox-w11" + resource_group_name = azurerm_resource_group.rg-jumpbox.name + location = azurerm_resource_group.rg-jumpbox.location + size = "Standard_B2als_v2" # "Standard_B2ats_v2" + admin_username = "azureuser" + admin_password = "@Aa123456789" + network_interface_ids = [azurerm_network_interface.nic-vm.id] + priority = "Spot" + eviction_policy = "Deallocate" + + os_disk { + name = "os-disk-vm" + caching = "ReadWrite" + storage_account_type = "Standard_LRS" + } + + source_image_reference { + publisher = "MicrosoftWindowsDesktop" + offer = "windows-11" + sku = "win11-23h2-pro" + version = "latest" + } + + boot_diagnostics { + storage_account_uri = null + } +} \ No newline at end of file diff --git a/88_prometheus_grafana_ampls/.infracost/terraform_modules/manifest.json b/88_prometheus_grafana_ampls/.infracost/terraform_modules/manifest.json new file mode 100644 index 0000000..5d95a8b --- /dev/null +++ b/88_prometheus_grafana_ampls/.infracost/terraform_modules/manifest.json @@ -0,0 +1 @@ +{"Path":"d:\\Projects\\docker-kubernetes-course\\85_prometheus_grafana","Version":"2.0","Modules":[]} \ No newline at end of file diff --git a/88_prometheus_grafana_ampls/Readme.md b/88_prometheus_grafana_ampls/Readme.md new file mode 100644 index 0000000..4526c6d --- /dev/null +++ b/88_prometheus_grafana_ampls/Readme.md @@ -0,0 +1,42 @@ +# Using Azure Grafana and Prometheus workspace in AKS using Terraform + +## Introduction + +This lab shows how to use Terraform to provision an AKS cluster, Grafana and Monitor Workspace for Prometheus. All configured together to collect metrics from the cluster and expose it through Grafana dashboard. + +![](images\85_prometheus_grafana__architecture.png) + +## Challenges + +Azure Monitor Workspace for Prometheus is a new service (in preview). +It is not yet supported with ARM template or with Terraform resource. + +So, we'll use `azapi` terraform provider to create the Monitor Workspace for Prometheus. + +And we'll use a `local-exec` to run a command line to configure AKS with Prometheus. + +AKS, Grafana and Log Analytics are suported with ARM templates and Terraform. + +## Deploying the resources using Terraform + +To deploy the Terraform configuration files, run the following commands: + +```sh +terraform init + +terraform plan -out tfplan + +terraform apply tfplan +``` + +## Cleanup resources + +To delete the creates resources, run the following command: + +```sh +terraform destroy +``` + +## More readings + +https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/azure-monitor-workspace-manage?tabs=azure-portal diff --git a/88_prometheus_grafana_ampls/aks.tf b/88_prometheus_grafana_ampls/aks.tf new file mode 100644 index 0000000..a1aa1ca --- /dev/null +++ b/88_prometheus_grafana_ampls/aks.tf @@ -0,0 +1,43 @@ +resource "azurerm_kubernetes_cluster" "aks" { + name = "aks-cluster" + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name + dns_prefix = "aks" + kubernetes_version = "1.28.5" # "1.29.0" + + network_profile { + network_plugin = "azure" + network_plugin_mode = "overlay" + ebpf_data_plane = "cilium" + } + + default_node_pool { + name = "systempool" + node_count = 3 + vm_size = "standard_b2als_v2" + vnet_subnet_id = azurerm_subnet.snet-aks.id + } + + identity { + type = "UserAssigned" # "SystemAssigned" + identity_ids = [azurerm_user_assigned_identity.identity-aks.id] + } + + oms_agent { + log_analytics_workspace_id = azurerm_log_analytics_workspace.workspace.id + msi_auth_for_monitoring_enabled = true + } + + monitor_metrics { + annotations_allowed = null + labels_allowed = null + } + + lifecycle { + ignore_changes = [ + # monitor_metrics, + default_node_pool.0.upgrade_settings, + # default_node_pool.0.upgrade_settings.0.max_surge, + ] + } +} diff --git a/88_prometheus_grafana_ampls/aks_identity.tf b/88_prometheus_grafana_ampls/aks_identity.tf new file mode 100644 index 0000000..c0007c9 --- /dev/null +++ b/88_prometheus_grafana_ampls/aks_identity.tf @@ -0,0 +1,26 @@ +resource "azurerm_user_assigned_identity" "identity-aks" { + name = "identity-aks" + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location +} + +resource "azurerm_role_assignment" "network-contributor" { + scope = azurerm_virtual_network.vnet.id + role_definition_name = "Network Contributor" + principal_id = azurerm_user_assigned_identity.identity-aks.principal_id + skip_service_principal_aad_check = true +} + +# resource "azurerm_role_assignment" "Managed-Identity-Operator" { +# scope = azurerm_user_assigned_identity.identity-kubelet.id +# role_definition_name = "Managed Identity Operator" +# principal_id = azurerm_user_assigned_identity.identity_aks.principal_id +# skip_service_principal_aad_check = true +# } + +# resource "azurerm_role_assignment" "role_identity_aks_contributor" { +# scope = azurerm_resource_group.rg.id +# role_definition_name = "Contributor" +# principal_id = azurerm_user_assigned_identity.identity_aks.principal_id +# skip_service_principal_aad_check = true +# } \ No newline at end of file diff --git a/85_prometheus_grafana_private_endpoint/ama-metrics-settings-configmap.yaml b/88_prometheus_grafana_ampls/ama-metrics-settings-configmap.yaml similarity index 100% rename from 85_prometheus_grafana_private_endpoint/ama-metrics-settings-configmap.yaml rename to 88_prometheus_grafana_ampls/ama-metrics-settings-configmap.yaml diff --git a/88_prometheus_grafana_ampls/ampls.tf b/88_prometheus_grafana_ampls/ampls.tf new file mode 100644 index 0000000..ef9cd68 --- /dev/null +++ b/88_prometheus_grafana_ampls/ampls.tf @@ -0,0 +1,33 @@ +resource "azurerm_monitor_private_link_scope" "ampls" { + name = "ampls-monitoring" + resource_group_name = azurerm_resource_group.rg.name +} + +resource "azurerm_monitor_private_link_scoped_service" "ampls-log-analytics" { + name = "ampls-log-analytics" + scope_name = azurerm_monitor_private_link_scope.ampls.name + resource_group_name = azurerm_monitor_private_link_scope.ampls.resource_group_name + linked_resource_id = azurerm_log_analytics_workspace.workspace.id +} + +resource "azurerm_monitor_private_link_scoped_service" "ampls-dce-log-analytics" { + name = "ampls-dce-log-analytics" + scope_name = azurerm_monitor_private_link_scope.ampls.name + resource_group_name = azurerm_monitor_private_link_scope.ampls.resource_group_name + linked_resource_id = azurerm_monitor_data_collection_endpoint.dce-log-analytics.id +} + +# # # not required +# resource "azurerm_monitor_private_link_scoped_service" "prometheus" { +# name = "ampls-prometheus" +# resource_group_name = azurerm_resource_group.rg.name +# scope_name = azurerm_monitor_private_link_scope.ampls.name +# linked_resource_id = azurerm_monitor_workspace.prometheus.id +# } + +resource "azurerm_monitor_private_link_scoped_service" "ampls-dce-prometheus" { + name = "ampls-dce-prometheus" + scope_name = azurerm_monitor_private_link_scope.ampls.name + resource_group_name = azurerm_monitor_private_link_scope.ampls.resource_group_name + linked_resource_id = azurerm_monitor_data_collection_endpoint.dce-prometheus.id +} \ No newline at end of file diff --git a/88_prometheus_grafana_ampls/bastion.tf b/88_prometheus_grafana_ampls/bastion.tf new file mode 100644 index 0000000..8f05360 --- /dev/null +++ b/88_prometheus_grafana_ampls/bastion.tf @@ -0,0 +1,25 @@ +resource "azurerm_public_ip" "pip-bastion" { + name = "pip-bastion" + resource_group_name = azurerm_resource_group.rg-jumpbox.name + location = azurerm_resource_group.rg-jumpbox.location + allocation_method = "Static" + sku = "Standard" +} + +resource "azurerm_bastion_host" "bastion" { + name = "bastion" + resource_group_name = azurerm_resource_group.rg-jumpbox.name + location = azurerm_resource_group.rg-jumpbox.location + sku = "Standard" # "Standard" # "Basic", "Developer" + copy_paste_enabled = true + file_copy_enabled = false + shareable_link_enabled = false + tunneling_enabled = false + ip_connect_enabled = false + + ip_configuration { + name = "configuration" + subnet_id = azurerm_subnet.snet-bastion.id + public_ip_address_id = azurerm_public_ip.pip-bastion.id + } +} \ No newline at end of file diff --git a/85_prometheus_grafana_private_endpoint/commands.ps1 b/88_prometheus_grafana_ampls/commands.ps1 similarity index 100% rename from 85_prometheus_grafana_private_endpoint/commands.ps1 rename to 88_prometheus_grafana_ampls/commands.ps1 diff --git a/88_prometheus_grafana_ampls/commands.sh b/88_prometheus_grafana_ampls/commands.sh new file mode 100644 index 0000000..e331d02 --- /dev/null +++ b/88_prometheus_grafana_ampls/commands.sh @@ -0,0 +1,7 @@ +terraform init + +terraform plan -out tfplan + +terraform apply tfplan + +terraform destroy \ No newline at end of file diff --git a/88_prometheus_grafana_ampls/container-azm-ms-agentconfig.yaml b/88_prometheus_grafana_ampls/container-azm-ms-agentconfig.yaml new file mode 100644 index 0000000..9ce03d6 --- /dev/null +++ b/88_prometheus_grafana_ampls/container-azm-ms-agentconfig.yaml @@ -0,0 +1,211 @@ +# src: https://raw.githubusercontent.com/microsoft/Docker-Provider/ci_prod/kubernetes/container-azm-ms-agentconfig.yaml +# doc: https://learn.microsoft.com/en-us/azure/azure-monitor/containers/container-insights-agent-config + +kind: ConfigMap +apiVersion: v1 +metadata: + name: container-azm-ms-agentconfig + namespace: kube-system +data: + schema-version: + #string.used by agent to parse config. supported versions are {v1}. Configs with other schema versions will be rejected by the agent. + v1 + config-version: + #string.used by customer to keep track of this config file's version in their source control/repository (max allowed 10 chars, other chars will be truncated) + ver1 + log-data-collection-settings: |- + # Log data collection settings + # Any errors related to config map settings can be found in the KubeMonAgentEvents table in the Log Analytics workspace that the cluster is sending data to. + + [log_collection_settings] + [log_collection_settings.stdout] + # In the absense of this configmap, default value for enabled is true + enabled = true + # exclude_namespaces setting holds good only if enabled is set to true + # kube-system,gatekeeper-system log collection are disabled by default in the absence of 'log_collection_settings.stdout' setting. If you want to enable kube-system,gatekeeper-system, remove them from the following setting. + # If you want to continue to disable kube-system,gatekeeper-system log collection keep the namespaces in the following setting and add any other namespace you want to disable log collection to the array. + # In the absense of this configmap, default value for exclude_namespaces = ["kube-system","gatekeeper-system"] + exclude_namespaces = ["gatekeeper-system"] # ["kube-system","gatekeeper-system"] + + [log_collection_settings.stderr] + # Default value for enabled is true + enabled = true + # exclude_namespaces setting holds good only if enabled is set to true + # kube-system,gatekeeper-system log collection are disabled by default in the absence of 'log_collection_settings.stderr' setting. If you want to enable kube-system,gatekeeper-system, remove them from the following setting. + # If you want to continue to disable kube-system,gatekeeper-system log collection keep the namespaces in the following setting and add any other namespace you want to disable log collection to the array. + # In the absense of this configmap, default value for exclude_namespaces = ["kube-system","gatekeeper-system"] + exclude_namespaces = ["gatekeeper-system"] # ["kube-system","gatekeeper-system"] + + [log_collection_settings.env_var] + # In the absense of this configmap, default value for enabled is true + enabled = true + [log_collection_settings.enrich_container_logs] + # In the absense of this configmap, default value for enrich_container_logs is false + enabled = true + # When this is enabled (enabled = true), every container log entry (both stdout & stderr) will be enriched with container Name & container Image + [log_collection_settings.collect_all_kube_events] + # In the absense of this configmap, default value for collect_all_kube_events is false + # When the setting is set to false, only the kube events with !normal event type will be collected + enabled = false + # When this is enabled (enabled = true), all kube events including normal events will be collected + [log_collection_settings.schema] + # In the absence of this configmap, default value for containerlog_schema_version is "v1" + # Supported values for this setting are "v1","v2" + # See documentation at https://aka.ms/ContainerLogv2 for benefits of v2 schema over v1 schema before opting for "v2" schema + containerlog_schema_version = "v2" + [log_collection_settings.enable_multiline_logs] + # fluent-bit based multiline log collection for .NET, Go, Java, and Python stacktraces. + # if enabled will also stitch together container logs split by docker/cri due to size limits(16KB per log line) + enabled = "true" + + + prometheus-data-collection-settings: |- + # Custom Prometheus metrics data collection settings + [prometheus_data_collection_settings.cluster] + # Cluster level scrape endpoint(s). These metrics will be scraped from agent's Replicaset (singleton) + # Any errors related to prometheus scraping can be found in the KubeMonAgentEvents table in the Log Analytics workspace that the cluster is sending data to. + + #Interval specifying how often to scrape for metrics. This is duration of time and can be specified for supporting settings by combining an integer value and time unit as a string value. Valid time units are ns, us (or µs), ms, s, m, h. + interval = "1m" + + ## Uncomment the following settings with valid string arrays for prometheus scraping + #fieldpass = ["metric_to_pass1", "metric_to_pass12"] + + #fielddrop = ["metric_to_drop"] + + # An array of urls to scrape metrics from. + # urls = ["http://myurl:9101/metrics"] + + # An array of Kubernetes services to scrape metrics from. + # kubernetes_services = ["http://my-service-dns.my-namespace:9102/metrics"] + + # When monitor_kubernetes_pods = true, replicaset will scrape Kubernetes pods for the following prometheus annotations: + # - prometheus.io/scrape: Enable scraping for this pod + # - prometheus.io/scheme: Default is http + # - prometheus.io/path: If the metrics path is not /metrics, define it with this annotation. + # - prometheus.io/port: If port is not 9102 use this annotation + monitor_kubernetes_pods = false + + ## Restricts Kubernetes monitoring to namespaces for pods that have annotations set and are scraped using the monitor_kubernetes_pods setting. + ## This will take effect when monitor_kubernetes_pods is set to true + ## ex: monitor_kubernetes_pods_namespaces = ["default1", "default2", "default3"] + # monitor_kubernetes_pods_namespaces = ["default1"] + + ## Label selector to target pods which have the specified label + ## This will take effect when monitor_kubernetes_pods is set to true + ## Reference the docs at https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors + # kubernetes_label_selector = "env=dev,app=nginx" + + ## Field selector to target pods which have the specified field + ## This will take effect when monitor_kubernetes_pods is set to true + ## Reference the docs at https://kubernetes.io/docs/concepts/overview/working-with-objects/field-selectors/ + ## eg. To scrape pods on a specific node + # kubernetes_field_selector = "spec.nodeName=$HOSTNAME" + + [prometheus_data_collection_settings.node] + # Node level scrape endpoint(s). These metrics will be scraped from agent's DaemonSet running in every node in the cluster + # Any errors related to prometheus scraping can be found in the KubeMonAgentEvents table in the Log Analytics workspace that the cluster is sending data to. + + #Interval specifying how often to scrape for metrics. This is duration of time and can be specified for supporting settings by combining an integer value and time unit as a string value. Valid time units are ns, us (or µs), ms, s, m, h. + interval = "1m" + + ## Uncomment the following settings with valid string arrays for prometheus scraping + + # An array of urls to scrape metrics from. $NODE_IP (all upper case) will substitute of running Node's IP address + # urls = ["http://$NODE_IP:9103/metrics"] + + #fieldpass = ["metric_to_pass1", "metric_to_pass12"] + + #fielddrop = ["metric_to_drop"] + + metric_collection_settings: |- + # Metrics collection settings for metrics sent to Log Analytics and MDM + [metric_collection_settings.collect_kube_system_pv_metrics] + # In the absense of this configmap, default value for collect_kube_system_pv_metrics is false + # When the setting is set to false, only the persistent volume metrics outside the kube-system namespace will be collected + enabled = false + # When this is enabled (enabled = true), persistent volume metrics including those in the kube-system namespace will be collected + + alertable-metrics-configuration-settings: |- + # Alertable metrics configuration settings for container resource utilization + [alertable_metrics_configuration_settings.container_resource_utilization_thresholds] + # The threshold(Type Float) will be rounded off to 2 decimal points + # Threshold for container cpu, metric will be sent only when cpu utilization exceeds or becomes equal to the following percentage + container_cpu_threshold_percentage = 95.0 + # Threshold for container memoryRss, metric will be sent only when memory rss exceeds or becomes equal to the following percentage + container_memory_rss_threshold_percentage = 95.0 + # Threshold for container memoryWorkingSet, metric will be sent only when memory working set exceeds or becomes equal to the following percentage + container_memory_working_set_threshold_percentage = 95.0 + + # Alertable metrics configuration settings for persistent volume utilization + [alertable_metrics_configuration_settings.pv_utilization_thresholds] + # Threshold for persistent volume usage bytes, metric will be sent only when persistent volume utilization exceeds or becomes equal to the following percentage + pv_usage_threshold_percentage = 60.0 + + # Alertable metrics configuration settings for completed jobs count + [alertable_metrics_configuration_settings.job_completion_threshold] + # Threshold for completed job count , metric will be sent only for those jobs which were completed earlier than the following threshold + job_completion_threshold_time_minutes = 360 + integrations: |- + [integrations.azure_network_policy_manager] + collect_basic_metrics = false + collect_advanced_metrics = false + [integrations.azure_subnet_ip_usage] + enabled = true + +# Doc - https://github.com/microsoft/Docker-Provider/blob/ci_prod/Documentation/AgentSettings/ReadMe.md + agent-settings: |- + # prometheus scrape fluent bit settings for high scale + # buffer size should be greater than or equal to chunk size else we set it to chunk size. + # settings scoped to prometheus sidecar container. all values in mb + [agent_settings.prometheus_fbit_settings] + tcp_listener_chunk_size = 10 + tcp_listener_buffer_size = 10 + tcp_listener_mem_buf_limit = 200 + + # prometheus scrape fluent bit settings for high scale + # buffer size should be greater than or equal to chunk size else we set it to chunk size. + # settings scoped to daemonset container. all values in mb + # [agent_settings.node_prometheus_fbit_settings] + # tcp_listener_chunk_size = 1 + # tcp_listener_buffer_size = 1 + # tcp_listener_mem_buf_limit = 10 + + # prometheus scrape fluent bit settings for high scale + # buffer size should be greater than or equal to chunk size else we set it to chunk size. + # settings scoped to replicaset container. all values in mb + # [agent_settings.cluster_prometheus_fbit_settings] + # tcp_listener_chunk_size = 1 + # tcp_listener_buffer_size = 1 + # tcp_listener_mem_buf_limit = 10 + + # The following settings are "undocumented", we don't recommend uncommenting them unless directed by Microsoft. + # They increase the maximum stdout/stderr log collection rate but will also cause higher cpu/memory usage. + ## Ref for more details about Ignore_Older - https://docs.fluentbit.io/manual/v/1.7/pipeline/inputs/tail + # [agent_settings.fbit_config] + # log_flush_interval_secs = "1" # default value is 15 + # tail_mem_buf_limit_megabytes = "10" # default value is 10 + # tail_buf_chunksize_megabytes = "1" # default value is 32kb (comment out this line for default) + # tail_buf_maxsize_megabytes = "1" # default value is 32kb (comment out this line for default) + # tail_ignore_older = "5m" # default value same as fluent-bit default i.e.0m + + # On both AKS & Arc K8s enviornments, if Cluster has configured with Forward Proxy then Proxy settings automatically applied and used for the agent + # Certain configurations, proxy config should be ignored for example Cluster with AMPLS + Proxy + # in such scenarios, use the following config to ignore proxy settings + # [agent_settings.proxy_config] + # ignore_proxy_settings = "true" # if this is not applied, default value is false + + # The following settings are "undocumented", we don't recommend uncommenting them unless directed by Microsoft. + # Configuration settings for the waittime for the network listeners to be available + # [agent_settings.network_listener_waittime] + # tcp_port_25226 = 45 # Port 25226 is used for telegraf to fluent-bit data in ReplicaSet + # tcp_port_25228 = 60 # Port 25228 is used for telegraf to fluentd data + # tcp_port_25229 = 45 # Port 25229 is used for telegraf to fluent-bit data in DaemonSet + + # The following settings are "undocumented", we don't recommend uncommenting them unless directed by Microsoft. + # [agent_settings.mdsd_config] + # monitoring_max_event_rate = "50000" # default 20K eps + # backpressure_memory_threshold_in_mb = "1500" # default 3500MB + # upload_max_size_in_mb = "20" # default 2MB + # upload_frequency_seconds = "1" # default 60 upload_frequency_seconds + # compression_level = "0" # supported levels 0 to 9 and 0 means no compression \ No newline at end of file diff --git a/88_prometheus_grafana_ampls/dce-log_analytics.tf b/88_prometheus_grafana_ampls/dce-log_analytics.tf new file mode 100644 index 0000000..1dc6e2b --- /dev/null +++ b/88_prometheus_grafana_ampls/dce-log_analytics.tf @@ -0,0 +1,14 @@ +resource "azurerm_monitor_data_collection_endpoint" "dce-log-analytics" { + name = "dce-log-analytics" + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location + public_network_access_enabled = false +} + +# required +# associate to a Data Collection Endpoint +# resource "azurerm_monitor_data_collection_rule_association" "dcra-dce-log-analytics-aks" { +# name = "configurationAccessEndpoint" # name is required when data_collection_rule_id is specified. And when data_collection_endpoint_id is specified, the name is populated with configurationAccessEndpoint +# target_resource_id = azurerm_kubernetes_cluster.aks.id +# data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.dce-log-analytics.id +# } \ No newline at end of file diff --git a/88_prometheus_grafana_ampls/dce-prometheus.tf b/88_prometheus_grafana_ampls/dce-prometheus.tf new file mode 100644 index 0000000..15516e8 --- /dev/null +++ b/88_prometheus_grafana_ampls/dce-prometheus.tf @@ -0,0 +1,14 @@ +resource "azurerm_monitor_data_collection_endpoint" "dce-prometheus" { + name = "dce-prometheus" + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location + kind = "Linux" + public_network_access_enabled = false # true # false +} + +# associate to a Data Collection Endpoint +resource "azurerm_monitor_data_collection_rule_association" "dcra-dce-prometheus-aks" { +# name = "configurationAccessEndpoint" # "dcra-dce-prometheus-aks" # # name is required when data_collection_rule_id is specified. And when data_collection_endpoint_id is specified, the name is populated with configurationAccessEndpoint + target_resource_id = azurerm_kubernetes_cluster.aks.id + data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.dce-prometheus.id +} diff --git a/88_prometheus_grafana_ampls/dcr-log_analytics.tf b/88_prometheus_grafana_ampls/dcr-log_analytics.tf new file mode 100644 index 0000000..9127c2a --- /dev/null +++ b/88_prometheus_grafana_ampls/dcr-log_analytics.tf @@ -0,0 +1,59 @@ +resource "azurerm_monitor_data_collection_rule" "dcr-log-analytics" { + name = "dcr-log-analytics" + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location + data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.dce-log-analytics.id + + destinations { + log_analytics { + name = "log_analytics" + workspace_resource_id = azurerm_log_analytics_workspace.workspace.id + } + } + + data_flow { + streams = ["Microsoft-ContainerInsights-Group-Default"] + destinations = ["log_analytics"] + } + + data_sources { + syslog { + name = "example-syslog" + # streams = ["Microsoft-Syslog"] + facility_names = [ + "*" + ] + log_levels = [ + "Debug", + "Info", + "Notice", + "Warning", + "Error", + "Critical", + "Alert", + "Emergency", + ] + } + extension { + extension_name = "ContainerInsights" + name = "ContainerInsightsExtension" + streams = ["Microsoft-ContainerInsights-Group-Default"] + extension_json = jsonencode( + { + dataCollectionSettings = { + enableContainerLogV2 = true + interval = "1m" + namespaceFilteringMode = "Off" + } + } + ) + } + } +} + +# associate to a Data Collection Rule +resource "azurerm_monitor_data_collection_rule_association" "dcra-dcr-log-analytics-aks" { + name = "dcra-dcr-log-analytics-aks" + target_resource_id = azurerm_kubernetes_cluster.aks.id + data_collection_rule_id = azurerm_monitor_data_collection_rule.dcr-log-analytics.id +} diff --git a/88_prometheus_grafana_ampls/dcr-prometheus.tf b/88_prometheus_grafana_ampls/dcr-prometheus.tf new file mode 100644 index 0000000..a107ea0 --- /dev/null +++ b/88_prometheus_grafana_ampls/dcr-prometheus.tf @@ -0,0 +1,35 @@ +resource "azurerm_monitor_data_collection_rule" "dcr-prometheus" { + name = "dcr-prometheus" + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location + data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.dce-prometheus.id + kind = "Linux" + description = "DCR for Azure Monitor Metrics Profile (Managed Prometheus)" + + data_sources { + prometheus_forwarder { + name = "PrometheusDataSource" + streams = ["Microsoft-PrometheusMetrics"] + } + } + + destinations { + monitor_account { + monitor_account_id = azurerm_monitor_workspace.prometheus.id + name = azurerm_monitor_workspace.prometheus.name + } + } + + data_flow { + streams = ["Microsoft-PrometheusMetrics"] + destinations = [azurerm_monitor_workspace.prometheus.name] + } +} + +# associate to a Data Collection Rule +resource "azurerm_monitor_data_collection_rule_association" "dcra-dcr-prometheus-aks" { + name = "dcra-dcr-prometheus-aks" + target_resource_id = azurerm_kubernetes_cluster.aks.id + data_collection_rule_id = azurerm_monitor_data_collection_rule.dcr-prometheus.id + description = "Association of DCR. Deleting this association will break the data collection for this AKS Cluster." +} diff --git a/85_prometheus_grafana_private_endpoint/deploy-svc-ingress.yaml b/88_prometheus_grafana_ampls/deploy-svc-ingress.yaml similarity index 100% rename from 85_prometheus_grafana_private_endpoint/deploy-svc-ingress.yaml rename to 88_prometheus_grafana_ampls/deploy-svc-ingress.yaml diff --git a/85_prometheus_grafana_private_endpoint/diagnostic_setting.tf b/88_prometheus_grafana_ampls/diagnostic_setting.tf similarity index 94% rename from 85_prometheus_grafana_private_endpoint/diagnostic_setting.tf rename to 88_prometheus_grafana_ampls/diagnostic_setting.tf index 5507012..7227ecd 100644 --- a/85_prometheus_grafana_private_endpoint/diagnostic_setting.tf +++ b/88_prometheus_grafana_ampls/diagnostic_setting.tf @@ -24,7 +24,7 @@ resource "azurerm_monitor_diagnostic_setting" "rule" { name = "diagnostic-setting" target_resource_id = each.value.id log_analytics_workspace_id = azurerm_log_analytics_workspace.workspace.id - log_analytics_destination_type = "AzureDiagnostics" + log_analytics_destination_type = "Dedicated" # "AzureDiagnostics" dynamic "enabled_log" { iterator = entry diff --git a/88_prometheus_grafana_ampls/grafana.tf b/88_prometheus_grafana_ampls/grafana.tf new file mode 100644 index 0000000..ecfac5d --- /dev/null +++ b/88_prometheus_grafana_ampls/grafana.tf @@ -0,0 +1,48 @@ +resource "azurerm_dashboard_grafana" "grafana" { + name = "azure-grafana-${var.prefix}" + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location + api_key_enabled = true + deterministic_outbound_ip_enabled = true + sku = "Standard" + zone_redundancy_enabled = false + grafana_major_version = "10" # 9 + public_network_access_enabled = true + + azure_monitor_workspace_integrations { + resource_id = azurerm_monitor_workspace.prometheus.id + } + + identity { + type = "SystemAssigned" # "UserAssigned" # + # identity_ids = [azurerm_user_assigned_identity.identity-grafana.id] + } +} + +data "azurerm_client_config" "current" {} + +resource "azurerm_role_assignment" "role_grafana_admin" { + scope = azurerm_dashboard_grafana.grafana.id + role_definition_name = "Grafana Admin" + principal_id = data.azurerm_client_config.current.object_id +} + +resource "azurerm_role_assignment" "role_monitoring_data_reader" { + scope = azurerm_monitor_workspace.prometheus.id + role_definition_name = "Monitoring Data Reader" + principal_id = azurerm_dashboard_grafana.grafana.identity.0.principal_id # azurerm_user_assigned_identity.identity-grafana.principal_id # +} + +data "azurerm_subscription" "current" {} + +resource "azurerm_role_assignment" "role_monitoring_reader" { + scope = data.azurerm_subscription.current.id + role_definition_name = "Monitoring Reader" + principal_id = azurerm_dashboard_grafana.grafana.identity.0.principal_id # azurerm_user_assigned_identity.identity-grafana.principal_id # +} + +# resource "azurerm_user_assigned_identity" "identity-grafana" { +# name = "identity-grafana" +# resource_group_name = azurerm_resource_group.rg.name +# location = azurerm_resource_group.rg.location +# } diff --git a/88_prometheus_grafana_ampls/images/85_prometheus_grafana__architecture.png b/88_prometheus_grafana_ampls/images/85_prometheus_grafana__architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..4b45bc493b2c96c3462584822d94ea4f28734c6b GIT binary patch literal 190684 zcmeFYhgVZuw>}&}ECB_NfYL-o6oPa?dX*x*B%wFyp$Y_~7Y!;3C>nZ|oGdX`rWZ0n82tfj}1?YCbRm zfzGFcK&KhbodMptI^LTM{5j=oq@e;T>E&DmUYvGT)>Q_9%H!z|?C5~k=e;$}d_f>q z-jm-`4~=g92HyP3PtDZN*vrW;z|O}Jq~YV}=;`a?m8r}Tjc*R`9C`W{h#lE{x1~#|2sTJ1bVqYv2WSq0)2No-TObXKuZI` zw}=#aZ*uWSq_*{Nqdl=+|BlT0%u`Bi|Lb#p4r9?N*=B>>jU8{Tec3?CtN+R;5rG=$ zp0I#NFo-+rUT5w%Hc;LrDcb+>O&gur+eaUT#9dg8(3RT(i6Mpe zFwBPz)(g5G`LCRod>=aTYqW{r)N=PBthZ#Zd?*NH+jR3^iE#b`U9ZBmRUK5<-`iRF zj2R{|OYQf?6NYF(8!VCH|Ko;4yoxdkS{*xVM>J+KRwigC%CowX!f=FZpybkj-IvH& ze}>HzMU9Q3x{=-fNobKyWTo%X!q95dx|9j%x5U2^ZFd3yPk=qH{czs2T?dT^(45Gh zpmwjh+@y7LR-ay;M5K|5^dV8ilIE<(?5xX(}f=Ks6jCrAYP|q9VgeYBSjo_ZmY|#oD z$5pOh;IL99bJIYfz2IJYP)O{*uM#WwP=&O-SNmAN*e-i=4f9cDT=4KW=qY7_tnSg# zQWK#Vd8#Eu?K{JN;}>!J>cqH7bwvuxgZ*#E-R4)83PncH6I7%20|CI;X1bFdsK#`? zCGneiLudat_Ut+z^W)oP?LX%Ct==&?eX8K>^ZNxfu3*LGt4rdPmwP|cEyswG{tdkB z>jTLFjDGE5r7a_}N6!5xx1s*8+c?t+mh32vN7j5Alk9$7*{W+7tZ^?fE}$YP-gAwv_d~mk++;s%0kCqm*uQM(o)TQ3XDZWl?!@l8UhidTv_n8h zLK(0^ku!*zW-A%abBf!&xau)jTUR(GJ^j#Um1YUJ_d*Re!lAF&0UB9YJpk#y`Vd zCzM@DnZIW3=wk`gd*;;)_FP7e$FrQyS>zGbo(n)Qqam_#)>qr!B_0fV{EwOPMNBuk zEtic{_4{^p&z&rtU9{!(&?FT6iG!PIQYj7aUFYcJ1P^x6Z6H2=nvEH(m608l6`%h& z9m~=V0{s)0M7FgKJ@@QwD zvhPW^Zd%;~r=w*}%*abk>6Xecb&%%u{}@<{rNCx=hI3+?viQhG>rHb64X~CAKir}& zPguW1B#F)(MWe$VA5c)@G3v@Xa5U{lR-@~^=rzW45C-H0oTs|1E=cnqi)!KI;GF!q z)lkEC?OvMscYnF+Zys4c{VdvsQvU;);oSN3;?9wi&^s3i7lAI_A9JFT+Ugtam=CMk=b(FMoRf+u^eN|lQg&*@|{PoZ({aFa0? zrT^mdIV)*)7fkECXH`*`5+b9F6bF_4W3{$Ij#UHW$j8O-t zHlkw(WLxoWa}z_CtV#L4jMVyrJyQ)P^~yvyNxGd$PU>UDt#;v;{*_Am|L;Mu|9bVj zr-0TOfOB-_!~(PFpqHg`0T|wvtPQAt!3pc(#M-Y+^yVl8cub9E8zr)|fQw@i+xT8f zP;T7o*{ulopDk7?*g$@XCv0_ySw!MR2AvN}(&hHW)0UNxLY}WTYo>N);46D?YZ*SB za^d_Z{&n+;dsp{eSe>>%@xO>6G>cRh=GLE%w zlnd8CUXrZ(^b9 z$e@)d0VP4dSc}L?CpuSVbwr!|dbW+Tpq;p3_Tp00NNHb*eHQteI722cHq(`jj*4^q zz$__CrEpnQvkm%-)h;(s^lA_F5pZ;+`BSHy+B$#Gy^H_&{ybBpxa~#s-qSL(KSyI5 zt@2x@00dB80q+8l=P*aj>8Ak~{nDs3F`ASeI-WlRKU-3&bAxZ==JSK+_DtiYtIf@c zqt|b5-w^KM)tBvhqvFe+MZDl7z5o1vs&CAbA+#=mP6gR)rBW7VIUQXj2sA?+X zg~p_zQVmghH@-BCk-mMUUTqowFGJvDA8k@#^*^s8=%=ddIRR<`JlKkK_u+Ur{kagp zeeXrkT*8FCV_*vj^g(e9TYDON|lfWYnxY|El5*WpD* zH4rufqwhtT{_!%B@FD`dl1=h*k0M*dfT$r-(k*0=Ker+?k&sy%sOlc*(hKIB$0OjL zmOKk|wx0jxV;4QHH7Z{7KTjikx;MhiaEadBwQaST&XaoTC{Y54mW{2pDq;@VLn&s; zmryQC=d(eT4=Lp=Qu{wXLwrL72dn!K%Gff!MwZr!6+^rQ`3xfvW1zQQ30; znZTu#BgIktK!_%OG6qdQL%HSIi?bJFFJ_1Py^*M!iFt%K4st()`8)!Q405L(YV|CB&Q7HIqIpU18LPylk_p zi34J09`})x=daM>z+71A3Z<3p3Nm?+}Fp>m>mf)lTX1r zicLTiSjsO`hNHw`dhC#Vf&FtH5@{OBXkQ?5t*;=(ohnhbvK3M9&@|3LfX7GhuE7%B~yDW)m{1D{~u6IIZB(PtSGVU^1 zE~PQc+FPEVNWw*!!sqVC5~CWx-YCkaqGr;&=F;sQM24ANB`zX8?j_-M+kMF3x&Ovl z%tA0oHp|j8PQwkT3%YZRvc@)keE58*al#n0FWs*8(xkg^iy@s~$_}Pz^d_1KI>YBs z05JnkF&()y^!F@!>%*_=ET~XI;NFGo$3JH~2luc!wR}ve>DoL|Ht1HTxsosHsNN6I z^Ll!L@K^0YG|uLQNWDrG(?sBICz(vvuT{r|`{+niDG12jHA8p$g`(*X_}?d4o>8LS z@Q#)i`98E7{5g2|0>ef2=Cgo<8$dSemo;Q(ZoEhl`K&?=ymPz|T>lkO{O~(NG9C1U z3%SJLAaZ}5>Alwrrt)1~187q*@d`F)*S|kZDu!0W<>|2uqeDa&3pJaJarKVIir(~18#Z*Tjhip23P)9cXRBlqz$4mc1b}V6==X(6 zyIoNoqZE=vb5v~M4in+35@GJZPFt+(u6_cu^LewLNpQiA$RRe9?|;v0(IUX+TES*R zyY!S|k@p05*?xj2;lb0qg!BJESV!s-M=0g&ly0y7B+Yw4?I98<>IMjxk@>% zXXh@xaN#(~C>z=+-t67z?Go`-#mrLRGn*Y?f6aT|1&^I9bQKFmF}geE5~m7rEn3px z@mYMjBsYfa2wS38HJ0ISzB^!DcB!hdL68#`>TW~Lxx6`^L;~BTFZcnNB-UU9lE^y^Z z%$eR>0ytxBkq<0<=RQP4o9n|bYj$W;NeEXyFzR65^!fhRtgKb8pCv&T883Qu!#?ue z0}xmYBARnWPRVmo!};J4=7|UkH*+dE ztT@(5O1&MEO4S%#uSgAa=nn*vbs)Bu{|~H$#np(AgTdJ*tw>`Z<;`azj}bQSe91eA zR%8w?;zO^!#EnY6WfPuW{)k$ju&sP#>)kiuJF`&!#;hAJ>$y0{*yEUn5ATws`2OLi zh(B&S2o2`&<_J*yDU(&V#5%Eq3iMU#81nJUzultNk?NuNC*O3%%mwMwT{h= zJ?wG-|2Atkh7~aXz}}gCORO*(3@L&aZXgIRU!MuVfefIv-rvH)4{(kNRgH4Wx;?yJ zXi-!n4rz+BHM&<-u$)OcHwgm^!8j%>T=ofPdU1{d9l;7JW_ArYTa$cvHXKxzIFo!o z+ofN$tb~AwzYy{0rgyYij(;jVnIBT*QytEVO-G*@KV;Oa`BHl99&|BaJi+8>d^3)# zqMdlTd9{)8+GA{H?KRo6fHeWT_qFeO>Slc7#rtBE=SFYov3^ihkx>?heDhso7{H~* zuQ6VgjNhsQxWoC@S77YQ6ZibFpa@8yqhpoO{3PJ|MOi8i9TCcWY*Jm|A651S5ADhv zyz}1fr?A{Is>vO#PI+jyz@LY4h4ZQJQ@&QeP|KgmwSO}n&b42bk@sx*Y_2^sCnVqk z-wOw>vEvo!!4v`CAgHtLiMSBFilti@_tSNDc#FbbdJN2HoU>BveOH!ZiUiIeK zl5>bodE`0ak0n`)Cwe6qb>J1Y@q==#HpeL(!*cGz184TCm%Xt<@QbN*F2(0TAd&lj zS5m#ub2l9kkz%PU9`jsi*YcBs#usmT+Hh7i8JW zvl0a;jp}>)O4CSj>_m3dr5+b)X_Km~!dN9e9$IJcp4rDdKr4WmJju0WQvY}b=CSXn zZu%1_6uXhtxi~Ec8TBCoZXAxw&b?=ZSzv|dN^3xwJ}h|82=}87JHpEpY6XJk&IV7C!g-&1hoelBo)Hk5@Nv7S=vjJF2K2xxuq&qL zcnN1KKTHg&+^-3ICw=XO5&h)g=4G`Po%2})%;_XK>rJSXF}cIzdENNejyT(iy*rVL z0PNhl?)tcCt=V|HO zDj;@?rhNBc+P{Sb%HHL9Jir#uInupLX#H*~4X3L0JdAuGAaVyhW0oU}`rvn$g~{0B zTM*5=8_Ui<*U%+~baR;E6*M8M8GrMSE8X@7DBE39T~%|3NX`~9u_dL*5dpudw_rG3 zhO>Q?U!88|p~_)6a#3l62>=UrNy_5MMzzKE*Ym;h7YbTNDw2-6)7w7~6~vQ@DJ^|( zb~g$H(Bq-{Iw||?gdIY>6=jy!+y!9b-2@|>zQ2UoqD1=PmA`@1L$7iNe8Av%!0m;2 z{8Hrsqkx|uQQuqme1EfD*M{4G&ju4G8& zRJS~hvr7|%##x!Zz0kQ3HPd3-fe%?3o0nq_p-Km}S(dN^nYuPpgH+36(loPDySA~o zIrUiE<|xOac{QR|C-=g8Ef#Z^$@7rLP0r9x%aeM&QW$IApLyj1y<(cT`N;W_jCJ{>;3 zXQ2YM4|HR@dBCht4yge#u<0DzSSQZbO6+$6OZV5yliw=L&}9n6Ysa!*!L*6Fp%_A{ ziEI(`WJ1}^_cXE?a6VNoFZ>E!a3}2SyKvD%eY~*#Sl8V;e+Xd+2jwpv-%NVnu;Tob z<%M>y>Vn?Bfv&e6^~IT5X4cBKhj2Bbk6-LF%FE4txh1QnOMdRy&_q64XFR=<=-)PW zS!#ndY(J?ae50(fL>+>*TzF^FBYpZKk=|>#3s&}+qCg2<|6pT<>jfq2l+?czPIazgkoPy zK%o6+%IAuGG9Whm@9$YG7%g*jSp}R5_qZgpA-2-*gO7P$?UgKD*f9qg0pek;9#HZ7 z8}s{pU`io$)A9WJ;E(7j@yum<79|O8;AhCmehE>N;9y*Q?zsVx>bk$!bC$Fz(q~dDIlJhRZeHbtxZyA!3*xd|zKvhibr~ zz9qn7v->^|fJ0Gh0tA4c?O5a5C* zn}4sCs~Pf4yH9u{8K^c(%7@9jMk{)W3rZfE!W6XQiVFzb;5Mn_%0LAce*wx5Lv(M2 zc|$Kp3TX^gT;BiN77=powB{*Li`*j=<^ywTMPlWsF2v8ki@xTrT}^>y%dCk8$G)?a z#{lMtwfZ7?76098@X8%Hi~;v+szQ{I9_M&(IMK1SRF?fo7e~wavBRDP5#5AdXZ*6} zhQalXdPd~^d+&3lf$CWmOf>5P{JH{MdI?pJn?vLv9t~CdH6HKSn&6gm+m5mhH}1%& zA0ITQn@Vp~B3uGdJr!}y)rFyPLK_z0UOn4P=n_#>2;SD?N$jkLJorC}!|`-4bB($0 zPWd2d^-TX{_22MruPP=?9#yG%g(8HnT=k}I%l}vj{uN04v$Q|I&N5NAT&FMRfvZvxREQ zd|u{sGlI}xVz`gLGm*+aA5vjYihtBqWZoHAuZnXIn3qpIx8@mIQ@E9F_EoXaH5{lb z=U-_>qH!%Lun_?-O^kVJZj?=jh-O0d)K7#Jyi5qEP>>kjj5FZUf~w&x=kDX%F*l*b zk1T7K5N3X_&!wW17}m&C#zJ^a7H0z~*2A^eMq%*qEewS*vgqNn8UVBM@8o}XA>eNb zl$$$9KHW?&@?(rw+6>QnMEbvA{Gf&Ja08?b5ucSr(l6q;p;%8=+inGkZ&`zz$(n4~&O)lz& zC`@aAGIAy5Hz!371Qe|9e3zw+(IRy9M$Prev6CENZ9~id{v@mZ7~39eTKzLuZ||hy zBwQbCb9h}rs4%$X7)`DDjaXXPZrZa$D8%N4TKw5^E?!222jA|kJHn6st+b1@<1m_& zKWi7^A#BZsf5EBeqV8I+FMJAK*3up_t%}ZBruO)nBhi&c{@4jiSfyC2*R;&M8xy4H z>iybIx!V@pi@h+iJLL2ELZC-y<^8RTW)shB^6Bk_Huamen|-O$ZKqb_yW zF~R|M9d@;g1M`>1@vP>|QN7Mb9xP4z{Cje=$ZqAW*#2^6!j1ru%McBrCc|X{ZqQ{F z4MOYB9)^qa+3vhm90F(alFE^Dg+4UX8D98R;D4?zzzgx@Hmv zo)_`p!y{I6onm1w@3jTw*hisYxfs$^X>nrWQ969Wyx*KuHEw6z9EU?#ZR8LNXzVaf z1v53&6yCW{4o95JyKO4_0Rw(_-zitVfu!dr=9u3Aj7_7H;CL{z=(y6Xh!%dpvezj* zP*j}=?z8+IZe3ZO%Y=qSVvIOC5v~^l1yYJ*l1JBEt%p`CpTS0OTNybxE$7rMNQ)z3 zYcL%;&0oto`mW@;?~zOjw$DO3)j|wv#@}MDXQ~`0!V8)OI%_>im!#hDQjS{jQ^75Q zVTaDeQ$T%r1%Rv=>XV^wt?N-A6foWxW+Rie6HVokeLvc^R7rU>b7eQwEeutDN-=3| z*uU~_2-TP}z3}Ath^H+G0E(&VL5RB}lSrRp8r!c5ftz1wAx^w^0e>EV_4TESjTZY@ zTcp93F-tMe*w7bfk9OY>!I|VlaZ8O#OuB2@*d3Xt&V^Bxl~(1#MUVU|cuWWt5sIwy zq{8A4DMPLv0{0pMtPr)kOiONb7%`3CjG%~l?K8d11~JhxnEW}#t6n-B%|NijloTht zg@o`vg~wh@e;H?(Y1@6J-J}Oq?+>LZg!~N^(>xhAC+wGv^UEXb|Wxrs_vlsuupr9su+f>L5D%8+<9?zG6Tl zVUSmvs(bnmXL@cV@2kd+!<;pT-E+0ZZesqM1H3;q6WZ4(J5VSn8%47K*%c^vGX zyXz6a-JF~pARX}37t>U2w@tex1BjUO?~Izq_Pq6FvPH=ah(~D}tMOi4qnWVtUAcIt zR~wWxSYzDA=#PUy!l>DbRO7d6ULsG6ZXAac6@W7_A!bxp_3IeR7LNji{X3U2CyB4@ z%Yk-=PHL668t*4`2^2ZS3bHR}(I7`n=;$1&k(n_!>OUB@=U!fzF)yqa#qnF5VJ`H%GD5v)_MjId ztDNdWfqU;WVaL?*Y@iUb^{J-0}-s4asW+cW4MSaGtIZ> z?rya~4s^Yb$j_N=1Le4E4ZEu07wEnVZKUS1*mPC)Vrg^&vu?n@;Mk6K4PdW&aR}Fr z1s&S=!O<~s%Hk00;*+@&mqbPrn<-y~wx z5*yDP_!5ftFFoV+h0YnjcpE?q^fm!y_XV8{`!sf-Yog-}tSu&5k6Ci}^YO0obfHK$ zdc2y(tOu;I%suH6-5v%^a|+F}M%N@vv+W+v#z5)6WrQ7>-H_lK^Vv5MQo8D)eD%zD zmC#}RsL0Y2bM*MRU0Wfb_YlzrXe9Fj7iy4@HOl5L_13IVSU#Wfnr9l7{AXb zx0I-N$k&MXX?-)&;XDyNVZT*pq0A&F>qAUUpSt5~Q@OK-6>3;nnNqYX41*1AVam^;WlCQ znOcw@S%WW+zp9ej5Uoz)9`1*73C)*LJs1Qn0#=oF5s@N?M@q+;7uc2vo|a2SpF zg4^1@$k?*gM$y$h?cq>Y(HwD*(llS+%1^0FN zi=bs-EG1R=T)KQJn}d1aVgbihPCxCEL$#%C1Xj8%aM;>Q;()V`TRzJ?yt*FGYoXwf zm=oRwCp!J$C;spegpnqZKyDDD0M&n=UbmLLVb9L@%+3C(qR)@cylbfSY%XG)0;lkK z=Ui{^74Ld_Jb`1)L;sX3XuWeZ-a`(7R7AyvHN`T_+IpJa=x^9|8v#38la{;5d^N2W6tZ+rEJ6O5HPP)!LQvV!PQAGkJbIJLikneRE!g}KKXDSj^t@=D(C zo_I@Mj0GUhT7+(yFKyF%ORG%29to%cRSk07VQH6W*2j7f=oCyR`qEX=_TH#$x?zW1#$)iE?)mZV zGPAGTg*V~E{y<&W;u^&~2g`FK>vgdI!n>~JwM!@ReBvvNg7*;jcxf?GVsF<__eH^^ zLE_ZVR&K^tojjNGM&|aymk_-{_Sv-!Kz8+I>&E06WtZcmpD4IC!C>NP1sk~SzG_vg zFBmYqC-f1Y<&%pbkyTV=flD^eAK`}MPiq&q8)+w2ddf2+%oQQOnen~(NK+O9gb;>% zUd@K@W}R@#H4m(o;mTEi*2^sER>;I{eimq#y4*b}{;zvW+C58bupmwVLop0(IO&7r z-TmJ7EFvY%q;|=PxKfjEtmxO(wD$Bf>98R)=!><@7`r!>Tk59_so~d3?UBja%v;`~ zCtLEwu&Gn_p+IsK#J#_C5R-~fNmCUl`u_JUha?t1?;aikAMQ>ic96W_7$kbH$rGJq z_s4QBn}pj~AcJXOVBSS@D7nDD$nP?=gTsOYDr8jjfSK9QRGYlc%$oAbz>z2UV6lpRevU>U?bT~x67+}XaNC7R>r_O4>$wlgS`;7atmJ^=;#;t&ZQ^q z3a$CAI%Z;@VJzZ@vM~X=35r=L2DacJA&2PPMj(qsxrqw6oOHMh?t%SI#+~S7R06Rm zSFS7S&i4<{600^`bHc|D(6Y_wqNs^GN6i-GqXF~#eeNfNN989;LW{O!`{O6J$o#RD zraRW)HjhyS#KBRV#nz9k0*V|Q2reRmLP&U{(9HYK3B`J;Y*Z=Nn( zXNW7+51Sb(5N26%nq@k(ngUGE_r-`s*%MMjJSZkAIJc)nZf%*rPb@ zvbE5D>!*#nMRbiWsa|JmuN>b@WDuAwPDZQQmDbALMn_$_fwEw~wv&G0=)l}=D8??s z$bU?unAiJ}g5p8rNKxM-(@l}u3$WyGs}&Gv%BeA}icHn8a0py?qbn}c1|eiIAdz@U zO1vGO9c)O_LfvI)fxdvZ>#i1Fw_TF>p-}eexedu|LA#x3w1Z2@5trv!kDk(z$RzdT zHj3w%;B))QpQvNY7q8~EN!S4z#h`ZNMXU@EeG-YWKYq?P4X%Tu4~ia! zNAe52SdW{!;&u>HID?$b(&nmk;P_@Rd=us&3+pH`BQHiY0L>*O`x9A|-+Qa&hImol z5ZdZpQq*HaaIO2&^F>jB?1Wlqe53YgM^^CY7YuPg^@G=WDT)m}n{ly)Vd12-aK}=w z%*CLri>Mj3C7w?JR$S=ob1>4Ve>ytQ}Cud ze%(t#mgFK0AAcJc_)U|ntXXh4G)dC`|zkGY|nHgqi-Retz-|o?;cLu2VR-g%J zOuaC%F>g~>Vw_~GXwv5~@U^J6DX=4}T|y(vN82V$7>RQ#5*w!ve*&KP%X22D9>2>lQo-i8o)So&v{nI8B6@? zG`1mn!=xVM#CM0{B)uiMewI+Jg%wjP4u3iV~=O)$3FKV<|d|M4kS|Vd}oD5U`0xn0;;F{oxDf5)6}6f-E}Jo${JQz%))QG z4wp;*l+z$;Q}sYf)?m+2xy*|(4<+nG=~PR8StprmNaPR@4s_#9Qso#|54ls_LO@%n z&-8S!2>qGyy~eZM5eX_*Zj2e3Y{bVD+QrA12mVfwiYE5=TArIDZi`3_7om>uRW4bF zQZEI7VG%Sk{k9u+DdjT~svbt%!5^)G7F#xK7Mw1zHRA^VeG{88&!9-@hA7WrA|zgH zezfFnafZyi-7rq7O^-)WV=8vN6M)?Q~#gwBbPw z0?T#5!^Y-uMl7N-Ij_ZmJk7r5i$E}yj8xD#gf(|lMR_>k{wZ2wt#U||$e~OZ>I&X% zAVguOoc!!I9to}Fc0!f%DP}cnM-WQnR%5holxQu1!R92+(hzc^n4L&?!%~xCmzB2l z)q4Z=>ZAiL(py9+HRj_Sg4X?E*l{PF_$R6^x~CfvX-%;Eiufs`x7?g%qB{)-wKRy& zPWi%Lsln*?^E!`9z9O(AuO*WJV+Lko360)qP#Ict?tk)NG99hwr_ATw-T=Vcihh1h z?#I6qua_}%2eb<|?pZs85)A1GafMTwIN3A^7S9&mZFyzSYU-;HaVdq$*1qCPbd@Df z11%={El-V|>UtSAzIGyxiI@_{qhboBG&5jZQJJC_1Gr7YQfrh3; zyJG=lguEk@us&{6yzn?K_zo6nFR|o-LYzH@Jj49Kbuy@uw~zR*+#CozNBh!Aq|?Ad z?K3X>4@0;$_52SwLsg(mb&7rGIM3!e%r6OX&2ymSD_dS8$zWeiL1j@CCCnGcLnv_~ zkfANhjPC@D#^?__N%?GKGN}9FKX%*~;%I>gTNzpned6@%q}NchZsj{(kWoKF#j6$1 z*6ArEnKv)TS*&;3)U3R_Vzo*;qiow_xezi>@*sU4`BM&POvsEH7vYlt4fZ+Hn>QJM zaH?6pe$=oR3}L$wUnfvDYZtA?TA;$_)FmlQS?fACW*QldGcaRf;PXw#fL$fhrlzj{ z`o55n>c&>y=@aP4Y4I*gpXaHy*|Mn`;Pw`MtY{WiT{_u=Krz+p(*!OvXHVF;Nub&C zEfz@uj@N4&n(|)aTLPP${WULp{eE^FH>5^53~h86@%uUTl)JM)nvczL1kXn$9Z474 z7X_i@zwfV?W zdFt+_dp!f!fY0jFi6qu5RIBqKKHSS?4kNpZyPfq_^>s_>DIOATrY6>A8;r&I3)4== z0g@2~C-Y{pKoh>lgx$N*erC}iq44@hTfh9DDNO{qwBXr9^lt>F7N102N?7 z#@|J<+uc~L+rJh(i4Wc}q!5wyjYqp}2osECk$#gy{7FBH4tBbC>9Egc<&*!4NSciX z{A&IpI{Tp79&LLd*%J}P?F@r-ad?V8mF`fo8qzrMwj3(=YT$nHY0;Y}SXog!t~TpY#|8TA<4SMY$FXGD56K;b znW5iTnA;SnXppTnjugIfSSD0_O#3Pg8!q`FC)TT~*=&4Wm*vNYj}ioPXrK02QDKi= zrj`Y|34@=nQ%vfLFH%=jf;?c?&RjS=X&N*tD-$_ z4HU8dAJ(^Wbf_^CndeIHb)jh0n6^x3R9p zNfSlyF6%vU;*W2Fl*dPe>kj15bvB@6dwtTbq{#XYpXgj3oDQx5wXhi*dh&ily zb|v^n{!aPYg4<@T*WbgW=E~?B=?Dv?+Ty3W-STiu-F1thv&TX6i582VKXux5U?vp` z&zwmi>dw}siXI*M#rFEluC6^>6g@ik9@6Q3>U--w6~c|*GF|GP?lIo#?aZL^@j zt-R1q@Pm7^shv_Lf#$5$T;UhR1T1&mEbTsYZ$)(kXR{AU|E6LK5yne(_&=O!P0t^7 zy*CpIpmr?IBw8xG%X*G%6zE1DnDOZo3N0xWQ~t1N{${UO21j$)q7lSHd?u_!q9GZ! zD|~JkcCLMKd;Sor#@i)#qXAP|{=%|-{0Gr&h0EeqnHs*f(KYsB%_-1mS}W)Mwjd+B zxa)n78>*Ew;7Sj2N*UWYwiiC+;g;18_e{@{dm~sAHec`gR0N)agIt_X_x6S4pCYbI z&#WnZt3pj3rG4M-U!#5c)N_rhs2vNd5s)ddD|qVs%4VOB(BotVD9|4jghF>UJmrcbqE+N! zq2Gb}y0n&Td5DRGqWDc*?!KB*6nI}w{qZeD)IVF$u<`E9IDA4~goke+Sp=@WS?UV@ zILLMHRbSvsD_Oguk2YCOOg92`+-%_@>r@YiHwF1SzSeH98qKkqDLGd%#>}yfyP;*~ z7KyTj;Cj=K*Cyi4D8%`UI}A`56Nx0h8PY!W@p8*xM zz1i-1*$Yk1o%9|)Vdyfd&GO})hebop&)$A|b}Zfp970GQV_hEGEN^QpJasRg#`)yT z!bCe_z%BMH=si$P^%S;@@Z5P6nb-G&qNo?k&4(Vx6qXjYVGid3S*Lg{w!(G4cTjR6 z2GT4TI2TG>YNeJe44VZ2I_-S=g87IqA)vVy=ng4q_qF@x9@?A1s@b7^H#c~~doebm zVZHMjzZMzW=EZcGtL3^bGjwo>u}``^7mL!enX#H*)1fmFi#J9t2v^eRvB3N~&kr3R z$iGBRT}UHyh`cl!exO|Vv-}mj(va`tC@B@vsx};1DHfR+_#yGTVXZg(b~yJi`pc5+ zSu@ggfj^k?EqSQ)-GT*eMC~(?5C_4mgiAi)65mF~R4$n`1@77?n}-*kv zby=kS-Q@hk9dXc_Mtu4kh6s6D zR52>=b%aFJzp}|{>~v0vVntKB14%5X9vPtq&tAgJ;{9&NlRk-hEO*1kX~n4c#1tOUOSa+fENJ5Zq3^BiJONy4xKH18V#+yyOAz2#mm+%MBPn$z8ms2+xC6+<=}0n z^is>!R`7xh)Xh;D-~3J1$gb>nn5#qIT{fZKgb*N$y)mh^h4ZwUnvn-oY%<+FwHtVj z4tJW4eTjr+CPB%_M?f!{zpAs59z;F?5Ma*|&$C3HKFn~o7EKzdp`P+Rz`UaLti@&n z<0Qq3uRM%z5Rqr~YjkC|&+M1&jT6Tc+!SBNrU(X%K_!K~O=4qZ{p;t1o7_kP+?5~T z4gg{KiiZXV%Z56bY%+!JFe)-rvoMxU~TKh>x zj(j(;ohiHaC^O~WOun9ra z^|SP!ZY`v>n5l`R((;0lF8OO7PWnY0D(+>R?hw+;WUR|D@>|wIOr%J7Gr7Sl>=2%9 zK!qloQt`Va&>6h;c5r5P%De&c2@5FV1rFj6>n?3p;<#`pc5gLLtYS-asjGtp3G=1x zvjoTAUbO(&paBOUJ}JQN$_Cx$(yKdB;}pGwa(`0*`K>VVBpja%R@CY=Ms2;ha(Vg2 zQ)z_^_IlU-l5E|dsV~J#+}5Qjf%9{=BXgv15)e5^6Y`YsYc~2kfN;{3mfD3|U#JLh zAD`IAGm6c-a0>%75sAi-<8s+^hlA{z0;=2_)Wg1XhO_)27)j%}Vem)EQd!DRQ}~8m zOIDhkU3$en{`-r5F^K@vZs9EC5eK_WNAkkY+BWxGOO_nddMSZqNto)Gi9UW`3~RCL zmSaaA8;va4Ttt|BaMM1OhodTbp#|x%-N9t;<2LBmPLmsu;?Xj*_nC@wDk_01%ea`R z@`V>u#O~#LOFL#5xdJ3{xBFbKdVFq4uFs7EbvgP^L*1isd{RZu4>GB@s3C9$sN=8T zopB>RY{|wifL4F&x*Uy-ih2?#ka`~00|LcniwqG$-Heql5-_sVW7!t-0@l&q*z#-J z&pTK??roCvZ_79nxH9K|uSBj4Hbpbb@HEgc4-|#NZ>^fq_1-=oL!(6gN5~^7AJ{ z*+AC(>oj?2FVrBoulG*VG+e>=lVIqsJn<)9|Hqi#y6<9YgM+6Vd}n3=xs)J(zyCl_ z!AH~5)kkC_~4OFWr8LB#v6>5BT5rO7yHNk zD>!=o0&eaH30VuwLXP@RZ0prh1xWJmF5T0DX>5#j1WnFe#KS*%k%B1Dp!uQkbwjc0 z;$SH3OXp;}wJE;Ka@&1v-xl@fk)8Rg-3E*A)z^NWpDZLd7)uNVT_Nuub$kfcTxFOD z4y66A468g-y>c34`zW~1=kIPa;;MT!pI;(b1==Ll)M2@ z^84`!l3fMN5_`_{%5RC$1_-$FCY>KeC~Q=VHl2dL^tfsGvd7D7&iDTEnr4|8V%pqG!%$ZJ&4)`Shsf+WOdtXMA}PW<*tE0+^m@i`Qkg0}jdc zd1~#_IJ290<%`ojNQJXFCqltOi>4^(J6}td?t_{6IIoW;(r5=Nq&vf!fnH=U z?&6kF-l6r=LCgF*@d*>=_gHRsolA!WPgV(|RhW<{hxtq5FQh!S^S{iC=UcL<2oC&i z>F{&u06#`Cry^Xw0=x$;pp&#FcVE>Z49B*EP;UL0b@2jrd)-LlfFgNALqRMytQ&#P^@RI@YZfdR|=JB1ZjFHkWl;dwF6;iPK z=Ysym6S?K>%-ibU@XOdO~ zt}m1rq5028B`+kQ@sb7h*XXZGMrP7tUgt*?{S3cfx%UB5>)M>3y5K$^8hSlc*NKiV z&2Ub~?&GXKO_*m2`5Kntq1s{wT=xlo9@97uO78BOy5l6$*Tq2GbHv$W_HU7z7A?(4 zwLiDIMQm6Wv?;#Bp2X3OytPz%Wx!0>-CCP1-koA~^^-LOZ2}q6ihJhx73gnc9pJx9 zSpSB9V6X@%+}{|T+JLF|`Jp()`8qxMRk*@NqJ__9JHWQN&rVnD_)G$`;JdHFe@HsQ zHLw!}T=m9d1Dwpm6>UUt##3M<iuT6tH%?@^bFyhWA3m+4jd@ zmp!!Fz~yz<8f(K*cW}1GU#k7sI?qU}f_Io?usEIM+ojjPJ3lL)7Yx_IOTIS4Yb|TR z{FU%RVb*~((V}73`oFt)O1NuN3=PM`fLc&so1qK*R-mT1ERQDDFev^da{1XGxeJt1 zr926Bzh9p`ev;TeAgMcu!@1U6^iL8u3VfOd)TiDFli6RN1p{aOeO0%qUUA6JE5Lzn z1?zPq<2Y;`>3F)!(s zUn>-}Uped_HI$Vb+_Q#%Wb49Ltsk&W1x8(euce5Fjs?^ppWmM7)Sl9d)$QL6-isZU z1fU!3wawc7DEWrxS8jY=NBlPr7O_{55f;17)Xu4<3bP7<%DHpKyP>_{v_a-|zE8Nk zS>iy^5ODIL_f_;AOnw;(Mi4BB+@}m7YPVI6u3nbZ7N^xZGEGs=c-`WJkL>oTfM6Wg zeM|WJsHMdSb2Wj_&_4(>II3nH5Gfc8oi$;X+<)(NoqxJ=8c0+?*4N#8(jd>5*OSmJUGb!0xoJsMviaf>LsUsTo&iI% zWC@p%By&=Ipj^VNl4)@5J|b|g&F~~r^z{OVw~f&6qONy6j=HO4$mhLvl8!_7=5CSC zoys-`>Q>AAQ@cRNtkIV|l0_B-4)EzH8#imnv>ERuc0RF59ZwRQj@ z)s>3VW)9VVcxl)1aatEmstoTPst@(JQ|XA!lwZDPio5YOB`;WT!)k$IaPR`SFsfNyrft-?71~!I5mmX))C?NsfQ49<@QFeznihn1x zJ_@xU*2mUg(>xR^1!iX*JS&9&P(pvHgjgu=f2I6d6MXRhadp;lQElJfACN&EMbOJ& z5Q+(dgmjl83P{cj3?UuTN_UBY5(Xe$5;M$@GlMi(NP~1^0MY`|_3VRJ@Avnd|L%Rs znRCwGd+oK?TA%mAw8Z#*)A+U-^KfJr1B#$nSLVd_65Ukd8SO_kI2>W{7{f6*XY5jA zaH{sv$OQc#9|-H{e~$5ZB;CkRG(Ac4=>drEsL(u_gz24o7i^iExIR0E*x^)K?E~kL zz_&LyvK6_|QVsQQMj9yfYS?$$Zg{KHc1h-#g3s#=;fXT`f=$Bv-Am;i`eI%>oY#nw z1(k>?~GzuxMvpG02f0{2zEAqTM_SIc#Ra=h+;(Gimov!&j#cVxbgr!8C~@{a zCWJZtQgE0>-x{UdN-3`jg>TqJWUwBR`OU7s)D3o){01-#Aym);@tLZX4JyvHQ z;dN@e8k0yJC1(NQi%d6i4teRYDc(99LO7AVlsl15Yomqmd+eV-ahEb7_s0DmR;pvg zJsBtak6M|u$Gc@onhusK0#+r!6__aiRgQe&VXu0V91z*4 zi(fiE3rjVE9JL&ov5bk&X&2!i_|V6hbq?5n7&E}TaUY<9vTv6-ef;wGFrJZH_7hYC zpPw%!s@xdfF!-FlH_ajO1%$rEbIw~wg7e_3YQceRpoC$&NiPpX1^uF&bZ}ngf=ARq z@<*Ci?3M<@-b{T44`Gbmccu%gtzF7^I|py^>-( zlr^PDc89kK@34z^U^`P|YR92E>ZRTtUe-JKgUpGv)+x7KKhEi_e;z6C_JjpORg6|9 z&YyU}cI4^Ys6#1mW0bSy(}_Sul6+Tq&HYl!p*l`WTOpv+l!@wZkrDGhdjH1^6jW%7 z$r?DHB}>-eb$#d4-PZ{I&yg)D=U-bzzoZ1dkA&X84aT#I3gL959q;R@=Q&Gl%@ZwQ zO|tM7NO)hSTfO*3m*$KdI6uZ$IY?=z@#3~NTALQ4`xFE)64U;_Dy~$yBVu@cCR@!0 zv28sn7E@ZJo3wvnH{XKyp_j{Q@bflTbBnE(46y z_ybyNKr(6GbbD@l9~Q+5W@$5UTFiq;f&F)qD{LZK%~PT3L-h;YUUhEL+hr0}R=`5J z%-GvY?Wy9&@t{7=pDeWU%Q7k0nfr@(~r^!tF0?jmg?OUHbF;n0Q z4JH-l3wyhrSFKutiA7${WmMTQKx1yX^zK93l>0ygd z@fHv}^n5R#tLlhlJ&u4Xx%P9oL4nj9N$N(^OPRc*TU77W(|3WojT!(#rQjOBj&Fs~ zAcqxaK{4QMdd!sp73CSPFB~oskXj)fVQE_|Hoj~BIv}8JS4W{(PA%_IC?=iR(5o); zW*(4Sbwx zfyo<46*+`#HWx<338<7t;eM?8H$fyq+`0Tzt*Iw^wPpcRv^@+i|pHlFg0to?9F?_Bam2;J(46G=>$EXcWT{U2KIv`M!tya_2O_XAL<+puSMrbK5n%L zF3;+ZY@Rq&2X<3(X?wHZoW~_>rXn{dMtIY?qJw>y zT5HH5f0rA*(Ra;ys%q!+NDo-2e}O14G8>OGb#u`S6z?ydp%Veqv6PKay!<7(^KJx0 zB>6oIcP$3!R~OcL(q4k^@0_CUS_W1FU2`A{kWiKHFEa;#hUj9QbCq*qb&|oGMrof5 zzl4uV!c1iU@M!{L%;7DN4yrEQ9VmEp>Lm8SO0P6*;trA-;VmuTlhInIr{dPC?-U<| ziSCIW!Q0wM(6w0I#PjE{#Y%UlfhviAfi1P+N0vVXTj6ZLKfd!XZ35PI4}gE3Ygez0ZUaiu!dPHUVS&LqfQZHD9tQ-e;KtBWfxcv*s0i8NDqwcCO%bt?_fz7{r{Bro z&Dp=cg8s+`GuCf=-ER!nxbH6!DNs~UyrLfL@XqDQxMPPxb7qHD&Lxct))<}`tf*(0 z2MPxb*D}(6@1`r3fGGl$P9O4?DnSCaFsCtQf6vEA7v?%PaBulTItI<)OA3ToasHnN zN-O9COLA886Iq7;GJ$t+pRhI%KYQAb_4JH)(u&-6+<4>B22*e4?2e(%+*g857`e~$@zM+maPd{Y}VcRHgzgaWccM_5`0>Z z34KebF2g-jwq$eh>sn#5#Q5*8Nv7(Y8ym1a2Ffyp{~Zi+5Gbwhn1%Di0r8CNHHuJE z(Vi*mc*BuPRJRJfye(1*Y^Dqch3B}<1&B!#=%vD$DOTq_=mvmQ84~m)(@&d2k19PSFXuVIDZK?aLGp_m- zPOG|xvuA0`1k(P?<&@8D%sD~X{A^ZYY44DSO~{xyFliEFL9r%sz9D;&#V8zg;TNPNnpm)S~|zi^aHd{Dv{ z3T3gpao7sS2|vR`tMwS&GF8si*C$OYDq(A!z;?4IA#aNyVjps%G$~a{J6k&deI_B3 zfA#jgBb@LN_caOqMw%M?f0r%zK&;{kqF~NL0(=qKFs6g?mY(xvoy*kC&z0l7VOtbA zZ-1Px-~EdTDnYf7`Z(C%TfI&FAMg@Op(u@{)c_7^usrl*vY{Gl*how@~>&E{2)N`=>T2{6n`I$PH%Gt`(Z*^x9t(}jcHGd zqH~lg{eBk+ZzL}<1~l#Hpay*wk}|I_0F9XJtTQy_)@dVlFgPu1WP*h>4T4OG}L$=ur+|2KDb9Zauq>$E8^$z63ud* zosGggQrq#JQ{cjR*m(LrV6_Gb#=UT1G*AhKcCxg zvI|HYBKc_!tT`M9z}?BOws)#!fXJK~nWLGn5+u}5rR75Wo%WLZtZCpu92)zB(gBFd zaYu5%%gSr2zaI$rWMm_?jU@#nfOb-*%{(&Y9N|3`C^8(OecJ`&R^om*g7T3MN98NXI`fZrajgw!M0W4-FX_Jere%nm5EMS%a~!7k z$IQ{soN0YqUdv+cixDJf19|W6Zfz+rqm^?9wgFaaKk~WNvxsGIgpM1HZV3w3VUS?l z(N{^DxK7t1T^z4B+}7=CgQ8UE+GSqhp(FTF`c;7t@X~5;db^BTFSN-m1%dPNK*OQy zN(3k%)YE<$n034a0Oc5HWY)w1?AF85%dn=4f7Vh6SS`QW3u@wwWC+9Vp+Jfv7J|aL z16;!3>23R^mfa*;GPNvPWd z!)zA|3r}i4Y$X(ti|XlEI{N;(gJ_$%%O5b13UB3rT0@ zgcP~cr985hbTQ;z1?NWnEPBLc?i^vV-&LkS701@^s~Ki)QgQ)8kG|uZEoZF#{V0i- zcwZns8HE!)^pmOakd@Wv%j$@298K zp_AY!Y{sX9_j$~5GDgR|5M`xTny<0{xuHC`q;j`^qC zhRB>SChv-hZqya1TQS)C6H?vAq}j6t5iKe6-_{85pT3BeGvrkQP_Z6iw@ZsB5CL z%Od33$Dpq~)lty1Y}_zX%Pi1}2s0?eK92FG4Y)mwus|^3PbEp54v;0fJrvBX5P6)3 z8`@_z#v4#kq_1p+nJVI?BeO zARB8HbW(hYZ?-+E0Lq*L~&iKDD3c)qPe=n9%w$b5tyeo?9UEM>eQy>ZrbiP z%7>?yR?hEAos}#}Z$7&I@(|+#@$CQ1_-s0m`O0`WU4|Xo5n?e}_|}PXu`)z1-Zw=x z^!oSJJTbnAi@VuX!tAW|i0jm_b|4qeAX?`}qm$IhC?2sM!>)H*67_^P(Ip$Ny0r?^ zF((lp@kW`YbJANYxdfZB$P7ipLOZfLA|4k#T%_oOM|t?GV*#@h)PYqP))Il@Q113v zi<71npYoWb9lKXQaq7*>+@hFrjNQk=qd?v(TiYCY0~|B6tg*JbpgeH@_fC463^?@I9lz}{)6MGqT!Pc=mR0#uA=QH?*}n^ z^9<0oMT+o9TzKcojc%&k=z}xy3m^7mb7+7!K7ig<*?OwpHsCxs%fH!^|lXU^G1~~X z+;M6B9=&7%%MVjN{t-BZPp^pP{~$S(0U#NKK;bydd*-cDS*$YrCw=>1%ck7C@&wEB z7|6>=Fl&_lGdrCBGWq%^MUk zWTV-|mq2knCmsz9olJrMl3Y3amQU)uk+$GG@h!RGX|S=OeX zsu?JGxQe?^gFdY_V$CA7@;S1B*nlO_$8^o1rw^cP*DXl}{Y~@R8^r{bxLJv%PY3wm zyy$Ji^Z^8Fc->srgHkT3XozVPKYi>z00#RDZNBnSN0oFnN$TqFs-=>S#E}fPH!zcz zCFGV$M{yHo*MI4~Oq(v&_Q9f(z)qM77-PvBUF~M%=cn1HRGWEU2Y!ACKlm}NLZxf! z{{PORa_;3g&gT!XjJe8KPt`0zRAHB*>A4J~6^V4FnAW^->Xv^3K1`!Ods0QqDw8~U zr9M#ih62$>(|XCq$@XbyzrIjzbNUL8y(Ny@5W_2U87ZO80KAp%<(LUiYdB@mP#IT8 z9S<}?V^8oY_M``!nC(9_KbK1=v<&@5KoB-0EGhocaSivni@^7mueF2+RY8&txq$~2 z-v`sH5-)$0Ht54YyS>_XEgJ;MjzEmw;9XJ-!F;Ehm9#+VpYO3wdKX1&9qZn+dpr)7 z%JFC6i)H$Y3HF)Zmx|0M znM1Ap;D$cO>&72b6y|#7w7gUp0}t%`v%QPH4pYJxD3gL-(>D@MAW_G^ zYjIr<;tln@uI_H}z_hcdBd-@-iZqkxuR3{VvCbVp1X9zZk@ud^KN0LPy@4HwHw}F+ z{4m65vQWZ;8j#4s=9F>ET&BqmJwPbbHn;$CY1lIjRVj-`syO5%?M`CXz?A5`f2M`K z!4l@tE#%yk*KHe_Znt6L5=hYqq|CBSxlC-OR0ERi!JMw)`lD~Tnp06`Aa(Q%u`4WS zk7k5t@XgNFrZZgnOCBRXx$ zYT1zAOHTm+g}~T^XLkG8&RU0R`^%LEQ+*h~@Ah+Dk1T#GXPavip28D95nhPExa8&zD1)1|BA=6f_^gs%T_kI#h`b7(v)zDJ?4r#>xhex+}-Kcazr zsVUl1iOCGxX$BXbwuQ2#h`SPc&=;F zn1fA(7L1c~-t(p@k7U}%<5aiiQ>MyE*%g?P#Rn}@h*0&EclTBwN0j8nUdQGZzv|kN z{{2cBs2kO4_fswt%3R;n2ka#9Gt(9IWBu=%MN9bS*(75RecC%RJ)7;kk-zC#vFI0r z)<6m-RYM`kX(-_J_b@k`<0|&^*6Bb7 zNJuw%9YZ%LPe|e}@Tu_fHx30XqpKPbq7RtQQlMDKwLg*6=q{|w_iHpek@ec^C~HEP zC2wqr3K~6UYufc$_5>zhvENaI#F>EW%4Ixmxq- zIukZxPYNf*;1rUpTBrIccwac7sASx2?O zc^7$jbD@@RwV{d?%!j$3FwI|Xr z#GljiETOaKRiN67m-+W%jE<`E9(@<4H^%idGfGD%H#B+MT< zTM<_Jdg7R3z3p8@PN;)`TOwwN7{94TlFHyLy{x}_K~Bt$9VU?Q=jff6^-dH2v#vAv z?R|YTl3S$u4j@E{#Kv8z3_#509Miq=C8yLz6_2t-9Oc&Q%Bwv!n-SsQ*+g2hx|7|2 zEwrO5@Sb%esWh@@5UtgMTXyY7BEbkODN!&jipFflN0HV7{+IJ#b`yB z5*J9dFKMZ z=DK(ua5&;8oV9|76zOAILYqY67!XUTrOfBG1GP+rLuZ+9{1ZC=YpGdkAm8XouxWp_ z`(O#-Wkbn+jKDLW6JSSQf3TI(SVYS+7JT`Bi*1I$bA8e4k(Q-DKO447x3VICJ`cKp zp)arSNdmB-j@2Ws`yI{{qXNbPJ4U6e#uFh0x;^;DxvIL`&Pf_-rCl18UqRx3 z3MBU4L5b9ouZtdoi^r=bVk&=SJ5F}3LPf@R0XHY8d}7166!4qAvJ98aviMF^qh9+s zZVk4s*ExR3GyvskPV}4j?W*0HD{nXBbm5}MNT|{)GK=%57&HfBxE~{|)D^~`iK11OG;SAo)uNk`t2;Sp zFe`_Nn+E+<3RA4xJ>egS%LdT7!?8NXE-${OZ`av7baUyd(Oi8}rGihB#ZUDH5L@bo z@*{Z5bTU8TyA^Lr=5SjgHLk1SADGoYz-5;|vach$_WEGfGb6`uc~^j}{#~BOOaUlP zG_0KY>58qO0I0z+*_K$IM|UwDZcV znHCl(0V1^^|DYXId{+1DSsReSg2B2Dg@_>j!RvQ_k65m)&JBy}=ZZO$gjdupf7n87 zFiW$2dlhSQqtSRscc;1-X+}Wf)M_c$sS?c{rv&q*>uh$N%PQ?85JgGsq&$^Zc`kNF zEY0iuj2`h57223GD{@y;eEFR2PynJ7V_S05;1*0t9&D<%!UB5t_FcWIFqWT+{NDX6 zmHjm;(4oJy4w%eUH-k_68Ot{reT@#Q2$lT!$e(kd+YBHIoq|;yB?ExbU<_WuqnrTAVPDDC z`aJkM$Fk_w3S^>>(Y`VkW&~Qiz;5yRs=cNNfCi0?dbhV?Zq8KIRUaiIXMN4497Rfn zbVDq4<(5@6aq82E{_xwL=k!Y6hUW5BowV0+X`@&)m++O$tvOVi4TE#1Nd(A^f*89H zNJ>x4o+uvt4-7vsy!nP)mm+lReafz>2lhkG%z73;sk5~MR>I++b-`Woj9E{>CO zGG}+zOky|f-{w`ZVDQV?08fpnAkV6pR&ufL5?%0a7Xnry)%#s;KG;O3sq+fHOSvOe zAM^TVS7JVqaHoCB^VACr4L^Ezfi}V*Cof)>GgSd8Xr7>c}Dxd z4TVI&in}K^x;*tz;l>RTEwV+6k{>E2$EYY`)k`1xI&c^uN)Mu_lZkw#E60JoKV5Fg zzkNo0w~PfVyXnsKNn2huh}3c^J9zqLPfT!7*|6*Eq@@w%m}s@B%)dIpFqPo-qKX z0AW0Y&`0qFm`VmNe@^jduPNIwFZte|Qtnf|-jUk;^=pr88S7hbp<{11Rz}{y(L;(1 z!BfU!{v3w73QTIz)wj2*sxMZv-rtAx)ppk8RKzT6f5-=xcZ4B;-G7iIC4Q2QIb^hF z_+iMIjNouv5kgxAs=aUZD4|`hLgYXvH!}fdv-F2gF9j3lnV&8O_x;14}1-m6=<4<_M0vulk{4dO{ z(EPmy76m!MiIgL`iis@`!4|#1Ldww2B-@Tj(6^%uI4J>5i26IpIFdkdFb3fmouDkj ziE_x$UM|$XGm@TGt-=e^ysZ?1#K_NSN;jvZsMlMoG?nOaSZW;bHE*RxJwdU7{Zi~e zbO*f>lyvBbuT7b;W}vkLDwmQ;ppX4j~WQBS+M5)3`b-z>6($WH|y7Z@4c?_ z$~lI0_2YCn^~owqK<#oaiiGg8Nh6qK@s3d z+sD}|H$gQn8~Kq=mjL`u*~Ju>B#o-?z*{?Y-;w#S4wo9Hnz`-qgUf-}5rm-1^&TM_ z0ZdBy0L!9}!VN9tH2Ns<8xV<20UJtiH_FbVkeTmhllj(tJvVq(?ig7J6IzkV z{{2&4Dja1h(0SFt4MXB{pB=84?dFhlh=B5i&?Ov0D~N4W#uTbxGrgUA^IWqE!*c|% zkM&uqd{PGzuL?v$^sb}j&#@dhn$w|S%wgUx#JXGE1^(>jx%wDE&)0XcCaMFw$s%9n7~yiyfU`N<@Iw*NuOK1`qs5C;Xto7r7o#(DYpDo@kAC5nq=f&hU!-kx z4&*Bk`AT>ABtMR!GPEWS*BF92#1-9B2lO=@*@jrrdS$>k3L4m~K)7#_2h~#<)|l z4TNcUUDKuv?7t1JHuv@8*-577-T#mx+$6vCqF!Y+paDR0E9ot+IY&R!Jh|(v(8&X; zMZu3jUTHww=|1}l1!+>N>g}q0S0DG(;!vz~vXIpA-7|_>wkEojK+n6jU8&G?iIh89LMb zVY*gAXH>)Cq^_J>bNMN{Vzh$#7b1}S%ZgVMP}xy2{ZUhi`*~R}wY(8gPClHs50j!} zV>fi}Qn1}s*TY`=4Insz!qu-xvMZb4sN*ZUI>!K+aC(QG4e)ghy6l#mnPNBx z;hpNMnnnE?JCzf?5_=5~pb4A0@IYnTO5j4SLptV;D)XAH>)OpOQc=I~^-xYukc7B1 zvS`mUS#k+m3M^YJ!(z_!*sfzbol}|^JTXkaKVP8J3jP(u1u`r!EFD$)-;@A3ye)I= z`IpP=^A=rK!ga<3jg<9uu}V_mjja7Dh?0cEop+@A-4~@%ud|%fKJwV)Y?lOEY4u;n znrOJ>Q`v30Dd)=kpVulUN!e|hdR~!afyIN8R>alWO=j2>yA<>Nhh-XuhY67+@9_r) zE8(YsP4i40W5SC%yS4uBmQlHoGc_+%Xgeqjv*(Pv9J}Nd7T;94ct;t zjM>4<{0^c2&EuUe;`Z#Ra@LCe(h0{4q*|cv#~(OkK*W%{(WT@o{~5ei zgg!U(QpSyClFGMtmV`SldN(r*;;7lMw#e-hc#%NnOg|poBtoK!Li)DBA|@Ac$FJQ_ z+ot(c2T1QkC<*>xPX1=Y#dG+fC7gIIE$2s>(sW6`9O`>aHUgJ{a+_S^mhb*?CdO^+ zZK*DTh!d{-%Snp!^p3+V%O$$+lZFU)F%gc!V8oXG9Y z2ST~eG3WH{Q1;k7!V5*I{22fT3kbv3Y;+YyJfM3>z8yM5oYIfBfcv;6<{m8G?mj*8 zqYBiZSW$0u`r6^wVqUvghJGdc^EhK~lBW#XLszjU(mN;(UKW6VXJ!E*3q_`QQ2PwI zTq{Pk0)#-C8nSl1Tav%*j(sJNw8}0p{O|jONyvOoK&<$>d6!DuE{b_}Pk|!cKuI~A z>(4E14p0BJ$+%V2?QNI&Gp;MRkd4Ae?#`5$IGBWUI5u(C8EZ!=iE2^C)~HO&&9AoW z^F47hguy<5nkviX{ia2Jc^YW z-jd&6?v+d3dQWi73#0607l_r=^UGw3@$9Yfm2^BXNeQ~ar7wOi?d=#EcmE$ln z2dy={yTsCmDQZf5moP24o>(5Rdw=@$uvrADE-T3=*gXPa0>16%p#}@x05K8$pm9dZ?2gSxPq%Uld^=FE?O zZCwC3PeQhF@!z!*?62 zetG@FJK=(T<(=kpAl-dq)7fiPau32+=g&UB77%l24M!uzK4JB+pmUfU-yJWhYl@V# z^SgLSFb-Z#+a3nkQ*{Snn)0ApU1$Nlg_|ES=1K8u zcpd1Q3R)@lfe?_r1pdOWOjt}`e}^izL3@p0Xi4-Q@Wx(Uq7sTkB-gTL^?0u}hIXF9 z8@^HhQZTYHogJTwdrljM7!8fbl`_Btd=4ZcKL-LXFY~VE$Xlp^K&n~1q9cGDkC$EK zFBMU4p(9-uo8dS_dvE0~2vNQM9B2S&Nl_#T8j7WCP{3)nH~yw@4)7FCWmY_dm5G+4z=9~ zx%6%RDVQmX$E%$n^~ByKtRxd8baH6$xPho)RXhrVOC#CvG!yT}@JHl_@%E_UT%26( zG(u+q*6TRh!)M;)xB@@GgdP>=A%GWL{h8qi+@6ney{+k>F-#MrRS0IW0jvS{p-ahk zL97!{B_j5dq`Qhb5~W}!{!8-$n8K&kx&X$=zuWsigO#gfDH6mjR4|Uwu~c(evot%R zuPjWC$u7g)SkmRhjI3{5-3F>m5Jj7dsapK@ zsczGI=q?DJ@ehVImIO~(0NouOXGwVZ3LM!@^rC@j#_3;;%pR6ftykRuAYTZI=;GhakRV7W2x6Nks=+3VMDq-K`>^fQNcy{re5;pXH#&-Ks!!z^lV) zfFQ`S;d*vgnvhlyhji^oJT(N$UIVe$Mu~xFBm2olxv+qoYBwnxyE}k*l4>J5bLvTT zoiyb!^&?cc3SIG6gYuTH=QbF#H|u7qHW~x^7}cIPsF09v}kEwoO-m+yd^nvN}A==|< zAs`mNAh_{)PrvBhwExmP0MKdsoBuA<@m{%#E68NRMQ1CFxX*-qiG=KvZkJlHrnDY4 zA^36-II@U!_ZwUGJ}M{GPgM{G`WnXtHzB4j<|=eA`pZv)-A*`@1~6bA_wM(Gw*V-K zDOh-^fz0B7qI9WnweKyUl|n5b{u=H%?2|aQNjKe9l7pTI3AB^LN~ux`E66@c5>;%W zkZy?GKv#R1DekRtxVUV*j_`Y{JLm!iSbuHEPLdggJwjX6!VX714rZYaU}rJ1h54oG zj@ow#iOqo5Vr~PdGTwkML+>|dsK7ei{Oj5_dDQ=W5o{EGK(Y&9@Ohdn3Q~u?@aesv zQ=h_<=Cd@_O%{!Z!AaFbpCT{?0=~F`w=t7aA5TSG{7JOiBxk3$~Jz?M1HHR0!obW{D>3Hsd`n+`^YAUJ47Z!O?K*QNKs0yqEpV zU$I^~Jy6vFa8dGKUeX)R@4PGYh#TCTdbk4hhJY@4`LyDWa|2`z2VGp_5i;FNBiQHZbn3B_bNv zx_tfMK5G`tNAmc?Ze?KCz%pAO9KbXFs$_hc0F-lF={sL|3q5davJmG3f?w@jj}m&R zX)_OfF_EP}oK|X20XUU#juy&x6oFz+bCats3rnP5Dv%N6ziF&VYVHz8|#4U0v|ZUgwni1==*v zeV%h0U-ZI?zTk2!H zm_F;?iyE%hPkaTBFyuZ|mjW#{O?ibUKUBrc=ZoRqDKg%}f4}FatTr4LS#;iSG+^E& zHsRN|3nx!VRXAL2lU?$Y%NpD`kU%3}2!y8+yIa^c)gXR&&EkV*VRcSH-i(H5Z@C|S zscus^U2R>+^-pkF zVAD+){|>ZvluMAiaLRdAPWah|eDzcuprL>T@GKyOB(Zo6Orot1|Km6kge5&!HtUfJ zH){J?U`=8Odv0lWb7D3(&4^W-%hrrdeyLos0!I9W%SOYw_k;d>9_v8CL|W(m4W#by z6|j?QYGMQX%U8P?q2JlN0^>VbrFG=LRE8J<%0m;6_joAjGA3Lt`V&;4qv^2OaCXf# zU8wi8ow0ReRBU1_DzEvvss==Kg;VZW2=4^#00;Ni*lJTDc=E0XM&=8vaU~G=1tcl{ z&WW6)VC(Fx+yyj3mCIt~i)VH@*@qpFIUIP2Xcqbgt6Ykukj-#>^~zNTNs5N;0PdxH zEa>9LH3mYPUL_vT0Rjbvk`0C%1>qTl1Wd{BQUX7H`O41BJa zsOmw$_N|j^tKL?H)JIC0t9@U40$2i4hPI$~hk}0x9R~B_md|y6g?J@Weh;T-bUD(- zQ!VWZ{3CiScgR2$<(#!0$sq=B$=ld2`IzAbb}uf!)auoQ-7^b8J5GiW2xD(f%|oqr z9#ywG4!PUaX+UP`&%i{Xyty@5sPE8$szF(OgxgsN3tKs&gyzX2L7*UBo#6654D__J z-R2R>kf)*PA=kEx+uB#D9~J)FrMd=z<3auaI2yr_ruy-dzXl1AUNjJ{c*HAUIb$vu z2#Lni+O@mK)T>y~H4y;nu6#!vR5<}n$NJKp@ZYxwh$JYDZ+7|zQrw_=)fDm_LV>H> zaw-4gur(r)Br9b3_gDdwAJBfJYMNJI+m~Q2qtKfhhirUnf)m!v!X|caX`Tk6)isw> zGCPPwyh`G~;|oWcCRcH6%IDYg{p%BH-T*7!Z!r!yXSKj(>k@M6`|ta-v7~}bLPmy5TLT0tJ(?3(%BVuqGCn=HFe z3h!DAd&x}Z>E8dj^*!_zwc4V_@*X%cFCJHTnVDpmHH$K|YGx=_4k}*Sk-U+dy9fE$ z8(0F+^m|OH%UC9g1mWcFwqmyOOjx!R5tK{j2AZ2n#gnweax1g{1|?Um!ZUscuvR-CC2?W9D&n zEAY+dpjg76lN_vO@Wz7%w2ZxIZgl7uL3rbVmz1n+AYPqV=IPi;>;D5Bj)6BW zPBY&sXssKw{B0uOpjQaMb(BnfU4Ab$OP!AQZTV}mV6gJ-F)&c@+Psk@J(27*!G6=T zjj7qw=e=jSoZauNN&+b*bj#_HBAK1L!;n>NhHN1AU&yJ{EHI24{}XkB$tURC$Tdv0 zr@pgD6F_HqiA_!;*N&JAxt>J~o0YvIaksK*QU{`TtpL zh#W(uqEef?IQ0{k4_&p47fKUs0?PB@VM0i z<{15_w@h&;?@&&`gFMecI|>}v;TK1_u9j z0TO#a)82z}J5xauv19Y(R)B$i2zj`_FOwb3H@5bk-_*ciGKw4E%wae#{b)5_i5Cij zvzJT-$w12Ktuf3B9{CV(!JtN;+5DGeTSnaf7#U6A1(t63PbE?3YW7~@_l?{7iO@_q zG=O`cP-G#HnIo)A8GVg9sX3feef;@qt1idtjmD(P^J-I7W&wN%Zf^4g7lZ!Kd`u%LbXzmN5l_aVzf-FSOzge{%YyI&2>B%atGZ zt=$_;Til%*5P;I#TVuAxcYt|HO$Cnl-F56t61AgYbzq+DSsYsMxu=Tr&x3mo0aoCD0W+A;TUZ<|CYsh_7W?>VOpN?Am@=y;-I+8OKfvR09iRPQ0{Y2$t{F-OB|ZGeGSC&zl`ygKwuNDnS;<0X3Udk^}&H&I`~ab2I7D-Z+vRI^8FOGmDP zuW(ua@l&RgfmTvqQ-ta#fO%a}7$uH^XAxb7EFlyg0udu9U;;S@5EmKpZsrH~LIQu| ziSq2}3W7JW=ja*1j&!R zI25=m1nn(cjmrtk{%ZyT=|b@h6pB41%%YwNM^4IIiBz$G>Ep1YPp$QRz*=&K2$FZd zg#WftGFv&|PeBX>w4{_}_DQJ++!)iRd!<9*&6_TniU?w+!oc%=pvFWiT7dtgJr3(1 zii-8UzSG_z)OISe8*q+BA(9k;gZ9>~hl+u-AKerXW$_xqixT4lJJTYB}P94KHv3 z@`Oi0AF=R&)M_YIv=a4<5mLbcRR*gALZIc%4V@C0bO8h<@a(7N&vy*lMRfj zX=}(|e^%bFpZi9ZSJ*hQ^dV=FP1I%m=%)fFVNJXMP`A=L^`khk1_zluSKyXOiE?a; zS3_a>#nOa-eV~HxbAHPqy;5MG7~cQ!?{*Ss58A;h6xrA{Vu?3c=YU&^{OstN zeSzIzvo7E9;_w>=dSgFg9oycJ!R^_Gj&F(s7q%$Y-(=6f0CU%SdAnE20rEbF-qroS zxj+ho<1lDV2r>n7aF7(N2YQJ+^#Z_b=Q3X`jsQ)}C_rdCyfjY>_Elj1S=y>CeSlGg zqAq*KA6vlfX*AyQpYfyq>~<(|-@5WUnAfx)5#uo2Hw}QEch6mt8jPsJLVecn`WWA4 zIw4c?^e50P@t!~YBsA!XR)I=wq0I$Bo@)>#3UT^;BjMWrW9z-+xqiR@@yg5yWy{Xq zWM>n}-do7X%9gCijL4>pknEL_l^L?0Mz-)2Sx;N`c>b=(Q?K{u`^WF~$Lo)}#q~JX zxz4%Y@8?|S`h0^U09zns1D^zj>@C3hAK(Zd2@_v#THl(M8% zxTGiHF99Hq3s|YxNi-^AN}sWT`9h1PHU;)8X@6u``%J(UnIL|Qo^~AT+?5nv64qin zd+-hhFr1Y~!Qh2kj=+JdD1q)V4w^c>?l6u5nudiz>3d~MJ&h8QqBmn4#q4P@2{9jH z=z(`j=d!tY&9ykhZ|CuxH%|PsA$TpwUd9UmB#Wa|C{oBmN)mYOaa#b$#I%8PR~FoK zq}ePbZ=d$}siYFE?{)I86UTN79c#-8J1P;Fn8(9;sqoqwToJLoVLg8S!O}jPYPz;9 z9n4cu$RX&=o&Qul@01+kY4Vvl zkbHr{RrDao`p34A17ZZd$1dp(ojg#+&SU$O_r!qw_RQs~{nwRHO7;L#!2o7$++Vdo z@2qto3Ip$C`b>F17pu6QTAqcChFdS?gHSnQY>=cX^QEGONd_3BSmgJ-agR4Oi0jhu z5)3?Y5({uXpxI(5BY=8l!eA!^aG_aLSDVvEIo(WOpd)lAwHN2DZif-LHbB>JGeFN~ zlvh%?$y5AkbKT(Ct@r91b*fYnU;BTtKuV1+YQ)xQ-2-!ZG^?EPjA5LoIiy(@jq0*b z!I-AcdNV!VfAnd#n;@N#BoTs#cd&xK7v?ef4gk;3@`|&xOQcP9UV^& zJl9Z}vWh=TDo^a$X)^62c>R_qB;0Zsh4M=dQ{0JIe+t!XX4ocUT^Alu^hnpaP~9K( zvt2e{e~bky!X5+VCt{ooHYHC`X!Y(qb91xakgJ+@xLl1ZqkEA@mn>_DW6M@RLM?2Z zLtn{DM>=wzV^PV=`q>}1!!n0p#qR;u5WAXcrbpl@%XUN7<UjiiKfw=BF+f`t6DR`C$Mbb6MEqwbc_)}#~^q9(u?r|iK z8DKaK3X@{G$4%WzVnVYXrb}yoQORp~>w}{2&zUqM!jhk00If6!)KI@Jx1Yko@pS|T z&7|m@3CBBQe_I*j8?lb|F$dmjCOM1Sr3{~~<@@g3M&q5&kQ7|I{EGZbJB!@jMml%3 zoJ=5l@8XU+{LrotKV7+oF?c{z3j`8E5eE#A(7nz**3m8i@`C6%D+5vzye6@Ge6}I( z{c9v;{;I;As;k%6)4=iCI`jv-u7txw-D=8bND>>|*VaWEHhL_@`i1jORNKl zqDtzAjZ~9AUgq`PCZC5P-9tz3anhIfNvE%!x|gl1@c?!k1HGWHegk+nk8BM5fRo-c zkDLwk!lIRY!i_bm>{L7UMeM{D+z>*C8G+N1%nKLVpot3nsE_*vly3o)0K^q~N$K~t zz;-583ooilSCFim?Fd7&2G;<5Gh0|v^{Wq_W=f}Y6`blzI6cVCt~FX7as=aney%{b zXu%XO2=N!EPBzmY#GSl$1y{Rx$qqN>tiuMDwvk&cb;9#6W=(Dt=zk{QFt#7WlK!N& zkypN_?V?BdfqP}XYn@~Re48aE@aWq2c9<82Z~^4}PLC9>$?Vs0kbnVHRDiM*;Blm9 z(k%elq6oR}{P-p)Sg^W$&N7BXo>wQV96F!r#!SL`J=)aFC*Gm3M5ZeN`kf3}v z#15KAS#O69NFJ}5f0xxmE}J8Zea0SsF?p|!Fvcf9b1(=fkNopu|FNo&akl0_z#+9x??d>Xj-y@X9 z_)3qgRPVFUI~?}`-2zSyjfZ((Zd}cHi_WS7qgA1qIUppHg4f4DA?vaK(*UUcNptPJ zf=n^;Cvx|>_H{75_VRe}vanu7ybmXn%|*y(FQgt%0~c(IDRORQ@Wv*fY*9m4r%5T! zpCyNmBwc<${zf!gI(Z^<>MtbZjKYO))MU7HuW7qDfah`PbUwr11)JIjQQ#5|1ec7b z=&*6rX$88#ELResn>P5XjQh}Rc-pi=`x{Sc3zL>w&Q}6eFiP6rjro@YV7B7!wINQu zx^=|6u|O{}Se9UlgRLI6I>~%9a_gvnSDFh%7224eW{qP+A`V0#vq@fBo}*p-8*~Wv z{f%8Kvb%4OY+m)-;CQr@4azDua(W-5$5T=T^O`*rnhG)61W{C40ndjv*1JoRKM*uu ziU0Ex+#d6Q!$+JZg7b2E<9x%F$1{P)RPGNna4}%Bxa-UN9erq!^RHOb^CGT#c2 zyJ|W!u%!Q6 z6|N=l=yY{cwpI&t^QV%aA1D1S{&UchDqY2D;^}G6PFnURtmLvs>au*`&vaT$50=yg zZVbkIWuThoeyfzi{ZSt4nR*pragY_}?n|IFehS)XL2Cr6fU6;0G&!~Vmn!lo?Z)UJ zYTo55H}=q;<)S~I_z>KLgJRmS21%H4Liyr`Uo_Lvm>mh?G;jL%X_Nr%N`EDye}ooAJeH z4OALO_?=^*%BpZSozLs$#sq)SvrEDFLr(crPGUXwpH0|F*`!cjoB%JiUX!MRBIrfX zi3n}#^?rPe5^hQVxr?*FqvzW6;EZsmOF3{)z|^wdt5D;DS)bL~jBBk^DG40?m3Gu1 zx_7+-YI-(sN06QOw<)c_o)n;l#6}e!O|9pfRYHX9iJ1m(aRe8S+%UWK@L@_w?+~jV z-0>*S7YcCIIJ);mGmcx&6}J<>e7_eTNeXU^w}lg=w#XsKDLL!s15aYD=s9ZQ&o3M2 z1-icq6tBn~saTtbwhER-3pfXO)5Z?CDkwCA zcgugF3htTkQLGK$fUc3nf-&nCt4~ry zX;^c3J@(qvkqmkypy3SsE~G=dEtm4jK}weYZCt~(^vg}D^S7eS8Ek%J61Vuxi@zzb zMI5zUG@qyb~ZfM?=Ry8M6DsB^{xP#;Wwn0 zlho7hm7-9hmh9+LSZ_aPKlbP&9_p6TPzs%9!IP?C& zsa@i5cJpKw79dH~mn(q1VuEDw6coR}8}Eygil^XSjQ7QdaESI1tAVHC)FsJ$Q`lU_ zfs;evEU;vSZuq#xHmOy=Kg>;#cP|=lc(jc){qUK z(OAK4U5T7AGlwrmk1orRhe(SUCjgi)`T{SzCtXv^Hx=ac=rsTNz0N~;i3Er{^r(8V zVrA@KNan9cCH{qDsZU3D#i^jx)c&Kw*Y4|bp!WjaW09&t(tF>0;Da>9GzPS-;*?+r zD-gm-kad19>#3;b>|(H%WheRfk%!<39(I%X@L9JMa+bbACu1KM|y3tvD7C`j2r zrZ+#ngF1@qvZ4GR1s#1{oYtEsJzXP3L0LeLuVJdd#tpQglBPQ0OtETcISg^G2O@cp zwB9=lXvMi=1^V zy_w9q`7f70ZEg7rx^;-olv;L{ogkG7O3*mnNP7QS#%`w^Rb=0U>25{pS@?7d7wvg`8 z2=WYhfb>9~7Y8l}oF+)cV!SJHiJ2yVPOqw?F)Jv%UH*|mT5XuXCZyx2%T5RP8{B9o z6s^_>xtyM{0+mj)aHk?a73M#g4(f zw>68g3%;{|7-#q}-SCQ4$F;N+H^)i0^{`>OVce|Lx4hVM)AO4#hLhBM;KD&hHyqw% zlj-gjpKcB7UkpFnY3usaA?pgO6Vwp4G&>Y$M!K#xmEPMhYd4>_``Z4et&0l5wf|i z7(+y)dAbKq+!Om`1NB5Z&l*8fFF`pMJbD52{+zeE9+;Yh{f5;$ewE4RxC=6O@4&3+ zqG#8ex}w5P>XL8RT1ZI#zJ7#pRQt4H3pbhS2uDjI4+|4E66rcjHSSh+wM6dKcc>+@ zmfMsBa0&dKebKTzk7HUR5B>`XYb9xTVQBiJWG9uFPR^x|fS#YF{Fe2G+QUSX5hYbj zSVRPC2A|8rfRVZJb;^v@zsrd7qA?ErH?b*nt+h^lHU}FE`3(mmd!WbZaAUfV8Vj2^ zyEsFK_9?c$XbYnSfxbo71Mek@3CWv_yF>(_HAm1YJnA5khFs(^OP2zV?Vh85T=V`% z%JbR2KQDpVXemui^MM_K{!dC0c>pak@(DqdVMf3m0TCNd+I_1R{ZSG+ zVMn1yKWj)FB#;8$V?kJeHSFyj4-*cQUz97HW+NV@)GuZLqm$C@>x16}xji z-i~^JHMOZLmnLBOQKjUM$$>un?ry7C$&G0iyz~RSE!-_T8#t#OYK4!uynpFjt+387 z*F;@jen~Eu!{M((+V!BS;CQXd%!r5xt=s~SYKmI^4qXnI#-BS?oelCbL)Q4evV zL|II9*(ZrrU+_fVzy&?*~t+R zKeG1viowd-@Y0i#q9D^HK8?GfJDmOp$7ZZt8jE2^VP>2_781r zc~&a-%FERX3KLi&4`f2O2QGb&?9Z;xCxp|A-5U?Tj%K?XdKRpj5C;6xdBI=C$O_Im zu#}=NPP#@=6rjIB=l~AQdBMk$c2_QO5)nB<)gl%KhMXlCeF5~A^lU6`MOuNoVemV2 z*qu)djtr@L(q;Icyo+XSQnq)SUBN}Udy|k>|Mo+)0!m})A)#aB-RX_&9;HGf__L+sMVt6erUG$;? z7hZZN*%mH$S>Ny$?h|wHBi5pWs_ttW=zM~ic;`1O1*Y6G2pcW=|fqE34U}~ z*XY%@-iz~d56KnSA-sR6nRNIr^_wqMm%ou|Hz8$5s>YKS(Gj;pg9JbbqU7X!p7lPD zi(SCwVWefKbyK@dAadhQjrGsBce5XH>uC%JG=Kt>P{vW9S(fa;k$IDB4F(Yc>Ls^ncQg-vN;yB50$HH>4f>FOr0`D%cV)f=E-0t?cfaB$?M=5@_c~WGWY8mQ|cIDT1mz-%eRd zXg;T7T_h3mMSk-h%?VwJie(HwZ7`Z}z0(CV8wmjVUa4n{0j&pix@dPPzstC|d-1QJ zDn=)???(SEF00DExI#%vuLStf9+gQStj?w!VI)*krV0H?&JtT8#lo!z@)iW4^d-x9 zVTSa)#SW==IxOVn^Lbq!%FD|zV!&c3k|+K|9LP)jArX?}U3xoVwt%g=uH~xv-SeEz zj%f^&;_&r;<6q$TMF;xjB#76r^>n*=T8qs9GM+oi`_*SR5OdN+d4F454d1shT(thl zC{s9%v&siQ619y}X^3q%)4qp-Duhr(X03mttXRB$f~Ip(BoMMAN2@DpRY8Gg#Tp&K z8UXqV9!%UO(rjRlAuf;;5HN}A#Y@+G;7KC1h^_htBUq0%U?h-eJdcGs&_| zEWZ@q7`>uxt`Hey)8G;8H{K+q>e1D6`#*A};8qNZW$HrU+Qg?PYO8zeS|kM3S_8bLCgF z&4gkh2!B7e2}RCM(q+mN{_H!rb-v8mvdZTcV&0hezm)W85iw@4 z?Q(PRLf2pRe%a70j%&QmzLbGms>Z;<(%O~etuw!N)hJ0d)tg>zBRUM$>=uhKN)|7B z^lv>&9~k*f+pq-ATU#lJG-b(G%%a)6GTr%{4N(6?l+R^+&b&qs#D;I-gb@OC=wJ=% zbS{U#;%uv}ZU$8;;0}@@UgHE+Ni=%dpV1Qq39wCK2H<5ZOu9I;pxH`C=kIEPsf6PqC`SS!f$P8O&7>&9r2#>kN5I9a(|MwX)BF5BDhI@K#+R>ii#;Zg zm~1Doe%tY<8=Qzi1)N_N=9%u15v)+OiVVIML9AC9Ojqh|16+KM0pnvkrHFgXyO0-H zB|BoV5~mdi&ytDu0@XFw!dLtF-KAaXac!c`U}#;;jG8$x(g!7Z{ERAj^H19kK7N@_ z?tvUj@^!0WOP|;3#Fw{NqY*dn5~zYCg{vu+4r0DGNm6t&t)jfV1R0x#AnxGsU?a7^ zPUk3RJ+yHv-*YFXRBcYpIU3j=d5C`k)yQ- zAH&icjmn?{Nr4V)c3^ zvPy=5(NEHka_@D#P_Zy6^_P-nxS=;JYx_c?B|V?~VKnG4s#PBt*}^9jF`h`}8c#ri zBW z@VXp%935TbFvKt8SxF7l_laV{;&HPhKGZr7%i5R`E>HR(ymo!g@nlk0Vje8Ml)}c` zobmm7OrB!^KdS<$X~LDHtCd3RrRX4I^61N~{DiS=T5;|+q;7A~SH=Ne&j84v8VK_QbsLJ>rZTY?uCV#Y@r-yxF)l`w8A;Ebm3pMoU| zlJV|H%O~1t!M}PvlB$Hj%r^M;l1$8jbi(zWGdmHs9Se)e=-)Cp5}|@RV5Z>1z3C$b z1~gl`*xkR~lgj0-hGH0A7wAD%Q3yA1dM779vTv}2bK<`(D;XwTJ2MH?@V6Zx=rjTw z+#&;aZ0($%D6_VKJD%RSI=}e^_tnSBAIK3r@c63$ z&R9dzMx-SSRCi^sF^un~6}ZL}yUV_4A7o@BdKfpy(e4&Wxv#j;-a7SlsnyW3!+a76 zyA>9I<5@H4^s^TKd?bi#md>SisE(jwo~reZJ7(m;QXn|m*})@PPH{9aBj0cc!7d47 zr{kN<6@sKL(wDhw`fridGPlHulcGsM{$LGw!=cy!Ys07ZzxpZ;p^fJ~qoj#MBF1JZ zjN{slB^7A`=TE%ZS@%DVpWwzeIvsIW((I%zDw>a&^$}Fe`g(18IPr*aJ571y0^i)S zgl`yQr(Z1pSuFF9`?39@8rjB^&0UW+b5qcB?_OnQ&IjW^x6-MfQPGXZL&ql!C+f`@ z$Z6wb>*e3{O91QHqY`kb-7vZk3u~R~$Gtk{G{A;m&mAEf{>C+B&RBVZ4kJHhV#x8h z2U0H8cr-Qlxb_5LZ>ybfIm|}SuEZ1OIM|)5tzI2t8$hMW<|*89wj?6{hD8bswr=mB z(_N%%k62c{N$v0q9MpQo!Ma0*9JI`UTb_9gA!JYQL}&SK9$~(cZqRvr+1+YL$`KDMX^kI5?R@2MGO8ap>hA<=sj(Y;}?Di7EfX9>r#CAGpMJ zi+8!h+0elc4jskOI|2CV^o}+JffgTbQ`dfPe%EEZHSJn#K+7Y-Bid1co!Q&rbyujkjmJCamL?y-ax$kHIis&x}ohn_Z5ZR_WDkD{1SfF&l3 zwESn86?VFH4L1?$10FG86#2Q;(s=Odd?iSP+@v{r-(_>x*Yhdk8;92))0PU8aL2@jhRTsPV(Xg))SV zx?9uqf2^6CXXqfx%{U~PX?7Z5A8mmS7O=&zJQk!{l($N#^mU%f;0Ws{`$OQ}&w+Q- zqr)&w&i$RTX@aWa@YC<8$je^>O~0#s``HAafXjHT%2j@kBrbTf%&9+=ZLbyvv8`R} z^l%5#%tbK*eU*WD=nMTo3W10PX(ELPLK2ySOB*!3O0W+D@aW} zjgV#N@SI%`+)D_m+UmGy%TA*xJA1wF079lBWNeQxSME_DG5FbkFn}m4N0%q(eq#zS zH9Cxcr5vRPu!=IASlVXnMQ%ug$V;pR@8`9V2}I$7?uw61*?coKAJ5Uewl*?#+BG>d6Iwj|+QQY!NFKa+~o1D8iNnaGx)>h!S-S zp_{=sx4h%jIq*nA?QEk-xoxEP57l6&x@QQ|2?xfV_AQ%4R&XdqzxFgcMdG~j*^GMX zA@*H#o8WoV^2<&6P(*{=v`~5!8P@~z5|-z6Qgyjg)FO*NHvfJHIp&T0=+JoHw5R7)y?P0y+0ppr6?BA{B=PiKQD{|N@mvn6g~?Hdh|cgXynF&Xtme zpJL3%Ynk|6m@|Bb{%91%vXoaC^EVWGV$3XWh^(aWnl!XsTvv3)!UA0Khe)>dSHFo$ zjX-Jq1y+8*U$NpMdhN{@>SCzxcPm`6$h*Il2AYfNEEA!F=BjTZswG7b=+4c}PQir= zksz0Ud;PJ;_<3_#C>8vh_q-Z7Hf?Y69+TFa%>=*egc*O0irvI-D%1C_l5e7k!|2W= z7MZD8)Pokw7Xubsv`Bs!3Y2m{>%O19Z~(O6V0yKTb&UDWVPB@Hc+F<}3OpPve0TlT zOJn!X2I`kxz{dP)b{!w4@8TX{jl#Fhm{IWx6rS99+)TP}6}91(Lt!m~RrLEUTfB7O z8QPl9G6QIY20Q(AdQwfGMERqfTm&In4ku}dDs6dLdYt;AL#TSt>5klU!tK_mgUpQC zfszReZvo|dcLQOqQ!UM6Y1P{w$Q)CMFI7C?DlZ3~V!%F?Ig1?C)WC=k2^eRc6yL4j zCALjl1i)q0!4YFz3=y)FjdI8i7>f5q;j66F-0YP4GAoLxa#WmR6$L|5H;Uxs6Xm<= z>jM5z#JKZyQ{4fAUt92Ar>AHc29Ty2#x=}YFw3=w9HqmVR>(!qggP1j2Ge1+JB_fa zdI%|d4uu30bbqY!O`^SF`^w2ZCM`tX^FrAZ9JKW?_kj)q>f4BfM>ri!4lU?6w+Kkb zm+X(QcHsSZm6_*ngQ}`^3LXlnxN(gV)E&P>0WsTXT7xi{;qQhRe4{UB|AN+1aYGc$ zE#xk_2qS}Xkx~%hoe1!XX8`A9%1r)-4pMelxq3jM(MmrlZGxTI3_5mj)9y5f z{rb|Q-&R&ZE69Pq?#`9DFKZ8X`Q&#)-X#ebM3xy9>z5HD5(bJ9`V3;oJTVt$f6`Y+ zGavR<9>7ih;B}o^{IYETeT5Qyw(qWX|9vl&_O?+0QmuOcb+F6nT!b955n@7iYc>Bn zSka7vkrDB%S|9B}Y7iki(oFg(Y8C=?1)!ry2$Vi6nw;HO2&VzRxwE)09>d~YW=O|Q z)5x(#i^u&OmsZzf0C*j`KW5#q)f!^cyk4S%1(U{^JfVNJejut;Lp=NUjpp>l^}8sb z1Et^3IKAwDLr)O|MO7_djZr{{WDzTQgJK0SQ3-o(5C8J^YHi@`$;%f4uBGclaauq5 zzlfR-{82K5B0ZZ-8Y@G`Q@Cm$C&xg|Q{1=4n34BeS9p$t5krG8(W9MN->n}4)2xv`7qjb>o`)Z9LBM&w&ufGcz)0P($ zh;32_C{tp9Zjb$Hhg4C@)12)-6h*iTotQkcPtv-uAESevVbe?(SDXi^(3{U}Ce&`; zAl;u{v6sQ*=&#rx-~4T*)rONRB4_FKpQ^UI>jh-$vUh`p-DfPTatm-05roBrKuq!DpZE;qV?@8du>wMV8ZmAlds|vbe#4=fA_|n)*pY^ch&5%L&c_8P&F* zGb!n9TRJIr(%*g0O19+S8z;5bf%}3q5D6qj zUAy$5)AC=RxW)k>_$P<$;iJRePggq_WC53U*L$Au|1LOZjGv8!|*Y#MH1$9_;PVS1nS|Fk*~p zQQXURk$d;U=Rq@aPTbOoT}g(;FW+mkPPb$m-%l!I7E2qTgAg$7>G79tU!#iWhx3j4 zGs*H8$lzN+Rat`+pJr)6RZp)o%jYNlmED8-%Em|$L?V6E6ZfvH?y8+BU|s8l558GE zWsU*L6q;_3oVP^Kb%Khy`>wRQMp=xg9HOK8sJS*34==smC-l)Rsr^p|+ls)Ie=BL+ z6#F0w;aj&v<~$tPgu_K5EfV{9CHjGShMA#i0Dn<+sh&hU5~y|{zhQg99fc$S zij4dyew?3fV|5lI93^FqDBy%ZtK}1Xi~@>mpxLwJTT2l)j11AiYV^@^xP8B~`#4Qs zF{jK0T4(cXfObb>6hk7khKKubYlo){IpTnv^(z^?Fi7_f@gV<+uk%cec8U7^^u>*t z8(D#;l?IRJ08{_Uq}?bb4R;)vT(FclAp?%Wep@pQSF9SGMk;~=i=WG=U=a}1I)!cv z-(V@4Cn-F+9t0{K&Cs|GfDeE@H7$V(a?lhM11z3^XGl{cwgCATN==!hS*fD{#R$w|>tb#boppqzmi&32f+j_z%?$^^8$Hy=3? z-2Fb^2^P4U|ERFNHBIf7PM%E&Q~IS}^QD(>`b;f~>P5cVjO(&z&Y3ZJNAFVmY(!)8 z@>Nh3gbW+_)okQ!xkgFX&%9_f44tm3S@Wzq^^2eFCwN5=>$Ep(Ad%)i*!8NNyAtr$ zxcBn%Y?_jy#$a9c+#-soyuyJFy9JyIV(|{8y(EZ^?>L$w9R}FkpWM9#Zq9Lt5let_ zn(O_!-CQ2mbmqMNHR*)Kx~K4snF(cUI9`S7;ijwdq0-|Og8`k)uLygG{(X*ykp*}0 zy^WvGhywOOBR0R_;}RAm&_+xt$Vj6HM@bRl1O@cCdZ~p9s9a(1?7@pFmY{Nj@Qk08>AyMSxe~kW;*`QPbzR1hpxx}y zDdK21*k$Us0$FO?7e!j19~)1`$6i=AzM!Sr1v&`8dLSBaI9R|rXL((cYjJd)t*V+0 z=6y8qn|3HssLcG~n9%wJuiQLh>kgE;Spkc;@AtW&UI>#c`bQ!{*w_a^Yw>(~0>uqx zAf5zc{Mpp5s_uM>4jUJ=i8`dZOk8p}|o^fv)oeQ3NO~}rBDNTI%r-J=M-isF?0$xcGH^HfU zc`2=5mt7J!ixm+O&kZDU{mcb176Ej?|JTrQdp|JakC7&H&;Vji7Xts0tZK5zsEiR( zPq^m_dgzF!+k`HmbbZ(MkOO46%9~Mc2;9(HaBr)% zXuM6r5QUjF+}9oReg^1kpQ`JVRaggpZV|v!Wr~=f^ZAw}F|mOZG1$B(gi;{Y_c)48 zCwRfdR^>hvUQ)gh+e*=a55fqXZ@JFx<>#vc^_3_~3V!3v&$}=Lg&6T{t#1kk=c_Fn z@#nMLl3@|?9UMbR>#p&nj#*XW47J-k0_txLB!VXDY%at$1+NZ30{%?6hAsdiWxF}w zZl?QS^aS{yr%pxo<0MR(4-%AoOsncJYA9fXO>7Zd3#zhToX>l?#{%RM0{}(E7N>my zxDzOwVnH$9M*)VRUKcmeVS9ZXS4$5@ssBALXrS7vME|5C72`bWIUuUE*y*N{UUjvp zcb8k!MrZMYg2HKEYLu|#EXk5_ogLjdzptk~-3$ul1|^#}(Hm-=rZ!&Ux1hr~vA4T! zi#(p7OT(B6bLtc_&J|DLG%N7h{*?_-hoIAIn`Fz^7niLKim7^h$|Wp;kbyx7V?62W zTGYYBtgV-1!a9)4>RsGpsG8XlnBO2J`UyF!%v<^$$RSuSUr55HK{8-i<|5~LCJhn) z+eMD&E)$~l0i9`ARb%kuTuoyf_vqXRYmz+VF+XLnnpm;$n(&6)+ z;+<^xcc_QrU^Y~c>)9vfc2zC^BBi!QDdYt07~sX~;XUVf?^ShpS^CC4IIE`M>^Rmc z;Rv(%&VR#p@GHK{EMv9qpEn0f5D^86PIHw_qeEqYhxJ=XJL%EZGWkRkxIwfZMkKtX zXzmx(CO`$`aT%Xb=&$8_=tHR{Rl_4#1tENz;{gg@IqyxJ_$X*n5b$j9?Uqd;j?{wZZe|I$ zwO%;?#_I%@%R;C8c{-)ATlRXX8^ek;{9mcJEp~HoW$&;@VIENFA`fCV|PNZGOINOfmBeB|+@CFiaBBdE4N8YrK4C}3x1iK(kM}cft#&%^;_tqj z;{T!6?Brg}X-obPHkYt#eNa}t#JpZ`u~$`19;CH2$XdkorR%|OowhkO^E;rf423)tHDc;DFwWYP=;2KN1?$J9|k zB&t~Uf!H?_-enQGQ{b@WaeH1A(1wG(;U!n9@)BY9*U~KxNYf9#DmfummVlZ67clSi z?tw%qGENgyc|orF^>eP=nFL=&BSoAPy-V1W_%+B zhf#OIx^)g!E)~#;H2L3B&A@R|Gal@!Zw4-6BG>W*m?b5nAL_>pmzn36SwJpMl$S2j zTw2cl4|@N;DnJIP2}K(c#wY+i8Yk?1ydOBkgd)WdVR(%m_z884TUf#dB~K#gu^DLh za3YNe#h?tjTUi+F^iatW&|aIAN`kq-3CHMH$gurrl6zI*J%s(Tsr}`qJsTy`X;pG* zBeMK7|i4o1Op(r3#kZisLsD!6W%$-y=^JJIsb@JB*BHjO@=S8|>f$4}k3i{?&V8WV$IgTZEQOY8H&S;0XKILnN zHg9qnmbJ=AQioUlgP;|tA_K-t@%iS$MWvi!1@Mgu<_XW(o$u)~fXv(hWTw9kj{hN` ztoaFO(8Cw?u7Q%GX*>QAV;$e zIaDqzH^+oJj3WH#;>&@;lp9VZc3L!YdKa~7WgJvt{c6R(m4Y1jKncw zvjgWs@v#w2g6bKTnAsci76{+-A06TSygK*wSn(Fvcnn^Dp>xE*HWPhqwRW4v{R=R7 zgq1hH+x!2ktw{la1jZ1`ZrkhV-`2eUiqfww3G(oIx+k?ycV#_)j&m)mHjVynQVeOG z5`T_-^ec=P=r<(%P$NsC5$O4n2>eLnyt5Bd#N#z{#)xsP zzT(T!Hd5aMDY8aZu*f+WatDormZgUPakEysV(X3eg`j|gbW~SVA6ZQ%%Y4xNgNBDX<1Qx zSYc21qF2CV#X3d|0_cD}gSyPArQ0hs+g0bVdDWRf9=r|bhfB|ox149bOdZVP<8Ua2 zJ(2?PqcL8SorG%R2+QRc;SzU&Ob6&7qB8wM{%G7s!+&MO_`6ZgiwZG$`k~h!-htL5 z!RPX%pge(lp^|oA)9=ASj5~61nM^pe!gu8s)EklC=>5oLKSFFYcfhH{W&dU!QH@Qv zaXit|UNMxwUmosg+pmCG7av^DT+Q{2ep3#fj79Q{HPq-o%X(%2I#qyXVGf!J5N((M zmpR(1%O~Cjp9{o_0JG%+D}d4%E#dtx0jdBwcPbDaK+QGtxS%&84hha9a_-x-_r%~v z#*c~^7K|SygcPrzF6o2bt;UZGF5{%|f8WQ!%I3*6ndSe-$&yP`9gbNH_*MfbQR}~8 zCdFPduwde7`U{<$Cy69_?wFpzKjtoQw%?6D9YKN z!#6eZvq7}cp9NKQ2c^6Xn$nc-{VMR^xopgTUR&~kvwX|+klP{hR+*@rRZ5wezZh>= zi(iHF?M-?<%+3+4%aILGiP0<8DF6+5g}vlff0Yf%R=Xcm%+OEKa%w-xYgrXn)@eVA2P~4cPomu#K9ht*y$ObW1FYJ7oJCj?NI+KE9r4tfwhsqYb|1>RWlo8RD4P- zwP52GeO<(m<%2*2a^c#xgHx84bCy6lzNNR%hRRHr5BfG-K>rKK3B4qL8iVmc3xh6@ zN3XI1s9qzQOx)Wc$Z021tXiFHvF z0D&LspagK%n|o%cvrkl~?9H z=zw=Fp$gFnfxJLbQCBq3_CX9x)XbxyHGJ6ow!#e%kGwq4kz)xzX}lZ)F@1UH=4S}y zVw|B+ZXDS;D2sODj%{U#_Yc1-Z#gYOgfrsakT^V99A8x`OupTLqa)#a%vM!XJ~l_j zs8k9wy?qv;)w)8B>tOT1AXkM?YVJM#bBu<``o}D9$G)3aQ@`A~UMZ;pA$x|sN~Pu^ z!xu47A}CfyxI-CQxd4(tL{C2Kf6+lTnHZ?d4W(`xsm%QZrOAA%lG1*Mtm2DXlY2l& z-}hbyA3y`>?pJiyL>dpskwFQv#nlD}p*mSBWbFlV8F_j7N$m7D zF5ktg5ZW*AKdT6#J;G+8F9?B;09rE!daND8vI6$^T=kFgd0PW&Wqq;V(xcm8bboq9 zCg#C6nv_|xoxD$eyp-GW=D;FeUqG+X%W$Gxi5`VK*{fX!1806clgzA?$*X~895~@McuB)f9`ThXW|IVm-%M`nesj=_9!2PgR z@-AT`>eh{nmJJ!cu+DbdUz3;(TJg^2iaz+)vQpO9C5Y=L@@Zj$!sdy-}3Wu=Ip zx}X391}F1ZeMn3(!iqRp!$#cRbf4*$de=>xFW?B0#i-yfM$SapHTU2<$^>FS0x-Ro z6IN~hiD&XT=u@=)qRP|xx%!iV1oD>!7oL?&>&A(#`h~DVy3J%GKar>YBiFcw=Say3 zZv=#W$HO}drXOxjTbs3%&G10#f#zP4(9&ufCTP|MQpfFoos9p&_EYeZssrDNfp}mu z9l*hj^;)doxJ0u5egrM&vkEw4Lxxd*G0s4>zSt?vM1AR%YoJ*!E72R#zi_nQixC?; zWF~lwy+aB+dx8!o^X2N2r=T~7Gs}!3Mde` z{@V}LrPXdBTS%xZtW>ikh1#ZUN>I}BABKRO+ZKC$<_}EzY-=)ZR}71dcA7WYt1ft^ zbsm*3LF^ddegWifJ;INUu#4 z0eN{WIXf!>|0=4tb6i0>i0UtBXmkEzBqvu^hdQ_$m9l%&9w?euZ$BvD=dM#OWBC%v zzAFY6%4qF zDP2n_bSBazTJQGoGdPH-PU^Ls$+~2Tc_C?Y6&n;&|N932@C;4F87?9F@(G-ClceaE ztLkYE5aI+~rfOul;>wCaKcD@a`%%Vkt4IK%M>l=FqPo>4J9N}0^+9^e-^_K1E#cD1 zUGG9naCcBlY}~PjR8pqz5S@7D9|Ix$o4Viz2w1~ELJeBc&|v|Rw(n|FqrofiB*>4U zP^uslaSt1z5P3|CmyRI~U7!Hl@=?t8k6vZ+kFq+}9Ot=OUEH>7?Xt$g&$STaW_k7w zUBEo-Tx@zESxE(doE2A4cgU%$jiWZ`H0KSrDr z!tV5Ac(5nzl*ATg!GPDDOBY;eWt~f?i!i{Z#J3c}pa$T5}&A2T}Gv+Prk;*qEd+D+1guj&JCT+HQAWd*Y7 zT@dd35F*y})VwaF*Frlxi?%(F)}jtkHRTP$U{UYO2VqYN6dQ2TuXjYvv;UVtks;oH zS#Q|hsX-+BY+9nujsB-yCo9swWI$2!PK}~@mgucC!G?OFI2*{GPtd+`Yg>FQKXqX+4Dc0?2SzcubnX29I;6P+<)lMR5jmew`=6BNHaqyl}Pj3 z2v!A#lOoWOaq3eKTH;Dq%>C~W#UTM00!0QO-l;>KDA4g~LVDeGa&(xNBQo1SeIZDC zYJZS=JO;nwhE^pyj8H=yigo+pal|`#E0TMljMnlPRUAo-{MY$Gby}1YKa3Jl)ILd% zaX#pFRolvC7kLBt*vKnTZH6kpK=6!cZ!5-KciISkPf9L=`>H)Bg0lK)My(wv!bRNV zvXqF+Af}YPwv3A6+AowASSuQmJ8z4;c8Q5jOd=*LJUiT8l$3=#Zan>;L88f>SNnFI zfV%o5J)t{&VjlII^Y>GBK(wJ@PWkKOIw<6z#{h+bjzSD+(7?$**r)=W1n&4k zyU{@XY52AN#aM})Q1i=+gGUDtp&!>4d6K?dzrXUVJ2bB`NWeqBxRipiS&iK1?HJw! z$`;~+Wl0d%X8>$qn%`sr)9WWagYxw?AWU2lJFsb2g=6e=!Q^FB<0UZ|xNB;Xve=-A z>N6GtQ4O1cNbu=a=X8$${97RH^y31!Mdf9}@W@qD-n7}~Eu!vK*$rFd*-8F1@^bw< znLSj_ow%91_eIMInLe$Ue^{tPs}gFzRL3^$i3@8u?Un@>k%;nCu39xZ@Hak#RwBv~ z(W(D6mDs*{>wvnf08tjBV$iJ!`HLhvj1F+nrck1>_~$l#L3Dk z--oh;yLcB3)=$DgJ(2+lCN2EescZRYW$AwbR@-rMKE4nvM!1AR{7P$eN!56tKTCTJ zaDzr7569uOScPZ--=WH0!U)lZUYoiEM~{-FUA~n5$RKw)OpFk`-ff= zq?ds%C8$rj!DY=7Dp_lT9?egBr3Tp&!ab(2c9MP$o%*+`r=EQ-<6|2r0xjH`#7N;x z$FLU}|K21s0R%xOi>KqCAISlViISHJpj$ao*F0oOg)U8tSdhSr2yw=KggrWKhjJtQ z_cm^gycl|GvT2<>ZZo*gV2jNsaXHC2jd+5-h$z3z%)XZeGB~q;CU*Mf%j}lQU-&0d9MJ%NCqAE>!Rf(AIgsf+Kw2U2(j81xzx36IfCy8f`u!V zpsi9)JHN~MQpK0sZGXCDVagj^`4qp(NQHopG_G=jdf>m3=660=&ooqzJda{B|h zFD+=z*HkS-EhZDXp$9GII&kObRPg^QH;|#|KnctQ_sG`V=YzrHrI6hK=wulkGtDht z5Zb#phlNmoIj2vSPP`vOLXC)NJ`O%KSy~=5+)0SNWFN;OcxW%wSY~W%>e;9P@UA=? zsO(t55ZgGyI#*rBtgcrXqRgFNt`!6#ZV-s-AzopNLNxs#NjmACFS54)kVyx1!BbFe z4U=x2nSC`cVRDm&Z%Wn!sRPmlm+9td!LpsfuRh{BY)ae%6w<*HU@Iz8yAW`mu|T2sOoq#sRHMmiot z=n%1*`2P0Mj}pdGa1RcZDt@Wcf^!Hp&eZ;@>rP(pkpf{lqCJPf^N^&mCiDzy9>@4Y z0s^&Zjv}M-LY~1Bs!X5LmAh47knU`s*~P{48nJTMk{Us)YB9G2G2AZS#M0*qIJ#TM z&!z=&uV`idm)(v7m)92HVhP01nKVFzg5Yohg$Sc^VQ-F~r>* zM#~#d+)6T}j0r)arvPd~t)H(teqFhlfL9&p`fCGzM(5%MTmMiU>I*7__LLy=i9hpW z_+G4?H1VSA|0C)wCMUAc}P7P=W|ZcbBvnfTV(?ghO|aN(|jS z!q6ez&mR8w-sc@J`J6Ln?_aF-U3SDW4_nH}!t8z{$371Ds53u4`b@kq;jk=~AY7O? z5Ne)zDoCGsb^G6`ae+yvZ(aNU$ix~73at-cbyIwM!9|ne*iqQ^vuEl1yYJlEHqX8n zJM{C1sZjeEL-#VwIu9n7>Uq3*nrzSVUc32Km`*CMU%d?VanCFT<Gpk_TA!8PQ*$OAz0S*=wHKU9$)Ug|cqhZSB(z zsut8yb%8mny^+5kSufz6CXIEW6_uBVj_6SoRL@fNU!Nk2}KXNuxs^E$oHX2l?U9 ze*&HV8t8A2mr&vp-2cC)86e;MpRWeA*SrQlcxF$wfsyUGG4Qxf`FKFzP1tuCz=Vvd zMVx0gia+|F?=R?V(nmfb!)9f=IXTd%4%m@o%iHn5BV!EM$KI~LhYoWBJM;~ppdDqJ z_kP|C)Nl@9d-u@h&_N*}lcvgTH+vEjl1rTN{Pj?oAxa8HnyjG&q*a$8zHPbR%BT9l zJ+3A+kYIiM#+o3h8y7Nwp#X$GffqLm5+g8=iGeOPy^3I2sV*x7`pO3k6kI!kampU$OsAAAH2#t84kL16X`3|(cS*|TD-Y8_l zK&v8{mF(T6Lfx5_(t3C}{n-;`*M~3}dpIGgAUdU%C_$u=@3|(dLj=mNB9rrfuMK{B+jGGrU>O8eStKmd4H2Z3{cA<5lJYKLryPBGiJnr_r8~**Bq=$2_g-7-huJ+GS zA7OgkO={67Pv?XI=Q#Q~cY54uL5%VB^}h z#3ciT+8|gQF}yl}Gr1;#@o5eyjh3Ff9d%y-Rr4P9XE0(Qstk|y#mMY$k{36Pa0CXd zQJc?Z8+SVlK^$&bx6_VODyw1nA|=;bD8yrB}}JEFX`bJ*KXX3AisM z;}iY2G4UWldNvU~az}@+k0FPriC)NLOjNzJ;4d(Z9j~&K!B-ol?_yc)zflFJI^A|f zb8P$#uhf$vwvQ`m?UJqG2OK^QYX3}O%cyxAYW6`+G{U7^k8%JU$lwfw-q$L83)2{( z+6Bdt+_UoJ%@}$ToCa_Nx)QcA>p-_U9u{P8-q`t>$%=4<2WKRL6_s$9Y9*GxsFqNr zWT$lsdnThXrw7c<^Zcjy*p#EoYY!2$Rf8u$^Pg4N= z&4i-?iNECWaO@l{f>Vk;3%M4{7kwnB^HML@914ILEBc-clVI@s^>2!D-PoHaCy|WF_8@?Xp=N^+v#yANSK4wW!0yG5L4*3~2yLw8q zLBcf){6?(rw9?tz+DC9)^fDXi3u&uEDXy< zLC`?>qmVZxrPktBbYjoo?c8pRym6P<#o5&9vJu=Mz!z^pUJPd6=gXkL9Sd4v%l-7L zzXb6fs;%R-9+F?~baPXboT*p9<(^{%498P8&uO#Q!(9d(%P)Bc5xA8Leh1fkX-_mV z-}+_;Ua!M8K*vq)*vzbcd~YdPv(N{D1Q@l**dkS7?hxOXv!-(J14>lRF2EkBQ`HG&#VmlJ>A^b;=E&pfoQ&6R+ zrL$<{j*jKNvv^wn0Ss-X_d89p`-RDVcAx9CduADDmSj0F6eiT3=o9z-5^ZkQ7@#Ta z`N$@{7U5LqzvXhorBW-6e>^k49@Y)h+GEB#I}lrlBw9*!ef?H04Ry?c4-hDTu<;r? z)?!a^bz6JiP&mds&=TP)=e4eU#K+|!RiMp{F4PDF0KW)|kJ#`&zh0a6>_7Lgl`SeE zNgJaXnC8n4ysUi_ghP1bVdY&eVOmwe0E&_lVD!k9ied;gr5iWh-VnDXPEp!ai`>&M z4dIa_Rxa&%+ho8n&L4PynnPXIPBv!vM6CE8G*?KQBi%gh%(3JGZK@IJ9*;njh|#Ux zQuEz^yA&}Dq5zt%T(eGra0`7kX!!;RO58X%gKZ&y!p2!9-R^MPV0XkICoe$dZF&Fa#1vligU=ZgchHb_> zG4KRaG6)$bzeJDN$wDgj)rzm0v4P7JFqu2H+o+6?2#=pKswU?C{h}$Rb`ghW+L<@) z9uhpM8^04wEw0YJZ97N`_o!5H8RlgO^(B`P<;^>oNw4e#WglwP0G4HRnCmUTv=w|i zvm3wu)$Hwz`quwGz>f13JRaORbi2NoL2eOYxq_`aXAwg`|GeAp8FZN1So1w1Qfiit~dF zaexwjo1w?>6N5Z{>&KI=rzUv8wIG*Hi30fgo#4H1>FU^0O3;Htn%% zdXhfy`<8q6ga7@XSYm=W{gSe2C5G*|w>rohd}s#~#OWPY0V|~oA>jeem6S{2$bs@d zJ;YwysPi6|6?y!8LITaQeMJjL&_AF1e%$q|U1v|+l#ND5wJ8n{*MNkEH}W+;l9B>` zNezBR-y7b}@>jOh8a+}jYAhi3Y-VrUuWf!64HQEK;)cKBcCa12rBE=i?RmXT-L_vn za4LerX+)#y(J0$MiSxMz8DKO&i4H_PUyJ0H1)CYu*c0k%&M`7EACKgp;<`s&weYj* zO`mUa9BY%$_>R3_v&f^C#!fgrJ9A!%zJHe#Og$YsCwl>yK%i4)_=%4Pn*!Bs`{_Wc zh>`(hnbzkG>Q@b=437QkE@O0VZ;8+U@`*eTDg%q!ZFLjRp!gxdc>QHU8ha}ih}af= z10=Aft!VP^=y~^U@Uo8?z^dFD^PSoQlawu{E&Cj~O%YAftgki1r7#P_bfE!Gz{qNl-Yk>XekfeO>KZ}X zI<~z&Cs!zv2bLdQ*cvhWQev~>FO6N~qKbUROkDQKurP@S1~GL{Gg@YPBLukXoHBB7 z-)>c$*3<|D<_a}2QXb?@{PeTdJLzG9+|Xwhcon;dPtTk4{D4f%^0)8T{BmttN}ccI z^#XT$Zp1~H9|LQxYfu|eAd+bHCeG4! z*nY8_&cYMdzqP(;$iiCg@?M|4sI2FuQQlyhe#IRI=vV9?8F1j~gc_jpUO3M9c&NC& z6L!Hdv*f~pCP-c!u8S8z(!lYeYF)To^~nnkz7h!wOvG*?uRn^UGNEw0MSoPUL5iv2_S>eRWQ(?jbsf1`bS zoVG?-zLGTRuX?DZqgk{AAI`PH*IROrbp>nNyJlFgs8?oqqoiC_hn zzOWsDuuAe>7s3y|so!aIm zcTk%}*t-s-+^)1vUCf(RPZfv~W{-jM93v07iNfHm^2SXldo-04IXlZXN!)^utO zqKoQg&}?E@*Xwa(78YLq336+YZOp>F``&8oLo6hPLnkB=h@UpEBjFy`O`dQB`UM(7 zJ0ITX=wAHrlf^fEc1h$hWX9ZY#VePt;1$k5&x`RgeV5hq#&FaG>R*jEkQSFQ9-ZwEI z5RWsy0?eXmyF^H7gD5b1gR5c%U+UjR&Eq{ZC~Hu6lAD%OeGMC8(A?v{?2|FKmItYlD5v6%cvM@d z+Gy5psDJbHmMFLYx*7>Xk3-#Vimj@9I8xiTwoJ(}`~(vG$-hOjM@`*71va@K3cw2g z9L?=UQ`+}jyJ1Uz+m=y#hL<5F92FuY(_v*`Joa=Ox=zTQceVH>;<4n(v}>n{Fm<*M z(5*W>N|f4*K&FGrl(&efY&!0SYYc6JB-E|tJ44OBUwmg540g9%Xht-UwBcgK|J=tkg!N(E9)E{uVI7B2? z?dS|&%ZmP?jiC84aEGPPAnfI2;Hzv^^n3$g{3R6i@d$a2w zWm3ji@vomlgfc5-X3-a=i$jCX7&ySQ=XAfRY_R;O{I7p+;1NPHe#cNIEiIQZGt=_& zMnTs{b58%2t406C^dGvbS|H!W80W}u(db28KIf3 z-K$dch0U(WDU!42X7_S;=mQOG_hFB8D{K-u?1*7jE0WE1MwcK_6#JVt5%B?4hY+6N zoMPgGGaThz>Vtz(^84F4O4fg`Z{UQHQ00LfS_e(ex|4`t`Hp@w&Dg6bFcnouC0|YM zP{dQ~cXHH4Ez&`&wR88qDhqqjNa}>B7Ji2rT=ME5wb7X+xEeId)2&BrE|DntOT!2Saz=eq?j^4BMPq#uw3JW>PqR5h2ADzgSg*LM=K%bD?k-O@&TX z4aI_Cx7`d83Kw|eJfMSX=bgx=NGLBm?1qD_Y$(ky)Opn6Hyq+v>e??q*mrF*elTaZ zWyjeRr5W6sF41El)vL5;>`q=*y)eNq?M4$3HIxKUv+d6aqKSmWc-45X`0RU$& z$8~{kEJX&4pC5q5ThpsD)GK>QD19Rc34;>bsD4(CYWwCwUppHhU z7aq-%=V@Ewj8=Ct+q0FXSIfVkMmeQiqC`Q*Bd{(c%3cUxi)ymcs(OkGJhIW0B3sNXLo6m8{8`|Z%1tSJMbrRU;>h4fgThJL2m`DkSgnDph!Xw$pQ;d z&j=RZk@!BwjGwXki+x;!l#Yc3KmtZUZi!XUoI+Pa$0BH_BIthqXX0Fyg~Z_RUuO7P zi@jW;5l(^I9~Uy``6hAPrBH?h>L+1k@&?{7nrclY-spk`-pO-q8tPbZ<~&DJ8RH}u z^~7CUL9}PH(rgB@Ks=B{kKr@0^VY24ZnfbHVDSp{HCM|OatxX|;hATbx5YE_^pY%~ zaDis^`kLC=YZl`ZLT*;ovwoPDm&p{iK))kR$+gj8zd!sY8x!7~C<(*e(Qds;G%q1D zzf`!$Xyh_8Wda@Rz5G1ea7GvYQ4^O0gJLVM!0+ z=D7D${NrcfYTFOMoWJ1F{@Qw?YV&PW3sGIk;8)<2=!PZ91dtjBIlWX3JWms$i~IT_ zMA~j~PBm52iHmr zd2upf$|3e8n5woZEl@ecdl;10=H;k{QvB^H4WLAor?aRck<-Sa zH?!WD!Ljs5|3fE zy9hEZGQKrCQeI17m>i#Mg)gQ^wb=x1o%9e=F_HCa*m~m{3&`Jt@aDtN=Mi9a)eTeD zw%sCIKSP82XqrxBc9jOK`)_43qKnIZ7TWT=fLMhf=Uz#^@EtI)C|!4AWEEaoGs&6> z1^y0(S1VryQDdQ8%*um#G}FL*qkjOajKSut9_EOClQA{}^!WCJ0e@)f)*sc4QLKwW zwq+?}?M=%`NDl4>sIm$T`8XMk=vEW>SyiARgY@U&_n$bw5%#EMX%{cD>%{`0cjziY8=f zmAC%$J7~1L*;>X%lDg|&9t2%!UU)(2miE6bKLK6Lnf!wVsW+A1_%NToy36pbfi~N) z_L4iHFV8H7@=1y5FyAVqq>2T0bjpugnuo@CTmUF(Vf-XdZ+@trmIU&_s|jEFrAHO^ z!ZJ6$uE26=7Msl^<{8L^!qlD@gsK(R*Ga3C)Y&W&4rUNov9 z_O${YdzUqS!>U4?sR}4Q@$SzG&#&OqqeV)tpDh-NVfJ6KNR7Xs?TCr-o<-XU66rSk&7AJp!G9vC8rr2SkX^Guy%WF*e2e(0 zm;WBYFs?OpTDd%dtZs<;0mNhO=V1-mC-SBc?}*H=*b!fy8V}7#&)X)SUbGs1^$>X` z96nH*{CT+M*`8S<5Cok1TaM~35}*rlO-2e7m@?pNkqpl(@qLIxxKCDjUippzw}^SY zQrYf9e?GPs)Xtuqopz0W6GTTq4N{0qlypqczM8qYRJ!nAzOzt%GJl=oyMfe5MYe8= zm=*BW+t>S;v@I26yG!AO=&uKW%{O>6=0IAdLM#RVgZW3MUenAsvS@|A^RicN?iD?@ zg7(VIAxWtdg?i!N-f=0%B&IxNpzNftc#q+|CA#ix8(kP!CoYQ6`OJs)iloM&Xw&{w8NmmTkr(6n!%oYBrB; zy^#Fe(>$BY^MoPU_U%HiF+**oe4IVKvxk&ZdLTONXH*G8S3JI-Wdl))@udhq%!>f@ z#TGXskw7om-#|ywMovjpBAtm_rF1DYvG8#Go)UthVckhoo%SNyB|`tCa_8L>yocGS0fJFw1_=0VjI$?elkf@T6^Rao8;h0oB6(z%QytL&WoPyJ!ZS{K_ z$#h&716v*$`-_)CM&C=;N4}>)Y}hr@bJ*gXbwK0ae`98I-J3fYZSZg$8(^3j!;}%rNuUojYW~-Fqr=p4Q+B@0 zbW^Z>qu5~pIQHO%%cgHKH}&iH6}If~-j_m~$Lw$(K(_6>&WD~YLqPqk#d|B{I80Ii zI|0&sZJaZF`A4Q6!kue*Y$Z@i^1Ou{NmLv@z&6LPG8UAfgHz}kI+wKh6FB1^4obZu4ExJh$8^9Ye{ z=Y&aF?y0=4xEcN95*4IGAq z*qU*%X7TxbdXzju{L?bc&p2FqOltP2`h6o5jp3!t#X4dGOhAioF8g~|f6ainspnVg ziOxkR+{o2Q6jN%uw!5!F68_wD#x9@UjbIB%M96w+PTRuYVt#Y^5B~_n4P=Y&cgu|4 zfiPu0z7|;&M$5dLk5r|I!@EW>&FjFW4?fViHx7y>KE0U0Z~4MdqUQjQIT&TS*^5Le zCT_ckp^W?}dhzqr%!)4Ge}wMBZV}iF0Q#2uhqk^=rJ2krobB+zYukU+>s;fJ!Q^d- zXh={o&wzg7z_3b>ST168xPe~Czp_QZSHH-(;QOw3`)^Ri2(l1_557kFL{WjbPO((VD!N!-qh>ds4zB+xJ=yWZB z4=zBCrTN9AZx=i}gkb5(2W~)|5Gcq~+rFEz@)_9I6^EWKRm>+~9ByQc&oF<%h6f$g z{3t`#GXJ_SH84M<_HT-vDc@!?PV3oSAzy4JvO6;ZZpyJnZtD(5oyKpTNCaQ~qkpv~hnSwq#v#h=lj&5Nszyqpm=S<8Aq^JKUvke*m7vBA|^A`RS z6(&#iLmKW>MY?D9?f3sU^{1^uXnU1og+GPytTX&mj^2ojd0V#?Gc^?E^Fk(DYVdUG zd^E7dvx)w`pYMR|_L1g{-pWo*WP&C2cFfC+=9b32%LS2nCh_QgX#BJ7JCYO2>1(C~ zw%ycmjsgSCA{sQsZ!**KDaQr-l&*sz{>cy>-hn8;7BMDpUu)Ja&dY*GmGaFqCfAo% zU`E0ZELJ0~DO@g}M82DqvcJPY%%kl5JOm*`3K}v;LO`-WU4DYn{KDzrq+vrn4!+m} zvc9c&K{+GZk{vGO(!cL!ETx)zUwdi9e`xY(6!%_~KH3t}C|S5VmKnv}ZFTg-hdN`f z4;F22%Uo$P1T5)qfQ5V^)BHb7k5{lqLIiBvyWa8@6Jq}kQW9_2P!^0cY}j-@Rd_!N zxOU#hz2=}N&3V-WO>VVlf{eaIh-8xZQ4qzF*Cnoi$J~|R9H8@xuYptZQdqx7n(d#< zX3Pk>F>ki zFXTHHzX`l#iN8HFcZpl-a-6enYJrZwQaj^FIb67hjxO~|r=Yt3I6(G8fUGYtP1H4CJmG>^ZTtvfBgHc<#O^7-Ap@rh|Rk1=p9$#+Q~ zUb1kFbRG@50;-9shdoBews|(x{@^qjGr##4;(JxC-&ghq?*odz(Xca3xQf@ON(PI) zkTwKB*S)ZlDyJUmp>%< zYUhcPb=wIe#PgenaIA5m0Jva)fiYXA51p$LVa$}!eMHLrNfc8jxJ(B*vD$#4ae5-q z4O#?qvk&Eu;%~M~B^*Y9hWSNtECcw<>|5XZVcSYE4J zYAO;MHO!NWO5^}J1=(iIS2=^#*|UQxW~{Dz)9?-R z)J4*K6g4qsyxUYTe?C*N0p{by*O&XqjcpBS{oU(r)}w2`-9pqo(|j|KJ?7UFh|z>2 zp46UwefsIVy!P6nWAm%=eesm$!xHmi7?Y2|)mp;L=!t|#@iShdtPeys%@M9Gr%l@z zvf9PNe2MbVJunj(?{LmsX0D`zZ=+{Q;#R7ZVVu0HGI z%s50dKwAY7B4){^i2{1Alf+weQ6knNm5N1I5P`DM7T3P9KNU6_z!Nssp8_2{>B*#B zh?X5$LHtcJPjTIvp;9aDe(%Umpq)uJmsywPJfb3l5lW34KT$Km5fH)A9!sw9oog^TM?_sImLr`o}OQ*hg83?N(o z7&PgX5d*4D;QlOh+Ah>>jNc0K&J$5?4@_n@M;_5_b z5^+&%keb%%hgCs6h{|9c{pxiUs z-P6~bXdWl-C(%#2zb^8fZNt$GT+VX$caM#l=9N6wnFKrh8YjJ(j!#y@Wyd1vQn!PBG$o?#rC^x>jL6`TOp*DvC9t5rZf!zFs;(-?gKI=i87IpdbZl*nk3qzI2DDA@>gU5J$ z)jEMQ{kZr%NIhgRyDhO+t4myZ=jKDl49HhYnFRPpLc>)Cqce(+Tsk>{|Z zN*H{R2xgb14mcm`!$GWSB4+r#^qERvPbpo;mvqfxV~!s*aKr_+{5Y|vWn}`mqk~hi zE52WOb1nu@*%}cngPH3ntpg(MT+Kb(6kD<%HxAl4j)2;7;vf%ad8LMs7 zPcX~Vn{aM=VOsS%&Ed_Pd$l|(eQi^BVbvP|4&1)-HXwLObgJ1gYV%;O^@I_nK>fuB zLtqe`QM~4?Eo=gPS-?CO}EL(=pzp_W*_Y#(cm@AuC+^$Ms&1^vs)A@Ysc+v;-P^W@hV)tW9@={6$^>X z&H>&NdqA=98$U}>y2NyNdZF}IN|TBtvJQAXc?kA*%QcE`UF&2+oYV#N$HiRLyDz*f zMpx*{TZ@Tgu0Awe3^0{Aij)dT9OsvE8A>YMcldSrF~M<6PWZHGFFv`;_3fN6T@@T4 z#o2?7wf}pRD4!Wi6nK*Fa{$>`75|^&*SL`byl+cFYSz@zq4`zP?B8=}P;*G1I5jw# z#&CT>?l)&Gvl%Z*3_F6GV@67`H>qokQ8a`dq?tXCQY43fbT-V6_@3kTUfr{eql&5F zbJC5qrnRMlZ`)U6qKFF%Dc;N_DZUbhCEvuT8611lg?mm-l`?#E5+-x=l3f(isBn}G z+@2$kd{?vAiyj|1cJ@qbgOH0MG&HCUenc1ruW{2FhLFWEz|xl7TwQ8A@hF7~Z=rnj znD(I2sK>A$KfvgGb^W;Z4}++L)#YpEF)h?O?eVRv#vgY78vUaW%2YFo9nQjQ4(;)1 zzrOWQD<1O1=4$d^Fye0e<8_~V9ik_w6=e%UkE^*fXU1G) zUV`(fdY;ich91fJP3i;hzKR;x)MMutU<9R;-y`r23DTEL;d$b+gRfC5UA?PqpZcF1 z=1%FNI;CFni>0%LwTyIFDSr+|KY`8g51@kmh=?poUmk6i@eg#1hugjwdn%ltaq>hl zMo;_wt~eZw^*RJKNtkCL*#0EfQvfnZgC*}(j3V}RZx|dc;qIpGweIg;9M7ZbjaSm2 z55+&szxa{D{Wvk!oJq!(5wkM9x1n?Mtb!53U?=*-3&2cyjJ#XwGC$CR_#cxK>{B20 z;`~vdsJ4$Idpq!V3jFTF9zm9L!S9}6Q1iDBx-_tAj(t!i1Ntd(>;(qobM96N91xk% zJqLot*t><{C4&W3|tJWi5I{0O6cB>f?jX+ zruxQ9wr%UHGe)Y75_Z|mo3r&TIU{}OyRZJx&IwlN-voQ_?M-&uFLQx=tr`&vqQlA2 zp_q{9Z08XP{N)Uz%#KA)QV(+!)+NT_rrA#eH*%SQ_IyI0y}vSMcvJhlT>uJ9nFrp< z(z`kx;{DL5Y%Nqk%NvP@MAv&=ff^R`RMg()izw;h^SqZU365{Mmzi`hKbvw*kag!Y zm5zGkUIBxgx;HNU_17Gq4RWFW);Bx~C36v1wP0CTwoBBANeet}r{u%hspF>>|$TeDYgVvq@t2&8qzEuJ90yW&{#2KUMSUOMh=Cw&BZtZVd&cr=~`I@j9&sCU9ObYm)lgF z(c@{%iapu%{oLs_54Dii++(p`;g%ty#3|7wojQUU;gYv`m4vL-+Yj%n zd988Rw{{O1{%me__+jN`cE44=Kp;+hw#EiJmHdcwNstePX03bvfw9zL*-a%&by{G= z7%yAE`;%lHU&R6$S|D$F&w|(4Jxse0?Ly@-VR6cR;^J#Akvr9jm2%X}D6bK388FOg zIkoKL02wb+hZfIBdi576ocsnA&XL>oI$zck>@=bpf&AE;z%x+(K4 z&5+#3o(TgU*j?33j~;G|*b8q3=3n*MQh)>_(1zDnJRX;-V7pk5T)OPlA$puYox}C0 z-)$Sjuq{K3^8Mn#1V72(Wr|~D=YYs{xegiECB@AOA~I%1MUni0sNI`;;?K%xdUt*+ z7TGdI#khuz|LWDjiMT!*yUi7G_4}P&nw-|WX?=XOeseQdd-M89uk0G>QuRWU|E%6; zQDBL`o7nt7cCl~j>;rHtfPOAmS$}*j_H=?tXTk75q4E<4<-=~JjeQv75N|Qc3^#yy zRJfP6&|+76oEGG<{LE8)6CjG<;_{|Jda=i@>r1PfNf}f`a@)6aDj@e5h9>;1dDY8$P_qwj>QcMZjrAV zMPcxn4cqZd#DMsln%50O2dQ$4>O{c-5>_L;9=Ry*^ zQUzWnR*R*6V4?`%xNSfaSf&kPm^{5P?Yyqnh_(&dPqq_gj-vtGLJ{Dm&kIw19g;Ke zmDIicP~3Q`9&i(MKr?yc1%f|{{qMm@u_;28@M1u5>@H!A0}{?ODV`gykCFB=HdN67 zoQVmOH6t)q1|dpH`OTfu9_twId0Xp6Hu%r->l%J2f0J5xBO(e^p~C(L%^jh?Lj_n- zl|)s#-3(44ldxT}O%GDnQZn(tBPKeubXIhCj0X8z)yBucK`9G$Gi0)cgb01rCJ6@q zC6W!fLIPIy6q-lSPRDP4G#IvPPgf|m)(J~1bLc)^dF=bSB?ui7`zzz6`*;u>gd!+& zD-5Kcm1;7HZSAA$CE_#g#t`WOIK zG4KF`-lWFV_!kfb1`0R)R4!%Txci10P;44`zXQ^eo&1~oJav2C8 zOaD0F-rZKPcu6)<6ir*VC4MD7hSIh*$(9m}U$(iA)bLEZhVIT_;u8P&_}d3n{(OvQ z+L^u?XiH;|{_-+`fdDVOgXDp{EP-5QSx1sQu3t43VpUZ@F(%5&ol>$Y&LF|!(KhswE z9lS!4+$FGDqD-|7DxCB(;K|5;rq}6 zbfH3XSLNxbzAexXg`ZG&xM_rEvR$DqRn9$EFu}i1+)s}x=<~I7HCt$?zvzl-W$LGt ze40Rl#V?Tvrq#@M>!KO31_nyj5*0g}LUts9762(1emk(jkM5@HXzT^twUkh7M@+p! z)CJbx_UxyM#j?kioM8A2+Dv#GQ4O5fk=hJ=dj49t*}s7_q}#vrD^X@&#r4n# z&DCe(E@aTjw#*mP9^dm>ZyC{@9}x56N|4jy)-0{!$Oepmbt07uWc)6xfZmKvf?Pgs3G}wHJZr#li7fRQ|fno{x~Q!+Vsus z&^*f;7}5VjGg*S=U%g!G3lGMZo!|LLHp7TyMop?N<+nxKi68M@Z+!m02Mxeq1Og9Z zW>?m^Ct5wQ<-TwDVD^_ieI;xpAiF%)+(!i06lU)vNW6z?mfa#I44@iSEQ?E$~`@s_LQ zk28*kRYoE#*551j90dMoR{q&(Hc6zu^3xe}F?H*Oo$v;2V2hFcCH+bhpSO!G*j5#R zSsR)qiwtDQD1apharMaVA2$l*hLB z`b{mGvLwE;(G}A+Rdr?+Ft~(E;T~JX#D3a>T9bnD2q+OAYFT)iy^Um;G-Ve9qV&T6 zX8_W$599^t#LJ5g}7kb>fI0-?*UJ&Vh!PMb-1^R}6-T_kQiggJ>tNFvdV_!uyl zbb108?IA(3pP^B9Hum`U@zl2LY43v{tq&*PAAN+{L7(f#gA%u~h-y|H7#MS=?{|&@ ziEw|yyOSCMy~O^3m#u10G()c?$%d#o^dA%fv`B&+fqf9`&m3W9yH$NQKoL5tzE zPR+4-7pT;O;pnFQ4dN}8-$UNmQa7hZLn>ZvkWV;T<>l*q;V_W+c-(oh+YDm$;Qc?| z;tmXY=z>-c_4(grCH+`$5s&)*gK6g_HNeV7=_e{#=JyVYw#6_L#3B7@8Mf*6AJ*&v z2y;N1a|^h5J_4Ti;vYMkIsjh6gmb#deBm0(G%$aC5OnJ|Y`I6;u*tub^cc9N>vsj- zlg{;Kc+7>6qzH!!xrbz#{fz3ZAVx6ob{-fmwY7myJz@AU z8pmG~ai#-Sxbc^(JOl_OYI5)Ax_0o^Rw#Uf!D**Y-(8H)>{Z((q(y-0_(&k z_n)CQc(p8jWO*+QAA^!0OJAQ4r~p5$@tPadf}Jd^dg2<@BD!X31>84SlDK$+c8uQg zWf)Ru$3}gkIpBxkp7hCqvl?hSzJiR?SFK&uN!e0D*O`SJlJ7y=0%pJ49vRfWYLc^$ zGbMr;PXhQB4O&o!^Xty%?2TO%g`q$1Zqs^fhTgj&V0t|9W=M`syj|! zm<#Xd*l*!#M;6a~5gNPx)V`6N7B&i;leUASfs9Y>RFH%(0mhpj({iow7=*w;8>bTs zY|<_3x3z!vRc4B)(-!LmLCyDqK98-WvNYBdn?SYclmo{p6ZIY@`@71pruv0wwz_uk zPduT2Wg|lNj?XUYry|au3P$FuMy&Gq0o4K0R7<>1KJDTk-NIR6RBVY=H`^}$GXM5+ z^8y$rvp|Gg+4fVV&q5h|88hwt*8XGU$i|&JfE|nikra%A!Cf>88Z%%Oz|wl#DS;5K zZe~M(95@&E04>Dyrf2}@s;b{?>nvxATx%y-l-J<|6<<^&K`QF?t-}GDG zCOL-P%15gJ>P7mC+MBaj&nD(zwlUO7@j0+sacvC_4t-|Hdys@-SLylWXNM+r_PT#U zRtKJjWH!aSjst|p@R@;ZA^uEaFja?#UQXYJ-lu2_n#sn`EF94jpKJK~@+utX{z1E^ znYlp3^fZcerd+x7{kP%tS3C^6Mp3<#UsNQX4*X@C&nbLtK>}We-YBs?fM|R#%S>_# z3>tFUYyqzbwISg{`g+Z&>Em@tJ?2uF6Aq}Lp}e^6%C&_FV?jv2E65UD;9mUZqW|<% z_+iKLTfZQvafXh@16Q0sB=c$>QG)npOfyRaA1(drca}kPYV1kFgL=yamCe`3Cva(1 z2Ri}$@wp6Ep30pXfM^9dLyz$hQk4v-tiN&XlO;PYq!fB!4e0cR&q2_ToV5v7WHt97 z)d4D;<3RuSk)ps;WuRALM>;-r8M6Ic*u@1bp4$MJfr{kXR0Xk&wL>2vhmIdm$@Ig5 zmC^*@3m9Qq7*3$dfUw6o|Ig|C-Weypstu({krps6E2v8jWvhO69#cKUtV6N8mxcwq z6KbUA^*DSOE##4G4nDfDY}=pEHvRhsEP_on6b}?|MYnLnn=6`Q@KRLw#Jx=&U%x7B z{M`NYZeyf?{R+kTiogf|wLxg!n{Y=m!TtH{Xt~K%#Cf z9LD@*Z#PKXtP!kGoHWy)84LZ)vL^yfGI1-jLyr~b>~Vhm94iKbhdR&jsgFO3F2A4| z=H9>+x|1;uq^1^F2XcSt63nLz&^(#}`c^)9o14?tR>vE~(S#1ou9zIeIp{x!z| z@7ktN2}!>1h__CF34pTondo;w^Va#3VE6jV<6*(6%-uZM`PSAcBF60fkhZjgEHohP zM&$ddF@TN0FVWwG&JH8D@1Y%O4p<=F%tIm2_sjP^F0$sP4^+YyM^F?_iQUasr+BeWC{yHKT(OTqYWXLMru{$*}wUplw4(~1Hbm&~RdD)sy*95>CNi4FFq?y!)F^lvV?%p?4v=^3vM@6I`sSjwnn7J_Q zP~83ttk_=1xD&oHZ5PXJ^l$5fSB|Li&x6qM@L>a8{(T+W-51Aeti<)=AI8SU3sDgP ziS52^sCcX091h8|{ zs5thZU#F@xup8W_*=_(ayJ8QvcUKo>fWWPK+8wB;$-@+J2l9}KIGp<^#=bPwI{){> zGbEAY#V%+$r)@0y7)4`OL5`Lnrv0#6I1Q%V{J);ZYZDw{G$6?6-exCY%9~&P^V#-3 zJOBIHq5ECzt+mzsKf9OImPKJbXd*RSQ%W^`@f32&s4=u+c0ws1;GySgr%RdiSQygN zAQ>n2Cx>9OaKPyI!5WaSW%9?ci~-$a1Eq3V_G5sryGs|I2YR6*FxBZ*s4}7BOdXANIisky)+vb(EH6>ZgfA@jWU&7D zitpS*C%4gm$EC8R+*r5ltGX%Hk95CrKC=?+m?KB)T?{WVLJ3FtLIpddy785Mquf^%5vq>(~vUcETu5>H0}QRvL(pI#fbe z#H|wN2iR2d_N|0tZ%F^iZQ;=AY8RXLE0S}uwlomc&x`EeOtizI+$MBunULYKC|DLd35dRwWe3A02 zBaO^|1M^$5+Am3o6#mTSTz#WorLW%Vlu>NJyWkd;9H$7QbbyrwX=rJ4u3`Z&FZxyh zSDFZ!Fy7EFp8hMd9vV?1I!n#Rm!75bWB)X)&Y!|pm#k|r?1oj>tVy0<79V9GO*f9y z4{5|wf&1a%YD5udQh2eEs@z~K(fxB?DXA)jn|$`N2mCzyk2YOaX7_$bby-3-d_p}ChFsPx*J**Piikt zFY13uQNQSme|Bz$_R}06=&hs7lIC`jzm}l zLGd|DE_)6xlm~3>rGKhYgVZwvdbtpt>qtCEPV+Eg%q$V4`={y+v6I3^eO;ClQB1AG znc368sZM+F;>~I};27;vyHE+dymnhzg{=5+prV}x{jRl|Z0j;{e{s4@=f3<5QngH- zBPb5UMWcH^Z2PeTrJHW*=kM#;gUaq#cJlvD1Dp=stVOKJA6hVRV!oq;pksQ5j7vQ1 ze+{Cpdov~EtnPv_@xD{@(f;ov52MbVo`RdopnV2iJpPX=YEiy44`SOkKMeQ6RPOKtgSsC!GwVP!^#(uO%AgCLe8>pa9%&JY_uR2<;wjp3=)KH-zjIqB^CnxsW#kk>E z(d)lHTX%;X_-p3Bafn_0s*^`v>*or3!JHZNaC~pKaQqDv&srj^z2^V|e8dlPv!sKu zWs1|1zm54=yc@5+qV$*+Lar`bME!a816QzL=9W!WG=4hg2}PGP;(q_3GQ`)6{ggIB zBhyi*(GG~`bb9eDLv#=mQKs0sbKUXY+q=Od_{nCh__v!t?m6Fyp+Rc4Zkj!3Jui=6 z-Ii6r3(H$+a*n_=R$%`7>IbeFiHLw!FyotSd)1fvvcs48y%jXp)98glB~FaIFW?*r zNruz=0j+45CT1&Vfb5nTBI1n%q`LA~+*Z}6E}l2R2ZO%sMCKl0Luq#z(K3PWstPgN zo2*QFZ}9(uZyTESOX_wITiaw;C?Hd>weS| z2b7}C5Ag4wz{JeB5REAxe+=32Od#F{*)BWq4uYo9-21!bl-@9ka{lypJ#ujog#P=$ zlP)dH_@QD-TlAkiDJ00%2nE&uuWy!NfkxPu7+d4+(sDCqBOkrm;$fG9xY9j(8_cXs zowAPFGT8oUt3D3>1k!P1VClzGpl4Y3>&^oF8?Abi$X!Tu1e@(QuoCX^2$~izQT3GF zsxOhDr$}Jzh7b1uK)QMpSBIRC58(e`4zsFKNZ8^{-m(c-H!IEThCFJFnK*AMar6U| zkMT^Ys|47hYpLY*2;EU*kv+M`eiJi~Qr%}!&{!jW{}y=gia0j_(KP!PcLiVo<#wX! zV1MWp6Xthv_y7~&XfW%DiFGSw=9&nkDv7+Y!Vl|Zn@LrUB4+Ad-9?tR#Vux-f%yb5 zZAI5x!0~(gM_4beDTIm0;cvlfZSM-zj0SF~NvR=q-KjcL_5PR|K$CYstLXY;X1FG8 zqH}Ec*qIoLH8B&R4}`lf_tUA2&0RPZ<|QP%#SQ#(si^d z{q$)gk+z8>v?T*NWaI0F?0t07DP>OSln^9}uODW>BY-wq`4Jk~e3CvtHvK3{cb7$XXu$%#kzT44kA` zD+j`|(aaY?!?=)Ml=te;1AI}%7jY<42?SxP)=H&>i26D-ROcwuGnU*# zb_91*pruXsi*go*FJ90`({>spROp`^m~AR}$f_eWzE!Gk1`!?nWL+)p38Lp8qSibn z9Y(m~8$PyQ!50CKjWK4gcIgyxg}BOFii?%`bjCb~&k3G__jQqV)~%09#pGY!oGNz_ zxh0jRqZ%*vC;=Bz$Gc?-agY+KkO{9yFvsc(%Osw{xe4TNQx-|Gww)}H1VhssF6CEm ztlGPLJZC33!9Q|ps1Nlc@GViDOE;tXOD8zsLYgi7Zj zAyiDO&Y+;EE2dMtG5w`}`g2fb=TcCFqM4|X# zVy!r82x*#!U)u9{jl;vw?Yk(CMI}X|h$#0BiY0k(WCDbIC=!$(=dq6wfB(a75R z*|(bUC}+wg;wZD4<_m)VdD34;1w$n-3zsHQXt+m9n&Rf6CB10rA|S5=*>zio>()~W z9cK>~)O3;KeD>Uo+F?DR7)64Zc`h$=yG6}H7Bj{AIm{Q|X`A``>{e+#u?@cUFsgBmqM9gmedv;f0fX7~`chX&eDHg)Ic(U#ocg+R ze>AWQ9Bgzhf=er~I(sKUgtrNVqfR2%3!-NDBtXefnG8`IppN|BVE=9!4;RDt+qW8+0$nE*KI5nMdQtJRr zuFb6dF$`B33GDO0J|ulQ1^(FsaM5sri)Mt=PTwe2)N4>_{GV!Y>3d|pf5`4# zvmjK+lhVTVK0iC#0Ypm0R(50Yt22#cxCEoVgDnSzYg>Q-i{f+z9Voc9GFQA zQrvbP5wFGi6a`z5Q{n8vMKoks{l6Pi(H%{<`R^7|Fu0*N9X2pVk)_W@3jC6H7mAwj z7@85RI1s2G_Mxt%?jKE`kMMhcAEA!=JH}71C`$lgi!biZ_abj zm))4<(p@yBR70bqCV=_9+?jbBp%MCr<;6$cNtV3fg!mu;9UU6GzL%^BIluE@iz5B= zU``tXo?mCFdcBX8{>_+pi#s7@R>VDd>>k++glv0@&DgtiYn!;L%Z&@Z#~xK#ZDAc0 zXGsBz9v-`>Sx58a3v=a0*;nq=+MA^_Y~T_KOog@V8-O{d&sl;TK5$WhIVXe1V?OO4 z_@7}#=g|Si01q3G?FDikuI<&Z30WOT>Rl7_ABvO*bR_ffn=51#l=qRY=0mbp_)kEg=5)c-&ZT> z$bs!q9*l6mz5_3!aVj<=I?B*fc0cR(Se=qrNq}M~jMYyhsv=@vw27dBi+&6M1wL=Y zvsJ2R-GcgNf}5Tp9)ljIO;d6IY*e%Gn{dui8#e0}@$-JC?(u-)@+)YiBV;}IpHjG* zBSHCw+_fTl5>WD!V4Sx=+w3^gW`t2*Z zT{XHCzKT$6X8*;ipbMKRrI~|d4jdi;Ey*W)aW-Rq18)K$#k2k;pIgW4#fAN2p2Mqs zhHCok1B(8=%I!_NNoG{&l}YuBa(pcRVL=DI0`O{ZTKPhZ2!=~AdC`dz>6be>;s=>452PPlIf&s^-&+tfL}Oc4n@0E)jI7nro83>%fH z3V~?RUPhKJ`bs@$_zIFAl%OEBTp<&?_qAc*W;u+JH(4jmL_Okq`B_?xTK+g4#dw6PccX7n^X1il>-2<@5)Fl8L)6 ztVpurjs32_MO(>gsT2sRCXeEO9Ym1?AB!ruw)8#{tnrSSkk=w80y8orwHrRGj8}+1 z16U^bf|BdME_$sZC(l<)gYQS-F%J3fss8;PHkXOy1$U7oQH|#xGNN>Y?%o_Va{Rd% zwmF25Yt3Y82iBTqxYyL5XEht1UYwUVjr+8cg+p_@c{x4$0fv#IdEI~S3gm$XN40U^ ze-dx}*3WA#&=!ZXZ%%mcA7&K@C1(ysthWj+ugipDa`ZqlEb@Vp=s~C>#L{(LX;QMI zQMZ`!-xGI+485#^4fE2sMzKvGIIqsty#8u=Ov{3kCQaZcC629$%|CwBpOr&?F^-GV z?!_q6S4Y!U7}fc8^kd?yk0n~c`IT#f$a-AlM1_98T#94MQzs0pxVtK82k32%=n(!* z`N!9RLJLNzkI-gq@uMB}yy~KeX`>kBC#Zy9<PluLR|tS^^-2!E-)`Jc}> z9xamR@|}W)HG!EvDmS~4{o}w6`lr4h@0(b&SR2VOcMR?gVkDxG^T*=n5W99v3!5OD-7KUnp7as*UB8G9xY%-U5=XgBFbslENxDgki$+YV!1cwvGa#|ON*k`{u z%`u&`!OyHyZP-)md8ASI1t{G)c#D6T}f(6hV z#i$DUE~gqAgvb+@fqZz+vwClo;W%T?LiwqJVw{>;H2f4T;Ob{-_s zv>py&Dmxs+ey7{WoooXCK|~!R7~c7Tqe=egwZq)%(-zx1t}ENn*B}`8Oia9kh9V*- zNyp1nwUfda>)(aOb)fE!OUlmn$yJr{*vwH_rn1oYp(ao+byi~_GZshxb}-4`p`Q9L9-8WmO-|Z3*9% zG0RZf?wWB7^8D0VFe7N8vG!ueamq55^c-`jn-{hAtO(kY{#aT_9ee`w0#_+pdZmhr$H=0M#@^gb{WKunl@o) z8L3k-s7Mr5SU%spUg*V-UA9Dnf<%y(SnUi<;gnZFx)NPh!u3u3vVWDqLw3@Q**qJa zVwJ8aRf+DH>a$nfx}TU|G^`_LCN`o%ELXj2^B7Rg@Ke8}*CeJ#@xhKRd* z%}!OtXf-LlVDsOiSJ<2SGJ-`}YXRY_B_+JyL&ESNj=mVLP@#OJ5zR3?ZAo7YTMWfs z9m+k7r9$NL{rvGCmypCCfk`q{Ywhl!NVt?J1ljCI5}5i^zrHmyG*f9h=lmWCtrj0Q z5YRNz6O#>ap5pw6EHJ#U5WNJZJwtlXv8;Ki%nb0Ie&ju(SpB`!VtXacSo zq+R}12WaeEfXadt;*t*-I`0K1ypS<-mU-r3p}rg`r`tg za7a+(Y(Mv{@HRqcv=GX9rq)aoYyn7)h_};MzE>%rT4*9WA#>&8@xbQ_|I;uaAC21c z+!*_Zz6)U>Y)I%;T-N6%-<%D^uy6R_`Oe&1iQ$ut?}a)1WA|8`%{qCQB={Dmug@CG z_v-pQUdC->Q4%#&^_w73`fc|%I0mWvcyQBBnEHh45&q-J%%J+jDq&65Vk*|IQK|GMsWr*0#LwmB|8%iWMU zSJ~9yqx@L>Wr^WrLFZzt3gQ9ed=yYeLoYl@EjH7NgwR&g5GQYJ=V0((bc{M-5wfZS zA3GJiDUL0BEzVU={zd0fek1;z(E_<-{sSE&NJToRF^=utjTc{0x;dR|ck15e>`D2rE#FUs7n%}`G(d!{gAidif$O?p;X z3J!bvBJMDw)foHVk}EA4i#BgQs^g6*#It3*b~?#6W#x&3!)5CL14tun1Q}ui z!+^m&)@!0d4P$HxjSBG{P*yF?UC!{nKkoY7ANOCO@E@6N9b57qR8h1EOe=Gf#BA5p z-sn(rN!6HYrTpT^Xx+L5tYQXDj)@+eE0N^(iYA$2@GI;gHPDk%|oFh84s!D~U zL%E2atE>)trEeMt&qS#jDy8Bum5;(Kdb7N{hnq2Xu-U*AZD^p4Rk)`V5W%HaAnzYqp*0$43b7HAlwCAvb3Y@pcZ z=N(fRfAloM)sjjIE7b)^GD}iEJ4o&|Gfoy?DGfKzkCDa+_CGgPPbv`wp@o@5)u3LZ z+hGRWub}O0Z0RQY_Pj(E>myGzWh90iM}CS0E=uc6$n|yu7{-*OhMMZP@R;jR(T$kh=-3EorN; z0RqeDO`BitVF#Jd>YrsTf92`E^$71=ikUPfg!##0`z`w=4OW)BQ%*DH!pWNm1g5fuVzGTfhImiW!jez*=FNLNwj9+xW z@@g#7OR-1GYxi}rpTe{@kp=Q@o>ob69Lhll)A(ywQ8t4Y@6M#|17S>}FzHwjaYO6A zJIRP_uz;Zsim-T?pDCu!&vD^{*8oUzfRcrih;3G*-%Dn1#{b)g@rkyrSvg5NLeJ192avOU6FF_?^_SojC~;1IHx|+OL~_|~rG&>n>2lg)2zKlhw3y952UbCR zOvq&`_#&_%?Z3sY2b0Vl^?cAmuV=9ELb%*9VQhLEWqu+2;y;KvEc&@9VwsCj$i#5^ z;)tU^Su>Y!6lobQvOqoR$|9sQ6t zi9yS&W)IAGoD{{6p50?ztQ4F2m8T@qJU(S2E(S~|YZ zf@=+J825BH6xOHiDV9qdwgiIqTm~%RL$9XuNOjdTfW)TU3Gz&PenMOxA*gBP5jv&% z1v1ZVJaIeT4+($)Uvi(MUOhOCJXrfCrs^LOFrQJeJ&ruzT`OkrnHSqg87W!}{) z%4$;E@9}ubh0Ng}2r}sYWIf3?VSC?%*=Ba53x}qIsQD3=_ohd9oy!7h?Gr*%>!tRX z5J#T!8z?+vHrfxhC@V1z7y>|5u*-gK6Ll3Jv`_%3Lty`5$@2Y+Ih)*=`lZ9ZB85Io zG1&PK<9c~$Qo^|-(+H|gqx_>Pt1D)-8t046tgXz)pVY68&C#wP^V7Q{$Wc=6sB-$Y zk+5cBSk)s2AbsCP-h}%TDS`zkkiS7 zqC2n>M=%^e;`VOUuU$}&acwhCpeGUw^Pe#Ji#9rZesSgOj!i1n_hqBxAjOC!bkJQ{ z*;zZT{+ebh^Ktwgco*J3F9nl-oo(Zk$=dM3L?2Lx}PgNK}ofRL?GKLMVc? z_pbvE?(f&|wAyR}(-(bB5dzq5fEi!#;qBSp#~*j+?Lm{bLV@k@k(_6>&Jj#(S2J4_?T>uW40#>_4+#@! zoVh^~=e3U4QyV~J1p}g8rn2)W>FIyCy;9)CX1Fk0LV&Hvq(9bW=z7tmuHu^gp8^fY z8qk+PV!)um+}9R3G@EFFLS?7aYWtP?VADWXV13|WmtTj;CBxGZ#Ui?x!o8gayj8vie=NeZDeaPXn=0;$wjfe65*8NG)N z?l}1(sJ|cy+cOvvB4nvSGLpArCh-<#cM%8)pOvQL$Z~)h%Wo}&%CfqN(qp{A%6f%E7K4XTq^-WlLSmJ`O{~4`EL6yXtm_378VHM7bVcvS7 z$+`VUs|Fmc+yFQn3>$rF7IKMz@kx^8(T?A@=)x&vNue%^Ee|+6_2Tray>lqIx?#O# z_GuX6Lb48Lv2Rsl@f2|7dcngbk})i|GH#W(p4dL;B2YA2Y&wL$MRC(0lPnZyXtr2^ z#vrY+Z&(PNK!SI3_@Pwb#1DUd;04y%w_hL=N_P+cZ z)Cyvtz)EK+{-8q7Sy9{B)kZYZI5kYMj7Yjkg-dLpe-@&6=wXY1%0T8#xk74wEchG21E>QR*~h~vCj6Xc zTa{Dd@r5mpyjZ{Q9t>b*lfPX;6(R=R-=%(p;?gdZ; zR}o-$d;M-iEVQ=ozIJF?DHHA4-r;)}2XRIF6-qj^E8$p?rt}s6$(s&dISbn?u+Nf*~^Q&7H@w= zgyvk(X(PuoB#4UrM+(6%{Vylyj_W@_-1-#~TQ(p?2FZDK7i?{L_#G2Wa{uGD{YePB z!K0@y_#CHs+y`blFt;(#%Gucf2TGQ0+D73EIDEI9Y{RN3KR=_#G>r@unw3f+azlv_ zy~Yhv=IviFsh_oi)bKwugmwsrE>!pjy#pO$e^(Z=5|XCQ-qdtNFP@9uk%PcD`LeV; z_E512cXu10ykrOsh;YFW4X2w6i`UJSdmFsjXHTma?xc*FY$nzO*I!9>iQQ9~xEQJI zkgPv23HMkj5nG(x?{YH%Jvdln(){w^`vc*w64KCR$Yz>6>dG3IHM97KQcM4Xhd_`! zvX3zm^CUA92>-Z%PNNiLZ=-OxD42{bdbj^_bO3Wvh5}i>Swk|Zi<8y%$T+Mga}1o# zE|Cp!BWbF>xM6Y6-U~oNYMy$$>KE*<+XiCrF|LUSECBnWw56iCFoS*YS|qgxW12r9 z#G%-4kQi8>UY6esn$m;;=qBar8$KrS_TUuRwt1}Vl`j{Qs=@*<|Kj1m-AZm6Y1BMe zp5)KO?1@paWbkS4Wo8wDi*(DE`{?9i(41GBbUwz;RW&UAM)j+TFG!<0;Y7{J#2IYh zs=Klbp|EEL`Ku*2ZDb)e6CyR>lCdwW_P1KH7RprhOp?0mGPDI5H}9BASY8LhBuz(j?(a9(wJzHRc(qoWfoDI(Yh;I2C`^o?4bahG0Ki8Oh$;tm+M zh_@3J{oOIJkbo;Px0c{PUNr`-=vDEbtCQW&t8cnkWOl8AyrvLzZ9v3c|M^$7LZ}d! zqFlj+dLB!baXl^z6c$j1qqVJ9>3`_yXFz$6PEHlsksjjv{zzz z0RkRvjDA0A%?gtqs^`q8bCizHYhINbc+%ztHGSHj(x(f&7PJyV(2T&X{V)sVnR@SR zA(t!{&jb|e{srI{-M{c5IY)s#2ADO(mVD1~p9ViyRT$L%c;T6DIrG0I3BG?gw{OE$ z5kA)2#_sZ)P%djNCRJh@x#f_I@!ylBqp=UKD}7FS$$GB70@wWFTQSPX?0M z|L(>}OyTxSDv0oYU%ppF$}_i1F;tUS1q~Hu5p0rGf35M9>c)T>cIPT`+N#40 zsN)5?rzVaV=O02GHC3N4k}OIQ5)O<65Lra*ZCXij^3XqX0Rg2m2mc6Oee@EdY_ELq z7Sl;ThtK`^Q^4B#WLJAHhVhfx5SI)RF6HM1BJEx-*bho;g!@zY3W-dn`ZWtGyhFPV zseHf`uWqx?s|VjgBj19ZFogdQ`-f}kcifN~pw?^J$8h4`C(QeQD=G)wbK%^<�FM z>q#5)0JSz^!GHDPibWUpa!b4ah2%L=D{Dz`qbGNXVA~Tx`VP7 z5yzcI!X$Ud!1ax*o%EJd!8^dA|95|Ey3yYeUXF!Tp4Hyz&H-+-^smzD7*xl*aAA#{ zua*C1`j13^2&iS|N(e3a{kyN=EsuN`g@=_+Tj^R!&ybtxewAh$?VY2z^j!G7DlS+9 zH{VYHk`p*LpUe$BQ}N8p-IpU+0g`|Fy_E=@z58^n2$C+Jd!RS7sZFT#4k>y4Xf2RJ zc#QAG+W);_18ps^pu)p}X9J2eMTk-+I;n_KX-5PodB z$;-YAYVDx`0{ahzh0oN2?lvS{yu^CAVb(ganttiw4S{CPo#wY20}}WdG5q!UWo(GP zprMf%-5Ze1!N5q*Q-$OTTH|#Vb}3EJDLi+3xv#kMV+dlP<3a3Bmv3F+g)gtEl~93A z7#k}GN%n`2A6u5w>y!*kolg57@ISDgbON(`E_{0?ScNhBM8Si=gXmb1GukwPjXygo zq(7wf)vn>QcQmuXd!3jn4)pco6*<*51PreG!{>{BilzDcNurkEa0Htd6Ebt|D&DPr z5i9PsMzME^oNd8YVCO^iCUT0YWdiu;Y%9V72Aw`G9P&es1Cgj2OI8ovs7?`10V_yp zI8;BEd&i4fUB3*p%X3-4QQR;hiKr2;c#g42@^i!ZFO`AO(Ay!@c8%?UwRL&Ba=V}- zpjlIj>6hXY0ZR0%IvSe0gS%TU#H%bnN)Lr#3-5SBOh;?9vAB@usU$%7<>DwW;mS~i z788{3;GzD^8%=o~%<-0v4}U5Pakk#fO5H6k4xJ}DAy)JI^3VRBBWyHRVzX-odfc#A z!O#P&ynoH_&k-6mN54lD@9nc^zqgVe8ZJMSS`<0JIE>Kz>mYTYX$O=zmVJ?g^Mkvf zyb}dJi#@X6r}7$0OqZZ-0q%Lv{der_oUSqB*C3FBRdoZAsE)90_0^r*O)>$w$9No= z5Tb_Ew1bSvnWLj&kU#-^*YckQdtBoJD8fH6ThQnZKiQh<570&kXtG$o<|QNwkU{7t z&^1AYQ6Vn3h_UD{R?6~A7xpBgXm#(3dn=PVTS955?6zL)Dd`pSml(~>@wH+E>EaED z@AoUPPS5Pl>+gR;NR zO$l_uh|qbksIF5dZgtOrB!-X7{pYE?QM{;E7@bmBMl{gm43SolJ9~jEDHlDoG8;UZ zD#Jc0F@+I!Pu$=EM)z#3Nd|y#lu)tXzn(5|linjces%HuW=LV)tADMyh^wRfxFSeKwLIM*q2N=@amIylK)$*vn;i*?^=gzACg=c; zQ8kbXlcf?0+n2q(xd8QXP18*J-{opV$x!k_=yfVCvWVYT+yf%8t3OC;eneYN1aVsG zrE0p~*|_qIc<0XVyu)%y# zuwvuR7cXl({g>u6^fm60ZTVsM6>bq4Ev<^h{-akj{b260exd?4abakO4#;R*^!)5# zFt2O$LCn4|Rd zUhkLY2i8fSW)Q8sPgMUIOD2ihIe6$Hv}jPzy}9M9Z<_70Q^>P+9?X7-`L2@%yo^V` zrTLw}*kohkPD+;Fv*po}IbA#q6isxrSK>ya zB41m!+)eb}jHNJImykKOhn~MTfhylo;{$(iUf>+WHn!7nKK|QA%)n{yR*ih8-q82l z1G|tKM#hZjAOxS5P-C~Uqb0yD#WVBh_k$W@VfYVZWHxv^W5#&GAa=rZb0R{yAh@IH zYZ4h697as~QX3;j+cg$jWj(b65!WSBnVmV`|A++DK1=kuAC=Pc!LxbDJ_Z0x+`pg#_dox)dbP62vs0zqyI$1Vpjvue$hh;EtNu%c{x_rRrT=K#VZ^nt zSe|IA{3-7+L3~7h295k>^7xgMDI6P>DN5%`>T4v zy*6$`*cdQ&LjNPGD`Mt3v&hm8bb*O9o#xj*$fU^~7pk~R`16Z1yPJxZ)x7}`l<~NN zoHx_zK(pEJ-|C9I|9XNy%uaTcLwCvH_2_e1FxB(GDEEk>q*7f{vfm*~?d?cILVn;^ zh->y9Q8aGie&C57|18RgwkPo&_@xKvsrnI7dUc#VB>58V%kz^08+p*pR&$ z*AhK7wBql=iyl(J1itajwgo7lqUNgbgtS!x5J_f@FTl1F;{bjjd7yOH&^YLA^oScD z|BaK9B@}-j_WZhwV5W90#&)Da85oB^urzqlfbDXs8+afp_+3Egem-N{ z{SBtxJI2wN)l^nXr?}W2e$RoFiig>gVTMkbltakWh``@`L|sTVBtCXgOs!BawN*5YF=U@c7J=jg`v zK&^ddFacwvcMm`Q12UdQjm1U*FC>dX7)E`44L=t70P5vy%2}&9W~I~5lwjA)ZT))O z-*qc9e!!PiSh$JEjJONDE%HRho&Bja=WW>JTjxU`TyFguX~-@pCIfjF|MpNi@n5y( z9vsDN#~dV4jJg_KMeg{`2beof(Yl=dItYY`3R(@Pvm&%4`48g=l-5ti;ySTDt^7*3 zx)pG7U=53PEiZy36a|qzpmyRETsZbzy_pVLUZCp7Js%=3odBlUUs3;hC%;ZzA!J1$UxUiI{(zUXr;=rl+!lj?LXWvoyTfQ{tWe&HJ_Rk?astJhwVkGr;U&HSb=~^^B{7e-4Pf1R)ag^4p>GG(;tZ&xY%QD1`5i8gM}0G!q=U zum>);0UPTX&Usb`_cl$Ih>~OaGi`)u;PK1p>C)y;I8lSaY5Xp)scaEp)GVHudQyvm z(#@V=K$pG}%Y=y|jAD)1W;#cCM=sF>f?XWj8R^v%RfGj0IifB7_YZ`EDPETpL(CA7 z4|zSP}{^=tSI(%i(Ll#MDQ_?+SmiU>eI@S5Gdv!k<3JpGG!f z_oT*l-WREZ5DnW&24Va8xX_uy&Z;Azeg^d|=(cbP>mtlwFPXu^MUP>zF6fEqy(?t{ z`-kU=27q(-%zW+Op8qlts}3BY4S`1sTJ1JZzLGv3W^JV&_!OP(wMk;Kj13V`_>Nd$ zVlh-GWKu-R{Ta|qB<*a!!L0JX==7UugYPEA^~|_4hV2*!ot~R>_QrxwCh^QGw_8v1 z2d`MmZCmTnfap@(P5xvTFgD;NgRm5uz_WP}qBW1-(MF06)dYb}!C*cUZGUEm120hc zLegXxX&%xsz31oI%oVI?;x7Zx>53k80>xz>u?8Sx(anDcL~RX{PNnL`Nsj;?``!u5 zxZbkgKLpK@GbA&vcL;_kRGpM7iHqm3{?^(*syyCc&F{NBO?Bm}qj_TXL|;W-9vO_` zPuYiEP-U))b02w*M&j(7Jk_$5i@lZL2`$Q4xnPwWFOGt0XDSbC&XQ%9;bq-Xo#OO! zuUdpWzot2==xIg^sY%JrH&}9b0UqjgAA_X98}p5(B9URqS>A=gI*IV=R8P6t;nr0r^ksnaSZ$1Cj==fkk>qXY*rb7I8~ApBGX!3z_4i>UbJKRfg$)1MxM(5V3Ix4$b0a6*KC z*;PPwN*=!(Qw6f~;Z59kH;D^)Q5RBagu76eBi%wKvLO#ts9=fyb26+t#5?@IHTv%D zP*2<9(vnk zTq&WL6)>~wAFlAohJ{Xoxz9ScF?8~H#U~cfX<022zC&c>cfZ#8gkKl!K-+`N_ zN58t_8Bxrkk2xrN6IieJL|zl*{g_0D!BakIY_L>IsLGAuxXrg$n#>9ho(g~Zt{xMk z;)(`^avC!OoTY}>Qd3TR1 z0DB^=5VnJ7|3q(Z*>(QgU2SgL__e(^ZD5Y!W3husaCXUK%75f^a`@qcgo@`uo8Mr& z&5<7nAv42*AZ+#JFAz=`*BV0_KH+w1k)V zC|k3}|GT2%MnosFW)NpHhf%c>+=v>*x~ls&NmK^`AJ)ruI=s!3e%j5@O79U1{`sTy zf>)zwjdhEJ8;Lta$QFY6gsDft9{b(H;>op@6hAjRl0rl_H3z>k(Lp z2HDlF*`Re&M^~DV8V!$C#5!ExP5T|+u@u(^(NLZeQiaQ)V~`c**BsD=RE9E0KYD~o z(8cuzNn@HUd8zF{)QP3x04}=9QuvL3we5g^r?7@?OMLkJm>c5U$}V_P)FigeFrT?! zevUt>{9u$< za??V}^jlv>Glvq${&~oH{3@OgpOM%qo<5JrEsxE}^P?vx>I>ndmmmwesd?$LcZ?KT!(I&kG3Xhe;8(9gE(2h6ZnC!|=C!V=ww6#}i{WPxUPgp&UmWe!;p6nEWcrapK zAb`}$5G>WzHS{cEAMyD?LcHvtryAv{_TI&FEmDOZ@9_2tV18_lA9PL6)D?U@0!yXT zM3>xzlZct9KB&P~;q+0mZ4X7;SanCrrAC&yaQD+Po7akZvaVQ9SlYBwg=;xlkk53; zzBth;Kkjybpi=+hqF#8;<2{me7eVf^oW69e9&cGpx+;`q6}Fu5MG93WRmfL~-`xfS zMqUeCeUGFPd;TrboV``4XDf2BsYc6GL2>I7`wsjI*1Rb__@#Hg{AVGzgFnLrgg)o( zsy3>QnB?k{Z{NgCUo~NLO;Z*PdRpA2OyltpL-{DXpN$U#N&)FP9puJWrHoun$xEIH zYJ7K`ji>aifzCK+zRuh)(I@n6_1XIG@xD`-VGi!;oR$PXg``SuxR`vkQe#-|+3#py!hry^g=!u|z9ZDf~Aou$n?4P@8I%>!7qUjBMc^zusC zWdK$EHSardv5H2q9=%5E2z-6f1q!D-pL>jK~nqWyjh(SoF_)q~Fux*66m# zlGi7ju*Y2!GmIMb@?y33Hn>Ya9A(+TWtMejMKZL;qHhwh(=a5}9j0qXy@+}u)_w-b zWtn}iIYBk?>{{ofOL%U@h!bU5l$C~Sx>y;Ps7-2bRV~lk)S@yw*`bvFJtsCxRIQm= zMp(?Q(@I3rR9d(hq^Q?5A}{ZrIKJscYypNn9>wBZ5ycC6%#?s={G43Et0__9VKKw# zJ?_#{BJJftnYNo^XTXVKtWKg)d8>^pHJu)iXP~ z6tGj(f?evX%u}61E(gMIhwhh4Nk54vJWbQ{5zJO|K>T{k=o7Qihs*bM#XpaF{2NbJ zqI$d^1r;+#PxeXq<5iw9^`0}Qau@O?B}jL#erOBtLXds5#mcPce0 zi4VTX>|ruE8n$&>tZgw}&1?H8ILeQG&GuralvS*4bbo0{+i|u2G_a2bbiK*9#um61KieD?pk}4~cI2XZw=SE%) zlP_rl$JZ#&M<3$U`aKG*$sV4i?Z?2ywEnSJ|0d(Wn;Yc4;<|uOln>SI^Dk%0T_U?a^j`P7H*PDVF;4*qy=23BDT#ulu^{SdQdHc#pEeCXx-%6qYNEJdH!okrqSrY*C8l{Syd>nv>^Dc z0374LRWo^IQqH+AC;a5KkX9@+1A5DJT9-Vwwb>yZiY7s+YaYvUE7l^lrzlvgxD0Im zrXRFPNc(9G!q$0%@qM=wLsVoF2Q(SkDI!szUlMZulG>j$U|N5eeU-e5f*x8k|6_No z91GLhI&+%t{!83eYWf_YqTDm6P^9&efMTkNBWGGJzLhhxrv~EM-6VB;2Ib2gT${ki z{aDsX2+d2(MfvmkkBXv0H)&YSgBlgYrSVAYIb9GIC#Lno%bPC)NnQGj1D27P?_xi9 z#!xi+VpQAvOt$E~=ed+l`6P~ECV6=w$D6gKbby28mS+F8im0q~WA~}m`71$iFj4(I z;oQfct5>Fy@F=HLQ^H-s>1edhUT>y2L-j8VCqU!Hmgf1?m!u|MOqh22jKjdlbD)=t zppw@76txz4S+XlY!3o3rTyAD^ACtzJfjpv;l2qYwjmi?uVqj(>BiD;W7fGeNYM)5N z$$l0!A@I(>BiJSUJnN@Dde^kiW)}VbR^^xV@=NR7k4&r@FNddvOwziugG0ljRlHlj zUKSR*YFxhf^XNwgws3#e8wu@&a~t9Qp2472hEFb}i~>@y&Ex4YF$HJQdspnS{N~T75VZlZTLFHk5XuR z^vp9~d}5A7+3b2V^LdlrlVPC#c)>M-T+LGNHNVGKmy~T`=d1YNC%rdDJ74~i{yGZn z!IV`0DsN%U+U>E^>b3C4DV9M`Ix*_=0PT=E3%w-dJjMiSb3T{kSzI#rwQ<_J>m>%eU39)Gr@? zFiI%C$V;Ar(DcY?l0@&%djWJra(eSByM%K-{8c@jow&11hTCdd$uN8!=y z8geyoym?kOwA6ThbauUL32Yhm`z@o%v_q999;+$HVzs^_67L@0K=+PP|5eRh$EEjn zSnJH?l1Su3RxO&ohdNz(-cLVNr!yzxPf8LYrHrdc-tQXqZaZr~(sQrIw}RkD_+qsY z%y}Km&pb@b6T0a5fPWbOvny?#Ho@a%xV=#VE~BKzP7)tQB-USTIji!2^GV@@dURkl z{9iP00O$aWpo=1~k+Jvwriv8#!%bL+Z;93EZTc%MQ&Xl^Mnu)Ios#x(-_s9olc`p% zB#-M45_K@{+TFM5*qU>*tBsZZY2mZ#yW7}V7AccKc+cN{#z}M`Sq}i02_LUv;~+a^ zeC9Yz4;=Lp$WgzkbQIyFUz|%|?G8T@S?bO&H^F5^bxoj~7|CZgPnXWZ*!w8Wh7oho zdvDlW`~}|VOZ)0)mhO2f0hBchh_8o1(n5s|u?(9rFkOMaH&JkY-GQUf6GDG)$<0#! z@mc4#{bsYo+pq@|+g>VKH|A$AZvFn8FoM0`0pDEzvTY(r3o-KOT}NE11c@o~18qsz z`VD*`-~{lu$iU8xbZ)2gg|xz$6ABCThehwiDuehkpQjxpq|KWTY@pl5YFh1D>f%lI z^C)#CGeAUWXS2!G9tG#H4Ly!?sh1O&*^}h}*L4=sa%q`ODEQyOE%e*!fd(6&*2B;m zK=Vr?SI+&gnJebpB;&`G&YG6!;;^8iE-YBut8~a*+<{M!H)XNofS6Q@T-7x>@PYCEf?Wzw`d@Ie0!h&&<7d?#z6D`Nhzg6Ok*i zC9Rlv$*l~U)5|qsa?*F37{xwa_4M@EWc;wRQ2xI!B_h$6o@4t6CtCT36N4=gsGkn^ zW9MDs{OgBHMdAH#EMDV2>=`c7wlEwSJXH1Cza0J~)YM~*UC7$w!ilweMcpv*cn019 zAVuirDVhFzBUQXJ2>1NdwEw(fTQ||adICfP*kCBRHUoH&BpGs&5oq80x1}hOxU(IF zydcjHN}Hwh6zAC#0X8?Iv4^IultDZ$rRa=xnV00@e@U1_Z$$~dS6Dg&pm~>{Z^JmQ z@|@-9SW7IoQ39whC~F8Cy{DT7RAs)m&R=5o=Uh=hWgPKk-N7=BO2uMTxic`%`70*efG!KJ?75-%VAn1Hzro(n^y+?`9 z;6K2(D_`MZRyH~Vc&uU zgSj2*2~Z*JJ^DF#=JG?*4!aVTZzIVVrAP$~o+Qe$F-wM%}0>d|m?2(B%i(Bm+n z&Z`V~!`4AUbeNXKbs&j#mQBv-@ZY#1QLxsTgeYZPQxqU}Uz%p@l^|w{To)Sd{VjEQ z#OSPG^MKysUhRVcGguE!p#@ib>?c-hsw;JJzM9Mf3Y$tn3Ed! z>p#GQgj&}qU!p*YcKA7S0DOD!!KArh&uTU341-6i_eT0N)N`eR2Wy;o?_1<4NHDQ2 z3~HB7iNF4*E&YT`rdR<)*x0z@p+v%G87yxYzdP#P(YB`R72jL;-Ii|1!voVQlUv_b z)>QV+0PFU4EpqSi)&~p3kcAkqi8k`1&lef;RCngX2_S1^FkY2o!xs8s&dc=!?Rr*I zpI==Bf2Wie%Y1jcq*8<&I+cKDdDX$dmL{hC@cr0(^;QzavJ?Y|C}cIANO|wVQ5}Fa zmN*8J=9=Re?x_sh(yF#x#23bZ6=7Rh1;Qo?Z}s$tr3`6MAQHnTv|}XW>09vYwq@

y}p}I@Dn)Pmw#{&`)wcFcxj`GK}RY_7z2rsaDTVfqRBp-}eCb?NBSMvRNaV7Wg7@5QFO^M#iU)z*UaC zA6p11-kzvfoEOLBu#>}P02P(CKk1Q%*}Pn=t?+3BXN|y(z4IdIPblyMzTA=1d<#W3 z47Z9?{@B-L7JK$3Rk5h%GBqvQrJ<@s_vgz*+HCMylJr|Dxx|Zn6zeVem!&*Fwc&>{ zT++QkhTtB~|Hq^0bSq7LKvqIS)>8}b>%T0d{Ffr@vFTDz@YSsJy zccEFBm^qStCPO{+?{POj17Q5pMtP>gXAN!!;d+?{cp9_&CZR93-BHDjg3#b+c)1D$URUG5V{OCE%9p!LBc9>DuGn0{@tJMQFU zd%P-m=7?Su2*J(fsYpu9`R1y4X58^s-9%6YF3xE}ms+}*KqT)Fta3Aw2J1TIsfDp0 ze3AcN$`*S5dn!iu4nIXZg}(Ek3527{zb|4@M7y9PIqGp=6V~_VQ;)YTz*h=BL$-5$ z?`n9Bni|rUS$xy@{R|Z6$GK#>x|f2jW;JzHhb<$_qR&P6&s-#K>V6Vw%0``n{8aeS zUW8gS6PZ&J++YHCdkFyrDHw#>bDMZ0R?aqkB#Sj3OEfUO{=zt4S@dK572-?dd2fc+KAvYa{v_FkNn4h(bc(ad3~(*50fENW|8?#(%wB- z?Xz9(*SJ3C8HBPFW^F5D$&+8}r?NKzOex|5O2SLw!paE%4L@G00~D}R@g)QIJ;uGo z>Q3j0S57N_oBeHJ~Nv$JeU9;^c?2+qEB&;si3O_|z=6 zuRC2ESFFPHh95?D&Ek~)B7|F&-)w&4Ccy!(obk%^%Wuni!X&dT@7@|RYkRBK^J`&F z@~>Gt8a5H%l){)Ax9qTRUZRe1XJO;5)6W0ihC_|iTdF8!{QsU>QET;MW?fVvn0VdCA$c) zH_23Zmjd++xYOag`Vq>AlRUlTIfY@WpXh;#cIFG+dIj|{bp9OzVCTZ8@3n|<5HQ|+ z=moOSlg{cN{CXr={-hmz^Mb6J9)nZnj8Cb*ZXvOFjr&RCTGH&^gm$Y6_~dl`uZSUS z4@H`G;DDvSY=89z_v(uNcKd~yIsN%tT;EKEV=95$+?(r5TtuGKh0BxwR=@$O_J?T+y&O^b|C}2AaEAsa)mtd^$KlXmkJ;u zkFW4OC@-O69n=j}!51{C@qrMT04^-r_^uHjAj@$qCt+0h1~6IOHNymZS#zT=)D=w> zg76u~RGA=4zdP(w1zn6_`Y`bn5kas1S^$S#di)A0#Mg<(9_M?7^!&mMOBgE6xS_+R zg|7&$qXl%6j9*CC`V>e?I!1yY#(RZmB9Q6KEBxY*z7XEd$^ zOmm7c`8yqx^L^H3an=R>nIpIoK2Am6ZVxaQ1X4wS$>Lu4m5VRh{QyA>{xdR+m;Mke zxd$PsK3|TDWj%Z#2vUSME+k-0tM=s#Y`a+emWu;CJ&JCspwn;aLsHM5J(#IVe<_?@ zYG=5WMW}MV_^v+avl=yt+kS~$gWJ0IwAp>ONXO$6d8X+nf>E%n!g2_kC0G9W{Q!bfH(b$12Zn0?IH6oPAVt`Y0YLUFAHhcR|QN zv461+T>T+4SObKx$!c+alBQcaAd`506Rc{I1mgaNdU_Pabcbg~QY+`C9vUiMm|^zo$(cFVi}^WUnHmW3G7d+s$1)hJsR^wx_93T75(z zOVwM;t=37x!a=n<`50dMQqCPbp7E4^%Q9l`sti+ht(Ys+8Qa_n%MjkuhF?TEp5*L; z(|9&DP1PV56oKp3ZzORSD3B=m#N6L_6Bk^~=;pPI?94O$XHTS}cYhH$d6xrJ8a+3W z4sZCi@7FTCo)sQ`3I2kvq~^5+e%L5k6$ifO%2bHI53K(A!l;JSgU0C%@{l=zI$t0| zWZ49jjMrA3>xfl<8b3TkaPk64UF)ufWuQ8qzjyU9Nq+{OGG1CE=!a3LbrwbVSb=P< zTc*#^UY#cTbb(tV0%pM)H@fYK+VBL^ud|4;Yx~}Qndseo0XW8O0NnL4Y}cUCRmw;5 zCHF}$Tuqiyz%UBDO`+K5ba!+R<3Nm%jvx2RAI|~nd1xd7>CU2CQ^mIw*PvGa4qI1p z9J;|GZq*fIc$y#b1IH?Vxa4B#Mc~s%D5nM|6|TkKjnoSgD7cJC@+?%S#^g+9W;>CU zEs-8Cic+1vJQo-lRP}t9muZK-p%cPQKcJ^R<58}wRI5K@Zj)z?tYCIU=Wg!>wP6Z) zFn!nc!9?h~HM?Hw)B321ugn?Zxs?SaBlhL%`!(*Qk@u-7sa6B2V4|fB#GE7rTAp+s zj`N?e-QhRP8yS}@svMa_RN4Q*vGRf)hhGFYjY}1=M0~pc8i6=JOAZVUjkZ?ec#k#c zw+Nz6B@m1YGc$`n8ta|N+!eKZ_j)AyIM>!q+qF9U9#81?f4szee%Rmg)*FIem&*Pc z7PPdcts3yh2rG(VMpyn%6!m_GrKaAJlc)gWtGZ8Nla?OjEyR?g){HkN`4FoSQitR! zhNQ;JAKw-22y{J|I!(S0XY)_rJ{iLr3;|Y@Ce5wVase5&r&~8b5ZDae-Q3Q4>O!s@ zKZR;x&cv+(C0>|wTF1pYw>L9AFJ@y^Xji5FO4y_|So&3wL0!zaT1vL=Kz})ExmHa5 z-poszeq{?Lg7S}Utr^&YnqvUg+c6THS|9#8`6qs~*X?hKpdRk{m7sxWjsMYgM}u|TAtd%u$9G&Pr3WTM-95cJlL$bzju>7@N#r-9v}j5Ueg^;)k*cUa9yIns_)F)W z8efMCuaXbsm4~JSP$18+xg@1qw{3{ad4|7yKE>S}uGszS0cCA2coCEi#}zeiDQ7_< zFy73j;%OPd^mbUYM&Mma#->KIW+l_8ptdb3gr^K;_LHXFm>SQlfhL6AQK2DU!y?Hy zF~g)Qkc(L zg+l695ayACz*`<0p8Cau@6@i?NGY~cKCAH4-~gBYtT*pm?GbStf$mfp!S&Iu3(@;Q zTZi`346m~Y*=13OmQ$}UK&5Rm)isk6;ZCCsg!eAYNcPTBFndHMxL1m#Ek*p7$`1(Y zwD!^N^&PZ&=*O`B71SHE5?s{CdT(rg^K+$V(1=ALOqn&KST@^n0Q^X~MxMY2GbD>M zej@%Clf7f@5eFNJX6)=lUUUVj5$9j@EO-js^1WW7?f=F!IDOS?7DvjDBwYA-SI$1Y z+Hqg*bzR9fy%B=e>lR!{J1duq6?hh4$`X;y(5?Hmb^vU)Mmf$7evfd7pb4l1VxqA( zg(I5SPpgQuQLi;U>!pG;>FUGex^?3V6;@A$@FrjsKsWeRGEK10tX1^|m_sCw=Z8{C znpv-1d`@7raf3-Y3%CAuS~Jt!pu2+Xj?@v?$P&wkKFcER6*EmD5W7ndvE6&;x**LA zSLK^8ML!GQ2ERlaj5Ml*DD{MKE1-?KT$Ip-lb)YUs}_9 ziv`Z%)Ch-FCDAkAEEMhpzsH^MRp~ly44!S?404hjdM{^=TY(QH&e(~DnQJ#ObCzeF zzg-Z3$Q%h=yPL|=B!p#Zw_Z4*!_RLdn!Wzs z;?vafp52 zArsN@vF9&VIv zK}ArCCqP#vwwC zq6vc*l%3y3f1#a3e|i?0Sh!iu40Jz&-%%JF=Q+NU+fgx((-5)=yE&Q@fg@5RNI7}s zUW)o3ruzFsW&vI-xUPU?=bzduw*&xgwbJFN0Ol;+Q}4C3BM*h$b(5Y&hc>$Y#4UvN zgPm-?k5FVxAtS$CM9v%#L2~t<2G_dd`}_62c7UCM5dZ6{|5cO5sg*~BANB!uk7gR% zqjVQs>a0cUN{(pB!~WtK`KrIP*|04${&Sn4<202-{Pe>u zUeFY>K<;{5)TDRD9YmFw_JsprwYX9YvcU0HE=JSE!fUs9k&b;#2~=G*ei~4_IPYZA za2V`prhR?LZ}@|JOBg_VyCfffU!K<^`XNK4GT-C<7ujaSdrh@Whej{`8cvY}M8B?S z$0ZmSo^ot2yRYDw0WcM*a@D}4-Yxdz`{o3TcLvUy$#UeIkss%uZT@CAu6{BesHQ2W zkJW}|dpES)7L&~EezQBjlt2b^J+rh22E#}z3ON%xa(**?;U~w{KS=UBQPgkWu}Xc6 zxqt}RP<(Z!M^D+@4D`rBD!FI;yquWcu}`D*OZH){ci5RRHru_z!2lRd2P~TpvsW5+{c1!C#bxc4X3)M?K)Tz}td08|U==`#E~9SFnMf1291W=D?4bLXQ&y#t!X| zWzVVRn+mUlkl0$7?`o+{b%*@J<@v;q&Zp}E-@W-&5!Nf2PbwR@nB$zW*Q@T;UR!yu zrVksBv>=Cnfyx#^^v@bmfrcG{?-K-X(UCL3&bUIAS0q;u9+;qJP+}F#oO`>~tb_dB zBb2Lj<&+`kS`46j)MR2i_zKlm1fk3@4W0T2JuY0`+}bhW6o=%dqSqs15oMDZ75%zX z2An9g;v^LoW%Hs#V_tm~W)Wt9MwCIeu#pOH*PslL2zmDds*@Sra|19ot@J>qQZ_A9 z_PK`1duQ%`31X?C-|%%B+eAQNz({{c`i&-Okuv``NYP47k^1Kq)$H!(;(Ba0o-!Ba z;?LIjm|FcW%B0l&^f!VXRf(XftrrInKG_3OxkW zvjE2(R#h}Avie`s<+&I{ zkgE!STM01u?HUCyrkS^H0suV&cz%i->XWDVq>Zi|wbLk}KJM|HE zQz=FCY+A}9r)e-1Wn!_D(JAFfJCq0%;D;+G*}$eoDhZ+!mEPk{zFp!R1n{&2dJ9vz zl?7Vjd+HJEcSGH&B3>TJ9?&$V(DJ1SDeu$=7AxqA1WuLwv*ct+jW-?yH%zia6jJ3A zd|+0AvGk4+qQkgy zZp>orx2moGmC|Ni!P}SxGN+BEs%@eYA`BKbcO@}<{{X%(bK!26pl0Et=Qk5uNvTx9 ze`6snWbvI#`#|cWs(HB7JI-*ELBcO=^M@@61HY{rWuv{rgzVL9H#jtkbV+J3v&A=( zHo?V#ql|WaG(J(2$`|VMmH$Q>xN?Xr)QASn1J4DA&Odi6k}5dNtDGFp8AsGeNHGZv z*HD3c8Gp!@&20C~ghrYW-{=ES&((B@bMLis|D;@wwXoV48>&kGy`auA{+7 zb_xD#4TgJAy9!q&z^4G_zs?7`rBg>T2o3*rIbtyxu*NC7f;;6lO@^PBt^8McepKq$ zhmj@2tD~83+%0n}+dxa0O|i#M;%$Z^qNX#eJDIMqBZMeKeT?hbjp?pZkWb40)TE@? zUjdh~MC=x|IIF&W7274Gt!lgHs=<_ODI$=>iolMoRM47t^hGCa8P&lrs<7+^4FZ^O zH2rVZd6vG&bmxSscxZK(xsXeL!>4(wg;V;s`i5oequYaK?oK;eUx)XK;Rg9rEzHY> z>$*~sD4D3d-+<@_&CEs_?L*7Kvj^h`W>?PIh3OU!XDGbs;x<;9nWt#9R3rx$Rmh>W z+3{(VzA-g)Pa62O@^3P>Uzt~t4jR0xVs@dLBB(V2Zz^rP>i5X!>2ZHeb(f-#+s7M0 zJ;8!=W!B1k3qA#%GvIT56JAxeXgpc^o9qAd4%Tr$w%UPb2L1$EN1yLJYNM&E^!`>%e@1 z`iaeTI%o{&?E~!{2THNH>g%N_xAGosL(sr0JfJ`K2wkmbpYp#wz~xK@QG|=s^CbOv zMgC$^%}lEOPbdHmL_$7oi^$^CBv1GDY><&b!Ve1)6j3;{T-mv}spZ|;fL*ZGR~0K? z5+rU%2hH|k=N>O)YbYd5sWdKZa`CVk7(sz@wVJB?l$^Zk5vetbk*=JwrCCn0umzCq zQr2M~Ep9e5;p;fo{q!k+Bc-zuMOrcm{{6Eh2=U};Y74|G42wfBy_rO(x1Kr5Y_ zeuXq+o?EzAS#(60X8;9+f|&Z^77H1L%G0B!7Fwz?cs_L!+L{aa`LTG;_ZbLj`)Zle zfz6xC1O~^a*V4z+$rk%= zD5+2&EXoRUJ6KUxNcOqHf5rmnE+y0eSS0bnVw6ePVzl8mWt={IV;?<&SGwbuQzg3elLKoue_-zm;&NyxG_X ziLR|5?WG(p+(x{d!y~_1aX%K>yO?T-@Rbfae~5FqJSRho$J+m9o7A4C=2t?RS)M=+ddq-FdpdD@A4ySCOByIWF* z#uR5F{*a|$ggK+T*%XF^Wff7P`YfMfL<2&i%Ao%kx)0I>N*kF?>xGBz@Q4i2(uU(0lEeWD3OjxI$G-eLTny6*LUUqIA$nR zyHXajr<@U%O>wJ#mln|u5=_NF^oI)$VJ79IQ#R6Psk<@El*y*pGgs zdgne=*V)+Du2<t1fGh#Y-Uy@yAw--TrY)o75F>}m@) zu8f}CUwYYhj%YWL1J}cm zkV8aGq5t5>m@4~`r;!lg9)21GHrJne{Au#|4S)Ij)p2tTR^T%buQwkuZ1RN0EVx62bFE5pnfh_lDN!IE9p|^-C~O9XYcsMpgIvo7oqnD-VC>IEo(9KH zBOdQgoyqosGT@Sb8EAA<$QR)P#XI0*$)QxQ->v&Hb{!!c4sh*Gq4{k+|?O zBOh^t{(|=*0B>f;{$5gkG*dry*v`~GeL!-Y~)VAgNG9D-nBohwfH>A5pM;!_xXD6Sl#A9I;21AeYhS8-CRE7 zgVJ>bb1Cw$^Z0jV&8Y*oMjuGb%+3J}U7Ng|!^Xf9eNs6G&XZ+8gm*U$WtTBc0qaeX zCkka&3@2{p;k-ga0{xL}jxKe7(kMLI{4?G`n+3SEyq6`OuyObG$>8ybM}Hu6Lk-9o ziH>yONRK1Di`opeX4S3(hu}g?hRkNbpL)cxq8u#2OtKN_|)lGkTj3` z(N!BzQ5iXAQwrt0?F7_lKnks~%kL6h*Na@jG_Xn0a_-}s^v4T(cZXkf{T4$F<96r) zJBn3~%LBj0OvvAHQGIwszTTnj93_;K+nb!S zwS193e>;9X9a*v2CkoyJda{(!EDVzbx5|r^uZ3>80J9Rij)8I0haBcPX}=~KknUQP zr;du$Y%|9Sy7gr{3mHE14ZMz?S_S@S?mpXw0xS~oanXL6wgHn1aAf2x6fZ|TJHKM} zzRLg!z@s{wuTd#eIStnNw9E~#EFp%ti0G6AGjb$Mj-ys6TMb#Qg70}Fd%Xv;9AJ}6 z#fL_gD$8`bZPm7kA`=toDr30H>ZddJ>9 z)J-(yV!t=4(~Cae7*3fY&gP6VdX2M2y5?)VSHOHCZoOOz^sahfF3NrwXactTsY)Gw z-QxU5yUjgWH_tHq;lt6_!V)}osub5ggR^mP^r{r*68#l6Ga>tNPy5jgjL*1yCa3}| zr@wR>xMaVRKwK}~YU~8eTu@02aNrW*I`M5U&a;9mOj95;cHyVnNNT^9A0QKi@CR05G_La7H3=Ww}^ za1!+>ljgJXvG*jQt!@>GL;+R}9j0j+$zN^HK%PL?2f4uc?1zlsNuBFlculZ$5Ib0X z&pN#?y70{nJaM|r7;|X|cNrBAPsga7?ZS5>L(f|vArPCN_XK%Y5IuCjuEo-~M?ahB zT3ce9R8YA&C5ncZ7-FVRoDqo>D$BM#xgTfehP<#Me%bHJ3B?x2P7y977 z`dgk6e+zm`PU!hl;PG%u`QrmU>cQfx<96>4iym_4JNwn8z}!*qO_lgnb*96l`lHm} zXQ>4+c45t&h?350!J9?mjHyv92bw)BelfOsFnOwKy|U&MCFT$N2mSrJ*Oo-ir;|)u ztv+;$-u^|Xq!_Kw5%x*F`uKGHqzcV(X`ssnm*luc7aVmX3kDD3j${Rs9{ZHI#SE3H713@&Rn6hcl2w}jr_=2nw zzi2owhY0GdH*d*k2a*uBNcu8`WlMFp7vtus z9tSxY{*3!N04-lTD(~u^-DjIrgd`JU1cW3#EuHzd91ebtr(DhMYrizlV-a9OUL?eA z*FcM#B~^mh8?Xjkzv|R6-aQid=>EYV-bZ|ajtV3YT$dIyVsRzSg@8HxlvTvdjgAU| zGtpoeVJ#qP{^dVdd_?dP<>xDJbM^$$rG#4*S9jsxqv%6p#seVlN8EVL5~WHo$qmXFavNISjH z3u0q!;sYJ8Mv8IkVZWXglr;hR=g>HAB+0rC9lU*+xBUn^!rlb0c6sEw%%(4R$i~7p z<3u(hEz}m@o9t2781gd{--&Jhu`+c67@6`wMFwV(G%*rihe6`GB`vZia_2G1F(e$~z?-uc-$_DYYr3==s3g=@# z=E}XiONV*T`gA0NqVgigYDAlvamEOi2#|b>&nuls`t9^YG_0VYsE8J@YGm_)aUnydhsC;%{Ih`pxb=73G~-t zK+s{{FV~oT^ISfjRFb^2^bAGY26RWe*K&N!4zYMztzOF1p$B*CigQR(xeo4RUWE8T zSFv6cdPsIRp*39ZqctR~q2Zb{-wRTa_hv|xRR_z|d}j%@)rs%xCaR%SmmutU1(7o= zWeP1KzH!D&odyIriukD@P>}@bAHTbg8#gbBmK=b&i>lSIhLwCjPMZ`$3Ta9PJ269o zWXifFr+s@)(Qxq#$(^6joQF!FjW_VGN!Fwj-%qke+_6!s(8rrVss4s5!*fxpd!hDY z0W-em$j6PJgh$*);8*_7m%I87dvOoWWhvUe*$ItaKixL!aX93_#H;IFQ@vo7d`tgH zrOm5PS~Ig66n|gkV%WRy6g6V-Au7LgEmkS-f`5x`QX@ z7rhGiF}fBSpslBpmK+wJu^5uV5dyQ!rPa!r{nA9@WZX>SwsgxM7ET*~$nz@cXa~uC z(X}8a8dC^cAJGmAtwj|G=!Fl%h+{X_*T9n@;-kQyij)nrE1E{EVmvg&l51H;|s=CfQuO++J z&=Ql^N5}d%e44@nWKJV5lI1vAvqV@~ir3LFwtjpM_?zurirR6qF=w4TW=@&)V7g=d zAo}AHpQq3w-Ihp{z5#b3vgQiSUR3PQMD3r$uL+I8KaDBR1h zR@-lTKIFdFYoDCMmpmV!=%_C1k5zrTofG>pM_G{FTp(rWe#o=13dg0PRHbl$;7NME zwLq*Y*n^O%ZR9ufK+9GeDbo>ZcDMM&Uz46q@9!0Y)0j6K^-m{RdxBir@qL*FjjXWp zswRW|5wt22bI9ixVbRVB)$8k973r+N@pj*ZH+bK8uI%&Rf|lFe_dCmC3h7N5fB^+M zz8|Zu=kGazc)^)}N3*zjFYcGTK{Ma+aDh-u)Bh4i-RJsh{As#0X*n#R=~(7S0hC6g z<}C?I3t+3Ym0$O2~6RtdD-#o}gNv6Hivl zNe5-=>ONklQVvx-#|+Rh#x;w`1NtQyB{->?l=ee*YPjYu878@2YlP3j?(;k!ZDHe| z&`LvQBgez&M$2$J+^}`qx}iFDvgdYIIBoi%4pb<_Jr8zUECHS<41&r$`(3Xd2v=c6 zz?_P3k6yc)|4}IPI0Enc9qyvQ3ecUsi6s!bNZK$%R3pj>qhi)I_Z-o{9WveCj1zT? z0}EXZ~biNxP(r(k1-SzPxMZ+sC1~?nD2j0nCL4)UTi4rS^WQS5Fh% z@f~Z>xSRt6sT&)}!X$3gO-aF9v*&xaATIwJ85tNxy%cSJ_x%%zOURn2^tV?#-8v=fiL8tJ)-^ zl`T#j?bd@l_u5=0w17*(TICDg?D!iZAJi_TFSm`w=K6QKZa&d~ToL<8E#TT8;0H~F z1jn%!LjuD;?N?>`+AXsfD+?dNU~|U4>*T=pY-9r`@4ko&m$EVYpjL^E`F4dh82RzD?ML!dCi&)$w1Rrw(M&;BiX~|WK)HBjQ)Q8)t zVUrF>+k_qy_Un%Ut=D!$-3!YFk{`|Z;3s5Afkurk1bfbp?L z;y+f@TLmxZa4Ifq2uX`*Jh`m4*YOF@coYf(zGQ6!v!T&7fI3qGURa+o+B?ao)a$PP<4Y^KVvzS0HE<{|Nmjm}{qWKCie{q?mkrYF(P0FjFt5Tq>KYo31417zZ z^-t>Wb!i&V5U_Xa#hz4cDI&a&eZHQrq;HY}c+ME={g4nwesP)0;JCDsm|Js_>;Ir` z=rWVCVPkUAyuK~g=J7#4ZP6$JgEQeN_T@R^aZdt_1m*5COGt%d!r?FIe)S{Rc1ru? z*6L~$|MJ@5vDl6qeP_7)_Pnnl;X@AZ+vzCZ;M*gyr#&?{mca=ZsDe33a=$eL#?J#D1vOh!eX>uqtl#UcW+_7JED;|tWu8zy8uMfmVIWD z*~%i&J2{+)g(I#lx*eNZasx|evMygQg#o-;w-eK@T?Qj_0T5HL!>Qbt{K|QOdqVn) z$^@J0*n=k8hMvuC=q8Ss&92vDrma;0zb^N3?1u(69Hv46-t=7W*KgVmX(TLvrE?ckSWO9fr(Ovztk#~>89zn9 zA6ww|$EdH~A1c_1wIG;nur@OWZayE_{-8gDOaDyMO(DGB<3ukkbb4;RVPkyLF>_Dv z#&US38apZ3`ScAv9-CE1SU2I005DJ85c6vAeS^gmQtknwW1Hbvl3dHk4L-S9DXX~m zsH+2@Km+T^+}*Kq?xyY@b9 zavpK6^5k`lfr*0zKh#kiC6(PmU?7!Qvm;$pY<7&Rwr{hfW(QDNFYwK$%Iolv&nuH2 zamUel=8aem6rk?viSvKPp{3xl5xR9y>057I&ERPp}@pdcSASQ9MWd zX#70dTG+WsO@&w?SG6#bJ>WSbaKPtEZ32Nj#Tlg1<;`*Q4VKwvyo1pVlpYv;2*bfT}Y%| zL7?sXl`y73+nHY+ns#EonOE*|d=&mS9huI?d*#fOr)^D8&q}cu&3~W$`HR7UR&$!O z?1SbWl(_Rq*GsY#o`b$*um?b;ZpE~rHp7Y0U->OSvGQ=pc=YHE;%L0zX{g+A<23q$ zLQBs19&^dP+S<6|K-{*&#Yn5t+P&_VCwGPn4tY;1Q3NYNFsBf}?)Fxn?qPv;QmL?> zDDOTGl;k-b=MCyc!!1tfAhXIGepTDJ)7GN}8y`Ckq^FxJo5oMFTaV!T$9YI^NBjMD zopRq5PMqldSLRai1J)#K{uZ~&b~G8?KoU9Ckk%=Fx*9n!beQIs>_F;M#FgCytkn4H zG?WpQ3X<)UeSM(z79nD|cy?8eXdE7tW%B;x0Qry2I3lSS-f|uZM8!sBY*Y12pC0yc z*I{0kQt(EUMh8zKkWL&$;_8ddwoiwJYA#ewz6 zAB-q_eNN{(OK27FqkKIQxB^`xWpbOG7mdZPN9?eAk2;UZYdVhtK7}SmuZTLW?pIyF z#XbR0=+vS!NZJ)j)+lTDIa-%wHhYge4ll{-`?BMZEjyu&xp0^;yP|*ES$u?t+q4~|-Kx2)FZBLpQY!NbjQ?_*<4}b3b2;4EhKlcB&;(u*d zzrT|$;zt-J8b5@ANzgv9X}RycZBb)LnALc_>bW?_i~o2(Pz8&9nTtU+_3)5c?F%#s zx-Ol^X0%&ebgh-;M$^WX@fs|MqNghYi3JyNalUqwzI`QttC#qa3__v0 zH`)2H0)`A?h3}Us{63&pk>{qVGfH=EUgpuvLB=}d_Pq1FbC;clv@1FJw> zNV7MTi+BLj=WcXff0}xh=R$GueEBqc6VAG9g|ZXz!HR8&}_B;N+FaZV-4q@CKP~(5&Lts)9&QazNiF;IB{H|^sLS)EAH+SZD zyjcoU9pj%Jrk%MS_t>txeFS9j!wkvTi9XaawS&%I;)ifl&uZyEwElT@fH|yUCdQbS zkRuMHlkjwlhNTKWkz!!?#7_jYTzWPm20xC=ppZ2{AW=97i&q4kF2~OkQTY$HtG<8J zB5G2;qQPU0=fED0e|RGPhMaaI0&e2<)FPjqk9JSAC-H~dUyQI|CqarTSVwJ#t3D6) zY}_s;OQtCc)Dk--BkZlxzPED|^^fuChxg~>*o)FZ-i*UcqBmW>dqV>hnwSDlA&PW; z#i;fTH41FAv3%(LcOfDZu8cU;NVLjMj}(4?C9WL^tI@{Aw3mzsk>vq2eR4Ucu7Y%5 ztH6%mnDF|;__T6%S&ru(7(!~S>hHCUxfi==|Hh2w=Z)QRi!NzWRTK0`sQ1ydsKqOv ziJ8^yIAn4^_<|UWWKHq)%sMeMhSCh18-l1J7?CJ(Aa2PHA(yvcRlp}p6(&+xko^?` zvarYojA^emf&CWC2ew!hK8dOXc=fM`mvEwhmYeTAC;WQFY|e3ly5O`|8934@;5d1w~N&7B*L{!7j>EicwsOPn`--X?k5mhB9axBE&+OaCh|69`VLmdNjBX zF*+U?>pjTK1+m7h&tuP73+eUw5wWDHgbA&8HPP|C2%KoNY&~4MIv_L!^Py4sS+eyC z3vDe-Cj~Q8f5tBf9?x+BAX;Ga(39j7zhx z;2Z@&T(&D*l&Z!I@Jz>*{k!s2kxhWu*j_h7{F$$aFp$-M-vx`it_VP)4!HuY<~QQA zG3Hw-iwwPnWIE;~jE6f+$CrQ|Kc=0_fdVHtW^qmDQhP$kAMTHu9<-c%sDECbtiz7W zc<3vi8~n84)LDH6$&^kU0Oo=lrG$=h8}Dj`A#BSOM61{K4LlEj`8r;keH|tjF^GPH zSWn1cEkb=>)WZOM+uAJ#R3e5fPVYj3LB<%jR^|5+=}L^Ent}YP!mIQS+bpG3Gp5Gaa zKnpLQ|LtUB*Q3uAr8ZLh2CfVfGQ=c80jG(YwrWr#pph_2XONj zS}@s^K)GEd6D7eotqwXzbdAO5HlW#V0FD^&Mbno$+e3kCp7^NXS&o5Dt8hRX2eH zOJ-nZ#D~FE-SE}P*nU9~H)w&43;7ISq}whwu-c=G(q}m>G$2^8IlX?m+9t3Uka6%A zfm`f&>S*;{j75^JTNS-DUod}Ec)LE~;9<2-#++5a{&<$&^2j$AZifQqIk-1-W$cEt zcr4VJlmh)OqmVAspwt^0%_=i7bpzO@*p$3I9a^;T>^Z;x^X9zsI$U$#_uk)F>$7s`#QB&QSOq9zn#O0+$ZfV1d68*bw7+2| zAA!UWP3I2)`^m^zEY=Rb2O(EV1{d_eK6`pD(z#M z?Wb9G^RbrB4p24+J|DH^gN5rrEe?CabK%k~Z;Q`9`+&^;221EGYxA)mcUzNeG!3<8 zoaEOhX+<*2AD%URlI*|M;M+qDBpJAW^#;`(?{l+DqR#2Kw-CVR!A4boR#E1YNajbg z{L(^M=&j$-##%Z8Y;tGQwImEj9}O&x9>pA4m4e# zscObOjo5o5v)biP#(o;upCm>miY|vrH_g0%7ledTtg!U?1@~M!b-nyE?~V&7GfwO| zTfOU13qtAZ91z=Ca=LE8drlS{_CYJG zrp8JB1xmkWh@uVE zvOTp<4-{=aQ8$__>aqz+$28kOxHKlL@;Q_XmB*}C!=~~PL|E5%px-nw1j70BpEqpp zk?HU2lJlFVZk!zAx(H+EpCbuGgD}_=0ahy2$-EiVlG3+^k)Y)FIf)!(n~b3x!h*x5 z@1Ns5cZr)&riR9Wjc#e(#be4H-f06C*yWXDd(6&U7vI_=H3*;-`0Ax|8H$CqfkD&Z z&#E^GGwQJ-v^})AnMb-@mfxFP^(N!HqaGV_CP06he3>Xj1){H$H>Gxby+o<`T?!WF zrSBe|0dtDh4u^{f!(&Os9Qv(~`&NB+NyZ{GLSdq^7IBg|6~WY*vTCL#gA_pA>}FxD zw}YcDpi!K5eN@6P4U0P0Q~r3ZZq9Ahi!H0ajmax*Bflz<99KR7)WkhD>IwT=SAO`Z z=7+XwJF-Jn9N+HOvMV?Yf(GZYte)Hdxqn{8xXes=vrQ_sX{F6xTC;_4r*rq)xK}3h z*}q=+{KE3}>e-XRrH}uF7lpeUlnI#GGERUZO;=D-zxA_IJ&dYpR?&=Lgd$Z;T->8N z!?8ICS2yz~pEx##$c`lmN5xwMeF}YYH`JPATkelgZv_jUiG_zsDckjOhsaV36SIOI&$3G`e&kxNY6odkN^6#* zLS=F-K4rupidmase0g@*CzxN(TpQD~yIN%h)rbo`){$ThC7zaXwv1|nDkZSy_Q*+9 zvrxibTNAUi?y?rKuk2h5Fh-^%>%{cU^1zG}6-6IZ?ouh7^5UK<(N40+VthNOnH=|~ zt6RE0Zf`()yzx`orL-mMm#aH+SImy&i6Z0?=TDZ|j~)4SKAw?_{Q9k8HtbVnU`x!f zH%Hb2KLR4bUgLx4N|-URYegtTpkCtrrmcZ;vcTx3kB zmKYe8n0Pf|cU?dn=l9Wxki*I1{byxjj40E@Zq$C}4sl&ZOZtTBc(IRW7M!^F|M$__ z8I`b|JGM!Y8;TesN@-o|3fL+7fjko7ykm=d3S0pB8v{u7-b31`r=Kl&ab4YPwc>X% zqVGt?_qpNl@ZDzw^kR?yO^s`4Nd&(~kyyczrTNpIkOc0{xVvAQZbs&s=&US0D_Ui|ATH@BQ3rDU z$(M6^-{$FBW;@qsD%dru_Cp=2 zmg`9V;)xggUgtad*tL%`J;<~!BGm`fOM)-h{B;el9!a2hD}_?F({gV)puuD zEg4;0_ib9VZa*qNaAki4u57C{D*xQTJrneY4S6RFMOD{< zRt__u>H$P$9C60L-`u(S@{BsOM~y`bfy;}q_I$hV6S2qzdWm|im%F7Cn%V{xghLry zQ9*8(L+Z+n{t`02o5ggC`-V$=0FuBE#y`&T=z9c?waPfVJ$5gzqC7_AsX>t>zHL1h z?^?zm>Ag33Y!Ib{xwy9yxFcl28fxPsf>WNiUXJFpt)Ch@(&`Kn)C59nx*&X=m$a$F zbC&`QP5(8V85N>|7q3i|@@9?R)GI$#iK!kj`f4$ok@>(X0CgVXVdf~+)+vc}Z)KO( zv}pUSOs$kNQeSw9+aw(X*h&O9acMZGy?KeH6Ah9pM4z4URs?rktGMPLgC%=)hDO#g9e zKhD3ELY1YV;z}$uot2lR|8y&z77d*N@@{O*Es6ax^{rh*A*9-FXGGhR@E0e_DeNg+ zeX4BClxol+{{E>kq|IFQQ9%;WiSgGscH^L08db%1=xPI*Td>-}E94imehDv={-mWb zZi^CU0Wl;`k<$U}0aUYoj8FLgDF^!L3KISpZIb43(Ak2+5sP8^n2V?HS~ED>X79Sc zp9=uzAHF2B|8(b&Cbhuo^*8HpMGkVNRO+unIApajQ&yQXxn=AyR2-n3N}Cks*XZ$1 z7UpOhZdq4TuTt`cKL~`Dn+r1(E~L}DReM6VENx$y3=WDu!eZ(tNiCs7Ax81%oXg%EjCf`C+GhPpH&t4M% zE8iCg7((s`1Pmdo%h$Lyq~^i(XRIn1DU6M9Ch!_mj_l7=%xw;R(~(A%MWYJk?9}FZy{2E@8ooqXu~XV(<`6#SJ0kBTik&(XL+VJw8Hk@p#(ZZNOh&+8q~dV; zW%{1Er--vr80L0}5!d?|YJW1o#Oiv)5*N69wb(uxPczgghe{blC%4m5JM=RtQj%o3 zBY8cUD3VCmJRpMpCG<~+Oyzquz}FkFAPIY`{a90NJaKS`(|28rqEOV}RE{A6e?$ew z;o`euAJbrgdNLM7{FZK=APph_2mR`wKw_I(ZrPdXgOaYY)4N5C80*YQ=5t@{#Jo(C zN`iU$x3hE+cargzgi-c_G}W3m@j~zG!s^i~_lBw(BJcM4%+`w}CUu11l-ev55!z{i9(~Vk|`)3!AOE$*BmbaZ0X1 z2sl}GNbpB|!hwc(ptRN(`=b-sI$(ndEp~yKz+GZ=Yy0u0}h0Y*e0~xYHZP!&Vi)Z%@P4cJKzVOs0x3B^en=-mYNk zKGbr29V%Txx17RNlnd&6J6A>s3IrgUpI`cQAYL1J@bBfNZ*`r_c2Q?iPywbU{T}_r zq&fvo?m87`^-8<9bR6+C`60(lls|ly;ps5Z{UM53vSV`ioy62jTP1>dslmUKZK-sY zNv>Pb-2GpEIcw@ZhY_>QTp84~Y`HB0ntOd|*-VY^{K&ry$nbqJ2%WMTc6*4qd*#S& z?f>}~PmiAZB4^Rc%*#^E=;sOBd-Q~IPo16X+jOI8(moyd9WH`85f2wI(ko?*HX*l8 zfq;FFlI`ygztFY;#4eT|4^yB)-KsXZ(?hoifd)KMBOG`yJ}%cCpF*L=*m*BT5vI~p zof1;;3`~%MtxHxWhv&o}e%b?FRDGSxJ2WyN<~3)N5ZJ~T5!8k<<>4m2ASG5 zBkeFJ51B6p30KRdo-p7=XsL0sr|knFlhp`L_F9n>AzBxSqqk%@CxJ!LyF^r|CZmgQ z+=ux^bAe9b>AADK+V|EY9C?@_FnD|u%Y2_^LROWyh|hA?240k}4(@z^&0 zPC@&$o@@TOW687J;kUkZ^i-kFQpGvz9DzB|>U1G{l_l2*wu+YOjF}N)+mb0Is`);g zIZwVV)3}l!HonxiD`avccN8xyGMeU=-x#y;_P#$i`_5?_OuW~<%+nMS&Fq|`R@DkX zTL0C8>198rS571P?qj+YTg(8Sg%>?epTjVYt;em7^qc-hNLW}l*FELo9s z5`k3WxdhZhsn~$Y5Z6YhplnJ8+&-pQ;nS}($>*4mgfnzYKxoLG7Jr-B#BVx8efMhJ zX}h^};~FXWD(Ly1(&T0$(>d%c8Mwv&-pnApGCFxdSA_^**ZyY!$UE+16qHV(B8${R z0oDtm@WP8{-$5D9FKj64(HbFfr>2OR$SM@Fs`xFT_)J(UbMH;N^N)br7f%)6_n$mM zHihyI5{4uqK*X^q*try8QVxFx-})9ZastCra{8KI$8Rx#39lNiKLnhGvK+wNXPi^T zK9{*26E$I(y7VOj3{SYa@2SL=>1+5Gg?0TDUzU=+QI2Nuj45PVDZ@+rZl|d$om^xr zF?my6>CV?nAs@_#g;%bdef{Yxa?ykmis{l@V|`RhmsW)|-Ex4A`FHaxRYNZ!Yb|Tf z_j#|D`K0X~enyf_a+_{=(l(%W_?7!}{<>KFz;bqwaFr@!VZvWa@Z}ioxiZi3XXX&- z5LIRtvl{)UA5YUTA8VKNL$DVSjW$BrivBG(K&W2Jcpt#P!KTcOKO6Z)pIlu+i9hE@ z>dep}%eK33AmCuU6a$}D+b@6ni;^Up zyXHDz9~hIPf?aafkdOeb5)j^F2X4Lf_n0-^1zkH7x%|99Yt$4f7 z9~!nAfv5K5muFyIQShnuHq^8ausZvbrOI(dxd_M1Z zj`l%d`$;f`oUdG^`zu#q@1bqwFri3y?;&xJZqV{A{S(kq;;{)@k-#9e%B4Gd*URTy zGLdv?VyadJ%8>wut{{qF4xXdLt0c?K_9KOIipzL{&k8e4puSA*e_z#DKn%8guuL<$ zC8!Wes&a+xYdmt_?f73U9gun=@$au<_|mS6o+IGhrhz6ZCF(ZvreNEI<-BAZz+J4{ zj*_*x@JTC^r56RY73CK2lskG^B5e- zsPz?1Z5PPNa%gvNuqn%7tbeK&R#Q#zq+4ekBXuVn8OL(z%~}@E5tl*jdAuRNfk*(# zKr2enPmO~?9fAzx3B1!`@ll>tlmSj3bFPnO891kwQlDfJ9TTrt+a#F=NuG@-8@$Bd zpx+AjmzIbRei4it{v5?L3bWnssYS?CbDpLpSqNAAF}GlC_f-SCq4}dH#JuxA4Ep7L z$ZJEUN(FpjHdVagmGU3jJ9`PAduKpVh#Ed2Q_H}P z$1V7z@+?o*9O}l9gd^SzYV(hL6$Kp)Gl9U_1F+%m#ufQ6ET3Um0*34H_8Y9os^VyB z*3e%Zi_UO+gcv^V2w*ZI??QJJH{a$-tdxD`J7NRu^xZ28$gDxLL<|;os{DTn5LWMB zzP~E;Jt7a(aays2?zcPVI4C-2Yuf$)W7&g8^6D7y>uj!&*cvMl;6+nkraiA5eAOvo zs5#aeYBwG(UmoOgu<|u?uO)?_S;MC4F ztmBps7m+CnS!e4c+%{Bqd#C6X5j-kHcjV?7b#BA5pCPF_x~1V?gPQls zY5B{afY>T_HOnay%cq}l^Jt4ZafZqjd9{$z(;ff&Ov#)Fh(vqFG!-&BiWcE^8Dcl zn7vof`X@}y;miKjJ(L|4^#eT3rkdsPdaA1D`k=$Px%pY|GUUX=E;3f_C8hzudx4P& zgIZx}AU;}ygVaB?v?^8l<(RH;&*3tVm=I({eO40NRRQzV$Q(1+`RPEOtuL6Bt3n-*8HNcH=uQM)~$-!#q5pEgH zkPRK8wOnBL9}&c_dqvq}K|SJbTz#$LkD0kATx63<_F5EuNG&ItQ?OPu`hdkSC3+uO z9It??>y51j&>euDa#1a|uaRdgeFxndCA3n9eF8YYXN*3-blhE4g=EONR#z&5F?!O4 zIuCcaw3-DM8<^gO4w>BBUo&tHb_*kMHhHhP4*PL;PRWOfyF^9rI4n>m6Wk~649Yj@ zmZ$G01VkRFn3V|}xFWO&$lEIw~PIfbKchzNN1cw8Xw?agItQf z4)`PF@@|^mMsZy}d6H^?7}X#o97s)z#s)$=J`C*q>a+9ifX@;qk1qm{fhCH0iT|y6V%kFwyodtG5-aN-_h zU6QL9b>aKFe$nQ5!5tBM;ODc8_OI=)F#r?TB@Bo%W-PrO_GE@~7V+{%*n>V7^6J{I zIbgAP_ZP~cwz1!R@e%BJvHfAkk#0cc34=s8o@*jwc3`7rG|G2_WFjh(Xbrh~;0!gj zlU_Brl5&mt-TQI6?O7LztTdYCKqQLVthfldgST?Azi}VOX{f!}$Q-Wbvjn-1RQUwd zr6*Hv%eG@XD(;sZ#1O_0jlo$H?`v_t^6{L~c(0t4^-w@FP9_ z69$fY*GM~WY|4!QHKI%r$9}D7?;Yh}x_$)}Exe9!?Y|$Axx|Adv`GeT^yxe6tFZ9F zDYx?i@R&?O#BWU7JAalp&_lB0R%MSr_HD4Jqpg(X29yvlzYZC+mOeD2Zex&`eJ#m^ z@e-}z2bPGJvK`x)Vb5E(VtTx982`;0N)XvL{~d7cRzkX-)jBozrYaJUzQWSue@bi=>ERC0)zGIHHJ)@SO4eZTmv*w zi*S$?^9-u#5iPt$E|+qz5IrnYu(y=^b%&l`_@iiZI>Fp}f-2P@^CbZ)8%yrR9MA37 z+EubDf8(F^rRB4$m$Z5;rWs>X)ReF*g}UVLP#oL_0<;0aDc^w)Jyg$f-RPl47@ziy zD6*+csQVImrqXwV72L)+i%iHi!|H8&!(D@zt<+j2BXkRC^)V*x^m7`%^4Cgh>i+T3 zIK*`=C_T;R+E>q9DwdZiQ|qyE10PCr9vneKdUDYVnuR(TMvp0w!w9+U0x~OlBI<+I%Yxt1TNp6akQS*FtdG zINdFIbzaP6c5wTQ8hS>a6u+p51FG^)&vz{jvkVBDZ@&VgbV@P6wg+0EFXL4-?yCio zR_)J=CTR{}B0G1I6`t;fZJX`?k9A4?6OaJ_z%s367*Cctk9R2Fk-t>5OYxqWFFf*hM)BT#$DbR+CMBpq_@9h9)v}r>yS1HOKuGDLR+ZPu&g+7jbYc6nnzbe) zR4k_|(hl4xNHsvs3kVurZzlmZXzWk~kYm&&ESM9(Y-V$UwDL|jL%k2xW0%3U>skZl z=sg1bbKpgRyhdE;1@-}HPlcIAa|E^hPgme`Z4`bY*ZXT&8>5Zi3=TP3f=N(UW&aLh z#Q!ugCug%zt`(;XKS>LBTSQ?T)aM1EdMPfF-h2yTz{76>kkCON@@th z=QB;&B5=X}>go?dv$o(tJQz`*s927N>cDSd${AgV*Y}b3i()noJXTkBw2v#Qi$htX zM{xWBG1z}eDMtka`l`<;3v$AT~Hr|X_lqGI(e(R5#-K#31qt{m)Nw^2*v#fQAXj@qBX<0zx+Ac3?3 zhd3@gLb@bt*$sd^M-emU>=vaK@F&2{{~#a|A5;TYyU^zR9z)d%uicQ2-rFkk&w46& zjp|l=#r+o}VDZuSC%@%^%JLmN2L?yF23mAArulq`BVe;2)SqgSaHJ$Ik5n>cpQr1j z_R-|@+0ba($f1`7`w>BGOmi$@FD<#fA^3?6(QREO%%VLdHRd}^m~t#0+ApgcAf&T4 z(%TxNJc0(ZN-?7dGkCUF7Q-c#=3gdq>qZ*#LNDI@bj_^@tXJOBL3}&}T3?8jZ(dZ0 zIO^(0d#90%Duhu_{>U0d>I(rqEJdamaoilXxQ}vkKjb5#pe%4i+i=S` z>|awINj$>UppJOv^0S-Bh@$5TWlXYC2AAdDjmG2P;aPW413It3 zhOhNT)6vMt-BcmXt!S%JUSm-bim_E{F0ZUns$K4; zTjvt0Hw!bU6Kwsl#edMYJhS?X1(5-%?U{v|%|7Je3r^7|HY?6k}@Vr`23w0>& zI=*+_= zoL^<5TS8}B{X-&pd1UCoO&4a8w%gY|Ukk?q{KBFk97Ng!7jyIbks|g+2hYW7b-R?^ zzu7K}b<f6*D$&eRPU`2&yUfKCyP(%pwm%cJc9M$a8k*i}jD3DnUDM_PJ-XY>OKvZJ*WzB!b zOmA{5LMsK86EdaT9((@^e+~W#kVWhtsBzmy`%eF|2)+DPikk$L8xevt8z&VO^Ak2L|j%H2tA z0W&FHV@yfc^C{U1Et~X+k)d*UUnxmmZyXHAJd@!vPJyzVEOGiy z%q7|{Cp`Z9X)?cbMY^@)v3;d$26;)}dhDl99}_hzS*S(SsZS_JnNPp)S2U4v@tnjL z(Dk`YX}uN4(}b?r)t~W#-b8^?jrvpg#;{D7OHDC-{38Y~5_53E%PJy@5fCMq>`izJ z5UJ7{8X(TYOU8V$gEJ9-`E?gn=A%SsCRRp#_%<+k63N!?+ZZN|-)=e@mxSFEuU5I! z{P5l};+ro5DWH|$5;*)6_~5t|_yG12-@$Sh2Tl_JwH{?67vKJ0FXkq>;yurLQMzjZ zL~bE=>L8wme=hSew)pGT2cs&*=8sq3E(r!FPtA9{{nz=XeN|0@m`G#E1*J8$mECGy zVg~fAymppxRm$jRVlFomvp`%XI2L6T3=38HOD+C?2u|&>4W{}&By0&Wr z4YK(~vg^@%=^t#u4;lz9`XmU7__x#`J9>Q@HF|MoF<^c~pV>{qFrOgtb)6KK55TAV zTwy?!(KQp@)pS@G-|ZJD6mFhs14ciH$7g2-VvX$e)czYp~+qb?c4S3a()K3!MW!H%J$Zxe?&X>V5{qODoB4MjI?Ut@6)v zepB?I5Eyj2T8ydz;Lv9#Zc*twfZ}MXj>lg%7EOIA_-#C?bhk*!dE?70m;S^;y%ui` z)&NZGFQ56atj*m`T~^_;l89nflUa+vRc6h?sbh+fOI-7AdZ zXEA{88ZLTX8SVzbkJMw|oqt5A4=0~)&(7kS2MLl#~ z4!BDKrUm1c$A|Yv4{Jt$;-M_#*v-f+H1_d4*q@V{gK3xsyLVcBOyML zj>|8cER0nd+Rr!Zmh1aQ`c^0z)XLP=)i*yT@8ZuimJvu?lkucjqg%>9{)bt;vEKaB z^VN!w3D7Loop*KHn8RJ%cl&J(iuZuBd*R>btKh!9IhLp1XG&M;J+0loNSr}J|E}{7 zGXns*ZxbbK@y1npCKV7(}IS8Tcu_POZmp+mD^GQ_Fx>ox}G7-H-EBXjjpKs}G z=bzN{}Bwj3YI_>Im8{S!(g@j_aY+C1wY< z_}7>IMLpVIgnn0))k+H8O{~Ehoh}=lXnAB!cl({)=rX&5J(nY*sZlNqZmj_Z)MF-n z@b)UFgaM=n3ODi3Rxk&4hrGz0AH8SK^ z5ZB=AXHC6K&0_n$m!8Tk)vu{@5wIaZQaeB}&d8vPh(1Z1M>0YTH9XY}3WeUi$fFA3 z?ThLY4Q)bI6=dUmpINzs9KsA~02*R7g8ae7eb2sl6pqrWfD+%K8jBI9*uY=6O%=C9 z$vlWGB&Mh06Tyw%J=XIJ%m&1rfR-~)J}S=&`<+w|P1PtA7oh(XP!0K}<4kEcA1$F!xQV4FZesQ` zAHPDPB;vVmkf-38 z{qIXn>t~hA?CVOWoRc5ngjsa~szWej;*^+l)KckRz%%~{!f0q$jLh5tmtoN^&NK zD-gwDN+$FZrjSX1Ns;(t#C!r&1OPv?hjBmeQM|%zElmaG3@?lf0aTiWn$gpP*Ig`? zw@+5H(#l(0(oH(d*(pDoQ0m4HBVDq&7*x?83 z-=u(t*=G4K-!nnH-_oZma!8T5NAAKtv!=0#6pL}QWERZ66n-DNF9ubF(x6hIEq#U> zGP$tg#moH_Mr}fi$Ac7A!mgt-c33hGSaADTehwoM{px+~|2MeI$%JB1GI);?7xF6# zc~jeezlhYEw8&J(4I#&y0a_@}^1^A1RvoeOszkQx*Du~)3$D?Ah&aAHoKl(O z0boO+N|3B}vfw16Llh8{V~G0);E%!VN6PqkxnBNxX%=uwe0Ut!qtD5yDftrB_-fI& zq23WGsyQB&(9s)RT<5L#5C-8qw47P*pJH@z!)@M#$c@;yxW2}UzW$N%xhrHl+fjgi zyu&5`U#~+6XhBCJKs(l(e3CL>r3Tb`AOoeUrInhSkS`B}^_B=Z^&7+nh4QB7h+Zo>61i8kyhgDB@;%SDPKhh0D2DRsYO zZjd~gsWLMdlW)cVK`5Dczz8^!UVzw<9LF-$@IuoD2r^~;K5kE&=IoMs zMh1jH+0&@wO#<0c+0Q@9gsuH@4wd5Exkk|G5k4=_xsY<&*46(N`7qDwexAq=q>i*| zy1h<4tPH|wk_00G3zZ%R3p)?KnOFJ)qEn>M@{OClii-<2^4Eli!nc2gjP2g~QB4G5 zT@qwHG(U9nT~cT0L35p^xG?9Zj)Y!-hKP-oXpM`&V2!@?vr7;*22}Og#+g>7opzD^ z{HjH+*uMeb=>D11r{aUDo2W9v?otug^$Cu$E(9qRPo{)Sfe4~vtS#zHXZp+&^oKC3 zRg1Qp+Yg&ei8&INOttTyF`tK?k&Fa~s=3b)9%76KV2j^KHcWpOa-j6OyS>$e@S(xrPV;N<}UXyKQpP=@QvD_EbK&-83LLe`p zWgS!`U`f((8VQO2nI!k&_3M&{CN==OkmlT(`7f9W@vs^@W}`j)#{%bBxoZQmfp0T{ zTGNE%b`^sSdo3Y?_X#m!{k?HlfX_~G*(7;9WJ0|;{x3!TLhG5dF{um&m@s;(k@X;( zb^&O#6Onpb9)`{;B-QW1=RwFePr@$tCW`4EG{w!=^I61^@d8}%Y zT*9D}m@b;5n#qLhHKIQU5QmcGyGv_C#`D5is4L3Jvn{+;vH>mec(6-)z?a{|!KGE( zzS-Pk!$LL0=6Dmzdeyd4Nc18x$nPeichW3Ycz@)5E8T*3@4?~4mnI)DL1>)jITRtv z3_J`{gL*A@!;f|~nG8>CS33Tcl-Fr0<}9rnVI|ONwoIchbvm=iPm}DBUS~!OwJdpm z98Ia@JEA$kJ*Lm3K}#m0enhRupv%DX#<>FCk@m^Y>?dqOeLRV?27l|noD0Ng?2W>ZPgVWE7?jXr}QeG69#tW`H`=M&71(Jf~jAjWZ9 zxVRGQwiJei#SlD2z9>ty>80Q%0qa%dI;*kAbq*Eq8 zHqSwnymO|dz{3`J#gpoJE@hG8?7&M;hkh}GmPQBXwpG1ucXVsCqenY__N&do(RF~N z+oF3w0a>|wb|i>>14YB?jl7~I<6UPq2=sdB@Dknq_lGGfKAFi$;ApY$=Tp_=9l9K+ zUL4#aCc8z?N_Aa}6 zllm%Ce0*PSTaG|Bl^V-Wscr32-`|xyhnqvBkf%**Kvd)1QDB$OI7(h35wn$m9LSr- zgL3*kwO)GPbQq-<3tf8>kqcz&uW$+_{)}p&BUG2E%l&h1kKS_} zS7w)rIe z9>|Mk%OD&Cuh$0->%nhdV4($G7U+8{P(PpsH=cvJ_aZ1WAcmCyzK3RrW@$2pN)@JY ziWjxnXET-cHq4&cfPHitMpyXKze872#Drq*Lm)@C4pOXNc`2sdI)z$&i&y`bs*g=- z8=0LO@+pljfM|Q5h1eMH0?MJuzwVDu_)(|^=N;QtSB3Nho{5hW z4DBRnRh}=p9+R(px?29y@=<1m*;~eJSm8Z&ejF#9AGx^9;_qN&k7yeI2wh(7jBU40 zd;owz*&KM6EE$#b=sq`9cnf`0*}e2P<24YSl`Le^*Pp04D5`OZ7v0<-VP~5jd_I4k zIkF3yV59Z>WFd^g!E9fXi3P;(QlF$Ewq`Hc;@sN^Bn_lP~PE^$||tp~(&ifd684=t5>y zBYuR?p}CyAtW*HGOVBj=$ODX2EU=zmPZpKxNnaK|O9aDCUjICbemjb|75`@>U!e!6 z8w_#%p#M>^aTwm!w6Pd;^MuKqg(J=*jO(HB{gfp*o^ZbShvd2Qr?O%6x^Ah&@;70K z7?Lu?RO~%tDM`Uqs+GCa!NMA_XT_VX+v3U+G zN5Hf1isHr4)uBkBu6FB}Bn+b>K@jeN)-5;$Y_XqXfL9v2GbVo<_W`$j!nC@YS5|a2 zGT8)^qO(Kav2}BGc$Xm7|8uw}m={~$1$$xWsZDX%t$~7%V69DtM)jfnLHf2`LWeJ* zdNxP{ilI&}8?gVyDa_kY#JyU;dQ#4P?CDlZ+CVlK+BkSHLVC^|J{7#yiGBdr(>oO^ z{Eah;m|Vy!!Xwp}_*9f~Ym3crLicX-loBp5v?t_9{)(VbSQmx zwWWRKYzJ6jSnGF~bj^FOA*kq<5n{N?^qFxK*#Cspo6oV6w7Dds2W5cZ7?EY*ZagI{ zYM%7!O)m?U3z%%(EI<=z6-FVdaMpw!$$4nbSZn_WAZjV3H-T#3};oBSY?s( z%Vl9_?480=ziL zIEwnuc|n;ORrnD5<-xWh)Rdca?$rHYb4;l$52xGU$<=qY<#%D9bEC> z_X1tZ;d3LTjw*Y|qUX~a6d&wXv3C>wO8+hurfuV`2CN!K;V+;pvKkr0|np+)?~7 zWhQVKyrG3WF}uq{HS+Y2vas4~*h2*(r_7K66CPe>ipan50Yi^c#3U`L^Ht-6uscXz zYwYzO93fq-`ju+v_3NL*R254GZ*$>At7|YKrIGIVNvLlo+Z>5G07Sd4X->lbX)Csx|1Tow32I0UFiX(pipsro2v4;IW-(UQ*p}5s;Z9nK)+VgcV}v zGQ=npw0vOaBO}UJnzKbTqNfGuLO*0S9{YlC1?QS8`i^(?K`=(Qmwc%5f*-O)?$PyYg~(- z{*g{N+GYs^vHJ@AOHX=QC`6Psqgl1V`L3DI_1SVbGuL9&&UsV^&(jvHZz=~nt& zQvK4fUv=)8EOQo(mh#jHT1XALYdo>C8d12$^M8-<`pBE(`=|zWzvW9#C5aNIeTl|J zoM!)7R&c)+#}J0p7!TQ{tjT_eE1+X$HuPHoyb;cy!icHeoUrWeT}FFEho0o^2(`E(85he9oraZ$=Ci0~_*qx{P?8vM`IKSu&~ySHWP*NS)(sS$7D|9%VL zM+d*fkIV|CD&1UJ`VTQ}n$a{n!MVG3Lav6yGSais6~Djv$_<|&sEGRwOdteLgH_(@ zk}EzWJlfMWL?=E{=LIQK7&&%Hw#$9X(!U1$3^`F~WMVgkvJ|=*lKCr2ozM*qRPCMY z2uygiKbAaXWv%mM^*SvS%(PHt!O{2>4b@V8>zeQ`kOQbRz!8;5gP~jb%70yqLzqN{ zDjB(}ageoX=E@Ut_0pJIYhRF%I~*<8J~A?Aaha92zl=FIT)-$zp_U_t z7dimkR)Fp#?_XTT1U0O2jyqa9JNrkvfzTcRUs1g))^e+J{^dX9WwgWAH7yQdBQV3D ziuV#f;UM=yzIY1A_T(v--YRzOPQTFSut*nYHpL|FNk)lPU`+i(Ro`+gprN6cd z*?>(R83f|j%GF?wJ5~{!eF`LA#lk)hh8L?Cqu@Jjdv6Giew(wN3!vpsb0Cqip0|#$ zMyQy;{t7c2uU)Mc+$E^8m!K#B!ya~(6> zFR4JNDr=KP_R+!z;q`Qqa|6~-K~A(0Dg{Mk#YRRPTK?xPm6N?}x7(-pe~e2=E%B{z zNot@t;E75GgILIqPFi%RmgTnVUbs3pj6yWQRvjdSZ56Opmy0RV%Hp&fkgyIQFPV z+dgk(B4#3PNIAX;Gxb%?3t{CY-_b==gLk=3$p!@{tac>Sh+hx+f0sePK?9bGH@C$4 zwW#TLv?_gjksVFpJP9&jOrtQG z_uz05#a{$2hu;NyX;P4to7);?KX~l}{NdWPCBFWq`eBJ9=p)gQf<~W8z0LJcOLpXR50z&SL*mXQL8bBH%b=y(l_qK(iI zbl^mSM>@-1M5BTRpms51e_tHDnXl2mDq#o$od=!MB3*C)efi`+Eo`oy1#+1aRDSON zrsYU3KuNMFKgt|IEypuklLaF4dDa42h9y4qKhAl(8@9QePX@gP1K4ZTXlQdCEr z^YQ;oh8b6V$A~BfhlC)R4L9$DJqU^JE3`s&Tt;^J?(3mm6_CT?u-Sm7RdejKt8S+i zxrJ}eUU=;l1_p#em4>B?=ZBY4fSpV^64LfhSxGUC7G*xT)2Ohfc2?>I7UKPYyZ}cJ z(21p!WJ^6D^rT%6@lge@|5q0(mh4n=MqQ6{AvAexUrRaDfWl80Ax^#4cnl9X8zIHo z=dJ!?h|rVRy=AvROvzjpvbO@3%gMHeDN;o z_aF(Q&RD&c0M*qsMX;JLfE|Hi3b&+|HtHnpOD?UhYi-r{hLmDxTIPPy3Dxw_bj+i_ znVTe1;9lI$lxKQ3f9TYcIQswCddsM)-sgSz5K@95NOwpp-JQ}YaTKIGrMp3p?k;I5 zX#ojAx}>|Lq@|^w`{3vMTmKi&E7x+N?0xUKXRf(s<{BwAf3Tp{(Ke2QMdnwD{eg2# zZAV8^@|SOqu;xi)zIDjV%bUre$=`I$F5Oyo_U{Ay1wO6}!M|)ge|zo|Sm&8N@|Fc8 zert(YkRL??wrz?L$~0=-6@Ts|nXXfctJC`6uYFt@( zi^Z{xo4h+i24XqXb0eb%LSXEbt3>Kym9oqi;5Up1V{K){Yz7%JW6)oDWTV0o3s`Zo zet=$b*2%9wll65JCQV41d7YbN!V?Xv5gbDfVia{OdoLq{A>1`}T#}xQpB8iPSH8*( zGO`K#5LgD-z1&xM5CEbf9t=0#(vi#pf5OJ-0F&|k%@1e%r2Y#(% z!hp!q%{jjQ_aU0u2~R(8A)>s^$HxPlC524inPMg5dzuEm(k2$}Db|0XfI9;FY8g#; zci`=~dA|Vn5?Yn74s>VFy5?HUR;F}!QjReG9cDlz$VXp_`oTtCu#pEgV9zM<>?=7$qXQoU=okGm7POB8YOoVkQ zfpipzdxN;b{XVV!_cB9M*rQXMIv@UMZ{xLk;9_!cn4eQ2c z7AL41uS7txfi1}i&Fn*#M}f;BSP`(x=KQ}G)835ifd2aD_D+vXlc=$uWn5-2^J-_` zKk@JVOt5Zr2sdk5@k$)EkS4+AZx5w{N92dxoxR{Jqu=%%vwcTL2-WGWi^Dcr&`1DD zUYaE7p=21;FruU48A6AIu3zhN`KBm=$B+39y6mtk?5B!fTuH#R(C`3uNV5;?lBq&E z{a}yuZMNSq(JP-B%xf<9IK<{_tu&>u0Z|R*l<>;CZCti2*b7)Ui2($#;1SO6a_aW) zvwxRc)(P#<%xFX<8JN=5xfG&CC?3@R_sOo?^%I^&#tuhl zmvW+Z4TYM3HBWs=pR`K&lp?w5O4z2JX_zRg7x zM3&#U7G2Tf_oc+Gt@XcIm2np>n;xC95_AI9o8|i0_lh6E@OK=efJr|UDCQ~9ynzl` z4L9pPToV+a00NkVVx#V9tMI!D`+ECy04<|wtZu&?Hv9BF39&W-IN-wn_V4*_rD0rm z{#Xudv3T83>WgliFMRa4SscS>QDeyB4R3e*p?0a5(s643i+O@(_?kUYg#4rsw|S*L5s!N6GdJG=2BUh2~>bmBn?=+ zl>V9J#%{hmO2?}S9D_30-0XcfOP8iIo?VUSW8w(grPe2fe=g$@&Rl-EOnzPx&hkw( zf;wM-6?p_Sl5oUo2}G&!Ma!;0^-P)Z*>&r1o36BdDBoegtbxo$yAys4Djz*Mu^z9vuzd zdW1Xk=p1eje$vhbDbP>D8U?E&z)>TTpqce`Jv4~_?at^xMMYPYvozI0PhR5)qwlcT z9?J&f$XgAcR2@i7XI804eb5I12699UT9Y&5m^^-y-+)N zI#9qNK@9e4u;bp$Ty=dAo(igoK0nYR-F^A65E)DSU&>{)dm4Oi(>$5;oD|IF3&y5? z@1RH@&x;nM@5YJS7VYr5D(R`Sf`{G%)C|6}1gRFgblV}XC@+Wg+fdl{Lzxv2iJTn3 zy0A!h)!nCtz=2AGWx95E$lF37g>uV@7Qv%H4J$Zr>NTEJx9-#gLP$*1T~y>}&-UyR zHCSu~G|>hPs}6y#85j(yvSIW;nI)Pl+!yFBnjrx#@=~C`eV1-Qs})Mq9SBAi^wJN& z=*Sd&Rojx$S8tDoM}1F?Xd3#gtA|LI-JG&UCh!@69`@hSyXT}lZb3EV6I@%1FCPpv z2<8Z}hPx+r9^YdPC#mvMv;UPEkS*1;aKHd{a28ONW+!FXT?R8$yQ*Q+`Ub^M^XS0m z1rs^TG(WImpO+Wphx~E&FzF4pq?iaQxsWyr)MU-6qt>-oAq}910PK#0zeJktb^;8) zVm;o+BcXyBlF~PO7+H6oNcjZD?P)+^Lk}5S9*_B14Slq^6qY@iW|s?UxzW zo;49-Nmkfv;Nq{9nU+`5dPZWoVp+Eh2`gHSlY*(fL@T_Hw`X{JJ+F5qm+L*4mQCOZ z;%Pk-?F1QzV9Lx2h#j-3#4nFf&6;2OYX9?sFdjMsGn|@{Zu{|lg}qB5xc!)|`k;lV ztdGm!d*N65R!n{rS>);(@tuUXnc8`EXs-is!Z5 z;-A=m9Qns2n;4f^b0}{R27hj6cD&2XJ0px7-K5c4O0#}pe;s4^gbFo+A2g^Be@n>& zGHPt0rXgwiL%>eFG{C}Q5^DbwzWD|ltuH`h<}U@sKmi!Ir%Z|&MBEiC#jm_THM>~+ z1D4r?FN_7thd>Hde9nAxsQIdl_iYs24+AInRN83>iW$b4I$-}raD1OLFk{3N>kLdaAB{h4IunUWl<;!Ae1CC+P9@H&@V$A+I9Vnhs0?$yg^7x|T(MhcpT*vH5o3CaB-IL)Ij8coEWmkIs zhiE_qa-1j~wdiWpKK(&e#s-gK-z5P=wwh#`Oses>N|UUxeK+W(4N2~j&w7O-4ZZdV zY`Ga)mPtRqa7s%vWYIJ#FR?9r@xzdOPQ1wKeauq#o3kuo0VC?Qc5BaY7O+Bi8At)> zEys!mNL(tGcyl@oQEAu=seur|F)Tkxvvq$mWXM)8@FlutZ%FmLTtY*;4z@S_Lj7ZG zis1{qhDiZ*uBC|q`;hNlb%=aT*35vO`L6a8H6cusK1-b5p=c z8neh;dP-2GD82UWP;LzdcuB}*K-n;36GwGte?#1Qgn^w&_dPmjQ8z?i|3rIDGa^iZ zFfGVd&sD1to{2lR7rx8qz}FA%SI&?8g{AP^&q41oF5>M@b&g}7e{S{nt{RH@+LC3& zy9MoMMxtQ5demVq15a^Y2X^VKwIrk&)zz<_o0wWANbO^?7J@+C%2vW@1-l1N1rdDL zw(U4q_W}XpH1KhK?gOJ6u_ZxlL6abTt62bxsBfj-hf2~Jzuf_&*jF^^Kv`V{q!a4j z>+E55hKk_b%4V4TfH5uZmt%(lU>G$I@5h=L59~6sW6OG(|J(fn`hg|;>>xcE#xyZQ za(Lv7!2F<K?mRo2^dW zV5xX2IH9^5LpsXTk2YyL-!nbAR`)uEt|ud|{w@GP8bHWGf!#a{;jeHiYyIOp_rFDz z{NGvLD7~qZi??nEJ5(O-8OWm!mzwK#S9)%*C$8#>J|6w}4u-9YSf(FN>boPKDL5vS zumHX>mOv1lm_Mz*T8%I!b6I*{ZM}*0LoF?KJ%V_X9N#o~LNryzZtBahwF)Tc{RL{T zj@9+Ie}sbuY(3T}t-0pux)iw)V#;XWhI?JVk9op1`Hrd{BT)E8Et)*xL&Dq^(IYSp zq;Fcu?>VYmDfY>7{OUIY$Nt&pzIO$Mv-<}#hBx^~FIdATBM@f0_%rs0kGdrDBzu|h zkmi{|k<PHeG1IuD#=a@ zIgiaeFG?|(pjEJ93Z>6KgVItfc`zu)DlB;!y1xNcfQ3@51{h!Fr>OgEQMQLpGtket zZ-J?tfa|58erq@-d*y95Z@Xnz`j7R+`bV%Sd!QJnHXBpQ`5^Fa(&YV?brJL_c*f7XL^q}{$;2li z?$))#gqC;VYndvAiiM1)63-o6x|S8-V3-Z2*VYU51q9y)O%yhW^uG2?ol%1KR;)|* zxccp(N3rKzcT0HAVAz}!W3&0U8_|(^nHhTxwU6@)nbT&7JTRQRmTQfkrpMsE0n0%o zMlWZt|c%v7Hr*tCxI{w+)$%IAnPe=eC1& zI%vlqLPTv$U{yVhQWXa0pc>fH(SQj&fuYx@cAuQVd{>bU(cwO}lHNhu!2LX@&kZ&z?SdeCzwXYbq9u%tIYsW6{l&LWwz`L0 zw|o5I|2dlu6`1ZC{vGKPfekbe;scG%f+v7p5rz~owz)m&x7*F#IcL$MYO8<5T-mZK zY+{iZ{~tjKeD9S%y-}7r*PbYPP-bs+x>WhA-`-epA9)=GKnQCy-cwfL4sRzcz3Kkm zL2wJCa_HSnt7vnBq!Jd29W=hNO%Pap{Dx_oiOpq-QL~b9b2S z&cBj^CW8a3XlA?L%f$2UWN13EgVz@T*zVh{wj~2;BHwJ%xnJ{zh;o+ovqkQ6uEkYT zufe8Af@lU|$|ukHK^lsB3b(Ctm=`Z?hOYVvr-y&oQWL~DLme7|bSlT%ujTp_iC)1G z1lN3&G>Z%j%%edZe|F;a!m4170>(YUcOM0tTy?Z{=2}&P_1mb_Vchq(2HA5}x9AT5 za{4<=S6deuEIW-RkmvWecUh0)fJG_Yo!=#n{|*~V2J_L-tL?GCS3Xql3k6mO-COK8 zDMoe?5cC3K^0_sqP(O*{hE%6!@Aa?VRXHp@)_!+Ef#qrHRxKemTmmDg!zg-sC+nAG zKM)xyJzZOq@`o0JeQiK3LF4RPjcbx$6|4t*d_7k8CBY0Y%;wwIHOtArbNGaLU2YL# ziIe%8K~AV;j(Uu*f!_7u;l>ormRH5uZOhNl=gld(jG1iF*5TeM#uqm|ja{1r$|9N9 zqd2iu`RVLMx}$jfy4O7Qx)zFf4LHyGnSH0e66V&yaF9%I^#rl9Zyuny_GXLFPU4w( z9{tukF&J*)iAvvHR8UtfZg(Jnc&zUY;nA_CV((^X&Zc*wA7#KG~? zj5NrKpK@3e8g36&m{%)1%wG+diSwrC_6Jp`RrPxk*x9`ebx^Z*%|Wy<79r^DpdWju z^@H)$U)rMcIY^V|Lmu4%cR3`v~- z&k5l_oQa?q@4QYE~%^$K+K>ftL&!FU5*GQ_BQpmNK4zu;Hss9(SSd~jx$yfSC1>8Vz3kv zhvwq^I0t9y*;-|UsvBudtsJk?K_%x8W$dO4hU{COin3OmD^~y#--{8w({2;trI?)vzqA{9d^rAzG=JQil}nEe#a^eTPRfz z1kVVTNxOz;DCCI|rHz^54GrO-+W;=q-hMQ;HE&K|9O4#;R%IlgbtgH(B^ZA!G3cXZ zH1yOEwNH?F{I!|w*Vj11!gI}f&SlL20fHBmv4>qO=}lbA$M-8SiaZ~yf`Vd=iT?my zve)mQs)vEulj-(|?V-7w5C7G|W$D12!mLxE%ZR@{_b0gT~C*?jNp?3^B#=_`aRI`1$4(HwSry;Ja_cfHF~zv+OIim zZ+g3V7KK4|oo2kf=1-U7oDdLgv7Fw({I4_wD!uUCy%}CMtK=lrCPl!4Xn zgUuqqtE5Uahoi+O zW8R&FxOT05MiY?PUMjt8CqhQp!fmjYmelUA{ivW+cP{+LpFkcsotPDnq3cKV598q7 z+dVZx4WkiY$``)h!%_Ttd5C#E5w&j?3Od`d!CZ1r@1D+TR*gKV-s}GuAV`&$(X}XB z(hq+!6tf(G?TFc7nNMQS!G)b%-4O}oq@R0_hOfnZ*7TRP)vhM}Bi3$ zzg2T7XLrmXAQuQBI>g!GzkbQhR5!y+trc05=3TY=SIz1hF>-Fn^>GI2=iw}tr1w8u zfUvEX4Oj%IQIE51oxSIYaU01-cYPJte#bRi`lL3~wDQ^7x12>z%6VPbNO#f85RUW5 zb!(6ZuG_x-@@)7;hF*eU;x7OPL8Zy7WA^{@PS|R!#{_xRjzL}bZxbwtz)2ZYi`RPq z1+p}IgjJwO20H9f`)Gh@W)#kG_z%xv)XT1awFi_K`6djY=tiF(A-#{#G>m2vwZmNl z_Rpz0ycNHKuv6fTi0EWE8fc5x*vXhg9+3_11tW`1l{Mz>3qLL34Jp$;f@dF;v?{E} zj44y$SN#}GDl5DLC$46Cfi6kFnm0#fy_({OYf!=X*&LvCi zH5@6>OS6w4I>o}kt@+8sneo_|2SE)wBC|O&zi@~3);cPZetssGXm8_<^@u3L5MS%9 zm`ekQS2cPXt<%_D=2mg_b_76nQZGW$ghF1L?A2fGv2sE4Z%0{re!CJMfd~2WLS5*q zVb>`1(WhlUy3o*L0^(F6RmPB7F z?1yzhXILZeT6tuhz*3bNhj^G`_LogK!XjX{pygj8?AfwMK|%ke&p5XKOP^)IWZR?Rlt=;&+2&H-Ws64#2A6{Ws_=(Bk2$hp3BsV9j_*F8bj3Bl|IwIr zLX3Rf5C)!;DjI(0B>GkU`EiCLT>kVJ zoN-S2K`cIX>e^r!g`8%J6{r){Rkfe_DR=;p!c@ep4=h>Z75`OWTYvpmf&C6>#&$n@ zr0>iQN6Waw)qe)q8!;#$daOVy!>R*g1~mD@xNTH4vzB(k8l!H-(F2~9pJ!VC@l6IE zZ-2#}el+h$eKt>8Wh~&B>n8olZ&wg+6g|g_mV=x&B;$SOjnR_&Q?5?`Ps3K-lr1;g0INoQY&qZq-YA5(EO`$#lafpui_xarX8*eJ z&K)0NT(&ZJBfjh93v$W7^{da9>0xkRZ(at>8+`_hZk5nBDepb*=K9N#Z6MJ~K&QDw zSHm_zQ#!Lf)!@)=mVMvJj?kn?to@@YA5H%TuN=5CQl>NnZ{v9vT1pnN$ZvOvv`t}=_;2|zmC zFNTap-mS`i!SiU!rbvu(_gWBhY zV2(+a)}{^!pFfJTHL*gdc@NQHkd5L^Rh5@TdwOnx>{`--=P@gbJ!@u43qg7QHx zhlf9hY1?NDU;zk9^W}GD8;?K}HtY~n=sO6dKK$@2GoI5H_>t$7mFcPz{i7yM>ceM1 zvoS{!P}o;crd?KC&;#LJ$qglve!e*L{ITvQ^m<^q!!udQRNHLE?(;;@klIk*s%FQ6 z)39O6S7XGGI*V#dV@xj5{3bexr}G_)ZQv<#3qC%ZmUSoI)u7k$Al0&){;(NwBY2(E zAe&SeU*-%1oqf3S{CCA*aCrNleV^B0Ok2SFF=cEV;iKkzQe?D%WIoO51Xiddoj1C# zqoUjnrOEKGY`YSF;G;=}Orl)c08liah5q-J1c3fYa}0XP52!MNID1W4A*Y__^tB*D zFbA?KbHBd*JIB%w=Q5mm5h=#`7X}wPr@GQZG&HE_RB~CWG~E}8p!BL;U+pS6Vvhti zJX~n6*CT^BFY6zCk345UZZ=1}F#WT&I@~74_*XKV5!@EmhR%j?Ae>}>(oc`&uL-F* zAWvXNo#&hc^(pg?*;k&vD#V($_z!)W*n)uPLhr1e7~#H=#({w1YK$IpHx9OJZ~X)i z8!boW0b3VaV+g}#HmMU63hbvIfwodx?czl{Bx_h%*8!AuVR;!g?MM400fSjY(M$ z{zsWsJ)v5#X)0(~@~(_s4|M16ddHmAbI|U!>COpbNjbPlEk8|C{lJccuDqHF->SV1 zs#(+$1n&r=rQBec1{CQJh!i3A!8HLe#vSMeErM}C0PdE_FG~O8j^km|u$#iLtNr>^Lf#ZB7?NfzUKc9;rBmD2-~p^R*$uVbNoY5^9(pxMagmktWY_`Aw( zK1U$#{r*u+@ARKT2giV)b}_843p9!%AE%gB;(;8AnW9XoJhc$jY^9Fw{$Eb~??fIZ zv+HOfK+UW5ivpm|u_yMHt1a?q7jBk)eO1VP{(#9!8Cw6i>TKV0K;=+oz^c@12+3taT9F78=&h^D5w;0tLJWy_+oFdFfe& z5^KFO{bg0lL_@Wm6*<#_p09@b$}}8)jqPfmO9B&}zugP+9b(4775vQ!aEN>N)TBO> zNTfDEG>F;c(zGf)jM@0ACN_4ka4>BpJ==h2AJ;ai$-XSTYD9PzXFB)uAX51VMV#F; z_wEAq?g57iHrT|;r~EHJ=pK*^s9S@vqB?E@Wob~73q^W}{?CShr2V81`35Pn?)~y(}_~pB@coX9=D!E)J zNFw5xDPrn^rY<+>L}fJ+gwMK_&l8vSRJf){Uc3zbYGh&evm0sJy@c-__)PI%UdXrn z{n^uGU+)Ug8SC4BIqw(HjKR7PmqrYDCJ5HB^ybkt3Jv$aU?rMVbfjSf^AL|p^7njw zXNq7l+!2`kfXB@q(XE78I7Vs}aBr}08TJD#N1@|OsKd;cNr0#vvpQsiZ;>ulu0`x= zWA%7Yzm$SkMZzY2RQnf!4?VTlgDC~B!Me~fiy^ImRkd32SIf+>kP;|AQhef^Ve+Cv zlY1ryl4fMkLO@jOPG|~Ry+aSJIY!eq!arot_8_B5Ouhk$+4yS2G&(E}!^@(OEi`Ju za{BAQxi1dQ4@OvM8gP|U7cl77UwZ6dp zUxJPY67&#*dCQf0-82Yf72P-a7wQrG>fSz&-i0jB;ISk-Dfo0SYEbB^H_*`QCoKM0 zd~j(aTv_l9;RfT>4==?z80%A2;O*C6LIf80ib9}el?6PVDxxO{Ptn)l`YHjL%Hs*u z>mk}#WshIWDC9lt`l|VDtL}?Q3<*?Rfg&xQZmEKx>7srXn+ zpTzo2JgXc_e@F3&a$Za9L>0L|ifWuJzx*{bM%ZoG;A^B@^tCvY5@zhvk%;%HvMw9; z_k4EbEAJ50ys$3sXRi# zVL%`d{L6S68|}x+z5eZl{nRA&pQ9jeEI2a?zcXPJLn-U}$ELBLLz48JcN50ANK}CW;-U*9d@UP+6GP$9@%jAVX z!lK%t0oyT2+jkqjy||_4sdb{vLQSqGLAJF6>chpc;2gEgzbHtUcpffMA7=6C=ITS4 z@0;uF0bcPygh z5sF3}#EuZ@yV?8Wy_d9qxQ6;k0Ru0kPV{W79U8UeK|-u!F>xn}V3rpMny2bz_4v;c zd;hpb^NVyXq6fD6K`|%r#oF}Ftp)bbGQ7Pv1J+q)EvFD5em}%upXztq{?*342@h^x zBGUo8mA^KB0gb0Pe~_(8yi?GIpO5!*9nzUd5TEOyYkT+Ufhq0Q(5=SA> zb?t$-^>*=|=L;KXQNhiz8n4Xv)Nb1Dbz>a$ybW3_B$E;{u$|lZXfe3)`!N=;|Gm^6 zn=K-V${FYD0^OgS<{I%v3|8St108uHoumUONx7U1i*p{81>XkpPyCWhy{X11xgsIZ}<^Xc;9nbZv3*O8mRF7RLJbxYa2rl+~sw`?+vGcuL;v4?$XTnL!FyCfJ zexgJ3Im$wJ;UXOiBV*gU_cJmC^5>81sY`Z$^Wb)q@f3oFOkgCD_~Ym`1>(65LWUC3 zcFwXyp@!J&IWQC|VX_)!Lc~n{C9Iznp`DTtr-FMICl=_TB6Yudq*_1lWrd`MtXRoI zNJ-`$v9pkEe6ByCX^Y&E^T*FDPckeTI7@}uF7qpWYqta=(T8~~{jZ+$VZ}u2U4F-X z@HP?TT(f21k;44jq2fn<7>idP@DL)_@H=SW(5nKQdlDne9PQ|XMU=$}^;KIV{tAby zS_UP3X2EJT38U2mqtQI3T}$NZ>fc9q=RA4>m8%=cS;@$l` zj@HQ`7#TDbh4gfsHYNyHk|8YitGu|8HN9x7cuX{RhWfb_EWr(B=X1}4K7P%TjgF>p zrW0M&oN<|->>C8l-Z`|MpsQf^wHt9yOZqm6dI<%_oU4fPWZ!2Hmv_7>t+|1Oa~BRG zYDi(9By%HdF>T~W2hnGwPq3n6uD^g22N!tY(D#B^>-T2c);;xj;jv!r1Pz81w6-|~ zskPqI$cOQu*7#;kHa{i*DUQI9qBZj>}*T@92wzw9Y=)YLW5uJ++X4% z-3ljOdCqlzzp=r5rOe2(Nfn%h{vTJT4&Dksi6xUb?)+d~Oh_@=9gXaW&E}o3OKUu# zBS}d-%OsBEXuA@=uNLfE>)t@Kc2y%WD~^NmPP1Pjp9t0&#U(fI#L$T8wO{JI%A&j7 zQt-tDKgt5{lg*r+df{Fvo)5KCQ0|Y5$b#=OTnWcTHjNTaU_AA$un% zp0hZgvo;^D5Xwh2b=%FUzi_eMP=0`*q^BuAy8 zKaS2Q8!`Cuam+DyYh#++`*#M1kS`I{V?C|dX-nSMnpwbMUqK1@-D2FCyZPxMF5QU99s%?%@SQ^*IUbkB z+WLjN9?bQMA&<;n1r2+Rv9L~+?cxv+R*@%UHK=}<>TV=5nL;>|b&;;8vv)Z-jUFp{ zr3bs_6TXPU*kQ|b(-&l$sF1I?eH!w%jyr=wF|4(D<996=DXVGOI`+3G_bk8e5pY%C z_$dg)TG%Tz*I8`U%cDl=eoR=;`F1f(c=8uDLu&L|k^Jzs@O$A0u-X~|2^Wza3#t2q zNP?09Cpz>vf8qC~@TS15Vjw*NLcE|@Lhkoe5WyD5ymSQ@zjkyZY4yjna}tuJ7ztPG z@?VY*dgG)kUtPDrwXA;UlYXJnhKK;?elctJ5F(%Z_G$jV&u?=b`3Di=qec^X;xcCy zYhM3n_vui(d4LZX_4i_Ol?($UgwO8W;5=HKBR z6~)J{74KuSt`$0O0$sqti=u13$^_Rbtq$U6xqe7L>qvZ*sl%A<^cejQqAD$IC2$#O zEAhhqBqLnVdK-3D*6%Zz;Nn$oWhlzN1hMCe=J&-wmdyuU|C-7XotTc65tu8_xuXVm zDg)9^uMD9m6BEm=B@^y?7ala8=gFg7j1=~K!I@cbPW_d4NRN*tGCQdS(Sdj&W%Xwg z18DLi1fRzJskd^{8Fw4kb|%+TFV4=-H06H#I4;J#&$=E27-1F`0@?DNsO^y;&f*bl zJ&VUgG8B!0Ewpe2S7SnA&-R}s9*nT>`tNKxN}EgTB^MATf0N_CREuoMiSzEuaxBa~ zd3k3GK8zmXjc_W*^ATKLb-m0xRraw<*EJ9qsNl`QXimX`HiRBGc!)u=otsKrocdm! z4DSYUNm!Etf~rYyHx+`>YE|NDdy2CzWCOctxt5HdZ%0_2M(ah(cm?pOq2EbXlcq%j zGUwCJAbvYW&Y62j06m@C*i6w;k(QR^q2&eA3*AZp>o)ysETbQ?+Z6Gf?rVx_n#s=* zcUxALoduitrMsu#F|&<37Zt}>$F_J_g*E;3yP2Z0;~!cc0;To)h05i5W7x8;YZ2*5M&cz|%? zyodMa(!}yuF^fVjq_P=`Npbi4??Tmg+^i9ImU|TtG?WA2+PrT1F)P|<8^^ay`u4a? zy|r1fVtB~z2kQ>bdW6}mK+N<4G1Jd0S7d@q$Mq*JqWPE0;@Xh|3-B3Lo(i|=r77xe zH;sTeGnex)vQDA&pM>+wnGRvRRRLIY5-LX4P z+Gp4-NO(&EVf-O&xVk+ajOD0UNpWFfTDZ=Dl27GXDNhrf?P}c_PQgR`{(`6mcL^`n z=(YA#3riHijC2ev{ewUlJ5Vze^>!bgkv@3_R+ z4b}?XzVV71x6%AcHdO zFoZp7&TCDcOmILpGLK;gRPHoURdix3vzgEhKz0A|1xWm8pWCro!M(=VmrL4Fj(74+ zGQRSZ(el;X-X`C3q9!KDSa)I=f8T%;H_iY3%kL3$69w6&^((W*23YC=9uOP-@5Z88 z+xy_2;Y>c3OZoclGT+M?7Tq)ckdxKsY;G7ddoVLYq~RuGn9qA1#Ill1>&V@Bz@fBa zy+HNvK>=DKp6bA{?oF|;gTbeFxrZAsjnds(lbbiV^vgD-GQBJ+u;kujnUv;Vje%R& z1uxu||Ce7jjYWdpYccb{Xb~YWUrYb%DMo}#_uD6^3dyVA8{>#|z*~&7Zq=^8$Qsd6 z{NutmkH_C?v1x^{gF_nYZhm1@0ZHXQIn|PGQ4V=Ruv#+N4lVN|`tO#;;PB4d&)_23 z!Y6h|$R=WKNdqjMuvE~LTd)tx{> zrjf+3u*}}Y%5G2Qz3g(5r=Wv4bmM!z5l`koANZ-ysSjQ{b$KXalKDvn21-OU+9&Jy?_$#Xl)~Fw zi?i93vv;jy0<7Xlk7)T8`?`^*rFFNCOw{ZHBT!$u!hZ@xP|rND(nYwAUSFB&%k&V>7 zKVNtKzc&Gv0Tqj7Ldo&3iL%(ZmVX9;6pXe**Q6T09&mK|*FYZ}7}W65@PDp!CwZ*A z{AkhZKS~BK8+ZkmV3mpAE9`lA#RB}-%`!=C4X4ML@i5;-#jDkgtmRp;(InUTj);mF zU*~z__iu3&P~UrkEiUJii+FTBSJ|@yfy~)5N0p}xt;6gztU^1y^?d$8;O^RG1GCa-Q2XBn>d z&{PsbU%H8xePqOwm(Khp7>@_-#dU~CcK68%`Om)(ql_r{Dw}x~v=-*Dn71zNjP*_P zIc20rtS!?@1ab^3nWbWpw>6X1JuJn)=>WS)aaIBC$fic~2{g2m?1b z&?;2#icE=^=N0$MWy*A|{e(y+Tee-pzW(0hcf@AH1AjC6VBhtC5?E*)e?b#?dm>(W zIaw~?){0RuGIZY@cj5 z<>cyS>j$*@(S?5UC&TE`J`>d#V|`uN_TlstGZxPOJv%e+I3X$D3%B^KrZNVcz)K}R zYd8IRbabUSfPl7Ffm43H`|A+z%GxRRnVwum5WDyAU&UQ#%N1*F`}!)RQ02KW%iA%V z3YD0UVYCZj7RRE^MxTlfe@fj3^G&&tHN7@RF{RAEKfPW~M7^}oHC9=s%)PMrJeXcD zsrh1o=Izv8oGuS}!nLiy%i!y*WID{Y=XBA&6lPh%bY{xlhwgfvjK@os$=`lgm5u5i zLmgLsLmqt$R zO<0GYcGkive7?+V6v&jJpN_QPfgB>R#>6Ev)t9ZwB5>{e7@c(_7-{$lQ99Mi&n-VU z=hdOe2HGQreYJY0gEu21T&xLg#--zndnKKA>CuO+mpPX@#ozQPD7G`l3$!kl*e!n( zq_P>j`+W=Daw2bbUVAs|Ine1~Jffa^ag6Jp`)BKT6DPZmMeioi>u$46@Nl%?@716? zRM0BXJz|tI;VZLK#Hi=*x=E0;I${9V1`NmEYfQMghzT)=X!GQQ07P^WM3aFF;0r+X zo1yvN(ZIL@R4&$f02;IaMLXikK}z501%SagE?^Cy_w59Ecz?!XG|hZN#^K76IqujO zN~}v1P;Fgw-*Smn>XEka3G((3c9l@`oz19uTYwsvt5~)kaOz^)+Ygg7 z(+|#q0yufk_aw{)pJ=$+^3jZUk2v27?hQ2DJr`;^=gck@mQj>_|8DuGKXpcw0SE1H zy!&`^|F79nMh3Y%9Mxzt&YO`H~SzoK%1>c_c?td!iHhv3@ z^dEWZC1sO(X=DjIyvY)|%E}Ntmv`SEjo#R&6G?W>x_skv)Nz=3RFK_z&U5*z+&6uz zi5s}n@24i4ja5H(913%#fF-FkVDZXx`efJca?Rkvs}P~H!Y&>KxOi2^WYgZ@;!R^@ z!r}lVp)Z@pqVtWLI1H{=gP-E+Tvn~#;y(5g!9md!-X`viM9Z^w?BI71!dCsrqQQQ% znBVN{cZ#~+yVCxQ5Lbs{Ezl~jA~TJH^6MO`8U~7jJ%6If^)>I>%knj4Cx*M%gxD$X z91b|Grv^kO${ziKI#5t#w;W+=(aU(d9SiW)Ub9V)a56ht-#q3C1#?D~jwZ_jGw?S~O+gl{3K9lHD4u&OOvekIhyA6|KI;*w zH!B+=TJ8;B{yK_fx&MxEw>27lY35l^dcId+!2f>-lS}NH?%!B})ouc4&$EtwSXPA# zu&;FKdE)^WurF4B4hTfWJ=3G^2$87irMWr4*_NRqvP}^-9T$%1i#NBrVq^uRpUU1$ zC_9(SLuZ24>)6@9ih^J%Yj=;by>m!s(Hh~wcU4Vm{;HtGGLHVW072hV??(3_(oIj*q}V`5Ay0NqoCkm_xpu)v zJwzn|A>y@Sx5@+XQ1lU>e+}0KcuDYA9Oh*(D6B$uK2wi`{SOydN?W!~bzhvA#EsRJ zL$hU?{x*9A2;;<`488fmvadE(5arCEjuSuqA<8J$QP3McFTb>{4JQ=sDqwRL;x`5| z+utfNNW)~ahx^8+qjR6UN76mDBrU|)Nrl|6`dBg`sm|zs#;{gqliQq!=LdRx7?g$o zgpjmc6E@myv6(FtxwyV%6VWqOd_(`ZkR`dfUYG*eR^(t}uVupk+F(5J9J!OA6cut5 z-VXhAbX{OFY^{X?GM=HLKYCMekk27V!$h0pPK#DV)-Myd5u_i2%f_!mb3`H{EOUt8 z8&l)}miSuA7lT)laeMOTL4FPa?xrtxD*Q(D=$aEsWWPrO=*uhtKb~JHGL70|@l&-@ zXtxd`YGOhEyX%wQS8*}iT+-6Q$Y>$WCiyq`0mg}^lk@lQoBFp2`m;su-#%Q`#t%!e zI2V}-$S(JTgpZnpe4}xmyybKZRv;5l55XW|SgdYJJ(N9)i}ewNJvE}b(nhz4sX z*9BdF1+`FCsslQHj^L%iKz{<#@XKZU8Rtsi%;xX-9xzbjUje!E1?enNi7mJn`v7GO zeQC{>ASi_jD!rGqx0U5J_c-R>h5^z~E>6eJF7R*o)vAkpQ%)a8xbO!=q7TNiecw>Z zVPap=7(Y!*#nO2}9e84*qF?QJ>x6OY8pYR@Y}iT*DSpDQsowlnDkPwPch~i0Z^;@t z%$=}IkEyvXHbmd)_4t}(-`>ow@%5Z~3syd{;#h?kWBd($32ij_!lPt_~gx%+C76S<|7J$viY`rbK1i{z8VpZ zo#)x-*~RvEp%ged=NU`t}qLutfi{ zG~j}ZN`X5+6nx;R_&dAukYn&6-A*R(4~an4ng@&o(KsMVMlNbX0th`LKI5G}%B0W) zz=}h-y1_RH9VH?;_d6jw<5wAgo(F1I6ivUBas&GPeNzI4OH)E*oGtz zyAfqKgTZ7SvWzi|tYaJA@6q#n-`C&u`J8j+d+z(Xulu^L)2^*%B{x)3s;mZTn-(;& zPlr{U&%r8vts9Vt3b3={H26QXP3fPt6e>DxNe9Or&jJ5!tMc*Q|~%=|T(aps2G zj8C1-5j9n4(Yuu7D-2u5;+ACft;bfgbY|~r%FNkmvqYs-E`C;^{i#`Qo=k0rkPm*L z!)MeZFoM|kBG#w2WgT;#HfC~3et;;Ff7&@N@#74jufb|=MInvatMfY8Q+dXxNNS|& z`9cbWrJbP@4rZjEA;=6>m}Zt4E)XgP9I-LUU|c;#bY#vl6VreOYweH8gV=v0ua^K! zlmciK-1Di;i0q@*bk0=)`CG++Az?p-Uy3!O(^F2w)g9#j>~fyKb>fRz9XPa6U~cQEGklm`)rY~kqGqtfkhQZ-hzt|QaC@(~^U+ZNHbymAX+K|7l(m{{D{ zM(~Rr51eL^uf@4b$XOn!O3c@+D(Om4Lwy%Nwm+KJK-a5zkRwXL7nlXPJZDKLvO+>HI!Wtet0-V>vU( z2rKVOy=2yWbIDf|A5>yoqCD%q@kQbPgsgeKex^u&ljZf~?JDB+v&obv{a+jIMLRDlP#~leO+!EVi}dLZH1)aEbZuL^`4uC#(ErSCUlwcv0llmb#i4 zfQ#|*A^sOEQk52&F}HyfLKD=xrjZ=sw(n`H^8=4HSh2BfmbUGUTpcNB%f|y$Fm8-4 zh6VU;P;;h>-xSI4U$6+6C+NJK|47)g;ngFbbQiE;RKBZ{slpE@Soa=HBiiCSs3p2Y=B6?s%C78l9->*Dm03gM?$=I_vPVZ2R76K zK75-4AUT)So@=IV=AHA-&*Lzd>BWF(t9!LW>~>GA!1PtGQ#bUoK2_>ea;}+RxqKYQ z>pT_-`GpT8zLzzZoH)7Ukff^8nWSo+mKSq&It%qTWv;7lF=}Yz8uZ%MX|e7W-|&N7 zJ{GX^acM*`8dZ4tkon0TlFM!fQw!M`E5P?sjdjs~gk1aW>7Zw#wBMJhV?09e#K9Tw zL)V1P{OPE{`A=4JVw4bL5ghqE)WuwozD zIp2_*-LC_wit8KVT4#G33yN^=JHJ0PxJw8coVCfKejxg89nl@{WJ;maUMCCt5KN8E z0>-NK?YIM|1JPiijJf_w*AW>kOCV-6$V=)cg?VN+B{_03$`K0=A>_n_eylGFg%i`ALAXO zCs4NfbzTn-j6vKvbT_w8RzI*H+8RIlC+!Z}#4Q-Ytd~a;dPL^T5jR}pM)CXIOFAI> zGf7h7Aj`iBpvcYr6QD`1{^N%8a)0KTz6zMa;}UuXXC+C|X9n_fGk$FU??Twe>RhpCXMNrQd!f2)d z?nz+XW*bgm->XtQ4thi}VgWb)!ffULl`lWQJ8I2pjM{V?d;OCJ?l-ZbA8gLjP7c|w zf$vhQf?{uJ2sYV(zN_tg@!a9Xo3}imgn7JE))LRTx$dhe;BdPAmDqW}+;l!Mye}l= zx*l*E+tGz*lS%mrde>c@C+Wx7I^#gy0Sl;G5FzmN1`qs8N^=Rl?s5~ste2h`4ajRi z1)&&V?==r#EWV+KMfmEL>x4EQ8YuZKxL_;WrBgTVnG0`KNt7(lj*+Gs7Fwp!g={ir zEdyf1*St%OI>P>4v0DA}q8EcZPmUh=sbHQ~4`__!tKKMF=io;owDcGPa;~ViyB|gz zrXKCzY7(}!0-8v#r-Hr7LOtOvpj$hgHK1LIED&m0{_aPef5X2hP8QGpw~iI2CsB6P z8a)~${;R4EY&qT6ZSQ=;;MD!@gB~W@yXSJ%zxJ`#eN4C9XiC^f)=R~~k$q%Y=Fj%C8T?~yD6&s{uD?kUf4zpHaI^{C2? zh4#~%T>4-~Y1=0R>wB=ja~C5-BvM!poI0hoqSY}E@!*{T((V)rxM8pzQj2%WgnnFi zxoZ-#nJJ&$9fiOG+WXD1r=eoD1y^8w;-&1?Ko~JpQ4WtxO6UJ=?z;=u?ViV51YBx~ ziN#Z6`j`3yd!xgL=@esrCM=$H42~ZxO7;ylJcO<;vpv6m`s`n z3x_3NY%}Q|v|cC&Gt|MQO?vOM-w&Z5MGws*frIGD-@a~Yk-GpdzGs)w?vMmU5q9^) zXuoh#p!|>HR~N;#`1(7?j==Qz!B#Da*yEmFV7ApUoXMs*3#1m{17$SOE*gZuV!Zxw zWcBOoLlg56pI8$BW7jqxeHFl(D}0#cHOe9nA$>qxauaFQptQmwa=y*eVRu zJa!bE6jkCVT%u^zSJ?~f7SNjE-4{}dOx8} zg1s%rs*AL8ew0ISIf$`p&^1d~Y270032b#vIOq!U|I z9l%)8Be0H72$>qQVlGC7rcW8M?^t-8&<9|ZWG{02=2?YX2^n=_32S%G`8>bZo^quq zS%%_%VSBcZ=0=KBGdQ`^i}k^slbx)lwr3EslrZHMW;rCc!4VG>!F_q-2zXp+o&X!4 z=a#8)Xj=daW!0*B+;vb%UNPev;Hl|oSfShZ%kI}ZhZ!*sO-R>(XtC7~_bBU41YZKyb z(4nmq%i$sUE|2Lf%i_Yi4u0O66f&uEZr1ZZrvHDJ^{ih>7dHORd1=^$1E$yVc31V+ zH=-+{?usvF>2l65=&GJAdBt>o39tJeWXx&dyvP8{z45*5Z0F)ESiL8#<#NFjxopPg zXFeST^!ck#j8B^*lE;}EYu7e%Y!v4(%kF&m?!o9m$Ii9s9xy#3aBpgOMT|%igUHl zu1-0c(lqf#W50x|jSB}}%5oQHfN6b6**|ohWLHjpSI%SmzhV3FJ7m53ZZ1Gv<+4BA zF27ly$(0ZP1e##a5zO)-EJ((W0eAVQeeO5Qp6^z(a;Hh3%K?n?jNpB3YfV*$wE1po ziz(9n)%>o!&h7qKKZQjFgs7a!+;J)3$+KC`LZz+f?s%NOt14 zSp{9zUDiWWp%uFe%#FSt0Q!PHQlLraaO|5-H;eRcd^pkK=^|@KHQ;7R7Wq_zEluTk zBBWbUTAEXzzmhKD_{d%%g7NUH+h7qM2*5%YJFL=|K?HvQW^jkWwl3I*Dh+BzLXu6< z{>8;OKkxeUS{ss_ZI~dyyTbT)_40{`PdQRnMo2TUA9q?*L@ET9uIz2bf4+o|ItOc4 zW3aWg*d5?_D+{nWSD(vQxCM{oBT0a2!uZrHa)vS%zensSqA4o&3HiE_^*RCyLhj(y zSHyBV+K2b|!3a z9~iOiI|$R$O2-`g21r~421rBfIrcgvL5nmlaF*?n9Dh;>O42#R=NWagX2~0bG#|2< zOT1{?$|3Bo*Mw%`&DidPuo%t%#0&e^U3-s5ez>6M?v|p`Rj(v4wPpT>VdYOxP4Q#I z9Us&cL`6mg3i=flpsjoge=z?W+w7y{F+)ZGS*fL9;V|5cHHBRKII#X>i!#I~|Gi+X z8q}MNgD`cs>5!T*6VT$c7o{08snTF$$4Z84?6>rvb8+kxGa1zRv+D@77V-yKm%$IGwIj@ z5pFj**XB9esMS4A?P&(w()l!@Ax zYgsHNcdzmK)ef9_0FE$NoeHW-lPKG)UZ9YNOy$)M@Av1Qpg%8?>WQE~-_w*IhTivf z&}6{KSj=!N>K_U4U;plapZRO%xIcF+QY+VHWt`e}*_&cY=212TidNW&5wW} zB8LcRL7joXn>y(KgX48i16Hv@!D_%LNM%;mYl^twgS`{WgMZ)NLz|33TDaF8@nJbd z_3#o6?Kdj`$EEnuw+^^5fF9Ga?6!)OP+H}Aup+TS=ZkFF#?4L^bXck!IR5~&q*Lk2 z?}2)#RvxCOcj>;(>0c1X`EYw4Mcuyto)NoB0%RUc#XD==ae+zH>OSV799#W*P5|mf z)*<-{X#yA$UhOZgtLpR3&iI)+uEtmBD(xl+xn_fp!wil-fWdw~%`9|WbPswWS%7dN zhT8ZU{KI(A#y0=D-|qIJ%u}>_KfZfHLUY8@U`_E?-E>;T&1U1S_Iiu05ktFzS~Gl^ zwn=CAAb2U-ju6EO{fw0IxvKoo(O^UqE2S~KJ1py@qidd{?8@H@g8EG@a!1EseH7sj#O8j%jI!goX zv-$AEo)5(}*=8Ry{HUys#W9?6`e5a#C(vxz%)I{mF)|10YCNE;sn4=Wi6CsMfXX|l z*LUt3(6qd|I|s&IKMWHnD~elxX>tP-NDo7EpX+btEo$4CG)c#7pp?DP0c0)ls^nbF{FS)+07Ujw zl|z4)`&@~J59cC$_d!bW`ak&Y#B%f%_|v+OLloC9zT!T=UJlkeDlS)1p_=k`^x@X`bEtod)uEKaKHc(g6;@|O{;@z|E+ts z;u~twS#!)<$M&uxOJ1a>cqr@Ny24XIw1M7D_aD=^)V)HXe=-A$$m}!F^*7x&3@)(a ze#w2)?sL_Vyf`kIqjh`QHbuph@ZzMohpJ|9uE7};*y0NK`NX)i-zlIv=81+8`X+~? zFfD$j<)>uumT(1R?8rB7@L@gge7L^FtmA04XT{EPmU1=LZwl#(iwN#4e_GvAwuG3f z3MPIm8r!W<*zT4W&m|r&9YtzMaKh%dSy^K_TeC1l-x9kS=FOe( zfaJ#3>iSh;oYmTZxNrHRv)Gw8TtMA=Q z#kh)PGCHcNGuU1e;_omhT2-ux`H;qlTvo-AM`^X4so(lc**id^K>3Bx^6E~+9Z2QL z%WrE)L{0uIHS~_Sg->C{~usNV;`}Z}ZXnS|*a!w^x8mnlFNH1H^eC!2-x!OZNR5B1Y z_&7`8yeiuh8fY)?_d3hwnEUsz%WO|gM(#Jdch?ND#N!;fmFJ7j?R6JmPPGN9^sStV z#En!s1(Qg8sGWfk27`R@K#4jV*4Vcp{%%(%u8ty_N)}Lx{e+x=82CrdB#LlxqZ!uR zRy1a7DDNXjA0Cksg?c(*B&FCwTTqyhWn9=@-(YY_aBSD6p>DiD)zYU()H*d161mHZ zxbM+p39qv&rO4dP46Gqf*73hZdQe0#zDsNx^uw}cp*qzneqguo;J6G>OC7hkJ`4SN z=U9^0a5q5LfVG1ZI@pgJ0h(8a1XCN;vB@_~mYvjrJQ0}i@`_H$lsd;TlL0BQw#NYtJSB0I5`++T+( zooXmcceci!<1ihiwl5b(ha(aw?I&4_dB*5(YiT1c$vW?c4&(B|KND6RBmJFtaby9^ z2Yw_f`tbmfAIIm1BR70=LVG1=OZcpg#dj&{@a~;=_pg3A0L$eALn<>%^8JfIf}QJM zuhPJjP(_tZ4{(-vQU-1lre_YsWalG(&bdLFX9y?Uip5)KP;0G&|5nqxq&}S)Zg8qS zdF7FFNTXcUCbdb;`!^{K^Y6&wr*8kKJzoIYW`>O2af-vNHS4+Hjs7lY z%Pn&@Ro^4Ew0Cy%7mrWC#Z=6cjA|;apmRRD8tKJZ#Y=E}MveJ7gOZnC@aostn(D_q znp-2+52*|LDAzT|VV4+x`2RktNIZoYHG9l^eNJSZcdnn^HY=d$Kr=UN?J)GdZ!zeF zYITfYcDxSSBKB*w7K5#kXibL)t||=43Z%LR4abEYn+<@XH;qc}%MT|ZO&M$fP?4lO zSX(_E-4Qnfe)y3G{9RyzmS$#k zPZ!Edj`79t7b(r{D!q4~>-jb5ABwRZKn~QdbP{ap)M>vATpLPTf^+IcWHn)PVxTqv z)g$|8pagw-uRN0s9Tk)PiJWH)iB0hSTle6%g8nlgR13(KrtCirfQrF@>$9c(y*Lx0 z7+AWuz32^(u4skYFaA|q;BZ7uBZtnJ`EQz?TkYM8l<*GEmnchG+#8+og~Z@%HwR7_ zs1f5K@`7YegrrE;1Ht6#D*ZZ3DUXF{w=hNFaL;cYbJ5msQM*E*uNh4gr@*=3DD1P? zQOd(v*-%z8c{9)MJ@p}(w6G$*H!a6XubpN+OHn|#R3Y$6gvq;+9%~t|qx~4y&dz;# zF*jCqK9bKT^C8Le$GE9LuFb;P?1{=-^mhrAwO=lSuDX3mM*$yI(d83LEnXbRe1P0B z0;*u?lJYQYz~4qOaR?jd6R@eAo?1@w+_Pu*;tI7jK7U?pu1h$LW34R zt;MEah@br$&ZsGw{5eqCCBCqvMecVm8L4a=A}zB%(dN>%b!RA%3JG!x@sw;k3-V}B zd%i`{F1oI1+eq^LnLnFW57EeE$CpKUas$iVi02+3^V=--w%}o`9^mwBy{$qgRiy5W z7-WtCy(Z~}pUAcsrw=cIfFN~E^O%vdi3~WU)d*Xh-J&w>F`~|`z9Y^h)C8zh{5E(> z$1(^VeZ>-)>l~sWy)ONZGq+%tNw|= z+24rRd&muz6iF)W;Tn4Bfe=OpkIN(2Q6-Lf-7TY(kdQH+@Z2leMhkM)SP9h;oJ1GX>6W zuCy=Z#wX|HiPBwD{cUBz-D!21d*iM2~F6r_O8F$rb8SLtG|^)PfGQAVI9xS zqisnqvcO=b$zW^Yznch3bl=BF2ox7hsi@Syq!7_6LF{te;zI>Rg866Ts6|itSpK~o zY1? z53BqyJ%v6gk4LAls2yxUktp{cg>OWj-M$r9N^>1ru7-W+u=h)xKGw17`HDZmGHVlT zOFu%(KKDW)S=LnD?66OlTNaURrj|WDsg|1e-Fa*!Sz_Rhp|M57iM+!_FbHv=~;pr@BNM!6S`)D{-zjUQkJ6kxV^xKd5woofoY>c?PyDU$f zTS$`+7@;2(TJo*cmB_ik$6oH}uaJ83+zPT8NAes3kiN5<+%;H-?akPgK~pN-sebpD z09B5}y~;S{UN93=T$;?yVx{P@@m%*l+@C&Yk(`#YmY|LaEmJd@TKbv6Gs0W5$ARF> znp7(EC_d#S|LL0MqPK=pz+~zS3YtEl@*@V7AN+){*j)S`x6I=w;NJDLAT^n-exG8_ zog|&dkar0da~7f9mQy?rJMTUuz zmxGD)0f6jRf82mz42LG4j~>crnQ72XKM>9U`&U(s`!QjR%&ceEItgBEaY{!9u{d&s z!aICgi>Bndz4YG4acah!OWC2sk@zw#kaxjqt^MCpba712>bX-3Nb|T(^GTDU3+1yB zmfXvO-#jbw(bwR&a!;mDN(PuS`#p~(tJ-{Ne~{o~=7TQnuHs46mmnl61xz6bt1J1& zDFdr3*{MyfCW>Pcx_;z5Jc4g@^Q&!zd5QN=k>x1{m-d_@dY3`Km$Ju$)t4We;*7ZI zJJVvL4pf7kx|R1;XoZLR53QP(pSuCYn*x%uNg+DEs$x~y0SXSmXNRyRVVO-}W^mY4 zr6p&V-n>1E2>DD7^Vr7&RnQz{k~2{fgMOak3UB_ApP~W>vhW(rC!sXT>y8w90ZFwV zZ*dKRl0r_|V9icaQzkm2AGCdcRl7Fhh~BE9j#v*IRJqu_hzFVyr0OY*&r+m~A6znb zxl_$nVLQnF4}=viuW`ThnR{QOAILTU+iqwRsxqbF!mg{4L#Uo8(Ja%j&6vjK$@;)=iGFPY;hd zEN?c+dCg79F=nM!ypYv5_3)|1yqut+awdH%k_ zFOFtHuW*;Z)F4DBMFUq+vFIF19}rAvs2{@G!@-2o7xIL(j>t2MIW^04 zC1qj$soQI)Lw`-&+8tKb#_^7JNdyubW5Dj)LSy-xS7-~3^Vn*0T{)97kv_~`UU z!tPvNzMbYbbmA!FgL4DG9_`m>Nbpq|qa8YuG2YcQk9W&j1p^#sU$n z4Srz%NCFwz|2vWn9K7LQE?i%D5{JUiN6RM!S?ko~SxseA^UbI$GxTiJCs)V( zml3+}FBY9lzrZpO!}+B5{P3S!nF^!X7w!Lic6C`hRFKyM2KX6@U}!xSXhQYos`PZO z7oIe$Ygbz=2P9J>&T$iL$I#c)#vT`9&7v&z#eyPy!&xWEyBtj8KhIr;e~0yFeSPi6 z;m2ceE7H>F`vJm>TsB=lp*Pzs9uBK3U(A{_99QLUHGSzp#;F%YL2A5Gi?a4ZOd@sF zv^X4bC*IM8eoT?e@}8@Y$>|*a;nObk;Z6S#>bxPhAKT*CdRmp(s|{5!CBJokTNtdn zzO#%Wce3n1)Tu+*Z1nO70-fkp`oESUkUP$NW6JCbIWq}5w5Nsi;$+KT#0IrLWA-z` zw-wmTiV39p&uJOS%tvCj!{>=!k@?O){ybgoV~_0k7`b=Pu+W(5Bb*e0_obH`nIav= z!6(}-!4GzcnT}QTU+h4g|B3#zC{5|;Eh4}O=E_y)id-H9%uDc9kK2()L_`i5m`VCd-|(uY$TXI*C!*LXH|X<97RE~vU$?5I zK3Ff3L0k!H)JHo91aT+Nd^pf_*=5~fuypO~NX1H&o0l@4Gy-%xxLu#F&g9AleMgVm zLTr9}yaD4Z1b^7?)B6MFZ;bOF^k8K)|{7^7cP1X&mc#ihDe;A>S4&~+$ynaDVs$bJ>|Y#;?H|up2a}DB6E&2 zpCR7UuH%lE*G$;wqWf?3rnzjtY>!q=f2h(m_*xyK-b=!Gukp;7a5&Ce8-(|VdHCAu z`Wwy34qWd^z8X3`Y2^Q>pq~(f`8>0$7_e0QQofDs_;oJ-qtsZb@DPi0?=LP?-Kxg| z5kA}J%dyp|z`*h-LAiWd)W0_8iBS124^#v4o+gE=7Tii6cXF5|w zGOhdSyLTBR=cwGWK5KiI^=8fk~2Le{86sPpBHy`G`*MqZL$7dTQ##~w-u_nV8vO7+Y{Xp1mQLk1ei)jcXw+>qL4y* zh*v6os6b5H9?+3W{%d0B0Q8+FR{T+fjoojUC1gptpM^SUVQej&*S`#60v z9QkdMPk2H7T8yer`Ltd&cNa0Y5$v{-B!8(~Ux1*rKfAu2*cT=QYzF8@nN~fEd~g)j za2Y6I-YU=(HPx`8&d{I%YrhI6Sn2T(ga#%{<29Jx=^**2AT=xQ^GAbQ%R()mdtDL| zW2sgT?pQ5{7ja2x$|w8zt~2PW2q$?e)a=zGyA&^Gfs7e3VgLocy^CB-Sc84A+ghC` zF&RC&IXlJlFr{jINILpmXZU0tCqoG zmi%94`Sl_aosY)8M&MaM%4azKk&p1eulDPT?@CmCiyI#qaLn~umZ`q*aRU7b{xIj3 z1dC=Y=Tv_CWZrw@lyQei<5gd@Nm(00p+^ZhnOfrZy*UBtWL7b3dOEb;B62?9M%kFa zBqCep!u5P?hNJEXt%M}=tY`AEjAd1=-Uh;ZcXqqv$yP~%M}F^rYF&S6R;DH>r=})gldsp+YVTXH@m*$EckLy@OMl@eCHl*1bl}MWh^mCjn z-C6(CEB|L!DVU9CwE+Jj3As36*ZHEhur$0?lFEvbB%ev}9LW7Mn;`Kf5 zjrXh;_LWm@O)iPs`B7?aU1{*o%bwg&cW1&W&|~3zS{5tK*76FDnf5XcztW0+|tKOvO-`-i-5G7s~Qx-nS_JSg3 z9~Nw~43T{Dw4W))XH$21+)Ouauq|H~SHHY@c5k(yViw6E+xsvzpey5G>A><(CSONo z@>MjcNc79qt24L*eHNhA-w75Se1O?e2BvvF7R8wrXtit)2*H~35KJ->8MOw;9u}hy z%pa)hw+F)VJ569;?ewmRU&=m^=c;$F#yv>WFt03KB>97Zj11?XpD=HeWzXtHlUaLX zpt#@Y+xEF5^y>@Uv4;1PW7F5S=PbY)$B?n(>Jpy8078dXFpvS=>%W`4ho+zONcJ zs4-luaYnyv3XX1o+xboTU*4_<4m+jgTUsCPTH9J7=OFv8qea$*SXq6}c&?jA@xaSt zHdH1*^kd`;q;7Hpjv==_9)Zp$G5YZm{p2+3g{K~C4-GhEgs97&IaVHRZq=$}NA%or zqXdpK+hmz`e;q$X!y_fe{9@W46U`Ma_H$2uA^k3I@i!~ki+9=6)KOl`qR5I&+(_z| zO)3-iiBOz0Qd@jsKY7>jovsEO-=e$FaIJ&w>`1)whtsTuik^EyXaa{8j?Nxz4n7oY z*{QgSRH=EN;=g=Upf=mAc{Ko-cT2mydWGDEXZ*zdR5vwp8C0wxWsX)#FEnV2`Pn#eo#lagaMN$a^M)s) zQra#8uQ7J@+}!3Ry|^>0@nuKYMo3KIL4JD+saE!5&k&<;g4w+1Jd$VHPFwuxV^GOp z23C0F_d04?YvR#mAf^4ZmZimdDEX`Llz9|#tZF(f=W%>L$9+v7jd#6`7mAkOb;U6H zEXO<1?IXJ>eLBXd>f95_+@JS-Ta!^K#j8ukmf$nEGI(b*LlvRTRP)*W--&`Grm{&k;&7B)RSY!>#&YbtQAo1&3_2ZU;+u>(9nK zL+uFX$?pyIYRNCMgFO|mfKs9bIR}JMb$0>V_zbilGk~%JH(uWoc*4mA>kgoPK!M;J z@C4H_uy5@t3)RG2A;U4t{R7P&C~@BZcJPnJ1I5d4o95JLU%_{|uHX^5DZf^edlQcp zp9;nTV_!?7`|X*C=TYegQ#(`Scc&YoOg~Hjv16^#pW&v^>JB<0lDuoLZ${i$Bn$-5-Vm&4}F}=@JZ#O(bN<4 zBzGqV??{8DSCJ#z8IJTUL8`;LXJL3jm`zIRGU_o*WerFfR6rJm-c3_43u& z0ej4rI9^SByC}Pr076TE7yfU;6syDkh2PJ5yC1s05>`kOFQFJ$PM*0?vK-36d-O=_ zssj6YwdXzEgCHmAkL`092x&kwA^T9(l9OrXU1 zVcoA;+N}J}{_6~oN{ADJ;1|Sry1qo(8{1Bn@Ss|xMmTt5jX|JXL0Y^gOXx982(;+y zk2SzI613TcRE**zaLM`0RGX)A%>6z(iouZj(3CyYlOx~G_6CcvPJ4Div_r3M=LC*T((30~es#yL=gMTTZD;-l#nE{*I&PWvj1I)eyK*8w+gO>| zKl3;hI^DPQTgQ38+~5{Nu;CLu+|&CJe&=q;XnGb5^Xu}-@|5B~?V7ga^A7K+rm!Ze zhj^H!{O4nk1^o_4Nr0OA=ij}vgdMoG|6T_)?FoV2Ttx!*KoH^gSKsqn*G-iV{p8M= zb?<({&wG7tlU}UR1lDo_2A7%o94OFiw0r3sYv{4}K}}D&zl9zPzPfOolj~&YyrjmH zWB;lKyr_9Oad2~mFTmwpM+RB2OWNG;=g3i58ZqC$%A-jMye3T=y0JZhZOm`f@vP6R z!)5yXYWa@@aC>m^bT3DI?_56=lOZ4f#Wnq_A_5AuH ztr>5g8n%3$)ibub9_D&R&to-ytx7g?YDG8T`Mb`>#;2w81@{nqFqI{*x#TaQ3V{ib zBED2f*ii3k^t-R^b6D%cgp2Yq5RmV%6)Yp9PZ2YZh zzJPl<5@Bicli6AD)TTk2T)#bmM zax=C^5-bWqYI;3pttX#?_%H=do^wZon=jV94^n$J;C)E1W;K47MjhS{r9^!lB<^j! z8L0?Jtzw0Z+k|`fef^+CRGXdy#dba; z1OK!cTb_%J7(IqzWwC=_s0cZPZCsVQ-N`G3ri$My6uSYP4t@e}oIylmLNdb@=)Uks(pS<#zUs39u z;Q+$qKt;)0TDa83V)4Mz>PujFQz+R}7kKFfhNW^Pol>QqhD6(WA)YB%+5o6em;5oN z@;>IEK81eX{E_vSA~||!YMCWClPdfF1s@#3>M?PLgq*YHqTc4@0$G#%M~|RQ3C8Do z3C9&n#KmQ@XO%!f*DIGit`9svM&~tJOsJUh?gBRapZ@pXt0063dCJ>KE<5=0U`A|# zM^AyXJ@>eYI5Heww3?79A5Ok;n(7BSyH%k`DAf;al`m5=`66izTzQe^#2%ihRiAdC z7X}-TzGGmEa>-r7S;|3U|I$HB=Km-&A;X2W5roMM7BUsV+NX5gUQ3`|?*oOYQeL82 zq>qr{5pfoSe!_#eo|Kl0O_qmR0R3y1lls`x>7!-@M>|^HIezL%0|=wh23Z3On?QP+ zK;res6;!NJq#DZ2W2IefJcRJ9dRd3vBv;n}jce-I2fP)rLK|6@mkN85if;q$oUeU@ z=3!?33vwxox{JYNRlbvhW6EXA2FHI zm1@DIascsUfB!OjBW|snJ+VHb75L>Xh55m|v0|A55+=Iv4L>`?>c^Qs1^I20l<%Y} z)pdEmj*HYGl0a)Ob0p+mui33CjXpLm= zWB=eOR>3{DK0stOuo^(8t-cwD}77Sa1wuAOrVhN(@KQH?3Bs~*jBw>4e?d7M!NdeCj6WiJ6p3LtCV z%tA#cxWD`IVRc}4gw_j_7;qzVmMT3gaJGbWM?kpBJq1@1Bd*kPvTT5xV?ywy$&o$e zY(tP%1-+vFhF}$M1Ck~Lm8#MoTY&3S<1SQu0)|UhrhQ({8(I=^i`7E5CYYcam@aM3 z2nr*0_*IpyyH_&#xh;cQ8o%E#;Co~FbZZFEkF77_CeCwB3LiNC!meR*%n#Z16%IZc zL#uTfbo&T&~o1M!JG3J>c-Rk&lnSdM%()~V>`)sX2U*1cQ{N?)ywj-30sy@nJ59VSNg~YSMiA*xfhx+5QF%1GoYy9Up}d1q$74 zs;Sa>6V=<0{`8eNq}V)mR-FPe+ytzw7EZWad}DR(+@;WSmT-$VRuimN6UP(lsbG3H z2KpfVPbq6R0rAhUYZ)~EHMQx=y5|EEBvmk}r9$$J~F(%B$t8^)tPiEHLr~}&$ zV053z78gp+Ia}b=3i<5bbqYUFA+h8udRNZ0Y`v35EwmCX-;G}cq0qHXk86fUj^y6u zJ{eiR>u$9GSbXq!Rn~yM@d=nwzM4bvBVv0}t^?>6$eH`weEibF5N(7(k=qt z6{d3aVRgCG8?CG!J;SYB8=dQIL!~$ERIa%dWHIJu$Vd0LoaZuY1qnL9Qn$OhO-#B_ zdS_^Qp0tRur9R;3eJHOr(WE)`sR$#Ux<}mGsZn_N$PRs2uL2mgqJWISJ@^^Ok$jPv zov`+lTPBn$YtY#^d89_BEYalRggdvxiTV{JBmd})cV*HZy$6Pc?caD^g#$&Hy|p7aTv^8; zm`OYRu5~cE6 z<&n$sT*`UQZ|%3%=NDz`?XXKHcW+5CfmA_gXX>a^1Dp99<(&r4Og?s2vbP{##K*T|1})^#neA!)NeY-}cq>l< zf67d2VlHLjwbOt7&L8xC6THQxWB!OC9MhjQpQ)nDGq68OENzLmoer zUGT)f?DM`(85pWC6+FHrATSWA?M_| zlcwWf-Cv&v@X>nChi(Y0NC?Z%Ovo5Kur3TQ|bQIhQ+BFU0;u$gi zOS?5_z4$G1mm*hKToNl{#CxAX7Pf}2%&EuCz%DeSbq_Dn2b4n~f zolNUT*+T$Pi?s2p?Ip8ZyyU1PT5*k$zE#)(2C~Uzghsr{yGUR?*m5{fcyJ#e+QMWx$ z05{dq-Wm-l2)*kL1?u%D;|5|BaOMAVs%-(JDw+OiY0dAQ`e9heRJ(O&1taW{h{gHy z@h%F#>q$^{TNEDZ9+-nhHv_8L$| z@Pcn2qvAoVang3IMk-~Of#$QWKP0;l3bI7nK3++3Jn(}(^%&3fM)r`+-wOd}%h%Kj zx}osWEZ{<#;ZDl{fqAQPnV)!JeXO9Tv_L$172wg`Hn)z1nSj=(3j~@4Llo$S+R80~ zA|AXI9_m&q_tlcG)hk#i^0h)!tU!O3GYB-kbGJR|PCSQ>Q_aC`4nH@&ncE2d( z9MlJAv(iqw(A`K9S%8Eh8DBMUD##dkTpdx?}Pp}X=QMqdo;AofDKEoGNlZ{T+Kc1c8S-hhqPH-KN- z@LbM1t+)+;rWm}{K_j+za^V5Y`yKC3wUAps3XXrx^}@#`KMRV)3Pf#(2A_lV1n|H< z*c#m0?{^8Fy&V=0mmUy6k_g}u4%oLO3dN63Gs7f*nF@jsaX`Vs^tkp>sOe%g5g3`< zk`Mm(;2-fVl&mccvUQGsoUT#cdtm-@7d}{dfjF}Ga8@jg2s}C~-W}R%7K<2K#Agp3 zsnkq`XNTLddnAj?QsBp0Qb0r2H7@bW)uoq1w?xHUqN>bmK8siY3ICDv^<=LOep>x3 z)6Wrq{DIQ?`fjWeQQ`w~jlt=S`-Y@2UKM1aVyq|gnk)z85kQz;(&y;)$`Mi|z7*Z>PKRuDx{;4D7$apT_YoUxa^*cNIgWeQY z#A5s1g_w&NSy~opv!0bc-%UR<^~PeiaV23oc(J~4_0C5>f`&g`O2;b*&fa&u9`Mm^>?F=&v)SLf>8vRA95XXTwEpCCpHTdhlXlR$0f%RKT6z+QL zq@<}%77Ld~TP%9BF6?+L?$)KZe6;%UCw;l$`}TCGuJTf!`quAK-D~~id$^8KBz1K@ zC-7@iFl)QEn1WalW<4Z%8;CN(dqrIb>hD?*!D^?|gH*rOXv&c0-;E3SJ~ynGo{+=m z3+!!TtMdJ48Rej%?ItBKq!%{;MWPcD$?&kI{Sorkx$PV^rx1cKH8 zxBhqbcNQXsJ*x*|G>cG*suX7_ns8(<%E;nVf7X4%RFRn@`hcGDtk=MAxDdG3iqrz) zQ~iUsxz1aILqNLZ5q=e@MD^ss#a+Z$n1m-$S-~^b!gFozkM$?EIxHyZAHk<9pn?-3 zcBTwsOhK`CNWb-}V$8RT9hj*BgL@1AB6?sls?n^qfOJ(%5j7cks?9dlS9p)UqEO!vUXC=jHwp&Sz~G8b?WsH_1;?t4|~ z$(wJQ|9;A2t?~K(O{CL6&K+YDVRbKn-2pZ5{}yH54j?cC`S0Q&+{VMqa)MF-S{5*y;wHh|aIRE9EE?=a;?AT_)(11d+5tqm z$V|_wHe39Tf;DgmQNKZFD6E@4vo)rs2<+L(>{;e&u$MXpjLFGP~=!_4_TOqZW~ z+$0o9VEL-K=_7t?D!pJPj_L5uaHiY0yI(~wk#Medn=A9YseT)U*-DD$U7N8Xhl<`& zyBAEO`89v^tda+ftlCjR>2M`gow0_W<8`|;26<-aXkqNM!CBSn$dk~mm)4F~s!05G zJ1WEeAM}d#1!)V9eH_$SWFTki0sR$d-6E2W@EY;{jjwXFdD6Z z`m@~dqeqr4w16CI!o2S!Ewgs`t71ban_HGt@|Vyc%aF-u07Va7{Qhma>CETDbSHs@ zxxu$L*3Q)}+74dqayr1p828r`0DKR$5)OD2R@@+{0wex)djjNqzH*fOcShyC49%N- zGBGcEYbAsNi_({HiG9t9nAfWzfX+~-{G|%+@!1%`i9z}8dOho|YlLn-?-bIDjPvCq zsLgI;=dN@8%GUBf=3EzAJD{aL+)9yW7J8B-GXrw`P+2Oy0Jp58p?)Zw4N zexm5^R)`YfhdBFd{qnY!C;=-^GsM1>J{&gYw^XyS0VO#z3}#g1wNTg46N`1* zja*J)w+ZvZ?$specQYvg>pMp9s0RoN=*GL$-!SvqW7(|OX$0ySC)=USv-NeQBE_Cd zk7GC+GF>>chW|p^>Q8TOH>B$o2FM*?!~}WsD$5-3#iH~%5JXyV><+=ih&*HL7)+kq zCtbFCkpIqo{Nth`kho5!VXXUd(FJ}3x>NvwjEXvk@zZts?4h)RMB`@r`D0U4RX&&p)|8-8jPh$Wx>{Q|@j+gI}XRjagmV`|+phH_+a^rX6^EmJ1Jsaz9}jj8>t|=Bp7lfuveOj6|9fO z$qV-@MmY}jT(Tl|fZ_7oF2X7%V5@zpB9fk&qSqVD#C}CSfWk$9UuK>+SfP8L>ajhL zQrCRa4wMq3L&#bTg7?4O0i_5T_Egb+fABN`T+H>`(`!wWxZ)KyDj zOxmZw2Yd|x!N7w^(lT6Nq$@d7{sp8T-(CkeK9fJ8DVrKgFEXPl_YRuwo_dh>eV02y zCWk5VqdhhPFGIq2s8?k-UfQ!j%N|&WBUh(|^e$>G%VuF5 zm$I1Ae(#?IL;EnMr;FjBVf*dsGzs2c3B>N8UR*A7Jt`&dHq{ zPq4sh{;EUX1uYF6;=GsXXp`QKG;GN$ zPj3M4fDh2UtjMO`PPJHSVxBUYmEYY6sagI6*Mv<#psQdzoN1*F00q-w;o~22jD2o^ zq@=g$Q0VzYkO~V=TJ+<%g74JXdHtQz z5U8by&`bWIvrN_nVAqd77@)fB3ni4z>~ij4vMn}E1sG$VRY$vW?NcDqN{qz#e&}U7 zmpdE|a+hl-Xi(LGM*x87Wc)gi^z_okbjaQtE3|jM?J2nw-5#jx?YFd|e?4Gdg`rR>%BhIgNb?3$RUh1u(jrJ_?p+$n!GS?SJc3&Unk+NJcVBZ(;TC`Sl z!yBk)GVrp8883v`c=}ir&_{iY^h`4AI@A%xc7dQ4`U8%k_nhfH&_xg|uUZ zVuGT~cK&|rJHG!x8>>jT{b|jP>MRxg=U#FKCZ1+GFwxF02Y&{qv0(_F zb`S$^w;h=z=95USumD&&2QLk6a*n+-j0JsLI|x7?z`u2mi`aT0=+R&wv1MAFjt&%q zrjBm&m4Zo%J@nI(wuHSCbd|FmDJ|bLVSBd^zR=ius>6TOyH+{$Nc+YEbN91&tlaK0VJh(&47v7LF{PB_pK6*uO8j5~_3`S< zo&K1>-Q2(eCe;L@x^KFhaSRz%{o4VK3#e8qm|XFA=0T(QaUyy}8JNb|JkV@Duf&ba z_`%Q)rl1qaI(}lK;^x|sqVIl=qLuS%kOoo@vXE?7=;_`B184WwZKA!*E3u@a0T3R& z{f9O?575KJ07gKcBL7~l26VJ+*wB4nPI8W~&wL;jSQ=p3d+6U~DQ?-hW5^i(f33Q( z!vU0Vd*OTc<3#7b7yEBR;Kbo-YP|g?v1`;Beja3B3OEYbZa!wlI*MD8DiFav*wYf- zMtZ(XEDw0I4kyJU>2hEjM8q1d8D_>k&)_lQ*xa^Jl?4VQX^fV}%@{ez3KlRzs?p^J z+k9)CF)4G366G#_Uma&#k#DoR6#nS|-CZ!lc0QL?*YQ>7vx9PIWQySf*pyyZom zo#F|v8aeUxPXdbeQg0-V6^U`6e8wuR+o6JrQM~d21tjmi1cAuA@35{A=CiZ?>QU?9 z&J>#*+)}-6H{k*&*3(lHz?-SKeSc+9-?BZH_ir+gwzXkOK zS=T3(hXV%)+1Bz}6=3p@I%2YT+|H4VPj_bAuiBgK9Od83A+$LiLxJ&%cnj~Ni+chN z<>>aaonY>5pz2=+uZPfb2A6Mu1lrZg2EV#X0b8w;8@joeXyMA$?s3q0CE2zCT5$t* zmnbRjEb_~5L1^;0vR6>QqOb8C#+IfP(I2kmLFY@+;-#{ z8Mi0=KLB?fbnvpg)#;UxVC==II|XGf2@Bbq!=)?x3?SA8cx)R4w9H=yFmO*qn^BH( zm$|yv!!Co$G)Pa`UPnf6`s-=`3reZ9{zUKu&Ss9~^Ya9>u~}}ASw>U|b631q6M&_; zy+L%YePyf151_uEayN%{$dd<*8t$h0ZoM)vh_?QW)2_+=ZfEy|}P zUYoyDhEPqZ4Dg;=$_Fzi#pS{8O?<|r;SqeI>0z=v#cWe@j}A7A<*W_>5hJJges?XF zdyU?n6dv|0xVO7DXeujz6uoy+BQ7Uf{0)6N6VwbVQW-d>Xg+ZT8!>1gIkrz)-d zbaINSnujv@4eGYE*W|YMLi2Mg;Cff@*Wf7e0Vo>D%?)WK!t%Rq_t;eFwFk>#hS}WE zNLn;&?F>D|H6m^P`5GJsQYn_bp_4zS7nNl#q#Kskrf?~aXcm0uw?*YpWAbvPsc-Gv z$0W4h#*1dCy?hu16Q@S?1!mi_eyeiIl`f}xxf-!k!uRvzLMj;I)S@3YZ8GKDulu7e>-YHv-r*6oD9U7gm@$s{`z9?J_ql?^;b{=K zBL>{9*2I2cT(%8c(uyBCX-JJ~lOQ5B5fFWplBGLM_O27%dsyl)R(2o%{E;$m{2~41 zLwQGdrT07P6MF^Q2W)5# zZ+>rKh7V5c-_z?4Zf~un2DEf_N^6l(c5=c%1Kkd81)!t3Kf%3spZy$yc41E!*+;kd z6cn3|Za=DZtQ*rgA9$hi*Chy4s}M=I@4-&R)2s{mP{e;}X}oJJt!yMXeRn90%%@dw zsKKef5GDkE?zJJaKCxuIdw2X1G*Vb@v&Wq??mHQ7`t|vkVmqlwikC8lb5}C+-yla# z^mUR;X0KFvEWSJVv-fmrOI&KevnP$Ja#J7Imr${iu3H?VgbTFcx$Asx3XnCOmE7*IC=x#|@2J_r8?uXQ1N74kR2$6fYY zfokk@s?ikgzZ}9*z-;5X?IXHu*=t{6Hy7Xavu9jBnk8WUDF2y9z4zWM$RPWe*2k*l zk&&4fN(8^91s!f9Y$Z#s8aZ9CIYig{?@*z` z>cnln`s-Y#fV)`moJTHV1b_|3Y-JkFm;lg+I0jTb<38is#pi+t-df{_C715fTlfNzuY$&K^7lBcqtbr$w%pe><6^HV6TV5FuLLF;CwJ$9NHZm2P6UIDGQRi5*9fRsZUCRRfujp6@tlIvpL z!np*{^-&l5Zo4DyY3uU0{P9C{=U7>#g4VX>Y{l(@Wexz;F<{YXGu+xbw2phx4xn5r zeH-@ZK*3MshyW5hD_s0Vz_oqVde}bxejYmZ9>u}RqzkRK!ud{}(Gr-K7S8HhlAL0aILE>;|u9{zXm04Neeu2);O zfE;=9Vwe_mt*kBa?rzqRXU#^z%Eo<}bOyGc#)<%QhWgGw;K1nao_Z`QMe9>J{t;jU z?n(Ib5q?^Bj3N$dd3#uywB0#}J3zmOcmg}04ccnqHw^~HTHi%Iv!!A_{OHIRHyi7W z^I#Q>a>1gR*94$N;gO%M(L)ag|dV4gMUycnbm{3!`sZx013CP!a)_ z(GcO|F99Bh(lfdvnJXWD*_?6O&{Gv4=AtI1<2wHLYVwF%ivS_Fjqb#I%?kB|;L(zF zL(81-Nbn-G4myD;s(RRq)}b4L01!&^_hT9mA;j%K(^- zR(4elV+_j#EREd`vv#%+I980&7Q!oUnJkuEdp}WAFe^$jsY=Z--1LN@{MC{X0qX$4 z{CsMHQXaK>K@_((^};*F@b|twx8{&FlCVx@``CT%zCnqmqp7F<3m^c%`SOAKO_TuU zVvxPkNcaS6LPVfh!iFTbhF*!OoI3VOWcVMz=dLu$#7AS&NYEQSvVS_KIJOcFirgSu z_b@gxwMHa8sf5y}Jg~wscc5~BiJKqHy1GK1l%A>6PSi3K(y-2tu?G;m`oiCY^e2fI z^@Zy6I0^>%0Yv{^Y&|j~u93R?^^vFAQcJ5Mrj;~gjs99qgz0Pl3ksnts9&aW?@egj zX-x8fq21GbOrgTd69D?tDZa(V9T703E}>ine9%mdgt< zF13u?M0PUXBK}K=OcuU+QOH$EMIxcJo>6oA#EEKsAxzYb!pj-FiG!XLL4ax;=9B+r zrp*c~{QJDXpTMe+kL<>fEcX{j_8T)XT2g`0dRsRAttF!e*PW*B;VM~}GN9p5QNk`| zh(3FLG26*}{Iu#)iy#d*Kt3YHxJn)Upj01F-yHF4KIv0S)m~Ya1u*JQOX5F#UV4z; zyV*`X^S__drUG>pc1Q|s>=6e9mj?ZOR(2T7Vn0Bk&2nwK&tKJZYMZ+_U%l#~bf=6A z{XCQPfRpL0FgWVi`{`CHtwYjo^WP43o8L5XRd5&>_^xRV7Y_b>Y6Kkjh+aUmX5Z5% z7qZ!m8cGjOgx;e*t))=jG=+Hv<0$v}!wHsCK0vugh^3aa&CFUY=&0)F*EG*$^t&x{ zg3R2VKJf$pTWJmw*v>{0RlV3Yk7yPMSZ3v1Ul_2Q8(#B2@+8x`B_e^C=~phN>3NNx zp)Vi<+$$xpKV#YFzD-xU%~w3rw7$&GAOYn(P@OBq5bK%5X6yzDE~rlJdJT|a>zD~# zZv^iT&7(+pBxiRVHgcthIzAu*Po_>+rLiSbHAdw9c*MVD?~`ZVupQNssb7C`W86o8 z2zVwk@8Pc4*4Siw`%ZS*tY9?*H83*3yZf3jpWCIG*thhT9M5v^w|2o_`}iey;TkQJ zH$jBKSl-S)l?wn}F&Tk#1G18X3ao<%kB$sbspB}w~57h2s!OD+LcPY0-HZS{_bi%j;Nn9FZ zzh+rkOL55_E(JpWzf*XQJb*jiNIGDge@#J`>!>`P`(uv?plO8wNHT;gGnC%EA+!DC z(07+_&vP}8D+if@3wo8CO&Xbw&s9@qw>y{Lm55As(Oo7T6UPAR@UUhLbcM|FF3(R{ z^uD6l%3?(dSZi_y}_A{gZ z%}GuD_x4k#RK}mlOuWymrb(y@-~-2zF8qW)G1S#Q;Uj-cI(Z1qgq7cro7ueAt>NIC zf_E2mTh8zpu_M^OWc#P*!`sL+y~j-CVfupOuru$IB2Uc$7<2XxeOW8FmuzR;l8j5tpoNGiLZsAa;sq4@wT4R-D-oFtVDkO5GUZyZEj zN=oMCi=-I(fVvjB)9?_G7Kc^`OF#aw#wk2=bS<+5)t<7Hl{_!DWm9m2eM^qS@e>8A z_y27x-Em2v8(JyR&_2lk^Mct^pa4va+umFZ@oB$?gN13I^)VcB9{J#Nbm)(&RH zxp~Prb4a&#gZjX|{2Tio7k=$L7oSomc;AGRt+=3-oFpAl6$(uUa$EsmsURvfW+>8xA|Jw?en>@@C{q6lv$SjltXM&n6qn> z&aA+#`QVd&8l(Ii@vcfr=pLLyNR4>f62Y=>C-kdiy9YO3xx zrTdT}iP^lt7{jW;C4UJp>4#_THVo1Q>2tCFbBh7N?ZfVujVA@EmGt`#J_EiJqZQOH zrB;~>e|@4UKcyQ@Qm`F#&M=nrLIEMwKy!)e1Dk#s*sQDEdX-+*)7v#h98+g+EjN`V14?z8(a88=dALdMO@!Hl7meW`P zZ|5!lN)O+ZMPI;XUQ>Xk9(VmniN2pkmEYLzp(t`4wMXA@5TUnb>Hige?Cs^=UB5GM zFt5L)cR?Gd&?V74?iiA~rfUP0~NC1%(@SIF(SR2MMo=L`q zb{ON@u@9SA)#GC#(F5)p9nT`;dstIA^6^VO=35uC)suo3fHT&`zCIHkGbgPw;7J}w zOyggg=uV@ID7RyN&^nY=rxqoDw?APNlVjd=w`?XH_2ZEM%G@AIR|n&GJq;&xWk zHFw^WZNtI4+-S7m#}~gZPk+Fb!7G6Q-Sgf%CDD5ClA|^h>Zr05>l?4&+eRzT>zxrD zOusV?e^y1OO*$^6ct_L5svm~dRtN$i0o0+$fCuAS{}wU*`l{senb8B8CHOwz9|M0; zFr#Iz-L3cgAPQ&9A@oA_^dj19=X|C4B(d9TQM1x&L8BWH9GPj%;WNJ!s;qmAod?3h zD}1Qg2Vy1z)$fyjnxv&DuBV?!g2^iqm{T626^WS?TYLf;OCe3AYx2w4GuJH3ntO=g$jc{e&Y++pto7Zc`iI3u6Vxo%1t2RJ)G{2ahg` zizSrm0JeHQu%y`7bZZ$HVStH)7YM{fKvTjmX@#JvQ{4K84mP`_L-yzgu3Bx>LBpUb zjS+m4w+xhG-LS&)JW3>YlI94Lwrp)My*V@gMQ~tgGz#Eg-I<)0X_vs@M|-Ic%oS#P z#FuFfWd5V!#==;gX5Bbjsu;h5L_i)b*a0!lzXeL|FF`MpS~ajdoyH-{S5(zzEK}G% zOV^pAxnxFaBto0*B8v%W3qNUhvt??tACToDnf?EP1UMdwSON$4Op{-YHcas6d5fd1 z!&W&pFLr3`7=w*u;wzD=t~I~cZ%`LNXr7_ylZAhg=jYJ@wkW6x0&@`a%Cz7Se?A#r zY8=ps4dBX7{sQ=js*Odn6%sWJ#-4_XIdpp{M3#Vjo_9M!=7~ot7`u-0W}acFpJIzU zWB)x!Sh{~k=$rY?6l2lyw_Yf6O%m#5j{i=9_{uZse|~0N;6GvC%U_g%vjstBB&b%+ zBP@G#YJIR39WdAD38Pp4ES-+-GYbfuV>&2tr`Tev==UGIjr-C(rFZ}9J$26(pv~2Q zpZ(n_{L#P6vNUbShO)hG9|YX%9!51|NyNL7c}ZPhbF{$N3*<2)S$5wktO?qrqP=43 zyU5##=(9e{aaQ>IsvzV&i^*Mchp}&H+7K)P3u{xJcU5XuBWyjD;2QhwQhW6{(3_X; z3<)5jDrza$2-5JU3;Y_^6G_Pbt(0!|B3Np2q{7*FGBe}nSHbJl*50FKYIt@?-*qiu zOfNYeii!qhxaie>EXv7Y%3kZ-Kxr;e?6`HiHvu0R`wiT4-gc6*dw*O?vDdZzA|i)| zGAA;>%mM&yn1*hk)(W+@(_lHG>bienc7_-;LG8 zTe=G$4PJ>B^$-1ZFSV^fnjisWDK7(m-QnrM_YZEQi5X%|fkG(tvLu0!-)-3#D8ARg zA5sGcWeUl#_HK|6`NY#0n&E0v6Cspu09h>r{t$X83l?I?lI+lzZjQL(h-V*Oc&I6r z`y`z|T30tZMDX_f(Sz~apw|Fi-5EHUE%ZE*R^@z3&S!hLN;%wCjy zO}Ip0W)}vkLI}i(v60F6b`k)AT>dPpWZg#8NFy1yO}9O`NumrCEHPbDA;r!`-?Sk-R2he#!pi;#)-|ENuG0RW9=xWC#{^s6ZV6kqy3 zIS7OR064YYLcK(;Qx&-?=m&+$U|2H-$RWHc%J$1mnU{Q-9;Z^-?*8;%%{$gu&*FSI z*M_D+(OO=#(HGBnDoQ#nZGDyF?sJbx{DR*r5@BXRECWSMzDe)`nG6`2*H)^{Sf5cd z5WZo!u&9yJQHO{GR%y^{Z4)RFZa-LF0yE-%woeSUX`BmI?ra57f2;I9OZ6JBo zrD+S&u)k~Xd&|})0ikgK%?D(0sS5(f)4)UsZs;K<&kU#XrT^^wc)0eEj@|Q0Wf)$h zAk0|C>6NjJ#~7b`000qUpE;vPk(QZ#%2*&SAP>03ZS)E2?o||`LtphXxe$=GBPh9k zvJYzFuouLgX8H67}_H2Lq8Ps!;!zC)~cQ&Q}wyqhCu$&~n5Gqmch+6hZr zfbm|!Ez($-{XqP$y6al*2J_?C-i3QK}5< zJ`dFsGTl{Zag{Xo>}2FLD7^=U5qut`Wq}=N;W{nTXF%5G2Ff@Bo=31u!=LXo)cdqI zmM2DtWANjq*<%w^*0c`aq{r!4r0~FbNh=Rg0*$DHv{RC$!a(&K&fxKJcx;pzL08RHc0?WEX&!aCq#JVIU&g7<8E;ls*X=dDNlQdON7eD+SitqqI zj%~$)KV|9k-XKc5xVvie@*R>CSSPQ(5Rnh0-qg_v@MzG3r8wX@{|KGy0q7@h55s+Q z7IO#>%v4OL2jAY7~N^kFgO@P^bRBdqGR;pMnwK*)uRqsO_T|7-#S0s65m7J-& zR^p%GIkIsDfdk1R96VCYi{P_%7x|ZsrE>+5u3F~4SS5Rasd7o|i#y1xO(iB~HGh+$ z+$SvBK3A?TZiKDf4w9)XhGF=08@3cd%yACsc<%>UrO|k)QoIwPNUdG1GMqYkK%LoL z`pA)Fg*T7Zbx2u&Ot7l;Z*T5g3bD&8a&Wlkb{nJQBykF6s>%iN zbXA(FN=+BLokksXvV|gwDowH3se@yBvZUK1d4RimZ^-V?J$tSPQq@_v~^lr0*J+*FLq>m(Z0sux&qmiy{(x0~294 z|IcYvdW-R;q2}WobH<_+tB#Juw&4i_N)1a|sxm<$xfZun44fCAKGWBo>sY7hr`^@X zxA6oC>uA8zXG<}Nk|v(hr%+K*AYHbHr~KdQ^ug*R=DoyyQUq1f(vm@VF}J~ybt4J@ z@r+B?9b4;6ur^;RgV^;PQ z7KL-L;cdJ_5XCBA!!xPejsD+rUMwgIn2=`Gx} z7Gb>bu4^FrO6|l%Cz(eGWO~kloO*wA2CrP)uo)WDQKC3DdG=U!$Fn8xmfsz=zmDg* zGKgEKVlG+d)4#j~APBUZvErT(c_G}Fi%+cNA1>|C6FxN{FZNwsQ-oS@1)gE?+{4ih z7^KRqs*_Qh%iPhyH2^_7Ix^Q*XJwyliCt>meGChczX*K=^6sAE{glENr(O?&PTb9^KhgyL8Xp0%43a~j%6FSSB~TgkX=3c2)W*{0kbJK4Ax@0jPz0J%Pdo!O zxF9c|fYguF0xE7C_zMf~SJvgCFB-_3WRwp+4xMaym|}6B2E-g zeW#J~|5u9)g8+62|1$QF^96ct4yinw!+DT;nxh_9X`;@^Trh!q?ST#X8q;d=wEIo4 zUls;k6{(hHVHYDaxFlQJU8>sA@iga09Gic&RA{#z1+HY|Guz4*TqOlr0!oEQZhaWh zRg#L|W2MUNUGnjxoKGWRo0lHE==2}xT4>5&&_Nn5dvBWEQ3sFh&|$#m1jtQH_2N4&O`8HhO~l4z&kA9&a#V3W=ajQ9 zTd4FDLV?%4;u8l8etD>G(I&^`^IcM@&+4)5Hav0udm@PIzJM^vn@8|87tu$58f$vN z@ld2I?lGy74aJ54NtMl-84}+zd(p4%#b59EoPY0P|M-5y<0%OIQVq_YMm&8K>G?D> z9k`3_4^Hb~9%sru^2|9>fPWRqXI2_|giEhgWC@CtNUi8WV}w#hjX-(*Gxxo3z%}D2 z80OK*Yc~EhEv;_z(s}w86=Lo9%2*VM*BUF-hJp0_@I##g`U=-#&zRK$r#&oZQI$4d zl*kZqe}w#WmsZXMH6q6O@+-^i&qa=iA&#}B#wnR@qW1F-(S{#4*Tx?CncQ6VdE3hV z-#O8p8wRF$s9Gf5=GUlntWV;;ChAu+$`h4L}nwVmFKYJ;^60Y1rN$4qrf2Nv5n6mv69R!SXIA|EsMX}!Wr1*VaRY>qju^eP zQb_=~UaV+nD>UMD3#8!7LF9}@@=%-3Pv z0PBcUTFMEBHSz`JM^{jzmGX0EXJ&(YOr4|ht|83S`z_(s( zr$l>T436oqA z20FlM3xa66o%CT^1!q5HGWY&I_dwy-GxG+1zHS!xqrP#K2-yKg+%`e9H8%=4I1t!4 zLGC1{n{nTpg!;R^ zx~@*8M0UDoB`+gRSOI{jN@a~sO`CZimREhCY!J5S-EIEqd#7}gHt%DF&&R8r+&LYA zGMJcsCNoEF)}eubI#T|!2?|_*QjNB067+6E=OaPs2y`XDc$7=3_3;Vo3j_}xa7mKv zzrOCdbPs(t%i^q{h!cF99;7MFXF$lf0CPlXk1^PSJgIS|Zgw`X)c_kg||DWUHh z6-ha+Ts)IEzv1=nM&7U@5i@^*%hncssr>t^aLvP62aSM7?x`M>Qy9Q3!Tm}wjuM-N zC#V2bkBYQkH4zuQR9alZ^^zBe7;clxd#Le7u?$M*wfkhej=cNa&~2d0F6ayA zdj;y*Qn3>B%1Ow-OpCTY&{)1pAo=)`ap9aY$mgUMeL_cx4ov3LhCVP_%E3;6Z!N|{ zcTTm)4w9pL@zP#0h9i5*S}=Mo|VASD_rZhQFE9Kqrw=;4{|ft<8FD}gTOBEa+6 zq_ahN=51DIiP8M^uB&eI@#{1aI+CaZ<*%Sm!53KBHGu2QihuWnd*zzTp|>8>o_BC} zsGfJ2m3Om8n}4QnxhWyW!6CB{URux87CftRjEZwCk>4V zcY%Ta{+{0MvJnROU%Ns#dzSXG!u{54rvT=!c5I+2sNEQVyh7k+HJ>i9*dT=rR6C9K z^1tV83UKS!09S6G?@by9%Eifw_Z#P?O8eCFM)@{fB_hWQ)DhFtCD&`^q!r{Oo z_d6PKzy$e6abpwL!RDg4(bUp)PFJi&&Ki}^gDfloU{O2Yv1 zN(D%_@qyNwIMA&yzLO$=0k`qGeL9Wm*7sNU@~$kBHHF_^4CxQbCUK^eisRm%K`vX51_IILJFi5Vz1H) z0iZ@9M9cQk^6~&C=`}#y`zj9K*_|iOAn)~JKQ5kaI=(;Qd^qU<>y0U$tZQsj-VD)q zt_SV!vdioBaV#(tbj0Yl1Z-AYW2Cr>-uM}H9gr86i{c>2^;=V7JV&gzxs}Epp5M#d>SM&6A^KmDlG!r!hi)m|^?843II;MlPMb-I znAKGSR?#?21iPT*Eox%B?a)LCb9K7?QtkARn~lo6b8cthybHoX{wKY1x<&J1qJ`=v zZoI3OeCtSkFe zuB+RB&eZ#fs8aa}6ju%a%W#=`Dhlv(MRr`fUdLBDxFaybZXnX<55wzr;%wx+B?mlH!)M54ji|U&k4AWZ z|B!adXn5Cr^ONFq!V-B*xy{e@Mw?;L^(uYmNVJCEB@TNcQYhk?gPbdWB2G5EDU6bd z{~Q|qnS(IJzQ$C+y_lyNzVj(heUiqD)7V9f)tR|Oz&9W26?S7Zt)(z-qjNKeI z;PX>^p3LX@X95grFnw5S+Sw0`Yz~Y0Bc^_q+HzWD8n)N|DPWBDAOCe?*sOB72kd9U zRWY^ErX4wPO%H@jxJBuK8+BrRGSBOFzj&J_5TCH*6&0 z4+7VME^L(~wl$%(kLjQ#bpQ3=+jgeqfOWV}@hObgg%bAgMai8+SnHR&36jEA!iF58 z_w%D{$(~sXxdj;c+Zv6w?v1MYZ0K$2M!gk^4?)thrZ6xqQ@ zNxw&~WFgev;M0NyQ&d^iPS*E;ONnPRO2%&L-R*Vzp)1By#|Ca;D5Ji7J~pcB^eb`M zwaZN-TmR07wQN(<&+zq^k&HQx_TSq~!As2L&quY-h!vVgok+7-kp8n5vK_Pox$Ppc z_%(HQJT1hux$Pv`ysx#@qWhWW?2f6yxRc*1?9Kgf=_^e#WeYMqj@4Sq&8z7^b12*y ztUyjryuWug@-L2K+xKoX&gU_BRjOEioMPwNA(*DAP*89zEllI_E8?hdke&cFN z!OTPAKLw}N_5Kb z{8l*bg>W2*R?@{87F~uG^HWdmrl>jYp5m`MxtUu)L2R7;Qt-!fQsS>?Pd8zGD4xuf z!xF(Q7YPKhsbVmdu)S3&b}fE)9iH!nxy?jCSePx0J%3)=q<4k4K@H+BN z&4!s+vY%iUXI-+Uk$So&lA5VE5z00ZiXW?$>5X9JizvfVqvoow?(dwjFSo+{x8T!Y z!KS4gj!0ok#nb*U3ko!p5##r!2@WD?wyTGQlz~v%assnHi2sH+Z?oZGOGK83a}=AJ z#1iRSK0XvnM#><$ey{La6$9?f_WKx{5!Wj`Ra+k`j8c_Iv5F#o#J>1a%SRm8Z~fKs z0~;F_vttBvx7`M@titCRZiFSQYq@-w>gi#S@ut3`nI=(L=(2-pKhQ||QT<`DS!|dh zN*GC(m07~XSF+ml2s2AvWI`*!5_9nPFDtR^y~jVWq>Z9it>rs)g{?!Ur<(Km@^s(y z0iA+yf}Q}X=GI_Jv2Bk9YmPV&`e>~Yt!z(mlMM?$o5#*z|C!PjReSQ|4^I z_Bd^>Z|`}yd>plC9AE0S{-I*hsPU2+*I<+tW<2|3y#Z@{FSKJIK;I-DK&z{Az>zgh zBTVzj%`+1xEE0plvd#djfOS?&h*SFzI znrBgNbN6YpkbBQH2m{Vb=mfuOMBRGJkB^yI3>j09SLBiFo;zU;DWrJG9scT5{yAr; z1HQAvAGYy7M)OKAZoh`3z!&hQj)s$NW@d9}kOCyHI9&>_-Y%aLmnEVOh6O`AfNK4M zeg^4P1B&!)SwJXjIT-ez`VE^xN2eqUb}qzDd|)+&=T!L#-Yrn3PO1yePTc-kWY&Qg zD(EP(A5(2?2^x0_FsTc%3y9XR9{Ktkx(9q*j`s2IVwvs8*@jr>@3EKoohC73moAII z*Q@wbW**Y+qSaN)yLnx1KYp?yZEV`+^D_mP{|wp*3+v|>GtCbb3Q5W z3|}mWW8FK78P+ahH#GgBOnQTgc@lk;w2~-pWh2vo|9VcYbu;3;{O{7dE(O@P>kGIM zd`B^P-L{k@;kdn8MY83*uxomoVZdu0yW#gn^Xn$%e`jsUhFbJh&31E)ywvQ}_$FP_ z9QWkey1OiF-r!VrL+`Vj^g$x)%iCK%UvlTuSCjc?sX7`W_u)m*p;+Sn%vbSnX<^6ufF43*%X-1Y`%1>wct-`LP@Be{iQya+`AG6Tqu6L2)Iwc zrxls$m1i1MZ|A4%k#g*PF>l-`)0e#a?<~l#%wBc&@DhHK$C|+&R_&T^o4jWaSi*1p zC$XRZLGAPIRV#6pH{oGqmW|8}5h4*9qH^amf%no!$xI9e1_-!Mf9?5e@a=+6iiz1| z-n7TfT}8V$fq(r}`lu;-L|vS@bh`&Arr%?dbaZDD4p=Lg(3B#sPx&T&RJuE*f6Hf$ zF(xG?9#{%9p!PBU|9`Wh=ApvJzms$Zwe+Hl1I*=_m6lqN>wlX3K0g0fivFjrORV&m zL)2(^fTE*(=>qclL(Xtj(nt&Dzy11`wqFOV{j5_Mo`&~KjNC1_wHax#vN_XUAOB-O z`TzUA_q{eFL{lCHa2mBs>nlI>-p5Q2)MWe1_l9Gs0(E}^r!%i;@8f!*cLBfhxbx$< zO@F}oI&Ob8M|lm?>P+z8VzOJ1%ff9Prhm*rxYQHTa~KAkM{+*PQ(YGikvi@a^QofV zmCf8N2Amc8LDGM{cj28$OuLpWRKGN3c?2#~;fl(3?MB+;`gp{G=L`Zn_ut83)PTI-%j+tmZn24U zj@uCNsirJi_g(;}RLPq1INoQ%aC_LN`{P3p&b(az(;qoXpdC0kAY#Dc3kL8@^Kvn! zEF(E>$n#c0re}ejdgs`YU?bpbqp)O?v1&ksH0*9x+`TuKp%s4Vj)VXQxY(T+?=SDQM}XL7v(%^c+4a;OO#$@XQRW@upci5oX3mC zn{eP47ozDja`s2kLwE zB5X}D9J`sb0F^fi0^e%-Zha!zX2kt^6=AiB7MD>@{#l*(-s-aXFPg0D!LIcD_~DAc z%(SDeEfcU_-gg2XDTh{pppP};^zPbR^TR&&JN&U4AmjvIjS{I(u?y=1Z!`FC4O#d5 z`#w&elcFyI>pBBpYj~bBHbxLZc6HDB_;VG<=I;eYn+tf6$#3&EHOv0tmAj9KNMvl& zF!JtZGNsR-T40k$Y$%DSwgC6Uc6Vao^q*xC!7}^uGxLgEb)2qtJSa6p^5p5Y^_G$D zfC^rcW-9VJgRjRS;4{?S!Y71uxsAF3rvRl{l?0;Q9sl2w8%T;BWjcd4d;vVlK4oQ~ zr-2fkAS@LNXhxAus`(&gJTGE{;<}~2nqPUeI7c3C6umwb5de}7@=8mKgI#6W@>LQm zjld&*2P9zizpowPu4lhyT>8(vj8@NKRr(-X2XhZ-=E>|Q?wDatU^j1*YmbVo_nZ}3 zoDJB0k{!dGd{=VjlZ?p9m(l^G900>{6utcCKm=~P9AW}K%b8rEyO%Yks()-+szLUV z9qyQxi%$u8UD{=@+sh2lG8p=l+5tF3Qf&WH_hAvR&|Z1GwZj~-jxbE1n9q*o(Zm4) zbp%$WANi+=L_iUIzuru47TX6mR{S;kpf2Az4+x(i)u1E&>(M2PzSk#bGK$dc$aJ8e zlXv>oW~)V37t*)jKEX}I9U~x;qK3y{|8JdrZ`*;1ciD{3mlnO*3oG&dsI#OWFaVbD z66LQq=iK@77!)C(lK6QFfsM$l?}ng6<_bw<$yUC)-(#VPfngpiFuc#aY3<&8FgO$FgCDQn zx4T*9*-PEcu1@xQYg`Px;U?(MKS}Ml&X?JL%h_r-s=tSAF^X=*h-+ zSNCStJm2!wI{DVIyTArVz?Szm^O!bGW1gOT>f&o)x_EuDw%|)kei=nz3E;@iy!OPBL-t~X%7D!3- ztaM+`8*To4sq4j!pIuDi>elOR`?Xf0`ga)Szb=Nlj^{}d4Yccih$#hts z;e(C99LC7v_!;tNkG}^FdhPE94wAi@^*%J|*r~6;##>O&?yr$%=cIg(-TUqC100_+ znN|!cE_c0mvbvjl>)5^-8>^DJPHBC9mO2lXj1GMEEnxd|M$0h!=ByVt%1o94gIsNH zy*j9qX7=XS(q3S(;j`o0b6{`aZ3b|}2v~Uce4Be5IE;7iMciF!U_s-tF!moj7J&s) zonUcXmF2GMUzTm0tlPfM1=y;{6iF4V7kzBqEqoNzPY0z1U5 zs7!$AaL{Z*?78w1oC8a%3;|t;eFY7`aYUGgQ7eEUF&a>#DGHbj22H+DJ=6Q2IlOdk UR&T|kZJ?a$>FVdQ&MBb@0H&{N{{R30 literal 0 HcmV?d00001 diff --git a/85_prometheus_grafana_private_endpoint/import_grafafana_dashboard.tf b/88_prometheus_grafana_ampls/import_grafafana_dashboard.tf similarity index 100% rename from 85_prometheus_grafana_private_endpoint/import_grafafana_dashboard.tf rename to 88_prometheus_grafana_ampls/import_grafafana_dashboard.tf diff --git a/88_prometheus_grafana_ampls/log_analytics.tf b/88_prometheus_grafana_ampls/log_analytics.tf new file mode 100644 index 0000000..86ff15b --- /dev/null +++ b/88_prometheus_grafana_ampls/log_analytics.tf @@ -0,0 +1,22 @@ +resource "azurerm_log_analytics_workspace" "workspace" { + name = "log-analytics-workspace" + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location + sku = "PerGB2018" # PerGB2018, Free, PerNode, Premium, Standard, Standalone, Unlimited, CapacityReservation + retention_in_days = 30 # possible values are either 7 (Free Tier only) or range between 30 and 730 + internet_ingestion_enabled = false + internet_query_enabled = false +} + +# resource "azurerm_log_analytics_solution" "solution" { +# solution_name = "ContainerInsights" +# location = azurerm_log_analytics_workspace.workspace.location +# resource_group_name = azurerm_log_analytics_workspace.workspace.resource_group_name +# workspace_resource_id = azurerm_log_analytics_workspace.workspace.id +# workspace_name = azurerm_log_analytics_workspace.workspace.name + +# plan { +# publisher = "Microsoft" +# product = "OMSGallery/ContainerInsights" +# } +# } diff --git a/88_prometheus_grafana_ampls/logger-pod.yaml b/88_prometheus_grafana_ampls/logger-pod.yaml new file mode 100644 index 0000000..4344a06 --- /dev/null +++ b/88_prometheus_grafana_ampls/logger-pod.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Pod +metadata: + name: logger +spec: + containers: + - name: count + image: busybox + args: [/bin/sh, -c, 'i=0; while true; do echo "This is demo log $i: $(date)"; i=$((i+1)); sleep 10; done'] \ No newline at end of file diff --git a/85_prometheus_grafana_private_endpoint/nginx.tf b/88_prometheus_grafana_ampls/nginx.tf similarity index 100% rename from 85_prometheus_grafana_private_endpoint/nginx.tf rename to 88_prometheus_grafana_ampls/nginx.tf diff --git a/85_prometheus_grafana_private_endpoint/output.tf b/88_prometheus_grafana_ampls/output.tf similarity index 100% rename from 85_prometheus_grafana_private_endpoint/output.tf rename to 88_prometheus_grafana_ampls/output.tf diff --git a/88_prometheus_grafana_ampls/pe-ampls.tf b/88_prometheus_grafana_ampls/pe-ampls.tf new file mode 100644 index 0000000..c260f89 --- /dev/null +++ b/88_prometheus_grafana_ampls/pe-ampls.tf @@ -0,0 +1,42 @@ +locals { + dns_zones_ampls = toset([ + "privatelink.monitor.azure.com", + "privatelink.oms.opinsights.azure.com", + "privatelink.ods.opinsights.azure.com", + "privatelink.agentsvc.azure-automation.net", + "privatelink.blob.core.windows.net", + ]) +} + +resource "azurerm_private_endpoint" "pe-ampls" { + name = "pe-ampls" + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location + subnet_id = azurerm_subnet.snet-pe.id + + private_service_connection { + name = "connection" + is_manual_connection = false + subresource_names = ["azuremonitor"] + private_connection_resource_id = azurerm_monitor_private_link_scope.ampls.id + } + + private_dns_zone_group { + name = "private-dns-zone" + private_dns_zone_ids = [for zone in azurerm_private_dns_zone.zones : zone.id] + } +} + +resource "azurerm_private_dns_zone" "zones" { + for_each = local.dns_zones_ampls + name = each.value + resource_group_name = azurerm_resource_group.rg.name +} + +resource "azurerm_private_dns_zone_virtual_network_link" "link" { + for_each = azurerm_private_dns_zone.zones + name = "vnet-link-${each.key}" + private_dns_zone_name = each.value.name + resource_group_name = each.value.resource_group_name + virtual_network_id = azurerm_virtual_network.vnet.id +} diff --git a/88_prometheus_grafana_ampls/prometheus.tf b/88_prometheus_grafana_ampls/prometheus.tf new file mode 100644 index 0000000..1804c89 --- /dev/null +++ b/88_prometheus_grafana_ampls/prometheus.tf @@ -0,0 +1,224 @@ +resource "azurerm_monitor_workspace" "prometheus" { + name = "azure-prometheus" + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location + public_network_access_enabled = true # false # true +} + +resource "azurerm_role_assignment" "role_monitoring_data_reader_me" { + scope = azurerm_monitor_workspace.prometheus.id + role_definition_name = "Monitoring Data Reader" + principal_id = data.azurerm_client_config.current.object_id +} + +resource "azurerm_monitor_alert_prometheus_rule_group" "alert-prometheus-nodes" { + name = "NodeRecordingRulesRuleGroup" + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location + cluster_name = azurerm_kubernetes_cluster.aks.name + rule_group_enabled = true + interval = "PT1M" + scopes = [azurerm_monitor_workspace.prometheus.id] + + rule { + record = "instance:node_num_cpu:sum" + expression = "count without (cpu, mode) (node_cpu_seconds_total{job=\"node\",mode=\"idle\"})" + enabled = true + } + + rule { + record = "instance:node_cpu_utilisation:rate5m" + expression = "1 - avg without (cpu) (sum without (mode) (rate(node_cpu_seconds_total{job=\"node\", mode=~\"idle|iowait|steal\"}[5m])))" + enabled = true + } + + rule { + record = "instance:node_load1_per_cpu:ratio" + expression = "(node_load1{job=\"node\"}/ instance:node_num_cpu:sum{job=\"node\"})" + enabled = true + } + + rule { + record = "instance:node_memory_utilisation:ratio" + expression = "1 - ((node_memory_MemAvailable_bytes{job=\"node\"} or (node_memory_Buffers_bytes{job=\"node\"} + node_memory_Cached_bytes{job=\"node\"} + node_memory_MemFree_bytes{job=\"node\"} + node_memory_Slab_bytes{job=\"node\"})) / node_memory_MemTotal_bytes{job=\"node\"})" + enabled = true + } + + rule { + record = "instance:node_vmstat_pgmajfault:rate5m" + expression = "rate(node_vmstat_pgmajfault{job=\"node\"}[5m])" + enabled = true + } + + rule { + record = "instance_device:node_disk_io_time_seconds:rate5m" + expression = "rate(node_disk_io_time_seconds_total{job=\"node\", device!=\"\"}[5m])" + enabled = true + } + + rule { + record = "instance_device:node_disk_io_time_weighted_seconds:rate5m" + expression = "rate(node_disk_io_time_weighted_seconds_total{job=\"node\", device!=\"\"}[5m])" + enabled = true + } + + rule { + record = "instance:node_network_receive_bytes_excluding_lo:rate5m" + expression = "sum without (device) (rate(node_network_receive_bytes_total{job=\"node\", device!=\"lo\"}[5m]))" + enabled = true + } + + rule { + record = "instance:node_network_transmit_bytes_excluding_lo:rate5m" + expression = "sum without (device) (rate(node_network_transmit_bytes_total{job=\"node\", device!=\"lo\"}[5m]))" + enabled = true + } + + rule { + record = "instance:node_network_receive_drop_excluding_lo:rate5m" + expression = "sum without (device) (rate(node_network_receive_drop_total{job=\"node\", device!=\"lo\"}[5m]))" + enabled = true + } + + rule { + record = "instance:node_network_transmit_drop_excluding_lo:rate5m" + expression = "sum without (device) (rate(node_network_transmit_drop_total{job=\"node\", device!=\"lo\"}[5m]))" + enabled = true + } +} + +resource "azurerm_monitor_alert_prometheus_rule_group" "alert-prometheus-k8s" { + name = "KubernetesRecordingRulesRuleGroup" + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location + cluster_name = azurerm_kubernetes_cluster.aks.name + rule_group_enabled = true + interval = "PT1M" + scopes = [azurerm_monitor_workspace.prometheus.id] + + rule { + record = "node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate" + expression = "sum by (cluster, namespace, pod, container) (irate(container_cpu_usage_seconds_total{job=\"cadvisor\", image!=\"\"}[5m])) * on (cluster, namespace, pod) group_left(node) topk by (cluster, namespace, pod) (1, max by(cluster, namespace, pod, node) (kube_pod_info{node!=\"\"}))" + enabled = true + } + + rule { + record = "node_namespace_pod_container:container_memory_working_set_bytes" + expression = "container_memory_working_set_bytes{job=\"cadvisor\", image!=\"\"}* on (namespace, pod) group_left(node) topk by(namespace, pod) (1, max by(namespace, pod, node) (kube_pod_info{node!=\"\"}))" + enabled = true + } + + rule { + record = "node_namespace_pod_container:container_memory_rss" + expression = "container_memory_rss{job=\"cadvisor\", image!=\"\"}* on (namespace, pod) group_left(node) topk by(namespace, pod) (1, max by(namespace, pod, node) (kube_pod_info{node!=\"\"}))" + enabled = true + } + + rule { + record = "node_namespace_pod_container:container_memory_cache" + expression = "container_memory_cache{job=\"cadvisor\", image!=\"\"}* on (namespace, pod) group_left(node) topk by(namespace, pod) (1, max by(namespace, pod, node) (kube_pod_info{node!=\"\"}))" + enabled = true + } + + rule { + record = "node_namespace_pod_container:container_memory_swap" + expression = "container_memory_swap{job=\"cadvisor\", image!=\"\"}* on (namespace, pod) group_left(node) topk by(namespace, pod) (1, max by(namespace, pod, node) (kube_pod_info{node!=\"\"}))" + enabled = true + } + + rule { + record = "cluster:namespace:pod_memory:active:kube_pod_container_resource_requests" + expression = "kube_pod_container_resource_requests{resource=\"memory\",job=\"kube-state-metrics\"} * on(namespace, pod, cluster)group_left() max by (namespace, pod, cluster) ((kube_pod_status_phase{phase=~\"Pending|Running\"} == 1))" + enabled = true + } + + rule { + record = "namespace_memory:kube_pod_container_resource_requests:sum" + expression = "sum by (namespace, cluster) (sum by (namespace, pod, cluster) (max by (namespace, pod, container, cluster) (kube_pod_container_resource_requests{resource=\"memory\",job=\"kube-state-metrics\"}) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) (kube_pod_status_phase{phase=~\"Pending|Running\"} == 1)))" + enabled = true + } + + rule { + record = "cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests" + expression = "kube_pod_container_resource_requests{resource=\"cpu\",job=\"kube-state-metrics\"} * on (namespace, pod, cluster)group_left() max by (namespace, pod, cluster) ((kube_pod_status_phase{phase=~\"Pending|Running\"} == 1))" + enabled = true + } + + rule { + record = "namespace_cpu:kube_pod_container_resource_requests:sum" + expression = "sum by (namespace, cluster) (sum by(namespace, pod, cluster) (max by(namespace, pod, container, cluster) (kube_pod_container_resource_requests{resource=\"cpu\",job=\"kube-state-metrics\"}) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) (kube_pod_status_phase{phase=~\"Pending|Running\"} == 1)))" + enabled = true + } + + rule { + record = "cluster:namespace:pod_memory:active:kube_pod_container_resource_limits" + expression = "kube_pod_container_resource_limits{resource=\"memory\",job=\"kube-state-metrics\"} * on (namespace, pod, cluster)group_left() max by (namespace, pod, cluster) ((kube_pod_status_phase{phase=~\"Pending|Running\"} == 1))" + enabled = true + } + + rule { + record = "namespace_memory:kube_pod_container_resource_limits:sum" + expression = "sum by (namespace, cluster) (sum by (namespace, pod, cluster) (max by (namespace, pod, container, cluster) (kube_pod_container_resource_limits{resource=\"memory\",job=\"kube-state-metrics\"}) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) (kube_pod_status_phase{phase=~\"Pending|Running\"} == 1)))" + enabled = true + } + + rule { + record = "cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits" + expression = "kube_pod_container_resource_limits{resource=\"cpu\",job=\"kube-state-metrics\"} * on (namespace, pod, cluster)group_left() max by (namespace, pod, cluster) ( (kube_pod_status_phase{phase=~\"Pending|Running\"} == 1) )" + enabled = true + } + + rule { + record = "namespace_cpu:kube_pod_container_resource_limits:sum" + expression = "sum by (namespace, cluster) (sum by (namespace, pod, cluster) (max by(namespace, pod, container, cluster) (kube_pod_container_resource_limits{resource=\"cpu\",job=\"kube-state-metrics\"}) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) (kube_pod_status_phase{phase=~\"Pending|Running\"} == 1)))" + enabled = true + } + + rule { + record = "namespace_workload_pod:kube_pod_owner:relabel" + expression = "max by (cluster, namespace, workload, pod) (label_replace(label_replace(kube_pod_owner{job=\"kube-state-metrics\", owner_kind=\"ReplicaSet\"}, \"replicaset\", \"$1\", \"owner_name\", \"(.*)\") * on(replicaset, namespace) group_left(owner_name) topk by(replicaset, namespace) (1, max by (replicaset, namespace, owner_name) (kube_replicaset_owner{job=\"kube-state-metrics\"})), \"workload\", \"$1\", \"owner_name\", \"(.*)\"))" + labels = { + "workload_type" = "deployment" + } + enabled = true + } + + rule { + record = "namespace_workload_pod:kube_pod_owner:relabel" + expression = "max by (cluster, namespace, workload, pod) (label_replace(kube_pod_owner{job=\"kube-state-metrics\", owner_kind=\"DaemonSet\"}, \"workload\", \"$1\", \"owner_name\", \"(.*)\"))" + labels = { + "workload_type" = "daemonset" + } + enabled = true + } + + rule { + record = "namespace_workload_pod:kube_pod_owner:relabel" + expression = "max by (cluster, namespace, workload, pod) (label_replace(kube_pod_owner{job=\"kube-state-metrics\", owner_kind=\"StatefulSet\"}, \"workload\", \"$1\", \"owner_name\", \"(.*)\"))" + labels = { + "workload_type" = "statefulset" + } + enabled = true + } + + rule { + record = "namespace_workload_pod:kube_pod_owner:relabel" + expression = "max by (cluster, namespace, workload, pod) (label_replace(kube_pod_owner{job=\"kube-state-metrics\", owner_kind=\"Job\"}, \"workload\", \"$1\", \"owner_name\", \"(.*)\"))" + labels = { + "workload_type" = "job" + } + enabled = true + } + + rule { + record = ":node_memory_MemAvailable_bytes:sum" + expression = "sum(node_memory_MemAvailable_bytes{job=\"node\"} or (node_memory_Buffers_bytes{job=\"node\"} + node_memory_Cached_bytes{job=\"node\"} + node_memory_MemFree_bytes{job=\"node\"} + node_memory_Slab_bytes{job=\"node\"})) by (cluster)" + enabled = true + } + + rule { + record = "cluster:node_cpu:ratio_rate5m" + expression = "sum(rate(node_cpu_seconds_total{job=\"node\",mode!=\"idle\",mode!=\"iowait\",mode!=\"steal\"}[5m])) by (cluster) /count(sum(node_cpu_seconds_total{job=\"node\"}) by (cluster, instance, cpu)) by (cluster)" + enabled = true + } +} diff --git a/88_prometheus_grafana_ampls/providers.tf b/88_prometheus_grafana_ampls/providers.tf new file mode 100644 index 0000000..df6204a --- /dev/null +++ b/88_prometheus_grafana_ampls/providers.tf @@ -0,0 +1,25 @@ +terraform { + + required_version = ">= 1.2.8" + + required_providers { + + azurerm = { + source = "hashicorp/azurerm" + version = "= 3.94.0" + } + + azuread = { + source = "hashicorp/azuread" + version = "= 2.47.0" + } + } +} + +provider "azurerm" { + features {} +} + +# Configure the Azure Active Directory Provider +provider "azuread" { # default takes current user/identity tenant +} diff --git a/88_prometheus_grafana_ampls/rg.tf b/88_prometheus_grafana_ampls/rg.tf new file mode 100644 index 0000000..a5465f3 --- /dev/null +++ b/88_prometheus_grafana_ampls/rg.tf @@ -0,0 +1,10 @@ +resource "azurerm_resource_group" "rg" { + name = "rg-aks-monitoring-${var.prefix}" + location = "swedencentral" +} + +resource "azurerm_resource_group" "rg-jumpbox" { + name = "rg-jumpbox-${var.prefix}" + location = "swedencentral" +} + diff --git a/88_prometheus_grafana_ampls/variables.tf b/88_prometheus_grafana_ampls/variables.tf new file mode 100644 index 0000000..7358604 --- /dev/null +++ b/88_prometheus_grafana_ampls/variables.tf @@ -0,0 +1,3 @@ +variable "prefix" { + default = 900 +} \ No newline at end of file diff --git a/88_prometheus_grafana_ampls/vnet.tf b/88_prometheus_grafana_ampls/vnet.tf new file mode 100644 index 0000000..09af5b5 --- /dev/null +++ b/88_prometheus_grafana_ampls/vnet.tf @@ -0,0 +1,29 @@ +resource "azurerm_virtual_network" "vnet" { + name = "vnet-aks" + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location + address_space = ["10.10.0.0/16"] +} + +resource "azurerm_subnet" "snet-aks" { + name = "snet-aks" + virtual_network_name = azurerm_virtual_network.vnet.name + resource_group_name = azurerm_virtual_network.vnet.resource_group_name + address_prefixes = ["10.10.0.0/24"] +} + +resource "azurerm_subnet" "snet-pe" { + name = "snet-pe" + virtual_network_name = azurerm_virtual_network.vnet.name + resource_group_name = azurerm_virtual_network.vnet.resource_group_name + address_prefixes = ["10.10.1.0/24"] + + private_link_service_network_policies_enabled = false +} + +resource "azurerm_subnet" "snet-bastion" { + name = "AzureBastionSubnet" + virtual_network_name = azurerm_virtual_network.vnet.name + resource_group_name = azurerm_virtual_network.vnet.resource_group_name + address_prefixes = ["10.10.2.0/24"] +} diff --git a/85_prometheus_grafana_private_endpoint/windows-vm.tf b/88_prometheus_grafana_ampls/windows-vm.tf similarity index 58% rename from 85_prometheus_grafana_private_endpoint/windows-vm.tf rename to 88_prometheus_grafana_ampls/windows-vm.tf index 968356f..99dd284 100644 --- a/85_prometheus_grafana_private_endpoint/windows-vm.tf +++ b/88_prometheus_grafana_ampls/windows-vm.tf @@ -1,7 +1,7 @@ resource "azurerm_network_interface" "nic-vm" { - name = "nic-vm-windows" - resource_group_name = azurerm_resource_group.rg_aks_cluster.name - location = azurerm_resource_group.rg_aks_cluster.location + name = "nic-vm-windows" + resource_group_name = azurerm_resource_group.rg-jumpbox.name + location = azurerm_resource_group.rg-jumpbox.location ip_configuration { name = "internal" @@ -12,16 +12,16 @@ resource "azurerm_network_interface" "nic-vm" { resource "azurerm_windows_virtual_machine" "vm" { name = "vm-jumpbox-w11" - resource_group_name = azurerm_resource_group.rg_aks_cluster.name - location = azurerm_resource_group.rg_aks_cluster.location - size = "Standard_B2ats_v2" + resource_group_name = azurerm_resource_group.rg-jumpbox.name + location = azurerm_resource_group.rg-jumpbox.location + size = "Standard_B2als_v2" # "Standard_B2ats_v2" admin_username = "azureuser" admin_password = "@Aa123456789" network_interface_ids = [azurerm_network_interface.nic-vm.id] priority = "Spot" eviction_policy = "Deallocate" -# custom_data = filebase64("../scripts/install-tools-windows.ps1") + # custom_data = filebase64("../scripts/install-tools-windows.ps1") os_disk { name = "os-disk-vm" @@ -36,9 +36,9 @@ resource "azurerm_windows_virtual_machine" "vm" { version = "latest" } - boot_diagnostics { - storage_account_uri = null - } + # boot_diagnostics { + # storage_account_uri = null + # } } # resource "azurerm_virtual_machine_extension" "cloudinit" { @@ -53,3 +53,18 @@ resource "azurerm_windows_virtual_machine" "vm" { # } # SETTINGS # } + +data "azurerm_virtual_machine" "vm" { + name = azurerm_windows_virtual_machine.vm.name + resource_group_name = azurerm_windows_virtual_machine.vm.resource_group_name +} + +check "check_vm_state" { + assert { + condition = data.azurerm_virtual_machine.vm.power_state == "running" + error_message = format("Virtual Machine (%s) should be in a 'running' status, instead state is '%s'", + data.azurerm_virtual_machine.vm.id, + data.azurerm_virtual_machine.vm.power_state + ) + } +}