From b6a0fa8a76988ba7f3f001d797f80dd55ba912f9 Mon Sep 17 00:00:00 2001 From: chenxing Date: Fri, 14 Jul 2017 13:29:37 +0000 Subject: [PATCH] import the admin guide content from openstack-manuals Neutron repository has the networking guide in admin/, so we cannot just import the admin guide contents into admin/ as it potentially breaks the existing document structure of the networking guide. This commit imports the admin guide into admin/archives directory so that the team can migrate them into the networking guide after careful reviews. Co-Authored-By: Akihiro Motoki Change-Id: I1f99f225a6f58654911ed827f51d3d4de67f405d --- doc/source/admin/archives/adv-config.rst | 57 ++ doc/source/admin/archives/adv-features.rst | 854 ++++++++++++++++++ .../archives/adv-operational-features.rst | 123 +++ doc/source/admin/archives/arch.rst | 88 ++ doc/source/admin/archives/auth.rst | 175 ++++ doc/source/admin/archives/config-agents.rst | 505 +++++++++++ doc/source/admin/archives/config-identity.rst | 306 +++++++ doc/source/admin/archives/config-plugins.rst | 246 +++++ .../archives/figures/vmware_nsx_ex1.graffle | Bin 0 -> 3732 bytes .../admin/archives/figures/vmware_nsx_ex1.png | Bin 0 -> 103806 bytes .../admin/archives/figures/vmware_nsx_ex1.svg | 3 + .../archives/figures/vmware_nsx_ex2.graffle | Bin 0 -> 3594 bytes .../admin/archives/figures/vmware_nsx_ex2.png | Bin 0 -> 93105 bytes .../admin/archives/figures/vmware_nsx_ex2.svg | 3 + doc/source/admin/archives/index.rst | 23 + doc/source/admin/archives/introduction.rst | 228 +++++ .../admin/archives/multi-dhcp-agents.rst | 7 + doc/source/admin/archives/use.rst | 347 +++++++ doc/source/admin/index.rst | 1 + 19 files changed, 2966 insertions(+) create mode 100644 doc/source/admin/archives/adv-config.rst create mode 100644 doc/source/admin/archives/adv-features.rst create mode 100644 doc/source/admin/archives/adv-operational-features.rst create mode 100644 doc/source/admin/archives/arch.rst create mode 100644 doc/source/admin/archives/auth.rst create mode 100644 doc/source/admin/archives/config-agents.rst create mode 100644 doc/source/admin/archives/config-identity.rst create mode 100644 doc/source/admin/archives/config-plugins.rst create mode 100644 doc/source/admin/archives/figures/vmware_nsx_ex1.graffle create mode 100644 doc/source/admin/archives/figures/vmware_nsx_ex1.png create mode 100644 doc/source/admin/archives/figures/vmware_nsx_ex1.svg create mode 100644 doc/source/admin/archives/figures/vmware_nsx_ex2.graffle create mode 100644 doc/source/admin/archives/figures/vmware_nsx_ex2.png create mode 100644 doc/source/admin/archives/figures/vmware_nsx_ex2.svg create mode 100644 doc/source/admin/archives/index.rst create mode 100644 doc/source/admin/archives/introduction.rst create mode 100644 doc/source/admin/archives/multi-dhcp-agents.rst create mode 100644 doc/source/admin/archives/use.rst diff --git a/doc/source/admin/archives/adv-config.rst b/doc/source/admin/archives/adv-config.rst new file mode 100644 index 00000000000..3539a6ad06c --- /dev/null +++ b/doc/source/admin/archives/adv-config.rst @@ -0,0 +1,57 @@ +============================== +Advanced configuration options +============================== + +This section describes advanced configuration options for various system +components. For example, configuration options where the default works +but that the user wants to customize options. After installing from +packages, ``$NEUTRON_CONF_DIR`` is ``/etc/neutron``. + +L3 metering agent +~~~~~~~~~~~~~~~~~ + +You can run an L3 metering agent that enables layer-3 traffic metering. +In general, you should launch the metering agent on all nodes that run +the L3 agent: + +.. code-block:: console + + $ neutron-metering-agent --config-file NEUTRON_CONFIG_FILE \ + --config-file L3_METERING_CONFIG_FILE + +You must configure a driver that matches the plug-in that runs on the +service. The driver adds metering to the routing interface. + ++------------------------------------------+---------------------------------+ +| Option | Value | ++==========================================+=================================+ +| **Open vSwitch** | | ++------------------------------------------+---------------------------------+ +| interface\_driver | | +| ($NEUTRON\_CONF\_DIR/metering\_agent.ini)| openvswitch | ++------------------------------------------+---------------------------------+ +| **Linux Bridge** | | ++------------------------------------------+---------------------------------+ +| interface\_driver | | +| ($NEUTRON\_CONF\_DIR/metering\_agent.ini)| linuxbridge | ++------------------------------------------+---------------------------------+ + +L3 metering driver +------------------ + +You must configure any driver that implements the metering abstraction. +Currently the only available implementation uses iptables for metering. + +.. code-block:: ini + + driver = iptables + +L3 metering service driver +-------------------------- + +To enable L3 metering, you must set the following option in the +``neutron.conf`` file on the host that runs ``neutron-server``: + +.. code-block:: ini + + service_plugins = metering diff --git a/doc/source/admin/archives/adv-features.rst b/doc/source/admin/archives/adv-features.rst new file mode 100644 index 00000000000..1f6e1a2bffe --- /dev/null +++ b/doc/source/admin/archives/adv-features.rst @@ -0,0 +1,854 @@ +.. _adv-features: + +======================================== +Advanced features through API extensions +======================================== + +Several plug-ins implement API extensions that provide capabilities +similar to what was available in ``nova-network``. These plug-ins are likely +to be of interest to the OpenStack community. + +Provider networks +~~~~~~~~~~~~~~~~~ + +Networks can be categorized as either project networks or provider +networks. Project networks are created by normal users and details about +how they are physically realized are hidden from those users. Provider +networks are created with administrative credentials, specifying the +details of how the network is physically realized, usually to match some +existing network in the data center. + +Provider networks enable administrators to create networks that map +directly to the physical networks in the data center. +This is commonly used to give projects direct access to a public network +that can be used to reach the Internet. It might also be used to +integrate with VLANs in the network that already have a defined meaning +(for example, enable a VM from the marketing department to be placed +on the same VLAN as bare-metal marketing hosts in the same data center). + +The provider extension allows administrators to explicitly manage the +relationship between Networking virtual networks and underlying physical +mechanisms such as VLANs and tunnels. When this extension is supported, +Networking client users with administrative privileges see additional +provider attributes on all virtual networks and are able to specify +these attributes in order to create provider networks. + +The provider extension is supported by the Open vSwitch and Linux Bridge +plug-ins. Configuration of these plug-ins requires familiarity with this +extension. + +Terminology +----------- + +A number of terms are used in the provider extension and in the +configuration of plug-ins supporting the provider extension: + +.. list-table:: **Provider extension terminology** + :widths: 30 70 + :header-rows: 1 + + * - Term + - Description + * - virtual network + - A Networking L2 network (identified by a UUID and optional name) whose + ports can be attached as vNICs to Compute instances and to various + Networking agents. The Open vSwitch and Linux Bridge plug-ins each + support several different mechanisms to realize virtual networks. + * - physical network + - A network connecting virtualization hosts (such as compute nodes) with + each other and with other network resources. Each physical network might + support multiple virtual networks. The provider extension and the plug-in + configurations identify physical networks using simple string names. + * - project network + - A virtual network that a project or an administrator creates. The + physical details of the network are not exposed to the project. + * - provider network + - A virtual network administratively created to map to a specific network + in the data center, typically to enable direct access to non-OpenStack + resources on that network. Project can be given access to provider + networks. + * - VLAN network + - A virtual network implemented as packets on a specific physical network + containing IEEE 802.1Q headers with a specific VID field value. VLAN + networks sharing the same physical network are isolated from each other + at L2 and can even have overlapping IP address spaces. Each distinct + physical network supporting VLAN networks is treated as a separate VLAN + trunk, with a distinct space of VID values. Valid VID values are 1 + through 4094. + * - flat network + - A virtual network implemented as packets on a specific physical network + containing no IEEE 802.1Q header. Each physical network can realize at + most one flat network. + * - local network + - A virtual network that allows communication within each host, but not + across a network. Local networks are intended mainly for single-node test + scenarios, but can have other uses. + * - GRE network + - A virtual network implemented as network packets encapsulated using + GRE. GRE networks are also referred to as *tunnels*. GRE tunnel packets + are routed by the IP routing table for the host, so GRE networks are not + associated by Networking with specific physical networks. + * - Virtual Extensible LAN (VXLAN) network + - VXLAN is a proposed encapsulation protocol for running an overlay network + on existing Layer 3 infrastructure. An overlay network is a virtual + network that is built on top of existing network Layer 2 and Layer 3 + technologies to support elastic compute architectures. + +The ML2, Open vSwitch, and Linux Bridge plug-ins support VLAN networks, +flat networks, and local networks. Only the ML2 and Open vSwitch +plug-ins currently support GRE and VXLAN networks, provided that the +required features exist in the hosts Linux kernel, Open vSwitch, and +iproute2 packages. + +Provider attributes +------------------- + +The provider extension extends the Networking network resource with +these attributes: + + +.. list-table:: **Provider network attributes** + :widths: 10 10 10 49 + :header-rows: 1 + + * - Attribute name + - Type + - Default Value + - Description + * - provider: network\_type + - String + - N/A + - The physical mechanism by which the virtual network is implemented. + Possible values are ``flat``, ``vlan``, ``local``, ``gre``, and + ``vxlan``, corresponding to flat networks, VLAN networks, local + networks, GRE networks, and VXLAN networks as defined above. + All types of provider networks can be created by administrators, + while project networks can be implemented as ``vlan``, ``gre``, + ``vxlan``, or ``local`` network types depending on plug-in + configuration. + * - provider: physical_network + - String + - If a physical network named "default" has been configured and + if provider:network_type is ``flat`` or ``vlan``, then "default" + is used. + - The name of the physical network over which the virtual network + is implemented for flat and VLAN networks. Not applicable to the + ``local`` or ``gre`` network types. + * - provider:segmentation_id + - Integer + - N/A + - For VLAN networks, the VLAN VID on the physical network that + realizes the virtual network. Valid VLAN VIDs are 1 through 4094. + For GRE networks, the tunnel ID. Valid tunnel IDs are any 32 bit + unsigned integer. Not applicable to the ``flat`` or ``local`` + network types. + +To view or set provider extended attributes, a client must be authorized +for the ``extension:provider_network:view`` and +``extension:provider_network:set`` actions in the Networking policy +configuration. The default Networking configuration authorizes both +actions for users with the admin role. An authorized client or an +administrative user can view and set the provider extended attributes +through Networking API calls. See the section called +:ref:`Authentication and authorization` for details on policy configuration. + +.. _L3-routing-and-NAT: + +L3 routing and NAT +~~~~~~~~~~~~~~~~~~ + +The Networking API provides abstract L2 network segments that are +decoupled from the technology used to implement the L2 network. +Networking includes an API extension that provides abstract L3 routers +that API users can dynamically provision and configure. These Networking +routers can connect multiple L2 Networking networks and can also provide +a gateway that connects one or more private L2 networks to a shared +external network. For example, a public network for access to the +Internet. See the `OpenStack Configuration Reference `_ for details on common +models of deploying Networking L3 routers. + +The L3 router provides basic NAT capabilities on gateway ports that +uplink the router to external networks. This router SNATs all traffic by +default and supports floating IPs, which creates a static one-to-one +mapping from a public IP on the external network to a private IP on one +of the other subnets attached to the router. This allows a project to +selectively expose VMs on private networks to other hosts on the +external network (and often to all hosts on the Internet). You can +allocate and map floating IPs from one port to another, as needed. + +Basic L3 operations +------------------- + +External networks are visible to all users. However, the default policy +settings enable only administrative users to create, update, and delete +external networks. + +This table shows example :command:`openstack` commands that enable you +to complete basic L3 operations: + +.. list-table:: **Basic L3 Operations** + :widths: 30 50 + :header-rows: 1 + + * - Operation + - Command + * - Creates external networks. + - .. code-block:: console + + $ openstack network create public --external + $ openstack subnet create --network public --subnet-range 172.16.1.0/24 subnetname + * - Lists external networks. + - .. code-block:: console + + $ openstack network list --external + * - Creates an internal-only router that connects to multiple L2 networks privately. + - .. code-block:: console + + $ openstack network create net1 + $ openstack subnet create --network net1 --subnet-range 10.0.0.0/24 subnetname1 + $ openstack network create net2 + $ openstack subnet create --network net2 --subnet-range 10.0.1.0/24 subnetname2 + $ openstack router create router1 + $ openstack router add subnet router1 subnetname1 + $ openstack router add subnet router1 subnetname2 + + An internal router port can have only one IPv4 subnet and multiple IPv6 subnets + that belong to the same network ID. When you call ``router-interface-add`` with an IPv6 + subnet, this operation adds the interface to an existing internal port with the same + network ID. If a port with the same network ID does not exist, a new port is created. + + * - Connects a router to an external network, which enables that router to + act as a NAT gateway for external connectivity. + - .. code-block:: console + + $ openstack router set --external-gateway EXT_NET_ID router1 + $ openstack router set --route destination=172.24.4.0/24,gateway=172.24.4.1 router1 + + The router obtains an interface with the gateway_ip address of the + subnet and this interface is attached to a port on the L2 Networking + network associated with the subnet. The router also gets a gateway + interface to the specified external network. This provides SNAT + connectivity to the external network as well as support for floating + IPs allocated on that external networks. Commonly an external network + maps to a network in the provider. + + * - Lists routers. + - .. code-block:: console + + $ openstack router list + * - Shows information for a specified router. + - .. code-block:: console + + $ openstack router show ROUTER_ID + * - Shows all internal interfaces for a router. + - .. code-block:: console + + $ openstack port list --router ROUTER_ID + $ openstack port list --router ROUTER_NAME + * - Identifies the PORT_ID that represents the VM NIC to which the floating + IP should map. + - .. code-block:: console + + $ openstack port list -c ID -c "Fixed IP Addresses" --server INSTANCE_ID + + This port must be on a Networking subnet that is attached to + a router uplinked to the external network used to create the floating + IP. Conceptually, this is because the router must be able to perform the + Destination NAT (DNAT) rewriting of packets from the floating IP address + (chosen from a subnet on the external network) to the internal fixed + IP (chosen from a private subnet that is behind the router). + + * - Creates a floating IP address and associates it with a port. + - .. code-block:: console + + $ openstack floating ip create EXT_NET_ID + $ openstack floating ip add port FLOATING_IP_ID --port-id INTERNAL_VM_PORT_ID + + * - Creates a floating IP on a specific subnet in the external network. + - .. code-block:: console + + $ openstack floating ip create EXT_NET_ID --subnet SUBNET_ID + + If there are multiple subnets in the external network, you can choose a specific + subnet based on quality and costs. + + * - Creates a floating IP address and associates it with a port, in a single step. + - .. code-block:: console + + $ openstack floating ip create --port INTERNAL_VM_PORT_ID EXT_NET_ID + * - Lists floating IPs + - .. code-block:: console + + $ openstack floating ip list + * - Finds floating IP for a specified VM port. + - .. code-block:: console + + $ openstack floating ip list --port INTERNAL_VM_PORT_ID + * - Disassociates a floating IP address. + - .. code-block:: console + + $ openstack floating ip remove port FLOATING_IP_ID + * - Deletes the floating IP address. + - .. code-block:: console + + $ openstack floating ip delete FLOATING_IP_ID + * - Clears the gateway. + - .. code-block:: console + + $ openstack router unset --external-gateway router1 + * - Removes the interfaces from the router. + - .. code-block:: console + + $ openstack router remove subnet router1 SUBNET_ID + + If this subnet ID is the last subnet on the port, this operation deletes the port itself. + + * - Deletes the router. + - .. code-block:: console + + $ openstack router delete router1 + +Security groups +~~~~~~~~~~~~~~~ + +Security groups and security group rules allow administrators and +projects to specify the type of traffic and direction +(ingress/egress) that is allowed to pass through a port. A security +group is a container for security group rules. + +When a port is created in Networking it is associated with a security +group. If a security group is not specified the port is associated with +a 'default' security group. By default, this group drops all ingress +traffic and allows all egress. Rules can be added to this group in order +to change the behavior. + +To use the Compute security group APIs or use Compute to orchestrate the +creation of ports for instances on specific security groups, you must +complete additional configuration. You must configure the +``/etc/nova/nova.conf`` file and set the ``security_group_api=neutron`` +option on every node that runs nova-compute and nova-api. After you make +this change, restart nova-api and nova-compute to pick up this change. +Then, you can use both the Compute and OpenStack Network security group +APIs at the same time. + +.. note:: + + - To use the Compute security group API with Networking, the + Networking plug-in must implement the security group API. The + following plug-ins currently implement this: ML2, Open vSwitch, + Linux Bridge, NEC, and VMware NSX. + + - You must configure the correct firewall driver in the + ``securitygroup`` section of the plug-in/agent configuration + file. Some plug-ins and agents, such as Linux Bridge Agent and + Open vSwitch Agent, use the no-operation driver as the default, + which results in non-working security groups. + + - When using the security group API through Compute, security + groups are applied to all ports on an instance. The reason for + this is that Compute security group APIs are instances based and + not port based as Networking. + +Basic security group operations +------------------------------- + +This table shows example neutron commands that enable you to complete +basic security group operations: + +.. list-table:: **Basic security group operations** + :widths: 30 50 + :header-rows: 1 + + * - Operation + - Command + * - Creates a security group for our web servers. + - .. code-block:: console + + $ openstack security group create webservers \ + --description "security group for webservers" + * - Lists security groups. + - .. code-block:: console + + $ openstack security group list + * - Creates a security group rule to allow port 80 ingress. + - .. code-block:: console + + $ openstack security group rule create --ingress \ + --protocol tcp SECURITY_GROUP_UUID + * - Lists security group rules. + - .. code-block:: console + + $ openstack security group rule list + * - Deletes a security group rule. + - .. code-block:: console + + $ openstack security group rule delete SECURITY_GROUP_RULE_UUID + * - Deletes a security group. + - .. code-block:: console + + $ openstack security group delete SECURITY_GROUP_UUID + * - Creates a port and associates two security groups. + - .. code-block:: console + + $ openstack port create port1 --security-group SECURITY_GROUP_ID1 \ + --security-group SECURITY_GROUP_ID2 --network NETWORK_ID + * - Removes security groups from a port. + - .. code-block:: console + + $ openstack port set --no-security-group PORT_ID + +Basic Load-Balancer-as-a-Service operations +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. note:: + + The Load-Balancer-as-a-Service (LBaaS) API provisions and configures + load balancers. The reference implementation is based on the HAProxy + software load balancer. + +This list shows example neutron commands that enable you to complete +basic LBaaS operations: + +- Creates a load balancer pool by using specific provider. + + ``--provider`` is an optional argument. If not used, the pool is + created with default provider for LBaaS service. You should configure + the default provider in the ``[service_providers]`` section of the + ``neutron.conf`` file. If no default provider is specified for LBaaS, + the ``--provider`` parameter is required for pool creation. + + .. code-block:: console + + $ neutron lb-pool-create --lb-method ROUND_ROBIN --name mypool \ + --protocol HTTP --subnet-id SUBNET_UUID --provider PROVIDER_NAME + +- Associates two web servers with pool. + + .. code-block:: console + + $ neutron lb-member-create --address WEBSERVER1_IP --protocol-port 80 mypool + $ neutron lb-member-create --address WEBSERVER2_IP --protocol-port 80 mypool + +- Creates a health monitor that checks to make sure our instances are + still running on the specified protocol-port. + + .. code-block:: console + + $ neutron lb-healthmonitor-create --delay 3 --type HTTP --max-retries 3 \ + --timeout 3 + +- Associates a health monitor with pool. + + .. code-block:: console + + $ neutron lb-healthmonitor-associate HEALTHMONITOR_UUID mypool + +- Creates a virtual IP (VIP) address that, when accessed through the + load balancer, directs the requests to one of the pool members. + + .. code-block:: console + + $ neutron lb-vip-create --name myvip --protocol-port 80 --protocol \ + HTTP --subnet-id SUBNET_UUID mypool + +Plug-in specific extensions +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Each vendor can choose to implement additional API extensions to the +core API. This section describes the extensions for each plug-in. + +VMware NSX extensions +--------------------- + +These sections explain NSX plug-in extensions. + +VMware NSX QoS extension +^^^^^^^^^^^^^^^^^^^^^^^^ + +The VMware NSX QoS extension rate-limits network ports to guarantee a +specific amount of bandwidth for each port. This extension, by default, +is only accessible by a project with an admin role but is configurable +through the ``policy.json`` file. To use this extension, create a queue +and specify the min/max bandwidth rates (kbps) and optionally set the +QoS Marking and DSCP value (if your network fabric uses these values to +make forwarding decisions). Once created, you can associate a queue with +a network. Then, when ports are created on that network they are +automatically created and associated with the specific queue size that +was associated with the network. Because one size queue for a every port +on a network might not be optimal, a scaling factor from the nova flavor +``rxtx_factor`` is passed in from Compute when creating the port to scale +the queue. + +Lastly, if you want to set a specific baseline QoS policy for the amount +of bandwidth a single port can use (unless a network queue is specified +with the network a port is created on) a default queue can be created in +Networking which then causes ports created to be associated with a queue +of that size times the rxtx scaling factor. Note that after a network or +default queue is specified, queues are added to ports that are +subsequently created but are not added to existing ports. + +Basic VMware NSX QoS operations +''''''''''''''''''''''''''''''' + +This table shows example neutron commands that enable you to complete +basic queue operations: + +.. list-table:: **Basic VMware NSX QoS operations** + :widths: 30 50 + :header-rows: 1 + + * - Operation + - Command + * - Creates QoS queue (admin-only). + - .. code-block:: console + + $ neutron queue-create --min 10 --max 1000 myqueue + * - Associates a queue with a network. + - .. code-block:: console + + $ neutron net-create network --queue_id QUEUE_ID + * - Creates a default system queue. + - .. code-block:: console + + $ neutron queue-create --default True --min 10 --max 2000 default + * - Lists QoS queues. + - .. code-block:: console + + $ neutron queue-list + * - Deletes a QoS queue. + - .. code-block:: console + + $ neutron queue-delete QUEUE_ID_OR_NAME + +VMware NSX provider networks extension +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Provider networks can be implemented in different ways by the underlying +NSX platform. + +The *FLAT* and *VLAN* network types use bridged transport connectors. +These network types enable the attachment of large number of ports. To +handle the increased scale, the NSX plug-in can back a single OpenStack +Network with a chain of NSX logical switches. You can specify the +maximum number of ports on each logical switch in this chain on the +``max_lp_per_bridged_ls`` parameter, which has a default value of 5,000. + +The recommended value for this parameter varies with the NSX version +running in the back-end, as shown in the following table. + +**Recommended values for max_lp_per_bridged_ls** + ++---------------+---------------------+ +| NSX version | Recommended Value | ++===============+=====================+ +| 2.x | 64 | ++---------------+---------------------+ +| 3.0.x | 5,000 | ++---------------+---------------------+ +| 3.1.x | 5,000 | ++---------------+---------------------+ +| 3.2.x | 10,000 | ++---------------+---------------------+ + +In addition to these network types, the NSX plug-in also supports a +special *l3_ext* network type, which maps external networks to specific +NSX gateway services as discussed in the next section. + +VMware NSX L3 extension +^^^^^^^^^^^^^^^^^^^^^^^ + +NSX exposes its L3 capabilities through gateway services which are +usually configured out of band from OpenStack. To use NSX with L3 +capabilities, first create an L3 gateway service in the NSX Manager. +Next, in ``/etc/neutron/plugins/vmware/nsx.ini`` set +``default_l3_gw_service_uuid`` to this value. By default, routers are +mapped to this gateway service. + +VMware NSX L3 extension operations +'''''''''''''''''''''''''''''''''' + +Create external network and map it to a specific NSX gateway service: + +.. code-block:: console + + $ openstack network create public --external --provider-network-type l3_ext \ + --provider-physical-network L3_GATEWAY_SERVICE_UUID + +Terminate traffic on a specific VLAN from a NSX gateway service: + +.. code-block:: console + + $ openstack network create public --external --provider-network-type l3_ext \ + --provider-physical-network L3_GATEWAY_SERVICE_UUID --provider-segment VLAN_ID + +Operational status synchronization in the VMware NSX plug-in +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Starting with the Havana release, the VMware NSX plug-in provides an +asynchronous mechanism for retrieving the operational status for neutron +resources from the NSX back-end; this applies to *network*, *port*, and +*router* resources. + +The back-end is polled periodically and the status for every resource is +retrieved; then the status in the Networking database is updated only +for the resources for which a status change occurred. As operational +status is now retrieved asynchronously, performance for ``GET`` +operations is consistently improved. + +Data to retrieve from the back-end are divided in chunks in order to +avoid expensive API requests; this is achieved leveraging NSX APIs +response paging capabilities. The minimum chunk size can be specified +using a configuration option; the actual chunk size is then determined +dynamically according to: total number of resources to retrieve, +interval between two synchronization task runs, minimum delay between +two subsequent requests to the NSX back-end. + +The operational status synchronization can be tuned or disabled using +the configuration options reported in this table; it is however worth +noting that the default values work fine in most cases. + +.. list-table:: **Configuration options for tuning operational status synchronization in the NSX plug-in** + :widths: 10 10 10 10 35 + :header-rows: 1 + + * - Option name + - Group + - Default value + - Type and constraints + - Notes + * - ``state_sync_interval`` + - ``nsx_sync`` + - 10 seconds + - Integer; no constraint. + - Interval in seconds between two run of the synchronization task. If the + synchronization task takes more than ``state_sync_interval`` seconds to + execute, a new instance of the task is started as soon as the other is + completed. Setting the value for this option to 0 will disable the + synchronization task. + * - ``max_random_sync_delay`` + - ``nsx_sync`` + - 0 seconds + - Integer. Must not exceed ``min_sync_req_delay`` + - When different from zero, a random delay between 0 and + ``max_random_sync_delay`` will be added before processing the next + chunk. + * - ``min_sync_req_delay`` + - ``nsx_sync`` + - 1 second + - Integer. Must not exceed ``state_sync_interval``. + - The value of this option can be tuned according to the observed + load on the NSX controllers. Lower values will result in faster + synchronization, but might increase the load on the controller cluster. + * - ``min_chunk_size`` + - ``nsx_sync`` + - 500 resources + - Integer; no constraint. + - Minimum number of resources to retrieve from the back-end for each + synchronization chunk. The expected number of synchronization chunks + is given by the ratio between ``state_sync_interval`` and + ``min_sync_req_delay``. This size of a chunk might increase if the + total number of resources is such that more than ``min_chunk_size`` + resources must be fetched in one chunk with the current number of + chunks. + * - ``always_read_status`` + - ``nsx_sync`` + - False + - Boolean; no constraint. + - When this option is enabled, the operational status will always be + retrieved from the NSX back-end ad every ``GET`` request. In this + case it is advisable to disable the synchronization task. + +When running multiple OpenStack Networking server instances, the status +synchronization task should not run on every node; doing so sends +unnecessary traffic to the NSX back-end and performs unnecessary DB +operations. Set the ``state_sync_interval`` configuration option to a +non-zero value exclusively on a node designated for back-end status +synchronization. + +The ``fields=status`` parameter in Networking API requests always +triggers an explicit query to the NSX back end, even when you enable +asynchronous state synchronization. For example, ``GET +/v2.0/networks/NET_ID?fields=status&fields=name``. + +Big Switch plug-in extensions +----------------------------- + +This section explains the Big Switch neutron plug-in-specific extension. + +Big Switch router rules +^^^^^^^^^^^^^^^^^^^^^^^ + +Big Switch allows router rules to be added to each project router. These +rules can be used to enforce routing policies such as denying traffic +between subnets or traffic to external networks. By enforcing these at +the router level, network segmentation policies can be enforced across +many VMs that have differing security groups. + +Router rule attributes +'''''''''''''''''''''' + +Each project router has a set of router rules associated with it. Each +router rule has the attributes in this table. Router rules and their +attributes can be set using the :command:`neutron router-update` command, +through the horizon interface or the Networking API. + +.. list-table:: **Big Switch Router rule attributes** + :widths: 10 10 10 35 + :header-rows: 1 + + * - Attribute name + - Required + - Input type + - Description + * - source + - Yes + - A valid CIDR or one of the keywords 'any' or 'external' + - The network that a packet's source IP must match for the + rule to be applied. + * - destination + - Yes + - A valid CIDR or one of the keywords 'any' or 'external' + - The network that a packet's destination IP must match for the rule to + be applied. + * - action + - Yes + - 'permit' or 'deny' + - Determines whether or not the matched packets will allowed to cross the + router. + * - nexthop + - No + - A plus-separated (+) list of next-hop IP addresses. For example, + ``1.1.1.1+1.1.1.2``. + - Overrides the default virtual router used to handle traffic for packets + that match the rule. + +Order of rule processing +'''''''''''''''''''''''' + +The order of router rules has no effect. Overlapping rules are evaluated +using longest prefix matching on the source and destination fields. The +source field is matched first so it always takes higher precedence over +the destination field. In other words, longest prefix matching is used +on the destination field only if there are multiple matching rules with +the same source. + +Big Switch router rules operations +'''''''''''''''''''''''''''''''''' + +Router rules are configured with a router update operation in OpenStack +Networking. The update overrides any previous rules so all rules must be +provided at the same time. + +Update a router with rules to permit traffic by default but block +traffic from external networks to the 10.10.10.0/24 subnet: + +.. code-block:: console + + $ neutron router-update ROUTER_UUID --router_rules type=dict list=true \ + source=any,destination=any,action=permit \ + source=external,destination=10.10.10.0/24,action=deny + +Specify alternate next-hop addresses for a specific subnet: + +.. code-block:: console + + $ neutron router-update ROUTER_UUID --router_rules type=dict list=true \ + source=any,destination=any,action=permit \ + source=10.10.10.0/24,destination=any,action=permit,nexthops=10.10.10.254+10.10.10.253 + +Block traffic between two subnets while allowing everything else: + +.. code-block:: console + + $ neutron router-update ROUTER_UUID --router_rules type=dict list=true \ + source=any,destination=any,action=permit \ + source=10.10.10.0/24,destination=10.20.20.20/24,action=deny + +L3 metering +~~~~~~~~~~~ + +The L3 metering API extension enables administrators to configure IP +ranges and assign a specified label to them to be able to measure +traffic that goes through a virtual router. + +The L3 metering extension is decoupled from the technology that +implements the measurement. Two abstractions have been added: One is the +metering label that can contain metering rules. Because a metering label +is associated with a project, all virtual routers in this project are +associated with this label. + +Basic L3 metering operations +---------------------------- + +Only administrators can manage the L3 metering labels and rules. + +This table shows example :command:`neutron` commands that enable you to +complete basic L3 metering operations: + +.. list-table:: **Basic L3 operations** + :widths: 20 50 + :header-rows: 1 + + * - Operation + - Command + * - Creates a metering label. + - .. code-block:: console + + $ openstack network meter label create LABEL1 \ + --description "DESCRIPTION_LABEL1" + * - Lists metering labels. + - .. code-block:: console + + $ openstack network meter label list + * - Shows information for a specified label. + - .. code-block:: console + + $ openstack network meter label show LABEL_UUID + $ openstack network meter label show LABEL1 + * - Deletes a metering label. + - .. code-block:: console + + $ openstack network meter label delete LABEL_UUID + $ openstack network meter label delete LABEL1 + * - Creates a metering rule. + - .. code-block:: console + + $ openstack network meter label rule create LABEL_UUID \ + --remote-ip-prefix CIDR \ + --direction DIRECTION --exclude + + For example: + + .. code-block:: console + + $ openstack network meter label rule create label1 \ + --remote-ip-prefix 10.0.0.0/24 --direction ingress + $ openstack network meter label rule create label1 \ + --remote-ip-prefix 20.0.0.0/24 --exclude + + * - Lists metering all label rules. + - .. code-block:: console + + $ openstack network meter label rule list + * - Shows information for a specified label rule. + - .. code-block:: console + + $ openstack network meter label rule show RULE_UUID + * - Deletes a metering label rule. + - .. code-block:: console + + $ openstack network meter label rule delete RULE_UUID + * - Lists the value of created metering label rules. + - .. code-block:: console + + $ ceilometer sample-list -m SNMP_MEASUREMENT + + For example: + + .. code-block:: console + + $ ceilometer sample-list -m hardware.network.bandwidth.bytes + $ ceilometer sample-list -m hardware.network.incoming.bytes + $ ceilometer sample-list -m hardware.network.outgoing.bytes + $ ceilometer sample-list -m hardware.network.outgoing.errors diff --git a/doc/source/admin/archives/adv-operational-features.rst b/doc/source/admin/archives/adv-operational-features.rst new file mode 100644 index 00000000000..783ce08a466 --- /dev/null +++ b/doc/source/admin/archives/adv-operational-features.rst @@ -0,0 +1,123 @@ +============================= +Advanced operational features +============================= + +Logging settings +~~~~~~~~~~~~~~~~ + +Networking components use Python logging module to do logging. Logging +configuration can be provided in ``neutron.conf`` or as command-line +options. Command options override ones in ``neutron.conf``. + +To configure logging for Networking components, use one of these +methods: + +- Provide logging settings in a logging configuration file. + + See `Python logging + how-to `__ to learn more + about logging. + +- Provide logging setting in ``neutron.conf``. + + .. code-block:: ini + + [DEFAULT] + # Default log level is WARNING + # Show debugging output in logs (sets DEBUG log level output) + # debug = False + + # log_date_format = %Y-%m-%d %H:%M:%S + + # use_syslog = False + # syslog_log_facility = LOG_USER + + # if use_syslog is False, we can set log_file and log_dir. + # if use_syslog is False and we do not set log_file, + # the log will be printed to stdout. + # log_file = + # log_dir = + +Notifications +~~~~~~~~~~~~~ + +Notifications can be sent when Networking resources such as network, +subnet and port are created, updated or deleted. + +Notification options +-------------------- + +To support DHCP agent, ``rpc_notifier`` driver must be set. To set up the +notification, edit notification options in ``neutron.conf``: + +.. code-block:: ini + + # Driver or drivers to handle sending notifications. (multi + # valued) + # notification_driver=messagingv2 + + # AMQP topic used for OpenStack notifications. (list value) + # Deprecated group/name - [rpc_notifier2]/topics + notification_topics = notifications + +Setting cases +------------- + +Logging and RPC +^^^^^^^^^^^^^^^ + +These options configure the Networking server to send notifications +through logging and RPC. The logging options are described in OpenStack +Configuration Reference . RPC notifications go to ``notifications.info`` +queue bound to a topic exchange defined by ``control_exchange`` in +``neutron.conf``. + +**Notification System Options** + +A notification can be sent when a network, subnet, or port is created, +updated or deleted. The notification system options are: + +* ``notification_driver`` + Defines the driver or drivers to handle the sending of a notification. + The six available options are: + + * ``messaging`` + Send notifications using the 1.0 message format. + * ``messagingv2`` + Send notifications using the 2.0 message format (with a message + envelope). + * ``routing`` + Configurable routing notifier (by priority or event_type). + * ``log`` + Publish notifications using Python logging infrastructure. + * ``test`` + Store notifications in memory for test verification. + * ``noop`` + Disable sending notifications entirely. +* ``default_notification_level`` + Is used to form topic names or to set a logging level. +* ``default_publisher_id`` + Is a part of the notification payload. +* ``notification_topics`` + AMQP topic used for OpenStack notifications. They can be comma-separated + values. The actual topic names will be the values of + ``default_notification_level``. +* ``control_exchange`` + This is an option defined in oslo.messaging. It is the default exchange + under which topics are scoped. May be overridden by an exchange name + specified in the ``transport_url`` option. It is a string value. + +Below is a sample ``neutron.conf`` configuration file: + +.. code-block:: ini + + notification_driver = messagingv2 + + default_notification_level = INFO + + host = myhost.com + default_publisher_id = $host + + notification_topics = notifications + + control_exchange = openstack diff --git a/doc/source/admin/archives/arch.rst b/doc/source/admin/archives/arch.rst new file mode 100644 index 00000000000..dcad74212a7 --- /dev/null +++ b/doc/source/admin/archives/arch.rst @@ -0,0 +1,88 @@ +======================= +Networking architecture +======================= + +Before you deploy Networking, it is useful to understand the Networking +services and how they interact with the OpenStack components. + +Overview +~~~~~~~~ + +Networking is a standalone component in the OpenStack modular +architecture. It is positioned alongside OpenStack components such as +Compute, Image service, Identity, or Dashboard. Like those +components, a deployment of Networking often involves deploying several +services to a variety of hosts. + +The Networking server uses the neutron-server daemon to expose the +Networking API and enable administration of the configured Networking +plug-in. Typically, the plug-in requires access to a database for +persistent storage (also similar to other OpenStack services). + +If your deployment uses a controller host to run centralized Compute +components, you can deploy the Networking server to that same host. +However, Networking is entirely standalone and can be deployed to a +dedicated host. Depending on your configuration, Networking can also +include the following agents: + ++----------------------------+---------------------------------------------+ +| Agent | Description | ++============================+=============================================+ +|**plug-in agent** | | +|(``neutron-*-agent``) | Runs on each hypervisor to perform | +| | local vSwitch configuration. The agent that | +| | runs, depends on the plug-in that you use. | +| | Certain plug-ins do not require an agent. | ++----------------------------+---------------------------------------------+ +|**dhcp agent** | | +|(``neutron-dhcp-agent``) | Provides DHCP services to project networks. | +| | Required by certain plug-ins. | ++----------------------------+---------------------------------------------+ +|**l3 agent** | | +|(``neutron-l3-agent``) | Provides L3/NAT forwarding to provide | +| | external network access for VMs on project | +| | networks. Required by certain plug-ins. | ++----------------------------+---------------------------------------------+ +|**metering agent** | | +|(``neutron-metering-agent``)| Provides L3 traffic metering for project | +| | networks. | ++----------------------------+---------------------------------------------+ + +These agents interact with the main neutron process through RPC (for +example, RabbitMQ or Qpid) or through the standard Networking API. In +addition, Networking integrates with OpenStack components in a number of +ways: + +- Networking relies on the Identity service (keystone) for the + authentication and authorization of all API requests. + +- Compute (nova) interacts with Networking through calls to its + standard API. As part of creating a VM, the ``nova-compute`` service + communicates with the Networking API to plug each virtual NIC on the + VM into a particular network. + +- The dashboard (horizon) integrates with the Networking API, enabling + administrators and project users to create and manage network services + through a web-based GUI. + +VMware NSX integration +~~~~~~~~~~~~~~~~~~~~~~ + +OpenStack Networking uses the NSX plug-in to integrate with an existing +VMware vCenter deployment. When installed on the network nodes, the NSX +plug-in enables a NSX controller to centrally manage configuration +settings and push them to managed network nodes. Network nodes are +considered managed when they are added as hypervisors to the NSX +controller. + +The diagrams below depict some VMware NSX deployment examples. The first +diagram illustrates the traffic flow between VMs on separate Compute +nodes, and the second diagram between two VMs on a single compute node. +Note the placement of the VMware NSX plug-in and the neutron-server +service on the network node. The green arrow indicates the management +relationship between the NSX controller and the network node. + + +.. figure:: figures/vmware_nsx_ex1.png + +.. figure:: figures/vmware_nsx_ex2.png diff --git a/doc/source/admin/archives/auth.rst b/doc/source/admin/archives/auth.rst new file mode 100644 index 00000000000..63011c4a4c0 --- /dev/null +++ b/doc/source/admin/archives/auth.rst @@ -0,0 +1,175 @@ +.. _Authentication and authorization: + +================================ +Authentication and authorization +================================ + +Networking uses the Identity service as the default authentication +service. When the Identity service is enabled, users who submit requests +to the Networking service must provide an authentication token in +``X-Auth-Token`` request header. Users obtain this token by +authenticating with the Identity service endpoint. For more information +about authentication with the Identity service, see `OpenStack Identity +service API v2.0 +Reference `__. +When the Identity service is enabled, it is not mandatory to specify the +project ID for resources in create requests because the project ID is +derived from the authentication token. + +The default authorization settings only allow administrative users +to create resources on behalf of a different project. Networking uses +information received from Identity to authorize user requests. +Networking handles two kind of authorization policies: + +- **Operation-based** policies specify access criteria for specific + operations, possibly with fine-grained control over specific + attributes. + +- **Resource-based** policies specify whether access to specific + resource is granted or not according to the permissions configured + for the resource (currently available only for the network resource). + The actual authorization policies enforced in Networking might vary + from deployment to deployment. + +The policy engine reads entries from the ``policy.json`` file. The +actual location of this file might vary from distribution to +distribution. Entries can be updated while the system is running, and no +service restart is required. Every time the policy file is updated, the +policies are automatically reloaded. Currently the only way of updating +such policies is to edit the policy file. In this section, the terms +*policy* and *rule* refer to objects that are specified in the same way +in the policy file. There are no syntax differences between a rule and a +policy. A policy is something that is matched directly from the +Networking policy engine. A rule is an element in a policy, which is +evaluated. For instance in ``"create_subnet": +"rule:admin_or_network_owner"``, *create_subnet* is a +policy, and *admin_or_network_owner* is a rule. + +Policies are triggered by the Networking policy engine whenever one of +them matches a Networking API operation or a specific attribute being +used in a given operation. For instance the ``create_subnet`` policy is +triggered every time a ``POST /v2.0/subnets`` request is sent to the +Networking server; on the other hand ``create_network:shared`` is +triggered every time the *shared* attribute is explicitly specified (and +set to a value different from its default) in a ``POST /v2.0/networks`` +request. It is also worth mentioning that policies can also be related +to specific API extensions; for instance +``extension:provider_network:set`` is triggered if the attributes +defined by the Provider Network extensions are specified in an API +request. + +An authorization policy can be composed by one or more rules. If more +rules are specified then the evaluation policy succeeds if any of the +rules evaluates successfully; if an API operation matches multiple +policies, then all the policies must evaluate successfully. Also, +authorization rules are recursive. Once a rule is matched, the rule(s) +can be resolved to another rule, until a terminal rule is reached. + +The Networking policy engine currently defines the following kinds of +terminal rules: + +- **Role-based rules** evaluate successfully if the user who submits + the request has the specified role. For instance ``"role:admin"`` is + successful if the user who submits the request is an administrator. + +- **Field-based rules** evaluate successfully if a field of the + resource specified in the current request matches a specific value. + For instance ``"field:networks:shared=True"`` is successful if the + ``shared`` attribute of the ``network`` resource is set to true. + +- **Generic rules** compare an attribute in the resource with an + attribute extracted from the user's security credentials and + evaluates successfully if the comparison is successful. For instance + ``"tenant_id:%(tenant_id)s"`` is successful if the project identifier + in the resource is equal to the project identifier of the user + submitting the request. + +This extract is from the default ``policy.json`` file: + +- A rule that evaluates successfully if the current user is an + administrator or the owner of the resource specified in the request + (project identifier is equal). + + .. code-block:: none + + { + "admin_or_owner": "role:admin", + "tenant_id:%(tenant_id)s", + "admin_or_network_owner": "role:admin", + "tenant_id:%(network_tenant_id)s", + "admin_only": "role:admin", + "regular_user": "", + "shared":"field:networks:shared=True", + "default": + +- The default policy that is always evaluated if an API operation does + not match any of the policies in ``policy.json``. + + .. code-block:: none + + "rule:admin_or_owner", + "create_subnet": "rule:admin_or_network_owner", + "get_subnet": "rule:admin_or_owner", + "rule:shared", + "update_subnet": "rule:admin_or_network_owner", + "delete_subnet": "rule:admin_or_network_owner", + "create_network": "", + "get_network": "rule:admin_or_owner", + +- This policy evaluates successfully if either *admin_or_owner*, or + *shared* evaluates successfully. + + .. code-block:: none + + "rule:shared", + "create_network:shared": "rule:admin_only" + +- This policy restricts the ability to manipulate the *shared* + attribute for a network to administrators only. + + .. code-block:: none + + , + "update_network": "rule:admin_or_owner", + "delete_network": "rule:admin_or_owner", + "create_port": "", + "create_port:mac_address": "rule:admin_or_network_owner", + "create_port:fixed_ips": + +- This policy restricts the ability to manipulate the *mac_address* + attribute for a port only to administrators and the owner of the + network where the port is attached. + + .. code-block:: none + + "rule:admin_or_network_owner", + "get_port": "rule:admin_or_owner", + "update_port": "rule:admin_or_owner", + "delete_port": "rule:admin_or_owner" + } + +In some cases, some operations are restricted to administrators only. +This example shows you how to modify a policy file to permit project to +define networks, see their resources, and permit administrative users to +perform all other operations: + +.. code-block:: none + + { + "admin_or_owner": "role:admin", "tenant_id:%(tenant_id)s", + "admin_only": "role:admin", "regular_user": "", + "default": "rule:admin_only", + "create_subnet": "rule:admin_only", + "get_subnet": "rule:admin_or_owner", + "update_subnet": "rule:admin_only", + "delete_subnet": "rule:admin_only", + "create_network": "", + "get_network": "rule:admin_or_owner", + "create_network:shared": "rule:admin_only", + "update_network": "rule:admin_or_owner", + "delete_network": "rule:admin_or_owner", + "create_port": "rule:admin_only", + "get_port": "rule:admin_or_owner", + "update_port": "rule:admin_only", + "delete_port": "rule:admin_only" + } diff --git a/doc/source/admin/archives/config-agents.rst b/doc/source/admin/archives/config-agents.rst new file mode 100644 index 00000000000..8d04a7ee06b --- /dev/null +++ b/doc/source/admin/archives/config-agents.rst @@ -0,0 +1,505 @@ +======================== +Configure neutron agents +======================== + +Plug-ins typically have requirements for particular software that must +be run on each node that handles data packets. This includes any node +that runs nova-compute and nodes that run dedicated OpenStack Networking +service agents such as ``neutron-dhcp-agent``, ``neutron-l3-agent``, +``neutron-metering-agent`` or ``neutron-lbaasv2-agent``. + +A data-forwarding node typically has a network interface with an IP +address on the management network and another interface on the data +network. + +This section shows you how to install and configure a subset of the +available plug-ins, which might include the installation of switching +software (for example, ``Open vSwitch``) and as agents used to communicate +with the ``neutron-server`` process running elsewhere in the data center. + +Configure data-forwarding nodes +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Node set up: NSX plug-in +------------------------ + +If you use the NSX plug-in, you must also install Open vSwitch on each +data-forwarding node. However, you do not need to install an additional +agent on each node. + +.. warning:: + + It is critical that you run an Open vSwitch version that is + compatible with the current version of the NSX Controller software. + Do not use the Open vSwitch version that is installed by default on + Ubuntu. Instead, use the Open vSwitch version that is provided on + the VMware support portal for your NSX Controller version. + +**To set up each node for the NSX plug-in** + +#. Ensure that each data-forwarding node has an IP address on the + management network, and an IP address on the data network that is used + for tunneling data traffic. For full details on configuring your + forwarding node, see the `NSX Administration Guide + `__. + +#. Use the NSX Administrator Guide to add the node as a Hypervisor + by using the NSX Manager GUI. Even if your forwarding node has no + VMs and is only used for services agents like ``neutron-dhcp-agent`` + or ``neutron-lbaas-agent``, it should still be added to NSX as a + Hypervisor. + +#. After following the NSX Administrator Guide, use the page for this + Hypervisor in the NSX Manager GUI to confirm that the node is properly + connected to the NSX Controller Cluster and that the NSX Controller + Cluster can see the ``br-int`` integration bridge. + +Configure DHCP agent +~~~~~~~~~~~~~~~~~~~~ + +The DHCP service agent is compatible with all existing plug-ins and is +required for all deployments where VMs should automatically receive IP +addresses through DHCP. + +**To install and configure the DHCP agent** + +#. You must configure the host running the neutron-dhcp-agent as a data + forwarding node according to the requirements for your plug-in. + +#. Install the DHCP agent: + + .. code-block:: console + + # apt-get install neutron-dhcp-agent + +#. Update any options in the ``/etc/neutron/dhcp_agent.ini`` file + that depend on the plug-in in use. See the sub-sections. + + .. important:: + + If you reboot a node that runs the DHCP agent, you must run the + :command:`neutron-ovs-cleanup` command before the ``neutron-dhcp-agent`` + service starts. + + On Red Hat, SUSE, and Ubuntu based systems, the + ``neutron-ovs-cleanup`` service runs the :command:`neutron-ovs-cleanup` + command automatically. However, on Debian-based systems, you + must manually run this command or write your own system script + that runs on boot before the ``neutron-dhcp-agent`` service starts. + +Networking dhcp-agent can use +`dnsmasq `__ driver which +supports stateful and stateless DHCPv6 for subnets created with +``--ipv6_address_mode`` set to ``dhcpv6-stateful`` or +``dhcpv6-stateless``. + +For example: + +.. code-block:: console + + $ openstack subnet create --ip-version 6 --ipv6-ra-mode dhcpv6-stateful \ + --ipv6-address-mode dhcpv6-stateful --network NETWORK --subnet-range \ + CIDR SUBNET_NAME + +.. code-block:: console + + $ openstack subnet create --ip-version 6 --ipv6-ra-mode dhcpv6-stateless \ + --ipv6-address-mode dhcpv6-stateless --network NETWORK --subnet-range \ + CIDR SUBNET_NAME + +If no dnsmasq process for subnet's network is launched, Networking will +launch a new one on subnet's dhcp port in ``qdhcp-XXX`` namespace. If +previous dnsmasq process is already launched, restart dnsmasq with a new +configuration. + +Networking will update dnsmasq process and restart it when subnet gets +updated. + +.. note:: + + For dhcp-agent to operate in IPv6 mode use at least dnsmasq v2.63. + +After a certain, configured timeframe, networks uncouple from DHCP +agents when the agents are no longer in use. You can configure the DHCP +agent to automatically detach from a network when the agent is out of +service, or no longer needed. + +This feature applies to all plug-ins that support DHCP scaling. For more +information, see the `DHCP agent configuration +options `__ +listed in the OpenStack Configuration Reference. + +DHCP agent setup: OVS plug-in +----------------------------- + +These DHCP agent options are required in the +``/etc/neutron/dhcp_agent.ini`` file for the OVS plug-in: + +.. code-block:: bash + + [DEFAULT] + enable_isolated_metadata = True + interface_driver = openvswitch + +DHCP agent setup: NSX plug-in +----------------------------- + +These DHCP agent options are required in the +``/etc/neutron/dhcp_agent.ini`` file for the NSX plug-in: + +.. code-block:: bash + + [DEFAULT] + enable_metadata_network = True + enable_isolated_metadata = True + interface_driver = openvswitch + +DHCP agent setup: Linux-bridge plug-in +-------------------------------------- + +These DHCP agent options are required in the +``/etc/neutron/dhcp_agent.ini`` file for the Linux-bridge plug-in: + +.. code-block:: bash + + [DEFAULT] + enabled_isolated_metadata = True + interface_driver = linuxbridge + +Configure L3 agent +~~~~~~~~~~~~~~~~~~ + +The OpenStack Networking service has a widely used API extension to +allow administrators and projects to create routers to interconnect L2 +networks, and floating IPs to make ports on private networks publicly +accessible. + +Many plug-ins rely on the L3 service agent to implement the L3 +functionality. However, the following plug-ins already have built-in L3 +capabilities: + +- Big Switch/Floodlight plug-in, which supports both the open source + `Floodlight `__ + controller and the proprietary Big Switch controller. + + .. note:: + + Only the proprietary BigSwitch controller implements L3 + functionality. When using Floodlight as your OpenFlow controller, + L3 functionality is not available. + +- IBM SDN-VE plug-in + +- MidoNet plug-in + +- NSX plug-in + +- PLUMgrid plug-in + +.. warning:: + + Do not configure or use ``neutron-l3-agent`` if you use one of these + plug-ins. + +**To install the L3 agent for all other plug-ins** + +#. Install the ``neutron-l3-agent`` binary on the network node: + + .. code-block:: console + + # apt-get install neutron-l3-agent + +#. To uplink the node that runs ``neutron-l3-agent`` to the external network, + create a bridge named ``br-ex`` and attach the NIC for the external + network to this bridge. + + For example, with Open vSwitch and NIC eth1 connected to the external + network, run: + + .. code-block:: console + + # ovs-vsctl add-br br-ex + # ovs-vsctl add-port br-ex eth1 + + When the ``br-ex`` port is added to the ``eth1`` interface, external + communication is interrupted. To avoid this, edit the + ``/etc/network/interfaces`` file to contain the following information: + + .. code-block:: shell + + ## External bridge + auto br-ex + iface br-ex inet static + address 192.27.117.101 + netmask 255.255.240.0 + gateway 192.27.127.254 + dns-nameservers 8.8.8.8 + + ## External network interface + auto eth1 + iface eth1 inet manual + up ifconfig $IFACE 0.0.0.0 up + up ip link set $IFACE promisc on + down ip link set $IFACE promisc off + down ifconfig $IFACE down + + .. note:: + + The external bridge configuration address is the external IP address. + This address and gateway should be configured in + ``/etc/network/interfaces``. + + After editing the configuration, restart ``br-ex``: + + .. code-block:: console + + # ifdown br-ex && ifup br-ex + + Do not manually configure an IP address on the NIC connected to the + external network for the node running ``neutron-l3-agent``. Rather, you + must have a range of IP addresses from the external network that can be + used by OpenStack Networking for routers that uplink to the external + network. This range must be large enough to have an IP address for each + router in the deployment, as well as each floating IP. + +#. The ``neutron-l3-agent`` uses the Linux IP stack and iptables to perform L3 + forwarding and NAT. In order to support multiple routers with + potentially overlapping IP addresses, ``neutron-l3-agent`` defaults to + using Linux network namespaces to provide isolated forwarding contexts. + As a result, the IP addresses of routers are not visible simply by running + the :command:`ip addr list` or :command:`ifconfig` command on the node. + Similarly, you cannot directly :command:`ping` fixed IPs. + + To do either of these things, you must run the command within a + particular network namespace for the router. The namespace has the name + ``qrouter-ROUTER_UUID``. These example commands run in the router + namespace with UUID 47af3868-0fa8-4447-85f6-1304de32153b: + + .. code-block:: console + + # ip netns exec qrouter-47af3868-0fa8-4447-85f6-1304de32153b ip addr list + + .. code-block:: console + + # ip netns exec qrouter-47af3868-0fa8-4447-85f6-1304de32153b ping FIXED_IP + + .. important:: + + If you reboot a node that runs the L3 agent, you must run the + :command:`neutron-ovs-cleanup` command before the ``neutron-l3-agent`` + service starts. + + On Red Hat, SUSE and Ubuntu based systems, the neutron-ovs-cleanup + service runs the :command:`neutron-ovs-cleanup` command + automatically. However, on Debian-based systems, you must manually + run this command or write your own system script that runs on boot + before the neutron-l3-agent service starts. + +**How routers are assigned to L3 agents** +By default, a router is assigned to the L3 agent with the least number +of routers (LeastRoutersScheduler). This can be changed by altering the +``router_scheduler_driver`` setting in the configuration file. + +Configure metering agent +~~~~~~~~~~~~~~~~~~~~~~~~ + +The Neutron Metering agent resides beside neutron-l3-agent. + +**To install the metering agent and configure the node** + +#. Install the agent by running: + + .. code-block:: console + + # apt-get install neutron-metering-agent + +#. If you use one of the following plug-ins, you need to configure the + metering agent with these lines as well: + + - An OVS-based plug-in such as OVS, NSX, NEC, BigSwitch/Floodlight: + + .. code-block:: ini + + interface_driver = openvswitch + + - A plug-in that uses LinuxBridge: + + .. code-block:: ini + + interface_driver = linuxbridge + +#. To use the reference implementation, you must set: + + .. code-block:: ini + + driver = iptables + +#. Set the ``service_plugins`` option in the ``/etc/neutron/neutron.conf`` + file on the host that runs ``neutron-server``: + + .. code-block:: ini + + service_plugins = metering + + If this option is already defined, add ``metering`` to the list, using a + comma as separator. For example: + + .. code-block:: ini + + service_plugins = router,metering + +Configure Load-Balancer-as-a-Service (LBaaS v2) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +For the back end, use either ``Octavia`` or ``HAProxy``. +This example uses Octavia. + +**To configure LBaaS V2** + +#. Install Octavia using your distribution's package manager. + + +#. Edit the ``/etc/neutron/neutron_lbaas.conf`` file and change + the ``service_provider`` parameter to enable Octavia: + + .. code-block:: ini + + service_provider = LOADBALANCERV2:Octavia:neutron_lbaas.drivers.octavia.driver.OctaviaDriver:default + + +#. Edit the ``/etc/neutron/neutron.conf`` file and add the + ``service_plugins`` parameter to enable the load-balancing plug-in: + + .. code-block:: ini + + service_plugins = neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2 + + If this option is already defined, add the load-balancing plug-in to + the list using a comma as a separator. For example: + + .. code-block:: ini + + service_plugins = [already defined plugins],neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2 + + + +#. Create the required tables in the database: + + .. code-block:: console + + # neutron-db-manage --subproject neutron-lbaas upgrade head + +#. Restart the ``neutron-server`` service. + + +#. Enable load balancing in the Project section of the dashboard. + + .. warning:: + + Horizon panels are enabled only for LBaaSV1. LBaaSV2 panels are still + being developed. + + By default, the ``enable_lb`` option is ``True`` in the `local_settings.py` + file. + + .. code-block:: python + + OPENSTACK_NEUTRON_NETWORK = { + 'enable_lb': True, + ... + } + + Apply the settings by restarting the web server. You can now view the + Load Balancer management options in the Project view in the dashboard. + +Configure Hyper-V L2 agent +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Before you install the OpenStack Networking Hyper-V L2 agent on a +Hyper-V compute node, ensure the compute node has been configured +correctly using these +`instructions `__. + +**To install the OpenStack Networking Hyper-V agent and configure the node** + +#. Download the OpenStack Networking code from the repository: + + .. code-block:: console + + > cd C:\OpenStack\ + > git clone https://git.openstack.org/openstack/neutron + +#. Install the OpenStack Networking Hyper-V Agent: + + .. code-block:: console + + > cd C:\OpenStack\neutron\ + > python setup.py install + +#. Copy the ``policy.json`` file: + + .. code-block:: console + + > xcopy C:\OpenStack\neutron\etc\policy.json C:\etc\ + +#. Create the ``C:\etc\neutron-hyperv-agent.conf`` file and add the proper + configuration options and the `Hyper-V related + options `__. Here is a sample config file: + + .. code-block:: ini + + [DEFAULT] + control_exchange = neutron + policy_file = C:\etc\policy.json + rpc_backend = neutron.openstack.common.rpc.impl_kombu + rabbit_host = IP_ADDRESS + rabbit_port = 5672 + rabbit_userid = guest + rabbit_password = + logdir = C:\OpenStack\Log + logfile = neutron-hyperv-agent.log + + [AGENT] + polling_interval = 2 + physical_network_vswitch_mappings = *:YOUR_BRIDGE_NAME + enable_metrics_collection = true + + [SECURITYGROUP] + firewall_driver = hyperv.neutron.security_groups_driver.HyperVSecurityGroupsDriver + enable_security_group = true + +#. Start the OpenStack Networking Hyper-V agent: + + .. code-block:: console + + > C:\Python27\Scripts\neutron-hyperv-agent.exe --config-file + C:\etc\neutron-hyperv-agent.conf + +Basic operations on agents +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This table shows examples of Networking commands that enable you to +complete basic operations on agents. + +.. list-table:: + :widths: 50 50 + :header-rows: 1 + + * - Operation + - Command + * - List all available agents. + - ``$ openstack network agent list`` + * - Show information of a given agent. + - ``$ openstack network agent show AGENT_ID`` + * - Update the admin status and description for a specified agent. The + command can be used to enable and disable agents by using + ``--admin-state-up`` parameter set to ``False`` or ``True``. + - ``$ neutron agent-update --admin-state-up False AGENT_ID`` + * - Delete a given agent. Consider disabling the agent before deletion. + - ``$ openstack network agent delete AGENT_ID`` + +**Basic operations on Networking agents** + +See the `OpenStack Command-Line Interface +Reference `__ +for more information on Networking commands. diff --git a/doc/source/admin/archives/config-identity.rst b/doc/source/admin/archives/config-identity.rst new file mode 100644 index 00000000000..7d57645876d --- /dev/null +++ b/doc/source/admin/archives/config-identity.rst @@ -0,0 +1,306 @@ +========================================= +Configure Identity service for Networking +========================================= + +**To configure the Identity service for use with Networking** + +#. Create the ``get_id()`` function + + The ``get_id()`` function stores the ID of created objects, and removes + the need to copy and paste object IDs in later steps: + + a. Add the following function to your ``.bashrc`` file: + + .. code-block:: bash + + function get_id () { + echo `"$@" | awk '/ id / { print $4 }'` + } + + b. Source the ``.bashrc`` file: + + .. code-block:: console + + $ source .bashrc + +#. Create the Networking service entry + + Networking must be available in the Compute service catalog. Create the + service: + + .. code-block:: console + + $ NEUTRON_SERVICE_ID=$(get_id openstack service create network \ + --name neutron --description 'OpenStack Networking Service') + +#. Create the Networking service endpoint entry + + The way that you create a Networking endpoint entry depends on whether + you are using the SQL or the template catalog driver: + + - If you are using the ``SQL driver``, run the following command with the + specified region (``$REGION``), IP address of the Networking server + (``$IP``), and service ID (``$NEUTRON_SERVICE_ID``, obtained in the + previous step). + + .. code-block:: console + + $ openstack endpoint create $NEUTRON_SERVICE_ID --region $REGION \ + --publicurl 'http://$IP:9696/' --adminurl 'http://$IP:9696/' \ + --internalurl 'http://$IP:9696/' + + For example: + + .. code-block:: console + + $ openstack endpoint create $NEUTRON_SERVICE_ID --region myregion \ + --publicurl "http://10.211.55.17:9696/" \ + --adminurl "http://10.211.55.17:9696/" \ + --internalurl "http://10.211.55.17:9696/" + + - If you are using the ``template driver``, specify the following + parameters in your Compute catalog template file + (``default_catalog.templates``), along with the region (``$REGION``) + and IP address of the Networking server (``$IP``). + + .. code-block:: bash + + catalog.$REGION.network.publicURL = http://$IP:9696 + catalog.$REGION.network.adminURL = http://$IP:9696 + catalog.$REGION.network.internalURL = http://$IP:9696 + catalog.$REGION.network.name = Network Service + + For example: + + .. code-block:: bash + + catalog.$Region.network.publicURL = http://10.211.55.17:9696 + catalog.$Region.network.adminURL = http://10.211.55.17:9696 + catalog.$Region.network.internalURL = http://10.211.55.17:9696 + catalog.$Region.network.name = Network Service + +#. Create the Networking service user + + You must provide admin user credentials that Compute and some internal + Networking components can use to access the Networking API. Create a + special ``service`` project and a ``neutron`` user within this project, + and assign an ``admin`` role to this role. + + a. Create the ``admin`` role: + + .. code-block:: console + + $ ADMIN_ROLE=$(get_id openstack role create admin) + + b. Create the ``neutron`` user: + + .. code-block:: console + + $ NEUTRON_USER=$(get_id openstack user create neutron \ + --password "$NEUTRON_PASSWORD" --email demo@example.com \ + --project service) + + c. Create the ``service`` project: + + .. code-block:: console + + $ SERVICE_TENANT=$(get_id openstack project create service \ + --description "Services project" --domain default) + + d. Establish the relationship among the project, user, and role: + + .. code-block:: console + + $ openstack role add $ADMIN_ROLE --user $NEUTRON_USER \ + --project $SERVICE_TENANT + +For information about how to create service entries and users, see the `Ocata Installation +Tutorials and Guides `_ +for your distribution. + +Compute +~~~~~~~ + +If you use Networking, do not run the Compute ``nova-network`` service (like +you do in traditional Compute deployments). Instead, Compute delegates +most network-related decisions to Networking. + +.. note:: + + Uninstall ``nova-network`` and reboot any physical nodes that have been + running ``nova-network`` before using them to run Networking. + Inadvertently running the ``nova-network`` process while using + Networking can cause problems, as can stale iptables rules pushed + down by previously running ``nova-network``. + +Compute proxies project-facing API calls to manage security groups and +floating IPs to Networking APIs. However, operator-facing tools such +as ``nova-manage``, are not proxied and should not be used. + +.. warning:: + + When you configure networking, you must use this guide. Do not rely + on Compute networking documentation or past experience with Compute. + If a :command:`nova` command or configuration option related to networking + is not mentioned in this guide, the command is probably not + supported for use with Networking. In particular, you cannot use CLI + tools like ``nova-manage`` and ``nova`` to manage networks or IP + addressing, including both fixed and floating IPs, with Networking. + +To ensure that Compute works properly with Networking (rather than the +legacy ``nova-network`` mechanism), you must adjust settings in the +``nova.conf`` configuration file. + +Networking API and credential configuration +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Each time you provision or de-provision a VM in Compute, ``nova-\*`` +services communicate with Networking using the standard API. For this to +happen, you must configure the following items in the ``nova.conf`` file +(used by each ``nova-compute`` and ``nova-api`` instance). + +.. list-table:: **nova.conf API and credential settings prior to Mitaka** + :widths: 20 50 + :header-rows: 1 + + * - Attribute name + - Required + * - ``[DEFAULT] use_neutron`` + - Modify from the default to ``True`` to + indicate that Networking should be used rather than the traditional + nova-network networking model. + * - ``[neutron] url`` + - Update to the host name/IP and port of the neutron-server instance + for this deployment. + * - ``[neutron] auth_strategy`` + - Keep the default ``keystone`` value for all production deployments. + * - ``[neutron] admin_project_name`` + - Update to the name of the service tenant created in the above section on + Identity configuration. + * - ``[neutron] admin_username`` + - Update to the name of the user created in the above section on Identity + configuration. + * - ``[neutron] admin_password`` + - Update to the password of the user created in the above section on + Identity configuration. + * - ``[neutron] admin_auth_url`` + - Update to the Identity server IP and port. This is the Identity + (keystone) admin API server IP and port value, and not the Identity + service API IP and port. + +.. list-table:: **nova.conf API and credential settings in Newton** + :widths: 20 50 + :header-rows: 1 + + * - Attribute name + - Required + * - ``[DEFAULT] use_neutron`` + - Modify from the default to ``True`` to + indicate that Networking should be used rather than the traditional + nova-network networking model. + * - ``[neutron] url`` + - Update to the host name/IP and port of the neutron-server instance + for this deployment. + * - ``[neutron] auth_strategy`` + - Keep the default ``keystone`` value for all production deployments. + * - ``[neutron] project_name`` + - Update to the name of the service tenant created in the above section on + Identity configuration. + * - ``[neutron] username`` + - Update to the name of the user created in the above section on Identity + configuration. + * - ``[neutron] password`` + - Update to the password of the user created in the above section on + Identity configuration. + * - ``[neutron] auth_url`` + - Update to the Identity server IP and port. This is the Identity + (keystone) admin API server IP and port value, and not the Identity + service API IP and port. + +Configure security groups +~~~~~~~~~~~~~~~~~~~~~~~~~ + +The Networking service provides security group functionality using a +mechanism that is more flexible and powerful than the security group +capabilities built into Compute. Therefore, if you use Networking, you +should always disable built-in security groups and proxy all security +group calls to the Networking API. If you do not, security policies +will conflict by being simultaneously applied by both services. + +To proxy security groups to Networking, use the following configuration +values in the ``nova.conf`` file: + +**nova.conf security group settings** + ++-----------------------+-----------------------------------------------------+ +| Item | Configuration | ++=======================+=====================================================+ +| ``firewall_driver`` | Update to ``nova.virt.firewall.NoopFirewallDriver``,| +| | so that nova-compute does not perform | +| | iptables-based filtering itself. | ++-----------------------+-----------------------------------------------------+ + +Configure metadata +~~~~~~~~~~~~~~~~~~ + +The Compute service allows VMs to query metadata associated with a VM by +making a web request to a special 169.254.169.254 address. Networking +supports proxying those requests to nova-api, even when the requests are +made from isolated networks, or from multiple networks that use +overlapping IP addresses. + +To enable proxying the requests, you must update the following fields in +``[neutron]`` section in the ``nova.conf``. + +**nova.conf metadata settings** + ++---------------------------------+------------------------------------------+ +| Item | Configuration | ++=================================+==========================================+ +| ``service_metadata_proxy`` | Update to ``true``, otherwise nova-api | +| | will not properly respond to requests | +| | from the neutron-metadata-agent. | ++---------------------------------+------------------------------------------+ +| ``metadata_proxy_shared_secret``| Update to a string "password" value. | +| | You must also configure the same value in| +| | the ``metadata_agent.ini`` file, to | +| | authenticate requests made for metadata. | +| | | +| | The default value of an empty string in | +| | both files will allow metadata to | +| | function, but will not be secure if any | +| | non-trusted entities have access to the | +| | metadata APIs exposed by nova-api. | ++---------------------------------+------------------------------------------+ + +.. note:: + + As a precaution, even when using ``metadata_proxy_shared_secret``, + we recommend that you do not expose metadata using the same + nova-api instances that are used for projects. Instead, you should + run a dedicated set of nova-api instances for metadata that are + available only on your management network. Whether a given nova-api + instance exposes metadata APIs is determined by the value of + ``enabled_apis`` in its ``nova.conf``. + +Example nova.conf (for nova-compute and nova-api) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Example values for the above settings, assuming a cloud controller node +running Compute and Networking with an IP address of 192.168.1.2: + +.. code-block:: ini + + [DEFAULT] + use_neutron = True + firewall_driver=nova.virt.firewall.NoopFirewallDriver + + [neutron] + url=http://192.168.1.2:9696 + auth_strategy=keystone + admin_tenant_name=service + admin_username=neutron + admin_password=password + admin_auth_url=http://192.168.1.2:35357/v2.0 + service_metadata_proxy=true + metadata_proxy_shared_secret=foo diff --git a/doc/source/admin/archives/config-plugins.rst b/doc/source/admin/archives/config-plugins.rst new file mode 100644 index 00000000000..c37e7b31433 --- /dev/null +++ b/doc/source/admin/archives/config-plugins.rst @@ -0,0 +1,246 @@ +====================== +Plug-in configurations +====================== + +For configurations options, see `Networking configuration +options `__ +in Configuration Reference. These sections explain how to configure +specific plug-ins. + +Configure Big Switch (Floodlight REST Proxy) plug-in +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +#. Edit the ``/etc/neutron/neutron.conf`` file and add this line: + + .. code-block:: ini + + core_plugin = bigswitch + +#. In the ``/etc/neutron/neutron.conf`` file, set the ``service_plugins`` + option: + + .. code-block:: ini + + service_plugins = neutron.plugins.bigswitch.l3_router_plugin.L3RestProxy + +#. Edit the ``/etc/neutron/plugins/bigswitch/restproxy.ini`` file for the + plug-in and specify a comma-separated list of controller\_ip:port pairs: + + .. code-block:: ini + + server = CONTROLLER_IP:PORT + + For database configuration, see `Install Networking + Services `__ + in the Installation Tutorials and Guides. (The link defaults to the Ubuntu + version.) + +#. Restart the ``neutron-server`` to apply the settings: + + .. code-block:: console + + # service neutron-server restart + +Configure Brocade plug-in +~~~~~~~~~~~~~~~~~~~~~~~~~ + +#. Install the Brocade-modified Python netconf client (ncclient) library, + which is available at https://github.com/brocade/ncclient: + + .. code-block:: console + + $ git clone https://github.com/brocade/ncclient + +#. As root, run this command: + + .. code-block:: console + + # cd ncclient;python setup.py install + +#. Edit the ``/etc/neutron/neutron.conf`` file and set the following + option: + + .. code-block:: ini + + core_plugin = brocade + +#. Edit the ``/etc/neutron/plugins/brocade/brocade.ini`` file for the + Brocade plug-in and specify the admin user name, password, and IP + address of the Brocade switch: + + .. code-block:: ini + + [SWITCH] + username = ADMIN + password = PASSWORD + address = SWITCH_MGMT_IP_ADDRESS + ostype = NOS + + For database configuration, see `Install Networking + Services `__ + in any of the Installation Tutorials and Guides in the `OpenStack Documentation + index `__. (The link defaults to the Ubuntu + version.) + +#. Restart the ``neutron-server`` service to apply the settings: + + .. code-block:: console + + # service neutron-server restart + +Configure NSX-mh plug-in +~~~~~~~~~~~~~~~~~~~~~~~~ + +The instructions in this section refer to the VMware NSX-mh platform, +formerly known as Nicira NVP. + +#. Install the NSX plug-in: + + .. code-block:: console + + # apt-get install python-vmware-nsx + +#. Edit the ``/etc/neutron/neutron.conf`` file and set this line: + + .. code-block:: ini + + core_plugin = vmware + + Example ``neutron.conf`` file for NSX-mh integration: + + .. code-block:: ini + + core_plugin = vmware + rabbit_host = 192.168.203.10 + allow_overlapping_ips = True + +#. To configure the NSX-mh controller cluster for OpenStack Networking, + locate the ``[default]`` section in the + ``/etc/neutron/plugins/vmware/nsx.ini`` file and add the following + entries: + + - To establish and configure the connection with the controller cluster + you must set some parameters, including NSX-mh API endpoints, access + credentials, and optionally specify settings for HTTP timeouts, + redirects and retries in case of connection failures: + + .. code-block:: ini + + nsx_user = ADMIN_USER_NAME + nsx_password = NSX_USER_PASSWORD + http_timeout = HTTP_REQUEST_TIMEOUT # (seconds) default 75 seconds + retries = HTTP_REQUEST_RETRIES # default 2 + redirects = HTTP_REQUEST_MAX_REDIRECTS # default 2 + nsx_controllers = API_ENDPOINT_LIST # comma-separated list + + To ensure correct operations, the ``nsx_user`` user must have + administrator credentials on the NSX-mh platform. + + A controller API endpoint consists of the IP address and port for the + controller; if you omit the port, port 443 is used. If multiple API + endpoints are specified, it is up to the user to ensure that all + these endpoints belong to the same controller cluster. The OpenStack + Networking VMware NSX-mh plug-in does not perform this check, and + results might be unpredictable. + + When you specify multiple API endpoints, the plug-in takes care of + load balancing requests on the various API endpoints. + + - The UUID of the NSX-mh transport zone that should be used by default + when a project creates a network. You can get this value from the + Transport Zones page for the NSX-mh manager: + + Alternatively the transport zone identifier can be retrieved by query + the NSX-mh API: ``/ws.v1/transport-zone`` + + .. code-block:: ini + + default_tz_uuid = TRANSPORT_ZONE_UUID + + - .. code-block:: ini + + default_l3_gw_service_uuid = GATEWAY_SERVICE_UUID + + .. warning:: + + Ubuntu packaging currently does not update the neutron init + script to point to the NSX-mh configuration file. Instead, you + must manually update ``/etc/default/neutron-server`` to add this + line: + + .. code-block:: ini + + NEUTRON_PLUGIN_CONFIG = /etc/neutron/plugins/vmware/nsx.ini + + For database configuration, see `Install Networking + Services `__ + in the Installation Tutorials and Guides. + +#. Restart ``neutron-server`` to apply settings: + + .. code-block:: console + + # service neutron-server restart + + .. warning:: + + The neutron NSX-mh plug-in does not implement initial + re-synchronization of Neutron resources. Therefore resources that + might already exist in the database when Neutron is switched to the + NSX-mh plug-in will not be created on the NSX-mh backend upon + restart. + +Example ``nsx.ini`` file: + +.. code-block:: ini + + [DEFAULT] + default_tz_uuid = d3afb164-b263-4aaa-a3e4-48e0e09bb33c + default_l3_gw_service_uuid=5c8622cc-240a-40a1-9693-e6a5fca4e3cf + nsx_user=admin + nsx_password=changeme + nsx_controllers=10.127.0.100,10.127.0.200:8888 + +.. note:: + + To debug :file:`nsx.ini` configuration issues, run this command from the + host that runs neutron-server: + +.. code-block:: console + + # neutron-check-nsx-config PATH_TO_NSX.INI + +This command tests whether ``neutron-server`` can log into all of the +NSX-mh controllers and the SQL server, and whether all UUID values +are correct. + +Configure PLUMgrid plug-in +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +#. Edit the ``/etc/neutron/neutron.conf`` file and set this line: + + .. code-block:: ini + + core_plugin = plumgrid + +#. Edit the [PLUMgridDirector] section in the + ``/etc/neutron/plugins/plumgrid/plumgrid.ini`` file and specify the IP + address, port, admin user name, and password of the PLUMgrid Director: + + .. code-block:: ini + + [PLUMgridDirector] + director_server = "PLUMgrid-director-ip-address" + director_server_port = "PLUMgrid-director-port" + username = "PLUMgrid-director-admin-username" + password = "PLUMgrid-director-admin-password" + + For database configuration, see `Install Networking + Services `__ + in the Installation Tutorials and Guides. + +#. Restart the ``neutron-server`` service to apply the settings: + + .. code-block:: console + + # service neutron-server restart diff --git a/doc/source/admin/archives/figures/vmware_nsx_ex1.graffle b/doc/source/admin/archives/figures/vmware_nsx_ex1.graffle new file mode 100644 index 0000000000000000000000000000000000000000..a8ca3e21ea84fe86888ce84bf37fcbcc86c2a6a7 GIT binary patch literal 3732 zcmV;F4r}oriwFP!000030PS6AQyWRr{%n3lufHxdbst{F8yJ|eXECq{+dB>--e{yk z^t$QRv|5IF#ut6N830ts{O6ppZt$~rqUpC{|m)<3^pM&4JG4#On==_U5jOV7mJ zq!-5hpI&}A`FTUV{O9Ynt-tLa?wtH~wC4??aF}^VAKvW0+wop*Y;JB329ep^+&$U# zj`rVmPCO`Mb93+DrT6k8%LcDDH^<|#A6O~Bn_ODK;pS1A3{09`?L%Q3kiqX|y_Zl; zQF^60@NF;bX0O*?Y<)3TueZBd_|@zOS0;TI_sqAgP5Uh*hH+;4CVh>zHm7f=S)lH) z8)Q)A$D-s}rXWoN`{u>gFiWA!uc3v0av6vHG#L&2LwNT~8l0a;Mr>_PL`u?_3m@C& z6C|i&C6TSoY0*U!Mp?4m`|oI&&8p7Qk=dN4zX`fuY?W~jsvBH{-I>^=?-MaAF`TB& zn(^nKXx&5K*S$X#66+qP;`{eXbFKVN6bzeLJ4qDI>#SvYw>y`gjwvY*Zz0ynt|Bv+ zoVK_~gd&qK^VCvuk-nP-<9V~@4Ldk2HwVUZHW1Ty^Ebr^4$bEzxm-dYc7ph8Fg#4d zemK{J=}_h)S$>dtjwBjg#@kWYj~nIVX8E~vXApFuh?#t9g6K5`HOk*iMd5?h%iSO| z^`;Pn*#^cN7`WKOOIjm!b4dR;bGu-&9Px-@ZCx53#!Hb-)zm_zF(T5Pte zX*J_0SqCQ4=UgMssANJjMbw^gj54hy=ZahVVce%6MG<50Ki8PAdyM!TYoVBg zkAfr4tJc+KUUU1p2nMFjz$Sy3#M!&}JXvfXpiJ{eTTL$n#-+qrwWv~6$$Colwiw;v zz{H&(9&U8ZWq6iEy;?E3wTFM0a@Jg()l97`mDRmS$&CnFaU_$n?PxUz@z`{;Ansd5 ztq)+;_cTWDJdC322CqK46^TORteiX_U|$J_M0I>7IrB%UMVs3Ew%4iG)#jrYIq8fz)i}#C*#ZYjZVq?%+<->>Qth-G=#p-9aA{PENZ? zHwkPK5xn>?9G$^ug3;Qar{~}Tva{&)9G#vI$Kh~zdfvSV(xJ(a_tr#TO$MClAKyW; zYabDa{^K+?J;M2EKQ$({Z_c8Tf!91i(c*iISpGf61ahAag0y#=ZkWbFHcEr&^!M)Cn(fIM^o20*w0lmx zkMHsK1sq~NoJUd6H5Qdxd=#ouojC(p8h4QNB^I1QXE@PP0h(yxQz>xtdJ*hzwA*qOzTuG(r)5jhBz_^3a%D{tp3-G)T`mxE%<2Yj(FBWsd z7bTki3=s@7%(z_1e`2J-g|6g371l&P9)dYY`s+dxp=^>sWRZaA<6sgN1ty)YP5-S~ zq(a__iGw)vuyc2J{1JO2D+vN)>v8m!C3hA zOHf5Y1z0&CRWoXOQuuS$8uvh`CZL~fEVjQO0}KPvZ5h(`42+?A1y3)&lH7$?F1&JB z=EAG{3a`AK{|jCYXqjQ8lFRvoO?Jwla_F@#b~QDR|DyBWR*o#7J>f*b@n2yzf~ ze=~gK3C{2lN^Fb(X3dEt1WWE__#SkIPq-OAH^b*3$<6Tn^=9}OTlcV5J|hs&aG|Ld zT2eQ|_dhtpM+9^6m5Z+&n7R1sVW#*VCe~VjHv3_0p35BD?Ab3J^gvMY1Oi}@vsq&T1Cw&!{QmKV`A%I63 zPz6hcFw?|N93$={sew*`+X7yN@l7G&^$>a|E<9M^T-#l7yTivTd3v>ylV>;jcdN+T zX__o!YDJEH(+|2=74h>R8s^*P=R)8a%KMNjhJb5kFmY8u7_HWlPhqcy_l4o&Wl;%g zT-}J(ibl*SST508NT!vPnzowoEy4`KG>~GYuw+0Pm=q9Z)I$%1^Jy+H9jd|XxT4@k z6cNoW2Tv@_c&5uM+|hqW{~i5z^#9)I|LNM%#TAT35P6+(m~}56d$FZ4v9<2Os}D*{ zf%^e_1>|8Cg*5O-a+fF*W;MlHVDE)=RQ4ZpA3V$*|1&|b`vWeGo&s?FfJ?p+Anw!M z-=^%Mj*rXV08x!5KKai5Ip1&AwVIY9YuvJLJt=T{nqi&^ln)*Sot< z;4GR7TYU;{mSfpjjs-Ic`nEF)SYaPxdP;z;NNU$N);)%lkCg)4(AqA*vqh5vm|$P! z(+5as%!!?jxFPdB%n6j$YvBRxJ7IyE;FVdRVsu3o$eF%}If7r4Fm4?u)H+U2eo8^y zNObRtIYC&iC=-lw&V-UIUnaCi1RQgEn#>6^=9rUXPEU~0#+I-}KH5^KrZ)t#% zhzKnulQ-vnzI(e@Tiihyy1tTUBphk=7v0qTGY|_i?bp)#o%rpyJ2}U47dK-xes^jq zZzXTNtCDE!YXLNc5Xu>#GPPG*RL_@4y>MG42P1>n18WY22xy1RO?`?aQe0`ysiMjq zMR7+_9_1*?4_t21xW3?rrkB-ZL6R||1rhf8@8*wRxbXf#!+ZA&6fV4X;k^s*AL4$B z<7AY%`2HEu@Wt?dEe)5qrQwWPhb}N^AHmq(6xXETYT@ao+mLui!yOHO1~i2r!u`cYB5NRnN~?3FoVx6Ir|cZdleHibC!>p#_Sk-hom+hEAkOr0C7nuD-NKHPN zW9+I_Vx7~ziTfqzF|B~0;*V$r2uJKe^Gbzz{uLUSjgvvRlzi2Ipow1=Swz!-CI>WE zkRO6YbS_NkRA-^gGfjV=^ulu>Jhs)lr6)ZtlpxGE5ZS=UL+BO4uMqYAZbzeku*hvUK6r)4YKv^kuk&tToQXCUekv zlVn+P`94VdCBQ9_uW8ZeQ4(ZTgPy!+xN5v}2UOJXHc7)jk~oN<-C_nqR;Q%Cfn@aZ~pzRvv;w5argmoeD>+rsN3Ix&%MJB`18ft z+mF#Ur0?wUlN0jm@1H*%pzU{`_O?5}gUrw0qVdiz*EfIPoM%5WJXl>{ev7I+g<<*S zhG97h24Jn_Fr%f>&HG8GWLz<_?r~jRS!$`ps_(J+3IJ!G=s?}1KgVJJ;$9W#BpKXC z@m1fSKZwKFSl_dNha3aRKa8WRo1M~eGOk<+dJX*n(HfO3P>Rl(=Y&E6Zk&W!(|_&+ z@z-EjAudIZ%OK72X4rM_g6?g1v+(OOY%kAj$wLr#&5C(H#NqEFGpF*`^!~%p?8RA_ zUN`I?mnEK`!nl`=7h^$z1f3{2duy!D)_4I`vc@BJMiwozeCV4*zlG=TeH#QZSm*y0 z&t%@}63|bkJkl};oo{H{z|`(cQ#wBrP3#1yq_s;nW+6pou4XGsM`p86u~O`Hod5vW^i8P% literal 0 HcmV?d00001 diff --git a/doc/source/admin/archives/figures/vmware_nsx_ex1.png b/doc/source/admin/archives/figures/vmware_nsx_ex1.png new file mode 100644 index 0000000000000000000000000000000000000000..82ff650dc349ad9a615779860ff1edbb85ef41b4 GIT binary patch literal 103806 zcmb^Yby!v1_5cb4qI7pjNH<7#!=}4Ky1N^ckcLfncXxM#bhmVabi>`gzjKbB^L_Wf z%d>c%;If#iFGaDwS zjAXm7((1NwkEV4vDUp098&_i-r;Q~eyj6ZZg={l795P!wiR`Cot{0SXyD}gJZ1;|G zX68Ok8jKM=S?|X_dA3yuvnV>wS;!>>7<618XPX0J*aN3o2AErc=}stQ2*98KWg*FY z_h886@uF7g!GMV-u2*LByPNdHbsc;pBbHyKZGtE`nTB<;Skk6En`Lt6L|~Wi!Rpr2 zu094?=>q$<;3?q3PEM>G!80xCX%5(*GQZl6bOv$WC6Asxsd5)!@%w)QV0<>-@%L^v_=^d#JzXyc(u@*8D>`+IWS$RyQV-&N;>;5Al zoOY)``FZ{3MXy zCA_1TfG`(;tP$i}1gRj?BDl*p3p=n`e~(E>*{^JNAG9IWx)AK(;Qhn}V1v4)7{S;5 z&7r^kLdM7uEQ!X0{nBrn3I{#KGLEYExW$qBaw zTIbti7StpW%ZC?m?*Nn}h#7r^MX(0Hr7CWGXz`xWpCWD;X;4^QE1Qx{n0$zhJy@G~ zzrbh%^?G8V1%{yCO^K;P<6VddMXQs7qYzuhkmNxWi>5>)=HWF*NW|Fhy!#NGt)GOA zIe@brtP#FxpsGJ_AjvqFWSFEXjkU*Sg8bS4;cLFZTy=puMH#;f3>!*n1YMu%m#8mV zRf*N_7WGfK@ev2RaJKO6e44PenQd4rARCbu!dv~0dl5FtFWlOw*U`_vB6U0dGVmhq zfc3@q{kRcDIM7KE4WkKZ`4x#cfr!+KR2dl;dLQ~F0HudT!M{k(i6jWwy-(YKsycE} zunmAuE*pyu2qMK&B&ABO^H&B~km!)}lD8Ab4s#iaJ78-F=*m@)W)kUA-66%mSTX4OlQTGBP;+C{u2y&1$~KPO%#ZV#8omd04dA18W} z$;B-sx+dz;XHw`9`%1nRJU2lobPIGV`R7)tW{Yjs_3#D)L{oC&4Za(s7=##n+hXlk zAZr8q0~=B0iUkg|cWXx!KlCtux&N$)lOG-%-Wnct#j@8tu|2WER%x#L)2ZlQ0nWbrgdUm7t{IN_Qxk*>$`w(}f(RMisV(e!9>(|g2w z6pNdJ+kuONtAd-zGQf(HVv{nQvYWEcGFWG(30DuPxvRNfuge&peD*`xgse7wibC+NIC!rh!~bp zTAW>1{?am0HvwSwXj=6@ZM|(=E zM0ZR}s6nOiUfsIxsOqtIxi7_1$IyE)$YR^DcD!J1ufDvPZo{SX)SEj+r)mweRkn5F z7V(zkiTsHPiZ|FTxE=9s(aD9fHNblg<@jK;Y5XF58;Zh{qIw2UxRI_gPBo4&o(l($ z^$Tm34%=bMezOVRA%@^|-UobLC;O0^iZ%0}Rw!MVkGAs-iC2wwyrT8B$VsW-#D{tLv5%j4SB!ms_u zg(o>k4#+Z?1K2!BF-TP?J~(C=)c4Miz1`s5tzQWlru9g*XE7m!o`qckd0<%Kbubve0`Q-8!G zB-lWH3qk8C-j%Mn)@yd%gh9}igvj(mt7vpS^HQ`k^s?kK3b%}y&z-5D z3!Hd^P;!!)n6n z>TKHK@*4Eq&3a~uSROcEp}o>9>#Eb;vU$^S9A!;pEwS`#RBSZD7;nQSbbVGKOQEXc zi&^dY-hfcEkiup=-MAK_RlgO6)#;i^ZMnrtB8l$Qjlt+v=$0JWD)4wi!&~iP?Z<7v zX?y-{{*&uZ7iibjwZoPx^<)DL-KEKjpE~8cKQ41F8(Y;*I#l(w?7twHM;S%cF&EXe zOIBKl&lMi!9r@!%rR=pIc{ZM=FAuIPbZ%Jt&VWa}>xbg|h>qXpJ9H;+SuSYZufMuk z);n>WbJWsl>Z|7~aw>5VGa()*o>-b0UW5_wjZ>8`FSJkiB@_j z|2en$9+HEY^I~i8p71;ao@dED)Vt)6;wAI8VNx?xGkbn@KBOU!&D>MkbK}r&CY@lM zfQ~=)&Feb+HaVqs#8he`W*j3el{3@T=Tc}O@FFY(E0{~oiLa$@XF9#2s$zZAKe1Bx zqS>K%rTytyC9%}Bf>VdvJKekeH0UK_{$p!Kg5HUb`C%o}A6S;f2_{<1?S1*|7OE+?Blf8|*fU75FE)5@0ObKHrq2UMyhK2h37u+;+ z8WeJZ&zUQ$JE_Y^a~axN)9V}A8W_{NS=)hDgMsn5ae-c~jh*y~+^nr^9J$E z1$zJenSq4ppCwL~yd>%}@t}jf2U7+nPEJk+MrH7&|(G;PbKa{Il}EzWq7p|JKW!**e*RxZq%J2(WQ7b^vX5(*KPeAM?L<|G%&J zUs!Su=EfkZ|Jlv-uibxt``3CNhTnw$#fbmo@;_feZ03XIVfc^8_+YEHnb*L;1i%0y zg34~-C+SdM@aO99CL}d)=%o_KmJ;Z&hTHKB-?23m7c77Qh+u+PP<4ffz%QSn14!Ev z8F&NQ&_9|xeeY($`(|ymYM+>DHA<~|?!4kUt}|xlQeU#Jb1M1v?%3Sb=3&gjWjxIx zgop?X;{UVfCocrKt@6znYiFo!ExWb|qIl%6erRYY3x&8y0Ga(7@p=)VvtO4T>6cn1 zDMux({C*QlSXR!X6Y{GUJ>$#5+=#0;QTHuK_ zX>9OG9J*#zjW($3C@3VIOu9ygWe<+g;LDy&XJJ$S+9d$JNPt+QZar&Lt>~>plg^LAmEpNH)p(Px4i1hC_V4ExuD=hJR4L)plyMp9OKg0e(V?J=7_|-; zf1*R}XG%V{5zBNTQ4m2oFpH;%TuPdvtx;(?GMt-d2!^$N!MB0gzl=ga$zwDuV^Qs85@aw;M0b&X^bO7#rt4?~|;xin{;3w^_ zIw#$augvJNCZBl$OIUINUI&dErT34MDoEhgX4?y`)YTV_kWB)7zl!(SiHN)exGeAWS|Yd z*5vgXjnDJpJ%n(GfP)b2n#&TzuI4D_=Adfj!*EhI3t#yAKV&@1bmi7uw`abxjN3Ty z(5E;1Ea7Kx7t6U5J+HaeK|v7x6#KFsXCKE+|ILwCzOL8eC1ge4>Td~MfAbSJF0NRw z3B`}2L>nW?7Unn0p@fD6^Vj0&m|Q{_ltHR^Xih<+18WJS|3kaLB+9QMTKmaf8D>;> zDFl#?LeoPen*&(bc>8-8czRN;##|xQ&Zo5g=q@xqgic)koaHOB4EbREbpKMb;k&}Z z0~lyOflL_M6wdB4SZ;j1gDU_f^dJ5Z{S?Xys}WI7rnx|bsh%RWEg}Z7wp;v*O@<9d zMyakJ#jY`Fda#l(xlD2gBZ82I4;RpuCKVMAU2FZMlqH;FsTJM-3!KaVN>aP!j(V2AVHQ4U^!vZ zNCOwEo_r~nIJsb}BWON+v8+$ai@Z3@qo>iS#DCfM!VaWl=s<@m)cYJtDN<>>Dtf2w zT5aDr=$wo_q-S6(l|N^qG`3{*YN>{|vHtwI?p!^4`Fa=M#Kf@(7yoU01+EeSUh3c6 z2S>&>fP5}Raej9Wve}pOV?tMjxSdTt+8@qB+SR%|FNuv3)W zXA{?FF{e;)2Tp)MR~m$^Wj=1rq4^mCK^_Pvfj1VaDB>MnZ@es7SUHjs;HtZcP(pyMwPj^am^rCCm8NP+nAtVL|p#12!+Mmii^fur@rIeU>HY5{~Syvu^02v*BP95IxSC?>TIdQPq{)I0a-Gx_mHTq2@L<|jqU zxQR?XhGj9;;~f=P=xUSW!tYspkM27%auQ1`Y;(2)jYAzZoC(O7w&6Pxwm&Pi{+g6K zQs?xnNRho@r7bPlbp%pHJy1|w(~ag*?ubvs)jXLZ%+&79G}(RN?Q{v#?eNpN2p>`O zHiUaQ9FuXnb}H5tQ*|NaEN_?rZkydij8a+})hy4yE_q(lwm)~f)Z+|~^nAK2%Xz!I zyNiQMRTWF1;Q;R*OZ)!i<+c|eY3E210}Vq^ujAD~wS@Ub$z?yYfSvtJbtNr1{H)U* z=jAAqP+ljul;l$gO-J8;K@;x~|I<;h2YFZ6zH|Y1g?8Qo9Sv$?-R*Y!V}~BU7ZwG5 zQQn*TrjB=J0|@{@5nvOy47DX*adorGN+0SU zs}Ud)fVqAdo`ZUaoD1O8GGiIuYP{QCG?+}MO=0ri*#?l#-7ER(N&yurxlyDhNw=CpEUoZnXXZ9SfbfqJ7<` z?>%E{zNh^Vw}tF%&YWs1_7x?OJ|n9io4k!H6X;IUS}Qu_wNyqs%U2||R?#^VAr}7= zZGm2(p&`Dd{LF6Yh$&MwRb|eO$pCVEp|tgB8x&PY;WV$49HuqTW=KvgU7*pJB<<>G z-Lc#nP@S0+NgSV0IxM4bc#cyLQ2@g5tLdlCbVwql_~v+I?yTeB@LyC@TRa)N!j#UKzTt?d4EB)Y%^Xkr)aVqA1g()Xdr% z*B{%i98mj(%bZe%w6#-qKqJ=6xe z=YOD{IzgnY2)VJT@R@O7=F}Z6E5QidJROt8tPw7A-+1YX_lONMmCZVTxg^txd5Oai z2_eJ#{v(w+l5aU)j$%Ba_`Z5!iB2J|Cc}u1rXyt~rAg0czk+7TnHiAIoGdn#Hf(r! zvC&yzD(7Xm{V^pqu{^SJWvj%_=Qwgy#VZyc9c!ZV)$_Bj8V^k!;rXzu!d{1iaG_Ry z6EbeqAfe@|F)HX+8uYU*h*vyb0UX{<@Lt3AvtCAI0P}~(|q;QWTZHY-u zVT74DQFRz}D<`t-4016aJ5vpDJJfLLfRj!2QAR3Fi5R4?hyrc_JfTebLXPaJa8#bh zBkx;sNLQHE;u55V8v13*N*VyF-qb422qSdzmLjwaVkluFZHT+Vx97YbVq}qw35OFc z;aX@4%Ce3oO&L4b6i$;yxHLW~IeDjOfxos8ja6?$rb%p)NCsNSIwVj9u|;cWTLwAI z2g#DZkpqA9V*8RmCH}}LB2bkAgdzSHWi5~&=4#?nW|MVfk)^ap1w?Anar${J)9}&A zD9DJ#CJJ0DK0T#h@L2PX|NKbt6n^FqQaz=~Iqimg(_n_$QfQNLUjMHf^EAdSsx#lBOSXPaEe z@L6yFKHAU(C-f&d0;L`F{(|+i%{1>-p8b|%zgwze6h6%Jjio6I=2c|Rh{_r$lO88i zgfNln7VTpb>wUM>Z5YQyT?`yeLe$}Ap8iq~^d1QIE)Q=^bjIg4MpyXN$2xJ(qIA1R+u`cA2%^8qD6>a--vWz zX5=+Y-FSUMvR-q`h~HlMudG@)u`5e6q3@L5pNsaZyg`3WAA8fH2%ic;oG(egVt&^_##Dq_rfL}k*OD<2}GbeMABdXxM}_QoM& z>I-&Mb>#Z|+CJ{%DhAdse1!}Q=<SmXLcDw+twa!S3_IU)smf`MG$34GO|*KF z({-U%bToFhIYOtRuvN4wdSAlr9|Kw3QrJHEFNOZqG6e<%=8i|Cm! zOlLQywO+Irsi#iJZRGg0ilq+YfaN|E{}90v(-f-_J5VI!diIcImv zD?^&mPq9^j;LJjz@g_-QDY5sFS+Zj#Oct-Zrb@MB014ZY1;z8luDmZVS`^`}$3?Zohxm=KEyk_Dx`7T`UTJs$c6 zdLlX6PH1T+1q%K0PW4#1wU7Q*G2tR8-}+B|0~s5V=c)9e+E$Grd6$`CN;T3lCfs-c zN)u4}f|v0m@v(+AnaRG+gCpUzc>A+9E#Pg>%Hp!BG=x&W(m~Q}Oq2M@bT@Ji(bL&H z2Ql`0u;yEbO)B4T8GZuPof27k0vX``OL!D>MJ9c@L-Nq|&tU@xHEbT1;&ThuzDtRD z!CcQ3&z0NbgyU zm7_PG5;e*wD15C`z0pF|m(aQVwUHj+ng_EG*;(V0I702(eT~2SNQrYKLWL0n?;!Vl zA!A&O*1I^~TNuxs=Th;5b%!pw-@MaU=x44CCad9#8f}KGmb&@8!E}aRt0-AF_85R* zr?o0I9(x$SXjmqwIjusEO6^d;FNz788&FuK z0pl72G^_NH3 zeh|=Ujk&stoSDBU-gn#!k|=BR<-a3z%WFkU#7m{ zJtk^|=-43~?UJ{)ut@FxQzVA(E>;@&w0q1ztnt4N)=xg6FU5X0aOTj{RZlcy+Q;&q zVdr{A&g%vgPPPJRx4J<|lnU0wk&EKOd!@k{L%n8`E~=_}A9y44E$mX;^$wwa#bM!Q za#T;}_fa~L&0&3;JinSp7kl<__2RJ!W%SyOIq6bjwtYf7=p^SOtn6dr4%dc{@Dhvf z8LNLZhy7~X9ualgkV$Nz)H&PzP(!z%o_gKbdL6@;{W@?;Gk4=sx!o{| zHBCo@N586b5Sn`rdD(A611$BRlL|F^NCxbxDAlXrBKev_bSr@c!q8sM~Ui?<0|t?08!R@ zM}t6V*%G3C@uud28|7g3$oASBu=ZyA#u7>NybYdb_j-C5=sqrVG>i)EZ5AmpIcwP1 zoJ$L!5&S2hK`SN1S~?9?Wq)90h+&hEFsZwcbmHuhfj6g`N@3C{mQWlHz=deON&tB{ zL0wTn%Gl~fGBj-Sm8_&0=y9BCN6(`MU`HAD<{3(v>wx>;9GMOa_fZSDf!13V<}4 zl^Nju!J(sa0_Cp89F6&DE}St&IT1u&Mw!Q2`f=0?P*<1F{Usa) zb^P56;&7A4_FhzVF2bKm0+@gICuHn`Z{2wOnjijMGyQis9|f63>)!V@{g03S$65EL zgT>`4ZA$x(ae80ge z9Q8lgJPUx0011h5Vg7#)Fs8b%!0~|p!|30DenLUWCp?4U$o#3<{gX#S5`vKJb{+e> zX!Z|>_>ui;cA$pLApVOs0it^lqOcv7K_CBAy#4`n?++G7#xEd-_CNgW76%(q{H62x z8vDNibs>Q$djMxn`L{g&MF=z>2+^#H|No01;2|5~UlQno>}cP6BWqYprFU2)F#Il*^QmVn zWUne3k_1XudlQeD2*UbwUNfv;)s~qvMY(c5?XRmw@5a3ruWw73wa0C zLteLF5&Fn9k$`wChzq^JT`zKc$>z4XwgJgP6*diQvd$bu!b~+vmRfkeK}c}nv#yZ$ zp8Z^n=~mCit>?jVd$mHZvK&*DzE?ZjgyVEK6)Ux;E{S z>V34z*(`RDAR)(7{Z<2J-&|VWg5~DcpBAI$Q-y?HA6L<$I=t7NksRL3CwzE-$Z`ki za5muQE32I8O8Kq$NqHp0aBoOp8WL%)7^$L(CaP#sFJ&749%I`iLCOZ$Tlk1cqe5!G z*y*V%b!Bnk=X@2TMox$3n^hNPZ^N5hIX*%IMDL>|)(!sC%#Yde0>r<57q2TC)-PpB z>-V_5kR(-MSzYPLm?CS$^O3b0=DeZrvILq9x|fh%Z4|g^RzV#S3oDy^G|}B>)Jfn_ zZu63U?ZywunX_o*nW)!aeTKFl_Mt;SHgp^>+zGNFh=i{8DE=F=*122mSCo)wS=sTA zqF58j(y;@1O4`y!UAK4ya6S-p<)=<%zwoWsJ>w8FC^6xB)T~sGb;?-Q-d2^OcnP0B z^+7)h{ahc+%+Onze1+{iApB(eG$T$rdHG(+eB>Tp67c<03WM?;#5)qAk(uOa$>mhv zAiia9<+!5eXNdiX-`*Y}ly&1}^;6U=LeZ8W4-81$J>oMUaSMlarLg*j&{m_r&FeS% zhGfc7+G>B$aU8b7%}nO1`w%(>N$X!UWCyA@gg>Uy7iY2aFH4Eb#*1(bT`W9(^mgz! zls;Ouq~;I@T$miHh`#qu4#%lclo!_jgJt`5G$^A*i zn_iD4eg2$7`rMX(r%JPIAr-g0_1yEBg8gMvJnH1iUA%1(>}zN{G@1&i0tc@LVL5LF zPg9NAIgFIAw$p*Z@XrXgPyl**VdaPli7W>BA{Y^Yi z8WO^v25TbAcC}#@-2~Cl@Y{CKTonI<6VWxC_b+y&Xc`&ysxu5-Tc(y0-uPOB-w(~4X5#s zM8|f+3e1D6ApQM_i0FHM$08wHee)Aet^K#-u9@!S1sL$r$-8e&~EVpLRKtm_WdOLQg}J%t9OeN;jIO)*${}Q1O(tLHD0E>wYDiM0xd{A;oIY8kP-CZ}aBGf8!yCfa zFMBZGeQ6ClJuYaK;Gt$gL`}j-r$z%nCF?y`Hgp@;I)1c+7Xrl?-xOw}+Lhw6k_=E` zv#6vY#sV*Oc>IZoXc7(F{rmT*5R)rA`24=X$)Py6&~WHPTE(N8nPv_)9vF4H2CWAh zLh1@v2_!zA&Uf7$M~7%NX847*{3_Zg{f-jreTMfsjFIoW_n_-)RcJUz^-TZ~lGa+4X}-)Vzei~0pl(NKhR zPP|`UN126HL~JVitHBKuC^f5jaCchjF-ONRFF<}(Kn+7Px<^I6%il8@gdqQ!#6%3I z7qt1L0zDElk;0RrtI_%GKCIR0M$QNL>$kUizbg=AU)cXX3YMlKR_)4B{UOj#pbABu zk(VMMp6smQTQ}Sm@Wx9`I^{==F7E+fX!ePbm2;@ z9!$T4_jY^B*5J!wBIz=&SLvR`hdhX?oIo~~Vq}=uDohb}P-)pHZ`m6EgAGqdK3Wb= zmLQi=H`vdQ9h#JteKIHZ;mDEM8r}Lwx@^wZx2yJ3r-Hgr8x79Po-zF@X7_h4$n)Kf z)cKr?26V~ZL`2BpkihL+QH?FnB&tu?Py8oOR{2)?(J9zaqUMXfIA75OoQxp*2Sn;v z*y_a^mvG6_Pi_V90h5$cIg}x+0Q7viOoCiBwv#PusEFc{ER`o$d2LH6qD#@tAZY)z zOGR8g`$!ifxx6R}xx(@%IeB+y0`J4eFit9wIK`wsRwU+d&@_TM^YVStkUonUyfY=r zB)WI%H!*~KdxXSljv+SHfs`HqXo3T|401XaZCS3W23;u9PbJ~&)}gFYT$w7~=@@^x z_PK~cimF$T&00N9sAAP?Af!g8Oj#9!(eW-_YomO?oDfAQ^?~okqDXm~v`Czr!X9yN zu-~TuMdP~aDTz65uZqV>Tyw87r70w0?&)Bt&3t1=)O}rY$*q%ekSVA_9DYKLr|+T9 z2j|{U?4pqp6D_XGNzuu2DLU_6{Y-Ii^ukSrj#SkBc!yH=@=;Ae%+>lyf=c>*8Do2! z50*x`Dy6ibrzq5-eefscad@Wp&(=^Q#MJ-4dw5#(L?Ab_f3*hC}lE`>7`EbStf%(qh7Sd;B7eS7DcT@=W!R z5T*Y0^X>Be6ZC*e!W5Y}QjvaJ>kSwyOJh}!kN>m#W@Z1&8{ zxFnsm_4Ves*W8?F+6{d{IjekYgb%`J2sl~7LX?P`+1Y7XJQsY`(DptCK@D6JJxF-0 zf5+!vBv7Hvi~%3H=rCzcxx7*=@U$o!>f=o?FyV*c`~}}rfZO+KE$iznx4eI{6Sh5rxNlxyuP7f#ykT|nY8dy8#()Cb#7!4l8cS`n-OpZ*k?2m7<91?9Vv%5 zvEaVdY>?7*g_~?WpOwY*u&R+yOJLCN^Ezt1f0K-e3h*3IhA(vU2 zJy3wjoH~Y%i8)X$MJ%6iZOfzjCyOC!f`&}1*>UQ2q!a~g#Zz12qEB5vF8?H1nbLyO z!eZMQ%X!gQ+W8_XQ3n5+BBB5XO?>7WCRanyK^7J}?%S1Mp_mm;Fb0TK?x`MC(Xuu+P!XZvx1w7qVqwTsj_XKc*u#_@|BmmLrS?Gg?EM$K(2d8` z^ccxY4d)Bm<+eNQ@|BvXzKr|IK&;Z{dL!m7f%y9blYH8_S@vS|tsL56d`r;(+Nf~z z_n4bx_;c_w}@(Ugp{>Zt!7irn*vSC*EDf5iG(Zd(uwPv}PD8Kii zc8OCTisnT`;*zmQkDLYZj~=`uMUEZ;Qc7Q{>hf8igi@fQkovz)FQgoBG*HrIt43Ki zyjEX&UP&ocMf;G!tNB+}tcMKUv1y%&m32p~}v~ecd4cpYGr5 z_LUkabcWd3g}Xc$UC_(10Ad$R420ham9Llggi~wD=gslIVDj38o z5whP1P>E@pkcIoBzzcXUo^{)2Z^XI2K1E5;z|jOI8Gsn!0uemqp~YuOTV?4<$)r?y zZM}G@wccz)r*$nm&dVJf?C)L=D2E3xq=gZ3Z-|4E-e-2p!lWpeoVunR_c6(-Tx&@) z$c;H1Ur{>`g)5wSrrK6E>Ap!bW+V#iY)a_?`GI#enFr{9W%&Y8kPxyO)9XFlgv=WH zuw4SLXWwmpq*ox)C9{Sw&j4F!f?oCkKNI5ND8CvehsKIcZiX}MYoy-EVUcytlN~#;|hZ13_!B#OnbxO}zHfXMEO$p`X3f%ww zOxlPdAH^KB6U-hKxc@lj%ez1IFFh1!bz^|kub-v-F7MHXC1gk()w{;7j>ob; zDC?jN<|$#Dezal@R`NFbBJ+qRy|LlfQgi_Shl`NNzuhjxcZEtF^YHKT##@HSrL#1& z4490`->12zYt;q@+^bEL{~n3~gAif-=C-LdiN2X8H;ffR;Pcwk3d*w6)<=Uo+%R^H z@())A;y>rdUtec#OuLQ^<4Kj;Y8N!TT@R2iyB7)YlhZIG&HD1YwT|*xZx{M{r-J$v zW~mm*?DXF{oCl5RpThAJ-y$Q~=+l@&O!go7d}zEyc;Z~W3_sJSdej%tishds}jRTDIlg(GTXG25!!LHvD>EktSbGGHgu#(FD;oF zHKS22jewOZt&{OSEJi%dG8*=AJqG8pYm@M%wm7aA=F=gk;GmO4*h~UjEX-2i{KGPM zVNhiY;yGtxc#PbheP##Lqp_|Zy^P*e2Tgm)WHPo$;oK2WOt{n!q?y3QkJ-2~ET6gv zE5Wt@x}{Lo)}67&$s}N`y3oKY`n#0&MIF@-PuEY+#r`z4F9bd^!@gw;GzpjE;ll0c z`e12glRHC}ZsQ2bjTDw1cn}yk`GPEPQ`~Blb7Dm?>fGi@6AeHO@8cD!5PM~nl`LCJ z8e^3kE5NecjZC@I)(NMDWupZsP5q-ipb8MNAXq{^QB$~Mp;OBYz!eF@sh*yIo>Fln ziY?7usiuC8e)PLt?Z_$xl&o77Z91)kW-97d4gj4-PElt=V&yh73luMBQMy9}c>gUB zK{-&V5Lvs2v)OP7qjF~BBumQ*2*3F=MD{&(s9|Bj9tXwn4GT{Q?=(;(PHiE!j~+*~ zOooJ0qqxkk`eFDRXe5b>+c4mD7&mz*8{Osipb*H`hrG)wvNgO@w3eS|C^dguoUsIvH>0IYyAJ~JRuFc*a3{yP9uykK4z=P_F-l|>Pea9u`F&=vaR;BpEN6ZIa;a!p z>Q-VnhXl8omCR={a!bOS*2Yp!erQv`5Y|COTqK)cFHH$W-58nXO@oGrrlW=w-_@UF>yn;yB=awRrG;`z}0jEg6VJ~aN+{-&klXo-h` zJ?)XXrJhgTn>y>RG zd2U-5+*SI=IcV^aY>^XxXK0-5U>4YCY%9iO7f zgWeC{{Q87!mprW)Q^ZnE%O))`i&I zV+0n1vBcciCx2Q*O&6Tt>6BfO$tSSqe?)A=NS32}yXK@WEy=Ijal?2!@ag0jLlSW2 z>GvmZ#z))zh(tC+kjBykW|~jdaxJ&&db^XEjcQYw(-1?#(Lfwi>nOYVIuiELm8!ff zKY^{V^ox)cX}^dw-6wjU_x-!d%BnK^)W;I2bEFgl)7NRVz>~~10GV8-T@b}lLXxb# zPWXN>QT6yJIzoi8lKwvea~=Re#CC3lmC-{W&lK1bc%G@Y~znCyCB5gcCo*jF~M z8IZZ_d$oMRCk~6Rq}pb7w#A{^7`cP69>G|W4G+ty&J`Of2^->-I1?q&&nB0RjL#=L zKj$q9S%aL2Q$607!{r8^Gi^RLG?3gyL%6up(^skzqXS@=;^GrTlm=WglcX|c`rsta z1b640sSnj425n^aij6m9zG zrMprkRk?L$$&drbAsC>*$7}Z$R9R8lxcSDQC!DfKp&K7~ zb=*j=cE@wN*txz^k$4yPGdrl<6r}gHp;Oc2Qwav5dOVIK-e;k3+RRZSz0=%UNRuni z1uIG>G}Qxo^==<@>WvCiF%m!?`W+EtWbLs9plrvf83{l_C5cFVd<4%>I<>WRRf)^%8f?8f+#o!k8Xb2{#XAEtHE~E3el}5$jiI{m2se5s z=k(H=$Ty2YSRQUql~Ahpdi5>}HoQ8mfj)FP>h<0>DijzO)7Wr{{ClurnaZLWG{c{%5zAK`;M>-Wijf4KmAlj)&5r8-~J==ECsIdS(){IC*kfwUGit_JYQIE;1#m*o9t5>7Hp%%=kDqBf^t0K10mWt0GGXoLqx0L?=pvmPDL;!kATBY2`$4Ohq{8X)tN8Mv z%(_vaIJ3Dq$r-&tvF%>t__-~25#dVJ_IF9WvSyf59`&qrAy9W|TGWxeRxwdp^x5w6 z5{f$xNcR4gkXuS>spSJm)Cc_F?u+~bcW5%CXIy06SKbn52%xMJkP*0(@r!-~t&dek z1U;-gjmY4=+&3bUktp?E)+OI9+CoaXNw!1ijYO81{p{ouRhq3Z&uH}#HmB9rJcQ;% zT@J&qM-v@}fpt;m#3anlqbsR*G3wi*w}cFN4Uy7$%xk?{8nF_4>v7dK4<|)@g9Ux* zn3ufvZQX_vDt^9gLZB|K8slRnsx=~6=~%L?lBI_9#&A298ZSDpQw61tGY8;8Pp0IhT#HB~x1MqfoR4BVH*aKacj+4>1Q=mGKo@^XXYT z0xpuOYN^`N@9OMQ$DVtqdYsu-xD#ruw+&BR*2_i$CMM6+eIfs~*6LlD6%1f=kIeYHqF+DqwD-&GZ@=8#9r|zc! zvBXGnuCdSav1;I|ewb5K_>v5$m+Az|m3m)JutXN3vh&I)KIG4Jqord$*5Y>}8Uu2- z*T~|?&M&Xstx;(?SSf^k;j&pd*lo)imMeGN5P!XzB_31NAThJRlyUBS->rHwQY8mU zXU7@ElliJE0Dc-n&=6nnTtf1FTyP4=apRA9_HkPDQD;(U-N~>u7!zH4+$E$cWaC<> zms!t6(ZoK>>qgAr5%DdIw=(<_&ge=@Gc2T zODw;L7RQwX(haLLxnBjeB@N#}3UsA+*$B^b-x=1>+53qFcD4Ud9_KKPo8svYk#^2$ z_hMTACPIah_+<>j=W8zlXyOqx;!LK>p|pJX)yhkM`_wb~S`D?&jM+uG#D`(_cCE&N zue0jxBq||Wo%Z;QB%z?T>`TQ;&BktY{8|Wc2l3=X=}zjSLMamTknnetnz@op_WY}{ zvW7|qDLGZr?SOjk;&;Xnv0$ktvz9eg3Y>6+Tw87l7#S!s4 z|9^=3#_+njXzM0DjoLVEk|t?v+qTu%YS7rW-Pkr7+qP}ncJl4?z4w04bAFz4_QG6i z%{As2W8+Q);8T%o3fbQXt`L(&4ojU{xNObGc9Yn5S=4l6N^GFAM_I`WsB4?6(rT4r zL{FhaZSJr58mSh&HFgx$I-8>s$TpEB+?vQfX>N?$o$LU531}b zb#^tKZp~WbnXk3sH}cx@wGKh3j{c=DLGn+N&I8&!VC$jvOgCqn!*Cea$rb~8e* z#y6|bEGXkaITeK#7teI@L+aD&skHJy^TU@E)yNX0AK_;v!sW+ldxy zyT)~kcPrHD3n#Q&U{3qi4l1-i`q-epfPn{<5RB|56fMxj6%aD-E*z2-kl=>iG73(J zRQXMImb$Xg7!YuWs*hQiy^vP@#N5j9%!=@&(Q6|O>A{7ZeD{2mm757djObnAy zP8{o4TTIp~ecN1ngCPGIb=pMyhsPv)+WMK#L6jnNC&vuPTHviwC9unuQG~-pvgWv# zKN$=_eL2DzhXhBxTB~i_GU;x-{?_*;C~&D;`} z%qMJGk%^gRD8&`Vp8q)UYP*>@cNYUz9S~FB+leltxp)n~YCuv*Z{DFVDZZS9E3@QxZB5CY8FQJTT|MK-`p&#SX*M__ zyEy4vbuqyjqT;5Xo&z}?Y?42*aT0@Wo_UTyMKdh0x(MLM5{ekT@NjsWw^^io-;r81 zudh&7XPAr!jzyiz>vB#t?ItMLMyMQB<)BNcUO@2VNRT=xqKp)xSkQBl$TuBwAPa>7`lF5;Us>|lph}{;vt8uh@(dz&vZkUME?(kbP{wqf58)^p6so95?ZXiqAhi; zJ$XZ6zZOciXo)*Ty7KTk`Y`V}sGC0>5xRcH>iQT4!nMWfhh8&kYu7?i9Dx|YBxrPH z(XIme-ez|}#63NZ3}bq>w<+|o=S*qzf^_nt>oz3h0F{WQ$MIcTSn0s~213w!{c zlN}r!@h0z~DlXq^P%uv{s!H9?>o&u%;BDzLf3?QO~@CO(x{n8l#JTiny#Pr4>90;WT*X$fYxLr&lm05ovuiFJJsC)`1TC2Su9{rUHWWFH5ULO-f)12^ zr!hh+{)7Sdk@kG4oLQ^uG7oX6W;!5k53Q5mYIKQkVf#gKq$#zeC~nr}*h!;-ib8nu z>t^L>n)sn}MtmQDeAPY)gy`0|Kk3|9 zQIo^N&QU6C=$!^Mnrb-=sHa_5N_g0iUp3Z`o#6eozf*Uqc#U(yh0L-5SX_24hIVCU zmZ^HYt0=#(D*Cq*qDGZ|RKF_?yo7n8*qR%4@?Y;LI3;$56Vjr@?l*rB$Rnz=aYt|+ zCuoC-7C-q@Gc3>Sf>O$`KiM*ffHMhVZg?+z7^K6~@fFqu?}hGV$>< zD!58q0(cB_N*xaQDgVPbTM)`CD^7m?29=hD<;M?3@6$^mOqgIal0`S^5=3*4rZCLn z6IM{T?OiDqKofF)TTi89z4KUh`eYazeDF7L$la;H@p<*Pv2~wsBNe0*f2EjPx*llT zO9**^_^PFU*j#C9n*ob3vmwrlaB|cMfWD08FtsvAk;zf(jUlM+y;pI0_u}$5la^yFh6pHK z=PyFc9j7nSQjA4>pb+2dgExGqfVMj!8d>>{8v-{gZjauoTw^hb&x8S~ZCjc58|fDQ zgMgM#K0>c4AsV+opZU)R6Ir(EpX)Z(RSK9g4tqf^D<0*YKQ&j{ucD{r?KF_3y-hc9 zj17ZzWR;h90*cFQ)^;jW5ilg-SM5H{SP>NgoM^JWhj=+;y@wHNlRD!mRGZzxg%m|) z3X!nm#^|n>sGmnkwtaVyTCGCl-h@zJeuK}c(Sf^@8%{K@7dAKL}X*!hy!&6thE4>1XFK_&BoE z#Pf>;=@L>~JlTQO}toR@A8=F_kj^D;Vyp0@?lc)JNh4vgv-We&UugKIkwLjGJ^&V?nVf7rYuJW?j0z77U8*s35-3kRb$x^ zted>vkIN9}d_A3g(I7H!dCW?5&k4)}zUEKwRaHU&Xlmh5K}cOB(AWUsN(o%#d|XM6 zEsE(|OfMz|%PEi$x3=JkL;9Bdfo2tLJX`EP%qAKdTqG{Rnwo zg0ZOU$J_w5k4e4PK`LM?+_pf^wT+MwJ{eDhLi4*sqNR>Ox5JL@1y1~(Rz)t9&B{0l1QD!jxUzr;B!w^y{;_#LE{aGKe8 zXAO|QA|=9jm(1-`vGzv$^nL&s&Yl*~z(z``H4O*uBjia;7`tbT{ANh&=U+qq5p=d? zXrjr;ngZ#xq93JTr#$QAH&oy@c^AIbtd`pTq<}>fpnmOh~yu zx4=PMcj*in<9wLE122@`7e50ja^GgBU%c#Ru8L;?ooj!1PusYzEvcYDG+qeuBIFL# zgDBrM(U?q@5iJ~MSUv9BO>Xkv$|lw)R~kdJn)FWH7~?SJ_gg#^6A43SD>`k_$tCvK ziRGJm#CmpWeyXTR$J$AvVCg6Zp$lCBlBI$U?8*7%LHZ^3y*RonQ22x_;;Yd&v-f}i zK0K&EA+8ap1MYpAfLe9Utc> zOrz1Le&c4RF+l2A*{NrCcz(7xlNA*VE0T*6aDAEmx>~ZTry>3JKv`5^EYtVR+W87l zw60fR+5XIq%!>j^S*2f`|9=aNb4F-q3$1=E{n(M_vDm|WN`!lDeSv{FSU z3YEYUZkvk}Cl-h7@(H?Pav0MoheQ)xde)hT@mE5dxWbOe)a6(5BZostZmYL2P0>%w zoumuNYN=wnE=_`E*za3_7cUP=QCzM4%{x@z@?f~%njAODA_e~gYO~ly9w*eS{tj$# z(((;L`x$2(3k-5#nk($sf3}-jZlq+Mp#o{DyC+qg{ft?b9^1lpz912=fV7+M+h=k< zj$A)KSj4zMp-Rh7aq~2l&wD80sfU5IhkpmsZp&78XbcHte#)~8vh$G!FNMO?TscDt zR)~G=fl*?(BMy!&B{}_Fy&?eJO#SC61<+RPVq;gPL2Lx*>FPWt?CAki2Ly--RF$?D zOH@HpM$)w29AbIEbwJI@M3h1r@7;T&DV}M(3y=}*(!9O-2I9%jjhmt=zQyo$1u1_5 zVn7$X23GRAZ;mUA@otT0b8{rzA5}`-S7SKZV?`w3@Bf=l1=&UL7!Z& z71ZODLLLfcMa{CE8!|3M1DH$`MLZM7CZcYk8eH6;ziZ^&)EH)7oU;mxsb`%+Ek~SE z$n&|F#|X-vcI2s-USb(Bu>MFI$Mow->|EqkM8)Ak!Gr1C-dJ-%D(h0vb37JRp_`wIImd0E^xes>J-r#|3?0~d^51cZ+jBSS zefi>?YaFM6BIU9|$zhfAawY4e*&5P*8 z_1WyDVov4bGnQyMQj0->I+JmD>#DQwGtbE90kt|6vN*K(~rXC@H+isLE zBV+;|)FT#MS>((Hh?LAGr!UY^dZDqpd-D9A2%``%2CSe934(}o(iv}rijfKf@}a8e zp#|#~7*7I~Ghl+rS#<;%?<&HgkaS7NDTDGt&yu5*hT(rbt8A?%wdKn!|mWv;2Ny&B4sBO@!$ zRBaVD2$#q@mMvsp<17?+nH=Bn)~!@dwJOMNC~5AGLRC!1BLDfK4BV$`y185N0r`uA zsVqGd=!@6JUy_?0K3nBUDJzwS{mQ&<#1&=ntpz;BG>vDXE9u#vwL-c3pTHdr)Z8d? zlPNigT+5YHzhRo8DPW1hRhyZy(h;V$y1w+7URZIF=9F*ZULJTwR~wwsmZH7f`P3b$ zT)_knY5Xvu+65sxs5gjElMfKsW0J`%S<(Kv9MzL2eM(ZHy@CNw_+_&6`ax;xN=QA3260}wHU>Dq$1z;4Lz z*PiqxI)M((-gUa%-Ljpw@?d^c%ilN2rgQTO+`ixvsv>peLXp5;HGG+!TucnF&FU*) zXzWn?BLkwgb2yzY+*&BVq4^+%+phWPz!Y}SS~gCqf>4-lJ}8CstHqcUtAgA_L&xt= zJ*i7m)+u}SC}``w#VH>)eNF-zIiCQhmY35V_=BesZFEYFMQF%-uia?3z8cB+9iV*0 zim!ymO)z4!5b>^edqXHFuxm+|{GNO|dEUmo$bZDOa8^0yw$)+=c|f6NFTi>cf4q&# z@8PT`UpEpI`;z~Bx#zW{>17hGQxlq-A~o8TkX z#XnXJ%}Fkvh$((^v!pnVXfOI;X=oTa)51)p(6NFajr>!7XXd8btLoMm&xT)vMGriP z(HOg_^qAdV5i5$Nq>lM4yQ!>2guICQ2tzH#?s%|=o|KYQs$sZ+UqAzy6M22Q> zvOPyQ)J^~}kr?%F^*^RLNr6ihIdTE_X}|`%MlbaFJfk$1v`=b6<$^SE{KA$kbi5jAbh!w`z`-BRa$OSzJQ>w z%@>}eV2vmn=~!Dbkt73BuRXy(0Uu-wU|3suHr>0ybA#$TB{rPoosoi)lSW|_+_KRg z*#vcS@H$5x;jB)kP?!_r4H(Jg7nAos8%hx*N{cT45(sY$Q!4XS3f&93bO_f&hfA}~ zQ;bL1f*qmcO1BuC$1d?{x5Udp34BI%#;ha}+ms@Yvyz;3Zw5}4RCA}xySLP)zXVna z$ce*FuDcRH#3SBb8NYUsJQ1jLKah#LH88il9q^*gHI*$}R{UUR1zc^y^Mij8o_X4e z5>6uejYiL?g%7$&S+YbTB{5F2HZ1vw4sm!cU^aQqO#o-sI7u*$*FvBCvR;PH~E^JkV!3!KMrn-NCSc z3V;#|7+rNQnx?Remh?m+PLX)HU+LLrwmh&RQU7VZy}nw^>&vC(FRb8^n(gOJTpOJa*r1;s>#INru^ESlO1nk)Xv2rbiv3%3rGKzusg3{(8 ziL_8-fP*wv81!x`=Oe7m)HEc@ktHjj5=8(_ZOO!nIABYB!CAEs7DnG%8S>Mq%`#)~4n3P-M~Y4skhof7=5O8~Is&nyKff&a!C zCkLxIl+ejF#v_+}O3pgamXFbj=EXD=9MMpT3bjR2FBt$-HZi&hk&3tCkIUrLDN;Kr zrJ{0|CUWYs*=oiFyCODNh{b>EH-h??1s3IE2%U-X6_gUyoS4LS%&q zdW$6Q=9CuQ1jxzF8qTJ|Z)zoiB4#w=2@AV|{p6iF2ythxJ|`pGuio^JC_!dYJOoo5 z0%`OIFLS7b2PG$SQ~Iz7(`-r(RJpH)<5vMO%EQyzuvUo zDy#2~kC=$mPBL>7hGHS3D)t3=_WRI{fkqT<%63q*;I`o8u&Can_4h##lvjsU8hm6& zHpcr*(IkMPSn>`IbJ&tFcMiEWhq$nQ+l94QN$-~%pUJW*?k9bfe#EEmwP2FqB3H!J zt0mHFw}w_rDPo)S7C*H515l05)wBSUt`<|B$(*{F4b_IzxYCoqq!U%_G4!O=DrazM zmcPoQ&1AoDFUF1~zL`uDGZ3HzM|paA@*p76{A!Ca|BY-g)cCE9;OO$sqS|+eOO&SS zWnEN70Z;KqLwr!ZG*7WXTZ|r4a_Z{hbz;e_O6Xl41%FD+vd1mvK{KS7U)0N4rdD%- z2SF|?fhAOZ(S+9&_4PmM8=zHZG9S;nCldQoGXa;zQ`_Y;Y^WFS6yIHxE2{6S(l9@u zUyX<4@Q(5CP{<81M6InaV%d+P&4^@uKz}(dQ>7Cx=A$&=!j}!)2J6``%4*mUJXc!^ zofgQ=F}evPBw=pai`k$GI~S_Qm8{2fF?gYhy*TtfU?q#aQ{c!CzTn-8D6_~xNA8R4 zCOzI}72Bq)CVEGiOLc){5P<+R?7Bu1+!J}f5!^Gy+Iq<{z+r+nR<_bv5#=}P6vu*f zXRatGa51r+w{umkkhC6mAs3SkE@h2>$7F@|_q1I3h`7G=+SVfKi)-@jw#{WSo84^s z+H$v;T3*uq6N|KtC7?}_cA}asSwk#x4SIO={IQfdtOz9urRsCix_ z4x=nmsl{6Y_hNFfpB@AevE(CsgnOdxcSqQ#yO8Ml;3OB)@z%?+M0DsmF%N-N7wBJe zcRuHhAFJ1Q8l{wjytHu

+)81(UOQ9;xq=oBlRO(jVB3S`kOfhCG$lLt`MfmoyrE zL#Lde!(OIKlWHfSvpRvR6$r{=FcH9Odaxfo(5E0i;#^7Y?BqK*{Y^DVzaYw;qg8ex zPy;E2au6IvF#K?N6Ypq7_UVpG*F_ruAz(u>M#2AwDao2h&{9V&cujDJMtTwc)N4kr za9b#A`f?y8@X&CUC;rg)tQ#SihqkL01s(-9Mxy#0RcnDm{d=~LAONCUIhB2Ty{C^~9RnEOYj2Z`D@5Ul4owz- zQ>x;{_Ts7a(#~gN(y`Bb?jC<0QuK>JdTcg#HZD!fLAtkEcUotgWJV?YyS`5wEprq4 zntb3PJa3u@pA^?7Fy8SUG;7dqd5F4bQ$q;f)`(Y}O;*6Q zRBrc2k=lZvX;mWL1!0Oy4kPTplp_#1^?k zaB*?-*)gCw=2pN;EXU6jjJ*&2IhfpJ;ifll8MJd!PGD~t51`-CPgLeI@Vr54ge`mn#P#_0L178_4d-S$jHF2%~-Ju73;99Jhx zoF~0p+(~@o^$9POp_alr7bWSN zt%SFCK=l8E&Nw}$*|t@`SxZrSH3`>3e~wGj|q8Y?dU@16tV; z!s3sN-XrCkJy@xir!&h z=&{0$Ok6Whm4`yi44XVzxk=7zV}CaNPT>;C0Kc8Wype}n&fE%}{?N}K!N9_JY@uQZ!#=%NUHTD{w@1F;`aj1rOioIv)F>3?z4VPaXA1qCKm}idPx;xChk|;W%Q6TY6iDZ( ze0sc50XWZG8AJa){*?&$t$4T1px95~HlA`T7gmr*4E~kz#) z`5eip^6B&&)-S%`fc2MO8GHZpd%X1~EnSZ=9G=AicBSrv;uG8JVOIA*Zd9C>?~N;t zc3o7A^(mJ&D07Dr<+QfKA%9?%z{8lVLYXb(}o(~P&okPuq!0^KNXEX!h1wCCrq4}Rd3JhC~SqCS>yvqnq~=>!oqyi z^>HxNJ_jtlVA-6tWo3oKXN&s$L=ZGt%sd&v%*>=5EnKX-MiL({2+ zz(BhGUx6rupXZsT2Hc<}c>YAet$m~0Q{VMyXoD?@-ajAJ#mYO9cXE{^dOA7_7VLQ1 z&l#ri-zf@~4t>oEq9b9pQ-4d#Nj~l0@YOYouiGY{ZN}#0<97lJN?%N8(Y&t$#;w{tR%K$Bke!@vzCn|D-@uGYxZjrfs17?;N@V z>-1qGX^ezTvVp_+WHv>8F_!aB@X+svs^rz>`sB^*PEtzNG&y-B012FgZ-Fi$TBJ}c zDk#dfe*I|`8s9Z>;2I;ZDK->-nja&S0|{SJ?7w;+)jlyRlHRzUE4-fTLtTb__@6@! zn(F)04xIhfN~^E;c^l95xv<2CGVsx}4T&BxQ?!o1 z!GPKv`TUV_9h-cAvP52-Huli@v4;rqpVV&tkKo`PVi|?GrCY)b1llWsK)$e9CywG* z?XP-+-ff;?46JxC1R6wzz$qjC=({v}ct&B^3}QEKLe^n_$K2Mf@0Wx}-yc+#NOKoq z;yU3P z7lp<0;E-YeVn8ZW_T>=}z#)u-gc9i;&S6_~0hnEk++?h{>{H5gX76`rO}lIR%KG&l zd;>>|1pko>?@enH(_cFa0y9H-d#+5T5L~_xk4yPK*!AcpWQ%)#u{nZ2o+30>cl{z^ zhfAIAeSA$~tb;JU#U&A6H0bJ(A?2ibd21!D{g4#8D8aV5}8wp%x5 z3r5Ay^TP?ZVgZTe@k*nbMa$P;LE0};2@+*ub9cMxaI=URYh4NL`H)gYF7RssuRr?H zfFkMT4DT9{Lx3mo1P)x++FCw&MRN$xw>LUBvw9zzwbqdNT?kaOT6SQ}fBNoisKVMX z9?qXX-7kUixQl?fd5$huAg{9MuvwCwwnyd*xIG}S0LUyLT;^L~TimC~hq!iw8k8${ zEgqK!ro$6|JrMedxM_1H=I8YIXcw7lhL)S@9+a6!H(6MiY5sX6n2F8HcSIP-k6sZD z*ty^Bv3CMuI?t=;YdXdauP5le_GUR61LWH*j4kStRu{imh>gXRGmk?7uRw4%evvv6 zKDZkzZJ^E|p7pInFj)HVc7Q$$M(NrARsECUHy68?QLa0MNnh;Wvgq

zU(PVF5$U#I>nwOI!|KYbgMrdc)0SV@)&yWx(ViGb?->AQK!BAOvk~u!ttGGFJO1tcan!5&3%>-qHPNJhPFGOdf zsV-wJciho;ryf!bez+NnI1Kac0Wdy%^AR18_o@n0W$vpG7!FvSb~Q3ohZ{fOj>nzN z%VZ55K^DhBdim7tZSk+;&P2WR#tKl|sB!H>*scMYr={1Ozl?=74lyWoyd~mPJ2f_G z>A*vIc<>|XiT%Ji6O1F@9!$cT-PWuCK+Zl}=)e`(6jH>u}SK_zxBlCD< ziW=y1@<%d8!S9$z<6KpeU|@G%P|p@KM2<&SGxd&f2WF>PbCdF#hT5vw;H(E#v$z;( zq09@d)?HG{&l?U#QGG=9rDsxg&FFs)G-ffh`uoPzaYk-MTPT*FgCD%I;^>fx#3^^A zE?CgPgm5wt+m#Hgo6Vi&iW$#uQMuWfUZ+D{?Q}?#^{;=MZKL?8=1K|8 zk}=W^gHduZw?S#Xth3)==2H%`eBx!;)6e5V8u!`lc<^oiomgn0$8yiT>0NC*l$Kq- zK0>|o(l>ff5RE|(zKX}g8xdEw1U=UL5}V2(X7smJ0g}d>>F2HDFPrKvS{q#u8kmqL z;yEPvuPYYkuw({S#w(oG-ZAwSr-*XnIozkSUO413%vsc1B~V9&wGVfriA-;X_N{^m zLXM(pW^*UZ+TSI(wddv$^NK|Q*H|^LKW9XS`T5N=V)?^UlQ@y7v`1S5#wvR4=4#Hz zw&qWM7Vd;vOa%cnR>zisFz^%8+Z6cYj!>p+9++Iu_AM{d53X{<<9FkG&KlF{s!>9s zf&l|j!M^ESxuehse_F=fj1|eZUr(t|=is}OqCk8`xhjbMxv@io96xdoW-&S}4=l^I z`UA3@LO9IFV9~sI_||JeV@e8lLu2pHULv9{gF{xIeqp)R+DDYG><7sS_=0&$hKVQO z*)i?=yO3L%utSYwEOQ1(cO;cQX-}Qv(omY!!?#6oxhXC2`WQZ{J`Tge z52v!X%i$S<&lBsdqwB2PezexTb9@Tq<;=}=WAmBFFw8&$Ys0f7s{1f&!To{TV#Sbm zgo#u89t)IzZZI;ev^VS=O+oX#sDlixSGjGGaZz|q;-tEUzac5F5ljSqM+7v7R_Gz=T!fDoh@g;L;eKa(!;2<^2FgJd-r6O}efcdWG#0I7oZz&!#0%)- zyx*pEOZ;X`EAU;Im{Nhm%w9jgbBa0>)ZJh7q|IxwshG~@%Lx}#FH4{0|T zQ(a=pKL2ffi`IS5YYXXzGDW`*ZeEr>?S=tXHom^BZdoW#qXVTe1!3-v<)wO>EmIi{ z3bQbiVz@@c&=UBwnJOlF(U>xgoAbuzbxa&XsfnIJ)+W#46tXvwby{SMnXz5rPqhUQoq?qqOonI%xfL+Jp z3ojVlXJ6Y3Yjhg^y5cO|^!pY~$j!}rd(}`g+|Oso@x@=P^5?~tDv8^jUVKZ`FTul! zufCDmqI=~}z@^{$pqm5&_N#=<%`yAXc-;?<-(Sw79 zwa0{pg2sj4a?YmNGif2nMC8!X_@&n2qk&o?sHw&D$YO1?&B{vedai)Zp#CHA#KH=f z<*2YM|6N+sjhZ?q@3>w@q#Dn+#(O&Zn2UDk-$D{{_P1KrQPHfM0o2;H=e4m?H%4)g ziSkvIS=&erZ5p+(-EU2&_iq4D`OV!U+2UTef~1`aItMFGO4dbn>+VZ*?ygH?3MVoc zOzR#T&8ll@RVW=3fq0LN7U(FgNRrCutPL_0S%~}wCN1S7ufr8 z;3XohvzB zZqvviS${6Buh;yLEI~*LNbJ=<jAHdVI&iRxGYdh@V@0G)v9y* zY>EAT+U&%#a^In~n@`DTB%9MlWuRIkviOq&>t{$NHS=5#0@C?AUZlx{H?CP3sew8+ z(D4M_(L;!DM`UhiAXwu?!*~_Mo2tgEcNHF5643-@CCQ!}S=UqF<5O=A* zkFOqzP3tp3u4e9<50`zzV}dR-DHycip&#(ag%GtXr-zwWS$1K@VfjW7h%ODtTp!W< zo9+<(BxDk^?2=qj4So~SGQk9=kNG#hxu6BpX?4-R)_l`MNI1})x0!Yf9Q1SXOWfP)Qy8&PY{D`8oBpO3MHEGvm;BXRe#v* zEq5u~PP``HTtPh{YrfV5wA)Ae+-?xt-r$B<6&fk@XT#bgi&-Ut+AA(HxQc{l?%T}- zwx(s;^}>qw6l&azcR zoipY%u{lv~DCl2dq?WzcRO@}1_2ZFpK9pE4*gm_5fz^;`mfoLVTT_H6#-9L)9lB9z`$hAAi47RoS(~ZbeoV3=E>5pPVg!azSV5x< zem?AQhGylSg0X+W7Y_~%qL)Z8gvV**ndhi}{fPe9`BgumLb+hhw#H{RcFP5FR61}o zNH56AUD)#eujKk*i|9`p5Z<)iWzoW6lg3|m%PYRgc50rlz4{nJKr6^%Ux zCpa6~UO;cC)X?;1ZX0Bs+435+Qfx9am^>a1VzrS|bY4!u07mzHaUlF#9EzTX8^^P{CU2=~dZ|#-4sO6{JzOtu8yyIrfPWW+4?=wUQ zK45(1udF|0?W%%Ue8%*_c0yrM*Ta(lO)@`cUJ9cod6aEu(30j_f*daWB!$GV8cKgm zRD+Gt?39sdp%rE15U+ZUV`xZ6+ovo_es47~m3HVR?OPi3_9D>0cBpDL(DQHN$-{Ny zXXu59bX!~RUpDsFHx;I<8yv?@`%ga0qO60>OLHNe&cyR#FU`fy|G@gbfB{> zM`%9ZNvkom}&lVb^J)UBY=sAgC) z=Dxh0I@ArPG6#e)0m+*Z6+LCx?PB;otc1+Q-wMVKD*|&pNjK zGS;_@obQUo!;l952s)zruwh>E5Ga`$Koe4*{MRVT2o2?i%C$ot;l>@#mm}$m47xz(_6dBuJJnqApQvx5ROCvF zhfjBY{SKP`1rAz%n-AWHcB?RJE7ZiCgJ@xz?zAuufx$LZx?vN0krU-+rZzcH*RrA$o(wr}4T6B)ufbr(^6nBdhnuyI-8 zs0r*K*Py}GCzPDOsS}};NT$LO>`Y-jE#cLL_YFNf0mVO~UWmqJ=_iCL;=C4!SVd?g~Jlm@#WIVx@L$4Z;HkL z7C)-@LNTC%M^EjB^V;N6k3&g8I~X3@(25}13CCR9rs!Jk>yS2X)jlp}Djt+R@PmHt zS?hv|5F9(6l~?t~I2|M}9-`nQ``481daf`{;$EFQE7=xJ-SwgtTq7Lds?r>WDF4j_ zln6+<3WcXmkczTv{j-bLbAqX`^oMC2vDPoKOyM==3t+QYO{oF{s7_Q%cwklOV?B~~ zfH@%bN4ff#A-_*w=>^99fORYbHqFQaZ$L-ot5!}W2EcbDl11D>pUOHS9s?vK0 zb-|In_OLyg88o>s?+SFBm*x=hHX0x5Z{{m=oUU90Yxj;w>N)=f^hm@9AhT*>*pWQtX*ANzzzD5`E_(Oz_1U^hESKj zyk9_n+dB_x(e8JB=8{(RC(rD!Jp3~(0hfA6pFrV>s0~sj0|yX=!_+M+dSJhc#_>$H zUp1;5NY|l(B!me@`~Io7d#J+V`o|?d5`X8N_{53BEHR9a!lEGJx8Wl)^@6e=T6!QT zFudt{rxQJq1UXkhkQTxhQp#8*X-31FbA@kphVR$m3_`qi{X)W3#vk-R&lsS=2de0a zvLYt?jH2{&;Aro`6Cfgb$75fu?tpv8&nFF7NulyCk6mJzn@2iE0-v%vPEaJx$X7wy z#Qs|9Dq-xrG^UV~{K8#{w?cV0bc8yCe-D9v&xU-pZIs>v)*2y!gMCYJ0RlTiNOWO4 zl+PCu_Qyx>)hC*##f1=DL>B^wz^D%x6VeAC&D2Ke!B6o#iJVv~NhJ6Ljr^L-)MvU- zA+SmnpU8qC4i4Gk|I4>j-=Cm*Mlluwj9s%34lCi7eFs%rz-NKJUD5hKRaWCh%MldA zzY`bzjRxllg>a$k)GEi{fxOft*G(;url1ZiE z)49k3ZuitXP%lqE+d}!F;Qh`Yj0bh<9Rs!WD-ncvLOxL4=WTXULo$kudeFG>SOFAs4qE}*5o%@&ixB^6v@$G6xx2qL1PYW*CK{IoI1D#dfsYoo)`2Iw zoF+@#v4YDBKK)ofw10XBK5&4hM&`WDWwNZHCbqSPgAmWL!3PQt;5WR_zEa9g)||ok zYj(Mvfr6sYepG#Zi3zVKl<;(I`Z}3@MiJAfkWNkuu8DVkS)#Isj~AwdtMfQ3jyU>j zzc0piIq9Nxp}Ct|>rrYTMdx1}J^=B)9pU2HO-gVu_8Qqu2L;wGe>nT;8Wq-mJVqFI z|F0T4s!)b3LVJNj#FBw>&ey*oN1$GJ{A$6~olmx|FcAxQeu7wb;+|g=J75yWz95d) z|7!vl-uZB~aS!w(7jvfQDiXHfMiWH+iLb#}{9UpZ+>Oe&&)V+|!0`kEXFESR6NB!< zb-dQ`9|l|okgd-X`3c7i+8^U2H1xli88)DktkF-?y9GPmq6@-PtVD)R0`*lABQhEq z>1o={&J<`unlN&Fkbcz#b2HMo1oNa?jL;}DY3ABmHDW92EK=Xotk>Y}x@$73#aSzOG79K)29`1H4JFZ37uMfpFt3Lu0Kx;OTXcNs6$)<**ycf%; z9gTg66yhEe2v9E0-#wLkjPc)YIQsnrwO`Dr_l4DS7^vNGF$UvHQCjClNm2RSz0ldX_pdG)L=BZ#oN$6HKbAI%ZZ!M#2DIxp zk#fyeTOxS+Ki+w}&*PLIFMjr$O0yp$2qT;Idy#goBt*x!!?~bHnv@91 zm&RR1M*zZ9cg@&V0d%!FE7m!BzJ&u#yX%8Ry0_st_b((j{AUP z&_nsC2zXN{xF&97O56nl)qW9j?l~INcahiA(ZCJOfnE>QCN#vmVqpPj?UQG)^Ed}A zYjUA>52$VZoDreAselV?u&=4B#02VY2E_(9FNIex2)I2@R+i%b_PA%S4*(LDq5OIR zuf4Pv2xZE5$@|OLj&Li1{Qq(F4}N+7?;kLn7ng0ofLzE&aB zd^*gO^YircCi>vJng>c6)<0V#+Hyjy9^DT^h4VgvExofQ)?Rqly{s<~%peFIOF#Kh z_&13q{|Y)b{4WM0v#l!(Yg)g4yFpIXu?%udU|#R%vtxfny}zC$5s6rf_61l3P9rNn zTS^6j>y&e_STv@lzGnMo$xOnEY?k_mNksOe|Jvt| zlxVeP2)L+si8!b}V?|VwW7DHnb8~{#Un9R0vxG`s9UwgXvU8h*>7OgeUXWYWg~Fl2 zzfrTyzq@xZhe>USbU-pe0mGvUKwOv{B5hIlq zYAg&u8b;ddsXqOvslqUl3Lsd<%LFjHiSdplT;AmrASvPn>`IX34JB5<7AZO-*Xi$V znHDFgG@blL!A{;aE&fs?<~+4%9;ez7#4{u*~A;ImW1B(96t}!F)LmoN(V@w%v0Smi@KGg8jFh18Vz0D*$ zXzeR6_n?MR*{{%JF$&-xOMkOPwM#Ne<`viPqscPce9m_tW(HTl5T)TSC9dPMnm@+Pvdy!NP`QbPHGL25&8G*KR-3s z7Vtj@!afIoc+~YE1Oj9p0{W0*ZllyJQUM#!HbQP&a<4z6#*2KW@FP_iKuf(9_(HmXB;ta-%VFlzsMJ3ltSRL|@3UQX4Kya4F&`%!cOiJSmo9*<~p9MFt0X zGmqp(;7X}48RQJ&{3JnVlV#o>v@TPsGktwhj7ITi71~(vE6g@xR6T8?@70c6?tHd) z1v-zNjN|j9=v?RrfcOd_)Jnn*Qu&%u*?k$ zy+38kLGeR<%yKx{)A~!MU*6cDZOXuQ!>HdJm0T%gU|zmfz&?Wt222GrpD(dZsQ{&% z``tvJgo#ex#=w>d%%Qk(o#!sOiX}ma?$n2w;0Jo2tyO^Ne!Y)Pws5llB}qq4eHGzT>CQa9rUAD z3bGUZC5Cx`ND*58N_yE=4ck7Toh6q#K?P5xA9)# zM~=G&BmxxvH};R;!E5mq>ajlpIAlTLpkS7-h~U+UfOzR7Y!|){ES`_hwYe2uCU*Q^ z(;}0x*q=qieYPa80qn1d?-Ep(2fUs*FV{_dyp(cn7oPI8Q_%MmVMPXFvR-SICIv`6*~S=G1d$ETxj?4s&Xt|L=UXh~yn;IWoiLGf`afYZMgD$mS818XPW;=a;R`7U5>aS`oA4hl3__ zWVQ#*_#?Z~uhFRc!of$2O4;YaDij;Pn~#6Xnlq*-{7Iujr?D^Gi4eyEV^!kj%j@Iq zJ5m}7l3Xp@jGZr|4QO;otmjKcMGscB3p*=-CZ&fh!Bi`P~y7C7wLA-;-6Swx_cS=XFOxW~)|{L6E3|8TivK3>)8%zMvsw{*7793VLmRd$;a%j=0tED9Si(og3$o|*c3H0wqhv%u6z@$3H zVB&CV*_W8>F#Rb}{OOrL)Wl2xV(IDfdw!}(u)y%z*IEIo9wwNZ1||RGXQGYycB#XB z12fjN$=q=>b_x@AD-L-p3O=zktju<{!x8Bead7z373a`;A;h zEN7LUS%zG$S5$Q5(z?%5gL5DW^qityp^lrgnzH8L%gZ6${g;8`4}M8-7^(R0f`; zw-+sVf)<@-I*{NB?)}NS#6)*`*l1K=)%>#gkY>%ST*{IM^p=0ZUGYG34F^Xj!~B5T zgU;-c{9D}Blfa+Gy+U_yRY|R2g{r~{7&!RIz2R^x!yzKH{fEkYn7RK*wk&q0wt(Eu}SfFZN2;bhaA#b z%IKXub1Oy@tt%|z!5aVu8&IH9S8Lnj_|@}CVLz7xFPGj2hnoKi9+!-Kx=}r|FqXwzT z1HtR|+I$LuFE1h{QSSO#mM}{nplZ@APsIH`Q+)dKZ9pXD7>Q1zwZ{4X0Q*&n^@7gG z<`u5xag#{e4=MwHTlngA?L@p;7j506o$cOTX($J~V#|}aH9#q14J+FwtsC2V@1UJ| zX?xO3VB?B@QX${Boe$;TA+RHW#OKVw64>^!!rO)o@z=luIxeQ}Zb z-S0S2F*&I$5YL+LE{kv?qHsf=}+*-~WqJcECFxH1ZAWh0ivB-Lp4w#i(SdOHaiJ9MbqJ1~LnHnhSXbK}BDI%d)!x955Dh@_Q_2HzH zVKWXkmGbu`M&re4xJ}>nM!Nc$(%K(GkT7-?@f z@!JE?AUTZl=rFbH;v(k8{v!8T*c04soZ7Dhg+tWdX^ zxURL@zrv%{%i>u5gV>y4_BY!&81n)M_A^0oLULc6wsa=KF?^HPw=SmxB?1}@-e}G| zNEkrf#B}HF?cr>*>-lu+*%EMgZTK_yoNZ_R>GWK3#4T!U#wV&x%R$K};jMFldLa>(ysOQbO(nmFI_EE4I`BUgw=AS6OTzm^4v zV5?wY1y-kdd?5H${;kW3lp1kUMCEi}4PoDZf)w48MvfEW`us}t^63uo%RQp{yIT#( z{B$C`cd=0P^_{xg*Clxidk33*HLxldqv;9Z7r(pVsoQVC%Fo)h@3{-lM~T-Sja1xefOJWtS*&d5PF^oCXb=uaWn}%m6*<=jjPc zvSVCEC9f&jZYC~F8>Sf%j*&#|C&*VNAA7S%VXA0yguA+d%}w{rRmr@)wCB zlXoSZ9jK(Nak0t-L7=@qPAuyywE|&PB{sHMM2w!RgMXNnp$N2Z+xN&RVVPZlatLxScc^RmZjsUK|ggGZMB|WN!eNF1PuJ?<8S$MPF zHYrVs+47aH#o>hEFYDq^rSV+S6eFwt?1ml1eQn}MVWIp)s^Be0AF_lo4*Zi8ba-T# zznT@DXq2Y7fpl0Ku@vuuD1&^xUd{&vSNQ9eY;}=!RHdutSb1?Ouuzm#aq2XY4@F+& zu4G|kIs08~QqJ_!0ii6FUpaiKgtUYo-lo7+beYB1$k2#}PiBc>T~6h#*>Z`c%(Sm$ ztaDj&1${Q+GyJU;A5@TIpk~&mL^7yzlUBbPMk;8ZqNo5smx~NY^IiZB=S|;)2o*J> zmhuMFk^MO)EeIVx;wHbVAPHIfv!sM0tiBom^sx*qo>1)rBl>8Q& z{GN(fGg|pHkzB~QICOX)7?59?+->IOa$;m5D0;4?<57QFdZ)wGH*aVLzu~QvEF55B zvViT4MbgvlIn4SoWFe9mY{Vl0BFg_s3=_dApCd$ISJEYyvY+&xLWH6mU7ej-BaxP` z#F@#&fuD}^SjW0t3N*^kw4)hxPk%`b(L z(J62!{;w5@(om`I#_18rwja&RwSnspj&alFXyUg)>!$zorssN*G_K=ydj|0Ong)>p z_Tyg|O5VL|9)iC&vbSfi(*8y_qzc%rrClef&X9_{mhUQaZOdla^~bX1ngR; z+1L?-?PT~CBY<0QP(am~6_Y5i3%e8ex&+- zkAi8R*G|;^jX709w#%(=pid)J-41^NS$vZjKY%L+q7%N`RRk4py8Yvm_d#6kK{F*y z{PAnwX(V3sbZf1UqffI_nUWWTftoCqAK#NRUf2>3%;eV6VVH9_uM6GpDe1CAI)u`n zY&YG@xe^Cd)*t~IIVccV@>J~;NcWj?2oqTZNbyQpGY8EN@xbV_yOjlYl?!CC>M?i@0;p}$G@m1lvv#)kNH|Y^ z*|}MKwS4a7UenI35 zkT}rtAzx3BLg@VOW<+Zam(! zX-A1_QH&;~!AR<@EtTMEF8y)f&M-j)Al*wQo5>0g)AcLJW%7$P^*B?>jhxhj5pI^{#IZk-4_?(}11o6tA*tkDT0%12-*amSK+y}R38Z>#bJP>^#arzD{Qyy?IwKDIAaPL47{?y6u3gZc$P;#m%XvLE zuQhUm&A819DqPgWH@yuH%UKq|}d(L55ZEd$;57nI@nlHHIO02YJCcGWY$Se7q>eQ!HUvQ z>Vk(-X(nGxdk}-l`2NI2hZO?FQxEs4;j$Bo=pRmoBE(&SA8)Z$$$9?9Gt>B1lsG#Igo%AH z_R@6Ns4TH-6?(ho#85J6hCQnN*eF8%{qu<1ogi^1oMBj zx1j5B7+SW-2t)AnB}7Jgli^B6d#F^}CTnea%zQQ4Zn24C zs3I)$(eAFUX8tF~fuV!qTV~nb^fkabPBcz(sNfydHH-KFUw_8-&Hf=q;SS-QVzh|7 zSRUXKBJ?29{G@3n>hrzzr;w-n?zMaSv)?ukLgM>CI0J;XJ40W>_coySGE>CvUq7J5 zcs2#6k&Ow6&|NezEdZjdfL(DiOT`gfFr8t{sezBza6m9UR(EFC569j{9Ld%3lQ)yb zKDCgD#Ng?R;ASUw|MA-yNk_w*ugP4xl=$vx-uTVRAdy;j(oce^>6D*2cbG|?@RAl- z=LQIvF1>DOMy`rr2V;+}6d@OJ7i3-leHk-u_KS>qmt+hdm}jCDfVDE^AdU_Q%krhH zOK_q5Mj1j%##TbuS(cnJ-_ErK3{J^}Zq-c0=d;J-LM8EpUb3L$XMiW6%H3AyYJ%Tn z9dSQELlTt=5|*e(e)|hC7%z7l)Lv03pHzy$tj4N}-9P(@jGc*W-*7WFzsVJUC9SzD zLI@i%0Q6k`Eb!Z=SifrgR?APc9d0C3n(azP$M1q{gW}@p@PACw!ME+(pou?OcC&;? z{Y?fhz3v{|DHk-jic&C+wrbaYT}nB6Q_ZcDot5*NSBS<-gVXCaKOY|tIciXWL+SbH zsXwPQv(LKkr{XKzhbvRVm+6k?z7cg|Xn8|lof1qU=?z1SE1J#=0<|A3l=ZuJMAQK#ws2SzS*7!%mgmFK*&sUFEe(qnf|gpl!~aF5~*ElBH> zr{v(tp%qiJ_7##}NgGwL(7{BJsyj}4KqJWt1sT>O%s%}d4i-Ts%{ZzisQ%nRBq;hRbt_*@$amDaeQv|+OEl+{pC`h#8(G;|#bq-5D$ zk5M1&gP!DldbrNzu^x4wWSWk6k*rNmkmz+v>4ULOE~W@ImSW6&cjU&X;6 zmr@}qO}wxaE=(u2HVnUeW(}&`!qiGnWv0dF^>Ft-E|duOgc85Ya*XNbK!5pq4ZqjQ zb$Ra5-BaHfi^nGwL}Hlbo_fQ+hYpOQzv+|yRZ&@+^Vt5Y%1fZ{@ai7wt4$q-kchP< z$Nu`kwjLS#a$VX2BBk(-G)~tRW1Cwawc~X-?IZvHVGy*84MIj zKoVg-v;IQP+DMTp5qt+RB%!y1krBZQ@u7SKjqR)w=Zn3-df zSGd>xjOad5L#bm{Dr2b_+ZD*DcSwc4sEY@0Y82Zz2p&GyjI+_E%FvilU=(8xDjNA) zuH7SEAj$zRoV*pkkp4XvZv5+GMHR^onjEsjqvJA-0d9X#d-5?Yzkn{R z)yR}tbij~wkIV-@GM&)fcZY^Ab(8aVn-=T0|D!le|L{hym;H`v|@qKB_(Se{ER zTvhf44vLZq9EANVEY`_Hid_~D=x^6wU%z+7BCf^8eQ3g}ksBGkGJ;n!dN((8%=W8BM`BCY78_M-!lymdSS0H{ywwyDGs!#u#t!8ZCN@O}gl%$m3YQ9-|nd5 zVO2?NqA`}FMVn)tCR@d^tVT0f@8Yqo_%o0=89}kxtq@Y3B!QpcKnX{GxdF1Gk#l!S ztyKiwh+Y;95A99ObEIl0kkA8an+@a4;%Hykf&fRV% zf?6Wr@o{z3C|SWG)H^OKpr3Xkzp)ddv%MkAF#AtM>d~|7?R}}1%ts?vZ?{W1i$j%$ zEn*Fj-bEtBh2W6~5gOMCAEOcIw+7yHGZONC0t8J#S9(eR3Sel!4G^at@8x=8(~c^? zyYxJKvFsCivb#I_f^RL%y)&9L%}$bhd~x}}{MR%$s>7viTe*&X9$c?t@zwlvXv1}gh6#!KdSDY`JjtnR zCH#1^z**7T$K9p8L8lEC?O8M=V-06SNFmANHua z$?GLVQ|pCwRU|j#sRZvAj*@S3o+9F+0x>OF=oCs{^IJ~lkCqMlf|@T&-bdt_`?X+P zM3uL1TpcVyN}<*?5vx?udtUg=+7OAro>0aF`2vuQ{P|W_+3u($SCjzmtw|fYEas#r zV{V!!&j}kEIz}|Q36GBj#EK<}9Fjy&pkl%O0ClP0hyG?`*t-ygSKrv+@zFt*Ob|&8 z;XR831$UWq$NeX{v8+%Sy8!e?*_Ruo#00tnicPN1+x&5VMb8BHm3r9)97xF2JG(9| zoR>p^Dqa^B@T$|l{t#Rn-*QiQm7Lz{50tQH`BPOq*prR6kEIg#srN_@i^Eh1BR}l4MOTM(UPFlq6^V=fI<{apY&u}e za#kL3k;l2bt+z+iCxE9=X;0U!%viam+}Psv@kQ&-`C7AtQ7heH-ZreD6ra*rOABo0 z>f5`HbwYE&LgAxsr==Z^K+<_>vm907F3}!p7E3xs+STJNzC_NKQndof9ZN8+{Bfs^ z<#NsMFS5Yx_=53w-i9wr?-5Y14XuC8b#&*VYS_E@cuAzpLQaP|rghUVW;wCh3wbj9 z27LJhv)#KvmGgT_Z%_;|B$dp)mCJ2ocxDCM0F0mh{Y9TgFNuuEWr|Kqz&D zEDs!ooT|h!4V4_N03L?3)ZJHKzdP>J{A~mq{Zw?TXL!b(qz74`3pnb9%iZ9PUJwGt zlTlRG+v!~Vjh0<>QT-O%hHEtxCwkn2O6b9mfi%tf?R*OdncCO7v%hfPmef?+i4(oG z&BsxRW8x5^`^6p4cg0O+N?V02%%fWudgjFonkvtIJKzs(4>O0IUY$wm5*E!GI}WlJ zaYJ0JawTXM_Rfil1*bw|DldyKw@W=MQ_ z(9p%<27h%xOX-=-^|Bzj4leu19?iO%=TJlsvQW2#HOPb7ke~ATuG9K-n3X95k0r?KV_)kn9=)vWy*eKo&1OLrJlD%=aZbBXW}qUuZo1 zPge7{Y+bBvsAEs7whCW29Z(Vr%JT1!bAqN=@3x)H~&!{N&gx`d-c zU-n}~BR>5AJEFgiW!R1ITGNKdqp6U^D2bxD0BdtsESN=y($mpagL%J4A}U-2APV^i zM#-8H@KDzZ8PuHCjmkk@n%2oF)qMj(Bl*EI!QHR-UL~G}M*HynkM1E2TEgzk4-rJO zk|{E9={YN&D?5`U3dpiK6%sFkES0??SaI*(7f?I)P-eROVI6Ln?ai3!$v}(t zhuS?(tARuBhDc**;2oaaQ-CbyA<+j|7iCP?2i1r~T`n7K2U;C4JEHeWydUaZK^|nG zBssfC#FKeABeAF-tsGWMK54Am^{${}X?^q!F9j1Q1J35t*^RNtJ5H6>`M8LYpeb{+ zt6HHmY#SRo^s)jbXMMXDISW_R6}Eg)qx^yWHJ3yEE{eF9Wqv1)E6K#2I1U6(Ul+Cy zoYYH32~TZ&Kc(jBms0P)G`h|90`nTOB_hVl)|_x}gB+Y56En){a^fEf$vuinY@#kh3?$HW&3J&jlcRBCb$zYBap@nYS>in^=kmbt9JLa zekib+odf~rCIc~mUWcX2mVl=XkU{!Ol&!Gjpi%pL_m-jU+4=;^I7C?Y#S54Zf;c9` zFGs?Ufz$c&EgL&ydrTy$V#*dOtEFfiQ~20DC1cT6 zZP@H=^)8ibrb-&8J*4$CwYvP`zU~zT4Nl~)61xolYM9{uOWWjRi~VP zCj#?ta0@5Y(8K8(*T~?)H1M;z$*`&lxkEsG0+$0~$@xCec6aQ+U15dNg~{O-&Upk} z{+Jh+Bf?^&#a{ry=-B7=u*VdK72;=LEPzK!ZW(*~g}NfyTsLG8Y2{**(s^^f@>~e@ z96}i1eA=1vfPTz4eQ7^T^t`4~WGV8wff4aF!97#i0hE;QRUllN}F!N$p8K3lXPu?hiq z!hHzJ)o(6NeqY@%5-Z`#FU*0gYz%WKxt?x46PZ;1-66EVaw-=L&X2J@AE(wC>8F159vRB}gx!}S>y;8}-SswY!W?5sz!P}Sz7jDQew!+Rbxp0)tZqs-7%B819 z9>mpLFo>i=$04`b??Se#8Im=O8FvUGD7MS28A3~oB_tx?A*koDPKU}|B7X*rSbgFg z>kGZDh};v++??L6T#~TxJ!(4jz)46MUHB#zc6|g@XwbG(9+mAp3_5#unCG4NHiq`T zS)nx1C{@5{S1EwA!5Za3R)rOXbIM)Ro6R(*VtZn*Kl!Pc`SX~n8s+#iK)OWsM3e56 zb_5<*IMx)1#;{AM)P_$H&qozcme)#Ny9UFdV&6Sp^z}jZ#a*j!$^TPnehu+o{8UG< zE($zSSIPKi%n+f>Hh4{g*vFbw#%_2i8eA<1RQzu5qbP=+{WtpON*!waZlDumVfGhW ziT_HX{7{_bDJ5?owyhL?z$hD5#;4I2e098MkpuBf>y{EWO&ba^_$?NxlY@cOeKtEQ zNUk}Ymo<4%2n$@Cy~`ujaN;gpMFc*efPi{Zq4yM{xc zt^#9NX|5-MCYsBp6KKP_UD>eub8ZKW@!F?8)m3l*dZK6F5aIZ;+%-`r{bb)!bMX3v z4DI+s96iI*{*Ol`f#-B=Z|a^n1FbUPT0;c!_ih0p6FnfkJLQ(8hUX4xKPE;B1Yp{3 ziJ1}zelN_%R%huz)I85$uLhVL;9y9N%*ddT{0JJtq?PdJV7xx&2IPuoe%wX}(eEuA z7ma`AP@b{btIJ1O0eV-OTEE9P=IX6UkO|>YbL|lfwBR`0T_DUDyanlP>VVmxoHGWYOV+ zZ(&a%vZulBLSYBCBz2gp!q3oS4o~nwP~%PE8~Jm+gCJEuccj*crRTFwL?6ilb_)oI z0(g+G6!A$3H}#C+9tdQ!O$e6`T1-+)Or_@ek`4wD;R7>jzNortEOrJd)JtE=xNW!^%ECg2;#;%1I=CgyT>+4>1L~?1=Q4*^ zX;Zq<#Y+6FHG-s}37gOTj79el4LQOwcwKJxVlLGuUHIN%?BUO89>YVpbrKz-WB*XE zql;jg=cA9+BLb+yJ6{mWyg}goTR%Yvg?gMEBZ__Vj%iQn$$**Rc%QqMKy)8fnf&KZ zN)^QNC6KsFrv*+Glka;$=!wih1ashNTF)aX2yUSllG9f_56cK$e~p$N;v@TS)r0UY zK|P?w^o1qc3u!$18n53h9t5AWzc3S)qCs+3G-uer;;EeQNKF)UdTxUIK$1RIwPmaK z2?)gLF4&*_;bjYrk;xkyWUmp=HYtwVT{mq>vVML8gZsoBvl2uy51W#KgFEp#4;ir( zJ$5@W91UI9BZ+$=tiAqOCyt}w*Sx*79WmpNwNzS-#ghqjyWW4m?=FNn#1XVaan^daP|5Q}W&M;4DrO%VnIXs%#i{S=s4# z?$4DqD482`VebK_wk|o;NB3b|lkH;36qmtQD+ekt6(Ct<<}!)Nlo*DB61W_N*dT7` zv;fZ{=JEpWclk>D4=1jXn+HUT7*iOhn4b?5 zUl>?DoHbl8*VQ?D>bM0t3ZrC(C*lQ33>$y2Q7%OG%Tf^qaAD=Jpr*K>ND&GU~SCuf@-l+mZE4`N2<9 z*;L7LbqK;yaG#yTHz#TCM8adCc{zeHjs6iEqU$@Ov;DHGGYA7xEynl=u`TezXgnD*y&0E0|Cyssv5E1l6)VyKt#$>g|4_AF*I81F_ zPoG}e@xpggdhoF00{@khkhw#us&a7UCFT#CExk5%H&p~2Cr3Z+moyw5W6{r`Al(+6 zR}Fh1-0k_Ydj0*>pc@DvM6N+4KdIH_q0tlE;iD zkCT|U&%%VP8Nvvi>ln2NKz{1Ot4X9-vTk*G#Eb5>?_2RzK#OkYjM@kFyjfQ|#CuE| z>AjV)HifV(9hJhD12@T@{MsQK6}Uz6IX?p`vc7Qmez0Y+Ld7m=aOUU@<8aV{mE{^b zcZOulv=fC~!fFgSK$Fh^J!7@1Hyi2KQAGsXiDH2i{bxh4V`-O{&)XLPqwFM&rwe7d zi2iIBHblEv%?nT}4-Rj=P4IiASV!0K8tS0ySXMn#s*rr4Lz)%I+mc}*J&(X=||D5ydEHKW~ zYL4gA-R9+1Ex+X_QnYBwzgXn-4h1?W+KI>&pW^lWGOJIa5p||$ewt%1>YG|(> zwP8R13TD|KqQil71qX%TRz_z>(dbGcK ztMX&ml&R!!2`J?54C)M6dp=*n!9NmwMrKUJ_QXB;^UeMRtiT($QIDf% zB!ZbM#Fk*fdL5?~ptxz5^aRZ>Zvyia)sttKy{@zn)03KM_3G|O_#0{Bu@P_@j!J?X z6w#=^7zDziceNA>7mlCO&*D#aR5$$-WB}Zh-%PgSS4Uh&Zl5Agd7n5w2Ay|c{b>~fn~A10S&0gp zoKpor^WGu2;k+@6|4P<3vPdM`OtxucB5~`^Jje^tfbRzkz>dMcu@7iael3Tl@azP= zh9IPQwMWA8)pfUCW4@9o1?@P+QRafhjTc!Udd$&Y$;<;Y@sO#7L4f@&w4BL|Q_d%qMB`$|B=B@ulOBPR;JvZP67!6x#9)$}POV6c`9h|8aBy(_8_Gh>AbK@sMAYqPTQ;|IW{`+vXt?F;$dzEHWsl|jKl zyW76%bBX|xR2~YsNPspo@uWg}-Sw zTVeO#*8%zj5%f~Y6p~L0r?K82uICP@J&kLEA&9w9-)55>im%uAc7lF2eIGom&^*d8 zM&yf7IrZ)BOw za(kzZMvZQkDakhIV)+x8EESBEbjBdrQ>jBL--XJHqGbG|9TTX>c>i_k|M!clumf~$ zhnSJF>31DnzdC*&=dHMF_#qiWKXHw1#SYNP+1F3W)}&ix@;93T@uqz9^qT)hL;Y~5)`5IZQlwPL z7@Rt>q3GZH|2q|$Xr&4%JtR^|+?;)zRYJ;si=JpNkJq|%%vBV!Hs3N=-VZA7eHe5I zQ|y6Gq7iA|cf4lzYZEbs-n`$qKpAInDP9gla>i}`qtkyIt=~Tu0zXB|;1}Rc6Kk*B z5)IQ?mN;keu3`)w<&VXe3|}pWMI;BmuC^sC4`SCW-%c;WW#2J)yqw>SOKwI=Vk!*s zvQ3(^^m6csg5aowmPQL$3G;8^$P=0G;3faRJ8TCV;9qO^2OtyP@a)EL45kw|zOtoG zvSZ14!d&Ra4RvlPfTSIgJ`VAUw>Ebv{Ewhr4XLq@J?E0jJ!(D;^XMv71T{Qw<0kif z$@QtR%4*n&$;J&5M_r(jv+A^b2l>*;iq4)!$9Y3+eE28vOX!U>N;r0$-J}asD?v>NZN{c zp+yM!UZ#$ljph*FL9UD-6q0PpPL_71yvM#3ZD z);zcIKJm*?))POM&<#nvlANOvmTA*{xCZD4k>h!tqBtH71fpP*`7ieC-ZagV^r;PI zRLy;+K}PN*{(yQE7{|p&KqQ_{WE)) zwF(?m6fY+ao9N_g0BM}zYpDDb1(3!YosmJ~#NcwlOwPwj&o0z&ph&rqtbrs4eCSTT zX07pqB8ZjiT&`1<@dIDOo_nc~1=8qV`q5v}XhgmuxGTOTO}w$6lZ=Bc_inMuN$Big z-^3|zR@VP=101@Qdwqk&uP&R~SNl=c)F_orj0FQWyjA^&r0*|~90LH&83Qj(bTjsX!0tH9bf&z`sXw;1P98ms6UhMy&>YL;1?3%6{TPHS8Y&5oQG)7}Lwr$&L zlQy<(J53rlww>?X==NaOpP($(9}#WCF#0D-#C&bP|gwD^!-{IapMhUXVulg#`QDb z%n@}RkaK;WkF9PGf&=lCG99O4rWphjM$%GrHeXGT4JQ_l?uA;y{oWiF1{_X*LoBGq z2}bM!zLngJM8+`J+hb23ulem-=)S*t#)vTMxhR-qaov%j4jhRkF?*e7HC*ga!oVr7 zs)!AY_~8`gE zs#Xgg)LY1~G184M!|06G`}~3plWIz}s2QsK)7EwLqo|d|uevhBe6^fP*JnQ`yir>W zf>S8bW_;r?q<{E4z!a(R`_7ut#igaE_LBUm4_nX%dKP)6#^w~c*>OG|dQ~~(-RGUo zyT#MG!=>xd?`|DJAhzP@U0~I%;YhDGl3_KGerY*YRu`~(*da_y5gZn*|Hjwd2N66i zO|%}?jZTs*1Rn6=(9zS8;C|gJ0VrGh`L^=(IoC+K|kqeQm2G5qZ~gQP`>_v>Z338R*{ zB{_dMW-!Wb$X;=hoNlAa0A8$)rL$OGzEXo zNm5TROok2Al?9;jz!_Tb1PzQOpRsK^0`Em5>}iF zKv&0s*4XDw2v!MPKunutf?_LW-l*Qk3GJW>j1zflJQ0i``pUZT_(e3-SXpZG`!^2} zzEf_ELxh>5gW8@f{CkL!=}y$F;Pq^#HAij&hN=J;ULR!0hw&e2a0&4#nG})l4*N9% zA`yH5o+nd-s=d#grDVeK zYpDSZ6v4%x#wAE=uV%=Xrz3|N3BcilD0l;>Ktcx;8)ekg5Z&<;ED+vLm(QBEe<N;WNZfYJMVMr%^@}~-;Le~fCAuN_Upo@;0h}Vzq5yjW z!%A_^Qi*uftSR7Ez^8;mTb|4-zwUt-M={9H*qT9e=jn2eTo|HEr8LrtjmF8cjX0?y z;F03<7hHX`sgpZ8o((0jj^CkOPMQdB!V;C?&ET7oJ|YaECvIPU({4$*+2a;G-=k#E$`J=ysvzPNtiZRfQ~@AJp~eU#bT=vL4HQV? zJQo!7K(d9``RIn{eXaR^2e)ENjXFe@`n5X5RMqgc(nQF_?Ergg3@6q7J%%nBAL;5{ z8>4ggk&ImU`PQqdXLNtg6y(N1ggegwVPWzy?E~Tf+-UlsYb# zd%rEav#AeGdSj$$dHTRvz7+#QM*o6j>NP)XpNMYpA?1d8bXzs!!#{fz9r7W99Occ{ z-r}$udt&Ia#13wr-umr7RTaibzP^HRz+_wK;8D59pBXik+h$tn55_~_Agn=M2VyPy>~ z?=cEnEOC)TpbFO`zlGtCs!}3}8dei?ltf3UR3Wc%=Z6xzbh%(WeKo&H>`8NLR515=mI39;U zqNQ^5Q2H#CSWr_8=;C#|2~OVJE@9!K7-*-+n%zrbTHoIGiu%2!8Ie&>2u&550H*SE zPLr^Qkn)Ab2vZi9#z!11#u_(Dxsk0w`KwO;3^obF$kAA-=2F%x;|1SSwm+$kRS_zq zix2M0wS~v39--Y8;~2 z7a0(^OGaFQT|z>Ilxp-qC_gT9#}_IL9m|$@TTr8S1c~F3K43>Oh9ots9JK)k5vjpD z$po~`zu*J}QUrfKDCSFBJo1UbIlF(%<1Z3ev(M^W?9P^Chv6b$!|S14sO<E7$jM4GY0E<0(u6nhN~WG`(h zxVSL7t5O&%{6wKb8++8uhh0;PeyT`xnt7c2zUoz9caC$e5EWAm#x zAlJcgl}vJ$QSALz?s;LypW|}QlTz0y^1}5EFIRtTcT4D5t0&wf+QNoODI*!j zWv@GMP)AIIYqVPOZuF_+XxnGilItQKNBVNH5-`-6*WwFHN%2Y?k#Jxt$V976kldqK^J8ZZa7n@#r{7Ly_ zF&`o*Mg>-5M(}-K*V-JA`_7$lAU`g(W5G{n^AU(6<{7qvm5SL5!<$^Qx6AEG$kyuv5Le1qrb^r6Oq6gs9;ahO zC5Gr=qhj{T@q7dFM6_!#r28o1O{B3gVtozuv==ccvBKBship4~CPGL@mtoi*r{wQU zQ63aY2uG}U5)B4G=T^KC4Aafv!8mz+DxX5QyUP@3^M_;#X+}!j&S|%|l!n_TXzlWR zNo*BJ=9jdc&t+dq@qEFFkwsw7BuNu_g=XCr(Pyf)%i_0?v-o1tpj0SEiL&mRVc%I1 zaMb(!5AgWIiQ$9MBxiFm3>q*O0N{XirRb@HuPGhUXlv=7F@#t{{4hf&XTxv@uGIE)ChHgB} zl>j!0*2Ovzy zVM>fiVV>({vAi zd_D)#Vo0zdz_7jAr zj&x)Bi#dYK7Y+h#YUS`JSuV|O7H=cz5xmrX{xK06GM(>!B{K5IM&${Gh9BN8?_A|F z7f7DM<{Rh3BGnPv%p-VC*)8`G&d)Czz)aGE)9=*rTv`!g8d1Us71mLb z`#!-=T0WOuoK=rvkzmo$;}J}J`m8X^E=!Tk9WWvemq$&eETk+Y_9TS7lZ=KeF#saV z6o9gOIfhJP;`C#5Rf_9%`J?f+(c>fM`um#Hed z?(;2*^vpass>`%a3#OM4VF{xUQ}T4LNWRPlS`?BF$cGWtsu7(#oeiG}71(iw<#USl zo_{b+jwBFP$uF2^o+7#YDAS>HFsaZLfu2dIc2ZDW0#ZGrf)zI46X;H`;XN3KvxL4?+~;v2u!B{y%c#mb0lwKH zP48tJ2%|jAA)bZ>^Mm(=IHmDCmi@;r&Iqclc9}RDcqM1K*;$N& zk<*Rp>6yBCjz7b`O$qjMe?Rbw57ck?=HYvu#22^diLrRUQQezHmUAY0?*rG72r5vX z_k0VbztET<{s^l};zEv#`KRPb?-rvZ>5x(IMtk9zbd&OFmJSt-FWRShE&TDzl3>nz zjP3x_`9sWWDK#E^MRBp_{A7&<8fofRMZXDP-B#AU0RlwHYbufxTxs6h*1jEXb)D=8 zS*PpNg2U^mN07o%tA!bw_r0JUjuX7ir?{H$99)A(vTpi}gDT2px_B`it$2Aku~2w1 zeUDdqnvsuz^FtN_r0~DBdCbc_-STW%>`^>*sZE~@CD89@AF2abYtR(0zVJEYcPL*( zRrZYHP54@wa37uVN!`G|^K&xa5B$mnS?@#p!X}w&9Px zyb#Jbe2sV-Mt^IO%VY$lZ`7&ByTv}kzOOh}cq%$5m<#O6J;D5lib##jRD_*jgvwW) z^PAr63;S8(k~x&jCG68jEPO}DyB}{4N9KgKiz;gfCpp-IAkgVRZ$F|fWr2&#?Ybnp z`=|DtupNv%jT^!^zB6_C-lIyshEZQ{U^@s9W;TVli)utE2M;1~tXK=X;_+Rr=s+eN zJ(=ZyMm(gs6d*-Ch`HK8+JwK6n-Md?=v@jiX?E6@$u(5Z1E&zep30=%dnMhYh>{vt zs)e`;jTw|$hkGBS&g-zZ5;1H@CNRgogGKE|4|W0`QGi}o`rCxZk^{d%P$fF16%ByfH7yA@rC*A>=fKeaX#KNT`B!MV5?Rm;o=2sHHxfe- z?u4v3xFvPfy5Ul&v0#Lpwpp}cbbPBozsL6tQd)B^yCbj5kALb*Epj1|h~8h)^xVt| z$%y>>7i|aclolL}!yE(>J@q(uJ4(TcBP;oC30l1ow$r?5Ctr)CC_nNn2~!BdE&W;D z--MmyGh{Llxm9~Ru>3Uwx$ImHS_)s|?B7m%!g9D5rmuqCZtcxO- zTJ%t_6$4PL|K<)*!E0!Yo{wC&{pm~8r40LT=ufqk&{PF33MXN431zZ#8i8Q@hDSAR z4$TsDk;d4bfL|<}b~I#t7sk81!*L`3!s1^=^H-oy1mSSSZtvxm9+yC7bRtCXsF~h9 zij-6y#NDLT^7ZzDj~#xR3b>QKxAF!sg^&ls`He%Jyu8@;t8cx<;Y)`a1K`3Xe zAY}5k4rMuxja{B&J3scsf6U-WN-_WlF-T_|E<~|4z%zu;{ccJZxHeb z8H@O>5wg^a!OzeU;;`qvei)A8xE?L*?;QQrmy{|aWUP4juG874CIRqAB!aC{rjNdzqU`x7R`Z+hq- z5|>8B@|^$~O~C+>Z&I*yt^R{*DSD6Cq!(gfq;FF}WLk|)7^9?>BFlC|#xynukAr^- zg1?xY0(fyua!7w-A}$kwVqx&MhofAgFf4L;5JAegu~N5Pd4N}1UlbN?tdZeuZ<{7^S@!8<{{WSu=9_-_G12S3s$_@ zT#{NIN8&O2MHv%-4}nMNb6~?m(Vw_(IAD!gL&2|bWc{<8Q`m0B$55UDGmu`O0nuVy zRr6RH!(3K;S)b3-XPA12Xyq}9DLiCUVO;-1>aJzHvU3qvDO-O;!&4U%t9W1q~`RombuHH8w!)Ae}r;u?yo@+gXPqs4?+F75&17c`U~LE6aBl0 z39p8%%iXa{>EG;GpsCwVlD6L%7Kn{t*EcQ4O^5Yl)=N;+_%QiZh>^AI;g_s=yU^>7 z86?lAk@7kFO%g*OMCfOr4#k(ESY&o>kL>svMya(f)TKrYpzI`hv)7*>EGkx!F)}sl zZ=NC6`%X{pPTf{Ay;sYc_@bq$UPNSw9E@5>Ic*G*2hm7lMPE;TDs9A{5B-10`^%7l z;@uJ8MIEkX)Ql#hF2)S#f{3nhu}`m~k8^gI)}!T|=?#lE7-6$zv<1#NNY9RlGr~1Y zCO;XBf34vMN)mrR9BnRzmJ^s!yF_lb`4KPhTibEn;eCate88QSCk`N`bjPbb4)+-U z$(y&h5cb+Lnf-! z#9JFTRJNCxRcXj+0YZLe4EnHA(RcD|KZakbsQJ1~AT4{LSSje}}*p@`hO{Lr0Sa+yDB`k&12 z4;LK$0cf%OqzO#97vd~|M9|4o?%mmS%tTDZYB=@!4Sg%QahID`d1X6>1Q1ez9Pz1d zbju41vR?-dDn(3nh*WIdR21`X^M$Ov) z!O6b^I5_P?RLRBFejD50k^DCu`n#QiS^%j-yQu;y}GWD zC7SOy2?QR|_OHdOGXd82!J1r86(E#9x6$+WFH)B8#z_PFi}|>RR+f@GY~IG* zd*se8C<@8EnNGWVGGwpa*gB45Y20w9RSMR{}b2Ax(+uTG7N`Ju1iZQSvew~g&YekNVyyUNxXU4cTU zojLQ~6YD(Hv&-!T!}IS%GcMk<%OK;gFRxst{Ld1FDTNBjO@2;@rj{?@<~!fMKL!IL zLUSA0w((j!Zz4B>fR?onx()YBn+KKHtB=>6klG!eY|It9#9@I?N-fW6*c8cP0WTZD z6y3&_A|L4lG5#l42=%;F1u7789zalhX7q1P1~|SPJm-b*ADEI(p)!Dw>3~Izp<)-= zaqaX(LUB%U;G;+Nm(eqHQ*7NE)0(OdUzBXY0{7tlShSb2nF9%j#bt$=qv#<0ut_Pc+bmoNWj%=o2; zao5mkaOIv!r_*qoTFbHDjENdzBeGw(HYj)tN~}6ye`m2D&k5~hBf6th4Z;1^A-dEP zoR;`<22`rwecr6+EP^@mtIl!X(No790z!uEyWH&*Sov<^tZe?$Lb?h8*Jp_+fxeV)HHPe+X!Rd7>l z5b*`M%P9}`Hj90qbU51+y?)UqIQLFwn6U$0?(%V3qfLHZKJ~nf+deuH6dlT2+e!Zu zP=iTA3m}isDz-0zIq?0;d&$SeWBvTAvh6l`S#rzWR8s&7smvhYu9a|l#TjEV&%0pb zvA&34h-G3-KN=3OO;Yh-vYnk7@Ya74!VEDs*xPR&#EmPn#0N(d2hs6a<9po~ zB7UX?@pOs9LHtW1GdYI@vvw@RJ&dhSMb{SenqSUTmfw%$MZ{>ZFW-xR-A3+3z`_0h z3H)gMfHN}yACr+QFFD5K`;-6up~W&xjQKjo&~{>($W~xg-^uYCRMgoz^qhtOJlvtv zlivP8dB_n&*X?PUqrw8r+rcy6TBwFSV4Vg&h&QyruhCWf1Lh_dHO-e$I+N-h4<`Yt z(fnf6XZ;o;SHUjmOu7v;5zA_8@cSesp1YoX!y%`%e9a@BZRU`j0dsu}cUnIpC=lQj z`45!+59&q>29$Snfv43W%$DgQMFctDNuy>z92`%pJ?0LZNj4NZD&VSC27Ow3g`k{x zlk199anEEA0wRph%94YgN~>Ic#A!aUomQ!XnJFVpy8?E?r{!Tm2J{|A*5(54Mx z@ffsqhucxJD@*FiaIKK}Xh!MVaXKitx|IB`MN|iP9gJU>rn5x0%$kH2Iybi6^C%sy z-rAY+-9|UtqQx{_BLsomgml_h;pYzy_!R5e<@4Km@?qX->EpPar!#gq^p+3qGW@n& ziplKog2_{4_ec%Mh?+O81fn?tg(h}NMpJLVcHNW3@Mk&rux1{bKcFLacBX!!| zLIdMT=I&yd3T@%jRI?D0xD89;YGh+g3sKbEg1F^>AJpD_HedwID3vNe!n{33#m` zXV>3mFHa62y0bS%oQzLO7TgVQcwe((GQLdtf=guMJP>;})jHTwvgWX$u||ThH@SRm z#z)@<=51+CgVgm?VwC@EYElWNKI!6>VAay;*nwoyKHiR#kiASG-*_vw-SHhQskfuq zKp)20Q}E6k3n_YszCG9S6@O8Dw~+l<;RQ?c=$}*|BGYZ5)|%{UFQRlVYgt7D<*G87 zDDeAZY8TiFHNDh_lwmoU1X2X-z&)z~V z6cU&-q6>VfIN#Ei1?T-#Q~9E=Ie$e2QfiL>7TaGWc#4{0!*I9N9CNIR;uFLEb(M;0 zu{aMP2`J93h@hNg=y;Kqd(1&Vu=7$ZW-r?zN+YD2;ef)zPn^=P!fNIFwyh6`MLwzo z+*PR*Rf&LY9tlR1RY9F;?Q9_|pX3yEiz95cMLwuqxs)9Vqyg`=N7I7>$e0zO(VLO? z>&V3?Bz_3tKHLUk5t@)<&P)uYnEcHU0#E^{e%R_c`}OVvMf2MuP-#n$o-zCu4d1$3 z!uQrMRPr2UliN3!pHaZ%^|SPyb5O-Tgly;T9)6Q3a6X%!+h&_c5Zg(T${!xFJQR{$ zket?Ug8(>T8R0I8@=uzG8Cx-vZ;5Ytv17@EC9TiGGF&O;@J1V3qFVo0|Ii@$9%@o@ zCN^UN?W97QZ2ye5JMr2+H7Ay)(i?7a+zHFB%s5duzu+vV%jq%Ggi$k(U&=XbJ80?_ zgfv#}^6m(2B*LK`%dz ze+R2NwBv@-dH*Sh$yKsKX^%RQN5LmkioqgX(NPC)QLAkkw&5dWcc+8m@_l2Zxd^Ln zVS&&KnVx2@CwAxCngVc#AZK;K`E$4V*X2vxZ$d#LvxCq;_AD_PS;v?U+4P_7tLTH2A?suiaoZ&6( zCmw*gR0!gIQ8Sg;8BwN7l_E({Dz~)=YQVqieM?doc=O~-U06ia2qUCNhDq0bfauEw z5)-fEqX;`NV} z3=7foCu?h!V6;E60w$(crr|gyGm5Zev3ti(4}=O>c^q9y@5x!_etFxdiO0JiTUHU= zWY*HXLBf4P=*OvGtyRnU^6me%zJ!$Rbj(og9jcn5a|RP+8~ ztmTcFow3hWCOMUU@Rv%9bOiU2v^8Su6xyB+1hZ^a_MxI>){u3FE*uVrBckz(BU^4; z4*>ajufz{|^Rv{cz~4iL`@4tLPBJWN^B;RmrrM$MS{-pQuO+* zcVWA}S_Avd$9tsRu>;p}m=cBS^EQ5u{p2LNC;TdhPkG37+AKyuI~fU6Bpi2I0Sgo- zp$oLkx2D?e{0c%8Y8RK)t)+KQVyhz^p?$|b7Z}$b#2e}wmViqNL+2L5m2XANZLI+P zTtB#ZVb+(sM;C|l23ez?Xqs(#gjaB*9`@WH-KPH#7olR*{4O`&0x@H07-$T+IaYKf zdJfSBr;oe1ccP7NV#R76V=J=2VTbfIGkhfyT2*`aXdFuLDOFo;kOteiUB-^FQBha8vDNStR` z9EW-}`oWs+J19|w2EOh5ICUsL;%nBm+q&KT9>wxBusLM*7yk9*faPh;(&__)h26!;Oe%vjFXLNpbZcu z+qDu+l64=<-hVK_Y>|YnD}#rv-rIz(X#m-z=6%pxdX?pc;&!$wH@eVE^8{fO)=C}a zkS1(Jrjx48doUIz#!~(%)dJ8^mHHDU#56#9t_Ax8&mwRo0@Z%rf6hA8mjB*=Le{cz zg)FDra!7?MWXlaN2D`K*gM_08oD!p3gx=^GkC`A&gwfP&Q_3&baDl0C0N}#&YZ24oSdy`*oPsnv(i$A_kghp!vjL{qslAWum7wNf4RKttT+1TPB>e#hle~tzcJ*tG| z!*AJtg@z;8c*DX;wh#;Du%9*`w|+umWmh;zXb|93r>$&F1|#XAM7YfJ8%C?8i<~1b zR|W+&TKA*x4<3_p0+CnI_CpGxR_DVDrK?o?0S#XCpTweoxW4-iTwA9hUamJz$pz5WZl`p5Jo-~VeW4&XE;%x=+UQ>)pz`a7WP-dNw7L;$-JQ*IlB=3pr?wEJe_U;zKo3R6!9EldBN-OVX z;izh1^AaZ^WY`5G%}!dN3kqY{zuZTN0-(evtIcwe$1^wo4J*gy#6stXV|=iYF54`U z;er2O#Ar_0In4l!`JYfKXjM z^7m|m&eVOZ?!2yxFRbXX@qjT*+#*Tm$U%G0MlT2?N)|(^JUrOSf@r8zaWEO=t#$8! zxdJ%H6DW#|fL~r}RL=s+g142!fenuIo+;sqVv)cG%?ObT1$9m(Ju0<5UhLNI6^^}g zja+n~eC$wYJr}^zg~5p@TiRz(3EhMc%}ABb9L!MmgZpT2jFp#A$jOILq{sO}jYDo? z?B-RafRowg4@0A*1$*L^eEo>mwA({pV;40=oo$8!ieJB%s#!HOM!() zWiso$1KB9wJRc-%lJ)g#@0G4ThLm2e^FepXYF4;yh+{&B*}Nwy{wm#q6-Gf4MKS=e z9im0ngMqz-AGnkS$Ar}(6HH4ska$DOU30xQ{}Wl>_LmTPu!5bMSdz`Ih0f}&#ImLm zi_OS0z1`*mkxYaHoPoK>T#pxip z+7m4Qa-80s%)=2Pd!V^F_$@o#M!FJC1gs+(BFhL-D!h;eNY%skdAZl@>vrf6$T(M<1@NkI655J^eHe>Fcq?t3~WOV&O?4hl~w`*P& zuoB*-%eg3FVgANC7V zm=UM~IBtMh1`5rgC^hZj=N&esw zi=jH$Gu?=xEaT~jA$?Gg|J~zbmb{pe5=AJ2=;elVf>o#t=XXdIgpvKesr&NB3#LV~Xyyt!le8 zCBYm(Ucw~qqast##GF~URgzSz(Qk2PbDp;JFe}L?Fh+4w=`oHmvp!xO8Q0g;qm zPLm>N5)v-@plR;r)2pZeXwKT0Y@siKm}kvaEcDb_h<@&t{L=>|UHY}~XTR=@#3%!# zL_j^l#g#eUX7#si^BRio3%`Hhf_V$>D^$|KS8FMHnjGiDk?NHb9AA4F^C~T}b3g=; zQv!1aL83*@U2EsTUxi*e4m63iwbds@#Sc%qLD9=Dh-JpYUZh0^CcZ8RkU3Gl;#2@Z zTb>)7pF=iv`fxp0BT(Dscpg`TI)SV8eek!#<#?gRH&3xeCv9IW@B2B<-oJ+FC+FFF zuMyJvs2Y7?HM~BXj?e5cd9lL8_7oaC+=R-7Vu(>_RsK;60~|?6ppqm+4@)giD*YHK zNz75lUv1P;MybR- z=`$|2e%1ja>2^P0ORYaq(3K+-m3VA22x)*#JmtL83=W}$ghQWf@9lk-P_w&esvV3= zlBK=ckbAApmT+3DK#EO9o7C^{n(0N#ny?b(p9B&d2%6wKvY9J{rMzJ*a0?Q-v`B{v z*_dgqQaVC1IG4W^@)KQ=P!x(JDBc*`*nn1PR;fiIjrAO2o@pF+ry4jrIOk)j3g@a3 z6U43!qS;^+L-2(0-CCz>lTy1cFR3$JY2OAJPi>xU(m0T5!vpH&g~?uoaM67~8KC9) zWYNE%hxYt-DTAgdT#5RxHWGk}nytgyy=EUc~FMV*@ zQvDIY%b-9(iZ6r=Ytj^_^eTMPP2crN*7L<=e--`6y*9@XfioN9)mKJ1mfi1;@oEyE zC#UW@Dbb4jTJC82NAwSl`QS2cy5D}jAp=}f=%h!{fuh=siQvTjLE-l<@Ov53`y^jL zr9Yy?R}mYyRnD$462Ydbn30U^6ov4_4}A{H7{FVp3n}>0SK+`%hu!L^(!eDrjK?BT zP)ysS=!d%e=R?e3f?z9-_vgxu5B6px2?)>hAu}N)OKU{f0_;5kb?;y+|Gv37_s>&!O=J_73(|Yt9OJ3 z%IoE3K3vPV&#tiepbt6B6mrk?tA|lx#%@`42LDHF0tGpuJV{}HVrw~Ts(J^LO4Ae- zMG$_FFq;a1ln@=YIwZ8a7gx1E#wtlAfE7)mR{S{1U&?IMcy!oJ^p=F;E51C8`vx@#~d{nwr(^`Kr7Q~+m;CfVGUm_g4+0H0Nj^Ml%LzVRUm zk?LyTItzcjeLf3Y&aaPOt*y|L4$7;XTGkvI8>KsBZD3MoZ0q{o1)h=B^6ZhhngHu- z^~8*fS>SHE4Upm)WRwsJ@S~DN%8&4E96jd5$?#uD|FF8hol9BP-zyz$-T7LUDk`G? zGY3jeWkS~LVwn1n95tDlBEA6I#$oyO>*zNjl$6z-!zP1{zB7m3s<+Ga4 z5~f1A|5Qe)?E`+|-0%*%00=aG-2!JB^!a|Z{T)MTIj{crb>!B&&$dAcIyY?F%E*L605l+0I!#hKe}PE+=K3)sTA|(V7r+DPu+>BC%wP>$gO9*9 z%pXeikL^&A{%ZdT(@iijh$+UiGDenrQ5)JM)=n|y(^Hag4Z%D! za&mGZ9nF#sL`Qvhhh?KC*gnyVOSds~SMz{Qv>@nlmma0A7qD?@e5=shoZg|&{=|Nw zDnD^ucFS0G7X@_bg`xFhu5tcrqH;Y*rMtNP^y8@VUD4F{$@T6Y2lE~Xl zRF?PUQQZ%kFOmp!b|$)qX_Nf_BBwi;QV2XEcy{HdnO2)43IWYIZ|bL=2LC~8=$N5! z0>lH?D-{0pX+x1qhw#}7$IYCR&6%GptDwKE_=-6OD)oD0qA^-M4|S^tafPEqB0Jm`6Ufq*~=2Y?7bMEKt4%nw~dODNU3kBkTE6@+Tmf13+VA{L-g5R`Or-VtKR*pih0e3O`Ux-cpDJf{ghywb5Y@qlNpV6;||8ioWF+QGQEG?Ob92Kp=hu zwaW;h2i@Xe_9v3p){lwjfyVYwKA9#1-;H=>5@^_Xslt#aZ1w%DO~oo3|Gh@W z%Ux|vtb-iY>7>sQV1R`C@P57haTvngqOxzex`T7mw#UKy8yg|2)9k%^nhan`Bi;Ix z>T@+(Dm~#h@-n>__nb{nl+o%`F8QrgS`11m2YE@B&HEXVxj@V0-GYj+wfaa*Bg*!K z^u9yDdhsh&xp&#zi-Mb82S(~-#@^}>{{P?WekzgFHUpyp~%Pf-wv#Nc51sfz}$W$U^%Mrc5+_ z?7!G&=rVX-Vg;CBrC1c6Ls@0c-rVY0S-eHGIT#!7)67_E@xwV52J^1b}MlA zx1f#J8IvQun&wj|+o-`~{<0a%Nu#p8n{%Q^R}cCxo93~I;8q3BwY6ApPkUxJj9X0@ zqNj*=tlufzc*%=Oo)$&+NBacDFR9a!jf$1gUoL+mT@1wikU&WS5aAvNMszj!bTOg5 zM^JuEF_tbxO-mt?hb7W8VLu=hq{F0+jsx&I-+QLcCZdzD_`2Ue7#M7+ zsB@S%$@%>1F#$^L{4qVL4JQ+_b0Pm}a!|^$RjEZ8e6a z^i2$Y1WqG8^;{7~V0MVM_hyqK)xxf1E?p$shGHkhmH3B01l4PS8{K|dcTBoMcJEcU z;6NgET)U=Ow4bR7c#XuSQ{2nv*ww?=Z$mrnvAH?UXm5P(mfnVd&iMS0Uh{_JkBKpG z(E&o75|H(-uEN%mC<-gnXD%&zB@g0s1Lwb*l(>98Ku>VKUktn5MHg6r*cYhN9sz{! zaN;7kKrdB9J0((@TAvQ-^dl7zUwRGyWOEU1>kny zcm|ZHK2_*U19_aR7{3m|&XCimD|3}n(PSngAG_UlB;O&K!>EfyOqRge{ibLNSV~Mg zs;OE-Yt9m63xJc|?8$rQgX76jY|dWyQX;c-*3NOWlg>4pya7+=;7~*-HqWe{nnb}8 z0Cx?Ob;4mQITKWdYm3wL)Kj>}^Y&;!=)-)so2ByEdMA3UP3)oaR^R1SR02=N%MMPQ zI}FYV8!Kq-#O!Omp-wj2sS+Z(2FOoTx|A7$$9~&n%?@m8A`ETe($A%A02YX?muO+g zy&%Pw+B?|mVUMS;RV^ZnNnoEbA>a&073WrKJEUA1Z_;VM4 zx~R140k71Ccvgiieq`x4Y+r1~0Js|ivE)db{Upzy+ z+Wx&@U)<{WAarmM*#oW$)b2R|UQG81wt(x}0c3zTPLHRGdQ~2qrI_)tg61}IB*~B} zfFBMUNMl=F0xmg}m`yC~_Ry|Qu7(!tS4xXP=Ny-C)W#!GgjU!mJYS%-tK;%}Jd)}w zUn1Tw(C^?laAM2abylLCm>XPNcf7MJ(=p`;La{>(oRelgD0&~G7nMKyt$m@HW{rQH z(u6@tc%D+!pF2-14(4*d;=R9Lo#IUwqDObX@Dj{Bz2!0xDZo&qc@YfCr9f_q`fV@v zna|5efyetf0Dp4?dvT_DUQOoh;!)DK@u4Zs`&sSte7rT<1mwIvuxt!2**#M3cyxgN zJ-)$2#e~lim z4@?_Fa&3c9$g>8R9`RXX>wd&W^##{XW8L2?xYAB&?u!{2;3G2a-MUy}bmjoH+j$nf zsX)1kk{T?V^AHztk8xZ<7LfEflg0Uw5>*=V=7I8|uBi$dH__aw;r(Oc(U41o0ystL zR|t9ilB-PU1T@VZ4*$UkZ9X2Idix&@M5dDy@Y#xWbrq6wjB+D=dK^RTqd;i1G@-e(4L9(t>Koi_uo7(Eyvb>{VWS#&s$G6U$wA=8D}0o{|}uDl#^ zD!-U?vqSR}%K{hc0R~FtJlw|_%5Dt4KJkOls zzuEyRD_d56?neXl1lYS0w?7raC5~A5mN;l#szF3z^@ZEpevB=OR9OIbA`8cOE7vn- z>xsnOmk6i*Uhu2qa6{*3TQbHrb*u>khJEk^#&Z8l#y@nJ-R^t>qviim^_2l}G)=b& z?hxDwAy{w%Y;bpn;O=h0StPhaaCdiix5eGv-QD4CUc1ltdv|trx~r?F&N+3u4Qjt8 zxaPwB%S(6=3Ph~3yWXMUXuWSiRSsf9bUN^cQDtys%N+ZGw8GfA z0cUHA#rD=5@#T&|=41p_6FN->vLqpCGrLJdsyoM@zV*z(A7ie4I^14}dfT?VjSEFW z&P7QX>}&&Qc8B&jtr3s)Az6FMBsjufvF(>uW=z8Dsxxnb&X-~946ShP!XXxe%HfBs zXkUe{F-g=l4*r<_=u9~?)7<&{xkAmrTP;t7al39OtH{Qo=lI-F&?v5(0iXd((!!*@ za^E-4xp@_5$H=Y|xbM0#U1(WAZd0e|#m4;;tlDU2K(XXS?<>3V$fb8Q1iPl)dHa0cNYf&&%k*LN--+G48$@^;7 z=b7_q+GN{u96J=W&(ux*&Ho|mIL2+f#aNn zg}9OCV_*Ci=36)9+&t61U*lHre^PRC>;nFz75UE6&{m%4e_y585fKR9Q_psaU>#Rj zw-Feayhi>P#Xc#%an1X1Xz5Hop(ONVYZl9_LlJxJk!s)D}_#>Q)ctX$n!o4AfIN_cnwNRPtJVIW;+89I`C z5~c&#tmWcd{ry%>nd=IzeNP#{_4e#kxrnLvF!n_J@Ej`PgXqeOZcWgz)ccli3>Zn$ zgDQqxTyk#Nly7~DTCUb&zG2`1T1U=8Jef3Thw~ zO27Ryw;HW~DA#(z->w;o-(HOQ6OcPb`5RCkFC{F+1m9t3Y`Rr8+3|v};sBv}xGyMB z+fjMC3Ugglb|*%u-L}o!1*u?pjk(&pAu6KmBTNKkuYQ zH#VGQ4LOLylJk-gKTCOQE$h(AKZ?D6CxM6U)xCsYy=>7(=h0hsw!?|h!D=r3y4hVw(1QU~+ zou(0sNnMbT3;=z561w%<>(9z!F^Bbvq=IaYY@*QC6K(!QR0UZ>5KDzaaluoj8rfWL7~8*YDd7xXUI@1_S=t2G`F}1 zMn7p1!js4$Jwqu%xqK1~_T!e!${oGe|EHoE7XaZzNOJQr0;~D*s2v_7BHclN6(OEW zs@nD$S(&PzNoG-vL#%HCfWWXEMBOww8qRp@2uk%32#Lw|3$nJzmcx)w34X966cv{&4nvmxuJ%c!0{|67JAXswmSI7SLE2VKXmU(IjuCbdX73Xgd?wK>>`H$Uh5dOKp_V=3 z@)NaS8nL2n6&Z-SG%GCH=alP(>H}?e5RW{k)kyfiO7?G)8oVeUg$rE2@9W`W#77&+ z?t=y|vvcP#ze#%rM}!J_^<-=gjy9_3l~*nfmdg|1aZ6vSI3|AJG-6lz>ucXg1h>;d z+xkZqhuK*I{`+a2`n#5j6@DXbf5(V^xlSZ0IvI%4s^C4kE7S*$(3nl07t_$z-Ud&i z>F{ZE8AKC}!0RUP(vRU;Px(J%lMBTmpF6=E8%0?NFL)8~{fgGn0ohr3eVc`pp3ZWT z|98(tc1~Jj{Qt_{|A^iF62X8g8sz@+f2p?r0?BAZe=#soPCL4Pi5kNaai;-Am?cLEMRcj{AfECpNqqjm6Kurpr}Sb~qhWZO>k53ntf&lJv- zvl=N7e>$?aj_WBe-%vsdC+dr&pa}S^QBdM zYQY~JIFM`WT{E+Xpf#M9vdY(XOH>D0AT?c+pr;faH=H16wyFT@=ibTcyQ$q=+$(Nr zScEbRt(EnXu}P`9{yCJXa>|xaEj^GOuabcktxChAj5hi3OD$X%Gc`kRRcqUq>kZFC zyWtm~aI*qXbf6!{{_iyDvOt|R_94^^hfS<*`zvC}RD#TO*J#OBoJF~CCqsqUN@hOX zuVAC%nQ>rpYgaMws-R{xepE!QZM`x&%_xT<6_*4+DcBE`L9 zeB4`ivwngnQq|E66Nj_pzaog)`RV5q8(LtJ`Uc7W*ULQ#I_Lex9ZoxQ+*H8do<_^FFi`| zM4w1^V*MjvK48FMd&^)laUaN6tFqYcmtER6ufStbS*O35z&dO)Rp$zoshYM_O(IVh zP-$&Fi6o#&e*G=>xyb5tS<5zig{0g0AQ2LK6wt-Ob)Q4WmdG>vS%!Cg10=`mEO(aG z&TA7G__ry*ml6?#M{DdBzm#XJ1I}3O4GFn+KI%rQ-j0- zGMqEI-pyaw`e`oqqzm(N{1HA^`*tn=8X3AIG;XsAn^`8VFvg-c8A=rjh+ByN)0NKG zdPk}WaL_^)cxTR7o(Matju@if7 z^Y@H9E?lv=MI3M6#;fPJ@7l+|^s^3bEA4}i***eYN^xXFP)T@y zs#+6Vqp`FI-xB|R@VZ@XsP#qq>#!R%@HAnzi#}=i|E%dmTPT>LuLQRe2~&t;mAvO+ zhcFLY1sF{7f)Iot@S${lXI1O90*J=FWMrE&D@PwyY=pG*()kTLa*$k#sMS>&=i&0G zJO>0>Q%}#aL`o7ggch{>)F^8msqW$DxC2UhT!`<@W2;my^A~O_de34a_W_~9|B{XU zyWNHl=@X;GxL^h4m()m^ZU2E~!D~{FO>dzet{`gW4S5I{W^@+fNF1J(6-X6uWxSFk zA|@f%4Uc$zi>nNGaR29wB6?Q`Z)pn@hvnenDyuQB#x7 zTbkl2^~;-ZV^Ko&W-Zc&of_Ur=lQx4w#?{1j@cG4*z?_I~K`ooyd7D)~UXZ+?O?5XU^tkO0kr;)q2 zg_J(kjap^5n`!yBbmkm+H&*{Q+h+UyzWFv7akEn@G@&QDlymwaQX76VBwBRS90tu6 zPbQc<=`!)9+gu(j6JRtmkYKdK)$U9%pd~4D5~i(l)=Q<=5QArN_;xbQu`KAO(~bvT z(%Yh$S$RZ9Da%<|br^0ZG6PcLo#dacY83m=^EH{lUA2}fR5fl=0P>7pF-=}K`_ zZgK{az6X!7ajMTHUmk0OGBE8oY!B67i4aQeRw|TKa5)a5|5g-Z{913N3X2dHIDDZd z#JNMnimfbrQeTK)zEt(l!>I<+WrL+fgo$;aonHb90K{26?@MrB_W%@_^Xa+Ia354D zhOg0k-N@1)WoH^|khNYQqJJ2A=c3{5wo1@JQlU*he3l|`eBiw4bL8CI7(C*6-VGE_ zqPFcBa%HT@l{-T}o(G)x&I8V_PbDRSd`UdclnDhV?`1VH0#13Zc4#(Ekkj&cAJ$vX z)f1Vidz|TP{Ng*MJG@_1cu;2-Fu5RDYY!M6tQBaZ61@GQyL8crjp5dhz=AgdC9F6S{5Fq3|dOLCsB+dZs^R{#2)w2%MV-gRv8 z5D320YR-)HkM_gJuLHsJw(Z*e@E`60yrWYD7U8=uGok&_59S!331*w{Ni#25gd$JE z-i)&)FlQt@U%{2wm+Th&@cm;ls&2C_r7AK$mB^+Ab8@F4vv(8}M*DAYOE#P=k)W3f zwj{qkPn|a2h|7kM(jSQ({eUkUcP_f~q~z&Nb4@jZX+!;B1O<-N`}6@lXKUpE^zCMW z@M30|B=}L

H%`E{wW~(cYPhDrD`~ zVsKPhst?zctrBi0QUqOL0)t^h$EmSD1|;RUT4c82ZI5B^up@VP++|GR{)i6ht%V8{ zAtG@g#~StXr}iOHSSn%!s6?xxr<1>UNUrs&Rxh|M*;y_g?pp{Q&d49s+Zor}3DJeD zHQqxxETwkms7$alM=ZL`hYy=TRLN|tpP%7k`S=!;WHq%7JC72n(EI3kz7jtSt*Uh6 zoVP-FUeQB%Z_{K6z#OpdW$Bl7o~vJFeHUD246W-8e_0`1PRF6I zu~&rJfl0qrpx{ddHgBXvzt3dZK3$hZ_DDDgfRvBQ7y&(|*0O2F_&ow?rbluq(#DJi zu**Kfu}CzzY6m8Bp?X@BcI*)v9^6AYO*k2xo=~kzY&TS=5DXN169zGHxp<_L<|0*w zpRB|o5_=h4QFjybE=#0$;!fU&F%^~WUGFZ#p~$3*orETvzb&_`>eetY%$?PhK5v13Mzi>;k5ndwj9 z2mF-fY@CK;oO?`4HwmF^L8v-WLV{!R>GT`7WK|+Z>-oVvBS5`&{jC}Uc5@w3rL$Q} zlnJ{XYAX7b>1OiHGV14hf^Dk+AmG$6>qnZ#E^0||F2^q|Fa(W0Fe>J4k31xG&%$G> zE$;1t!A^)+Fnr3Hw``2TkhWDhjb%Dto{0FpVE56fg)u9FBM{R6c(vZ`a6`{4IR>DL&%xQ zby>esD@8C zKalYmBE)ah`Hr(HRmrUFXN)E^6t@LRQ9fw44rn8MZH`ph_qM!wBi9J;Cc`DM@rTkh zwF(zJM|VRIh9frS3=^(EXVR|{!t^nnKVOF*r_~5oOZo8jawPI_a$4e}>Sl@Kh}+M~ zb$`e9adT=Lmb9Xeq#0w`@Zm6t&k!y1=W0W_8k|?RA+q7Q?w5dF`vO!N8LB8>ctMvF zl!C^HJ=N@t+x-g+*Mm^RYF%|tiV>=0sG{JW$mfpzrM!!6-u3_@))VCtOLJ`sFd3e` z)RQtP!RL4QG2n31N6&4yk<0h_?P+K}^NV^0wfZrg;AL+kIpO?PR|eM?ebNX@e>kpKUamcFLwEfHxau3Edd) zPo48k(KukMqfTY@3+E4NU;;;z zDTbGDas42UX_k4giW6PDcEZz6Dj(-OA9LG@ksu8>e;?xNt8)t@7bGO|Taa@%=^}gu^S#+%6egKKQXJY^z?%k?lqJfTE^zL~EvY|(?iP3O177dy zvw{XFyGj*5PnCoRj`r>R(u#%)e7niog z6x_b{ve}2anQUagkx#1NmC*-<=3W1MfJZeTj<_+2o7y%* z=g}E9J4gM2?2Dc)hNHNmiuxTbKpo#EA(Y%V)w$k)xTX0$>cPAJUS+jkEK&BGn0vf}T*Fin^Ee|kkNFzfGGvwJ1hA8+9F+THGBlVoKo%2$E zd*Y%{djOk{A!(Rh!L2&?{JIor-qIu^EGhN9I=Vi{D~3%D6}Pgn;`u-V^J*HdXa_cJjz3Ec%A+|dGcVFQQkw9VLtR!`$NL|s<9gjpq&W}k*8&tg_a zRG?C|cq%{}rHgKmBF9Lr2mE0OPY~G`mAvH-?vNO8`dlTX{UwxmnWE{OkNyo;;~+W9B(A)$Y+7%$Jk(kE2d@T=_E z%;Y@*3!;Lcb?Xm)fGzonwY3`%#e~E;gF0v+`V??v=rYq4;X}KR<7lY34i*6ooq+Qe z6i(D?Ol?^Q2*P}vX6*b7E$T!=SS_#v9;q8e4!nQ#=)T&oJGTVPE|ywnY6n@Ss%H zJee~X`-)yZC>K+FDh2bHn0yhe7y24(r!CthZed0`>A-A(o;o!05rMws$2{Yhb42+T zGF5s$%N#s|0(<~-@&yhx0l4Ow6xSWi#;g1^{R+^hvJzDp&qTF@=sA^1EyL&!hasAP zs=Z;Ro=}L{y09w1UO_Q}`_X2quzVS!uJZ+MDZ?k}x?GzLhx?H(G2+E>y{JNWDmc_u zL0yLQOc33kfG{7>E=|vQFr@xTR)Q*B9`0+w^jCDQ8!QP4Z0@AFWWh`N*6^T?2TGw5 zoyH+U!ml9%+oD!EF3}F%DMDX@%Z(JlFebt!fIlRk1{IQp;;TSPA3_?%cL#z|UBLvC z(xkEDk2E0q{v3_9kWDA{ACt7eDE(87&T&q8_z9AYWdER&)YSTV&Ep9RTb^C^J${D&qz$}*$l zWyjho3hG+DgooRR^*!$Wn$z_*<9EUjaR;^5^+9(bG;d@l0)j3ca!I)S5MHyp~xI$UPBAVX_2X; zjTuR6lPI;7|6%{UUCI5we1dfKfT>{(HST7U0-t%l*=QJx>jR?S)B6%&n95fVP1#sx zW$x>Qv=}FH%|MsVt>ozk0GtLs8I$87o#s}yfj!rsBi38Zc}}_x2@j;%7Sj#lY%dI1 zN7B>xIVr)c*i!iyOgiDJri= z_LpHi``q_;%9y_zZZ36;DmG6Sz*Z4%T{gg@u;GZNFA-ua)Wqb?DQFTmBpMU&Vx&TD zV)edWB%!&RziU+SBhX0x(`<Tf$htbuCnGIWZt(ItBbjK$V&K{fGI)? zZ;>yikFENRV4v+wDDJqX?}oG*j1O{XgqPu+yI@!7-{Ndx*{c4biEe3r6<1T0~i|7|+} zZ{svjwy~nz5$`UV72Zu1?pW6IE=Uoou1=mZ6lfMu3pJP)bYtVg{{!j5l0SryQAX&v zX~ACHq&8jbk(G32^n1?aT|)m&o`_(UVsc7BQ}%!C&F32^mP(u++jKUK4U%zgsPLcO z2?9EZ?PTDLr1u4kHA`(g*8dj^0`IiwnT(tjFmDlQxdl2e-w1<7)PI%z9o4^%99fwo z|I^%q-GXX~Egs*;*IYXn<&|IGS58?MZ)6Zi;l0t^RGL*cl=!NgKlYu`Op)^mX_p>k zltW|}V&>6gvlJ;nepC=Y_o!)GeLo**t4V4D0v1;-*;<@CC^PI$_L7oJzzfFNW^aUj z+!a%w&BU2SHW)qsxH-qEzfQ42JW=c0r+U&4A1QxV_1=GgK>Pgx>hnY(Jmwsc?K#o< z<1wletWV_2)Y+e|o1|5{(>)7x{+ z=g$m<*QIr2k}LN8&u5wYpFWS2@2_I0LwT?9eK05jtdK9kfiKD=g2Kngx7uwURhHK> z$O%NL^(6N{{Shko`OhX4T+Q$Wfzl{Us|Jd>qy7(!CmGzpAN;vl*ai|&-h3+E5Q(5 z`Nz*$vDi3E#67T!K$JwoXW2C}TH~az7oZm-r&q0a>%GgK8eU7XKqR>OhK7nqC}lU= zkKHG3CuLcBXa|l^jPcD+@q^>*q=yHWM8&N@l(9u%_HD~v^@e`kyW7$?FHeI&dO{ky zs_sZHAsCe^*0SY^EPHlb2#+K_VWsfb&8Yp;+a}2={RMS3D;qjZ;sfgQ)pZ%y@i()` zWg>ruwzh$@$9c)og!ZkH0u4{%cXC!py}Taqh#WIk6WeuPv8GtQ?)`G@wJ57@mQkPH z%9D*WHDs_BlJdgs^M_VeNHifAhGx^ZO+qGGsKB`|d`=mAm(m*H(pEEal6?(N=C$FMnqfxIcOy4m|hD~jV1;I(dm$({% zcbiFuPmppl>x{j8;!k5)@7eL~b_(`T8$u8!cBvg0Q4g6PRwr%{=zQJ>+?)ju?L$7R z)xyHJu+kkL8#V1I)#B%IL}d??r>2h8nrLpl(!P+;QoBuk3v~i1%(ZO)Dj#=pci9y- zz{t&0-^%xx?~V+iHs2ZooNoivvOLU$_l+V6t<}f^)Tfgj;dAKFt1(h@0BD}Cd_QGd zDK0zXYUZIrZ)vJPeZ!;AjWr6kdqv6@QK)B@tf{EpJdzt&+?GPfd4&Ewo-aE+C%*>` zZtob^i!F{%I%?MIfbXx>v$K?*7~1iG{&#yW({nqIcmkqvBnZF7+xF*$i3QW~@noAw zuIGHKZxxnjd&UTNjZ&?)zp+L$fxR{ekG6m>f>!7wI;7auD70625#*-L!{OA z+df~|!7lj83y!wQiCIA4N|q%#0D}qmgmqs0b~D_5g<1fHREt}W)GZPlDw|plRv6UZ zg3pobhrMk5u{@8EhF5KDzQ1-hvXp6CVDYwe;jbkVSO$_nllvCKD&Y=EUVxzuk!fUPuIpo6(7&9mF=>F#Qy4)#ue1APm zXL8ls%j4m;d=<&N^v$NZ$DG8ywu#G;yxq?Jn$=)YEuP!h@QBn>@B@SuT49{ZUU~o9 zvi>=M$1YnM50Kqd%E&t&!EPFYwYQ%P%oKRszpk0amn68oVD>u1*JyHzDO+spgNemn z9>{{cAvr)J$TQ+ltF#Pv)zIWBH5mBqSue2P!DCYtr}9%n%`8e9mwSdnbWO8)v)*Z2 znVVL)O~QECQQOnnT25Bmy54F*L610nJ31xCNRcv(*=xb=a@3#0sfLKvBRia!jd9_e zlTcQQSsW76Y6pmWa%BfbN95Ei`j59fAaGDo~WOM>cL& z?-0wHu_hXbzv#xkyFKeVb;+we!GBY1-0lofC#bFi?a^sj@ix7lKY8hudhGd%s(E|% zGbXG1fK<%~4H_)twBI0ylPG*Cg{zGkW3@ekl{6piOT11;W7~|$*PqqVhOk$oSltWb zG%uu=f6d*eV9@Ol0b{W|u7@Xkd~Q|cvv$uqDt2EU6qaB5Y*>L&-H_Zu^yh_w(q623 z@|EfDU>63vLy3~6^QhkT15e&54s)0PKZ~x64+fup7ND zN|LGykB0@{n}XFV)aQFtZVX%=?LgiGlf%A#NZIzI6uRDJr?VtVRc-4Cx+uNN8qT*# z{SKR#9jDiHG5UwCK+BZ@QZ``MuR7{aQzyaS=pV0&?rL~n+8*7kfBS=?35+}1-px{4 zT$JQQA2!zj30aVmrzg{q7CbyuD}#~v6;7~RH;3B=1~J2?8!-sXq*Hk}=rqvKI&t7n;G zw~EG5+6pY%n)9UHgqBrPaSp2a``FwBQ&a%^l4(HZ%a%FO?qH%`*lNBjKcEZ z!d9!2y+)!&1EM31iknZz5h68=A4#|d5qRAsHsHT;98cHpt{|$jGFV)ED0%6VR^~mX zyJl?KI?u3RYLgzrXPKy`jHn4%wD+-p!O!~nb_CeV`d#JuT6z;gqIy@jiG8e-%+;O; z7z(d@QdzG&T7K6*^Z)jARX}%t;p1Bjtf`1n8@hfy|fP8*s-mfomxlJc0D^R8|r}oSQES6h1-5Vy^?p$i60!kE|X1< zb?U%r=dls5p`^OaWM|fYE4J;FZGFF((K=m;SUxv2Z4~{c#5OE=o3qYMMV8CqsB&GO z;e1<$x(wL$NFlszXC;~FiUZ|Sw1|LKhaBO@Rhp;Y?;eKh)eNe6-gw$-K__97%ad0@E9j=FJ5~ z)e@Xb4NJBJ+H6*$YmjX_4h_+DHGoc3)LT%S+OY9|1LRC0icT_tRqG zimr`+zP{0ycrjfn*FQNstG~&^TDVWz4ih&78by*=gono0np%y%Myj70$U+-AA}n5` zHLmoaAl276YMau|jwhKQBd*oumtiSCM}mbucH?Y{+SU{XgX9(mXdd+}@i&qtSiEm> z&;~iR4M$_ZGOsDskZ|0+0_f-N*Dfcmw7!N~&rEofJxB<&19S)rfTfxI_(j*NhGm0u zPdFUFPk@?spazwQTZ>d5(rVTC6lm>KBRbSC+EkEVb}2*5yic5IfRb!UcKgMoUEn6& zPw zdcG@G)HBBB%iH zQbgbxi_&mED&Mva#SGs;PPn z-KLP#Cd=Oy0fZ}+VTyNmmp9qr$HPA(x3h!X^5VVz=wD0@qLi-xfo_nZnWI&V?o*+TCneb92}n)PC( zoYi}lfkQpKs4k+mMt!H0&&c4?HfV0I2n>;Pr=3MDZ)YVi(J{ zy$2Z%NU92wXrdb@Fafw(VvWsEYMyVNx2j!CgUe`puNwds1D$)=J47C;*KS7=EKGup72?kqT~ROH+U0(;b1 zf>h5#zu}SdDo5U9+$*>!yu9d{jHmj!T^BT(cc9NcAt2{nyi`dzpy5kuE6Xbp;7V@3 zMbOG}o_*%j?+B)ou{&3~aXx<)J(&mZ7pX1>Ja?#dye!&WFIFaDdB|6(!2B*b1;Nju zv6cI}Mg;Es=`0EJEU)w&R%_NcXgg7`d)&9MFQy? zyykC!_hn5wGI+tF`xPsa@td)MH#Uz$V~xB7`Frk1bu@{S0CbSTc~d0b{1gZ|Wuza* zwfVe^w^ig-(&n-;q2T+LS*N6NDo&Wu)pg0aXXjCd*CIYPy>fiZcV9dCw4wz2&mX*3 zMLPw_RwTE!P`{?^=HV?=7_5FK9;&F?HcVRuu_0K}%k1}NNUOakX$InNDZxq^EP-aRBEf;mct zhO3;hJOgj&A=3Q}&Vm$D>Md)!3vd=DpU;bM%z}fw+c^Tn*}hhD!n2f#fi`I@%f)SI zk9E9C)KXZCJKx8VYxC{lF}TVaC_QY8p3g0mJ&rTV^dh>IW0e6wL;aP>vlHI=fDcd{ zGP)qLTU7S&f* z!rZwNT?@52sP7&Rqo^$hAhuKisbR&MdQ$2H&vp+86tT5 zsT2*e9kTBos_a9rsx#*X#cs6Sz$D=8B~$KPtk*qfxNDtX6F?aJc=}S9;8dnKN`X|N zxX^r-+q|z`y#kpJjTN7I&sx&@rfk%sq30?}XxOKt(riOQkn0_t((!Q0<}R~rBgx{< zkY5GiZF)7tMeZ}edGp(f5=bkHBX)Q2DW28#H*4JSrnHwPIK@odLIs%0xkNeOHh-QxtX@}m6wy*<=CLo(yc&vGQG^Vl*_BDNH1cX3(@%b2QdZC2L5{&TQ8kTJT@lpl)LQEe)GY?NhxkYjAvqxh2E@` zLOV@uPWwFiDU@9L!DxI5nE0p&f(hI?ICuP$kF1(;BO%<+AbflgY@Wlcd2Mq8J{XWM zdn<;g4lE40K(&~o;_3r7T3L7E!P>N zaPplgg@t6gGlT=^ai&keQ>dd$)u%7*L7(UHl<2?a;RVz>rYV0=V~nSo#lTQ0J`X7= zuS;$rK5)oLX0xsy(pkgA710g`dPsp3M%z#|`o?X{%NsU!wo~Rgo6#!@Yt3!Q(sLuS zw_V^ILim!Z*V|-4@>IdDUc~jz*kwqeKD(04v2QO2h@(blBR?#c(nptJDUc}{E(Y~I zek~Q!s#mRPr>2Sh+}J&9yQ*Dn5ipOXtH`My_lu(A5=W(aR*us~@!!%sn|+bVx*r+7 zkGx^$Dkqb?9}yPBCh>R+-{5B|?Ws77IZMAE?tnVF<|IWM_z9thTU>y^FkjO-RTqrY zk`l5sW|>q(%Uq>%EQ#K6Z$qz%hud?;eG;1G;u7DyxvXV(TQQ=!{HGB__Nbbj%)4%~ zXwW~9NnHanqA9iWUz<4KT`T|Im$r@6vo$nCdp-UEhDfKPr6AYo5&g-J)Gdi4rMn znZ#Yh1}%YNPfcNuGh=eK=Rtsd+t0UWHcfjkFBiUJUxxv9@c|`)Y5%ZqnT)4mT0HQ4 zIThc1@hF__8h{Fup3Y?i=YG7pOGh!}STSvwcf6*?ew{0L$|fCsT>Imh z9oBwxr@vfysh5>%doW`gM-Igt!H4U!ubtt7Z~#&$?dGZq z2Ob6@523V5deFuF04bn8(LW1SA=~erM`J(sRw37{Es;9{REkN4^O4gKaV*Py|Ke?0 zP**n!TP?|u+YR^JM%G{b6v}9SN~&1F0a6kIrHE`uxXe5DtaL6}<})5Uqnws~WdVUV zqsa|3nu@!z_a`>nu?VdthUa!bQvW-ZKg^z}fr|W|iPNVX1_fLTk>Nw!y2Nu|+8jR%)?FCSE?2@3SKOSLO}Y zqgM-G?Uk?58M;(PW2@FPFRrsg5h{hH={$H(nbiuzvy$%bt7no$z3@H5spl-*VASvl z_aljyeHV_*B;;eQE|OyN8E|1ih1V_BXa>G;I^9~&HQl6`WgPL?GZ#NQ?0nx z;kU5Kned=kAlG59Q+hgc=&x@Wq3n2Fp%#U9 zR~Wx!`&-&Au$vIB7Z6h^uvexnLZNHtxu6B8S0J^-4WcasST?Bw3z3waHn?w6=Ik{V zt~+Ok6c4KPB#m@2fdhF2gC61+w6}RJ(mJFcyu-*g4y$E3-#$MFQCQuI8zfXL8Xm{B zJ6A>n!f;pC1D-Nh*usL)KtWwbPKRnFD0^D!P1ZF6^g~v^LBiqq>c+me6jgLhTNWm@ zbu?7Gzn--Bmf}+#7I>VxNflYutfVh8pZ?X4nR9#VkqYhF7n8g1<> z%H_+Zj`+4b<^vxH*mI?}lcxv_pHEpq)~yeSW(-wr9-HuM4Lx_O)5^!;$03d>KCp}c z4sLiMjy>MTG0JX5HG#}|3|oW2x+>~TwPLA&>$&rddy1t?9YU^A6uh6hy1lIl~XKl}#KG*eCpe(0BWK?}s`PkcjFiy&Slip3R zUCv3(_I;&ivVLct2TpBC&o+13p@s9Is5erlYs&i0fr?ayW@TbN8$t=s`lPPF88vt%oZC z{w!UMIL(WrceRJ1HJC3h>c)TsA>>d-glC7NwFoL z{9f+M>4NiEHi{whmw*A*1SN}^-b&C5ze6aEarw{ESciK3+z139GcSQ}U_ihqVQw5}WQz;adP*aW8W(ogPbj+as8r z801ZTqCVY*2s^P>>~@@+p0%#j`oUHUw{P+ ztEzZ~mth%%fTf6puIu-!D-KK!Y^O^}jDDDslHH_cP2#xx9Y`>+rLwH-+Rb%h?I53Z zN*Osx5JlU5l~QXuj%<$u4T@G_ld&(UGon4sxiA5=-~Gh3j|j{2mvFlb=+3cGt883c zu;UFU_)S8{J_1u1X>-)vk^Wq+#Y6YW$$c)g0yfL@Oz(Lr9k>uEf?DH!)Digp>fA%| ze5ip~D$%O7vhmzmsE6=rMRyo;%zY{G6Pv{AC1c-nLPf1f?2tzzQa4S(xmDjFlK)sQ zay!jhBEih$8Y&>Z`=Q=4=Q|zJKNA#m&HMTNA>glD9K3DD8gKB-X0SUz9_Lbk!eq<9wRz#r&YB zrZJo~M2IipNI*K1=P3L!9aNWgCnj;Q6Y0&m`h&$k^m;(JGMFakoX#)mZWoKa#zW@L@H_(GO%noXu2{;c=(rKca@_nGjdnAZH*LiWRURFOCaZ2GKa)ysWu%ffQ`o zfwe^cri;K!@q_{*t7~RQ9QS3g1JTIflx^FzGAz9CA(2A%ppqMpoa_q=nzFfhe1w>| zOoWH&%*94*R&zZ8b=FA90$ZfI>fW$HAPNc+dB+@%VQ%C7erX#BW-a4&_z5-;MS-my zHBx-$d0ffj)I@@DQ@il`K54;{_R*V%?HfxheFE$O6VWkga0mCxhvkym-UvLl0pjp5 z&R>Futtuw41{E?28Vt)ezb3E&y~Ju&AfC6I;kyAlQ7DmV$LqDziNw6j%_q3Fpe((W z!0Zbo1L_y-O27XQSKz5M#rf!E>I6@mZbbdqQ68&+N1OH2EIp&Jv0xX=KbZ^arQ*L{ z0K!J+o_TB(hvHYi?koKi))%Vkkz*(iyFD~auH0Q7@qrpK-~&ZbPwj6ng{R|8P29z+ z+Pr!zHzv9bMVg8brtKpWhNZ6)s8}la_1rX0NYn0b2Qhqpz1x!Y=LtM>b8avVB6&!D zD}fxJs#=P`m!v5!ffO7Zx9d6L!qXAHBEFqxfzhH6SinIh-=Fu#Y&mhd2?>FDxm6A& zU#+ftcUk%7b(^AmO5b+EHOzhTJG1qrg|{}K2~nMBI^8F6OP21@KayrPuf6P)-Kv2w zrmf%fFV^pCG0*#6t@LsdkY){TM?aYg?I4&@w7-W`zP~C>E000=7yAbus0DTiI;32B zPZm1^ve>#o_S9}GS+6vXJrK9Fyn&hUE}Km>;r>h{2`}=lAc;geM%rs8-ML`7mWvmMVL$fL@t~;GvqmY}9@V20EoqSF)8Qi} zi3uwzkMUpdu8@u#XcX!}v`E#o1B@?mQBD}ud8ubDQ=5;PZn;-&8-x$z>?mFt)gpy1 zNVjC4M&|`P^YgA^DJj7IH&b)R{w82PCrHArP}H8+y{@lkp;(%>MD?{N8}26{;&rcF zy*#VNE^uvJLd7cIyV~8?LEO_qK)rB{qjx_&wXM+_wx6 z(}Au6i>ev~rB99dq;4YW2`u?5+n90EgH5Sii+zt3ZL>orDrr&|Xxt_V6{2CA*dkZ- z9T#UEeBC&W&&!i78lQWL9!|z@&UkKe=R!^H8o6ojGha)0w$4>I3mSMYjbzO^tp3B< z8gh6~v`i?yj?B6n@tlEX`;Rqi&vSK&zgE0wVU;*1`m~fetu(m^R}S|-x@)8tFhW_E zGB0@uZwG6}(}bqV%C*!mlbc<FOgLr7V z94B?6+BBc%_;Q7ivn+m*=Ezf~DIR7wKdUL10>+lKNLYk@=Or1|)1_M-|3lX!TiN!F zL28P7hAK!H3Up3Cyt8-}rDZbw`<=s1Zf`%z2wO;cDQIHt16~Wj!m=CaS7Z#O#l_E! z^o=gc{#*9gGu4?XN$m87HlwC=3~qyU6Us37qb9Srty7}4at~{k{x4C=ryNB%#C}z^ zH2`Td{FGQca>*Jg9Isu)`p3Na6y${ZVyB+mgV2mhcmD+8Jb949uF|}EPpdz_-5LLM z+0E7UNVG^4PW z@gfFD?fuL)rC2H5X&Kpn9uwr$pPiR>_stc!Qu%NcT63c5Kad7S+GBY90-}L7 zo>zA-Y#3|~wY;d`#C!C7VHRep6`rg2n6I9^Sb*tTvKwpcsXhom1%gqV_Q^ zq{^QR89IOTcCOi8bu)wn;4`)d_kEj%ia;KO@v_BW%^D6WP3q$wmj=0ws_1SxIn7B* zOh0VE)TRX88lFK>$+@HGb7f0Jzv`0sm0e%B^772UT zBWiO0h7jtA^3vc`2}4x~jhFRpMH{t+7LY7J!M4;!l6#Qfl(vZ!9bb|iC~aEK?0i*U zo7@yb$(AtR!k-Y^Et_iWpYg2PxTv4RZ5(_1yeqZ*1VQxP+l&w`I>R6Y zL6nSMMsK6{GTL|N+1dMf-}mSDY5*y1NXY`7drlvGmX_ozD?d zygF8(Zv6?*GmRL_PBa)I+ts?d`&I+OT*O{H!elpi%`G?E=6oSFU`2lw;Ssdu=W+;r;V}9<-UdJal(%`j%5(L>_-Wjx?iu&EVDo~~X#Aw0`E1RiV%_!~ z_g7`Yq5P0>HLJ0j zj+Jz`U$k&fVIJGkJ+&4LcaPm`*lx94q29f9ioat(ranVL@dB);%;M3j>U1kHD@R8& zx(Rupjy>Rx-EuocpW7&LBr3W|m5-GfR-MMG*HU;!tF>0Doqv z&Hpe*!T)lBkIQG_B0c)G-Fc$Xxptx%&$qSNa~<3A4UZeN{IBe{Z!8H}_2q;{2!~Kx z>sId4we{3le>!v7rs=u_TJj($L*j7pF$L$z*E)&GOQ16FhNE1p*IjH?`!C0t*^HIqEr`3&(8BA;5g* zEAS#%)Mo~r61Dm_E?6!eetlW>#HMfUkCP^<8~DvJ>9kW7lB9QKuYLwS7l(~{uylIL z`F}#@)krNWumfFI@{o6J;Wwip&m;0ZR@_467D+#D?CwuU3%6^&nl|b_yO0O7x zwf$g~NV@cJtTvCCn%DgA(Ac*@dipi1cFhasxBbL>*99+*Q&oTv&QHP2D_Re+bZZ%~ z!YJZSgYFM&u#|D(cL!^o`f9A3Y8%GHM3c$c?;r^xgOWjONG=?>&h}%#S-BcQOM&<&n$InI1Fsy zA{-S0Lh;${fy6?5%82yixE8L;NDYVVcnoA{<<90B{SgdY zp-Fm199_eW*(KdO`YhUu-h>rY^n(q>_g%V;7^|99(_hy@Ss6+S-we*ncAu{W-xnV| z9Abp$oZ%j-`Bz|zdTe#oBs{{C%C?il?@195BV!%&Gq~sE(^(VVu)6&qjS=I}t~`&k z@#pl{T-Xt>b*+K7r0^1p1TuRzG+G+2N-VpshnJTQbe_bzOjo>I)9h)8;oYpsDcT4& zukZX6v%_*R>t_>)_EUIVoZ(3FPg1f+O#pWI3ER8;*i*5w0kMuC1>;^1a=1zL2Zl+- zc%G_#5h~J&dvj0v)@R4;}-95K+9f`+d;e3 zXiWyK#_is9vw+(Q4wOi73g!?Q2(h|uocHS)@a0aNr`w9h2Fl~NzP^#`A~LhcKkabR z_F6JZA?F2J@5xKPR(wC-$9<{y95+bZTHEIyGI(*$kJG)LaIa4p^&3O?SLTSn?aN@! z6F?r{u;(M)71B*to1gc+>NZ<*s{0PT!7a!a5VB`3w5}EV$B}pFo;--e@C*h^% z!#x$=5)C8x?)oN^j&1&Y>IJS{Lmt6*2wwv5EO6tE{W`@ ztNWX{GK0zz%&8qaQ~{Yu+gWduQS`hezkNLQwM@T+3`DIx?9k(jmv1;DB5x0sKl7>X zE}3slKd4*m@t~69P;4%3qdQBLkEomnG8oDmxsssbhW=bYzrdt8E4Gk5-M4u5i*?arar`dD z;Q8EJYn^&=Lm)79tZk#Rv6vjb`zSJ-D22{w!wE{AF_k~tK3ql8dp%;iHm9@EP5rtl z@5Jygv$I`(J31;P#rNzI?}i+$y^*=$xP$6e=|G}&I`CJWHkflJkb;}iskAtUONv*G za_3|SzopU0M*ha&=+QS-B$%yuTYj+meAMdPGs7%`-jpGE zsOF7~i7iV&5fVCA7WX@(@Dr%h$#0WF-qlT!xac0x@Uu}hYfwi$%s=T3)jnKPj0ZdD z2$;us#E7pITWW0ajLhzZBsE%;rlDq*DhD@rc1x7N^@ihG!)HAP9$&;CnMojVA4k7> z9}lTMb_tr&H+tP+x-@0Za)tC&>rgV=(}^!h)3-?WWC`@SzEF0D>pBS7*sWc)0Xm7l zp`*XWWXxeXnK?gxd_Q1@+VZp~(f4YVg>>baIYx8*-8!^O!BlfiPt(w-j*j(Ps{DH4 zSj^++R6-TI6$kW-!OZa`*DAc&?PIBQ1ROu`(iV2SHzQZ3g)-4 zbpG6giu0K&lvS3AJ{FTN5lnA-{R#Q0vE7jZIBqurFhGlF=VJZD3W{}jM@61N6&SBq z+~)g+W5YaRAg0Xldy@9Q7^l6T(O}xjh{RQ9CaSVJfDc@D=ahkX`_jE0wuKt0nZJsW3|K_Zd)$P;c6}D~Ea5-dZgN+8 zBFTGud&%n+ZI|V!z-!?m4&8=|(X zJ{0tzypg~=?B`4w$>QA%lbaL;y&G?(OPtTr z=C0KRG}S?kd`{Hc#{($?0y@=_1)oeoL$4Qo&1?!0y3q3dbaHws-lY&;J0}r_bx1*N zW{;MhoSO9Z!ta*kJ@_Sk=(_|JlYWWKbpSB+7$!n~?)aEg2@`Xx`H2Rlri+Ys-Q6nU zDQ2A8WYJFvcW5bt+pq0AKdB#1>aRQ4N667CdOx0cxkKF3q!S%APoCW>1(CJCYQRo{Kqv-L^;@Ul8`h$sn~JK784WFJnpmT;tU zhwD1r7?bJpa7tQUfxdxz<9Y9w-CS-yZzTya{-L3v_Ve>MCVtE5gU|G?_zn?n`0P|N z5vnSPGorRTuj}_{PvY&NOno8mB|alVdP8y1{Uf3Ub}OZC4jBlpDwyWiFjZ^i^m~!( z(Z^oC3dXR;2*jIwyJDW+ym{>!ZDB)0-^$8L)cE0*{k`e)sh0PCHDSE{I>=cQ zZa%(fws@I<0N)oK?W4E+hQmNsE=FA3tIxo0kn?%&-Pz5j_Ru#+ndfzNG6swUHk3L5 zh7^5zVB%AKx3}|`3yrTN&8;8Gw2HN1K!cOSG9r(y5fasur=$MZOUoTmIuCkyD}>!& zo;;nwdpPfnM*7>%1m$hE(DpeIrS`bR;gRH`{i+6$E^)EZ$5fw*^kDinW?EX>Fb%WT z%F1}`^Qtcmcvd@?#{E4ty$P-sYz=8EE> zJIcHxM!d$Hv;uIl&!m)Cspvy2BpxrKf$vBCWAXnH2)tbpSlJq$H7Va_o4Zn|IbhOfmCo@h|Zk zs^8$ra)SKFog;QOQ>a?-kdD>O)|k@RrFWOE5^2N;TVlyrX+U|WSwie$T|`3zql?LG z<9g=W)VimR*z}MzXmwU%t&#)I&MbujE zyth3D9RfYsuhc0dppqny`qsLnkXPLq`lTzx6_J98Rk@_&D~pS7YtvW+T&-=?TBf53 zp7K)~#~Uvj)=YFL?uGPw6qe5Koyxl6&3rUAiC}pR`~Xd#A%)2rUb$G=kv}+%7p0pw zcHe<$by!&SJ>9>SX7jOqKCGE{Z6dOYlyC~P-qW!|(VIv;|DD%J;^xz*Zoxl43C2!% z#0tbyGO&UYC)9R!>K99)!5tRk4U`^&VNKnS8ye58AA9f31iE`{6a{pJ`s{!985=df zZ!II3d5dJtmLR2*dtKBG40H}x>eM18?7sh%q7xPXbFq%#&*n{d^9hEh| zJL*bFGOVXuwq%;Tvi}{XlW7kQv%Usa&jN9|yY$D&9G0io5;ij)TadRfp4v?DD~I#= zi*KLpl)ekz5>s8I_@o6}HniZVZSM%ff1iMY1?`{}1%;ag1fZWaM`7jswL6YlUWciz z1$aZRRq2Dl2nIWV9x-zDMGlmtBBJROS+Ks?2&PwckJZM3)(2Kg>g{z;dKNiI-ekO& z5Mn>y+)EgFL^mm6%tJN>Gvy|tPU@Wx*i#|!=dvowtNK;uNFJ0>TRQ*CfRt?0ZF5bx zT_2kh#=5C;G`%9LZX$NSw}Mw6o=%kJ*10%_LLt6smatHCY%5ERq|@n>_G+q;GE&Gh zPftBg_v5(4fO#06cxHRr)Zy{{AVYlUVD#Oq$QmL| zie)Q;LE5^LML)9x6kBSVu$^0dY5p%pb8y`+-gvQjA0Opq!xs-X`}YHSO=d2V&M$H= zGM;*?WuePa7+IU*GN&D(!9@z2U*ioNIU?G+zR_Ywp3!r}G{hI?wfzr_d02tw&V`qZ zdjMcnTkJxn5H{o$!PR%qgK*@G@zAl`w}INkV3IzL#^bRcEkPM3n@1EJ@Qn4#X&u}?`sAffL*Uo6SP-DkQ37Qbw2 zdX6+3ubVGlZ;jD8iK2zM)(KR;( zvDHIOPdw)1>!BSa$(sK8pDWy6RObxeRlNCNnbeX{NCz7or{gfT>H$LmfP`fw45(;ica zDP*`4`EDig2m$Zn;(754!m$0=Qa%e^+WFbe@@ud)*PHV#O!_Yiy;4I0fP5lispS@l z_p&#RcQXn49y0#9=I9L)062e?F+g$Cl3clSiA3F^MXd|4Z<{b zgytYLG4VJ`@yG$@mWFSJ18K{LT-#Xa_jw|_pMHg*q^h}gby*DF7pUbO&6pWNThvbW z(xA-nZcp0wTrfV3wuCY7mpfJz`gn4$Yipw)ZK%M+FrGJamD^;rbm3{(HXxq*5A$So z(JpjOs|*~6wo@L=boDv|E#-7jh&Sl&TtUJxWC^HB>ZLU1{|byBwkYmmO99n43g7zh zs|{pvNK+@*L56(u^e)r^K=BROUx}E2-jud~=$c~AxqZLlL?2tpYfslKb2*UgSF%T1 z>1`1R-aciE;MLW8yOgq+s^dh;85dg?b`4wr_16!Q*Djyoh*`^8Q;7NTF5Fq;H&`w< zm?@Tdd{@m4Y9yCX4}dOyAjQX4)0DHPIi2jU)*n(f=-dD+o(rs-x}VLAC0q$zeWPR; z$6N4eoC!&pQRNxaO+VRdwL@vzcS4fOFr}=zIBgp1*C$p)W7clA%obF0ba#C^-OBwo zqaTz1$fip!gxF>>IZ>UNA++ezWDVS!Cm@X^jLj!g`L1j*a+914X%7|;VkI1VKyiMl z27KGQy4g&BN$uu;l5wvTNghQ82s)~yP(^8W^o7OIMa215YC$PFizZt#$>h4VwLd~% z8oJ8cW%WwH>?*SxG2f^KcU+)*ZP}vm5nvFxT8yNum3z?up(^?jW$8^5}eaN`_nt5 ze~@V}FX3%%<`kr|x=ws@k;IU^F{8WT#-Y|W(!6MCKpXp};9IAV<^z4A{x4s63anu6 z+scC?N?C4np}RI-mJK$Xo#kxjtLs%I&$7xUj_*VLtB3ST+ko!g4{lM8#&1M4X2kGs zO={7lnu$V*ewHvl0ddCawAwZdp4Y+O{We_O-0~9JaTHLFt1!)96({^mX-xO0lH^;= zl&M~1XZ5{;R~P+lWiKAm`;PDMvcg?OTCt7b$a%w^pcOp6nQ2Bl=LRb%-qZDiqOEqA zje2v?{yr^5e#@twe0*U znP6y?IDiL=dBb^VfBUeAqz&tAv>;OYOu11zcJL*u zn_#xMRPrLXlk_kd5~gge4ueGtBv!1qMYC_(`;P?GzxuK}Q~5NM>X79%`59h+%4*x@ zjSWw$$v*8`PNBm%PcPP4u2uj@3oQwRE6Jo@`V( z8-;F)_{`GSExrXewpqXD(M2!E?toQMN77XhHV#EaMg9IRXzH$(Ujv#pA=k?Bu0Lt# zVLN8CpF|#&=TH#>odMgz4hO`sgZpdt%^~vk|=kAao{FzGJSPFYn$E_tLxCKiSdwI zwPXbvgT9k8nVj6KeAZUthsU7FFrVe+GgGs(5ce0v&e@f=H)@ZhogUQ2J6r)M6aX&# zfq`lVkHFlaZUcWaFbdp<(Yxo1X=7HGt^KepV`B2gJ4+(6Pj@KoxZxJ zm(alJtEO=TCD9oPfTq4HUmQg#FKnC{F!tWtlfTwHWbBF;=2cN>Jhu`*JVuEZ4!lrg z%^3PKCTUCF_`Z#4&137VsQJ0pQwU*Tv>**iitZKv9;vz6ZDBg4^aHT`a^#e_N(UK_ z1W04SPPN_y;IfK-ITmsMp^U@dJBG45x66^cj>i{a4b*itsw`SXR~3DhahKGId?)3n zk=2vRLSnBk6zKCt=uV_lewSbNhzLN2ZohWTjT{!z+_x?U!VV$EG(I@Z)fd@^+FsAI zi8N{^n{}c;XUmc=L2NrJzl9;?hwA%UK9mj!8ztJb!J1c>+M>-XyA)^@N#`n=wjNwf zX9<{hvq-1YNWVF`X~;$g?QMYc0`wjm@Dy|98qhXw%8}vH<#1<_;^Pe(JJL%r4k-hVAe6l65Z{<1#qW)@# z8!R%uw&W#g7-CBb%UA`@l8oe4P5(sT7PqoO$$&(;-&2C_MUu4cejv9An%$@NHXQA> zIc!>Lfw~?|kX&o$Ug&UjBG-6Eh5P1Zw5+_d`&esIw*s?q+J0T?cG|Lm;~X`O#F(~` z{yjzSOxJT|W<-Y9LR#xV)Z9&s^J25r^&1Nm%SD8D_>8QrMPiq5pyDq+mXly~C1b^J z+bn6vvem!aQxNNd6C!)>s?gYerMUL&)=68tYQ^QV5D!xq(ZR(nW^BUwjeB>MqDloJ z7ceg`69%?JHdf3hkL;jVchenaXADI|Ny|;OEP7DTD$R@tf>H_iqc@ZVig|R{ zD4%{<0=-C-;=XXRNk0RUF7YOa3N8ZFU4L{@HH@xkgBk1olHdYq7L9#Hntbms>8>;- zPcB1?jt~PXz(n98abT2jS?zM0u8YCD^J9GvwSJ3hzwHM^YI-p#f$ww$DFMmK&)@z= zZ4C-T;fLgAjgB&MOgthON7?a=&VoSf%+P?fa43;6%_*o?NG1^$if-Pjv+yJSgp4#< ziq9&Y>)L`mCmR; zL49g)?}#(EY@SL{RJ=C#xY61Dr}=>lu&8w9=~3O?_3)td{Zzh`>mg;Pj?-wg>M}R09`Cc zTaWbziG(5RHc;FrrJ%)z{LR%#xpj#S$Vpa196>pF>j@D7IQV__i*wBMyGu`MplBsHWP-#oU%}CLDD&#Ls!b8Vk4?A&A+;$B}Ou?W31t+Vza3 z;2ABH?qSd7I7^jYk{s?o<*57GLTbukEO2c0Z0<)w5>M!h;_`$kcp<4dO*<&z1yNcY z?ui)por{C8$NXOPXs;4S?nE9?#JaK7@V7DslQQcG8kJ|dG!@~{vYNS5* zRqCvqI3e!)wU4vLg|MTAwOJaf0k15kH66k{8?Jae&`JNe&CLEbfUEQSv{bZDUaXl2|)vpQxm|zFL zsK`ran@=qae>)X`8>(?~vAx;bE-c$2XUEqOvfz1?%gvuS7^XZ8`>V_OyH=hyPUN@=1!En)rW8& zCY{KAiV6M`zyRku#oTAiy;K-#&X6Bdtd+X{Ej+&>FB3PNKUaQp(!75Csk_A#vz#h( zUl^f?U6H120_#ENc<5}XcCq3)wynx)VI`_I##_|1Ey)Qxa-Z+&pXUOAc|zZtbc!l6 zmh`4e20J;umVE<_S658Vluz_s0z*_avV}bApB@3-WpdN>mMCg=hBXTnuXx@F%Sc5+P(Yzw9onB zk1!sHjAcK39>Jf0;WCL371NE9dsn$BmdgoGU0&MLp&4^`*3VQva2{%qWjZcseX))b z8XTvFi>h*KAZ;pH#raTz#wTi^Y&W5^ym3}AY^ZCT{Zr=#cNm(Pf+(%NW0dXn9NVQz@J ztxC9!+PjU5!Ehsb6%M1$l~Iiqylxs|aODkyB4o9>n}Zm3)`WU8ZeoTghYrL*yUhH- zPM#QQ2#*)dpz?gk2_fCSkVl^mywa_C@>F-@#y^--!H<$EMEe27z?$hFZgJ9Y$ac0w z^-oaP^LM!*hGjcHTb~KzEMXwQi5gKke5NCLzDM3OX=ITDJq9}QgqF`qdX2aPZTsCz z8oxRZ3;=SRJ;8q65dlBkU#()DtC)l3SD%pJX!E-+6wIO6NPPaDBJ41_wjNYU0y*se zOqa9~yyFBa6oDE}YW(P)RK=fB85fVqT&nE}) zM3zDZyk&J71-AB{QhK~-dD^%s%Q;d@?+SbNp~kqvRR&&ZY0knPv{@KN6?z7GTe?S& z`-XXz-}NY1=A|Smfl~-E@m^FCpI8A8`5#{j+|uRO7-|y7$fgX;{fmlDZ&oMOj<>MG zm71l6Moh6#tY+Fe>;6<`HIfXI=PLMd4w(^lXX875vf~|ClV9sp58|CKxdInVkVCk^ z4xiQD=QiX*>#jJw*-FxRZ3!M+R@!)d`EMn$W1GI{0E~*{6w6mG%qp~r=2%}nLp3!K+-AlZAgW%CT!q#<`xwr;!v(6a0A-F z4Yzy$EmEi{G zyL&M@75F_h(S$w=ciC0j`|d|+>?wCyoJ>0wrZ8s+TOCyCe4+R^!v8-1R+CQWS30N* z(^o1&JZ^#H`#(Yvi~{T_+oTqd&-C2l zfTqV6n5jUi)643(twUNC2VI(nhSP^`D^`CPjq6E&dDFvGF`y3%f z@34tSt}yhM7l|tlX!u80IMo5U{t%h0d_E5 zYl-TdsB=OI-S~Fhg?G4<4hCXqp{Tdd2%4=e-OC$5EB#}|@5wU>-)Fs2S2M?#cBpd7 z7uLCDPe(|w{y;6&IwQUGMPa=m@nM7i&fvT>!VE)$+?XM41uH^=*Yp9+r#!8;D0BR@ zhXqDjSibmZWP0(cwY=g+%c^s0WggYv`5;{BQZJ0Z!A*#spzfn&(TZ1Y7z%42LaSw}r-B=z6ZATJS&v%W8#cb(NPV4gAryL#14kB-)nY6=tGn{{_# zw*dbws=sai-xv13KJ#xk^>4=a-yr7S)A=Xn_*Y^6zt41h;qucIm2Qf3DEI-g;MI#)i};EmzJjYn0rRY3Gsi2PQQFjtTZFq)}N zR2|D37j=+OrrNN*thX}aj8FxWW&3lI3C-cA=Q3G6&#L=JC7gk|opwC9R=j5DcxfH6 z#EbQ90K6>&ZU`HveIi$|VFryW<#LroWjF@zd0^6+t`B}B#e7NcyE_&cFIf!jLfF0u zZ1%dY@D~f%_Y-?$+%_2D4}iWYnQH`sXV79zkDi^>?YJ1%tk4a%39o8xv@Iu#94zH~ zesQ#?JIQH19=m&&cRAZ>>5;;U&1iZ}b!)_`JYBsC==m6TPZs*HZ56AY(z04r9Wk>l zhO$dDo^f(P_!#T!{Hc36bNU{fx7R7sNi6{1%EvxEd5H!DhqaQ087X4(^f<}dZv{+# zc*Ld8=cSRn0crtjaU-S@P_7nJF343x0m6HO4d(=F)aID0oSpni*Wx$tkQh%6t%goT zyMxP-n+dY5<2yDu2?V?`qIYM`E}DS@d+)ejJo86Mb_K9*lzUGUXtmT3ejuXR&;u;-u)pW0QL=TLf>aL{M z5+i#cTi*4?(05+)DDC8p2B!}JUr5C5>2Vnu{(lq~1;ELO!+~Ftq?i=3Tg3Zn zCVFqLED`2Q*w>x%m0D~+mDHy~C`KdCnSk|^AHd}d@WeP{KoA+xfn^EWxr$f|S25iq zCthwOI~2s)Rs0LXxQHcjkbapXly+2k_U(in!^lEjqts<5kJZ^)c!A(EiY<RkzVi<@joS$Ak zL=DJR$gZAmt&`9BBdZlIn3UrRw7#;ymb2h?&=ZAr1;bORIw?R`*~k`5JK`h)uj=6| zLy)%5Wm?1TgC?FmWJdK4V?W~kD)ii=gt%R*>Gk)RZwOKF-}Z~*i`+$x3=_r#JT!K$^kR-J|x+F)0@=bXRmAl-{Zdnw&V z&-M0{Z6%M7H_})8J^T~!)V-JN;meER0>;b$?S`<_b`3tm5}U&}r*bRlX^xa$cgYX= zRf}&7J489A4fI|_?s4EA!)QS9r!(R!-?q0($`RhD{v8XA6?^XS3ggk}iie6T>u+0l zxU|NeKw#5En3Cx6xeCXKZdV)&&K#K**Jmxrt$Y{k&+(@j`c;Hg>r zeH)MQoHC)>nL>?)umJ)axd@kB+uPxheDUcl%5kn`)9>fYfQ=M=F0wJ7ymtp~wNDUwccgZHheW%dAC*OsIxHqfD1 zdr_g0#Yr``AT-FamVHKLO8y~Lw3%J*XhQK1GXG7eYW!;jEQfu|)>T|7rbpgm{HuA{ zPM?JmdId7(v94xrE7c1W8E#1Jsc*=2X!s&=sII)MsmWg2f$PNEUuAT z^RI^AXQaLV&MBHs#RgX$9S7KaV>;)GHJNu`Ee&b&a(&B^pdK9b3^LaHgCTzIukxX%J&$(3A z$d#(EoH-LU&<~2+G#agBx$~{Bo6auN`viKek@7fC=!O4%6W>dsF6PDTMS}nr<@HH& zSw__8%o(6xAoL&JIQ@2dq2P0y^ZE-gRZ3U<_w2#X65oL--}a@NrVHa-?^LypGK~tI z5}LnfAHRzoYW~`|*nG3_1Dq4IoZT2*swRy_=T`h4lQMSNDdI2$HWIA++s{GrXWu5m@^cUg@~en+ zUH-Hq|Kmesgu-SN>RYAG3Y?{JQZ(NqADB;*{tyim0H{IP;j!tgWMQDGg9DU$KfKn6 z7{csix(>mmVYV^+3MUFaJlF?L+g0a=EA57CUNS4~?lt2az+jm2VW%L^7c_1edo&m+ z%o4&Mxv}u>X0-y^i;o^RM;ENIro>C5fGtntQs!D#;DL>||1*04C?znmP0zVZ^pP+I zj)yjr-IK7J5@P>w(rjP0%q*dpzC_+zx*R@_f5Mv)?~YYBEVA)gzG)Vs?Rg;$RI_mK zdlDk<8;WBPmRbpe(+uqiV8qP3hqxdNEWdnfM-0JNE$<~}=;P_58B($BkxzHo7|Sr} z94EBbV<8-=v0n?PWmxKR&!^*8Cp}q_efecApFpCQtV!*>keXl7#jakpfxnW!UrR)+ zw)e2kHX6>s8!3x?=;isGJ#arQd;cqc{$UZCr=C6yaCAX`JGwYY6mgoZ&86Sq6L)&w z-h$R@1+2#WWK7j7pY=p0-YCB42DYNeD!J2Y%fAv-{1uNcpEP{wNCEL8Y{dg+hmH6Q z8SgmSj~cZzGC4_Gh6^dZ${f5i8~8&A_Z;^upN_}7XM+N?IFb1FVb}PH-vC)|6$0&b zzv!9+QW0VMyowbZETeCOxc@&hin>otR9|YfMc*VC`iA^NUHnVC_9zK#@75+P8034n zdOrlf68|eL+jAp;Xt##3ydZbm-FosTt^xi9xXf)lW_#<%cNEKl1nJmyC7cyb0!fGX zCxibt1ODG9`A0|o&-wn}zcyXi1>Kat1pE-5`C!8(*)5vhU%o + + Produced by OmniGraffle 6.0.5 2015-02-10 00:01ZCanvas 1Layer 1Physical RouterNSX Controller Network NodeVMware NSX pluginDHCP agentNeutron serverTraffic flowPhysical connectionPhysical Switch Compute Node 2Tenant 1 Network 1VM2 Compute Node 1Tenant 1 Network 1VM1 diff --git a/doc/source/admin/archives/figures/vmware_nsx_ex2.graffle b/doc/source/admin/archives/figures/vmware_nsx_ex2.graffle new file mode 100644 index 0000000000000000000000000000000000000000..11ef427bcf18309bc71a36f6b890afcfda9217cb GIT binary patch literal 3594 zcmV+l4)yULiwFP!000030PS6CQ`<%t{#<^A-h3^HynDqN3TzwZKy}TJXzcN&+g&Q$)87i-XIExnRoR1>Hdoy@6pEQ=JsF^na$1JlU?s< z|3&A-gETfb_YNL;k1n!o@OX1`JRbXjmGZmEr4<}*9;L~^q}kOzB(?z&{9e|31lbg+ z*NOvAdtott7vDJ7>R zE&?IRU4u>E@#ka z`187#-p}6bb2EWwVPsCO26K@EQ1zy4u3)=KcXVmutZ9R@hMaH7iDC{dOtjc+UDF!I zQLzq8sZWTaj0=Sb6#|TeaIjj*xzbo_4KLK%592=Nj8eoHymF2Cy2psmu@;I+_$oN! zyl!1>=2hC)MKCaJ1~zHLB+g#M=gDIG0A(t>wjN#xj4Oe&Y*8(%iuF|TZ85sTfr&do zJlyD*%kV6TdW~dqYY+c6)u_2TtC?EYGHaqp+1Zqc8jwuVwyibah{vXz1##ahYO?|B z*fZC9=V26G*Lcm=tw|IjXVu`cfqf+y67}|(#ON=Gp}EwIwMI!7MNyj3W|UfQHhXq> z5%iMrb#;DfV!(@wHnsV4uhYz{4Wk!%@a$DY!a^1s7`8mS~&M;$yE5|!ulXtLmyyJMs@s8u2@11uR zApd?Co9_kpXZ^h_-eYnN;6FD(Z*j${ba34`WVz7`YGIM11Rhm;WHwT**bL^}*TCf% zX#{%6Bn6*a5+BS*5~?WzryE@Kbx&%aN`#~$QgS81A|JljjlZ(j zjnV4UJ-h`lUj_Zx+=!UX8QC^i`i}f}48uMySHdSyV{jl>0x5+xk>AdLcMkc#*C8jA zO#+B40ucQ+9yu0;M}E3C{kLZQbmX0wIEXV3dj}>PC+T~Se7R}0>Gu3n%=!=?m&($zA%RpEPD!|IQT^E-=beabG5(4;2JuLn?YaPh?96FM#w()F#K?I~>G}sm)ZI8eh zYG&{dS2ws@-EgZLj?CQZ#(k}Bcst4EV3Zl}AnBQJyuJ>NhDZh8F<2naa>as=cE$Pv(e5zy({(Zv4zBLKWugNl`eIOvoxTJPu!ty;{+O9+0CCP+YL$4N?dm$ZF;iH7$VUGLX34z@o zZz25bQuxQhJ`MQTS z@+Fj-+EX#gZsKY^C}TGoGv;#vB&2e3LQ=W?!*{TlNZkHmw}03%irYVYZwFYWXD%P; z0Tv>d57ksaN}$P1D&kJCd{qX*j)5ElIR}X~Os+lHHw0Pae-4^)`HY(lv zV#k)jB+=X#L~E=Cv3s-yTeOHn8S?FcA*m>ZBs8Zt$NqlzcCWU&gP;NMO2|k!(&}Hj zsrwl?7G_$nrT07W+i!Prz_JXmfF0i!ScsOsus6C;&XDHJUMEJGZ?AF%tiggROc(Be zB$)VI11?c;@)Tjh&T%!brDyKYh&wd$O%9FxlRIP49o`vBHEW#MU3h1o8;F0MfjH61 z4aD6*+zrItK>RCQC2^dLGB*CbFMQrfa}x%4HDMs`aKfNDm#FZvNX0ckl~6vCNC{4u7L;<~pvpnj_cmcL zx3KG=>Os3|^!Bcrgpo9n9FU4)thD{5D?xqx3tO5AaJU54)VXR7|NdS0M{dNwQjsS= zzaI9gP&UhG7TWlc`$;v3uj&Ue%4$tc5B!y+tW$p7?jl!N8?kC;%rq}#w``TnyMfy!R49`k~Uyx0%;zvQ>%Ggp>glFb#yPRS+~oc2xJuYkui1A>Y_7?L4Ei9HZm%P^0> zLIJaJG6GLQFvbsS}J~Lc5-V%U{ z9G)j>_;(Tq5tKWO8!9)SQ8($CUTa2Ax3j-{&tFD=zQxG=@icn(;(4;oet-J=i_YG~ z_Qm0A#PQkNmr=LB1K)dxukpK!v*&N3Z3y4l<0mKN<%f4~5773Dw|m>247j##Ku5o`r zwBbq?EJaJtbK*h*Z=8hLJbvy3@yB3Tb6koTmqD84#juM$g}b-i&BBk%czbzd>pTQ; z*Q^-#bsT;enbMWNruMIgW-rdd^txt$v#jI!HjI18crh0gOwfsfv**U@Y{M@Qr0MMM zj4WGbdDG83`YnF`-lstjgLVG5=##S46{4R^d8AbzwA{_HfeB;l-i8$U;XOiN46h}s zZ_1dBDQc57TUk0Xo3-%cQB?W>a{|z*XF(;n98gxn>*KxaYCqxkW7Dr8*sN{{>XmOq z5lH&9`UjQdjI>npU6Ncj-B+JCy2%Q?38K+lb1$4{X)&1}TGO9BtW7MH05u0D<@+E4 Q>v^*FKb5%!kEW0S0E!&@`v3p{ literal 0 HcmV?d00001 diff --git a/doc/source/admin/archives/figures/vmware_nsx_ex2.png b/doc/source/admin/archives/figures/vmware_nsx_ex2.png new file mode 100644 index 0000000000000000000000000000000000000000..3d826ac6738895232af2cde131c36f3e1ed0c93c GIT binary patch literal 93105 zcmbTdWmKHY5-yAdOM<(*TX1)GhatGTySux)ySr;WC;3)9vip^!$1IqQwQzcGB$<~dk_Yjf9c{$ODh#0 zYPdV6^EK>PrRk9;b69-$i6deYB7p>f6wws3qn8fU4&W`Mm-$*CjDu{&0(@Z7(X;R<`Wz?lCkq)wV zPcb+5kSPtqfRd&&en6II8OA7rf_WZx1qK40IKa_q4;S&sVVVu%T5Pf#4iP4yUyQhv zYPNUy-T3LULFrNd3w2_@%vPwY^wdq`r)UOr-x`}_5l~WqRhntsSryLN8DMeW^s#4o z6VF@emFK(rv&tpe=~T8rWHw;a^0bn^3k~FsL?Z*Yp*u+hq|pkJe{ZW&?t%d1>H|pQ zM&>nMu%&kV!1gEdj}fP*mJXmf7If5yY|lCVHlsbk9QSEs=g+EK#prx~#1g1XMk0H~ zCB;(0`4ijMl!%RDZxc$^)=?q~5eHONS zFj&cE_0Fl!E-KQ8sd(wOw%!188%RVrqSSZI_SY|&u1~3}k&p5tJw%{8CAc4N( z2;j-!bmCxU{1Ej5ygz_j@XHTS=KynCka<7%X$V<=R$E9-2({kNwjV$Fit)n+_en8; zZupr&`~N~f%@-(-MJt3)6I?{V)_`^s5|C#{0Us0!i$#d%f1D;O#h?l(&l8g8xgmDM zYKPVec*=#ECSZnq1@#I*>|~?3kO>4+t^QGSJX@>^xoAi$yPL8xR!6| zTiCxqXo7UUB|!6khX$V!RfopD6c&tCCjmtyw1^`r1S=CskA*A5Zi^C+v)cuS49U|= z#XuXv+zA0hZt1J)E$T}$ETkHws!F5pvl=5X`91m<=`Yk3tCLsqIm56bW<=2rsOrY( zeyvTZ1OK6S%7p_r+>5!5W9!|Dp~+~?QVr1pzZBWwd(!`Ti|o?1lWGIy!XLiR;g`NA zVK=M~jt|~u4E|6Lc`S?ugoQsmVKM=UC5bWu7W4u1Yarq`W(B`eIY**k1h)ZAeagD% z9|D~cIApR3C=$UW=!ztiX^no$66Qo&WISYDgb5>@hGO;@0Df(`YLXlR9a8vsKKVon zG88#U91+1~Sq{lIem8zMp(4f4rPlN6<*Dsi8ggC2UXot)VhKzs*C{(ARS6Yw7D*>5 z9;9-KODQfXI&?YYI)pxwZ^bXIUwW@idTaDj%f+R%J^ON*L_0#pk^aHk8 z1{Fv<IaiEU7;wed3ZLf^js|b=54&z)j7W{X z?osUF>|yOSj4DEYW6*tIQp7BZOo;4=jJamsZ=2egT4k*<(|+%yOnRiUrt(Z8N-|CY zO^PX(RCGXBxvf8jLiFk>q z5gDZ)^Bc;#?Ng0YpDgxG$(SoxI)?LW*8qS@(ZyVje(vv{1#TIS)E{{w)FZOc*3oom z&S;cqPiXJ~lzu4Ra z9aDF3cSO%*&tIT;LR>?-;O>7oI#YB6dMzNH9B#EvUPkUfk$aHW%}JDOW&tKCCqGXX zeEfv|3w@pz!+yqYs};vSj?R!SQpeRcZ(e0JX-DJaXcDxxYGC~b&+=>QGc~*v ze4JRsaAHZq0oK$X2y8qk##&2ssCF!?1kP zLVa?;prc`~Bs+C$RdMxpb%CJO7ZDa3=n#+jKKorPA_`3k%|&!XY*1uDOh&{*Bt=9j zMV$uFuqzs=5lK+YgNBcd>OtacUv@vcE)}wKx(&N?PRFE~+;F;L-?UdYHdP&~(+9Al z!o$YL-9&f~L;hB_CtZD`)8?`Vv6Rpe@*ICKM12r-sr6v=5(kkISRXheoHC#lW*|{5 zfhw^BCMVGJ)2UwP%5S$UF*dP)lBsN_Y{D$C@u6`}kW??cmRgI6hrElvpSgfRsD0FI z;amkdpMNG!n!*8K+>sjnCVeX&Ns>Vt0QlHoUcX@?W|T9kFpju?vzxwaJ%&4SJ@V|$ zV$9;=WYX>Y7W~r3a&7@v6|`8bx!NY{qSe>Fb=!RsV?|&kzWi%UbS%mUd(%36V_qRw zp|)GswBcfZNU%*%VXKRF@++L>pe3s1*}8E!{1_@7P#h@*h<+FS-(Za57q714col_ycP05 zt~iosDrkFvU?=3b+#Y_wzsUZ?z3dk5RenVNnse7Ytr4z~x45<#)?CPH<{|B|dE`5n zg*%B$%a`%)c@ue;mfkRGA~h8^iJFlchB{&px84-pa!l~xS+upc4n^j#~y)ovO zQlov@W?#12_57leQejffp~dBu<<)f-{2H~0*O8s9bLwq&)O2Chb!6M{n!HmL-TlGq z;7RM5e&ep)YcKje3mZHF^68we+v8n(jpxW~<8=nA3|^aW+@1Z^^wr>WC!ZWvjw-vH zuj+N-Vad3x>*h3fNq4Ft)FdXjRfzsQ>9Izx|HD+-6t!rh=&@Lp*i__W0Ml0=v0;B?Ts89fb@A;xc}<;uXq3O`A>g&QyWJcpcd@S3?!@_jqHJg9rb=o$IJNN(f{`z z|6f{i_GU)FS^qWq%YR4z`R>2{x#@pT{0~L^N6UY`1*(}BmYe?XCF6yy-COzKw>6>TP=8P>7BZ%G28I~fAHVFIHr1GH1?j^kv?;3Zd7q*uKI-Qvp9FY=5fH)QNVGZEeHV$iU9Ke z^c)g^Nr%0mKgu$<(w_iO0wM80*mX4YRzmdcmST zcCU7D`^m}u`)Nup^O1Tj*#C%wfN4qQPK?faarB(*G%oc_NX}Xw33y7QOyux}55Z03 z-y{aoouN>HgCdwpwLyDCpF221{&C(QP8J0d36$PMnn4+8P`!zq+2 z1Ed`z!DHD0Eg?;A_ z0u2$#4-omxb3X~o8Lu;7rGcZ0t@XUN6XT6h3ztjy52?c~h{s?tPt+k0CG^+7P(5wbE8@Y76xOGtZ6}&iVzz6Ni{}bkirE2?iIDpw&ozHp= z^~|y`25&0~bNG-`1KXVe&V+SKKzy%HM>-z|8`{0em z*U5Lrn@I16ub)XL_O!1;z4=8)Zie`usX^0$@tP!~(Q8}o;7GpHrr3{++s%{1@JjYM zeVtj|5G9~t4(xW@vxK|rU38^uKg$-&PF-Hb`04(K6csQJ%E_vhn?4Z{n#2bAM5Y__ zr`6WTw|*ed4}Sc{Il}F>v$nLRV@%$rU@Abh`~K(QuOa%W1h7X~r$7-_h)1*lO3iPJ z(0cVP48{DTUETX^4l+)cDE&XodNUz3D5UiLO`6pAC0y2JclJ-&-9La4Ovm#( z8nQ=WXBQc#WWp^~(MsvU|Bn%n9sgIDM)_pb^JTt;Bm1Fn7;V+f!sf*Qd*GQNBV=&8 zA#jn)bc~Q_548TTaKFdMBbnyWaNwXBwKK6Zu~5)MXF>XH$m)(y(`?6X%ieL}L^5o5 zy{`J6K>g2v9Dedc8%28N91ssuK-9}BLq7mc*AdwdAtNe&NB?xz)4*V7+WHtW{lou8 zfcWK-PYVL-*(E5Yw)FA@?CgwCSsD*)dG}D0WBa#0h4U695d5?O^HSPgq*sgVzfs@t(a2fLF z;+vItCuObGN)oeI2lg!UUM?Y5M(>k%UbbV)T zKiW1+TqcjZ|9WVsK-qPA@t6Miz-XuauhQ}y0 zXmY{t&m3*rW3duM1>c@jOxd$Aa~_KKVRAa=$7ZhO1{&NKeafUOGZd+jc9Jt55rvaJ zcw;x6%kFn9FU`y^_-3Z-4*U7wiB?-9=Tfsw_a^oeJXyWXupe?Ep!-%Lob;$evnKQF zC@5nj5%)JCp`=HB_0j{&b-TMw4)=QT^$?)T!HUh63}95GAfy{r7YSL~G~{a>J|7{d zX!1(85<4%dOCXm`Dt%T~*A&I{il@kU9P6@*c*v0W`sB;_k7ok{jD!fxqq8e#P(09@ zPFn+Ll71)%THEnyJBLN^ONV>#4V2jmfb!DvBJ>R%k!SVCFQfZiVhhC-C=t~et3;F+ z4mLF;X;nyVdVS1Plr@D(8F$Cw&|XaeLe(L21)FV(w`cb?p5@e5$0Tnyqoo3l2dE7c z;|Tl)4(AH)K6}P0BrIQ|&pY(!UN4)b$~s4t;^KNyH@o-2Bw0JZV^1Z)dfx|RP_l9= zE)>1qpJt5R^3r8~Nv_UfO9MwonYqx>&PSa|L7L~^HQ8*>gfwn-uv%DPo5hw|np?rm zzUSvUT5(e{-TIW2Ew#F^Z{#VRc=ZtppIHGz&1$5GL#ck%(_8GKh?!spS?Apnw`!w( zvw&w(LHJ(NBX5}Z;9n#RGdb(~F!Bn|LFHk$^-?@wZ|CGPG> zk<33N(0hv`Db%pUVWyP4KYsDLPyWE{Z-VJLvVsf6ZQS0-h?FJwQf_{XtwABFC<>-r zNH#FN;6QFs;!0!j*vZ$`T^W>55;X9BYega%(6x}Fl2hIZ0FDkZiVn_tK5p&YFxL-F}tFAa%0S7Q$tq&?SM94nCE>G9S^pu zF0v;LWAz*7pBDTc5jq?Mo)lHZ@W6IIy^xgLwBk&=`+W}$Uc~I>mv`ggQyUe{O;Cc^ z@vQ_(<6w@>w29#jxD2&E5(R7qYlS{DfGg8SG;K;^y+zX=FN@Evb@)i#K_c6Xa zol}*&JV_#V988PB3}R4NU4HHYLlb6`2;}?jR(Boq?Q$V$L$*>=cpSdOL}ha#ZSl_+hFsUTmHo zD!1^;Ho3%F7Cdp!%+!OW3T+5ES_*OW!A-<7!Q1s&aGlSr?`G!4BKz~4_J&&R(I$(f zB)MA=CzV3n)+lq`x3PJf@mT4*C3|ubw4n2y1#7g~Xo?WN_G`ti5x`E!tlV3zx|-oq zU0SxLi-*Wdt#zj<)$7(m(eXSzdtxg^wO9PMMpb#k{Z#@>HtfN@&DT=T(L#YQmoH0D z6^|YEr6SLM`m_0Zr+-G_(CmKEJyuY)6}O)!8YE{cXEsZC*4cag&>H!n>^Df6hML&D z`Wk24eIYqodnoI(UHU+eM%wd9hM(%pauq}yX7v)^G&d;pt(Vf*9A}ud6yh24nZ>7} zWCo-wTPrnIZ&vG5z3L-h6VuQOLVXq!PyL>%tDd733f8M_T1-R|Y0|=w5t&-prVu4N zfs&gF#BK15T#)p!MG`5Xd3{KSCP6mvsfGI|Dkea11rzwvkeH5fB2ZkIZxHS;%*7PW zwcBb3uK*$DCKVmC_!=e4B2souBSLE&q+dY96HYSVE*ko=&Mlvn%4!Iils{;uQ-+Jx z-z1~?jH}v;3ZD)}cuS7baFe#+<+-5da4)8Z@mzneVL4Nt=ppPP9-{0pbgj48s{?MY zqW2>g{BG7l7m1dsrGhj>CBA&(Pn4+sR5Gf`0q`Q#m zzP@nnx}8xG*^@J7Xpb<^-`DfT1PIE{3 zf+l-K%jr(+^u(Kxi*4ySaO)|A>jjs0_f0l@bk2E99A$58C8NY?ql;BkQL2&t&^1dr zv(?Fjw?6$X#G^uUqdf>B^4G?J!VG}5)8X^_Xdjg)CBhI@{5I#X6c|mVQ4b@GAtB-e zRonY-Q5hEz7=(^_C*6`eMNouBdUk2o`vyATe?a~n>VP6ZfAY(fPlgywQ~)=94DJdK zAII?;K%67diEH^TbzXn#akIYd!l>u!({#qe)$sm68S^5gC~jOO$?=p;wmr2CU#IRl zl`1~plOR&$?#NzcB@t?YA`=$z6O*w(e7CnX)i|NoUv(Th>Y%ate1e*eGyFAtjpi#? zNyGEtr>kR*gu|qm9#xelwC(i{o3pl*cwx1C^zh}}Q2HL`FjLc;CB+Yqd>78(eZm&l zz*O&V$^Ckfep!W}{orjZYZ^0=`}Mu+`t}Z-No(=ux?iXYxyif=LSLmq0|} zL6)zor#EvPKZ1rKpVektvJ<2ZUKl5Z!Zq`wR8}% zD)lrLHmEKvdvLHf#Ax?;>fGU2?~}o{2=88#t`82V>D0pilQ8o4_CRo#kiM*{mYAoc zIDeUOA44FO5#*}bbP6T8h|fX|U>E^z(PAKuHKzKiaVTA}u;QX?ur^fhrK-zXE zy8!QYDrfQ3rf^{?u4tb2ESzXD-SJLao5>|!lDl%@J!NprEx8V#^vY$wH%tj{6TB+2 z`4o;!WA%@i7MQ9=^G{Pq`3q|gVRHaZ#dNGy8nEi+UhHI_7+4Zaje+q^!4;VVhYX#u zk;Hg4^BlDT8A)Dwi+C+44E`B?+?rswuswN^L$6=wH>9MUk&f}wzBJ2tcJWPG*sV3n z<;HjidNch@QVBT;`M6Du2!d1|2B9Fzlx38-s7y8U9qY;4c|I*lseI-$cH7M6Q=Vd= zlWF~(EI94>AdB6V1ThU^xHy@6slPL)kL!&zttod?os4(kq{bch$rx`n+Z{T{Ai1f^ z7{>|Q-6o&wZ?D5!{*%T46U7w%>C`P4$QgRNERJMv`z51Y>eH5Bb22Cg*Oxa7v(Tl= z2%HpMM83{fr1oupm?|=-ELL|0o~JBoE*!A0C&SCho|L?U-*{CwyNvv0}1( zkCD2aIreGU=rd&<*uyFwo-vGuTJxyFPM5C~2Ze*?oUTh6*_YI(@=x}u-WhBX_$Y~; zHl2??wckIv;kD&O9=JGaJsBDP)RHr~D6;Li%s-;-hC*U|*|MS8MYyVhsyL)0+xS%b z`43OsId`T$U_ zB!Y_LR27KDUMpy9p3lj*HpYCWdFy!hP@;2Dc&}!yx)5sr>mX+%Z;=$lZ`@ZzESPex zbvm{|4q|jSb~mVeE3gGARq%SjTg(@t0~ z$rp+ddvSd>&4V&CCWk6taT1XwHUX-ITrLri*4f|f!U+DIFJhDDeZYY4==?e0?w_Qa z00SoT^=x%l4FwZXROtCuB`4ZZ?8_wyfT z{4bzGS_ot`-pu*~=N}-{?;ux~3`{vb>{SVXj+s4fyK%3`~&dHw|iWx^@3idy> zU6VGUDRw5v{B-6wo^ku#(#}F&`%@(dl)D(qHn!n zeuiK5|9?Ot>Gj&j8z3a~H%J3)^a?}d(xe?4=l+HR|9tidr>ViXTQ%vf5ya%AWk6=2 zWxPD5IsRb>P2q=EKocgo`-Xta1rRooq%Lc3&Ne^6epIT7{*Xw6^^p@ykB|@r6;pNw zQ4a+hS3s!#Nm1C9A`I*UDb=BM2_={3g@IfQd5ISZfO2N95F%wTNtbZL-x|Jr` zJz`98zh0iQjYcFnwzei`>QO-fs{9*eS72`dM-Se{k3$@rI*kX+UCD1ur73H!d|G63 zBJ7WH>TL_#RC`T|DJ+Il*F8_mvV1H{Rtu0#^@Wt;&K&`)r@Yb~@cVP!1s{~>bT3$Q zO=p1)Scwu$!|-|^sF1>yrrNqd+mO6P0q0()WffYxt;s6qL9!+WItvW% zZVKOg%or}#2f!lkkYfb|A0f?jh&-wsW{Bl1?Eq#Htz);_IXSMU;?LBBm^@LvT`{lj z!E<}<3xd^SSXj71yHDy0_BzE|Cv$Vv*h|P1V6wB_vb&arA~A2}zEC#Ft(M6xZ*LF8 zIgsV(ZkU~nb8+PE}?cABAQs4?tV5>8kV2~MAt;3ZSO}%Ho zOG`mAFf^5m5^it;bNk7>KKl?fB|_>D66}hX4o#EA=~h`qNlt9Jz9MfXyKl4ECZYe< zN;PxwYvtl_w#Q4{R7akN)}rAwrIakWMeR!*_EpXOl04$OA3|6~MbYIj{9JCnpd>Xt zDW1R)qj+hl3lc?CcrkIAStFAJLRPq3u3XQCL`Cy?0T*3{gh8`O}b%AN@9AF138@HZYD-0GXoK9Ft9fQd4QHw2R!<8uvUoK)Ygmq8`JTyx9U1;FT?bxU2Asfzt+{1 zhrPxN;s=B|D?rocYKKbZWgSf#Tjsjt+S1Tf{h3P84B?Q(um92HFo3>U{(L6kJe{VI zotfn5yl0>L5Kr&a@RfZ%6QVogdbsszD16C{>{)R;WM*CgoK|fjO}s43ZvT|QeZc@m zd0~DA3D59Ne~cHeq3*i1eh&d4Sp8Wvrx>mO+&Q4o>yENopKNS*IOq`_g{p3VcQK)WHUbN zc9b$0GdY6Grysz;{K#T4&}9yyu*>}yPI>HS2YIOsG^{PnNGb! zc*kB#3s!YqQCpiCtE-ouWLwbJY7T*W%;2;_|E7X~hV|`2JdN2~o$n)G0Lh^SQpdm= zhu5V4LWU|WJk^};+-g8*{_amR9)-m2jqaS}>dk`l`w!19GfiI?+h60rUO)4DbjABd znXsatuLyp0vDv!hM6X(R3r()ttm@9V!cDrMDs(|=J*X=wzFIw`=1#}vw7SuKI?_r} zu=kX{2=uF9MfLkg9#e?FZWl(%%c_B=uv0esW-U9ZFYT0mOy|_i#KA#lA!Be`!EMdW zNk|v&ZGTXd3_}d**sVVg0+vM*3j`Fs-_FL8wgLse3UMB{JdbUWRC;LbpCJkRa=HF=vYg_oEnx!L377c?ON(6OJGXu0sIyVvx( zXq^QcPUu0J>!__oSaPxH4mETJ9#UgMg6xR&tl98yW=$H$i<1*ofn+wfX zhNgNFUP;CR<*#aDHZ-fkmU!aJ0WSQ)h#t9p{7sfJH zSyv?q7c|DHFCy!Ox2!Ag<2JcwuXFK7=N5GGyjEmqlvt4ZCO}4&>-fDL1 zlW$IJcltOy$Ft}>cQ@+J%WrL(^SCKf_20#LAt1&@`H8;p+Rk}ON`&rJw*_;R{D24ZBdXQCXO%21D~5H}*KDIq z+3lce0OojLPEhSVSSqw?q<@%|YiuN?$vh-}}~pt~}ff_6wQs}Y{^?uJw?*cY$EXtWEjn-RcEZ4Lq^=6-u7v8(_; z0S0uS?bR7JnzV|~GeFP%XNS)Vv0%}M{wRy0m}JqVb$e5)9?v@&QP*Fp40`^cNdjD8&X!UyymoW-9yji~IvgsKUaE zAiq+u)Z>~6nNmzirYpKwT^1eH<8m`058bmTzRrHbiAq%05=p~>PNerQRX>k-+|5aT*3S+OP?D8IVwtW*IUz8xfJ#^~xQiDXJ-_YjnmcX`WO=QP zr9&8n zRqoklq6%3|Med6;b%pj}Q;Wus8itiBZ7|Y%G^+_$0DZc>SRUgvDL3hl%rgg ztSgH)1XcL)GD%yA?m62A1*X7z0g>PkMPYT*8mCV-ri~3SUx^p$%l2jxL`E+TY$bK# zr__WR%!c~9m?w87l^Dq@qiU*(ufCgdI+v&F=MyU*nr2LtqmaE88x##AxE}gsV+~D} zdv9&!RiFADS%*C0IXJb(Zt&}_q!Jb;l15nQ$xe>OW@fh8Lc`T#Pl1meNTfg+7s|8u zi1G6iq(VpHFXoVNk{@Vcy~gZy&BpFqM*Us-7i~Bsr8s=YJ7mq@*R)rVmLn1|yFcHNDUC)Tq;gPf|vp#pMZW z{)8d8WCy1IWsa$0U}>Jh2zYz666-*zEHc!88V|V87=AW#X@~s2Tn6(6O(C3+0KpPs zpof%(xv@L1?#oM~S3kq~`-W~u@WzHt#8}$*kTKtml)T|_H;!{RMNmty!vgL_z$O={lGqdn$GWrd77h@s|m?>Gg#CCu8? z^cHN~RoCLZ@1}3yIx(Nw+?MS1ic4+o6sA9qqG`u?#Psz;g6Ooty=IYR-3bT65Lbfn zY_&8??q+m4m=be&w>FFNpttk319@@bl~(YLJn*!B1#BH)+q-`Ca%U0F^QedPh7NxQwb`3JP1Jo6*Evf+z4p8He_iVx;Po5IYk>IYIob z+27aAjvB;Y4rI1WO&e~Ib3aIf-c zJVPvy7%5Y#HuHUv(QMcN3M$x3hT7zI>`bcS@$p6D!N4C{504SRkn>q*gX!tk zZHKTX(n#ak(3x;-)js30c%gG?Wz2;BM=pZtDhTN!8W@;YBPEogpFo_s*RQ_RG^GN-TWWXFGB?*G0A_5vpIPFL9xFdJ{( zY30ch%ivr9Y*`y>KZ#|TQ6%zrmJU-gH{%QPC#XLp|0&VSJgQjREuSnrEH9(ZE^=iV zB5WQ25zK#=E1k4c%t#d9ADThU-Lvn2j)7$Q;ScbjR|i76fCiJEAyu1ojCidNM=@SM zPHDsy`L&a722v@lP28=pEs>N@hqL@oIiV3im8hgZ+wbViit~>|csMp*w>L{oVKeCs@0m8`X)W~7X`$dcW>8-VP2~pw)dyh=-r$d z)`crgD=F{1o~|bUOgi$Q70cf@b$AEQ2E=6&0#%`>?ssp8^v4i?qtifKoeqfXaJu!J zqTTOiPMDt<%FxQ;Z}iZI5XTgb9&0%L>b(>+H*KsKXxS(_bA~$Oa#!5U%8t)PAzj`Y z!>=qaj+RADQPQyQ^p36+=NXnm^EgfTtmB07(Q1N6boCxzt>c?uM|MyhtrbsV!d$rN zJ^yM9=^v^9mTY_gP2F<(Ai}qxwcErAToB<(-L#?>vq4$IXM?M=JL;IYW- z*jVjNhkZi}iO!}W3YlBhe_wXCTy@Dr^XcBQ6tVsE$6A6w_(y{nCrf*e2_HS`I{?c$ z*F&z%)@r?PCPBS>oYn{Ivq@ke86eTTiD+xPNTzr~HXIR^L=tC~KJu|$6 zp`xppZ;7IoS~|-&_#mPzuPjPFm52$ihx;#1?hv5kG-)raaAzr^mtQ7$IW{EY7GJZV zuA5Xwk28e55_WE^cEU*kZX#}YQqC1T+za}7XJ^j z1cxyE0LDjJLn-d`wM1W)b`4E!k&^IH9(S+y!uZKV)x+oFNUXvdkDAbnnb=BR^ZTQC zSfowTg720I-(xH18=fe`D(}N1G?^)wl2omhOW?wm*8>q>7uq2_OUtU%P6C*oV;_i`$TnL& zi-+^ncpuXjE!QvV;IaS317RG3p#cTLMb6kCX**r!a=>PUq66SIYp5$q6;?B|Y$&d( z^ZIM6(-@!Bpcl&OPJ%x4&oT|*={EwN{tqLcbK-gAFUrsaHJ!yFI$twmBoZjCLj9M> zDU+{hf-01N#yuTI8~Q-vI48MMCG6ij>qZi|xBYjUw`soN{4K^|GPcYmGwBG% zS{`kfY10_)EOP_ND$?#&Y@dr6gV?u#zx)4g@Y|4s7*U3HgNho73x?V(dqhgQQtEGE z>?DZ6DW6z9%6;=5;~NF);IG+5-QKHCOYdL_Cl5;kTO=5F77*(f1d?>KVsuWD* z_XKlSVSb#!mG5KP%K+oq@5Y1bxkKQ;@7msxOUuiM!x(6gu=EQ`;W|?uds0mEh=03} zKn=DW;&(e}K1?J-fYE0sU7Ijf`bxX$@oA5muuXvN@;DlReIdPD(HCgCfy3eSU;j}pAy zyDogK%S+Zx7h*2jE5~0hz&Beh$$n?M1iElwbSWp5xMrq~rF^GX!&)c>m^;C4_^816%<251`xu?t@lvqY(q+it-z*j#$49){2m?VWhz`6+gUy+^S zrqJ3osG)dQ_~*v(ZE>xie(x4`Y`?%C6i9p`GK$DMrYnbi%Gbw=D;|aXXLL2?3S{&O zh~3~r%*-ohOL?B0={}-KQ~G-rC{U?kVdiu`iAl9rR4w?0C|Dc}QQ!InRou>c%G389 zKh)D#$oY$H4tSbKoqwTX*OD|DEvLwQtw7q&Z>#!*m6%qpQb1p^toiH52$Gk_gKswq zCSI|P1@&GMiz9na=#^YbsV_p<<;9{A|!E(gFfU@6G_EN@%Lwv;hEi2Ki(XAV7m0fa@vXt10T81 zuSJ8mVj%O;_RS1t!~YgeR5Cg3i+6i^ur5?tc+n-{WeU#Wze5S z#b=U8kA48123G3KRg5R8n7jL36{_QlVV&4J>0y7@($q{+D$x7RaE-AY8J)KudveC$ zHbm819|*Wx02~z0bk@8`&9*S2vuN^DcwZ!45?QnFw^F{g*-)Oc^XPminTeLrKXdrt zs@`OT-}U$?3WWQc=5CBMBs;I#Zs6<*>G|k8TO_-F90q-+POCKK>GhI`j`?yrNCmWh z9?*@qm?Tcs%gs4&{eC8$UKI41-0{}!rdZ3Cs;FV-I{4MaEA5aAQ7CvM?%RDQJnbal zj6U85Y1+m>AKzY2;?&dNNnG`#HN_-+ZRRYJoL;-#uR4n>Y~NlNr=as~+5NR`kGfaL zOoXND;mw@0cS_tQ&U*@rFVebemz#y40C$*4oOq^7>Vd|I-ly@e;*)jBpYn4waf@M# zvj{JHQG2u~q#Pxc_37DE#bT*%=14$>=H6dg zRYW9UN1^X8-d`yt4()%J><<6dOXIaXUe}eKl!%1JtGxrA*RMUa1yBWUvKXAw#l4>V zddXYtC6`~Ldfw+|qlu?EoW`}@4|6rma|b6bEl-hgn0IXIdW`7|C*&>lMB%eFZ*P8b zA`-H3%fy(|zzcTBE=cYGN0jw$|Fk0Oo)3qAIWk9hP`BkxpVPvP)?G5mXdBjrIrv}U zsfS^YBZjKMyGD92CG-e$%!rQ#Z!A!u>I`1Yr1foU46F)sqH^~*bOa@HBJtc`g^iuz zaOjm!t~QlfKg=8M6?c{6F2jBNocC;Dq9tKGFzgg~M}C}6hD3EnIw%(RY5rwr zUB%p2Ji12zgG_dqRos2gk9@J)ge(0gExm3lS#jd3zA7spk=!w$@>|%ov!Do{IQMvxO8)39#T~1jrk^8-s5e>!T@B%A`?WNfW?$F%R3@B&4C-afy0AZvnhopxi{?o zH;AEm=(3mmVoE9dmw_^U3Mnw)$AoZt*(6rk>g6@OEQ1?)AVyJG5m$L}UXh#cVAqY5 zmw&s2qW***Ps?)yqp7<2bHgeS%{%DB%;0qP&j}Nq>mYo6s?|yK0FfAXtZCKdw))|u zp47B#NyXhRf=6S5cdo-;DeEXk|);ZVpGPIC&<+c3wm7r z@DfT2j~|Jm$Pzfza4YG;wTgvdsgo~PHW#yjTd%H=Wi^uN&%ZM+xE43J@t+1P1UxDi zA*y{*=rW|2ZnMIo$w5Km=57(=%p+s-3((Ks7!AC;=11Nhqt)U~}IBm0}3cDI9_4 z`TfZ>xm@Z)(!yQX8r+!YDfH{nQ87jJv5500Homt%@I+z73vjtHs|ic%R_idRR9*0{ zoz@sK_ay}AZ<8zhVx}|>GJ6c>IVOG{n76`$ifGl{4plYjZFDfAj9wAJkGvVMu? z_ITwDIyd@V{B~&-K0XyGn}UYyvdkYCp*r&THFF1$j27LGyU=9pVGd%%2qY570OAkk z=)CVj!J0w}d`24tNXm}@dmBWOQnCbTM~K(_h?k@*ZVYl>hF`O-ki|abKF*0MxSRW* za+YLLR^3p{g%HPKi5M40HfRqSxI$u@Ic{<$7M&Z!B>$c`fi46IQC4900!gNjMTza9 zW!my3s;U}w39Uf^kB(&HYZa{s;%s8kw{2Kd?!HmjVPexzRhfa5 z$+i6mz{A>%e0a)4L09heIM+^eT%F!-@#c(`@08P7<#fna zS)0X(jVpJcp|@PryINn{y&>=IX2DU@uSxNWjY@W1)v2$au{X76G*?kw=iIED*>SF0 zsaKsB^?P-j>zwT{vX%tkJIi+T??dky5!;L@PPWvqC*4e7VU9msG86=Ga48^U*%Z& z0+UcJGK}27{iO@Dzc@6&4UH}kS=Rfah2BD>4j7l3g8T9F1r$m#cHAI7(}suIB#bj) znzTfbxt1fmlb3-E?B4IDF|K5KB$Bw7a63dc95C*XkhwGNRHsdt9eB`_QUodNauhxa zVBUMw>|pN76h1fS(Kz9IG=2gDCHN`1C#u+#BI0f3*m6{7Yv!>o#k=U3I_8dIx#7Gt ztE}c=*3@51=?5X)_|DS;z*d0L%9e5xo%5kn$#;vHO>=)ANqMi(PvctkoObQcTJCq!=1a!E%$a%)(H5dU2QdaJM%gNn{&bNE{^ zqOpO3TinWu;S+hmDBtrUDiv%t+Ks^IMlV@l{(u=#-q3F#bDx|cs$kn}G=3bmY9+n` zzFQmw`XV&_sxmIqo+z&wp?&)W=9u^`oNHOUjdw9RhtDju>J{XXpUEyrwg6|gHNdZap7zHK#qaF*#uJRuyn<3HzLGUC z2_5l^#|#Q#lz#-v%Db0aShGX}IouMsY+(sWDSC3jOMJda_w4bkoT-tBCn2+u1PVcz zKAW*=F%>O6myYFVQF(C+vBVIy7uQkIC%0!2%MqRxNsGRwRXrEV0~kE2)<yU&rWq?RV5*B z1DK9tv!UvJQLwcl(;BLl{@)O&!T8zF?`rA5L~ie~MJDLQLf8U8qa7g4V zYGw+E(i`gpR~zm$2eiFL()=iBF@(taA1Fwg^y`TUVif|GA0m^;8AzTcKUZ*Ok~_1eiMm_~)w*?~Vzvz286+P>mx zWp9mdVG-ovU{$ZyjQSHU(FwL(_O##Dk83MD9bAZf|%&hmbwomW)=Te#|by?6AzYZ6A!_5lZ4tINYuV!tY+z<4q&(qsDk z{(Up=q7k=1j;0Lm{tVWJKC#L~KaWi8gRlbAsQcA6t`deNr_vBSnFw_nF*MF$7hp&5 z<$x2H4{k`ZnexKQS1ZDe9aYmyJ5Mj>H*T%_y6YC0f5`~zaYmLjiX#T%uBWrV3XJ1` za{a{{PRDW50$Gv}Jhjnw@=HAi)KqlJZ`BIs7g=qsa>)Kc2tOUc4$W_%t?12QPK;0QIWJQG~m*0k=8vuV3HYU)ZeG+a0cZ9&jxK z_~l4ngTt?GfF}hUwgde!h%n1xK%KR98SrQ6Sl-XgB#>eAH>QucV4Ybybf(x-7ZoZR z+u1!L#_Y-)XTd}P`p~O80IJL!-qaC;V+g!AQK@%LUGGdJ_nCKfC1pa^cjc)80civK zJ8(9pc$1abQ1h~twm{c^fE7=qFFU7;4Ix5;*9__ml|6m-2#Y!0#HAbYREyX(Lu|&X^W{il42cuN>tvP z7AWOL+bXd9+sRa+51sKhG=5Qk46+p$BV?dl+4*`eQ2LM5VWGwt)`BWzJOk>P^I>BS zOzcLP;oxe6-^Ax%18&3rOgGj~>K9iZFGj^2@9s7i9qB*(+dWL+)Ah*qN5E{Z$|P+< zsAo{n(8ol+Z;+3F1y=uOaCpRo&vLtwcoV-I>`?zr0H9#?X4!jQ8t?#TlzrK~v4l?6 zIG6_tFaN3_%Ytk7Zc0VP^-*|9B!vtVLGfELKI(+8a|}2B!$qJw52G;A?qnkM@RpK zg1({2Rg*5Qo@Xc~Qp@urfzm_k=nd_VmAHm@1@TvBb=8U{9W7d5^)|wV_%jR!zp%=oZ|2Q&u2=}a>hf4I{|)+=Y!f*p2nU}1xtHI9Ec zvCfQ@M)jiP=W%@bVucw#bg+eDY~K=#Q7s=lO+JK@)@6(p7}c;1RLRn18|+Oi6fbJ6 zN}3UMQxnov8|-)Oo03!;{P$Eprj0hJTguW8d9CNynGJ*$)b{nI4(j~98o6eoS4RGC z@n~%16&OO0_#uR2X>eOx!$x=%w?^Z+?P0s~jFeKHJ~SRz80vI0@86?{VsgqFax9hn zfZ6V8eh)$PdC5NFk_FJQj&LNnv+=7W28 zcOGt2h$d^vvz=VKtQG;BBO4T@)Up@s81L&lPX5U+l$!xiCItnJcNht3O3JQHS3@Wwv!#rqegR9`szEoAi#>Gfm0%t|_cT=Gbr0C9|F;*w^Zvkn zJ)bIYN{GI4Pn|0UENv0^s_}bPRp2Ce6!Voy-GA17IV?r8tt1YEL)ct3LXX6a7f`bu zt>5cEtH}%qARJS9eWn-^Q*U2yNkDR~!iGLq8y2E@+`7D;o$%#mtbj*sZ+ErLAH+VW z>@uLl;4N&V!cu$()M$5;3g9zN!j|{5Q=5#*6m(Wzs~9^(gzW=BW_QJ*p)9KD5IqiX zs$T-Q_)Cb@v00Hebc=;9+vgAELdo_SqGuHy^+dO)MCHJ_^#+DhT5tZIhYme|s+&DE zohPRHp4^?(wzRZ7znxx3HuCx;d{RM2TWCAsL{6KhPxL47L;-MblrVjH4UaW| znVINo>XU68Cl4aonJ){ZmRGlUJID=dIgIiJBAhI6^!DFX*_l0@4HWQy@kj zpwF9b1FQfGE~PQOhyznYj@yHOera4@-dInSL_|hS%~k;y8H2z_V5dqn&~t+~1!*h} zC{G=!S{v*U(mu=<8IWO2UtUE8Fq>S6M_13i@hc~PV^mZUn#22VX`@0jGC4HmDV`p; zn9bvdfpA0g+kLqzl4V|=8eA^zgEj0>jf$$905Fv`eq(Yiksbe2-Rq&d2o;2d^9g=} zkU>Cn-fj)XjNE3RG#wHH{hrU&fFZBHc;L!MKida#k>!W~`nAxxh^;6DxIkB{I1{%6hQKZ2weyp>& zGr>R^ls!f0^^PC_`=ZUDE2WyF3q-my+qCxJS8AL3($FNxtTt9gi?L92e;dVNz)r6r0b0m(cNs1uG`ttw0EA%?8nio-V;= z_)t34yyMW{{e$Gko8E~l$1~wyZBL7*tI~GgPEv^7I#J?yWwy8#fa+hyIriH6c68eY zcA3(5yE?5t2E>a`J;%Q^=_jJg7OJCH9zApA96D>`UGIC1n9NMu+uYqwF|d2Q0X|F0 zz#kV7`4|WV1Lp3rLbQ(kC?wMe=vbn$5277>SiAOqO zdv0|_r!(N&$vyp=FKdG~rx2G2T@S;47em9r!}H~&%~^-+r>Ey_vU^^uZNP+{qv~^A zHk1IO_`=9e1{U7WVrX<;K?k*A8)3n=xLFNw)=3%96SO`^-apY~9Rz3r0w)0tMrg<+ zr)T0L4CeH!Kiqd7zS~~i+F+^ykSG`B`~?cfAj8WEN+mJm0zf>hkoDtfa*Bv!mR-_= zebuU%0@ld)`j$%0Xj5DuRwuuz^ayuo$3>gSrY7#HB&+K1v%~!W_Z84?9Jb30Lhp)YA z*fn)^R;1{Gjz+$WN^-)_Ma@#*$h=GAej^8qPrZyr(u68RNL%_1law|h`t-kJ`s=4; zc6;A2$KO|OBQsB=Sz|FMQOpT~U9RtqKexvq93h}e?@$fe0-I-H8) zuwkOZ6t4^^+tjd~ki@}i+Y7soY@yIb@D-pfa-3D!wGiP++{U$%gVvJ9XA#%#0#!Jl zUHuucF|7UmNQx;SD~O-rbT%|Glh ztpAQqBtuN{ckg0;Q{tjK6m&H|+k7bi;t7VBK~{1PT*?zp`x)b&xCvU^ppLiiRV^*A zUs`sXI4r%f1ij)mRO)Ehb`(3YZyXez`-iVBqjsoj=5(zVE8g1~whQCovC)QC&7M7qJlTiL#yenc2B%m8}MuBr;`E`)iJX zT3xXfb$f2swO($;qexzHrnep4ZyFL%y1Cm_(lYYN_ z(%56+D9ZNy@%v$ra27~hPT!pPgW3XN#3` zjor-^U}MCenAJ>cjWXMAx`FM|NbVa_!rFeQAi#L_SmBgxU4vH&OdR6B8q= zMA64YW~%K+@EQ+)bQFeN;b~7`ErD`W+Rz4m{8%MO>9~PuSB8CNl z-Oc?y)VHeyJ^C-scr#B(Mq?ruD50nN_JXy2r|mfjt3Ga%N0p)?7gT2YMBcvXBGj#; zJW>kLLcOG`_G>dzqXxPqHOM=pJuEjv>M6rb0?=|m*iMl`p{jNc9_rznlQhctwT-e5 zjPVHQ{?m?2^aY>C_zxF)jzKezDG^RC zhT6kW+wX*QGKD{IFlIJ*cFWFa&bw&|>u>^RK24LM>QFP@tAq14*q1vvqEn-I{+(bv zncEC$UtjUo^hEWz&%hj-gtA3^t)WXT=R8*DKv{|TlESTIY9>i<^*a%x-VxS{8*%XmBWR*UCm%9G0xfr>7l`34y?5!5K7Fe_4}vx8wE)W- z8aZ^+o!Za6b|fMs=2lLblVJS*34Z0Q{ZWi7JR|$z0T|Z(ffX1>4M(zAB}?8* z#i5)%&ZOiib@Kc303>ylT?O>`*?-XznEX7Tr?m~!~=Qlv(O znrA|xz6?2WAs1;m6MB0168UD60?#)o?A?wRR{IqnAd%m{M+N2xUc>J+~Rp-xbdc4u6U zsD)3%dzo$4-Na?Q<$o<4dZNX|jsPv5#6_|scli;^By?qm-A}I|dw>z=OhXvA(#UXz zG62cgPT$%Dah%4OsyBsV)6GOP=}{cST+hN9Wq9THI9+4wW!(cv+t4aFuK=AYP8kp z^b!f-Xdg#8Rl2lNs4m}3p-w5Yk-^kvOFG#yiThU6psJdgbzuoIDMf@48Wzc(&+OEC z`p~qJ?xTlwEOXk&TK0P?#L}cj5Ejq(jgz`%Otk&pk2IE__XVuc6SXs*BCFoD+Xo(| zgUw*j^a{83>UXyzSU@kvpQ&*X8~Yu8h(YQcHpWz;D7{8Jy%2mQ_6Xa+z)jQkyWL|_ zBYH^Soa+{#m37}`J@fI~Hc?T1$Oh`jiJWuYgy$)Nlr49k`>k^r$?bL)mBHi}SfsT# zX!}&~)Rh5MrKNJ4)fXITkJk@uS;t?afN0(^#&_?%$-~H(61+~1u~8LO?_B`B)(ti* zceMM!UxPk>8Tp{>?;eGH2+_gf8%=*GS1I~*A)8dFhe#Frt;uIIULl}GZoGkEBc;mPN09Cc?P+BDzTb zKrZumCQ@x`7Z~~OwG&D<8cM!6FG)Ysw-TKWQkspu)@@_t% z=n~yIlE#*7#l*cqImQUBrc#InV`6IzCx{4ukV)AA5oiU%>7-lm^>{~)Aj`(xE?Xjv z$v%B)o0=NgufH!%uJ3lO?c}vA8S_bv>%zs>$Ij!qZkn7k0{*@RssH`7rU4NTeank# z6t2@qy;HoFN)hh0_rnB*V|9StU2~F8^mM$tuq)yf`18OH|8aY1E*gCv zN!)Jzi*P#B|1L*3Mgvf+gN;SN4=v7SsUsB1GEFUz+dY(IN*fdPDJFz5hf-p1^z4ih zXUc~80hd{<$;_tgfxab37Rh3NZhpmG9{>N~8?emyvv&b4+KtNq%?Rj>b9! zZeJOwHRqdCKw@d@rE=k@0aR8s|xMv1U;|38j^{XBoHLx1+0S zZkNDazb3o?{ao4uAs_VFyAZ%cL{o2*haGHh=Cex6ImVVD+e@JUG)KFF=g0ETfma|T zA=zNxGG^@Q%ePfu6K}t6Cg%-w__{2kwEBoJkK5n5r8ZZH`@eVM9|KI7H!IAcAhuj{ z1{xWUB5GoPz|LDp%?;vPSN?)2x*<22*8NuvcY2Kf+m#dgy5q#Jp%Y>c!7N{5%8}24 z9=ogJ28nH$W6tBB|98Vc7sl6#Q{X`=VY&U*j6CLXT&nhY<}|JgbEbvqjRi&TaCUM| z9JB2Z7L+NH%>O^o*DVtPO1KLlk!u>^9^2<0M#l4nz|e^U+Pm&yM@z`$eH5Z=vnk5| z2EgCZ0#MDAo0ZGK%zXTj{Hm;$;rF5CzB=u3rL|9CHVP{GdLwV%y2qOSzl!v1ZQw_B z2v{Fr{rP*_=$Os#()>&Zb0bARQdVs*h)nf+8~y|J|I{t7*|Bf+&r@G2_{-I{pdha+ zyN(Cd5h(KdbHq3)L5RTX-2U&!odsZ3t@qby4;#VdFA?u8pNQ8oXmP%RuE9;*YsWbP zuUGr;$Kkb|LivN=itDG(br*PpOU<1Y6)$Yaa?Qyff+Nm-giN9ScV+&L+Sid@&tx0m z_-F1*-q~!taOxQ!Q_r3e&^49UHVa>z zi+qvQmSwJE3)Q~%fO;thJ52sEWIbi^s79z+`s1DD} z%3gQ0iqz?j)Y`b}37H}gOp|xXtr({syI)olmV|# z>-6R``&w<_*fq@wv6yKxU$Iz*fT*vo%tiiCegccYjDsTJ$98pOvkOZlWx~Ig&U6`ze$w9=eW$r<`NT-|+_+lTy6DW6pygz;IFweKM@9{z zoO)8RS5f{{H%UskaX&<5xj<^4n5Z;8>0=2|iBiAfRUykCPZ7vn@RT({*ojP)9pJ7> zh;44HQCWW^B-evqSNQ79M@3x`58H~9fxIy!FzZ3&2N+9=i){3a1~%;HK-brTFakaU z^htpUWLPS*Gq6u}YtZflP!yU_SyW~6K0;Qiho6|xI))Y1R`8^_R#O%<+h`sZ0-bue z@4u3@U8moxKh!cX#FDWF5!H{(HZS219j_SHnN`RH1u=0Jnx9Ea1|e0cPVRmZG8@pe|)Nax@hh<>H+`m zVx#Yu^L$?M_;LsJ@=L3CX30Rnn`O`2hP2YUkEkIxJVECqa&{H1{BFL_r+!4g3Vpf? zdnFbcapCf($3j~94}jb)Y`0~^8Q7VBG1mI~dccR({K*RhPJM8j*pH$Ujga@MQRcc{ zeJ`&0tQgAgraiY4z#k6 ze*TQ1BZ(~C_v+Vh4HCA47}1-A!clBg6X!fiV5dC6W3xnPCkzfd<-p9+<{(V;i+!8fUwU^(_(2eC)X6*?Hj}?TzPE3wS~a%=dP#{lZdN@E@t>v@S-mnHt0ZkQXl(zz+0dQkDprGGFny4}8KSj+C0 zJoH}$KwpnK!&RRU^Q;%Pd5wVy(gQymgK7TXAko) zygzf=JzQ#XNMYS}s2)LX=yq56?&FmlHI!jP*cfCgKt=th>}R1WIi8t~WM})~t{aDx zas0s;mNMj?$D?LX*`Lh2cG4LXlG7Z+ljf`UA=LP{q4&zqmv&{1vJ4M4nlc(5GcHY; z^{O2X*0m1nY$&oVWgYJ7jp^w&(;9T;FNs6z!6c0=*%q% z_+ogcaj-|P%GFAV>xmklPu9z=4VqGm(ILuI<&8I*|L))r$2L%(X-plF}>r7oN=yV}Mpi~42vC3aKT??7X&HWZi2T0dN8!8NhS?ohV) z_L)T48{9SZr<{XRbMA8IVjXLA3S9QQ$ya#Udn!M_j2uVu62D**8cnu1=I4&R8OA~u zTb$(7FfKatD{ikj3Mz^cceVO-_DFT4hc@6|d$+EVJ=7Zb<_rHgO_rw&5>h0i9%S1g zns0Eh?e5*6BHIedISVQQ*{8l(1LcQ`*#tg?&3iiKhkFlq@Za66ii$%TSqc@NE3s+< z_8j!ARJGL^WQ~c3gTu(ihoWmf8>OpNot%3zns@?G%^7neHT#BXochD(;g{NsmQs%w zrs9`JDf>+NoS+KU7_UY8r$RcOkz+O$9SQmX6;zpbr0@ z+tn1co%;IL1qTfatretM+n*gx1U!y4_|#ePl`Z{*8{TQ;+6#^Ky@h);I=3$_Ed4Z@ zgojOp-OhyH=YEEI`+(Md>wCIyashpRq)8)goI*&bCkhQD_rhGrVTZx_3pn~-{SjW5 z(-f3aZG|wVSqX1B_fSzK$N8ShpW(B3WcUn+@XISKXrlZDUETy0;EnzzK1R_R*7-Cjb_YLj5d=CZ&V|XSFCjRCu9} zb0eYmmODYVIa!86Xyhl97d(nzJJ0zXmSx<%?!;1BmW`v8i5SqKJ2{k}1ljcIDT84T zsMUVU;_ZLYle;Bh25*nzy^i>V#%U0y6WY)o zi))+621YFMXKdIP>ZYJx&*xLPM8;CMO+cV>oM0!uW@Du0<&{-xPB+T5s+|zF`0aA| z%p2@7K6X_~`d%DYp$eV1cK-1j|40sY9E$6+TJ&@5s-UhdXGS96N&Q>r`PMjD+TOz5 zi>>?eQzfc4-*G+l6>K|yK{coqSMzbz*}JgbWmD_(4(uN zJHl)&pC222*}oz?R9@9Mzuk6_d(24~8{28&7VbLieIQm?XD)g^x~mQ(|dE8^#ICG9vUOK zWFHv_OME;}cu++`Py1L5>xW(SbG5BX*W!2;bUfLj(VAG)*aK7n!S@t<{o4>7^KAEA@$@>m^y?fm85`1l9By>bw&TZ z(GJUM(L;W-TgPQ?u&a zvj^+s9>!@LEpb|e@{a>CmejQBxbe>m;u6pZJ1fn#waRIB9c(WTk8c%KXXm(uX{D<* z=rDB^yc2Es+qE17WD67?b7S}kaiC>&77sgOzjLaq3}NQ6G8C#SFj}si-VR|VuC!95 zHYt#|!gG6rd8U^F(o7N`-Jya@pEAIw?Rv{IUZiQ`rf0h*ChoA;LoApWTgi0BO71S0 z6E~ls+A8+MWm;eKj52P-WpW1&AqQ-6vF$%uaS(gCT)ijKc*ynAae}JRDPqP|H?^B% z4^AEv!jw&LSaM`oPQa@2n*^C_UsuNiH?GxGlr~@Jl*4Cn7?}ptV=Ce)cH378!M!8# zbO>^n+36MhJ=XjE`#JWr?>ePO4F5g<{y=E7UO%&XYb#S z$rnpHDi!ht!q?K)-b_Kjd@q+C7HnBVD+{w0?~lzJ`r;Z+$A8RrQmgF3z-4 zjeo}-%rh!zUVgN?>yN&{rKk zjPi_{NRZl=!F*2-KET1Gf-$a7T9x3&GJCEa`fY|eqW4HHr?t&+GKb37^0>%Kxa$$U z;`~K0wyJnAuPSd3VY#B|g z6_;5Z@0ES0IL99v2M6@x7c4K&0i>EOaWiwmD;2EW%?lr|LM^f^i&71r@{3M+#4Os* zyYfQ*bY=({JWa=E#m|h1bD~hv@u;mRTUyLd2yEr`_XF`iF`d0pC`LYB>l0bWa3I2I zUTbjH4pyj@S4}eqF^<_RJM#4Q>fKtvs{3Af^VgK>v`2S?>v#DsxEtOB^|fr*$X*8= z(BYD&Cyl*mbBrsdpRUf-4+Y&`anqg@K!dLG$3=B9 zpu$U1qTFt>Byy{Ah~hk3M+4Z*ZpTpIF5RFJb}?6HtG(5vS4p{9T>W>hXfsqeeeAP> zKfHNG%qT@3%1Qrzj}QR~N`(IlOS$-ow8V ztQ^t~dN;6rb`cH7pphlQu(@*f-4lVWUSxO<`n#TgBpD14xhaz%96T$zjw9!Z+J-DM zA5Nk^{Eyd_#otJXoN^U`x_g_D-Vcp|#rFaG(Dh$?{>UdK4)A)tq_F&^Eim=)3g&hP zxYU^1E2u0XiT0*}e&^9J9#Vlx5!hRA%%$Rf*;5ubLHci0fiRe(tu84&ro3@Ng=*bX zJdvd>@)vwIv{cPh1@7{nU+>!e+bj8VwH>ePhl|j?a97OP92h=gIH(~;`_TCBrV*fh zQax_o&p65&B(;=j8*&|xeZ1ErZNL8gWjFrmqA(@)AMU#+1TLh2*tEH*Cf}L%qOAE$ z<3qC9k@K-Gxi9kL&Op=4=*L+So*(_TF+^;dR^9DkMd{LA!HUn}a>aCqFHfY_ISUnc z@3*@h)R0{p!KSS&Xxb0}?%UhD|34B5jHBuzj8SetH29E5=TFR&^LY+IB;%!Gw z-@x2|@Dr1=DXGEQ))F*y<=El1Sh%XaIkRAr!XhS?`M-r`LkRSEkj+izfIK{MO(UJY z%Z-)pdLO4)tNslIL8W^@-#Cz1%<32e-fn)fB5=l}axq{R$ysxctd2pIW=Nth_80`| z=XQd|X6&M*Bv-P)`{+^m5t4U);CUwe2d^dt(b7tBQQ_Xa{rbb;-Esw`!!>fhdJI;1 z{m*oVDYeNz`8K3^C)WwyJu_rJ(nC`96`%TmHRqMmk=wAm({wg>zPi5pi^5>Lquezq z=4R}H&uz``@xRMk+y#2a@swX~=#6*O7N_@ouoXX}ltMurHe$?IYke z>5&)D(Ed}k-y)4eUPl6Tr=FW$7iBN0xNOf2ilzsrDPqqHO?u~JcvYxIeDbA$d3*KN z2cdZ@Ph~pBWtLYZuoGRLTIf(}>-mfUOX+S4TUm{nHg-gwPBW>V%Zhn4)>TSXkjsA% zm>Y^g9d)xhhXy~qxoh%D6(JVma*5lLw-js2Hn}&Gnvw)9d(rtWJ(x}mMsNcEp#C1O z-weh1NsaIrRA>~y2+na)X|S7sb58pE$G?YW~`MTf|hUx z?=~N!0560Q6fT>VjE2if&PDwTnA!fb(W9kmxkWtk)`of0!afH|tPQ0c1bI z&?f7|wp>(y-|U^QmJlzOyYqWM;=?uJ3>iVGlmxaKGc>eUXh%+CkIQ)yd%G1=_cc=P zIC?{0jic(hP-xoMg{1fIy@1k~xD>F@>f^Ci1mj>m2~88L;`G(69<_+7hA?_x1Y`?N zK0aC~L-_de?;m`G+FJdvTvVL{<3?JI->T^Hg|{5C!5)^h9_tkUu!to+Ew1Z??1cKQ zehcluN*&&O`vIihCd?`UsPg`jQf&s6`0uu+)his2+{j&|LTKFdWA*Up*UQY1+C5*n^|U2(D@?#*!!0oi6Nx(l2YtjXK*_U@6z zX>n8eYh-bTZAMek`V;20dT>sD*4?tPnj8`IvQ2BcILgI)ASwT^ zCNz=EFG(%+zTUh)k$wPjM}1MMQPEwe?SzdD`}5Ciprc?sHhcx$K!XDt3*Qy)9Wp*S zc(S;&ReZpN&mo$1Zp3cSDc8p>-8` z=$G_NZko3zF5O{K#}kmN$*I~k8%grAs@SD0Z`qR@UU;1v9|&m8drx+=%O~evcS$a? zU01k`2daVNsi{-{*OBfsA0rZ8o@^tZmY|Frcdjn5k)DU^lEg7&D?4k>SuZtNe8Jm_ zJYKeG=n;DLrnd>`buMwp#df-~Fz6gcbeI72hL2Bt_PN~zJ=6@}dq15xTEUWX8_Op~4@KMP`n<_C!h9Grn>r{IOz7l#qml$i$e_;2)D@fz8p) z#d!lZc``DU^iDl+v#&=z#hLJYYXvq-SI^^z>fF2bFVh!bnJ8VR7M>c{=Y}Q)M2*+| zpYRwyFQOVfDsLG_J`ty^=;bRF6ug$rd;Ib;lj_6oAvxJMBXjLpZ6(C(^P{|gW7hs4 zw9{feXZjsO{ZYvDK(kRZCu3EQWX^0#&`0u-ebSo?70ZNT1G+)!9fdCC&(;H!<=)S4 zgH^B%ejKLCwBa=ege5gmx;30kxD3p-6aJ|∓D7lbDZ``6%2Q4ugIH9Gb!+dh0D4J;vedxZW8KUyDC{|4=2BDKq)Vu%ga* z>SIs@YxHki8E`Pt2vpQn%Qz?uc=2QcbC<&ihCI8>b@VX-yKn2{P`72|7{Pr{1By?T zBPQXUg(Ho&u$j|`;-#WFS{h(Jp<$e@#lM)uQ98TxE!rbqjB=SBvG>rJzq1kW)pj;1 zz1C3+h1IuKt}KrJixOMN-dX+p8iAYN@#wTSpe5x&b|1!t|JYAr0G7>3&XM+79e zOE=$c_ltUCogWG0nf5koCLD}VzMj{-R&^Uh z^kA~tjB6mB9K*eZ%%C^gn%%s%qx|3~)Z#TXUkdPOvixp<%WgLfFkTid!40|qggMd zz!la=Jc*Q>$9Q}E)g2 zbk)oeshqeW&xPy2-Mz;_>SK}{BzjKUCLPr0+^J#Mx|hDj5~@GDyv6r7k)~d`=qma9 zj63L^F&>-NXI-x;3I`Z3BG-d^~(nbk2@$-DhJJf#QneDMeY!%816Q-+rUlYuaX9!6181GJA{ zjeS?7w3K2;AR-rxp(N5^R>pVP4aiJT||0#YC8VN=bc{50uiPIEpd9;3^2X{kM?3IZ46A75%L_ zWWp|7eq^OC%Ngy8KbjV`iEm733a@88pgXa@(>JX=$B?=Tn@B87#AWRg-IctBrLbmemfLw9$Ao8>;1G0tNJS zsZHA>z=ARmO=yQ7yP7G%soy7$S}QSmbO5@V+Vkk>I8;79PrGgg6>MhDpo3rOE}(Gm6?ZeK zwvOKIZl!btPMw#@%6Qw~Wa~Hk{3RjT;MCNwf>F7njY8MRw)p#+BQ13;AdeRJfPU1@ zr=z90!+vm#?_R;Sa#xD0-%8wQ%+;?z_)l79jv`+4n^9W>#CBoqJgaE4SEh=SoF(D* z5lzB%CrOr_<+B?t3yNS^n;?JA28I=aIxE@pgs9m%xUnYzt^ z>V|K~B@1TJF(#8CAfpb+cvI1%+`Fn);|A$dO=F!Y!%iHfy}SBWH61YVZ<64=u60z> zoUanMMhc0gM-zs1-}{YgCbs@LwyL8RnVq+i<-#nA{D>zB2%oz7eYL+}fsAkIUs{?B3WI#I z>I71EG(0!ct0(pUdvs#J<;7Q{SJGBhcPEmC19}D3_@kD!;$`F9bXqPMYR5AV&zv%m zfc;g9^!Er#)JpQ!_Mj2kTW7@uL;1W88o7h1xDxIJ>ve>)$w}fe*F8@3 zkYL-_Tz+G#zLof6n@@R;+pNmg!Y|x+GOG4Lq^@xQ(>=uN-?@q7M=>b5GK;taQU9^= z4w55>TT3EDvRYEJ8}G$%|6Lw%wgdPfk$;d%%C7v!AH{L8z-b6mY{@f1(6 z%$`YJ&b_uF$TYG#G^e{$%#n@zZBk@UF{!=7XWfOt*z=fw(B(HAEp@94n$LE|XjD&{ zew?4shUxQ5b5)+DwdGYd^Xpztn&r!JCxhSG<4cpNAktNH_p}A!aD^0&fcskLe-?L} zn-?62vf-IB#>7!9R$#M!w^GeY`haslHMG4|mQsoj9{(Z|#Vf}T&B|PDuLFj}7Bki? z4u{rYKQVXwQfQ|wQCwlF<-9oK%Ni)4l^iT4g(NEb2G5mB-t${-7P|HsvmOTDzP9=E z%R_Uu)Hz>C+XeG=O>TLF`?#BQlltn?>|`T91*`8YX?-^j`F5Zq4f+pD6P6}4N+5HS zVknnE{RFnb3LFsg_FgWhk<5|bcdNFtE_QM+nlX~MnEK<^HVO6dFaid;3gzqh(jVHm zEc;S!rFkNUz0xf`BgxXV`Ie9hjgmZ`oh4N)?vF==&o1^hy(H5Qk+rKvzXVt*AO1h8 z-a0I*_X!(UBt^QUq`MU9mhP^lrMtTq5Co*zrMtVkL!~Fy5c-$6g$_kDlYbuRu| z&OYbtJoDUh&pk7zE1^8kfSux`!0WiIwdg`&+oNro<=pNBZhSgBVZv0yee05e$>*^{ zTBag`ZZBPrLf|jNje%8G2F0T8&rr#&hp76dQAsO%iAgmH^?S;i;%R5;#9Lj{=M~T8 z#0(b1BrI$9|9G5`B(+zCp;mVsDkV(_evRyCvg@md;)>!t2rh= zW3fngOSd&H!PWnvm2R%o*5#m;;d$c?R32Wu1^<+`vo(O*Cd5f+8a=5vbu+{e9nf%Z z*r7|uLaC#x2V$LdG!nlu9%AQpij)?atj=$l(r~A#JGLxtoOs-Mc zd1l#qWxaR#&Tv6=b%zSJpCRF<(e5Zecx?`xnEfd(!(UIV((r54LqxrbH*?lU^bo~<@0EA82EZtB}KGzs0N@!)%j z90$CB{de&>Q_ZK!as&@cvFx$V*YZ_513olIZjMpAWCv6$l0pvElkPbwt{kCibeRi3 zTlB3-^L&^YB5HfIsg|sjfJvM}*GRQP?6*h=R$SdN=3y=RB34LAuQn|%Seh*4=fqe! zi!WbaJ#Q>h7sTA!YRbe5&WD%A(3Ps>QOW^K!6A-wZ9k=W4WdliX6mmRDi~xXwD6x5326(}7Inpo&r@wR zA;m(xuz*n*Vq#vkUy=BAxQ>Y_~m1t$&Y01c$H=qebI z*mXZ!o(m1)(u7m3kW-#|A|R3*E;zs*wVyPY4-s#9R02c&Yqr zoMS51RAILs0s5w>AKiU2mNd^gO)PzA(4Xfdg0acbFB7z@?=l&r!6EbL8g!A~G-%ap zo-{L*i`ls$1luh3?8~9cdT`tPRNAh!3G=X1ZDQaX={0#8>FCC_-It3&5+?~K@trWN&|TNDTMYQ_4J^&~6@N%- z!nQTyx~^fKmP|z%UM3vcksgO|;*PfMg;vL2=aeCA{{0b`U?;>u6TI&fp~jJ4X=RDp zzA?QJAYqWjt*0(xPonH?3?evwyYjN!okz?&7&F>SO8L%9CWFw-63K`}F&ieVd1HF8 zisoHJb&I)74S(%?-1?8rV^F*rn9ZurCL-SB`THsT&Sj|QE;45N%B=@|Y? zb)PA!@f4VA9G3Tk(#reowjP#hvBLWVqvh_Qs?e*mRw_NyZ+LAeHaK_xAr;)AHn-iO zSp5vKPEwaZ5Q{f7SR~#o%7g zsb)CG?(AHw9y1Nt4d2*Y2HC9Z1mCinvj--<0nWR^`9WkhD$=H3-;Xmx@Cxe;!Sk>y zVi4eq9Y`z9j~4fB>C(M;{Pf!fQBRC=%3}R~n1pQw0KwBO3w_E*mU&M_)aS!{?GtGk zBv0|hZBOYVz9-6nGA+u1n>gu0+azeoep{lFLC-~GiurD}*xJdKvw{lVqzDC*=s5~` z3l@Yz4(@kbJ53-$pfROvAH-B;MJA=nNBI|NxWGIE;LOEXCl0@D=14VlSHZ{K(%9;b1gP(n zmEO^h0oZ3gK2|1EfmWtpENteM{-s0D;5w61(UMs%_0r!XmvkD5Ps>w#(cnBf{6=@v zs%l`s*5gU-NcU`S)bE;CqSPge@2?L`c#+=PEc52(QzkM@52m$lvAuS)IdQ^&-X$LT z7KOB^!o03GyH!wfU@+t(ZATt3|$T>-mr*cPq6yt5T6`75>^a9_;D{EZ>EBVqE z{n2reL10B~Nu5|u+xI4>r}y*|_oJu9U+Z`7icwBHch*5p1LZng748lfmlrzyb9v|a zxA*g~arz7^d3mqzH%7OoA5S<+w}WAs3iw|dQLtF*_Olole@pH#%=FlCOyb42YRF{# zE{(qVDU%pXt`3#G58svDdpKsJ$O9n&L zt<~!tJ=%`kY#G!27O_mOe-OE_XmOJ>{j?GwFkR+6mL8VSIP;`V_`~N zvtve~j1hwdJCXY0iMU9RT<$?v&Hb8vQIqdl#Fx@*(wf=*wrV1UFngCYKF_=`>kXpw zr_Lci$QM(zP&ir)I;Bf$Vf87bXX0}ek&%|+#@%!mm~X51q+R+R=gT10ICsQ>=wpIu z!qDAmK$BB?SfMPMaq`1pb%}dh;ho6{#4_Ej6!#+v$*-tt)`R%nN~Pf8?3tj0m#1Tt zh!?M6Y%8J&Qc|bJ4zgcC>Qr@S6T668QZEYz`P29A%y37&I@RMJegVmunKI51MX2ZZ zL$G`<0r;i0u5`TeWal|l$M@CTH+O_2%XL%_z@*7(Dhr)Q_CVj!(mrkYCX|U%P_WDi z6qugf?6Po<(Ct3~^!Bfuqq+)#;Ps@uj(6oAtxsn+wJN#EZ(1To5(OgjzY$9th2X~Y z!&bDsJ;|m;be76ovu7_`)|1aDo1-64A=7sA+vZWd`}kPinBKu4uwQN8Cw31B?(Aen z><#ZERfl3G6}P&N#z?jo5&}la4T}q1Y?`*LN|lG7N7oKNh?bb|IdDAR|FsvYZ{f<$ z7uA}s#yCrdngU@KwBi}=*!=B$c|$W1gz+ki_B$H8B@DO{79JRsCRQMucW3Go-tKp^ zs~R0AWj#eaa-J-Ztj3oRI4layWEA^>)FhOt4f~o&kChP9?55}{v6%{u^=|-GjQPiC zR~KhX_B;vx6;n7!JmRRis_|eH5M6jj`AUt@Ctdqwn7SvB4BbW%=}2A=-{b1~ZaG)i zln?{FhL9uD$r+sUeARlP^VPI-cWw-8MgQLH&gjSRZKxPIQhc5yEg2f3bDTe{J1whM z3yA*gppsE+X_c-a7L22v{f; zaYGxE)2=86uR!cC)wm@8oFedZSScQyW2*R&-wwzeEZVO}H0#Wb>?Np3o*3e05R ziJjFG0I~>De#EyC@I0G|AEY%qwmQgDr`+fN@3KLb0oB+AO2X`bH!PAjPy+S0z~`KL z>$TR?_di``WUlj2M5h&}Sr<*0f89y^Knt zGHK{lj?%kAAI|t;MUP|3Wz80uvqA7>`+cPWi{-f;SD7S^Y-FM_7?mZEd^-a47=m;f&9n?gbyk(w!@~pLs^PH#_It+y zW-iHB+7Eo@To)nNJ^V z)ITl??pqEF?$Wjl9_D2T+{?Z{X2%=KL{^a3ytp*r-K{?#{HdQEOr3yvm#tDTK~+GE z<%E~+ZStY)S0#n!=nair_OXt;;|Z7Zb{?AgM9bi8i3&%_7hk`h*TO6`)_xCHj#?+( zAzin2PscJqJNxbxhvvf#W1jdvYvQBIuk4I6yBx{UoQH_U1arIspNd{uF;RVGEPl=; zyTG6=x@feu(QdQWzklFW2YDzB?3*92&ib96^o%El#OHrzFL>lrPOq4ThtP_$_+cl3 zBk}9#2#34EB6xSp1^Gx8avz)(hM76pxpghiJ=f3As`>Y$)NP-S*3U{`won$)Qn({& z@|Y?{@fKp|T!~sRN(Uy+t_L3w&E>inL=~aJ1_pSrn4da7OQ%)`dB}vm{qTJB11X1h zZHFAQ27{?q9@S%5RRcq4Qh3wTJc55bc8^~hmNBFa__g~Y92Rq>V#h4nqD{|m!f~R0 zi-~ugY{SqyN!0Ux3U@vhpC3Rop|c4=4Jbecm%`G^$fGzxCpHEAQ-SRiN~Wk~c_OH! z&KH*;<3T!u`^V&_KO#L}!H&sC5zgjoUAr^g(|wCOy253ZR!3PX#}Tc9%LlJK@5GuZ zh7g=IX(||eBS(^#-U_jRg6}h^1QHnQNmX5y|*$frQA_x{bhWTh4 ze#(Rt?-ezd7s)-`HGUg5%*qZRns-`3Wans^c8TkkRQdS^Y0JgS`{HsWY~^&NTZevV z6zScdPN^bi9bFDW9Ct61G9M!6VKJ#iMF3}vnWR$tJar_IEUR0IPjRVDrVm2Nv_<%w zWSj(=60=!G#cyCR`q=KzNGc?5pzpeCGq;`E`*2YiqK~z-dxfDu`EG!;Es<<>w56Le z+r#WW9$rtG7wWj}J0prgLEAqs2!2PP-^47Ccxo5j&Yd1fs!5UIA?DJ(WQfmWBj)}J z%oUHeg~f#odl;+tw@Rxgrf(qh7G^j!9@w*Z2s}vjze*4gxK3Bw{XwSefq=KA@_p4` z_~b04#GHqv*y@8s@bK>0SjW;sDzt17x4x-lgg1tH%O4?jf>U}N_eh;dpTc_Xa-{&yw zG>o?9#S3tAf9~x>HBsGyJ{dnwm;@21pDe7AUMjP4g-!#_TODaMat=nG9@%|pJdaWjz zA8Aom5X=N}db-y_5TmPQu5y34t*~=WlGsvz*sN0s3{y708M%5IxDnZG_NPGF8!$36 z=}v3-J>>j-?k60}gV`wojx4!*c6gfRZHLb?nY#V*UM8)SleQ}fB7N*?vO@0zMtPcX zT3~fN7Oiu9hZ?mH8bzm2fj&XzGOs?BUG*}G3(0Lioeg1nd>`q*(cZh3a2 z^-5Jr^JH)|S)N9gph$;EEOJEI?Ko;=PYQCL7Uf(liO4NPI*gR)@p)d9O8>(4CKMCt z^11h$kTkj`TZMaQzadw60f^|U7-@Qs@wwIG_FT8K5#wd9@^-zn+hry>^s+AUH>G$zjH^|J@1+z1cO$*}}N!i_XTV?2bjq_(K~Jwg@-&eKX; zceaXR`0|pl#W&BrNCZ?6fPJ)`6av8Q$C8 zJicp)$vm!zx_nx{9u=zmpwN6lVJWSvV3{TFNPB2U|K=^ju7P$0GSc$KkPH&Lb0C;J*5^rmcR6w*QhZ;narH6b zgjGn#ej_GgnrV^)BGp6NPkzs=lN|7{UakNN9^2Kc*thX@7vRXhWq-OSlo_~Xxt&hc zKj|@o=~y(1t^WNb1a0r<_~MW8iHiE-YL-fwd7D}NxAp0Pd_QT}9v&|9E-naVL=>uG zC&I+Z=cZ5QrL)HO=Z#Uh(M@)zqcloBVv?@BKwv9GLSnY>?v1(VFP0lnvv(V8%}XPD zi7l*qf~r0fG$l)1s^vI7GJbcvX&Ng!8Ao~O0u=>uYhi}Vn#b<=>bmcLF^w?S*SVRo zW6?Nr*snjb!Xm5mfvdXcsLs!lbHN`l;!bRL4U;uYYiW{XOO8oFMt2`6RpXkkt@#FsgSMl5Xv8js{Ck zHfGrvNy+)FI07!pfX?ieNaEgM zS2s5ZwfW$iks3BH#yTXb;|+t{CtLNDbJlB`3KM3f6l5|4IBuK4Af3HR2B$~?eUg)8 z?2?#9U_NV;((N{Z>mk-GU)9DAGuVS0-=HtoYx2HALR$Zf?(o9`IK05^!{=L zQZRXW+n#vCOpj!v8h(_f+-y8?9jg^lP3hQ0LgcAFcL6hsYpcDO$bq5_lasuIGqH@F z#WY9)q{w4Sr+!b$DW#vMK#tA)#LRN<_$l4x8ELY|Bnj9lGZ`b^PGwveyu#!YR>(Ss zY%Ii&2hNpMUP9Kah{Saol>1#`&X-9_t+8MYc_aqHspLM-mEmHgxgPxCP-jM>Xm1K% z!C168cP{t))fvDX4*1&-BHB5a(iDU4%-TC|kGU0#V9bNCNYk$+8gISUboO1DvxlQiEl zkq)HmlPFqTpp>3VDy=)klny^{r?Dy~oa>pTI%{zV-IUa9_EQti6)e+?jBJvy@@DVW z?ieg~{Jn8p`8XLw(nba<<7h=&JZ$pDcDb5?Jho6E^0}n2&mbS26f23vT3`Lkx5nwi zUjY7U)&oOB%8Pr-eJz+>7O&Z9Vde`ql78$mq;8C)Tp{ zKm#dSOY*A^yf0EyOgIkKHTngb=L8PTgZupn*rrtS_9k2tL_mVsFBi`RqScuB^coO4+jrOD z)defe4*oo&8$TCa9h-dYVZRt3P;dD3;9Z-s-Z)w$(YwCB=l`bhBU?r+RcJA>jla-dq!*Mb}+~T(&=O0 zf~`E5@`WhD?wrxVm;Gy1X74!LW%>c!%*;~n>G@02LOnbQz}%|IF2f!+@f03^+Hdc% z)cTIf=`)C`mtr?2DOPq(03Bd|(-pJ3r$Eg5_Hv6TlYrG8W$?As{h0p!Is^G@oAO!0 z-EH>mQS-^CC&tIvS08KP)yCHB_0aSc z`-viMVu}xKy}rNBpi#?Ef!4y(jgcA5U$4MZ6z_o&u%8FEPOiDJr#=rz%d^{}$s{*I zq?j4G_%-u&oPogN2qE9U*Wm^-4Zb;+E+q3aPa!+!b@A=^(qzbQyTy5gN zxQZc#vxzzRiE6p=ox5BvV0+lD(_!qvfCWT5cNJ1!&c5Mn6>z4>DtV4|DLZlV(fpLp zI-B%5j+xXGVH}FF<_uVhwBw1CqK(7ZLS2M~A%oCT$}R?D-*{`E4}b&kB_dO*H&GLGH0W5c*ytHHpelW?pZ6WTgTUZFN z`doC$1r;6TUI_})=v&z2+TMpGlee#8{FO6cDF0^VE=W(@=X6tSO!s&BfaaW@l5gk$ zx&>2;)Iq@^G@igEP>2A-{DS&ulyP#Zxn7Kb3|#nZanTd7@0i-G^z*4i7-cgGYBSM+ zEDPx>Eao+Kg8le7KusZl^I=Co18ijTHl7P`(SVMIbP2zQfx7}7|}-m?Ps4&{me?Rq-uD73~7B-n}TGL z0=Lov(qZw?9{8-uFG3I+2brWUI2PR_m_C3i8Pi5&Ox5Nl{(nC74XA^VWG;_za?`xPSP0i>U}PcbCv?LV`=^Z)O8p4;m4MBp0B@xn|m z^@5;|L-su~Erc)to_IDU#X`oAfFD@?xx@+^h1p-o8up&(SJsb| zMsArKpgMt&H2!b8{4F9QBZJ3pgZH|fYFtKzf4^Qi73fTbO+xxLp&fSb7u;xxLtis& z9!wnPC-xkz=QHvJSQ2<5uVYr%pLb@I9x({Oiur+Wk{)#koU#zgQwA&)YRa2Q48 zu{ENQk^}F@j>ce&-pdPbTo8R{@VO#xb6jE>OM1oscWmV?@=8F$`})Ga#az#n`3qQQ zpoGF1^A9YT3yW(3z!Cxp9>A;bSxiK)5h7qT$8haZ<#O41yASrq}@N1pu*yF-xlaF;W zyG!tG6%L3i7mgi})rh(aJrmylyCk`Q@-`%iZ}7L6U{Nhd(7F(z&dKe>Ls0v3xcc|H zU<5wGKS)w`%?jg%$)|5Yy2Wr=%?rN>kn;cTBWVJxO4-AiR9g$fd=1e(1al|AjKh*o zzduD?mK2zH@xNQ;egtl{%jX%*pNDv0Pt9Bz=qAY^?`Tx9FPi}DUu;}sT z${0Voxq?B-^203T}2aOcD9znx!o-41O|5|?um;> z^-^49llijv%}OPCSNI5gElJ#(BvEhxCeGX+5m4ASEJv_V0xSn7%}g;{?-n)kDCn;w z9e4|1XNpV)N#BkPb(;mT{rck^IbH@$DaQhBjR`%yk~zusV6^Ohqu?<*6^Xb&96DNg zT{M7NE5BKxMYWT(*dT4#%JlTZVE1w|?}>D*YirtIXx^EkbDnX) z>NBkqve*ma1iCMGuCO7BN*fT4s-01tv@G_O|L7@Igpw1ZZ2K;r_Z1n^p5|ws9ejxvJ{n~sCqd7fp6QFz zFu98!hEY{!Pw^ZKX_c0{mq3=9lnWMog!ya2dfzt2c9W!6>7>-YYyY3F_4y0&VGQK} zl_o*iTx&?W$NophrZ(e`Y~z~0F$qj=QitFfE0;dzh{PN5iE`JA@Zn~RzZ-R^opWJU zo5kY4UGTa%JXgq_j3kzzj*D^5D=OHK&2!CS%$qP5g4R-0j#^~#=&!->B1U6;4M=dk zhJ*d<;MygHG~#;?k8&XTK!1ud^|t_vW+DEgqi^6fma-)}y4z0-=rr3@b)-7Gz8p?E z-NizSzM`7VE1&hD-QEwRneXe~;6QDpBD`>wbLqe?a`;FP9o%f<{x0Ibii>B*072Rb zi=Ev!3ZG#1++6q1W}CUiPlMiIW9MNL^I>`HQ2y*Nk3D=vwc3(lm%C}z5c4f(bX&w( zI3LD@PRvg4E94dy)v@s;Fuj++OyW$3s&OUnvF!!Y^Fffwf`zCS@2W;*I@_{&A1%i= za0@3_*AbD4VqxzjTj?W=Wlh2$rT@o(%I0@X1|+Yu^&|drd+LAg)rh>Z{6m#G6^3m< z4}RP?+Bg6C#ZYQer}&Mo`SsIEhS}|nt3O=+JsioVeiY+!IgebJiN<%)@F|?J2|v$3 zuKi9tx&z&m>%S8KDOo$;?T*(JY_Z47c^_MusZ9zxO@k|?tZ70i^^N}=1o$0UCV~^X zn8i)A4bf$Jr0!9wbM`u%X1u4dsG-$``%f97Z#glMQ*09xb=nY^Qtd>;5^f(E5s>t9 zRp17{$f_#`R3Mh;l|iASn(tc<@~B-94gMT#nyx}89jDDXQ1r6 zLrRL63lC=TD32BFaw5j~MaKSvK>44;3!=%?hEN(N|J={IjVql08Y~?Z>dJ%Ff(W$s1rsZq^!`IM{z6wGsg6Kk9=lrQ+XN z96S^xGrqhgW)KpjBL3>%F;Rs+#w25?Ht$p!t3&is0p`_4%GGyerh$A!FrNzC912P) z<&8N@RD}kejE~b|UN19d9QiBM4??8xU3sHwmIFltr&3%LA+3=v_m zsgf!-RI>7{_6XEOK>5YJY;W^ty5jtVC`=c!%1eD7v@A;(eo@a}*tN+=F2ty+RK>UZ z+TqGIU04jz@yKtUdg)$#uPKP$x`rJjdP+m9*L>y}&QO%(2rjV!!Z2cM;tVjl){?FJ=MLcDV3 z#6fUzQyw>?$?UX+wEb0|_IbnnFB)nnp;S^Xa>FkNF{9k{b)1j}l+D}_M*@Wq!H2^f z#cOpC%(O_b8r}F;CBc8j^$oVS8auHDkjPIvVe?738lA;cxvl#a3lbp;M+;t*a_|pW zapMjuZ62Y`>o{>9X#AXe6^WKUO84eqe>MPbto1@$^)B7SsVW>wiB;EJN0nm);a$!?=r*EjdHP^nzZpBLR+2nySH(81%1DvXQXWBj zDKVogSWjsZF0&L|FjaSuy}MTv38{GWmQz?CePlAZOp#_sfKEn^9;p=2=vMj@apx3X zt>D%AScLL$UX>!y6+Af?&tH=r-mZOunh`|s?YFTzjYiq;EZXIGVZ6%Wg=NF->Wu7S!GRP3)mbTBE+-Sh;O$@ z=*Zk7o9J6FRcHP}q0k)87zs09b9>#@+CLw2ilPar6|ewF-(wk6i(?-83&9{xRqikT zFqMF@wAIc_qmhYpgI#z#uh)g~*ZP3y3iss)##(w=U)1s_SH}?o-z60)_e&hbkZvjZwH=v$kDeZ8n;dZLx*6Hz#(xkv& z%50zLJ_#s%1RXp~aZ4PT=g~_2NDiZ#vitLeKC0w1N!k5u(#7Urg3`^rSaEu4HrBM+ zj$e|8QIYo|R_$(&c43n(CrTQJ44w4R7Dese_wdHZ8uR1ipQc~ENae4H*<1SFBq<)-gS!=khInEqOjfM+~8%y^y1dVDk+hn5gs( zPGr0CCdT(tAD-63X^t84&3Ao(HFH!UuV9leEy#gA)U#p3!as9`gYG=nJxZghX#1*{ zXP+&TV{ON-7uNM;t>%tDMsDa^8~6xnv(92{cog}6AUBuv<>Ddp$qD0CV!BrV zu12d8&2kQ-80et@mSWu{Pm!(CkWva8t3eqmNhi}3C~qsFZDcjhs$R;R#i#^joU^Vv z8v`?qGMLbXZ%ZeYf-mu`2JlL%F{3{djef?INod@ca^xgd&scr5DqWh`s%3Ke$}>Xf z2tSLV_(J4k;^9qJh}4`0MJXV}=h|P-i2tFIi9stv_Z|_Q>=Lo@0bWaK`4mNwoRXiT zCbaY*IOK0_IIyR7g@rVtr_9hEgFJremK}9U*RKs_g5x?A>JP}Qm4NyUpA6@)>MF~R z{odqBB^#DJeKVLO+QBoY-nmx;%AIxc@l;5ZpILbet1Kzls{+=YX5(mOOs$}n1)j?V zdrp6l1as~`Zx?rB{!Um_s6!CYDEG)wXk#hmdxZL<-HJ7oDAW0}K3P8f=-4d?%qaiy zs_P;5@Z?WD{&6mQDgjE@DGmFNm&$-#7g9>gPD55G!XeR_@}fjJEJC37A7+uHfmsWq zDT>Y+kirz}KR#SA5;^zce%s@Tn)*K3k!wsOPC31MyJAz!hROt2R-M@eg=ux*yBJH! zlPb=s{K9cBio)i)Q!HvtwMx@I@fnZRFIJZ%9=v|P;pyM197vkusx@-c`4i9QqOfLh2g@Z4UzropMX8{+*;-t`?+Bj&Y!=F5b%(< zPs<+ACC*u?JN6((aPE6&AMkpZ=^Vl%vnEUfr9^tgTm%-0+6M@6$=FU*L$4TB?RM2K zs0oTIhL;0-oFGu!MskWH0P^X~O*dD%1GTdK0J}gihw(4}L8sm*A^H&wj6wNBFivq?b)=G96D^Bw zfg+p~`Kk+~SY$7*E|GGY1eI2Kkz+ z{-yD01zqc#iXu~9o5vMu$C<;`%T)1`TNylhF{#_yo1Bbb)5Gxx)mAi2I9O<&XpC5! zh13eNYlqbd)i!ZAlC|3ZjmfAo5!@x=ZaCZTa+tqsK5hBcHR-ioQ)pc^_z$M~em+j{ z+xTMiR7e6ZcwKt?+~>>kis?vEuRMIyY%yiFq)BBjaTXNooJg_rB_HSMK*yqZuH&0X zq+cK;Z`F9Ka&u&!*s?8e?5uxDA+Ji_bvcWXDurua1_ZNt;M-8g&3)u1Qu>a-TINW4 zn-2M1!2beQ77Ehv@gGpOx+Bcfc^OH58B*?wF|Yb4b7I&?X`$?8rZSnxyEIuPo)0aj zg{)++{`25}A?oO}!n)>u+%pUvU95->Y5X|1W&J=N(7r3@Zlk~YYb1c3Je$hLXDWmu z@Z2Z36KYC$=n9IP(C4iva2Dp+qNjr6cqVcd4K#tD647)$X_$c>BT=2Sl9o|Np1g zgaLj^=Y4jpGbJf5RTU!@MJSJ}w7dvwvM}NQHMEfaOuC0yt~iiwTXpxQWw!VMeb&QH!+;V`Asl6Jqe)UwiYk)Y8)HM~vPF`5QX z5&uXI$a|hXh@v%136)Cqzs6$DHX(Rm<468P+{`W82aE}LKKDZqW&gp>NVblIcF#k4 zbx&7#uVud>9JZrx2=R_5Hy?i@jMQ|$zi-sG7|T758@EQ@y5zAkU!I4necCshYC6bX zx7f?`TlaYdprpKtuk=eQq}8~UN_@var_iS!)O zDW?iQea~^KO;B_BOGvWLToitEyqx+4ez9-@a95#AvO+T|x0Tc$=kY$}NM^iRoWOHIeF8eD z(aKl|2JHyBAu?`V#_xIeClydSMr^Y~f`9QXVqkbY2cgdfrhwH);z=E9IH^X!b_(xu zvoeFX8*ZkMQ&*uc!;sDkDU--3Iv2@*=CH*3AvZ? zuwnq7{aBf=9JY*u{5>yW2eO2Q|nL6Arto2d8ehOiz?U(C9SUzXgP{IsPD4WxLX*A8oITimCCfm`A(T zUs{qVW(JESnU|47hiZ8NQ^wa=3AWvU zpZ%6BxnU>@6X4-d71NG>w#U-tLM!crh41B|f;p)#X$qUPAuUTr_!)?Uia4Eq7(jUg zHU_n^v>S{US7uLg@V8vo^;&D!j-F&`DU-+_{|Kasl+GAkJEf7%I9dw3Hzp6u!X38hye_8UmXkJwtJyJ(f91lgz-Br|JA}zL^OqL=8MnNj7lB z@>X(!F8$`!C#}V1?(LH+&};&fq}z@Si}E#BQIY-9;v`p z-vrS$^Vk0@k`oI5XSVp>I1n z^2Uv5qc5bjdAP8>UCW@U`o1fm9)H%Nf}(c#;IGc-MPKG|sr|_c#G&04Z3uLVqvP z+-6xFN@M0D$s9?*=VPUa?Es;oaHyT78P+Vh)Krsy_Ksn&(M`U*s~d+)Mp-Q086KGa|q3s$R}4Ab)k z-$rl=Y7X@sSv*5EcShcx$Tn{CaSJE1A@J;EpRI#LfChobyO?xqz7SfdvC%A#)JSl> zQvre2EvCg{IWWq%^i(sDjw_w7y{ihfe$34^_8NQ6Eit=*PIx7**_vm~!Y45PO_ec! z9(gz?zFZc{f5)37&rAMZH}f7>nU#i_Jd@z`NDKXi1>-WxD%gH4X+SvjQI79e!P05t zn__}!Obq&Jb!2Qg?XT)!xNsEyD;ncb)S<(<=8bm{i7o61p3Q_VKHbB_;YbcBy~I+Z zfvd*(D$rUeG6TZTk1ty`N`YC=$JUhgl4=ObPIbE%dgA%N|vMYX4u@Z>NS^m4si8AOSxPc|AJ3mhFqg)V!U zi+-M}0^DU4$CRIlC$|m>(!^AEB@Uq`XpixLa!-i+93sgfhs_wUDQs@NF_bq%vrvD znd)0KBYDf9w^@!=e`a^j&!THxCeB`&q?imgLhL*USWZV8i@MNg!UszYOa0vcg6UZg*r-;24ZqybN5Z}RaZO^1P168{6)kXzMb zm2O&vI4;>g?^|e6CAt2NZ3m!QTdY4H=b%WR$mIPi`dO|vf6=chN^2KbWEs_kCDt+2 zNg`DH0^EP{O2a8mcEgAEHZ?k&tJ(?gON%s%yCZ&A2RlA`;>am5?}d*Kv^QdSra?+I z7xS_CxM?gVzJyN|{08L-Y<5hu=%Ftpq}_^?Sj;W|nJdtpZ}MjD$F3f*LA)iY{&NqK}b=-90UJ2=v;=E9tO5P?i|srIz-V{8UxB-%%oKZlxrD#P0E^F z6Xvtaa(Fk5iGkj6KzAa`U$Yi5FR{vV0HUF!eDGGO4ne(=-I`z%^-XDvs-L|}feDt& z=MJ;jVo#xRk%$V~?`1~mh3YCbOSLLcXR4y|s-(x88Aq)KCj0ZGdx2!<%+w!5^9nhU zM5HMQcDE|$(C`jblpC>&o10mc_Q`(8AgoKutlUuTIiCWQgA)MkADo}WdlKZd}IuOQ|t52F$y5~~h7KpJ zrbBQj^we^+bDWd7l&oKUOjUtBQnt9iFWa;rr9Oeg@Jo?DGttzL@0@^1K9mIIZ&mMe z(hC_DCQNzdrIrTN@#6s-*Q_{B9rOH3^VgBS9YbaXf={tuJ-s^aDV}C(TBHJEVXHN- z;YSD8>^J6KDXh5U{fI8fN@dbaDKdSkhOL|Ts3X+HD-IW%QypLqf9jIjI&n-2=tZ7fl}W8!81Vz(lBAq^-DE&>I} zJ&melT6i7ac=C}4kN7k)+i_Htzz`{@SN`(RnJT04&!KipW(lK1%ZzFb#CX5Ic9}P{ zEO0$u&4Mqg;9HsXnkC)qxNkryQaVxAdz%n?Y2KTN$4NUz6S4k^g~M{qJGh0z?)Ur1 z1+jUwU#i*8TN}vOA*%XbUtJ+~S$+^g+60PTSpxQ;<>nKeCV@ZoRPkt6|KgNe_?Hjh zxn3u4CR}9D5H4z-&6d9;2LaS9hku&+cESV41V2i#d{=1Me*)Q)Zv2e~J6wRpoBq0D zGa_V$E=%w4&Asc3co{Cro=WqIV!M(qOb<8H3Xp6z=r)yZ&E7{2*<;oJ^#Y)kZd*b7 zn9Te&`{JgqfodTeTfRQEXY=B);9YjnW()W09C1HCAADjiWf8r4XK7XOCbPfgfX~qs zCl;b66b4K@shB!r%IX5|DjeI-0V`sGNLW*VIrk-%tutZN@C|zJ|jzCT9L;v<2`cPccM5S z=cmd)?W&^Zr{%k-(4Ul+;fzr_eCgcHpb*`^pC3M3k=-?|Hnrh6`O%J9<+^a8L=hS* z!1&*guS^6)Se+9XC>3FajCsR(AiEtZf|t&lAx(oMnc3(W9Y3VFAHEzU)7!Kw(loM1-|*CQsZ=oj*tSy;hot?&Td7)>q;m}>MEJ7e zNr5w)sGJPs9X~Pv_oTb}B0p@%p&Ak6nQ$YJq?%CU!Pgnxa$0ZKXDS2)Vtw z4BIe$voF3$aJEq$ykyuMdMwqVd9)jZBke`}JDsP9XVgk8; z-5QtxTaox}I#FihfaMIL-Fx*Rx>ryOxxOVxrPV}%EeM&`ud9?tMO#Fx~o`*G26v% zC+MCc=Fd(*Xydo>Gh)OYt}O7Z@|5dM`64x6b6aIdR?$(pac(^;81bOmx_Cjq4x+#M z^-^$;x=aN}55YVWNaX9;xNJ6uqD1hEZFs6m`bJNL-;}<`e`BWbf^3)@wf1Y0mgII_mZSLIX3XF)=Pz+7E=X zUviM7GBc7Eb>sqg%k4NybVEnuzY5@1Nf`}!qHW7Mz>^Tq6*N>BCHE-dE%PbnGhq9! zQp#2QG5Z=S-pR+v_uB|V!_bW`C_cLjoiBBfsW>sU0w~z|q`{i7oqwbo0{#}%Fxq!V zX9o5X{7vUk!{1^+G?6tmKml54%Oj>o?lwI`pSguNg*4Re_zHy6-k!w%X6l}~DLfPikn=TGSVW?O-eM9`YxJRS~QUwJtq3=Q|6A!4COjc z=}So{ZEZo|Rvc`WM1RKu`=^Vgj7AgXUYT~{21MDJhn~dcYNQS+;{tLP+Y{GVT=%#oz)df6Ki+I;s=Z(P^{#d@3kH49+HJjwQR{ggE>?<#4PqYcPCLaW&8gKDDGA)up|f zQ{YPaex(U{X9B-8VQ%{yV~jqk!(#A6IcwU))8u%$&@|Qid6y$ocfKzO=U*y}?I$Wq zoB^~ytvianDUQEgWu+{mD0#kfjujKGk_@532v2RwzIc?-!7>~A&wWq{qEe+3VO@BO7=jt!>K_e5!yo9q;`Mi7;Bsh5 zY9Glr!54{P6Vt9|@`Aa{GpDx&#C;s=0hn@sx?GpUEK|)r#&TV?5v;%L=^v8=6X=`9 zG`-1R5iERF|4AMaR+Ed{&f6BMd8&?lDE^8ejyf=YN$34sHfJ?@v=a5*fuvVd6lfLU z(fvdAR9sW+z5t|1r1rk_I;bb}N%t5;8P)EAhJ2Ocx9oo=4l_hh#cOA_%p#WFm4@4j zF2nLgI3%yRNAQaiF2KPzLk0=2iM*riIKcXe^)61M9 znRH=17j-$vfK=!e+I5lMi`752Qm~eo7$!knB=-nbBc2e!ovWyzL2gXus5fROkyQMB z+_)Bfok|pyLKE#e?)H}%of!jakZ62}ltyAfokcwPAaiSn^w`QyG~M)Q;bNIRbahKf;SJ1a`DB;rO|G6t2e>r6cywp<(LU(QF+pCreX^$22(O1C%2 z6nyhs@+`bvlCTQZFIUv?DJ=e}ZTL3%g=a4QY)X?Mo(bkAoG87pDePB}l+t48AcjU> z<;-Z|O>Idi-}m*mCoZjoG{n`AlyJm#?|ZITi_e4dhryEaEDAF>cxo94KED^0iY+-2 zxqbvaC6)U4BcUaCAoex+5V8dxJ*x=xDVC+u{@bFWB7?G-=V5)XQVWR?jz02Y{0*Le zM@O+$@k=KKV-l4jCy9`9U{@kg>Pzequht=SKY>QPj!NeU)r4n^Je6$U8VD|@mjg~B zCgd&6@awkIcVuj}c%<3Er0xYT47>IhQ z>16y1PP8|iHrc;c1Q_y6L4SX!ogl)_7bp*8)A~RLTKl;!Eu8kU#{(p+D0u=te3n_O zfWuwpe^0b6A7hQsGzOORQ6I-Rdj2yNKy!l316abCkuOgNGp2dzMST5KDk?{^JOD!m zx825($><`l@v)yIuRw8Ow)Hf5(F_Lb_<4J|NwqgvCj@NJoNT}%c+=~HmSk{mqAJ@1 zsgoCz8>_gjaTw)k&obL@@el%>lCy0$&GDNPc;m#d0GwFOTL;W{f2&+{+8bllf z?)wtZ)yCAwJe#UTFKN8g2SiFnFPL!WDuI1`qW_-JKVh4@KS;>-J)ltNlL%^B-LDjY zri%w}wVGHc7?quo&o>NI8u_iM@~}d`^9lBmm<-UL$8 z18<$dUPEWBcVTQmSR9L(=F2F_$XDClwy~Qn?S_IhoIv9n#O8zuubBVnA zP0UTuF^;=Vi-C)5Z?0?O15DL+naF`om1j@G@ZY8p+pk|Nhlix3zoYKyh-*B+^b`+F zHu)u3OSTGEB?Ah_T-D4?rBccd-D`#Pa z4t29mx~iXoH-0c#RgxKR#KZT@8f6urJTGVJPE!3xO?**~Xuw3H+a>*R?ceXi5j>cM z4>&W5Es+hs@>K+kiXr)x*Q2L0)q-GVuoJ@CYX+&7A;cCPHL!fQF#Pj*F3a8_5RG`$ zor3VD$1D3BFY~$@ZTU#yYid7hF_p}rih{*cu>O()V!ZF%s!5kH(b~cPQBzVfVkuO& z7=Fz*xP>!LXhM0W@4CAUe!oIs4!pRhKsu{;g%_*Ea6l0ZE3bX!cR{inVNTMuwr{PW zwj$1At5gkl{w)A|M^KzGf|61fCpUi$}dv*YUzLG0}f2o)hyQ~5}~a#(8s44QRF-kaHA;? zd9)^$bG{~D#5jdPL0II9QX0@yZy858jyKgEV668o3W^W|_mAYFt zS@=5iln-_w|F^htJbB3gfqQ(Y>c$o|x!#QAUheosVw*y+wCle^zd!rv4iohFi$m+$ z)e9A#{(WOW9&7~%_}v5xxs(vw=ElPKe!ee=`*nR5UCk3~;TF3mjII|#dxK|0D0}O% zzneZY9#b!LhZh|z35cnl7J62jx=Jpk2sufoo4i=}tSHi5`E?=Rg|xYW+*XLM18v+? z0IO23(SP(ER6K_RntFpAsX3PVZMPx`G_Sxh$-jp=AWX@&J5op^Y7!Fi(3rf&h#8<1 zp!-wW^(N}u)b{sWHDo>ox<(RlKRy{|SM2A2wpGw%Ie7~8RcrqlQ4K@ZO!H~4kF&)iYYzb8NL1Q?ywY>KlVUpx^#LdrS|=M^t! zpRSMsoJDeNHhzW>@vDWo;GTe7y$xW1-5Gv~z)L#c&~Aijj4%h&Wcn^E&IlPHJ}|Ez z6TL9loYC( z45OE_y+%$dL%ykT@kn>=S!kE&nvHVA1LneeBk4DJ@m8r@)-`kP5LtNKz?pz^CdbIo zlfBv56kD&R^d68N|8POJ-kged>4(-iN#OE+7pL-+!WHzkuIuKH2FY8z%B+5LpnmT+&q_oKns;Sb2eiL6jXNq3a6#4!># z+2p*3)PbL*N&^YTQjNv)7WxNIs4c6zP8y1cbeq_k8PPRB6E66H+9%U{8$0K5L59 zB|d`9E~t8|35P5Z57@wf5`>1d$utzDjH34xWNYj8vxcBseCcVD0Fy2C@qpM3ip1!K#cfO)g(~BsQeg9t5>4<~lSa}KK&m=k`p5w<#ssQz zMzJ;ei7L<=eF0d|>AtQpFOqR=z8>Xsd`!xFE6t|2Hq((!p#c)zq$O8$7|?T9K+g%} zrt-*}C)QtMn)%FQM&aqexLufG`7;1TWjOrWb!e43oLaFI0idRA6eU|CGlL^YXJi~q z4Izh0CsL#IJWrH}%-il% z%x+VSF%V~0f=Tg&ufS7`2${MYkbsrVg+SPG$lYu*Z7$fg$b9EmlfPbv(IIR4kSpC8 zh;oDuDwViK4W}D&Te5h;NjGvb#nY4A3?1tdW<>@YrZUgA!^_$f>sNFwCvG&U1Qz|W z4`%{K&(~n9>x4LkI_&-0fk#S!Id~*iRpdN6U> zKAZ9L;gKQxKp!dkU0fLt5hcp-rcQl@hIDBm zNz>7e*_*2}iF2-T?CC0==#i--)u3I;E%P)fWiolmJ^x6C?RSC9dBFef<$gUTC+{~p z`D0qgo_`V={u7w0@|TYNJhxPTsilrh_oukwfE5xOUIP^3ORx^nh-YaA4%UYH=SvFb z@N7rZA6qF%#^L+rZn=OchmsM;U2!}}z+na*L1NMoiGc0V#P+l+hIaatqa;^7Z)zzq zj>vT?9l}ryvf2nRDG?#?^C0pDE9~(S`1#t7Tc~n8`bXSL=tx?6Ukx>0{MQf5jitty6%2W-_$w!}J^rT~9VDr=U8GmV^*;$;} z9U8f1(39q=ahK;~Bg97szay>Xr?C*RV6q({oEyI8Il;~X+k48X`mR2Uh5qz19~FJ# zXGy$#4*eU4pmdy9%LZvG+o$CzFVY|jLu_|v{YTcE*iCkc5NuP}j)I_H0zc?_ktt`- zZ#!821jF!7xarLHUP%1fh?usnon+ZLAP}tl)o4zm$j`oi* zg6K@U2utx4+^t%;a>LiE53^vz^7ONKF;#4y5s-Zh23J#a9&MK&UjnzLTTuG$?G7tS zuCh5+x9WdTrm}26^E`6qc22|H%5(H=fTxzbv}A_&-VKYZyZ(fjnZ@|IuyPR8fXAc1 zuQ~8p;#;Si%%`Pt&8P3*cp_;&cRx*wqr5a8=D?{|o%+56Ph7@S#*{vDp+r@&Or$#S z!3--!x;iO`MAQBiY3M7UJoVW6SmuA1o(t31m4RwtT;n90!U7z~5uC^1-J|}Az}=zgJl|+(6qE{{ z5aF?%l7Hl4z!kd^x%nNrmVV(fV>jv~xs!`KzWTCa*ki4|`g{LZ6m$1JmL>#Eg4Yj$ zL3lMiLo`vCO#3_}bnfOOd>P*y#pN-00%KE)?f3!qRQ6$j=5MJ6gO=r4S-ZFW%*|{o zQ{shqY^q&Pir$3b89`nZZK^*xkU1c2HDi~_Jc^5K9`c#%SmZ_b`5>4QY<4iZ8?R4+ zmq@mG_j>S|gfOj-SKmcUQC+AvP`6MBaa6Nm0+hZ&mzp3qBy5*-GQD+6JIKsRqH5Ci zV+PRmyeZDUzo8p+#&EDq@|8Y7@wyu%BOX`bp1CI3eUJuWSxBWqS25ytH4bIy{2=el}}@f z5$~m=1BP1BPId$ls=Gx9lrqUE(Gv2sScrq8a=he(9y}!czoSVLDE}~f$>M|C#v&6OwfqJkcATADe0kxGduM$wq+U3d#5YoA?I#qNgBLQH zdFH+*ZfBE;dhs&)yAy=*rRGT{hZ1kkW%(*X6XEnYpNZN{D1NO|bM069%5=xbH&-{e zgj(LcPpIvgg!1b{WtXtIg?tH^n*jpGnudV3Z(6)tOOWkn(Veyz%?jVv3%1`osX}b# zHm!hC)clk9eG@|`|1&Z)iDbYl0};qafc)zA1MueFAJpYJjg5`^P@B3dkSg;+q@<(E z)3anwpN>-H26U7>Xk;#w^A3#Xr*^3L_k{AezN%2u35h%AhEm5VVjF})wBb9rDmW{9 z!Qea!9m}5K?K8D68BNdwjgg=~nXk`f|E1iy{&5Q>r}x_1lb~SHqd+%*_DKU1|I4oq zeZY%9$hgo-XWMRKEVt6nzV8aX(%}fgZ_(&iwF;633#??HCU6wa$Dy3=g{mg0m4A_u zRVfR39}1AJ5H=G;tHc#a8Q^~|!UeD0|ExeDzY>@KjyM9|9*qZZXX>|~Rl9)xpCrDU zn3Pzg2C@cDhy88Z0ZJCz2%bb%R5{tpCS;(Pm%}<9W#%heq9wev!b3Vg4&9q_+ykYO z*ok{$Q`lb5q$mUrsd6y1?Wl8`u(!DW(xzHveNTK$A~&g1bnp3st#j|%GG!{yC;%-s z!zsr%0NrUx@4`RaC`>H*h>I9Lp=YTs5k7zH@y}xY18E2*q98ja|Grhv({{=(v-}m? zq*B^0R+~3Z{qt)16OVhUCsS=dapG<9NA^w)TRM6!L~ByYrUiJL4ony=_Rjz>sLW~{ zjPu?oUiB|am?g(?VA<1iZ1(D{W6^H$_=X#(`x^10VJB|)1i1~U8=~6hgS+a3usP7$ zT&iCj|IM5Jjjsq^qNoRyI@F8S?(1>-Vm6?l?X}m|BDX--X&D72FF2o(E!zP}(k~lcX}F zOuc>%S)RUt+-cgCrCJaHuaR|L2u|{_MvDrtUQZ z>01Ati2gz8u>Al+zQaoX@aQfH|G^FZPS*`1fG=Fy8L#+XB z0UY75lGXLW!ha|Ie<5eYLdbt074U&|ePtB13 zjR^tAMC^^sdHVhHShf*lnF=^!5z?oaW`jdrDy#Kl`0p%aI&dirjlDxC?o7lQr4^6e z!Sn>xCPorDW9yreXrd?Qh1N{p{9!1gK6g`<;WK@(CQ#qLcvvgA&CxeTz}^A97kkay zCC6$`=?a3E_3pEp=Jpay;fA28tC0dwdRFRc$Nc{l5!|o)xNfZ4)el0Ofe63UPDJ%5 z=C5d$(8BfYfHx=|{Tj2aRXrIr%WR~aighS14en;MTnsCAde7QkhSuchz!9st(A_=< zrycA#;)nrwlLW|LQS5*rRBKZcv)r0t+E68*6>Mnj=84Wf0I_ZJwaWi~-#)Z^E=+v7 z%(^Y}YGTH@#_OJfoqB9h#J*E5w$O2c2`+DL<{+T!tqvzmtG#*)9xlVbfvHLTeo2G%mcUe<3uNmo9x8|jXe^+ z!!uhkppSp)**|=2prByB5=V};W_^J>G2KxZ&RF_0*dcxt9h;zd8m4sky`cuvCKwb_ z+g3-+N^WHj+z)JB33f;+6#8wGnh_7BiHve__JZ2JBpWlUhj8{^iN`&MUjd}iYHm3{ zd7e~`=V*R)5%!1v9%DkWWtrd7lAjh3o z`la9#UT43KE2!pSiJGCK7PaHkNB&}q`?;7>FGM?`SeuL4hj@pK(gNE=NiJ-0Di{}P zM|L^0>^RP3VjOE_y^2vzi)$U&gfr^Jm1Xkr^sDyV)q*yWeemmKGvoiW@G-v2#jz0C zl#=L>WwQkqE|b>Bc8iN&g<|k8{y0gWY-@i;c23chkyxg<>2|W(Y02-UmVCl)6Wdq4 z<>ulwNA6d_?d$T9p^;I&?vm7ogElF}Den>Dczz?0-$Y2dOhg=BRpVbTp!R!q#s8tg z|Ez$d6@Upuehs9eg7V|EfReMwwE6<*`S1yJu@wtKEE(#Ao>LeyBK87?cQN9>H!G2R zrd236=;h2uc56QEn%Odr(n2Og`?N_Qgc3rD?s+s(YKbx5_M3PA9SPqdckq*|4zOLj z5((UGqeumsGOEhG9jbQRwY&|gor|z--0R=`;9nLB8y>LdiNO^^K|2rTUIFQeOZ8M= z5ingC%dY3ugkUCzf|4C38G10z4ucZ>7P5A=K^4wT=$4@CSs^y2H!?93?x36nJ=wKs z23Jy5mTBGQpGAJpu7g&=-fH2KGx5x7&6$NbwcTt|q#^qG#Ga_wdACOQfo@>8*e?6O zEo7(>K=M$CL-A1C&xf|L6*UM{{7BK+?AvFzM(4gW4Sv-`Q z*0TWz@AdbDp}s`_mLvn}&#na6erPx|o`|bFg&n4xt5#gUYtv{wc7dkdX$jxuT zSFQ-0kCGBMD*+agAb7`ob-L|4=^faH3^gG1%Dusww7!;;RxGj#-*%v_U`$P>IQ>Mz zbh&O0>FQ`kSt=R#IjAFB;o;?G<(G*)LPDXg$RMzG!9Kzlt>bR66wlAQ(=vUS&5ffMCdM6yw)$4#vI-(FVNcCsr~hVrbsi1?i>gQ-z!hAh6x-6d{jvR>raM^qtJJ z-nod=xHqL#;N!~V-u%kltJ?5Z*VT4jRXKrM#alf_uWB-l3z31>hy_SMfiEg8hh)2x z?WI{_WkN>CWusG*aRBemL?~Ztm%r#uoF1@yM2G-;ZU4hz@<|AONrZ<4KeEU9kpi3K zcI*R~0Ms3j&N#gbS8usVCGiam0?-TzlA2GB7NZIm)9}<7VAHQG#=P zngKdt^*ktZUm{62EYJ)`nG zTS+v4WB%LxYHh!s-Wx#o-A)JkIPTEw{J~X!Ie7i5%yc8@;R$Vy0^v8Ya^5oOzi`wvh^nBiiCkf_Ys!bL96BxvS|ql zV2quGsF!gpw&ELsBH*t+Mv0wZDnYfFHdG3NIo0Y80$t#~Wp+ z9p&9Cy8FdA3ktxqp4z$&1OaH0X<4l& zF-(j&xsvrBszdP^RRw)m7G$Y$)IaQWV$Fl{SSgC)2Ahf6TVF)mIttFJ)U;wYx;u6@ z;J)4~q?&`*!3@rc21>yUeC3r1|D?;}*Kgpeh<$EP71NWZxNETLM<(bq^ws*eA02G9 zv!6xQER29!vKp#m;#58 zpP%7S3xLHqd27=N_tjN9}P%ub%PP^&dIc1@llb~ zL%~30AJNer1O<~!ovFcd*?K`F|FQ?>DOVPNwef^#HzbZ9DPO>VY><~?3fq&9Wl=W_ zPf0F|8G$q6P(HOX4IhQb*ets$bcqYjt#)q?cb7A79VC!^@f9>T^Zs3<}|q2bWiM%yHwD_)sL3)s-D!J$5@DX7#8 z+;&n)p8NydpP{(k?;;o?D#>d)e{ard}oMB6BfEzKIpZX&oEDSB=c;MKT z#u%pW>Ix!F_vi8ciUsg&J~)PE!feYRy4+!Zf6(B!t=<&->|Yo~E(zu94iPmZF+euQ zm{bv0V2l#F3SRG?U?3`08j_e^M#Yn}1@pi9k2iBP%pa;IckU(5HDhFQz-L z)Lp%8H>db%tz$KR6J+sE8s;VJD~e^NtBB|BCpX8Q7u&0QcP4w($dIBntU?91zy=6Q z;1xeLST?s?O)?FD5_ub{owYWsc)#3v{;FuVBU5aykjS!lNe6`%excw~Krg->0^}4N zQWotaL84i`rueck;b$#{ckWmqjrkuB9u2@xDau(C5iy`0aWI zhQ*K{cdg3KnFCu_?s`AiQ&=|OHbJsQ}fEft{hd%akGjOuGYeq!taZv>Kb9i6b# zoJpNO23Eu}on$p?aFP7Tvox#onMU{wn)Z?c(yrYF>OjB1?E-9WBvxT*3$6gz9mLCW zlUk_kT0)FUclE&*9CAQEa1sI{e3uJCM(qe=S#N4XBIt%3Pn=4};c-fYc5ZvHc((K| zeL!Ckvyt~?bRO!ZzA?FsP}dY6QV+8fEPS68%gsZuPz*VXRBpaI(5KY6EO&MzQ9mNe`Fz@6G~sA!tlmI`2&|qEIm09JzZVg*icJ)d;Sv531>U#Y%S!*%DqZA(m4voWX(?}X@l&NMl*ACi51%L= zZ@XQHvY|5qW;SR!&cT(k$dG0|${KSMpE7KCc#J&56j~D?)bcF|=i_AwE&{j9X=9THCc?1mnzMzdxkPC9T*(5oob?)BS|3De_?fqR$m%pHu4fGM?q zlWqs0IxgF@9VM5BNNqF2U zjCy`F$bgzbshx#Qwx7_y_G;zIevG7h4?%o?z~>~EWr$JKo*T3xn!$r1R1+ zORVuF&6(xL*lOa=Ok(9G@&rh^`x4IJb{ERH2>d5#Db) zj9(##EVr-P_EpxTI(U3pIWmBsYh3(RWV{yZoKwN zpTC1NXTo495M$Xx69yqi&!LnSjsH$K0t!W4x&Of)Ps z0o^(0TISc9^hvI1ZGkwM^eSt1FfXyp&j}Pg4xhI*)aK`%&pGAP9MbgU5^Q&D&lGpm zit#dJ-Ugk9r<&AdFmE>*_>xyTEMQ?l-3>>}BrP_ugUj|?)Mw8(u1y?*KCzP-%&K(s z)`;x~*wR6Z#KT-+x<$dUz;kQI5#D+#u!8W52rLo~c!TgzDpICbC%31!hu}NBJbMn9 zIMo2Gn3HdXUAq=r}o~#=ery1g`p1=N83Es??4Im2I2+5jlKy zm+3=3%?P5M-LdmYzcf4cZY;LTF9*W2~D<8Ynj;XrvA?opD85W@? z=oT)C3Te7C=IOS(jgV#$M;;!Hy& zk>ZG8%g~fAvAreS5<~IhP6*sm&6siCl(yB`m-(a};8W?O$RYK0rqq#|D&C=0qcQ=j z!7-x4rw-~(x5%>HVIz)3QNI+DP(7*LprPGin^tR^z!tXQrujW#NM~Q#ndW$Pd&Cq>foog#`lD#`cE?`NW&?w8i9>y{Jj6QT*A-%m1Rq$~M1j)JB zujbSH?hKjcPEss`cxl2cX#g>MMdsd-;Ce&Db)pgJL#U_}9O5yOiqJt!G{#|4UoWAe z?5MsD#qVg4_DUNGw#47X(~&5W8j9+YYYxpC_d7a7qk1IzFWsiQBS(NPlalzuIokxA zOCa_D%X@Q4d61lm_(?E*Rbqo2+McmpvP1L?ot_{le?%U9&gl1~RvC9TJ5u=me*7-g z@r^uqHM7lyiYoKVPbmLOCrJ_@1+f(l@p)VCl7_^7k09LmPUShlsST`1Hdq1XrWqc*YS!~Cv*(n@B3eFI&~({>&8^0w5k9Scz`@q5wonyF8G+yoYzEF0Bg@%HhP{_W zJ+VwP;9wZG;i4ZGyzQXODh^bJ@Ay-N->_B%$l- zJvq74n%HL?R@#?=UqI$q{1Mtg&-_D86cbGard$r@qHKFttFcd*kfDH;` zz3HOlVf?AFYGJ@4t`|AiWaSyen?q;cR_=mQiuOVnDd)8!5m9erY{H6R5Axx-c#*IJ zN(ia=RzeLumZ~3g1Fm{W7zH~A>VgNy%@J-?~mRYIoohv1$0A+VY6Xst4k#Htk5y0J94+{sMepkDuFj8 zw~gAK2X}&*-^Wk0ArC)Khv6}B>ICLaIRgXSjG!G9T8_(n9THnvQe>pxi-kL4!uYbi zAML5hN?WA9`kq4I|_i~zZ z<>&&I5Ny)^0fs!&UsJ%tT*J-sKavU%8+n}vd|g8 zBUA6EE}#!|)1z`-wzEn`C$dNmB1hI_LShzsZ=%|^wbAo{9M&8(vHcDc9~<%8S~BC= zO<^W<>|)vDq@t220XcBy5y=H676br8b)w=#732>N^ur16RxgVyQ=MtUGgE|mojiYG z%#Z}2X+-ts-6$wFXeFQT27hPaVZsSF7|*M6Dxz_vtN;r_n;m+rQklI)bJBG7B@Fs1 zMf|+Tyc;?(`!0H;&>t8w1lU9sFDv%7sw+{4y36l@g(I9`PpuOM?%O$cMtYs8UokZ4 z<47{~-u`rjgvPHONoaYN_=6b8QNnz+)4S%RDSZ040OHJZ1j3$K{{r-hNx?STPw;aJ zdB~jFKD@Td)-lissc(em4PSg)f2r0y=*N#_M51S8Cx)LYUk54cOcy8)TT+df2(xt%eG$*?i*qyE--&cX=oZ>#02ZS2!?$e{Awy{itiP?G~ zb$%SU=xbSd^!#Bh1j|vjnA+9JCeHsuVF>mT`vS~q-Q%+AQnv?uHeniIX6-MifuO7? z1dt_B^oyf4_%}V_m+S8fT?g)}m>+bwt0%9fFaD=XGnAT47knv=Qb*Hez{DaWs zT)=sc{|&meYWmNB;}Jl~CD~jj@l8^!z$YI^q3=L}GI@bSG5(iK{ldO|XQ-C#%}tSl z?SF=#EAIdLS82PT0E(HFO~`HoLaa%hppYEo(f163yzJPUeGw2)#5z2%fT1QJ4NnUE zE+mTQ-<$EBbZW*VM2&v~q-`Wds4bsNArmp72Yt_^yLgAU`DX2hJ~IyZp)0uls~_3b zq8dMf;B_5OrEl+=Y|Z9;OE*M2$|AH~s*X02d{O4@vu9@3E}EB!V1NL;)td;AO8U5h zYtiIrhn~rPu^y^na9Oh{?)tsJ5JBE66*Uj0uRutl=SVBa=(GHzss#|~XyV_L3!_Qo zLyBVa<8=tS9|8=|#RmrHiZNHtgyPA0fW4pFN5k$lXMCRc7oFZHd*2F&X9GID&n{(h zYJfG|yX81W+cR}Pk=(PJ!Na0JLY65eo=|A=3Jb?URh*)L5$@n7lyl9)OM93j8O+qz zvSGk+iRzGKgP@#v=@SnzOrkbbw>7*4)(<){wD*nL$BpC|6TN(OwGoj=KZ6%?MWfxt zF1U>ZR@+9?pHg2yM-kNgDF+}o(ps~0`U`=$E67NUYTswuN=^uv1VtpmIV0ybK0imQ z)3ogxA38q|8+CHtFMenN&C_!Wh+pVoH5|Uj8h*z6Q~z=$PgAyhkI-cHq3dD4k>JQ-Izua;XyO}mr$ z65jYJFmK=}L0O;U*a!~tQUN={yIbQ%p1?B^xW$1UqQ;6*}k1nvaQ-+zzN05Yi0 zj;0h%dt*$+o3Q8@IObUEyMf4C#J4*;3fZ=LVk*J3RL)FT?u5dx%*VGVwmNS#2F5f3 zFNoN0#=|WZ^h{j$m(vv|_1v1^nx`8LRAOQ@?!gE(oH^v_uU3LW|ChxXbTPf$scSoFIxaDMG7 z+s;=*Qb$)G(Ro*$Yh$d_MHR2KV$@$CgS`^BJxlB-o`EtM!*6xh&xvQGCMJr>XT^+~Fd0M1*2@tOznGWi#izCt zhUKfZLg*V~A7c@$A3P0VQsxMnliibOMYCd&xg;}MgtOj-A|ztMsI9R2?&;~H?k*9&D`x@wqZAM@3-?DkSlXrj8f}Y zy^;e@*g%)^-M>4{8cJkB+j}AsIgeaE9_qOF^Uq!&NRu40g&cfYGK@No;rei%^jAX; z&dO5#VfE7FsB{odCI2J3!_6c`*+7cnC(+xe`lq_z6F1{Kxc5Fl71*jg#qysPsJafK z$cAdysa?|~7pj*fQ~^8!Z;n0VbyXf4$h$2mK6{+9PU*S)xEIRdBh|O4tv7iUqU(Z` z(lxey1D2rnVZfPeS1|*~VZ{vs7=7vyi`ONc=iTc3R+P1DFQvS!Yi)NO#|)fd9*|=> z!jfNpsk%b?bSbOONAMIk;pDOmLRvo=1kyi1yIuj)xKH%I@R1Vd8bx#?z}YV=kd3|{ z&L2V>5W|k=2YnIp&0Y}lMunfH6gtTlK*=5xZuQp-9mk>vvvy{$e?N&Sa&@E*9Ov|r z1Lpf8`mI;ISIUG?gIbpnCy{Um0rwlL!lge6P`@$BX2ZV>dc#KPeaLmo6f&ebY&MC& z;AhPp914xZTm=1G^~njm3H)H1_I_e^Dr~m)u?|x|s%9rcV9|AFDFRg* z?P&kgrW4-m*h18q#o@#XEZvo~_#M~P6_HSW9w!%JgwB2YB(M?S(Nzomi{v`YSnE*@ zz$>(U_(%%lu{#@el>~PfoPDz0iS+(HQ3|36+Z77E@|tanB!FN0v7MG_2jElNY_Yc= zy6!xiO1a+T{ph@!adLi3&$bQ}&xmmX4;B+|th}VTVHjD0YH`Yp0(5;~S*mdg}SY3Z?plcON`MH9E+{l**Rp-4&| zV*NI>&Mi?U{QC2HI_ng_BoV`ALM>W!?MN>?%{&Ykx(m|5>Y$S5Rdr6 zU1qj^s$NC8|KcB{?Hk}k(O!vuBR2c|k?t`!vq{YgkwlvH`034iFNg_^&` zTlRiiFyo8dSY9B#hw7gWJa`9dfCQWY?&ILNB5ClsL9fZs4n`4|-y1tK+|rlfLHOZu z@l`=}mHfEqIfthhn_850t*x!(qHeSy7AhRh)IaArQmu=l@#aw(a8oty_w3WizH^4|BF#T%t=R|)1Q>w_Rv z6k95~G`=<%*q=Dbm20$!Gx%k%&2I7)Xlo73Y#+k>y6|}0{zdt5@NYjlp z^o$!pO*%WxKGdnhi6IDGMhN&uRVON1h9I~l@VYqmL2-qJ^dt34B!e#s@ziGZ4t%OR z{Cige?{-?VTJOD`7QDp+Zw8VOoc=MqdcN8)?AXA`Pk5fS4Pwx_M5=Ja@>8`Qxgi@l2-FubW7MfRy*w z(n_pwdW3OlBxDK?8(263$vV;Dkw{UKGA36H&jQk5RFK5C&lU-a4Z^4t;P$I}rS&r> z*AN>YaXiwfZiQOV&DtG9;z3;>NL0Ws#UC0zI!i1tu!1k9l-VXk`Z)`hpfniA z#H~|S+B|#>$>RhTe?S5sC|dM_55$Ta%i8pQ7|srhb;b5bDw8;m#*l0UUOI9H*Jyjd?mPSs#IL_^VH?UFm@IN&0^Ys(G znnboBu}f+&@*4?TOF8LdUg$t`-}Ir7p<+3ew|N(>jlkM?*71=XcpU#o&h^bHMUsYj zjdWevJuR>6{dgVO*#_}8gP`wTf{=n#Ml=yjn+=EliK2Kc#39o(@XenO;KgDR4>LD; zwOg934s9%sPOK=*@tqtnN=r8hhAeUnm4Xu%FSi}-t6^RX=%#LODFRJ~lnLMRQq4qN zmi2u;>sWpL(f-0*eyEF-Y{ir$d+`_8K!t)(DpA%Zn4CBoqXtCl{VCF%wvr`GDNfEU z{U{Zvtf4_(UnbDNzWb6V`JLsH$S!Ht`FSn+sa*?4!A;f5VK%8Im&M5`A*n8&ZzXJh z)I#y^83iJ4msM~Fo=O3{qwIO0N5)^iF?#;qHx6m6j%Lr$2WF+L?;)6M-A0sS*yYbs zPN{M`5Br?l3Vdc%YpU1)os7zD_ZRYtoS)csUNMA74W)y8QjF+;pT)JQVzX+sv6tOG zEUzsy5czvL-O#7+3J0Q!x@~=19mQSq6HDOuxMz!4$j}XalCqOFk*a|38r8I@MD%pJ zeByaaFf~(cMV%=t*2!u}C}vD#VcU7PgVb%nTRNJWfsuiV%n|SEMW~8Q%Gb>7&jp>? zwDCeEY0$ARd)brx@Us)rHuh#1oL{1RIo){Q=2;y5EWa4-@Gy3OySNa6uiN3F6t$q* zM}e2#%HNfP27PTxT(DU0DG?f zj%94!Z9C<{z?d8C+XpTd?>fwcPe2Y{1)N*zs6MFO zJ=Oef5?_bGrLpTS8*)Dzu|h$Pklv&V!;Z) z|BUng^u-*WOOc5KdXQvA2)tFS3PEvc-;kpOQH-X~AP72&qR#D@H`h zGa$?pW`!W)<_>EWF^u~or;a_3hQdZp)LvOmzez(pV7j)VykXBA%lNYpcG>>zAoakC24rp6-Yyn?&8J^bs!_Agai2`^8HCOaCKgzuj$O?0arkbxM*nm*Il0Q9q zxY}(ZOx(XKQ7;^chjfK0*cLTWWs9esZ>6knI4@~$ez5WLgtJafR5Pv*_)4ezlWO?n zJizK+K=Sp-C!gmU8u)EEKGsXwMN%`Kd}%5b?rC=C=PsDh&kXr7@I&V>{iw$vy=N1j zTnHrtG9w|6l(kZ6it8_jbDKB0Sl7o6doRgquXFCKsuX3 zrE9gJM3~xn^r>2tOWXF&!{>E}`vRYGl!Dj01Jn2MX0=aS0`Uo<9Vzmsq~>EEH`+dB z4Nd?_=m+qW^+)ML&GK>^e^2<}B4j>F84=@Bnt)$e!wJH*Qfp?Sc@To|G}qdHk1nAI z!natP$Pdy#nK9}LgJb>Gc-qL9d>!U@dK8IucE5z&sJbYe>n+wMdM%~CmG*$sWRg{H zqXjQz904q~>PL{zLlVZ4N!+pJbAN)647ruxu}3b&8lOar$hGeM7vW;5!Az#Nr~YxV z6{^8b$=5KI9^ zUvMUTl&BJtOr<8yz*xn|dTAw9EG=B=DaW?VV!Jz0f;h%~1pSQ9`VXj!RyTDc?4P7% zT{eCc)2Oy7*&GDYijy7PU%`9;c+T>m3CV$x@{^2@8w@V%Y(ugBUk+r|h<0qm4J1j3 zMJ{x(f2hyp2K6`Lxoq_+FfzR$QW93|FhQUyh9WOfTa`klzC4?5Gc zpbznXl3DkGzj2WoZsrg5U_UCs@afILP|d6+gzJIwJK$Biza(j;xXiv(Q4zf`fg3b{ zjx*^c?_Hnv6pegQx8*ixY1A>og$^4^x|r|ovQ2n9zC-PxKm^kpl4{jR?5SH`M)Gj8 z1T~kqdN>HI3DVrSLGcXdVFI0q23{QeR+JHkPkUog)DfBdi2(Qv<=uz%9MeCT&S#5F zi~IEtsKXo2^|}d~IM_#(nKAs9UIaUARp7+CauxBC96pR)0th(!^qhdng>5 z)=g*|)y>aQg^d3LdLs|RXfVT`9&Yy!%%<4Jx9ME|0@U8@KXvJem{hU}FRt=PDP<*V zP*=*$_`zZ+nCXsjXwO@)zc!iSA?(`NGzp}LPV2N2eIz>x5e(xdU zz3Ux2ZqrkhBJwZH(*OBcFoQ=9^y7>E4Z;IU0aOybAF~B};XtZ*VQGeU+?&lYevRYl#~q@!>gOK8Xk_>`GHD# zsBdWhB#%H!(~bdQ!LOUQ3!vi)*|{XR+J$wOXRrt$=hvrU5Qa>IR*$6)a*I{%g}A{l zJJUXCf~`r0eP-k2l|iN>)#Ti9i9KDbVZ?P<4I(f2I4Y(tet&$kyQs>|<~u?f4?KeS zHe=PWb?35ft8NpVldyX<$g`kF;lbDOqOfjO$F3rgd>;89wG{yn!a|p<(`ytI^c8{= z>_+CPD>_b@2*eIlHYC{ufJSxRgv}Dw`Mmv*+@YYJ_EG`qC_p^6G(+?YpWHl zyL~6|72gNN9xs632iwU{Y=vhcK6N)o3EwhOj|I};SoD!mj0e?(XZqL)SRXpk{JWyf2vp!G!x?_FP(hAVCeKB4$++dh@mcCd&9F%}u(8{YUI zcxm@NPVtnU%uK+;{+-YE`njV%s&RS^dALIg7JO|2AUWiZ|JB*Q@A4n_UXm*G3bo2T zEq|GC0>M(ePZ-L?8+U>iow&oSdP838Dm&C4s8drpu!Vh`pE`xec`k43P<~Kn4Fv6MZnlV&Uisj40@$0S zZQP8pNtcIJIWD+DUU8T^K=<`j{e?FwEgmK;)|++Ox;np4p4LHu%#c#MHD+=_q><3Y zX5V`v^$COV)NF(9r?RLd=k)K0j=|#;mc#IkO&MY-r_x82uA(?LY5ucp;Z!+t8_r-Rkg!KdqpGdCr`kIFPt1g!h#pVy*EOu z&>3@}78mymDz2ziawBY@>`eBz+mYCgw56Nqd_)BOVPnJ&odAmQg8N(xRe~7GsL7A$ z^Q8Z{3J7r_V&r`{pbEM4^4oN?Wg;q4^X4g!eT1_+mnKhyUbzTsNuu~ zT~cJI;#Ygl+4P(8iRRB4T*K6B&XOb6ZPQElmMRqq2LsQBk&KXe<`T^y677urmGPdd zXuQGK#|tarxn^IOjdBGV@z+#V$>-}DQ5;}M)%4T#<_#V93jGxS3lgP5yaaDU(9U+NTs$*SY=h`Z0OP6u>5$wbo?J2C z2etX<-9z=O zrC`z=S&u`3k(YaAqnQI}-L^Oxq$|Z2VUayKWWIN-Jb_!7OX=2g?VpbC>jrJ7kj&ud zB*de>_bRD^`0Pl~fBQz$r#zYI-<2H!ZzRmfBpNt}(In8^sPrvOg~%X6ZAu=GHITnc z$9*l_?~1~!)Inzg03{jG@Y94}vFkeqOz#=~+YTm$wi1Re=tj-R zXd$0v$qKuXazi6d+u})Qh^~a!wbbzGL$rrkASx5lOFSeBcO+y`jGS;n?z7TTFi?MB zJ34Uk?ny-^BMdkpS9OWC6W-B_K`8FNaOdW*Lag!LiROK+?(=@#H{d%5Km^rPA?Q4q ziV3=+n=8VKM~3ey`Cc&G9PoeGXzO}~G!6Q91x@Zd446c#80Jobb8cTDf;5iAc^0w7 z2Frxw(GAzXnk_+N3uj7}cD6K=Ale6~DLH1sh3^s2=R_}7U3F4$GWa|q`R$=g5MopP zqTrlVr7wZf=~f_G^w_PQvcMon>L&C+S5bptw0PV@GLh=&{4?FQwy}%@qcY=OUOD(0 zKPkCNRZv5xc7_-@@R7O6e zn}p$jAxy0r>d*+rI@{>6;L03kHT)D8F&$&;U!OW7JC%XqLhRj0Gr3`IijxwUwH^EZ?_#*2rmQe>F8h5DHPW zJEB_==ZlJ-b+Z5!Glm(C6X&A!c)ZcGd%NO7ExxOL`Yi;;Sx|3p0^r;muO4X5+}yS> zwoR|$^4U4n<2cVjxB^6?{`@lE=${()tE!<%aoZFr479wzI(s+duX=_>6|T8qnXBp( zFmteS321#f^YbAzU-b_nxy2F$Cwo5?O0)fM0_rhunE2I?5bey}>Nxk(>OR7TR5Xo= zABWgRcC!PCZ@6NB8_t65w`$*#`5XE~0qIhunh<9I9)1QVrxq=_eaU|B3bc^GPz9k@^}Yd0te z!0B07Iuz)X$d{_AjqQu!;L`>dRgXbhL`P7K4}AZ(+!Ajiy93QJre~GOAQvV6}*q+RdCc}ZA%W@@MF$9lLSc1u*G+Y{wM-n-^qa< z@2N@TB3Cwqe%vyG$3zD*lIvP`{$&@OU+@$)>;_Ktc)u;@GK_p4U$XrGEO*)J$6lTM z&1{2ODDaf}#o?Tv z5+AKd>A-2n&oByGqJKiZ3L+`_y#)$!KMTIiaVz#&jh-xklL4X(0)jJNRF2+FN$*(l z@bUiB9P@wM5^euzjw4AHtEz73$q&CjUdYD^gE4%HCZb`k9C<%e#_%}`B?mD#e_46E%Ri*`u%KVkpYdppL)PqmZTz5E*L{V^ z?)%z4eHFPG@R{RkGzuF|BGT!E(Y)nS?r$QfwC0FcFhKkUGp?1>1_^&DmWZrLDnQ@?_2?+|b-*iR0> zP{4%Ve*bMabi6lGpQ|rg7)sgi@dGjqnN!E3z#n}dst%2jE~Hh8L0&DBKUviNHfc3o zTndYw-F&|Y?C@Z3Uxx79*NFaQ^9;gBh4MT^OU)-|?Y;wkm;opJBO^m#N#L#kS*JV3 z&&a{#B(`+6d@^w(ag#aDRW#x@|C?P+avKQ%@;OwH(|`|HXd*^;emJhNMA!# z5LD9|hkR5b2i3WmA!=wptAm$x!5dG;soS7H7;;CIgXNR|agU(DL-K%*2^Bb@t^-qr zGC;TD`;2v{QA?>1%EK-f2**?=`0RI>MvDy0%Bc#uD|yGDUd=%G)<*b3cqom2N_{i) zICHh3!m?$$&qkZ0=@J;1ZFB3f@$bf)0eP`Kt^gm$$2u2g6kv+H1X998Zs3?2uk|3( z~6LuRZN^az}6N&i1 zWX>}P(`pog`EpStXGxVdHsB(G0U0#zO%D$9TFh+5XsZC?%~&C_Cax-+kkrye2m4Y8 zgORelPp^}SKvbX$5f^#WzF)Ns??)3Ubygih#7du31zFidNU9e+a?CtLSm%yT_72I| zyYR!JmqXq@UU4jin4-l{zmJKVwAqyt=BVp&Q`UU9(a(MVjt#*T#=(m=LuF_UzbHOI zUdkpb9Q>?YFYE{#Vk@*&VLWnwS7z32!;UhWfQGaB!f7Mtx`iALhIK|s%NBxD$ZF7n z^HES{^M)hPcg%g`rnWx-S7Z;9EHSt3p5pqyc_vfOPiYqc^yUvf-M;gO(#lD>o^ac9 zO&5NpqWi_b$+uos8x*Xlr3jP%_@+NH?$z*>LEy9X{RSqnOOVA$fghwDkrU%h>5KrT zB_~bLMi3$IfB0vA%klF9gw{HjUJ={@hnZ_5w&RVY-hA2$mkv`ewe;fP(Sj>OfI^@pSg83elr^%7I^2g<7KJ)2XCr$B4b0f;n(n5Q6CG3D-RLGX%Hxe394w6{7-Yu=8 zC@`AqT{^wws&wu2a;38w-&`)?C*i%mY3CWG0?_QZk~N+sMKrwcRg2IY{`B3O!!}$= z){>_om0?G7V#rKQpxfE+Dh+h1_sI318Z}Djh4gQeZG-$nhJDk7{F;WJDdj<&1izJo zAa}5&i_BsuQvF71tg$xK!AS!lBSe$G?x=S^hVY#>XB)b;;2UEh|6Q&|6jmmlZR(7Je%z3D3;SJ#^jTQ;y~ zh~l9*v%87yV^mH(tv0l7bn;51_l&P({FMbL$7PqCwUhRXtv;HDmEy={ATF-j!D>>k zvFHH=GPr3{PZ4u8Z`tsfeD-|*Gu8(8KO_ujf$L9TO4EXeEf5Q(b?;}Tx6dC%Y>yD{ z>A3RAjlMV0!lqn&YsMnJ?Iz+fWtXgLzm1juwz7*9?xgm6Tr_fpdT-(l(o^w8yxfD; zu<|Uxt0%(J9f5N#FSE#=7k;pSTWOZ>FptzpnJartN85GlTk|nYSYiFpqmyVgrF415 zU8sIgW(k2(t0 zc1}(}T{{r8q;22~&@W!;ANQlQsBX)*2J2!%3OY0UV-eKj2;r2-#8AShsEzUFg zXP5f~70S6$z`+RM{(eSKRaaGaxP*uQ_8eGNlK#HG*`GS@q?@h&zOZ_eS=0_knFuOk zy4wM&@&-ie7Ep06lx;k&ppNP}ZrI0|-Q?+h-Q7B+ERii8^|jpva#Ftbw+dQYxkD+X zsThmP51MbMVf25TR0|O`kTI62o^hjWw2=JTBaI^TA%GMaTaiPitL3+@d2wBMd_qwm z^d)@H+#co&Ut?O@MN3z`A}r{uYwHFp0yiR*KI<|cV4rw zxz%}uR^C`@m5wTnwIbL11D$i)Y6s~>dzYI!K~Turs?!p%9fN|KVd;&X-RI1!ed72$ zC`OPEIdjb<(sQfg_0MOx>U^U~!*W+VMQ-n2pW7%?Hbgk4h1eN0c8u?`vz?ke0)DpR z^WO70rs>;fadtP8^fFa`OSgD0xfnL25{KgTw;bZudiv3=sdzZ6h zQp|`xXn*x7&u(`%xbWfDt;k-zgfH5|%er9C_H$@zZl6zWTel2d@og97;E;*8TW0CH zEy!7B(K8>o*R*+lS*p)cN~{>wTONRwu3HSL1}+^M%C#?wdJu7T?!E@ACGm#{U*ie7 ziS^!7m_3j*2QS9y*pf%N6^-@rJH?EF#!f$4&XY))-mzuKBs+$qj?PMQDF=2Vl>yus zHIFYFZhJRTtwaqDp}yMKjNJj0)zswb*qwh@;y^%&xAufdCtKrWY;r4>E957t;q!S| zYuqYX-BCVm;un+<2;TKjn@yeh-ml#D&ZO+5=ezqU=_j9`vo4!4P@G#FpTkMpKd#0K zkXToheMu@;$5f+iHnSgNV(TVa}VxcG2cPP z4j5Ge`4+*gH!GEWmz7H{XU}Bq`uZDJJx;azdIYWS>Zm?q7v3JdKyE9%>~qK_p^uVl zw^@u-sKt}D+DY%|g73xxqwJ+K_nDpy^&rj9v9-gGUha?egC5@asxxrTZf1Qxv4UAP zW?67)L>OlQjs_x($aXo{R|vHMuZ#*~Ku=K$nK$wWlRc37*aEGpx@zcg`msVms*jLO zsz$-*8p||oId{{CO_A6?=R}0AxeZW+sr*!H-m?|LDV8ymDkbwT)r`-}l}h=0Q$XJ)QTR(k7x?8DApr&AIE0P#^k@WHg7B{noe< zu4E%CTe`p&av)oVkZ>J~+jbIW+|MNEt!iGr@_3qO#KVn0K7wMdHZfB*+|9S?UiVgK;+IC; zto}s-^+Z2CyFv&qOcGiC?)LQJn?~vGQ*7MJ4>P}azFK*@)=gl4W{8#6hy95p0{CX25A~9}45Y$Gw&guA-R6A)th1ayfG76oCc}nCFI*>59>f9eT%FrQAf{_9L^F4RWp%G}+h@WPR?_O9|>BS}5z+McT{uNTH!? z&&}Ib@ztddXA^w*e00)q`hL~_l)g6TEbFB%X=)zH`LNU9E&loy-&;WU*mBKM{aq&W zetWavwRsRlz1}3k!Io8e^5YvIBRy zn4!Zobr%;G+{Mtg6&DQ|rTt&}bJdP4?1=ohJx^9Y2!*}W@X&l$pZ_5PR`Q1KV zO*99&m6=Jz%#x6F*}7Q1-Y1=15w|&$Vv#ke-6lWPCM>0OdWcG4EiDw4H3_wx9r&wT z$*jx3G{2q+8S8jFYqO#qz2q|OACVU;D-U?Ql$*|)_rI?LRPIb7h(dPF@C^HxA(ho zsZz2^QQWa}{+H(n9jrUK2%Sh3?G!7_W6{w@K$rSxRvee&mDyalKv4sf^Y-KXFjM!{ zx^7yv_U)IqKXmW=DciedIhfz&vJ|wC@z26gFLFBc*Io@CZaZVWx^ET|+ib)=L80u0 zS@U5$$^}klJB=D3ttvi1jzWfPGNql>m#OlSKXR}9g;8<=&gztajbtk|0a+kNwz2-^ zUbT}r(BbSvFZPeg=;ytJ9mdpz!KJ+AgksUr?!9LZ@cIgiiZ~h?8!O1dTwNe%Fv=HZ z`cu6V_&HZ2W$$;GTjhpi)O&JRu#k)&uvq;--tUUui|S1UC@wo&llYm$gT-#yAfSKI zT=jNg`^D@ld9eL0#l{@mC2IlJIwH@OCSQ+r9$tWNyejjh4@rR zjz+1!dcdl4pPF)_*HPEXx++@USjDhu1@0_mIJUl*W)cES!bv5WW_^O8Zr{^fJyLNM&DD+{J2F; zHhWU%YU}DEbXfhnp385;GGpLxxa;romKD3p3&q}ua zWxu3kMFpGOw}0d?5O(Pr%7`&;b*H^~rF9TqBSkrt%m;r~=L|X0*6MG&&{klNi zN|W7=eSWIIxqEE1HX7eAi&CmfTNLZE8N=~r9GgS)zIqR&eO{hT@#V>(Z#|d|S9Eb< zlyZdJpTvK8beiL3B3fE#W~f(T`9j~d7hlEGRX^Eoy?w%3_B-k9EUV@{CsYk8l!@|t znZ*V+=YC}sqRYY>lmQxmTan#Wl?IbnX6-iPgR#hE>!IfQ_}+h=Ih}>XHclft88YuR@fz8dVg~AB(t5YvHNN6rDvFzg{}q?wwqve zE`YzA=uz01dM@~yYrW=7s|Zfl80d@bYS&FJ^L%-8>NEEiio+zm+j6cMF>$f>Qr%fh z*1)T%)Iy^NF5TikoPoDHUo2`61vonDzqC%J3Yzg+CSSoOWbATFl}iHCeLZnNinK-Y z((kb@m-*25hq`uL=R}xUxNWRv-<7tRZpkJ|j-m43>2?WVZoUa2n5@jVpQ8@e&{~dF zKZ9N#ACHR!I?}|D4@-oaM%yfLya^77kYD@r!82uVx8D}DZ=!xrGP~IrKU~A}1B1QG za@wBFE?ZA9j00Z|d@MGtY|Qc4}aZfkItBeisU zo`}r7&8vuX+UqMWLAq^tOY1TYF7PN9${*|CMyFH&K`(tW zwk<8hR&`z7#_7@@^=;S zYb#$4+_20uM{iAqS|uJ-+WiKPOA?g4rc^)CTTS<_NY|lKlZ)^{KtI>U?G0u7rF&BJ zF;g*#ez4$P%o4P-D4UzfT$F_Wn1ZlC`Pd4uOrNeYWOU5pCC}I%yk!>cfxMIvL^O_8 z{K_(G#*jk1-$lG*HZ`t2k!6)MPTb<@LPyt>3Mh z#7EV?hRR8Xj_%HbCpb^ty{>d2^j2BD6x2?+)#|;oHy^Y~FP*2f>N$Yhf2&Z+Y`nW0 zo)~IsQf9EbxRuny#-kOa((lI?uAwMbBywFxfsp@bwkJO8JR%7JA{=*H^{02tY=`l1 zzJUWfWNHtH1)3_3zGRyT3e&juH)&J9U#=7JyaHFyuGMBcG0Z+4=}y6ChWp8r)(IU6 z+3Wav*!l#EfXXif`!8E9-GcPKTc^KeCk%&@54O@Na^m|b6GLgF6JJUbac@7I=1o;h z)o3rFJ5?#|-szNJTG}^s0b6kzN0s<~?m<^3P-cM$vbayYffGna?P|Nnr(_W{yv!Sgr88vG&J5#D+{N*Dfs@|2r@NTcGw}`4n zW4N+`(-&}TYO}Jqc#%(N(B9g`3J$#BJ;^CeQ=wjh8fzH{mJeJLZtyAGkU&ZqlR+Xw zCH*aJ#|rxTSjVqn=)qGZyvjaAv?6y<<>g9Y1p0&Ub37@(|zFdCY zH6Dk2Vg*TJUst#ZGag77V(=0>VO5fg)EitILmTm$zo%=jDm6Y)bg4wVyS5#*dC62L z8O<+iW*zF#-5+9V|7Ng*&1iB9a+v^|c&#X~!mZoRzS5d!uhE@oU%6#=_ngFgk(X;_ z^rKri(hN>tU1)NHUZNgUDxxi-;Yeea3a`jeJU}gKQz!{4W7KXhEOtLe>j{saa;nv% zYyEu2!DKsGcZl|CaueRa9$yqQS#7;p;3+PtQ%oH)==mdZXU`rvkTJLE`t2(q7+|@Z zTa$@F3f=_FDRN8sw$oIO*K(hPN~B}oF5Oa)I-%2HjK`qBj#Y(5``${ZEl0o11`}v^ zvlU>4t-X+arq)r*kCEOsFBOkk@}#E94gJ}a3u^ZGu=49V!I0YbzK7!m%NWP-c&qs1 z6O{_~Ar2YoyfE2m_k&U1rv>P#m1R0g!cQK91UaZ|ra!7+p`#ZN3#;m-64nV4j z>r?WRU;IOWBIU(v$ar#g^HxNL^NioY)VU|K_bGo#OdT2aAJEf}wTVj|Zh~c$d6o9U42czD$;^GmRsLcZ1R`ybtHt*$rSza=dLMt zlfn9<{fb2}Y+DlhWPCgY0rt<9m8fCJi6M5?SfoH9*;QUK( z9WOL^EKhrlwON(Y3V|b+$HJpMWCj6`!)(K!>ny9p2!2J!62yDHE0d1l=lCqg_Lwt0 z{gOwb&X#ane>BlBt}jhT{huGca+FziyHNN0}C87wtB$Akw%%?WEx7TQLn_8HzS7CTjV1; zuut64V46Xjq{PXn*RaJO9OKfQPQg_Ad}2Gdb?8Op^TVX;_SV) zlcr}M1DQS6G6fW}P_8+2d2!4u;N)p2A)~3e>$rVs6NmAwhxcZ@6I9BShib*PmGta7LaB9Z67`(;=`A2UTuyUL*Z16;GC840XEyO< zuNO!mcP(P3o3TfIup{bw8SQ3@M!})xo!^uXBJ<+e&{H1zf~n&m=|$NnOtcg+mF48g zwbvu%rSSbXjWtuXZj{Gd)T+yAPx#KfLQ1pTzd<(W7C z>O90u0T1to0WbM43DUnpMydE0SqIa}sKk~Pu8X)p-MV^=niZmT>=%BlESeFcR*bNY zQ^Cjf{dqyuF~j6EjJy|Bv1=Uc9L*u;oA&A&k87S(anWNt`mHU7Z&&!S$4t#62(LCWlK!b%q$e;y! zvi(J7I0OK!ah?&ZsBYr9j&tiIaoHnb3-RI<|9xjPno z3D7h8QwES~wyU zMj=pLt(Xm%`Svs~B{9pZr|+PN7?6i)pRsCXs};YzIDdNHPr)`T(b1T<-FYU`sk;~p z7D3`^w}5NBF83C~z9+Fpuq5s#r;C~v1Mm~lxtat3*vfdvl9^A4WAQLIq|^C~N1U9t zNEyu>p|=@$Y*_@lyw{m3$CD~Nx65FdmVbU+`<}}JC=EyNy1}ue5(L!i_@-KD#zn@v z8%Z^ggS)P?`N;e#cr0~&jvnipsG#l7V|k~>vY+_ZVSw5 zV9(>1F7Lvp0AA($pq#Sw;)FXxj1I6=K2hgB$0t`%9sxG|uT$+xG@$-qWreA!2UDVkjT^(o;{EyoPmKuMkrzCpK(>a7q z{LQt-SEcnJx4ih`<5Diuoj=SD*1Fi*>S#mrs%Fo2vDet7{zC6iZEWj?t9OgjrGMuC zpo8ssixYI&boKC{uCAtb*J1hNHRow&FZTcagB}C88(z%_yeTyzH`nYcMwThb;NN)8 z^2$7u#$g{I1L<lJvj3M(%N2#1rEtvj;`tr%6IRtr%ijZr96C`ag-V|- z=C4cg*Y*=DWI~z_dT8Kd{OiL%UzwR9;)?hFI_*e(Oi3iquu}6vJoV?425eS_gX%xyR?LpN-SA=)zTETPW`M?HYI{(T1jK; zci>XQJ;kDq`4f)T5WjpAMKZzRq5gsT1tUTVg0pD{(Z8OIB-}JSQ&}$;WDyOsV(9uR z5|x}aUyZ`0cM3ymZ_GPp`rD6Wd(xEU+P%p*>1dwTj0PvAoFOAlkR0N()=PG41V4ec z{?ef1zt%PYUYnS=BR4ygCrWCug>Bot&7ea>4xOF~eue#|TVDx!GtF1Jue3VGPSHE$ zV)T(5j>d1nR&L330=d-e>yaC|7mh4xR}E!wn@$a~+h^7a^r{`YwIw?~_ib{cOwP?A z_rT#V2#C{BIW)K!bm&Yp*=m_ZVS}(4K5uk#BS@Y6@_u?VY@=##?N7nsb&ACSeB~Cb+C6eMbHhxd#5amHivCpR z{?Enw3!%XNq{o;U-BUn54DHcwtVBy1jW9-+L)8%|)u?eV+L0b49puH3(;K3bQ*6;G zy5LLkLMKw?N~2}ht#_r9ivf4bRNW5RCBmpt^;S}>Y7tT_ZQ;&oe$?;{n6h{{dU3Z4 zoU+=X4^H9LzH|w0-aYHgy=Vebvqr3@8o#lAw~i_W9^kWOytZNlId0qZB8d8hAScj#|FtT~u;r zV1M!-VG<+W(ia8Gyn-jBEhEq?D1H!j*6j-IyVV2hAW1}PM7JvZcLxT!v>kakw}5Q= z3D3*oy&#AfulMx^5X4}U-XcZ@8ev?{y*5IY#^8bLu;tq5dKMg>5A*wq?1#>r3Je*H z|C0_@2>nV0FhXzxwTQ{J*KFQqC6%r8pqE`ktHe5Ssj z?L1$KID>O@zu1Jk$6cy?DBVFHG)QuPmj@_(vg+)tqWa3gSK6GG?rP-g2}pmLg`GaZ zs8Qk4)Jlp~L(r8|RH4b_ilc`O`0>vf39-N>V(fl%0KgFcl7|F6^h_)WRMXxy>SBmf#;t)o_rHh@{v1K4*4Omw2RaNm8pecqw(VPqcaY; zUCIv4q?C!cV9@b@xARx}=a%<0kg-#H?5^y(MMd0JU)96{cl>N@3ravz$En5CQ5c5GT(n#M-|oS^$vJXH0KZgHZ6Sot+|+R-yW zw}9le7u)n7l(IuwiJ3n@2+E93oM&q2BmA zZIsxbyU4MB(#rJjkafuFTa6yOlkQUNqQw9@H|wAR_AtsOu0Ia zdXZK8vuno=cW_2Q>m5}x8vD+Gp>ZZNjEEl+L0)Q+I}cH{2X4g9#@Sln`gTMKx(o(; z0UG4L?#UJFg6aRYbM603?|-};eZQR*xonjBrifi!7F{gSgi$U-#44u9(GuH2X=6+0 zyJV6|l5FJeL}MI9X4A4HmE>qd)8<+(Gq+(b-&N`(-^Y18`uzHNd>)U_=kVgc1svBBIr3B_9ErWi~uUO}F-;R_&)Ni?btB*-QlH$5PNSL?zo z>1D7&sFRC~vgZc*O#X<5f}LbX!zTOvHe$I;enG;Swi6qDA$>a{K*<1u7y64euBb5e zYFuO&`MPyr697oK-VL%dQoqn|*p}5fQT}Km*LYvvDQS3Np;E>9qe9~6nwq?)gUWd= zoDX@x)SDY&+as)`Vbs%291(Y{QZ7hz4Wy?JCuIoR^?R#F>zI#n9$ryA(fA4+@mqC= zhV?&h?a|z=L`MhMxDREtuHBSbc;UQ>QmaCQe0)Gyy~D#Td5mQ$|&=9Y!(56NkG~85{WTt zqJwdq)QJLgb?1$9XJ=zerCw8}`$SaFm_QCAGgwqGy9R|1!9PO^Gby*Iy)}9ys)#`i z7~-hWP?XfQ-{7$Wsq#b3y$&S#rLU&lJ)R0{6tQ*LIPeTOsi@~Z!k(BcK>`zC5uS`< z!d!CDWeI*E*O{n7yd&94OEnb27JOwS8vG%$U|cZmrYyr$AUlRBiil?16YBz(Z&OEA zdlhtJK_dw1*m&Px=2D#}iL-BtDiz(By+yK`Q{P(dv~a zwiHZn_L`$hv;<5#&$k*Uc0`$OmdlphWJd&46V@Tb3DP4;BOUWrPga5Vj_G1)E`Vu| z@Wa_Kv~PoCayWA8g20KE@?lU0p`~&sK}~OUgYojEg-pi9xg8ThOVRkj@M6=6%#+`^ zuYO5$Tt5V$vKp9RM^n$UBtm+3E;-TQBBo=tPNVLVCP@-L&?Ycv=w%B*tqBQ3AGRqS zr!A5M8-d@+|CJQx!5NjCFfh};95@;g`(*jF;54nd z2;>136;)$o41QNe{x}D360`?vC<+B{!TM2?%nG60`{NJ&&k*DJP00!9H$Rz}``IY7 z`@XTinN9=fD}+G(L))7D>j?bWqJ;*O-oBieNZ#L(8o_DA5;EaDa z94gQRn`HtcmIf^MSgkH=TG#t=o!$ke#F=OhcK{opXSoF!<{fG9{3VH;{&cb}{q!tU z;4x9w`;nN8fD#PadnE6(BY|f0Ir_;OU-;Oe**gK|J~0dbK)K!8dDjdL44m4baq96@BSLCbta`=zpAs!c6Z(WvN$4z85Epyf%55SGA0ig zip{p~Tw3f%jac6V;R9U=`Yod>R&#<=ccXy4t(=pdxrkEybYdOGc?TNP} zTLdtaX^P-R10kByEo#|T2p7hXB~{L;&GS_$O3$ArF{5W0rDhX?C>{E}S;Md?62cS^ zp84sUkX-xAil(>MCo0aWUOrr3rNebDKpJ)CM|eodb~~6W7`fxC9&4A$A^wa50!fId zSb1E5MZ2554y<7X>CQjH%zbqB6eTw-VaC^gO<&)rKP`1tdN{on6bVusny-ulhnn+R z)Xpi&QuV;D-oO$d`%I!?-1?c2&Zm>Z84twnWK2=&(e$NF!DIg-FG~rSkvKR;<#!a- zfNZ=JUE!jtvEEjNJ&*$@$1-(bejHb?0)&J3?sc*&1{yK*j`|Z31icTd`#Xr<*Fa> zDDS6HcEczS>$(T(b~};8b|Xeoa^(VnqOEdM?vH3-K-=MBod<*Dndxb7QgAxI3ik@Y zLpv2$VXJrawtR~Y=K$PG}PIME3m$FC~oUYW`#t~usvbI6Mq*tHpBwMnuLMBx)H zND{AM-8+EuBq{6N>spi> z&^yY+pRuB54*Nh7zu@`v$fC=V`lNMmjh&%l-tfA1Vge8hWw>>-uJn8B5i1`D_Ja|) z39j`K#lzfCe(}NDsOT}FgO~NMZ;ydkPbwGN>6nr67P=6Ee(f<*!q!b`^tnOB=R7&U zhWtu(bN*9hK~BVXMU8OF<3f>Z2l{&=9pKW$NlII@jZp8xv1?>f#&Y2T=dhkN&KfOV zoIpM9iL5iYjWEMLC(knh@IgH&*f1UDA1TK9!GegE12}AB7f9cyySU?i%zp7UepmFR z=zIL;nR7OGIj+Q;eU5}ANhQ4!BpN&?NCK3Z=zxF5mZh!&!}iV40ATz^P#cil5NvCV zKCqTrN-P^}pTkW~l#%yZCG-y(rSxmKD;Ky*g5voK8CIZ06DrE+CqI=Cqb7;Vb^I=3 zV&hF4yhF&1E`w#%pI>NqTz}Q&9Y?I~6hjS9bjA9nU_jK~ znzKCTKVJeG?O6WTUow=d9U~fWxq(@ch)v*pw9q11=e2cZjM2>F{0^xkEO!l zba_mI^u}3(H2>GV>tO1>+gxql0WPrNVUBeI=9m1@i`ZKq9kf&`&GH zD8p1O?SJU}m&M8>59!KXBFsnJXsuLC)T*efC%V0z3I?I|Vq3ZXZ2MNBBuT0bLX#Fm zPN)_M+L%#))vvpVVD*XZ_U`#kfhA45Y)OY|Wi7i~FfOxZ?40uDy!>%)150-FLzn&2 z?XQ~pY-rk+B#Iqz<$Fz^cUx~9vg3UIufnN-Nnfa3Hydu zznlB|=fIeZbHgBj&^HRA?xk$D{5Qxe;&1AXFWRxZ&c<^4c6~jprMw+~Q-e?&tEA~I zW}h<*I>x@W1cos(a$6s=HR2T^E8mi_Td F{{fQn + + Produced by OmniGraffle 6.0.5 2015-02-10 00:00ZCanvas 1Layer 1Physical RouterNSX Controller Network NodeVMware NSX pluginDHCP agentNeutron serverTraffic flowPhysical connectionPhysical Switch Compute NodeTenant 1 Network 1Tenant 1 Network 2VM1VM1 diff --git a/doc/source/admin/archives/index.rst b/doc/source/admin/archives/index.rst new file mode 100644 index 00000000000..ab8a6334b04 --- /dev/null +++ b/doc/source/admin/archives/index.rst @@ -0,0 +1,23 @@ +================= +Archived Contents +================= + +.. note:: + + Contents here have been moved from the unified version of Administration + Guide. They will be merged into the Networking Guide gradually. + +.. toctree:: + :maxdepth: 2 + + introduction.rst + arch.rst + config-plugins.rst + config-agents.rst + config-identity.rst + adv-config.rst + multi-dhcp-agents.rst + use.rst + adv-features.rst + adv-operational-features.rst + auth.rst diff --git a/doc/source/admin/archives/introduction.rst b/doc/source/admin/archives/introduction.rst new file mode 100644 index 00000000000..5d5260e710a --- /dev/null +++ b/doc/source/admin/archives/introduction.rst @@ -0,0 +1,228 @@ +========================== +Introduction to Networking +========================== + +The Networking service, code-named neutron, provides an API that lets +you define network connectivity and addressing in the cloud. The +Networking service enables operators to leverage different networking +technologies to power their cloud networking. The Networking service +also provides an API to configure and manage a variety of network +services ranging from L3 forwarding and NAT to load balancing, edge +firewalls, and IPsec VPN. + +For a detailed description of the Networking API abstractions and their +attributes, see the `OpenStack Networking API v2.0 +Reference `__. + +.. note:: + + If you use the Networking service, do not run the Compute + ``nova-network`` service (like you do in traditional Compute deployments). + When you configure networking, see the Compute-related topics in this + Networking section. + +Networking API +~~~~~~~~~~~~~~ + +Networking is a virtual network service that provides a powerful API to +define the network connectivity and IP addressing that devices from +other services, such as Compute, use. + +The Compute API has a virtual server abstraction to describe computing +resources. Similarly, the Networking API has virtual network, subnet, +and port abstractions to describe networking resources. + ++---------------+-------------------------------------------------------------+ +| Resource | Description | ++===============+=============================================================+ +| **Network** | An isolated L2 segment, analogous to VLAN in the physical | +| | networking world. | ++---------------+-------------------------------------------------------------+ +| **Subnet** | A block of v4 or v6 IP addresses and associated | +| | configuration state. | ++---------------+-------------------------------------------------------------+ +| **Port** | A connection point for attaching a single device, such as | +| | the NIC of a virtual server, to a virtual network. Also | +| | describes the associated network configuration, such as | +| | the MAC and IP addresses to be used on that port. | ++---------------+-------------------------------------------------------------+ + +**Networking resources** + +To configure rich network topologies, you can create and configure +networks and subnets and instruct other OpenStack services like Compute +to attach virtual devices to ports on these networks. + +In particular, Networking supports each project having multiple private +networks and enables projects to choose their own IP addressing scheme, +even if those IP addresses overlap with those that other projects use. + +The Networking service: + +- Enables advanced cloud networking use cases, such as building + multi-tiered web applications and enabling migration of applications + to the cloud without changing IP addresses. + +- Offers flexibility for administrators to customize network + offerings. + +- Enables developers to extend the Networking API. Over time, the + extended functionality becomes part of the core Networking API. + +Configure SSL support for networking API +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +OpenStack Networking supports SSL for the Networking API server. By +default, SSL is disabled but you can enable it in the ``neutron.conf`` +file. + +Set these options to configure SSL: + +``use_ssl = True`` + Enables SSL on the networking API server. + +``ssl_cert_file = PATH_TO_CERTFILE`` + Certificate file that is used when you securely start the Networking + API server. + +``ssl_key_file = PATH_TO_KEYFILE`` + Private key file that is used when you securely start the Networking + API server. + +``ssl_ca_file = PATH_TO_CAFILE`` + Optional. CA certificate file that is used when you securely start + the Networking API server. This file verifies connecting clients. + Set this option when API clients must authenticate to the API server + by using SSL certificates that are signed by a trusted CA. + +``tcp_keepidle = 600`` + The value of TCP\_KEEPIDLE, in seconds, for each server socket when + starting the API server. Not supported on OS X. + +``retry_until_window = 30`` + Number of seconds to keep retrying to listen. + +``backlog = 4096`` + Number of backlog requests with which to configure the socket. + +Load-Balancer-as-a-Service (LBaaS) overview +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Load-Balancer-as-a-Service (LBaaS) enables Networking to distribute +incoming requests evenly among designated instances. This distribution +ensures that the workload is shared predictably among instances and +enables more effective use of system resources. Use one of these load +balancing methods to distribute incoming requests: + +Round robin + Rotates requests evenly between multiple instances. + +Source IP + Requests from a unique source IP address are consistently directed + to the same instance. + +Least connections + Allocates requests to the instance with the least number of active + connections. + ++-------------------------+---------------------------------------------------+ +| Feature | Description | ++=========================+===================================================+ +| **Monitors** | LBaaS provides availability monitoring with the | +| | ``ping``, TCP, HTTP and HTTPS GET methods. | +| | Monitors are implemented to determine whether | +| | pool members are available to handle requests. | ++-------------------------+---------------------------------------------------+ +| **Management** | LBaaS is managed using a variety of tool sets. | +| | The REST API is available for programmatic | +| | administration and scripting. Users perform | +| | administrative management of load balancers | +| | through either the CLI (``neutron``) or the | +| | OpenStack Dashboard. | ++-------------------------+---------------------------------------------------+ +| **Connection limits** | Ingress traffic can be shaped with *connection | +| | limits*. This feature allows workload control, | +| | and can also assist with mitigating DoS (Denial | +| | of Service) attacks. | ++-------------------------+---------------------------------------------------+ +| **Session persistence** | LBaaS supports session persistence by ensuring | +| | incoming requests are routed to the same instance | +| | within a pool of multiple instances. LBaaS | +| | supports routing decisions based on cookies and | +| | source IP address. | ++-------------------------+---------------------------------------------------+ + + +Firewall-as-a-Service (FWaaS) overview +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +For information on Firewall-as-a-Service (FWaaS), please consult the :doc:`Networking Guide <../fwaas>`. + +Allowed-address-pairs +~~~~~~~~~~~~~~~~~~~~~ + +``Allowed-address-pairs`` enables you to specify +mac_address and ip_address(cidr) pairs that pass through a port regardless +of subnet. This enables the use of protocols such as VRRP, which floats +an IP address between two instances to enable fast data plane failover. + +.. note:: + + Currently, only the ML2, Open vSwitch, and VMware NSX plug-ins + support the allowed-address-pairs extension. + +**Basic allowed-address-pairs operations.** + +- Create a port with a specified allowed address pair: + + .. code-block:: console + + $ openstack port create port1 --allowed-address \ + ip-address=[,mac_address=[,mac_address=` +in the Networking Guide. diff --git a/doc/source/admin/archives/use.rst b/doc/source/admin/archives/use.rst new file mode 100644 index 00000000000..a6039c3014e --- /dev/null +++ b/doc/source/admin/archives/use.rst @@ -0,0 +1,347 @@ +============== +Use Networking +============== + +You can manage OpenStack Networking services by using the service +command. For example: + +.. code-block:: console + + # service neutron-server stop + # service neutron-server status + # service neutron-server start + # service neutron-server restart + +Log files are in the ``/var/log/neutron`` directory. + +Configuration files are in the ``/etc/neutron`` directory. + +Administrators and projects can use OpenStack Networking to build +rich network topologies. Administrators can create network +connectivity on behalf of projects. + +Core Networking API features +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +After installing and configuring Networking (neutron), projects and +administrators can perform create-read-update-delete (CRUD) API networking +operations. This is performed using the Networking API directly with either +the :command:`neutron` command-line interface (CLI) or the :command:`openstack` +CLI. The :command:`neutron` CLI is a wrapper around the Networking API. Every +Networking API call has a corresponding :command:`neutron` command. + +The :command:`openstack` CLI is a common interface for all OpenStack +projects, however, not every API operation has been implemented. For the +list of available commands, see `Command List +`__. + +The :command:`neutron` CLI includes a number of options. For details, see +`Create and manage networks `__. + +Basic Networking operations +--------------------------- + +To learn about advanced capabilities available through the :command:`neutron` +command-line interface (CLI), read the networking section `Create and manage +networks `__ +in the OpenStack End User Guide. + +This table shows example :command:`openstack` commands that enable you to +complete basic network operations: + ++-------------------------+-------------------------------------------------+ +| Operation | Command | ++=========================+=================================================+ +|Creates a network. | | +| | | +| | ``$ openstack network create net1`` | ++-------------------------+-------------------------------------------------+ +|Creates a subnet that is | | +|associated with net1. | | +| | | +| | ``$ openstack subnet create subnet1`` | +| | ``--subnet-range 10.0.0.0/24`` | +| | ``--network net1`` | ++-------------------------+-------------------------------------------------+ +|Lists ports for a | | +|specified project. | | +| | | +| | ``$ openstack port list`` | ++-------------------------+-------------------------------------------------+ +|Lists ports for a | | +|specified project | | +|and displays the ``ID``, | | +|``Fixed IP Addresses`` | | +| | | +| | ``$ openstack port list -c ID`` | +| | ``-c "Fixed IP Addresses`` | ++-------------------------+-------------------------------------------------+ +|Shows information for a | | +|specified port. | | +| | ``$ openstack port show PORT_ID`` | ++-------------------------+-------------------------------------------------+ + +**Basic Networking operations** + +.. note:: + + The ``device_owner`` field describes who owns the port. A port whose + ``device_owner`` begins with: + + - ``network`` is created by Networking. + + - ``compute`` is created by Compute. + +Administrative operations +------------------------- + +The administrator can run any :command:`openstack` command on behalf of +projects by specifying an Identity ``project`` in the command, as +follows: + +.. code-block:: console + + $ openstack network create --project PROJECT_ID NETWORK_NAME + +For example: + +.. code-block:: console + + $ openstack network create --project 5e4bbe24b67a4410bc4d9fae29ec394e net1 + +.. note:: + + To view all project IDs in Identity, run the following command as an + Identity service admin user: + + .. code-block:: console + + $ openstack project list + +Advanced Networking operations +------------------------------ + +This table shows example CLI commands that enable you to complete +advanced network operations: + ++-------------------------------+--------------------------------------------+ +| Operation | Command | ++===============================+============================================+ +|Creates a network that | | +|all projects can use. | | +| | | +| | ``$ openstack network create`` | +| | ``--share public-net`` | ++-------------------------------+--------------------------------------------+ +|Creates a subnet with a | | +|specified gateway IP address. | | +| | | +| | ``$ openstack subnet create subnet1`` | +| | ``--gateway 10.0.0.254 --network net1`` | ++-------------------------------+--------------------------------------------+ +|Creates a subnet that has | | +|no gateway IP address. | | +| | | +| | ``$ openstack subnet create subnet1`` | +| | ``--no-gateway --network net1`` | ++-------------------------------+--------------------------------------------+ +|Creates a subnet with DHCP | | +|disabled. | | +| | | +| | ``$ openstack subnet create subnet1`` | +| | ``--network net1 --no-dhcp`` | ++-------------------------------+--------------------------------------------+ +|Specifies a set of host routes | | +| | | +| | ``$ openstack subnet create subnet1`` | +| | ``--network net1 --host-route`` | +| | ``destination=40.0.1.0/24,`` | +| | ``gateway=40.0.0.2`` | ++-------------------------------+--------------------------------------------+ +|Creates a subnet with a | | +|specified set of dns name | | +|servers. | | +| | | +| | ``$ openstack subnet create subnet1`` | +| | ``--network net1 --dns-nameserver`` | +| | ``8.8.4.4`` | ++-------------------------------+--------------------------------------------+ +|Displays all ports and | | +|IPs allocated on a network. | | +| | | +| | ``$ openstack port list --network NET_ID`` | ++-------------------------------+--------------------------------------------+ + +**Advanced Networking operations** + +.. note:: + + During port creation and update, specific extra-dhcp-options can be left blank. + For example, ``router`` and ``classless-static-route``. This causes dnsmasq + to have an empty option in the ``opts`` file related to the network. + For example: + + .. code-block:: console + + tag:tag0,option:classless-static-route, + tag:tag0,option:router, + +Use Compute with Networking +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Basic Compute and Networking operations +--------------------------------------- + +This table shows example :command:`openstack` commands that enable you to +complete basic VM networking operations: + ++----------------------------------+-----------------------------------------+ +| Action | Command | ++==================================+=========================================+ +|Checks available networks. | | +| | | +| | ``$ openstack network list`` | ++----------------------------------+-----------------------------------------+ +|Boots a VM with a single NIC on | | +|a selected Networking network. | | +| | | +| | ``$ openstack server create --image`` | +| | ``IMAGE --flavor FLAVOR --nic`` | +| | ``net-id=NET_ID VM_NAME`` | ++----------------------------------+-----------------------------------------+ +|Searches for ports with a | | +|``device_id`` that matches the | | +|Compute instance UUID. See :ref: | | +|`Create and delete VMs` | | +| | | +| |``$ openstack port list --server VM_ID`` | ++----------------------------------+-----------------------------------------+ +|Searches for ports, but shows | | +|only the ``mac_address`` of | | +|the port. | | +| | | +| | ``$ openstack port list -c`` | +| | ``"MAC Address" --server VM_ID`` | ++----------------------------------+-----------------------------------------+ +|Temporarily disables a port from | | +|sending traffic. | | +| | | +| | ``$ openstack port set PORT_ID`` | +| | ``--disable`` | ++----------------------------------+-----------------------------------------+ + +**Basic Compute and Networking operations** + +.. note:: + + The ``device_id`` can also be a logical router ID. + +.. note:: + + - When you boot a Compute VM, a port on the network that + corresponds to the VM NIC is automatically created and associated + with the default security group. You can configure `security + group rules <#enable-ping-and-ssh-on-vms-security-groups>`__ to enable + users to access the VM. + +.. _Create and delete VMs: + - When you delete a Compute VM, the underlying Networking port is + automatically deleted. + +Advanced VM creation operations +------------------------------- + +This table shows example :command:`openstack` commands that enable you to +complete advanced VM creation operations: + ++-------------------------------------+--------------------------------------+ +| Operation | Command | ++=====================================+======================================+ +|Boots a VM with multiple | | +|NICs. | | +| | ``$ openstack server create --image``| +| | ``IMAGE --flavor FLAVOR --nic`` | +| | ``net-id=NET_ID VM_NAME`` | +| | ``net-id=NET2-ID VM_NAME`` | ++-------------------------------------+--------------------------------------+ +|Boots a VM with a specific IP | | +|address. Note that you cannot | | +|use the ``--max`` or ``--min`` | | +|parameters in this case. | | +| | | +| | ``$ openstack server create --image``| +| | ``IMAGE --flavor FLAVOR --nic`` | +| | ``net-id=NET_ID VM_NAME`` | +| | ``v4-fixed-ip=IP-ADDR VM_NAME`` | ++-------------------------------------+--------------------------------------+ +|Boots a VM that connects to all | | +|networks that are accessible to the | | +|project who submits the request | | +|(without the ``--nic`` option). | | +| | | +| | ``$ openstack server create --image``| +| | ``IMAGE --flavor FLAVOR`` | ++-------------------------------------+--------------------------------------+ + +**Advanced VM creation operations** + +.. note:: + + Cloud images that distribution vendors offer usually have only one + active NIC configured. When you boot with multiple NICs, you must + configure additional interfaces on the image or the NICs are not + reachable. + + The following Debian/Ubuntu-based example shows how to set up the + interfaces within the instance in the ``/etc/network/interfaces`` + file. You must apply this configuration to the image. + + .. code-block:: bash + + # The loopback network interface + auto lo + iface lo inet loopback + + auto eth0 + iface eth0 inet dhcp + + auto eth1 + iface eth1 inet dhcp + +Enable ping and SSH on VMs (security groups) +-------------------------------------------- + +You must configure security group rules depending on the type of plug-in +you are using. If you are using a plug-in that: + +- Implements Networking security groups, you can configure security + group rules directly by using the :command:`openstack security group rule create` + command. This example enables ``ping`` and ``ssh`` access to your VMs. + + .. code-block:: console + + $ openstack security group rule create --protocol icmp \ + --ingress SECURITY_GROUP + + .. code-block:: console + + $ openstack security group rule create --protocol tcp \ + --egress --description "Sample Security Group" SECURITY_GROUP + +- Does not implement Networking security groups, you can configure + security group rules by using the :command:`openstack security group rule + create` or :command:`euca-authorize` command. These :command:`openstack` + commands enable ``ping`` and ``ssh`` access to your VMs. + + .. code-block:: console + + $ openstack security group rule create --protocol icmp default + $ openstack security group rule create --protocol tcp --dst-port 22:22 default + +.. note:: + + If your plug-in implements Networking security groups, you can also + leverage Compute security groups by setting + ``security_group_api = neutron`` in the ``nova.conf`` file. After + you set this option, all Compute security group commands are proxied + to Networking. diff --git a/doc/source/admin/index.rst b/doc/source/admin/index.rst index 99fc010d292..a739c84f102 100644 --- a/doc/source/admin/index.rst +++ b/doc/source/admin/index.rst @@ -21,3 +21,4 @@ This guide documents the OpenStack Ocata release. ops migration misc + archives/index